From 91c7763b9da3a5bf0c3f9b709eac6b03c66d117f Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Thu, 3 Jun 2021 22:55:35 +0200
Subject: [PATCH] pam_u2f: 1.1.0 -> 1.1.1

Fixes CVE-2021-31924
https://www.yubico.com/support/security-advisories/ysa-2021-03/

Changelog: https://github.com/Yubico/pam-u2f/blob/pam_u2f-1.1.1/NEWS
(cherry picked from commit b5afbd350dc54553376bfa29e693b680be3c39bd)
---
 pkgs/os-specific/linux/pam_u2f/default.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/pam_u2f/default.nix b/pkgs/os-specific/linux/pam_u2f/default.nix
index 760af73fecd..30a55f2b9c0 100644
--- a/pkgs/os-specific/linux/pam_u2f/default.nix
+++ b/pkgs/os-specific/linux/pam_u2f/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "pam_u2f";
-  version = "1.1.0";
+  version = "1.1.1";
 
   src     = fetchurl {
     url = "https://developers.yubico.com/pam-u2f/Releases/${pname}-${version}.tar.gz";
-    sha256 = "01fwbrfnjkv93vvqm54jywdcxa1p7d4r32azicwnx75nxfbbzhqd";
+    sha256 = "12p3pkrp32vzpg7707cgx8zgvgj8iqwhy39sm761k7plqi027mmp";
   };
 
   nativeBuildInputs = [ pkg-config ];
@@ -16,6 +16,14 @@ stdenv.mkDerivation rec {
     configureFlagsArray+=("--with-pam-dir=$out/lib/security")
   '';
 
+  # a no-op makefile to prevent building the fuzz targets
+  postConfigure = ''
+    cat > fuzz/Makefile <<EOF
+    all:
+    install:
+    EOF
+  '';
+
   meta = with lib; {
     homepage = "https://developers.yubico.com/pam-u2f/";
     description = "A PAM module for allowing authentication with a U2F device";