Securitu fix for CAN-2004-1773:

"Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers
 to execute arbitrary code via long output from wc to shar, or unknown vectors
 in unshar."

Patch from SuSE/Gentoo. Also add more sanity checking patches from the latter.

1 files changed, 17 insertions, 0 deletions

diff --git a/archivers/gsharutils/patches/patch-aj b/archivers/gsharutils/patches/patch-aj
new file mode 100644
index 00000000000..57c79f7b075
--- /dev/null
+++ b/archivers/gsharutils/patches/patch-aj
@@ -0,0 +1,17 @@
+$NetBSD: patch-aj,v 1.4 2005/03/31 14:17:05 salo Exp $
+
+--- src/mailshar.in.orig	1995-11-26 00:42:47.000000000 +0100
++++ src/mailshar.in	2005-03-31 15:51:27.000000000 +0200
+@@ -33,7 +33,11 @@
+ If none of -MTBzZ are given, -z is automatically selected if *none*
+ of the FILEs have an .arc, .exz, .gif, .z, .gz, .Z, .zip or .zoo suffix."
+ 
+-temp=/usr/tmp/$$.shar
++temp=`mktemp -q /tmp/$0.XXXXXX`
++if [ $? -ne 0 ]; then
++    echo "$0: Can't create temp file, exiting..."
++    exit 1
++fi
+ 
+ ### Decode the options.
+