Merge pull request #199334 from LeSuisse/sudo-CVE-2022-43995

sudo: apply patch for CVE-2022-43995
2022-11-03 15:59:21 +01:00 · 2022-11-03 15:59:21 +01:00 · 2294f5e6be
commit 2294f5e6be
parent 64543d86ae 86c8848f78
1 changed files with 9 additions and 0 deletions
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, fetchpatch
 , buildPackages
 , coreutils
 , pam
@ -21,6 +22,14 @@ stdenv.mkDerivation rec {
    hash = "sha256-3hVzOIgXDFaDTar9NL+YPbEPshA5dC/Pw5a9MhaNY2I=";
  };

+  patches = [
+    (fetchpatch {
+      name = "CVE-2022-43995.patch";
+      url = "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050.patch";
+      sha256 = "sha256-JUdoStoSyv6KBPsyzxuMIxqwZMZsjUPj8zUqOSvmZ1A=";
+    })
+  ];
+
  prePatch = ''
    # do not set sticky bit in nix store
    substituteInPlace src/Makefile.in --replace 04755 0755