nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix
Thomas Gerbet 5475dfc18d apacheHttpd: 2.4.55 -> 2.4.56
Fixes CVE-2023-27522 and CVE-2023-25690.

https://downloads.apache.org/httpd/CHANGES_2.4.56
2023-03-25 11:55:59 +01:00

99 lines
2.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which, libxcrypt
, nixosTests
, proxySupport ? true
, sslSupport ? true, openssl
, http2Support ? true, nghttp2
, ldapSupport ? true, openldap
, libxml2Support ? true, libxml2
, brotliSupport ? true, brotli
, luaSupport ? false, lua5
}:
stdenv.mkDerivation rec {
pname = "apache-httpd";
version = "2.4.56";
src = fetchurl {
url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
sha256 = "sha256-2NRfE5i6hO3QW7M8p1k6wpibF8ucegyv5UQtQa/bLXw=";
};
# FIXME: -dev depends on -doc
outputs = [ "out" "dev" "man" "doc" ];
setOutputFlags = false; # it would move $out/modules, etc.
nativeBuildInputs = [ which ];
buildInputs = [ perl libxcrypt ] ++
lib.optional brotliSupport brotli ++
lib.optional sslSupport openssl ++
lib.optional ldapSupport openldap ++ # there is no --with-ldap flag
lib.optional libxml2Support libxml2 ++
lib.optional http2Support nghttp2 ++
lib.optional stdenv.isDarwin libiconv;
postPatch = ''
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
sed -i support/apachectl.in -e 's|@LYNX_PATH@|${lynx}/bin/lynx|'
'';
# Required for pthread_cancel.
NIX_LDFLAGS = lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
configureFlags = [
"--with-apr=${apr.dev}"
"--with-apr-util=${aprutil.dev}"
"--with-z=${zlib.dev}"
"--with-pcre=${pcre2.dev}/bin/pcre2-config"
"--disable-maintainer-mode"
"--disable-debugger-mode"
"--enable-mods-shared=all"
"--enable-mpms-shared=all"
"--enable-cern-meta"
"--enable-imagemap"
"--enable-cgi"
"--includedir=${placeholder "dev"}/include"
(lib.enableFeature proxySupport "proxy")
(lib.enableFeature sslSupport "ssl")
(lib.withFeatureAs libxml2Support "libxml2" "${libxml2.dev}/include/libxml2")
"--docdir=$(doc)/share/doc"
(lib.enableFeature brotliSupport "brotli")
(lib.withFeatureAs brotliSupport "brotli" brotli)
(lib.enableFeature http2Support "http2")
(lib.withFeature http2Support "nghttp2")
(lib.enableFeature luaSupport "lua")
(lib.withFeatureAs luaSupport "lua" lua5)
];
enableParallelBuilding = true;
stripDebugList = [ "lib" "modules" "bin" ];
postInstall = ''
mkdir -p $doc/share/doc/httpd
mv $out/manual $doc/share/doc/httpd
mkdir -p $dev/bin
mv $out/bin/apxs $dev/bin/apxs
'';
passthru = {
inherit apr aprutil sslSupport proxySupport ldapSupport luaSupport lua5;
tests = {
acme-integration = nixosTests.acme;
proxy = nixosTests.proxy;
php = nixosTests.php.httpd;
};
};
meta = with lib; {
description = "Apache HTTPD, the world's most popular web server";
homepage = "https://httpd.apache.org/";
license = licenses.asl20;
platforms = platforms.linux ++ platforms.darwin;
maintainers = with maintainers; [ lovek323 ];
};
}