diff options
Diffstat (limited to 'pkgs/tools/security')
48 files changed, 421 insertions, 246 deletions
diff --git a/pkgs/tools/security/b3sum/default.nix b/pkgs/tools/security/b3sum/default.nix index 0445739fd8d..0749cba209c 100644 --- a/pkgs/tools/security/b3sum/default.nix +++ b/pkgs/tools/security/b3sum/default.nix @@ -2,14 +2,14 @@ rustPlatform.buildRustPackage rec { pname = "b3sum"; - version = "1.3.0"; + version = "1.3.1"; src = fetchCrate { inherit version pname; - sha256 = "sha256-mnX5ZetwOo0VMBIOqJEBpqnSX6EqBEO7qwfgtGclReQ="; + sha256 = "sha256-Vb4W1TfHppKm2Ib2VHm+917A09JY1oNebymzcQpPm8Q="; }; - cargoSha256 = "sha256-SUoreAuWLxtBWmFdLDviDz16oVDB2ubTY3a3m+t8xx0="; + cargoSha256 = "sha256-cpY69NsbsHgQITdElsNjrhjaih9rgOVpFEv4Pfp9OPw="; meta = { description = "BLAKE3 cryptographic hash function"; diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index 198295fcdfe..d9fb4a26e89 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "bitwarden"; - version = "1.30.0"; + version = "1.31.2"; src = fetchurl { url = "https://github.com/bitwarden/desktop/releases/download/v${version}/Bitwarden-${version}-amd64.deb"; - sha256 = "sha256-x0i7MUVr0nhPy8M/dTVtRjaLfJQlzqhzLQ/JHLRmL6E="; + sha256 = "sha256-5ayFTcvzfOtbwBXSpdr+5CL3jUZ19HPZnZt2JMCCxfo="; }; desktopItem = makeDesktopItem { diff --git a/pkgs/tools/security/boofuzz/default.nix b/pkgs/tools/security/boofuzz/default.nix index 353758c3d5f..572a9e888fd 100644 --- a/pkgs/tools/security/boofuzz/default.nix +++ b/pkgs/tools/security/boofuzz/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "boofuzz"; - version = "0.4.0"; + version = "0.4.1"; src = fetchFromGitHub { owner = "jtpereyda"; repo = pname; rev = "v${version}"; - sha256 = "4WtTZ2S2rC2XXN0HbiEht9NW0JXcPnpp66AH67F88yk="; + sha256 = "sha256-mbxImm5RfYWq1JCCSvvG58Sxv2ad4BOh+RLvtNjQCKE="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/ccid/default.nix b/pkgs/tools/security/ccid/default.nix index d1b5f4a83c0..b8d0baf5a55 100644 --- a/pkgs/tools/security/ccid/default.nix +++ b/pkgs/tools/security/ccid/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ccid"; - version = "1.4.36"; + version = "1.5.0"; src = fetchurl { url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2"; - sha256 = "sha256-K3OsiF8byrgZ3DV4lE0XQGJB4MckBCmJzqQ3NTtnScE="; + sha256 = "sha256-gVSbNCJGnVA5ltA6Ou0u8TdbNZFn8Q1mvp44ROcpMi4="; }; postPatch = '' diff --git a/pkgs/tools/security/cfripper/default.nix b/pkgs/tools/security/cfripper/default.nix index fd39847c014..8959d6627de 100644 --- a/pkgs/tools/security/cfripper/default.nix +++ b/pkgs/tools/security/cfripper/default.nix @@ -3,18 +3,38 @@ , python3 }: -python3.pkgs.buildPythonApplication rec { +let + py = python3.override { + packageOverrides = self: super: { + + # pycfmodel is pinned, https://github.com/Skyscanner/cfripper/issues/204 + pycfmodel = super.pycfmodel.overridePythonAttrs (oldAttrs: rec { + version = "0.13.0"; + + src = fetchFromGitHub { + owner = "Skyscanner"; + repo = "pycfmodel"; + rev = version; + hash = "sha256-BlnLf0C/wxPXhoAH0SRB22eGWbbZ05L20rNy6qfOI+A="; + }; + }); + }; + }; +in +with py.pkgs; + +buildPythonApplication rec { pname = "cfripper"; - version = "1.3.1"; + version = "1.3.3"; src = fetchFromGitHub { owner = "Skyscanner"; repo = pname; rev = version; - hash = "sha256-BWdXSHIicMa3PgGoF4GGAOh2LAJWt+7svMLFGhWIkn0="; + hash = "sha256-y3h/atfFl/wDmr+YBdsWrCez4PQBEcl3xNDyTwXZIp4="; }; - propagatedBuildInputs = with python3.pkgs; [ + propagatedBuildInputs = with py.pkgs; [ boto3 cfn-flip click @@ -25,7 +45,7 @@ python3.pkgs.buildPythonApplication rec { setuptools ]; - checkInputs = with python3.pkgs; [ + checkInputs = with py.pkgs; [ moto pytestCheckHook ]; diff --git a/pkgs/tools/security/chipsec/default.nix b/pkgs/tools/security/chipsec/default.nix index fbb9c421e35..64d8885eedd 100644 --- a/pkgs/tools/security/chipsec/default.nix +++ b/pkgs/tools/security/chipsec/default.nix @@ -10,14 +10,15 @@ python3.pkgs.buildPythonApplication rec { pname = "chipsec"; - version = "1.6.1"; + version = "1.8.1"; + disabled = !stdenv.isLinux; src = fetchFromGitHub { owner = "chipsec"; repo = "chipsec"; rev = version; - sha256 = "01sp24z63r3nqxx57zc4873b8i5dqipy7yrxzrwjns531vznhiy2"; + hash = "sha256-bK8wlwhP0pi8rOs8ysbSZ+0aZOaX4mckfH/p4OLGnes="; }; patches = lib.optionals withDriver [ ./ko-path.diff ./compile-ko.diff ]; @@ -29,9 +30,9 @@ python3.pkgs.buildPythonApplication rec { nasm ]; - checkInputs = [ - python3.pkgs.distro - python3.pkgs.pytestCheckHook + checkInputs = with python3.pkgs; [ + distro + pytestCheckHook ]; preBuild = lib.optionalString withDriver '' @@ -45,10 +46,15 @@ python3.pkgs.buildPythonApplication rec { $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko ''; - setupPyBuildFlags = [ "--build-lib=$CHIPSEC_BUILD_LIB" ] - ++ lib.optional (!withDriver) "--skip-driver"; + setupPyBuildFlags = [ + "--build-lib=$CHIPSEC_BUILD_LIB" + ] ++ lib.optional (!withDriver) [ + "--skip-driver" + ]; - pythonImportsCheck = [ "chipsec" ]; + pythonImportsCheck = [ + "chipsec" + ]; meta = with lib; { description = "Platform Security Assessment Framework"; diff --git a/pkgs/tools/security/cloudlist/default.nix b/pkgs/tools/security/cloudlist/default.nix index fd9741ddd94..203b044a6de 100644 --- a/pkgs/tools/security/cloudlist/default.nix +++ b/pkgs/tools/security/cloudlist/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cloudlist"; - version = "0.0.1"; + version = "1.0.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - sha256 = "1ad77nnhfx2l00nz9r89xfipwkvxp74y1xirjvkfxys4sf1yqag7"; + sha256 = "sha256-o5xJwbdYeFF3jWTy/zvswB9dFp/fxtgZB5a+c7cc2OQ="; }; - vendorSha256 = "0yr9w2k6lyxnwbxh9mp1lri9z29wl9rgfvq8mjjdlqvcqhbw7l7l"; + vendorSha256 = "sha256-rzbf/au2qrdoBowsw7DbeCcBbF42bqJDnuKC1sSFxho="; meta = with lib; { description = "Tool for listing assets from multiple cloud providers"; diff --git a/pkgs/tools/security/dalfox/default.nix b/pkgs/tools/security/dalfox/default.nix index ebbdd9882b7..5ce633d3cec 100644 --- a/pkgs/tools/security/dalfox/default.nix +++ b/pkgs/tools/security/dalfox/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "dalfox"; - version = "2.7.0"; + version = "2.7.1"; src = fetchFromGitHub { owner = "hahwul"; repo = pname; rev = "v${version}"; - sha256 = "sha256-QSIaqHUNsVpb1qbQLIxxjoDH1DMM1XpXxWZtImMV1yM="; + sha256 = "sha256-+Jr2pWV3iImKVnXH8mQXauHOh3uJChUe22U4JzIotD0="; }; - vendorSha256 = "sha256-F0uIV4T/dCqPY/gsSOrzJTxFGlDh9NfxKhJxrftj0Lo="; + vendorSha256 = "sha256-4ot9qvTsUMxbcbu1y+5Tkvgo3t0MWA1EPSGqM0CM2DU="; meta = with lib; { description = "Tool for analysing parameter and XSS scanning"; diff --git a/pkgs/tools/security/dnsx/default.nix b/pkgs/tools/security/dnsx/default.nix index 5b4f0a5da14..9ba91d18653 100644 --- a/pkgs/tools/security/dnsx/default.nix +++ b/pkgs/tools/security/dnsx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "dnsx"; - version = "1.0.7"; + version = "1.0.8"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "dnsx"; rev = "v${version}"; - sha256 = "sha256-92J9yRTSk2EP3lXCWH1+Ha+dx3dTNur6LIDMKbGmseI="; + sha256 = "sha256-+ZLnQtN5MnWnOpLHkaZMhhsFWgGhnhalkXLakJf1wKU="; }; - vendorSha256 = "sha256-692PcWFYNInWcZm9NQHLQmRHGFV9XUSFoCqHo7fcGEU="; + vendorSha256 = "sha256-RtYAggUWQ8b2qf5ly7BSRc+8npbLiWdM4h0Krdp4Py4="; meta = with lib; { description = "Fast and multi-purpose DNS toolkit"; diff --git a/pkgs/tools/security/doppler/default.nix b/pkgs/tools/security/doppler/default.nix index 50196c1565d..8b21ef160a2 100644 --- a/pkgs/tools/security/doppler/default.nix +++ b/pkgs/tools/security/doppler/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "doppler"; - version = "3.37.0"; + version = "3.38.0"; src = fetchFromGitHub { owner = "dopplerhq"; repo = "cli"; rev = version; - sha256 = "sha256-GrrjfuDor92535yzoxAudlI4vUrCittsdQeXxuUwNww="; + sha256 = "sha256-GKsq6AhkhacG+5XIELpe58bDe5l3BnLCwJHMkCzTzJU="; }; vendorSha256 = "sha256-VPxHxNtDeP5CFDMTeMsZYED9ZGWMquJdeupeCVldY/E="; diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index 2b373360965..925931e6a3e 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -71,7 +71,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Belgian electronic identity card (eID) middleware"; - homepage = "https://eid.belgium.be/en/using_your_eid/installing_the_eid_software/linux/"; + homepage = "https://eid.belgium.be/en"; license = licenses.lgpl3Only; longDescription = '' Allows user authentication and digital signatures with Belgian ID cards. diff --git a/pkgs/tools/security/encryptr/default.nix b/pkgs/tools/security/encryptr/default.nix deleted file mode 100644 index 92d783dd5fd..00000000000 --- a/pkgs/tools/security/encryptr/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ stdenv, lib, fetchurl, glib, nss, nspr, gconf, fontconfig, freetype -, pango , cairo, libX11 , libXi, libXcursor, libXext, libXfixes -, libXrender, libXcomposite , alsa-lib, libXdamage, libXtst, libXrandr -, expat, libcap, systemd , dbus, gtk2 , gdk-pixbuf, libnotify -}: - -let - arch = if stdenv.hostPlatform.system == "x86_64-linux" then "amd" - else if stdenv.hostPlatform.system == "i686-linux" then "i386" - else throw "Encryptr for ${stdenv.hostPlatform.system} not supported!"; - - sha256 = if stdenv.hostPlatform.system == "x86_64-linux" then "1j3g467g7ar86hpnh6q9mf7mh2h4ia94mwhk1283zh739s2g53q2" - else if stdenv.hostPlatform.system == "i686-linux" then "02j9hg9b1jlv25q1sjfhv8d46mii33f94dj0ccn83z9z18q4y2cm" - else throw "Encryptr for ${stdenv.hostPlatform.system} not supported!"; - -in stdenv.mkDerivation rec { - pname = "encryptr"; - version = "2.0.0"; - - src = fetchurl { - url = "https://spideroak.com/dist/encryptr/signed/linux/targz/encryptr-${version}_${arch}.tar.gz"; - inherit sha256; - }; - - dontBuild = true; - - rpath = lib.makeLibraryPath [ - glib nss nspr gconf fontconfig freetype pango cairo libX11 libXi - libXcursor libXext libXfixes libXrender libXcomposite alsa-lib - libXdamage libXtst libXrandr expat libcap dbus gtk2 gdk-pixbuf - libnotify stdenv.cc.cc - ]; - - installPhase = '' - mkdir -pv $out/bin $out/lib - cp -v {encryptr-bin,icudtl.dat,nw.pak} $out/bin - mv -v $out/bin/encryptr{-bin,} - cp -v lib* $out/lib - ln -sv ${lib.getLib systemd}/lib/libudev.so.1 $out/lib/libudev.so.0 - - patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \ - --set-rpath $out/lib:${rpath} \ - $out/bin/encryptr - ''; - - # If stripping, node-webkit does not find - # its application and shows a generic page - dontStrip = true; - - meta = with lib; { - homepage = "https://spideroak.com/solutions/encryptr"; - description = "Free, private and secure password management tool and e-wallet"; - license = licenses.unfree; - maintainers = with maintainers; [ guillaumekoenig ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json index bb74f73fb75..20d252bce58 100644 --- a/pkgs/tools/security/enpass/data.json +++ b/pkgs/tools/security/enpass/data.json @@ -5,8 +5,8 @@ "version": "6.6.1.809" }, "i386": { - "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", - "sha256": "3f699ac3e2ecfd4afee1505d8d364d4f6b6b94c55ba989d0a80bd678ff66cb2c", + "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", + "sha256": "3f699ac3e2ecfd4afee1505d8d364d4f6b6b94c55ba989d0a80bd678ff66cb2c", "version": "5.6.9" } } diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 0be3a7ab18c..114862f8662 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-02-03"; + version = "2022-02-11"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-s5neMvY77lNXcwgOt6FLEk/mfkrJU1v1GBzwIJ4oX/Y="; + sha256 = "sha256-pSvjTL/vS3E9jYGxae9RUw+DD9u49PoF7oNM/UZOzDg="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index 92848def1d1..6c3fb072709 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,5 +1,7 @@ -{ lib, stdenv, fetchFromGitHub, python3 }: - +{ lib, stdenv, fetchFromGitHub +, python3 +, fetchpatch +}: python3.pkgs.buildPythonApplication rec { pname = "fail2ban"; @@ -17,7 +19,21 @@ python3.pkgs.buildPythonApplication rec { systemd ]; + patches = [ + # remove references to use_2to3, for setuptools>=58 + # has been merged into master, remove next release + (fetchpatch { + url = "https://github.com/fail2ban/fail2ban/commit/5ac303df8a171f748330d4c645ccbf1c2c7f3497.patch"; + sha256 = "sha256-aozQJHwPcJTe/D/PLQzBk1YH3OAP6Qm7wO7cai5CVYI="; + }) + ]; + preConfigure = '' + # workaround for setuptools 58+ + # https://github.com/fail2ban/fail2ban/issues/3098 + patchShebangs fail2ban-2to3 + ./fail2ban-2to3 + for i in config/action.d/sendmail*.conf; do substituteInPlace $i \ --replace /usr/sbin/sendmail sendmail \ diff --git a/pkgs/tools/security/gpgstats/default.nix b/pkgs/tools/security/gpgstats/default.nix deleted file mode 100644 index f6f6d367810..00000000000 --- a/pkgs/tools/security/gpgstats/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, stdenv, fetchurl, ncurses, gpgme }: - -stdenv.mkDerivation rec { - pname = "gpgstats"; - version = "0.5"; - - src = fetchurl { - url = "https://www.vanheusden.com/gpgstats/${pname}-${version}.tgz"; - sha256 = "1n3njqhjwgfllcxs0xmk89dzgirrpfpfzkj71kqyvq97gc1wbcxy"; - }; - - buildInputs = [ ncurses gpgme ]; - - installPhase = '' - mkdir -p $out/bin - cp gpgstats $out/bin - ''; - - NIX_CFLAGS_COMPILE = lib.optionalString (!stdenv.is64bit) - "-D_FILE_OFFSET_BITS=64 -DLARGEFILE_SOURCE=1"; - - meta = with lib; { - description = "Calculates statistics on the keys in your gpg key-ring"; - longDescription = '' - GPGstats calculates statistics on the keys in your key-ring. - ''; - homepage = "http://www.vanheusden.com/gpgstats/"; - license = licenses.gpl2; - maintainers = with maintainers; [ davidak ]; - platforms = platforms.unix; - }; -} - diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index 49dc002133d..30206fab0eb 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -1,14 +1,18 @@ -{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: buildGoModule rec { pname = "grype"; - version = "0.32.0"; + version = "0.33.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-jn28IusHgHHFFrvqZLIvbqCFMhMQ5K/gqC4hVQLffY0="; + sha256 = "sha256-RXEeJZeC6hA6DetZnUNWFtNZEy4HJpxviL8pySBLfts="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -22,9 +26,12 @@ buildGoModule rec { find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-05/xFjgiqbXy7Y2LTGHcXtvusGgfZ/TwLQHaO8rIjvc="; - nativeBuildInputs = [ installShellFiles ]; + vendorSha256 = "sha256-2T2fw1nOycP1LxUuMSmz1ke2bg4yox/tIAveXCNJG9Y="; + + nativeBuildInputs = [ + installShellFiles + ]; ldflags = [ "-s" diff --git a/pkgs/tools/security/haveged/default.nix b/pkgs/tools/security/haveged/default.nix index b088f07c6e3..2386bb90d1a 100644 --- a/pkgs/tools/security/haveged/default.nix +++ b/pkgs/tools/security/haveged/default.nix @@ -1,15 +1,29 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchFromGitHub }: stdenv.mkDerivation rec { pname = "haveged"; - version = "1.9.2"; + version = "1.9.17"; - src = fetchurl { - url = "http://www.issihosts.com/haveged/haveged-${version}.tar.gz"; - sha256 = "0w5ypz6451msckivjriwyw8djydlwffam7x23xh626s2vzdrlzgp"; + src = fetchFromGitHub { + owner = "jirka-h"; + repo = "haveged"; + rev = "v${version}"; + sha256 = "sha256-uVl+TZVMsf+9aRATQndYMK4l4JfOBvstd1O2nTHyMYU="; }; - meta = { + strictDeps = true; + + postPatch = '' + patchShebangs ent # test shebang + ''; + + installFlags = [ + "sbindir=$(out)/bin" # no reason for us to have a $out/sbin, its just a symlink to $out/bin + ]; + + doCheck = true; + + meta = with lib; { description = "A simple entropy daemon"; longDescription = '' The haveged project is an attempt to provide an easy-to-use, unpredictable @@ -19,9 +33,11 @@ stdenv.mkDerivation rec { of haveged is directed towards improving overall reliability and adaptability while minimizing the barriers to using haveged for other tasks. ''; - homepage = "http://www.issihosts.com/haveged/"; - license = lib.licenses.gpl3; - maintainers = [ lib.maintainers.domenkozar ]; - platforms = lib.platforms.unix; + homepage = "https://github.com/jirka-h/haveged"; + changelog = "https://raw.githubusercontent.com/jirka-h/haveged/v${version}/ChangeLog"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ domenkozar ]; + platforms = platforms.unix; + badPlatforms = platforms.darwin; # fails to build since v1.9.15 }; } diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index 9adf63ea160..d4188424213 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -6,20 +6,20 @@ buildGoModule rec { pname = "kubescape"; - version = "2.0.144"; + version = "2.0.147"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; - hash = "sha256-X/r39lvNSLZ4SG/x5Woj7c0fEOp8USyeTWYihaY0faU="; + hash = "sha256-5ESAvLCAQ6ttpuc3YGkUwUvvhHZj+QYXyx30fhVSP1Y="; }; nativeBuildInputs = [ installShellFiles ]; - vendorSha256 = "sha256-gB1/WkGC3sgMqmA4F9/dGU0R0hIDwwTVBNNsY6Yj8KU="; + vendorSha256 = "sha256-xbOUggbu/4bNT07bD3TU/7CIDvgi6OtZLQzSqQykwRY="; ldflags = [ "-s" diff --git a/pkgs/tools/security/libmodsecurity/default.nix b/pkgs/tools/security/libmodsecurity/default.nix index 03aed8c50e0..65512eb8be6 100644 --- a/pkgs/tools/security/libmodsecurity/default.nix +++ b/pkgs/tools/security/libmodsecurity/default.nix @@ -1,34 +1,57 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config -, doxygen, perl, valgrind -, curl, geoip, libxml2, lmdb, lua, pcre, yajl }: +{ lib, stdenv, fetchFromGitHub +, autoreconfHook, bison, flex, pkg-config +, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre +, ssdeep, valgrind, yajl +}: stdenv.mkDerivation rec { pname = "libmodsecurity"; - version = "3.0.4"; + version = "3.0.6"; src = fetchFromGitHub { owner = "SpiderLabs"; repo = "ModSecurity"; - fetchSubmodules = true; rev = "v${version}"; - sha256 = "07vry10cdll94sp652hwapn0ppjv3mb7n2s781yhy7hssap6f2vp"; + sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg="; + fetchSubmodules = true; }; - nativeBuildInputs = [ autoreconfHook pkg-config doxygen ]; + nativeBuildInputs = [ autoreconfHook bison flex pkg-config ]; + buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ]; - buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ]; + outputs = [ "out" "dev" ]; configureFlags = [ - "--enable-static" + "--enable-parser-generation" "--with-curl=${curl.dev}" "--with-libxml=${libxml2.dev}" + "--with-lmdb=${lmdb.out}" + "--with-maxmind=${libmaxminddb}" "--with-pcre=${pcre.dev}" - "--with-yajl=${yajl}" + "--with-ssdeep=${ssdeep}" ]; + postPatch = '' + substituteInPlace build/lmdb.m4 \ + --replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \ + --replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\"" + substituteInPlace build/ssdeep.m4 \ + --replace "/usr/local/libfuzzy" "${ssdeep}/lib" \ + --replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \ + --replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\"" + substituteInPlace modsecurity.conf-recommended \ + --replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127" + ''; + + postInstall = '' + mkdir -p $out/share/modsecurity + cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity + ''; + enableParallelBuilding = true; meta = with lib; { + homepage = "https://github.com/SpiderLabs/ModSecurity"; description = '' ModSecurity v3 library component. ''; @@ -40,7 +63,6 @@ stdenv.mkDerivation rec { the ModSecurity SecRules format and apply them to HTTP content provided by your application via Connectors. ''; - homepage = "https://modsecurity.org/"; license = licenses.asl20; platforms = platforms.all; maintainers = with maintainers; [ izorkin ]; diff --git a/pkgs/tools/security/libtpms/default.nix b/pkgs/tools/security/libtpms/default.nix index b49ce7305de..d93f0135c20 100644 --- a/pkgs/tools/security/libtpms/default.nix +++ b/pkgs/tools/security/libtpms/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "libtpms"; - version = "0.9.1"; + version = "0.9.2"; src = fetchFromGitHub { owner = "stefanberger"; repo = "libtpms"; rev = "v${version}"; - sha256 = "sha256-30P/YggrPEVpsh2qo751aW6RtrpIVe1XQWyYZm8P4yA="; + sha256 = "sha256-sfAmyx9MgzCVA1Da7hl6/sKxhS9ptaNLeSB8wmJIKDs="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/log4j-sniffer/default.nix b/pkgs/tools/security/log4j-sniffer/default.nix index 86b6bf00f54..0bc08fb6e3c 100644 --- a/pkgs/tools/security/log4j-sniffer/default.nix +++ b/pkgs/tools/security/log4j-sniffer/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "log4j-sniffer"; - version = "1.6.0"; + version = "1.8.0"; src = fetchFromGitHub { owner = "palantir"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ffutvIxXhA0fCN6mSUwv6F+SO/ab6hLiaVJeatZo57w="; + sha256 = "sha256-NojFXonov/80p+6kimfbiMK/v4najiMe//xFDnOi5KE="; }; vendorSha256 = null; diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 8812a16df3a..bcff98114ca 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.28" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.29" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index cdd2849be2c..015ccc8ef39 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: b8975cbd6552cc52044250143ffc440775a8a29e - ref: refs/tags/6.1.28 + revision: 61b21e59fe8f4f65fba27f88d49782dece0aad00 + ref: refs/tags/6.1.29 specs: - metasploit-framework (6.1.28) + metasploit-framework (6.1.29) actionpack (~> 6.0) activerecord (~> 6.0) activesupport (~> 6.0) @@ -31,7 +31,7 @@ GIT metasploit-concern metasploit-credential metasploit-model - metasploit-payloads (= 2.0.71) + metasploit-payloads (= 2.0.72) metasploit_data_models metasploit_payloads-mettle (= 1.0.18) mqtt @@ -128,7 +128,7 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.552.0) + aws-partitions (1.554.0) aws-sdk-core (3.126.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) @@ -251,7 +251,7 @@ GEM activemodel (~> 6.0) activesupport (~> 6.0) railties (~> 6.0) - metasploit-payloads (2.0.71) + metasploit-payloads (2.0.72) metasploit_data_models (5.0.4) activerecord (~> 6.0) activesupport (~> 6.0) @@ -292,7 +292,7 @@ GEM pcaprub patch_finder (1.0.2) pcaprub (0.13.1) - pdf-reader (2.9.0) + pdf-reader (2.9.1) Ascii85 (~> 1.0) afm (~> 0.2.1) hashery (~> 2.0) @@ -379,7 +379,7 @@ GEM ruby-macho (3.0.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) - ruby_smb (3.0.1) + ruby_smb (3.0.2) bindata openssl-ccm openssl-cmac @@ -446,4 +446,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.2.24 + 2.3.6 diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index d7b2bb8b9e4..71372903384 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.1.28"; + version = "6.1.29"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-3l9yBnOejCVSo/zw46mGv3uBoArtyOPbjE1l8CoVNkg="; + sha256 = "sha256-S0R9D6Tih9+aVdYkpAodfwcRCq8WaqaJ5oYuPl7PgK8="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index b55f76e8a85..7042ed35260 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -104,10 +104,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0wr4jkylfkd89970hw3akfy7vyj54qz11gq3aar48j8p9px0gl17"; + sha256 = "0c5dyi1hy9xawlicdfzakj279r514vmb93kpwfa92lbb9bz1plg5"; type = "gem"; }; - version = "1.552.0"; + version = "1.554.0"; }; aws-sdk-core = { groups = ["default"]; @@ -684,12 +684,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "b8975cbd6552cc52044250143ffc440775a8a29e"; - sha256 = "0j1n2lmg0radikdy7j7d1ah82yxzhsly7w7wld92b34yfc374pyy"; + rev = "61b21e59fe8f4f65fba27f88d49782dece0aad00"; + sha256 = "1bw0rxg3wbl6ws4scshnmw5121vz3l5a896nanddz1z2lh7psi2b"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.1.28"; + version = "6.1.29"; }; metasploit-model = { groups = ["default"]; @@ -706,10 +706,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12fr3v5mjwlilnlccnbimamz6sq6kckf16vgzpfpgi8gjma3lgb9"; + sha256 = "0ybw1daczslifq684hjxmr5668w7db1fi0z6g53812yva7lf4sv6"; type = "gem"; }; - version = "2.0.71"; + version = "2.0.72"; }; metasploit_data_models = { groups = ["default"]; @@ -967,10 +967,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1fh2pq3gk5fh18g71wir98k4bz4rvihhx8qmn8zi9fz6yfqx39qj"; + sha256 = "0pn5l3ayjfn4mv2079q80q0x3q39q25nxcc5l9cjqz4lf5anhlfi"; type = "gem"; }; - version = "2.9.0"; + version = "2.9.1"; }; pg = { groups = ["default"]; @@ -1357,10 +1357,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0mf3mzxq83y7i8nr6bcl5yacvfz6y5p3hdmvr1m6xq0l0i9a9axy"; + sha256 = "13sp6bqgj06h7jkw5qvafwawfh2akyrsj38vq8qkjfjdg79pkbxf"; type = "gem"; }; - version = "3.0.1"; + version = "3.0.2"; }; rubyntlm = { groups = ["default"]; diff --git a/pkgs/tools/security/modsecurity-crs/default.nix b/pkgs/tools/security/modsecurity-crs/default.nix new file mode 100644 index 00000000000..124eca09ca4 --- /dev/null +++ b/pkgs/tools/security/modsecurity-crs/default.nix @@ -0,0 +1,42 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + version = "3.3.2"; + pname = "modsecurity-crs"; + + src = fetchFromGitHub { + owner = "coreruleset"; + repo = "coreruleset"; + rev = "v${version}"; + sha256 = "sha256-m/iVLhk2y5BpYu8EwC2adrrDnbaVCQ0SE25ltvMokCw="; + }; + + installPhase = '' + install -D -m444 -t $out/rules ${src}/rules/*.conf + install -D -m444 -t $out/rules ${src}/rules/*.data + install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/*.md + install -D -m444 -t $out/share/doc/modsecurity-crs ${src}/{CHANGES,INSTALL,LICENSE} + install -D -m444 -t $out/share/modsecurity-crs ${src}/rules/*.example + install -D -m444 -t $out/share/modsecurity-crs ${src}/crs-setup.conf.example + cat > $out/share/modsecurity-crs/modsecurity-crs.load.example <<EOF + ## + ## This is a sample file for loading OWASP CRS's rules. + ## + Include /etc/modsecurity/crs/crs-setup.conf + IncludeOptional /etc/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf + Include $out/rules/*.conf + IncludeOptional /etc/modsecurity/crs/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf + EOF + ''; + + meta = with lib; { + homepage = "https://coreruleset.org"; + description = '' + The OWASP ModSecurity Core Rule Set is a set of generic attack detection + rules for use with ModSecurity or compatible web application firewalls. + ''; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} diff --git a/pkgs/tools/security/nmap-formatter/default.nix b/pkgs/tools/security/nmap-formatter/default.nix index 3f3835b9649..5b9494bf9d3 100644 --- a/pkgs/tools/security/nmap-formatter/default.nix +++ b/pkgs/tools/security/nmap-formatter/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nmap-formatter"; - version = "0.2.1"; + version = "0.3.0"; src = fetchFromGitHub { owner = "vdjagilev"; repo = pname; rev = "v${version}"; - sha256 = "1r8l7ajcb436b60ir6xgy53wafk6rw1cil326yg6mhcngz9sazbk"; + sha256 = "sha256-tG91Cutk+RCBPv4Rf8CVnZa5Wh8qgsxEL0C6WIoEdsw="; }; - vendorSha256 = "0c1b4iw28qj8iq55lg32xqw69jjdv5ial495j0gz68s17kydbwhb"; + vendorSha256 = "sha256-WXX1b8fPcwIE40w+Kzd7ZuSRXPiYtolRXC/Z8Kc9H2s="; postPatch = '' # Fix hard-coded release diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix index 27805bdd762..91dba36e332 100644 --- a/pkgs/tools/security/nuclei/default.nix +++ b/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "2.5.4"; + version = "2.6.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - sha256 = "sha256-r6nOVTg/vZr2somTCoEJQHtbMMZ1RCkdDzGQeTISreU="; + sha256 = "sha256-NTqpj97M61hJP44gr0mRIOI0Syw3oSQeH0ooNHkLgSE="; }; - vendorSha256 = "sha256-zLZ7+eJPKJ8nX47SdbzCLwg3nmv2lFcd2te8oh0UU4s="; + vendorSha256 = "sha256-/mucUSk8+uAD+lIIKtt9+iNZKE4Y12a7GI6PHlnaPAQ="; modRoot = "./v2"; subPackages = [ diff --git a/pkgs/tools/security/orjail/default.nix b/pkgs/tools/security/orjail/default.nix new file mode 100644 index 00000000000..adcbf5ae4f9 --- /dev/null +++ b/pkgs/tools/security/orjail/default.nix @@ -0,0 +1,55 @@ +{ lib +, stdenv +, fetchFromGitHub +, tor +, firejail +, iptables +, makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "orjail"; + version = "1.1"; + + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = "v${version}"; + sha256 = "06bwqb3l7syy4c1d8xynxwakmdxvm3qfm8r834nidsknvpdckd9z"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + patchShebangs make-helper.bsh + mkdir bin + mv usr/sbin/orjail bin/orjail + rm -r usr + ''; + + makeFlags = [ + "DESTDIR=${placeholder "out"}" + ]; + + postInstall = '' + # Specify binary paths: tor, firejail, iptables + # mktemp fails with /tmp path prefix, will work without it anyway + # https://github.com/orjail/orjail/issues/78 + # firejail will fail reading /etc/hosts, therefore remove --hostname arg + # https://github.com/netblue30/firejail/issues/2758 + substituteInPlace $out/bin/orjail \ + --replace ''$'TORBIN=\n' ''$'TORBIN=${tor}/bin/tor\n' \ + --replace ''$'FIREJAILBIN=\n' ''$'FIREJAILBIN=${firejail}/bin/firejail\n' \ + --replace 'iptables -' '${iptables}/bin/iptables -' \ + --replace 'mktemp /tmp/' 'mktemp ' \ + --replace '--hostname=host ' "" + ''; + + meta = with lib; { + description = "Force programs to exclusively use tor network"; + homepage = "https://github.com/orjail/orjail"; + license = licenses.wtfpl; + maintainers = with maintainers; [ onny ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch b/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch new file mode 100644 index 00000000000..ce6849d677f --- /dev/null +++ b/pkgs/tools/security/pass/extensions/audit/0001-Set-base-to-an-empty-value.patch @@ -0,0 +1,43 @@ +From a2d5d973f53efb11bdcaecbd0099df9714bc287f Mon Sep 17 00:00:00 2001 +From: Maximilian Bosch <maximilian@mbosch.me> +Date: Tue, 8 Feb 2022 19:35:35 +0100 +Subject: [PATCH] Set `base` to an empty value + +`DESTDIR` ensures that everything lands in the correct location (i.e. +the target store-path on Nix), within this path, everything should be +moved into `/lib` and `/share`. +--- + setup.py | 17 ++--------------- + 1 file changed, 2 insertions(+), 15 deletions(-) + +diff --git a/setup.py b/setup.py +index 1f0a58b..f7baa41 100644 +--- a/setup.py ++++ b/setup.py +@@ -8,21 +8,8 @@ from pathlib import Path + + from setuptools import setup + +-share = Path(sys.prefix, 'share') +-base = '/usr' +-if os.uname().sysname == 'Darwin': +- base = '/usr/local' +-lib = Path(base, 'lib', 'password-store', 'extensions') +- +-if '--user' in sys.argv: +- if 'PASSWORD_STORE_EXTENSIONS_DIR' in os.environ: +- lib = Path(os.environ['PASSWORD_STORE_EXTENSIONS_DIR']) +- else: +- lib = Path.home() / '.password-store' / '.extensions' +- if 'XDG_DATA_HOME' in os.environ: +- share = Path(os.environ['XDG_DATA_HOME']) +- else: +- share = Path.home() / '.local' / 'share' ++share = Path('share') ++lib = Path('lib', 'password-store', 'extensions') + + setup( + data_files=[ +-- +2.33.1 + diff --git a/pkgs/tools/security/pass/extensions/audit/default.nix b/pkgs/tools/security/pass/extensions/audit/default.nix index 415a4b9e79d..c4c16b8ff84 100644 --- a/pkgs/tools/security/pass/extensions/audit/default.nix +++ b/pkgs/tools/security/pass/extensions/audit/default.nix @@ -5,16 +5,17 @@ let in stdenv.mkDerivation rec { pname = "pass-audit"; - version = "1.1"; + version = "1.2"; src = fetchFromGitHub { owner = "roddhjav"; repo = "pass-audit"; rev = "v${version}"; - sha256 = "1vapymgpab91kh798mirgs1nb7j9qln0gm2d3321cmsghhb7xs45"; + sha256 = "sha256-xigP8LxRXITLF3X21zhWx6ooFNSTKGv46yFSt1dd4vs="; }; patches = [ + ./0001-Set-base-to-an-empty-value.patch ./0002-Fix-audit.bash-setup.patch ]; @@ -40,7 +41,8 @@ in stdenv.mkDerivation rec { installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ]; postInstall = '' wrapProgram $out/lib/password-store/extensions/audit.bash \ - --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" + --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" \ + --run "export COMMAND" ''; meta = with lib; { diff --git a/pkgs/tools/security/pinentry-bemenu/default.nix b/pkgs/tools/security/pinentry-bemenu/default.nix new file mode 100644 index 00000000000..afe1d03fff0 --- /dev/null +++ b/pkgs/tools/security/pinentry-bemenu/default.nix @@ -0,0 +1,25 @@ +{ lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, libassuan +, libgpg-error, popt, bemenu }: + +stdenv.mkDerivation rec { + pname = "pinentry-bemenu"; + version = "0.9.0"; + + src = fetchFromGitHub { + owner = "t-8ch"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-AFS4T7VqPga53/3rG8be9Q//6/2JJIe7+Ata33ewySg="; + }; + + nativeBuildInputs = [ meson ninja pkg-config ]; + buildInputs = [ libassuan libgpg-error popt bemenu ]; + + meta = with lib; { + description = "Pinentry implementation based on bemenu"; + homepage = "https://github.com/t-8ch/pinentry-bemenu"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ jc ]; + platforms = with platforms; linux; + }; +} diff --git a/pkgs/tools/security/rbw/default.nix b/pkgs/tools/security/rbw/default.nix index 919fda9c67c..9e3f0523473 100644 --- a/pkgs/tools/security/rbw/default.nix +++ b/pkgs/tools/security/rbw/default.nix @@ -26,15 +26,15 @@ rustPlatform.buildRustPackage rec { pname = "rbw"; - version = "1.4.1"; + version = "1.4.3"; src = fetchCrate { inherit version; crateName = pname; - sha256 = "sha256-RNdxAp3Q/xNrK1XcKZPMfuqxWzDtdhwT+nqG25SjJhI="; + sha256 = "sha256-teeGKQNf+nuUcF9BcdiTV/ycENTbcGvPZZ34FdOO31k="; }; - cargoSha256 = "sha256-I0KwHCmfYxgSF5IMHiPooaf2bypd6eYCOPSB+qnEBJY="; + cargoSha256 = "sha256-Soquc3OuGlDsGSwNCvYOWQeraYpkzX1oJwmM03Rc3Jg="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix index 7d8de48800a..f77417aaaa4 100644 --- a/pkgs/tools/security/rng-tools/default.nix +++ b/pkgs/tools/security/rng-tools/default.nix @@ -4,6 +4,7 @@ , autoreconfHook , libtool , pkg-config +, psmisc , argp-standalone ? null , openssl , jitterentropy ? null, withJitterEntropy ? true @@ -24,13 +25,13 @@ with lib; stdenv.mkDerivation rec { pname = "rng-tools"; - version = "6.14"; + version = "6.15"; src = fetchFromGitHub { owner = "nhorman"; repo = pname; rev = "v${version}"; - hash = "sha256-NTXp2l5gVxKhO4Gqcy4VzomYU5B3HydkefMvdzypK8M="; + hash = "sha256-km+MEng3VWZF07sdvGLbAG/vf8/A1DxhA/Xa2Y+LAEQ="; }; nativeBuildInputs = [ autoreconfHook libtool pkg-config ]; @@ -59,6 +60,7 @@ stdenv.mkDerivation rec { doCheck = true; preCheck = "patchShebangs tests/*.sh"; + checkInputs = [ psmisc ]; # rngtestjitter.sh needs killall doInstallCheck = true; installCheckPhase = '' diff --git a/pkgs/tools/security/scilla/default.nix b/pkgs/tools/security/scilla/default.nix index 79179219583..ab31624c6c9 100644 --- a/pkgs/tools/security/scilla/default.nix +++ b/pkgs/tools/security/scilla/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "scilla"; - version = "1.1.1"; + version = "1.2.1"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; rev = "v${version}"; - sha256 = "sha256-xg8qnpYRdSGaFkjmQLbjMFIU419ASEHtFA8h8ads/50="; + sha256 = "sha256-1gSuKxNpls7B+pSGnGj3k/E93lnj2FPNtAAciPPNAeM="; }; - vendorSha256 = "sha256-PFfzlqBuasTNeCNnu5GiGyQzBQkbe83q1EqCsWTor18="; + vendorSha256 = "sha256-gHZj8zpc7yFthCCBM8WGw4WwoW46bdQWe4yWjOkkQE8="; meta = with lib; { description = "Information gathering tool for DNS, ports and more"; diff --git a/pkgs/tools/security/secp256k1/default.nix b/pkgs/tools/security/secp256k1/default.nix index e88187f8465..890518126d8 100644 --- a/pkgs/tools/security/secp256k1/default.nix +++ b/pkgs/tools/security/secp256k1/default.nix @@ -7,15 +7,13 @@ stdenv.mkDerivation { pname = "secp256k1"; - # I can't find any version numbers, so we're just using the date of the - # last commit. - version = "unstable-2021-06-06"; + version = "unstable-2022-02-06"; src = fetchFromGitHub { owner = "bitcoin-core"; repo = "secp256k1"; - rev = "7973576f6e3ab27d036a09397152b124d747f4ae"; - sha256 = "0vjk55dv0mkph4k6bqgkykmxn05ngzvhc4rzjnvn33xzi8dzlvah"; + rev = "5dcc6f8dbdb1850570919fc9942d22f728dbc0af"; + sha256 = "x9qG2S6tBSRseWaFIN9N2fRpY1vkv8idT3d3rfJnmaU="; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/tools/security/snallygaster/default.nix b/pkgs/tools/security/snallygaster/default.nix index 31619ea7f54..e469e4b004e 100644 --- a/pkgs/tools/security/snallygaster/default.nix +++ b/pkgs/tools/security/snallygaster/default.nix @@ -5,13 +5,13 @@ python3Packages.buildPythonApplication rec { pname = "snallygaster"; - version = "0.0.11"; + version = "0.0.12"; src = fetchFromGitHub { owner = "hannob"; repo = pname; rev = "v${version}"; - sha256 = "sha256-xUWnu+T6+5Ro6TrmtFD/Qd40FffY5rfuAvWzNkBhTME="; + sha256 = "sha256-JXuRCUWpoGhBbU38XMEQovCiVfbyBMJ+SIrt3iqFuAo="; }; propagatedBuildInputs = with python3Packages; [ diff --git a/pkgs/tools/security/solo2-cli/default.nix b/pkgs/tools/security/solo2-cli/default.nix index e3518799504..eaa2bc659a5 100644 --- a/pkgs/tools/security/solo2-cli/default.nix +++ b/pkgs/tools/security/solo2-cli/default.nix @@ -32,6 +32,7 @@ rustPlatform.buildRustPackage rec { ++ lib.optionals stdenv.isDarwin [ PCSC IOKit CoreFoundation AppKit ]; postInstall = '' + install -D 70-solo2.rules $out/lib/udev/rules.d/70-solo2.rules installShellCompletion target/*/release/solo2.{bash,fish,zsh} ''; diff --git a/pkgs/tools/security/spire/default.nix b/pkgs/tools/security/spire/default.nix index 412cba21f93..bb165c41d07 100644 --- a/pkgs/tools/security/spire/default.nix +++ b/pkgs/tools/security/spire/default.nix @@ -31,6 +31,6 @@ buildGoModule rec { description = "The SPIFFE Runtime Environment"; homepage = "github.com/spiffe/spire"; license = licenses.asl20; - maintainers = with maintainers; [ jonringer ]; + maintainers = with maintainers; [ jonringer fkautz ]; }; } diff --git a/pkgs/tools/security/spyre/default.nix b/pkgs/tools/security/spyre/default.nix index 112e0afd145..e74d8bc9a6e 100644 --- a/pkgs/tools/security/spyre/default.nix +++ b/pkgs/tools/security/spyre/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "spyre"; - version = "1.2.1"; + version = "1.2.4"; src = fetchFromGitHub { owner = "spyre-project"; repo = pname; rev = "v${version}"; - sha256 = "0iijvwcybp9z70jdh5mkaj7k3cw43r72wg3ayhnpyjmvgrwij43i"; + sha256 = "sha256-408UOY7kvukMYOVqQfpugk6Z+LNQV9XyfJirKyBRWd4="; }; - vendorSha256 = "1mssfiph4a6jqp2qlrksvzinh0h8qpwdaxa5zx7fsydmqvk93w0g"; + vendorSha256 = "sha256-qZkt5WwicDXrExwMT0tCO+FZgClIHhrVtMR8xNsdAaQ="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix index d403d728317..97a42646312 100644 --- a/pkgs/tools/security/step-ca/default.nix +++ b/pkgs/tools/security/step-ca/default.nix @@ -12,16 +12,16 @@ buildGoModule rec { pname = "step-ca"; - version = "0.18.0"; + version = "0.18.1"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "sha256-f9sp5sAWysOOoIdCiCJxTWRhyt0wfpO5p4pxW6jj0xc="; + sha256 = "sha256-oebmJ+xrJTV5gXH3U1lWCSQMHiVnUTa0ZTp39sVB7KM="; }; - vendorSha256 = "sha256-iDfPCRU91cuZsKqNOjkLGYmWf8i5FO4NmDsfD5Xqip0="; + vendorSha256 = "sha256-IJXJS+Z93Hw1I1CAeRv4mq8as9DKebqNFa0IMgZ+Kic="; ldflags = [ "-buildid=" ]; diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix index 43bf90bf334..e91a35b808c 100644 --- a/pkgs/tools/security/step-cli/default.nix +++ b/pkgs/tools/security/step-cli/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "step-cli"; - version = "0.18.0"; + version = "0.18.1"; src = fetchFromGitHub { owner = "smallstep"; repo = "cli"; rev = "v${version}"; - sha256 = "sha256-kaOJHeTjn/f6teyssVXUEYh7cN4dCz6AtqlX+HkaPWQ="; + sha256 = "sha256-gMJFzfqQsxOXPRdRj48c3FKhXsPLEmegiENa2OHWEGo="; }; ldflags = [ @@ -25,7 +25,7 @@ buildGoModule rec { rm command/certificate/remote_test.go ''; - vendorSha256 = "sha256-JrLJlqHrlPUqEA4COlfcK2eAcff8xc2JHU3acmlJ2zM="; + vendorSha256 = "sha256-wnMQPnL8M57BOY9QmawLpqtWv+n3GdfIadJ3PwuicOU="; meta = with lib; { description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; diff --git a/pkgs/tools/security/terrascan/default.nix b/pkgs/tools/security/terrascan/default.nix index 4137f20dbbc..ea431f7272d 100644 --- a/pkgs/tools/security/terrascan/default.nix +++ b/pkgs/tools/security/terrascan/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "terrascan"; - version = "1.13.0"; + version = "1.13.1"; src = fetchFromGitHub { owner = "accurics"; repo = pname; rev = "v${version}"; - sha256 = "sha256-HV9WOJ8bWu8Uk1tXMZWqvo3ZvFiWLMGKmw6HzHBxSBY="; + sha256 = "sha256-GIonoedad/ruKN8DaFfFdW4l3ZWIM1NI5DtgBYPw+38="; }; - vendorSha256 = "sha256-MB3/iIStqNBM9YnNaRpV4hbs1gZzWm+7B+qHHm0kOmU="; + vendorSha256 = "sha256-h/mSF4hJ3TS+4b3CCUEXVin8MRcPg8qEe90Mcxk0uVo="; # Tests want to download a vulnerable Terraform project doCheck = false; diff --git a/pkgs/tools/security/thc-hydra/darwin-remove-ldflag.patch b/pkgs/tools/security/thc-hydra/darwin-remove-ldflag.patch deleted file mode 100644 index b19b9ffe8a6..00000000000 --- a/pkgs/tools/security/thc-hydra/darwin-remove-ldflag.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 1c915f1..83a8e41 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4,7 +4,7 @@ - WARN_CLANG=-Wformat-nonliteral -Wstrncat-size -Wformat-security -Wsign-conversion -Wconversion -Wfloat-conversion -Wshorten-64-to-32 -Wuninitialized -Wmissing-variable-declarations -Wmissing-declarations - WARN_GCC=-Wformat=2 -Wformat-overflow=2 -Wformat-nonliteral -Wformat-truncation=2 -Wnull-dereference -Wstrict-overflow=2 -Wstringop-overflow=4 -Walloca-larger-than=4096 -Wtype-limits -Wconversion -Wtrampolines -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fno-common -Wcast-align - CFLAGS ?= -g --OPTS=-I. -O3 $(CFLAGS) -fcommon -Wl,--allow-multiple-definition -+OPTS=-I. -O3 $(CFLAGS) -fcommon - # -Wall -g -pedantic - LIBS=-lm - DESTDIR ?= diff --git a/pkgs/tools/security/thc-hydra/default.nix b/pkgs/tools/security/thc-hydra/default.nix index b12daff0038..b6e3056e023 100644 --- a/pkgs/tools/security/thc-hydra/default.nix +++ b/pkgs/tools/security/thc-hydra/default.nix @@ -3,19 +3,15 @@ stdenv.mkDerivation rec { pname = "thc-hydra"; - version = "9.2"; + version = "9.3"; src = fetchFromGitHub { owner = "vanhauser-thc"; repo = "thc-hydra"; rev = "v${version}"; - sha256 = "sha256-V9rr5fbJWm0pa+Kp8g95XvLPo/uWcDwyU2goImnIq58="; + sha256 = "sha256-SzbaU52IXw5+ztN/GKD6Ki6/cx2icoZEzLHBu/J8sk0="; }; - patches = lib.optionals stdenv.isDarwin [ - ./darwin-remove-ldflag.patch - ]; - postPatch = let makeDirs = output: subDir: lib.concatStringsSep " " (map (path: lib.getOutput output path + "/" + subDir) buildInputs); in '' @@ -44,9 +40,11 @@ stdenv.mkDerivation rec { meta = with lib; { description = "A very fast network logon cracker which support many different services"; - homepage = "https://www.thc.org/thc-hydra/"; - license = licenses.agpl3; + homepage = "https://github.com/vanhauser-thc/thc-hydra"; # https://www.thc.org/ + changelog = "https://github.com/vanhauser-thc/thc-hydra/raw/v${version}/CHANGES"; + license = licenses.agpl3Plus; maintainers = with maintainers; [ offline ]; platforms = platforms.unix; + badPlatforms = platforms.darwin; # fails to build since v9.3 }; } diff --git a/pkgs/tools/security/vulnix/default.nix b/pkgs/tools/security/vulnix/default.nix index 037adda92eb..90d4e0f509b 100644 --- a/pkgs/tools/security/vulnix/default.nix +++ b/pkgs/tools/security/vulnix/default.nix @@ -6,11 +6,11 @@ python3Packages.buildPythonApplication rec { pname = "vulnix"; - version = "1.10.0"; + version = "1.10.1"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "1d5mqpc4g1wkqcwxp8m9k130i3ii3q7n1n4b1fyb5wijidmyn3xv"; + sha256 = "07v3ddvvhi3bslwrlin45kz48i3va2lzd6ny0blj5i2z8z40qcfm"; }; outputs = [ "out" "doc" "man" ]; diff --git a/pkgs/tools/security/witness/default.nix b/pkgs/tools/security/witness/default.nix new file mode 100644 index 00000000000..571685afb40 --- /dev/null +++ b/pkgs/tools/security/witness/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "witness"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "testifysec"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-NnDsiDUTCdjsHVA/mHnB8WRnvwFTzETkWUOd7IgMIWE="; + }; + + vendorSha256 = "sha256-zkLparWJsuqrhOQxxV37dBqt6fwpSinTO+paJkbl+sM="; + + # We only want the witness binary, not the helper utilities for generating docs. + subPackages = [ "cmd/witness" ]; + + meta = with lib; { + description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; + homepage = "https://github.com/testifysec/witness"; + license = licenses.asl20; + maintainers = with maintainers; [ fkautz ]; + }; +} |