rpms/PolicyKit/F-8 PolicyKit-0.6-cve-2008-1658-fix.patch, NONE, 1.1 PolicyKit.spec, 1.6, 1.7

David Zeuthen (davidz) fedora-extras-commits at redhat.com
Fri Apr 4 06:52:50 UTC 2008 

Author: davidz

Update of /cvs/pkgs/rpms/PolicyKit/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12289

Modified Files:
	PolicyKit.spec 
Added Files:
	PolicyKit-0.6-cve-2008-1658-fix.patch 
Log Message:
* Fri Apr  4 2008 David Zeuthen <davidz at redhat.com> - 0.6-2%{?dist}
- Include fix for CVE-2008-1658 (#439995)



PolicyKit-0.6-cve-2008-1658-fix.patch:

--- NEW FILE PolicyKit-0.6-cve-2008-1658-fix.patch ---
--- PolicyKit-0.6/polkit-grant/polkit-grant-helper.c.orig	2008-04-04 02:48:01.000000000 -0400
+++ PolicyKit-0.6/polkit-grant/polkit-grant-helper.c	2008-04-04 02:48:22.000000000 -0400
@@ -218,7 +218,7 @@
                         goto out;
                 }
                 /* send to parent */
-                fprintf (stdout, buf);
+                fprintf (stdout, "%s", buf);
                 fflush (stdout);
                 
                 /* read from parent */
@@ -229,7 +229,7 @@
                 fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
 #endif /* PGH_DEBUG */
                 /* send to child */
-                fprintf (child_stdin, buf);
+                fprintf (child_stdin, "%s", buf);
                 fflush (child_stdin);
         }
 


Index: PolicyKit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/PolicyKit/F-8/PolicyKit.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- PolicyKit.spec	11 Oct 2007 22:46:15 -0000	1.6
+++ PolicyKit.spec	4 Apr 2008 06:52:12 -0000	1.7
@@ -14,7 +14,7 @@
 Summary: Toolkit for privilege control
 Name: PolicyKit
 Version: 0.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: AFL/GPL
 Group: System Environment/Libraries
 URL: http://gitweb.freedesktop.org/?p=PolicyKit.git;a=summary
@@ -40,6 +40,8 @@
 Requires: libselinux >= %{libselinux_version}
 Requires: pam >= %{pam_version}
 
+Patch0: PolicyKit-0.6-cve-2008-1658-fix.patch
+
 %description 
 PolicyKit is a toolkit for defining and handling the policy that
 allows unprivileged processes to speak to privileged processes.
@@ -67,6 +69,7 @@
 
 %prep
 %setup -q
+%patch0 -p1 -b .cvs-2008-1658
 
 %build
 %configure --docdir=%{_datadir}/doc/%{name}-%{version} --enable-docbook-docs
@@ -141,6 +144,9 @@
 %{_datadir}/gtk-doc/html/polkit/*
 
 %changelog
+* Fri Apr  4 2008 David Zeuthen <davidz at redhat.com> - 0.6-2%{?dist}
+- Include fix for CVE-2008-1658 (#439995)
+
 * Thu Oct 11 2007 David Zeuthen <davidz at redhat.com> - 0.6-1%{?dist}
 - Update to latest upstream release

More information about the fedora-extras-commits mailing list