apacheHttpd: 2.4.58 -> 2.4.59

Fixes CVE-2024-27316, CVE-2024-27316 and CVE-2023-38709

Changes:
https://downloads.apache.org/httpd/CHANGES_2.4.59
This commit is contained in:
Thomas Gerbet 2024-04-04 17:09:44 +02:00
parent d54fa1d555
commit 331f875bde

View file

@ -1,5 +1,4 @@
{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which, libxcrypt
, fetchpatch
, nixosTests
, proxySupport ? true
, sslSupport ? true, openssl
@ -13,11 +12,11 @@
stdenv.mkDerivation rec {
pname = "apache-httpd";
version = "2.4.58";
version = "2.4.59";
src = fetchurl {
url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
sha256 = "sha256-+hbXKgeCEKVMR91b7y+Lm4oB2UkJpRRTlWs+xkQupMU=";
hash = "sha256-7FFQHsSAKE/1L2NyWBNdMzIwp9Ipw6+m9sL5BA4yEyM=";
};
# FIXME: -dev depends on -doc
@ -36,20 +35,6 @@ stdenv.mkDerivation rec {
lib.optional http2Support nghttp2 ++
lib.optional stdenv.isDarwin libiconv;
patches = lib.optionals modTlsSupport [
(fetchpatch {
name = "compat-with-rustls-ffi-0.10.0.patch";
url = "https://github.com/apache/httpd/commit/918620a183d843fb393ed939423a25d42c1044ec.patch";
hash = "sha256-YZi3t++hjM0skisax2xuh9DifZVZjCjVn6XQr6QKGEs=";
})
] ++ lib.optionals libxml2Support [
(fetchpatch {
name = "compat-with-libxml2-2.12.patch";
url = "https://github.com/apache/httpd/commit/27a68e54b7c6d2ae80dca396fd2727852897dab1.patch";
hash = "sha256-k2EqCaDkckrXLsHnjP4h+b1brTnde4pUyrbOiPFB6qk=";
})
];
postPatch = ''
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
sed -i support/apachectl.in -e 's|@LYNX_PATH@|${lynx}/bin/lynx|'