mpack-1.6 introduced more security on Unix-like systems by creating
and using a helper function, os_createnewfile, that uses O_CREAT|O_EXCL.
Unfortunately, it also uses it to write the total number of parts
temporary file, which fails if more than one part contains the
total number (as mpack creates them!)
The new code compares old and new totals, if both exist, and only
writes the new total, if the old didn't exist. Problem solved and
one sanity check more at the same time.
pkgsrc changes:
- Destdir support.
- Include fixes for implicit function declarations probably broken on LP64.
- Fix for 64-bit time_t world in netbsd-current.
- Fix some pkglint.
- Suppress warning about mktemp() on NetBSD; usage checked.
Upstream changes:
1.6 -- Jul 21 2003
Use automake and a little bit of autoconf
convert K&R declarations/definitions to ANSI
Fixed buffer overflow in getParam and getDispositionFilename (debian patch)
Fixed possible crash in ParseContent (debian patch)
fix typo in getDispositionFilename (from Steve Friedl)
use system strcasecmp and getopt where possible.
use O_EXCL where available when creating files.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.