diff options
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/aflplusplus/default.nix | 30 | ||||
-rw-r--r-- | pkgs/tools/security/bitwarden/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/bitwarden_rs/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/bitwarden_rs/vault.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch | 24 | ||||
-rw-r--r-- | pkgs/tools/security/doas/default.nix | 6 | ||||
-rw-r--r-- | pkgs/tools/security/ecryptfs/default.nix | 13 | ||||
-rw-r--r-- | pkgs/tools/security/fprintd/default.nix | 104 | ||||
-rw-r--r-- | pkgs/tools/security/gnupg-pkcs11-scd/default.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/hash_extender/default.nix | 9 | ||||
-rw-r--r-- | pkgs/tools/security/hcxdumptool/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/ibm-sw-tpm2/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/keybase/gui.nix | 2 | ||||
-rw-r--r-- | pkgs/tools/security/keysmith/default.nix | 45 | ||||
-rw-r--r-- | pkgs/tools/security/tor/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/tpm2-tools/default.nix | 4 | ||||
-rw-r--r-- | pkgs/tools/security/yara/default.nix | 28 |
17 files changed, 207 insertions, 86 deletions
diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix index f99be6d75758..a0ef58ae8b61 100644 --- a/pkgs/tools/security/aflplusplus/default.nix +++ b/pkgs/tools/security/aflplusplus/default.nix @@ -1,6 +1,6 @@ { stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper -, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp -, file, cmocka, wine ? null, fetchpatch +, clang, llvm, gcc, which, libcgroup, python, perl, gmp +, file, wine ? null, fetchpatch }: # wine fuzzing is only known to work for win32 binaries, and using a mixture of @@ -17,38 +17,28 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "2.64c"; + version = "2.65c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = version; - sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj"; + sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l"; }; enableParallelBuilding = true; - # build of unsigaction32 broken in 2.64c: - # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357 - # The applied patch fixes it. - patches = [ - (fetchpatch { - url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch"; - sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh"; - }) - ]; - # Note: libcgroup isn't needed for building, just for the afl-cgroup # script. - nativeBuildInputs = [ makeWrapper which clang_9 gcc ]; - buildInputs = [ llvm_9 python gmp ] + nativeBuildInputs = [ makeWrapper which clang gcc ]; + buildInputs = [ llvm python gmp ] ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython; postPatch = '' # Replace the CLANG_BIN variables with the correct path substituteInPlace llvm_mode/afl-clang-fast.c \ - --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \ - --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \ + --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \ + --replace "CLANG_BIN" '"${clang}/bin/clang"' \ --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")" # Replace "gcc" and friends with full paths in afl-gcc @@ -115,7 +105,7 @@ let wrapPythonProgramsIn $out/bin ${python.pkgs.pefile} ''; - installCheckInputs = [ perl file cmocka ]; + installCheckInputs = [ perl file ]; doInstallCheck = true; installCheckPhase = '' # replace references to tools in build directory with references to installed locations @@ -123,7 +113,7 @@ let --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \ --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \ --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`' - perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh + perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh cd test && ./test.sh ''; diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix index f2abc376cd27..2da8840eee1c 100644 --- a/pkgs/tools/security/bitwarden/default.nix +++ b/pkgs/tools/security/bitwarden/default.nix @@ -16,11 +16,11 @@ let pname = "bitwarden"; version = { - x86_64-linux = "1.17.2"; + x86_64-linux = "1.18.0"; }.${system} or ""; sha256 = { - x86_64-linux = "0v7lrwj3sdypnqayknwg0cg9c2gfsxbjic5wswkfxljy652x8izx"; + x86_64-linux = "04rry33jccf65smzpjp1dhcirffdb7y36yn8whqaikhsavsawx3j"; }.${system} or ""; meta = with stdenv.lib; { diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix index 6d3c4bccef9f..158485dc982f 100644 --- a/pkgs/tools/security/bitwarden_rs/default.nix +++ b/pkgs/tools/security/bitwarden_rs/default.nix @@ -8,13 +8,13 @@ let in rustPlatform.buildRustPackage rec { pname = "bitwarden_rs"; - version = "1.14.2"; + version = "1.15.0"; src = fetchFromGitHub { owner = "dani-garcia"; repo = pname; rev = version; - sha256 = "0413yjbnj4k917x48h1gnj64kygbr6c1n55f23qkvj0hgbxpgssz"; + sha256 = "12mr7d0mjlh7za4nc3s7cizzbd6v0zfmd7q9s0f7pqz56vw5m21s"; }; nativeBuildInputs = [ pkgconfig ]; @@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec { RUSTC_BOOTSTRAP = 1; - cargoSha256 = "09747f9g7yyq9c8wbfdb3hwxii5xq23ynhba0vc01nhjpjyn0ksd"; + cargoSha256 = "0nacc8xvbkdzbyx4c17hdh03v9ykpis74pbpxkn6v95njw14wq53"; cargoBuildFlags = [ featuresFlag ]; checkPhase = '' diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix index 0c60ab621063..256bf458b3bb 100644 --- a/pkgs/tools/security/bitwarden_rs/vault.nix +++ b/pkgs/tools/security/bitwarden_rs/vault.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "bitwarden_rs-vault"; - version = "2.13.2b"; + version = "2.14.0"; src = fetchurl { url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz"; - sha256 = "1pba3d04gfnviv8r98anpv7m8r9r417s352r5fz8qzg8lr070540"; + sha256 = "16620md9lsxw6s0qzv5vj9kfkgxnlaxfrax6s2h3h39skza80x2c"; }; buildCommand = '' diff --git a/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch b/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch new file mode 100644 index 000000000000..d1a1997ba1f6 --- /dev/null +++ b/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch @@ -0,0 +1,24 @@ +From 9218347b8f833ab05d016dfba5617dcdeb59eb7b Mon Sep 17 00:00:00 2001 +From: Cole Helbling <cole.e.helbling@outlook.com> +Date: Wed, 27 May 2020 08:02:57 -0700 +Subject: [PATCH] add NixOS-specific dirs to safe PATH + +--- + doas.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/doas.c b/doas.c +index e253905..2fdb20f 100644 +--- a/doas.c ++++ b/doas.c +@@ -234,6 +234,7 @@ int + main(int argc, char **argv) + { + const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" ++ "/run/current-system/sw/bin:/run/current-system/sw/sbin:/run/wrappers/bin:" + "/usr/local/bin:/usr/local/sbin"; + const char *confpath = NULL; + char *shargv[] = { NULL, NULL }; +-- +2.26.2 + diff --git a/pkgs/tools/security/doas/default.nix b/pkgs/tools/security/doas/default.nix index 8cc9017a8fea..baa2fc301a89 100644 --- a/pkgs/tools/security/doas/default.nix +++ b/pkgs/tools/security/doas/default.nix @@ -26,6 +26,12 @@ stdenv.mkDerivation rec { "--pamdir=${placeholder "out"}/etc/pam.d" ]; + patches = [ + # Allow doas to discover binaries in /run/current-system/sw/{s,}bin and + # /run/wrappers/bin + ./0001-add-NixOS-specific-dirs-to-safe-PATH.patch + ]; + postPatch = '' sed -i '/\(chown\|chmod\)/d' bsd.prog.mk ''; diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix index 9fd8c3ac7a22..e4caa9c4e18d 100644 --- a/pkgs/tools/security/ecryptfs/default.nix +++ b/pkgs/tools/security/ecryptfs/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam +{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam, enablePython ? false , intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }: stdenv.mkDerivation rec { @@ -33,8 +33,15 @@ stdenv.mkDerivation rec { done ''; - nativeBuildInputs = [ pkgconfig ]; - buildInputs = [ perl nss nspr python2 pam intltool makeWrapper ]; + configureFlags = stdenv.lib.optionals (!enablePython) [ "--disable-pywrap" ]; + + nativeBuildInputs = [ pkgconfig ] + # if python2 support is requested, it is needed at builtime as well as runtime. + ++ stdenv.lib.optionals (enablePython) [ python2 ] + ; + buildInputs = [ perl nss nspr pam intltool makeWrapper ] + ++ stdenv.lib.optionals (enablePython) [ python2 ] + ; propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ]; postInstall = '' diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix index b119a6ed29ff..b14aff386aba 100644 --- a/pkgs/tools/security/fprintd/default.nix +++ b/pkgs/tools/security/fprintd/default.nix @@ -1,42 +1,70 @@ -{ thinkpad ? false -, stdenv -, fetchurl +{ stdenv +, fetchFromGitLab , fetchpatch , pkgconfig -, intltool -, libfprint-thinkpad ? null -, libfprint ? null +, meson +, ninja +, perl +, gettext +, cairo +, gtk-doc +, libxslt +, docbook-xsl-nons +, docbook_xml_dtd_412 , glib +, dbus , dbus-glib , polkit , nss , pam , systemd -, autoreconfHook -, gtk-doc +, libfprint +, python3 }: stdenv.mkDerivation rec { - pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad"; - version = "0.9.0"; + pname = "fprintd"; + version = "1.90.1"; + outputs = [ "out" "devdoc" ]; - src = fetchurl { - url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/9dec4b63d1f00e637070be1477ce63c0/fprintd-${version}.tar.xz"; - sha256 = "182gcnwb6zjwmk0dn562rjmpbk7ac7dhipbfdhfic2sn1jzis49p"; + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "libfprint"; + repo = pname; + rev = version; + sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg"; }; patches = [ + # Fixes issue with ":" when there is multiple paths (might be the case on NixOS) + # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50 + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch"; + sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0"; + }) + + # Fix locating libpam_wrapper for tests + (fetchpatch { + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch"; + sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3"; + }) (fetchpatch { - url = "https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/16.patch"; - sha256 = "1y39zsmxjll9hip8464qwhq5qg06c13pnafyafgxdph75lvhdll7"; + url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch"; + sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy"; }) ]; nativeBuildInputs = [ - intltool pkgconfig - autoreconfHook # Drop with above patch - gtk-doc # Drop with above patch + meson + ninja + perl + gettext + gtk-doc + libxslt + dbus + docbook-xsl-nons + docbook_xml_dtd_412 ]; buildInputs = [ @@ -46,23 +74,43 @@ stdenv.mkDerivation rec { nss pam systemd - ] - ++ stdenv.lib.optional thinkpad libfprint-thinkpad - ++ stdenv.lib.optional (!thinkpad) libfprint - ; + libfprint + ]; + + checkInputs = with python3.pkgs; [ + python-dbusmock + dbus-python + pygobject3 + pycairo + pypamtest + ]; - configureFlags = [ - # is hardcoded to /var/lib/fprint, this is for the StateDirectory install target - "--localstatedir=${placeholder "out"}/var" - "--sysconfdir=${placeholder "out"}/etc" - "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system" + mesonFlags = [ + "-Dgtk_doc=true" + "-Dpam_modules_dir=${placeholder "out"}/lib/security" + "-Dsysconfdir=${placeholder "out"}/etc" + "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services" + "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system" ]; + PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces"; + PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions"; + PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share"; + + # FIXME: Ugly hack for tests to find libpam_wrapper.so + LIBRARY_PATH = stdenv.lib.makeLibraryPath [ python3.pkgs.pypamtest ]; + + doCheck = true; + + postPatch = '' + patchShebangs po/check-translations.sh + ''; + meta = with stdenv.lib; { homepage = "https://fprint.freedesktop.org/"; description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus"; license = licenses.gpl2; platforms = platforms.linux; - maintainers = with maintainers; [ abbradar ]; + maintainers = with maintainers; [ abbradar elyhaka ]; }; } diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix index 4d6b97c7192e..e173f66f7483 100644 --- a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix +++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -7,7 +7,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; - sha256 = "sha256:1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; + sha256 = "1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; }; buildInputs = [ pkcs11helper pkgconfig openssl ]; diff --git a/pkgs/tools/security/hash_extender/default.nix b/pkgs/tools/security/hash_extender/default.nix index 6efa780e1cd3..5bda599f0f0c 100644 --- a/pkgs/tools/security/hash_extender/default.nix +++ b/pkgs/tools/security/hash_extender/default.nix @@ -2,17 +2,20 @@ stdenv.mkDerivation { pname = "hash_extender"; - version = "2017-04-10"; + version = "unstable-2020-03-24"; src = fetchFromGitHub { owner = "iagox86"; repo = "hash_extender"; - rev = "d27581e062dd0b534074e11d7d311f65a6d7af21"; - sha256 = "1npwbgqaynjh5x39halw43i116v89sxkpa1g1bbvc1lpi8hkhhcb"; + rev = "cb8aaee49f93e9c0d2f03eb3cafb429c9eed723d"; + sha256 = "1fj118566hr1wv03az2w0iqknazsqqkak0mvlcvwpgr6midjqi9b"; }; buildInputs = [ openssl ]; + doCheck = true; + checkPhase = "./hash_extender --test"; + installPhase = '' mkdir -p $out/bin cp hash_extender $out/bin diff --git a/pkgs/tools/security/hcxdumptool/default.nix b/pkgs/tools/security/hcxdumptool/default.nix index 6a2eee471432..c7a5a9985552 100644 --- a/pkgs/tools/security/hcxdumptool/default.nix +++ b/pkgs/tools/security/hcxdumptool/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "hcxdumptool"; - version = "6.0.5"; + version = "6.0.6"; src = fetchFromGitHub { owner = "ZerBea"; repo = "hcxdumptool"; rev = version; - sha256 = "0rh19lblz8wp8q2x123nlwvxq1pjq9zw12w18z83v2l2knjbc524"; + sha256 = "1b4d543y64ib92w9gcmiyjn5hz2vyjqmxk3f3yr1zk04fhw16gmf"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/ibm-sw-tpm2/default.nix b/pkgs/tools/security/ibm-sw-tpm2/default.nix index 5e1d460a4634..d6e8a521a2fa 100644 --- a/pkgs/tools/security/ibm-sw-tpm2/default.nix +++ b/pkgs/tools/security/ibm-sw-tpm2/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { pname = "ibm-sw-tpm2"; - version = "1563"; + version = "1628"; src = fetchurl { url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz"; - sha256 = "1sfi7drmbm08rgd2414s3sxd7h5g8d4kiwk40xklf7sw67w1ffpw"; + sha256 = "18wywbsdp5sjrapznk2ydbmx0whz513dhybn1lls24xfl7kp9s58"; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix index 054907843909..b745b63ca9d1 100644 --- a/pkgs/tools/security/keybase/gui.nix +++ b/pkgs/tools/security/keybase/gui.nix @@ -107,7 +107,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { homepage = "https://www.keybase.io/"; description = "The Keybase official GUI"; - platforms = platforms.linux; + platforms = [ "x86_64-linux" ]; maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np filalex77 ]; license = licenses.bsd3; }; diff --git a/pkgs/tools/security/keysmith/default.nix b/pkgs/tools/security/keysmith/default.nix new file mode 100644 index 000000000000..b9ab7bb0b4aa --- /dev/null +++ b/pkgs/tools/security/keysmith/default.nix @@ -0,0 +1,45 @@ +{ lib +, mkDerivation +, makeWrapper +, fetchFromGitHub +, cmake +, extra-cmake-modules +, qtbase +, qtquickcontrols2 +, qtdeclarative +, qtgraphicaleffects +, kirigami2 +, oathToolkit +}: +mkDerivation rec { + + pname = "keysmith"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "KDE"; + repo = "keysmith"; + rev = "v${version}"; + sha256 = "15fzf0bvarivm32zqa5w71mscpxdac64ykiawc5hx6kplz93bsgx"; + }; + + nativeBuildInputs = [ cmake extra-cmake-modules makeWrapper ]; + + buildInputs = [ oathToolkit kirigami2 qtquickcontrols2 qtbase ]; + + postInstall = '' + mv $out/bin/org.kde.keysmith $out/bin/.org.kde.keysmith-wrapped + makeWrapper $out/bin/.org.kde.keysmith-wrapped $out/bin/org.kde.keysmith \ + --set QML2_IMPORT_PATH "${lib.getLib kirigami2}/lib/qt-5.12.7/qml:${lib.getBin qtquickcontrols2}/lib/qt-5.12.7/qml:${lib.getBin qtdeclarative}/lib/qt-5.12.7/qml:${qtgraphicaleffects}/lib/qt-5.12.7/qml" \ + --set QT_PLUGIN_PATH "${lib.getBin qtbase}/lib/qt-5.12.7/plugins" + ln -s $out/bin/org.kde.keysmith $out/bin/keysmith + ''; + + meta = with lib; { + description = "OTP client for Plasma Mobile and Desktop"; + license = licenses.gpl3; + homepage = "https://github.com/KDE/keysmith"; + maintainers = with maintainers; [ shamilton ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix index e6cd74eda4b1..1e033fa31cee 100644 --- a/pkgs/tools/security/tor/default.nix +++ b/pkgs/tools/security/tor/default.nix @@ -15,11 +15,11 @@ stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.2.7"; + version = "0.4.3.5"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0v82ngwwmmcb7i9563bgsmrjy6xp83xyhqhaljygd0pkvlsxi886"; + sha256 = "0s6qspi102drn1nk3gfxs51x992xarc44gkfsi8y3l48wr50wsk1"; }; outputs = [ "out" "geoip" ]; diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix index 06826173e340..e6a7621d9877 100644 --- a/pkgs/tools/security/tpm2-tools/default.nix +++ b/pkgs/tools/security/tpm2-tools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { pname = "tpm2-tools"; - version = "4.1.1"; + version = "4.1.3"; src = fetchurl { url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz"; - sha256 = "1cd74nd57wmms2yrnzs64xki29rf4kx61kd30fyd56wlicyjdfa0"; + sha256 = "0117r0zzdnblkibv81y71v3limixsw5m7g9xwf7lcx8fc8836pdv"; }; nativeBuildInputs = [ pandoc pkgconfig makeWrapper ]; diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix index a470ad11caff..8a1195350234 100644 --- a/pkgs/tools/security/yara/default.nix +++ b/pkgs/tools/security/yara/default.nix @@ -1,30 +1,28 @@ -{ stdenv, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pcre +{ stdenv +, fetchFromGitHub +, autoreconfHook +, pcre +, pkg-config +, protobufc , withCrypto ? true, openssl , enableMagic ? true, file , enableCuckoo ? true, jansson }: stdenv.mkDerivation rec { - version = "3.11.0"; + version = "4.0.1"; pname = "yara"; src = fetchFromGitHub { owner = "VirusTotal"; repo = "yara"; rev = "v${version}"; - sha256 = "0mx3xm2a70fx8vlynkavq8gfd9w5yjcix5rx85444i2s1h6kcd0j"; + sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk"; }; - # See: https://github.com/VirusTotal/yara/issues/1036 - # TODO: This patch should not be necessary in the next release - patches = [ - (fetchpatch { - url = "https://github.com/VirusTotal/yara/commit/04df811fa61fa54390b274bfcf56d7403c184404.patch"; - sha256 = "0hsbc2k7nmk2kskll971draz0an4rmcs5v0iql47mz596vqvkzmb"; - }) - ]; + nativeBuildInputs = [ autoreconfHook pkg-config ]; - buildInputs = [ autoconf automake libtool pcre ] + buildInputs = [ pcre protobufc ] ++ stdenv.lib.optionals withCrypto [ openssl ] ++ stdenv.lib.optionals enableMagic [ file ] ++ stdenv.lib.optionals enableCuckoo [ jansson ] @@ -40,8 +38,8 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "The pattern matching swiss knife for malware researchers"; - homepage = "http://Virustotal.github.io/yara/"; - license = licenses.asl20; - platforms = stdenv.lib.platforms.all; + homepage = "http://Virustotal.github.io/yara/"; + license = licenses.asl20; + platforms = platforms.all; }; } |