diff options
Diffstat (limited to 'pkgs/tools/security')
25 files changed, 393 insertions, 50 deletions
diff --git a/pkgs/tools/security/bettercap/Gemfile b/pkgs/tools/security/bettercap/Gemfile new file mode 100644 index 000000000000..8fb2a1c300a7 --- /dev/null +++ b/pkgs/tools/security/bettercap/Gemfile @@ -0,0 +1,2 @@ +source 'https://rubygems.org' +gem 'bettercap' diff --git a/pkgs/tools/security/bettercap/Gemfile.lock b/pkgs/tools/security/bettercap/Gemfile.lock new file mode 100644 index 000000000000..9260d1fd5ab6 --- /dev/null +++ b/pkgs/tools/security/bettercap/Gemfile.lock @@ -0,0 +1,42 @@ +GEM + remote: https://rubygems.org/ + specs: + bettercap (1.6.2) + colorize (~> 0.8.0) + em-proxy (~> 0.1, >= 0.1.8) + net-dns (~> 0.8, >= 0.8.0) + network_interface (~> 0.0, >= 0.0.1) + packetfu (~> 1.1, >= 1.1.10) + pcaprub (~> 0.12, >= 0.12.0, <= 1.1.11) + rubydns (~> 1.0, >= 1.0.3) + celluloid (0.16.0) + timers (~> 4.0.0) + celluloid-io (0.16.2) + celluloid (>= 0.16.0) + nio4r (>= 1.1.0) + colorize (0.8.1) + em-proxy (0.1.9) + eventmachine + eventmachine (1.2.5) + hitimes (1.2.6) + net-dns (0.8.0) + network_interface (0.0.2) + nio4r (2.2.0) + packetfu (1.1.13) + pcaprub + pcaprub (0.12.4) + rubydns (1.0.3) + celluloid (= 0.16.0) + celluloid-io (= 0.16.2) + timers (~> 4.0.1) + timers (4.0.4) + hitimes + +PLATFORMS + ruby + +DEPENDENCIES + bettercap + +BUNDLED WITH + 1.14.6 diff --git a/pkgs/tools/security/bettercap/default.nix b/pkgs/tools/security/bettercap/default.nix new file mode 100644 index 000000000000..46832e83ac96 --- /dev/null +++ b/pkgs/tools/security/bettercap/default.nix @@ -0,0 +1,23 @@ +{ lib, bundlerEnv, ruby, libpcap}: + +bundlerEnv rec { + name = "bettercap-${version}"; + + version = (import gemset).bettercap.version; + inherit ruby; + gemdir = ./.; + gemset = ./gemset.nix; + + buildInputs = [ libpcap ruby ]; + + meta = with lib; { + description = "A man in the middle tool"; + longDescription = '' + BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. + '' ; + homepage = https://www.bettercap.org/; + license = with licenses; gpl3; + maintainers = with maintainers; [ y0no ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/bettercap/gemset.nix b/pkgs/tools/security/bettercap/gemset.nix new file mode 100644 index 000000000000..bd5c33ba22c6 --- /dev/null +++ b/pkgs/tools/security/bettercap/gemset.nix @@ -0,0 +1,121 @@ +{ + bettercap = { + dependencies = ["colorize" "em-proxy" "net-dns" "network_interface" "packetfu" "pcaprub" "rubydns"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1mns96yfyfnksk720p8k83qkwwsid4sicwgrzxaa9gbc53aalll0"; + type = "gem"; + }; + version = "1.6.2"; + }; + celluloid = { + dependencies = ["timers"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "044xk0y7i1xjafzv7blzj5r56s7zr8nzb619arkrl390mf19jxv3"; + type = "gem"; + }; + version = "0.16.0"; + }; + celluloid-io = { + dependencies = ["celluloid" "nio4r"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1l1x0p6daa5vskywrvaxdlanwib3k5pps16axwyy4p8d49pn9rnx"; + type = "gem"; + }; + version = "0.16.2"; + }; + colorize = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "133rqj85n400qk6g3dhf2bmfws34mak1wqihvh3bgy9jhajw580b"; + type = "gem"; + }; + version = "0.8.1"; + }; + em-proxy = { + dependencies = ["eventmachine"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1yzkg6jkmcg859b5mf13igpf8q2bjhsmqjsva05948fi733w5n2j"; + type = "gem"; + }; + version = "0.1.9"; + }; + eventmachine = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "075hdw0fgzldgss3xaqm2dk545736khcvv1fmzbf1sgdlkyh1v8z"; + type = "gem"; + }; + version = "1.2.5"; + }; + hitimes = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "06222h9236jw9jgmdlpi0q7psac1shvxqxqx905qkvabmxdxlfar"; + type = "gem"; + }; + version = "1.2.6"; + }; + net-dns = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "12nal6vhdyg0pbcqpsxqr59h7mbgdhcqp3v0xnzvy167n40gabf9"; + type = "gem"; + }; + version = "0.8.0"; + }; + network_interface = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1xh4knfq77ii4pjzsd2z1p3nd6nrcdjhb2vi5gw36jqj43ffw0zp"; + type = "gem"; + }; + version = "0.0.2"; + }; + nio4r = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0jjrj7vs29w6dfgsxq08226jfbi2j0x62lf4p9zmvyp19dj4z00a"; + type = "gem"; + }; + version = "2.2.0"; + }; + packetfu = { + dependencies = ["pcaprub"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "16ppq9wfxq4x2hss61l5brs3s6fmi8gb50mnp1nnnzb1asq4g8ll"; + type = "gem"; + }; + version = "1.1.13"; + }; + pcaprub = { + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0pl4lqy7308185pfv0197n8b4v20fhd0zb3wlpz284rk8ssclkvz"; + type = "gem"; + }; + version = "0.12.4"; + }; + rubydns = { + dependencies = ["celluloid" "celluloid-io" "timers"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1cvj8li8shz7zn1rc5hdrkqmvr9j187g4y28mvkfvmv1j9hdln62"; + type = "gem"; + }; + version = "1.0.3"; + }; + timers = { + dependencies = ["hitimes"]; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1jx4wb0x182gmbcs90vz0wzfyp8afi1mpl9w5ippfncyk4kffvrz"; + type = "gem"; + }; + version = "4.0.4"; + }; +} \ No newline at end of file diff --git a/pkgs/tools/security/bruteforce-luks/default.nix b/pkgs/tools/security/bruteforce-luks/default.nix index 7b505722efaf..bcd0593e88f8 100644 --- a/pkgs/tools/security/bruteforce-luks/default.nix +++ b/pkgs/tools/security/bruteforce-luks/default.nix @@ -31,6 +31,5 @@ stdenv.mkDerivation rec { ''; license = licenses.gpl3Plus; platforms = platforms.linux; - maintainers = with maintainers; [ nckx ]; }; } diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 506d6fc3fce8..976c58eb1e32 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -1,44 +1,35 @@ -{ stdenv, fetchurl, fetchpatch, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl -, libmilter, pcre }: +{ stdenv, fetchurl, fetchpatch, pkgconfig +, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre +}: stdenv.mkDerivation rec { name = "clamav-${version}"; - version = "0.99.2"; + version = "0.99.3"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${name}.tar.gz"; - sha256 = "0yh2q318bnmf2152g2h1yvzgqbswn0wvbzb8p4kf7v057shxcyqn"; + sha256 = "114f7qk3h0klgm0zzn2394n5spcn91vjc9mq6m03l2p0ls955yh0"; }; - patches = [ - (fetchpatch { - name = "CVE-2017-6420.patch"; - url = "https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc.patch"; - sha256 = "08w3p3a4pmi0cmcmyxkagsbn3g0jgx1jqlc34pn141x0qzrlqr60"; - }) - ]; - # don't install sample config files into the absolute sysconfdir folder postPatch = '' substituteInPlace Makefile.in --replace ' etc ' ' ' ''; + nativeBuildInputs = [ pkgconfig ]; buildInputs = [ zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre ]; + patches = [ ./fd-leak.patch ]; + configureFlags = [ "--sysconfdir=/etc/clamav" - "--with-zlib=${zlib.dev}" - "--disable-zlib-vcheck" # it fails to recognize that 1.2.10 >= 1.2.2 "--disable-llvm" # enabling breaks the build at the moment - "--with-libbz2-prefix=${bzip2.dev}" - "--with-iconv-dir=${libiconv}" + "--with-zlib=${zlib.dev}" "--with-xml=${libxml2.dev}" "--with-openssl=${openssl.dev}" - "--with-libncurses-prefix=${ncurses.dev}" "--with-libcurl=${curl.dev}" - "--with-pcre=${pcre.dev}" "--enable-milter" ]; @@ -51,7 +42,7 @@ stdenv.mkDerivation rec { homepage = http://www.clamav.net; description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats"; license = licenses.gpl2; - maintainers = with maintainers; [ phreedom robberer qknight ]; + maintainers = with maintainers; [ phreedom robberer qknight fpletz ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/clamav/fd-leak.patch b/pkgs/tools/security/clamav/fd-leak.patch new file mode 100644 index 000000000000..2c147901e446 --- /dev/null +++ b/pkgs/tools/security/clamav/fd-leak.patch @@ -0,0 +1,49 @@ +--- a/libclamav/scanners.c 2018-01-26 16:59:00.820231425 +0100 ++++ b/libclamav/scanners.c 2018-01-26 17:39:07.523633805 +0100 +@@ -1366,12 +1366,14 @@ + + if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { + free(tmpname); ++ free(normalized); + return ret; + } + + if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { + cli_ac_freedata(&tmdata); + free(tmpname); ++ free(normalized); + return ret; + } + +@@ -1390,6 +1392,7 @@ + cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); + close(ofd); + free(tmpname); ++ free(normalized); + return CL_EWRITE; + } + text_normalize_reset(&state); +@@ -1424,6 +1427,8 @@ + if (ret) { + cli_ac_freedata(&tmdata); + free(tmpname); ++ free(normalized); ++ close(ofd); + return ret; + } + } +@@ -1466,11 +1471,9 @@ + + } + +- if(ctx->engine->keeptmp) { +- free(tmpname); +- if (ofd >= 0) +- close(ofd); +- } ++ if (ofd >= 0) ++ close(ofd); ++ free(tmpname); + free(normalized); + + if(ret != CL_VIRUS || SCAN_ALL) { diff --git a/pkgs/tools/security/eid-mw/default.nix b/pkgs/tools/security/eid-mw/default.nix index f26b2d3308b7..a11b70917c8d 100644 --- a/pkgs/tools/security/eid-mw/default.nix +++ b/pkgs/tools/security/eid-mw/default.nix @@ -57,7 +57,6 @@ stdenv.mkDerivation rec { and remove all ~/.pki and/or /etc/pki directories no longer needed. ''; - maintainers = with maintainers; [ nckx ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/eid-viewer/default.nix b/pkgs/tools/security/eid-viewer/default.nix index d1b29e137df9..10cc314fe1db 100644 --- a/pkgs/tools/security/eid-viewer/default.nix +++ b/pkgs/tools/security/eid-viewer/default.nix @@ -37,7 +37,6 @@ stdenv.mkDerivation rec { Belgian electronic identity cards. Independent of the eid-mw package, which is required to actually use your eID for authentication or signing. ''; - maintainers = with maintainers; [ nckx ]; platforms = platforms.linux; }; } diff --git a/pkgs/tools/security/enchive/default.nix b/pkgs/tools/security/enchive/default.nix index d045450f9480..8d4cc6ec3ca6 100644 --- a/pkgs/tools/security/enchive/default.nix +++ b/pkgs/tools/security/enchive/default.nix @@ -2,12 +2,12 @@ stdenv.mkDerivation rec { name = "enchive-${version}"; - version = "3.3"; + version = "3.4"; src = fetchFromGitHub { owner = "skeeto"; repo = "enchive"; rev = version; - sha256 = "0i3b0v5dqz56m5ppzm3332yxkw17dxs2zpvf48769ljgjy74irfl"; + sha256 = "0ssxbnsjx4mvaqimp5nzfixpxinhmi12z8lxdd8cj2361wbb54yk"; }; makeFlags = ["PREFIX=$(out)"]; diff --git a/pkgs/tools/security/enpass/data.json b/pkgs/tools/security/enpass/data.json index 28d568d30ae8..accb92b13ea8 100644 --- a/pkgs/tools/security/enpass/data.json +++ b/pkgs/tools/security/enpass/data.json @@ -1,12 +1,12 @@ { "amd64": { - "path": "pool/main/e/enpass/enpass_5.6.0_amd64.deb", - "sha256": "129ae4b4bfb8e0b4fa9acdfb3aebac3dd894364f2f31e9cd3bd5d3567e3a13b7", - "version": "5.6.0" + "path": "pool/main/e/enpass/enpass_5.6.5_amd64.deb", + "sha256": "c7529b745aa462b56eac17af6fe88d4c1610fd2f446d222aaad9510f19212a7d", + "version": "5.6.5" }, "i386": { - "path": "pool/main/e/enpass/enpass_5.6.0_i386.deb", - "sha256": "c456002194c0be08a2c0da68ecf224425e35c46de5292098208e4e2b1f6d88ae", - "version": "5.6.0" + "path": "pool/main/e/enpass/enpass_5.6.5_i386.deb", + "sha256": "de46e27d5552dcd9d72abac8e5c3b6161ad551ce191a2ee689c67367b63ff8f9", + "version": "5.6.5" } } \ No newline at end of file diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix index ca9cdcc8d6c0..a8de8742dd5c 100644 --- a/pkgs/tools/security/fail2ban/default.nix +++ b/pkgs/tools/security/fail2ban/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchFromGitHub, python, pythonPackages, gamin }: -let version = "0.10.1"; in +let version = "0.10.2"; in pythonPackages.buildPythonApplication { name = "fail2ban-${version}"; @@ -9,7 +9,7 @@ pythonPackages.buildPythonApplication { owner = "fail2ban"; repo = "fail2ban"; rev = version; - sha256 = "05ngnjxrwvfdd233s5n2wd8w4ndkpgrgymlfzn6i2fjlwf4hdikj"; + sha256 = "1asn9gp0ybz6fak991vki9vln4ijramvr13rbwpxyj5wfmnh05r5"; }; propagatedBuildInputs = [ gamin ] diff --git a/pkgs/tools/security/gnupg/1.nix b/pkgs/tools/security/gnupg/1.nix index 6acaacd1467e..fa4555dcafb9 100644 --- a/pkgs/tools/security/gnupg/1.nix +++ b/pkgs/tools/security/gnupg/1.nix @@ -1,11 +1,11 @@ { stdenv, fetchurl, readline, bzip2 }: stdenv.mkDerivation rec { - name = "gnupg-1.4.21"; + name = "gnupg-1.4.22"; src = fetchurl { url = "mirror://gnupg/gnupg/${name}.tar.bz2"; - sha256 = "0xi2mshq8f6zbarb5f61c9w2qzwrdbjm4q8fqsrwlzc51h8a6ivb"; + sha256 = "1d1hz4szh1kvwhsw7w2zxa6q5ndrk3qy6hj289l1b8k3xi5s554m"; }; buildInputs = [ readline bzip2 ]; diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix index 7f095a3225bb..a0fc788a69e9 100644 --- a/pkgs/tools/security/keybase/default.nix +++ b/pkgs/tools/security/keybase/default.nix @@ -2,7 +2,7 @@ buildGoPackage rec { name = "keybase-${version}"; - version = "1.0.33"; + version = "1.0.39"; goPackagePath = "github.com/keybase/client"; subPackages = [ "go/keybase" ]; @@ -13,7 +13,7 @@ buildGoPackage rec { owner = "keybase"; repo = "client"; rev = "v${version}"; - sha256 = "1zgvriyir2ga0p4ah9ia1sbl9ydnrnw5ggq4c1ya8gcfgn8vzdsf"; + sha256 = "0b64h536xp8r1q7fa23mf1p8ybnh0fz1n468fp56mvh98vmqys5b"; }; buildFlags = [ "-tags production" ]; diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix index 8d2ac2af010c..3776c883ac71 100644 --- a/pkgs/tools/security/kpcli/default.nix +++ b/pkgs/tools/security/kpcli/default.nix @@ -19,9 +19,9 @@ stdenv.mkDerivation rec { chmod +x $out/bin/kpcli wrapProgram $out/bin/kpcli --set PERL5LIB \ - "${with perlPackages; stdenv.lib.makePerlPath [ + "${with perlPackages; stdenv.lib.makePerlPath ([ CaptureTiny Clipboard Clone CryptRijndael SortNaturally TermReadKey TermShellUI FileKeePass TermReadLineGnu XMLParser - ]}" + ] ++ stdenv.lib.optional stdenv.isDarwin MacPasteboard)}" ''; diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index 45f995a59350..3d31596a43fc 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -58,6 +58,6 @@ in stdenv.mkDerivation rec { homepage = http://www.nmap.org; license = licenses.gpl2; platforms = platforms.all; - maintainers = with maintainers; [ mornfall thoughtpolice fpletz ]; + maintainers = with maintainers; [ thoughtpolice fpletz ]; }; } diff --git a/pkgs/tools/security/notary/default.nix b/pkgs/tools/security/notary/default.nix new file mode 100644 index 000000000000..36685b1d1e49 --- /dev/null +++ b/pkgs/tools/security/notary/default.nix @@ -0,0 +1,55 @@ +{ stdenv, fetchFromGitHub, buildGoPackage, git, libtool }: + +buildGoPackage rec { + name = "notary-${version}"; + version = "0.5.1"; + gitcommit = "9211198"; + + src = fetchFromGitHub { + owner = "theupdateframework"; + repo = "notary"; + rev = "v${version}"; + sha256 = "0z9nsb1mrl0q5j02jkyzbc6xqsm83qzacsckypsxcrijhw935rs5"; + }; + + buildInputs = [ libtool ]; + + goPackagePath = "github.com/docker/notary"; + + buildPhase = '' + cd go/src/github.com/docker/notary + make GITCOMMIT=${gitcommit} GITUNTRACKEDCHANGES= client + ''; + + installPhase = '' + install -D bin/notary $bin/bin/notary + ''; + + meta = with stdenv.lib; { + description = " Notary is a project that allows anyone to have trust over arbitrary collections of data"; + longDescription = '' + The Notary project comprises a server and a client for running and + interacting with trusted collections. See the service architecture + documentation for more information. + + Notary aims to make the internet more secure by making it easy for people + to publish and verify content. We often rely on TLS to secure our + communications with a web server which is inherently flawed, as any + compromise of the server enables malicious content to be substituted for + the legitimate content. + + With Notary, publishers can sign their content offline using keys kept + highly secure. Once the publisher is ready to make the content available, + they can push their signed trusted collection to a Notary Server. + + Consumers, having acquired the publisher's public key through a secure + channel, can then communicate with any notary server or (insecure) mirror, + relying only on the publisher's key to determine the validity and + integrity of the received content. + ''; + license = licenses.asl20; + homepage = https://github.com/theupdateframework/notary; + maintainers = with maintainers; [ vdemeester ]; + platforms = with platforms; unix; + }; +} diff --git a/pkgs/tools/security/onioncircuits/default.nix b/pkgs/tools/security/onioncircuits/default.nix new file mode 100644 index 000000000000..24840426fd46 --- /dev/null +++ b/pkgs/tools/security/onioncircuits/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchgit, pythonPackages, intltool, gtk3, gobjectIntrospection, defaultIconTheme }: + +pythonPackages.buildPythonApplication rec { + name = "onioncircuits-${version}"; + version = "0.5"; + + src = fetchgit { + url = "https://git-tails.immerda.ch/onioncircuits/"; + rev = version; + sha256 = "13mqif9b9iajpkrl9ijspdnvy82kxhprxd5mw3njk68rcn4z2pcm"; + }; + + buildInputs = [ intltool gtk3 gobjectIntrospection ]; + propagatedBuildInputs = with pythonPackages; [ stem distutils_extra pygobject3 ]; + + postFixup = '' + wrapProgram "$out/bin/onioncircuits" \ + --prefix GI_TYPELIB_PATH : "$GI_TYPELIB_PATH" \ + --prefix XDG_DATA_DIRS : "$out/share:${defaultIconTheme}/share" + ''; + + meta = with stdenv.lib; { + homepage = https://tails.boum.org; + description = "GTK application to display Tor circuits and streams"; + license = licenses.gpl3; + maintainers = [ maintainers.phreedom ]; + }; +} + diff --git a/pkgs/tools/security/signing-party/default.nix b/pkgs/tools/security/signing-party/default.nix index 3ec6abc3eb1c..fc7639b1d5a7 100644 --- a/pkgs/tools/security/signing-party/default.nix +++ b/pkgs/tools/security/signing-party/default.nix @@ -14,12 +14,12 @@ let ]; in stdenv.mkDerivation rec { pname = "signing-party"; - version = "2.6"; + version = "2.7"; name = "${pname}-${version}"; src = fetchurl { url = "mirror://debian/pool/main/s/${pname}/${pname}_${version}.orig.tar.gz"; - sha256 = "1n5bpcfpl9vg1xp6r1jhbyahrgdyxp05b5pria1rh4m0qnv8sifr"; + sha256 = "0znklgvxn7k7p6q7r8chcj86zmzildjamr3qlqfxkj5m7yziqr21"; }; sourceRoot = "."; diff --git a/pkgs/tools/security/spectre-meltdown-checker/default.nix b/pkgs/tools/security/spectre-meltdown-checker/default.nix new file mode 100644 index 000000000000..39770433ff36 --- /dev/null +++ b/pkgs/tools/security/spectre-meltdown-checker/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchFromGitHub, makeWrapper, coreutils, binutils-unwrapped }: + +stdenv.mkDerivation rec { + name = "spectre-meltdown-checker-${version}"; + version = "0.33"; + + src = fetchFromGitHub { + owner = "speed47"; + repo = "spectre-meltdown-checker"; + rev = "v${version}"; + sha256 = "0a0vbzjfmvcvak804y2s0301f9bcnr0nwg2piafx6i6ibisp917y"; + }; + + prePatch = '' + substituteInPlace spectre-meltdown-checker.sh \ + --replace /bin/echo ${coreutils}/bin/echo + ''; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = with stdenv.lib; '' + install -Dt $out/lib spectre-meltdown-checker.sh + makeWrapper $out/lib/spectre-meltdown-checker.sh $out/bin/spectre-meltdown-checker \ + --prefix PATH : ${makeBinPath [ binutils-unwrapped ]} + ''; + + meta = with stdenv.lib; { + description = "Spectre & Meltdown vulnerability/mitigation checker for Linux"; + homepage = https://github.com/speed47/spectre-meltdown-checker; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ dotlambda ]; + }; +} diff --git a/pkgs/tools/security/sshuttle/default.nix b/pkgs/tools/security/sshuttle/default.nix index 960d11521a74..8674de1fceed 100644 --- a/pkgs/tools/security/sshuttle/default.nix +++ b/pkgs/tools/security/sshuttle/default.nix @@ -44,7 +44,7 @@ python3Packages.buildPythonApplication rec { target network (though it does require Python 2 at both ends). Works with Linux and Mac OS and supports DNS tunneling. ''; - maintainers = with maintainers; [ domenkozar nckx ]; + maintainers = with maintainers; [ domenkozar ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 87fda1467f0d..782341923fab 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "sslscan-${version}"; - version = "1.11.10"; + version = "1.11.11"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "${version}-rbsec"; - sha256 = "1bxr7p7nhg4b8wkcm7j2xk10gf370sqcvl06vbgnqd3azp55fhpf"; + sha256 = "0k1agdz52pdgihwfwbygp0mlwkf757vcwhvwc0mrz606l2wbmwmr"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 1238a9207603..5192f57582c7 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -5,14 +5,14 @@ }: stdenv.mkDerivation rec { - name = "sudo-1.8.21p2"; + name = "sudo-1.8.22"; src = fetchurl { urls = [ "ftp://ftp.sudo.ws/pub/sudo/${name}.tar.gz" "ftp://ftp.sudo.ws/pub/sudo/OLD/${name}.tar.gz" ]; - sha256 = "0s33szq6q59v5s377l4v6ybsdy7pfq6sz7y364j4x09ssdn79ibl"; + sha256 = "00pxp74xkwdcmrjwy55j0k8p684jk1zx3nzdc11v30q8q8kwnmkj"; }; prePatch = '' diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index a60cea1a738a..4d355bd86b8b 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -3,11 +3,11 @@ }: stdenv.mkDerivation rec { - name = "tor-0.3.1.9"; + name = "tor-0.3.2.9"; src = fetchurl { url = "https://dist.torproject.org/${name}.tar.gz"; - sha256 = "09ixizsr635qyshvrn1m5asjkaz4fm8dx80lc3ajyy0fi7vh86vf"; + sha256 = "03qn55c969zynnx71r82iaqnadpzq0qclq0zmjhb3n4qma8pnnj3"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index ee1b9d844706..166f20dd7d6d 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -5,14 +5,14 @@ }: stdenv.mkDerivation rec { - version = "3.7.0"; + version = "3.7.1"; name = "yara-${version}"; src = fetchFromGitHub { owner = "VirusTotal"; repo = "yara"; rev = "v${version}"; - sha256 = "1giq5677j0vh5vw0nsv5qcqddcif6jckqaxyqg13j0j54n1p6xyj"; + sha256 = "05smkn4ii8irx6ccnzrhwa39pkmrjyxjmfrwh6mhdd8iz51v5cgz"; }; # FIXME: this is probably not the right way to make it work |