diff -Nru torque-2.4.16+dfsg/debian/changelog torque-2.4.16+dfsg/debian/changelog
--- torque-2.4.16+dfsg/debian/changelog	2014-05-27 08:05:31.000000000 +0000
+++ torque-2.4.16+dfsg/debian/changelog	2014-10-26 06:55:56.000000000 +0000
@@ -1,11 +1,17 @@
-torque (2.4.16+dfsg-1.4ubuntu1) utopic; urgency=medium
+torque (2.4.16+dfsg-1.5) unstable; urgency=high
 
-  * Merge from debian. Remaining changes:
-    - Build using dh-autoreconf.
-    - Specified multiarch Tcl and Tk locations during configure,
-      fixing FTBFS.
+  * Non-maintainer upload.
+  * Add CVE-2014-3684.patch patch.
+    CVE-2014-3684: Within a TORQUE Resource Manager job, the tm_adopt()
+    TORQUE library call enables a user-built executable calling tm_adopt()
+    to adopt any session id (and its child processes) regardless of the
+    session id owner on any node within a job. When a job that includes the
+    executable calling tm_adopt() exits, the adopted processes are killed
+    along with the job processes during normal job cleanup. This can enable
+    a non-root user to kill processes he doesn't own including root-owned
+    ones on any node in a job. (Closes: #763922)
 
- -- Jackson Doak <noskcaj@ubuntu.com>  Mon, 26 May 2014 07:14:38 +1000
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 25 Oct 2014 13:18:37 +0200
 
 torque (2.4.16+dfsg-1.4) unstable; urgency=high
 
@@ -17,15 +23,6 @@
 
  -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 21 May 2014 20:56:21 +0200
 
-torque (2.4.16+dfsg-1.3ubuntu1) trusty; urgency=medium
-
-  * Merge from debian. Remaining changes:
-    - Build using dh-autoreconf.
-    - Specified multiarch Tcl and Tk locations during configure,
-      fixing FTBFS.
-
- -- Jackson Doak <noskcaj@ubuntu.com>  Tue, 17 Dec 2013 07:39:52 +1100
-
 torque (2.4.16+dfsg-1.3) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
@@ -55,25 +52,6 @@
 
  -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 07 Oct 2013 07:09:57 +0200
 
-torque (2.4.16+dfsg-1ubuntu2) trusty; urgency=medium
-
-  * Build using dh-autoreocnf.
-
- -- Matthias Klose <doko@ubuntu.com>  Sun, 15 Dec 2013 17:13:46 +0100
-
-torque (2.4.16+dfsg-1ubuntu1) raring; urgency=low
-
-  * Specified multiarch Tcl and Tk locations during configure,
-    fixing FTBFS.
-
- -- Daniel T Chen <crimsun@ubuntu.com>  Wed, 10 Apr 2013 17:36:58 -0400
-
-torque (2.4.16+dfsg-1build1) precise; urgency=low
-
-  * No-change rebuild to drop spurious libsfgcc1 dependency on armhf.
-
- -- Adam Conrad <adconrad@0c3.net>  Fri, 02 Dec 2011 21:28:30 -0700
-
 torque (2.4.16+dfsg-1) unstable; urgency=low
 
   * New upstream release
diff -Nru torque-2.4.16+dfsg/debian/control torque-2.4.16+dfsg/debian/control
--- torque-2.4.16+dfsg/debian/control	2014-05-27 08:05:09.000000000 +0000
+++ torque-2.4.16+dfsg/debian/control	2014-10-26 06:55:56.000000000 +0000
@@ -1,13 +1,11 @@
 Source: torque
 Section: net
 Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-XSBC-Original-Maintainer: Morten Kjeldgaard <mok@bioxray.au.dk>
+Maintainer: Morten Kjeldgaard <mok@bioxray.au.dk>
 Uploaders: Dominique Belhachemi <domibel@debian.org>,
            Jordi Mallach <jordi@debian.org>,
            Steffen Moeller <moeller@debian.org>
 Build-Depends: autotools-dev (>= 20100122.1~),
-               dh-autoreconf,
                chrpath,
                debhelper (>= 7),
                libpam0g-dev,
@@ -15,8 +13,7 @@
                openssh-client,
                tcl8.5-dev,
                tk8.5-dev,
-               libreadline-dev,
-               dpkg-dev (>= 1.16.0)
+               libreadline-dev
 Standards-Version: 3.9.1
 DM-Upload-Allowed: yes
 XS-Autobuild: yes
diff -Nru torque-2.4.16+dfsg/debian/libtorque2.debhelper.log torque-2.4.16+dfsg/debian/libtorque2.debhelper.log
--- torque-2.4.16+dfsg/debian/libtorque2.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/libtorque2.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/libtorque2-dev.debhelper.log torque-2.4.16+dfsg/debian/libtorque2-dev.debhelper.log
--- torque-2.4.16+dfsg/debian/libtorque2-dev.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/libtorque2-dev.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/patches/CVE-2014-3684.patch torque-2.4.16+dfsg/debian/patches/CVE-2014-3684.patch
--- torque-2.4.16+dfsg/debian/patches/CVE-2014-3684.patch	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/patches/CVE-2014-3684.patch	2014-10-26 06:55:56.000000000 +0000
@@ -0,0 +1,145 @@
+Description: CVE-2014-3684: non-root users able to kill any process on any node in a job
+ limit tm_adopt() to only adopt a session id that is owned by the
+ calling user.
+ .
+ Within a TORQUE Resource Manager job, the tm_adopt() TORQUE library
+ call enables a user-built executable calling tm_adopt() to adopt any
+ session id (and its child processes) regardless of the session id owner
+ on any node within a job. When a job that includes the executable
+ calling tm_adopt() exits, the adopted processes are killed along with
+ the job processes during normal job cleanup. This can enable a non-root
+ user to kill processes he/she doesn't own including root-owned ones on
+ any node in a job.
+Origin: backport, https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9
+Bug-Debian: https://bugs.debian.org/763922
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1149044
+Forwarded: not-needed
+Author: Chad Vizino <cvizino@adaptivecomputing.com>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2014-10-21
+
+--- a/src/cmds/pbs_track.c
++++ b/src/cmds/pbs_track.c
+@@ -232,6 +232,12 @@ int main(
+ 
+         break;
+ 
++      case TM_EPERM:
++
++        fprintf(stderr, "pbs_track: permission denied: %s (%d)\n",
++                pbse_to_txt(rc),
++                rc);
++
+       default:
+ 
+         /* Unexpected error occurred */
+--- a/src/include/tm.h
++++ b/src/include/tm.h
+@@ -195,7 +195,7 @@ int tm_register(tm_whattodo_t *what,
+ /*
+  *  DJH 15 Nov 2001.
+  *  Generic "out-of-band" task adoption call for tasks parented by
+- *  another job management system.  Minor security hole?
++ *  another job management system.
+  *  Cannot be called with any other tm call.
+  *  26 Feb 2002. Allows id to be jobid (adoptCmd = TM_ADOPT_JOBID)
+  *  or some altid (adoptCmd = TM_ADOPT_ALTID)
+--- a/src/include/tm_.h
++++ b/src/include/tm_.h
+@@ -133,6 +133,7 @@ typedef unsigned int tm_task_id;
+ #define TM_EBADENVIRONMENT 17005
+ #define TM_ENOTFOUND  17006
+ #define TM_BADINIT  17007
++#define TM_EPERM  17008
+ 
+ #define TM_TODO_NOP 5000 /* Do nothing (the nodes value may be new) */
+ #define TM_TODO_CKPT 5001 /* Checkpoint <what> and continue it */
+--- a/src/lib/Libifl/tm.c
++++ b/src/lib/Libifl/tm.c
+@@ -80,10 +80,14 @@
+ 
+ #include <pbs_config.h>   /* the master config generated by configure */
+ 
++/* define the following so we get prototype for snprintf() */
++#define _ISOC99_SOURCE
++
+ /* define the following so we get prototype for getsid() */
+ #define _XOPEN_SOURCE
+ #define _XOPEN_SOURCE_EXTENDED 1
+ 
++#include <stdbool.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+@@ -94,6 +98,7 @@
+ #include <errno.h>
+ #include <assert.h>
+ #include <sys/types.h>
++#include <sys/stat.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
+ #include <netinet/in.h>
+@@ -173,6 +178,31 @@ static event_info *event_hash[EVENT_HASH
+ static int  event_count = 0;
+ 
+ /*
++ * check if the owner of this process matches the owner of pid
++ *  returns TRUE if so, FALSE otherwise
++ */
++bool ispidowner(pid_t pid)
++  {
++  char        path[MAXPATHLEN];
++  struct stat sbuf;
++
++  /* build path to pid */
++  snprintf(path, sizeof(path), "/proc/%d", pid);
++
++  /* do the stat */
++  /*   if it fails, assume not owner */
++  if (stat(path, &sbuf) != 0)
++    return(FALSE);
++
++  /* see if caller is the owner of pid */
++  if (getuid() != sbuf.st_uid)
++    return(FALSE);
++
++  /* caller is owner */
++  return(TRUE);
++  }
++
++/*
+ ** Find an event number or return a NULL.
+ */
+ static event_info *
+@@ -1648,8 +1678,8 @@ err:
+  *     some mpiruns simply use rsh to start remote processes - no AMS
+  *     tracking or management facilities are available.
+  *
+- *     This function allows any task (session) to be adopted into a PBS
+- *     job. It is used by:
++ *     This function allows any task (session) owned by the owner
++ *     of the job to be adopted into a PBS job. It is used by:
+  *         -  "adopter" (which is in turn used by our pvmrun)
+  *         -  our rmsloader wrapper (a home-brew replacement for RMS'
+  *            rmsloader that does some work and then exec()s the real
+@@ -1683,7 +1713,8 @@ err:
+  *     the mom. Returns TM_ENOTFOUND if the mom couldn't find a job
+  *     with the given RMS resource id. Returns TM_ESYSTEM or
+  *     TM_ENOTCONNECTED if there was some sort of comms error talking
+- *     to the mom
++ *     to the mom. Returns TM_EPERM if an attempt was made to adopt
++ *     a session not owned by the owner of the job.
+  *
+  * Side effects:
+  *     Sets the tm_* globals to fake values if tm_init() has never
+@@ -1701,6 +1732,10 @@ int tm_adopt(char *id, int adoptCmd, pid
+ 
+   sid = getsid(pid);
+ 
++  /* do not adopt a sid not owned by caller */
++  if (!ispidowner(sid))
++    return(TM_EPERM);
++
+   /* Must be the only call to call to tm and
+      must only be called once */
+ 
diff -Nru torque-2.4.16+dfsg/debian/patches/series torque-2.4.16+dfsg/debian/patches/series
--- torque-2.4.16+dfsg/debian/patches/series	2014-05-27 08:05:31.000000000 +0000
+++ torque-2.4.16+dfsg/debian/patches/series	2014-10-26 06:55:56.000000000 +0000
@@ -8,3 +8,4 @@
 fix-FTBFS-on-kfreebsd.patch
 CVE-2013-4495.patch
 CVE-2014-0749.patch
+CVE-2014-3684.patch
diff -Nru torque-2.4.16+dfsg/debian/rules torque-2.4.16+dfsg/debian/rules
--- torque-2.4.16+dfsg/debian/rules	2014-05-27 08:05:09.000000000 +0000
+++ torque-2.4.16+dfsg/debian/rules	2014-10-26 06:55:56.000000000 +0000
@@ -18,7 +18,6 @@
 # from having to guess our platform (since we know it already)
 DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-DEB_HOST_MULTIARCH  ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 
 CFLAGS += -Wall
 
@@ -47,13 +46,15 @@
 configure: configure-stamp
 configure-stamp:
 	dh_testdir
-	dh_autoreconf
+	if [ -x /usr/bin/dh_autotools-dev_updateconfig ]; then \
+	  dh_autotools-dev_updateconfig; \
+	fi
 	ln -sf $(CURDIR) /tmp/torque-src
 	mkdir -p debian/build/with-x
 	mkdir -p debian/build/without-x
 	cd debian/build/with-x && /tmp/torque-src/configure $(OPTIONS) \
 		--srcdir /tmp/torque-src \
-		--with-tcl=/usr/lib/$(DEB_HOST_MULTIARCH)/tcl8.5 --with-tk=/usr/lib/$(DEB_HOST_MULTIARCH)/tk8.5 \
+		--with-tcl=/usr/lib/tcl8.5 --with-tk=/usr/lib/tk8.5 \
 		--disable-server --disable-mom
 	cd debian/build/without-x && /tmp/torque-src/configure $(OPTIONS) \
 		--srcdir /tmp/torque-src \
@@ -74,8 +75,10 @@
 	dh_testroot
 	rm -f build-arch-stamp build-indep-stamp configure-stamp
 	rm -rf debian/build
-	dh_autoreconf_clean
 	dh_clean
+	if [ -x /usr/bin/dh_autotools-dev_restoreconfig ]; then \
+	  dh_autotools-dev_restoreconfig; \
+	fi
 	rm -f torque-2.4.16
 
 
diff -Nru torque-2.4.16+dfsg/debian/torque-client.debhelper.log torque-2.4.16+dfsg/debian/torque-client.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-client.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-client.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/torque-client-x11.debhelper.log torque-2.4.16+dfsg/debian/torque-client-x11.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-client-x11.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-client-x11.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/torque-common.debhelper.log torque-2.4.16+dfsg/debian/torque-common.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-common.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-common.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/torque-mom.debhelper.log torque-2.4.16+dfsg/debian/torque-mom.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-mom.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-mom.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/torque-pam.debhelper.log torque-2.4.16+dfsg/debian/torque-pam.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-pam.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-pam.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/torque-scheduler.debhelper.log torque-2.4.16+dfsg/debian/torque-scheduler.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-scheduler.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-scheduler.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig
diff -Nru torque-2.4.16+dfsg/debian/torque-server.debhelper.log torque-2.4.16+dfsg/debian/torque-server.debhelper.log
--- torque-2.4.16+dfsg/debian/torque-server.debhelper.log	1970-01-01 00:00:00.000000000 +0000
+++ torque-2.4.16+dfsg/debian/torque-server.debhelper.log	2014-10-26 06:57:59.000000000 +0000
@@ -0,0 +1 @@
+dh_autotools-dev_restoreconfig