Ripped from Ubuntu's patch: http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.1-10ubuntu0.2.diff.gz To fix bug: http://bugs.gentoo.org/show_bug.cgi?id=87939 --- sharutils-4.2.1/doc/shar.1 +++ sharutils-4.2.1/doc/shar.1 @@ -48,7 +48,7 @@ the list of files to be packed. For example: .nf -find . \-type f \-print | sort | shar \-S \-Z \-L50 \-o /tmp/big +find . \-type f \-print | sort | shar \-S \-Z \-L50 \-o /somewhere/big .fi If \f2\-p\f1 is specified on the command line, then the options --- sharutils-4.2.1/doc/sharutils.texi +++ sharutils-4.2.1/doc/sharutils.texi @@ -219,7 +214,7 @@ the list of files to be packed. For example: @example -find . -type f -print | shar -S -o /tmp/big.shar +find . -type f -print | shar -S -o /somewhere/big.shar @end example If @code{-p} is specified on the command line, then the options --- sharutils-4.2.1/src/remsync.in +++ sharutils-4.2.1/src/remsync.in @@ -1657,7 +1657,10 @@ } } - open (SCAN, ("find$list -type f -print 2> /tmp/$$.find" + $findtempfile = `tempfile`; + chop $findtempfile; + + open (SCAN, ("find$list -type f -print 2> $findtempfile" . " | xargs $sum_command |")) || &interrupt ("Cannot launch program \`find\'"); @@ -1689,7 +1692,7 @@ # Clean out scanning for inexisting files. - open (SCAN, "/tmp/$$.find"); + open (SCAN, "$findtempfile"); while () { chop; @@ -1706,7 +1709,7 @@ &query ("Should I delete this scan (y/n)? [y]"); if (/^(y|yes)$/i) { - &delete_scan ($file); + &command_delete_scan ($file); } else { @@ -1720,7 +1723,7 @@ } } close SCAN; - unlink "/tmp/$$.find"; + unlink "$findtempfile"; $study_files = 0; } --- sharutils-4.2.1/src/unshar.c +++ sharutils-4.2.1/src/unshar.c @@ -424,13 +424,15 @@ } else { +#ifdef __MSDOS__ sprintf (name_buffer, "/tmp/unsh.%05d", (int) getpid ()); unlink (name_buffer); if (file = fopen (name_buffer, "w+"), !file) error (EXIT_FAILURE, errno, name_buffer); -#ifndef __MSDOS__ - unlink (name_buffer); /* will be deleted on fclose */ +#else + if (file = tmpfile(), !file) + error (EXIT_FAILURE, errno, "tmpfile"); #endif while (size_read = fread (copy_buffer, 1, sizeof (copy_buffer), stdin), --- sharutils-4.2.1/src/uudecode.c +++ sharutils-4.2.1/src/uudecode.c @@ -292,12 +292,12 @@ if (strncmp (buf, "begin", 5) == 0) { - if (sscanf (buf, "begin-base64 %o %s", &mode, buf) == 2) + if (sscanf (buf, "begin-base64 %o %[^\n]", &mode, buf) == 2) { do_base64 = 1; break; } - else if (sscanf (buf, "begin %o %s", &mode, buf) == 2) + else if (sscanf (buf, "begin %o %[^\n]", &mode, buf) == 2) break; } } @@ -348,7 +348,7 @@ #endif )) { - error (0, errno, "%s: %s", outname, inname); + error (0, errno, "%s", outname); return 1; } --- sharutils-4.2.1/src/mailshar.in +++ sharutils-4.2.1/src/mailshar.in @@ -33,7 +33,7 @@ If none of -MTBzZ are given, -z is automatically selected if *none* of the FILEs have an .arc, .exz, .gif, .z, .gz, .Z, .zip or .zoo suffix." -temp=/usr/tmp/$$.shar +temp=`tempfile` ### Decode the options.