From 37ad2a7d28a027b09dce71e0a4094ce889623632 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
Date: Wed, 12 Mar 2014 22:49:20 +0100
Subject: [PATCH] lighttpd: bump 1.4.34 -> 1.4.35 (security fixes)

From http://www.lighttpd.net/:

  Important changes
  -----------------
  This release contains a lot of bug fixes, many detected by scan.coverity.com
  (and more to come). The main reason for the release is a fix for an SQL
  injection (and path traversal) bug triggered by specially crafted (and
  invalid) Host: headers.

  Security fixes
  --------------
  http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt (no CVE yet)

NOTE: We (nixpkgs) currently don't build the mod_mysql_vhost module mentioned
above.
---
 pkgs/servers/http/lighttpd/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/http/lighttpd/default.nix b/pkgs/servers/http/lighttpd/default.nix
index 4a50acd3379..ce055c0c528 100644
--- a/pkgs/servers/http/lighttpd/default.nix
+++ b/pkgs/servers/http/lighttpd/default.nix
@@ -5,11 +5,11 @@
 assert enableMagnet -> lua5 != null;
 
 stdenv.mkDerivation rec {
-  name = "lighttpd-1.4.34";
+  name = "lighttpd-1.4.35";
 
   src = fetchurl {
     url = "http://download.lighttpd.net/lighttpd/releases-1.4.x/${name}.tar.xz";
-    sha256 = "1dzgz3gkfyn97s4dm896yjanlhqzzsz38dhjdgla06xgynca1hdl";
+    sha256 = "18rh7xyx69xbwl20znnjma1dq5fay0ygjjvpn3gaa7dxrir9nghi";
   };
 
   buildInputs = [ pkgconfig pcre libxml2 zlib attr bzip2 which file openssl ]