Hello community, here is the log from the commit of package autofs for openSUSE:Factory checked in at 2012-08-31 09:13:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/autofs (Old) and /work/SRC/openSUSE:Factory/.autofs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "autofs", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/autofs/autofs.changes 2012-07-30 20:12:32.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.autofs.new/autofs.changes 2012-08-31 09:13:45.000000000 +0200 @@ -1,0 +2,13 @@ +Tue Aug 28 17:55:46 UTC 2012 - [email protected] + +- autofs-5.0.7-fix-use-devid-after-free.patch: fix use cache entry + after free in lookup_prune_one_cache() (bnc#774241) + +------------------------------------------------------------------- +Tue Aug 28 17:54:24 UTC 2012 - [email protected] + +- autofs-5.0.7-fix-parse-buffer-initialization.patch: fix parse + buffer initialization to avoid corruption in the map file name + string (bnc#777709) + +------------------------------------------------------------------- New: ---- autofs-5.0.7-fix-parse-buffer-initialization.patch autofs-5.0.7-fix-use-devid-after-free.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ autofs.spec ++++++ --- /var/tmp/diff_new_pack.9sfZ3M/_old 2012-08-31 09:13:50.000000000 +0200 +++ /var/tmp/diff_new_pack.9sfZ3M/_new 2012-08-31 09:13:50.000000000 +0200 @@ -55,12 +55,19 @@ # Upstream patches that will be in the next release #%define patchdate 20120716 #Patch0: autofs-%{version}-upstream-patches-%{patchdate}.bz2 +# PATCH-FIX-OPENSUSE autofs-5.0.6-revert-fix-libtirpc-name-clash.patch Patch1: autofs-5.0.6-revert-fix-libtirpc-name-clash.patch -# Patches submitted upstream but not yet accepted +# PATCH-FIX-UPSTREAM autofs-5.0.7-fix-parse-buffer-initialization.patch [bnc#777709] +Patch2: autofs-5.0.7-fix-parse-buffer-initialization.patch +# PATCH-FIX-UPSTREAM autofs-5.0.7-fix-use-devid-after-free.patch [bnc#774241] +Patch3: autofs-5.0.7-fix-use-devid-after-free.patch +# PATCH-FIX-UPSTREAM autofs-5.0.6-invalid-ghost-dirs.patch [bnc#658734] Patch80: autofs-5.0.6-invalid-ghost-dirs.patch +# PATCH-FIX-UPSTREAM autofs-5.0.6-task-use-after-free.patch [bnc#727392] Patch82: autofs-5.0.6-task-use-after-free.patch -# SUSE specific patches +# PATCH-FIX-OPENSUSE autofs-suse-auto_master_default.patch Patch100: autofs-suse-auto_master_default.patch +# PATCH-FIX-OPENSUSE autofs-suse-build.patch Patch101: autofs-suse-build.patch Requires(pre): %fillup_prereq Requires(pre): %insserv_prereq @@ -84,6 +91,8 @@ # #%patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %patch80 -p1 %patch82 -p1 %patch100 -p1 ++++++ autofs-5.0.7-fix-parse-buffer-initialization.patch ++++++ autofs-5.0.7 - fix parse buffer initialization From: Ian Kent <[email protected]> When parsing a master map entry, if the mount point path is longer than the following map string the lexical analyzer buffer may not have a null terminator where it is expected. If the map name string also contains a string that is the same as a map type at the end the map name the map name is not constructed correctly because of this lack of a string terminator in the buffer. --- CHANGELOG | 1 + lib/master_tok.l | 4 +++- 2 files changed, 4 insertions(+), 1 deletions(-) Index: autofs-5.0.7/lib/master_tok.l =================================================================== --- autofs-5.0.7.orig/lib/master_tok.l +++ autofs-5.0.7/lib/master_tok.l @@ -74,7 +74,8 @@ int my_yyinput(char *, int); #define unput(c) (*(char *) --line = c) #endif -char buff[1024]; +#define BUFF_LEN 1024 +char buff[BUFF_LEN]; char *bptr; char *optr = buff; unsigned int tlen; @@ -174,6 +175,7 @@ OPTNTOUT (-n{OPTWS}|-n{OPTWS}={OPTWS}|-- *bptr = '\0'; strcpy(master_lval.strtype, buff); bptr = buff; + memset(buff, 0, BUFF_LEN); return(PATH); } ++++++ autofs-5.0.7-fix-use-devid-after-free.patch ++++++ From: Ian Kent <[email protected]> Subject: fix use devid after free References: bnc#774241 Fix an obvious use after free mistake in lookup_prune_one_cache(). --- daemon/lookup.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-) Index: autofs-5.0.7/daemon/lookup.c =================================================================== --- autofs-5.0.7.orig/daemon/lookup.c +++ autofs-5.0.7/daemon/lookup.c @@ -1103,15 +1103,18 @@ void lookup_prune_one_cache(struct autof if (valid) cache_delete(mc, key); else if (!is_mounted(_PROC_MOUNTS, path, MNTS_AUTOFS)) { + dev_t devid = ap->dev; status = CHE_FAIL; + if (ap->type == LKP_DIRECT) + devid = this->dev; if (this->ioctlfd == -1) status = cache_delete(mc, key); if (status != CHE_FAIL) { if (ap->type == LKP_INDIRECT) { if (ap->flags & MOUNT_FLAG_GHOST) - rmdir_path(ap, path, ap->dev); + rmdir_path(ap, path, devid); } else - rmdir_path(ap, path, this->dev); + rmdir_path(ap, path, devid); } } cache_unlock(mc); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
