linux/meta-openembedded.git/meta-oe/recipes-extended/redis, branch masterMirror of git.openembedded.org/meta-openembeddedhttps://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master2026-03-18T21:33:29+00:00redis 8: Update licence2026-03-18T21:33:29+00:00Daniel McGregordaniel.mcgregor@vecima.com2026-03-16T22:30:14+00:00urn:sha1:0530bb6f6cfd7065c6f3f88c89ee01eb008b76b7
Redis 8.0 and later are tri-licensed, the licence options are:
* Redis Source Available License v2
* Server Side Public License v1.0
* GNU Affero GPL v3.0
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: remove unneeded CVE_STATUS tags2026-03-17T20:25:16+00:00Gyorgy Sarvariskandigraun@gmail.com2026-03-08T19:11:27+00:00urn:sha1:53e8f46ff72e3b8d74d1c4c0a8d5b98282fd22d5
These CVEs were ignored because they were tracked by NVD using
incorrect version information. Since then this information seems
to be reflected correctly, it is not needed to ignore them explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: upgrade 8.0.0 -> 8.0.62026-03-17T20:25:16+00:00Gyorgy Sarvariskandigraun@gmail.com2026-03-08T18:59:15+00:00urn:sha1:ec741a75f0ca624577a1925efe3ba5a5065ee4b9
License-Update:
- Upstream has removed incorrect gplv3 text from the license (because agplv3
is the correct), which changed the checksum
- The recipe had incorrect license indication. Redis 8 is not BSD licensed,
but depending on the user's choice, it's agplv3 or sspl (or custom redis
license, which is not added to the list)
Changelogs:
8.0.6:
- Security fix: A user can manipulate data read by a connection by
injecting \r\n sequences into a Redis error reply
8.0.5:
Bugfixes:
- HGETEX - potential crash when FIELDS is used and numfields is missing
- Potential crash on HyperLogLog with 2GB+ entries
- Cuckoo filter - Division by zero in Cuckoo filter insertion
- Cuckoo filter - Counter overflow
- Bloom filter - Arbitrary memory read/write with invalid filter
- Bloom filter - Out-of-bounds access with empty chain
- Bloom filter - Restore invalid filter [We thank AWS security for
responsibly disclosing the security bug]
- Top-k - Out-of-bounds access
8.0.4:
Security fixes
- (CVE-2025-49844) A Lua script may lead to remote code execution
- (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
- (CVE-2025-46818) A Lua script can be executed in the context of another user
- (CVE-2025-46819) LUA out-of-bound read
New Features
- VSIM: new EPSILON argument to specify maximum distance
Bug fixes
- Potential use-after-free after pubsub and Lua defrag
- Potential crash on Lua script defrag
- HINCRBYFLOAT removes field expiration on replica
- Prevent CLIENT UNBLOCK from unblocking CLIENT PAUSE
- Endless client blocking for blocking commands
- Vector sets - RDB format is not compatible with big endian machines
- EVAL crash when error table is empty
- Gracefully handle short read errors for hashes with TTL during full sync
8.0.3:
Security fixes
- (CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
- (CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
New Features
- VSIM: Add new WITHATTRIBS to return the JSON attribute associated with an element
Bug fixes
- A short read may lead to an exit() on a replica
- db->expires is not defragmented
8.0.2:
Security fixes
- (CVE-2025-27151) redis-check-aof may lead to stack overflow and potential RCE
Bug fixes
- Cron-based timers run twice as fast when active defrag is enabled
Other general improvements
- LOLWUT for Redis 8
8.0.1:
Performance and resource utilization improvements
- Vector sets - faster VSIM FILTER parsing
Bug fixes
- Query Engine - revert default policy search-on-timeout to RETURN
- Query Engine - @__key on FT.AGGREGATE used as reserved field name preventing access to Redis keyspace
- Query Engine - crash when calling FT.CURSOR DEL while retrieving from the CURSOR
Notes
- Fixed wrong text in the license files
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: drop recipe for v7.2.122026-03-16T18:18:35+00:00Gyorgy Sarvariskandigraun@gmail.com2026-03-05T17:01:54+00:00urn:sha1:58a0bbec393b8797507968e3f43da44bd5b84c11
This version has been EOL since the end of February. There is a recipe
available for v8, which is still supported.
Drop this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: drop recipe for v6.2.212026-03-03T03:25:49+00:00Gyorgy Sarvariskandigraun@gmail.com2026-02-25T11:56:39+00:00urn:sha1:b648cfc9ddc94c30277a392e13899885e338f891
This version has been EOL for a year now. There are recipes for two other,
still maintained versions in the layer.
Drop this version.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: Add redis 8.0.0 recipe2026-02-21T07:34:20+00:00Eric Meyerseric.meyers15310@gmail.com2026-02-18T19:51:51+00:00urn:sha1:19ae3c84e2676eed30b216016d214dce23d55731
Adding base 8.0.0 recipe for redis without any module configuration.
See https://github.com/redis/redis/tree/8.0.0?tab=readme-ov-file#redis-data-types-processing-engines-and-capabilities
for more details.
Signed-off-by: Eric Meyers <eric.meyers@arthrex.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: add back DEBUG_PREFIX_MAP to LDFLAGS2026-02-16T08:34:02+00:00Gyorgy Sarvariskandigraun@gmail.com2026-02-12T22:36:32+00:00urn:sha1:1a6ceb010a5f6e7e4b5a3d081867fe4100e517cb
Without this redis embeds absoute build paths in the binaries, failing
qa check. These LDFLAGS were recently removed from oe-core[1] - this
change adds it back to this recipe.
The qa error was not showing with redis 6 recipe, so it is added only to
redis 7.
[1]: https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: ignore CVE-2025-466862025-12-27T01:36:58+00:00Gyorgy Sarvariskandigraun@gmail.com2025-12-26T19:09:57+00:00urn:sha1:868b4b2959c1f6be13693e31eae5b27a1fa697e6
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686
Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.
See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: Refine CVE-2022-0543 status description2025-12-05T18:13:23+00:00Deepak Rathoredeeratho@cisco.com2025-12-04T17:25:10+00:00urn:sha1:7675392aa7c1bf27b8993d08936bc4bc84d1508d
Refine the CVE_STATUS description for CVE-2022-0543 to provide
a more precise explanation of this Debian-specific vulnerability.
The vulnerability originates from Debian's packaging methodology,
which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack),
enabling Lua sandbox escape. Upstream Redis builds, including
those built by Yocto/OpenEmbedded, utilize embedded Lua from the
deps/ directory and are therefore not affected by this issue.
It is also fixed in Debian with this commit:
https://salsa.debian.org/lamby/pkg-redis/-/commit/c7fd665150dc4769402cae97d1152b3c6e4366f0
References:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://nvd.nist.gov/vuln/detail/CVE-2022-0543
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
redis: upgrade 6.2.20 -> 6.2.212025-11-13T18:15:06+00:00Ankur Tyagiankur.tyagi85@gmail.com2025-11-13T06:08:29+00:00urn:sha1:3e925d43c1ae5082ccb6932c57bb71965e11731e
Changelog:
https://github.com/redis/redis/releases/tag/6.2.21
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>