diff --git a/sudo-1.9.12.tar.gz b/sudo-1.9.12.tar.gz
deleted file mode 100644
index aad3af2..0000000
--- a/sudo-1.9.12.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:de15733888170c56834daafd34bf983db10fb21039742fcfc396bd32168d6362
-size 4906320
diff --git a/sudo-1.9.12.tar.gz.sig b/sudo-1.9.12.tar.gz.sig
deleted file mode 100644
index f031b30..0000000
Binary files a/sudo-1.9.12.tar.gz.sig and /dev/null differ
diff --git a/sudo-1.9.12p1.tar.gz b/sudo-1.9.12p1.tar.gz
new file mode 100644
index 0000000..299f61a
--- /dev/null
+++ b/sudo-1.9.12p1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:475a18a8eb3da8b2917ceab063a6baf51ea09128c3c47e3e0e33ab7497bab7d8
+size 4908060
diff --git a/sudo-1.9.12p1.tar.gz.sig b/sudo-1.9.12p1.tar.gz.sig
new file mode 100644
index 0000000..034ebaa
Binary files /dev/null and b/sudo-1.9.12p1.tar.gz.sig differ
diff --git a/sudo-CVE-2022-43995.patch b/sudo-CVE-2022-43995.patch
deleted file mode 100644
index bb67204..0000000
--- a/sudo-CVE-2022-43995.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From bd209b9f16fcd1270c13db27ae3329c677d48050 Mon Sep 17 00:00:00 2001
-From: "Todd C. Miller" <Todd.Miller@sudo.ws>
-Date: Fri, 28 Oct 2022 07:29:55 -0600
-Subject: [PATCH] Fix CVE-2022-43995, potential heap overflow for passwords < 8
- characters. Starting with sudo 1.8.0 the plaintext password buffer is
- dynamically sized so it is not safe to assume that it is at least 9 bytes in
- size. Found by Hugo Lefeuvre (University of Manchester) with ConfFuzz.
-
----
- plugins/sudoers/auth/passwd.c | 11 +++++------
- 1 file changed, 5 insertions(+), 6 deletions(-)
-
-diff --git a/plugins/sudoers/auth/passwd.c b/plugins/sudoers/auth/passwd.c
-index b2046eca2..0416861e9 100644
---- a/plugins/sudoers/auth/passwd.c
-+++ b/plugins/sudoers/auth/passwd.c
-@@ -63,7 +63,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth)
- int
- sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback)
- {
--    char sav, *epass;
-+    char des_pass[9], *epass;
-     char *pw_epasswd = auth->data;
-     size_t pw_len;
-     int matched = 0;
-@@ -75,12 +75,12 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
- 
-     /*
-      * Truncate to 8 chars if standard DES since not all crypt()'s do this.
--     * If this turns out not to be safe we will have to use OS #ifdef's (sigh).
-      */
--    sav = pass[8];
-     pw_len = strlen(pw_epasswd);
--    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len))
--	pass[8] = '\0';
-+    if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) {
-+	strlcpy(des_pass, pass, sizeof(des_pass));
-+	pass = des_pass;
-+    }
- 
-     /*
-      * Normal UN*X password check.
-@@ -88,7 +88,6 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
-      * only compare the first DESLEN characters in that case.
-      */
-     epass = (char *) crypt(pass, pw_epasswd);
--    pass[8] = sav;
-     if (epass != NULL) {
- 	if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN)
- 	    matched = !strncmp(pw_epasswd, epass, DESLEN);
diff --git a/sudo-sudoers.patch b/sudo-sudoers.patch
index faed64a..e58b23e 100644
--- a/sudo-sudoers.patch
+++ b/sudo-sudoers.patch
@@ -52,7 +52,7 @@ index 5efda5d..e757da4 100644
  ##
  ## Uncomment to send mail if the user does not enter the correct password.
  # Defaults mail_badpass
-@@ -68,7 +59,6 @@
+@@ -68,10 +59,16 @@
  ## Set maxseq to a smaller number if you don't have unlimited disk space.
  # Defaults log_output
  # Defaults!/usr/bin/sudoreplay !log_output
@@ -60,13 +60,27 @@ index 5efda5d..e757da4 100644
  # Defaults!REBOOT !log_output
  # Defaults maxseq = 1000
  
-@@ -87,9 +84,6 @@ root ALL=(ALL:ALL) ALL
++## In the default (unconfigured) configuration, sudo asks for the root password.
++## This allows use of an ordinary user account for administration of a freshly
++## installed system. When configuring sudo, delete the two
++## following lines:
++Defaults targetpw   # ask for the password of the target user i.e. root
++ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!
++
+ ##
+ ## Runas alias specification
+ ##
+@@ -87,13 +84,5 @@ root ALL=(ALL:ALL) ALL
  ## Same thing without a password
  # %wheel ALL=(ALL:ALL) NOPASSWD: ALL
  
 -## Uncomment to allow members of group sudo to execute any command
 -# %sudo	ALL=(ALL:ALL) ALL
 -
- ## Uncomment to allow any user to run sudo if they know the password
- ## of the user they are running the command as (root by default).
- # Defaults targetpw  # Ask for the password of the target user
+-## Uncomment to allow any user to run sudo if they know the password
+-## of the user they are running the command as (root by default).
+-# Defaults targetpw  # Ask for the password of the target user
+-# ALL ALL=(ALL:ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
+-
+ ## Read drop-in files from @sysconfdir@/sudoers.d
+ @includedir @sysconfdir@/sudoers.d
diff --git a/sudo.changes b/sudo.changes
index e2094ef..b2b1f24 100644
--- a/sudo.changes
+++ b/sudo.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Mon Nov 21 22:25:54 UTC 2022 - Jason Sikes <jsikes@suse.com>
+
+- Update to 1.9.12p1:
+  * Changes in 1.9.12p1:
+    - Sudo’s configure script now does a better job of detecting when
+      the -fstack-clash-protection compiler option does not work.
+      GitHub issue #191.
+
+    - Fixed CVE-2022-43995, a potential out-of-bounds write for passwords
+      smaller than 8 characters when passwd authentication is enabled.
+      This does not affect configurations that use other authentication
+      methods such as PAM, AIX authentication or BSD authentication.
+
+    - Fixed a build error with some configurations compiling host_port.c.
+  * Dropped sudo-CVE-2022-43995.patch
+
 -------------------------------------------------------------------
 Thu Nov  3 22:07:14 UTC 2022 - Jason Sikes <jsikes@suse.com>
 
@@ -7,15 +24,6 @@ Thu Nov  3 22:07:14 UTC 2022 - Jason Sikes <jsikes@suse.com>
   * Fixed a potential heap-based buffer over-read when entering a password
     of seven characters or fewer and using the crypt() password backend.
 
--------------------------------------------------------------------
-Tue Nov  1 22:04:32 UTC 2022 - Jason Sikes <jsikes@suse.com>
-
-- Modified sudo-sudoers.patch
-  * [bsc#1203978 jsc#PED-260]
-  * Remove uncommented "Defaults targetpw" portion of /etc/sudo-sudoers file.
-  * Sudo now asks for the password of the user calling sudo instead of the
-    target (i.e. root) user.
-
 -------------------------------------------------------------------
 Tue Oct 25 23:41:55 UTC 2022 - Jason Sikes <jsikes@suse.com>
 
diff --git a/sudo.spec b/sudo.spec
index ca2cf96..4de3ab4 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -17,7 +17,7 @@
 
 
 Name:           sudo
-Version:        1.9.12
+Version:        1.9.12p1
 Release:        0
 Summary:        Execute some commands as root
 License:        ISC
@@ -33,7 +33,6 @@ Source6:        fate_313276_test.sh
 Source7:        README_313276.test
 # PATCH-OPENSUSE: the "SUSE" branding of the default sudo config
 Patch0:         sudo-sudoers.patch
-Patch1:         sudo-CVE-2022-43995.patch
 BuildRequires:  audit-devel
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  groff