valkey (9.0.3-0ubuntu1) resolute; urgency=medium

  * New upstream version 9.0.3 (LP: #2142590)
    - Security fixes:
        + CVE-2025-67733: RESP Protocol Injection via Lua error_reply.
        + CVE-2026-21863: Remote DoS with malformed Valkey Cluster bus message.
        + CVE-2026-27623: Reset request type after handling empty requests.
    - Bug fixes:
        + Avoid crash during MODULE UNLOAD when ACL rules reference a module
          command and subcommand.
        + Fix server assert on ACL LOAD when current user loses permission to
          channels.
        + Fix bug causing no response flush sometimes when IO threads are busy.

 -- Lena Voytek <lena.voytek@canonical.com>  Tue, 24 Feb 2026 08:20:13 -0500

valkey (9.0.2-0ubuntu1) resolute; urgency=medium

  * New major upstream version 9.0.2 (LP: #2138972)
    - New features:
      + Add extended filtering for client commands.
      + Add multi-database support to cluster mode.
      + Add BYPOLYGON option for GEOSEARCH.
      + Introduce MPTCP support for primary and replica.
      + Add sentinel_total_tilt to sentinel INFO sentinel.
      + Add support for automatic client authentication via TLS certificate
        fields.
      + Add --hotkeys-count option for valkey-cli.
      + Introduce atomic slot migration.
      + Add DELIFEQ command.
      + Add CLUSTER FLUSHSLOT command.
      + Allow dynamic modification of io-threads num.
      + Introduce HASH items expiration.
      + Add SAFE option to SHUTDOWN to reject shutdown in unsafe situations.
      + Add new cluster-announce-client-(port|tls-port) configs.
      + Implement a lolwut for version 9.
    - Updates:
      + Add node pfail and fail count to cluster info metrics.
      + Introduce support for lttng based tracing.
      + Various performance optimizations including SIMD instructions, pipelining,
        hash tables, replication, and network operations.
      + Trigger manual failover on SIGTERM / shutdown to cluster primary.
      + Add cluster bus port out of range error message for CLUSTER MEET
        command.
      + Add cluster-manual-failover-timeout to configure the timeout for manual
        failover.
      + Allow replicas to become primaries without data by using CLUSTER
        REPLICATE NO ONE.
      + Update reply schema for LMOVE and BLMOVE.
      + Make CONFIG RESETSTATS also reset cluster related stats.
      + Make CONFIG GET command return sorted output.
    - Bug fixes:
      + Fix temp file leak during replication error handling.
      + Fix raxRemove crash at memcpy() due to key size exceeds max Rax size.
      + Fix error "SSL routines::bad length" when connTLSWrite is called second
        time with smaller buffer.
      + Fix cmd's out bytes to count deferred reply.
      + Fix engine crash on module client blocking during keyspace events.
      + Fix invalidation messages being sent to closing clients.
      + Fix ACL LOAD crash on replica since the primary client doesn't have a
        user.
      + Fix RANDOMKEY infinite loop during CLIENT PAUSE.
      + Fix panic in primary when blocking shutdown after previous block with
        timeout.
      + Fix cluster slot stats assertion during promotion of replica.
      + Fix incorrect lag reported in XINFO GROUPS.
      + Fix crash during TLS handshake with I/O threads.
      + Fix random element selection in skewed sparse hash table.
      + Fix memory corruption in sharded pubsub unsubscribe.
      + Fix replica failover issues when config epoch is outdated.
      + Fix CLUSTER SLOTS/NODES showing wrong port after updating port/tls-
        port.
      + Fix missing response when AUTH returns an error inside a transaction.
      + Fix memory leak with CLIENT LIST/KILL duplicate filters.
      + Fix replicas claiming to still have slots after manual failover.
      + Fix module context object re-use in scripting engines.
      + Fix defrag not stopping by defragging when slab 1/8 full.
      + Fix module key memory usage accounting.
      + Fix double MOVED reply on unblock at failover.
      + Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD.
      + Fix invalid memory address caused by hashtable shrinking during safe
        iteration.
      + Fix Sentinel regression requiring "+failover" ACL in failover path.
      + Fix LTRIM to not call signalModifiedKey when no elements are removed.
      + Fix build on some 32-bit ARM by only using NEON on AArch64.
      + Fix deadlock in IO-thread shutdown during panic.
      + Fix CLUSTER SLOTS crash when called from module timer callback.
      + Respect process umask when creating data files.
      + Enable TCP_NODELAY by default in incoming and outgoing connections.
      + Ignore stale gossip packets that arrive out of order.
      + Remove unicode optimization in Lua cjson library.
      + Save config file and broadcast PONG message on configEpoch change.
      + Improve clarity of errors for GEO commands when member does not exist.
      + Allow mixing quoted and unquoted inline args.
      + Mark the client reprocessing flag only when unblocked on keys.
      + Prevent CLIENT UNBLOCK from unpausing paused clients.
      + Disallow sending REPLY ON / OFF / SKIP inside a multi-exec transaction.
      + Detect SSL_new() returning NULL in outgoing connections.
      + Correctly handle large cluster bus extensions which may have resulted
        in dropped cluster packets.
      + Avoid shard id update of replica if it doesn't match with primary shard
        id.
      + Redact user data when a module crashes for not handling I/O errors
        enabled.
      + Generate a new shard_id when the replica executes CLUSTER RESET SOFT.
      + Reset io_last_written on c->buf resize to prevent stale pointers.
      + Avoid usage of light weight messages to nodes with not ready
        bidirectional links in cluster.
      + Send duplicate multi meet packet only for node which supports it in
        mixed clusters.
  * d/p/0002-Add-CPPFLAGS-to-upstream-makefiles.patch: Refresh for new version.
  * d/p/0004-Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch: Match check for
    USE_SYSTEM_JEMALLOC to that of USE_JEMALLOC.
  * d/copyright: Update for new version and remove excluded files with fixed
    license.
  * d/rules: Skip maxmemory unit test during builds as it often times out.
  * d/rules: Skip sentinel tests on armhf due to lack of memory.

 -- Lena Voytek <lena.voytek@canonical.com>  Fri, 23 Jan 2026 17:14:04 -0500

valkey (8.1.4+dfsg1-0ubuntu1) resolute; urgency=medium

  * New upstream version 8.1.4 (LP: #2127122)
    - Security fixes:
      + CVE-2025-49844: Lua script may lead to remote code execution.
      + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
      + CVE-2025-46818: Lua script can be executed in context of another user.
      + CVE-2025-46819: LUA out-of-bound read
      + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
    - Bug fixes:
      + Fix accounting for dual channel RDB bytes in replication stats.
      + Ensure empty error tables in scripts don't crash Valkey.
      + Fix use-after-free when active expiration triggers hashtable to shrink.
      + Fix memory usage to consider embedded keys.
      + Fix leak when shrinking a hashtable without entries.
      + Fix large allocations crashing Valkey during active defrag.
      + Prevent bad memory access when NOTOUCH client gets unblocked.
      + Converge shard-id persisted in nodes.conf to primary's shard id.
      + Fix client tracking memory overhead calculation.
      + Fix pre-size hashtables per slot when reading RDB files.
      + Don't use AVX2 instructions if the CPU don't support it.
      + Defrag if slab 1/8 full to fix defrag didn't stop issue.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-49112.patch
    - d/p/fix-8.1.x-multi-unit-test.patch

 -- Lena Voytek <lena.voytek@canonical.com>  Sun, 12 Oct 2025 15:56:43 -0400

valkey (8.1.3+dfsg1-0ubuntu2) questing; urgency=medium

  * Remove valkey-redis-compat package (LP: #2118952)
    - d/control: Remove valkey-redis-compat entry.
    - Remove valkey-redis-compat package files:
      + d/valkey-redis-compat.postinst
      + d/valkey-redis-compat.links
      + d/valkey-redis-compat.NEWS
    - d/README.Debian: Remove migration readme entry.
    - d/bin/generate-systemd-service-files: Remove condition that blocks
      service start when REDIS_MIGRATION file exists.
    - d/t/0006-migrate-from-redis: Remove redis migration test.
    - d/NEWS: Add news entry to show valkey-redis-compat has been removed.

 -- Lena Voytek <lena.voytek@canonical.com>  Tue, 12 Aug 2025 16:09:05 -0400

valkey (8.1.3+dfsg1-0ubuntu1) questing; urgency=medium

  * New upstream version 8.1.3 (LP: #2115258)
    - Security fixes:
      + CVE-2025-32023: Out-of-bounds write during hyperloglog operations.
      + CVE-2025-48367: IP Protocol errors resulting in DoS.
      + CVE-2025-27151: AOF file name length not checked.
    - Bug fixes:
      + Fix missing response when AUTH is errored inside a transaction.
      + Properly escape double quotes and backslash in sdscatrepr.
      + Fix random element in skewed sparse hash table.
      + Only mark the client reprocessing flag when unblocked on keys.
      + Fix memory corruption in sharded pubsub unsubscribe.
      + Free module context even if there was no content written in auxsave2.
      + Detect SSL_new() returning NULL in outgoing connections.
      + Correctly cast the extension lengths.
      + Fix cluster myself CLUSTER SLOTS/NODES wrong port after updating
        port/tls-port.
      + Fix replica can't finish failover when config epoch is outdated.
      + Fix CLIENT UNBLOCK ability to unpause paused clients.
  * d/p/fix-8.1.x-multi-unit-test.patch: Fix multi unit test issue in new
    version.
  * d/p/0005-Incorporate-Redis-CVE-for-CVE-2025-27151-2146.patch: Remove- fixed
    upstream in 8.1.2.

 -- Lena Voytek <lena.voytek@canonical.com>  Mon, 07 Jul 2025 16:21:10 -0400

valkey (8.1.1+dfsg1-2ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2110459). Remaining changes:
    - Redis compatibility and migration:
      + d/bin/generate-systemd-service-files: do not start the services if
        Redis migration happened.
      + d/control: add valkey-redis-compat binary package paragraph.
      + d/{README.Debian,valkey-redis-compat.NEWS}: document how the Redis.
        migration works.
      + d/valkey-redis-compat.links: create compatibility symlinks for Redis.
      + d/valkey-redis-compat.postinst: migrate data and config from Redis.
      + d/tests: test Redis migration via DEP-8 test.
    - d/tests: use systemctl instead of service to restart valkey.
    - d/t/control: explicitly add Depends for each test.
    - d/rules: remove "|| true" from testing calls.
  * d/valkey-redis-compat.postinst: Do not migrate on upgrade if redis files
    have already been migrated (LP: #2104217).
  * d/rules: Skip memefficiency unit tests due to missing activedefrag
    in system jemalloc.

 -- Lena Voytek <lena.voytek@canonical.com>  Fri, 13 Jun 2025 13:04:10 -0400

valkey (8.1.1+dfsg1-2) unstable; urgency=medium

  * Fix CVE-2025-49112 (Closes: #1107210)
    setDeferredReply in networking.c in Valkey through 8.1.1 has an integer
    underflow for prev->size - prev->used.
    - d/p/CVE-2025-49112.patch

 -- Lucas Kanashiro <kanashiro@debian.org>  Thu, 12 Jun 2025 14:42:42 -0300

valkey (8.1.1+dfsg1-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Check length of AOF file name in valkey-check-aof (CVE-2025-27151)
    (Closes: #1106824)

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 09 Jun 2025 10:47:39 +0200

valkey (8.1.1+dfsg1-1) unstable; urgency=medium

  * New upstream release.
    + Fix CVE-2025-21605 (Closes: #1104012)
  * Refresh patches
  * Declare compliance with Debian Policy 4.7.2

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 28 Apr 2025 15:49:27 -0300

valkey (8.0.2+dfsg1-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - Redis compatibility and migration:
      + d/bin/generate-systemd-service-files: do not start the services if
        Redis migration happened.
      + d/control: add valkey-redis-compat binary package paragraph
      + d/{README.Debian,valkey-redis-compat.NEWS}: document how the Redis
        migration works.
      + d/valkey-redis-compat.links: create compatibility symlinks for Redis
      + d/valkey-redis-compat.postinst: migrate data and config from Redis
      + d/tests: test Redis migration via DEP-8 test
    - d/tests: use systemctl instead of service to restart valkey.
    - d/t/control: explicitly add Depends for each test.
    - d/rules: remove "|| true" from testing calls.

 -- Lena Voytek <lena.voytek@canonical.com>  Thu, 06 Feb 2025 14:25:07 -0500

valkey (8.0.2+dfsg1-1) unstable; urgency=medium

  [ Christian Göttsche ]
  * 0003-Use-get_current_dir_name-over-PATHMAX.patch: free allocated memory
  * d/rules: enable LTO
  * valkey-tools.postinst: create directories with default SELinux context

  [ Lucas Kanashiro ]
  * New upstream version 8.0.2+dfsg1
    - Fixes CVE-2024-46981 and CVE-2024-51741 (Closes: #1092371)

 -- Lucas Kanashiro <kanashiro@debian.org>  Mon, 13 Jan 2025 23:55:00 -0300

valkey (8.0.1+dfsg1-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2085304). Remaining changes:
    - Redis compatibility and migration:
      + d/bin/generate-systemd-service-files: do not start the services if
        Redis migration happened.
      + d/control: add valkey-redis-compat binary package paragraph
      + d/{README.Debian,valkey-redis-compat.NEWS}: document how the Redis
        migration works.
      + d/valkey-redis-compat.links: create compatibility symlinks for Redis
      + d/valkey-redis-compat.postinst: migrate data and config from Redis
      + d/tests: test Redis migration via DEP-8 test
    - d/tests: use systemctl instead of service to restart valkey.
    - d/t/control: explicitly add Depends for each test.
    - d/rules: remove "|| true" from testing calls.

 -- Lena Voytek <lena.voytek@canonical.com>  Tue, 22 Oct 2024 11:02:02 -0700

valkey (8.0.1+dfsg1-1) unstable; urgency=medium

  [ Lena Voytek ]
  * New upstream release 8.0.1
  * Refresh patches against new version:
    - d/p/debian-packaging/0001-Set-Debian-configuration-defaults.patch
    - d/p/0002-Add-CPPFLAGS-to-upstream-makefiles.patch
    - d/p/0003-Use-get_current_dir_name-over-PATHMAX.patch
    - d/p/0004-Add-support-for-USE_SYSTEM_JEMALLOC-flag.patch
  * d/valkey-server.docs: Remove MANIFESTO
  * d/valkey-tools.examples: Remove redis-trib.rb

  [ Lucas Kanashiro ]
  * d/copyright: remove superfluous file pattern

 -- Lucas Kanashiro <kanashiro@debian.org>  Fri, 18 Oct 2024 19:23:21 -0300

valkey (7.2.5+dfsg1-2ubuntu4) oracular; urgency=medium

  * d/watch: Fix dversionmangle.
  * d/rules: remove "|| true" from testing calls.

 -- Lucas Kanashiro <kanashiro@ubuntu.com>  Fri, 20 Sep 2024 17:10:49 -0300

valkey (7.2.5+dfsg1-2ubuntu3) oracular; urgency=medium

  * d/t/0006-migrate-from-redis: fix the way the compat package is installed
    during the test.

 -- Lucas Kanashiro <kanashiro@ubuntu.com>  Wed, 18 Sep 2024 12:25:38 -0300

valkey (7.2.5+dfsg1-2ubuntu2) oracular; urgency=medium

  * d/valkey-redis-compat.postinst:
    - Use "cp -a" to preserve permissions and keep old data around.
    - Stop daemons before perfoming migration.
  * d/tests: use systemctl instead of service to restart valkey.
  * d/t/control: explicitly add Depends for each test.
  * d/t/0006-migrate-from-redis:
    - Print the checksum of the RDB file.
    - Make sure data in-memory is on-disk when migrating data.

 -- Lucas Kanashiro <kanashiro@ubuntu.com>  Tue, 17 Sep 2024 19:17:44 -0300

valkey (7.2.5+dfsg1-2ubuntu1) oracular; urgency=medium

  * d/control: add valkey-redis-compat binary package paragraph
  * d/valkey-redis-compat.postinst: migrate data and config from Redis
  * d/bin/generate-systemd-service-files: do not start the services if Redis
    migration happened.
  * d/{README.Debian,valkey-redis-compat.NEWS}: document how the Redis
    migration works.
  * d/valkey-redis-compat.links: create compatibility symlinks for Redis
  * d/tests: test Redis migration via DEP-8 test

 -- Lucas Kanashiro <kanashiro@ubuntu.com>  Mon, 12 Aug 2024 19:30:23 -0300

valkey (7.2.5+dfsg1-2) unstable; urgency=medium

  * d/copyright: remove the excluded files paragraph.
  * d/copyright: add missing License field.
  * d/watch: add version mangle and repack suffix because of dfsg.

 -- Lucas Kanashiro <kanashiro@debian.org>  Fri, 09 Aug 2024 19:01:26 -0300

valkey (7.2.5+dfsg1-1) unstable; urgency=medium

  * Initial packaging (Closes: #1068342).

 -- Lucas Kanashiro <kanashiro@debian.org>  Wed, 26 Jun 2024 18:35:47 -0300
