rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819

Resolves: RHEL-119593
fix ImageMode: ensure ownership of /etc/valkey
2025-10-17 07:42:58 +02:00 · 2025-09-08 12:41:40 +02:00 · 2025-08-01 07:38:19 +02:00 · 2025-07-28 10:45:16 +02:00
5 changed files with 66 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,5 @@
 /valkey-7.2.6.tar.gz
 /valkey-8.0.2.tar.gz
 /valkey-8.0.3.tar.gz
+/valkey-8.0.4.tar.gz
+/valkey-8.0.6.tar.gz
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (valkey-8.0.3.tar.gz) = 3639855d2eced9dd1b38e95e46c515441c850b4fb087c45b2c81a15c5e864555281715fa90b47dc60260485c9469f523f1fac716b3e2114cf7e05c39833e6c96
+SHA512 (valkey-8.0.6.tar.gz) = 0f704ad06abab2817657abe60be6fb7c45df91cdaaa53d921e26c6f4e91a3712152a31550b876d8deba3493a6ca4b87194efd3a86cacd53906f01e845e7cb137
--- a/valkey-cve-2025-27151.patch
+++ b/valkey-cve-2025-27151.patch
@ -0,0 +1,34 @@
+From 73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Mon Sep 17 00:00:00 2001
+From: Madelyn Olson <madelyneolson@gmail.com>
+Date: Thu, 29 May 2025 00:06:23 +0100
+Subject: [PATCH] Incorporate Redis CVE for CVE-2025-27151 (#2146)
+
+Resolves https://github.com/valkey-io/valkey/issues/2145
+
+Incorporate the CVE patch that was sent to us by Redis Ltd.
+
+---------
+
+Signed-off-by: Madelyn Olson <madelyneolson@gmail.com>
+Co-authored-by: Ping Xie <pingxie@outlook.com>
+---
+ src/valkey-check-aof.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/valkey-check-aof.c b/src/valkey-check-aof.c
+index ed0eb2b49d..a6e4b97c6d 100644
+--- a/src/valkey-check-aof.c
+++ b/src/valkey-check-aof.c
+@@ -556,6 +556,12 @@ int redis_check_aof_main(int argc, char **argv) {
+         goto invalid_args;
+     }
+ 
+    /* Check if filepath is longer than PATH_MAX */
+    if (strnlen(filepath, PATH_MAX + 1) > PATH_MAX) {
+        printf("Error: filepath is too long (exceeds PATH_MAX)\n");
+        goto invalid_args;
+    }
+
+     /* In the glibc implementation dirname may modify their argument. */
+     memcpy(temp_filepath, filepath, strlen(filepath) + 1);
+     dirpath = dirname(temp_filepath);
--- a/valkey.spec
+++ b/valkey.spec
@ -2,8 +2,8 @@
 %bcond_with tests

 Name:              valkey
-Version:           8.0.3
-Release:           1%{?dist}
+Version:           8.0.6
+Release:           2%{?dist}
 Summary:           A persistent key-value database
 # valkey: BSD-3-Clause
 # hiredis: BSD-3-Clause
@ -17,9 +17,12 @@ Source1:           %{name}.logrotate
 Source2:           %{name}-sentinel.service
 Source3:           %{name}.service
 Source4:           %{name}.sysusers
+Source5:           %{name}.tmpfiles
 Source8:           macros.%{name}
 Source9:           migrate_redis_to_valkey.sh

+Patch1:            valkey-cve-2025-27151.patch
+
 BuildRequires:     make
 BuildRequires:     gcc
 %if %{with tests}
@ -102,7 +105,8 @@ BuildArch:         noarch


 %prep
-%autosetup -n %{name}-%{version} -p1
+%setup -qn %{name}-%{version}
+%patch -P1 -p1

 mv deps/lua/COPYRIGHT             COPYRIGHT-lua
 mv deps/jemalloc/COPYING          COPYING-jemalloc
@ -146,9 +150,11 @@ echo '# valkey-sentinel_rpm_conf' >> sentinel.conf

 %global make_flags DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes

+
 %build
 %make_build %{make_flags}

+
 %install
 %make_install %{make_flags}

@ -158,6 +164,9 @@ rm -rf %{buildroot}%{_datadir}/%{name}
 # System user
 install -p -D -m 0644 %{S:4} %{buildroot}%{_sysusersdir}/%{name}.conf

+# Install tmpfiles.d file
+install -p -D -m 0644 %{S:5} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+
 # Filesystem.
 install -d %{buildroot}%{_sharedstatedir}/%{name}
 install -d %{buildroot}%{_localstatedir}/log/%{name}
@ -243,6 +252,7 @@ taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading"
 %{_unitdir}/%{name}-sentinel.service
 %dir %attr(0755, valkey, valkey) %ghost %{_localstatedir}/run/%{name}
 %{_sysusersdir}/%{name}.conf
+%{_tmpfilesdir}/%{name}.conf


 %files devel
@ -258,6 +268,18 @@ taskset -c 1 ./runtest --clients 50 --skiptest "Active defrag - AOF loading"


 %changelog
+* Fri Oct 17 2025 Remi Collet <remi@fedoraproject.org> - 8.0.6-2
+- rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819
+
+* Mon Sep  8 2025 Remi Collet <remi@fedoraproject.org> - 8.0.4-3
+- fix ImageMode: ensure ownership of /etc/valkey
+
+* Fri Aug  1 2025 Remi Collet <remi@fedoraproject.org> - 8.0.4-2
+- fix ImageMode: add tmpfiles.d entries for directories below /var
+
+* Wed Jul 16 2025 Remi Collet <remi@fedoraproject.org> - 8.0.4-1
+- rebase to 8.0.4 for CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023
+
 * Thu Apr 24 2025 Remi Collet <rcollet@redhat.com> - 8.0.3.1
 - rebase to 8.0.3

--- a/valkey.tmpfiles
+++ b/valkey.tmpfiles
@ -0,0 +1,4 @@
+Z /etc/valkey     ~0750 valkey root   -
+D /run/valkey      0755 valkey valkey -
+d /var/lib/valkey  0750 valkey valkey -
+d /var/log/valkey  0750 valkey valkey -
Author	SHA1	Message	Date
Remi Collet	1fbed72e18	rebase to 8.0.6 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 Resolves: RHEL-119593	2025-10-17 07:42:58 +02:00
Remi Collet	129602a06f	fix ImageMode: ensure ownership of /etc/valkey Resolves: RHEL-105906	2025-09-08 12:41:40 +02:00
Remi Collet	ad5d007c01	fix ImageMode: add tmpfiles.d entries for directories below /var Resolves: RHEL-105906	2025-08-01 07:38:19 +02:00
Remi Collet	2be3eb050d	rebase to 8.0.4 for CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 Resolves: RHEL-103648 (cherry picked from commit c20e45b256b4ba78ed77c5bf324af0fc457e21e0)	2025-07-28 10:45:16 +02:00