import redis-7.2.6-1.module+el9.5.0+22422+63e067d8

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/redis-7.0.12.tar.gz
+SOURCES/redis-7.2.6.tar.gz
 SOURCES/redis-doc-c7880ba.tar.gz

.redis.metadata

@@ -1,2 +1,2 @@
-cd8190d9289d46be2b3a30dda14ffba8a92abbc8 SOURCES/redis-7.0.12.tar.gz
+0d9d539a8cb4239843d97835465c733035950c85 SOURCES/redis-7.2.6.tar.gz
 b2c7f2bee8e40fc6bd5385c25429fa537e2751c5 SOURCES/redis-doc-c7880ba.tar.gz

SOURCES/0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch

@@ -1,33 +0,0 @@
-From bbace21828d7e82f1c481f0e1caece31b661cbd9 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 5 Dec 2022 11:10:37 +0100
-Subject: [PATCH 2/2] deps/jemalloc: Do not force building in gnu99 mode
-Content-type: text/plain
-
-The jemalloc configure logic switches to gnu11 mode if available,
-and this explicit flags injection prevents that.  The main difference
-seems to be that in gnu99 mode, <stdatomic.h> is presumed to be
-unavailable and is not used.
-
-Submitted upstream: <https://github.com/redis/redis/pull/11583>
-
----
- deps/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/deps/Makefile b/deps/Makefile
-index 8592e17..d6cb06e 100644
---- a/deps/Makefile
-+++ b/deps/Makefile
-@@ -90,7 +90,7 @@ lua: .make-prerequisites
- 
- .PHONY: lua
- 
--JEMALLOC_CFLAGS= -std=gnu99 -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS)
-+JEMALLOC_CFLAGS= -Wall -pipe -g3 -O3 -funroll-loops $(CFLAGS)
- JEMALLOC_LDFLAGS= $(LDFLAGS)
- 
- ifneq ($(DEB_HOST_GNU_TYPE),)
--- 
-2.38.1
-

SOURCES/redis-CVE-2023-41056.patch

@@ -1,54 +0,0 @@
-From e351099e1119fb89496be578f5232c61ce300224 Mon Sep 17 00:00:00 2001
-From: Oran Agra <oran@redislabs.com>
-Date: Sun, 7 Jan 2024 12:32:44 +0200
-Subject: [PATCH] Fix possible corruption in sdsResize (CVE-2023-41056)
-
-#11766 introduced a bug in sdsResize where it could forget to update
-the sds type in the sds header and then cause an overflow in sdsalloc.
-it looks like the only implication of that is a possible assertion in HLL,
-but it's hard to rule out possible heap corruption issues with clientsCronResizeQueryBuffer
----
- src/sds.c | 30 ++++++++++++++++--------------
- 1 file changed, 16 insertions(+), 14 deletions(-)
-
-diff --git a/src/sds.c b/src/sds.c
-index 8e5863a3ab8e..71490d5b2522 100644
---- a/src/sds.c
-+++ b/src/sds.c
-@@ -348,20 +348,22 @@ sds sdsResize(sds s, size_t size, int would_regrow) {
-      * type. */
-     int use_realloc = (oldtype==type || (type < oldtype && type > SDS_TYPE_8));
-     size_t newlen = use_realloc ? oldhdrlen+size+1 : hdrlen+size+1;
--    int alloc_already_optimal = 0;
--    #if defined(USE_JEMALLOC)
--        /* je_nallocx returns the expected allocation size for the newlen.
--         * We aim to avoid calling realloc() when using Jemalloc if there is no
--         * change in the allocation size, as it incurs a cost even if the
--         * allocation size stays the same. */
--        alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh));
--    #endif
--
--    if (use_realloc && !alloc_already_optimal) {
--        newsh = s_realloc(sh, newlen);
--        if (newsh == NULL) return NULL;
--        s = (char*)newsh+oldhdrlen;
--    } else if (!alloc_already_optimal) {
-+
-+    if (use_realloc) {
-+        int alloc_already_optimal = 0;
-+        #if defined(USE_JEMALLOC)
-+            /* je_nallocx returns the expected allocation size for the newlen.
-+             * We aim to avoid calling realloc() when using Jemalloc if there is no
-+             * change in the allocation size, as it incurs a cost even if the
-+             * allocation size stays the same. */
-+            alloc_already_optimal = (je_nallocx(newlen, 0) == zmalloc_size(sh));
-+        #endif
-+        if (!alloc_already_optimal) {
-+            newsh = s_realloc(sh, newlen);
-+            if (newsh == NULL) return NULL;
-+            s = (char*)newsh+oldhdrlen;
-+        }
-+    } else {
-         newsh = s_malloc(newlen);
-         if (newsh == NULL) return NULL;
-         memcpy((char*)newsh+hdrlen, s, len);

SPECS/redis.spec

@@ -1,3 +1,4 @@
+# RHEL spec file for redis, from
 #
 # Fedora spec file for redis
 #
@@ -22,13 +23,14 @@
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 
 Name:              redis
-Version:           7.0.12
+Version:           7.2.6
-Release:           2%{?dist}
+Release:           1%{?dist}
 Summary:           A persistent key-value database
 # redis, hiredis: BSD-3-Clause
 # hdrhistogram, jemalloc, lzf, linenoise: BSD-2-Clause
 # lua: MIT
-License:           BSD-3-Clause AND BSD-2-Clause AND MIT
+# fpconv: BSL-1.0
+License:           BSD-3-Clause AND BSD-2-Clause AND MIT AND BSL-1.0
 URL:               https://redis.io
 Source0:           https://download.redis.io/releases/%{name}-%{version}.tar.gz
 Source1:           %{name}.logrotate
@@ -46,10 +48,6 @@ Source10:          https://github.com/%{name}/%{name}-doc/archive/%{doc_commit}/
 # Update configuration for Fedora
 # https://github.com/redis/redis/pull/3491 - man pages
 Patch0001:         0001-1st-man-pageis-for-redis-cli-redis-benchmark-redis-c.patch
-Patch0002:         0002-deps-jemalloc-Do-not-force-building-in-gnu99-mode.patch
-
-# Security patches
-Patch100:          redis-CVE-2023-41056.patch
 
 BuildRequires: make
 BuildRequires:     gcc
@@ -69,16 +67,19 @@ Requires(post):    systemd
 Requires(preun):   systemd
 Requires(postun):  systemd
 # from deps/hiredis/hiredis.h
-Provides:          bundled(hiredis) = 0.14.0
+Provides:          bundled(hiredis) = 1.2.0
 # from deps/jemalloc/VERSION
-Provides:          bundled(jemalloc) = 5.2.1
+Provides:          bundled(jemalloc) = 5.3.0
 # from deps/lua/src/lua.h
 Provides:          bundled(lua-libs) = 5.1.5
 # from deps/linenoise/linenoise.h
 Provides:          bundled(linenoise) = 1.0
-Provides:          bundled(lzf)
+# from src/lzf.h
+Provides:          bundled(lzf) = 1.5
 # from deps/hdr_histogram/README.md
 Provides:          bundled(hdr_histogram) = 0.11.0
+# no version
+Provides:          bundled(fpconv)
 
 %global redis_modules_abi 1
 %global redis_modules_dir %{_libdir}/%{name}/modules
@@ -133,17 +134,15 @@ administration and development.
 
 %prep
 %setup -q -b 10
-%setup -q
 mv ../%{name}-doc-%{doc_commit} doc
 %patch -P0001 -p1
-%patch -P0002 -p1
-%patch -P100  -p1
 
-mv deps/lua/COPYRIGHT    COPYRIGHT-lua
+mv deps/lua/COPYRIGHT             COPYRIGHT-lua
-mv deps/jemalloc/COPYING COPYING-jemalloc
+mv deps/jemalloc/COPYING          COPYING-jemalloc
-mv deps/hiredis/COPYING  COPYING-hiredis
+mv deps/hiredis/COPYING           COPYING-hiredis
 mv deps/hdr_histogram/LICENSE.txt LICENSE-hdrhistogram
 mv deps/hdr_histogram/COPYING.txt COPYING-hdrhistogram
+mv deps/fpconv/LICENSE.txt        LICENSE-fpconv
 
 # Configuration file changes
 sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf
@@ -270,6 +269,7 @@ fi
 %license COPYING-hiredis
 %license LICENSE-hdrhistogram
 %license COPYING-hdrhistogram
+%license LICENSE-fpconv
 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
 %attr(0750, redis, root) %dir %{_sysconfdir}/%{name}
 %attr(0640, redis, root) %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
@@ -306,9 +306,8 @@ fi
 
 
 %changelog
-* Tue Feb  6 2024 Remi Collet <rcollet@redhat.com> - 7.0.12-2
+* Tue Oct 29 2024 Remi Collet <rcollet@redhat.com> - 7.2.6-1
-- Heap Buffer Overflow may lead to potential remote code execution
+- rebase to 7.2.6  RHEL-26628
-  CVE-2023-41056
 
 * Wed Nov 08 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 7.0.12-1
 - Rebuilt for MSVSphere 9.3