apacheHttpd: 2.4.52 -> 2.4.53

https://downloads.apache.org/httpd/CHANGES_2.4.53

Migrating to pcre2 was recommended in the release notes, since pcre 8.x
is over 20 years old and has now reached its end of life.

Fixes: CVE-2022-23943, CVE-2022-22721, CVE-2022-22720, CVE-2022-22719

1 files changed, 6 insertions, 4 deletions

diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix
index 56d66a2e99c..d72dcb9170b 100644
--- a/pkgs/servers/http/apache-httpd/2.4.nix
+++ b/pkgs/servers/http/apache-httpd/2.4.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre, libiconv, lynx
+{ lib, stdenv, fetchurl, perl, zlib, apr, aprutil, pcre2, libiconv, lynx, which
 , nixosTests
 , proxySupport ? true
 , sslSupport ? true, openssl
@@ -11,17 +11,19 @@
 
 stdenv.mkDerivation rec {
   pname = "apache-httpd";
-  version = "2.4.52";
+  version = "2.4.53";
 
   src = fetchurl {
     url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
-    sha256 = "sha256-ASf33El+mYPpxRR0vtdeRWB/L4cKdnWobckK9tVy9ck=";
+    sha256 = "sha256-0LvREhpXtfKm/5LXuW+AUMWkXT8U2xGPZJedUlhY22M=";
   };
 
   # FIXME: -dev depends on -doc
   outputs = [ "out" "dev" "man" "doc" ];
   setOutputFlags = false; # it would move $out/modules, etc.
 
+  nativeBuildInputs = [ which ];
+
   buildInputs = [ perl ] ++
     lib.optional brotliSupport brotli ++
     lib.optional sslSupport openssl ++
@@ -42,7 +44,7 @@ stdenv.mkDerivation rec {
     "--with-apr=${apr.dev}"
     "--with-apr-util=${aprutil.dev}"
     "--with-z=${zlib.dev}"
-    "--with-pcre=${pcre.dev}"
+    "--with-pcre=${pcre2.dev}/bin/pcre2-config"
     "--disable-maintainer-mode"
     "--disable-debugger-mode"
     "--enable-mods-shared=all"