diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
73 files changed, 963 insertions, 382 deletions
diff --git a/nixpkgs/pkgs/tools/security/age/default.nix b/nixpkgs/pkgs/tools/security/age/default.nix index 588285973e47..05c682d865ae 100644 --- a/nixpkgs/pkgs/tools/security/age/default.nix +++ b/nixpkgs/pkgs/tools/security/age/default.nix @@ -57,6 +57,7 @@ buildGoModule rec { homepage = "https://age-encryption.org/"; description = "Modern encryption tool with small explicit keys"; license = licenses.bsd3; + mainProgram = "age"; maintainers = with maintainers; [ tazjin ]; }; } diff --git a/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix b/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix index 297c62681800..d2557b36dc2e 100644 --- a/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix +++ b/nixpkgs/pkgs/tools/security/argocd-vault-plugin/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "argocd-vault-plugin"; - version = "1.15.0"; + version = "1.16.1"; src = fetchFromGitHub { owner = "argoproj-labs"; repo = pname; rev = "v${version}"; - hash = "sha256-59Q6T+k+bFvglhgbydH+GYqcLsZ7EeMTpVa+3EJrZpU="; + hash = "sha256-7bUpshg+OqlS5wvFkZkovQVaLglvSpp7FsVA9qNOk1U="; }; - vendorHash = "sha256-n/bRVShxRmaXL3obRdNQ8OVWVZqWZ9qt59gRxGEUtzk="; + vendorHash = "sha256-r9Pcm95gU0QTiREdiQiyJMOKZb5Lt2bIJywLerzgbdg="; # integration tests require filesystem and network access for credentials doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix index f3cb86b6ba7b..4138acb2cedf 100644 --- a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix +++ b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix @@ -2,10 +2,10 @@ let pname = "buttercup-desktop"; - version = "2.20.2"; + version = "2.20.3"; src = fetchurl { url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; - sha256 = "sha256-fcWLnJUvsSwDLHL8TiYEGnQQ+KgkmZIGuWG4Xavbx5I="; + sha256 = "sha256-e7CZjJSkAAkNn73Z3cg+D5SUdReBp6pqz7zKrbkHs38="; }; appimageContents = appimageTools.extractType2 { inherit pname src version; }; diff --git a/nixpkgs/pkgs/tools/security/bws/default.nix b/nixpkgs/pkgs/tools/security/bws/default.nix new file mode 100644 index 000000000000..5c3987319109 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/bws/default.nix @@ -0,0 +1,53 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, pkg-config +, oniguruma +, openssl +, stdenv +, darwin +, python3 +}: + +rustPlatform.buildRustPackage rec { + pname = "bws"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "bitwarden"; + repo = "sdk"; + rev = "bws-v${version}"; + hash = "sha256-o+tmO9E881futhA/fN6+EX2yEBKnKUmKk/KilIt5vYY="; + }; + + cargoHash = "sha256-nmsAfXNn1nqmqHzGD7jl2JNrif/nJycCJZWZYjv7G4c="; + + nativeBuildInputs = [ + pkg-config + ]; + + buildInputs = + [ + oniguruma + openssl + ] + ++ lib.optionals stdenv.isDarwin [ + darwin.apple_sdk.frameworks.Security + ]; + + env = { + PYO3_PYTHON = "${python3}/bin/python3"; + RUSTONIG_SYSTEM_LIBONIG = true; + }; + + buildAndTestSubdir = "crates/bws"; + + meta = { + changelog = "https://github.com/bitwarden/sdk/blob/${src.rev}/CHANGELOG.md"; + description = "Bitwarden Secrets Manager CLI"; + homepage = "https://github.com/bitwarden/sdk"; + license = lib.licenses.unfree; # BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE AGREEMENT + mainProgram = "bws"; + maintainers = with lib.maintainers; [ dit7ya ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certdump/default.nix b/nixpkgs/pkgs/tools/security/certdump/default.nix new file mode 100644 index 000000000000..7b5b6744b345 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certdump/default.nix @@ -0,0 +1,43 @@ +{ lib +, buildDotnetModule +, fetchFromGitHub +, dotnetCorePackages +, callPackage +}: + +buildDotnetModule rec { + pname = "certdump"; + version = "unstable-2023-07-12"; + + src = fetchFromGitHub { + owner = "secana"; + repo = "CertDump"; + rev = "1300005115786b3c214d73fa506de2de06a62cbb"; + sha256 = "sha256-VqKOoW4fAXr0MtY5rgWvRqay1dazF+ZpzJUHkDeXpPs="; + }; + + projectFile = [ "CertDump.sln" ]; + nugetDeps = ./deps.nix; + + selfContainedBuild = true; + executables = [ "CertDump" ]; + xBuildFiles = [ "CertDump/CertDump.csproj" ]; + + dotnet-runtime = dotnetCorePackages.aspnetcore_7_0; + dotnet-sdk = dotnetCorePackages.sdk_7_0; + + dotnetFlags = [ + "-property:ImportByWildcardBeforeSolution=false" + "-property:GenerateAssemblyInfo=false" + ]; + + meta = with lib; { + description = "Dump certificates from PE files in different formats"; + homepage = "https://github.com/secana/CertDump"; + longDescription = '' + Cross-Platform tool to dump the signing certificate from a Portable Executable (PE) file. + ''; + license = licenses.asl20; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/certdump/deps.nix b/nixpkgs/pkgs/tools/security/certdump/deps.nix new file mode 100644 index 000000000000..cd7641823629 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/certdump/deps.nix @@ -0,0 +1,28 @@ +# This file was automatically generated by passthru.fetch-deps. +# Please dont edit it manually, your changes might get overwritten! + +{ fetchNuGet }: [ + (fetchNuGet { pname = "CommandLineParser"; version = "2.9.1"; sha256 = "1sldkj8lakggn4hnyabjj1fppqh50fkdrr1k99d4gswpbk5kv582"; }) + (fetchNuGet { pname = "Microsoft.AspNetCore.App.Ref"; version = "5.0.0"; sha256 = "0d7sjr89zwq0wxirf8la05hfalv9nhvlczg1c7a508k8aw79jvfg"; }) + (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-arm64"; version = "5.0.17"; sha256 = "183xgqzlwd5lhacxdwcjl8vcq7r7xypv0hddps9k32mmmwf83d8h"; }) + (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.linux-x64"; version = "5.0.17"; sha256 = "066fwdlssbv556zd9w1x87x1j8j4kafj9rxyy0692bssdb4gcyc8"; }) + (fetchNuGet { pname = "Microsoft.AspNetCore.App.Runtime.osx-x64"; version = "5.0.17"; sha256 = "1qvvqf8mmzzc7a7fhx324dprnbxhknr3qxspb2xhsn3yyg44xn2d"; }) + (fetchNuGet { pname = "Microsoft.DotNet.ILCompiler"; version = "7.0.9"; sha256 = "06hg5q1nbbqcz2s2pl8g941jmjzfl3x06hcpi8km4ikzvp25l5bd"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-arm64"; version = "5.0.17"; sha256 = "07v7vyqm556xr1ypkazfp6gh6drgf20zkwbhkpja8bwdcr6lphbb"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Host.linux-x64"; version = "5.0.17"; sha256 = "1lc2jhr4ikffi5ylyf8f6ya6k0hdj0wp1l0017grrwd4m5ajj4vv"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Host.osx-x64"; version = "5.0.17"; sha256 = "02g5w41ivrw3n6cy3l3ixhcl8bw1fsv4bzs2m34k9h5fqmliaf3c"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Ref"; version = "5.0.0"; sha256 = "1p62khf9zk23lh91lvz7plv3g1nzmm3b5szqrcm6mb8w3sjk03wi"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-arm64"; version = "5.0.17"; sha256 = "16whaq82pj6fqa0vam3a0va9ly843aa1z12hza040vn6252kk9fq"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.linux-x64"; version = "5.0.17"; sha256 = "0jgcfs3jc98jfyaaamssznckbpnaygplk8pjsp6dswpansz5bnnq"; }) + (fetchNuGet { pname = "Microsoft.NETCore.App.Runtime.osx-x64"; version = "5.0.17"; sha256 = "1ph5kx18syinp8bpzw80bgq3njl65gwzws727xcmxnysgm7snmjp"; }) + (fetchNuGet { pname = "PeNet"; version = "3.0.0"; sha256 = "1qbb970b4f6ymic1l7cy3kdkgy0605wpm0nyqa50mkzdq03c192j"; }) + (fetchNuGet { pname = "PeNet.Asn1"; version = "2.0.1"; sha256 = "14nzz1w69bcxnc2yhfca4g5ahl53czfpbmbv32w0cf2mpssjk4na"; }) + (fetchNuGet { pname = "runtime.linux-arm64.Microsoft.DotNet.ILCompiler"; version = "7.0.9"; sha256 = "0hpbb13459izw1c5qw7lh1sy5fbnmg7n8977jci5far584zbf3im"; }) + (fetchNuGet { pname = "runtime.linux-x64.Microsoft.DotNet.ILCompiler"; version = "7.0.9"; sha256 = "0crf80nb3pw4wr83bvsx7f48i63f2l1b2zc18sny4xhqlvbcfick"; }) + (fetchNuGet { pname = "runtime.osx-x64.Microsoft.DotNet.ILCompiler"; version = "7.0.9"; sha256 = "1370mahfnshdy63vlxbyqpbhmv5rby5azfbnyc72xb7zglf9aqcb"; }) + (fetchNuGet { pname = "System.Buffers"; version = "4.5.1"; sha256 = "04kb1mdrlcixj9zh1xdi5as0k0qi8byr5mi3p3jcxx72qz93s2y3"; }) + (fetchNuGet { pname = "System.Formats.Asn1"; version = "7.0.0"; sha256 = "1a14kgpqz4k7jhi7bs2gpgf67ym5wpj99203zxgwjypj7x47xhbq"; }) + (fetchNuGet { pname = "System.Memory"; version = "4.5.5"; sha256 = "08jsfwimcarfzrhlyvjjid61j02irx6xsklf32rv57x2aaikvx0h"; }) + (fetchNuGet { pname = "System.Security.Cryptography.Cng"; version = "5.0.0"; sha256 = "06hkx2za8jifpslkh491dfwzm5dxrsyxzj5lsc0achb6yzg4zqlw"; }) + (fetchNuGet { pname = "System.Security.Cryptography.Pkcs"; version = "7.0.0"; sha256 = "0834gh4k84xbv73mk6s9djkksq3bd6m2k1ixincjnaawv0pyz7fw"; }) +] diff --git a/nixpkgs/pkgs/tools/security/cloudfox/default.nix b/nixpkgs/pkgs/tools/security/cloudfox/default.nix index 14041ba7e7f0..8a3d8b10d159 100644 --- a/nixpkgs/pkgs/tools/security/cloudfox/default.nix +++ b/nixpkgs/pkgs/tools/security/cloudfox/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cloudfox"; - version = "1.11.3"; + version = "1.12.0"; src = fetchFromGitHub { owner = "BishopFox"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-zkZ8Glny9eERfU4DGtTOc66O7LOk5NISqUR5muxb2m0="; + hash = "sha256-pUOraiYJsbQqOSYRMRzxcAcsBIz/2VBRnsKo1eHVSkQ="; }; - vendorHash = "sha256-lgccNq1cSg8rrHW0aMLcC5HrZXf8TvdFSmk6pbGXNqQ="; + vendorHash = "sha256-nSisRurpareGI4EHENayMhsYOKL1hE1wVw2Ueiqii4U="; # Some tests are failing because of wrong filename/path doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/cmospwd/default.nix b/nixpkgs/pkgs/tools/security/cmospwd/default.nix new file mode 100644 index 000000000000..fa04ac652074 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cmospwd/default.nix @@ -0,0 +1,37 @@ +{ lib +, fetchurl +, stdenv +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "cmospwd"; + version = "5.1"; + + src = fetchurl { + url = "https://www.cgsecurity.org/cmospwd-${finalAttrs.version}.tar.bz2"; + hash = "sha256-8pbSl5eUsKa3JrgK/JLk0FnGXcJhKksJN3wWiDPYYvQ="; + }; + + preConfigure = '' + cd src + + # It already contains compiled executable (that doesn't work), so make + # will refuse to build if it's still there + rm cmospwd + ''; + + # There is no install make target + installPhase = '' + runHook preInstall + install -Dm0755 cmospwd -t "$out/bin" + runHook postInstall + ''; + + meta = with lib; { + description = "Decrypt password stored in cmos used to access BIOS SETUP"; + homepage = "https://www.cgsecurity.org/wiki/CmosPwd"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ t4ccer ]; + platforms = platforms.linux; + }; +}) diff --git a/nixpkgs/pkgs/tools/security/cnspec/default.nix b/nixpkgs/pkgs/tools/security/cnspec/default.nix index 88952936432a..65a3765e200b 100644 --- a/nixpkgs/pkgs/tools/security/cnspec/default.nix +++ b/nixpkgs/pkgs/tools/security/cnspec/default.nix @@ -5,17 +5,17 @@ buildGoModule rec { pname = "cnspec"; - version = "8.20.0"; + version = "8.22.1"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-VPXxeI4dO6bHUagS38l7358sXW3ot/v/j9MUrD/akNg="; + hash = "sha256-xTYPAipdfrwAhtLcLZkClnmB1qRlgfTwt8Qpq6iSZPk="; }; proxyVendor = true; - vendorHash = "sha256-LH9ts/hD16rF9VBJIfwTAQXq9MMAiBKBR3ulKGNrlow="; + vendorHash = "sha256-PE5RLMUi1bqFjUntvUU3dXmygFfzFJF+HerW5A+OktA="; subPackages = [ "apps/cnspec" diff --git a/nixpkgs/pkgs/tools/security/commix/default.nix b/nixpkgs/pkgs/tools/security/commix/default.nix index 4bbfd66e6237..94290619f0f3 100644 --- a/nixpkgs/pkgs/tools/security/commix/default.nix +++ b/nixpkgs/pkgs/tools/security/commix/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "commix"; - version = "3.7"; + version = "3.8"; format = "setuptools"; src = fetchFromGitHub { owner = "commixproject"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-pqfb0CkWTPq6B8T7nn25lWuEQFRRziCDWYm5a1S3mIY="; + hash = "sha256-S/2KzZb3YUF0VJharWV/+7IG+r1EnB2sOveMpd1ryEI="; }; postInstall = '' diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix index 238a74cc9545..fa54248d309d 100644 --- a/nixpkgs/pkgs/tools/security/cryptomator/default.nix +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -1,22 +1,29 @@ -{ lib, fetchFromGitHub +{ lib, stdenv, fetchFromGitHub , autoPatchelfHook , fuse3 , maven, jdk, makeShellWrapper, glib, wrapGAppsHook }: -maven.buildMavenPackage rec { + +let + mavenJdk = maven.override { + jdk = jdk; + }; +in +assert stdenv.isLinux; # better than `called with unexpected argument 'enableJavaFX'` +mavenJdk.buildMavenPackage rec { pname = "cryptomator"; - version = "1.8.0"; + version = "1.9.4"; src = fetchFromGitHub { owner = "cryptomator"; repo = "cryptomator"; rev = version; - hash = "sha256-4MjF2PDH0JB1biY4HO2wOC0i6EIGSlzkK6tDm8nzvIo="; + hash = "sha256-63UXn1ejL/wDx6S2lugwwthu+C+vJovPypgM0iak78I="; }; mvnParameters = "-Dmaven.test.skip=true"; - mvnHash = "sha256-rHLLYkZq3GGE0uhTgZT0tnsh+ChzQdpQ2e+SG1TwBvw="; + mvnHash = "sha256-7gv++Pc+wqmVYaAMgHhSy7xwChfVBgpDFxExzu3bXO0="; preBuild = '' VERSION=${version} diff --git a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix index 7b0cda0b7382..88b52da21eb3 100644 --- a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix +++ b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix @@ -36,6 +36,7 @@ , buildPythonPackage , pretend , pythonOlder +, wheel }: let @@ -52,6 +53,7 @@ let }; nativeBuildInputs = [ setuptools + wheel ]; propagatedBuildInputs = [ pyparsing @@ -68,6 +70,7 @@ in buildPythonApplication rec { pname = "cve-bin-tool"; version = "3.2"; + format = "setuptools"; src = fetchFromGitHub { owner = "intel"; diff --git a/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix b/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix index 5385fd19c8ac..1c404aa3f836 100644 --- a/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix +++ b/nixpkgs/pkgs/tools/security/cyclonedx-gomod/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cyclonedx-gomod"; - version = "1.4.0"; + version = "1.4.1"; src = fetchFromGitHub { owner = "CycloneDX"; repo = pname; rev = "v${version}"; - hash = "sha256-GCRLOfrL1jFExGb5DbJa8s7RQv8Wn81TGktShZqeC54="; + hash = "sha256-JczDfNBYT/Ap2lDucEvuT8NAwuQgmavOUvtznI6Q+Zc="; }; - vendorHash = "sha256-gFewqutvkFc/CVpBD3ORGcfiG5UNh5tQ1ElHpM3g5+I="; + vendorHash = "sha256-5Mn+f+oVwbn2qGaZct5+9f6tOBXfsB/I72yD7fHUrC8="; # Tests require network access and cyclonedx executable doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/das/default.nix b/nixpkgs/pkgs/tools/security/das/default.nix index f8ccf8cb4ac7..2f7cd2fa98f7 100644 --- a/nixpkgs/pkgs/tools/security/das/default.nix +++ b/nixpkgs/pkgs/tools/security/das/default.nix @@ -5,19 +5,20 @@ python3.pkgs.buildPythonApplication rec { pname = "das"; - version = "0.3.6"; + version = "0.3.8"; format = "pyproject"; src = fetchFromGitHub { owner = "snovvcrash"; repo = "DivideAndScan"; rev = "refs/tags/v${version}"; - hash = "sha256-UFuIy19OUiS8VmmfGm0F4hI4s4BU5b4ZVh40bFGiLfk="; + hash = "sha256-a9gnEBTvZshw42M/GrpCgjZh6FOzL45aZqGRyeHO0ec="; }; postPatch = '' substituteInPlace pyproject.toml \ - --replace 'networkx = "^2.8.4"' 'networkx = "*"' + --replace 'networkx = "^2.8.4"' 'networkx = "*"' \ + --replace 'pandas = "^1.4.2"' 'pandas = "*"' ''; nativeBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/dumpasn1/configpath.patch b/nixpkgs/pkgs/tools/security/dumpasn1/configpath.patch new file mode 100644 index 000000000000..4578faafc350 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dumpasn1/configpath.patch @@ -0,0 +1,28 @@ +From ab8bd63b32b963ddc7346a2dabfd39fba8bfba72 Mon Sep 17 00:00:00 2001 +From: Paul Meyer <49727155+katexochen@users.noreply.github.com> +Date: Sun, 13 Aug 2023 14:13:21 +0200 +Subject: [PATCH] make config path injectable during build + +This way a config path can be added to the list during build by +defining the makro. + +Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> +--- + dumpasn1.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/dumpasn1.c b/dumpasn1.c +index e7bf268..94f1582 100644 +--- a/dumpasn1.c ++++ b/dumpasn1.c +@@ -451,6 +451,10 @@ static const char *configPaths[] = { + /* General environment-based paths */ + "$DUMPASN1_PATH/", + ++ #ifdef DUMPASN1_CONFIG_PATH ++ DUMPASN1_CONFIG_PATH, ++ #endif /* DUMPASN1_CONFIG_PATH */ ++ + NULL + }; + #endif /* OS-specific search paths */ diff --git a/nixpkgs/pkgs/tools/security/dumpasn1/default.nix b/nixpkgs/pkgs/tools/security/dumpasn1/default.nix new file mode 100644 index 000000000000..d224531940a7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dumpasn1/default.nix @@ -0,0 +1,34 @@ +{ lib +, stdenv +, fetchFromGitHub +}: +stdenv.mkDerivation (finalAttrs: { + pname = "dumpasn1"; + version = "20230207.0.0"; + + src = fetchFromGitHub { + owner = "katexochen"; + repo = "dumpasn1"; + rev = "v${finalAttrs.version}"; + hash = "sha256-r40czSLdjCYbt73zK7exCoP/kMq6+pyJfz9LKJLLaXM="; + }; + + CFLAGS = ''-DDUMPASN1_CONFIG_PATH='"$(out)/etc/"' ''; + + makeFlags = [ "prefix=$(out)" ]; + + patches = [ + # Allow adding a config file path during build via makro. + # Used to add the store path of the included config file through CFLAGS. + # This won't be merged upstream. + ./configpath.patch + ]; + + meta = with lib; { + description = "Display and debug ASN.1 data"; + homepage = "https://github.com/katexochen/dumpasn1"; + license = licenses.bsd2; + maintainers = with maintainers; [ katexochen ]; + platforms = platforms.linux ++ platforms.darwin; + }; +}) diff --git a/nixpkgs/pkgs/tools/security/eid-mw/default.nix b/nixpkgs/pkgs/tools/security/eid-mw/default.nix index 102313ddbdfc..e399974b4c6e 100644 --- a/nixpkgs/pkgs/tools/security/eid-mw/default.nix +++ b/nixpkgs/pkgs/tools/security/eid-mw/default.nix @@ -1,21 +1,21 @@ { lib , stdenv , fetchFromGitHub -, autoreconfHook , autoconf-archive -, pkg-config +, autoreconfHook , makeWrapper +, pkg-config +, substituteAll , curl , gtk3 , libassuan , libbsd , libproxy , libxml2 +, nssTools , openssl , p11-kit , pcsclite -, nssTools -, substituteAll }: stdenv.mkDerivation rec { @@ -30,8 +30,15 @@ stdenv.mkDerivation rec { hash = "sha256-70UjfkH+rx1Q+2XEuAByoDsP5ZelyuGXaHdkjTe/sCY="; }; + postPatch = '' + sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac + substituteInPlace configure.ac --replace 'p11kitcfdir=""' 'p11kitcfdir="'$out/share/p11-kit/modules'"' + ''; + + nativeBuildInputs = [ autoreconfHook autoconf-archive pkg-config makeWrapper ]; buildInputs = [ curl gtk3 libassuan libbsd libproxy libxml2 openssl p11-kit pcsclite ]; + preConfigure = '' mkdir openssl ln -s ${lib.getLib openssl}/lib openssl @@ -44,10 +51,6 @@ stdenv.mkDerivation rec { # pinentry uses hardcoded `/usr/bin/pinentry`, so use the built-in (uglier) dialogs for pinentry. configureFlags = [ "--disable-pinentry" ]; - postPatch = '' - sed 's@m4_esyscmd_s(.*,@[${version}],@' -i configure.ac - ''; - postInstall = let eid-nssdb-in = substituteAll { diff --git a/nixpkgs/pkgs/tools/security/enpass/data.json b/nixpkgs/pkgs/tools/security/enpass/data.json index d967b2266ae1..dc6ef2049723 100644 --- a/nixpkgs/pkgs/tools/security/enpass/data.json +++ b/nixpkgs/pkgs/tools/security/enpass/data.json @@ -1,8 +1,8 @@ { "amd64": { - "path": "pool/main/e/enpass/enpass_6.8.5.1173_amd64.deb", - "sha256": "5855e617041d73682320f3643eb4136c93eef2beaf3be9d37cbadfc76d719b5b", - "version": "6.8.5.1173" + "path": "pool/main/e/enpass/enpass_6.9.0.1467_amd64.deb", + "sha256": "fe405f7119d45822164da3ad009b99c5cd516685198c1d335b7803d84e5ba2ca", + "version": "6.9.0.1467" }, "i386": { "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", diff --git a/nixpkgs/pkgs/tools/security/enpass/update_script.py b/nixpkgs/pkgs/tools/security/enpass/update_script.py index f8ec715cb5e4..ab0b6ce3f48e 100644..100755 --- a/nixpkgs/pkgs/tools/security/enpass/update_script.py +++ b/nixpkgs/pkgs/tools/security/enpass/update_script.py @@ -1,95 +1,74 @@ -from __future__ import print_function - - -import argparse -import bz2 -import email +#! /usr/bin/env nix-shell +#! nix-shell -i python3 -p python3 python3.pkgs.packaging python3.pkgs.requests +import gzip import json import logging - -from itertools import product -from operator import itemgetter - -import attr -import pkg_resources - -from pathlib2 import Path -from requests import Session -from six.moves.urllib_parse import urljoin - - -@attr.s -class ReleaseElement(object): - sha256 = attr.ib(repr=False) - size = attr.ib(convert=int) - path = attr.ib() - -log = logging.getLogger('enpass.updater') - - -parser = argparse.ArgumentParser() -parser.add_argument('--repo') -parser.add_argument('--target', type=Path) - - -session = Session() - - -def parse_bz2_msg(msg): - msg = bz2.decompress(msg) - if '\n\n' in msg: - parts = msg.split('\n\n') - return list(map(email.message_from_string, parts)) - return email.message_from_string(msg) - - -def fetch_meta(repo, name, parse=email.message_from_string, split=False): - url = urljoin(repo, 'dists/stable', name) - response = session.get("{repo}/dists/stable/{name}".format(**locals())) - return parse(response.content) - - -def fetch_filehashes(repo, path): - meta = fetch_meta(repo, path, parse=parse_bz2_msg) - for item in meta: - yield { - 'version': pkg_resources.parse_version(str(item['Version'])), - 'path': item['Filename'], - 'sha256': item['sha256'], - } - - -def fetch_archs(repo): - m = fetch_meta(repo, 'Release') - - architectures = m['Architectures'].split() - elements = [ReleaseElement(*x.split()) for x in m['SHA256'].splitlines()] - elements = [x for x in elements if x.path.endswith('bz2')] - - for arch, elem in product(architectures, elements): - if arch in elem.path: - yield arch, max(fetch_filehashes(repo, elem.path), - key=itemgetter('version')) - - -class OurVersionEncoder(json.JSONEncoder): - def default(self, obj): - # the other way around to avoid issues with - # newer setuptools having strict/legacy versions - if not isinstance(obj, (dict, str)): - return str(obj) - return json.JSONEncoder.default(self, obj) - - -def main(repo, target): - logging.basicConfig(level=logging.DEBUG) - with target.open(mode='wb') as fp: - json.dump( - dict(fetch_archs(repo)), fp, - cls=OurVersionEncoder, - indent=2, - sort_keys=True) - - -opts = parser.parse_args() -main(opts.repo, opts.target) +import pathlib +import re +import subprocess +import sys + +from packaging import version +import requests + +logging.basicConfig(stream=sys.stdout, level=logging.DEBUG) + +current_path = pathlib.Path(__file__).parent +DATA_JSON = current_path.joinpath("data.json").resolve() +logging.debug(f"Path to version file: {DATA_JSON}") +last_new_version = None + +with open(DATA_JSON, "r") as versions_file: + versions = json.load(versions_file) + +def find_latest_version(arch): + CHECK_URL = f'https://apt.enpass.io/dists/stable/main/binary-{arch}/Packages.gz' + packages = gzip.decompress(requests.get(CHECK_URL).content).decode() + + # Loop every package to find the newest one! + version_selector = re.compile("Version: (?P<version>.+)") + path_selector = re.compile("Filename: (?P<path>.+)") + hash_selector = re.compile("SHA256: (?P<sha256>.+)") + last_version = version.parse("0") + for package in packages.split("\n\n"): + matches = version_selector.search(package) + matched_version = matches.group('version') if matches and matches.group('version') else "0" + parsed_version = version.parse(matched_version) + if parsed_version > last_version: + path = path_selector.search(package).group('path') + sha256 = hash_selector.search(package).group('sha256') + last_version = parsed_version + return {"path": path, "sha256": sha256, "version": matched_version} + +for arch in versions.keys(): + current_version = versions[arch]['version'] + logging.info(f"Current Version for {arch} is {current_version}") + new_version = find_latest_version(arch) + + if not new_version or new_version['version'] == current_version: + continue + + last_current_version = current_version + last_new_version = new_version + logging.info(f"Update found ({arch}): enpass: {current_version} -> {new_version['version']}") + versions[arch]['path'] = new_version['path'] + versions[arch]['sha256'] = new_version['sha256'] + versions[arch]['version'] = new_version['version'] + + +if not last_new_version: + logging.info('#### No update found ####') + sys.exit(0) + +# write new versions back +with open(DATA_JSON, "w") as versions_file: + json.dump(versions, versions_file, indent=2) + versions_file.write("\n") + +# Commit the result: +logging.info("Committing changes...") +commit_message = f"enpass: {last_current_version} -> {last_new_version['version']}" +subprocess.run(['git', 'add', DATA_JSON], check=True) +subprocess.run(['git', 'commit', '--file=-'], input=commit_message.encode(), check=True) + +logging.info("Done.") diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index 251b585d7ac7..51b999f81480 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2023-08-03"; + version = "2023-08-20"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-mS77s3wBVGRxGrPxjOCi5QN82N2N4pIPrxz5JczaIBc="; + hash = "sha256-Od8iMbHxmQKyP02piWDkeUfIhkwZLFsm6lpSTztCjmA="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix index dc05255bc7ed..39f9398260f1 100644 --- a/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix +++ b/nixpkgs/pkgs/tools/security/faraday-agent-dispatcher/default.nix @@ -5,16 +5,21 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-agent-dispatcher"; - version = "2.4.0"; + version = "2.6.2"; format = "setuptools"; src = fetchFromGitHub { owner = "infobyte"; repo = "faraday_agent_dispatcher"; rev = "refs/tags/${version}"; - hash = "sha256-gZXA+2zW25Dl8JmBgg7APZt6ZdpFOEFZXAkiZ+tn/4g="; + hash = "sha256-+lsejepg/iBHo6CRAGNHjiUC7ZgboHbKu7EDmlN3lVk="; }; + postPatch = '' + substituteInPlace setup.py \ + --replace '"pytest-runner",' "" + ''; + nativeBuildInputs = with python3.pkgs; [ setuptools-scm ]; @@ -26,6 +31,7 @@ python3.pkgs.buildPythonApplication rec { faraday-plugins itsdangerous psutil + pytenable python-gvm python-owasp-zap-v2-4 pyyaml @@ -39,11 +45,6 @@ python3.pkgs.buildPythonApplication rec { pytestCheckHook ]; - postPatch = '' - substituteInPlace setup.py \ - --replace '"pytest-runner",' "" - ''; - preCheck = '' export HOME=$(mktemp -d); ''; diff --git a/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix b/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix index d006e3140bf8..57f1215ed817 100644 --- a/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix +++ b/nixpkgs/pkgs/tools/security/firefox_decrypt/default.nix @@ -2,6 +2,8 @@ , fetchFromGitHub , buildPythonApplication , setuptools +, setuptools-scm +, wheel , nss , nix-update-script }: @@ -9,25 +11,24 @@ buildPythonApplication rec { pname = "firefox_decrypt"; version = "1.1.0"; - format = "pyproject"; src = fetchFromGitHub { owner = "unode"; repo = pname; rev = "0931c0484d7429f7d4de3a2f5b62b01b7924b49f"; - sha256 = "sha256-9HbH8DvHzmlem0XnDbcrIsMQRBuf82cHObqpLzQxNZM="; + hash = "sha256-9HbH8DvHzmlem0XnDbcrIsMQRBuf82cHObqpLzQxNZM="; }; nativeBuildInputs = [ setuptools + setuptools-scm + wheel ]; makeWrapperArgs = [ "--prefix" "LD_LIBRARY_PATH" ":" (lib.makeLibraryPath [ nss ]) ]; - passthru.updateScript = nix-update-script { - extraArgs = [ "--version=branch" ]; - }; + passthru.updateScript = nix-update-script { }; meta = with lib; { homepage = "https://github.com/unode/firefox_decrypt"; diff --git a/nixpkgs/pkgs/tools/security/gencfsm/default.nix b/nixpkgs/pkgs/tools/security/gencfsm/default.nix index 4cf5338ca2e4..33f6297905ea 100644 --- a/nixpkgs/pkgs/tools/security/gencfsm/default.nix +++ b/nixpkgs/pkgs/tools/security/gencfsm/default.nix @@ -21,6 +21,7 @@ stdenv.mkDerivation rec { pkg-config vala wrapGAppsHook + gobject-introspection ]; buildInputs = [ glib @@ -29,7 +30,6 @@ stdenv.mkDerivation rec { libgee xorg.libSM xorg.libICE - gobject-introspection libsecret ]; diff --git a/nixpkgs/pkgs/tools/security/ggshield/default.nix b/nixpkgs/pkgs/tools/security/ggshield/default.nix new file mode 100644 index 000000000000..3f275875ed48 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ggshield/default.nix @@ -0,0 +1,78 @@ +{ lib +, fetchFromGitHub +, git +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ggshield"; + version = "1.18.0"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "GitGuardian"; + repo = "ggshield"; + rev = "refs/tags/v${version}"; + hash = "sha256-CWWgt2Ec8ChhH+nL6DkGqI3GsR52HforUYaaxSpKgCs="; + }; + + pythonRelaxDeps = true; + + nativeBuildInputs = with python3.pkgs; [ + pythonRelaxDepsHook + setuptools + ]; + + propagatedBuildInputs = with python3.pkgs; [ + appdirs + charset-normalizer + click + cryptography + marshmallow + marshmallow-dataclass + oauthlib + pygitguardian + pyjwt + python-dotenv + pyyaml + requests + rich + ]; + + nativeCheckInputs = [ + git + ] ++ (with python3.pkgs; [ + pyfakefs + pytest-mock + pytest-voluptuous + pytestCheckHook + snapshottest + vcrpy + ]); + + pythonImportsCheck = [ + "ggshield" + ]; + + disabledTestPaths = [ + # Don't run functional tests + "tests/functional/" + ]; + + disabledTests = [ + # No TLS certificate, no .git folder, etc. + "test_cache_catches" + "test_is_git_dir" + "test_is_valid_git_commit_ref" + "test_check_git_dir" + "test_does_not_fail_if_cache" + ]; + + meta = with lib; { + description = "Tool to find and fix various types of hardcoded secrets and infrastructure-as-code misconfigurations"; + homepage = "https://github.com/GitGuardian/ggshield"; + changelog = "https://github.com/GitGuardian/ggshield/blob/${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gobuster/default.nix b/nixpkgs/pkgs/tools/security/gobuster/default.nix index 279b6cd6c9fc..878fa576b4cd 100644 --- a/nixpkgs/pkgs/tools/security/gobuster/default.nix +++ b/nixpkgs/pkgs/tools/security/gobuster/default.nix @@ -5,22 +5,27 @@ buildGoModule rec { pname = "gobuster"; - version = "3.5.0"; + version = "3.6.0"; src = fetchFromGitHub { owner = "OJ"; repo = "gobuster"; - rev = "v${version}"; - hash = "sha256-Ohv/FgMbniItbrcrncAe9QKVjrhxoZ80BGYJmJtJpPk="; + rev = "refs/tags/v${version}"; + hash = "sha256-LZL9Zje2u0v6iAQinfjflvusV57ys5J5Il6Q7br3Suc="; }; - vendorHash = "sha256-ZbY5PyXKcTB9spVGfW2Qhj8SV9alOSH0DyXx1dh/NgQ="; + vendorHash = "sha256-w+G5PsWXhKipjYIHtz633sia+Wg9FSFVpcugEl8fp0E="; + + ldflags = [ + "-s" + "-w" + ]; meta = with lib; { description = "Tool used to brute-force URIs, DNS subdomains, Virtual Host names on target web servers"; homepage = "https://github.com/OJ/gobuster"; changelog = "https://github.com/OJ/gobuster/releases/tag/v${version}"; license = licenses.asl20; - maintainers = with maintainers; [ pamplemousse ]; + maintainers = with maintainers; [ fab pamplemousse ]; }; } diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix index 87ea59122bbc..93b4ff4119b3 100644 --- a/nixpkgs/pkgs/tools/security/gopass/default.nix +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.15.6"; + version = "1.15.7"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -21,10 +21,10 @@ buildGoModule rec { owner = "gopasspw"; repo = "gopass"; rev = "v${version}"; - hash = "sha256-qhnkU2LuwUWP3Fi/XekFJp3WujeRxF/UHVBiVTfbxJ4="; + hash = "sha256-Q3EX5giteIsH5+fXb7n2qpd9kBjaZZ/A5VuCljc72C8="; }; - vendorHash = "sha256-FZFN+xy23osgFs7Cm3S+LwKaE9Y94qcDVgv+CxA8J68="; + vendorHash = "sha256-crnr5qXlYrhNT3nLlA7U13CaYAmAqcV+MBs/hee9ixU="; subPackages = [ "." ]; diff --git a/nixpkgs/pkgs/tools/security/gopass/git-credential.nix b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix index d3ba15f37089..eb3c2c9b96c9 100644 --- a/nixpkgs/pkgs/tools/security/gopass/git-credential.nix +++ b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "git-credential-gopass"; - version = "1.15.5"; + version = "1.15.7"; src = fetchFromGitHub { owner = "gopasspw"; repo = "git-credential-gopass"; rev = "v${version}"; - hash = "sha256-jjW+mqGklnQsX+nznEeehrIMoJ3MX1H5aF7LAePY2g0="; + hash = "sha256-O8lqrvaFfcFHevZpRf+VbIQCBQUuc+B34OmQ3/VIOzI="; }; - vendorHash = "sha256-BXzXpG1Dy25IBf8EzgzOnFcbEvQGVhO8jgR/t6IKgPw="; + vendorHash = "sha256-gb9AZBh5oUAiuCXbsvkmYxcHRNd9KLYq35nMd4iabKw="; subPackages = [ "." ]; @@ -34,6 +34,7 @@ buildGoModule rec { meta = with lib; { description = "Manage git credentials using gopass"; homepage = "https://github.com/gopasspw/git-credential-gopass"; + changelog = "https://github.com/gopasspw/git-credential-gopass/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ benneti ]; }; diff --git a/nixpkgs/pkgs/tools/security/gopass/hibp.nix b/nixpkgs/pkgs/tools/security/gopass/hibp.nix index b341d0aa67a5..1486f8476f2b 100644 --- a/nixpkgs/pkgs/tools/security/gopass/hibp.nix +++ b/nixpkgs/pkgs/tools/security/gopass/hibp.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-hibp"; - version = "1.15.5"; + version = "1.15.7"; src = fetchFromGitHub { owner = "gopasspw"; repo = "gopass-hibp"; rev = "v${version}"; - hash = "sha256-BHMhQqaYM0WfCzvDo7X1GEVNv44zEw2KeA9jhF7RgC4="; + hash = "sha256-525e2LXQ/Ldrqhxqndwpdo2HeS4xRkbPzfwvWeiEayE="; }; - vendorHash = "sha256-Y6BMzSRzbORIbebfP+ptIswyOclM1bs1zPmLpqko//4="; + vendorHash = "sha256-jfqxl21euOtOvt+RltVlSjca2o8VuLtWHgpnW4ve5JM="; subPackages = [ "." ]; @@ -33,7 +33,8 @@ buildGoModule rec { meta = with lib; { description = "Gopass haveibeenpwnd.com integration"; - homepage = "https://www.gopass.pw/"; + homepage = "https://github.com/gopasspw/gopass-hibp"; + changelog = "https://github.com/gopasspw/gopass-hibp/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ sikmir ]; }; diff --git a/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix index 6617a43e7f21..f7c0cd0ebdf9 100644 --- a/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix +++ b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "gopass-jsonapi"; - version = "1.15.5"; + version = "1.15.7"; src = fetchFromGitHub { owner = "gopasspw"; repo = "gopass-jsonapi"; rev = "v${version}"; - hash = "sha256-ZSX5g1agmnPU8Nlmptr3GVrjtPPKbDxouSjz9ulSW44="; + hash = "sha256-lwY5uc6eKqXO8FbvzlrpQY0y5AEcV0RQFvvnE+At6z0="; }; - vendorHash = "sha256-JWOBGTJFzihoznYFzcgjayAzNof6Ob5u3Jfx2a6zwEk="; + vendorHash = "sha256-BKwgP22l4t4jaAHHh+ZD/2nroCtAp/A6DqHt+9HZzKw="; subPackages = [ "." ]; @@ -34,7 +34,8 @@ buildGoModule rec { meta = with lib; { description = "Enables communication with gopass via JSON messages"; - homepage = "https://www.gopass.pw/"; + homepage = "https://github.com/gopasspw/gopass-jsonapi"; + changelog = "https://github.com/gopasspw/gopass-jsonapi/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ maxhbr ]; }; diff --git a/nixpkgs/pkgs/tools/security/gopass/summon.nix b/nixpkgs/pkgs/tools/security/gopass/summon.nix index 8001fa09ac67..eb264b752d08 100644 --- a/nixpkgs/pkgs/tools/security/gopass/summon.nix +++ b/nixpkgs/pkgs/tools/security/gopass/summon.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gopass-summon-provider"; - version = "1.15.5"; + version = "1.15.7"; src = fetchFromGitHub { owner = "gopasspw"; repo = "gopass-summon-provider"; rev = "v${version}"; - hash = "sha256-ZAXdazhRqg9TbWWbftz9og3H7LTHenLlpFPIgZQHd/Q="; + hash = "sha256-JoSNWgwTnFQbnrwGIk6L5SwQeNg0RfLMULceqFF/XnA="; }; - vendorHash = "sha256-BXzXpG1Dy25IBf8EzgzOnFcbEvQGVhO8jgR/t6IKgPw="; + vendorHash = "sha256-gb9AZBh5oUAiuCXbsvkmYxcHRNd9KLYq35nMd4iabKw="; subPackages = [ "." ]; @@ -33,7 +33,8 @@ buildGoModule rec { meta = with lib; { description = "Gopass Summon Provider"; - homepage = "https://www.gopass.pw/"; + homepage = "https://github.com/gopasspw/gopass-summon-provider"; + changelog = "https://github.com/gopasspw/gopass-summon-provider/blob/v${version}/CHANGELOG.md"; license = licenses.mit; maintainers = with maintainers; [ sikmir ]; }; diff --git a/nixpkgs/pkgs/tools/security/gotrue/supabase.nix b/nixpkgs/pkgs/tools/security/gotrue/supabase.nix index 45a6e9db3178..3ee604a90b9b 100644 --- a/nixpkgs/pkgs/tools/security/gotrue/supabase.nix +++ b/nixpkgs/pkgs/tools/security/gotrue/supabase.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "gotrue"; - version = "2.83.1"; + version = "2.92.0"; src = fetchFromGitHub { owner = "supabase"; repo = pname; rev = "v${version}"; - hash = "sha256-3H2B6gEL9qatR49P+0E+O0EDd+uylb0nDETqxW+XuFY="; + hash = "sha256-acOTuvs9AFDGdmj4dwTAabhO31MAJgYOVZghlPQiXT4="; }; - vendorHash = "sha256-eG6zB/nfsYYvvLf5i8AySkTfXv9rIGTTmyMA4PtcGjg="; + vendorHash = "sha256-r1xJka1ISahaHJOkFwjn/Nrf2EU0iGVosz8PZnH31TE="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index cb21ecb119c7..b1668c1274aa 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "grype"; - version = "0.65.1"; + version = "0.65.2"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-hmjg1W1E1pdrHxPA7qbEJP0R1mEiV0P54+y+RXxKH4c="; + hash = "sha256-ST+fJfkViQubCWVMY2BbOgE7tOpXjCX1ATLBmLmvMiY="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,7 +28,7 @@ buildGoModule rec { proxyVendor = true; - vendorHash = "sha256-VxsXhNOFj7Iwq7Sa2J8ADcfLt9Bz+D0RHwEGawveryU="; + vendorHash = "sha256-HaqJ1Pc0A29D0HielGhP6uxkVccB8JyUrm0Q5nW8teU="; nativeBuildInputs = [ installShellFiles @@ -104,6 +104,6 @@ buildGoModule rec { container image or filesystem to find known vulnerabilities. ''; license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab jk ]; + maintainers = with maintainers; [ fab jk kashw2 ]; }; } diff --git a/nixpkgs/pkgs/tools/security/iaito/default.nix b/nixpkgs/pkgs/tools/security/iaito/default.nix index 466a9c5ff777..641f7edf2406 100644 --- a/nixpkgs/pkgs/tools/security/iaito/default.nix +++ b/nixpkgs/pkgs/tools/security/iaito/default.nix @@ -11,30 +11,35 @@ , wrapQtAppsHook }: -stdenv.mkDerivation rec { +let pname = "iaito"; - version = "5.8.6"; - - srcs = [ - (fetchFromGitHub rec { - owner = "radareorg"; - repo = "iaito"; - rev = version; - hash = "sha256-rl8bOIR0oS6YvZA5pr8oSj7HcKK4YeCjAEi7saVdvk8="; - name = repo; - }) - (fetchFromGitHub rec { - owner = "radareorg"; - repo = "iaito-translations"; - rev = "e66b3a962a7fc7dfd730764180011ecffbb206bf"; - hash = "sha256-6NRTZ/ydypsB5TwbivvwOH9TEMAff/LH69hCXTvMPp8="; - name = repo; - }) - ]; - sourceRoot = "iaito/src"; + version = "5.8.8"; + + main_src = fetchFromGitHub rec { + owner = "radareorg"; + repo = pname; + rev = version; + hash = "sha256-/sXdp6QpDxltesg5i2CD0K2r18CrbGZmmI7HqULvFfA="; + name = repo; + }; + + translations_src = fetchFromGitHub rec { + owner = "radareorg"; + repo = "iaito-translations"; + rev = "e66b3a962a7fc7dfd730764180011ecffbb206bf"; + hash = "sha256-6NRTZ/ydypsB5TwbivvwOH9TEMAff/LH69hCXTvMPp8="; + name = repo; + }; +in + +stdenv.mkDerivation rec { + inherit pname version; + + srcs = [ main_src translations_src ]; + sourceRoot = "${main_src.name}/src"; postUnpack = '' - chmod -R u+w iaito-translations + chmod -R u+w ${translations_src.name} ''; postPatch = '' @@ -60,7 +65,7 @@ stdenv.mkDerivation rec { env.NIX_CFLAGS_COMPILE = toString [ "-I" "${radare2.src}/shlr/sdb/include/sdb" ]; postBuild = '' - pushd ../../../iaito-translations + pushd ../../../${translations_src.name} make build -j$NIX_BUILD_CORES PREFIX=$out popd ''; @@ -73,7 +78,7 @@ stdenv.mkDerivation rec { install -m644 -Dt $out/share/applications ../org.radare.iaito.desktop install -m644 -Dt $out/share/pixmaps ../img/iaito-o.svg - pushd ../../../iaito-translations + pushd ../../../${translations_src.name} make install -j$NIX_BUILD_CORES PREFIX=$out popd diff --git a/nixpkgs/pkgs/tools/security/joincap/default.nix b/nixpkgs/pkgs/tools/security/joincap/default.nix new file mode 100644 index 000000000000..1589602ac062 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/joincap/default.nix @@ -0,0 +1,36 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, libpcap +}: + +buildGoModule rec { + pname = "joincap"; + version = "0.10.2"; + + src = fetchFromGitHub { + owner = "assafmo"; + repo = "joincap"; + rev = "v${version}"; + hash = "sha256-Xli9G/VkDWKkc+7mldmLfvigvPPcdcToc4e15uoadDQ="; + }; + + vendorHash = "sha256-YsLIbt3uiA1d08yIEhSRdep1+52AxRvbIzDHlhc5s7Y="; + + buildInputs = [ + libpcap + ]; + + ldflags = [ + "-s" + "-w" + ]; + + meta = with lib; { + description = "Merge multiple pcap files together, gracefully"; + homepage = "https://github.com/assafmo/joincap"; + changelog = "https://github.com/assafmo/joincap/blob/${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/katana/default.nix b/nixpkgs/pkgs/tools/security/katana/default.nix index 6cf5d1cb7ab7..a8f065e4d65b 100644 --- a/nixpkgs/pkgs/tools/security/katana/default.nix +++ b/nixpkgs/pkgs/tools/security/katana/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "katana"; - version = "1.0.2"; + version = "1.0.3"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-MhvagLlJ3WuZ3eEA0KI0sJ1ioFyqCcC9lejvewIFg5M="; + hash = "sha256-0OXpA+sa97YjbHhIq3Uj65OWg53PH9y2cY8bjCqC3tQ="; }; - vendorHash = "sha256-1XT8VOBztC/V5Yguzq91ZoOWlkdT6fJrvcxp7KvtNqw="; + vendorHash = "sha256-rb0fNAOP4y2yvJb7FIlAIfXF0uw0eLKgup75f9cwT6U="; CGO_ENABLED = 0; diff --git a/nixpkgs/pkgs/tools/security/kube-bench/default.nix b/nixpkgs/pkgs/tools/security/kube-bench/default.nix index e25a5d5e0e79..0d154eac1381 100644 --- a/nixpkgs/pkgs/tools/security/kube-bench/default.nix +++ b/nixpkgs/pkgs/tools/security/kube-bench/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kube-bench"; - version = "0.6.15"; + version = "0.6.17"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-oZLhHIbDPftm8OVjyBj6/8pcLRX2OvtEU0uwYWIaR/c="; + hash = "sha256-9pXW8PVJhaYi9uKArIJcXbQ6FbCjFA4z9f5M3DLKnng="; }; vendorHash = "sha256-dBN6Yi8HtS9LzXr08jhw1hqDwS8a4UqrYaRpM+RzvVM="; diff --git a/nixpkgs/pkgs/tools/security/kubescape/default.nix b/nixpkgs/pkgs/tools/security/kubescape/default.nix index b3a81f62d7f1..9054fdbfdd59 100644 --- a/nixpkgs/pkgs/tools/security/kubescape/default.nix +++ b/nixpkgs/pkgs/tools/security/kubescape/default.nix @@ -6,17 +6,17 @@ buildGoModule rec { pname = "kubescape"; - version = "2.3.6"; + version = "2.9.0"; src = fetchFromGitHub { owner = "kubescape"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-wu3G0QoYNL3QTgakLWFRulWTqWt+WMcty6PxWvI6Yy0="; + hash = "sha256-rZlM+SerEE2RNxnituPK5JB7Al0/KtFyGHg3UeCfDNk="; fetchSubmodules = true; }; - vendorHash = "sha256-h1lsKqsqXoZdzbQqp9gg/Mg1QRqtxXUB8te0YndhV3g="; + vendorHash = "sha256-gRLCkjW8yY5FT2J7tNZQwEbhrdUMrj4Xwybe/coX0UY="; nativeBuildInputs = [ installShellFiles @@ -25,7 +25,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-X github.com/kubescape/kubescape/v2/core/cautils.BuildNumber=v${version}" + "-X=github.com/kubescape/kubescape/v2/core/cautils.BuildNumber=v${version}" ]; subPackages = [ "." ]; @@ -42,6 +42,7 @@ buildGoModule rec { # remove tests that use networking rm core/pkg/resourcehandler/urlloader_test.go rm core/pkg/opaprocessor/*_test.go + rm core/cautils/getter/downloadreleasedpolicy_test.go # remove tests that use networking substituteInPlace core/pkg/resourcehandler/repositoryscanner_test.go \ diff --git a/nixpkgs/pkgs/tools/security/maigret/default.nix b/nixpkgs/pkgs/tools/security/maigret/default.nix index a8d7f4c6b532..f2d706bfe510 100644 --- a/nixpkgs/pkgs/tools/security/maigret/default.nix +++ b/nixpkgs/pkgs/tools/security/maigret/default.nix @@ -1,12 +1,14 @@ { lib , stdenv , fetchFromGitHub +, fetchpatch , python3 }: python3.pkgs.buildPythonApplication rec { pname = "maigret"; version = "0.4.4"; + format = "setuptools"; src = fetchFromGitHub { owner = "soxoj"; @@ -15,7 +17,17 @@ python3.pkgs.buildPythonApplication rec { hash = "sha256-Z8SnA7Z5+oKW0AOaNf+c/zR30lrPFmXaxxKkbnDXNNs="; }; + patches = [ + # https://github.com/soxoj/maigret/pull/1117 + (fetchpatch { + name = "pytest-7.3-compatibility.patch"; + url = "https://github.com/soxoj/maigret/commit/ecb33de9e6eec12b6b45a1152199177f32c85be2.patch"; + hash = "sha256-nFx3j1Q37YLtYhb0QS34UgZFgAc5Z/RVgbO9o1n1ONE="; + }) + ]; + nativeBuildInputs = [ python3.pkgs.pythonRelaxDepsHook ]; + propagatedBuildInputs = with python3.pkgs; [ aiodns aiohttp @@ -57,6 +69,8 @@ python3.pkgs.buildPythonApplication rec { yarl ]; + __darwinAllowLocalNetworking = true; + nativeCheckInputs = with python3.pkgs; [ pytest-httpserver pytest-asyncio diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index d5bfa0529161..d52b52b62217 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.27" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.30" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index 37e3161509f6..fe3c7d2c8838 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,13 +1,14 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 53af96320f2fddfc0189ea66fd9db1f87d94eb06 - ref: refs/tags/6.3.27 + revision: e15c05b0bd8774e33c33c100965ec7e301e4f295 + ref: refs/tags/6.3.30 specs: - metasploit-framework (6.3.27) + metasploit-framework (6.3.30) actionpack (~> 7.0) activerecord (~> 7.0) activesupport (~> 7.0) aws-sdk-ec2 + aws-sdk-ec2instanceconnect aws-sdk-iam aws-sdk-s3 aws-sdk-ssm @@ -36,7 +37,7 @@ GIT metasploit-model metasploit-payloads (= 2.0.148) metasploit_data_models - metasploit_payloads-mettle (= 1.0.20) + metasploit_payloads-mettle (= 1.0.26) mqtt msgpack (~> 1.6.0) nessus_rest @@ -79,6 +80,7 @@ GIT rex-text rex-zip ruby-macho + ruby-mysql ruby_smb (~> 3.2.0) rubyntlm rubyzip @@ -102,42 +104,45 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actionpack (7.0.6) - actionview (= 7.0.6) - activesupport (= 7.0.6) + actionpack (7.0.7) + actionview (= 7.0.7) + activesupport (= 7.0.7) rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actionview (7.0.6) - activesupport (= 7.0.6) + actionview (7.0.7) + activesupport (= 7.0.7) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activemodel (7.0.6) - activesupport (= 7.0.6) - activerecord (7.0.6) - activemodel (= 7.0.6) - activesupport (= 7.0.6) - activesupport (7.0.6) + activemodel (7.0.7) + activesupport (= 7.0.7) + activerecord (7.0.7) + activemodel (= 7.0.7) + activesupport (= 7.0.7) + activesupport (7.0.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - addressable (2.8.4) + addressable (2.8.5) public_suffix (>= 2.0.2, < 6.0) afm (0.2.2) arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.795.0) - aws-sdk-core (3.180.1) + aws-partitions (1.806.0) + aws-sdk-core (3.180.3) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.395.0) + aws-sdk-ec2 (1.399.0) + aws-sdk-core (~> 3, >= 3.177.0) + aws-sigv4 (~> 1.1) + aws-sdk-ec2instanceconnect (1.32.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-iam (1.86.0) @@ -146,7 +151,7 @@ GEM aws-sdk-kms (1.71.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.132.0) + aws-sdk-s3 (1.132.1) aws-sdk-core (~> 3, >= 3.179.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.6) @@ -182,7 +187,7 @@ GEM eventmachine (>= 1.0.0.beta.4) erubi (1.12.0) eventmachine (1.2.7) - faker (3.2.0) + faker (3.2.1) i18n (>= 1.8.11, < 2) faraday (2.7.10) faraday-net_http (>= 2.0, < 3.1) @@ -256,7 +261,7 @@ GEM railties (~> 7.0) recog webrick - metasploit_payloads-mettle (1.0.20) + metasploit_payloads-mettle (1.0.26) method_source (1.0.0) mini_portile2 (2.8.4) minitest (5.19.0) @@ -272,7 +277,7 @@ GEM net-smtp (0.3.3) net-protocol net-ssh (7.2.0) - network_interface (0.0.2) + network_interface (0.0.4) nexpose (7.3.0) nio4r (2.5.9) nokogiri (1.14.5) @@ -297,24 +302,24 @@ GEM ttfunk pg (1.5.3) public_suffix (5.0.3) - puma (6.3.0) + puma (6.3.1) nio4r (~> 2.0) racc (1.7.1) rack (2.2.8) - rack-protection (3.0.6) - rack + rack-protection (3.1.0) + rack (~> 2.2, >= 2.2.4) rack-test (2.1.0) rack (>= 1.3) - rails-dom-testing (2.1.1) + rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.6) - actionpack (= 7.0.6) - activesupport (= 7.0.6) + railties (7.0.7) + actionpack (= 7.0.7) + activesupport (= 7.0.7) method_source rake (>= 12.2) thor (~> 1.0) @@ -323,7 +328,7 @@ GEM rasn1 (0.12.1) strptime (~> 0.2.5) rb-readline (0.5.5) - recog (3.1.1) + recog (3.1.2) nokogiri redcarpet (3.6.0) reline (0.3.7) @@ -379,6 +384,7 @@ GEM rexml (3.2.6) rkelly-remix (0.0.7) ruby-macho (4.0.0) + ruby-mysql (4.0.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) ruby_smb (3.2.5) @@ -394,10 +400,10 @@ GEM faraday (>= 0.17.3, < 3) simpleidn (0.2.1) unf (~> 0.1.4) - sinatra (3.0.6) + sinatra (3.1.0) mustermann (~> 3.0) rack (~> 2.2, >= 2.2.4) - rack-protection (= 3.0.6) + rack-protection (= 3.1.0) tilt (~> 2.0) sqlite3 (1.6.3) mini_portile2 (~> 2.8.0) @@ -440,9 +446,9 @@ GEM xdr (3.0.3) activemodel (>= 4.2, < 8.0) activesupport (>= 4.2, < 8.0) - xmlrpc (0.3.2) + xmlrpc (0.3.3) webrick - zeitwerk (2.6.10) + zeitwerk (2.6.11) PLATFORMS ruby @@ -451,4 +457,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.4.14 + 2.4.17 diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index d1d445954240..e98c4a25c121 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.3.27"; + version = "6.3.30"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-3iNzOLOASz78ZUoShKMH/AYZE+UTu31qU/VjXP677cc="; + sha256 = "sha256-j2tgBXn5PP4WegSk4NU5aVfrWVKYcYUS8fHFF5kuCJc="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index 71feb682f9d4..1f4f9687e1a4 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -4,60 +4,60 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0d66w1d9rhvafd0dilqyr1ymsvr060l8hi0xvwij7cyvzzxrlrbc"; + sha256 = "150sjsk12vzj9aswjy3cz124l8n8sn52bhd0wwly73rwc1a750sg"; type = "gem"; }; - version = "7.0.6"; + version = "7.0.7"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1icfh9pgjpd29apzn07cnqa9nlpvjv7i4vrygack5gp7hp54l8m7"; + sha256 = "1nn21k5psxdv2fkwxs679lr0b8n1nzli2ks343cx4azn6snp8b8a"; type = "gem"; }; - version = "7.0.6"; + version = "7.0.7"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "072iv0d3vpbp0xijg4jj99sjil1rykmqfj9addxj76bm5mbzwcaj"; + sha256 = "1rspbw4yxx9fh2wyl2wvgwadwapfyx7j9zlirpd4pmk31wkhl4hf"; type = "gem"; }; - version = "7.0.6"; + version = "7.0.7"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1l0rn43bhyzlfa4wwcfz016vb4lkzvl0jf5zibkjy4sppxxixzrq"; + sha256 = "1ygg145wxlgm12b1x5r0rsk2aa6i2wjz7bgb21j8vmyqyfl272cy"; type = "gem"; }; - version = "7.0.6"; + version = "7.0.7"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1cjsf26656996hv48wgv2mkwxf0fy1qc68ikgzq7mzfq2mmvmayk"; + sha256 = "1wzbnv3hns0yiwbgh1m3q5j0d7b0k52nlpwirhxyv3l0ycmljfr9"; type = "gem"; }; - version = "7.0.6"; + version = "7.0.7"; }; addressable = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15s8van7r2ad3dq6i03l3z4hqnvxcq75a3h72kxvf9an53sqma20"; + sha256 = "05r1fwy487klqkya7vzia8hnklcxy4vr92m9dmni3prfwk6zpw33"; type = "gem"; }; - version = "2.8.4"; + version = "2.8.5"; }; afm = { groups = ["default"]; @@ -104,30 +104,40 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07nz6pdzhrfzyhcnd0slikbw0xpslisis2ab57v83fbmn3rkpwn4"; + sha256 = "072z18xbl8n793w4irrsmgh788csvmfkvw1iixsrmdzlzrjjagqx"; type = "gem"; }; - version = "1.795.0"; + version = "1.806.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1a820i7b3fcpnk0966sp7sdj9mzkazfwjflrd1f3i9qgbabf5li3"; + sha256 = "0lc3j74v49b2akyimfnsx3vsgi1i3068cpchn358l0dv27aib6c2"; type = "gem"; }; - version = "3.180.1"; + version = "3.180.3"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "01ds6pw1q87mqbyv7v0a444lsifrv6y0sqcw3v5yrng2ap43xby7"; + sha256 = "0l2gdlqgq9y5r83svl4g7jpijpw3a6p7xsfdvhklb36mgmf61a0n"; + type = "gem"; + }; + version = "1.399.0"; + }; + aws-sdk-ec2instanceconnect = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jbvh6v2kbybk1qjzhzrl82d7advh6hf3va9zyaxlrcijkz6jjg4"; type = "gem"; }; - version = "1.395.0"; + version = "1.32.0"; }; aws-sdk-iam = { groups = ["default"]; @@ -154,10 +164,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0cjb40w8hw4h59bbjidp6hlb1j6akb36d8s5a37vlm6zwq327i7f"; + sha256 = "0iciakii0vcm16x0fivs5hwwhy3n8j1f9d7pimxr05yplnxizh6a"; type = "gem"; }; - version = "1.132.0"; + version = "1.132.1"; }; aws-sdk-ssm = { groups = ["default"]; @@ -364,10 +374,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1i3l58jrcapkp70v3swr0x4s6bj1101920al50wsaaj9dv0vhvm7"; + sha256 = "0ysiqlvyy1351bzx7h92r93a35s32l8giyf9bac6sgr142sh3cnn"; type = "gem"; }; - version = "3.2.0"; + version = "3.2.1"; }; faraday = { groups = ["default"]; @@ -634,12 +644,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "53af96320f2fddfc0189ea66fd9db1f87d94eb06"; - sha256 = "1izdpgz5qqzmadm7vfqkwl9ij1pw0yiq84jacpy3wjw0ncw768yy"; + rev = "e15c05b0bd8774e33c33c100965ec7e301e4f295"; + sha256 = "15q85scigigiy498awcqa9cynmv977ay1904g8bgwg7rg42n0swg"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.3.27"; + version = "6.3.30"; }; metasploit-model = { groups = ["default"]; @@ -676,10 +686,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1qpnpj6qpzgn8ga9p4i3ifnixy86cm32z1y43r50jnk6p534xj84"; + sha256 = "1qprmbmpw4c8396m0whbp08xzdbjc0s2zd0jkxqnh3aswmx8pj3m"; type = "gem"; }; - version = "1.0.20"; + version = "1.0.26"; }; method_source = { groups = ["default"]; @@ -806,10 +816,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xh4knfq77ii4pjzsd2z1p3nd6nrcdjhb2vi5gw36jqj43ffw0zp"; + sha256 = "0hqkas4c809w2gnic1srhq5rd2hpsfnhmrvm1vkix8w775qql74z"; type = "gem"; }; - version = "0.0.2"; + version = "0.0.4"; }; nexpose = { groups = ["default"]; @@ -957,10 +967,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1v7fmv0n4bhdcwh60dgza44iqai5pg34f5pzm4vh4i5fwx7mpqxh"; + sha256 = "1x4dwx2shx0p7lsms97r85r7ji7zv57bjy3i1kmcpxc8bxvrr67c"; type = "gem"; }; - version = "6.3.0"; + version = "6.3.1"; }; racc = { groups = ["default"]; @@ -987,10 +997,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1kpm67az1wxlg76h620in2r7agfyhv177ps268j5ggsanzddzih8"; + sha256 = "0xsz78hccgza144n37bfisdkzpr2c8m0xl6rnlzgxdbsm1zrkg7r"; type = "gem"; }; - version = "3.0.6"; + version = "3.1.0"; }; rack-test = { groups = ["default"]; @@ -1007,10 +1017,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "17g05y7q7934z0ib4aph8h71c2qwjmlakkm7nb2ab45q0aqkfgjd"; + sha256 = "0fx9dx1ag0s1lr6lfr34lbx5i1bvn3bhyf3w3mx6h7yz90p725g5"; type = "gem"; }; - version = "2.1.1"; + version = "2.2.0"; }; rails-html-sanitizer = { groups = ["default"]; @@ -1027,10 +1037,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dcabk5bl5flmspnb9d2qcvclcaw0nd5yr9w6m5pzsmylg3y63pv"; + sha256 = "0in2b84qqmfnigx0li9bgi6l4knmgbj3a29fzm1zzb5jnv4r1gbr"; type = "gem"; }; - version = "7.0.6"; + version = "7.0.7"; }; rake = { groups = ["default"]; @@ -1067,10 +1077,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1phwnckq8scsyk9bcg1jx2fbdg6x28kghs6bhg2byz19xfkqqlyq"; + sha256 = "15633qvzbgsigx55dxb9b07xh0spwr9njd5y2f454kc5zrrapp1a"; type = "gem"; }; - version = "3.1.1"; + version = "3.1.2"; }; redcarpet = { groups = ["default"]; @@ -1302,6 +1312,16 @@ }; version = "4.0.0"; }; + ruby-mysql = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1sh12qscqrc1ihgy7734r4vrg9kzd9lifwsfk4n1r5i4gv5q0jd2"; + type = "gem"; + }; + version = "4.0.0"; + }; ruby-rc4 = { groups = ["default"]; platforms = []; @@ -1377,10 +1397,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1q0ghxfqgjhg2dq9699mn5qx6m6q2cgldg312kh41pzwwy71a7hx"; + sha256 = "00541cnypsh1mnilfxxqlz6va9afrixf9m1asn4wzjp5m59777p8"; type = "gem"; }; - version = "3.0.6"; + version = "3.1.0"; }; sqlite3 = { dependencies = ["mini_portile2"]; @@ -1608,19 +1628,19 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xa79ry3976ylap38cr5g6q3m81plm611flqd3dwgnmgbkycb6jp"; + sha256 = "0fwfnccagsjrbvrav5nbk3zracj9zncr7i375nn20jd4cfy4cggc"; type = "gem"; }; - version = "0.3.2"; + version = "0.3.3"; }; zeitwerk = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06vf6y5ai20ry3b1h9cl7vsdj6i5valq172zdxpnfhj5zvlp104j"; + sha256 = "1mwdd445w63khz13hpv17m2br5xngyjl3jdj08xizjbm78i2zrxd"; type = "gem"; }; - version = "2.6.10"; + version = "2.6.11"; }; } diff --git a/nixpkgs/pkgs/tools/security/minizign/default.nix b/nixpkgs/pkgs/tools/security/minizign/default.nix new file mode 100644 index 000000000000..a5fd19405a37 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/minizign/default.nix @@ -0,0 +1,30 @@ +{ lib +, stdenv +, fetchFromGitHub +, zig_0_11 +}: + +stdenv.mkDerivation { + pname = "minizign"; + version = "unstable-2023-08-13"; + + src = fetchFromGitHub { + owner = "jedisct1"; + repo = "zig-minisign"; + rev = "47edc26d0c7bcfb531fe08e3b2411d8dda516d47"; + hash = "sha256-zyxjUFxg+VufEVycYGCQPdjERE3p5Vz5iIi2UDujEjI="; + }; + + nativeBuildInputs = [ + zig_0_11.hook + ]; + + meta = with lib; { + description = "Minisign reimplemented in Zig"; + homepage = "https://github.com/jedisct1/zig-minisign"; + license = licenses.isc; + maintainers = with maintainers; [ figsoda ]; + mainProgram = "minizign"; + inherit (zig_0_11.meta) platforms; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mitm6/default.nix b/nixpkgs/pkgs/tools/security/mitm6/default.nix new file mode 100644 index 000000000000..a7587330e7b9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/mitm6/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchPypi +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "mitm6"; + version = "0.3.0"; + format = "setuptools"; + + src = fetchPypi { + inherit pname version; + hash = "sha256-g+eFcJdgP7CQ6ntN17guJa4LdkGIb91mr/NKRPIukP8="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + scapy + future + twisted + netifaces + ]; + + # No tests exist for mitm6. + doCheck = false; + + pythonImportsCheck = [ + "mitm6" + ]; + + meta = { + description = "DHCPv6 network spoofing application"; + homepage = "https://github.com/dirkjanm/mitm6"; + license = lib.licenses.gpl2Only; + maintainers = with lib.maintainers; [ arcayr ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/mpw/default.nix b/nixpkgs/pkgs/tools/security/mpw/default.nix index d91b92890a78..0fe45039b9be 100644 --- a/nixpkgs/pkgs/tools/security/mpw/default.nix +++ b/nixpkgs/pkgs/tools/security/mpw/default.nix @@ -15,7 +15,7 @@ in stdenv.mkDerivation rec { inherit rev; }; - sourceRoot = "./source/platform-independent/c/cli"; + sourceRoot = "./${src.name}/platform-independent/c/cli"; postPatch = '' rm build diff --git a/nixpkgs/pkgs/tools/security/naabu/default.nix b/nixpkgs/pkgs/tools/security/naabu/default.nix index f89a10b6b621..9ff500a7fb92 100644 --- a/nixpkgs/pkgs/tools/security/naabu/default.nix +++ b/nixpkgs/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.1.6"; + version = "2.1.7"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; rev = "refs/tags/v${version}"; - hash = "sha256-STykmBsKLcuPhNrk/RHwvlkz9L+IwiALY7Iuvuu3dPM="; + hash = "sha256-x6TmV8c5p9Uuc9uJG3+FNNpdmzdzgQpsyO29dly7PuU="; }; - vendorHash = "sha256-yY5zVlZolc8NLiySBOwKIIa+UN/hsqe9/Pf6iLG1H38="; + vendorHash = "sha256-9LIPRiLKszfz9Gj26G03TPHOqCXi1s3CYiaadInlD84="; buildInputs = [ libpcap diff --git a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix index b7538311c895..a81037da44e4 100644 --- a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix +++ b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nmap-formatter"; - version = "2.1.0"; + version = "2.1.1"; src = fetchFromGitHub { owner = "vdjagilev"; repo = pname; rev = "v${version}"; - hash = "sha256-9DbX1pHI/G6aejVN6AgULOxnpawnJHTiYMiTq+crMJI="; + hash = "sha256-i2g+l5XJkBjXMbJwpSirEKCDxO2Ric4CwF3jzue/4+o="; }; - vendorHash = "sha256-OwyLY8y+HGxCteRqGEYvnVa6r27TwT9s9HyWKtvIxxI="; + vendorHash = "sha256-YAsWXbIyeC4uhzRFXX/bZs3cOvEa3k4/ZCoDisUN1Yw="; meta = with lib; { description = "Tool that allows you to convert nmap output"; diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index 9fc66896ef59..6383d0f51d7c 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "2.9.10"; + version = "2.9.11"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-FpgKOUycSiA0llEvJK71+LnITSTxPkP+Wt5a14Vfwas="; + hash = "sha256-OZAHB1QmdZSARHF7Nd8SzmTGfRk4Wi/89nVYjW0Cpso="; }; - vendorHash = "sha256-g8+tkGqsXROj157sdUMfZMh7+5+dxd3mIxr5KY/mWO8="; + vendorHash = "sha256-L8EwfyYtsnQChs0KQW2e/tU3zKua1HdDX91YX5ay9qo="; modRoot = "./v2"; subPackages = [ diff --git a/nixpkgs/pkgs/tools/security/opensc/default.nix b/nixpkgs/pkgs/tools/security/opensc/default.nix index 51e9434f82e8..9b5b6fba8b24 100644 --- a/nixpkgs/pkgs/tools/security/opensc/default.nix +++ b/nixpkgs/pkgs/tools/security/opensc/default.nix @@ -1,5 +1,6 @@ { lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, zlib, readline, openssl , libiconv, pcsclite, libassuan, libXt +, fetchpatch , docbook_xsl, libxslt, docbook_xml_dtd_412 , Carbon, PCSC, buildPackages , withApplePCSC ? stdenv.isDarwin @@ -16,6 +17,14 @@ stdenv.mkDerivation rec { sha256 = "sha256-Yo8dwk7+d6q+hi7DmJ0GJM6/pmiDOiyEm/tEBSbCU8k="; }; + patches = [ + (fetchpatch { + name = "CVE-2023-2977.patch"; + url = "https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a.patch"; + hash = "sha256-rCeYYKPtv3pii5zgDP5x9Kl2r98p3uxyBSCYlPJZR/s="; + }) + ]; + nativeBuildInputs = [ pkg-config autoreconfHook ]; buildInputs = [ zlib readline openssl libassuan diff --git a/nixpkgs/pkgs/tools/security/ospd-openvas/default.nix b/nixpkgs/pkgs/tools/security/ospd-openvas/default.nix index 6420cce2cdf1..c4a277f217b7 100644 --- a/nixpkgs/pkgs/tools/security/ospd-openvas/default.nix +++ b/nixpkgs/pkgs/tools/security/ospd-openvas/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ospd-openvas"; - version = "22.5.1"; + version = "22.5.4"; format = "pyproject"; src = fetchFromGitHub { owner = "greenbone"; repo = "ospd-openvas"; rev = "refs/tags/v${version}"; - hash = "sha256-7B/SLdOKxdFdW0ysuxgJm1xaTJuM0FPaloRn46rxY6A="; + hash = "sha256-T/MKx8yjRZ+r0ypnWzASGIQPKOAvzznWvaP7gwP+24M="; }; pythonRelaxDeps = [ @@ -48,7 +48,7 @@ python3.pkgs.buildPythonApplication rec { meta = with lib; { description = "OSP server implementation to allow GVM to remotely control an OpenVAS Scanner"; homepage = "https://github.com/greenbone/ospd-openvas"; - changelog = "https://github.com/greenbone/ospd-openvas/blob/${version}/CHANGELOG.md"; + changelog = "https://github.com/greenbone/ospd-openvas/releases/tag/v${version}"; license = licenses.agpl3Only; maintainers = with maintainers; [ fab ]; }; diff --git a/nixpkgs/pkgs/tools/security/plasma-pass/default.nix b/nixpkgs/pkgs/tools/security/plasma-pass/default.nix index 2ff2ab38cefb..f47cd69d43dd 100644 --- a/nixpkgs/pkgs/tools/security/plasma-pass/default.nix +++ b/nixpkgs/pkgs/tools/security/plasma-pass/default.nix @@ -8,14 +8,19 @@ mkDerivation rec { pname = "plasma-pass"; - version = "1.2.0"; + version = "1.2.1"; src = fetchFromGitLab { domain = "invent.kde.org"; owner = "plasma"; repo = "plasma-pass"; - rev = "v${version}"; - sha256 = "1w2mzxyrh17x7da62b6sg1n85vnh1q77wlrfxwfb1pk77y59rlf1"; + sha256 = "sha256-lCNskOXkSIcMPcMnTWE37sDCXfmtP0FhyMzxeF6L0iU="; + + # So the tag is actually "v0.2.1" but the released version is later than + # 1.2.0 and the "release" on the gitlab page also says "1.2.1". + # I guess they just messed up the tag subject and description. + # Maintainer of plasma-pass was notified about this 2023-08-13 + rev = "v0.2.1"; }; buildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/pynitrokey/default.nix b/nixpkgs/pkgs/tools/security/pynitrokey/default.nix index b0a40fba9dcb..337d08da9624 100644 --- a/nixpkgs/pkgs/tools/security/pynitrokey/default.nix +++ b/nixpkgs/pkgs/tools/security/pynitrokey/default.nix @@ -46,6 +46,7 @@ buildPythonApplication rec { ]; pythonRelaxDeps = [ + "click" "cryptography" "protobuf" "python-dateutil" diff --git a/nixpkgs/pkgs/tools/security/rhash/default.nix b/nixpkgs/pkgs/tools/security/rhash/default.nix index 6e73375be208..e789eeba0539 100644 --- a/nixpkgs/pkgs/tools/security/rhash/default.nix +++ b/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -6,14 +6,14 @@ }: stdenv.mkDerivation rec { - version = "1.4.3"; + version = "1.4.4"; pname = "rhash"; src = fetchFromGitHub { owner = "rhash"; repo = "RHash"; rev = "v${version}"; - sha256 = "sha256-R+dHYG0DBI1uo+yF/pxoTv/V9WSfph043bH6erZjeCE="; + sha256 = "sha256-3CW41ULdXoID4cOgrcG2j85tgIJ/sz5hU7A83qpuxf4="; }; nativeBuildInputs = [ which ]; diff --git a/nixpkgs/pkgs/tools/security/scilla/default.nix b/nixpkgs/pkgs/tools/security/scilla/default.nix index c19afe300161..79f743ea0ce8 100644 --- a/nixpkgs/pkgs/tools/security/scilla/default.nix +++ b/nixpkgs/pkgs/tools/security/scilla/default.nix @@ -5,20 +5,26 @@ buildGoModule rec { pname = "scilla"; - version = "1.2.4"; + version = "1.2.7"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-8ZRYgQ4xME71vlO0nKnxiCqeju0G4SwgEXnUol1jQxk="; + rev = "refs/tags/v${version}"; + hash = "sha256-gZuNXQaxHJYLsEaOpNYo7ybg3f0GhkpiaLrex5lkDu4="; }; - vendorSha256 = "sha256-Y4Zi0Hy6ydGxLTohgJGF3L9O+79z+3t+4ZA64otCJpE="; + vendorHash = "sha256-bVGmleuOJzi/Sz7MJlnQuJsDgRWuwieLUx8hcyKkWXI="; + + checkFlags = [ + # requires network access + "-skip=TestIPToHostname" + ]; meta = with lib; { description = "Information gathering tool for DNS, ports and more"; homepage = "https://github.com/edoardottt/scilla"; + changelog = "https://github.com/edoardottt/scilla/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab ]; }; diff --git a/nixpkgs/pkgs/tools/security/scorecard/default.nix b/nixpkgs/pkgs/tools/security/scorecard/default.nix index 48a88df63502..b460f52aa292 100644 --- a/nixpkgs/pkgs/tools/security/scorecard/default.nix +++ b/nixpkgs/pkgs/tools/security/scorecard/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "scorecard"; - version = "4.10.5"; + version = "4.12.0"; src = fetchFromGitHub { owner = "ossf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ysdgdU/Et87NxpdSTZuTtLJOv5uaYGVHDGyCj6kKuUQ="; + sha256 = "sha256-Ys7uO+xMSlcD8OGw7fV+aR0+Q1UXrxPKVLQbphV4rKk="; # populate values otherwise taken care of by goreleaser, # unfortunately these require us to use git. By doing # this in postFetch we can delete .git afterwards and @@ -28,7 +28,7 @@ buildGoModule rec { find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorHash = "sha256-6wIzg9gbH+nAE4sZg+C3NZZbVzbEcovhGwajBZ7ZjdY="; + vendorHash = "sha256-L6HFZryniy3Gp8NKdjM4SK82ZG5eQPM7blkSE3YFhOw="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/semgrep/common.nix b/nixpkgs/pkgs/tools/security/semgrep/common.nix index 9a7efb9b0dc6..c144d7634cf7 100644 --- a/nixpkgs/pkgs/tools/security/semgrep/common.nix +++ b/nixpkgs/pkgs/tools/security/semgrep/common.nix @@ -1,9 +1,9 @@ { lib }: rec { - version = "1.34.1"; + version = "1.35.0"; - srcHash = "sha256-jbwG3Xyb/rEyz7aR51/pfc+bU/KY9k6BsByZg6KDY5s="; + srcHash = "sha256-SUKswvY49Hxis5CwguXC5QSshG0sGKb23mz2IT1vNJI="; # submodule dependencies # these are fetched so we: @@ -25,15 +25,15 @@ rec { core = { x86_64-linux = { platform = "any"; - hash = "sha256-XogITZZtuNmWBrCfL5qpHJNm6jFxzraZMXWhUotXA4c="; + hash = "sha256-ZqSbiuVKGjH+2fB0ReSw07CzTDSK35a8Adstzrvh8zA="; }; x86_64-darwin = { platform = "macosx_10_14_x86_64"; - hash = "sha256-YjV915SZ2L8t6huToErTHRd82m4I+evPyeuwpVzi26o="; + hash = "sha256-MusoteFarPJm8eQO7T/LrXDWUV0Wx4nw80ZvjG7HHhM="; }; aarch64-darwin = { platform = "macosx_11_0_arm64"; - hash = "sha256-BAnYYeUWosAorcHpqUMpRXJFl4NQDPbWTsykDN3w5UQ="; + hash = "sha256-xN87fp5jqes/smMrtLbZowMIuTevpDJNFNeWdo0Seu4="; }; }; diff --git a/nixpkgs/pkgs/tools/security/shhgit/default.nix b/nixpkgs/pkgs/tools/security/shhgit/default.nix deleted file mode 100644 index 48b9c144a820..000000000000 --- a/nixpkgs/pkgs/tools/security/shhgit/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib -, buildGoModule -, fetchFromGitHub -}: - -buildGoModule rec { - pname = "shhgit"; - version = "0.4-${lib.strings.substring 0 7 rev}"; - rev = "7e55062d10d024f374882817692aa2afea02ff84"; - - src = fetchFromGitHub { - owner = "eth0izzle"; - repo = pname; - inherit rev; - sha256 = "1b7r4ivfplm4crlvx571nyz2rc6djy0xvl14nz7m0ngh6206df9k"; - }; - - vendorSha256 = null; #vendorSha256 = ""; - - meta = with lib; { - description = "Tool to detect secrets in repositories"; - homepage = "https://github.com/eth0izzle/shhgit"; - license = with licenses; [ mit ]; - maintainers = with maintainers; [ fab ]; - broken = true; # vendor isn't reproducible with go > 1.17: nix-build -A $name.goModules --check - }; -} diff --git a/nixpkgs/pkgs/tools/security/ssdeep/default.nix b/nixpkgs/pkgs/tools/security/ssdeep/default.nix index acc617103d71..7647246369ff 100644 --- a/nixpkgs/pkgs/tools/security/ssdeep/default.nix +++ b/nixpkgs/pkgs/tools/security/ssdeep/default.nix @@ -13,8 +13,10 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; - # Hack to avoid TMPDIR in RPATHs. - preFixup = ''rm -rf "$(pwd)" ''; + # remove forbidden references to $TMPDIR + preFixup = lib.optionalString stdenv.isLinux '' + patchelf --shrink-rpath --allowed-rpath-prefixes "$NIX_STORE" "$out"/bin/* + ''; meta = { description = "A program for calculating fuzzy hashes"; diff --git a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix index ebec920054a1..29d3c82ac209 100644 --- a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ssh-to-pgp"; - version = "1.0.4"; + version = "1.1.0"; src = fetchFromGitHub { owner = "Mic92"; repo = "ssh-to-pgp"; rev = version; - sha256 = "sha256-WdSa7rLUGcn1XZSnbwglp4I432XzB3vXb6IO3biE+Js="; + sha256 = "sha256-3R/3YPYLdirK3QtiRNO2tpJRO2DKgN+K4txb9xwnQvQ="; }; - vendorHash = "sha256-J9HuZhjeXSS4ej1RM+yn2VGoSdiS39PDM4fScAh6Eps="; + vendorHash = "sha256-RCz2+IZdgmPnEakKxn/C3zFfRyWnMLB51Nm8VGOxBkc="; nativeCheckInputs = [ gnupg ]; checkPhase = '' diff --git a/nixpkgs/pkgs/tools/security/sshguard/default.nix b/nixpkgs/pkgs/tools/security/sshguard/default.nix index a45a57eff0bf..18e93023d779 100644 --- a/nixpkgs/pkgs/tools/security/sshguard/default.nix +++ b/nixpkgs/pkgs/tools/security/sshguard/default.nix @@ -1,12 +1,12 @@ { lib, stdenv, fetchurl, autoreconfHook, bison, flex}: stdenv.mkDerivation rec { - version = "2.4.2"; + version = "2.4.3"; pname = "sshguard"; src = fetchurl { url = "mirror://sourceforge/sshguard/${pname}-${version}.tar.gz"; - sha256 = "1s1prqdbxjrd1n3j4x8ggy9gl2j0ax6xhkzcvyzajw7awmvbfw17"; + sha256 = "sha256-ZAKd7/bekP3u+x9JfUFPDkBFB2aTqR2hpw63WV6X7+s="; }; doCheck = true; diff --git a/nixpkgs/pkgs/tools/security/sshuttle/default.nix b/nixpkgs/pkgs/tools/security/sshuttle/default.nix index 6263a33f7062..8a92dbceb184 100644 --- a/nixpkgs/pkgs/tools/security/sshuttle/default.nix +++ b/nixpkgs/pkgs/tools/security/sshuttle/default.nix @@ -2,7 +2,9 @@ , stdenv , python3Packages , fetchPypi +, installShellFiles , makeWrapper +, sphinx , coreutils , iptables , nettools @@ -26,24 +28,36 @@ python3Packages.buildPythonApplication rec { --replace '--cov=sshuttle --cov-branch --cov-report=term-missing' "" ''; - nativeBuildInputs = [ makeWrapper python3Packages.setuptools-scm ]; + nativeBuildInputs = [ + installShellFiles + makeWrapper + python3Packages.setuptools-scm + sphinx + ]; nativeCheckInputs = with python3Packages; [ pytestCheckHook ]; + postBuild = '' + make man -C docs + ''; + postInstall = '' + installManPage docs/_build/man/* + wrapProgram $out/bin/sshuttle \ --prefix PATH : "${lib.makeBinPath ([ coreutils openssh procps ] ++ lib.optionals stdenv.isLinux [ iptables nettools ])}" \ ''; meta = with lib; { - homepage = "https://github.com/sshuttle/sshuttle/"; description = "Transparent proxy server that works as a poor man's VPN"; longDescription = '' Forward connections over SSH, without requiring administrator access to the target network (though it does require Python 2.7, Python 3.5 or later at both ends). Works with Linux and Mac OS and supports DNS tunneling. ''; - license = licenses.lgpl21; + homepage = "https://github.com/sshuttle/sshuttle"; + changelog = "https://github.com/sshuttle/sshuttle/blob/v${version}/CHANGES.rst"; + license = licenses.lgpl21Plus; maintainers = with maintainers; [ domenkozar carlosdagos ]; }; } diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix index 6cf8349b09af..7c5546d4e45e 100644 --- a/nixpkgs/pkgs/tools/security/sudo/default.nix +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -29,6 +29,12 @@ stdenv.mkDerivation rec { url = "https://github.com/sudo-project/sudo/commit/760c9c11074cb921ecc0da9fbb5f0a12afd46233.patch"; hash = "sha256-smwyoYEkaqfQYz9C4VVz59YMtKabOPpwhS+RBwXbWuE="; }) + # Fix for the patch above: + # https://bugzilla.sudo.ws/show_bug.cgi?id=1057 + (fetchpatch { + url = "https://github.com/sudo-project/sudo/commit/d148e7d8f9a98726dd4fde6f187c7d614e1258c7.patch"; + hash = "sha256-3I3PnuAHlBs3JOn0Ul900aFxuUkDGV4sM3S5DNtW7bE="; + }) ]; prePatch = '' diff --git a/nixpkgs/pkgs/tools/security/terrascan/default.nix b/nixpkgs/pkgs/tools/security/terrascan/default.nix index 8cc4212fbb28..fd8c512837ff 100644 --- a/nixpkgs/pkgs/tools/security/terrascan/default.nix +++ b/nixpkgs/pkgs/tools/security/terrascan/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "terrascan"; - version = "1.18.2"; + version = "1.18.3"; src = fetchFromGitHub { owner = "accurics"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-ZWkuzblPIvYcOllmIjk2RQZdkcPYZLGOuxwgX3NMydg="; + hash = "sha256-2jIdKBNn3Ajvq+fQ1OuQ0VB8+S0QYwLZnJMlGqZ7WtE="; }; - vendorHash = "sha256-e09F4dA/uT50Cted3HqE08d04+l0V6U95AdKGKBFDpI="; + vendorHash = "sha256-PH94le8IwVuinlRsk84HGSxhBSJTTJDrou7nfD1J1JM="; # Tests want to download a vulnerable Terraform project doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix index a683b048935e..5326c6fc5b93 100644 --- a/nixpkgs/pkgs/tools/security/theharvester/default.nix +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -5,13 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "theharvester"; - version = "4.3.0"; + version = "4.4.3"; + format = "setuptools"; src = fetchFromGitHub { owner = "laramies"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-9W4xN+ZSNdR5NOnwohNrQVW8JSEKFyKxWTz012uiUm8="; + hash = "sha256-hAR5z1NwBmcmWRAg2F4QVicxKfzgTOOptlwKdx+G0+o="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -63,7 +64,7 @@ python3.pkgs.buildPythonApplication rec { ''; homepage = "https://github.com/laramies/theHarvester"; changelog = "https://github.com/laramies/theHarvester/releases/tag/${version}"; - maintainers = with maintainers; [ c0bw3b treemo ]; + maintainers = with maintainers; [ c0bw3b fab treemo ]; license = licenses.gpl2Only; }; } diff --git a/nixpkgs/pkgs/tools/security/threatest/default.nix b/nixpkgs/pkgs/tools/security/threatest/default.nix index 78318a5ac1f2..cfae26aaa034 100644 --- a/nixpkgs/pkgs/tools/security/threatest/default.nix +++ b/nixpkgs/pkgs/tools/security/threatest/default.nix @@ -6,17 +6,17 @@ buildGoModule rec { pname = "threatest"; - version = "1.2.1"; + version = "1.2.4"; src = fetchFromGitHub { owner = "DataDog"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-FDcCAKexFpqViSQngfOhkjTr0czHIRtZL3v2psfTuYI="; + hash = "sha256-pCSSAEeVxi3/yK7B2g9ZZRU5TjdNd8qp+52Yc1HmxT8="; }; proxyVendor = true; - vendorHash = "sha256-UQ3GPSv7P4+oMvcu4eFlosnw0TQxG33ptlMTQA/5Lkw="; + vendorHash = "sha256-nHA+UJP6gYWdbTKFcxw1gI6X2ueTUIsHVBIlaprPwsQ="; nativeBuildInputs = [ installShellFiles diff --git a/nixpkgs/pkgs/tools/security/tlsx/default.nix b/nixpkgs/pkgs/tools/security/tlsx/default.nix index cd40cf1c7697..42c5a84cd3c3 100644 --- a/nixpkgs/pkgs/tools/security/tlsx/default.nix +++ b/nixpkgs/pkgs/tools/security/tlsx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "tlsx"; - version = "1.1.1"; + version = "1.1.3"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - hash = "sha256-sYyIZKhn2VJxNxoVb58WQj8a+sYHzuu4SjgPHyLsJK4="; + hash = "sha256-dCtMfrkN43zJqztCobT3RSkn4crGigqzI6NSP8wrCf0="; }; - vendorHash = "sha256-hutHe0n3IAeCP+Lw7dZLfRLyvaOwrWFIrA6chsn+BEw="; + vendorHash = "sha256-33eVwWV9PnrP2MSPXTAcYe9ruJc5lauASc4uubBd9S4="; # Tests require network access doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix index 6b6e970a38ca..9b80c150c1ff 100644 --- a/nixpkgs/pkgs/tools/security/trufflehog/default.nix +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.46.3"; + version = "3.52.1"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-IdLNDJYg86dTj+E2w7+sXmNf/MY7eqW9NMAmuhrzm10="; + hash = "sha256-T3//AKSgnsdRWEzz+kh8rkHXBnJF9CThXervwAZ7Uog="; }; - vendorHash = "sha256-ecEms2Zf4EckP2OLoL41S1ZTTnGJhpdMDhknq/mO7qI="; + vendorHash = "sha256-RHNt9GxqWb4EDKg5of5s88iUmJPI2w7i5hPoCFMmnew="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/vals/default.nix b/nixpkgs/pkgs/tools/security/vals/default.nix index 0e86d644c82b..489d0e6d93f3 100644 --- a/nixpkgs/pkgs/tools/security/vals/default.nix +++ b/nixpkgs/pkgs/tools/security/vals/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "vals"; - version = "0.26.1"; + version = "0.26.2"; src = fetchFromGitHub { rev = "v${version}"; owner = "variantdev"; repo = pname; - sha256 = "sha256-gICEqwt34pllvxA8JVc0rCQ2F3w6wT96eKTTxE0j398="; + sha256 = "sha256-WTUdb2LF/50KT3BqwbvKu4TFocbYBdEAoD3IQiPD2bs="; }; vendorHash = "sha256-6DJiqDEgEHQbyIt4iShoBnagBvspd3W3vD56/FGjESs="; diff --git a/nixpkgs/pkgs/tools/security/vault-ssh-plus/default.nix b/nixpkgs/pkgs/tools/security/vault-ssh-plus/default.nix new file mode 100644 index 000000000000..384571bde265 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/vault-ssh-plus/default.nix @@ -0,0 +1,48 @@ +{ buildGoModule +, fetchFromGitHub +, makeWrapper +, lib +, openssh +, testers +, vault-ssh-plus +}: +buildGoModule rec { + pname = "vault-ssh-plus"; + version = "0.7.0"; + + src = fetchFromGitHub { + owner = "isometry"; + repo = pname; + rev = "v${version}"; + hash = "sha256-D38G947/1//AMmWghgw0TDzNcd4LUcCuyLBhRP7YFJY="; + }; + + vendorHash = "sha256-tNdr2xyxri7mj1bP6oVx1DGzwrzg84TpPCY0kHNkXLw="; + + nativeBuildInputs = [ makeWrapper ]; + + ldflags = [ + "-s" + "-w" + "-X main.version=${version}" + ]; + + postInstall = '' + mv $out/bin/vault-ssh-plus $out/bin/vssh + wrapProgram $out/bin/vssh --prefix PATH : ${lib.makeBinPath [ openssh ]}; + ''; + + passthru.tests.version = testers.testVersion { + package = vault-ssh-plus; + command = "vssh --version"; + version = "v${version}"; + }; + + meta = with lib; { + homepage = "https://github.com/isometry/vault-ssh-plus"; + changelog = "https://github.com/isometry/vault-ssh-plus/releases/tag/v${version}"; + description = "Automatically use HashiCorp Vault SSH Client Key Signing with ssh(1)"; + license = licenses.mit; + maintainers = with maintainers; [ lesuisse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index 0cf2f8e633bc..96a65465c1d9 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "vault-bin"; - version = "1.13.3"; + version = "1.14.1"; src = let @@ -16,11 +16,11 @@ stdenv.mkDerivation rec { aarch64-darwin = "darwin_arm64"; }; sha256 = selectSystem { - x86_64-linux = "sha256-heC2VX656nAlYoTwfa4Tv+tlkclfKxNTTpWa+Y6XWLA="; - aarch64-linux = "sha256-Alx8Lacb0IO8kSjYwkeytGxQkCM57zTSk+JXATxZ1eU="; - i686-linux = "sha256-eJW6boE0KG4oF/Sf1UxWVXkwLOx5R6ohrpog3YXKfvY="; - x86_64-darwin = "sha256-lWLEr0arVR7fpgxGEZqkoj/w4YHzNQo+jILZRQ53Eok="; - aarch64-darwin = "sha256-hGlmOKLpb9P/pO8ilxG2dLYDULXarp55/e8HoSbHz98="; + x86_64-linux = "sha256-4CBj8XMRrK9BNzjC6/5A62q85LgnGx/K5jselB5bb+g="; + aarch64-linux = "sha256-MAIudk/2X+2WWF0hv3qKklIYuymQPx75Dg8e0gV1gt0="; + i686-linux = "sha256-bqkdOLa99uNwsUIkkIygFcWYgmMplty/YaL46o+LWEM="; + x86_64-darwin = "sha256-a1CSMOTVpYIjto25VkiAmKEwBr0CaMJhiTFYEUcwqPM="; + aarch64-darwin = "sha256-OZ3l6/gyHI80dABmhaLrFbsau3Yp9hE2U7qPLVBwjoo="; }; in fetchzip { diff --git a/nixpkgs/pkgs/tools/security/witness/default.nix b/nixpkgs/pkgs/tools/security/witness/default.nix index 5ad1e80994f5..d16f74940d3b 100644 --- a/nixpkgs/pkgs/tools/security/witness/default.nix +++ b/nixpkgs/pkgs/tools/security/witness/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "witness"; - version = "0.1.13"; + version = "0.1.14"; src = fetchFromGitHub { owner = "testifysec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-BQfJ6pHA4Yrp1zo22GQ2/JtU2UCOf1hUBqIqcIp7p3A="; + sha256 = "sha256-TUEbFkrS0OztTiY0OXiZsqraq3TINtC/DQEyCGPNXpE="; }; proxyVendor = true; - vendorHash = "sha256-bSEV6cb+/RMkNzwbzfBkDM3PTIE8t8a6w9b1BI6YnCI="; + vendorHash = "sha256-L2NaEt64mgFZVta/F8/uUQ4djlra59JPcHJLGbFCQJs="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/xcrawl3r/default.nix b/nixpkgs/pkgs/tools/security/xcrawl3r/default.nix new file mode 100644 index 000000000000..c7b63c238be1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xcrawl3r/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "xcrawl3r"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "hueristiq"; + repo = "xcrawl3r"; + rev = "refs/tags/${version}"; + hash = "sha256-K7UuWsteI8mEAGOF/g/EbT/Ch6sbmKhiiYB3npdDmFk="; + }; + + vendorHash = "sha256-/yBSrZdlVMZgcKcONBSq7C5IFC30TJL0z6FZRXm+HUs="; + + ldflags = [ + "-s" + "-w" + ]; + + meta = with lib; { + description = "A CLI utility to recursively crawl webpages"; + homepage = "https://github.com/hueristiq/xcrawl3r"; + changelog = "https://github.com/hueristiq/xcrawl3r/releases/tag/${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix b/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix new file mode 100644 index 000000000000..9ca2d3457a05 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "xsubfind3r"; + version = "0.3.0"; + + src = fetchFromGitHub { + owner = "hueristiq"; + repo = "xsubfind3r"; + rev = "refs/tags/${version}"; + hash = "sha256-DY9/qcE8Ryue6NEWglM1F+xd669DPBIgt743ta+O//4="; + }; + + vendorHash = "sha256-dFjyeIiDGdGTlZoZvsW9cwb+urS0NRxBMFf3+Y+rsAE="; + + ldflags = [ + "-s" + "-w" + ]; + + meta = with lib; { + description = "CLI utility to find subdomains from curated passive online sources"; + homepage = "https://github.com/hueristiq/xsubfind3r"; + changelog = "https://github.com/hueristiq/xsubfind3r/releases/tag/${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} |