| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: redis | Distribution: openSUSE Tumbleweed |
| Version: 8.0.3 | Vendor: openSUSE |
| Release: 1.1 | Build date: Sun Jul 6 16:46:25 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 5631266 | Source RPM: redis-8.0.3-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/redis/redis | |
| Summary: Persistent key-value database | |
redis is an advanced key-value store. It is similar to memcached but the dataset is not volatile, and values can be strings, exactly like in memcached, but also lists, sets, and ordered sets. All this data types can be manipulated with atomic operations to push/pop elements, add/remove elements, perform server side union, intersection, difference between sets, and so forth. Redis supports different kind of sorting abilities.
AGPL-3.0-only
* Sun Jul 06 2025 Илья Индиго <ilya@ilya.top>
- Updated to 8.0.3
* https://github.com/redis/redis/releases/tag/8.0.3
* Fixed out-of-bounds write in HyperLogLog commands (CVE-2025-32023).
* Fixed retry accepting other connections even if the accepted
connection reports an error (CVE-2025-48367).
* Fixed a short read may lead to an exit() on a replica.
* Fixed db->expires is not defragmented.
* Added new WITHATTRIBS to return the JSON attribute associated
with an element.
* Fri Jun 06 2025 Илья Индиго <ilya@ilya.top>
- Added conflict with valkey-compat-redis.
- Changed license to AGPL-3.0-only.
* Tue May 27 2025 Marcus Rueckert <mrueckert@suse.de>
- redis 8.0.2:
Update urgency: SECURITY: There are security fixes in the release.
- Security fixes
- (CVE-2025-27151) redis-check-aof may lead to stack overflow
and potential RCE
- Bug fixes
- #14081 Cron-based timers run twice as fast when active defrag
is enabled
- Other general improvements -#14048 LOLWUT for Redis 8
* Tue May 13 2025 Marcus Rueckert <mrueckert@suse.de>
- redis 8.0.1:
Update urgency: MODERATE: Program an upgrade of the server, but it's not urgent.
- Performance and resource utilization improvements
- #13959 Vector sets - faster VSIM FILTER parsing
- Bug fixes
- #QE6083 Query Engine - revert default policy
search-on-timeout to RETURN
- #QE6050 Query Engine - @__key on FT.AGGREGATE used as
reserved field name preventing access to Redis keyspace
- #QE6077 Query Engine - crash when calling FT.CURSOR DEL while
retrieving from the CURSOR
- Notes
- Fixed wrong text in the license files
* Fri May 02 2025 Marcus Rueckert <mrueckert@suse.de>
- redis 8.0.0:
This is the General Availability release of Redis Open Source
8.0.
Redis 8.0 deprecates previous Redis and Redis Stack versions.
Stand alone RediSearch, RedisJSON, RedisTimeSeries, and
RedisBloom are no longer needed as they are now part of Redis.
- Major changes compared to 7.4.2
- Name change: Redis Community Edition is now Redis Open Source
- License change: licensed under your choice of
- (a) the Redis Source Available License 2.0 (RSALv2); or
- (b) the Server Side Public License v1 (SSPLv1); or
- (c) the GNU Affero General Public License (AGPLv3)
- Redis Query engine and 8 new data structures are now an
integral part of Redis 8
- (1) Redis Query Engine, which now supports both horizontal
and vertical scaling for search, query and vector workloads
- (2) JSON - a queryable JSON document
- (3) Time series
- (4-8) Five probabilistic data structures: Bloom filter,
Cuckoo filter, Count-min sketch, Top-k, and t-digest
- (9) Vector set [beta] - a data structure designed for Vector
Similarity Search, inspired by Sorted set
- These nine components are included in all binary
distributions
- See instructions in the README.md file on how to build from
source with all these components
- New configuration file: redis-full.conf - loads Redis with
all these components, and contains new configuration
parameters for Redis Query engine and the new data structures
- New ACL categories: @search, @json, @timeseries, @bloom,
@cuckoo, @cms, @topk, @tdigest
- Commands are also included in the existing ACL categories
(@read, @write, etc.)
- More than 30 performance and resource utilization improvements
- A new I/O threading implementation which enables throughput
increase on multi-core environments (set with io-threads
configuration parameter)
- An improved replication mechanism which is more performant and
robust
- New hash commands - HGETDEL, HGETEX, HSETEX
- For more details, see the release notes of 8.0-M01, 8.0-M02,
8.0-M03, 8.0-M04, and 8.0-RC1
- Bug fixes (compared to 8.0-RC1)
- #13966, #13932 CLUSTER SLOTS - TLS port update not reflected
- #13958 XTRIM, XADD - incorrect lag due to trimming stream
- #13931 HGETEX - wrong order of keyspace notifications
- fast_float intree copy need gcc-c++
* Wed Apr 23 2025 Marcus Rueckert <mrueckert@suse.de>
- redis 7.4.3:
- Security fixes
- (CVE-2025-21605) An unauthenticated client can cause an
unlimited growth of output buffers
- Bug fixes
- #13661 FUNCTION FLUSH - memory leak when using jemalloc
- #13793 WAITAOF returns prematurely
- #13853 SLAVEOF - crash when clients are blocked on lazy free
- #13863 RANDOMKEY - infinite loop during client pause
- #13877 ShardID inconsistency when both primary and replica
support it
* Sun Mar 23 2025 Marcus Rueckert <mrueckert@suse.de>
- add build conditional to skip the testsuite if you want test
other aspects of the build
* Sun Mar 23 2025 Marcus Rueckert <mrueckert@suse.de>
- update redis-conf.patch
instead of copying the whole default example config we can also
have it as include file and start out with a very minimal
configuration for each instance.
* Thu Jan 09 2025 Antonio Teixeira <antonio.teixeira@suse.com>
- redis 7.4.2:
- Security fixes
- (CVE-2024-46981, boo#1235387) Lua script commands may lead to
remote code execution
- (CVE-2024-51741, boo#1235386) Denial-of-service due to malformed
ACL selectors
- Bug fixes
- #13627 Crash on module memory defragmentation
- #13338 Streams: XINFO lag field is wrong when tombstone is after
the last_id of the consume group
- #13473 Streams: XTRIM does not update the maximal tombstone,
leading to an incorrect lag
- #13470 INFO after HDEL show wrong number of hash keys with
expiration
- #13476 Fix a race condition in the cache_memory of functionsLibCtx
- #13626 Memory leak on failed RDB loading
- #13539 Hash: fix key ref for a hash that no longer has fields with
expiration on RENAME/MOVE/SWAPDB/RESTORE
- #13443 Cluster: crash when loading cluster config
- #13422 Cluster: CLUSTER SHARDS returns empty array
- #13465 Cluster: incompatibility with older node versions
- #13608 Cluster: SORT ... GET #: incorrect error message
* Wed Oct 02 2024 Marcus Rueckert <mrueckert@suse.de>
- redis 7.4.1: (boo#1231264 boo#1231265 boo#1231266)
- (CVE-2024-31449) Lua library commands may lead to stack
overflow and potential RCE.
- (CVE-2024-31227) Potential Denial-of-service due to malformed
ACL selectors.
- (CVE-2024-31228) Potential Denial-of-service due to unbounded
pattern matching.
* Mon Jul 29 2024 Marcus Rueckert <mrueckert@suse.de>
- Refreshed patch
redis-conf.patch
reproducible.patch
ppc-atomic.patch
- Also track series file
* Mon Jul 29 2024 Marcus Rueckert <mrueckert@suse.de>
- redis 7.4.0:
- New Features
- #13391,#13438 Hash - expiration of individual fields: RDB
file format changes
- #13372 Hash - expiration of individual fields: rename and fix
counting of expired_subkeys metric
- #13372 Hash - expiration of individual fields: rename INFO
keyspace field to subexpiry
- #13343 Hash - expiration of individual fields: when key does
not exist - reply with an array (nonexisting code for each
field)
- #13329 Hash - expiration of individual fields: new keyspace
event: hexpired
- #13303 Hash - expiration of individual fields. 9 commands
were introduced:
- HEXPIRE and HPEXPIRE set the remaining time to live for
specific fields
- HEXPIREAT and HPEXPIREAT set the expiration time to a UNIX
timestamp for specific fields
- HPERSIST removes the expiration for specific fields
- HEXPIRETIME and HPEXPIRETIME get the expiration time for
specific fields
- HTTL and HPTTL get the remaining time to live for specific
fields
- #13117 XREAD: new id value + to start reading from the last
message
- #12765 HSCAN: new NOVALUES flag to report only field names
- #12728 SORT, SORT_RO: allow BY and GET options in cluster
mode when the pattern maps to the same slot as the key
- #12299 CLIENT KILL: new optional filter: MAXAGE maxage - kill
connections older than maxage seconds
- #12971 Lua: expose os.clock() API for getting the elapsed
time of Lua code execution
- #13276 Allow SPUBLISH command within MULTI ... EXEC
transactions on replica
- Bug fixes
- #13407 Trigger Lua GC after SCRIPT LOAD
- #13380 Fix possible crash due to OOM panic on invalid command
- #13383 FUNCTION FLUSH - improve Lua GC behavior and fix
thread race in ASYNC mode
- #13408 HEXPIRE-like commands should emit HDEL keyspace
notification if expire time is in the past
- #12898 XREADGROUP: fix entries-read inconsistency between
master and replicas
- #13042 SORT ... STORE: fix created lists to respect list
compression and packing configs
- #12817, #12905 Fix race condition issues between the main
thread and module threads
- #12577 Unsubscribe all clients from replica for shard channel
if the master ownership changes
- #12622 WAITAOF could timeout or hang if used after a module
command that propagated effects only to replicas and not to
AOF
- #11734 BITCOUNT and BITPOS with nonexistent key and illegal
arguments return an error, not 0
- #12394 BITCOUNT: check for wrong argument before checking if
key exists
- #12961 Allow execution of read-only transactions when out of
memory
- #13274 Fix crash when a client performs ACL change that
disconnects itself
- #13311 Cluster: Fix crash due to unblocking client during
slot migration
- Security improvements
- #13108 Lua: LRU eviction for scripts generated with EVAL ***
BEHAVIOR CHANGE ***
- #12961 Restrict the total request size of MULTI ... EXEC
transactions
- #12860 Redact ACL username information and mark
* -key-file-pass configs as sensitive
- Performance and resource utilization improvements
- #13296 Optimize CPU cache efficiency
- #12838 Improve performance when many clients call
PUNSUBSCRIBE / SUNSUBSCRIBE simultaneously
- #12627 Reduce lag when waking WAITAOF clients and there is
not much traffic
- #12754 Optimize KEYS when pattern includes hashtag and
implies a single slot
- #11695 Reduce memory and improve performance by replacing
cluster metadata with slot specific dictionaries
- #13087 SCRIPT FLUSH ASYNC now does not block the main thread
- #12996 Active memory defragmentation efficiency improvements
- #12899 Improve performance of read/update operation during
rehashing
- #12536 SCAN ... MATCH: Improve performance when the pattern
implies cluster slot
- #12450 ZRANGE ... LIMIT: improved performance
- Other general improvements
- #13133 Lua: allocate VM code with jemalloc instead of libc
and count it as used memory *** BEHAVIOR CHANGE ***
- #12171 ACL LOAD: do not disconnect all clients *** BEHAVIOR
CHANGE ***
- #13020 Allow adjusting defrag configurations while active
defragmentation is running
- #12949 Increase the accuracy of avg_ttl (the average keyspace
keys TTL)
- #12977 Allow running WAITAOF in scripts
- #12782 Implement TCP Keep-Alives across most Unix-like
systems
- #12707 Improved error codes when rejecting scripts in cluster
mode
- #12596 Support XREAD ... BLOCK in scripts; rejected only if
it ends up blocking
- New metrics
- #12849 INFO: pubsub_clients - number of clients in Pub/Sub
mode
- #12966 INFO: watching_clients - number of clients that are
watching keys
- #12966 INFO: total_watched_keys - number of watched keys
- #12476 INFO: client_query_buffer_limit_disconnections - count
client input buffer OOM events
- #12476 INFO: client_output_buffer_limit_disconnections -
count client output buffer OOM events
- #12996 INFO: allocator_muzzy - memory returned to the OS but
still shows as RSS until the OS reclaims it
- #13108 INFO: evicted_scripts - number of evicted eval
scripts. Users can check it to see if they are abusing EVAL
- #12996 MEMORY STATS: allocator.muzzy - memory returned to the
OS but still shows as RSS until the OS reclaims it
- #12913 INFO MEMORY mem_overhead_db_hashtable_rehashing -
memory resharding overhead (only the memory that will be
released soon)
- #12913 MEMORY STATS: overhead.db.hashtable.lut - total
overhead of dictionary buckets in databases
- #12913 MEMORY STATS: overhead.db.hashtable.rehashing -
temporary memory overhead of database dictionaries currently
being rehashed
- #12913 MEMORY STATS: db.dict.rehashing.count - number of top
level dictionaries currently being rehashed
- #12966 CLIENT LIST: watch - number of keys each client is
currently watching
- Modules API
- #13326 Hash - expiration of individual fields: avoid lazy
expire when called from a Modules API function
- #12985 New API calls: RM_TryCalloc and RM_TryRealloc - allow
modules to handle memory allocation failures gracefully
- #13069 New API call: RM_ClusterKeySlot - which slot a key
will hash to
- #13069 New API call: RM_ClusterCanonicalKeyNameInSlot - get a
consistent key that will map to a slot
- #12486 New API call: RM_AddACLCategory - allow modules to
declare new ACL categories
- Configuration parameters
- #13400 Add hide-user-data-from-log - allows hiding user data
from the log file
- #12178 New configuration parameters:
max-new-connections-per-cycle and
max-new-tls-connections-per-cycle to limit the number of new
client connections per event-loop cycle
- #7351 Rename some CPU configuration parameters for style
alignment. Added alias to the old names to avoid breaking
change
- CLI tools
- #10609 redis-cli: new -t <timeout> argument: specify server
connection timeout in seconds
- #11315 redis-cli: new -4 and -6 flags to prefer IPV4 or IPV6
on DNS lookup
- #12862 redis-cli: allows pressing up arrow to return any
command (including sensitive commands which are still not
persisted)
- #12543 redis-cli: add reverse history search (like Ctrl+R in
terminals)
- #12826 redis-cli: add --keystats and --keystats-samples to
combines --memkeys and --bigkeys with additional distribution
data
- #12735 redis-cli: fix: --bigkeys and --memkeys now work on
cluster replicas
- #9411 redis-benchmark: add support for binary strings
- #12986 redis-benchmark: fix: pick random slot for a node to
distribute operation across slots
* Sun May 19 2024 Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.2.5:
* A single shard cluster leaves failed replicas in CLUSTER SLOTS
instead of removing them
* Crash in LSET command when replacing small items and exceeding
4GB
* Blocking commands timeout is reset due to re-processing command
* Conversion of numbers in Lua args to redis args can fail
* redis-cli: --count (for --scan, --bigkeys, etc) was ignored
unless --pattern was also used
* redis-check-aof: incorrectly considering data in manifest
format as MP-AOF
* Sat Apr 27 2024 Илья Индиго <13ilya@gmail.com>
- Fixed privileges of /run/redis directory (rpm -qlv redis | grep /run).
* Fri Mar 01 2024 Danilo Spinella <danilo.spinella@suse.com>
- The following issue has been fixed in TW but has not been
mentioned before:
* bsc#1208235
* bsc#1207448
- The following patch was removed from SLE:
* bsc1198952.patch
* redis-CVE-2022-24834.patch
* redis-CVE-2022-36021.patch
* redis-CVE-2023-25155.patch
* redis-CVE-2023-45145.patch
* redis-CVE-2023-45145.patch
* Tue Jan 09 2024 Marcus Rueckert <mrueckert@suse.de>
- redis 7.2.4: (boo#1218646)
- Security fixes
- (CVE-2023-41056) In some cases, Redis may incorrectly handle
resizing of memory buffers which can result in incorrect
accounting of buffer sizes and lead to heap overflow and
potential remote code execution.
- Bug fixes
- Fix crashes of cluster commands clusters with mixed versions
of 7.0 and 7.2 (#12805, #12832)
- Fix slot ownership not being properly handled when deleting a
slot from a node (#12564)
- Fix atomicity issues with the RedisModuleEvent_Key module API
event (#12733)
* Fri Nov 03 2023 Marcus Rueckert <mrueckert@suse.de>
- redis 7.2.3:
- Fix file descriptor leak preventing deleted files from freeing
disk space on replicas (#12693)
- Fix a possible crash after cluster node removal (#12702)
* Fri Oct 20 2023 Danilo Spinella <oss@danyspin97.org>
- redis 7.2.2:
* (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to bypass desired Unix
socket permissions on startup, bsc#1216376
* WAITAOF could timeout in the absence of write traffic in case a new AOF is
created and an AOF rewrite can't immediately start
* Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2
nodes
* Fix the return type of the slot number in cluster shards to integer, which
makes it consistent with past behavior
* Fix CLUSTER commands are called from modules or scripts to return TLS info
appropriately
redis-cli, fix crash on reconnect when in SUBSCRIBE mode
* Fix overflow calculation for next timer event
* Thu Sep 07 2023 Danilo Spinella <danilo.spinella@suse.com>
- redis 7.2.1:
* (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and,
as a result, may grant users executing this command access to keys that are not
explicitly authorized by the ACL configuration. (bsc#1215094)
* Fix crashes when joining a node to an existing 7.0 Redis Cluster
* Correct request_policy and response_policy command tips on for some admin /
configuration commands
- Refresh redis.hashes
* Tue Aug 15 2023 Marcus Rueckert <mrueckert@suse.de>
- redis 7.2.0
- Bug Fixes
- redis-cli in cluster mode handles unknown-endpoint (#12273)
- Update request / response policy hints for a few commands
(#12417)
- Ensure that the function load timeout is disabled during
loading from RDB/AOF and on replicas. (#12451)
- Fix false success and a memory leak for ACL selector with bad
parenthesis combination (#12452)
- Fix the assertion when script timeout occurs after it
signaled a blocked client (#12459)
- Fixes for issues in previous releases of Redis 7.2
- Update MONITOR client's memory correctly for INFO and
client-eviction (#12420)
- The response of cluster nodes was unnecessarily adding an
extra comma when no hostname was present. (#12411)
- refreshed redis-conf.patch:
- switch to autosetup now that we switched the last patch to patch
level 1
* Wed Jul 12 2023 Danilo Spinella <danilo.spinella@suse.com>
- redis 7.0.12:
* (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
a heap overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. The problem exists in all
versions of Redis with Lua scripting support, starting from 2.6, and affects
only authenticated and authorized users. (bsc#1213193)
* (CVE-2023-36824) Extracting key names from a command and a list of arguments
may, in some cases, trigger a heap overflow and result in reading random heap
memory, heap corruption and potentially remote code execution. Specifically:
using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
* Re-enable downscale rehashing while there is a fork child
* Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
* Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
SPOP, and eviction
* Fix WAIT to be effective after a blocked module command being unblocked
* Avoid unnecessary full sync after master restart in a rare case
* Fri May 19 2023 Jiri Srain <jsrain@suse.com>
- refresh redis-hashes from upstream source
* Mon Apr 17 2023 Marcus Rueckert <mrueckert@suse.de>
- redis 7.0.11
- (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT
command to create an invalid hash field that will crash Redis
on access (boo#1210548)
- Add a missing fsync of AOF file in rare cases
- Disconnect pub-sub subscribers when revoking allchannels
permission
- Fix a compiler fortification induced crash when used with link
time optimizations
- Drop get-old-size-calculations.patch:
replaced with proper fix
* Fri Mar 24 2023 Marcus Rueckert <mrueckert@suse.de>
- Added get-old-size-calculations.patch:
my workaround for https://github.com/redis/redis/issues/11965
* Mon Mar 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.0.10
* CVE-2023-28425: Specially crafted MSETNX command can lead to
assertion and denial-of-service (boo#1209528)
* Large blocks of replica client output buffer may lead to psync
loops and unnecessary memory usage
* Fix CLIENT REPLY OFF|SKIP to not silence push notifications
* Trim excessive memory usage in stream nodes when exceeding
`stream-node-max-bytes`
* Fix module RM_Call commands failing with OOM when maxmemory is
changed to zero
* Mon Mar 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.0.9
* CVE-2023-25155: Specially crafted SRANDMEMBER, ZRANDMEMBER, and
HRANDFIELD commands can trigger an integer overflow, resulting
in a runtime assertion and termination of the Redis server
process. Previously patched, drop
Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
* CVE-2022-36021: String matching commands (like SCAN or KEYS)
with a specially crafted pattern to trigger a denial-of-service
attack on Redis, causing it to hang and consume 100% CPU time.
Previously upatched, drop
String-pattern-matching-had-exponential-time-complex.patch
* Fix a crash when reaching the maximum invalidations limit of
client-side tracking
* Fix a crash when SPUBLISH is used after passing the
cluster-link-sendbuf-limit
* Fix possible memory corruption in FLUSHALL when a client
watches more than one key
* Fix cluster inbound link keepalive time
* Flush propagation list in active-expire of writable replicas to
fix an assertion
* Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as
MULTI-EXEC
* Avoid realloc to reduce size of strings when it is unneeded
* Improve CLUSTER SLOTS reply efficiency for non-continuous slots
* Wed Mar 01 2023 Valentin Lefebvre <valentin.lefebvre@suse.com>
- Fix CVE-2022-36021 (bsc#1208790 CVE-2022-36021)
* String-pattern-matching-had-exponential-time-complex.patch
- Fix CVE-2023-25155 (bsc#1208793 CVE-2023-25155)
* Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
* Mon Jan 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.0.8
* CVE-2022-35977: Integer overflow in the Redis SETRANGE and
SORT/SORT_RO commands can drive Redis to OOM panic boo#1207202
* CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and
ZRANDMEMBER commands can lead to denial-of-service boo#1207203
* Avoid possible hang when client issues long KEYS, SRANDMEMBER,
HRANDFIELD, and ZRANDMEMBER commands and gets disconnected by
client output buffer limit
* Make sure that fork child doesn't do incremental rehashing
* Fix a bug where blocking commands with a sub-second timeout
would block forever
* Fix sentinel issue if replica changes IP
* Fri Dec 16 2022 Michael Ströder <michael@stroeder.com>
- Update to version 7.0.7
* Fix regression from Redis 7.0.6 in distance replies
of Geo commands (#11631)
* Thu Dec 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Update to version 7.0.6:
* RM_ResetDataset module API should not clear the functions
* RM_Call module API used with the "C" flag to run scripts,
would now cause the commands in the script to check ACL with
the designated user
* Geo commands speedups
* Fix EVAL command performance regression from Redis 7.0
* Reduce EXPIRE commands performance regression from Redis 7.0
* Optimize commands returning double values, mainly affecting zset
commands
* Optimize Lua parsing of some command responses
* Optimize client memory usage tracking operation while client
eviction is disabled
* Multiple bug fixes for crashes, hangs, and incorrect behavior
- drop cve-2022-3647.patch now upstream
* Mon Oct 24 2022 Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-3647, crash in sigsegvHandler debug function
(CVE-2022-3647, bsc#1204633)
* cve-2022-3647.patch
* Wed Sep 21 2022 Michael Ströder <michael@stroeder.com>
- Update to version 7.0.5 (boo#1203638)
+ Security Fixes:
* (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
state, with a specially crafted COUNT argument, may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code execution.
The problem affects Redis versions 7.0.0 or newer
[reported by Xion (SeungHyun Lee) of KAIST GoN].
+ Module API changes
* Fix RM_Call execution of scripts when used with M/W/S flags to properly
handle script flags (#11159)
* Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
+ Bug Fixes
* Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
* Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
* Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' (#10696)
* Fix a crash when a Lua script returns a meta-table (#11032)
+ Fixes for issues in previous releases of Redis 7.0
* Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
* Fix crash when a key is lazy expired during cluster key migration (#11176)
* Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
* Fix some crashes involving a list containing entries larger than 1GB (#11242)
* Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
* Fix memory leak when unloading a module (#11147)
* Fix bug with scripts ignoring client tracking NOLOOP (#11052)
* Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
* Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
* Fix missing sections for INFO ALL when also requesting a module info section (#11291)
* Thu Sep 01 2022 Stefan Schubert <schubi@intern>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Mon Jul 18 2022 Michael Ströder <michael@stroeder.com>
- Security update to version 7.0.4
(CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
key in a specific state may result with heap overflow, and potentially
remote code execution. The problem affects Redis versions 7.0.0 or newer.
* Mon Jul 11 2022 Michael Ströder <michael@stroeder.com>
- Update to version 7.0.3
* Performance and resource utilization improvements
- Optimize zset conversion on large ZRANGESTORE (#10789)
- Optimize the performance of sending PING on large clusters (#10624)
- Allow for faster restart of Redis in cluster mode (#10912)
* INFO fields and introspection changes
- Add missing sharded pubsub keychannel count to CLIENT LIST (#10895)
- Add missing pubsubshard_channels field in INFO STATS (#10929)
* Module API changes
- Add RM_StringToULongLong and RM_CreateStringFromULongLong (#10889)
- Add RM_SetClientNameById and RM_GetClientNameById (#10839)
* Changes in CLI tools
- Add missing cluster-port support to redis-cli --cluster (#10344)
* Other General Improvements
- Account sharded pubsub channels memory consumption (#10925)
- Allow ECHO in loading and stale modes (#10853)
- Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
- commands when the node only has some of the keys (#9526)
* Bug Fixes
- TLS: Notify clients on connection shutdown (#10931)
- Fsync directory while persisting AOF manifest, RDB file, and config file (#10737)
- Script that made modification will not break with unexpected NOREPLICAS error (#10855)
- Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
- after a replica reboots (#10798)
- Cluster: Fix crash during handshake and cluster shards call (#10942)
* Fixes for issues in previous releases of Redis 7.0
- TLS: Fix issues with large replies (#10909)
- Correctly report the startup warning for vm.overcommit_memory (#10841)
- redis-server command line allow passing config name and value in the same argument (#10866)
- Support --save command line argument with no value for backwards compatibility (#10866)
- Fix CLUSTER RESET command regression requiring an argument (#10898)
* Mon Jul 04 2022 Danilo Spinella <danilo.spinella@suse.com>
- Use bundled jemalloc to fix active defragmentation, fixes bsc#1200913.
- Remove patch:
* Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch
* Wed Jun 29 2022 Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Sun Jun 12 2022 Michael Ströder <michael@stroeder.com>
- Update to version 7.0.2
* Fixed SET and BITFIELD commands being wrongly marked movablekeys (#10837)
Regression in 7.0 possibly resulting in excessive roundtrip from cluster clients.
* Fix crash when /proc/sys/vm/overcommit_memory is inaccessible (#10848)
Regression in 7.0.1 resulting in crash on startup on some configurations.
* Wed Jun 08 2022 Michael Ströder <michael@stroeder.com>
- Update to version 7.0.1
* Improvements
- Add warning for suspected slow system clocksource setting
Add --check-system command line option. (#10636)
- Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
during CLIENT PAUSE WRITE (#10744)
- Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO (#10728)
- redis-server command line arguments now accept one string with spaces
for multi-arg configs (#10660)
* Potentially Breaking Changes
- Omitting a config option value in command line argument no longer works (#10660)
- Hide the `may_replicate` flag from the COMMAND command response (#10744)
* Potentially Breaking Changes for new Redis 7.0 features
- Protocol: Sharded pubsub publish emits `smessage` instead of `message` (#10792)
- CLUSTER SHARDS returns slots as RESP integers, not strings (#10683)
- Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes) (#10744)
- Scripts that declare the `no-writes` flag are implicitly `allow-oom` too (#10699)
* Changes in CLI tools
- redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C (#10736)
* Platform / toolchain support related improvements
- Support tcp-keepalive config interval on MacOs (#10667)
- Support RSS metrics on Haiku OS (#10687)
* INFO fields and introspection changes
- Add isolated network metrics for replication. (#10062, #10810)
* Module API changes
- Add two more new checks to RM_Call script mode (#10786)
- Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands (#10786)
- Add module API RM_MallocUsableSize (#10795)
- Add missing REDISMODULE_NOTIFY_NEW (#10688)
- Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements (#10698)
- Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug (#10786)
- Fix bugs in enum configs with overlapping bit flags (#10661)
* Bug Fixes
- FLUSHALL correctly resets rdb_changes_since_last_save INFO field (#10691)
- FLUSHDB is now propagated to replicas / AOF, even if the db is empty (#10691)
- Replica fail and retry the PSYNC if the master is unresponsive (#10726)
- Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 (#10767)
* Tue May 10 2022 Danilo Spinella <danilo.spinella@suse.com>
- Unbundle jemalloc, fixes bsc#199164
* Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch
* Tue May 10 2022 Johannes Segitz <jsegitz@suse.com>
- Add ReadWritePaths=/etc/redis to redis-sentinel@.service (bsc#1199198)
* Fri May 06 2022 Danilo Spinella <danilo.spinella@suse.com>
- Update to version 7.0.0:
https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
- Remove upstreamed patch:
* getMcontextEip-return-value.patch
* Wed Apr 27 2022 Andreas Stieger <andreas.stieger@gmx.de>
- redis 6.2.7:
* CVE-2022-24736: An attacker attempting to load a specially
crafted Lua script can cause NULL pointer dereference which
will result with a crash of the redis-server process
(boo#1198953)
* CVE-2022-24735: By exploiting weaknesses in the Lua script
execution environment, an attacker with access to Redis can
inject Lua code that will execute with the (potentially higher)
privileges of another Redis user (boo#1198952)
* LPOP/RPOP with count against non-existing list return null array
* LPOP/RPOP used to produce wrong replies when count is 0
* Speed optimization in command execution pipeline
* Fix regression in Z[REV]RANGE commands (by-rank) introduced in
Redis 6.2
* Fix OpenSSL 3.0.x related issues
* Bug fixes
/etc/redis /etc/redis/includes /etc/redis/includes/redis.defaults.conf /etc/redis/includes/sentinel.defaults.conf /etc/redis/redis.default.conf.template /etc/redis/sentinel.defaults.conf.template /run/redis /usr/bin/redis-benchmark /usr/bin/redis-check-aof /usr/bin/redis-check-rdb /usr/bin/redis-cli /usr/etc/logrotate.d/redis /usr/lib/sysctl.d/00-redis.conf /usr/lib/systemd/system/redis-sentinel.target /usr/lib/systemd/system/redis-sentinel@.service /usr/lib/systemd/system/redis.target /usr/lib/systemd/system/redis@.service /usr/lib/sysusers.d/redis-user.conf /usr/lib/tmpfiles.d/redis.conf /usr/sbin/rcredis /usr/sbin/redis-check-aof /usr/sbin/redis-check-rdb /usr/sbin/redis-sentinel /usr/sbin/redis-server /usr/share/doc/packages/redis /usr/share/doc/packages/redis/00-RELEASENOTES /usr/share/doc/packages/redis/BUGS /usr/share/doc/packages/redis/CODE_OF_CONDUCT.md /usr/share/doc/packages/redis/CONTRIBUTING.md /usr/share/doc/packages/redis/README.SUSE /usr/share/doc/packages/redis/README.md /usr/share/doc/packages/redis/REDISCONTRIBUTIONS.txt /usr/share/doc/packages/redis/SECURITY.md /usr/share/doc/packages/redis/TLS.md /usr/share/doc/packages/redis/redis-full.conf /usr/share/licenses/redis /usr/share/licenses/redis/LICENSE.txt /var/lib/redis /var/lib/redis/default /var/log/redis
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Jul 17 00:15:31 2025