From 2017158b53fefb67d5a02f6d02b72515d107256f Mon Sep 17 00:00:00 2001
From: Peter Simons <simons@cryp.to>
Date: Tue, 2 Apr 2019 09:46:25 +0200
Subject: [PATCH] apache-httpd: 2.4.38 -> 2.4.39 (CVE-2019-0211)

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or
prefork, code executing in less-privileged child processes or
threads (including scripts executed by an in-process scripting interpreter)
could execute arbitrary code with the privileges of the parent process (usually
root) by manipulating the scoreboard.
---
 pkgs/servers/http/apache-httpd/2.4.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/http/apache-httpd/2.4.nix b/pkgs/servers/http/apache-httpd/2.4.nix
index 64e57f64236e..5933a71e5159 100644
--- a/pkgs/servers/http/apache-httpd/2.4.nix
+++ b/pkgs/servers/http/apache-httpd/2.4.nix
@@ -16,12 +16,12 @@ assert ldapSupport -> aprutil.ldapSupport && openldap != null;
 assert http2Support -> nghttp2 != null;
 
 stdenv.mkDerivation rec {
-  version = "2.4.38";
+  version = "2.4.39";
   name = "apache-httpd-${version}";
 
   src = fetchurl {
     url = "mirror://apache/httpd/httpd-${version}.tar.bz2";
-    sha256 = "0jiriyyf3pm6axf4mrz6c2z08yhs21hb4d23viq87jclm5bmiikx";
+    sha256 = "18ngvsjq65qxk3biggnkhkq8jlll9dsg9n3csra9p99sfw2rvjml";
   };
 
   # FIXME: -dev depends on -doc