Package: autofs / 5.0.8-2+deb8u1

Metadata

Package Version Patches format
autofs 5.0.8-2+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2014 8169 add a prefix to program map stdvars.patch | (download)

include/mounts.h | 4 2 + 2 - 0 !
lib/mounts.c | 84 70 + 14 - 0 !
modules/lookup_program.c | 2 1 + 1 - 0 !
modules/parse_sun.c | 8 4 + 4 - 0 !
4 files changed, 77 insertions(+), 21 deletions(-)

 add a prefix to program map stdvars
 When a program map uses an interpreted languages like python it is
 possible to load and execute arbitrary code from a user home directory.
 This is because the standard environment variables are used to locate
 and load modules when using these languages. (CVE-2014-8169)
 .
 To avoid that we need to add a prefix to these environment names so
 they aren't used for this purpose. The prefix used is "AUTOFS_" and
 is not configurable.
CVE 2014 8169 add config option to force use of program map stdvars.patch | (download)

include/defaults.h | 2 2 + 0 - 0 !
lib/defaults.c | 13 13 + 0 - 0 !
man/auto.master.5.in | 8 8 + 0 - 0 !
man/autofs.5 | 5 5 + 0 - 0 !
modules/lookup_program.c | 14 13 + 1 - 0 !
samples/autofs.conf.default.in | 11 11 + 0 - 0 !
6 files changed, 52 insertions(+), 1 deletion(-)

  add config option to force use of program map stdvars
 Enabling the extended environment (including $HOME, for example) for
 program maps opens automount(8) to a privilege escalation.
 .
 Rather than just removing the entended environment a configuration
 option is added to disable it by default so that those who wish to
 use it can do so if they wish.
filagdir.patch | (download)

configure.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix --with-flagdir in configure.in
11default_automaster_location.patch | (download)

samples/autofs.conf.default.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---
12disable_default_auto_master.patch | (download)

samples/auto.master | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---
14avoid_sock_cloexec.patch | (download)

include/automount.h | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

---
15auto_net_nfs4.patch | (download)

samples/auto.net | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

---
manpages.patch | (download)

man/auto.master.5.in | 4 2 + 2 - 0 !
man/autofs.8.in | 6 3 + 3 - 0 !
man/automount.8 | 2 1 + 1 - 0 !
3 files changed, 6 insertions(+), 6 deletions(-)

 correct spelling errors in man pages


manpages hyphen.patch | (download)

man/auto.master.5.in | 6 3 + 3 - 0 !
man/autofs.5 | 38 19 + 19 - 0 !
2 files changed, 22 insertions(+), 22 deletions(-)

 minor lintianisation patch for w:'hyphen-used-as-minus-sign'


default autofs remove USE_MISC_DEVICE.patch | (download)

samples/autofs.conf.default.in | 5 0 + 5 - 0 !
1 file changed, 5 deletions(-)

 remove references to (now unused) use_misc_device from autofs.conf.default

This will also make the last portion of the file saner, since USE_MISC_DEVICE
there is inside description of another variable.


do not check for modprobe procfs or load module.patch | (download)

configure.in | 6 0 + 6 - 0 !
daemon/module.c | 3 3 + 0 - 0 !
include/automount.h | 11 3 + 8 - 0 !
3 files changed, 6 insertions(+), 14 deletions(-)

 do not check for modprobe or procfs or load module
link daemon with lpthread.patch | (download)

daemon/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 link daemon with -pthread
fix ldflags.patch | (download)

Makefile.rules | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 avoid dropping ldflags to fix "hardening-no-relro"


remove kernel mount.nfs version check.patch | (download)

daemon/automount.c | 7 0 + 7 - 0 !
include/mounts.h | 7 0 + 7 - 0 !
lib/mounts.c | 2 2 + 0 - 0 !
modules/replicated.c | 5 2 + 3 - 0 !
4 files changed, 4 insertions(+), 17 deletions(-)

 remove kernel and mount.nfs version check
autofs 5.0.8 remove macro debug prints.patch | (download)

lib/macros.c | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

 [patch] autofs-5.0.8 - remove macro debug prints

Remove a couple of missed debugging prints from macro_setenv();