diff options
| -rw-r--r-- | valkey-loadmod.patch | 112 | ||||
| -rw-r--r-- | valkey.spec | 17 |
2 files changed, 126 insertions, 3 deletions
diff --git a/valkey-loadmod.patch b/valkey-loadmod.patch new file mode 100644 index 0000000..15e8489 --- /dev/null +++ b/valkey-loadmod.patch @@ -0,0 +1,112 @@ +From c48838c5086cd3eec40f227ab6fa3ab36450c6ed Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Sat, 4 Oct 2025 07:23:52 +0200 +Subject: [PATCH] Fix #2678 don't add loadmodule when from config + +--- + src/config.c | 2 +- + src/module.c | 15 +++++++++++---- + src/module.h | 2 +- + 3 files changed, 13 insertions(+), 6 deletions(-) + +diff --git a/src/config.c b/src/config.c +index d0158b2c4d..9d9ac2608a 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -1605,7 +1605,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { + while ((de = dictNext(di)) != NULL) { + struct ValkeyModule *module = dictGetVal(de); + line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); +- rewriteConfigRewriteLine(state, "loadmodule", line, 1); ++ if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1); + } + dictReleaseIterator(di); + /* Mark "loadmodule" as processed in case modules is empty. */ +diff --git a/src/module.c b/src/module.c +index e5afa952fa..42f42ba80c 100644 +--- a/src/module.c ++++ b/src/module.c +@@ -84,6 +84,7 @@ + + struct moduleLoadQueueEntry { + sds path; ++ int conf; + int argc; + robj **argv; + }; +@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { + loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; + loadmod->path = sdsnew(path); + loadmod->argc = argc; ++ loadmod->conf = 1; + for (i = 0; i < argc; i++) { + loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); + } +@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str) { + sds line; + ++ if (module->loadmod->conf) { ++ /* no need to add as already from config */ ++ return NULL; ++ } + line = sdsnew(config_option_str); + line = sdscatlen(line, " ", 1); + line = sdscatsds(line, module->loadmod->path); +@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { + listRewind(server.loadmodule_queue, &li); + while ((ln = listNext(&li))) { + struct moduleLoadQueueEntry *loadmod = ln->value; +- if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) { ++ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, 1) == C_ERR) { + serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); + exit(1); + } +@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { + + /* Load a module and initialize it. On success C_OK is returned, otherwise + * C_ERR is returned. */ +-int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) { ++int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int is_config) { + int (*onload)(void *, void **, int); + void *handle; + +@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa + ctx.module->loadmod->path = sdsnew(path); + ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; + ctx.module->loadmod->argc = module_argc; ++ ctx.module->loadmod->conf = is_config; + for (int i = 0; i < module_argc; i++) { + ctx.module->loadmod->argv[i] = module_argv[i]; + incrRefCount(ctx.module->loadmod->argv[i]); +@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { + argv = &c->argv[3]; + } + +- if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK) ++ if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK) + addReply(c, shared.ok); + else + addReplyError(c, "Error loading the extension. Please check the server logs."); +@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { + /* If this is a loadex command we want to populate server.module_configs_queue with + * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ + if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && +- moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK) ++ moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK) + addReply(c, shared.ok); + else { + dictEmpty(server.module_configs_queue, NULL); +diff --git a/src/module.h b/src/module.h +index f6c266b592..1a964c1af9 100644 +--- a/src/module.h ++++ b/src/module.h +@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); + void moduleInitModulesSystem(void); + void moduleInitModulesSystemLast(void); + void modulesCron(void); +-int moduleLoad(const char *path, void **argv, int argc, int is_loadex); ++int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int is_config); + int moduleUnload(sds name, const char **errmsg); + void moduleLoadFromQueue(void); + int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result); diff --git a/valkey.spec b/valkey.spec index ec8d608..a1197dc 100644 --- a/valkey.spec +++ b/valkey.spec @@ -8,8 +8,8 @@ %global doc_version 8.1.1 Name: valkey -Version: 8.1.3 -Release: 6%{?dist} +Version: 8.1.4 +Release: 1%{?dist} Summary: A persistent key-value database # valkey: BSD-3-Clause # hiredis: BSD-3-Clause @@ -28,6 +28,8 @@ Source50: https://github.com/valkey-io/%{name}-doc/archive/%{doc_versio # Fix default paths in configuration files for RPM layout Patch0: %{name}-conf.patch +# Workaround to https://github.com/valkey-io/valkey/issues/2678 +Patch1: %{name}-loadmod.patch BuildRequires: make BuildRequires: gcc @@ -143,7 +145,8 @@ See https://valkey.io/topics/encryption/ %prep # no autosetup due to no support for multiple source extraction %setup -n %{name}-%{version} -a50 -%patch -P0 -p1 -b.rpm +%patch -P0 -p1 -b .rpm +%patch -P1 -p1 -b .loadmod mv deps/lua/COPYRIGHT COPYRIGHT-lua mv deps/jemalloc/COPYING COPYING-jemalloc @@ -352,6 +355,14 @@ exit 0 %changelog +* Sat Oct 4 2025 Remi Collet <remi@fedoraproject.org> - 8.1.4-1 +- Valkey 8.1.4 - Released Fri 09 October 2025 +- Upgrade urgency SECURITY: + CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 +- fix CONFIG REWRITE breaks configuration + reported as https://github.com/valkey-io/valkey/issues/2678 + using patch from https://github.com/valkey-io/valkey/pull/2689 + * Wed Oct 1 2025 Remi Collet <remi@fedoraproject.org> - 8.1.3-6 - add sub-package for TLS module |