update to mpack 1.6 plus various patches from Sebastian Pipping:

- SECURITY: don't create world readable files. CVE-2011-4919 - avoid conflicting prototypes
2012-01-08 00:12:12 +00:00 · 2012-01-08 00:12:12 +00:00 · 2476a2db73
commit 2476a2db73
parent 0b7f7a5fee
12 changed files with 132 additions and 148 deletions
--- a/converters/mpack/Makefile
+++ b/converters/mpack/Makefile
@ -1,34 +1,22 @@
-# $OpenBSD: Makefile,v 1.22 2010/10/23 22:01:30 sthen Exp $
+# $OpenBSD: Makefile,v 1.23 2012/01/08 00:12:12 sthen Exp $

 COMMENT=	external MIME packer/unpacker

-V=		1.5
-DISTNAME=	mpack-${V}-src
-PKGNAME=	mpack-${V}
-REVISION=	1
+DISTNAME=	mpack-1.6
 CATEGORIES=	converters mail news

-# License: BSD
+# BSD
 PERMIT_PACKAGE_CDROM=	Yes
 PERMIT_PACKAGE_FTP=	Yes
 PERMIT_DISTFILES_CDROM=	Yes
 PERMIT_DISTFILES_FTP=	Yes

-WANTLIB=		c
+WANTLIB += c

-MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/mpack/
-EXTRACT_SUFX=	.tar.Z
+MASTER_SITES=	http://ftp.andrew.cmu.edu/pub/mpack/ \
+		ftp://ftp.andrew.cmu.edu/pub/mpack/

-WRKDIST=	${WRKDIR}/mpack
-MAKE_ENV=	CC="${CC}" CFLAGS="${CFLAGS}"
-
-USE_GROFF =	Yes
+CONFIGURE_STYLE= gnu
 NO_REGRESS=	Yes

-do-install:
-	${INSTALL_PROGRAM} ${WRKBUILD}/mpack ${PREFIX}/bin
-	${INSTALL_PROGRAM} ${WRKBUILD}/munpack ${PREFIX}/bin
-	${INSTALL_MAN} ${WRKSRC}/unixpk.man ${PREFIX}/man/man1/mpack.1
-	${INSTALL_MAN} ${WRKSRC}/unixunpk.man ${PREFIX}/man/man1/munpack.1
-
 .include <bsd.port.mk>
--- a/converters/mpack/distinfo
+++ b/converters/mpack/distinfo
@ -1,5 +1,5 @@
-MD5 (mpack-1.5-src.tar.Z) = 9B+Koq6S2Q4awDKRlz5l5A==
-RMD160 (mpack-1.5-src.tar.Z) = YUw1sfY8KmAnyXiUaUHNh1XLp3Q=
-SHA1 (mpack-1.5-src.tar.Z) = HFCB7dnHFS0qjEWFryxaP8nxfWA=
-SHA256 (mpack-1.5-src.tar.Z) = eLRCzzeInVaxGzaMrebj6+SbJ9Skb87BWGafsLjvHPk=
-SIZE (mpack-1.5-src.tar.Z) = 285360
+MD5 (mpack-1.6.tar.gz) = pw+lr6dlOamvtwudgVaP6A==
+RMD160 (mpack-1.6.tar.gz) = qDMwqhVDfcPKZHXL9uNbCauc7wc=
+SHA1 (mpack-1.6.tar.gz) = f9OnPg8TFBKSC2/zSHLn5/oD4Ds=
+SHA256 (mpack-1.6.tar.gz) = J0EIuzo5mCpO/BT7OmUpjmbI5xNnw9q/STOBYtIHqUw=
+SIZE (mpack-1.6.tar.gz) = 179850
--- a/converters/mpack/patches/patch-Makefile
+++ b/converters/mpack/patches/patch-Makefile
@ -1,23 +0,0 @@
-$OpenBSD: patch-Makefile,v 1.3 2005/10/06 21:09:22 aanriot Exp $
--- Makefile.orig	Thu Feb 16 22:39:41 1995
-+++ Makefile	Fri Aug  9 02:49:07 2002
-@@ -1,5 +1,5 @@
-CFLAGS=$(OPT) $(DEFINES)
-OPT=-O
-+#CFLAGS=$(OPT) $(DEFINES)
-+#OPT=-O
- 
- 
- #Uncomment the following line if your system does not have strchr()
-@@ -24,9 +24,9 @@ OPT=-O
- 
- 
- PACKOBJS = unixpk.o encode.o codes.o magic.o unixos.o string.o \
-		xmalloc.o md5c.o getopt.o
-+		xmalloc.o
- UNPACKOBJS = unixunpk.o decode.o uudecode.o codes.o unixos.o string.o \
-		part.o xmalloc.o md5c.o getopt.o
-+		part.o xmalloc.o
- 
- DESTDIR=/usr/local
- 
--- a/converters/mpack/patches/patch-codes_c
+++ b/converters/mpack/patches/patch-codes_c
@ -1,7 +1,7 @@
-$OpenBSD: patch-codes_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
--- codes.c.orig	Fri Aug  9 02:55:28 2002
-+++ codes.c	Fri Aug  9 02:56:20 2002
-@@ -38,8 +38,8 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIE
+$OpenBSD: patch-codes_c,v 1.4 2012/01/08 00:12:12 sthen Exp $
+--- codes.c.orig	Mon Jul 21 21:51:08 2003
+++ codes.c	Sun Jan  8 00:00:40 2012
+@@ -38,8 +38,8 @@ WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  */
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
@ -9,5 +9,5 @@ $OpenBSD: patch-codes_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
 #include "xmalloc.h"
 -#include "md5.h"
 
+ void output64chunk(int c1, int c2, int c3, int pads, FILE *outfile);
 static char basis_64[] =
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
--- a/converters/mpack/patches/patch-decode_c
+++ b/converters/mpack/patches/patch-decode_c
@ -1,63 +1,27 @@
-$OpenBSD: patch-decode_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
--- decode.c.orig	Thu Feb 16 22:39:44 1995
-+++ decode.c	Fri Aug  9 03:03:32 2002
-@@ -28,10 +28,10 @@
+$OpenBSD: patch-decode_c,v 1.4 2012/01/08 00:12:12 sthen Exp $
+--- decode.c.orig	Mon Jul 21 21:47:54 2003
+++ decode.c	Sun Jan  8 00:02:59 2012
+@@ -28,10 +28,11 @@
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
+#include <stdlib.h>
 +#include <md5.h>
 #include "xmalloc.h"
 #include "common.h"
 #include "part.h"
 -#include "md5.h"
 
- extern char *os_idtodir();
- extern FILE *os_newtypedfile();
-@@ -416,6 +416,15 @@ char **headerp;
- 	}
- 	if (*header) *header++ = '\0';
+ extern char *os_idtodir(char *id);
+ extern FILE *os_newtypedfile(char *fname, char *contentType, int flags, params contentParams);
+@@ -545,8 +546,8 @@ getDispositionFilename(char *disposition)
+ 	SkipWhitespace(&disposition);
+ 	if (!disposition) return 0;
+ 
+-	/* If we're looking at a ";", we found what we're looking for */
+-	if (*disposition++ == ';') break;
+	/* If we're looking at a "=", we found what we're looking for */
+	if (*disposition++ == '=') break;
     }
-+
-+    /*
-+     * Debian fix: if there was only an empty parameter list (a bare
-+     * semicolon) then there is no guarantee that param[nparam] exists.
-+     * Therefore, treat it as if there is no parameter list.
-+     */
-+    if (nparam == 0)
-+	return 0;
-+
-     param[nparam] = 0;
-     return param;
- }
-@@ -466,6 +475,7 @@ char *key;
- 	while (*from && *from != '\"') {
- 	    if (!--left) {
- 		alloced += VALUEGROWSIZE;
-+		left += VALUEGROWSIZE;
- 		value = xrealloc(value, alloced);
- 		to = value + alloced - left - 2;
- 	    }
-@@ -482,6 +492,7 @@ char *key;
- 	while (*from && !isspace(*from)) {
- 	    if (!--left) {
- 		alloced += VALUEGROWSIZE;
-+		left += VALUEGROWSIZE;
- 		value = xrealloc(value, alloced);
- 		to = value + alloced - left - 2;
- 	    }
-@@ -571,6 +582,7 @@ char *disposition;
- 	while (*disposition && *disposition != '\"') {
- 	    if (!--left) {
- 		alloced += VALUEGROWSIZE;
-+		left += VALUEGROWSIZE;
- 		value = xrealloc(value, alloced);
- 		to = value + alloced - left - 2;
- 	    }
-@@ -588,6 +600,7 @@ char *disposition;
- 	       *disposition != '(') {
- 	    if (!--left) {
- 		alloced += VALUEGROWSIZE;
-+		left += VALUEGROWSIZE;
- 		value = xrealloc(value, alloced);
- 		to = value + alloced - left - 2;
- 	    }
+ 
+     SkipWhitespace(&disposition);
--- a/converters/mpack/patches/patch-encode_c
+++ b/converters/mpack/patches/patch-encode_c
@ -0,0 +1,11 @@
+$OpenBSD: patch-encode_c,v 1.1 2012/01/08 00:12:13 sthen Exp $
+--- encode.c.orig	Sun Jan  8 00:03:01 2012
+++ encode.c	Sun Jan  8 00:03:09 2012
+@@ -24,6 +24,7 @@
+  */
+ #include <stdio.h>
+ #include <string.h>
+#include <stdlib.h>
+ 
+ extern char *magic_look(FILE *infile);
+ extern char *os_genid(void);
--- a/converters/mpack/patches/patch-part_c
+++ b/converters/mpack/patches/patch-part_c
@ -0,0 +1,11 @@
+$OpenBSD: patch-part_c,v 1.1 2012/01/08 00:12:13 sthen Exp $
+--- part.c.orig	Sun Jan  8 00:03:35 2012
+++ part.c	Sun Jan  8 00:03:42 2012
+@@ -28,6 +28,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
+#include <stdlib.h>
+ 
+ #include "part.h"
+ #include "xmalloc.h"
--- a/converters/mpack/patches/patch-unixos_c
+++ b/converters/mpack/patches/patch-unixos_c
@ -1,34 +1,38 @@
-$OpenBSD: patch-unixos_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
--- unixos.c.orig	Thu Feb 16 22:39:50 1995
-+++ unixos.c	Fri Aug  9 02:58:47 2002
-@@ -36,7 +36,9 @@
+$OpenBSD: patch-unixos_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
+
+Fixes from Sebastian Pipping
+http://git.goodpoint.de/?p=mpack.git;a=commitdiff;h=0c87201f64491575350b18d04c62ec142e119d1f
+
+--- unixos.c.orig	Mon Jul 21 21:54:05 2003
+++ unixos.c	Sun Jan  8 00:06:09 2012
+@@ -30,6 +30,7 @@
+ #include <sys/param.h>
+ #include <netdb.h>
+ #include <fcntl.h>
+#include <stdlib.h>
+ #include "xmalloc.h"
+ #include "common.h"
+ #include "part.h"
+@@ -38,10 +39,6 @@
 #define MAXHOSTNAMELEN 64
 #endif
 
-+#ifndef errno
- extern int errno;
-+#endif
- extern char *malloc();
- extern char *getenv();
+-extern int errno;
+-extern char *malloc();
+-extern char *getenv();
+-
+ int overwrite_files = 0;
+ int didchat;
 
-@@ -89,7 +91,7 @@ char *id;
- 	strcpy(buf, getenv("TMPDIR"));
-     }
-     else {
-	strcpy(buf, "/usr/tmp");
-+	strcpy(buf, "/var/tmp");
-     }
-     strcat(buf, "/m-prts-");
-     p = getenv("USER");
-@@ -159,6 +161,11 @@ params contentParams;
+@@ -137,9 +134,9 @@ FILE *os_createnewfile(char *fname)
+     FILE *ret;
+      
+ #ifdef O_EXCL
+-    fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0644);
+    fd=open(fname, O_RDWR|O_CREAT|O_EXCL, 0600);
+ #else
+-    fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0644);
+    fd=open(fname, O_RDWR|O_CREAT|O_TRUNC, 0600);
+ #endif
 
-     /* Get rid of leading ~ or ~/ */
-     while (*fname == '~' || *fname == '/') fname++;
-+
-+    /* Debian fix: the loop below handles internal "/../" but not
-+     * leading "../" */
-+    /* Get rid of leading "../" */
-+    while (!strncmp(fname, "../", 3)) fname += 3;
-     
-     /* Clean out bad characters, create directories along path */
-     for (p=fname; *p; p++) {
+     if (fd == -1)
--- a/converters/mpack/patches/patch-unixpk_c
+++ b/converters/mpack/patches/patch-unixpk_c
@ -1,8 +1,17 @@
-$OpenBSD: patch-unixpk_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
--- unixpk.c.orig	Thu Feb 16 22:39:50 1995
-+++ unixpk.c	Mon Aug  5 12:30:30 2002
-@@ -165,7 +165,7 @@ char **argv;
- 	    strcpy(fnamebuf, "/tmp");
+$OpenBSD: patch-unixpk_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
+--- unixpk.c.orig	Mon Jul 21 21:50:41 2003
+++ unixpk.c	Sun Jan  8 00:04:20 2012
+@@ -25,6 +25,8 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+ #include "common.h"
+ #include "version.h"
+ #include "xmalloc.h"
+@@ -167,7 +169,7 @@ int main(int argc, char **argv)
+ 	    strcpy(fnamebuf, "/usr/tmp");
 	}
 	strcat(fnamebuf, "/mpackXXXXXX");
 -	mktemp(fnamebuf);
--- a/converters/mpack/patches/patch-unixpk_man
+++ b/converters/mpack/patches/patch-unixpk_man
@ -1,7 +1,7 @@
-$OpenBSD: patch-unixpk_man,v 1.1 2002/08/09 01:15:19 naddy Exp $
--- unixpk.man.orig	Thu Feb 16 22:39:50 1995
-+++ unixpk.man	Mon Aug  5 12:30:30 2002
-@@ -136,7 +136,7 @@ Mail the generated messages to the speci
+$OpenBSD: patch-unixpk_man,v 1.2 2012/01/08 00:12:13 sthen Exp $
+--- unixpk.man.orig	Thu Feb 16 21:39:50 1995
+++ unixpk.man	Sun Jan  8 00:00:40 2012
+@@ -136,7 +136,7 @@ Mail the generated messages to the specified addresses
 .SH ENVIRONMENT
 .TP
 .B TMPDIR
--- a/converters/mpack/patches/patch-unixunpk_c
+++ b/converters/mpack/patches/patch-unixunpk_c
@ -1,9 +1,17 @@
-$OpenBSD: patch-unixunpk_c,v 1.3 2005/10/06 21:09:22 aanriot Exp $
--- unixunpk.c.orig	Fri Aug  9 02:44:18 2002
-+++ unixunpk.c	Fri Aug  9 02:44:38 2002
-@@ -100,7 +100,7 @@ char **argv;
+$OpenBSD: patch-unixunpk_c,v 1.4 2012/01/08 00:12:13 sthen Exp $
+--- unixunpk.c.orig	Mon Jul 21 21:51:55 2003
+++ unixunpk.c	Sun Jan  8 00:04:32 2012
+@@ -23,6 +23,7 @@
+  * SOFTWARE.
+  */
+ #include <stdio.h>
+#include <stdlib.h>
+ #include "version.h"
+ #include "part.h"
 
- usage() {
+@@ -100,7 +101,7 @@ int main(int argc, char **argv)
+ 
+ void usage(void) {
     fprintf(stderr, "munpack version %s\n", MPACK_VERSION);
 -    fprintf(stderr, "usage: munpack [-f] [-q] [-C directory] [files...]\n");
 +    fprintf(stderr, "usage: munpack [-f] [-q] [-t] [-C directory] [files...]\n");
--- a/converters/mpack/patches/patch-xmalloc_c
+++ b/converters/mpack/patches/patch-xmalloc_c
@ -0,0 +1,12 @@
+$OpenBSD: patch-xmalloc_c,v 1.1 2012/01/08 00:12:13 sthen Exp $
+--- xmalloc.c.orig	Sun Jan  8 00:04:35 2012
+++ xmalloc.c	Sun Jan  8 00:04:44 2012
+@@ -24,7 +24,7 @@
+  */
+ #include <stdio.h>
+ #include <string.h>
+-extern char *malloc(), *realloc();
+#include <stdlib.h>
+ 
+ char *xmalloc (int size)
+ {