keepalived: fixes CVE-2021-44225

https://github.com/advisories/GHSA-jpw2-cwxg-4qv8
author: Thomas Gerbet <thomas@gerbet.me> 2022-01-27 21:01:27 +0100
committer: Jonathan Ringer <jonringer@users.noreply.github.com> 2022-01-27 15:41:03 -0800
commit: 617a2726b0301268ce3f47c6c377dd80dc58c481 (patch)
tree: 92eea21434ffbca6a8dfe2f7d2ab0c2ac5723f68
parent: Merge pull request #157057 from NixOS/backport-156857-to-release-21.11 (diff)
download: nixpkgs-617a2726b0301268ce3f47c6c377dd80dc58c481.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/tools/networking/keepalived/default.nix b/pkgs/tools/networking/keepalived/default.nix
index 22606ec78b69..fcb156679b60 100644
--- a/pkgs/tools/networking/keepalived/default.nix
+++ b/pkgs/tools/networking/keepalived/default.nix
@@ -1,6 +1,6 @@
 { lib, stdenv, fetchFromGitHub, nixosTests
 , file, libmnl, libnftnl, libnl
-, net-snmp, openssl, pkg-config
+, net-snmp, openssl, fetchpatch, pkg-config
 , autoreconfHook }:
 
 stdenv.mkDerivation rec {
@@ -23,6 +23,14 @@ stdenv.mkDerivation rec {
     openssl
   ];
 
+  patches = [
+    (fetchpatch {
+      url = "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d.patch";
+      sha256 = "sha256-9TVFkgjACxln417txdVS2pCYJt5XxXWoW/afWCtKLHk=";
+      name = "CVE-2021-44225.patch";
+    })
+  ];
+
   enableParallelBuilding = true;
 
   passthru.tests.keepalived = nixosTests.keepalived;
author	Thomas Gerbet <thomas@gerbet.me>	2022-01-27 21:01:27 +0100
committer	Jonathan Ringer <jonringer@users.noreply.github.com>	2022-01-27 15:41:03 -0800
commit	617a2726b0301268ce3f47c6c377dd80dc58c481 (patch)
tree	92eea21434ffbca6a8dfe2f7d2ab0c2ac5723f68
parent	Merge pull request #157057 from NixOS/backport-156857-to-release-21.11 (diff)
download	nixpkgs-617a2726b0301268ce3f47c6c377dd80dc58c481.tar.gz