about summary refs log tree commit diff
path: root/nixpkgs/pkgs/servers/ftp
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/servers/ftp')
-rw-r--r--nixpkgs/pkgs/servers/ftp/bftpd/default.nix42
-rw-r--r--nixpkgs/pkgs/servers/ftp/kamid/default.nix40
-rw-r--r--nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix23
-rw-r--r--nixpkgs/pkgs/servers/ftp/uftpd/default.nix24
-rw-r--r--nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch104
-rw-r--r--nixpkgs/pkgs/servers/ftp/vsftpd/default.nix48
6 files changed, 281 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/servers/ftp/bftpd/default.nix b/nixpkgs/pkgs/servers/ftp/bftpd/default.nix
new file mode 100644
index 000000000000..a46a2503e802
--- /dev/null
+++ b/nixpkgs/pkgs/servers/ftp/bftpd/default.nix
@@ -0,0 +1,42 @@
+{ lib, stdenv, fetchurl, libxcrypt }:
+
+stdenv.mkDerivation rec {
+  pname = "bftpd";
+  version = "6.2";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/project/${pname}/${pname}/${pname}-${version}/${pname}-${version}.tar.gz";
+    sha256 = "sha256-lZGFsUV6LNjkBNUpV9UYedVt1yt1qTBJUorxGt4ApsI=";
+  };
+
+  # utmp.h is deprecated on aarch64-darwin
+  postPatch = lib.optionals (stdenv.isDarwin && stdenv.isAarch64) ''
+    for file in login.*; do
+      substituteInPlace $file --replace "#ifdef HAVE_UTMP_H" "#if 0"
+    done
+  '';
+
+  buildInputs = [ libxcrypt ];
+
+  preConfigure = ''
+    sed -re 's/-[og] 0//g' -i Makefile*
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/doc/${pname}
+    mv $out/etc/*.conf $out/share/doc/${pname}
+    rm -rf $out/{etc,var}
+  '';
+
+  enableParallelBuilding = true;
+
+  meta = with lib; {
+    description = "A minimal ftp server";
+    mainProgram = "bftpd";
+    downloadPage = "http://bftpd.sf.net/download.html";
+    homepage = "http://bftpd.sf.net/";
+    license = licenses.gpl2Plus;
+    maintainers = with maintainers; [ raskin ];
+    platforms = platforms.all;
+  };
+}
diff --git a/nixpkgs/pkgs/servers/ftp/kamid/default.nix b/nixpkgs/pkgs/servers/ftp/kamid/default.nix
new file mode 100644
index 000000000000..625f391dae8f
--- /dev/null
+++ b/nixpkgs/pkgs/servers/ftp/kamid/default.nix
@@ -0,0 +1,40 @@
+{ stdenv
+, lib
+, pkg-config
+, libevent
+, libressl
+, libbsd
+, fetchurl
+, readline
+}:
+
+stdenv.mkDerivation rec {
+  pname = "kamid";
+  version = "0.2";
+
+  src = fetchurl {
+    url = "https://github.com/omar-polo/kamid/releases/download/${version}/${pname}-${version}.tar.gz";
+    sha256 = "sha256-23LgcZ+R6wcUz1fZA+IbhyshfQOTyiFPZ+uKVwOh680=";
+  };
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+
+  buildInputs = [
+    libevent
+    libressl
+    readline
+    libbsd
+  ];
+
+  makeFlags = [ "AR:=$(AR)" ];
+
+  meta = with lib; {
+    description = "A FREE, easy-to-use and portable implementation of a 9p file server daemon for UNIX-like systems";
+    homepage = "https://kamid.omarpolo.com";
+    license = licenses.isc;
+    maintainers = with maintainers; [ heph2 ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix b/nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix
new file mode 100644
index 000000000000..fe82f1c4679d
--- /dev/null
+++ b/nixpkgs/pkgs/servers/ftp/pure-ftpd/default.nix
@@ -0,0 +1,23 @@
+{ lib, stdenv, fetchurl, openssl, pam, libxcrypt }:
+
+stdenv.mkDerivation rec {
+  pname = "pure-ftpd";
+  version = "1.0.51";
+
+  src = fetchurl {
+    url = "https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-${version}.tar.gz";
+    sha256 = "sha256-QWD2a3ZhXuojl+rE6j8KFGt5KCB7ebxMwvma17e9lRM=";
+  };
+
+  buildInputs = [ openssl pam libxcrypt ];
+
+  configureFlags = [ "--with-tls" ];
+
+  meta = with lib; {
+    description = "A free, secure, production-quality and standard-conformant FTP server";
+    homepage = "https://www.pureftpd.org";
+    license = licenses.isc; # with some parts covered by BSD3(?)
+    maintainers = [ ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/nixpkgs/pkgs/servers/ftp/uftpd/default.nix b/nixpkgs/pkgs/servers/ftp/uftpd/default.nix
new file mode 100644
index 000000000000..34557b955a13
--- /dev/null
+++ b/nixpkgs/pkgs/servers/ftp/uftpd/default.nix
@@ -0,0 +1,24 @@
+{ lib, stdenv, fetchFromGitHub, pkg-config, autoreconfHook, libuev, libite }:
+
+stdenv.mkDerivation rec {
+  pname = "uftpd";
+  version = "2.15";
+
+  src = fetchFromGitHub {
+    owner = "troglobit";
+    repo = "uftpd";
+    rev = "v${version}";
+    hash = "sha256-+y1eRPUgYf5laRFIDD1XOEfonPP8QMJNCSkmHlXIjdY=";
+  };
+
+  nativeBuildInputs = [ pkg-config autoreconfHook ];
+  buildInputs = [ libuev libite ];
+
+  meta = with lib; {
+    description = "FTP/TFTP server for Linux that just works™";
+    homepage = "https://troglobit.com/projects/uftpd/";
+    license = licenses.isc;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ vifino ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch b/nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch
new file mode 100644
index 000000000000..0a6144395116
--- /dev/null
+++ b/nixpkgs/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch
@@ -0,0 +1,104 @@
+Description: CVE-2015-1419: config option deny_file is not handled correctly
+Author: Marcus Meissner <meissner@suse.com>
+Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
+Last-Update: 2015-02-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/ls.c
+===================================================================
+--- trunk.orig/ls.c
++++ trunk/ls.c
+@@ -7,6 +7,7 @@
+  * Would you believe, code to handle directory listing.
+  */
+ 
++#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+   struct mystr temp_str = INIT_MYSTR;
+   struct mystr brace_list_str = INIT_MYSTR;
+   struct mystr new_filter_str = INIT_MYSTR;
++  struct mystr normalize_filename_str = INIT_MYSTR;
++  const char *normname;
++  const char *path;
+   int ret = 0;
+   char last_token = 0;
+   int must_match_at_current_pos = 1;
++
+   str_copy(&filter_remain_str, p_filter_str);
+-  str_copy(&name_remain_str, p_filename_str);
++
++  /* normalize filepath */
++  path = str_strdup(p_filename_str);
++  normname = realpath(path, NULL);
++  if (normname == NULL)
++     goto out;
++  str_alloc_text(&normalize_filename_str, normname);
++
++  if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
++    if (str_get_char_at(p_filter_str, 0) == '/') {
++      if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++        str_getcwd (&name_remain_str);
++
++        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
++          str_append_char (&name_remain_str, '/');
++
++        str_append_str (&name_remain_str, &normalize_filename_str);
++      }
++      else
++       str_copy (&name_remain_str, &normalize_filename_str);
++    } else {
++      if (str_get_char_at(p_filter_str, 0) != '{')
++        str_basename (&name_remain_str, &normalize_filename_str);
++      else
++        str_copy (&name_remain_str, &normalize_filename_str);
++    }
++  } else
++    str_copy(&name_remain_str, &normalize_filename_str);
+ 
+   while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+   {
+@@ -379,6 +411,9 @@ vsf_filename_passes_filter(const struct
+     ret = 0;
+   }
+ out:
++  free((char*) normname);
++  free((char*) path);
++  str_free(&normalize_filename_str);
+   str_free(&filter_remain_str);
+   str_free(&name_remain_str);
+   str_free(&temp_str);
+Index: trunk/str.c
+===================================================================
+--- trunk.orig/str.c
++++ trunk/str.c
+@@ -723,3 +723,14 @@ str_replace_unprintable(struct mystr* p_
+   }
+ }
+ 
++void
++str_basename (struct mystr* d_str, const struct mystr* path)
++{
++  static struct mystr tmp;
++
++  str_copy (&tmp, path);
++  str_split_char_reverse(&tmp, d_str, '/');
++
++  if (str_isempty(d_str))
++   str_copy (d_str, path);
++}
+Index: trunk/str.h
+===================================================================
+--- trunk.orig/str.h
++++ trunk/str.h
+@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
++void str_basename (struct mystr* d_str, const struct mystr* path);
+ 
+ /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
+  * buffer, starting at character position 'p_pos'. The extracted line will
diff --git a/nixpkgs/pkgs/servers/ftp/vsftpd/default.nix b/nixpkgs/pkgs/servers/ftp/vsftpd/default.nix
new file mode 100644
index 000000000000..133fe17ec088
--- /dev/null
+++ b/nixpkgs/pkgs/servers/ftp/vsftpd/default.nix
@@ -0,0 +1,48 @@
+{ lib, stdenv, fetchurl, libcap, libseccomp, openssl, pam, libxcrypt, nixosTests }:
+
+stdenv.mkDerivation rec {
+  pname = "vsftpd";
+  version = "3.0.5";
+
+  src = fetchurl {
+    url = "https://security.appspot.com/downloads/vsftpd-${version}.tar.gz";
+    sha256 = "sha256-JrYCrkVLC6bZnvRKCba54N+n9nIoEGc23x8njHC8kdM=";
+  };
+
+  buildInputs = [ libcap openssl libseccomp pam libxcrypt ];
+
+  patches = [ ./CVE-2015-1419.patch ];
+
+  postPatch = ''
+    sed -i "/VSF_BUILD_SSL/s/^#undef/#define/" builddefs.h
+
+    substituteInPlace Makefile \
+      --replace -dirafter "" \
+      --replace /usr $out \
+      --replace /etc $out/etc \
+      --replace "-Werror" ""
+
+
+    mkdir -p $out/sbin $out/man/man{5,8}
+  '';
+
+  makeFlags = [
+    "CC=${stdenv.cc.targetPrefix}cc"
+  ];
+
+  NIX_LDFLAGS = "-lcrypt -lssl -lcrypto -lpam -lcap -lseccomp";
+
+  enableParallelBuilding = true;
+
+  passthru = {
+    tests = { inherit (nixosTests) vsftpd; };
+  };
+
+  meta = with lib; {
+    description = "A very secure FTP daemon";
+    mainProgram = "vsftpd";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ peterhoeg ];
+    platforms = platforms.linux;
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-26 01:19:38 +0000