From 331f875bded4c76bff24d73c77f27e945a56eaa2 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Thu, 4 Apr 2024 17:09:44 +0200
Subject: [PATCH] apacheHttpd: 2.4.58 -> 2.4.59

Fixes CVE-2024-27316, CVE-2024-27316 and CVE-2023-38709

Changes:
https://downloads.apache.org/httpd/CHANGES_2.4.59
---
 pkgs/servers/http/apache-httpd/2.4.nix | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix
index 27cfd755bcdd..b3d499415dde 100644
--- a/pkgs/servers/http/apache-httpd/2.4.nix
+++ b/pkgs/servers/http/apache-httpd/2.4.nix
@@ -1,5 +1,4 @@
 { lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which, libxcrypt
-, fetchpatch
 , nixosTests
 , proxySupport ? true
 , sslSupport ? true, openssl
@@ -13,11 +12,11 @@
 
 stdenv.mkDerivation rec {
   pname = "apache-httpd";
-  version = "2.4.58";
+  version = "2.4.59";
 
   src = fetchurl {
     url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
-    sha256 = "sha256-+hbXKgeCEKVMR91b7y+Lm4oB2UkJpRRTlWs+xkQupMU=";
+    hash = "sha256-7FFQHsSAKE/1L2NyWBNdMzIwp9Ipw6+m9sL5BA4yEyM=";
   };
 
   # FIXME: -dev depends on -doc
@@ -36,20 +35,6 @@ stdenv.mkDerivation rec {
     lib.optional http2Support nghttp2 ++
     lib.optional stdenv.isDarwin libiconv;
 
-  patches = lib.optionals modTlsSupport [
-    (fetchpatch {
-      name = "compat-with-rustls-ffi-0.10.0.patch";
-      url = "https://github.com/apache/httpd/commit/918620a183d843fb393ed939423a25d42c1044ec.patch";
-      hash = "sha256-YZi3t++hjM0skisax2xuh9DifZVZjCjVn6XQr6QKGEs=";
-    })
-  ] ++ lib.optionals libxml2Support [
-    (fetchpatch {
-      name = "compat-with-libxml2-2.12.patch";
-      url = "https://github.com/apache/httpd/commit/27a68e54b7c6d2ae80dca396fd2727852897dab1.patch";
-      hash = "sha256-k2EqCaDkckrXLsHnjP4h+b1brTnde4pUyrbOiPFB6qk=";
-    })
-  ];
-
   postPatch = ''
     sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
     sed -i support/apachectl.in -e 's|@LYNX_PATH@|${lynx}/bin/lynx|'