Merge pull request #200696 from mayflower/redis-patch-cve-2022-3647

redis: patch for CVE-2022-3647
2022-11-12 18:36:12 +01:00 · 2022-11-12 18:36:12 +01:00 · edaccfb61a
parent 1f6efaff16 c1135fc57d
commit edaccfb61a
1 changed files with 10 additions and 1 deletions
--- a/pkgs/servers/nosql/redis/default.nix
+++ b/pkgs/servers/nosql/redis/default.nix
@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, lua, pkg-config, nixosTests
-, tcl, which, ps
+, tcl, which, ps, fetchpatch
 , withSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isStatic, systemd
 # dependency ordering is broken at the moment when building with openssl
 , tlsSupport ? !stdenv.hostPlatform.isStatic, openssl
@ -14,6 +14,15 @@ stdenv.mkDerivation rec {
    hash = "sha256-ZwVMw3tYwSXfk714AAJh7A70Q2omtA84Jix4DlYxXMM=";
  };

+  patches = [
+    # https://nvd.nist.gov/vuln/detail/CVE-2022-3647
+    (fetchpatch {
+      name = "CVE-2022-3647.patch";
+      url = "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3.patch";
+      sha256 = "sha256-R5Tj/bHFTRnvWXiOYvRulqePzU5zvKbGfpO87TLfLWk=";
+    })
+  ];
+
  nativeBuildInputs = [ pkg-config ];

  buildInputs = [ lua ]