summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--valkey-bindnow.patch51
-rw-r--r--valkey.spec10
2 files changed, 60 insertions, 1 deletions
diff --git a/valkey-bindnow.patch b/valkey-bindnow.patch
new file mode 100644
index 0000000..ba4bdd5
--- /dev/null
+++ b/valkey-bindnow.patch
@@ -0,0 +1,51 @@
+Adapted for 8.1/9.0 from
+
+
+From 8051de740dd38172476b04e892e5517630e3eaed Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 11 Mar 2026 11:40:15 +0100
+Subject: [PATCH] Inherit LDFLAGS for TLS and RDMA modules (#3344)
+
+With current Makefile, `LDFLAGS` are not used for modules.
+
+This results in security options not applied.
+
+```
+$ annocheck /usr/lib64/valkey/modules/rdma.so
+annocheck: Version 12.99.
+Hardened: rdma.so: FAIL: bind-now test because not linked with -Wl,-z,now
+Hardened: Rerun annocheck with --verbose to see more information on the tests.
+Hardened: rdma.so: Overall: FAIL.
+```
+
+With this patch
+
+```
+$ annocheck /usr/lib64/valkey/modules/rdma.so
+annocheck: Version 12.99.
+Hardened: rdma.so: PASS.
+```
+
+Signed-off-by: Remi Collet <remi@remirepo.net>
+---
+ src/Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/Makefile b/src/Makefile
+index eb4a6e939a..5d3814d019 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -524,11 +524,11 @@ $(ENGINE_CHECK_AOF_NAME): $(SERVER_NAME)
+
+ # valkey-tls.so
+ $(TLS_MODULE_NAME): $(SERVER_NAME)
+- $(QUIET_CC)$(CC) -o $@ tls.c -shared -fPIC $(TLS_MODULE_CFLAGS) $(TLS_CLIENT_LIBS)
++ $(QUIET_CC)$(CC) $(LDFLAGS) -o $@ tls.c -shared -fPIC $(TLS_MODULE_CFLAGS) $(TLS_CLIENT_LIBS)
+
+ # valkey-rdma.so
+ $(RDMA_MODULE_NAME): $(SERVER_NAME)
+- $(QUIET_CC)$(CC) -o $@ rdma.c -shared -fPIC $(RDMA_MODULE_CFLAGS)
++ $(QUIET_CC)$(CC) $(LDFLAGS) -o $@ rdma.c -shared -fPIC $(RDMA_MODULE_CFLAGS)
+
+ # valkey-cli
+ $(ENGINE_CLI_NAME): $(ENGINE_CLI_OBJ)
diff --git a/valkey.spec b/valkey.spec
index 31c3dbe..5bc8f18 100644
--- a/valkey.spec
+++ b/valkey.spec
@@ -9,7 +9,7 @@
Name: valkey
Version: 8.1.6
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A persistent key-value database
# valkey: BSD-3-Clause
# hiredis: BSD-3-Clause
@@ -30,6 +30,9 @@ Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_versio
Patch0: %{name}-conf.patch
# Workaround to https://github.com/valkey-io/valkey/issues/2678
Patch1: %{name}-loadmod.patch
+# Properly inherits linker flags for modules
+# See https://github.com/valkey-io/valkey/pull/3344
+Patch2: %{name}-bindnow.patch
ExcludeArch: %{ix86}
@@ -142,6 +145,7 @@ See https://valkey.io/topics/RDMA/
%setup -n %{name}-%{version} -a50
%patch -P0 -p1 -b .rpm
%patch -P1 -p1 -b .loadmod
+%patch -P2 -p1 -b .bindnow
mv deps/lua/COPYRIGHT COPYRIGHT-lua
mv deps/jemalloc/COPYING COPYING-jemalloc
@@ -336,6 +340,10 @@ exit 0
%changelog
+* Wed Mar 11 2026 Remi Collet <remi@remirepo.net> - 8.1.6-2
+- fix module linker flags using patch from
+ https://github.com/valkey-io/valkey/pull/3344
+
* Tue Feb 24 2026 Remi Collet <remi@fedoraproject.org> - 8.1.6-1
- Valkey 8.1.6 - Released Mon 23 February 2026
- Upgrade urgency SECURITY: This release includes security fixes
generated by cgit (git 2.34.1) at 2026-03-19 21:23:38 +0000