diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/http')
| -rw-r--r-- | nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix | 4 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/apt-cacher-ng/default.nix | 7 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/gatling/default.nix | 1 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/jetty/default.nix | 4 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/nginx/generic.nix | 42 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/nginx/mainline.nix | 4 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/nginx/modules.nix | 7 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch | 27 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/nginx/stable.nix | 4 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/openresty/default.nix | 7 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/tengine/default.nix | 18 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/tomcat/tomcat-native.nix | 29 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/unit/default.nix | 42 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/unit/drop_cap.patch | 79 | ||||
| -rw-r--r-- | nixpkgs/pkgs/servers/http/yaws/default.nix | 2 |
15 files changed, 142 insertions, 135 deletions
diff --git a/nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix b/nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix index c84790ba106..8d8a0fceefb 100644 --- a/nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix +++ b/nixpkgs/pkgs/servers/http/apache-httpd/2.4.nix @@ -16,12 +16,12 @@ assert ldapSupport -> aprutil.ldapSupport && openldap != null; assert http2Support -> nghttp2 != null; stdenv.mkDerivation rec { - version = "2.4.41"; + version = "2.4.43"; pname = "apache-httpd"; src = fetchurl { url = "mirror://apache/httpd/httpd-${version}.tar.bz2"; - sha256 = "0h7a31yxwyh7h521frnmlppl0h7sh9icc3ka6vlmlcg5iwllhg8k"; + sha256 = "0hqgw47r3p3521ygkkqs8s30s5crm683081avj6330gwncm6b5x4"; }; # FIXME: -dev depends on -doc diff --git a/nixpkgs/pkgs/servers/http/apt-cacher-ng/default.nix b/nixpkgs/pkgs/servers/http/apt-cacher-ng/default.nix index 99dd63c7ce6..f8c4b800204 100644 --- a/nixpkgs/pkgs/servers/http/apt-cacher-ng/default.nix +++ b/nixpkgs/pkgs/servers/http/apt-cacher-ng/default.nix @@ -4,6 +4,7 @@ , doxygen , fetchurl , fuse +, libevent , lzma , openssl , pkgconfig @@ -14,15 +15,15 @@ stdenv.mkDerivation rec { pname = "apt-cacher-ng"; - version = "3.2"; + version = "3.5"; src = fetchurl { url = "http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/apt-cacher-ng_${version}.orig.tar.xz"; - sha256 = "1kas5xq44rx33pczhrz05dsdhjaavxdmcs5h1ygfi76bpqvyhpa0"; + sha256 = "0h76n02nnpg7ir9247qrxb8p4d4p282nh13zrv5bb9sfm12pril2"; }; nativeBuildInputs = [ cmake doxygen pkgconfig ]; - buildInputs = [ bzip2 fuse lzma openssl systemd tcp_wrappers zlib ]; + buildInputs = [ bzip2 fuse libevent lzma openssl systemd tcp_wrappers zlib ]; meta = with stdenv.lib; { description = "A caching proxy specialized for linux distribution files"; diff --git a/nixpkgs/pkgs/servers/http/gatling/default.nix b/nixpkgs/pkgs/servers/http/gatling/default.nix index bf69d902aa5..9157c09cbeb 100644 --- a/nixpkgs/pkgs/servers/http/gatling/default.nix +++ b/nixpkgs/pkgs/servers/http/gatling/default.nix @@ -28,6 +28,5 @@ stdenv.mkDerivation rec { homepage = "http://www.fefe.de/gatling/"; license = stdenv.lib.licenses.gpl2; platforms = platforms.linux; - maintainers = [ maintainers.the-kenny ]; }; } diff --git a/nixpkgs/pkgs/servers/http/jetty/default.nix b/nixpkgs/pkgs/servers/http/jetty/default.nix index 4a3a3f2da01..49c11bf462e 100644 --- a/nixpkgs/pkgs/servers/http/jetty/default.nix +++ b/nixpkgs/pkgs/servers/http/jetty/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "jetty"; - version = "9.4.25.v20191220"; + version = "9.4.26.v20200117"; src = fetchurl { url = "https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/${version}/jetty-distribution-${version}.tar.gz"; name = "jetty-distribution-${version}.tar.gz"; - sha256 = "1jnx4hnvd2krsdisqwpws1qd1r0f8gm9a4sx4a8c7zqrmfd2zx1a"; + sha256 = "0wgh7vap0h6gkz6pk8iycvhwmybyxv25ssinwxxrnzk8jg25g89i"; }; phases = [ "unpackPhase" "installPhase" ]; diff --git a/nixpkgs/pkgs/servers/http/nginx/generic.nix b/nixpkgs/pkgs/servers/http/nginx/generic.nix index 67a914b6a98..80bc1458ad7 100644 --- a/nixpkgs/pkgs/servers/http/nginx/generic.nix +++ b/nixpkgs/pkgs/servers/http/nginx/generic.nix @@ -68,6 +68,14 @@ stdenv.mkDerivation { "--with-http_stub_status_module" "--with-threads" "--with-pcre-jit" + "--http-log-path=/var/log/nginx/access.log" + "--error-log-path=/var/log/nginx/error.log" + "--pid-path=/var/log/nginx/nginx.pid" + "--http-client-body-temp-path=/var/cache/nginx/client_body" + "--http-proxy-temp-path=/var/cache/nginx/proxy" + "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi" + "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi" + "--http-scgi-temp-path=/var/cache/nginx/scgi" ] ++ optionals withDebug [ "--with-debug" ] ++ optionals withStream [ @@ -99,26 +107,28 @@ stdenv.mkDerivation { preConfigure = preConfigure + concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules; - patches = map fixPatch - (singleton (substituteAll { + patches = map fixPatch ([ + (substituteAll { src = ./nix-etag-1.15.4.patch; preInstall = '' export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}" ''; - }) ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ - (fetchpatch { - url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch"; - sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a"; - }) - (fetchpatch { - url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch"; - sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y"; - }) - (fetchpatch { - url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch"; - sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd"; - }) - ] ++ mapModules "patches"); + }) + ./nix-skip-check-logs-path.patch + ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ + (fetchpatch { + url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch"; + sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a"; + }) + (fetchpatch { + url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch"; + sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y"; + }) + (fetchpatch { + url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch"; + sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd"; + }) + ] ++ mapModules "patches"); hardeningEnable = optional (!stdenv.isDarwin) "pie"; diff --git a/nixpkgs/pkgs/servers/http/nginx/mainline.nix b/nixpkgs/pkgs/servers/http/nginx/mainline.nix index b382d2891f9..74df3c16472 100644 --- a/nixpkgs/pkgs/servers/http/nginx/mainline.nix +++ b/nixpkgs/pkgs/servers/http/nginx/mainline.nix @@ -1,6 +1,6 @@ { callPackage, ... }@args: callPackage ./generic.nix args { - version = "1.17.9"; - sha256 = "12dnrdxwnlid0wr797vdxj9z1fmxnk7ib55bznvl2g3mbi05vmkx"; + version = "1.18.0"; + sha256 = "16azscl74ym1far0s0p6xsjin1k1cm4wk80i9x5d74dznmx3wdsc"; } diff --git a/nixpkgs/pkgs/servers/http/nginx/modules.nix b/nixpkgs/pkgs/servers/http/nginx/modules.nix index 16782966944..4ea74019692 100644 --- a/nixpkgs/pkgs/servers/http/nginx/modules.nix +++ b/nixpkgs/pkgs/servers/http/nginx/modules.nix @@ -73,8 +73,8 @@ in src = fetchFromGitHub { owner = "aperezdc"; repo = "ngx-fancyindex"; - rev = "v0.4.3"; - sha256 = "12xdx6a76sfrq0yciylvyjlnvyczszpadn31jqya8c2dzdkyyx7f"; + rev = "v0.4.4"; + sha256 = "14xmzcl608pr7hb7wng6hpz7by51cfnxlszbka3zhp3kk86ljsi6"; }; }; @@ -140,6 +140,7 @@ in export LUAJIT_LIB="${pkgs.luajit}/lib" export LUAJIT_INC="${pkgs.luajit}/include/luajit-2.0" ''; + allowMemoryWriteExecute = true; }; lua-upstream = { @@ -150,6 +151,7 @@ in sha256 = "1gqccg8airli3i9103zv1zfwbjm27h235qjabfbfqk503rjamkpk"; }; inputs = [ pkgs.luajit ]; + allowMemoryWriteExecute = true; }; modsecurity = { @@ -246,6 +248,7 @@ in in { src = ngx_pagespeed; inputs = [ pkgs.zlib pkgs.libuuid ]; # psol deps + allowMemoryWriteExecute = true; }; pam = { diff --git a/nixpkgs/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch b/nixpkgs/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch new file mode 100644 index 00000000000..a823660cc32 --- /dev/null +++ b/nixpkgs/pkgs/servers/http/nginx/nix-skip-check-logs-path.patch @@ -0,0 +1,27 @@ +diff --git a/auto/install b/auto/install +index d884487..dccc411 100644 +--- a/auto/install ++++ b/auto/install +@@ -148,12 +148,6 @@ install: build $NGX_INSTALL_PERL_MODULES + || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PATH' + cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default' + +- test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \\ +- || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' +- +- test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' \\ +- || mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' +- + test -d '\$(DESTDIR)$NGX_PREFIX/html' \\ + || cp -R $NGX_HTML '\$(DESTDIR)$NGX_PREFIX' + END +@@ -161,9 +155,6 @@ END + + if test -n "$NGX_ERROR_LOG_PATH"; then + cat << END >> $NGX_MAKEFILE +- +- test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' \\ +- || mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' + END + + fi diff --git a/nixpkgs/pkgs/servers/http/nginx/stable.nix b/nixpkgs/pkgs/servers/http/nginx/stable.nix index 001ea60839a..c08615ef512 100644 --- a/nixpkgs/pkgs/servers/http/nginx/stable.nix +++ b/nixpkgs/pkgs/servers/http/nginx/stable.nix @@ -1,6 +1,6 @@ { callPackage, ... } @ args: callPackage ./generic.nix args { - version = "1.16.1"; - sha256 = "0az3vf463b538ajvaq94hsz9ipmjgnamfj1jy0v5flfks5njl77i"; + version = "1.18.0"; + sha256 = "16azscl74ym1far0s0p6xsjin1k1cm4wk80i9x5d74dznmx3wdsc"; } diff --git a/nixpkgs/pkgs/servers/http/openresty/default.nix b/nixpkgs/pkgs/servers/http/openresty/default.nix index 0e87b971985..9c01cfb19e1 100644 --- a/nixpkgs/pkgs/servers/http/openresty/default.nix +++ b/nixpkgs/pkgs/servers/http/openresty/default.nix @@ -16,10 +16,11 @@ callPackage ../nginx/generic.nix args rec { sha256 = "1a1la7vszv1parsnhphydblz64ffhycazncn3ividnvqg2mg735n"; }; - fixPatch = patch: - runCommand "openresty-${patch.name}" { src = patch; } '' + fixPatch = patch: let name = patch.name or (builtins.baseNameOf patch); in + runCommand "openresty-${name}" { src = patch; } '' substitute $src $out \ - --replace "src/" "bundle/nginx-${nginxVersion}/src/" + --replace "a/" "a/bundle/nginx-${nginxVersion}/" \ + --replace "b/" "b/bundle/nginx-${nginxVersion}/" ''; buildInputs = [ postgresql ]; diff --git a/nixpkgs/pkgs/servers/http/tengine/default.nix b/nixpkgs/pkgs/servers/http/tengine/default.nix index 1593ad0c06f..f3cae597ef9 100644 --- a/nixpkgs/pkgs/servers/http/tengine/default.nix +++ b/nixpkgs/pkgs/servers/http/tengine/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, openssl, zlib, pcre, libxml2, libxslt -, gd, geoip, gperftools, jemalloc +, substituteAll, gd, geoip, gperftools, jemalloc , withDebug ? false , withMail ? false , withStream ? false @@ -24,8 +24,14 @@ stdenv.mkDerivation rec { [ openssl zlib pcre libxml2 libxslt gd geoip gperftools jemalloc ] ++ concatMap (mod: mod.inputs or []) modules; - patches = [ + patches = singleton (substituteAll { + src = ../nginx/nix-etag-1.15.4.patch; + preInstall = '' + export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}" + ''; + }) ++ [ ./check-resolv-conf.patch + ../nginx/nix-skip-check-logs-path.patch ]; configureFlags = [ @@ -53,6 +59,14 @@ stdenv.mkDerivation rec { "--with-poll_module" "--with-google_perftools_module" "--with-jemalloc" + "--http-log-path=/var/log/nginx/access.log" + "--error-log-path=/var/log/nginx/error.log" + "--pid-path=/var/log/nginx/nginx.pid" + "--http-client-body-temp-path=/var/cache/nginx/client_body" + "--http-proxy-temp-path=/var/cache/nginx/proxy" + "--http-fastcgi-temp-path=/var/cache/nginx/fastcgi" + "--http-uwsgi-temp-path=/var/cache/nginx/uwsgi" + "--http-scgi-temp-path=/var/cache/nginx/scgi" ] ++ optionals withDebug [ "--with-debug" ] ++ optionals withMail [ diff --git a/nixpkgs/pkgs/servers/http/tomcat/tomcat-native.nix b/nixpkgs/pkgs/servers/http/tomcat/tomcat-native.nix new file mode 100644 index 00000000000..17c4367866f --- /dev/null +++ b/nixpkgs/pkgs/servers/http/tomcat/tomcat-native.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchurl, apr, jdk, openssl }: + +stdenv.mkDerivation rec { + pname = "tomcat-native"; + version = "1.2.24"; + + src = fetchurl { + url = "mirror://apache/tomcat/tomcat-connectors/native/${version}/source/${pname}-${version}-src.tar.gz"; + sha512 = "5dae151a60f8bd5a9a29d63eca838c77174426025ee65a826f0698943494dd3656d50bcd417e220a926b9ce111ea167043d4b806264030e951873d06767b3d6f"; + }; + + sourceRoot = "${pname}-${version}-src/native"; + + buildInputs = [ apr jdk openssl ]; + + configureFlags = [ + "--with-apr=${apr.dev}" + "--with-java-home=${jdk}" + "--with-ssl=${openssl.dev}" + ]; + + meta = with stdenv.lib; { + description = "An optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc"; + homepage = "https://tomcat.apache.org/native-doc/"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ aanderse ]; + }; +} diff --git a/nixpkgs/pkgs/servers/http/unit/default.nix b/nixpkgs/pkgs/servers/http/unit/default.nix index 1e3ddb4ad8f..c161566d329 100644 --- a/nixpkgs/pkgs/servers/http/unit/default.nix +++ b/nixpkgs/pkgs/servers/http/unit/default.nix @@ -1,8 +1,9 @@ -{ stdenv, fetchFromGitHub, which +{ stdenv, fetchFromGitHub, nixosTests, which , withPython2 ? false, python2 , withPython3 ? true, python3, ncurses -, withPHP72 ? false, php72base -, withPHP73 ? true, php73base +, withPHP72 ? false, php72 +, withPHP73 ? false, php73 +, withPHP74 ? true, php74 , withPerl528 ? false, perl528 , withPerl530 ? true, perl530 , withPerldevel ? false, perldevel @@ -18,32 +19,29 @@ with stdenv.lib; let phpConfig = { - config.php.embed = true; - config.php.apxs2 = false; - config.php.systemd = false; - config.php.phpdbg = false; - config.php.cgi = false; - config.php.fpm = false; + embedSupport = true; + apxs2Support = false; + systemdSupport = false; + phpdbgSupport = false; + cgiSupport = false; + fpmSupport = false; }; - php72-unit = php72base.override phpConfig; - php73-unit = php73base.override phpConfig; + php72-unit = php72.override phpConfig; + php73-unit = php73.override phpConfig; + php74-unit = php74.override phpConfig; + in stdenv.mkDerivation rec { - version = "1.16.0"; + version = "1.17.0"; pname = "unit"; src = fetchFromGitHub { owner = "nginx"; repo = "unit"; rev = version; - sha256 = "19gclqhwccpi7y4386ap33ycwhylv4s4kwfc6ik8scmc4pw3sj9l"; + sha256 = "1q3659vw8rxv4fk7ljkjav8ga72sb3arljfxcqw8b080f9hvi7hh"; }; - patches = [ - # https://github.com/nginx/unit/issues/357 - ./drop_cap.patch - ]; - nativeBuildInputs = [ which ]; buildInputs = [ ] @@ -51,6 +49,7 @@ in stdenv.mkDerivation rec { ++ optionals withPython3 [ python3 ncurses ] ++ optional withPHP72 php72-unit ++ optional withPHP73 php73-unit + ++ optional withPHP73 php74-unit ++ optional withPerl528 perl528 ++ optional withPerl530 perl530 ++ optional withPerldevel perldevel @@ -71,8 +70,9 @@ in stdenv.mkDerivation rec { postConfigure = '' ${optionalString withPython2 "./configure python --module=python2 --config=${python2}/bin/python2-config --lib-path=${python2}/lib"} ${optionalString withPython3 "./configure python --module=python3 --config=${python3}/bin/python3-config --lib-path=${python3}/lib"} - ${optionalString withPHP72 "./configure php --module=php72 --config=${php72-unit.dev}/bin/php-config --lib-path=${php72-unit}/lib"} - ${optionalString withPHP73 "./configure php --module=php73 --config=${php73-unit.dev}/bin/php-config --lib-path=${php73-unit}/lib"} + ${optionalString withPHP72 "./configure php --module=php72 --config=${php72-unit.unwrapped.dev}/bin/php-config --lib-path=${php72-unit}/lib"} + ${optionalString withPHP73 "./configure php --module=php73 --config=${php73-unit.unwrapped.dev}/bin/php-config --lib-path=${php73-unit}/lib"} + ${optionalString withPHP74 "./configure php --module=php74 --config=${php74-unit.unwrapped.dev}/bin/php-config --lib-path=${php74-unit}/lib"} ${optionalString withPerl528 "./configure perl --module=perl528 --perl=${perl528}/bin/perl"} ${optionalString withPerl530 "./configure perl --module=perl530 --perl=${perl530}/bin/perl"} ${optionalString withPerldevel "./configure perl --module=perldev --perl=${perldevel}/bin/perl"} @@ -81,6 +81,8 @@ in stdenv.mkDerivation rec { ${optionalString withRuby_2_7 "./configure ruby --module=ruby27 --ruby=${ruby_2_7}/bin/ruby"} ''; + passthru.tests.unit-php = nixosTests.unit-php; + meta = { description = "Dynamic web and application server, designed to run applications in multiple languages."; homepage = "https://unit.nginx.org/"; diff --git a/nixpkgs/pkgs/servers/http/unit/drop_cap.patch b/nixpkgs/pkgs/servers/http/unit/drop_cap.patch deleted file mode 100644 index 87caf77904e..00000000000 --- a/nixpkgs/pkgs/servers/http/unit/drop_cap.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -r ed17ce89119f src/nxt_capability.c ---- a/src/nxt_capability.c Fri Dec 06 17:02:23 2019 +0000 -+++ b/src/nxt_capability.c Mon Dec 09 23:23:00 2019 +0000 -@@ -93,6 +93,26 @@ nxt_capability_specific_set(nxt_task_t * - return NXT_OK; - } - -+ -+nxt_int_t -+nxt_capability_drop_all(nxt_task_t *task) -+{ -+ struct __user_cap_header_struct hdr; -+ struct __user_cap_data_struct data[2]; -+ -+ hdr.version = nxt_capability_linux_get_version(); -+ hdr.pid = nxt_pid; -+ -+ nxt_memset(data, 0, sizeof(data)); -+ -+ if (nxt_slow_path(nxt_capset(&hdr, data) == -1)) { -+ nxt_alert(task, "failed to drop capabilities %E", nxt_errno); -+ return NXT_ERROR; -+ } -+ -+ return NXT_OK; -+} -+ - #else - - static nxt_int_t -diff -r ed17ce89119f src/nxt_capability.h ---- a/src/nxt_capability.h Fri Dec 06 17:02:23 2019 +0000 -+++ b/src/nxt_capability.h Mon Dec 09 23:23:00 2019 +0000 -@@ -14,4 +14,6 @@ typedef struct { - NXT_EXPORT nxt_int_t nxt_capability_set(nxt_task_t *task, - nxt_capabilities_t *cap); - -+NXT_EXPORT nxt_int_t nxt_capability_drop_all(nxt_task_t *task); -+ - #endif /* _NXT_CAPABILITY_INCLUDED_ */ -diff -r ed17ce89119f src/nxt_process.c ---- a/src/nxt_process.c Fri Dec 06 17:02:23 2019 +0000 -+++ b/src/nxt_process.c Mon Dec 09 23:23:00 2019 +0000 -@@ -264,7 +264,7 @@ cleanup: - static void - nxt_process_start(nxt_task_t *task, nxt_process_t *process) - { -- nxt_int_t ret, cap_setid; -+ nxt_int_t ret, cap_setid, drop_caps; - nxt_port_t *port, *main_port; - nxt_thread_t *thread; - nxt_runtime_t *rt; -@@ -285,9 +285,12 @@ nxt_process_start(nxt_task_t *task, nxt_ - - cap_setid = rt->capabilities.setid; - -+ drop_caps = cap_setid; -+ - #if (NXT_HAVE_CLONE_NEWUSER) -- if (!cap_setid && NXT_CLONE_USER(init->isolation.clone.flags)) { -+ if (NXT_CLONE_USER(init->isolation.clone.flags)) { - cap_setid = 1; -+ drop_caps = 0; - } - #endif - -@@ -301,6 +304,12 @@ nxt_process_start(nxt_task_t *task, nxt_ - if (nxt_slow_path(ret != NXT_OK)) { - goto fail; - } -+ -+#if (NXT_HAVE_LINUX_CAPABILITY) -+ if (drop_caps && nxt_capability_drop_all(task) != NXT_OK) { -+ goto fail; -+ } -+#endif - } - - rt->type = init->type;
\ No newline at end of file diff --git a/nixpkgs/pkgs/servers/http/yaws/default.nix b/nixpkgs/pkgs/servers/http/yaws/default.nix index 301aec5c34b..1d57a951dc7 100644 --- a/nixpkgs/pkgs/servers/http/yaws/default.nix +++ b/nixpkgs/pkgs/servers/http/yaws/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { homepage = "http://yaws.hyber.org"; license = licenses.bsd2; platforms = platforms.linux; - maintainers = with maintainers; [ goibhniu the-kenny ]; + maintainers = with maintainers; [ goibhniu ]; }; } |