From 9eb882e06e61df3aabf3105cae829a8c77df179b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Tue, 1 Jul 2025 09:21:13 +0200
Subject: [PATCH] vanadium: temporary sudo patch

---
 nix/configurations/vanadium/overlay.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/nix/configurations/vanadium/overlay.nix b/nix/configurations/vanadium/overlay.nix
index c2e62065..2d0f3538 100644
--- a/nix/configurations/vanadium/overlay.nix
+++ b/nix/configurations/vanadium/overlay.nix
@@ -54,4 +54,18 @@ in
         ./patches/fcitx5-chinese-addons/disable-fullwidth.patch
         # Note: disabling pinyin helper breaks canjie
       ];
+
+      # TODO: remove this when upstream is updated
+      sudo.__output.patches.__append = [
+        (final.fetchpatch {
+          name = "CVE-2025-32462";
+          url = "https://github.com/sudo-project/sudo/commit/d530367828e3713d09489872743eb92d31fb11ff.patch";
+          hash = "sha256-mS8fcPV1QDv9SDuGN7dfDLtVLSBP+apotYW1UsEBPvU=";
+        })
+        (final.fetchpatch {
+          name = "CVE-2025-32463";
+          url = "https://github.com/sudo-project/sudo/commit/fdafc2ceb36382b07e604c0f39903d56bef54016.patch";
+          hash = "sha256-4FP8z5pKwcOfJxjJ9X/IbCgriKJm1H/HnswuvYjBlt8=";
+        })
+      ];
     }