Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package valkey for openSUSE:Factory checked in at 2025-06-13 18:42:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/valkey (Old) and /work/SRC/openSUSE:Factory/.valkey.new.19631 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "valkey" Fri Jun 13 18:42:22 2025 rev:13 rq:1284959 version:8.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/valkey/valkey.changes 2025-04-25 22:18:30.293508033 +0200 +++ /work/SRC/openSUSE:Factory/.valkey.new.19631/valkey.changes 2025-06-13 18:42:25.715460982 +0200 @@ -1,0 +2,62 @@ +Thu Jun 12 01:21:10 UTC 2025 - Antonio Teixeira <antonio.teixe...@suse.com> + +- Update to 8.1.2: + - Security fixes + * CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146) + - Bug fixes + * Properly escape double quotes and backslash in MONITOR command (#2036) + * Fix high CPU usage when fetching a random element in skewed sparse hash + table (#2085) + * Fix a bug that allowed clients to process commands when the server has + paused command processing (#2109) + * Fix a crash where the wrong slot is used when processing sharded pubsub + unsubscribe events (#2137) + * Fix a crash when a module attempts to write auxiliary data with AOF + enabled (#2132) + * Fix a bug where the engine may crash when establishing new outbound TLS + connections (#2140) + * Fix a bug where a cluster bus packet may be incorrectly marked as + invalid (#2144) + * Fix a bug where CLUSTER SLOTS/NODES information can be stale after + updating node port/tls-port (#2186) + * Fix a bug where replica in cluster mode can't finish failover when + config epoch is outdated (#2178) + * Fix a bug to avoid CLIENT UNBLOCK command to unblock paused clients + (#2117) +- Drop valkey-ssl_new-null-return.patch, CVE-2025-27151.patch + * Included in upstream release + +------------------------------------------------------------------- +Wed Jun 11 22:08:53 UTC 2025 - Antonio Teixeira <antonio.teixe...@suse.com> + +- Provide redis 7.2.9 instead of valkey version due to lack of + features provided by redis 7.4 (boo#1243605) + +------------------------------------------------------------------- +Tue Jun 3 17:55:25 UTC 2025 - Antonio Teixeira <antonio.teixe...@suse.com> + +- Fix crash on SSL_new() returning NULL in outgoing connections (bsc#1243061) + * valkey-ssl_new-null-return.patch + +------------------------------------------------------------------- +Mon Jun 2 12:12:59 UTC 2025 - Antonio Teixeira <antonio.teixe...@suse.com> + +- Fix CVE-2025-27151, absence of filename size check may cause a stack + overflow (bsc#1243804) + * CVE-2025-27151.patch +- Fix CVE-2025-49112, setDeferredReply integer underflow (bsc#1243913) + * CVE-2025-49112.patch + +------------------------------------------------------------------- +Mon May 5 14:41:28 UTC 2025 - Andreas Stieger <andreas.stie...@gmx.de> + +- Update to 8.1.1: + * 8.1.x branch with enhanced performance, reliability, + observability and usability over Valkey 8.0 + * compatible with all previous Valkey releases as well as Redis + OSS 7.2.4 + * Updated configuration options and functionality as listed in + https://github.com/valkey-io/valkey/releases/tag/8.1.1 + https://github.com/valkey-io/valkey/releases/tag/8.1.0 + +------------------------------------------------------------------- Old: ---- valkey-8.0.3.tar.gz New: ---- CVE-2025-49112.patch valkey-8.1.2.tar.gz BETA DEBUG BEGIN: New:- Fix CVE-2025-49112, setDeferredReply integer underflow (bsc#1243913) * CVE-2025-49112.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ valkey.spec ++++++ --- /var/tmp/diff_new_pack.6lJ8e9/_old 2025-06-13 18:42:26.315485571 +0200 +++ /var/tmp/diff_new_pack.6lJ8e9/_new 2025-06-13 18:42:26.315485571 +0200 @@ -26,7 +26,7 @@ %global make_flags CFLAGS="%{build_cflags}" DEBUG="" V="echo" PREFIX=%{buildroot}%{_prefix} BUILD_WITH_SYSTEMD=yes BUILD_TLS=yes Name: valkey -Version: 8.0.3 +Version: 8.1.2 Release: 0 Summary: Persistent key-value database License: BSD-3-Clause @@ -43,6 +43,9 @@ Source9: %{name}-user.conf Source10: macros.%{name} Source11: migrate_redis_to_valkey.bash +# PATCH-FIX-UPSTREAM antonio.teixe...@suse.com bsc#1243913 CVE-2025-49112 +# setDeferredReply integer underflow for prev->size - prev->used +Patch1: CVE-2025-49112.patch # PATCH-FIX-OPENSUSE -- Adjust configs for openSUSE Patch1001: %{name}-conf.patch BuildRequires: jemalloc-devel @@ -82,7 +85,8 @@ Requires: valkey = %{version}-%{release} Conflicts: redis Obsoletes: redis <= 7.2.5 -Provides: redis = %{version}-%{release} +# Provide redis 7.2.x but no higher due to lack of features provided by redis 7.4 (boo#1243605) +Provides: redis = 7.2.9 Requires(post): /usr/bin/find BuildArch: noarch ++++++ CVE-2025-49112.patch ++++++ >From 0b8147ca27d2d06efadf37f0f064f19607e7e1f8 Mon Sep 17 00:00:00 2001 From: Zeroday BYTE <git...@zerodaysec.org> Date: Tue, 20 May 2025 00:59:10 +0700 Subject: [PATCH] Update networking.c Signed-off-by: Zeroday BYTE <git...@zerodaysec.org> --- src/networking.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/networking.c b/src/networking.c index 5f57050971..78b62d0c59 100644 --- a/src/networking.c +++ b/src/networking.c @@ -883,7 +883,7 @@ void setDeferredReply(client *c, void *node, const char *s, size_t length) { * - It has enough room already allocated * - And not too large (avoid large memmove) * - And the client is not in a pending I/O state */ - if (ln->prev != NULL && (prev = listNodeValue(ln->prev)) && prev->size - prev->used > 0 && + if (ln->prev != NULL && (prev = listNodeValue(ln->prev)) && prev->used < prev->size && c->io_write_state != CLIENT_PENDING_IO) { size_t len_to_copy = prev->size - prev->used; if (len_to_copy > length) len_to_copy = length; ++++++ valkey-8.0.3.tar.gz -> valkey-8.1.2.tar.gz ++++++ ++++ 73997 lines of diff (skipped) ++++++ valkey-conf.patch ++++++ --- /var/tmp/diff_new_pack.6lJ8e9/_old 2025-06-13 18:42:26.939511143 +0200 +++ /var/tmp/diff_new_pack.6lJ8e9/_new 2025-06-13 18:42:26.943511307 +0200 @@ -1,7 +1,7 @@ -Index: b/sentinel.conf +Index: valkey-8.1.1/sentinel.conf =================================================================== ---- a/sentinel.conf -+++ b/sentinel.conf +--- valkey-8.1.1.orig/sentinel.conf ++++ valkey-8.1.1/sentinel.conf @@ -13,11 +13,12 @@ port 26379 # Note that Valkey will write a pid file in /var/run/valkey-sentinel.pid when # daemonized. @@ -25,11 +25,11 @@ # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. -Index: b/valkey.conf +Index: valkey-8.1.1/valkey.conf =================================================================== ---- a/valkey.conf -+++ b/valkey.conf -@@ -323,7 +323,7 @@ daemonize no +--- valkey-8.1.1.orig/valkey.conf ++++ valkey-8.1.1/valkey.conf +@@ -371,7 +371,7 @@ daemonize no # The default is "no". To run under upstart/systemd, you can simply uncomment # the line below: # @@ -38,7 +38,7 @@ # If a pid file is specified, the server writes it where specified at startup # and removes it at exit. -@@ -337,7 +337,7 @@ daemonize no +@@ -385,7 +385,7 @@ daemonize no # # Note that on modern Linux systems "/run/valkey.pid" is more conforming # and should be used instead. @@ -47,7 +47,7 @@ # Specify the server verbosity level. # This can be one of: -@@ -351,7 +351,8 @@ loglevel notice +@@ -416,7 +416,8 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # the server to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null @@ -57,10 +57,10 @@ # To enable logging to the system logger, just set 'syslog-enabled' to yes, # and optionally update the other syslog parameters to suit your needs. -@@ -526,7 +527,7 @@ rdb-del-sync-files no - # 'cluster-config-file' configuration directive is a relative path. - # - # Note that you must specify a directory here, not a file name. +@@ -606,7 +607,7 @@ rdb-del-sync-files no + # Note that modifying 'dir' during runtime may have unexpected behavior, + # for example when a child process is running, related file operations may + # have unexpected effects. -dir ./ +dir /var/lib/valkey/default/
