From 0fc3ccf83adbb23d8df9dc8edcbfa63974496e90 Mon Sep 17 00:00:00 2001 From: Leon Anavi Date: Wed, 8 Oct 2025 11:38:02 +0300 Subject: valkey: Upgrade 8.1.3 -> 8.1.4 Upgrade to release 8.1.4: Security fixes: - (CVE-2025-49844) A Lua script may lead to remote code execution - (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE - (CVE-2025-46818) A Lua script can be executed in the context of another user - (CVE-2025-46819) LUA out-of-bound read Bug fixes: - Fix accounting for dual channel RDB bytes in replication stats - Fix EVAL to report unknown error when empty error table is provided - Fix use-after-free when active expiration triggers hashtable to shrink - Fix MEMORY USAGE to account for embedded keys - Fix memory leak when shrinking a hashtable without entries - Prevent potential assertion in active defrag handling large allocations - Prevent bad memory access when NOTOUCH client gets unblocked - Converge divergent shard-id persisted in nodes.conf to primary's shard id - Fix client tracking memory overhead calculation - Fix RDB load per slot memory pre-allocation when loading from RDB snapshot - Don't use AVX2 instructions if the CPU doesn't support it - Fix bug where active defrag may be unable to defrag sparsely filled pages Signed-off-by: Leon Anavi Signed-off-by: Khem Raj --- meta-oe/recipes-extended/valkey/valkey_8.1.3.bb | 75 ------------------------- meta-oe/recipes-extended/valkey/valkey_8.1.4.bb | 75 +++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 75 deletions(-) delete mode 100644 meta-oe/recipes-extended/valkey/valkey_8.1.3.bb create mode 100644 meta-oe/recipes-extended/valkey/valkey_8.1.4.bb diff --git a/meta-oe/recipes-extended/valkey/valkey_8.1.3.bb b/meta-oe/recipes-extended/valkey/valkey_8.1.3.bb deleted file mode 100644 index 28b375bde2..0000000000 --- a/meta-oe/recipes-extended/valkey/valkey_8.1.3.bb +++ /dev/null @@ -1,75 +0,0 @@ -SUMMARY = "Valkey key-value store" -DESCRIPTION = "A flexible distributed key-value datastore that supports both caching and beyond caching workloads." -HOMEPAGE = "http://valkey.io" -SECTION = "libs" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=08b9159809d809e8aaa340a8387e693e" -DEPENDS = "readline lua ncurses" - -SRC_URI = " \ - git://github.com/valkey-io/valkey.git;branch=8.1;protocol=https \ - file://valkey.conf \ - file://init-valkey-server \ - file://valkey.service \ - file://hiredis-use-default-CC-if-it-is-set.patch \ - file://lua-update-Makefile-to-use-environment-build-setting.patch \ - file://oe-use-libc-malloc.patch \ - file://0001-src-Do-not-reset-FINAL_LIBS.patch \ - file://GNU_SOURCE-7.patch \ -" -SRCREV = "d063dff523340e5a075f7ddc436e0c2a43d04061" - -RPROVIDES:${PN} = "virtual-redis" - -inherit pkgconfig update-rc.d systemd useradd - -FINAL_LIBS:x86:toolchain-clang = "-latomic" -FINAL_LIBS:riscv32 = "-latomic" -FINAL_LIBS:mips = "-latomic" -FINAL_LIBS:arm = "-latomic" -FINAL_LIBS:powerpc = "-latomic" - -export FINAL_LIBS - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home-dir /var/lib/valkey -g valkey --shell /bin/false valkey" -GROUPADD_PARAM:${PN} = "--system valkey" - -PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[systemd] = "USE_SYSTEMD=yes,USE_SYSTEMD=no,systemd" - -EXTRA_OEMAKE += "${PACKAGECONFIG_CONFARGS}" - -do_compile() { - oe_runmake -C deps hiredis lua linenoise - oe_runmake -} - -do_install() { - export PREFIX=${D}/${prefix} - oe_runmake install - install -d ${D}/${sysconfdir}/valkey - install -m 0644 ${UNPACKDIR}/valkey.conf ${D}/${sysconfdir}/valkey/valkey.conf - install -d ${D}/${sysconfdir}/init.d - install -m 0755 ${UNPACKDIR}/init-valkey-server ${D}/${sysconfdir}/init.d/valkey-server - install -d ${D}/var/lib/valkey/ - chown valkey.valkey ${D}/var/lib/valkey/ - - install -d ${D}${systemd_system_unitdir} - install -m 0644 ${UNPACKDIR}/valkey.service ${D}${systemd_system_unitdir} - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/valkey.service - - if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/valkey/valkey.conf - sed -i 's!supervised no!supervised systemd!' ${D}/${sysconfdir}/valkey/valkey.conf - fi -} - -CONFFILES:${PN} = "${sysconfdir}/valkey/valkey.conf" - -INITSCRIPT_NAME = "valkey-server" -INITSCRIPT_PARAMS = "defaults 87" - -SYSTEMD_SERVICE:${PN} = "valkey.service" - -CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." diff --git a/meta-oe/recipes-extended/valkey/valkey_8.1.4.bb b/meta-oe/recipes-extended/valkey/valkey_8.1.4.bb new file mode 100644 index 0000000000..9947a9299c --- /dev/null +++ b/meta-oe/recipes-extended/valkey/valkey_8.1.4.bb @@ -0,0 +1,75 @@ +SUMMARY = "Valkey key-value store" +DESCRIPTION = "A flexible distributed key-value datastore that supports both caching and beyond caching workloads." +HOMEPAGE = "http://valkey.io" +SECTION = "libs" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=08b9159809d809e8aaa340a8387e693e" +DEPENDS = "readline lua ncurses" + +SRC_URI = " \ + git://github.com/valkey-io/valkey.git;branch=8.1;protocol=https \ + file://valkey.conf \ + file://init-valkey-server \ + file://valkey.service \ + file://hiredis-use-default-CC-if-it-is-set.patch \ + file://lua-update-Makefile-to-use-environment-build-setting.patch \ + file://oe-use-libc-malloc.patch \ + file://0001-src-Do-not-reset-FINAL_LIBS.patch \ + file://GNU_SOURCE-7.patch \ +" +SRCREV = "5f4bae3ea10174a7c872cc099c953b0e91afa93a" + +RPROVIDES:${PN} = "virtual-redis" + +inherit pkgconfig update-rc.d systemd useradd + +FINAL_LIBS:x86:toolchain-clang = "-latomic" +FINAL_LIBS:riscv32 = "-latomic" +FINAL_LIBS:mips = "-latomic" +FINAL_LIBS:arm = "-latomic" +FINAL_LIBS:powerpc = "-latomic" + +export FINAL_LIBS + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home-dir /var/lib/valkey -g valkey --shell /bin/false valkey" +GROUPADD_PARAM:${PN} = "--system valkey" + +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "USE_SYSTEMD=yes,USE_SYSTEMD=no,systemd" + +EXTRA_OEMAKE += "${PACKAGECONFIG_CONFARGS}" + +do_compile() { + oe_runmake -C deps hiredis lua linenoise + oe_runmake +} + +do_install() { + export PREFIX=${D}/${prefix} + oe_runmake install + install -d ${D}/${sysconfdir}/valkey + install -m 0644 ${UNPACKDIR}/valkey.conf ${D}/${sysconfdir}/valkey/valkey.conf + install -d ${D}/${sysconfdir}/init.d + install -m 0755 ${UNPACKDIR}/init-valkey-server ${D}/${sysconfdir}/init.d/valkey-server + install -d ${D}/var/lib/valkey/ + chown valkey.valkey ${D}/var/lib/valkey/ + + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${UNPACKDIR}/valkey.service ${D}${systemd_system_unitdir} + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/valkey.service + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/valkey/valkey.conf + sed -i 's!supervised no!supervised systemd!' ${D}/${sysconfdir}/valkey/valkey.conf + fi +} + +CONFFILES:${PN} = "${sysconfdir}/valkey/valkey.conf" + +INITSCRIPT_NAME = "valkey-server" +INITSCRIPT_PARAMS = "defaults 87" + +SYSTEMD_SERVICE:${PN} = "valkey.service" + +CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." -- cgit v1.2.3-54-g00ecf