fix CVE-2024-46981

reference:https://github.com/redis/redis/pull/13728/files

Signed-off-by: maoyanping <maoyanping@xfusion.com>

fix-CVE-2024-46981.patch

@@ -0,0 +1,24 @@
+From 97828f31d0373f27e39eed7a4e235aac53ca5d76 Mon Sep 17 00:00:00 2001
+From: maoyanping <maoyanping@xfusion.com>
+Date: Thu, 17 Apr 2025 15:14:41 +0800
+Subject: [PATCH] fix-CVE-2024-46981
+
+---
+ src/scripting.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/scripting.c b/src/scripting.c
+index 153b942..47b988b 100644
+--- a/src/scripting.c
++++ b/src/scripting.c
+@@ -1116,6 +1116,7 @@ void scriptingInit(int setup) {
+ void scriptingRelease(void) {
+     dictRelease(server.lua_scripts);
+     server.lua_scripts_mem = 0;
++    lua_gc(server.lua, LUA_GCCOLLECT, 0);
+     lua_close(server.lua);
+ }
+ 
+-- 
+2.33.0
+

redis5.spec

@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             3
+Release:             4
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -28,6 +28,8 @@ Patch0002:           Fix-display-error-message.patch
 Patch0003:           Add-loongarch64-support.patch
 Patch0004:           Update-config.guess-and-config.sub.patch
 
+Patch0005:           fix-CVE-2024-46981.patch
+
 BuildRequires:       gcc
 %if %{with tests}
 BuildRequires:       procps-ng tcl
@@ -92,6 +94,7 @@ tar -xvf  %{SOURCE10}
 %patch0003 -p1
 %patch0004 -p1
 %endif
+%patch0005 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/hiredis/COPYING  COPYING-hiredis
@@ -196,6 +199,9 @@ exit 0
 %{_docdir}/%{Pname}
 
 %changelog
+* Thu Apr 17 2025 maoyanping <maoyanping@xfusion.com> - 5.0.14-4
+- Backport to fix CVE-2024-46981
+
 * Tue Nov 15 2022 huajingyun <huajingyun@loongson.cn> - 5.0.14-3
 - Update config.guess and config.sub for loongarch