redis: fix CVE-2017-15047

Fix is based on work at [1] which upstream seems to have implemented as seen at [2].

[1] https://github.com/antirez/redis/pull/4365
[2] ffcf7d5ab1

pkgs/servers/nosql/redis/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, lua }:
+{ stdenv, fetchurl, fetchpatch, lua }:
 
 stdenv.mkDerivation rec {
   version = "4.0.2";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "04s8cgvwjj1979s3hg8zkwc9pyn3jkjpz5zidp87kfcipifr385i";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2017-15047.patch";
+      url = https://github.com/antirez/redis/commit/ffcf7d5ab1e98d84c28af9bea7be76c6737820ad.patch;
+      sha256 = "0cgx3lm0n7jxhsly8v9hdvy6vlamj3ck2jsid4fwyapz6907h64l";
+    })
+  ];
+
   buildInputs = [ lua ];
   makeFlags = "PREFIX=$(out)";