From 73fefa0c1ac70043ec84f2d8b8f9f683213f168d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 17 Nov 2014 13:11:32 +0100
Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)

This patch is taken from
ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz

Upstream-Status: Inappropriate [upstream is dead]
CVE: CVE-2004-2771
---
 fio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fio.c b/fio.c
index 1529236..774a204 100644
--- a/fio.c
+++ b/fio.c
@@ -497,7 +497,7 @@ globname(char *name)
 	sigemptyset(&nset);
 	sigaddset(&nset, SIGCHLD);
 	sigprocmask(SIG_BLOCK, &nset, NULL);
-	i = wordexp(name, &we, 0);
+	i = wordexp(name, &we, WRDE_NOCMD);
 	sigprocmask(SIG_UNBLOCK, &nset, NULL);
 	switch (i) {
 	case 0:
-- 
1.9.3