commit autofs for openSUSE:Factory

31 Aug 2012

Hello community,

here is the log from the commit of package autofs for openSUSE:Factory checked in at 2012-08-31 09:13:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/autofs (Old)
 and      /work/SRC/openSUSE:Factory/.autofs.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "autofs", Maintainer is "MSzeredi@novell.com"

Changes:
--------

--- /work/SRC/openSUSE:Factory/autofs/autofs.changes	2012-07-30 20:12:32.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.autofs.new/autofs.changes	2012-08-31 09:13:45.000000000 +0200
@@ -1,0 +2,13 @@
+Tue Aug 28 17:55:46 UTC 2012 - lchiquitto@suse.com
+
+- autofs-5.0.7-fix-use-devid-after-free.patch: fix use cache entry
+  after free in lookup_prune_one_cache() (bnc#774241)
+
+-------------------------------------------------------------------
+Tue Aug 28 17:54:24 UTC 2012 - lchiquitto@suse.com
+
+- autofs-5.0.7-fix-parse-buffer-initialization.patch: fix parse
+  buffer initialization to avoid corruption in the map file name
+  string (bnc#777709)
+
+-------------------------------------------------------------------

New:
----
  autofs-5.0.7-fix-parse-buffer-initialization.patch
  autofs-5.0.7-fix-use-devid-after-free.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ autofs.spec ++++++
--- /var/tmp/diff_new_pack.9sfZ3M/_old	2012-08-31 09:13:50.000000000 +0200
+++ /var/tmp/diff_new_pack.9sfZ3M/_new	2012-08-31 09:13:50.000000000 +0200
@@ -55,12 +55,19 @@
 # Upstream patches that will be in the next release
 #%define patchdate 20120716
 #Patch0:         autofs-%{version}-upstream-patches-%{patchdate}.bz2
+# PATCH-FIX-OPENSUSE autofs-5.0.6-revert-fix-libtirpc-name-clash.patch
 Patch1:         autofs-5.0.6-revert-fix-libtirpc-name-clash.patch
-# Patches submitted upstream but not yet accepted
+# PATCH-FIX-UPSTREAM autofs-5.0.7-fix-parse-buffer-initialization.patch [bnc#777709]
+Patch2:         autofs-5.0.7-fix-parse-buffer-initialization.patch
+# PATCH-FIX-UPSTREAM autofs-5.0.7-fix-use-devid-after-free.patch [bnc#774241]
+Patch3:         autofs-5.0.7-fix-use-devid-after-free.patch
+# PATCH-FIX-UPSTREAM autofs-5.0.6-invalid-ghost-dirs.patch [bnc#658734]
 Patch80:        autofs-5.0.6-invalid-ghost-dirs.patch
+# PATCH-FIX-UPSTREAM autofs-5.0.6-task-use-after-free.patch [bnc#727392]
 Patch82:        autofs-5.0.6-task-use-after-free.patch
-# SUSE specific patches
+# PATCH-FIX-OPENSUSE autofs-suse-auto_master_default.patch
 Patch100:       autofs-suse-auto_master_default.patch
+# PATCH-FIX-OPENSUSE autofs-suse-build.patch
 Patch101:       autofs-suse-build.patch
 Requires(pre):  %fillup_prereq
 Requires(pre):  %insserv_prereq
@@ -84,6 +91,8 @@
 #
 #%patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 %patch80 -p1
 %patch82 -p1
 %patch100 -p1

++++++ autofs-5.0.7-fix-parse-buffer-initialization.patch ++++++
autofs-5.0.7 - fix parse buffer initialization

From: Ian Kent <ikent@redhat.com>

When parsing a master map entry, if the mount point path is longer than
the following map string the lexical analyzer buffer may not have a null
terminator where it is expected. If the map name string also contains a
string that is the same as a map type at the end the map name the map
name is not constructed correctly because of this lack of a string
terminator in the buffer.
---

 CHANGELOG        |    1 +
 lib/master_tok.l |    4 +++-
 2 files changed, 4 insertions(+), 1 deletions(-)

Index: autofs-5.0.7/lib/master_tok.l
===================================================================
--- autofs-5.0.7.orig/lib/master_tok.l
+++ autofs-5.0.7/lib/master_tok.l
@@ -74,7 +74,8 @@ int my_yyinput(char *, int);
 #define unput(c) (*(char *) --line = c)
 #endif
 
-char buff[1024];
+#define BUFF_LEN	1024
+char buff[BUFF_LEN];
 char *bptr;
 char *optr = buff;
 unsigned int tlen;
@@ -174,6 +175,7 @@ OPTNTOUT	(-n{OPTWS}|-n{OPTWS}={OPTWS}|--
 		*bptr = '\0';
 		strcpy(master_lval.strtype, buff);
 		bptr = buff;
+		memset(buff, 0, BUFF_LEN);
 		return(PATH);
 	}
 
++++++ autofs-5.0.7-fix-use-devid-after-free.patch ++++++
From: Ian Kent <ikent@redhat.com>
Subject: fix use devid after free
References: bnc#774241

Fix an obvious use after free mistake in lookup_prune_one_cache().

---
 daemon/lookup.c |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

Index: autofs-5.0.7/daemon/lookup.c
===================================================================
--- autofs-5.0.7.orig/daemon/lookup.c
+++ autofs-5.0.7/daemon/lookup.c
@@ -1103,15 +1103,18 @@ void lookup_prune_one_cache(struct autof
 		if (valid)
 			cache_delete(mc, key);
 		else if (!is_mounted(_PROC_MOUNTS, path, MNTS_AUTOFS)) {
+			dev_t devid = ap->dev;
 			status = CHE_FAIL;
+			if (ap->type == LKP_DIRECT)
+				devid = this->dev;
 			if (this->ioctlfd == -1)
 				status = cache_delete(mc, key);
 			if (status != CHE_FAIL) {
 				if (ap->type == LKP_INDIRECT) {
 					if (ap->flags & MOUNT_FLAG_GHOST)
-						rmdir_path(ap, path, ap->dev);
+						rmdir_path(ap, path, devid);
 				} else
-					rmdir_path(ap, path, this->dev);
+					rmdir_path(ap, path, devid);
 			}
 		}
 		cache_unlock(mc);
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠hilbert.suse.de

tags

participants (1)