{ lib, stdenv, fetchurl, openssl, fetchpatch }: stdenv.mkDerivation rec { name = "pure-ftpd-1.0.49"; src = fetchurl { url = "https://download.pureftpd.org/pub/pure-ftpd/releases/${name}.tar.gz"; sha256 = "19cjr262n6h560fi9nm7l1srwf93k34bp8dp1c6gh90bqxcg8yvn"; }; patches = [ (fetchpatch { name = "CVE-2020-9274.patch"; url = "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa.patch"; sha256 = "1yd84p6bd4rf21hg3kqpi2a02cac6dz5ag4xx3c2dl5vbzhr5a8k"; }) (fetchpatch { name = "CVE-2020-9365.patch"; url = "https://github.com/jedisct1/pure-ftpd/commit/bf6fcd4935e95128cf22af5924cdc8fe5c0579da.patch"; sha256 = "003klx7j82qf92qr1dxg32v5r2bhhywplynd3xil1lbcd3s3mqhi"; }) ]; buildInputs = [ openssl ]; configureFlags = [ "--with-tls" ]; meta = with lib; { description = "A free, secure, production-quality and standard-conformant FTP server"; homepage = "https://www.pureftpd.org"; license = licenses.isc; # with some parts covered by BSD3(?) maintainers = [ maintainers.lethalman ]; platforms = platforms.linux; }; }