nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix
Peter Simons 2017158b53 apache-httpd: 2.4.38 -> 2.4.39 (CVE-2019-0211)
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or
threads (including scripts executed by an in-process scripting interpreter)
could execute arbitrary code with the privileges of the parent process (usually
root) by manipulating the scoreboard.
2019-04-02 09:46:25 +02:00

100 lines
3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, perl, zlib, apr, aprutil, pcre, libiconv, lynx
, proxySupport ? true
, sslSupport ? true, openssl
, http2Support ? true, nghttp2
, ldapSupport ? true, openldap
, libxml2Support ? true, libxml2
, brotliSupport ? true, brotli
, luaSupport ? false, lua5
}:
let inherit (stdenv.lib) optional optionalString;
in
assert sslSupport -> aprutil.sslSupport && openssl != null;
assert ldapSupport -> aprutil.ldapSupport && openldap != null;
assert http2Support -> nghttp2 != null;
stdenv.mkDerivation rec {
version = "2.4.39";
name = "apache-httpd-${version}";
src = fetchurl {
url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
sha256 = "18ngvsjq65qxk3biggnkhkq8jlll9dsg9n3csra9p99sfw2rvjml";
};
# FIXME: -dev depends on -doc
outputs = [ "out" "dev" "man" "doc" ];
setOutputFlags = false; # it would move $out/modules, etc.
buildInputs = [perl] ++
optional brotliSupport brotli ++
optional sslSupport openssl ++
optional ldapSupport openldap ++ # there is no --with-ldap flag
optional libxml2Support libxml2 ++
optional http2Support nghttp2 ++
optional stdenv.isDarwin libiconv;
prePatch = ''
sed -i config.layout -e "s|installbuilddir:.*|installbuilddir: $dev/share/build|"
sed -i support/apachectl.in -e 's|@LYNX_PATH@|${lynx}/bin/lynx|'
'';
# Required for pthread_cancel.
NIX_LDFLAGS = stdenv.lib.optionalString (!stdenv.isDarwin) "-lgcc_s";
preConfigure = ''
configureFlags="$configureFlags --includedir=$dev/include"
'';
configureFlags = [
"--with-apr=${apr.dev}"
"--with-apr-util=${aprutil.dev}"
"--with-z=${zlib.dev}"
"--with-pcre=${pcre.dev}"
"--disable-maintainer-mode"
"--disable-debugger-mode"
"--enable-mods-shared=all"
"--enable-mpms-shared=all"
"--enable-cern-meta"
"--enable-imagemap"
"--enable-cgi"
(stdenv.lib.enableFeature proxySupport "proxy")
(stdenv.lib.enableFeature sslSupport "ssl")
(stdenv.lib.withFeatureAs libxml2Support "libxml2" "${libxml2.dev}/include/libxml2")
"--docdir=$(doc)/share/doc"
(stdenv.lib.enableFeature brotliSupport "brotli")
(stdenv.lib.withFeatureAs brotliSupport "brotli" brotli)
(stdenv.lib.enableFeature http2Support "http2")
(stdenv.lib.withFeature http2Support "nghttp2")
(stdenv.lib.enableFeature luaSupport "lua")
(stdenv.lib.withFeatureAs luaSupport "lua" lua5)
];
enableParallelBuilding = true;
stripDebugList = "lib modules bin";
postInstall = ''
mkdir -p $doc/share/doc/httpd
mv $out/manual $doc/share/doc/httpd
mkdir -p $dev/bin
mv $out/bin/apxs $dev/bin/apxs
'';
passthru = {
inherit apr aprutil sslSupport proxySupport ldapSupport;
};
meta = with stdenv.lib; {
description = "Apache HTTPD, the world's most popular web server";
homepage = http://httpd.apache.org/;
license = licenses.asl20;
platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
maintainers = with maintainers; [ lovek323 peti ];
};
}