diff options
Diffstat (limited to 'pkgs/tools/security')
112 files changed, 1169 insertions, 585 deletions
diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index c25db9e2d3987..11b276ca05d2c 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -51,6 +51,11 @@ let --replace '"clang++"' '"clang++-UNSUPPORTED"' ''; + env.NIX_CFLAGS_COMPILE = toString [ + # Needed with GCC 12 + "-Wno-error=use-after-free" + ]; + makeFlags = [ "PREFIX=$(out)" ]; buildPhase = '' common="$makeFlags -j$NIX_BUILD_CORES" diff --git a/pkgs/tools/security/age-plugin-yubikey/default.nix b/pkgs/tools/security/age-plugin-yubikey/default.nix index 67c850eba4aee..2a7701ed9e3f0 100644 --- a/pkgs/tools/security/age-plugin-yubikey/default.nix +++ b/pkgs/tools/security/age-plugin-yubikey/default.nix @@ -10,16 +10,16 @@ rustPlatform.buildRustPackage rec { pname = "age-plugin-yubikey"; - version = "0.3.2"; + version = "0.3.3"; src = fetchFromGitHub { owner = "str4d"; repo = pname; rev = "v${version}"; - sha256 = "sha256-x4J8lE4Peenu3I7bZ3yoLpyukkMHD2re63GCni0cfnI="; + sha256 = "sha256-b7/65mfUr4p8tP4uU/BFonW0DqTTMIhEgB2xIwIxQVg="; }; - cargoSha256 = "sha256-Qp7AXy044G17FxR2sopN00cgX91A8TAydrwvJrAfhns="; + cargoSha256 = "sha256-LnHpinNZZHrIEWrVW0t1ja5WN57/fmiSmZlB0ylau8Y="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/pkgs/tools/security/amber/default.nix b/pkgs/tools/security/amber/default.nix index c2196cea686ac..2b64480c4a00a 100644 --- a/pkgs/tools/security/amber/default.nix +++ b/pkgs/tools/security/amber/default.nix @@ -3,16 +3,16 @@ rustPlatform.buildRustPackage rec { # Renaming it to amber-secret because another package named amber exists pname = "amber-secret"; - version = "0.1.3"; + version = "0.1.5"; src = fetchFromGitHub { owner = "fpco"; repo = "amber"; rev = "v${version}"; - sha256 = "sha256-kPDNTwsfI+8nOgsLv2aONrLGSRZhw5YzNntJ2tbE0oI="; + sha256 = "sha256-11dqfOi/DdfFrFTeboPyFkixXG+fCJ2jpHM55qsQ1jw="; }; - cargoSha256 = "sha256-fTdTgbeOQXEpLHq9tHiPLkttvaxS/WJ86h3jRdrfbJM="; + cargoHash = "sha256-u0vceIurenYnKfF3gWNw304hX4vVFoszZD7AMwffOmc="; buildInputs = lib.optionals stdenv.isDarwin [ Security ]; diff --git a/pkgs/tools/security/argocd-vault-plugin/default.nix b/pkgs/tools/security/argocd-vault-plugin/default.nix new file mode 100644 index 0000000000000..785caa8f536d2 --- /dev/null +++ b/pkgs/tools/security/argocd-vault-plugin/default.nix @@ -0,0 +1,26 @@ +{ buildGoModule, fetchFromGitHub, lib }: + +buildGoModule rec { + pname = "argocd-vault-plugin"; + version = "1.13.1"; + + src = fetchFromGitHub { + owner = "argoproj-labs"; + repo = pname; + rev = "v${version}"; + hash = "sha256-BuPNmGWKvjWkMCyyAFZeSCcnBUeaoduw7fZe07WD3Jo="; + }; + + vendorHash = "sha256-jxuYT63FxylQinJ9paPk/Ut0aFX5gdLOS4ugzrtRIF0="; + + # integration tests require filesystem and network access for credentials + doCheck = false; + + meta = with lib; { + homepage = "https://argocd-vault-plugin.readthedocs.io"; + changelog = "https://github.com/argoproj-labs/argocd-vault-plugin/releases/tag/v${version}"; + description = "An Argo CD plugin to retrieve secrets from Secret Management tools and inject them into Kubernetes secrets"; + license = licenses.asl20; + maintainers = with maintainers; [ urandom ]; + }; +} diff --git a/pkgs/tools/security/arti/default.nix b/pkgs/tools/security/arti/default.nix index 103c8aceed829..8180f9013df8a 100644 --- a/pkgs/tools/security/arti/default.nix +++ b/pkgs/tools/security/arti/default.nix @@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec { pname = "arti"; - version = "1.1.0"; + version = "1.1.1"; src = fetchFromGitLab { domain = "gitlab.torproject.org"; @@ -18,10 +18,10 @@ rustPlatform.buildRustPackage rec { owner = "core"; repo = "arti"; rev = "arti-v${version}"; - sha256 = "sha256-fvRSx/I4SM9xWhooPPKFuRLSCYOxE+scqi6jRsGFOXo="; + sha256 = "sha256-A5enH7JqnLZ9Tte+FMpMVqq1g1JveYJbzH1Qum5In5E="; }; - cargoSha256 = "sha256-5wXeFomQs/aEbImmlyUzmYyDRXFp3qZSFOzk0g7pNEo="; + cargoHash = "sha256-LVc7CgRS57p7TUaTo8L94YArYC7eI0wegzNMcTiJrEg="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/pkgs/tools/security/asnmap/default.nix b/pkgs/tools/security/asnmap/default.nix index 3e4072c8eaa68..4895e3def1813 100644 --- a/pkgs/tools/security/asnmap/default.nix +++ b/pkgs/tools/security/asnmap/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "asnmap"; - version = "0.0.1"; + version = "1.0.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - hash = "sha256-NdD1b/yHB1fizAl/5UsksQ5jrj1OW46Ff4eABPPam7w="; + hash = "sha256-AndX0PISGKhVmUFcJ2pCu8dqH67nVCe+25MIcF9d+8A="; }; - vendorHash = "sha256-/L3fGDa3aJit9forggszIjpekowh4LbNhxiJjHhzARs="; + vendorHash = "sha256-+a6GgKHQ1D/hW9MEutyfbNbyDJuQGJ7Vd9Pz6w08lfo="; # Tests require network access doCheck = false; diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index f265444f53abd..3cbf1c46e640b 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -1,73 +1,155 @@ -{ atomEnv -, autoPatchelfHook -, dpkg -, fetchurl -, lib +{ lib +, buildNpmPackage +, dbus +, electron +, fetchFromGitHub +, glib +, gnome +, gtk3 +, jq , libsecret -, libxshmfence , makeDesktopItem , makeWrapper -, stdenv -, udev +, moreutils +, nodejs-16_x +, pkg-config +, python3 +, rustPlatform , wrapGAppsHook }: -stdenv.mkDerivation rec { - pname = "bitwarden"; - version = "2022.12.0"; +let + description = "A secure and free password manager for all of your devices"; + icon = "bitwarden"; + + buildNpmPackage' = buildNpmPackage.override { nodejs = nodejs-16_x; }; - src = fetchurl { - url = "https://github.com/bitwarden/clients/releases/download/desktop-v${version}/Bitwarden-${version}-amd64.deb"; - sha256 = "sha256-deQG1GEYmnQmO5+jASsiQmDphb+4Jyq9aSn/A4z++uE="; + version = "2023.2.0"; + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "clients"; + rev = "desktop-v${version}"; + sha256 = "/k2r+TikxVGlz8cnOq5zF3oUYw4zj31vDAD7OQFQlC4="; + }; + + desktop-native = rustPlatform.buildRustPackage rec { + pname = "bitwarden-desktop-native"; + inherit src version; + sourceRoot = "source/apps/desktop/desktop_native"; + cargoSha256 = "sha256-zLftfmWYYUAaMvIT21qhVsHzxnNdQhFBH0fRBwVduAc="; + + patchFlags = [ "-p4" ]; + + nativeBuildInputs = [ + pkg-config + wrapGAppsHook + ]; + + buildInputs = [ + glib + gtk3 + libsecret + ]; + + nativeCheckInputs = [ + dbus + (gnome.gnome-keyring.override { useWrappedDaemon = false; }) + ]; + + checkFlags = [ + "--skip=password::password::tests::test" + ]; + + checkPhase = '' + runHook preCheck + + export HOME=$(mktemp -d) + export -f cargoCheckHook runHook _eval _callImplicitHook + dbus-run-session \ + --config-file=${dbus}/share/dbus-1/session.conf \ + -- bash -e -c cargoCheckHook + runHook postCheck + ''; }; desktopItem = makeDesktopItem { name = "bitwarden"; exec = "bitwarden %U"; - icon = "bitwarden"; - comment = "A secure and free password manager for all of your devices"; + inherit icon; + comment = description; desktopName = "Bitwarden"; categories = [ "Utility" ]; }; - dontBuild = true; - dontConfigure = true; - dontPatchELF = true; - dontWrapGApps = true; +in - nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook wrapGAppsHook ]; +buildNpmPackage' { + pname = "bitwarden"; + inherit src version; - buildInputs = [ libsecret libxshmfence ] ++ atomEnv.packages; + makeCacheWritable = true; + npmBuildFlags = [ + "--workspace apps/desktop" + ]; + npmDepsHash = "sha256-aFjN1S0+lhHjK3VSYfx0F5X8wSJwRRr6zQpPGt2VpxE="; - unpackPhase = "dpkg-deb -x $src ."; + ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; - installPhase = '' - mkdir -p "$out/bin" - cp -R "opt" "$out" - cp -R "usr/share" "$out/share" - chmod -R g-w "$out" - - # Desktop file - mkdir -p "$out/share/applications" - cp "${desktopItem}/share/applications/"* "$out/share/applications" + nativeBuildInputs = [ + jq + makeWrapper + moreutils + python3 + ]; + + preBuild = '' + jq 'del(.scripts.postinstall)' apps/desktop/package.json | sponge apps/desktop/package.json + jq '.scripts.build = ""' apps/desktop/desktop_native/package.json | sponge apps/desktop/desktop_native/package.json + cp ${desktop-native}/lib/libdesktop_native.so apps/desktop/desktop_native/desktop_native.linux-x64-musl.node ''; - runtimeDependencies = [ - (lib.getLib udev) - ]; + postBuild = '' + pushd apps/desktop + + "$(npm bin)"/electron-builder \ + --dir \ + -c.electronDist=${electron}/lib/electron \ + -c.electronVersion=${electron.version} + + popd + ''; + + installPhase = '' + mkdir $out + + pushd apps/desktop/dist/linux-unpacked + mkdir -p $out/opt/Bitwarden + cp -r locales resources{,.pak} $out/opt/Bitwarden + popd + + makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \ + --add-flags $out/opt/Bitwarden/resources/app.asar \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default ELECTRON_IS_DEV 0 \ + --inherit-argv0 + + mkdir -p $out/share/applications + cp ${desktopItem}/share/applications/* $out/share/applications - postFixup = '' - makeWrapper $out/opt/Bitwarden/bitwarden $out/bin/bitwarden \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ libsecret stdenv.cc.cc ] }" \ - "''${gappsWrapperArgs[@]}" + pushd apps/desktop/resources/icons + for icon in *.png; do + dir=$out/share/icons/hicolor/"''${icon%.png}"/apps + mkdir -p "$dir" + cp "$icon" "$dir"/${icon}.png + done + popd ''; meta = with lib; { - description = "A secure and free password manager for all of your devices"; + inherit description; homepage = "https://bitwarden.com"; - sourceProvenance = with sourceTypes; [ binaryNativeCode ]; - license = licenses.gpl3; - maintainers = with maintainers; [ kiwi ]; + license = lib.licenses.gpl3; + maintainers = with maintainers; [ amarshall kiwi ]; platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/tools/security/boofuzz/default.nix b/pkgs/tools/security/boofuzz/default.nix index dc0179fa35e54..37724d87394df 100644 --- a/pkgs/tools/security/boofuzz/default.nix +++ b/pkgs/tools/security/boofuzz/default.nix @@ -1,5 +1,5 @@ -{ stdenv -, lib +{ lib +, stdenv , fetchFromGitHub , python3 }: @@ -7,12 +7,13 @@ python3.pkgs.buildPythonApplication rec { pname = "boofuzz"; version = "0.4.1"; + format = "setuptools"; src = fetchFromGitHub { owner = "jtpereyda"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-mbxImm5RfYWq1JCCSvvG58Sxv2ad4BOh+RLvtNjQCKE="; + rev = "refs/tags/v${version}"; + hash = "sha256-mbxImm5RfYWq1JCCSvvG58Sxv2ad4BOh+RLvtNjQCKE="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -41,6 +42,10 @@ python3.pkgs.buildPythonApplication rec { "TestNoResponseFailure" "TestProcessMonitor" "TestSocketConnection" + # SyntaxError: invalid syntax, https://github.com/jtpereyda/boofuzz/issues/663 + "test_msg_60_bytes" + ] ++ lib.optionals stdenv.isDarwin [ + "test_time_repeater" ]; pythonImportsCheck = [ @@ -50,6 +55,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Network protocol fuzzing tool"; homepage = "https://github.com/jtpereyda/boofuzz"; + changelog = "https://github.com/jtpereyda/boofuzz/blob/v${version}/CHANGELOG.rst"; license = with licenses; [ gpl2Plus ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/brutespray/default.nix b/pkgs/tools/security/brutespray/default.nix index 200cd96c238b3..b00aede158182 100644 --- a/pkgs/tools/security/brutespray/default.nix +++ b/pkgs/tools/security/brutespray/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "brutespray"; - version = "1.8"; + version = "1.8.1"; src = fetchFromGitHub { owner = "x90skysn3k"; repo = pname; rev = "${pname}-${version}"; - sha256 = "sha256-hlFp2ZQnoydxF2NBCjSKtmNzMj9V14AKrNYKMF/8m70="; + sha256 = "sha256-O9HOsj0R6oHI7jjG4FBqbrSAQSVomgeD7tyPDNCNmIo="; }; postPatch = '' diff --git a/pkgs/tools/security/buttercup-desktop/default.nix b/pkgs/tools/security/buttercup-desktop/default.nix index 27cf191018e43..4c00f41919c99 100644 --- a/pkgs/tools/security/buttercup-desktop/default.nix +++ b/pkgs/tools/security/buttercup-desktop/default.nix @@ -2,10 +2,10 @@ let pname = "buttercup-desktop"; - version = "2.17.0"; + version = "2.18.2"; src = fetchurl { url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; - sha256 = "sha256-JD3ZFRWGCJq5VDGkTgIZuZPScQrNF4vsuCavBD3pigA="; + sha256 = "sha256-1WLhT94FNZ7be58uov/0vtvB7ET/WNY/tPSIuaW5zfc="; }; appimageContents = appimageTools.extractType2 { inherit pname src version; }; diff --git a/pkgs/tools/security/cariddi/default.nix b/pkgs/tools/security/cariddi/default.nix index 4936b23af3cc4..bc99a499b70f3 100644 --- a/pkgs/tools/security/cariddi/default.nix +++ b/pkgs/tools/security/cariddi/default.nix @@ -5,20 +5,21 @@ buildGoModule rec { pname = "cariddi"; - version = "1.2.1"; + version = "1.3.0"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-8Z2iswjl85rsIhHMAGD3kYJanBWToWBVidglWMg7omw="; + rev = "refs/tags/v${version}"; + hash = "sha256-pO1FXlkaQveDIfMSWiLB9QvVxmFJixc/HHcEuhg5KmY="; }; - vendorSha256 = "sha256-mXzI3NF1afMvQ4STPpbehoarfOT35P01IotXPVYNnio="; + vendorHash = "sha256-zDKByBISZNRb4sMCrHKGlp4EBtifBfj92tygcaBH/Fc="; meta = with lib; { description = "Crawler for URLs and endpoints"; homepage = "https://github.com/edoardottt/cariddi"; + changelog = "https://github.com/edoardottt/cariddi/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/certipy/default.nix b/pkgs/tools/security/certipy/default.nix index 8bf3e6983b6d1..589e1f97e64b4 100644 --- a/pkgs/tools/security/certipy/default.nix +++ b/pkgs/tools/security/certipy/default.nix @@ -5,13 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "certipy"; - version = "2.0.9"; + version = "4.3.0"; + format = "setuptools"; src = fetchFromGitHub { owner = "ly4k"; repo = "Certipy"; - rev = version; - hash = "sha256-84nGRKZ0UlMDAZ1Wo5Hgy9XSAyEh0Tio9+3OZVFZG5k="; + rev = "refs/tags/${version}"; + hash = "sha256-vwlWAbA4ExYAPRInhEsjRCNuL2wqMhAmYKO78Vi4OGo="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -22,6 +23,7 @@ python3.pkgs.buildPythonApplication rec { ldap3 pyasn1 pycryptodome + requests_ntlm ]; # Project has no tests @@ -34,6 +36,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool to enumerate and abuse misconfigurations in Active Directory Certificate Services"; homepage = "https://github.com/ly4k/Certipy"; + changelog = "https://github.com/ly4k/Certipy/releases/tag/${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/certstrap/default.nix b/pkgs/tools/security/certstrap/default.nix index 6bcdf1dbc457b..a7c99132a3386 100644 --- a/pkgs/tools/security/certstrap/default.nix +++ b/pkgs/tools/security/certstrap/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "certstrap"; - version = "1.2.0"; + version = "1.3.0"; src = fetchFromGitHub { owner = "square"; repo = "certstrap"; rev = "v${version}"; - sha256 = "sha256-kmlbz6Faw5INzw+fB1KXjo9vmuaZEp4PvuMldqyFrPo="; + sha256 = "sha256-mbZtomR8nnawXr3nGVSEuVObe79M1CqTlYN/aEpKmcU="; }; - vendorSha256 = null; + vendorSha256 = "sha256-r7iYhTmFKTjfv11fEerC72M7JBp64rWfbkoTKzObNqM="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/chipsec/default.nix b/pkgs/tools/security/chipsec/default.nix index edb10f384bdf7..2acdc9bb09f07 100644 --- a/pkgs/tools/security/chipsec/default.nix +++ b/pkgs/tools/security/chipsec/default.nix @@ -40,6 +40,11 @@ python3.pkgs.buildPythonApplication rec { mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux ''; + env.NIX_CFLAGS_COMPILE = toString [ + # Needed with GCC 12 + "-Wno-error=dangling-pointer" + ]; + preInstall = lib.optionalString withDriver '' mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \ diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index e9e6314f2015b..aa8c68382a394 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "1.0.0"; + version = "1.0.1"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - hash = "sha256-vaObuFaQLm3WB36jE6Pri+zNSH4AgqlZF4d/Kymc2G4="; + hash = "sha256-CHLcG4L/TNfo5DI/r17kGh9mroCGXQVCkIW5RjVdhu4="; }; patches = [ diff --git a/pkgs/tools/security/cloudfox/default.nix b/pkgs/tools/security/cloudfox/default.nix index 51aefd496c55f..f03a1a17171a5 100644 --- a/pkgs/tools/security/cloudfox/default.nix +++ b/pkgs/tools/security/cloudfox/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "cloudfox"; - version = "1.9.0"; + version = "1.9.1"; src = fetchFromGitHub { owner = "BishopFox"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-HLBW7a2sjA/bs8VJkwQNqM6YPEfa1onMoK89G5Fsb8s="; + hash = "sha256-TV2knPG5n5l8APeAmpDfu6vQLtEhjqH21JXAZLk0DDI="; }; vendorHash = "sha256-xMHlooXuLECQi7co2/WvY0TIoV0S5OgcBklICCFk3ls="; diff --git a/pkgs/tools/security/commix/default.nix b/pkgs/tools/security/commix/default.nix index 3b2ba60291dce..4bbfd66e6237c 100644 --- a/pkgs/tools/security/commix/default.nix +++ b/pkgs/tools/security/commix/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "commix"; - version = "3.6"; + version = "3.7"; format = "setuptools"; src = fetchFromGitHub { owner = "commixproject"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-QdhJp7oUqOY8Z36haIrHgP4hVGaFXlOxNVg1ams7uhg="; + hash = "sha256-pqfb0CkWTPq6B8T7nn25lWuEQFRRziCDWYm5a1S3mIY="; }; postInstall = '' diff --git a/pkgs/tools/security/cosign/default.nix b/pkgs/tools/security/cosign/default.nix index fc1b583ccc7fb..2fcde94f90038 100644 --- a/pkgs/tools/security/cosign/default.nix +++ b/pkgs/tools/security/cosign/default.nix @@ -1,28 +1,40 @@ -{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, installShellFiles, PCSC, pivKeySupport ? true, pkcs11Support ? true }: - +{ stdenv +, lib +, buildGoModule +, fetchFromGitHub +, pcsclite +, pkg-config +, installShellFiles +, PCSC +, pivKeySupport ? true +, pkcs11Support ? true +, testers +, cosign +}: buildGoModule rec { pname = "cosign"; - version = "1.13.1"; + version = "2.0.0"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-R7MhfAnVJJ2NK8zV408xAk8Q6aWn9Gw6DOmFFX26x1Q="; + sha256 = "sha256-919oxYi4e56EhSBN0FdcEZBA430owaDnKHkgTneScXw="; }; - buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite) + buildInputs = + lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite) ++ lib.optionals (stdenv.isDarwin && pivKeySupport) [ PCSC ]; nativeBuildInputs = [ pkg-config installShellFiles ]; - vendorSha256 = "sha256-DpPEDttQnRGHVNiIpMGj14KvZEGR0Y80sZOffjQ3UHk="; + vendorSha256 = "sha256-DtFywktiGHlsdOFVpKUtKLYXJYwQYy1VISfUYVXlOG8="; subPackages = [ "cmd/cosign" ]; - tags = [] ++ lib.optionals pivKeySupport [ "pivkey" ] ++ lib.optionals pkcs11Support [ "pkcs11key" ]; + tags = [ ] ++ lib.optionals pivKeySupport [ "pivkey" ] ++ lib.optionals pkcs11Support [ "pkcs11key" ]; ldflags = [ "-s" @@ -31,12 +43,15 @@ buildGoModule rec { "-X sigs.k8s.io/release-utils/version.gitTreeState=clean" ]; + __darwinAllowLocalNetworking = true; + preCheck = '' # test all paths unset subPackages + rm pkg/cosign/ctlog_test.go # Require network access rm pkg/cosign/tlog_test.go # Require network access - rm pkg/cosign/verify_test.go # Require network access + rm cmd/cosign/cli/verify/verify_blob_attestation_test.go # Require network access ''; postInstall = '' @@ -46,11 +61,17 @@ buildGoModule rec { --zsh <($out/bin/cosign completion zsh) ''; + passthru.tests.version = testers.testVersion { + package = cosign; + command = "cosign version"; + version = "v${version}"; + }; + meta = with lib; { homepage = "https://github.com/sigstore/cosign"; changelog = "https://github.com/sigstore/cosign/releases/tag/v${version}"; description = "Container Signing CLI with support for ephemeral keys and Sigstore signing"; license = licenses.asl20; - maintainers = with maintainers; [ lesuisse jk ]; + maintainers = with maintainers; [ lesuisse jk developer-guy ]; }; } diff --git a/pkgs/tools/security/credslayer/default.nix b/pkgs/tools/security/credslayer/default.nix index c8e403f3b9e51..7d9d675779301 100644 --- a/pkgs/tools/security/credslayer/default.nix +++ b/pkgs/tools/security/credslayer/default.nix @@ -21,8 +21,9 @@ python3.pkgs.buildPythonApplication rec { ]; nativeCheckInputs = with python3.pkgs; [ - wireshark-cli + py pytestCheckHook + wireshark-cli ]; pytestFlagsArray = [ diff --git a/pkgs/tools/security/dieharder/default.nix b/pkgs/tools/security/dieharder/default.nix index b85a5c39656ea..51370ad8dcc2d 100644 --- a/pkgs/tools/security/dieharder/default.nix +++ b/pkgs/tools/security/dieharder/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { # Workaround build failure on -fno-common toolchains: # ld: include/dieharder/parse.h:21: multiple definition of `splitbuf'; # include/dieharder/parse.h:21: first defined here - NIX_CFLAGS_COMPILE = "-fcommon"; + env.NIX_CFLAGS_COMPILE = "-fcommon"; buildInputs = [ gsl ]; diff --git a/pkgs/tools/security/doppler/default.nix b/pkgs/tools/security/doppler/default.nix index f4accf3f80985..c6b5581a334f6 100644 --- a/pkgs/tools/security/doppler/default.nix +++ b/pkgs/tools/security/doppler/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "doppler"; - version = "3.53.0"; + version = "3.55.0"; src = fetchFromGitHub { owner = "dopplerhq"; repo = "cli"; rev = version; - sha256 = "sha256-Z6GQQYvf+qXunrazNR0a7nCBx84JLtHWeK2+WV1RuwU="; + sha256 = "sha256-Gbf82zOyVr66ZKS7JJ8esiF8RzDG3KkzQah5wdPfeoY="; }; vendorHash = "sha256-TwcEH+LD0E/JcptMCYb3UycO3HhZX3igzSlBW4hS784="; diff --git a/pkgs/tools/security/echidna/default.nix b/pkgs/tools/security/echidna/default.nix index 8a902068d27b5..fcd94f66fbc59 100644 --- a/pkgs/tools/security/echidna/default.nix +++ b/pkgs/tools/security/echidna/default.nix @@ -10,13 +10,13 @@ }: mkDerivation rec { pname = "echidna"; - version = "2.0.4"; + version = "2.0.5"; src = fetchFromGitHub { owner = "crytic"; repo = "echidna"; rev = "v${version}"; - sha256 = "sha256-DiEZGbd08QLP8zgrIssGYL6h18AprcWZSYp1mMu9TRw="; + sha256 = "sha256-8bChe+qA4DowfuwsR5wLckb56fXi102g8vL2gAH/kYE="; }; isLibrary = true; diff --git a/pkgs/tools/security/efitools/default.nix b/pkgs/tools/security/efitools/default.nix index c9deb16ff4412..59cb794d718e1 100644 --- a/pkgs/tools/security/efitools/default.nix +++ b/pkgs/tools/security/efitools/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { ]; src = fetchgit { - url = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; + url = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; rev = "v${version}"; sha256 = "0jabgl2pxvfl780yvghq131ylpf82k7banjz0ksjhlm66ik8gb1i"; }; diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index d73a93d851b74..a4b6f6c164f32 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -21,13 +21,13 @@ stdenv.mkDerivation rec { pname = "eid-mw"; # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS. - version = "5.1.4"; + version = "5.1.10"; src = fetchFromGitHub { owner = "Fedict"; repo = "eid-mw"; rev = "v${version}"; - sha256 = "pHzjLyQFn7UvFrPUcI/ZQHMOwVp6ndnX9YegJzlhERM="; + hash = "sha256-2Xru/s7KawZlIxON5nO679P+L3okofE054WDfRsE3ZI="; }; nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ]; diff --git a/pkgs/tools/security/enc/default.nix b/pkgs/tools/security/enc/default.nix new file mode 100644 index 0000000000000..00d6d0211f80c --- /dev/null +++ b/pkgs/tools/security/enc/default.nix @@ -0,0 +1,55 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, git +, installShellFiles +}: + +buildGoModule rec { + pname = "enc"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "life4"; + repo = "enc"; + rev = "v${version}"; + sha256 = "Tt+J/MnYJNewSl5UeewS0b47NGW2yzfcVHA5+9UQWSs="; + }; + vendorSha256 = "lB6GkE6prfBG7OCOJ1gm23Ee5+nAgmJg8I9Nqe1fsRw="; + + proxyVendor = true; + + nativeBuildInputs = [ installShellFiles ]; + + subPackages = "."; + + ldflags = [ + "-s" + "-w" + "-X github.com/life4/enc/version.GitCommit=${version}" + ]; + + nativeCheckInputs = [ git ]; + + postInstall = '' + installShellCompletion --cmd enc \ + --bash <($out/bin/enc completion bash) \ + --fish <($out/bin/enc completion fish) \ + --zsh <($out/bin/enc completion zsh) + ''; + + meta = with lib; { + homepage = "https://github.com/life4/enc"; + changelog = "https://github.com/life4/enc/releases/tag/v${version}"; + description = "A modern and friendly alternative to GnuPG"; + longDescription = '' + Enc is a CLI tool for encryption, a modern and friendly alternative to GnuPG. + It is easy to use, secure by default and can encrypt and decrypt files using password or encryption keys, + manage and download keys, and sign data. + Our goal was to make encryption available to all engineers without the need to learn a lot of new words, concepts, + and commands. It is the most beginner-friendly CLI tool for encryption, and keeping it that way is our top priority. + ''; + license = licenses.mit; + maintainers = with maintainers; [ rvnstn ]; + }; +} diff --git a/pkgs/tools/security/enum4linux-ng/default.nix b/pkgs/tools/security/enum4linux-ng/default.nix index d583286939323..2c9ab122e657f 100644 --- a/pkgs/tools/security/enum4linux-ng/default.nix +++ b/pkgs/tools/security/enum4linux-ng/default.nix @@ -9,13 +9,13 @@ buildPythonApplication rec { pname = "enum4linux-ng"; - version = "1.3.0"; + version = "1.3.1"; src = fetchFromGitHub { owner = "cddmp"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-InE0VRk9hK7JEKL202/2RclrJHAHFAol3DxKnVA+lq4="; + hash = "sha256-qO34sVK8eunALPCzLoCqWkO78tG4iEavij8jClCRi88="; }; propagatedBuildInputs = [ diff --git a/pkgs/tools/security/erosmb/default.nix b/pkgs/tools/security/erosmb/default.nix index 90165b6581648..b7984feac5136 100644 --- a/pkgs/tools/security/erosmb/default.nix +++ b/pkgs/tools/security/erosmb/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "erosmb"; - version = "0.1.4"; + version = "0.1.5"; format = "pyproject"; src = fetchFromGitHub { owner = "viktor02"; repo = "EroSmb"; rev = "refs/tags/v${version}"; - hash = "sha256-ThJwBKpxoTwHP84OlVKH62gQ3kfv83J8HNs5Mizi8Ck="; + hash = "sha256-9Zs5Z+3JiBiJkV9Ixl5pPmLv0dUT59CT0UkQDsmneWc="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/evtx/default.nix b/pkgs/tools/security/evtx/default.nix index ebee997d80482..86cd382576df8 100644 --- a/pkgs/tools/security/evtx/default.nix +++ b/pkgs/tools/security/evtx/default.nix @@ -6,16 +6,16 @@ rustPlatform.buildRustPackage rec { pname = "evtx"; - version = "0.8.0"; + version = "0.8.1"; src = fetchFromGitHub { owner = "omerbenamram"; repo = pname; - rev = "v${version}"; - hash = "sha256-iexSMcD4XHEYeVWWQXQ7VLZwtUQeEkvrLxMXuxYuxts="; + rev = "refs/tags/v${version}"; + hash = "sha256-aa04Ia11+Ae1amc3JAtYdSWf+f/fenTt0Bny/AauaHo="; }; - cargoSha256 = "sha256-6dDv4+yEKxFjbguMfQxPm18PgZ2DC9IVbmpw2N94mEo="; + cargoHash = "sha256-4pQP+cvKfOvRgWRFa4+/dEpBq+gfcOuEENC5aP4Cp7U="; postPatch = '' # CLI tests will fail in the sandbox @@ -25,6 +25,7 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "Parser for the Windows XML Event Log (EVTX) format"; homepage = "https://github.com/omerbenamram/evtx"; + changelog = "https://github.com/omerbenamram/evtx/blob/v${version}/CHANGELOG.md"; license = with licenses; [ asl20 /* or */ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 9718f0095d02b..46852f61e9703 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-11-22"; + version = "2023-02-28"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-G871FvwekcF5uMq7NRoWuIb9UqzIbMniboKlUzgCaeI="; + hash = "sha256-hEuOGnAWyX3oBfrUWBhT58WAjDWTWeLIYuyfUs3q0Jc="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 459f9f12c1ea0..daa0e84711584 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, fetchFromGitHub , python3 , fetchpatch +, installShellFiles }: python3.pkgs.buildPythonApplication rec { @@ -14,6 +15,10 @@ python3.pkgs.buildPythonApplication rec { sha256 = "q4U9iWCa1zg8sA+6pPNejt6v/41WGIKN5wITJCrCqQE="; }; + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ installShellFiles ]; + pythonPath = with python3.pkgs; lib.optionals stdenv.isLinux [ systemd @@ -71,6 +76,8 @@ python3.pkgs.buildPythonApplication rec { '' # see https://github.com/NixOS/nixpkgs/issues/4968 rm -r "${sitePackages}/etc" + + installManPage man/*.[1-9] '' + lib.optionalString stdenv.isLinux '' # see https://github.com/NixOS/nixpkgs/issues/4968 rm -r "${sitePackages}/usr" diff --git a/pkgs/tools/security/ffuf/default.nix b/pkgs/tools/security/ffuf/default.nix index 18862b7940df9..3831ff4d8e228 100644 --- a/pkgs/tools/security/ffuf/default.nix +++ b/pkgs/tools/security/ffuf/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "ffuf"; - version = "1.5.0"; + version = "2.0.0"; src = fetchFromGitHub { owner = pname; repo = pname; - rev = "v${version}"; - sha256 = "sha256-dqABifXA104NCPdrWhB79cZQloJrqwJ45rlh+M/lRrs="; + rev = "refs/tags/v${version}"; + hash = "sha256-TfPglATKQ3RIGODcIpSRL6FjbLyCjDzbi70jTLKYlLk="; }; - vendorSha256 = "sha256-szT08rIozAuliOmge5RFX4NeVrJ2pCVyfotrHuvc0UU="; + vendorHash = "sha256-nqv45e1W7MA8ElsJ7b4XWs26OicJ7IXmh93+wkueZg4="; meta = with lib; { description = "Fast web fuzzer written in Go"; @@ -24,6 +24,7 @@ buildGoModule rec { or web servers. ''; homepage = "https://github.com/ffuf/ffuf"; + changelog = "https://github.com/ffuf/ffuf/releases/tag/v${version}"; license = licenses.mit; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/fulcio/default.nix b/pkgs/tools/security/fulcio/default.nix index d099cd2c0dbee..9640b0d1fc982 100644 --- a/pkgs/tools/security/fulcio/default.nix +++ b/pkgs/tools/security/fulcio/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "fulcio"; - version = "0.6.0"; + version = "1.1.0"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ZWDvFSx+zH/P0ZfdqxAe+c4jFUH8mfY1vpUXlIxw1sI="; + sha256 = "sha256-b2rn4et7Ze8XRc1Oa/DCfpva/rihtBLapbGlpYGvOjc="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -20,7 +20,7 @@ buildGoModule rec { find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-LLvaaOZzp9b99eYOsfvbPRwZqSNfoinVUfYDmPiw5Mk="; + vendorHash = "sha256-8iNXBSEaKApu+qjGIYOLU6z/sxIVQhltgBRG9eN4RXw="; nativeBuildInputs = [ installShellFiles ]; @@ -29,14 +29,14 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-X github.com/sigstore/fulcio/pkg/server.gitVersion=v${version}" - "-X github.com/sigstore/fulcio/pkg/server.gitTreeState=clean" + "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}" + "-X sigs.k8s.io/release-utils/version.gitTreeState=clean" ]; # ldflags based on metadata from git and source preBuild = '' - ldflags+=" -X github.com/sigstore/fulcio/pkg/server.gitCommit=$(cat COMMIT)" - ldflags+=" -X github.com/sigstore/fulcio/pkg/server.buildDate=$(cat SOURCE_DATE_EPOCH)" + ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)" + ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)" ''; preCheck = '' @@ -59,7 +59,7 @@ buildGoModule rec { installCheckPhase = '' runHook preInstallCheck $out/bin/fulcio --help - $out/bin/fulcio version | grep "v${version}" + $out/bin/fulcio version 2>&1 | grep "v${version}" runHook postInstallCheck ''; diff --git a/pkgs/tools/security/gallia/default.nix b/pkgs/tools/security/gallia/default.nix index 0f5051db0a4dd..438c22f0046cd 100644 --- a/pkgs/tools/security/gallia/default.nix +++ b/pkgs/tools/security/gallia/default.nix @@ -2,22 +2,28 @@ , stdenv , fetchFromGitHub , python3 +, cacert }: python3.pkgs.buildPythonApplication rec { pname = "gallia"; - version = "1.0.3"; + version = "1.1.4"; format = "pyproject"; src = fetchFromGitHub { owner = "Fraunhofer-AISEC"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-CoZ3niGuEjcaSyIGc0MIy95v64nTbhgqW/0uz4a/f1o="; + hash = "sha256-McHzHK404kDB992T2f84dZHDxujpPIz4qglYMmv3kTw="; }; + pythonRelaxDeps = [ + "msgspec" + ]; + nativeBuildInputs = with python3.pkgs; [ poetry-core + pythonRelaxDepsHook ]; propagatedBuildInputs = with python3.pkgs; [ @@ -29,22 +35,19 @@ python3.pkgs.buildPythonApplication rec { construct msgspec pydantic + pygit2 tabulate - tomlkit - xdg + tomli zstandard ]; + SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt"; + nativeCheckInputs = with python3.pkgs; [ pytestCheckHook + pytest-asyncio ]; - postPatch = '' - substituteInPlace pyproject.toml \ - --replace 'aiofiles = "^0.8.0"' 'aiofiles = ">=0.8.0"' \ - --replace 'zstandard = "^0.17.0"' 'zstandard = "*"' - ''; - pythonImportsCheck = [ "gallia" ]; @@ -54,10 +57,11 @@ python3.pkgs.buildPythonApplication rec { ''; meta = with lib; { - description = "Pentesting framework with the focus on the automotive domain"; + description = "Extendable Pentesting Framework for the Automotive Domain"; homepage = "https://github.com/Fraunhofer-AISEC/gallia"; + changelog = "https://github.com/Fraunhofer-AISEC/gallia/releases/tag/v${version}"; license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab ]; - broken = stdenv.isDarwin; + maintainers = with maintainers; [ fab rumpelsepp ]; + platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix index 2857019612d50..169d029ef148f 100644 --- a/pkgs/tools/security/ghidra/build.nix +++ b/pkgs/tools/security/ghidra/build.nix @@ -19,13 +19,13 @@ let pkg_path = "$out/lib/ghidra"; pname = "ghidra"; - version = "10.2.2"; + version = "10.2.3"; src = fetchFromGitHub { owner = "NationalSecurityAgency"; repo = "Ghidra"; rev = "Ghidra_${version}_build"; - sha256 = "sha256-AiyY6mGM+jHu9n39t/cYj+I5CE+a3vA4P0THNEFoZrk="; + sha256 = "sha256-YhjKRlFlF89H05NsTS69SB108rNiiWijvZZY9fR+Ebc="; }; desktopItem = makeDesktopItem { diff --git a/pkgs/tools/security/gitleaks/default.nix b/pkgs/tools/security/gitleaks/default.nix index adae9873010e9..3e245e02feb4b 100644 --- a/pkgs/tools/security/gitleaks/default.nix +++ b/pkgs/tools/security/gitleaks/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.15.3"; + version = "8.16.0"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - hash = "sha256-eY4RqXDeEsriSdVtEQQKw3NPBOe/UzhXjh1TkW3fWp0="; + hash = "sha256-EazTDPJMMUGmGSfQ5d7J1opv/KlapQLZZYxjbzBRaUY="; }; vendorHash = "sha256-Ev0/CSpwJDmc+Dvu/bFDzsgsq80rWImJWXNAUqYHgoE="; diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix index 5fa9bc0beddba..390665fe44fd8 100644 --- a/pkgs/tools/security/gnupg/1.nix +++ b/pkgs/tools/security/gnupg/1.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { # gcc-10. Otherwise build fails as: # ld: ../util/libutil.a(estream-printf.o):/build/gnupg-1.4.23/util/../include/memory.h:100: multiple definition of # `memory_debug_mode'; gpgsplit.o:/build/gnupg-1.4.23/tools/../include/memory.h:100: first defined here - NIX_CFLAGS_COMPILE = "-fcommon"; + env.NIX_CFLAGS_COMPILE = "-fcommon"; doCheck = true; diff --git a/pkgs/tools/security/gnupg/23.nix b/pkgs/tools/security/gnupg/24.nix index 2030e8195e680..c1f2825e8e93c 100644 --- a/pkgs/tools/security/gnupg/23.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -1,5 +1,6 @@ { fetchurl, fetchpatch, lib, stdenv, pkg-config, libgcrypt, libassuan, libksba , libgpg-error, libiconv, npth, gettext, texinfo, buildPackages +, nixosTests , guiSupport ? stdenv.isDarwin, enableMinimal ? false , adns, bzip2, gnutls, libusb1, openldap , pinentry, readline, sqlite, zlib @@ -11,11 +12,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.3.7"; + version = "2.4.0"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk="; + sha256 = "sha256-HXkVjdAdmSQx3S4/rLif2slxJ/iXhOosthDGAPsMFIM="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -29,19 +30,13 @@ stdenv.mkDerivation rec { patches = [ ./fix-libusb-include-path.patch ./tests-add-test-cases-for-import-without-uid.patch - ./allow-import-of-previously-known-keys-even-without-UI.patch + # TODO: Refresh patch? Doesn't apply on 2.4.0 + #./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch - # Fix regression when using YubiKey devices as smart cards. - # See https://dev.gnupg.org/T6070 for details. - # Committed upstream, remove this patch when updating to the next release. - (fetchpatch { - url = "https://dev.gnupg.org/rGf34b9147eb3070bce80d53febaa564164cd6c977?diff=1"; - sha256 = "sha256-J/PLSz8yiEgtGv+r3BTGTHrikV70AbbHQPo9xbjaHFE="; - }) ]; postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 @@ -85,6 +80,8 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + passthru.tests.connman = nixosTests.gnupg; + meta = with lib; { homepage = "https://gnupg.org"; description = "Modern release of the GNU Privacy Guard, a GPL OpenPGP implementation"; diff --git a/pkgs/tools/security/go-cve-search/default.nix b/pkgs/tools/security/go-cve-search/default.nix index e68970b0b2670..d4b231c63a185 100644 --- a/pkgs/tools/security/go-cve-search/default.nix +++ b/pkgs/tools/security/go-cve-search/default.nix @@ -1,20 +1,20 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "go-cve-search"; - version = "0.1.3"; + version = "0.1.4"; src = fetchFromGitHub { owner = "s-index"; repo = pname; - rev = "v${version}"; - sha256 = "0hbv829daviskwsyp9xjcvl52m22986b2cylf2rldnxw5x8zqdvd"; + rev = "refs/tags/v${version}"; + hash = "sha256-ofa6lfA3XKj70YM6AVNKRgGI53teK7OB09luAom8HpQ="; }; - vendorSha256 = "0bhxk39ivbkhwjvq6415lax1pzn208b7px1id0d1nry93bk2zynd"; + vendorHash = "sha256-QXYjLPrfIPcZE8UTcE1kR9QQIusR/rAJG+e/IQ4P0PU="; # Tests requires network access doCheck = false; @@ -26,6 +26,7 @@ buildGoModule rec { and Exposures). ''; homepage = "https://github.com/s-index/go-cve-search"; + changelog = "https://github.com/s-index/go-cve-search/releases/tag/v${version}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/go-dork/default.nix b/pkgs/tools/security/go-dork/default.nix new file mode 100644 index 0000000000000..5e6c21d2397ba --- /dev/null +++ b/pkgs/tools/security/go-dork/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "go-dork"; + version = "1.0.2"; + + src = fetchFromGitHub { + owner = "dwisiswant0"; + repo = pname; + rev = "refs/tags/v${version}"; + hash = "sha256-tFmXutX3UnKAFFS4mO4PCv7Bhw1wJ7qjdA1ROryqYZU="; + }; + + vendorHash = "sha256-6V58RRRPamBMDAf0gg4sQMQkoD5dWauCFtPrwf5EasI="; + + meta = with lib; { + description = "Dork scanner"; + homepage = "https://github.com/dwisiswant0/go-dork"; + changelog = "https://github.com/dwisiswant0/go-dork/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/gobuster/default.nix b/pkgs/tools/security/gobuster/default.nix index 8dd91679d0934..279b6cd6c9fcd 100644 --- a/pkgs/tools/security/gobuster/default.nix +++ b/pkgs/tools/security/gobuster/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "gobuster"; - version = "3.4.0"; + version = "3.5.0"; src = fetchFromGitHub { owner = "OJ"; repo = "gobuster"; rev = "v${version}"; - hash = "sha256-GSpCmJx60DMGr6hDaL//i0gteJniU2jJO+sEDp+eUvg="; + hash = "sha256-Ohv/FgMbniItbrcrncAe9QKVjrhxoZ80BGYJmJtJpPk="; }; - vendorHash = "sha256-xY+RoM19bsoSCRJk7caMjU3jkUoWkOYRYKHfQjiVVPo="; + vendorHash = "sha256-ZbY5PyXKcTB9spVGfW2Qhj8SV9alOSH0DyXx1dh/NgQ="; meta = with lib; { description = "Tool used to brute-force URIs, DNS subdomains, Virtual Host names on target web servers"; diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index c4e910aa0352f..7f7a18534734e 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -13,18 +13,18 @@ buildGoModule rec { pname = "gopass"; - version = "1.15.3"; + version = "1.15.4"; nativeBuildInputs = [ installShellFiles makeWrapper ]; src = fetchFromGitHub { owner = "gopasspw"; - repo = pname; + repo = "gopass"; rev = "v${version}"; - hash = "sha256-xXXlpr+qwks+hWTPMu9xJVIamLriipzm0XQqOpg8Ipw="; + hash = "sha256-Jm5H36DI6Mqdnm34+GUMEYxEefXLxgnwWo4fhKOayxY="; }; - vendorHash = "sha256-Tb7eIv2G/VfRP1J6taJjAOtZQakA2pcocZ9kZemcZo0="; + vendorHash = "sha256-IJSEU6a3AhA/cVTWXhVtNtvA/D0hyRlqL7pec1Tlyio="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/git-credential.nix b/pkgs/tools/security/gopass/git-credential.nix index 9e585e27dc278..f0632291a9a48 100644 --- a/pkgs/tools/security/gopass/git-credential.nix +++ b/pkgs/tools/security/gopass/git-credential.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "git-credential-gopass"; - version = "1.15.3"; + version = "1.15.4"; src = fetchFromGitHub { owner = "gopasspw"; - repo = pname; + repo = "git-credential-gopass"; rev = "v${version}"; - hash = "sha256-x8hf1cZw+Hhizp8/vA8qJ+A6ERJUenjMeiuW8IFb/N0="; + hash = "sha256-S97KQ/yCyE1wBDao5KBKWPvoH+DmwpEJRiB6uJCGyFA="; }; - vendorHash = "sha256-YZoz7B12/VhWZRTDEVs2P36FrZoZs4OdPJMkR9H7D5I="; + vendorHash = "sha256-MLnfTdYR4/1qtnNCUs0TwGf5wMqE+V8jNCefeClQKfw="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/hibp.nix b/pkgs/tools/security/gopass/hibp.nix index c6db9a1d652a3..d28db3bca2e30 100644 --- a/pkgs/tools/security/gopass/hibp.nix +++ b/pkgs/tools/security/gopass/hibp.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-hibp"; - version = "1.15.3"; + version = "1.15.4"; src = fetchFromGitHub { owner = "gopasspw"; - repo = pname; + repo = "gopass-hibp"; rev = "v${version}"; - hash = "sha256-KqW1q3CnniNeQFypeZ6x/ov58SOMfAX5P2MMDKjMYBg="; + hash = "sha256-tqZVzYO3yKyUxfC+pxG+QuW9GBoPBteOdJMchepZ1jo="; }; - vendorHash = "sha256-w1Kxocrwcgn0g6ZBJ7obHraHK397bJltUFkm+/p4H5Y="; + vendorHash = "sha256-48KwEcB5KRUwrKCuyNhhuSVRXE3U5/yVYE2xO05AeF8="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/jsonapi.nix b/pkgs/tools/security/gopass/jsonapi.nix index f82b00fd201be..7ce9c4cc87095 100644 --- a/pkgs/tools/security/gopass/jsonapi.nix +++ b/pkgs/tools/security/gopass/jsonapi.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gopass-jsonapi"; - version = "1.15.3"; + version = "1.15.4"; src = fetchFromGitHub { owner = "gopasspw"; - repo = pname; + repo = "gopass-jsonapi"; rev = "v${version}"; - hash = "sha256-5thMhZr/ZlMHMKS2ZOyuua1ZfQ2od7QGSDBQsVsf9Os="; + hash = "sha256-gizUFoe+oAmEKHMlua/zsR+fUltGw2cp98XAgXzCm0U="; }; - vendorHash = "sha256-Gt5nd+3BkNQrdcq5+a70rdBXvCang/2ayZuyyZWON64="; + vendorHash = "sha256-vMrP6rC0uPsRyFZdU2E9mPp031eob+36NcGueNP1Y7o="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gopass/summon.nix b/pkgs/tools/security/gopass/summon.nix index dc9646ce91dd8..abb8eb653c5bd 100644 --- a/pkgs/tools/security/gopass/summon.nix +++ b/pkgs/tools/security/gopass/summon.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-summon-provider"; - version = "1.15.3"; + version = "1.15.4"; src = fetchFromGitHub { owner = "gopasspw"; - repo = pname; + repo = "gopass-summon-provider"; rev = "v${version}"; - hash = "sha256-YnCX+DDZoKbiwbT8lNvAh0ANNCtEPvaLr9LCvLX8nwo="; + hash = "sha256-gwvrwLJTh58PiRsEC3juhnA/q6cX3nRh/hiunKnPvDQ="; }; - vendorHash = "sha256-YZoz7B12/VhWZRTDEVs2P36FrZoZs4OdPJMkR9H7D5I="; + vendorHash = "sha256-MLnfTdYR4/1qtnNCUs0TwGf5wMqE+V8jNCefeClQKfw="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/gotrue/supabase.nix b/pkgs/tools/security/gotrue/supabase.nix index a70c3a8ca6442..d7c158e6a004d 100644 --- a/pkgs/tools/security/gotrue/supabase.nix +++ b/pkgs/tools/security/gotrue/supabase.nix @@ -1,27 +1,38 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib +, buildGoModule +, fetchFromGitHub +, testers +, gotrue-supabase +}: buildGoModule rec { pname = "gotrue"; - version = "2.41.4"; + version = "2.47.1"; src = fetchFromGitHub { owner = "supabase"; repo = pname; rev = "v${version}"; - hash = "sha256-wHsjCf9TdRZ80l4nGEsLlB4J7pXv65fOv4pfFy3Wp/0="; + hash = "sha256-GBrdYlWvtlz/A/5Tn58EPYBL3X73D44GzbN1OrzwU8U="; }; - vendorHash = "sha256-3dXfg9tblPx9V5LzzVm3UtCwGcPIAm2MaKm9JQi69mU="; + vendorHash = "sha256-FIl30sKmdcXayK8KWGFl+N+lYExl4ibKZ2tcvelw8zo="; ldflags = [ "-s" "-w" - "-X=github.com/netlify/gotrue/utilities.Version=${version}" + "-X=github.com/netlify/gotrue/internal/utilities.Version=${version}" ]; # integration tests require network to connect to postgres database doCheck = false; + passthru.tests.version = testers.testVersion { + package = gotrue-supabase; + command = "gotrue version"; + inherit version; + }; + meta = with lib; { homepage = "https://github.com/supabase/gotrue"; description = "A JWT based API for managing users and issuing JWT tokens"; diff --git a/pkgs/tools/security/govulncheck/default.nix b/pkgs/tools/security/govulncheck/default.nix index 9565c11dad5a9..d0523a5d58ebd 100644 --- a/pkgs/tools/security/govulncheck/default.nix +++ b/pkgs/tools/security/govulncheck/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "govulncheck"; - version = "unstable-2022-09-02"; + version = "unstable-2023-02-17"; src = fetchFromGitHub { owner = "golang"; repo = "vuln"; - rev = "27dd78d2ca392c1738e54efe513a2ecb7bf46000"; - sha256 = "sha256-G35y1V4W1nLZ+QGvIQwER9whBIBDFUVptrHx78orcI0="; + rev = "b91abcc5ae3c412965b4c8131c4373040c69e1b7"; + sha256 = "sha256-DYeG7SbjoH7rLD+Q0/5VC85bT2x7YxB4tAj1wmHkI4A="; }; - vendorSha256 = "sha256-9FH9nq5cEyhMxrrvfQAOWZ4aThMsU0HwlI+0W0uVHZ4="; + vendorSha256 = "sha256-+luU71QHNs7xxXQOLtd+Ka8+ETv5sA+gv+4g7Ogm5TI="; subPackages = [ "cmd/govulncheck" ]; @@ -30,12 +30,14 @@ buildGoModule rec { rm vulncheck/binary_test.go # - just have resolution issues rm vulncheck/{source,vulncheck}_test.go + rm internal/govulncheck/callstacks_test.go ''; ldflags = [ "-s" "-w" ]; meta = with lib; { homepage = "https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck"; + downloadPage = "https://github.com/golang/vuln"; description = "The database client and tools for the Go vulnerability database, also known as vuln"; longDescription = '' Govulncheck reports known vulnerabilities that affect Go code. It uses diff --git a/pkgs/tools/security/gpg-tui/default.nix b/pkgs/tools/security/gpg-tui/default.nix index 4ab4d468d068c..8b003ea4701f7 100644 --- a/pkgs/tools/security/gpg-tui/default.nix +++ b/pkgs/tools/security/gpg-tui/default.nix @@ -6,6 +6,7 @@ , libgpg-error , libxcb , libxkbcommon +, pkg-config , python3 , AppKit , Foundation @@ -16,20 +17,21 @@ rustPlatform.buildRustPackage rec { pname = "gpg-tui"; - version = "0.9.1"; + version = "0.9.4"; src = fetchFromGitHub { owner = "orhun"; repo = "gpg-tui"; rev = "v${version}"; - hash = "sha256-eUUHH6bPfYjkHo7C7GWzewTpT8je7TQK9M8mTM5v59s="; + hash = "sha256-2OMjqY1oTVKyEuCJrGGSQfgjQPSOQRx6LPhoFUuf/pw="; }; - cargoHash = "sha256-GtSvDfG9lRUirm4d6PSaOBLTHZJT2PH0Sx/9GVquX5M="; + cargoHash = "sha256-EhnQvVXv08l4ONnuIudU0WBw5AptD7OcvPUNOdpRZj4="; nativeBuildInputs = [ gpgme # for gpgme-config libgpg-error # for gpg-error-config + pkg-config python3 ]; diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index f745a2374ff32..f73710c1d19b7 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "grype"; - version = "0.55.0"; + version = "0.57.1"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - hash = "sha256-Y72h1YCf42RinGw2mKZb8Bz8ip+LUW377xwJht67Q1s="; + hash = "sha256-NACasOoCABoHmb4U5LvQ8EPO7G10A7uQtX4th/WJqrw="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,7 +28,7 @@ buildGoModule rec { }; proxyVendor = true; - vendorHash = "sha256-xzBOZyzwxVFTFgtmu7DLBpdkV9bwzJ9RETkdyV2HtQo="; + vendorHash = "sha256-DLY0tcacGFcP17IqUVvpVkUjd2xQMO5JZxltmL4b+Wo="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/tools/security/haka/default.nix b/pkgs/tools/security/haka/default.nix index 3ea38e060407e..b20abbb8bf20f 100644 --- a/pkgs/tools/security/haka/default.nix +++ b/pkgs/tools/security/haka/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation { sha256 = "0dm39g3k77sa70zrjsqadidg27a6iqq61jzfdxazpllnrw4mjy4w"; }; - NIX_CFLAGS_COMPILE = "-Wno-error"; + env.NIX_CFLAGS_COMPILE = "-Wno-error"; preConfigure = '' sed -i 's,/etc,'$out'/etc,' src/haka/haka.c diff --git a/pkgs/tools/security/hash_extender/default.nix b/pkgs/tools/security/hash_extender/default.nix index 5baeb71ce8992..9ddc16c9b27ea 100644 --- a/pkgs/tools/security/hash_extender/default.nix +++ b/pkgs/tools/security/hash_extender/default.nix @@ -16,6 +16,8 @@ stdenv.mkDerivation { doCheck = true; checkPhase = "./hash_extender --test"; + env.NIX_CFLAGS_COMPILE = "-Wno-error=deprecated-declarations"; + installPhase = '' mkdir -p $out/bin cp hash_extender $out/bin diff --git a/pkgs/tools/security/hologram/default.nix b/pkgs/tools/security/hologram/default.nix index 8f5e48ee37ec5..1a7e45c8024d2 100644 --- a/pkgs/tools/security/hologram/default.nix +++ b/pkgs/tools/security/hologram/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "hologram"; - version = "1.2.1"; + version = "1.3"; src = fetchFromGitHub { owner = "AdRoll"; repo = "hologram"; rev = version; - sha256 = "sha256-rdV/oVo+M5ALyU3a3XlA4kt+TLg0Rnr7/qDyZ9iuIb4="; + hash = "sha256-b65mplfDuwk8lEfJLKBY7BF0yGRksxHjwbEW6A7moo4="; }; postPatch = '' @@ -17,14 +17,14 @@ buildGoModule rec { rm -f agent/metadata_service_test.go server/persistent_ldap_test.go server/server_test.go ''; - vendorSha256 = "sha256-pEYMpBiNbq5eSDiFT+9gMjGHDeTzWIej802Zz6Xtays="; + vendorHash = "sha256-HI5+02qSQVLy6ZKaFjy1bWtvVk5bqMBg1umu2ic5HuY="; ldflags = [ "-s" "-w" ]; meta = with lib; { homepage = "https://github.com/AdRoll/hologram/"; description = "Easy, painless AWS credentials on developer laptops"; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ aaronjheng ]; license = licenses.asl20; }; } diff --git a/pkgs/tools/security/httpx/default.nix b/pkgs/tools/security/httpx/default.nix index 7b26825b70c91..bcf55ea52639d 100644 --- a/pkgs/tools/security/httpx/default.nix +++ b/pkgs/tools/security/httpx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "httpx"; - version = "1.2.6"; + version = "1.2.7"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "httpx"; rev = "refs/tags/v${version}"; - hash = "sha256-XGKz4Y04EpfJGkEfUE20Egv9dFiSEHOpDcQ2OfJ9wu8="; + hash = "sha256-kZU7k7vAKgQfCQobGa5i5ZnO8ARUSozv4gz93g912uM="; }; - vendorHash = "sha256-PsASCNHR52E4TSIK5s0ReJptKcondq39Dn2PsMQ8laA="; + vendorHash = "sha256-1EQt7L+dQvpBOGVHeaIOCUG960yv5h9nuQNnF4wSoug="; # Tests require network access doCheck = false; diff --git a/pkgs/tools/security/iaito/default.nix b/pkgs/tools/security/iaito/default.nix index 2047b311222ed..4e7567d45fdac 100644 --- a/pkgs/tools/security/iaito/default.nix +++ b/pkgs/tools/security/iaito/default.nix @@ -13,14 +13,14 @@ stdenv.mkDerivation rec { pname = "iaito"; - version = "5.8.0"; + version = "5.8.2"; srcs = [ (fetchFromGitHub rec { owner = "radareorg"; repo = "iaito"; rev = version; - hash = "sha256-LqJu30Bp+JgB+y3MDyPVuFmEoXTpfA7K2pxv1ZCABx0="; + hash = "sha256-6Do06u9axqH+DpGASEce8j3iGlrkIZGv50seyazOo1w="; name = repo; }) (fetchFromGitHub rec { @@ -57,11 +57,11 @@ stdenv.mkDerivation rec { ]; # the radare2 binary package seems to not install all necessary headers. - NIX_CFLAGS_COMPILE = [ "-I" "${radare2.src}/shlr/sdb/include/sdb" ]; + env.NIX_CFLAGS_COMPILE = toString [ "-I" "${radare2.src}/shlr/sdb/include/sdb" ]; postBuild = '' pushd ../../../iaito-translations - make build PREFIX=$out + make build -j$NIX_BUILD_CORES PREFIX=$out popd ''; @@ -74,7 +74,7 @@ stdenv.mkDerivation rec { install -m644 -Dt $out/share/pixmaps ../img/iaito-o.svg pushd ../../../iaito-translations - make install PREFIX=$out -j$NIX_BUILD_CORES + make install -j$NIX_BUILD_CORES PREFIX=$out popd runHook postInstall diff --git a/pkgs/tools/security/ioccheck/default.nix b/pkgs/tools/security/ioccheck/default.nix index be50d6483228a..6b1c4bc8e3414 100644 --- a/pkgs/tools/security/ioccheck/default.nix +++ b/pkgs/tools/security/ioccheck/default.nix @@ -44,7 +44,7 @@ buildPythonApplication rec { owner = "ranguli"; repo = pname; rev = "db02d921e2519b77523a200ca2d78417802463db"; - sha256 = "0lgqypcd5lzb2yqd5lr02pba24m26ghly4immxgz13svi8f6vzm9"; + hash = "sha256-qf5tHIpbj/BfrzUST+EzohKh1hUg09KwF+vT0tj1+FE="; }; nativeBuildInputs = with py.pkgs; [ @@ -76,7 +76,8 @@ buildPythonApplication rec { --replace '"hurry.filesize" = "^0.9"' "" \ --replace 'vt-py = ">=0.6.1,<0.8.0"' 'vt-py = ">=0.6.1"' \ --replace 'backoff = "^1.10.0"' 'backoff = ">=1.10.0"' \ - --replace 'termcolor = "^1.1.0"' 'termcolor = "*"' + --replace 'termcolor = "^1.1.0"' 'termcolor = "*"' \ + --replace 'tabulate = "^0.8.9"' 'tabulate = "*"' ''; pythonImportsCheck = [ diff --git a/pkgs/tools/security/kbs2/default.nix b/pkgs/tools/security/kbs2/default.nix index acda29b53ac8c..6a6ce8dc61192 100644 --- a/pkgs/tools/security/kbs2/default.nix +++ b/pkgs/tools/security/kbs2/default.nix @@ -1,24 +1,33 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, installShellFiles, python3, libxcb, AppKit, libiconv }: +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, installShellFiles +, python3 +, libxcb +, AppKit +, SystemConfiguration +}: rustPlatform.buildRustPackage rec { pname = "kbs2"; - version = "0.6.0"; + version = "0.7.1"; src = fetchFromGitHub { owner = "woodruffw"; repo = pname; rev = "v${version}"; - sha256 = "sha256-clbd4xHHGpFIr4s3Jocw4oQ3GbyGWMxZEVgj6JpVK94="; + hash = "sha256-lTxHG+Gul9yMdNPXiomP6crzF5J4wIKzeNyEHnlNM/4="; }; - cargoSha256 = "sha256-gfrC9TOs/Vz3K1gVr6MJ1QAKCE5WOD8VZ/tjOw3Y1uI="; + cargoHash = "sha256-X5WlEvOmbZ3STogoFjDhT2zF5Udt6ABaD+f1qBvmNYE="; nativeBuildInputs = [ installShellFiles ] ++ lib.optionals stdenv.isLinux [ python3 ]; buildInputs = [ ] ++ lib.optionals stdenv.isLinux [ libxcb ] - ++ lib.optionals stdenv.isDarwin [ AppKit libiconv ]; + ++ lib.optionals stdenv.isDarwin [ SystemConfiguration AppKit ]; preCheck = '' export HOME=$TMPDIR diff --git a/pkgs/tools/security/kestrel/default.nix b/pkgs/tools/security/kestrel/default.nix index 16f3a4f52a4e1..69622b71e0e1f 100644 --- a/pkgs/tools/security/kestrel/default.nix +++ b/pkgs/tools/security/kestrel/default.nix @@ -6,16 +6,16 @@ rustPlatform.buildRustPackage rec { pname = "kestrel"; - version = "0.10.0"; + version = "0.10.1"; src = fetchFromGitHub { owner = "finfet"; repo = pname; rev = "v${version}"; - hash = "sha256-aJKqx/PY7BanzE5AtqmKxvkULgXXqueGnDniLd9tHOg="; + hash = "sha256-kEM81HIfWETVrUiqXu1+3az+Stg3GdjHE7FaxXJgNYk="; }; - cargoHash = "sha256-UnXaDdQzoYP1N2FnLjOQgiJKnCyCojXKKxVlWYZT0DE="; + cargoHash = "sha256-xv35oFawFLVXZS3Eum6RCo8LcVvHftfv+UvJYYmIDx4="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/tools/security/kube-bench/default.nix b/pkgs/tools/security/kube-bench/default.nix index 9492475aadb54..f06482a0524db 100644 --- a/pkgs/tools/security/kube-bench/default.nix +++ b/pkgs/tools/security/kube-bench/default.nix @@ -2,15 +2,16 @@ buildGoModule rec { pname = "kube-bench"; - version = "0.6.10"; + version = "0.6.12"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-0rhs5MZzf9E848FxYuZdXTarYG1BwnfS9HDz9iYR/vo="; + rev = "refs/tags/v${version}"; + hash = "sha256-QF3aSb8Od8KaINuOs981gDJlp8Iv/WUve+LH+rkrBis="; }; - vendorSha256 = "sha256-uaFEtWI5tdL0egaJPTKh7k66Kyjq+N8YDlUGJDtFRqY="; + + vendorHash = "sha256-PM8VnPNMLhDhRVy6xafW0kuTHgd374r0Ol2U9k8LNIw="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 67a3ec76005c8..5aadac1760fdc 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.2.35" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.4" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index d478e29640a3b..afffd279837cc 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,12 +1,12 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 8bc83af1beb142de1ed3d81d2ef943443d07bff9 - ref: refs/tags/6.2.35 + revision: b37bae6ba447ad490205554e35ae2d0b54561f08 + ref: refs/tags/6.3.4 specs: - metasploit-framework (6.2.35) - actionpack (~> 6.0) - activerecord (~> 6.0) - activesupport (~> 6.0) + metasploit-framework (6.3.4) + actionpack (~> 7.0) + activerecord (~> 7.0) + activesupport (~> 7.0) aws-sdk-ec2 aws-sdk-iam aws-sdk-s3 @@ -31,7 +31,7 @@ GIT metasploit-concern metasploit-credential metasploit-model - metasploit-payloads (= 2.0.105) + metasploit-payloads (= 2.0.108) metasploit_data_models metasploit_payloads-mettle (= 1.0.20) mqtt @@ -53,6 +53,7 @@ GIT pg puma railties + rasn1 rb-readline recog redcarpet @@ -98,52 +99,51 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actionpack (6.1.7) - actionview (= 6.1.7) - activesupport (= 6.1.7) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.4.2) + actionview (= 7.0.4.2) + activesupport (= 7.0.4.2) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (6.1.7) - activesupport (= 6.1.7) + actionview (7.0.4.2) + activesupport (= 7.0.4.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (6.1.7) - activesupport (= 6.1.7) - activerecord (6.1.7) - activemodel (= 6.1.7) - activesupport (= 6.1.7) - activesupport (6.1.7) + activemodel (7.0.4.2) + activesupport (= 7.0.4.2) + activerecord (7.0.4.2) + activemodel (= 7.0.4.2) + activesupport (= 7.0.4.2) + activesupport (7.0.4.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.1) public_suffix (>= 2.0.2, < 6.0) afm (0.2.2) arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.693.0) - aws-sdk-core (3.168.4) + aws-partitions (1.716.0) + aws-sdk-core (3.170.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.357.0) + aws-sdk-ec2 (1.366.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.73.0) + aws-sdk-iam (1.75.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.61.0) + aws-sdk-kms (1.62.0) aws-sdk-core (~> 3, >= 3.165.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.117.2) + aws-sdk-s3 (1.119.1) aws-sdk-core (~> 3, >= 3.165.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) @@ -151,10 +151,10 @@ GEM aws-eventstream (~> 1, >= 1.0.2) bcrypt (3.1.18) bcrypt_pbkdf (1.1.0) - bindata (2.4.14) + bindata (2.4.15) bson (4.15.0) builder (3.2.4) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) cookiejar (0.3.3) crass (1.0.6) daemons (1.4.1) @@ -173,9 +173,9 @@ GEM eventmachine (>= 1.0.0.beta.4) erubi (1.12.0) eventmachine (1.2.7) - faker (3.1.0) + faker (3.1.1) i18n (>= 1.8.11, < 2) - faraday (2.7.2) + faraday (2.7.4) faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) @@ -217,11 +217,12 @@ GEM crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.5) - metasploit-concern (4.0.5) - activemodel (~> 6.0) - activesupport (~> 6.0) - railties (~> 6.0) - metasploit-credential (6.0.1) + metasploit-concern (5.0.1) + activemodel (~> 7.0) + activesupport (~> 7.0) + railties (~> 7.0) + zeitwerk + metasploit-credential (6.0.2) metasploit-concern metasploit-model metasploit_data_models (>= 5.0.0) @@ -231,26 +232,26 @@ GEM rex-socket rubyntlm rubyzip - metasploit-model (4.0.6) - activemodel (~> 6.0) - activesupport (~> 6.0) - railties (~> 6.0) - metasploit-payloads (2.0.105) - metasploit_data_models (5.0.6) - activerecord (~> 6.0) - activesupport (~> 6.0) + metasploit-model (5.0.1) + activemodel (~> 7.0) + activesupport (~> 7.0) + railties (~> 7.0) + metasploit-payloads (2.0.108) + metasploit_data_models (6.0.2) + activerecord (~> 7.0) + activesupport (~> 7.0) arel-helpers metasploit-concern metasploit-model (>= 3.1) pg - railties (~> 6.0) + railties (~> 7.0) recog webrick metasploit_payloads-mettle (1.0.20) method_source (1.0.0) mini_portile2 (2.8.1) minitest (5.17.0) - mqtt (0.5.0) + mqtt (0.6.0) msgpack (1.6.0) multi_json (1.15.0) mustermann (3.0.0) @@ -265,7 +266,7 @@ GEM network_interface (0.0.2) nexpose (7.3.0) nio4r (2.5.8) - nokogiri (1.14.0) + nokogiri (1.14.2) mini_portile2 (~> 2.8.0) racc (~> 1.4) nori (2.6.0) @@ -287,10 +288,10 @@ GEM ttfunk pg (1.4.5) public_suffix (5.0.1) - puma (6.0.2) + puma (6.1.0) nio4r (~> 2.0) racc (1.6.2) - rack (2.2.5) + rack (2.2.6.2) rack-protection (3.0.5) rack rack-test (2.0.2) @@ -298,19 +299,22 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.4) + rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (6.1.7) - actionpack (= 6.1.7) - activesupport (= 6.1.7) + railties (7.0.4.2) + actionpack (= 7.0.4.2) + activesupport (= 7.0.4.2) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rake (13.0.6) + rasn1 (0.12.1) + strptime (~> 0.2.5) rb-readline (0.5.5) recog (3.0.3) nokogiri - redcarpet (3.5.1) + redcarpet (3.6.0) reline (0.3.2) io-console (~> 0.5) rex-arch (0.1.14) @@ -321,12 +325,12 @@ GEM rex-core rex-struct2 rex-text - rex-core (0.1.29) + rex-core (0.1.30) rex-encoder (0.1.6) metasm rex-arch rex-text - rex-exploitation (0.1.36) + rex-exploitation (0.1.37) jsobfu metasm rex-arch @@ -344,21 +348,21 @@ GEM rex-random_identifier rex-text ruby-rc4 - rex-random_identifier (0.1.9) + rex-random_identifier (0.1.10) rex-text rex-registry (0.1.4) rex-rop_builder (0.1.4) metasm rex-core rex-text - rex-socket (0.1.45) + rex-socket (0.1.47) rex-core - rex-sslscan (0.1.8) + rex-sslscan (0.1.9) rex-core rex-socket rex-text rex-struct2 (0.1.3) - rex-text (0.2.47) + rex-text (0.2.49) rex-zip (0.1.4) rex-text rexml (3.2.5) @@ -366,7 +370,7 @@ GEM ruby-macho (3.0.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) - ruby_smb (3.2.1) + ruby_smb (3.2.4) bindata openssl-ccm openssl-cmac @@ -384,19 +388,20 @@ GEM rack (~> 2.2, >= 2.2.4) rack-protection (= 3.0.5) tilt (~> 2.0) - sqlite3 (1.6.0) + sqlite3 (1.6.1) mini_portile2 (~> 2.8.0) sshkey (2.0.0) + strptime (0.2.5) swagger-blocks (3.0.0) thin (1.8.1) daemons (~> 1.0, >= 1.0.9) eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) thor (1.2.1) - tilt (2.0.11) - timeout (0.3.1) + tilt (2.1.0) + timeout (0.3.2) ttfunk (1.7.0) - tzinfo (2.0.5) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) tzinfo-data (1.2022.7) tzinfo (>= 1.0.0) @@ -406,12 +411,12 @@ GEM unix-crypt (1.3.0) warden (1.2.9) rack (>= 2.0.9) - webrick (1.7.0) + webrick (1.8.1) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) win32api (0.1.0) - windows_error (0.1.4) + windows_error (0.1.5) winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) @@ -426,7 +431,7 @@ GEM activesupport (>= 4.2, < 8.0) xmlrpc (0.3.2) webrick - zeitwerk (2.6.6) + zeitwerk (2.6.7) PLATFORMS ruby @@ -435,4 +440,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.4.3 + 2.4.6 diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 9666b751dd2ba..10ce3bc93ca1c 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.2.35"; + version = "6.3.4"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-nojwez1Ol13K1D/bbl7t0KEUJZxtdLD2pqo08fkZf04="; + sha256 = "sha256-HlW30Y+fEAB3URY2/tnAf1RR02gduBjZcHLc7eyz5dM="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index 8dbe93bd59eba..b4f1d2cb84860 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -4,50 +4,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dygq5fxbrgynd2g7r51asyrap1d6cxravwh509kfmqpfbiq119s"; + sha256 = "02q8mjgw70szmhx3hc5pdcf0yhk5hfhhvfng24xghiqkx7dkgf21"; type = "gem"; }; - version = "6.1.7"; + version = "7.0.4.2"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1m68my4dnj7q7986jwlb7gir0f7hahdsqbiaxfvgngwksa8fhrn1"; + sha256 = "07fn4brsrz308b01rqql0n582zqva5q8ws2gnx2jdm9ab2ph1l4i"; type = "gem"; }; - version = "6.1.7"; + version = "7.0.4.2"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "183d7laxvwrw1d02qgm8rg9ljjihfiyh4vzi58xm42z3fr3bbhky"; + sha256 = "1a961ak8n53d783k5p0n4clgvlbp9vkwxk32ysfww28nl00jlr0r"; type = "gem"; }; - version = "6.1.7"; + version = "7.0.4.2"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dsxi813wyhx2d0bbyc0nla4ck6nmmi3z3765gdqf6xl3dha5r2j"; + sha256 = "159z1m6294f2v1mjzbjbfajahiks4x2mg0s01hw407a9y23q07ln"; type = "gem"; }; - version = "6.1.7"; + version = "7.0.4.2"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0k5pq2swzgddmwwr6x1phbspk1vw8cl88ci8jbi18mrirjjfippr"; + sha256 = "0dmywys50074vj5rivpx188b00qimlc4jn84xzqlialrgp3ckq5f"; type = "gem"; }; - version = "6.1.7"; + version = "7.0.4.2"; }; addressable = { groups = ["default"]; @@ -104,60 +104,60 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0gjsrdkswp0xlfcv9y45i6456dbv4xl1cka4lpfw6bwjbhnqcjc8"; + sha256 = "1dy4pxcblfl67gdw64ffjh9zxv10nnjszri861f8xa6cfqr3hqp1"; type = "gem"; }; - version = "1.693.0"; + version = "1.716.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "131acgw2hi893n0dfbczs42bkc41afhyrmd9w8zx5y8r1k5zd6rc"; + sha256 = "0zc4zhv2wq7s5p8c9iaplama1lpg2kwldg81j83c8w4xydf1wd2r"; type = "gem"; }; - version = "3.168.4"; + version = "3.170.0"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lifj9m433ri4k1xm06n06minnb1sblxxc0gzgjc1a7q5xcldqmy"; + sha256 = "1caq5zkjxn06lk9jzf3izm2b94f9zj738nr4x83zx95warj3v2qp"; type = "gem"; }; - version = "1.357.0"; + version = "1.366.0"; }; aws-sdk-iam = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1lkjrgmk56p5aymkh4y070jxzgfnc3jz95fxxkcflhy7wkkkkza0"; + sha256 = "1n6hg0sfnhm5yhfvs68fikfpkq9hydiw2081fdikpf0fwp5ny8zw"; type = "gem"; }; - version = "1.73.0"; + version = "1.75.0"; }; aws-sdk-kms = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ajp7yvnf95d60xmg618xznfwsy8h1vrkzj33r1bsf2gsfp50vzy"; + sha256 = "070s86pxrbq98iddq6shdq7g0lrzgsdqnsnc5l4kygvqimliq4dr"; type = "gem"; }; - version = "1.61.0"; + version = "1.62.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xpb8c8zw1c0grbw1rcc0ynlys1301vm9kkqy4ls3i2zqk5v6n91"; + sha256 = "1rpnlzsl52znhcki13jkwdshgwf51pn26267481f4fa842gr7xgp"; type = "gem"; }; - version = "1.117.2"; + version = "1.119.1"; }; aws-sigv4 = { groups = ["default"]; @@ -194,10 +194,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0mz9hz5clknznw8i5f3l2zb9103mlgh96djdhlvlfpf2chkr0s1z"; + sha256 = "04y4zgh4bbcb8wmkxwfqg4saky1d1f3xw8z6yk543q13h8ky8rz5"; type = "gem"; }; - version = "2.4.14"; + version = "2.4.15"; }; bson = { groups = ["default"]; @@ -224,10 +224,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0s4fpn3mqiizpmpy2a24k4v365pv75y50292r8ajrv4i1p5b2k14"; + sha256 = "0krcwb6mn0iklajwngwsg850nk8k9b35dhmc2qkbdqvmifdi2y9q"; type = "gem"; }; - version = "1.1.10"; + version = "1.2.2"; }; cookiejar = { groups = ["default"]; @@ -334,20 +334,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ppi7v8prf5856fslygvh64nwa4k2bsb9mablygb5gj0x5c7k29w"; + sha256 = "1b8772jybi0vxzbcs5zw17k40z661c8adn2rd6vqqr7ay71bzl09"; type = "gem"; }; - version = "3.1.0"; + version = "3.1.1"; }; faraday = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17lacy6n0hsayafvgxgzmngfq2x62b2arbn32bj2yyzmgxwyxhqn"; + sha256 = "1f20vjx0ywx0zdb4dfx4cpa7kd51z6vg7dw5hs35laa45dy9g9pj"; type = "gem"; }; - version = "2.7.2"; + version = "2.7.4"; }; faraday-net_http = { groups = ["default"]; @@ -584,62 +584,62 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0sqjv9sqj628zdbb9xlwsmaq9fy52gxwv8ggpvib3sfi1ckvwgn1"; + sha256 = "12qhihgrhlxcr8pss42blf9jx6sdwp85kg0790n6lf6knz9yi7yc"; type = "gem"; }; - version = "4.0.5"; + version = "5.0.1"; }; metasploit-credential = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "061zkhiq7gpp0kjk1alaz0r266makzj3ahjzq6j9qxm4z9xiis4d"; + sha256 = "1ik61iv34a0nfszrb3aq9ia63n6hv1vgjgy6kdkl8xy7i455kyss"; type = "gem"; }; - version = "6.0.1"; + version = "6.0.2"; }; metasploit-framework = { groups = ["default"]; platforms = []; source = { fetchSubmodules = false; - rev = "8bc83af1beb142de1ed3d81d2ef943443d07bff9"; - sha256 = "0kkz37wz2d5alvvb0x3dkhji98fhxmg6xnrzsk55v5sf7mxz124y"; + rev = "b37bae6ba447ad490205554e35ae2d0b54561f08"; + sha256 = "1lz5ngnfvp3jf3ciif0xd39m2m3zq3czwdhna5vh044ziz8vfm8y"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.2.35"; + version = "6.3.4"; }; metasploit-model = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17kmw9gx4mdimv5wbf3935g43ad9spdx9bshdgk5y754kw80cnqd"; + sha256 = "01i35h3wl7qly2kx20f5r1x00grmfd5vnarjvi3qjjyy380qw793"; type = "gem"; }; - version = "4.0.6"; + version = "5.0.1"; }; metasploit-payloads = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zp4njsk9ybrhjr7pb06nmnm3shmxc69ra2hxvz0bwhq4syr1xsl"; + sha256 = "0kqm9vzh562vckxcc751bc4yr4fgprlwjjmwq1sjw7zhh27bmz82"; type = "gem"; }; - version = "2.0.105"; + version = "2.0.108"; }; metasploit_data_models = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dli79r6rh77mwh6xqjzvz5kld70j93myg0gd5q0jxjhimwcrgya"; + sha256 = "07k32bv9qnxg9vcq29p0r6qcfrhwby3aydpir3z8a7h8iz17lz9i"; type = "gem"; }; - version = "5.0.6"; + version = "6.0.2"; }; metasploit_payloads-mettle = { groups = ["default"]; @@ -686,10 +686,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0d1khsry5mf63y03r6v91f4vrbn88277ksv7d69z3xmqs9sgpri9"; + sha256 = "14iacsn0l8kl5pw9giaz2p3i06dwwj0mad9m0949bl5g8g35vsb3"; type = "gem"; }; - version = "0.5.0"; + version = "0.6.0"; }; msgpack = { groups = ["default"]; @@ -807,10 +807,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1fqld4wnamj7awdr1lwdifpylqdrrg5adm8xj2jl9sc5ms3nxjjm"; + sha256 = "1djq4rp4m967mn6sxmiw75vz24gfp0w602xv22kk1x3cmi5afrf7"; type = "gem"; }; - version = "1.14.0"; + version = "1.14.2"; }; nori = { groups = ["default"]; @@ -927,10 +927,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15hj8r6wp23k187ajmp13kldk53ygm84q4caq7nlndrn8jlcsps0"; + sha256 = "1ymaq2m30yx35sninw8mjknsjw23k6458ph9k350khwwn1hh2d1k"; type = "gem"; }; - version = "6.0.2"; + version = "6.1.0"; }; racc = { groups = ["default"]; @@ -947,10 +947,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14xjykbmngjhb4p02b7yghf0gqgqjfpi6i028x9g6q6xs782ci3j"; + sha256 = "0qvp6h2abmlsl4sqjsvac03cr2mxq6143gbx4kq52rpazp021qsb"; type = "gem"; }; - version = "2.2.5"; + version = "2.2.6.2"; }; rack-protection = { groups = ["default"]; @@ -987,20 +987,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1mcb75qvldfz6zsr4inrfx7dmb0ngxy507awx28khqmnla3hqpc9"; + sha256 = "0ygav4xyq943qqyhjmi3mzirn180j565mc9h5j4css59x1sn0cmz"; type = "gem"; }; - version = "1.4.4"; + version = "1.5.0"; }; railties = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1iwziqrzk7f7r3w5pkfnbh1mqsfsywy7lvz2blqds3nval79dw2x"; + sha256 = "0056s3hh67mjqwb2gjsarx6v3ay2cb8dqiwj1zf84krlbj83l9kz"; type = "gem"; }; - version = "6.1.7"; + version = "7.0.4.2"; }; rake = { groups = ["default"]; @@ -1012,6 +1012,16 @@ }; version = "13.0.6"; }; + rasn1 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "05n3ki7jlkll0rf6zrqi41a9fc6zmw87f94ai21jgmvsswjfx15i"; + type = "gem"; + }; + version = "0.12.1"; + }; rb-readline = { groups = ["default"]; platforms = []; @@ -1037,10 +1047,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bvk8yyns5s1ls437z719y5sdv9fr8kfs8dmr6g8s761dv5n8zvi"; + sha256 = "1sg9sbf9pm91l7lac7fs4silabyn0vflxwaa2x3lrzsm0ff8ilca"; type = "gem"; }; - version = "3.5.1"; + version = "3.6.0"; }; reline = { groups = ["default"]; @@ -1077,10 +1087,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gnd998r7s8fl7ma0wavlwyxw244vr2mjgsrs53d455gxjxk4xi8"; + sha256 = "1djg6dk804l55vhnp8wm6phir9wgvb7biv4jiyi78w95cxb1vfk6"; type = "gem"; }; - version = "0.1.29"; + version = "0.1.30"; }; rex-encoder = { groups = ["default"]; @@ -1097,10 +1107,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0j2lp6kz4a67n7dk7kxlxx8kc32dfdbrz649hhqj47k15nafnyy1"; + sha256 = "15fcisxsxcs6kvg84cv4xdxpd0bhajbmdssrbbvacblvwxn0yydb"; type = "gem"; }; - version = "0.1.36"; + version = "0.1.37"; }; rex-java = { groups = ["default"]; @@ -1157,10 +1167,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cpni5hnc3r6bi2n6zx8h6vi0mv99zabw4rggyy95cbwf6smmaxp"; + sha256 = "11gdz9n44jlhq1w5swq63705gliwjc7jg7avgprgw2j4sscnypjp"; type = "gem"; }; - version = "0.1.9"; + version = "0.1.10"; }; rex-registry = { groups = ["default"]; @@ -1187,20 +1197,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1r73q8i832gzrq1hqawqlvnmw0w1g8jc28z8q7kxjaqf4dd9gprz"; + sha256 = "02s5x8i0iz5x5y45xasdqx7iz6z9yyqycqmrn41q9rlys4689jwj"; type = "gem"; }; - version = "0.1.45"; + version = "0.1.47"; }; rex-sslscan = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01lxd8zjkgzrr93dry1as7x7ir3n924fz6z1pplwm68jfcqvzw0v"; + sha256 = "0lgwadsmdwdkv9irxlvrc2x0wh1c1r1b9254blpc797ksh5qm4l1"; type = "gem"; }; - version = "0.1.8"; + version = "0.1.9"; }; rex-struct2 = { groups = ["default"]; @@ -1217,10 +1227,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06xihmiw7fqbjpxi1zh6hb8whbq45saxllvlk00mjp2l3dn0p7hb"; + sha256 = "0s25qqgjqz98240mfx9a39449v2f89yga3qm718zkdzks4f99c0x"; type = "gem"; }; - version = "0.2.47"; + version = "0.2.49"; }; rex-zip = { groups = ["default"]; @@ -1287,10 +1297,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rsxb9bi3x4kxhhsaa4araxfz0zk573v0j4xv64d3p176kii6cmm"; + sha256 = "1vzwh4r2056cyagx0kggrl82yi9ldhj5slp0rdy8fdchh6ac95rg"; type = "gem"; }; - version = "3.2.1"; + version = "3.2.4"; }; rubyntlm = { groups = ["default"]; @@ -1348,10 +1358,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0f24qp50mc1qg8yvv7b3x73mh78d6mzd3b7rqib1ixfbsdiayx1x"; + sha256 = "064g96zvvx6rb60jl06dmcc73n16m2d89n7w3hdkh79lgsjszf2l"; type = "gem"; }; - version = "1.6.0"; + version = "1.6.1"; }; sshkey = { groups = ["default"]; @@ -1363,6 +1373,16 @@ }; version = "2.0.0"; }; + strptime = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ycs0xz58kymf7yp4h56f0nid2z7g3s18dj7pa3p790pfzzpgvcq"; + type = "gem"; + }; + version = "0.2.5"; + }; swagger-blocks = { groups = ["default"]; platforms = []; @@ -1398,20 +1418,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "186nfbcsk0l4l86gvng1fw6jq6p6s7rc0caxr23b3pnbfb20y63v"; + sha256 = "1qmhi6d9przjzhsyk9g5pq2j75c656msh6xzprqd2mxgphf23jxs"; type = "gem"; }; - version = "2.0.11"; + version = "2.1.0"; }; timeout = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lnh0kr7f43m1cjzc2jvggfsl1rzsaj2rd3pn6vp7mcqliymzaza"; + sha256 = "1pfddf51n5fnj4f9ggwj3wbf23ynj0nbxlxqpz12y1gvl9g7d6r6"; type = "gem"; }; - version = "0.3.1"; + version = "0.3.2"; }; ttfunk = { groups = ["default"]; @@ -1428,10 +1448,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rx114mpqnw2k4h98vc0rs0x0bmf0img84yh8mkkjkal07cjydf5"; + sha256 = "16w2g84dzaf3z13gxyzlzbf748kylk5bdgg3n1ipvkvvqy685bwd"; type = "gem"; }; - version = "2.0.5"; + version = "2.0.6"; }; tzinfo-data = { groups = ["default"]; @@ -1488,10 +1508,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1d4cvgmxhfczxiq5fr534lmizkhigd15bsx5719r5ds7k7ivisc7"; + sha256 = "13qm7s0gr2pmfcl7dxrmq38asaza4w0i2n9my4yzs499j731wh8r"; type = "gem"; }; - version = "1.7.0"; + version = "1.8.1"; }; websocket-driver = { groups = ["default"]; @@ -1528,10 +1548,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zmm2if81ia33hp18h8yrgnpgcdyrxziyf185r0zx8qy7n8mlchl"; + sha256 = "1825v7hvcl0xss6scyfv76i0cs0kvj72wy20kn7xqylw9avjga2r"; type = "gem"; }; - version = "0.1.4"; + version = "0.1.5"; }; winrm = { groups = ["default"]; @@ -1568,9 +1588,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09pqhdi6q4sqv0p1gnjpbcy4az0yv8hrpykjngdgh9qiqd87nfdv"; + sha256 = "028ld9qmgdllxrl7d0qkl65s58wb1n3gv8yjs28g43a8b1hplxk1"; type = "gem"; }; - version = "2.6.6"; + version = "2.6.7"; }; } diff --git a/pkgs/tools/security/mfoc-hardnested/default.nix b/pkgs/tools/security/mfoc-hardnested/default.nix new file mode 100644 index 0000000000000..ee6d5a3dd30f7 --- /dev/null +++ b/pkgs/tools/security/mfoc-hardnested/default.nix @@ -0,0 +1,25 @@ +{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libnfc, xz }: + +stdenv.mkDerivation rec { + pname = "mfoc-hardnested"; + version = "unstable-2021-08-14"; + + src = fetchFromGitHub { + owner = "nfc-tools"; + repo = pname; + rev = "2c25bf05a0b13827b9d06382c5d384b2e5c88238"; + hash = "sha256-fhfevQCw0E5TorHx61Vltpmv7DAjgH73i27O7aBKxz4="; + }; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + buildInputs = [ libnfc xz ]; + + meta = with lib; { + description = "A fork of mfoc integrating hardnested code from the proxmark"; + license = licenses.gpl2; + homepage = "https://github.com/nfc-tools/mfoc-hardnested"; + maintainers = with maintainers; [ azuwis ]; + platforms = platforms.unix; + broken = (stdenv.isDarwin && stdenv.isAarch64); # Undefined symbols "_memalign" referenced + }; +} diff --git a/pkgs/tools/security/mitmproxy2swagger/default.nix b/pkgs/tools/security/mitmproxy2swagger/default.nix index 3378e0d332c7f..0253bdaeba454 100644 --- a/pkgs/tools/security/mitmproxy2swagger/default.nix +++ b/pkgs/tools/security/mitmproxy2swagger/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "mitmproxy2swagger"; - version = "0.7.2"; + version = "0.8.1"; format = "pyproject"; src = fetchFromGitHub { owner = "alufers"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-LnH0RDiRYJAGI7ZT6Idu1AqSz0yBRuBJvhIgY72Z4CA="; + hash = "sha256-F/25fVNM3ZSYqg6oeKT/PxCXBB3z5INBKMqYGAbFiQM="; }; nativeBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/naabu/default.nix b/pkgs/tools/security/naabu/default.nix index 71028d4d0b39d..041a066ed37fd 100644 --- a/pkgs/tools/security/naabu/default.nix +++ b/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.1.1"; + version = "2.1.2"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; - rev = "v${version}"; - sha256 = "sha256-XX9c5Qix79eRZkmZxDjFiiTnh66bBLhSunUrIS2FdCA="; + rev = "refs/tags/v${version}"; + hash = "sha256-o+5UOyFg1jhFmBDtkVPgJVk50fPt0uxvV6qiPrRtQZw="; }; - vendorSha256 = "sha256-w3prgkemFPLZ/OC0TPQL7kzKPcBLhYTw/IHP1vQlC2s="; + vendorHash = "sha256-Y7eQeoTt0TM4ZKWKVbltYY+k9Vq0TroVywQduwvlLQg="; buildInputs = [ libpcap @@ -36,6 +36,7 @@ buildGoModule rec { all ports that return a reply. ''; homepage = "https://github.com/projectdiscovery/naabu"; + changelog = "https://github.com/projectdiscovery/naabu/releases/tag/v${version}"; license = licenses.asl20; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix index 579f793297932..9e534298198c4 100644 --- a/pkgs/tools/security/nuclei/default.nix +++ b/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "2.8.8"; + version = "2.8.9"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - hash = "sha256-limgyp13eh2FuD1MzqQn+NQ30fOJsvr8UT4kZrxnIPM="; + hash = "sha256-YjcvxDCIXHyc/7+lpg29wDrpe8WmQPWbhXvpIpWO17k="; }; - vendorHash = "sha256-nmZpYShVNAqBO8adxCSt9t3ocB3elWna06pIBG6dQNY="; + vendorHash = "sha256-DE2S70Jfd6Vgx7BXGbhSWTbRIbp8cbiuf8bolHCYMxg="; modRoot = "./v2"; subPackages = [ diff --git a/pkgs/tools/security/octosuite/default.nix b/pkgs/tools/security/octosuite/default.nix new file mode 100644 index 0000000000000..88b29dce721c4 --- /dev/null +++ b/pkgs/tools/security/octosuite/default.nix @@ -0,0 +1,44 @@ +{ lib +, python3 +, fetchFromGitHub +}: + +python3.pkgs.buildPythonApplication rec { + pname = "octosuite"; + version = "3.1.0"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "bellingcat"; + repo = "octosuite"; + rev = "refs/tags/${version}"; + hash = "sha256-C73txVtyWTcIrJSApBy4uIKDcuUq0HZrGM6dqDVLkKY="; + }; + + postPatch = '' + # pyreadline3 is Windows-only + substituteInPlace setup.py \ + --replace ', "pyreadline3"' "" + ''; + + propagatedBuildInputs = with python3.pkgs; [ + psutil + requests + rich + ]; + + pythonImportsCheck = [ + "octosuite" + ]; + + # Project has no tests + doCheck = false; + + meta = with lib; { + description = "Advanced Github OSINT framework"; + homepage = "https://github.com/bellingcat/octosuite"; + changelog = "https://github.com/bellingcat/octosuite/releases/tag/${version}"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/opencryptoki/default.nix b/pkgs/tools/security/opencryptoki/default.nix index 140f032a5fde8..dcb1c0bb0cbe8 100644 --- a/pkgs/tools/security/opencryptoki/default.nix +++ b/pkgs/tools/security/opencryptoki/default.nix @@ -1,18 +1,36 @@ -{ lib, stdenv, fetchFromGitHub, openssl, trousers, autoreconfHook, libtool, bison, flex }: +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, bison +, flex +, openldap +, openssl +, trousers +}: stdenv.mkDerivation rec { pname = "opencryptoki"; - version = "3.8.2"; + version = "3.19.0"; src = fetchFromGitHub { owner = "opencryptoki"; repo = "opencryptoki"; rev = "v${version}"; - sha256 = "1rf7cmibmx636vzv7p54g212478a8wim2lfjf2861hfd0m96nv4l"; + hash = "sha256-ym13I34H3d1JuVBnItkceUbqpjYFhD+mPgWYHPetF7Y="; }; - nativeBuildInputs = [ autoreconfHook libtool bison flex ]; - buildInputs = [ openssl trousers ]; + nativeBuildInputs = [ + autoreconfHook + bison + flex + ]; + + buildInputs = [ + openldap + openssl + trousers + ]; postPatch = '' substituteInPlace configure.ac \ @@ -20,18 +38,22 @@ stdenv.mkDerivation rec { --replace "groupadd" "true" \ --replace "chmod" "true" \ --replace "chgrp" "true" - substituteInPlace usr/lib/Makefile.am --replace "DESTDIR" "out" ''; configureFlags = [ - "--prefix=$(out)" + "--prefix=" "--disable-ccatok" "--disable-icatok" ]; enableParallelBuilding = true; + installFlags = [ + "DESTDIR=${placeholder "out"}" + ]; + meta = with lib; { + changelog = "https://github.com/opencryptoki/opencryptoki/blob/${src.rev}/ChangeLog"; description = "PKCS#11 implementation for Linux"; homepage = "https://github.com/opencryptoki/opencryptoki"; license = licenses.cpl10; diff --git a/pkgs/tools/security/openpgp-card-tools/default.nix b/pkgs/tools/security/openpgp-card-tools/default.nix index c3c512081c620..3b0b5ee14d1c2 100644 --- a/pkgs/tools/security/openpgp-card-tools/default.nix +++ b/pkgs/tools/security/openpgp-card-tools/default.nix @@ -12,14 +12,14 @@ rustPlatform.buildRustPackage rec { pname = "openpgp-card-tools"; - version = "0.9.0"; + version = "0.9.1"; src = fetchCrate { inherit pname version; - sha256 = "sha256-Mvnj8AEhREP+nGrioC9IHYX3k6sKGKzOh00V8nslyhw="; + sha256 = "sha256-Wgj6YZSQj8+BcyPboUTadUOg6Gq6VxV4GRW8TWbnRfc="; }; - cargoHash = "sha256-0KRq8GsrQaLJ6fopZpdzgxIWHIse9QWDo24IQj1eAhc="; + cargoHash = "sha256-u6xzKDCtv5FzaYgn5wab6ZPICJ/DaqUxiRS80xaEa1A="; nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ]; buildInputs = [ pcsclite nettle ] ++ lib.optionals stdenv.isDarwin [ PCSC ]; diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 54cf67ecb9d6c..51e9434f82e8f 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { ++ lib.optional stdenv.isDarwin Carbon ++ (if withApplePCSC then [ PCSC ] else [ pcsclite ]); - NIX_CFLAGS_COMPILE = "-Wno-error"; + env.NIX_CFLAGS_COMPILE = "-Wno-error"; configureFlags = [ "--enable-zlib" diff --git a/pkgs/tools/security/ossec/default.nix b/pkgs/tools/security/ossec/default.nix index 3c43c51c103ab..1aa606f592742 100644 --- a/pkgs/tools/security/ossec/default.nix +++ b/pkgs/tools/security/ossec/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { # gcc-10. Otherwise build fails as: # ld: src/common/mgmt/pint-worker-external.po:(.data.rel.local+0x0): multiple definition of # `PINT_worker_external_impl'; src/common/mgmt/pint-mgmt.po:(.bss+0x20): first defined here - NIX_CFLAGS_COMPILE = "-fcommon"; + env.NIX_CFLAGS_COMPILE = "-fcommon"; buildPhase = '' echo "en diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix index 3057f6fa896a3..588370bd3a4b2 100644 --- a/pkgs/tools/security/osv-scanner/default.nix +++ b/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-wU42911t4L2tsVBdmNnc1ABu3zEv94SRi9Z0/8zfUJs="; + hash = "sha256-5078mJbqiWu+Q0oOWaCJ8YUlSTRDLjmztAhtVyFlvN8="; }; - vendorHash = "sha256-8z/oRR2ru4SNdxgqelAQGmAPvOEvh9jlLl17k7Cv20g="; + vendorHash = "sha256-LxwP1eK88H/XsGsu8YA3ksZnYJcOr7OzqWmZDRHO5kU="; ldflags = [ "-s" diff --git a/pkgs/tools/security/pcsc-cyberjack/default.nix b/pkgs/tools/security/pcsc-cyberjack/default.nix index 40736cdc86bad..b420263c209b2 100644 --- a/pkgs/tools/security/pcsc-cyberjack/default.nix +++ b/pkgs/tools/security/pcsc-cyberjack/default.nix @@ -23,7 +23,7 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; - NIX_CFLAGS_COMPILE = "-Wno-error=narrowing"; + env.NIX_CFLAGS_COMPILE = "-Wno-error=narrowing"; configureFlags = [ "--with-usbdropdir=${placeholder "out"}/pcsc/drivers" diff --git a/pkgs/tools/security/pcsctools/default.nix b/pkgs/tools/security/pcsctools/default.nix index d5fe8c4faa44c..ec2a5f3fb3058 100644 --- a/pkgs/tools/security/pcsctools/default.nix +++ b/pkgs/tools/security/pcsctools/default.nix @@ -1,6 +1,7 @@ { stdenv , lib -, fetchurl +, fetchFromGitHub +, autoreconfHook , makeWrapper , pkg-config , systemd @@ -13,11 +14,13 @@ stdenv.mkDerivation rec { pname = "pcsc-tools"; - version = "1.6.0"; + version = "1.6.2"; - src = fetchurl { - url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${pname}-${version}.tar.bz2"; - sha256 = "sha256-ZRyN10vLM9tMFpNc5dgN0apusgup1cS5YxoJgybvi58="; + src = fetchFromGitHub { + owner = "LudovicRousseau"; + repo = pname; + rev = version; + sha256 = "sha256-c7md8m1llvz0EQqA0qY4aGb3guGFoj+8uS4hUTzie5o="; }; postPatch = '' @@ -29,7 +32,7 @@ stdenv.mkDerivation rec { buildInputs = [ dbus perlPackages.perl pcsclite ] ++ lib.optional stdenv.isLinux systemd; - nativeBuildInputs = [ makeWrapper pkg-config ]; + nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ]; postInstall = '' wrapProgram $out/bin/scriptor \ @@ -46,7 +49,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Tools used to test a PC/SC driver, card or reader"; - homepage = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/"; + homepage = "https://pcsc-tools.apdu.fr/"; license = licenses.gpl2Plus; maintainers = with maintainers; [ peterhoeg ]; platforms = platforms.linux; diff --git a/pkgs/tools/security/pomerium-cli/default.nix b/pkgs/tools/security/pomerium-cli/default.nix index f04ac1b1a4014..6eb35099db2a9 100644 --- a/pkgs/tools/security/pomerium-cli/default.nix +++ b/pkgs/tools/security/pomerium-cli/default.nix @@ -8,16 +8,16 @@ let in buildGoModule rec { pname = "pomerium-cli"; - version = "0.20.0"; + version = "0.21.0"; src = fetchFromGitHub { owner = "pomerium"; repo = "cli"; rev = "v${version}"; - sha256 = "sha256-lWrEWi9wT//9sTEJqo4BnjjzeYnmb2KFbVetXfsYk04="; + sha256 = "sha256-0JMMa85gMTZA0JtxpONVMakbsapAoCXdiL3+Whv5Pp0="; }; - vendorSha256 = "sha256-uME7g7zhA1ir1drmHB1FjLPJ1Km9XcvHHNIsIdOvYfo="; + vendorHash = "sha256-eATNBUQNspDdksF06VHIzwzEJfaFBlJt9OtONxH49s4="; subPackages = [ "cmd/pomerium-cli" diff --git a/pkgs/tools/security/posteid-seed-extractor/default.nix b/pkgs/tools/security/posteid-seed-extractor/default.nix new file mode 100644 index 0000000000000..176b210b37794 --- /dev/null +++ b/pkgs/tools/security/posteid-seed-extractor/default.nix @@ -0,0 +1,47 @@ +{ lib +, python3Packages +, fetchFromGitHub +}: + +python3Packages.buildPythonApplication { + pname = "posteid-seed-extractor"; + version = "unstable-2022-02-23"; + + src = fetchFromGitHub { + owner = "simone36050"; + repo = "PosteID-seed-extractor"; + rev = "667e2997a98aa3273a6bf6b4b34ca77715120e7f"; + hash = "sha256-smNwp67HYbZuMrl0uf2X2yox2JqeEV6WzIBp4dALwgw="; + }; + + format = "other"; + + pythonPath = with python3Packages; [ + certifi + cffi + charset-normalizer + cryptography + idna + jwcrypto + pycparser + pycryptodome + pyotp + qrcode + requests + urllib3 + wrapt + ]; + + installPhase = '' + runHook preInstall + install -Dm755 extractor.py $out/bin/posteid-seed-extractor + runHook postInstall + ''; + + meta = with lib; { + homepage = "https://github.com/simone36050/PosteID-seed-extractor"; + description = "Extract OTP seed instead of using PosteID app"; + license = licenses.mit; + maintainers = with maintainers; [ aciceri ]; + }; +} diff --git a/pkgs/tools/security/proxmark3/proxmark3-rrg.nix b/pkgs/tools/security/proxmark3/proxmark3-rrg.nix index a366dbf8224d8..6b021e9702772 100644 --- a/pkgs/tools/security/proxmark3/proxmark3-rrg.nix +++ b/pkgs/tools/security/proxmark3/proxmark3-rrg.nix @@ -7,13 +7,13 @@ mkDerivation rec { pname = "proxmark3-rrg"; - version = "4.15864"; + version = "4.16191"; src = fetchFromGitHub { owner = "RfidResearchGroup"; repo = "proxmark3"; rev = "v${version}"; - sha256 = "sha256-vFebyXKC/vf8W8fGkTpSGTA0ZmfwnXSuuiOjV/u9240="; + sha256 = "sha256-l0aDp0s9ekUUHqkzGfVoSIf/4/GN2uiVGL/+QtKRCOs="; }; nativeBuildInputs = [ pkg-config gcc-arm-embedded ]; diff --git a/pkgs/tools/security/quark-engine/default.nix b/pkgs/tools/security/quark-engine/default.nix index 42b0864225d2a..12e226c1ede0e 100644 --- a/pkgs/tools/security/quark-engine/default.nix +++ b/pkgs/tools/security/quark-engine/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "quark-engine"; - version = "22.12.1"; + version = "23.2.1"; format = "setuptools"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-PdLnR01BDfb3+WsOvOZTsDHWXRNK0pLTxCXOuWik0L0="; + sha256 = "sha256-9WrOyBOoSif1P67Z19HW56RvsojoubeT58P0rM18XSk="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -30,11 +30,6 @@ python3.pkgs.buildPythonApplication rec { tqdm ]; - postPatch = '' - substituteInPlace setup.py \ - --replace "prompt-toolkit==3.0.19" "prompt-toolkit>=3.0.19" - ''; - # Project has no tests doCheck = false; diff --git a/pkgs/tools/security/rbw/default.nix b/pkgs/tools/security/rbw/default.nix index a5eb83f1e0b5c..04b3f1aecbd06 100644 --- a/pkgs/tools/security/rbw/default.nix +++ b/pkgs/tools/security/rbw/default.nix @@ -26,61 +26,47 @@ rustPlatform.buildRustPackage rec { pname = "rbw"; - version = "1.4.3"; + version = "1.5.0"; src = fetchCrate { inherit version; crateName = pname; - sha256 = "sha256-teeGKQNf+nuUcF9BcdiTV/ycENTbcGvPZZ34FdOO31k="; + sha256 = "sha256-3kSBE2D+kC9CTbWlCKPro9fLu2tnd6LFTV4EshHMm3Y="; }; - cargoSha256 = "sha256-Soquc3OuGlDsGSwNCvYOWQeraYpkzX1oJwmM03Rc3Jg="; + cargoSha256 = "sha256-DL3qaUZxWnzsJOxi8+GtXBbZC7vfsridJWqhOTdcsgM="; nativeBuildInputs = [ - pkg-config - makeWrapper installShellFiles - ]; + ] ++ lib.optionals stdenv.isLinux [ pkg-config ]; - buildInputs = lib.optionals stdenv.isDarwin [ Security libiconv ]; + buildInputs = lib.optionals stdenv.isDarwin [ Security ]; - postPatch = '' - patchShebangs bin/git-credential-rbw - substituteInPlace bin/git-credential-rbw \ - --replace rbw $out/bin/rbw - '' + lib.optionalString withFzf '' - patchShebangs bin/rbw-fzf - substituteInPlace bin/rbw-fzf \ - --replace fzf ${fzf}/bin/fzf \ - --replace perl ${perl}/bin/perl - '' + lib.optionalString withRofi '' - patchShebangs bin/rbw-rofi - substituteInPlace bin/rbw-rofi \ - --replace rofi ${rofi}/bin/rofi \ - --replace xclip ${xclip}/bin/xclip - '' + lib.optionalString withRofi '' - patchShebangs bin/pass-import - substituteInPlace bin/pass-import \ - --replace pass ${pass}/bin/pass - ''; - - preConfigure = '' + preConfigure = lib.optionalString stdenv.isLinux '' export OPENSSL_INCLUDE_DIR="${openssl.dev}/include" export OPENSSL_LIB_DIR="${lib.getLib openssl}/lib" ''; postInstall = '' - for shell in bash zsh fish; do - $out/bin/rbw gen-completions $shell > rbw.$shell - installShellCompletion rbw.$shell - done - cp bin/git-credential-rbw $out/bin + install -Dm755 -t $out/bin bin/git-credential-rbw + installShellCompletion --cmd rbw \ + --bash <($out/bin/rbw gen-completions bash) \ + --fish <($out/bin/rbw gen-completions fish) \ + --zsh <($out/bin/rbw gen-completions zsh) '' + lib.optionalString withFzf '' - cp bin/rbw-fzf $out/bin + install -Dm755 -t $out/bin bin/rbw-fzf + substituteInPlace $out/bin/rbw-fzf \ + --replace fzf ${fzf}/bin/fzf \ + --replace perl ${perl}/bin/perl '' + lib.optionalString withRofi '' - cp bin/rbw-rofi $out/bin + install -Dm755 -t $out/bin bin/rbw-rofi + substituteInPlace $out/bin/rbw-rofi \ + --replace rofi ${rofi}/bin/rofi \ + --replace xclip ${xclip}/bin/xclip '' + lib.optionalString withPass '' - cp bin/pass-import $out/bin + install -Dm755 -t $out/bin bin/pass-import + substituteInPlace $out/bin/pass-import \ + --replace pass ${pass}/bin/pass ''; meta = with lib; { diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index d4fb4676e4aec..ec7a387af244a 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -12,7 +12,7 @@ # https://www.nist.gov/programs-projects/nist-randomness-beacon , curl, jansson, libxml2, withNistBeacon ? false , libp11, opensc, withPkcs11 ? true -, librtlsdr, withRtlsdr ? true +, rtl-sdr, withRtlsdr ? true }: stdenv.mkDerivation rec { @@ -40,7 +40,7 @@ stdenv.mkDerivation rec { ++ lib.optionals withJitterEntropy [ jitterentropy ] ++ lib.optionals withNistBeacon [ curl jansson libxml2 ] ++ lib.optionals withPkcs11 [ libp11 libp11.passthru.openssl ] - ++ lib.optionals withRtlsdr [ librtlsdr ]; + ++ lib.optionals withRtlsdr [ rtl-sdr ]; enableParallelBuilding = true; diff --git a/pkgs/tools/security/saml2aws/default.nix b/pkgs/tools/security/saml2aws/default.nix index d4b6cacc64db3..afd41660390d6 100644 --- a/pkgs/tools/security/saml2aws/default.nix +++ b/pkgs/tools/security/saml2aws/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "saml2aws"; - version = "2.36.2"; + version = "2.36.3"; src = fetchFromGitHub { owner = "Versent"; repo = "saml2aws"; rev = "v${version}"; - sha256 = "sha256-87s9lcI3URQOfl1zStSVOwmRonC740pZKAqZhDDdMaE="; + sha256 = "sha256-xNOID8/xdC4vkq8TAocvBVu2jVMDwioFBqlmFcMmMII="; }; - vendorSha256 = "sha256-cxfanKv25U8U6FQ1YfOXghAR8GYQB9PN0TkfLzG4UbI="; + vendorHash = "sha256-APwtLd8+Imy4cBSlm4sHPdA/DQCN4pDFSM/R5ib3k4E="; buildInputs = lib.optionals stdenv.isDarwin [ AppKit ]; diff --git a/pkgs/tools/security/scorecard/default.nix b/pkgs/tools/security/scorecard/default.nix index befc07e2e18d0..d3295de5bad8f 100644 --- a/pkgs/tools/security/scorecard/default.nix +++ b/pkgs/tools/security/scorecard/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "scorecard"; - version = "4.8.0"; + version = "4.10.2"; src = fetchFromGitHub { owner = "ossf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-LGxSiubZECNwoFkkJOySI4LOmwk7DXVtY74XBCsr+uk="; + sha256 = "sha256-GQs+wBq47sn3h8I87p+HErBmLMs8Dzh9xj3xMYDsXm4="; # populate values otherwise taken care of by goreleaser, # unfortunately these require us to use git. By doing # this in postFetch we can delete .git afterwards and @@ -22,7 +22,7 @@ buildGoModule rec { find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-j8/sVdqxLmrvQwHn+uj8+q+ne98xcIeQKS1VQJcrkh0="; + vendorSha256 = "sha256-W213KQu4FuJcT/cJOvS+WMw1fXBcSoZ4yssI06JAIc8="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/security/secp256k1/default.nix b/pkgs/tools/security/secp256k1/default.nix index bae83462872b7..fa07080d2dfa6 100644 --- a/pkgs/tools/security/secp256k1/default.nix +++ b/pkgs/tools/security/secp256k1/default.nix @@ -4,34 +4,27 @@ , autoreconfHook }: -stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "secp256k1"; - version = "unstable-2022-02-06"; + version = "0.2.0"; src = fetchFromGitHub { owner = "bitcoin-core"; repo = "secp256k1"; - rev = "5dcc6f8dbdb1850570919fc9942d22f728dbc0af"; - sha256 = "x9qG2S6tBSRseWaFIN9N2fRpY1vkv8idT3d3rfJnmaU="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-wYJIMCoo6ryeQN4ZnvEkJ5/332+AkaOwgplDuQQC5MU="; }; nativeBuildInputs = [ autoreconfHook ]; configureFlags = [ "--enable-benchmark=no" - "--enable-exhaustive-tests=no" - "--enable-experimental" - "--enable-module-ecdh" "--enable-module-recovery" - "--enable-module-schnorrsig" - "--enable-tests=yes" ]; doCheck = true; - checkPhase = "./tests"; - meta = with lib; { description = "Optimized C library for EC operations on curve secp256k1"; longDescription = '' diff --git a/pkgs/tools/security/sequoia-chameleon-gnupg/default.nix b/pkgs/tools/security/sequoia-chameleon-gnupg/default.nix index c83c7fb4cfe3a..345e36756f666 100644 --- a/pkgs/tools/security/sequoia-chameleon-gnupg/default.nix +++ b/pkgs/tools/security/sequoia-chameleon-gnupg/default.nix @@ -1,25 +1,37 @@ { lib +, stdenv , rustPlatform , fetchFromGitLab , pkg-config , nettle +, openssl +, darwin }: rustPlatform.buildRustPackage rec { pname = "sequoia-chameleon-gnupg"; - version = "0.1.1"; + version = "0.2.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = pname; rev = "v${version}"; - hash = "sha256-liQNz833/3hi3eMi+/iEZ8fT9FFi+MrDIYbQD+dQ/p0="; + hash = "sha256-8aKT39gq6o7dnbhKbDxewd4R2e2IsbYU8vaDwYemes8="; }; - cargoHash = "sha256-bnScLSI94obYQH5YzoHY4DtGScKc4m24+SIg1d2kAKw="; + cargoHash = "sha256-Z6cXCHLrK+BcIeVCKH2l8n9SivZsZPhXGhaMObn6rjo="; - nativeBuildInputs = [ rustPlatform.bindgenHook pkg-config ]; - buildInputs = [ nettle ]; + nativeBuildInputs = [ + rustPlatform.bindgenHook + pkg-config + ]; + + buildInputs = [ + nettle + openssl + ] ++ lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.Security + ]; # gpgconf: error creating socket directory doCheck = false; diff --git a/pkgs/tools/security/shellclear/default.nix b/pkgs/tools/security/shellclear/default.nix new file mode 100644 index 0000000000000..32be52bae267d --- /dev/null +++ b/pkgs/tools/security/shellclear/default.nix @@ -0,0 +1,26 @@ +{ lib +, rustPlatform +, fetchFromGitHub +}: + +rustPlatform.buildRustPackage rec { + pname = "shellclear"; + version = "0.4.8"; + + src = fetchFromGitHub { + owner = "rusty-ferris-club"; + repo = "shellclear"; + rev = "refs/tags/v${version}"; + hash = "sha256-/0pqegVxrqqxaQ2JiUfkkFK9hp+Vuq7eTap052HEcJs="; + }; + + cargoHash = "sha256-vPd1cFfoSkOnXH3zKQUB0zWDzEtao50AUrUzhpZIkgI="; + + meta = with lib; { + description = "Secure shell history commands by finding sensitive data"; + homepage = "https://github.com/rusty-ferris-club/shellclear"; + changelog = "https://github.com/rusty-ferris-club/shellclear/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/sn0int/default.nix b/pkgs/tools/security/sn0int/default.nix index 15c0d662ce2cb..96f0e44716c5a 100644 --- a/pkgs/tools/security/sn0int/default.nix +++ b/pkgs/tools/security/sn0int/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "sn0int"; - version = "0.24.3"; + version = "0.25.0"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-KREYWM5WOdPzLbOlrATiCCfFwE951KEo03yWNfyG8Bw="; + rev = "refs/tags/v${version}"; + hash = "sha256-+LplLeczLS+9EG0tZsiEs162/65zMCZfDDEq0iYQrGY="; }; - cargoSha256 = "sha256-Ul53/hDUFRb4xmILoMXXk2t465Vv+MQP4iLNn1twwnc="; + cargoHash = "sha256-FpoRO2g+R+Fo146kM0W8b1LHTEBHbGXURoX5jJk7lqY="; nativeBuildInputs = [ pkg-config @@ -37,8 +37,9 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "Semi-automatic OSINT framework and package manager"; homepage = "https://github.com/kpcyrd/sn0int"; + changelog = "https://github.com/kpcyrd/sn0int/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; - maintainers = with maintainers; [ xrelkd ]; + maintainers = with maintainers; [ fab xrelkd ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/spire/default.nix b/pkgs/tools/security/spire/default.nix index 7c7562d1adb63..f3cb9e85dcecb 100644 --- a/pkgs/tools/security/spire/default.nix +++ b/pkgs/tools/security/spire/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "spire"; - version = "1.5.4"; + version = "1.5.5"; outputs = [ "out" "agent" "server" ]; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "spiffe"; repo = pname; rev = "v${version}"; - sha256 = "sha256-DHN1JL4CYnme3hPbkNPXWXsgFpJ9BIRnGPl/csr43iY="; + sha256 = "sha256-nx4a5VH5UIvvBwwzB77XdBv/2ofoOY7iVgXFYyGclnI="; }; - vendorHash = "sha256-5MveK7wZ4KpUEZ4lhm95/8bOi5NtYR4n0fSfZhC+GPo="; + vendorHash = "sha256-RRC1eOSJBbaGMoc81OMu4OGDL950L7u1mheQLSpUXJk="; subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; diff --git a/pkgs/tools/security/srm/default.nix b/pkgs/tools/security/srm/default.nix index 8e4b3e697312b..ba776b8af3e3f 100644 --- a/pkgs/tools/security/srm/default.nix +++ b/pkgs/tools/security/srm/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { provide drop in security for users who wish to prevent recovery of deleted information, even if the machine is compromised. ''; - homepage = "http://srm.sourceforge.net"; + homepage = "https://srm.sourceforge.net"; license = licenses.mit; maintainers = with maintainers; [ edwtjo ]; platforms = platforms.unix; diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index 8a6cc97ff15d6..6ba21884325e5 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -12,16 +12,16 @@ buildGoModule rec { pname = "step-ca"; - version = "0.23.1"; + version = "0.23.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "sha256-zIF7R0zIoqQx0epTJAVdesT6IOoNek7Blt7W3Ulng4A="; + sha256 = "sha256-BDJEvA6kDBxE43+l2GGaGJxv1BETZGJ9poAqXg/NfOY="; }; - vendorHash = "sha256-JX5jUIMwd+eCYRytaf+EXV/xHh6CCS2Ia0K+UQZxG7E="; + vendorHash = "sha256-2uBrd1AJyKPJBgMp2ANng9dSjye3iTNaUg+tuLsKEts="; ldflags = [ "-buildid=" ]; diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix index fdf9f2f047d14..06047a1925c66 100644 --- a/pkgs/tools/security/step-cli/default.nix +++ b/pkgs/tools/security/step-cli/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "step-cli"; - version = "0.23.1"; + version = "0.23.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "cli"; rev = "refs/tags/v${version}"; - hash = "sha256-fSVRDmgDbByAWVzvidrtqCQE+LzS1WpzOAt12ZiNBT4="; + hash = "sha256-d21TQRPRDEDYj7Fqf7R7mHj2tLPd/EXNkeL56KyLgIg="; }; ldflags = [ @@ -25,7 +25,7 @@ buildGoModule rec { rm command/certificate/remote_test.go ''; - vendorHash = "sha256-oW1C0EEaNsT4ne1g4kyb+A8sbXgzCAJlhJHUmdH2r/0="; + vendorHash = "sha256-Oh8tldLuM3j17OUX1TkgyOL9Ae/x1H8FrB2lNbtZ8pI="; meta = with lib; { description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index d3885acee0181..0acc6e6a971e3 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "sudo"; - version = "1.9.12p2"; + version = "1.9.13"; src = fetchurl { url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - hash = "sha256-uaCxrg8d3Zvn8+r+cL4F7oH1cvb1NmMsRM1BAbsqhTk="; + hash = "sha256-P1VFW0btsKEp2SXcw5ly8S98f7eNDMq2AX7hbIF35DY="; }; prePatch = '' diff --git a/pkgs/tools/security/super/default.nix b/pkgs/tools/security/super/default.nix index 1c2e9cbd4ab4e..8000ae9afc8c2 100644 --- a/pkgs/tools/security/super/default.nix +++ b/pkgs/tools/security/super/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { # gcc-10. Otherwise build fails as: # ld: pam.o:/build/super-3.30.0/super.h:293: multiple definition of # `Method'; super.o:/build/super-3.30.0/super.h:293: first defined here - NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -fcommon"; + env.NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -fcommon"; configureFlags = [ "--sysconfdir=/etc" diff --git a/pkgs/tools/security/teler/default.nix b/pkgs/tools/security/teler/default.nix index 1a66d7aea0dd7..989743fda8947 100644 --- a/pkgs/tools/security/teler/default.nix +++ b/pkgs/tools/security/teler/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "teler"; - version = "2.0.0-dev.2"; + version = "2.0.0-dev.3"; src = fetchFromGitHub { owner = "kitabisa"; repo = "teler"; rev = "v${version}"; - hash = "sha256-GlpQBmJ7HSKPFieM7E5NOnqGlUjQv9Ywe6XF5QIi+c4="; + hash = "sha256-2QrHxToHxHTjSl76q9A8fXCkOZkCwh1fu1h+HDUGsGA="; }; - vendorHash = "sha256-g2YBMyLDGQZKxDBcZ1mca16jxODnJzcmMfFivBn6SdE="; + vendorHash = "sha256-gV/PJFcANeYTYUJG3PYNsApYaeBLx76+vVBvcuKDYO4="; ldflags = [ "-s" diff --git a/pkgs/tools/security/terrascan/default.nix b/pkgs/tools/security/terrascan/default.nix index bc694986c8d11..fcd1487dfb5dd 100644 --- a/pkgs/tools/security/terrascan/default.nix +++ b/pkgs/tools/security/terrascan/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "terrascan"; - version = "1.17.1"; + version = "1.18.0"; src = fetchFromGitHub { owner = "accurics"; repo = pname; - rev = "v${version}"; - hash = "sha256-XcMDdnqx64UcEzD44z34sm5TmshPOTb5tivBnGXQLjo="; + rev = "refs/tags/v${version}"; + hash = "sha256-EzdyJzUPoWcLux6RiEZL3DiB65T+pgY70bpD1fX1JN4="; }; - vendorHash = "sha256-HjWUV5gfh2WnUAayZIj6LGFs0rMv2n7v6zJJrzBHBwg="; + vendorHash = "sha256-yTndvnlCmXsQSpImcwuwSXB0WuF2naGJEHfU1iAJApM="; # Tests want to download a vulnerable Terraform project doCheck = false; diff --git a/pkgs/tools/security/tlsx/default.nix b/pkgs/tools/security/tlsx/default.nix index 084d8638c9a16..620d38f377098 100644 --- a/pkgs/tools/security/tlsx/default.nix +++ b/pkgs/tools/security/tlsx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "tlsx"; - version = "1.0.4"; + version = "1.0.5"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - hash = "sha256-5roEaWdvjMYoQJqfMxRKryb9frDnpoJOYTG5g2MSIy0="; + hash = "sha256-9Cs5lkt7lAgCl/q2Xc8W5A8/frKER/d3mS1KH9jAy68="; }; - vendorHash = "sha256-g7v7n8xwYOuE4ojOEjgNmbyytPuwbxQx1R6fXHpVrYU="; + vendorHash = "sha256-eQnrSE45UGRbJ7zO6TdBh6UKooUEnhVxg4cdgoFu5eM="; # Tests require network access doCheck = false; diff --git a/pkgs/tools/security/tpm2-abrmd/default.nix b/pkgs/tools/security/tpm2-abrmd/default.nix index cd3504b45f4cc..d9dd354aac82c 100644 --- a/pkgs/tools/security/tpm2-abrmd/default.nix +++ b/pkgs/tools/security/tpm2-abrmd/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "tpm2-abrmd"; - version = "2.4.1"; + version = "3.0.0"; src = fetchFromGitHub { owner = "tpm2-software"; repo = pname; rev = version; - sha256 = "0lsng4sb9ikfpp0scvl9wmh0zpjdmdf5bqbjnpfyh4gk25qxn9mw"; + sha256 = "sha256-l0ncCMsStaeFACRU3Bt6F1zyiOTGY6wOHewA4AD58Ww="; }; nativeBuildInputs = [ pkg-config makeWrapper autoreconfHook autoconf-archive which ]; diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix index a7147911a865f..a2687103e382a 100644 --- a/pkgs/tools/security/tpm2-tools/default.nix +++ b/pkgs/tools/security/tpm2-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "5.4"; + version = "5.5"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-9jVx0j7dltAkoiRTJry5o2+sLPia71psBaOwhS0pLJk="; + sha256 = "sha256-H9tJxzBTe/2u0IiISIGmHjv9Eh6VfsC9zu7AJhI2wSM="; }; nativeBuildInputs = [ pandoc pkg-config makeWrapper ]; diff --git a/pkgs/tools/security/tracee/default.nix b/pkgs/tools/security/tracee/default.nix index bb4b558fc6855..89a8ba6bcc2f4 100644 --- a/pkgs/tools/security/tracee/default.nix +++ b/pkgs/tools/security/tracee/default.nix @@ -19,15 +19,15 @@ let in buildGoModule rec { pname = "tracee"; - version = "0.9.2"; + version = "0.11.0"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; - sha256 = "sha256-w/x7KhopkADKvpDc5TE5Kf34pRY6HP3kX1Lqujnl0b8="; + sha256 = "sha256-fAbii/DEXx9WJpolc7amqF9TQj4oE5x0TCiNOtVasGo="; }; - vendorSha256 = "sha256-5RXNRNoMydFcemNGgyfqcUPtfMVgMYdiyWo/sZi8GQw="; + vendorSha256 = "sha256-eenhIsiJhPLgwJo2spIGURPkcsec3kO4L5UJ0FWniQc="; patches = [ ./use-our-libbpf.patch @@ -64,11 +64,10 @@ buildGoModule rec { mkdir -p $out/{bin,share/tracee} - cp ./dist/tracee-ebpf $out/bin - cp ./dist/tracee-rules $out/bin + mv ./dist/tracee-{ebpf,rules} $out/bin/ - cp -r ./dist/rules $out/share/tracee/ - cp -r ./cmd/tracee-rules/templates $out/share/tracee/ + mv ./dist/rules $out/share/tracee/ + mv ./cmd/tracee-rules/templates $out/share/tracee/ runHook postInstall ''; @@ -105,7 +104,12 @@ buildGoModule rec { is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a pre-defined set of behavioral patterns. ''; - license = licenses.asl20; + license = with licenses; [ + # general license + asl20 + # pkg/ebpf/c/* + gpl2Plus + ]; maintainers = with maintainers; [ jk ]; platforms = [ "x86_64-linux" ]; }; diff --git a/pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch b/pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch deleted file mode 100644 index 88a3e49725079..0000000000000 --- a/pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go -index afbc5330..13745c70 100644 ---- a/tests/integration/integration_test.go -+++ b/tests/integration/integration_test.go -@@ -246,8 +246,8 @@ func Test_EventFilters(t *testing.T) { - eventFunc: checkExecve, - }, - { -- name: "trace only execve events that starts with /usr/bin", -- filterArgs: []string{"event=execve", "execve.pathname=/usr/bin*"}, -+ name: "trace only execve events that starts with /run", -+ filterArgs: []string{"event=execve", "execve.pathname=/run*"}, - eventFunc: checkExecve, - }, - { diff --git a/pkgs/tools/security/trousers/default.nix b/pkgs/tools/security/trousers/default.nix index bec2084fd140a..5502de2d6272a 100644 --- a/pkgs/tools/security/trousers/default.nix +++ b/pkgs/tools/security/trousers/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--disable-usercheck" ]; - NIX_CFLAGS_COMPILE = [ "-DALLOW_NON_TSS_CONFIG_FILE" ]; + env.NIX_CFLAGS_COMPILE = toString [ "-DALLOW_NON_TSS_CONFIG_FILE" ]; enableParallelBuilding = true; meta = with lib; { diff --git a/pkgs/tools/security/truecrack/default.nix b/pkgs/tools/security/truecrack/default.nix index e90eed4d6612b..aebbbc79f8f4e 100644 --- a/pkgs/tools/security/truecrack/default.nix +++ b/pkgs/tools/security/truecrack/default.nix @@ -33,7 +33,7 @@ gccStdenv.mkDerivation rec { # `t_rc'; CpuCore.o:/build/source/src/Crypto/CpuAes.h:1237: first defined here # TODO: remove on upstream fixes it: # https://gitlab.com/kalilinux/packages/truecrack/-/issues/1 - NIX_CFLAGS_COMPILE = "-fcommon"; + env.NIX_CFLAGS_COMPILE = "-fcommon"; installFlags = [ "prefix=$(out)" ]; enableParallelBuilding = true; diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index c5b83d3d5f62d..83786aced77af 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.25.3"; + version = "3.28.4"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-w2Wz1mGlpC7EQ7Xos1zDd88HVcLN0TITx3IEn4qyc0s="; + hash = "sha256-GEmWgS8Y56LJbVxmDXVUk5MHZwP9W0Wo7o/YKvZD7ts="; }; - vendorHash = "sha256-71gPd42kaJaLpyXH1FpCf6sRiKmyGNuGxkX3QV8vvHY="; + vendorHash = "sha256-d8xc7yCyG1xfno/8ANe5eu7irP2yKDY2LKs3XdlktQk="; # Test cases run git clone and require network access doCheck = false; diff --git a/pkgs/tools/security/vals/default.nix b/pkgs/tools/security/vals/default.nix index cce4aefdfc190..b029b710fc181 100644 --- a/pkgs/tools/security/vals/default.nix +++ b/pkgs/tools/security/vals/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "vals"; - version = "0.21.0"; + version = "0.22.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "variantdev"; repo = pname; - sha256 = "sha256-yRHWhvbXpKrjJJ/Xwm3IVVOMyilFUvmsjPcDcciFc9U="; + sha256 = "sha256-/XBjGbpQIeO7UehcZv2kN4k2ZOsfhduUteURAqaUpwQ="; }; - vendorSha256 = "sha256-l837w2K3GsDTb9EEeYPfyrnkRSkv0FyoPr29Ud+iiJ8="; + vendorHash = "sha256-l837w2K3GsDTb9EEeYPfyrnkRSkv0FyoPr29Ud+iiJ8="; ldflags = [ "-s" diff --git a/pkgs/tools/security/vault/default.nix b/pkgs/tools/security/vault/default.nix index 42a4e1ccb7559..5c2a2e9b0d898 100644 --- a/pkgs/tools/security/vault/default.nix +++ b/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.12.2"; + version = "1.12.3"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-P/mQoW4lG6U83WEjn5urpFa7q5mN+XOrIOkzf2pslwQ="; + sha256 = "sha256-ZNk9bmZwD1aUY3fYT5Qngoq+9qXgvH/nWSWc30st7nE="; }; - vendorSha256 = "sha256-Z1iwJXbnSqIu/zo7iKLnh0yy1Dh0e5HwXoBkkt9xaqA="; + vendorHash = "sha256-sPpTB3N1w0JppHcwdyLYwSxjzzUAJcBJ5zJ2u4rXXkQ="; subPackages = [ "." ]; diff --git a/pkgs/tools/security/vaultwarden/update.nix b/pkgs/tools/security/vaultwarden/update.nix index 0fc4b45a1296c..44af26ada0d8e 100644 --- a/pkgs/tools/security/vaultwarden/update.nix +++ b/pkgs/tools/security/vaultwarden/update.nix @@ -1,5 +1,7 @@ { writeShellScript , lib +, nix +, nix-prefetch-git , nix-update , curl , git @@ -9,7 +11,7 @@ }: writeShellScript "update-vaultwarden" '' - PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix-update ]} + PATH=${lib.makeBinPath [ curl git gnugrep gnused jq nix nix-prefetch-git nix-update ]} set -euxo pipefail @@ -17,6 +19,11 @@ writeShellScript "update-vaultwarden" '' nix-update "vaultwarden" --version "$VAULTWARDEN_VERSION" URL="https://raw.githubusercontent.com/dani-garcia/vaultwarden/''${VAULTWARDEN_VERSION}/docker/Dockerfile.j2" - WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"([^\"]+)\".*/\\1/") + WEBVAULT_VERSION=$(curl --silent "$URL" | grep "set vault_version" | sed -E "s/.*\"v([^\"]+)\".*/\\1/") + old_hash_bw=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.src.outputHash) + old_hash_vw=$(nix --extra-experimental-features nix-command eval -f default.nix --raw vaultwarden.webvault.bw_web_builds.outputHash) + new_hash_bw=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/bitwarden/clients.git --rev "web-v$WEBVAULT_VERSION" | jq --raw-output ".sha256")) + new_hash_vw=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $(nix-prefetch-git https://github.com/dani-garcia/bw_web_builds.git --rev "v$WEBVAULT_VERSION" | jq --raw-output ".sha256")) + sed -e "s#$old_hash_bw#$new_hash_bw#" -e "s#$old_hash_vw#$new_hash_vw#" -i pkgs/tools/security/vaultwarden/webvault.nix nix-update "vaultwarden.webvault" --version "$WEBVAULT_VERSION" '' diff --git a/pkgs/tools/security/vaultwarden/webvault.nix b/pkgs/tools/security/vaultwarden/webvault.nix index 74a75e24339cf..28b60517ad655 100644 --- a/pkgs/tools/security/vaultwarden/webvault.nix +++ b/pkgs/tools/security/vaultwarden/webvault.nix @@ -1,28 +1,73 @@ -{ lib, stdenv, fetchurl, nixosTests }: +{ lib +, buildNpmPackage +, fetchFromGitHub +, git +, nixosTests +, nodejs-16_x +, python3 +}: + +let + buildNpmPackage' = buildNpmPackage.override { nodejs = nodejs-16_x; }; -stdenv.mkDerivation rec { - pname = "vaultwarden-webvault"; version = "2022.12.0"; - src = fetchurl { - url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - hash = "sha256-QC3/aqIF2NdJPHmwUbvJR62wsUGBrgsHJCyqBJ/0gMc="; + bw_web_builds = fetchFromGitHub { + owner = "dani-garcia"; + repo = "bw_web_builds"; + rev = "v${version}"; + hash = "sha256-4yUE0ySUCKmmbca+T8qjqSO0AHZEUAHZ4nheRjpDnZo="; }; +in buildNpmPackage' { + pname = "vaultwarden-webvault"; + inherit version; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "clients"; + rev = "web-v${version}"; + hash = "sha256-CsbnnP12P7JuGDOm5Ia73SzET/jCx3qRbz9vdUf7lCA="; + }; + + npmDepsHash = "sha256-wWOtVGNOzY2s82nfQDuWgA4ukpJxJr8Z7Y+rFPq2QdU="; + + postPatch = '' + ln -s ${bw_web_builds}/{patches,resources} .. + PATH="${git}/bin:$PATH" VAULT_VERSION=${bw_web_builds.rev} \ + bash ${bw_web_builds}/scripts/apply_patches.sh + ''; + + nativeBuildInputs = [ + python3 + ]; + + makeCacheWritable = true; + + ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; - buildCommand = '' - mkdir -p $out/share/vaultwarden/ - cd $out/share/vaultwarden/ - tar xf $src - mv web-vault vault + npmBuildScript = "dist:oss:selfhost"; + + npmBuildFlags = [ + "--workspace" "apps/web" + ]; + + installPhase = '' + runHook preInstall + mkdir -p $out/share/vaultwarden + mv apps/web/build $out/share/vaultwarden/vault + runHook postInstall ''; - passthru.tests = nixosTests.vaultwarden; + passthru = { + inherit bw_web_builds; + tests = nixosTests.vaultwarden; + }; meta = with lib; { description = "Integrates the web vault into vaultwarden"; homepage = "https://github.com/dani-garcia/bw_web_builds"; platforms = platforms.all; license = licenses.gpl3Plus; - maintainers = with maintainers; [ msteen mic92 ]; + maintainers = with maintainers; [ dotlambda msteen mic92 ]; }; } diff --git a/pkgs/tools/security/vt-cli/default.nix b/pkgs/tools/security/vt-cli/default.nix index eccafd7b0edd7..3a549d7e6f1ab 100644 --- a/pkgs/tools/security/vt-cli/default.nix +++ b/pkgs/tools/security/vt-cli/default.nix @@ -10,11 +10,11 @@ buildGoModule rec { src = fetchFromGitHub { owner = "VirusTotal"; repo = pname; - rev = version; - sha256 = "0jqr2xf6f9ywavkx5hzcfnky8ax23ahdj24hjsnq6zlpdqvfn1xb"; + rev = "refs/tags/${version}"; + hash = "sha256-qwfrNm6XfoOtlpAI2aAaoivkp3Xsw9LnVtwnZ1wXGUs="; }; - vendorSha256 = "sha256-XN6dJpoJe9nJn+Tr9SYD64LE0XFiO2vlpdyI9SrZZjQ="; + vendorHash = "sha256-XN6dJpoJe9nJn+Tr9SYD64LE0XFiO2vlpdyI9SrZZjQ="; ldflags = [ "-X github.com/VirusTotal/vt-cli/cmd.Version=${version}" @@ -25,7 +25,9 @@ buildGoModule rec { meta = with lib; { description = "VirusTotal Command Line Interface"; homepage = "https://github.com/VirusTotal/vt-cli"; + changelog = "https://github.com/VirusTotal/vt-cli/releases/tag/${version}"; license = licenses.asl20; + mainProgram = "vt"; maintainers = with maintainers; [ dit7ya ]; }; } diff --git a/pkgs/tools/security/wapiti/default.nix b/pkgs/tools/security/wapiti/default.nix index 6aec3dd105f28..49c0f8cd14fbe 100644 --- a/pkgs/tools/security/wapiti/default.nix +++ b/pkgs/tools/security/wapiti/default.nix @@ -5,19 +5,20 @@ python3.pkgs.buildPythonApplication rec { pname = "wapiti"; - version = "3.1.3"; + version = "3.1.6"; format = "setuptools"; src = fetchFromGitHub { owner = "wapiti-scanner"; repo = pname; - rev = version; - sha256 = "sha256-alrJVe4Miarkk8BziC8Y333b3swJ4b4oQpP2WAdT2rc="; + rev = "refs/tags/${version}"; + hash = "sha256-b377nPXvpxg+WDNgjxm2RoJ5jNt7MTES2Bspxsvo/wc="; }; propagatedBuildInputs = with python3.pkgs; [ aiocache aiosqlite + arsenic beautifulsoup4 brotli browser-cookie3 @@ -63,15 +64,15 @@ python3.pkgs.buildPythonApplication rec { "test_bad_separator_used" "test_blind" "test_chunked_timeout" - "test_cookies" - "test_drop_cookies" - "test_save_and_restore_state" - "test_explorer_extract_links" "test_cookies_detection" + "test_cookies" "test_csrf_cases" "test_detection" "test_direct" + "test_dom_detection" + "test_drop_cookies" "test_escape_with_style" + "test_explorer_extract_links" "test_explorer_filtering" "test_false" "test_frame" @@ -79,21 +80,21 @@ python3.pkgs.buildPythonApplication rec { "test_html_detection" "test_implies_detection" "test_inclusion_detection" + "test_merge_with_and_without_redirection" "test_meta_detection" + "test_multi_detection" "test_no_crash" "test_options" "test_out_of_band" - "test_multi_detection" - "test_vulnerabilities" "test_partial_tag_name_escape" "test_prefix_and_suffix_detection" "test_qs_limit" "test_rare_tag_and_event" "test_redirect_detection" "test_request_object" + "test_save_and_restore_state" "test_script" "test_ssrf" - "test_merge_with_and_without_redirection" "test_tag_name_escape" "test_timeout" "test_title_false_positive" @@ -102,6 +103,7 @@ python3.pkgs.buildPythonApplication rec { "test_unregistered_cname" "test_url_detection" "test_verify_dns" + "test_vulnerabilities" "test_warning" "test_whole" "test_xss_inside_tag_input" @@ -111,9 +113,12 @@ python3.pkgs.buildPythonApplication rec { "test_xss_with_weak_csp" "test_xxe" # Requires a PHP installation - "test_timesql" "test_cookies" + "test_loknop_lfi_to_rce" "test_redirect" + "test_timesql" + "test_xss_inside_href_link" + "test_xss_inside_src_iframe" # TypeError: Expected bytes or bytes-like object got: <class 'str'> "test_persister_upload" ]; @@ -138,6 +143,7 @@ python3.pkgs.buildPythonApplication rec { if a script is vulnerable. ''; homepage = "https://wapiti-scanner.github.io/"; + changelog = "https://github.com/wapiti-scanner/wapiti/blob/${version}/doc/ChangeLog_Wapiti"; license = with licenses; [ gpl2Only ]; maintainers = with maintainers; [ fab ]; }; diff --git a/pkgs/tools/security/yaralyzer/default.nix b/pkgs/tools/security/yaralyzer/default.nix new file mode 100644 index 0000000000000..a384280c2f401 --- /dev/null +++ b/pkgs/tools/security/yaralyzer/default.nix @@ -0,0 +1,46 @@ +{ lib +, python3 +, fetchFromGitHub +}: + +python3.pkgs.buildPythonApplication rec { + pname = "yaralyzer"; + version = "0.9.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "michelcrypt4d4mus"; + repo = "yaralyzer"; + rev = "refs/tags/v${version}"; + hash = "sha256-QsMO/fnHy4puuToUHSS05fWnXHdAVnWFFBVq3cb0Zj4="; + }; + + pythonRelaxDeps = [ + "rich" + ]; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + pythonRelaxDepsHook + ]; + + propagatedBuildInputs = with python3.pkgs; [ + chardet + python-dotenv + rich + rich-argparse-plus + yara-python + ]; + + pythonImportsCheck = [ + "yaralyzer" + ]; + + meta = with lib; { + description = "Tool to visually inspect and force decode YARA and regex matches"; + homepage = "https://github.com/michelcrypt4d4mus/yaralyzer"; + changelog = "https://github.com/michelcrypt4d4mus/yaralyzer/blob/${version}/CHANGELOG.md"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/yatas/default.nix b/pkgs/tools/security/yatas/default.nix new file mode 100644 index 0000000000000..d42068fe687cb --- /dev/null +++ b/pkgs/tools/security/yatas/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "yatas"; + version = "1.3.3"; + + src = fetchFromGitHub { + owner = "padok-team"; + repo = "YATAS"; + rev = "refs/tags/v${version}"; + hash = "sha256-BjcqEO+rDEjPttGgTH07XyQKLcs/O+FarKTWjqXWQOo="; + }; + + vendorHash = "sha256-QOFt9h4Hdt+Mx82yw4mjAoyUXHeprvjRoLYLBnihwJo="; + + meta = with lib; { + description = "Tool to audit AWS infrastructure for misconfiguration or potential security issues"; + homepage = "https://github.com/padok-team/YATAS"; + changelog = "https://github.com/padok-team/YATAS/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/tools/security/yubihsm-shell/default.nix b/pkgs/tools/security/yubihsm-shell/default.nix index 83c2e535403d6..77b6b86ffd6e1 100644 --- a/pkgs/tools/security/yubihsm-shell/default.nix +++ b/pkgs/tools/security/yubihsm-shell/default.nix @@ -10,19 +10,31 @@ , pkg-config , pcsclite , help2man +, darwin +, libiconv }: stdenv.mkDerivation rec { pname = "yubihsm-shell"; - version = "2.3.2"; + version = "2.4.0"; src = fetchFromGitHub { owner = "Yubico"; repo = "yubihsm-shell"; rev = version; - sha256 = "sha256-rSIdI6ECLte+dEbT8NOUqS8jkozRhbo+eqFrdhTIKpY="; + hash = "sha256-zWhvECPdZnrbSAVPDVZk54SWHVkd/HEQxS3FgXoqXHY="; }; + postPatch = '' + # Can't find libyubihsm at runtime because of dlopen() in C code + substituteInPlace lib/yubihsm.c \ + --replace "libyubihsm_usb.so" "$out/lib/libyubihsm_usb.so" \ + --replace "libyubihsm_http.so" "$out/lib/libyubihsm_http.so" + # ld: unknown option: -z + substituteInPlace CMakeLists.txt cmake/SecurityFlags.cmake \ + --replace "AppleClang" "Clang" + ''; + nativeBuildInputs = [ pkg-config cmake @@ -34,16 +46,17 @@ stdenv.mkDerivation rec { libusb1 libedit curl - pcsclite openssl + ] ++ lib.optionals stdenv.isLinux [ + pcsclite + ] ++ lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.PCSC + libiconv ]; - postPatch = '' - # Can't find libyubihsm at runtime because of dlopen() in C code - substituteInPlace lib/yubihsm.c \ - --replace "libyubihsm_usb.so" "$out/lib/libyubihsm_usb.so" \ - --replace "libyubihsm_http.so" "$out/lib/libyubihsm_http.so" - ''; + cmakeFlags = lib.optionals stdenv.isDarwin [ + "-DDISABLE_LTO=ON" + ]; meta = with lib; { description = "yubihsm-shell and libyubihsm"; diff --git a/pkgs/tools/security/yubikey-touch-detector/default.nix b/pkgs/tools/security/yubikey-touch-detector/default.nix index aa697b447ac0d..6d21bbe6f565c 100644 --- a/pkgs/tools/security/yubikey-touch-detector/default.nix +++ b/pkgs/tools/security/yubikey-touch-detector/default.nix @@ -2,15 +2,15 @@ buildGoModule rec { pname = "yubikey-touch-detector"; - version = "1.10.0"; + version = "1.10.1"; src = fetchFromGitHub { owner = "maximbaz"; repo = "yubikey-touch-detector"; rev = version; - sha256 = "sha256-3tZyaOrNzLfcCORhTSMEu8EvnNUjva8hBNotHgANS0g="; + sha256 = "sha256-y/iDmxlhu2Q6Zas0jsv07HQPkNdMrOQaXWy/cuWvpMk="; }; - vendorSha256 = "sha256-OitI9Yp4/mRMrNH4yrWSL785+3mykPkvzarrc6ipOeg="; + vendorHash = "sha256-OitI9Yp4/mRMrNH4yrWSL785+3mykPkvzarrc6ipOeg="; nativeBuildInputs = [ pkg-config ]; |