about summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/asc-key-to-qr-code-gif/default.nix2
-rw-r--r--pkgs/tools/security/chipsec/default.nix2
-rw-r--r--pkgs/tools/security/cosign/default.nix6
-rw-r--r--pkgs/tools/security/exploitdb/default.nix4
-rw-r--r--pkgs/tools/security/ghidra/build.nix26
-rw-r--r--pkgs/tools/security/ibm-sw-tpm2/default.nix15
-rw-r--r--pkgs/tools/security/kube-bench/default.nix6
-rw-r--r--pkgs/tools/security/metasploit/Gemfile2
-rw-r--r--pkgs/tools/security/metasploit/Gemfile.lock12
-rw-r--r--pkgs/tools/security/metasploit/default.nix4
-rw-r--r--pkgs/tools/security/metasploit/gemset.nix18
-rw-r--r--pkgs/tools/security/mokutil/default.nix2
-rw-r--r--pkgs/tools/security/pinentry-bemenu/default.nix4
-rw-r--r--pkgs/tools/security/rhash/default.nix2
-rw-r--r--pkgs/tools/security/sudo/default.nix8
-rw-r--r--pkgs/tools/security/super/default.nix4
-rw-r--r--pkgs/tools/security/thc-hydra/default.nix6
17 files changed, 55 insertions, 68 deletions
diff --git a/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix b/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix
index 13327a84fff00..28913c685778b 100644
--- a/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix
+++ b/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation {
     substitutions = [
       ''--replace "convert" "${imagemagick}/bin/convert"''
       ''--replace "qrencode" "${qrencode.bin}/bin/qrencode"''
-    ] ++ lib.optional testQR [
+    ] ++ lib.optionals testQR [
       ''--replace "hash zbarimg" "true"'' # hash does not work on NixOS
       ''--replace "$(zbarimg --raw" "$(${zbar.out}/bin/zbarimg --raw"''
     ];
diff --git a/pkgs/tools/security/chipsec/default.nix b/pkgs/tools/security/chipsec/default.nix
index 5b4957139d753..64a4946136f09 100644
--- a/pkgs/tools/security/chipsec/default.nix
+++ b/pkgs/tools/security/chipsec/default.nix
@@ -48,7 +48,7 @@ python3.pkgs.buildPythonApplication rec {
 
   setupPyBuildFlags = [
     "--build-lib=$CHIPSEC_BUILD_LIB"
-  ] ++ lib.optional (!withDriver) [
+  ] ++ lib.optionals (!withDriver) [
     "--skip-driver"
   ];
 
diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix
index 6cfd46954e328..fc1b583ccc7fb 100644
--- a/pkgs/tools/security/cosign/default.nix
+++ b/pkgs/tools/security/cosign/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "cosign";
-  version = "1.13.0";
+  version = "1.13.1";
 
   src = fetchFromGitHub {
     owner = "sigstore";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-EZHT6Ut7fI9Sx7U664r4ZvzZCH1hu9acnGvUyn8XgSw=";
+    sha256 = "sha256-R7MhfAnVJJ2NK8zV408xAk8Q6aWn9Gw6DOmFFX26x1Q=";
   };
 
   buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite)
@@ -16,7 +16,7 @@ buildGoModule rec {
 
   nativeBuildInputs = [ pkg-config installShellFiles ];
 
-  vendorSha256 = "sha256-9XRORuHx4bZn9odMD+prg/dPBkUmVqBNQYjQGCQVqiw=";
+  vendorSha256 = "sha256-DpPEDttQnRGHVNiIpMGj14KvZEGR0Y80sZOffjQ3UHk=";
 
   subPackages = [
     "cmd/cosign"
diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix
index 53b44417b4048..74ba577a6dc58 100644
--- a/pkgs/tools/security/exploitdb/default.nix
+++ b/pkgs/tools/security/exploitdb/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "exploitdb";
-  version = "2022-10-07";
+  version = "2022-10-18";
 
   src = fetchFromGitHub {
     owner = "offensive-security";
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-gO2NCQSmaJA6Bg6LKBc0qVi147KzGp2MtXizpM0v1yQ=";
+    hash = "sha256-qyRAwy4rGaV7fiU0gwvnf6yT4ZAAXYTtZubh+GtsJU8=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix
index 3e7197f543d24..23bc1d216f35c 100644
--- a/pkgs/tools/security/ghidra/build.nix
+++ b/pkgs/tools/security/ghidra/build.nix
@@ -84,7 +84,10 @@ HERE
 
     nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild;
     buildPhase = ''
-      export GRADLE_USER_HOME=$(mktemp -d)
+      export HOME="$NIX_BUILD_TOP/home"
+      mkdir -p "$HOME"
+      export JAVA_TOOL_OPTIONS="-Duser.home='$HOME'"
+      export GRADLE_USER_HOME="$HOME/.gradle"
 
       # First, fetch the static dependencies.
       gradle --no-daemon --info -Dorg.gradle.java.home=${openjdk11} -I gradle/support/fetchDependencies.gradle init
@@ -116,21 +119,10 @@ in stdenv.mkDerivation rec {
   patches = [ ./0001-Use-protobuf-gradle-plugin.patch ];
   postPatch = fixProtoc;
 
-  buildPhase = (lib.optionalString stdenv.isDarwin ''
-    export HOME=$(mktemp -d)
-
-    # construct a dummy /etc/passwd file - something attempts to determine
-    # the user's "real" home using this
-    DUMMY_PASSWD=$(realpath ../dummy-passwd)
-    cat > $DUMMY_PASSWD <<EOF
-    $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL
-    EOF
-
-    export NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD
-    export DYLD_INSERT_LIBRARIES=${libredirect}/lib/libredirect.dylib
-  '') + ''
-
-    export GRADLE_USER_HOME=$(mktemp -d)
+  buildPhase = ''
+    export HOME="$NIX_BUILD_TOP/home"
+    mkdir -p "$HOME"
+    export JAVA_TOOL_OPTIONS="-Duser.home='$HOME'"
 
     ln -s ${deps}/dependencies dependencies
 
@@ -170,7 +162,7 @@ in stdenv.mkDerivation rec {
   meta = with lib; {
     description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission";
     homepage = "https://ghidra-sre.org/";
-    platforms = [ "x86_64-linux" "x86_64-darwin" ];
+    platforms = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ];
     sourceProvenance = with sourceTypes; [
       fromSource
       binaryBytecode  # deps
diff --git a/pkgs/tools/security/ibm-sw-tpm2/default.nix b/pkgs/tools/security/ibm-sw-tpm2/default.nix
index c5b738678aa2c..012d492aacad6 100644
--- a/pkgs/tools/security/ibm-sw-tpm2/default.nix
+++ b/pkgs/tools/security/ibm-sw-tpm2/default.nix
@@ -1,23 +1,14 @@
-{ stdenv, fetchurl, fetchpatch, lib, openssl }:
+{ stdenv, fetchurl, lib, openssl }:
 
 stdenv.mkDerivation rec {
   pname = "ibm-sw-tpm2";
-  version = "1661";
+  version = "1682";
 
   src = fetchurl {
     url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz";
-    sha256 = "sha256-VRRZKK0rJPNL5qDqz5+0kuEODqkZuEKMch+pcOhdYUc=";
+    hash = "sha256-PLZC+HGheyPVCwRuX5X0ScIodBX8HnrrS9u4kg28s48=";
   };
 
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/kgoldman/ibmswtpm2/commit/e6684009aff9c1bad38875e3319c2e02ef791424.patch";
-      sha256 = "1flzlri807c88agmpb0w8xvh5f16mmqv86xw4ic4z272iynzd40j";
-    })
-  ];
-
-  patchFlags = [ "-p2" ];
-
   buildInputs = [ openssl ];
 
   sourceRoot = "src";
diff --git a/pkgs/tools/security/kube-bench/default.nix b/pkgs/tools/security/kube-bench/default.nix
index fcad20c651f28..9492475aadb54 100644
--- a/pkgs/tools/security/kube-bench/default.nix
+++ b/pkgs/tools/security/kube-bench/default.nix
@@ -2,15 +2,15 @@
 
 buildGoModule rec {
   pname = "kube-bench";
-  version = "0.6.9";
+  version = "0.6.10";
 
   src = fetchFromGitHub {
     owner = "aquasecurity";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-bKgUnkfOWcX3/JdspEjNhFqS2dMlwEcVffIqNfS6FEU=";
+    sha256 = "sha256-0rhs5MZzf9E848FxYuZdXTarYG1BwnfS9HDz9iYR/vo=";
   };
-  vendorSha256 = "sha256-f/B9E9Ot9njop04PKh0XYG1DnWKBRsVi4XHQNmZeQho=";
+  vendorSha256 = "sha256-uaFEtWI5tdL0egaJPTKh7k66Kyjq+N8YDlUGJDtFRqY=";
 
   nativeBuildInputs = [ installShellFiles ];
 
diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile
index aceee6526657f..b52836806a7fa 100644
--- a/pkgs/tools/security/metasploit/Gemfile
+++ b/pkgs/tools/security/metasploit/Gemfile
@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 source "https://rubygems.org"
 
-gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.2.22"
+gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.2.23"
diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock
index 4d3d9c3a1479c..a17363ce395f2 100644
--- a/pkgs/tools/security/metasploit/Gemfile.lock
+++ b/pkgs/tools/security/metasploit/Gemfile.lock
@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/rapid7/metasploit-framework
-  revision: 655933e55b2cb2d8541777d1070b445a7bbae0cf
-  ref: refs/tags/6.2.22
+  revision: 98564a6c45884e021349c5c6dc235c7ba0ba6f44
+  ref: refs/tags/6.2.23
   specs:
-    metasploit-framework (6.2.22)
+    metasploit-framework (6.2.23)
       actionpack (~> 6.0)
       activerecord (~> 6.0)
       activesupport (~> 6.0)
@@ -129,8 +129,8 @@ GEM
     arel-helpers (2.14.0)
       activerecord (>= 3.1.0, < 8)
     aws-eventstream (1.2.0)
-    aws-partitions (1.647.0)
-    aws-sdk-core (3.161.0)
+    aws-partitions (1.649.0)
+    aws-sdk-core (3.164.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
@@ -144,7 +144,7 @@ GEM
     aws-sdk-kms (1.58.0)
       aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.114.0)
+    aws-sdk-s3 (1.116.0)
       aws-sdk-core (~> 3, >= 3.127.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.4)
diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix
index a0da6335ddc33..7f19e6d85943c 100644
--- a/pkgs/tools/security/metasploit/default.nix
+++ b/pkgs/tools/security/metasploit/default.nix
@@ -15,13 +15,13 @@ let
   };
 in stdenv.mkDerivation rec {
   pname = "metasploit-framework";
-  version = "6.2.22";
+  version = "6.2.23";
 
   src = fetchFromGitHub {
     owner = "rapid7";
     repo = "metasploit-framework";
     rev = version;
-    sha256 = "sha256-I+Taz2o2V7v/OhxcTC7ZfoHw/yUWBHe1tVpwPrCNXRk=";
+    sha256 = "sha256-DSLcGBKfw2/pSAV/6jF6xZlyIhPf7FDo14nz659F+qs=";
   };
 
   nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix
index f00cba451bcf7..bcfa86bf4a172 100644
--- a/pkgs/tools/security/metasploit/gemset.nix
+++ b/pkgs/tools/security/metasploit/gemset.nix
@@ -104,20 +104,20 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1yrc8c531vap8gmjjnfqclzp729cl0kppfq02csmj5w2y1v68087";
+      sha256 = "00gd6ad006wm6aqpb9hql86cnggaiqkm8mhk6053w6vrszmlhi65";
       type = "gem";
     };
-    version = "1.647.0";
+    version = "1.649.0";
   };
   aws-sdk-core = {
     groups = ["default"];
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1vhbmvwq77bj30dxgj6cg6m4ynqk1yj6l8njn97q6393g0169rd0";
+      sha256 = "1wdla6mwsli6w09z85abkhdxhmjmjawmb3c71rqfgqnffqdl351w";
       type = "gem";
     };
-    version = "3.161.0";
+    version = "3.164.0";
   };
   aws-sdk-ec2 = {
     groups = ["default"];
@@ -154,10 +154,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1r6dxz3llgxbbm66jq5mkzk0i6qsxwv0d9s0ipwb23vv3bgp23yf";
+      sha256 = "0wm4k4i1rplddrm4pnr39biv1fikc5jg8l48z84knh05bxp8wvln";
       type = "gem";
     };
-    version = "1.114.0";
+    version = "1.116.0";
   };
   aws-sigv4 = {
     groups = ["default"];
@@ -604,12 +604,12 @@
     platforms = [];
     source = {
       fetchSubmodules = false;
-      rev = "655933e55b2cb2d8541777d1070b445a7bbae0cf";
-      sha256 = "06axinq3ww2snnspf10n4pzz10byv4p4qp0w7bzvnmrndb7xmr13";
+      rev = "98564a6c45884e021349c5c6dc235c7ba0ba6f44";
+      sha256 = "1azs8ngypww9szl51v6z2ci756f5g8qylzq593lnzhwz28cdq8hd";
       type = "git";
       url = "https://github.com/rapid7/metasploit-framework";
     };
-    version = "6.2.22";
+    version = "6.2.23";
   };
   metasploit-model = {
     groups = ["default"];
diff --git a/pkgs/tools/security/mokutil/default.nix b/pkgs/tools/security/mokutil/default.nix
index b408e4d2c80eb..5a597b73a7cec 100644
--- a/pkgs/tools/security/mokutil/default.nix
+++ b/pkgs/tools/security/mokutil/default.nix
@@ -6,6 +6,7 @@
 , openssl
 , efivar
 , keyutils
+, libxcrypt
 }:
 
 stdenv.mkDerivation rec {
@@ -28,6 +29,7 @@ stdenv.mkDerivation rec {
     openssl
     efivar
     keyutils
+    libxcrypt
   ];
 
   meta = with lib; {
diff --git a/pkgs/tools/security/pinentry-bemenu/default.nix b/pkgs/tools/security/pinentry-bemenu/default.nix
index e7a21fdef4430..aec655d0b5594 100644
--- a/pkgs/tools/security/pinentry-bemenu/default.nix
+++ b/pkgs/tools/security/pinentry-bemenu/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   pname = "pinentry-bemenu";
-  version = "0.11.0";
+  version = "0.12.0";
 
   src = fetchFromGitHub {
     owner = "t-8ch";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-jt7G/OuXqJdnkW7sMNH0o+CI3noDK6EcbOLXq0JoDTk=";
+    sha256 = "sha256-5ll4a/1Ughx0s2l/mcIsp1g4oNoNhm0RWvY/tXDvPGE=";
   };
 
   nativeBuildInputs = [ meson ninja pkg-config ];
diff --git a/pkgs/tools/security/rhash/default.nix b/pkgs/tools/security/rhash/default.nix
index e071f460b1aa9..b539772213bb6 100644
--- a/pkgs/tools/security/rhash/default.nix
+++ b/pkgs/tools/security/rhash/default.nix
@@ -46,7 +46,7 @@ stdenv.mkDerivation rec {
   installTargets = [
     "install"
     "install-lib-headers"
-  ] ++ lib.optional (!enableStatic) [
+  ] ++ lib.optionals (!enableStatic) [
     "install-lib-so-link"
   ];
 
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix
index 429027df872df..12a872c643f38 100644
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@@ -14,11 +14,11 @@
 
 stdenv.mkDerivation rec {
   pname = "sudo";
-  version = "1.9.11p3";
+  version = "1.9.12";
 
   src = fetchurl {
     url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz";
-    sha256 = "4687e7d2f56721708f59cca2e1352c056cb23de526c22725615a42bb094f1f70";
+    hash = "sha256-3hVzOIgXDFaDTar9NL+YPbEPshA5dC/Pw5a9MhaNY2I=";
   };
 
   prePatch = ''
@@ -35,10 +35,10 @@ stdenv.mkDerivation rec {
     "--with-iologdir=/var/log/sudo-io"
     "--with-sendmail=${sendmailPath}"
     "--enable-tmpfiles.d=no"
-  ] ++ lib.optional withInsults [
+  ] ++ lib.optionals withInsults [
     "--with-insults"
     "--with-all-insults"
-  ] ++ lib.optional withSssd [
+  ] ++ lib.optionals withSssd [
     "--with-sssd"
     "--with-sssd-lib=${sssd}/lib"
   ];
diff --git a/pkgs/tools/security/super/default.nix b/pkgs/tools/security/super/default.nix
index eba7def957ce3..1c2e9cbd4ab4e 100644
--- a/pkgs/tools/security/super/default.nix
+++ b/pkgs/tools/security/super/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, fetchpatch }:
+{ lib, stdenv, fetchurl, fetchpatch, libxcrypt }:
 
 stdenv.mkDerivation rec {
   pname = "super";
@@ -37,6 +37,8 @@ stdenv.mkDerivation rec {
     "--localstatedir=/var"
   ];
 
+  buildInputs = [ libxcrypt ];
+
   installFlags = [ "sysconfdir=$(out)/etc" "localstatedir=$(TMPDIR)" ];
 
   meta = {
diff --git a/pkgs/tools/security/thc-hydra/default.nix b/pkgs/tools/security/thc-hydra/default.nix
index b6e3056e0232f..63df6a144bc19 100644
--- a/pkgs/tools/security/thc-hydra/default.nix
+++ b/pkgs/tools/security/thc-hydra/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   pname = "thc-hydra";
-  version = "9.3";
+  version = "9.4";
 
   src = fetchFromGitHub {
     owner = "vanhauser-thc";
     repo = "thc-hydra";
     rev = "v${version}";
-    sha256 = "sha256-SzbaU52IXw5+ztN/GKD6Ki6/cx2icoZEzLHBu/J8sk0=";
+    sha256 = "sha256-+UkMJmIUIt/yTGY07Q4nu1zbWQq5chTvMNQSh5U/fTU=";
   };
 
   postPatch = let
@@ -45,6 +45,6 @@ stdenv.mkDerivation rec {
     license = licenses.agpl3Plus;
     maintainers = with maintainers; [ offline ];
     platforms = platforms.unix;
-    badPlatforms = platforms.darwin; # fails to build since v9.3
+    badPlatforms = platforms.darwin; # fails to build since v9.4
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-20 17:19:08 +0000