[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/08: gnu: redis: Update to 7.0.9 [security fixes].
From: |
guix-commits |
Subject: |
01/08: gnu: redis: Update to 7.0.9 [security fixes]. |
Date: |
Mon, 20 Mar 2023 08:39:39 -0400 (EDT) |
apteryx pushed a commit to branch master
in repository guix.
commit 458b791f353a5787837289467356f474fc290a4c
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Sun Mar 5 14:55:38 2023 -0500
gnu: redis: Update to 7.0.9 [security fixes].
Fixes CVE-2023-25155, CVE-2022-36021 and more; see
https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES.
* gnu/packages/databases.scm (redis): Update to 7.0.9.
[native-inputs]: Add pkg-config and which.
[arguments]: Add a patch-paths phase. Skip the AOF-related tests.
[properties]: Add a lint-hidden-cve property.
---
gnu/packages/databases.scm | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9e9ae1ded2..400d34ac8d 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -2442,22 +2442,21 @@ similar to BerkeleyDB, LevelDB, etc.")
(define-public redis
(package
(name "redis")
- (version "6.2.6")
+ (version "7.0.9")
(source (origin
(method url-fetch)
(uri (string-append "http://download.redis.io/releases/redis-"
version".tar.gz"))
(sha256
(base32
- "1ariw5x33hmmm3d5al0j3307l5kf3vhmn78wpyaz67hia1x8nasv"))
+ "0rczzcy2mwy6hjdgg10l9lr4vavh8jrs7zlb0ba534bwlk13awgp"))
(modules '((guix build utils)))
(snippet
;; Delete bundled jemalloc, as the package will use the libc one
'(begin (delete-file-recursively "deps/jemalloc")))))
(build-system gnu-build-system)
(native-inputs
- (list procps ; for tests
- tcl)) ; for tests
+ (list pkg-config procps tcl which))
(arguments
'(#:phases
(modify-phases %standard-phases
@@ -2469,10 +2468,20 @@ similar to BerkeleyDB, LevelDB, etc.")
(string-append "TCLSH="
(assoc-ref inputs "tcl")
"/bin/tclsh")))))
+ (add-after 'unpack 'patch-paths
+ (lambda _
+ (substitute* "tests/support/server.tcl"
+ (("/usr/bin/env")
+ (which "env")))))
(add-after 'unpack 'adjust-tests
(lambda _
;; Disable failing tests
(substitute* "tests/test_helper.tcl"
+ ;; The AOF tests cause the test suite to hang waiting for a
+ ;; "background AOF rewrite to finish", perhaps because dead
+ ;; processes persist as zombies in the build environment.
+ (("unit/aofrw") "")
+ (("integration/aof(-multi-part)?") "")
(("integration/failover") "")
(("integration/replication-4") "")
(("integration/replication-psync") "")
@@ -2487,6 +2496,8 @@ similar to BerkeleyDB, LevelDB, etc.")
supports many data structures including strings, hashes, lists, sets, sorted
sets, bitmaps and hyperloglogs.")
(home-page "https://redis.io/")
+ ;; These two CVEs have long been fixed.
+ (properties `((lint-hidden-cve . ("CVE-2022-3647" "CVE-2022-33105"))))
(license license:bsd-3)))
(define-public hiredis
- branch master updated (3a2200e1ad -> 008a2f1803), guix-commits, 2023/03/20
- 03/08: gnu: hiredis: Update to 1.1.0., guix-commits, 2023/03/20
- 02/08: gnu: redis: Use gexps and streamline., guix-commits, 2023/03/20
- 07/08: gnu: python-aioredis: Deprecate by python-redis., guix-commits, 2023/03/20
- 08/08: gnu: python-django-rq: Update to 2.7.0., guix-commits, 2023/03/20
- 05/08: gnu: python-redis: Update to 4.5.2 and enable tests., guix-commits, 2023/03/20
- 01/08: gnu: redis: Update to 7.0.9 [security fixes].,
guix-commits <=
- 04/08: gnu: python-hiredis: Update to 2.2.2 and enable tests., guix-commits, 2023/03/20
- 06/08: gnu: python-fakeredis: Update to 2.10.1 and enable tests., guix-commits, 2023/03/20