--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package autofs. It fixes CVE-2014-8169.
unblock autofs/5.0.8-2
Debdiff:
diff -Nru autofs-5.0.8/debian/changelog autofs-5.0.8/debian/changelog
--- autofs-5.0.8/debian/changelog 2014-03-07 05:16:25.000000000 +0100
+++ autofs-5.0.8/debian/changelog 2015-03-19 08:53:22.000000000 +0100
@@ -1,3 +1,21 @@
+autofs (5.0.8-2) unstable; urgency=medium
+
+ [ Salvatore Bonaccorso <carnil@debian.org> ]
+ * Add patches for CVE-2014-8169 (Closes: #779591).
+ When a program map uses an interpreted languages like python it is
+ possible to load and execute arbitray code from a user home directory.
+ This is because the standard environment variables are used to locate
+ and load modules when using these languages. To avoid that, a prefix to
+ these environment names is added so that they aren't used for this
+ purpose. The prefix used is "AUTOFS_" and is not configurable.
+ Additionally a configuration option to force the use of program map
+ standard environment variables is added (FORCE_STANDARD_PROGRAM_MAP_ENV).
+
+ [ Dmitry Smirnov <onlyjob@debian.org> ]
+ * Refreshed other patches as needed.
+
+ -- Dmitry Smirnov <onlyjob@debian.org> Thu, 19 Mar 2015 18:38:23 +1100
+
autofs (5.0.8-1) unstable; urgency=low
* New upstream release [October 2013] (Closes: #729023).
diff -Nru autofs-5.0.8/debian/patches/12disable_default_auto_master.patch autofs-5.0.8/debian/patches/12disable_default_auto_master.patch
--- autofs-5.0.8/debian/patches/12disable_default_auto_master.patch 2012-05-29 03:42:29.000000000 +0200
+++ autofs-5.0.8/debian/patches/12disable_default_auto_master.patch 2015-03-19 08:39:16.000000000 +0100
@@ -7,7 +7,8 @@
--- a/samples/auto.master
+++ b/samples/auto.master
-@@ -4,13 +4,13 @@
+@@ -3,15 +3,15 @@
+ # This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# For details of the format look at autofs(5).
#
@@ -23,3 +24,4 @@
#
# Include /etc/auto.master.d/*.autofs
#
+ +dir:/etc/auto.master.d
diff -Nru autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch
--- autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch 2012-05-29 03:42:29.000000000 +0200
+++ autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch 2015-03-19 08:39:18.000000000 +0100
@@ -6,7 +6,8 @@
--- a/include/automount.h
+++ b/include/automount.h
-@@ -39,6 +39,11 @@
+@@ -38,8 +38,13 @@
+ #ifdef WITH_DMALLOC
#include <dmalloc.h>
#endif
@@ -18,3 +19,4 @@
#define ENABLE_CORES 1
/* We MUST have the paths to mount(8) and umount(8) */
+ #ifndef HAVE_MOUNT
diff -Nru autofs-5.0.8/debian/patches/15auto_net_nfs4.patch autofs-5.0.8/debian/patches/15auto_net_nfs4.patch
--- autofs-5.0.8/debian/patches/15auto_net_nfs4.patch 2012-05-29 03:42:29.000000000 +0200
+++ autofs-5.0.8/debian/patches/15auto_net_nfs4.patch 2015-03-19 08:39:20.000000000 +0100
@@ -5,7 +5,8 @@
--- a/samples/auto.net
+++ b/samples/auto.net
-@@ -9,7 +9,10 @@
+@@ -8,9 +8,12 @@
+ key="$1"
# add "nosymlink" here if you want to suppress symlinking local filesystems
# add "nonstrict" to make it OK for some filesystems to not mount
@@ -16,3 +17,4 @@
# Showmount comes in a number of names and varieties. "showmount" is
# typically an older version which accepts the '--no-headers' flag
+ # but ignores it. "kshowmount" is the newer version installed with knfsd,
diff -Nru autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch
--- autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch 1970-01-01 01:00:00.000000000 +0100
+++ autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch 2015-03-19 08:39:03.000000000 +0100
@@ -0,0 +1,214 @@
+Description: add a prefix to program map stdvars
+ When a program map uses an interpreted languages like python it is
+ possible to load and execute arbitrary code from a user home directory.
+ This is because the standard environment variables are used to locate
+ and load modules when using these languages. (CVE-2014-8169)
+ .
+ To avoid that we need to add a prefix to these environment names so
+ they aren't used for this purpose. The prefix used is "AUTOFS_" and
+ is not configurable.
+Origin: vendor
+Author: Ian Kent <ikent@redhat.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-02-28
+---
+--- a/include/mounts.h
++++ b/include/mounts.h
+@@ -84,10 +84,10 @@
+ unsigned int linux_version_code(void);
+ int check_nfs_mount_version(struct nfs_mount_vers *, struct nfs_mount_vers *);
+ extern unsigned int nfs_mount_uses_string_options;
+
+-struct substvar *addstdenv(struct substvar *sv);
+-struct substvar *removestdenv(struct substvar *sv);
++struct substvar *addstdenv(struct substvar *sv, const char *prefix);
++struct substvar *removestdenv(struct substvar *sv, const char *prefix);
+
+ unsigned int query_kproto_ver(void);
+ unsigned int get_kver_major(void);
+ unsigned int get_kver_minor(void);
+--- a/lib/mounts.c
++++ b/lib/mounts.c
+@@ -30,8 +30,9 @@
+ #include "automount.h"
+
+ #define MAX_OPTIONS_LEN 80
+ #define MAX_MNT_NAME_LEN 30
++#define MAX_ENV_NAME 15
+
+ #define EBUFSIZ 1024
+
+ const unsigned int t_indirect = AUTOFS_TYPE_INDIRECT;
+@@ -302,9 +303,63 @@
+ return 0;
+ }
+ #endif
+
+-struct substvar *addstdenv(struct substvar *sv)
++static char *set_env_name(const char *prefix, const char *name, char *buf)
++{
++ size_t len;
++
++ len = strlen(name);
++ if (prefix)
++ len += strlen(prefix);
++ len++;
++
++ if (len > MAX_ENV_NAME)
++ return NULL;
++
++ if (!prefix)
++ strcpy(buf, name);
++ else {
++ strcpy(buf, prefix);
++ strcat(buf, name);
++ }
++ return buf;
++}
++
++static struct substvar *do_macro_addvar(struct substvar *list,
++ const char *prefix,
++ const char *name,
++ const char *val)
++{
++ char buf[MAX_ENV_NAME + 1];
++ char *new;
++ size_t len;
++
++ new = set_env_name(prefix, name, buf);
++ if (new) {
++ len = strlen(new);
++ list = macro_addvar(list, new, len, val);
++ }
++ return list;
++}
++
++static struct substvar *do_macro_removevar(struct substvar *list,
++ const char *prefix,
++ const char *name)
++{
++ char buf[MAX_ENV_NAME + 1];
++ char *new;
++ size_t len;
++
++ new = set_env_name(prefix, name, buf);
++ if (new) {
++ len = strlen(new);
++ list = macro_removevar(list, new, len);
++ }
++ return list;
++}
++
++struct substvar *addstdenv(struct substvar *sv, const char *prefix)
+ {
+ struct substvar *list = sv;
+ struct thread_stdenv_vars *tsv;
+ char numbuf[16];
+@@ -317,41 +372,42 @@
+
+ num = (long) tsv->uid;
+ ret = sprintf(numbuf, "%ld", num);
+ if (ret > 0)
+- list = macro_addvar(list, "UID", 3, numbuf);
++ list = do_macro_addvar(list, prefix, "UID", numbuf);
+ num = (long) tsv->gid;
+ ret = sprintf(numbuf, "%ld", num);
+ if (ret > 0)
+- list = macro_addvar(list, "GID", 3, numbuf);
+- list = macro_addvar(list, "USER", 4, tsv->user);
+- list = macro_addvar(list, "GROUP", 5, tsv->group);
+- list = macro_addvar(list, "HOME", 4, tsv->home);
++ list = do_macro_addvar(list, prefix, "GID", numbuf);
++ list = do_macro_addvar(list, prefix, "USER", tsv->user);
++ list = do_macro_addvar(list, prefix, "GROUP", tsv->group);
++ list = do_macro_addvar(list, prefix, "HOME", tsv->home);
+ mv = macro_findvar(list, "HOST", 4);
+ if (mv) {
+ char *shost = strdup(mv->val);
+ if (shost) {
+ char *dot = strchr(shost, '.');
+ if (dot)
+ *dot = '\0';
+- list = macro_addvar(list, "SHOST", 5, shost);
++ list = do_macro_addvar(list,
++ prefix, "SHOST", shost);
+ free(shost);
+ }
+ }
+ }
+ return list;
+ }
+
+-struct substvar *removestdenv(struct substvar *sv)
++struct substvar *removestdenv(struct substvar *sv, const char *prefix)
+ {
+ struct substvar *list = sv;
+
+- list = macro_removevar(list, "UID", 3);
+- list = macro_removevar(list, "USER", 4);
+- list = macro_removevar(list, "HOME", 4);
+- list = macro_removevar(list, "GID", 3);
+- list = macro_removevar(list, "GROUP", 5);
+- list = macro_removevar(list, "SHOST", 5);
++ list = do_macro_removevar(list, prefix, "UID");
++ list = do_macro_removevar(list, prefix, "USER");
++ list = do_macro_removevar(list, prefix, "HOME");
++ list = do_macro_removevar(list, prefix, "GID");
++ list = do_macro_removevar(list, prefix, "GROUP");
++ list = do_macro_removevar(list, prefix, "SHOST");
+ return list;
+ }
+
+ /*
+--- a/modules/lookup_program.c
++++ b/modules/lookup_program.c
+@@ -271,9 +271,9 @@
+ */
+ if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
+ struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
+ /* Add standard environment as seen by sun map parser */
+- pctxt->subst = addstdenv(pctxt->subst);
++ pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
+ macro_setenv(pctxt->subst);
+ }
+ execl(ctxt->mapname, ctxt->mapname, name, NULL);
+ _exit(255); /* execl() failed */
+--- a/modules/parse_sun.c
++++ b/modules/parse_sun.c
+@@ -1222,14 +1222,14 @@
+
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
+ macro_lock();
+
+- ctxt->subst = addstdenv(ctxt->subst);
++ ctxt->subst = addstdenv(ctxt->subst, NULL);
+
+ mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify);
+ if (mapent_len == 0) {
+ error(ap->logopt, MODPREFIX "failed to expand map entry");
+- ctxt->subst = removestdenv(ctxt->subst);
++ ctxt->subst = removestdenv(ctxt->subst, NULL);
+ macro_unlock();
+ pthread_setcancelstate(cur_state, NULL);
+ return 1;
+ }
+@@ -1237,17 +1237,17 @@
+ pmapent = alloca(mapent_len + 1);
+ if (!pmapent) {
+ char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ logerr(MODPREFIX "alloca: %s", estr);
+- ctxt->subst = removestdenv(ctxt->subst);
++ ctxt->subst = removestdenv(ctxt->subst, NULL);
+ macro_unlock();
+ pthread_setcancelstate(cur_state, NULL);
+ return 1;
+ }
+ pmapent[mapent_len] = '\0';
+
+ expandsunent(mapent, pmapent, name, ctxt->subst, slashify);
+- ctxt->subst = removestdenv(ctxt->subst);
++ ctxt->subst = removestdenv(ctxt->subst, NULL);
+
+ macro_unlock();
+ pthread_setcancelstate(cur_state, NULL);
+
diff -Nru autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch
--- autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch 1970-01-01 01:00:00.000000000 +0100
+++ autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch 2015-03-19 08:39:07.000000000 +0100
@@ -0,0 +1,174 @@
+Description: add config option to force use of program map stdvars
+ Enabling the extended environment (including $HOME, for example) for
+ program maps opens automount(8) to a privilege escalation.
+ .
+ Rather than just removing the entended environment a configuration
+ option is added to disable it by default so that those who wish to
+ use it can do so if they wish.
+Origin: vendor
+Author: Ian Kent <ikent@redhat.com>
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2015-02-28
+---
+--- a/include/defaults.h
++++ b/include/defaults.h
+@@ -27,8 +27,9 @@
+ #define DEFAULT_MOUNT_WAIT -1
+ #define DEFAULT_UMOUNT_WAIT 12
+ #define DEFAULT_BROWSE_MODE 1
+ #define DEFAULT_LOGGING 0
++#define DEFAULT_FORCE_STD_PROG_MAP_ENV 0
+
+ #define DEFAULT_LDAP_TIMEOUT -1
+ #define DEFAULT_LDAP_NETWORK_TIMEOUT 8
+
+@@ -61,8 +62,9 @@
+ unsigned int defaults_get_timeout(void);
+ unsigned int defaults_get_negative_timeout(void);
+ unsigned int defaults_get_browse_mode(void);
+ unsigned int defaults_get_logging(void);
++unsigned int defaults_force_std_prog_map_env(void);
+ const char *defaults_get_ldap_server(void);
+ unsigned int defaults_get_ldap_timeout(void);
+ unsigned int defaults_get_ldap_network_timeout(void);
+ unsigned int defaults_get_mount_nfs_default_proto(void);
+--- a/lib/defaults.c
++++ b/lib/defaults.c
+@@ -34,8 +34,9 @@
+ #define ENV_NAME_TIMEOUT "TIMEOUT"
+ #define ENV_NAME_NEGATIVE_TIMEOUT "NEGATIVE_TIMEOUT"
+ #define ENV_NAME_BROWSE_MODE "BROWSE_MODE"
+ #define ENV_NAME_LOGGING "LOGGING"
++#define ENV_NAME_FORCE_STD_PROG_MAP_ENV "FORCE_STANDARD_PROGRAM_MAP_ENV"
+
+ #define LDAP_URI "LDAP_URI"
+ #define ENV_LDAP_TIMEOUT "LDAP_TIMEOUT"
+ #define ENV_LDAP_NETWORK_TIMEOUT "LDAP_NETWORK_TIMEOUT"
+@@ -518,8 +519,9 @@
+ check_set_config_value(key, ENV_NAME_TIMEOUT, value, to_syslog) ||
+ check_set_config_value(key, ENV_NAME_NEGATIVE_TIMEOUT, value, to_syslog) ||
+ check_set_config_value(key, ENV_NAME_BROWSE_MODE, value, to_syslog) ||
+ check_set_config_value(key, ENV_NAME_LOGGING, value, to_syslog) ||
++ check_set_config_value(key, ENV_NAME_FORCE_STD_PROG_MAP_ENV, value, to_syslog) ||
+ check_set_config_value(key, ENV_LDAP_TIMEOUT, value, to_syslog) ||
+ check_set_config_value(key, ENV_LDAP_NETWORK_TIMEOUT, value, to_syslog) ||
+ check_set_config_value(key, ENV_NAME_MAP_OBJ_CLASS, value, to_syslog) ||
+ check_set_config_value(key, ENV_NAME_ENTRY_OBJ_CLASS, value, to_syslog) ||
+@@ -628,8 +630,19 @@
+
+ return logging;
+ }
+
++unsigned int defaults_force_std_prog_map_env(void)
++{
++ int res;
++
++ res = get_env_yesno(ENV_NAME_FORCE_STD_PROG_MAP_ENV);
++ if (res < 0)
++ res = DEFAULT_FORCE_STD_PROG_MAP_ENV;
++
++ return res;
++}
++
+ unsigned int defaults_get_ldap_timeout(void)
+ {
+ int res;
+
+--- a/man/autofs.5
++++ b/man/autofs.5
+@@ -173,8 +173,13 @@
+ SHOST Short hostname (domain part removed if present)
+ .fi
+ .RE
+ .sp
++If a program map is used these standard environment variables will have
++a prefix of "AUTOFS_" to prevent interpreted languages like python from
++being able to load and execute arbitray code from a user home directory.
++.RE
++.sp
+ Additional entries can be defined with the -Dvariable=Value map-option to
+ .BR automount (8).
+ .SS Executable Maps
+ A map can be marked as executable. A
+--- a/modules/lookup_program.c
++++ b/modules/lookup_program.c
+@@ -131,8 +131,9 @@
+ int quoted = 0;
+ int ret = 1;
+ int distance;
+ int alloci = 1;
++ char *prefix;
+
+ source = ap->entry->current;
+ ap->entry->current = NULL;
+ master_source_current_signal(ap->entry);
+@@ -264,16 +265,27 @@
+ if (chdir(ap->path))
+ warn(ap->logopt,
+ MODPREFIX "failed to set PWD to %s for map %s",
+ ap->path, ctxt->mapname);
++
++ /*
++ * By default use a prefix with standard environment
++ * variables to prevent system subversion by interpreted
++ * languages.
++ */
++ if (defaults_force_std_prog_map_env())
++ prefix = NULL;
++ else
++ prefix = "AUTOFS_";
++
+ /*
+ * MAPFMT_DEFAULT must be "sun" for ->parse_init() to have setup
+ * the macro table.
+ */
+ if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) {
+ struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context;
+ /* Add standard environment as seen by sun map parser */
+- pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_");
++ pctxt->subst = addstdenv(pctxt->subst, prefix);
+ macro_setenv(pctxt->subst);
+ }
+ execl(ctxt->mapname, ctxt->mapname, name, NULL);
+ _exit(255); /* execl() failed */
+--- a/samples/autofs.conf.default.in
++++ b/samples/autofs.conf.default.in
+@@ -79,8 +79,19 @@
+ # LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
+ #
+ #LDAP_NETWORK_TIMEOUT=8
+ #
++# FORCE_STANDARD_PROGRAM_MAP_ENV - disable the use of the "AUTOFS_"
++# prefix for standard environment variables when
++# executing a program map. Since program maps
++# are run as the privileded user this opens
++# automount(8) to potential user privilege
++# escalation when the program map is written
++# in a language that can load components from,
++# for example, a user home directory.
++#
++#FORCE_STANDARD_PROGRAM_MAP_ENV="no"
++#
+ # Define base dn for map dn lookup.
+ #
+ # SEARCH_BASE - base dn to use for searching for map search dn.
+ # Multiple entries can be given and they are checked
+--- a/man/auto.master.5.in
++++ b/man/auto.master.5.in
+@@ -249,8 +249,16 @@
+ options replace the global options (program default "yes", append options).
+ .TP
+ .B LOGGING
+ set default log level "none", "verbose" or "debug" (program default "none").
++.TP
++.B FORCE_STANDARD_PROGRAM_MAP_ENV
++override the use of a prefix with standard environment variables when a
++program map is executed. Since program maps are run as the privileded
++user setting these standard environment variables opens automount(8) to
++potential user privilege escalation when the program map is written in a
++language that can load components from, for example, a user home directory
++(program default "no").
+ .SH BUILTIN MAP -hosts
+ If "-hosts" is given as the map then accessing a key under the mount point
+ which corresponds to a hostname will allow access to the exports of that
+ host. The hosts map cannot be dynamically updated and requires a HUP signal
diff -Nru autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch
--- autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch 2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch 2015-03-19 08:41:02.000000000 +0100
@@ -8,7 +8,7 @@
--- a/samples/autofs.conf.default.in
+++ b/samples/autofs.conf.default.in
-@@ -127,11 +127,6 @@
+@@ -138,11 +138,6 @@
#MAP_HASH_TABLE_SIZE=1024
#
# General global options
diff -Nru autofs-5.0.8/debian/patches/filagdir.patch autofs-5.0.8/debian/patches/filagdir.patch
--- autofs-5.0.8/debian/patches/filagdir.patch 2012-08-21 08:50:26.000000000 +0200
+++ autofs-5.0.8/debian/patches/filagdir.patch 2015-03-19 08:39:09.000000000 +0100
@@ -5,7 +5,8 @@
--- a/configure.in
+++ b/configure.in
-@@ -114,7 +114,7 @@
+@@ -113,9 +113,9 @@
+ if test -z "$withval" -o "$withval" = "yes" -o "$withval" = "no"
then
:
else
@@ -14,3 +15,4 @@
fi
)
AC_MSG_CHECKING([for autofs flag file directory])
+ AC_MSG_RESULT([$flagdir])
diff -Nru autofs-5.0.8/debian/patches/manpages-hyphen.patch autofs-5.0.8/debian/patches/manpages-hyphen.patch
--- autofs-5.0.8/debian/patches/manpages-hyphen.patch 2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/manpages-hyphen.patch 2015-03-19 08:50:27.000000000 +0100
@@ -97,9 +97,9 @@
.RE
.sp
autofs provides additional variables that are set based on the
-@@ -173,9 +173,9 @@
- SHOST Short hostname (domain part removed if present)
- .fi
+@@ -178,9 +178,9 @@
+ a prefix of "AUTOFS_" to prevent interpreted languages like python from
+ being able to load and execute arbitray code from a user home directory.
.RE
.sp
-Additional entries can be defined with the -Dvariable=Value map-option to
@@ -110,11 +110,11 @@
.B program
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
-@@ -249,19 +249,19 @@
- options replace the global options (program default "yes", append options).
- .TP
- .B LOGGING
- set default log level "none", "verbose" or "debug" (program default "none").
+@@ -257,19 +257,19 @@
+ user setting these standard environment variables opens automount(8) to
+ potential user privilege escalation when the program map is written in a
+ language that can load components from, for example, a user home directory
+ (program default "no").
-.SH BUILTIN MAP -hosts
-If "-hosts" is given as the map then accessing a key under the mount point
+.SH BUILTIN MAP \-hosts
diff -Nru autofs-5.0.8/debian/patches/manpages.patch autofs-5.0.8/debian/patches/manpages.patch
--- autofs-5.0.8/debian/patches/manpages.patch 2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/manpages.patch 2015-03-19 08:39:23.000000000 +0100
@@ -5,7 +5,7 @@
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
-@@ -321,9 +321,9 @@
+@@ -329,9 +329,9 @@
.B LDAP_NETWORK_TIMEOUT
Set the network response timeout (default 8).
.TP
@@ -16,7 +16,7 @@
Map entries that include a server name override this option and it is then
not used. Default is an empty list in which case either the server given
in a map entry or the LDAP configured default is used. This uri list is read at
-@@ -453,6 +453,6 @@
+@@ -461,6 +461,6 @@
.BR autofs (8).
.BR autofs_ldap_auth.conf (5)
.SH AUTHOR
diff -Nru autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch
--- autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch 2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch 2015-03-19 09:11:11.000000000 +0100
@@ -72,8 +72,8 @@
-int check_nfs_mount_version(struct nfs_mount_vers *, struct nfs_mount_vers *);
-extern unsigned int nfs_mount_uses_string_options;
- struct substvar *addstdenv(struct substvar *sv);
- struct substvar *removestdenv(struct substvar *sv);
+ struct substvar *addstdenv(struct substvar *sv, const char *prefix);
+ struct substvar *removestdenv(struct substvar *sv, const char *prefix);
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -93,7 +93,7 @@
if (!this || !this->next)
--- a/lib/mounts.c
+++ b/lib/mounts.c
-@@ -163,8 +163,9 @@
+@@ -164,8 +164,9 @@
{
return kver.minor;
}
@@ -103,13 +103,13 @@
static int extract_version(char *start, struct nfs_mount_vers *vers)
{
char *s_ver = strchr(start, ' ');
-@@ -301,8 +302,9 @@
+@@ -302,8 +303,9 @@
{
return 0;
}
#endif
+#endif
- struct substvar *addstdenv(struct substvar *sv)
+ static char *set_env_name(const char *prefix, const char *name, char *buf)
{
- struct substvar *list = sv;
+ size_t len;
diff -Nru autofs-5.0.8/debian/patches/series autofs-5.0.8/debian/patches/series
--- autofs-5.0.8/debian/patches/series 2014-03-07 05:16:07.000000000 +0100
+++ autofs-5.0.8/debian/patches/series 2015-03-19 08:36:02.000000000 +0100
@@ -1,4 +1,8 @@
#
+# CVE-2014-8169
+CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch
+CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch
+#
# bugfixes forwarded to upstream
filagdir.patch
#
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---