diff options
| author | Alyssa Ross <hi@alyssa.is> | 2024-02-13 12:25:07 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2024-02-13 12:25:07 +0100 |
| commit | a5e1520e4538e29ecfbd4b168306f890566d7bfd (patch) | |
| tree | 28099c268b5d4b1e33c2b29f0714c45f0b961382 /nixpkgs/pkgs/tools/security | |
| parent | 822f7c15c04567fbdc27020e862ea2b70cfbf8eb (diff) | |
| parent | 3560d1c8269d0091b9aae10731b5e85274b7bbc1 (diff) | |
| download | nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.gz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.bz2 nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.lz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.xz nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.tar.zst nixlib-a5e1520e4538e29ecfbd4b168306f890566d7bfd.zip | |
Merge branch 'nixos-unstable-small' of https://github.com/NixOS/nixpkgs
Conflicts: nixpkgs/nixos/modules/services/mail/rss2email.nix nixpkgs/pkgs/build-support/go/module.nix
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
96 files changed, 835 insertions, 500 deletions
diff --git a/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix b/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix index bd6e4c15fa27..934be7d09942 100644 --- a/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix +++ b/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix @@ -1,4 +1,9 @@ -{ buildGoModule, fetchFromGitHub, lib }: +{ buildGoModule +, fetchFromGitHub +, lib +, testers +, argocd-vault-plugin +}: buildGoModule rec { pname = "argocd-vault-plugin"; @@ -13,9 +18,23 @@ buildGoModule rec { vendorHash = "sha256-0PrGrcS8Gx0cVImGrlmXlycFgWCTLjg2ISi0OhYoPpw="; + ldflags = [ + "-X=github.com/argoproj-labs/argocd-vault-plugin/version.Version=v${version}" + "-X=github.com/argoproj-labs/argocd-vault-plugin/version.BuildDate=1970-01-01T00:00:00Z" + "-X=github.com/argoproj-labs/argocd-vault-plugin/version.CommitSHA=unknown" + ]; + # integration tests require filesystem and network access for credentials doCheck = false; + doInstallCheck = true; + + passthru.tests.version = testers.testVersion { + package = argocd-vault-plugin; + command = "argocd-vault-plugin version"; + version = "argocd-vault-plugin v${version} (unknown) BuildDate: 1970-01-01T00:00:00Z"; + }; + meta = with lib; { homepage = "https://argocd-vault-plugin.readthedocs.io"; changelog = "https://github.com/argoproj-labs/argocd-vault-plugin/releases/tag/v${version}"; diff --git a/nixpkgs/pkgs/tools/security/arti/default.nix b/nixpkgs/pkgs/tools/security/arti/default.nix index 35e4dea0f9f6..d7368463ffd7 100644 --- a/nixpkgs/pkgs/tools/security/arti/default.nix +++ b/nixpkgs/pkgs/tools/security/arti/default.nix @@ -10,7 +10,7 @@ rustPlatform.buildRustPackage rec { pname = "arti"; - version = "1.1.12"; + version = "1.1.13"; src = fetchFromGitLab { domain = "gitlab.torproject.org"; @@ -18,10 +18,10 @@ rustPlatform.buildRustPackage rec { owner = "core"; repo = "arti"; rev = "arti-v${version}"; - hash = "sha256-cGqeuck/N1IoI400AkuUIkJpAJneJ7T47rfwC/GP62M="; + hash = "sha256-Afbys0ChT1640PfKnAH/0Knl2IfKcrsCqqoxryFDPo0="; }; - cargoHash = "sha256-aC5Us0wk2IORZDT+op2iAXYDqd9Qc2UI+GncbSZRMxI="; + cargoHash = "sha256-Y4JpVQU1wVwCWWaE5HMT+SaoRpmqzzhZjefbOOwPPRg="; nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; diff --git a/nixpkgs/pkgs/tools/security/arubaotp-seed-extractor/default.nix b/nixpkgs/pkgs/tools/security/arubaotp-seed-extractor/default.nix index a1ab0fd9f290..c2ffef83635d 100644 --- a/nixpkgs/pkgs/tools/security/arubaotp-seed-extractor/default.nix +++ b/nixpkgs/pkgs/tools/security/arubaotp-seed-extractor/default.nix @@ -28,7 +28,7 @@ python3Packages.buildPythonApplication { ]; installPhase = '' - libdir="$out/lib/${python3Packages.python.libPrefix}/site-packages/arubaotp-seed-extractor" + libdir="$out/${python3Packages.python.sitePackages}/arubaotp-seed-extractor" mkdir -p "$libdir" cp scripts/* "$libdir" chmod +x "$libdir/main.py" diff --git a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix index 8ea3c543b4ea..6badf451368e 100644 --- a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix +++ b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "aws-iam-authenticator"; - version = "0.6.16"; + version = "0.6.17"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-E/DkCDtnzI6yBEYemlLqxc1r8ZEuX+6jDefaZTRFRek="; + hash = "sha256-CsurRQDPWJ/P/Q4aZhtUW8Z60+hgzw46+98N/QbFcTU="; }; vendorHash = "sha256-TDsY05jnutNIKx0z6/8vGvsgYCIKBkTxh9mXqk4IR38="; diff --git a/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix b/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix new file mode 100644 index 000000000000..7f46b444b2e9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bitwarden-directory-connector/default.nix @@ -0,0 +1,103 @@ +{ + lib, + buildNpmPackage, + electron, + fetchFromGitHub, + buildPackages, + python3, + pkg-config, + libsecret, + nodejs_18, +}: + +let + common = { name, npmBuildScript, installPhase }: buildNpmPackage rec { + pname = name; + version = "2023.10.0"; + nodejs = nodejs_18; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "directory-connector"; + rev = "v${version}"; + hash = "sha256-PlOtTh+rpTxAv8ajHBDHZuL7yeeLVpbAfKEDPQlejIg="; + }; + + postPatch = '' + ${lib.getExe buildPackages.jq} 'del(.scripts.preinstall)' package.json > package.json.tmp + mv -f package.json{.tmp,} + + substituteInPlace electron-builder.json \ + --replace-fail '"afterSign": "scripts/notarize.js",' "" \ + --replace-fail "AppImage" "dir" + ''; + + npmDepsHash = "sha256-jBAWWY12qeX2EDhUvT3TQpnQvYXRsIilRrXGpVzxYvw="; + + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + makeCacheWritable = true; + inherit npmBuildScript installPhase; + + buildInputs = [ + libsecret + ]; + + nativeBuildInputs = [ + python3 + pkg-config + ]; + + meta = with lib; { + description = "LDAP connector for Bitwarden"; + homepage = "https://github.com/bitwarden/directory-connector"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ Silver-Golden SuperSandro2000 ]; + platforms = platforms.linux; + mainProgram = name; + }; + }; +in { + bitwarden-directory-connector = common { + name = "bitwarden-directory-connector"; + npmBuildScript = "build:dist"; + installPhase = '' + runHook preInstall + + npm exec electron-builder -- \ + --dir \ + -c.electronDist=${electron}/libexec/electron \ + -c.electronVersion=${electron.version} \ + -c.npmRebuild=false + + mkdir -p $out/share/bitwarden-directory-connector $out/bin + cp -r dist/*-unpacked/{locales,resources{,.pak}} $out/share/bitwarden-directory-connector + + makeWrapper ${lib.getExe electron} $out/bin/bitwarden-directory-connector \ + --add-flags $out/share/bitwarden-directory-connector/resources/app.asar \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default ELECTRON_IS_DEV 0 \ + --inherit-argv0 + + runHook postInstall + ''; + }; + + bitwarden-directory-connector-cli = common { + name = "bitwarden-directory-connector-cli"; + npmBuildScript = "build:cli:prod"; + installPhase = '' + runHook preInstall + + mkdir -p $out/libexec/bitwarden-directory-connector + cp -R build-cli node_modules $out/libexec/bitwarden-directory-connector + + # needs to be wrapped with nodejs so that it can be executed + chmod +x $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js + mkdir -p $out/bin + ln -s $out/libexec/bitwarden-directory-connector/build-cli/bwdc.js $out/bin/bitwarden-directory-connector-cli + + runHook postInstall + ''; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bitwarden/cli.nix b/nixpkgs/pkgs/tools/security/bitwarden/cli.nix index b5adb6f5d9ae..68abb6385319 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden/cli.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden/cli.nix @@ -10,18 +10,18 @@ buildNpmPackage rec { pname = "bitwarden-cli"; - version = "2024.1.0"; + version = "2024.2.0"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "cli-v${version}"; - hash = "sha256-lDDy1b1yfw3nZrwEEkpvh6xYucgn20XHsGACc45eb2w="; + hash = "sha256-nCjcwe+7Riml/J0hAVv/t6/oHIDPhwFD5A3iQ/LNR5Y="; }; nodejs = nodejs_18; - npmDepsHash = "sha256-RR8Ua41D9SXymiPuabOnIab3byu8DR63rOfdeTaQpy4="; + npmDepsHash = "sha256-GJl9pVwFWEg9yku9IXLcu2XMJZz+ZoQOxCf1TrW715Y="; nativeBuildInputs = [ python3 diff --git a/nixpkgs/pkgs/tools/security/bitwarden/default.nix b/nixpkgs/pkgs/tools/security/bitwarden/default.nix index 56d0cf676330..5ed43dc6b3b6 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden/default.nix @@ -3,7 +3,7 @@ , cargo , copyDesktopItems , dbus -, electron_27 +, electron_28 , fetchFromGitHub , fetchpatch2 , glib @@ -27,16 +27,16 @@ let description = "A secure and free password manager for all of your devices"; icon = "bitwarden"; - electron = electron_27; + electron = electron_28; in buildNpmPackage rec { pname = "bitwarden"; - version = "2024.1.0"; + version = "2024.2.0"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "desktop-v${version}"; - hash = "sha256-lDDy1b1yfw3nZrwEEkpvh6xYucgn20XHsGACc45eb2w="; + hash = "sha256-nCjcwe+7Riml/J0hAVv/t6/oHIDPhwFD5A3iQ/LNR5Y="; }; patches = [ @@ -52,7 +52,7 @@ in buildNpmPackage rec { makeCacheWritable = true; npmFlags = [ "--legacy-peer-deps" ]; npmWorkspace = "apps/desktop"; - npmDepsHash = "sha256-RR8Ua41D9SXymiPuabOnIab3byu8DR63rOfdeTaQpy4="; + npmDepsHash = "sha256-GJl9pVwFWEg9yku9IXLcu2XMJZz+ZoQOxCf1TrW715Y="; cargoDeps = rustPlatform.fetchCargoTarball { name = "${pname}-${version}"; @@ -68,7 +68,7 @@ in buildNpmPackage rec { patches; patchFlags = [ "-p4" ]; sourceRoot = "${src.name}/${cargoRoot}"; - hash = "sha256-EiJjIWiyu8MvX3Tj0Fkeh0T0El5kdCko2maiY6kkPPA="; + hash = "sha256-KJUz5hvdsurnohUWRZedXvuWMnLtR0dcdTeHtJGrZBs="; }; cargoRoot = "apps/desktop/desktop_native"; diff --git a/nixpkgs/pkgs/tools/security/bkcrack/default.nix b/nixpkgs/pkgs/tools/security/bkcrack/default.nix index e2ed76743c4c..afc18759c78d 100644 --- a/nixpkgs/pkgs/tools/security/bkcrack/default.nix +++ b/nixpkgs/pkgs/tools/security/bkcrack/default.nix @@ -2,35 +2,43 @@ , stdenv , fetchFromGitHub , cmake -, openmp +, nix-update-script }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "bkcrack"; - version = "1.5.0"; + version = "1.6.1"; src = fetchFromGitHub { owner = "kimci86"; - repo = pname; - rev = "v${version}"; - hash = "sha256-iyx4mOTr6MHECk9S9zrIAE5pt+cxWnOKS7iQPUyWfzs="; + repo = "bkcrack"; + rev = "v${finalAttrs.version}"; + hash = "sha256-x7JK7+DcD2uSWZRTJQPGCcF2mHBlu6FwYUbuYzbvD+s="; }; + passthru.updateScript = nix-update-script { }; + nativeBuildInputs = [ cmake ]; - buildInputs = [ openmp ]; + + cmakeFlags = [ + "-DBKCRACK_BUILD_TESTING=${if finalAttrs.doCheck then "ON" else "OFF"}" + ]; postInstall = '' - mkdir -p $out/bin $out/share/licenses/bkcrack + mkdir -p $out/bin $out/share/doc/bkcrack $out/share/licenses/bkcrack mv $out/bkcrack $out/bin/ mv $out/license.txt $out/share/licenses/bkcrack - rm -r $out/example $out/tools $out/readme.md + mv $out/example $out/tools $out/readme.md $out/share/doc/bkcrack ''; + doCheck = true; + meta = with lib; { description = "Crack legacy zip encryption with Biham and Kocher's known plaintext attack"; homepage = "https://github.com/kimci86/bkcrack"; license = licenses.zlib; platforms = platforms.unix; maintainers = with maintainers; [ erdnaxe ]; + mainProgram = "bkcrack"; }; -} +}) diff --git a/nixpkgs/pkgs/tools/security/browserpass/default.nix b/nixpkgs/pkgs/tools/security/browserpass/default.nix index 73c40a718c28..1dd2a27f1ec3 100644 --- a/nixpkgs/pkgs/tools/security/browserpass/default.nix +++ b/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -55,7 +55,8 @@ buildGoModule rec { # This path is used by our firefox wrapper for finding native messaging hosts mkdir -p $out/lib/mozilla/native-messaging-hosts - ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts + # Copy ff manifests rather than linking to allow link-farming to work recursively in dependants + cp $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts/ ''; passthru.tests.version = testers.testVersion { diff --git a/nixpkgs/pkgs/tools/security/cdxgen/default.nix b/nixpkgs/pkgs/tools/security/cdxgen/default.nix index 162ef7abb642..3b437a70633c 100644 --- a/nixpkgs/pkgs/tools/security/cdxgen/default.nix +++ b/nixpkgs/pkgs/tools/security/cdxgen/default.nix @@ -5,16 +5,16 @@ buildNpmPackage rec { pname = "cdxgen"; - version = "9.10.2"; + version = "10.0.5"; src = fetchFromGitHub { owner = "AppThreat"; repo = pname; rev = "v${version}"; - sha256 = "sha256-d4abSPP0dLi5xzq1CYxi1MSKogrQ+YcZjmlUEr5+oBQ="; + sha256 = "sha256-0cRJdhP0OtzaV2NqRfoYz+Gkl+N3/REbPiOh0jQySK8="; }; - npmDepsHash = "sha256-KLI6wJrP2s2UWkSC5zmFuC2sa2owRgAhnR4UVrI0ThY="; + npmDepsHash = "sha256-AlO3AC03JVTbgqdFSJb2L/QYuMQxjqzGGZYapte0uxc="; dontNpmBuild = true; diff --git a/nixpkgs/pkgs/tools/security/cfripper/default.nix b/nixpkgs/pkgs/tools/security/cfripper/default.nix index 080fc8ae3e32..5e13a2df14c8 100644 --- a/nixpkgs/pkgs/tools/security/cfripper/default.nix +++ b/nixpkgs/pkgs/tools/security/cfripper/default.nix @@ -5,15 +5,25 @@ python3.pkgs.buildPythonApplication rec { pname = "cfripper"; - version = "1.15.2"; + version = "1.15.3"; + pyproject = true; src = fetchFromGitHub { owner = "Skyscanner"; - repo = pname; - rev = "refs/tags/${version}"; + repo = "cfripper"; + rev = "refs/tags/v${version}"; hash = "sha256-SmD3Dq5LicPRe3lWFsq4zqM/yDZ1LsgRwSUA5/RbN9I="; }; + postPatch = '' + substituteInPlace setup.py \ + --replace "pluggy~=0.13.1" "pluggy" \ + ''; + + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ boto3 cfn-flip @@ -30,13 +40,6 @@ python3.pkgs.buildPythonApplication rec { pytestCheckHook ]; - postPatch = '' - substituteInPlace setup.py \ - --replace "click~=7.1.1" "click" \ - --replace "pluggy~=0.13.1" "pluggy" \ - --replace "pydash~=4.7.6" "pydash" - ''; - disabledTestPaths = [ # Tests are failing "tests/test_boto3_client.py" @@ -55,6 +58,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "Tool for analysing CloudFormation templates"; homepage = "https://github.com/Skyscanner/cfripper"; + changelog = "https://github.com/Skyscanner/cfripper/releases/tag/v${version}"; license = with licenses; [ asl20 ]; maintainers = with maintainers; [ fab ]; }; diff --git a/nixpkgs/pkgs/tools/security/cie-middleware-linux/default.nix b/nixpkgs/pkgs/tools/security/cie-middleware-linux/default.nix index fa5ec2d2af83..9982da5ae896 100644 --- a/nixpkgs/pkgs/tools/security/cie-middleware-linux/default.nix +++ b/nixpkgs/pkgs/tools/security/cie-middleware-linux/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , fetchFromGitHub +, fetchpatch , makeWrapper , strip-nondeterminism , meson @@ -92,6 +93,15 @@ stdenv.mkDerivation { libxml2 ]; + patches = [ + # Fix gcc-13 build by adding missing include. + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/M0Rf30/cie-middleware-linux/commit/1da1196152f7a3bbe92ba3ce993ebb6785ff049e.patch"; + hash = "sha256-aM23A1ZX8kebgX6RXVS78SEa+to93glUmIYO+lfUzfg="; + }) + ]; + postPatch = '' # substitute the cieid command with this $out/bin/cieid substituteInPlace libs/pkcs11/src/CSP/AbilitaCIE.cpp \ diff --git a/nixpkgs/pkgs/tools/security/clamav/default.nix b/nixpkgs/pkgs/tools/security/clamav/default.nix index 3f0daa8d945c..c9d15351da4e 100644 --- a/nixpkgs/pkgs/tools/security/clamav/default.nix +++ b/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "1.2.1"; + version = "1.3.0"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - hash = "sha256-mhT+hwy7j1959mi3idyg8lzGviKr4y9PfTZ35O45NbA="; + hash = "sha256-CoamSWMg2RV2A3szEBEZr2/Y1bkQYM0xajqcIp6WBKo="; }; patches = [ diff --git a/nixpkgs/pkgs/tools/security/cloudfox/default.nix b/nixpkgs/pkgs/tools/security/cloudfox/default.nix index 6b1d7870c699..48d28257d9f4 100644 --- a/nixpkgs/pkgs/tools/security/cloudfox/default.nix +++ b/nixpkgs/pkgs/tools/security/cloudfox/default.nix @@ -5,16 +5,21 @@ buildGoModule rec { pname = "cloudfox"; - version = "1.13.0"; + version = "1.13.3"; src = fetchFromGitHub { owner = "BishopFox"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-4donwh7yG7R4+k+ydGto2CZclnM95qodQuL1Huu4GDo="; + hash = "sha256-Sq3ARcAK1EFbK6Y+pSCg8ayhVmnEmVQWF0eAiVhJNPs="; }; - vendorHash = "sha256-RdcfAZVqCp+egLbgx1c/A/zk0YlBY6aeeq0Lv4cLivY="; + vendorHash = "sha256-qPIMmyKTmZEmxlLLftRMnBXvo22WFROYlCAAsAb7jDg="; + + ldflags = [ + "-w" + "-s" + ]; # Some tests are failing because of wrong filename/path doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/cloudhunter/default.nix b/nixpkgs/pkgs/tools/security/cloudhunter/default.nix index 109bd5a9df7a..206879d53759 100644 --- a/nixpkgs/pkgs/tools/security/cloudhunter/default.nix +++ b/nixpkgs/pkgs/tools/security/cloudhunter/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "cloudhunter"; - version = "0.7.0"; + version = "0.7.1"; format = "other"; src = fetchFromGitHub { owner = "belane"; repo = "CloudHunter"; rev = "refs/tags/v${version}"; - hash = "sha256-yRl3x1dboOcoPeKxpUEhDk8OJx1hynEJRHL9/Su8OyA="; + hash = "sha256-7iT4vr0kcNXEyJJdBbJsllIcbZRGY3T5t/FjEONkuq0="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/cnquery/default.nix b/nixpkgs/pkgs/tools/security/cnquery/default.nix index 158629f1cd10..b418d4a79a04 100644 --- a/nixpkgs/pkgs/tools/security/cnquery/default.nix +++ b/nixpkgs/pkgs/tools/security/cnquery/default.nix @@ -5,18 +5,18 @@ buildGoModule rec { pname = "cnquery"; - version = "9.13.0"; + version = "10.2.0"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnquery"; rev = "v${version}"; - hash = "sha256-jJayS4zGnbQBY/Z7rk4Xx0nHjCdAYCDs/FDYPVBxcqE="; + hash = "sha256-bz4a4+mgssrRBthkN87aYxlZV6as2uocFvBKrKLmy8A="; }; subPackages = [ "apps/cnquery" ]; - vendorHash = "sha256-AHVmvmTn2MlL+aVBUQs4PA3k8w9/QQRD57DvSpSq09I="; + vendorHash = "sha256-vq6R2FgvoET8SLTpktGLoFzZHqnmizDp0fWU7kqlLgU="; meta = with lib; { description = "cloud-native, graph-based asset inventory"; diff --git a/nixpkgs/pkgs/tools/security/cnspec/default.nix b/nixpkgs/pkgs/tools/security/cnspec/default.nix index 2eee5568fea4..8e63a0dde771 100644 --- a/nixpkgs/pkgs/tools/security/cnspec/default.nix +++ b/nixpkgs/pkgs/tools/security/cnspec/default.nix @@ -5,17 +5,17 @@ buildGoModule rec { pname = "cnspec"; - version = "9.14.0"; + version = "10.2.0"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-9MIIxWfETi2DX1DYPALL+JoC4r3yKJpeSFIx+hrGKiM="; + hash = "sha256-llX9MXlc0uMz60BjI1QFd6r/xqHBO2KCek2Q8F+TV04="; }; proxyVendor = true; - vendorHash = "sha256-Yii2sDfYqIzQAUaMotT87Wa5g3skxWllq6yGlkPDbLg="; + vendorHash = "sha256-pdf9q+bvR0kbT17ZQmUcdc2AdEUt12+2iIx+aRmtTYg="; subPackages = [ "apps/cnspec" diff --git a/nixpkgs/pkgs/tools/security/commix/default.nix b/nixpkgs/pkgs/tools/security/commix/default.nix index 94290619f0f3..b4c16376d8da 100644 --- a/nixpkgs/pkgs/tools/security/commix/default.nix +++ b/nixpkgs/pkgs/tools/security/commix/default.nix @@ -5,16 +5,26 @@ python3.pkgs.buildPythonApplication rec { pname = "commix"; - version = "3.8"; - format = "setuptools"; + version = "3.9"; + pyproject = true; src = fetchFromGitHub { owner = "commixproject"; - repo = pname; + repo = "commix"; rev = "refs/tags/v${version}"; - hash = "sha256-S/2KzZb3YUF0VJharWV/+7IG+r1EnB2sOveMpd1ryEI="; + hash = "sha256-HX+gEL9nmq9R1GFw8xQaa7kBmW7R0IepitM08bIf3vY="; }; + postPatch = '' + substituteInPlace setup.py \ + --replace-warn "-stable" "" + ''; + + + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + postInstall = '' # Helper files are not handled by setup.py mkdir -p $out/${python3.sitePackages}/src/txt diff --git a/nixpkgs/pkgs/tools/security/cosign/default.nix b/nixpkgs/pkgs/tools/security/cosign/default.nix index 0cdf5b0839ea..072b8e4ffb52 100644 --- a/nixpkgs/pkgs/tools/security/cosign/default.nix +++ b/nixpkgs/pkgs/tools/security/cosign/default.nix @@ -13,13 +13,13 @@ }: buildGoModule rec { pname = "cosign"; - version = "2.2.2"; + version = "2.2.3"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - hash = "sha256-QZWF0ysZFu3rt8dIXb5uddyDhT2FfWUyder8YR2BtQc="; + hash = "sha256-+y79Uml1TvKypbwcWkZZF415qUPPfieP5pKHO+APjPE="; }; buildInputs = @@ -28,7 +28,7 @@ buildGoModule rec { nativeBuildInputs = [ pkg-config installShellFiles ]; - vendorHash = "sha256-WeNRg3Nw2b6NiV8z7tGZIlWUHZxXuTG7MPF9DgfdmUQ="; + vendorHash = "sha256-udMnSdXBjlDQlQRzhhLBDBcHwREkEev0uLIVjT8BbuU="; subPackages = [ "cmd/cosign" diff --git a/nixpkgs/pkgs/tools/security/crackmapexec/default.nix b/nixpkgs/pkgs/tools/security/crackmapexec/default.nix index 85b987d78c7c..7db3c804f911 100644 --- a/nixpkgs/pkgs/tools/security/crackmapexec/default.nix +++ b/nixpkgs/pkgs/tools/security/crackmapexec/default.nix @@ -35,7 +35,7 @@ python3.pkgs.buildPythonApplication rec { pypsrp pywerview requests - requests_ntlm + requests-ntlm termcolor terminaltables xmltodict diff --git a/nixpkgs/pkgs/tools/security/creds/default.nix b/nixpkgs/pkgs/tools/security/creds/default.nix index 9f218f89bdd9..2f2962616d7c 100644 --- a/nixpkgs/pkgs/tools/security/creds/default.nix +++ b/nixpkgs/pkgs/tools/security/creds/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "creds"; - version = "0.5"; + version = "0.5.2"; format = "setuptools"; src = fetchFromGitHub { owner = "ihebski"; repo = "DefaultCreds-cheat-sheet"; - rev = "refs/tags/creds-${version}"; - hash = "sha256-s9ja2geFTnul7vUlGI4Am+IG3C0igICf0whnyd3SHdQ="; + rev = "refs/tags/creds-v${version}"; + hash = "sha256-CtwGSF3EGcPqL49paNRCsB2qxYjKpCLqyRsC67nAyVk="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/crowdsec/default.nix b/nixpkgs/pkgs/tools/security/crowdsec/default.nix index ed97dd98c03d..f9428bdd3170 100644 --- a/nixpkgs/pkgs/tools/security/crowdsec/default.nix +++ b/nixpkgs/pkgs/tools/security/crowdsec/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "crowdsec"; - version = "1.5.5"; + version = "1.6.0"; src = fetchFromGitHub { owner = "crowdsecurity"; repo = pname; rev = "v${version}"; - hash = "sha256-dE2PeYyC75y9dc84QdhQ6xaLMPdPWtPDse2sY5bFGwU="; + hash = "sha256-5jK+f6IFPhGit+jxkSLTcWN1+nJRQaCZKpWZYId+2bk="; }; - vendorHash = "sha256-hvandF9LPh1g4zIgmNIyId2YhqHU4RPKHGCtJI9aoPk="; + vendorHash = "sha256-tUvFT+rE58yxNJGhqqwSG0GlGushkUpngxLkmyjjFFY="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix b/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix index d4c9a4b6b465..1a00303ac96f 100644 --- a/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix +++ b/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cyclonedx-gomod"; - version = "1.5.0"; + version = "1.6.0"; src = fetchFromGitHub { owner = "CycloneDX"; repo = pname; rev = "v${version}"; - hash = "sha256-whAHZDUQBJaYu+OZiqcYzWxOru1GXDQ4FMDCj+ngCDs="; + hash = "sha256-3YHlh7edRWU8plAJh96RDkrC9YUQjvV4vNGOxmbS0sA="; }; - vendorHash = "sha256-FpsZonGJSzbAsnM00qq/qiTJLUN4q08dR+6rhTKvX0I="; + vendorHash = "sha256-0Fx9pOofcY5rpX6DU2xPeg7xEZ8ows/DWwyV5B7LHGY="; # Tests require network access and cyclonedx executable doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/dalfox/default.nix b/nixpkgs/pkgs/tools/security/dalfox/default.nix index 8c72a93d340f..b41ca04f7798 100644 --- a/nixpkgs/pkgs/tools/security/dalfox/default.nix +++ b/nixpkgs/pkgs/tools/security/dalfox/default.nix @@ -5,16 +5,21 @@ buildGoModule rec { pname = "dalfox"; - version = "2.9.1"; + version = "2.9.2"; src = fetchFromGitHub { owner = "hahwul"; - repo = pname; + repo = "dalfox"; rev = "refs/tags/v${version}"; - sha256 = "sha256-7wSmPmS8m+rYhYlREzKlPUiUfDvru9zwFFvSCDq6JY8="; + hash = "sha256-sKW6UYSPgXkZbLiOeYru/XpG/Cpvvhwos6Z5J/WxjXo="; }; - vendorHash = "sha256-W+37EL3e7G+U0EZUDuVqjZpfIf5+HcirH8NVsC+1NvA="; + vendorHash = "sha256-0eNaH82iCmxaie+nA9qxEWb8Uq6LaEQoU9wRFJ+GFv0="; + + ldflags = [ + "-w" + "-s" + ]; # Tests require network access doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/deepsecrets/default.nix b/nixpkgs/pkgs/tools/security/deepsecrets/default.nix index 09c8aac926b8..c509311f3a6d 100644 --- a/nixpkgs/pkgs/tools/security/deepsecrets/default.nix +++ b/nixpkgs/pkgs/tools/security/deepsecrets/default.nix @@ -6,7 +6,7 @@ python3.pkgs.buildPythonApplication rec { pname = "deepsecrets"; version = "1.0.6"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "avito-tech"; @@ -17,9 +17,9 @@ python3.pkgs.buildPythonApplication rec { postPatch = '' substituteInPlace pyproject.toml \ - --replace 'pyyaml = "^5.4.1"' 'pyyaml = "*"' \ - --replace 'regex = "^2023.3.23"' 'regex = "*"' \ - --replace 'mmh3 = "^3.0.0"' 'mmh3 = "*"' + --replace-warn 'pyyaml = "^5.4.1"' 'pyyaml = "*"' \ + --replace-warn 'regex = "^2023.3.23"' 'regex = "*"' \ + --replace-warn 'mmh3 = "^3.0.0"' 'mmh3 = "*"' ''; nativeBuildInputs = with python3.pkgs; [ @@ -30,7 +30,7 @@ python3.pkgs.buildPythonApplication rec { dotwiz mmh3 ordered-set - pydantic + pydantic_1 pygments pyyaml regex diff --git a/nixpkgs/pkgs/tools/security/echidna/default.nix b/nixpkgs/pkgs/tools/security/echidna/default.nix index 10caf5bb82eb..7f503acd6f0b 100644 --- a/nixpkgs/pkgs/tools/security/echidna/default.nix +++ b/nixpkgs/pkgs/tools/security/echidna/default.nix @@ -7,63 +7,34 @@ , slither-analyzer }: -let haskellPackagesOverride = haskellPackages.override { - overrides = self: super: { - # following the revision specified in echidna/stack.yaml - # TODO: 0.51.3 is not in haskellPackages yet - hevm = haskell.lib.overrideCabal super.hevm (oa: { - version = "0.51.3"; - src = fetchFromGitHub { - owner = "ethereum"; - repo = "hevm"; - rev = "release/0.51.3"; - hash = "sha256-H6oURBGoQWSOuPhBB+UKg2UarVzXgv1tmfDBLnOtdhU="; - }; - libraryHaskellDepends = oa.libraryHaskellDepends - ++ (with haskellPackages;[githash witch tuple]); - }); - }; - }; -in mkDerivation rec { +mkDerivation rec { pname = "echidna"; - version = "2.2.1"; + version = "2.2.2"; src = fetchFromGitHub { owner = "crytic"; repo = "echidna"; rev = "v${version}"; - sha256 = "sha256-5d9ttPR3rRHywBeLM85EGCEZLNZNZzOAhIN6AJToJyI="; + sha256 = "sha256-l1ILdO+xb0zx/TFM6Am9j5hq1RnIMNf2HU6YvslAj0w="; }; - # Note: pending PR https://github.com/crytic/echidna/pull/1096 - patches = [ - (fetchpatch { - name = "brick-1.9-update"; - url = "https://github.com/crytic/echidna/pull/1096/commits/36657d54943727e569691a6b3d85b83130480a2e.patch"; - sha256 = "sha256-AOmB/fAZCF7ruXW1HusRe7wWWsLyMCWw+j3qIPARIAc="; - }) - ]; - isLibrary = true; isExecutable = true; - libraryToolDepends = with haskellPackagesOverride; [ + libraryToolDepends = with haskellPackages; [ haskellPackages.hpack ]; - # Note: This can be extracted from package.yaml of echidna, the list is shorter because some are transitive. - executableHaskellDepends = with haskellPackagesOverride; - [aeson base base16-bytestring binary brick bytestring code-page containers data-dword data-has directory exceptions extra - filepath hashable hevm html-conduit html-entities http-conduit lens ListLike MonadRandom mtl optics optparse-applicative - process random semver text transformers unix unliftio unordered-containers vector vector-instances vty with-utf8 - xml-conduit yaml]; + executableHaskellDepends = with haskellPackages; [ aeson base base16-bytestring binary bytestring code-page + containers data-bword data-dword deepseq directory exceptions extra filepath hashable hevm html-conduit html-entities + http-conduit ListLike MonadRandom mtl optics optics-core optparse-applicative process random rosezipper semver split + strip-ansi-escape text time transformers unliftio utf8-string vector wai-extra warp with-utf8 word-wrap xml-conduit + yaml ]; # Note: there is also a runtime dependency of slither-analyzer, let's include it also. executableSystemDepends = [ slither-analyzer ]; - testHaskellDepends = with haskellPackagesOverride; [ - tasty tasty-hunit tasty-quickcheck - ]; + testHaskellDepends = with haskellPackages; [ tasty tasty-hunit tasty-quickcheck ]; preConfigure = '' hpack diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix index e399974b4c6e..b7cae61ad2c7 100644 --- a/nixpkgs/pkgs/tools/security/eid-mw/default.nix +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -21,13 +21,13 @@ stdenv.mkDerivation rec { pname = "eid-mw"; # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS. - version = "5.1.11"; + version = "5.1.15"; src = fetchFromGitHub { owner = "Fedict"; repo = "eid-mw"; rev = "v${version}"; - hash = "sha256-70UjfkH+rx1Q+2XEuAByoDsP5ZelyuGXaHdkjTe/sCY="; + hash = "sha256-balyAdQO8aZ9wGYerPUDxgBWGG7Ya2eIyo6UX62M4SI="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index 0e2e74d0787f..4c9b252b7372 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2023-12-22"; + version = "2024-02-10"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-NuukzG+l83YhIgVASLKCkE3FrS6+z8uURTxZyhT/RuA="; + hash = "sha256-tnAPjyvzl70bLFyn1y0prkp8o7CjPy1XwYYF1IGq4No="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix index 44cf92318235..510cdd99167c 100644 --- a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix +++ b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-agent-dispatcher"; - version = "3.0.1"; + version = "3.2.1"; pyproject = true; src = fetchFromGitHub { owner = "infobyte"; repo = "faraday_agent_dispatcher"; rev = "refs/tags/${version}"; - hash = "sha256-QCxYqLZAPrhcKAFguWT2ygN/OMe2Tr7HtnMx4Kp2bGM="; + hash = "sha256-OO9Rxm7jMfQAyyO5plLDWXbfYmPR2egewOMlrhHQTEw="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/faraday-cli/default.nix b/nixpkgs/pkgs/tools/security/faraday-cli/default.nix index cebe1540c605..b0ee2015555c 100644 --- a/nixpkgs/pkgs/tools/security/faraday-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/faraday-cli/default.nix @@ -5,16 +5,20 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-cli"; - version = "2.1.9"; - format = "setuptools"; + version = "2.1.10"; + pyproject = true; src = fetchFromGitHub { owner = "infobyte"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-8D1oYYqf0R41DPYtorcvykZ99p6P6Diwe7PgEN378pU="; + hash = "sha256-7Yg2m0xHpBPZ58gJodSYO8vXaxSlr4GK1Lin63WozOE="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ arrow click diff --git a/nixpkgs/pkgs/tools/security/frida-tools/default.nix b/nixpkgs/pkgs/tools/security/frida-tools/default.nix index c38d4edbb6ab..9a3bdee5dae2 100644 --- a/nixpkgs/pkgs/tools/security/frida-tools/default.nix +++ b/nixpkgs/pkgs/tools/security/frida-tools/default.nix @@ -2,11 +2,11 @@ python3Packages.buildPythonApplication rec { pname = "frida-tools"; - version = "12.1.2"; + version = "12.3.0"; src = fetchPypi { inherit pname version; - hash = "sha256-9SlDyp1fLOzLqu6sxVqY2jwEzQjrnbzfQXIRoyviPJY="; + hash = "sha256-jtxn0a43kv9bLcY1CM3k0kf5K30Ne/FT10ohptWNwEU="; }; propagatedBuildInputs = with python3Packages; [ diff --git a/nixpkgs/pkgs/tools/security/ggshield/default.nix b/nixpkgs/pkgs/tools/security/ggshield/default.nix index 50b3439732d3..6b93977558c8 100644 --- a/nixpkgs/pkgs/tools/security/ggshield/default.nix +++ b/nixpkgs/pkgs/tools/security/ggshield/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ggshield"; - version = "1.23.0"; + version = "1.24.0"; pyproject = true; src = fetchFromGitHub { owner = "GitGuardian"; repo = "ggshield"; rev = "refs/tags/v${version}"; - hash = "sha256-c2EXgUs+6GA5zHHF7Cx21LIsZ+jbmQFFUwLft2q5M30="; + hash = "sha256-N0yokLsp6jRELIPu8w6gvD7V97xiKJl+kLQQB9h2mMY="; }; pythonRelaxDeps = true; @@ -31,6 +31,7 @@ python3.pkgs.buildPythonApplication rec { marshmallow marshmallow-dataclass oauthlib + platformdirs pygitguardian pyjwt python-dotenv @@ -67,6 +68,11 @@ python3.pkgs.buildPythonApplication rec { "test_is_valid_git_commit_ref" "test_check_git_dir" "test_does_not_fail_if_cache" + # Encoding issues + "test_file_decode_content" + "test_file_is_longer_than_does_not_read_utf8_file" + "test_file_is_longer_using_8bit_codec" + "test_generate_files_from_paths" ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/ghauri/default.nix b/nixpkgs/pkgs/tools/security/ghauri/default.nix index fb230dc68d27..6e7ddeb3cd96 100644 --- a/nixpkgs/pkgs/tools/security/ghauri/default.nix +++ b/nixpkgs/pkgs/tools/security/ghauri/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ghauri"; - version = "1.1.8"; + version = "1.3"; format = "setuptools"; src = fetchFromGitHub { owner = "r0oth3x49"; repo = "ghauri"; rev = "refs/tags/${version}"; - hash = "sha256-WEWiWu8U7DmRjj42BEBXA3CHTyJh2Apz59ImFrmQXEk="; + hash = "sha256-CZhkb8GmXXSA5QqhW7IAirwsxQg6YNFT3RHrGsyqAbk="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix index 7fc15a3fb2b1..f1702e4468b5 100644 --- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.18.1"; + version = "8.18.2"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - hash = "sha256-v0d/ulxYJRkyyhVctnQjKW2ODWtu+gSwp/qSkVLQ1Jo="; + hash = "sha256-+UPlknAwmIeXlosHBXl3qPREV186lfDZGZG/Zx1rxYs="; }; - vendorHash = "sha256-lPfvoeHPYWSnFPuAR9CxG6+pQ++cZEw/jYuGgDrm57E="; + vendorHash = "sha256-30IJNP4XuV2YNy1TumPUju+GrHFBYi76coy0bJBqDI4="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/gnupg/24-revert-rfc4880bis-defaults.patch b/nixpkgs/pkgs/tools/security/gnupg/24-revert-rfc4880bis-defaults.patch new file mode 100644 index 000000000000..8bc65ede79c0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/24-revert-rfc4880bis-defaults.patch @@ -0,0 +1,200 @@ +From 1e4f1550996334d2a631a5d769e937d29ace47bb Mon Sep 17 00:00:00 2001 +From: Jakub Jelen <jjelen@redhat.com> +Date: Thu, 9 Feb 2023 16:38:58 +0100 +Subject: [PATCH gnupg] Revert the introduction of the RFC4880bis draft into + defaults + +This reverts commit 4583f4fe2 (gpg: Merge --rfc4880bis features into +--gnupg, 2022-10-31). +--- + g10/gpg.c | 35 ++++++++++++++++++++++++++++++++--- + g10/keygen.c | 30 ++++++++++++++++++------------ + 2 files changed, 50 insertions(+), 15 deletions(-) + +diff --git a/g10/gpg.c b/g10/gpg.c +index dcab0a11a..796888013 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -247,6 +247,7 @@ enum cmd_and_opt_values + oGnuPG, + oRFC2440, + oRFC4880, ++ oRFC4880bis, + oOpenPGP, + oPGP7, + oPGP8, +@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), + ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), + ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), ++ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"), + ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), + ARGPARSE_s_n (oPGP7, "pgp6", "@"), + ARGPARSE_s_n (oPGP7, "pgp7", "@"), +@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = { + ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"), + ARGPARSE_s_s (oNoop, "aead-algo", "@"), + ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), +- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), + + +@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option compliance_options[] = + { + { "gnupg", oGnuPG }, + { "openpgp", oOpenPGP }, +- { "rfc4880bis", oGnuPG }, ++ { "rfc4880bis", oRFC4880bis }, + { "rfc4880", oRFC4880 }, + { "rfc2440", oRFC2440 }, + { "pgp6", oPGP7 }, +@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option compliance_options[] = + static void + set_compliance_option (enum cmd_and_opt_values option) + { ++ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */ ++ + switch (option) + { ++ case oRFC4880bis: ++ opt.flags.rfc4880bis = 1; ++ opt.compliance = CO_RFC4880; ++ opt.flags.dsa2 = 1; ++ opt.flags.require_cross_cert = 1; ++ opt.rfc2440_text = 0; ++ opt.allow_non_selfsigned_uid = 1; ++ opt.allow_freeform_uid = 1; ++ opt.escape_from = 1; ++ opt.not_dash_escaped = 0; ++ opt.def_cipher_algo = 0; ++ opt.def_digest_algo = 0; ++ opt.cert_digest_algo = 0; ++ opt.compress_algo = -1; ++ opt.s2k_mode = 3; /* iterated+salted */ ++ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; ++ opt.s2k_cipher_algo = CIPHER_ALGO_AES256; ++ break; + case oOpenPGP: + case oRFC4880: + /* This is effectively the same as RFC2440, but with +@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_values option) + case oPGP8: opt.compliance = CO_PGP8; break; + case oGnuPG: + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + break; + + case oDE_VS: +@@ -2491,6 +2513,7 @@ main (int argc, char **argv) + opt.emit_version = 0; + opt.weak_digests = NULL; + opt.compliance = CO_GNUPG; ++ opt.flags.rfc4880bis = 1; + + /* Check special options given on the command line. */ + orig_argc = argc; +@@ -3033,6 +3056,7 @@ main (int argc, char **argv) + case oOpenPGP: + case oRFC2440: + case oRFC4880: ++ case oRFC4880bis: + case oPGP7: + case oPGP8: + case oGnuPG: +@@ -3862,6 +3886,11 @@ main (int argc, char **argv) + if( may_coredump && !opt.quiet ) + log_info(_("WARNING: program may create a core file!\n")); + ++ if (!opt.flags.rfc4880bis) ++ { ++ opt.mimemode = 0; /* This will use text mode instead. */ ++ } ++ + if (eyes_only) { + if (opt.set_filename) + log_info(_("WARNING: %s overrides %s\n"), +@@ -4078,7 +4107,7 @@ main (int argc, char **argv) + /* Check our chosen algorithms against the list of legal + algorithms. */ + +- if(!GNUPG) ++ if(!GNUPG && !opt.flags.rfc4880bis) + { + const char *badalg=NULL; + preftype_t badtype=PREFTYPE_NONE; +diff --git a/g10/keygen.c b/g10/keygen.c +index a2cfe3ccf..2a1dd1f81 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string,int personal) + strcat(dummy_string,"S7 "); + strcat(dummy_string,"S2 "); /* 3DES */ + +- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB)) ++ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB)) + strcat(dummy_string,"A2 "); + + if (personal) +@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque) + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_feature_aead (sig, aead_available); +- add_feature_v5 (sig, 1); ++ add_feature_v5 (sig, opt.flags.rfc4880bis); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); + +@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl, + } + } + else if (!ascii_strcasecmp (s, "v5")) +- keyversion = 5; ++ { ++ if (opt.flags.rfc4880bis) ++ keyversion = 5; ++ } + else if (!ascii_strcasecmp (s, "v4")) + keyversion = 4; + else +@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl, + * ecdsa := Use algorithm ECDSA. + * eddsa := Use algorithm EdDSA. + * ecdh := Use algorithm ECDH. +- * v5 := Create version 5 key ++ * v5 := Create version 5 key (requires option --rfc4880bis) + * + * There are several defaults and fallbacks depending on the + * algorithm. PART can be used to select which part of STRING is +@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const char *fname ) + } + } + +- if ((keywords[i].key == pVERSION +- || keywords[i].key == pSUBVERSION)) +- ; /* Ignore version. */ ++ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION ++ || keywords[i].key == pSUBVERSION)) ++ ; /* Ignore version unless --rfc4880bis is active. */ + else + { + r = xmalloc_clear( sizeof *r + strlen( value ) ); +@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *para, int for_subkey, + para = r; + } + +- r = xmalloc_clear (sizeof *r + 20); +- r->key = for_subkey? pSUBVERSION : pVERSION; +- snprintf (r->u.value, 20, "%d", version); +- r->next = para; +- para = r; ++ if (opt.flags.rfc4880bis) ++ { ++ r = xmalloc_clear (sizeof *r + 20); ++ r->key = for_subkey? pSUBVERSION : pVERSION; ++ snprintf (r->u.value, 20, "%d", version); ++ r->next = para; ++ para = r; ++ } + + if (keytime) + { diff --git a/nixpkgs/pkgs/tools/security/gnupg/24.nix b/nixpkgs/pkgs/tools/security/gnupg/24.nix index 2f5c6e2ce428..95a6d9c0fa5f 100644 --- a/nixpkgs/pkgs/tools/security/gnupg/24.nix +++ b/nixpkgs/pkgs/tools/security/gnupg/24.nix @@ -13,11 +13,11 @@ assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.4.1"; + version = "2.4.4"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - hash = "sha256-drceWutEO/2RDOnLyCgbYXyDQWh6+2e65FWHeXK1neg="; + hash = "sha256-Z+vgFsqQ+naIzmejh+vYLGJh6ViX23sj3yT/M1voW8Y="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; @@ -33,6 +33,7 @@ stdenv.mkDerivation rec { ./tests-add-test-cases-for-import-without-uid.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch ./24-allow-import-of-previously-known-keys-even-without-UI.patch + ./24-revert-rfc4880bis-defaults.patch # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch ]; diff --git a/nixpkgs/pkgs/tools/security/go-dork/default.nix b/nixpkgs/pkgs/tools/security/go-dork/default.nix index d5b999d96990..a92f8957e3ad 100644 --- a/nixpkgs/pkgs/tools/security/go-dork/default.nix +++ b/nixpkgs/pkgs/tools/security/go-dork/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "go-dork"; - version = "1.0.2"; + version = "1.0.3"; src = fetchFromGitHub { owner = "dwisiswant0"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-tFmXutX3UnKAFFS4mO4PCv7Bhw1wJ7qjdA1ROryqYZU="; + hash = "sha256-Q7ECwXH9q6qWba2URh3LjMx8g6vPF1DWfKnmXej7ht4="; }; vendorHash = "sha256-6V58RRRPamBMDAf0gg4sQMQkoD5dWauCFtPrwf5EasI="; diff --git a/nixpkgs/pkgs/tools/security/gotestwaf/default.nix b/nixpkgs/pkgs/tools/security/gotestwaf/default.nix index 78ba5e06e4b9..69afb96a47e2 100644 --- a/nixpkgs/pkgs/tools/security/gotestwaf/default.nix +++ b/nixpkgs/pkgs/tools/security/gotestwaf/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "gotestwaf"; - version = "0.4.9"; + version = "0.4.12"; src = fetchFromGitHub { owner = "wallarm"; - repo = pname; + repo = "gotestwaf"; rev = "refs/tags/v${version}"; - hash = "sha256-fBmn+p5uVGnI4lyL12cX4S8eda79k2Y0RPQG9iZQs2Q="; + hash = "sha256-av6N6RQ+9iW+xG1FpmFjBHL1leU4P0IPiqf7kvJxm6M="; }; vendorHash = null; @@ -22,6 +22,8 @@ buildGoModule rec { doCheck = false; ldflags = [ + "-w" + "-s" "-X=github.com/wallarm/gotestwaf/internal/version.Version=v${version}" ]; diff --git a/nixpkgs/pkgs/tools/security/govulncheck/default.nix b/nixpkgs/pkgs/tools/security/govulncheck/default.nix index 1b7ee6cf015d..dd45d054aeeb 100644 --- a/nixpkgs/pkgs/tools/security/govulncheck/default.nix +++ b/nixpkgs/pkgs/tools/security/govulncheck/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "govulncheck"; - version = "1.0.1"; + version = "1.0.4"; src = fetchFromGitHub { owner = "golang"; repo = "vuln"; rev = "refs/tags/v${version}"; - hash = "sha256-cewQ03dK/k3mXevE09M01Yox/3ZWP6IrG0H4QsZMzy8="; + hash = "sha256-GLZaJ/hVA1A2Mek1G7QkDGowqa5Bm4sRh0Y7QMhud/w="; }; patches = [ @@ -23,7 +23,7 @@ buildGoModule rec { }) ]; - vendorHash = "sha256-r9XshbgVA5rppJF46SFYPad344ZHMLWTHTnL6vbIFH8="; + vendorHash = "sha256-Jg2Nx63Xak149111jbBP6SgK3hze21Dx5qcDKXCqa48="; subPackages = [ "cmd/govulncheck" diff --git a/nixpkgs/pkgs/tools/security/gpg-tui/default.nix b/nixpkgs/pkgs/tools/security/gpg-tui/default.nix index 40869e825802..64a273784540 100644 --- a/nixpkgs/pkgs/tools/security/gpg-tui/default.nix +++ b/nixpkgs/pkgs/tools/security/gpg-tui/default.nix @@ -4,8 +4,6 @@ , fetchFromGitHub , gpgme , libgpg-error -, libxcb -, libxkbcommon , pkg-config , python3 , AppKit @@ -13,6 +11,7 @@ , libiconv , libobjc , libresolv +, x11Support ? true, libxcb, libxkbcommon }: rustPlatform.buildRustPackage rec { @@ -38,6 +37,7 @@ rustPlatform.buildRustPackage rec { buildInputs = [ gpgme libgpg-error + ] ++ lib.optionals x11Support [ libxcb libxkbcommon ] ++ lib.optionals stdenv.isDarwin [ diff --git a/nixpkgs/pkgs/tools/security/graphw00f/default.nix b/nixpkgs/pkgs/tools/security/graphw00f/default.nix index caa7586d37f6..7f1d5ede3e71 100644 --- a/nixpkgs/pkgs/tools/security/graphw00f/default.nix +++ b/nixpkgs/pkgs/tools/security/graphw00f/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "graphw00f"; - version = "1.1.8"; + version = "1.1.15"; format = "other"; src = fetchFromGitHub { owner = "dolevf"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-stTCUHt9UCu1QuxDPB8a26LsrHNttyoVd0tmS7e2t2Y="; + hash = "sha256-wAymwT2PRyX7m/yh6BAa8YNkH7pE69bKHKZ15phuUJo="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index 188741bcf00c..eceffd9bdecd 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "grype"; - version = "0.74.1"; + version = "0.74.5"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-/s23QSg4+reF+BTbbk1MXtUC0ytdgd8olaiUTqR7LqM="; + hash = "sha256-h68LfKQG5xgFIFkyuK9Z6tw8+xoimnF2d2QgTjwU74U="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,7 +28,7 @@ buildGoModule rec { proxyVendor = true; - vendorHash = "sha256-LNyYwnQhGZfsHrA02fHdXKRTJ83Xii3q//Tfrq3sLFc="; + vendorHash = "sha256-lnOF3Xvjc20aFPOf9of3n+aBHvPrLTTlH7aPPlYA/RA="; nativeBuildInputs = [ installShellFiles diff --git a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix index 0f0eeeb6b2af..cb02b806a986 100644 --- a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix +++ b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix @@ -49,7 +49,7 @@ stdenv.mkDerivation rec { ''; installPhase = '' - mkdir -p $out/bin $out/man $out/lib/${python3.libPrefix}/site-packages + mkdir -p $out/bin $out/man $out/${python3.sitePackages} make install wrapPythonPrograms ''; diff --git a/nixpkgs/pkgs/tools/security/hfinger/default.nix b/nixpkgs/pkgs/tools/security/hfinger/default.nix index 2c584f35ff4f..8d3d7e25d33f 100644 --- a/nixpkgs/pkgs/tools/security/hfinger/default.nix +++ b/nixpkgs/pkgs/tools/security/hfinger/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "hfinger"; - version = "0.2.1"; + version = "0.2.2"; disabled = python3.pythonOlder "3.3"; src = fetchFromGitHub { owner = "CERT-Polska"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-QKnrprDDBq+D8N1brkqgcfK4E+6ssvgPtRaSxkF0C84="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-gxwirAqtY4R3KDHyNmDIknABO+SFuoDua9nm1UyXbxA="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/httpx/default.nix b/nixpkgs/pkgs/tools/security/httpx/default.nix index b7dd4afd94f3..9667d1997a08 100644 --- a/nixpkgs/pkgs/tools/security/httpx/default.nix +++ b/nixpkgs/pkgs/tools/security/httpx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "httpx"; - version = "1.3.8"; + version = "1.3.9"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "httpx"; rev = "refs/tags/v${version}"; - hash = "sha256-mHksSCOy0vF7YRg2Pu6r8VzA8YNP8JXTCd44QoGTyww="; + hash = "sha256-3k/3CJ+/17Ygj4N8KPRYiAT+QJx3RlQMNemFztKtTt4="; }; - vendorHash = "sha256-TctifN2YhW5t+nuFVB1yPgOopLzQfgi5QIJitMlVPJc="; + vendorHash = "sha256-apTCSKWkAarAHDEVvyyRjBm5s5M2YDXP5bMITDLoq20="; subPackages = [ "cmd/httpx" diff --git a/nixpkgs/pkgs/tools/security/isolate/default.nix b/nixpkgs/pkgs/tools/security/isolate/default.nix index ae975dc78ae9..4aa592029600 100644 --- a/nixpkgs/pkgs/tools/security/isolate/default.nix +++ b/nixpkgs/pkgs/tools/security/isolate/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "isolate"; - version = "1.10"; + version = "1.10.1"; src = fetchFromGitHub { owner = "ioi"; repo = "isolate"; rev = "v${version}"; - hash = "sha256-fuv9HOw0XkRBRjwAp4b6LpoB5p7a+yo66AcT3B0yQUw="; + hash = "sha256-xY2omzqIJYElLtzj4byy/QG4pW4erCxc+cD2X9nA2jM="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/keepwn/default.nix b/nixpkgs/pkgs/tools/security/keepwn/default.nix index 9720e14d7a50..bb856c80710b 100644 --- a/nixpkgs/pkgs/tools/security/keepwn/default.nix +++ b/nixpkgs/pkgs/tools/security/keepwn/default.nix @@ -6,20 +6,27 @@ python3.pkgs.buildPythonApplication rec { pname = "keepwn"; - version = "0.1"; - format = "setuptools"; + version = "0.3"; + pyproject = true; src = fetchFromGitHub { owner = "Orange-Cyberdefense"; repo = "KeePwn"; rev = "refs/tags/${version}"; - hash = "sha256-s+r6QEUzkzCbs5j1G+PVgDx8cvnmQzEQ1MHAakG+skA="; + hash = "sha256-haKWuoTtyC9vIise+gznruHEwMIDz1W6euihLLKnSdc="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ chardet impacket lxml + pefile + pykeepass + python-magic termcolor ]; diff --git a/nixpkgs/pkgs/tools/security/kube-bench/default.nix b/nixpkgs/pkgs/tools/security/kube-bench/default.nix index f4cb389eb16e..28b90f3d4bae 100644 --- a/nixpkgs/pkgs/tools/security/kube-bench/default.nix +++ b/nixpkgs/pkgs/tools/security/kube-bench/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kube-bench"; - version = "0.7.0"; + version = "0.7.1"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-yJJEWxz8EWdLi2rhw42QVdG9AcGO0OWnihg153hALNE="; + hash = "sha256-EsUjGc7IIu5PK9KaODlQSfmm8jpjuBXvGZPNjSc1824="; }; - vendorHash = "sha256-zKw6d3UWs2kb+DCXmLZ09Lw3m8wMhm9QJYkeXJYcFA8="; + vendorHash = "sha256-i4k7eworPUvLUustr5U53qizHqUVw8yqGjdPQT6UIf4="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix index 66a8c3c13061..61669836f792 100644 --- a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix +++ b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "libmodsecurity"; - version = "3.0.11"; + version = "3.0.12"; src = fetchFromGitHub { owner = "SpiderLabs"; repo = "ModSecurity"; rev = "v${version}"; - sha256 = "sha256-dbAX4lokmiUc+glhTG0PPaD/WEXcoQX0AQ/WZwJQYPY="; + sha256 = "sha256-WIFAg9LvKAC8e3gpcIxtNHT53AIfPtUTyrv30woxP4M="; fetchSubmodules = true; }; diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index 3d10bb0bb51c..7475d019a7be 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.48" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.54" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index 899a80b10966..d25c247fad96 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 261eca342915db81d67cdfe7f2ef7b3788fd508f - ref: refs/tags/6.3.48 + revision: 038a5b20f97601ac1f73edcc4642f1add35ef08f + ref: refs/tags/6.3.54 specs: - metasploit-framework (6.3.48) + metasploit-framework (6.3.54) actionpack (~> 7.0.0) activerecord (~> 7.0.0) activesupport (~> 7.0.0) @@ -35,7 +35,7 @@ GIT metasploit-concern metasploit-credential metasploit-model - metasploit-payloads (= 2.0.161) + metasploit-payloads (= 2.0.165) metasploit_data_models metasploit_payloads-mettle (= 1.0.26) mqtt @@ -62,6 +62,7 @@ GIT rb-readline recog redcarpet + reline rex-arch rex-bin_tools rex-core @@ -253,7 +254,7 @@ GEM activemodel (~> 7.0) activesupport (~> 7.0) railties (~> 7.0) - metasploit-payloads (2.0.161) + metasploit-payloads (2.0.165) metasploit_data_models (6.0.3) activerecord (~> 7.0) activesupport (~> 7.0) @@ -463,4 +464,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.4.13 + 2.5.5 diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index 935374a09ad4..d86b14b46d25 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.3.48"; + version = "6.3.54"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = "refs/tags/${version}"; - hash = "sha256-AY0k44/gYXP4h3SoRVF9aK2L2skZ03Azd5V9hSRDoHQ="; + hash = "sha256-LGAvqtmtrEuhC61LohEgFBSSLR52orHVSnJqcl60yjs="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index a439c6380641..c614fa81f15c 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -664,12 +664,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "261eca342915db81d67cdfe7f2ef7b3788fd508f"; - sha256 = "0x508cj8azcmfwrp1lqrr7d8pbb8gm8lba3lhzw76qg0izij9381"; + rev = "038a5b20f97601ac1f73edcc4642f1add35ef08f"; + sha256 = "0fyanig74skj9bav38kn3qnr450l408s4jxd1fhlpb5dv6m2yq1c"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.3.48"; + version = "6.3.54"; }; metasploit-model = { groups = ["default"]; @@ -686,10 +686,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1naxfj3jcr5gfsr5lbkis9ww2mw6c2i97k1zdidajpr91dyj2314"; + sha256 = "0v9vr3iklxm53vfkyiqja8a942n8r0a49w9rmvk9ql4h3r5xcgpw"; type = "gem"; }; - version = "2.0.161"; + version = "2.0.165"; }; metasploit_data_models = { groups = ["default"]; diff --git a/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/nixpkgs/pkgs/tools/security/mkp224o/default.nix index 2ac4304d6d2e..d6ee40e6f5ea 100644 --- a/nixpkgs/pkgs/tools/security/mkp224o/default.nix +++ b/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mkp224o"; - version = "1.6.1"; + version = "1.7.0"; src = fetchFromGitHub { owner = "cathugger"; repo = "mkp224o"; rev = "v${version}"; - sha256 = "sha256-+TJ137DmgaFZX+/N6VwXJwfVCoTWtC8NqfXfYJC8UHo="; + sha256 = "sha256-OL3xhoxIS1OqfVp0QboENFdNH/e1Aq1R/MFFM9LNFbQ="; }; buildCommand = diff --git a/nixpkgs/pkgs/tools/security/mokutil/default.nix b/nixpkgs/pkgs/tools/security/mokutil/default.nix index 5a597b73a7ce..bc38be4cd3e6 100644 --- a/nixpkgs/pkgs/tools/security/mokutil/default.nix +++ b/nixpkgs/pkgs/tools/security/mokutil/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "mokutil"; - version = "0.6.0"; + version = "0.7.0"; src = fetchFromGitHub { owner = "lcp"; repo = pname; rev = version; - sha256 = "sha256-qwSEv14mMpaKmm6RM882JzEnBQG3loqsoglg4qTFWUg="; + sha256 = "sha256-PB/VwOJD0DxAioPDYfk2ZDzcN+pSXfUC86hGq2kYhts="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/naabu/default.nix b/nixpkgs/pkgs/tools/security/naabu/default.nix index 8569b957db2d..7d3981222f91 100644 --- a/nixpkgs/pkgs/tools/security/naabu/default.nix +++ b/nixpkgs/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.2.0"; + version = "2.2.1"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; rev = "refs/tags/v${version}"; - hash = "sha256-he9SJ4lCFNV3DvwqYR7lcWPIPwLIpJDWWnnei069k1k="; + hash = "sha256-z81LL+tx15Zo6OWj4gRSodo7Dk763M+QQ5kYgjrWO3Q="; }; - vendorHash = "sha256-fVqPRDycT9ImBkHakNrby0uXPWrXXatTk8QQSi2OnV0="; + vendorHash = "sha256-nwrqxlbvr9FZXJpzmcn0IBEtlJfeYCy8DJsBvxEgj6k="; buildInputs = [ libpcap @@ -27,6 +27,11 @@ buildGoModule rec { "cmd/naabu/" ]; + ldflags = [ + "-w" + "-s" + ]; + meta = with lib; { description = "Fast SYN/CONNECT port scanner"; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/netexec/default.nix b/nixpkgs/pkgs/tools/security/netexec/default.nix index d5925365a87a..625cd3974252 100644 --- a/nixpkgs/pkgs/tools/security/netexec/default.nix +++ b/nixpkgs/pkgs/tools/security/netexec/default.nix @@ -1,172 +1,106 @@ { lib +, stdenv , fetchFromGitHub , python3 -, buildPythonPackage -, fetchPypi }: let python = python3.override { packageOverrides = self: super: { impacket = super.impacket.overridePythonAttrs { - version = "0.12.0.dev1"; + version = "0.12.0.dev1-unstable-2023-11-30"; src = fetchFromGitHub { owner = "Pennyw0rth"; repo = "impacket"; rev = "d370e6359a410063b2c9c68f6572c3b5fb178a38"; hash = "sha256-Jozn4lKAnLQ2I53+bx0mFY++OH5P4KyqVmrS5XJUY3E="; }; + # Fix version to be compliant with Python packaging rules + postPatch = '' + substituteInPlace setup.py \ + --replace 'version="{}.{}.{}.{}{}"' 'version="{}.{}.{}"' + ''; }; - bloodhound-py = super.bloodhound-py.overridePythonAttrs (old: { - propagatedBuildInputs = - lib.lists.remove super.impacket old.propagatedBuildInputs - ++ [ self.impacket ]; - }); }; }; - - python-easyconfig = buildPythonPackage rec { - pname = "python-easyconfig"; - version = "0.1.7"; - src = fetchPypi { - inherit version; - pname = "Python-EasyConfig"; - hash = "sha256-tUjxmrhQtVFU9hFi8xTj27J24R47JpUbio+gaDwGuyk="; - }; - propagatedBuildInputs = with python.pkgs; [ - six - pyyaml - ]; - }; - - jsonform = buildPythonPackage rec { - pname = "jsonform"; - version = "0.0.2"; - doCheck = false; - src = fetchPypi { - inherit version; - pname = "JsonForm"; - hash = "sha256-cfi3ohU44wyphLad3gTwKYDNbNwhg6GKp8oC2VCZiOY="; - }; - propagatedBuildInputs = with python.pkgs; [ - jsonschema - ]; - }; - - jsonsir = buildPythonPackage rec { - pname = "jsonsir"; - version = "0.0.2"; - doCheck = false; - src = fetchPypi { - inherit version; - pname = "JsonSir"; - hash = "sha256-QBRHxekx94h4Uc6b8kB/401aqwsUZ7sku787dg5b0/s="; - }; - }; - - dploot = buildPythonPackage rec { - pname = "dploot"; - version = "2.2.4"; - pyproject = true; - src = fetchPypi { - inherit pname version; - hash = "sha256-40/5KOlEFvPL9ohCfR3kqoikpKFfJO22MToq3GhamKM="; - }; - nativeBuildInputs = with python.pkgs; [ - poetry-core - ]; - propagatedBuildInputs = with python.pkgs; [ - impacket - cryptography - pyasn1 - lxml - ]; - }; - - resource = buildPythonPackage rec { - pname = "resource"; - version = "0.2.1"; - doCheck = false; - src = fetchPypi { - inherit version; - pname = "Resource"; - hash = "sha256-mDVKvY7+c9WhDyEJnYC774Xs7ffKIqQW/yAlClGs2RY="; - }; - propagatedBuildInputs = with python.pkgs; [ - python-easyconfig - jsonform - jsonsir - ]; - }; in python.pkgs.buildPythonApplication rec { pname = "netexec"; - version = "1.1.0"; + version = "1.1.0-unstable-2024-01-15"; pyproject = true; - doCheck = true; pythonRelaxDeps = true; + pythonRemoveDeps = [ + # Fail to detect dev version requirement + "neo4j" + ]; src = fetchFromGitHub { owner = "Pennyw0rth"; repo = "NetExec"; - rev = "refs/tags/v${version}"; - hash = "sha256-cNkZoIdfrKs5ZvHGKGBybCWGwA6C4rqjCOEM+pX70S8="; + rev = "9df72e2f68b914dfdbd75b095dd8f577e992615f"; + hash = "sha256-oQHtTE5hdlxHX4uc412VfNUrN0UHVbwI0Mm9kmJpNW4="; }; + postPatch = '' + substituteInPlace pyproject.toml \ + --replace '{ git = "https://github.com/Pennyw0rth/impacket.git", branch = "gkdi" }' '"*"' \ + --replace '{ git = "https://github.com/Pennyw0rth/oscrypto" }' '"*"' + ''; + nativeBuildInputs = with python.pkgs; [ poetry-core pythonRelaxDepsHook ]; propagatedBuildInputs = with python.pkgs; [ - requests + aardwolf + aioconsole + aiosqlite + argcomplete + asyauth beautifulsoup4 + bloodhound-py + dploot + dsinternals + impacket lsassy - termcolor + masky + minikerberos msgpack neo4j + oscrypto + paramiko + pyasn1-modules pylnk3 pypsrp - paramiko - impacket - dsinternals - xmltodict - terminaltables - aioconsole - pywerview - minikerberos pypykatz - aardwolf - dploot - bloodhound-py - asyauth - masky - sqlalchemy - aiosqlite - pyasn1-modules - rich python-libnmap - resource - oscrypto + pywerview + requests + rich + sqlalchemy + termcolor + terminaltables + xmltodict ]; nativeCheckInputs = with python.pkgs; [ - pytest + pytestCheckHook ]; - postPatch = '' - substituteInPlace pyproject.toml \ - --replace '{ git = "https://github.com/Pennyw0rth/impacket.git", branch = "gkdi" }' '"*"' - - substituteInPlace pyproject.toml \ - --replace '{ git = "https://github.com/Pennyw0rth/oscrypto" }' '"*"' + preCheck = '' + export HOME=$(mktemp -d) ''; meta = with lib; { - description = "Network service exploitation tool (Maintaned fork of CrackMapExec)"; + description = "Network service exploitation tool (maintained fork of CrackMapExec)"; homepage = "https://github.com/Pennyw0rth/NetExec"; changelog = "https://github.com/Pennyw0rth/NetExec/releases/tag/v${version}"; license = with licenses; [ bsd2 ]; mainProgram = "nxc"; maintainers = with maintainers; [ vncsb ]; + # FIXME: failing fixupPhase: + # $ Rewriting #!/nix/store/<hash>-python3-3.11.7/bin/python3.11 to #!/nix/store/<hash>-python3-3.11.7 + # $ /nix/store/<hash>-wrap-python-hook/nix-support/setup-hook: line 65: 47758 Killed: 9 sed -i "$f" -e "1 s^#!/nix/store/<hash>-python3-3.11.7^#!/nix/store/<hash>-python3-3.11.7^" + broken = stdenv.isDarwin; }; } diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app2/default.nix b/nixpkgs/pkgs/tools/security/nitrokey-app2/default.nix index 15e756a7053b..d56e882cb09e 100644 --- a/nixpkgs/pkgs/tools/security/nitrokey-app2/default.nix +++ b/nixpkgs/pkgs/tools/security/nitrokey-app2/default.nix @@ -1,21 +1,26 @@ { lib -, python3 +, buildPythonApplication , fetchFromGitHub -, wrapQtAppsHook +, pythonOlder +, pyside6 +, poetry-core +, pynitrokey +, pyudev +, qt-material }: -python3.pkgs.buildPythonApplication rec { +buildPythonApplication rec { pname = "nitrokey-app2"; - version = "2.1.4"; + version = "2.1.5"; pyproject = true; - disabled = python3.pythonOlder "3.9"; + disabled = pythonOlder "3.9"; src = fetchFromGitHub { owner = "Nitrokey"; repo = "nitrokey-app2"; rev = "v${version}"; - hash = "sha256-loOCa6XlLx1YEfqR0SUUalVIEPCoYsNEHFo2MIKexeA="; + hash = "sha256-mR13zUgCdNS09EnpGLrnOnoIn3p6ZM/0fHKg0OUMWj4="; }; # https://github.com/Nitrokey/nitrokey-app2/issues/152 @@ -23,36 +28,20 @@ python3.pkgs.buildPythonApplication rec { # pythonRelaxDepsHook does not work here, because it runs in postBuild and # only modifies the dependencies in the built distribution. postPatch = '' - substituteInPlace pyproject.toml --replace "pynitrokey ==" "pynitrokey >=" + substituteInPlace pyproject.toml --replace 'pynitrokey = "' 'pynitrokey = ">=' ''; - # The pyproject.toml file seems to be incomplete and does not generate - # resources (i.e. run pyrcc5 and pyuic5) but the Makefile does. - preBuild = '' - make build-ui - ''; - - nativeBuildInputs = with python3.pkgs; [ - flit-core - pyqt5 - wrapQtAppsHook + nativeBuildInputs = [ + poetry-core ]; - dontWrapQtApps = true; - - propagatedBuildInputs = with python3.pkgs; [ + propagatedBuildInputs = [ pynitrokey pyudev - pyqt5 - pyqt5-stubs + pyside6 qt-material ]; - preFixup = '' - wrapQtApp "$out/bin/nitrokeyapp" \ - --set-default CRYPTOGRAPHY_OPENSSL_NO_LEGACY 1 - ''; - pythonImportsCheck = [ "nitrokeyapp" ]; diff --git a/nixpkgs/pkgs/tools/security/notation/default.nix b/nixpkgs/pkgs/tools/security/notation/default.nix index 0164452b9bc9..07c9ef499717 100644 --- a/nixpkgs/pkgs/tools/security/notation/default.nix +++ b/nixpkgs/pkgs/tools/security/notation/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "notation"; - version = "1.0.1"; + version = "1.1.0"; src = fetchFromGitHub { owner = "notaryproject"; repo = pname; rev = "v${version}"; - hash = "sha256-KcB5l6TRZhciXO04mz5iORR4//cAhrh+o4Kdq7LA4A4="; + hash = "sha256-MJBFdtx+HkPCN1SIohKOy33BW746GNN2fWkr7TIuBmk="; }; - vendorHash = "sha256-r58ZV63KIHKxh5HDeQRfd0OF0s7xpC4sXvsYLhm8AIE="; + vendorHash = "sha256-USkufc1dG4eyRfRJHSX4mVZHnvOc5onHenF98Aedac4="; # This is a Go sub-module and cannot be built directly (e2e tests). excludedPackages = [ "./test" ]; @@ -33,5 +33,6 @@ buildGoModule rec { homepage = "https://notaryproject.dev/"; license = licenses.asl20; maintainers = with maintainers; [ aaronjheng ]; + mainProgram = "notation"; }; } diff --git a/nixpkgs/pkgs/tools/security/nsjail/default.nix b/nixpkgs/pkgs/tools/security/nsjail/default.nix index a92aa5f21041..23b938a83f9a 100644 --- a/nixpkgs/pkgs/tools/security/nsjail/default.nix +++ b/nixpkgs/pkgs/tools/security/nsjail/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { buildInputs = [ libnl protobuf protobufc ]; enableParallelBuilding = true; + env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ]; + preBuild = '' makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap') ''; diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index 17915567d46c..1fb47c7762cb 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "3.1.6"; + version = "3.1.10"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "nuclei"; rev = "refs/tags/v${version}"; - hash = "sha256-Xtebrmd1M46slPX/0nQRo2CEA4mGOZiUxhlokXdYReA="; + hash = "sha256-11ORN9h2VsXJKZw5HUljq6Tk0XC81tC7sCPbFgcTd+k="; }; - vendorHash = "sha256-x2bx5A09hYtsn7BROXZbB8X8gFN1zI5Jg51HYZPYIno="; + vendorHash = "sha256-0ERUvPUAxj0H62YcRvsfYX8h0Hp/mA6NdE8E/BjPGzw="; subPackages = [ "cmd/nuclei/" diff --git a/nixpkgs/pkgs/tools/security/oauth2c/default.nix b/nixpkgs/pkgs/tools/security/oauth2c/default.nix index 15d8f4529907..2cc9a05e3d15 100644 --- a/nixpkgs/pkgs/tools/security/oauth2c/default.nix +++ b/nixpkgs/pkgs/tools/security/oauth2c/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "oauth2c"; - version = "1.12.3"; + version = "1.13.0"; src = fetchFromGitHub { owner = "cloudentity"; repo = pname; rev = "v${version}"; - hash = "sha256-4ZCb8BXrKGXJ8d06fxAuFkGRxcK7PwuPFuCBc9EIXZY="; + hash = "sha256-NNVHEV8qnPv+xXFzPsh1V+fSOQZxpADCRPIUsak5M5M="; }; - vendorHash = "sha256-olDtsLoslxOsbAq60RnLp9MGZOt17/BPo9E9SgWOqoQ="; + vendorHash = "sha256-x6cb19rKJXm+EIxJeykhpFmUYOPb/VljzCOVjorP5MQ="; doCheck = false; # tests want to talk to oauth2c.us.authz.cloudentity.io diff --git a/nixpkgs/pkgs/tools/security/osv-scanner/default.nix b/nixpkgs/pkgs/tools/security/osv-scanner/default.nix index 5d48ceb67e9e..26dfe919c428 100644 --- a/nixpkgs/pkgs/tools/security/osv-scanner/default.nix +++ b/nixpkgs/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.5.0"; + version = "1.6.2"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-wWycONThNIqiSbpsopsc9AbAxOToWkTiNzkJ2I8Z0t4="; + hash = "sha256-/V0zn4Aic6tBJw23YJWkyeCZXf/ehIZlKWd9TZXe40Y="; }; - vendorHash = "sha256-CiRvryjBp3nUrPRxNqM88p4856yT+BuIsjvYuE+DmqI="; + vendorHash = "sha256-wIXc0YYTdcnUBNbypVwZJ/RNTmaeMteEujmgs5WJ1g0="; subPackages = [ "cmd/osv-scanner" @@ -24,7 +24,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-X main.version=${version}" + "-X github.com/google/osv-scanner/internal/version.OSVVersion=${version}" "-X main.commit=n/a" "-X main.date=1970-01-01T00:00:00Z" ]; diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix index 74e9dab46a7e..365f81759cce 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/audit/default.nix @@ -41,7 +41,7 @@ in stdenv.mkDerivation rec { installFlags = [ "DESTDIR=${placeholder "out"}" "PREFIX=" ]; postInstall = '' wrapProgram $out/lib/password-store/extensions/audit.bash \ - --prefix PYTHONPATH : "$out/lib/${pythonEnv.libPrefix}/site-packages" \ + --prefix PYTHONPATH : "$out/${pythonEnv.sitePackages}" \ --run "export COMMAND" ''; diff --git a/nixpkgs/pkgs/tools/security/pass2csv/default.nix b/nixpkgs/pkgs/tools/security/pass2csv/default.nix index 95649695bfff..aad6338391ee 100644 --- a/nixpkgs/pkgs/tools/security/pass2csv/default.nix +++ b/nixpkgs/pkgs/tools/security/pass2csv/default.nix @@ -7,12 +7,12 @@ buildPythonApplication rec { pname = "pass2csv"; - version = "1.0.0"; - format = "pyproject"; + version = "1.1.1"; + pyproject = true; src = fetchPypi { inherit pname version; - sha256 = "sha256-a/PQl/nqdj9xOM2hfAIiLuGy5F4KmEWFJihZ4gilaJw="; + hash = "sha256-p7r+zDakKy/N+RbxAfGatvkYCDKRh5T3owoYUrHJ5N0="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix index 08a4b5b08d02..2b55b76b6654 100644 --- a/nixpkgs/pkgs/tools/security/pcsclite/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation (finalAttrs: { inherit pname; version = "2.0.1"; - outputs = [ "bin" "out" "dev" "doc" "man" ]; + outputs = [ "out" "lib" "dev" "doc" "man" ]; src = fetchFromGitLab { domain = "salsa.debian.org"; @@ -39,13 +39,21 @@ stdenv.mkDerivation (finalAttrs: { (lib.enableFeature polkitSupport "polkit") ] ++ lib.optionals stdenv.isLinux [ "--enable-ipcdir=/run/pcscd" - "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" ]; makeFlags = [ "POLICY_DIR=$(out)/share/polkit-1/actions" ]; + # disable building pcsc-wirecheck{,-gen} when cross compiling + # see also: https://github.com/LudovicRousseau/PCSC/issues/25 + postPatch = lib.optionalString (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' + substituteInPlace src/Makefile.am \ + --replace "noinst_PROGRAMS = testpcsc pcsc-wirecheck pcsc-wirecheck-gen" \ + "noinst_PROGRAMS = testpcsc" + ''; + postInstall = '' # pcsc-spy is a debugging utility and it drags python into the closure moveToOutput bin/pcsc-spy "$dev" diff --git a/nixpkgs/pkgs/tools/security/pgpdump/default.nix b/nixpkgs/pkgs/tools/security/pgpdump/default.nix index 60dc724d5aa9..9ebe0d920027 100644 --- a/nixpkgs/pkgs/tools/security/pgpdump/default.nix +++ b/nixpkgs/pkgs/tools/security/pgpdump/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "pgpdump"; - version = "0.35"; + version = "0.36"; src = fetchFromGitHub { owner = "kazu-yamamoto"; repo = "pgpdump"; rev = "v${version}"; - sha256 = "sha256-GjPy/feF437WtDqbEn1lGwWayWtvKhqsyJFMuH3IFl4="; + sha256 = "sha256-JKedgHCTDnvLyLR3nGl4XFAaxXDU1TgHrxPMlRFwtBo="; }; buildInputs = lib.optionals supportCompressedPackets [ zlib bzip2 ]; diff --git a/nixpkgs/pkgs/tools/security/psudohash/default.nix b/nixpkgs/pkgs/tools/security/psudohash/default.nix index d5be9f9a772b..7a42d1900db3 100644 --- a/nixpkgs/pkgs/tools/security/psudohash/default.nix +++ b/nixpkgs/pkgs/tools/security/psudohash/default.nix @@ -1,8 +1,7 @@ -{ - lib, - fetchFromGitHub, - stdenv, - python3 +{ lib +, stdenv +, fetchFromGitHub +, python3 }: stdenv.mkDerivation rec { @@ -12,11 +11,14 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "t3l3machus"; repo = "psudohash"; + # https://github.com/t3l3machus/psudohash/issues/8 rev = "2d586dec8b5836546ae54b924eb59952a7ee393c"; hash = "sha256-l/Rp9405Wf6vh85PFrRTtTLJE7GPODowseNqEw42J18="; }; - buildInputs = [ python3 ]; + buildInputs = [ + python3 + ]; installPhase = '' runHook preInstall @@ -36,5 +38,6 @@ stdenv.mkDerivation rec { homepage = "https://github.com/t3l3machus/psudohash"; license = licenses.mit; maintainers = with maintainers; [ exploitoverload ]; + mainProgram = "psudohash"; }; } diff --git a/nixpkgs/pkgs/tools/security/quark-engine/default.nix b/nixpkgs/pkgs/tools/security/quark-engine/default.nix index e67dd3f8b944..1e9cf9168aed 100644 --- a/nixpkgs/pkgs/tools/security/quark-engine/default.nix +++ b/nixpkgs/pkgs/tools/security/quark-engine/default.nix @@ -6,16 +6,21 @@ python3.pkgs.buildPythonApplication rec { pname = "quark-engine"; - version = "23.9.1"; - format = "setuptools"; + version = "24.2.1"; + pyproject = true; src = fetchFromGitHub { owner = pname; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-E9efhgMGN9lvMlFeZqo6xco75TtQsXULOzKX00pjqMM="; + sha256 = "sha256-77yfysmFEneVOiejoCooi1buqEM/Ljv5xqjKv17DFWE="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + pythonRelaxDepsHook + ]; + propagatedBuildInputs = with python3.pkgs; [ androguard click @@ -26,10 +31,16 @@ python3.pkgs.buildPythonApplication rec { plotly prettytable prompt-toolkit + r2pipe rzpipe + setuptools tqdm ]; + pythonRelaxDeps = [ + "r2pipe" + ]; + # Project has no tests doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix deleted file mode 100644 index 44b67e96a1e0..000000000000 --- a/nixpkgs/pkgs/tools/security/rage/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib -, stdenv -, rustPlatform -, fetchFromGitHub -, installShellFiles -, Foundation -}: - -rustPlatform.buildRustPackage rec { - pname = "rage"; - version = "0.9.2"; - - src = fetchFromGitHub { - owner = "str4d"; - repo = pname; - rev = "v${version}"; - hash = "sha256-hFuuwmwe0ti4Y8mSJyNqUIhZjFC6qtv6W5cwtNjPUFQ="; - }; - - cargoHash = "sha256-1gtLWU6uiWzUfYy9y3pb2vcnUC3H+Mf9rglmqNd989M="; - - nativeBuildInputs = [ - installShellFiles - ]; - - buildInputs = lib.optionals stdenv.isDarwin [ - Foundation - ]; - - # cargo test has an x86-only dependency - doCheck = stdenv.hostPlatform.isx86; - - postBuild = '' - cargo run --example generate-docs - cargo run --example generate-completions - ''; - - postInstall = '' - installManPage target/manpages/* - installShellCompletion target/completions/*.{bash,fish,zsh} - ''; - - meta = with lib; { - description = "A simple, secure and modern encryption tool with small explicit keys, no config options, and UNIX-style composability"; - homepage = "https://github.com/str4d/rage"; - changelog = "https://github.com/str4d/rage/raw/v${version}/rage/CHANGELOG.md"; - license = with licenses; [ asl20 mit ]; # either at your option - maintainers = with maintainers; [ marsam ryantm ]; - mainProgram = "rage"; - }; -} diff --git a/nixpkgs/pkgs/tools/security/rekor/default.nix b/nixpkgs/pkgs/tools/security/rekor/default.nix index afc07a63d603..dc20ca7b7c53 100644 --- a/nixpkgs/pkgs/tools/security/rekor/default.nix +++ b/nixpkgs/pkgs/tools/security/rekor/default.nix @@ -4,13 +4,13 @@ let generic = { pname, packageToBuild, description }: buildGoModule rec { inherit pname; - version = "1.3.4"; + version = "1.3.5"; src = fetchFromGitHub { owner = "sigstore"; repo = "rekor"; rev = "v${version}"; - hash = "sha256-vU/qxCMCC2XWH79Z7cGhMlqMeQOMghTPDfROWdusKX4="; + hash = "sha256-g/APpfvG1MMTYZfPSXKNa9DdWrOrjOk8uQV3QyzCQjY="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -23,7 +23,7 @@ let ''; }; - vendorHash = "sha256-qhBbzYYayRktBQi9HtzuxBIlSdNIOD/agCFFNEvlcBc="; + vendorHash = "sha256-6ZJ3IgnzoZSDL1+CMYUDumXf1uO+odZ8Y5IZq3GN4bY="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix index 817f45995643..4f12607ff06a 100644 --- a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "sigma-cli"; - version = "0.7.11"; + version = "1.0.0"; pyproject = true; src = fetchFromGitHub { owner = "SigmaHQ"; repo = "sigma-cli"; rev = "refs/tags/v${version}"; - hash = "sha256-cNrI+YWwLK9sgvVYPOcTXW29omVRqnhh/458FuaoODo="; + hash = "sha256-TVsWGExs4diHoAhfbUs2q9Dh9xVr8WyDRMRhhAFpB8A="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix b/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix index d02b574b1563..5a6ab18a49ec 100644 --- a/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix +++ b/nixpkgs/pkgs/tools/security/slsa-verifier/default.nix @@ -27,7 +27,6 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-buildid=" "-X sigs.k8s.io/release-utils/version.gitVersion=${version}" ]; diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix index 397f7eb832e7..66f89f77e8ea 100644 --- a/nixpkgs/pkgs/tools/security/sn0int/default.nix +++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -1,10 +1,12 @@ { lib , fetchFromGitHub , rustPlatform -, libsodium , libseccomp -, sqlite +, libsodium , pkg-config +, pkgs +, sqlite +, stdenv }: rustPlatform.buildRustPackage rec { @@ -26,8 +28,11 @@ rustPlatform.buildRustPackage rec { buildInputs = [ libsodium - libseccomp sqlite + ] ++ lib.optionals stdenv.isLinux [ + libseccomp + ] ++ lib.optionals stdenv.isDarwin [ + pkgs.darwin.apple_sdk.frameworks.Security ]; # One of the dependencies (chrootable-https) tries to read "/etc/resolv.conf" @@ -40,6 +45,6 @@ rustPlatform.buildRustPackage rec { changelog = "https://github.com/kpcyrd/sn0int/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab xrelkd ]; - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.darwin; }; } diff --git a/nixpkgs/pkgs/tools/security/sslscan/default.nix b/nixpkgs/pkgs/tools/security/sslscan/default.nix index 6f5999978a10..529b1bb1683e 100644 --- a/nixpkgs/pkgs/tools/security/sslscan/default.nix +++ b/nixpkgs/pkgs/tools/security/sslscan/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "sslscan"; - version = "2.1.2"; + version = "2.1.3"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "refs/tags/${version}"; - hash = "sha256-6teCWzv9DXhGSBjyIurRW3ymSTwMUlbJGjuXmsqpkUc="; + hash = "sha256-oLlMeFVicDwr2XjCX/0cBMTXLKB8js50646uAf3tP9k="; }; buildInputs = [ openssl ]; diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix index 5c1463ec117b..6bdbfa02d62a 100644 --- a/nixpkgs/pkgs/tools/security/step-ca/default.nix +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -23,10 +23,6 @@ buildGoModule rec { vendorHash = "sha256-AXMMpzXEhdKSGeVg/KK2NEgalxIXP6DUTcoxOQVqow4="; - ldflags = [ - "-buildid=" - ]; - nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; diff --git a/nixpkgs/pkgs/tools/security/step-cli/default.nix b/nixpkgs/pkgs/tools/security/step-cli/default.nix index 53a0a44588a2..4ba73b2ac2e5 100644 --- a/nixpkgs/pkgs/tools/security/step-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/step-cli/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "step-cli"; - version = "0.25.1"; + version = "0.25.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "cli"; rev = "refs/tags/v${version}"; - hash = "sha256-Lltlvr/Hvh2W8MiB5WC3RmQcHg6kRPau7Fvvaqm60MQ="; + hash = "sha256-umo0f4cXxnxg3xH1aHeJE2brUT9w+Gp+0Qzq4zIQ8oI="; }; ldflags = [ @@ -25,7 +25,7 @@ buildGoModule rec { rm command/certificate/remote_test.go ''; - vendorHash = "sha256-dhJrDhMnPb985W3YP7+W8GHuMpkkZJcxks27TThj2YE="; + vendorHash = "sha256-R9UJHXs35/yvwlqu1iR3lJN/w8DWMqw48Kc+7JKfD7I="; meta = with lib; { description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; diff --git a/nixpkgs/pkgs/tools/security/step-kms-plugin/default.nix b/nixpkgs/pkgs/tools/security/step-kms-plugin/default.nix index 9e948bf52dd6..2a141e7012b9 100644 --- a/nixpkgs/pkgs/tools/security/step-kms-plugin/default.nix +++ b/nixpkgs/pkgs/tools/security/step-kms-plugin/default.nix @@ -11,16 +11,16 @@ buildGoModule rec { pname = "step-kms-plugin"; - version = "0.9.2"; + version = "0.10.0"; src = fetchFromGitHub { owner = "smallstep"; repo = pname; rev = "v${version}"; - hash = "sha256-l0MMcLghhqVVQAdhk0a0nDqYvJbXCV2PFbRtiGQcDn0="; + hash = "sha256-TmIQjkIESZm6u7CajyJGgf1xm3SvjA6EINUAKehzafs="; }; - vendorHash = "sha256-3du8KlM08N5hKmzZWYZdfPOL5R+BspbK6ABF+RSJzHg="; + vendorHash = "sha256-mwi7ux4pnnotdwW6v0j+q8mx5i7W6fJVuAKOEqVDueY="; proxyVendor = true; diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix index 0f1cc974b4b3..996baca2567f 100644 --- a/nixpkgs/pkgs/tools/security/sudo/default.nix +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -12,13 +12,13 @@ , withSssd ? false }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "sudo"; - version = "1.9.15p4"; + version = "1.9.15p5"; src = fetchurl { - url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - hash = "sha256-LiDsmGXu7qExbG9J7GrEZ4hptonU2QtEJDv0iH1t1TI="; + url = "https://www.sudo.ws/dist/sudo-${finalAttrs.version}.tar.gz"; + hash = "sha256-VY0QuaGZH7O5+n+nsH7EQFt677WzywsIcdvIHjqI5Vg="; }; prePatch = '' @@ -85,5 +85,6 @@ stdenv.mkDerivation rec { license = with licenses; [ sudo bsd2 bsd3 zlib ]; maintainers = with maintainers; [ delroth ]; platforms = platforms.linux; + mainProgram = "sudo"; }; -} +}) diff --git a/nixpkgs/pkgs/tools/security/tell-me-your-secrets/default.nix b/nixpkgs/pkgs/tools/security/tell-me-your-secrets/default.nix index c01308e0de6e..a85a62fdfcc3 100644 --- a/nixpkgs/pkgs/tools/security/tell-me-your-secrets/default.nix +++ b/nixpkgs/pkgs/tools/security/tell-me-your-secrets/default.nix @@ -6,7 +6,7 @@ python3.pkgs.buildPythonApplication rec { pname = "tell-me-your-secrets"; version = "2.4.2"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "valayDave"; @@ -17,6 +17,7 @@ python3.pkgs.buildPythonApplication rec { pythonRelaxDeps = [ "gitignore-parser" + "pandas" ]; nativeBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix index 812b30f0df9a..ad5152e7e1fe 100644 --- a/nixpkgs/pkgs/tools/security/theharvester/default.nix +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "theharvester"; - version = "4.5.0"; + version = "4.5.1"; pyproject = true; src = fetchFromGitHub { owner = "laramies"; repo = "theharvester"; rev = "refs/tags/${version}"; - hash = "sha256-tnCiI4bte2RSWSkEL2rwFz6WFjfRMMFiEBOvv3QMyos="; + hash = "sha256-yfi1+SCCLCV3SJ28EVmR6V2i3O92iVRBo4EwHbKKcYY="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/tlsx/default.nix b/nixpkgs/pkgs/tools/security/tlsx/default.nix index 10915cad9ecd..2ba9be6315b7 100644 --- a/nixpkgs/pkgs/tools/security/tlsx/default.nix +++ b/nixpkgs/pkgs/tools/security/tlsx/default.nix @@ -5,16 +5,21 @@ buildGoModule rec { pname = "tlsx"; - version = "1.1.5"; + version = "1.1.6"; src = fetchFromGitHub { owner = "projectdiscovery"; - repo = pname; - rev = "v${version}"; - hash = "sha256-lS/D3p8Q6Zu3/XxwkC77fPS9cXVrUTkDPGd46Y+krbo="; + repo = "tlsx"; + rev = "refs/tags/v${version}"; + hash = "sha256-FF5/STjf8joyJM6qPds1wFeRfncSamy/wWfNRZcG5kc="; }; - vendorHash = "sha256-aEsq9LwU/ZWvuZGGzZ4NEvMWFk1m/Sr9LOXiCA/X388="; + vendorHash = "sha256-sJravmpvwOSZiVNWFUTLlTA4xk6drItDj4JzR8JNrOo="; + + ldflags = [ + "-s" + "-w" + ]; # Tests require network access doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/tor/torsocks-gethostbyaddr-darwin.patch b/nixpkgs/pkgs/tools/security/tor/torsocks-gethostbyaddr-darwin.patch new file mode 100644 index 000000000000..d7d834271a94 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tor/torsocks-gethostbyaddr-darwin.patch @@ -0,0 +1,33 @@ +diff --git a/tests/test_dns.c b/tests/test_dns.c +index 7e07663..acf095c 100644 +--- a/tests/test_dns.c ++++ b/tests/test_dns.c +@@ -76,6 +76,8 @@ static void test_gethostbyname(const struct test_host *host) + return; + } + ++#ifdef __linux__ ++ + static void test_gethostbyaddr_r_failed(void) + { + int result; +@@ -129,6 +131,8 @@ static void test_gethostbyaddr_r(const struct test_host *host) + ok(1, "Resolved address"); + } + ++#endif ++ + static void test_gethostbyaddr(const struct test_host *host) + { + struct hostent *he; +@@ -199,8 +203,10 @@ int main(int argc, char **argv) + test_getaddrinfo(&tor_check); + test_gethostbyname(&tor_dir_auth1); + test_gethostbyaddr(&tor_dir_auth2); ++#ifdef __linux__ + test_gethostbyaddr_r(&tor_dir_auth2); + test_gethostbyaddr_r_failed(); ++#endif + test_getaddrinfo(&tor_localhost); + + end: diff --git a/nixpkgs/pkgs/tools/security/tor/torsocks.nix b/nixpkgs/pkgs/tools/security/tor/torsocks.nix index 16eeca0ffad7..6c5be8fcc7bd 100644 --- a/nixpkgs/pkgs/tools/security/tor/torsocks.nix +++ b/nixpkgs/pkgs/tools/security/tor/torsocks.nix @@ -1,22 +1,39 @@ -{ lib, stdenv, fetchgit, fetchurl, autoreconfHook, libcap }: +{ lib +, stdenv +, fetchFromGitLab +, fetchpatch +, autoreconfHook +, libcap +}: stdenv.mkDerivation rec { pname = "torsocks"; - version = "2.3.0"; + version = "2.4.0"; - src = fetchgit { - url = "https://git.torproject.org/torsocks.git"; - rev = "refs/tags/v${version}"; - sha256 = "0x0wpcigf22sjxg7bm0xzqihmsrz51hl4v8xf91qi4qnmr4ny1hb"; + src = fetchFromGitLab { + domain = "gitlab.torproject.org"; + group = "tpo"; + owner = "core"; + repo = "torsocks"; + rev = "v${version}"; + sha256 = "sha256-ocJkoF9LMLC84ukFrm5pzjp/1gaXqDz8lzr9TdG+f88="; }; - nativeBuildInputs = [ autoreconfHook ]; - - patches = lib.optional stdenv.isDarwin - (fetchurl { - url = "https://trac.torproject.org/projects/tor/raw-attachment/ticket/28538/0001-Fix-macros-for-accept4-2.patch"; - sha256 = "97881f0b59b3512acc4acb58a0d6dfc840d7633ead2f400fad70dda9b2ba30b0"; - }); + patches = [ + # fix compatibility with C99 + # https://gitlab.torproject.org/tpo/core/torsocks/-/merge_requests/9 + (fetchpatch { + url = "https://gitlab.torproject.org/tpo/core/torsocks/-/commit/1171bf2fd4e7a0cab02cf5fca59090b65af9cd29.patch"; + hash = "sha256-qu5/0fy72+02QI0cVE/6YrR1kPuJxsZfG8XeODqVOPY="; + }) + # tsocks_libc_accept4 only exists on Linux, use tsocks_libc_accept on other platforms + (fetchpatch { + url = "https://gitlab.torproject.org/tpo/core/torsocks/uploads/eeec9833512850306a42a0890d283d77/0001-Fix-macros-for-accept4-2.patch"; + hash = "sha256-XWi8+UFB8XgBFSl5QDJ+hLu/dH4CvAwYbeZz7KB10Bs="; + }) + # no gethostbyaddr_r on darwin + ./torsocks-gethostbyaddr-darwin.patch + ]; postPatch = '' # Patch torify_app() @@ -29,12 +46,14 @@ stdenv.mkDerivation rec { src/bin/torsocks.in ''; + nativeBuildInputs = [ autoreconfHook ]; + doInstallCheck = true; installCheckTarget = "check-recursive"; meta = { description = "Wrapper to safely torify applications"; - homepage = "https://github.com/dgoulet/torsocks"; + homepage = "https://gitlab.torproject.org/tpo/core/torsocks"; license = lib.licenses.gpl2; platforms = lib.platforms.unix; maintainers = with lib.maintainers; [ thoughtpolice ]; diff --git a/nixpkgs/pkgs/tools/security/trueseeing/default.nix b/nixpkgs/pkgs/tools/security/trueseeing/default.nix index 8ab38a9a44d2..5feccbb2d8be 100644 --- a/nixpkgs/pkgs/tools/security/trueseeing/default.nix +++ b/nixpkgs/pkgs/tools/security/trueseeing/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "trueseeing"; - version = "2.1.9"; + version = "2.1.10"; pyproject = true; src = fetchFromGitHub { owner = "alterakey"; repo = "trueseeing"; rev = "refs/tags/v${version}"; - hash = "sha256-g5OqdnPtGGV4wBwPRAjH3lweguwlfVcgpNLlq54OHKA="; + hash = "sha256-q7hUsBmTRPizmNWueFtFDc5t7rd1evMrBj3oX1Q2VfM="; }; nativeBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix index 2ad22b513d83..cfb6fb85b82b 100644 --- a/nixpkgs/pkgs/tools/security/trufflehog/default.nix +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.63.10"; + version = "3.67.5"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-yxeXJXHSwouDzT1u8e29piqMs20VYh4pwKFFllOCJqM="; + hash = "sha256-163tIYqWUvfbN4Vh+nqQ98nHHFwEg0esJplBB5ivqOY="; }; - vendorHash = "sha256-eD6PcJgwulwMbizUBDr2jLwVfsAdxiQWFqqe17wNqp0="; + vendorHash = "sha256-Kp78cAg3zpxZkJlVAvaxbq6GvUH/4HTH6Xz9EIo9tc0="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/trustymail/default.nix b/nixpkgs/pkgs/tools/security/trustymail/default.nix index eb384ce16253..88d321708886 100644 --- a/nixpkgs/pkgs/tools/security/trustymail/default.nix +++ b/nixpkgs/pkgs/tools/security/trustymail/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "trustymail"; - version = "0.8.1"; + version = "0.8.3"; format = "setuptools"; src = fetchFromGitHub { owner = "cisagov"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-hKiQWAOzUjmoCcEH9OTgkgU7s1V+Vv3+93OLkqDRDoU="; + hash = "sha256-aFXz78Gviki0yIcnn2EgR3mHmt0wMoY5u6RoT6zQc1Y="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/vals/default.nix b/nixpkgs/pkgs/tools/security/vals/default.nix index 8f25dc1a211a..5000615b4eab 100644 --- a/nixpkgs/pkgs/tools/security/vals/default.nix +++ b/nixpkgs/pkgs/tools/security/vals/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "vals"; - version = "0.32.0"; + version = "0.33.1"; src = fetchFromGitHub { rev = "v${version}"; owner = "variantdev"; repo = pname; - sha256 = "sha256-UBN0QMrYyYm7O1MrduGmXOSLZ5Qwjq0LMgvWhoVwzGI="; + sha256 = "sha256-5+yaDcHqOt+bOdQIv4rDJuiR7acbkQvHJEfvc058+b8="; }; - vendorHash = "sha256-2gS4m+eQSrXcMtT/7AzPW5KcGww8gSJm2doyBa6pLHQ="; + vendorHash = "sha256-Lt6OPA6k+zXIahZR8F36YWruCtUsoQKb/LgzJ5NIcx8="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/vault-medusa/default.nix b/nixpkgs/pkgs/tools/security/vault-medusa/default.nix index 9cd6bd1fd46e..382a732cf6b5 100644 --- a/nixpkgs/pkgs/tools/security/vault-medusa/default.nix +++ b/nixpkgs/pkgs/tools/security/vault-medusa/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "vault-medusa"; - version = "0.4.1"; + version = "0.7.0"; src = fetchFromGitHub { owner = "jonasvinther"; repo = "medusa"; rev = "v${version}"; - sha256 = "sha256-VL22p723LDHpn+WhKoPm3u1uSTMofJpy3tZNlgcWQSk="; + sha256 = "sha256-8lbaXcu+o+grbFPJxZ6p/LezxDFCUvOQyX49zX4V/v0="; }; - vendorHash = "sha256-pptAtzw9vRguQJK73kjfM/wnTJDekXBWV3Yeb8p8LOY="; + vendorHash = "sha256-/8wusZt0BQ//HCokjiSpsgsGb19FggrGrEuhCrwm9L0="; meta = with lib; { description = "A cli tool for importing and exporting Hashicorp Vault secrets"; diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index ddb4532e2af1..0db950ddca54 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.15.4"; + version = "1.15.5"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-Q+j5AS8ccAfqjtPQ/y6Bfga3IxMhE5SZWxZK5OUCJ34="; + sha256 = "sha256-KDQgiG+HSkLjiJfej9VqTcPZxOMMTh9n9yTDGfiGF3g="; }; - vendorHash = "sha256-YEEvFAZ+VqmFR3TLJ0ztgWbT2C5r5pfYM4dmCf8G7sw="; + vendorHash = "sha256-fNUoeyBVci/S4LCpAPYjVbf8r+ROB5uL1TaUKJZsNes="; proxyVendor = true; diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index abb548e68775..88430d842841 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "vault-bin"; - version = "1.15.4"; + version = "1.15.5"; src = let @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; sha256 = selectSystem { - x86_64-linux = "sha256-E1tNqPkaZVnJXtV+ENt2Ajpdq0AYMPZSFMLAFiSxknY="; - aarch64-linux = "sha256-p+pYU4WenDHZmQQQFTm2ttHjxL+63NWy8G+cbAZLJEI="; - i686-linux = "sha256-FoClSgz/QAD7uktFcYmKsCXnS8kIm8a7BLd2N29Z/fE="; - x86_64-darwin = "sha256-Lykhs/tTFDBqk8SJ26k712oMUAhXlmBeNNi3Ve/M1B4="; - aarch64-darwin = "sha256-r9OamlIgFUGgIFX1baQCdBsDGmPwZoTVu+Zab99KnhM="; + x86_64-linux = "sha256-WchJdMn8PkCu3MydY6ssbXpMCaQBlDbyTQ1kF69KQ+0="; + aarch64-linux = "sha256-tjLyPC156q8y4RKB0+QVIxiXbkW6/qTytCC0WhOo8xU="; + i686-linux = "sha256-TSAhomxTIKSHE0BE1jiL9a15hpGRmF7clFbTwsrDxuk="; + x86_64-darwin = "sha256-vG3S84P7+zvQnIjohPHN3JefN4wM9uDdPqindnwlXpE="; + aarch64-darwin = "sha256-nQsKXD+1gGclUoZLlUpA6k9QuNv/NQ+roRa6kvXCIXQ="; }; in fetchzip { diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix index 762c8312c1e6..3261dc5a923c 100644 --- a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix @@ -9,16 +9,16 @@ in rustPlatform.buildRustPackage rec { pname = "vaultwarden"; - version = "1.30.1"; + version = "1.30.3"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - hash = "sha256-9JCrEe0tla4v207XPgprLqP3g0BslpX8f7xa9aUhQcg="; + hash = "sha256-vUAgW/kTFO9yzWFIWqM1f6xEZYH8ojIdt2eOhP9ID8g="; }; - cargoHash = "sha256-4KyBMOdTAHe5uD6X69gMd0aqIo4w2Rqrlg+25yY2B6o="; + cargoHash = "sha256-+FmVkemZTlFOf+fnTJED3u13pXeAuP/wIvEb96Vwa6I="; nativeBuildInputs = [ pkg-config ]; buildInputs = with lib; [ openssl ] @@ -37,8 +37,9 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "Unofficial Bitwarden compatible server written in Rust"; homepage = "https://github.com/dani-garcia/vaultwarden"; + changelog = "https://github.com/dani-garcia/vaultwarden/releases/tag/${version}"; license = licenses.agpl3Only; - maintainers = with maintainers; [ msteen ivan ]; + maintainers = with maintainers; [ SuperSandro2000 ivan ]; mainProgram = "vaultwarden"; }; } diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix b/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix index 92948bae4bf1..6dae287e869f 100644 --- a/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix +++ b/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix @@ -7,13 +7,13 @@ }: let - version = "2024.1.1"; + version = "2024.1.2"; bw_web_builds = fetchFromGitHub { owner = "dani-garcia"; repo = "bw_web_builds"; rev = "v${version}"; - hash = "sha256-xtfpxcJLP0C4FdnO45gsaecOWJ/cKC++Abm7iatTH1Y="; + hash = "sha256-XpFGLZpX5BeP6cEZfGlNnh94aS6As0eCnllVyHLrOWo="; }; in buildNpmPackage rec { @@ -24,13 +24,13 @@ in buildNpmPackage rec { owner = "bitwarden"; repo = "clients"; rev = "web-v${lib.removeSuffix "b" version}"; - hash = "sha256-695iCkFhPEyyI4ekbjsdWpxgPy+bX392/X30HyL4F4Y="; + hash = "sha256-hzAkVzaCjwoZ/PMnsnSmsqUBWLhqfPWuWVujChy0V38="; }; - npmDepsHash = "sha256-IJ5JVz9hHu3NOzFJAyzfhsMfPQgYQGntDEDuBMI/iZc="; + npmDepsHash = "sha256-KTqPf8jy8cgGz0+1GssSzEfPVSSQlLenLPgHggNoGfc="; postPatch = '' - cp -r ${bw_web_builds}/{patches,resources} .. + ln -s ${bw_web_builds}/{patches,resources} .. PATH="${git}/bin:$PATH" VAULT_VERSION="${lib.removePrefix "web-" src.rev}" \ bash ${bw_web_builds}/scripts/apply_patches.sh ''; @@ -66,6 +66,7 @@ in buildNpmPackage rec { meta = with lib; { description = "Integrates the web vault into vaultwarden"; homepage = "https://github.com/dani-garcia/bw_web_builds"; + changelog = "https://github.com/dani-garcia/bw_web_builds/releases/tag/v${version}"; platforms = platforms.all; license = licenses.gpl3Plus; maintainers = with maintainers; [ dotlambda msteen mic92 ]; diff --git a/nixpkgs/pkgs/tools/security/volatility3/default.nix b/nixpkgs/pkgs/tools/security/volatility3/default.nix index 221ed6ae639d..7f6307687323 100644 --- a/nixpkgs/pkgs/tools/security/volatility3/default.nix +++ b/nixpkgs/pkgs/tools/security/volatility3/default.nix @@ -5,15 +5,20 @@ python3.pkgs.buildPythonApplication rec { pname = "volatility3"; - version = "2.5.0"; + version = "2.5.2"; + pyproject = true; src = fetchFromGitHub { owner = "volatilityfoundation"; - repo = pname; + repo = "volatility3"; rev = "refs/tags/v${version}"; - hash = "sha256-yutQbrWmJGDsTccQcR+HtC8JvgmsXfCxbxxcMLDx5vk="; + hash = "sha256-tghwDDfy8TohqTn9WQvmEal3qK0OKKq7GvGnPGTble0="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ capstone jsonschema diff --git a/nixpkgs/pkgs/tools/security/yara/default.nix b/nixpkgs/pkgs/tools/security/yara/default.nix index 83f772d48410..946a424ca681 100644 --- a/nixpkgs/pkgs/tools/security/yara/default.nix +++ b/nixpkgs/pkgs/tools/security/yara/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchFromGitHub +, fetchpatch , autoreconfHook , pcre , pkg-config @@ -24,6 +25,15 @@ stdenv.mkDerivation rec { hash = "sha256-axHFy7YwLhhww+lh+ORyW6YG+T385msysIHK5SMyhMk="; }; + # FIXME: make unconditional on staging + patches = lib.optionals (!stdenv.hostPlatform.isGnu && !stdenv.hostPlatform.isDarwin) [ + (fetchpatch { + name = "musl.patch"; + url = "https://github.com/VirusTotal/yara/commit/515ed861cf30e154b14a69ffd46c347fb81df72f.patch"; + hash = "sha256-2scnUyz0SSkNRlsVQapPgI1ATIPXEogqtxbimYYq4Jo="; + }) + ]; + nativeBuildInputs = [ autoreconfHook pkg-config diff --git a/nixpkgs/pkgs/tools/security/zeekscript/default.nix b/nixpkgs/pkgs/tools/security/zeekscript/default.nix index c1ab0cb4a190..eb7d097c5d74 100644 --- a/nixpkgs/pkgs/tools/security/zeekscript/default.nix +++ b/nixpkgs/pkgs/tools/security/zeekscript/default.nix @@ -5,12 +5,12 @@ python3.pkgs.buildPythonApplication rec { pname = "zeekscript"; - version = "1.2.1"; - format = "pyproject"; + version = "1.2.8"; + pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-LogI9sJHvLN5WHJGdW47D09XZInKln/I2hNmG62d1JU="; + hash = "sha256-v0PJY0Ahxa4k011AwtWSIAWBXvt3Aybrd382j1SIT6M="; }; postPatch = '' |