diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/chaps/default.nix | 1 | ||||
-rw-r--r-- | pkgs/tools/security/clamav/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/dnsenum/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/dnsrecon/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/fierce/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/hcxtools/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/gui.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/kpcli/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/lesspass-cli/default.nix | 38 | ||||
-rw-r--r-- | pkgs/tools/security/nmap/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/pass/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/pass/extensions/otp.nix | 10 | ||||
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/tpm-luks/default.nix | 5 | ||||
-rw-r--r-- | pkgs/tools/security/tpm-luks/openssl-1.1.patch | 63 | ||||
-rw-r--r-- | pkgs/tools/security/tpm-luks/signed-ptr.patch | 15 | ||||
-rw-r--r-- | pkgs/tools/security/tpm-tools/default.nix | 7 |
18 files changed, 155 insertions, 24 deletions
diff --git a/pkgs/tools/security/chaps/default.nix b/pkgs/tools/security/chaps/default.nix index 3c6f52a4c7f64..1270423e9285a 100644 --- a/pkgs/tools/security/chaps/default.nix +++ b/pkgs/tools/security/chaps/default.nix @@ -80,5 +80,6 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.tstrobel ]; platforms = [ "x86_64-linux" ]; license = licenses.bsd3; + broken = true; # build failure withn openssl 1.1 }; } diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index b52122495479f..54932e1200bf3 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "0.101.2"; + version = "0.101.4"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "0d3n4y8i5q594h4cjglmvpk4jd73r9ajpp1bvq5lr9zpdzgyn4ha"; + sha256 = "1kdw0b49hbvja6xn589v4f0q334wav16pmi1hibql5cxj7q99w0b"; }; # don't install sample config files into the absolute sysconfdir folder @@ -45,7 +45,7 @@ stdenv.mkDerivation rec { homepage = https://www.clamav.net; description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; license = licenses.gpl2; - maintainers = with maintainers; [ phreedom robberer qknight fpletz ]; + maintainers = with maintainers; [ phreedom robberer qknight fpletz globin ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/dnsenum/default.nix b/pkgs/tools/security/dnsenum/default.nix index d764e8a71ae6f..3374c827d7565 100644 --- a/pkgs/tools/security/dnsenum/default.nix +++ b/pkgs/tools/security/dnsenum/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "https://github.com/fwaeytens/dnsenum"; description = "A tool to enumerate DNS information"; - maintainers = with maintainers; [ c0bw3b globin ]; + maintainers = with maintainers; [ c0bw3b ]; license = licenses.gpl2Plus; platforms = platforms.all; }; diff --git a/pkgs/tools/security/dnsrecon/default.nix b/pkgs/tools/security/dnsrecon/default.nix index 06270723f4d05..2575636aeca24 100644 --- a/pkgs/tools/security/dnsrecon/default.nix +++ b/pkgs/tools/security/dnsrecon/default.nix @@ -39,6 +39,6 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://github.com/darkoperator/dnsrecon"; license = licenses.gpl2; platforms = platforms.all; - maintainers = with maintainers; [ c0bw3b globin ]; + maintainers = with maintainers; [ c0bw3b ]; }; } diff --git a/pkgs/tools/security/fierce/default.nix b/pkgs/tools/security/fierce/default.nix index abc1bacd212bc..809d8e29ea359 100644 --- a/pkgs/tools/security/fierce/default.nix +++ b/pkgs/tools/security/fierce/default.nix @@ -17,7 +17,7 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://github.com/mschwager/fierce"; description = "DNS reconnaissance tool for locating non-contiguous IP space"; license = licenses.gpl3Plus; - maintainers = with maintainers; [ c0bw3b globin ]; + maintainers = with maintainers; [ c0bw3b ]; platforms = platforms.all; }; } diff --git a/pkgs/tools/security/hcxtools/default.nix b/pkgs/tools/security/hcxtools/default.nix index 20ad5bbc0b270..216d58192fbc1 100644 --- a/pkgs/tools/security/hcxtools/default.nix +++ b/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "5.1.6"; + version = "5.2.0"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "05sjbmv2wq3nlmammrwxqc62c4sagjjgczzddr1jcqkf6kywzkl8"; + sha256 = "0k2qlq9hz5zc21nyc6yrnfqzga7hydn5mm0x3rpl2fhkwl81lxcn"; }; buildInputs = [ curl openssl zlib ]; diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 884480b73a5cc..1a2b06ea41f93 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -5,7 +5,7 @@ buildGoPackage rec { pname = "keybase"; - version = "4.1.0"; + version = "4.3.1"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -16,7 +16,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "00mxyy4jhdbcvbwabf4yvq4h5mpnlfp2z93gy2266kz6gkd5myzk"; + sha256 = "1743d7a7ix882yxz9pk230vdvdj46sbscqv4wqyhb0la2pl9jqdp"; }; buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ]; diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index 56e1daf204372..3954ec818b14c 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -4,16 +4,16 @@ , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20190612201656.952fee6c59"; + versionSuffix = "20190813132700.6f497ec371"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "4.1.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "4.3.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - sha256 = "0jwxw75yz7sbvfqw2aksa3p7jlcv817743fl59qk6rq1x9ag6qpx"; + sha256 = "1mbbfy1aijqr8209jjja6dm2nzw721qqw94839df047rcwnd38pg"; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index 8decdd13b0ff2..9d4c590efa1e3 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, makeWrapper, perl, perlPackages }: stdenv.mkDerivation rec { - version = "3.2"; + version = "3.3"; pname = "kpcli"; src = fetchurl { url = "mirror://sourceforge/kpcli/${pname}-${version}.pl"; - sha256 = "11z6zbnsmqgjw73ai4nrq4idr83flrib22d8fqh1637d36p1nnk1"; + sha256 = "1z6dy70d3ag16vgzzafcnxb8gap3wahfmy4vd22fpgbrdd6riph4"; }; buildInputs = [ makeWrapper perl ]; diff --git a/pkgs/tools/security/lesspass-cli/default.nix b/pkgs/tools/security/lesspass-cli/default.nix new file mode 100644 index 0000000000000..afcdf0c0a07a1 --- /dev/null +++ b/pkgs/tools/security/lesspass-cli/default.nix @@ -0,0 +1,38 @@ +{ stdenv, python3, fetchFromGitHub }: + +let + inherit (python3.pkgs) buildPythonApplication pytest mock pexpect; +in +buildPythonApplication rec { + pname = "lesspass-cli"; + version = "9.0.0"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = version; + sha256 = "1mdv0c0fn4d72iigy8hz4s7kf7q3pg4gjjadxwxyjwsalapnsapk"; + }; + sourceRoot = "source/cli"; + + # some tests are designed to run against code in the source directory - adapt to run against + # *installed* code + postPatch = '' + for f in tests/test_functional.py tests/test_interaction.py ; do + substituteInPlace $f --replace "lesspass/core.py" "-m lesspass.core" + done + ''; + + checkInputs = [ pytest mock pexpect ]; + checkPhase = '' + mv lesspass lesspass.hidden # ensure we're testing against *installed* package + pytest tests + ''; + + meta = with stdenv.lib; { + description = "Stateless password manager"; + homepage = https://lesspass.com; + maintainers = with maintainers; [ jasoncarr ]; + license = licenses.gpl3; + }; +} diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 3bc5758aad44b..bf9c7a4fc4613 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -20,11 +20,11 @@ let in stdenv.mkDerivation rec { name = "nmap${optionalString graphicalSupport "-graphical"}-${version}"; - version = "7.70"; + version = "7.80"; src = fetchurl { url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; - sha256 = "063fg8adx23l4irrh5kn57hsmi1xvjkar4vm4k6g94ppan4hcyw4"; + sha256 = "1aizfys6l9f9grm82bk878w56mg0zpkfns3spzj157h98875mypw"; }; patches = [ ./zenmap.patch ] diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 2e482dfcffce4..aeb838c057653 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -120,7 +120,7 @@ let description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = https://www.passwordstore.org/; license = licenses.gpl2Plus; - maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ]; + maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ]; platforms = platforms.unix; longDescription = '' diff --git a/pkgs/tools/security/pass/extensions/otp.nix b/pkgs/tools/security/pass/extensions/otp.nix index ab8bc7fe8563a..4b15c3d68035e 100644 --- a/pkgs/tools/security/pass/extensions/otp.nix +++ b/pkgs/tools/security/pass/extensions/otp.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "pass-otp"; - version = "1.1.1"; + version = "1.2.0"; src = fetchFromGitHub { owner = "tadfisher"; repo = "pass-otp"; rev = "v${version}"; - sha256 = "0m8x5dqwcr9jim530685nsq4zn941hhl7ridmmd63b204z141rwa"; + sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; }; buildInputs = [ oathToolkit ]; @@ -19,13 +19,15 @@ stdenv.mkDerivation rec { sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash ''; - installFlags = [ "PREFIX=$(out)" ]; + installFlags = [ "PREFIX=$(out)" + "BASHCOMPDIR=$(out)/share/bash-completion/completions" + ]; meta = with stdenv.lib; { description = "A pass extension for managing one-time-password (OTP) tokens"; homepage = https://github.com/tadfisher/pass-otp; license = licenses.gpl3; - maintainers = with maintainers; [ jwiegley tadfisher ]; + maintainers = with maintainers; [ jwiegley tadfisher toonn ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index b3b71a16eb885..249ff435c5fc8 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.0.5"; + version = "0.4.1.5"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0vk9j3ybz5dwwbmqrdj1bjcsxy76pc8frmfvflkdzwfkvkqcp8mm"; + sha256 = "0984jb6hdcc10f7aq8xzl7l4jf93skp45wkv2v63z4zv0nvf0r58"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tpm-luks/default.nix b/pkgs/tools/security/tpm-luks/default.nix index 1799d5d154a2c..ca78c5d73ffbc 100644 --- a/pkgs/tools/security/tpm-luks/default.nix +++ b/pkgs/tools/security/tpm-luks/default.nix @@ -10,6 +10,11 @@ stdenv.mkDerivation rec { sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w"; }; + patches = [ + ./openssl-1.1.patch + ./signed-ptr.patch + ]; + nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ gawk trousers cryptsetup openssl ]; diff --git a/pkgs/tools/security/tpm-luks/openssl-1.1.patch b/pkgs/tools/security/tpm-luks/openssl-1.1.patch new file mode 100644 index 0000000000000..10132242b3457 --- /dev/null +++ b/pkgs/tools/security/tpm-luks/openssl-1.1.patch @@ -0,0 +1,63 @@ +diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c +index 5545375..f9bedea 100644 +--- a/swtpm-utils/lib/hmac.c ++++ b/swtpm-utils/lib/hmac.c +@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke + /****************************************************************************/ + uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...) + { +- HMAC_CTX hmac; ++ HMAC_CTX* hmac; + unsigned int dlen; + unsigned char *data; + va_list argp; +- +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_init(&hmac); +-#endif +- HMAC_Init(&hmac,key,keylen,EVP_sha1()); ++ ++ hmac = HMAC_CTX_new(); ++ ++ if (hmac == NULL) ++ { ++ return ERR_MEM_ERR; ++ } ++ ++ HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL); + + va_start(argp,keylen); + for (;;) +@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i + if (dlen == 0) break; + data = (unsigned char *)va_arg(argp,unsigned char *); + if (data == NULL) return ERR_NULL_ARG; +- HMAC_Update(&hmac,data,dlen); ++ HMAC_Update(hmac,data,dlen); + } +- HMAC_Final(&hmac,digest,&dlen); ++ HMAC_Final(hmac,digest,&dlen); + +-#ifdef HAVE_HMAC_CTX_CLEANUP +- HMAC_CTX_cleanup(&hmac); +-#else +- HMAC_cleanup(&hmac); +-#endif ++ HMAC_CTX_free(hmac); + va_end(argp); + return 0; + } +diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c +index 99691b6..6627a1f 100644 +--- a/swtpm-utils/lib/keys.c ++++ b/swtpm-utils/lib/keys.c +@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k) + exp); + } + /* set up the RSA public key structure */ +- rsa->n = mod; +- rsa->e = exp; ++ RSA_set0_key(rsa, mod, exp, NULL); + return rsa; + } + diff --git a/pkgs/tools/security/tpm-luks/signed-ptr.patch b/pkgs/tools/security/tpm-luks/signed-ptr.patch new file mode 100644 index 0000000000000..83e356a4ef9ed --- /dev/null +++ b/pkgs/tools/security/tpm-luks/signed-ptr.patch @@ -0,0 +1,15 @@ +diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c +index 7359ba3..17b4324 100644 +--- a/swtpm-utils/getcapability.c ++++ b/swtpm-utils/getcapability.c +@@ -480,7 +480,8 @@ int main(int argc, char *argv[]) + } + + if (c) { +- char pcrmap[4], *pf; ++ char pcrmap[4]; ++ unsigned char *pf; + + memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect, + ndp.pcrInfoRead.pcrSelection.sizeOfSelect); + diff --git a/pkgs/tools/security/tpm-tools/default.nix b/pkgs/tools/security/tpm-tools/default.nix index 1812b2645fecf..e546cc5a10fb9 100644 --- a/pkgs/tools/security/tpm-tools/default.nix +++ b/pkgs/tools/security/tpm-tools/default.nix @@ -14,6 +14,13 @@ stdenv.mkDerivation rec { sourceRoot = "."; + patches = [ + (fetchurl { + url = https://sources.debian.org/data/main/t/tpm-tools/1.3.9.1-0.1/debian/patches/05-openssl1.1_fix_data_mgmt.patch; + sha256 = "161yysw4wgy3spsz6p1d0ib0h5pnrqm8bdh1l71c4hz6a6wpcyxj"; + }) + ]; + nativeBuildInputs = [ perl ]; buildInputs = [ trousers openssl opencryptoki ]; |