diff --git a/.gitignore b/.gitignore index 81fa91a..83218f7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/valkey-8.0.7.tar.gz +SOURCES/valkey-8.0.9.tar.gz diff --git a/.valkey.metadata b/.valkey.metadata index 57c5ff1..89a5dd9 100644 --- a/.valkey.metadata +++ b/.valkey.metadata @@ -1 +1 @@ -798fe3086a70d8fa5da59f0b491b9a6eb055f81b SOURCES/valkey-8.0.7.tar.gz +92bea7504153dfeb8768618c820473bdb387b94a SOURCES/valkey-8.0.9.tar.gz diff --git a/SOURCES/migrate_redis_to_valkey.sh b/SOURCES/migrate_redis_to_valkey.sh old mode 100644 new mode 100755 diff --git a/SOURCES/valkey-cve-2025-27151.patch b/SOURCES/valkey-cve-2025-27151.patch deleted file mode 100644 index 275db2e..0000000 --- a/SOURCES/valkey-cve-2025-27151.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001 -From: Madelyn Olson -Date: Thu, 29 May 2025 00:06:23 +0100 -Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146) - -Resolves https://github.com/valkey-io/valkey/issues/2145 - -Incorporate the CVE patch that was sent to us by Redis Ltd. - ---------- - -Signed-off-by: Madelyn Olson -Co-authored-by: Ping Xie ---- - src/valkey-check-aof.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c -index ed0eb2b49d..a6e4b97c6d 100644 ---- a/src/valkey-check-aof.c -+++ b/src/valkey-check-aof.c -@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) { - goto invalid_args; - } - -+ /* Check if filepath is longer than PATH_MAX */ -+ if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) { -+ printf("Error: filepath is too long (exceeds PATH_MAX)\n"); -+ goto invalid_args; -+ } -+ - /* In the glibc implementation dirname may modify their argument. */ - memcpy(temp_filepath, filepath, strlen(filepath) + 1); - dirpath = dirname(temp_filepath); diff --git a/SPECS/valkey.spec b/SPECS/valkey.spec index 72bae94..52b0c7b 100644 --- a/SPECS/valkey.spec +++ b/SPECS/valkey.spec @@ -2,7 +2,7 @@ %bcond_with tests Name: valkey -Version: 8.0.7 +Version: 8.0.9 Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause @@ -21,8 +21,6 @@ Source5: %{name}.tmpfiles Source8: macros.%{name} Source9: migrate_redis_to_valkey.sh -Patch1: valkey-cve-2025-27151.patch - BuildRequires: make BuildRequires: gcc %if %{with tests} @@ -106,7 +104,6 @@ BuildArch: noarch %prep %setup -qn %{name}-%{version} -%patch -P1 -p1 mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -268,7 +265,10 @@ taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading" %changelog -* Tue Feb 24 2026 Lukas Javorsky - 8.0.7-1 +* Tue May 19 2026 Petr Khartskhaev - 8.0.9-1 +- Rebase to 8.0.9 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631 + +* Mon Mar 02 2026 Lukas Javorsky - 8.0.7-1 - Rebase to 8.0.7 for CVE-2026-21863 CVE-2025-67733 * Fri Oct 17 2025 Remi Collet - 8.0.6-2