diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-12-06 19:57:55 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:48:30 +0000 |
| commit | bf3aadfdd39aa197e18bade671fab6726349ffa4 (patch) | |
| tree | 698567af766ed441d757b57a7b21e68d4a342a2b /nixpkgs/pkgs/tools/security | |
| parent | f4afc5a01d9539ce09e47494e679c51f80723d07 (diff) | |
| parent | 99665eb45f58d959d2cb9e49ddb960c79d596f33 (diff) | |
| download | nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.gz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.bz2 nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.lz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.xz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.zst nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.zip | |
Merge commit '99665eb45f58d959d2cb9e49ddb960c79d596f33'
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
318 files changed, 6439 insertions, 2982 deletions
diff --git a/nixpkgs/pkgs/tools/security/adenum/default.nix b/nixpkgs/pkgs/tools/security/adenum/default.nix new file mode 100644 index 000000000000..8bcac264d95d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/adenum/default.nix @@ -0,0 +1,48 @@ +{ lib +, stdenv +, fetchFromGitHub +, john +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "adenum"; + version = "unstable-2022-04-01"; + format = "other"; + + src = fetchFromGitHub { + owner = "SecuProject"; + repo = "ADenum"; + rev = "0e3576eca1d987d3ef22d53fc725189bb301e804"; + hash = "sha256-8s4Kmt4ZjYbQGGVDWKfuRZ6kthcL8FiQytoq9Koy7Kc="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + impacket + pwntools + ldap + ] ++ [ + john + ]; + + installPhase = '' + runHook preInstall + + # Add shebang so we can patch it + sed -i -e '1i#!/usr/bin/python' ADenum.py + patchShebangs ADenum.py + install -vD ADenum.py $out/bin/adenum + + runHook postInstall + ''; + + # Project has no tests + doCheck = false; + + meta = with lib; { + description = "Tool to find misconfiguration through LDAP"; + homepage = "https://github.com/SecuProject/ADenum"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/adreaper/default.nix b/nixpkgs/pkgs/tools/security/adreaper/default.nix new file mode 100644 index 000000000000..e0329a83f62b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/adreaper/default.nix @@ -0,0 +1,33 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "adreaper"; + version = "1.1"; + + src = fetchFromGitHub { + owner = "AidenPearce369"; + repo = "ADReaper"; + rev = "ADReaperv${version}"; + sha256 = "sha256-+FCb5TV9MUcRyex2M4rn2RhcIsXQFbtm1T4r7MpcRQs="; + }; + + vendorSha256 = "sha256-lU39kj/uz0l7Rodsu6+UMv2o579eu1KUbutUNZni7bM="; + + postInstall = lib.optionalString (!stdenv.isDarwin) '' + mv $out/bin/ADReaper $out/bin/$pname + ''; + + meta = with lib; { + description = "Enumeration tool for Windows Active Directories"; + homepage = "https://github.com/AidenPearce369/ADReaper"; + # Upstream doesn't have a license yet + # https://github.com/AidenPearce369/ADReaper/issues/2 + license = with licenses; [ unfree ]; + maintainers = with maintainers; [ fab ]; + mainProgram = "ADReaper"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aesfix/default.nix b/nixpkgs/pkgs/tools/security/aesfix/default.nix new file mode 100644 index 000000000000..b2eb2e0e96ca --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aesfix/default.nix @@ -0,0 +1,26 @@ +{ lib +, stdenv +, fetchurl +}: + +stdenv.mkDerivation rec { + pname = "aesfix"; + version = "1.0.1"; + + src = fetchurl { + url = "https://citpsite.s3.amazonaws.com/memory-content/src/aesfix-${version}.tar.gz"; + sha256 = "sha256-exd+h2yu5qrkjwEjEC8R32WUpzhIP5pH8sdv6BzARdQ="; + }; + installPhase = '' + runHook preInstall + mkdir -p $out/bin + cp aesfix $out/bin + runHook postInstall + ''; + + meta = with lib; { + description = "Correct bit errors in an AES key schedules"; + homepage = "https://citp.princeton.edu/our-work/memory/"; + maintainers = with maintainers; [ fedx-sudo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aeskeyfind/default.nix b/nixpkgs/pkgs/tools/security/aeskeyfind/default.nix new file mode 100644 index 000000000000..08b2481ff00d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/aeskeyfind/default.nix @@ -0,0 +1,30 @@ +{ lib +, stdenv +, fetchurl +}: + +stdenv.mkDerivation rec { + pname = "aeskeyfind"; + version = "1.0"; + + src = fetchurl { + url = "https://citpsite.s3.amazonaws.com/memory-content/src/aeskeyfind-${version}.tar.gz"; + sha256 = "sha256-FBflwbYehruVJ9sfW+4ZlaDuqCR12zy8iA4Ev3Bgg+Q="; + }; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin + cp aeskeyfind $out/bin + runHook postInstall + ''; + + meta = with lib; { + description = "Locates 128-bit and 256-bit AES keys in a captured memory image"; + homepage = "https://citp.princeton.edu/our-work/memory/"; + license = licenses.bsd3; + maintainers = with maintainers; [ fedx-sudo ]; + }; + +} + diff --git a/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix b/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix index a880f490dc7e..1ca20e13828e 100644 --- a/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix +++ b/nixpkgs/pkgs/tools/security/age-plugin-yubikey/default.nix @@ -5,24 +5,27 @@ , pkg-config , pcsclite , PCSC +, Foundation }: rustPlatform.buildRustPackage rec { pname = "age-plugin-yubikey"; - version = "0.2.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "str4d"; repo = pname; - rev = "51910edfab4006a068864602469ff7db3766bfbe"; # no tag for this release - sha256 = "sha256-mMqvBlGFdwe5BaC0bXZg/27BGNmFTTYbLUHWUciqxQ0="; + rev = "v${version}"; + sha256 = "sha256-KXqicTZ9GZlNj1AH3tMmOrC8zjXoEnqo4JJJTBdiI4E="; }; - cargoSha256 = "sha256-OCbVLSmGx51pJ/EPgPfOyVrYWdloNEbexDV1zMsmEJc="; + cargoSha256 = "sha256-m/v4E7KHyLIWZHX0TKpqwBVDDwLjhYpOjYMrKEtx6/4="; + + nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; - nativeBuildInputs = [ pkg-config ]; buildInputs = if stdenv.isDarwin then [ + Foundation PCSC ] else [ pcsclite diff --git a/nixpkgs/pkgs/tools/security/aide/default.nix b/nixpkgs/pkgs/tools/security/aide/default.nix index 0724a756b919..b34be9a37710 100644 --- a/nixpkgs/pkgs/tools/security/aide/default.nix +++ b/nixpkgs/pkgs/tools/security/aide/default.nix @@ -22,7 +22,7 @@ stdenv.mkDerivation rec { homepage = "https://aide.github.io/"; description = "A file and directory integrity checker"; license = licenses.gpl2Plus; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/arsenal/default.nix b/nixpkgs/pkgs/tools/security/arsenal/default.nix index cd927715d2e8..62dd9a598668 100644 --- a/nixpkgs/pkgs/tools/security/arsenal/default.nix +++ b/nixpkgs/pkgs/tools/security/arsenal/default.nix @@ -5,19 +5,22 @@ python3.pkgs.buildPythonApplication rec { pname = "arsenal"; - version = "1.0.2"; + version = "1.1.0"; + format = "setuptools"; src = fetchFromGitHub { owner = "Orange-Cyberdefense"; repo = "arsenal"; rev = version; - sha256 = "sha256-RZxGSrtEa3hAtowD2lUb9BgwpSWlYo90fU9nDvUfoAk="; + sha256 = "sha256-NbNXyR5aNKvRJU9JWGk/ndwU1bhNgDOdcRqBkAY9nPA="; }; propagatedBuildInputs = with python3.pkgs; [ libtmux docutils + pyfzf pyperclip + pyyaml ]; # Project has no tests diff --git a/nixpkgs/pkgs/tools/security/arti/default.nix b/nixpkgs/pkgs/tools/security/arti/default.nix new file mode 100644 index 000000000000..990534b13dfa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/arti/default.nix @@ -0,0 +1,43 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitLab +, pkg-config +, sqlite +, openssl +, CoreServices +}: + +rustPlatform.buildRustPackage rec { + pname = "arti"; + version = "0.6.0"; + + src = fetchFromGitLab { + domain = "gitlab.torproject.org"; + group = "tpo"; + owner = "core"; + repo = "arti"; + rev = "arti-v${version}"; + sha256 = "sha256-3zlpmOGCjox8dVItVxyQloPgC0+dYw57pFFBySAXC5g="; + }; + + cargoSha256 = "sha256-LvhSgJQyPyTSD1koXBXYaC6I5njZavgQK4WaW5/b9g4="; + + nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; + + buildInputs = [ sqlite ] + ++ lib.optionals stdenv.isLinux [ openssl ] + ++ lib.optionals stdenv.isDarwin [ CoreServices ]; + + cargoBuildFlags = [ "--package" "arti" ]; + + cargoTestFlags = [ "--package" "arti" ]; + + meta = with lib; { + description = "An implementation of Tor in Rust"; + homepage = "https://gitlab.torproject.org/tpo/core/arti"; + changelog = "https://gitlab.torproject.org/tpo/core/arti/-/raw/${src.rev}/CHANGELOG.md"; + license = with licenses; [ asl20 /* or */ mit ]; + maintainers = with maintainers; [ marsam ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/atomic-operator/default.nix b/nixpkgs/pkgs/tools/security/atomic-operator/default.nix new file mode 100644 index 000000000000..b385cce38061 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/atomic-operator/default.nix @@ -0,0 +1,59 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "atomic-operator"; + version = "0.8.5"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "swimlane"; + repo = pname; + rev = version; + hash = "sha256-DyNqu3vndyLkmfybCfTbgxk3t/ALg7IAkAMg4kBkH7Q="; + }; + + postPatch = '' + substituteInPlace setup.py \ + --replace "charset_normalizer~=2.0.0" "charset_normalizer" + ''; + + propagatedBuildInputs = with python3.pkgs; [ + attrs + certifi + chardet + charset-normalizer + fire + idna + paramiko + pick + pypsrp + pyyaml + requests + urllib3 + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + pythonImportsCheck = [ + "atomic_operator" + ]; + + disabledTests = [ + # Tests require network access + "test_download_of_atomic_red_team_repo" + "test_setting_input_arguments" + "test_config_parser" + ]; + + meta = with lib; { + description = "Tool to execute Atomic Red Team tests (Atomics)"; + homepage = "https://www.atomic-operator.com/"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix index b1f5d8b56c30..b6ae17a61176 100644 --- a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix +++ b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -2,20 +2,25 @@ buildGoModule rec { pname = "aws-iam-authenticator"; - version = "0.5.5"; + version = "0.5.9"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "v${version}"; - sha256 = "sha256-5QtNAcInp1mUE8SHUUMS8/XURbPx/q8xMsvEEo/rnCs="; + sha256 = "sha256-lopOFEWqRWZox/XniQX6OiQPWlmWJpnQ7yFueiTZpss="; }; # Upstream has inconsistent vendoring, see https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/377 deleteVendor = true; vendorSha256 = null; - ldflags = [ "-s" "-w" "-X main.version=v${version}" ]; + ldflags = let PKG = "sigs.k8s.io/aws-iam-authenticator"; in [ + "-s" "-w" + "-X ${PKG}/pkg.Version=${version}" + "-X ${PKG}/pkg.BuildDate=1970-01-01T01:01:01Z" + "-X ${PKG}/pkg.CommitID=${version}" + ]; subPackages = [ "cmd/aws-iam-authenticator" ]; diff --git a/nixpkgs/pkgs/tools/security/aws-okta/default.nix b/nixpkgs/pkgs/tools/security/aws-okta/default.nix deleted file mode 100644 index 88002fc1ce43..000000000000 --- a/nixpkgs/pkgs/tools/security/aws-okta/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ buildGoPackage, fetchFromGitHub, libusb1, pkg-config, lib, libiconv }: - -buildGoPackage rec { - pname = "aws-okta"; - version = "1.0.11"; - - goPackagePath = "github.com/segmentio/aws-okta"; - - src = fetchFromGitHub { - owner = "segmentio"; - repo = "aws-okta"; - rev = "v${version}"; - sha256 = "sha256-1cprKpIFgM3+lUEHNvda34nJTH4Ch3LtTRq/Dp6QBQ8="; - }; - - tags = [ "release" ]; - - ldflags = [ "-X main.Version=${version}" ]; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libusb1 libiconv ]; - - meta = with lib; { - description = "aws-vault like tool for Okta authentication"; - license = licenses.mit; - maintainers = with maintainers; [imalsogreg Chili-Man]; - homepage = "https://github.com/segmentio/aws-okta"; - downloadPage = "https://github.com/segmentio/aws-okta"; - }; -} diff --git a/nixpkgs/pkgs/tools/security/b2sum/default.nix b/nixpkgs/pkgs/tools/security/b2sum/default.nix index bf415e7554e6..e5de613bee7f 100644 --- a/nixpkgs/pkgs/tools/security/b2sum/default.nix +++ b/nixpkgs/pkgs/tools/security/b2sum/default.nix @@ -26,6 +26,6 @@ stdenv.mkDerivation { license = with licenses; [ asl20 cc0 openssl ]; maintainers = with maintainers; [ kirelagin ]; # "This code requires at least SSE2." - platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin; + platforms = [ "x86_64-linux" "i686-linux" ] ++ platforms.darwin; }; } diff --git a/nixpkgs/pkgs/tools/security/badrobot/default.nix b/nixpkgs/pkgs/tools/security/badrobot/default.nix new file mode 100644 index 000000000000..30123d3c4f7a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/badrobot/default.nix @@ -0,0 +1,45 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "badrobot"; + version = "0.1.2"; + + src = fetchFromGitHub { + owner = "controlplaneio"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-LGoNM8wu1qaq4cVEzR723/cueZlndE1Z2PCYEOU+nPQ="; + }; + vendorSha256 = "sha256-FS4kFVi+3NOJOfWfy5m/hDrQvCzpmsNSB/PliF6cVps="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/controlplaneio/badrobot/cmd.version=v${version}" + ]; + + postInstall = '' + installShellCompletion --cmd badrobot \ + --bash <($out/bin/badrobot completion bash) \ + --fish <($out/bin/badrobot completion fish) \ + --zsh <($out/bin/badrobot completion zsh) + ''; + + meta = with lib; { + homepage = "https://github.com/controlplaneio/badrobot"; + changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md"; + description = "Operator Security Audit Tool"; + longDescription = '' + Badrobot is a Kubernetes Operator audit tool. It statically analyses + manifests for high risk configurations such as lack of security + restrictions on the deployed controller and the permissions of an + associated clusterole. The risk analysis is primarily focussed on the + likelihood that a compromised Operator would be able to obtain full + cluster permissions. + ''; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bao/default.nix b/nixpkgs/pkgs/tools/security/bao/default.nix new file mode 100644 index 000000000000..cf6014c84fe9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bao/default.nix @@ -0,0 +1,25 @@ +{ lib +, fetchCrate +, fetchpatch +, rustPlatform +}: + +rustPlatform.buildRustPackage rec { + pname = "bao"; + version = "0.12.0"; + + src = fetchCrate { + inherit version; + pname = "${pname}_bin"; + sha256 = "SkplBzor7Fv2+6K8wcTtZwjR66RfLPA/YNNUUHniWpM="; + }; + + cargoSha256 = "yr4HvtOWnU2dFTBgSsbVcuDELe1o1SEtZ7rN/ctKAdI="; + + meta = { + description = "An implementation of BLAKE3 verified streaming"; + homepage = "https://github.com/oconnor663/bao"; + maintainers = with lib.maintainers; [ amarshall ]; + license = with lib.licenses; [ cc0 asl20 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix index ba80734e5cf8..ae831bf86753 100644 --- a/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix +++ b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix @@ -40,9 +40,10 @@ stdenv.mkDerivation { supergenpass will ask for your master password interactively, and it will not be displayed on your terminal. ''; + homepage = "https://github.com/lanzz/bash-supergenpass"; license = licenses.mit; - platforms = platforms.all; maintainers = with maintainers; [ fgaz ]; - homepage = "https://github.com/lanzz/bash-supergenpass"; + mainProgram = "supergenpass"; + platforms = platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/beyond-identity/default.nix b/nixpkgs/pkgs/tools/security/beyond-identity/default.nix index a9e554ff42cc..eec53d3bf97b 100644 --- a/nixpkgs/pkgs/tools/security/beyond-identity/default.nix +++ b/nixpkgs/pkgs/tools/security/beyond-identity/default.nix @@ -5,12 +5,13 @@ let pname = "beyond-identity"; - version = "2.49.0-0"; + version = "2.60.0-0"; libPath = lib.makeLibraryPath ([ glib glibc openssl tpm2-tss gtk3 gnome.gnome-keyring polkit polkit_gnome ]); meta = with lib; { description = "Passwordless MFA identities for workforces, customers, and developers"; homepage = "https://www.beyondidentity.com"; downloadPage = "https://app.byndid.com/downloads"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.unfree; maintainers = with maintainers; [ klden ]; platforms = [ "x86_64-linux" ]; @@ -21,7 +22,7 @@ let src = fetchurl { url = "https://packages.beyondidentity.com/public/linux-authenticator/deb/ubuntu/pool/focal/main/b/be/${pname}_${version}/${pname}_${version}_amd64.deb"; - sha512 = "sha512-+9vwH1r5WW+MqyiwsAFInboaM7o2dc7zvRaKwHC/o2LOBugvUHmUzmZ6uSHilc9zQ5FcHUIIglhkASbFtsvPeA=="; + sha512 = "sha512-JrHLf7KkJVbJLxx54OTvOSaIzY3+hjX+bpkeBHKX23YriCJssUUvEP6vlbI4r6gjMMFMhW92k0iikAgD1Tr4ug=="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/binbloom/default.nix b/nixpkgs/pkgs/tools/security/binbloom/default.nix new file mode 100644 index 000000000000..0805e7b988d4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/binbloom/default.nix @@ -0,0 +1,27 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +}: + +stdenv.mkDerivation rec { + pname = "binbloom"; + version = "2.0"; + + src = fetchFromGitHub { + owner = "quarkslab"; + repo = pname; + rev = "v${version}"; + hash = "sha256-UiKiDey/pHtJDr4UYqt+T/TneKig5tT8YU2u98Ttjmo="; + }; + + nativeBuildInputs = [ autoreconfHook ]; + + meta = with lib; { + description = "Raw binary firmware analysis software"; + homepage = "https://github.com/quarkslab/binbloom"; + license = licenses.asl20; + maintainers = with maintainers; [ erdnaxe ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bitwarden/default.nix b/nixpkgs/pkgs/tools/security/bitwarden/default.nix index ad7574257610..842eb758c300 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "bitwarden"; - version = "1.31.3"; + version = "2022.8.1"; src = fetchurl { - url = "https://github.com/bitwarden/desktop/releases/download/v${version}/Bitwarden-${version}-amd64.deb"; - sha256 = "sha256-ASL4+FZh5st3V5Z+jsfvLD26hG9KNVI+tht7kL8lbL4="; + url = "https://github.com/bitwarden/clients/releases/download/desktop-v${version}/Bitwarden-${version}-amd64.deb"; + sha256 = "sha256-MmhHs1Gp6H1CkLO/yCBhsF0KMiYXz37D6QP26fS+/u0="; }; desktopItem = makeDesktopItem { @@ -65,6 +65,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "A secure and free password manager for all of your devices"; homepage = "https://bitwarden.com"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.gpl3; maintainers = with maintainers; [ kiwi ]; platforms = [ "x86_64-linux" ]; diff --git a/nixpkgs/pkgs/tools/security/boofuzz/default.nix b/nixpkgs/pkgs/tools/security/boofuzz/default.nix index 572a9e888fd3..220a372b2e9e 100644 --- a/nixpkgs/pkgs/tools/security/boofuzz/default.nix +++ b/nixpkgs/pkgs/tools/security/boofuzz/default.nix @@ -1,4 +1,5 @@ -{ lib +{ stdenv +, lib , fetchFromGitHub , python3 }: @@ -36,9 +37,10 @@ python3.pkgs.buildPythonApplication rec { ]; disabledTests = [ - # Tests require socket access - "test_raw_l2" - "test_raw_l3" + "TestNetworkMonitor" + "TestNoResponseFailure" + "TestProcessMonitor" + "TestSocketConnection" ]; pythonImportsCheck = [ diff --git a/nixpkgs/pkgs/tools/security/browserpass/default.nix b/nixpkgs/pkgs/tools/security/browserpass/default.nix index 9aec14e0a418..ba96e2a70fe5 100644 --- a/nixpkgs/pkgs/tools/security/browserpass/default.nix +++ b/nixpkgs/pkgs/tools/security/browserpass/default.nix @@ -1,18 +1,18 @@ { lib, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }: buildGoModule rec { pname = "browserpass"; - version = "3.0.6"; + version = "3.0.10"; src = fetchFromGitHub { owner = "browserpass"; repo = "browserpass-native"; rev = version; - sha256 = "0q3bsla07zjl6i69nj1axbkg2ia89pvh0jg6nlqgbm2kpzzbn0pz"; + sha256 = "8eAwUwcRTnhVDkQc3HsvTP0TqC4LfVrUelxdbJxe9t0="; }; nativeBuildInputs = [ makeWrapper ]; - vendorSha256 = "1wcbn0ip596f2dp68y6jmxgv20l0dgrcxg5cwclkawigj05416zj"; + vendorSha256 = "gWXcYyIp86b/Pn6vj7qBj/VZS9rTr4weVw0YWmg+36c="; doCheck = false; @@ -21,8 +21,8 @@ buildGoModule rec { # variables to be valid by default substituteInPlace Makefile \ --replace "PREFIX ?= /usr" "" - sed -i -e 's/SED :=.*/SED := sed/' Makefile - sed -i -e 's/INSTALL :=.*/INSTALL := install/' Makefile + sed -i -e 's/SED =.*/SED = sed/' Makefile + sed -i -e 's/INSTALL =.*/INSTALL = install/' Makefile ''; DESTDIR = placeholder "out"; diff --git a/nixpkgs/pkgs/tools/security/brutespray/default.nix b/nixpkgs/pkgs/tools/security/brutespray/default.nix index d7f8e30e182d..200cd96c238b 100644 --- a/nixpkgs/pkgs/tools/security/brutespray/default.nix +++ b/nixpkgs/pkgs/tools/security/brutespray/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "brutespray"; - version = "1.7.0"; + version = "1.8"; src = fetchFromGitHub { owner = "x90skysn3k"; repo = pname; rev = "${pname}-${version}"; - sha256 = "0lkm3fvx35ml5jh4ykjr2srq8qfajkmxwp4qfcn9xi58khk3asq3"; + sha256 = "sha256-hlFp2ZQnoydxF2NBCjSKtmNzMj9V14AKrNYKMF/8m70="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock index f1671500fe43..5d51735440d6 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - bundler-audit (0.9.0.1) + bundler-audit (0.9.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) - thor (1.1.0) + thor (1.2.1) PLATFORMS ruby @@ -13,4 +13,4 @@ DEPENDENCIES bundler-audit BUNDLED WITH - 2.2.20 + 2.3.9 diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix index a740f40e4073..bbe7a0e8274b 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -5,19 +5,19 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05k19l5388248rd74cn2lm2ksci7fzmga74n835v7k31m4kbzw8v"; + sha256 = "0gdx0019vj04n1512shhdx7hwphzqmdpw4vva2k551nd47y1dixx"; type = "gem"; }; - version = "0.9.0.1"; + version = "0.9.1"; }; thor = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18yhlvmfya23cs3pvhr1qy38y41b6mhr5q9vwv5lrgk16wmf3jna"; + sha256 = "0inl77jh4ia03jw3iqm5ipr76ghal3hyjrd6r8zqsswwvi9j2xdi"; type = "gem"; }; - version = "1.1.0"; + version = "1.2.1"; }; } diff --git a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix index 22106727e392..7d6122fe5f40 100644 --- a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix +++ b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix @@ -2,24 +2,23 @@ let pname = "buttercup-desktop"; - version = "2.14.2"; - name = "${pname}-${version}"; + version = "2.16.0"; src = fetchurl { url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; - sha256 = "sha256-ZZaolebDGqRk4BHP5PxFxBsMgOQAxUoIMTlhxM58k0Y="; + sha256 = "sha256-o6KdbwD0VdCTYLEfar7Jt7MRZUayGHyasnmtU8Cqg3E="; }; - appimageContents = appimageTools.extractType2 { inherit name src; }; + appimageContents = appimageTools.extractType2 { inherit pname src version; }; in appimageTools.wrapType2 { - inherit name src; + inherit pname src version; extraPkgs = pkgs: (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs) ++ [ pkgs.libsecret ]; extraInstallCommands = '' - mv $out/bin/${name} $out/bin/buttercup-desktop + mv $out/bin/${pname}-${version} $out/bin/${pname} install -m 444 -D ${appimageContents}/buttercup.desktop -t $out/share/applications substituteInPlace $out/share/applications/buttercup.desktop \ - --replace 'Exec=AppRun' 'Exec=buttercup-desktop' + --replace 'Exec=AppRun' 'Exec=${pname}' cp -r ${appimageContents}/usr/share/icons $out/share ''; diff --git a/nixpkgs/pkgs/tools/security/cariddi/default.nix b/nixpkgs/pkgs/tools/security/cariddi/default.nix index 74e9b05b2370..03e32faef9ea 100644 --- a/nixpkgs/pkgs/tools/security/cariddi/default.nix +++ b/nixpkgs/pkgs/tools/security/cariddi/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "cariddi"; - version = "1.1.6"; + version = "1.1.7"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; rev = "v${version}"; - sha256 = "sha256-/ez2biYU8NnVny8v5Mu9pLq0oqzcIenpyEb3qkPd9v8="; + sha256 = "sha256-OiGVdRgTaoMinwYh5vTPgOUAffX6RlawAaVtBvpWN8I="; }; vendorSha256 = "sha256-zJ39tAq+ooROMHG1vC2m2rbq+wttxqYxAd2hLg5GtJM="; diff --git a/nixpkgs/pkgs/tools/security/cdk-go/default.nix b/nixpkgs/pkgs/tools/security/cdk-go/default.nix index 88fd089cb68b..a33930e92a05 100644 --- a/nixpkgs/pkgs/tools/security/cdk-go/default.nix +++ b/nixpkgs/pkgs/tools/security/cdk-go/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "cdk-go"; - version = "1.0.6"; + version = "1.3.0"; src = fetchFromGitHub { owner = "cdk-team"; repo = "CDK"; rev = "v${version}"; - sha256 = "sha256-XzUSiE03ZbP75ewwBJFwZE0aKNlOFprezeD26japLD8="; + sha256 = "sha256-AhTeovusYsrtxrifvElMrFdYAa3a31JIm7jjIQuk8zI="; }; - vendorSha256 = "sha256-mP49DmOHvS8ewQG7I1J5OEmAOkHEFJfAsEPeiaRBpWc="; + vendorSha256 = "sha256-aJN/d/BxmleRXKw6++k6e0Vb0Gs5zg1QfakviABYTog="; # At least one test is outdated doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/certgraph/default.nix b/nixpkgs/pkgs/tools/security/certgraph/default.nix index f15ec8f89e03..f18f0ca3b2cb 100644 --- a/nixpkgs/pkgs/tools/security/certgraph/default.nix +++ b/nixpkgs/pkgs/tools/security/certgraph/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "certgraph"; - version = "20210224"; + version = "20220513"; src = fetchFromGitHub { owner = "lanrat"; repo = pname; rev = version; - sha256 = "14l2bls25xwd8gnsmshc588br72rwz1s0gjnsnqksri4ksqkdqlz"; + sha256 = "sha256-7tvPiJHZE9X7I79DFNF1ZAQiaAkrtrXiD2fY7AkbWMk="; }; - vendorSha256 = "1vih64z0zwmaflc0pwvnwyj5fhrc8qfp0kvrz73nnfpcrcan2693"; + vendorSha256 = "sha256-ErTn7pUCtz6ip2kL8FCe+3Rhs876xtqto+z5nZqQ6cI="; meta = with lib; { description = "Intelligence tool to crawl the graph of certificate alternate names"; diff --git a/nixpkgs/pkgs/tools/security/certstrap/default.nix b/nixpkgs/pkgs/tools/security/certstrap/default.nix index ff6522f1d35f..6bcdf1dbc457 100644 --- a/nixpkgs/pkgs/tools/security/certstrap/default.nix +++ b/nixpkgs/pkgs/tools/security/certstrap/default.nix @@ -1,22 +1,34 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ lib +, buildGoModule +, fetchFromGitHub +}: -buildGoPackage rec { +buildGoModule rec { pname = "certstrap"; version = "1.2.0"; - goPackagePath = "github.com/square/certstrap"; - src = fetchFromGitHub { owner = "square"; repo = "certstrap"; rev = "v${version}"; - sha256 = "1ymchnn7c9g3pq7rw4lrwsd6z3wfjx90g7qgrw6r5hssl77mnscj"; + sha256 = "sha256-kmlbz6Faw5INzw+fB1KXjo9vmuaZEp4PvuMldqyFrPo="; }; + vendorSha256 = null; + + subPackages = [ "." ]; + + ldflags = [ "-X main.release=${version}" ]; + meta = with lib; { - inherit (src.meta) homepage; description = "Tools to bootstrap CAs, certificate requests, and signed certificates"; + longDescription = '' + A simple certificate manager written in Go, to bootstrap your own + certificate authority and public key infrastructure. Adapted from etcd-ca. + ''; + homepage = "https://github.com/square/certstrap"; + changelog = "https://github.com/square/certstrap/releases/tag/${src.rev}"; license = licenses.asl20; - maintainers = with maintainers; [ volth ]; + maintainers = with maintainers; [ ]; }; } diff --git a/nixpkgs/pkgs/tools/security/cfripper/default.nix b/nixpkgs/pkgs/tools/security/cfripper/default.nix index 96848acd7c04..7646e1e8999f 100644 --- a/nixpkgs/pkgs/tools/security/cfripper/default.nix +++ b/nixpkgs/pkgs/tools/security/cfripper/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "cfripper"; - version = "1.7.0"; + version = "1.12.0"; src = fetchFromGitHub { owner = "Skyscanner"; repo = pname; - rev = version; - hash = "sha256-bYKusyEItnhj1mU6Tucsdi5pdMoWrUK4Y91SK8dNGE4="; + rev = "refs/tags/${version}"; + hash = "sha256-qrZlCxNLO+q5n/FS/5b51QZVg4ZDwrgWpcKVp/JLTws="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/chain-bench/default.nix b/nixpkgs/pkgs/tools/security/chain-bench/default.nix new file mode 100644 index 000000000000..9b9801159cb6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chain-bench/default.nix @@ -0,0 +1,57 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "chain-bench"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-qNprOxp8PKV5nld4uDGH0I0KG0r5sH7vr6It62J8RXc="; + }; + vendorSha256 = "sha256-54q486c/uUpatLQ3/FiVZxqu9NCkzcf8yQUZnAtrqYg="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X main.version=v${version}" + ]; + + postInstall = '' + installShellCompletion --cmd chain-bench \ + --bash <($out/bin/chain-bench completion bash) \ + --fish <($out/bin/chain-bench completion fish) \ + --zsh <($out/bin/chain-bench completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/chain-bench --help + $out/bin/chain-bench --version | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/aquasecurity/chain-bench"; + changelog = "https://github.com/aquasecurity/chain-bench/releases/tag/v${version}"; + description = "An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark"; + longDescription = '' + Chain-bench is an open-source tool for auditing your software supply chain + stack for security compliance based on a new CIS Software Supply Chain + benchmark. The auditing focuses on the entire SDLC process, where it can + reveal risks from code time into deploy time. To win the race against + hackers and protect your sensitive data and customer trust, you need to + ensure your code is compliant with your organization's policies. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/chaps/default.nix b/nixpkgs/pkgs/tools/security/chaps/default.nix deleted file mode 100644 index 13ac6d67febf..000000000000 --- a/nixpkgs/pkgs/tools/security/chaps/default.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ lib, stdenv, fetchFromGitiles, fetchFromGitHub, fetchurl, trousers, leveldb, unzip -, scons, pkg-config, glib, dbus_cplusplus, dbus, protobuf, openssl, snappy, pam -}: - -let - src_chromebase = fetchFromGitiles { - url = "https://chromium.googlesource.com/chromium/src/base"; - rev = "2dfe404711e15e24e79799516400c61b2719d7af"; - sha256 = "2bd93a3ace4b6767db2c1bd1e16f426c97b8d2133a9cb15f8372b2516cfa65c5"; - }; - - src_gmock = fetchurl { - url = "https://googlemock.googlecode.com/files/gmock-1.7.0.zip"; - sha256 = "0nq98cpnv2jsx2byp4ilam6kydcnziflkc16ikydajmp4mcvpz16"; - }; - - src_platform2 = fetchFromGitiles { - url = "https://chromium.googlesource.com/chromiumos/platform2"; - rev = "e999e989eaa71c3db7314fc7b4e20829b2b5473b"; - sha256 = "15n1bsv6r7cny7arx0hdb223xzzbk7vkxg2r7xajhl4nsj39adjh"; - }; - -in - -stdenv.mkDerivation rec { - pname = "chaps"; - version = "0.42-6812"; - - src = fetchFromGitHub { - owner = "google"; - repo = "chaps-linux"; - rev = "989aadc45cdb216ca35b0c97d13fc691576fa1d7"; - sha256 = "0chk6pnn365d5kcz6vfqx1d0383ksk97icc0lzg0vvb0kvyj0ff1"; - }; - - NIX_CFLAGS_COMPILE = [ - # readdir_r(3) is deprecated in glibc >= 2.24 - "-Wno-error=deprecated-declarations" - # gcc8 catching polymorphic type error - "-Wno-error=catch-value" - ]; - - patches = [ ./fix_absolute_path.patch ./fix_environment_variables.patch ./fix_scons.patch ./insert_prefetches.patch ]; - - postPatch = '' - substituteInPlace makefile --replace @@NIXOS_SRC_CHROMEBASE@@ ${src_chromebase} - substituteInPlace makefile --replace @@NIXOS_SRC_GMOCK@@ ${src_gmock} - substituteInPlace makefile --replace @@NIXOS_SRC_PLATFORM2@@ ${src_platform2} - substituteInPlace makefile --replace @@NIXOS_LEVELDB@@ ${leveldb} - ''; - - nativeBuildInputs = [ unzip scons pkg-config ]; - - buildInputs = [ trousers glib dbus_cplusplus dbus protobuf openssl snappy leveldb pam ]; - - buildPhase = '' - make build - ''; - - installPhase = '' - mkdir -p $out/bin - cp ${pname}-${version}/out/chapsd $out/bin/. - cp ${pname}-${version}/out/chaps_client $out/bin/. - - mkdir -p $out/lib - cp ${pname}-${version}/out/libchaps.so.* $out/lib/. - mkdir -p $out/lib/security - cp ${pname}-${version}/out/pam_chaps.so $out/lib/security/. - - mkdir -p $out/include - cp -r ${pname}-${version}/out/chaps $out/include/. - - mkdir -p $out/etc/dbus-1/system.d - cp ${pname}-${version}/out/org.chromium.Chaps.conf $out/etc/dbus-1/system.d/. - mkdir -p $out/etc/dbus-1/system-services - cp ${pname}-${version}/platform2/chaps/org.chromium.Chaps.service $out/etc/dbus-1/system-services/. - - mkdir -p $out/usr/share/pam-configs/chaps - mkdir -p $out/usr/share/man/man8 - cp ${pname}-${version}/man/* $out/usr/share/man/man8/. - ''; - - meta = with lib; { - description = "PKCS #11 implementation based on trusted platform module (TPM)"; - homepage = "https://www.chromium.org/developers/design-documents/chaps-technical-design"; - maintainers = [ maintainers.tstrobel ]; - platforms = [ "x86_64-linux" ]; - license = licenses.bsd3; - broken = true; # build failure withn openssl 1.1 - }; -} diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch b/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch deleted file mode 100644 index 7dbd60c73c42..000000000000 --- a/nixpkgs/pkgs/tools/security/chaps/fix_absolute_path.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/patches/platform2/fix_echo.patch b/patches/platform2/fix_echo.patch -new file mode 100644 -index 0000000..d2272f6 ---- /dev/null -+++ b/patches/platform2/fix_echo.patch -@@ -0,0 +1,12 @@ -+diff -uNr platform2/common-mk/common.mk platform2-new/common-mk/common.mk -+--- platform2/common-mk/common.mk 2015-07-03 12:07:47.482745292 +0200 -++++ platform2-new/common-mk/common.mk 2015-07-03 12:08:16.868600569 +0200 -+@@ -263,7 +263,7 @@ -+ $(eval $(call override_var,STRIP,strip)) -+ -+ RMDIR ?= rmdir -+-ECHO = /bin/echo -e -++ECHO = echo -e -+ -+ ifeq ($(lastword $(subst /, ,$(CC))),clang) -+ CDRIVER = clang diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch b/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch deleted file mode 100644 index 2d7ee0d9a734..000000000000 --- a/nixpkgs/pkgs/tools/security/chaps/fix_environment_variables.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff --git a/extrasrc/Makefile b/extrasrc/Makefile -index fb95845..77125c0 100644 ---- a/extrasrc/Makefile -+++ b/extrasrc/Makefile -@@ -10,11 +10,11 @@ OUTDIR=$(SRCDIR)/out - GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VER) - GTEST_DIR=$(GMOCK_DIR)/gtest - --INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include" -+INCLUDES="-I$(SRCDIR)/include -I$(SRCDIR)/platform2/libchromeos -isystem $(GTEST_DIR)/include -I$(GMOCK_DIR)/include -I$(SRCDIR)/leveldb/include $(NIX_LDFLAG) $(NIX_CFLAGS_COMPILE)" - - # To build Chaps, defer to platform2/chaps/Makefile - all: libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out -- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) -+ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) - - # To build required Chromium components, defer to scons file. - libchrome-$(BASE_VER).a: -@@ -38,7 +38,7 @@ out/libgmock.a: out/gmock-all.o - ar -rv $@ $< - - test: out/libgtest.a out/libgmock.a libchrome-$(BASE_VER).a libchromeos-$(BASE_VER).a | out -- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests -+ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) LDLIBS="-L$(OUTDIR)" OUT=$(OUTDIR) $(MAKE) tests - - clean: clean_chaps clean_chromeos clean_chromebase clean_gmock clean_debian - clean_gmock: -@@ -49,7 +49,7 @@ clean_chromebase: - clean_chromeos: - -BASE_VER=$(BASE_VER) scons -f Sconstruct.libchromeos -c - clean_chaps: -- -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) $(MAKE) clean -+ -cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) $(MAKE) clean - rm -rf out - clean_debian: - dh_clean -@@ -64,4 +64,4 @@ install_man: - $(INSTALL) -m 0644 -D man/chapsd.8 $(MANDIR)/man8/chapsd.8 - $(INSTALL) -m 0644 -D man/chaps_client.8 $(MANDIR)/man8/chaps_client.8 - install: install_man -- cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files -+ cd platform2/chaps && BASE_VER=$(BASE_VER) LINUX_BUILD=1 PKG_CONFIG_PATH=$(SRCDIR):$(PKG_CONFIG_PATH) CXXFLAGS=$(INCLUDES) OUT=$(OUTDIR) CHAPS_VERSION_MAJOR=$(CHAPS_VERSION_MAJOR) CHAPS_VERSION_MINOR=$(CHAPS_VERSION_MINOR) $(MAKE) install_files diff --git a/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch b/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch deleted file mode 100644 index 54843453c868..000000000000 --- a/nixpkgs/pkgs/tools/security/chaps/fix_scons.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/extrasrc/Sconstruct.libchrome b/extrasrc/Sconstruct.libchrome -index 4feb76d..311fe8a 100644 ---- a/extrasrc/Sconstruct.libchrome -+++ b/extrasrc/Sconstruct.libchrome -@@ -103,7 +103,7 @@ base_lib = { - 'pc_libs' : 'glib-2.0', - } - --env = Environment() -+env = Environment(ENV = os.environ) - - BASE_VER = os.environ.get('BASE_VER', '0') - GTEST_DIR = os.environ.get('GTEST_DIR', '0') -diff --git a/extrasrc/Sconstruct.libchromeos b/extrasrc/Sconstruct.libchromeos -index 1da6001..66f9acb 100644 ---- a/extrasrc/Sconstruct.libchromeos -+++ b/extrasrc/Sconstruct.libchromeos -@@ -18,7 +18,7 @@ base_lib = { - 'pc_libs' : 'dbus-c++-1', - } - --env = Environment() -+env = Environment(ENV = os.environ) - - PKG_CONFIG = os.environ.get('PKG_CONFIG', 'pkg-config') - BASE_VER = os.environ.get('BASE_VER', '0') diff --git a/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch b/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch deleted file mode 100644 index 8b8449a6e661..000000000000 --- a/nixpkgs/pkgs/tools/security/chaps/insert_prefetches.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/makefile b/makefile -index b6865f3..c14f5ec 100644 ---- a/makefile -+++ b/makefile -@@ -53,8 +53,8 @@ $(SRCDIR)/include/trousers/scoped_tss_type.h: extrasrc/scoped_tss_type.h | $(SRC - cp $< $@ - # Chromium includes <leveldb/memenv.h>. This requires an install of libleveldb-dev that has - # memenv support included; move this into a local leveldb/ subdirectory --$(SRCDIR)/include/leveldb/memenv.h: /usr/include/leveldb/helpers/memenv.h | $(SRCDIR)/include/leveldb -- cp $< $@ -+$(SRCDIR)/include/leveldb/memenv.h: $(SRCDIR)/include/leveldb -+ cp @@NIXOS_LEVELDB@@/include/leveldb/helpers/memenv.h $@ - # Chromium includes <include/testing/gtest/include/gtest/gtest_prod.h>, so have a local copy. - $(SRCDIR)/include/testing/gtest/include/gtest/gtest_prod.h: extrasrc/gtest_prod.h | $(SRCDIR)/include/testing/gtest/include/gtest - cp $< $@ -@@ -80,7 +80,7 @@ GMOCK_DIR=$(SRCDIR)/gmock-$(GMOCK_VERSION) - GTEST_DIR=$(GMOCK_DIR)/gtest - src_gmock: $(GMOCK_DIR)/LICENSE - $(GMOCK_DIR)/LICENSE: | $(SRCDIR) -- cd $(SRCDIR) && wget $(GMOCK_URL) -+ cd $(SRCDIR) && cp @@NIXOS_SRC_GMOCK@@ gmock-$(GMOCK_VERSION).zip && chmod +w gmock-$(GMOCK_VERSION).zip - cd $(SRCDIR) && unzip -q gmock-$(GMOCK_VERSION).zip - rm $(SRCDIR)/gmock-$(GMOCK_VERSION).zip - touch $@ -@@ -107,8 +107,7 @@ src_chromebase: $(SRCDIR)/base/base64.h - $(SRCDIR)/base: | $(SRCDIR) - mkdir -p $@ - $(SRCDIR)/base/base64.h: | $(SRCDIR)/base -- git clone $(CHROMEBASE_GIT) $(SRCDIR)/base -- cd $(SRCDIR)/base && git checkout $(CHROMEBASE_COMMIT) -+ cp -r @@NIXOS_SRC_CHROMEBASE@@/. $(SRCDIR)/base && chmod -R +w $(SRCDIR)/base - - # We need two subdirectories from the platform2 repository from ChromiumOS: - # - chaps/ for the Chaps source code -@@ -119,14 +118,8 @@ $(SRCDIR)/platform2: - PLATFORM2_GIT=https://chromium.googlesource.com/chromiumos/platform2 - PATCHES=$(wildcard $(CURDIR)/patches/platform2/*.patch) - $(SRCDIR)/platform2/chaps/Makefile: | $(SRCDIR)/platform2 -- cd $(SRCDIR)/platform2 && git init . && git remote add -f origin $(PLATFORM2_GIT) -- cd $(SRCDIR)/platform2 && git config core.sparsecheckout true -- cd $(SRCDIR)/platform2 && echo "chaps" > .git/info/sparse-checkout -- cd $(SRCDIR)/platform2 && echo "libchromeos/chromeos" >> .git/info/sparse-checkout -- cd $(SRCDIR)/platform2 && echo "common-mk/common.mk" >> .git/info/sparse-checkout -- cd $(SRCDIR)/platform2 && git pull origin master -- cd $(SRCDIR)/platform2 && git checkout $(CROS_BRANCH) -- cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then git am $(PATCHES); fi -+ cd $(SRCDIR)/platform2 && cp -r @@NIXOS_SRC_PLATFORM2@@/. . && chmod -R +w $(SRCDIR)/platform2 -+ cd $(SRCDIR)/platform2 && if [ ! -z "$(PATCHES)" ]; then patch -p1 < $(PATCHES); fi - - - # Copy man pages diff --git a/nixpkgs/pkgs/tools/security/chipsec/default.nix b/nixpkgs/pkgs/tools/security/chipsec/default.nix index 64d8885eedd4..5b4957139d75 100644 --- a/nixpkgs/pkgs/tools/security/chipsec/default.nix +++ b/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -68,6 +68,6 @@ python3.pkgs.buildPythonApplication rec { license = licenses.gpl2Only; homepage = "https://github.com/chipsec/chipsec"; maintainers = with maintainers; [ johnazoidberg ]; - platforms = if withDriver then [ "x86_64-linux" ] else platforms.all; + platforms = [ "x86_64-linux" ] ++ lib.optional (!withDriver) "x86_64-darwin"; }; } diff --git a/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch b/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch index 9c379adb7dfb..cd130affa6c4 100644 --- a/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch +++ b/nixpkgs/pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch @@ -1,10 +1,15 @@ -diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile ---- chntpw-140201.orig/Makefile 2014-02-01 20:54:37.000000000 +0400 -+++ chntpw-140201/Makefile 2014-08-03 20:26:56.497161881 +0400 -@@ -12,14 +12,13 @@ - - CC=gcc +--- chntpw-140201.orig/Makefile 2014-02-01 17:54:37.000000000 +0100 ++++ chntpw-140201/Makefile 2022-04-21 00:14:45.000000000 +0200 +@@ -6,24 +6,7 @@ + # See INSTALL for more info. + # +-#SSLPATH=/usr/local/ssl +-OSSLPATH=/usr +-OSSLINC=$(OSSLPATH)/include +- +-CC=gcc +- -# Force 32 bit -CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 -OSSLLIB=$(OSSLPATH)/lib @@ -13,13 +18,11 @@ diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile -#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -#OSSLLIB=$(OSSLPATH)/lib64 - -+ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' -+ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -+ OSSLLIB=$(OSSLPATH)/lib64 -+else ifeq '$(shell gcc -dumpmachine)' 'i686-unknown-linux-gnu' -+ CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32 -+ OSSLLIB=$(OSSLPATH)/lib -+endif +- +-# This is to link with whatever we have, SSL crypto lib we put in static +-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a +-LIBS=-L$(OSSLLIB) ++CFLAGS= -DUSEOPENSSL -g -I. -Wall + - # This is to link with whatever we have, SSL crypto lib we put in static - #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a + all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static diff --git a/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch b/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch index d3163a026f91..67c62273aeb6 100644 --- a/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch +++ b/nixpkgs/pkgs/tools/security/chntpw/01-chntpw-install-target.patch @@ -1,20 +1,14 @@ -diff -urN chntpw-140201.orig/Makefile chntpw-140201/Makefile ---- chntpw-140201.orig/Makefile 2014-08-03 20:26:56.497161881 +0400 -+++ chntpw-140201/Makefile 2014-08-04 12:57:16.563818342 +0400 -@@ -10,6 +10,8 @@ - OSSLPATH=/usr - OSSLINC=$(OSSLPATH)/include +--- chntpw-140201/Makefile 2022-04-21 00:14:45.000000000 +0200 ++++ chntpw-140201.new/Makefile 2022-04-21 09:15:42.000000000 +0200 +@@ -6,10 +6,16 @@ + # See INSTALL for more info. + # +PREFIX ?= /usr + - CC=gcc + CFLAGS= -DUSEOPENSSL -g -I. -Wall - ifeq '$(shell gcc -dumpmachine)' 'x86_64-unknown-linux-gnu' -@@ -24,8 +26,12 @@ - #LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a - LIBS=-L$(OSSLLIB) - -+BINARIES := chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static ++BINARIES := chntpw cpnt reged samusrgrp sampasswd -all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static +all: $(BINARIES) diff --git a/nixpkgs/pkgs/tools/security/chntpw/default.nix b/nixpkgs/pkgs/tools/security/chntpw/default.nix index 5bda55c418aa..c4463d16d348 100644 --- a/nixpkgs/pkgs/tools/security/chntpw/default.nix +++ b/nixpkgs/pkgs/tools/security/chntpw/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, unzip }: +{ lib, stdenv, fetchurl, unzip, fetchpatch }: stdenv.mkDerivation rec { pname = "chntpw"; @@ -11,11 +11,47 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ unzip ]; - buildInputs = lib.optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; patches = [ ./00-chntpw-build-arch-autodetect.patch ./01-chntpw-install-target.patch + # Import various bug fixes from debian + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/04_get_abs_path"; + sha256 = "17h0gaczqd5b792481synr1ny72frwslb779lm417pyrz6kh9q8n"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/06_correct_test_open_syscall"; + sha256 = "00lg83bimbki988n71w54mmhjp9529r0ngm40d7fdmnc2dlpj3hd"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/07_detect_failure_to_write_key"; + sha256 = "0pk6xnprh2pqyx4n4lw3836z6fqsw3mclkzppl5rhjaahriwxw4l"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/08_no_deref_null"; + sha256 = "1g7pfmjaj0c2sm64s3api2kglj7jbgddjjd3r4drw6phwdkah0zs"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/09_improve_robustness"; + sha256 = "1nszkdy01ixnain7cwdmfbhjngphw1300ifagc1wgl9wvghzviaa"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/11_improve_documentation"; + sha256 = "0yql6hj72q7cq69rrspsjkpiipdhcwb0b9w5j8nhq40cnx9mgqgg"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/12_readonly_filesystem"; + sha256 = "1kxcy7f2pl6fqgmjg8bnl3pl5wgiw5xnbyx12arinmqkkggp4fa4"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/13_write_to_hive"; + sha256 = "1638lcyxjkrkmbr3n28byixny0qrxvkciw1xd97x48mj6bnwqrkv"; + }) + (fetchpatch { + url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/14_improve_description"; + sha256 = "11y5kc4dh4zv24nkb0jw2zwlifx6nzsd4jbizn63l6dbpqgb25rs"; + }) ]; installPhase = '' @@ -27,6 +63,6 @@ stdenv.mkDerivation rec { description = "An utility to reset the password of any user that has a valid local account on a Windows system"; maintainers = with lib.maintainers; [ deepfire ]; license = licenses.gpl2; - platforms = with lib.platforms; linux; + platforms = lib.platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/cipherscan/default.nix b/nixpkgs/pkgs/tools/security/cipherscan/default.nix deleted file mode 100644 index 23022f92b6af..000000000000 --- a/nixpkgs/pkgs/tools/security/cipherscan/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ stdenv, lib, fetchFromGitHub, openssl, makeWrapper, python3, coreutils }: - -stdenv.mkDerivation rec { - pname = "cipherscan"; - version = "2016-08-16"; - - src = fetchFromGitHub { - owner = "mozilla"; - repo = "cipherscan"; - rev = "74dd82e8ad994a140daf79489d3bd1c5ad928d38"; - sha256 = "16azhlmairnvdz7xmwgvfpn2pzw1p8z7c9b27m07fngqjkpx0mhh"; - }; - - nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ python3 ]; - - strictDeps = true; - - buildPhase = '' - substituteInPlace cipherscan --replace '$0' 'cipherscan' - ''; - - installPhase = '' - mkdir -p $out/bin - - cp cipherscan $out/bin - cp openssl.cnf $out/bin - cp analyze.py $out/bin/cipherscan-analyze - - wrapProgram $out/bin/cipherscan \ - --set NOAUTODETECT 1 \ - --set TIMEOUTBIN "${coreutils}/bin/timeout" \ - --set OPENSSLBIN "${openssl}/bin/openssl" - ''; - - meta = with lib; { - inherit (src.meta) homepage; - description = "Very simple way to find out which SSL ciphersuites are supported by a target"; - license = licenses.mpl20; - platforms = platforms.all; - maintainers = with maintainers; [ cstrahan fpletz ]; - }; -} diff --git a/nixpkgs/pkgs/tools/security/cirrusgo/default.nix b/nixpkgs/pkgs/tools/security/cirrusgo/default.nix new file mode 100644 index 000000000000..56fb7c71b1ec --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cirrusgo/default.nix @@ -0,0 +1,26 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "cirrusgo"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "Ph33rr"; + repo = pname; + rev = "v${version}"; + hash = "sha256-FYI/Ldu91YB/4wCiVADeYxYQOeBGro1msY5VXsnixw4="; + }; + + vendorSha256 = "sha256-KCf2KQ8u+nX/+zMGZ6unWb/Vz6zPNkKtMioFo1FlnVI="; + + meta = with lib; { + description = "Tool to scan SAAS and PAAS applications"; + homepage = "https://github.com/Ph33rr/cirrusgo"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/clamav/default.nix b/nixpkgs/pkgs/tools/security/clamav/default.nix index cc1eaf8265cf..16cd827b8f3b 100644 --- a/nixpkgs/pkgs/tools/security/clamav/default.nix +++ b/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -1,59 +1,43 @@ -{ lib, stdenv, fetchurl, pkg-config +{ lib, stdenv, fetchurl, pkg-config, cmake , zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2 , libmspack, systemd, Foundation, json_c, check +, rustc, rust-bindgen, rustfmt, cargo, python3 }: stdenv.mkDerivation rec { pname = "clamav"; - version = "0.103.5"; + version = "0.105.1"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "sha256-HnSx4dKoqQVkScMT9Ippg7nVug1vte8LK+atPIQaVCY="; + sha256 = "sha256-0rwWN024iablpqxA+MbnACVKA5rKpTaIWgnu6kuFKfY="; }; - # don't install sample config files into the absolute sysconfdir folder - postPatch = '' - substituteInPlace Makefile.in --replace ' etc ' ' ' - ''; + patches = [ + # Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed + ./remove-freshclam-test.patch + ./sample-cofiguration-file-install-location.patch + ]; enableParallelBuilding = true; - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ]; buildInputs = [ zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check ] ++ lib.optional stdenv.isLinux systemd ++ lib.optional stdenv.isDarwin Foundation; - configureFlags = [ - "--libdir=$(out)/lib" - "--sysconfdir=/etc/clamav" - "--disable-llvm" # enabling breaks the build at the moment - "--with-zlib=${zlib.dev}" - "--with-xml=${libxml2.dev}" - "--with-openssl=${openssl.dev}" - "--with-libcurl=${curl.dev}" - "--with-libjson=${json_c.dev}" - "--with-system-libmspack" - "--enable-milter" - "--disable-unrar" # disable unrar because it's non-free and requires some extra patching to work properly - "--enable-check" - ] ++ lib.optional stdenv.isLinux - "--with-systemdsystemunitdir=$(out)/lib/systemd"; + cmakeFlags = [ + "-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd" + "-DAPP_CONFIG_DIRECTORY=/etc/clamav" + ]; - postInstall = '' - mkdir $out/etc - cp etc/*.sample $out/etc - ''; - - # Only required for the unit tests - hardeningDisable = [ "format" ]; doCheck = true; meta = with lib; { homepage = "https://www.clamav.net"; description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; license = licenses.gpl2; - maintainers = with maintainers; [ robberer qknight fpletz globin ]; + maintainers = with maintainers; [ robberer qknight globin ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/clamav/remove-freshclam-test.patch b/nixpkgs/pkgs/tools/security/clamav/remove-freshclam-test.patch new file mode 100644 index 000000000000..93078b52aaad --- /dev/null +++ b/nixpkgs/pkgs/tools/security/clamav/remove-freshclam-test.patch @@ -0,0 +1,20 @@ +diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt +index 1460357ba..1194abc9d 100644 +--- a/unit_tests/CMakeLists.txt ++++ b/unit_tests/CMakeLists.txt +@@ -371,15 +371,6 @@ if(ENABLE_APP) + set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE}) + endif() + +- add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py +- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +- set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT}) +- if(Valgrind_FOUND) +- add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py +- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +- set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE}) +- endif() +- + add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) + set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT}) diff --git a/nixpkgs/pkgs/tools/security/clamav/sample-cofiguration-file-install-location.patch b/nixpkgs/pkgs/tools/security/clamav/sample-cofiguration-file-install-location.patch new file mode 100644 index 000000000000..46444627dd38 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/clamav/sample-cofiguration-file-install-location.patch @@ -0,0 +1,29 @@ +diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt +index 826fff1..3cefc34 100644 +--- a/etc/CMakeLists.txt ++++ b/etc/CMakeLists.txt +@@ -6,14 +6,14 @@ install( + FILES + ${CMAKE_CURRENT_SOURCE_DIR}/clamd.conf.sample + DESTINATION +- ${APP_CONFIG_DIRECTORY} ++ ${CMAKE_INSTALL_PREFIX}/${APP_CONFIG_DIRECTORY} + COMPONENT programs) + + install( + FILES + ${CMAKE_CURRENT_SOURCE_DIR}/freshclam.conf.sample + DESTINATION +- ${APP_CONFIG_DIRECTORY} ++ ${CMAKE_INSTALL_PREFIX}/${APP_CONFIG_DIRECTORY} + COMPONENT programs) + + if(ENABLE_MILTER) +@@ -21,6 +21,6 @@ if(ENABLE_MILTER) + FILES + ${CMAKE_CURRENT_SOURCE_DIR}/clamav-milter.conf.sample + DESTINATION +- ${APP_CONFIG_DIRECTORY} ++ ${CMAKE_INSTALL_PREFIX}/${APP_CONFIG_DIRECTORY} + COMPONENT programs) + endif() diff --git a/nixpkgs/pkgs/tools/security/clevis/default.nix b/nixpkgs/pkgs/tools/security/clevis/default.nix index 753fd8a6395e..6cfd10347859 100644 --- a/nixpkgs/pkgs/tools/security/clevis/default.nix +++ b/nixpkgs/pkgs/tools/security/clevis/default.nix @@ -1,6 +1,21 @@ -{ lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, asciidoc -, makeWrapper, jansson, jose, cryptsetup, curl, libpwquality, luksmeta -, coreutils, tpm2-tools +{ lib +, stdenv +, fetchFromGitHub +, meson +, ninja +, pkg-config +, asciidoc +, makeWrapper +, jansson +, jose +, cryptsetup +, curl +, libpwquality +, luksmeta +, coreutils +, tpm2-tools +, gnugrep +, gnused }: stdenv.mkDerivation rec { @@ -24,7 +39,7 @@ stdenv.mkDerivation rec { postInstall = '' # We wrap the main clevis binary entrypoint but not the sub-binaries. wrapProgram $out/bin/clevis \ - --prefix PATH ':' "${tpm2-tools}/bin:${jose}/bin:${placeholder "out"}/bin" + --prefix PATH ':' "${lib.makeBinPath [tpm2-tools jose cryptsetup libpwquality luksmeta gnugrep gnused coreutils]}:${placeholder "out"}/bin" ''; nativeBuildInputs = [ meson ninja pkg-config asciidoc makeWrapper ]; @@ -35,7 +50,7 @@ stdenv.mkDerivation rec { meta = { description = "Automated Encryption Framework"; homepage = "https://github.com/latchset/clevis"; - maintainers = with lib.maintainers; [ fpletz ]; + maintainers = with lib.maintainers; [ ]; license = lib.licenses.gpl3Plus; }; } diff --git a/nixpkgs/pkgs/tools/security/cliam/default.nix b/nixpkgs/pkgs/tools/security/cliam/default.nix new file mode 100644 index 000000000000..8ae75142ba4d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cliam/default.nix @@ -0,0 +1,48 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "cliam"; + version = "2.0.0"; + + src = fetchFromGitHub { + owner = "securisec"; + repo = pname; + rev = version; + hash = "sha256-TEpAY1yY5AFTg5yUZMvTFdZiQ7yBi0rjYgCCksiMfDU="; + }; + + vendorSha256 = "sha256-VCai9rxpnlpviN5W/VIRcNGvPljE2gbFnxA1OKhVElk="; + + nativeBuildInputs = [ + installShellFiles + ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/securisec/cliam/cli/version.Version=${version}" + ]; + + postBuild = '' + # should be called cliam + mv $GOPATH/bin/{cli,cliam} + ''; + + postInstall = '' + installShellCompletion --cmd cliam \ + --bash <($out/bin/cliam completion bash) \ + --fish <($out/bin/cliam completion fish) \ + --zsh <($out/bin/cliam completion zsh) + ''; + + meta = with lib; { + description = "Cloud agnostic IAM permissions enumerator"; + homepage = "https://github.com/securisec/cliam"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cloudlist/default.nix b/nixpkgs/pkgs/tools/security/cloudlist/default.nix index 203b044a6ded..fb9a420e3680 100644 --- a/nixpkgs/pkgs/tools/security/cloudlist/default.nix +++ b/nixpkgs/pkgs/tools/security/cloudlist/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cloudlist"; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - sha256 = "sha256-o5xJwbdYeFF3jWTy/zvswB9dFp/fxtgZB5a+c7cc2OQ="; + sha256 = "sha256-CYEQ+hHFKSHuW2U//59g+oHkxRzVOZzipkOB6KueHvA="; }; - vendorSha256 = "sha256-rzbf/au2qrdoBowsw7DbeCcBbF42bqJDnuKC1sSFxho="; + vendorSha256 = "sha256-pZsRpvSDGpfEVgszB52cZS5Kk+REeLnw3qsyGGVZoa0="; meta = with lib; { description = "Tool for listing assets from multiple cloud providers"; diff --git a/nixpkgs/pkgs/tools/security/commix/default.nix b/nixpkgs/pkgs/tools/security/commix/default.nix new file mode 100644 index 000000000000..452279883bac --- /dev/null +++ b/nixpkgs/pkgs/tools/security/commix/default.nix @@ -0,0 +1,27 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "commix"; + version = "3.5"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "commixproject"; + repo = pname; + rev = "refs/tags/v${version}"; + hash = "sha256-3UCHTgIW7ArXQD0Kj5XwE1I5VszsueXDJ68QWdQrAho="; + }; + + # Project has no tests + doCheck = false; + + meta = with lib; { + description = "Automated Command Injection Exploitation Tool"; + homepage = "https://github.com/commixproject/commix"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cosign/default.nix b/nixpkgs/pkgs/tools/security/cosign/default.nix index 63d36e99032e..9679ebb53c40 100644 --- a/nixpkgs/pkgs/tools/security/cosign/default.nix +++ b/nixpkgs/pkgs/tools/security/cosign/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "cosign"; - version = "1.6.0"; + version = "1.11.0"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-jAkTIO+tmb1vjS2eRWU9Fau7qzPCBlXJCk00iwNpULE="; + sha256 = "sha256-fEgcxxDbSr8rVZ35MwLjT7tinQ1JuqddWRtftTjDdpY="; }; buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite) @@ -16,11 +16,10 @@ buildGoModule rec { nativeBuildInputs = [ pkg-config installShellFiles ]; - vendorSha256 = "sha256-E9zeRlPIIoXo/EfagHC3aDnW747SdsPiqIA384D7NQI="; + vendorSha256 = "sha256-AdsXijxqpsx2Mh0xAvUoie6Oy3ywnGJ1WMg9ZBLWHgc="; subPackages = [ "cmd/cosign" - "cmd/cosign/webhook" "cmd/sget" ]; @@ -33,19 +32,12 @@ buildGoModule rec { "-X sigs.k8s.io/release-utils/version.gitTreeState=clean" ]; - postBuild = '' - # cmd/cosign/webhook should be called cosigned - mv $GOPATH/bin/{webhook,cosigned} - ''; - preCheck = '' # test all paths unset subPackages - rm cmd/cosign/cli/fulcio/fulcioroots/fulcioroots_test.go # Require network access - rm pkg/cosign/kubernetes/webhook/validator_test.go # Require network access rm pkg/cosign/tlog_test.go # Require network access - rm pkg/cosign/tuf/client_test.go # Require network access + rm pkg/cosign/verify_test.go # Require network access ''; postInstall = '' diff --git a/nixpkgs/pkgs/tools/security/crackmapexec/default.nix b/nixpkgs/pkgs/tools/security/crackmapexec/default.nix new file mode 100644 index 000000000000..9646f3a7caf2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crackmapexec/default.nix @@ -0,0 +1,64 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "crackmapexec"; + version = "5.3.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "byt3bl33d3r"; + repo = "CrackMapExec"; + rev = "v${version}"; + hash = "sha256-wPS1PCvR9Ffp0r9lZZkFATt+i+eR5ap16HzLWDZbJKI="; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + pythonRelaxDepsHook + ]; + + propagatedBuildInputs = with python3.pkgs; [ + aioconsole + aardwolf + beautifulsoup4 + dsinternals + impacket + lsassy + msgpack + neo4j + paramiko + pylnk3 + pypsrp + pywerview + requests + requests_ntlm + termcolor + terminaltables + xmltodict + ]; + + postPatch = '' + substituteInPlace pyproject.toml \ + --replace '{ git = "https://github.com/mpgn/impacket.git", branch = "master" }' '"x"' + ''; + + pythonRelaxDeps = true; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "cme" + ]; + + meta = with lib; { + description = "Tool for pentesting networks"; + homepage = "https://github.com/byt3bl33d3r/CrackMapExec"; + license = with licenses; [ bsd2 ]; + maintainers = with maintainers; [ fab ]; + mainProgram = "cme"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crackxls/default.nix b/nixpkgs/pkgs/tools/security/crackxls/default.nix index 748bfdcb2cad..f3c1745321eb 100644 --- a/nixpkgs/pkgs/tools/security/crackxls/default.nix +++ b/nixpkgs/pkgs/tools/security/crackxls/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, pkg-config, autoconf, automake, openssl, libgsf, gmp }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, autoconf, automake, openssl, libgsf, gmp }: stdenv.mkDerivation rec { @@ -12,8 +12,21 @@ stdenv.mkDerivation rec { sha256 = "0q5jl7hcds3f0rhly3iy4fhhbyh9cdrfaw7zdrazzf1wswwhyssz"; }; - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ autoconf automake openssl libgsf gmp ]; + patches = [ + # Pull patch pending upstream inclusion for -fno-common support: + # https://github.com/GavinSmith0123/crackxls2003/pull/3 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/GavinSmith0123/crackxls2003/commit/613d6c1844f76c7b67671aaa265375fed56c2a56.patch"; + sha256 = "1pk67x67d9wji576mc57z5bzqlf9ygvn9m1z47w12mad7qmj9h1n"; + }) + ]; + + nativeBuildInputs = [ pkg-config autoconf automake ]; + buildInputs = [ openssl libgsf gmp ]; + + # Avoid "-O5 -march=native" + makeFlags = [ "OPTIM_FLAGS=" ]; installPhase = '' diff --git a/nixpkgs/pkgs/tools/security/credential-detector/default.nix b/nixpkgs/pkgs/tools/security/credential-detector/default.nix index 1e3497b0ca0e..e4ef8a6e90dc 100644 --- a/nixpkgs/pkgs/tools/security/credential-detector/default.nix +++ b/nixpkgs/pkgs/tools/security/credential-detector/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "credential-detector"; - version = "1.7.0"; + version = "1.11.0"; src = fetchFromGitHub { owner = "ynori7"; repo = pname; rev = "v${version}"; - sha256 = "1g5ja32rsf1b7y9gvmy29qz2ymyyvgh53wzd6vvknfla1df0slab"; + sha256 = "sha256-zUQRzlp/7gZhCm5JYu9kYxcoFjDldCYKarRorOHa3E0="; }; - vendorSha256 = "1mn3sysvdz4b94804gns1yssk2q08djq3kq3cd1h7gm942zwrnq4"; + vendorSha256 = "sha256-VWmfATUbfnI3eJbFTUp6MR1wGESuI15PHZWuon5M5rg="; meta = with lib; { description = "Tool to detect potentially hard-coded credentials"; diff --git a/nixpkgs/pkgs/tools/security/crlfsuite/default.nix b/nixpkgs/pkgs/tools/security/crlfsuite/default.nix new file mode 100644 index 000000000000..409db7195cd3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/crlfsuite/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "crlfsuite"; + version = "2.1.2"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "Nefcore"; + repo = "CRLFsuite"; + rev = "refs/tags/v${version}"; + sha256 = "sha256-Olwt19HauTG2HuG4Pro0ImVbQtWqCgx9gV+2RtePT/8="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + colorama + requests + ]; + + # No tests present + doCheck = false; + + pythonImportsCheck = [ + "crlfsuite" + ]; + + meta = with lib; { + description = "CRLF injection (HTTP Response Splitting) scanner"; + homepage = "https://github.com/Nefcore/CRLFsuite"; + license = licenses.mit; + maintainers = with maintainers; [ c0bw3b fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix index 05e9f1ef384a..19387045e736 100644 --- a/nixpkgs/pkgs/tools/security/cryptomator/default.nix +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -1,18 +1,18 @@ { lib, stdenv, fetchFromGitHub , autoPatchelfHook , fuse, jffi -, maven, jdk, jre, makeWrapper, glib, wrapGAppsHook +, maven, jdk, jre, makeShellWrapper, glib, wrapGAppsHook }: let pname = "cryptomator"; - version = "1.6.7"; + version = "1.6.13"; src = fetchFromGitHub { owner = "cryptomator"; repo = "cryptomator"; rev = version; - sha256 = "sha256-hOILOdVYBnS9XuEXaIJcf2bPF72Lcr7IBX4CFCIsC8k="; + sha256 = "sha256-xQxCSWbovdecTFWFDFu2K+lbA6+bSV2l2kk+R/hFcQ0="; }; # perform fake build to make a fixed-output derivation out of the files downloaded from maven central (120MB) @@ -37,7 +37,7 @@ let outputHashAlgo = "sha256"; outputHashMode = "recursive"; - outputHash = "sha256-XFqXjNjPN2vwA3jay7TS79S4FHksjjrODdD/p4oTvpg="; + outputHash = "sha256-SFiYHUH1Et7/SgciIvLcQGh54Z3fDVp22jSvDavXPjE="; doCheck = false; }; @@ -46,9 +46,14 @@ in stdenv.mkDerivation rec { inherit pname version src; buildPhase = '' + VERSION=${version} + SEMVER_STR=${version} + mvn -Plinux package --offline -Dmaven.test.skip=true -Dmaven.repo.local=$(cp -dpR ${deps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 ''; + + # This is based on the instructins in https://github.com/cryptomator/cryptomator/blob/develop/dist/linux/appimage/build.sh installPhase = '' mkdir -p $out/bin/ $out/share/cryptomator/libs/ $out/share/cryptomator/mods/ @@ -60,13 +65,17 @@ in stdenv.mkDerivation rec { rm $out/share/cryptomator/libs/jff*.jar cp -f ${jffi}/share/java/jffi-complete.jar $out/share/cryptomator/libs/ - makeWrapper ${jre}/bin/java $out/bin/cryptomator \ + makeShellWrapper ${jre}/bin/java $out/bin/cryptomator \ --add-flags "--class-path '$out/share/cryptomator/libs/*'" \ --add-flags "--module-path '$out/share/cryptomator/mods'" \ + --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ + --add-flags "-Dcryptomator.pluginDir='~/.local/share/Cryptomator/plugins'" \ --add-flags "-Dcryptomator.settingsPath='~/.config/Cryptomator/settings.json'" \ --add-flags "-Dcryptomator.ipcSocketPath='~/.config/Cryptomator/ipc.socket'" \ - --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ --add-flags "-Dcryptomator.mountPointsDir='~/.local/share/Cryptomator/mnt'" \ + --add-flags "-Dcryptomator.showTrayIcon=false" \ + --add-flags "-Dcryptomator.buildNumber='nix'" \ + --add-flags "-Dcryptomator.appVersion='${version}'" \ --add-flags "-Djdk.gtk.version=3" \ --add-flags "-Xss20m" \ --add-flags "-Xmx512m" \ @@ -79,14 +88,32 @@ in stdenv.mkDerivation rec { # install desktop entry and icons cp -r ${src}/dist/linux/appimage/resources/AppDir/usr/* $out/ + # The directory is read only when copied, enable read to install additional files + chmod +w -R $out/ + cp ${src}/dist/linux/common/org.cryptomator.Cryptomator256.png $out/share/icons/hicolor/256x256/apps/org.cryptomator.Cryptomator.png + cp ${src}/dist/linux/common/org.cryptomator.Cryptomator512.png $out/share/icons/hicolor/512x512/apps/org.cryptomator.Cryptomator.png + cp ${src}/dist/linux/common/org.cryptomator.Cryptomator.svg $out/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg + cp ${src}/dist/linux/common/org.cryptomator.Cryptomator.desktop $out/share/applications/org.cryptomator.Cryptomator.desktop + cp ${src}/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml $out/share/metainfo/org.cryptomator.Cryptomator.metainfo.xml + cp ${src}/dist/linux/common/application-vnd.cryptomator.vault.xml $out/share/mime/packages/application-vnd.cryptomator.vault.xml ''; - nativeBuildInputs = [ autoPatchelfHook maven makeWrapper wrapGAppsHook jdk ]; + nativeBuildInputs = [ + autoPatchelfHook + maven + makeShellWrapper + wrapGAppsHook + jdk + ]; buildInputs = [ fuse jre glib jffi ]; meta = with lib; { description = "Free client-side encryption for your cloud files"; homepage = "https://cryptomator.org"; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; license = licenses.gpl3Plus; maintainers = with maintainers; [ bachp ]; platforms = platforms.linux; diff --git a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix index dd26ce887eaa..ac3771510c38 100644 --- a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix +++ b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix @@ -3,10 +3,6 @@ , fetchFromGitHub , jsonschema , plotly -, pytest -, pytest-xdist -, pytest-cov -, pytest-asyncio , beautifulsoup4 , pyyaml , isort @@ -25,16 +21,19 @@ , cchardet , pillow , pytestCheckHook +, xmlschema +, setuptools +, packaging }: buildPythonApplication rec { pname = "cve-bin-tool"; - version = "3.0"; + version = "3.1.1"; src = fetchFromGitHub { owner = "intel"; repo = "cve-bin-tool"; rev = "v${version}"; - sha256 = "1fmdnlhi03fdr4d4n7ydf6m0gx0cl77n3db8ldbs3m9zryblhzpr"; + sha256 = "0nz3ax3ldnrzk8694x0p743g5h2zply29ljpn21llbc7ca27zdv9"; }; # Wants to open a sqlite database, access the internet, etc @@ -43,10 +42,6 @@ buildPythonApplication rec { propagatedBuildInputs = [ jsonschema plotly - pytest - pytest-xdist - pytest-cov - pytest-asyncio beautifulsoup4 pyyaml isort @@ -65,6 +60,9 @@ buildPythonApplication rec { cchardet # needed by brotlipy pillow + setuptools + xmlschema + packaging ]; checkInputs = [ @@ -75,10 +73,15 @@ buildPythonApplication rec { "cve_bin_tool" ]; + # required until https://github.com/intel/cve-bin-tool/pull/1665 is merged + postPatch = '' + sed '/^pytest/d' -i requirements.txt + ''; + meta = with lib; { description = "CVE Binary Checker Tool"; homepage = "https://github.com/intel/cve-bin-tool"; - license = licenses.gpl3Only; + license = licenses.gpl3Plus; maintainers = teams.determinatesystems.members; }; } diff --git a/nixpkgs/pkgs/tools/security/dalfox/default.nix b/nixpkgs/pkgs/tools/security/dalfox/default.nix index 5ce633d3cec9..84eccdad312f 100644 --- a/nixpkgs/pkgs/tools/security/dalfox/default.nix +++ b/nixpkgs/pkgs/tools/security/dalfox/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "dalfox"; - version = "2.7.1"; + version = "2.7.5"; src = fetchFromGitHub { owner = "hahwul"; repo = pname; rev = "v${version}"; - sha256 = "sha256-+Jr2pWV3iImKVnXH8mQXauHOh3uJChUe22U4JzIotD0="; + sha256 = "sha256-MCKXhDhpFLZTf0CYS3W4+4FykTuBu7q3Dy+R7RNp11s="; }; - vendorSha256 = "sha256-4ot9qvTsUMxbcbu1y+5Tkvgo3t0MWA1EPSGqM0CM2DU="; + vendorSha256 = "sha256-GW2DgfHEKKWBfW5A7DYqhV2jP3FLDjzpYOMWSTNCN0Q="; meta = with lib; { description = "Tool for analysing parameter and XSS scanning"; diff --git a/nixpkgs/pkgs/tools/security/davtest/default.nix b/nixpkgs/pkgs/tools/security/davtest/default.nix new file mode 100644 index 000000000000..d4a7b6068c55 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/davtest/default.nix @@ -0,0 +1,40 @@ +{ lib, stdenv, perl, perlPackages, fetchurl }: + +stdenv.mkDerivation rec { + pname = "davtest"; + version = "1.0"; + + src = fetchurl { + url = "https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/davtest/davtest-${version}.tar.bz2"; + sha256 = "0kigcgv1bbnan9yr5481s4b9islmvzl2arpg1ig1i39sxrna06y7"; + }; + + postPatch = '' + substituteInPlace davtest.pl \ + --replace "backdoors/" "$out/share/davtest/backdoors/" \ + --replace "tests/" "$out/share/davtest/tests/" + ''; + + buildInputs = [ + (perl.withPackages (p: with p; [ HTTPDAV ])) + ]; + + installPhase = '' + runHook preInstall + + install -Dm755 davtest.pl $out/bin/davtest.pl + mkdir -p $out/share/davtest + cp -r backdoors/ tests/ $out/share/davtest/ + + runHook postInstall + ''; + + meta = with lib; { + description = "Tests WebDAV servers by uploading test files, and then optionally testing for command execution or other actions directly on the target"; + homepage = "https://code.google.com/p/davtest/"; + mainProgram = "davtest.pl"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ emilytrau ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/decoder/default.nix b/nixpkgs/pkgs/tools/security/decoder/default.nix new file mode 100644 index 000000000000..76dd3003d500 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/decoder/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, openssl +}: + +stdenv.mkDerivation rec { + pname = "decoder"; + version = "unstable-2021-11-20"; + + src = fetchFromGitHub { + owner = "PeterPawn"; + repo = "decoder"; + rev = "da0f826629d4e7b873f9d1a39f24c50ff0a68cd2"; + sha256 = "sha256-1sT1/iwtc2ievmLuNuooy9b14pTs1ZC5noDwzFelk7w="; + }; + + patches = [ + # Pull fix pending upstream inclusion for -fno-common toolchains: + # https://github.com/PeterPawn/decoder/pull/29 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/PeterPawn/decoder/commit/843ac477c31108023d8008581bf91c5a3acc1859.patch"; + sha256 = "sha256-rRylz8cxgNyPSqL/THdgEBpzcVx1K+xbjUn4PwP9Jn4="; + }) + ]; + + buildInputs = [ + openssl + ]; + + makeFlags = [ "OPENSSL=y" ]; + + installPhase = '' + runHook preInstall + + install -Dm755 src/decoder "$out/bin/decoder" + + runHook postInstall + ''; + + meta = with lib; { + homepage = "https://github.com/PeterPawn/decoder"; + description = ''"secrets" decoding for FRITZ!OS devices''; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ Luflosi ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dieharder/default.nix b/nixpkgs/pkgs/tools/security/dieharder/default.nix new file mode 100644 index 000000000000..b85a5c39656e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dieharder/default.nix @@ -0,0 +1,36 @@ +{ lib, stdenv, fetchurl, gsl +, dieharder, testers }: + +stdenv.mkDerivation rec { + pname = "dieharder"; + version = "3.31.1"; + + src = fetchurl { + url = "http://webhome.phy.duke.edu/~rgb/General/dieharder/dieharder-${version}.tgz"; + hash = "sha256-bP8P+DlMVTVJrHQzNZzPyVX7JnlCYDFGIN+l5M1Lcn8="; + }; + + patches = [ + # Include missing stdint.h header + ./stdint.patch + ]; + + # Workaround build failure on -fno-common toolchains: + # ld: include/dieharder/parse.h:21: multiple definition of `splitbuf'; + # include/dieharder/parse.h:21: first defined here + NIX_CFLAGS_COMPILE = "-fcommon"; + + buildInputs = [ gsl ]; + + passthru = { + tests.version = testers.testVersion { package = dieharder; }; + }; + + meta = with lib; { + description = "A Random Number Generator test suite"; + homepage = "https://webhome.phy.duke.edu/~rgb/General/dieharder.php"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ zhaofengli ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dieharder/stdint.patch b/nixpkgs/pkgs/tools/security/dieharder/stdint.patch new file mode 100644 index 000000000000..91dccfafd665 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dieharder/stdint.patch @@ -0,0 +1,10 @@ +--- a/include/dieharder/libdieharder.h 2011-10-14 15:41:37.000000000 +0200 ++++ b/include/dieharder/libdieharder.h 2015-03-27 16:34:40.978860858 +0100 +@@ -13,6 +13,7 @@ + #include <stdlib.h> + #include <stdarg.h> + #include <string.h> ++#include <stdint.h> + #include <sys/time.h> + + /* This turns on uint macro in c99 */ diff --git a/nixpkgs/pkgs/tools/security/dirmngr/default.nix b/nixpkgs/pkgs/tools/security/dirmngr/default.nix deleted file mode 100644 index b7aeed2ace14..000000000000 --- a/nixpkgs/pkgs/tools/security/dirmngr/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, stdenv, fetchurl, libgpg-error, libgcrypt, libassuan, libksba, pth, openldap -, libiconv}: - -stdenv.mkDerivation rec { - pname = "dirmngr"; - version = "1.1.1"; - src = fetchurl { - url = "mirror://gnupg/dirmngr/dirmngr-${version}.tar.bz2"; - sha256 = "1zz6m87ca55nq5f59hzm6qs48d37h93il881y7d0rf2d6660na6j"; - }; - buildInputs = [ libgpg-error libgcrypt libassuan libksba - pth openldap libiconv ]; - - meta = { - platforms = lib.platforms.unix; - license = lib.licenses.gpl2Plus; - }; -} diff --git a/nixpkgs/pkgs/tools/security/dismap/default.nix b/nixpkgs/pkgs/tools/security/dismap/default.nix index 57f3795db808..41d00a96cfa6 100644 --- a/nixpkgs/pkgs/tools/security/dismap/default.nix +++ b/nixpkgs/pkgs/tools/security/dismap/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "dismap"; - version = "0.3"; + version = "0.4"; src = fetchFromGitHub { owner = "zhzyker"; repo = pname; rev = "v${version}"; - sha256 = "sha256-WaQdDcBvv4mHdPFAB+spC64YeT3jlfyMYNsTjBILjwA="; + sha256 = "sha256-YjjiS6iLIQvrPS378v2nyrgwWBJ9YtDeNTPz0ze05mU="; }; vendorSha256 = "sha256-GnchyE2TswvjYlehhMYesZruTTwyTorfR+17K0RXXFY="; diff --git a/nixpkgs/pkgs/tools/security/dnsrecon/default.nix b/nixpkgs/pkgs/tools/security/dnsrecon/default.nix index e3fe955eb9f1..8eb823c7f0f7 100644 --- a/nixpkgs/pkgs/tools/security/dnsrecon/default.nix +++ b/nixpkgs/pkgs/tools/security/dnsrecon/default.nix @@ -5,38 +5,34 @@ python3.pkgs.buildPythonApplication rec { pname = "dnsrecon"; - version = "1.0.0"; - format = "other"; + version = "1.1.3"; + format = "setuptools"; src = fetchFromGitHub { owner = "darkoperator"; repo = pname; rev = version; - sha256 = "sha256-VRO5ugr/+iZh+hh3tVs/JNAr7GXao/HK43O3FlkbcSM="; + hash = "sha256-V4/6VUlMizy8EN8ajN56YF+COn3/dfmD0997R+iR86g="; }; propagatedBuildInputs = with python3.pkgs; [ dnspython netaddr lxml + setuptools ]; - postPatch = '' - substituteInPlace dnsrecon.py \ - --replace "namelist.txt" "../share/namelist.txt" + preFixup = '' + # Install wordlists, etc. + install -vD namelist.txt subdomains-*.txt snoop.txt -t $out/share/wordlists ''; - installPhase = '' - runHook preInstall - - install -vD dnsrecon.py $out/bin/dnsrecon - install -vD namelist.txt subdomains-*.txt -t $out/share - install -vd $out/${python3.sitePackages}/ - cp -R lib tools msf_plugin $out/${python3.sitePackages} - - runHook postInstall - ''; + # Tests require access to /etc/resolv.conf + doCheck = false; + pythonImportsCheck = [ + "dnsrecon" + ]; meta = with lib; { description = "DNS Enumeration script"; diff --git a/nixpkgs/pkgs/tools/security/doas/default.nix b/nixpkgs/pkgs/tools/security/doas/default.nix index b79dba7c325f..29c23bbef279 100644 --- a/nixpkgs/pkgs/tools/security/doas/default.nix +++ b/nixpkgs/pkgs/tools/security/doas/default.nix @@ -37,7 +37,8 @@ stdenv.mkDerivation rec { sed -i '/\(chown\|chmod\)/d' GNUmakefile ''; - buildInputs = [ bison pam ]; + nativeBuildInputs = [ bison ]; + buildInputs = [ pam ]; meta = with lib; { description = "Executes the given command as another user"; diff --git a/nixpkgs/pkgs/tools/security/dontgo403/default.nix b/nixpkgs/pkgs/tools/security/dontgo403/default.nix index d1595d9de2b7..b4a108e8eb84 100644 --- a/nixpkgs/pkgs/tools/security/dontgo403/default.nix +++ b/nixpkgs/pkgs/tools/security/dontgo403/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "dontgo403"; - version = "0.3"; + version = "0.5"; src = fetchFromGitHub { owner = "devploit"; repo = pname; rev = version; - hash = "sha256-QHkmnhOLdyci3PAhf/JIiYlCta8DJ3cZb1S6Sim0qGQ="; + hash = "sha256-aVPmS4qIa9v7jnK1YG9EUV81frhu3/0x3zY7akPkpeg="; }; vendorSha256 = "sha256-jF+CSmLHMdlFpttYf3pK84wdfFAHSVPAK8S5zunUzB0="; diff --git a/nixpkgs/pkgs/tools/security/doppler/default.nix b/nixpkgs/pkgs/tools/security/doppler/default.nix index 8b21ef160a2f..524f27df10e8 100644 --- a/nixpkgs/pkgs/tools/security/doppler/default.nix +++ b/nixpkgs/pkgs/tools/security/doppler/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "doppler"; - version = "3.38.0"; + version = "3.40.1"; src = fetchFromGitHub { owner = "dopplerhq"; repo = "cli"; rev = version; - sha256 = "sha256-GKsq6AhkhacG+5XIELpe58bDe5l3BnLCwJHMkCzTzJU="; + sha256 = "sha256-OVfclCkyFw9GO7sGjId40vrmnt4oyHjNYZBNFjyYFUc="; }; - vendorSha256 = "sha256-VPxHxNtDeP5CFDMTeMsZYED9ZGWMquJdeupeCVldY/E="; + vendorSha256 = "sha256-evG1M0ZHfn9hsMsSncwxF5Hr/VJ7y6Ir0D2gHJaunBo="; ldflags = [ "-X github.com/DopplerHQ/cli/pkg/version.ProgramVersion=v${version}" ]; diff --git a/nixpkgs/pkgs/tools/security/duo-unix/default.nix b/nixpkgs/pkgs/tools/security/duo-unix/default.nix index 5769e1a4b7b4..2b42fb171f34 100644 --- a/nixpkgs/pkgs/tools/security/duo-unix/default.nix +++ b/nixpkgs/pkgs/tools/security/duo-unix/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "duo-unix"; - version = "1.12.0"; + version = "1.12.1"; src = fetchurl { url = "https://dl.duosecurity.com/duo_unix-${version}.tar.gz"; - sha256 = "sha256-i7oAmNjXkGn1MCn5EBmidMY/u3h/rzRAHCD4uhVGV/Q="; + sha256 = "sha256-oufVgjJHV4ew50gd529b3MvVtBoebcDUGZUn0rHP4ZE="; }; buildInputs = [ pam openssl zlib ]; diff --git a/nixpkgs/pkgs/tools/security/ecdsautils/default.nix b/nixpkgs/pkgs/tools/security/ecdsautils/default.nix index 6bdac96811a0..0a43260eb831 100644 --- a/nixpkgs/pkgs/tools/security/ecdsautils/default.nix +++ b/nixpkgs/pkgs/tools/security/ecdsautils/default.nix @@ -1,14 +1,17 @@ { lib, stdenv, pkgs }: -stdenv.mkDerivation { - version = "0.4.0"; +let pname = "ecdsautils"; + version = "0.4.1"; +in +stdenv.mkDerivation { + inherit pname version; src = pkgs.fetchFromGitHub { owner = "freifunk-gluon"; - repo = "ecdsautils"; - rev = "07538893fb6c2a9539678c45f9dbbf1e4f222b46"; - sha256 = "18sr8x3qiw8s9l5pfi7r9i3ayplz4jqdml75ga9y933vj7vs0k4d"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-dv0guQTmot5UO1GkMgzvD6uJFyum5kV89LI3xWS1DZA="; }; nativeBuildInputs = with pkgs; [ cmake pkg-config doxygen ]; @@ -16,7 +19,7 @@ stdenv.mkDerivation { meta = with lib; { description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)"; - homepage = "https://github.com/tcatm/ecdsautils/"; + homepage = "https://github.com/freifunk-gluon/ecdsautils/"; license = with licenses; [ mit bsd2 ]; maintainers = with maintainers; [ ]; platforms = platforms.unix; diff --git a/nixpkgs/pkgs/tools/security/efitools/default.nix b/nixpkgs/pkgs/tools/security/efitools/default.nix index 60bb3627cc99..c9deb16ff441 100644 --- a/nixpkgs/pkgs/tools/security/efitools/default.nix +++ b/nixpkgs/pkgs/tools/security/efitools/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Tools for manipulating UEFI secure boot platforms"; - homepage = "https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"; + homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"; license = licenses.gpl2; maintainers = [ maintainers.grahamc ]; platforms = platforms.linux; diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix index 925931e6a3e3..d73a93d851b7 100644 --- a/nixpkgs/pkgs/tools/security/eid-mw/default.nix +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -21,20 +21,20 @@ stdenv.mkDerivation rec { pname = "eid-mw"; # NOTE: Don't just blindly update to the latest version/tag. Releases are always for a specific OS. - version = "5.0.28"; + version = "5.1.4"; src = fetchFromGitHub { owner = "Fedict"; repo = "eid-mw"; rev = "v${version}"; - sha256 = "rrrzw8i271ZZkwY3L6aRw2Nlz+GmDr/1ahYYlUBvtzo="; + sha256 = "pHzjLyQFn7UvFrPUcI/ZQHMOwVp6ndnX9YegJzlhERM="; }; nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ]; buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; preConfigure = '' mkdir openssl - ln -s ${openssl.out}/lib openssl + ln -s ${lib.getLib openssl}/lib openssl ln -s ${openssl.bin}/bin openssl ln -s ${openssl.dev}/include openssl export SSL_PREFIX=$(realpath openssl) diff --git a/nixpkgs/pkgs/tools/security/enpass/default.nix b/nixpkgs/pkgs/tools/security/enpass/default.nix index 00c161eeb730..e7a3eb8bae3c 100644 --- a/nixpkgs/pkgs/tools/security/enpass/default.nix +++ b/nixpkgs/pkgs/tools/security/enpass/default.nix @@ -54,6 +54,7 @@ let meta = with lib; { description = "A well known password manager"; homepage = "https://www.enpass.io/"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.unfree; platforms = [ "x86_64-linux" "i686-linux"]; maintainers = with maintainers; [ ewok ]; diff --git a/nixpkgs/pkgs/tools/security/erosmb/default.nix b/nixpkgs/pkgs/tools/security/erosmb/default.nix new file mode 100644 index 000000000000..c0b4586c3524 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/erosmb/default.nix @@ -0,0 +1,47 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "erosmb"; + version = "0.1.1"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "viktor02"; + repo = "EroSmb"; + rev = "v${version}"; + hash = "sha256-d7iSl7weIHWXDnMYQKxafVd5JrZ0fnuWRDpEirBVdcg="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + chardet + colorama + cryptography + impacket + ldap3 + ldapdomaindump + pyasn1 + setuptools + six + ]; + + # Project has no tests + doCheck = false; + + doInstallCheck = true; + + installCheckPhase = '' + runHook preInstallCheck + $out/bin/erosmb --help + runHook postInstallCheck + ''; + + meta = with lib; { + description = "SMB network scanner"; + homepage = "https://github.com/viktor02/EroSmb"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/evil-winrm/Gemfile b/nixpkgs/pkgs/tools/security/evil-winrm/Gemfile new file mode 100644 index 000000000000..ebdf6f575a05 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/evil-winrm/Gemfile @@ -0,0 +1,7 @@ +source 'https://rubygems.org' + +gem 'winrm' +gem 'winrm-fs' +gem 'stringio' +gem 'logger' +gem 'fileutils' diff --git a/nixpkgs/pkgs/tools/security/evil-winrm/Gemfile.lock b/nixpkgs/pkgs/tools/security/evil-winrm/Gemfile.lock new file mode 100644 index 000000000000..8b442f035590 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/evil-winrm/Gemfile.lock @@ -0,0 +1,51 @@ +GEM + remote: https://rubygems.org/ + specs: + builder (3.2.3) + erubis (2.7.0) + ffi (1.11.1) + fileutils (0.7.2) + gssapi (1.3.0) + ffi (>= 1.0.1) + gyoku (1.3.1) + builder (>= 2.1.2) + httpclient (2.8.3) + little-plugger (1.1.4) + logger (1.4.3) + logging (2.2.2) + little-plugger (~> 1.1) + multi_json (~> 1.10) + multi_json (1.14.1) + nori (2.6.0) + rexml (3.2.5) + rubyntlm (0.6.2) + rubyzip (1.3.0) + stringio (0.0.2) + winrm (2.3.2) + builder (>= 2.1.2) + erubis (~> 2.7) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rexml (>= 3.2.3.1) + rubyntlm (~> 0.6.0, >= 0.6.1) + winrm-fs (1.3.2) + erubis (~> 2.7) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 1.1) + winrm (~> 2.0) + +PLATFORMS + ruby + +DEPENDENCIES + fileutils + logger + stringio + winrm + winrm-fs + +BUNDLED WITH + 2.2.24 diff --git a/nixpkgs/pkgs/tools/security/evil-winrm/default.nix b/nixpkgs/pkgs/tools/security/evil-winrm/default.nix new file mode 100644 index 000000000000..fe10bfaefec0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/evil-winrm/default.nix @@ -0,0 +1,36 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, bundlerEnv }: + +stdenv.mkDerivation rec { + pname = "evil-winrm"; + version = "3.3"; + + src = fetchFromGitHub { + owner = "Hackplayers"; + repo = "evil-winrm"; + rev = "v${version}"; + sha256 = "sha256-uWhRkq7I/XRWSUpR8lWRhDImE6x0pX9/B3gKhRIhkf8="; + }; + + env = bundlerEnv { + name = pname; + gemfile = ./Gemfile; + lockfile = ./Gemfile.lock; + gemset = ./gemset.nix; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ env.wrappedRuby ]; + + installPhase = '' + mkdir -p $out/bin + cp evil-winrm.rb $out/bin/evil-winrm + ''; + + meta = with lib; { + homepage = "https://github.com/Hackplayers/evil-winrm"; + changelog = "https://github.com/Hackplayers/evil-winrm/releases/tag/v${version}"; + description = "WinRM shell for hacking/pentesting"; + license = licenses.lgpl3Plus; + maintainers = with maintainers; [ elohmeier ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/evil-winrm/gemset.nix b/nixpkgs/pkgs/tools/security/evil-winrm/gemset.nix new file mode 100644 index 000000000000..19e4e1cc862e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/evil-winrm/gemset.nix @@ -0,0 +1,187 @@ +{ + builder = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0qibi5s67lpdv1wgcj66wcymcr04q6j4mzws6a479n0mlrmh5wr1"; + type = "gem"; + }; + version = "3.2.3"; + }; + erubis = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1fj827xqjs91yqsydf0zmfyw9p4l2jz5yikg3mppz6d7fi8kyrb3"; + type = "gem"; + }; + version = "2.7.0"; + }; + ffi = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06mvxpjply8qh4j3fj9wh08kdzwkbnvsiysh0vrhlk5cwxzjmblh"; + type = "gem"; + }; + version = "1.11.1"; + }; + fileutils = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "173z4dsqp9khcsl7x93dq1qj9d7rd378a7yfg53b1s6mczlkvh2k"; + type = "gem"; + }; + version = "0.7.2"; + }; + gssapi = { + dependencies = ["ffi"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13l6pqbfrx3vv7cw26nq9p8rnyp9br31gaz85q32wx6hnzfcriwh"; + type = "gem"; + }; + version = "1.3.0"; + }; + gyoku = { + dependencies = ["builder"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1wn0sl14396g5lyvp8sjmcb1hw9rbyi89gxng91r7w4df4jwiidh"; + type = "gem"; + }; + version = "1.3.1"; + }; + httpclient = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19mxmvghp7ki3klsxwrlwr431li7hm1lczhhj8z4qihl2acy8l99"; + type = "gem"; + }; + version = "2.8.3"; + }; + little-plugger = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1frilv82dyxnlg8k1jhrvyd73l6k17mxc5vwxx080r4x1p04gwym"; + type = "gem"; + }; + version = "1.1.4"; + }; + logger = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ihvvl2im9qii31d42c9kfscdg2flfqajs6ycbpslznclmfc71gc"; + type = "gem"; + }; + version = "1.4.3"; + }; + logging = { + dependencies = ["little-plugger" "multi_json"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06j6iaj89h9jhkx1x3hlswqrfnqds8br05xb1qra69dpvbdmjcwn"; + type = "gem"; + }; + version = "2.2.2"; + }; + multi_json = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xy54mjf7xg41l8qrg1bqri75agdqmxap9z466fjismc1rn2jwfr"; + type = "gem"; + }; + version = "1.14.1"; + }; + nori = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "066wc774a2zp4vrq3k7k8p0fhv30ymqmxma1jj7yg5735zls8agn"; + type = "gem"; + }; + version = "2.6.0"; + }; + rexml = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08ximcyfjy94pm1rhcx04ny1vx2sk0x4y185gzn86yfsbzwkng53"; + type = "gem"; + }; + version = "3.2.5"; + }; + rubyntlm = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1p6bxsklkbcqni4bcq6jajc2n57g0w5rzn4r49c3lb04wz5xg0dy"; + type = "gem"; + }; + version = "0.6.2"; + }; + rubyzip = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1qxc2zxwwipm6kviiar4gfhcakpx1jdcs89v6lvzivn5hq1xk78l"; + type = "gem"; + }; + version = "1.3.0"; + }; + stringio = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hj8awh547kf6a7vgs565xh8hicffd0brb2a96jna5lr3a2fvmj8"; + type = "gem"; + }; + version = "0.0.2"; + }; + winrm = { + dependencies = ["builder" "erubis" "gssapi" "gyoku" "httpclient" "logging" "nori" "rexml" "rubyntlm"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19vxrclxc5l8n2agwvv291740s6gna2phg3lkybjb0ldkmpi3sj2"; + type = "gem"; + }; + version = "2.3.2"; + }; + winrm-fs = { + dependencies = ["erubis" "logging" "rubyzip" "winrm"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0fy4yj52kssrm5hchq7l2mbry6w6yvi736p1wjpyv8m19rx7k0c3"; + type = "gem"; + }; + version = "1.3.2"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/evtx/default.nix b/nixpkgs/pkgs/tools/security/evtx/default.nix new file mode 100644 index 000000000000..51f706598fad --- /dev/null +++ b/nixpkgs/pkgs/tools/security/evtx/default.nix @@ -0,0 +1,31 @@ +{ lib +, stdenv +, fetchFromGitHub +, rustPlatform +}: + +rustPlatform.buildRustPackage rec { + pname = "evtx"; + version = "0.7.2"; + + src = fetchFromGitHub { + owner = "omerbenamram"; + repo = pname; + rev = "v${version}"; + hash = "sha256-T165PZhjuX5tUENZoO6x1u2MpMQTfv9dGRmxyNY2ACg="; + }; + + cargoSha256 = "sha256-qcjJoXB0DV1Z5bhGrtyJzfWqE+tVWBOYMJEd+MWFcD8="; + + postPatch = '' + # CLI tests will fail in the sandbox + rm tests/test_cli_interactive.rs + ''; + + meta = with lib; { + description = "Parser for the Windows XML Event Log (EVTX) format"; + homepage = "https://github.com/omerbenamram/evtx"; + license = with licenses; [ asl20 /* or */ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/expliot/default.nix b/nixpkgs/pkgs/tools/security/expliot/default.nix index eb5fd03416f1..4c0318ffa3be 100644 --- a/nixpkgs/pkgs/tools/security/expliot/default.nix +++ b/nixpkgs/pkgs/tools/security/expliot/default.nix @@ -12,6 +12,7 @@ let inherit version; sha256 = "0qiax309my534drk81lihq9ghngr96qnm40kbmgc9ay4fncqq6kh"; }; + doCheck = false; }); }; }; diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index e589ca529c61..744c5c6aabe9 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -1,18 +1,23 @@ -{ stdenv, lib, fetchFromGitHub, makeWrapper }: +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +}: stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-03-24"; + version = "2022-08-10"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; - rev = version; - sha256 = "sha256-G2KFDNNM4NJ7DgQu1+uNjgixzyLFnF0G0YQ29PgYZ/0="; - + rev = "refs/tags/${version}"; + hash = "sha256-t+y28QDeu0tIUidPjSqSPcmOzfaH6SnreuiEBDtKzP0="; }; - nativeBuildInputs = [ makeWrapper ]; + nativeBuildInputs = [ + makeWrapper + ]; installPhase = '' runHook preInstall @@ -26,7 +31,7 @@ stdenv.mkDerivation rec { homepage = "https://github.com/offensive-security/exploitdb"; description = "Archive of public exploits and corresponding vulnerable software"; license = with licenses; [ gpl2Plus gpl3Plus mit ]; - maintainers = with maintainers; [ applePrincess ]; + maintainers = with maintainers; [ applePrincess fab ]; mainProgram = "searchsploit"; }; } diff --git a/nixpkgs/pkgs/tools/security/fail2ban/default.nix b/nixpkgs/pkgs/tools/security/fail2ban/default.nix index 6c3fb0727091..459f9f12c1ea 100644 --- a/nixpkgs/pkgs/tools/security/fail2ban/default.nix +++ b/nixpkgs/pkgs/tools/security/fail2ban/default.nix @@ -17,6 +17,7 @@ python3.pkgs.buildPythonApplication rec { pythonPath = with python3.pkgs; lib.optionals stdenv.isLinux [ systemd + pyinotify ]; patches = [ @@ -26,6 +27,12 @@ python3.pkgs.buildPythonApplication rec { url = "https://github.com/fail2ban/fail2ban/commit/5ac303df8a171f748330d4c645ccbf1c2c7f3497.patch"; sha256 = "sha256-aozQJHwPcJTe/D/PLQzBk1YH3OAP6Qm7wO7cai5CVYI="; }) + # fix use of MutableMapping with Python >= 3.10 + # https://github.com/fail2ban/fail2ban/issues/3142 + (fetchpatch { + url = "https://github.com/fail2ban/fail2ban/commit/294ec73f629d0e29cece3a1eb5dd60b6fccea41f.patch"; + sha256 = "sha256-Eimm4xjBDYNn5QdTyMqGgT5EXsZdd/txxcWJojXlsFE="; + }) ]; preConfigure = '' @@ -73,7 +80,7 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://www.fail2ban.org/"; description = "A program that scans log files for repeated failing login attempts and bans IP addresses"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ eelco lovek323 fpletz ]; + maintainers = with maintainers; [ eelco lovek323 ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix index aecdbf8dd250..1442bba07fb6 100644 --- a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix +++ b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-agent-dispatcher"; - version = "2.1.3"; + version = "2.2.0"; format = "setuptools"; src = fetchFromGitHub { owner = "infobyte"; repo = "faraday_agent_dispatcher"; - rev = version; - hash = "sha256-lqCW1/wRXfN7C9c6TPvninueOgrhzNdjRJ9fuueMyH0="; + rev = "refs/tags/${version}"; + hash = "sha256-dTXTR2H37FDfnpY4Ts6NoYAnJX52yqRZeD2Yf8S/kS8="; }; nativeBuildInputs = with python3.pkgs; [ @@ -49,6 +49,7 @@ python3.pkgs.buildPythonApplication rec { disabledTests = [ "test_execute_agent" + "SSL" ]; disabledTestPaths = [ diff --git a/nixpkgs/pkgs/tools/security/faraday-cli/default.nix b/nixpkgs/pkgs/tools/security/faraday-cli/default.nix index 276252777528..0988b9eb953b 100644 --- a/nixpkgs/pkgs/tools/security/faraday-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/faraday-cli/default.nix @@ -5,13 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-cli"; - version = "2.0.2"; + version = "2.1.6"; + format = "setuptools"; src = fetchFromGitHub { owner = "infobyte"; repo = pname; - rev = "v${version}"; - hash = "sha256-J3YlFsX/maOqWo4ILEMXzIJeQ8vr47ApGGiaBWrUCMs="; + rev = "refs/tags/${version}"; + hash = "sha256-ofL3tRYV2bwF+RYGoLpg/UQPg9HwrCepWAQxXiJkV2E="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -22,8 +23,10 @@ python3.pkgs.buildPythonApplication rec { faraday-plugins jsonschema log-symbols + luddite packaging pyyaml + py-sneakers simple-rest-client spinners tabulate diff --git a/nixpkgs/pkgs/tools/security/feroxbuster/default.nix b/nixpkgs/pkgs/tools/security/feroxbuster/default.nix index ecfc496ce8e7..ef815a8ba148 100644 --- a/nixpkgs/pkgs/tools/security/feroxbuster/default.nix +++ b/nixpkgs/pkgs/tools/security/feroxbuster/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "feroxbuster"; - version = "2.6.1"; + version = "2.7.1"; src = fetchFromGitHub { owner = "epi052"; repo = pname; - rev = "v${version}"; - hash = "sha256-RY9bFuALRaVXDrC0eIx0inPjRqNpRKNZf3mCrKIdGL8="; + rev = version; + hash = "sha256-B6FeY5pWW5+y/0HlVedkm8ol2z9GXgEYe5j7/uMhqsw="; }; - cargoSha256 = "sha256-0Zawlx/lhF7K8nOsHYKO84pnctVMpm3RfnAFCOltOqE="; + cargoSha256 = "sha256-OFgt8yu2wlvkP/wjlmRRl8UyD9MUx9/0Rcs6K8jLkjo="; OPENSSL_NO_VENDOR = true; diff --git a/nixpkgs/pkgs/tools/security/ffuf/default.nix b/nixpkgs/pkgs/tools/security/ffuf/default.nix index a24b4a8452a7..18862b7940df 100644 --- a/nixpkgs/pkgs/tools/security/ffuf/default.nix +++ b/nixpkgs/pkgs/tools/security/ffuf/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "ffuf"; - version = "1.4.0"; + version = "1.5.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-M+wzS/u40zjUNc+63qzkoM9eJ4ruradeJKhhQTP2jxQ="; + sha256 = "sha256-dqABifXA104NCPdrWhB79cZQloJrqwJ45rlh+M/lRrs="; }; vendorSha256 = "sha256-szT08rIozAuliOmge5RFX4NeVrJ2pCVyfotrHuvc0UU="; diff --git a/nixpkgs/pkgs/tools/security/fido2luks/default.nix b/nixpkgs/pkgs/tools/security/fido2luks/default.nix index 1229620c21ca..3c67c4aa7800 100644 --- a/nixpkgs/pkgs/tools/security/fido2luks/default.nix +++ b/nixpkgs/pkgs/tools/security/fido2luks/default.nix @@ -9,13 +9,13 @@ rustPlatform.buildRustPackage rec { pname = "fido2luks"; - version = "0.2.19"; + version = "0.2.20"; src = fetchFromGitHub { owner = "shimunn"; repo = pname; rev = version; - sha256 = "sha256-o21KdsAE9KznobdMMKfVmVnENsLW3cMZjssnrsoN+KY="; + sha256 = "04gl7wn38f42mapmkf026rya668vvhm03yi8iqnz31xgggbr2irm"; }; buildInputs = [ cryptsetup ]; @@ -25,7 +25,7 @@ rustPlatform.buildRustPackage rec { export LIBCLANG_PATH="${llvmPackages.libclang.lib}/lib" ''; - cargoSha256 = "sha256-8JFe3mivf2Ewu1nLMugeeK+9ZXAGPHaqCyKfWfwLOc8="; + cargoSha256 = "1sp52zsj0s3736zih71plnk01si24jsawnx0580qfgg322d5f601"; meta = with lib; { description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"; diff --git a/nixpkgs/pkgs/tools/security/flare-floss/default.nix b/nixpkgs/pkgs/tools/security/flare-floss/default.nix index fbf065dc3b15..6416adec0ece 100644 --- a/nixpkgs/pkgs/tools/security/flare-floss/default.nix +++ b/nixpkgs/pkgs/tools/security/flare-floss/default.nix @@ -2,44 +2,73 @@ , python3 , fetchFromGitHub }: +let + py = python3.override { + packageOverrides = final: prev: { + # required for networkx 2.5.1 + decorator = prev.decorator.overridePythonAttrs (o: o // rec { + version = "4.4.2"; + src = o.src.override { + inherit version; + sha256 = "sha256-46YvBSAXJEDKDcyCN0kxk4Ljd/N/FAoLme9F/suEv+c="; + }; + }); -python3.pkgs.buildPythonPackage rec { + # flare-floss requires this exact version (newer versions are incompatible) + networkx = prev.networkx.overridePythonAttrs (o: o // rec { + version = "2.5.1"; + src = o.src.override { + inherit version; + sha256 = "sha256-EJzVhcrEEpf3EQPDxCrG73N58peI61TLdRvlpmO7I1o="; + }; + }); + }; + }; +in +py.pkgs.buildPythonPackage rec { pname = "flare-floss"; - version = "1.7.0"; + version = "2.0.0"; src = fetchFromGitHub { - owner = "fireeye"; + owner = "mandiant"; repo = "flare-floss"; rev = "v${version}"; - sha256 = "GMOA1+qM2A/Qw33kOTIINEvjsfqjWQWBXHNemh3IK8w="; + fetchSubmodules = true; # for tests + sha256 = "sha256-V4OWYcISyRdjf8x93B6h2hJwRgmRmk32hr8TrgRDu8Q="; }; - propagatedBuildInputs = with python3.pkgs; [ - pyyaml - simplejson + postPatch = '' + substituteInPlace setup.py \ + --replace "==" ">=" + + substituteInPlace floss/main.py \ + --replace 'sigs_path = os.path.join(get_default_root(), "sigs")' 'sigs_path = "'"$out"'/share/flare-floss/sigs"' + ''; + + propagatedBuildInputs = with py.pkgs; [ + halo + networkx + pydantic tabulate - vivisect - plugnplay + tqdm viv-utils - ]; + vivisect + ] ++ viv-utils.optional-dependencies.flirt; - checkInputs = with python3.pkgs; [ + checkInputs = with py.pkgs; [ + pytest-sugar pytestCheckHook + pyyaml ]; - disabledTests = [ - # test data is in a submodule - "test_main" - ]; - - pythonImportsCheck = [ - "floss" - "floss.plugins" - ]; + postInstall = '' + mkdir -p $out/share/flare-floss/ + cp -r sigs $out/share/flare-floss/ + ''; meta = with lib; { description = "Automatically extract obfuscated strings from malware"; - homepage = "https://github.com/fireeye/flare-floss"; + homepage = "https://github.com/mandiant/flare-floss"; license = licenses.asl20; maintainers = teams.determinatesystems.members; }; diff --git a/nixpkgs/pkgs/tools/security/fpm2/default.nix b/nixpkgs/pkgs/tools/security/fpm2/default.nix index 0ca45957d695..15d5a5adcffb 100644 --- a/nixpkgs/pkgs/tools/security/fpm2/default.nix +++ b/nixpkgs/pkgs/tools/security/fpm2/default.nix @@ -1,22 +1,20 @@ -{ lib, stdenv, fetchurl, pkg-config, gnupg, gtk2 -, libxml2, intltool +{ lib, stdenv, fetchurl, pkg-config, gnupg, gtk3 +, libxml2, intltool, nettle }: -with lib; - stdenv.mkDerivation rec { pname = "fpm2"; - version = "0.79"; + version = "0.90"; src = fetchurl { - url = "https://als.regnet.cz/fpm2/download/fpm2-${version}.tar.bz2"; - sha256 = "d55e9ce6be38a44fc1053d82db2d117cf3991a51898bd86d7913bae769f04da7"; + url = "https://als.regnet.cz/fpm2/download/fpm2-${version}.tar.xz"; + sha256 = "1lfzja3vzd6l6hfvw8gvg4qkl5iy6gra5pa8gjlps9l63k2bjfhz"; }; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ gnupg gtk2 libxml2 intltool ]; + buildInputs = [ gnupg gtk3 libxml2 intltool nettle ]; - meta = { + meta = with lib; { description = "GTK2 port from Figaro's Password Manager originally developed by John Conneely, with some new enhancements"; homepage = "https://als.regnet.cz/fpm2/"; license = licenses.gpl2; diff --git a/nixpkgs/pkgs/tools/security/fprintd/default.nix b/nixpkgs/pkgs/tools/security/fprintd/default.nix index b0339846a67d..125cab6b3fd0 100644 --- a/nixpkgs/pkgs/tools/security/fprintd/default.nix +++ b/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -1,5 +1,6 @@ { lib, stdenv , fetchFromGitLab +, fetchpatch , pkg-config , gobject-introspection , meson @@ -25,7 +26,7 @@ stdenv.mkDerivation rec { pname = "fprintd"; - version = "1.94.1"; + version = "1.94.2"; outputs = [ "out" "devdoc" ]; src = fetchFromGitLab { @@ -33,9 +34,17 @@ stdenv.mkDerivation rec { owner = "libfprint"; repo = pname; rev = "v${version}"; - sha256 = "sha256-XHfHPffVp0jV3Md9Gui9v/nyOJ/bTWM3+hiR7WdEsgQ="; + sha256 = "sha256-ePhcIZyXoGr8XlBuzKjpibU9D/44iCXYBlpVR9gcswQ="; }; + patches = [ + # backport upstream patch fixing tests + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/ae04fa989720279e5558c3b8ff9ebe1959b1cf36.patch"; + sha256 = "sha256-jW5vlzrbZQ1gUDLBf7G50GnZfZxhlnL2Eu+9Bghdwdw="; + }) + ]; + nativeBuildInputs = [ pkg-config meson @@ -44,16 +53,7 @@ stdenv.mkDerivation rec { gettext gtk-doc libxslt - # TODO: apply this to D-Bus so that other packages can benefit. - # https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/202 - (dbus.overrideAttrs (attrs: { - postInstall = attrs.postInstall or "" + '' - ln -s ${fetchurl { - url = "https://gitlab.freedesktop.org/dbus/dbus/-/raw/b207135dbd8c09cf8da28f7e3b0a18bb11483663/doc/catalog.xml"; - sha256 = "1/43XwAIcmRXfM4OXOPephyQyUnW8DSveiZbiPvW72I="; - }} $out/share/xml/dbus-1/catalog.xml - ''; - })) + dbus docbook-xsl-nons docbook_xml_dtd_412 ]; @@ -105,6 +105,6 @@ stdenv.mkDerivation rec { description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus"; license = licenses.gpl2Plus; platforms = platforms.linux; - maintainers = with maintainers; [ abbradar elyhaka ]; + maintainers = with maintainers; [ abbradar ]; }; } diff --git a/nixpkgs/pkgs/tools/security/fprintd/tod.nix b/nixpkgs/pkgs/tools/security/fprintd/tod.nix index 4900124f8d19..e1c836e76b25 100644 --- a/nixpkgs/pkgs/tools/security/fprintd/tod.nix +++ b/nixpkgs/pkgs/tools/security/fprintd/tod.nix @@ -1,21 +1,51 @@ -{ fetchFromGitLab +{ lib +, fetchFromGitLab +, fetchpatch , fprintd , libfprint-tod }: -(fprintd.override { libfprint = libfprint-tod; }).overrideAttrs (oldAttrs: - let +(fprintd.override { libfprint = libfprint-tod; }).overrideAttrs (oldAttrs: rec { pname = "fprintd-tod"; version = "1.90.9"; - in - { - inherit pname version; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libfprint"; - repo = "${oldAttrs.pname}"; + repo = "fprintd"; rev = "v${version}"; sha256 = "sha256-rOTVThHOY/Q2IIu2RGiv26UE2V/JFfWWnfKZQfKl5Mg="; }; + + patches = oldAttrs.patches or [] ++ [ + (fetchpatch { + name = "use-more-idiomatic-correct-embedded-shell-scripting"; + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f4256533d1ffdc203c3f8c6ee42e8dcde470a93f.patch"; + sha256 = "sha256-4uPrYEgJyXU4zx2V3gwKKLaD6ty0wylSriHlvKvOhek="; + }) + (fetchpatch { + name = "remove-pointless-copying-of-files-into-build-directory"; + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/2c34cef5ef2004d8479475db5523c572eb409a6b.patch"; + sha256 = "sha256-2pZBbMF1xjoDKn/jCAIldbeR2JNEVduXB8bqUrj2Ih4="; + }) + (fetchpatch { + name = "build-Do-not-use-positional-arguments-in-i18n.merge_file"; + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/50943b1bd4f18d103c35233f0446ce7a31d1817e.patch"; + sha256 = "sha256-ANkAq6fr0VRjkS0ckvf/ddVB2mH4b2uJRTI4H8vPPes="; + }) + ]; + + postPatch = oldAttrs.postPatch or "" + '' + # part of "remove-pointless-copying-of-files-into-build-directory" but git-apply doesn't handle renaming + mv src/device.xml src/net.reactivated.Fprint.Device.xml + mv src/manager.xml src/net.reactivated.Fprint.Manager.xml + ''; + + meta = { + homepage = "https://fprint.freedesktop.org/"; + description = "fprintd built with libfprint-tod to support Touch OEM Drivers"; + license = lib.licenses.gpl2Plus; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ hmenke ]; + }; }) diff --git a/nixpkgs/pkgs/tools/security/fulcio/default.nix b/nixpkgs/pkgs/tools/security/fulcio/default.nix index 300b996524df..e1e0353847bd 100644 --- a/nixpkgs/pkgs/tools/security/fulcio/default.nix +++ b/nixpkgs/pkgs/tools/security/fulcio/default.nix @@ -2,45 +2,50 @@ buildGoModule rec { pname = "fulcio"; - version = "0.2.0"; + version = "0.5.2"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-tCjFx9Ug8rO8cSxQb2vBG/MHSUJCx17lDeGnSGjZLcI="; + sha256 = "sha256-jNsW4eUpqa1a1itEnY1932ta3UpjLxhbHz9byM6/Rxo="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; postFetch = '' cd "$out" git rev-parse HEAD > $out/COMMIT - # '0000-00-00T00:00:00Z' - date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH + # 0000-00-00T00:00:00Z + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-CmtsReP0JacgNyRqCrYZRONwR5eluymrQgsj/ukhYNQ="; + vendorSha256 = "sha256-L+20HvkRAs00tbD5q1ATeLrKoa7VFQlrXChh7AtK0PI="; - # install completions post-install nativeBuildInputs = [ installShellFiles ]; + subPackages = [ "." ]; + ldflags = [ "-s" "-w" - "-X github.com/sigstore/fulcio/cmd/app.gitVersion=v${version}" - "-X github.com/sigstore/fulcio/cmd/app.gitTreeState=clean" + "-X github.com/sigstore/fulcio/pkg/server.gitVersion=v${version}" + "-X github.com/sigstore/fulcio/pkg/server.gitTreeState=clean" ]; # ldflags based on metadata from git and source preBuild = '' - ldflags+=" -X github.com/sigstore/fulcio/cmd/app.gitCommit=$(cat COMMIT)" - ldflags+=" -X github.com/sigstore/fulcio/cmd/app.buildDate=$(cat SOURCE_DATE_EPOCH)" + ldflags+=" -X github.com/sigstore/fulcio/pkg/server.gitCommit=$(cat COMMIT)" + ldflags+=" -X github.com/sigstore/fulcio/pkg/server.buildDate=$(cat SOURCE_DATE_EPOCH)" ''; preCheck = '' - # remove test that requires networking - rm pkg/config/config_test.go + # test all paths + unset subPackages + + # skip test that requires networking + substituteInPlace pkg/config/config_network_test.go \ + --replace "TestLoad" "SkipLoad" ''; postInstall = '' @@ -53,10 +58,8 @@ buildGoModule rec { doInstallCheck = true; installCheckPhase = '' runHook preInstallCheck - $out/bin/fulcio --help $out/bin/fulcio version | grep "v${version}" - runHook postInstallCheck ''; @@ -64,6 +67,16 @@ buildGoModule rec { homepage = "https://github.com/sigstore/fulcio"; changelog = "https://github.com/sigstore/fulcio/releases/tag/v${version}"; description = "A Root-CA for code signing certs - issuing certificates based on an OIDC email address"; + longDescription = '' + Fulcio is a free code signing Certificate Authority, built to make + short-lived certificates available to anyone. Based on an Open ID Connect + email address, Fulcio signs x509 certificates valid for under 20 minutes. + + Fulcio was designed to run as a centralized, public-good instance backed + up by other transparency logs. Development is now underway to support + different delegation models, and to deploy and run Fulcio as a + disconnected instance. + ''; license = licenses.asl20; maintainers = with maintainers; [ lesuisse jk ]; }; diff --git a/nixpkgs/pkgs/tools/security/fwbuilder/default.nix b/nixpkgs/pkgs/tools/security/fwbuilder/default.nix index 66d7a5a7537a..15b67932c55e 100644 --- a/nixpkgs/pkgs/tools/security/fwbuilder/default.nix +++ b/nixpkgs/pkgs/tools/security/fwbuilder/default.nix @@ -1,4 +1,13 @@ -{ stdenv, lib, fetchFromGitHub, cmake, qtbase, wrapQtAppsHook }: +{ lib +, stdenv +, fetchFromGitHub +, cmake +, qtbase +, wrapQtAppsHook +, wayland +, wayland-protocols +, qtwayland +}: stdenv.mkDerivation rec { pname = "fwbuilder"; @@ -16,6 +25,16 @@ stdenv.mkDerivation rec { wrapQtAppsHook ]; + buildInputs = [ + wayland + wayland-protocols + qtwayland + ]; + + NIX_CFLAGS_COMPILE = [ + "-Wno-error=misleading-indentation" + ]; + meta = with lib; { description = "GUI Firewall Management Application"; homepage = "https://github.com/fwbuilder/fwbuilder"; diff --git a/nixpkgs/pkgs/tools/security/fwknop/default.nix b/nixpkgs/pkgs/tools/security/fwknop/default.nix index b56ba93dc7bc..5625ab47058d 100644 --- a/nixpkgs/pkgs/tools/security/fwknop/default.nix +++ b/nixpkgs/pkgs/tools/security/fwknop/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook +{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook , libpcap, texinfo , iptables , gnupgSupport ? true, gnupg, gpgme # Increases dependencies! @@ -17,6 +17,16 @@ stdenv.mkDerivation rec { sha256 = "05kvqhmxj9p2y835w75f3jvhr38bb96cd58mvfd7xil9dhmhn9ra"; }; + patches = [ + # Pull patch pending upstream inclusion for -fno-common tollchains: + # https://github.com/mrash/fwknop/pull/319 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/mrash/fwknop/commit/a8214fd58bc46d23b64b3a55db023c7f5a5ea6af.patch"; + sha256 = "0cp1350q66n455hpd3rdydb9anx66bcirza5gyyyy5232zgg58bi"; + }) + ]; + nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ libpcap texinfo ] ++ lib.optionals gnupgSupport [ gnupg gpgme.dev ] diff --git a/nixpkgs/pkgs/tools/security/gau/default.nix b/nixpkgs/pkgs/tools/security/gau/default.nix index 8113289a9c4f..48f9d7bbbf22 100644 --- a/nixpkgs/pkgs/tools/security/gau/default.nix +++ b/nixpkgs/pkgs/tools/security/gau/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "gau"; - version = "2.0.9"; + version = "2.1.2"; src = fetchFromGitHub { owner = "lc"; repo = pname; rev = "v${version}"; - sha256 = "sha256-8op515+0wDxxU1e08gJ6lg/8NhQScFb4b3mCzBV/VNw="; + sha256 = "sha256-z8JmMMob12wRTdpFoVbRHTDwet9AMXet49lHEDVVAnw="; }; vendorSha256 = "sha256-HQATUCzYvhhlqe4HhNu9H4CqmY2IGLNJ9ydt3/igSmQ="; diff --git a/nixpkgs/pkgs/tools/security/ghidra/build.nix b/nixpkgs/pkgs/tools/security/ghidra/build.nix index bb53a1958e00..3e7197f543d2 100644 --- a/nixpkgs/pkgs/tools/security/ghidra/build.nix +++ b/nixpkgs/pkgs/tools/security/ghidra/build.nix @@ -171,8 +171,12 @@ in stdenv.mkDerivation rec { description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; homepage = "https://ghidra-sre.org/"; platforms = [ "x86_64-linux" "x86_64-darwin" ]; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; license = licenses.asl20; - maintainers = [ "roblabla" ]; + maintainers = with maintainers; [ roblabla ]; }; } diff --git a/nixpkgs/pkgs/tools/security/ghidra/default.nix b/nixpkgs/pkgs/tools/security/ghidra/default.nix index d65d7abc4de6..a382eecce3fe 100644 --- a/nixpkgs/pkgs/tools/security/ghidra/default.nix +++ b/nixpkgs/pkgs/tools/security/ghidra/default.nix @@ -24,12 +24,12 @@ let in stdenv.mkDerivation rec { pname = "ghidra"; - version = "10.1.1"; - versiondate = "20211221"; + version = "10.1.4"; + versiondate = "20220519"; src = fetchzip { url = "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_${version}_build/ghidra_${version}_PUBLIC_${versiondate}.zip"; - sha256 = "1aib24hjfavy31vq0pasbzix9lpqrb90m3hp4n0iakg6ck8jcl5r"; + sha256 = "sha256-cOrmM+uE2ajGaYg9CmDHT3/hje7K9cmsq6u9MjkCHWk="; }; nativeBuildInputs = [ @@ -72,6 +72,7 @@ in stdenv.mkDerivation rec { description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; homepage = "https://github.com/NationalSecurityAgency/ghidra"; platforms = [ "x86_64-linux" "x86_64-darwin" ]; + sourceProvenance = with sourceTypes; [ binaryBytecode ]; license = licenses.asl20; maintainers = with maintainers; [ ck3d govanify mic92 ]; }; diff --git a/nixpkgs/pkgs/tools/security/git-hound/default.nix b/nixpkgs/pkgs/tools/security/git-hound/default.nix index 56fa2ce47636..2d13b11d302d 100644 --- a/nixpkgs/pkgs/tools/security/git-hound/default.nix +++ b/nixpkgs/pkgs/tools/security/git-hound/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "git-hound"; - version = "1.3"; + version = "1.4"; src = fetchFromGitHub { owner = "tillson"; repo = pname; rev = "v${version}"; - sha256 = "1l2bif7qpc1yl93ih01g9jci7ba47rsnpq9js88rz216q93dzmsf"; + sha256 = "sha256-HD5OK8HjnLDbyC/TmVI2HfBRIUCyyHTbA3JvKoeXV5E="; }; - vendorSha256 = "055hpfjbqng513c9rscb8jhnlxj7p82sr8cbsvwnzk569n71qwma"; + vendorSha256 = "sha256-qnIcjk2mzG/51ouhrAW6R3ZqoUSL6ZzYCOVZvKS7sBQ="; meta = with lib; { description = "Reconnaissance tool for GitHub code search"; diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix index bbeca94a993e..5a0d90218f3e 100644 --- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "gitleaks"; - version = "8.5.1"; + version = "8.11.0"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-lx7xjOajFyeetnGcJwX66pIcZw2A7+QGWb5crCoA83g="; + sha256 = "sha256-6zuxEEJlSppR6yBWNKjfNOndICWMnAHaO4mOI9pP7aQ="; }; - vendorSha256 = "sha256-gelUrZOYiThO0+COIv9cOgho/tjv7ZqSKOktWIbdADw="; + vendorSha256 = "sha256-KtBE8zOCSh/sItEpEA+I2cG3U44FJ2wxxVX3F6choUY="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/gitls/default.nix b/nixpkgs/pkgs/tools/security/gitls/default.nix new file mode 100644 index 000000000000..f6ef854ce810 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gitls/default.nix @@ -0,0 +1,34 @@ +{ lib +, buildGoModule +, gitls +, fetchFromGitHub +, testers +}: + +buildGoModule rec { + pname = "gitls"; + version = "1.0.3"; + + src = fetchFromGitHub { + owner = "hahwul"; + repo = pname; + rev = "v${version}"; + hash = "sha256-snoWnq+xmaxWzFthhO/gOYQDUMbpIZR9VkqcPaHzS6g="; + }; + + vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; + + passthru.tests.version = testers.testVersion { + package = gitls; + command = "gitls -version"; + version = "v${version}"; + }; + + meta = with lib; { + description = "Tools to enumerate git repository URL"; + homepage = "https://github.com/hahwul/gitls"; + changelog = "https://github.com/hahwul/gitls/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gitsign/default.nix b/nixpkgs/pkgs/tools/security/gitsign/default.nix new file mode 100644 index 000000000000..00a8a3a4735d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gitsign/default.nix @@ -0,0 +1,24 @@ +{ lib, buildGoModule, fetchFromGitHub, stdenv }: + +buildGoModule rec { + pname = "gitsign"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "sigstore"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-0cu5uJVFiqkvfVxCbrruHLa4Zj0EU75cbgrTrwzo7+U="; + }; + vendorSha256 = "sha256-JMS/OFL2oxQFWa+wNhxS7fXSYQbCSEV3Sakq4rmsolI="; + + ldflags = [ "-s" "-w" "-buildid=" "-X github.com/sigstore/gitsign/pkg/version.gitVersion=${version}" ]; + + meta = { + homepage = "https://github.com/sigstore/gitsign"; + changelog = "https://github.com/sigstore/gitsign/releases/tag/v${version}"; + description = "Keyless Git signing using Sigstore"; + license = lib.licenses.asl20; + maintainers = with lib.maintainers; [ lesuisse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix b/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix index a94be8295ea0..50a1ff98d14f 100644 --- a/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix +++ b/nixpkgs/pkgs/tools/security/gnome-keysign/default.nix @@ -41,7 +41,7 @@ python3.pkgs.buildPythonApplication rec { wrapGAppsHook gobject-introspection ] ++ (with python3.pkgs; [ - Babel + babel babelgladeextractor ]); diff --git a/nixpkgs/pkgs/tools/security/gnupg/1.nix b/nixpkgs/pkgs/tools/security/gnupg/1.nix index 8fc5dce7ba04..5fa9bc0beddb 100644 --- a/nixpkgs/pkgs/tools/security/gnupg/1.nix +++ b/nixpkgs/pkgs/tools/security/gnupg/1.nix @@ -11,6 +11,12 @@ stdenv.mkDerivation rec { buildInputs = [ readline bzip2 ]; + # Workaround build failure on -fno-common toolchains like upstream + # gcc-10. Otherwise build fails as: + # ld: ../util/libutil.a(estream-printf.o):/build/gnupg-1.4.23/util/../include/memory.h:100: multiple definition of + # `memory_debug_mode'; gpgsplit.o:/build/gnupg-1.4.23/tools/../include/memory.h:100: first defined here + NIX_CFLAGS_COMPILE = "-fcommon"; + doCheck = true; meta = with lib; { @@ -29,5 +35,6 @@ stdenv.mkDerivation rec { available. ''; platforms = platforms.all; + mainProgram = "gpg"; }; } diff --git a/nixpkgs/pkgs/tools/security/gnupg/23.nix b/nixpkgs/pkgs/tools/security/gnupg/23.nix index e80804cd002f..b93e533e6fd8 100644 --- a/nixpkgs/pkgs/tools/security/gnupg/23.nix +++ b/nixpkgs/pkgs/tools/security/gnupg/23.nix @@ -1,43 +1,41 @@ { fetchurl, fetchpatch, lib, stdenv, pkg-config, libgcrypt, libassuan, libksba , libgpg-error, libiconv, npth, gettext, texinfo, buildPackages - -# Each of the dependencies below are optional. -# Gnupg can be built without them at the cost of reduced functionality. , guiSupport ? stdenv.isDarwin, enableMinimal ? false -, adns ? null, bzip2 ? null , gnutls ? null , libusb1 ? null , openldap ? null -, tpm2-tss ? null -, pcsclite ? null , pinentry ? null , readline ? null , sqlite ? null , zlib ? null +, adns, bzip2, gnutls, libusb1, openldap +, tpm2-tss, pcsclite, pinentry, readline, sqlite, zlib }: -with lib; - -assert guiSupport -> pinentry != null && enableMinimal == false; +assert guiSupport -> enableMinimal == false; stdenv.mkDerivation rec { pname = "gnupg"; - version = "2.3.4"; + version = "2.3.7"; src = fetchurl { url = "mirror://gnupg/gnupg/${pname}-${version}.tar.bz2"; - sha256 = "sha256-80aOyvsdf5rXtR/R23rr8XzridLvqKBc8vObTUBUAq4="; + sha256 = "sha256-7hY6X7nsmf/BsY5l+u+NCGgAxXE9FaZyq1fTeZ2oNmk="; }; depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ pkg-config texinfo ]; buildInputs = [ libgcrypt libassuan libksba libiconv npth gettext + ] ++ lib.optionals (!enableMinimal) ([ readline libusb1 gnutls adns openldap zlib bzip2 sqlite - ] ++ optional (!stdenv.isDarwin) tpm2-tss ; + ] ++ lib.optional (!stdenv.isDarwin) tpm2-tss); patches = [ ./fix-libusb-include-path.patch ./tests-add-test-cases-for-import-without-uid.patch ./allow-import-of-previously-known-keys-even-without-UI.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch + + # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 + ./v3-0001-Disallow-compressed-signatures-and-certificates.patch ]; postPatch = '' sed -i 's,\(hkps\|https\)://keyserver.ubuntu.com,hkps://keys.openpgp.org,g' configure configure.ac doc/dirmngr.texi doc/gnupg.info-1 - '' + lib.optionalString (stdenv.isLinux && pcsclite != null) '' + '' + lib.optionalString (stdenv.isLinux && (!enableMinimal)) '' sed -i 's,"libpcsclite\.so[^"]*","${lib.getLib pcsclite}/lib/libpcsclite.so",g' scd/scdaemon.c ''; @@ -48,8 +46,8 @@ stdenv.mkDerivation rec { "--with-libassuan-prefix=${libassuan.dev}" "--with-ksba-prefix=${libksba.dev}" "--with-npth-prefix=${npth}" - ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" - ++ optional ( (!stdenv.isDarwin) && (tpm2-tss != null) ) "--with-tss=intel"; + ] ++ lib.optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}" + ++ lib.optional ((!stdenv.isDarwin) && (!enableMinimal)) "--with-tss=intel"; postInstall = if enableMinimal then '' rm -r $out/{libexec,sbin,share} @@ -93,5 +91,6 @@ stdenv.mkDerivation rec { ''; maintainers = with maintainers; [ fpletz vrthra ]; platforms = platforms.all; + mainProgram = "gpg"; }; } diff --git a/nixpkgs/pkgs/tools/security/gnupg/v3-0001-Disallow-compressed-signatures-and-certificates.patch b/nixpkgs/pkgs/tools/security/gnupg/v3-0001-Disallow-compressed-signatures-and-certificates.patch new file mode 100644 index 000000000000..267085dff4c8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gnupg/v3-0001-Disallow-compressed-signatures-and-certificates.patch @@ -0,0 +1,216 @@ +From 459b61fa21db755d6c879c3ef9ab85b3d1786c9f Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour <demi () invisiblethingslab com> +Date: Fri, 27 May 2022 19:51:19 -0400 +Subject: [PATCH GnuPG v3] Disallow compressed signatures and certificates + +Compressed packets have significant attack surface, due to the potential +for both denial of service (zip bombs and the like) and for code +execution via memory corruption vulnerabilities in the decompressor. +Furthermore, I am not aware of any implementation that uses them in keys +or detached signatures. Therefore, disallow their use in such contexts +entirely. This includes signatures that are part of a cleartext-signed +message. + +When parsing detached signatures, forbid any packet that is not a +signature or marker packet. When parsing keys, return an error when +encountering a compressed packet, instead of decompressing the packet. + +Furthermore, certificates, keys, and signatures are not allowed to +contain partial-length or indeterminate-length packets. Reject those in +parse_packet, rather than activating the partial-length filter code. +This is not (yet) implemented for cleartext-signed messages, as these +messages are internally represented as inline-signed messages. + +GnuPG-bug-id: T5993 +Signed-off-by: Demi Marie Obenour <demiobenour () gmail com> +--- + g10/import.c | 18 ++---------------- + g10/mainproc.c | 24 +++++++++++++++++++++--- + g10/packet.h | 2 ++ + g10/parse-packet.c | 44 +++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 68 insertions(+), 20 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index bb0bf67934a8316130cde182cd43d56353e0171d..a8136351f6f7dae8c65634ed8e1c242d323e2009 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1042,22 +1042,8 @@ read_block( IOBUF a, unsigned int options, + switch (pkt->pkttype) + { + case PKT_COMPRESSED: +- if (check_compress_algo (pkt->pkt.compressed->algorithm)) +- { +- rc = GPG_ERR_COMPR_ALGO; +- goto ready; +- } +- else +- { +- compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx ); +- pkt->pkt.compressed->buf = NULL; +- if (push_compress_filter2 (a, cfx, +- pkt->pkt.compressed->algorithm, 1)) +- xfree (cfx); /* e.g. in case of compression_algo NONE. */ +- } +- free_packet (pkt, &parsectx); +- init_packet(pkt); +- break; ++ rc = GPG_ERR_UNEXPECTED; ++ goto ready; + + case PKT_RING_TRUST: + /* Skip those packets unless we are in restore mode. */ +diff --git a/g10/mainproc.c b/g10/mainproc.c +index af11877aa257e46662c42b6ff573ee01c3ad1547..3629fc921b742afd131e8d8e2664b201095990f0 100644 +--- a/g10/mainproc.c ++++ b/g10/mainproc.c +@@ -152,6 +152,7 @@ add_onepass_sig (CTX c, PACKET *pkt) + { + kbnode_t node; + ++ log_assert(!(c->sigs_only && c->signed_data.used)); + if (c->list) /* Add another packet. */ + add_kbnode (c->list, new_kbnode (pkt)); + else /* Insert the first one. */ +@@ -1076,8 +1077,16 @@ proc_compressed (CTX c, PACKET *pkt) + int rc; + + /*printf("zip: compressed data packet\n");*/ +- if (c->sigs_only) +- rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); ++ if ( literals_seen ) ++ { ++ log_error ("Compressed packet follows literal data packet\n"); ++ rc = GPG_ERR_UNEXPECTED; ++ } ++ else if ( c->sigs_only ) ++ { ++ log_assert(!c->signed_data.used); ++ rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c); ++ } + else if( c->encrypt_only ) + rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c); + else +@@ -1596,6 +1605,7 @@ do_proc_packets (CTX c, iobuf_t a) + c->iobuf = a; + init_packet(pkt); + init_parse_packet (&parsectx, a); ++ parsectx.sigs_only = c->sigs_only && c->signed_data.used; + while ((rc=parse_packet (&parsectx, pkt)) != -1) + { + any_data = 1; +@@ -1607,6 +1617,12 @@ do_proc_packets (CTX c, iobuf_t a) + if (gpg_err_code (rc) == GPG_ERR_INV_PACKET + && opt.list_packets == 0) + break; ++ ++ if (gpg_err_code (rc) == GPG_ERR_UNEXPECTED) ++ { ++ write_status_text( STATUS_UNEXPECTED, "0" ); ++ goto leave; ++ } + continue; + } + newpkt = -1; +@@ -1644,7 +1660,9 @@ do_proc_packets (CTX c, iobuf_t a) + case PKT_COMPRESSED: rc = proc_compressed (c, pkt); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break; +- default: newpkt = 0; break; ++ default: ++ log_assert(!c->signed_data.used); ++ newpkt = 0; break; + } + } + else if (c->encrypt_only) +diff --git a/g10/packet.h b/g10/packet.h +index 5a14015a16c872fe7b0b15468598daf7a05ffc02..82dfe786b46051491e7015e64441678140defa9e 100644 +--- a/g10/packet.h ++++ b/g10/packet.h +@@ -657,6 +657,7 @@ struct parse_packet_ctx_s + int free_last_pkt; /* Indicates that LAST_PKT must be freed. */ + int skip_meta; /* Skip ring trust packets. */ + unsigned int n_parsed_packets; /* Number of parsed packets. */ ++ int sigs_only; /* Only accept detached signature packets */ + }; + typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + +@@ -667,6 +668,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t; + (a)->free_last_pkt = 0; \ + (a)->skip_meta = 0; \ + (a)->n_parsed_packets = 0; \ ++ (a)->sigs_only = 0; \ + } while (0) + + #define deinit_parse_packet(a) do { \ +diff --git a/g10/parse-packet.c b/g10/parse-packet.c +index cea1f7ebc5daec3863ae963c1ab25500f86796fe..dca66ff427ea6778e536782ec6bda83584877342 100644 +--- a/g10/parse-packet.c ++++ b/g10/parse-packet.c +@@ -738,6 +738,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + case PKT_ENCRYPTED_MDC: + case PKT_ENCRYPTED_AEAD: + case PKT_COMPRESSED: ++ if (ctx->sigs_only) ++ { ++ log_error (_("partial length packet of type %d in detached" ++ " signature\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } ++ if (onlykeypkts) ++ { ++ log_error (_("partial length packet of type %d in keyring\n"), ++ pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } + iobuf_set_partial_body_length_mode (inp, c & 0xff); + pktlen = 0; /* To indicate partial length. */ + partial = 1; +@@ -775,6 +789,20 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } ++ else if (ctx->sigs_only) ++ { ++ log_error (_("indeterminate length packet of type %d in detached" ++ " signature\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } ++ else if (onlykeypkts) ++ { ++ log_error (_("indeterminate length packet of type %d in" ++ " keyring\n"), pkttype); ++ rc = gpg_error (GPG_ERR_UNEXPECTED); ++ goto leave; ++ } + } + else + { +@@ -828,7 +856,21 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos, + goto leave; + } + +- if (with_uid && pkttype == PKT_USER_ID) ++ if (ctx->sigs_only) ++ switch (pkttype) ++ { ++ case PKT_SIGNATURE: ++ case PKT_MARKER: ++ break; ++ default: ++ log_error(_("Packet type %d not allowed in detached signature\n"), ++ pkttype); ++ iobuf_skip_rest (inp, pktlen, partial); ++ *skip = 1; ++ rc = GPG_ERR_UNEXPECTED; ++ goto leave; ++ } ++ else if (with_uid && pkttype == PKT_USER_ID) + /* If ONLYKEYPKTS is set to 2, then we never skip user id packets, + even if DO_SKIP is set. */ + ; +-- +2.36.1 + diff --git a/nixpkgs/pkgs/tools/security/go365/default.nix b/nixpkgs/pkgs/tools/security/go365/default.nix index 02e4c32c6cee..db075745edeb 100644 --- a/nixpkgs/pkgs/tools/security/go365/default.nix +++ b/nixpkgs/pkgs/tools/security/go365/default.nix @@ -26,5 +26,6 @@ buildGoModule rec { homepage = "https://github.com/optiv/Go365"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; + mainProgram = "Go365"; }; } diff --git a/nixpkgs/pkgs/tools/security/gobuster/default.nix b/nixpkgs/pkgs/tools/security/gobuster/default.nix index cc436a16b587..e11e76cc971b 100644 --- a/nixpkgs/pkgs/tools/security/gobuster/default.nix +++ b/nixpkgs/pkgs/tools/security/gobuster/default.nix @@ -16,8 +16,6 @@ buildGoModule rec { vendorSha256 = "1isp2jd6k4ppns5zi9irj09090imnc0xp6vcps135ymgp8qg4163"; - doCheck = false; - meta = with lib; { description = "Tool used to brute-force URIs, DNS subdomains, Virtual Host names on target web servers"; homepage = "https://github.com/OJ/gobuster"; diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix index ee70413591d4..5286d0f4a275 100644 --- a/nixpkgs/pkgs/tools/security/gopass/default.nix +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.14.0"; + version = "1.14.4"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -21,15 +21,13 @@ buildGoModule rec { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "sha256-swvZrsRuevBe8lVg67J0R9u3GB/Wc2ZR54Y6j1Bsa3E="; + sha256 = "sha256-UQvwkprHGez5qRpk6KodtgX99013rcezbgpaCateI4k="; }; - vendorSha256 = "sha256-Fq9jEJm65efBL5ShcB/XCM70UVDO/8STbbTOOHXrpSk="; + vendorSha256 = "sha256-169KBsJhytzfOgIOHb54gEsLAmhVv+O64hP/DU6cT6A="; subPackages = [ "." ]; - doCheck = false; - ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.commit=${src.rev}" ]; wrapperPath = lib.makeBinPath ( @@ -59,7 +57,7 @@ buildGoModule rec { description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go"; homepage = "https://www.gopass.pw/"; license = licenses.mit; - maintainers = with maintainers; [ rvolosatovs ]; + maintainers = with maintainers; [ rvolosatovs sikmir ]; changelog = "https://github.com/gopasspw/gopass/raw/v${version}/CHANGELOG.md"; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/gopass/git-credential.nix b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix index 0b15e9b02353..9877131d0a34 100644 --- a/nixpkgs/pkgs/tools/security/gopass/git-credential.nix +++ b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "git-credential-gopass"; - version = "1.12.0"; + version = "1.14.3"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "sha256-IvYxpUMclDAKJ/EkRbNrX8eIFyhtY9Q0B0RipweieZA="; + sha256 = "sha256-ggdQL8BU56zE5figmbfHKlZ7WGZ7z5nKunXTy3kn170="; }; - vendorSha256 = "sha256-N6eU6KsnUrYBK90ydwUH8LNkR9KRjgc4ciGOGvy7pw8="; + vendorSha256 = "sha256-fwqkiPzrfo83NweuGONRx8+MOE4wQxg2Xk4/1kZwnCM="; subPackages = [ "." ]; diff --git a/nixpkgs/pkgs/tools/security/gopass/hibp.nix b/nixpkgs/pkgs/tools/security/gopass/hibp.nix new file mode 100644 index 000000000000..49618c53aead --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/hibp.nix @@ -0,0 +1,39 @@ +{ lib +, makeWrapper +, buildGoModule +, fetchFromGitHub +, gopass +}: + +buildGoModule rec { + pname = "gopass-hibp"; + version = "1.14.3"; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-JwZZ2VaSD9xkLny5sFeku5rN4FitI1dyW56JSWPMagM="; + }; + + vendorSha256 = "sha256-YySkVWdfGIT5qz0jTGlLEHoO0vGY0iNZ/oG9IZCjwRE="; + + subPackages = [ "." ]; + + nativeBuildInputs = [ makeWrapper ]; + + ldflags = [ + "-s" "-w" "-X main.version=${version}" "-X main.commit=${src.rev}" + ]; + + postFixup = '' + wrapProgram $out/bin/gopass-hibp --prefix PATH : "${lib.makeBinPath [ gopass ]}" + ''; + + meta = with lib; { + description = "Gopass haveibeenpwnd.com integration"; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ sikmir ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix index c138bde2cc3c..5f6dab2e9069 100644 --- a/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix +++ b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gopass-jsonapi"; - version = "1.11.1"; + version = "1.14.3"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "03xhza7n92xg12z83as9qdvvc0yx1qy6q0c7i4njvng594f9a8x2"; + sha256 = "sha256-uLsKxx2Yr0g3vf2AQqRqRzNsBX2D4+6wwxM+czthL+I="; }; - vendorSha256 = "0d4fyppsdfzvmjb0qvpnfnw0vl6z256bly7hfb0whk6rldks60wr"; + vendorSha256 = "sha256-QEqtyHb+/tpbbHLCSBw7uafAtKzKkmxoFGqFVHSR03I="; subPackages = [ "." ]; diff --git a/nixpkgs/pkgs/tools/security/gopass/summon.nix b/nixpkgs/pkgs/tools/security/gopass/summon.nix index c1be7c9eb081..f3968bb3ce2a 100644 --- a/nixpkgs/pkgs/tools/security/gopass/summon.nix +++ b/nixpkgs/pkgs/tools/security/gopass/summon.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-summon-provider"; - version = "1.12.0"; + version = "1.14.3"; src = fetchFromGitHub { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "sha256-mRZXczIlW1s0VGZJ+KQue4Dz6XCXGfl56+g6iRv2lZg="; + sha256 = "sha256-Pbe5LMQioHDBHeEoT2brtsEBKq4oNROIlLccIjppRVo="; }; - vendorSha256 = "sha256-fiV4rtel2jOw6y/ukOZHeFuNVqxHS3rnYhXJ6JZ+a/8="; + vendorSha256 = "sha256-U0qniRHl4YgSy1GpsaYknMQpjpM8uKNtyLm6YblSd4U="; subPackages = [ "." ]; diff --git a/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix b/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix index 228271742c64..388996c62fb5 100644 --- a/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix +++ b/nixpkgs/pkgs/tools/security/gorilla-bin/default.nix @@ -35,6 +35,7 @@ stdenv.mkDerivation rec { homepage = "https://github.com/zdia/gorilla/wiki"; maintainers = [ lib.maintainers.namore ]; platforms = [ "x86_64-linux" ]; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; license = lib.licenses.gpl2; }; } diff --git a/nixpkgs/pkgs/tools/security/gosh/default.nix b/nixpkgs/pkgs/tools/security/gosh/default.nix index 7d5cd7a15251..a4c74f1a5636 100644 --- a/nixpkgs/pkgs/tools/security/gosh/default.nix +++ b/nixpkgs/pkgs/tools/security/gosh/default.nix @@ -25,5 +25,6 @@ buildGoModule rec { homepage = "https://github.com/redcode-labs/GoSH"; license = licenses.mit; maintainers = with maintainers; [ fab ] ++ teams.redcodelabs.members; + mainProgram = "GoSH"; }; } diff --git a/nixpkgs/pkgs/tools/security/gowitness/default.nix b/nixpkgs/pkgs/tools/security/gowitness/default.nix new file mode 100644 index 000000000000..ef0d25783c09 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gowitness/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "gowitness"; + version = "2.4.0"; + + src = fetchFromGitHub { + owner = "sensepost"; + repo = pname; + rev = version; + hash = "sha256-6O4pGsUu9tG3VAIGaD9aauXaVMhvK+HpEjByE0AwVnE="; + }; + + vendorSha256 = "sha256-6FgYDiz050ZlC1XBz7dKkVFKY7gkGhIm0ND23tMwxC8="; + + meta = with lib; { + description = "Web screenshot utility"; + homepage = "https://github.com/sensepost/gowitness"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gpg-tui/default.nix b/nixpkgs/pkgs/tools/security/gpg-tui/default.nix index 8e0fb95c7c43..4ab4d468d068 100644 --- a/nixpkgs/pkgs/tools/security/gpg-tui/default.nix +++ b/nixpkgs/pkgs/tools/security/gpg-tui/default.nix @@ -16,16 +16,16 @@ rustPlatform.buildRustPackage rec { pname = "gpg-tui"; - version = "0.8.3"; + version = "0.9.1"; src = fetchFromGitHub { owner = "orhun"; repo = "gpg-tui"; rev = "v${version}"; - hash = "sha256-lqV09FEZAw1ir2cJr8ABhbgSoZoWnxhbxyA1HAufLQA="; + hash = "sha256-eUUHH6bPfYjkHo7C7GWzewTpT8je7TQK9M8mTM5v59s="; }; - cargoHash = "sha256-RMF4/WJRcpHuXKMvDYAGaJxUazcpkQCpv//u5XOd9Dg="; + cargoHash = "sha256-GtSvDfG9lRUirm4d6PSaOBLTHZJT2PH0Sx/9GVquX5M="; nativeBuildInputs = [ gpgme # for gpgme-config @@ -49,6 +49,7 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "Terminal user interface for GnuPG"; homepage = "https://github.com/orhun/gpg-tui"; + changelog = "https://github.com/orhun/gpg-tui/blob/${src.rev}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ dotlambda ]; }; diff --git a/nixpkgs/pkgs/tools/security/graphqlmap/default.nix b/nixpkgs/pkgs/tools/security/graphqlmap/default.nix new file mode 100644 index 000000000000..84b72d3b6a16 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/graphqlmap/default.nix @@ -0,0 +1,35 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "graphqlmap"; + version = "unstable-2022-01-17"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "swisskyrepo"; + repo = "GraphQLmap"; + rev = "98997bd7cf647aac7378b72913241060464749b1"; + hash = "sha256-lGnhNwtDc8KoPlwJ1p2FYq0NQ8PhSR3HgtluU7uxa/c="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + ]; + + # Tests are not available + doCheck = false; + + pythonImportsCheck = [ + "graphqlmap" + ]; + + meta = with lib; { + description = "Tool to interact with a GraphQL endpoint"; + homepage = "https://github.com/swisskyrepo/GraphQLmap"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/graphw00f/default.nix b/nixpkgs/pkgs/tools/security/graphw00f/default.nix new file mode 100644 index 000000000000..ef8147ed24cd --- /dev/null +++ b/nixpkgs/pkgs/tools/security/graphw00f/default.nix @@ -0,0 +1,37 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "graphw00f"; + version = "1.1.2"; + format = "other"; + + src = fetchFromGitHub { + owner = "dolevf"; + repo = pname; + rev = version; + hash = "sha256-DzpSbaGYtRXtRjZBn9rgZumuCqdZ/auKiWO5/TYIE34="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + ]; + + installPhase = '' + runHook preInstall + + install -vD main.py $out/bin/graphw00f + install -vD {conf,version}.py -t $out/${python3.sitePackages}/ + install -vD graphw00f/* -t $out/${python3.sitePackages}/graphw00f + + runHook postInstall + ''; + meta = with lib; { + description = "GraphQL Server Engine Fingerprinting utility"; + homepage = "https://github.com/dolevf/graphw00f"; + license = licenses.bsd3; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index 3e3dc6ff098a..aa7b9158adea 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -1,4 +1,5 @@ { lib +, stdenv , buildGoModule , fetchFromGitHub , installShellFiles @@ -6,13 +7,13 @@ buildGoModule rec { pname = "grype"; - version = "0.34.7"; + version = "0.42.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-t95efLTqPnmYiXTBxuxEoDdafoZC/bXXTfKdA8gy3fk="; + hash = "sha256-MShlKtrorqXRInQ01dEzVeLDRDua9PISkficF02PrBI="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -25,7 +26,7 @@ buildGoModule rec { ''; }; - vendorSha256 = "sha256-FZMgS0aNZVq4nvwog4l62dOzC6wW7pQCNbOW1/jssWo="; + vendorSha256 = "sha256-MusEvYNaMM0kqHSDdenPKo4IrIFmvPHSCRzciKMFiew="; nativeBuildInputs = [ installShellFiles diff --git a/nixpkgs/pkgs/tools/security/hakrawler/default.nix b/nixpkgs/pkgs/tools/security/hakrawler/default.nix index 0e2174e50ae5..a2b62f9b270a 100644 --- a/nixpkgs/pkgs/tools/security/hakrawler/default.nix +++ b/nixpkgs/pkgs/tools/security/hakrawler/default.nix @@ -1,20 +1,20 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "hakrawler"; - version = "2.0"; + version = "2.1"; src = fetchFromGitHub { owner = "hakluke"; repo = "hakrawler"; rev = version; - sha256 = "sha256-g0hJGRPLgnWAeB25iIw/JRANrYowfRtAniDD/yAQWYk="; + hash = "sha256-ZJG5KlIlzaztG27NoSlILj0I94cm2xZq28qx1ebrSmc="; }; - vendorSha256 = "sha256-VmMNUNThRP1jEAjZeJC4q1IvnQEDqoOM+7a0AnABQnU="; + vendorSha256 = "sha256-NzgFwPvuEZ2/Ks5dZNRJjzzCNPRGelQP/A6eZltqkmM="; meta = with lib; { description = "Web crawler for the discovery of endpoints and assets"; diff --git a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix index e51d93e9d7fa..d639c1aa211c 100644 --- a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix +++ b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix @@ -8,13 +8,13 @@ stdenv.mkDerivation rec { pname = "hash-slinger"; - version = "3.1"; + version = "3.2"; src = fetchFromGitHub { owner = "letoams"; repo = pname; rev = version; - sha256 = "sha256-mhMUdZt846QjwRIh2m/4EE+93fUcCKc2FFeoFpzKYvk="; + sha256 = "sha256-PfOEGqPMGLixoqHENZnxOv9nK+dYMqe6P0k+ZiJMik0="; }; pythonPath = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/hashdeep/default.nix b/nixpkgs/pkgs/tools/security/hashdeep/default.nix index 0e24e0ec3a39..b98103442863 100644 --- a/nixpkgs/pkgs/tools/security/hashdeep/default.nix +++ b/nixpkgs/pkgs/tools/security/hashdeep/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, autoreconfHook }: stdenv.mkDerivation rec { pname = "hashdeep"; @@ -11,6 +11,17 @@ stdenv.mkDerivation rec { sha256 = "0m2b042ndikavmplv3qjdhfj44hl1h8car83c192xi9nv5ahi7mf"; }; + patches = [ + (fetchpatch { + # Relevant link: <https://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#1512> + # Defect report fixed in GCC 11 + # Search for "DR 1512" in <https://gcc.gnu.org/gcc-11/changes.html> + name = "fix-cpp-defect-report-1512.patch"; + url = "https://github.com/jessek/hashdeep/commit/6ef69a26126ee4e69a25392fd456b8a66c51dffd.patch"; + sha256 = "sha256-IrqcnrKINeoh56FR25FzSM1YJMkM2yFd/GwOeWGRLFo="; + }) + ]; + nativeBuildInputs = [ autoreconfHook ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/haveged/default.nix b/nixpkgs/pkgs/tools/security/haveged/default.nix index 2386bb90d1ac..c28ae465e0eb 100644 --- a/nixpkgs/pkgs/tools/security/haveged/default.nix +++ b/nixpkgs/pkgs/tools/security/haveged/default.nix @@ -1,14 +1,17 @@ -{ lib, stdenv, fetchFromGitHub }: +{ lib +, stdenv +, fetchFromGitHub +}: stdenv.mkDerivation rec { pname = "haveged"; - version = "1.9.17"; + version = "1.9.18"; src = fetchFromGitHub { owner = "jirka-h"; repo = "haveged"; rev = "v${version}"; - sha256 = "sha256-uVl+TZVMsf+9aRATQndYMK4l4JfOBvstd1O2nTHyMYU="; + hash = "sha256-fyL/J2A13ap582j4gdC8u63Ah67Old+BaO/CLyEeN/g="; }; strictDeps = true; diff --git a/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/nixpkgs/pkgs/tools/security/hcxtools/default.nix index 15abe8449eb0..2a0d0fe94054 100644 --- a/nixpkgs/pkgs/tools/security/hcxtools/default.nix +++ b/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxtools"; - version = "6.2.5"; + version = "6.2.7"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "sha256-f8QNP4ApBdgZooeWOs4Om2LtIFoiBbe1ZfCzokyzs0I="; + sha256 = "sha256-C9Vh8PEbxNm+8KnE6F++2CzvDwAzG/AGBYYTwFZvwBA="; }; nativeBuildInputs = [ pkg-config ]; diff --git a/nixpkgs/pkgs/tools/security/hfinger/default.nix b/nixpkgs/pkgs/tools/security/hfinger/default.nix index 8116c222d077..2c584f35ff4f 100644 --- a/nixpkgs/pkgs/tools/security/hfinger/default.nix +++ b/nixpkgs/pkgs/tools/security/hfinger/default.nix @@ -18,7 +18,7 @@ python3.pkgs.buildPythonApplication rec { propagatedBuildInputs = with python3.pkgs; [ fnvhash - python_magic + python-magic ] ++ [ wireshark-cli ]; diff --git a/nixpkgs/pkgs/tools/security/himitsu-firefox/default.nix b/nixpkgs/pkgs/tools/security/himitsu-firefox/default.nix new file mode 100644 index 000000000000..9207ca7646f8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/himitsu-firefox/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, fetchFromSourcehut +, hare +, himitsu +, zip +}: + +stdenv.mkDerivation rec { + pname = "himitsu-firefox"; + version = "0.3"; + + src = fetchFromSourcehut { + name = pname + "-src"; + owner = "~sircmpwn"; + repo = pname; + rev = "d6d0fdb30aefc93f6ff7d48e5737557051f1ffea"; + hash = "sha256-5RbNdEGPnfDt1KDeU2LnuRsqqqMRyV/Dh2cgEWkz4vQ="; + }; + + nativeBuildInputs = [ + hare + zip + ]; + + buildInputs = [ + himitsu + ]; + + preConfigure = '' + export HARECACHE=$(mktemp -d) + ''; + + buildFlags = [ "LIBEXECDIR=$(out)/libexec" ]; + + # Only install the native component; per the docs: + # > To install the add-on for Firefox ESR, run make install-xpi. Be advised + # > that this will probably not work. The recommended installation procedure + # > for the native extension is to install it from addons.mozilla.org instead. + installTargets = [ "install-native" ]; + installFlags = [ "PREFIX=" "DESTDIR=$(out)" ]; + + meta = with lib; { + homepage = "https://git.sr.ht/~sircmpwn/himitsu-firefox"; + description = "Himitsu integration for Firefox"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ auchter ]; + inherit (hare.meta) platforms badPlatforms; + }; +} diff --git a/nixpkgs/pkgs/tools/security/himitsu/default.nix b/nixpkgs/pkgs/tools/security/himitsu/default.nix new file mode 100644 index 000000000000..ad91081f9ec0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/himitsu/default.nix @@ -0,0 +1,38 @@ +{ lib +, stdenv +, fetchFromSourcehut +, hare +, scdoc +}: + +stdenv.mkDerivation rec { + pname = "himitsu"; + version = "0.1"; + + src = fetchFromSourcehut { + name = pname + "-src"; + owner = "~sircmpwn"; + repo = pname; + rev = "003c14747fcddceb5359c9503f20c44b15fea5fa"; + hash = "sha256-tzBTDJKMuFh9anURy1aKQTmt77tI7wZDZQiOUowuomk="; + }; + + nativeBuildInputs = [ + hare + scdoc + ]; + + preConfigure = '' + export HARECACHE=$(mktemp -d) + ''; + + installFlags = [ "PREFIX=" "DESTDIR=$(out)" ]; + + meta = with lib; { + homepage = "https://himitsustore.org/"; + description = "A secret storage manager"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ auchter ]; + inherit (hare.meta) platforms badPlatforms; + }; +} diff --git a/nixpkgs/pkgs/tools/security/hologram/default.nix b/nixpkgs/pkgs/tools/security/hologram/default.nix index ebb884378267..8f5e48ee37ec 100644 --- a/nixpkgs/pkgs/tools/security/hologram/default.nix +++ b/nixpkgs/pkgs/tools/security/hologram/default.nix @@ -1,22 +1,26 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub }: -buildGoPackage rec { +buildGoModule rec { pname = "hologram"; - version = "unstable-2018-03-19"; + version = "1.2.1"; src = fetchFromGitHub { owner = "AdRoll"; repo = "hologram"; - rev = "a7bab58642b530edb75b9cf6c1d834c85822ceac"; - sha256 = "00scryz8js6gbw8lp2y23qikbazz2dd992r97rqh0l1q4baa0ckn"; + rev = version; + sha256 = "sha256-rdV/oVo+M5ALyU3a3XlA4kt+TLg0Rnr7/qDyZ9iuIb4="; }; - goPackagePath = "github.com/AdRoll/hologram"; - - preConfigure = '' + postPatch = '' sed -i 's|cacheTimeout != 3600|cacheTimeout != 0|' cmd/hologram-server/main.go + + rm -f agent/metadata_service_test.go server/persistent_ldap_test.go server/server_test.go ''; + vendorSha256 = "sha256-pEYMpBiNbq5eSDiFT+9gMjGHDeTzWIej802Zz6Xtays="; + + ldflags = [ "-s" "-w" ]; + meta = with lib; { homepage = "https://github.com/AdRoll/hologram/"; description = "Easy, painless AWS credentials on developer laptops"; diff --git a/nixpkgs/pkgs/tools/security/honggfuzz/default.nix b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix index 7333c20fd7b8..300e41750bab 100644 --- a/nixpkgs/pkgs/tools/security/honggfuzz/default.nix +++ b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix @@ -1,51 +1,49 @@ { lib, stdenv, fetchFromGitHub, callPackage, makeWrapper, clang, llvm, libbfd , libopcodes, libunwind, libblocksruntime }: -let - honggfuzz = stdenv.mkDerivation rec { - pname = "honggfuzz"; - version = "2.5"; - - src = fetchFromGitHub { - owner = "google"; - repo = pname; - rev = version; - sha256 = "sha256-TkyUKmiiSAfCnfQhSOUxuce6+dRyMmHy7vFK59jPIxM="; - }; - - postPatch = '' - substituteInPlace hfuzz_cc/hfuzz-cc.c \ - --replace '"clang' '"${clang}/bin/clang' - ''; +stdenv.mkDerivation rec { + pname = "honggfuzz"; + version = "2.5"; + + src = fetchFromGitHub { + owner = "google"; + repo = pname; + rev = version; + sha256 = "sha256-TkyUKmiiSAfCnfQhSOUxuce6+dRyMmHy7vFK59jPIxM="; + }; - enableParallelBuilding = true; - - nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ llvm ]; - propagatedBuildInputs = [ libbfd libopcodes libunwind libblocksruntime ]; - - makeFlags = [ "PREFIX=$(out)" ]; - - meta = { - description = - "A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer"; - longDescription = '' - Honggfuzz is a security oriented, feedback-driven, evolutionary, - easy-to-use fuzzer with interesting analysis options. It is - multi-process and multi-threaded, blazingly fast when the persistent - fuzzing mode is used and has a solid track record of uncovered security - bugs. - - Honggfuzz uses low-level interfaces to monitor processes and it will - discover and report hijacked/ignored signals from crashes. Feed it - a simple corpus directory (can even be empty for the feedback-driven - fuzzing), and it will work its way up, expanding it by utilizing - feedback-based coverage metrics. - ''; - homepage = "https://honggfuzz.dev/"; - license = lib.licenses.asl20; - platforms = [ "x86_64-linux" ]; - maintainers = with lib.maintainers; [ cpu ]; - }; + postPatch = '' + substituteInPlace hfuzz_cc/hfuzz-cc.c \ + --replace '"clang' '"${clang}/bin/clang' + ''; + + enableParallelBuilding = true; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ llvm ]; + propagatedBuildInputs = [ libbfd libopcodes libunwind libblocksruntime ]; + + makeFlags = [ "PREFIX=$(out)" ]; + + meta = { + description = + "A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer"; + longDescription = '' + Honggfuzz is a security oriented, feedback-driven, evolutionary, + easy-to-use fuzzer with interesting analysis options. It is + multi-process and multi-threaded, blazingly fast when the persistent + fuzzing mode is used and has a solid track record of uncovered security + bugs. + + Honggfuzz uses low-level interfaces to monitor processes and it will + discover and report hijacked/ignored signals from crashes. Feed it + a simple corpus directory (can even be empty for the feedback-driven + fuzzing), and it will work its way up, expanding it by utilizing + feedback-based coverage metrics. + ''; + homepage = "https://honggfuzz.dev/"; + license = lib.licenses.asl20; + platforms = [ "x86_64-linux" ]; + maintainers = with lib.maintainers; [ cpu chivay ]; }; -in honggfuzz +} diff --git a/nixpkgs/pkgs/tools/security/httpx/default.nix b/nixpkgs/pkgs/tools/security/httpx/default.nix index 0d87780cee49..de7060e69f19 100644 --- a/nixpkgs/pkgs/tools/security/httpx/default.nix +++ b/nixpkgs/pkgs/tools/security/httpx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "httpx"; - version = "1.2.0"; + version = "1.2.4"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "httpx"; rev = "v${version}"; - sha256 = "sha256-zNK/OBDo6cL0uZHosulusdOviYZMD2TCusE+0Mn330g="; + sha256 = "sha256-w4VELxmahqjfiMGXflSnhp5NKPi3HUucjxEUegljbVY="; }; - vendorSha256 = "sha256-a6Tpz4jPQbtiWt6OyDKy+xbRx6EBwADyqTkvBnyusdQ="; + vendorSha256 = "sha256-9zLZyXrLvxwwkTwtpKxdGftzCZISZ/al98VnPiaMqGA="; meta = with lib; { description = "Fast and multi-purpose HTTP toolkit"; diff --git a/nixpkgs/pkgs/tools/security/iaito/default.nix b/nixpkgs/pkgs/tools/security/iaito/default.nix new file mode 100644 index 000000000000..d8bfc9e4747c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/iaito/default.nix @@ -0,0 +1,70 @@ +{ lib +, stdenv +, fetchFromGitHub +, meson +, ninja +, pkg-config +, python3 +, qtbase +, qttools +, radare2 +, wrapQtAppsHook +, nix-update-script +}: + +# TODO MacOS support. +# TODO Build and install translations. + +stdenv.mkDerivation rec { + pname = "iaito"; + version = "5.7.2"; + + src = fetchFromGitHub { + owner = "radareorg"; + repo = pname; + rev = version; + sha256 = "sha256-5/G5wfdc6aua90XLP3B7Ruy8F3NTXzWfQE6yVDZ0rX8="; + }; + + nativeBuildInputs = [ meson ninja pkg-config python3 qttools wrapQtAppsHook ]; + + buildInputs = [ radare2 qtbase ]; + + postUnpack = '' + sourceRoot=$sourceRoot/src + ''; + + # TODO Fix version checking and version information for r2. + # Version checking always fails due to values being empty strings for some + # reason. Meanwhile, we can safely assume that radare2's runtime and + # compile-time implementations are the same and remove this check. + patches = [ ./remove-broken-version-check.patch ]; + + installPhase = '' + runHook preInstall + + install -m755 -Dt $out/bin iaito + install -m644 -Dt $out/share/metainfo $src/src/org.radare.iaito.appdata.xml + install -m644 -Dt $out/share/applications $src/src/org.radare.iaito.desktop + install -m644 -Dt $out/share/pixmaps $src/src/img/iaito-o.svg + + runHook postInstall + ''; + + passthru.updateScript = nix-update-script { + attrPath = pname; + }; + + meta = with lib; { + description = "An official graphical interface of radare2"; + longDescription = '' + iaito is the official graphical interface of radare2. It's the + continuation of Cutter for radare2 after the Rizin fork. + ''; + homepage = "https://radare.org/n/iaito.html"; + changelog = "https://github.com/radareorg/iaito/releases/tag/${src.rev}"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ azahi ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/iaito/remove-broken-version-check.patch b/nixpkgs/pkgs/tools/security/iaito/remove-broken-version-check.patch new file mode 100644 index 000000000000..7c4e3ef30ace --- /dev/null +++ b/nixpkgs/pkgs/tools/security/iaito/remove-broken-version-check.patch @@ -0,0 +1,54 @@ +diff --git i/IaitoApplication.cpp w/IaitoApplication.cpp +index 25b6a4e7..4cbde5c4 100644 +--- i/IaitoApplication.cpp ++++ w/IaitoApplication.cpp +@@ -33,27 +33,6 @@ + #include <R2GhidraDecompiler.h> + #endif + +-static bool versionCheck() { +- // Check r2 version +- QString a = r_core_version (); // runtime library version +- QString b = "" R2_GITTAP; // compiled version +- QStringList la = a.split("."); +- QStringList lb = b.split("."); +- if (la.size() < 2 && lb.size() < 2) { +- eprintf ("Invalid version string somwhere\n"); +- return false; +- } +- if (la.at(0) != lb.at(0)) { +- eprintf ("Major version differs\n"); +- return false; +- } +- if (la.at(1) != lb.at(1)) { +- eprintf ("Minor version differs\n"); +- return false; +- } +- return true; +-} +- + IaitoApplication::IaitoApplication(int &argc, char **argv) : QApplication(argc, argv) + { + // Setup application information +@@ -101,21 +80,6 @@ IaitoApplication::IaitoApplication(int &argc, char **argv) : QApplication(argc, + std::exit(1); + } + +- if (!versionCheck ()) { +- QMessageBox msg; +- msg.setIcon(QMessageBox::Critical); +- msg.setStandardButtons(QMessageBox::Yes | QMessageBox::No); +- msg.setWindowTitle(QObject::tr("Version mismatch!")); +- QString localVersion = r_core_version (); +- QString r2version = R2_GITTAP; +- msg.setText(QString( +- QObject::tr("The version used to compile Iaito (%1) does not match the binary version of radare2 (%2). This could result in unexpected behaviour. Are you sure you want to continue?")).arg( +- localVersion, r2version)); +- if (msg.exec() == QMessageBox::No) { +- std::exit(1); +- } +- } +- + #ifdef IAITO_ENABLE_PYTHON + // Init python + if (!clOptions.pythonHome.isEmpty()) { diff --git a/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix b/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix index 9e480d64d18e..522323e4e4a4 100644 --- a/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix +++ b/nixpkgs/pkgs/tools/security/ic-keysmith/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "keysmith"; - version = "1.6.0"; + version = "1.6.2"; src = fetchFromGitHub { owner = "dfinity"; repo = "keysmith"; rev = "v${version}"; - sha256 = "1z0sxirk71yabgilq8v5lz4nd2bbm1xyrd5zppif8k9jqhr6v3v3"; + sha256 = "sha256-+wYWIoPYc7qpTRS4Zlxp50Up8obZOmfQpiT0SWwVJE0="; }; - vendorSha256 = "1p0r15ihmnmrybf12cycbav80sdj2dv2kry66f4hjfjn6k8zb0dc"; + vendorSha256 = "sha256-rIH10TRWOgmJM8bnKXYTsmmAtlrMMxHc8rnaCmMJGdw="; meta = with lib; { description = "Hierarchical Deterministic Key Derivation for the Internet Computer"; diff --git a/nixpkgs/pkgs/tools/security/ioccheck/default.nix b/nixpkgs/pkgs/tools/security/ioccheck/default.nix index e936ab025fad..439567ecb038 100644 --- a/nixpkgs/pkgs/tools/security/ioccheck/default.nix +++ b/nixpkgs/pkgs/tools/security/ioccheck/default.nix @@ -6,6 +6,16 @@ let py = python3.override { packageOverrides = self: super: { + emoji = super.emoji.overridePythonAttrs (oldAttrs: rec { + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "carpedm20"; + repo = "emoji"; + rev = "v${version}"; + sha256 = "sha256-vKQ51RP7uy57vP3dOnHZRSp/Wz+YDzeLUR8JnIELE/I="; + }; + }); # Support for later tweepy releases is missing # https://github.com/ranguli/ioccheck/issues/70 @@ -64,7 +74,8 @@ buildPythonApplication rec { # Can be removed with the next release substituteInPlace pyproject.toml \ --replace '"hurry.filesize" = "^0.9"' "" \ - --replace 'vt-py = ">=0.6.1,<0.8.0"' 'vt-py = ">=0.6.1"' + --replace 'vt-py = ">=0.6.1,<0.8.0"' 'vt-py = ">=0.6.1"' \ + --replace 'backoff = "^1.10.0"' 'backoff = ">=1.10.0"' ''; pythonImportsCheck = [ diff --git a/nixpkgs/pkgs/tools/security/ipscan/default.nix b/nixpkgs/pkgs/tools/security/ipscan/default.nix index 1d1d4797a9bb..24e8470182bf 100644 --- a/nixpkgs/pkgs/tools/security/ipscan/default.nix +++ b/nixpkgs/pkgs/tools/security/ipscan/default.nix @@ -34,6 +34,7 @@ stdenv.mkDerivation rec { meta = with lib; { description = "Fast and friendly network scanner"; homepage = "https://angryip.org"; + sourceProvenance = with sourceTypes; [ binaryBytecode ]; license = licenses.gpl2; platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ kylesferrazza ]; diff --git a/nixpkgs/pkgs/tools/security/jadx/default.nix b/nixpkgs/pkgs/tools/security/jadx/default.nix index 2aadf1fb7b27..903dfa090f54 100644 --- a/nixpkgs/pkgs/tools/security/jadx/default.nix +++ b/nixpkgs/pkgs/tools/security/jadx/default.nix @@ -2,13 +2,13 @@ let pname = "jadx"; - version = "1.3.4"; + version = "1.4.3"; src = fetchFromGitHub { owner = "skylot"; repo = pname; rev = "v${version}"; - hash = "sha256-G2BgGhWk0Prbjni6HPZ/0+bWiC9uI2O13Q1SDCE5mBE="; + hash = "sha256-5Cx5rwXUNnVSbLjkpB6qeudRHI4RVzl6T4zo7Dg9geo="; }; deps = stdenv.mkDerivation { @@ -40,7 +40,7 @@ let ''; outputHashMode = "recursive"; - outputHash = "sha256-QZClHuj7oCUYX3I8B3A90m4zK7+FP24C19RIzYyPC1w="; + outputHash = "sha256-Q7eGZQJZObLyZlp8JyodA3gEAgfh7ub+BNQh/LEm2Nk="; }; in stdenv.mkDerivation { inherit pname version src; @@ -103,6 +103,10 @@ in stdenv.mkDerivation { Command line and GUI tools for produce Java source code from Android Dex and Apk files. ''; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; license = licenses.asl20; platforms = platforms.unix; maintainers = with maintainers; [ delroth ]; diff --git a/nixpkgs/pkgs/tools/security/jd-gui/default.nix b/nixpkgs/pkgs/tools/security/jd-gui/default.nix index 4e7a62374040..bfa4132ac025 100644 --- a/nixpkgs/pkgs/tools/security/jd-gui/default.nix +++ b/nixpkgs/pkgs/tools/security/jd-gui/default.nix @@ -102,6 +102,10 @@ in stdenv.mkDerivation rec { meta = with lib; { description = "Fast Java Decompiler with powerful GUI"; homepage = "https://java-decompiler.github.io/"; + sourceProvenance = with sourceTypes; [ + fromSource + binaryBytecode # deps + ]; license = licenses.gpl3; platforms = platforms.unix; maintainers = [ maintainers.thoughtpolice ]; diff --git a/nixpkgs/pkgs/tools/security/john/default.nix b/nixpkgs/pkgs/tools/security/john/default.nix index be6514630f56..9a3c03d6d2bc 100644 --- a/nixpkgs/pkgs/tools/security/john/default.nix +++ b/nixpkgs/pkgs/tools/security/john/default.nix @@ -1,5 +1,5 @@ -{ lib, stdenv, fetchurl, openssl, nss, nspr, libkrb5, gmp, zlib, libpcap, re2 -, gcc, python3Packages, perl, perlPackages, makeWrapper +{ lib, stdenv, fetchFromGitHub, openssl, nss, nspr, libkrb5, gmp, zlib, libpcap, re2 +, gcc, python3Packages, perl, perlPackages, makeWrapper, fetchpatch }: with lib; @@ -8,11 +8,21 @@ stdenv.mkDerivation rec { pname = "john"; version = "1.9.0-jumbo-1"; - src = fetchurl { - url = "http://www.openwall.com/john/k/${pname}-${version}.tar.xz"; - sha256 = "0fvz3v41hnaiv1ggpxanfykyfjq79cwp9qcqqn63vic357w27lgm"; + src = fetchFromGitHub { + owner = "openwall"; + repo = pname; + rev = "1.9.0-Jumbo-1"; + sha256 = "sha256-O1iPh5QTMjZ78sKvGbvSpaHFbBuVc1z49UKTbMa24Rs="; }; + patches = [ + (fetchpatch { + name = "fix-gcc-11-struct-allignment-incompatibility.patch"; + url = "https://github.com/openwall/john/commit/154ee1156d62dd207aff0052b04c61796a1fde3b.patch"; + sha256 = "sha256-3rfS2tu/TF+KW2MQiR+bh4w/FVECciTooDQNTHNw31A="; + }) + ]; + postPatch = '' sed -ri -e ' s!^(#define\s+CFG_[A-Z]+_NAME\s+).*/!\1"'"$out"'/etc/john/! @@ -69,8 +79,8 @@ stdenv.mkDerivation rec { meta = { description = "John the Ripper password cracker"; - license = licenses.gpl2; - homepage = "https://github.com/magnumripper/JohnTheRipper/"; + license = licenses.gpl2Plus; + homepage = "https://github.com/openwall/john/"; maintainers = with maintainers; [ offline matthewbauer ]; platforms = platforms.unix; }; diff --git a/nixpkgs/pkgs/tools/security/jsubfinder/default.nix b/nixpkgs/pkgs/tools/security/jsubfinder/default.nix new file mode 100644 index 000000000000..e182af68b95e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jsubfinder/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "jsubfinder"; + version = "unstable-2022-05-31"; + + src = fetchFromGitHub { + owner = "ThreatUnkown"; + repo = pname; + rev = "e21de1ebc174bb69485f1c224e8063c77d87e4ad"; + hash = "sha256-QjRYJyk0uFGa6FCCYK9SIJhoyam4ALsQJ26DsmbNk8s="; + }; + + vendorSha256 = "sha256-pr4KkszyzEl+yLJousx29tr7UZDJf0arEfXBb7eumww="; + + meta = with lib; { + description = "Tool to search for in Javascript hidden subdomains and secrets"; + homepage = "https://github.com/ThreatUnkown/jsubfinder"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix index 77e5ce08913e..20c172fc5017 100644 --- a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "jwt-cli"; - version = "5.0.2"; + version = "5.0.3"; src = fetchFromGitHub { owner = "mike-engel"; repo = pname; rev = version; - sha256 = "0w7fqmh8gihknvdamnq1n519253d4lxrpv378jajca9x906rqy1r"; + sha256 = "01aqqjynfcrn3m36hfjwcfh870imcd0hj5gifxzpnjiqjwpvys59"; }; - cargoSha256 = "0b7m23azy8cb8d5wkawnw6nv8k7lfnfwc06swmbkfvg8vcxfsacs"; + cargoSha256 = "1n4gmqmi975cd2zyrf0yi4gbxjjg9f99xa191mgmrdyyij7id3cf"; buildInputs = lib.optional stdenv.isDarwin Security; @@ -27,5 +27,6 @@ rustPlatform.buildRustPackage rec { homepage = "https://github.com/mike-engel/jwt-cli"; license = with licenses; [ mit ]; maintainers = with maintainers; [ rycee ]; + mainProgram = "jwt"; }; } diff --git a/nixpkgs/pkgs/tools/security/jwt-hack/default.nix b/nixpkgs/pkgs/tools/security/jwt-hack/default.nix new file mode 100644 index 000000000000..975d93d61da1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/jwt-hack/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "jwt-hack"; + version = "1.1.2"; + + src = fetchFromGitHub { + owner = "hahwul"; + repo = pname; + rev = "v${version}"; + hash = "sha256-K0ZtEi0zAKRlIGvorrXmtmkcMvyLIXWPnVMQANZbClk="; + }; + + vendorSha256 = "sha256-VYh3oRy8bmtXf6AnLNi/M2kA6t+crW3AXBiGovpdt8U="; + + meta = with lib; { + description = "Tool for attacking JWT"; + homepage = "https://github.com/hahwul/jwt-hack"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kbs2/default.nix b/nixpkgs/pkgs/tools/security/kbs2/default.nix index beaa06fd8360..acda29b53ac8 100644 --- a/nixpkgs/pkgs/tools/security/kbs2/default.nix +++ b/nixpkgs/pkgs/tools/security/kbs2/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "kbs2"; - version = "0.5.1"; + version = "0.6.0"; src = fetchFromGitHub { owner = "woodruffw"; repo = pname; rev = "v${version}"; - sha256 = "sha256-GKjumkeo7aAYaECa6NoXCiXU2kqekBX3wCysRz8seW4="; + sha256 = "sha256-clbd4xHHGpFIr4s3Jocw4oQ3GbyGWMxZEVgj6JpVK94="; }; - cargoSha256 = "sha256-rJ110kd18V2VGj0AHix3/vI09FG2kJ+TTOYKIthIrjQ="; + cargoSha256 = "sha256-gfrC9TOs/Vz3K1gVr6MJ1QAKCE5WOD8VZ/tjOw3Y1uI="; nativeBuildInputs = [ installShellFiles ] ++ lib.optionals stdenv.isLinux [ python3 ]; @@ -30,10 +30,10 @@ rustPlatform.buildRustPackage rec { postInstall = '' mkdir -p $out/share/kbs2 cp -r contrib/ $out/share/kbs2 - for shell in bash fish zsh; do - $out/bin/kbs2 --completions $shell > kbs2.$shell - installShellCompletion kbs2.$shell - done + installShellCompletion --cmd kbs2 \ + --bash <($out/bin/kbs2 --completions bash) \ + --fish <($out/bin/kbs2 --completions fish) \ + --zsh <($out/bin/kbs2 --completions zsh) ''; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/kdigger/default.nix b/nixpkgs/pkgs/tools/security/kdigger/default.nix new file mode 100644 index 000000000000..b552499b10ec --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kdigger/default.nix @@ -0,0 +1,74 @@ +{ lib +, stdenv +, buildGoModule +, fetchFromGitHub +, installShellFiles +}: + +buildGoModule rec { + pname = "kdigger"; + version = "1.2.1"; + + src = fetchFromGitHub { + owner = "quarkslab"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-xNOfxJJa0KbrxP1YRDEhnJEmKmpWzXchJWZ/2StR2O0="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; + }; + vendorSha256 = "sha256-3vn3MsE/4lBw89wgYgzm0RuJJ5RQTkgS6O74PpfFcUk="; + + nativeBuildInputs = [ installShellFiles ]; + + # static to be easily copied into containers since it's an in-pod pen-testing tool + CGO_ENABLED = 0; + + ldflags = [ + "-s" + "-w" + "-X github.com/quarkslab/kdigger/commands.VERSION=v${version}" + "-X github.com/quarkslab/kdigger/commands.BUILDERARCH=${stdenv.hostPlatform.linuxArch}" + ]; + + preBuild = '' + ldflags+=" -X github.com/quarkslab/kdigger/commands.GITCOMMIT=$(cat COMMIT)" + ''; + + postInstall = '' + installShellCompletion --cmd kdigger \ + --bash <($out/bin/kdigger completion bash) \ + --fish <($out/bin/kdigger completion fish) \ + --zsh <($out/bin/kdigger completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/kdigger --help + + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/quarkslab/kdigger"; + changelog = "https://github.com/quarkslab/kdigger/releases/tag/v${version}"; + description = "An in-pod context discovery tool for Kubernetes penetration testing"; + longDescription = '' + kdigger, short for "Kubernetes digger", is a context discovery tool for + Kubernetes penetration testing. This tool is a compilation of various + plugins called buckets to facilitate pentesting Kubernetes from inside a + pod. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix index 1f53dc2a8aec..afc2eadb63fc 100644 --- a/nixpkgs/pkgs/tools/security/keybase/default.nix +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -5,7 +5,7 @@ buildGoModule rec { pname = "keybase"; - version = "5.9.3"; + version = "6.0.2"; modRoot = "go"; subPackages = [ "kbnm" "keybase" ]; @@ -16,9 +16,9 @@ buildGoModule rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "sha256-vPQ1hBd33DwsW0b79kNH1yd7mrwkoftIYFgmMVxC+78="; + sha256 = "sha256-JiYufEsoj/98An2qKdm/Uu4YHJr6ttc/VHn4kMgkuwI="; }; - vendorSha256 = "sha256-ckAnSSSEF00gbgxnPAi2Pi8TNu3nmAahK7TP6HnfmNo="; + vendorSha256 = "sha256-D8b/pvmBGCnaRuf92FYgRcSSbN59Yu0CHKxAybdYjS4="; patches = [ (substituteAll { diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix index f5147e17ac5e..6b218de45dc2 100644 --- a/nixpkgs/pkgs/tools/security/keybase/gui.nix +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -4,16 +4,16 @@ , runtimeShell, gsettings-desktop-schemas }: let - versionSuffix = "20220216215910.c82d65a685"; + versionSuffix = "20220610191041.a459abf326"; in stdenv.mkDerivation rec { pname = "keybase-gui"; - version = "5.9.3"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages + version = "6.0.2"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages src = fetchurl { url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb"; - hash = "sha256-JY2DaqApv6K02y3B+JIXpV4SvvMQpBhw9eqr/5Sn0cg="; + hash = "sha256-FMhbMSuJHq5d5E0dTVAk02y85UXmhtKZYk4qcbnhRxI="; }; nativeBuildInputs = [ @@ -111,6 +111,7 @@ stdenv.mkDerivation rec { description = "The Keybase official GUI"; platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np Br1ght0ne shofius ]; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.bsd3; }; } diff --git a/nixpkgs/pkgs/tools/security/kube-bench/default.nix b/nixpkgs/pkgs/tools/security/kube-bench/default.nix new file mode 100644 index 000000000000..fcad20c651f2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kube-bench/default.nix @@ -0,0 +1,48 @@ +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: + +buildGoModule rec { + pname = "kube-bench"; + version = "0.6.9"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-bKgUnkfOWcX3/JdspEjNhFqS2dMlwEcVffIqNfS6FEU="; + }; + vendorSha256 = "sha256-f/B9E9Ot9njop04PKh0XYG1DnWKBRsVi4XHQNmZeQho="; + + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/aquasecurity/kube-bench/cmd.KubeBenchVersion=v${version}" + ]; + + postInstall = '' + mkdir -p $out/share/kube-bench/ + mv ./cfg $out/share/kube-bench/ + + installShellCompletion --cmd kube-bench \ + --bash <($out/bin/kube-bench completion bash) \ + --fish <($out/bin/kube-bench completion fish) \ + --zsh <($out/bin/kube-bench completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/kube-bench --help + $out/bin/kube-bench version | grep "v${version}" + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://github.com/aquasecurity/kube-bench"; + changelog = "https://github.com/aquasecurity/kube-bench/releases/tag/v${version}"; + description = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark"; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kube-hunter/default.nix b/nixpkgs/pkgs/tools/security/kube-hunter/default.nix index cbd4e4e3150f..e082b3d217e8 100644 --- a/nixpkgs/pkgs/tools/security/kube-hunter/default.nix +++ b/nixpkgs/pkgs/tools/security/kube-hunter/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "kube-hunter"; - version = "0.6.5"; + version = "0.6.8"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-2pmViizQLwyTdP6J92ynvdIdqkfgc6SIhsll85g9pHA="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-+M8P/VSF9SKPvq+yNPjokyhggY7hzQ9qLLhkiTNbJls="; }; nativeBuildInputs = with python3.pkgs; [ @@ -21,7 +21,6 @@ python3.pkgs.buildPythonApplication rec { propagatedBuildInputs = with python3.pkgs; [ netaddr netifaces - scapy requests prettytable urllib3 diff --git a/nixpkgs/pkgs/tools/security/kubeaudit/default.nix b/nixpkgs/pkgs/tools/security/kubeaudit/default.nix index 76cf9f65c36c..2c9d32501ce9 100644 --- a/nixpkgs/pkgs/tools/security/kubeaudit/default.nix +++ b/nixpkgs/pkgs/tools/security/kubeaudit/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "kubeaudit"; - version = "0.16.0"; + version = "0.19.0"; src = fetchFromGitHub { owner = "Shopify"; repo = pname; - rev = version; - sha256 = "sha256-AIvH9HF0Ha1b+NZiJmiT6beYuKnCqJMXKzDFUzV9J4c="; + rev = "v${version}"; + hash = "sha256-exJGjFeqk3hM52Zgfs+2JEVdzVZf79ZRQH2krusiw8c="; }; - vendorSha256 = "sha256-XrEzkhQU/KPElQNgCX6yWDMQXZSd3lRXmUDJpsj5ACY="; + vendorSha256 = "sha256-hi83C05eEXqQ6kMGv6n/fjsYAXveyVRqKZds5iv8Oio="; postInstall = '' mv $out/bin/cmd $out/bin/$pname diff --git a/nixpkgs/pkgs/tools/security/kubescape/default.nix b/nixpkgs/pkgs/tools/security/kubescape/default.nix index e881fad4a929..e8c9aa896e77 100644 --- a/nixpkgs/pkgs/tools/security/kubescape/default.nix +++ b/nixpkgs/pkgs/tools/security/kubescape/default.nix @@ -6,37 +6,67 @@ buildGoModule rec { pname = "kubescape"; - version = "2.0.149"; + version = "2.0.161"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; - hash = "sha256-m6tJjC5BXxFC+bSOHbKXXGZQlJIM0+fIA+JYWBntgk8="; + hash = "sha256-rsO6ZTQg5fmpp+5Zx36tQnDW1vf2k+FCI3cFbGZifVM="; }; + vendorSha256 = "sha256-EinrVdGdYroh0X/ACAVD2gw4k0jrPHQ3Ucb3TUYKd8Q="; nativeBuildInputs = [ installShellFiles ]; - vendorSha256 = "sha256-vplHaaT7x0ZSpvityJF5aGKDARvGPBT9DMltOpUkOMo="; - ldflags = [ "-s" "-w" - "-X github.com/armosec/kubescape/clihandler/cmd.BuildNumber=v${version}" + "-X github.com/armosec/kubescape/v2/core/cautils.BuildNumber=v${version}" ]; + subPackages = [ "." ]; + + preCheck = '' + # Feed in all but the integration tests for testing + # This is because subPackages above limits what is built to just what we + # want but also limits the tests + # Skip httphandler tests - the checkPhase doesn't care about excludedPackages + getGoDirs() { + go list ./... | grep -v httphandler + } + + # remove tests that use networking + rm core/pkg/resourcehandler/urlloader_test.go + + # remove tests that use networking + substituteInPlace core/pkg/resourcehandler/repositoryscanner_test.go \ + --replace "TestScanRepository" "SkipScanRepository" \ + --replace "TestGit" "SkipGit" + + # remove test that requires networking + substituteInPlace core/cautils/scaninfo_test.go \ + --replace "TestSetContextMetadata" "SkipSetContextMetadata" + ''; + postInstall = '' - # Running kubescape to generate completions outputs error warnings - # but does not crash and completes successfully - # https://github.com/armosec/kubescape/issues/200 installShellCompletion --cmd kubescape \ --bash <($out/bin/kubescape completion bash) \ --fish <($out/bin/kubescape completion fish) \ --zsh <($out/bin/kubescape completion zsh) ''; + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/kubescape --help + # `--version` vs `version` shows the version without checking for latest + # if the flag is missing the BuildNumber may have moved + $out/bin/kubescape --version | grep "v${version}" + runHook postInstallCheck + ''; + meta = with lib; { description = "Tool for testing if Kubernetes is deployed securely"; homepage = "https://github.com/armosec/kubescape"; diff --git a/nixpkgs/pkgs/tools/security/kubesec/default.nix b/nixpkgs/pkgs/tools/security/kubesec/default.nix index 001e851912a7..9a3e2df02b1d 100644 --- a/nixpkgs/pkgs/tools/security/kubesec/default.nix +++ b/nixpkgs/pkgs/tools/security/kubesec/default.nix @@ -1,29 +1,54 @@ { lib , buildGoModule , fetchFromGitHub +, installShellFiles }: buildGoModule rec { pname = "kubesec"; - version = "2.11.4"; + version = "2.11.5"; src = fetchFromGitHub { owner = "controlplaneio"; repo = pname; rev = "v${version}"; - sha256 = "sha256-z1v+xm0ZWs8F5KtltBSDx9W+xNqRsfvAgQUKgrZa+28="; + sha256 = "sha256-SxXYtIoyKe9/M3Ct1qy2QC6pYpt9GOefGsC5nUCoTEA="; }; + vendorSha256 = "sha256-pq4s/Rqu1I1nrTxy5Cn1rt5HO6z7ziKz/9LLpXLYpPc="; - vendorSha256 = "sha256-t2GZaLa/Pc/TCjqTNGuLnOFSepExmE2xA8pc9HkUtcs="; + nativeBuildInputs = [ installShellFiles ]; + + ldflags = [ + "-s" + "-w" + "-X github.com/controlplaneio/kubesec/v${lib.versions.major version}/cmd.version=v${version}" + ]; # Tests wants to download the kubernetes schema for use with kubeval doCheck = false; + postInstall = '' + installShellCompletion --cmd kubesec \ + --bash <($out/bin/kubesec completion bash) \ + --fish <($out/bin/kubesec completion fish) \ + --zsh <($out/bin/kubesec completion zsh) + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/kubesec --help + $out/bin/kubesec version | grep "${version}" + + runHook postInstallCheck + ''; + meta = with lib; { description = "Security risk analysis tool for Kubernetes resources"; homepage = "https://github.com/controlplaneio/kubesec"; changelog = "https://github.com/controlplaneio/kubesec/blob/v${version}/CHANGELOG.md"; license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab ]; + maintainers = with maintainers; [ fab jk ]; }; } diff --git a/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix b/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix index 3da3342e3794..14a6ef750e3a 100644 --- a/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/lastpass-cli/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , fetchFromGitHub +, fetchpatch , asciidoc , cmake , docbook_xsl @@ -23,6 +24,16 @@ stdenv.mkDerivation rec { sha256 = "168jg8kjbylfgalhicn0llbykd7kdc9id2989gg0nxlgmnvzl58a"; }; + patches = [ + # Pull fix pending upstream inclusion for -fno-common toolchains: + # https://github.com/lastpass/lastpass-cli/pull/576 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/lastpass/lastpass-cli/commit/e3311cebdb29a3267843cf656a32f01c5062897e.patch"; + sha256 = "1yjx2p98nb3n8ywc9lhf2zal5fswawb5i6lgnicdin23zngff5l8"; + }) + ]; + nativeBuildInputs = [ asciidoc cmake docbook_xsl pkg-config ]; buildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/ldapmonitor/default.nix b/nixpkgs/pkgs/tools/security/ldapmonitor/default.nix new file mode 100644 index 000000000000..83035de4d20c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ldapmonitor/default.nix @@ -0,0 +1,40 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ldapmonitor"; + version = "1.3"; + format = "other"; + + src = fetchFromGitHub { + owner = "p0dalirius"; + repo = pname; + rev = version; + hash = "sha256-lwTXvrnOVodCUQtR8FmCXiPuZ1Wx1ySfDKghpLXNuI4="; + }; + + sourceRoot = "${src.name}/python"; + + propagatedBuildInputs = with python3.pkgs; [ + impacket + ldap + ldap3 + ]; + + installPhase = '' + runHook preInstall + + install -vD pyLDAPmonitor.py $out/bin/ldapmonitor + + runHook postInstall + ''; + + meta = with lib; { + description = "Tool to monitor creation, deletion and changes to LDAP objects"; + homepage = "https://github.com/p0dalirius/LDAPmonitor"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/lethe/default.nix b/nixpkgs/pkgs/tools/security/lethe/default.nix index 502757262787..4af9466a3db2 100644 --- a/nixpkgs/pkgs/tools/security/lethe/default.nix +++ b/nixpkgs/pkgs/tools/security/lethe/default.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "lethe"; - version = "0.6.1"; + version = "0.7.0"; src = fetchFromGitHub { owner = "kostassoid"; repo = pname; rev = "v${version}"; - sha256 = "sha256-0UYUzef7ja8nc2zs7eWqqXQfVVbEJEH9/NRRHVkvkYk="; + sha256 = "sha256-uMpqN9xgA0S861JChfJebU6azxJN8ScftmX8yJV8NM8="; }; - cargoSha256 = "sha256-suE8USKTZECVlTX4Wpz3vapo/Wmn7qaC3eyAJ3gmzqk="; + cargoSha256 = "sha256-GeZ/25ZaD/vyQo02SUt1JtNUL2QCg0varOJC1M3Ji9s="; buildInputs = lib.optional stdenv.isDarwin Security; diff --git a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix index 4ba294e42f26..177b7574f63a 100644 --- a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix +++ b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix @@ -1,34 +1,35 @@ { lib, stdenv, fetchFromGitHub , autoreconfHook, bison, flex, pkg-config -, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre -, ssdeep, valgrind, yajl +, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre, pcre2, ssdeep, yajl , nixosTests }: stdenv.mkDerivation rec { pname = "libmodsecurity"; - version = "3.0.6"; + version = "3.0.7"; src = fetchFromGitHub { owner = "SpiderLabs"; repo = "ModSecurity"; rev = "v${version}"; - sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg="; + sha256 = "sha256-Xf+wtYg0ZKgP5qo891fCMML/7tgSM/fvBdrmsgJixY4="; fetchSubmodules = true; }; nativeBuildInputs = [ autoreconfHook bison flex pkg-config ]; - buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ]; + buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre pcre2 ssdeep yajl ]; outputs = [ "out" "dev" ]; configureFlags = [ "--enable-parser-generation" + "--disable-doxygen-doc" "--with-curl=${curl.dev}" "--with-libxml=${libxml2.dev}" "--with-lmdb=${lmdb.out}" "--with-maxmind=${libmaxminddb}" "--with-pcre=${pcre.dev}" + "--with-pcre2=${pcre2.out}" "--with-ssdeep=${ssdeep}" ]; @@ -36,6 +37,10 @@ stdenv.mkDerivation rec { substituteInPlace build/lmdb.m4 \ --replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \ --replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\"" + substituteInPlace build/pcre2.m4 \ + --replace "/usr/local/pcre2" "${pcre2.out}/lib" \ + --replace "\''${path}/include/pcre2.h" "${pcre2.dev}/include/pcre2.h" \ + --replace "pcre2_inc_path=\"\''${path}/include\"" "pcre2_inc_path=\"${pcre2.dev}/include\"" substituteInPlace build/ssdeep.m4 \ --replace "/usr/local/libfuzzy" "${ssdeep}/lib" \ --replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \ diff --git a/nixpkgs/pkgs/tools/security/libtpms/default.nix b/nixpkgs/pkgs/tools/security/libtpms/default.nix index 2042ec30fff6..558c0fd0c37a 100644 --- a/nixpkgs/pkgs/tools/security/libtpms/default.nix +++ b/nixpkgs/pkgs/tools/security/libtpms/default.nix @@ -7,13 +7,13 @@ stdenv.mkDerivation rec { pname = "libtpms"; - version = "0.9.3"; + version = "0.9.5"; src = fetchFromGitHub { owner = "stefanberger"; repo = "libtpms"; rev = "v${version}"; - sha256 = "sha256-ih154MtLWBUdo7+ugu6tg5O/XSjlgFC00wgWC71VeaE="; + sha256 = "sha256-gA3tXsrJgk0WCI2rKy81f3PrGu/Ml1WExJ0P9AzLQ+c="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/linux-exploit-suggester/default.nix b/nixpkgs/pkgs/tools/security/linux-exploit-suggester/default.nix new file mode 100644 index 000000000000..9744c416bb74 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/linux-exploit-suggester/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenvNoCC, fetchFromGitHub }: + +stdenvNoCC.mkDerivation rec { + pname = "linux-exploit-suggester"; + version = "unstable-2022-04-01"; + + src = fetchFromGitHub { + owner = "mzet-"; + repo = pname; + rev = "54a5c01497d6655be88f6262ccad5bc5a5e4f4ec"; + sha256 = "v0Q8O+aaXEqwWAwGP/u5Nkm4DzM6nM11GI4XbK2PeWM="; + }; + + installPhase = '' + runHook preInstall + + install -Dm755 linux-exploit-suggester.sh $out/bin/${pname} + + runHook postInstall + ''; + + meta = with lib; { + description = "Tool designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machine"; + homepage = "https://github.com/mzet-/linux-exploit-suggester"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ emilytrau ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/logkeys/default.nix b/nixpkgs/pkgs/tools/security/logkeys/default.nix index 7cd6b5fd194b..a0c6e0a5f628 100644 --- a/nixpkgs/pkgs/tools/security/logkeys/default.nix +++ b/nixpkgs/pkgs/tools/security/logkeys/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation { sha256 = "1k6kj0913imwh53lh6hrhqmrpygqg2h462raafjsn7gbd3vkgx8n"; }; - buildInputs = [ autoconf automake which procps kbd ]; + nativeBuildInputs = [ autoconf automake ]; + buildInputs = [ which procps kbd ]; postPatch = '' substituteInPlace src/Makefile.am --replace 'root' '$(id -u)' diff --git a/nixpkgs/pkgs/tools/security/lynis/default.nix b/nixpkgs/pkgs/tools/security/lynis/default.nix index 3c198e9b7010..17e70a3113c7 100644 --- a/nixpkgs/pkgs/tools/security/lynis/default.nix +++ b/nixpkgs/pkgs/tools/security/lynis/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "lynis"; - version = "3.0.7"; + version = "3.0.8"; src = fetchFromGitHub { owner = "CISOfy"; repo = pname; rev = version; - sha256 = "sha256-tO9/egY4eNwQpCZU0zx8G3k4UYsf7S3tUdr6pCMTAWU="; + sha256 = "sha256-fPQX/Iz+dc3nF3xMPt0bek4JC2XSHe4aC4O0tZwLf6Y="; }; nativeBuildInputs = [ installShellFiles makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/maigret/default.nix b/nixpkgs/pkgs/tools/security/maigret/default.nix index 316fbad81ba2..05ea8dcf3df8 100644 --- a/nixpkgs/pkgs/tools/security/maigret/default.nix +++ b/nixpkgs/pkgs/tools/security/maigret/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "maigret"; - version = "0.4.1"; + version = "0.4.3"; src = fetchFromGitHub { owner = "soxoj"; repo = pname; - rev = "v${version}"; - sha256 = "0igfxg238awdn1ly8s3r655yi3gpxink7g2hr6xb0c1nrm7z0kad"; + rev = "refs/tags/v${version}"; + sha256 = "sha256-0Ni4rXVu3ZQyHBvD3IpV0i849CnumLj+n6/g4sMhHEs="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -63,12 +63,17 @@ python3.pkgs.buildPythonApplication rec { postPatch = '' # Remove all version pinning sed -i -e "s/==[0-9.]*//" requirements.txt + # We are not build for Python < 3.7 - sed -i -e '/future-annotations/d' requirements.txt - # We can't work with dummy packages - sed -i -e 's/bs4/beautifulsoup4/g' requirements.txt + substituteInPlace requirements.txt \ + --replace "future-annotations" "" ''; + pytestFlagsArray = [ + # DeprecationWarning: There is no current event loop + "-W ignore::DeprecationWarning" + ]; + disabledTests = [ # Tests require network access "test_extract_ids_from_page" diff --git a/nixpkgs/pkgs/tools/security/medusa/default.nix b/nixpkgs/pkgs/tools/security/medusa/default.nix index 43a30aad8255..7c2174c52332 100644 --- a/nixpkgs/pkgs/tools/security/medusa/default.nix +++ b/nixpkgs/pkgs/tools/security/medusa/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, pkg-config, freerdp, openssl, libssh2 }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, freerdp, openssl, libssh2 }: stdenv.mkDerivation rec { pname = "medusa-unstable"; @@ -11,6 +11,16 @@ stdenv.mkDerivation rec { sha256 = "0njlz4fqa0165wdmd5y8lfnafayf3c4la0r8pf3hixkdwsss1509"; }; + patches = [ + # Pull upstream fix for -fno-common tollchains like gcc-10: + # https://github.com/jmk-foofus/medusa/pull/36 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/jmk-foofus/medusa/commit/a667656ad085b3eb95309932666c250d97a92767.patch"; + sha256 = "01marqqhjd3qwar3ymp50y1h2im5ilgpaxk7wrc2kcxgmzvbdfxc"; + }) + ]; + outputs = [ "out" "man" ]; configureFlags = [ "--enable-module-ssh=yes" ]; diff --git a/nixpkgs/pkgs/tools/security/melt/default.nix b/nixpkgs/pkgs/tools/security/melt/default.nix index 846b70b87538..065a5fd4d696 100644 --- a/nixpkgs/pkgs/tools/security/melt/default.nix +++ b/nixpkgs/pkgs/tools/security/melt/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "melt"; - version = "0.2.0"; + version = "0.4.1"; src = fetchFromGitHub { owner = "charmbracelet"; repo = "melt"; rev = "v${version}"; - sha256 = "sha256-HambmUodAwgi1/r/Nj7P7gXNK5pyBO3omMZ9ZvSK7cc=4"; + sha256 = "sha256-C5bvlgyHU4lfmaAjNddnVyB2B41Wq7yO/RmARAeaORw="; }; - vendorSha256 = "sha256-1f3QBbWaTiplEp/4ihds1PwrEnoq/81TzlT46TufGFs="; + vendorSha256 = "sha256-9LTR7CrTBGAh7TPMQenY4vZQ7KMYv02fDsY51pkJZSo="; ldflags = [ "-s" "-w" "-X=main.Version=${version}" ]; diff --git a/nixpkgs/pkgs/tools/security/meo/default.nix b/nixpkgs/pkgs/tools/security/meo/default.nix deleted file mode 100644 index 491bef3e0543..000000000000 --- a/nixpkgs/pkgs/tools/security/meo/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ lib, stdenv, fetchhg, openssl, pcre-cpp, qt4, boost, pkcs11helper }: - -stdenv.mkDerivation { - pname = "meo"; - version = "unstable-2012-11-13"; - - src = fetchhg { - url = "http://oss.stamfest.net/hg/meo"; - rev = "b48e5f16cff8"; - sha256 = "0ifg7y28s89i9gwda6fyj1jbrykbcvq8bf1m6rxmdcv5afi3arbq"; - }; - - buildFlags = [ "QMAKE=qmake" ]; - - buildInputs = [ openssl pcre-cpp qt4 boost pkcs11helper ]; - - preConfigure = '' - sed -i s,-mt$,, meo-gui/meo-gui.pro - ''; - - installPhase = '' - mkdir -p $out/bin - cp tools/{meo,p11} $out/bin - cp meo-gui/meo-gui $out/bin - cp meo-gui/meo-gui $out/bin - ''; - - meta = with lib; { - homepage = "http://oss.stamfest.net/wordpress/meo-multiple-eyepairs-only"; - description = "Tools to use cryptography for things like four-eyes principles"; - license = licenses.agpl3Plus; - maintainers = with maintainers; [ viric ]; - platforms = platforms.linux; - broken = true; - }; -} diff --git a/nixpkgs/pkgs/tools/security/metabigor/default.nix b/nixpkgs/pkgs/tools/security/metabigor/default.nix index 4e03e11f4985..fe0b150bc8d0 100644 --- a/nixpkgs/pkgs/tools/security/metabigor/default.nix +++ b/nixpkgs/pkgs/tools/security/metabigor/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "metabigor"; - version = "1.10"; + version = "1.12.1"; src = fetchFromGitHub { owner = "j3ssie"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ADpnSsGZQbXaSGidPmxwkQOl+P8ZupqRaDUh7t+XoDw="; + sha256 = "sha256-T1P+jAAsKObKRaoxH8c/DMEfXtmSrvnDd5Y3ocKcCSc="; }; - vendorSha256 = "sha256-la7bgeimycltFB7l6vNBYdlBIv4kD+HX7f2mo+eZhXM="; + vendorSha256 = "sha256-V+72l2TvhEWgDg7kvn5OOjYcyEgWGLgTGnt58Bu+AEQ="; # Disabled for now as there are some failures ("undefined:") doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index 992e5c84fdfe..3df96f282baf 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.35" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.2.13" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index c3fd51f14b7f..d6a3bb6991fa 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: c1efca37c6e967103978915618efa41515134ea1 - ref: refs/tags/6.1.35 + revision: 6241267e515db4b2902831fda1bc41773fb24529 + ref: refs/tags/6.2.13 specs: - metasploit-framework (6.1.35) + metasploit-framework (6.2.13) actionpack (~> 6.0) activerecord (~> 6.0) activesupport (~> 6.0) @@ -20,6 +20,7 @@ GIT eventmachine faker faraday + faraday-retry faye-websocket filesize hrr_rb_ssh-ed25519 @@ -31,13 +32,14 @@ GIT metasploit-concern metasploit-credential metasploit-model - metasploit-payloads (= 2.0.77) + metasploit-payloads (= 2.0.94) metasploit_data_models metasploit_payloads-mettle (= 1.0.18) mqtt msgpack nessus_rest net-ldap + net-smtp net-ssh network_interface nexpose @@ -75,7 +77,7 @@ GIT rex-text rex-zip ruby-macho - ruby_smb (~> 3.0) + ruby_smb (~> 3.1.0) rubyntlm rubyzip sinatra @@ -98,25 +100,25 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actionpack (6.1.5) - actionview (= 6.1.5) - activesupport (= 6.1.5) + actionpack (6.1.6.1) + actionview (= 6.1.6.1) + activesupport (= 6.1.6.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (6.1.5) - activesupport (= 6.1.5) + actionview (6.1.6.1) + activesupport (= 6.1.6.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (6.1.5) - activesupport (= 6.1.5) - activerecord (6.1.5) - activemodel (= 6.1.5) - activesupport (= 6.1.5) - activesupport (6.1.5) + activemodel (6.1.6.1) + activesupport (= 6.1.6.1) + activerecord (6.1.6.1) + activemodel (= 6.1.6.1) + activesupport (= 6.1.6.1) + activesupport (6.1.6.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -128,36 +130,37 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.570.0) - aws-sdk-core (3.130.0) + aws-partitions (1.619.0) + aws-sdk-core (3.132.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) - jmespath (~> 1.0) - aws-sdk-ec2 (1.304.0) + jmespath (~> 1, >= 1.6.1) + aws-sdk-ec2 (1.328.0) aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.68.0) + aws-sdk-iam (1.69.0) aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.55.0) + aws-sdk-kms (1.58.0) aws-sdk-core (~> 3, >= 3.127.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.113.0) + aws-sdk-s3 (1.114.0) aws-sdk-core (~> 3, >= 3.127.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.4) - aws-sigv4 (1.4.0) + aws-sigv4 (1.5.1) aws-eventstream (~> 1, >= 1.0.2) - bcrypt (3.1.17) + bcrypt (3.1.18) bcrypt_pbkdf (1.1.0) bindata (2.4.10) - bson (4.14.1) + bson (4.15.0) builder (3.2.4) concurrent-ruby (1.0.5) cookiejar (0.3.3) crass (1.0.6) daemons (1.4.1) + digest (3.1.0) dnsruby (1.61.9) simpleidn (~> 0.1) domain_name (0.5.20190701) @@ -171,33 +174,16 @@ GEM http_parser.rb (>= 0.6.0) em-socksify (0.3.2) eventmachine (>= 1.0.0.beta.4) - erubi (1.10.0) + erubi (1.11.0) eventmachine (1.2.7) - faker (2.20.0) + faker (2.22.0) i18n (>= 1.8.11, < 2) - faraday (1.10.0) - faraday-em_http (~> 1.0) - faraday-em_synchrony (~> 1.0) - faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0) - faraday-multipart (~> 1.0) - faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.0) - faraday-patron (~> 1.0) - faraday-rack (~> 1.0) - faraday-retry (~> 1.0) + faraday (2.5.2) + faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) - faraday-em_http (1.0.0) - faraday-em_synchrony (1.0.0) - faraday-excon (1.1.0) - faraday-httpclient (1.0.1) - faraday-multipart (1.0.3) - multipart-post (>= 1.2, < 3) - faraday-net_http (1.0.1) - faraday-net_http_persistent (1.2.0) - faraday-patron (1.0.0) - faraday-rack (1.0.0) - faraday-retry (1.0.3) + faraday-net_http (3.0.0) + faraday-retry (2.0.0) + faraday (~> 2.0) faye-websocket (0.11.1) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) @@ -205,18 +191,19 @@ GEM filesize (0.2.0) gssapi (1.3.1) ffi (>= 1.0.1) - gyoku (1.3.1) + gyoku (1.4.0) builder (>= 2.1.2) + rexml (~> 3.0) hashery (2.1.2) hrr_rb_ssh (0.4.2) hrr_rb_ssh-ed25519 (0.4.2) ed25519 (~> 1.2) hrr_rb_ssh (>= 0.4) - http-cookie (1.0.4) + http-cookie (1.0.5) domain_name (~> 0.5) http_parser.rb (0.8.0) httpclient (2.8.3) - i18n (1.10.0) + i18n (1.12.0) concurrent-ruby (~> 1.0) io-console (0.5.11) irb (1.3.6) @@ -224,20 +211,20 @@ GEM jmespath (1.6.1) jsobfu (0.4.2) rkelly-remix - json (2.6.1) + json (2.6.2) little-plugger (1.1.4) - logging (2.3.0) + logging (2.3.1) little-plugger (~> 1.1) multi_json (~> 1.14) - loofah (2.15.0) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.5) - metasploit-concern (4.0.3) + metasploit-concern (4.0.4) activemodel (~> 6.0) activesupport (~> 6.0) railties (~> 6.0) - metasploit-credential (5.0.5) + metasploit-credential (5.0.8) metasploit-concern metasploit-model metasploit_data_models (>= 5.0.0) @@ -247,12 +234,12 @@ GEM rex-socket rubyntlm rubyzip - metasploit-model (4.0.3) + metasploit-model (4.0.6) activemodel (~> 6.0) activesupport (~> 6.0) railties (~> 6.0) - metasploit-payloads (2.0.77) - metasploit_data_models (5.0.4) + metasploit-payloads (2.0.94) + metasploit_data_models (5.0.5) activerecord (~> 6.0) activesupport (~> 6.0) arel-helpers @@ -265,63 +252,68 @@ GEM metasploit_payloads-mettle (1.0.18) method_source (1.0.0) mini_portile2 (2.8.0) - minitest (5.15.0) + minitest (5.16.3) mqtt (0.5.0) - msgpack (1.4.5) + msgpack (1.5.4) multi_json (1.15.0) - multipart-post (2.1.1) - mustermann (1.1.1) + mustermann (2.0.2) ruby2_keywords (~> 0.0.1) nessus_rest (0.1.6) - net-ldap (0.17.0) - net-ssh (6.1.0) + net-ldap (0.17.1) + net-protocol (0.1.3) + timeout + net-smtp (0.3.1) + digest + net-protocol + timeout + net-ssh (7.0.1) network_interface (0.0.2) nexpose (7.3.0) nio4r (2.5.8) - nokogiri (1.13.3) + nokogiri (1.13.8) mini_portile2 (~> 2.8.0) racc (~> 1.4) nori (2.6.0) - octokit (4.22.0) - faraday (>= 0.9) - sawyer (~> 0.8.0, >= 0.5.3) - openssl-ccm (1.2.2) - openssl-cmac (2.0.1) + octokit (5.2.0) + faraday (>= 1, < 3) + sawyer (~> 0.9) + openssl-ccm (1.2.3) + openssl-cmac (2.0.2) openvas-omp (0.0.4) packetfu (1.1.13) pcaprub patch_finder (1.0.2) pcaprub (0.13.1) - pdf-reader (2.9.2) + pdf-reader (2.10.0) Ascii85 (~> 1.0) afm (~> 0.2.1) hashery (~> 2.0) ruby-rc4 ttfunk - pg (1.3.4) - public_suffix (4.0.6) - puma (5.6.2) + pg (1.4.3) + public_suffix (4.0.7) + puma (5.6.4) nio4r (~> 2.0) racc (1.6.0) - rack (2.2.3) - rack-protection (2.2.0) + rack (2.2.4) + rack-protection (2.2.2) rack - rack-test (1.1.0) - rack (>= 1.0, < 3) + rack-test (2.0.2) + rack (>= 1.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) - railties (6.1.5) - actionpack (= 6.1.5) - activesupport (= 6.1.5) + railties (6.1.6.1) + actionpack (= 6.1.6.1) + activesupport (= 6.1.6.1) method_source rake (>= 12.2) thor (~> 1.0) rake (13.0.6) rb-readline (0.5.5) - recog (2.3.22) + recog (2.3.23) nokogiri redcarpet (3.5.1) reline (0.2.5) @@ -334,12 +326,12 @@ GEM rex-core rex-struct2 rex-text - rex-core (0.1.27) + rex-core (0.1.28) rex-encoder (0.1.6) metasm rex-arch rex-text - rex-exploitation (0.1.29) + rex-exploitation (0.1.35) jsobfu metasm rex-arch @@ -353,7 +345,7 @@ GEM rex-arch rex-ole (0.1.7) rex-text - rex-powershell (0.1.95) + rex-powershell (0.1.96) rex-random_identifier rex-text ruby-rc4 @@ -364,14 +356,14 @@ GEM metasm rex-core rex-text - rex-socket (0.1.34) + rex-socket (0.1.41) rex-core rex-sslscan (0.1.7) rex-core rex-socket rex-text rex-struct2 (0.1.3) - rex-text (0.2.37) + rex-text (0.2.39) rex-zip (0.1.4) rex-text rexml (3.2.5) @@ -379,25 +371,25 @@ GEM ruby-macho (3.0.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) - ruby_smb (3.0.5) + ruby_smb (3.1.7) bindata openssl-ccm openssl-cmac rubyntlm - windows_error (>= 0.1.3) + windows_error (>= 0.1.4) rubyntlm (0.6.3) rubyzip (2.3.2) - sawyer (0.8.2) + sawyer (0.9.2) addressable (>= 2.3.5) - faraday (> 0.8, < 2.0) + faraday (>= 0.17.3, < 3) simpleidn (0.2.1) unf (~> 0.1.4) - sinatra (2.2.0) - mustermann (~> 1.0) + sinatra (2.2.2) + mustermann (~> 2.0) rack (~> 2.2) - rack-protection (= 2.2.0) + rack-protection (= 2.2.2) tilt (~> 2.0) - sqlite3 (1.4.2) + sqlite3 (1.4.4) sshkey (2.0.0) swagger-blocks (3.0.0) thin (1.8.1) @@ -405,15 +397,16 @@ GEM eventmachine (~> 1.0, >= 1.0.4) rack (>= 1, < 3) thor (1.2.1) - tilt (2.0.10) + tilt (2.0.11) + timeout (0.3.0) ttfunk (1.7.0) - tzinfo (2.0.4) + tzinfo (2.0.5) concurrent-ruby (~> 1.0) - tzinfo-data (1.2022.1) + tzinfo-data (1.2022.3) tzinfo (>= 1.0.0) unf (0.1.4) unf_ext - unf_ext (0.0.8.1) + unf_ext (0.0.8.2) unix-crypt (1.3.0) warden (1.2.9) rack (>= 2.0.9) @@ -422,7 +415,7 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) win32api (0.1.0) - windows_error (0.1.3) + windows_error (0.1.4) winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) @@ -437,7 +430,7 @@ GEM activesupport (>= 4.2, < 8.0) xmlrpc (0.3.2) webrick - zeitwerk (2.5.4) + zeitwerk (2.6.0) PLATFORMS ruby @@ -446,4 +439,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.3.6 + 2.3.20 diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index 8d807d85844a..2cc25a9728e3 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.1.35"; + version = "6.2.13"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-1xEc+I2Pvs6GQuEGAHWWAum7ASESX5R5D1qN+wPtFgY="; + sha256 = "sha256-95G9iqejcc2t4pUmzNoDE9/9f6NstPjLDJigQhZAo4E="; }; nativeBuildInputs = [ makeWrapper ]; @@ -56,7 +56,7 @@ in stdenv.mkDerivation rec { meta = with lib; { description = "Metasploit Framework - a collection of exploits"; - homepage = "https://github.com/rapid7/metasploit-framework/wiki"; + homepage = "https://docs.metasploit.com/"; platforms = platforms.unix; license = licenses.bsd3; maintainers = with maintainers; [ fab makefu ]; diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index 45270cea4cfb..e962b2571420 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -4,50 +4,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kk8c6n94lg5gyarsy33wakw04zbmdwgfr7zxv4zzmbnp1yach0w"; + sha256 = "1m5x42s72mik9xkrgbway4ra139k71p2dfxcvg5gwdmac8maiq7k"; type = "gem"; }; - version = "6.1.5"; + version = "6.1.6.1"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16w7pl8ir253g1dzlzx4mwrjsx3v7fl7zn941xz53zb4ld286mhi"; + sha256 = "0syh8jwih5qvv87zfyzl37rz6sc1prhy6gia95bn76zyqk9cfzx8"; type = "gem"; }; - version = "6.1.5"; + version = "6.1.6.1"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16anyz7wqwmphzb6w1sgmvdvj50g3zp70s94s5v8hwxj680f6195"; + sha256 = "1qm3whcaiv5kkgp6plyxi6xa6n3sap18m6w1lfwvr93xb8v57693"; type = "gem"; }; - version = "6.1.5"; + version = "6.1.6.1"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jl6jc9g9jxsljfnnmbkxrgwrz86icw6g745cv6iavryizrmw939"; + sha256 = "1c6hcy2affwkkggd49v1g1j6ahijikbcxrcksngm9silmc24ixw2"; type = "gem"; }; - version = "6.1.5"; + version = "6.1.6.1"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jmqndx3a46hpwz33ximqch27018n3mk9z19azgpylm33w7xpkx4"; + sha256 = "0vb0xi7yvgfqky9h4clyncb886mr1wvz9amk7d9ffmgpwrpzvjaz"; type = "gem"; }; - version = "6.1.5"; + version = "6.1.6.1"; }; addressable = { groups = ["default"]; @@ -104,80 +104,80 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0w3y40l5xg0p5sha6w4wppwb6kil129nk760yblswqw7vz0s0mm0"; + sha256 = "0vgbfpxpybq5hr87knpc65ha0cyckbq2i00y8wd8sc3j663sffm2"; type = "gem"; }; - version = "1.570.0"; + version = "1.619.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "14ymvp06k46gvkpvz5zaqvbvr6wd8vdka5iq25q0wd0fzdx7aivm"; + sha256 = "0lal5x2qkz6ip36ladynb29j65brq8bbdcgx6cwbybsyadwcf693"; type = "gem"; }; - version = "3.130.0"; + version = "3.132.0"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vvplr6ml7acl047lynmsdl2bs2i992vx68dhzqmllppf8ggcjvs"; + sha256 = "1x9wcq89bp8785qqx8jlj4isbqq5w5kisfdd275r6p2chmm1mw47"; type = "gem"; }; - version = "1.304.0"; + version = "1.328.0"; }; aws-sdk-iam = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15rhfl5g49422g8bi90dv0cx3imbza99223pqdi4vsg6gwzhszhy"; + sha256 = "0rms5bbqsgy7wb13y0chm1mw9qasdrbmd5bpdwlkn0ib58s174d6"; type = "gem"; }; - version = "1.68.0"; + version = "1.69.0"; }; aws-sdk-kms = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0fmpdll52ng1kfn4r5ndcyppn5553qvvxw87w58m9n70ga3avasi"; + sha256 = "1p2dbmb1vl8vk2xchrrsp2sxa95ya5w7ll1jlw89yyhls3l2l1ag"; type = "gem"; }; - version = "1.55.0"; + version = "1.58.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0iafjly868kdzmpxkv1ndmqm524ik36ibs15mqh145vw32gz7bax"; + sha256 = "1r6dxz3llgxbbm66jq5mkzk0i6qsxwv0d9s0ipwb23vv3bgp23yf"; type = "gem"; }; - version = "1.113.0"; + version = "1.114.0"; }; aws-sigv4 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wh1y79v0s4zgby2m79bnifk65hwf5pvk2yyrxzn2jkjjq8f8fqa"; + sha256 = "1d4bifmll4hrf4gihr5hdvn59wjpz4qpyg5jj95kp17fykzqg36n"; type = "gem"; }; - version = "1.4.0"; + version = "1.5.1"; }; bcrypt = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1rakdhrnlclrpy7sihi9ipwdh7fjkkvzga171464lq6rzp07cf65"; + sha256 = "048z3fvcknqx7ikkhrcrykxlqmf9bzc7l0y5h1cnvrc9n2qf0k8m"; type = "gem"; }; - version = "3.1.17"; + version = "3.1.18"; }; bcrypt_pbkdf = { groups = ["default"]; @@ -204,10 +204,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "03n3w96vpblaxvk1qk8hq7sbsmg4nv7qdkdr8f7nfvalgpakp5i5"; + sha256 = "19vgs9rzzyvd7jfrzynjnc6518q0ffpfciyicfywbp77zl8nc9hk"; type = "gem"; }; - version = "4.14.1"; + version = "4.15.0"; }; builder = { groups = ["default"]; @@ -259,6 +259,16 @@ }; version = "1.4.1"; }; + digest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00vwzvxgby22h7jhwadqqf9ssbkp3ag2pl4g7q3zf1y8mlk7rk39"; + type = "gem"; + }; + version = "3.1.0"; + }; dnsruby = { groups = ["default"]; platforms = []; @@ -314,10 +324,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09l8lz3j00m898li0yfsnb6ihc63rdvhw3k5xczna5zrjk104f2l"; + sha256 = "11bz1v1cxabm8672gabrw542zyg51dizlcvdck6vvwzagxbjv9zx"; type = "gem"; }; - version = "1.10.0"; + version = "1.11.0"; }; eventmachine = { groups = ["default"]; @@ -334,120 +344,40 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1694ndj701a8q4c4bwxz53kx94ih1rr4pgr4gk7a6c8k4jsbjgwi"; + sha256 = "1na8p9r9zdvz75aihjczhamlygrjs9dj7pcbxgg8vfavrx8d89b5"; type = "gem"; }; - version = "2.20.0"; + version = "2.22.0"; }; faraday = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00palwawk897p5gypw5wjrh93d4p0xz2yl9w93yicb4kq7amh8d4"; - type = "gem"; - }; - version = "1.10.0"; - }; - faraday-em_http = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "12cnqpbak4vhikrh2cdn94assh3yxza8rq2p9w2j34bqg5q4qgbs"; - type = "gem"; - }; - version = "1.0.0"; - }; - faraday-em_synchrony = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1vgrbhkp83sngv6k4mii9f2s9v5lmp693hylfxp2ssfc60fas3a6"; - type = "gem"; - }; - version = "1.0.0"; - }; - faraday-excon = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0h09wkb0k0bhm6dqsd47ac601qiaah8qdzjh8gvxfd376x1chmdh"; - type = "gem"; - }; - version = "1.1.0"; - }; - faraday-httpclient = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0fyk0jd3ks7fdn8nv3spnwjpzx2lmxmg2gh4inz3by1zjzqg33sc"; + sha256 = "1a6q8k82vfqyzlnrs6r6d82fyz5fminc8p57mr5xkdabs0m2y3mx"; type = "gem"; }; - version = "1.0.1"; - }; - faraday-multipart = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "03qfi9020ynf7hkdiaq01sd2mllvw7fg4qiin3pk028b4wv23j3j"; - type = "gem"; - }; - version = "1.0.3"; + version = "2.5.2"; }; faraday-net_http = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1fi8sda5hc54v1w3mqfl5yz09nhx35kglyx72w7b8xxvdr0cwi9j"; - type = "gem"; - }; - version = "1.0.1"; - }; - faraday-net_http_persistent = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "0dc36ih95qw3rlccffcb0vgxjhmipsvxhn6cw71l7ffs0f7vq30b"; - type = "gem"; - }; - version = "1.2.0"; - }; - faraday-patron = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "19wgsgfq0xkski1g7m96snv39la3zxz6x7nbdgiwhg5v82rxfb6w"; + sha256 = "0yicplzlh5da8pr64286zga3my86cjsb2y9dqlzsacpw8hbkmjvw"; type = "gem"; }; - version = "1.0.0"; - }; - faraday-rack = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1h184g4vqql5jv9s9im6igy00jp6mrah2h14py6mpf9bkabfqq7g"; - type = "gem"; - }; - version = "1.0.0"; + version = "3.0.0"; }; faraday-retry = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "153i967yrwnswqgvnnajgwp981k9p50ys1h80yz3q94rygs59ldd"; + sha256 = "07bn75d784ndj9ljqk19ff6217hkqqmxjlnjx5b9v36k2nnj9kys"; type = "gem"; }; - version = "1.0.3"; + version = "2.0.0"; }; faye-websocket = { groups = ["default"]; @@ -494,10 +424,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1wn0sl14396g5lyvp8sjmcb1hw9rbyi89gxng91r7w4df4jwiidh"; + sha256 = "1kd2q59xpm39hpvmmvyi6g3f1fr05xjbnxwkrdqz4xy7hirqi79q"; type = "gem"; }; - version = "1.3.1"; + version = "1.4.0"; }; hashery = { groups = ["default"]; @@ -534,10 +464,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19370bc97gsy2j4hanij246hv1ddc85hw0xjb6sj7n1ykqdlx9l9"; + sha256 = "13rilvlv8kwbzqfb644qp6hrbsj82cbqmnzcvqip1p6vqx36sxbk"; type = "gem"; }; - version = "1.0.4"; + version = "1.0.5"; }; "http_parser.rb" = { groups = ["default"]; @@ -564,10 +494,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0b2qyvnk4yynlg17ymkq4g5xgr275637fhl1mjh0valw3cb1fhhg"; + sha256 = "1vdcchz7jli1p0gnc669a7bj3q1fv09y9ppf0y3k0vb1jwdwrqwi"; type = "gem"; }; - version = "1.10.0"; + version = "1.12.0"; }; io-console = { groups = ["default"]; @@ -614,10 +544,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1z9grvjyfz16ag55hg522d3q4dh07hf391sf9s96npc0vfi85xkz"; + sha256 = "0yk5d10yvspkc5jyvx9gc1a9pn1z8v4k2hvjk1l88zixwf3wf3cl"; type = "gem"; }; - version = "2.6.1"; + version = "2.6.2"; }; little-plugger = { groups = ["default"]; @@ -634,20 +564,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pkmhcxi8lp74bq5gz9lxrvaiv5w0745kk7s4bw2b1x07qqri0n9"; + sha256 = "1zflchpx4g8c110gjdcs540bk5a336nq6nmx379rdg56xw0pjd02"; type = "gem"; }; - version = "2.3.0"; + version = "2.3.1"; }; loofah = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1yp1h1j7pdkqvnx8jl6bkzlajav3h5mhqzihgs9p6y3c8927mw23"; + sha256 = "18ymp6l3bv7abz07k6qbbi9c9vsiahq30d2smh4qzsvag8j5m5v1"; type = "gem"; }; - version = "2.15.0"; + version = "2.18.0"; }; metasm = { groups = ["default"]; @@ -664,62 +594,62 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lmvwja6v7s12g0fq9mp2d3sgashl526apfjqk5fchqvnfqw4gsb"; + sha256 = "1m7dykwravbjdq4zs1z5lqdwrmfjsswjg7iygn4a187xn9ml1rj6"; type = "gem"; }; - version = "4.0.3"; + version = "4.0.4"; }; metasploit-credential = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0a17zm8cq71rd8qilxai7s3dzb8n5lzvjfwyxk7slblfcgbsl9np"; + sha256 = "08w1yhjybrdrn7rv77j4d58w9m8fdh4l5kaw7wsikv1zzcjdqwrl"; type = "gem"; }; - version = "5.0.5"; + version = "5.0.8"; }; metasploit-framework = { groups = ["default"]; platforms = []; source = { fetchSubmodules = false; - rev = "c1efca37c6e967103978915618efa41515134ea1"; - sha256 = "01hnxl1zp3as1xwr8pqj440vps82jrsh01p18a3cxglgipw1q4fp"; + rev = "6241267e515db4b2902831fda1bc41773fb24529"; + sha256 = "10d380b4584q1k5zid3cldzzvpqk0gdcq9lmwanwswd3ly5bv4gp"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.1.35"; + version = "6.2.13"; }; metasploit-model = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "13zg6jw8vbspq95s4dpcbjxnjiacy21il7y8l2dq3rd04mickryy"; + sha256 = "17kmw9gx4mdimv5wbf3935g43ad9spdx9bshdgk5y754kw80cnqd"; type = "gem"; }; - version = "4.0.3"; + version = "4.0.6"; }; metasploit-payloads = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0chd5rn13210fgsvm0yqd59lfgg9kpmyx82jbf33dfiw6qh6mmi1"; + sha256 = "1azr70qfq14wpki61hnljqnxnxlx9ifa4p92wh29cnak8v697v69"; type = "gem"; }; - version = "2.0.77"; + version = "2.0.94"; }; metasploit_data_models = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12hnkrkgx89dskfr8ywpxk51y0nqnnj37qjz856f45z7ymx1nzip"; + sha256 = "1h7w6kavbylbs55rkv12hg28wcchwqvzmagw9yrkqmncwdavl0dl"; type = "gem"; }; - version = "5.0.4"; + version = "5.0.5"; }; metasploit_payloads-mettle = { groups = ["default"]; @@ -756,10 +686,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06xf558gid4w8lwx13jwfdafsch9maz8m0g85wnfymqj63x5nbbd"; + sha256 = "0516ypqlx0mlcfn5xh7qppxqc3xndn1fnadxawa8wld5dkcimy30"; type = "gem"; }; - version = "5.15.0"; + version = "5.16.3"; }; mqtt = { groups = ["default"]; @@ -776,10 +706,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1cshgsx3hmpgx639xyqjqa2q3hgrhlyr9rpwhsglsx529alqq125"; + sha256 = "02af38s49111wglqzcjcpa7bwg6psjgysrjvgk05h3x4zchb6gd5"; type = "gem"; }; - version = "1.4.5"; + version = "1.5.4"; }; multi_json = { groups = ["default"]; @@ -791,55 +721,65 @@ }; version = "1.15.0"; }; - multipart-post = { + mustermann = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zgw9zlwh2a6i1yvhhc4a84ry1hv824d6g2iw2chs3k5aylpmpfj"; + sha256 = "0m70qz27mlv2rhk4j1li6pw797gmiwwqg02vcgxcxr1rq2v53rnb"; type = "gem"; }; - version = "2.1.1"; + version = "2.0.2"; }; - mustermann = { + nessus_rest = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a"; + sha256 = "1allyrd4rll333zbmsi3hcyg6cw1dhc4bg347ibsw191nswnp8ci"; type = "gem"; }; - version = "1.1.1"; + version = "0.1.6"; }; - nessus_rest = { + net-ldap = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1allyrd4rll333zbmsi3hcyg6cw1dhc4bg347ibsw191nswnp8ci"; + sha256 = "1ycw0qsw3hap8svakl0i30jkj0ffd4lpyrn17a1j0w8mz5ainmsj"; type = "gem"; }; - version = "0.1.6"; + version = "0.17.1"; }; - net-ldap = { + net-protocol = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1j19yxrz7h3hj7kiiln13c7bz7hvpdqr31bwi88dj64zifr7896n"; + sha256 = "051cc82dl41a66c9sxv4lx4slqk7sz1v4iy0hdk6gpjyjszf4hxd"; type = "gem"; }; - version = "0.17.0"; + version = "0.1.3"; + }; + net-smtp = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1s358kfv9mnfxcjbpr1d5a2gs1q7wkw7ffpn86mf1b3s9p31bw9s"; + type = "gem"; + }; + version = "0.3.1"; }; net-ssh = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0jp3jgcn8cij407xx9ldb5h9c6jv13jc4cf6kk2idclz43ww21c9"; + sha256 = "1qp3i8bi7ji1np0530bp2p9zrrn6galvmbsivxwpkjdpjdyn19sr"; type = "gem"; }; - version = "6.1.0"; + version = "7.0.1"; }; network_interface = { groups = ["default"]; @@ -877,10 +817,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1p6b3q411h2mw4dsvhjrp1hh66hha5cm69fqg85vn2lizz71n6xz"; + sha256 = "0g7axlq2y6gzmixzzzhw3fn6nhrhg469jj8gfr7gs8igiclpkhkr"; type = "gem"; }; - version = "1.13.3"; + version = "1.13.8"; }; nori = { groups = ["default"]; @@ -897,30 +837,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1nmdd7klyinvrrv2mggwwmc99ykaq7i379j00i37hvvaqx4giifj"; + sha256 = "1xn53wdrk0vy08d88s6dd2n3mly3prw8m00pcc9hm7ykmbs1668r"; type = "gem"; }; - version = "4.22.0"; + version = "5.2.0"; }; openssl-ccm = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0gxwxk657jya2s5m8cpckvgy5m7qx0hzfp8xvc0hg2wf1lg5gwp0"; + sha256 = "1mqr538wcfjc1q9qxsc2pz0s81kw1f3xk7k1qy903n5b3bh9vri3"; type = "gem"; }; - version = "1.2.2"; + version = "1.2.3"; }; openssl-cmac = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1k69p0p0ilvqnwskhc0bfax8rwvyk6n4wzarg8qsjdvm13xwx508"; + sha256 = "1mml6105j6ryd9d019gbwzkdjmvycjlxxld0qzg9vs70f1qdihcc"; type = "gem"; }; - version = "2.0.1"; + version = "2.0.2"; }; openvas-omp = { groups = ["default"]; @@ -967,40 +907,40 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pmb0lhbch06i8br2nkcq3flbfx1s2wqi3vkndqr4vnx3azvyjf6"; + sha256 = "07chhyxf3qlr65jngns3z5187ibfibf5h2q59505vx45dfr3lvwz"; type = "gem"; }; - version = "2.9.2"; + version = "2.10.0"; }; pg = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "090c3kazlmiizp25las7dgi8wlc11s29nrs2gy3qrp1z8qikgcmb"; + sha256 = "1ypj64nhq3grs9zh40vmyfyhmxlhljjsbg5q0jxhlxg5v76ij0mb"; type = "gem"; }; - version = "1.3.4"; + version = "1.4.3"; }; public_suffix = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + sha256 = "1f3knlwfwm05sfbaihrxm4g772b79032q14c16q4b38z8bi63qcb"; type = "gem"; }; - version = "4.0.6"; + version = "4.0.7"; }; puma = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1np2myaxlk5iab1zarwgmp7zsjvm5j8ssg35ijv8b6dpvc3cjd56"; + sha256 = "0dgr2rybayih2naz3658mbzqwfrg9fxl80zsvhscf6b972kp3jdw"; type = "gem"; }; - version = "5.6.2"; + version = "5.6.4"; }; racc = { groups = ["default"]; @@ -1017,30 +957,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0i5vs0dph9i5jn8dfc6aqd6njcafmb20rwqngrf759c9cvmyff16"; + sha256 = "0axc6w0rs4yj0pksfll1hjgw1k6a5q0xi2lckh91knfb72v348pa"; type = "gem"; }; - version = "2.2.3"; + version = "2.2.4"; }; rack-protection = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hz6h6d67r217qi202qmxq2xkn3643ay3iybhl3dq3qd6j8nm3b2"; + sha256 = "169jzzgvbjrqmz4q55wp9pg4ji2h90mggcdxy152gv5vp96l2hgx"; type = "gem"; }; - version = "2.2.0"; + version = "2.2.2"; }; rack-test = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rh8h376mx71ci5yklnpqqn118z3bl67nnv5k801qaqn1zs62h8m"; + sha256 = "0rjl709krgf499dhjdapg580l2qaj9d91pwzk8ck8fpnazlx1bdd"; type = "gem"; }; - version = "1.1.0"; + version = "2.0.2"; }; rails-dom-testing = { groups = ["default"]; @@ -1057,20 +997,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09qrfi3pgllxb08r024lln9k0qzxs57v0slsj8616xf9c0cwnwbk"; + sha256 = "1mj0b7ay10a2fgwj70kjw7mlyrp7a5la8lx8zmwhy40bkansdfrf"; type = "gem"; }; - version = "1.4.2"; + version = "1.4.3"; }; railties = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1fdqhv8qhk2dspkrr9f5dj3806g52cb0l1chh2hx8v81y218cl93"; + sha256 = "0cwpjj9inak65cvs9wyhpjdsx1xajzbiy25p397a8kmyvkrcvzms"; type = "gem"; }; - version = "6.1.5"; + version = "6.1.6.1"; }; rake = { groups = ["default"]; @@ -1097,10 +1037,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ml58i34gjpgmpl392c77v2n50w2w233gwxgy6cxq81bp58ywj92"; + sha256 = "0axq8hw515b8hbv1jm4lbrqnjm5bvjjnj7xbx9pvp17zlklvsfzb"; type = "gem"; }; - version = "2.3.22"; + version = "2.3.23"; }; redcarpet = { groups = ["default"]; @@ -1147,10 +1087,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0a5fb8g6ksak1g1syhvh5rh87shnx617l7nl6afl80in0h4fd4xd"; + sha256 = "17kgimw778flsqg66cyccz655kfdaasgv9g0zyk7zb5psigjadbl"; type = "gem"; }; - version = "0.1.27"; + version = "0.1.28"; }; rex-encoder = { groups = ["default"]; @@ -1167,10 +1107,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0asx13g0xqb8wnslrmsld2l1w2qpl6kjrcbfl945kw1nm7k5bwxb"; + sha256 = "1hnwjilqyx39w0vi94ixj6qa2nlmb0z69f57vdb2xw3z9q29jlsl"; type = "gem"; }; - version = "0.1.29"; + version = "0.1.35"; }; rex-java = { groups = ["default"]; @@ -1217,10 +1157,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ydzvakfg8can56jn0i8qnrf742csyk82krj50b44sj93ncj7h54"; + sha256 = "1a9ky6gp8r6xymdcgnf7paqphy07m9alw28y1lhzg760h8a1kvc6"; type = "gem"; }; - version = "0.1.95"; + version = "0.1.96"; }; rex-random_identifier = { groups = ["default"]; @@ -1257,10 +1197,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1rsgssbnnl5frxgnq17xq0n6rpxns6xdmxpya9852c2n72nm5ac0"; + sha256 = "1ws7xj7898ba2ib3c2ww2g6df1jyjny42smndqb5sa4gfzynkcfp"; type = "gem"; }; - version = "0.1.34"; + version = "0.1.41"; }; rex-sslscan = { groups = ["default"]; @@ -1287,10 +1227,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xzym86blrah88qyi1m9f7pc53m6ssmr4d1znc8izbh90z38y51y"; + sha256 = "0za2rihc8d1hr4g5gqabpdd19npah0mmh93wylrh503hiwq7ljsv"; type = "gem"; }; - version = "0.2.37"; + version = "0.2.39"; }; rex-zip = { groups = ["default"]; @@ -1357,10 +1297,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0zgw3aplb0nd8ggyy2csywvnw7gdligzdqvw18j7s5yix8g2h4cz"; + sha256 = "0y6yz3zpf64hrz5pa43jhrk8jxl2iivsirh7n7gzy6gfbxxmvssb"; type = "gem"; }; - version = "3.0.5"; + version = "3.1.7"; }; rubyntlm = { groups = ["default"]; @@ -1387,10 +1327,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0yrdchs3psh583rjapkv33mljdivggqn99wkydkjdckcjn43j3cz"; + sha256 = "1jks1qjbmqm8f9kvwa81vqj39avaj9wdnzc531xm29a55bb74fps"; type = "gem"; }; - version = "0.8.2"; + version = "0.9.2"; }; simpleidn = { groups = ["default"]; @@ -1407,20 +1347,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1x3rci7k30g96y307hvglpdgm3f7nga3k3n4i8n1v2xxx290800y"; + sha256 = "0mbjp75dy35q796iard8izsy7gk55g2c3q864r2p13my3yjmlcvz"; type = "gem"; }; - version = "2.2.0"; + version = "2.2.2"; }; sqlite3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0lja01cp9xd5m6vmx99zwn4r7s97r1w5cb76gqd8xhbm1wxyzf78"; + sha256 = "1z1wa639c278bsipczn6kv8b13fj85pi8gk7x462chqx6k0wm0ax"; type = "gem"; }; - version = "1.4.2"; + version = "1.4.4"; }; sshkey = { groups = ["default"]; @@ -1467,10 +1407,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv"; + sha256 = "186nfbcsk0l4l86gvng1fw6jq6p6s7rc0caxr23b3pnbfb20y63v"; type = "gem"; }; - version = "2.0.10"; + version = "2.0.11"; + }; + timeout = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00cy93b6803j3aw5nail4l0zdrj54i5n2dlk6j9z998swcjbv3b2"; + type = "gem"; + }; + version = "0.3.0"; }; ttfunk = { groups = ["default"]; @@ -1487,20 +1437,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "10qp5x7f9hvlc0psv9gsfbxg4a7s0485wsbq1kljkxq94in91l4z"; + sha256 = "0rx114mpqnw2k4h98vc0rs0x0bmf0img84yh8mkkjkal07cjydf5"; type = "gem"; }; - version = "2.0.4"; + version = "2.0.5"; }; tzinfo-data = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0yvfyxz70r45j65763fzy0p5j8cxlhnpn1n5lcxj4is7hp8v5i23"; + sha256 = "0k62nrh30sinsfbs17w8cahydf3vm3j14l0l0ba78vfh429cv4i3"; type = "gem"; }; - version = "1.2022.1"; + version = "1.2022.3"; }; unf = { groups = ["default"]; @@ -1517,10 +1467,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bf120xbq23zjyf8zi8h1576d71g58srr8rndig0whn10w72vrxz"; + sha256 = "1yj2nz2l101vr1x9w2k83a0fag1xgnmjwp8w8rw4ik2rwcz65fch"; type = "gem"; }; - version = "0.0.8.1"; + version = "0.0.8.2"; }; unix-crypt = { groups = ["default"]; @@ -1587,10 +1537,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dy35rfdmj6pfhdicix1kcgpj5y7844a43i6bnklngn7b1wmy3av"; + sha256 = "0zmm2if81ia33hp18h8yrgnpgcdyrxziyf185r0zx8qy7n8mlchl"; type = "gem"; }; - version = "0.1.3"; + version = "0.1.4"; }; winrm = { groups = ["default"]; @@ -1627,9 +1577,9 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "09bq7j2p6mkbxnsg71s253dm2463kg51xc7bmjcxgyblqbh4ln7m"; + sha256 = "0xjdr2szxvn3zb1sb5l8nfd6k9jr3b4qqbbg1mj9grf68m3fxckc"; type = "gem"; }; - version = "2.5.4"; + version = "2.6.0"; }; } diff --git a/nixpkgs/pkgs/tools/security/minica/default.nix b/nixpkgs/pkgs/tools/security/minica/default.nix index 29574e39cd92..b984221bec36 100644 --- a/nixpkgs/pkgs/tools/security/minica/default.nix +++ b/nixpkgs/pkgs/tools/security/minica/default.nix @@ -1,33 +1,34 @@ -{ lib, buildGoPackage, fetchFromGitHub }: +{ lib +, buildGoModule +, fetchFromGitHub +}: -buildGoPackage rec { +buildGoModule rec { pname = "minica"; version = "1.0.2"; - goPackagePath = "github.com/jsha/minica"; - src = fetchFromGitHub { owner = "jsha"; repo = "minica"; rev = "v${version}"; - sha256 = "18518wp3dcjhf3mdkg5iwxqr3326n6jwcnqhyibphnb2a58ap7ny"; + sha256 = "sha256-3p6rUFFiWXhX9BBbxqWxRoyRceexvNnqcFCyNi5HoaA="; }; - ldflags = [ - "-X main.BuildVersion=${version}" - ]; + vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo="; + + ldflags = [ "-s" "-w" ]; meta = with lib; { description = "A simple tool for generating self signed certificates"; longDescription = '' - Minica is a simple CA intended for use in situations where the CA - operator also operates each host where a certificate will be used. It - automatically generates both a key and a certificate when asked to - produce a certificate. + Minica is a simple CA intended for use in situations where the CA operator + also operates each host where a certificate will be used. It automatically + generates both a key and a certificate when asked to produce a + certificate. ''; homepage = "https://github.com/jsha/minica/"; + changelog = "https://github.com/jsha/minica/releases/tag/${src.rev}"; license = licenses.mit; maintainers = with maintainers; [ m1cr0man ]; - platforms = platforms.linux ++ platforms.darwin; }; } diff --git a/nixpkgs/pkgs/tools/security/minio-certgen/default.nix b/nixpkgs/pkgs/tools/security/minio-certgen/default.nix index 16dbfdf63add..ddcd55ef3ff4 100644 --- a/nixpkgs/pkgs/tools/security/minio-certgen/default.nix +++ b/nixpkgs/pkgs/tools/security/minio-certgen/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "minio-certgen"; - version = "1.2.0"; + version = "1.2.1"; src = fetchFromGitHub { owner = "minio"; repo = "certgen"; rev = "v${version}"; - sha256 = "sha256-FBx4v29ZuhXwubWivIXReO5Ge/rPt1J3LbXlprC7E9c="; + sha256 = "sha256-qi+SeNLW/jE2dGar4Lf16TKRT3ZTmWB/j8EsnoyrdxI="; }; vendorSha256 = null; @@ -18,5 +18,6 @@ buildGoModule rec { downloadPage = "https://github.com/minio/certgen"; license = licenses.bsd3; maintainers = with maintainers; [ bryanasdev000 ]; + mainProgram = "certgen"; }; } diff --git a/nixpkgs/pkgs/tools/security/mitmproxy2swagger/default.nix b/nixpkgs/pkgs/tools/security/mitmproxy2swagger/default.nix new file mode 100644 index 000000000000..bdd189b479a1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mitmproxy2swagger/default.nix @@ -0,0 +1,41 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "mitmproxy2swagger"; + version = "0.6.1"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "alufers"; + repo = pname; + rev = "refs/tags/${version}"; + hash = "sha256-7c+SIU5re1GaqKmzjY+wBXwm8CoQ4uaNLNHzUfG0GDA="; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + json-stream + mitmproxy + ruamel-yaml + ]; + + # No tests available + doCheck = false; + + pythonImportsCheck = [ + "mitmproxy2swagger" + ]; + + meta = with lib; { + description = "Tool to automagically reverse-engineer REST APIs"; + homepage = "https://github.com/alufers/mitmproxy2swagger"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mkp224o/default.nix b/nixpkgs/pkgs/tools/security/mkp224o/default.nix index 6f836271c0ab..4b9beecb3541 100644 --- a/nixpkgs/pkgs/tools/security/mkp224o/default.nix +++ b/nixpkgs/pkgs/tools/security/mkp224o/default.nix @@ -42,6 +42,6 @@ stdenv.mkDerivation rec { homepage = "http://cathug2kyi4ilneggumrenayhuhsvrgn6qv2y47bgeet42iivkpynqad.onion/"; license = licenses.cc0; platforms = platforms.unix; - maintainers = with maintainers; [ volth ]; + maintainers = with maintainers; [ ]; }; } diff --git a/nixpkgs/pkgs/tools/security/mokutil/default.nix b/nixpkgs/pkgs/tools/security/mokutil/default.nix index a84763a242ff..b408e4d2c80e 100644 --- a/nixpkgs/pkgs/tools/security/mokutil/default.nix +++ b/nixpkgs/pkgs/tools/security/mokutil/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation rec { pname = "mokutil"; - version = "0.5.0"; + version = "0.6.0"; src = fetchFromGitHub { owner = "lcp"; repo = pname; rev = version; - sha256 = "sha256-dt41TCr6RkmE9H+NN8LWv3ogGsK38JtLjVN/b2mbGJs="; + sha256 = "sha256-qwSEv14mMpaKmm6RM882JzEnBQG3loqsoglg4qTFWUg="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/monsoon/default.nix b/nixpkgs/pkgs/tools/security/monsoon/default.nix index 3f414081500f..50860198e76c 100644 --- a/nixpkgs/pkgs/tools/security/monsoon/default.nix +++ b/nixpkgs/pkgs/tools/security/monsoon/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "monsoon"; - version = "0.6.0"; + version = "0.7.0"; src = fetchFromGitHub { owner = "RedTeamPentesting"; repo = "monsoon"; rev = "v${version}"; - sha256 = "01c84s11m645mqaa2vdnbsj0kb842arqjhicgjv0ahb7qdw65zz4"; + sha256 = "sha256-eXzD47qFkouYJkqWHbs2g2pbl3I7vWgIU6TqN3MEYQI="; }; - vendorSha256 = "1g84az07hv8w0jha2yl4f5jm0p9nkbawgw9l7cpmn8ckbfa54l7q"; + vendorSha256 = "sha256-tG+qV4Q77wT6x8y5cjZUaAWpL//sMUg1Ce3jS/dXF+Y="; # tests fails on darwin doCheck = !stdenv.isDarwin; diff --git a/nixpkgs/pkgs/tools/security/msfpc/default.nix b/nixpkgs/pkgs/tools/security/msfpc/default.nix new file mode 100644 index 000000000000..428611181410 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/msfpc/default.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, fetchFromGitHub, makeWrapper, metasploit, curl, inetutils, openssl }: + +stdenv.mkDerivation rec { + pname = "msfpc"; + version = "1.4.5"; + + src = fetchFromGitHub { + owner = "g0tmi1k"; + repo = pname; + rev = "v${version}"; + sha256 = "UIdE0oSaNu16pf+M96x8AnNju88hdzokv86wm8uBYDQ="; + }; + + nativeBuildInputs = [ + makeWrapper + ]; + + installPhase = '' + runHook preInstall + + install -Dm755 msfpc.sh $out/bin/msfpc + + runHook postInstall + ''; + + postFixup = '' + wrapProgram $out/bin/msfpc \ + --prefix PATH : "${lib.makeBinPath [ metasploit curl inetutils openssl ]}" + ''; + + meta = with lib; { + description = "MSFvenom Payload Creator"; + homepage = "https://github.com/g0tmi1k/msfpc"; + license = licenses.mit; + maintainers = with maintainers; [ emilytrau ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/munge/default.nix b/nixpkgs/pkgs/tools/security/munge/default.nix index 01e208958a50..99d72fc7c95c 100644 --- a/nixpkgs/pkgs/tools/security/munge/default.nix +++ b/nixpkgs/pkgs/tools/security/munge/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoreconfHook, gawk, gnused, libgcrypt, zlib, bzip2 }: +{ lib, stdenv, fetchFromGitHub, autoreconfHook, libgcrypt, zlib, bzip2 }: stdenv.mkDerivation rec { pname = "munge"; @@ -11,7 +11,11 @@ stdenv.mkDerivation rec { sha256 = "15h805rwcb9f89dyrkxfclzs41n3ff8x7cc1dbvs8mb0ds682c4j"; }; - nativeBuildInputs = [ autoreconfHook gawk gnused ]; + strictDeps = true; + nativeBuildInputs = [ + autoreconfHook + libgcrypt # provides libgcrypt.m4 + ]; buildInputs = [ libgcrypt zlib bzip2 ]; preAutoreconf = '' @@ -21,6 +25,10 @@ stdenv.mkDerivation rec { configureFlags = [ "--localstatedir=/var" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + # workaround for cross compilation: https://github.com/dun/munge/issues/103 + "ac_cv_file__dev_spx=no" + "x_ac_cv_check_fifo_recvfd=no" ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/naabu/default.nix b/nixpkgs/pkgs/tools/security/naabu/default.nix index 5acd0a93ac22..14c2c1def40f 100644 --- a/nixpkgs/pkgs/tools/security/naabu/default.nix +++ b/nixpkgs/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.0.5"; + version = "2.1.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; rev = "v${version}"; - sha256 = "0kbpfb1ryfqy8a54ksm7zm8pqy8f4adh06jc1ccpdxks3k0rygid"; + sha256 = "sha256-Gx2bYJXSApYhci7yQW45lLZjyfHVV8orPUIumC3+Yxg="; }; - vendorSha256 = "17x60x68hd2jm84xw5mgsclv6phn6ajkp92kpcz013vlkcdaqrxs"; + vendorSha256 = "sha256-wXXtebZUL4Nm7M7Eu0Ucks9forCC+6Yb8eyKPb43rxA="; buildInputs = [ libpcap diff --git a/nixpkgs/pkgs/tools/security/ncrack/default.nix b/nixpkgs/pkgs/tools/security/ncrack/default.nix index e1504eb12b4c..9e9aeaa409d4 100644 --- a/nixpkgs/pkgs/tools/security/ncrack/default.nix +++ b/nixpkgs/pkgs/tools/security/ncrack/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, openssl, zlib }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, openssl, zlib }: stdenv.mkDerivation rec { pname = "ncrack"; @@ -11,6 +11,16 @@ stdenv.mkDerivation rec { sha256 = "1gnv5xdd7n04glcpy7q1mkb6f8gdhdrhlrh8z6k4g2pjdhxlz26g"; }; + patches = [ + # Pull upstream fix for -fno-common toolchains like upstream gcc-10: + # https://github.com/nmap/ncrack/pull/83 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/nmap/ncrack/commit/cc4103267bab6017a4da9d41156d0c1075012eba.patch"; + sha256 = "06nlfvc7p108f8ppbcgwmj4iwmjy95xhc1sawa8c78lrx22r7gy3"; + }) + ]; + buildInputs = [ openssl zlib ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/neopg/default.nix b/nixpkgs/pkgs/tools/security/neopg/default.nix deleted file mode 100644 index e39be14475ef..000000000000 --- a/nixpkgs/pkgs/tools/security/neopg/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, cmake -, sqlite -, botan2 -, boost -, curl -, gettext -, pkg-config -, libusb1 -, gnutls }: - -stdenv.mkDerivation rec { - pname = "neopg"; - version = "0.0.6"; - - src = fetchFromGitHub { - owner = "das-labor"; - repo = "neopg"; - rev = "v${version}"; - sha256 = "15xp5w046ix59cfrhh8ka4camr0d8qqw643g184sqrcqwpk7nbrx"; - fetchSubmodules = true; - }; - - nativeBuildInputs = [ cmake gettext pkg-config ]; - - buildInputs = [ sqlite botan2 boost curl libusb1 gnutls ]; - - doCheck = true; - checkTarget = "test"; - dontUseCmakeBuildDir = true; - - preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg - ''; - - meta = with lib; { - homepage = "https://neopg.io/"; - description = "Modern replacement for GnuPG 2"; - license = licenses.gpl3; - longDescription = '' - NeoPG starts as an opiniated fork of GnuPG 2 to clean up the code and make it easier to develop. - It is written in C++11. - ''; - maintainers = with maintainers; [ erictapen ]; - platforms = platforms.linux; - broken = true; # fails to build with recent versions of botan. https://github.com/das-labor/neopg/issues/98 - }; -} diff --git a/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix index f06877b99fe1..acc82636f32f 100644 --- a/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix +++ b/nixpkgs/pkgs/tools/security/nitrokey-app/default.nix @@ -37,6 +37,6 @@ stdenv.mkDerivation rec { ''; homepage = "https://github.com/Nitrokey/nitrokey-app"; license = licenses.gpl3; - maintainers = with maintainers; [ kaiha fpletz ]; + maintainers = with maintainers; [ kaiha ]; }; } diff --git a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix index 5b9494bf9d37..6aad0b111be8 100644 --- a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix +++ b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix @@ -5,22 +5,16 @@ buildGoModule rec { pname = "nmap-formatter"; - version = "0.3.0"; + version = "2.0.1"; src = fetchFromGitHub { owner = "vdjagilev"; repo = pname; rev = "v${version}"; - sha256 = "sha256-tG91Cutk+RCBPv4Rf8CVnZa5Wh8qgsxEL0C6WIoEdsw="; + hash = "sha256-Jhjvtk8SDs//eBW+2+yLcIXf/NetfBUrKvzKCj+VyMg="; }; - vendorSha256 = "sha256-WXX1b8fPcwIE40w+Kzd7ZuSRXPiYtolRXC/Z8Kc9H2s="; - - postPatch = '' - # Fix hard-coded release - substituteInPlace cmd/root.go \ - --replace "0.2.0" "${version}" - ''; + vendorSha256 = "sha256-u36eHSb6YlGJNkgmRDclxTsdkONLKn8J/GKaoCgy+Qk="; meta = with lib; { description = "Tool that allows you to convert nmap output"; diff --git a/nixpkgs/pkgs/tools/security/nmap/default.nix b/nixpkgs/pkgs/tools/security/nmap/default.nix index 0a6733e993d6..5e71c2e16551 100644 --- a/nixpkgs/pkgs/tools/security/nmap/default.nix +++ b/nixpkgs/pkgs/tools/security/nmap/default.nix @@ -1,9 +1,7 @@ { lib, stdenv, fetchurl, fetchpatch, libpcap, pkg-config, openssl, lua5_3 , pcre, libssh2 -, graphicalSupport ? false , libX11 ? null , gtk2 ? null -, python2 ? null , makeWrapper ? null , withLua ? true }: @@ -11,7 +9,7 @@ with lib; stdenv.mkDerivation rec { - pname = "nmap${optionalString graphicalSupport "-graphical"}"; + pname = "nmap"; version = "7.92"; src = fetchurl { @@ -41,7 +39,9 @@ stdenv.mkDerivation rec { configureFlags = [ (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") "--with-liblinear=included" - ] ++ optionals (!graphicalSupport) [ "--without-ndiff" "--without-zenmap" ]; + "--without-ndiff" + "--without-zenmap" + ]; makeFlags = optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ "AR=${stdenv.cc.bintools.targetPrefix}ar" @@ -49,20 +49,8 @@ stdenv.mkDerivation rec { "CC=${stdenv.cc.targetPrefix}gcc" ]; - pythonPath = with python2.pkgs; optionals graphicalSupport [ - pygtk pysqlite pygobject2 pycairo - ]; - - nativeBuildInputs = [ pkg-config ] ++ optionals graphicalSupport [ python2.pkgs.wrapPython ]; - buildInputs = [ pcre libssh2 libpcap openssl ] ++ optionals graphicalSupport (with python2.pkgs; [ - python2 libX11 gtk2 - ]); - - postInstall = optionalString graphicalSupport '' - buildPythonPath "$out $pythonPath" - patchPythonScript $out/bin/ndiff - patchPythonScript $out/bin/zenmap - ''; + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ pcre libssh2 libpcap openssl ]; enableParallelBuilding = true; diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index 14539bf21574..f441772dbc17 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "2.6.5"; + version = "2.7.6"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - sha256 = "sha256-g78sZDhV2+MgoFkJIrE2RbVLa/aPjbKFFRyKj594Hb0="; + sha256 = "sha256-KFTVXHATWeKL+fvB52IekT9WMa61Aca0bDJ7g1n1kfU="; }; - vendorSha256 = "sha256-/umoSOQ0ehQplxU8OTGJVmTgO+8xPZxVwRBfM67zMh8="; + vendorSha256 = "sha256-hzKGqX0YPo4lhp0RTmeQlhUsvG2XhZxkl/TtI9YjEoY="; modRoot = "./v2"; subPackages = [ diff --git a/nixpkgs/pkgs/tools/security/nwipe/default.nix b/nixpkgs/pkgs/tools/security/nwipe/default.nix index 50a8cf83db22..35ca1f9b4125 100644 --- a/nixpkgs/pkgs/tools/security/nwipe/default.nix +++ b/nixpkgs/pkgs/tools/security/nwipe/default.nix @@ -9,13 +9,13 @@ stdenv.mkDerivation rec { pname = "nwipe"; - version = "0.33"; + version = "0.34"; src = fetchFromGitHub { owner = "martijnvanbrummelen"; repo = "nwipe"; rev = "v${version}"; - sha256 = "sha256-i+cK2XTdWc3ByG9i+rfwL3Ds8Sl15/wZwEc5nrcWdeY="; + sha256 = "sha256-7WI8AwWkg9rOjAbOyDgCVOpeMxvJ5Bd1yvzfSv6TPLs="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh b/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh index 3502a541fa8c..9f56ae412323 100755 --- a/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/update.sh @@ -5,7 +5,7 @@ set -euo pipefail nixfile='default.nix' release_url='https://download.savannah.nongnu.org/releases/oath-toolkit/' -attr='oathToolkit' +attr='oath-toolkit' command='oathtool --version' color() { diff --git a/nixpkgs/pkgs/tools/security/offensive-azure/default.nix b/nixpkgs/pkgs/tools/security/offensive-azure/default.nix new file mode 100644 index 000000000000..78d254fbbca0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/offensive-azure/default.nix @@ -0,0 +1,55 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "offensive-azure"; + version = "0.4.10"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "blacklanternsecurity"; + repo = pname; + rev = "v${version}"; + hash = "sha256-5JHix+/uGGhXM89VLimI81g4evci5ZUtNV1c1xopjuI="; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + certifi + charset-normalizer + colorama + dnspython + idna + pycryptodome + python-whois + requests + requests + ]; + + checkInputs = with python3.pkgs; [ + pytestCheckHook + ]; + + postPatch = '' + # Use default Python module + substituteInPlace pyproject.toml \ + --replace 'uuid = "^1.30"' "" \ + --replace 'python-whois = "^0.7.3"' 'python-whois = "*"' + ''; + + pythonImportsCheck = [ + "offensive_azure" + ]; + + meta = with lib; { + description = "Collection of offensive tools targeting Microsoft Azure"; + homepage = "https://github.com/blacklanternsecurity/offensive-azure"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/omapd/default.nix b/nixpkgs/pkgs/tools/security/omapd/default.nix index 7ce377e601a3..c2d911372eb0 100644 --- a/nixpkgs/pkgs/tools/security/omapd/default.nix +++ b/nixpkgs/pkgs/tools/security/omapd/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { homepage = "https://code.google.com/archive/p/omapd/"; description = "IF-MAP Server that implements the IF-MAP v1.1 and v2.0 specifications published by the Trusted Computing Group (TCG)"; license = licenses.gpl3; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/onioncircuits/default.nix b/nixpkgs/pkgs/tools/security/onioncircuits/default.nix index 0186accc24a8..329de10ff6bb 100644 --- a/nixpkgs/pkgs/tools/security/onioncircuits/default.nix +++ b/nixpkgs/pkgs/tools/security/onioncircuits/default.nix @@ -1,4 +1,4 @@ -{ lib, fetchgit, python3, intltool, gtk3, gobject-introspection, gnome }: +{ stdenv, lib, fetchgit, python3, intltool, gtk3, gobject-introspection, gnome }: python3.pkgs.buildPythonApplication rec { pname = "onioncircuits"; @@ -21,6 +21,7 @@ python3.pkgs.buildPythonApplication rec { ''; meta = with lib; { + broken = stdenv.isDarwin; homepage = "https://tails.boum.org"; description = "GTK application to display Tor circuits and streams"; license = licenses.gpl3; diff --git a/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix b/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix index 84c65b913458..8be0971f964e 100644 --- a/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix +++ b/nixpkgs/pkgs/tools/security/onlykey-agent/default.nix @@ -4,18 +4,30 @@ }: let + bech32 = with python3Packages; buildPythonPackage rec { + pname = "bech32"; + version = "1.2.0"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-fW24IUYDvXhx/PpsCCbvaLhbCr2Q+iHChanF4h0r2Jk="; + }; + }; + # onlykey requires a patched version of libagent lib-agent = with python3Packages; libagent.overridePythonAttrs (oa: rec{ - version = "1.0.2"; + version = "1.0.4"; src = fetchPypi { inherit version; pname = "lib-agent"; - sha256 = "sha256-NAimivO3m4UUPM4JgLWGq2FbXOaXdQEL/DqZAcy+kEw="; + sha256 = "sha256-MwtufyJVPWuK7bbX+9Kv6wEi/zq4ftXrfjrMOYpcIfc="; }; propagatedBuildInputs = oa.propagatedBuildInputs or [ ] ++ [ - pynacl + bech32 + cryptography docutils pycryptodome + pynacl wheel ]; @@ -32,11 +44,11 @@ let in python3Packages.buildPythonApplication rec { pname = "onlykey-agent"; - version = "1.1.11"; + version = "1.1.13"; src = python3Packages.fetchPypi { inherit pname version; - sha256 = "sha256-YH/cqQOVy5s6dTp2JwxM3s4xRTXgwhOr00whtHAwZZI="; + sha256 = "sha256-GAb6crtW6rLAbFtdi6fAGCPjXpKFhravguoGjuNcIxc="; }; propagatedBuildInputs = with python3Packages; [ lib-agent onlykey-cli ]; diff --git a/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix b/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix index 934604cae556..4aed6b3235c0 100644 --- a/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/onlykey-cli/default.nix @@ -2,12 +2,12 @@ python3Packages.buildPythonApplication rec { pname = "onlykey-cli"; - version = "1.2.5"; + version = "1.2.9"; src = python3Packages.fetchPypi { inherit version; pname = "onlykey"; - sha256 = "sha256-7Pr1gXaPF5mctGxDciKKj0YDDQVFFi1+t6QztoKqpAA="; + sha256 = "sha256-92CzDZgtmww0eABtjeBo6HNQ00sijWakjXLPJiOXY/A="; }; propagatedBuildInputs = with python3Packages; [ diff --git a/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix b/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix index d5e3cd84fed6..e5febc9d659a 100644 --- a/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix +++ b/nixpkgs/pkgs/tools/security/onlykey/node-packages.nix @@ -1,34 +1,34 @@ -# This file has been generated by node2nix 1.9.0. Do not edit! +# This file has been generated by node2nix 1.11.1. Do not edit! {nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? []}: let sources = { - "@babel/code-frame-7.14.5" = { + "@babel/code-frame-7.16.7" = { name = "_at_babel_slash_code-frame"; packageName = "@babel/code-frame"; - version = "7.14.5"; + version = "7.16.7"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.14.5.tgz"; - sha512 = "9pzDqyc6OLDaqe+zbACgFkb6fKMNG6CObKpnYXChRsvYGyEdc7CA2BaqeOM+vOtCS5ndmJicPJhKAwYRI6UfFw=="; + url = "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.16.7.tgz"; + sha512 = "iAXqUn8IIeBTNd72xsFlgaXHkMBMt6y4HJp1tIaK465CWLT/fG1aqB7ykr95gHHmlBdGbFeWWfyB4NJJ0nmeIg=="; }; }; - "@babel/helper-validator-identifier-7.14.9" = { + "@babel/helper-validator-identifier-7.16.7" = { name = "_at_babel_slash_helper-validator-identifier"; packageName = "@babel/helper-validator-identifier"; - version = "7.14.9"; + version = "7.16.7"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.14.9.tgz"; - sha512 = "pQYxPY0UP6IHISRitNe8bsijHex4TWZXi2HwKVsjPiltzlhse2znVcm9Ace510VT1kxIHjGJCZZQBX2gJDbo0g=="; + url = "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.16.7.tgz"; + sha512 = "hsEnFemeiW4D08A5gUAZxLBTXpZ39P+a+DGDsHw1yxqyQ/jzFEnxf5uTEGp+3bzAbNOxU1paTgYS4ECU/IgfDw=="; }; }; - "@babel/highlight-7.14.5" = { + "@babel/highlight-7.17.12" = { name = "_at_babel_slash_highlight"; packageName = "@babel/highlight"; - version = "7.14.5"; + version = "7.17.12"; src = fetchurl { - url = "https://registry.npmjs.org/@babel/highlight/-/highlight-7.14.5.tgz"; - sha512 = "qf9u2WFWVV0MppaL877j2dBtQIDgmidgjGk5VIMw3OadXvYaXn66U1BFlH2t4+t3i+8PhedppRv+i40ABzd+gg=="; + url = "https://registry.npmjs.org/@babel/highlight/-/highlight-7.17.12.tgz"; + sha512 = "7yykMVF3hfZY2jsHZEEgLc+3x4o1O+fYyULu11GynEUQNwB6lua+IIQn1FiJxNucd5UlyJryrwsOh8PL9Sn8Qg=="; }; }; "@gulp-sourcemaps/identity-map-1.0.2" = { @@ -46,7 +46,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/@gulp-sourcemaps/map-sources/-/map-sources-1.0.0.tgz"; - sha1 = "890ae7c5d8c877f6d384860215ace9d7ec945bda"; + sha512 = "o/EatdaGt8+x2qpb0vFLC/2Gug/xYPRXb6a+ET1wGYKozKN3krDWC/zZFZAtrzxJHuDL12mwdfEFKcKMNvc55A=="; }; }; "@ungap/promise-all-settled-1.1.2" = { @@ -136,7 +136,7 @@ let version = "0.1.1"; src = fetchurl { url = "https://registry.npmjs.org/ansi-gray/-/ansi-gray-0.1.1.tgz"; - sha1 = "2962cf54ec9792c48510a3deb524436861ef7251"; + sha512 = "HrgGIZUl8h2EHuZaU9hTR/cU5nhKxpVE1V6kdGsQ8e4zirElJ5fvtfc8N7Q1oq1aatO275i8pUFUCpNWCAnVWw=="; }; }; "ansi-regex-2.1.1" = { @@ -145,25 +145,25 @@ let version = "2.1.1"; src = fetchurl { url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz"; - sha1 = "c3b33ab5ee360d86e0e628f0468ae7ef27d654df"; + sha512 = "TIGnTpdo+E3+pCyAluZvtED5p5wCqLdezCyhPZzKPcxvFplEt4i+W7OONCKgeZFT3+y5NZZfOOS/Bdcanm1MYA=="; }; }; - "ansi-regex-4.1.0" = { + "ansi-regex-4.1.1" = { name = "ansi-regex"; packageName = "ansi-regex"; - version = "4.1.0"; + version = "4.1.1"; src = fetchurl { - url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz"; - sha512 = "1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg=="; + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz"; + sha512 = "ILlv4k/3f6vfQ4OoP2AGvirOktlQ98ZEL1k9FaQjxa3L1abBgbuTDAdPOpvbGncC0BTVQrl+OM8xZGK6tWXt7g=="; }; }; - "ansi-regex-5.0.0" = { + "ansi-regex-5.0.1" = { name = "ansi-regex"; packageName = "ansi-regex"; - version = "5.0.0"; + version = "5.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz"; - sha512 = "bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg=="; + url = "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz"; + sha512 = "quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ=="; }; }; "ansi-styles-2.2.1" = { @@ -172,7 +172,7 @@ let version = "2.2.1"; src = fetchurl { url = "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz"; - sha1 = "b432dd3358b634cf75e1e4664368240533c1ddbe"; + sha512 = "kmCevFghRiWM7HB5zTPULl4r9bVFSWjz62MhqizDGUrq2NWuNMQyuv4tHHoKJHs69M/MF64lEcHdYIocrdWQYA=="; }; }; "ansi-styles-3.2.1" = { @@ -199,7 +199,7 @@ let version = "0.1.0"; src = fetchurl { url = "https://registry.npmjs.org/ansi-wrap/-/ansi-wrap-0.1.0.tgz"; - sha1 = "a82250ddb0015e9a27ca82e82ea603bbfa45efaf"; + sha512 = "ZyznvL8k/FZeQHr2T6LzcJ/+vBApDnMNZvfVFy3At0knswWd6rJ3/0Hhmpu8oqa6C92npmozs890sX9Dl6q+Qw=="; }; }; "anymatch-1.3.2" = { @@ -235,7 +235,7 @@ let version = "1.0.2"; src = fetchurl { url = "https://registry.npmjs.org/append-buffer/-/append-buffer-1.0.2.tgz"; - sha1 = "d8220cf466081525efea50614f3de6514dfa58f1"; + sha512 = "WLbYiXzD3y/ATLZFufV/rZvWdZOs+Z/+5v1rBZ463Jn398pa6kcde27cvozYnBoxXblGZTFfoPpsaEw0orU5BA=="; }; }; "applescript-1.0.0" = { @@ -244,7 +244,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/applescript/-/applescript-1.0.0.tgz"; - sha1 = "bb87af568cad034a4e48c4bdaf6067a3a2701317"; + sha512 = "yvtNHdWvtbYEiIazXAdp/NY+BBb65/DAseqlNiJQjOx9DynuzOYDbVLBJvuc0ve0VL9x6B3OHF6eH52y9hCBtQ=="; }; }; "archy-1.0.0" = { @@ -253,7 +253,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/archy/-/archy-1.0.0.tgz"; - sha1 = "f9c8c13757cc1dd7bc379ac77b2c62a5c2868c40"; + sha512 = "Xg+9RwCg/0p32teKdGMPTPnVXKD0w3DfHnFTficozsAgsvq2XenPJq/MYpzzQ/v8zrOyJn6Ds39VA4JIDwFfqw=="; }; }; "argparse-1.0.10" = { @@ -280,7 +280,7 @@ let version = "2.0.0"; src = fetchurl { url = "https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz"; - sha1 = "8f3b827f955a8bd669697e4a4256ac3ceae356cf"; + sha512 = "dtXTVMkh6VkEEA7OhXnN1Ecb8aAGFdZ1LFxtOCoqj4qkyOJMt7+qs6Ahdy6p/NQCPYsRSXXivhSB/J5E9jmYKA=="; }; }; "arr-diff-4.0.0" = { @@ -289,7 +289,7 @@ let version = "4.0.0"; src = fetchurl { url = "https://registry.npmjs.org/arr-diff/-/arr-diff-4.0.0.tgz"; - sha1 = "d6461074febfec71e7e15235761a329a5dc7c520"; + sha512 = "YVIQ82gZPGBebQV/a8dar4AitzCQs0jjXwMPZllpXMaGjXPYVUawSxQrRsjhjupyVxEvbHgUmIhKVlND+j02kA=="; }; }; "arr-filter-1.1.2" = { @@ -298,7 +298,7 @@ let version = "1.1.2"; src = fetchurl { url = "https://registry.npmjs.org/arr-filter/-/arr-filter-1.1.2.tgz"; - sha1 = "43fdddd091e8ef11aa4c45d9cdc18e2dff1711ee"; + sha512 = "A2BETWCqhsecSvCkWAeVBFLH6sXEUGASuzkpjL3GR1SlL/PWL6M3J8EAAld2Uubmh39tvkJTqC9LeLHCUKmFXA=="; }; }; "arr-flatten-1.1.0" = { @@ -316,7 +316,7 @@ let version = "2.0.2"; src = fetchurl { url = "https://registry.npmjs.org/arr-map/-/arr-map-2.0.2.tgz"; - sha1 = "3a77345ffc1cf35e2a91825601f9e58f2e24cac4"; + sha512 = "tVqVTHt+Q5Xb09qRkbu+DidW1yYzz5izWS2Xm2yFm7qJnmUfz4HPzNxbHkdRJbz2lrqI7S+z17xNYdFcBBO8Hw=="; }; }; "arr-union-3.1.0" = { @@ -325,7 +325,7 @@ let version = "3.1.0"; src = fetchurl { url = "https://registry.npmjs.org/arr-union/-/arr-union-3.1.0.tgz"; - sha1 = "e39b09aea9def866a8f206e288af63919bae39c4"; + sha512 = "sKpyeERZ02v1FeCZT8lrfJq5u6goHCtpTAzPwJYe7c8SPFOboNjNg1vz2L4VTn9T4PQxEx13TbXLmYUcS6Ug7Q=="; }; }; "array-each-1.0.1" = { @@ -334,7 +334,7 @@ let version = "1.0.1"; src = fetchurl { url = "https://registry.npmjs.org/array-each/-/array-each-1.0.1.tgz"; - sha1 = "a794af0c05ab1752846ee753a1f211a05ba0c44f"; + sha512 = "zHjL5SZa68hkKHBFBK6DJCTtr9sfTCPCaph/L7tMSLcTFgy+zX7E+6q5UArbtOtMBCtxdICpfTCspRse+ywyXA=="; }; }; "array-initial-1.1.0" = { @@ -343,7 +343,7 @@ let version = "1.1.0"; src = fetchurl { url = "https://registry.npmjs.org/array-initial/-/array-initial-1.1.0.tgz"; - sha1 = "2fa74b26739371c3947bd7a7adc73be334b3d795"; + sha512 = "BC4Yl89vneCYfpLrs5JU2aAu9/a+xWbeKhvISg9PT7eWFB9UlRvI+rKEtk6mgxWr3dSkk9gQ8hCrdqt06NXPdw=="; }; }; "array-last-1.3.0" = { @@ -379,7 +379,7 @@ let version = "0.2.1"; src = fetchurl { url = "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz"; - sha1 = "a1d97ccafcbc2625cc70fadceb36a50c58b01a53"; + sha512 = "G2n5bG5fSUCpnsXz4+8FUkYsGPkNfLn9YvS66U5qbTIXI2Ynnlo4Bi42bWv+omKUCqz+ejzfClwne0alJWJPhg=="; }; }; "array-unique-0.3.2" = { @@ -388,16 +388,16 @@ let version = "0.3.2"; src = fetchurl { url = "https://registry.npmjs.org/array-unique/-/array-unique-0.3.2.tgz"; - sha1 = "a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"; + sha512 = "SleRWjh9JUud2wH1hPs9rZBZ33H6T9HOiL0uwGnGx9FpE6wKGyfWugmbkEOIs6qWrZhg0LWeLziLrEwQJhs5mQ=="; }; }; - "asn1-0.2.4" = { + "asn1-0.2.6" = { name = "asn1"; packageName = "asn1"; - version = "0.2.4"; + version = "0.2.6"; src = fetchurl { - url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz"; - sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg=="; + url = "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz"; + sha512 = "ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ=="; }; }; "assert-plus-1.0.0" = { @@ -406,7 +406,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"; - sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"; + sha512 = "NfJ4UzBCcQGLDlQq7nHxH+tv3kyZ0hHQqF5BO6J7tNJeP5do1llPr8dZ8zHonfhAu0PHAdMkSo+8o0wxg9lZWw=="; }; }; "assertion-error-1.1.0" = { @@ -424,7 +424,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/assign-symbols/-/assign-symbols-1.0.0.tgz"; - sha1 = "59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"; + sha512 = "Q+JC7Whu8HhmTdBph/Tq59IoRtoy6KAm5zzPv00WdujX82lbAL8K7WVjne7vdCsAmbF4AYaDOPyO3k0kl8qIrw=="; }; }; "astral-regex-1.0.0" = { @@ -460,7 +460,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/async-settle/-/async-settle-1.0.0.tgz"; - sha1 = "1d0a914bb02575bec8a8f3a74e5080f72b2c0c6b"; + sha512 = "VPXfB4Vk49z1LHHodrEQ6Xf7W4gg1w0dAPROHngx7qgDjqmIQ+fXmwgGXTW/ITLai0YLSvWepJOP9EVpMnEAcw=="; }; }; "asynckit-0.4.0" = { @@ -469,7 +469,7 @@ let version = "0.4.0"; src = fetchurl { url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"; - sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"; + sha512 = "Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q=="; }; }; "atob-2.1.2" = { @@ -496,7 +496,7 @@ let version = "0.7.0"; src = fetchurl { url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz"; - sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; + sha512 = "08kcGqnYf/YmjoRhfxyu+CLxBjUtHLXLXX/vUfx9l2LYzG3c1m61nrpyFUZI6zeS+Li/wWMMidD9KgrqtGq3mA=="; }; }; "aws4-1.11.0" = { @@ -514,7 +514,7 @@ let version = "1.2.0"; src = fetchurl { url = "https://registry.npmjs.org/bach/-/bach-1.2.0.tgz"; - sha1 = "4b3ce96bf27134f79a1b414a51c14e34c3bd9880"; + sha512 = "bZOOfCb3gXBXbTFXq3OZtGR88LwGeJvzu6szttaIzymOTS4ZttBNOWSv7aLZja2EMycKtRYV0Oa8SNKH/zkxvg=="; }; }; "balanced-match-1.0.2" = { @@ -550,7 +550,7 @@ let version = "1.0.2"; src = fetchurl { url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz"; - sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"; + sha512 = "qeFIXtP4MSoi6NLqO12WfqARWWuCKi2Rn/9hJLEmtB5yTNr9DqFWkJRCf2qShWzPeAMRnOgCrq0sg/KLv5ES9w=="; }; }; "binary-0.3.0" = { @@ -559,7 +559,7 @@ let version = "0.3.0"; src = fetchurl { url = "https://registry.npmjs.org/binary/-/binary-0.3.0.tgz"; - sha1 = "9f60553bc5ce8c3386f3b553cff47462adecaa79"; + sha512 = "D4H1y5KYwpJgK8wk1Cue5LLPgmwHKYSChkbspQg5JtVuR5ulGckxfR62H3AE9UDkdMC8yyXlqYihuz3Aqg2XZg=="; }; }; "binary-extensions-1.13.1" = { @@ -613,7 +613,7 @@ let version = "1.8.5"; src = fetchurl { url = "https://registry.npmjs.org/braces/-/braces-1.8.5.tgz"; - sha1 = "ba77962e12dff969d6b76711e914b737857bf6a7"; + sha512 = "xU7bpz2ytJl1bH9cgIurjpg/n8Gohy9GTw81heDYLJQ4RU60dlyJsa+atVF2pI0yMMvKxI9HkKwjePCj5XI1hw=="; }; }; "braces-2.3.2" = { @@ -676,7 +676,7 @@ let version = "0.2.13"; src = fetchurl { url = "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz"; - sha1 = "0d333e3f00eac50aa1454abd30ef8c2a5d9a7242"; + sha512 = "VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ=="; }; }; "buffer-equal-1.0.0" = { @@ -685,7 +685,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/buffer-equal/-/buffer-equal-1.0.0.tgz"; - sha1 = "59616b498304d556abd466966b22eeda3eca5fbe"; + sha512 = "tcBWO2Dl4e7Asr9hTGcpVrCe+F7DubpmqWCTbj4FHLmjqO2hIaC383acQubWtRJhdceqs5uBHs6Es+Sk//RKiQ=="; }; }; "buffer-fill-1.0.0" = { @@ -694,7 +694,7 @@ let version = "1.0.0"; src = fetchurl { url = "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz"; - sha1 = "f8f78b76789888ef39f205cd637f68e702122b2c"; + sha512 = "T7zexNBwiiaCOGDg9xNX9PBmjrubblRkENuptryuI64URkXDFum9il/JGL8Lm8wYfAXpredVXXZz7eMHilimiQ=="; }; }; "buffer-from-1.1.2" = { @@ -706,22 +706,13 @@ let sha512 = "E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="; }; }; - "buffer-to-vinyl-1.1.0" = { - name = "buffer-to-vinyl"; - packageName = "buffer-to-vinyl"; - version = "1.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/buffer-to-vinyl/-/buffer-to-vinyl-1.1.0.tgz"; - sha1 = "00f15faee3ab7a1dda2cde6d9121bffdd07b2262"; - }; - }; "buffers-0.1.1" = { name = "buffers"; packageName = "buffers"; version = "0.1.1"; src = fetchurl { url = "https://registry.npmjs.org/buffers/-/buffers-0.1.1.tgz"; - sha1 = "b24579c3bed4d6d396aeee6d9a8ae7f5482ab7bb"; + sha512 = "9q/rDEGSb/Qsvv2qvzIzdluL5k7AaJOTrw23z9reQthrbF7is4CtlT0DXyO1oei2DCp4uojjzQ7igaSHp1kAEQ=="; }; }; "cache-base-1.0.1" = { @@ -757,7 +748,7 @@ let version = "2.1.1"; src = fetchurl { url = "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz"; - sha1 = "7c1d16d679a1bbe59ca02cacecfb011e201f5a1f"; + sha512 = "DLIsRzJVBQu72meAKPkWQOLcujdXT32hwdfnkI1frSiSRMK1MofjKHf+MEx0SB6fjEFXL8fBDv1dKymBlOp4Qw=="; }; }; "camelcase-3.0.0" = { @@ -766,16 +757,16 @@ let version = "3.0.0"; src = fetchurl { url = "https://registry.npmjs.org/camelcase/-/camelcase-3.0.0.tgz"; - sha1 = "32fc4b9fcdaf845fcdf7e73bb97cac2261f0ab0a"; + sha512 = "4nhGqUkc4BqbBBB4Q6zLuD7lzzrHYrjKGeYaEji/3tFR5VdJu9v+LilhGIVe8wxEJPPOeWo7eg8dwY13TZ1BNg=="; }; }; - "camelcase-6.2.0" = { + "camelcase-6.3.0" = { name = "camelcase"; packageName = "camelcase"; - version = "6.2.0"; + version = "6.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/camelcase/-/camelcase-6.2.0.tgz"; - sha512 = "c7wVvbw3f37nuobQNtgsgG9POC9qMbNuMQmTCqZv23b6MIz0fcYpBiOlv9gEN/hdLdnZTDQhg6e9Dq5M1vKvfg=="; + url = "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz"; + sha512 = "Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA=="; }; }; "capture-stack-trace-1.0.1" = { @@ -793,7 +784,7 @@ let version = "0.12.0"; src = fetchurl { url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz"; - sha1 = "1b681c21ff84033c826543090689420d187151dc"; + sha512 = "4tYFyifaFfGacoiObjJegolkwSU4xQNGbVgUiNYVUxbQ2x2lUsFvY4hVgVzGiIe6WLOPqycWXA40l+PWsxthUw=="; }; }; "caw-2.0.1" = { @@ -805,13 +796,13 @@ let sha512 = "Cg8/ZSBEa8ZVY9HspcGUYaK63d/bN7rqS3CYCzEGUxuYv6UlmcjzDUz2fCFFHyTvUW5Pk0I+3hkA3iXlIj6guA=="; }; }; - "chai-4.3.4" = { + "chai-4.3.6" = { name = "chai"; packageName = "chai"; - version = "4.3.4"; + version = "4.3.6"; src = fetchurl { - url = "https://registry.npmjs.org/chai/-/chai-4.3.4.tgz"; - sha512 = "yS5H68VYOCtN1cjfwumDSuzn/9c+yza4f3reKXlE5rUg7SFcCEy90gJvydNgOYtblyf4Zi6jIWRnXOgErta0KA=="; + url = "https://registry.npmjs.org/chai/-/chai-4.3.6.tgz"; + sha512 = "bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q=="; }; }; "chai-as-promised-7.1.1" = { @@ -829,7 +820,7 @@ let version = "0.1.0"; src = fetchurl { url = "https://registry.npmjs.org/chainsaw/-/chainsaw-0.1.0.tgz"; - sha1 = "5eab50b28afe58074d0d58291388828b5e5fbc98"; + sha512 = "75kWfWt6MEKNC8xYXIdRpDehRYY/tNSgwKaJq+dbbDcxORuVrrQ+SEHoWsniVn9XPYfP4gmdWIeDk/4YNp1rNQ=="; }; }; "chalk-1.1.3" = { @@ -838,7 +829,7 @@ let version = "1.1.3"; src = fetchurl { url = "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz"; - sha1 = "a8115c55e4a702fe4d150abd3872822a7e09fc98"; + sha512 = "U3lRVLMSlsCfjqYPbLyVv11M9CPW4I728d6TCKMAOJueEeB9/8o+eSsMnxPJD+Q+K909sdESg7C+tIkoH6on1A=="; }; }; "chalk-2.4.2" = { @@ -868,22 +859,13 @@ let sha512 = "mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA=="; }; }; - "charm-0.1.2" = { - name = "charm"; - packageName = "charm"; - version = "0.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/charm/-/charm-0.1.2.tgz"; - sha1 = "06c21eed1a1b06aeb67553cdc53e23274bac2296"; - }; - }; "check-error-1.0.2" = { name = "check-error"; packageName = "check-error"; version = "1.0.2"; src = fetchurl { url = "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz"; - sha1 = "574d312edd88bb5dd8912e9286dd6c0aed4aac82"; + sha512 = "BrgHpW9NURQgzoNyjfq0Wu6VFO6D7IZEmJNdtgNqpzGG8RuNFHt2jQxWlAs4HMe119chBnv+34syEZtc6IhLtA=="; }; }; "chokidar-1.7.0" = { @@ -892,7 +874,7 @@ let version = "1.7.0"; src = fetchurl { url = "https://registry.npmjs.org/chokidar/-/chokidar-1.7.0.tgz"; - sha1 = "798e689778151c8076b4b360e5edd28cda2bb468"; + sha512 = "mk8fAWcRUOxY7btlLtitj3A45jOwSAxH4tOFOoEGbVsl6cL6pPMWUy7dwZ/canfj3QEdP6FHSnf/l1c6/WkzVg=="; }; }; "chokidar-2.1.8" = { @@ -958,24 +940,6 @@ let sha512 = "OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ=="; }; }; - "clone-0.2.0" = { - name = "clone"; - packageName = "clone"; - version = "0.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/clone/-/clone-0.2.0.tgz"; - sha1 = "c6126a90ad4f72dbf5acdb243cc37724fe93fc1f"; - }; - }; - "clone-1.0.4" = { - name = "clone"; - packageName = "clone"; - version = "1.0.4"; - src = fetchurl { - url = "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz"; - sha1 = "da309cc263df15994c688ca902179ca3c7cd7c7e"; - }; - }; "clone-2.1.2" = { name = "clone"; packageName = "clone"; @@ -994,15 +958,6 @@ let sha1 = "e3e25b207ac4e701af721e2cb5a16792cac3dc58"; }; }; - "clone-stats-0.0.1" = { - name = "clone-stats"; - packageName = "clone-stats"; - version = "0.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/clone-stats/-/clone-stats-0.0.1.tgz"; - sha1 = "b88f94a82cf38b8791d58046ea4029ad88ca99d1"; - }; - }; "clone-stats-1.0.0" = { name = "clone-stats"; packageName = "clone-stats"; @@ -1183,6 +1138,15 @@ let sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; }; }; + "core-util-is-1.0.3" = { + name = "core-util-is"; + packageName = "core-util-is"; + version = "1.0.3"; + src = fetchurl { + url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz"; + sha512 = "ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="; + }; + }; "create-error-class-3.0.2" = { name = "create-error-class"; packageName = "create-error-class"; @@ -1264,13 +1228,13 @@ let sha512 = "doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ=="; }; }; - "debug-4.3.2" = { + "debug-4.3.4" = { name = "debug"; packageName = "debug"; - version = "4.3.2"; + version = "4.3.4"; src = fetchurl { - url = "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz"; - sha512 = "mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw=="; + url = "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz"; + sha512 = "PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ=="; }; }; "debug-fabulous-1.1.0" = { @@ -1309,15 +1273,6 @@ let sha1 = "eb3913333458775cb84cd1a1fae062106bb87545"; }; }; - "decompress-3.0.0" = { - name = "decompress"; - packageName = "decompress"; - version = "3.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/decompress/-/decompress-3.0.0.tgz"; - sha1 = "af1dd50d06e3bfc432461d37de11b38c0d991bed"; - }; - }; "decompress-4.2.1" = { name = "decompress"; packageName = "decompress"; @@ -1327,15 +1282,6 @@ let sha512 = "e48kc2IjU+2Zw8cTb6VZcJQ3lgVbS4uuB1TfCHbiZIP/haNXm+SVyhu+87jts5/3ROpd82GSVCoNs/z8l4ZOaQ=="; }; }; - "decompress-tar-3.1.0" = { - name = "decompress-tar"; - packageName = "decompress-tar"; - version = "3.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/decompress-tar/-/decompress-tar-3.1.0.tgz"; - sha1 = "217c789f9b94450efaadc5c5e537978fc333c466"; - }; - }; "decompress-tar-4.1.1" = { name = "decompress-tar"; packageName = "decompress-tar"; @@ -1345,15 +1291,6 @@ let sha512 = "JdJMaCrGpB5fESVyxwpCx4Jdj2AagLmv3y58Qy4GE6HMVjWz1FeVQk1Ct4Kye7PftcdOo/7U7UKzYBJgqnGeUQ=="; }; }; - "decompress-tarbz2-3.1.0" = { - name = "decompress-tarbz2"; - packageName = "decompress-tarbz2"; - version = "3.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/decompress-tarbz2/-/decompress-tarbz2-3.1.0.tgz"; - sha1 = "8b23935681355f9f189d87256a0f8bdd96d9666d"; - }; - }; "decompress-tarbz2-4.1.1" = { name = "decompress-tarbz2"; packageName = "decompress-tarbz2"; @@ -1363,15 +1300,6 @@ let sha512 = "s88xLzf1r81ICXLAVQVzaN6ZmX4A6U4z2nMbOwobxkLoIIfjVMBg7TeguTUXkKeXni795B6y5rnvDw7rxhAq9A=="; }; }; - "decompress-targz-3.1.0" = { - name = "decompress-targz"; - packageName = "decompress-targz"; - version = "3.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/decompress-targz/-/decompress-targz-3.1.0.tgz"; - sha1 = "b2c13df98166268991b715d6447f642e9696f5a0"; - }; - }; "decompress-targz-4.1.1" = { name = "decompress-targz"; packageName = "decompress-targz"; @@ -1381,15 +1309,6 @@ let sha512 = "4z81Znfr6chWnRDNfFNqLwPvm4db3WuZkqV+UgXQzSngG3CEKdBkw5jrv3axjjL96glyiiKjsxJG3X6WBZwX3w=="; }; }; - "decompress-unzip-3.4.0" = { - name = "decompress-unzip"; - packageName = "decompress-unzip"; - version = "3.4.0"; - src = fetchurl { - url = "https://registry.npmjs.org/decompress-unzip/-/decompress-unzip-3.4.0.tgz"; - sha1 = "61475b4152066bbe3fee12f9d629d15fe6478eeb"; - }; - }; "decompress-unzip-4.0.1" = { name = "decompress-unzip"; packageName = "decompress-unzip"; @@ -1417,13 +1336,13 @@ let sha512 = "+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw=="; }; }; - "deep-is-0.1.3" = { + "deep-is-0.1.4" = { name = "deep-is"; packageName = "deep-is"; - version = "0.1.3"; + version = "0.1.4"; src = fetchurl { - url = "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz"; - sha1 = "b369d6fb5dbc13eecf524f91b070feedc357cf34"; + url = "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz"; + sha512 = "oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ=="; }; }; "default-compare-1.0.0" = { @@ -1444,13 +1363,13 @@ let sha1 = "bcb82baa72ad79b426a76732f1a81ad6df26d684"; }; }; - "define-properties-1.1.3" = { + "define-properties-1.1.4" = { name = "define-properties"; packageName = "define-properties"; - version = "1.1.3"; + version = "1.1.4"; src = fetchurl { - url = "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz"; - sha512 = "3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ=="; + url = "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz"; + sha512 = "uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA=="; }; }; "define-property-0.2.5" = { @@ -1534,15 +1453,6 @@ let sha1 = "63537f977f99266a30eb8a2a2fbd1f20b8000f7a"; }; }; - "duplexer2-0.1.4" = { - name = "duplexer2"; - packageName = "duplexer2"; - version = "0.1.4"; - src = fetchurl { - url = "https://registry.npmjs.org/duplexer2/-/duplexer2-0.1.4.tgz"; - sha1 = "8b12dab878c0d69e3e7891051662a32fc6bddcc1"; - }; - }; "duplexer3-0.1.4" = { name = "duplexer3"; packageName = "duplexer3"; @@ -1615,13 +1525,13 @@ let sha512 = "7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g=="; }; }; - "es5-ext-0.10.53" = { + "es5-ext-0.10.61" = { name = "es5-ext"; packageName = "es5-ext"; - version = "0.10.53"; + version = "0.10.61"; src = fetchurl { - url = "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.53.tgz"; - sha512 = "Xs2Stw6NiNHWypzRTY1MtaG/uJlwCk8kH81920ma8mvN8Xq1gsfhZvpkImLQArw8AHnv8MT2I45J3c0R8slE+Q=="; + url = "https://registry.npmjs.org/es5-ext/-/es5-ext-0.10.61.tgz"; + sha512 = "yFhIqQAzu2Ca2I4SE2Au3rxVfmohU9Y7wqGR+s7+H7krk26NXhIRAZDgqd6xqjCEFUomDEA3/Bo/7fKmIkW1kA=="; }; }; "es6-iterator-2.0.3" = { @@ -1759,13 +1669,13 @@ let sha512 = "39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw=="; }; }; - "estraverse-5.2.0" = { + "estraverse-5.3.0" = { name = "estraverse"; packageName = "estraverse"; - version = "5.2.0"; + version = "5.3.0"; src = fetchurl { - url = "https://registry.npmjs.org/estraverse/-/estraverse-5.2.0.tgz"; - sha512 = "BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ=="; + url = "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz"; + sha512 = "MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA=="; }; }; "esutils-2.0.3" = { @@ -1822,13 +1732,13 @@ let sha1 = "97e801aa052df02454de46b02bf621642cdc8502"; }; }; - "ext-1.4.0" = { + "ext-1.6.0" = { name = "ext"; packageName = "ext"; - version = "1.4.0"; + version = "1.6.0"; src = fetchurl { - url = "https://registry.npmjs.org/ext/-/ext-1.4.0.tgz"; - sha512 = "Key5NIsUxdqKg3vIsdw9dSuXpPCQ297y6wBjL30edxwPgt2E44WcWBZey/ZvUc6sERLTxKdyCu4gZFmUbk1Q7A=="; + url = "https://registry.npmjs.org/ext/-/ext-1.6.0.tgz"; + sha512 = "sdBImtzkq2HpkdRLtlLWDa6w4DX22ijZLKx8BMPUuKe1c5lbN6xwQDQCxSfxBQnHZ13ls/FH0MQZx/q/gr6FQg=="; }; }; "extend-3.0.2" = { @@ -2110,15 +2020,6 @@ let sha512 = "ZYDqPLGxDkDhDZBjZBb+oD1+j0rA4E0pXY50eplAAOPg2N/gUBSSk5IM1/QhPfyVo19lJ+CvXpqfvk+b2p/8Ng=="; }; }; - "first-chunk-stream-1.0.0" = { - name = "first-chunk-stream"; - packageName = "first-chunk-stream"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/first-chunk-stream/-/first-chunk-stream-1.0.0.tgz"; - sha1 = "59bfb50cd905f60d7c394cd3d9acaab4e6ad934e"; - }; - }; "flagged-respawn-1.0.1" = { name = "flagged-respawn"; packageName = "flagged-respawn"; @@ -2236,13 +2137,13 @@ let sha512 = "YJDaCJZEnBmcbw13fvdAM9AwNOJwOzrE4pqMqBq5nFiEqXUqHwlK4B+3pUw6JNvfSPtX05xFHtYy/1ni01eGCw=="; }; }; - "fs-jetpack-4.1.1" = { + "fs-jetpack-4.3.1" = { name = "fs-jetpack"; packageName = "fs-jetpack"; - version = "4.1.1"; + version = "4.3.1"; src = fetchurl { - url = "https://registry.npmjs.org/fs-jetpack/-/fs-jetpack-4.1.1.tgz"; - sha512 = "BSZ+f6VjrMInpA6neNnUhQNFPPdf3M+I8v8M9dBRrbmExd8GNRbTJIq1tjNh86FQ4a+EoMtPcp1oemwY5ghGBw=="; + url = "https://registry.npmjs.org/fs-jetpack/-/fs-jetpack-4.3.1.tgz"; + sha512 = "dbeOK84F6BiQzk2yqqCVwCPWTxAvVGJ3fMQc6E2wuEohS28mR6yHngbrKuVCK1KHRx/ccByDylqu4H5PCP2urQ=="; }; }; "fs-mkdirp-stream-1.0.0" = { @@ -2344,15 +2245,6 @@ let sha512 = "zmZIaQTWnNQb4R4fJUEp/FC51eZsc6EkErspy3xtIYStaq8EB/hDIWipxsal+E8rz0qD7f2sL/NA9Xee4RInJw=="; }; }; - "get-stdin-4.0.1" = { - name = "get-stdin"; - packageName = "get-stdin"; - version = "4.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz"; - sha1 = "b968c6b0a04384324902e8bf1a5df32579a450fe"; - }; - }; "get-stream-2.3.1" = { name = "get-stream"; packageName = "get-stream"; @@ -2389,15 +2281,6 @@ let sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"; }; }; - "glob-5.0.15" = { - name = "glob"; - packageName = "glob"; - version = "5.0.15"; - src = fetchurl { - url = "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz"; - sha1 = "1bc936b9e02f4a603fcc222ecf7633d30b8b93b1"; - }; - }; "glob-7.1.6" = { name = "glob"; packageName = "glob"; @@ -2407,13 +2290,13 @@ let sha512 = "LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA=="; }; }; - "glob-7.1.7" = { + "glob-7.2.3" = { name = "glob"; packageName = "glob"; - version = "7.1.7"; + version = "7.2.3"; src = fetchurl { - url = "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz"; - sha512 = "OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ=="; + url = "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz"; + sha512 = "nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q=="; }; }; "glob-base-0.3.0" = { @@ -2452,15 +2335,6 @@ let sha512 = "AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow=="; }; }; - "glob-stream-5.3.5" = { - name = "glob-stream"; - packageName = "glob-stream"; - version = "5.3.5"; - src = fetchurl { - url = "https://registry.npmjs.org/glob-stream/-/glob-stream-5.3.5.tgz"; - sha1 = "a55665a9a8ccdc41915a87c701e32d4e016fad22"; - }; - }; "glob-stream-6.1.0" = { name = "glob-stream"; packageName = "glob-stream"; @@ -2524,13 +2398,13 @@ let sha1 = "240cd05785a9a18e561dc1b44b41c763ef1e8db0"; }; }; - "graceful-fs-4.2.8" = { + "graceful-fs-4.2.10" = { name = "graceful-fs"; packageName = "graceful-fs"; - version = "4.2.8"; + version = "4.2.10"; src = fetchurl { - url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.8.tgz"; - sha512 = "qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg=="; + url = "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz"; + sha512 = "9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA=="; }; }; "growl-1.10.5" = { @@ -2560,15 +2434,6 @@ let sha512 = "zzGBl5fHo0EKSXsHzjspp3y5CONegCm8ErO5Qh0UzFzk2y4tMvzLWhoDokADbarfZRL2pGpRp7yt6gfJX4ph7A=="; }; }; - "gulp-sourcemaps-1.6.0" = { - name = "gulp-sourcemaps"; - packageName = "gulp-sourcemaps"; - version = "1.6.0"; - src = fetchurl { - url = "https://registry.npmjs.org/gulp-sourcemaps/-/gulp-sourcemaps-1.6.0.tgz"; - sha1 = "b86ff349d801ceb56e1d9e7dc7bbcb4b7dee600c"; - }; - }; "gulp-sourcemaps-2.6.5" = { name = "gulp-sourcemaps"; packageName = "gulp-sourcemaps"; @@ -2641,6 +2506,15 @@ let sha512 = "EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="; }; }; + "has-property-descriptors-1.0.0" = { + name = "has-property-descriptors"; + packageName = "has-property-descriptors"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz"; + sha512 = "62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ=="; + }; + }; "has-symbol-support-x-1.4.2" = { name = "has-symbol-support-x"; packageName = "has-symbol-support-x"; @@ -2650,13 +2524,13 @@ let sha512 = "3ToOva++HaW+eCpgqZrCfN51IPB+7bJNVT6CUATzueB5Heb8o6Nam0V3HG5dlDvZU1Gn5QLcbahiKw/XVk5JJw=="; }; }; - "has-symbols-1.0.2" = { + "has-symbols-1.0.3" = { name = "has-symbols"; packageName = "has-symbols"; - version = "1.0.2"; + version = "1.0.3"; src = fetchurl { - url = "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.2.tgz"; - sha512 = "chXa79rL/UC2KlX17jo3vRGz0azaWEx5tGqZg5pO3NUyEJVB17dMruQlzCCOfUvElghKcm5194+BCRvi2Rv/Gw=="; + url = "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz"; + sha512 = "l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A=="; }; }; "has-to-string-tag-x-1.4.1" = { @@ -2848,15 +2722,6 @@ let sha1 = "104a8e4aaca6d3d8cd157a8ef8bfab2d7a3ffdb6"; }; }; - "is-absolute-0.1.7" = { - name = "is-absolute"; - packageName = "is-absolute"; - version = "0.1.7"; - src = fetchurl { - url = "https://registry.npmjs.org/is-absolute/-/is-absolute-0.1.7.tgz"; - sha1 = "847491119fccb5fb436217cc737f7faad50f603f"; - }; - }; "is-absolute-1.0.0" = { name = "is-absolute"; packageName = "is-absolute"; @@ -2920,22 +2785,13 @@ let sha512 = "NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w=="; }; }; - "is-bzip2-1.0.0" = { - name = "is-bzip2"; - packageName = "is-bzip2"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/is-bzip2/-/is-bzip2-1.0.0.tgz"; - sha1 = "5ee58eaa5a2e9c80e21407bedf23ae5ac091b3fc"; - }; - }; - "is-core-module-2.6.0" = { + "is-core-module-2.9.0" = { name = "is-core-module"; packageName = "is-core-module"; - version = "2.6.0"; + version = "2.9.0"; src = fetchurl { - url = "https://registry.npmjs.org/is-core-module/-/is-core-module-2.6.0.tgz"; - sha512 = "wShG8vs60jKfPWpF2KZRaAtvt3a20OAn7+IJ6hLPECpSABLcKtFKTTI4ZtH5QcBruBHlq+WsdHWyz0BCZW7svQ=="; + url = "https://registry.npmjs.org/is-core-module/-/is-core-module-2.9.0.tgz"; + sha512 = "+5FPy5PnwmO3lvfMb0AsoPaBG+5KHUI0wYFXOtYPnVVVspTFUuMZNfNaNVRt3FZadstu2c8x23vykRW/NBoU6A=="; }; }; "is-data-descriptor-0.1.4" = { @@ -3073,31 +2929,13 @@ let sha1 = "7ba5ae24217804ac70707b96922567486cc3e84a"; }; }; - "is-glob-4.0.1" = { + "is-glob-4.0.3" = { name = "is-glob"; packageName = "is-glob"; - version = "4.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz"; - sha512 = "5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg=="; - }; - }; - "is-gzip-1.0.0" = { - name = "is-gzip"; - packageName = "is-gzip"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/is-gzip/-/is-gzip-1.0.0.tgz"; - sha1 = "6ca8b07b99c77998025900e555ced8ed80879a83"; - }; - }; - "is-natural-number-2.1.1" = { - name = "is-natural-number"; - packageName = "is-natural-number"; - version = "2.1.1"; + version = "4.0.3"; src = fetchurl { - url = "https://registry.npmjs.org/is-natural-number/-/is-natural-number-2.1.1.tgz"; - sha1 = "7d4c5728377ef386c3e194a9911bf57c6dc335e7"; + url = "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz"; + sha512 = "xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg=="; }; }; "is-natural-number-4.0.1" = { @@ -3226,15 +3064,6 @@ let sha1 = "1d03dded53bd8db0f30c26e4f95d36fc7c87dc24"; }; }; - "is-relative-0.1.3" = { - name = "is-relative"; - packageName = "is-relative"; - version = "0.1.3"; - src = fetchurl { - url = "https://registry.npmjs.org/is-relative/-/is-relative-0.1.3.tgz"; - sha1 = "905fee8ae86f45b3ec614bc3c15c869df0876e82"; - }; - }; "is-relative-1.0.0" = { name = "is-relative"; packageName = "is-relative"; @@ -3262,15 +3091,6 @@ let sha1 = "12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"; }; }; - "is-tar-1.0.0" = { - name = "is-tar"; - packageName = "is-tar"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/is-tar/-/is-tar-1.0.0.tgz"; - sha1 = "2f6b2e1792c1f5bb36519acaa9d65c0d26fe853d"; - }; - }; "is-typedarray-1.0.0" = { name = "is-typedarray"; packageName = "is-typedarray"; @@ -3298,15 +3118,6 @@ let sha1 = "4b0da1442104d1b336340e80797e865cf39f7d72"; }; }; - "is-valid-glob-0.3.0" = { - name = "is-valid-glob"; - packageName = "is-valid-glob"; - version = "0.3.0"; - src = fetchurl { - url = "https://registry.npmjs.org/is-valid-glob/-/is-valid-glob-0.3.0.tgz"; - sha1 = "d4b55c69f51886f9b65c70d6c2622d37e29f48fe"; - }; - }; "is-valid-glob-1.0.0" = { name = "is-valid-glob"; packageName = "is-valid-glob"; @@ -3325,15 +3136,6 @@ let sha512 = "eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA=="; }; }; - "is-zip-1.0.0" = { - name = "is-zip"; - packageName = "is-zip"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/is-zip/-/is-zip-1.0.0.tgz"; - sha1 = "47b0a8ff4d38a76431ccfd99a8e15a4c86ba2325"; - }; - }; "isarray-0.0.1" = { name = "isarray"; packageName = "isarray"; @@ -3397,6 +3199,15 @@ let sha512 = "1P/yWsxPlDtn7QeRD+ULKQPaIaN6yF368GZ2vDfv0AL0NwpStafjWCDDdn0k8wgFMWpVAqG7oJhxHnlud42i9w=="; }; }; + "js-sha256-0.9.0" = { + name = "js-sha256"; + packageName = "js-sha256"; + version = "0.9.0"; + src = fetchurl { + url = "https://registry.npmjs.org/js-sha256/-/js-sha256-0.9.0.tgz"; + sha512 = "sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA=="; + }; + }; "js-tokens-4.0.0" = { name = "js-tokens"; packageName = "js-tokens"; @@ -3442,13 +3253,13 @@ let sha512 = "iK7tAZtpoghibjdB1ncCWykeBMmke3JThUe+rnkD4qkZaglOIQ70Pw7r5UJ4lyUT+7gnw7ehmmLUHDuhqzQD+g=="; }; }; - "json-schema-0.2.3" = { + "json-schema-0.4.0" = { name = "json-schema"; packageName = "json-schema"; - version = "0.2.3"; + version = "0.4.0"; src = fetchurl { - url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"; - sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; + url = "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz"; + sha512 = "es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="; }; }; "json-schema-traverse-0.4.1" = { @@ -3487,22 +3298,22 @@ let sha1 = "8771aae0799b64076b76640fca058f9c10e33ecb"; }; }; - "jsprim-1.4.1" = { + "jsprim-1.4.2" = { name = "jsprim"; packageName = "jsprim"; - version = "1.4.1"; + version = "1.4.2"; src = fetchurl { - url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz"; - sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"; + url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz"; + sha512 = "P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw=="; }; }; - "jszip-3.7.1" = { + "jszip-3.10.0" = { name = "jszip"; packageName = "jszip"; - version = "3.7.1"; + version = "3.10.0"; src = fetchurl { - url = "https://registry.npmjs.org/jszip/-/jszip-3.7.1.tgz"; - sha512 = "ghL0tz1XG9ZEmRMcEN2vt7xabrDdqHHeykgARpmZ0BiIctWxM47Vt63ZO2dnp4QYt/xJVLLy5Zv1l/xRdh2byg=="; + url = "https://registry.npmjs.org/jszip/-/jszip-3.10.0.tgz"; + sha512 = "LDfVtOLtOxb9RXkYOwPyNBTQDL4eUbqahtoY6x07GiDJHwSYvn8sHHIw8wINImV3MqbMNve2gSuM1DDqEKk09Q=="; }; }; "just-debounce-1.1.0" = { @@ -3559,13 +3370,13 @@ let sha1 = "45b96942c17b1c79c772198259ba943bebf8ca5b"; }; }; - "lazystream-1.0.0" = { + "lazystream-1.0.1" = { name = "lazystream"; packageName = "lazystream"; - version = "1.0.0"; + version = "1.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/lazystream/-/lazystream-1.0.0.tgz"; - sha1 = "f6995fe0f820392f61396be89462407bb77168e4"; + url = "https://registry.npmjs.org/lazystream/-/lazystream-1.0.1.tgz"; + sha512 = "b94GiNHQNy6JNTrt5w6zNyffMrNkXZb3KTkCZJb2V1xaEGCk093vkZ2jk3tpaeP33/OiXC+WvK9AxUebnf5nbw=="; }; }; "lcid-1.0.0" = { @@ -3640,15 +3451,6 @@ let sha512 = "v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="; }; }; - "lodash.isequal-4.5.0" = { - name = "lodash.isequal"; - packageName = "lodash.isequal"; - version = "4.5.0"; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz"; - sha1 = "415c4478f2bcc30120c22ce10ed3226f7d3e18e0"; - }; - }; "log-symbols-4.0.0" = { name = "log-symbols"; packageName = "log-symbols"; @@ -3658,6 +3460,15 @@ let sha512 = "FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA=="; }; }; + "loupe-2.3.4" = { + name = "loupe"; + packageName = "loupe"; + version = "2.3.4"; + src = fetchurl { + url = "https://registry.npmjs.org/loupe/-/loupe-2.3.4.tgz"; + sha512 = "OvKfgCC2Ndby6aSTREl5aCCPTNIzlDfQZvZxNUrBrihDhL3xcrYegTblhmEiCrg2kKQz4XsFIaemE5BF4ybSaQ=="; + }; + }; "lowercase-keys-1.0.1" = { name = "lowercase-keys"; packageName = "lowercase-keys"; @@ -3748,15 +3559,6 @@ let sha512 = "VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ=="; }; }; - "merge-stream-1.0.1" = { - name = "merge-stream"; - packageName = "merge-stream"; - version = "1.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/merge-stream/-/merge-stream-1.0.1.tgz"; - sha1 = "4041202d508a342ba00174008df0c251b8c135e1"; - }; - }; "micromatch-2.3.11" = { name = "micromatch"; packageName = "micromatch"; @@ -3775,22 +3577,22 @@ let sha512 = "MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg=="; }; }; - "mime-db-1.49.0" = { + "mime-db-1.52.0" = { name = "mime-db"; packageName = "mime-db"; - version = "1.49.0"; + version = "1.52.0"; src = fetchurl { - url = "https://registry.npmjs.org/mime-db/-/mime-db-1.49.0.tgz"; - sha512 = "CIc8j9URtOVApSFCQIF+VBkX1RwXp/oMMOrqdyXSBXq5RWNEsRfyj1kiRnQgmNXmHxPoFIxOroKA3zcU9P+nAA=="; + url = "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz"; + sha512 = "sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="; }; }; - "mime-types-2.1.32" = { + "mime-types-2.1.35" = { name = "mime-types"; packageName = "mime-types"; - version = "2.1.32"; + version = "2.1.35"; src = fetchurl { - url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.32.tgz"; - sha512 = "hJGaVS4G4c9TSMYh2n6SQAGrC4RnfU+daP8G7cSCmaqNjiOoUY0VHCMS42pxnQmVF1GWwFhbHWn3RIxCqTmZ9A=="; + url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz"; + sha512 = "ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw=="; }; }; "mimic-fn-2.1.0" = { @@ -3811,13 +3613,22 @@ let sha512 = "yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA=="; }; }; - "minimist-1.2.5" = { + "minimatch-3.1.2" = { + name = "minimatch"; + packageName = "minimatch"; + version = "3.1.2"; + src = fetchurl { + url = "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz"; + sha512 = "J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw=="; + }; + }; + "minimist-1.2.6" = { name = "minimist"; packageName = "minimist"; - version = "1.2.5"; + version = "1.2.6"; src = fetchurl { - url = "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz"; - sha512 = "FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw=="; + url = "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz"; + sha512 = "Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q=="; }; }; "mixin-deep-1.3.2" = { @@ -3829,13 +3640,13 @@ let sha512 = "WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA=="; }; }; - "mkdirp-0.5.5" = { + "mkdirp-0.5.6" = { name = "mkdirp"; packageName = "mkdirp"; - version = "0.5.5"; + version = "0.5.6"; src = fetchurl { - url = "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz"; - sha512 = "NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ=="; + url = "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz"; + sha512 = "FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw=="; }; }; "mkpath-0.1.0" = { @@ -3883,15 +3694,6 @@ let sha512 = "6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="; }; }; - "multimeter-0.1.1" = { - name = "multimeter"; - packageName = "multimeter"; - version = "0.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/multimeter/-/multimeter-0.1.1.tgz"; - sha1 = "f856c80fc3cf0f1d4ad8eb36ad68735e3ed5b3ea"; - }; - }; "mute-stdout-1.0.1" = { name = "mute-stdout"; packageName = "mute-stdout"; @@ -3946,15 +3748,6 @@ let sha1 = "4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"; }; }; - "next-tick-1.0.0" = { - name = "next-tick"; - packageName = "next-tick"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/next-tick/-/next-tick-1.0.0.tgz"; - sha1 = "ca86d1fe8828169b0120208e3dc8424b9db8342c"; - }; - }; "next-tick-1.1.0" = { name = "next-tick"; packageName = "next-tick"; @@ -4045,13 +3838,13 @@ let sha1 = "097b602b53422a522c1afb8790318336941a011d"; }; }; - "nw-0.36.4" = { + "nw-0.55.0" = { name = "nw"; packageName = "nw"; - version = "0.36.4"; + version = "0.55.0"; src = fetchurl { - url = "https://registry.npmjs.org/nw/-/nw-0.36.4.tgz"; - sha512 = "/8z60bdfI4AeBAWdZxOtvVpdpxUrwcAm+1PxOAmoLnJyKG0aXQYSsX9fZPNcJvubX9hy9GkqFEEd0rXn4n/Ryg=="; + url = "https://registry.npmjs.org/nw/-/nw-0.55.0.tgz"; + sha512 = "/EYsT55LJraJCZeSCpJoXnftsLtR+8lbhEXABlhye/n+0//F+v9kYsGLbnC+SS3JN7NQksnv/WcnoLVjL1WXcg=="; }; }; "nw-autoupdater-1.1.11" = { @@ -4081,15 +3874,6 @@ let sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="; }; }; - "object-assign-2.1.1" = { - name = "object-assign"; - packageName = "object-assign"; - version = "2.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/object-assign/-/object-assign-2.1.1.tgz"; - sha1 = "43c36e5d569ff8e4816c4efa8be02d26967c18aa"; - }; - }; "object-assign-4.1.1" = { name = "object-assign"; packageName = "object-assign"; @@ -4207,15 +3991,6 @@ let sha512 = "+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA=="; }; }; - "ordered-read-streams-0.3.0" = { - name = "ordered-read-streams"; - packageName = "ordered-read-streams"; - version = "0.3.0"; - src = fetchurl { - url = "https://registry.npmjs.org/ordered-read-streams/-/ordered-read-streams-0.3.0.tgz"; - sha1 = "7137e69b3298bb342247a1bbee3881c80e2fd78b"; - }; - }; "ordered-read-streams-1.0.1" = { name = "ordered-read-streams"; packageName = "ordered-read-streams"; @@ -4441,13 +4216,13 @@ let sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; }; }; - "picomatch-2.3.0" = { + "picomatch-2.3.1" = { name = "picomatch"; packageName = "picomatch"; - version = "2.3.0"; + version = "2.3.1"; src = fetchurl { - url = "https://registry.npmjs.org/picomatch/-/picomatch-2.3.0.tgz"; - sha512 = "lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw=="; + url = "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz"; + sha512 = "JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA=="; }; }; "pify-2.3.0" = { @@ -4603,13 +4378,13 @@ let sha1 = "7e32f75b41381291d04611f1bf14109ac00651d7"; }; }; - "qs-6.5.2" = { + "qs-6.5.3" = { name = "qs"; packageName = "qs"; - version = "6.5.2"; + version = "6.5.3"; src = fetchurl { - url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz"; - sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="; + url = "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz"; + sha512 = "qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA=="; }; }; "randomatic-3.1.1" = { @@ -4630,15 +4405,6 @@ let sha512 = "vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ=="; }; }; - "read-all-stream-3.1.0" = { - name = "read-all-stream"; - packageName = "read-all-stream"; - version = "3.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/read-all-stream/-/read-all-stream-3.1.0.tgz"; - sha1 = "35c3e177f2078ef789ee4bfafa4373074eaef4fa"; - }; - }; "read-pkg-1.1.0" = { name = "read-pkg"; packageName = "read-pkg"; @@ -4657,15 +4423,6 @@ let sha1 = "9d63c13276c065918d57f002a57f40a1b643fb02"; }; }; - "readable-stream-1.0.34" = { - name = "readable-stream"; - packageName = "readable-stream"; - version = "1.0.34"; - src = fetchurl { - url = "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz"; - sha1 = "125820e34bc842d2f2aaafafe4c2916ee32c157c"; - }; - }; "readable-stream-1.1.14" = { name = "readable-stream"; packageName = "readable-stream"; @@ -4783,15 +4540,6 @@ let sha1 = "8dcae470e1c88abc2d600fff4a776286da75e637"; }; }; - "replace-ext-0.0.1" = { - name = "replace-ext"; - packageName = "replace-ext"; - version = "0.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/replace-ext/-/replace-ext-0.0.1.tgz"; - sha1 = "29bbd92078a739f0bcce2b4ee41e837953522924"; - }; - }; "replace-ext-1.0.1" = { name = "replace-ext"; packageName = "replace-ext"; @@ -4837,13 +4585,13 @@ let sha1 = "97f717b69d48784f5f526a6c5aa8ffdda055a4d1"; }; }; - "resolve-1.20.0" = { + "resolve-1.22.0" = { name = "resolve"; packageName = "resolve"; - version = "1.20.0"; + version = "1.22.0"; src = fetchurl { - url = "https://registry.npmjs.org/resolve/-/resolve-1.20.0.tgz"; - sha512 = "wENBPt4ySzg4ybFQW2TT1zMQucPK95HSh/nq2CFTZVOGut2+pQvSsgtda4d26YrYcr067wjbmzOG8byDPBX63A=="; + url = "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz"; + sha512 = "Hhtrw0nLeSrFQ7phPp4OOcVjLPIeMnRlr5mcnVuMe7M/7eBn98A3hmFRLoFo3DLZkivSYwhRUJTyPyWAk56WLw=="; }; }; "resolve-dir-1.0.1" = { @@ -4945,6 +4693,15 @@ let sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; }; }; + "safe-buffer-5.2.1" = { + name = "safe-buffer"; + packageName = "safe-buffer"; + version = "5.2.1"; + src = fetchurl { + url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz"; + sha512 = "rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="; + }; + }; "safe-regex-1.1.0" = { name = "safe-regex"; packageName = "safe-regex"; @@ -5035,15 +4792,6 @@ let sha1 = "045f9782d011ae9a6803ddd382b24392b3d890f7"; }; }; - "set-immediate-shim-1.0.1" = { - name = "set-immediate-shim"; - packageName = "set-immediate-shim"; - version = "1.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz"; - sha1 = "4b2b1b27eb808a9f8dcc481a58e5e56f599f3f61"; - }; - }; "set-value-2.0.1" = { name = "set-value"; packageName = "set-value"; @@ -5053,6 +4801,15 @@ let sha512 = "JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw=="; }; }; + "setimmediate-1.0.5" = { + name = "setimmediate"; + packageName = "setimmediate"; + version = "1.0.5"; + src = fetchurl { + url = "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz"; + sha1 = "290cbb232e306942d7d7ea9b83732ab7856f8285"; + }; + }; "shebang-command-1.2.0" = { name = "shebang-command"; packageName = "shebang-command"; @@ -5071,13 +4828,13 @@ let sha1 = "da42f49740c0b42db2ca9728571cb190c98efea3"; }; }; - "signal-exit-3.0.3" = { + "signal-exit-3.0.7" = { name = "signal-exit"; packageName = "signal-exit"; - version = "3.0.3"; + version = "3.0.7"; src = fetchurl { - url = "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz"; - sha512 = "VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA=="; + url = "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz"; + sha512 = "wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ=="; }; }; "slice-ansi-2.1.0" = { @@ -5188,13 +4945,13 @@ let sha512 = "cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q=="; }; }; - "spdx-license-ids-3.0.10" = { + "spdx-license-ids-3.0.11" = { name = "spdx-license-ids"; packageName = "spdx-license-ids"; - version = "3.0.10"; + version = "3.0.11"; src = fetchurl { - url = "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.10.tgz"; - sha512 = "oie3/+gKf7QtpitB0LYLETe+k8SifzsX4KixvpOsbI6S0kRiRQ5MKOio8eMSAKQ17N06+wdEOXRiId+zOxo0hA=="; + url = "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.11.tgz"; + sha512 = "Ctl2BrFiM0X3MANYgj3CkygxhRmr9mi6xhejbdO960nF6EDJApTYpn0BQnDKlnNBULKiCN1n3w9EBkHK8ZWg+g=="; }; }; "split-string-3.1.0" = { @@ -5215,13 +4972,13 @@ let sha1 = "04e6926f662895354f3dd015203633b857297e2c"; }; }; - "sshpk-1.16.1" = { + "sshpk-1.17.0" = { name = "sshpk"; packageName = "sshpk"; - version = "1.16.1"; + version = "1.17.0"; src = fetchurl { - url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz"; - sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg=="; + url = "https://registry.npmjs.org/sshpk/-/sshpk-1.17.0.tgz"; + sha512 = "/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ=="; }; }; "stack-trace-0.0.10" = { @@ -5233,15 +4990,6 @@ let sha1 = "547c70b347e8d32b4e108ea1a2a159e5fdde19c0"; }; }; - "stat-mode-0.2.2" = { - name = "stat-mode"; - packageName = "stat-mode"; - version = "0.2.2"; - src = fetchurl { - url = "https://registry.npmjs.org/stat-mode/-/stat-mode-0.2.2.tgz"; - sha1 = "e6c80b623123d7d80cf132ce538f346289072502"; - }; - }; "static-extend-0.1.2" = { name = "static-extend"; packageName = "static-extend"; @@ -5251,15 +4999,6 @@ let sha1 = "60809c39cbff55337226fd5e0b520f341f1fb5c6"; }; }; - "stream-combiner2-1.1.1" = { - name = "stream-combiner2"; - packageName = "stream-combiner2"; - version = "1.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/stream-combiner2/-/stream-combiner2-1.1.1.tgz"; - sha1 = "fb4d8a1420ea362764e21ad4780397bebcb41cbe"; - }; - }; "stream-exhaust-1.0.2" = { name = "stream-exhaust"; packageName = "stream-exhaust"; @@ -5296,13 +5035,13 @@ let sha512 = "vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w=="; }; }; - "string-width-4.2.2" = { + "string-width-4.2.3" = { name = "string-width"; packageName = "string-width"; - version = "4.2.2"; + version = "4.2.3"; src = fetchurl { - url = "https://registry.npmjs.org/string-width/-/string-width-4.2.2.tgz"; - sha512 = "XBJbT3N4JhVumXE0eoLU9DCjcaF92KLNqTmFCnG1pf8duUxFGwtP6AD6nkjw9a3IdiRtL3E2w3JDiE/xi3vOeA=="; + url = "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz"; + sha512 = "wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g=="; }; }; "string_decoder-0.10.31" = { @@ -5341,13 +5080,13 @@ let sha512 = "DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA=="; }; }; - "strip-ansi-6.0.0" = { + "strip-ansi-6.0.1" = { name = "strip-ansi"; packageName = "strip-ansi"; - version = "6.0.0"; + version = "6.0.1"; src = fetchurl { - url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz"; - sha512 = "AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w=="; + url = "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz"; + sha512 = "Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A=="; }; }; "strip-bom-2.0.0" = { @@ -5359,15 +5098,6 @@ let sha1 = "6219a85616520491f35788bdbf1447a99c7e6b0e"; }; }; - "strip-bom-stream-1.0.0" = { - name = "strip-bom-stream"; - packageName = "strip-bom-stream"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/strip-bom-stream/-/strip-bom-stream-1.0.0.tgz"; - sha1 = "e7144398577d51a6bed0fa1994fa05f43fd988ee"; - }; - }; "strip-bom-string-1.0.0" = { name = "strip-bom-string"; packageName = "strip-bom-string"; @@ -5377,15 +5107,6 @@ let sha1 = "e5211e9224369fbb81d633a2f00044dc8cedad92"; }; }; - "strip-dirs-1.1.1" = { - name = "strip-dirs"; - packageName = "strip-dirs"; - version = "1.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/strip-dirs/-/strip-dirs-1.1.1.tgz"; - sha1 = "960bbd1287844f3975a4558aa103a8255e2456a0"; - }; - }; "strip-dirs-2.1.0" = { name = "strip-dirs"; packageName = "strip-dirs"; @@ -5413,15 +5134,6 @@ let sha512 = "k55yxKHwaXnpYGsOzg4Vl8+tDrWylxDEpknGjhTiZB8dFRU5rTo9CAzeycivxV3s+zlTKwrs6WxMxR95n26kwg=="; }; }; - "sum-up-1.0.3" = { - name = "sum-up"; - packageName = "sum-up"; - version = "1.0.3"; - src = fetchurl { - url = "https://registry.npmjs.org/sum-up/-/sum-up-1.0.3.tgz"; - sha1 = "1c661f667057f63bcb7875aa1438bc162525156e"; - }; - }; "supports-color-2.0.0" = { name = "supports-color"; packageName = "supports-color"; @@ -5458,6 +5170,15 @@ let sha512 = "MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q=="; }; }; + "supports-preserve-symlinks-flag-1.0.0" = { + name = "supports-preserve-symlinks-flag"; + packageName = "supports-preserve-symlinks-flag"; + version = "1.0.0"; + src = fetchurl { + url = "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz"; + sha512 = "ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w=="; + }; + }; "sver-compat-1.5.0" = { name = "sver-compat"; packageName = "sver-compat"; @@ -5503,15 +5224,6 @@ let sha1 = "0dd4c9ffaabc357960b1b724115d7e0e86a2e1f5"; }; }; - "through2-0.6.5" = { - name = "through2"; - packageName = "through2"; - version = "0.6.5"; - src = fetchurl { - url = "https://registry.npmjs.org/through2/-/through2-0.6.5.tgz"; - sha1 = "41ab9c67b29d57209071410e1d7a7a968cd3ad48"; - }; - }; "through2-2.0.5" = { name = "through2"; packageName = "through2"; @@ -5521,15 +5233,6 @@ let sha512 = "/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ=="; }; }; - "through2-filter-2.0.0" = { - name = "through2-filter"; - packageName = "through2-filter"; - version = "2.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/through2-filter/-/through2-filter-2.0.0.tgz"; - sha1 = "60bc55a0dacb76085db1f9dae99ab43f83d622ec"; - }; - }; "through2-filter-3.0.0" = { name = "through2-filter"; packageName = "through2-filter"; @@ -5584,15 +5287,6 @@ let sha512 = "jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw=="; }; }; - "to-absolute-glob-0.1.1" = { - name = "to-absolute-glob"; - packageName = "to-absolute-glob"; - version = "0.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/to-absolute-glob/-/to-absolute-glob-0.1.1.tgz"; - sha1 = "1cdfa472a9ef50c239ee66999b662ca0eb39937f"; - }; - }; "to-absolute-glob-2.0.2" = { name = "to-absolute-glob"; packageName = "to-absolute-glob"; @@ -5737,13 +5431,13 @@ let sha512 = "+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="; }; }; - "type-2.5.0" = { + "type-2.6.0" = { name = "type"; packageName = "type"; - version = "2.5.0"; + version = "2.6.0"; src = fetchurl { - url = "https://registry.npmjs.org/type/-/type-2.5.0.tgz"; - sha512 = "180WMDQaIMm3+7hGXWf12GtdniDEy7nYcyFMKJn/eZz/6tSLXrUN9V0wKSbMjej0I1WHWbpREDEKHtqPQa9NNw=="; + url = "https://registry.npmjs.org/type/-/type-2.6.0.tgz"; + sha512 = "eiDBDOmkih5pMbo9OqsqPRGMljLodLcwd5XD5JbtNB0o89xZAwynY9EdCDsJU7LtcVCClu9DvM7/0Ep1hYX3EQ=="; }; }; "type-check-0.3.2" = { @@ -5944,15 +5638,6 @@ let sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; }; }; - "uuid-2.0.3" = { - name = "uuid"; - packageName = "uuid"; - version = "2.0.3"; - src = fetchurl { - url = "https://registry.npmjs.org/uuid/-/uuid-2.0.3.tgz"; - sha1 = "67e2e863797215530dff318e5bf9dcebfd47b21a"; - }; - }; "uuid-3.4.0" = { name = "uuid"; packageName = "uuid"; @@ -5980,15 +5665,6 @@ let sha512 = "mH8etigqMfiGWdeXpaaqGfs6BndypxusHHcv2qSHyZkGEznCd/qAXCWWRzeowtL54147cktFOC4P5y+kl8d8Jg=="; }; }; - "vali-date-1.0.0" = { - name = "vali-date"; - packageName = "vali-date"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/vali-date/-/vali-date-1.0.0.tgz"; - sha1 = "1b904a59609fb328ef078138420934f6b86709a6"; - }; - }; "validate-npm-package-license-3.0.4" = { name = "validate-npm-package-license"; packageName = "validate-npm-package-license"; @@ -6016,24 +5692,6 @@ let sha1 = "3a105ca17053af55d6e270c1f8288682e18da400"; }; }; - "vinyl-0.4.6" = { - name = "vinyl"; - packageName = "vinyl"; - version = "0.4.6"; - src = fetchurl { - url = "https://registry.npmjs.org/vinyl/-/vinyl-0.4.6.tgz"; - sha1 = "2f356c87a550a255461f36bbeb2a5ba8bf784847"; - }; - }; - "vinyl-1.2.0" = { - name = "vinyl"; - packageName = "vinyl"; - version = "1.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/vinyl/-/vinyl-1.2.0.tgz"; - sha1 = "5c88036cf565e5df05558bfc911f8656df218884"; - }; - }; "vinyl-2.2.1" = { name = "vinyl"; packageName = "vinyl"; @@ -6043,24 +5701,6 @@ let sha512 = "LII3bXRFBZLlezoG5FfZVcXflZgWP/4dCwKtxd5ky9+LOtM4CS3bIRQsmR1KMnMW07jpE8fqR2lcxPZ+8sJIcw=="; }; }; - "vinyl-assign-1.2.1" = { - name = "vinyl-assign"; - packageName = "vinyl-assign"; - version = "1.2.1"; - src = fetchurl { - url = "https://registry.npmjs.org/vinyl-assign/-/vinyl-assign-1.2.1.tgz"; - sha1 = "4d198891b5515911d771a8cd9c5480a46a074a45"; - }; - }; - "vinyl-fs-2.4.4" = { - name = "vinyl-fs"; - packageName = "vinyl-fs"; - version = "2.4.4"; - src = fetchurl { - url = "https://registry.npmjs.org/vinyl-fs/-/vinyl-fs-2.4.4.tgz"; - sha1 = "be6ff3270cb55dfd7d3063640de81f25d7532239"; - }; - }; "vinyl-fs-3.0.3" = { name = "vinyl-fs"; packageName = "vinyl-fs"; @@ -6316,19 +5956,19 @@ let }; in { - "onlykey-git+https://github.com/trustcrypto/OnlyKey-App.git#v5.3.3" = nodeEnv.buildNodePackage { + "onlykey-git+https://github.com/trustcrypto/OnlyKey-App.git#v5.3.4" = nodeEnv.buildNodePackage { name = "OnlyKey"; packageName = "OnlyKey"; - version = "5.3.3"; + version = "5.3.4"; src = fetchgit { url = "https://github.com/trustcrypto/OnlyKey-App.git"; - rev = "0bd08ef5828d9493cd4c5f4909e9a4fc4c59a494"; - sha256 = "d2386369fd9d9b7d5ea5d389434848c33fa34e26d713d439e8e2f2e447237bb0"; + rev = "da67e5088514c919a3a0a885ed68ca19a904da13"; + sha256 = "9e3f434932483a8709227ce6b51a746f38a647b53ef6b1ee5b85b68855c412a7"; }; dependencies = [ - sources."@babel/code-frame-7.14.5" - sources."@babel/helper-validator-identifier-7.14.9" - (sources."@babel/highlight-7.14.5" // { + sources."@babel/code-frame-7.16.7" + sources."@babel/helper-validator-identifier-7.16.7" + (sources."@babel/highlight-7.17.12" // { dependencies = [ sources."ansi-styles-3.2.1" sources."chalk-2.4.2" @@ -6338,13 +5978,13 @@ in (sources."@gulp-sourcemaps/identity-map-1.0.2" // { dependencies = [ sources."acorn-5.7.4" + sources."normalize-path-2.1.1" sources."source-map-0.6.1" - sources."through2-2.0.5" ]; }) (sources."@gulp-sourcemaps/map-sources-1.0.0" // { dependencies = [ - sources."through2-2.0.5" + sources."normalize-path-2.1.1" ]; }) sources."@ungap/promise-all-settled-1.1.2" @@ -6364,66 +6004,14 @@ in sources."ansi-wrap-0.1.0" (sources."anymatch-2.0.0" // { dependencies = [ - sources."arr-diff-4.0.0" - sources."array-unique-0.3.2" - (sources."braces-2.3.2" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - sources."debug-2.6.9" - (sources."expand-brackets-2.1.4" // { - dependencies = [ - sources."define-property-0.2.5" - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - sources."extend-shallow-3.0.2" - (sources."extglob-2.0.4" // { - dependencies = [ - sources."define-property-1.0.0" - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - (sources."fill-range-4.0.0" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - (sources."is-accessor-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-data-descriptor-0.1.4" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-5.1.0" - ]; - }) - sources."is-extendable-1.0.1" - (sources."is-number-3.0.0" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - sources."isobject-3.0.1" - sources."kind-of-6.0.3" - sources."micromatch-3.1.10" - sources."ms-2.0.0" + sources."normalize-path-2.1.1" ]; }) sources."append-buffer-1.0.2" sources."applescript-1.0.0" sources."archy-1.0.0" sources."argparse-1.0.10" - sources."arr-diff-2.0.0" + sources."arr-diff-4.0.0" sources."arr-filter-1.1.2" sources."arr-flatten-1.1.0" sources."arr-map-2.0.2" @@ -6445,8 +6033,8 @@ in sources."kind-of-5.1.0" ]; }) - sources."array-unique-0.2.1" - sources."asn1-0.2.4" + sources."array-unique-0.3.2" + sources."asn1-0.2.6" sources."assert-plus-1.0.0" sources."assertion-error-1.1.0" sources."assign-symbols-1.0.0" @@ -6464,7 +6052,6 @@ in (sources."base-0.11.2" // { dependencies = [ sources."define-property-1.0.0" - sources."isobject-3.0.1" ]; }) sources."base64-js-1.5.1" @@ -6474,7 +6061,11 @@ in sources."bindings-1.5.0" sources."bl-1.2.3" sources."brace-expansion-1.1.11" - sources."braces-1.8.5" + (sources."braces-2.3.2" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) sources."browser-stdout-1.3.1" sources."buffer-5.7.1" sources."buffer-alloc-1.2.0" @@ -6483,35 +6074,27 @@ in sources."buffer-equal-1.0.0" sources."buffer-fill-1.0.0" sources."buffer-from-1.1.2" - sources."buffer-to-vinyl-1.1.0" sources."buffers-0.1.1" - (sources."cache-base-1.0.1" // { - dependencies = [ - sources."isobject-3.0.1" - ]; - }) + sources."cache-base-1.0.1" sources."call-bind-1.0.2" sources."callsites-3.1.0" sources."camelcase-2.1.1" sources."capture-stack-trace-1.0.1" sources."caseless-0.12.0" sources."caw-2.0.1" - sources."chai-4.3.4" + sources."chai-4.3.6" sources."chai-as-promised-7.1.1" sources."chainsaw-0.1.0" sources."chalk-1.1.3" sources."chardet-0.7.0" - sources."charm-0.1.2" sources."check-error-1.0.2" (sources."chokidar-2.1.8" // { dependencies = [ - sources."array-unique-0.3.2" - sources."braces-2.3.2" - sources."fill-range-4.0.0" - sources."is-glob-4.0.1" - sources."is-number-3.0.0" - sources."isobject-3.0.1" - sources."normalize-path-3.0.0" + (sources."glob-parent-3.1.0" // { + dependencies = [ + sources."is-glob-3.1.0" + ]; + }) ]; }) (sources."class-utils-0.3.6" // { @@ -6528,23 +6111,18 @@ in ]; }) sources."is-descriptor-0.1.6" - sources."isobject-3.0.1" sources."kind-of-5.1.0" ]; }) sources."cli-cursor-3.1.0" sources."cli-width-3.0.0" sources."cliui-3.2.0" - sources."clone-1.0.4" + sources."clone-2.1.2" sources."clone-buffer-1.0.0" - sources."clone-stats-0.0.1" + sources."clone-stats-1.0.0" sources."cloneable-readable-1.1.3" sources."code-point-at-1.1.0" - (sources."collection-map-1.0.0" // { - dependencies = [ - sources."for-own-1.0.0" - ]; - }) + sources."collection-map-1.0.0" sources."collection-visit-1.0.0" sources."color-convert-1.9.3" sources."color-name-1.1.3" @@ -6555,14 +6133,18 @@ in sources."concat-map-0.0.1" sources."concat-stream-1.6.2" sources."config-chain-1.1.13" - sources."convert-source-map-1.8.0" + (sources."convert-source-map-1.8.0" // { + dependencies = [ + sources."safe-buffer-5.1.2" + ]; + }) sources."copy-descriptor-0.1.1" (sources."copy-props-2.0.5" // { dependencies = [ sources."is-plain-object-5.0.0" ]; }) - sources."core-util-is-1.0.2" + sources."core-util-is-1.0.3" sources."create-error-class-3.0.2" sources."cross-spawn-6.0.5" (sources."css-2.2.4" // { @@ -6573,37 +6155,25 @@ in sources."d-1.0.1" sources."dashdash-1.14.1" sources."debounce-1.2.1" - sources."debug-4.3.2" + sources."debug-4.3.4" (sources."debug-fabulous-1.1.0" // { dependencies = [ sources."debug-3.2.7" - sources."object-assign-4.1.1" ]; }) sources."decamelize-1.2.0" sources."decode-uri-component-0.2.0" - sources."decompress-3.0.0" - (sources."decompress-tar-3.1.0" // { - dependencies = [ - sources."clone-0.2.0" - sources."vinyl-0.4.6" - ]; - }) - (sources."decompress-tarbz2-3.1.0" // { - dependencies = [ - sources."clone-0.2.0" - sources."vinyl-0.4.6" - ]; - }) - (sources."decompress-targz-3.1.0" // { + sources."decompress-4.2.1" + sources."decompress-tar-4.1.1" + (sources."decompress-tarbz2-4.1.1" // { dependencies = [ - sources."clone-0.2.0" - sources."vinyl-0.4.6" + sources."file-type-6.2.0" ]; }) - (sources."decompress-unzip-3.4.0" // { + sources."decompress-targz-4.1.1" + (sources."decompress-unzip-4.0.1" // { dependencies = [ - sources."through2-2.0.5" + sources."file-type-3.9.0" ]; }) (sources."decompress-zip-0.3.3" // { @@ -6614,19 +6184,15 @@ in ]; }) sources."deep-eql-3.0.1" - sources."deep-is-0.1.3" + sources."deep-is-0.1.4" (sources."default-compare-1.0.0" // { dependencies = [ sources."kind-of-5.1.0" ]; }) sources."default-resolution-2.0.0" - sources."define-properties-1.1.3" - (sources."define-property-2.0.2" // { - dependencies = [ - sources."isobject-3.0.1" - ]; - }) + sources."define-properties-1.1.4" + sources."define-property-2.0.2" sources."delayed-stream-1.0.0" sources."detect-file-1.0.0" sources."detect-newline-2.1.0" @@ -6634,27 +6200,9 @@ in sources."doctrine-3.0.0" (sources."download-5.0.3" // { dependencies = [ - sources."decompress-4.2.1" - sources."decompress-tar-4.1.1" - (sources."decompress-tarbz2-4.1.1" // { - dependencies = [ - sources."file-type-6.2.0" - ]; - }) - sources."decompress-targz-4.1.1" - (sources."decompress-unzip-4.0.1" // { - dependencies = [ - sources."file-type-3.9.0" - sources."get-stream-2.3.1" - ]; - }) - sources."file-type-5.2.0" - sources."is-natural-number-4.0.1" - sources."object-assign-4.1.1" - sources."strip-dirs-2.1.0" + sources."get-stream-3.0.0" ]; }) - sources."duplexer2-0.1.4" sources."duplexer3-0.1.4" sources."duplexify-3.7.1" sources."each-props-1.3.2" @@ -6662,7 +6210,7 @@ in sources."emoji-regex-8.0.0" sources."end-of-stream-1.4.4" sources."error-ex-1.3.2" - sources."es5-ext-0.10.53" + sources."es5-ext-0.10.61" sources."es6-iterator-2.0.3" sources."es6-symbol-3.1.3" sources."es6-weak-map-2.0.3" @@ -6670,11 +6218,9 @@ in sources."escape-string-regexp-1.0.5" (sources."eslint-6.8.0" // { dependencies = [ - sources."ansi-regex-4.1.0" + sources."ansi-regex-4.1.1" sources."ansi-styles-3.2.1" sources."chalk-2.4.2" - sources."glob-parent-5.1.2" - sources."is-glob-4.0.1" sources."semver-6.3.0" sources."strip-ansi-5.2.0" sources."supports-color-5.5.0" @@ -6687,31 +6233,62 @@ in sources."esprima-4.0.1" (sources."esquery-1.4.0" // { dependencies = [ - sources."estraverse-5.2.0" + sources."estraverse-5.3.0" ]; }) (sources."esrecurse-4.3.0" // { dependencies = [ - sources."estraverse-5.2.0" + sources."estraverse-5.3.0" ]; }) sources."estraverse-4.3.0" sources."esutils-2.0.3" sources."event-emitter-0.3.5" - sources."expand-brackets-0.1.5" - sources."expand-range-1.8.2" + (sources."expand-brackets-2.1.4" // { + dependencies = [ + sources."debug-2.6.9" + sources."define-property-0.2.5" + sources."extend-shallow-2.0.1" + (sources."is-accessor-descriptor-0.1.6" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + (sources."is-data-descriptor-0.1.4" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) + sources."is-descriptor-0.1.6" + sources."kind-of-5.1.0" + sources."ms-2.0.0" + ]; + }) + (sources."expand-range-1.8.2" // { + dependencies = [ + sources."fill-range-2.2.4" + sources."is-number-2.1.0" + sources."isobject-2.1.0" + sources."kind-of-3.2.2" + ]; + }) sources."expand-tilde-2.0.2" - (sources."ext-1.4.0" // { + (sources."ext-1.6.0" // { dependencies = [ - sources."type-2.5.0" + sources."type-2.6.0" ]; }) sources."extend-3.0.2" - sources."extend-shallow-2.0.1" + (sources."extend-shallow-3.0.2" // { + dependencies = [ + sources."is-extendable-1.0.1" + ]; + }) sources."external-editor-3.1.0" - (sources."extglob-0.3.2" // { + (sources."extglob-2.0.4" // { dependencies = [ - sources."is-extglob-1.0.0" + sources."define-property-1.0.0" + sources."extend-shallow-2.0.1" ]; }) sources."extsprintf-1.3.0" @@ -6723,96 +6300,37 @@ in sources."figures-3.2.0" sources."file-entry-cache-5.0.1" sources."file-exists-2.0.0" - sources."file-type-3.9.0" + sources."file-type-5.2.0" sources."file-uri-to-path-1.0.0" sources."filename-regex-2.0.1" sources."filename-reserved-regex-2.0.0" sources."filenamify-2.1.0" - sources."fill-range-2.2.4" - sources."find-up-1.1.2" - (sources."findup-sync-3.0.0" // { + (sources."fill-range-4.0.0" // { dependencies = [ - sources."arr-diff-4.0.0" - sources."array-unique-0.3.2" - (sources."braces-2.3.2" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - sources."debug-2.6.9" - sources."define-property-1.0.0" - (sources."expand-brackets-2.1.4" // { - dependencies = [ - sources."define-property-0.2.5" - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - sources."extend-shallow-3.0.2" - (sources."extglob-2.0.4" // { - dependencies = [ - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - (sources."fill-range-4.0.0" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - (sources."is-accessor-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-data-descriptor-0.1.4" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-5.1.0" - ]; - }) - sources."is-extendable-1.0.1" - sources."is-glob-4.0.1" - (sources."is-number-3.0.0" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - sources."isobject-3.0.1" - sources."kind-of-6.0.3" - sources."micromatch-3.1.10" - sources."ms-2.0.0" + sources."extend-shallow-2.0.1" ]; }) + sources."find-up-1.1.2" + sources."findup-sync-3.0.0" sources."fined-1.2.0" - sources."first-chunk-stream-1.0.0" sources."flagged-respawn-1.0.1" sources."flat-5.0.2" (sources."flat-cache-2.0.1" // { dependencies = [ - sources."glob-7.1.7" sources."rimraf-2.6.3" ]; }) sources."flatted-2.0.2" sources."flush-write-stream-1.1.1" sources."for-in-1.0.2" - sources."for-own-0.1.5" + sources."for-own-1.0.0" sources."forever-agent-0.6.1" sources."form-data-2.3.3" sources."fragment-cache-0.2.1" sources."fs-constants-1.0.0" sources."fs-extra-7.0.1" - sources."fs-jetpack-4.1.1" - (sources."fs-mkdirp-stream-1.0.0" // { - dependencies = [ - sources."through2-2.0.5" - ]; - }) + sources."fs-jetpack-4.3.1" + sources."fs-mkdirp-stream-1.0.0" sources."fs.realpath-1.0.0" sources."fsevents-1.2.13" sources."function-bind-1.1.1" @@ -6821,11 +6339,10 @@ in sources."get-func-name-2.0.0" sources."get-intrinsic-1.1.1" sources."get-proxy-2.1.0" - sources."get-stdin-4.0.1" - sources."get-stream-3.0.0" + sources."get-stream-2.3.1" sources."get-value-2.0.6" sources."getpass-0.1.7" - sources."glob-5.0.15" + sources."glob-7.2.3" (sources."glob-base-0.3.0" // { dependencies = [ sources."glob-parent-2.0.0" @@ -6833,41 +6350,29 @@ in sources."is-glob-2.0.1" ]; }) - sources."glob-parent-3.1.0" - sources."glob-stream-5.3.5" - (sources."glob-watcher-5.0.5" // { + sources."glob-parent-5.1.2" + (sources."glob-stream-6.1.0" // { dependencies = [ - sources."normalize-path-3.0.0" + sources."glob-parent-3.1.0" + sources."is-glob-3.1.0" ]; }) + sources."glob-watcher-5.0.5" sources."global-modules-1.0.0" sources."global-prefix-1.0.2" sources."globals-12.4.0" sources."glogg-1.0.2" - sources."got-6.7.1" - sources."graceful-fs-4.2.8" - sources."growl-1.10.5" - (sources."gulp-4.0.2" // { + (sources."got-6.7.1" // { dependencies = [ - sources."clone-2.1.2" - sources."clone-stats-1.0.0" - sources."glob-7.1.7" - sources."glob-stream-6.1.0" - sources."is-absolute-1.0.0" - sources."is-relative-1.0.0" - sources."is-valid-glob-1.0.0" - sources."ordered-read-streams-1.0.1" - sources."replace-ext-1.0.1" - sources."through2-2.0.5" - sources."to-absolute-glob-2.0.2" - sources."vinyl-2.2.1" - sources."vinyl-fs-3.0.3" + sources."get-stream-3.0.0" ]; }) + sources."graceful-fs-4.2.10" + sources."growl-1.10.5" + sources."gulp-4.0.2" (sources."gulp-cli-2.3.0" // { dependencies = [ sources."camelcase-3.0.0" - sources."isobject-3.0.1" sources."yargs-7.1.2" ]; }) @@ -6875,7 +6380,6 @@ in dependencies = [ sources."acorn-5.7.4" sources."source-map-0.6.1" - sources."through2-2.0.5" ]; }) sources."gulplog-1.0.0" @@ -6884,21 +6388,13 @@ in sources."has-1.0.3" sources."has-ansi-2.0.0" sources."has-flag-3.0.0" + sources."has-property-descriptors-1.0.0" sources."has-symbol-support-x-1.4.2" - sources."has-symbols-1.0.2" + sources."has-symbols-1.0.3" sources."has-to-string-tag-x-1.4.1" - (sources."has-value-1.0.0" // { - dependencies = [ - sources."isobject-3.0.1" - ]; - }) + sources."has-value-1.0.0" (sources."has-values-1.0.0" // { dependencies = [ - (sources."is-number-3.0.0" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) sources."kind-of-4.0.0" ]; }) @@ -6917,92 +6413,77 @@ in sources."ini-1.3.8" (sources."inquirer-7.3.3" // { dependencies = [ - sources."ansi-regex-5.0.0" + sources."ansi-regex-5.0.1" sources."ansi-styles-4.3.0" sources."chalk-4.1.2" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."has-flag-4.0.0" sources."is-fullwidth-code-point-3.0.0" - sources."string-width-4.2.2" - sources."strip-ansi-6.0.0" + sources."string-width-4.2.3" + sources."strip-ansi-6.0.1" sources."supports-color-7.2.0" ]; }) sources."interpret-1.4.0" sources."invert-kv-1.0.0" - sources."is-absolute-0.1.7" - (sources."is-accessor-descriptor-1.0.0" // { - dependencies = [ - sources."kind-of-6.0.3" - ]; - }) + sources."is-absolute-1.0.0" + sources."is-accessor-descriptor-1.0.0" sources."is-arrayish-0.2.1" sources."is-binary-path-1.0.1" sources."is-buffer-1.1.6" - sources."is-bzip2-1.0.0" - sources."is-core-module-2.6.0" - (sources."is-data-descriptor-1.0.0" // { - dependencies = [ - sources."kind-of-6.0.3" - ]; - }) - (sources."is-descriptor-1.0.2" // { - dependencies = [ - sources."kind-of-6.0.3" - ]; - }) + sources."is-core-module-2.9.0" + sources."is-data-descriptor-1.0.0" + sources."is-descriptor-1.0.2" sources."is-dotfile-1.0.3" sources."is-equal-shallow-0.1.3" sources."is-extendable-0.1.1" sources."is-extglob-2.1.1" sources."is-fullwidth-code-point-1.0.0" - sources."is-glob-3.1.0" - sources."is-gzip-1.0.0" - sources."is-natural-number-2.1.1" + sources."is-glob-4.0.3" + sources."is-natural-number-4.0.1" sources."is-negated-glob-1.0.0" - sources."is-number-2.1.0" - sources."is-object-1.0.2" - sources."is-plain-obj-2.1.0" - (sources."is-plain-object-2.0.4" // { + (sources."is-number-3.0.0" // { dependencies = [ - sources."isobject-3.0.1" + sources."kind-of-3.2.2" ]; }) + sources."is-object-1.0.2" + sources."is-plain-obj-2.1.0" + sources."is-plain-object-2.0.4" sources."is-posix-bracket-0.1.1" sources."is-primitive-2.0.0" sources."is-promise-2.2.2" sources."is-redirect-1.0.0" - sources."is-relative-0.1.3" + sources."is-relative-1.0.0" sources."is-retry-allowed-1.2.0" sources."is-stream-1.1.0" - sources."is-tar-1.0.0" sources."is-typedarray-1.0.0" sources."is-unc-path-1.0.0" sources."is-utf8-0.2.1" - sources."is-valid-glob-0.3.0" + sources."is-valid-glob-1.0.0" sources."is-windows-1.0.2" - sources."is-zip-1.0.0" sources."isarray-1.0.0" sources."isexe-2.0.0" - sources."isobject-2.1.0" + sources."isobject-3.0.1" sources."isstream-0.1.2" sources."isurl-1.0.0" + sources."js-sha256-0.9.0" sources."js-tokens-4.0.0" sources."js-yaml-3.14.1" sources."jsbn-0.1.1" sources."json-10.0.0" - sources."json-schema-0.2.3" + sources."json-schema-0.4.0" sources."json-schema-traverse-0.4.1" sources."json-stable-stringify-without-jsonify-1.0.1" sources."json-stringify-safe-5.0.1" sources."jsonfile-4.0.0" - sources."jsprim-1.4.1" - sources."jszip-3.7.1" + sources."jsprim-1.4.2" + sources."jszip-3.10.0" sources."just-debounce-1.1.0" - sources."kind-of-3.2.2" + sources."kind-of-6.0.3" sources."last-run-1.1.1" - sources."lazystream-1.0.0" + sources."lazystream-1.0.1" sources."lcid-1.0.0" sources."lead-1.0.0" sources."levn-0.3.0" @@ -7011,7 +6492,6 @@ in sources."load-json-file-1.1.0" sources."locate-path-6.0.0" sources."lodash-4.17.21" - sources."lodash.isequal-4.5.0" (sources."log-symbols-4.0.0" // { dependencies = [ sources."ansi-styles-4.3.0" @@ -7022,6 +6502,7 @@ in sources."supports-color-7.2.0" ]; }) + sources."loupe-2.3.4" sources."lowercase-keys-1.0.1" sources."lru-queue-0.1.0" (sources."make-dir-1.3.0" // { @@ -7029,96 +6510,30 @@ in sources."pify-3.0.0" ]; }) - (sources."make-iterator-1.0.1" // { - dependencies = [ - sources."kind-of-6.0.3" - ]; - }) + sources."make-iterator-1.0.1" sources."map-cache-0.2.2" sources."map-visit-1.0.0" (sources."matchdep-2.0.0" // { dependencies = [ - sources."arr-diff-4.0.0" - sources."array-unique-0.3.2" - (sources."braces-2.3.2" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - sources."debug-2.6.9" - sources."define-property-1.0.0" - (sources."expand-brackets-2.1.4" // { - dependencies = [ - sources."define-property-0.2.5" - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - sources."extend-shallow-3.0.2" - (sources."extglob-2.0.4" // { - dependencies = [ - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - (sources."fill-range-4.0.0" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) sources."findup-sync-2.0.0" - (sources."is-accessor-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-data-descriptor-0.1.4" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-5.1.0" - ]; - }) - sources."is-extendable-1.0.1" - (sources."is-number-3.0.0" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - sources."isobject-3.0.1" - sources."kind-of-6.0.3" - sources."micromatch-3.1.10" - sources."ms-2.0.0" + sources."is-glob-3.1.0" ]; }) sources."math-random-1.0.4" - (sources."memoizee-0.4.15" // { - dependencies = [ - sources."next-tick-1.1.0" - ]; - }) + sources."memoizee-0.4.15" sources."merge-1.2.1" - sources."merge-stream-1.0.1" - (sources."micromatch-2.3.11" // { - dependencies = [ - sources."is-extglob-1.0.0" - sources."is-glob-2.0.1" - ]; - }) - sources."mime-db-1.49.0" - sources."mime-types-2.1.32" + sources."micromatch-3.1.10" + sources."mime-db-1.52.0" + sources."mime-types-2.1.35" sources."mimic-fn-2.1.0" - sources."minimatch-3.0.4" - sources."minimist-1.2.5" + sources."minimatch-3.1.2" + sources."minimist-1.2.6" (sources."mixin-deep-1.3.2" // { dependencies = [ sources."is-extendable-1.0.1" ]; }) - sources."mkdirp-0.5.5" + sources."mkdirp-0.5.6" sources."mkpath-0.1.0" (sources."mocha-8.4.0" // { dependencies = [ @@ -7138,14 +6553,12 @@ in sources."find-up-5.0.0" sources."fsevents-2.3.2" sources."glob-7.1.6" - sources."glob-parent-5.1.2" sources."has-flag-4.0.0" sources."is-binary-path-2.1.0" - sources."is-glob-4.0.1" sources."is-number-7.0.0" sources."js-yaml-4.0.0" + sources."minimatch-3.0.4" sources."ms-2.1.3" - sources."normalize-path-3.0.0" sources."path-exists-4.0.0" sources."readdirp-3.5.0" sources."supports-color-8.1.1" @@ -7155,26 +6568,17 @@ in ]; }) sources."ms-2.1.2" - sources."multimeter-0.1.1" sources."mute-stdout-1.0.1" sources."mute-stream-0.0.8" sources."nan-2.15.0" sources."nanoid-3.1.20" - (sources."nanomatch-1.2.13" // { - dependencies = [ - sources."arr-diff-4.0.0" - sources."array-unique-0.3.2" - sources."extend-shallow-3.0.2" - sources."is-extendable-1.0.1" - sources."kind-of-6.0.3" - ]; - }) + sources."nanomatch-1.2.13" sources."natural-compare-1.4.0" - sources."next-tick-1.0.0" + sources."next-tick-1.1.0" sources."nice-try-1.0.5" sources."nopt-3.0.6" sources."normalize-package-data-2.5.0" - sources."normalize-path-2.1.1" + sources."normalize-path-3.0.0" sources."now-and-later-2.0.1" (sources."npm-conf-1.1.3" // { dependencies = [ @@ -7182,44 +6586,31 @@ in ]; }) sources."number-is-nan-1.0.1" - (sources."nw-0.36.4" // { + (sources."nw-0.55.0" // { dependencies = [ sources."yargs-3.32.0" ]; }) - (sources."nw-autoupdater-1.1.11" // { - dependencies = [ - sources."decompress-4.2.1" - sources."decompress-tar-4.1.1" - (sources."decompress-tarbz2-4.1.1" // { - dependencies = [ - sources."file-type-6.2.0" - ]; - }) - sources."decompress-targz-4.1.1" - (sources."decompress-unzip-4.0.1" // { - dependencies = [ - sources."file-type-3.9.0" - ]; - }) - sources."file-type-5.2.0" - sources."get-stream-2.3.1" - sources."is-natural-number-4.0.1" - sources."object-assign-4.1.1" - sources."strip-dirs-2.1.0" - ]; - }) + sources."nw-autoupdater-1.1.11" (sources."nw-dev-3.0.1" // { dependencies = [ sources."anymatch-1.3.2" + sources."arr-diff-2.0.0" + sources."array-unique-0.2.1" + sources."braces-1.8.5" sources."chokidar-1.7.0" + sources."expand-brackets-0.1.5" + sources."extglob-0.3.2" sources."glob-parent-2.0.0" sources."is-extglob-1.0.0" sources."is-glob-2.0.1" + sources."kind-of-3.2.2" + sources."micromatch-2.3.11" + sources."normalize-path-2.1.1" ]; }) sources."oauth-sign-0.9.0" - sources."object-assign-2.1.1" + sources."object-assign-4.1.1" (sources."object-copy-0.1.0" // { dependencies = [ sources."define-property-0.2.5" @@ -7230,53 +6621,32 @@ in sources."kind-of-5.1.0" ]; }) + sources."kind-of-3.2.2" ]; }) sources."object-keys-1.1.1" - (sources."object-visit-1.0.1" // { - dependencies = [ - sources."isobject-3.0.1" - ]; - }) + sources."object-visit-1.0.1" sources."object.assign-4.1.2" - (sources."object.defaults-1.1.0" // { + sources."object.defaults-1.1.0" + sources."object.map-1.0.1" + (sources."object.omit-2.0.1" // { dependencies = [ - sources."for-own-1.0.0" - sources."isobject-3.0.1" - ]; - }) - (sources."object.map-1.0.1" // { - dependencies = [ - sources."for-own-1.0.0" - ]; - }) - sources."object.omit-2.0.1" - (sources."object.pick-1.3.0" // { - dependencies = [ - sources."isobject-3.0.1" - ]; - }) - (sources."object.reduce-1.0.1" // { - dependencies = [ - sources."for-own-1.0.0" + sources."for-own-0.1.5" ]; }) + sources."object.pick-1.3.0" + sources."object.reduce-1.0.1" sources."once-1.4.0" sources."onetime-5.1.2" sources."optionator-0.8.3" - sources."ordered-read-streams-0.3.0" + sources."ordered-read-streams-1.0.1" sources."os-locale-1.4.0" sources."os-tmpdir-1.0.2" sources."p-limit-3.1.0" sources."p-locate-5.0.0" sources."pako-1.0.11" sources."parent-module-1.0.1" - (sources."parse-filepath-1.0.2" // { - dependencies = [ - sources."is-absolute-1.0.0" - sources."is-relative-1.0.0" - ]; - }) + sources."parse-filepath-1.0.2" (sources."parse-glob-3.0.4" // { dependencies = [ sources."is-extglob-1.0.0" @@ -7298,7 +6668,7 @@ in sources."pathval-1.1.1" sources."pend-1.2.0" sources."performance-now-2.1.0" - sources."picomatch-2.3.0" + sources."picomatch-2.3.1" sources."pify-2.3.0" sources."pinkie-2.0.4" sources."pinkie-promise-2.0.1" @@ -7315,122 +6685,46 @@ in sources."pumpify-1.5.1" sources."punycode-2.1.1" sources."q-1.5.1" - sources."qs-6.5.2" + sources."qs-6.5.3" (sources."randomatic-3.1.1" // { dependencies = [ sources."is-number-4.0.0" - sources."kind-of-6.0.3" ]; }) sources."randombytes-2.1.0" - sources."read-all-stream-3.1.0" sources."read-pkg-1.1.0" sources."read-pkg-up-1.0.1" - sources."readable-stream-2.3.7" - (sources."readdirp-2.2.1" // { + (sources."readable-stream-2.3.7" // { dependencies = [ - sources."arr-diff-4.0.0" - sources."array-unique-0.3.2" - (sources."braces-2.3.2" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - sources."debug-2.6.9" - sources."define-property-1.0.0" - (sources."expand-brackets-2.1.4" // { - dependencies = [ - sources."define-property-0.2.5" - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - sources."extend-shallow-3.0.2" - (sources."extglob-2.0.4" // { - dependencies = [ - sources."extend-shallow-2.0.1" - sources."is-extendable-0.1.1" - ]; - }) - (sources."fill-range-4.0.0" // { - dependencies = [ - sources."extend-shallow-2.0.1" - ]; - }) - (sources."is-accessor-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-data-descriptor-0.1.4" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - (sources."is-descriptor-0.1.6" // { - dependencies = [ - sources."kind-of-5.1.0" - ]; - }) - sources."is-extendable-1.0.1" - (sources."is-number-3.0.0" // { - dependencies = [ - sources."kind-of-3.2.2" - ]; - }) - sources."isobject-3.0.1" - sources."kind-of-6.0.3" - sources."micromatch-3.1.10" - sources."ms-2.0.0" + sources."safe-buffer-5.1.2" ]; }) + sources."readdirp-2.2.1" sources."rechoir-0.6.2" sources."regex-cache-0.4.4" - (sources."regex-not-1.0.2" // { - dependencies = [ - sources."extend-shallow-3.0.2" - sources."is-extendable-1.0.1" - ]; - }) + sources."regex-not-1.0.2" sources."regexpp-2.0.1" sources."remove-bom-buffer-3.0.0" - (sources."remove-bom-stream-1.2.0" // { - dependencies = [ - sources."through2-2.0.5" - ]; - }) + sources."remove-bom-stream-1.2.0" sources."remove-trailing-separator-1.1.0" sources."repeat-element-1.1.4" sources."repeat-string-1.6.1" - sources."replace-ext-0.0.1" - (sources."replace-homedir-1.0.0" // { - dependencies = [ - sources."is-absolute-1.0.0" - sources."is-relative-1.0.0" - ]; - }) - (sources."request-2.88.2" // { - dependencies = [ - sources."uuid-3.4.0" - ]; - }) + sources."replace-ext-1.0.1" + sources."replace-homedir-1.0.0" + sources."request-2.88.2" sources."require-directory-2.1.1" sources."require-main-filename-1.0.1" - sources."resolve-1.20.0" + sources."resolve-1.22.0" sources."resolve-dir-1.0.1" sources."resolve-from-4.0.0" sources."resolve-options-1.1.0" sources."resolve-url-0.2.1" sources."restore-cursor-3.1.0" sources."ret-0.1.15" - (sources."rimraf-2.7.1" // { - dependencies = [ - sources."glob-7.1.7" - ]; - }) + sources."rimraf-2.7.1" sources."run-async-2.4.1" sources."rxjs-6.6.7" - sources."safe-buffer-5.1.2" + sources."safe-buffer-5.2.1" sources."safe-regex-1.1.0" sources."safer-buffer-2.1.2" sources."sax-1.2.4" @@ -7444,11 +6738,15 @@ in sources."semver-greatest-satisfied-range-1.1.0" sources."serialize-javascript-5.0.1" sources."set-blocking-2.0.0" - sources."set-immediate-shim-1.0.1" - sources."set-value-2.0.1" + (sources."set-value-2.0.1" // { + dependencies = [ + sources."extend-shallow-2.0.1" + ]; + }) + sources."setimmediate-1.0.5" sources."shebang-command-1.2.0" sources."shebang-regex-1.0.0" - sources."signal-exit-3.0.3" + sources."signal-exit-3.0.7" (sources."slice-ansi-2.1.0" // { dependencies = [ sources."ansi-styles-3.2.1" @@ -7459,6 +6757,7 @@ in dependencies = [ sources."debug-2.6.9" sources."define-property-0.2.5" + sources."extend-shallow-2.0.1" (sources."is-accessor-descriptor-0.1.6" // { dependencies = [ sources."kind-of-3.2.2" @@ -7477,10 +6776,13 @@ in (sources."snapdragon-node-2.1.1" // { dependencies = [ sources."define-property-1.0.0" - sources."isobject-3.0.1" ]; }) - sources."snapdragon-util-3.0.1" + (sources."snapdragon-util-3.0.1" // { + dependencies = [ + sources."kind-of-3.2.2" + ]; + }) sources."source-map-0.5.7" sources."source-map-resolve-0.5.3" sources."source-map-url-0.4.1" @@ -7488,17 +6790,11 @@ in sources."spdx-correct-3.1.1" sources."spdx-exceptions-2.3.0" sources."spdx-expression-parse-3.0.1" - sources."spdx-license-ids-3.0.10" - (sources."split-string-3.1.0" // { - dependencies = [ - sources."extend-shallow-3.0.2" - sources."is-extendable-1.0.1" - ]; - }) + sources."spdx-license-ids-3.0.11" + sources."split-string-3.1.0" sources."sprintf-js-1.0.3" - sources."sshpk-1.16.1" + sources."sshpk-1.17.0" sources."stack-trace-0.0.10" - sources."stat-mode-0.2.2" (sources."static-extend-0.1.2" // { dependencies = [ sources."define-property-0.2.5" @@ -7516,24 +6812,26 @@ in sources."kind-of-5.1.0" ]; }) - sources."stream-combiner2-1.1.1" sources."stream-exhaust-1.0.2" sources."stream-shift-1.0.1" sources."string-width-1.0.2" - sources."string_decoder-1.1.1" + (sources."string_decoder-1.1.1" // { + dependencies = [ + sources."safe-buffer-5.1.2" + ]; + }) sources."strip-ansi-3.0.1" sources."strip-bom-2.0.0" - sources."strip-bom-stream-1.0.0" sources."strip-bom-string-1.0.0" - sources."strip-dirs-1.1.1" + sources."strip-dirs-2.1.0" sources."strip-json-comments-3.1.1" sources."strip-outer-1.0.1" - sources."sum-up-1.0.3" sources."supports-color-2.0.0" + sources."supports-preserve-symlinks-flag-1.0.0" sources."sver-compat-1.5.0" (sources."table-5.4.6" // { dependencies = [ - sources."ansi-regex-4.1.0" + sources."ansi-regex-4.1.1" sources."emoji-regex-7.0.3" sources."is-fullwidth-code-point-2.0.0" sources."string-width-3.1.0" @@ -7543,41 +6841,22 @@ in sources."tar-stream-1.6.2" sources."text-table-0.2.0" sources."through-2.3.8" - (sources."through2-0.6.5" // { - dependencies = [ - sources."isarray-0.0.1" - sources."readable-stream-1.0.34" - sources."string_decoder-0.10.31" - ]; - }) - (sources."through2-filter-2.0.0" // { - dependencies = [ - sources."through2-2.0.5" - ]; - }) + sources."through2-2.0.5" + sources."through2-filter-3.0.0" sources."time-stamp-1.1.0" sources."timed-out-4.0.1" sources."timers-ext-0.1.7" sources."tmp-0.0.33" - sources."to-absolute-glob-0.1.1" + sources."to-absolute-glob-2.0.2" sources."to-buffer-1.1.1" - sources."to-object-path-0.3.0" - (sources."to-regex-3.0.2" // { - dependencies = [ - sources."extend-shallow-3.0.2" - sources."is-extendable-1.0.1" - ]; - }) - (sources."to-regex-range-2.1.1" // { + (sources."to-object-path-0.3.0" // { dependencies = [ - sources."is-number-3.0.0" - ]; - }) - (sources."to-through-2.0.0" // { - dependencies = [ - sources."through2-2.0.5" + sources."kind-of-3.2.2" ]; }) + sources."to-regex-3.0.2" + sources."to-regex-range-2.1.1" + sources."to-through-2.0.0" (sources."touch-0.0.3" // { dependencies = [ sources."nopt-1.0.10" @@ -7604,12 +6883,7 @@ in }) sources."undertaker-registry-1.0.1" sources."union-value-1.0.1" - (sources."unique-stream-2.3.1" // { - dependencies = [ - sources."through2-2.0.5" - sources."through2-filter-3.0.0" - ]; - }) + sources."unique-stream-2.3.1" sources."universalify-0.1.2" (sources."unset-value-1.0.0" // { dependencies = [ @@ -7619,7 +6893,6 @@ in ]; }) sources."has-values-0.1.4" - sources."isobject-3.0.1" ]; }) sources."untildify-3.0.3" @@ -7631,32 +6904,21 @@ in sources."url-to-options-1.0.1" sources."use-3.1.1" sources."util-deprecate-1.0.2" - sources."uuid-2.0.3" + sources."uuid-3.4.0" sources."v8-compile-cache-2.3.0" sources."v8flags-3.2.0" - sources."vali-date-1.0.0" sources."validate-npm-package-license-3.0.4" sources."value-or-function-3.0.0" - sources."verror-1.10.0" - sources."vinyl-1.2.0" - (sources."vinyl-assign-1.2.1" // { - dependencies = [ - sources."object-assign-4.1.1" - ]; - }) - (sources."vinyl-fs-2.4.4" // { + (sources."verror-1.10.0" // { dependencies = [ - sources."gulp-sourcemaps-1.6.0" - sources."object-assign-4.1.1" - sources."through2-2.0.5" + sources."core-util-is-1.0.2" ]; }) + sources."vinyl-2.2.1" + sources."vinyl-fs-3.0.3" (sources."vinyl-sourcemap-1.1.0" // { dependencies = [ - sources."clone-2.1.2" - sources."clone-stats-1.0.0" - sources."replace-ext-1.0.1" - sources."vinyl-2.2.1" + sources."normalize-path-2.1.1" ]; }) sources."which-1.3.1" @@ -7675,15 +6937,15 @@ in sources."y18n-3.2.2" (sources."yargs-16.2.0" // { dependencies = [ - sources."ansi-regex-5.0.0" + sources."ansi-regex-5.0.1" sources."ansi-styles-4.3.0" sources."cliui-7.0.4" sources."color-convert-2.0.1" sources."color-name-1.1.4" sources."get-caller-file-2.0.5" sources."is-fullwidth-code-point-3.0.0" - sources."string-width-4.2.2" - sources."strip-ansi-6.0.0" + sources."string-width-4.2.3" + sources."strip-ansi-6.0.1" sources."wrap-ansi-7.0.0" sources."y18n-5.0.8" sources."yargs-parser-20.2.9" @@ -7696,7 +6958,7 @@ in }) (sources."yargs-unparser-2.0.0" // { dependencies = [ - sources."camelcase-6.2.0" + sources."camelcase-6.3.0" sources."decamelize-4.0.0" ]; }) diff --git a/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix b/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix index f9a1999f36d7..a038d882e7fe 100644 --- a/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix +++ b/nixpkgs/pkgs/tools/security/onlykey/onlykey.nix @@ -1,4 +1,4 @@ -# This file has been generated by node2nix 1.9.0. Do not edit! +# This file has been generated by node2nix 1.11.1. Do not edit! {pkgs ? import <nixpkgs> { inherit system; diff --git a/nixpkgs/pkgs/tools/security/onlykey/package.json b/nixpkgs/pkgs/tools/security/onlykey/package.json index 06fa903f6a55..da48ed4218ad 100644 --- a/nixpkgs/pkgs/tools/security/onlykey/package.json +++ b/nixpkgs/pkgs/tools/security/onlykey/package.json @@ -1,3 +1,3 @@ [ - {"onlykey": "git+https://github.com/trustcrypto/OnlyKey-App.git#v5.3.3"} + {"onlykey": "git+https://github.com/trustcrypto/OnlyKey-App.git#v5.3.4"} ] diff --git a/nixpkgs/pkgs/tools/security/open-ecard/default.nix b/nixpkgs/pkgs/tools/security/open-ecard/default.nix index e7e21aec7c8e..e8afdf6bf8c0 100644 --- a/nixpkgs/pkgs/tools/security/open-ecard/default.nix +++ b/nixpkgs/pkgs/tools/security/open-ecard/default.nix @@ -56,6 +56,7 @@ in stdenv.mkDerivation rec { description = "Client side implementation of the eCard-API-Framework (BSI TR-03112) and related international standards, such as ISO/IEC 24727"; homepage = "https://www.openecard.org/"; + sourceProvenance = with sourceTypes; [ binaryBytecode ]; license = licenses.gpl3; maintainers = with maintainers; [ sephalon ]; platforms = platforms.linux; diff --git a/nixpkgs/pkgs/tools/security/opencryptoki/default.nix b/nixpkgs/pkgs/tools/security/opencryptoki/default.nix index 0825708f71fd..140f032a5fde 100644 --- a/nixpkgs/pkgs/tools/security/opencryptoki/default.nix +++ b/nixpkgs/pkgs/tools/security/opencryptoki/default.nix @@ -35,7 +35,7 @@ stdenv.mkDerivation rec { description = "PKCS#11 implementation for Linux"; homepage = "https://github.com/opencryptoki/opencryptoki"; license = licenses.cpl10; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix b/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix new file mode 100644 index 000000000000..572c862b7f1f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix @@ -0,0 +1,40 @@ +{ lib +, stdenv +, rustPlatform +, fetchCrate +, pkg-config +, pcsclite +, nettle +, PCSC +, testers +, openpgp-card-tools +}: + +rustPlatform.buildRustPackage rec { + pname = "openpgp-card-tools"; + version = "0.0.12"; + + src = fetchCrate { + inherit pname version; + sha256 = "sha256-3OKOMe7Uj+8qpzfu0DzqwIGa/QJ0YoKczPN9W8HXJZU="; + }; + + cargoHash = "sha256-gq17BXorXrlJx4zlvLuOT8XGUCqZXFDSxgs/Fv9dChk="; + + nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ]; + buildInputs = [ pcsclite nettle ] ++ lib.optionals stdenv.isDarwin [ PCSC ]; + + passthru = { + tests.version = testers.testVersion { + package = openpgp-card-tools; + }; + }; + + meta = with lib; { + description = "CLI tools for OpenPGP cards"; + homepage = "https://gitlab.com/openpgp-card/openpgp-card"; + license = licenses.asl20; + maintainers = with maintainers; [ nickcao ]; + mainProgram = "opgpcard"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ossec/default.nix b/nixpkgs/pkgs/tools/security/ossec/default.nix index b86cb57bbde0..3c43c51c103a 100644 --- a/nixpkgs/pkgs/tools/security/ossec/default.nix +++ b/nixpkgs/pkgs/tools/security/ossec/default.nix @@ -13,6 +13,12 @@ stdenv.mkDerivation rec { patches = [ ./no-root.patch ]; + # Workaround build failure on -fno-common toolchains like upstream + # gcc-10. Otherwise build fails as: + # ld: src/common/mgmt/pint-worker-external.po:(.data.rel.local+0x0): multiple definition of + # `PINT_worker_external_impl'; src/common/mgmt/pint-mgmt.po:(.bss+0x20): first defined here + NIX_CFLAGS_COMPILE = "-fcommon"; + buildPhase = '' echo "en diff --git a/nixpkgs/pkgs/tools/security/osv-detector/default.nix b/nixpkgs/pkgs/tools/security/osv-detector/default.nix new file mode 100644 index 000000000000..63d4e07a7b56 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/osv-detector/default.nix @@ -0,0 +1,40 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, osv-detector +, testers +}: + +buildGoModule rec { + pname = "osv-detector"; + version = "0.6.0"; + + src = fetchFromGitHub { + owner = "G-Rath"; + repo = pname; + rev = "v${version}"; + hash = "sha256-Y/9q4ZJ4vxDitqrM4hGe49iqLYk4ebhTs4jrD7P8fdw="; + }; + + vendorSha256 = "sha256-KAxpDQIRrLZIOvfW8wf0CV4Fj6l3W6nNZNCH3ZE6yJc="; + + ldflags = [ + "-w" + "-s" + "-X main.version=${version}" + ]; + + passthru.tests.version = testers.testVersion { + package = osv-detector; + command = "osv-detector -version"; + version = "osv-detector ${version} (unknown, commit none)"; + }; + + meta = with lib; { + description = "Auditing tool for detecting vulnerabilities"; + homepage = "https://github.com/G-Rath/osv-detector"; + changelog = "https://github.com/G-Rath/osv-detector/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/otpauth/default.nix b/nixpkgs/pkgs/tools/security/otpauth/default.nix index e4c42a83f045..1d93647ed493 100644 --- a/nixpkgs/pkgs/tools/security/otpauth/default.nix +++ b/nixpkgs/pkgs/tools/security/otpauth/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "otpauth"; - version = "0.4.2"; + version = "0.4.3"; src = fetchFromGitHub { owner = "dim13"; repo = "otpauth"; rev = "v${version}"; - sha256 = "sha256-qSu0kGRi1es9OciN1s9Eh1Z3JkxbcKO8W5cAC7c7n0k="; + sha256 = "sha256-x5/OVUxuNjK05D8n1l5F6qT/wmrBYnOSEoSL0c0fsqc="; }; - vendorSha256 = "sha256-TU5crhmQAhSfURdfPe/xaa3RgGyc+UFn2E+jJ0flNsg="; + vendorSha256 = "sha256-jnIq7Zc2MauJReJ9a8TeqXXsvHixsBB+znmXAxcpqUQ="; doCheck = true; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/padbuster/default.nix b/nixpkgs/pkgs/tools/security/padbuster/default.nix new file mode 100644 index 000000000000..de71010ccba5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/padbuster/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub, perl }: + +stdenv.mkDerivation rec { + pname = "padbuster"; + version = "0.3.3"; + + src = fetchFromGitHub { + owner = "AonCyberLabs"; + repo = pname; + rev = "50e4a3e2bf5dfff5699440b3ebc61ed1b5c49bbe"; + sha256 = "VIvZ28MVnTSQru6l8flLVVqIIpxxXD8lCqzH81sPe/U="; + }; + + buildInputs = [ + (perl.withPackages (ps: with ps; [ LWP LWPProtocolHttps CryptSSLeay ])) + ]; + + installPhase = '' + runHook preInstall + + install -Dm755 padBuster.pl $out/bin/padBuster.pl + + runHook postInstall + ''; + + meta = with lib; { + description = "Automated script for performing Padding Oracle attacks"; + homepage = "https://www.gdssecurity.com/l/t.php"; + mainProgram = "padBuster.pl"; + maintainers = with maintainers; [ emilytrau ]; + license = licenses.asl20; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/parsero/default.nix b/nixpkgs/pkgs/tools/security/parsero/default.nix new file mode 100644 index 000000000000..a8cd9c39eb13 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/parsero/default.nix @@ -0,0 +1,28 @@ +{ lib, python3Packages, fetchFromGitHub }: + +python3Packages.buildPythonApplication rec { + pname = "parsero"; + version = "0.81"; + + src = fetchFromGitHub { + owner = "behindthefirewalls"; + repo = pname; + rev = "e5b585a19b79426975a825cafa4cc8a353cd267e"; + sha256 = "rqupeJxslL3AfQ+CzBWRb4ZS32VoYd8hlA+eACMKGPY="; + }; + + propagatedBuildInputs = with python3Packages; [ + beautifulsoup4 + urllib3 + ]; + + # Project has no tests + doCheck = false; + + meta = with lib; { + description = "Robots.txt audit tool"; + homepage = "https://github.com/behindthefirewalls/Parsero"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ emilytrau fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pass/default.nix b/nixpkgs/pkgs/tools/security/pass/default.nix index 7468b5dcc8d3..7d214f1649a3 100644 --- a/nixpkgs/pkgs/tools/security/pass/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/default.nix @@ -1,6 +1,6 @@ { stdenv, lib, pkgs, fetchurl, buildEnv , coreutils, findutils, gnugrep, gnused, getopt, git, tree, gnupg, openssl -, which, procps , qrencode , makeWrapper, pass, symlinkJoin +, which, openssh, procps, qrencode, makeWrapper, pass, symlinkJoin , xclip ? null, xdotool ? null, dmenu ? null , x11Support ? !stdenv.isDarwin , dmenuSupport ? (x11Support || waylandSupport) @@ -91,8 +91,9 @@ stdenv.mkDerivation rec { gnused tree which - qrencode + openssh procps + qrencode ] ++ optional stdenv.isDarwin openssl ++ optional x11Support xclip ++ optional waylandSupport wl-clipboard diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix index 60775be180c8..d543ef9b2575 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -18,12 +18,20 @@ python3Packages.buildPythonApplication rec { sha256 = "0hrpg7yiv50xmbajfy0zdilsyhbj5iv0qnlrgkfv99q1dvd5qy56"; }; + patches = [ + (fetchpatch { + name = "support-for-pykeepass-4.0.3.patch"; + url = "https://github.com/roddhjav/pass-import/commit/f1b167578916d971ee4f99be99ba0e86ef49015e.patch"; + hash = "sha256-u6bJbV3/QTfRaPauKSyCWNodpy6CKsreMXUZWKRbee0="; + }) + ]; + propagatedBuildInputs = with python3Packages; [ cryptography defusedxml pyaml pykeepass - python_magic # similar API to "file-magic", but already in nixpkgs. + python-magic # similar API to "file-magic", but already in nixpkgs. secretstorage ]; diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix index 8d9b350543dc..15f075ccec40 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/otp.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, oathToolkit }: +{ lib, stdenv, fetchFromGitHub, oath-toolkit }: stdenv.mkDerivation rec { pname = "pass-otp"; @@ -11,12 +11,12 @@ stdenv.mkDerivation rec { sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v"; }; - buildInputs = [ oathToolkit ]; + buildInputs = [ oath-toolkit ]; dontBuild = true; patchPhase = '' - sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash + sed -i -e 's|OATH=\$(which oathtool)|OATH=${oath-toolkit}/bin/oathtool|' otp.bash ''; installFlags = [ "PREFIX=$(out)" diff --git a/nixpkgs/pkgs/tools/security/passage/default.nix b/nixpkgs/pkgs/tools/security/passage/default.nix new file mode 100644 index 000000000000..033b5e2028d1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/passage/default.nix @@ -0,0 +1,44 @@ +{ lib, stdenv, fetchFromGitHub, makeBinaryWrapper, bash, age, git ? null +, xclip ? null }: + +stdenv.mkDerivation { + pname = "passage"; + version = "unstable-2022-05-01"; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = "passage"; + rev = "1262d308f09db9b243513a428ab4b8fb1c30d31d"; + sha256 = "1val8wl9kzlxj4i1rrh2iiyf97w9akffvr0idvbkdb09hfzz4lz8"; + }; + + nativeBuildInputs = [ makeBinaryWrapper ]; + + extraPath = lib.makeBinPath [ age git xclip ]; + + # Using $0 is bad, it causes --help to mention ".passage-wrapped". + postInstall = '' + substituteInPlace $out/bin/passage --replace 'PROGRAM="''${0##*/}"' 'PROGRAM=passage' + wrapProgram $out/bin/passage --prefix PATH : $extraPath --argv0 $pname + ''; + + installFlags = [ "PREFIX=$(out)" "WITH_ALLCOMP=yes" ]; + + meta = with lib; { + description = "Stores, retrieves, generates, and synchronizes passwords securely"; + homepage = "https://github.com/FiloSottile/passage"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ kaction ]; + platforms = platforms.unix; + + longDescription = '' + passage is a fork of password-store (https://www.passwordstore.org) that uses + age (https://age-encryption.org) as a backend instead of GnuPG. + + It keeps passwords inside age(1) encrypted files inside a simple + directory tree and provides a series of commands for manipulating the + password store, allowing the user to add, remove, edit and synchronize + passwords. + ''; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pbis/default.nix b/nixpkgs/pkgs/tools/security/pbis/default.nix deleted file mode 100644 index acd1fc5607bc..000000000000 --- a/nixpkgs/pkgs/tools/security/pbis/default.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, perl, flex, bison, curl, - pam, popt, libiconv, libuuid, openssl_1_0_2, cyrus_sasl, sqlite, tdb, libxml2 }: - -stdenv.mkDerivation rec { - pname = "pbis-open"; - version = "9.1.0"; - - src = fetchFromGitHub { - owner = "BeyondTrust"; - repo = pname; - rev = version; - sha256 = "081jm34sf488nwz5wzs55d6rxx3sv566x6p4h1yqcjaw36174m8v"; - }; - - nativeBuildInputs = [ - autoconf automake libtool perl flex bison - ]; - - # curl must be placed after openssl_1_0_2, because it pulls openssl 1.1 dependency. - buildInputs = [ - pam popt libiconv libuuid openssl_1_0_2 cyrus_sasl - curl sqlite popt tdb libxml2 - ]; - - postPatch = '' - patchShebangs . - sed -i -e 's/legacy//g' lwupgrade/MakeKitBuild # disable /opt/ symlinks - sed -i -e 's/tdb.h//g' samba-interop/MakeKitBuild #include <tdb.h> fails but it won't affect the build - ''; - preConfigure = '' - mkdir release - cd release - if [ $CC = gcc ]; then - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -Wno-error=format-overflow -Wno-error=address-of-packed-member" - fi - NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -isystem ${lib.getDev libxml2}/include/libxml2 -Wno-error=array-bounds -Wno-error=pointer-sign -Wno-error=deprecated-declarations -Wno-error=unused-variable" - ''; - configureScript = "../configure"; - configureFlags = [ - "CFLAGS=-O" - "--docdir=${placeholder "prefix"}/share/doc" - "--mandir=${placeholder "prefix"}/share/doc/man" - "--datadir=${placeholder "prefix"}/share" - "--lw-initdir=${placeholder "prefix"}/etc/init.d" - "--selinux=no" # NixOS does not support SELinux - "--build-isas=x86_64" # [lwbase] endianness (host/x86_32): [lwbase] ERROR: could not determine endianness - "--fail-on-warn=no" - # "--debug=yes" - ]; # ^ See https://github.com/BeyondTrust/pbis-open/issues/124 - configureFlagsArray = [ "--lw-bundled-libs=linenoise-mob tomlc99 opensoap krb5 cyrus-sasl curl openldap ${ if libuuid == null then "libuuid" else "" }" ]; - # ^ it depends on old krb5 version 1.9 (issue #228) - # linenoise-mod, tomlc99, opensoap is not in nixpkgs. - # krb5 must be old one, and cyrus-sasl and openldap have dependency to newer libkrb5 that cause runtime error - enableParallelBuilding = true; - makeFlags = "SHELL="; - hardeningDisable = [ "format" ]; # -Werror=format-security - installPhase = '' - mkdir $sys - mv stage/{lib,var} $sys - mv stage$out $out - ''; - outputs = [ "out" "sys" ]; - - meta = with lib; { - description = "BeyondTrust AD Bridge Open simplifies the process of joining non-Microsoft hosts to Active Directory domains"; - homepage = "https://github.com/BeyondTrust/pbis-open"; - license = with licenses; [ gpl2 lgpl21 ]; - platforms = [ "x86_64-linux" ]; - }; -} diff --git a/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix b/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix index 3610343fc273..68006a40da8d 100644 --- a/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsc-safenet/default.nix @@ -69,7 +69,7 @@ stdenv.mkDerivation rec { ln -sf libAksIfdh.so.10.0 libAksIfdh.so ln -sf libAksIfdh.so.10.0 libAksIfdh.so.10 - ln -sf ${openssl.out}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 + ln -sf ${lib.getLib openssl}/lib/libcrypto.so $out/lib/libcrypto.so.1.0.0 ''; dontAutoPatchelf = true; @@ -90,6 +90,7 @@ stdenv.mkDerivation rec { homepage = "https://safenet.gemalto.com/multi-factor-authentication/security-applications/authentication-client-token-management"; description = "Safenet Authentication Client"; platforms = [ "x86_64-linux" ]; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.unfree; maintainers = with maintainers; [ wldhx ]; }; diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix index aa1580e24598..af3a95f0a2aa 100644 --- a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -41,6 +41,7 @@ stdenv.mkDerivation rec { description = "SCM Microsystems SCL011 chipcard reader user space driver"; homepage = "https://www.scm-pc-card.de/index.php?lang=en&page=product&function=show_product&product_id=630"; downloadPage = "https://support.identiv.com/scl010-scl011/"; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; license = licenses.unfreeRedistributable; maintainers = with maintainers; [ sephalon ]; platforms = platforms.linux; diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix index db3ddd167a60..e5f26bca5612 100644 --- a/nixpkgs/pkgs/tools/security/pcsclite/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -8,7 +8,7 @@ , python3 , dbus , polkit -, systemd +, systemdMinimal , IOKit }: @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; - sha256 = "sha256:024x0hadn0kc0m9yz3l2pqzc5mdqyza9lmckg0bn4xak6frzkqwy"; + hash = "sha256-nuP5szNTdWIXeJNVmtT3uNXCPr6Cju9TBWwC2xQEnQg="; }; patches = [ ./no-dropdir-literals.patch ]; @@ -59,7 +59,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config perl ]; buildInputs = [ python3 ] - ++ lib.optionals stdenv.isLinux [ dbus polkit systemd ] + ++ lib.optionals stdenv.isLinux [ dbus polkit systemdMinimal ] ++ lib.optionals stdenv.isDarwin [ IOKit ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix index 7e8c87f6e82c..d4f7242b2896 100644 --- a/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix +++ b/nixpkgs/pkgs/tools/security/phrasendrescher/default.nix @@ -24,5 +24,6 @@ stdenv.mkDerivation rec { license = licenses.gpl2Plus; platforms = platforms.all; maintainers = with maintainers; [ bjornfor ]; + mainProgram = "pd"; }; } diff --git a/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix b/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix index 0cc3f9bcf047..e7a21fdef443 100644 --- a/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix +++ b/nixpkgs/pkgs/tools/security/pinentry-bemenu/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "pinentry-bemenu"; - version = "0.10.0"; + version = "0.11.0"; src = fetchFromGitHub { owner = "t-8ch"; repo = pname; rev = "v${version}"; - sha256 = "sha256-2Q8hN7AbuGqm7pfNHlJlSi1Op/OpJBun/AIDhUDnGvU="; + sha256 = "sha256-jt7G/OuXqJdnkW7sMNH0o+CI3noDK6EcbOLXq0JoDTk="; }; nativeBuildInputs = [ meson ninja pkg-config ]; diff --git a/nixpkgs/pkgs/tools/security/pinentry-rofi/default.nix b/nixpkgs/pkgs/tools/security/pinentry-rofi/default.nix new file mode 100644 index 000000000000..b971f37af69c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pinentry-rofi/default.nix @@ -0,0 +1,41 @@ +{ stdenv +, lib +, fetchFromGitHub +, pkg-config +, autoreconfHook +, autoconf-archive +, guile +, texinfo +, rofi +}: + +stdenv.mkDerivation rec { + pname = "pinentry-rofi"; + version = "2.0.3"; + + src = fetchFromGitHub { + owner = "plattfot"; + repo = pname; + rev = version; + sha256 = "sha256-EzbeMAhdn9SuSmE+aMHeyuje3s74isIKRDTrFO3bX04="; + }; + + nativeBuildInputs = [ + autoconf-archive + autoreconfHook + pkg-config + texinfo + ]; + + buildInputs = [ guile ]; + + propagatedBuildInputs = [ rofi ]; + + meta = with lib; { + description = "Rofi frontend to pinentry"; + homepage = "https://github.com/plattfot/pinentry-rofi"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ seqizz ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pinentry/default.nix b/nixpkgs/pkgs/tools/security/pinentry/default.nix index ca9a5862cc59..309f44beb1aa 100644 --- a/nixpkgs/pkgs/tools/security/pinentry/default.nix +++ b/nixpkgs/pkgs/tools/security/pinentry/default.nix @@ -16,18 +16,13 @@ let then mkDerivation else stdenv.mkDerivation; - mkFlag = pfxTrue: pfxFalse: cond: name: - "--${if cond then pfxTrue else pfxFalse}-${name}"; - mkEnable = mkFlag "enable" "disable"; - mkWith = mkFlag "with" "without"; - - mkEnablePinentry = f: + enableFeaturePinentry = f: let info = flavorInfo.${f}; flag = flavorInfo.${f}.flag or null; in optionalString (flag != null) - (mkEnable (elem f enabledFlavors) ("pinentry-" + flag)); + (enableFeature (elem f enabledFlavors) ("pinentry-" + flag)); flavorInfo = { curses = { bin = "curses"; flag = "curses"; buildInputs = [ ncurses ]; }; @@ -75,9 +70,9 @@ pinentryMkDerivation rec { ]; configureFlags = [ - (mkWith (libcap != null) "libcap") - (mkEnable (libsecret != null) "libsecret") - ] ++ (map mkEnablePinentry (attrNames flavorInfo)); + (withFeature (libcap != null) "libcap") + (enableFeature (libsecret != null) "libsecret") + ] ++ (map enableFeaturePinentry (attrNames flavorInfo)); postInstall = concatStrings (flip map enabledFlavors (f: diff --git a/nixpkgs/pkgs/tools/security/plasma-pass/default.nix b/nixpkgs/pkgs/tools/security/plasma-pass/default.nix index 20f64b725f11..2ff2ab38cefb 100644 --- a/nixpkgs/pkgs/tools/security/plasma-pass/default.nix +++ b/nixpkgs/pkgs/tools/security/plasma-pass/default.nix @@ -1,7 +1,7 @@ { mkDerivation, lib, fetchFromGitLab, cmake, extra-cmake-modules , ki18n , kitemmodels -, oathToolkit +, oath-toolkit , qgpgme , plasma-framework , qt5 }: @@ -21,7 +21,7 @@ mkDerivation rec { buildInputs = [ ki18n kitemmodels - oathToolkit + oath-toolkit qgpgme plasma-framework qt5.qtbase diff --git a/nixpkgs/pkgs/tools/security/pomerium-cli/default.nix b/nixpkgs/pkgs/tools/security/pomerium-cli/default.nix index 7dc7e3a7a903..9463e0851898 100644 --- a/nixpkgs/pkgs/tools/security/pomerium-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/pomerium-cli/default.nix @@ -9,15 +9,17 @@ let in buildGoModule rec { pname = "pomerium-cli"; - version = pomerium.version; + inherit (pomerium) version; + src = fetchFromGitHub { owner = "pomerium"; repo = "cli"; rev = "v${version}"; - hash = "sha256:0230b22xjnpykj8bcdahzzlsvlrd63z2cmg6yb246c5ngjs835q1"; + hash = "sha256-AZeBtHy2MEPE8uZVJv4wLdOt6f9QNbaQnP5a2YVYYAg="; }; - vendorSha256 = "sha256:0xx22lmh6wip1d1bjrp4lgab3q9yilw54v4lg24lf3xhbsr5si9b"; + vendorSha256 = "sha256-K0Vdsl6wD0eJeJRsUjiNPuGx1KPkZrlCCzdyAysVonc="; + subPackages = [ "cmd/pomerium-cli" ]; @@ -45,7 +47,11 @@ buildGoModule rec { ]; installPhase = '' + runHook preInstall + install -Dm0755 $GOPATH/bin/pomerium-cli $out/bin/pomerium-cli + + runHook postInstall ''; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/prs/default.nix b/nixpkgs/pkgs/tools/security/prs/default.nix index 5a020dde9cc4..2a901a599d49 100644 --- a/nixpkgs/pkgs/tools/security/prs/default.nix +++ b/nixpkgs/pkgs/tools/security/prs/default.nix @@ -14,16 +14,16 @@ rustPlatform.buildRustPackage rec { pname = "prs"; - version = "0.3.2"; + version = "0.3.4"; src = fetchFromGitLab { owner = "timvisee"; repo = "prs"; rev = "v${version}"; - sha256 = "sha256-90Ed/mafACSJvH+DjCbdXs3eeyT+pGflRzDD9l3b0/s="; + hash = "sha256-dfyTaWwV2hNZPZfvM+AqqR1zbChjT6Y/TEkQPEXRtGA="; }; - cargoSha256 = "sha256-5teiF8s11Ml8UtbVn6fXur2OQzE52JZnsgyDihbEFTQ="; + cargoHash = "sha256-yf46le0jG4EXo60kGKc0GwSO5vl4Dw0gmYJ4yr+TFdE="; postPatch = '' # The GPGME backend is recommended diff --git a/nixpkgs/pkgs/tools/security/pwdsafety/default.nix b/nixpkgs/pkgs/tools/security/pwdsafety/default.nix index 2a6ed328e49e..ce4e149e7700 100644 --- a/nixpkgs/pkgs/tools/security/pwdsafety/default.nix +++ b/nixpkgs/pkgs/tools/security/pwdsafety/default.nix @@ -1,20 +1,20 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "pwdsafety"; - version = "0.1.4"; + version = "0.3"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; rev = "v${version}"; - sha256 = "1qnkabgc2924qg9x1ij51jq7lnxzcj1ygdp3x4mzi9gl532i191w"; + hash = "sha256-ryMLiehJVZhQ3ZQf4/g7ILeJri78A6z5jfell0pD9E8="; }; - vendorSha256 = "0avm4zwwqv476yrraaf5xkc1lac0mwnmzav5wckifws6r4x3xrsb"; + vendorSha256 = "sha256-b+tWTQUyYDzY2O28hwy5vI6b6S889TCiVh7hQhw/KAc="; meta = with lib; { description = "Command line tool checking password safety"; diff --git a/nixpkgs/pkgs/tools/security/pynitrokey/default.nix b/nixpkgs/pkgs/tools/security/pynitrokey/default.nix index b50550e74368..af8fd944cf81 100644 --- a/nixpkgs/pkgs/tools/security/pynitrokey/default.nix +++ b/nixpkgs/pkgs/tools/security/pynitrokey/default.nix @@ -1,15 +1,15 @@ -{ python3Packages, lib }: +{ python3Packages, lib, nrfutil }: with python3Packages; buildPythonApplication rec { pname = "pynitrokey"; - version = "0.4.9"; + version = "0.4.26"; format = "flit"; src = fetchPypi { inherit pname version; - sha256 = "sha256-mhH6mVgLRX87PSGTFkj1TE75jU1lwcaRZWbC67T+vWo="; + sha256 = "sha256-OuLR6txvoOpOUYpkjA5UkXUIIa1hYCwTmmPuUC3i4zM="; }; propagatedBuildInputs = [ @@ -18,17 +18,25 @@ buildPythonApplication rec { ecdsa fido2 intelhex + nrfutil pyserial pyusb requests pygments python-dateutil + spsdk urllib3 cffi cbor nkdfu ]; + # spsdk is patched to allow for newer cryptography + postPatch = '' + substituteInPlace pyproject.toml \ + --replace "cryptography >=3.4.4,<37" "cryptography" + ''; + # no tests doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/qdigidoc/default.nix b/nixpkgs/pkgs/tools/security/qdigidoc/default.nix index b47a2455b672..19ce14f915aa 100644 --- a/nixpkgs/pkgs/tools/security/qdigidoc/default.nix +++ b/nixpkgs/pkgs/tools/security/qdigidoc/default.nix @@ -1,15 +1,27 @@ -{ lib, mkDerivation, fetchurl, cmake, darkhttpd, gettext, makeWrapper -, pkg-config, libdigidocpp, opensc, openldap, openssl, pcsclite, qtbase -, qttranslations, qtsvg }: +{ lib +, mkDerivation +, fetchurl +, cmake +, gettext +, pkg-config +, libdigidocpp +, opensc +, openldap +, openssl +, pcsclite +, qtbase +, qttranslations +, qtsvg +}: mkDerivation rec { pname = "qdigidoc"; - version = "4.2.9"; + version = "4.2.12"; src = fetchurl { url = "https://github.com/open-eid/DigiDoc4-Client/releases/download/v${version}/qdigidoc4-${version}.tar.gz"; - sha256 = "1rhd3mvj6ld16zgfscj81f1vhs2nvifsizky509l1av7dsjfbbzr"; + hash = "sha256-6bso1qvhVhbBfrcTq4S+aHtHli7X2A926N4r45ztq4E="; }; tsl = fetchurl { @@ -17,7 +29,7 @@ mkDerivation rec { sha256 = "1cikz36w9phgczcqnwk4k3mx3kk919wy2327jksmfa4cjfjq4a8d"; }; - nativeBuildInputs = [ cmake darkhttpd gettext makeWrapper pkg-config ]; + nativeBuildInputs = [ cmake gettext pkg-config ]; postPatch = '' substituteInPlace client/CMakeLists.txt \ @@ -35,10 +47,15 @@ mkDerivation rec { qttranslations ]; - postInstall = '' - wrapProgram $out/bin/qdigidoc4 \ - --prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/ - ''; + # qdigidoc4's `QPKCS11::reload()` dlopen()s "opensc-pkcs11.so" in QLibrary, + # i.e. OpenSC's module is searched for in libQt5Core's DT_RUNPATH and fixing + # qdigidoc4's DT_RUNPATH has no effect on Linux (at least OpenBSD's ld.so(1) + # searches the program's runtime path as well). + # LD_LIBRARY_PATH takes precedence for all calling objects, see dlopen(3). + # https://github.com/open-eid/cmake/pull/35 might be an alternative. + qtWrapperArgs = [ + "--prefix LD_LIBRARY_PATH : ${opensc}/lib/pkcs11/" + ]; meta = with lib; { description = "Qt-based UI for signing and verifying DigiDoc documents"; diff --git a/nixpkgs/pkgs/tools/security/quill/default.nix b/nixpkgs/pkgs/tools/security/quill/default.nix index 9cf0f2f0c09c..b7f414ea87ef 100644 --- a/nixpkgs/pkgs/tools/security/quill/default.nix +++ b/nixpkgs/pkgs/tools/security/quill/default.nix @@ -27,7 +27,7 @@ rustPlatform.buildRustPackage rec { export IC_NNS_COMMON_PROTO_INCLUDES=${ic}/rs/nns/common/proto export PROTOC=${buildPackages.protobuf}/bin/protoc export OPENSSL_DIR=${openssl.dev} - export OPENSSL_LIB_DIR=${openssl.out}/lib + export OPENSSL_LIB_DIR=${lib.getLib openssl}/lib ''; cargoSha256 = "sha256-YxuBABGaZ+ti31seEYR6bB+OMgrSvl1lZyu4bqdxPIk="; diff --git a/nixpkgs/pkgs/tools/security/radamsa/default.nix b/nixpkgs/pkgs/tools/security/radamsa/default.nix index 2ddbc4034926..c8b084e1e312 100644 --- a/nixpkgs/pkgs/tools/security/radamsa/default.nix +++ b/nixpkgs/pkgs/tools/security/radamsa/default.nix @@ -37,7 +37,7 @@ stdenv.mkDerivation rec { description = "A general purpose fuzzer"; longDescription = "Radamsa is a general purpose data fuzzer. It reads data from given sample files, or standard input if none are given, and outputs modified data. It is usually used to generate malformed data for testing programs."; homepage = "https://gitlab.com/akihe/radamsa"; - maintainers = [ lib.maintainers.markWot ]; + maintainers = [ ]; platforms = lib.platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix index 589a56adc329..1d23209a3b1b 100644 --- a/nixpkgs/pkgs/tools/security/rage/default.nix +++ b/nixpkgs/pkgs/tools/security/rage/default.nix @@ -1,25 +1,30 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, installShellFiles -, Foundation, Security, libiconv }: +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, installShellFiles +, Foundation +}: rustPlatform.buildRustPackage rec { pname = "rage"; - version = "0.7.1"; + version = "0.8.1"; src = fetchFromGitHub { owner = "str4d"; repo = pname; rev = "v${version}"; - sha256 = "sha256-0OQnYc1IWYscvSw5YZH54Fh8cBasLlcVqrQcQ4MAsU8="; + sha256 = "sha256-FexplUdn56TanxAKC+a8uWoR3soJT1/1qi9t2tw19Vw="; }; - cargoSha256 = "sha256-31s70pgEQDw3uifmhv1iWQuzKQVc2q+f76PPnGKIYdc="; + cargoSha256 = "sha256-xlpi6UQTL1p9JSLENKrLjG2DF9mYiV+E8bfjHQtqOyY="; - nativeBuildInputs = [ installShellFiles ]; + nativeBuildInputs = [ + installShellFiles + ]; buildInputs = lib.optionals stdenv.isDarwin [ Foundation - Security - libiconv ]; # cargo test has an x86-only dependency diff --git a/nixpkgs/pkgs/tools/security/rbw/default.nix b/nixpkgs/pkgs/tools/security/rbw/default.nix index 9e3f0523473a..a5eb83f1e0b5 100644 --- a/nixpkgs/pkgs/tools/security/rbw/default.nix +++ b/nixpkgs/pkgs/tools/security/rbw/default.nix @@ -66,7 +66,7 @@ rustPlatform.buildRustPackage rec { preConfigure = '' export OPENSSL_INCLUDE_DIR="${openssl.dev}/include" - export OPENSSL_LIB_DIR="${openssl.out}/lib" + export OPENSSL_LIB_DIR="${lib.getLib openssl}/lib" ''; postInstall = '' diff --git a/nixpkgs/pkgs/tools/security/regpg/default.nix b/nixpkgs/pkgs/tools/security/regpg/default.nix new file mode 100644 index 000000000000..aaefbef227b8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/regpg/default.nix @@ -0,0 +1,52 @@ +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +, gnupg +, perl +}: + +let + perlEnv = perl.withPackages (p: with p; [ TextMarkdown ]); +in +stdenv.mkDerivation rec { + pname = "regpg"; + version = "1.11"; + + src = fetchFromGitHub { + owner = "fanf2"; + repo = "regpg"; + rev = "regpg-${version}"; + sha256 = "2ea99950804078190e1cc2a76d4740e3fdd5395a9043db3f3fe86bf2477d3a7d"; + }; + + nativeBuildInputs = [ makeWrapper perlEnv ]; + + postPatch = '' + patchShebangs ./util/insert-here.pl ./util/markdown.pl + substituteInPlace ./Makefile \ + --replace 'util/insert-here.pl' 'perl util/insert-here.pl' + substituteInPlace ./Makefile \ + --replace 'util/markdown.pl' 'perl util/markdown.pl' + substituteInPlace util/insert-here.pl \ + --replace 'qx(git describe)' '"regpg-${version}"' + ''; + + dontConfigure = true; + + makeFlags = [ "prefix=$(out)" ]; + + postFixup = '' + patchShebangs $out/bin/regpg + wrapProgram $out/bin/regpg --prefix PATH ":" \ + "${lib.makeBinPath [ gnupg ]}" + ''; + + meta = with lib; { + description = "GPG wrapper utility for storing secrets in VCS"; + homepage = "https://dotat.at/prog/regpg"; + license = licenses.gpl3; + platforms = platforms.all; + maintainers = with maintainers; [ _0xC45 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rekor/default.nix b/nixpkgs/pkgs/tools/security/rekor/default.nix index 663cc38291cb..0343c389e5f3 100644 --- a/nixpkgs/pkgs/tools/security/rekor/default.nix +++ b/nixpkgs/pkgs/tools/security/rekor/default.nix @@ -4,22 +4,43 @@ let generic = { pname, packageToBuild, description }: buildGoModule rec { inherit pname; - version = "0.5.0"; + version = "0.10.0"; src = fetchFromGitHub { owner = "sigstore"; repo = "rekor"; rev = "v${version}"; - sha256 = "sha256-y8klkb0hyITxLhcNWF7RYRVwF8rclDKzQF/MJs6y//Y="; + sha256 = "sha256-jwV6qPItuNrXl3rknY2RVIw3f3VwyiEefomnvGKiluI="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + git rev-parse HEAD > $out/COMMIT + # '0000-00-00T00:00:00Z' + date -u -d "@$(git log -1 --pretty=%ct)" "+'%Y-%m-%dT%H:%M:%SZ'" > $out/SOURCE_DATE_EPOCH + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; }; - vendorSha256 = "sha256-0PPdnE3ND/YNIk50XkgBROpe5OhFiFre5Lwsml02DQU="; + vendorSha256 = "sha256-qT1vY+YLmehQYS+jiCEx7vOJACIGPcl7VNfUEMc8w0U="; nativeBuildInputs = [ installShellFiles ]; subPackages = [ packageToBuild ]; - ldflags = [ "-s" "-w" "-X github.com/sigstore/rekor/pkg/api.GitVersion=v${version}" ]; + ldflags = [ + "-s" + "-w" + "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}" + "-X sigs.k8s.io/release-utils/version.gitTreeState=clean" + ]; + + # ldflags based on metadata from git and source + preBuild = '' + ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)" + ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)" + ''; postInstall = '' installShellCompletion --cmd ${pname} \ diff --git a/nixpkgs/pkgs/tools/security/rhash/default.nix b/nixpkgs/pkgs/tools/security/rhash/default.nix index e82052d961b8..e071f460b1aa 100644 --- a/nixpkgs/pkgs/tools/security/rhash/default.nix +++ b/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -34,6 +34,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--ar=${stdenv.cc.targetPrefix}ar" + "--target=${stdenv.hostPlatform.config}" (lib.enableFeature enableStatic "static") (lib.enableFeature enableStatic "lib-static") ]; diff --git a/nixpkgs/pkgs/tools/security/routersploit/default.nix b/nixpkgs/pkgs/tools/security/routersploit/default.nix new file mode 100644 index 000000000000..e2a511c811b1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/routersploit/default.nix @@ -0,0 +1,56 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "routersploit"; + version = "unstable-2021-02-06"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "threat9"; + repo = pname; + rev = "3fd394637f5566c4cf6369eecae08c4d27f93cda"; + hash = "sha256-IET0vL0VVP9ZNn75hKdTCiEmOZRHHYICykhzW2g3LEg="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + future + paramiko + pycryptodome + pysnmp + requests + setuptools + ]; + + checkInputs = with python3.pkgs; [ + pytest-xdist + pytestCheckHook + threat9-test-bed + ]; + + postInstall = '' + mv $out/bin/rsf.py $out/bin/rsf + ''; + + pythonImportsCheck = [ + "routersploit" + ]; + + pytestFlagsArray = [ + "-n" + "$NIX_BUILD_CORES" + # Run the same tests as upstream does in the first round + "tests/core/" + "tests/test_exploit_scenarios.py" + "tests/test_module_info.py" + ]; + + meta = with lib; { + description = "Exploitation Framework for Embedded Devices"; + homepage = "https://github.com/threat9/routersploit"; + license = with licenses; [ bsd3 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rustscan/default.nix b/nixpkgs/pkgs/tools/security/rustscan/default.nix index adf514006b15..8f7498083cc2 100644 --- a/nixpkgs/pkgs/tools/security/rustscan/default.nix +++ b/nixpkgs/pkgs/tools/security/rustscan/default.nix @@ -33,6 +33,6 @@ rustPlatform.buildRustPackage rec { description = "Faster Nmap Scanning with Rust"; homepage = "https://github.com/RustScan/RustScan"; license = licenses.gpl3Only; - maintainers = [ maintainers.SuperSandro2000 ]; + maintainers = with maintainers; [ ]; }; } diff --git a/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/nixpkgs/pkgs/tools/security/saml2aws/default.nix index 2f1127fd68a2..296845c644d1 100644 --- a/nixpkgs/pkgs/tools/security/saml2aws/default.nix +++ b/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -15,8 +15,6 @@ buildGoModule rec { buildInputs = lib.optionals stdenv.isDarwin [ AppKit ]; - doCheck = false; - subPackages = [ "." "cmd/saml2aws" ]; ldflags = [ diff --git a/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch b/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch index f436a73bca72..0f41b4327e6a 100644 --- a/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch +++ b/nixpkgs/pkgs/tools/security/sbsigntool/autoconf.patch @@ -1,9 +1,11 @@ ---- sbsigntools/configure.ac 2018-09-25 10:30:00.878766256 -0500 -+++ configure.ac.new 2018-09-25 10:34:56.231277375 -0500 -@@ -71,15 +71,16 @@ +diff --git a/configure.ac b/configure.ac +index 4ffb68f..d8a8265 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -71,15 +71,16 @@ AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = " # no consistent view of where gnu-efi should dump the efi stuff, so find it ## - for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi; do + for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do - if test -e $path/crt0-efi-$EFI_ARCH.o; then - CRTPATH=$path + if test -e @@NIX_GNUEFI@@/$path/crt0-efi-$EFI_ARCH.o; then @@ -20,7 +22,7 @@ -DEFI_FUNCTION_WRAPPER" CPPFLAGS_save="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS" -@@ -90,5 +91,5 @@ +@@ -90,5 +91,5 @@ AC_SUBST(EFI_ARCH, $EFI_ARCH) AC_SUBST(CRTPATH, $CRTPATH) AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] diff --git a/nixpkgs/pkgs/tools/security/sbsigntool/default.nix b/nixpkgs/pkgs/tools/security/sbsigntool/default.nix index 7a0bb37d4a4c..4c548bbd535f 100644 --- a/nixpkgs/pkgs/tools/security/sbsigntool/default.nix +++ b/nixpkgs/pkgs/tools/security/sbsigntool/default.nix @@ -3,14 +3,14 @@ , openssl, libuuid, gnu-efi, libbfd }: -stdenv.mkDerivation { +stdenv.mkDerivation rec { pname = "sbsigntool"; - version = "0.9.1"; + version = "0.9.4"; src = fetchgit { url = "https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git"; - rev = "v0.9.1"; - sha256 = "098gxmhjn8acxjw5bq59wq4xhgkpx1xn8kjvxwdzpqkwq9ivrsbp"; + rev = "v${version}"; + sha256 = "sha256-dbjdA+hjII/k7wABTTJV5RBdy4KlNkFlBWEaX4zn5vg="; }; patches = [ ./autoconf.patch ]; @@ -45,7 +45,7 @@ stdenv.mkDerivation { meta = with lib; { description = "Tools for maintaining UEFI signature databases"; homepage = "http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases"; - maintainers = [ maintainers.tstrobel ]; + maintainers = with maintainers; [ hmenke ]; platforms = [ "x86_64-linux" ]; # Broken on i686 license = licenses.gpl3; }; diff --git a/nixpkgs/pkgs/tools/security/schleuder/Gemfile b/nixpkgs/pkgs/tools/security/schleuder/Gemfile new file mode 100644 index 000000000000..687c293bac91 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/Gemfile @@ -0,0 +1,3 @@ +source 'https://rubygems.org' do + gem 'schleuder' +end diff --git a/nixpkgs/pkgs/tools/security/schleuder/Gemfile.lock b/nixpkgs/pkgs/tools/security/schleuder/Gemfile.lock new file mode 100644 index 000000000000..7f15bb7bd717 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/Gemfile.lock @@ -0,0 +1,86 @@ +GEM + specs: + +GEM + remote: https://rubygems.org/ + specs: + activemodel (6.1.6) + activesupport (= 6.1.6) + activerecord (6.1.6) + activemodel (= 6.1.6) + activesupport (= 6.1.6) + activesupport (6.1.6) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + bcrypt (3.1.18) + charlock_holmes (0.7.7) + concurrent-ruby (1.1.10) + daemons (1.4.1) + eventmachine (1.2.7) + gpgme (2.0.20) + mini_portile2 (~> 2.3) + i18n (1.10.0) + concurrent-ruby (~> 1.0) + mail (2.7.1) + mini_mime (>= 0.1.1) + mail-gpg (0.4.4) + gpgme (~> 2.0, >= 2.0.2) + mail (~> 2.5, >= 2.5.3) + mini_mime (1.1.2) + mini_portile2 (2.8.0) + minitest (5.16.1) + multi_json (1.15.0) + mustermann (1.1.1) + ruby2_keywords (~> 0.0.1) + rack (2.2.3.1) + rack-protection (2.2.0) + rack + rake (13.0.6) + ruby2_keywords (0.0.5) + schleuder (4.0.3) + activerecord (~> 6.1.3) + bcrypt (~> 3.1.2) + charlock_holmes (~> 0.7.6) + gpgme (~> 2.0, >= 2.0.19) + mail (~> 2.7.1) + mail-gpg (~> 0.3) + rake (>= 10.5.0) + sinatra (~> 2) + sinatra-contrib (~> 2) + sqlite3 (~> 1.4.2) + thin (~> 1) + thor (~> 0) + sinatra (2.2.0) + mustermann (~> 1.0) + rack (~> 2.2) + rack-protection (= 2.2.0) + tilt (~> 2.0) + sinatra-contrib (2.2.0) + multi_json + mustermann (~> 1.0) + rack-protection (= 2.2.0) + sinatra (= 2.2.0) + tilt (~> 2.0) + sqlite3 (1.4.4) + thin (1.8.1) + daemons (~> 1.0, >= 1.0.9) + eventmachine (~> 1.0, >= 1.0.4) + rack (>= 1, < 3) + thor (0.20.3) + tilt (2.0.10) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) + zeitwerk (2.6.0) + +PLATFORMS + aarch64-linux + x86_64-linux + +DEPENDENCIES + schleuder! + +BUNDLED WITH + 2.3.9 diff --git a/nixpkgs/pkgs/tools/security/schleuder/cli/Gemfile b/nixpkgs/pkgs/tools/security/schleuder/cli/Gemfile new file mode 100644 index 000000000000..428e856aecc6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/cli/Gemfile @@ -0,0 +1,4 @@ +source "https://rubygems.org" + +gem "schleuder-cli", git: "https://0xacab.org/schleuder/schleuder-cli", tag: "schleuder-cli-0.1.0" + diff --git a/nixpkgs/pkgs/tools/security/schleuder/cli/Gemfile.lock b/nixpkgs/pkgs/tools/security/schleuder/cli/Gemfile.lock new file mode 100644 index 000000000000..3eead9459e05 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/cli/Gemfile.lock @@ -0,0 +1,22 @@ +GIT + remote: https://0xacab.org/schleuder/schleuder-cli + revision: 1de2548695d9a74f47b7868954561b48cbc966f9 + tag: schleuder-cli-0.1.0 + specs: + schleuder-cli (0.1.0) + thor (~> 0) + +GEM + remote: https://rubygems.org/ + specs: + thor (0.20.3) + +PLATFORMS + aarch64-linux + x86_64-linux + +DEPENDENCIES + schleuder-cli! + +BUNDLED WITH + 2.3.9 diff --git a/nixpkgs/pkgs/tools/security/schleuder/cli/default.nix b/nixpkgs/pkgs/tools/security/schleuder/cli/default.nix new file mode 100644 index 000000000000..e34afa699f04 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/cli/default.nix @@ -0,0 +1,34 @@ +{ lib +, bundlerApp +, ruby +, bundlerUpdateScript +}: + +bundlerApp { + inherit ruby; + + pname = "schleuder-cli"; + + gemdir = ./.; + + installManpages = false; + + exes = [ + "schleuder-cli" + ]; + + passthru.updateScript = bundlerUpdateScript "schleuder-cli"; + + meta = with lib; { + description = "A command line tool to create and manage schleuder-lists"; + longDescription = '' + Schleuder-cli enables creating, configuring, and deleting lists, + subscriptions, keys, etc. It uses the Schleuder API, provided by + schleuder-api-daemon (part of Schleuder). + ''; + homepage = "https://schleuder.org"; + changelog = "https://0xacab.org/schleuder/schleuder-cli/-/blob/main/CHANGELOG.md"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ hexa ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/schleuder/cli/gemset.nix b/nixpkgs/pkgs/tools/security/schleuder/cli/gemset.nix new file mode 100644 index 000000000000..45ff62f89137 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/cli/gemset.nix @@ -0,0 +1,25 @@ +{ + schleuder-cli = { + dependencies = ["thor"]; + groups = ["default"]; + platforms = []; + source = { + fetchSubmodules = false; + rev = "1de2548695d9a74f47b7868954561b48cbc966f9"; + sha256 = "0k4i33w9a0bscw4wbs301vxca367g7pa89y6cr24i0014pbmhs9z"; + type = "git"; + url = "https://0xacab.org/schleuder/schleuder-cli"; + }; + version = "0.1.0"; + }; + thor = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + type = "gem"; + }; + version = "0.20.3"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/schleuder/default.nix b/nixpkgs/pkgs/tools/security/schleuder/default.nix new file mode 100644 index 000000000000..84597f6f51bf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/default.nix @@ -0,0 +1,38 @@ +{ lib +, bundlerApp +, ruby +, bundlerUpdateScript +, defaultGemConfig +, nixosTests +}: + +bundlerApp { + inherit ruby; + + pname = "schleuder"; + + gemdir = ./.; + + exes = [ + "schleuder" + "schleuder-api-daemon" + ]; + + passthru.updateScript = bundlerUpdateScript "schleuder"; + passthru.tests = { + inherit (nixosTests) schleuder; + }; + + meta = with lib; { + description = "Schleuder is an encrypting mailing list manager with remailing-capabilities"; + longDescription = '' + Schleuder is a group's email-gateway: subscribers can exchange + encrypted emails among themselves, receive emails from + non-subscribers and send emails to non-subscribers via the list. + ''; + homepage = "https://schleuder.org"; + changelog = "https://0xacab.org/schleuder/schleuder/blob/main/CHANGELOG.md"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ hexa lheckemann ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/schleuder/gemset.nix b/nixpkgs/pkgs/tools/security/schleuder/gemset.nix new file mode 100644 index 000000000000..63cd6a5db81f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/schleuder/gemset.nix @@ -0,0 +1,316 @@ +{ + activemodel = { + dependencies = ["activesupport"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1f0ai51icvvx5q0jd1l89k0dlwzpsrkqlj6x43f8qc4bd1ya9glx"; + type = "gem"; + }; + version = "6.1.6"; + }; + activerecord = { + dependencies = ["activemodel" "activesupport"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0khjnkvmiyap1g3rvw9hp16mzai4smqcg5hxhq28pll25ljzxdbp"; + type = "gem"; + }; + version = "6.1.6"; + }; + activesupport = { + dependencies = ["concurrent-ruby" "i18n" "minitest" "tzinfo" "zeitwerk"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08wzpwgdm03vzb8gqr8bvfdarb89g5ah0skvwqk6qv87p55xqkyw"; + type = "gem"; + }; + version = "6.1.6"; + }; + bcrypt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "048z3fvcknqx7ikkhrcrykxlqmf9bzc7l0y5h1cnvrc9n2qf0k8m"; + type = "gem"; + }; + version = "3.1.18"; + }; + charlock_holmes = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0hybw8jw9ryvz5zrki3gc9r88jqy373m6v46ynxsdzv1ysiyr40p"; + type = "gem"; + }; + version = "0.7.7"; + }; + concurrent-ruby = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0s4fpn3mqiizpmpy2a24k4v365pv75y50292r8ajrv4i1p5b2k14"; + type = "gem"; + }; + version = "1.1.10"; + }; + daemons = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "07cszb0zl8mqmwhc8a2yfg36vi6lbgrp4pa5bvmryrpcz9v6viwg"; + type = "gem"; + }; + version = "1.4.1"; + }; + eventmachine = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0wh9aqb0skz80fhfn66lbpr4f86ya2z5rx6gm5xlfhd05bj1ch4r"; + type = "gem"; + }; + version = "1.2.7"; + }; + gpgme = { + dependencies = ["mini_portile2"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xbgh9d8nbvsvyzqnd0mzhz0nr9hx4qn025kmz6d837lry4lc6gw"; + type = "gem"; + }; + version = "2.0.20"; + }; + i18n = { + dependencies = ["concurrent-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0b2qyvnk4yynlg17ymkq4g5xgr275637fhl1mjh0valw3cb1fhhg"; + type = "gem"; + }; + version = "1.10.0"; + }; + mail = { + dependencies = ["mini_mime"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "00wwz6ys0502dpk8xprwcqfwyf3hmnx6lgxaiq6vj43mkx43sapc"; + type = "gem"; + }; + version = "2.7.1"; + }; + mail-gpg = { + dependencies = ["gpgme" "mail"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1rz936m8nacy7agksvpvkf6b37d1h5qvh5xkrjqvv5wbdqs3cyfj"; + type = "gem"; + }; + version = "0.4.4"; + }; + mini_mime = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lbim375gw2dk6383qirz13hgdmxlan0vc5da2l072j3qw6fqjm5"; + type = "gem"; + }; + version = "1.1.2"; + }; + mini_portile2 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rapl1sfmfi3bfr68da4ca16yhc0pp93vjwkj7y3rdqrzy3b41hy"; + type = "gem"; + }; + version = "2.8.0"; + }; + minitest = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "08z6rgs1jgbc032843mwg3fayvzn4hihz8bl2gp87pf7z02kw5f3"; + type = "gem"; + }; + version = "5.16.1"; + }; + multi_json = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pb1g1y3dsiahavspyzkdy39j4q377009f6ix0bh1ag4nqw43l0z"; + type = "gem"; + }; + version = "1.15.0"; + }; + mustermann = { + dependencies = ["ruby2_keywords"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ccm54qgshr1lq3pr1dfh7gphkilc19dp63rw6fcx7460pjwy88a"; + type = "gem"; + }; + version = "1.1.1"; + }; + rack = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1b1qsg0yfargdhmpapp2d3mlxj82wyygs9nj74w0r03diyi8swlc"; + type = "gem"; + }; + version = "2.2.3.1"; + }; + rack-protection = { + dependencies = ["rack"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1hz6h6d67r217qi202qmxq2xkn3643ay3iybhl3dq3qd6j8nm3b2"; + type = "gem"; + }; + version = "2.2.0"; + }; + rake = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "15whn7p9nrkxangbs9hh75q585yfn66lv0v2mhj6q6dl6x8bzr2w"; + type = "gem"; + }; + version = "13.0.6"; + }; + ruby2_keywords = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1vz322p8n39hz3b4a9gkmz9y7a5jaz41zrm2ywf31dvkqm03glgz"; + type = "gem"; + }; + version = "0.0.5"; + }; + schleuder = { + dependencies = ["activerecord" "bcrypt" "charlock_holmes" "gpgme" "mail" "mail-gpg" "rake" "sinatra" "sinatra-contrib" "sqlite3" "thin" "thor"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0lxmi7402v5qkajx3j5bydarxf3lbm1kzpwgy7zsmc7l28mcv8wx"; + type = "gem"; + }; + version = "4.0.3"; + }; + sinatra = { + dependencies = ["mustermann" "rack" "rack-protection" "tilt"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1x3rci7k30g96y307hvglpdgm3f7nga3k3n4i8n1v2xxx290800y"; + type = "gem"; + }; + version = "2.2.0"; + }; + sinatra-contrib = { + dependencies = ["multi_json" "mustermann" "rack-protection" "sinatra" "tilt"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0zzckl2n7r18fk3929hgcv8pby6hxwva0rbxw66yq6r96lnwzryb"; + type = "gem"; + }; + version = "2.2.0"; + }; + sqlite3 = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1z1wa639c278bsipczn6kv8b13fj85pi8gk7x462chqx6k0wm0ax"; + type = "gem"; + }; + version = "1.4.4"; + }; + thin = { + dependencies = ["daemons" "eventmachine" "rack"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "123bh7qlv6shk8bg8cjc84ix8bhlfcilwnn3iy6zq3l57yaplm9l"; + type = "gem"; + }; + version = "1.8.1"; + }; + thor = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + type = "gem"; + }; + version = "0.20.3"; + }; + tilt = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0rn8z8hda4h41a64l0zhkiwz2vxw9b1nb70gl37h1dg2k874yrlv"; + type = "gem"; + }; + version = "2.0.10"; + }; + tzinfo = { + dependencies = ["concurrent-ruby"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "10qp5x7f9hvlc0psv9gsfbxg4a7s0485wsbq1kljkxq94in91l4z"; + type = "gem"; + }; + version = "2.0.4"; + }; + zeitwerk = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0xjdr2szxvn3zb1sb5l8nfd6k9jr3b4qqbbg1mj9grf68m3fxckc"; + type = "gem"; + }; + version = "2.6.0"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/scilla/default.nix b/nixpkgs/pkgs/tools/security/scilla/default.nix index ab31624c6c96..301e03781064 100644 --- a/nixpkgs/pkgs/tools/security/scilla/default.nix +++ b/nixpkgs/pkgs/tools/security/scilla/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "scilla"; - version = "1.2.1"; + version = "1.2.2"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; rev = "v${version}"; - sha256 = "sha256-1gSuKxNpls7B+pSGnGj3k/E93lnj2FPNtAAciPPNAeM="; + sha256 = "sha256-1akwc/J1W1zMNqEc2Vv8wdElKbOVJ8uL3XXftGVwWnQ="; }; - vendorSha256 = "sha256-gHZj8zpc7yFthCCBM8WGw4WwoW46bdQWe4yWjOkkQE8="; + vendorSha256 = "sha256-uTL2qr/LWmdmZipfnbzzzIx6X3fJtB1A9uYekogZN3w="; meta = with lib; { description = "Information gathering tool for DNS, ports and more"; diff --git a/nixpkgs/pkgs/tools/security/scorecard/default.nix b/nixpkgs/pkgs/tools/security/scorecard/default.nix index 35ce8e900fb7..a4caf7511281 100644 --- a/nixpkgs/pkgs/tools/security/scorecard/default.nix +++ b/nixpkgs/pkgs/tools/security/scorecard/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "scorecard"; - version = "4.1.0"; + version = "4.3.0"; src = fetchFromGitHub { owner = "ossf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-QOWQhuEEnwtHmQwl5WCCHcKMjwhgxn9xerR0Bxi3660="; + sha256 = "sha256-+aocaMnEDqaOjiCPmAxhf1tiqMN6DKo64N0ARMmY71E="; # populate values otherwise taken care of by goreleaser, # unfortunately these require us to use git. By doing # this in postFetch we can delete .git afterwards and @@ -16,20 +16,14 @@ buildGoModule rec { leaveDotGit = true; postFetch = '' cd "$out" - - commit="$(git rev-parse HEAD)" - source_date_epoch=$(git log --date=iso8601-strict -1 --pretty=%ct) - - substituteInPlace "$out/pkg/scorecard_version.go" \ - --replace 'gitCommit = "unknown"' "gitCommit = \"$commit\"" \ - --replace 'buildDate = "unknown"' "buildDate = \"$source_date_epoch\"" - + git rev-parse HEAD > $out/COMMIT + # 0000-00-00T00:00:00Z + date -u -d "@$(git log -1 --pretty=%ct)" "+%Y-%m-%dT%H:%M:%SZ" > $out/SOURCE_DATE_EPOCH find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-AFadBzkRj0D1MXLHzexvomJ0cqirhW82tnNRGx/gChI="; + vendorSha256 = "sha256-0VEo08lGVQ3ROdqFrpNVgdtfaKqNY4hhjZ0i3U52P4M="; - # Install completions post-install nativeBuildInputs = [ installShellFiles ]; subPackages = [ "." ]; @@ -37,10 +31,16 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitVersion=v${version}" - "-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitTreeState=clean" + "-X sigs.k8s.io/release-utils/version.gitVersion=v${version}" + "-X sigs.k8s.io/release-utils/version.gitTreeState=clean" ]; + # ldflags based on metadata from git and source + preBuild = '' + ldflags+=" -X sigs.k8s.io/release-utils/version.gitCommit=$(cat COMMIT)" + ldflags+=" -X sigs.k8s.io/release-utils/version.buildDate=$(cat SOURCE_DATE_EPOCH)" + ''; + preCheck = '' # Feed in all but the e2e tests for testing # This is because subPackages above limits what is built to just what we @@ -63,7 +63,7 @@ buildGoModule rec { installCheckPhase = '' runHook preInstallCheck $out/bin/scorecard --help - $out/bin/scorecard version | grep "v${version}" + # $out/bin/scorecard version 2>&1 | grep "v${version}" runHook postInstallCheck ''; diff --git a/nixpkgs/pkgs/tools/security/secp256k1/default.nix b/nixpkgs/pkgs/tools/security/secp256k1/default.nix index 890518126d84..bae83462872b 100644 --- a/nixpkgs/pkgs/tools/security/secp256k1/default.nix +++ b/nixpkgs/pkgs/tools/security/secp256k1/default.nix @@ -42,6 +42,6 @@ stdenv.mkDerivation { homepage = "https://github.com/bitcoin-core/secp256k1"; license = with licenses; [ mit ]; maintainers = with maintainers; [ ]; - platforms = with platforms; unix; + platforms = with platforms; all; }; } diff --git a/nixpkgs/pkgs/tools/security/secrets-extractor/default.nix b/nixpkgs/pkgs/tools/security/secrets-extractor/default.nix new file mode 100644 index 000000000000..948ee05bbd91 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/secrets-extractor/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, libpcap +}: + +buildGoModule rec { + pname = "secrets-extractor"; + version = "1.0.1"; + + src = fetchFromGitHub { + owner = "Xenios91"; + repo = "Secrets-Extractor"; + rev = "v${version}"; + hash = "sha256-cwEG0cXlyhrUSQAuZ/5KVqJtez13GvZghabsooXCM/U="; + }; + + vendorSha256 = "sha256-KhAaBNSpFu7LAWiHCWD1OssexW9N96ArDb7Oo1AaiWI="; + + buildInputs = [ + libpcap + ]; + + meta = with lib; { + description = "Tool to check packets for secrets"; + homepage = "https://github.com/Xenios91/Secrets-Extractor"; + # https://github.com/Xenios91/Secrets-Extractor/issues/1 + license = with licenses; [ unfree ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/semgrep/common.nix b/nixpkgs/pkgs/tools/security/semgrep/common.nix new file mode 100644 index 000000000000..2c4a377efab6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/semgrep/common.nix @@ -0,0 +1,58 @@ +{ lib, fetchFromGitHub, fetchzip, stdenv }: + +rec { + version = "0.108.0"; + + src = fetchFromGitHub { + owner = "returntocorp"; + repo = "semgrep"; + rev = "v${version}"; + sha256 = "sha256-Vdrv7lVPsBsxkwwfviD5zRAdsD02RfWmM+IlaThduQs="; + }; + + # submodule dependencies + # these are fetched so we: + # 1. don't fetch the many submodules we don't need + # 2. avoid fetchSubmodules since it's prone to impurities + langsSrc = fetchFromGitHub { + owner = "returntocorp"; + repo = "semgrep-langs"; + rev = "98e4aacb0d58539b50a642a28d916a5d749e2a42"; + sha256 = "sha256-7w+8vLmzqBjbeV+a4Br7kLQ2bJv3aZJw8cB0R9d/D+E="; + }; + + interfacesSrc = fetchFromGitHub { + owner = "returntocorp"; + repo = "semgrep-interfaces"; + rev = "bad298d06a5dc50e69b6818ba73f0cc9b9a17b58"; + sha256 = "sha256-AgNSvjVsP4b4zwkmq6BoNcOX3xdCSnQmXK+fVSkDXxQ="; + }; + + # fetch pre-built semgrep-core since the ocaml build is complex and relies on + # the opam package manager at some point + coreRelease = if stdenv.isDarwin then fetchzip { + url = "https://github.com/returntocorp/semgrep/releases/download/v${version}/semgrep-v${version}-osx.zip"; + sha256 = "sha256-f3ah4yGvtUL3Ievz+3hhh5Am1YMplRxsRQzdRAoF9uU="; + } else fetchzip { + url = "https://github.com/returntocorp/semgrep/releases/download/v${version}/semgrep-v${version}-ubuntu-16.04.tgz"; + sha256 = "sha256-qie9svlzRoAsI33W+Sxh4YTVk1iPV0NVXfzfKlEUul4="; + }; + + meta = with lib; { + homepage = "https://semgrep.dev/"; + downloadPage = "https://github.com/returntocorp/semgrep/"; + changelog = "https://github.com/returntocorp/semgrep/blob/v${version}/CHANGELOG.md"; + description = "Lightweight static analysis for many languages"; + longDescription = '' + Semgrep is a fast, open-source, static analysis tool for finding bugs and + enforcing code standards at editor, commit, and CI time. Semgrep analyzes + code locally on your computer or in your build environment: code is never + uploaded. Its rules look like the code you already write; no abstract + syntax trees, regex wrestling, or painful DSLs. + ''; + license = licenses.lgpl21Plus; + maintainers = with maintainers; [ jk ambroisie ]; + # limited by semgrep-core + platforms = [ "x86_64-linux" "x86_64-darwin" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/semgrep/default.nix b/nixpkgs/pkgs/tools/security/semgrep/default.nix new file mode 100644 index 000000000000..35a2a459587c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/semgrep/default.nix @@ -0,0 +1,81 @@ +{ lib +, fetchFromGitHub +, callPackage +, semgrep-core +, buildPythonApplication +, pythonPackages + +, pytestCheckHook +, git +}: + +let + common = callPackage ./common.nix { }; +in +buildPythonApplication rec { + pname = "semgrep"; + inherit (common) version; + src = "${common.src}/cli"; + + SEMGREP_CORE_BIN = "${semgrep-core}/bin/semgrep-core"; + + postPatch = '' + substituteInPlace setup.py \ + --replace "typing-extensions~=4.2" "typing-extensions" \ + --replace "jsonschema~=3.2" "jsonschema" \ + --replace "boltons~=21.0" "boltons" + + # remove git submodule placeholders + rm -r ./src/semgrep/{lang,semgrep_interfaces} + # link submodule dependencies + ln -s ${common.langsSrc}/ ./src/semgrep/lang + ln -s ${common.interfacesSrc}/ ./src/semgrep/semgrep_interfaces + ''; + + doCheck = true; + checkInputs = [ git pytestCheckHook ] ++ (with pythonPackages; [ + pytest-snapshot + pytest-mock + pytest-freezegun + types-freezegun + ]); + disabledTests = [ + # requires networking + "tests/unit/test_metric_manager.py" + ]; + preCheck = '' + # tests need a home directory + export HOME="$(mktemp -d)" + + # disabledTestPaths doesn't manage to avoid the e2e tests + # remove them from pyproject.toml + # and remove need for pytest-split + substituteInPlace pyproject.toml \ + --replace '"tests/e2e",' "" \ + --replace 'addopts = "--splitting-algorithm=least_duration"' "" + ''; + + propagatedBuildInputs = with pythonPackages; [ + attrs + boltons + colorama + click + click-option-group + glom + requests + ruamel-yaml + tqdm + packaging + jsonschema + wcmatch + peewee + defusedxml + urllib3 + typing-extensions + python-lsp-jsonrpc + ]; + + meta = common.meta // { + description = common.meta.description + " - cli"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix b/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix new file mode 100644 index 000000000000..3a9c904ad733 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix @@ -0,0 +1,22 @@ +{ lib, stdenvNoCC, callPackage }: + +let + common = callPackage ./common.nix { }; +in +stdenvNoCC.mkDerivation rec { + pname = "semgrep-core"; + inherit (common) version; + + src = common.coreRelease; + + installPhase = '' + runHook preInstall + install -Dm 755 -t $out/bin semgrep-core + runHook postInstall + ''; + + meta = common.meta // { + description = common.meta.description + " - core binary"; + sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sequoia/default.nix b/nixpkgs/pkgs/tools/security/sequoia/default.nix index 4803430018ed..8cf9ad010be7 100644 --- a/nixpkgs/pkgs/tools/security/sequoia/default.nix +++ b/nixpkgs/pkgs/tools/security/sequoia/default.nix @@ -25,16 +25,16 @@ rustPlatform.buildRustPackage rec { pname = "sequoia"; # Upstream has separate version numbering for the library and the CLI frontend. # This derivation provides the CLI frontend, and thus uses its version number. - version = "0.26.0"; + version = "0.27.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = "sequoia"; rev = "sq/v${version}"; - sha256 = "1rcbv1s7wpxhrzw082q6vfrq1ja2ssfxn53c90h8fh5wrj7ns751"; + sha256 = "sha256-KhJAXpj47Tvds5SLYwnsNeIlPf9QEopoCzsvvHgCwaI="; }; - cargoSha256 = "0f3b8rh4pl03n8j9ihazaak214sv1rsksbgrb1nfcy8sq2yqfj4g"; + cargoSha256 = "sha256-Y7iiZVIT9Vbe4YmTfGTU8p3H3odQKms2FBnnWgvF7mI="; nativeBuildInputs = [ pkg-config @@ -75,7 +75,11 @@ rustPlatform.buildRustPackage rec { LIBCLANG_PATH = "${llvmPackages_12.libclang.lib}/lib"; # Sometimes, tests fail on CI (ofborg) & hydra without this - CARGO_TEST_ARGS = "--workspace --exclude sequoia-store"; + checkFlags = [ + # doctest for sequoia-ipc fail for some reason + "--skip=macros::assert_send_and_sync" + "--skip=macros::time_it" + ]; preInstall = lib.optionalString pythonSupport '' export installFlags="PYTHONPATH=$PYTHONPATH:$out/${pythonPackages.python.sitePackages}" @@ -95,5 +99,6 @@ rustPlatform.buildRustPackage rec { homepage = "https://sequoia-pgp.org/"; license = licenses.gpl2Plus; maintainers = with maintainers; [ minijackson doronbehar ]; + mainProgram = "sq"; }; } diff --git a/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix b/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix index 4be2189e2935..c47e5a212858 100644 --- a/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/sheesy-cli/default.nix @@ -37,5 +37,6 @@ rustPlatform.buildRustPackage rec { changelog = "https://github.com/share-secrets-safely/cli/releases/tag/${version}"; license = with licenses; [ lgpl21Only ]; maintainers = with maintainers; [ devhell ]; + mainProgram = "sy"; }; } diff --git a/nixpkgs/pkgs/tools/security/shellnoob/default.nix b/nixpkgs/pkgs/tools/security/shellnoob/default.nix new file mode 100644 index 000000000000..f7814b24384b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shellnoob/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenvNoCC, fetchFromGitHub, python3 }: + +stdenvNoCC.mkDerivation rec { + pname = "shellnoob"; + version = "unstable-2022-03-16"; + + src = fetchFromGitHub { + owner = "reyammer"; + repo = pname; + rev = "72cf49804d8ea3de1faa7fae5794449301987bff"; + sha256 = "xF9OTFFe8godW4+z9MFaFEkjE9FB42bKWwdl9xRcmEo="; + }; + + buildInputs = [ + python3 + ]; + + installPhase = '' + runHook preInstall + + install -Dm755 shellnoob.py $out/bin/snoob + + runHook postInstall + ''; + + meta = with lib; { + description = "A shellcode writing toolkit"; + homepage = "https://github.com/reyammer/shellnoob"; + mainProgram = "snoob"; + license = licenses.mit; + maintainers = with maintainers; [ emilytrau ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sherlock/default.nix b/nixpkgs/pkgs/tools/security/sherlock/default.nix new file mode 100644 index 000000000000..7d402fd8f3f0 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sherlock/default.nix @@ -0,0 +1,56 @@ +{ stdenv, lib, fetchFromGitHub, python3, makeWrapper }: +let + pyenv = python3.withPackages (pp: with pp; [ + beautifulsoup4 + certifi + colorama + lxml + pysocks + requests + requests-futures + soupsieve + stem + torrequest + ]); +in +stdenv.mkDerivation rec { + pname = "sherlock"; + version = "0.14.0"; + + src = fetchFromGitHub { + owner = "sherlock-project"; + repo = pname; + rev = "f8566960d461783558b7bcba5c818d9275de492a"; + sha256 = "sha256-6jG/SmsiEL63EcBrx2fcQDYbmMCA+A7Jsc3E4f5NGts="; + }; + + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' + substituteInPlace sherlock/sherlock.py \ + --replace "os.path.dirname(__file__)" "\"$out/share\"" + ''; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin $out/share + cp ./sherlock/*.py $out/bin/ + cp --recursive ./sherlock/resources/ $out/share + makeWrapper ${pyenv.interpreter} $out/bin/sherlock --add-flags "$out/bin/sherlock.py" + runHook postInstall + ''; + + checkPhase = '' + runHook preCheck + cd $srcRoot/sherlock + ${pyenv.interpreter} -m unittest tests.all.SherlockSiteCoverageTests --verbose + runHook postCheck + ''; + + meta = with lib; { + homepage = "https://sherlock-project.github.io/"; + description = "Hunt down social media accounts by username across social networks"; + license = licenses.mit; + maintainers = with maintainers; [ applePrincess ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix index a2417e7b8fe2..8b10d6412d1c 100644 --- a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "sigma-cli"; - version = "0.3.4"; + version = "0.5.0"; format = "pyproject"; src = fetchFromGitHub { owner = "SigmaHQ"; repo = pname; - rev = "v${version}"; - hash = "sha256-FWcPHtEYqS+81dU4lB+4BLFOXtFumcyhucwvmu2TAt8="; + rev = "refs/tags/v${version}"; + hash = "sha256-i0rin4TLoqo+F2nWG4kcFp3x/cRtkMzAo5Ldyo0Si5w="; }; nativeBuildInputs = with python3.pkgs; [ @@ -23,9 +23,14 @@ python3.pkgs.buildPythonApplication rec { click prettytable pysigma + pysigma-backend-elasticsearch + pysigma-backend-insightidr + pysigma-backend-opensearch + pysigma-backend-qradar pysigma-backend-splunk pysigma-pipeline-crowdstrike pysigma-pipeline-sysmon + pysigma-pipeline-windows ]; checkInputs = with python3.pkgs; [ @@ -34,7 +39,8 @@ python3.pkgs.buildPythonApplication rec { postPatch = '' substituteInPlace pyproject.toml \ - --replace 'prettytable = "^3.1.1"' 'prettytable = "*"' + --replace 'prettytable = "^3.1.1"' 'prettytable = "*"' \ + --replace 'pysigma = "^0.7.2"' 'pysigma = "*"' ''; pythonImportsCheck = [ @@ -46,5 +52,6 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://github.com/SigmaHQ/sigma-cli"; license = with licenses; [ lgpl21Plus ]; maintainers = with maintainers; [ fab ]; + mainProgram = "sigma"; }; } diff --git a/nixpkgs/pkgs/tools/security/signify/default.nix b/nixpkgs/pkgs/tools/security/signify/default.nix index 3ac6f58dce94..645cb010bdf3 100644 --- a/nixpkgs/pkgs/tools/security/signify/default.nix +++ b/nixpkgs/pkgs/tools/security/signify/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "signify"; - version = "30"; + version = "31"; src = fetchFromGitHub { owner = "aperezdc"; repo = "signify"; rev = "v${version}"; - sha256 = "02xh6x6rszkvk3rf6zai7n3ivchmw0d8mwllpinjxc7k6sd415c3"; + sha256 = "sha256-y9jWG1JJhYCn6e5E2qjVqK8nmZpktiB7d9e9uP+3DLo="; }; doCheck = true; diff --git a/nixpkgs/pkgs/tools/security/signing-party/default.nix b/nixpkgs/pkgs/tools/security/signing-party/default.nix index ee099b704aaa..e08632154385 100644 --- a/nixpkgs/pkgs/tools/security/signing-party/default.nix +++ b/nixpkgs/pkgs/tools/security/signing-party/default.nix @@ -220,7 +220,7 @@ in stdenv.mkDerivation rec { * gpg-key2latex: generate LaTeX file with fingerprint paper slips ''; license = with licenses; [ bsd2 bsd3 gpl2 gpl2Plus gpl3Plus ]; - maintainers = with maintainers; [ fpletz primeos ]; + maintainers = with maintainers; [ primeos ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix b/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix index 4d5c020ad422..7d879aa497de 100644 --- a/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix +++ b/nixpkgs/pkgs/tools/security/simple-tpm-pk11/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { ''; homepage = "https://github.com/ThomasHabets/simple-tpm-pk11"; license = licenses.asl20; - maintainers = with maintainers; [ tstrobel ]; + maintainers = with maintainers; [ ]; platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/slowhttptest/default.nix b/nixpkgs/pkgs/tools/security/slowhttptest/default.nix index 5dce5d5439ac..b4c2b0efeec3 100644 --- a/nixpkgs/pkgs/tools/security/slowhttptest/default.nix +++ b/nixpkgs/pkgs/tools/security/slowhttptest/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "slowhttptest"; - version = "1.8.2"; + version = "1.9.0"; src = fetchFromGitHub { owner = "shekyan"; repo = pname; rev = "v${version}"; - sha256 = "1xv2j3hl4zj0s2cxcsvlwgridh9ap4g84g7c4918d03id15wydcx"; + sha256 = "sha256-rIvd3LykVAbDXtFWZ1EQ+QKeALzqwK6pq7In0BsCOFo="; }; buildInputs = [ openssl ]; diff --git a/nixpkgs/pkgs/tools/security/smbscan/default.nix b/nixpkgs/pkgs/tools/security/smbscan/default.nix new file mode 100644 index 000000000000..a3a2257c065c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/smbscan/default.nix @@ -0,0 +1,41 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "smbscan"; + version = "unstable-2022-05-26"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "jeffhacks"; + repo = pname; + rev = "1b19d6040cab279b97bf002934bf6f8b34d6a8b4"; + hash = "sha256-cL1mnyzIbHB/X4c7sZKVv295LNnjqwR8TZBMe9s/peg="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + impacket + python-slugify + ]; + + installPhase = '' + runHook preInstall + + install -vD smbscan.py $out/bin/smbscan + install -vd $out/${python3.sitePackages}/ + cp {scan_internals,scan,setup,local_logging,arg_parser}.py $out/${python3.sitePackages} + install -vd $out/${python3.sitePackages}/wordlists/ + cp wordlists/pattern* $out/${python3.sitePackages}/wordlists + + runHook postInstall + ''; + + meta = with lib; { + description = "Tool to enumerate file shares"; + homepage = "https://github.com/jeffhacks/smbscan"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix index b2d812d521af..8e3a806d871c 100644 --- a/nixpkgs/pkgs/tools/security/sn0int/default.nix +++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "sn0int"; - version = "0.24.1"; + version = "0.24.2"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; rev = "v${version}"; - sha256 = "sha256-AP/3QCol2qOvRqNW9F/m9JpiZrqtfXvr//Ku2XE3vqY="; + sha256 = "sha256-WcCNNLNvOtYiSWVvXA8mnlXOV2T/yIXFzZky5y3tYJ4="; }; - cargoSha256 = "sha256-gdDQjYU8hJdkQCh1Iswn5KlPW2BT/J5vCSOS/KHvbH4="; + cargoSha256 = "sha256-5pVxOkm9OLSX5Lxe3DSM0mVSMhlHfFBCiMMR37WrZbI="; nativeBuildInputs = [ pkg-config diff --git a/nixpkgs/pkgs/tools/security/snowcrash/default.nix b/nixpkgs/pkgs/tools/security/snowcrash/default.nix index bce05ed8f2e9..087c6af1e606 100644 --- a/nixpkgs/pkgs/tools/security/snowcrash/default.nix +++ b/nixpkgs/pkgs/tools/security/snowcrash/default.nix @@ -28,5 +28,6 @@ buildGoModule rec { homepage = "https://github.com/redcode-labs/SNOWCRASH"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ] ++ teams.redcodelabs.members; + mainProgram = "SNOWCRASH"; }; } diff --git a/nixpkgs/pkgs/tools/security/social-engineer-toolkit/default.nix b/nixpkgs/pkgs/tools/security/social-engineer-toolkit/default.nix new file mode 100644 index 000000000000..4f2d5895cc78 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/social-engineer-toolkit/default.nix @@ -0,0 +1,70 @@ +{ lib, fetchFromGitHub, python3Packages, makeWrapper, metasploit }: + +python3Packages.buildPythonApplication rec { + pname = "social-engineer-toolkit"; + version = "8.0.3"; + format = "other"; + + src = fetchFromGitHub { + owner = "trustedsec"; + repo = pname; + rev = version; + sha256 = "ePbmUvnzLO0Wfuhym3bNSPV1x8rcCPqKMeWSRcbJGAo="; + }; + + postPatch = '' + substituteInPlace setoolkit \ + --replace "src/core/config.baseline" "$out/share/social-engineer-toolkit/src/core/config.baseline" + substituteInPlace src/core/setcore.py \ + --replace '"src/core/set.version"' "\"$out/share/social-engineer-toolkit/src/core/set.version\"" \ + --replace "/opt/metasploit-framework" "${metasploit}/bin" + ''; + + nativeBuildInputs = [ + makeWrapper + ]; + + propagatedBuildInputs = with python3Packages; [ + pexpect + pycrypto + requests + pyopenssl + pefile + impacket + qrcode + pillow + # Has been abandoned upstream. Features using this library are broken + # pymssql + ]; + + installPhase = '' + runHook preInstall + + install -Dt $out/bin setoolkit seautomate seproxy + mkdir -p $out/share/social-engineer-toolkit + cp -r modules readme src $out/share/social-engineer-toolkit/ + + runHook postInstall + ''; + + makeWrapperArgs = [ + "--chdir ${placeholder "out"}/share/social-engineer-toolkit" + "--prefix PYTHONPATH : \"${placeholder "out"}/share/social-engineer-toolkit\"" + ]; + + # Project has no tests + doCheck = false; + + meta = with lib; { + description = "Open-source penetration testing framework designed for social engineering"; + longDescription = '' + The Social-Engineer Toolkit is an open-source penetration testing framework + designed for social engineering. SET has a number of custom attack vectors + that allow you to make a believable attack quickly. + ''; + homepage = "https://github.com/trustedsec/social-engineer-toolkit"; + mainProgram = "setoolkit"; + license = licenses.bsd3; + maintainers = with maintainers; [ emilytrau ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/softhsm/default.nix b/nixpkgs/pkgs/tools/security/softhsm/default.nix index 873cfdbbb056..b218a3241f9f 100644 --- a/nixpkgs/pkgs/tools/security/softhsm/default.nix +++ b/nixpkgs/pkgs/tools/security/softhsm/default.nix @@ -7,7 +7,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://dist.opendnssec.org/source/${pname}-${version}.tar.gz"; - hash = "sha256:1wkmyi6n3z2pak1cj5yk6v6bv9w0m24skycya48iikab0mrr8931"; + hash = "sha256-YSSUcwVLzRgRUZ75qYmogKe9zDbTF8nCVFf8YU30dfI="; }; configureFlags = [ diff --git a/nixpkgs/pkgs/tools/security/solo2-cli/default.nix b/nixpkgs/pkgs/tools/security/solo2-cli/default.nix index eaa2bc659a56..18a9e256ddbe 100644 --- a/nixpkgs/pkgs/tools/security/solo2-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/solo2-cli/default.nix @@ -14,16 +14,16 @@ rustPlatform.buildRustPackage rec { pname = "solo2-cli"; - version = "0.1.1"; + version = "0.2.0"; src = fetchFromGitHub { owner = "solokeys"; repo = pname; rev = "v${version}"; - sha256 = "sha256-3GIK0boxGD4Xa5OskP1535zCQyhMQ/oXbgThRivJzww="; + sha256 = "sha256-CRufj4SAkM0Qdffq45dp41TUqnnWep4zCB0XrEjdoG8="; }; - cargoSha256 = "sha256-MYxVegXUVeZ4AzDz+Si5TtTjUDEPTO0Nh008rgLtsLw="; + cargoSha256 = "sha256-Q6/Vi5TB0H3OQ4np/DYIpTOsTPTSDjHonFI24LJ5gWE="; nativeBuildInputs = [ installShellFiles pkg-config ]; @@ -45,5 +45,6 @@ rustPlatform.buildRustPackage rec { homepage = "https://github.com/solokeys/solo2-cli"; license = with licenses; [ asl20 mit ]; # either at your option maintainers = with maintainers; [ lukegb ]; + mainProgram = "solo2"; }; } diff --git a/nixpkgs/pkgs/tools/security/sops/default.nix b/nixpkgs/pkgs/tools/security/sops/default.nix index 9752d78a1838..9c6263c5c855 100644 --- a/nixpkgs/pkgs/tools/security/sops/default.nix +++ b/nixpkgs/pkgs/tools/security/sops/default.nix @@ -2,16 +2,18 @@ buildGoModule rec { pname = "sops"; - version = "3.7.2"; + version = "3.7.3"; src = fetchFromGitHub { rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "sha256-NMuYMvaBSxKHvpqFkMfnMDvcXxTstqzracuSTT1VB1A="; + sha256 = "sha256-wN1ksLwD4G+fUhvCe+jahh1PojPk6L6tnx1rsc7dz+M="; }; - vendorSha256 = "sha256-00/7O9EcGojUExJPtYWndb16VqrNby/5GsVs8Ak/Isc="; + vendorSha256 = "sha256-8IaE+vhVZkc9QDR6+/3eOSsuf3SYF2upNcCifbqtx14="; + + ldflags = [ "-s" "-w" ]; doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/spectre-cli/default.nix b/nixpkgs/pkgs/tools/security/spectre-cli/default.nix new file mode 100644 index 000000000000..f06365de90b5 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/spectre-cli/default.nix @@ -0,0 +1,73 @@ +{ lib +, stdenv +, fetchFromGitLab +, cmake +, libsodium +, json_c +, ncurses +, libxml2 +, jq +}: + +stdenv.mkDerivation rec { + pname = "spectre-cli"; + version = "unstable-2022-02-05"; + + src = fetchFromGitLab { + owner = "spectre.app"; + repo = "cli"; + rev = "a5e7aab28f44b90e5bd1204126339a81f64942d2"; + sha256 = "1hp4l1rhg7bzgx0hcai08rvcy6l9645sfngy2cr96l1bpypcld5i"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + libxml2 + jq + ]; + + buildInputs = [ + libsodium + json_c + ncurses + ]; + + cmakeFlags = [ + "-DBUILD_SPECTRE_TESTS=ON" + ]; + + preConfigure = '' + echo "${version}" > VERSION + + # The default buildPhase wants to create a ´build´ dir so we rename the build script to stop conflicts. + mv build build.sh + ''; + + # Some tests are expected to fail on ARM64 + # See: https://gitlab.com/spectre.app/cli/-/issues/27#note_962950844 + doCheck = !(stdenv.isLinux && stdenv.isAarch64); + + checkPhase = '' + mv ../spectre-cli-tests ../spectre_tests.xml ./ + patchShebangs spectre-cli-tests + export HOME=$(mktemp -d) + + ./spectre-tests + ./spectre-cli-tests + ''; + + installPhase = '' + mkdir -p $out/bin + mv spectre $out/bin + ''; + + meta = with lib; { + description = "A stateless cryptographic identity algorithm"; + homepage = "https://spectre.app"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ emmabastas ]; + mainProgram = "spectre"; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix b/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix index 49aa4a2a4ca5..cf85ed9310a1 100644 --- a/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix +++ b/nixpkgs/pkgs/tools/security/spectre-meltdown-checker/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "spectre-meltdown-checker"; - version = "0.44"; + version = "0.45"; src = fetchFromGitHub { owner = "speed47"; repo = "spectre-meltdown-checker"; rev = "v${version}"; - sha256 = "1b47wlc52jnp2d5c7kbqnxmlm4g3cfbv25q30llv5mlmzs6d7bam"; + sha256 = "sha256-yGrsiPBux4YeiQ3BL2fnne5P55R/sQZ4FwzSkE6BqPc="; }; prePatch = '' diff --git a/nixpkgs/pkgs/tools/security/spire/default.nix b/nixpkgs/pkgs/tools/security/spire/default.nix index 9b9e9e93488f..aa121e72ea97 100644 --- a/nixpkgs/pkgs/tools/security/spire/default.nix +++ b/nixpkgs/pkgs/tools/security/spire/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "spire"; - version = "1.2.1"; + version = "1.4.0"; outputs = [ "out" "agent" "server" ]; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "spiffe"; repo = pname; rev = "v${version}"; - sha256 = "sha256-LK73RGSTwGhCXOglsqK8RAAldovRzliE78vi2ilTSrw="; + sha256 = "sha256-wyKluqYKNmaJaXK70v7/f2WEGgekd0Qgdu3UZnXm/UU="; }; - vendorSha256 = "sha256-am8ZTUX8Vph1Eg013NObMiSVeupS2hlHdpZ/1mO27dY="; + vendorSha256 = "sha256-EZWoMSBxdvnrdBmSrRYf4+2d1LCka7oUIhRAW+2n7CU="; subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; diff --git a/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix b/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix index 7342c34ee367..d6a26dc957f5 100644 --- a/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-to-age/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ssh-to-age"; - version = "1.0.1"; + version = "1.0.2"; src = fetchFromGitHub { owner = "Mic92"; repo = "ssh-to-age"; rev = version; - sha256 = "sha256-ccwCHu6RlWqMnt5nBy54bVEzfE9/3PEL4C5LnYTtnwU="; + sha256 = "sha256-sjiOmIoFyl1Kr4RKg1TqXJNIq2/HF91oxDLtRDa+eWw="; }; - vendorSha256 = "sha256-jiFPcdWnAk54RJv4mHB3A+5tqKzqitfsiRXYZLa3Gu0="; + vendorSha256 = "sha256-Xi5aJAYgbtrDq7KBAfZR1LT5/jbslwEa70qaFqW4vcQ="; checkPhase = '' runHook preCheck diff --git a/nixpkgs/pkgs/tools/security/sslscan/default.nix b/nixpkgs/pkgs/tools/security/sslscan/default.nix index 0885c1d2de6a..e02dabb50298 100644 --- a/nixpkgs/pkgs/tools/security/sslscan/default.nix +++ b/nixpkgs/pkgs/tools/security/sslscan/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "sslscan"; - version = "2.0.12"; + version = "2.0.15"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = version; - sha256 = "sha256-lFb+W2PSmXzzNhG+yNmnDNqtUc0TsDYYnsBnKdsiPSo="; + sha256 = "sha256-YUczZYdrFGNYHoVZJ/HRbULgYWILKeo7lqyndSQO2Kw="; }; buildInputs = [ openssl ]; diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix index b650b93f411b..bb2663a70c32 100644 --- a/nixpkgs/pkgs/tools/security/step-ca/default.nix +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -12,16 +12,16 @@ buildGoModule rec { pname = "step-ca"; - version = "0.18.2"; + version = "0.21.0"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "sha256-BhPup3q2muYGWzAa/9b4vnIjBces4GhUHZ/mg4CWMRc="; + sha256 = "sha256-n6rKkhz1J4KNq84UvxRFH2H2PIsRZGONRIhgUyrlkhA="; }; - vendorSha256 = "sha256-oVaziWZGslZCVqkEXL32XvOVU54VOf41Qg+VoVWo7x0="; + vendorSha256 = "sha256-lRezUowItjW2IuxRc5GOnnuWq7VOBacSNrtMvi+3Agc="; ldflags = [ "-buildid=" ]; @@ -53,7 +53,6 @@ buildGoModule rec { description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; homepage = "https://smallstep.com/certificates/"; license = licenses.asl20; - maintainers = with maintainers; [ cmcdragonkai mohe2015 ]; - platforms = platforms.linux ++ platforms.darwin; + maintainers = with maintainers; [ cmcdragonkai mohe2015 techknowlogick ]; }; } diff --git a/nixpkgs/pkgs/tools/security/step-cli/default.nix b/nixpkgs/pkgs/tools/security/step-cli/default.nix index 0f8f37a4890c..d5b0eda8088f 100644 --- a/nixpkgs/pkgs/tools/security/step-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/step-cli/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "step-cli"; - version = "0.18.2"; + version = "0.21.0"; src = fetchFromGitHub { owner = "smallstep"; repo = "cli"; rev = "v${version}"; - sha256 = "sha256-Ki6MrLVJf2U4Q0y6jtOQZOti/m3SULWNKZ9SdirlOVA="; + sha256 = "sha256-8A63RaNa6/CD0Jlckid3RFvf0gpibFW5YZ36MdYI4ak="; }; ldflags = [ @@ -25,7 +25,7 @@ buildGoModule rec { rm command/certificate/remote_test.go ''; - vendorSha256 = "sha256-ftBZQmtrnGFMZRXDKmMyqnfxuY5vtrZDXVR43yd1shk="; + vendorSha256 = "sha256-o11PoBKC0SDPgPjqAr4KA2SAS6vusRBqzNUwnhZ9hxA="; meta = with lib; { description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix index 5385a9aba354..429027df872d 100644 --- a/nixpkgs/pkgs/tools/security/sudo/default.nix +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "sudo"; - version = "1.9.10"; + version = "1.9.11p3"; src = fetchurl { url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - sha256 = "sha256-RKFGEJjnx7jmrFl0mcJPsuQ3SMDBOai0lE5X0TSaZPQ="; + sha256 = "4687e7d2f56721708f59cca2e1352c056cb23de526c22725615a42bb094f1f70"; }; prePatch = '' diff --git a/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix b/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix deleted file mode 100644 index 242da1a67bb4..000000000000 --- a/nixpkgs/pkgs/tools/security/sudolikeaboss/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -# This file was generated by go2nix, then modified by hand for Darwin support. -{ lib, buildGoPackage, fetchFromGitHub, darwin }: - -buildGoPackage rec { - pname = "sudolikeaboss-unstable"; - version = "20161127-${lib.strings.substring 0 7 rev}"; - rev = "2d9afe19f872c9f433d476e57ee86169781b164c"; - - goPackagePath = "github.com/ravenac95/sudolikeaboss"; - - src = fetchFromGitHub { - owner = "ravenac95"; - repo = "sudolikeaboss"; - inherit rev; - sha256 = "0ni3v4kanxfzxzjd48f5dgv62jbfrw7kdmq0snj09hw7ciw55yg6"; - }; - - goDeps = ./deps.nix; - - buildInputs = with darwin.apple_sdk.frameworks; [ - Cocoa - ]; - - meta = with lib; { - inherit (src.meta) homepage; - description = "Get 1password access from iterm2"; - license = licenses.mit; - maintainers = [ maintainers.grahamc ]; - platforms = platforms.darwin; - }; -} diff --git a/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix b/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix deleted file mode 100644 index 350306a24f4b..000000000000 --- a/nixpkgs/pkgs/tools/security/sudolikeaboss/deps.nix +++ /dev/null @@ -1,39 +0,0 @@ -# This file was generated by go2nix. -[ - { - goPackagePath = "github.com/Sirupsen/logrus"; - fetch = { - type = "git"; - url = "https://github.com/Sirupsen/logrus"; - rev = "881bee4e20a5d11a6a88a5667c6f292072ac1963"; - sha256 = "176a09lp20f0qfhwwlh2xg0vk7z1g7gq8k2wr3sg1fd8m86wrzzg"; - }; - } - { - goPackagePath = "github.com/satori/go.uuid"; - fetch = { - type = "git"; - url = "https://github.com/satori/go.uuid"; - rev = "b061729afc07e77a8aa4fad0a2fd840958f1942a"; - sha256 = "0q87n5an7ha2d8kl6gn9wi41rq0whsxq68w5x3nxz7w9vgkfnq1k"; - }; - } - { - goPackagePath = "github.com/urfave/cli"; - fetch = { - type = "git"; - url = "https://github.com/urfave/cli"; - rev = "0bdeddeeb0f650497d603c4ad7b20cfe685682f6"; - sha256 = "1ny63c7bfwfrsp7vfkvb4i0xhq4v7yxqnwxa52y4xlfxs4r6v6fg"; - }; - } - { - goPackagePath = "golang.org/x/net"; - fetch = { - type = "git"; - url = "https://go.googlesource.com/net"; - rev = "0c96df335ed3f17f758cba1a2c71b7849dd828e3"; - sha256 = "02zn1f539y5yc1sx82ym8c3pp3z371d1ldhl20skwjwbdw1ln8hm"; - }; - } -] diff --git a/nixpkgs/pkgs/tools/security/super/default.nix b/nixpkgs/pkgs/tools/security/super/default.nix index d87580975f19..eba7def957ce 100644 --- a/nixpkgs/pkgs/tools/security/super/default.nix +++ b/nixpkgs/pkgs/tools/security/super/default.nix @@ -26,7 +26,11 @@ stdenv.mkDerivation rec { }) ]; - NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE"; + # -fcommon: workaround build failure on -fno-common toolchains like upstream + # gcc-10. Otherwise build fails as: + # ld: pam.o:/build/super-3.30.0/super.h:293: multiple definition of + # `Method'; super.o:/build/super-3.30.0/super.h:293: first defined here + NIX_CFLAGS_COMPILE = "-D_GNU_SOURCE -fcommon"; configureFlags = [ "--sysconfdir=/etc" diff --git a/nixpkgs/pkgs/tools/security/swaggerhole/default.nix b/nixpkgs/pkgs/tools/security/swaggerhole/default.nix new file mode 100644 index 000000000000..8455867b4be2 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/swaggerhole/default.nix @@ -0,0 +1,37 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "swaggerhole"; + version = "1.1"; + format = "setuptools"; + + src = fetchFromGitHub { + owner = "Liodeus"; + repo = pname; + # Source is not tagged at the moment, https://github.com/Liodeus/swaggerHole/issues/2 + rev = "14846406fbd0f145d71ad51c3b87f383e4afbc3b"; + hash = "sha256-3HmIpn1A86PXZRL+SqMdr84O16hW1mCUWHKnOVolmx8="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + requests + whispers + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "swaggerhole" + ]; + + meta = with lib; { + description = "Tool to searching for secret on swaggerhub"; + homepage = "https://github.com/Liodeus/swaggerHole"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/swtpm/default.nix b/nixpkgs/pkgs/tools/security/swtpm/default.nix index 39128084352e..5d20b65d5914 100644 --- a/nixpkgs/pkgs/tools/security/swtpm/default.nix +++ b/nixpkgs/pkgs/tools/security/swtpm/default.nix @@ -16,13 +16,13 @@ stdenv.mkDerivation rec { pname = "swtpm"; - version = "0.7.2"; + version = "0.7.3"; src = fetchFromGitHub { owner = "stefanberger"; repo = "swtpm"; rev = "v${version}"; - sha256 = "sha256-qeyPCJTNnwuaCosHzqnrQc0JNznGBfDTLsuDmuKREjU="; + sha256 = "sha256-YaNQgxk0uT8FLUIxF80jpgO/L9ygGRHaABEcs5ukq5E="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/sx-go/default.nix b/nixpkgs/pkgs/tools/security/sx-go/default.nix index c9dbb6559857..d69b28880d80 100644 --- a/nixpkgs/pkgs/tools/security/sx-go/default.nix +++ b/nixpkgs/pkgs/tools/security/sx-go/default.nix @@ -1,4 +1,5 @@ -{ lib +{ stdenv +, lib , buildGoModule , fetchFromGitHub , libpcap @@ -27,6 +28,7 @@ buildGoModule rec { ''; meta = with lib; { + broken = stdenv.isDarwin; description = "Command-line network scanner"; homepage = "https://github.com/v-byte-cpu/sx"; license = licenses.mit; diff --git a/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix b/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix index eb889cfef165..2ad7fe3e9099 100644 --- a/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix +++ b/nixpkgs/pkgs/tools/security/tcpcrypt/default.nix @@ -26,6 +26,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; meta = { + broken = stdenv.isDarwin; homepage = "http://tcpcrypt.org/"; description = "Fast TCP encryption"; platforms = platforms.all; diff --git a/nixpkgs/pkgs/tools/security/terrascan/default.nix b/nixpkgs/pkgs/tools/security/terrascan/default.nix index b9da8e95d3e0..573f0324969d 100644 --- a/nixpkgs/pkgs/tools/security/terrascan/default.nix +++ b/nixpkgs/pkgs/tools/security/terrascan/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "terrascan"; - version = "1.13.2"; + version = "1.15.2"; src = fetchFromGitHub { owner = "accurics"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ja7Cpd+BegGdKOWAiH5JsniO4NYlFEgJzqBuNzE2ao4="; + sha256 = "sha256-lxieqHOmkazkBnwfKLVYy0TE7rfrKcLBENeABdmWpXI="; }; - vendorSha256 = "sha256-h/mSF4hJ3TS+4b3CCUEXVin8MRcPg8qEe90Mcxk0uVo="; + vendorSha256 = "sha256-EfHcCk2NkicSPeJYgHJT2kh9EwLldksET75ZQambrWA="; # Tests want to download a vulnerable Terraform project doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix index 81bcd66948f3..a78d9a23c187 100644 --- a/nixpkgs/pkgs/tools/security/theharvester/default.nix +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "theharvester"; - version = "4.0.3"; + version = "4.2.0"; src = fetchFromGitHub { owner = "laramies"; repo = pname; rev = version; - sha256 = "sha256-Ckouhe/Uq6Dv9p/LRpPQkiKuYrwrl/Z7KkYYamDHav8="; + sha256 = "sha256-P3yp6COwyQnVDfZM198ygu+HLdisRw068aZOVSLl7r4="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/tlsx/default.nix b/nixpkgs/pkgs/tools/security/tlsx/default.nix new file mode 100644 index 000000000000..c616e86d793b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tlsx/default.nix @@ -0,0 +1,29 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "tlsx"; + version = "0.0.5"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = pname; + rev = "v${version}"; + hash = "sha256-zUaCUi7U757A8OVQHQV2LPVqu4o73qrp2xGrH7u2viA="; + }; + + vendorSha256 = "sha256-+pSmErlxRyDH1drri294vE+hUmlmKgh3zrKpVJVC1do="; + + meta = with lib; { + description = "TLS grabber focused on TLS based data collection"; + longDescription = '' + A fast and configurable TLS grabber focused on TLS based data + collection and analysis. + ''; + homepage = "https://github.com/projectdiscovery/tlsx"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 14e0be73f01e..75492e877386 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -30,11 +30,11 @@ let in stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.6.10"; + version = "0.4.7.8"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "lMzWDgTlWPM75zAyvITqJBZg+S9Yz7iHib2miTc54xw="; + sha256 = "sha256-nppcZ60qzdXw+L4U7Vkf7QdrFwir+DRAZpkKD6Zv4ZU="; }; outputs = [ "out" "geoip" ]; @@ -45,9 +45,13 @@ stdenv.mkDerivation rec { patches = [ ./disable-monotonic-timer-tests.patch ]; - # cross compiles correctly but needs the following - configureFlags = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) - "--disable-tool-name-check"; + configureFlags = + # cross compiles correctly but needs the following + lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "--disable-tool-name-check" ] + ++ + # sandbox is broken on aarch64-linux https://gitlab.torproject.org/tpo/core/tor/-/issues/40599 + lib.optionals (stdenv.isLinux && stdenv.isAarch64) [ "--disable-seccomp" ] + ; NIX_CFLAGS_LINK = lib.optionalString stdenv.cc.isGNU "-lgcc_s"; diff --git a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix index 6063cdecc67a..16d88c9196b8 100644 --- a/nixpkgs/pkgs/tools/security/tpm-luks/default.nix +++ b/nixpkgs/pkgs/tools/security/tpm-luks/default.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation { meta = with lib; { description = "LUKS key storage in TPM NVRAM"; homepage = "https://github.com/shpedoikal/tpm-luks/"; - maintainers = [ maintainers.tstrobel ]; + maintainers = [ ]; license = with licenses; [ gpl2Only ]; platforms = platforms.linux; }; diff --git a/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix b/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix index a3352c5abfdc..b3efb6c542e9 100644 --- a/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix +++ b/nixpkgs/pkgs/tools/security/tpm2-abrmd/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "tpm2-abrmd"; - version = "2.3.3"; + version = "2.4.1"; src = fetchFromGitHub { owner = "tpm2-software"; repo = pname; rev = version; - sha256 = "17nv50w1yh6fg7393vfvys9y13lp0gvxx9vcw2pb87ky551d7xkf"; + sha256 = "0lsng4sb9ikfpp0scvl9wmh0zpjdmdf5bqbjnpfyh4gk25qxn9mw"; }; nativeBuildInputs = [ pkg-config makeWrapper autoreconfHook autoconf-archive which ]; diff --git a/nixpkgs/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch b/nixpkgs/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch new file mode 100644 index 000000000000..f73e52841d3e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/bpf-core-clang-bpf.patch @@ -0,0 +1,13 @@ +diff --git a/Makefile b/Makefile +index d5cd754..db1c1d3 100644 +--- a/Makefile ++++ b/Makefile +@@ -411,7 +411,7 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \ + $(TRACEE_EBPF_OBJ_CORE_HEADERS) + # + $(MAKE) $(OUTPUT_DIR)/tracee.bpf +- $(CMD_CLANG) \ ++ $(CMD_CLANG_BPF) \ + -D__TARGET_ARCH_$(LINUX_ARCH) \ + -D__BPF_TRACING__ \ + -DCORE \ diff --git a/nixpkgs/pkgs/tools/security/tracee/default.nix b/nixpkgs/pkgs/tools/security/tracee/default.nix new file mode 100644 index 000000000000..48d102e619d4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/default.nix @@ -0,0 +1,113 @@ +{ lib +, buildGoModule +, fetchFromGitHub + +, llvmPackages_13 +, pkg-config + +, zlib +, libelf +}: + +let + inherit (llvmPackages_13) clang; + clang-with-bpf = + (clang.overrideAttrs (o: { pname = o.pname + "-with-bpf"; })).override (o: { + extraBuildCommands = o.extraBuildCommands + '' + # make a separate wrapped clang we can target at bpf + cp $out/bin/clang $out/bin/clang-bpf + # extra flags to append after the cc-cflags + echo '-target bpf -fno-stack-protector' > $out/nix-support/cc-cflags-bpf + # use sed to attach the cc-cflags-bpf after cc-cflags + sed -i -E "s@^(extraAfter=\(\\$\NIX_CFLAGS_COMPILE_.*)(\))\$@\1 $(cat $out/nix-support/cc-cflags-bpf)\2@" $out/bin/clang-bpf + ''; + }); +in +buildGoModule rec { + pname = "tracee"; + version = "0.7.0"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-Y++FWxADnj1W5S3VrAlJAnotFYb6biCPJ6dpQ0Nin8o="; + # Once libbpf hits 1.0 we will migrate to the nixpkgs libbpf rather than the + # pinned copy in submodules + fetchSubmodules = true; + }; + vendorSha256 = "sha256-C2RExp67qax8+zJIgyMJ18sBtn/xEYj4tAvGCCpBssQ="; + + patches = [ + # bpf-core can't be compiled with wrapped clang since it forces the target + # we need to be able to replace it with another wrapped clang that has + # it's target as bpf + ./bpf-core-clang-bpf.patch + # add -s to ldflags for smaller binaries + ./disable-go-symbol-table.patch + ]; + + + enableParallelBuilding = true; + + strictDeps = true; + nativeBuildInputs = [ pkg-config clang-with-bpf ]; + buildInputs = [ zlib libelf ]; + + makeFlags = [ + "VERSION=v${version}" + "CMD_CLANG_BPF=clang-bpf" + # don't actually need git but the Makefile checks for it + "CMD_GIT=echo" + ]; + + buildPhase = '' + runHook preBuild + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} + runHook postBuild + ''; + + doCheck = false; + + installPhase = '' + runHook preInstall + + mkdir -p $out/{bin,share/tracee} + + cp ./dist/tracee-ebpf $out/bin + cp ./dist/tracee-rules $out/bin + + cp -r ./dist/rules $out/share/tracee/ + cp -r ./cmd/tracee-rules/templates $out/share/tracee/ + + runHook postInstall + ''; + + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + + $out/bin/tracee-ebpf --help + $out/bin/tracee-ebpf --version | grep "v${version}" + + $out/bin/tracee-rules --help + + runHook postInstallCheck + ''; + + meta = with lib; { + homepage = "https://aquasecurity.github.io/tracee/latest/"; + changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}"; + description = "Linux Runtime Security and Forensics using eBPF"; + longDescription = '' + Tracee is a Runtime Security and forensics tool for Linux. It is using + Linux eBPF technology to trace your system and applications at runtime, + and analyze collected events to detect suspicious behavioral patterns. It + is delivered as a Docker image that monitors the OS and detects suspicious + behavior based on a pre-defined set of behavioral patterns. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ jk ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/tracee/disable-go-symbol-table.patch b/nixpkgs/pkgs/tools/security/tracee/disable-go-symbol-table.patch new file mode 100644 index 000000000000..2aba5f5c338f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/disable-go-symbol-table.patch @@ -0,0 +1,22 @@ +diff --git a/Makefile b/Makefile +index d5cd754..0b74a79 100644 +--- a/Makefile ++++ b/Makefile +@@ -471,7 +471,7 @@ ifeq ($(BTFHUB), 1) + endif + $(GO_ENV_EBPF) $(CMD_GO) build \ + -tags $(GO_TAGS_EBPF) \ +- -ldflags="-w \ ++ -ldflags="-s -w \ + -extldflags \"$(CGO_EXT_LDFLAGS_EBPF)\" \ + -X main.version=\"$(VERSION)\" \ + " \ +@@ -552,7 +552,7 @@ $(OUTPUT_DIR)/tracee-rules: \ + # + $(GO_ENV_RULES) $(CMD_GO) build \ + -tags $(GO_TAGS_RULES) \ +- -ldflags="-w \ ++ -ldflags="-s -w \ + -extldflags \"$(CGO_EXT_LDFLAGS_RULES)\" \ + " \ + -v -o $@ \ diff --git a/nixpkgs/pkgs/tools/security/tracee/skip-init-test.patch b/nixpkgs/pkgs/tools/security/tracee/skip-init-test.patch new file mode 100644 index 000000000000..612e56e4446f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/skip-init-test.patch @@ -0,0 +1,12 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index 8601eb9..57088d2 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -149,6 +149,7 @@ func checkUidzero(t *testing.T, gotOutput *bytes.Buffer) { + + // only capture pids of 1 + func checkPidOne(t *testing.T, gotOutput *bytes.Buffer) { ++ t.Skip("Not compatible with systemd init") + _, _ = exec.Command("init", "q").CombinedOutput() + + waitForTraceeOutput(gotOutput, time.Now()) diff --git a/nixpkgs/pkgs/tools/security/tracee/skip-magic_write-test.patch b/nixpkgs/pkgs/tools/security/tracee/skip-magic_write-test.patch new file mode 100644 index 000000000000..99869a18f0e8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/skip-magic_write-test.patch @@ -0,0 +1,12 @@ +diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go +index 8601eb9..a8a3eed 100644 +--- a/tests/integration/integration_test.go ++++ b/tests/integration/integration_test.go +@@ -75,6 +75,7 @@ func waitForTraceeOutput(gotOutput *bytes.Buffer, now time.Time) { + + // small set of actions to trigger a magic write event + func checkMagicwrite(t *testing.T, gotOutput *bytes.Buffer) { ++ t.Skip() + // create a temp dir for testing + d, err := ioutil.TempDir("", "Test_MagicWrite-dir-*") + require.NoError(t, err) diff --git a/nixpkgs/pkgs/tools/security/tracee/test.nix b/nixpkgs/pkgs/tools/security/tracee/test.nix new file mode 100644 index 000000000000..cb639ed03173 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/tracee/test.nix @@ -0,0 +1,41 @@ +{ pkgs ? import ../../../../. { } }: + +# manually run `nix-build ./pkgs/tools/security/tracee/test.nix` to test +pkgs.nixosTest ({ + name = "tracee-test"; + nodes = { + machine = { config, pkgs, ... }: { + environment.systemPackages = [ + pkgs.tracee + # build the go integration tests as a binary + (pkgs.tracee.overrideAttrs (oa: { + pname = oa.pname + "-integration"; + patches = oa.patches or [] ++ [ + # skip test that runs `init -q` which is incompatible with systemd init + ./skip-init-test.patch + # skip magic_write test that currently fails + ./skip-magic_write-test.patch + ]; + # just build the static lib we need for the go test binary + makeFlags = oa.makeFlags ++ [ "./dist/libbpf/libbpf.a" ]; + postBuild = '' + # by default the tests are disabled and this is intended to be commented out + sed -i '/t.Skip("This test requires root privileges")/d' ./tests/integration/integration_test.go + CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags ebpf,integration -c -o $GOPATH/tracee-integration ./tests/integration + ''; + doCheck = false; + installPhase = '' + mkdir -p $out/bin + cp $GOPATH/tracee-integration $out/bin + ''; + doInstallCheck = false; + })) + ]; + }; + }; + + testScript = '' + with subtest("run integration tests"): + print(machine.succeed('TRC_BIN="$(which tracee-ebpf)" tracee-integration -test.v -test.run "Test_Events"')) + ''; +}) diff --git a/nixpkgs/pkgs/tools/security/traitor/default.nix b/nixpkgs/pkgs/tools/security/traitor/default.nix index 3401fe4f31e6..c809a5cbd14d 100644 --- a/nixpkgs/pkgs/tools/security/traitor/default.nix +++ b/nixpkgs/pkgs/tools/security/traitor/default.nix @@ -1,4 +1,5 @@ -{ lib +{ stdenv +, lib , buildGoModule , fetchFromGitHub }: @@ -24,6 +25,7 @@ buildGoModule rec { (including most of GTFOBins) in order to pop a root shell. ''; homepage = "https://github.com/liamg/traitor"; + platforms = platforms.linux; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/nixpkgs/pkgs/tools/security/truecrack/default.nix b/nixpkgs/pkgs/tools/security/truecrack/default.nix index cf64b234c66f..e90eed4d6612 100644 --- a/nixpkgs/pkgs/tools/security/truecrack/default.nix +++ b/nixpkgs/pkgs/tools/security/truecrack/default.nix @@ -27,12 +27,21 @@ gccStdenv.mkDerivation rec { cudatoolkit ]; + # Workaround build failure on -fno-common toolchains like upstream + # gcc-10. Otherwise build fails as: + # ld: CpuAes.o:/build/source/src/Crypto/CpuAes.h:1233: multiple definition of + # `t_rc'; CpuCore.o:/build/source/src/Crypto/CpuAes.h:1237: first defined here + # TODO: remove on upstream fixes it: + # https://gitlab.com/kalilinux/packages/truecrack/-/issues/1 + NIX_CFLAGS_COMPILE = "-fcommon"; + installFlags = [ "prefix=$(out)" ]; enableParallelBuilding = true; meta = with lib; { description = "TrueCrack is a brute-force password cracker for TrueCrypt volumes. It works on Linux and it is optimized for Nvidia Cuda technology."; homepage = "https://gitlab.com/kalilinux/packages/truecrack"; + broken = cudaSupport; license = licenses.gpl3Plus; platforms = platforms.unix; maintainers = with maintainers; [ ethancedwards8 ]; diff --git a/nixpkgs/pkgs/tools/security/trueseeing/default.nix b/nixpkgs/pkgs/tools/security/trueseeing/default.nix new file mode 100644 index 000000000000..4aa9e1852aee --- /dev/null +++ b/nixpkgs/pkgs/tools/security/trueseeing/default.nix @@ -0,0 +1,44 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "trueseeing"; + version = "2.1.4"; + format = "flit"; + + src = fetchFromGitHub { + owner = "alterakey"; + repo = pname; + rev = "v${version}"; + hash = "sha256-zc0AOv7OFmEPLl//eykbh538rM2j4kXBLHt5bgK1IRY="; + }; + + nativeBuildInputs = with python3.pkgs; [ + flit-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + attrs + ipython + jinja2 + lxml + pypubsub + pyyaml + ]; + + # Project has no tests + doCheck = false; + + pythonImportsCheck = [ + "trueseeing" + ]; + + meta = with lib; { + description = "Non-decompiling Android vulnerability scanner"; + homepage = "https://github.com/alterakey/trueseeing"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/uncover/default.nix b/nixpkgs/pkgs/tools/security/uncover/default.nix new file mode 100644 index 000000000000..f8102c6987d8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/uncover/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "uncover"; + version = "0.0.6"; + + src = fetchFromGitHub { + owner = "projectdiscovery"; + repo = pname; + rev = "v${version}"; + hash = "sha256-iWSaNfRZJ59C7DWsPett9zM6hi/kOtpxlkw2haMeuaY="; + }; + + vendorSha256 = "sha256-M50pQJCzEXSBXUsjwxlM8s1WgcPwZgBpArUExLP+bRY="; + + meta = with lib; { + description = "API wrapper to search for exposed hosts"; + longDescription = '' + uncover is a go wrapper using APIs of well known search engines to quickly + discover exposed hosts on the internet. It is built with automation in mind, + so you can query it and utilize the results with your current pipeline tools. + Currently, it supports shodan,shodan-internetdb, censys, and fofa search API. + ''; + homepage = "https://github.com/projectdiscovery/uncover"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index d349c205ad4f..0d16ee9a995d 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.10.0"; + version = "1.11.2"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-XgrEtAVfMcXbmAjwgIWME/v85QHJ11fUXapAZtS/lSw="; + sha256 = "sha256-dEIrTz24zBN6axl8bPdc4N9iebE7YBF0mGUSAbHx9Ug="; }; - vendorSha256 = "sha256-Bo0+HSG7NqaweMKPdl+kzB6RdbQsy2FAzmr7ZZVgcsg="; + vendorSha256 = "sha256-/EXrOS7kBxu6LtwTMipVJfjrJH7RuIwqD5LHH3yDADQ="; subPackages = [ "." ]; @@ -38,7 +38,7 @@ buildGoModule rec { --prefix PATH ${lib.makeBinPath [ gawk glibc ]} ''; - passthru.tests = { inherit (nixosTests) vault vault-postgresql; }; + passthru.tests = { inherit (nixosTests) vault vault-postgresql vault-dev; }; meta = with lib; { homepage = "https://www.vaultproject.io/"; diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index ebb70a1f6292..b253898c02b8 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "vault-bin"; - version = "1.10.0"; + version = "1.11.1"; src = let @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; sha256 = selectSystem { - x86_64-linux = "sha256-enD/JcOmeavvUd/njbu7IksAqp9dKepVdYPkLJHA8OQ="; - aarch64-linux = "sha256-FDkgUqFEVJoSED/FWqOXa4BTO6AYwkLS2iZh+BkzlqA="; - i686-linux = "sha256-XUTWB5Ynu92SMP9Nt/0jAki6til4upKv1sdFzPbWxiw="; - x86_64-darwin = "sha256-QNCsbIza56NqSU7R6+Cx//WBXiEOz6CEMCjrx4AR1x8="; - aarch64-darwin = "sha256-LBgd8gqeU92336kypSIwMtKo7I1qB/RP2dNoIGJgq7k="; + x86_64-linux = "sha256-mh/O9X4yOEspZ3Z+N22Wt8PeNee9U7U4R8laS7PCrhI="; + aarch64-linux = "sha256-9LybdftRdc9NYxYzPwojYdYxu1DbtVjG0nlT88oxX9E="; + i686-linux = "sha256-nPnWzxv5AVfOrGJxnFImZacUeKRZ0+Gyesf5TiRvz/0="; + x86_64-darwin = "sha256-kOT1Vs2LxCih/GewL66tVI5t50eKU/ejT9ccSjp7ar8="; + aarch64-darwin = "sha256-UkuZAFzT3pjg7q7NJ4+DaAk0syAVf6N512bxwLuQHHE="; }; in fetchzip { @@ -52,10 +52,12 @@ stdenv.mkDerivation rec { passthru.updateScript = ./update-bin.sh; meta = with lib; { - homepage = "https://www.vaultproject.io"; description = "A tool for managing secrets, this binary includes the UI"; - platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; + homepage = "https://www.vaultproject.io"; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; license = licenses.mpl20; maintainers = with maintainers; teams.serokell.members ++ [ offline psyanticy Chili-Man techknowlogick ]; + mainProgram = "vault"; + platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-darwin" "aarch64-linux" ]; }; } diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix index 49e02a4e1c26..f06ae50ca41e 100644 --- a/nixpkgs/pkgs/tools/security/vaultwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/vaultwarden/default.nix @@ -5,16 +5,16 @@ rustPlatform.buildRustPackage rec { pname = "vaultwarden"; - version = "1.24.0"; + version = "1.25.2"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "sha256-zeMVdsTSp1z8cwebU2N6w7436N8CcI7PzNedDOSvEx4="; + sha256 = "sha256-6CpdvLCw7SUmWm9NHAxFAo454Rrp1FloDp67YAr0pjQ="; }; - cargoSha256 = "sha256-Sn6DuzV2OfaywE0W2afRG0h8PfOprqMtZtYM/exGEww="; + cargoSha256 = "sha256-+rXQGZNUz6UDLFVNbyHF6dTe3nEm5/2ITmVI+MfY6nM="; postPatch = '' # Upstream specifies 1.57; nixpkgs has 1.56 which also produces a working diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix b/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix index 5ec014de9593..4353303a9160 100644 --- a/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix +++ b/nixpkgs/pkgs/tools/security/vaultwarden/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "vaultwarden-vault"; - version = "2.25.0"; + version = "2022.6.2"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "sha256-0uxkHz/oHWl4MdzV7zRVKgkEqOkrl7Fd405TOf472gw="; + sha256 = "sha256-IG/eCBTUa7eKeaelqxCWO+rrXJUuBanhsYwklftxdOE="; }; buildCommand = '' diff --git a/nixpkgs/pkgs/tools/security/vulnix/default.nix b/nixpkgs/pkgs/tools/security/vulnix/default.nix index 90d4e0f509b9..c3eb53c3b207 100644 --- a/nixpkgs/pkgs/tools/security/vulnix/default.nix +++ b/nixpkgs/pkgs/tools/security/vulnix/default.nix @@ -13,6 +13,11 @@ python3Packages.buildPythonApplication rec { sha256 = "07v3ddvvhi3bslwrlin45kz48i3va2lzd6ny0blj5i2z8z40qcfm"; }; + postPatch = '' + substituteInPlace setup.cfg \ + --replace "--flake8" "" + ''; + outputs = [ "out" "doc" "man" ]; nativeBuildInputs = [ ronn ]; @@ -20,7 +25,6 @@ python3Packages.buildPythonApplication rec { freezegun pytest pytest-cov - pytest-flake8 ]; propagatedBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/waf-tester/default.nix b/nixpkgs/pkgs/tools/security/waf-tester/default.nix new file mode 100644 index 000000000000..3ef1dbb47e19 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/waf-tester/default.nix @@ -0,0 +1,39 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, testers +, waf-tester +}: + +buildGoModule rec { + pname = "waf-tester"; + version = "0.6.10"; + + src = fetchFromGitHub { + owner = "jreisinger"; + repo = pname; + rev = "v${version}"; + hash = "sha256-fl0gcpcJr7yckfNcnt1C+i2iGdD2oiCq7gJIkiz2v7E="; + }; + + vendorSha256 = "sha256-qVzgZX4HVXZ3qgYAu3a46vcGl4Pk2D1Zx/giEmPEG88="; + + ldflags = [ + "-s" + "-w" + "-X main.version=${version}" + ]; + + passthru.tests.version = testers.testVersion { + package = waf-tester; + command = "waf-tester -version"; + version = "waf-tester ${version}, commit none, built at unknown by unknown"; + }; + + meta = with lib; { + description = "Tool to test Web Application Firewalls (WAFs)"; + homepage = "https://github.com/jreisinger/waf-tester"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wafw00f/default.nix b/nixpkgs/pkgs/tools/security/wafw00f/default.nix index 0e363b608fd4..55d4b7591e38 100644 --- a/nixpkgs/pkgs/tools/security/wafw00f/default.nix +++ b/nixpkgs/pkgs/tools/security/wafw00f/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "wafw00f"; - version = "2.1.0"; + version = "2.2.0"; format = "setuptools"; src = fetchFromGitHub { owner = "EnableSecurity"; repo = pname; - rev = "v${version}"; - sha256 = "0526kz6ypww9nxc2vddkhpn1gqvn25mzj3wmi91wwxwxjjb6w4qj"; + rev = "refs/tags/v${version}"; + sha256 = "sha256-wJZ1/aRMFpE6Q5YAtGxXwxe2G9H/de+l3l0C5rwEWA8="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/wapiti/default.nix b/nixpkgs/pkgs/tools/security/wapiti/default.nix index e27851f618d6..4769db4816ef 100644 --- a/nixpkgs/pkgs/tools/security/wapiti/default.nix +++ b/nixpkgs/pkgs/tools/security/wapiti/default.nix @@ -5,20 +5,16 @@ python3.pkgs.buildPythonApplication rec { pname = "wapiti"; - version = "3.0.9"; + version = "3.1.3"; format = "setuptools"; src = fetchFromGitHub { owner = "wapiti-scanner"; repo = pname; rev = version; - sha256 = "sha256-olqPM8EQ8LxQQM7kqcjbT9RMdBeYdhfn6Qp6BUu8K5Q="; + sha256 = "sha256-alrJVe4Miarkk8BziC8Y333b3swJ4b4oQpP2WAdT2rc="; }; - nativeBuildInputs = with python3.pkgs; [ - pytest-runner - ]; - propagatedBuildInputs = with python3.pkgs; [ aiocache aiosqlite @@ -27,22 +23,20 @@ python3.pkgs.buildPythonApplication rec { browser-cookie3 cryptography dnspython + httpcore httpx - httpx-ntlm - httpx-socks humanize + importlib-metadata loguru Mako markupsafe - pysocks + mitmproxy six - sslyze sqlalchemy tld yaswfp - ] ++ lib.optionals (python3.pythonOlder "3.8") [ - importlib-metadata - ]; + ] ++ httpx.optional-dependencies.brotli + ++ httpx.optional-dependencies.socks; checkInputs = with python3.pkgs; [ respx @@ -52,9 +46,9 @@ python3.pkgs.buildPythonApplication rec { postPatch = '' # Ignore pinned versions + sed -i -e "s/==[0-9.]*//;s/>=[0-9.]*//" setup.py substituteInPlace setup.py \ - --replace "httpx-socks[asyncio] == 0.6.0" "httpx-socks[asyncio]" - sed -i -e "s/==[0-9.]*//" setup.py + --replace '"pytest-runner"' "" substituteInPlace setup.cfg \ --replace " --cov --cov-report=xml" "" ''; @@ -107,6 +101,7 @@ python3.pkgs.buildPythonApplication rec { "test_true_positive_request_count" "test_unregistered_cname" "test_url_detection" + "test_verify_dns" "test_warning" "test_whole" "test_xss_inside_tag_input" @@ -118,10 +113,16 @@ python3.pkgs.buildPythonApplication rec { # Requires a PHP installation "test_timesql" "test_cookies" + "test_redirect" # TypeError: Expected bytes or bytes-like object got: <class 'str'> "test_persister_upload" ]; + disabledTestPaths = [ + # Requires sslyze which is obsolete and was removed + "tests/attack/test_mod_ssl.py" + ]; + pythonImportsCheck = [ "wapitiCore" ]; diff --git a/nixpkgs/pkgs/tools/security/webanalyze/default.nix b/nixpkgs/pkgs/tools/security/webanalyze/default.nix new file mode 100644 index 000000000000..1cbc22b1482d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/webanalyze/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "webanalyze"; + version = "0.3.7"; + + src = fetchFromGitHub { + owner = "rverton"; + repo = pname; + rev = "v${version}"; + hash = "sha256-W7NgV50r/MNSF6+e0IR9C1dcg/k0w67GcTs0NTbhKBc="; + }; + + vendorSha256 = "sha256-kXtWYGsZUUhBNvkTOah3Z+ta118k6PXfpBx6MLr/pq0="; + + meta = with lib; { + description = "Tool to uncover technologies used on websites"; + homepage = "https://github.com/rverton/webanalyze"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/whatweb/Gemfile b/nixpkgs/pkgs/tools/security/whatweb/Gemfile new file mode 100644 index 000000000000..a376a3baae36 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/whatweb/Gemfile @@ -0,0 +1,6 @@ +source 'https://rubygems.org' +gem 'ipaddr' +gem 'addressable' +gem 'json' +gem 'mongo' +gem 'rchardet' diff --git a/nixpkgs/pkgs/tools/security/whatweb/Gemfile.lock b/nixpkgs/pkgs/tools/security/whatweb/Gemfile.lock new file mode 100644 index 000000000000..7bfd24112b1a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/whatweb/Gemfile.lock @@ -0,0 +1,25 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) + bson (4.14.1) + ipaddr (1.2.4) + json (2.6.1) + mongo (2.17.1) + bson (>= 4.8.2, < 5.0.0) + public_suffix (4.0.6) + rchardet (1.8.0) + +PLATFORMS + ruby + +DEPENDENCIES + addressable + ipaddr + json + mongo + rchardet + +BUNDLED WITH + 2.1.4 diff --git a/nixpkgs/pkgs/tools/security/whatweb/default.nix b/nixpkgs/pkgs/tools/security/whatweb/default.nix new file mode 100644 index 000000000000..30d866da869a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/whatweb/default.nix @@ -0,0 +1,50 @@ +{ lib, stdenv, fetchFromGitHub, bundlerEnv, ruby }: + +let + gems = bundlerEnv { + name = "whatweb-env"; + inherit ruby; + gemdir = ./.; + }; + +in stdenv.mkDerivation rec { + pname = "whatweb"; + version = "0.5.5"; + + src = fetchFromGitHub { + owner = "urbanadventurer"; + repo = "whatweb"; + rev = "v${version}"; + sha256 = "sha256-HLF55x4C8n8aPO4SI0d6Z9wZe80krtUaGUFmMaYRBIE="; + }; + + prePatch = '' + substituteInPlace Makefile \ + --replace "/usr/local" "$out" \ + --replace "/usr" "$out" + ''; + + buildInputs = [ gems ]; + + installPhase = '' + runHook preInstall + + raw=$out/share/whatweb/whatweb + rm $out/bin/whatweb + cat << EOF >> $out/bin/whatweb + #!/bin/sh -e + exec ${gems}/bin/bundle exec ${ruby}/bin/ruby "$raw" "\$@" + EOF + chmod +x $out/bin/whatweb + + runHook postInstall + ''; + + meta = with lib; { + description = "Next generation web scanner"; + homepage = "https://github.com/urbanadventurer/whatweb"; + license = licenses.gpl2Only; + maintainers = with maintainers; [ wolfangaukang ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/tools/security/whatweb/gemset.nix b/nixpkgs/pkgs/tools/security/whatweb/gemset.nix new file mode 100644 index 000000000000..22d469b53e27 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/whatweb/gemset.nix @@ -0,0 +1,74 @@ +{ + addressable = { + dependencies = ["public_suffix"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "022r3m9wdxljpbya69y2i3h9g3dhhfaqzidf95m6qjzms792jvgp"; + type = "gem"; + }; + version = "2.8.0"; + }; + bson = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03n3w96vpblaxvk1qk8hq7sbsmg4nv7qdkdr8f7nfvalgpakp5i5"; + type = "gem"; + }; + version = "4.14.1"; + }; + ipaddr = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "13qd34nzpgp3fxfjbvaqg3dcnfr0cgl5vjvcqy0hfllbvfcklnbq"; + type = "gem"; + }; + version = "1.2.4"; + }; + json = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1z9grvjyfz16ag55hg522d3q4dh07hf391sf9s96npc0vfi85xkz"; + type = "gem"; + }; + version = "2.6.1"; + }; + mongo = { + dependencies = ["bson"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "19sihy8ihi3hmdg3gxbf4qvzmjnzx8xygg9534012j9z0wmhs7h1"; + type = "gem"; + }; + version = "2.17.1"; + }; + public_suffix = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + type = "gem"; + }; + version = "4.0.6"; + }; + rchardet = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1isj1b3ywgg2m1vdlnr41lpvpm3dbyarf1lla4dfibfmad9csfk9"; + type = "gem"; + }; + version = "1.8.0"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/whispers/default.nix b/nixpkgs/pkgs/tools/security/whispers/default.nix deleted file mode 100644 index 07c1f1e707e4..000000000000 --- a/nixpkgs/pkgs/tools/security/whispers/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib -, fetchFromGitHub -, python3 -}: - -python3.pkgs.buildPythonApplication rec { - pname = "whispers"; - version = "1.5.3"; - - src = fetchFromGitHub { - owner = "Skyscanner"; - repo = pname; - rev = version; - sha256 = "sha256-jruUGyoZCyMu015QKtlvfx5WRMfxo/eYUue9wUIWb6o="; - }; - - propagatedBuildInputs = with python3.pkgs; [ - astroid - beautifulsoup4 - jproperties - luhn - lxml - python-Levenshtein - pyyaml - ]; - - checkInputs = with python3.pkgs; [ - pytest-mock - pytestCheckHook - ]; - - postPatch = '' - substituteInPlace setup.py \ - --replace '"pytest-runner"' "" - ''; - - preCheck = '' - # Some tests need the binary available in PATH - export PATH=$out/bin:$PATH - ''; - - pythonImportsCheck = [ - "whispers" - ]; - - meta = with lib; { - description = "Tool to identify hardcoded secrets in static structured text"; - homepage = "https://github.com/Skyscanner/whispers"; - license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab ]; - }; -} diff --git a/nixpkgs/pkgs/tools/security/witness/default.nix b/nixpkgs/pkgs/tools/security/witness/default.nix index bb15d9d72cc0..78b7f32a61df 100644 --- a/nixpkgs/pkgs/tools/security/witness/default.nix +++ b/nixpkgs/pkgs/tools/security/witness/default.nix @@ -2,26 +2,25 @@ buildGoModule rec { pname = "witness"; - version = "0.1.6"; + version = "0.1.11"; src = fetchFromGitHub { owner = "testifysec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-/35hIA6Wm/F5hwyLZbt4JXpwWISWbzVAWrX29r6pejY="; + sha256 = "sha256-/v6dltF4oCIOtN6Fcpf+VvT+c3vTB1q/IgGUqZzbcVk="; }; - - vendorSha256 = "sha256-vXDsHHJknw9hsHx1mJA2c0CWwFbRXjCjitNWPh6V4yw="; + vendorSha256 = "sha256-UP68YNLX+fuCvd+e3rER1icha9bS3MemJLwJOMMOVfg="; nativeBuildInputs = [ installShellFiles ]; # We only want the witness binary, not the helper utilities for generating docs. - subPackages = [ "cmd/witness" ]; + subPackages = [ "." ]; ldflags = [ "-s" "-w" - "-X github.com/testifysec/witness/cmd/witness/cmd.Version=v${version}" + "-X github.com/testifysec/witness/cmd.Version=v${version}" ]; # Feed in all tests for testing @@ -38,6 +37,14 @@ buildGoModule rec { --zsh <($out/bin/witness completion zsh) ''; + doInstallCheck = true; + installCheckPhase = '' + runHook preInstallCheck + $out/bin/witness --help + $out/bin/witness version | grep "v${version}" + runHook postInstallCheck + ''; + meta = with lib; { description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/wprecon/default.nix b/nixpkgs/pkgs/tools/security/wprecon/default.nix index bd343a5f1b12..964b6b7ff5bf 100644 --- a/nixpkgs/pkgs/tools/security/wprecon/default.nix +++ b/nixpkgs/pkgs/tools/security/wprecon/default.nix @@ -5,16 +5,21 @@ buildGoModule rec { pname = "wprecon"; - version = "1.6.3a"; + version = "2.4.5"; src = fetchFromGitHub { owner = "blackbinn"; repo = pname; rev = version; - sha256 = "0gqi4799ha3mf8r7ini0wj4ilkfsh80vnnxijfv9a343r6z5w0dn"; + hash = "sha256-23zJD3Nnkeko+J2FjPq5RA5dIjORMXvwt3wtAYiVlQs="; }; - vendorSha256 = "1sab58shspll96rqy1rp659s0yikqdcx59z9b88d6p4w8a98ns87"; + vendorSha256 = "sha256-FYdsLcW6FYxSgixZ5US9cBPABOAVwidC3ejUNbs1lbA="; + + postFixup = '' + # Rename binary + mv $out/bin/cli $out/bin/${pname} + ''; meta = with lib; { description = "WordPress vulnerability recognition tool"; @@ -23,6 +28,5 @@ buildGoModule rec { # https://github.com/blackbinn/wprecon/blob/master/LICENSE license = with licenses; [ unfree ]; maintainers = with maintainers; [ fab ]; - broken = true; # build fails, missing tag }; } diff --git a/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock index 9fd526674365..1fd8ff1bc144 100644 --- a/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/wpscan/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.1.4.1) + activesupport (6.1.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -9,10 +9,10 @@ GEM zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) - cms_scanner (0.13.6) - ethon (~> 0.14.0) + cms_scanner (0.13.8) + ethon (>= 0.14, < 0.16) get_process_mem (~> 0.2.5) - nokogiri (>= 1.11.4, < 1.13.0) + nokogiri (>= 1.11.4, < 1.14.0) opt_parse_validator (~> 1.9.5) public_suffix (~> 4.0.3) ruby-progressbar (>= 1.10, < 1.12) @@ -20,21 +20,23 @@ GEM typhoeus (>= 1.3, < 1.5) xmlrpc (~> 0.3) yajl-ruby (~> 1.4.1) - concurrent-ruby (1.1.9) - ethon (0.14.0) + concurrent-ruby (1.1.10) + ethon (0.15.0) ffi (>= 1.15.0) - ffi (1.15.4) + ffi (1.15.5) get_process_mem (0.2.7) ffi (~> 1.0) - i18n (1.8.11) + i18n (1.10.0) concurrent-ruby (~> 1.0) - minitest (5.14.4) - nokogiri (1.12.5-x86_64-linux) + mini_portile2 (2.8.0) + minitest (5.15.0) + nokogiri (1.13.6) + mini_portile2 (~> 2.8.0) racc (~> 1.4) opt_parse_validator (1.9.5) activesupport (>= 5.2, < 6.2.0) addressable (>= 2.5, < 2.9) - public_suffix (4.0.6) + public_suffix (4.0.7) racc (1.6.0) ruby-progressbar (1.11.0) sys-proctable (1.2.6) @@ -44,18 +46,18 @@ GEM tzinfo (2.0.4) concurrent-ruby (~> 1.0) webrick (1.7.0) - wpscan (3.8.20) - cms_scanner (~> 0.13.6) + wpscan (3.8.22) + cms_scanner (~> 0.13.8) xmlrpc (0.3.2) webrick - yajl-ruby (1.4.1) - zeitwerk (2.5.1) + yajl-ruby (1.4.3) + zeitwerk (2.5.4) PLATFORMS - x86_64-linux + ruby DEPENDENCIES wpscan BUNDLED WITH - 2.2.24 + 2.3.9 diff --git a/nixpkgs/pkgs/tools/security/wpscan/gemset.nix b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix index 0c882a313312..af6c94edac6b 100644 --- a/nixpkgs/pkgs/tools/security/wpscan/gemset.nix +++ b/nixpkgs/pkgs/tools/security/wpscan/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19gx1jcq46x9d1pi1w8xq0bgvvfw239y4lalr8asm291gj3q3ds4"; + sha256 = "08wzpwgdm03vzb8gqr8bvfdarb89g5ah0skvwqk6qv87p55xqkyw"; type = "gem"; }; - version = "6.1.4.1"; + version = "6.1.6"; }; addressable = { dependencies = ["public_suffix"]; @@ -27,20 +27,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1kpp3598xs79irb9g2wkcxjwlszj37sb7lp3xmvf6s5s40p0ccwf"; + sha256 = "15d7djrrkrcwznglgkr4y80jbsbxaf071qhjnn4i1c4n7nszwwfj"; type = "gem"; }; - version = "0.13.6"; + version = "0.13.8"; }; concurrent-ruby = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0nwad3211p7yv9sda31jmbyw6sdafzmdi2i2niaz6f0wk5nq9h0f"; + sha256 = "0s4fpn3mqiizpmpy2a24k4v365pv75y50292r8ajrv4i1p5b2k14"; type = "gem"; }; - version = "1.1.9"; + version = "1.1.10"; }; ethon = { dependencies = ["ffi"]; @@ -48,20 +48,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bby4hbq96vnzcdbbybcbddin8dxdnj1ns758kcr4akykningqhh"; + sha256 = "0kd7c61f28f810fgxg480j7457nlvqarza9c2ra0zhav0dd80288"; type = "gem"; }; - version = "0.14.0"; + version = "0.15.0"; }; ffi = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ssxcywmb3flxsjdg13is6k01807zgzasdhj4j48dm7ac59cmksn"; + sha256 = "1862ydmclzy1a0cjbvm8dz7847d9rch495ib0zb64y84d3xd4bkg"; type = "gem"; }; - version = "1.15.4"; + version = "1.15.5"; }; get_process_mem = { dependencies = ["ffi"]; @@ -80,30 +80,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0vdd1kii40qhbr9n8qx71k2gskq6rkl8ygy8hw5hfj8bb5a364xf"; + sha256 = "0b2qyvnk4yynlg17ymkq4g5xgr275637fhl1mjh0valw3cb1fhhg"; type = "gem"; }; - version = "1.8.11"; + version = "1.10.0"; }; mini_portile2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1lvxm91hi0pabnkkg47wh1siv56s6slm2mdq1idfm86dyfidfprq"; + sha256 = "0rapl1sfmfi3bfr68da4ca16yhc0pp93vjwkj7y3rdqrzy3b41hy"; type = "gem"; }; - version = "2.6.1"; + version = "2.8.0"; }; minitest = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19z7wkhg59y8abginfrm2wzplz7py3va8fyngiigngqvsws6cwgl"; + sha256 = "06xf558gid4w8lwx13jwfdafsch9maz8m0g85wnfymqj63x5nbbd"; type = "gem"; }; - version = "5.14.4"; + version = "5.15.0"; }; nokogiri = { dependencies = ["mini_portile2" "racc"]; @@ -111,10 +111,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1v02g7k7cxiwdcahvlxrmizn3avj2q6nsjccgilq1idc89cr081b"; + sha256 = "11w59ga9324yx6339dgsflz3dsqq2mky1qqdwcg6wi5s1bf2yldi"; type = "gem"; }; - version = "1.12.5"; + version = "1.13.6"; }; opt_parse_validator = { dependencies = ["activesupport" "addressable"]; @@ -132,10 +132,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xqcgkl7bwws1qrlnmxgh8g4g9m10vg60bhlw40fplninb3ng6d9"; + sha256 = "1f3knlwfwm05sfbaihrxm4g772b79032q14c16q4b38z8bi63qcb"; type = "gem"; }; - version = "4.0.6"; + version = "4.0.7"; }; racc = { groups = ["default"]; @@ -206,10 +206,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07mzbds1j0a1y6jw4swgc4d7kcflkycdk3ivdw3lxaqaqvbfs35p"; + sha256 = "0c89shx0qv2yanyn3k6z3sjszq12vak27j33akz0lkgpfpk2sngi"; type = "gem"; }; - version = "3.8.20"; + version = "3.8.22"; }; xmlrpc = { dependencies = ["webrick"]; @@ -227,19 +227,19 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16v0w5749qjp13xhjgr2gcsvjv6mf35br7iqwycix1n2h7kfcckf"; + sha256 = "1lni4jbyrlph7sz8y49q84pb0sbj82lgwvnjnsiv01xf26f4v5wc"; type = "gem"; }; - version = "1.4.1"; + version = "1.4.3"; }; zeitwerk = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18l4r6layck0d80ydc692mv1lxak5xbf6w2paj1x7m2ggbggzxgj"; + sha256 = "09bq7j2p6mkbxnsg71s253dm2463kg51xc7bmjcxgyblqbh4ln7m"; type = "gem"; }; - version = "2.5.1"; + version = "2.5.4"; }; } diff --git a/nixpkgs/pkgs/tools/security/wpscan/update.sh b/nixpkgs/pkgs/tools/security/wpscan/update.sh index 4e55a770fd4e..c30cc62e5296 100755 --- a/nixpkgs/pkgs/tools/security/wpscan/update.sh +++ b/nixpkgs/pkgs/tools/security/wpscan/update.sh @@ -6,6 +6,11 @@ set -e cd "$(dirname "${BASH_SOURCE[0]}")" rm -f Gemfile.lock Gemfile.lock + +# Otherwise nokogiri will fail to build. +# https://github.com/nix-community/bundix/issues/88 +bundler config set --local force_ruby_platform true + bundler lock BUNDLE_GEMFILE=Gemfile bundler lock --lockfile=Gemfile.lock bundix --gemfile=Gemfile --lockfile=Gemfile.lock --gemset=gemset.nix diff --git a/nixpkgs/pkgs/tools/security/yara/default.nix b/nixpkgs/pkgs/tools/security/yara/default.nix index 9295dd400992..07f36f4892ce 100644 --- a/nixpkgs/pkgs/tools/security/yara/default.nix +++ b/nixpkgs/pkgs/tools/security/yara/default.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "yara"; - version = "4.2.0"; + version = "4.2.3"; src = fetchFromGitHub { owner = "VirusTotal"; repo = pname; rev = "v${version}"; - hash = "sha256-ECvNob5QbOe5JfaDMGvSxCS+E9nqdsfSCZAVlAs18q4="; + hash = "sha256-Ol2btm1A8JdvYrjD0hPtc17A4L9wgr4l30C8VrImVoE="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/yersinia/default.nix b/nixpkgs/pkgs/tools/security/yersinia/default.nix new file mode 100644 index 000000000000..4a12d679d3c7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yersinia/default.nix @@ -0,0 +1,62 @@ +{ stdenv, lib, fetchFromGitHub, autoreconfHook, pkg-config, fetchpatch +, ncurses, libpcap, libnet +# alpha version of GTK interface +, withGtk ? false, gtk2 +# enable remote admin interface +, enableAdmin ? false +}: + +stdenv.mkDerivation rec { + pname = "yersinia"; + version = "0.8.2"; + + src = fetchFromGitHub { + owner = "tomac"; + repo = pname; + rev = "v${version}"; + sha256 = "06yfpf9iyi525rly1ychsihzvw3sas8kp0nxxr99xkwiqp5dc78b"; + }; + + patches = [ + # ncurses-6.3 support, included in next release + (fetchpatch { + name = "ncurses-6.3.patch"; + url = "https://github.com/tomac/yersinia/commit/d91bbf6f475e7ea39f131b77ce91b2de9646d5ca.patch"; + sha256 = "fl1pZKWA+nLtBm9+3FBFqaeuVZjszQCNkNl6Cf++BAI="; + }) + + # Pull upstream fix for -fno-common toolchain support: + # https://github.com/tomac/yersinia/pull/66 + (fetchpatch { + name = "fno-common.patch"; + url = "https://github.com/tomac/yersinia/commit/36247225dc7a6f38c4ba70537e20351f04762749.patch"; + sha256 = "KHaN8gfgNROEico27gWnYiP9ZVhpWz0KjFYy2t5tPBo="; + }) + ]; + + nativeBuildInputs = [ autoreconfHook pkg-config ]; + buildInputs = [ libpcap libnet ncurses ] + ++ lib.optional withGtk gtk2; + + autoreconfPhase = "./autogen.sh"; + + configureFlags = [ + "--with-pcap-includes=${libpcap}/include" + "--with-libnet-includes=${libnet}/include" + ] + ++ lib.optional (!enableAdmin) "--disable-admin" + ++ lib.optional (!withGtk) "--disable-gtk"; + + makeFlags = [ "LDFLAGS=-lncurses" ]; + + meta = with lib; { + description = "A framework for layer 2 attacks"; + homepage = "https://github.com/tomac/yersinia"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ vdot0x23 ]; + # INSTALL and FAQ in this package seem a little outdated + # so not sure, but it could work on openbsd, illumos, and freebsd + # if you have a machine to test with, feel free to add these + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix b/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix new file mode 100644 index 000000000000..24371f8a983e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix @@ -0,0 +1,40 @@ +{ lib, libusb1, buildGoModule, fetchFromGitHub, pkg-config }: + +buildGoModule rec { + pname = "yubihsm-connector"; + version = "3.0.2"; + + src = fetchFromGitHub { + owner = "Yubico"; + repo = "yubihsm-connector"; + rev = version; + sha256 = "FQ64tSZN55QpXjMZITzlWOPTKSgnoCpkRngQUQHVavc="; + }; + + vendorSha256 = "kVBzdJk/1LvjdUtLqHAw9ZxDfCo3mBWVMYG/nQXpDrk="; + + patches = [ + # Awaiting a new release to fix the upstream lockfile + # https://github.com/Yubico/yubihsm-connector/issues/36 + ./lockfile-fix.patch + ]; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = [ + libusb1 + ]; + + preBuild = '' + go generate + ''; + + meta = with lib; { + description = "yubihsm-connector performs the communication between the YubiHSM 2 and applications that use it"; + homepage = "https://developers.yubico.com/yubihsm-connector/"; + maintainers = with maintainers; [ matthewcroughan ]; + license = licenses.asl20; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yubihsm-connector/lockfile-fix.patch b/nixpkgs/pkgs/tools/security/yubihsm-connector/lockfile-fix.patch new file mode 100644 index 000000000000..96fdb0ec64b8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubihsm-connector/lockfile-fix.patch @@ -0,0 +1,115 @@ +diff --git a/go.mod b/go.mod +index ac22dc6..0ef56b2 100644 +--- a/go.mod ++++ b/go.mod +@@ -1,21 +1,32 @@ + module github.com/Yubico/yubihsm-connector + ++go 1.17 ++ + require ( + github.com/google/gousb v1.1.0 + github.com/google/uuid v1.1.1 + github.com/kardianos/service v1.0.0 ++ github.com/notdpate/evloghook v0.0.0-20180503050227-f202fa6c9ebb ++ github.com/sirupsen/logrus v1.4.2 ++ github.com/spf13/cobra v0.0.5 ++ github.com/spf13/viper v1.4.0 ++ gopkg.in/yaml.v2 v2.2.2 ++) ++ ++require ( ++ github.com/fsnotify/fsnotify v1.4.7 // indirect ++ github.com/hashicorp/hcl v1.0.0 // indirect ++ github.com/inconshreveable/mousetrap v1.0.0 // indirect + github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect + github.com/magiconair/properties v1.8.1 // indirect +- github.com/notdpate/evloghook v0.0.0-20180503050227-f202fa6c9ebb ++ github.com/mitchellh/mapstructure v1.1.2 // indirect + github.com/pelletier/go-toml v1.4.0 // indirect +- github.com/sirupsen/logrus v1.4.2 + github.com/spf13/afero v1.2.2 // indirect +- github.com/spf13/cobra v0.0.5 ++ github.com/spf13/cast v1.3.0 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect +- github.com/spf13/viper v1.4.0 ++ github.com/spf13/pflag v1.0.3 // indirect + github.com/stretchr/testify v1.4.0 // indirect + golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 // indirect + golang.org/x/text v0.3.2 // indirect + gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect +- gopkg.in/yaml.v2 v2.2.2 + ) +diff --git a/go.sum b/go.sum +index 71df42d..8d977ff 100644 +--- a/go.sum ++++ b/go.sum +@@ -1,4 +1,5 @@ + cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= ++github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= + github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= + github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= + github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +@@ -16,6 +17,7 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7 + github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= + github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= + github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= ++github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= + github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= + github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= + github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +@@ -45,6 +47,7 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf + github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= + github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= + github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= ++github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= + github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= + github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= + github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +@@ -53,10 +56,13 @@ github.com/kardianos/service v1.0.0/go.mod h1:8CzDhVuCuugtsHyZoTvsOBuvonN/UDBvl0 + github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= + github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= + github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= ++github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= + github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= + github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= ++github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= + github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= + github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= ++github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= + github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= + github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= + github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4= +@@ -66,12 +72,14 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk + github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= + github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= + github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= ++github.com/notdpate/evloghook v0.0.0-20180503050227-f202fa6c9ebb h1:GFmMJZvdCkRfbfo07+lUKrB+jh2cJ+a2l6qD/3hxZ6M= + github.com/notdpate/evloghook v0.0.0-20180503050227-f202fa6c9ebb/go.mod h1:ukoRZyzBppMQypxM7KqEvHc4DB5uNW6NXFp1sVeXamM= + github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= + github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= + github.com/pelletier/go-toml v1.4.0 h1:u3Z1r+oOXJIkxqw34zVhyPgjBsm6X2wn21NWs/HfSeg= + github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= + github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= ++github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= + github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= + github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= + github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= +@@ -107,6 +115,7 @@ github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/y + github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= + github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= + github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= ++github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= + github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= + github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= + github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= +@@ -156,6 +165,7 @@ google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij + gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= + gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= + gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= ++gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= + gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= + gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= + gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= + + diff --git a/nixpkgs/pkgs/tools/security/yubihsm-shell/default.nix b/nixpkgs/pkgs/tools/security/yubihsm-shell/default.nix new file mode 100644 index 000000000000..83c2e535403d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yubihsm-shell/default.nix @@ -0,0 +1,54 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, openssl +, libusb1 +, libedit +, curl +, gengetopt +, pkg-config +, pcsclite +, help2man +}: + +stdenv.mkDerivation rec { + pname = "yubihsm-shell"; + version = "2.3.2"; + + src = fetchFromGitHub { + owner = "Yubico"; + repo = "yubihsm-shell"; + rev = version; + sha256 = "sha256-rSIdI6ECLte+dEbT8NOUqS8jkozRhbo+eqFrdhTIKpY="; + }; + + nativeBuildInputs = [ + pkg-config + cmake + help2man + gengetopt + ]; + + buildInputs = [ + libusb1 + libedit + curl + pcsclite + openssl + ]; + + postPatch = '' + # Can't find libyubihsm at runtime because of dlopen() in C code + substituteInPlace lib/yubihsm.c \ + --replace "libyubihsm_usb.so" "$out/lib/libyubihsm_usb.so" \ + --replace "libyubihsm_http.so" "$out/lib/libyubihsm_http.so" + ''; + + meta = with lib; { + description = "yubihsm-shell and libyubihsm"; + homepage = "https://github.com/Yubico/yubihsm-shell"; + maintainers = with maintainers; [ matthewcroughan ]; + license = licenses.asl20; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix index d2496df94c72..c4a9dfd5b0fd 100644 --- a/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix @@ -1,32 +1,34 @@ -{ stdenv, lib, fetchFromGitHub, buildGoModule, libnotify, makeWrapper, pcsclite, pkg-config, darwin }: +{ stdenv, lib, fetchFromGitHub, buildGoModule, libnotify, pcsclite, pkg-config, darwin }: buildGoModule rec { pname = "yubikey-agent"; - version = "0.1.5"; + version = "unstable-2022-03-17"; src = fetchFromGitHub { owner = "FiloSottile"; - repo = pname; - rev = "v${version}"; - sha256 = "14s61jgcmpqh70jz0krrai8xg0xqhwmillxkij50vbsagpxjssk6"; + repo = "yubikey-agent"; + rev = "205a7ef2554625c7494038600d963123d6311873"; + sha256 = "sha256-wJpN63KY5scmez6yYFsIr3JLEUB+YSl/XvoatIIeRI0="; }; buildInputs = lib.optional stdenv.isLinux (lib.getDev pcsclite) ++ lib.optional stdenv.isDarwin (darwin.apple_sdk.frameworks.PCSC); - nativeBuildInputs = [ makeWrapper pkg-config ]; + nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ]; postPatch = lib.optionalString stdenv.isLinux '' substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send ''; - vendorSha256 = "1v4ccn7ysh8ax1nkf1v9fcgsdnz6zjyh6j6ivyljyfvma1lmcrmk"; + vendorSha256 = "sha256-SnjbkDPVjAnCbM2nLqBsuaPZwOmvDTKiUbi/93BlWVQ="; doCheck = false; subPackages = [ "." ]; + ldflags = [ "-s" "-w" "-X main.Version=${version}" ]; + postInstall = lib.optionalString stdenv.isLinux '' mkdir -p $out/lib/systemd/user substitute contrib/systemd/user/yubikey-agent.service $out/lib/systemd/user/yubikey-agent.service \ diff --git a/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix b/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix index 476ea3dbfb50..e728b1b62c41 100644 --- a/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix +++ b/nixpkgs/pkgs/tools/security/yubikey-touch-detector/default.nix @@ -16,11 +16,20 @@ buildGoModule rec { buildInputs = [ libnotify ]; + postInstall = '' + install -Dm444 -t $out/share/doc/${pname} *.md + + install -Dm444 -t $out/lib/systemd/user *.{service,socket} + + substituteInPlace $out/lib/systemd/user/*.service \ + --replace /usr/bin/yubikey-touch-detector "$out/bin/yubikey-touch-detector --libnotify" + ''; + meta = with lib; { description = "A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)."; homepage = "https://github.com/maximbaz/yubikey-touch-detector"; maintainers = with maintainers; [ sumnerevans ]; license = licenses.isc; - platforms = platforms.unix; + platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/zkar/default.nix b/nixpkgs/pkgs/tools/security/zkar/default.nix new file mode 100644 index 000000000000..315e45cb0384 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zkar/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "zkar"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "phith0n"; + repo = pname; + rev = "v${version}"; + hash = "sha256-TGqsiYZLbXvCc30OtvNbX4INlzw3ZfjvXal47rP7NDw="; + }; + + vendorSha256 = "sha256-HQ9qclaaDj0H8PL0oQG1WsH19wVQpynijHNcal4gWBE="; + + meta = with lib; { + description = "Java serialization protocol analysis tool"; + homepage = "https://github.com/phith0n/zkar"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zzuf/default.nix b/nixpkgs/pkgs/tools/security/zzuf/default.nix index f8f7bece3a59..edf5e846801b 100644 --- a/nixpkgs/pkgs/tools/security/zzuf/default.nix +++ b/nixpkgs/pkgs/tools/security/zzuf/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchFromGitHub, autoconf, automake, libtool, pkg-config }: +{ lib, stdenv, fetchFromGitHub, pkg-config, autoreconfHook }: stdenv.mkDerivation rec { pname = "zzuf"; @@ -11,9 +11,7 @@ stdenv.mkDerivation rec { sha256 = "0li1s11xf32dafxq1jbnc8c63313hy9ry09dja2rymk9mza4x2n9"; }; - buildInputs = [ autoconf automake libtool pkg-config ]; - - preConfigure = "./bootstrap"; + nativeBuildInputs = [ pkg-config autoreconfHook ]; meta = with lib; { description = "Transparent application input fuzzer"; |