Bug#780974: unblock: autofs/5.0.8-2

[Moritz Muehlenhoff <jmm@debian.org>]

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package autofs. It fixes CVE-2014-8169.

unblock autofs/5.0.8-2

Debdiff:

diff -Nru autofs-5.0.8/debian/changelog autofs-5.0.8/debian/changelog
--- autofs-5.0.8/debian/changelog	2014-03-07 05:16:25.000000000 +0100
+++ autofs-5.0.8/debian/changelog	2015-03-19 08:53:22.000000000 +0100
@@ -1,3 +1,21 @@
+autofs (5.0.8-2) unstable; urgency=medium
+
+  [ Salvatore Bonaccorso <carnil@debian.org> ]
+  * Add patches for CVE-2014-8169 (Closes: #779591).
+    When a program map uses an interpreted languages like python it is
+    possible to load and execute arbitray code from a user home directory.
+    This is because the standard environment variables are used to locate
+    and load modules when using these languages. To avoid that, a prefix to
+    these environment names is added so that they aren't used for this
+    purpose. The prefix used is "AUTOFS_" and is not configurable.
+    Additionally a configuration option to force the use of program map
+    standard environment variables is added (FORCE_STANDARD_PROGRAM_MAP_ENV).
+
+  [ Dmitry Smirnov <onlyjob@debian.org> ]
+  * Refreshed other patches as needed.
+
+ -- Dmitry Smirnov <onlyjob@debian.org>  Thu, 19 Mar 2015 18:38:23 +1100
+
 autofs (5.0.8-1) unstable; urgency=low
 
   * New upstream release [October 2013] (Closes: #729023).
diff -Nru autofs-5.0.8/debian/patches/12disable_default_auto_master.patch autofs-5.0.8/debian/patches/12disable_default_auto_master.patch
--- autofs-5.0.8/debian/patches/12disable_default_auto_master.patch	2012-05-29 03:42:29.000000000 +0200
+++ autofs-5.0.8/debian/patches/12disable_default_auto_master.patch	2015-03-19 08:39:16.000000000 +0100
@@ -7,7 +7,8 @@
 
 --- a/samples/auto.master
 +++ b/samples/auto.master
-@@ -4,13 +4,13 @@
+@@ -3,15 +3,15 @@
+ # This is an automounter map and it has the following format
  # key [ -mount-options-separated-by-comma ] location
  # For details of the format look at autofs(5).
  #
@@ -23,3 +24,4 @@
  #
  # Include /etc/auto.master.d/*.autofs
  #
+ +dir:/etc/auto.master.d
diff -Nru autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch
--- autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch	2012-05-29 03:42:29.000000000 +0200
+++ autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch	2015-03-19 08:39:18.000000000 +0100
@@ -6,7 +6,8 @@
 
 --- a/include/automount.h
 +++ b/include/automount.h
-@@ -39,6 +39,11 @@
+@@ -38,8 +38,13 @@
+ #ifdef WITH_DMALLOC
  #include <dmalloc.h>
  #endif
  
@@ -18,3 +19,4 @@
  #define ENABLE_CORES	1
  
  /* We MUST have the paths to mount(8) and umount(8) */
+ #ifndef HAVE_MOUNT
diff -Nru autofs-5.0.8/debian/patches/15auto_net_nfs4.patch autofs-5.0.8/debian/patches/15auto_net_nfs4.patch
--- autofs-5.0.8/debian/patches/15auto_net_nfs4.patch	2012-05-29 03:42:29.000000000 +0200
+++ autofs-5.0.8/debian/patches/15auto_net_nfs4.patch	2015-03-19 08:39:20.000000000 +0100
@@ -5,7 +5,8 @@
 
 --- a/samples/auto.net
 +++ b/samples/auto.net
-@@ -9,7 +9,10 @@
+@@ -8,9 +8,12 @@
+ key="$1"
  
  # add "nosymlink" here if you want to suppress symlinking local filesystems
  # add "nonstrict" to make it OK for some filesystems to not mount
@@ -16,3 +17,4 @@
  
  # Showmount comes in a number of names and varieties.  "showmount" is
  # typically an older version which accepts the '--no-headers' flag
+ # but ignores it.  "kshowmount" is the newer version installed with knfsd,
diff -Nru autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch
--- autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch	1970-01-01 01:00:00.000000000 +0100
+++ autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch	2015-03-19 08:39:03.000000000 +0100
@@ -0,0 +1,214 @@
+Description: add a prefix to program map stdvars
+ When a program map uses an interpreted languages like python it is
+ possible to load and execute arbitrary code from a user home directory.
+ This is because the standard environment variables are used to locate
+ and load modules when using these languages. (CVE-2014-8169)
+ .
+ To avoid that we need to add a prefix to these environment names so
+ they aren't used for this purpose. The prefix used is "AUTOFS_" and
+ is not configurable.
+Origin: vendor
+Author: Ian Kent <ikent@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-02-28
+---
+--- a/include/mounts.h
++++ b/include/mounts.h
+@@ -84,10 +84,10 @@
+ unsigned int linux_version_code(void);
+ int check_nfs_mount_version(struct nfs_mount_vers *, struct nfs_mount_vers *);
+ extern unsigned int nfs_mount_uses_string_options;
+ 
+-struct substvar *addstdenv(struct substvar *sv);
+-struct substvar *removestdenv(struct substvar *sv);
++struct substvar *addstdenv(struct substvar *sv, const char *prefix);
++struct substvar *removestdenv(struct substvar *sv, const char *prefix);
+ 
+ unsigned int query_kproto_ver(void);
+ unsigned int get_kver_major(void);
+ unsigned int get_kver_minor(void);
+--- a/lib/mounts.c
++++ b/lib/mounts.c
+@@ -30,8 +30,9 @@
+ #include "automount.h"
+ 
+ #define MAX_OPTIONS_LEN		80
+ #define MAX_MNT_NAME_LEN	30
++#define MAX_ENV_NAME		15
+ 
+ #define EBUFSIZ 1024
+ 
+ const unsigned int t_indirect = AUTOFS_TYPE_INDIRECT;
+@@ -302,9 +303,63 @@
+ 	return 0;
+ }
+ #endif
+ 
+-struct substvar *addstdenv(struct substvar *sv)
++static char *set_env_name(const char *prefix, const char *name, char *buf)
++{
++	size_t len;
++
++	len = strlen(name);
++	if (prefix)
++		len += strlen(prefix);
++	len++;
++
++	if (len > MAX_ENV_NAME)
++		return NULL;
++
++	if (!prefix)
++		strcpy(buf, name);
++	else {
++		strcpy(buf, prefix);
++		strcat(buf, name);
++	}
++	return buf;
++}
++
++static struct substvar *do_macro_addvar(struct substvar *list,
++					const char *prefix,
++					const char *name,
++					const char *val)
++{
++	char buf[MAX_ENV_NAME + 1];
++	char *new;
++	size_t len;
++
++	new = set_env_name(prefix, name, buf);
++	if (new) {
++		len = strlen(new);
++		list = macro_addvar(list, new, len, val);
++	}
++	return list;
++}
++
++static struct substvar *do_macro_removevar(struct substvar *list,
++					   const char *prefix,
++					   const char *name)
++{
++	char buf[MAX_ENV_NAME + 1];
++	char *new;
++	size_t len;
++
++	new = set_env_name(prefix, name, buf);
++	if (new) {
++		len = strlen(new);
++		list = macro_removevar(list, new, len);
++	}
++	return list;
++}
++
++struct substvar *addstdenv(struct substvar *sv, const char *prefix)
+ {
+ 	struct substvar *list = sv;
+ 	struct thread_stdenv_vars *tsv;
+ 	char numbuf[16];
+@@ -317,41 +372,42 @@
+ 
+ 		num = (long) tsv->uid;
+ 		ret = sprintf(numbuf, "%ld", num);
+ 		if (ret > 0)
+-			list = macro_addvar(list, "UID", 3, numbuf);
++			list = do_macro_addvar(list, prefix, "UID", numbuf);
+ 		num = (long) tsv->gid;
+ 		ret = sprintf(numbuf, "%ld", num);
+ 		if (ret > 0)
+-			list = macro_addvar(list, "GID", 3, numbuf);
+-		list = macro_addvar(list, "USER", 4, tsv->user);
+-		list = macro_addvar(list, "GROUP", 5, tsv->group);
+-		list = macro_addvar(list, "HOME", 4, tsv->home);
++			list = do_macro_addvar(list, prefix, "GID", numbuf);
++		list = do_macro_addvar(list, prefix, "USER", tsv->user);
++		list = do_macro_addvar(list, prefix, "GROUP", tsv->group);
++		list = do_macro_addvar(list, prefix, "HOME", tsv->home);
+ 		mv = macro_findvar(list, "HOST", 4);
+ 		if (mv) {
+ 			char *shost = strdup(mv->val);
+ 			if (shost) {
+ 				char *dot = strchr(shost, '.');
+ 				if (dot)
+ 					*dot = '\0';
+-				list = macro_addvar(list, "SHOST", 5, shost);
++				list = do_macro_addvar(list,
++						       prefix, "SHOST", shost);
+ 				free(shost);
+ 			}
+ 		}
+ 	}
+ 	return list;
+ }
+ 
+-struct substvar *removestdenv(struct substvar *sv)
++struct substvar *removestdenv(struct substvar *sv, const char *prefix)
+ {
+ 	struct substvar *list = sv;
+ 
+-	list = macro_removevar(list, "UID", 3);
+-	list = macro_removevar(list, "USER", 4);
+-	list = macro_removevar(list, "HOME", 4);
+-	list = macro_removevar(list, "GID", 3);
+-	list = macro_removevar(list, "GROUP", 5);
+-	list = macro_removevar(list, "SHOST", 5);
++	list = do_macro_removevar(list, prefix, "UID");
++	list = do_macro_removevar(list, prefix, "USER");
++	list = do_macro_removevar(list, prefix, "HOME");
++	list = do_macro_removevar(list, prefix, "GID");
++	list = do_macro_removevar(list, prefix, "GROUP");
++	list = do_macro_removevar(list, prefix, "SHOST");
+ 	return list;
+ }
+ 
+ /*
+--- a/modules/lookup_program.c
++++ b/modules/lookup_program.c
+@@ -271,9 +271,9 @@
+ 		 */
+ 		if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
+ 			struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
+ 			/* Add standard environment as seen by sun map parser */
+-			pctxt->subst = addstdenv(pctxt->subst);
++			pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
+ 			macro_setenv(pctxt->subst);
+ 		}
+ 		execl(ctxt->mapname, ctxt->mapname, name, NULL);
+ 		_exit(255);	/* execl() failed */
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -1222,14 +1222,14 @@
+ 
+ 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
+ 	macro_lock();
+ 
+-	ctxt->subst = addstdenv(ctxt->subst);
++	ctxt->subst = addstdenv(ctxt->subst, NULL);
+ 
+ 	mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);
+ 	if (mapent_len == 0) {
+ 		error(ap->logopt, MODPREFIX "failed to expand map entry");
+-		ctxt->subst = removestdenv(ctxt->subst);
++		ctxt->subst = removestdenv(ctxt->subst, NULL);
+ 		macro_unlock();
+ 		pthread_setcancelstate(cur_state, NULL);
+ 		return 1;
+ 	}
+@@ -1237,17 +1237,17 @@
+ 	pmapent = alloca(mapent_len + 1);
+ 	if (!pmapent) {	
+ 		char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ 		logerr(MODPREFIX "alloca: %s", estr);
+-		ctxt->subst = removestdenv(ctxt->subst);
++		ctxt->subst = removestdenv(ctxt->subst, NULL);
+ 		macro_unlock();
+ 		pthread_setcancelstate(cur_state, NULL);
+ 		return 1;
+ 	}
+ 	pmapent[mapent_len] = '\0';
+ 
+ 	expandsunent(mapent, pmapent, name, ctxt->subst, slashify);
+-	ctxt->subst = removestdenv(ctxt->subst);
++	ctxt->subst = removestdenv(ctxt->subst, NULL);
+ 
+ 	macro_unlock();
+ 	pthread_setcancelstate(cur_state, NULL);
+ 
diff -Nru autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch
--- autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch	1970-01-01 01:00:00.000000000 +0100
+++ autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch	2015-03-19 08:39:07.000000000 +0100
@@ -0,0 +1,174 @@
+Description:  add config option to force use of program map stdvars
+ Enabling the extended environment (including $HOME, for example) for
+ program maps opens automount(8) to a privilege escalation.
+ .
+ Rather than just removing the entended environment a configuration
+ option is added to disable it by default so that those who wish to
+ use it can do so if they wish.
+Origin: vendor
+Author: Ian Kent <ikent@redhat.com>
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-02-28
+---
+--- a/include/defaults.h
++++ b/include/defaults.h
+@@ -27,8 +27,9 @@
+ #define DEFAULT_MOUNT_WAIT		-1
+ #define DEFAULT_UMOUNT_WAIT		12
+ #define DEFAULT_BROWSE_MODE		1
+ #define DEFAULT_LOGGING			0
++#define DEFAULT_FORCE_STD_PROG_MAP_ENV  0
+ 
+ #define DEFAULT_LDAP_TIMEOUT		-1
+ #define DEFAULT_LDAP_NETWORK_TIMEOUT	8
+ 
+@@ -61,8 +62,9 @@
+ unsigned int defaults_get_timeout(void);
+ unsigned int defaults_get_negative_timeout(void);
+ unsigned int defaults_get_browse_mode(void);
+ unsigned int defaults_get_logging(void);
++unsigned int defaults_force_std_prog_map_env(void);
+ const char *defaults_get_ldap_server(void);
+ unsigned int defaults_get_ldap_timeout(void);
+ unsigned int defaults_get_ldap_network_timeout(void);
+ unsigned int defaults_get_mount_nfs_default_proto(void);
+--- a/lib/defaults.c
++++ b/lib/defaults.c
+@@ -34,8 +34,9 @@
+ #define ENV_NAME_TIMEOUT		"TIMEOUT"
+ #define ENV_NAME_NEGATIVE_TIMEOUT	"NEGATIVE_TIMEOUT"
+ #define ENV_NAME_BROWSE_MODE		"BROWSE_MODE"
+ #define ENV_NAME_LOGGING		"LOGGING"
++#define ENV_NAME_FORCE_STD_PROG_MAP_ENV "FORCE_STANDARD_PROGRAM_MAP_ENV"
+ 
+ #define LDAP_URI			"LDAP_URI"
+ #define ENV_LDAP_TIMEOUT		"LDAP_TIMEOUT"
+ #define ENV_LDAP_NETWORK_TIMEOUT	"LDAP_NETWORK_TIMEOUT"
+@@ -518,8 +519,9 @@
+ 		    check_set_config_value(key, ENV_NAME_TIMEOUT, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_NAME_NEGATIVE_TIMEOUT, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_NAME_BROWSE_MODE, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_NAME_LOGGING, value, to_syslog) ||
++		    check_set_config_value(key, ENV_NAME_FORCE_STD_PROG_MAP_ENV, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_LDAP_TIMEOUT, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_LDAP_NETWORK_TIMEOUT, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_NAME_MAP_OBJ_CLASS, value, to_syslog) ||
+ 		    check_set_config_value(key, ENV_NAME_ENTRY_OBJ_CLASS, value, to_syslog) ||
+@@ -628,8 +630,19 @@
+ 
+ 	return logging;
+ }
+ 
++unsigned int defaults_force_std_prog_map_env(void)
++{
++	int res;
++
++	res = get_env_yesno(ENV_NAME_FORCE_STD_PROG_MAP_ENV);
++	if (res < 0)
++		res = DEFAULT_FORCE_STD_PROG_MAP_ENV;
++
++	return res;
++}
++
+ unsigned int defaults_get_ldap_timeout(void)
+ {
+ 	int res;
+ 
+--- a/man/autofs.5
++++ b/man/autofs.5
+@@ -173,8 +173,13 @@
+ SHOST	Short hostname (domain part removed if present)
+ .fi
+ .RE
+ .sp
++If a program map is used these standard environment variables will have
++a prefix of "AUTOFS_" to prevent interpreted languages like python from
++being able to load and execute arbitray code from a user home directory.
++.RE
++.sp
+ Additional entries can be defined with the -Dvariable=Value map-option to
+ .BR automount (8).
+ .SS Executable Maps
+ A map can be marked as executable. A
+--- a/modules/lookup_program.c
++++ b/modules/lookup_program.c
+@@ -131,8 +131,9 @@
+ 	int quoted = 0;
+ 	int ret = 1;
+ 	int distance;
+ 	int alloci = 1;
++	char *prefix;
+ 
+ 	source = ap->entry->current;
+ 	ap->entry->current = NULL;
+ 	master_source_current_signal(ap->entry);
+@@ -264,16 +265,27 @@
+ 		if (chdir(ap->path))
+ 			warn(ap->logopt,
+ 			     MODPREFIX "failed to set PWD to %s for map %s",
+ 			     ap->path, ctxt->mapname);
++
++		/*
++		 * By default use a prefix with standard environment
++		 * variables to prevent system subversion by interpreted
++		 * languages.
++		 */
++		if (defaults_force_std_prog_map_env())
++			prefix = NULL;
++		else
++			prefix = "AUTOFS_";
++
+ 		/*
+ 		 * MAPFMT_DEFAULT must be "sun" for ->parse_init() to have setup
+ 		 * the macro table.
+ 		 */
+ 		if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
+ 			struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
+ 			/* Add standard environment as seen by sun map parser */
+-			pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
++			pctxt->subst = addstdenv(pctxt->subst, prefix);
+ 			macro_setenv(pctxt->subst);
+ 		}
+ 		execl(ctxt->mapname, ctxt->mapname, name, NULL);
+ 		_exit(255);	/* execl() failed */
+--- a/samples/autofs.conf.default.in
++++ b/samples/autofs.conf.default.in
+@@ -79,8 +79,19 @@
+ # LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
+ #
+ #LDAP_NETWORK_TIMEOUT=8
+ #
++# FORCE_STANDARD_PROGRAM_MAP_ENV - disable the use of the "AUTOFS_"
++#			prefix for standard environment variables when
++#			executing a program map. Since program maps
++#			are run as the privileded user this opens
++#			automount(8) to potential user privilege
++#			escalation when the program map is written
++#			in a language that  can load components from,
++#			for example, a user home directory.
++#
++#FORCE_STANDARD_PROGRAM_MAP_ENV="no"
++#
+ # Define base dn for map dn lookup.
+ #
+ # SEARCH_BASE - base dn to use for searching for map search dn.
+ # 		Multiple entries can be given and they are checked
+--- a/man/auto.master.5.in
++++ b/man/auto.master.5.in
+@@ -249,8 +249,16 @@
+ options replace the global options (program default "yes", append options).
+ .TP
+ .B LOGGING
+ set default log level "none", "verbose" or "debug" (program default "none").
++.TP
++.B FORCE_STANDARD_PROGRAM_MAP_ENV
++override the use of a prefix with standard environment variables when a
++program map is executed. Since program maps are run as the privileded
++user setting these standard environment variables opens automount(8) to
++potential user privilege escalation when the program map is written in a
++language that can load components from, for example, a user home directory
++(program default "no").
+ .SH BUILTIN MAP -hosts
+ If "-hosts" is given as the map then accessing a key under the mount point
+ which corresponds to a hostname will allow access to the exports of that
+ host. The hosts map cannot be dynamically updated and requires a HUP signal
diff -Nru autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch
--- autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch	2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch	2015-03-19 08:41:02.000000000 +0100
@@ -8,7 +8,7 @@
 
 --- a/samples/autofs.conf.default.in
 +++ b/samples/autofs.conf.default.in
-@@ -127,11 +127,6 @@
+@@ -138,11 +138,6 @@
  #MAP_HASH_TABLE_SIZE=1024
  #
  # General global options
diff -Nru autofs-5.0.8/debian/patches/filagdir.patch autofs-5.0.8/debian/patches/filagdir.patch
--- autofs-5.0.8/debian/patches/filagdir.patch	2012-08-21 08:50:26.000000000 +0200
+++ autofs-5.0.8/debian/patches/filagdir.patch	2015-03-19 08:39:09.000000000 +0100
@@ -5,7 +5,8 @@
 
 --- a/configure.in
 +++ b/configure.in
-@@ -114,7 +114,7 @@
+@@ -113,9 +113,9 @@
+ 	if test -z "$withval" -o "$withval" = "yes" -o "$withval" = "no"
  	then
  		:
  	else
@@ -14,3 +15,4 @@
  	fi
  )
  AC_MSG_CHECKING([for autofs flag file directory])
+ AC_MSG_RESULT([$flagdir])
diff -Nru autofs-5.0.8/debian/patches/manpages-hyphen.patch autofs-5.0.8/debian/patches/manpages-hyphen.patch
--- autofs-5.0.8/debian/patches/manpages-hyphen.patch	2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/manpages-hyphen.patch	2015-03-19 08:50:27.000000000 +0100
@@ -97,9 +97,9 @@
  .RE
  .sp
  autofs provides additional variables that are set based on the
-@@ -173,9 +173,9 @@
- SHOST	Short hostname (domain part removed if present)
- .fi
+@@ -178,9 +178,9 @@
+ a prefix of "AUTOFS_" to prevent interpreted languages like python from
+ being able to load and execute arbitray code from a user home directory.
  .RE
  .sp
 -Additional entries can be defined with the -Dvariable=Value map-option to
@@ -110,11 +110,11 @@
  .B program
 --- a/man/auto.master.5.in
 +++ b/man/auto.master.5.in
-@@ -249,19 +249,19 @@
- options replace the global options (program default "yes", append options).
- .TP
- .B LOGGING
- set default log level "none", "verbose" or "debug" (program default "none").
+@@ -257,19 +257,19 @@
+ user setting these standard environment variables opens automount(8) to
+ potential user privilege escalation when the program map is written in a
+ language that can load components from, for example, a user home directory
+ (program default "no").
 -.SH BUILTIN MAP -hosts
 -If "-hosts" is given as the map then accessing a key under the mount point
 +.SH BUILTIN MAP \-hosts
diff -Nru autofs-5.0.8/debian/patches/manpages.patch autofs-5.0.8/debian/patches/manpages.patch
--- autofs-5.0.8/debian/patches/manpages.patch	2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/manpages.patch	2015-03-19 08:39:23.000000000 +0100
@@ -5,7 +5,7 @@
 
 --- a/man/auto.master.5.in
 +++ b/man/auto.master.5.in
-@@ -321,9 +321,9 @@
+@@ -329,9 +329,9 @@
  .B LDAP_NETWORK_TIMEOUT
  Set the network response timeout (default 8).
  .TP
@@ -16,7 +16,7 @@
  Map entries that include a server name override this option and it is then
  not used. Default is an empty list in which case either the server given
  in a map entry or the LDAP configured default is used. This uri list is read at
-@@ -453,6 +453,6 @@
+@@ -461,6 +461,6 @@
  .BR autofs (8).
  .BR autofs_ldap_auth.conf (5)
  .SH AUTHOR
diff -Nru autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch
--- autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch	2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch	2015-03-19 09:11:11.000000000 +0100
@@ -72,8 +72,8 @@
 -int check_nfs_mount_version(struct nfs_mount_vers *, struct nfs_mount_vers *);
 -extern unsigned int nfs_mount_uses_string_options;
  
- struct substvar *addstdenv(struct substvar *sv);
- struct substvar *removestdenv(struct substvar *sv);
+ struct substvar *addstdenv(struct substvar *sv, const char *prefix);
+ struct substvar *removestdenv(struct substvar *sv, const char *prefix);
  
 --- a/modules/replicated.c
 +++ b/modules/replicated.c
@@ -93,7 +93,7 @@
  		if (!this || !this->next)
 --- a/lib/mounts.c
 +++ b/lib/mounts.c
-@@ -163,8 +163,9 @@
+@@ -164,8 +164,9 @@
  {
  	return kver.minor;
  }
@@ -103,13 +103,13 @@
  static int extract_version(char *start, struct nfs_mount_vers *vers)
  {
  	char *s_ver = strchr(start, ' ');
-@@ -301,8 +302,9 @@
+@@ -302,8 +303,9 @@
  {
  	return 0;
  }
  #endif
 +#endif
  
- struct substvar *addstdenv(struct substvar *sv)
+ static char *set_env_name(const char *prefix, const char *name, char *buf)
  {
- 	struct substvar *list = sv;
+ 	size_t len;
diff -Nru autofs-5.0.8/debian/patches/series autofs-5.0.8/debian/patches/series
--- autofs-5.0.8/debian/patches/series	2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/series	2015-03-19 08:36:02.000000000 +0100
@@ -1,4 +1,8 @@
 #
+# CVE-2014-8169
+CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch
+CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch
+#
 # bugfixes forwarded to upstream
 filagdir.patch
 #


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)