0c3e31a662
Does not fix CVE-2015-1419; keep patch.
46 lines
1.3 KiB
Nix
46 lines
1.3 KiB
Nix
{ stdenv, fetchurl, openssl, sslEnable ? false, libcap, pam }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "vsftpd-3.0.3";
|
|
|
|
src = fetchurl {
|
|
url = "https://security.appspot.com/downloads/${name}.tar.gz";
|
|
sha256 = "1xsyjn68k3fgm2incpb3lz2nikffl9by2safp994i272wvv2nkcx";
|
|
};
|
|
|
|
patches = [ ./CVE-2015-1419.patch ];
|
|
|
|
preConfigure = stdenv.lib.optionalString sslEnable ''
|
|
echo "Will enable SSL"
|
|
sed -i "/VSF_BUILD_SSL/s/^#undef/#define/" builddefs.h
|
|
'';
|
|
|
|
# The gcc-wrappers use -idirafter for glibc, and vsftpd also, and
|
|
# their dummyinc come before those of glibc, then the build works bad.
|
|
prePatch = ''
|
|
sed -i -e 's/-idirafter.*//' Makefile
|
|
'';
|
|
|
|
preBuild =
|
|
let
|
|
sslLibs = if sslEnable then "-lcrypt -lssl -lcrypto" else "";
|
|
in ''
|
|
makeFlagsArray=( "LIBS=${sslLibs} -lpam -lcap -fstack-protector" )
|
|
'';
|
|
|
|
# It won't link without this flag, used in CFLAGS
|
|
|
|
buildInputs = [ openssl libcap pam ];
|
|
|
|
installPhase = ''
|
|
mkdir -pv $out/sbin
|
|
install -v -m 755 vsftpd $out/sbin/vsftpd
|
|
|
|
mkdir -pv $out/share/man/man{5,8}
|
|
install -v -m 644 vsftpd.8 $out/share/man/man8/vsftpd.8
|
|
install -v -m 644 vsftpd.conf.5 $out/share/man/man5/vsftpd.conf.5
|
|
|
|
mkdir -pv $out/etc/xinetd.d
|
|
install -v -m 644 xinetd.d/vsftpd $out/etc/xinetd.d/vsftpd
|
|
'';
|
|
}
|