Skip to content

[25.05] redis: 7.2.9 -> 7.2.10#423450

Merged
wolfgangwalther merged 1 commit intoNixOS:release-25.05from
Moraxyc:update-7.4.5-redis
Jul 8, 2025
Merged

[25.05] redis: 7.2.9 -> 7.2.10#423450
wolfgangwalther merged 1 commit intoNixOS:release-25.05from
Moraxyc:update-7.4.5-redis

Conversation

@Moraxyc
Copy link
Member

@Moraxyc Moraxyc commented Jul 8, 2025
edited by wolfgangwalther
Loading

Fixes CVE-2025-32023 and CVE-2025-48367
Ref: redis/redis@5018874

https://github.com/redis/redis/releases/tag/7.2.10

Not sure if it’s a good idea to update to 7.4.* since 7.2.* is still maintained.
Cause #399462

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Nixpkgs 25.11 Release Notes (or backporting 25.05 Nixpkgs Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
  • NixOS 25.11 Release Notes (or backporting 25.05 NixOS Release notes)
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other contributing documentation in corresponding paths.

Add a 👍 reaction to pull requests you find important.

@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Jul 8, 2025
@Moraxyc Moraxyc force-pushed the update-7.4.5-redis branch from b85cc86 to bea4b86 Compare July 8, 2025 10:23
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Jul 8, 2025
github-actions[bot]
github-actions bot previously requested changes Jul 8, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This report is automatically generated by the check-cherry-picks CI workflow.

Some of the commits in this PR have not been cherry-picked exactly and require the author's and reviewer's attention.

Please make sure to follow the backporting guidelines and cherry-pick with the -x flag. This requires changes to go to the unstable branches (master / staging) first, before backporting them.

Occasionally, it is not possible to cherry-pick exactly the same patch. This most frequently happens when resolving merge conflicts while cherry-picking or when updating minor versions of packages which have already advanced to the next major on unstable. If you need to merge this PR despite the warnings, please dismiss this review.

Warning

Couldn't locate original commit hash in message of e2c961d.

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

@nixpkgs-ci nixpkgs-ci bot added the 4.workflow: backport This targets a stable branch label Jul 8, 2025
@nix-owners nix-owners bot requested a review from globin July 8, 2025 10:30
@Moraxyc Moraxyc added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Jul 8, 2025
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. labels Jul 8, 2025
@ghost
Copy link

ghost commented Jul 8, 2025

Not sure if it’s a good idea to update to 7.4.* since 7.2.* is still maintained.

Probably not since that is the version with the license changes that are not available in nixpkgs.
#399462

@Moraxyc

This comment was marked as outdated.

Sign in to view
@Moraxyc
Copy link
Member Author

Moraxyc commented Jul 8, 2025

Not sure if it’s a good idea to update to 7.4.* since 7.2.* is still maintained.

Probably not since that is the version with the license changes that are not available in nixpkgs. #399462

Alright, I’ll target 7.2.10 soon (I’ll step away for a bit).

@Moraxyc Moraxyc force-pushed the update-7.4.5-redis branch from bea4b86 to e2c961d Compare July 8, 2025 14:17
@Moraxyc Moraxyc changed the title [25.05] redis: 7.2.9 -> 7.4.5 [25.05] redis: 7.2.9 -> 7.2.10 Jul 8, 2025
@Moraxyc
Copy link
Member Author

Moraxyc commented Jul 8, 2025

Have no idea why CI failed.
https://github.com/NixOS/nixpkgs/actions/runs/16145829558/job/45564319296?pr=423450

Error: Unable to download artifact(s): Server Error

@mdaniels5757
Copy link
Member

mdaniels5757 commented Jul 8, 2025

No clue, I'll try rerunning

@mdaniels5757 mdaniels5757 reopened this Jul 8, 2025
@Moraxyc
Copy link
Member Author

Moraxyc commented Jul 8, 2025

@wolfgangwalther Could you please take a look at the CI failure when you have time?

https://github.com/NixOS/nixpkgs/actions/runs/16145829558/job/45564319296?pr=423450
https://github.com/NixOS/nixpkgs/actions/runs/16146136382/job/45565387156?pr=423450

@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Jul 8, 2025

That looks like GitHub networking errors. Since the failure moved to other jobs randomly, let me restart only the failing job and we keep the ones which already passed.

@wolfgangwalther wolfgangwalther dismissed github-actions[bot]’s stale review July 8, 2025 14:47

unstable is on redis 8.0 already.

@Moraxyc
Copy link
Member Author

Moraxyc commented Jul 8, 2025

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 423450

Logs: https://github.com/Moraxyc/nixpkgs-review-gha/actions/runs/16146743067

x86_64-linux

✅ 3 packages built:
  • discourse
  • discourseAllPlugins
  • redis

aarch64-linux

❌ 3 packages failed to build:
  • discourse
  • discourseAllPlugins
  • redis
Error logs: `aarch64-linux`
redis 
    while executing
"{*}$r type $k"
    (procedure "createComplexDataset" line 49)
    invoked from within
"createComplexDataset $r $ops"
    (procedure "bg_complex_data" line 5)
    invoked from within
"bg_complex_data [lindex $argv 0] [lindex $argv 1] [lindex $argv 2] [lindex $argv 3] [lindex $argv 4]"
    (file "tests/helpers/bg_complex_data.tcl" line 13)
I/O error reading reply
    while executing
"{*}$r type $k"
    (procedure "createComplexDataset" line 49)
    invoked from within
"createComplexDataset $r $ops"
    (procedure "bg_complex_data" line 5)
    invoked from within
"bg_complex_data [lindex $argv 0] [lindex $argv 1] [lindex $argv 2] [lindex $argv 3] [lindex $argv 4]"
    (file "tests/helpers/bg_complex_data.tcl" line 13)
Killing still running Redis server 22070

x86_64-darwin (sandbox = true)

✅ 1 package built:
  • redis

aarch64-darwin (sandbox = true)

✅ 1 package built:
  • redis

@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Jul 8, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 423450
Commit: e2c961d11d0766751b15186859d279692e452e64

x86_64-linux

✅ 3 packages built:
  • discourse
  • discourseAllPlugins
  • redis

aarch64-linux

✅ 3 packages built:
  • discourse
  • discourseAllPlugins
  • redis

x86_64-darwin

✅ 1 package built:
  • redis

aarch64-darwin

✅ 1 package built:
  • redis

aarch64-linux passed for me!

@Moraxyc
Copy link
Member Author

Moraxyc commented Jul 8, 2025
edited
Loading

aarch64-linux passed for me!

It seems like there’s something random in the checkPhase that’s affecting the build, but I couldn’t find any clues about it. I tried rebuilding it and didn’t encounter any issues.

Given that the previous version has an RCE vulnerability, I suggest we merge this for now and monitor it further.

@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Jul 8, 2025

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 423450 --package redis.tests
Commit: e2c961d11d0766751b15186859d279692e452e64

x86_64-linux

✅ 2 packages built:
  • redis.tests.redis.keydb
  • redis.tests.redis.redis

aarch64-linux

❌ 1 package failed to build:
  • redis.tests.redis.keydb
✅ 1 package built:
  • redis.tests.redis.redis

keydb seems to fail to build on aarch64-linux, thus the test can't pass. Not sure whether that's already the case on release-25.05, we should double-check.

@mdaniels5757
Copy link
Member

mdaniels5757 commented Jul 8, 2025

keydb fails on aarch64-linux on Hydra: https://hydra.nixos.org/build/302029868

@wolfgangwalther wolfgangwalther merged commit edeaebc into NixOS:release-25.05 Jul 8, 2025
70 of 78 checks passed
@wolfgangwalther
Copy link
Contributor

wolfgangwalther commented Jul 8, 2025

Thanks for looking!

@Moraxyc Moraxyc deleted the update-7.4.5-redis branch July 8, 2025 18:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@globin globin Awaiting requested review from globin

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: backport This targets a stable branch 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-darwin: 1 This PR causes 1 package to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Moraxyc @mdaniels5757 @wolfgangwalther