diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
70 files changed, 430 insertions, 362 deletions
diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix index bbadd0d9e5d6..d1390253e63a 100644 --- a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix +++ b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -19,13 +19,13 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "4.08c"; + version = "4.09c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = "v${version}"; - sha256 = "sha256-r1elJlvGuVrMFLECYCfMsZVEJcCPYRdkljMbF4uRHQY="; + sha256 = "sha256-SQQJpR3+thi4iyrowkOD878nRHNgBJqqUdRFhtqld4k="; }; enableParallelBuilding = true; diff --git a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix index 046f173ce100..8ea3c543b4ea 100644 --- a/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix +++ b/nixpkgs/pkgs/tools/security/aws-iam-authenticator/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "aws-iam-authenticator"; - version = "0.6.14"; + version = "0.6.16"; src = fetchFromGitHub { owner = "kubernetes-sigs"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-NWYTOHqeCxIgKvslezHAZT1GastWcbavWdfmY6KlbXc="; + hash = "sha256-E/DkCDtnzI6yBEYemlLqxc1r8ZEuX+6jDefaZTRFRek="; }; vendorHash = "sha256-TDsY05jnutNIKx0z6/8vGvsgYCIKBkTxh9mXqk4IR38="; diff --git a/nixpkgs/pkgs/tools/security/b2sum/default.nix b/nixpkgs/pkgs/tools/security/b2sum/default.nix index 1f0f2a2bf0cb..581feb28ce08 100644 --- a/nixpkgs/pkgs/tools/security/b2sum/default.nix +++ b/nixpkgs/pkgs/tools/security/b2sum/default.nix @@ -23,6 +23,11 @@ stdenv.mkDerivation (finalAttrs: { buildInputs = [ openmp ]; buildFlags = [ (lib.optional (openmp == null) "NO_OPENMP=1") ]; + + # clang builds require at least C99 or the build fails with: + # error: unknown type name 'inline' + env.NIX_CFLAGS_COMPILE = "-std=c99"; + installFlags = [ "PREFIX=$(out)" ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/baboossh/default.nix b/nixpkgs/pkgs/tools/security/baboossh/default.nix index ee69130e67dd..66712eb99b2c 100644 --- a/nixpkgs/pkgs/tools/security/baboossh/default.nix +++ b/nixpkgs/pkgs/tools/security/baboossh/default.nix @@ -1,25 +1,18 @@ { lib , python3 , fetchFromGitHub -, fetchpatch }: python3.pkgs.buildPythonApplication rec { pname = "baboossh"; - version = "1.2.0"; + version = "1.2.1"; format = "setuptools"; src = fetchFromGitHub { owner = "cybiere"; repo = "baboossh"; rev = "refs/tags/v${version}"; - hash = "sha256-dorIqnJuAS/y9W6gyt65QjwGwx4bJHKLmdqRPzY25yA="; - }; - - patches = fetchpatch { - name = "py3compat-utils.patch"; - url = "https://github.com/cybiere/baboossh/commit/f7a75ebeda0c69ab5b119894b9e1488fc0a935a8.patch"; - hash = "sha256-gctuu/Qd3nmJIWv2mTyrGwjlQD1U+OhGK6Zh/Un06/E="; + hash = "sha256-E/a6dL6BpQ6D8v010d8/qav/fkxpCYNvSvoPAZsm0Hk="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -41,6 +34,7 @@ python3.pkgs.buildPythonApplication rec { homepage = "https://github.com/cybiere/baboossh"; changelog = "https://github.com/cybiere/baboossh/releases/tag/v${version}"; license = licenses.gpl3Only; + mainProgram = "baboossh"; maintainers = with maintainers; [ fab ]; }; } diff --git a/nixpkgs/pkgs/tools/security/bitwarden/cli.nix b/nixpkgs/pkgs/tools/security/bitwarden/cli.nix index 0ff814617429..b51dd1e9e8c2 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden/cli.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden/cli.nix @@ -10,18 +10,18 @@ buildNpmPackage rec { pname = "bitwarden-cli"; - version = "2023.12.0"; + version = "2023.12.1"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "cli-v${version}"; - hash = "sha256-WYhLKV3j3Ktite5u1H4fSku38hCCrMzKoxtjq6aT9yo="; + hash = "sha256-WHI1AfliJa1wAbN1Heto28WlM7uX51SSV4YndAZii1Y="; }; nodejs = nodejs_18; - npmDepsHash = "sha256-bnYpvHO9Pnob+MbrSshv03mSwXCADH/2xw33nLVKMdg="; + npmDepsHash = "sha256-18OaRCys+HaCZ5/ZLeugqW0jWKSQkfvnBGx8aVAdezQ="; nativeBuildInputs = [ python3 diff --git a/nixpkgs/pkgs/tools/security/bitwarden/default.nix b/nixpkgs/pkgs/tools/security/bitwarden/default.nix index c08da90f59b4..f5091a4b084c 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden/default.nix @@ -16,8 +16,10 @@ , moreutils , napi-rs-cli , nodejs_18 +, patchutils_0_4_2 , pkg-config , python3 +, runCommand , rustc , rustPlatform }: @@ -28,13 +30,13 @@ let electron = electron_27; in buildNpmPackage rec { pname = "bitwarden"; - version = "2023.12.0"; + version = "2023.12.1"; src = fetchFromGitHub { owner = "bitwarden"; repo = "clients"; rev = "desktop-v${version}"; - hash = "sha256-WYhLKV3j3Ktite5u1H4fSku38hCCrMzKoxtjq6aT9yo="; + hash = "sha256-kmMEi9jYMPFHIdXyZAkeu8rh+34fEAkFw9uhwUt5k9o="; }; patches = [ @@ -51,14 +53,23 @@ in buildNpmPackage rec { makeCacheWritable = true; npmWorkspace = "apps/desktop"; - npmDepsHash = "sha256-QwG+D0M94HN1AyQlmzKeScZyksiUr5A9igEaox9DYN4="; + npmDepsHash = "sha256-IDqyHiXdMezdPNlZDyRdNzwC3SO5G3gI3h5zoxzzz/g="; cargoDeps = rustPlatform.fetchCargoTarball { name = "${pname}-${version}"; - inherit patches src; + inherit src; + patches = map + (patch: runCommand + (builtins.baseNameOf patch) + { nativeBuildInputs = [ patchutils_0_4_2 ]; } + '' + < ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out + '' + ) + patches; patchFlags = [ "-p4" ]; sourceRoot = "${src.name}/${cargoRoot}"; - hash = "sha256-pCy3hGhI3mXm4uTOaFMykOzJqK2PC0t0hE8MrJKtA/k="; + hash = "sha256-8A33f2q9GoSM8Wh55iqnSfqWIpeRBz+EQT+rmsZsuXs="; }; cargoRoot = "apps/desktop/desktop_native"; diff --git a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix index 1692c246df70..a3eb00d3fe45 100644 --- a/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix +++ b/nixpkgs/pkgs/tools/security/buttercup-desktop/default.nix @@ -2,10 +2,10 @@ let pname = "buttercup-desktop"; - version = "2.24.3"; + version = "2.24.4"; src = fetchurl { url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage"; - sha256 = "sha256-ZSKsxlxP2jNUxEeF2Lfuj2yW0KqHozjPoioq4t0uzfo="; + sha256 = "sha256-c5MLj/1OSjGsySCENeJqEhubxl2y7uDhnOBAtLGy92I="; }; appimageContents = appimageTools.extractType2 { inherit pname src version; }; diff --git a/nixpkgs/pkgs/tools/security/cdxgen/default.nix b/nixpkgs/pkgs/tools/security/cdxgen/default.nix index ffdd977da416..4c4a7292ac56 100644 --- a/nixpkgs/pkgs/tools/security/cdxgen/default.nix +++ b/nixpkgs/pkgs/tools/security/cdxgen/default.nix @@ -5,16 +5,16 @@ buildNpmPackage rec { pname = "cdxgen"; - version = "6.0.14"; + version = "9.10.1"; src = fetchFromGitHub { owner = "AppThreat"; repo = pname; rev = "v${version}"; - sha256 = "sha256-ddeX2EwA2g6wgfsNxf/5ZVsQOHlINGhxif/y6368wCw="; + sha256 = "sha256-FkOWkjf/TXjmSOMSTHvf/MhRtuIPFwGwMt1IUJdvKM0="; }; - npmDepsHash = "sha256-CJ939wT9dKUzMDH2yHKgT056F2AVBevJlS/NhUBjx0E="; + npmDepsHash = "sha256-2DDLogGXT9G8tKJYxVtS7oa5szlaaQTs1kJcgq9GA7k="; dontNpmBuild = true; diff --git a/nixpkgs/pkgs/tools/security/chain-bench/default.nix b/nixpkgs/pkgs/tools/security/chain-bench/default.nix index e123cf30b43f..9705440dfdf8 100644 --- a/nixpkgs/pkgs/tools/security/chain-bench/default.nix +++ b/nixpkgs/pkgs/tools/security/chain-bench/default.nix @@ -6,15 +6,15 @@ buildGoModule rec { pname = "chain-bench"; - version = "0.1.9"; + version = "0.1.10"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; - sha256 = "sha256-eNCQbmqTnCBBwrppFL2yvmiwgj439sosYVkk2ryMa0I="; + sha256 = "sha256-5+jSbXbT1UwHMVeZ07qcY8Is88ddHdr7QlgcbQK+8FA="; }; - vendorHash = "sha256-sAZIMJRx/E+l12Zyp/vKfuiaCMeaonRbEcsRIRXbXm8="; + vendorHash = "sha256-uN4TSAxb229NhcWmiQmWBajla9XKnpiZrXOWJxt/mic="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/cloudfox/default.nix b/nixpkgs/pkgs/tools/security/cloudfox/default.nix index df34f3e18bf7..6b1d7870c699 100644 --- a/nixpkgs/pkgs/tools/security/cloudfox/default.nix +++ b/nixpkgs/pkgs/tools/security/cloudfox/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "cloudfox"; - version = "1.12.2"; + version = "1.13.0"; src = fetchFromGitHub { owner = "BishopFox"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-r9YIJ+PRUA1stKTL39+/T+m1WMkocpjfzG8Y9knnFU4="; + hash = "sha256-4donwh7yG7R4+k+ydGto2CZclnM95qodQuL1Huu4GDo="; }; - vendorHash = "sha256-nSisRurpareGI4EHENayMhsYOKL1hE1wVw2Ueiqii4U="; + vendorHash = "sha256-RdcfAZVqCp+egLbgx1c/A/zk0YlBY6aeeq0Lv4cLivY="; # Some tests are failing because of wrong filename/path doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/cnquery/default.nix b/nixpkgs/pkgs/tools/security/cnquery/default.nix new file mode 100644 index 000000000000..58ea4633ef8d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cnquery/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "cnquery"; + version = "9.12.3"; + + src = fetchFromGitHub { + owner = "mondoohq"; + repo = "cnquery"; + rev = "v${version}"; + hash = "sha256-DMJuQkxU6VNaPgcdvKY5p/124t02QvAo8lDT9B50Ze0="; + }; + + subPackages = [ "apps/cnquery" ]; + + vendorHash = "sha256-AHVmvmTn2MlL+aVBUQs4PA3k8w9/QQRD57DvSpSq09I="; + + meta = with lib; { + description = "cloud-native, graph-based asset inventory"; + longDescription = '' + cnquery is a cloud-native tool for querying your entire fleet. It answers thousands of questions about your infrastructure and integrates with over 300 resources across cloud accounts, Kubernetes, containers, services, VMs, APIs, and more. + ''; + homepage = "https://mondoo.com/cnquery"; + changelog = "https://github.com/mondoohq/cnquery/releases/tag/v${version}"; + license = licenses.bsl11; + maintainers = with maintainers; [ mariuskimmina ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/cnspec/default.nix b/nixpkgs/pkgs/tools/security/cnspec/default.nix index 40e9eb46ea97..280c4faf3502 100644 --- a/nixpkgs/pkgs/tools/security/cnspec/default.nix +++ b/nixpkgs/pkgs/tools/security/cnspec/default.nix @@ -5,17 +5,17 @@ buildGoModule rec { pname = "cnspec"; - version = "9.11.0"; + version = "9.12.3"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-Lcky8+tY91ndZEJ6ZcBxxLHYj6k7U0Yu6BKs5MiB15U="; + hash = "sha256-wPbUqen1y/+zlv+4giY/0ZVZEfSUYhvJBO1yl3NZMtw="; }; proxyVendor = true; - vendorHash = "sha256-bFnlvstu+yYteq719r9g0A2sNJAaxV/jZR9Ww3FoG28="; + vendorHash = "sha256-VL7AD3W6gieKhcglsON1pi4vbe+tbw/P22RU5Zfq/2U="; subPackages = [ "apps/cnspec" @@ -31,7 +31,7 @@ buildGoModule rec { description = "An open source, cloud-native security and policy project"; homepage = "https://github.com/mondoohq/cnspec"; changelog = "https://github.com/mondoohq/cnspec/releases/tag/v${version}"; - license = licenses.mpl20; - maintainers = with maintainers; [ fab ]; + license = licenses.bsl11; + maintainers = with maintainers; [ fab mariuskimmina ]; }; } diff --git a/nixpkgs/pkgs/tools/security/earlybird/default.nix b/nixpkgs/pkgs/tools/security/earlybird/default.nix index c7c16ab47d38..c7cb35fe335c 100644 --- a/nixpkgs/pkgs/tools/security/earlybird/default.nix +++ b/nixpkgs/pkgs/tools/security/earlybird/default.nix @@ -5,20 +5,16 @@ buildGoModule rec { pname = "earlybird"; - version = "3.16.0"; + version = "4.0.0"; src = fetchFromGitHub { owner = "americanexpress"; repo = "earlybird"; rev = "v${version}"; - hash = "sha256-qSW8O13UW5L2eVsqIuqOguhCyZBPqevZ9fJ7qkraa7M="; + hash = "sha256-guSm/ha4ICaOcoynvAwFeojE6ikaCykMcdfskD/ehTw="; }; - patches = [ - ./fix-go.mod-dependency.patch - ]; - - vendorHash = "sha256-ktsQvWc0CTnqOer+9cc0BddrQp0F3Xk7YJP3jxfuw1w="; + vendorHash = "sha256-39jXqCXAwg/C+9gEXiS1X58OD61nMNQifnhgVGEF6ck="; ldflags = [ "-s" "-w" ]; diff --git a/nixpkgs/pkgs/tools/security/earlybird/fix-go.mod-dependency.patch b/nixpkgs/pkgs/tools/security/earlybird/fix-go.mod-dependency.patch deleted file mode 100644 index fb1cf4afdabc..000000000000 --- a/nixpkgs/pkgs/tools/security/earlybird/fix-go.mod-dependency.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/go.mod -+++ b/go.mod -@@ -42,8 +42,9 @@ require ( - github.com/src-d/gcfg v1.4.0 // indirect - github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect - github.com/xanzy/ssh-agent v0.2.1 // indirect -- golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 // indirect -+ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect - golang.org/x/sys v0.0.0-20220906165534-d0df966e6959 // indirect -+ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - google.golang.org/protobuf v1.23.0 // indirect - gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect - gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/nixpkgs/pkgs/tools/security/echidna/default.nix b/nixpkgs/pkgs/tools/security/echidna/default.nix index 80dcba3a8038..10caf5bb82eb 100644 --- a/nixpkgs/pkgs/tools/security/echidna/default.nix +++ b/nixpkgs/pkgs/tools/security/echidna/default.nix @@ -20,7 +20,7 @@ let haskellPackagesOverride = haskellPackages.override { hash = "sha256-H6oURBGoQWSOuPhBB+UKg2UarVzXgv1tmfDBLnOtdhU="; }; libraryHaskellDepends = oa.libraryHaskellDepends - ++ (with haskellPackages;[githash witch]); + ++ (with haskellPackages;[githash witch tuple]); }); }; }; diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index e441a25520a8..0e2e74d0787f 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2023-12-15"; + version = "2023-12-22"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-ArPcg66mWu4i/H8KWKkGG/tW0wxwWMyIr4VuQiqpyKo="; + hash = "sha256-NuukzG+l83YhIgVASLKCkE3FrS6+z8uURTxZyhT/RuA="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/fingerprintx/default.nix b/nixpkgs/pkgs/tools/security/fingerprintx/default.nix index f0de7cfaab86..940195b4e2b5 100644 --- a/nixpkgs/pkgs/tools/security/fingerprintx/default.nix +++ b/nixpkgs/pkgs/tools/security/fingerprintx/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "fingerprintx"; - version = "1.1.12"; + version = "1.1.13"; src = fetchFromGitHub { owner = "praetorian-inc"; repo = "fingerprintx"; rev = "refs/tags/v${version}"; - hash = "sha256-jCWWCLLh2mSVvURFw+6eE+wss6/zlGiLBQ4VW2ar+iw="; + hash = "sha256-kWMwadE3ZJTqwEgtrXvXlyc/2+cf1NGhubwZuYpDMBQ="; }; vendorHash = "sha256-TMy6FwAFlo+ARvm+RiRqly0xIk4lBCXuZrtdnNSMSxw="; diff --git a/nixpkgs/pkgs/tools/security/flare-floss/default.nix b/nixpkgs/pkgs/tools/security/flare-floss/default.nix index b049ea166108..212d0a74ebb1 100644 --- a/nixpkgs/pkgs/tools/security/flare-floss/default.nix +++ b/nixpkgs/pkgs/tools/security/flare-floss/default.nix @@ -5,15 +5,15 @@ python3.pkgs.buildPythonPackage rec { pname = "flare-floss"; - version = "2.3.0"; - format = "setuptools"; + version = "3.0.1"; + pyproject = true; src = fetchFromGitHub { owner = "mandiant"; repo = "flare-floss"; rev = "refs/tags/v${version}"; fetchSubmodules = true; # for tests - hash = "sha256-tOLnve5XBc3TtSgucPIddBHD0YJhsRpRduXsKrtJ/eQ="; + hash = "sha256-bmOWOFqyvOvSrNTbwLqo0WMq4IAZxZ0YYaWCdCrpziU="; }; postPatch = '' @@ -24,7 +24,12 @@ python3.pkgs.buildPythonPackage rec { --replace 'sigs_path = os.path.join(get_default_root(), "sigs")' 'sigs_path = "'"$out"'/share/flare-floss/sigs"' ''; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ + binary2strings halo networkx pefile @@ -47,6 +52,10 @@ python3.pkgs.buildPythonPackage rec { cp -r floss/sigs $out/share/flare-floss/ ''; + preCheck = '' + export HOME=$(mktemp -d) + ''; + meta = with lib; { description = "Automatically extract obfuscated strings from malware"; homepage = "https://github.com/mandiant/flare-floss"; diff --git a/nixpkgs/pkgs/tools/security/fwknop/default.nix b/nixpkgs/pkgs/tools/security/fwknop/default.nix index 5625ab47058d..6c4ce6507657 100644 --- a/nixpkgs/pkgs/tools/security/fwknop/default.nix +++ b/nixpkgs/pkgs/tools/security/fwknop/default.nix @@ -25,6 +25,14 @@ stdenv.mkDerivation rec { url = "https://github.com/mrash/fwknop/commit/a8214fd58bc46d23b64b3a55db023c7f5a5ea6af.patch"; sha256 = "0cp1350q66n455hpd3rdydb9anx66bcirza5gyyyy5232zgg58bi"; }) + + # Pull patch pending upstream inclusion for `autoconf-2.72` support: + # https://github.com/mrash/fwknop/pull/357 + (fetchpatch { + name = "autoconf-2.72.patch"; + url = "https://github.com/mrash/fwknop/commit/bee7958532338499e35c19e75937891c8113f7de.patch"; + hash = "sha256-lrro5dSDR0Zz9aO3bV5vFFADNJjoDR9z6P5lFYWyLW8="; + }) ]; nativeBuildInputs = [ autoreconfHook ]; diff --git a/nixpkgs/pkgs/tools/security/ghidra/build.nix b/nixpkgs/pkgs/tools/security/ghidra/build.nix index 50fd64656f4a..da164c94b0b5 100644 --- a/nixpkgs/pkgs/tools/security/ghidra/build.nix +++ b/nixpkgs/pkgs/tools/security/ghidra/build.nix @@ -16,13 +16,13 @@ let pkg_path = "$out/lib/ghidra"; pname = "ghidra"; - version = "10.4"; + version = "11.0"; src = fetchFromGitHub { owner = "NationalSecurityAgency"; repo = "Ghidra"; rev = "Ghidra_${version}_build"; - hash = "sha256-g0JM6pm1vkCh9yBB5mfrOiNrImqoyWdQcEe2g+AO6LQ="; + hash = "sha256-LVtDqgceZUrMriNy6+yK/ruBrTI8yx6hzTaPa1BTGlc="; }; gradle = gradle_7; @@ -92,7 +92,7 @@ HERE ''; outputHashAlgo = "sha256"; outputHashMode = "recursive"; - outputHash = "sha256-HveS3f8XHpJqefc4djYmnYfd01H2OBFK5PLNOsHAqlc="; + outputHash = "sha256-KT+XXowCNaNfOiPzYLwbPMaF84omKFobHkkNqZ6oyUA="; }; in stdenv.mkDerivation { @@ -124,6 +124,8 @@ in stdenv.mkDerivation { sed -i "s#mavenLocal()#mavenLocal(); maven { url '${deps}/maven' }#g" build.gradle + rm -v Ghidra/Debug/Debugger-rmi-trace/build.gradle.orig + gradle --offline --no-daemon --info -Dorg.gradle.java.home=${openjdk17} buildGhidra ''; diff --git a/nixpkgs/pkgs/tools/security/gnupg/22.nix b/nixpkgs/pkgs/tools/security/gnupg/22.nix index 78f4af894a30..59e7bcc13d66 100644 --- a/nixpkgs/pkgs/tools/security/gnupg/22.nix +++ b/nixpkgs/pkgs/tools/security/gnupg/22.nix @@ -5,6 +5,7 @@ , enableMinimal ? false , withPcsc ? !enableMinimal, pcsclite , guiSupport ? stdenv.isDarwin, pinentry +, nixosTests }: assert guiSupport -> enableMinimal == false; @@ -80,7 +81,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - passthru.tests = lib.nixosTests.gnupg; + passthru.tests = nixosTests.gnupg; meta = with lib; { homepage = "https://gnupg.org"; diff --git a/nixpkgs/pkgs/tools/security/goverview/default.nix b/nixpkgs/pkgs/tools/security/goverview/default.nix index 77f46526d95d..02038bf27b99 100644 --- a/nixpkgs/pkgs/tools/security/goverview/default.nix +++ b/nixpkgs/pkgs/tools/security/goverview/default.nix @@ -1,6 +1,7 @@ { lib , buildGoModule , fetchFromGitHub +, installShellFiles }: buildGoModule rec { @@ -20,6 +21,15 @@ buildGoModule rec { "-w" "-s" ]; + nativeBuildInputs = [ + installShellFiles + ]; + postInstall = '' + installShellCompletion --cmd goverview \ + --bash <($out/bin/goverview completion bash) \ + --fish <($out/bin/goverview completion fish) \ + --zsh <($out/bin/goverview completion zsh) + ''; # Tests require network access doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index db955a1a2086..e3f43157f614 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "grype"; - version = "0.73.4"; + version = "0.73.5"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-cYhgLMKj8fo49zr+NC7SARiyybCnqXf+DgB+6IkwkAw="; + hash = "sha256-a5Kna1axfA3uBHoTdT/B/6PA/Tr+w0bK6GeKcGIPRsQ="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,7 +28,7 @@ buildGoModule rec { proxyVendor = true; - vendorHash = "sha256-Zx8gJZVkobKjrGysrqYd6Hv2bGqEgOQ+EGSKDvOM33M="; + vendorHash = "sha256-eO0/kE0XPqsnoCBKxcwJjHoBhQlXlxVPcg6w1fHfWGs="; nativeBuildInputs = [ installShellFiles diff --git a/nixpkgs/pkgs/tools/security/jwx/default.nix b/nixpkgs/pkgs/tools/security/jwx/default.nix index 7fa8abfeb5ff..85dc62743b6a 100644 --- a/nixpkgs/pkgs/tools/security/jwx/default.nix +++ b/nixpkgs/pkgs/tools/security/jwx/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "jwx"; - version = "2.0.16"; + version = "2.0.18"; src = fetchFromGitHub { owner = "lestrrat-go"; repo = pname; rev = "v${version}"; - hash = "sha256-5IO9CoW9KBpgVxpnH1HEC5O4MJjCPERsmiV/cHcnmAc="; + hash = "sha256-HQJu22bMgL4UbJx0+JLgGDYnyT9lO2De04tZibAcVdM="; }; vendorHash = "sha256-o3EHPIXGLz/io0d8jhl9cxzctP3CeOjEDMQl1SY9lXg="; diff --git a/nixpkgs/pkgs/tools/security/keybase/default.nix b/nixpkgs/pkgs/tools/security/keybase/default.nix index 0d35206b82f6..d29f17679c85 100644 --- a/nixpkgs/pkgs/tools/security/keybase/default.nix +++ b/nixpkgs/pkgs/tools/security/keybase/default.nix @@ -5,7 +5,7 @@ buildGoModule rec { pname = "keybase"; - version = "6.2.3"; + version = "6.2.4"; modRoot = "go"; subPackages = [ "kbnm" "keybase" ]; @@ -16,7 +16,7 @@ buildGoModule rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - hash = "sha256-uZIoFivyFqC+AeFTJaEw2BbP7qoOVF8gtSIdUStxsHU="; + hash = "sha256-z7vpCUK+NU7xU9sNBlQnSy9sjXD7/m8jSRKfJAgyyN8="; }; vendorHash = "sha256-tXEEVEfjoKub2A4m7F3hDc5ABJ+R+axwX1+1j7e3BAM="; diff --git a/nixpkgs/pkgs/tools/security/kube-bench/default.nix b/nixpkgs/pkgs/tools/security/kube-bench/default.nix index e9094ce7103c..f4cb389eb16e 100644 --- a/nixpkgs/pkgs/tools/security/kube-bench/default.nix +++ b/nixpkgs/pkgs/tools/security/kube-bench/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kube-bench"; - version = "0.6.19"; + version = "0.7.0"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-owpmQ/APTUu1V8au2UE48SIIZnVI93tlv5bhkS/2kgQ="; + hash = "sha256-yJJEWxz8EWdLi2rhw42QVdG9AcGO0OWnihg153hALNE="; }; - vendorHash = "sha256-dBN6Yi8HtS9LzXr08jhw1hqDwS8a4UqrYaRpM+RzvVM="; + vendorHash = "sha256-zKw6d3UWs2kb+DCXmLZ09Lw3m8wMhm9QJYkeXJYcFA8="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/kubeclarity/default.nix b/nixpkgs/pkgs/tools/security/kubeclarity/default.nix index 4ad4044adbaa..709ba817c585 100644 --- a/nixpkgs/pkgs/tools/security/kubeclarity/default.nix +++ b/nixpkgs/pkgs/tools/security/kubeclarity/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "kubeclarity"; - version = "2.22.0"; + version = "2.23.0"; src = fetchFromGitHub { owner = "openclarity"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-VpTLf4Z2l9Ix92GzcyJvj4j2j+aff8nc2qW9+2uaPBs="; + hash = "sha256-GtShdcBSa7QAwjPUPMXDrFBgNqvJEf8XQw3HbqWEieo="; }; - vendorHash = "sha256-kYdKCHqzDbfCGMlTMPSHAQkSLyhkCl/OvV7CF5jdyaY="; + vendorHash = "sha256-rYUbXkf0wOPehXvAzcww0WVycATWdK72LOqbQolqoWc="; nativeBuildInputs = [ pkg-config diff --git a/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix b/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix index 8abcb66f7ade..25a1d869dd34 100644 --- a/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix +++ b/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kubernetes-polaris"; - version = "8.5.2"; + version = "8.5.3"; src = fetchFromGitHub { owner = "FairwindsOps"; repo = "polaris"; rev = version; - sha256 = "sha256-k4t/qCRLUMoFmALt++1sA127D4tacYoDb/fWfoudOc8="; + sha256 = "sha256-dDB1afMtuK4SySa5HX6LhOnPUXlKSzpJDJ+/1SCcB/0="; }; vendorHash = "sha256-ZWetW+Xar4BXXlR0iG+O/NRqYk41x+PPVCGis2W2Nkk="; diff --git a/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix b/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix index 65e874d06691..59daa142856b 100644 --- a/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix +++ b/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix @@ -5,17 +5,22 @@ buildGoModule rec { pname = "ldapnomnom"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitHub { owner = "lkarlslund"; - repo = pname; + repo = "ldapnomnom"; rev = "refs/tags/v${version}"; - hash = "sha256-o29vcPKRX8TWRCpa20DVsh/4K7d3IbaLS3B+jJGBEmo="; + hash = "sha256-3s2mLNqnJ+wZ17gy8Yr2Ze0S62A1bmE91E2ciLNO14E="; }; vendorHash = "sha256-3ucnLD+qhBSWY2wLtBcsOcuEf1woqHP17qQg7LlERA8="; + ldflags = [ + "-w" + "-s" + ]; + meta = with lib; { description = "Tool to anonymously bruteforce usernames from Domain controllers"; homepage = "https://github.com/lkarlslund/ldapnomnom"; diff --git a/nixpkgs/pkgs/tools/security/ldeep/default.nix b/nixpkgs/pkgs/tools/security/ldeep/default.nix index 8a3b38de9276..623acf50f3b8 100644 --- a/nixpkgs/pkgs/tools/security/ldeep/default.nix +++ b/nixpkgs/pkgs/tools/security/ldeep/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ldeep"; - version = "1.0.49"; + version = "1.0.51"; format = "setuptools"; src = fetchFromGitHub { owner = "franc-pentest"; repo = "ldeep"; rev = "refs/tags/${version}"; - hash = "sha256-R94N9ZvgumxhSf3QBSwh0wHUKuLAuyTDTzcof6JRSkE="; + hash = "sha256-UbZotbq97ehVj8dF0vXM2Z61IG1H+21xk14DXKmWirA="; }; nativeBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/mbox/default.nix b/nixpkgs/pkgs/tools/security/mbox/default.nix deleted file mode 100644 index a39d226aac57..000000000000 --- a/nixpkgs/pkgs/tools/security/mbox/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, openssl, which }: - -stdenv.mkDerivation { - pname = "mbox"; - version = "unstable-2014-05-26"; - - src = fetchFromGitHub { - owner = "tsgates"; - repo = "mbox"; - rev = "a131424b6cb577e1c916bd0e8ffb2084a5f73048"; - sha256 = "06qggqxnzcxnc34m6sbafxwr2p64x65m9zm5wp7pwyarcckhh2hd"; - }; - - buildInputs = [ openssl which ]; - - preConfigure = '' - cd src - cp {.,}configsbox.h - ''; - - doCheck = true; - checkPhase = '' - rm tests/test-*vim.sh tests/test-pip.sh - - patchShebangs ./; dontPatchShebags=1 - sed -i 's|^/bin/||' tests/test-fileops.sh - - ./testall.sh - ''; - - meta = with lib; { - description = "Lightweight sandboxing mechanism that any user can use without special privileges"; - homepage = "http://pdos.csail.mit.edu/mbox/"; - maintainers = with maintainers; [ ehmry ]; - license = licenses.bsd3; - platforms = [ "x86_64-linux" ]; - broken = true; - }; -} diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index 3f64895d3673..3d10bb0bb51c 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.47" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.3.48" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index 57f922329c23..899a80b10966 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: e9a1adf7e1a5edb3f76bd537fe6fa5c75435aec9 - ref: refs/tags/6.3.47 + revision: 261eca342915db81d67cdfe7f2ef7b3788fd508f + ref: refs/tags/6.3.48 specs: - metasploit-framework (6.3.47) + metasploit-framework (6.3.48) actionpack (~> 7.0.0) activerecord (~> 7.0.0) activesupport (~> 7.0.0) @@ -134,13 +134,13 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.3.0) - aws-partitions (1.864.0) - aws-sdk-core (3.190.0) + aws-partitions (1.872.0) + aws-sdk-core (3.190.1) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) jmespath (~> 1, >= 1.6.1) - aws-sdk-ec2 (1.430.0) + aws-sdk-ec2 (1.431.0) aws-sdk-core (~> 3, >= 3.188.0) aws-sigv4 (~> 1.1) aws-sdk-ec2instanceconnect (1.36.0) @@ -149,7 +149,7 @@ GEM aws-sdk-iam (1.92.0) aws-sdk-core (~> 3, >= 3.188.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.74.0) + aws-sdk-kms (1.75.0) aws-sdk-core (~> 3, >= 3.188.0) aws-sigv4 (~> 1.1) aws-sdk-s3 (1.141.0) @@ -191,7 +191,7 @@ GEM eventmachine (1.2.7) faker (3.2.2) i18n (>= 1.8.11, < 2) - faraday (2.7.12) + faraday (2.8.1) base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) @@ -219,7 +219,7 @@ GEM httpclient (2.8.3) i18n (1.14.1) concurrent-ruby (~> 1.0) - io-console (0.6.0) + io-console (0.7.1) irb (1.7.4) reline (>= 0.3.6) jmespath (1.6.2) @@ -274,7 +274,7 @@ GEM mustermann (3.0.0) ruby2_keywords (~> 0.0.1) nessus_rest (0.1.6) - net-imap (0.4.7) + net-imap (0.4.8) date net-protocol net-ldap (0.18.0) @@ -282,7 +282,7 @@ GEM timeout net-smtp (0.4.0) net-protocol - net-ssh (7.2.0) + net-ssh (7.2.1) network_interface (0.0.4) nexpose (7.3.0) nio4r (2.7.0) @@ -334,7 +334,7 @@ GEM rasn1 (0.12.1) strptime (~> 0.2.5) rb-readline (0.5.5) - recog (3.1.2) + recog (3.1.4) nokogiri redcarpet (3.6.0) reline (0.4.1) @@ -393,7 +393,7 @@ GEM ruby-mysql (4.1.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) - ruby_smb (3.3.0) + ruby_smb (3.3.1) bindata openssl-ccm openssl-cmac @@ -463,4 +463,4 @@ DEPENDENCIES metasploit-framework! BUNDLED WITH - 2.4.22 + 2.4.13 diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index 6c30b6a05f8a..935374a09ad4 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.3.47"; + version = "6.3.48"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = "refs/tags/${version}"; - hash = "sha256-I1BpYCS2wLrvAKwqKn0QDOf0SvdsmT58OtiBDXwJkh8="; + hash = "sha256-AY0k44/gYXP4h3SoRVF9aK2L2skZ03Azd5V9hSRDoHQ="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index f185105372f4..a439c6380641 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -104,30 +104,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16n1d0bh3zy925y4f8flrnkfir2smsj0j31zslfaz6vf6cvi9qjs"; + sha256 = "1ddbcz8p3abbw8d8pn796z1ry1mbapl6ayhh37ziwal6bd047kvm"; type = "gem"; }; - version = "1.864.0"; + version = "1.872.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19nglxz49nlzgsvnivb3bdm17vxjn1ng2br8659xv48nzjrmyid3"; + sha256 = "1ansagfl5irx1y6b9xf4xpi9j6q6k5pbd2aw80hn0p4m3ycafamh"; type = "gem"; }; - version = "3.190.0"; + version = "3.190.1"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1zyazx97nskgl9xzspg2q1rji02p2jv789v8qd1qz6hknz0z6r5f"; + sha256 = "04lg4g6aivkf6zvvcc1clw0dqdlpkn3c87kiz5mfc7m2jr0m0ljx"; type = "gem"; }; - version = "1.430.0"; + version = "1.431.0"; }; aws-sdk-ec2instanceconnect = { groups = ["default"]; @@ -154,10 +154,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1isrj19kzy9sb7a76a1c2n5x0d9lg1h2n7fp7cn13xjis0hpnlxj"; + sha256 = "1qzxqfgrhnl5rdc39a1gl2pgrdxgnsj12zycpxnsx8lg6arfmnr1"; type = "gem"; }; - version = "1.74.0"; + version = "1.75.0"; }; aws-sdk-s3 = { groups = ["default"]; @@ -404,10 +404,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "19w1lzipnxs6vy3y0pw1mf956f768ppzgfrnlpwgrpnjjv9xqf7d"; + sha256 = "19p45ryrvxff6ggdj4fq76dk7wlkfgrh474c3kwzdsjx3xpdq8x8"; type = "gem"; }; - version = "2.7.12"; + version = "2.8.1"; }; faraday-net_http = { groups = ["default"]; @@ -554,10 +554,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dikardh14c72gd9ypwh8dim41wvqmzfzf35mincaj5yals9m7ff"; + sha256 = "1fmwbcapyhla84xhwj3gfws6rb4lw3928ybz6g3lr372dgxakzx5"; type = "gem"; }; - version = "0.6.0"; + version = "0.7.1"; }; irb = { groups = ["default"]; @@ -664,12 +664,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "e9a1adf7e1a5edb3f76bd537fe6fa5c75435aec9"; - sha256 = "07wj15y0v0fq79y3x6bcyx5g9rqc21yjlamc03pvmh5n4ih6jl13"; + rev = "261eca342915db81d67cdfe7f2ef7b3788fd508f"; + sha256 = "0x508cj8azcmfwrp1lqrr7d8pbb8gm8lba3lhzw76qg0izij9381"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.3.47"; + version = "6.3.48"; }; metasploit-model = { groups = ["default"]; @@ -796,10 +796,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0541lfqaz46h8s3fks11vsd1iqzmgjjw3c0jp9agg92zblwj0axs"; + sha256 = "1wnmxcrpv7zaf8wli5nvfnz5ybmw7f3r06s05p3d96idc61193mv"; type = "gem"; }; - version = "0.4.7"; + version = "0.4.8"; }; net-ldap = { groups = ["default"]; @@ -836,10 +836,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1jyj6j7w9zpj2zhp4dyhdjiwsn9rqwksj7s7fzpnn7rx2xvz2a1a"; + sha256 = "1i01340c4i144vvn3x54lc2rb77ch829qipl1rh6rqwm3yxzml9w"; type = "gem"; }; - version = "7.2.0"; + version = "7.2.1"; }; network_interface = { groups = ["default"]; @@ -1107,10 +1107,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15633qvzbgsigx55dxb9b07xh0spwr9njd5y2f454kc5zrrapp1a"; + sha256 = "1a9m9ngmcgvgzg8m8ahdhjvfm65k6hp8r7dqmrsh3zcphim4x71k"; type = "gem"; }; - version = "3.1.2"; + version = "3.1.4"; }; redcarpet = { groups = ["default"]; @@ -1377,10 +1377,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xfjl89a46xg1w98ywa2byf23jmhh3xyj4r501hgc7vma1i5gw3v"; + sha256 = "04m366ldi33h79k7f35dvyhq0jyh762v8360zf8ss5jbax3bzlkk"; type = "gem"; }; - version = "3.3.0"; + version = "3.3.1"; }; rubyntlm = { groups = ["default"]; diff --git a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix index 9af9b3071041..b78cb2e075d2 100644 --- a/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix +++ b/nixpkgs/pkgs/tools/security/nmap-formatter/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nmap-formatter"; - version = "2.1.4"; + version = "2.1.6"; src = fetchFromGitHub { owner = "vdjagilev"; repo = pname; rev = "v${version}"; - hash = "sha256-M0IV7pgJyCxwfWRnJeMevFFsvaXTRfjXoGRsMngt7Pk="; + hash = "sha256-40ix4D/f63Q5cqVmBvpSmbK2KNXiYLdv/xXBNPJXfac="; }; - vendorHash = "sha256-Wx07tSHr5LKPdO3BQ3tGMxzxYP9jBnH3JQ8/yrvwX1U="; + vendorHash = "sha256-OUhvQwC7EJF7CIM7NHCs0TqRTZHTiDupkfYREPaxpXo="; meta = with lib; { description = "Tool that allows you to convert nmap output"; diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index cad235dafb25..c0c0fdef6fb9 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "3.1.1"; + version = "3.1.3"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-/oTZIjLWLOUSzv36qa57Q1YpIJEz0fIaLsYkuuQ2Y6o="; + hash = "sha256-XTKJq7bq6iNzZ4LnxQxqzbNDdNh0ixFclB3kniNvg2I="; }; - vendorHash = "sha256-e7iaR1u1EubWrq9Ktkz4b3GJGDdvnLfguym+r2qAYS0="; + vendorHash = "sha256-C/CDMj+R7p0wkjHSQX6GMRDU1PEDHi8574JS/A2zrzk="; subPackages = [ "cmd/nuclei/" diff --git a/nixpkgs/pkgs/tools/security/oauth2c/default.nix b/nixpkgs/pkgs/tools/security/oauth2c/default.nix index b36eebea7b5f..15d8f4529907 100644 --- a/nixpkgs/pkgs/tools/security/oauth2c/default.nix +++ b/nixpkgs/pkgs/tools/security/oauth2c/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "oauth2c"; - version = "1.12.2"; + version = "1.12.3"; src = fetchFromGitHub { owner = "cloudentity"; repo = pname; rev = "v${version}"; - hash = "sha256-iFYKAdoeCvyhAeZ5K3CHSsHG0Uq+Ok0C8ACe9RztDmY="; + hash = "sha256-4ZCb8BXrKGXJ8d06fxAuFkGRxcK7PwuPFuCBc9EIXZY="; }; vendorHash = "sha256-olDtsLoslxOsbAq60RnLp9MGZOt17/BPo9E9SgWOqoQ="; diff --git a/nixpkgs/pkgs/tools/security/osv-scanner/default.nix b/nixpkgs/pkgs/tools/security/osv-scanner/default.nix index c250ed1021db..5d48ceb67e9e 100644 --- a/nixpkgs/pkgs/tools/security/osv-scanner/default.nix +++ b/nixpkgs/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.4.3"; + version = "1.5.0"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-PLLpWr1cc+JY2N1PwlKmHw5J3F7txM4uXcu/vjGhp8o="; + hash = "sha256-wWycONThNIqiSbpsopsc9AbAxOToWkTiNzkJ2I8Z0t4="; }; - vendorHash = "sha256-fQQW52xog1L31wSIlnyHPyO1nEpjqrn+PtO2B9CWZH0="; + vendorHash = "sha256-CiRvryjBp3nUrPRxNqM88p4856yT+BuIsjvYuE+DmqI="; subPackages = [ "cmd/osv-scanner" diff --git a/nixpkgs/pkgs/tools/security/otpauth/default.nix b/nixpkgs/pkgs/tools/security/otpauth/default.nix index 032372d87e92..e4ffadef63e0 100644 --- a/nixpkgs/pkgs/tools/security/otpauth/default.nix +++ b/nixpkgs/pkgs/tools/security/otpauth/default.nix @@ -5,17 +5,16 @@ buildGoModule rec { pname = "otpauth"; - version = "0.5.1"; + version = "0.5.2"; src = fetchFromGitHub { owner = "dim13"; repo = "otpauth"; rev = "v${version}"; - sha256 = "sha256-jeKxCuE3cA/oTEKwdrCGPchsrtaMyirTzv8oLl9gxtA="; + sha256 = "sha256-1+A1oXY5sKMr9dVa/4vB+ZkfZSDdhag5y5LfM7OJmKo="; }; - vendorHash = "sha256-jnIq7Zc2MauJReJ9a8TeqXXsvHixsBB+znmXAxcpqUQ="; - doCheck = true; + vendorHash = "sha256-ZRCwZGlWzlWh+E3KUH83639Tfck7bwE36wXVnG7EQIE="; meta = with lib; { description = "Google Authenticator migration decoder"; diff --git a/nixpkgs/pkgs/tools/security/pass/wofi-pass.nix b/nixpkgs/pkgs/tools/security/pass/wofi-pass.nix index f205d8881e51..b6edce34d20c 100644 --- a/nixpkgs/pkgs/tools/security/pass/wofi-pass.nix +++ b/nixpkgs/pkgs/tools/security/pass/wofi-pass.nix @@ -29,13 +29,13 @@ let in stdenv.mkDerivation rec { pname = "wofi-pass"; - version = "23.1.2"; + version = "23.1.4"; src = fetchFromGitHub { owner = "schmidtandreas"; repo = "wofi-pass"; rev = "v${version}"; - sha256 = "sha256-Z1a+nfnL6NXhufpCU7VIkwuifoS88Pf9qI8GCuP/Zqc="; + sha256 = "sha256-Ycu1NFHoglJdOzGuJ7yfmDo1+f+FMPkpQXJuz6nvtig="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/passage/default.nix b/nixpkgs/pkgs/tools/security/passage/default.nix index ba7717771c00..1d6bdfa225aa 100644 --- a/nixpkgs/pkgs/tools/security/passage/default.nix +++ b/nixpkgs/pkgs/tools/security/passage/default.nix @@ -5,6 +5,12 @@ , substituteAll , age , getopt +, coreutils +, findutils +, gnugrep +, gnused +, qrencode ? null +, wl-clipboard ? null , git ? null , xclip ? null # Used to pretty-print list of all stored passwords, but is not needed to fetch @@ -32,7 +38,18 @@ stdenv.mkDerivation { nativeBuildInputs = [ makeBinaryWrapper ]; - extraPath = lib.makeBinPath [ age git xclip tree ]; + extraPath = lib.makeBinPath [ + age + coreutils + findutils + git + gnugrep + gnused + qrencode + tree + wl-clipboard + xclip + ]; # Using $0 is bad, it causes --help to mention ".passage-wrapped". postInstall = '' @@ -46,7 +63,7 @@ stdenv.mkDerivation { description = "Stores, retrieves, generates, and synchronizes passwords securely"; homepage = "https://github.com/FiloSottile/passage"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ kaction ]; + maintainers = with maintainers; [ kaction ma27 ]; platforms = platforms.unix; mainProgram = "passage"; diff --git a/nixpkgs/pkgs/tools/security/passff-host/default.nix b/nixpkgs/pkgs/tools/security/passff-host/default.nix index 4eb615b79032..bc882cb419f6 100644 --- a/nixpkgs/pkgs/tools/security/passff-host/default.nix +++ b/nixpkgs/pkgs/tools/security/passff-host/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "passff-host"; - version = "1.2.3"; + version = "1.2.4"; src = fetchFromGitHub { owner = "passff"; repo = pname; rev = version; - sha256 = "sha256-1JPToJF/ruu69TEZAAvV3Zl0qcTpEyMb2qQDAWWgKNw="; + sha256 = "sha256-P5h0B5ilwp3OVyDHIOQ23Zv4eLjN4jFkdZF293FQnNE="; }; buildInputs = [ python3 ]; diff --git a/nixpkgs/pkgs/tools/security/pcsc-tools/default.nix b/nixpkgs/pkgs/tools/security/pcsc-tools/default.nix new file mode 100644 index 000000000000..c479caa0a613 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pcsc-tools/default.nix @@ -0,0 +1,96 @@ +{ stdenv +, lib +, fetchFromGitHub +, autoconf-archive +, autoreconfHook +, gobject-introspection +, makeWrapper +, pkg-config +, wrapGAppsHook +, systemd +, dbus +, pcsclite +, PCSC +, wget +, coreutils +, perlPackages +, testers +, nix-update-script +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "pcsc-tools"; + version = "1.7.1"; + + src = fetchFromGitHub { + owner = "LudovicRousseau"; + repo = "pcsc-tools"; + rev = "refs/tags/${finalAttrs.version}"; + hash = "sha256-+cvgSNlSYSJ2Zr2iWk96AacyQ38ru9/RK8yeK3ceqCo="; + }; + + configureFlags = [ + "--datarootdir=${placeholder "out"}/share" + ]; + + buildInputs = [ dbus perlPackages.perl pcsclite ] + ++ lib.optional stdenv.isDarwin PCSC + ++ lib.optional stdenv.isLinux systemd; + + nativeBuildInputs = [ + autoconf-archive + autoreconfHook + gobject-introspection + makeWrapper + pkg-config + wrapGAppsHook + ]; + + preFixup = '' + makeWrapperArgs+=("''${gappsWrapperArgs[@]}") + ''; + + postInstall = '' + wrapProgram $out/bin/scriptor \ + --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC libintl-perl ]}" + + wrapProgram $out/bin/gscriptor \ + ''${makeWrapperArgs[@]} \ + --set PERL5LIB "${with perlPackages; makePerlPath [ + ChipcardPCSC + libintl-perl + GlibObjectIntrospection + Glib + Gtk3 + Pango + Cairo + CairoGObject + ]}" + + wrapProgram $out/bin/ATR_analysis \ + --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC libintl-perl ]}" + + wrapProgram $out/bin/pcsc_scan \ + --prefix PATH : "$out/bin:${lib.makeBinPath [ coreutils wget ]}" + + install -Dm444 -t $out/share/pcsc smartcard_list.txt + ''; + + passthru = { + tests.version = testers.testVersion { + package = finalAttrs.finalPackage; + command = "pcsc_scan -V"; + }; + updateScript = nix-update-script { }; + }; + + meta = with lib; { + description = "Tools used to test a PC/SC driver, card or reader"; + homepage = "https://pcsc-tools.apdu.fr/"; + changelog = "https://github.com/LudovicRousseau/pcsc-tools/releases/tag/${finalAttrs.version}"; + license = licenses.gpl2Plus; + mainProgram = "pcsc_scan"; + maintainers = with maintainers; [ peterhoeg anthonyroussel ]; + platforms = platforms.unix; + }; +}) diff --git a/nixpkgs/pkgs/tools/security/pcsctools/default.nix b/nixpkgs/pkgs/tools/security/pcsctools/default.nix deleted file mode 100644 index 7aadeb5c02b8..000000000000 --- a/nixpkgs/pkgs/tools/security/pcsctools/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ stdenv -, lib -, fetchFromGitHub -, autoreconfHook -, makeWrapper -, pkg-config -, systemd -, dbus -, pcsclite -, wget -, coreutils -, perlPackages -}: - -stdenv.mkDerivation rec { - pname = "pcsc-tools"; - version = "1.6.2"; - - src = fetchFromGitHub { - owner = "LudovicRousseau"; - repo = pname; - rev = version; - sha256 = "sha256-c7md8m1llvz0EQqA0qY4aGb3guGFoj+8uS4hUTzie5o="; - }; - - postPatch = '' - substituteInPlace ATR_analysis \ - --replace /usr/local/pcsc /etc/pcsc \ - --replace /usr/share/pcsc $out/share/pcsc - ''; - - buildInputs = [ dbus perlPackages.perl pcsclite ] - ++ lib.optional stdenv.isLinux systemd; - - nativeBuildInputs = [ autoreconfHook makeWrapper pkg-config ]; - - postInstall = '' - wrapProgram $out/bin/scriptor \ - --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC ]}" - wrapProgram $out/bin/gscriptor \ - --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC GlibObjectIntrospection Glib Gtk3 Pango Cairo CairoGObject ]}" - wrapProgram $out/bin/ATR_analysis \ - --set PERL5LIB "${with perlPackages; makePerlPath [ ChipcardPCSC ]}" - wrapProgram $out/bin/pcsc_scan \ - --prefix PATH : "$out/bin:${lib.makeBinPath [ coreutils wget ]}" - - install -Dm444 -t $out/share/pcsc smartcard_list.txt - ''; - - meta = with lib; { - description = "Tools used to test a PC/SC driver, card or reader"; - homepage = "https://pcsc-tools.apdu.fr/"; - license = licenses.gpl2Plus; - maintainers = with maintainers; [ peterhoeg ]; - platforms = platforms.linux; - }; -} diff --git a/nixpkgs/pkgs/tools/security/pinentry/default.nix b/nixpkgs/pkgs/tools/security/pinentry/default.nix index baa78521f345..dca48f4e2108 100644 --- a/nixpkgs/pkgs/tools/security/pinentry/default.nix +++ b/nixpkgs/pkgs/tools/security/pinentry/default.nix @@ -2,7 +2,7 @@ , libgpg-error, libassuan, qtbase, wrapQtAppsHook , ncurses, gtk2, gcr , withLibsecret ? true, libsecret -, enabledFlavors ? [ "curses" "tty" "gtk2" "emacs" ] +, enabledFlavors ? [ "curses" "tty" "emacs" ] ++ lib.optionals stdenv.isLinux [ "gnome3" ] ++ lib.optionals (!stdenv.isDarwin) [ "qt" ] }: diff --git a/nixpkgs/pkgs/tools/security/proxmark3/default.nix b/nixpkgs/pkgs/tools/security/proxmark3/default.nix index 3f6d1754aa23..de586e7e9004 100644 --- a/nixpkgs/pkgs/tools/security/proxmark3/default.nix +++ b/nixpkgs/pkgs/tools/security/proxmark3/default.nix @@ -25,13 +25,13 @@ assert withBlueshark -> stdenv.hostPlatform.isLinux; stdenv.mkDerivation rec { pname = "proxmark3"; - version = "4.17511"; + version = "4.17768"; src = fetchFromGitHub { owner = "RfidResearchGroup"; repo = "proxmark3"; rev = "v${version}"; - hash = "sha256-L842Hvdy3M+k67IPiWMcxxpuD0ggCF7j6TDs8YdISZ4="; + hash = "sha256-4x8GN4Jsk9xqk4MbGu8SpE4Zh0Opb3akCH5NlASzLQo="; }; patches = [ diff --git a/nixpkgs/pkgs/tools/security/rbw/default.nix b/nixpkgs/pkgs/tools/security/rbw/default.nix index 25c8af82c950..22efd33c6abe 100644 --- a/nixpkgs/pkgs/tools/security/rbw/default.nix +++ b/nixpkgs/pkgs/tools/security/rbw/default.nix @@ -6,6 +6,7 @@ , pkg-config , installShellFiles , darwin +, bash # rbw-fzf , withFzf ? false @@ -24,22 +25,23 @@ rustPlatform.buildRustPackage rec { pname = "rbw"; - version = "1.8.3"; + version = "1.9.0"; src = fetchzip { url = "https://git.tozt.net/rbw/snapshot/rbw-${version}.tar.gz"; - sha256 = "sha256-dC/x+ihH1POIFN/8pbk967wATXKU4YVBGI0QCo8d+SY="; + sha256 = "sha256-NjMH99rmJYbCxDdc7e0iOFoslSrIuwIBxuHxADp0Ks4="; }; - cargoHash = "sha256-nI1Pf7gREbAk+JVF3Gn2j8OqprexCQ5fVvECtq2aBPM="; + cargoHash = "sha256-AH35v61FgUQe9BwDgVnXwoVTSQduxeMbXWy4ga3WU3k="; nativeBuildInputs = [ installShellFiles ] ++ lib.optionals stdenv.isLinux [ pkg-config ]; - buildInputs = lib.optionals stdenv.isDarwin [ - darwin.apple_sdk.frameworks.Security - darwin.apple_sdk.frameworks.AppKit + buildInputs = [ bash ] # for git-credential-rbw + ++ lib.optionals stdenv.isDarwin [ + darwin.apple_sdk_11_0.frameworks.Security + darwin.apple_sdk_11_0.frameworks.AppKit ]; preConfigure = lib.optionalString stdenv.isLinux '' diff --git a/nixpkgs/pkgs/tools/security/rekor/default.nix b/nixpkgs/pkgs/tools/security/rekor/default.nix index d8a48cf65abc..afc07a63d603 100644 --- a/nixpkgs/pkgs/tools/security/rekor/default.nix +++ b/nixpkgs/pkgs/tools/security/rekor/default.nix @@ -4,13 +4,13 @@ let generic = { pname, packageToBuild, description }: buildGoModule rec { inherit pname; - version = "1.3.3"; + version = "1.3.4"; src = fetchFromGitHub { owner = "sigstore"; repo = "rekor"; rev = "v${version}"; - hash = "sha256-CFavEtv6wL6jiUayjyU27OkdToXIM4EP7v5ONFdAJ5w="; + hash = "sha256-vU/qxCMCC2XWH79Z7cGhMlqMeQOMghTPDfROWdusKX4="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -23,7 +23,7 @@ let ''; }; - vendorHash = "sha256-BLK8IJWL2sZ5bdnJU48/XhplSGUOL8gE7pY8rL+rVFk="; + vendorHash = "sha256-qhBbzYYayRktBQi9HtzuxBIlSdNIOD/agCFFNEvlcBc="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/sbctl/default.nix b/nixpkgs/pkgs/tools/security/sbctl/default.nix index 0778406b40cb..a5fe6cf6548c 100644 --- a/nixpkgs/pkgs/tools/security/sbctl/default.nix +++ b/nixpkgs/pkgs/tools/security/sbctl/default.nix @@ -8,13 +8,13 @@ buildGoModule rec { pname = "sbctl"; - version = "0.12"; + version = "0.13"; src = fetchFromGitHub { owner = "Foxboron"; repo = pname; rev = version; - hash = "sha256-1dA+a8GS4teaLmclatJNKt+OjhabLO4j/+p4Q95yG/s="; + hash = "sha256-vxPYWoBU4k2fKWXGaMzIkUdj+EmPWTtCvMwAVmsgKaE="; }; vendorHash = "sha256-kVXzHTONPCE1UeAnUiULjubJeZFD0DAxIk+w8/Dqs6c="; diff --git a/nixpkgs/pkgs/tools/security/sequoia-sq/default.nix b/nixpkgs/pkgs/tools/security/sequoia-sq/default.nix index d8bac3e70725..699a8ee63632 100644 --- a/nixpkgs/pkgs/tools/security/sequoia-sq/default.nix +++ b/nixpkgs/pkgs/tools/security/sequoia-sq/default.nix @@ -12,16 +12,16 @@ rustPlatform.buildRustPackage rec { pname = "sequoia-sq"; - version = "0.31.0"; + version = "0.32.0"; src = fetchFromGitLab { owner = "sequoia-pgp"; repo = "sequoia-sq"; rev = "v${version}"; - hash = "sha256-rrNN52tDM3CEGyNvsT3x4GmfWIpU8yoT2XsgOhPyLjo="; + hash = "sha256-2a6LIW5ohSi7fbMwk/wmNJ0AOz5JIXiXJI7EoVKv1Sk="; }; - cargoHash = "sha256-B+gtUzUB99At+kusupsN/v6sCbpXs36/EbpTL3gUxnc="; + cargoHash = "sha256-beA0viJVDjfANsPegkc/x2syVp8uGKTMnrPcM7jcvG4="; nativeBuildInputs = [ pkg-config @@ -32,7 +32,7 @@ rustPlatform.buildRustPackage rec { openssl sqlite nettle - ] ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ]; + ] ++ lib.optionals stdenv.isDarwin (with darwin.apple_sdk.frameworks; [ Security SystemConfiguration ]); # Sometimes, tests fail on CI (ofborg) & hydra without this checkFlags = [ diff --git a/nixpkgs/pkgs/tools/security/spire/default.nix b/nixpkgs/pkgs/tools/security/spire/default.nix index 4533ad33da68..abebc4e3e124 100644 --- a/nixpkgs/pkgs/tools/security/spire/default.nix +++ b/nixpkgs/pkgs/tools/security/spire/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "spire"; - version = "1.8.3"; + version = "1.8.7"; outputs = [ "out" "agent" "server" ]; @@ -10,10 +10,10 @@ buildGoModule rec { owner = "spiffe"; repo = pname; rev = "v${version}"; - sha256 = "sha256-xfSOmUfBoIQSI9u2YD3CxBIOiT7QxMi3fJZUVeZo39o="; + sha256 = "sha256-D6NNG//1rM7EIzawKdMA/8nloqMNAkF75YyFpHvxUkI="; }; - vendorHash = "sha256-9j/EZntVW40QHYJi9NvAKX/4uGxLolk75GNennQ6ymY="; + vendorHash = "sha256-bSQitqXTY1LMnpGkXAmDiDsMd0xZHrcr/Ms1F6avBKM="; subPackages = [ "cmd/spire-agent" "cmd/spire-server" ]; diff --git a/nixpkgs/pkgs/tools/security/ssb/default.nix b/nixpkgs/pkgs/tools/security/ssb/default.nix deleted file mode 100644 index 725f72e6c7cf..000000000000 --- a/nixpkgs/pkgs/tools/security/ssb/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib -, buildGoModule -, fetchFromGitHub -}: - -buildGoModule rec { - pname = "ssb"; - version = "0.1.1"; - - src = fetchFromGitHub { - owner = "kitabisa"; - repo = pname; - rev = "v${version}"; - sha256 = "0dkd02l30461cwn5hsssnjyb9s8ww179wll3l7z5hy1hv3x6h9g1"; - }; - - vendorHash = null; - - meta = with lib; { - description = "Tool to bruteforce SSH server"; - homepage = "https://github.com/kitabisa/ssb"; - license = with licenses; [ asl20 ]; - maintainers = with maintainers; [ fab ]; - broken = true; # vendor isn't reproducible with go > 1.17: nix-build -A $name.goModules --check - }; -} diff --git a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix index 668f3c206f61..54ec4e8f4ee1 100644 --- a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -6,14 +6,14 @@ python3Packages.buildPythonApplication rec { pname = "ssh-audit"; - version = "3.0.0"; + version = "3.1.0"; format = "setuptools"; src = fetchFromGitHub { owner = "jtesta"; repo = pname; rev = "refs/tags/v${version}"; - sha256 = "sha256-+v+DLZPDC5uffTIJPzMvY/nLoy7BGiAsTddjNZZhTpo="; + sha256 = "sha256-pO6qpY1gqE40bb7q8J/35Dd0XckoFAaIBwWjFsxFO3c="; }; nativeCheckInputs = with python3Packages; [ diff --git a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix index 29d3c82ac209..c8735cffd5f2 100644 --- a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ssh-to-pgp"; - version = "1.1.0"; + version = "1.1.2"; src = fetchFromGitHub { owner = "Mic92"; repo = "ssh-to-pgp"; rev = version; - sha256 = "sha256-3R/3YPYLdirK3QtiRNO2tpJRO2DKgN+K4txb9xwnQvQ="; + sha256 = "sha256-SoHKBuI3ROfWTI45rFdMNkHVYHa5nX1A0/ljgGpF8NY="; }; - vendorHash = "sha256-RCz2+IZdgmPnEakKxn/C3zFfRyWnMLB51Nm8VGOxBkc="; + vendorHash = "sha256-sHvb6jRSMXIUv1D0dbTJWmETCaFr9BquNmcc8J06m/o="; nativeCheckInputs = [ gnupg ]; checkPhase = '' diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix index 7e149ad143bf..5c1463ec117b 100644 --- a/nixpkgs/pkgs/tools/security/step-ca/default.nix +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -12,20 +12,24 @@ buildGoModule rec { pname = "step-ca"; - version = "0.25.0"; + version = "0.25.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "refs/tags/v${version}"; - hash = "sha256-CO9Qjx4D6qNGjOdva88KRCJOQq85r5U5nwmXC1G94dY="; + hash = "sha256-cP3QypBNWGbr7R7lJLfaoBh6C37ubGuaxnxWlZ1Z000="; }; - vendorHash = "sha256-Weq8sS+8gsfdoVSBDm8E2DCrngfNsolqQR2/yd9etPo="; + vendorHash = "sha256-AXMMpzXEhdKSGeVg/KK2NEgalxIXP6DUTcoxOQVqow4="; - ldflags = [ "-buildid=" ]; + ldflags = [ + "-buildid=" + ]; - nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; + nativeBuildInputs = lib.optionals hsmSupport [ + pkg-config + ]; buildInputs = lib.optionals (hsmSupport && stdenv.isLinux) [ pcsclite ] @@ -43,9 +47,14 @@ buildGoModule rec { install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service ''; + preCheck = '' + export HOME=$(mktemp -d) + ''; + # Tests start http servers which need to bind to local addresses: # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted __darwinAllowLocalNetworking = true; + # Tests need to run in a reproducible order, otherwise they run unreliably on # (at least) x86_64-linux. checkFlags = [ "-p 1" ]; diff --git a/nixpkgs/pkgs/tools/security/stoken/default.nix b/nixpkgs/pkgs/tools/security/stoken/default.nix index 526caf44d679..455310c202b8 100644 --- a/nixpkgs/pkgs/tools/security/stoken/default.nix +++ b/nixpkgs/pkgs/tools/security/stoken/default.nix @@ -5,7 +5,7 @@ , pkg-config , libxml2 , nettle -, withGTK3 ? true +, withGTK3 ? !stdenv.hostPlatform.isStatic , gtk3 }: diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix index 0ad8255a201a..0f1cc974b4b3 100644 --- a/nixpkgs/pkgs/tools/security/sudo/default.nix +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -14,11 +14,11 @@ stdenv.mkDerivation rec { pname = "sudo"; - version = "1.9.15p3"; + version = "1.9.15p4"; src = fetchurl { url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - hash = "sha256-eMh6HM7EL3oJUAL+KxR4pRBgNjWeNiuGdTSo4AVqBJQ="; + hash = "sha256-LiDsmGXu7qExbG9J7GrEZ4hptonU2QtEJDv0iH1t1TI="; }; prePatch = '' diff --git a/nixpkgs/pkgs/tools/security/terrascan/default.nix b/nixpkgs/pkgs/tools/security/terrascan/default.nix index c492ce43709e..91470205666b 100644 --- a/nixpkgs/pkgs/tools/security/terrascan/default.nix +++ b/nixpkgs/pkgs/tools/security/terrascan/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "terrascan"; - version = "1.18.7"; + version = "1.18.11"; src = fetchFromGitHub { owner = "accurics"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-i621Qi0wlDYMpK/srFAiwALJ0cwMGh5jNlCqj8fM96w="; + hash = "sha256-BICXMSkfGDXOqBH+4UlJmqkUSV+oZa1wg7c20EtJ3WI="; }; vendorHash = "sha256-9zD81p/UjH43B0aeqlItP9vrGMaT/zhVYv60ot153Gc="; diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix index 528003664697..9e3d2fcdc4a4 100644 --- a/nixpkgs/pkgs/tools/security/theharvester/default.nix +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -5,16 +5,20 @@ python3.pkgs.buildPythonApplication rec { pname = "theharvester"; - version = "4.4.4"; - format = "setuptools"; + version = "4.5.0"; + pyproject = true; src = fetchFromGitHub { owner = "laramies"; - repo = pname; + repo = "theharvester"; rev = "refs/tags/${version}"; - hash = "sha256-L0WbPZE2alregOvWc+0nuMvsD17ayCw3JtahGhf4B1o="; + hash = "sha256-tnCiI4bte2RSWSkEL2rwFz6WFjfRMMFiEBOvv3QMyos="; }; + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + propagatedBuildInputs = with python3.pkgs; [ aiodns aiofiles @@ -28,7 +32,7 @@ python3.pkgs.buildPythonApplication rec { fastapi lxml netaddr - orjson + ujson plotly pyppeteer python-dateutil diff --git a/nixpkgs/pkgs/tools/security/threatest/default.nix b/nixpkgs/pkgs/tools/security/threatest/default.nix index cfae26aaa034..faa5977986fc 100644 --- a/nixpkgs/pkgs/tools/security/threatest/default.nix +++ b/nixpkgs/pkgs/tools/security/threatest/default.nix @@ -6,17 +6,17 @@ buildGoModule rec { pname = "threatest"; - version = "1.2.4"; + version = "1.2.5"; src = fetchFromGitHub { owner = "DataDog"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-pCSSAEeVxi3/yK7B2g9ZZRU5TjdNd8qp+52Yc1HmxT8="; + hash = "sha256-rVRBrf/RTcHvKOLHNASzvij3fV+uQEuIVKb07CZ/cT0="; }; proxyVendor = true; - vendorHash = "sha256-nHA+UJP6gYWdbTKFcxw1gI6X2ueTUIsHVBIlaprPwsQ="; + vendorHash = "sha256-zwHcGy7wjy2yx7nMi88R+z+Is+YcqGRMK0czeBNlcdA="; nativeBuildInputs = [ installShellFiles diff --git a/nixpkgs/pkgs/tools/security/trueseeing/default.nix b/nixpkgs/pkgs/tools/security/trueseeing/default.nix index a9c4f300141f..8284a802bd88 100644 --- a/nixpkgs/pkgs/tools/security/trueseeing/default.nix +++ b/nixpkgs/pkgs/tools/security/trueseeing/default.nix @@ -5,16 +5,21 @@ python3.pkgs.buildPythonApplication rec { pname = "trueseeing"; - version = "2.1.7"; - format = "pyproject"; + version = "2.1.9"; + pyproject = true; src = fetchFromGitHub { owner = "alterakey"; - repo = pname; + repo = "trueseeing"; rev = "refs/tags/v${version}"; - hash = "sha256-pnIn+Rqun5J3F9cgeBUBX4e9WP5fgbm+vwN3Wqh/yEc="; + hash = "sha256-g5OqdnPtGGV4wBwPRAjH3lweguwlfVcgpNLlq54OHKA="; }; + postPatch = '' + substituteInPlace pyproject.toml \ + --replace "attrs~=21.4" "attrs>=21.4" + ''; + nativeBuildInputs = with python3.pkgs; [ flit-core ]; @@ -26,15 +31,8 @@ python3.pkgs.buildPythonApplication rec { lxml pypubsub pyyaml - docker ]; - postPatch = '' - substituteInPlace pyproject.toml \ - --replace "attrs~=21.4" "attrs>=21.4" \ - --replace "docker~=5.0.3" "docker" - ''; - # Project has no tests doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix index fcaf193e3261..ac6577ceed92 100644 --- a/nixpkgs/pkgs/tools/security/trufflehog/default.nix +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.63.1"; + version = "3.63.7"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-YZH3f5m/7RFf8acmDCw4wQY6LgI98I+5kTIwEFkTwiI="; + hash = "sha256-RI2lNlPlc49E2Z88hEAQzvuXzz62ROsFpp1a9YjNd6I="; }; - vendorHash = "sha256-+Boe/bzCsmihspGqmiJ3jOcRJ9KPjkzu6MBmgtAgwjE="; + vendorHash = "sha256-oZkrRaThXwBORoib1GIW7CUF5RGZJ5d/Jd6YM4z3ZIA="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/vals/default.nix b/nixpkgs/pkgs/tools/security/vals/default.nix index 0ecca297a222..8f25dc1a211a 100644 --- a/nixpkgs/pkgs/tools/security/vals/default.nix +++ b/nixpkgs/pkgs/tools/security/vals/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "vals"; - version = "0.30.0"; + version = "0.32.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "variantdev"; repo = pname; - sha256 = "sha256-3nzbib/oNrbnvjJ+4Z3zU2h6HSnemPap2fvufJKQIdk="; + sha256 = "sha256-UBN0QMrYyYm7O1MrduGmXOSLZ5Qwjq0LMgvWhoVwzGI="; }; - vendorHash = "sha256-6i6CHa3kNe9QW87l6KjShxX/qpf1U+1c9oUoPBi1qO4="; + vendorHash = "sha256-2gS4m+eQSrXcMtT/7AzPW5KcGww8gSJm2doyBa6pLHQ="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index e86c160dbd4b..ddb4532e2af1 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "vault"; - version = "1.14.8"; + version = "1.15.4"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "sha256-sGCODCBgsxyr96zu9ntPmMM/gHVBBO+oo5+XsdbCK4E="; + sha256 = "sha256-Q+j5AS8ccAfqjtPQ/y6Bfga3IxMhE5SZWxZK5OUCJ34="; }; - vendorHash = "sha256-zpHjZjgCgf4b2FAJQ22eVgq0YGoVvxGYJ3h/3ZRiyrQ="; + vendorHash = "sha256-YEEvFAZ+VqmFR3TLJ0ztgWbT2C5r5pfYM4dmCf8G7sw="; proxyVendor = true; @@ -46,7 +46,7 @@ buildGoModule rec { homepage = "https://www.vaultproject.io/"; description = "A tool for managing secrets"; changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md"; - license = licenses.mpl20; + license = licenses.bsl11; mainProgram = "vault"; maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri Chili-Man techknowlogick ]; }; diff --git a/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix b/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix index 52f153b6a30d..3981366448be 100644 --- a/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix +++ b/nixpkgs/pkgs/tools/security/vaultwarden/webvault.nix @@ -7,13 +7,13 @@ }: let - version = "2023.10.0"; + version = "2023.12.0"; bw_web_builds = fetchFromGitHub { owner = "dani-garcia"; repo = "bw_web_builds"; rev = "v${version}"; - hash = "sha256-5vfmMJIGKyZlTQDi/t1YKAALbW/6BFAcWODfkypk/eA="; + hash = "sha256-S98Yqi0PEpMF+enP/J3x/kPEe0VhErY8BNphOXmsijg="; }; in buildNpmPackage rec { pname = "vaultwarden-webvault"; @@ -23,10 +23,10 @@ in buildNpmPackage rec { owner = "bitwarden"; repo = "clients"; rev = "web-v${lib.removeSuffix "b" version}"; - hash = "sha256-egXToXWfb9XV7JuCRBYJO4p/e+WOwMncPKz0oBgeALQ="; + hash = "sha256-eAwj7cWR/ojAMAvYg2/vtNWYTwVBCOnBJPy9mC5Td40="; }; - npmDepsHash = "sha256-iO8ZozVl1vOOqowQARnRJWSFUFnau46+dKfcMSkyU3o="; + npmDepsHash = "sha256-VW1pGG/pc2tdSs5+HfypZv9fnQu04qkoFBTJxaYvBZo="; postPatch = '' ln -s ${bw_web_builds}/{patches,resources} .. diff --git a/nixpkgs/pkgs/tools/security/webanalyze/default.nix b/nixpkgs/pkgs/tools/security/webanalyze/default.nix index 7c043c0d0a18..427d84c5282d 100644 --- a/nixpkgs/pkgs/tools/security/webanalyze/default.nix +++ b/nixpkgs/pkgs/tools/security/webanalyze/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "webanalyze"; - version = "0.3.9"; + version = "0.4.1"; src = fetchFromGitHub { owner = "rverton"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-uDf0p4zw23+AVftMmrKfno+FbMZfGC1B5zvutj8qnPg="; + hash = "sha256-rnNbEPlbye0gjUamwq1xjFM/4g0eEHsGOAZWziEqxwM="; }; vendorHash = "sha256-XPOsC+HoLytgv1fhAaO5HYSvuOP6OhjLyOYTfiD64QI="; diff --git a/nixpkgs/pkgs/tools/security/witness/default.nix b/nixpkgs/pkgs/tools/security/witness/default.nix index d16f74940d3b..42e6455ae7dd 100644 --- a/nixpkgs/pkgs/tools/security/witness/default.nix +++ b/nixpkgs/pkgs/tools/security/witness/default.nix @@ -1,17 +1,24 @@ -{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles + +# testing +, testers +, witness +}: buildGoModule rec { pname = "witness"; - version = "0.1.14"; + version = "0.2.0"; src = fetchFromGitHub { - owner = "testifysec"; - repo = pname; + owner = "in-toto"; + repo = "witness"; rev = "v${version}"; - sha256 = "sha256-TUEbFkrS0OztTiY0OXiZsqraq3TINtC/DQEyCGPNXpE="; + sha256 = "sha256-U+dcaPi9Drg4I2SZlZPaR3Ryb+Dz27nyPI2XJPG/LWc="; }; - proxyVendor = true; - vendorHash = "sha256-L2NaEt64mgFZVta/F8/uUQ4djlra59JPcHJLGbFCQJs="; + vendorHash = "sha256-pjcyAGdR8TsU9YBy5zd6u575vDKPwy8s85TXUsuxZiU="; nativeBuildInputs = [ installShellFiles ]; @@ -21,7 +28,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-X github.com/testifysec/witness/cmd.Version=v${version}" + "-X github.com/in-toto/witness/cmd.Version=v${version}" ]; # Feed in all tests for testing @@ -38,13 +45,11 @@ buildGoModule rec { --zsh <($out/bin/witness completion zsh) ''; - doInstallCheck = true; - installCheckPhase = '' - runHook preInstallCheck - $out/bin/witness --help - $out/bin/witness version | grep "v${version}" - runHook postInstallCheck - ''; + passthru.tests.version = testers.testVersion { + package = witness; + command = "witness version"; + version = "v${version}"; + }; meta = with lib; { description = "A pluggable framework for software supply chain security. Witness prevents tampering of build materials and verifies the integrity of the build process from source to target"; @@ -57,6 +62,7 @@ buildGoModule rec { PKI distribution system will mitigate against many software supply chain attack vectors and can be used as a framework for automated governance. ''; + mainProgram = "witness"; homepage = "https://github.com/testifysec/witness"; changelog = "https://github.com/testifysec/witness/releases/tag/v${version}"; license = licenses.asl20; diff --git a/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix b/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix index 6ec445696bf9..7c5470a0715a 100644 --- a/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix +++ b/nixpkgs/pkgs/tools/security/xsubfind3r/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "xsubfind3r"; - version = "0.4.0"; + version = "0.7.0"; src = fetchFromGitHub { owner = "hueristiq"; repo = "xsubfind3r"; rev = "refs/tags/${version}"; - hash = "sha256-Xlxn9IZ9TTDzkEkyBoBwrS9AdQX21mmHngm03w+c4UM="; + hash = "sha256-tukynKPcIwDwpH0/SFyif6OGVZrmLVdXfhrFaaVd1d8="; }; - vendorHash = "sha256-DkYQkuhBAYnGx9gxi2X/Coh0FYV+z5/4IX1zTfUM6uI="; + vendorHash = "sha256-0tX/s5a6PPQuEw3BTs6uW9c5OHqXryzIfDNPnQH5sS8="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix b/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix index ab2a29808380..aee210beabac 100644 --- a/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix +++ b/nixpkgs/pkgs/tools/security/yubihsm-connector/default.nix @@ -24,7 +24,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" ]; preBuild = '' - go generate + GOOS= GOARCH= go generate ''; meta = with lib; { |