--- /dev/null
+From: Kees Cook <kees@outflux.net>
+Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400)
+Subject: fix for CVE-2008-1658: format string vulnerability in password input
+X-Git-Url: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7
+
+fix for CVE-2008-1658: format string vulnerability in password input
+
+http://bugs.freedesktop.org/show_bug.cgi?id=15295
+---
+
+--- a/configure.in
++++ b/configure.in
+@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
+ *) CFLAGS="$CFLAGS -Wsign-compare" ;;
+ esac
+
++ case " $CFLAGS " in
++ *[\ \ ]-Wformat[\ \ ]*) ;;
++ *) CFLAGS="$CFLAGS -Wformat" ;;
++ esac
++
++ case " $CFLAGS " in
++ *[\ \ ]-Wformat-security[\ \ ]*) ;;
++ *) CFLAGS="$CFLAGS -Wformat-security" ;;
++ esac
++
+ if test "x$enable_ansi" = "xyes"; then
+ case " $CFLAGS " in
+ *[\ \ ]-ansi[\ \ ]*) ;;
+--- a/src/polkit-grant/polkit-grant-helper.c
++++ b/src/polkit-grant/polkit-grant-helper.c
+@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool
+ *empty_conversation = FALSE;
+
+ /* send to parent */
+- fprintf (stdout, buf);
++ fprintf (stdout, "%s", buf);
+ fflush (stdout);
+
+ /* read from parent */
+@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool
+ fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
+ #endif /* PGH_DEBUG */
+ /* send to child */
+- fprintf (child_stdin, buf);
++ fprintf (child_stdin, "%s", buf);
+ fflush (child_stdin);
+ }
+