From f8b53a70f1bcc628f255830fccffe77ee469b68e Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Wed, 8 Nov 2017 21:40:28 +0100
Subject: [PATCH] redis: fix CVE-2017-15047

Fix is based on work at [1] which upstream seems to have implemented as seen at [2].

[1] https://github.com/antirez/redis/pull/4365
[2] https://github.com/antirez/redis/commit/ffcf7d5ab1e98d84c28af9bea7be76c6737820ad
---
 pkgs/servers/nosql/redis/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix
index 60f132799fcc..9ef0987d9b96 100644
--- a/pkgs/servers/nosql/redis/default.nix
+++ b/pkgs/servers/nosql/redis/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lua }:
+{ stdenv, fetchurl, fetchpatch, lua }:
 
 stdenv.mkDerivation rec {
   version = "4.0.2";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "04s8cgvwjj1979s3hg8zkwc9pyn3jkjpz5zidp87kfcipifr385i";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-15047.patch";
+      url = https://github.com/antirez/redis/commit/ffcf7d5ab1e98d84c28af9bea7be76c6737820ad.patch;
+      sha256 = "0cgx3lm0n7jxhsly8v9hdvy6vlamj3ck2jsid4fwyapz6907h64l";
+    })
+  ];
+
   buildInputs = [ lua ];
   makeFlags = "PREFIX=$(out)";