diff options
| author | Thomas Gerbet <thomas@gerbet.me> | 2022-11-03 13:19:07 +0100 |
|---|---|---|
| committer | Thomas Gerbet <thomas@gerbet.me> | 2022-11-03 13:19:07 +0100 |
| commit | 86c8848f78fd6c3e708465e6a57d5a5b62db43ae (patch) | |
| tree | 4767cf181490bc896f491243b705a52a1bb218c1 /pkgs/tools/security/sudo | |
| parent | 100e2c666c239de84808c603ffcc30fe1a928fe2 (diff) | |
sudo: apply patch for CVE-2022-43995
https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050
Diffstat (limited to 'pkgs/tools/security/sudo')
| -rw-r--r-- | pkgs/tools/security/sudo/default.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 12a872c643f38..aa032467f4824 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -1,6 +1,7 @@ { lib , stdenv , fetchurl +, fetchpatch , buildPackages , coreutils , pam @@ -21,6 +22,14 @@ stdenv.mkDerivation rec { hash = "sha256-3hVzOIgXDFaDTar9NL+YPbEPshA5dC/Pw5a9MhaNY2I="; }; + patches = [ + (fetchpatch { + name = "CVE-2022-43995.patch"; + url = "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050.patch"; + sha256 = "sha256-JUdoStoSyv6KBPsyzxuMIxqwZMZsjUPj8zUqOSvmZ1A="; + }) + ]; + prePatch = '' # do not set sticky bit in nix store substituteInPlace src/Makefile.in --replace 04755 0755 |