Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package autofs. It fixes CVE-2014-8169. unblock autofs/5.0.8-2 Debdiff: diff -Nru autofs-5.0.8/debian/changelog autofs-5.0.8/debian/changelog --- autofs-5.0.8/debian/changelog 2014-03-07 05:16:25.000000000 +0100 +++ autofs-5.0.8/debian/changelog 2015-03-19 08:53:22.000000000 +0100 @@ -1,3 +1,21 @@ +autofs (5.0.8-2) unstable; urgency=medium + + [ Salvatore Bonaccorso <car...@debian.org> ] + * Add patches for CVE-2014-8169 (Closes: #779591). + When a program map uses an interpreted languages like python it is + possible to load and execute arbitray code from a user home directory. + This is because the standard environment variables are used to locate + and load modules when using these languages. To avoid that, a prefix to + these environment names is added so that they aren't used for this + purpose. The prefix used is "AUTOFS_" and is not configurable. + Additionally a configuration option to force the use of program map + standard environment variables is added (FORCE_STANDARD_PROGRAM_MAP_ENV). + + [ Dmitry Smirnov <only...@debian.org> ] + * Refreshed other patches as needed. + + -- Dmitry Smirnov <only...@debian.org> Thu, 19 Mar 2015 18:38:23 +1100 + autofs (5.0.8-1) unstable; urgency=low * New upstream release [October 2013] (Closes: #729023). diff -Nru autofs-5.0.8/debian/patches/12disable_default_auto_master.patch autofs-5.0.8/debian/patches/12disable_default_auto_master.patch --- autofs-5.0.8/debian/patches/12disable_default_auto_master.patch 2012-05-29 03:42:29.000000000 +0200 +++ autofs-5.0.8/debian/patches/12disable_default_auto_master.patch 2015-03-19 08:39:16.000000000 +0100 @@ -7,7 +7,8 @@ --- a/samples/auto.master +++ b/samples/auto.master -@@ -4,13 +4,13 @@ +@@ -3,15 +3,15 @@ + # This is an automounter map and it has the following format # key [ -mount-options-separated-by-comma ] location # For details of the format look at autofs(5). # @@ -23,3 +24,4 @@ # # Include /etc/auto.master.d/*.autofs # + +dir:/etc/auto.master.d diff -Nru autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch --- autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch 2012-05-29 03:42:29.000000000 +0200 +++ autofs-5.0.8/debian/patches/14avoid_sock_cloexec.patch 2015-03-19 08:39:18.000000000 +0100 @@ -6,7 +6,8 @@ --- a/include/automount.h +++ b/include/automount.h -@@ -39,6 +39,11 @@ +@@ -38,8 +38,13 @@ + #ifdef WITH_DMALLOC #include <dmalloc.h> #endif @@ -18,3 +19,4 @@ #define ENABLE_CORES 1 /* We MUST have the paths to mount(8) and umount(8) */ + #ifndef HAVE_MOUNT diff -Nru autofs-5.0.8/debian/patches/15auto_net_nfs4.patch autofs-5.0.8/debian/patches/15auto_net_nfs4.patch --- autofs-5.0.8/debian/patches/15auto_net_nfs4.patch 2012-05-29 03:42:29.000000000 +0200 +++ autofs-5.0.8/debian/patches/15auto_net_nfs4.patch 2015-03-19 08:39:20.000000000 +0100 @@ -5,7 +5,8 @@ --- a/samples/auto.net +++ b/samples/auto.net -@@ -9,7 +9,10 @@ +@@ -8,9 +8,12 @@ + key="$1" # add "nosymlink" here if you want to suppress symlinking local filesystems # add "nonstrict" to make it OK for some filesystems to not mount @@ -16,3 +17,4 @@ # Showmount comes in a number of names and varieties. "showmount" is # typically an older version which accepts the '--no-headers' flag + # but ignores it. "kshowmount" is the newer version installed with knfsd, diff -Nru autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch --- autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch 1970-01-01 01:00:00.000000000 +0100 +++ autofs-5.0.8/debian/patches/CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch 2015-03-19 08:39:03.000000000 +0100 @@ -0,0 +1,214 @@ +Description: add a prefix to program map stdvars + When a program map uses an interpreted languages like python it is + possible to load and execute arbitrary code from a user home directory. + This is because the standard environment variables are used to locate + and load modules when using these languages. (CVE-2014-8169) + . + To avoid that we need to add a prefix to these environment names so + they aren't used for this purpose. The prefix used is "AUTOFS_" and + is not configurable. +Origin: vendor +Author: Ian Kent <ik...@redhat.com> +Reviewed-by: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2015-02-28 +--- +--- a/include/mounts.h ++++ b/include/mounts.h +@@ -84,10 +84,10 @@ + unsigned int linux_version_code(void); + int check_nfs_mount_version(struct nfs_mount_vers *, struct nfs_mount_vers *); + extern unsigned int nfs_mount_uses_string_options; + +-struct substvar *addstdenv(struct substvar *sv); +-struct substvar *removestdenv(struct substvar *sv); ++struct substvar *addstdenv(struct substvar *sv, const char *prefix); ++struct substvar *removestdenv(struct substvar *sv, const char *prefix); + + unsigned int query_kproto_ver(void); + unsigned int get_kver_major(void); + unsigned int get_kver_minor(void); +--- a/lib/mounts.c ++++ b/lib/mounts.c +@@ -30,8 +30,9 @@ + #include "automount.h" + + #define MAX_OPTIONS_LEN 80 + #define MAX_MNT_NAME_LEN 30 ++#define MAX_ENV_NAME 15 + + #define EBUFSIZ 1024 + + const unsigned int t_indirect = AUTOFS_TYPE_INDIRECT; +@@ -302,9 +303,63 @@ + return 0; + } + #endif + +-struct substvar *addstdenv(struct substvar *sv) ++static char *set_env_name(const char *prefix, const char *name, char *buf) ++{ ++ size_t len; ++ ++ len = strlen(name); ++ if (prefix) ++ len += strlen(prefix); ++ len++; ++ ++ if (len > MAX_ENV_NAME) ++ return NULL; ++ ++ if (!prefix) ++ strcpy(buf, name); ++ else { ++ strcpy(buf, prefix); ++ strcat(buf, name); ++ } ++ return buf; ++} ++ ++static struct substvar *do_macro_addvar(struct substvar *list, ++ const char *prefix, ++ const char *name, ++ const char *val) ++{ ++ char buf[MAX_ENV_NAME + 1]; ++ char *new; ++ size_t len; ++ ++ new = set_env_name(prefix, name, buf); ++ if (new) { ++ len = strlen(new); ++ list = macro_addvar(list, new, len, val); ++ } ++ return list; ++} ++ ++static struct substvar *do_macro_removevar(struct substvar *list, ++ const char *prefix, ++ const char *name) ++{ ++ char buf[MAX_ENV_NAME + 1]; ++ char *new; ++ size_t len; ++ ++ new = set_env_name(prefix, name, buf); ++ if (new) { ++ len = strlen(new); ++ list = macro_removevar(list, new, len); ++ } ++ return list; ++} ++ ++struct substvar *addstdenv(struct substvar *sv, const char *prefix) + { + struct substvar *list = sv; + struct thread_stdenv_vars *tsv; + char numbuf[16]; +@@ -317,41 +372,42 @@ + + num = (long) tsv->uid; + ret = sprintf(numbuf, "%ld", num); + if (ret > 0) +- list = macro_addvar(list, "UID", 3, numbuf); ++ list = do_macro_addvar(list, prefix, "UID", numbuf); + num = (long) tsv->gid; + ret = sprintf(numbuf, "%ld", num); + if (ret > 0) +- list = macro_addvar(list, "GID", 3, numbuf); +- list = macro_addvar(list, "USER", 4, tsv->user); +- list = macro_addvar(list, "GROUP", 5, tsv->group); +- list = macro_addvar(list, "HOME", 4, tsv->home); ++ list = do_macro_addvar(list, prefix, "GID", numbuf); ++ list = do_macro_addvar(list, prefix, "USER", tsv->user); ++ list = do_macro_addvar(list, prefix, "GROUP", tsv->group); ++ list = do_macro_addvar(list, prefix, "HOME", tsv->home); + mv = macro_findvar(list, "HOST", 4); + if (mv) { + char *shost = strdup(mv->val); + if (shost) { + char *dot = strchr(shost, '.'); + if (dot) + *dot = '\0'; +- list = macro_addvar(list, "SHOST", 5, shost); ++ list = do_macro_addvar(list, ++ prefix, "SHOST", shost); + free(shost); + } + } + } + return list; + } + +-struct substvar *removestdenv(struct substvar *sv) ++struct substvar *removestdenv(struct substvar *sv, const char *prefix) + { + struct substvar *list = sv; + +- list = macro_removevar(list, "UID", 3); +- list = macro_removevar(list, "USER", 4); +- list = macro_removevar(list, "HOME", 4); +- list = macro_removevar(list, "GID", 3); +- list = macro_removevar(list, "GROUP", 5); +- list = macro_removevar(list, "SHOST", 5); ++ list = do_macro_removevar(list, prefix, "UID"); ++ list = do_macro_removevar(list, prefix, "USER"); ++ list = do_macro_removevar(list, prefix, "HOME"); ++ list = do_macro_removevar(list, prefix, "GID"); ++ list = do_macro_removevar(list, prefix, "GROUP"); ++ list = do_macro_removevar(list, prefix, "SHOST"); + return list; + } + + /* +--- a/modules/lookup_program.c ++++ b/modules/lookup_program.c +@@ -271,9 +271,9 @@ + */ + if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) { + struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context; + /* Add standard environment as seen by sun map parser */ +- pctxt->subst = addstdenv(pctxt->subst); ++ pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_"); + macro_setenv(pctxt->subst); + } + execl(ctxt->mapname, ctxt->mapname, name, NULL); + _exit(255); /* execl() failed */ +--- a/modules/parse_sun.c ++++ b/modules/parse_sun.c +@@ -1222,14 +1222,14 @@ + + pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state); + macro_lock(); + +- ctxt->subst = addstdenv(ctxt->subst); ++ ctxt->subst = addstdenv(ctxt->subst, NULL); + + mapent_len = expandsunent(mapent, NULL, name, ctxt->subst, slashify); + if (mapent_len == 0) { + error(ap->logopt, MODPREFIX "failed to expand map entry"); +- ctxt->subst = removestdenv(ctxt->subst); ++ ctxt->subst = removestdenv(ctxt->subst, NULL); + macro_unlock(); + pthread_setcancelstate(cur_state, NULL); + return 1; + } +@@ -1237,17 +1237,17 @@ + pmapent = alloca(mapent_len + 1); + if (!pmapent) { + char *estr = strerror_r(errno, buf, MAX_ERR_BUF); + logerr(MODPREFIX "alloca: %s", estr); +- ctxt->subst = removestdenv(ctxt->subst); ++ ctxt->subst = removestdenv(ctxt->subst, NULL); + macro_unlock(); + pthread_setcancelstate(cur_state, NULL); + return 1; + } + pmapent[mapent_len] = '\0'; + + expandsunent(mapent, pmapent, name, ctxt->subst, slashify); +- ctxt->subst = removestdenv(ctxt->subst); ++ ctxt->subst = removestdenv(ctxt->subst, NULL); + + macro_unlock(); + pthread_setcancelstate(cur_state, NULL); + diff -Nru autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch --- autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch 1970-01-01 01:00:00.000000000 +0100 +++ autofs-5.0.8/debian/patches/CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch 2015-03-19 08:39:07.000000000 +0100 @@ -0,0 +1,174 @@ +Description: add config option to force use of program map stdvars + Enabling the extended environment (including $HOME, for example) for + program maps opens automount(8) to a privilege escalation. + . + Rather than just removing the entended environment a configuration + option is added to disable it by default so that those who wish to + use it can do so if they wish. +Origin: vendor +Author: Ian Kent <ik...@redhat.com> +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2015-02-28 +--- +--- a/include/defaults.h ++++ b/include/defaults.h +@@ -27,8 +27,9 @@ + #define DEFAULT_MOUNT_WAIT -1 + #define DEFAULT_UMOUNT_WAIT 12 + #define DEFAULT_BROWSE_MODE 1 + #define DEFAULT_LOGGING 0 ++#define DEFAULT_FORCE_STD_PROG_MAP_ENV 0 + + #define DEFAULT_LDAP_TIMEOUT -1 + #define DEFAULT_LDAP_NETWORK_TIMEOUT 8 + +@@ -61,8 +62,9 @@ + unsigned int defaults_get_timeout(void); + unsigned int defaults_get_negative_timeout(void); + unsigned int defaults_get_browse_mode(void); + unsigned int defaults_get_logging(void); ++unsigned int defaults_force_std_prog_map_env(void); + const char *defaults_get_ldap_server(void); + unsigned int defaults_get_ldap_timeout(void); + unsigned int defaults_get_ldap_network_timeout(void); + unsigned int defaults_get_mount_nfs_default_proto(void); +--- a/lib/defaults.c ++++ b/lib/defaults.c +@@ -34,8 +34,9 @@ + #define ENV_NAME_TIMEOUT "TIMEOUT" + #define ENV_NAME_NEGATIVE_TIMEOUT "NEGATIVE_TIMEOUT" + #define ENV_NAME_BROWSE_MODE "BROWSE_MODE" + #define ENV_NAME_LOGGING "LOGGING" ++#define ENV_NAME_FORCE_STD_PROG_MAP_ENV "FORCE_STANDARD_PROGRAM_MAP_ENV" + + #define LDAP_URI "LDAP_URI" + #define ENV_LDAP_TIMEOUT "LDAP_TIMEOUT" + #define ENV_LDAP_NETWORK_TIMEOUT "LDAP_NETWORK_TIMEOUT" +@@ -518,8 +519,9 @@ + check_set_config_value(key, ENV_NAME_TIMEOUT, value, to_syslog) || + check_set_config_value(key, ENV_NAME_NEGATIVE_TIMEOUT, value, to_syslog) || + check_set_config_value(key, ENV_NAME_BROWSE_MODE, value, to_syslog) || + check_set_config_value(key, ENV_NAME_LOGGING, value, to_syslog) || ++ check_set_config_value(key, ENV_NAME_FORCE_STD_PROG_MAP_ENV, value, to_syslog) || + check_set_config_value(key, ENV_LDAP_TIMEOUT, value, to_syslog) || + check_set_config_value(key, ENV_LDAP_NETWORK_TIMEOUT, value, to_syslog) || + check_set_config_value(key, ENV_NAME_MAP_OBJ_CLASS, value, to_syslog) || + check_set_config_value(key, ENV_NAME_ENTRY_OBJ_CLASS, value, to_syslog) || +@@ -628,8 +630,19 @@ + + return logging; + } + ++unsigned int defaults_force_std_prog_map_env(void) ++{ ++ int res; ++ ++ res = get_env_yesno(ENV_NAME_FORCE_STD_PROG_MAP_ENV); ++ if (res < 0) ++ res = DEFAULT_FORCE_STD_PROG_MAP_ENV; ++ ++ return res; ++} ++ + unsigned int defaults_get_ldap_timeout(void) + { + int res; + +--- a/man/autofs.5 ++++ b/man/autofs.5 +@@ -173,8 +173,13 @@ + SHOST Short hostname (domain part removed if present) + .fi + .RE + .sp ++If a program map is used these standard environment variables will have ++a prefix of "AUTOFS_" to prevent interpreted languages like python from ++being able to load and execute arbitray code from a user home directory. ++.RE ++.sp + Additional entries can be defined with the -Dvariable=Value map-option to + .BR automount (8). + .SS Executable Maps + A map can be marked as executable. A +--- a/modules/lookup_program.c ++++ b/modules/lookup_program.c +@@ -131,8 +131,9 @@ + int quoted = 0; + int ret = 1; + int distance; + int alloci = 1; ++ char *prefix; + + source = ap->entry->current; + ap->entry->current = NULL; + master_source_current_signal(ap->entry); +@@ -264,16 +265,27 @@ + if (chdir(ap->path)) + warn(ap->logopt, + MODPREFIX "failed to set PWD to %s for map %s", + ap->path, ctxt->mapname); ++ ++ /* ++ * By default use a prefix with standard environment ++ * variables to prevent system subversion by interpreted ++ * languages. ++ */ ++ if (defaults_force_std_prog_map_env()) ++ prefix = NULL; ++ else ++ prefix = "AUTOFS_"; ++ + /* + * MAPFMT_DEFAULT must be "sun" for ->parse_init() to have setup + * the macro table. + */ + if (ctxt->mapfmt && strcmp(ctxt->mapfmt, "MAPFMT_DEFAULT")) { + struct parse_context *pctxt = (struct parse_context *) ctxt->parse->context; + /* Add standard environment as seen by sun map parser */ +- pctxt->subst = addstdenv(pctxt->subst, "AUTOFS_"); ++ pctxt->subst = addstdenv(pctxt->subst, prefix); + macro_setenv(pctxt->subst); + } + execl(ctxt->mapname, ctxt->mapname, name, NULL); + _exit(255); /* execl() failed */ +--- a/samples/autofs.conf.default.in ++++ b/samples/autofs.conf.default.in +@@ -79,8 +79,19 @@ + # LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8). + # + #LDAP_NETWORK_TIMEOUT=8 + # ++# FORCE_STANDARD_PROGRAM_MAP_ENV - disable the use of the "AUTOFS_" ++# prefix for standard environment variables when ++# executing a program map. Since program maps ++# are run as the privileded user this opens ++# automount(8) to potential user privilege ++# escalation when the program map is written ++# in a language that can load components from, ++# for example, a user home directory. ++# ++#FORCE_STANDARD_PROGRAM_MAP_ENV="no" ++# + # Define base dn for map dn lookup. + # + # SEARCH_BASE - base dn to use for searching for map search dn. + # Multiple entries can be given and they are checked +--- a/man/auto.master.5.in ++++ b/man/auto.master.5.in +@@ -249,8 +249,16 @@ + options replace the global options (program default "yes", append options). + .TP + .B LOGGING + set default log level "none", "verbose" or "debug" (program default "none"). ++.TP ++.B FORCE_STANDARD_PROGRAM_MAP_ENV ++override the use of a prefix with standard environment variables when a ++program map is executed. Since program maps are run as the privileded ++user setting these standard environment variables opens automount(8) to ++potential user privilege escalation when the program map is written in a ++language that can load components from, for example, a user home directory ++(program default "no"). + .SH BUILTIN MAP -hosts + If "-hosts" is given as the map then accessing a key under the mount point + which corresponds to a hostname will allow access to the exports of that + host. The hosts map cannot be dynamically updated and requires a HUP signal diff -Nru autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch --- autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch 2014-03-07 05:16:07.000000000 +0100 +++ autofs-5.0.8/debian/patches/default-autofs-remove-USE_MISC_DEVICE.patch 2015-03-19 08:41:02.000000000 +0100 @@ -8,7 +8,7 @@ --- a/samples/autofs.conf.default.in +++ b/samples/autofs.conf.default.in -@@ -127,11 +127,6 @@ +@@ -138,11 +138,6 @@ #MAP_HASH_TABLE_SIZE=1024 # # General global options diff -Nru autofs-5.0.8/debian/patches/filagdir.patch autofs-5.0.8/debian/patches/filagdir.patch --- autofs-5.0.8/debian/patches/filagdir.patch 2012-08-21 08:50:26.000000000 +0200 +++ autofs-5.0.8/debian/patches/filagdir.patch 2015-03-19 08:39:09.000000000 +0100 @@ -5,7 +5,8 @@ --- a/configure.in +++ b/configure.in -@@ -114,7 +114,7 @@ +@@ -113,9 +113,9 @@ + if test -z "$withval" -o "$withval" = "yes" -o "$withval" = "no" then : else @@ -14,3 +15,4 @@ fi ) AC_MSG_CHECKING([for autofs flag file directory]) + AC_MSG_RESULT([$flagdir]) diff -Nru autofs-5.0.8/debian/patches/manpages-hyphen.patch autofs-5.0.8/debian/patches/manpages-hyphen.patch --- autofs-5.0.8/debian/patches/manpages-hyphen.patch 2014-03-07 05:16:07.000000000 +0100 +++ autofs-5.0.8/debian/patches/manpages-hyphen.patch 2015-03-19 08:50:27.000000000 +0100 @@ -97,9 +97,9 @@ .RE .sp autofs provides additional variables that are set based on the -@@ -173,9 +173,9 @@ - SHOST Short hostname (domain part removed if present) - .fi +@@ -178,9 +178,9 @@ + a prefix of "AUTOFS_" to prevent interpreted languages like python from + being able to load and execute arbitray code from a user home directory. .RE .sp -Additional entries can be defined with the -Dvariable=Value map-option to @@ -110,11 +110,11 @@ .B program --- a/man/auto.master.5.in +++ b/man/auto.master.5.in -@@ -249,19 +249,19 @@ - options replace the global options (program default "yes", append options). - .TP - .B LOGGING - set default log level "none", "verbose" or "debug" (program default "none"). +@@ -257,19 +257,19 @@ + user setting these standard environment variables opens automount(8) to + potential user privilege escalation when the program map is written in a + language that can load components from, for example, a user home directory + (program default "no"). -.SH BUILTIN MAP -hosts -If "-hosts" is given as the map then accessing a key under the mount point +.SH BUILTIN MAP \-hosts diff -Nru autofs-5.0.8/debian/patches/manpages.patch autofs-5.0.8/debian/patches/manpages.patch --- autofs-5.0.8/debian/patches/manpages.patch 2014-03-07 05:16:07.000000000 +0100 +++ autofs-5.0.8/debian/patches/manpages.patch 2015-03-19 08:39:23.000000000 +0100 @@ -5,7 +5,7 @@ --- a/man/auto.master.5.in +++ b/man/auto.master.5.in -@@ -321,9 +321,9 @@ +@@ -329,9 +329,9 @@ .B LDAP_NETWORK_TIMEOUT Set the network response timeout (default 8). .TP @@ -16,7 +16,7 @@ Map entries that include a server name override this option and it is then not used. Default is an empty list in which case either the server given in a map entry or the LDAP configured default is used. This uri list is read at -@@ -453,6 +453,6 @@ +@@ -461,6 +461,6 @@ .BR autofs (8). .BR autofs_ldap_auth.conf (5) .SH AUTHOR diff -Nru autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch --- autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch 2014-03-07 05:16:07.000000000 +0100 +++ autofs-5.0.8/debian/patches/remove-kernel-mount.nfs-version-check.patch 2015-03-19 09:11:11.000000000 +0100 @@ -72,8 +72,8 @@ -int check_nfs_mount_version(struct nfs_mount_vers *, struct nfs_mount_vers *); -extern unsigned int nfs_mount_uses_string_options; - struct substvar *addstdenv(struct substvar *sv); - struct substvar *removestdenv(struct substvar *sv); + struct substvar *addstdenv(struct substvar *sv, const char *prefix); + struct substvar *removestdenv(struct substvar *sv, const char *prefix); --- a/modules/replicated.c +++ b/modules/replicated.c @@ -93,7 +93,7 @@ if (!this || !this->next) --- a/lib/mounts.c +++ b/lib/mounts.c -@@ -163,8 +163,9 @@ +@@ -164,8 +164,9 @@ { return kver.minor; } @@ -103,13 +103,13 @@ static int extract_version(char *start, struct nfs_mount_vers *vers) { char *s_ver = strchr(start, ' '); -@@ -301,8 +302,9 @@ +@@ -302,8 +303,9 @@ { return 0; } #endif +#endif - struct substvar *addstdenv(struct substvar *sv) + static char *set_env_name(const char *prefix, const char *name, char *buf) { - struct substvar *list = sv; + size_t len; diff -Nru autofs-5.0.8/debian/patches/series autofs-5.0.8/debian/patches/series --- autofs-5.0.8/debian/patches/series 2014-03-07 05:16:07.000000000 +0100 +++ autofs-5.0.8/debian/patches/series 2015-03-19 08:36:02.000000000 +0100 @@ -1,4 +1,8 @@ # +# CVE-2014-8169 +CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch +CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch +# # bugfixes forwarded to upstream filagdir.patch # -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org