diff options
author | Vladimír Čunát <v@cunat.cz> | 2019-04-02 20:56:53 +0200 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2019-04-02 20:56:53 +0200 |
commit | 2771375d6e62d2ffdf4ee469a8a96f245afe321e (patch) | |
tree | a1488d45be0e5ce7591cee874a75341230bfa80c /pkgs/tools/security | |
parent | ba18b47c2a89f3bf5a5b34a4c514b0bf2f598a39 (diff) | |
parent | ef5fd41a1183a7bb23fdfac82203277e5d85ea8f (diff) | |
download | nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.tar nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.tar.gz nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.tar.bz2 nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.tar.lz nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.tar.xz nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.tar.zst nixlib-2771375d6e62d2ffdf4ee469a8a96f245afe321e.zip |
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1512490
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/afl/libdislocator.nix | 34 | ||||
-rw-r--r-- | pkgs/tools/security/browserpass/2.nix | 43 | ||||
-rw-r--r-- | pkgs/tools/security/browserpass/2deps.nix | 39 | ||||
-rw-r--r-- | pkgs/tools/security/browserpass/default.nix | 80 | ||||
-rw-r--r-- | pkgs/tools/security/browserpass/deps.nix | 84 | ||||
-rw-r--r-- | pkgs/tools/security/bundler-audit/Gemfile | 2 | ||||
-rw-r--r-- | pkgs/tools/security/bundler-audit/Gemfile.lock | 16 | ||||
-rw-r--r-- | pkgs/tools/security/bundler-audit/default.nix | 26 | ||||
-rw-r--r-- | pkgs/tools/security/bundler-audit/gemset.nix | 19 | ||||
-rw-r--r-- | pkgs/tools/security/clamav/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/default.nix | 28 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg/22.nix | 16 | ||||
-rw-r--r-- | pkgs/tools/security/lastpass-cli/default.nix | 18 | ||||
-rw-r--r-- | pkgs/tools/security/lynis/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/modsecurity/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/pass/default.nix | 3 | ||||
-rw-r--r-- | pkgs/tools/security/sslscan/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/zzuf/default.nix | 25 |
18 files changed, 384 insertions, 65 deletions
diff --git a/pkgs/tools/security/afl/libdislocator.nix b/pkgs/tools/security/afl/libdislocator.nix new file mode 100644 index 000000000000..c5844702ef38 --- /dev/null +++ b/pkgs/tools/security/afl/libdislocator.nix @@ -0,0 +1,34 @@ +{ stdenv, afl}: + +stdenv.mkDerivation rec { + version = (builtins.parseDrvName afl.name).version; + name = "libdislocator-${version}"; + + src = afl.src; + sourceRoot = "${afl.name}/libdislocator"; + + makeFlags = [ "PREFIX=$(out)" ]; + + preInstall = '' + mkdir -p $out/lib/afl + ''; + postInstall = '' + mkdir $out/bin + cat > $out/bin/get-libdislocator-so <<END + #!${stdenv.shell} + echo $out/lib/afl/libdislocator.so + END + chmod +x $out/bin/get-libdislocator-so + ''; + + meta = with stdenv.lib; { + homepage = "http://lcamtuf.coredump.cx/afl/"; + description = '' + Drop-in replacement for the libc allocator which improves + the odds of bumping into heap-related security bugs in + several ways. + ''; + license = stdenv.lib.licenses.asl20; + maintainers = with maintainers; [ ris ]; + }; +} diff --git a/pkgs/tools/security/browserpass/2.nix b/pkgs/tools/security/browserpass/2.nix new file mode 100644 index 000000000000..fdbd757449a6 --- /dev/null +++ b/pkgs/tools/security/browserpass/2.nix @@ -0,0 +1,43 @@ +# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 +{ stdenv, buildGoPackage, fetchFromGitHub, gnupg }: + +buildGoPackage rec { + name = "browserpass-${version}"; + version = "2.0.22"; + + goPackagePath = "github.com/dannyvankooten/browserpass"; + + goDeps = ./2deps.nix; + + src = fetchFromGitHub { + repo = "browserpass"; + owner = "dannyvankooten"; + rev = version; + sha256 = "05cacrx08k99c5zra7ksdik9xxn3vih3x6in7536zs5gm55mkbfx"; + }; + + postPatch = '' + substituteInPlace browserpass.go \ + --replace /usr/local/bin/gpg ${gnupg}/bin/gpg + ''; + + postInstall = '' + host_file="$bin/bin/browserpass" + mkdir -p "$bin/etc" + + sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/chrome/host.json > chrome-host.json + sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/firefox/host.json > firefox-host.json + + install chrome-host.json $bin/etc/ + install -D firefox-host.json $bin/lib/mozilla/native-messaging-hosts/com.dannyvankooten.browserpass.json + install go/src/${goPackagePath}/chrome/policy.json $bin/etc/chrome-policy.json + ''; + + meta = with stdenv.lib; { + description = "A Chrome & Firefox extension for zx2c4's pass"; + homepage = https://github.com/dannyvankooten/browserpass; + license = licenses.mit; + platforms = with platforms; linux ++ darwin ++ openbsd; + maintainers = with maintainers; [ rvolosatovs ]; + }; +} diff --git a/pkgs/tools/security/browserpass/2deps.nix b/pkgs/tools/security/browserpass/2deps.nix new file mode 100644 index 000000000000..631463a69d11 --- /dev/null +++ b/pkgs/tools/security/browserpass/2deps.nix @@ -0,0 +1,39 @@ +# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 +[ + { + goPackagePath = "github.com/gokyle/twofactor"; + fetch = { + type = "git"; + url = "https://github.com/gokyle/twofactor"; + rev = "eaad1884d40f9cabff98a57a524c17afd00c9fe7"; + sha256 = "07kvga6f2b56kpy52a3xk16garvlqz950s350dax97x7cayba95g"; + }; + } + { + goPackagePath = "github.com/mattn/go-zglob"; + fetch = { + type = "git"; + url = "https://github.com/mattn/go-zglob"; + rev = "4959821b481786922ac53e7ef25c61ae19fb7c36"; + sha256 = "0rwkdw143kphpmingsrw1zp030zf3p08f64h347jpdm4lz8z5449"; + }; + } + { + goPackagePath = "github.com/sahilm/fuzzy"; + fetch = { + type = "git"; + url = "https://github.com/sahilm/fuzzy"; + rev = "a154b19bb758dcdd6ede58dc11ea53c2950527b2"; + sha256 = "0jkw6474d5ik2fq2zznqxj4y3p42z47r7mbg856ln5wyara2sg0l"; + }; + } + { + goPackagePath = "rsc.io/qr"; + fetch = { + type = "git"; + url = "https://github.com/rsc/qr"; + rev = "48b2ede4844e13f1a2b7ce4d2529c9af7e359fc5"; + sha256 = "1npxy32glnkvsp0871972jzjzgkwaqmbv6jsj9wgqsa1s2jr004p"; + }; + } +] diff --git a/pkgs/tools/security/browserpass/default.nix b/pkgs/tools/security/browserpass/default.nix index dd797fb9348f..c1c9e679f22c 100644 --- a/pkgs/tools/security/browserpass/default.nix +++ b/pkgs/tools/security/browserpass/default.nix @@ -1,43 +1,65 @@ -# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 -{ stdenv, buildGoPackage, fetchFromGitHub, gnupg }: - -buildGoPackage rec { - name = "browserpass-${version}"; - version = "2.0.22"; - - goPackagePath = "github.com/dannyvankooten/browserpass"; - - goDeps = ./deps.nix; +{ lib, callPackage, buildGoPackage, fetchFromGitHub, makeWrapper, gnupg }: +let + # For backwards compatibility with v2 of the browser extension, we embed v2 + # of the native host in v3. Because the extension will auto-update when it + # is released, this code can be removed from that point on. + # Don't forget to remove v2 references down below and the v2 files in this + # folder + v2 = callPackage ./2.nix {}; +in buildGoPackage rec { + pname = "browserpass"; + version = "3.0.1"; src = fetchFromGitHub { - repo = "browserpass"; - owner = "dannyvankooten"; + owner = "browserpass"; + repo = "browserpass-native"; rev = version; - sha256 = "05cacrx08k99c5zra7ksdik9xxn3vih3x6in7536zs5gm55mkbfx"; + sha256 = "1i3xxysiiapz9y2v0gp13inx7j0d7n0khpmcsy9k95pzn53526dx"; }; + nativeBuildInputs = [ makeWrapper ]; + + goPackagePath = "github.com/browserpass/browserpass-native"; + goDeps = ./deps.nix; + postPatch = '' - substituteInPlace browserpass.go \ - --replace /usr/local/bin/gpg ${gnupg}/bin/gpg + # Because this Makefile will be installed to be used by the user, patch + # variables to be valid by default + substituteInPlace Makefile \ + --replace "PREFIX ?= /usr" "" ''; - postInstall = '' - host_file="$bin/bin/browserpass" - mkdir -p "$bin/etc" + DESTDIR = placeholder "bin"; + + postConfigure = '' + cd "go/src/$goPackagePath" + make configure + ''; + + buildPhase = '' + make + ''; + + installPhase = '' + make install + + wrapProgram $bin/bin/browserpass \ + --suffix PATH : ${lib.makeBinPath [ gnupg ]} - sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/chrome/host.json > chrome-host.json - sed -e "s!%%replace%%!$host_file!" go/src/${goPackagePath}/firefox/host.json > firefox-host.json + # This path is used by our firefox wrapper for finding native messaging hosts + mkdir -p $bin/lib/mozilla/native-messaging-hosts + ln -s $bin/lib/browserpass/hosts/firefox/*.json $bin/lib/mozilla/native-messaging-hosts - install chrome-host.json $bin/etc/ - install -D firefox-host.json $bin/lib/mozilla/native-messaging-hosts/com.dannyvankooten.browserpass.json - install go/src/${goPackagePath}/chrome/policy.json $bin/etc/chrome-policy.json + # These can be removed too, see comment up top + ln -s ${lib.getBin v2}/etc $bin/etc + ln -s ${lib.getBin v2}/lib/mozilla/native-messaging-hosts/* $bin/lib/mozilla/native-messaging-hosts ''; - meta = with stdenv.lib; { - description = "A Chrome & Firefox extension for zx2c4's pass"; - homepage = https://github.com/dannyvankooten/browserpass; - license = licenses.mit; - platforms = with platforms; linux ++ darwin ++ openbsd; - maintainers = with maintainers; [ rvolosatovs ]; + meta = with lib; { + description = "Browserpass native client app"; + homepage = https://github.com/browserpass/browserpass-native; + license = licenses.isc; + platforms = platforms.all; + maintainers = with maintainers; [ rvolosatovs infinisil ]; }; } diff --git a/pkgs/tools/security/browserpass/deps.nix b/pkgs/tools/security/browserpass/deps.nix index 631463a69d11..334a189ad404 100644 --- a/pkgs/tools/security/browserpass/deps.nix +++ b/pkgs/tools/security/browserpass/deps.nix @@ -1,12 +1,21 @@ -# This file was generated by https://github.com/kamilchm/go2nix v1.2.1 +# file generated from go.mod using vgo2nix (https://github.com/adisbladis/vgo2nix) [ { - goPackagePath = "github.com/gokyle/twofactor"; + goPackagePath = "github.com/davecgh/go-spew"; fetch = { type = "git"; - url = "https://github.com/gokyle/twofactor"; - rev = "eaad1884d40f9cabff98a57a524c17afd00c9fe7"; - sha256 = "07kvga6f2b56kpy52a3xk16garvlqz950s350dax97x7cayba95g"; + url = "https://github.com/davecgh/go-spew"; + rev = "v1.1.1"; + sha256 = "0hka6hmyvp701adzag2g26cxdj47g21x6jz4sc6jjz1mn59d474y"; + }; + } + { + goPackagePath = "github.com/konsorten/go-windows-terminal-sequences"; + fetch = { + type = "git"; + url = "https://github.com/konsorten/go-windows-terminal-sequences"; + rev = "v1.0.2"; + sha256 = "09mn209ika7ciy87xf2x31dq5fnqw39jidgaljvmqxwk7ff1hnx7"; }; } { @@ -14,26 +23,71 @@ fetch = { type = "git"; url = "https://github.com/mattn/go-zglob"; - rev = "4959821b481786922ac53e7ef25c61ae19fb7c36"; - sha256 = "0rwkdw143kphpmingsrw1zp030zf3p08f64h347jpdm4lz8z5449"; + rev = "v0.0.1"; + sha256 = "1sncdyq5fbd42al4amyy91h7vlzm3wm6c9vl8za2pjgfgsd581fz"; + }; + } + { + goPackagePath = "github.com/pmezard/go-difflib"; + fetch = { + type = "git"; + url = "https://github.com/pmezard/go-difflib"; + rev = "v1.0.0"; + sha256 = "0c1cn55m4rypmscgf0rrb88pn58j3ysvc2d0432dp3c6fqg6cnzw"; + }; + } + { + goPackagePath = "github.com/rifflock/lfshook"; + fetch = { + type = "git"; + url = "https://github.com/rifflock/lfshook"; + rev = "b9218ef580f5"; + sha256 = "0wxqjcjfg8c0klmdgmbw3ckagby3wg9rkga9ihd4fsf05x5scxrc"; + }; + } + { + goPackagePath = "github.com/sirupsen/logrus"; + fetch = { + type = "git"; + url = "https://github.com/sirupsen/logrus"; + rev = "v1.4.0"; + sha256 = "1y1qjcg19z7q9sy32rhc148kdql2aw7xkcm9d6r1blrl0mdgpx0w"; + }; + } + { + goPackagePath = "github.com/stretchr/objx"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/objx"; + rev = "v0.1.1"; + sha256 = "0iph0qmpyqg4kwv8jsx6a56a7hhqq8swrazv40ycxk9rzr0s8yls"; + }; + } + { + goPackagePath = "github.com/stretchr/testify"; + fetch = { + type = "git"; + url = "https://github.com/stretchr/testify"; + rev = "v1.3.0"; + sha256 = "0wjchp2c8xbgcbbq32w3kvblk6q6yn533g78nxl6iskq6y95lxsy"; }; } { - goPackagePath = "github.com/sahilm/fuzzy"; + goPackagePath = "golang.org/x/crypto"; fetch = { type = "git"; - url = "https://github.com/sahilm/fuzzy"; - rev = "a154b19bb758dcdd6ede58dc11ea53c2950527b2"; - sha256 = "0jkw6474d5ik2fq2zznqxj4y3p42z47r7mbg856ln5wyara2sg0l"; + url = "https://go.googlesource.com/crypto"; + rev = "c2843e01d9a2"; + sha256 = "01xgxbj5r79nmisdvpq48zfy8pzaaj90bn6ngd4nf33j9ar1dp8r"; }; } { - goPackagePath = "rsc.io/qr"; + goPackagePath = "golang.org/x/sys"; fetch = { type = "git"; - url = "https://github.com/rsc/qr"; - rev = "48b2ede4844e13f1a2b7ce4d2529c9af7e359fc5"; - sha256 = "1npxy32glnkvsp0871972jzjzgkwaqmbv6jsj9wgqsa1s2jr004p"; + url = "https://go.googlesource.com/sys"; + rev = "fead79001313"; + sha256 = "12vwl6sv6w7q0dyvynjhbp67242rhh77d6nlsb22ajr8rf17c63i"; }; } ] diff --git a/pkgs/tools/security/bundler-audit/Gemfile b/pkgs/tools/security/bundler-audit/Gemfile new file mode 100644 index 000000000000..f9fb0e329bd4 --- /dev/null +++ b/pkgs/tools/security/bundler-audit/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'bundler-audit' diff --git a/pkgs/tools/security/bundler-audit/Gemfile.lock b/pkgs/tools/security/bundler-audit/Gemfile.lock new file mode 100644 index 000000000000..28cbcf5a9a66 --- /dev/null +++ b/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -0,0 +1,16 @@ +GEM + remote: https://rubygems.org/ + specs: + bundler-audit (0.6.1) + bundler (>= 1.2.0, < 3) + thor (~> 0.18) + thor (0.20.3) + +PLATFORMS + ruby + +DEPENDENCIES + bundler-audit + +BUNDLED WITH + 1.14.6 diff --git a/pkgs/tools/security/bundler-audit/default.nix b/pkgs/tools/security/bundler-audit/default.nix new file mode 100644 index 000000000000..8b19b6103d4a --- /dev/null +++ b/pkgs/tools/security/bundler-audit/default.nix @@ -0,0 +1,26 @@ +{ bundlerEnv, ruby, lib }: + +bundlerEnv rec { + name = "${pname}-${version}"; + pname = "bundler-audit"; + version = (import ./gemset.nix).bundler-audit.version; + + inherit ruby; + gemdir = ./.; + + meta = with lib; { + description = "Patch-level verification for Bundler"; + longDescription = '' + Features: + - Checks for vulnerable versions of gems in Gemfile.lock. + - Checks for insecure gem sources (http://). + - Allows ignoring certain advisories that have been manually worked around. + - Prints advisory information. + - Does not require a network connection. + ''; + homepage = https://github.com/rubysec/bundler-audit; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ primeos ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/bundler-audit/gemset.nix b/pkgs/tools/security/bundler-audit/gemset.nix new file mode 100644 index 000000000000..56d78b3e8f16 --- /dev/null +++ b/pkgs/tools/security/bundler-audit/gemset.nix @@ -0,0 +1,19 @@ +{ + bundler-audit = { + dependencies = ["thor"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pm22xpn3xyymsainixnrk8v3l3xi9bzwkjkspx00cfzp84xvxbq"; + type = "gem"; + }; + version = "0.6.1"; + }; + thor = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29"; + type = "gem"; + }; + version = "0.20.3"; + }; +} \ No newline at end of file diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 8e641ba4a0ed..4d9beb654ece 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.101.1"; + version = "0.101.2"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "01mq3z04fjbq5iq8wfwfim72iv3dn04d3ishc5lkhxpmnalqydps"; + sha256 = "0d3n4y8i5q594h4cjglmvpk4jd73r9ajpp1bvq5lr9zpdzgyn4ha"; }; # don't install sample config files into the absolute sysconfdir folder diff --git a/pkgs/tools/security/default.nix b/pkgs/tools/security/default.nix new file mode 100644 index 000000000000..c5987d37889c --- /dev/null +++ b/pkgs/tools/security/default.nix @@ -0,0 +1,28 @@ +{ stdenv, pkgs }: + +stdenv.mkDerivation rec { + version = "0.0.1"; + name = "ecdsatool-${version}"; + + src = pkgs.fetchFromGitHub { + owner = "kaniini"; + repo = "ecdsatool"; + rev = "7c0b2c51e2e64d1986ab1dc2c57c2d895cc00ed1"; + sha256 = "08z9309znkhrjpwqd4ygvm7cd1ha1qbrnlzw64fr8704jrmx762k"; + }; + + configurePhase = '' + ./autogen.sh + ./configure --prefix=$out + ''; + + nativeBuildInputs = with pkgs; [openssl autoconf automake]; + buildInputs = with pkgs; [libuecc]; + + meta = with stdenv.lib; { + description = "Create and manipulate ECC NISTP256 keypairs."; + homepage = https://github.com/kaniini/ecdsatool/; + license = with licenses; [free]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 9fb5e45a8edb..fbb370027d7e 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -1,5 +1,6 @@ -{ fetchurl, stdenv, pkgconfig, libgcrypt, libassuan, libksba +{ fetchurl, stdenv, pkgconfig, libgcrypt, libassuan, libksba, libgpgerror , libiconv, npth, gettext, texinfo, pcsclite, sqlite +, buildPackages # Each of the dependencies below are optional. # Gnupg can be built without them at the cost of reduced functionality. @@ -15,13 +16,14 @@ assert guiSupport -> pinentry != null; stdenv.mkDerivation rec { name = "gnupg-${version}"; - version = "2.2.14"; + version = "2.2.15"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0yzqrg24j9fc4f8ss5pclyvg70a9z53sv89vl77xii8yvi3fvy8v"; + sha256 = "0m6lyphbb20i84isdxzfhcbzyc682hdrdv4aqkzmhrdksycf536b"; }; + depsBuildBuild = [ buildPackages.stdenv.cc ]; nativeBuildInputs = [ pkgconfig ]; buildInputs = [ libgcrypt libassuan libksba libiconv npth gettext texinfo @@ -36,7 +38,13 @@ stdenv.mkDerivation rec { ''; #" fix Emacs syntax highlighting :-( pinentryBinaryPath = pinentry.binaryPath or "bin/pinentry"; - configureFlags = optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; + configureFlags = [ + "--with-libgpg-error-prefix=${libgpgerror.dev}" + "--with-libgcrypt-prefix=${libgcrypt.dev}" + "--with-libassuan-prefix=${libassuan.dev}" + "--with-ksba-prefix=${libksba.dev}" + "--with-npth-prefix=${npth}" + ] ++ optional guiSupport "--with-pinentry-pgm=${pinentry}/${pinentryBinaryPath}"; postInstall = '' mkdir -p $out/lib/systemd/user diff --git a/pkgs/tools/security/lastpass-cli/default.nix b/pkgs/tools/security/lastpass-cli/default.nix index 4db350684bef..0415b10b25d8 100644 --- a/pkgs/tools/security/lastpass-cli/default.nix +++ b/pkgs/tools/security/lastpass-cli/default.nix @@ -2,15 +2,14 @@ , bash-completion, openssl, curl, libxml2, libxslt }: stdenv.mkDerivation rec { - name = "lastpass-cli-${version}"; - - version = "1.3.1"; + pname = "lastpass-cli"; + version = "1.3.2"; src = fetchFromGitHub { owner = "lastpass"; - repo = "lastpass-cli"; + repo = pname; rev = "v${version}"; - sha256 = "11drzmfdvb8ydw1dxaz9zz8rk0jjqmfv076vydz05qqvgx59s38h"; + sha256 = "12qjqvqzi3pq7hrdpq59bcxqy6yj1mhx145g9rky1jm2ipzpfayq"; }; nativeBuildInputs = [ asciidoc cmake docbook_xsl pkgconfig ]; @@ -21,11 +20,12 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - cmakeFlags = [ - "-DBASH_COMPLETION_COMPLETIONSDIR=./share/bash-completion/completions" - ]; + installTargets = [ "install" "install-doc" ]; - installTargets = "install install-doc"; + postInstall = '' + install -Dm644 -T ../contrib/lpass_zsh_completion $out/share/zsh/site-functions/_lpass + install -Dm644 -T ../contrib/completions-lpass.fish $out/share/fish/vendor_completions.d/lpass.fish + ''; meta = with lib; { description = "Stores, retrieves, generates, and synchronizes passwords securely"; diff --git a/pkgs/tools/security/lynis/default.nix b/pkgs/tools/security/lynis/default.nix index c72f75e24e27..ceff23911c7e 100644 --- a/pkgs/tools/security/lynis/default.nix +++ b/pkgs/tools/security/lynis/default.nix @@ -2,14 +2,14 @@ stdenv.mkDerivation rec { pname = "lynis"; - version = "2.7.1"; + version = "2.7.2"; name = "${pname}-${version}"; src = fetchFromGitHub { owner = "CISOfy"; repo = "${pname}"; rev = "${version}"; - sha256 = "1nv2dqd2k2n8mcdr6xl5g713xxkgvja6487by1wn4k0b416jij9i"; + sha256 = "0dbbfk47dpxx7zpb98n4w3ls3z5di57qnr2nsgxjvp49gk9j3f6k"; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/modsecurity/default.nix b/pkgs/tools/security/modsecurity/default.nix index 09f8c63973c7..6ec90cd15a85 100644 --- a/pkgs/tools/security/modsecurity/default.nix +++ b/pkgs/tools/security/modsecurity/default.nix @@ -11,11 +11,11 @@ in stdenv.mkDerivation rec { name = "modsecurity-${version}"; - version = "2.9.2"; + version = "2.9.3"; src = fetchurl { url = "https://www.modsecurity.org/tarball/${version}/${name}.tar.gz"; - sha256 = "41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5"; + sha256 = "0611nskd2y6yagrciqafxdn4rxbdk2v4swf45kc1sgwx2sfh34j1"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix index 007ffdf3e3fa..8ddbd60a38d1 100644 --- a/pkgs/tools/security/pass/default.nix +++ b/pkgs/tools/security/pass/default.nix @@ -73,6 +73,9 @@ let # Link extensions env rmdir $out/lib/password-store/extensions ln -s ${extensionsEnv}/lib/password-store/extensions $out/lib/password-store/. + for f in ${extensionsEnv}/share/man/man1/*.1.gz; do + ln -s $f $out/share/man/man1/ + done # Fix program name in --help substituteInPlace $out/bin/pass \ diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 0484e8e069ab..d3a8f35d9148 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "sslscan-${version}"; - version = "1.11.12"; + version = "1.11.13"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "${version}-rbsec"; - sha256 = "0wa0z6my6aqjp8si6x522ivk0yy55izbs3ch298gxjw5r15f4jb1"; + sha256 = "0sa8iw91wi3515lw761j84wagab1x9rxr0mn8m08qj300z2044yk"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/zzuf/default.nix b/pkgs/tools/security/zzuf/default.nix new file mode 100644 index 000000000000..dc2cfe81746a --- /dev/null +++ b/pkgs/tools/security/zzuf/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, autoconf, automake, libtool, pkgconfig }: + +stdenv.mkDerivation rec { + pname = "zzuf"; + version = "0.15"; + + src = fetchFromGitHub { + owner = "samhocevar"; + repo = "zzuf"; + rev = "v${version}"; + sha256 = "0li1s11xf32dafxq1jbnc8c63313hy9ry09dja2rymk9mza4x2n9"; + }; + + buildInputs = [ autoconf automake libtool pkgconfig ]; + + preConfigure = "./bootstrap"; + + meta = with stdenv.lib; { + description = "Transparent application input fuzzer."; + homepage = http://caca.zoy.org/wiki/zzuf; + license = licenses.wtfpl; + platforms = platforms.linux; + maintainers = with maintainers; [ lihop ]; + }; +} |