From 458b791f353a5787837289467356f474fc290a4c Mon Sep 17 00:00:00 2001
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sun, 5 Mar 2023 14:55:38 -0500
Subject: gnu: redis: Update to 7.0.9 [security fixes].

Fixes CVE-2023-25155, CVE-2022-36021 and more; see
https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES.

* gnu/packages/databases.scm (redis): Update to 7.0.9.
[native-inputs]: Add pkg-config and which.
[arguments]: Add a patch-paths phase.  Skip the AOF-related tests.
[properties]: Add a lint-hidden-cve property.
---
 gnu/packages/databases.scm | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'gnu')

diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 9e9ae1ded2..400d34ac8d 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -2442,22 +2442,21 @@ (define-public unqlite
 (define-public redis
   (package
     (name "redis")
-    (version "6.2.6")
+    (version "7.0.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://download.redis.io/releases/redis-"
                                   version".tar.gz"))
               (sha256
                (base32
-                "1ariw5x33hmmm3d5al0j3307l5kf3vhmn78wpyaz67hia1x8nasv"))
+                "0rczzcy2mwy6hjdgg10l9lr4vavh8jrs7zlb0ba534bwlk13awgp"))
               (modules '((guix build utils)))
               (snippet
                ;; Delete bundled jemalloc, as the package will use the libc one
                '(begin (delete-file-recursively "deps/jemalloc")))))
     (build-system gnu-build-system)
     (native-inputs
-     (list procps ; for tests
-           tcl))                   ; for tests
+     (list pkg-config procps tcl which))
     (arguments
      '(#:phases
        (modify-phases %standard-phases
@@ -2469,10 +2468,20 @@ (define-public redis
                 (string-append "TCLSH="
                                (assoc-ref inputs "tcl")
                                "/bin/tclsh")))))
+         (add-after 'unpack 'patch-paths
+           (lambda _
+             (substitute* "tests/support/server.tcl"
+               (("/usr/bin/env")
+                (which "env")))))
          (add-after 'unpack 'adjust-tests
            (lambda _
              ;; Disable failing tests
              (substitute* "tests/test_helper.tcl"
+               ;; The AOF tests cause the test suite to hang waiting for a
+               ;; "background AOF rewrite to finish", perhaps because dead
+               ;; processes persist as zombies in the build environment.
+               (("unit/aofrw") "")
+               (("integration/aof(-multi-part)?") "")
                (("integration/failover") "")
                (("integration/replication-4") "")
                (("integration/replication-psync") "")
@@ -2487,6 +2496,8 @@ (define-public redis
 supports many data structures including strings, hashes, lists, sets, sorted
 sets, bitmaps and hyperloglogs.")
     (home-page "https://redis.io/")
+    ;; These two CVEs have long been fixed.
+    (properties `((lint-hidden-cve . ("CVE-2022-3647" "CVE-2022-33105"))))
     (license license:bsd-3)))
 
 (define-public hiredis
-- 
cgit v1.2.3