rpms/PolicyKit/devel PolicyKit-0.7-cve-2008-1658-fix.patch, NONE, 1.1 PolicyKit.spec, 1.12, 1.13
David Zeuthen (davidz)
fedora-extras-commits at redhat.com
Fri Apr 4 06:42:08 UTC 2008
Author: davidz
Update of /cvs/pkgs/rpms/PolicyKit/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11975
Modified Files:
PolicyKit.spec
Added Files:
PolicyKit-0.7-cve-2008-1658-fix.patch
Log Message:
* Fri Apr 4 2008 David Zeuthen <davidz at redhat.com> - 0.7-7%{?dist}
- Include fix for CVE-2008-1658 (#439996)
PolicyKit-0.7-cve-2008-1658-fix.patch:
--- NEW FILE PolicyKit-0.7-cve-2008-1658-fix.patch ---
diff -Nur -x '*.orig' -x '*~' policykit-0.7/configure.in policykit-0.7.new/configure.in
--- policykit-0.7/configure.in 2008-03-31 16:25:56.000000000 -0700
+++ policykit-0.7.new/configure.in 2008-03-31 16:26:23.000000000 -0700
@@ -114,6 +114,16 @@
*) CFLAGS="$CFLAGS -Wsign-compare" ;;
esac
+ case " $CFLAGS " in
+ *[\ \ ]-Wformat[\ \ ]*) ;;
+ *) CFLAGS="$CFLAGS -Wformat" ;;
+ esac
+
+ case " $CFLAGS " in
+ *[\ \ ]-Wformat-security[\ \ ]*) ;;
+ *) CFLAGS="$CFLAGS -Wformat-security" ;;
+ esac
+
if test "x$enable_ansi" = "xyes"; then
case " $CFLAGS " in
*[\ \ ]-ansi[\ \ ]*) ;;
diff -Nur -x '*.orig' -x '*~' policykit-0.7/configure policykit-0.7.new/configure
--- policykit-0.7/configure 2008-03-31 16:25:56.000000000 -0700
+++ policykit-0.7.new/configure 2008-03-31 16:26:22.000000000 -0700
@@ -21987,6 +21987,16 @@
*) CFLAGS="$CFLAGS -Wsign-compare" ;;
esac
+ case " $CFLAGS " in
+ *[\ \ ]-Wformat[\ \ ]*) ;;
+ *) CFLAGS="$CFLAGS -Wformat" ;;
+ esac
+
+ case " $CFLAGS " in
+ *[\ \ ]-Wformat-security[\ \ ]*) ;;
+ *) CFLAGS="$CFLAGS -Wformat-security" ;;
+ esac
+
if test "x$enable_ansi" = "xyes"; then
case " $CFLAGS " in
*[\ \ ]-ansi[\ \ ]*) ;;
diff -Nur -x '*.orig' -x '*~' policykit-0.7/src/polkit/polkit-policy-cache.c policykit-0.7.new/src/polkit/polkit-policy-cache.c
--- policykit-0.7/src/polkit-grant/polkit-grant-helper.c 2007-12-05 18:48:36.000000000 -0800
+++ policykit-0.7.new/src/polkit-grant/polkit-grant-helper.c 2008-03-31 16:27:24.000000000 -0700
@@ -228,7 +228,7 @@
*empty_conversation = FALSE;
/* send to parent */
- fprintf (stdout, buf);
+ fprintf (stdout, "%s", buf);
fflush (stdout);
/* read from parent */
@@ -239,7 +239,7 @@
fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
#endif /* PGH_DEBUG */
/* send to child */
- fprintf (child_stdin, buf);
+ fprintf (child_stdin, "%s", buf);
fflush (child_stdin);
}
Index: PolicyKit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/PolicyKit/devel/PolicyKit.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- PolicyKit.spec 19 Feb 2008 00:19:52 -0000 1.12
+++ PolicyKit.spec 4 Apr 2008 06:41:28 -0000 1.13
@@ -14,7 +14,7 @@
Summary: Authorization Toolkit
Name: PolicyKit
Version: 0.7
-Release: 6%{?dist}
+Release: 7%{?dist}
License: MIT
Group: System Environment/Libraries
URL: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=summary
@@ -41,6 +41,7 @@
Requires: pam >= %{pam_version}
Patch0: PolicyKit-0.7-check-for-bash-in-completion.patch
+Patch1: PolicyKit-0.7-cve-2008-1658-fix.patch
# Since PolicyKit 0.7 reading authorizations is a privileged
# operation. So we need to force a new version of hal that makes sure
@@ -75,7 +76,8 @@
%prep
%setup -q
-%patch -p1 -b .bash-completion
+%patch0 -p1 -b .bash-completion
+%patch1 -p1 -b .cve-2008-1658
%build
%configure
@@ -168,6 +170,9 @@
%{_datadir}/gtk-doc/html/polkit/*
%changelog
+* Fri Apr 4 2008 David Zeuthen <davidz at redhat.com> - 0.7-7%{?dist}
+- Include fix for CVE-2008-1658 (#439996)
+
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 0.7-6
- Autorebuild for GCC 4.3
More information about the scm-commits
mailing list