Fix CVE-2018-1000097:

https://security-tracker.debian.org/tracker/CVE-2018-1000097
https://nvd.nist.gov/vuln/detail/CVE-2018-1000097

Patch taken from upstream bug report:
https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html

diff --git a/src/unshar.c b/src/unshar.c
index 80bc3a9..0fc3773 100644
--- a/src/unshar.c
+++ b/src/unshar.c
@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t start)
       off_t position = ftello (file);
 
       /* Read next line, fail if no more and no previous process.  */
-      if (!fgets (rw_buffer, BUFSIZ, file))
+      if (!fgets (rw_buffer, rw_base_size, file))
 	{
 	  if (!start)
 	    error (0, 0, _("Found no shell commands in %s"), name);
alue='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>refs</a><a class='active' href='/guix/log/tests/challenge.scm'>log</a><a href='/guix/tree/tests/challenge.scm?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>tree</a><a href='/guix/commit/tests/challenge.scm?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>commit</a><a href='/guix/diff/tests/challenge.scm?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/challenge.scm'>
<input type='hidden' name='id' value='e85c2d66f61f493a0a63e03acb83745b2fca5088'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>root</a>/<a href='/guix/log/tests?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>tests</a>/<a href='/guix/log/tests/challenge.scm?id=e85c2d66f61f493a0a63e03acb83745b2fca5088'>challenge.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/challenge.scm?id=e85c2d66f61f493a0a63e03acb83745b2fca5088&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-01-16 11:51:03 +0000'>2021-01-16</span></td><td><a href='/guix/commit/tests/challenge.scm?id=681af17460fa34916ac40589cccdcca7222249af'>guix: Move narinfo code from substitute script to module.</a><span class='msg-avail'>...<span class='msg-tooltip'>This separation between the code for dealing with narinfos from the code doing
that for a purpose should make things clearer, and better support components
other that the substitute script in using this code.

This is just moving the code around, no code should have been significantly
changed.

* guix/scripts/substitute.scm (&lt;narinfo&gt;): Move record type to (guix narinfo).
(fields-&gt;alist, narinfo-hash-algorithm+value, narinfo-hash-&gt;sha256,
narinfo-signature-&gt;canonical-sexp, narinfo-maker, read-narinfo,
narinfo-sha256, valid-narinfo?, write-narinfo, narinfo-&gt;string,
string-&gt;narinfo, equivalent-narinfo?, supported-compression?,
compresses-better?, narinfo-best-uri): Move procedures to (guix narinfo).
(%compression-methods): Move variable to (guix narinfo).
* guix/narinfo.scm: New file.
* Makefile.am (MODULES): Add it.
* po/guix/POTFILES.in: Add 'guix/narinfo.scm'.
</span></span></td><td>Christopher Baines</td></tr>