File redis.spec of Package redis.36950
#
# spec file for package redis
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _data_dir       %{_localstatedir}/lib/%{name}
%define _log_dir        %{_localstatedir}/log/%{name}
%define _conf_dir       %{_sysconfdir}/%{name}
Name:           redis
Version:        6.0.14
Release:        0
Summary:        Persistent key-value database
License:        BSD-3-Clause
URL:            https://redis.io
Source0:        https://download.redis.io/releases/redis-%{version}.tar.gz
Source1:        %{name}.logrotate
Source2:        %{name}.target
Source3:        %{name}@.service
Source4:        %{name}.tmpfiles.d
Source5:        README.SUSE
Source6:        %{name}.sysctl
Source7:        %{name}-sentinel@.service
Source8:        %{name}-sentinel.target
Source9:        %{name}-user.conf
Source10:       https://raw.githubusercontent.com/redis/redis-hashes/master/README#/redis.hashes
# PATCH-MISSING-TAG -- See https://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch0:         %{name}-conf.patch
Patch1:         getMcontextEip-return-value.patch
Patch3:         reproducible.patch
Patch4:         ppc-atomic.patch
# PATCH-FIX-UPSTREAM bsc#1191305 danilo.spinella@suse.com -- Integer to heap buffer overflows
Patch5:         cve-2021-32627.patch
# PATCH-FIX-UPSTREAM bsc#1191302 danilo.spinella@suse.com -- Integer to heap buffer overflow
# with intsets
Patch6:         cve-2021-32687.patch
# PATCH-FIX-UPSTREAM bsc#1191300 danilo.spinella@suse.com -- Integer to heap buffer overflow
# issue in redis-cli and redis-sentinel
Patch7:         cve-2021-32762.patch
# PATCH-FIX-UPSTREAM bsc#1191306 danilo.spinella@suse.com -- Specially crafted Lua scripts
# may result with Heap buffer overflow
Patch8:         cve-2021-32626.patch
# PATCH-FIX-UPSTREAM bsc#1191304 danilo.spinella@suse.com -- Random heap reading issue
# with Lua Debugger
Patch9:         cve-2021-32672.patch
# PATCH-FIX-UPSTREAM bsc#1191303 danilo.spinella@suse.com -- Denial Of Service when
# processing RESP request payloads with a large number of elements on many connections
Patch10:         cve-2021-32675.patch
# PATCH-FIX-UPSTREAM bsc#1191299 danilo.spinella@suse.com -- Integer to heap buffer
# overflow handling certain string commands and network payloads
Patch11:         cve-2021-41099.patch
# PATCH-FIX-UPSTREAM bsc#1198952 danilo.spinella@suse.com CVE-2022-24736, CVE-2022-24735
# Add support for readonly tables on Lua to prevent security vulnerabilities
Patch12:         bsc1198952-1.patch
Patch13:         bsc1198952-2.patch
Patch14:         bsc1198952-3.patch
Patch15:         bsc1198952-4.patch
# PATCH-FIX-UPSTREAM bsc#1204633 danilo.spinella@suse.com CVE-2022-3647
# crash in sigsegvHandler debug function
Patch16:        cve-2022-3647.patch
# CVE-2022-35977 [bsc#1207202], Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands can drive Redis to OOM panic
Patch17:        redis-CVE-2022-35977.patch
# PATCH-FIX-UPSTREAM bsc#1208790 CVE-2022-36021
# Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow
Patch18:        cve-2022-36021.patch
# PATCH-FIX-UPSTREAM bsc#1208793 CVE-2023-25155
# Integer Overflow in RAND commands can lead to assertion
Patch19:        cve-2023-25155.patch
# PATCH-FIX-UPSTREAM bsc#1213193 danilo.spinella@suse.com CVE-2022-24834
# heap overflow in the cjson and cmsgpack libraries
Patch20:         cve-2022-24834.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2023-28856
# Authenticated users can use the HINCRBYFLOAT command to create an invalid hash
# field that will crash Redis on access
Patch21:         cve-2023-28856.patch
# PATCH-FIX-UPSTREAM bsc#1216376 CVE-2023-45145
# race condition during UNIX socket creation leads to permission bypass
Patch22:        redis-CVE-2023-45145.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1231265 CVE-2024-31228
# Prevent unbounded recursive pattern matching
Patch23:        CVE-2024-31228.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1231264 CVE-2024-31449
# Integer overflow bug in Lua bit_tohex
Patch24:        CVE-2024-31449.patch
# PATCH-FIX-UPSTREAM antonio.teixeira@suse.com bsc#1235387 CVE-2024-46981
# Lua scripts can be used to manipulate the garbage collector, leading to remote code execution
Patch25:        CVE-2024-46981.patch
BuildRequires:  libopenssl-devel
BuildRequires:  pkgconfig
BuildRequires:  procps
BuildRequires:  sysuser-shadow
BuildRequires:  sysuser-tools
BuildRequires:  pkgconfig(libsystemd)
BuildRequires:  pkgconfig(systemd)
BuildRequires:  tcl
# there is no tcl-tls package yet, which is said to be needed for testing tls support
Recommends:     logrotate
%sysusers_requires
%description
%{name} is an advanced key-value store. It is similar to memcached but the dataset
is not volatile, and values can be strings, exactly like in memcached,
but also lists, sets, and ordered sets. All this data types can be manipulated
with atomic operations to push/pop elements, add/remove elements, perform server
side union, intersection, difference between sets, and so forth. Redis supports
different kind of sorting abilities.
%prep
echo "`grep -F %{name}-%{version}.tar.gz %{SOURCE10} | cut -d' ' -f4`  %{SOURCE0}" | sha256sum -c
%setup -q
%patch0
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%build
export HOST=OBS # for reproducible builds
%make_build CFLAGS="%{optflags}" BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes
%sysusers_generate_pre %{SOURCE9} redis
%install
install -m 0750 -d \
  %{buildroot}%{_sbindir} \
  %{buildroot}%{_log_dir} \
  %{buildroot}%{_data_dir} \
  %{buildroot}%{_conf_dir} \
  %{buildroot}%{_log_dir}/default \
  %{buildroot}%{_data_dir}/default
install -Dpm 0755 src/%{name}-benchmark  %{buildroot}%{_bindir}/%{name}-benchmark
install -Dpm 0755 src/%{name}-cli        %{buildroot}%{_bindir}/%{name}-cli
install -Dpm 0755 src/%{name}-server     %{buildroot}%{_sbindir}/%{name}-server
ln -sfv ../sbin/redis-server             %{buildroot}%{_bindir}/%{name}-check-aof
ln -sfv ../sbin/redis-server             %{buildroot}%{_bindir}/%{name}-check-rdb
ln -sfv ../sbin/redis-server             %{buildroot}%{_sbindir}/%{name}-check-aof
ln -sfv ../sbin/redis-server             %{buildroot}%{_sbindir}/%{name}-check-rdb
ln -sfv ../sbin/redis-server             %{buildroot}%{_sbindir}/%{name}-sentinel
perl -p -i -e 's|daemonize yes|daemonize no|g' %{name}.conf
install -Dm 0640 redis.conf              %{buildroot}%{_conf_dir}/default.conf.example
install -Dm 0660 sentinel.conf           %{buildroot}%{_conf_dir}/sentinel.conf.example
# some sysctl stuff
install -Dm 0644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysctl.d/00-%{name}.conf
install -Dm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -Dm 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.target
install -Dm 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}@.service
install -Dm 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/%{name}.conf
install -Dm 0644 %{SOURCE7} %{buildroot}%{_unitdir}/%{name}-sentinel@.service
install -Dm 0644 %{SOURCE8} %{buildroot}%{_unitdir}/%{name}-sentinel.target
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
cp %{SOURCE5} README.SUSE
mkdir -p %{buildroot}%{_sysusersdir}
install -m 644 %{SOURCE9} %{buildroot}%{_sysusersdir}/
%check
cat <<EOF
---------------------------------------------------
The test suite often fails to start a server, with
'child process exited abnormally' -- sometimes it works.
---------------------------------------------------
EOF
# Variable assignments need to match in all make invocations, otherwise it might recomplie. See https://github.com/redis/redis/issues/7337
%make_build test CFLAGS="%{optflags}" BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes || true
%pre -f redis.pre
%service_add_pre redis.target redis@.service redis-sentinel.target redis-sentinel@.service
%post
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%service_add_post redis.target redis@.service redis-sentinel.target redis-sentinel@.service
echo "See %{_docdir}/%{name}/README.SUSE to continue"
%preun
%service_del_preun redis.target redis@.service redis-sentinel.target redis-sentinel@.service
%postun
%service_del_postun redis.target redis@.service redis-sentinel.target redis-sentinel@.service
%files
%license COPYING
%doc 00-RELEASENOTES BUGS CONTRIBUTING README.md
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/sysctl.d/00-%{name}.conf
%{_bindir}/%{name}-*
%{_sbindir}/%{name}-*
%{_sbindir}/rc%{name}
%{_tmpfilesdir}/%{name}.conf
%{_sysusersdir}/redis-user.conf
%{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.target
%{_unitdir}/%{name}-sentinel@.service
%{_unitdir}/%{name}-sentinel.target
%doc README.SUSE
%config(noreplace) %attr(-,root,%{name}) %{_conf_dir}/
%dir %attr(0750,%{name},%{name}) %{_data_dir}
%dir %attr(0750,%{name},%{name}) %{_data_dir}/default
%dir %attr(0750,%{name},%{name}) %{_log_dir}
%changelog