From ac96423f53d0f3277e7ae370b436122151458f6b Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Mon, 3 Jan 2022 00:37:26 +0100
Subject: [PATCH 1/2] nixosTests.sudo: fix test flakiness

One of the subtests in the sudo NixOS test suite was broken: instead of
running the sudo invocation as user 'test2', it was running it as root.
Since root doesn't require a password to use sudo, this was causing
random "broken pipe" errors when trying to pass it a password via stdin.
---
 nixos/tests/sudo.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/tests/sudo.nix b/nixos/tests/sudo.nix
index 4885d6e17b82..ae9362ca70da 100644
--- a/nixos/tests/sudo.nix
+++ b/nixos/tests/sudo.nix
@@ -73,7 +73,7 @@ in
             machine.fail('su - test1 -c "sudo -n -u root true"')
 
         with subtest("users in group 'foobar' should be able to use sudo with password"):
-            machine.succeed("sudo -u test2 echo ${password} | sudo -S -u root true")
+            machine.succeed('su - test2 -c "echo ${password} | sudo -S -u root true"')
 
         with subtest("users in group 'barfoo' should be able to use sudo without password"):
             machine.succeed("sudo -u test3 sudo -n -u root true")

From 6886a9a246ee2054ac3542cb336f69536077da85 Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Mon, 3 Jan 2022 00:39:51 +0100
Subject: [PATCH 2/2] sudo: 1.9.7p2 -> 1.9.8p2

---
 pkgs/tools/security/sudo/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix
index e5207ea9d7b1..58afd5318df0 100644
--- a/pkgs/tools/security/sudo/default.nix
+++ b/pkgs/tools/security/sudo/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchurl
+, buildPackages
 , coreutils
 , pam
 , groff
@@ -13,11 +14,11 @@
 
 stdenv.mkDerivation rec {
   pname = "sudo";
-  version = "1.9.7p2";
+  version = "1.9.8p2";
 
   src = fetchurl {
     url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz";
-    sha256 = "sha256-KLXucl2/iaeFL0LzCcqHfSgQqVMbTuz+WfOoS2tK/Kg=";
+    sha256 = "sha256-njuLjafe9DtuYMJXq+gEZyBWcP0PfAgd4UI8QUtoDy0=";
   };
 
   prePatch = ''
@@ -56,6 +57,7 @@ stdenv.mkDerivation rec {
       installFlags="sudoers_uid=$(id -u) sudoers_gid=$(id -g) sysconfdir=$out/etc rundir=$TMPDIR/dummy vardir=$TMPDIR/dummy DESTDIR=/"
     '';
 
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
   nativeBuildInputs = [ groff ];
   buildInputs = [ pam ];