--- afuse-0.2.orig/debian/changelog
+++ afuse-0.2/debian/changelog
@@ -0,0 +1,53 @@
+afuse (0.2-3) unstable; urgency=high
+
+  * Security fix for CVE-2008-2232: Add afuse-template-tokenize.diff patch
+    to fix potential privilege escalation caused by unescaped
+    meta-characters in path. Thanks to Anders Kaseorg for the
+    patch. (Closes: #490921)
+  * Bump Standards-Version to 3.8.0
+
+ -- Varun Hiremath <varun@debian.org>  Wed, 16 Jul 2008 00:06:59 +0530
+
+afuse (0.2-2) unstable; urgency=low
+
+  * Add patches/timeout.diff to fix auto-unmount bug which had made afuse
+    extremely slow, thanks to Jeremy Maitin-Shepard (Closes: #470038)
+
+ -- Varun Hiremath <varun@debian.org>  Fri, 14 Mar 2008 10:57:55 +0530
+
+afuse (0.2-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Varun Hiremath <varun@debian.org>  Sat, 01 Mar 2008 22:05:03 +0530
+
+afuse (0.1.1-3) unstable; urgency=low
+
+  * debian/control:
+    + Add Homepage header and replace XS-Vcs with Vcs
+    + Bump up Standards-Version to 3.7.3
+    + Build-Depend on debhelper >= 6
+  * debian/cmpat: Bump to 6
+  * Fix hyphens used as minus sign in manpage
+
+ -- Varun Hiremath <varun@debian.org>  Sat, 19 Jan 2008 01:30:17 +0530
+
+afuse (0.1.1-2) unstable; urgency=low
+
+  [ Torsten Werner ]
+  * Add myself to Uploaders.
+
+  [ Varun Hiremath ]
+  * Fix manpage (Closes: #420705)
+
+ -- Varun Hiremath <varunhiremath@gmail.com>  Tue, 24 Apr 2007 15:02:21 +0530
+
+afuse (0.1.1-1) unstable; urgency=low
+
+  [ Varun Hiremath ]
+  * Initial release (Closes: #386777)
+
+  [ Torsten Werner ]
+  * Add XS-X-Vcs-Svn header in debian/control.
+
+ -- Torsten Werner <twerner@debian.org>  Thu, 19 Oct 2006 22:26:48 +0200
--- afuse-0.2.orig/debian/control
+++ afuse-0.2/debian/control
@@ -0,0 +1,17 @@
+Source: afuse
+Section: utils
+Priority: optional
+Maintainer: Varun Hiremath <varun@debian.org>
+Uploaders: Torsten Werner <twerner@debian.org>
+Build-Depends: debhelper (>= 6), cdbs, pkg-config, libfuse-dev, quilt
+Standards-Version: 3.8.0
+Homepage: http://sourceforge.net/projects/afuse/
+Vcs-Svn: https://bollin.googlecode.com/svn/afuse/
+Vcs-Browser: http://bollin.googlecode.com/svn/afuse/
+
+Package: afuse
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: automounting file system implemented in user-space using FUSE
+ Afuse is a FUSE based filesystem which implements filesystem automounting 
+ functionality similar to Linux's autofs.
--- afuse-0.2.orig/debian/afuse.1
+++ afuse-0.2/debian/afuse.1
@@ -0,0 +1,95 @@
+.TH AFUSE 1 "October 12, 2006"
+.SH NAME
+AFUSE \- automounting file system implemented in user-space using FUSE
+.SH DESCRIPTION
+usage: afuse mountpoint [options]
+.SS "general options:"
+.TP
+\fB\-o\fR opt,[opt...]
+mount options
+.TP
+\fB\-h\fR   \fB\-\-help\fR
+print help
+.TP
+\fB\-V\fR   \fB\-\-version\fR
+print FUSE version information
+.SS "AFUSE options:"
+.TP
+\fB\-o\fR \fB\ mount_template=CMD\fR
+template for CMD to execute to mount (*)
+.TP
+\fB\-o\fR \fB\ unmount_template=CMD\fR
+template for CMD to execute to unmount (*) (**)
+.TP
+(*) - When executed, %r and %m are expanded in templates to the root
+directory name for the new mount point, and the actual directory to
+mount onto respectively to mount onto. Both templates are REQUIRED.
+.TP
+(**)- The unmount command must perform a lazy unmount operation. E.g. the
+\-u \-z options to fusermount, or \-l for regular mount.
+.SS "FUSE options:"
+.TP
+\fB\-d\fR   \fB\-o\fR debug
+enable debug output (implies \fB\-f\fR)
+.TP
+\fB\-f\fR
+foreground operation
+.TP
+\fB\-s\fR
+disable multi\-threaded operation
+.TP
+\fB\-o\fR allow_other
+allow access to other users
+.TP
+\fB\-o\fR allow_root
+allow access to root
+.TP
+\fB\-o\fR nonempty
+allow mounts over non\-empty file/dir
+.HP
+\fB\-o\fR default_permissions enable permission checking by kernel
+.TP
+\fB\-o\fR fsname=NAME
+set filesystem name
+.TP
+\fB\-o\fR large_read
+issue large read requests (2.4 only)
+.TP
+\fB\-o\fR max_read=N
+set maximum size of read requests
+.TP
+\fB\-o\fR hard_remove
+immediate removal (don't hide files)
+.TP
+\fB\-o\fR use_ino
+let filesystem set inode numbers
+.TP
+\fB\-o\fR readdir_ino
+try to fill in d_ino in readdir
+.TP
+\fB\-o\fR direct_io
+use direct I/O
+.TP
+\fB\-o\fR kernel_cache
+cache files in kernel
+.TP
+\fB\-o\fR umask=M
+set file permissions (octal)
+.TP
+\fB\-o\fR uid=N
+set file owner
+.TP
+\fB\-o\fR gid=N
+set file group
+.TP
+\fB\-o\fR entry_timeout=T
+cache timeout for names (1.0s)
+.TP
+\fB\-o\fR negative_timeout=T
+cache timeout for deleted names (0.0s)
+.TP
+\fB\-o\fR attr_timeout=T
+cache timeout for attributes (1.0s)
+.SH AUTHOR
+This manual page was written by Varun Hiremath <varunhiremath@gmail.com>,
+for the Debian project (but may be used by others).
--- afuse-0.2.orig/debian/compat
+++ afuse-0.2/debian/compat
@@ -0,0 +1 @@
+6
--- afuse-0.2.orig/debian/watch
+++ afuse-0.2/debian/watch
@@ -0,0 +1,2 @@
+version=3
+http://sf.net/afuse/afuse-(.*)\.tar\.gz
\ No newline at end of file
--- afuse-0.2.orig/debian/copyright
+++ afuse-0.2/debian/copyright
@@ -0,0 +1,48 @@
+This package was debianized by Varun Hiremath <varunhiremath@gmail.com> on
+Thu, 12 Oct 2006 23:01:02 +0530.
+
+It was downloaded from <http://sourceforge.net/projects/afuse/>
+
+Upstream Authors:
+    Jacob Bower <jacob.bower@ic.ac.uk>
+    Miklos Szeredi <miklos@szeredi.hu>
+
+Copyright: (C) 2006 Jacob Bower <jacob.bower@ic.ac.uk>
+           (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu>
+
+License:
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    On Debian systems, you can find the GPL license in:
+    /usr/share/common-licenses/GPL
+
+----
+
+compat/fuse_opt.c and compat/fuse_opt.h are copyright 
+(C) 2001-2006  Miklos Szeredi <miklos@szeredi.hu>
+and are licensed as follows: 
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Library General Public
+    License as published by the Free Software Foundation; either
+    version 2 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Library General Public License for more details.
+
+    On Debian systems, you can find the Library GPL license in:
+    /usr/share/common-licenses/LGPL-2
+
+The Debian packaging is (C) 2006, Varun Hiremath <varunhiremath@gmail.com> and
+is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
--- afuse-0.2.orig/debian/docs
+++ afuse-0.2/debian/docs
@@ -0,0 +1 @@
+README
--- afuse-0.2.orig/debian/rules
+++ afuse-0.2/debian/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+include /usr/share/cdbs/1/rules/patchsys-quilt.mk
+
+get-orig-source:
+	-uscan --upstream-version 0 --rename
--- afuse-0.2.orig/debian/manpages
+++ afuse-0.2/debian/manpages
@@ -0,0 +1 @@
+debian/afuse.1
--- afuse-0.2.orig/debian/patches/timeout.diff
+++ afuse-0.2/debian/patches/timeout.diff
@@ -0,0 +1,14 @@
+Index: afuse-0.2/src/afuse.c
+===================================================================
+--- afuse-0.2.orig/src/afuse.c	2008-02-19 03:46:32.000000000 +0530
++++ afuse-0.2/src/afuse.c	2008-03-14 10:54:58.000000000 +0530
+@@ -1504,7 +1504,8 @@
+ 	fuse_opt_add_arg(&args, "-s");
+ 
+ 	// Adjust user specified timeout from seconds to microseconds as required
+-	user_options.auto_unmount_delay *= 1000000;
++	if(user_options.auto_unmount_delay != UINT64_MAX)
++	    user_options.auto_unmount_delay *= 1000000;
+ 
+ 	auto_unmount_ph_init(&auto_unmount_ph);
+ 
--- afuse-0.2.orig/debian/patches/series
+++ afuse-0.2/debian/patches/series
@@ -0,0 +1,2 @@
+timeout.diff
+afuse-template-tokenize.diff
--- afuse-0.2.orig/debian/patches/afuse-template-tokenize.diff
+++ afuse-0.2/debian/patches/afuse-template-tokenize.diff
@@ -0,0 +1,212 @@
+diff -urN afuse-0.2.orig/src/afuse.c afuse-0.2/src/afuse.c
+--- afuse-0.2.orig/src/afuse.c	2008-07-14 00:55:20.000000000 +0530
++++ afuse-0.2/src/afuse.c	2008-07-14 00:55:25.000000000 +0530
+@@ -280,14 +280,19 @@
+ }
+ 
+ 
+-// !!FIXME!! allow escaping of %'s
+ // Note: this method strips out quotes and applies them itself as should be appropriate
+-char *expand_template(const char *template, const char *mount_point, const char *root_name)
++bool run_template(const char *template, const char *mount_point, const char *root_name)
+ {
+ 	int len = 0;
++	int nargs = 1;
+ 	int i;
+-	char *expanded_name;
+-	char *expanded_name_start;
++	char *buf;
++	char *p;
++	char **args;
++	char **arg;
++	bool quote = false;
++	pid_t pid;
++	int status;
+ 
+ 	// calculate length
+ 	for(i = 0; template[i]; i++)
+@@ -295,53 +300,100 @@
+ 			switch(template[i + 1])
+ 			{
+ 				case 'm':
+-					len += strlen(mount_point) + 2;
++					len += strlen(mount_point);
+ 					i++;
+ 					break;
+ 				case 'r':
+-					len += strlen(root_name) + 2;
++					len += strlen(root_name);
++					i++;
++					break;
++				case '%':
++					len++;
+ 					i++;
+ 					break;
+ 			}
+-		} else if(template[i] != '"')
++		} else if(template[i] == ' ' && !quote) {
++			len++;
++			nargs++;
++		} else if(template[i] == '"')
++			quote = !quote;
++		else if(template[i] == '\\' && template[i + 1])
++			len++, i++;
++		else
+ 			len++;
+ 
+-	expanded_name_start = expanded_name = my_malloc(len + 1);
++	buf = my_malloc(len + 1);
++	args = my_malloc((nargs + 1) * sizeof(*args));
++
++	p = buf;
++	arg = args;
++	*arg++ = p;
+ 
+ 	for(i = 0; template[i]; i++)
+ 		if(template[i] == '%') {
+-			int j = 0;
+ 			switch(template[i + 1])
+ 			{
+ 				case 'm':
+-					*expanded_name++ = '"';
+-					while(mount_point[j])
+-						*expanded_name++ = mount_point[j++];
+-					*expanded_name++ = '"';
++					strcpy(p, mount_point);
++					p += strlen(mount_point);
+ 					i++;
+ 					break;
+ 				case 'r':
+-					*expanded_name++ = '"';
+-					while(root_name[j])
+-						*expanded_name++ = root_name[j++];
+-					*expanded_name++ = '"';
++					strcpy(p, root_name);
++					p += strlen(root_name);
++					i++;
++					break;
++				case '%':
++					*p++ = '%';
+ 					i++;
+ 					break;
+ 			}
+-		} else if(template[i] != '"')
+-			*expanded_name++ = template[i];
+-
+-	*expanded_name = '\0';
+-
+-	return expanded_name_start;
++		} else if(template[i] == ' ' && !quote) {
++			*p++ = '\0';
++			*arg++ = p;
++		} else if(template[i] == '"')
++			quote = !quote;
++		else if(template[i] == '\\' && template[i + 1])
++			*p++ = template[++i];
++		else
++			*p++ = template[i];
++
++	*p = '\0';
++	*arg = NULL;
++
++	pid = fork();
++	if(pid == -1) {
++		fprintf(stderr, "Failed to fork (%s)\n", strerror(errno));
++		free(args);
++		free(buf);
++		return false;
++	}
++	if(pid == 0) {
++		execvp(args[0], args);
++		abort();
++	}
++	pid = waitpid(pid, &status, 0);
++	if(pid == -1) {
++		fprintf(stderr, "Failed to waitpid (%s)\n", strerror(errno));
++		free(args);
++		free(buf);
++		return false;
++	}
++	if(!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
++		fprintf(stderr, "Failed to invoke command: %s\n", args[0]);
++		free(args);
++		free(buf);
++		return false;
++	}
++	free(args);
++	free(buf);
++	return true;
+ }
+ 
+ mount_list_t *do_mount(const char *root_name)
+ {
+ 	char *mount_point;
+-	char *mount_command;
+ 	mount_list_t *mount;
+-	int sysret;
+ 
+ 	fprintf(stderr, "Mounting: %s\n", root_name);
+ 
+@@ -351,57 +403,33 @@
+ 		return NULL;
+ 	}
+ 
+-	mount_command = expand_template(user_options.mount_command_template,
+-	                                mount_point, root_name);
+-	sysret = system(mount_command);
+-
+-	fprintf(stderr, "sysret: %.8x\n", sysret);
+-
+-	if(sysret) {
+-		fprintf(stderr, "Failed to invoke mount command: '%s' (%s)\n",
+-			mount_command, sysret != -1 ?
+-				"Error executing mount" :
+-				strerror(errno));
+-
++	if(!run_template(user_options.mount_command_template,
++			 mount_point, root_name)) {
+ 		// remove the now unused directory
+ 		if( rmdir(mount_point) == -1 )
+ 			fprintf(stderr, "Failed to remove mount point dir: %s (%s)",
+ 				mount_point, strerror(errno));
+ 
+-		free(mount_command);
+ 		free(mount_point);
+ 		return NULL;
+ 	}
+ 
+ 	mount = add_mount(root_name, mount_point);
+-
+-	free(mount_command);
+ 	return mount;
+ }
+ 
+ int do_umount(mount_list_t *mount)
+ {
+-	char *unmount_command;
+-	int sysret;
+-
+ 	fprintf(stderr, "Unmounting: %s\n", mount->root_name);
+ 
+-	unmount_command = expand_template(user_options.unmount_command_template,
+-	                                  mount->mount_point, mount->root_name);
+-	sysret = system(unmount_command);
+-	if(sysret) {
+-		fprintf(stderr, "Failed to invoke unmount command: '%s' (%s)\n",
+-		        unmount_command, sysret != -1 ?
+-			               "Error executing mount" :
+-				       strerror(errno));
+-		/* Still unmount anyway */
+-	}
++	run_template(user_options.unmount_command_template,
++		     mount->mount_point, mount->root_name);
++	/* Still unmount anyway */
+ 
+ 	if( rmdir(mount->mount_point) == -1 )
+ 		fprintf(stderr, "Failed to remove mount point dir: %s (%s)",
+ 				mount->mount_point, strerror(errno));
+ 	remove_mount(mount);
+-	free(unmount_command);
+ 	return 1;
+ }
+