| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: redis | Distribution: openSUSE Tumbleweed | 
| Version: 8.2.2 | Vendor: openSUSE | 
| Release: 1.1 | Build date: Sat Oct 4 15:43:20 2025 | 
| Group: Unspecified | Build host: reproducible | 
| Size: 5730492 | Source RPM: redis-8.2.2-1.1.src.rpm | 
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/redis/redis | |
| Summary: Persistent key-value database | |
redis is an advanced key-value store. It is similar to memcached but the dataset is not volatile, and values can be strings, exactly like in memcached, but also lists, sets, and ordered sets. All this data types can be manipulated with atomic operations to push/pop elements, add/remove elements, perform server side union, intersection, difference between sets, and so forth. Redis supports different kind of sorting abilities.
AGPL-3.0-only
* Sat Oct 04 2025 Илья Индиго <ilya@ilya.top>
  - Updated to 8.2.2 (boo#1250995)
    * https://github.com/redis/redis/releases/tag/8.2.2
    * Fixed Lua script may lead to remote code execution (CVE-2025-49844).
    * Fixed Lua script may lead to integer overflow (CVE-2025-46817).
    * Fixed Lua script can be executed in the context of another user
      (CVE-2025-46818).
    * Fixed LUA out-of-bound read (CVE-2025-46819).
    * Fixed potential crash on Lua script or streams and HFE defrag.
    * Fixed potential crash when using ACL rules.
    * Added VSIM: new EPSILON argument to specify maximum distance.
    * Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag.
    * Added RESP3 serialization performance.
    * Added INFO SEARCH: new SVS-VAMANA metrics.
* Mon Aug 18 2025 Marcus Rueckert <mrueckert@suse.de>
  - Updated to 8.2.1
    * https://github.com/redis/redis/releases/tag/8.2.1
    - Bug fixes
    * #14240 INFO KEYSIZES - potential incorrect histogram updates
      on cluster mode with modules
    * #14274 Disable Active Defrag during flushing replica
    * #14276 XADD or XTRIM can crash the server after loading RDB
    * #Q6601 Potential crash when running FLUSHDB (MOD-10681)
    * Performance and resource utilization
    * Query Engine - LeanVec and LVQ proprietary Intel
      optimizations were removed from Redis Open Source
    * #Q6621 Fix regression in INFO (MOD-10779)
* Mon Aug 04 2025 Marcus Rueckert <mrueckert@suse.de>
  - Updated to 8.2.0
    * https://github.com/redis/redis/releases/tag/8.2.0
    * Added commands: XDELEX and XACKDEL; extension to XADD and XTRIM.
    * Added operators: DIFF, DIFF1, ANDOR, and ONE.
    * Added SVS-VAMANA vector index type which supports vector compression.
* Sun Jul 06 2025 Илья Индиго <ilya@ilya.top>
  - Updated to 8.0.3
    * https://github.com/redis/redis/releases/tag/8.0.3
    * Fixed out-of-bounds write in HyperLogLog commands (CVE-2025-32023).
    * Fixed retry accepting other connections even if the accepted
      connection reports an error (CVE-2025-48367).
    * Fixed a short read may lead to an exit() on a replica.
    * Fixed db->expires is not defragmented.
    * Added new WITHATTRIBS to return the JSON attribute associated
      with an element.
* Fri Jun 06 2025 Илья Индиго <ilya@ilya.top>
  - Added conflict with valkey-compat-redis.
  - Changed license to AGPL-3.0-only.
* Tue May 27 2025 Marcus Rueckert <mrueckert@suse.de>
  - redis 8.0.2:
    Update urgency: SECURITY: There are security fixes in the release.
    - Security fixes
    - (CVE-2025-27151) redis-check-aof may lead to stack overflow
      and potential RCE
    - Bug fixes
    - #14081 Cron-based timers run twice as fast when active defrag
      is enabled
    - Other general improvements -#14048 LOLWUT for Redis 8
* Tue May 13 2025 Marcus Rueckert <mrueckert@suse.de>
  - redis 8.0.1:
    Update urgency: MODERATE: Program an upgrade of the server, but it's not urgent.
    - Performance and resource utilization improvements
    - #13959 Vector sets - faster VSIM FILTER parsing
    - Bug fixes
    - #QE6083 Query Engine - revert default policy
      search-on-timeout to RETURN
    - #QE6050 Query Engine - @__key on FT.AGGREGATE used as
      reserved field name preventing access to Redis keyspace
    - #QE6077 Query Engine - crash when calling FT.CURSOR DEL while
      retrieving from the CURSOR
    - Notes
    - Fixed wrong text in the license files
* Fri May 02 2025 Marcus Rueckert <mrueckert@suse.de>
  - redis 8.0.0:
    This is the General Availability release of Redis Open Source
    8.0.
    Redis 8.0 deprecates previous Redis and Redis Stack versions.
    Stand alone RediSearch, RedisJSON, RedisTimeSeries, and
    RedisBloom are no longer needed as they are now part of Redis.
    - Major changes compared to 7.4.2
    - Name change: Redis Community Edition is now Redis Open Source
    - License change: licensed under your choice of
    - (a) the Redis Source Available License 2.0 (RSALv2); or
    - (b) the Server Side Public License v1 (SSPLv1); or
    - (c) the GNU Affero General Public License (AGPLv3)
    - Redis Query engine and 8 new data structures are now an
      integral part of Redis 8
    - (1) Redis Query Engine, which now supports both horizontal
      and vertical scaling for search, query and vector workloads
    - (2) JSON - a queryable JSON document
    - (3) Time series
    - (4-8) Five probabilistic data structures: Bloom filter,
      Cuckoo filter, Count-min sketch, Top-k, and t-digest
    - (9) Vector set [beta] - a data structure designed for Vector
      Similarity Search, inspired by Sorted set
    - These nine components are included in all binary
      distributions
    - See instructions in the README.md file on how to build from
      source with all these components
    - New configuration file: redis-full.conf - loads Redis with
      all these components, and contains new configuration
      parameters for Redis Query engine and the new data structures
    - New ACL categories: @search, @json, @timeseries, @bloom,
      @cuckoo, @cms, @topk, @tdigest
    - Commands are also included in the existing ACL categories
      (@read, @write, etc.)
    - More than 30 performance and resource utilization improvements
    - A new I/O threading implementation which enables throughput
      increase on multi-core environments (set with io-threads
      configuration parameter)
    - An improved replication mechanism which is more performant and
      robust
    - New hash commands - HGETDEL, HGETEX, HSETEX
    - For more details, see the release notes of 8.0-M01, 8.0-M02,
      8.0-M03, 8.0-M04, and 8.0-RC1
    - Bug fixes (compared to 8.0-RC1)
    - #13966, #13932 CLUSTER SLOTS - TLS port update not reflected
    - #13958 XTRIM, XADD - incorrect lag due to trimming stream
    - #13931 HGETEX - wrong order of keyspace notifications
  - fast_float intree copy need gcc-c++
* Wed Apr 23 2025 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.4.3:
    - Security fixes
    - (CVE-2025-21605) An unauthenticated client can cause an
      unlimited growth of output buffers
    - Bug fixes
    - #13661 FUNCTION FLUSH - memory leak when using jemalloc
    - #13793 WAITAOF returns prematurely
    - #13853 SLAVEOF - crash when clients are blocked on lazy free
    - #13863 RANDOMKEY - infinite loop during client pause
    - #13877 ShardID inconsistency when both primary and replica
      support it
* Sun Mar 23 2025 Marcus Rueckert <mrueckert@suse.de>
  - add build conditional to skip the testsuite if you want test
    other aspects of the build
* Sun Mar 23 2025 Marcus Rueckert <mrueckert@suse.de>
  - update redis-conf.patch
    instead of copying the whole default example config we can also
    have it as include file and start out with a very minimal
    configuration for each instance.
* Thu Jan 09 2025 Antonio Teixeira <antonio.teixeira@suse.com>
  - redis 7.4.2:
    - Security fixes
    - (CVE-2024-46981, boo#1235387) Lua script commands may lead to
      remote code execution
    - (CVE-2024-51741, boo#1235386) Denial-of-service due to malformed
      ACL selectors
    - Bug fixes
    - #13627 Crash on module memory defragmentation
    - #13338 Streams: XINFO lag field is wrong when tombstone is after
      the last_id of the consume group
    - #13473 Streams: XTRIM does not update the maximal tombstone,
      leading to an incorrect lag
    - #13470 INFO after HDEL show wrong number of hash keys with
      expiration
    - #13476 Fix a race condition in the cache_memory of functionsLibCtx
    - #13626 Memory leak on failed RDB loading
    - #13539 Hash: fix key ref for a hash that no longer has fields with
      expiration on RENAME/MOVE/SWAPDB/RESTORE
    - #13443 Cluster: crash when loading cluster config
    - #13422 Cluster: CLUSTER SHARDS returns empty array
    - #13465 Cluster: incompatibility with older node versions
    - #13608 Cluster: SORT ... GET #: incorrect error message
* Wed Oct 02 2024 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.4.1: (boo#1231264 boo#1231265 boo#1231266)
    - (CVE-2024-31449) Lua library commands may lead to stack
      overflow and potential RCE.
    - (CVE-2024-31227) Potential Denial-of-service due to malformed
      ACL selectors.
    - (CVE-2024-31228) Potential Denial-of-service due to unbounded
      pattern matching.
* Mon Jul 29 2024 Marcus Rueckert <mrueckert@suse.de>
  - Refreshed patch
    redis-conf.patch
    reproducible.patch
    ppc-atomic.patch
  - Also track series file
* Mon Jul 29 2024 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.4.0:
    - New Features
    - #13391,#13438 Hash - expiration of individual fields: RDB
      file format changes
    - #13372 Hash - expiration of individual fields: rename and fix
      counting of expired_subkeys metric
    - #13372 Hash - expiration of individual fields: rename INFO
      keyspace field to subexpiry
    - #13343 Hash - expiration of individual fields: when key does
      not exist - reply with an array (nonexisting code for each
      field)
    - #13329 Hash - expiration of individual fields: new keyspace
      event: hexpired
    - #13303 Hash - expiration of individual fields. 9 commands
      were introduced:
    - HEXPIRE and HPEXPIRE set the remaining time to live for
      specific fields
    - HEXPIREAT and HPEXPIREAT set the expiration time to a UNIX
      timestamp for specific fields
    - HPERSIST removes the expiration for specific fields
    - HEXPIRETIME and HPEXPIRETIME get the expiration time for
      specific fields
    - HTTL and HPTTL get the remaining time to live for specific
      fields
    - #13117 XREAD: new id value + to start reading from the last
      message
    - #12765 HSCAN: new NOVALUES flag to report only field names
    - #12728 SORT, SORT_RO: allow BY and GET options in cluster
      mode when the pattern maps to the same slot as the key
    - #12299 CLIENT KILL: new optional filter: MAXAGE maxage - kill
      connections older than maxage seconds
    - #12971 Lua: expose os.clock() API for getting the elapsed
      time of Lua code execution
    - #13276 Allow SPUBLISH command within MULTI ... EXEC
      transactions on replica
    - Bug fixes
    - #13407 Trigger Lua GC after SCRIPT LOAD
    - #13380 Fix possible crash due to OOM panic on invalid command
    - #13383 FUNCTION FLUSH - improve Lua GC behavior and fix
      thread race in ASYNC mode
    - #13408 HEXPIRE-like commands should emit HDEL keyspace
      notification if expire time is in the past
    - #12898 XREADGROUP: fix entries-read inconsistency between
      master and replicas
    - #13042 SORT ... STORE: fix created lists to respect list
      compression and packing configs
    - #12817, #12905 Fix race condition issues between the main
      thread and module threads
    - #12577 Unsubscribe all clients from replica for shard channel
      if the master ownership changes
    - #12622 WAITAOF could timeout or hang if used after a module
      command that propagated effects only to replicas and not to
      AOF
    - #11734 BITCOUNT and BITPOS with nonexistent key and illegal
      arguments return an error, not 0
    - #12394 BITCOUNT: check for wrong argument before checking if
      key exists
    - #12961 Allow execution of read-only transactions when out of
      memory
    - #13274 Fix crash when a client performs ACL change that
      disconnects itself
    - #13311 Cluster: Fix crash due to unblocking client during
      slot migration
    - Security improvements
    - #13108 Lua: LRU eviction for scripts generated with EVAL ***
      BEHAVIOR CHANGE ***
    - #12961 Restrict the total request size of MULTI ... EXEC
      transactions
    - #12860 Redact ACL username information and mark
    * -key-file-pass configs as sensitive
    - Performance and resource utilization improvements
    - #13296 Optimize CPU cache efficiency
    - #12838 Improve performance when many clients call
      PUNSUBSCRIBE / SUNSUBSCRIBE simultaneously
    - #12627 Reduce lag when waking WAITAOF clients and there is
      not much traffic
    - #12754 Optimize KEYS when pattern includes hashtag and
      implies a single slot
    - #11695 Reduce memory and improve performance by replacing
      cluster metadata with slot specific dictionaries
    - #13087 SCRIPT FLUSH ASYNC now does not block the main thread
    - #12996 Active memory defragmentation efficiency improvements
    - #12899 Improve performance of read/update operation during
      rehashing
    - #12536 SCAN ... MATCH: Improve performance when the pattern
      implies cluster slot
    - #12450 ZRANGE ... LIMIT: improved performance
    - Other general improvements
    - #13133 Lua: allocate VM code with jemalloc instead of libc
      and count it as used memory *** BEHAVIOR CHANGE ***
    - #12171 ACL LOAD: do not disconnect all clients *** BEHAVIOR
      CHANGE ***
    - #13020 Allow adjusting defrag configurations while active
      defragmentation is running
    - #12949 Increase the accuracy of avg_ttl (the average keyspace
      keys TTL)
    - #12977 Allow running WAITAOF in scripts
    - #12782 Implement TCP Keep-Alives across most Unix-like
      systems
    - #12707 Improved error codes when rejecting scripts in cluster
      mode
    - #12596 Support XREAD ... BLOCK in scripts; rejected only if
      it ends up blocking
    - New metrics
    - #12849 INFO: pubsub_clients - number of clients in Pub/Sub
      mode
    - #12966 INFO: watching_clients - number of clients that are
      watching keys
    - #12966 INFO: total_watched_keys - number of watched keys
    - #12476 INFO: client_query_buffer_limit_disconnections - count
      client input buffer OOM events
    - #12476 INFO: client_output_buffer_limit_disconnections -
      count client output buffer OOM events
    - #12996 INFO: allocator_muzzy - memory returned to the OS but
      still shows as RSS until the OS reclaims it
    - #13108 INFO: evicted_scripts - number of evicted eval
      scripts. Users can check it to see if they are abusing EVAL
    - #12996 MEMORY STATS: allocator.muzzy - memory returned to the
      OS but still shows as RSS until the OS reclaims it
    - #12913 INFO MEMORY mem_overhead_db_hashtable_rehashing -
      memory resharding overhead (only the memory that will be
      released soon)
    - #12913 MEMORY STATS: overhead.db.hashtable.lut - total
      overhead of dictionary buckets in databases
    - #12913 MEMORY STATS: overhead.db.hashtable.rehashing -
      temporary memory overhead of database dictionaries currently
      being rehashed
    - #12913 MEMORY STATS: db.dict.rehashing.count - number of top
      level dictionaries currently being rehashed
    - #12966 CLIENT LIST: watch - number of keys each client is
      currently watching
    - Modules API
    - #13326 Hash - expiration of individual fields: avoid lazy
      expire when called from a Modules API function
    - #12985 New API calls: RM_TryCalloc and RM_TryRealloc - allow
      modules to handle memory allocation failures gracefully
    - #13069 New API call: RM_ClusterKeySlot - which slot a key
      will hash to
    - #13069 New API call: RM_ClusterCanonicalKeyNameInSlot - get a
      consistent key that will map to a slot
    - #12486 New API call: RM_AddACLCategory - allow modules to
      declare new ACL categories
    - Configuration parameters
    - #13400 Add hide-user-data-from-log - allows hiding user data
      from the log file
    - #12178 New configuration parameters:
      max-new-connections-per-cycle and
      max-new-tls-connections-per-cycle to limit the number of new
      client connections per event-loop cycle
    - #7351 Rename some CPU configuration parameters for style
      alignment. Added alias to the old names to avoid breaking
      change
    - CLI tools
    - #10609 redis-cli: new -t <timeout> argument: specify server
      connection timeout in seconds
    - #11315 redis-cli: new -4 and -6 flags to prefer IPV4 or IPV6
      on DNS lookup
    - #12862 redis-cli: allows pressing up arrow to return any
      command (including sensitive commands which are still not
      persisted)
    - #12543 redis-cli: add reverse history search (like Ctrl+R in
      terminals)
    - #12826 redis-cli: add --keystats and --keystats-samples to
      combines --memkeys and --bigkeys with additional distribution
      data
    - #12735 redis-cli: fix: --bigkeys and --memkeys now work on
      cluster replicas
    - #9411 redis-benchmark: add support for binary strings
    - #12986 redis-benchmark: fix: pick random slot for a node to
      distribute operation across slots
* Sun May 19 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - redis 7.2.5:
    * A single shard cluster leaves failed replicas in CLUSTER SLOTS
      instead of removing them
    * Crash in LSET command when replacing small items and exceeding
      4GB
    * Blocking commands timeout is reset due to re-processing command
    * Conversion of numbers in Lua args to redis args can fail
    * redis-cli: --count (for --scan, --bigkeys, etc) was ignored
      unless --pattern was also used
    * redis-check-aof: incorrectly considering data in manifest
      format as MP-AOF
* Sat Apr 27 2024 Илья Индиго <13ilya@gmail.com>
  - Fixed privileges of /run/redis directory (rpm -qlv redis | grep /run).
* Fri Mar 01 2024 Danilo Spinella <danilo.spinella@suse.com>
  - The following issue has been fixed in TW but has not been
    mentioned before:
    * bsc#1208235
    * bsc#1207448
  - The following patch was removed from SLE:
    * bsc1198952.patch
    * redis-CVE-2022-24834.patch
    * redis-CVE-2022-36021.patch
    * redis-CVE-2023-25155.patch
    * redis-CVE-2023-45145.patch
    * redis-CVE-2023-45145.patch
* Tue Jan 09 2024 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.2.4: (boo#1218646)
    - Security fixes
    - (CVE-2023-41056) In some cases, Redis may incorrectly handle
      resizing of memory buffers which can result in incorrect
      accounting of buffer sizes and lead to heap overflow and
      potential remote code execution.
    - Bug fixes
    - Fix crashes of cluster commands clusters with mixed versions
      of 7.0 and 7.2 (#12805, #12832)
    - Fix slot ownership not being properly handled when deleting a
      slot from a node (#12564)
    - Fix atomicity issues with the RedisModuleEvent_Key module API
      event (#12733)
* Fri Nov 03 2023 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.2.3:
    - Fix file descriptor leak preventing deleted files from freeing
      disk space on replicas (#12693)
    - Fix a possible crash after cluster node removal (#12702)
* Fri Oct 20 2023 Danilo Spinella <oss@danyspin97.org>
  - redis 7.2.2:
    * (CVE-2023-45145) The wrong order of listen(2) and chmod(2) calls creates a
      race condition that can be used by another process to bypass desired Unix
      socket permissions on startup, bsc#1216376
    * WAITAOF could timeout in the absence of write traffic in case a new AOF is
      created and an AOF rewrite can't immediately start
    * Fix crash when running rebalance command in a mixed cluster of 7.0 and 7.2
      nodes
    * Fix the return type of the slot number in cluster shards to integer, which
      makes it consistent with past behavior
    * Fix CLUSTER commands are called from modules or scripts to return TLS info
      appropriately
      redis-cli, fix crash on reconnect when in SUBSCRIBE mode
    * Fix overflow calculation for next timer event
* Thu Sep 07 2023 Danilo Spinella <danilo.spinella@suse.com>
  - redis 7.2.1:
    * (CVE-2023-41053) Redis does not correctly identify keys accessed by SORT_RO and,
      as a result, may grant users executing this command access to keys that are not
      explicitly authorized by the ACL configuration. (bsc#1215094)
    * Fix crashes when joining a node to an existing 7.0 Redis Cluster
    * Correct request_policy and response_policy command tips on for some admin /
      configuration commands
  - Refresh redis.hashes
* Tue Aug 15 2023 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.2.0
    - Bug Fixes
    - redis-cli in cluster mode handles unknown-endpoint (#12273)
    - Update request / response policy hints for a few commands
      (#12417)
    - Ensure that the function load timeout is disabled during
      loading from RDB/AOF and on replicas. (#12451)
    - Fix false success and a memory leak for ACL selector with bad
      parenthesis combination (#12452)
    - Fix the assertion when script timeout occurs after it
      signaled a blocked client (#12459)
    - Fixes for issues in previous releases of Redis 7.2
    - Update MONITOR client's memory correctly for INFO and
      client-eviction (#12420)
    - The response of cluster nodes was unnecessarily adding an
      extra comma when no hostname was present. (#12411)
  - refreshed redis-conf.patch:
  - switch to autosetup now that we switched the last patch to patch
    level 1
* Wed Jul 12 2023 Danilo Spinella <danilo.spinella@suse.com>
  - redis 7.0.12:
    * (CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
      a heap overflow in the cjson and cmsgpack libraries, and result in heap
      corruption and potentially remote code execution. The problem exists in all
      versions of Redis with Lua scripting support, starting from 2.6, and affects
      only authenticated and authorized users. (bsc#1213193)
    * (CVE-2023-36824) Extracting key names from a command and a list of arguments
      may, in some cases, trigger a heap overflow and result in reading random heap
      memory, heap corruption and potentially remote code execution. Specifically:
      using COMMAND GETKEYS* and validation of key names in ACL rules. (bsc#1213249)
    * Re-enable downscale rehashing while there is a fork child
    * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count>
    * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER,
      SPOP, and eviction
    * Fix WAIT to be effective after a blocked module command being unblocked
    * Avoid unnecessary full sync after master restart in a rare case
* Fri May 19 2023 Jiri Srain <jsrain@suse.com>
  - refresh redis-hashes from upstream source
* Mon Apr 17 2023 Marcus Rueckert <mrueckert@suse.de>
  - redis 7.0.11
    - (CVE-2023-28856) Authenticated users can use the HINCRBYFLOAT
      command to create an invalid hash field that will crash Redis
      on access (boo#1210548)
    - Add a missing fsync of AOF file in rare cases
    - Disconnect pub-sub subscribers when revoking allchannels
      permission
    - Fix a compiler fortification induced crash when used with link
      time optimizations
  - Drop get-old-size-calculations.patch:
    replaced with proper fix
* Fri Mar 24 2023 Marcus Rueckert <mrueckert@suse.de>
  - Added get-old-size-calculations.patch:
    my workaround for https://github.com/redis/redis/issues/11965
* Mon Mar 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - redis 7.0.10
    * CVE-2023-28425: Specially crafted MSETNX command can lead to
      assertion and denial-of-service (boo#1209528)
    * Large blocks of replica client output buffer may lead to psync
      loops and unnecessary memory usage
    * Fix CLIENT REPLY OFF|SKIP to not silence push notifications
    * Trim excessive memory usage in stream nodes when exceeding
      `stream-node-max-bytes`
    * Fix module RM_Call commands failing with OOM when maxmemory is
      changed to zero
* Mon Mar 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - redis 7.0.9
    * CVE-2023-25155: Specially crafted SRANDMEMBER, ZRANDMEMBER, and
      HRANDFIELD commands can trigger an integer overflow, resulting
      in a runtime assertion and termination of the Redis server
      process. Previously patched, drop
      Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
    * CVE-2022-36021: String matching commands (like SCAN or KEYS)
      with a specially crafted pattern to trigger a denial-of-service
      attack on Redis, causing it to hang and consume 100% CPU time.
      Previously upatched, drop
      String-pattern-matching-had-exponential-time-complex.patch
    * Fix a crash when reaching the maximum invalidations limit of
      client-side tracking
    * Fix a crash when SPUBLISH is used after passing the
      cluster-link-sendbuf-limit
    * Fix possible memory corruption in FLUSHALL when a client
      watches more than one key
    * Fix cluster inbound link keepalive time
    * Flush propagation list in active-expire of writable replicas to
      fix an assertion
    * Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as
      MULTI-EXEC
    * Avoid realloc to reduce size of strings when it is unneeded
    * Improve CLUSTER SLOTS reply efficiency for non-continuous slots
* Wed Mar 01 2023 Valentin Lefebvre <valentin.lefebvre@suse.com>
  - Fix CVE-2022-36021 (bsc#1208790 CVE-2022-36021)
    * String-pattern-matching-had-exponential-time-complex.patch
  - Fix CVE-2023-25155 (bsc#1208793 CVE-2023-25155)
    * Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
* Mon Jan 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - redis 7.0.8
    * CVE-2022-35977: Integer overflow in the Redis SETRANGE and
      SORT/SORT_RO commands can drive Redis to OOM panic boo#1207202
    * CVE-2023-22458: Integer overflow in the Redis HRANDFIELD and
      ZRANDMEMBER commands can lead to denial-of-service boo#1207203
    * Avoid possible hang when client issues long KEYS, SRANDMEMBER,
      HRANDFIELD, and ZRANDMEMBER commands and gets disconnected by
      client output buffer limit
    * Make sure that fork child doesn't do incremental rehashing
    * Fix a bug where blocking commands with a sub-second timeout
      would block forever
    * Fix sentinel issue if replica changes IP
* Fri Dec 16 2022 Michael Ströder <michael@stroeder.com>
  - Update to version 7.0.7
    * Fix regression from Redis 7.0.6 in distance replies
      of Geo commands (#11631)
* Thu Dec 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - Update to version 7.0.6:
    * RM_ResetDataset module API should not clear the functions
    * RM_Call module API used with the "C" flag to run scripts,
      would now cause the commands in the script to check ACL with
      the designated user
    * Geo commands speedups
    * Fix EVAL command performance regression from Redis 7.0
    * Reduce EXPIRE commands performance regression from Redis 7.0
    * Optimize commands returning double values, mainly affecting zset
      commands
    * Optimize Lua parsing of some command responses
    * Optimize client memory usage tracking operation while client
      eviction is disabled
    * Multiple bug fixes for crashes, hangs, and incorrect behavior
  - drop cve-2022-3647.patch now upstream
* Mon Oct 24 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Fix CVE-2022-3647, crash in sigsegvHandler debug function
    (CVE-2022-3647, bsc#1204633)
    * cve-2022-3647.patch
* Wed Sep 21 2022 Michael Ströder <michael@stroeder.com>
  - Update to version 7.0.5 (boo#1203638)
    + Security Fixes:
    * (CVE-2022-35951) Executing a XAUTOCLAIM command on a stream key in a specific
      state, with a specially crafted COUNT argument, may cause an integer overflow,
      a subsequent heap overflow, and potentially lead to remote code execution.
      The problem affects Redis versions 7.0.0 or newer
      [reported by Xion (SeungHyun Lee) of KAIST GoN].
    + Module API changes
    * Fix RM_Call execution of scripts when used with M/W/S flags to properly
      handle script flags (#11159)
    * Fix RM_SetAbsExpire and RM_GetAbsExpire API registration (#11025, #8564)
    + Bug Fixes
    * Fix a hang when eviction is combined with lazy-free and maxmemory-eviction-tenacity is set to 100 (#11237)
    * Fix a crash when a replica may attempt to set itself as its master as a result of a manual failover (#11263)
    * Fix a bug where a cluster-enabled replica node may permanently set its master's hostname to '?' (#10696)
    * Fix a crash when a Lua script returns a meta-table (#11032)
    + Fixes for issues in previous releases of Redis 7.0
    * Fix redis-cli to do DNS lookup before sending CLUSTER MEET (#11151)
    * Fix crash when a key is lazy expired during cluster key migration (#11176)
    * Fix AOF rewrite to fsync the old AOF file when a new one is created (#11004)
    * Fix some crashes involving a list containing entries larger than 1GB (#11242)
    * Correctly handle scripts with a non-read-only shebang on a cluster replica (#11223)
    * Fix memory leak when unloading a module (#11147)
    * Fix bug with scripts ignoring client tracking NOLOOP (#11052)
    * Fix client-side tracking breaking protocol when FLUSHDB / FLUSHALL / SWAPDB is used inside MULTI-EXEC (#11038)
    * Fix ACL: BITFIELD with GET and also SET / INCRBY can be executed with read-only key permission (#11086)
    * Fix missing sections for INFO ALL when also requesting a module info section (#11291)
* Thu Sep 01 2022 Stefan Schubert <schubi@intern>
  - Migration to /usr/etc: Saving user changed configuration files
    in /etc and restoring them while an RPM update.
* Mon Jul 18 2022 Michael Ströder <michael@stroeder.com>
  - Security update to version 7.0.4
    (CVE-2022-31144) A specially crafted XAUTOCLAIM command on a stream
    key in a specific state may result with heap overflow, and potentially
    remote code execution. The problem affects Redis versions 7.0.0 or newer.
* Mon Jul 11 2022 Michael Ströder <michael@stroeder.com>
  - Update to version 7.0.3
    * Performance and resource utilization improvements
    - Optimize zset conversion on large ZRANGESTORE (#10789)
    - Optimize the performance of sending PING on large clusters (#10624)
    - Allow for faster restart of Redis in cluster mode (#10912)
    * INFO fields and introspection changes
    - Add missing sharded pubsub keychannel count to CLIENT LIST (#10895)
    - Add missing pubsubshard_channels field in INFO STATS (#10929)
    * Module API changes
    - Add RM_StringToULongLong and RM_CreateStringFromULongLong (#10889)
    - Add RM_SetClientNameById and RM_GetClientNameById (#10839)
    * Changes in CLI tools
    - Add missing cluster-port support to redis-cli --cluster (#10344)
    * Other General Improvements
    - Account sharded pubsub channels memory consumption (#10925)
    - Allow ECHO in loading and stale modes (#10853)
    - Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key
    - commands when the node only has some of the keys (#9526)
    * Bug Fixes
    - TLS: Notify clients on connection shutdown (#10931)
    - Fsync directory while persisting AOF manifest, RDB file, and config file (#10737)
    - Script that made modification will not break with unexpected NOREPLICAS error (#10855)
    - Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER
    - after a replica reboots (#10798)
    - Cluster: Fix crash during handshake and cluster shards call (#10942)
    * Fixes for issues in previous releases of Redis 7.0
    - TLS: Fix issues with large replies (#10909)
    - Correctly report the startup warning for vm.overcommit_memory (#10841)
    - redis-server command line allow passing config name and value in the same argument (#10866)
    - Support --save command line argument with no value for backwards compatibility (#10866)
    - Fix CLUSTER RESET command regression requiring an argument (#10898)
* Mon Jul 04 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Use bundled jemalloc to fix active defragmentation, fixes bsc#1200913.
  - Remove patch:
    * Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch
* Wed Jun 29 2022 Stefan Schubert <schubi@suse.com>
  - Moved logrotate files from user specific directory /etc/logrotate.d
    to vendor specific directory /usr/etc/logrotate.d.
* Sun Jun 12 2022 Michael Ströder <michael@stroeder.com>
  - Update to version 7.0.2
    * Fixed SET and BITFIELD commands being wrongly marked movablekeys (#10837)
      Regression in 7.0 possibly resulting in excessive roundtrip from cluster clients.
    * Fix crash when /proc/sys/vm/overcommit_memory is inaccessible (#10848)
      Regression in 7.0.1 resulting in crash on startup on some configurations.
* Wed Jun 08 2022 Michael Ströder <michael@stroeder.com>
  - Update to version 7.0.1
    * Improvements
    - Add warning for suspected slow system clocksource setting
      Add --check-system command line option. (#10636)
    - Allow read-only scripts (*_RO commands, and ones with `no-writes` flag)
      during CLIENT PAUSE WRITE (#10744)
    - Add `readonly` flag in COMMAND command for EVAL_RO, EVALSHA_RO and FCALL_RO (#10728)
    - redis-server command line arguments now accept one string with spaces
      for multi-arg configs (#10660)
    * Potentially Breaking Changes
    - Omitting a config option value in command line argument no longer works (#10660)
    - Hide the `may_replicate` flag from the COMMAND command response (#10744)
    * Potentially Breaking Changes for new Redis 7.0 features
    - Protocol: Sharded pubsub publish emits `smessage` instead of `message` (#10792)
    - CLUSTER SHARDS returns slots as RESP integers, not strings (#10683)
    - Block PFCOUNT and PUBLISH in read-only scripts (*_RO commands, and no-writes) (#10744)
    - Scripts that declare the `no-writes` flag are implicitly `allow-oom` too (#10699)
    * Changes in CLI tools
    - redis-cli --bigkeys, --memkeys, --hotkeys, --scan. Finish nicely after Ctrl+C (#10736)
    * Platform / toolchain support related improvements
    - Support tcp-keepalive config interval on MacOs (#10667)
    - Support RSS metrics on Haiku OS (#10687)
    * INFO fields and introspection changes
    - Add isolated network metrics for replication. (#10062, #10810)
    * Module API changes
    - Add two more new checks to RM_Call script mode (#10786)
    - Add new RM_Call flag to let Redis automatically refuse `deny-oom` commands (#10786)
    - Add module API RM_MallocUsableSize (#10795)
    - Add missing REDISMODULE_NOTIFY_NEW (#10688)
    - Fix cursor type in RedisModuleScanCursor to handle more than 2^31 elements (#10698)
    - Fix RM_Yield bugs and RM_Call("EVAL") OOM check bug (#10786)
    - Fix bugs in enum configs with overlapping bit flags (#10661)
    * Bug Fixes
    - FLUSHALL correctly resets rdb_changes_since_last_save INFO field (#10691)
    - FLUSHDB is now propagated to replicas / AOF, even if the db is empty (#10691)
    - Replica fail and retry the PSYNC if the master is unresponsive (#10726)
    - Fix ZRANGESTORE crash when zset_max_listpack_entries is 0 (#10767)
* Tue May 10 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Unbundle jemalloc, fixes bsc#199164
    * Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch
* Tue May 10 2022 Johannes Segitz <jsegitz@suse.com>
  - Add ReadWritePaths=/etc/redis to redis-sentinel@.service (bsc#1199198)
* Fri May 06 2022 Danilo Spinella <danilo.spinella@suse.com>
  - Update to version 7.0.0:
    https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES
  - Remove upstreamed patch:
    * getMcontextEip-return-value.patch
* Wed Apr 27 2022 Andreas Stieger <andreas.stieger@gmx.de>
  - redis 6.2.7:
    * CVE-2022-24736: An attacker attempting to load a specially
      crafted Lua script can cause NULL pointer dereference which
      will result with a crash of the redis-server process
      (boo#1198953)
    * CVE-2022-24735: By exploiting weaknesses in the Lua script
      execution environment, an attacker with access to Redis can
      inject Lua code that will execute with the (potentially higher)
      privileges of another Redis user (boo#1198952)
    * LPOP/RPOP with count against non-existing list return null array
    * LPOP/RPOP used to produce wrong replies when count is 0
    * Speed optimization in command execution pipeline
    * Fix regression in Z[REV]RANGE commands (by-rank) introduced in
      Redis 6.2
    * Fix OpenSSL 3.0.x related issues
    * Bug fixes
/etc/redis /etc/redis/includes /etc/redis/includes/redis.defaults.conf /etc/redis/includes/sentinel.defaults.conf /etc/redis/redis.default.conf.template /etc/redis/sentinel.defaults.conf.template /run/redis /usr/bin/redis-benchmark /usr/bin/redis-check-aof /usr/bin/redis-check-rdb /usr/bin/redis-cli /usr/etc/logrotate.d/redis /usr/lib/sysctl.d/00-redis.conf /usr/lib/systemd/system/redis-sentinel.target /usr/lib/systemd/system/redis-sentinel@.service /usr/lib/systemd/system/redis.target /usr/lib/systemd/system/redis@.service /usr/lib/sysusers.d/redis-user.conf /usr/lib/tmpfiles.d/redis.conf /usr/sbin/rcredis /usr/sbin/redis-check-aof /usr/sbin/redis-check-rdb /usr/sbin/redis-sentinel /usr/sbin/redis-server /usr/share/doc/packages/redis /usr/share/doc/packages/redis/00-RELEASENOTES /usr/share/doc/packages/redis/BUGS /usr/share/doc/packages/redis/CODE_OF_CONDUCT.md /usr/share/doc/packages/redis/CONTRIBUTING.md /usr/share/doc/packages/redis/README.SUSE /usr/share/doc/packages/redis/README.md /usr/share/doc/packages/redis/REDISCONTRIBUTIONS.txt /usr/share/doc/packages/redis/SECURITY.md /usr/share/doc/packages/redis/TLS.md /usr/share/doc/packages/redis/redis-full.conf /usr/share/licenses/redis /usr/share/licenses/redis/LICENSE.txt /var/lib/redis /var/lib/redis/default /var/log/redis
Generated by rpm2html 1.8.1
Fabrice Bellet, Fri Oct 24 23:22:36 2025