[ Salvatore Bonaccorso <carnil@debian.org> ] * Add patches for CVE-2014-8169 (Closes: #779591). When a program map uses an interpreted languages like python it is possible to load and execute arbitray code from a user home directory. This is because the standard environment variables are used to locate and load modules when using these languages. To avoid that, a prefix to these environment names is added so that they aren't used for this purpose. The prefix used is "AUTOFS_" and is not configurable. Additionally a configuration option to force the use of program map standard environment variables is added (FORCE_STANDARD_PROGRAM_MAP_ENV).
[ Dmitry Smirnov <onlyjob@debian.org> ] * Refreshed other patches as needed.