Merge staging-next into staging

author: Frederik Rietdijk <fridh@fridh.nl> 2019-08-28 08:26:42 +0200
committer: Frederik Rietdijk <fridh@fridh.nl> 2019-08-28 08:26:42 +0200
commit: 5061fe0c2c7743370e1d379d6fa60eed26ff1470 (patch)
tree: 4a4ee79a6e0694d3c7ad6fbeff33343d83458e6c /pkgs/tools/security
parent: a2538606e3115e16db2e5075ecf37b886ad64ede (diff)
parent: 98640fd48212f8e6552517f667bba1901f5936d4 (diff)
18 files changed, 157 insertions, 26 deletions
diff --git a/pkgs/tools/security/chaps/default.nix b/pkgs/tools/security/chaps/default.nix
index 3c6f52a4c7f6..1270423e9285 100644
--- a/pkgs/tools/security/chaps/default.nix
+++ b/pkgs/tools/security/chaps/default.nix
@@ -80,5 +80,6 @@ stdenv.mkDerivation rec {
     maintainers = [ maintainers.tstrobel ];
     platforms = [ "x86_64-linux" ];
     license = licenses.bsd3;
+    broken = true;  # build failure withn openssl 1.1
   };
 }
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index b52122495479..54932e1200bf 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -5,11 +5,11 @@
 
 stdenv.mkDerivation rec {
   pname = "clamav";
-  version = "0.101.2";
+  version = "0.101.4";
 
   src = fetchurl {
     url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
-    sha256 = "0d3n4y8i5q594h4cjglmvpk4jd73r9ajpp1bvq5lr9zpdzgyn4ha";
+    sha256 = "1kdw0b49hbvja6xn589v4f0q334wav16pmi1hibql5cxj7q99w0b";
   };
 
   # don't install sample config files into the absolute sysconfdir folder
@@ -45,7 +45,7 @@ stdenv.mkDerivation rec {
     homepage = https://www.clamav.net;
     description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats";
     license = licenses.gpl2;
-    maintainers = with maintainers; [ phreedom robberer qknight fpletz ];
+    maintainers = with maintainers; [ phreedom robberer qknight fpletz globin ];
     platforms = platforms.linux;
   };
 }
diff --git a/pkgs/tools/security/dnsenum/default.nix b/pkgs/tools/security/dnsenum/default.nix
index d764e8a71ae6..3374c827d756 100644
--- a/pkgs/tools/security/dnsenum/default.nix
+++ b/pkgs/tools/security/dnsenum/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
   meta = with stdenv.lib; {
     homepage = "https://github.com/fwaeytens/dnsenum";
     description = "A tool to enumerate DNS information";
-    maintainers = with maintainers; [ c0bw3b globin ];
+    maintainers = with maintainers; [ c0bw3b ];
     license = licenses.gpl2Plus;
     platforms = platforms.all;
   };
diff --git a/pkgs/tools/security/dnsrecon/default.nix b/pkgs/tools/security/dnsrecon/default.nix
index 06270723f4d0..2575636aeca2 100644
--- a/pkgs/tools/security/dnsrecon/default.nix
+++ b/pkgs/tools/security/dnsrecon/default.nix
@@ -39,6 +39,6 @@ python3.pkgs.buildPythonApplication rec {
     homepage = "https://github.com/darkoperator/dnsrecon";
     license = licenses.gpl2;
     platforms = platforms.all;
-    maintainers = with maintainers; [ c0bw3b globin ];
+    maintainers = with maintainers; [ c0bw3b ];
   };
 }
diff --git a/pkgs/tools/security/fierce/default.nix b/pkgs/tools/security/fierce/default.nix
index abc1bacd212b..809d8e29ea35 100644
--- a/pkgs/tools/security/fierce/default.nix
+++ b/pkgs/tools/security/fierce/default.nix
@@ -17,7 +17,7 @@ python3.pkgs.buildPythonApplication rec {
     homepage = "https://github.com/mschwager/fierce";
     description = "DNS reconnaissance tool for locating non-contiguous IP space";
     license = licenses.gpl3Plus;
-    maintainers = with maintainers; [ c0bw3b globin ];
+    maintainers = with maintainers; [ c0bw3b ];
     platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/security/hcxtools/default.nix b/pkgs/tools/security/hcxtools/default.nix
index 20ad5bbc0b27..216d58192fbc 100644
--- a/pkgs/tools/security/hcxtools/default.nix
+++ b/pkgs/tools/security/hcxtools/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "hcxtools";
-  version = "5.1.6";
+  version = "5.2.0";
 
   src = fetchFromGitHub {
     owner = "ZerBea";
     repo = pname;
     rev = version;
-    sha256 = "05sjbmv2wq3nlmammrwxqc62c4sagjjgczzddr1jcqkf6kywzkl8";
+    sha256 = "0k2qlq9hz5zc21nyc6yrnfqzga7hydn5mm0x3rpl2fhkwl81lxcn";
   };
 
   buildInputs = [ curl openssl zlib ];
diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix
index 884480b73a5c..1a2b06ea41f9 100644
--- a/pkgs/tools/security/keybase/default.nix
+++ b/pkgs/tools/security/keybase/default.nix
@@ -5,7 +5,7 @@
 
 buildGoPackage rec {
   pname = "keybase";
-  version = "4.1.0";
+  version = "4.3.1";
 
   goPackagePath = "github.com/keybase/client";
   subPackages = [ "go/keybase" ];
@@ -16,7 +16,7 @@ buildGoPackage rec {
     owner = "keybase";
     repo = "client";
     rev = "v${version}";
-    sha256 = "00mxyy4jhdbcvbwabf4yvq4h5mpnlfp2z93gy2266kz6gkd5myzk";
+    sha256 = "1743d7a7ix882yxz9pk230vdvdj46sbscqv4wqyhb0la2pl9jqdp";
   };
 
   buildInputs = lib.optionals stdenv.isDarwin [ AVFoundation AudioToolbox ImageIO CoreMedia Foundation CoreGraphics MediaToolbox ];
diff --git a/pkgs/tools/security/keybase/gui.nix b/pkgs/tools/security/keybase/gui.nix
index 56e1daf20437..3954ec818b14 100644
--- a/pkgs/tools/security/keybase/gui.nix
+++ b/pkgs/tools/security/keybase/gui.nix
@@ -4,16 +4,16 @@
 , runtimeShell, gsettings-desktop-schemas }:
 
 let
-  versionSuffix = "20190612201656.952fee6c59";
+  versionSuffix = "20190813132700.6f497ec371";
 in
 
 stdenv.mkDerivation rec {
   pname = "keybase-gui";
-  version = "4.1.0"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages
+  version = "4.3.1"; # Find latest version from https://prerelease.keybase.io/deb/dists/stable/main/binary-amd64/Packages
 
   src = fetchurl {
     url = "https://s3.amazonaws.com/prerelease.keybase.io/linux_binaries/deb/keybase_${version + "-" + versionSuffix}_amd64.deb";
-    sha256 = "0jwxw75yz7sbvfqw2aksa3p7jlcv817743fl59qk6rq1x9ag6qpx";
+    sha256 = "1mbbfy1aijqr8209jjja6dm2nzw721qqw94839df047rcwnd38pg";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/tools/security/kpcli/default.nix b/pkgs/tools/security/kpcli/default.nix
index 8decdd13b0ff..9d4c590efa1e 100644
--- a/pkgs/tools/security/kpcli/default.nix
+++ b/pkgs/tools/security/kpcli/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, makeWrapper, perl, perlPackages }:
 
 stdenv.mkDerivation rec {
-  version = "3.2";
+  version = "3.3";
   pname = "kpcli";
 
   src = fetchurl {
     url = "mirror://sourceforge/kpcli/${pname}-${version}.pl";
-    sha256 = "11z6zbnsmqgjw73ai4nrq4idr83flrib22d8fqh1637d36p1nnk1";
+    sha256 = "1z6dy70d3ag16vgzzafcnxb8gap3wahfmy4vd22fpgbrdd6riph4";
   };
 
   buildInputs = [ makeWrapper perl ];
diff --git a/pkgs/tools/security/lesspass-cli/default.nix b/pkgs/tools/security/lesspass-cli/default.nix
new file mode 100644
index 000000000000..afcdf0c0a07a
--- /dev/null
+++ b/pkgs/tools/security/lesspass-cli/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, python3, fetchFromGitHub }:
+
+let
+  inherit (python3.pkgs) buildPythonApplication pytest mock pexpect;
+in
+buildPythonApplication rec {
+  pname = "lesspass-cli";
+  version = "9.0.0";
+
+  src = fetchFromGitHub {
+    owner = pname;
+    repo = pname;
+    rev = version;
+    sha256 = "1mdv0c0fn4d72iigy8hz4s7kf7q3pg4gjjadxwxyjwsalapnsapk";
+  };
+  sourceRoot = "source/cli";
+
+  # some tests are designed to run against code in the source directory - adapt to run against
+  # *installed* code
+  postPatch = ''
+    for f in tests/test_functional.py tests/test_interaction.py ; do
+      substituteInPlace $f --replace "lesspass/core.py" "-m lesspass.core"
+    done
+  '';
+
+  checkInputs = [ pytest mock pexpect ];
+  checkPhase = ''
+    mv lesspass lesspass.hidden  # ensure we're testing against *installed* package
+    pytest tests
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Stateless password manager";
+    homepage = https://lesspass.com;
+    maintainers = with maintainers; [ jasoncarr ];
+    license = licenses.gpl3;
+  };
+}
diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix
index 3bc5758aad44..1b66dab35c8f 100644
--- a/pkgs/tools/security/nmap/default.nix
+++ b/pkgs/tools/security/nmap/default.nix
@@ -20,22 +20,22 @@ let
 
 in stdenv.mkDerivation rec {
   name = "nmap${optionalString graphicalSupport "-graphical"}-${version}";
-  version = "7.70";
+  version = "7.80";
 
   src = fetchurl {
     url = "https://nmap.org/dist/nmap-${version}.tar.bz2";
-    sha256 = "063fg8adx23l4irrh5kn57hsmi1xvjkar4vm4k6g94ppan4hcyw4";
+    sha256 = "1aizfys6l9f9grm82bk878w56mg0zpkfns3spzj157h98875mypw";
   };
 
   patches = [ ./zenmap.patch ]
     ++ optionals stdenv.cc.isClang [(
       # Fixes a compile error due an ambiguous reference to bind(2) in
       # nping/EchoServer.cc, which is otherwise resolved to std::bind.
-      # Also fixes a missing include.
       # https://github.com/nmap/nmap/pull/1363
       fetchpatch {
         url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff";
-        sha256 = "088r8ylpc9hachsxs4r17cqfa1ncyspbjvkc573lill7rk1r9m0s";
+        includes = [ "nping/EchoServer.cc" ];
+        sha256 = "0xcph9mycy57yryjg253frxyz87c4135rrbndlqw1400c8jxq70c";
       }
     )];
 
diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix
index 2e482dfcffce..aeb838c05765 100644
--- a/pkgs/tools/security/pass/default.nix
+++ b/pkgs/tools/security/pass/default.nix
@@ -120,7 +120,7 @@ let
       description = "Stores, retrieves, generates, and synchronizes passwords securely";
       homepage    = https://www.passwordstore.org/;
       license     = licenses.gpl2Plus;
-      maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher ];
+      maintainers = with maintainers; [ lovek323 the-kenny fpletz tadfisher globin ];
       platforms   = platforms.unix;
 
       longDescription = ''
diff --git a/pkgs/tools/security/pass/extensions/otp.nix b/pkgs/tools/security/pass/extensions/otp.nix
index ab8bc7fe8563..4b15c3d68035 100644
--- a/pkgs/tools/security/pass/extensions/otp.nix
+++ b/pkgs/tools/security/pass/extensions/otp.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "pass-otp";
-  version = "1.1.1";
+  version = "1.2.0";
 
   src = fetchFromGitHub {
     owner = "tadfisher";
     repo = "pass-otp";
     rev = "v${version}";
-    sha256 = "0m8x5dqwcr9jim530685nsq4zn941hhl7ridmmd63b204z141rwa";
+    sha256 = "0cpqrf3939hcvwg7sd8055ghc8x964ilimlri16czzx188a9jx9v";
   };
 
   buildInputs = [ oathToolkit ];
@@ -19,13 +19,15 @@ stdenv.mkDerivation rec {
     sed -i -e 's|OATH=\$(which oathtool)|OATH=${oathToolkit}/bin/oathtool|' otp.bash
   '';
 
-  installFlags = [ "PREFIX=$(out)" ];
+  installFlags = [ "PREFIX=$(out)"
+                   "BASHCOMPDIR=$(out)/share/bash-completion/completions"
+                 ];
 
   meta = with stdenv.lib; {
     description = "A pass extension for managing one-time-password (OTP) tokens";
     homepage = https://github.com/tadfisher/pass-otp;
     license = licenses.gpl3;
-    maintainers = with maintainers; [ jwiegley tadfisher ];
+    maintainers = with maintainers; [ jwiegley tadfisher toonn ];
     platforms = platforms.unix;
   };
 }
diff --git a/pkgs/tools/security/tor/default.nix b/pkgs/tools/security/tor/default.nix
index b3b71a16eb88..249ff435c5fc 100644
--- a/pkgs/tools/security/tor/default.nix
+++ b/pkgs/tools/security/tor/default.nix
@@ -15,11 +15,11 @@
 
 stdenv.mkDerivation rec {
   pname = "tor";
-  version = "0.4.0.5";
+  version = "0.4.1.5";
 
   src = fetchurl {
     url = "https://dist.torproject.org/${pname}-${version}.tar.gz";
-    sha256 = "0vk9j3ybz5dwwbmqrdj1bjcsxy76pc8frmfvflkdzwfkvkqcp8mm";
+    sha256 = "0984jb6hdcc10f7aq8xzl7l4jf93skp45wkv2v63z4zv0nvf0r58";
   };
 
   outputs = [ "out" "geoip" ];
diff --git a/pkgs/tools/security/tpm-luks/default.nix b/pkgs/tools/security/tpm-luks/default.nix
index 1799d5d154a2..ca78c5d73ffb 100644
--- a/pkgs/tools/security/tpm-luks/default.nix
+++ b/pkgs/tools/security/tpm-luks/default.nix
@@ -10,6 +10,11 @@ stdenv.mkDerivation rec {
     sha256 = "1ms2v57f13r9km6mvf9rha5ndmlmjvrz3mcikai6nzhpj0nrjz0w";
   };
 
+  patches = [
+    ./openssl-1.1.patch
+    ./signed-ptr.patch
+  ];
+
   nativeBuildInputs = [ autoreconfHook ];
   buildInputs = [ gawk trousers cryptsetup openssl ];
 
diff --git a/pkgs/tools/security/tpm-luks/openssl-1.1.patch b/pkgs/tools/security/tpm-luks/openssl-1.1.patch
new file mode 100644
index 000000000000..10132242b345
--- /dev/null
+++ b/pkgs/tools/security/tpm-luks/openssl-1.1.patch
@@ -0,0 +1,63 @@
+diff --git a/swtpm-utils/lib/hmac.c b/swtpm-utils/lib/hmac.c
+index 5545375..f9bedea 100644
+--- a/swtpm-utils/lib/hmac.c
++++ b/swtpm-utils/lib/hmac.c
+@@ -381,15 +381,19 @@ uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int ke
+ /****************************************************************************/
+ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...)
+    {
+-   HMAC_CTX hmac;
++   HMAC_CTX* hmac;
+    unsigned int dlen;
+    unsigned char *data;
+    va_list argp;
+-   
+-#ifdef HAVE_HMAC_CTX_CLEANUP
+-   HMAC_CTX_init(&hmac);
+-#endif
+-   HMAC_Init(&hmac,key,keylen,EVP_sha1());
++
++   hmac = HMAC_CTX_new();
++
++   if (hmac == NULL)
++     {
++     return ERR_MEM_ERR;
++     }
++
++   HMAC_Init_ex(hmac,key,keylen,EVP_sha1(),NULL);
+ 
+    va_start(argp,keylen);
+    for (;;)
+@@ -398,15 +402,11 @@ uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned i
+       if (dlen == 0) break;
+       data = (unsigned char *)va_arg(argp,unsigned char *);
+       if (data == NULL) return ERR_NULL_ARG;
+-      HMAC_Update(&hmac,data,dlen);
++      HMAC_Update(hmac,data,dlen);
+       }
+-   HMAC_Final(&hmac,digest,&dlen);
++   HMAC_Final(hmac,digest,&dlen);
+ 
+-#ifdef HAVE_HMAC_CTX_CLEANUP
+-   HMAC_CTX_cleanup(&hmac);
+-#else
+-   HMAC_cleanup(&hmac);
+-#endif
++   HMAC_CTX_free(hmac);
+    va_end(argp);
+    return 0;
+    }
+diff --git a/swtpm-utils/lib/keys.c b/swtpm-utils/lib/keys.c
+index 99691b6..6627a1f 100644
+--- a/swtpm-utils/lib/keys.c
++++ b/swtpm-utils/lib/keys.c
+@@ -1249,8 +1249,7 @@ RSA *TSS_convpubkey(pubkeydata *k)
+                 exp);
+    }
+    /* set up the RSA public key structure */
+-   rsa->n = mod;
+-   rsa->e = exp;
++   RSA_set0_key(rsa, mod, exp, NULL);
+    return rsa;
+    }
+ 
diff --git a/pkgs/tools/security/tpm-luks/signed-ptr.patch b/pkgs/tools/security/tpm-luks/signed-ptr.patch
new file mode 100644
index 000000000000..83e356a4ef9e
--- /dev/null
+++ b/pkgs/tools/security/tpm-luks/signed-ptr.patch
@@ -0,0 +1,15 @@
+diff --git a/swtpm-utils/getcapability.c b/swtpm-utils/getcapability.c
+index 7359ba3..17b4324 100644
+--- a/swtpm-utils/getcapability.c
++++ b/swtpm-utils/getcapability.c
+@@ -480,7 +480,8 @@ int main(int argc, char *argv[])
+ 				  }
+ 
+ 				  if (c) {
+-				      char pcrmap[4], *pf;
++				      char pcrmap[4];
++				      unsigned char *pf;
+ 
+ 				      memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect,
+ 					     ndp.pcrInfoRead.pcrSelection.sizeOfSelect);
+
diff --git a/pkgs/tools/security/tpm-tools/default.nix b/pkgs/tools/security/tpm-tools/default.nix
index 1812b2645fec..e546cc5a10fb 100644
--- a/pkgs/tools/security/tpm-tools/default.nix
+++ b/pkgs/tools/security/tpm-tools/default.nix
@@ -14,6 +14,13 @@ stdenv.mkDerivation rec {
 
   sourceRoot = ".";
 
+  patches = [
+    (fetchurl {
+      url = https://sources.debian.org/data/main/t/tpm-tools/1.3.9.1-0.1/debian/patches/05-openssl1.1_fix_data_mgmt.patch;
+      sha256 = "161yysw4wgy3spsz6p1d0ib0h5pnrqm8bdh1l71c4hz6a6wpcyxj";
+    })
+  ];
+
   nativeBuildInputs = [ perl ];
   buildInputs = [ trousers openssl opencryptoki ];
author	Frederik Rietdijk <fridh@fridh.nl>	2019-08-28 08:26:42 +0200
committer	Frederik Rietdijk <fridh@fridh.nl>	2019-08-28 08:26:42 +0200
commit	5061fe0c2c7743370e1d379d6fa60eed26ff1470 (patch)
tree	4a4ee79a6e0694d3c7ad6fbeff33343d83458e6c /pkgs/tools/security
parent	a2538606e3115e16db2e5075ecf37b886ad64ede (diff)
parent	98640fd48212f8e6552517f667bba1901f5936d4 (diff)