Received: by mail.netbsd.org (Postfix, from userid 605) id DC60E84F49; Sun, 17 Jun 2018 11:40:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D412884E70 for ; Sun, 17 Jun 2018 11:40:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 2uxSMmIaZSl5 for ; Sun, 17 Jun 2018 11:40:03 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 9DFF584E58 for ; Sun, 17 Jun 2018 11:40:03 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 89187FBEC; Sun, 17 Jun 2018 11:40:03 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1529235603224080" MIME-Version: 1.0 Date: Sun, 17 Jun 2018 11:40:03 +0000 From: "S.P.Zeidler" Subject: CVS commit: [pkgsrc-2018Q1] pkgsrc/security/mcrypt To: pkgsrc-changes@NetBSD.org Reply-To: spz@netbsd.org X-Mailer: log_accum Message-Id: <20180617114003.89187FBEC@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1529235603224080 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: spz Date: Sun Jun 17 11:40:03 UTC 2018 Modified Files: pkgsrc/security/mcrypt [pkgsrc-2018Q1]: Makefile distinfo Added Files: pkgsrc/security/mcrypt/patches [pkgsrc-2018Q1]: patch-doc_mcrypt.1 patch-src_errors.c patch-src_extra.c patch-src_gaaout.c patch-src_mcrypt.c patch-src_mcrypt.gaa patch-src_mcrypt__int.h patch-src_rfc2440.c Log Message: Pullup ticket #5765 - requested by bsiegert security/mcrypt: security patches Revisions pulled up: - security/mcrypt/Makefile 1.27 - security/mcrypt/distinfo 1.9 - security/mcrypt/patches/patch-doc_mcrypt.1 1.1 - security/mcrypt/patches/patch-src_errors.c 1.1 - security/mcrypt/patches/patch-src_extra.c 1.1 - security/mcrypt/patches/patch-src_gaaout.c 1.1 - security/mcrypt/patches/patch-src_mcrypt.c 1.1 - security/mcrypt/patches/patch-src_mcrypt.gaa 1.1 - security/mcrypt/patches/patch-src_mcrypt__int.h 1.1 - security/mcrypt/patches/patch-src_rfc2440.c 1.1 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: ginsbach Date: Wed May 30 14:58:03 UTC 2018 Modified Files: pkgsrc/security/mcrypt: Makefile distinfo Added Files: pkgsrc/security/mcrypt/patches: patch-doc_mcrypt.1 patch-src_errors.c patch-src_extra.c patch-src_gaaout.c patch-src_mcrypt.c patch-src_mcrypt.gaa patch-src_mcrypt__int.h patch-src_rfc2440.c Log Message: Add various patches from (Brew, Debian, Red Hat, SUSE) Upstream for mcrypt is effectively dead so incorporate patches from other OSS packaging systems. These patches address the following: * CVE-2012-4409 (fix) * CVE-2012-4527 (fix) * Spelling and grammar fixes for man page * Fix potential format-string attacks (no vulnerability Id) * Fix potential buffer overflows (no vulnerability Id) * Make native format default as in Debian, Red Hat, and SUSE since openpgp format handling is seriously broken. * Fix ARM build [unclear if this is necessary for non-Linux systems] * Correct include file for OSX To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/security/mcrypt/Makefile cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/mcrypt/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1 \ pkgsrc/security/mcrypt/patches/patch-src_errors.c \ pkgsrc/security/mcrypt/patches/patch-src_extra.c \ pkgsrc/security/mcrypt/patches/patch-src_gaaout.c \ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c \ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa \ pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h \ pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.26.28.1 pkgsrc/security/mcrypt/Makefile cvs rdiff -u -r1.8 -r1.8.22.1 pkgsrc/security/mcrypt/distinfo cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1 \ pkgsrc/security/mcrypt/patches/patch-src_errors.c \ pkgsrc/security/mcrypt/patches/patch-src_extra.c \ pkgsrc/security/mcrypt/patches/patch-src_gaaout.c \ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c \ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa \ pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h \ pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1529235603224080 Content-Disposition: inline Content-Length: 15488 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/mcrypt/Makefile diff -u pkgsrc/security/mcrypt/Makefile:1.26 pkgsrc/security/mcrypt/Makefile:1.26.28.1 --- pkgsrc/security/mcrypt/Makefile:1.26 Thu Mar 5 22:47:54 2015 +++ pkgsrc/security/mcrypt/Makefile Sun Jun 17 11:40:03 2018 @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.26 2015/03/05 22:47:54 tnn Exp $ +# $NetBSD: Makefile,v 1.26.28.1 2018/06/17 11:40:03 spz Exp $ DISTNAME= mcrypt-2.6.8 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=mcrypt/} Index: pkgsrc/security/mcrypt/distinfo diff -u pkgsrc/security/mcrypt/distinfo:1.8 pkgsrc/security/mcrypt/distinfo:1.8.22.1 --- pkgsrc/security/mcrypt/distinfo:1.8 Wed Nov 4 01:17:50 2015 +++ pkgsrc/security/mcrypt/distinfo Sun Jun 17 11:40:03 2018 @@ -1,6 +1,14 @@ -$NetBSD: distinfo,v 1.8 2015/11/04 01:17:50 agc Exp $ +$NetBSD: distinfo,v 1.8.22.1 2018/06/17 11:40:03 spz Exp $ SHA1 (mcrypt-2.6.8.tar.gz) = 8ae0e866714fbbb96a0a6fa9f099089dc93f1d86 RMD160 (mcrypt-2.6.8.tar.gz) = 5115c679ee5d34b9fb9e976c12240c48370df514 SHA512 (mcrypt-2.6.8.tar.gz) = eae5f831e950df69eb93efc8314100b4b5dc8a535b1d00f500e6b25382efcec321346776a92dadf101b878ef46a47de2e9e81f5ddf5c73563ece4741f169c8d1 Size (mcrypt-2.6.8.tar.gz) = 471915 bytes +SHA1 (patch-doc_mcrypt.1) = 93ccc6b07b09535e09d65e2862571b1c592fc141 +SHA1 (patch-src_errors.c) = b8467130c6cc7f3a650d8a737e1b5a75c8db5e9e +SHA1 (patch-src_extra.c) = f265989f7e8ad7ec6fd8afece3b8a785f49d13ae +SHA1 (patch-src_gaaout.c) = 73001f8b98dc87354f7550e2080ac7ab3a59ceb6 +SHA1 (patch-src_mcrypt.c) = c1c99aa4dcf5912e43ab831f0ee32611ea029400 +SHA1 (patch-src_mcrypt.gaa) = 1fefccbf336a99bcb83dd05739c53a40b1f0a9ce +SHA1 (patch-src_mcrypt__int.h) = 94caaff9bb0d48c6c6406e3f8965db82e7f93408 +SHA1 (patch-src_rfc2440.c) = 4c7b885bfa9e451f3082e3338eadcaedbbb9d6cc Added files: Index: pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1 diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-doc_mcrypt.1 Sun Jun 17 11:40:03 2018 @@ -0,0 +1,70 @@ +$NetBSD: patch-doc_mcrypt.1,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Spelling and grammar fixes. + + From: Red Hat, SUSE + +--- doc/mcrypt.1.orig 2003-09-08 17:25:41.000000000 +0000 ++++ doc/mcrypt.1 +@@ -81,7 +81,7 @@ two blocks in CBC and CFB modes, but onl + Mcrypt uses a 32 bit CRC to check for errors in the encrypted files. + .PP + .B Extra security: +-For the very paranoid, if mcrypt is executed with superuser priviledges it ++For the very paranoid, if mcrypt is executed with superuser privileges it + ensures that no important data (keys etc.) are written to disk, as swap etc. + Keep in mind that mcrypt was not designed to be a setuid program, so you + shouldn't make it one. +@@ -165,11 +165,11 @@ license and quit. + .TP + .B \-o --keymode MODE + MODE may be one of the keymodes listed by the --list-keymodes parameter. +-It actually is the convertion to the key before it is fed to the algorithm. ++It actually is the conversion to the key before it is fed to the algorithm. + It is recommended to leave it as is, if you do not know what it is. + However if you still want to use this option, you might want to + use the 'hex' mode which allows you to specify the key in hex +-(and no convertion will by applied). ++(and no conversion will be applied). + .TP + .B \-h --hash HASH_ALGORITHM + HASH_ALGORITHM may be one of the algorithms listed by the --list-hash parameter. +@@ -194,10 +194,10 @@ The security lies on the algorithm not o + default. This flag must also be specified when decrypting a bare encrypted + file. + When the bare flag is specified decryption and encryption are faster. This +-may be usefull when using mcrypt to encrypt a link or something like that. ++may be useful when using mcrypt to encrypt a link or something like that. + .TP + .B --flush +-Flushes the output (ciphertext or plaintext) immediately. Usefull if mcrypt ++Flushes the output (ciphertext or plaintext) immediately. Useful if mcrypt + is used with pipes. + .TP + .B --time +@@ -205,7 +205,7 @@ Prints some timing information (encrypti + .TP + .B --nodelete + When this option is specified mcrypt does not delete the output file, even +-if decryption failed. This is usefull if you want to decrypt a corrupted ++if decryption failed. This is useful if you want to decrypt a corrupted + file. + .TP + .B \-q --quiet +@@ -217,13 +217,13 @@ succeeds. This is not the default in ord + to remove sensitive data. + .TP + .B \ --list +-Lists all the algorithms current supported. ++Lists all the algorithms currently supported. + .TP + .B \ --list-keymodes +-Lists all the key modes current supported. ++Lists all the key modes currently supported. + .TP + .B \ --list-hash +-Lists all the hash algorithms current supported. ++Lists all the hash algorithms currently supported. + .TP + .B \-r --random + Use /dev/(s)random instead of /dev/urandom. This may need some key input Index: pkgsrc/security/mcrypt/patches/patch-src_errors.c diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_errors.c:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_errors.c Sun Jun 17 11:40:03 2018 @@ -0,0 +1,38 @@ +$NetBSD: patch-src_errors.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Fix potential format-string attacks via filename arguments and + possibly others. (No vulnerability Id) + + From: Debian, Red Hat, SUSE + +--- src/errors.c.orig 2007-11-07 17:10:19.000000000 +0000 ++++ src/errors.c +@@ -24,24 +24,24 @@ extern int quiet; + + void err_quit(char *errmsg) + { +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + exit(-1); + } + + void err_warn(char *errmsg) + { + if (quiet <= 1) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_info(char *errmsg) + { + if (quiet == 0) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_crit(char *errmsg) + { + if (quiet <= 2) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } Index: pkgsrc/security/mcrypt/patches/patch-src_extra.c diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_extra.c:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_extra.c Sun Jun 17 11:40:03 2018 @@ -0,0 +1,51 @@ +$NetBSD: patch-src_extra.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Fix buffer overflow when decrypting a file with a too long salt. + (CVE-2012-4409) +* Fix other potential buffer overflows in check_file_head. + (No vulnerability Id) + + From: Debian, Red Hat, SUSE + +--- src/extra.c.orig 2007-11-07 17:10:20.000000000 +0000 ++++ src/extra.c +@@ -223,7 +223,8 @@ int check_file_head(FILE * fstream, char + } + + read_until_null(tmp_buf, fstream); +- strcpy(algorithm, tmp_buf); ++ strncpy(algorithm, tmp_buf, 50); ++ algorithm[49] = '\0'; + + fread(&keylen, sizeof(short int), 1, fstream); + #ifdef WORDS_BIGENDIAN +@@ -233,15 +234,19 @@ int check_file_head(FILE * fstream, char + #endif + + read_until_null(tmp_buf, fstream); +- strcpy(mode, tmp_buf); ++ strncpy(mode, tmp_buf, 50); ++ mode[49] = '\0'; + + read_until_null(tmp_buf, fstream); +- strcpy(keymode, tmp_buf); ++ strncpy(keymode, tmp_buf, 50); ++ keymode[49] = '\0'; + fread(&sflag, 1, 1, fstream); + if (m_getbit(6, flags) == 1) { /* if the salt bit is set */ + if (m_getbit(0, sflag) != 0) { /* if the first bit is set */ + *salt_size = m_setbit(0, sflag, 0); + if (*salt_size > 0) { ++ if (*salt_size > sizeof(tmp_buf)) ++ err_quit(_("Salt is too long\n")); + fread(tmp_buf, 1, *salt_size, + fstream); + memmove(salt, tmp_buf, *salt_size); +@@ -503,6 +508,7 @@ char **read_key_file(char *file, int *nu + } + + *num = x; ++ fclose(FROMF); + + return keys; + Index: pkgsrc/security/mcrypt/patches/patch-src_gaaout.c diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_gaaout.c:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_gaaout.c Sun Jun 17 11:40:03 2018 @@ -0,0 +1,36 @@ +$NetBSD: patch-src_gaaout.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Fix ARM build [XXX needed?] +* Make native format default like in Debian, Red Hat, and SUSE since + openpgp format handling is seriously broken. + +From: Debian, Red Hat, SUSE + +--- src/gaaout.c.orig 2007-06-09 08:39:14.000000000 +0000 ++++ src/gaaout.c +@@ -5,6 +5,7 @@ + + + #include ++#include "mcrypt_int.h" + + #include + #include +@@ -123,7 +124,7 @@ void gaa_help(void) + { + printf(_("Mcrypt encrypts and decrypts files with symmetric encryption algorithms.\nUsage: mcrypt [-dFusgbhLvrzp] [-f keyfile] [-k key1 key2 ...] [-m mode] [-o keymode] [-s keysize] [-a algorithm] [-c config_file] [file ...]\n\n")); + __gaa_helpsingle('g', "openpgp", "", _("Use the OpenPGP (RFC2440) file format.")); +- __gaa_helpsingle(0, "no-openpgp", "", _("Use the native (mcrypt) file format.")); ++ __gaa_helpsingle(0, "no-openpgp", "", _("Use the native (mcrypt) file format. (DEFAULT)")); + __gaa_helpsingle(0, "openpgp-z", _("INTEGER "), _("Sets the compression level for openpgp packets (0 disables).")); + __gaa_helpsingle('d', "decrypt", "", _("decrypts.")); + __gaa_helpsingle('s', "keysize", _("INTEGER "), _("Set the algorithm's key size (in bytes).")); +@@ -1036,7 +1037,7 @@ int gaa(int argc, char **argv, gaainfo * + gaaval->config_file=NULL; gaaval->mode=NULL; gaaval->input=NULL; gaaval->ed_specified=0; + gaaval->double_check=0; gaaval->noecho=1; gaaval->flush=0; gaaval->keysize=0; + gaaval->algorithms_directory=NULL; gaaval->modes_directory=NULL; gaaval->nodelete=0; +- gaaval->hash=NULL; gaaval->timer=0; gaaval->openpgp=1; gaaval->openpgp_z = 0; ;}; ++ gaaval->hash=NULL; gaaval->timer=0; gaaval->openpgp=0; gaaval->openpgp_z = 0; ;}; + + } + inited = 1; Index: pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.c Sun Jun 17 11:40:03 2018 @@ -0,0 +1,57 @@ +$NetBSD: patch-src_mcrypt.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Fix potential long filename buffer overlow (CVE-2012-4527) + +From: Debian, Red Hat, SUSE + +--- src/mcrypt.c.orig 2007-11-07 17:10:21.000000000 +0000 ++++ src/mcrypt.c +@@ -46,3 +46,3 @@ static char rcsid[] = + +-char tmperr[128]; ++char tmperr[PATH_MAX + 128]; + unsigned int stream_flag = FALSE; +@@ -484,3 +484,3 @@ int main(int argc, char **argv) + if (is_normal_file(file[i]) == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, sizeof(tmperr), + _ +@@ -503,3 +503,3 @@ int main(int argc, char **argv) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, sizeof(tmperr), + _ +@@ -522,3 +522,3 @@ int main(int argc, char **argv) + && (stream_flag == TRUE) && (force == 0)) { /* not a tty */ +- sprintf(tmperr, ++ snprintf(tmperr, sizeof(tmperr), + _ +@@ -546,3 +546,3 @@ int main(int argc, char **argv) + if (strstr(outfile, ".nc") != NULL) { +- sprintf(tmperr, ++ snprintf(tmperr, sizeof(tmperr), + _ +@@ -592,3 +592,5 @@ int main(int argc, char **argv) + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was decrypted.\n"), dinfile); ++ snprintf(tmperr, sizeof(tmperr), ++ _ ++ ("File %s was decrypted.\n"), dinfile); + err_warn(tmperr); +@@ -612,3 +614,3 @@ int main(int argc, char **argv) + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, sizeof(tmperr), + _ +@@ -638,3 +640,5 @@ int main(int argc, char **argv) + if (stream_flag == FALSE) { +- sprintf(tmperr, _("File %s was encrypted.\n"), einfile); ++ snprintf(tmperr, sizeof(tmperr), ++ _ ++ ("File %s was encrypted.\n"), einfile); + err_warn(tmperr); +@@ -657,3 +661,3 @@ int main(int argc, char **argv) + if (stream_flag == FALSE) { +- sprintf(tmperr, ++ snprintf(tmperr, sizeof(tmperr), + _ Index: pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_mcrypt.gaa Sun Jun 17 11:40:03 2018 @@ -0,0 +1,27 @@ +$NetBSD: patch-src_mcrypt.gaa,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Make native format default like in Debian, Red Hat, and SUSE since + openpgp format handling is seriously broken. + +From: Debian, Red Hat, SUSE + +--- src/mcrypt.gaa.orig 2007-06-09 08:38:38.000000000 +0000 ++++ src/mcrypt.gaa +@@ -12,7 +12,7 @@ helpnode "Mcrypt encrypts and decrypts f + + #int openpgp; + option (g, openpgp) { $openpgp = 1 } "Use the OpenPGP (RFC2440) file format." +-option (no-openpgp) { $openpgp = 0 } "Use the native (mcrypt) file format." ++option (no-openpgp) { $openpgp = 0 } "Use the native (mcrypt) file format. (DEFAULT)" + + #int openpgp_z; + option (openpgp-z) INT "INTEGER" { $openpgp_z = $1 } "Sets the compression level for openpgp packets (0 disables)." +@@ -119,7 +119,7 @@ init { $force=0; $quiet=1; $real_random_ + $config_file=NULL; $mode=NULL; $input=NULL; $ed_specified=0; + $double_check=0; $noecho=1; $flush=0; $keysize=0; + $algorithms_directory=NULL; $modes_directory=NULL; $nodelete=0; +- $hash=NULL; $timer=0; $openpgp=1; $openpgp_z = 0; } ++ $hash=NULL; $timer=0; $openpgp=0; $openpgp_z = 0; } + + INCOMP kf + INCOMP Vq Index: pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_mcrypt__int.h Sun Jun 17 11:40:03 2018 @@ -0,0 +1,17 @@ +$NetBSD: patch-src_mcrypt__int.h,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Fix ARM build [XXX needed?] + +From: Red Hat, SUSE + +--- src/mcrypt_int.h.orig 2003-09-08 17:25:50.000000000 +0000 ++++ src/mcrypt_int.h +@@ -15,3 +15,8 @@ void rol_buf(void * buffer, int buffersi + void mcrypt_version(); + void mcrypt_license(); + void usage(void); ++ ++int print_list(void); ++int print_hashlist(void); ++int print_keylist(void); ++ Index: pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c diff -u /dev/null pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c:1.1.2.2 --- /dev/null Sun Jun 17 11:40:03 2018 +++ pkgsrc/security/mcrypt/patches/patch-src_rfc2440.c Sun Jun 17 11:40:03 2018 @@ -0,0 +1,30 @@ +$NetBSD: patch-src_rfc2440.c,v 1.1.2.2 2018/06/17 11:40:03 spz Exp $ + +* Correct include file for OSX +* Minor consistency change (previously len was uninitialized) + +From: Brew, Red Hat, SUSE + +--- src/rfc2440.c.orig 2008-11-16 19:50:01.000000000 +0000 ++++ src/rfc2440.c +@@ -23,7 +23,11 @@ + #include + #endif + #include ++#ifdef __APPLE__ ++#include ++#else + #include ++#endif + + #include "xmalloc.h" + #include "keys.h" +@@ -409,7 +413,7 @@ length_decode(const uchar *buf, int pos, + len += (buf[pos+1] + 192); + } + else if (buf[pos] == 255) { +- len += (buf[pos+1] << 24); ++ len = (buf[pos+1] << 24); + len += (buf[pos+2] << 16); + len += (buf[pos+3] << 8); + len += buf[pos+4]; --_----------=_1529235603224080--