lighttpd: bump 1.4.34 -> 1.4.35 (security fixes)

From http://www.lighttpd.net/:

  Important changes
  -----------------
  This release contains a lot of bug fixes, many detected by scan.coverity.com
  (and more to come). The main reason for the release is a fix for an SQL
  injection (and path traversal) bug triggered by specially crafted (and
  invalid) Host: headers.

  Security fixes
  --------------
  http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt (no CVE yet)

NOTE: We (nixpkgs) currently don't build the mod_mysql_vhost module mentioned
above.
This commit is contained in:
Bjørn Forsman 2014-03-12 22:49:20 +01:00
parent 059e8e179b
commit 37ad2a7d28

View File

@ -5,11 +5,11 @@
assert enableMagnet -> lua5 != null;
stdenv.mkDerivation rec {
name = "lighttpd-1.4.34";
name = "lighttpd-1.4.35";
src = fetchurl {
url = "http://download.lighttpd.net/lighttpd/releases-1.4.x/${name}.tar.xz";
sha256 = "1dzgz3gkfyn97s4dm896yjanlhqzzsz38dhjdgla06xgynca1hdl";
sha256 = "18rh7xyx69xbwl20znnjma1dq5fay0ygjjvpn3gaa7dxrir9nghi";
};
buildInputs = [ pkgconfig pcre libxml2 zlib attr bzip2 which file openssl ]