about summary refs log tree commit diff
path: root/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r--pkgs/tools/security/aflplusplus/default.nix30
-rw-r--r--pkgs/tools/security/bitwarden/default.nix4
-rw-r--r--pkgs/tools/security/bitwarden_rs/default.nix6
-rw-r--r--pkgs/tools/security/bitwarden_rs/vault.nix4
-rw-r--r--pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch24
-rw-r--r--pkgs/tools/security/doas/default.nix6
-rw-r--r--pkgs/tools/security/ecryptfs/default.nix13
-rw-r--r--pkgs/tools/security/fprintd/default.nix104
-rw-r--r--pkgs/tools/security/gnupg-pkcs11-scd/default.nix2
-rw-r--r--pkgs/tools/security/hash_extender/default.nix9
-rw-r--r--pkgs/tools/security/hcxdumptool/default.nix4
-rw-r--r--pkgs/tools/security/ibm-sw-tpm2/default.nix4
-rw-r--r--pkgs/tools/security/keybase/gui.nix2
-rw-r--r--pkgs/tools/security/keysmith/default.nix45
-rw-r--r--pkgs/tools/security/tor/default.nix4
-rw-r--r--pkgs/tools/security/tpm2-tools/default.nix4
-rw-r--r--pkgs/tools/security/yara/default.nix28
17 files changed, 207 insertions, 86 deletions
diff --git a/pkgs/tools/security/aflplusplus/default.nix b/pkgs/tools/security/aflplusplus/default.nix
index f99be6d75758..a0ef58ae8b61 100644
--- a/pkgs/tools/security/aflplusplus/default.nix
+++ b/pkgs/tools/security/aflplusplus/default.nix
@@ -1,6 +1,6 @@
 { stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper
-, clang_9, llvm_9, gcc, which, libcgroup, python, perl, gmp
-, file, cmocka, wine ? null, fetchpatch
+, clang, llvm, gcc, which, libcgroup, python, perl, gmp
+, file, wine ? null, fetchpatch
 }:
 
 # wine fuzzing is only known to work for win32 binaries, and using a mixture of
@@ -17,38 +17,28 @@ let
   libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; };
   aflplusplus = stdenvNoCC.mkDerivation rec {
     pname = "aflplusplus";
-    version = "2.64c";
+    version = "2.65c";
 
     src = fetchFromGitHub {
       owner = "AFLplusplus";
       repo = "AFLplusplus";
       rev = version;
-      sha256 = "0n618pk6nlmkcbv1qm05fny4mnhcprrw0ppmra1phvk1y22iildj";
+      sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l";
     };
     enableParallelBuilding = true;
 
-    # build of unsigaction32 broken in 2.64c:
-    # https://github.com/AFLplusplus/AFLplusplus/commit/079fdbf9bc5be1adba19e4bd08be965bd4dd79dc#commitcomment-38428357
-    # The applied patch fixes it.
-    patches = [
-      (fetchpatch {
-        url = "https://github.com/AFLplusplus/AFLplusplus/commit/5b9928f1a9d4b017ea04365ca8b522fde71236eb.patch";
-        sha256 = "1m4w9w4jaxb2mjkwvr6r4qa2j5cdzzpchjphpwd95861h0zvb6hh";
-      })
-    ];
-
     # Note: libcgroup isn't needed for building, just for the afl-cgroup
     # script.
-    nativeBuildInputs = [ makeWrapper which clang_9 gcc ];
-    buildInputs = [ llvm_9 python gmp ]
+    nativeBuildInputs = [ makeWrapper which clang gcc ];
+    buildInputs = [ llvm python gmp ]
       ++ stdenv.lib.optional (wine != null) python.pkgs.wrapPython;
 
 
     postPatch = ''
       # Replace the CLANG_BIN variables with the correct path
       substituteInPlace llvm_mode/afl-clang-fast.c \
-        --replace "CLANGPP_BIN" '"${clang_9}/bin/clang++"' \
-        --replace "CLANG_BIN" '"${clang_9}/bin/clang"' \
+        --replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \
+        --replace "CLANG_BIN" '"${clang}/bin/clang"' \
         --replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")"
 
       # Replace "gcc" and friends with full paths in afl-gcc
@@ -115,7 +105,7 @@ let
         wrapPythonProgramsIn $out/bin ${python.pkgs.pefile}
     '';
 
-    installCheckInputs = [ perl file cmocka ];
+    installCheckInputs = [ perl file ];
     doInstallCheck = true;
     installCheckPhase = ''
       # replace references to tools in build directory with references to installed locations
@@ -123,7 +113,7 @@ let
         --replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \
         --replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \
         --replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`'
-      perl -pi -e 's|(?<!\.)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh
+      perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh
       cd test && ./test.sh
     '';
 
diff --git a/pkgs/tools/security/bitwarden/default.nix b/pkgs/tools/security/bitwarden/default.nix
index f2abc376cd27..2da8840eee1c 100644
--- a/pkgs/tools/security/bitwarden/default.nix
+++ b/pkgs/tools/security/bitwarden/default.nix
@@ -16,11 +16,11 @@ let
   pname = "bitwarden";
 
   version = {
-    x86_64-linux = "1.17.2";
+    x86_64-linux = "1.18.0";
   }.${system} or "";
 
   sha256 = {
-    x86_64-linux = "0v7lrwj3sdypnqayknwg0cg9c2gfsxbjic5wswkfxljy652x8izx";
+    x86_64-linux = "04rry33jccf65smzpjp1dhcirffdb7y36yn8whqaikhsavsawx3j";
   }.${system} or "";
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/security/bitwarden_rs/default.nix b/pkgs/tools/security/bitwarden_rs/default.nix
index 6d3c4bccef9f..158485dc982f 100644
--- a/pkgs/tools/security/bitwarden_rs/default.nix
+++ b/pkgs/tools/security/bitwarden_rs/default.nix
@@ -8,13 +8,13 @@ let
 
 in rustPlatform.buildRustPackage rec {
   pname = "bitwarden_rs";
-  version = "1.14.2";
+  version = "1.15.0";
 
   src = fetchFromGitHub {
     owner = "dani-garcia";
     repo = pname;
     rev = version;
-    sha256 = "0413yjbnj4k917x48h1gnj64kygbr6c1n55f23qkvj0hgbxpgssz";
+    sha256 = "12mr7d0mjlh7za4nc3s7cizzbd6v0zfmd7q9s0f7pqz56vw5m21s";
   };
 
   nativeBuildInputs = [ pkgconfig ];
@@ -25,7 +25,7 @@ in rustPlatform.buildRustPackage rec {
 
   RUSTC_BOOTSTRAP = 1;
 
-  cargoSha256 = "09747f9g7yyq9c8wbfdb3hwxii5xq23ynhba0vc01nhjpjyn0ksd";
+  cargoSha256 = "0nacc8xvbkdzbyx4c17hdh03v9ykpis74pbpxkn6v95njw14wq53";
   cargoBuildFlags = [ featuresFlag ];
 
   checkPhase = ''
diff --git a/pkgs/tools/security/bitwarden_rs/vault.nix b/pkgs/tools/security/bitwarden_rs/vault.nix
index 0c60ab621063..256bf458b3bb 100644
--- a/pkgs/tools/security/bitwarden_rs/vault.nix
+++ b/pkgs/tools/security/bitwarden_rs/vault.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bitwarden_rs-vault";
-  version = "2.13.2b";
+  version = "2.14.0";
 
   src = fetchurl {
     url = "https://github.com/dani-garcia/bw_web_builds/releases/download/v${version}/bw_web_v${version}.tar.gz";
-    sha256 = "1pba3d04gfnviv8r98anpv7m8r9r417s352r5fz8qzg8lr070540";
+    sha256 = "16620md9lsxw6s0qzv5vj9kfkgxnlaxfrax6s2h3h39skza80x2c";
   };
 
   buildCommand = ''
diff --git a/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch b/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
new file mode 100644
index 000000000000..d1a1997ba1f6
--- /dev/null
+++ b/pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
@@ -0,0 +1,24 @@
+From 9218347b8f833ab05d016dfba5617dcdeb59eb7b Mon Sep 17 00:00:00 2001
+From: Cole Helbling <cole.e.helbling@outlook.com>
+Date: Wed, 27 May 2020 08:02:57 -0700
+Subject: [PATCH] add NixOS-specific dirs to safe PATH
+
+---
+ doas.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/doas.c b/doas.c
+index e253905..2fdb20f 100644
+--- a/doas.c
++++ b/doas.c
+@@ -234,6 +234,7 @@ int
+ main(int argc, char **argv)
+ {
+ 	const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
++	    "/run/current-system/sw/bin:/run/current-system/sw/sbin:/run/wrappers/bin:"
+ 	    "/usr/local/bin:/usr/local/sbin";
+ 	const char *confpath = NULL;
+ 	char *shargv[] = { NULL, NULL };
+-- 
+2.26.2
+
diff --git a/pkgs/tools/security/doas/default.nix b/pkgs/tools/security/doas/default.nix
index 8cc9017a8fea..baa2fc301a89 100644
--- a/pkgs/tools/security/doas/default.nix
+++ b/pkgs/tools/security/doas/default.nix
@@ -26,6 +26,12 @@ stdenv.mkDerivation rec {
     "--pamdir=${placeholder "out"}/etc/pam.d"
   ];
 
+  patches = [
+    # Allow doas to discover binaries in /run/current-system/sw/{s,}bin and
+    # /run/wrappers/bin
+    ./0001-add-NixOS-specific-dirs-to-safe-PATH.patch
+  ];
+
   postPatch = ''
     sed -i '/\(chown\|chmod\)/d' bsd.prog.mk
   '';
diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix
index 9fd8c3ac7a22..e4caa9c4e18d 100644
--- a/pkgs/tools/security/ecryptfs/default.nix
+++ b/pkgs/tools/security/ecryptfs/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam
+{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam, enablePython ? false
 , intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }:
 
 stdenv.mkDerivation rec {
@@ -33,8 +33,15 @@ stdenv.mkDerivation rec {
     done
   '';
 
-  nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ perl nss nspr python2 pam intltool makeWrapper ];
+  configureFlags = stdenv.lib.optionals (!enablePython) [ "--disable-pywrap" ];
+
+  nativeBuildInputs = [ pkgconfig ]
+  # if python2 support is requested, it is needed at builtime as well as runtime.
+  ++ stdenv.lib.optionals (enablePython) [ python2 ]
+  ;
+  buildInputs = [ perl nss nspr pam intltool makeWrapper ]
+  ++ stdenv.lib.optionals (enablePython) [ python2 ]
+  ;
   propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ];
 
   postInstall = ''
diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix
index b119a6ed29ff..b14aff386aba 100644
--- a/pkgs/tools/security/fprintd/default.nix
+++ b/pkgs/tools/security/fprintd/default.nix
@@ -1,42 +1,70 @@
-{ thinkpad ? false
-, stdenv
-, fetchurl
+{ stdenv
+, fetchFromGitLab
 , fetchpatch
 , pkgconfig
-, intltool
-, libfprint-thinkpad ? null
-, libfprint ? null
+, meson
+, ninja
+, perl
+, gettext
+, cairo
+, gtk-doc
+, libxslt
+, docbook-xsl-nons
+, docbook_xml_dtd_412
 , glib
+, dbus
 , dbus-glib
 , polkit
 , nss
 , pam
 , systemd
-, autoreconfHook
-, gtk-doc
+, libfprint
+, python3
 }:
 
 stdenv.mkDerivation rec {
-  pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad";
-  version = "0.9.0";
+  pname = "fprintd";
+  version = "1.90.1";
+  outputs = [ "out" "devdoc" ];
 
-  src = fetchurl {
-    url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/9dec4b63d1f00e637070be1477ce63c0/fprintd-${version}.tar.xz";
-    sha256 = "182gcnwb6zjwmk0dn562rjmpbk7ac7dhipbfdhfic2sn1jzis49p";
+  src = fetchFromGitLab {
+    domain = "gitlab.freedesktop.org";
+    owner = "libfprint";
+    repo = pname;
+    rev = version;
+    sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg";
   };
 
   patches = [
+    # Fixes issue with ":" when there is multiple paths (might be the case on NixOS)
+    # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch";
+      sha256 = "0f88dhizai8jz7hpm5lpki1fx4593zcy89iwi4brsqbqc7jp9ls0";
+    })
+
+    # Fix locating libpam_wrapper for tests
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch";
+      sha256 = "0qqy090p93lzabavwjxzxaqidkcb3ifacl0d3yh1q7ms2a58yyz3";
+    })
     (fetchpatch {
-      url = "https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/16.patch";
-      sha256 = "1y39zsmxjll9hip8464qwhq5qg06c13pnafyafgxdph75lvhdll7";
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch";
+      sha256 = "1bc9g6kc95imlcdpvp8qgqjsnsxg6nipr6817c1pz5i407yvw1iy";
     })
   ];
 
   nativeBuildInputs = [
-    intltool
     pkgconfig
-    autoreconfHook # Drop with above patch
-    gtk-doc # Drop with above patch
+    meson
+    ninja
+    perl
+    gettext
+    gtk-doc
+    libxslt
+    dbus
+    docbook-xsl-nons
+    docbook_xml_dtd_412
   ];
 
   buildInputs = [
@@ -46,23 +74,43 @@ stdenv.mkDerivation rec {
     nss
     pam
     systemd
-  ]
-  ++ stdenv.lib.optional thinkpad libfprint-thinkpad
-  ++ stdenv.lib.optional (!thinkpad) libfprint
-  ;
+    libfprint
+  ];
+
+  checkInputs = with python3.pkgs; [
+    python-dbusmock
+    dbus-python
+    pygobject3
+    pycairo
+    pypamtest
+  ];
 
-  configureFlags = [
-    # is hardcoded to /var/lib/fprint, this is for the StateDirectory install target
-    "--localstatedir=${placeholder "out"}/var"
-    "--sysconfdir=${placeholder "out"}/etc"
-    "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
+  mesonFlags = [
+    "-Dgtk_doc=true"
+    "-Dpam_modules_dir=${placeholder "out"}/lib/security"
+    "-Dsysconfdir=${placeholder "out"}/etc"
+    "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services"
+    "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system"
   ];
 
+  PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces";
+  PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
+  PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share";
+
+  # FIXME: Ugly hack for tests to find libpam_wrapper.so
+  LIBRARY_PATH = stdenv.lib.makeLibraryPath [ python3.pkgs.pypamtest ];
+
+  doCheck = true;
+
+  postPatch = ''
+    patchShebangs po/check-translations.sh
+  '';
+
   meta = with stdenv.lib; {
     homepage = "https://fprint.freedesktop.org/";
     description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus";
     license = licenses.gpl2;
     platforms = platforms.linux;
-    maintainers = with maintainers; [ abbradar ];
+    maintainers = with maintainers; [ abbradar elyhaka ];
   };
 }
diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix
index 4d6b97c7192e..e173f66f7483 100644
--- a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix
+++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2";
-    sha256 = "sha256:1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx";
+    sha256 = "1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx";
   };
 
   buildInputs = [ pkcs11helper pkgconfig openssl ];
diff --git a/pkgs/tools/security/hash_extender/default.nix b/pkgs/tools/security/hash_extender/default.nix
index 6efa780e1cd3..5bda599f0f0c 100644
--- a/pkgs/tools/security/hash_extender/default.nix
+++ b/pkgs/tools/security/hash_extender/default.nix
@@ -2,17 +2,20 @@
 
 stdenv.mkDerivation {
   pname = "hash_extender";
-  version = "2017-04-10";
+  version = "unstable-2020-03-24";
 
   src = fetchFromGitHub {
     owner = "iagox86";
     repo = "hash_extender";
-    rev = "d27581e062dd0b534074e11d7d311f65a6d7af21";
-    sha256 = "1npwbgqaynjh5x39halw43i116v89sxkpa1g1bbvc1lpi8hkhhcb";
+    rev = "cb8aaee49f93e9c0d2f03eb3cafb429c9eed723d";
+    sha256 = "1fj118566hr1wv03az2w0iqknazsqqkak0mvlcvwpgr6midjqi9b";
   };
 
   buildInputs = [ openssl ];
 
+  doCheck = true;
+  checkPhase = "./hash_extender --test";
+
   installPhase = ''
     mkdir -p $out/bin
     cp hash_extender $out/bin
diff --git a/pkgs/tools/security/hcxdumptool/default.nix b/pkgs/tools/security/hcxdumptool/default.nix
index 6a2eee471432..c7a5a9985552 100644
--- a/pkgs/tools/security/hcxdumptool/default.nix
+++ b/pkgs/tools/security/hcxdumptool/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "hcxdumptool";
-  version = "6.0.5";
+  version = "6.0.6";
 
   src = fetchFromGitHub {
     owner = "ZerBea";
     repo = "hcxdumptool";
     rev = version;
-    sha256 = "0rh19lblz8wp8q2x123nlwvxq1pjq9zw12w18z83v2l2knjbc524";
+    sha256 = "1b4d543y64ib92w9gcmiyjn5hz2vyjqmxk3f3yr1zk04fhw16gmf";
   };
 
   buildInputs = [ openssl ];
diff --git a/pkgs/tools/security/ibm-sw-tpm2/default.nix b/pkgs/tools/security/ibm-sw-tpm2/default.nix
index 5e1d460a4634..d6e8a521a2fa 100644
--- a/pkgs/tools/security/ibm-sw-tpm2/default.nix
+++ b/pkgs/tools/security/ibm-sw-tpm2/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "ibm-sw-tpm2";
-  version = "1563";
+  version = "1628";
 
   src = fetchurl {
     url = "mirror://sourceforge/ibmswtpm2/ibmtpm${version}.tar.gz";
-    sha256 = "1sfi7drmbm08rgd2414s3sxd7h5g8d4kiwk40xklf7sw67w1ffpw";
+    sha256 = "18wywbsdp5sjrapznk2ydbmx0whz513dhybn1lls24xfl7kp9s58";
   };
 
   buildInputs = [ openssl ];
diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix
index 054907843909..b745b63ca9d1 100644
--- a/pkgs/tools/security/keybase/gui.nix
+++ b/pkgs/tools/security/keybase/gui.nix
@@ -107,7 +107,7 @@ stdenv.mkDerivation rec {
   meta = with stdenv.lib; {
     homepage = "https://www.keybase.io/";
     description = "The Keybase official GUI";
-    platforms = platforms.linux;
+    platforms = [ "x86_64-linux" ];
     maintainers = with maintainers; [ avaq rvolosatovs puffnfresh np filalex77 ];
     license = licenses.bsd3;
   };
diff --git a/pkgs/tools/security/keysmith/default.nix b/pkgs/tools/security/keysmith/default.nix
new file mode 100644
index 000000000000..b9ab7bb0b4aa
--- /dev/null
+++ b/pkgs/tools/security/keysmith/default.nix
@@ -0,0 +1,45 @@
+{ lib
+, mkDerivation
+, makeWrapper
+, fetchFromGitHub
+, cmake
+, extra-cmake-modules
+, qtbase
+, qtquickcontrols2
+, qtdeclarative
+, qtgraphicaleffects
+, kirigami2
+, oathToolkit
+}:
+mkDerivation rec {
+
+  pname = "keysmith";
+  version = "0.1";
+
+  src = fetchFromGitHub {
+    owner = "KDE";
+    repo = "keysmith";
+    rev = "v${version}";
+    sha256 = "15fzf0bvarivm32zqa5w71mscpxdac64ykiawc5hx6kplz93bsgx";
+  };
+
+  nativeBuildInputs = [ cmake extra-cmake-modules makeWrapper ];
+
+  buildInputs = [ oathToolkit kirigami2 qtquickcontrols2 qtbase ];
+
+  postInstall = ''
+    mv $out/bin/org.kde.keysmith $out/bin/.org.kde.keysmith-wrapped
+    makeWrapper $out/bin/.org.kde.keysmith-wrapped $out/bin/org.kde.keysmith \
+      --set QML2_IMPORT_PATH "${lib.getLib kirigami2}/lib/qt-5.12.7/qml:${lib.getBin qtquickcontrols2}/lib/qt-5.12.7/qml:${lib.getBin qtdeclarative}/lib/qt-5.12.7/qml:${qtgraphicaleffects}/lib/qt-5.12.7/qml" \
+      --set QT_PLUGIN_PATH "${lib.getBin qtbase}/lib/qt-5.12.7/plugins"
+    ln -s $out/bin/org.kde.keysmith $out/bin/keysmith
+  '';
+
+  meta = with lib; {
+    description = "OTP client for Plasma Mobile and Desktop";
+    license = licenses.gpl3;
+    homepage = "https://github.com/KDE/keysmith";
+    maintainers = with maintainers; [ shamilton ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index e6cd74eda4b1..1e033fa31cee 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -15,11 +15,11 @@
 
 stdenv.mkDerivation rec {
   pname = "tor";
-  version = "0.4.2.7";
+  version = "0.4.3.5";
 
   src = fetchurl {
     url = "https://dist.torproject.org/${pname}-${version}.tar.gz";
-    sha256 = "0v82ngwwmmcb7i9563bgsmrjy6xp83xyhqhaljygd0pkvlsxi886";
+    sha256 = "0s6qspi102drn1nk3gfxs51x992xarc44gkfsi8y3l48wr50wsk1";
   };
 
   outputs = [ "out" "geoip" ];
diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix
index 06826173e340..e6a7621d9877 100644
--- a/pkgs/tools/security/tpm2-tools/default.nix
+++ b/pkgs/tools/security/tpm2-tools/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   pname = "tpm2-tools";
-  version = "4.1.1";
+  version = "4.1.3";
 
   src = fetchurl {
     url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
-    sha256 = "1cd74nd57wmms2yrnzs64xki29rf4kx61kd30fyd56wlicyjdfa0";
+    sha256 = "0117r0zzdnblkibv81y71v3limixsw5m7g9xwf7lcx8fc8836pdv";
   };
 
   nativeBuildInputs = [ pandoc pkgconfig makeWrapper ];
diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index a470ad11caff..8a1195350234 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -1,30 +1,28 @@
-{ stdenv, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pcre
+{ stdenv
+, fetchFromGitHub
+, autoreconfHook
+, pcre
+, pkg-config
+, protobufc
 , withCrypto ? true, openssl
 , enableMagic ? true, file
 , enableCuckoo ? true, jansson
 }:
 
 stdenv.mkDerivation rec {
-  version = "3.11.0";
+  version = "4.0.1";
   pname = "yara";
 
   src = fetchFromGitHub {
     owner = "VirusTotal";
     repo = "yara";
     rev = "v${version}";
-    sha256 = "0mx3xm2a70fx8vlynkavq8gfd9w5yjcix5rx85444i2s1h6kcd0j";
+    sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk";
   };
 
-  # See: https://github.com/VirusTotal/yara/issues/1036
-  # TODO: This patch should not be necessary in the next release
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/VirusTotal/yara/commit/04df811fa61fa54390b274bfcf56d7403c184404.patch";
-      sha256 = "0hsbc2k7nmk2kskll971draz0an4rmcs5v0iql47mz596vqvkzmb";
-    })
-  ];
+  nativeBuildInputs = [ autoreconfHook pkg-config ];
 
-  buildInputs = [ autoconf automake libtool pcre ]
+  buildInputs = [ pcre protobufc ]
     ++ stdenv.lib.optionals withCrypto [ openssl ]
     ++ stdenv.lib.optionals enableMagic [ file ]
     ++ stdenv.lib.optionals enableCuckoo [ jansson ]
@@ -40,8 +38,8 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     description = "The pattern matching swiss knife for malware researchers";
-    homepage    = "http://Virustotal.github.io/yara/";
-    license     = licenses.asl20;
-    platforms   = stdenv.lib.platforms.all;
+    homepage = "http://Virustotal.github.io/yara/";
+    license = licenses.asl20;
+    platforms = platforms.all;
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 12:08:31 +0000