Fix decoding of message/partial. Explanation:

mpack-1.6 introduced more security on Unix-like systems by creating
and using a helper function, os_createnewfile, that uses O_CREAT|O_EXCL.
Unfortunately, it also uses it to write the total number of parts
temporary file, which fails if more than one part contains the
total number (as mpack creates them!)

The new code compares old and new totals, if both exist, and only
writes the new total, if the old didn't exist. Problem solved and
one sanity check more at the same time.

3 files changed, 84 insertions, 3 deletions

diff --git a/converters/mpack/Makefile b/converters/mpack/Makefile
index 10a8d91b2a4..f947b00b3cb 100644
--- a/converters/mpack/Makefile
+++ b/converters/mpack/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.20 2010/04/20 10:26:40 is Exp $
+# $NetBSD: Makefile,v 1.21 2010/11/17 22:24:40 is Exp $
 
 DISTNAME=	mpack-1.6
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	converters mail news
 MASTER_SITES=	ftp://ftp.andrew.cmu.edu/pub/mpack/
 
diff --git a/converters/mpack/distinfo b/converters/mpack/distinfo
index 0e05289218d..2a07273915b 100644
--- a/converters/mpack/distinfo
+++ b/converters/mpack/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.11 2010/06/15 04:18:04 dholland Exp $
+$NetBSD: distinfo,v 1.12 2010/11/17 22:24:40 is Exp $
 
 SHA1 (mpack-1.6.tar.gz) = 7fd3a73e0f131412920b6ff34872e7e7fa03e03b
 RMD160 (mpack-1.6.tar.gz) = a83330aa15437dc3ca6475cbf6e35b09ab9cef07
@@ -8,3 +8,4 @@ SHA1 (patch-ac) = a69986a5c1b7659fac6df05f4db9a44df3110892
 SHA1 (patch-ad) = 76f32d163021a81d73d8316f72b141ef3edf4f14
 SHA1 (patch-ae) = 7cbc232a310d0aa2c18b8f2fc3dba0a3fae311b8
 SHA1 (patch-af) = 2b38171d450ddbe1f9bb7a520d5e114a15afab9d
+SHA1 (patch-ag) = 9075ca42dd37e349284e5bb44bc15b740998a987
diff --git a/converters/mpack/patches/patch-ag b/converters/mpack/patches/patch-ag
new file mode 100644
index 00000000000..8ef9451ad4e
--- /dev/null
+++ b/converters/mpack/patches/patch-ag
@@ -0,0 +1,80 @@
+$NetBSD: patch-ag,v 1.1 2010/11/17 22:24:40 is Exp $
+
+--- decode.c.orig	2003-07-21 20:47:54.000000000 +0000
++++ decode.c
+@@ -25,6 +25,7 @@
+  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+  * SOFTWARE.  */
+ 
++#include <errno.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <ctype.h>
+@@ -601,7 +602,7 @@ int handlePartial(struct part *inpart, c
+ {
+     char *id, *dir, *p;
+     int thispart;
+-    int nparts = 0;
++    int nparts = 0, onparts=0;
+     char buf[1024];
+     FILE *partfile, *outfile;
+     struct part *outpart;
+@@ -624,33 +625,44 @@ int handlePartial(struct part *inpart, c
+     }
+     thispart = atoi(p);
+ 
++    /* Try to retrieve number of parts from reassembly directory */
++    sprintf(buf, "%sCT", dir);
++    if (partfile = fopen(buf, "r")) {
++        if (fgets(buf, sizeof(buf), partfile)) {
++	    onparts = atoi(buf);
++	    if (onparts < 0) onparts = 0;
++        }
++        fclose(partfile);
++    }
++
+     if (p = getParam(contentParams, "total")) {
+ 	nparts = atoi(p);
+ 	if (nparts <= 0) {
+ 	    warn("partial message has invalid number of parts");
+ 	    goto ignore;
+ 	}
+-	/* Store number of parts in reassembly directory */
+-	sprintf(buf, "%sCT", dir);
+-	partfile = os_createnewfile(buf);
+-	if (!partfile) {
+-	    os_perror(buf);
++	if (onparts && nparts && nparts != onparts) {
++	    warn("messages disagree about total number of parts");
+ 	    goto ignore;
+ 	}
+-	fprintf(partfile, "%d\n", nparts);
+-	fclose(partfile);
+-    }
+-    else {
+-	/* Try to retrieve number of parts from reassembly directory */
++
++	/* Store number of parts in reassembly directory */
+ 	sprintf(buf, "%sCT", dir);
+-	if (partfile = fopen(buf, "r")) {
+-	    if (fgets(buf, sizeof(buf), partfile)) {
+-		nparts = atoi(buf);
+-		if (nparts < 0) nparts = 0;
++	partfile = fopen(buf, "w");
++	if (!partfile) {
++	    if (errno != EEXIST) {
++	    	os_perror(buf);
++	    	goto ignore;
+ 	    }
++	    onparts = nparts;
++	} else {
++	    fprintf(partfile, "%d\n", nparts);
+ 	    fclose(partfile);
+ 	}
+     }
++    else {
++	nparts = onparts;
++    }
+ 
+     /* Sanity check */
+     if (thispart <= 0 || (nparts && thispart > nparts)) {