diff --git a/.gitignore b/.gitignore index a3f9d7f..dd92461 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/redis-6.2.7.tar.gz -SOURCES/redis-doc-8d4bf9b.tar.gz +SOURCES/redis-7.0.12.tar.gz +SOURCES/redis-doc-c7880ba.tar.gz diff --git a/.redis.metadata b/.redis.metadata index af3ea94..53343a8 100644 --- a/.redis.metadata +++ b/.redis.metadata @@ -1,2 +1,2 @@ -b01ef3f117c9815dea41bf2609e489a03c3a5ab1 SOURCES/redis-6.2.7.tar.gz -45ec7c3b4a034891252507febace7e25ee64b4d9 SOURCES/redis-doc-8d4bf9b.tar.gz +cd8190d9289d46be2b3a30dda14ffba8a92abbc8 SOURCES/redis-7.0.12.tar.gz +b2c7f2bee8e40fc6bd5385c25429fa537e2751c5 SOURCES/redis-doc-c7880ba.tar.gz diff --git a/SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch b/SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch new file mode 100644 index 0000000..a6479b8 --- /dev/null +++ b/SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch @@ -0,0 +1,33 @@ +From bbace21828d7e82f1c481f0e1caece31b661cbd9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 5 Dec 2022 11:10:37 +0100 +Subject: [PATCH 2/2] deps/jemalloc: Do not force building in gnu99 mode +Content-type: text/plain + +The jemalloc configure logic switches to gnu11 mode if available, +and this explicit flags injection prevents that. The main difference +seems to be that in gnu99 mode, is presumed to be +unavailable and is not used. + +Submitted upstream: + +--- + deps/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/deps/Makefile b/deps/Makefile +index 8592e17..d6cb06e 100644 +--- a/deps/Makefile ++++ b/deps/Makefile +@@ -90,7 +90,7 @@ lua: .make-prerequisites + + .PHONY: lua + +-JEMALLOC_CFLAGS= -std=gnu99 -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS) ++JEMALLOC_CFLAGS= -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS) + JEMALLOC_LDFLAGS= $(LDFLAGS) + + ifneq ($(DEB_HOST_GNU_TYPE),) +-- +2.38.1 + diff --git a/SOURCES/redis-CVE-2023-41056.patch b/SOURCES/redis-CVE-2023-41056.patch new file mode 100644 index 0000000..a8cc6a4 --- /dev/null +++ b/SOURCES/redis-CVE-2023-41056.patch @@ -0,0 +1,54 @@ +From e351099e1119fb89496be578f5232c61ce300224 Mon Sep 17 00:00:00 2001 +From: Oran Agra +Date: Sun, 7 Jan 2024 12:32:44 +0200 +Subject: [PATCH] Fix possible corruption in sdsResize (CVE-2023-41056) + +#11766 introduced a bug in sdsResize where it could forget to update +the sds type in the sds header and then cause an overflow in sdsalloc. +it looks like the only implication of that is a possible assertion in HLL, +but it's hard to rule out possible heap corruption issues with clientsCronResizeQueryBuffer +--- + src/sds.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +diff --git a/src/sds.c b/src/sds.c +index 8e5863a3ab8e..71490d5b2522 100644 +--- a/src/sds.c ++++ b/src/sds.c +@@ -348,20 +348,22 @@ sds sdsResize(sds s, size_t size, int would_regrow) { + * type. */ + int use_realloc = (oldtype==type || (type < oldtype && type > SDS_TYPE_8)); + size_t newlen = use_realloc ? oldhdrlen+size+1 : hdrlen+size+1; +- int alloc_already_optimal = 0; +- #if defined(USE_JEMALLOC) +- /* je_nallocx returns the expected allocation size for the newlen. +- * We aim to avoid calling realloc() when using Jemalloc if there is no +- * change in the allocation size, as it incurs a cost even if the +- * allocation size stays the same. */ +- alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh)); +- #endif +- +- if (use_realloc && !alloc_already_optimal) { +- newsh = s_realloc(sh, newlen); +- if (newsh == NULL) return NULL; +- s = (char*)newsh+oldhdrlen; +- } else if (!alloc_already_optimal) { ++ ++ if (use_realloc) { ++ int alloc_already_optimal = 0; ++ #if defined(USE_JEMALLOC) ++ /* je_nallocx returns the expected allocation size for the newlen. ++ * We aim to avoid calling realloc() when using Jemalloc if there is no ++ * change in the allocation size, as it incurs a cost even if the ++ * allocation size stays the same. */ ++ alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh)); ++ #endif ++ if (!alloc_already_optimal) { ++ newsh = s_realloc(sh, newlen); ++ if (newsh == NULL) return NULL; ++ s = (char*)newsh+oldhdrlen; ++ } ++ } else { + newsh = s_malloc(newlen); + if (newsh == NULL) return NULL; + memcpy((char*)newsh+hdrlen, s, len); diff --git a/SOURCES/redis-config.patch b/SOURCES/redis-config.patch deleted file mode 100644 index 77cb355..0000000 --- a/SOURCES/redis-config.patch +++ /dev/null @@ -1,117 +0,0 @@ -Revert to 6.0.8 behavior to save configuration file -to fix "CONFIG REWRITE" when using /etc/redis.conf -as new behavior expect a writable directory - -Revert: 90555566ed5cbd3e1c3df1293ba3bbf6098e34c3 - -See discussion about this breaking change in -https://github.com/redis/redis/issues/8051 - -diff -up ./src/config.c.rev ./src/config.c ---- ./src/config.c.rev 2022-05-09 14:48:31.118296748 +0200 -+++ ./src/config.c 2022-05-09 14:48:41.571163767 +0200 -@@ -1605,62 +1605,60 @@ void rewriteConfigRemoveOrphaned(struct - dictReleaseIterator(di); - } - --/* This function replaces the old configuration file with the new content -- * in an atomic manner. -+/* This function overwrites the old configuration file with the new content. -+ * -+ * 1) The old file length is obtained. -+ * 2) If the new content is smaller, padding is added. -+ * 3) A single write(2) call is used to replace the content of the file. -+ * 4) Later the file is truncated to the length of the new content. -+ * -+ * This way we are sure the file is left in a consistent state even if the -+ * process is stopped between any of the four operations. - * - * The function returns 0 on success, otherwise -1 is returned and errno -- * is set accordingly. */ -+ * set accordingly. */ - int rewriteConfigOverwriteFile(char *configfile, sds content) { -- int fd = -1; -- int retval = -1; -- char tmp_conffile[PATH_MAX]; -- const char *tmp_suffix = ".XXXXXX"; -- size_t offset = 0; -- ssize_t written_bytes = 0; -- -- int tmp_path_len = snprintf(tmp_conffile, sizeof(tmp_conffile), "%s%s", configfile, tmp_suffix); -- if (tmp_path_len <= 0 || (unsigned int)tmp_path_len >= sizeof(tmp_conffile)) { -- serverLog(LL_WARNING, "Config file full path is too long"); -- errno = ENAMETOOLONG; -- return retval; -+ int retval = 0; -+ int fd = open(configfile,O_RDWR|O_CREAT,0644); -+ int content_size = sdslen(content), padding = 0; -+ struct stat sb; -+ sds content_padded; -+ -+ /* 1) Open the old file (or create a new one if it does not -+ * exist), get the size. */ -+ if (fd == -1) return -1; /* errno set by open(). */ -+ if (fstat(fd,&sb) == -1) { -+ close(fd); -+ return -1; /* errno set by fstat(). */ - } - --#ifdef _GNU_SOURCE -- fd = mkostemp(tmp_conffile, O_CLOEXEC); --#else -- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */ -- fd = mkstemp(tmp_conffile); --#endif -- -- if (fd == -1) { -- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno)); -- return retval; -+ /* 2) Pad the content at least match the old file size. */ -+ content_padded = sdsdup(content); -+ if (content_size < sb.st_size) { -+ /* If the old file was bigger, pad the content with -+ * a newline plus as many "#" chars as required. */ -+ padding = sb.st_size - content_size; -+ content_padded = sdsgrowzero(content_padded,sb.st_size); -+ content_padded[content_size] = '\n'; -+ memset(content_padded+content_size+1,'#',padding-1); - } - -- while (offset < sdslen(content)) { -- written_bytes = write(fd, content + offset, sdslen(content) - offset); -- if (written_bytes <= 0) { -- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */ -- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno)); -- goto cleanup; -- } -- offset+=written_bytes; -+ /* 3) Write the new content using a single write(2). */ -+ if (write(fd,content_padded,strlen(content_padded)) == -1) { -+ retval = -1; -+ goto cleanup; - } - -- if (fsync(fd)) -- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno)); -- else if (fchmod(fd, 0644 & ~server.umask) == -1) -- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno)); -- else if (rename(tmp_conffile, configfile) == -1) -- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno)); -- else { -- retval = 0; -- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile); -- } -+ /* 4) Truncate the file to the right length if we used padding. */ -+ if (padding) { -+ if (ftruncate(fd,content_size) == -1) { -+ /* Non critical error... */ -+ } -+ } - - cleanup: -+ sdsfree(content_padded); - close(fd); -- if (retval) unlink(tmp_conffile); - return retval; - } - diff --git a/SOURCES/redis-limit-init b/SOURCES/redis-limit-init deleted file mode 100644 index 2986bfd..0000000 --- a/SOURCES/redis-limit-init +++ /dev/null @@ -1,6 +0,0 @@ -# If you need to change max open file limit -# for example, when you change maxclient in configuration -# you can change the value below -# see "man limits.conf" for information -redis soft nofile 10240 -redis hard nofile 10240 diff --git a/SOURCES/redis-sentinel.init b/SOURCES/redis-sentinel.init deleted file mode 100644 index 382d45d..0000000 --- a/SOURCES/redis-sentinel.init +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -# -# redis init file for starting up the redis-sentinel daemon -# -# chkconfig: - 21 79 -# description: Starts and stops the redis-sentinel daemon. -# -### BEGIN INIT INFO -# Provides: redis-sentinel -# Required-Start: $local_fs $remote_fs $network -# Required-Stop: $local_fs $remote_fs $network -# Short-Description: start and stop Sentinel server -# Description: A persistent key-value database -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -name="redis-sentinel" -exec="/usr/bin/$name" -shut="/usr/libexec/redis-shutdown" -pidfile="/var/run/redis/sentinel.pid" -SENTINEL_CONFIG="/etc/redis-sentinel.conf" - -[ -e /etc/sysconfig/redis-sentinel ] && . /etc/sysconfig/redis-sentinel - -lockfile=/var/lock/subsys/redis - -start() { - [ -f $SENTINEL_CONFIG ] || exit 6 - [ -x $exec ] || exit 5 - echo -n $"Starting $name: " - daemon --user ${REDIS_USER-redis} "$exec $SENTINEL_CONFIG --daemonize yes --pidfile $pidfile" - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $name: " - [ -x $shut ] && $shut $name - retval=$? - if [ -f $pidfile ] - then - # shutdown haven't work, try old way - killproc -p $pidfile $name - retval=$? - else - success "$name shutdown" - fi - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -rh_status() { - status -p $pidfile $name -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" - exit 2 -esac -exit $? diff --git a/SOURCES/redis-sentinel.service b/SOURCES/redis-sentinel.service index ec4ade4..0bcc990 100644 --- a/SOURCES/redis-sentinel.service +++ b/SOURCES/redis-sentinel.service @@ -1,10 +1,11 @@ [Unit] Description=Redis Sentinel After=network.target +After=network-online.target +Wants=network-online.target [Service] -ExecStart=/usr/bin/redis-sentinel /etc/redis-sentinel.conf --daemonize no --supervised systemd -ExecStop=/usr/libexec/redis-shutdown redis-sentinel +ExecStart=/usr/bin/redis-sentinel /etc/redis/sentinel.conf --daemonize no --supervised systemd Type=notify User=redis Group=redis diff --git a/SOURCES/redis-shutdown b/SOURCES/redis-shutdown deleted file mode 100644 index 53b9f09..0000000 --- a/SOURCES/redis-shutdown +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# -# Wrapper to close properly redis and sentinel -test x"$REDIS_DEBUG" != x && set -x - -REDIS_CLI=/usr/bin/redis-cli - -# Retrieve service name -SERVICE_NAME="$1" -if [ -z "$SERVICE_NAME" ]; then - SERVICE_NAME=redis -fi - -# Get the proper config file based on service name -CONFIG_FILE="/etc/$SERVICE_NAME.conf" - -# Use awk to retrieve host, port from config file -HOST=`awk '/^[[:blank:]]*bind/ { print $2 }' $CONFIG_FILE | tail -n1` -PORT=`awk '/^[[:blank:]]*port/ { print $2 }' $CONFIG_FILE | tail -n1` -PASS=`awk '/^[[:blank:]]*requirepass/ { print $2 }' $CONFIG_FILE | tail -n1` -SOCK=`awk '/^[[:blank:]]*unixsocket\s/ { print $2 }' $CONFIG_FILE | tail -n1` - -# Just in case, use default host, port -HOST=${HOST:-127.0.0.1} -if [ "$SERVICE_NAME" = redis ]; then - PORT=${PORT:-6379} -else - PORT=${PORT:-26739} -fi - -# Setup additional parameters -# e.g password-protected redis instances -[ -z "$PASS" ] || ADDITIONAL_PARAMS="-a $PASS" - -# shutdown the service properly -if [ -e "$SOCK" ] ; then - $REDIS_CLI -s $SOCK $ADDITIONAL_PARAMS shutdown -else - $REDIS_CLI -h $HOST -p $PORT $ADDITIONAL_PARAMS shutdown -fi diff --git a/SOURCES/redis.init b/SOURCES/redis.init deleted file mode 100644 index 7f1ef6a..0000000 --- a/SOURCES/redis.init +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -# -# redis init file for starting up the redis daemon -# -# chkconfig: - 20 80 -# description: Starts and stops the redis daemon. -# -### BEGIN INIT INFO -# Provides: redis-server -# Required-Start: $local_fs $remote_fs $network -# Required-Stop: $local_fs $remote_fs $network -# Short-Description: start and stop Redis server -# Description: A persistent key-value database -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -name="redis-server" -exec="/usr/bin/$name" -shut="/usr/libexec/redis-shutdown" -pidfile="/var/run/redis/redis.pid" -REDIS_CONFIG="/etc/redis.conf" - -[ -e /etc/sysconfig/redis ] && . /etc/sysconfig/redis - -lockfile=/var/lock/subsys/redis - -start() { - [ -f $REDIS_CONFIG ] || exit 6 - [ -x $exec ] || exit 5 - echo -n $"Starting $name: " - daemon --user ${REDIS_USER-redis} "$exec $REDIS_CONFIG --daemonize yes --pidfile $pidfile" - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $name: " - [ -x $shut ] && $shut - retval=$? - if [ -f $pidfile ] - then - # shutdown haven't work, try old way - killproc -p $pidfile $name - retval=$? - else - success "$name shutdown" - fi - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -rh_status() { - status -p $pidfile $name -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" - exit 2 -esac -exit $? diff --git a/SOURCES/redis.service b/SOURCES/redis.service index 94ef85b..a577c83 100644 --- a/SOURCES/redis.service +++ b/SOURCES/redis.service @@ -1,10 +1,11 @@ [Unit] Description=Redis persistent key-value database After=network.target +After=network-online.target +Wants=network-online.target [Service] -ExecStart=/usr/bin/redis-server /etc/redis.conf --daemonize no --supervised systemd -ExecStop=/usr/libexec/redis-shutdown +ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --daemonize no --supervised systemd Type=notify User=redis Group=redis diff --git a/SPECS/redis.spec b/SPECS/redis.spec index e251598..63bef2b 100644 --- a/SPECS/redis.spec +++ b/SPECS/redis.spec @@ -1,5 +1,5 @@ # -# RHEL / Fedora spec file for redis +# Fedora spec file for redis # # License: MIT # http://opensource.org/licenses/MIT @@ -7,36 +7,36 @@ # Please preserve changelog entries # +# temp workaround to https://bugzilla.redhat.com/2059488 +%undefine _package_note_file + # Tests fail in mock, not in local build. %bcond_with tests # Commit IDs for the (unversioned) redis-doc repository # https://fedoraproject.org/wiki/Packaging:SourceURL "Commit Revision" -%global doc_commit 8d4bf9bc476829a84a055c049be72634d6e938df +%global doc_commit c7880ba85fd67cb09110a4be790da47d4a6cec80 %global short_doc_commit %(c=%{doc_commit}; echo ${c:0:7}) # %%{rpmmacrodir} not usable on EL-6 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) Name: redis -Version: 6.2.7 -Release: 1%{?dist} +Version: 7.0.12 +Release: 2%{?dist} Summary: A persistent key-value database -# redis, jemalloc, linenoise, lzf, hiredis are BSD -# lua is MIT -License: BSD and MIT +# redis, hiredis: BSD-3-Clause +# hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause +# lua: MIT +License: BSD-3-Clause AND BSD-2-Clause AND MIT URL: https://redis.io Source0: https://download.redis.io/releases/%{name}-%{version}.tar.gz Source1: %{name}.logrotate Source2: %{name}-sentinel.service Source3: %{name}.service -Source4: %{name}-sentinel.init -Source5: %{name}.init -Source6: %{name}-shutdown Source7: %{name}-limit-systemd -Source8: %{name}-limit-init Source9: macros.%{name} -Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz +Source10: https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz # To refresh patches: # tar xf redis-xxx.tar.gz && cd redis-xxx && git init && git add . && git commit -m "%%{version} baseline" @@ -44,13 +44,14 @@ Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/ # Then refresh your patches # git format-patch HEAD~ # Update configuration for Fedora -# https://github.com/antirez/redis/pull/3491 - man pages +# https://github.com/redis/redis/pull/3491 - man pages Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch -# revert BC break -Patch0003: redis-config.patch +Patch0002: 0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch # Security patches +Patch100: redis-CVE-2023-41056.patch +BuildRequires: make BuildRequires: gcc %if %{with tests} BuildRequires: procps-ng @@ -58,23 +59,26 @@ BuildRequires: tcl %endif BuildRequires: pkgconfig(libsystemd) BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros BuildRequires: openssl-devel -# Required for redis-shutdown -Requires: /bin/awk +# redis-trib functionality migrated to redis-cli +Obsoletes: redis-trib < 5 Requires: logrotate Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # from deps/hiredis/hiredis.h -Provides: bundled(hiredis) = 1.0.0 +Provides: bundled(hiredis) = 0.14.0 # from deps/jemalloc/VERSION -Provides: bundled(jemalloc) = 5.1.0 +Provides: bundled(jemalloc) = 5.2.1 # from deps/lua/src/lua.h Provides: bundled(lua-libs) = 5.1.5 # from deps/linenoise/linenoise.h Provides: bundled(linenoise) = 1.0 Provides: bundled(lzf) +# from deps/hdr_histogram/README.md +Provides: bundled(hdr_histogram) = 0.11.0 %global redis_modules_abi 1 %global redis_modules_dir %{_libdir}/%{name}/modules @@ -116,7 +120,7 @@ API documentation is available in the redis-doc package. %package doc Summary: Documentation for Redis including man pages -License: CC-BY-SA +License: CC-BY-SA-4.0 BuildArch: noarch # http://fedoraproject.org/wiki/Packaging:Conflicts "Splitting Packages" @@ -131,12 +135,15 @@ administration and development. %setup -q -b 10 %setup -q mv ../%{name}-doc-%{doc_commit} doc -%patch0001 -p1 -%patch0003 -p1 -b .rev +%patch -P0001 -p1 +%patch -P0002 -p1 +%patch -P100 -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc mv deps/hiredis/COPYING COPYING-hiredis +mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram +mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram # Configuration file changes sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf @@ -154,7 +161,7 @@ fi %global make_flags DEBUG="" V="echo" LDFLAGS="%{?__global_ldflags}" CFLAGS+="%{optflags} -fPIC" INSTALL="install -p" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes %build -make %{?_smp_mflags} %{make_flags} all +%make_build %{make_flags} all %install make %{make_flags} install @@ -169,8 +176,8 @@ install -d %{buildroot}%{redis_modules_dir} install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # Install configuration files. -install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf -install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}-sentinel.conf +install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf +install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf # Install systemd unit files. mkdir -p %{buildroot}%{_unitdir} @@ -184,9 +191,6 @@ install -p -D -m 644 %{S:7} %{buildroot}%{_sysconfdir}/systemd/system/%{name}-se # Fix non-standard-executable-perm error. chmod 755 %{buildroot}%{_bindir}/%{name}-* -# Install redis-shutdown -install -pDm755 %{S:6} %{buildroot}%{_libexecdir}/%{name}-shutdown - # Install redis module header install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h @@ -200,7 +204,7 @@ ln -s redis.conf.5 %{buildroot}%{_mandir}/man5/redis-sentinel.conf.5 # Install documentation and html pages doc=$(echo %{buildroot}/%{_docdir}/%{name}) -for page in 00-RELEASENOTES BUGS CONTRIBUTING MANIFESTO; do +for page in 00-RELEASENOTES BUGS MANIFESTO *.md; do install -Dpm644 $page $doc/$page done for page in $(find doc -name \*.md | sed -e 's|.md$||g'); do @@ -214,7 +218,7 @@ install -pDm644 %{S:9} %{buildroot}%{macrosdir}/macros.%{name} %check %if %{with tests} -# https://github.com/antirez/redis/issues/1417 (for "taskset -c 1") +# https://github.com/redis/redis/issues/1417 (for "taskset -c 1") taskset -c 1 make %{make_flags} test make %{make_flags} test-sentinel %endif @@ -228,6 +232,25 @@ useradd -r -g %{name} -d %{_sharedstatedir}/%{name} -s /sbin/nologin \ exit 0 %post +if [ -f %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf ]; then + if [ -f %{_sysconfdir}/%{name}/%{name}.conf.rpmnew ]; then + rm %{_sysconfdir}/%{name}/%{name}.conf.rpmnew + fi + if [ -f %{_sysconfdir}/%{name}/%{name}.conf ]; then + mv %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf.rpmnew + fi + mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf + echo -e "\nWarning: %{name} configuration is now in %{_sysconfdir}/%{name} directory\n" +fi +if [ -f %{_sysconfdir}/%{name}-sentinel.conf -a ! -L %{_sysconfdir}/%{name}-sentinel.conf ]; then + if [ -f %{_sysconfdir}/%{name}/sentinel.conf.rpmnew ]; then + rm %{_sysconfdir}/%{name}/sentinel.conf.rpmnew + fi + if [ -f %{_sysconfdir}/%{name}/sentinel.conf ]; then + mv %{_sysconfdir}/%{name}/sentinel.conf %{_sysconfdir}/%{name}/sentinel.conf.rpmnew + fi + mv %{_sysconfdir}/%{name}-sentinel.conf %{_sysconfdir}/%{name}/sentinel.conf +fi %systemd_post %{name}.service %systemd_post %{name}-sentinel.service @@ -245,18 +268,20 @@ exit 0 %license COPYRIGHT-lua %license COPYING-jemalloc %license COPYING-hiredis +%license LICENSE-hdrhistogram +%license COPYING-hdrhistogram %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} -%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}.conf -%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}-sentinel.conf -%dir %attr(0750, redis, redis) %{_libdir}/%{name} -%dir %attr(0750, redis, redis) %{redis_modules_dir} +%attr(0750, redis, root) %dir %{_sysconfdir}/%{name} +%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf +%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf +%dir %{_libdir}/%{name} +%dir %{redis_modules_dir} %dir %attr(0750, redis, redis) %{_sharedstatedir}/%{name} %dir %attr(0750, redis, redis) %{_localstatedir}/log/%{name} %exclude %{macrosdir} %exclude %{_includedir} %exclude %{_docdir}/%{name}/* %{_bindir}/%{name}-* -%{_libexecdir}/%{name}-* %{_mandir}/man1/%{name}* %{_mandir}/man5/%{name}* %{_unitdir}/%{name}.service @@ -274,68 +299,231 @@ exit 0 %{macrosdir}/* %files doc -# main package is not required -%license COPYING +# specific for documentation (CC-BY-SA) +%license doc/LICENSE %docdir %{_docdir}/%{name} %{_docdir}/%{name} %changelog -* Mon May 9 2022 Remi Collet - 6.2.7-1 -- rebase to 6.2.7 #1999873 +* Tue Feb 6 2024 Remi Collet - 7.0.12-2 +- Heap Buffer Overflow may lead to potential remote code execution + CVE-2023-41056 -* Mon Oct 11 2021 Remi Collet - 6.0.9-5 -- fix denial of service via Redis Standard Protocol (RESP) request - CVE-2021-32675 +* Tue Jul 11 2023 Remi Collet - 7.0.12-1 +- rebase to 7.0.12 #2221899 -* Fri Oct 8 2021 Remi Collet - 6.0.9-4 -- fix lua scripts can overflow the heap-based Lua stack - CVE-2021-32626 -- fix integer overflow issue with Streams - CVE-2021-32627 -- fix integer overflow bug in the ziplist data structure - CVE-2021-32628 -- fix integer overflow issue with intsets - CVE-2021-32687 -- fix integer overflow issue with strings - CVE-2021-41099 +* Thu May 25 2023 Remi Collet - 7.0.11-1 +- rebase to 7.0.11 for new redis:7 stream #2129826 -* Wed May 12 2021 Remi Collet - 6.0.9-3 -- fix integer overflow via STRALGO LCS command - CVE-2021-29477 +* Tue Apr 18 2023 Remi Collet - 7.0.11-1 +- Upstream 7.0.11 release. -* Tue Nov 24 2020 Remi Collet - 6.0.9-2 -- revert "simplify config rewrite file" and keep - configuration in /etc +* Thu Mar 30 2023 Remi Collet - 7.0.10-2 +- fix modules directory ownership and permissions #2176173 +- drop redis-shutdown helper and rely on systemd #2181181 -* Thu Oct 29 2020 Remi Collet - 6.0.9-1 -- update to 6.0.9 +* Tue Mar 21 2023 Remi Collet - 7.0.10-1 +- Upstream 7.0.10 release. -* Tue Oct 20 2020 Remi Collet - 6.0.8-1 -- update to 6.0.8 for new stream #1862063 +* Wed Feb 1 2023 Remi Collet - 7.0.9-1 +- Upstream 7.0.9 release. -* Thu Jul 11 2019 Remi Collet - 5.0.3-2 -- fix Heap buffer overflow in HyperLogLog triggered by malicious client - CVE-2019-10192 -- fix Stack buffer overflow in HyperLogLog triggered by malicious client - CVE-2019-10193 +* Fri Jan 20 2023 Fedora Release Engineering - 7.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -* Thu Dec 13 2018 Remi Collet - 5.0.3-1 -- update to 5.0.3 +* Tue Jan 17 2023 Remi Collet - 7.0.8-1 +- Upstream 7.0.8 release. + +* Fri Dec 16 2022 Remi Collet - 7.0.7-2 +- Upstream 7.0.7 release. +- refresh documentation + +* Tue Dec 13 2022 Remi Collet - 7.0.6-1 +- Upstream 7.0.6 release. + +* Mon Dec 5 2022 Florian Weimer - 7.0.5-2 +- Port makefile to C99 mode + +* Thu Sep 22 2022 Remi Collet - 7.0.5-1 +- Upstream 7.0.5 security release. + +* Sat Jul 23 2022 Fedora Release Engineering - 7.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jul 18 2022 Remi Collet - 7.0.4-1 +- Upstream 7.0.4 release. + +* Tue Jul 12 2022 Remi Collet - 7.0.3-1 +- Upstream 7.0.3 release. + +* Mon Jun 13 2022 Remi Collet - 7.0.2-1 +- Upstream 7.0.2 release. + +* Wed Jun 8 2022 Remi Collet - 7.0.1-1 +- Upstream 7.0.1 release. + +* Thu Apr 28 2022 Remi Collet - 7.0.0-1 +- Upstream 7.0.0 release. + +* Thu Apr 28 2022 Remi Collet - 6.2.7-1 +- Upstream 6.2.7 release. + +* Fri Jan 21 2022 Fedora Release Engineering - 6.2.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Nov 3 2021 Remi Collet - 6.2.6-2 +- use proper license in dec/devel sub-packages + +* Mon Oct 4 2021 Remi Collet - 6.2.6-1 +- Upstream 6.2.6 release. + +* Tue Sep 14 2021 Sahana Prasad - 6.2.5-2 +- Rebuilt with OpenSSL 3.0.0 + +* Thu Jul 22 2021 Nathan Scott - 6.2.5-1 +- Upstream 6.2.5 release (RHBZ #1984631). +- Fix CVE-2021-32761: 32-bit systems BITFIELD command integer overflow. + +* Wed Jun 2 2021 Remi Collet - 6.2.4-1 +- Upstream 6.2.4 release. + +* Tue May 4 2021 Remi Collet - 6.2.3-1 +- Upstream 6.2.3 release + +* Tue Apr 20 2021 Remi Collet - 6.2.2-1 +- Upstream 6.2.2 release + +* Thu Apr 01 2021 Nathan Scott - 6.2.1-1 +- Upstream 6.2.1 release +- Merged make-macros spec change from Tom Stellard + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 6.2.0-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Mon Mar 01 2021 Nathan Scott - 6.2.0-1 +- Upstream 6.2.0 release (RHBZ #1915463). +- drop patch merged upstream. + +* Wed Feb 24 2021 Nathan Scott - 6.0.11-1 +- Upstream 6.0.11 release. + +* Wed Jan 27 2021 Fedora Release Engineering - 6.0.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 13 2021 Remi Collet - 6.0.10-1 +- Upstream 6.0.10 release. + +* Tue Nov 24 2020 Remi Collet - 6.0.9-3 +- fix check for regular file, not symlink + +* Mon Nov 23 2020 Remi Collet - 6.0.9-2 +- move configuration in /etc/redis per upstream recommendation + see https://github.com/redis/redis/issues/8051 + +* Tue Oct 27 2020 Remi Collet - 6.0.9-1 +- Upstream 6.0.9 release. + +* Tue Oct 20 2020 Remi Collet - 6.0.8-2 +- add missing LICENSE files in main package + +* Thu Sep 10 2020 Remi Collet - 6.0.8-1 +- Upstream 6.0.8 release. + +* Tue Sep 1 2020 Remi Collet - 6.0.7-1 +- Upstream 6.0.7 release. +- drop patch merged upstream + +* Wed Jul 29 2020 Fedora Release Engineering - 6.0.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Remi Collet - 6.0.6-1 +- Upstream 6.0.6 release. +- drop patch merged upstream +- open https://github.com/redis/redis/pull/7543 fix deprecated tail syntax + +* Wed Jun 10 2020 Nathan Scott - 6.0.5-1 +- Upstream 6.0.5 release. + +* Thu May 28 2020 Remi Collet - 6.0.4-3 +- Add comment for TimeoutStartSec and TimeoutStopSec in limit.conf +- Fix missing notification to systemd for sentinel + patch from https://github.com/redis/redis/pull/7168 +- Upstream 6.0.4 release. + +* Mon May 18 2020 Nathan Scott - 6.0.3-1 +- Upstream 6.0.3 release. + +* Wed May 6 2020 Remi Collet - 6.0.1-1 +- Upstream 6.0.1 release. + +* Fri May 01 2020 Nathan Scott - 6.0.0-1 +- Upstream 6.0.0 release. + +* Fri Mar 13 2020 Nathan Scott - 5.0.8-1 +- Upstream 5.0.8 release. + +* Wed Feb 12 2020 Nathan Scott - 5.0.7-3 +- Patch extern SDS_NOINIT definition for gcc 10 (RHBZ #1799969) + +* Thu Jan 30 2020 Fedora Release Engineering - 5.0.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Tue Nov 19 2019 Carl George - 5.0.7-1 +- Latest upstream + +* Thu Sep 26 2019 Nathan Scott - 5.0.6-1 +- Upstream 5.0.6 release and redis-doc updates. + +* Fri Jul 26 2019 Fedora Release Engineering - 5.0.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 15 2019 Nathan Scott - 5.0.5-2 +- Use the (modified) bundled jemalloc for defrag (RHBZ #1725852) + +* Thu May 16 2019 Nathan Scott - 5.0.5-1 +- Upstream 5.0.5 release and redis-doc updates. + +* Sat May 11 2019 Nathan Scott - 5.0.4-2 +- Obsolete redis-trib - functionality now in redis-cli(1) +- Remove old chkconfig support, all systemd platforms now + +* Tue Mar 19 2019 Nathan Scott - 5.0.4-1 +- Upstream 5.0.4 release and redis-doc updates. +- Fix sentinel.conf logfile line addition. + +* Sat Feb 02 2019 Fedora Release Engineering - 5.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Dec 13 2018 Nathan Scott - 5.0.3-1 +- Upstream 5.0.3 release and redis-doc updates. + +* Fri Nov 23 2018 Nathan Scott - 5.0.2-1 +- Upstream 5.0.2 release and redis-doc updates. + +* Thu Nov 08 2018 Nathan Scott - 5.0.1-1 +- Upstream 5.0.1 release. + +* Thu Oct 18 2018 Nathan Scott - 5.0.0-1 +- Update systemd service files for network-online requirement +- Upstream 5.0.0 release. + +* Thu Aug 09 2018 Nathan Scott - 4.0.11-1 +- Drop the pandoc build dependency, install only markdown. +- Upstream 4.0.11 release. + +* Sat Jul 14 2018 Fedora Release Engineering - 4.0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon Jun 25 2018 Remi Collet - 4.0.10-2 -- drop build dependency on pandoc -- drop dependency on jemalloc #1591762 - fix License (BSD and MIT) - add bundled libraries licences -- cleanup conditions from spec file +- add information about bundled lzf * Thu Jun 14 2018 Nathan Scott - 4.0.10-1 - Upstream 4.0.10 release. -* Mon May 21 2018 Joe Orton - 4.0.9-1.2 -- rebuild (#1571197) - * Tue Mar 27 2018 Nathan Scott - 4.0.9-1 - Upstream 4.0.9 release. @@ -425,11 +613,11 @@ exit 0 * Wed Sep 14 2016 Remi Collet - 3.2.3-2 - add missing man pages #1374577 - using patch from https://github.com/antirez/redis/pull/3491 + using patch from https://github.com/redis/redis/pull/3491 - data and configuration should not be publicly readable #1374700 - remove /var/run/redis with systemd #1374728 - provide redis-check-rdb as a symlink to redis-server #1374736 - using patch from https://github.com/antirez/redis/pull/3494 + using patch from https://github.com/redis/redis/pull/3494 - move redis-shutdown to libexec * Thu Aug 4 2016 Haïkel Guémar - 3.2.3-1