import CS redis-7.0.12-2.module_el9_3+978+267ab8ff

This commit is contained in:
eabdullin 2024-03-07 10:15:19 +00:00
parent a48937d889
commit 6ad927bc77
12 changed files with 363 additions and 437 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/redis-6.2.7.tar.gz SOURCES/redis-7.0.12.tar.gz
SOURCES/redis-doc-8d4bf9b.tar.gz SOURCES/redis-doc-c7880ba.tar.gz

View File

@ -1,2 +1,2 @@
b01ef3f117c9815dea41bf2609e489a03c3a5ab1 SOURCES/redis-6.2.7.tar.gz cd8190d9289d46be2b3a30dda14ffba8a92abbc8 SOURCES/redis-7.0.12.tar.gz
45ec7c3b4a034891252507febace7e25ee64b4d9 SOURCES/redis-doc-8d4bf9b.tar.gz b2c7f2bee8e40fc6bd5385c25429fa537e2751c5 SOURCES/redis-doc-c7880ba.tar.gz

View File

@ -0,0 +1,33 @@
From bbace21828d7e82f1c481f0e1caece31b661cbd9 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 5 Dec 2022 11:10:37 +0100
Subject: [PATCH 2/2] deps/jemalloc: Do not force building in gnu99 mode
Content-type: text/plain
The jemalloc configure logic switches to gnu11 mode if available,
and this explicit flags injection prevents that. The main difference
seems to be that in gnu99 mode, <stdatomic.h> is presumed to be
unavailable and is not used.
Submitted upstream: <https://github.com/redis/redis/pull/11583>
---
deps/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/deps/Makefile b/deps/Makefile
index 8592e17..d6cb06e 100644
--- a/deps/Makefile
+++ b/deps/Makefile
@@ -90,7 +90,7 @@ lua: .make-prerequisites
.PHONY: lua
-JEMALLOC_CFLAGS= -std=gnu99 -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS)
+JEMALLOC_CFLAGS= -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS)
JEMALLOC_LDFLAGS= $(LDFLAGS)
ifneq ($(DEB_HOST_GNU_TYPE),)
--
2.38.1

View File

@ -0,0 +1,54 @@
From e351099e1119fb89496be578f5232c61ce300224 Mon Sep 17 00:00:00 2001
From: Oran Agra <oran@redislabs.com>
Date: Sun, 7 Jan 2024 12:32:44 +0200
Subject: [PATCH] Fix possible corruption in sdsResize (CVE-2023-41056)
#11766 introduced a bug in sdsResize where it could forget to update
the sds type in the sds header and then cause an overflow in sdsalloc.
it looks like the only implication of that is a possible assertion in HLL,
but it's hard to rule out possible heap corruption issues with clientsCronResizeQueryBuffer
---
src/sds.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/src/sds.c b/src/sds.c
index 8e5863a3ab8e..71490d5b2522 100644
--- a/src/sds.c
+++ b/src/sds.c
@@ -348,20 +348,22 @@ sds sdsResize(sds s, size_t size, int would_regrow) {
* type. */
int use_realloc = (oldtype==type || (type < oldtype && type > SDS_TYPE_8));
size_t newlen = use_realloc ? oldhdrlen+size+1 : hdrlen+size+1;
- int alloc_already_optimal = 0;
- #if defined(USE_JEMALLOC)
- /* je_nallocx returns the expected allocation size for the newlen.
- * We aim to avoid calling realloc() when using Jemalloc if there is no
- * change in the allocation size, as it incurs a cost even if the
- * allocation size stays the same. */
- alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh));
- #endif
-
- if (use_realloc && !alloc_already_optimal) {
- newsh = s_realloc(sh, newlen);
- if (newsh == NULL) return NULL;
- s = (char*)newsh+oldhdrlen;
- } else if (!alloc_already_optimal) {
+
+ if (use_realloc) {
+ int alloc_already_optimal = 0;
+ #if defined(USE_JEMALLOC)
+ /* je_nallocx returns the expected allocation size for the newlen.
+ * We aim to avoid calling realloc() when using Jemalloc if there is no
+ * change in the allocation size, as it incurs a cost even if the
+ * allocation size stays the same. */
+ alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh));
+ #endif
+ if (!alloc_already_optimal) {
+ newsh = s_realloc(sh, newlen);
+ if (newsh == NULL) return NULL;
+ s = (char*)newsh+oldhdrlen;
+ }
+ } else {
newsh = s_malloc(newlen);
if (newsh == NULL) return NULL;
memcpy((char*)newsh+hdrlen, s, len);

View File

@ -1,117 +0,0 @@
Revert to 6.0.8 behavior to save configuration file
to fix "CONFIG REWRITE" when using /etc/redis.conf
as new behavior expect a writable directory
Revert: 90555566ed5cbd3e1c3df1293ba3bbf6098e34c3
See discussion about this breaking change in
https://github.com/redis/redis/issues/8051
diff -up ./src/config.c.rev ./src/config.c
--- ./src/config.c.rev 2022-05-09 14:48:31.118296748 +0200
+++ ./src/config.c 2022-05-09 14:48:41.571163767 +0200
@@ -1605,62 +1605,60 @@ void rewriteConfigRemoveOrphaned(struct
dictReleaseIterator(di);
}
-/* This function replaces the old configuration file with the new content
- * in an atomic manner.
+/* This function overwrites the old configuration file with the new content.
+ *
+ * 1) The old file length is obtained.
+ * 2) If the new content is smaller, padding is added.
+ * 3) A single write(2) call is used to replace the content of the file.
+ * 4) Later the file is truncated to the length of the new content.
+ *
+ * This way we are sure the file is left in a consistent state even if the
+ * process is stopped between any of the four operations.
*
* The function returns 0 on success, otherwise -1 is returned and errno
- * is set accordingly. */
+ * set accordingly. */
int rewriteConfigOverwriteFile(char *configfile, sds content) {
- int fd = -1;
- int retval = -1;
- char tmp_conffile[PATH_MAX];
- const char *tmp_suffix = ".XXXXXX";
- size_t offset = 0;
- ssize_t written_bytes = 0;
-
- int tmp_path_len = snprintf(tmp_conffile, sizeof(tmp_conffile), "%s%s", configfile, tmp_suffix);
- if (tmp_path_len <= 0 || (unsigned int)tmp_path_len >= sizeof(tmp_conffile)) {
- serverLog(LL_WARNING, "Config file full path is too long");
- errno = ENAMETOOLONG;
- return retval;
+ int retval = 0;
+ int fd = open(configfile,O_RDWR|O_CREAT,0644);
+ int content_size = sdslen(content), padding = 0;
+ struct stat sb;
+ sds content_padded;
+
+ /* 1) Open the old file (or create a new one if it does not
+ * exist), get the size. */
+ if (fd == -1) return -1; /* errno set by open(). */
+ if (fstat(fd,&sb) == -1) {
+ close(fd);
+ return -1; /* errno set by fstat(). */
}
-#ifdef _GNU_SOURCE
- fd = mkostemp(tmp_conffile, O_CLOEXEC);
-#else
- /* There's a theoretical chance here to leak the FD if a module thread forks & execv in the middle */
- fd = mkstemp(tmp_conffile);
-#endif
-
- if (fd == -1) {
- serverLog(LL_WARNING, "Could not create tmp config file (%s)", strerror(errno));
- return retval;
+ /* 2) Pad the content at least match the old file size. */
+ content_padded = sdsdup(content);
+ if (content_size < sb.st_size) {
+ /* If the old file was bigger, pad the content with
+ * a newline plus as many "#" chars as required. */
+ padding = sb.st_size - content_size;
+ content_padded = sdsgrowzero(content_padded,sb.st_size);
+ content_padded[content_size] = '\n';
+ memset(content_padded+content_size+1,'#',padding-1);
}
- while (offset < sdslen(content)) {
- written_bytes = write(fd, content + offset, sdslen(content) - offset);
- if (written_bytes <= 0) {
- if (errno == EINTR) continue; /* FD is blocking, no other retryable errors */
- serverLog(LL_WARNING, "Failed after writing (%zd) bytes to tmp config file (%s)", offset, strerror(errno));
- goto cleanup;
- }
- offset+=written_bytes;
+ /* 3) Write the new content using a single write(2). */
+ if (write(fd,content_padded,strlen(content_padded)) == -1) {
+ retval = -1;
+ goto cleanup;
}
- if (fsync(fd))
- serverLog(LL_WARNING, "Could not sync tmp config file to disk (%s)", strerror(errno));
- else if (fchmod(fd, 0644 & ~server.umask) == -1)
- serverLog(LL_WARNING, "Could not chmod config file (%s)", strerror(errno));
- else if (rename(tmp_conffile, configfile) == -1)
- serverLog(LL_WARNING, "Could not rename tmp config file (%s)", strerror(errno));
- else {
- retval = 0;
- serverLog(LL_DEBUG, "Rewritten config file (%s) successfully", configfile);
- }
+ /* 4) Truncate the file to the right length if we used padding. */
+ if (padding) {
+ if (ftruncate(fd,content_size) == -1) {
+ /* Non critical error... */
+ }
+ }
cleanup:
+ sdsfree(content_padded);
close(fd);
- if (retval) unlink(tmp_conffile);
return retval;
}

View File

@ -1,6 +0,0 @@
# If you need to change max open file limit
# for example, when you change maxclient in configuration
# you can change the value below
# see "man limits.conf" for information
redis soft nofile 10240
redis hard nofile 10240

View File

@ -1,94 +0,0 @@
#!/bin/sh
#
# redis init file for starting up the redis-sentinel daemon
#
# chkconfig: - 21 79
# description: Starts and stops the redis-sentinel daemon.
#
### BEGIN INIT INFO
# Provides: redis-sentinel
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: start and stop Sentinel server
# Description: A persistent key-value database
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
name="redis-sentinel"
exec="/usr/bin/$name"
shut="/usr/libexec/redis-shutdown"
pidfile="/var/run/redis/sentinel.pid"
SENTINEL_CONFIG="/etc/redis-sentinel.conf"
[ -e /etc/sysconfig/redis-sentinel ] && . /etc/sysconfig/redis-sentinel
lockfile=/var/lock/subsys/redis
start() {
[ -f $SENTINEL_CONFIG ] || exit 6
[ -x $exec ] || exit 5
echo -n $"Starting $name: "
daemon --user ${REDIS_USER-redis} "$exec $SENTINEL_CONFIG --daemonize yes --pidfile $pidfile"
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $name: "
[ -x $shut ] && $shut $name
retval=$?
if [ -f $pidfile ]
then
# shutdown haven't work, try old way
killproc -p $pidfile $name
retval=$?
else
success "$name shutdown"
fi
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
rh_status() {
status -p $pidfile $name
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
exit 2
esac
exit $?

View File

@ -1,10 +1,11 @@
[Unit] [Unit]
Description=Redis Sentinel Description=Redis Sentinel
After=network.target After=network.target
After=network-online.target
Wants=network-online.target
[Service] [Service]
ExecStart=/usr/bin/redis-sentinel /etc/redis-sentinel.conf --daemonize no --supervised systemd ExecStart=/usr/bin/redis-sentinel /etc/redis/sentinel.conf --daemonize no --supervised systemd
ExecStop=/usr/libexec/redis-shutdown redis-sentinel
Type=notify Type=notify
User=redis User=redis
Group=redis Group=redis

View File

@ -1,40 +0,0 @@
#!/bin/bash
#
# Wrapper to close properly redis and sentinel
test x"$REDIS_DEBUG" != x && set -x
REDIS_CLI=/usr/bin/redis-cli
# Retrieve service name
SERVICE_NAME="$1"
if [ -z "$SERVICE_NAME" ]; then
SERVICE_NAME=redis
fi
# Get the proper config file based on service name
CONFIG_FILE="/etc/$SERVICE_NAME.conf"
# Use awk to retrieve host, port from config file
HOST=`awk '/^[[:blank:]]*bind/ { print $2 }' $CONFIG_FILE | tail -n1`
PORT=`awk '/^[[:blank:]]*port/ { print $2 }' $CONFIG_FILE | tail -n1`
PASS=`awk '/^[[:blank:]]*requirepass/ { print $2 }' $CONFIG_FILE | tail -n1`
SOCK=`awk '/^[[:blank:]]*unixsocket\s/ { print $2 }' $CONFIG_FILE | tail -n1`
# Just in case, use default host, port
HOST=${HOST:-127.0.0.1}
if [ "$SERVICE_NAME" = redis ]; then
PORT=${PORT:-6379}
else
PORT=${PORT:-26739}
fi
# Setup additional parameters
# e.g password-protected redis instances
[ -z "$PASS" ] || ADDITIONAL_PARAMS="-a $PASS"
# shutdown the service properly
if [ -e "$SOCK" ] ; then
$REDIS_CLI -s $SOCK $ADDITIONAL_PARAMS shutdown
else
$REDIS_CLI -h $HOST -p $PORT $ADDITIONAL_PARAMS shutdown
fi

View File

@ -1,94 +0,0 @@
#!/bin/sh
#
# redis init file for starting up the redis daemon
#
# chkconfig: - 20 80
# description: Starts and stops the redis daemon.
#
### BEGIN INIT INFO
# Provides: redis-server
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Short-Description: start and stop Redis server
# Description: A persistent key-value database
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
name="redis-server"
exec="/usr/bin/$name"
shut="/usr/libexec/redis-shutdown"
pidfile="/var/run/redis/redis.pid"
REDIS_CONFIG="/etc/redis.conf"
[ -e /etc/sysconfig/redis ] && . /etc/sysconfig/redis
lockfile=/var/lock/subsys/redis
start() {
[ -f $REDIS_CONFIG ] || exit 6
[ -x $exec ] || exit 5
echo -n $"Starting $name: "
daemon --user ${REDIS_USER-redis} "$exec $REDIS_CONFIG --daemonize yes --pidfile $pidfile"
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $name: "
[ -x $shut ] && $shut
retval=$?
if [ -f $pidfile ]
then
# shutdown haven't work, try old way
killproc -p $pidfile $name
retval=$?
else
success "$name shutdown"
fi
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
start
}
rh_status() {
status -p $pidfile $name
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
exit 2
esac
exit $?

View File

@ -1,10 +1,11 @@
[Unit] [Unit]
Description=Redis persistent key-value database Description=Redis persistent key-value database
After=network.target After=network.target
After=network-online.target
Wants=network-online.target
[Service] [Service]
ExecStart=/usr/bin/redis-server /etc/redis.conf --daemonize no --supervised systemd ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --daemonize no --supervised systemd
ExecStop=/usr/libexec/redis-shutdown
Type=notify Type=notify
User=redis User=redis
Group=redis Group=redis

View File

@ -1,5 +1,5 @@
# #
# RHEL / Fedora spec file for redis # Fedora spec file for redis
# #
# License: MIT # License: MIT
# http://opensource.org/licenses/MIT # http://opensource.org/licenses/MIT
@ -7,36 +7,36 @@
# Please preserve changelog entries # Please preserve changelog entries
# #
# temp workaround to https://bugzilla.redhat.com/2059488
%undefine _package_note_file
# Tests fail in mock, not in local build. # Tests fail in mock, not in local build.
%bcond_with tests %bcond_with tests
# Commit IDs for the (unversioned) redis-doc repository # Commit IDs for the (unversioned) redis-doc repository
# https://fedoraproject.org/wiki/Packaging:SourceURL "Commit Revision" # https://fedoraproject.org/wiki/Packaging:SourceURL "Commit Revision"
%global doc_commit 8d4bf9bc476829a84a055c049be72634d6e938df %global doc_commit c7880ba85fd67cb09110a4be790da47d4a6cec80
%global short_doc_commit %(c=%{doc_commit}; echo ${c:0:7}) %global short_doc_commit %(c=%{doc_commit}; echo ${c:0:7})
# %%{rpmmacrodir} not usable on EL-6 # %%{rpmmacrodir} not usable on EL-6
%global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d) %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
Name: redis Name: redis
Version: 6.2.7 Version: 7.0.12
Release: 1%{?dist} Release: 2%{?dist}
Summary: A persistent key-value database Summary: A persistent key-value database
# redis, jemalloc, linenoise, lzf, hiredis are BSD # redis, hiredis: BSD-3-Clause
# lua is MIT # hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause
License: BSD and MIT # lua: MIT
License: BSD-3-Clause AND BSD-2-Clause AND MIT
URL: https://redis.io URL: https://redis.io
Source0: https://download.redis.io/releases/%{name}-%{version}.tar.gz Source0: https://download.redis.io/releases/%{name}-%{version}.tar.gz
Source1: %{name}.logrotate Source1: %{name}.logrotate
Source2: %{name}-sentinel.service Source2: %{name}-sentinel.service
Source3: %{name}.service Source3: %{name}.service
Source4: %{name}-sentinel.init
Source5: %{name}.init
Source6: %{name}-shutdown
Source7: %{name}-limit-systemd Source7: %{name}-limit-systemd
Source8: %{name}-limit-init
Source9: macros.%{name} Source9: macros.%{name}
Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz Source10: https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/%{name}-doc-%{short_doc_commit}.tar.gz
# To refresh patches: # To refresh patches:
# tar xf redis-xxx.tar.gz && cd redis-xxx && git init && git add . && git commit -m "%%{version} baseline" # tar xf redis-xxx.tar.gz && cd redis-xxx && git init && git add . && git commit -m "%%{version} baseline"
@ -44,13 +44,14 @@ Source10: https://github.com/antirez/%{name}-doc/archive/%{doc_commit}/
# Then refresh your patches # Then refresh your patches
# git format-patch HEAD~<number of expected patches> # git format-patch HEAD~<number of expected patches>
# Update configuration for Fedora # Update configuration for Fedora
# https://github.com/antirez/redis/pull/3491 - man pages # https://github.com/redis/redis/pull/3491 - man pages
Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch Patch0001: 0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
# revert BC break Patch0002: 0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch
Patch0003: redis-config.patch
# Security patches # Security patches
Patch100: redis-CVE-2023-41056.patch
BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
%if %{with tests} %if %{with tests}
BuildRequires: procps-ng BuildRequires: procps-ng
@ -58,23 +59,26 @@ BuildRequires: tcl
%endif %endif
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
BuildRequires: systemd-devel BuildRequires: systemd-devel
BuildRequires: systemd-rpm-macros
BuildRequires: openssl-devel BuildRequires: openssl-devel
# Required for redis-shutdown # redis-trib functionality migrated to redis-cli
Requires: /bin/awk Obsoletes: redis-trib < 5
Requires: logrotate Requires: logrotate
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires(post): systemd Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
# from deps/hiredis/hiredis.h # from deps/hiredis/hiredis.h
Provides: bundled(hiredis) = 1.0.0 Provides: bundled(hiredis) = 0.14.0
# from deps/jemalloc/VERSION # from deps/jemalloc/VERSION
Provides: bundled(jemalloc) = 5.1.0 Provides: bundled(jemalloc) = 5.2.1
# from deps/lua/src/lua.h # from deps/lua/src/lua.h
Provides: bundled(lua-libs) = 5.1.5 Provides: bundled(lua-libs) = 5.1.5
# from deps/linenoise/linenoise.h # from deps/linenoise/linenoise.h
Provides: bundled(linenoise) = 1.0 Provides: bundled(linenoise) = 1.0
Provides: bundled(lzf) Provides: bundled(lzf)
# from deps/hdr_histogram/README.md
Provides: bundled(hdr_histogram) = 0.11.0
%global redis_modules_abi 1 %global redis_modules_abi 1
%global redis_modules_dir %{_libdir}/%{name}/modules %global redis_modules_dir %{_libdir}/%{name}/modules
@ -116,7 +120,7 @@ API documentation is available in the redis-doc package.
%package doc %package doc
Summary: Documentation for Redis including man pages Summary: Documentation for Redis including man pages
License: CC-BY-SA License: CC-BY-SA-4.0
BuildArch: noarch BuildArch: noarch
# http://fedoraproject.org/wiki/Packaging:Conflicts "Splitting Packages" # http://fedoraproject.org/wiki/Packaging:Conflicts "Splitting Packages"
@ -131,12 +135,15 @@ administration and development.
%setup -q -b 10 %setup -q -b 10
%setup -q %setup -q
mv ../%{name}-doc-%{doc_commit} doc mv ../%{name}-doc-%{doc_commit} doc
%patch0001 -p1 %patch -P0001 -p1
%patch0003 -p1 -b .rev %patch -P0002 -p1
%patch -P100 -p1
mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/lua/COPYRIGHT COPYRIGHT-lua
mv deps/jemalloc/COPYING COPYING-jemalloc mv deps/jemalloc/COPYING COPYING-jemalloc
mv deps/hiredis/COPYING COPYING-hiredis mv deps/hiredis/COPYING COPYING-hiredis
mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram
mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram
# Configuration file changes # Configuration file changes
sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf
@ -154,7 +161,7 @@ fi
%global make_flags DEBUG="" V="echo" LDFLAGS="%{?__global_ldflags}" CFLAGS+="%{optflags} -fPIC" INSTALL="install -p" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes %global make_flags DEBUG="" V="echo" LDFLAGS="%{?__global_ldflags}" CFLAGS+="%{optflags} -fPIC" INSTALL="install -p" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes
%build %build
make %{?_smp_mflags} %{make_flags} all %make_build %{make_flags} all
%install %install
make %{make_flags} install make %{make_flags} install
@ -169,8 +176,8 @@ install -d %{buildroot}%{redis_modules_dir}
install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -pDm644 %{S:1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
# Install configuration files. # Install configuration files.
install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf install -pDm640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf
install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}-sentinel.conf install -pDm640 sentinel.conf %{buildroot}%{_sysconfdir}/%{name}/sentinel.conf
# Install systemd unit files. # Install systemd unit files.
mkdir -p %{buildroot}%{_unitdir} mkdir -p %{buildroot}%{_unitdir}
@ -184,9 +191,6 @@ install -p -D -m 644 %{S:7} %{buildroot}%{_sysconfdir}/systemd/system/%{name}-se
# Fix non-standard-executable-perm error. # Fix non-standard-executable-perm error.
chmod 755 %{buildroot}%{_bindir}/%{name}-* chmod 755 %{buildroot}%{_bindir}/%{name}-*
# Install redis-shutdown
install -pDm755 %{S:6} %{buildroot}%{_libexecdir}/%{name}-shutdown
# Install redis module header # Install redis module header
install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h install -pDm644 src/%{name}module.h %{buildroot}%{_includedir}/%{name}module.h
@ -200,7 +204,7 @@ ln -s redis.conf.5 %{buildroot}%{_mandir}/man5/redis-sentinel.conf.5
# Install documentation and html pages # Install documentation and html pages
doc=$(echo %{buildroot}/%{_docdir}/%{name}) doc=$(echo %{buildroot}/%{_docdir}/%{name})
for page in 00-RELEASENOTES BUGS CONTRIBUTING MANIFESTO; do for page in 00-RELEASENOTES BUGS MANIFESTO *.md; do
install -Dpm644 $page $doc/$page install -Dpm644 $page $doc/$page
done done
for page in $(find doc -name \*.md | sed -e 's|.md$||g'); do for page in $(find doc -name \*.md | sed -e 's|.md$||g'); do
@ -214,7 +218,7 @@ install -pDm644 %{S:9} %{buildroot}%{macrosdir}/macros.%{name}
%check %check
%if %{with tests} %if %{with tests}
# https://github.com/antirez/redis/issues/1417 (for "taskset -c 1") # https://github.com/redis/redis/issues/1417 (for "taskset -c 1")
taskset -c 1 make %{make_flags} test taskset -c 1 make %{make_flags} test
make %{make_flags} test-sentinel make %{make_flags} test-sentinel
%endif %endif
@ -228,6 +232,25 @@ useradd -r -g %{name} -d %{_sharedstatedir}/%{name} -s /sbin/nologin \
exit 0 exit 0
%post %post
if [ -f %{_sysconfdir}/%{name}.conf -a ! -L %{_sysconfdir}/%{name}.conf ]; then
if [ -f %{_sysconfdir}/%{name}/%{name}.conf.rpmnew ]; then
rm %{_sysconfdir}/%{name}/%{name}.conf.rpmnew
fi
if [ -f %{_sysconfdir}/%{name}/%{name}.conf ]; then
mv %{_sysconfdir}/%{name}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf.rpmnew
fi
mv %{_sysconfdir}/%{name}.conf %{_sysconfdir}/%{name}/%{name}.conf
echo -e "\nWarning: %{name} configuration is now in %{_sysconfdir}/%{name} directory\n"
fi
if [ -f %{_sysconfdir}/%{name}-sentinel.conf -a ! -L %{_sysconfdir}/%{name}-sentinel.conf ]; then
if [ -f %{_sysconfdir}/%{name}/sentinel.conf.rpmnew ]; then
rm %{_sysconfdir}/%{name}/sentinel.conf.rpmnew
fi
if [ -f %{_sysconfdir}/%{name}/sentinel.conf ]; then
mv %{_sysconfdir}/%{name}/sentinel.conf %{_sysconfdir}/%{name}/sentinel.conf.rpmnew
fi
mv %{_sysconfdir}/%{name}-sentinel.conf %{_sysconfdir}/%{name}/sentinel.conf
fi
%systemd_post %{name}.service %systemd_post %{name}.service
%systemd_post %{name}-sentinel.service %systemd_post %{name}-sentinel.service
@ -245,18 +268,20 @@ exit 0
%license COPYRIGHT-lua %license COPYRIGHT-lua
%license COPYING-jemalloc %license COPYING-jemalloc
%license COPYING-hiredis %license COPYING-hiredis
%license LICENSE-hdrhistogram
%license COPYING-hdrhistogram
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}.conf %attr(0750, redis, root) %dir %{_sysconfdir}/%{name}
%attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}-sentinel.conf %attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
%dir %attr(0750, redis, redis) %{_libdir}/%{name} %attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/sentinel.conf
%dir %attr(0750, redis, redis) %{redis_modules_dir} %dir %{_libdir}/%{name}
%dir %{redis_modules_dir}
%dir %attr(0750, redis, redis) %{_sharedstatedir}/%{name} %dir %attr(0750, redis, redis) %{_sharedstatedir}/%{name}
%dir %attr(0750, redis, redis) %{_localstatedir}/log/%{name} %dir %attr(0750, redis, redis) %{_localstatedir}/log/%{name}
%exclude %{macrosdir} %exclude %{macrosdir}
%exclude %{_includedir} %exclude %{_includedir}
%exclude %{_docdir}/%{name}/* %exclude %{_docdir}/%{name}/*
%{_bindir}/%{name}-* %{_bindir}/%{name}-*
%{_libexecdir}/%{name}-*
%{_mandir}/man1/%{name}* %{_mandir}/man1/%{name}*
%{_mandir}/man5/%{name}* %{_mandir}/man5/%{name}*
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
@ -274,68 +299,231 @@ exit 0
%{macrosdir}/* %{macrosdir}/*
%files doc %files doc
# main package is not required # specific for documentation (CC-BY-SA)
%license COPYING %license doc/LICENSE
%docdir %{_docdir}/%{name} %docdir %{_docdir}/%{name}
%{_docdir}/%{name} %{_docdir}/%{name}
%changelog %changelog
* Mon May 9 2022 Remi Collet <rcollet@redhat.com> - 6.2.7-1 * Tue Feb 6 2024 Remi Collet <rcollet@redhat.com> - 7.0.12-2
- rebase to 6.2.7 #1999873 - Heap Buffer Overflow may lead to potential remote code execution
CVE-2023-41056
* Mon Oct 11 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-5 * Tue Jul 11 2023 Remi Collet <rcollet@redhat.com> - 7.0.12-1
- fix denial of service via Redis Standard Protocol (RESP) request - rebase to 7.0.12 #2221899
CVE-2021-32675
* Fri Oct 8 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-4 * Thu May 25 2023 Remi Collet <rcollet@redhat.com> - 7.0.11-1
- fix lua scripts can overflow the heap-based Lua stack - rebase to 7.0.11 for new redis:7 stream #2129826
CVE-2021-32626
- fix integer overflow issue with Streams
CVE-2021-32627
- fix integer overflow bug in the ziplist data structure
CVE-2021-32628
- fix integer overflow issue with intsets
CVE-2021-32687
- fix integer overflow issue with strings
CVE-2021-41099
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3 * Tue Apr 18 2023 Remi Collet <remi@remirepo.net> - 7.0.11-1
- fix integer overflow via STRALGO LCS command - Upstream 7.0.11 release.
CVE-2021-29477
* Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2 * Thu Mar 30 2023 Remi Collet <remi@remirepo.net> - 7.0.10-2
- revert "simplify config rewrite file" and keep - fix modules directory ownership and permissions #2176173
configuration in /etc - drop redis-shutdown helper and rely on systemd #2181181
* Thu Oct 29 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-1 * Tue Mar 21 2023 Remi Collet <remi@remirepo.net> - 7.0.10-1
- update to 6.0.9 - Upstream 7.0.10 release.
* Tue Oct 20 2020 Remi Collet <rcollet@redhat.com> - 6.0.8-1 * Wed Feb 1 2023 Remi Collet <remi@remirepo.net> - 7.0.9-1
- update to 6.0.8 for new stream #1862063 - Upstream 7.0.9 release.
* Thu Jul 11 2019 Remi Collet <rcollet@redhat.com> - 5.0.3-2 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.0.8-2
- fix Heap buffer overflow in HyperLogLog triggered by malicious client - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
CVE-2019-10192
- fix Stack buffer overflow in HyperLogLog triggered by malicious client
CVE-2019-10193
* Thu Dec 13 2018 Remi Collet <rcollet@redhat.com> - 5.0.3-1 * Tue Jan 17 2023 Remi Collet <remi@remirepo.net> - 7.0.8-1
- update to 5.0.3 - Upstream 7.0.8 release.
* Fri Dec 16 2022 Remi Collet <remi@remirepo.net> - 7.0.7-2
- Upstream 7.0.7 release.
- refresh documentation
* Tue Dec 13 2022 Remi Collet <remi@remirepo.net> - 7.0.6-1
- Upstream 7.0.6 release.
* Mon Dec 5 2022 Florian Weimer <fweimer@redhat.com> - 7.0.5-2
- Port makefile to C99 mode
* Thu Sep 22 2022 Remi Collet <remi@remirepo.net> - 7.0.5-1
- Upstream 7.0.5 security release.
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Remi Collet <remi@remirepo.net> - 7.0.4-1
- Upstream 7.0.4 release.
* Tue Jul 12 2022 Remi Collet <remi@remirepo.net> - 7.0.3-1
- Upstream 7.0.3 release.
* Mon Jun 13 2022 Remi Collet <remi@remirepo.net> - 7.0.2-1
- Upstream 7.0.2 release.
* Wed Jun 8 2022 Remi Collet <remi@remirepo.net> - 7.0.1-1
- Upstream 7.0.1 release.
* Thu Apr 28 2022 Remi Collet <remi@remirepo.net> - 7.0.0-1
- Upstream 7.0.0 release.
* Thu Apr 28 2022 Remi Collet <remi@remirepo.net> - 6.2.7-1
- Upstream 6.2.7 release.
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.2.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Nov 3 2021 Remi Collet <remi@remirepo.net> - 6.2.6-2
- use proper license in dec/devel sub-packages
* Mon Oct 4 2021 Remi Collet <remi@remirepo.net> - 6.2.6-1
- Upstream 6.2.6 release.
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 6.2.5-2
- Rebuilt with OpenSSL 3.0.0
* Thu Jul 22 2021 Nathan Scott <nathans@redhat.com> - 6.2.5-1
- Upstream 6.2.5 release (RHBZ #1984631).
- Fix CVE-2021-32761: 32-bit systems BITFIELD command integer overflow.
* Wed Jun 2 2021 Remi Collet <remi@remirepo.net> - 6.2.4-1
- Upstream 6.2.4 release.
* Tue May 4 2021 Remi Collet <remi@remirepo.net> - 6.2.3-1
- Upstream 6.2.3 release
* Tue Apr 20 2021 Remi Collet <remi@remirepo.net> - 6.2.2-1
- Upstream 6.2.2 release
* Thu Apr 01 2021 Nathan Scott <nathans@redhat.com> - 6.2.1-1
- Upstream 6.2.1 release
- Merged make-macros spec change from Tom Stellard
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 6.2.0-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Mar 01 2021 Nathan Scott <nathans@redhat.com> - 6.2.0-1
- Upstream 6.2.0 release (RHBZ #1915463).
- drop patch merged upstream.
* Wed Feb 24 2021 Nathan Scott <nathans@redhat.com> - 6.0.11-1
- Upstream 6.0.11 release.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 13 2021 Remi Collet <remi@remirepo.net> - 6.0.10-1
- Upstream 6.0.10 release.
* Tue Nov 24 2020 Remi Collet <remi@remirepo.net> - 6.0.9-3
- fix check for regular file, not symlink
* Mon Nov 23 2020 Remi Collet <remi@remirepo.net> - 6.0.9-2
- move configuration in /etc/redis per upstream recommendation
see https://github.com/redis/redis/issues/8051
* Tue Oct 27 2020 Remi Collet <remi@remirepo.net> - 6.0.9-1
- Upstream 6.0.9 release.
* Tue Oct 20 2020 Remi Collet <remi@remirepo.net> - 6.0.8-2
- add missing LICENSE files in main package
* Thu Sep 10 2020 Remi Collet <remi@remirepo.net> - 6.0.8-1
- Upstream 6.0.8 release.
* Tue Sep 1 2020 Remi Collet <remi@remirepo.net> - 6.0.7-1
- Upstream 6.0.7 release.
- drop patch merged upstream
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 21 2020 Remi Collet <rcollet@redhat.com> - 6.0.6-1
- Upstream 6.0.6 release.
- drop patch merged upstream
- open https://github.com/redis/redis/pull/7543 fix deprecated tail syntax
* Wed Jun 10 2020 Nathan Scott <nathans@redhat.com> - 6.0.5-1
- Upstream 6.0.5 release.
* Thu May 28 2020 Remi Collet <remi@remirepo.net> - 6.0.4-3
- Add comment for TimeoutStartSec and TimeoutStopSec in limit.conf
- Fix missing notification to systemd for sentinel
patch from https://github.com/redis/redis/pull/7168
- Upstream 6.0.4 release.
* Mon May 18 2020 Nathan Scott <nathans@redhat.com> - 6.0.3-1
- Upstream 6.0.3 release.
* Wed May 6 2020 Remi Collet <rcollet@redhat.com> - 6.0.1-1
- Upstream 6.0.1 release.
* Fri May 01 2020 Nathan Scott <nathans@redhat.com> - 6.0.0-1
- Upstream 6.0.0 release.
* Fri Mar 13 2020 Nathan Scott <nathans@redhat.com> - 5.0.8-1
- Upstream 5.0.8 release.
* Wed Feb 12 2020 Nathan Scott <nathans@redhat.com> - 5.0.7-3
- Patch extern SDS_NOINIT definition for gcc 10 (RHBZ #1799969)
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Nov 19 2019 Carl George <carl@george.computer> - 5.0.7-1
- Latest upstream
* Thu Sep 26 2019 Nathan Scott <nathans@redhat.com> - 5.0.6-1
- Upstream 5.0.6 release and redis-doc updates.
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 15 2019 Nathan Scott <nathans@redhat.com> - 5.0.5-2
- Use the (modified) bundled jemalloc for defrag (RHBZ #1725852)
* Thu May 16 2019 Nathan Scott <nathans@redhat.com> - 5.0.5-1
- Upstream 5.0.5 release and redis-doc updates.
* Sat May 11 2019 Nathan Scott <nathans@redhat.com> - 5.0.4-2
- Obsolete redis-trib - functionality now in redis-cli(1)
- Remove old chkconfig support, all systemd platforms now
* Tue Mar 19 2019 Nathan Scott <nathans@redhat.com> - 5.0.4-1
- Upstream 5.0.4 release and redis-doc updates.
- Fix sentinel.conf logfile line addition.
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Dec 13 2018 Nathan Scott <nathans@redhat.com> - 5.0.3-1
- Upstream 5.0.3 release and redis-doc updates.
* Fri Nov 23 2018 Nathan Scott <nathans@redhat.com> - 5.0.2-1
- Upstream 5.0.2 release and redis-doc updates.
* Thu Nov 08 2018 Nathan Scott <nathans@redhat.com> - 5.0.1-1
- Upstream 5.0.1 release.
* Thu Oct 18 2018 Nathan Scott <nathans@redhat.com> - 5.0.0-1
- Update systemd service files for network-online requirement
- Upstream 5.0.0 release.
* Thu Aug 09 2018 Nathan Scott <nathans@redhat.com> - 4.0.11-1
- Drop the pandoc build dependency, install only markdown.
- Upstream 4.0.11 release.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 25 2018 Remi Collet <rcollet@redhat.com> - 4.0.10-2 * Mon Jun 25 2018 Remi Collet <rcollet@redhat.com> - 4.0.10-2
- drop build dependency on pandoc
- drop dependency on jemalloc #1591762
- fix License (BSD and MIT) - fix License (BSD and MIT)
- add bundled libraries licences - add bundled libraries licences
- cleanup conditions from spec file - add information about bundled lzf
* Thu Jun 14 2018 Nathan Scott <nathans@redhat.com> - 4.0.10-1 * Thu Jun 14 2018 Nathan Scott <nathans@redhat.com> - 4.0.10-1
- Upstream 4.0.10 release. - Upstream 4.0.10 release.
* Mon May 21 2018 Joe Orton <jorton@redhat.com> - 4.0.9-1.2
- rebuild (#1571197)
* Tue Mar 27 2018 Nathan Scott <nathans@redhat.com> - 4.0.9-1 * Tue Mar 27 2018 Nathan Scott <nathans@redhat.com> - 4.0.9-1
- Upstream 4.0.9 release. - Upstream 4.0.9 release.
@ -425,11 +613,11 @@ exit 0
* Wed Sep 14 2016 Remi Collet <remi@fedoraproject.org> - 3.2.3-2 * Wed Sep 14 2016 Remi Collet <remi@fedoraproject.org> - 3.2.3-2
- add missing man pages #1374577 - add missing man pages #1374577
using patch from https://github.com/antirez/redis/pull/3491 using patch from https://github.com/redis/redis/pull/3491
- data and configuration should not be publicly readable #1374700 - data and configuration should not be publicly readable #1374700
- remove /var/run/redis with systemd #1374728 - remove /var/run/redis with systemd #1374728
- provide redis-check-rdb as a symlink to redis-server #1374736 - provide redis-check-rdb as a symlink to redis-server #1374736
using patch from https://github.com/antirez/redis/pull/3494 using patch from https://github.com/redis/redis/pull/3494
- move redis-shutdown to libexec - move redis-shutdown to libexec
* Thu Aug 4 2016 Haïkel Guémar <hguemar@fedoraproject.org> - 3.2.3-1 * Thu Aug 4 2016 Haïkel Guémar <hguemar@fedoraproject.org> - 3.2.3-1