diff options
Diffstat (limited to 'pkgs/tools/security')
57 files changed, 675 insertions, 425 deletions
diff --git a/pkgs/tools/security/arti/default.nix b/pkgs/tools/security/arti/default.nix index 2d499eaf06ba1..103c8aceed829 100644 --- a/pkgs/tools/security/arti/default.nix +++ b/pkgs/tools/security/arti/default.nix @@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec { pname = "arti"; - version = "1.0.1"; + version = "1.1.0"; src = fetchFromGitLab { domain = "gitlab.torproject.org"; @@ -18,10 +18,10 @@ rustPlatform.buildRustPackage rec { owner = "core"; repo = "arti"; rev = "arti-v${version}"; - sha256 = "sha256-zzBfRZEwLNCYzcdOfeQ462r1kU22zmY0lvrPDJ5F4nE="; + sha256 = "sha256-fvRSx/I4SM9xWhooPPKFuRLSCYOxE+scqi6jRsGFOXo="; }; - cargoSha256 = "sha256-DpdnXmzs8oHLQ1aecrBduW0E08xtU6W4DGL+20Gz1+I="; + cargoSha256 = "sha256-5wXeFomQs/aEbImmlyUzmYyDRXFp3qZSFOzk0g7pNEo="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/pkgs/tools/security/b3sum/default.nix b/pkgs/tools/security/b3sum/default.nix index 0749cba209c3e..9279ec1d23bed 100644 --- a/pkgs/tools/security/b3sum/default.nix +++ b/pkgs/tools/security/b3sum/default.nix @@ -2,14 +2,14 @@ rustPlatform.buildRustPackage rec { pname = "b3sum"; - version = "1.3.1"; + version = "1.3.3"; src = fetchCrate { inherit version pname; - sha256 = "sha256-Vb4W1TfHppKm2Ib2VHm+917A09JY1oNebymzcQpPm8Q="; + sha256 = "sha256-PeH4oMeLxEM1pKqMsZBhsbmZOAVdLEmWKyPjuRNjowA="; }; - cargoSha256 = "sha256-cpY69NsbsHgQITdElsNjrhjaih9rgOVpFEv4Pfp9OPw="; + cargoSha256 = "sha256-dvxQY1KgZGOCIeFoxfOewF9gm9xORLelJxJMMtrNWDs="; meta = { description = "BLAKE3 cryptographic hash function"; diff --git a/pkgs/tools/security/bkcrack/default.nix b/pkgs/tools/security/bkcrack/default.nix new file mode 100644 index 0000000000000..e2ed76743c4cf --- /dev/null +++ b/pkgs/tools/security/bkcrack/default.nix @@ -0,0 +1,36 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, openmp +}: + +stdenv.mkDerivation rec { + pname = "bkcrack"; + version = "1.5.0"; + + src = fetchFromGitHub { + owner = "kimci86"; + repo = pname; + rev = "v${version}"; + hash = "sha256-iyx4mOTr6MHECk9S9zrIAE5pt+cxWnOKS7iQPUyWfzs="; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ openmp ]; + + postInstall = '' + mkdir -p $out/bin $out/share/licenses/bkcrack + mv $out/bkcrack $out/bin/ + mv $out/license.txt $out/share/licenses/bkcrack + rm -r $out/example $out/tools $out/readme.md + ''; + + meta = with lib; { + description = "Crack legacy zip encryption with Biham and Kocher's known plaintext attack"; + homepage = "https://github.com/kimci86/bkcrack"; + license = licenses.zlib; + platforms = platforms.unix; + maintainers = with maintainers; [ erdnaxe ]; + }; +} diff --git a/pkgs/tools/security/buttercup-desktop/default.nix b/pkgs/tools/security/buttercup-desktop/default.nix index 7d6122fe5f409..27cf191018e43 100644 --- a/pkgs/tools/security/buttercup-desktop/default.nix +++ b/pkgs/tools/security/buttercup-desktop/default.nix @@ -2,10 +2,10 @@ let pname = "buttercup-desktop"; - version = "2.16.0"; + version = "2.17.0"; src = fetchurl { url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; - sha256 = "sha256-o6KdbwD0VdCTYLEfar7Jt7MRZUayGHyasnmtU8Cqg3E="; + sha256 = "sha256-JD3ZFRWGCJq5VDGkTgIZuZPScQrNF4vsuCavBD3pigA="; }; appimageContents = appimageTools.extractType2 { inherit pname src version; }; diff --git a/pkgs/tools/security/chain-bench/default.nix b/pkgs/tools/security/chain-bench/default.nix index 1ba61016afbc2..24c042e6e76f4 100644 --- a/pkgs/tools/security/chain-bench/default.nix +++ b/pkgs/tools/security/chain-bench/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "chain-bench"; - version = "0.1.6"; + version = "0.1.7"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UpUKt6R5Yr/L0n7DFqIO6s8Y8WT5UYDjMO/QmhcsOxE="; + sha256 = "sha256-UWP/S15s9k92RhH6xr0V544BHF4n9g+inN6Sdpja6uM="; }; vendorSha256 = "sha256-R6V4dE2cNKcsBweSaUWjZHKnUQP/kADAbW2aTQc7TAg="; diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 16cd827b8f3ba..e9e6314f2015b 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "0.105.1"; + version = "1.0.0"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "sha256-0rwWN024iablpqxA+MbnACVKA5rKpTaIWgnu6kuFKfY="; + hash = "sha256-vaObuFaQLm3WB36jE6Pri+zNSH4AgqlZF4d/Kymc2G4="; }; patches = [ diff --git a/pkgs/tools/security/crackmapexec/default.nix b/pkgs/tools/security/crackmapexec/default.nix index 9646f3a7caf2f..85b987d78c7c3 100644 --- a/pkgs/tools/security/crackmapexec/default.nix +++ b/pkgs/tools/security/crackmapexec/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "crackmapexec"; - version = "5.3.0"; + version = "5.4.0"; format = "pyproject"; src = fetchFromGitHub { - owner = "byt3bl33d3r"; + owner = "Porchetta-Industries"; repo = "CrackMapExec"; - rev = "v${version}"; - hash = "sha256-wPS1PCvR9Ffp0r9lZZkFATt+i+eR5ap16HzLWDZbJKI="; + rev = "refs/tags/v${version}"; + hash = "sha256-V2n840QyLofTfQE4vtFYGfQwl65sklp+KfNS9RCLvI8="; }; nativeBuildInputs = with python3.pkgs; [ @@ -27,6 +27,7 @@ python3.pkgs.buildPythonApplication rec { dsinternals impacket lsassy + masky msgpack neo4j paramiko @@ -56,7 +57,8 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool for pentesting networks"; - homepage = "https://github.com/byt3bl33d3r/CrackMapExec"; + homepage = "https://github.com/Porchetta-Industries/CrackMapExec"; + changelog = "https://github.com/Porchetta-Industries/CrackMapExec/releases/tag/v${version}"; license = with licenses; [ bsd2 ]; maintainers = with maintainers; [ fab ]; mainProgram = "cme"; diff --git a/pkgs/tools/security/crowdsec/default.nix b/pkgs/tools/security/crowdsec/default.nix new file mode 100644 index 0000000000000..ce76c5d9b450d --- /dev/null +++ b/pkgs/tools/security/crowdsec/default.nix @@ -0,0 +1,60 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "crowdsec"; + version = "1.4.2"; + + src = fetchFromGitHub { + owner = "crowdsecurity"; + repo = pname; + rev = "v${version}"; + hash = "sha256-hL3+hTOuwcbxiVZeq9oZjfKI1TJJt64g+74NolA3Drc="; + }; + + vendorHash = "sha256-FPsoufB9UDgBDIE3yUq4doBse3qgjP19ussYnMAxntk="; + + nativeBuildInputs = [ installShellFiles ]; + + subPackages = [ + "cmd/crowdsec" + "cmd/crowdsec-cli" + ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.Version=v${version}" + "-X github.com/crowdsecurity/crowdsec/pkg/cwversion.BuildDate=1970-01-01_00:00:00" + ]; + + postBuild = "mv $GOPATH/bin/{crowdsec-cli,cscli}"; + + postInstall = '' + mkdir -p $out/share/crowdsec + cp -r ./config $out/share/crowdsec/ + + installShellCompletion --cmd cscli \ + --bash <($out/bin/cscli completion bash) \ + --fish <($out/bin/cscli completion fish) \ + --zsh <($out/bin/cscli completion zsh) + ''; + + meta = with lib; { + homepage = "https://crowdsec.net/"; + changelog = "https://github.com/crowdsecurity/crowdsec/releases/tag/v${version}"; + description = "CrowdSec is a free, open-source and collaborative IPS"; + longDescription = '' + CrowdSec is a free, modern & collaborative behavior detection engine, + coupled with a global IP reputation network. It stacks on fail2ban's + philosophy but is IPV6 compatible and 60x faster (Go vs Python), uses Grok + patterns to parse logs and YAML scenario to identify behaviors. CrowdSec + is engineered for modern Cloud/Containers/VM based infrastructures (by + decoupling detection and remediation). Once detected you can remedy + threats with various bouncers (firewall block, nginx http 403, Captchas, + etc.) while the aggressive IP can be sent to CrowdSec for curation before + being shared among all users to further improve everyone's security. + ''; + license = licenses.mit; + maintainers = with maintainers; [ jk urandom ]; + }; +} diff --git a/pkgs/tools/security/echidna/default.nix b/pkgs/tools/security/echidna/default.nix index ae4a75902a970..8a902068d27b5 100644 --- a/pkgs/tools/security/echidna/default.nix +++ b/pkgs/tools/security/echidna/default.nix @@ -1,39 +1,32 @@ { lib , fetchFromGitHub # Haskell deps -, mkDerivation, aeson, ansi-terminal, base, base16-bytestring, binary, brick -, bytestring, cborg, containers, data-dword, data-has, deepseq, directory -, exceptions, filepath, hashable, hevm, hpack, lens, lens-aeson, megaparsec -, MonadRandom, mtl, optparse-applicative, process, random, stm, tasty -, tasty-hunit, tasty-quickcheck, temporary, text, transformers , unix, unliftio -, unliftio-core, unordered-containers, vector, vector-instances, vty -, wl-pprint-annotated, word8, yaml, extra, ListLike, semver +, mkDerivation, aeson, base, base16-bytestring, binary, brick, bytestring +, containers, data-dword, data-has, directory, exceptions, extra, filepath +, hashable, hevm, hpack, html-entities, lens, ListLike, MonadRandom, mtl +, optparse-applicative, process, random, semver, tasty, tasty-hunit +, tasty-quickcheck, text, transformers, unix, unliftio, unordered-containers +, vector, vector-instances, vty, yaml }: mkDerivation rec { pname = "echidna"; - version = "2.0.3"; + version = "2.0.4"; src = fetchFromGitHub { owner = "crytic"; repo = "echidna"; rev = "v${version}"; - sha256 = "sha256-ZLk3K00O6aERf+G5SagDVUk1/ba9U+9n9dqCImkczJs="; + sha256 = "sha256-DiEZGbd08QLP8zgrIssGYL6h18AprcWZSYp1mMu9TRw="; }; - # NOTE: echidna is behind with aeson because of hevm, this patch updates - # the code to work with the major aeson update that broke the build - # it's temporary until hevm version 0.50.0 is released - https://github.com/ethereum/hevm/milestone/1 - patches = [ ./echidna-update-aeson.patch ]; - isLibrary = true; isExecutable = true; libraryHaskellDepends = [ - aeson ansi-terminal base base16-bytestring binary brick bytestring cborg - containers data-dword data-has deepseq directory exceptions filepath - hashable hevm lens lens-aeson megaparsec MonadRandom mtl - optparse-applicative process random stm temporary text transformers unix - unliftio unliftio-core unordered-containers vector vector-instances vty - wl-pprint-annotated word8 yaml extra ListLike semver + aeson base base16-bytestring binary brick bytestring containers data-dword + data-has directory exceptions extra filepath hashable hevm html-entities + lens ListLike MonadRandom mtl optparse-applicative process random semver + text transformers unix unliftio unordered-containers vector vector-instances + vty yaml ]; libraryToolDepends = [ hpack ]; executableHaskellDepends = libraryHaskellDepends; diff --git a/pkgs/tools/security/echidna/echidna-update-aeson.patch b/pkgs/tools/security/echidna/echidna-update-aeson.patch deleted file mode 100644 index a8c1b8f700c51..0000000000000 --- a/pkgs/tools/security/echidna/echidna-update-aeson.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff --git a/lib/Echidna/Config.hs b/lib/Echidna/Config.hs -index f8d5777..3d761fe 100644 ---- a/lib/Echidna/Config.hs -+++ b/lib/Echidna/Config.hs -@@ -13,8 +13,8 @@ import Control.Monad.State (StateT(..), runStateT) - import Control.Monad.Trans (lift) - import Data.Bool (bool) - import Data.Aeson -+import Data.Aeson.KeyMap (keys) - import Data.Has (Has(..)) --import Data.HashMap.Strict (keys) - import Data.HashSet (fromList, insert, difference) - import Data.Maybe (fromMaybe) - import Data.Text (isPrefixOf) -@@ -23,11 +23,13 @@ import EVM.Types (w256) - - import qualified Control.Monad.Fail as M (MonadFail(..)) - import qualified Data.ByteString as BS -+import qualified Data.Aeson.Key as Key -+import qualified Data.HashSet as HS - import qualified Data.List.NonEmpty as NE - import qualified Data.Yaml as Y - - import Echidna.Test --import Echidna.Types.Campaign -+import Echidna.Types.Campaign - import Echidna.Mutator.Corpus (defaultMutationConsts) - import Echidna.Types.Config (EConfigWithUsage(..), EConfig(..)) - import Echidna.Types.Solidity -@@ -52,7 +54,7 @@ instance FromJSON EConfigWithUsage where - _ -> mempty - (c, ks) <- runStateT (parser v') $ fromList [] - let found = fromList (keys v') -- return $ EConfigWithUsage c (found `difference` ks) (ks `difference` found) -+ return $ EConfigWithUsage c (HS.map Key.toText $ found `difference` ks) (HS.map Key.toText $ ks `difference` found) - -- this parser runs in StateT and comes equipped with the following - -- equivalent unary operators: - -- x .:? k (Parser) <==> x ..:? k (StateT) diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json index 20d252bce5805..d967b2266ae10 100644 --- a/pkgs/tools/security/enpass/data.json +++ b/pkgs/tools/security/enpass/data.json @@ -1,8 +1,8 @@ { "amd64": { - "path": "pool/main/e/enpass/enpass_6.6.1.809_amd64.deb", - "sha256": "b1b9bd67653c3163bd80b340150ecf123552cbe4af23c350fbadea8ffd7939ba", - "version": "6.6.1.809" + "path": "pool/main/e/enpass/enpass_6.8.5.1173_amd64.deb", + "sha256": "5855e617041d73682320f3643eb4136c93eef2beaf3be9d37cbadfc76d719b5b", + "version": "6.8.5.1173" }, "i386": { "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", diff --git a/pkgs/tools/security/enpass/default.nix b/pkgs/tools/security/enpass/default.nix index e7a3eb8bae3c0..cd5a3bc4618f6 100644 --- a/pkgs/tools/security/enpass/default.nix +++ b/pkgs/tools/security/enpass/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchurl, dpkg, xorg , glib, libGLU, libGL, libpulseaudio, zlib, dbus, fontconfig, freetype , gtk3, pango -, makeWrapper , python3Packages, lib +, makeWrapper , python3Packages, lib, libcap , lsof, curl, libuuid, cups, mesa, xz, libxkbcommon }: @@ -14,7 +14,7 @@ let data = all_data.${system_map.${stdenv.hostPlatform.system} or (throw "Unsupported platform")}; - baseUrl = "http://repo.sinew.in"; + baseUrl = "https://apt.enpass.io"; # used of both wrappers and libpath libPath = lib.makeLibraryPath (with xorg; [ @@ -32,12 +32,17 @@ let libXrender libXScrnSaver libxcb + libcap glib gtk3 pango curl libuuid cups + xcbutilwm # libxcb-icccm.so.4 + xcbutilimage # libxcb-image.so.0 + xcbutilkeysyms # libxcb-keysyms.so.1 + xcbutilrenderutil # libxcb-render-util.so.0 xz libxkbcommon ]); @@ -57,7 +62,7 @@ let sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.unfree; platforms = [ "x86_64-linux" "i686-linux"]; - maintainers = with maintainers; [ ewok ]; + maintainers = with maintainers; [ ewok dritter ]; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/erosmb/default.nix b/pkgs/tools/security/erosmb/default.nix index 0a40fa7d6674f..90165b6581648 100644 --- a/pkgs/tools/security/erosmb/default.nix +++ b/pkgs/tools/security/erosmb/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "erosmb"; - version = "0.1.2"; + version = "0.1.4"; format = "pyproject"; src = fetchFromGitHub { owner = "viktor02"; repo = "EroSmb"; rev = "refs/tags/v${version}"; - hash = "sha256-H3ozc1DXBdXlqEg53eVGGTqK6m2eiY+Qtl0Ul3lUByk="; + hash = "sha256-ThJwBKpxoTwHP84OlVKH62gQ3kfv83J8HNs5Mizi8Ck="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -41,6 +41,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "SMB network scanner"; homepage = "https://github.com/viktor02/EroSmb"; + changelog = "https://github.com/viktor02/EroSmb/releases/tag/v${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index cd1b1acccad9b..9718f0095d02b 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-11-12"; + version = "2022-11-22"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-0k9q+xwzIdmhVe5zL1qoE6QzzGV3gm6RL97c7zi3Rg8="; + hash = "sha256-G871FvwekcF5uMq7NRoWuIb9UqzIbMniboKlUzgCaeI="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/faraday-agent-dispatcher/default.nix b/pkgs/tools/security/faraday-agent-dispatcher/default.nix index ff9bdaa1ab338..7b571380b3197 100644 --- a/pkgs/tools/security/faraday-agent-dispatcher/default.nix +++ b/pkgs/tools/security/faraday-agent-dispatcher/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-agent-dispatcher"; - version = "2.3.0"; + version = "2.4.0"; format = "setuptools"; src = fetchFromGitHub { owner = "infobyte"; repo = "faraday_agent_dispatcher"; rev = "refs/tags/${version}"; - hash = "sha256-lsSpD3XJ6Yw9viRCRB7zhl/KTC6Nwle2vnZ9xWr4Ujo="; + hash = "sha256-gZXA+2zW25Dl8JmBgg7APZt6ZdpFOEFZXAkiZ+tn/4g="; }; nativeBuildInputs = with python3.pkgs; [ @@ -25,6 +25,7 @@ python3.pkgs.buildPythonApplication rec { faraday-agent-parameters-types faraday-plugins itsdangerous + psutil python-gvm python-owasp-zap-v2-4 pyyaml @@ -64,6 +65,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to send result from tools to the Faraday Platform"; homepage = "https://github.com/infobyte/faraday_agent_dispatcher"; + changelog = "https://github.com/infobyte/faraday_agent_dispatcher/releases/tag/${version}"; license = with licenses; [ gpl3Only ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/faraday-cli/default.nix b/pkgs/tools/security/faraday-cli/default.nix index 8127ffe3310e5..a1439ecd1ec5b 100644 --- a/pkgs/tools/security/faraday-cli/default.nix +++ b/pkgs/tools/security/faraday-cli/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-cli"; - version = "2.1.7"; + version = "2.1.8"; format = "setuptools"; src = fetchFromGitHub { owner = "infobyte"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-kZqJVJ6XrCC3iDSTJP8AmIs4WkxiAFimFIexl0L/HT0="; + hash = "sha256-b2vFejsksLcEchUqo+kw01S+dT2UMD5MPAzSWmpREgQ="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -44,6 +44,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Command Line Interface for Faraday"; homepage = "https://github.com/infobyte/faraday-cli"; + changelog = "https://github.com/infobyte/faraday-cli/releases/tag/${version}"; license = with licenses; [ gpl3Only ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/firefox_decrypt/default.nix b/pkgs/tools/security/firefox_decrypt/default.nix index 3ca0774e22ead..86bfb5f72242a 100644 --- a/pkgs/tools/security/firefox_decrypt/default.nix +++ b/pkgs/tools/security/firefox_decrypt/default.nix @@ -3,6 +3,7 @@ , stdenvNoCC , nss , wrapPython +, nix-update-script }: stdenvNoCC.mkDerivation rec { @@ -34,7 +35,10 @@ stdenvNoCC.mkDerivation rec { wrapPythonPrograms ''; - passthru.updateScript = ./update.sh; + passthru.updateScript = nix-update-script { + attrPath = pname; + extraArgs = [ "--version=branch" ]; + }; meta = with lib; { homepage = "https://github.com/unode/firefox_decrypt"; diff --git a/pkgs/tools/security/firefox_decrypt/update.sh b/pkgs/tools/security/firefox_decrypt/update.sh deleted file mode 100755 index a56807f0ba0c4..0000000000000 --- a/pkgs/tools/security/firefox_decrypt/update.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -p common-updater-scripts git jq nix nix-prefetch-git -git_url='https://github.com/unode/firefox_decrypt.git' -git_branch='master' -git_dir='/var/tmp/firefox_decrypt.git' -nix_file="$(dirname "${BASH_SOURCE[0]}")/default.nix" -pkg='firefox_decrypt' - -set -euo pipefail - -info() { - if [ -t 2 ]; then - set -- '\033[32m%s\033[39m\n' "$@" - else - set -- '%s\n' "$@" - fi - printf "$@" >&2 -} - -old_rev=$(nix-instantiate --eval --strict --json -A "$pkg.src.rev" | jq -r) -old_version=$(nix-instantiate --eval --strict --json -A "$pkg.version" | jq -r) -today=$(LANG=C date -u +'%Y-%m-%d') - -info "fetching $git_url..." -if [ ! -d "$git_dir" ]; then - git init --initial-branch="$git_branch" "$git_dir" - git -C "$git_dir" remote add origin "$git_url" -fi -git -C "$git_dir" fetch origin "$git_branch" - -# use latest commit before today, we should not call the version *today* -# because there might still be commits coming -# use the day of the latest commit we picked as version -new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch") -new_version="unstable-$(git -C "$git_dir" log -n 1 --format='format:%cs' "$new_rev")" -info "latest commit before $today: $new_rev" - -if [ "$new_rev" = "$old_rev" ]; then - info "$pkg is up-to-date." - exit -fi - -new_sha256=$(nix-prefetch-git --rev "$new_rev" "$git_dir" | jq -r .sha256) -update-source-version "$pkg" \ - "$new_version" \ - "$new_sha256" \ - --rev="$new_rev" -git add "$nix_file" -git commit --verbose --message "$pkg: $old_version -> $new_version" diff --git a/pkgs/tools/security/git-hound/default.nix b/pkgs/tools/security/git-hound/default.nix deleted file mode 100644 index 463d550cbcabb..0000000000000 --- a/pkgs/tools/security/git-hound/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ buildGoModule -, fetchFromGitHub -, lib -}: - -buildGoModule rec { - pname = "git-hound"; - version = "1.4"; - - src = fetchFromGitHub { - owner = "tillson"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-HD5OK8HjnLDbyC/TmVI2HfBRIUCyyHTbA3JvKoeXV5E="; - }; - - vendorSha256 = null; #vendorSha256 = ""; - - meta = with lib; { - description = "Reconnaissance tool for GitHub code search"; - longDescription = '' - GitHound pinpoints exposed API keys and other sensitive information - across all of GitHub using pattern matching, commit history searching, - and a unique result scoring system. - ''; - homepage = "https://github.com/tillson/git-hound"; - license = with licenses; [ mit ]; - maintainers = with maintainers; [ fab ]; - broken = true; # vendor isn't reproducible with go > 1.17: nix-build -A $name.go-modules --check - }; -} diff --git a/pkgs/tools/security/gitleaks/default.nix b/pkgs/tools/security/gitleaks/default.nix index ed8ebf669c3df..607920e030827 100644 --- a/pkgs/tools/security/gitleaks/default.nix +++ b/pkgs/tools/security/gitleaks/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.15.0"; + version = "8.15.2"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-KqShYaUODClKkbLs3jaj55WXy9HyyBzvY5KdNOqEXPE="; + hash = "sha256-3hDAkKuKBp3Q61rDWXy4NWgOteSQAjcdom0GzM35hlc="; }; - vendorSha256 = "sha256-Ev0/CSpwJDmc+Dvu/bFDzsgsq80rWImJWXNAUqYHgoE="; + vendorHash = "sha256-Ev0/CSpwJDmc+Dvu/bFDzsgsq80rWImJWXNAUqYHgoE="; ldflags = [ "-s" @@ -25,7 +25,9 @@ buildGoModule rec { "-X github.com/zricethezav/gitleaks/v${lib.versions.major version}/cmd.Version=${version}" ]; - nativeBuildInputs = [ installShellFiles ]; + nativeBuildInputs = [ + installShellFiles + ]; # With v8 the config tests are are blocking doCheck = false; @@ -49,6 +51,7 @@ buildGoModule rec { API keys and tokens in git repos. ''; homepage = "https://github.com/zricethezav/gitleaks"; + changelog = "https://github.com/zricethezav/gitleaks/releases/tag/v${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/gitls/default.nix b/pkgs/tools/security/gitls/default.nix deleted file mode 100644 index 4cda10b380575..0000000000000 --- a/pkgs/tools/security/gitls/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib -, buildGoModule -, gitls -, fetchFromGitHub -, testers -}: - -buildGoModule rec { - pname = "gitls"; - version = "1.0.4"; - - src = fetchFromGitHub { - owner = "hahwul"; - repo = pname; - rev = "v${version}"; - hash = "sha256-kLkH/nNidd1QNPKvo7fxZwMhTgd4AVB8Ofw0Wo0z6c0="; - }; - - vendorSha256 = null; - - passthru.tests.version = testers.testVersion { - package = gitls; - command = "gitls -version"; - version = "v${version}"; - }; - - meta = with lib; { - description = "Tools to enumerate git repository URL"; - homepage = "https://github.com/hahwul/gitls"; - changelog = "https://github.com/hahwul/gitls/releases/tag/v${version}"; - license = licenses.mit; - maintainers = with maintainers; [ fab ]; - }; -} diff --git a/pkgs/tools/security/gitsign/default.nix b/pkgs/tools/security/gitsign/default.nix deleted file mode 100644 index f6d61ce25e09e..0000000000000 --- a/pkgs/tools/security/gitsign/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, buildGoModule, fetchFromGitHub, stdenv, makeWrapper, gitMinimal }: - -buildGoModule rec { - pname = "gitsign"; - version = "0.3.2"; - - src = fetchFromGitHub { - owner = "sigstore"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-hDVn7ZiZoY0FSgIsApZliMIq1xjuNdg+DMvKzP5kET0="; - }; - vendorSha256 = "sha256-5hVcul5DlHZ0Gtw1LdBmxGpsmuD2bTtwPGysOUwe2k0="; - - nativeBuildInputs = [ makeWrapper ]; - - ldflags = [ "-s" "-w" "-buildid=" "-X github.com/sigstore/gitsign/pkg/version.gitVersion=${version}" ]; - - postInstall = '' - for f in $out/bin/*; do - wrapProgram $f --prefix PATH : ${lib.makeBinPath [ gitMinimal ]} - done - ''; - - meta = { - homepage = "https://github.com/sigstore/gitsign"; - changelog = "https://github.com/sigstore/gitsign/releases/tag/v${version}"; - description = "Keyless Git signing using Sigstore"; - license = lib.licenses.asl20; - maintainers = with lib.maintainers; [ lesuisse ]; - }; -} diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index abd19c92c387d..471028e6c8e02 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.14.10"; + version = "1.15.0"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -21,10 +21,10 @@ buildGoModule rec { owner = "gopasspw"; repo = pname; rev = "v${version}"; - hash = "sha256-a+JE/s94ynazX50LxVyywzVI5JINK22H76HHwEtw7K0="; + hash = "sha256-1nf8nzSOI22z/lvhS8Urq6B6OUMcFFrPZoHIbRINz4c="; }; - vendorHash = "sha256-2TlV2cRV/1kugDWo9mhQfDy5jRm6LzTIW54BhZlVt+0="; + vendorHash = "sha256-1ILZtvgwn60NIaOy7zRcYA/PFrnLSb7ykAUd/WrGYtQ="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/git-credential.nix b/pkgs/tools/security/gopass/git-credential.nix index 8cc132a80021a..27fcade3368dc 100644 --- a/pkgs/tools/security/gopass/git-credential.nix +++ b/pkgs/tools/security/gopass/git-credential.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "git-credential-gopass"; - version = "1.14.9"; + version = "1.15.0"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - hash = "sha256-ULR/Rbl9wt7Vmb9d46/fVkihz10mlIwKA0tUTSU0PSk="; + hash = "sha256-o1kkS8JlPFIiwm3nQLMuERcb4NC3v8FIG0kYGrGzkbA="; }; - vendorHash = "sha256-7wDDHgLLoSIh/Qojz6cudUBN/HzS+ViZn0IZPRymAfg="; + vendorHash = "sha256-KPCmYNSMa8F9xtStEyN5xho2/OF1ZqVFmLexHV3wJzM="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/hibp.nix b/pkgs/tools/security/gopass/hibp.nix index abbfe4c34a1b9..986809beb0455 100644 --- a/pkgs/tools/security/gopass/hibp.nix +++ b/pkgs/tools/security/gopass/hibp.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-hibp"; - version = "1.14.9"; + version = "1.15.0"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - hash = "sha256-hakRd581apcP0Nw+j5O3y7ERjIai0FmfXPBQz5ARZaQ="; + hash = "sha256-VBi4Lk1lQb/p2iyY2EbRuizNATu/MJ/PErfUT53enrE="; }; - vendorHash = "sha256-TX/4DL1LxM6ldfEViFj3PYtGgI8oAYJfoQvV5gjc4CA="; + vendorHash = "sha256-PRSl1JkEb4yuQWeNAfkr8Iq2cYMVngUl9nLXEkHd7GU="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/jsonapi.nix b/pkgs/tools/security/gopass/jsonapi.nix index 6b27eb5cb2b27..dcd2e10dab2fd 100644 --- a/pkgs/tools/security/gopass/jsonapi.nix +++ b/pkgs/tools/security/gopass/jsonapi.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gopass-jsonapi"; - version = "1.14.9"; + version = "1.15.0"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - hash = "sha256-dyscOIlJjZ8P6sEMC9YqhAAI6ewruyztnxOawLfYUWE="; + hash = "sha256-0pCk82na0lWEaRlHhf/Q2BC3K2/sLBHZzKvCN86TMMI="; }; - vendorHash = "sha256-AAicxPFPYiEB8L33lp4hVaM0bCU1sshdPBV1P55eI/4="; + vendorHash = "sha256-fuazCxWJAnxUsxakN2VT9DWNwRO/s89G1sJXk48uO34="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/summon.nix b/pkgs/tools/security/gopass/summon.nix index f385181e6454a..2bca19acb77f6 100644 --- a/pkgs/tools/security/gopass/summon.nix +++ b/pkgs/tools/security/gopass/summon.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-summon-provider"; - version = "1.14.9"; + version = "1.15.0"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - hash = "sha256-6uPW83/BnFtjfqCq5D3qpAZkqJG94ROUrgFbsEJBBcg="; + hash = "sha256-cF9nwFmBpK/Q3ZIkYos8PSQJmRAnqXCrVcfb72TXpdE="; }; - vendorHash = "sha256-7wDDHgLLoSIh/Qojz6cudUBN/HzS+ViZn0IZPRymAfg="; + vendorHash = "sha256-KPCmYNSMa8F9xtStEyN5xho2/OF1ZqVFmLexHV3wJzM="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gotrue/default.nix b/pkgs/tools/security/gotrue/default.nix new file mode 100644 index 0000000000000..112e0c4ddc6d1 --- /dev/null +++ b/pkgs/tools/security/gotrue/default.nix @@ -0,0 +1,32 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "gotrue"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "netlify"; + repo = pname; + rev = "v${version}"; + hash = "sha256-9h6CyCY7741tJR+qWDLwgPkAtE/kmaoTqlXEY+mOW58="; + }; + + vendorHash = "sha256-x96+l9EBzYplGRFHsfQazSjqZs35bdXQEJv3pBuaJVo="; + + ldflags = [ + "-s" + "-w" + "-X=github.com/netlify/gotrue/cmd.Version=${version}" + ]; + + # integration tests require network access + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/netlify/gotrue"; + description = "An SWT based API for managing users and issuing SWT tokens"; + changelog = "https://github.com/netlify/gotrue/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ urandom ]; + }; +} diff --git a/pkgs/tools/security/gotrue/supabase.nix b/pkgs/tools/security/gotrue/supabase.nix new file mode 100644 index 0000000000000..5cdbe402501c5 --- /dev/null +++ b/pkgs/tools/security/gotrue/supabase.nix @@ -0,0 +1,32 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "gotrue"; + version = "2.35.0"; + + src = fetchFromGitHub { + owner = "supabase"; + repo = pname; + rev = "v${version}"; + hash = "sha256-uFE2pcEpGhrl8LcZLvYEMlq8sgRmFkltf3H8huZzXpM="; + }; + + vendorHash = "sha256-uchgHxUczb4IIUkUdHWyeXWr2LXda6eWwjQxUBcPDoA="; + + ldflags = [ + "-s" + "-w" + "-X=github.com/netlify/gotrue/utilities.Version=${version}" + ]; + + # integration tests require network to connect to postgres database + doCheck = false; + + meta = with lib; { + homepage = "https://github.com/supabase/gotrue"; + description = "A JWT based API for managing users and issuing JWT tokens"; + changelog = "https://github.com/supabase/gotrue/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ urandom ]; + }; +} diff --git a/pkgs/tools/security/graphinder/default.nix b/pkgs/tools/security/graphinder/default.nix index 46081281fc5f4..ce9ccc7079caa 100644 --- a/pkgs/tools/security/graphinder/default.nix +++ b/pkgs/tools/security/graphinder/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "graphinder"; - version = "1.11.5"; + version = "1.11.6"; format = "pyproject"; src = fetchFromGitHub { owner = "Escape-Technologies"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-ds0XPDDeBtN9AXGIyxqj9aDJyQWekWVL8zbSYRKWw18="; + hash = "sha256-TDc6aIFkxShlfC6fLYMKULfrFUAYhQZrIHZNDuMh68g="; }; nativeBuildInputs = with python3.pkgs; [ @@ -49,6 +49,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to find GraphQL endpoints using subdomain enumeration"; homepage = "https://github.com/Escape-Technologies/graphinder"; + changelog = "https://github.com/Escape-Technologies/graphinder/releases/tag/v${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index e55b721034333..df49bd6671c1f 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "grype"; - version = "0.53.0"; + version = "0.53.1"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-um+uyY8kPkouF/9Kms0xZYhgYeZC/pE6w+JCVcKWdpI="; + hash = "sha256-14SkLv/9xydO8uCpKdQSrbr1hY55DMuer91P4YUnkic="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -27,13 +27,15 @@ buildGoModule rec { ''; }; proxyVendor = true; - vendorSha256 = "sha256-BP5Tvv5s74uxjVcEC0QPaw2tGPmkOjZmyCrPwwoz7o4="; + + vendorHash = "sha256-L5ucftMsChGwNoIft8gxg52sNrZyMifuLr0QvSHiCs0="; nativeBuildInputs = [ installShellFiles ]; subPackages = [ "." ]; + excludedPackages = "test/integration"; ldflags = [ diff --git a/pkgs/tools/security/hashrat/default.nix b/pkgs/tools/security/hashrat/default.nix new file mode 100644 index 0000000000000..7923021f83555 --- /dev/null +++ b/pkgs/tools/security/hashrat/default.nix @@ -0,0 +1,32 @@ +{ lib +, stdenv +, fetchFromGitHub +}: + +stdenv.mkDerivation rec { + pname = "hashrat"; + version = "1.15"; + + src = fetchFromGitHub { + owner = "ColumPaget"; + repo = "Hashrat"; + rev = "v${version}"; + hash = "sha256-+3IPCJS++7CE0ZrJb62LCRrAn2J4uCF3a1oOzDoOW0w="; + }; + + configureFlags = [ "--enable-xattr" ]; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = with lib; { + description = "Command-line hash-generation utility"; + longDescription = '' + Hashing tool supporting md5,sha1,sha256,sha512,whirlpool,jh and hmac versions of these. + Includes recursive file hashing and other features. + ''; + homepage = "http://www.cjpaget.co.uk/Code/Hashrat"; + license = licenses.gpl3Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ zendo ]; + }; +} diff --git a/pkgs/tools/security/iaito/default.nix b/pkgs/tools/security/iaito/default.nix index b3b1b805c5d98..ed4759f16b44b 100644 --- a/pkgs/tools/security/iaito/default.nix +++ b/pkgs/tools/security/iaito/default.nix @@ -9,52 +9,74 @@ , qttools , radare2 , wrapQtAppsHook -, nix-update-script }: -# TODO MacOS support. -# TODO Build and install translations. - stdenv.mkDerivation rec { pname = "iaito"; - version = "5.7.6"; - - src = fetchFromGitHub { - owner = "radareorg"; - repo = pname; - rev = version; - sha256 = "sha256-PnIOoWPYLK30lMmLVctihCs7GBo0rTN8yetWAr21h9w="; - }; + version = "5.7.8"; - nativeBuildInputs = [ meson ninja pkg-config python3 qttools wrapQtAppsHook ]; - - buildInputs = [ radare2 qtbase ]; + srcs = [ + (fetchFromGitHub rec { + owner = "radareorg"; + repo = "iaito"; + rev = version; + hash = "sha256-c36WLpVUnffeY6cXSEHvguo8BHyxaLAluN9hBKsQc0s="; + name = repo; + }) + (fetchFromGitHub rec { + owner = "radareorg"; + repo = "iaito-translations"; + rev = "ab923335409fa298c39f0014588d78d926c6f3a2"; + hash = "sha256-qkIC67a6YRwOa2Sr16Vg6If1TmAiSKUV7hw13Wxwl/w="; + name = repo; + }) + ]; + sourceRoot = "iaito/src"; postUnpack = '' - sourceRoot=$sourceRoot/src + chmod -R u+w iaito-translations + ''; + + postPatch = '' + substituteInPlace common/ResourcePaths.cpp \ + --replace "/app/share/iaito/translations" "$out/share/iaito/translations" ''; - # TODO Fix version checking and version information for r2. - # Version checking always fails due to values being empty strings for some - # reason. Meanwhile, we can safely assume that radare2's runtime and - # compile-time implementations are the same and remove this check. - patches = [ ./remove-broken-version-check.patch ]; + nativeBuildInputs = [ + meson + ninja + pkg-config + python3 + qttools + wrapQtAppsHook + ]; + + buildInputs = [ + qtbase + radare2 + ]; + + postBuild = '' + pushd ../../../iaito-translations + make build PREFIX=$out + popd + ''; installPhase = '' runHook preInstall install -m755 -Dt $out/bin iaito - install -m644 -Dt $out/share/metainfo $src/src/org.radare.iaito.appdata.xml - install -m644 -Dt $out/share/applications $src/src/org.radare.iaito.desktop - install -m644 -Dt $out/share/pixmaps $src/src/img/iaito-o.svg + install -m644 -Dt $out/share/metainfo ../org.radare.iaito.appdata.xml + install -m644 -Dt $out/share/applications ../org.radare.iaito.desktop + install -m644 -Dt $out/share/pixmaps ../img/iaito-o.svg + + pushd ../../../iaito-translations + make install PREFIX=$out -j$NIX_BUILD_CORES + popd runHook postInstall ''; - passthru.updateScript = nix-update-script { - attrPath = pname; - }; - meta = with lib; { description = "An official graphical interface of radare2"; longDescription = '' @@ -62,7 +84,7 @@ stdenv.mkDerivation rec { continuation of Cutter for radare2 after the Rizin fork. ''; homepage = "https://radare.org/n/iaito.html"; - changelog = "https://github.com/radareorg/iaito/releases/tag/${src.rev}"; + changelog = "https://github.com/radareorg/iaito/releases/tag/${version}"; license = licenses.gpl3Plus; maintainers = with maintainers; [ azahi ]; platforms = platforms.linux; diff --git a/pkgs/tools/security/iaito/remove-broken-version-check.patch b/pkgs/tools/security/iaito/remove-broken-version-check.patch deleted file mode 100644 index 7c4e3ef30ace3..0000000000000 --- a/pkgs/tools/security/iaito/remove-broken-version-check.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff --git i/IaitoApplication.cpp w/IaitoApplication.cpp -index 25b6a4e7..4cbde5c4 100644 ---- i/IaitoApplication.cpp -+++ w/IaitoApplication.cpp -@@ -33,27 +33,6 @@ - #include <R2GhidraDecompiler.h> - #endif - --static bool versionCheck() { -- // Check r2 version -- QString a = r_core_version (); // runtime library version -- QString b = "" R2_GITTAP; // compiled version -- QStringList la = a.split("."); -- QStringList lb = b.split("."); -- if (la.size() < 2 && lb.size() < 2) { -- eprintf ("Invalid version string somwhere\n"); -- return false; -- } -- if (la.at(0) != lb.at(0)) { -- eprintf ("Major version differs\n"); -- return false; -- } -- if (la.at(1) != lb.at(1)) { -- eprintf ("Minor version differs\n"); -- return false; -- } -- return true; --} -- - IaitoApplication::IaitoApplication(int &argc, char **argv) : QApplication(argc, argv) - { - // Setup application information -@@ -101,21 +80,6 @@ IaitoApplication::IaitoApplication(int &argc, char **argv) : QApplication(argc, - std::exit(1); - } - -- if (!versionCheck ()) { -- QMessageBox msg; -- msg.setIcon(QMessageBox::Critical); -- msg.setStandardButtons(QMessageBox::Yes | QMessageBox::No); -- msg.setWindowTitle(QObject::tr("Version mismatch!")); -- QString localVersion = r_core_version (); -- QString r2version = R2_GITTAP; -- msg.setText(QString( -- QObject::tr("The version used to compile Iaito (%1) does not match the binary version of radare2 (%2). This could result in unexpected behaviour. Are you sure you want to continue?")).arg( -- localVersion, r2version)); -- if (msg.exec() == QMessageBox::No) { -- std::exit(1); -- } -- } -- - #ifdef IAITO_ENABLE_PYTHON - // Init python - if (!clOptions.pythonHome.isEmpty()) { diff --git a/pkgs/tools/security/inql/default.nix b/pkgs/tools/security/inql/default.nix index 28abbe075bf4a..97781e42d5f17 100644 --- a/pkgs/tools/security/inql/default.nix +++ b/pkgs/tools/security/inql/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "inql"; - version = "4.0.5"; + version = "4.0.6"; src = fetchFromGitHub { owner = "doyensec"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-0LPJMCg7F9kcPcq4jkADdCPNLfRThXu8QHy4qOn7+QU="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-DFGJHqdrCmOZn8GdY5SZ1PrOhuIsMLoK+2Fry9WkRiY="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/jwx/default.nix b/pkgs/tools/security/jwx/default.nix index d124c504039ab..46a011c4cdb6d 100644 --- a/pkgs/tools/security/jwx/default.nix +++ b/pkgs/tools/security/jwx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "jwx"; - version = "2.0.7"; + version = "2.0.8"; src = fetchFromGitHub { owner = "lestrrat-go"; repo = pname; rev = "v${version}"; - hash = "sha256-rnzRl7pvX/qBteEbgXrFCzAvtP9Izy6YAZJhy/4nXl4="; + hash = "sha256-eoXSSXh9NxWLgogrE2hDjsPxqeUmH54TnYXwhm7kpz4="; }; - vendorSha256 = "sha256-96Vxl84+xjRGxudBOaMX8LpRxfYqC2c+hVsipT0NLwE="; + vendorSha256 = "sha256-fbNnSjUOHnm/zxEGdhHQEKHgYp+nW1rgvMGJBm4b9IM="; sourceRoot = "source/cmd/jwx"; diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 68cd26e5cc345..2d1e9362f15b4 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.2.27" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.2.29" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index 2fef911c967a7..1f1838db98acc 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 1847611817b4dbea38ac13c83ac2c4abd92d7bc2 - ref: refs/tags/6.2.27 + revision: 4120d9bda17afde78f1f756ac43ca78ed3cf8266 + ref: refs/tags/6.2.29 specs: - metasploit-framework (6.2.27) + metasploit-framework (6.2.29) actionpack (~> 6.0) activerecord (~> 6.0) activesupport (~> 6.0) @@ -129,22 +129,22 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.664.0) - aws-sdk-core (3.168.1) + aws-partitions (1.670.0) + aws-sdk-core (3.168.3) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.351.0) + aws-sdk-ec2 (1.353.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) aws-sdk-iam (1.73.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.59.0) + aws-sdk-kms (1.60.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.117.1) + aws-sdk-s3 (1.117.2) aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) @@ -204,9 +204,9 @@ GEM i18n (1.12.0) concurrent-ruby (~> 1.0) io-console (0.5.11) - irb (1.4.3) + irb (1.5.1) reline (>= 0.3.0) - jmespath (1.6.1) + jmespath (1.6.2) jsobfu (0.4.2) rkelly-remix json (2.6.2) @@ -222,7 +222,7 @@ GEM activemodel (~> 6.0) activesupport (~> 6.0) railties (~> 6.0) - metasploit-credential (5.0.9) + metasploit-credential (6.0.0) metasploit-concern metasploit-model metasploit_data_models (>= 5.0.0) @@ -292,7 +292,7 @@ GEM nio4r (~> 2.0) racc (1.6.0) rack (2.2.4) - rack-protection (3.0.3) + rack-protection (3.0.4) rack rack-test (2.0.2) rack (>= 1.3) @@ -380,10 +380,10 @@ GEM faraday (>= 0.17.3, < 3) simpleidn (0.2.1) unf (~> 0.1.4) - sinatra (3.0.3) + sinatra (3.0.4) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.3) + rack-protection (= 3.0.4) tilt (~> 2.0) sqlite3 (1.5.4) mini_portile2 (~> 2.8.0) @@ -399,7 +399,7 @@ GEM ttfunk (1.7.0) tzinfo (2.0.5) concurrent-ruby (~> 1.0) - tzinfo-data (1.2022.6) + tzinfo-data (1.2022.7) tzinfo (>= 1.0.0) unf (0.1.4) unf_ext @@ -436,4 +436,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.3.24 + 2.3.25 diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 8acd5d35d5108..61c014ec30615 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.2.27"; + version = "6.2.29"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-0wovO6Dt65vA5C2/XNfHf4fsc3GvWp4mnh9gsY3O8Is="; + sha256 = "sha256-vYQWoGFD9dfjfk8hUEMnp8Cyw2Niirua1+3eEWmFTvo="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index 38f9f23b3344d..3cc8345303776 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -104,30 +104,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1h69kvk5nrjfznms3dy9xk552xzv4kbq7ks9wgj1fdbxzc3rszng"; + sha256 = "0wk2yb843p59hsccbyxdq820sd9i5gnqlcmk5fsjkfa7gsi1pkx9"; type = "gem"; }; - version = "1.664.0"; + version = "1.670.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1vnnv9gk3dapng8siaqdimqkr4a99lfavx7lkwx2jiyy1p6c50rb"; + sha256 = "1g4fqc5a4zi8ka1cpxpigia4235nrc1iryhr16k80j25lnnpw9zx"; type = "gem"; }; - version = "3.168.1"; + version = "3.168.3"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fcisnrj46idp0gmzjba39w5ay7phs0q8lai5mdwgn790n3cxkqr"; + sha256 = "0za06zizzqqbkl6vrlchkv2dr7bj7zybwb89hmz3h5b6rnb2zhk9"; type = "gem"; }; - version = "1.351.0"; + version = "1.353.0"; }; aws-sdk-iam = { groups = ["default"]; @@ -144,20 +144,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lq1f03gy02f8z5fpc61kngkja8kkgk2m8cc6g42aij0iszjw03c"; + sha256 = "00f3rgidlayqsa5ml1vrzn346a3mprg61hfhln67lsbnkgn7nq54"; type = "gem"; }; - version = "1.59.0"; + version = "1.60.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17ah9j82313ynb8nkcbq21fa3dy1a3v6lk5kdrhphazbpb2xmxkn"; + sha256 = "1xpb8c8zw1c0grbw1rcc0ynlys1301vm9kkqy4ls3i2zqk5v6n91"; type = "gem"; }; - version = "1.117.1"; + version = "1.117.2"; }; aws-sigv4 = { groups = ["default"]; @@ -504,20 +504,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s28igrsspxmhwmwalv9c7g6ld2glzns2vhlfqmc3jnvnr68yhf1"; + sha256 = "0gisknwrww9sd3avg06cj633qh8c74i7vhma0fwfhr3qy0pr0ind"; type = "gem"; }; - version = "1.4.3"; + version = "1.5.1"; }; jmespath = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1mnvb80cdg7fzdcs3xscv21p28w4igk5sj5m7m81xp8v2ks87jj0"; + sha256 = "1cdw9vw2qly7q7r41s7phnac264rbsdqgj4l0h4nqgbjb157g393"; type = "gem"; }; - version = "1.6.1"; + version = "1.6.2"; }; jsobfu = { groups = ["default"]; @@ -594,22 +594,22 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ydwdnjv2jf455ygdh3i6jqyc622mniby6fbjkvg997j29v0y7a3"; + sha256 = "045aap4wrslclbvm2rczdxlgivyx9ricdbg2z9xk5xamf6cxfrx1"; type = "gem"; }; - version = "5.0.9"; + version = "6.0.0"; }; metasploit-framework = { groups = ["default"]; platforms = []; source = { fetchSubmodules = false; - rev = "1847611817b4dbea38ac13c83ac2c4abd92d7bc2"; - sha256 = "12zhrs6v2q0zkqk9wnmgf5ryr1vzqzbmrgrdwk09pszdl0xjy2nk"; + rev = "4120d9bda17afde78f1f756ac43ca78ed3cf8266"; + sha256 = "1yjfhmli3ppdsydbp2k2cg1v5h574x1m08aggvixgxa3c6h1d15x"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.2.27"; + version = "6.2.29"; }; metasploit-model = { groups = ["default"]; @@ -957,10 +957,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1sfk4i52yijcggkzkwj3z6k2iv9fdacmcgcid1c8xjcldh93fhpg"; + sha256 = "1kljmw1lhzqjcwnwadr5m2khii0h2lsah447zb9vgirrv5jszg9h"; type = "gem"; }; - version = "3.0.3"; + version = "3.0.4"; }; rack-test = { groups = ["default"]; @@ -1337,10 +1337,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0znx4qhvgah5k696crv954xkrh8z4gick2fx04xl67wng7nnwrrc"; + sha256 = "1lgvrna3wvm21y350hrasdb4w8119cn1fd0prrrj76ws5w0pdzvc"; type = "gem"; }; - version = "3.0.3"; + version = "3.0.4"; }; sqlite3 = { dependencies = ["mini_portile2"]; @@ -1438,10 +1438,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dpwi70x9jrpvc7p103ci0kppam79wqqrskq9n39r3jrp4b4j27w"; + sha256 = "0drm9pygji01pyimxq65ngdvgpn228g7fhffmrqw0xn7l2rdhclp"; type = "gem"; }; - version = "1.2022.6"; + version = "1.2022.7"; }; unf = { groups = ["default"]; diff --git a/pkgs/tools/security/mitmproxy2swagger/default.nix b/pkgs/tools/security/mitmproxy2swagger/default.nix index 1ff200063f540..560e9a175da0c 100644 --- a/pkgs/tools/security/mitmproxy2swagger/default.nix +++ b/pkgs/tools/security/mitmproxy2swagger/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "mitmproxy2swagger"; - version = "0.7.0"; + version = "0.7.1"; format = "pyproject"; src = fetchFromGitHub { owner = "alufers"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-tLLz3nGIzsE6bkHbMC+Cfevv7E/NNHxtYqCUwo/5yF4="; + hash = "sha256-morBtuRZZ/d3ye8aB+m2dSwWoaF3JJ92c+CgF71MqH4="; }; nativeBuildInputs = with python3.pkgs; [ @@ -35,6 +35,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to automagically reverse-engineer REST APIs"; homepage = "https://github.com/alufers/mitmproxy2swagger"; + changelog = "https://github.com/alufers/mitmproxy2swagger/releases/tag/${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/mkpasswd/default.nix b/pkgs/tools/security/mkpasswd/default.nix index 7fea400f008c3..439fd1543cf82 100644 --- a/pkgs/tools/security/mkpasswd/default.nix +++ b/pkgs/tools/security/mkpasswd/default.nix @@ -16,6 +16,6 @@ stdenv.mkDerivation { description = "Overfeatured front-end to crypt, from the Debian whois package"; license = licenses.gpl2; maintainers = with maintainers; [ cstrahan fpletz ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/nmap-formatter/default.nix b/pkgs/tools/security/nmap-formatter/default.nix index 6aad0b111be85..2fcb7a0f83c6e 100644 --- a/pkgs/tools/security/nmap-formatter/default.nix +++ b/pkgs/tools/security/nmap-formatter/default.nix @@ -5,20 +5,21 @@ buildGoModule rec { pname = "nmap-formatter"; - version = "2.0.1"; + version = "2.0.4"; src = fetchFromGitHub { owner = "vdjagilev"; repo = pname; rev = "v${version}"; - hash = "sha256-Jhjvtk8SDs//eBW+2+yLcIXf/NetfBUrKvzKCj+VyMg="; + hash = "sha256-UIGXstgQMBMept9W+HhyE30WYWleaU9bUTX5frctrS8="; }; - vendorSha256 = "sha256-u36eHSb6YlGJNkgmRDclxTsdkONLKn8J/GKaoCgy+Qk="; + vendorSha256 = "sha256-VX/JVqCKhjBq67D7juHdgpzBgSjOHn0Pbmx9s04tinw="; meta = with lib; { description = "Tool that allows you to convert nmap output"; homepage = "https://github.com/vdjagilev/nmap-formatter"; + changelog = "https://github.com/vdjagilev/nmap-formatter/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/openpgp-card-tools/default.nix b/pkgs/tools/security/openpgp-card-tools/default.nix index 572c862b7f1f5..c3c512081c620 100644 --- a/pkgs/tools/security/openpgp-card-tools/default.nix +++ b/pkgs/tools/security/openpgp-card-tools/default.nix @@ -12,14 +12,14 @@ rustPlatform.buildRustPackage rec { pname = "openpgp-card-tools"; - version = "0.0.12"; + version = "0.9.0"; src = fetchCrate { inherit pname version; - sha256 = "sha256-3OKOMe7Uj+8qpzfu0DzqwIGa/QJ0YoKczPN9W8HXJZU="; + sha256 = "sha256-Mvnj8AEhREP+nGrioC9IHYX3k6sKGKzOh00V8nslyhw="; }; - cargoHash = "sha256-gq17BXorXrlJx4zlvLuOT8XGUCqZXFDSxgs/Fv9dChk="; + cargoHash = "sha256-0KRq8GsrQaLJ6fopZpdzgxIWHIse9QWDo24IQj1eAhc="; nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ]; buildInputs = [ pcsclite nettle ] ++ lib.optionals stdenv.isDarwin [ PCSC ]; diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 15231c945316b..54cf67ecb9d6c 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "opensc"; - version = "0.22.0"; + version = "0.23.0"; src = fetchFromGitHub { owner = "OpenSC"; repo = "OpenSC"; rev = version; - sha256 = "sha256-0IFpiG1SJq4cpS5z6kwpWSPVWjO0q0SHs+doD2vbUKs="; + sha256 = "sha256-Yo8dwk7+d6q+hi7DmJ0GJM6/pmiDOiyEm/tEBSbCU8k="; }; nativeBuildInputs = [ pkg-config autoreconfHook ]; diff --git a/pkgs/tools/security/rekor/default.nix b/pkgs/tools/security/rekor/default.nix index 28eb45a6cdb2f..e367314ba19be 100644 --- a/pkgs/tools/security/rekor/default.nix +++ b/pkgs/tools/security/rekor/default.nix @@ -4,13 +4,13 @@ let generic = { pname, packageToBuild, description }: buildGoModule rec { inherit pname; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "sigstore"; repo = "rekor"; rev = "v${version}"; - sha256 = "sha256-yFUpaKfZUgT/KZyZLEeNGnD0SS4iBAQfXRy/Yiuj9g8="; + sha256 = "sha256-WVAIhsbxwwvUyuLQLTcMHx9B5UsJxBvmS9MXYxVNiNs="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index 6b436f0e12cb3..0795f84337207 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -39,7 +39,7 @@ stdenv.mkDerivation rec { ++ lib.optionals stdenv.hostPlatform.isMusl [ argp-standalone ] ++ lib.optionals withJitterEntropy [ jitterentropy ] ++ lib.optionals withNistBeacon [ curl jansson libxml2 ] - ++ lib.optionals withPkcs11 [ libp11 openssl ] + ++ lib.optionals withPkcs11 [ libp11 libp11.passthru.openssl ] ++ lib.optionals withRtlsdr [ librtlsdr ]; enableParallelBuilding = true; diff --git a/pkgs/tools/security/swtpm/default.nix b/pkgs/tools/security/swtpm/default.nix index 5d20b65d5914b..635fccc006325 100644 --- a/pkgs/tools/security/swtpm/default.nix +++ b/pkgs/tools/security/swtpm/default.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation rec { pname = "swtpm"; - version = "0.7.3"; + version = "0.8.0"; src = fetchFromGitHub { owner = "stefanberger"; repo = "swtpm"; rev = "v${version}"; - sha256 = "sha256-YaNQgxk0uT8FLUIxF80jpgO/L9ygGRHaABEcs5ukq5E="; + sha256 = "sha256-O+sHkmQ47FbqsgWpaqAc/j2AJ5xzsvpBj/p0Zea1nSI="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/tcb/default.nix b/pkgs/tools/security/tcb/default.nix new file mode 100644 index 0000000000000..63b252be95214 --- /dev/null +++ b/pkgs/tools/security/tcb/default.nix @@ -0,0 +1,51 @@ +{ lib, stdenv, fetchFromGitHub, pkg-config +, linux-pam, libxcrypt +}: + +stdenv.mkDerivation rec { + pname = "tcb"; + version = "1.2"; + + src = fetchFromGitHub { + owner = "openwall"; + repo = pname; + rev = "070cf4aa784de13c52788ac22ff611d7cbca0854"; + sha256 = "sha256-Sp5u7iTEZZnAqKQXoPO8eWpSkZeBzQqZI82wRQmgU9A="; + }; + + outputs = [ "out" "bin" "dev" "man" ]; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ linux-pam libxcrypt ]; + + patches = [ ./fix-makefiles.patch ]; + + postPatch = '' + substituteInPlace Make.defs \ + --replace "PREFIX = /usr" "PREFIX = $out" \ + --replace "SBINDIR = /sbin" "SBINDIR = $bin/bin" \ + --replace "INCLUDEDIR = \$(PREFIX)/include" "INCLUDEDIR = $dev/include" + ''; + + meta = with lib; { + description = "Alternative password shadowing scheme"; + longDescription = '' + The tcb package contains core components of our tcb suite implementing the alternative + password shadowing scheme on Openwall GNU Linux (Owl). It is being made available + separately from Owl primarily for use by other distributions. + + The package consists of three components: pam_tcb, libnss_tcb, and libtcb. + + pam_tcb is a PAM module which supersedes pam_unix. It also implements the tcb password + shadowing scheme. The tcb scheme allows many core system utilities (passwd(1) being + the primary example) to operate with little privilege. libnss_tcb is the accompanying + NSS module. libtcb contains code shared by the PAM and NSS modules and is also used + by user management tools on Owl due to our shadow suite patches. + ''; + homepage = "https://www.openwall.com/tcb/"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/pkgs/tools/security/tcb/fix-makefiles.patch b/pkgs/tools/security/tcb/fix-makefiles.patch new file mode 100644 index 0000000000000..9ea82605d5572 --- /dev/null +++ b/pkgs/tools/security/tcb/fix-makefiles.patch @@ -0,0 +1,52 @@ +diff --git a/Make.defs b/Make.defs +index a961f7d..9e8d59b 100644 +--- a/Make.defs ++++ b/Make.defs +@@ -19,7 +19,7 @@ LDFLAGS += $(DBGFLAG) -L../libs + + PREFIX = /usr + SBINDIR = /sbin +-SLIBDIR = /lib ++SLIBDIR = $(PREFIX)/lib + INCLUDEDIR = $(PREFIX)/include + LIBDIR = $(PREFIX)/lib + LIBEXECDIR = $(PREFIX)/libexec +diff --git a/libs/Makefile b/libs/Makefile +index 0083b13..27238f6 100644 +--- a/libs/Makefile ++++ b/libs/Makefile +@@ -7,7 +7,7 @@ LIBTCB_A = libtcb.a + LIB_MAP = libtcb.map + NSS_MAP = libnss_tcb.map + +-all: $(LIBTCB_LONG) $(LIBNSS) $(LIBTCB_A) ++all: $(LIBTCB_LONG) $(LIBNSS) + + $(LIBTCB_A): libtcb_a.o + ar -cr $@ $< +@@ -36,9 +36,8 @@ install: + $(MKDIR) -p -m 755 $(DESTDIR)$(LIBDIR) + $(INSTALL) -m $(SHLIBMODE) $(LIBTCB_LONG) $(DESTDIR)$(SLIBDIR)/ + ln -sf $(LIBTCB_LONG) $(DESTDIR)$(SLIBDIR)/$(LIBTCB) +- ln -sf ../..$(SLIBDIR)/$(LIBTCB) $(DESTDIR)$(LIBDIR)/libtcb.so ++ ln -sf $(LIBTCB) $(DESTDIR)$(LIBDIR)/libtcb.so + $(INSTALL) -m $(SHLIBMODE) $(LIBNSS) $(DESTDIR)$(SLIBDIR)/ +- $(INSTALL) -m 644 $(LIBTCB_A) $(DESTDIR)$(LIBDIR)/ + + clean: + rm -f *.o *~ $(LIBTCB)* libtcb.so $(LIBNSS) *.a +diff --git a/progs/Makefile b/progs/Makefile +index c3a6879..e24f74b 100644 +--- a/progs/Makefile ++++ b/progs/Makefile +@@ -23,8 +23,8 @@ install-non-root: install-common + $(INSTALL) -m 700 $(CHKPWD) $(DESTDIR)$(LIBEXECDIR)/chkpwd/ + + install: install-common +- $(INSTALL) -d -o root -g chkpwd -m 710 $(DESTDIR)$(LIBEXECDIR)/chkpwd +- $(INSTALL) -m 2711 -o root -g shadow $(CHKPWD) \ ++ $(INSTALL) -d $(DESTDIR)$(LIBEXECDIR)/chkpwd ++ $(INSTALL) $(CHKPWD) \ + $(DESTDIR)$(LIBEXECDIR)/chkpwd/ + + install-common: diff --git a/pkgs/tools/security/threatest/default.nix b/pkgs/tools/security/threatest/default.nix new file mode 100644 index 0000000000000..c11bf87357613 --- /dev/null +++ b/pkgs/tools/security/threatest/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "threatest"; + version = "1.1.1"; + + src = fetchFromGitHub { + owner = "DataDog"; + repo = pname; + rev = "refs/tags/v${version}"; + hash = "sha256-9/TIiBp3w7NaECX929Tai5nqHKxb7YxYEr2hAl2ttsM="; + }; + + vendorHash = "sha256-vTzgxByZ2BC7nuq/+LJV7LR0KsUxh1EbHFe81PwqCJc="; + + meta = with lib; { + description = "Framework for end-to-end testing threat detection rules"; + homepage = "https://github.com/DataDog/threatest"; + changelog = "https://github.com/DataDog/threatest/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/tlsx/default.nix b/pkgs/tools/security/tlsx/default.nix index 4f63061cac004..56986d8fc0984 100644 --- a/pkgs/tools/security/tlsx/default.nix +++ b/pkgs/tools/security/tlsx/default.nix @@ -5,16 +5,19 @@ buildGoModule rec { pname = "tlsx"; - version = "0.0.8"; + version = "0.0.9"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - hash = "sha256-TqYBLNnh4wjinoduFrmyNe+FgnGSCckwMy5zX0XhnlM="; + hash = "sha256-DcC08KmSXYOk4jlU0KIdu5zziWZLYlWetN+/ZGaY4RQ="; }; - vendorSha256 = "sha256-BppRtzTjiMcuc7xIz37bDcjnQHhOlstncES1vILTKYM="; + vendorHash = "sha256-MC7mS+GMfQUZPW6i/lDPW8qAHzT1Cr7gYYG9V4CTCM0="; + + # Tests require network access + doCheck = false; meta = with lib; { description = "TLS grabber focused on TLS based data collection"; @@ -23,6 +26,7 @@ buildGoModule rec { collection and analysis. ''; homepage = "https://github.com/projectdiscovery/tlsx"; + changelog = "https://github.com/projectdiscovery/tlsx/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 2740368669b8a..42a4e1ccb7559 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.12.1"; + version = "1.12.2"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-qUCJFlnh4NIV0GH+yuOahC3arRWwPoPjVo3h881OtUY="; + sha256 = "sha256-P/mQoW4lG6U83WEjn5urpFa7q5mN+XOrIOkzf2pslwQ="; }; - vendorSha256 = "sha256-2JlnSdwXaYG2e1A67c2tt5zg5ZN37m/Wsp6WUpOtR1o="; + vendorSha256 = "sha256-Z1iwJXbnSqIu/zo7iKLnh0yy1Dh0e5HwXoBkkt9xaqA="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/vault/vault-bin.nix b/pkgs/tools/security/vault/vault-bin.nix index 18a4036446022..c312c2541d562 100644 --- a/pkgs/tools/security/vault/vault-bin.nix +++ b/pkgs/tools/security/vault/vault-bin.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "vault-bin"; - version = "1.12.0"; + version = "1.12.2"; src = let @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; sha256 = selectSystem { - x86_64-linux = "sha256-khDTpgezINAIZ8YFhOGoTSe6qzA6bkyhyX25VgcFAhU="; - aarch64-linux = "sha256-XOiuH9KmwXz8sR9FzH+wEIg0xzrMAIZaHVHf3TdJp10="; - i686-linux = "sha256-jCXQX04/Q1dHCIEcFlq60ICib/kjM8bE8ZKjF+0YPjE="; - x86_64-darwin = "sha256-fQaHI0ySer6lRdaEcNl7GN51IP+F5y/FR99Q66LQl3k="; - aarch64-darwin = "sha256-ME1u/g3l5Jqwvk9Qw4tTmbIvHOKkPMRayhRgPbZIYnA="; + x86_64-linux = "sha256-viBGcd6MmevCOKBmizzTKzcAQ93kcvg4dZE70dhy4O4="; + aarch64-linux = "sha256-2Zy96bTP3N6CFCOJgPI0DTnsAvraBlFax3TeB+j/7Yw="; + i686-linux = "sha256-PZLDSeg9d01iL6e+EoRjpXwnoA8DUwTFcKL7X3S26mw="; + x86_64-darwin = "sha256-xV6bZVpTtEIZMeMVff+hmDKK7qVkItQ0ZRC0yycxad0="; + aarch64-darwin = "sha256-K0b8O04ZSrKbuM8tu3nt2tI7FktOpqwHEpoNTWYJpm4="; }; in fetchzip { diff --git a/pkgs/tools/security/vexctl/default.nix b/pkgs/tools/security/vexctl/default.nix new file mode 100644 index 0000000000000..3821fa77dc88c --- /dev/null +++ b/pkgs/tools/security/vexctl/default.nix @@ -0,0 +1,69 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "vexctl"; + version = "0.0.2"; + + src = fetchFromGitHub { + owner = "chainguard-dev"; + repo = "vex"; + rev = "v${version}"; + sha256 = "sha256-rDq62vkrZ8/76LERchxijmQCgo58KXlAIfv4SwI7egY="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + # '0000-00-00T00:00:00Z' + date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; + }; + vendorSha256 = "sha256-7hhiJowtQv4JPqvpMiukL2JVgNeB5gi5X4p+AVGp4S0="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}" + "-X sigs.k8s.io/release-utils/version.gitTreeState=clean" + ]; + + # ldflags based on metadata from git and source + preBuild = '' + ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)" + ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)" + ''; + + postBuild = '' + mv $GOPATH/bin/vex{,ctl} + ''; + + postInstall = '' + installShellCompletion --cmd vexctl \ + --bash <($out/bin/vexctl completion bash) \ + --fish <($out/bin/vexctl completion fish) \ + --zsh <($out/bin/vexctl completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/vexctl --help + $out/bin/vexctl version 2>&1 | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/chainguard-dev/vex/"; + description = "A tool to attest VEX impact statements"; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/pkgs/tools/security/webanalyze/default.nix b/pkgs/tools/security/webanalyze/default.nix index 1cbc22b1482d8..cfce48228b570 100644 --- a/pkgs/tools/security/webanalyze/default.nix +++ b/pkgs/tools/security/webanalyze/default.nix @@ -5,20 +5,21 @@ buildGoModule rec { pname = "webanalyze"; - version = "0.3.7"; + version = "0.3.8"; src = fetchFromGitHub { owner = "rverton"; repo = pname; - rev = "v${version}"; - hash = "sha256-W7NgV50r/MNSF6+e0IR9C1dcg/k0w67GcTs0NTbhKBc="; + rev = "refs/tags/v${version}"; + hash = "sha256-1z4hi9a/OzBXIMBk1f0JpPMV/kRgBnTQAEygIZqV+1w="; }; - vendorSha256 = "sha256-kXtWYGsZUUhBNvkTOah3Z+ta118k6PXfpBx6MLr/pq0="; + vendorHash = "sha256-kXtWYGsZUUhBNvkTOah3Z+ta118k6PXfpBx6MLr/pq0="; meta = with lib; { description = "Tool to uncover technologies used on websites"; homepage = "https://github.com/rverton/webanalyze"; + changelog = "https://github.com/rverton/webanalyze/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/zlint/default.nix b/pkgs/tools/security/zlint/default.nix new file mode 100644 index 0000000000000..9c67bb504b296 --- /dev/null +++ b/pkgs/tools/security/zlint/default.nix @@ -0,0 +1,55 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, testers +, zlint +}: + +buildGoModule rec { + pname = "zlint"; + version = "3.4.1"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = "zlint"; + rev = "v${version}"; + hash = "sha256-edCZQeBZelDfZGBZgevvJ8fgm1G2QFILJKB3778D7ac="; + }; + + modRoot = "v3"; + + vendorHash = "sha256-OiHEyMHuSiWDB/1YRvAhErb1h/rFfXXVcagcP386doc="; + + postPatch = '' + # Remove a package which is not declared in go.mod. + rm -rf v3/cmd/genTestCerts + ''; + + excludedPackages = [ + "lints" + ]; + + ldflags = [ + "-s" + "-w" + "-X main.version=${version}" + ]; + + passthru.tests.version = testers.testVersion { + package = zlint; + command = "zlint -version"; + }; + + meta = with lib; { + description = "X.509 Certificate Linter focused on Web PKI standards and requirements"; + longDescription = '' + ZLint is a X.509 certificate linter written in Go that checks for + consistency with standards (e.g. RFC 5280) and other relevant PKI + requirements (e.g. CA/Browser Forum Baseline Requirements). + ''; + homepage = "https://github.com/zmap/zlint"; + changelog = "https://github.com/zmap/zlint/releases/tag/${src.rev}"; + license = licenses.asl20; + maintainers = with maintainers; [ baloo ]; + }; +} |