+++ /dev/null
-From: Kees Cook <kees@outflux.net>
-Date: Fri, 4 Apr 2008 06:26:30 +0000 (-0400)
-Subject: fix for CVE-2008-1658: format string vulnerability in password input
-X-Git-Url: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7
-
-fix for CVE-2008-1658: format string vulnerability in password input
-
-http://bugs.freedesktop.org/show_bug.cgi?id=15295
----
-
---- a/configure.in
-+++ b/configure.in
-@@ -114,6 +114,16 @@ if test "x$GCC" = "xyes"; then
- *) CFLAGS="$CFLAGS -Wsign-compare" ;;
- esac
-
-+ case " $CFLAGS " in
-+ *[\ \ ]-Wformat[\ \ ]*) ;;
-+ *) CFLAGS="$CFLAGS -Wformat" ;;
-+ esac
-+
-+ case " $CFLAGS " in
-+ *[\ \ ]-Wformat-security[\ \ ]*) ;;
-+ *) CFLAGS="$CFLAGS -Wformat-security" ;;
-+ esac
-+
- if test "x$enable_ansi" = "xyes"; then
- case " $CFLAGS " in
- *[\ \ ]-ansi[\ \ ]*) ;;
---- a/src/polkit-grant/polkit-grant-helper.c
-+++ b/src/polkit-grant/polkit-grant-helper.c
-@@ -241,7 +241,7 @@ do_auth (const char *user_to_auth, gbool
- *empty_conversation = FALSE;
-
- /* send to parent */
-- fprintf (stdout, buf);
-+ fprintf (stdout, "%s", buf);
- fflush (stdout);
-
- /* read from parent */
-@@ -252,7 +252,7 @@ do_auth (const char *user_to_auth, gbool
- fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
- #endif /* PGH_DEBUG */
- /* send to child */
-- fprintf (child_stdin, buf);
-+ fprintf (child_stdin, "%s", buf);
- fflush (child_stdin);
- }
-
+++ /dev/null
---- src/polkit/polkit-policy-cache.c.orig 2007-12-10 21:40:46.000000000 +0000
-+++ src/polkit/polkit-policy-cache.c 2007-12-10 22:47:22.000000000 +0000
-@@ -127,7 +127,7 @@
- char *filename;
- static const char suffix[] = ".policy";
-
-- if (d->d_type != DT_REG)
-+ if (d->d_type != DT_REG && d->d_type != DT_UNKNOWN)
- continue;
-
- filename = d->d_name;
-