From 2c09a26f498fcb5fd080afb25a1a95198d6bb132 Mon Sep 17 00:00:00 2001
From: Doron Behar <doron.behar@gmail.com>
Date: Tue, 7 Apr 2020 00:14:03 +0300
Subject: ecryptfs: enable building without python2 support

---
 pkgs/tools/security/ecryptfs/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'pkgs/tools/security')

diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix
index 9fd8c3ac7a22..e4caa9c4e18d 100644
--- a/pkgs/tools/security/ecryptfs/default.nix
+++ b/pkgs/tools/security/ecryptfs/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam
+{ stdenv, fetchurl, pkgconfig, perl, utillinux, keyutils, nss, nspr, python2, pam, enablePython ? false
 , intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }:
 
 stdenv.mkDerivation rec {
@@ -33,8 +33,15 @@ stdenv.mkDerivation rec {
     done
   '';
 
-  nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ perl nss nspr python2 pam intltool makeWrapper ];
+  configureFlags = stdenv.lib.optionals (!enablePython) [ "--disable-pywrap" ];
+
+  nativeBuildInputs = [ pkgconfig ]
+  # if python2 support is requested, it is needed at builtime as well as runtime.
+  ++ stdenv.lib.optionals (enablePython) [ python2 ]
+  ;
+  buildInputs = [ perl nss nspr pam intltool makeWrapper ]
+  ++ stdenv.lib.optionals (enablePython) [ python2 ]
+  ;
   propagatedBuildInputs = [ coreutils gettext cryptsetup lvm2 rsync keyutils which ];
 
   postInstall = ''
-- 
cgit 1.4.1


From 131a28e9f2e5f51e37a60af25379cc236f6b71c7 Mon Sep 17 00:00:00 2001
From: Elyhaka <57923898+Elyhaka@users.noreply.github.com>
Date: Tue, 19 May 2020 14:03:31 +0200
Subject: fprintd: 0.9.0 -> 1.90.1

---
 nixos/modules/services/security/fprintd.nix |   1 -
 pkgs/tools/security/fprintd/default.nix     | 104 ++++++++++++++++++++--------
 pkgs/top-level/all-packages.nix             |   3 -
 3 files changed, 76 insertions(+), 32 deletions(-)

(limited to 'pkgs/tools/security')

diff --git a/nixos/modules/services/security/fprintd.nix b/nixos/modules/services/security/fprintd.nix
index 8ece1ca19013..cbac4ef05b8d 100644
--- a/nixos/modules/services/security/fprintd.nix
+++ b/nixos/modules/services/security/fprintd.nix
@@ -29,7 +29,6 @@ in
         type = types.package;
         default = pkgs.fprintd;
         defaultText = "pkgs.fprintd";
-        example = "pkgs.fprintd-thinkpad";
         description = ''
           fprintd package to use.
         '';
diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix
index b119a6ed29ff..62f5dda17f67 100644
--- a/pkgs/tools/security/fprintd/default.nix
+++ b/pkgs/tools/security/fprintd/default.nix
@@ -1,42 +1,70 @@
-{ thinkpad ? false
-, stdenv
-, fetchurl
+{ stdenv
+, fetchFromGitLab
 , fetchpatch
 , pkgconfig
-, intltool
-, libfprint-thinkpad ? null
-, libfprint ? null
+, meson
+, ninja
+, perl
+, gettext
+, cairo
+, gtk-doc
+, libxslt
+, docbook-xsl-nons
+, docbook_xml_dtd_412
 , glib
+, dbus
 , dbus-glib
 , polkit
 , nss
 , pam
 , systemd
-, autoreconfHook
-, gtk-doc
+, libfprint
+, python3
 }:
 
 stdenv.mkDerivation rec {
-  pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad";
-  version = "0.9.0";
+  pname = "fprintd";
+  version = "1.90.1";
+  outputs = [ "out" "devdoc" ];
 
-  src = fetchurl {
-    url = "https://gitlab.freedesktop.org/libfprint/fprintd/uploads/9dec4b63d1f00e637070be1477ce63c0/fprintd-${version}.tar.xz";
-    sha256 = "182gcnwb6zjwmk0dn562rjmpbk7ac7dhipbfdhfic2sn1jzis49p";
+  src = fetchFromGitLab {
+    domain = "gitlab.freedesktop.org";
+    owner = "libfprint";
+    repo = pname;
+    rev = version;
+    sha256 = "0mbzk263x7f58i9cxhs44mrngs7zw5wkm62j5r6xlcidhmfn03cg";
   };
 
   patches = [
+    # Fixes issue with ":" when there is multiple paths (might be the case on NixOS)
+    # https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/50
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/d7fec03f24d10f88d34581c72f0eef201f5eafac.patch";
+      sha256 = "QNN05WF4YZ0XiTwm5NkfqZDuQpyXlnrh+RJF9SNsCDk=";
+    })
+
+    # Fix locating libpam_wrapper for tests
+    (fetchpatch {
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/40.patch";
+      sha256 = "43uPihK6HhygHw1Qplwci80Wseq/S77VUp+OdEECHmM=";
+    })
     (fetchpatch {
-      url = "https://gitlab.freedesktop.org/libfprint/fprintd/merge_requests/16.patch";
-      sha256 = "1y39zsmxjll9hip8464qwhq5qg06c13pnafyafgxdph75lvhdll7";
+      url = "https://gitlab.freedesktop.org/libfprint/fprintd/-/commit/f401f399a85dbeb2de165b9b9162eb552ab6eea7.patch";
+      sha256 = "Pga+/QEkln8DOwGZfKM1r2urJX4Y3X0bozWWxKZ5ia0=";
     })
   ];
 
   nativeBuildInputs = [
-    intltool
     pkgconfig
-    autoreconfHook # Drop with above patch
-    gtk-doc # Drop with above patch
+    meson
+    ninja
+    perl
+    gettext
+    gtk-doc
+    libxslt
+    dbus
+    docbook-xsl-nons
+    docbook_xml_dtd_412
   ];
 
   buildInputs = [
@@ -46,23 +74,43 @@ stdenv.mkDerivation rec {
     nss
     pam
     systemd
-  ]
-  ++ stdenv.lib.optional thinkpad libfprint-thinkpad
-  ++ stdenv.lib.optional (!thinkpad) libfprint
-  ;
+    libfprint
+  ];
+
+  checkInputs = with python3.pkgs; [
+    python-dbusmock
+    dbus-python
+    pygobject3
+    pycairo
+    pypamtest
+  ];
 
-  configureFlags = [
-    # is hardcoded to /var/lib/fprint, this is for the StateDirectory install target
-    "--localstatedir=${placeholder "out"}/var"
-    "--sysconfdir=${placeholder "out"}/etc"
-    "--with-systemdsystemunitdir=${placeholder "out"}/lib/systemd/system"
+  mesonFlags = [
+    "-Dgtk_doc=true"
+    "-Dpam_modules_dir=${placeholder "out"}/lib/security"
+    "-Dsysconfdir=${placeholder "out"}/etc"
+    "-Ddbus_service_dir=${placeholder "out"}/share/dbus-1/system-services"
+    "-Dsystemd_system_unit_dir=${placeholder "out"}/lib/systemd/system"
   ];
 
+  PKG_CONFIG_DBUS_1_INTERFACES_DIR = "${placeholder "out"}/share/dbus-1/interfaces";
+  PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions";
+  PKG_CONFIG_DBUS_1_DATADIR = "${placeholder "out"}/share";
+
+  # FIXME: Ugly hack for tests to find libpam_wrapper.so
+  LIBRARY_PATH = stdenv.lib.makeLibraryPath [ python3.pkgs.pypamtest ];
+
+  doCheck = true;
+
+  postPatch = ''
+    patchShebangs po/check-translations.sh
+  '';
+
   meta = with stdenv.lib; {
     homepage = "https://fprint.freedesktop.org/";
     description = "D-Bus daemon that offers libfprint functionality over the D-Bus interprocess communication bus";
     license = licenses.gpl2;
     platforms = platforms.linux;
-    maintainers = with maintainers; [ abbradar ];
+    maintainers = with maintainers; [ abbradar elyhaka ];
   };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 479798d251b3..37d7e0c7a84f 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -3512,9 +3512,6 @@ in
   fprot = callPackage ../tools/security/fprot { };
 
   fprintd = callPackage ../tools/security/fprintd { };
-  fprintd-thinkpad = fprintd.override {
-    thinkpad = true;
-  };
 
   franz = callPackage ../applications/networking/instant-messengers/franz { };
 
-- 
cgit 1.4.1


From 85e5b5107ff5efafd8502b149b281f6769e342b6 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Wed, 20 May 2020 02:31:41 +0000
Subject: tpm2-tools: 4.1.1 -> 4.1.2

---
 pkgs/tools/security/tpm2-tools/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pkgs/tools/security')

diff --git a/pkgs/tools/security/tpm2-tools/default.nix b/pkgs/tools/security/tpm2-tools/default.nix
index 06826173e340..282b1df299cf 100644
--- a/pkgs/tools/security/tpm2-tools/default.nix
+++ b/pkgs/tools/security/tpm2-tools/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   pname = "tpm2-tools";
-  version = "4.1.1";
+  version = "4.1.2";
 
   src = fetchurl {
     url = "https://github.com/tpm2-software/${pname}/releases/download/${version}/${pname}-${version}.tar.gz";
-    sha256 = "1cd74nd57wmms2yrnzs64xki29rf4kx61kd30fyd56wlicyjdfa0";
+    sha256 = "0di97zmxdh04m2ibyshcgvillwxx6rnd0543scm7q10y7nv74m0p";
   };
 
   nativeBuildInputs = [ pandoc pkgconfig makeWrapper ];
-- 
cgit 1.4.1


From 1aec2c7088122a45d3394f2f4350b27206756fce Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Sun, 24 May 2020 15:41:26 +1000
Subject: yara: 3.11.0 -> 4.0.1

---
 pkgs/tools/security/yara/default.nix | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

(limited to 'pkgs/tools/security')

diff --git a/pkgs/tools/security/yara/default.nix b/pkgs/tools/security/yara/default.nix
index a470ad11caff..8a1195350234 100644
--- a/pkgs/tools/security/yara/default.nix
+++ b/pkgs/tools/security/yara/default.nix
@@ -1,30 +1,28 @@
-{ stdenv, fetchFromGitHub, fetchpatch, autoconf, automake, libtool, pcre
+{ stdenv
+, fetchFromGitHub
+, autoreconfHook
+, pcre
+, pkg-config
+, protobufc
 , withCrypto ? true, openssl
 , enableMagic ? true, file
 , enableCuckoo ? true, jansson
 }:
 
 stdenv.mkDerivation rec {
-  version = "3.11.0";
+  version = "4.0.1";
   pname = "yara";
 
   src = fetchFromGitHub {
     owner = "VirusTotal";
     repo = "yara";
     rev = "v${version}";
-    sha256 = "0mx3xm2a70fx8vlynkavq8gfd9w5yjcix5rx85444i2s1h6kcd0j";
+    sha256 = "0dy8jf0pdn0wilxy1pj6pqjxg7icxkwax09w54np87gl9p00f5rk";
   };
 
-  # See: https://github.com/VirusTotal/yara/issues/1036
-  # TODO: This patch should not be necessary in the next release
-  patches = [
-    (fetchpatch {
-      url = "https://github.com/VirusTotal/yara/commit/04df811fa61fa54390b274bfcf56d7403c184404.patch";
-      sha256 = "0hsbc2k7nmk2kskll971draz0an4rmcs5v0iql47mz596vqvkzmb";
-    })
-  ];
+  nativeBuildInputs = [ autoreconfHook pkg-config ];
 
-  buildInputs = [ autoconf automake libtool pcre ]
+  buildInputs = [ pcre protobufc ]
     ++ stdenv.lib.optionals withCrypto [ openssl ]
     ++ stdenv.lib.optionals enableMagic [ file ]
     ++ stdenv.lib.optionals enableCuckoo [ jansson ]
@@ -40,8 +38,8 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     description = "The pattern matching swiss knife for malware researchers";
-    homepage    = "http://Virustotal.github.io/yara/";
-    license     = licenses.asl20;
-    platforms   = stdenv.lib.platforms.all;
+    homepage = "http://Virustotal.github.io/yara/";
+    license = licenses.asl20;
+    platforms = platforms.all;
   };
 }
-- 
cgit 1.4.1


From a0ea22c3a044e6f078631b6d65b3a2fe06046dc2 Mon Sep 17 00:00:00 2001
From: "R. RyanTM" <ryantm-bot@ryantm.com>
Date: Sun, 24 May 2020 21:09:43 +0000
Subject: hcxdumptool: 6.0.5 -> 6.0.6

---
 pkgs/tools/security/hcxdumptool/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pkgs/tools/security')

diff --git a/pkgs/tools/security/hcxdumptool/default.nix b/pkgs/tools/security/hcxdumptool/default.nix
index 6a2eee471432..c7a5a9985552 100644
--- a/pkgs/tools/security/hcxdumptool/default.nix
+++ b/pkgs/tools/security/hcxdumptool/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "hcxdumptool";
-  version = "6.0.5";
+  version = "6.0.6";
 
   src = fetchFromGitHub {
     owner = "ZerBea";
     repo = "hcxdumptool";
     rev = version;
-    sha256 = "0rh19lblz8wp8q2x123nlwvxq1pjq9zw12w18z83v2l2knjbc524";
+    sha256 = "1b4d543y64ib92w9gcmiyjn5hz2vyjqmxk3f3yr1zk04fhw16gmf";
   };
 
   buildInputs = [ openssl ];
-- 
cgit 1.4.1