apacheHttpd: 2.4.52 -> 2.4.53

https://downloads.apache.org/httpd/CHANGES_2.4.53 Migrating to pcre2 was recommended in the release notes, since pcre 8.x is over 20 years old and has now reached its end of life. Fixes: CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719
2022-03-14 12:36:33 +01:00 · 2022-03-14 12:36:33 +01:00 · 6bf3336975
commit 6bf3336975
parent ad02135fb2
1 changed files with 6 additions and 4 deletions
--- a/pkgs/servers/http/apache-httpd/2.4.nix
+++ b/pkgs/servers/http/apache-httpd/2.4.nix
@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre, libiconv, lynx
+{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which
 , nixosTests
 , proxySupport ? true
 , sslSupport ? true, openssl
@ -11,17 +11,19 @@

 stdenv.mkDerivation rec {
  pname = "apache-httpd";
-  version = "2.4.52";
+  version = "2.4.53";

  src = fetchurl {
    url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
-    sha256 = "sha256-ASf33El+mYPpxRR0vtdeRWB/L4cKdnWobckK9tVy9ck=";
+    sha256 = "sha256-0LvREhpXtfKm/5LXuW+AUMWkXT8U2xGPZJedUlhY22M=";
  };

  # FIXME: -dev depends on -doc
  outputs = [ "out" "dev" "man" "doc" ];
  setOutputFlags = false; # it would move $out/modules, etc.

+  nativeBuildInputs = [ which ];
+
  buildInputs = [ perl ] ++
    lib.optional brotliSupport brotli ++
    lib.optional sslSupport openssl ++
@ -42,7 +44,7 @@ stdenv.mkDerivation rec {
    "--with-apr=${apr.dev}"
    "--with-apr-util=${aprutil.dev}"
    "--with-z=${zlib.dev}"
-    "--with-pcre=${pcre.dev}"
+    "--with-pcre=${pcre2.dev}/bin/pcre2-config"
    "--disable-maintainer-mode"
    "--disable-debugger-mode"
    "--enable-mods-shared=all"