Merge pull request #200696 from mayflower/redis-patch-cve-2022-3647

redis: patch for CVE-2022-3647

pkgs/servers/nosql/redis/default.nix

@@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, lua, pkg-config, nixosTests
-, tcl, which, ps
+, tcl, which, ps, fetchpatch
 , withSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isStatic, systemd
 # dependency ordering is broken at the moment when building with openssl
 , tlsSupport ? !stdenv.hostPlatform.isStatic, openssl
@@ -14,6 +14,15 @@ stdenv.mkDerivation rec {
     hash = "sha256-ZwVMw3tYwSXfk714AAJh7A70Q2omtA84Jix4DlYxXMM=";
   };
 
+  patches = [
+    # https://nvd.nist.gov/vuln/detail/CVE-2022-3647
+    (fetchpatch {
+      name = "CVE-2022-3647.patch";
+      url = "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3.patch";
+      sha256 = "sha256-R5Tj/bHFTRnvWXiOYvRulqePzU5zvKbGfpO87TLfLWk=";
+    })
+  ];
+
   nativeBuildInputs = [ pkg-config ];
 
   buildInputs = [ lua ]