summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/exploitdb/default.nix4
-rw-r--r--pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch227
-rw-r--r--pkgs/tools/security/ghidra/build.nix39
-rw-r--r--pkgs/tools/security/gitleaks/default.nix6
-rw-r--r--pkgs/tools/security/metasploit/Gemfile2
-rw-r--r--pkgs/tools/security/metasploit/Gemfile.lock6
-rw-r--r--pkgs/tools/security/metasploit/default.nix4
-rw-r--r--pkgs/tools/security/metasploit/gemset.nix6
-rw-r--r--pkgs/tools/security/nitrokey-app2/default.nix6
9 files changed, 141 insertions, 159 deletions
diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix
index 509501d52cd..6bb2a5a0e6b 100644
--- a/pkgs/tools/security/exploitdb/default.nix
+++ b/pkgs/tools/security/exploitdb/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "exploitdb";
-  version = "2023-11-11";
+  version = "2023-11-18";
 
   src = fetchFromGitLab {
     owner = "exploit-database";
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-oB28qKIvGHh/h726Wsy8C/zt3rFLBHcP5iRZe3U76U0=";
+    hash = "sha256-7W7HwHvRfm+nRms4H4TgB1la5OhGHv5lRHwbvjwRTMw=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch b/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch
index 03ddf76e8ff..7fb7d53e352 100644
--- a/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch
+++ b/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch
@@ -1,112 +1,129 @@
 diff --git a/Ghidra/Debug/Debugger-gadp/build.gradle b/Ghidra/Debug/Debugger-gadp/build.gradle
-index f4dbd3cd0..6108e8534 100644
+index 9e1c57faf..3a3242eb5 100644
 --- a/Ghidra/Debug/Debugger-gadp/build.gradle
 +++ b/Ghidra/Debug/Debugger-gadp/build.gradle
-@@ -23,42 +23,18 @@ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
+@@ -18,11 +18,16 @@ apply from: "${rootProject.projectDir}/gradle/javaProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/jacocoProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
  apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle"
+-apply from: "${rootProject.projectDir}/gradle/debugger/hasProtobuf.gradle"
++apply plugin: 'com.google.protobuf'
  
  apply plugin: 'eclipse'
-+apply plugin: 'com.google.protobuf'
  eclipse.project.name = 'Debug Debugger-gadp'
  
--configurations {
--	allProtocArtifacts
--	protocArtifact
--}
--
- def platform = getCurrentPlatformName()
- 
--dependencies {
--	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:windows-x86_64@exe'
--	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:linux-x86_64@exe'
--	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:linux-aarch_64@exe'
--	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:osx-x86_64@exe'
--	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:osx-aarch_64@exe'
--
--	if (isCurrentWindows()) {
--		protocArtifact 'com.google.protobuf:protoc:3.21.8:windows-x86_64@exe'
--	}
--	if (isCurrentLinux()) {
--		if (platform.endsWith("x86_64")) {
--			protocArtifact 'com.google.protobuf:protoc:3.21.8:linux-x86_64@exe'
--		}
--		else {
--			protocArtifact 'com.google.protobuf:protoc:3.21.8:linux-aarch_64@exe'
--		}
--	}
--	if (isCurrentMac()) {
--		if (platform.endsWith("x86_64")) {
--			protocArtifact 'com.google.protobuf:protoc:3.21.8:osx-x86_64@exe'
--		}
--		else {
--			protocArtifact 'com.google.protobuf:protoc:3.21.8:osx-aarch_64@exe'
--		}
 +buildscript {
 +	dependencies {
 +		classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18'
- 	}
++	}
 +}
- 
-+dependencies {
+ dependencies {
  	api project(':Framework-AsyncComm')
  	api project(':Framework-Debugging')
- 	api project(':ProposedUtils')
-@@ -73,37 +49,3 @@ dependencies {
- 	}
- }*/
- 
--task generateProto {
--	ext.srcdir = file("src/main/proto")
--	ext.src = fileTree(srcdir) {
--		include "**/*.proto"
--	}
--	ext.outdir = file("build/generated/source/proto/main/java")
--	outputs.dir(outdir)
--	inputs.files(src)
--	dependsOn(configurations.protocArtifact)
--	doLast {
--		def exe = configurations.protocArtifact.first()
--		if (!isCurrentWindows()) {
--			exe.setExecutable(true)
--		}
--		exec {
--			commandLine exe, "--java_out=$outdir", "-I$srcdir"
--			args src
--		}
--	}
--}
--
--tasks.compileJava.dependsOn(tasks.generateProto)
--tasks.eclipse.dependsOn(tasks.generateProto)
--rootProject.tasks.prepDev.dependsOn(tasks.generateProto)
--
--sourceSets {
--	main {
--		java {
--			srcDir tasks.generateProto.outdir
--		}
--	}
--}
--zipSourceSubproject.dependsOn generateProto
--
 diff --git a/Ghidra/Debug/Debugger-isf/build.gradle b/Ghidra/Debug/Debugger-isf/build.gradle
-index 6bf945c2e..3225d095d 100644
+index d135294a0..785681ca2 100644
 --- a/Ghidra/Debug/Debugger-isf/build.gradle
 +++ b/Ghidra/Debug/Debugger-isf/build.gradle
-@@ -20,42 +20,18 @@ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
+@@ -18,11 +18,15 @@ apply from: "${rootProject.projectDir}/gradle/javaProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/jacocoProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
  apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle"
- 
- apply plugin: 'eclipse'
+-apply from: "${rootProject.projectDir}/gradle/debugger/hasProtobuf.gradle"
+-
 +apply plugin: 'com.google.protobuf'
+ apply plugin: 'eclipse'
  eclipse.project.name = 'Debug Debugger-isf'
  
++buildscript {
++	dependencies {
++		classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18'
++	}
++}
+ dependencies {
+ 	api project(':Framework-AsyncComm')
+ 	api project(':Framework-Debugging')
+diff --git a/Ghidra/Debug/Debugger-rmi-trace/build.gradle b/Ghidra/Debug/Debugger-rmi-trace/build.gradle
+index eec00786e..666cccafc 100644
+--- a/Ghidra/Debug/Debugger-rmi-trace/build.gradle
++++ b/Ghidra/Debug/Debugger-rmi-trace/build.gradle
+@@ -18,12 +18,17 @@ apply from: "${rootProject.projectDir}/gradle/javaProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/jacocoProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle"
+ apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle"
+-apply from: "${rootProject.projectDir}/gradle/debugger/hasProtobuf.gradle"
++apply plugin: 'com.google.protobuf'
+ apply from: "${rootProject.projectDir}/gradle/debugger/hasPythonPackage.gradle"
+ 
+ apply plugin: 'eclipse'
+ eclipse.project.name = 'Debug Debugger-rmi-trace'
+ 
++buildscript {
++	dependencies {
++		classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18'
++	}
++}
+ dependencies {
+ 	api project(':Debugger')
+ }
+@@ -36,7 +41,7 @@ task generateProtoPy {
+ 	ext.outdir = file("build/generated/source/proto/main/py")
+ 	outputs.dir(outdir)
+ 	inputs.files(src)
+-	dependsOn(configurations.protocArtifact)
++	dependsOn(protobuf.generateProtoTasks.all())
+ 	doLast {
+ 		def exe = configurations.protocArtifact.first()
+ 		if (!isCurrentWindows()) {
+diff --git a/build.gradle b/build.gradle
+index b0c717fb1..5f56506a5 100644
+--- a/build.gradle
++++ b/build.gradle
+@@ -74,6 +74,12 @@ if (flatRepo.isDirectory()) {
+ 			jcenter()
+ 			flatDir name: "flat", dirs:["$flatRepo"]
+ 		}
++		buildscript {
++			repositories {
++				mavenLocal()
++				mavenCentral()
++			}
++		}
+ 	}
+ }
+ else {	
+diff --git a/gradle/debugger/hasProtobuf.gradle b/gradle/debugger/hasProtobuf.gradle
+deleted file mode 100644
+index 23b4ce74b..000000000
+--- a/gradle/debugger/hasProtobuf.gradle
++++ /dev/null
+@@ -1,94 +0,0 @@
+-/* ###
+- * IP: GHIDRA
+- *
+- * Licensed under the Apache License, Version 2.0 (the "License");
+- * you may not use this file except in compliance with the License.
+- * You may obtain a copy of the License at
+- * 
+- *      http://www.apache.org/licenses/LICENSE-2.0
+- * 
+- * Unless required by applicable law or agreed to in writing, software
+- * distributed under the License is distributed on an "AS IS" BASIS,
+- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+- * See the License for the specific language governing permissions and
+- * limitations under the License.
+- */
+-/*plugins {
+-	id 'com.google.protobuf' version '0.8.10'
+-}*/
+-
 -configurations {
 -	allProtocArtifacts
 -	protocArtifact
 -}
 -
- def platform = getCurrentPlatformName()
- 
+-def platform = getCurrentPlatformName()
+-
+-
 -dependencies {
 -	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:windows-x86_64@exe'
 -	allProtocArtifacts 'com.google.protobuf:protoc:3.21.8:linux-x86_64@exe'
@@ -132,20 +149,15 @@ index 6bf945c2e..3225d095d 100644
 -		else {
 -			protocArtifact 'com.google.protobuf:protoc:3.21.8:osx-aarch_64@exe'
 -		}
-+buildscript {
-+	dependencies {
-+		classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18'
- 	}
-+}
- 
-+dependencies {
- 	api project(':Framework-AsyncComm')
- 	api project(':Framework-Debugging')
- 	api project(':ProposedUtils')
-@@ -64,40 +40,6 @@ dependencies {
- 	testImplementation project(path: ':Framework-Debugging', configuration: 'testArtifacts')
- }
- 
+-	}
+-}
+-
+-/*protobuf {
+-	protoc {
+-		artifact = 'com.google.protobuf:protoc:3.21.8'
+-	}
+-}*/
+-
 -task generateProto {
 -	ext.srcdir = file("src/main/proto")
 -	ext.src = fileTree(srcdir) {
@@ -179,24 +191,3 @@ index 6bf945c2e..3225d095d 100644
 -	}
 -}
 -zipSourceSubproject.dependsOn generateProto
--
- // Include buildable native source in distribution
- rootProject.assembleDistribution {
-     from (this.project.projectDir.toString()) {
-diff --git a/build.gradle b/build.gradle
-index b0c717fb1..5f56506a5 100644
---- a/build.gradle
-+++ b/build.gradle
-@@ -74,6 +74,12 @@ if (flatRepo.isDirectory()) {
- 			jcenter()
- 			flatDir name: "flat", dirs:["$flatRepo"]
- 		}
-+		buildscript {
-+			repositories {
-+				mavenLocal()
-+				mavenCentral()
-+			}
-+		}
- 	}
- }
- else {	
diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix
index 16bc1dbe5cd..50fd64656f4 100644
--- a/pkgs/tools/security/ghidra/build.nix
+++ b/pkgs/tools/security/ghidra/build.nix
@@ -10,18 +10,19 @@
 , icoutils
 , xcbuild
 , protobuf
+, fetchurl
 }:
 
 let
   pkg_path = "$out/lib/ghidra";
   pname = "ghidra";
-  version = "10.3.3";
+  version = "10.4";
 
   src = fetchFromGitHub {
     owner = "NationalSecurityAgency";
     repo = "Ghidra";
     rev = "Ghidra_${version}_build";
-    hash = "sha256-KDSiZ/JwAqX6Obg9UD8ZQut01l/eMXbioJy//GluXn0=";
+    hash = "sha256-g0JM6pm1vkCh9yBB5mfrOiNrImqoyWdQcEe2g+AO6LQ=";
   };
 
   gradle = gradle_7;
@@ -36,24 +37,6 @@ let
   };
 
   # postPatch scripts.
-  # Tells ghidra to use our own protoc binary instead of the prebuilt one.
-  fixProtoc = ''
-    cat >>Ghidra/Debug/Debugger-gadp/build.gradle <<HERE
-protobuf {
-  protoc {
-    path = '${protobuf}/bin/protoc'
-  }
-}
-HERE
-    cat >>Ghidra/Debug/Debugger-isf/build.gradle <<HERE
-protobuf {
-  protoc {
-    path = '${protobuf}/bin/protoc'
-  }
-}
-HERE
-  '';
-
   # Adds a gradle step that downloads all the dependencies to the gradle cache.
   addResolveStep = ''
     cat >>build.gradle <<HERE
@@ -85,7 +68,7 @@ HERE
     inherit version src;
 
     patches = [ ./0001-Use-protobuf-gradle-plugin.patch ];
-    postPatch = fixProtoc + addResolveStep;
+    postPatch = addResolveStep;
 
     nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild;
     buildPhase = ''
@@ -116,13 +99,21 @@ in stdenv.mkDerivation {
   inherit pname version src;
 
   nativeBuildInputs = [
-    gradle unzip makeWrapper icoutils
+    gradle unzip makeWrapper icoutils protobuf
   ] ++ lib.optional stdenv.isDarwin xcbuild;
 
   dontStrip = true;
 
-  patches = [ ./0001-Use-protobuf-gradle-plugin.patch ];
-  postPatch = fixProtoc;
+  patches = [
+    ./0001-Use-protobuf-gradle-plugin.patch
+    # we use fetchurl since the fetchpatch normalization strips the whole diff
+    # https://github.com/NixOS/nixpkgs/issues/266556
+    (fetchurl {
+      name = "0002-remove-executable-bit.patch";
+      url = "https://github.com/NationalSecurityAgency/ghidra/commit/e2a945624b74e5d42dc85e9c1f992315dd154db1.diff";
+      sha256 = "07mjfl7hvag2akk65g4cknp330qlk07dgbmh20dyg9qxzmk91fyq";
+    })
+  ];
 
   buildPhase = ''
     export HOME="$NIX_BUILD_TOP/home"
diff --git a/pkgs/tools/security/gitleaks/default.nix b/pkgs/tools/security/gitleaks/default.nix
index 96c4b0f4e15..7fc15a3fb2b 100644
--- a/pkgs/tools/security/gitleaks/default.nix
+++ b/pkgs/tools/security/gitleaks/default.nix
@@ -8,16 +8,16 @@
 
 buildGoModule rec {
   pname = "gitleaks";
-  version = "8.18.0";
+  version = "8.18.1";
 
   src = fetchFromGitHub {
     owner = "zricethezav";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-659wQBv8DuYB4vI+qnBLS9u22kGlg4ne4DyKFoomlOw=";
+    hash = "sha256-v0d/ulxYJRkyyhVctnQjKW2ODWtu+gSwp/qSkVLQ1Jo=";
   };
 
-  vendorHash = "sha256-PPEEQ2Bt20UK+mQL59jVnX8HtzCsqW4uRwR3mOdhDis=";
+  vendorHash = "sha256-lPfvoeHPYWSnFPuAR9CxG6+pQ++cZEw/jYuGgDrm57E=";
 
   ldflags = [
     "-s"
diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile
index 4d7b793a84b..539e6b8bc8d 100644
--- a/pkgs/tools/security/metasploit/Gemfile
+++ b/pkgs/tools/security/metasploit/Gemfile
@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 source "https://rubygems.org"
 
-gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.42"
+gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.43"
diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock
index 58929753c59..adc032baf21 100644
--- a/pkgs/tools/security/metasploit/Gemfile.lock
+++ b/pkgs/tools/security/metasploit/Gemfile.lock
@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/rapid7/metasploit-framework
-  revision: adf413fba45b298c4e16f7f1043dc69f99d2fbdb
-  ref: refs/tags/6.3.42
+  revision: 58dcabe21524d8b2c4d05618ca8509dc42cc6515
+  ref: refs/tags/6.3.43
   specs:
-    metasploit-framework (6.3.42)
+    metasploit-framework (6.3.43)
       actionpack (~> 7.0.0)
       activerecord (~> 7.0.0)
       activesupport (~> 7.0.0)
diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix
index 44b672cd6e4..6f88b96cd6a 100644
--- a/pkgs/tools/security/metasploit/default.nix
+++ b/pkgs/tools/security/metasploit/default.nix
@@ -15,13 +15,13 @@ let
   };
 in stdenv.mkDerivation rec {
   pname = "metasploit-framework";
-  version = "6.3.42";
+  version = "6.3.43";
 
   src = fetchFromGitHub {
     owner = "rapid7";
     repo = "metasploit-framework";
     rev = version;
-    sha256 = "sha256-6ddW6VlbWV71BERJISF67UPRcwLQY8Hpw4kf80lCNBE=";
+    sha256 = "sha256-IWdSxXhJFGbNTo9xqEjBJNEWB6imzdwzgnXoUbfao/g=";
   };
 
   nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix
index 8ba7f0e698a..cf24944c403 100644
--- a/pkgs/tools/security/metasploit/gemset.nix
+++ b/pkgs/tools/security/metasploit/gemset.nix
@@ -654,12 +654,12 @@
     platforms = [];
     source = {
       fetchSubmodules = false;
-      rev = "adf413fba45b298c4e16f7f1043dc69f99d2fbdb";
-      sha256 = "049l894z67w9qglw2qyh09rx2hzdg8hj2ja40ksmwnavb7lmdmz9";
+      rev = "58dcabe21524d8b2c4d05618ca8509dc42cc6515";
+      sha256 = "1y53vavm3s3mh8rxrkd6m03idl94q54ahwcg9v6nc529g32m4rr1";
       type = "git";
       url = "https://github.com/rapid7/metasploit-framework";
     };
-    version = "6.3.42";
+    version = "6.3.43";
   };
   metasploit-model = {
     groups = ["default"];
diff --git a/pkgs/tools/security/nitrokey-app2/default.nix b/pkgs/tools/security/nitrokey-app2/default.nix
index 3d35b4d0775..a3e3a82ec23 100644
--- a/pkgs/tools/security/nitrokey-app2/default.nix
+++ b/pkgs/tools/security/nitrokey-app2/default.nix
@@ -7,7 +7,7 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "nitrokey-app2";
-  version = "2.1.2";
+  version = "2.1.4";
   pyproject = true;
 
   disabled = python3.pythonOlder "3.9";
@@ -16,7 +16,7 @@ python3.pkgs.buildPythonApplication rec {
     owner = "Nitrokey";
     repo = "nitrokey-app2";
     rev = "v${version}";
-    hash = "sha256-VyhIFNXxH/FohgjhBeZXoQYppP7PEz+ei0qzsWz1xhk=";
+    hash = "sha256-loOCa6XlLx1YEfqR0SUUalVIEPCoYsNEHFo2MIKexeA=";
   };
 
   # https://github.com/Nitrokey/nitrokey-app2/issues/152
@@ -63,7 +63,7 @@ python3.pkgs.buildPythonApplication rec {
     homepage = "https://github.com/Nitrokey/nitrokey-app2";
     changelog = "https://github.com/Nitrokey/nitrokey-app2/releases/tag/v${version}";
     license = licenses.asl20;
-    maintainers = with maintainers; [ _999eagle ];
+    maintainers = with maintainers; [ _999eagle panicgh ];
     mainProgram = "nitrokeyapp";
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-30 04:22:56 +0000