diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
124 files changed, 1789 insertions, 932 deletions
diff --git a/nixpkgs/pkgs/tools/security/1password-gui/default.nix b/nixpkgs/pkgs/tools/security/1password-gui/default.nix deleted file mode 100644 index 709d16672098..000000000000 --- a/nixpkgs/pkgs/tools/security/1password-gui/default.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ lib, stdenv -, fetchurl -, appimageTools -, makeWrapper -, electron_11 -, openssl -}: - -stdenv.mkDerivation rec { - pname = "1password"; - version = "0.9.12-3"; - - src = fetchurl { - url = "https://onepassword.s3.amazonaws.com/linux/appimage/${pname}-${version}.AppImage"; - hash = "sha256-IK4BuZKM2U8vz7m8waJhoh3tQ539wGLcIDNiYGUou24="; - }; - - nativeBuildInputs = [ makeWrapper ]; - - appimageContents = appimageTools.extractType2 { - name = "${pname}-${version}"; - inherit src; - }; - - dontUnpack = true; - dontConfigure = true; - dontBuild = true; - - installPhase = let - runtimeLibs = [ - openssl.out - stdenv.cc.cc - ]; - in '' - mkdir -p $out/bin $out/share/1password - - # Applications files. - cp -a ${appimageContents}/{locales,resources} $out/share/${pname} - - # Desktop file. - install -Dt $out/share/applications ${appimageContents}/${pname}.desktop - substituteInPlace $out/share/applications/${pname}.desktop \ - --replace 'Exec=AppRun' 'Exec=${pname}' - - # Icons. - cp -a ${appimageContents}/usr/share/icons $out/share - - # Wrap the application with Electron. - makeWrapper "${electron_11}/bin/electron" "$out/bin/${pname}" \ - --add-flags "$out/share/${pname}/resources/app.asar" \ - --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath runtimeLibs}" - ''; - - passthru.updateScript = ./update.sh; - - meta = with lib; { - description = "Multi-platform password manager"; - longDescription = '' - 1Password is a multi-platform package manager. - - The Linux version is currently a development preview and can - only be used to search, view, and copy items. However items - cannot be created or edited. - ''; - homepage = "https://1password.com/"; - license = licenses.unfree; - maintainers = with maintainers; [ danieldk timstott ]; - platforms = [ "x86_64-linux" ]; - }; -} diff --git a/nixpkgs/pkgs/tools/security/1password-gui/update.sh b/nixpkgs/pkgs/tools/security/1password-gui/update.sh deleted file mode 100755 index 7703aba99847..000000000000 --- a/nixpkgs/pkgs/tools/security/1password-gui/update.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -p curl gnused common-updater-scripts - -version="$(curl -sL https://onepassword.s3.amazonaws.com/linux/debian/dists/edge/main/binary-amd64/Packages | sed -r -n 's/^Version: (.*)-[0-9]+/\1/p' | head -n1)" -update-source-version _1password-gui "$version" diff --git a/nixpkgs/pkgs/tools/security/aespipe/default.nix b/nixpkgs/pkgs/tools/security/aespipe/default.nix index f2244f98d54b..dcef28f2258f 100644 --- a/nixpkgs/pkgs/tools/security/aespipe/default.nix +++ b/nixpkgs/pkgs/tools/security/aespipe/default.nix @@ -24,6 +24,6 @@ stdenv.mkDerivation rec { homepage = "http://loop-aes.sourceforge.net/aespipe.README"; license = licenses.gpl2; maintainers = [ maintainers.goibhniu ]; - platforms = platforms.linux; + platforms = platforms.unix; }; } diff --git a/nixpkgs/pkgs/tools/security/age/default.nix b/nixpkgs/pkgs/tools/security/age/default.nix index 74a2bb7a6206..e15618da3f18 100644 --- a/nixpkgs/pkgs/tools/security/age/default.nix +++ b/nixpkgs/pkgs/tools/security/age/default.nix @@ -2,14 +2,14 @@ buildGoModule rec { pname = "age"; - version = "1.0.0-beta6"; - vendorSha256 = "sha256-FTByNpLkWWHAWe5wVDRBGtKap/5+XGHeBMQAIdlPCkA="; + version = "1.0.0-rc.1"; + vendorSha256 = "1qx6pkhq00y0lsi6f82g8hxxh65zk1c0ls91ap6hdlj7ch79bhl2"; src = fetchFromGitHub { owner = "FiloSottile"; repo = "age"; rev = "v${version}"; - sha256 = "sha256-1LCcCEf2/R0am0jpA8yKl44+AoUFkbepxp9V6/nZkBQ="; + sha256 = "1n25wip4qnd3v9ial1apc2ybx10b9z6lwz7flyss6kvj3x5g9jd1"; }; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/aide/default.nix b/nixpkgs/pkgs/tools/security/aide/default.nix index 8993208e16ec..40f43c7b054f 100644 --- a/nixpkgs/pkgs/tools/security/aide/default.nix +++ b/nixpkgs/pkgs/tools/security/aide/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "aide"; - version = "0.17"; + version = "0.17.3"; src = fetchurl { url = "https://github.com/aide/aide/releases/download/v${version}/${pname}-${version}.tar.gz"; - sha256 = "sha256-T9iNHV3ccMaYxlGeu8BcjTLD9tgTe7/e/q66r9bbhns="; + sha256 = "sha256-ousYg8r6rQVvvkPuHorgn9NsqjCgvI7f6l1HvWfEZPg="; }; buildInputs = [ flex bison libmhash zlib acl attr libselinux pcre ]; diff --git a/nixpkgs/pkgs/tools/security/apg/default.nix b/nixpkgs/pkgs/tools/security/apg/default.nix index 579026f07ca9..a185c09bda69 100644 --- a/nixpkgs/pkgs/tools/security/apg/default.nix +++ b/nixpkgs/pkgs/tools/security/apg/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { configurePhase = '' substituteInPlace Makefile --replace /usr/local "$out" ''; - makeFlags = lib.optionals stdenv.isDarwin ["CC=cc"]; + makeFlags = ["CC=${stdenv.cc.targetPrefix}cc"]; patches = [ ./apg.patch diff --git a/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix b/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix index 3256b5431a75..13327a84fff0 100644 --- a/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix +++ b/nixpkgs/pkgs/tools/security/asc-key-to-qr-code-gif/default.nix @@ -39,7 +39,7 @@ stdenv.mkDerivation { meta = with lib; { homepage = "https://github.com/yishilin14/asc-key-to-qr-code-gif"; description = "Convert ASCII-armored PGP keys to animated QR code"; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ asymmetric ]; }; } diff --git a/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix index 3eb192e8fcc6..ba80734e5cf8 100644 --- a/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix +++ b/nixpkgs/pkgs/tools/security/bash-supergenpass/default.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation { supergenpass will ask for your master password interactively, and it will not be displayed on your terminal. ''; license = licenses.mit; - platforms = platforms.linux; + platforms = platforms.all; maintainers = with maintainers; [ fgaz ]; homepage = "https://github.com/lanzz/bash-supergenpass"; }; diff --git a/nixpkgs/pkgs/tools/security/bettercap/default.nix b/nixpkgs/pkgs/tools/security/bettercap/default.nix index f2df464a907b..1383de79feb5 100644 --- a/nixpkgs/pkgs/tools/security/bettercap/default.nix +++ b/nixpkgs/pkgs/tools/security/bettercap/default.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "bettercap"; - version = "2.29"; + version = "2.30.2"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-hXYsFRYSyYKYJM4gS0Dyiia9aPA07GWSsp9doA0vYGI="; + sha256 = "sha256-5CAWMW0u/8BUn/8JJBApyHGH+/Tz8hzAmSChoT2gFr8="; }; - vendorSha256 = "sha256-yIvwYUK+4cnHFwvJS2seDa9vJ/2cQ10Q46hR8U0aSRE="; + vendorSha256 = "sha256-fApxHxdzEEc+M+U5f0271VgrkXTGkUD75BpDXpVYd5k="; doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix index 2cce00693a4f..5676e4005c13 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/default.nix @@ -8,13 +8,13 @@ let in rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.19.0"; + version = "1.20.0"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "1iww8fhh4indmgw1j35whqyakd4bppmiyjpcdf2qrzg52x5binh0"; + sha256 = "1ncy4iwmdzdp8rv1gc5i4s1rp97d94n4l4bh08v6w4zdpx0zn8b9"; }; nativeBuildInputs = [ pkg-config ]; @@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "0ga7ahlszja8ilng8xsrwdy7zy6bbci4mf00lknladjhlw16wibf"; + cargoSha256 = "139by5y2ma3v52nabzr5man1qy395rchs2dlivkj9xi829kg4mcr"; cargoBuildFlags = [ featuresFlag ]; checkPhase = '' diff --git a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix index 57f52d91bb06..2b0855b821d6 100644 --- a/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/nixpkgs/pkgs/tools/security/bitwarden_rs/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.18.1b"; + version = "2.19.0"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "sha256-MwHTx4ITr2GuBS6qXD4m3aCinpJHQa0Wp0Bbmgg7ATQ="; + sha256 = "sha256:0yrk2b2d5sld4z60siacafdz95gqikcv4snzd6hwhq1l6kz151az"; }; buildCommand = '' diff --git a/nixpkgs/pkgs/tools/security/bmrsa/11.nix b/nixpkgs/pkgs/tools/security/bmrsa/11.nix index c8188fe4216a..71bdfae4e42e 100644 --- a/nixpkgs/pkgs/tools/security/bmrsa/11.nix +++ b/nixpkgs/pkgs/tools/security/bmrsa/11.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4"; }; - buildInputs = [ unzip ]; + nativeBuildInputs = [ unzip ]; unpackPhase = '' mkdir bmrsa diff --git a/nixpkgs/pkgs/tools/security/brutespray/default.nix b/nixpkgs/pkgs/tools/security/brutespray/default.nix index 25b9aecb8e0e..d7f8e30e182d 100644 --- a/nixpkgs/pkgs/tools/security/brutespray/default.nix +++ b/nixpkgs/pkgs/tools/security/brutespray/default.nix @@ -1,14 +1,20 @@ -{ lib, stdenv, python3, fetchFromGitHub, makeWrapper, medusa }: +{ lib +, stdenv +, python3 +, fetchFromGitHub +, makeWrapper +, medusa +}: stdenv.mkDerivation rec { pname = "brutespray"; - version = "1.6.8"; + version = "1.7.0"; src = fetchFromGitHub { owner = "x90skysn3k"; repo = pname; - rev = "brutespray-${version}"; - sha256 = "1pi4d5vcvvjsby39dq995dlhpxdicmfhqsiw23hr25m38ccfm3rh"; + rev = "${pname}-${version}"; + sha256 = "0lkm3fvx35ml5jh4ykjr2srq8qfajkmxwp4qfcn9xi58khk3asq3"; }; postPatch = '' @@ -33,7 +39,11 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://github.com/x90skysn3k/brutespray"; - description = "Brute-Forcing from Nmap output - Automatically attempts default creds on found services"; + description = "Tool to do brute-forcing from Nmap output"; + longDescription = '' + This tool automatically attempts default credentials on found services + directly from Nmap output. + ''; license = licenses.mit; maintainers = with maintainers; [ ma27 ]; }; diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock index f130b57912b4..c0610480c723 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - bundler-audit (0.7.0.1) + bundler-audit (0.8.0) bundler (>= 1.2.0, < 3) - thor (>= 0.18, < 2) - thor (1.0.1) + thor (~> 1.0) + thor (1.1.0) PLATFORMS ruby diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix index c543920549f6..ff4d6da80691 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -5,19 +5,19 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "04l9rs56rlvihbr2ybkrigjajgd3swa98lxvmdl8iylj1g5m7n0j"; + sha256 = "00l8rs7cna0j3yh4s9sza0r88x7kjc7j4gp9yl378422k7i0r73v"; type = "gem"; }; - version = "0.7.0.1"; + version = "0.8.0"; }; thor = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xbhkmyhlxwzshaqa7swy2bx6vd64mm0wrr8g3jywvxy7hg0cwkm"; + sha256 = "18yhlvmfya23cs3pvhr1qy38y41b6mhr5q9vwv5lrgk16wmf3jna"; type = "gem"; }; - version = "1.0.1"; + version = "1.1.0"; }; } diff --git a/nixpkgs/pkgs/tools/security/chipsec/default.nix b/nixpkgs/pkgs/tools/security/chipsec/default.nix index 45d6349af403..7e00c0b07cf7 100644 --- a/nixpkgs/pkgs/tools/security/chipsec/default.nix +++ b/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -1,6 +1,6 @@ -{ stdenv, lib, fetchFromGitHub, pythonPackages, nasm, libelf +{ stdenv, lib, fetchFromGitHub, python2Packages, nasm, libelf , kernel ? null, withDriver ? false }: -pythonPackages.buildPythonApplication rec { +python2Packages.buildPythonApplication rec { pname = "chipsec"; version = "1.5.1"; diff --git a/nixpkgs/pkgs/tools/security/chkrootkit/default.nix b/nixpkgs/pkgs/tools/security/chkrootkit/default.nix index f9f0dd96a11b..338df2c2d1cc 100644 --- a/nixpkgs/pkgs/tools/security/chkrootkit/default.nix +++ b/nixpkgs/pkgs/tools/security/chkrootkit/default.nix @@ -1,24 +1,30 @@ -{ lib, stdenv, fetchurl }: +{ lib, stdenv, fetchurl, makeWrapper, binutils-unwrapped }: stdenv.mkDerivation rec { - name = "chkrootkit-0.54"; + pname = "chkrootkit"; + version = "0.54"; src = fetchurl { - url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${name}.tar.gz"; - sha256 = "sha256-FUySaSH1PbYHKKfLyXyohli2lMFLfSiO/jg+CEmRVgc="; + url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${pname}-${version}.tar.gz"; + sha256 = "01snj54hhgiqzs72hzabq6abcn46m1yckjx7503vcggm45lr4k0m"; }; # TODO: a lazy work-around for linux build failure ... makeFlags = [ "STATIC=" ]; - postPatch = '' + nativeBuildInputs = [ makeWrapper ]; + + postPatch = '' substituteInPlace chkrootkit \ --replace " ./" " $out/bin/" - ''; + ''; installPhase = '' mkdir -p $out/sbin cp check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc strings-static $out/sbin + + wrapProgram $out/sbin/chkrootkit \ + --prefix PATH : "${lib.makeBinPath [ binutils-unwrapped ]}" ''; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/chntpw/default.nix b/nixpkgs/pkgs/tools/security/chntpw/default.nix index ef462f5bf2dc..5bda55c418aa 100644 --- a/nixpkgs/pkgs/tools/security/chntpw/default.nix +++ b/nixpkgs/pkgs/tools/security/chntpw/default.nix @@ -10,8 +10,8 @@ stdenv.mkDerivation rec { sha256 = "1k1cxsj0221dpsqi5yibq2hr7n8xywnicl8yyaicn91y8h2hkqln"; }; - buildInputs = [ unzip ] - ++ lib.optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; + nativeBuildInputs = [ unzip ]; + buildInputs = lib.optionals stdenv.isLinux [ stdenv.glibc.out stdenv.glibc.static ]; patches = [ ./00-chntpw-build-arch-autodetect.patch diff --git a/nixpkgs/pkgs/tools/security/cipherscan/default.nix b/nixpkgs/pkgs/tools/security/cipherscan/default.nix index eae5a5256dff..23022f92b6af 100644 --- a/nixpkgs/pkgs/tools/security/cipherscan/default.nix +++ b/nixpkgs/pkgs/tools/security/cipherscan/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchFromGitHub, openssl, makeWrapper, python, coreutils }: +{ stdenv, lib, fetchFromGitHub, openssl, makeWrapper, python3, coreutils }: stdenv.mkDerivation rec { pname = "cipherscan"; @@ -12,7 +12,9 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ python ]; + buildInputs = [ python3 ]; + + strictDeps = true; buildPhase = '' substituteInPlace cipherscan --replace '$0' 'cipherscan' diff --git a/nixpkgs/pkgs/tools/security/cosign/default.nix b/nixpkgs/pkgs/tools/security/cosign/default.nix new file mode 100644 index 000000000000..c0ef3b7400a9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cosign/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "cosign"; + version = "0.2.0"; + + src = fetchFromGitHub { + owner = "sigstore"; + repo = pname; + rev = "v${version}"; + sha256 = "1zwb2q62ngb2zh1hasvq7r7pmrjlpgfhs5raibbhkxbk5kayvmii"; + }; + + vendorSha256 = "0nwbjaps4z5fhiknbj9pybxb6kgwb1vf2qhy0mzpycprf04q6g0v"; + + subPackages = [ "cmd/cosign" ]; + + meta = with lib; { + homepage = "https://github.com/sigstore/cosign"; + changelog = "https://github.com/sigstore/cosign/releases/tag/v${version}"; + description = "Container Signing CLI with support for ephemeral keys and Sigstore signing"; + license = licenses.asl20; + maintainers = with maintainers; [ lesuisse ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/credslayer/default.nix b/nixpkgs/pkgs/tools/security/credslayer/default.nix new file mode 100644 index 000000000000..0de8d37c0db4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/credslayer/default.nix @@ -0,0 +1,42 @@ +{ lib +, fetchFromGitHub +, python3 +, wireshark-cli +}: + +python3.pkgs.buildPythonApplication rec { + pname = "credslayer"; + version = "0.1.2"; + + src = fetchFromGitHub { + owner = "ShellCode33"; + repo = "CredSLayer"; + rev = "v${version}"; + sha256 = "1rbfy0h9c2gra1r2b39kngj3m7g177nmzzs5xy9np8lxixrh17pc"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + pyshark + ]; + + checkInputs = with python3.pkgs; [ + wireshark-cli + pytestCheckHook + ]; + + pytestFlagsArray = [ "tests/tests.py" ]; + + disabledTests = [ + # Requires a telnet setup + "test_telnet" + ]; + + pythonImportsCheck = [ "credslayer" ]; + + meta = with lib; { + description = "Extract credentials and other useful info from network captures"; + homepage = "https://github.com/ShellCode33/CredSLayer"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/crlfuzz/default.nix b/nixpkgs/pkgs/tools/security/crlfuzz/default.nix index 88bd45bb5e16..d203d0d7f463 100644 --- a/nixpkgs/pkgs/tools/security/crlfuzz/default.nix +++ b/nixpkgs/pkgs/tools/security/crlfuzz/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "crlfuzz"; - version = "1.4.0"; + version = "1.4.1"; src = fetchFromGitHub { owner = "dwisiswant0"; repo = pname; rev = "v${version}"; - sha256 = "03g7z7cczn52hvg6srp1i5xhdbpia226adrh2d54cs640063bx3m"; + sha256 = "sha256-rqhdxOQmZCRtq+IZygKLleb5GoKP2akyEc3rbGcnZmw="; }; - vendorSha256 = "19cj07f7d3ksp7lh5amdjz1s8p7xmqbwal4vp61al82n8944ify8"; + vendorSha256 = "sha256-yLtISEJWIKqCuZtQxReu/Vykw5etqgLpuXqOdtwBkqU="; doCheck = true; diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix new file mode 100644 index 000000000000..c866a527768f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -0,0 +1,91 @@ +{ lib, stdenv, fetchFromGitHub +, autoPatchelfHook +, fuse, packer +, maven, jdk, jre, makeWrapper, glib, wrapGAppsHook +}: + +let + pname = "cryptomator"; + version = "1.5.13"; + + src = fetchFromGitHub { + owner = "cryptomator"; + repo = "cryptomator"; + rev = version; + sha256 = "1s9jl3nl6yfjzmilz9b8azk8592nd39xflzfdf38v6s4iiq86r8j"; + }; + + icons = fetchFromGitHub { + owner = "cryptomator"; + repo = "cryptomator-linux"; + rev = version; + sha256 = "1x6h6wp6yxnj576874xj3d2jm8jmb7918wprqvlz4sryxhlcssa7"; + }; + + # perform fake build to make a fixed-output derivation out of the files downloaded from maven central (120MB) + deps = stdenv.mkDerivation { + name = "cryptomator-${version}-deps"; + inherit src; + + nativeBuildInputs = [ jdk maven ]; + + buildPhase = '' + cd main + while mvn -Prelease package -Dmaven.repo.local=$out/.m2 -Dmaven.wagon.rto=5000; [ $? = 1 ]; do + echo "timeout, restart maven to continue downloading" + done + ''; + + # keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside + installPhase = '' + find $out/.m2 -type f -regex '.+\(\.lastUpdated\|resolver-status\.properties\|_remote\.repositories\)' -delete + find $out/.m2 -type f -iname '*.pom' -exec sed -i -e 's/\r\+$//' {} \; + ''; + + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "06q8bqdz3c4i84wxl9z5861zwdsw8jzcvsbgxqrnh8rwi7500sa7"; + }; + +in stdenv.mkDerivation rec { + inherit pname version src; + + buildPhase = '' + cd main + mvn -Prelease package --offline -Dmaven.repo.local=$(cp -dpR ${deps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2 + ''; + + installPhase = '' + mkdir -p $out/bin/ $out/usr/share/cryptomator/libs/ + + cp buildkit/target/libs/* buildkit/target/linux-libs/* $out/usr/share/cryptomator/libs/ + + makeWrapper ${jre}/bin/java $out/bin/cryptomator \ + --add-flags "-classpath '$out/usr/share/cryptomator/libs/*'" \ + --add-flags "-Dcryptomator.settingsPath='~/.config/Cryptomator/settings.json'" \ + --add-flags "-Dcryptomator.ipcPortPath='~/.config/Cryptomator/ipcPort.bin'" \ + --add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \ + --add-flags "-Dcryptomator.mountPointsDir='~/.local/share/Cryptomator/mnt'" \ + --add-flags "-Djdk.gtk.version=3" \ + --add-flags "-Xss20m" \ + --add-flags "-Xmx512m" \ + --add-flags "org.cryptomator.launcher.Cryptomator" \ + --prefix PATH : "$out/usr/share/cryptomator/libs/:${lib.makeBinPath [ jre glib ]}" \ + --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fuse ]}" \ + --set JAVA_HOME "${jre.home}" + + # install desktop entry and icons + cp -r ${icons}/resources/appimage/AppDir/usr $out/ + ''; + + nativeBuildInputs = [ autoPatchelfHook maven makeWrapper wrapGAppsHook jdk ]; + buildInputs = [ fuse packer jre glib ]; + + meta = with lib; { + description = "Free client-side encryption for your cloud files"; + homepage = "https://cryptomator.org"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ bachp ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/tools/security/doppler/default.nix b/nixpkgs/pkgs/tools/security/doppler/default.nix index 1222ade4ad70..b5fa405e93e8 100644 --- a/nixpkgs/pkgs/tools/security/doppler/default.nix +++ b/nixpkgs/pkgs/tools/security/doppler/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "doppler"; - version = "3.22.0"; + version = "3.23.2"; src = fetchFromGitHub { owner = "dopplerhq"; repo = "cli"; rev = version; - sha256 = "sha256-Vx+f2IgCOdRxCVppkJNzVDBnsWjt4X96PyCJl9MmfWI="; + sha256 = "sha256-qdBq1vjvvb55gyL4XuPDrPK58YLSSH5kLp1oP84vJsU="; }; - vendorSha256 = "sha256-rQrlnIYYnRc+cqyiyJoh1YqxD61doyjte7ehrX4RDTI="; + vendorSha256 = "sha256-UaR/xYGMI+C9aID85aPSfVzmTWXj4KcjfOJ6TTJ8KoY="; buildFlagsArray = "-ldflags=-X github.com/DopplerHQ/cli/pkg/version.ProgramVersion=v${version}"; diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/default.nix b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix index 569b83feb9ae..cd90342738ed 100644 --- a/nixpkgs/pkgs/tools/security/ecryptfs/default.nix +++ b/nixpkgs/pkgs/tools/security/ecryptfs/default.nix @@ -35,11 +35,11 @@ stdenv.mkDerivation rec { configureFlags = lib.optionals (!enablePython) [ "--disable-pywrap" ]; - nativeBuildInputs = [ pkg-config ] + nativeBuildInputs = [ pkg-config makeWrapper ] # if python2 support is requested, it is needed at builtime as well as runtime. ++ lib.optionals (enablePython) [ python2 ] ; - buildInputs = [ perl nss nspr pam intltool makeWrapper ] + buildInputs = [ perl nss nspr pam intltool ] ++ lib.optionals (enablePython) [ python2 ] ; propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; diff --git a/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix index ecd12a2738d8..bd558b7ab66d 100644 --- a/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix +++ b/nixpkgs/pkgs/tools/security/ecryptfs/helper.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { phases = [ "installPhase" ]; - buildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; # Do not hardcode PATH to ${ecryptfs} as we need the script to invoke executables from /run/wrappers/bin installPhase = '' diff --git a/nixpkgs/pkgs/tools/security/enpass/default.nix b/nixpkgs/pkgs/tools/security/enpass/default.nix index 7e2c0fcdb338..2444d1f1d726 100644 --- a/nixpkgs/pkgs/tools/security/enpass/default.nix +++ b/nixpkgs/pkgs/tools/security/enpass/default.nix @@ -2,7 +2,7 @@ , glib, libGLU, libGL, libpulseaudio, zlib, dbus, fontconfig, freetype , gtk3, pango , makeWrapper , python2Packages, lib -, lsof, curl, libuuid, cups, mesa, lzma, libxkbcommon +, lsof, curl, libuuid, cups, mesa, xz, libxkbcommon }: let @@ -38,7 +38,7 @@ let curl libuuid cups - lzma + xz libxkbcommon ]); package = stdenv.mkDerivation { @@ -59,7 +59,8 @@ let maintainers = with maintainers; [ ewok ]; }; - buildInputs = [makeWrapper dpkg]; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [dpkg]; phases = [ "unpackPhase" "installPhase" ]; unpackPhase = "dpkg -X $src ."; diff --git a/nixpkgs/pkgs/tools/security/expliot/default.nix b/nixpkgs/pkgs/tools/security/expliot/default.nix new file mode 100644 index 000000000000..c46dcb018992 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/expliot/default.nix @@ -0,0 +1,72 @@ +{ lib +, aiocoap +, awsiotpythonsdk +, bluepy +, buildPythonApplication +, can +, cmd2 +, cryptography +, fetchFromGitLab +, paho-mqtt +, pyi2cflash +, pymodbus +, pynetdicom +, pyparsing +, pyserial +, pyspiflash +, pythonOlder +, upnpy +, xmltodict +, zeroconf +}: + +buildPythonApplication rec { + pname = "expliot"; + version = "0.9.7"; + disabled = pythonOlder "3.7"; + + src = fetchFromGitLab { + owner = "expliot_framework"; + repo = pname; + rev = version; + sha256 = "sha256-k43PvH9BXcvxe7O5iCGzLuxv/WkB9YelH/d/1S7BpU0="; + }; + + propagatedBuildInputs = [ + aiocoap + awsiotpythonsdk + bluepy + can + cmd2 + cryptography + paho-mqtt + pyi2cflash + pymodbus + pynetdicom + pyparsing + pyserial + pyspiflash + upnpy + xmltodict + zeroconf + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "expliot" ]; + + meta = with lib; { + description = "IoT security testing and exploitation framework"; + longDescription = '' + EXPLIoT is a Framework for security testing and exploiting IoT + products and IoT infrastructure. It provides a set of plugins + (test cases) which are used to perform the assessment and can + be extended easily with new ones. The name EXPLIoT (pronounced + expl-aa-yo-tee) is a pun on the word exploit and explains the + purpose of the framework i.e. IoT exploitation. + ''; + homepage = "https://expliot.readthedocs.io/"; + license = with licenses; [ agpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/fprintd/default.nix b/nixpkgs/pkgs/tools/security/fprintd/default.nix index 72c0bc204f8a..0ae04ddb30f2 100644 --- a/nixpkgs/pkgs/tools/security/fprintd/default.nix +++ b/nixpkgs/pkgs/tools/security/fprintd/default.nix @@ -1,7 +1,7 @@ { lib, stdenv , fetchFromGitLab -, fetchpatch , pkg-config +, gobject-introspection , meson , ninja , perl @@ -11,9 +11,10 @@ , libxslt , docbook-xsl-nons , docbook_xml_dtd_412 +, fetchurl , glib +, gusb , dbus -, dbus-glib , polkit , nss , pam @@ -24,52 +25,41 @@ stdenv.mkDerivation rec { pname = "fprintd"; - version = "1.90.1"; + version = "1.90.9"; outputs = [ "out" "devdoc" ]; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "libfprint"; repo = pname; - rev = version; - sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg"; + rev = "v${version}"; + sha256 = "rOTVThHOY/Q2IIu2RGiv26UE2V/JFfWWnfKZQfKl5Mg="; }; - patches = [ - # Fixes issue with ":" when there is multiple paths (might be the case on NixOS) - # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50 - (fetchpatch { - url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch"; - sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0"; - }) - - # Fix locating libpam_wrapper for tests - (fetchpatch { - url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch"; - sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3"; - }) - (fetchpatch { - url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch"; - sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy"; - }) - ]; - nativeBuildInputs = [ pkg-config meson ninja - perl + perl # for pod2man gettext gtk-doc libxslt - dbus + # TODO: apply this to D-Bus so that other packages can benefit. + # https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/202 + (dbus.overrideAttrs (attrs: { + postInstall = attrs.postInstall or "" + '' + ln -s ${fetchurl { + url = "https://gitlab.freedesktop.org/dbus/dbus/-/raw/b207135dbd8c09cf8da28f7e3b0a18bb11483663/doc/catalog.xml"; + sha256 = "1/43XwAIcmRXfM4OXOPephyQyUnW8DSveiZbiPvW72I="; + }} $out/share/xml/dbus-1/catalog.xml + ''; + })) docbook-xsl-nons docbook_xml_dtd_412 ]; buildInputs = [ glib - dbus-glib polkit nss pam @@ -78,11 +68,13 @@ stdenv.mkDerivation rec { ]; checkInputs = with python3.pkgs; [ + gobject-introspection # for setup hook python-dbusmock dbus-python pygobject3 pycairo pypamtest + gusb # Required by libfprint’s typelib ]; mesonFlags = [ @@ -103,13 +95,15 @@ stdenv.mkDerivation rec { doCheck = true; postPatch = '' - patchShebangs po/check-translations.sh + patchShebangs \ + po/check-translations.sh \ + tests/unittest_inspector.py ''; meta = with lib; { homepage = "https://fprint.freedesktop.org/"; description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus"; - license = licenses.gpl2; + license = licenses.gpl2Plus; platforms = platforms.linux; maintainers = with maintainers; [ abbradar elyhaka ]; }; diff --git a/nixpkgs/pkgs/tools/security/galer/default.nix b/nixpkgs/pkgs/tools/security/galer/default.nix new file mode 100644 index 000000000000..d64b47bfdaf6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/galer/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "galer"; + version = "0.0.2"; + + src = fetchFromGitHub { + owner = "dwisiswant0"; + repo = pname; + rev = "v${version}"; + sha256 = "1923071rk078mqk5mig45kcrr58ni02rby3r298myld7j9gfnylb"; + }; + + vendorSha256 = "0p5b6cp4ccvcjiy3g9brcwb08wxjbrpsza525fmx38wyyi0n0wns"; + + meta = with lib; { + description = "Tool to fetch URLs from HTML attributes"; + homepage = "https://github.com/dwisiswant0/galer"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix index 51ff5b0e81e9..bb607c1fbd32 100644 --- a/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix +++ b/nixpkgs/pkgs/tools/security/gen-oath-safe/default.nix @@ -1,4 +1,4 @@ -{ coreutils, fetchFromGitHub, file, libcaca, makeWrapper, python, openssl, qrencode, lib, stdenv, yubikey-manager }: +{ coreutils, fetchFromGitHub, file, libcaca, makeWrapper, python3, openssl, qrencode, lib, stdenv, yubikey-manager }: stdenv.mkDerivation rec { pname = "gen-oath-safe"; @@ -10,9 +10,9 @@ stdenv.mkDerivation rec { sha256 = "1914z0jgj7lni0nf3hslkjgkv87mhxdr92cmhmbzhpjgjgr23ydp"; }; - buildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; - buildPhase = ":"; + dontBuild = true; installPhase = let @@ -21,7 +21,7 @@ stdenv.mkDerivation rec { file libcaca.bin openssl.bin - python + python3 qrencode yubikey-manager ]; diff --git a/nixpkgs/pkgs/tools/security/gencfsm/default.nix b/nixpkgs/pkgs/tools/security/gencfsm/default.nix index 53127173f790..edec05272b9f 100644 --- a/nixpkgs/pkgs/tools/security/gencfsm/default.nix +++ b/nixpkgs/pkgs/tools/security/gencfsm/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, autoconf, automake, intltool, libtool, pkg-config, encfs -, glib , gnome3, gtk3, libgnome-keyring, vala, wrapGAppsHook, xorg, gobject-introspection +, glib , libgee, gtk3, libgnome-keyring, vala, wrapGAppsHook, xorg, gobject-introspection }: stdenv.mkDerivation rec { @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ pkg-config ]; buildInputs = [ autoconf automake intltool libtool vala glib encfs - gtk3 libgnome-keyring gnome3.libgee xorg.libSM xorg.libICE + gtk3 libgnome-keyring libgee xorg.libSM xorg.libICE wrapGAppsHook gobject-introspection ]; patches = [ ./makefile-mkdir.patch ]; diff --git a/nixpkgs/pkgs/tools/security/genpass/default.nix b/nixpkgs/pkgs/tools/security/genpass/default.nix index 29703ee1fc87..b358507bbae2 100644 --- a/nixpkgs/pkgs/tools/security/genpass/default.nix +++ b/nixpkgs/pkgs/tools/security/genpass/default.nix @@ -7,22 +7,22 @@ }: rustPlatform.buildRustPackage rec { pname = "genpass"; - version = "0.4.9"; + version = "0.4.12"; src = fetchgit { url = "https://git.sr.ht/~cyplo/genpass"; rev = "v${version}"; - sha256 = "1dpv2iyd48xd8yw9bmymjjrkhsgmpwvsl5b9zx3lpaaq59ypi9g9"; + sha256 = "154kprbqc59f06ciz60il4ax299zapwa0hz8vjn25rl4gr5gzn4l"; }; - cargoSha256 = "1cwxpc3xkw673wiamr4v7clrzwxl8ma1vdr6bw0hixm37gxdxz7x"; + cargoSha256 = "1nc699n7f732lhzfhsfknay6z3igyiqy5jymm5x815mv9y1vwaj1"; buildInputs = lib.optionals stdenv.isDarwin [ CoreFoundation libiconv Security ]; meta = with lib; { description = "A simple yet robust commandline random password generator"; homepage = "https://sr.ht/~cyplo/genpass/"; - license = licenses.agpl3; + license = licenses.agpl3Only; maintainers = with maintainers; [ cyplo ]; }; } diff --git a/nixpkgs/pkgs/tools/security/ghidra/default.nix b/nixpkgs/pkgs/tools/security/ghidra/default.nix index 2e55b24f723d..66112332663a 100644 --- a/nixpkgs/pkgs/tools/security/ghidra/default.nix +++ b/nixpkgs/pkgs/tools/security/ghidra/default.nix @@ -25,12 +25,12 @@ let in stdenv.mkDerivation rec { pname = "ghidra"; - version = "9.2.1"; - versiondate = "20201215"; + version = "9.2.2"; + versiondate = "20201229"; src = fetchzip { url = "https://www.ghidra-sre.org/ghidra_${version}_PUBLIC_${versiondate}.zip"; - sha256 = "0rjzmx0nbv9flb666mk3w2dqliyfzjyc4ldjfmb5d29wpgnf9bnz"; + sha256 = "1xahkwiqdcwxssah16hhgrmyam49cb341xp5ysycj1h0kkm8p53s"; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/gitjacker/default.nix b/nixpkgs/pkgs/tools/security/gitjacker/default.nix index 0b8c087eccd0..14d9ab9ccfa2 100644 --- a/nixpkgs/pkgs/tools/security/gitjacker/default.nix +++ b/nixpkgs/pkgs/tools/security/gitjacker/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "gitjacker"; - version = "0.0.2"; + version = "0.1.0"; src = fetchFromGitHub { owner = "liamg"; repo = "gitjacker"; rev = "v${version}"; - sha256 = "0fg95i2y8sj7dsvqj8mx0k5pps7d0h1i4a3lk85l8jjab4kxx8h9"; + sha256 = "sha256-rEn9FpcRfEt2yGepIPEAO9m8JeVb+nMhYMBWhC/barc="; }; vendorSha256 = null; diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix index 982774612759..9e34b07121fa 100644 --- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -1,20 +1,24 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "gitleaks"; - version = "7.2.0"; + version = "7.3.0"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "1pdbkjx8h6ijypsxyv34lykymaqf8wnfyjk3ldp49apbx01bl34y"; + sha256 = "sha256-IJaumIFuIhrvXZ45uz8RUxAuprnWdv2lNzxNUascvVc="; }; - vendorSha256 = "0kk8ci7vprqw4v7cigspshfd13k2wyy4pdkxf11pqc2fz8j07kh9"; + vendorSha256 = "sha256-Cc4DJPpOMHxDcH22S7znYo7QHNRXv8jOJhznu09kaE4="; + + preBuild = '' + buildFlagsArray+=("-ldflags" "-s -w -X github.com/zricethezav/gitleaks/v${lib.versions.major version}/version.Version=${version}") + ''; meta = with lib; { description = "Scan git repos (or files) for secrets"; diff --git a/nixpkgs/pkgs/tools/security/gopass/default.nix b/nixpkgs/pkgs/tools/security/gopass/default.nix index c208b44bfd6e..be9fe521e9dd 100644 --- a/nixpkgs/pkgs/tools/security/gopass/default.nix +++ b/nixpkgs/pkgs/tools/security/gopass/default.nix @@ -13,7 +13,7 @@ buildGoModule rec { pname = "gopass"; - version = "1.12.0"; + version = "1.12.5"; nativeBuildInputs = [ installShellFiles makeWrapper ]; @@ -21,10 +21,10 @@ buildGoModule rec { owner = "gopasspw"; repo = pname; rev = "v${version}"; - sha256 = "0y3dcikw6gl436mhza5j0b3lm49jzl590a9ry53rkmzrv2lqx9w6"; + sha256 = "06qc68q9px2g19iz23nbc4ay5dwqhgh99d1jj5l2dhb3mgknh19n"; }; - vendorSha256 = "09lbkm7c361c2s87qi1wpfsqgpp3r862wcn98dzdg5j6pvpgwbag"; + vendorSha256 = "1jir1lb60p86fmk5sh92ywchqva59c31g1badlq9pjgd7jip5vnl"; subPackages = [ "." ]; @@ -41,10 +41,13 @@ buildGoModule rec { ); postInstall = '' + HOME=$TMPDIR for shell in bash fish zsh; do $out/bin/gopass completion $shell > gopass.$shell installShellCompletion gopass.$shell done + go run helpers/man/main.go > gopass.1 + installManPage gopass.1 '' + lib.optionalString passAlias '' ln -s $out/bin/gopass $out/bin/pass ''; @@ -59,7 +62,6 @@ buildGoModule rec { license = licenses.mit; maintainers = with maintainers; [ andir rvolosatovs ]; changelog = "https://github.com/gopasspw/gopass/blob/v${version}/CHANGELOG.md"; - platforms = platforms.unix; longDescription = '' gopass is a rewrite of the pass password manager in Go with the aim of diff --git a/nixpkgs/pkgs/tools/security/gopass/git-credential.nix b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix new file mode 100644 index 000000000000..fb0da2c1a093 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/git-credential.nix @@ -0,0 +1,41 @@ +{ lib +, makeWrapper +, buildGoModule +, fetchFromGitHub +, gopass +}: + +buildGoModule rec { + pname = "git-credential-gopass"; + version = "1.12.0"; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-IvYxpUMclDAKJ/EkRbNrX8eIFyhtY9Q0B0RipweieZA="; + }; + + vendorSha256 = "sha256-N6eU6KsnUrYBK90ydwUH8LNkR9KRjgc4ciGOGvy7pw8="; + + subPackages = [ "." ]; + + nativeBuildInputs = [ makeWrapper ]; + + preBuild = '' + buildFlagsArray+=( + "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev}" + ) + ''; + + postFixup = '' + wrapProgram $out/bin/git-credential-gopass --prefix PATH : "${lib.makeBinPath [ gopass ]}" + ''; + + meta = with lib; { + description = "Manage git credentials using gopass"; + homepage = "https://github.com/gopasspw/git-credential-gopass"; + license = licenses.mit; + maintainers = with maintainers; [ benneti ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix new file mode 100644 index 000000000000..e060adbf5bcf --- /dev/null +++ b/nixpkgs/pkgs/tools/security/gopass/jsonapi.nix @@ -0,0 +1,42 @@ +{ lib +, makeWrapper +, buildGoModule +, fetchFromGitHub +, installShellFiles +, gopass +}: + +buildGoModule rec { + pname = "gopass-jsonapi"; + version = "1.11.1"; + + src = fetchFromGitHub { + owner = "gopasspw"; + repo = pname; + rev = "v${version}"; + sha256 = "03xhza7n92xg12z83as9qdvvc0yx1qy6q0c7i4njvng594f9a8x2"; + }; + + vendorSha256 = "0d4fyppsdfzvmjb0qvpnfnw0vl6z256bly7hfb0whk6rldks60wr"; + + subPackages = [ "." ]; + + nativeBuildInputs = [ installShellFiles makeWrapper ]; + + preBuild = '' + buildFlagsArray+=( + "-ldflags=-s -w -X main.version=${version} -X main.commit=${src.rev}" + ) + ''; + + postFixup = '' + wrapProgram $out/bin/gopass-jsonapi --prefix PATH : "${lib.makeBinPath [ gopass ]}" + ''; + + meta = with lib; { + description = "Enables communication with gopass via JSON messages"; + homepage = "https://www.gopass.pw/"; + license = licenses.mit; + maintainers = with maintainers; [ maxhbr ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index dc4b487747c6..13bbdbb99d47 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -1,25 +1,29 @@ -{ buildGoModule +{ lib +, buildGoModule , docker , fetchFromGitHub -, lib }: buildGoModule rec { pname = "grype"; - version = "0.7.0"; + version = "0.9.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-co00Ye/QVNSG4h67m56+37JLilBVzHxUwMs1vS3wYX4="; + sha256 = "sha256-X67TEHKmKKuTFGo55ZVkYVNw4f/d8aU2b/FQsq1OIJg="; }; - vendorSha256 = "sha256-q7n8WLw/A2wr3z5h7zaFERY7lO5UIsmTD2mrcH/vpNs="; + vendorSha256 = "sha256-SGO8RKSOK0PHqSIJfTdcuAmqMtFuo9MBdiEylDUpOFo="; propagatedBuildInputs = [ docker ]; - # tests require a running Docker instance + preBuild = '' + buildFlagsArray+=("-ldflags" "-s -w -X github.com/anchore/grype/internal/version.version=${version}") + ''; + + # Tests require a running Docker instance doCheck = false; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix index b8759d3571b5..ee06c112481b 100644 --- a/nixpkgs/pkgs/tools/security/hash-slinger/default.nix +++ b/nixpkgs/pkgs/tools/security/hash-slinger/default.nix @@ -1,7 +1,7 @@ -{ lib, stdenv, fetchFromGitHub, pythonPackages, unbound, libreswan }: +{ lib, stdenv, fetchFromGitHub, python2Packages, unbound, libreswan }: let - inherit (pythonPackages) python; + pythonPackages = python2Packages; in stdenv.mkDerivation rec { pname = "hash-slinger"; version = "2.7"; @@ -31,7 +31,7 @@ in stdenv.mkDerivation rec { ''; installPhase = '' - mkdir -p $out/bin $out/man $out/${python.sitePackages}/ + mkdir -p $out/bin $out/man $out/${pythonPackages.python.sitePackages}/ make install wrapPythonPrograms ''; diff --git a/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix b/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix index 8b91a53db013..ccd6230b06f2 100644 --- a/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix +++ b/nixpkgs/pkgs/tools/security/hashcat-utils/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { description = "Small utilities that are useful in advanced password cracking"; homepage = "https://github.com/hashcat/hashcat-utils"; license = licenses.mit; - platforms = platforms.linux; + platforms = platforms.unix; maintainers = with maintainers; [ fadenb ]; }; } diff --git a/nixpkgs/pkgs/tools/security/hashcat/default.nix b/nixpkgs/pkgs/tools/security/hashcat/default.nix index 20b5aed39320..173fdc8b18d2 100644 --- a/nixpkgs/pkgs/tools/security/hashcat/default.nix +++ b/nixpkgs/pkgs/tools/security/hashcat/default.nix @@ -26,6 +26,12 @@ stdenv.mkDerivation rec { "USE_SYSTEM_XXHASH=1" ]; + preFixup = '' + for f in $out/share/hashcat/OpenCL/*.cl; do + sed "s|#include \"\(.*\)\"|#include \"$out/share/hashcat/OpenCL/\1\"|g" -i "$f" + done + ''; + postFixup = '' wrapProgram $out/bin/hashcat --prefix LD_LIBRARY_PATH : ${ocl-icd}/lib ''; diff --git a/nixpkgs/pkgs/tools/security/hashdeep/default.nix b/nixpkgs/pkgs/tools/security/hashdeep/default.nix index 4841dc5e07fa..0e24e0ec3a39 100644 --- a/nixpkgs/pkgs/tools/security/hashdeep/default.nix +++ b/nixpkgs/pkgs/tools/security/hashdeep/default.nix @@ -1,8 +1,8 @@ { lib, stdenv, fetchFromGitHub, autoreconfHook }: -let version = "4.4"; -in stdenv.mkDerivation { - name = "hashdeep-${version}"; +stdenv.mkDerivation rec { + pname = "hashdeep"; + version = "4.4"; src = fetchFromGitHub { owner = "jessek"; @@ -17,7 +17,11 @@ in stdenv.mkDerivation { description = "A set of cross-platform tools to compute hashes"; homepage = "https://github.com/jessek/hashdeep"; license = licenses.gpl2; - platforms = with platforms; linux ++ freebsd ++ openbsd; - maintainers = [ lib.maintainers.karantan ]; + maintainers = [ maintainers.karantan ]; + platforms = platforms.all; + # Build fails on Darwin: + # > ./xml.h:103:82: error: invalid suffix on literal; C++11 requires a space between literal and identifier [-Wreserved-user-defined-literal] + # > void xmlout(const std::string &tag,const int64_t value){ xmlprintf(tag,"","%"PRId64,value); } + broken = stdenv.isDarwin; }; } diff --git a/nixpkgs/pkgs/tools/security/hcxtools/default.nix b/nixpkgs/pkgs/tools/security/hcxtools/default.nix index a1ba32b35ed7..9478844055e1 100644 --- a/nixpkgs/pkgs/tools/security/hcxtools/default.nix +++ b/nixpkgs/pkgs/tools/security/hcxtools/default.nix @@ -1,16 +1,17 @@ -{ lib, stdenv, fetchFromGitHub, curl, openssl, zlib }: +{ lib, stdenv, fetchFromGitHub, pkg-config, curl, openssl, zlib }: stdenv.mkDerivation rec { pname = "hcxtools"; - version = "6.0.3"; + version = "6.1.6"; src = fetchFromGitHub { owner = "ZerBea"; repo = pname; rev = version; - sha256 = "0s9l5mvzcv6hnj7h28piabnm66b09hk2l57vb85ny35w99hzpkc0"; + sha256 = "sha256-x6sVFjM2GMGqpoAW7CtCLUoEAYLgulaUKXequQ7DmGQ="; }; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ curl openssl zlib ]; makeFlags = [ diff --git a/nixpkgs/pkgs/tools/security/honggfuzz/default.nix b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix index 081e26e34abb..62b335ef5c7c 100644 --- a/nixpkgs/pkgs/tools/security/honggfuzz/default.nix +++ b/nixpkgs/pkgs/tools/security/honggfuzz/default.nix @@ -5,13 +5,13 @@ let honggfuzz = stdenv.mkDerivation rec { pname = "honggfuzz"; - version = "2.3.1"; + version = "2.4"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = version; - sha256 = "0dcl5a5jykgfmnfj42vl7kah9k26wg38l2g6yfh5pssmlf0nax33"; + sha256 = "sha256-sU5lmlfmvVWo4K96sI+xQsPfTMd1wsLbihcKI4aTj6g="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix index c177726bbb16..d556566a7d54 100644 --- a/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix +++ b/nixpkgs/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ibm-sw-tpm2"; - version = "1637"; + version = "1661"; src = fetchurl { url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; - sha256 = "09z3wbv38dc8wnw1q961s6bcd0kvz2xkjp6dxg4kn914fwzlqfnx"; + sha256 = "sha256-VRRZKK0rJPNL5qDqz5+0kuEODqkZuEKMch+pcOhdYUc="; }; buildInputs = [ openssl ]; diff --git a/nixpkgs/pkgs/tools/security/ipscan/default.nix b/nixpkgs/pkgs/tools/security/ipscan/default.nix index a5b0fe8d9289..d1c56beb0816 100644 --- a/nixpkgs/pkgs/tools/security/ipscan/default.nix +++ b/nixpkgs/pkgs/tools/security/ipscan/default.nix @@ -12,7 +12,8 @@ stdenv.mkDerivation rec { sourceRoot = "."; unpackCmd = "${dpkg}/bin/dpkg-deb -x $src ."; - buildInputs = [ makeWrapper jdk ]; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ jdk ]; installPhase = '' mkdir -p $out/share diff --git a/nixpkgs/pkgs/tools/security/john/default.nix b/nixpkgs/pkgs/tools/security/john/default.nix index b243e10d3531..e56e99909fff 100644 --- a/nixpkgs/pkgs/tools/security/john/default.nix +++ b/nixpkgs/pkgs/tools/security/john/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, openssl, nss, nspr, kerberos, gmp, zlib, libpcap, re2 +{ lib, stdenv, fetchurl, openssl, nss, nspr, libkrb5, gmp, zlib, libpcap, re2 , gcc, python3Packages, perl, perlPackages, makeWrapper }: @@ -36,7 +36,7 @@ stdenv.mkDerivation rec { "--with-systemwide" ]; - buildInputs = [ openssl nss nspr kerberos gmp zlib libpcap re2 ]; + buildInputs = [ openssl nss nspr libkrb5 gmp zlib libpcap re2 ]; nativeBuildInputs = [ gcc python3Packages.wrapPython perl makeWrapper ]; propagatedBuildInputs = (with python3Packages; [ dpkt scapy lxml ]) ++ # For pcap2john.py (with perlPackages; [ DigestMD4 DigestSHA1 GetoptLong # For pass_gen.pl diff --git a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix index 6b4639a53079..0b3a94d816bb 100644 --- a/nixpkgs/pkgs/tools/security/jwt-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/jwt-cli/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "jwt-cli"; - version = "3.3.0"; + version = "4.0.0"; src = fetchFromGitHub { owner = "mike-engel"; repo = pname; rev = version; - sha256 = "09zi55ffkhsckvqj84xnxn9bgfkrj9wnzqbh9hfsxzbk4xy7fc2h"; + sha256 = "sha256-82Le0kdt/fnSQwsRRYHy4Jv9rsCPGf5dIWmoZE2cPxY="; }; - cargoSha256 = "1k13pw202fr5mvd0ys39n3dxwcl3sd01j6izfb28k06b6pav3wc8"; + cargoSha256 = "sha256-nk4nrsePiUirVPoOPehCOf5ZoGVj3jy7PnSZENnpcaM="; buildInputs = lib.optional stdenv.isDarwin Security; diff --git a/nixpkgs/pkgs/tools/security/kbs2/default.nix b/nixpkgs/pkgs/tools/security/kbs2/default.nix index 80e6e25518e6..4e9b24818b47 100644 --- a/nixpkgs/pkgs/tools/security/kbs2/default.nix +++ b/nixpkgs/pkgs/tools/security/kbs2/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "kbs2"; - version = "0.2.5"; + version = "0.2.6"; src = fetchFromGitHub { owner = "woodruffw"; repo = pname; rev = "v${version}"; - sha256 = "1jilsczz22fyqbgz43gl5ilz62gfqsahfk30gayj7q5bx9k35m4w"; + sha256 = "sha256-PtXTC0VufUR5kle9C5KhCHHEQtQZvTTU1Q/cRMCB1g0="; }; - cargoSha256 = "1gvvmfavaq29p40p5mq1phpp2a1nw04dz4975pzm1b6z89p0jlzl"; + cargoSha256 = "sha256-S2czYglyHRkRN3Dq5reXFOaB1i/oIHXTY8Ile+Twvzo="; nativeBuildInputs = [ installShellFiles ] ++ lib.optionals stdenv.isLinux [ python3 ]; diff --git a/nixpkgs/pkgs/tools/security/knockpy/default.nix b/nixpkgs/pkgs/tools/security/knockpy/default.nix new file mode 100644 index 000000000000..89eda45322c7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/knockpy/default.nix @@ -0,0 +1,40 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "knockpy"; + version = "5.0.0"; + disabled = python3.pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "guelfoweb"; + repo = "knock"; + rev = version; + sha256 = "1h7sibdxx8y53xm1wydyng418n4j6baiys257msq03cs04jlm7h9"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + beautifulsoup4 + colorama + requests + ]; + + postPatch = '' + # https://github.com/guelfoweb/knock/pull/95 + substituteInPlace setup.py \ + --replace "bs4" "beautifulsoup4" + ''; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "knockpy" ]; + + meta = with lib; { + description = "Tool to scan subdomains"; + homepage = "https://github.com/guelfoweb/knock"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/kpcli/default.nix b/nixpkgs/pkgs/tools/security/kpcli/default.nix index d0e260bb6775..37af42e33ccf 100644 --- a/nixpkgs/pkgs/tools/security/kpcli/default.nix +++ b/nixpkgs/pkgs/tools/security/kpcli/default.nix @@ -9,7 +9,8 @@ stdenv.mkDerivation rec { sha256 = "1srd6vrqgjlf906zdyxp4bg6gihkxn62cpzyfv0zzpsqsj13iwh1"; }; - buildInputs = [ makeWrapper perl ]; + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl ]; phases = [ "installPhase" "fixupPhase" ]; diff --git a/nixpkgs/pkgs/tools/security/kwalletcli/default.nix b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix index c1849bdca395..d18d5c1ef8b5 100644 --- a/nixpkgs/pkgs/tools/security/kwalletcli/default.nix +++ b/nixpkgs/pkgs/tools/security/kwalletcli/default.nix @@ -3,13 +3,13 @@ mkDerivation rec { pname = "kwalletcli"; - version = "3.02"; + version = "3.03"; src = fetchFromGitHub { owner = "MirBSD"; repo = pname; rev = "${pname}-${lib.replaceStrings [ "." ] [ "_" ] version}"; - sha256 = "1gq45afb5nmmjfqxglv7wvcxcjd9822pc7nysq0350jmmmqwb474"; + sha256 = "sha256-DUtaQITzHhQrqA9QJd0U/5EDjH0IzY9/kal/7SYQ/Ck="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/ldeep/default.nix b/nixpkgs/pkgs/tools/security/ldeep/default.nix index 855ffc6fdba1..db4d14ba3ed7 100644 --- a/nixpkgs/pkgs/tools/security/ldeep/default.nix +++ b/nixpkgs/pkgs/tools/security/ldeep/default.nix @@ -10,11 +10,11 @@ buildPythonApplication rec { pname = "ldeep"; - version = "1.0.9"; + version = "1.0.10"; src = fetchPypi { inherit pname version; - sha256 = "0n38idkn9hy31m5xkrc36dmw364d137c7phssvj76gr2gqsrqjy3"; + sha256 = "sha256-/7mcmAj69NmuiK+xlQijAk39sMLDX8kHatmSI6XYbwE="; }; propagatedBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/libtpms/default.nix b/nixpkgs/pkgs/tools/security/libtpms/default.nix new file mode 100644 index 000000000000..85a2c1f72253 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/libtpms/default.nix @@ -0,0 +1,41 @@ +{ lib +, stdenv +, fetchFromGitHub +, pkg-config, autoreconfHook +, openssl, perl +}: + +stdenv.mkDerivation rec { + pname = "libtpms"; + version = "0.8.2"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "libtpms"; + rev = "v${version}"; + sha256 = "sha256-ljzxaZYC2RzasKoRvnjead8CEkbdptGD4V5QapvAQUQ="; + }; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + perl # needed for pod2man + ]; + buildInputs = [ openssl ]; + + outputs = [ "out" "man" "dev" ]; + + enableParallelBuilding = true; + + configureFlags = [ + "--with-openssl" + "--with-tpm2" + ]; + + meta = with lib; { + description = "The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)"; + homepage = "https://github.com/stefanberger/libtpms"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/masscan/default.nix b/nixpkgs/pkgs/tools/security/masscan/default.nix index b58163630c69..891311ddaa03 100644 --- a/nixpkgs/pkgs/tools/security/masscan/default.nix +++ b/nixpkgs/pkgs/tools/security/masscan/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ makeWrapper installShellFiles ]; - makeFlags = [ "PREFIX=$(out)" "GITVER=${version}" "CC=cc" ]; + makeFlags = [ "PREFIX=$(out)" "GITVER=${version}" "CC=${stdenv.cc.targetPrefix}cc" ]; preInstall = '' mkdir -p $out/bin diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index 7ffbb5c03235..150f00e92b45 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.29" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.38" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index 926d955d2e85..c64e2b31aff5 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: f54a838fa686f495854a71cb32fadcb1853b6201 - ref: refs/tags/6.0.29 + revision: 4c7a221f3d186b0cd65d2a765533fda54f0848f4 + ref: refs/tags/6.0.38 specs: - metasploit-framework (6.0.29) + metasploit-framework (6.0.38) actionpack (~> 5.2.2) activerecord (~> 5.2.2) activesupport (~> 5.2.2) @@ -12,7 +12,6 @@ GIT aws-sdk-s3 bcrypt bcrypt_pbkdf - bit-struct bson concurrent-ruby (= 1.0.5) dnsruby @@ -31,9 +30,9 @@ GIT metasploit-concern metasploit-credential metasploit-model - metasploit-payloads (= 2.0.28) + metasploit-payloads (= 2.0.41) metasploit_data_models - metasploit_payloads-mettle (= 1.0.6) + metasploit_payloads-mettle (= 1.0.8) mqtt msgpack nessus_rest @@ -93,26 +92,26 @@ GEM remote: https://rubygems.org/ specs: Ascii85 (1.1.0) - actionpack (5.2.4.4) - actionview (= 5.2.4.4) - activesupport (= 5.2.4.4) + actionpack (5.2.5) + actionview (= 5.2.5) + activesupport (= 5.2.5) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.4.4) - activesupport (= 5.2.4.4) + actionview (5.2.5) + activesupport (= 5.2.5) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activemodel (5.2.4.4) - activesupport (= 5.2.4.4) - activerecord (5.2.4.4) - activemodel (= 5.2.4.4) - activesupport (= 5.2.4.4) + activemodel (5.2.5) + activesupport (= 5.2.5) + activerecord (5.2.5) + activemodel (= 5.2.5) + activesupport (= 5.2.5) arel (>= 9.0) - activesupport (5.2.4.4) + activesupport (5.2.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -123,33 +122,32 @@ GEM arel (9.0.0) arel-helpers (2.12.0) activerecord (>= 3.1.0, < 7) - aws-eventstream (1.1.0) - aws-partitions (1.424.0) - aws-sdk-core (3.112.0) + aws-eventstream (1.1.1) + aws-partitions (1.441.0) + aws-sdk-core (3.113.1) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-ec2 (1.224.0) + aws-sdk-ec2 (1.232.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-iam (1.47.0) + aws-sdk-iam (1.52.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-kms (1.42.0) + aws-sdk-kms (1.43.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.88.0) + aws-sdk-s3 (1.93.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) - aws-sigv4 (1.2.2) + aws-sigv4 (1.2.3) aws-eventstream (~> 1, >= 1.0.2) bcrypt (3.1.16) bcrypt_pbkdf (1.1.0) bindata (2.4.8) - bit-struct (0.16) - bson (4.11.1) + bson (4.12.0) builder (3.2.4) concurrent-ruby (1.0.5) cookiejar (0.3.3) @@ -168,7 +166,7 @@ GEM eventmachine (>= 1.0.0.beta.4) erubi (1.10.0) eventmachine (1.2.7) - faker (2.15.1) + faker (2.17.0) i18n (>= 1.6, < 2) faraday (1.3.0) faraday-net_http (~> 1.0) @@ -183,10 +181,10 @@ GEM hrr_rb_ssh (0.3.0.pre2) ed25519 (~> 1.2) http_parser.rb (0.6.0) - i18n (1.8.8) + i18n (1.8.10) concurrent-ruby (~> 1.0) - io-console (0.5.7) - irb (1.3.3) + io-console (0.5.9) + irb (1.3.5) reline (>= 0.1.5) jmespath (1.4.0) jsobfu (0.4.2) @@ -214,8 +212,8 @@ GEM activemodel (~> 5.2.2) activesupport (~> 5.2.2) railties (~> 5.2.2) - metasploit-payloads (2.0.28) - metasploit_data_models (4.1.1) + metasploit-payloads (2.0.41) + metasploit_data_models (4.1.2) activerecord (~> 5.2.2) activesupport (~> 5.2.2) arel-helpers @@ -224,10 +222,11 @@ GEM pg railties (~> 5.2.2) recog (~> 2.0) - metasploit_payloads-mettle (1.0.6) + webrick + metasploit_payloads-mettle (1.0.8) method_source (1.0.0) mini_portile2 (2.5.0) - minitest (5.14.3) + minitest (5.14.4) mqtt (0.5.0) msgpack (1.4.2) multipart-post (2.1.1) @@ -237,9 +236,9 @@ GEM net-ldap (0.17.0) net-ssh (6.1.0) network_interface (0.0.2) - nexpose (7.2.1) - nio4r (2.5.5) - nokogiri (1.11.1) + nexpose (7.3.0) + nio4r (2.5.7) + nokogiri (1.11.2) mini_portile2 (~> 2.5.0) racc (~> 1.4) octokit (4.20.0) @@ -260,7 +259,7 @@ GEM ttfunk pg (1.2.3) public_suffix (4.0.6) - puma (5.2.1) + puma (5.2.2) nio4r (~> 2.0) racc (1.5.2) rack (2.2.3) @@ -273,9 +272,9 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (5.2.4.4) - actionpack (= 5.2.4.4) - activesupport (= 5.2.4.4) + railties (5.2.5) + actionpack (= 5.2.5) + activesupport (= 5.2.5) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) @@ -284,7 +283,7 @@ GEM recog (2.3.19) nokogiri redcarpet (3.5.1) - reline (0.2.3) + reline (0.2.5) io-console (~> 0.5) rex-arch (0.1.14) rex-text @@ -294,17 +293,18 @@ GEM rex-core rex-struct2 rex-text - rex-core (0.1.15) + rex-core (0.1.16) rex-encoder (0.1.5) metasm rex-arch rex-text - rex-exploitation (0.1.26) + rex-exploitation (0.1.27) jsobfu metasm rex-arch rex-encoder rex-text + rexml rex-java (0.1.6) rex-mime (0.1.6) rex-text @@ -323,16 +323,17 @@ GEM metasm rex-core rex-text - rex-socket (0.1.25) + rex-socket (0.1.29) rex-core - rex-sslscan (0.1.5) + rex-sslscan (0.1.6) rex-core rex-socket rex-text rex-struct2 (0.1.3) - rex-text (0.2.31) + rex-text (0.2.33) rex-zip (0.1.4) rex-text + rexml (3.2.4) rkelly-remix (0.0.7) ruby-macho (2.5.0) ruby-rc4 (0.1.5) diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index e11b1dd29908..5dce17ff190b 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -8,16 +8,16 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.0.29"; + version = "6.0.38"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-QDgInLW/uOBGf0ioPPBMUZv/c9tA7OtTOfp2CEAjf24="; + sha256 = "sha256-/e1BWhkM4A+xrvDS6Z01sND9aOZDn+cL0RIcAgT5oZs="; }; - buildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; dontPatchELF = true; # stay away from exploit executables diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index d33ca7ce03fb..49fedb7a84a2 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -4,50 +4,50 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0d8gxymshjhva5fyv33iy2hzp4jm3i44asdbma9pv9wzpl5fwhn0"; + sha256 = "1m9wdcnkls8cs31gfic5hffnrz0l1iyk0dldwx2q2z58qhh3sw0m"; type = "gem"; }; - version = "5.2.4.4"; + version = "5.2.5"; }; actionview = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0k8dgkplqj76i3q1f8897m8svj2xggd1knhy3bcwfl4nh7998kw6"; + sha256 = "1xlcfcbmwlmcp6vi9ay5xw9lqnj70bl1gn19hafygv9w65sw0n2i"; type = "gem"; }; - version = "5.2.4.4"; + version = "5.2.5"; }; activemodel = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1g79l7v0ddpxcj5r2s9kii6h4r4nbpy5bksbqi5lxvivrb3pkz1m"; + sha256 = "1bb600bsxd0gf4vwqq2qiklg7wd37b0as6ll3k5hjy9v6izj006b"; type = "gem"; }; - version = "5.2.4.4"; + version = "5.2.5"; }; activerecord = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "05b9l85a31cq6g7v4b4ifrj798q49rlidcvvfasmb3bk412wlp03"; + sha256 = "03zijqm7xdmmylzp68hadvq5rps67lsq10hnq6kpmhq496pp7wlj"; type = "gem"; }; - version = "5.2.4.4"; + version = "5.2.5"; }; activesupport = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0dpnk20s754fz6jfz9sp3ri49hn46ksw4hf6ycnlw7s3hsdxqgcd"; + sha256 = "1bizrvn05d59l1qzwkhqvwmzicamq4p66z2ziap5ks9y6hqgqmzj"; type = "gem"; }; - version = "5.2.4.4"; + version = "5.2.5"; }; addressable = { groups = ["default"]; @@ -104,80 +104,80 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0r0pn66yqrdkrfdin7qdim0yj2x75miyg4wp6mijckhzhrjb7cv5"; + sha256 = "0jfki5ikfr8ln5cdgv4iv1643kax0bjpp29jh78chzy713274jh3"; type = "gem"; }; - version = "1.1.0"; + version = "1.1.1"; }; aws-partitions = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1dxyx3pnih7g23hq794ldapsszddcmldxf6pq3z99q4d8rg8rrqp"; + sha256 = "07i9mqbh19pd25wd3laxv1bcmzcpriw54g0x3mqzkn600h8f3lg9"; type = "gem"; }; - version = "1.424.0"; + version = "1.441.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "15lynby6r91p9hh5h92pg4jr8xgnjr52px5ax0p0wncdw4vz0skp"; + sha256 = "0i3x8p9gymc9977dcdkz5ca6mrmh7ym6p2mrscbh49nfd9gi5zg0"; type = "gem"; }; - version = "3.112.0"; + version = "3.113.1"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1lg8vh124viba77b0qhi5j8xx8b4wxdiyycl4kaawmddwhr33zx9"; + sha256 = "0n7hi66zpm8mgfgf32gw7c9p4rv09q9kipsr01l5l2n2d69k67q5"; type = "gem"; }; - version = "1.224.0"; + version = "1.232.0"; }; aws-sdk-iam = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "16152qidkisakl2iqvghrjnccq279pahb953q5a4q0ipk5imw2c1"; + sha256 = "13mc05yx3f2g1543y349qysszzk811ns2dcjcidbszaasvpz3cci"; type = "gem"; }; - version = "1.47.0"; + version = "1.52.0"; }; aws-sdk-kms = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00wgf83cdy6z77b2y0ld0aqiidfyldi71hx0z8b73gxjdlbwpq1i"; + sha256 = "01pd0f4srsa65zl4zq4014p9j5yrr2yy9h9ab17g3w9d0qqm2vsh"; type = "gem"; }; - version = "1.42.0"; + version = "1.43.0"; }; aws-sdk-s3 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "029iqr52fxxz8d6jb2g4k76i7nnjyspvjdlx52xah25zzhp3bx7v"; + sha256 = "0iy2f9z43pc6fgwmga2cz8nf9gy2pwcw4jib141vp8z8dhylqj94"; type = "gem"; }; - version = "1.88.0"; + version = "1.93.0"; }; aws-sigv4 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ll9382c1x2hp750cilh01h1cycgyhdr4cmmgx23k94hyyb8chv5"; + sha256 = "1d9zhmi3mpfzkkpg7yw7s9r1dwk157kh9875j3c7gh6cy95lmmaw"; type = "gem"; }; - version = "1.2.2"; + version = "1.2.3"; }; bcrypt = { groups = ["default"]; @@ -209,25 +209,15 @@ }; version = "2.4.8"; }; - bit-struct = { - groups = ["default"]; - platforms = []; - source = { - remotes = ["https://rubygems.org"]; - sha256 = "1w7x1fh4a6inpb46imhdf4xrq0z4d6zdpg7sdf8n98pif2hx50sx"; - type = "gem"; - }; - version = "0.16"; - }; bson = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "12v95l3v7n7lh3mk8k1jdrkpn2vjnkb8k636hcygaczzv4jdsdfp"; + sha256 = "0gny4n34gwfc6x04x7vli5my6cdl90n4i0wsxm758q81hfmkqxd7"; type = "gem"; }; - version = "4.11.1"; + version = "4.12.0"; }; builder = { groups = ["default"]; @@ -344,10 +334,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1l0dvswigzxaz9558wmfix3v8cmwwkgdvrx1fmpd3qnr5hky1qrk"; + sha256 = "0z3d4y6xg8prn3zdjw1qpqrnziq1d3zigqil4sxjj0pbr46gc1d6"; type = "gem"; }; - version = "2.15.1"; + version = "2.17.0"; }; faraday = { groups = ["default"]; @@ -424,30 +414,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0k7q3pwm0l1qvx6sc3d4dxmdxqx2pc63lbfjwv0k0higq94rinvs"; + sha256 = "0g2fnag935zn2ggm5cn6k4s4xvv53v2givj1j90szmvavlpya96a"; type = "gem"; }; - version = "1.8.8"; + version = "1.8.10"; }; io-console = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1gp1xx2g1x81wsh929x7rzsm0c8qgkhr2mkjn79fbdwyfnk4s04l"; + sha256 = "0pmafwxh8z1apnk7bb1ibnbhfrgb1jgilxm4j8d0fcqlc2ggmbja"; type = "gem"; }; - version = "0.5.7"; + version = "0.5.9"; }; irb = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00c95xk8c9wzcs5imsrm85jk06y8l4dbnzhvqap98nprr9mxxnvl"; + sha256 = "06i0izb1jm4ijydwk9w2jqyvz72aznaa1b386769yfi8284cnwj6"; type = "gem"; }; - version = "1.3.3"; + version = "1.3.5"; }; jmespath = { groups = ["default"]; @@ -524,12 +514,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "f54a838fa686f495854a71cb32fadcb1853b6201"; - sha256 = "0vkz4d00hxps759ypv20vdrzz6si9kq3ra28gx3f1f5znnf0hf20"; + rev = "4c7a221f3d186b0cd65d2a765533fda54f0848f4"; + sha256 = "16x1z420470js45yg7s3wrlgvl5h6nfyklphmsqhzq0c35d43vgx"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.0.29"; + version = "6.0.38"; }; metasploit-model = { groups = ["default"]; @@ -546,30 +536,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1xln6zgdiimrbwjbdhi9008bjhmwqm13zky4310pvr7g8riffwqx"; + sha256 = "1nnb6kidfm39qyhv694m7skbvmsp5sjw52633v89zq0ym4y5wld5"; type = "gem"; }; - version = "2.0.28"; + version = "2.0.41"; }; metasploit_data_models = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1czqg49b7n9n2iqp6r4f1cxh8kd39gbjvydq09hzmzdmkwxh3x1f"; + sha256 = "1kzlvq20ml4b5lr1qbrkmivdi37mxi8fasdqg4yla2libfbdz008"; type = "gem"; }; - version = "4.1.1"; + version = "4.1.2"; }; metasploit_payloads-mettle = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1mxhybic6myh993fs4jmp0hz998ryf362y0b33wqanff1n8aj75k"; + sha256 = "0nq6wxsaghj0yqwn988z71d9f0qwglcrliwkgqr9f16vbbv33p36"; type = "gem"; }; - version = "1.0.6"; + version = "1.0.8"; }; method_source = { groups = ["default"]; @@ -596,10 +586,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ipjhdw8ds6q9h7bs3iw28bjrwkwp215hr4l3xf6215fsl80ky5j"; + sha256 = "19z7wkhg59y8abginfrm2wzplz7py3va8fyngiigngqvsws6cwgl"; type = "gem"; }; - version = "5.14.3"; + version = "5.14.4"; }; mqtt = { groups = ["default"]; @@ -686,30 +676,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0i108glkklwgjxhfhnlqf4b16plqf9b84qpfz0pnl2pbnal5af8m"; + sha256 = "0jz5xiwiwagd663qdlfhmc9fm76x78cqhighmfivy6w5v0n4xyq0"; type = "gem"; }; - version = "7.2.1"; + version = "7.3.0"; }; nio4r = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0xbrmq1pvmszrwf40lzwmf8krs2b56720i7wsz9gh274qljkzklf"; + sha256 = "00fwz0qq7agd2xkdz02i8li236qvwhma3p0jdn5bdvc21b7ydzd5"; type = "gem"; }; - version = "2.5.5"; + version = "2.5.7"; }; nokogiri = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1ajwkqr28hwqbyl1l3czx4a34c88acxywyqp8cjyy0zgsd6sbhj2"; + sha256 = "0b51df8fwadak075cvi17w0nch6qz1r66564qp29qwfj67j9qp0p"; type = "gem"; }; - version = "1.11.1"; + version = "1.11.2"; }; octokit = { groups = ["default"]; @@ -816,10 +806,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "10kj484ppkjdg1j8jac4bxdv1082bd6g6xhrj70chlp7lkgl8ggh"; + sha256 = "0wiprd0v4mjqv5p1vqaidr9ci2xm08lcxdz1k50mb1b6nrw6r74k"; type = "gem"; }; - version = "5.2.1"; + version = "5.2.2"; }; racc = { groups = ["default"]; @@ -886,10 +876,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "089kiwmv8fxyfk0zp57q74nyd5i6d5x5ihlrzbzwl041v94s2zx9"; + sha256 = "072spzdpc8bv35nflr43i67njlriavqkrz6cgyd42adz6bqyval9"; type = "gem"; }; - version = "5.2.4.4"; + version = "5.2.5"; }; rake = { groups = ["default"]; @@ -936,10 +926,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "18xpix2hn4x4hihn0fjsv6i7jr7zjfbwzs94hwn48klyq3yrym2h"; + sha256 = "1bf86g8a761mp516349gzmvxkafj36nznczznb3flkn4a84dlk3k"; type = "gem"; }; - version = "0.2.3"; + version = "0.2.5"; }; rex-arch = { groups = ["default"]; @@ -966,10 +956,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bjz0mhxijvfq535hpzswr83yrq3ghkkmqna63yjsabh61qpxx16"; + sha256 = "08krnf05mbq6x2d92fv34bl8xdz1d3yq2m0mp8bfbq5kd6a13l2w"; type = "gem"; }; - version = "0.1.15"; + version = "0.1.16"; }; rex-encoder = { groups = ["default"]; @@ -986,10 +976,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0z4dn579mxl22qdxcnbmxp0diia6kr7c20giv0bn4r0viavz49gc"; + sha256 = "1b10rcrw52nj2aswsn0kwv0s601rbn077k0r6n5lblip6fbrqz9i"; type = "gem"; }; - version = "0.1.26"; + version = "0.1.27"; }; rex-java = { groups = ["default"]; @@ -1076,20 +1066,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1601b7vhp56sif21lk7mqcn3bbkhdrp6zz0vag8yzma3ji707pqg"; + sha256 = "0ar9vm8pwjz7c11kr3pjnxbgk68f2i5k1r9j3r34pfq9n26s79gr"; type = "gem"; }; - version = "0.1.25"; + version = "0.1.29"; }; rex-sslscan = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06gbx45q653ajcx099p0yxdqqxazfznbrqshd4nwiwg1p498lmyx"; + sha256 = "0r58n1ifbay1gq3kln9yg5iqjwp69l0pmb9sqakhqwhjlhzqx2kr"; type = "gem"; }; - version = "0.1.5"; + version = "0.1.6"; }; rex-struct2 = { groups = ["default"]; @@ -1106,10 +1096,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "078bdybz7cw3zd0mr59qgr1x6pifnn352636s74i1ncqzrzni46b"; + sha256 = "1933p6fri27d2gscws43k1v8jw1821l5j4yfi9z97ch5l80mv1zr"; type = "gem"; }; - version = "0.2.31"; + version = "0.2.33"; }; rex-zip = { groups = ["default"]; @@ -1121,6 +1111,16 @@ }; version = "0.1.4"; }; + rexml = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mkvkcw9fhpaizrhca0pdgjcrbns48rlz4g6lavl5gjjq3rk2sq3"; + type = "gem"; + }; + version = "3.2.4"; + }; rkelly-remix = { groups = ["default"]; platforms = []; diff --git a/nixpkgs/pkgs/tools/security/nmap-unfree/default.nix b/nixpkgs/pkgs/tools/security/nmap-unfree/default.nix new file mode 100644 index 000000000000..1e6ed42bae45 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nmap-unfree/default.nix @@ -0,0 +1,65 @@ +{ lib +, stdenv +, fetchurl +, libpcap +, pkg-config +, openssl +, lua5_3 +, pcre +, liblinear +, libssh2 +, zlib +, withLua ? true +}: + +stdenv.mkDerivation rec { + pname = "nmap-unfree"; + version = "7.91"; + + src = fetchurl { + url = "https://nmap.org/dist/nmap-${version}.tar.bz2"; + sha256 = "001kb5xadqswyw966k2lqi6jr6zz605jpp9w4kmm272if184pk0q"; + }; + + prePatch = lib.optionalString stdenv.isDarwin '' + substituteInPlace libz/configure \ + --replace /usr/bin/libtool ar \ + --replace 'AR="libtool"' 'AR="ar"' \ + --replace 'ARFLAGS="-o"' 'ARFLAGS="-r"' + ''; + + configureFlags = [ + (if withLua then "--with-liblua=${lua5_3}" else "--without-liblua") + ]; + + makeFlags = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ + "AR=${stdenv.cc.bintools.targetPrefix}ar" + "RANLIB=${stdenv.cc.bintools.targetPrefix}ranlib" + "CC=${stdenv.cc.targetPrefix}gcc" + ]; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ + pcre + liblinear + libssh2 + libpcap + openssl + zlib + ]; + + enableParallelBuilding = true; + + # Tests require network access + doCheck = false; + + meta = with lib; { + description = "Open source utility for network discovery and security auditing"; + homepage = "http://www.nmap.org"; + # Nmap Public Source License Version 0.93 + # https://github.com/nmap/nmap/blob/master/LICENSE + license = licenses.unfree; + maintainers = with maintainers; [ fab SuperSandro2000 ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nosqli/default.nix b/nixpkgs/pkgs/tools/security/nosqli/default.nix new file mode 100644 index 000000000000..3163d1683710 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nosqli/default.nix @@ -0,0 +1,25 @@ +{ buildGoModule +, fetchFromGitHub +, lib +}: + +buildGoModule rec { + pname = "nosqli"; + version = "0.5.2"; + + src = fetchFromGitHub { + owner = "Charlie-belmer"; + repo = pname; + rev = "v${version}"; + sha256 = "006z76v4a3pxzgnkj5nl0mrlsqmfgvg51w20dl118k2xa70zz63j"; + }; + + vendorSha256 = "01spdh2gbzp6yg2jbiwfnyhqb5s605hyfxhs0f9h4ps4qbi1h9cv"; + + meta = with lib; { + description = "NoSql Injection tool for finding vulnerable websites using MongoDB"; + homepage = "https://github.com/Charlie-belmer/nosqli"; + license = with licenses; [ agpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index 2df24e63d894..da654e74f9bd 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -1,24 +1,28 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "nuclei"; - version = "2.2.0"; + version = "2.3.4"; src = fetchFromGitHub { owner = "projectdiscovery"; - repo = "nuclei"; + repo = pname; rev = "v${version}"; - sha256 = "0xrvza86aczlnb11x58fiqch5g0q6gvpxwsi5dq3akfi95gk3a3x"; + sha256 = "sha256-qjbr3kTgIFdxyzRwSvWyh5krrlzD8i1nMeoLZYSbr6g="; }; - vendorSha256 = "1v3ax8l1lgp2vs50gsa2fhdd6bvyfdlkd118akrqmwxahyyyqycv"; + vendorSha256 = "sha256-qmuua7HXnwuy24CSqHKALqNDmXBvSIXYTVu3kaGVoeU="; - preBuild = '' - mv v2/* . - ''; + modRoot = "./v2"; + subPackages = [ + "cmd/nuclei/" + ]; + + # Test files are not part of the release tarball + doCheck = false; meta = with lib; { description = "Tool for configurable targeted scanning"; diff --git a/nixpkgs/pkgs/tools/security/open-ecard/default.nix b/nixpkgs/pkgs/tools/security/open-ecard/default.nix index c46d5b65cd8e..5c07add90563 100644 --- a/nixpkgs/pkgs/tools/security/open-ecard/default.nix +++ b/nixpkgs/pkgs/tools/security/open-ecard/default.nix @@ -25,7 +25,7 @@ in stdenv.mkDerivation rec { phases = "installPhase"; - buildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; desktopItem = makeDesktopItem { name = appName; diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix index 0fd14901d0db..11b4eecd14d9 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, pass, fetchFromGitHub, pythonPackages, makeWrapper, fetchpatch }: +{ lib, stdenv, fetchFromGitHub, pythonPackages, makeWrapper, fetchpatch }: let pythonEnv = pythonPackages.python.withPackages (p: [ diff --git a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix index b6547deb560a..3b5aedf81a80 100644 --- a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix +++ b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { sha256 = "131jpcwyyzgzjn9lx4k1zn95pd68pjw4i41jfzcp9z9fnazyln5n"; }; - buildInputs = [ makeWrapper ]; + nativeBuildInputs = [ makeWrapper ]; dontBuild = true; diff --git a/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix b/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix new file mode 100644 index 000000000000..a53e03c3c1e3 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix @@ -0,0 +1,27 @@ +{ lib, pandoc, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "passphrase2pgp"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "skeeto"; + repo = pname; + rev = "v${version}"; + hash = "sha256-Nje77tn55CKRU6igEA/6IquDhXVVQAdiez6nmN49di4"; + }; + + vendorSha256 = "sha256-7q5nwkj4TP7VgHmV9YBbCB11yTPL7tK4gD+uN4Vw3Cs"; + + postInstall = '' + mkdir -p $out/share/doc/$name + cp README.md $out/share/doc/$name + ''; + + meta = with lib; { + description = "Predictable, passphrase-based PGP key generator"; + homepage = "https://github.com/skeeto/passphrase2pgp"; + license = licenses.unlicense; + maintainers = with maintainers; [ kaction ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix index b7c4319fa058..aa1580e24598 100644 --- a/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsc-scm-scl011/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { sha256 = "0ik26sxgqgsqplksl87z61vwmx51k7plaqmrkdid7xidgfhfxr42"; }; - buildInputs = [ unzip ]; + nativeBuildInputs = [ unzip ]; unpackPhase = '' unzip $src diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix index 1d874a16da64..2a75c409305e 100644 --- a/nixpkgs/pkgs/tools/security/pcsclite/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -1,15 +1,14 @@ -{ lib, stdenv, fetchurl, pkg-config, udev, dbus, perl, python3 -, IOKit ? null }: +{ lib, stdenv, fetchurl, pkg-config, udev, dbus, perl, python3, IOKit }: stdenv.mkDerivation rec { pname = "pcsclite"; - version = "1.9.0"; + version = "1.9.1"; outputs = [ "bin" "out" "dev" "doc" "man" ]; src = fetchurl { url = "https://pcsclite.apdu.fr/files/pcsc-lite-${version}.tar.bz2"; - sha256 = "1y9f9zipnrmgiw0mxrvcgky8vfrcmg6zh40gbln5a93i2c1x8j01"; + sha256 = "sha256-c8R4m3h2qDOnD0k82iFlXf6FaJ2bfilwHCQyduVeaDo="; }; patches = [ ./no-dropdir-literals.patch ]; @@ -19,9 +18,9 @@ stdenv.mkDerivation rec { "--enable-usbdropdir=/var/lib/pcsc/drivers" "--enable-confdir=/etc" ] ++ lib.optional stdenv.isLinux - "--with-systemdsystemunitdir=\${out}/etc/systemd/system" - ++ lib.optional (!stdenv.isLinux) - "--disable-libsystemd"; + "--with-systemdsystemunitdir=\${out}/etc/systemd/system" + ++ lib.optional (!stdenv.isLinux) + "--disable-libsystemd"; postConfigure = '' sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ { @@ -35,8 +34,10 @@ stdenv.mkDerivation rec { ''; nativeBuildInputs = [ pkg-config perl ]; - buildInputs = [ python3 ] ++ lib.optionals stdenv.isLinux [ udev dbus ] - ++ lib.optionals stdenv.isDarwin [ IOKit ]; + + buildInputs = [ python3 ] + ++ lib.optionals stdenv.isLinux [ udev dbus ] + ++ lib.optionals stdenv.isDarwin [ IOKit ]; meta = with lib; { description = "Middleware to access a smart card using SCard API (PC/SC)"; diff --git a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix index afef0d4c4723..451cdd5591bd 100644 --- a/nixpkgs/pkgs/tools/security/pdfcrack/default.nix +++ b/nixpkgs/pkgs/tools/security/pdfcrack/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { homepage = "http://pdfcrack.sourceforge.net/"; description = "Small command line driven tool for recovering passwords and content from PDF files"; license = with licenses; [ gpl2 ]; - platforms = platforms.linux; + platforms = platforms.all; maintainers = with maintainers; [ qoelet ]; }; } diff --git a/nixpkgs/pkgs/tools/security/pinentry/mac.nix b/nixpkgs/pkgs/tools/security/pinentry/mac.nix index 9c328d472c4b..27917ffbbf17 100644 --- a/nixpkgs/pkgs/tools/security/pinentry/mac.nix +++ b/nixpkgs/pkgs/tools/security/pinentry/mac.nix @@ -14,6 +14,12 @@ stdenv.mkDerivation { nativeBuildInputs = [ xcbuildHook ]; buildInputs = [ libiconv ncurses Cocoa ]; + preBuild = '' + # Only build for what we care about (also allows arm64) + substituteInPlace pinentry-mac.xcodeproj/project.pbxproj \ + --replace "i386 x86_64 ppc" "${stdenv.targetPlatform.darwinArch}" + ''; + installPhase = '' mkdir -p $out/Applications mv Products/Release/pinentry-mac.app $out/Applications diff --git a/nixpkgs/pkgs/tools/security/proxmark3/default.nix b/nixpkgs/pkgs/tools/security/proxmark3/default.nix index 3b1f21ac7187..b52e7279fa98 100644 --- a/nixpkgs/pkgs/tools/security/proxmark3/default.nix +++ b/nixpkgs/pkgs/tools/security/proxmark3/default.nix @@ -15,6 +15,8 @@ let nativeBuildInputs = [ pkg-config gcc-arm-embedded ]; buildInputs = [ ncurses readline pcsclite qt5.qtbase ]; + dontWrapQtApps = true; + postPatch = '' substituteInPlace client/Makefile --replace '-ltermcap' ' ' substituteInPlace liblua/Makefile --replace '-ltermcap' ' ' diff --git a/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix b/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix index 04def66d03c9..2ae344394724 100644 --- a/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix +++ b/nixpkgs/pkgs/tools/security/proxmark3/proxmark3-rrg.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, mkDerivation, fetchFromGitHub, pkg-config, gcc-arm-embedded, bluez5 +{ lib, mkDerivation, fetchFromGitHub, pkg-config, gcc-arm-embedded, bluez5 , readline , hardwarePlatform ? "PM3RDV4" diff --git a/nixpkgs/pkgs/tools/security/prs/default.nix b/nixpkgs/pkgs/tools/security/prs/default.nix new file mode 100644 index 000000000000..2d96c89970ec --- /dev/null +++ b/nixpkgs/pkgs/tools/security/prs/default.nix @@ -0,0 +1,48 @@ +{ lib +, rustPlatform +, fetchFromGitLab +, pkg-config +, python3 +, dbus +, glib +, gpgme +, gtk3 +, libxcb +}: + +rustPlatform.buildRustPackage rec { + pname = "prs"; + version = "0.2.7"; + + src = fetchFromGitLab { + owner = "timvisee"; + repo = "prs"; + rev = "v${version}"; + sha256 = "sha256-1Jrgf5UW6k0x3q6kQIB6Q7moOhConEnUU9r+21W5Uu8="; + }; + + cargoSha256 = "sha256-N3pLW/OGeurrl+AlwdfbZ3T7WzEOAuyUMdIR164Xp7k="; + + postPatch = '' + # The GPGME backend is recommended + for f in "gtk3/Cargo.toml" "cli/Cargo.toml"; do + substituteInPlace "$f" --replace \ + 'default = ["backend-gnupg-bin"' 'default = ["backend-gpgme"' + done + ''; + + nativeBuildInputs = [ gpgme pkg-config python3 ]; + + buildInputs = [ dbus glib gpgme gtk3 libxcb ]; + + meta = with lib; { + description = "Secure, fast & convenient password manager CLI using GPG and git to sync"; + homepage = "https://gitlab.com/timvisee/prs"; + changelog = "https://gitlab.com/timvisee/prs/-/blob/v${version}/CHANGELOG.md"; + license = with licenses; [ + lgpl3Only # lib + gpl3Only # everything else + ]; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/pwncat/default.nix b/nixpkgs/pkgs/tools/security/pwncat/default.nix new file mode 100644 index 000000000000..67cfac9085fa --- /dev/null +++ b/nixpkgs/pkgs/tools/security/pwncat/default.nix @@ -0,0 +1,24 @@ +{ lib +, buildPythonApplication +, fetchPypi +}: + +buildPythonApplication rec { + pname = "pwncat"; + version = "0.1.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "62e625e9061f037cfca7b7455a4f7db4213c1d1302e73d4c475c63f924f1805f"; + }; + + # Tests requires to start containers + doCheck = false; + + meta = with lib; { + description = "TCP/UDP communication suite"; + homepage = "https://pwncat.org/"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rage/default.nix b/nixpkgs/pkgs/tools/security/rage/default.nix index 3724637c6047..d248fb19a276 100644 --- a/nixpkgs/pkgs/tools/security/rage/default.nix +++ b/nixpkgs/pkgs/tools/security/rage/default.nix @@ -3,16 +3,16 @@ rustPlatform.buildRustPackage rec { pname = "rage"; - version = "0.5.0"; + version = "0.5.1"; src = fetchFromGitHub { owner = "str4d"; repo = pname; rev = "v${version}"; - sha256 = "sha256-XSDfAsXfwSoe5JMdJtZlC324Sra+4fVJhE3/k2TthEc="; + sha256 = "sha256-oYCARqG5YwKO0b73aEMLr/xzXl6xBEMCvE1HMCtMq20="; }; - cargoSha256 = "sha256-GPr5zxeODAjD+ynp/nned9gZUiReYcdzosuEbLIKZSs="; + cargoSha256 = "sha256-vadXIdqfmol4thHIwpkQCn7HsXdxo0l+6CBm3QIJmeA="; nativeBuildInputs = [ installShellFiles ]; diff --git a/nixpkgs/pkgs/tools/security/rarcrack/default.nix b/nixpkgs/pkgs/tools/security/rarcrack/default.nix index 94800ca8c04f..3745a9520f1c 100644 --- a/nixpkgs/pkgs/tools/security/rarcrack/default.nix +++ b/nixpkgs/pkgs/tools/security/rarcrack/default.nix @@ -11,7 +11,8 @@ stdenv.mkDerivation { sha256 = "134fq84896w5vp8vg4qg0ybpb466njibigyd7bqqm1xydr07qrgn"; }; - buildInputs = [ libxml2 file p7zip unrar unzip ]; + nativeBuildInputs = [ unzip ]; + buildInputs = [ libxml2 file p7zip unrar ]; buildFlags = lib.optional stdenv.cc.isClang "CC=clang"; installFlags = [ "PREFIX=\${out}" ]; diff --git a/nixpkgs/pkgs/tools/security/rbw/bump-security-framework-crate.patch b/nixpkgs/pkgs/tools/security/rbw/bump-security-framework-crate.patch new file mode 100644 index 000000000000..9074dd925b82 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rbw/bump-security-framework-crate.patch @@ -0,0 +1,19 @@ +Bump security-framework from 2.1.1 to 2.1.2 + +security-framework=2.1.1 doesn't build on Darwin 10.12. +https://github.com/kornelski/rust-security-framework/issues/124 + +--- i/Cargo.lock ++++ w/Cargo.lock +@@ -1361,9 +1361,9 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" + + [[package]] + name = "security-framework" +-version = "2.1.1" ++version = "2.1.2" + source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "2dfd318104249865096c8da1dfabf09ddbb6d0330ea176812a62ec75e40c4166" ++checksum = "d493c5f39e02dfb062cd8f33301f90f9b13b650e8c1b1d0fd75c19dd64bff69d" + dependencies = [ + "bitflags", + "core-foundation", diff --git a/nixpkgs/pkgs/tools/security/rbw/default.nix b/nixpkgs/pkgs/tools/security/rbw/default.nix index 6ea2f45b8062..c1f99719d76c 100644 --- a/nixpkgs/pkgs/tools/security/rbw/default.nix +++ b/nixpkgs/pkgs/tools/security/rbw/default.nix @@ -2,11 +2,11 @@ , stdenv , rustPlatform , fetchCrate -, pinentry , openssl , pkg-config , makeWrapper , Security +, libiconv # rbw-fzf , withFzf ? false, fzf, perl @@ -20,27 +20,26 @@ rustPlatform.buildRustPackage rec { pname = "rbw"; - version = "0.5.2"; + version = "1.1.2"; src = fetchCrate { inherit version; crateName = pname; - sha256 = "1mxl71yz2iy5s6pbp33cwkfzzilkla4qqiskd6jsd5fdlrrwlxqm"; + sha256 = "1xihjx4f8kgyablxsy8vgn4w6i92p2xm5ncacdk39npa5g8wadlx"; }; - cargoSha256 = "19gznam64s17kha3accgjks5rmd9kpqqgxg3dfrk7fg5v4431007"; + cargoSha256 = "0fvs06wd05a90dggi7n46d5gl9flnciqzg9j3ijmz3z5bb6aky1b"; + + cargoPatches = [ ./bump-security-framework-crate.patch ]; nativeBuildInputs = [ pkg-config makeWrapper ]; - buildInputs = lib.optionals stdenv.isDarwin [ Security ]; + buildInputs = lib.optionals stdenv.isDarwin [ Security libiconv ]; - postPatch = '' - substituteInPlace src/pinentry.rs \ - --replace 'Command::new("pinentry")' 'Command::new("${pinentry}/${pinentry.binaryPath or "bin/pinentry"}")' - '' + lib.optionalString withFzf '' + postPatch = lib.optionalString withFzf '' patchShebangs bin/rbw-fzf substituteInPlace bin/rbw-fzf \ --replace fzf ${fzf}/bin/fzf \ diff --git a/nixpkgs/pkgs/tools/security/rekor/default.nix b/nixpkgs/pkgs/tools/security/rekor/default.nix new file mode 100644 index 000000000000..b260d46f934f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/rekor/default.nix @@ -0,0 +1,51 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +let + generic = { pname, subPackages, description, postInstall }: + buildGoModule rec { + inherit pname; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "sigstore"; + repo = "rekor"; + rev = "v${version}"; + sha256 = "1hvkfvc747g5r4h8vb1d8ikqxmlyxsycnlh78agmmjpxlasspmbk"; + }; + + vendorSha256 = "0vdir9ia3hv27rkm6jnvhsfc3mxw36xfvwqnfd34rgzmzcfxlrbv"; + + inherit subPackages postInstall; + + meta = with lib; { + inherit description; + homepage = "https://github.com/sigstore/rekor"; + changelog = "https://github.com/sigstore/rekor/releases/tag/v${version}"; + license = licenses.asl20; + maintainers = with maintainers; [ lesuisse ]; + }; + }; +in { + rekor-cli = generic { + pname = "rekor-cli"; + subPackages = [ "cmd/cli" ]; + # Will not be needed with the next version, the package as been renamed upstream + postInstall = '' + if [ -f "$out/bin/cli" ]; then + mv "$out/bin/cli" "$out/bin/rekor-client" + fi + ''; + description = "CLI client for Sigstore, the Signature Transparency Log"; + }; + rekor-server = generic { + pname = "rekor-server"; + subPackages = [ "cmd/server" ]; + # Will not be needed with the next version, the package as been renamed upstream + postInstall = '' + if [ -f "$out/bin/server" ]; then + mv "$out/bin/server" "$out/bin/rekor-server" + fi + ''; + description = "Sigstore server, the Signature Transparency Log"; + }; +} diff --git a/nixpkgs/pkgs/tools/security/rhash/default.nix b/nixpkgs/pkgs/tools/security/rhash/default.nix index f4cc65f5d8e7..c602ec622cd2 100644 --- a/nixpkgs/pkgs/tools/security/rhash/default.nix +++ b/nixpkgs/pkgs/tools/security/rhash/default.nix @@ -1,14 +1,14 @@ { lib, stdenv, fetchFromGitHub, which }: stdenv.mkDerivation rec { - version = "1.4.0"; + version = "1.4.1"; pname = "rhash"; src = fetchFromGitHub { owner = "rhash"; repo = "RHash"; rev = "v${version}"; - sha256 = "18zgr1bjzz8v6rckz2q2hx9f2ssbv8qfwclzpbyjaz0c1c9lqqar"; + sha256 = "sha256-kmi1FtJYPBUdMfJlzEsQkTwcYB99isP3yzH1EYlk54g="; }; nativeBuildInputs = [ which ]; diff --git a/nixpkgs/pkgs/tools/security/saml2aws/default.nix b/nixpkgs/pkgs/tools/security/saml2aws/default.nix index 57a92ef4b996..e2f1ab7cdb6c 100644 --- a/nixpkgs/pkgs/tools/security/saml2aws/default.nix +++ b/nixpkgs/pkgs/tools/security/saml2aws/default.nix @@ -2,17 +2,17 @@ buildGoModule rec { pname = "saml2aws"; - version = "2.27.1"; + version = "2.28.0"; src = fetchFromGitHub { owner = "Versent"; repo = "saml2aws"; rev = "v${version}"; - sha256 = "1ffq7jh14cj45wn5rx9awh5k8hqbfwm4fjz0a0rq22yqfwbbkkj2"; + sha256 = "sha256-2t1MytLjAxhVVsWyMYcQZ9c+ox+X2OszG5mLAv8c7xE="; }; runVend = true; - vendorSha256 = "1w7vnpv36lhxpaljdhslbckkr7p81nzc91a0503wk8nrrc4ljsyy"; + vendorSha256 = "sha256-8Kox01iyWhv/Fp7jHPeNXxc/K2TT1WPyWFieHZkqLho="; doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/secretscanner/default.nix b/nixpkgs/pkgs/tools/security/secretscanner/default.nix new file mode 100644 index 000000000000..93d440009f3f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/secretscanner/default.nix @@ -0,0 +1,37 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, hyperscan +, pkg-config +}: + +buildGoModule rec { + pname = "secretscanner"; + version = "20210214-${lib.strings.substring 0 7 rev}"; + rev = "42a38f9351352bf6240016b5b93d971be35cad46"; + + src = fetchFromGitHub { + owner = "deepfence"; + repo = "SecretScanner"; + inherit rev; + sha256 = "0yga71f7bx5a3hj5agr88pd7j8jnxbwqm241fhrvv8ic4sx0mawg"; + }; + + vendorSha256 = "0b7qa83iqnigihgwlqsxi28n7d9h0dk3wx1bqvhn4k01483cipsd"; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ hyperscan ]; + + postInstall = '' + mv $out/bin/SecretScanner $out/bin/$pname + ''; + + meta = with lib; { + description = "Tool to find secrets and passwords in container images and file systems"; + homepage = "https://github.com/deepfence/SecretScanner"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} + diff --git a/nixpkgs/pkgs/tools/security/shc/default.nix b/nixpkgs/pkgs/tools/security/shc/default.nix index 4cbedb232187..0c1bf93ed1c6 100644 --- a/nixpkgs/pkgs/tools/security/shc/default.nix +++ b/nixpkgs/pkgs/tools/security/shc/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { meta = with lib; { homepage = "https://neurobin.org/projects/softwares/unix/shc/"; description = "Shell Script Compiler"; - platforms = lib.platforms.linux; + platforms = lib.platforms.all; license = licenses.gpl3; }; } diff --git a/nixpkgs/pkgs/tools/security/shhgit/default.nix b/nixpkgs/pkgs/tools/security/shhgit/default.nix new file mode 100644 index 000000000000..a05eba1282c1 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/shhgit/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "shhgit"; + version = "0.4-${lib.strings.substring 0 7 rev}"; + rev = "7e55062d10d024f374882817692aa2afea02ff84"; + + src = fetchFromGitHub { + owner = "eth0izzle"; + repo = pname; + inherit rev; + sha256 = "1b7r4ivfplm4crlvx571nyz2rc6djy0xvl14nz7m0ngh6206df9k"; + }; + + vendorSha256 = "0isa9faaknm8c9mbyj5dvf1dfnyv44d1pjd2nbkyfi6b22hcci3d"; + + meta = with lib; { + description = "Tool to detect secrets in repositories"; + homepage = "https://github.com/eth0izzle/shhgit"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sipvicious/default.nix b/nixpkgs/pkgs/tools/security/sipvicious/default.nix new file mode 100644 index 000000000000..8403019a341e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/sipvicious/default.nix @@ -0,0 +1,27 @@ +{ lib +, buildPythonApplication +, fetchFromGitHub +}: + +buildPythonApplication rec { + pname = "sipvicious"; + version = "0.3.3"; + + src = fetchFromGitHub { + owner = "EnableSecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "17f6w7qh33zvlhqwf22y9y7skha0xjs46yk66q8xm4brsv4lfxxa"; + }; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "sipvicious" ]; + + meta = with lib; { + description = " Set of tools to audit SIP based VoIP systems"; + homepage = "https://github.com/EnableSecurity/sipvicious"; + license = with licenses; [ gpl3Plus ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/slowhttptest/default.nix b/nixpkgs/pkgs/tools/security/slowhttptest/default.nix new file mode 100644 index 000000000000..5dce5d5439ac --- /dev/null +++ b/nixpkgs/pkgs/tools/security/slowhttptest/default.nix @@ -0,0 +1,26 @@ +{ lib +, stdenv +, fetchFromGitHub +, openssl +}: + +stdenv.mkDerivation rec { + pname = "slowhttptest"; + version = "1.8.2"; + + src = fetchFromGitHub { + owner = "shekyan"; + repo = pname; + rev = "v${version}"; + sha256 = "1xv2j3hl4zj0s2cxcsvlwgridh9ap4g84g7c4918d03id15wydcx"; + }; + + buildInputs = [ openssl ]; + + meta = with lib; { + description = "Application Layer DoS attack simulator"; + homepage = "https://github.com/shekyan/slowhttptest"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix index 7cc343b78234..1577b4764012 100644 --- a/nixpkgs/pkgs/tools/security/sn0int/default.nix +++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -3,16 +3,16 @@ rustPlatform.buildRustPackage rec { pname = "sn0int"; - version = "0.20.0"; + version = "0.20.1"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; rev = "v${version}"; - sha256 = "1zjrbrkk7phv8s5qr0gj6fnssa31j3k3m8c55pdfmajh7ry7wwd1"; + sha256 = "sha256-vnSpItch9RDUyYxERKRwYPmRLwRG9gAI7iIY+7iRs1w="; }; - cargoSha256 = "1jvaavhjyalnh10vfhrdyqg1jnl8b4a3gnp8a31bgi3mb0v466k3"; + cargoSha256 = "sha256-1QqNI7rdH5wb1Zge8gkJtzg2Hgd/Vk9DAU9ULk/5wiw="; nativeBuildInputs = [ pkg-config ]; diff --git a/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix b/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix index f5ae475a45b0..95db01370b44 100644 --- a/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/sonar-scanner-cli/default.nix @@ -21,7 +21,7 @@ in stdenv.mkDerivation rec { src = fetchurl sonarScannerArchPackage.${stdenv.hostPlatform.system}; - buildInputs = [ unzip ]; + nativeBuildInputs = [ unzip ]; installPhase = '' mkdir -p $out/lib diff --git a/nixpkgs/pkgs/tools/security/sops/default.nix b/nixpkgs/pkgs/tools/security/sops/default.nix index ae6f000fe3f7..ec1ade20a19a 100644 --- a/nixpkgs/pkgs/tools/security/sops/default.nix +++ b/nixpkgs/pkgs/tools/security/sops/default.nix @@ -2,22 +2,23 @@ buildGoModule rec { pname = "sops"; - version = "3.6.1"; + version = "3.7.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "0xl53rs8jzq5yz4wi0vzsr6ajsaf2x2n1h3x7krk02a9839y6f18"; + sha256 = "1a0v1jgbz8n3dymzr2shg2ms9sxjwaci209ldzq8v4g737v10zgm"; }; - vendorSha256 = "1cpm06dyc6lb3a9apfggyi16alb2yijvyan1gbrl8r9fwlqvdpjk"; + vendorSha256 = "1qaml2h3c8fhmi8ahp2fmd0hagqp5xqaf8jxjh4mfmbv2is3yz1l"; doCheck = false; meta = with lib; { homepage = "https://github.com/mozilla/sops"; description = "Mozilla sops (Secrets OPerationS) is an editor of encrypted files"; + changelog = "https://github.com/mozilla/sops/raw/v${version}/CHANGELOG.rst"; maintainers = [ maintainers.marsam ]; license = licenses.mpl20; }; diff --git a/nixpkgs/pkgs/tools/security/ssb/default.nix b/nixpkgs/pkgs/tools/security/ssb/default.nix new file mode 100644 index 000000000000..d6305e4cf4a4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ssb/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "ssb"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "kitabisa"; + repo = pname; + rev = "v${version}"; + sha256 = "0dkd02l30461cwn5hsssnjyb9s8ww179wll3l7z5hy1hv3x6h9g1"; + }; + + vendorSha256 = "1q3dxizyz9bcdfs5j2bzhl2aadhd00cvzhj202wlls0zrlb9pp4f"; + + meta = with lib; { + description = "Tool to bruteforce SSH server"; + homepage = "https://github.com/kitabisa/ssb"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix index 2fdc42e52803..a7ef677759f3 100644 --- a/nixpkgs/pkgs/tools/security/ssh-audit/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-audit/default.nix @@ -2,13 +2,13 @@ python3Packages.buildPythonApplication rec { pname = "ssh-audit"; - version = "2.3.1"; + version = "2.4.0"; src = fetchFromGitHub { owner = "jtesta"; repo = pname; rev = "v${version}"; - sha256 = "1h739r5nv5zkmjyyjwkw8r6d4avddjjxsamc5rffwfxi1kjavpxm"; + sha256 = "sha256-Xq1q/i43vZAv8BayVOdKuZ3+mJcQQ0x4Kc3WlASE6m8="; }; checkInputs = with python3Packages; [ diff --git a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix index 487cc44cdd73..fc07714b55b0 100644 --- a/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix +++ b/nixpkgs/pkgs/tools/security/ssh-to-pgp/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ssh-to-pgp"; - version = "1.0.0"; + version = "1.0.1"; src = fetchFromGitHub { owner = "Mic92"; repo = "ssh-to-pgp"; rev = version; - sha256 = "sha256-TDrpnWAez8muysMdmKFBDZfK8CyhGn1VqHB8+zD6jSk="; + sha256 = "sha256-5Wg0ItAkAb0zlhzcuDT9o0XIIbG9kqk4mIYb6hSJlsI="; }; - vendorSha256 = "sha256-ZF/WsmqmGHZIAGTPKJ70UhtmssNhiInEZfzrKxQLw9I="; + vendorSha256 = "sha256-OMWiJ1n8ynvIGcmotjuGGsRuAidYgVo5Y5JjrAw8fpc="; checkInputs = [ gnupg ]; checkPhase = '' diff --git a/nixpkgs/pkgs/tools/security/sshguard/default.nix b/nixpkgs/pkgs/tools/security/sshguard/default.nix index 88e726bc8635..f42a1ec96f43 100644 --- a/nixpkgs/pkgs/tools/security/sshguard/default.nix +++ b/nixpkgs/pkgs/tools/security/sshguard/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, fetchurl, autoreconfHook, yacc, flex}: +{ lib, stdenv, fetchurl, autoreconfHook, bison, flex}: stdenv.mkDerivation rec { version = "2.4.1"; @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { doCheck = true; - nativeBuildInputs = [ autoreconfHook yacc flex ]; + nativeBuildInputs = [ autoreconfHook bison flex ]; configureFlags = [ "--sysconfdir=/etc" ]; diff --git a/nixpkgs/pkgs/tools/security/sslscan/default.nix b/nixpkgs/pkgs/tools/security/sslscan/default.nix index fcf9c4c1ac2f..29762fc527c3 100644 --- a/nixpkgs/pkgs/tools/security/sslscan/default.nix +++ b/nixpkgs/pkgs/tools/security/sslscan/default.nix @@ -1,25 +1,28 @@ -{ lib, stdenv, fetchFromGitHub, openssl }: +{ lib +, stdenv +, fetchFromGitHub +, openssl +}: stdenv.mkDerivation rec { pname = "sslscan"; - version = "1.11.13"; + version = "2.0.9"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; - rev = "${version}-rbsec"; - sha256 = "0sa8iw91wi3515lw761j84wagab1x9rxr0mn8m08qj300z2044yk"; + rev = version; + sha256 = "0594svwz4pya0syibar0ahmi5zdjbwd5kg6hrlhfpmmslrsyli6m"; }; buildInputs = [ openssl ]; - makeFlags = [ "PREFIX=$(out)" "CC=cc" ]; + makeFlags = [ "PREFIX=$(out)" "CC=${stdenv.cc.targetPrefix}cc" ]; meta = with lib; { description = "Tests SSL/TLS services and discover supported cipher suites"; homepage = "https://github.com/rbsec/sslscan"; - license = licenses.gpl3; + license = licenses.gpl3Only; maintainers = with maintainers; [ fpletz globin ]; - platforms = platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/steghide/default.nix b/nixpkgs/pkgs/tools/security/steghide/default.nix deleted file mode 100644 index cb2a0473cf15..000000000000 --- a/nixpkgs/pkgs/tools/security/steghide/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ lib, stdenv, fetchurl, libjpeg, libmcrypt, zlib, libmhash, gettext, libtool}: - -stdenv.mkDerivation rec { - buildInputs = [ libjpeg libmcrypt zlib libmhash gettext libtool ]; - version = "0.5.1"; - pname = "steghide"; - - src = fetchurl { - url = "mirror://sourceforge/steghide/steghide/${version}/steghide-${version}.tar.gz" ; - sha256 = "78069b7cfe9d1f5348ae43f918f06f91d783c2b3ff25af021e6a312cf541b47b"; - }; - - patches = [ - ./patches/steghide-0.5.1-gcc34.patch - ./patches/steghide-0.5.1-gcc4.patch - ./patches/steghide-0.5.1-gcc43.patch - ]; - - # AM_CXXFLAGS needed for automake - preConfigure = '' - export AM_CXXFLAGS="$CXXFLAGS -std=c++0x" - ''; - - meta = with lib; { - homepage = "http://steghide.sourceforge.net/"; - description = "Steganography program that is able to hide data in various kinds of image- and audio-files"; - license = licenses.gpl2; - platforms = platforms.linux; - }; -} diff --git a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch deleted file mode 100644 index 373316c78406..000000000000 --- a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc34.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- steghide-0.5.1.old/src/Makefile.am -+++ steghide-0.5.1.new/src/Makefile.am 2004-07-16 19:01:39.673947633 +0200 -@@ -33,5 +33,5 @@ - WavPCMSampleValue.cc error.cc main.cc msg.cc SMDConstructionHeuristic.cc - LIBS = @LIBINTL@ @LIBS@ - localedir = $(datadir)/locale --LIBTOOL = $(SHELL) libtool -+LIBTOOL = $(SHELL) libtool --tag=CXX - MAINTAINERCLEANFILES = Makefile.in ---- steghide-0.5.1.old/src/AuSampleValues.cc -+++ steghide-0.5.1.new/src/AuSampleValues.cc 2004-07-16 18:59:18.934578427 +0200 -@@ -17,21 +17,21 @@ - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ -- -+#include "common.h" - #include "AuSampleValues.h" - - // AuMuLawSampleValue --const BYTE AuMuLawSampleValue::MinValue = 0 ; --const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; -+template<> const BYTE AuMuLawSampleValue::MinValue = 0 ; -+template<> const BYTE AuMuLawSampleValue::MaxValue = BYTE_MAX ; - - // AuPCM8SampleValue --const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; --const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; -+template<> const SBYTE AuPCM8SampleValue::MinValue = SBYTE_MIN ; -+template<> const SBYTE AuPCM8SampleValue::MaxValue = SBYTE_MAX ; - - // AuPCM16SampleValue --const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; --const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; -+template<> const SWORD16 AuPCM16SampleValue::MinValue = SWORD16_MIN ; -+template<> const SWORD16 AuPCM16SampleValue::MaxValue = SWORD16_MAX ; - - // AuPCM32SampleValue --const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; --const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; -+template<> const SWORD32 AuPCM32SampleValue::MinValue = SWORD32_MIN ; -+template<> const SWORD32 AuPCM32SampleValue::MaxValue = SWORD32_MAX ; diff --git a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch deleted file mode 100644 index a8df1735e9d4..000000000000 --- a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc4.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff -Naur steghide-0.5.1-orig/src/AuData.h steghide-0.5.1/src/AuData.h ---- steghide-0.5.1-orig/src/AuData.h 2003-09-28 09:30:29.000000000 -0600 -+++ steghide-0.5.1/src/AuData.h 2007-05-11 22:04:56.000000000 -0600 -@@ -26,22 +26,30 @@ - - // AuMuLawAudioData - typedef AudioDataImpl<AuMuLaw,BYTE> AuMuLawAudioData ; -+template<> - inline BYTE AuMuLawAudioData::readValue (BinaryIO* io) const { return (io->read8()) ; } -+template<> - inline void AuMuLawAudioData::writeValue (BinaryIO* io, BYTE v) const { io->write8(v) ; } - - // AuPCM8AudioData - typedef AudioDataImpl<AuPCM8,SBYTE> AuPCM8AudioData ; -+template<> - inline SBYTE AuPCM8AudioData::readValue (BinaryIO* io) const { return ((SBYTE) io->read8()) ; } -+template<> - inline void AuPCM8AudioData::writeValue (BinaryIO* io, SBYTE v) const { io->write8((BYTE) v) ; } - - // AuPCM16AudioData - typedef AudioDataImpl<AuPCM16,SWORD16> AuPCM16AudioData ; -+template<> - inline SWORD16 AuPCM16AudioData::readValue (BinaryIO* io) const { return ((SWORD16) io->read16_be()) ; } -+template<> - inline void AuPCM16AudioData::writeValue (BinaryIO* io, SWORD16 v) const { io->write16_be((UWORD16) v) ; } - - // AuPCM32AudioData - typedef AudioDataImpl<AuPCM32,SWORD32> AuPCM32AudioData ; -+template<> - inline SWORD32 AuPCM32AudioData::readValue (BinaryIO* io) const { return ((SWORD32) io->read32_be()) ; } -+template<> - inline void AuPCM32AudioData::writeValue (BinaryIO* io, SWORD32 v) const { io->write32_be((UWORD32) v) ; } - - #endif // ndef SH_AUDATA_H -diff -Naur steghide-0.5.1-orig/src/MHashPP.cc steghide-0.5.1/src/MHashPP.cc ---- steghide-0.5.1-orig/src/MHashPP.cc 2003-10-05 04:17:50.000000000 -0600 -+++ steghide-0.5.1/src/MHashPP.cc 2007-05-11 22:07:01.000000000 -0600 -@@ -120,7 +120,7 @@ - - std::string MHashPP::getAlgorithmName (hashid id) - { -- char *name = mhash_get_hash_name (id) ; -+ char *name = (char *) mhash_get_hash_name (id) ; - std::string retval ; - if (name == NULL) { - retval = std::string ("<algorithm not found>") ; diff --git a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch b/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch deleted file mode 100644 index ca66b9c544f5..000000000000 --- a/nixpkgs/pkgs/tools/security/steghide/patches/steghide-0.5.1-gcc43.patch +++ /dev/null @@ -1,349 +0,0 @@ ---- steghide-0.5.1.old/configure.in 2003-10-15 09:48:52.000000000 +0200 -+++ steghide-0.5.1.new/configure.in 2008-05-09 19:04:46.000000000 +0200 -@@ -7,27 +7,26 @@ - dnl checks for programs. - AC_PROG_CXX - AC_PROG_INSTALL - AC_PROG_AWK - AC_PROG_LN_S -+AC_CXX_COMPILE_STDCXX_0X - - dnl GNU gettext - AC_CHECK_FUNCS(strchr) - AM_GNU_GETTEXT - AM_CONDITIONAL(USE_INTLDIR, test "$nls_cv_use_gnu_gettext" = yes) - - dnl check if debugging support is requested --AC_MSG_CHECKING([wether to enable debugging]) -+AC_MSG_CHECKING([whether to enable debugging]) - AC_ARG_ENABLE(debug,[ --enable-debug enable debugging], - if test "$enableval" = yes ; - then - AC_MSG_RESULT([yes]) - AC_DEFINE(DEBUG,1,[enable code used only for debugging]) -- CXXFLAGS="-O2 -Wall -g" - else - AC_MSG_RESULT([no]) -- CXXFLAGS="-O2 -Wall" - fi - , - AC_MSG_RESULT([no]) - CXXFLAGS="-O2 -Wall" - ) -@@ -213,7 +212,18 @@ - echo "libmhash can be downloaded from http://mhash.sourceforge.net/."; - echo "**********"; - AC_MSG_ERROR([[libmhash not found]]) - fi - -+dnl Should we add std=c++0x? -+ -+if test "$ac_cv_cxx_compile_cxx0x_cxx" = yes; -+then -+ CXXFLAGS="${CXXFLAGS} -std=c++0x -Wall -Wextra" -+else -+ CXXFLAGS="${CXXFLAGS} -Wall -Wextra" -+fi -+ -+AC_SUBST(CXXFLAGS) -+ - dnl create Makefiles - AC_OUTPUT([Makefile steghide.spec steghide.doxygen doc/Makefile po/Makefile.in src/Makefile tests/Makefile tests/data/Makefile m4/Makefile intl/Makefile]) ---- steghide-0.5.1.old/m4/ac_cxx_compile_stdcxx_0x.m4 1970-01-01 01:00:00.000000000 +0100 -+++ steghide-0.5.1.new/m4/ac_cxx_compile_stdcxx_0x.m4 2008-05-09 19:04:46.000000000 +0200 -@@ -0,0 +1,107 @@ -+# =========================================================================== -+# http://autoconf-archive.cryp.to/ac_cxx_compile_stdcxx_0x.html -+# =========================================================================== -+# -+# SYNOPSIS -+# -+# AC_CXX_COMPILE_STDCXX_0X -+# -+# DESCRIPTION -+# -+# Check for baseline language coverage in the compiler for the C++0x -+# standard. -+# -+# LAST MODIFICATION -+# -+# 2008-04-17 -+# -+# COPYLEFT -+# -+# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com> -+# -+# Copying and distribution of this file, with or without modification, are -+# permitted in any medium without royalty provided the copyright notice -+# and this notice are preserved. -+ -+AC_DEFUN([AC_CXX_COMPILE_STDCXX_0X], [ -+ AC_CACHE_CHECK(if g++ supports C++0x features without additional flags, -+ ac_cv_cxx_compile_cxx0x_native, -+ [AC_LANG_SAVE -+ AC_LANG_CPLUSPLUS -+ AC_TRY_COMPILE([ -+ template <typename T> -+ struct check -+ { -+ static_assert(sizeof(int) <= sizeof(T), "not big enough"); -+ }; -+ -+ typedef check<check<bool>> right_angle_brackets; -+ -+ int a; -+ decltype(a) b; -+ -+ typedef check<int> check_type; -+ check_type c; -+ check_type&& cr = c;],, -+ ac_cv_cxx_compile_cxx0x_native=yes, ac_cv_cxx_compile_cxx0x_native=no) -+ AC_LANG_RESTORE -+ ]) -+ -+ AC_CACHE_CHECK(if g++ supports C++0x features with -std=c++0x, -+ ac_cv_cxx_compile_cxx0x_cxx, -+ [AC_LANG_SAVE -+ AC_LANG_CPLUSPLUS -+ ac_save_CXXFLAGS="$CXXFLAGS" -+ CXXFLAGS="$CXXFLAGS -std=c++0x" -+ AC_TRY_COMPILE([ -+ template <typename T> -+ struct check -+ { -+ static_assert(sizeof(int) <= sizeof(T), "not big enough"); -+ }; -+ -+ typedef check<check<bool>> right_angle_brackets; -+ -+ int a; -+ decltype(a) b; -+ -+ typedef check<int> check_type; -+ check_type c; -+ check_type&& cr = c;],, -+ ac_cv_cxx_compile_cxx0x_cxx=yes, ac_cv_cxx_compile_cxx0x_cxx=no) -+ CXXFLAGS="$ac_save_CXXFLAGS" -+ AC_LANG_RESTORE -+ ]) -+ -+ AC_CACHE_CHECK(if g++ supports C++0x features with -std=gnu++0x, -+ ac_cv_cxx_compile_cxx0x_gxx, -+ [AC_LANG_SAVE -+ AC_LANG_CPLUSPLUS -+ ac_save_CXXFLAGS="$CXXFLAGS" -+ CXXFLAGS="$CXXFLAGS -std=gnu++0x" -+ AC_TRY_COMPILE([ -+ template <typename T> -+ struct check -+ { -+ static_assert(sizeof(int) <= sizeof(T), "not big enough"); -+ }; -+ -+ typedef check<check<bool>> right_angle_brackets; -+ -+ int a; -+ decltype(a) b; -+ -+ typedef check<int> check_type; -+ check_type c; -+ check_type&& cr = c;],, -+ ac_cv_cxx_compile_cxx0x_gxx=yes, ac_cv_cxx_compile_cxx0x_gxx=no) -+ CXXFLAGS="$ac_save_CXXFLAGS" -+ AC_LANG_RESTORE -+ ]) -+ -+ if test "$ac_cv_cxx_compile_cxx0x_native" = yes || -+ test "$ac_cv_cxx_compile_cxx0x_cxx" = yes || -+ test "$ac_cv_cxx_compile_cxx0x_gxx" = yes; then -+ AC_DEFINE(HAVE_STDCXX_0X,,[Define if g++ supports C++0x features. ]) -+ fi -+]) ---- steghide-0.5.1.old/src/Arguments.cc 2003-10-11 23:25:04.000000000 +0200 -+++ steghide-0.5.1.new/src/Arguments.cc 2008-05-09 19:04:44.000000000 +0200 -@@ -26,10 +26,12 @@ - #include "Terminal.h" - #include "common.h" - #include "error.h" - #include "msg.h" - -+float Arguments::Default_Goal = 100.0 ; -+ - // the global Arguments object - Arguments Args ; - - Arguments::Arguments (int argc, char* argv[]) - { ---- steghide-0.5.1.old/src/Arguments.h 2003-10-11 23:23:57.000000000 +0200 -+++ steghide-0.5.1.new/src/Arguments.h 2008-05-09 19:04:44.000000000 +0200 -@@ -98,11 +98,11 @@ - static const bool Default_EmbedEmbFn = true ; - static const bool Default_Force = false ; - static const VERBOSITY Default_Verbosity = NORMAL ; - static const unsigned long Default_Radius = 0 ; // there is no default radius for all file formats - static const unsigned int Max_Algorithm = 3 ; -- static const float Default_Goal = 100.0 ; -+ static float Default_Goal ; - static const DEBUGCOMMAND Default_DebugCommand = NONE ; - static const bool Default_Check = false ; - static const unsigned int Default_DebugLevel = 0 ; - static const unsigned int Default_GmlGraphRecDepth = 0 ; - static const unsigned int Default_GmlStartVertex = 0 ; ---- steghide-0.5.1.old/src/EncryptionMode.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/EncryptionMode.h 2008-05-09 19:04:46.000000000 +0200 -@@ -69,11 +69,11 @@ - static const unsigned int NumValues = 8 ; - IRep Value ; - - typedef struct struct_Translation { - IRep irep ; -- char* srep ; -+ const char* srep ; - } Translation ; - static const Translation Translations[] ; - } ; - - #endif // ndef SH_ENCMODE_H ---- steghide-0.5.1.old/src/Graph.cc 2003-10-11 23:54:26.000000000 +0200 -+++ steghide-0.5.1.new/src/Graph.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -20,10 +20,12 @@ - - #include <ctime> - #include <list> - #include <map> - #include <vector> -+#include <algorithm> -+#include <climits> - - #include "BitString.h" - #include "CvrStgFile.h" - #include "Edge.h" - #include "Graph.h" ---- steghide-0.5.1.old/src/Matching.cc 2003-10-11 23:54:30.000000000 +0200 -+++ steghide-0.5.1.new/src/Matching.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -16,10 +16,11 @@ - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -+#include <algorithm> - #include "Edge.h" - #include "Graph.h" - #include "Matching.h" - #include "ProgressOutput.h" - #include "common.h" ---- steghide-0.5.1.old/src/ProgressOutput.cc 2003-10-11 11:20:51.000000000 +0200 -+++ steghide-0.5.1.new/src/ProgressOutput.cc 2008-05-09 19:04:44.000000000 +0200 -@@ -21,10 +21,12 @@ - #include <cmath> - - #include "ProgressOutput.h" - #include "common.h" - -+float ProgressOutput::NoAvgWeight = 1.0 ; -+ - ProgressOutput::ProgressOutput () - : Message("__nomessage__") - { - LastUpdate = time(NULL) - 1 ; // -1 to ensure that message is written first time - } ---- steghide-0.5.1.old/src/ProgressOutput.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/ProgressOutput.h 2008-05-09 19:04:44.000000000 +0200 -@@ -60,13 +60,13 @@ - /** - * update the output appending rate, [average edge weight], "done" and a newline - * \param rate the rate of matched vertices - * \param avgweight the average edge weight (is not printed if not given) - **/ -- void done (float rate, float avgweight = NoAvgWeight) const ; -+ void done (float rate, float avgweight = 1.0) const ; - -- static const float NoAvgWeight = -1.0 ; -+ static float NoAvgWeight ; - - protected: - std::string vcompose (const char *msgfmt, va_list ap) const ; - - private: ---- steghide-0.5.1.old/src/SMDConstructionHeuristic.cc 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/SMDConstructionHeuristic.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -16,10 +16,12 @@ - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - * - */ - -+#include <algorithm> -+ - #include "Edge.h" - #include "Graph.h" - #include "Matching.h" - #include "SMDConstructionHeuristic.h" - #include "Vertex.h" ---- steghide-0.5.1.old/src/WavFile.cc 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/WavFile.cc 2008-05-09 19:04:46.000000000 +0200 -@@ -19,10 +19,11 @@ - */ - - #include <cstdio> - #include <cstdlib> - #include <cstring> -+#include <algorithm> - - #include "CvrStgFile.h" - #include "DFSAPHeuristic.h" - #include "SampleValueAdjacencyList.h" - #include "SMDConstructionHeuristic.h" ---- steghide-0.5.1.old/src/wrapper_hash_map.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/wrapper_hash_map.h 2008-05-09 19:04:46.000000000 +0200 -@@ -25,17 +25,21 @@ - - #ifdef __GNUC__ - # if __GNUC__ < 3 - # include <hash_map.h> - namespace sgi { using ::hash ; using ::hash_map ; } ; --# else -+# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) - # include <ext/hash_map> --# if __GNUC_MINOR__ == 0 -+# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 - namespace sgi = std ; // GCC 3.0 - # else - namespace sgi = __gnu_cxx ; // GCC 3.1 and later - # endif -+# else -+# include <unordered_map> -+# define hash_map unordered_map -+ namespace sgi = std ; - # endif - #else - namespace sgi = std ; - #endif - ---- steghide-0.5.1.old/src/wrapper_hash_set.h 2003-09-28 17:30:30.000000000 +0200 -+++ steghide-0.5.1.new/src/wrapper_hash_set.h 2008-05-09 19:04:46.000000000 +0200 -@@ -26,17 +26,21 @@ - - #ifdef __GNUC__ - # if __GNUC__ < 3 - # include <hash_set.h> - namespace sgi { using ::hash ; using ::hash_set ; } ; --# else -+# elif __GNUC__ == 3 || ( __GNUC__ == 4 && __GNUC_MINOR__ < 3 ) - # include <ext/hash_set> --# if __GNUC_MINOR__ == 0 -+# if __GNUC__ == 3 && __GNUC_MINOR__ == 0 - namespace sgi = std ; // GCC 3.0 - # else - namespace sgi = ::__gnu_cxx ; // GCC 3.1 and later - # endif -+# else -+# include <unordered_set> -+# define hash_set unordered_set -+ namespace sgi = std ; - # endif - #else - namespace sgi = std ; - #endif - diff --git a/nixpkgs/pkgs/tools/security/stricat/default.nix b/nixpkgs/pkgs/tools/security/stricat/default.nix index 460838965a02..bdd7d18923f1 100644 --- a/nixpkgs/pkgs/tools/security/stricat/default.nix +++ b/nixpkgs/pkgs/tools/security/stricat/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1axg8r4g5n5kdqj5013pgck80nni3z172xkg506vz4zx1zcmrm4r"; }; - buildFlags = [ "CC=cc" ]; + buildFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ]; installPhase = '' mkdir -p $out/bin diff --git a/nixpkgs/pkgs/tools/security/sudo/default.nix b/nixpkgs/pkgs/tools/security/sudo/default.nix index 0f969288a24a..d8b99c51de2c 100644 --- a/nixpkgs/pkgs/tools/security/sudo/default.nix +++ b/nixpkgs/pkgs/tools/security/sudo/default.nix @@ -1,4 +1,11 @@ -{ lib, stdenv, fetchurl, coreutils, pam, groff, sssd, nixosTests +{ lib +, stdenv +, fetchurl +, coreutils +, pam +, groff +, sssd +, nixosTests , sendmailPath ? "/run/wrappers/bin/sendmail" , withInsults ? false , withSssd ? false @@ -6,11 +13,11 @@ stdenv.mkDerivation rec { pname = "sudo"; - version = "1.9.5p2"; + version = "1.9.6p1"; src = fetchurl { url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - sha256 = "0y093z4f3822rc88g9asdch12nljdamp817vjxk04mca7ks2x7jk"; + sha256 = "sha256-qenNwFj6/rnNPr+4ZMgXVeUk2YqgIhUnY/JbzoyjypA="; }; prePatch = '' @@ -36,17 +43,17 @@ stdenv.mkDerivation rec { ]; configureFlagsArray = [ - "--with-passprompt=[sudo] password for %p: " # intentional trailing space + "--with-passprompt=[sudo] password for %p: " # intentional trailing space ]; postConfigure = '' - cat >> pathnames.h <<'EOF' - #undef _PATH_MV - #define _PATH_MV "${coreutils}/bin/mv" - EOF - makeFlags="install_uid=$(id -u) install_gid=$(id -g)" - installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" + cat >> pathnames.h <<'EOF' + #undef _PATH_MV + #define _PATH_MV "${coreutils}/bin/mv" + EOF + makeFlags="install_uid=$(id -u) install_gid=$(id -g)" + installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/" ''; nativeBuildInputs = [ groff ]; @@ -56,10 +63,9 @@ stdenv.mkDerivation rec { doCheck = false; # needs root - postInstall = - '' - rm -f $out/share/doc/sudo/ChangeLog - ''; + postInstall = '' + rm $out/share/doc/sudo/ChangeLog + ''; passthru.tests = { inherit (nixosTests) sudo; }; @@ -68,10 +74,10 @@ stdenv.mkDerivation rec { longDescription = '' - Sudo (su "do") allows a system administrator to delegate - authority to give certain users (or groups of users) the ability - to run some (or all) commands as root or another user while - providing an audit trail of the commands and their arguments. + Sudo (su "do") allows a system administrator to delegate + authority to give certain users (or groups of users) the ability + to run some (or all) commands as root or another user while + providing an audit trail of the commands and their arguments. ''; homepage = "https://www.sudo.ws/"; diff --git a/nixpkgs/pkgs/tools/security/swtpm/default.nix b/nixpkgs/pkgs/tools/security/swtpm/default.nix new file mode 100644 index 000000000000..2bd0326d4d92 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/swtpm/default.nix @@ -0,0 +1,76 @@ +{ lib +, stdenv +, fetchFromGitHub +, autoreconfHook +, pkg-config +, libtasn1, openssl, fuse, glib, libseccomp +, libtpms +, unixtools, expect, socat +, gnutls +, perl +, python3, python3Packages +}: + +stdenv.mkDerivation rec { + pname = "swtpm"; + version = "0.5.2"; + + src = fetchFromGitHub { + owner = "stefanberger"; + repo = "swtpm"; + rev = "v${version}"; + sha256 = "sha256-KY5V4z/8I15ePjorgZueNahlD/xvFa3tDarA0tuRxFk="; + }; + + pythonPath = with python3Packages; requiredPythonModules [ + setuptools + cryptography + ]; + + patches = [ + # upstream looks for /usr directory in $prefix to check + # whether or not to proceed with installation of python + # tools (swtpm_setup utility). + ./python-installation.patch + ]; + + prePatch = '' + patchShebangs src/swtpm_setup/setup.py + patchShebangs samples/setup.py + ''; + + nativeBuildInputs = [ + pkg-config unixtools.netstat expect socat + perl # for pod2man + autoreconfHook + python3 + ]; + buildInputs = [ + libtpms + openssl libtasn1 libseccomp + fuse glib + gnutls + python3.pkgs.wrapPython + ]; + propagatedBuildInputs = pythonPath; + + configureFlags = [ + "--with-cuse" + ]; + + postInstall = '' + wrapPythonProgramsIn $out/bin "$out $pythonPath" + wrapPythonProgramsIn $out/share/swtpm "$out $pythonPath" + ''; + + enableParallelBuilding = true; + + outputs = [ "out" "man" ]; + + meta = with lib; { + description = "Libtpms-based TPM emulator"; + homepage = "https://github.com/stefanberger/swtpm"; + license = licenses.bsd3; + maintainers = [ maintainers.baloo ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/swtpm/python-installation.patch b/nixpkgs/pkgs/tools/security/swtpm/python-installation.patch new file mode 100644 index 000000000000..d2689f051c5b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/swtpm/python-installation.patch @@ -0,0 +1,60 @@ +commit 353794feb596d95e3f8893e39b174c5a89d1013e +Author: Arthur Gautier <baloo@superbaloo.net> +Date: Wed Feb 17 02:27:40 2021 +0000 + + python-install + + Signed-off-by: Arthur Gautier <baloo@superbaloo.net> + +diff --git a/samples/Makefile.am b/samples/Makefile.am +index 7d69bf8..1803bb9 100644 +--- a/samples/Makefile.am ++++ b/samples/Makefile.am +@@ -39,19 +39,9 @@ python-uninstall: + $(PIP3) uninstall -y $(PY_PACKAGE_NAME) + + if PYTHON_INSTALLATION +-install-exec-local: $(PY_PACKAGE) +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Warning: Not installing python package to $(DESTDIR)$(bindir)"; \ +- else \ +- $(MAKE) python-install; \ +- fi ++install-exec-local: python-install + +-uninstall-local: +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Cleanup for distcheck build not implemented" ; \ +- else \ +- $(MAKE) python-uninstall; \ +- fi ++uninstall-local: python-uninstall + endif + + +diff --git a/src/swtpm_setup/Makefile.am b/src/swtpm_setup/Makefile.am +index 529eefe..533b1b3 100644 +--- a/src/swtpm_setup/Makefile.am ++++ b/src/swtpm_setup/Makefile.am +@@ -29,19 +29,9 @@ python-uninstall: + $(PIP3) uninstall -y $(PY_PACKAGE_NAME) + + if PYTHON_INSTALLATION +-install-exec-local: $(PY_PACKAGE) +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Warning: Not installing python package to $(DESTDIR)$(bindir)"; \ +- else \ +- $(MAKE) python-install; \ +- fi ++install-exec-local: python-install + +-uninstall-local: +- @if ! test $(findstring /usr, "$(DESTDIR)$(bindir)"); then \ +- echo "Cleanup for distcheck build not implemented" ; \ +- else \ +- $(MAKE) python-uninstall; \ +- fi ++uninstall-local: python-uninstall + endif + + # for out-of-tree builds we need to clean up diff --git a/nixpkgs/pkgs/tools/security/teler/default.nix b/nixpkgs/pkgs/tools/security/teler/default.nix index 4a971243ad1b..a4bcc87eedf9 100644 --- a/nixpkgs/pkgs/tools/security/teler/default.nix +++ b/nixpkgs/pkgs/tools/security/teler/default.nix @@ -1,20 +1,24 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "teler"; - version = "1.0.1"; + version = "1.2.2"; src = fetchFromGitHub { owner = "kitabisa"; repo = "teler"; rev = "v${version}"; - sha256 = "07pfqgms5cj4y6zm984qjmmw1c8j9yjbgrp2spi9vzk96s3k3qn3"; + sha256 = "sha256-i4106PtoCJt5CY9ahczZYe9GufBkaZS+9Peh0IY9r1M="; }; - vendorSha256 = "06szi2jw3nayd7pljjlww2gsllgnfg8scnjmc6qv5xl6gf797kdz"; + vendorSha256 = "sha256-TQjwPem+RMuoF5T02CL/CTvBS6W7Q786gTvYUFIvxjE="; + + preBuild = '' + buildFlagsArray+=("-ldflags" "-s -w -X ktbs.dev/teler/common.Version=${version}") + ''; # test require internet access doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/terrascan/default.nix b/nixpkgs/pkgs/tools/security/terrascan/default.nix index b37273aeb1d2..0d7c3d2863cf 100644 --- a/nixpkgs/pkgs/tools/security/terrascan/default.nix +++ b/nixpkgs/pkgs/tools/security/terrascan/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "terrascan"; - version = "1.3.2"; + version = "1.4.0"; src = fetchFromGitHub { owner = "accurics"; repo = pname; rev = "v${version}"; - sha256 = "sha256-RZFh9RVU8RwtLGIP7OWnf0yNsXfElqWSXieljqp8ahU="; + sha256 = "sha256-YUrvdleH332fWDgq8AwUdXkFC7m9ap+OVuQhKlxZfII="; }; - vendorSha256 = "sha256-Ya/33ocPhY5OSnCEyULsOIHaxwb1yNEle3JEYo/7/Yk="; + vendorSha256 = "sha256-CzJ83MsBetrzbBT+fmz8F8MjdrManJAd4xpykh/2938="; # tests want to download a vulnerable Terraform project doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/thc-hydra/default.nix b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix index 88ea30088f5e..f60d5374648f 100644 --- a/nixpkgs/pkgs/tools/security/thc-hydra/default.nix +++ b/nixpkgs/pkgs/tools/security/thc-hydra/default.nix @@ -3,13 +3,13 @@ stdenv.mkDerivation rec { pname = "thc-hydra"; - version = "9.1"; + version = "9.2"; src = fetchFromGitHub { owner = "vanhauser-thc"; repo = "thc-hydra"; rev = "v${version}"; - sha256 = "1533h9z5jdlazwy0z7ll2753i507wq55by7rm9lh6y59889p0hps"; + sha256 = "sha256-V9rr5fbJWm0pa+Kp8g95XvLPo/uWcDwyU2goImnIq58="; }; postPatch = let diff --git a/nixpkgs/pkgs/tools/security/theharvester/default.nix b/nixpkgs/pkgs/tools/security/theharvester/default.nix index 7a03649859e4..02e83296c69f 100644 --- a/nixpkgs/pkgs/tools/security/theharvester/default.nix +++ b/nixpkgs/pkgs/tools/security/theharvester/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "theHarvester"; - version = "3.2.2"; + version = "3.2.3"; src = fetchFromGitHub { owner = "laramies"; repo = pname; - rev = "V${version}"; - sha256 = "0lxzxfa9wbzim50d2jmd27i57szd0grm1dfayhnym86jn01qpvn3"; + rev = version; + sha256 = "02jhk34znpvq522pqr3x4c0rljw37x62znwycijf1zx81dpbn4rm"; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 8766e957aaf3..0291d7bb3aa9 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchurl, pkg-config, libevent, openssl, zlib, torsocks -, libseccomp, systemd, libcap, lzma, zstd, scrypt, nixosTests +, libseccomp, systemd, libcap, xz, zstd, scrypt, nixosTests , writeShellScript # for update.nix @@ -30,17 +30,17 @@ let in stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.4.7"; + version = "0.4.5.6"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "1vh5kdx7s74il8a6gr7jydbpv0an01nla4y2r8w7h33z2wk2jv9j"; + sha256 = "0cz78pjw2bc3kl3ziip1nhhbq89crv315rf1my3zmmgd9xws7jr2"; }; outputs = [ "out" "geoip" ]; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libevent openssl zlib lzma zstd scrypt ] ++ + buildInputs = [ libevent openssl zlib xz zstd scrypt ] ++ lib.optionals stdenv.isLinux [ libseccomp systemd libcap ]; patches = [ ./disable-monotonic-timer-tests.patch ]; diff --git a/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix index 6b33d1d4d598..73368f40476d 100644 --- a/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix +++ b/nixpkgs/pkgs/tools/security/tpm2-tools/default.nix @@ -1,19 +1,19 @@ { stdenv, fetchurl, lib -, pandoc, pkg-config, makeWrapper, curl, openssl, tpm2-tss +, pandoc, pkg-config, makeWrapper, curl, openssl, tpm2-tss, libuuid , abrmdSupport ? true, tpm2-abrmd ? null }: stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "4.1.3"; + version = "5.0"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "0117r0zzdnblkibv81y71v3limixsw5m7g9xwf7lcx8fc8836pdv"; + sha256 = "sha256-4bkH/imHdigFLgithO68bD92RtKVBe1IYulhYqjJG6E="; }; nativeBuildInputs = [ pandoc pkg-config makeWrapper ]; buildInputs = [ - curl openssl tpm2-tss + curl openssl tpm2-tss libuuid ]; preFixup = let diff --git a/nixpkgs/pkgs/tools/security/uddup/default.nix b/nixpkgs/pkgs/tools/security/uddup/default.nix new file mode 100644 index 000000000000..60c3609738d9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/uddup/default.nix @@ -0,0 +1,35 @@ +{ lib +, buildPythonApplication +, colorama +, fetchFromGitHub +, pytestCheckHook +}: + +buildPythonApplication rec { + pname = "uddup"; + version = "0.9.3"; + + src = fetchFromGitHub { + owner = "rotemreiss"; + repo = pname; + rev = "v${version}"; + sha256 = "1f5dm3772hiik9irnyvbs7wygcafbwi7czw3b47cwhb90b8fi5hg"; + }; + + propagatedBuildInputs = [ + colorama + ]; + + checkInputs = [ + pytestCheckHook + ]; + + pythonImportsCheck = [ "uddup" ]; + + meta = with lib; { + description = "Tool for de-duplication URLs"; + homepage = "https://github.com/rotemreiss/uddup"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index 512617685501..f8e831ef2c3b 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "vault"; - version = "1.6.2"; + version = "1.7.0"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "1g6fz6dl90cb5pnvvmkndqgncfjy50j9jw3xzn8s91yzvvld8ds7"; + sha256 = "1lsz8fyjcxamvs9n3m974q2jxhv828fb5p6qx8wlqdaahqgrc8qg"; }; goPackagePath = "github.com/hashicorp/vault"; @@ -32,6 +32,6 @@ buildGoPackage rec { changelog = "https://github.com/hashicorp/vault/blob/v${version}/CHANGELOG.md"; platforms = platforms.linux ++ platforms.darwin; license = licenses.mpl20; - maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri ]; + maintainers = with maintainers; [ rushmorem lnl7 offline pradeepchhetri Chili-Man ]; }; } diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index b30f8d1af13d..fc8b2865f253 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -1,26 +1,26 @@ { lib, stdenv, fetchurl, unzip }: let - version = "1.6.2"; + version = "1.7.0"; sources = let base = "https://releases.hashicorp.com/vault/${version}"; in { x86_64-linux = fetchurl { url = "${base}/vault_${version}_linux_amd64.zip"; - sha256 = "1vcxnky8qnn2ib33r9604cbjrgm939ddrhwqcjylbv217cmc9alf"; + sha256 = "0d8wqxqilv1jdf4dl7w2jp3lfh0w0rawidmhjlj3ykpg6l3gblma"; }; i686-linux = fetchurl { url = "${base}/vault_${version}_linux_386.zip"; - sha256 = "0mcav36dcmvky8v4y65jvh837i72aqz7arv2ivjpajym3gf7qrq1"; + sha256 = "128r0phm5i1cpayz0ia8qsmnk1ia3qylidy9f8iwk3l8r834s4yd"; }; x86_64-darwin = fetchurl { url = "${base}/vault_${version}_darwin_amd64.zip"; - sha256 = "1is7s445jc4ll2lyfxgjwwl89fly1l8kskqp2p8z179d8hhgd0ms"; + sha256 = "01vxjv95his8jqin2cwcw691wdwn6p876rp021bmvr6diw6clkrp"; }; aarch64-linux = fetchurl { url = "${base}/vault_${version}_linux_arm64.zip"; - sha256 = "0i5d87a393464r68rjv83bjhg51yaysccqbwaaydmzk1m45icg7x"; + sha256 = "0ahdv14fz7ybl11b61z7j13nbjd6hp6fcpc5bk6y8lh4qj8x0pzg"; }; }; @@ -35,9 +35,13 @@ in stdenv.mkDerivation { sourceRoot = "."; installPhase = '' + runHook preInstall + mkdir -p $out/bin $out/share/bash-completion/completions mv vault $out/bin echo "complete -C $out/bin/vault vault" > $out/share/bash-completion/completions/vault + + runHook postInstall ''; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/wafw00f/default.nix b/nixpkgs/pkgs/tools/security/wafw00f/default.nix new file mode 100644 index 000000000000..dae4f5a5ad0c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wafw00f/default.nix @@ -0,0 +1,34 @@ +{ lib +, buildPythonApplication +, fetchFromGitHub +, pluginbase +, requests +}: + +buildPythonApplication rec { + pname = "wafw00f"; + version = "2.1.0"; + + src = fetchFromGitHub { + owner = "EnableSecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "0526kz6ypww9nxc2vddkhpn1gqvn25mzj3wmi91wwxwxjjb6w4qj"; + }; + + propagatedBuildInputs = [ + requests + pluginbase + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "wafw00f" ]; + + meta = with lib; { + description = "Tool to identify and fingerprint Web Application Firewalls (WAF)"; + homepage = "https://github.com/EnableSecurity/wafw00f"; + license = with licenses; [ bsd3 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wapiti/default.nix b/nixpkgs/pkgs/tools/security/wapiti/default.nix new file mode 100644 index 000000000000..945f78dc5599 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wapiti/default.nix @@ -0,0 +1,106 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "wapiti"; + version = "3.0.4"; + + src = fetchFromGitHub { + owner = "wapiti-scanner"; + repo = pname; + rev = version; + sha256 = "0wnz4nq1q5y74ksb1kcss9vdih0kbrmnkfbyc2ngd9id1ixfamxb"; + }; + + nativeBuildInputs = with python3.pkgs; [ + pytest-runner + ]; + + propagatedBuildInputs = with python3.pkgs; [ + beautifulsoup4 + browser-cookie3 + Mako + markupsafe + pysocks + requests + six + tld + yaswfp + ] ++ lib.optionals (python3.pythonOlder "3.8") [ importlib-metadata ]; + + checkInputs = with python3.pkgs; [ + responses + pytestCheckHook + ]; + + postPatch = '' + # Is already fixed in the repo. Will be part of the next release + substituteInPlace setup.py \ + --replace "importlib_metadata==2.0.0" "importlib_metadata" + ''; + + disabledTests = [ + # Tests requires network access + "test_attr" + "test_bad_separator_used" + "test_blind" + "test_chunked_timeout" + "test_cookies_detection" + "test_csrf_cases" + "test_detection" + "test_direct" + "test_escape_with_style" + "test_explorer_filtering" + "test_false" + "test_frame" + "test_headers_detection" + "test_html_detection" + "test_implies_detection" + "test_inclusion_detection" + "test_meta_detection" + "test_no_crash" + "test_options" + "test_out_of_band" + "test_partial_tag_name_escape" + "test_prefix_and_suffix_detection" + "test_qs_limit" + "test_rare_tag_and_event" + "test_redirect_detection" + "test_request_object" + "test_script" + "test_ssrf" + "test_tag_name_escape" + "test_timeout" + "test_title_false_positive" + "test_title_positive" + "test_true_positive_request_count" + "test_url_detection" + "test_warning" + "test_whole" + "test_xss_inside_tag_input" + "test_xss_inside_tag_link" + "test_xss_uppercase_no_script" + "test_xss_with_strong_csp" + "test_xss_with_weak_csp" + "test_xxe" + ]; + + pythonImportsCheck = [ "wapitiCore" ]; + + meta = with lib; { + description = "Web application vulnerability scanner"; + longDescription = '' + Wapiti allows you to audit the security of your websites or web applications. + It performs "black-box" scans (it does not study the source code) of the web + application by crawling the webpages of the deployed webapp, looking for + scripts and forms where it can inject data. Once it gets the list of URLs, + forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see + if a script is vulnerable. + ''; + homepage = "https://wapiti-scanner.github.io/"; + license = with licenses; [ gpl2Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/wipe/default.nix b/nixpkgs/pkgs/tools/security/wipe/default.nix index 2c3c9376f67b..5b0f079e5a60 100644 --- a/nixpkgs/pkgs/tools/security/wipe/default.nix +++ b/nixpkgs/pkgs/tools/security/wipe/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { description = "Secure file wiping utility"; homepage = "http://wipe.sourceforge.net/"; license = licenses.gpl2; - platforms = platforms.linux; + platforms = platforms.all; maintainers = [ maintainers.abbradar ]; }; } diff --git a/nixpkgs/pkgs/tools/security/xcat/default.nix b/nixpkgs/pkgs/tools/security/xcat/default.nix new file mode 100644 index 000000000000..516585f89126 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xcat/default.nix @@ -0,0 +1,50 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "xcat"; + version = "1.2.0"; + disabled = python3.pythonOlder "3.7"; + format = "pyproject"; + + src = fetchFromGitHub { + owner = "orf"; + repo = pname; + rev = "v${version}"; + sha256 = "01r5998gdvqjdrahpk0ci27lx9yghbddlanqcspr3qp5y5930i0s"; + }; + + nativeBuildInputs = with python3.pkgs; [ + poetry-core + ]; + + propagatedBuildInputs = with python3.pkgs; [ + aiodns + aiohttp + appdirs + cchardet + click + colorama + prompt_toolkit + xpath-expressions + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "xcat" ]; + + meta = with lib; { + description = "XPath injection tool"; + longDescription = '' + xcat is an advanced tool for exploiting XPath injection vulnerabilities, + featuring a comprehensive set of features to read the entire file being + queried as well as other files on the filesystem, environment variables + and directories. + ''; + homepage = "https://github.com/orf/xcat"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yara/default.nix b/nixpkgs/pkgs/tools/security/yara/default.nix index f11e772390d9..844004c3b9e5 100644 --- a/nixpkgs/pkgs/tools/security/yara/default.nix +++ b/nixpkgs/pkgs/tools/security/yara/default.nix @@ -1,4 +1,5 @@ { lib, stdenv +, fetchpatch , fetchFromGitHub , autoreconfHook , pcre @@ -10,14 +11,14 @@ }: stdenv.mkDerivation rec { - version = "4.0.1"; + version = "4.0.5"; pname = "yara"; src = fetchFromGitHub { owner = "VirusTotal"; repo = "yara"; rev = "v${version}"; - sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk"; + sha256 = "1gkdll2ygdlqy1f27a5b84gw2bq75ss7acsx06yhiss90qwdaalq"; }; nativeBuildInputs = [ autoreconfHook pkg-config ]; @@ -30,6 +31,19 @@ stdenv.mkDerivation rec { preConfigure = "./bootstrap.sh"; + # If static builds are disabled, `make all-am` will fail to find libyara.a and + # cause a build failure. It appears that somewhere between yara 4.0.1 and + # 4.0.5, linking the yara binaries dynamically against libyara.so was broken. + # + # This was already fixed in yara master. Backport the patch to yara 4.0.5. + patches = [ + (fetchpatch { + name = "fix-build-with-no-static.patch"; + url = "https://github.com/VirusTotal/yara/commit/52e6866023b9aca26571c78fb8759bc3a51ba6dc.diff"; + sha256 = "074cf99j0rqiyacp60j1hkvjqxia7qwd11xjqgcr8jmfwihb38nr"; + }) + ]; + configureFlags = [ (lib.withFeature withCrypto "crypto") (lib.enableFeature enableMagic "magic") diff --git a/nixpkgs/pkgs/tools/security/zdns/default.nix b/nixpkgs/pkgs/tools/security/zdns/default.nix new file mode 100644 index 000000000000..913735d4cb9f --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zdns/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "zdns"; + version = "20210327-${lib.strings.substring 0 7 rev}"; + rev = "8c53210f0b9a4fe16c70a5d854e9413c3d0c1ba2"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + inherit rev; + sha256 = "0pdfz1489ynpw72flalnlkwybp683v826icjx7ljys45xvagdvck"; + }; + + vendorSha256 = "0b8h5n01xmhar1a09svb35ah48k9zdy1mn5balq0h2l0jxr05z78"; + + subPackages = [ "zdns" ]; + + meta = with lib; { + description = "CLI DNS lookup tool"; + homepage = "https://github.com/zmap/zdns"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zgrab2/default.nix b/nixpkgs/pkgs/tools/security/zgrab2/default.nix new file mode 100644 index 000000000000..b8863a6a94e4 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zgrab2/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "zgrab2"; + version = "20210327-${lib.strings.substring 0 7 rev}"; + rev = "17a5257565c758e2b817511d15476d330be0a17a"; + + src = fetchFromGitHub { + owner = "zmap"; + repo = pname; + inherit rev; + sha256 = "1hxk2jggj8lww97lwmks46i001p5ycnxnck8yya6d0fd3ayxvw2w"; + }; + + vendorSha256 = "1s0azy5b5hi5h24vs6a9f1n70l980vkid28ihqh10zq6ajmds2z3"; + + subPackages = [ "cmd/zgrab2" ]; + + meta = with lib; { + description = "Web application scanner"; + homepage = "https://github.com/zmap/zgrab2"; + license = with licenses; [ asl20 isc ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zsteg/Gemfile b/nixpkgs/pkgs/tools/security/zsteg/Gemfile new file mode 100644 index 000000000000..814e5fe8ad4e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'zsteg' diff --git a/nixpkgs/pkgs/tools/security/zsteg/Gemfile.lock b/nixpkgs/pkgs/tools/security/zsteg/Gemfile.lock new file mode 100644 index 000000000000..b611fb93f5a9 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/Gemfile.lock @@ -0,0 +1,19 @@ +GEM + remote: https://rubygems.org/ + specs: + iostruct (0.0.4) + rainbow (3.0.0) + zpng (0.3.1) + rainbow + zsteg (0.2.2) + iostruct + zpng (>= 0.3.1) + +PLATFORMS + ruby + +DEPENDENCIES + zsteg + +BUNDLED WITH + 2.1.4 diff --git a/nixpkgs/pkgs/tools/security/zsteg/default.nix b/nixpkgs/pkgs/tools/security/zsteg/default.nix new file mode 100644 index 000000000000..e47f285de70a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/default.nix @@ -0,0 +1,16 @@ +{ lib, bundlerApp }: + +bundlerApp { + pname = "zsteg"; + + gemdir = ./.; + + exes = [ "zsteg" ]; + + meta = with lib; { + description = "Detect stegano-hidden data in PNG & BMP."; + homepage = "http://zed.0xff.me/"; + license = licenses.mit; + maintainers = with maintainers; [ applePrincess ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/zsteg/gemset.nix b/nixpkgs/pkgs/tools/security/zsteg/gemset.nix new file mode 100644 index 000000000000..4f5bd79ce44c --- /dev/null +++ b/nixpkgs/pkgs/tools/security/zsteg/gemset.nix @@ -0,0 +1,44 @@ +{ + iostruct = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0kwp6ryis32j3z7myw8g7v1yszwrwyl04g2c7flr42pwxga1afxc"; + type = "gem"; + }; + version = "0.0.4"; + }; + rainbow = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0bb2fpjspydr6x0s8pn1pqkzmxszvkfapv0p4627mywl7ky4zkhk"; + type = "gem"; + }; + version = "3.0.0"; + }; + zpng = { + dependencies = ["rainbow"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0ciyab7qxqsxjhfvr6rbpdzg655fi1zygqg9sd9m6wmgc037dj74"; + type = "gem"; + }; + version = "0.3.1"; + }; + zsteg = { + dependencies = ["iostruct" "zpng"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mwajlsgs27449n2yf2f9hz8g46qv9bz9f58i9cz1jg58spvpxpk"; + type = "gem"; + }; + version = "0.2.2"; + }; +} |