diff options
Diffstat (limited to 'nixpkgs/pkgs/servers/ftp')
-rw-r--r-- | nixpkgs/pkgs/servers/ftp/bftpd/default.nix | 42 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/ftp/kamid/default.nix | 40 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix | 23 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/ftp/uftpd/default.nix | 24 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch | 104 | ||||
-rw-r--r-- | nixpkgs/pkgs/servers/ftp/vsftpd/default.nix | 48 |
6 files changed, 281 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/ftp/bftpd/default.nix b/nixpkgs/pkgs/servers/ftp/bftpd/default.nix new file mode 100644 index 000000000000..a46a2503e802 --- /dev/null +++ b/nixpkgs/pkgs/servers/ftp/bftpd/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchurl, libxcrypt }: + +stdenv.mkDerivation rec { + pname = "bftpd"; + version = "6.2"; + + src = fetchurl { + url = "mirror://sourceforge/project/${pname}/${pname}/${pname}-${version}/${pname}-${version}.tar.gz"; + sha256 = "sha256-lZGFsUV6LNjkBNUpV9UYedVt1yt1qTBJUorxGt4ApsI="; + }; + + # utmp.h is deprecated on aarch64-darwin + postPatch = lib.optionals (stdenv.isDarwin && stdenv.isAarch64) '' + for file in login.*; do + substituteInPlace $file --replace "#ifdef HAVE_UTMP_H" "#if 0" + done + ''; + + buildInputs = [ libxcrypt ]; + + preConfigure = '' + sed -re 's/-[og] 0//g' -i Makefile* + ''; + + postInstall = '' + mkdir -p $out/share/doc/${pname} + mv $out/etc/*.conf $out/share/doc/${pname} + rm -rf $out/{etc,var} + ''; + + enableParallelBuilding = true; + + meta = with lib; { + description = "A minimal ftp server"; + mainProgram = "bftpd"; + downloadPage = "http://bftpd.sf.net/download.html"; + homepage = "http://bftpd.sf.net/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ raskin ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/servers/ftp/kamid/default.nix b/nixpkgs/pkgs/servers/ftp/kamid/default.nix new file mode 100644 index 000000000000..625f391dae8f --- /dev/null +++ b/nixpkgs/pkgs/servers/ftp/kamid/default.nix @@ -0,0 +1,40 @@ +{ stdenv +, lib +, pkg-config +, libevent +, libressl +, libbsd +, fetchurl +, readline +}: + +stdenv.mkDerivation rec { + pname = "kamid"; + version = "0.2"; + + src = fetchurl { + url = "https://github.com/omar-polo/kamid/releases/download/${version}/${pname}-${version}.tar.gz"; + sha256 = "sha256-23LgcZ+R6wcUz1fZA+IbhyshfQOTyiFPZ+uKVwOh680="; + }; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libevent + libressl + readline + libbsd + ]; + + makeFlags = [ "AR:=$(AR)" ]; + + meta = with lib; { + description = "A FREE, easy-to-use and portable implementation of a 9p file server daemon for UNIX-like systems"; + homepage = "https://kamid.omarpolo.com"; + license = licenses.isc; + maintainers = with maintainers; [ heph2 ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix b/nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix new file mode 100644 index 000000000000..fe82f1c4679d --- /dev/null +++ b/nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix @@ -0,0 +1,23 @@ +{ lib, stdenv, fetchurl, openssl, pam, libxcrypt }: + +stdenv.mkDerivation rec { + pname = "pure-ftpd"; + version = "1.0.51"; + + src = fetchurl { + url = "https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-${version}.tar.gz"; + sha256 = "sha256-QWD2a3ZhXuojl+rE6j8KFGt5KCB7ebxMwvma17e9lRM="; + }; + + buildInputs = [ openssl pam libxcrypt ]; + + configureFlags = [ "--with-tls" ]; + + meta = with lib; { + description = "A free, secure, production-quality and standard-conformant FTP server"; + homepage = "https://www.pureftpd.org"; + license = licenses.isc; # with some parts covered by BSD3(?) + maintainers = [ ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/servers/ftp/uftpd/default.nix b/nixpkgs/pkgs/servers/ftp/uftpd/default.nix new file mode 100644 index 000000000000..34557b955a13 --- /dev/null +++ b/nixpkgs/pkgs/servers/ftp/uftpd/default.nix @@ -0,0 +1,24 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config, autoreconfHook, libuev, libite }: + +stdenv.mkDerivation rec { + pname = "uftpd"; + version = "2.15"; + + src = fetchFromGitHub { + owner = "troglobit"; + repo = "uftpd"; + rev = "v${version}"; + hash = "sha256-+y1eRPUgYf5laRFIDD1XOEfonPP8QMJNCSkmHlXIjdY="; + }; + + nativeBuildInputs = [ pkg-config autoreconfHook ]; + buildInputs = [ libuev libite ]; + + meta = with lib; { + description = "FTP/TFTP server for Linux that just works™"; + homepage = "https://troglobit.com/projects/uftpd/"; + license = licenses.isc; + platforms = platforms.unix; + maintainers = with maintainers; [ vifino ]; + }; +} diff --git a/nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch b/nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch new file mode 100644 index 000000000000..0a6144395116 --- /dev/null +++ b/nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch @@ -0,0 +1,104 @@ +Description: CVE-2015-1419: config option deny_file is not handled correctly +Author: Marcus Meissner <meissner@suse.com> +Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922 +Last-Update: 2015-02-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/ls.c +=================================================================== +--- trunk.orig/ls.c ++++ trunk/ls.c +@@ -7,6 +7,7 @@ + * Would you believe, code to handle directory listing. + */ + ++#include <stdlib.h> + #include "ls.h" + #include "access.h" + #include "defs.h" +@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct + struct mystr temp_str = INIT_MYSTR; + struct mystr brace_list_str = INIT_MYSTR; + struct mystr new_filter_str = INIT_MYSTR; ++ struct mystr normalize_filename_str = INIT_MYSTR; ++ const char *normname; ++ const char *path; + int ret = 0; + char last_token = 0; + int must_match_at_current_pos = 1; ++ + str_copy(&filter_remain_str, p_filter_str); +- str_copy(&name_remain_str, p_filename_str); ++ ++ /* normalize filepath */ ++ path = str_strdup(p_filename_str); ++ normname = realpath(path, NULL); ++ if (normname == NULL) ++ goto out; ++ str_alloc_text(&normalize_filename_str, normname); ++ ++ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) { ++ if (str_get_char_at(p_filter_str, 0) == '/') { ++ if (str_get_char_at(&normalize_filename_str, 0) != '/') { ++ str_getcwd (&name_remain_str); ++ ++ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ ++ str_append_char (&name_remain_str, '/'); ++ ++ str_append_str (&name_remain_str, &normalize_filename_str); ++ } ++ else ++ str_copy (&name_remain_str, &normalize_filename_str); ++ } else { ++ if (str_get_char_at(p_filter_str, 0) != '{') ++ str_basename (&name_remain_str, &normalize_filename_str); ++ else ++ str_copy (&name_remain_str, &normalize_filename_str); ++ } ++ } else ++ str_copy(&name_remain_str, &normalize_filename_str); + + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) + { +@@ -379,6 +411,9 @@ vsf_filename_passes_filter(const struct + ret = 0; + } + out: ++ free((char*) normname); ++ free((char*) path); ++ str_free(&normalize_filename_str); + str_free(&filter_remain_str); + str_free(&name_remain_str); + str_free(&temp_str); +Index: trunk/str.c +=================================================================== +--- trunk.orig/str.c ++++ trunk/str.c +@@ -723,3 +723,14 @@ str_replace_unprintable(struct mystr* p_ + } + } + ++void ++str_basename (struct mystr* d_str, const struct mystr* path) ++{ ++ static struct mystr tmp; ++ ++ str_copy (&tmp, path); ++ str_split_char_reverse(&tmp, d_str, '/'); ++ ++ if (str_isempty(d_str)) ++ str_copy (d_str, path); ++} +Index: trunk/str.h +=================================================================== +--- trunk.orig/str.h ++++ trunk/str.h +@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst + int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); ++void str_basename (struct mystr* d_str, const struct mystr* path); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will diff --git a/nixpkgs/pkgs/servers/ftp/vsftpd/default.nix b/nixpkgs/pkgs/servers/ftp/vsftpd/default.nix new file mode 100644 index 000000000000..133fe17ec088 --- /dev/null +++ b/nixpkgs/pkgs/servers/ftp/vsftpd/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, libxcrypt, nixosTests }: + +stdenv.mkDerivation rec { + pname = "vsftpd"; + version = "3.0.5"; + + src = fetchurl { + url = "https://security.appspot.com/downloads/vsftpd-${version}.tar.gz"; + sha256 = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM="; + }; + + buildInputs = [ libcap openssl libseccomp pam libxcrypt ]; + + patches = [ ./CVE-2015-1419.patch ]; + + postPatch = '' + sed -i "/VSF_BUILD_SSL/s/^#undef/#define/" builddefs.h + + substituteInPlace Makefile \ + --replace -dirafter "" \ + --replace /usr $out \ + --replace /etc $out/etc \ + --replace "-Werror" "" + + + mkdir -p $out/sbin $out/man/man{5,8} + ''; + + makeFlags = [ + "CC=${stdenv.cc.targetPrefix}cc" + ]; + + NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap -lseccomp"; + + enableParallelBuilding = true; + + passthru = { + tests = { inherit (nixosTests) vsftpd; }; + }; + + meta = with lib; { + description = "A very secure FTP daemon"; + mainProgram = "vsftpd"; + license = licenses.gpl2; + maintainers = with maintainers; [ peterhoeg ]; + platforms = platforms.linux; + }; +} |