From 5e8eaa676919206235d43a14aa5558030146068d Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Tue, 29 Oct 2019 22:56:34 +0000
Subject: [PATCH 1/2] keepalived: 1.4.2 -> 1.4.5

---
 pkgs/tools/networking/keepalived/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/networking/keepalived/default.nix b/pkgs/tools/networking/keepalived/default.nix
index 9ae981e03692..2d6d9ad3de23 100644
--- a/pkgs/tools/networking/keepalived/default.nix
+++ b/pkgs/tools/networking/keepalived/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "keepalived";
-  version = "1.4.2";
+  version = "1.4.5";
 
   src = fetchFromGitHub {
     owner = "acassen";
     repo = "keepalived";
     rev = "v${version}";
-    sha256 = "154yxs6kwpi9yc4pa45ba3z3bfwzgmmmja5nk3d9mxq6w6s1swcy";
+    sha256 = "12r80rcfxrys826flaqcdlfhcr7q4ccsd62ra1svy9545vf02qmx";
   };
 
   buildInputs = [

From 03d6145cb020aa4c782c78580d2d049b42ea5a28 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Tue, 29 Oct 2019 22:56:51 +0000
Subject: [PATCH 2/2] keepalived: add patch for CVE-2018-19115

---
 pkgs/tools/networking/keepalived/default.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/networking/keepalived/default.nix b/pkgs/tools/networking/keepalived/default.nix
index 2d6d9ad3de23..4e1894db98cc 100644
--- a/pkgs/tools/networking/keepalived/default.nix
+++ b/pkgs/tools/networking/keepalived/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, libnfnetlink, libnl, net_snmp, openssl, pkgconfig }:
+{ stdenv, fetchFromGitHub, fetchpatch, libnfnetlink, libnl, net_snmp, openssl, pkgconfig }:
 
 stdenv.mkDerivation rec {
   pname = "keepalived";
@@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
     sha256 = "12r80rcfxrys826flaqcdlfhcr7q4ccsd62ra1svy9545vf02qmx";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-19115.patch";
+      url = "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9.patch";
+      sha256 = "1jnwk7x4qdgv7fb4jzw6sihv62n8wv04myhgwm2vxn8nfkcgd1mm";
+    })
+  ];
+
   buildInputs = [
     libnfnetlink
     libnl