mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-12 07:54:50 +00:00
2017158b53
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
101 lines
3.0 KiB
Nix
101 lines
3.0 KiB
Nix
{ stdenv, fetchurl, perl, zlib, apr, aprutil, pcre, libiconv, lynx
|
||
, proxySupport ? true
|
||
, sslSupport ? true, openssl
|
||
, http2Support ? true, nghttp2
|
||
, ldapSupport ? true, openldap
|
||
, libxml2Support ? true, libxml2
|
||
, brotliSupport ? true, brotli
|
||
, luaSupport ? false, lua5
|
||
}:
|
||
|
||
let inherit (stdenv.lib) optional optionalString;
|
||
in
|
||
|
||
assert sslSupport -> aprutil.sslSupport && openssl != null;
|
||
assert ldapSupport -> aprutil.ldapSupport && openldap != null;
|
||
assert http2Support -> nghttp2 != null;
|
||
|
||
stdenv.mkDerivation rec {
|
||
version = "2.4.39";
|
||
name = "apache-httpd-${version}";
|
||
|
||
src = fetchurl {
|
||
url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
|
||
sha256 = "18ngvsjq65qxk3biggnkhkq8jlll9dsg9n3csra9p99sfw2rvjml";
|
||
};
|
||
|
||
# FIXME: -dev depends on -doc
|
||
outputs = [ "out" "dev" "man" "doc" ];
|
||
setOutputFlags = false; # it would move $out/modules, etc.
|
||
|
||
buildInputs = [perl] ++
|
||
optional brotliSupport brotli ++
|
||
optional sslSupport openssl ++
|
||
optional ldapSupport openldap ++ # there is no --with-ldap flag
|
||
optional libxml2Support libxml2 ++
|
||
optional http2Support nghttp2 ++
|
||
optional stdenv.isDarwin libiconv;
|
||
|
||
prePatch = ''
|
||
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
|
||
sed -i support/apachectl.in -e 's|@LYNX_PATH@|${lynx}/bin/lynx|'
|
||
'';
|
||
|
||
# Required for ‘pthread_cancel’.
|
||
NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
|
||
|
||
preConfigure = ''
|
||
configureFlags="$configureFlags --includedir=$dev/include"
|
||
'';
|
||
|
||
configureFlags = [
|
||
"--with-apr=${apr.dev}"
|
||
"--with-apr-util=${aprutil.dev}"
|
||
"--with-z=${zlib.dev}"
|
||
"--with-pcre=${pcre.dev}"
|
||
"--disable-maintainer-mode"
|
||
"--disable-debugger-mode"
|
||
"--enable-mods-shared=all"
|
||
"--enable-mpms-shared=all"
|
||
"--enable-cern-meta"
|
||
"--enable-imagemap"
|
||
"--enable-cgi"
|
||
(stdenv.lib.enableFeature proxySupport "proxy")
|
||
(stdenv.lib.enableFeature sslSupport "ssl")
|
||
(stdenv.lib.withFeatureAs libxml2Support "libxml2" "${libxml2.dev}/include/libxml2")
|
||
"--docdir=$(doc)/share/doc"
|
||
|
||
(stdenv.lib.enableFeature brotliSupport "brotli")
|
||
(stdenv.lib.withFeatureAs brotliSupport "brotli" brotli)
|
||
|
||
(stdenv.lib.enableFeature http2Support "http2")
|
||
(stdenv.lib.withFeature http2Support "nghttp2")
|
||
|
||
(stdenv.lib.enableFeature luaSupport "lua")
|
||
(stdenv.lib.withFeatureAs luaSupport "lua" lua5)
|
||
];
|
||
|
||
enableParallelBuilding = true;
|
||
|
||
stripDebugList = "lib modules bin";
|
||
|
||
postInstall = ''
|
||
mkdir -p $doc/share/doc/httpd
|
||
mv $out/manual $doc/share/doc/httpd
|
||
mkdir -p $dev/bin
|
||
mv $out/bin/apxs $dev/bin/apxs
|
||
'';
|
||
|
||
passthru = {
|
||
inherit apr aprutil sslSupport proxySupport ldapSupport;
|
||
};
|
||
|
||
meta = with stdenv.lib; {
|
||
description = "Apache HTTPD, the world's most popular web server";
|
||
homepage = http://httpd.apache.org/;
|
||
license = licenses.asl20;
|
||
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
|
||
maintainers = with maintainers; [ lovek323 peti ];
|
||
};
|
||
}
|