Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
keepalived: 1.4.2 -> 1.4.5, patch CVE-2018-19115 #72278
Motivation for this change
Also bumped to last release of 1.4.x series. Why not the newer 2.x series? I have never used keepalived and this package has no maintainer listed, so I'm being conservative, not wanting to break anything...
Will probably backport the patch without the bump.
I think we should backport patch and version bump here. This is an old enough codebase, surely there is some bugfixes worth shipping in the release.
Note that upstream calls for distros updating to 2.x on its homepage :
In our case it would also mean revamping the associated service module. Although it's not a highly complex service, it's probably best done by someone actually using it.
It's quite some time since I used keepalived on NixOS... and back then, it was only in a test environment, no production usage. PR looks good to me... however, I currently don't have anything in place to properly test the behavior besides running the binary. As @risicle suggested, a NixOS test could prove quite valuable.