 @@ -1,14 +1,14 @@
-# $NetBSD: Makefile,v 1.219 2017/01/03 17:53:14 jperkin Exp $
+# $NetBSD: Makefile,v 1.220 2017/04/19 21:42:50 joerg Exp $
 # Notes to package maintainers:
+#
 # Updating this package does not automatically necessitate bumping
 # PKGTOOLS_REQD in bsd.pkg.mk. Do so if and only if there is a critical
 # change in the pkg_* tools that pkgsrc relies on for proper operation.
 PKGNAME=		pkg_install-${VERSION}
 PKGREVISION=		1
 CATEGORIES=		pkgtools
 MAINTAINER=		agc@NetBSD.org
 HOMEPAGE=		http://www.pkgsrc.org/
 @@ -94,28 +94,28 @@ FILES_SUBST+=		PKG_DBDIR=${PKG_DBDIR}
 			MKDIR=${MKDIR:Q}
 MESSAGE_SUBST+=		PKGVULNDIR=${PKG_DBDIR}			\
 			EGDIR=${EGDIR}
 .include "../../mk/compiler.mk"
 .if !empty(CC_VERSION:Mclang*)
 MAKE_FLAGS+=		ACTIVE_CC=clang
 .endif
 VERSION!=		${AWK} '/PKGTOOLS_VERSION/ {print $$3}' \
 			${FILESDIR}/lib/version.h
-# raw format appeared in libarchive 2.8.
+# Requires 3.x filter API and bugfixes.
-BUILDLINK_API_DEPENDS.libarchive+=	libarchive>=2.8.0
+BUILDLINK_API_DEPENDS.libarchive+=	libarchive>=3.3.1
 .include "../../archivers/bzip2/builtin.mk"
 .include "../../archivers/xz/builtin.mk"
 .include "../../archivers/libarchive/builtin.mk"
 .include "../../devel/zlib/builtin.mk"
 .include "../../security/openssl/builtin.mk"
 .include "options.mk"
 .if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 CONFIGURE_ARGS+=	--with-ssl
 .include "../../security/openssl/buildlink3.mk"
 @@ -171,69 +171,69 @@ CPPFLAGS.Cygwin+=	-DLIBARCHIVE_STATIC
 # Make sure that the linker used our static library instead of the
 # (outdated) dynamic library "/usr/lib/libarchive.dylib".
 LDFLAGS.Darwin+=	-Wl,-search_paths_first
 # workaround for pkg/45491
 CONFIGURE_ENV.SunOS+=	ac_cv_header_ext2fs_ext2_fs_h=no
 # Hack to make sure that the libarchive version is replaced
 pre-configure: config-guess-override config-sub-override
 .endif
 CPPFLAGS+=	-I${WRKDIR}/libfetch
 LDFLAGS+=	-L${WRKDIR}/libfetch
 # Avoid duplicate and conflicting headers, pull in any we need
-# directly with <netpgpgverify/*.h>
+# directly with <netpgpg/*.h>
 CPPFLAGS+=	-I${WRKDIR}
-LDFLAGS+=	-L${WRKDIR}/netpgpverify
+LDFLAGS+=	-L${WRKDIR}/netpgp
 CONFIGURE_ENV+=	LIBS=${LIBS:Q}
 do-extract:
 	@${CP} -R ${FILESDIR} ${WRKSRC}
 .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS])
 	@${CP} -R ${FILESDIR.bzip2} ${WRKDIR}/bzip2
 .endif
 .if empty(USE_BUILTIN.zlib:M[yY][eE][sS])
 	@${CP} -R ${FILESDIR.zlib} ${WRKDIR}/zlib
 .endif
 .if empty(USE_BUILTIN.libarchive:M[yY][eE][sS])
 	@${CP} -R ${FILESDIR.libarchive} ${WRKDIR}/libarchive
 .endif
 	@${CP} -R ${FILESDIR.libfetch} ${WRKDIR}/libfetch
-	@${CP} -R ${FILESDIR.netpgpverify} ${WRKDIR}/netpgpverify
+	@${CP} -R ${FILESDIR.netpgpverify} ${WRKDIR}/netpgp
 pre-configure:
 .if empty(USE_BUILTIN.bzip2:M[yY][eE][sS])
 	cd ${WRKDIR}/bzip2 && ${BUILD_MAKE_CMD} libbz2.a
 .endif
 .if empty(USE_BUILTIN.zlib:M[yY][eE][sS])
 	cd ${WRKDIR}/zlib && ${BUILD_MAKE_CMD} libz.a
 .endif
 .if empty(USE_BUILTIN.libarchive:M[yY][eE][sS])
 	cd ${WRKDIR}/libarchive && ${SETENV} ${_CONFIGURE_SCRIPT_ENV}	\
 		${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure	\
 		--disable-bsdcpio --disable-bsdtar --disable-shared	\
 		--disable-dependency-tracking --without-expat		\
 		--disable-maintainer-mode				\
 		--without-iconv --without-lzo2 --without-nettle		\
 		--without-xml2 --without-lz4				\
 		${LIBARCHIVE_CONFIGURE_ARGS}
 	cd ${WRKDIR}/libarchive && ${BUILD_MAKE_CMD}
 .endif
 	cd ${WRKDIR}/libfetch && ${TOUCH} fetch.cat3 &&			\
 		${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV}			\
 		${MAKE_PROGRAM} ${MAKE_FLAGS} ${BUILD_MAKE_FLAGS}	\
 			-f ${MAKE_FILE} depend all
-	cd ${WRKDIR}/netpgpverify &&					\
+	cd ${WRKDIR}/netpgp &&					\
 	${SED} -e '/zlib/d' Makefile.lib.in >Makefile.in &&		\
 	${RM} -f bzlib.h zlib.h &&					\
 	${CONFIG_SHELL} ${CONFIG_SHELL_FLAGS} ./configure &&		\
 	${SETENV} ${MAKE_ENV} ${BSD_MAKE_ENV} ${MAKE_PROGRAM}		\
 		${MAKE_FLAGS} ${BUILD_MAKE_FLAGS} -f ${MAKE_FILE} all
 # XXX Reverse the order that update does things since
 # XXX we need pkg_delete built before we can deinstall.
 # XXX This should probably be the default order for all packages.
 update:
 	${MAKE}
 	${MAKE} deinstall _UPDATE_RUNNING=YES
 	${MAKE} ${UPDATE_TARGET}

 @@ -1,22 +1,22 @@
-/*	$NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $	*/
+/*	$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: perform.c,v 1.108 2015/12/27 12:36:42 joerg Exp $");
+__RCSID("$NetBSD: perform.c,v 1.109 2017/04/19 21:42:50 joerg Exp $");
 /*-
  * Copyright (c) 2003 Grant Beattie <grant@NetBSD.org>
  * Copyright (c) 2005 Dieter Baron <dillo@NetBSD.org>
  * Copyright (c) 2007 Roland Illig <rillig@NetBSD.org>
  * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>
  * Copyright (c) 2010 Thomas Klausner <wiz@NetBSD.org>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
 @@ -40,26 +40,27 @@ __RCSID("$NetBSD: perform.c,v 1.108 2015
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #include <sys/utsname.h>
 #include <sys/stat.h>
 #if HAVE_ERR_H
 #include <err.h>
 #endif
 #include <errno.h>
 #if HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <archive.h>
 #include <archive_entry.h>
 #include "lib.h"
 #include "add.h"
 #include "version.h"
 struct pkg_meta {
 	char *meta_contents;
 @@ -817,28 +818,27 @@ extract_files(struct pkg_task *pkg)
+	}
 	if (pkg->entry != NULL) {
 		warnx("Package contains entries not in PLIST: %s",
 		    archive_entry_pathname(pkg->entry));
 		goto out;
+	}
 	r = 0;
 out:
 	if (!NoRecord)
 		pkgdb_close();
-	archive_write_close(writer);
+	archive_write_free(writer);
 	archive_write_finish(writer);
 	return r;
+}
 /*
  * Register dependencies after sucessfully installing the package.
  */
 static void
 pkg_register_depends(struct pkg_task *pkg)
+{
 	int fd;
 	size_t text_len, i;
 	char *required_by, *text;
 @@ -1363,56 +1363,47 @@ check_license(struct pkg_task *pkg)
 	default:
 		warnx("Invalid LICENSE for package `%s'", pkg->pkgname);
 		return 1;
+	}
 #endif
+}
 /*
  * Install a single package.
  */
 static int
 pkg_do(const char *pkgpath, int mark_automatic, int top_level)
+{
 #ifndef BOOTSTRAP
 	char *archive_name;
 #endif
 	int status, invalid_sig;
 	struct pkg_task *pkg;
 	pkg = xcalloc(1, sizeof(*pkg));
 	status = -1;
 #ifdef BOOTSTRAP
 	pkg->archive = archive_read_new();
 	archive_read_support_compression_all(pkg->archive);
 	archive_read_support_format_all(pkg->archive);
 	if (archive_read_open_filename(pkg->archive, pkgpath, 1024)) {
 		warnx("no pkg found for '%s', sorry.", pkgpath);
 		archive_read_free(pkg->archive);
 		goto clean_find_archive;
 #else
 	pkg->archive = find_archive(pkgpath, top_level, &archive_name);
 	if (pkg->archive == NULL) {
 		warnx("no pkg found for '%s', sorry.", pkgpath);
 		goto clean_find_archive;
+	}
 #ifndef BOOTSTRAP
 	invalid_sig = pkg_verify_signature(archive_name, &pkg->archive, &pkg->entry,
 	    &pkg->pkgname);
-	free(archive_name);
+#else
 	invalid_sig = 0;
 #endif
 	free(archive_name);
 	if (pkg->archive == NULL)
 		goto clean_memory;
 	if (read_meta_data(pkg))
 		goto clean_memory;
 	/* Parse PLIST early, so that messages can use real package name. */
 	if (pkg_parse_plist(pkg))
 		goto clean_memory;
 	if (check_signature(pkg, invalid_sig))
 		goto clean_memory;
 @@ -1562,27 +1553,27 @@ nuke_pkgdb:
 clean_memory:
 	if (pkg->logdir != NULL && NoRecord && !Fake) {
 		if (recursive_remove(pkg->install_logdir, 1))
 			warn("Couldn't remove %s", pkg->install_logdir);
+	}
 	free(pkg->install_prefix);
 	free(pkg->install_logdir_real);
 	free(pkg->install_logdir);
 	free(pkg->logdir);
 	free_buildinfo(pkg);
 	free_plist(&pkg->plist);
 	free_meta_data(pkg);
 	if (pkg->archive)
-		archive_read_finish(pkg->archive);
+		archive_read_free(pkg->archive);
 	free(pkg->other_version);
 	free(pkg->pkgname);
 clean_find_archive:
 	free(pkg);
 	return status;
+}
 int
 pkg_perform(lpkg_head_t *pkgs)
+{
 	int     errors = 0;
 	lpkg_t *lpp;

 @@ -1,23 +1,23 @@
-/*	$NetBSD: build.c,v 1.16 2014/12/30 15:13:20 wiz Exp $	*/
+/*	$NetBSD: build.c,v 1.17 2017/04/19 21:42:50 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: build.c,v 1.16 2014/12/30 15:13:20 wiz Exp $");
+__RCSID("$NetBSD: build.c,v 1.17 2017/04/19 21:42:50 joerg Exp $");
 /*-
  * Copyright (c) 2007 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * This code was developed as part of Google's Summer of Code 2007 program.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
 @@ -223,57 +223,56 @@ write_normal_file(const char *name, stru
 static void
 make_dist(const char *pkg, const char *suffix, const package_t *plist)
+{
 	char *archive_name;
 	const char *owner, *group;
 	const plist_t *p;
 	struct archive *archive;
 	struct archive_entry *entry, *sparse_entry;
 	struct archive_entry_linkresolver *resolver;
 	char *initial_cwd;
 	archive = archive_write_new();
 	archive_write_set_format_pax_restricted(archive);
 	archive_write_set_options(archive, "hdrcharset=BINARY");
 	if ((resolver = archive_entry_linkresolver_new()) == NULL)
 		errx(2, "cannot create link resolver");
 	archive_entry_linkresolver_set_strategy(resolver,
 	    archive_format(archive));
 	if (CompressionType == NULL) {
 		if (strcmp(suffix, "tbz") == 0 ||
 		    strcmp(suffix, "tar.bz2") == 0)
 			CompressionType = "bzip2";
 		else if (strcmp(suffix, "tgz") == 0 ||
 		    strcmp(suffix, "tar.gz") == 0)
 			CompressionType = "gzip";
 		else
 			CompressionType = "none";
+	}
 	if (strcmp(CompressionType, "bzip2") == 0)
-		archive_write_set_compression_bzip2(archive);
+		archive_write_add_filter_bzip2(archive);
 	else if (strcmp(CompressionType, "gzip") == 0)
-		archive_write_set_compression_gzip(archive);
+		archive_write_add_filter_gzip(archive);
 	else if (strcmp(CompressionType, "xz") == 0)
-		archive_write_set_compression_xz(archive);
+		archive_write_add_filter_xz(archive);
-	else if (strcmp(CompressionType, "none") == 0)
+	else if (strcmp(CompressionType, "none") != 0)
 		archive_write_set_compression_none(archive);
 	else
 		errx(1, "Unspported compression type for -F: %s",
 		    CompressionType);
 	archive_name = xasprintf("%s.%s", pkg, suffix);
-	if (archive_write_open_file(archive, archive_name))
+	if (archive_write_open_filename(archive, archive_name))
 		errx(2, "cannot create archive: %s", archive_error_string(archive));
 	free(archive_name);
 	owner = DefaultOwner;
 	group = DefaultGroup;
 	write_meta_file(contents_file, archive);
 	write_meta_file(comment_file, archive);
 	write_meta_file(desc_file, archive);
 	if (Install)
 		write_meta_file(install_file, archive);
 @@ -314,29 +313,28 @@ make_dist(const char *pkg, const char *s
+		}
+	}
 	entry = NULL;
 	archive_entry_linkify(resolver, &entry, &sparse_entry);
 	while (entry != NULL) {
 		write_entry(archive, entry);
 		entry = NULL;
 		archive_entry_linkify(resolver, &entry, &sparse_entry);
+	}
 	archive_entry_linkresolver_free(resolver);
-	if (archive_write_close(archive))
+	if (archive_write_free(archive))
 		errx(2, "cannot finish archive: %s", archive_error_string(archive));
 	archive_write_finish(archive);
 	free(initial_cwd);
+}
 static struct memory_file *
 load_and_add(package_t *plist, const char *input_name,
     const char *target_name, mode_t perm)
+{
 	struct memory_file *file;
 	file = load_memory_file(input_name, target_name, DefaultOwner,
 	    DefaultGroup, perm);
 	add_plist(plist, PLIST_IGNORE, NULL);

 @@ -1,29 +1,23 @@
-/*	$NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $	*/
+/*	$NetBSD: perform.c,v 1.63 2017/04/19 21:42:50 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-#if HAVE_SYS_QUEUE_H
+__RCSID("$NetBSD: perform.c,v 1.63 2017/04/19 21:42:50 joerg Exp $");
 #include <sys/queue.h>
 #endif
 #if HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
 __RCSID("$NetBSD: perform.c,v 1.62 2014/12/30 15:13:20 wiz Exp $");
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -63,50 +57,47 @@ __RCSID("$NetBSD: perform.c,v 1.62 2014/
  * This is the main body of the info module.
+ *
  */
 #include "lib.h"
 #include "info.h"
 #if HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
 #if HAVE_SYS_QUEUE_H
 #include <sys/queue.h>
 #endif
 #if HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
 #ifndef BOOTSTRAP
 #include <archive.h>
 #include <archive_entry.h>
 #endif
 #if HAVE_ERR_H
 #include <err.h>
 #endif
-#if HAVE_ERRNO_H
+#include <ctype.h>
 #include <dirent.h>
 #include <errno.h>
 #endif
 #if HAVE_FCNTL_H
 #include <fcntl.h>
-#endif
+#include <limits.h>
 #if HAVE_SIGNAL_H
 #include <signal.h>
 #endif
 #if HAVE_DIRENT_H
 #include <dirent.h>
 #endif
 #if HAVE_CTYPE_H
 #include <ctype.h>
 #endif
 #include <stddef.h>
 #include <signal.h>
 #define	LOAD_CONTENTS		(1 << 0)
 #define	LOAD_COMMENT		(1 << 1)
 #define	LOAD_DESC		(1 << 2)
 #define	LOAD_INSTALL		(1 << 3)
 #define	LOAD_DEINSTALL		(1 << 4)
 #define	LOAD_DISPLAY		(1 << 5)
 #define	LOAD_MTREE		(1 << 6)
 #define	LOAD_BUILD_VERSION	(1 << 7)
 #define	LOAD_BUILD_INFO		(1 << 8)
 #define	LOAD_SIZE_PKG		(1 << 9)
 #define	LOAD_SIZE_ALL		(1 << 10)
 #define	LOAD_PRESERVE		(1 << 11)
 @@ -348,27 +339,27 @@ pkg_do(const char *pkg)
 		archive = open_archive(pkg, &archive_name);
 		if (archive == NULL) {
 			warnx("can't find package `%s', skipped", pkg);
 			return -1;
+		}
 		pkgname = NULL;
 		entry = NULL;
 		pkg_verify_signature(archive_name, &archive, &entry, &pkgname);
 		if (archive == NULL)
 			return -1;
 		free(pkgname);
 		meta = read_meta_data_from_archive(archive, entry);
-		archive_read_finish(archive);
+		archive_read_free(archive);
 		if (!IS_URL(pkg))
 			binpkgfile = pkg;
 #endif
 	} else {
 		/*
 	         * It's not an uninstalled package, try and find it among the
 	         * installed
 	         */
 		pkgdir = pkgdb_pkg_dir(pkg);
 		if (!fexists(pkgdir) || !(isdir(pkgdir) || islinktodir(pkgdir))) {
 			switch (add_installed_pkgs_by_basename(pkg, &pkgs)) {
 			case 1:
 				return 0;

 @@ -1,23 +1,23 @@
-/*	$NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $	*/
+/*	$NetBSD: gpgsig.c,v 1.6 2017/04/19 21:42:50 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07/06 21:00:04 agc Exp $");
+__RCSID("$NetBSD: gpgsig.c,v 1.6 2017/04/19 21:42:50 joerg Exp $");
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -40,66 +40,68 @@ __RCSID("$NetBSD: gpgsig.c,v 1.5 2016/07
 #include <sys/wait.h>
 #ifndef NETBSD
 #include <nbcompat/err.h>
 #else
 #include <err.h>
 #endif
 #ifndef NETBSD
 #include <nbcompat/stdlib.h>
 #else
 #include <stdlib.h>
 #endif
 #include <netpgp/verify.h>
 #include "lib.h"
 #include "netpgpverify/verify.h"
 int
 gpg_verify(const char *content, size_t len, const char *keyring,
     const char *sig, size_t sig_len)
+{
 	pgpv_t *pgp;
 	pgpv_cursor_t *cursor;
 	static const char hdr1[] = "-----BEGIN PGP SIGNED MESSAGE-----\n";
 	static const char hdr2[] = "Hash: SHA512\n\n";
 	ssize_t buflen;
-	char *buf;
+	char *allocated_buf;
 	const char *buf;
 	/*
 	 * If there is a detached signature we need to construct a format that
 	 * netpgp can parse, otherwise use as-is.
 	 */
 	if (sig_len) {
-		buf = xasprintf("%s%s%s%s", hdr1, hdr2, content, sig);
+		buf = allocated_buf = xasprintf("%s%s%s%s", hdr1, hdr2, content, sig);
 		buflen = strlen(buf);
 	} else {
 		buf = content;
 		allocated_buf = NULL;
 		buflen = len;
+	}
 	pgp = pgpv_new();
 	cursor = pgpv_new_cursor();
 	if (!pgpv_read_pubring(pgp, keyring, -1))
 		err(EXIT_FAILURE, "cannot read keyring");
 	if (!pgpv_verify(cursor, pgp, buf, buflen))
 		errx(EXIT_FAILURE, "unable to verify signature: %s",
 		    pgpv_get_cursor_str(cursor, "why"));
 	pgpv_close(pgp);
-	if (sig_len)
+	free(allocated_buf);
 		free(buf);
 	return 0;
+}
 int
 detached_gpg_sign(const char *content, size_t len, char **sig, size_t *sig_len,
     const char *keyring, const char *user)
+{
 	const char *argv[12], **argvp;
 	pid_t child;
 	int fd_in[2], fd_out[2], status;
 	size_t allocated;
 	ssize_t ret;

 @@ -1,14 +1,14 @@
-/* $NetBSD: lib.h,v 1.67 2015/10/15 13:31:27 sevan Exp $ */
+/* $NetBSD: lib.h,v 1.68 2017/04/19 21:42:50 joerg Exp $ */
 /* from FreeBSD Id: lib.h,v 1.25 1997/10/08 07:48:03 charnier Exp */
 /*
  * FreeBSD install - a package for the installation and maintainance
  * of non-core utilities.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -306,26 +306,27 @@ Boolean make_preserve_name(char *, size_
 void    remove_files(const char *, const char *);
 int     format_cmd(char *, size_t, const char *, const char *, const char *);
 int	recursive_remove(const char *, int);
 void	add_pkgdir(const char *, const char *, const char *);
 void	delete_pkgdir(const char *, const char *, const char *);
 int	has_pkgdir(const char *);
 /* pkg_io.c: Local and remote archive handling */
 struct archive;
 struct archive_entry;
 struct archive *prepare_archive(void);
 struct archive *open_archive(const char *, char **);
 struct archive *find_archive(const char *, int, char **);
 void	process_pkg_path(void);
 struct url *find_best_package(const char *, const char *, int);
 /* Packing list */
 plist_t *new_plist_entry(void);
 plist_t *last_plist(package_t *);
 plist_t *find_plist(package_t *, pl_ent_t);
 char   *find_plist_option(package_t *, const char *);
 void    plist_delete(package_t *, Boolean, pl_ent_t, char *);
 void    free_plist(package_t *);
 void    mark_plist(package_t *);
 @@ -402,27 +403,32 @@ int detached_gpg_sign(const char *, size
     const char *);
 /* License handling */
 int add_licenses(const char *);
 int acceptable_license(const char *);
 int acceptable_pkg_license(const char *);
 void load_license_lists(void);
 /* Helper functions for memory allocation */
 char *xstrdup(const char *);
 void *xrealloc(void *, size_t);
 void *xcalloc(size_t, size_t);
 void *xmalloc(size_t);
-char *xasprintf(const char *, ...);
+#if defined(__GNUC__) && __GNUC__ >= 2
 char	*xasprintf(const char *, ...)
 			   __attribute__((__format__(__printf__, 1, 2)));
 #else
 char	*xasprintf(const char *, ...);
 #endif
 /* Externs */
 extern Boolean Verbose;
 extern Boolean Fake;
 extern Boolean Force;
 extern const char *cert_chain_file;
 extern const char *certs_packages;
 extern const char *certs_pkg_vulnerabilities;
 extern const char *check_eol;
 extern const char *check_vulnerabilities;
 extern const char *config_file;
 extern const char *config_pkg_dbdir;
 extern const char *config_pkg_path;

 @@ -1,14 +1,14 @@
-/*	$NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $	*/
+/*	$NetBSD: pkg_io.c,v 1.12 2017/04/19 21:42:50 joerg Exp $	*/
 /*-
  * Copyright (c) 2008, 2009 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
  *    the documentation and/or other materials provided with the
 @@ -26,49 +26,55 @@
  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_io.c,v 1.11 2010/04/20 00:39:13 joerg Exp $");
+__RCSID("$NetBSD: pkg_io.c,v 1.12 2017/04/19 21:42:50 joerg Exp $");
 #include <archive.h>
 #include <archive_entry.h>
 #if HAVE_ERR_H
 #include <err.h>
 #endif
 #if HAVE_ERRNO_H
 #include <errno.h>
 #endif
 #include <fetch.h>
 #include <stdlib.h>
 #ifdef BOOTSTRAP
 #define IS_URL(x) 0
 #else
 #include <fetch.h>
 #endif
 #include "lib.h"
 struct pkg_path {
 	TAILQ_ENTRY(pkg_path) pl_link;
 	char *pl_path;
 };
 static char *orig_cwd, *last_toplevel;
 static TAILQ_HEAD(, pkg_path) pkg_path = TAILQ_HEAD_INITIALIZER(pkg_path);
 #ifndef BOOTSTRAP
 struct fetch_archive {
 	struct url *url;
 	fetchIO *fetch;
 	char buffer[32768];
 	off_t size;
 	int restart;
 };
 static int
 fetch_archive_open(struct archive *a, void *client_data)
+{
 	struct fetch_archive *f = client_data;
 	struct url_stat us;
 @@ -135,69 +141,86 @@ fetch_archive_close(struct archive *a, v
+}
 static struct archive *
 open_archive_by_url(struct url *url, char **archive_name)
+{
 	struct fetch_archive *f;
 	struct archive *a;
 	f = xmalloc(sizeof(*f));
 	f->url = fetchCopyURL(url);
 	*archive_name = fetchStringifyURL(url);
-	a = archive_read_new();
+	a = prepare_archive();
 	archive_read_support_compression_all(a);
 	archive_read_support_format_all(a);
 	if (archive_read_open(a, f, fetch_archive_open, fetch_archive_read,
 	    fetch_archive_close)) {
 		free(*archive_name);
 		*archive_name = NULL;
-		archive_read_finish(a);
+		archive_read_free(a);
 		return NULL;
+	}
 	return a;
+}
 #endif /* !BOOTSTRAP */
 struct archive *
 prepare_archive(void)
+{
 	struct archive *a = archive_read_new();
 	if (a == NULL)
 		errx(EXIT_FAILURE, "memory allocation failed");
 	archive_read_support_filter_gzip(a);
 	archive_read_support_filter_bzip2(a);
 	archive_read_support_filter_xz(a);
 	archive_read_support_format_ar(a);
 	archive_read_support_format_tar(a);
 	archive_read_set_options(a, "hdrcharset=BINARY");
 	return a;
+}
 struct archive *
 open_archive(const char *url, char **archive_name)
+{
 	struct url *u;
 	struct archive *a;
 	*archive_name = NULL;
 	if (!IS_URL(url)) {
-		a = archive_read_new();
+		a = prepare_archive();
 		archive_read_support_compression_all(a);
 		archive_read_support_format_all(a);
 		if (archive_read_open_filename(a, url, 1024)) {
 			archive_read_close(a);
 			return NULL;
+		}
 		*archive_name = xstrdup(url);
 		return a;
+	}
 #ifdef BOOTSTRAP
 	return NULL;
 #else
 	if ((u = fetchParseURL(url)) == NULL)
 		return NULL;
 	a = open_archive_by_url(u, archive_name);
 	fetchFreeURL(u);
 	return a;
 #endif
+}
 #ifndef BOOTSTRAP
 static int
 strip_suffix(char *filename)
+{
 	size_t len;
 	len = strlen(filename);
 	if (len <= 4)
 		return 0;
 	if (strcmp(filename + len - 4, ".tgz") == 0 ||
 	    strcmp(filename + len - 4, ".tbz") == 0) {
 		filename[len - 4] = '\0';
 		return 1;
 	} else
 @@ -323,26 +346,27 @@ find_best_package(const char *toplevel,
 		return best_match;
 	TAILQ_FOREACH(pl, &pkg_path, pl_link) {
 		url = fetchParseURL(pl->pl_path);
 		if (url != NULL) {
 			find_best_package_int(url, pattern, &best_match);
 			/* XXX Check return value and complain */
 			fetchFreeURL(url);
+		}
+	}
 	return best_match;
+}
 #endif /* !BOOTSTRAP */
 struct archive *
 find_archive(const char *fname, int top_level, char **archive_name)
+{
 	struct archive *a;
 	struct url *best_match;
 	char *full_fname, *last_slash;
 	int search_path;
 	search_path = 0;
 	if (IS_FULLPATH(fname) || IS_URL(fname)) {
 		full_fname = xstrdup(fname);
 	} else {
 @@ -354,30 +378,31 @@ find_archive(const char *fname, int top_
 	last_slash = strrchr(full_fname, '/');
 	if (top_level) {
 		free(last_toplevel);
 		*last_slash = '\0';
 		last_toplevel = xstrdup(full_fname);
 		*last_slash = '/';
+	}
 	a = open_archive(full_fname, archive_name);
 	if (a != NULL) {
 		free(full_fname);
 		return a;
+	}
 #ifndef BOOTSTRAP
 	fname = last_slash + 1;
 	*last_slash = '\0';
 	best_match = find_best_package(full_fname, fname, 0);
 	if (search_path && best_match == NULL)
 		best_match = find_best_package(last_toplevel, fname, 1);
 	free(full_fname);
 	if (best_match == NULL)
 		return NULL;
 	a = open_archive_by_url(best_match, archive_name);
 	fetchFreeURL(best_match);
 #endif /* !BOOTSTRAP */
 	return a;
+}

 @@ -1,23 +1,23 @@
-/*	$NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $	*/
+/*	$NetBSD: pkg_signature.c,v 1.13 2017/04/19 21:42:50 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: pkg_signature.c,v 1.12 2015/09/01 12:14:06 jperkin Exp $");
+__RCSID("$NetBSD: pkg_signature.c,v 1.13 2017/04/19 21:42:50 joerg Exp $");
 /*-
  * Copyright (c) 2008 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -37,26 +37,27 @@ __RCSID("$NetBSD: pkg_signature.c,v 1.12
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #if HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
 #include <ctype.h>
 #if HAVE_ERR_H
 #include <err.h>
 #endif
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
 #include <stdlib.h>
 #ifndef NETBSD
 #include <nbcompat/sha2.h>
 #else
 #include <sha2.h>
 #endif
 #include <signal.h>
 #ifdef NETBSD
 #include <unistd.h>
 #else
 #include <nbcompat/unistd.h>
 #endif
 @@ -149,27 +150,27 @@ free_signature_int(struct signature_arch
 		for (i = 0; i < state->sign_block_number; ++i)
 			free(state->sign_blocks[i]);
+	}
 	free(state->sign_blocks);
 	free(state->sign_buf);
 	free(state);
+}
 static int
 verify_signature_close_cb(struct archive *archive, void *cookie)
+{
 	struct signature_archive *state = cookie;
-	archive_read_finish(state->archive);
+	archive_read_free(state->archive);
 	free_signature_int(state);
 	return 0;
+}
 static int
 read_file_from_archive(const char *archive_name, struct archive *archive,
     struct archive_entry **entry,
     const char *fname, char **content, size_t *len)
+{
 	int r;
 	*content = NULL;
 	*len = 0;
 @@ -320,53 +321,53 @@ pkg_verify_signature(const char *archive
 	struct archive_entry *my_entry;
 	struct archive *a;
 	char *hash_file, *signature_file;
 	size_t hash_len, signature_len;
 	int r, has_sig;
 	*pkgname = NULL;
 	state = xcalloc(sizeof(*state), 1);
 	r = read_file_from_archive(archive_name, *archive, entry, HASH_FNAME,
 	    &hash_file, &hash_len);
 	if (r == -1) {
-		archive_read_finish(*archive);
+		archive_read_free(*archive);
 		*archive = NULL;
 		free(state);
 		goto no_valid_signature;
 	} else if (r == 1) {
 		free(state);
 		goto no_valid_signature;
+	}
 	if (parse_hash_file(hash_file, pkgname, state))
 		goto no_valid_signature;
 	r = read_file_from_archive(archive_name, *archive, entry, SIGNATURE_FNAME,
 	    &signature_file, &signature_len);
 	if (r == -1) {
-		archive_read_finish(*archive);
+		archive_read_free(*archive);
 		*archive = NULL;
 		free(state);
 		free(hash_file);
 		goto no_valid_signature;
 	} else if (r != 0) {
 		if (*entry != NULL)
 			r = read_file_from_archive(archive_name, *archive,
 			    entry, GPG_SIGNATURE_FNAME,
 			    &signature_file, &signature_len);
 		if (r == -1) {
-			archive_read_finish(*archive);
+			archive_read_free(*archive);
 			*archive = NULL;
 			free(state);
 			free(hash_file);
 			goto no_valid_signature;
 		} else if (r != 0) {
 			free(hash_file);
 			free(state);
 			goto no_valid_signature;
+		}
 		has_sig = !gpg_verify(hash_file, hash_len, gpg_keyring_verify,
 		    signature_file, signature_len);
 		free(signature_file);
 @@ -389,33 +390,31 @@ pkg_verify_signature(const char *archive
 		    archive_error_string(*archive));
 		free_signature_int(state);
 		goto no_valid_signature;
+	}
 	if (archive_entry_size(my_entry) != state->pkg_size) {
 		warnx("Package size doesn't match signature");
 		free_signature_int(state);
 		goto no_valid_signature;
+	}
 	state->archive = *archive;
-	a = archive_read_new();
+	a = prepare_archive();
 	archive_read_support_compression_all(a);
 	archive_read_support_format_all(a);
 	if (archive_read_open(a, state, NULL, verify_signature_read_cb,
 	    verify_signature_close_cb)) {
 		warnx("Can't open signed package file");
-		archive_read_finish(a);
+		archive_read_free(a);
 		goto no_valid_signature;
+	}
 	*archive = a;
 	*entry = NULL;
 	return has_sig ? 0 : -1;
 no_valid_signature:
 	return -1;
+}
 int
 pkg_full_signature_check(const char *archive_name, struct archive **archive)
 @@ -438,66 +437,64 @@ pkg_full_signature_check(const char *arc
+}
 static char *
 extract_pkgname(int fd)
+{
 	package_t plist;
 	plist_t *p;
 	struct archive *a;
 	struct archive_entry *entry;
 	char *buf;
 	ssize_t len;
 	int r;
-	a = archive_read_new();
+	a = prepare_archive();
 	archive_read_support_compression_all(a);
 	archive_read_support_format_all(a);
 	if (archive_read_open_fd(a, fd, 1024)) {
 		warnx("Cannot open binary package: %s",
 		    archive_error_string(a));
-		archive_read_finish(a);
+		archive_read_free(a);
 		return NULL;
+	}
 	r = archive_read_next_header(a, &entry);
 	if (r != ARCHIVE_OK) {
 		warnx("Cannot extract package name: %s",
 		    r == ARCHIVE_EOF ? "EOF" : archive_error_string(a));
-		archive_read_finish(a);
+		archive_read_free(a);
 		return NULL;
+	}
 	if (strcmp(archive_entry_pathname(entry), "+CONTENTS") != 0) {
 		warnx("Invalid binary package, doesn't start with +CONTENTS");
-		archive_read_finish(a);
+		archive_read_free(a);
 		return NULL;
+	}
 	if (archive_entry_size(entry) > SSIZE_MAX - 1) {
 		warnx("+CONTENTS too large to process");
-		archive_read_finish(a);
+		archive_read_free(a);
 		return NULL;
+	}
 	len = archive_entry_size(entry);
 	buf = xmalloc(len + 1);
 	if (archive_read_data(a, buf, len) != len) {
 		warnx("Short read when extracing +CONTENTS");
 		free(buf);
-		archive_read_finish(a);
+		archive_read_free(a);
 		return NULL;
+	}
 	buf[len] = '\0';
-	archive_read_finish(a);
+	archive_read_free(a);
 	parse_plist(&plist, buf);
 	free(buf);
 	p = find_plist(&plist, PLIST_NAME);
 	if (p != NULL) {
 		buf = xstrdup(p->name);
 	} else {
 		warnx("Invalid PLIST: missing @name");
 		buf = NULL;
+	}
 	free_plist(&plist);
 	if (lseek(fd, 0, SEEK_SET) != 0) {
 @@ -569,27 +566,26 @@ pkg_sign_x509(const char *name, const ch
 	lseek(fd, 0, SEEK_SET);
 	sign_entry = archive_entry_clone(entry);
 	hash_entry = archive_entry_clone(entry);
 	pkgname = strrchr(name, '/');
 	archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name);
 	archive_entry_set_pathname(hash_entry, HASH_FNAME);
 	archive_entry_set_pathname(sign_entry, SIGNATURE_FNAME);
 	archive_entry_set_size(hash_entry, strlen(hash_file));
 	archive_entry_set_size(sign_entry, signature_len);
 	pkg = archive_write_new();
 	archive_write_set_compression_none(pkg);
 	archive_write_set_format_ar_bsd(pkg);
 	archive_write_open_filename(pkg, output);
 	archive_write_header(pkg, hash_entry);
 	archive_write_data(pkg, hash_file, strlen(hash_file));
 	archive_write_finish_entry(pkg);
 	archive_entry_free(hash_entry);
 	archive_write_header(pkg, sign_entry);
 	archive_write_data(pkg, signature_file, signature_len);
 	archive_write_finish_entry(pkg);
 	archive_entry_free(sign_entry);
 @@ -598,27 +594,27 @@ pkg_sign_x509(const char *name, const ch
 	for (i = 0; i < size; i += block_len) {
 		if (i + (off_t)sizeof(block) < size)
 			block_len = sizeof(block);
 		else
 			block_len = size % sizeof(block);
 		if (read(fd, block, block_len) != (ssize_t)block_len)
 			err(2, "short read");
 		archive_write_data(pkg, block, block_len);
+	}
 	archive_write_finish_entry(pkg);
 	archive_entry_free(entry);
-	archive_write_finish(pkg);
+	archive_write_free(pkg);
 	close(fd);
 	exit(0);
+}
 #endif
 void
 pkg_sign_gpg(const char *name, const char *output)
+{
 	struct archive *pkg;
 	struct archive_entry *entry, *hash_entry, *sign_entry;
 	int fd;
 @@ -663,27 +659,26 @@ pkg_sign_gpg(const char *name, const cha
 	lseek(fd, 0, SEEK_SET);
 	sign_entry = archive_entry_clone(entry);
 	hash_entry = archive_entry_clone(entry);
 	pkgname = strrchr(name, '/');
 	archive_entry_set_pathname(entry, pkgname != NULL ? pkgname + 1 : name);
 	archive_entry_set_pathname(hash_entry, HASH_FNAME);
 	archive_entry_set_pathname(sign_entry, GPG_SIGNATURE_FNAME);
 	archive_entry_set_size(hash_entry, strlen(hash_file));
 	archive_entry_set_size(sign_entry, signature_len);
 	pkg = archive_write_new();
 	archive_write_set_compression_none(pkg);
 	archive_write_set_format_ar_bsd(pkg);
 	archive_write_open_filename(pkg, output);
 	archive_write_header(pkg, hash_entry);
 	archive_write_data(pkg, hash_file, strlen(hash_file));
 	archive_write_finish_entry(pkg);
 	archive_entry_free(hash_entry);
 	archive_write_header(pkg, sign_entry);
 	archive_write_data(pkg, signature_file, signature_len);
 	archive_write_finish_entry(pkg);
 	archive_entry_free(sign_entry);
 @@ -692,19 +687,19 @@ pkg_sign_gpg(const char *name, const cha
 	for (i = 0; i < size; i += block_len) {
 		if (i + (off_t)sizeof(block) < size)
 			block_len = sizeof(block);
 		else
 			block_len = size % sizeof(block);
 		if (read(fd, block, block_len) != (ssize_t)block_len)
 			err(2, "short read");
 		archive_write_data(pkg, block, block_len);
+	}
 	archive_write_finish_entry(pkg);
 	archive_entry_free(entry);
-	archive_write_finish(pkg);
+	archive_write_free(pkg);
 	close(fd);
 	exit(0);
+}

 @@ -1,14 +1,14 @@
-/*	$NetBSD: vulnerabilities-file.c,v 1.8 2015/09/01 12:14:06 jperkin Exp $	*/
+/*	$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $	*/
 /*-
  * Copyright (c) 2008, 2010 Joerg Sonnenberger <joerg@NetBSD.org>.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
+ *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
 @@ -28,27 +28,27 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: vulnerabilities-file.c,v 1.8 2015/09/01 12:14:06 jperkin Exp $");
+__RCSID("$NetBSD: vulnerabilities-file.c,v 1.9 2017/04/19 21:42:50 joerg Exp $");
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
 #if HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
 #ifndef BOOTSTRAP
 #include <archive.h>
 #endif
 #include <ctype.h>
 #if HAVE_ERR_H
 #include <err.h>
 @@ -67,26 +67,40 @@ __RCSID("$NetBSD: vulnerabilities-file.c
 #endif
 #include <unistd.h>
 #include "lib.h"
 static struct pkg_vulnerabilities *read_pkg_vulnerabilities_archive(struct archive *, int);
 static struct pkg_vulnerabilities *parse_pkg_vuln(const char *, size_t, int);
 static const char pgp_msg_start[] = "-----BEGIN PGP SIGNED MESSAGE-----\n";
 static const char pgp_msg_end[] = "-----BEGIN PGP SIGNATURE-----\n";
 static const char pkcs7_begin[] = "-----BEGIN PKCS7-----\n";
 static const char pkcs7_end[] = "-----END PKCS7-----\n";
 static struct archive *
 prepare_raw_file(void)
+{
 	struct archive *a = archive_read_new();
 	if (a == NULL)
 		errx(EXIT_FAILURE, "memory allocation failed");
 	archive_read_support_filter_gzip(a);
 	archive_read_support_filter_bzip2(a);
 	archive_read_support_filter_xz(a);
 	archive_read_support_format_raw(a);
 	return a;
+}
 static void
 verify_signature_pkcs7(const char *input)
+{
 #ifdef HAVE_SSL
 	const char *begin_pkgvul, *end_pkgvul, *begin_sig, *end_sig;
 	if (strncmp(input, pgp_msg_start, strlen(pgp_msg_start)) == 0) {
 		begin_pkgvul = input + strlen(pgp_msg_start);
 		if ((end_pkgvul = strstr(begin_pkgvul, pgp_msg_end)) == NULL)
 			errx(EXIT_FAILURE, "Invalid PGP signature");
 		if ((begin_sig = strstr(end_pkgvul, pkcs7_begin)) == NULL)
 			errx(EXIT_FAILURE, "No PKCS7 signature");
 	} else {
 @@ -335,63 +349,55 @@ add_vulnerability(struct pkg_vulnerabili
 	++pv->entries;
+}
 struct pkg_vulnerabilities *
 read_pkg_vulnerabilities_memory(void *buf, size_t len, int check_sum)
+{
 #ifdef BOOTSTRAP
 	errx(EXIT_FAILURE, "Audit functions are unsupported during bootstrap");
 #else
 	struct archive *a;
 	struct pkg_vulnerabilities *pv;
-	if ((a = archive_read_new()) == NULL)
+	a = prepare_raw_file();
-		errx(EXIT_FAILURE, "memory allocation failed");
+	if (archive_read_open_memory(a, buf, len) != ARCHIVE_OK)
 	if (archive_read_support_compression_all(a) != ARCHIVE_OK ||
 	    archive_read_support_format_raw(a) != ARCHIVE_OK ||
 	    archive_read_open_memory(a, buf, len) != ARCHIVE_OK)
 		errx(EXIT_FAILURE, "Cannot open pkg_vulnerabilies buffer: %s",
 		    archive_error_string(a));
 	pv = read_pkg_vulnerabilities_archive(a, check_sum);
 	return pv;
 #endif
+}
 struct pkg_vulnerabilities *
 read_pkg_vulnerabilities_file(const char *path, int ignore_missing, int check_sum)
+{
 #ifdef BOOTSTRAP
 	errx(EXIT_FAILURE, "Audit functions are unsupported during bootstrap");
 #else
 	struct archive *a;
 	struct pkg_vulnerabilities *pv;
 	int fd;
 	if ((fd = open(path, O_RDONLY)) == -1) {
 		if (errno == ENOENT && ignore_missing)
 			return NULL;
 		err(EXIT_FAILURE, "Cannot open %s", path);
+	}
-	if ((a = archive_read_new()) == NULL)
+	a = prepare_raw_file();
-		errx(EXIT_FAILURE, "memory allocation failed");
+	if (archive_read_open_fd(a, fd, 65536) != ARCHIVE_OK)
 	if (archive_read_support_compression_all(a) != ARCHIVE_OK ||
 	    archive_read_support_format_raw(a) != ARCHIVE_OK ||
 	    archive_read_open_fd(a, fd, 65536) != ARCHIVE_OK)
 		errx(EXIT_FAILURE, "Cannot open ``%s'': %s", path,
 		    archive_error_string(a));
 	pv = read_pkg_vulnerabilities_archive(a, check_sum);
 	close(fd);
 	return pv;
 #endif
+}
 #ifndef BOOTSTRAP
 static struct pkg_vulnerabilities *
 read_pkg_vulnerabilities_archive(struct archive *a, int check_sum)

 @@ -1,23 +1,23 @@
-/*	$NetBSD: main.c,v 1.64 2015/01/02 14:26:16 wiz Exp $	*/
+/*	$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $	*/
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_CDEFS_H
 #include <sys/cdefs.h>
 #endif
-__RCSID("$NetBSD: main.c,v 1.64 2015/01/02 14:26:16 wiz Exp $");
+__RCSID("$NetBSD: main.c,v 1.65 2017/04/19 21:42:50 joerg Exp $");
 /*-
  * Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Hubert Feyrer <hubert@feyrer.de> and
  * by Joerg Sonnenberger <joerg@NetBSD.org>.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
 @@ -598,28 +598,28 @@ main(int argc, char *argv[])
 		rc = 0;
 		for (--argc, ++argv; argc > 0; --argc, ++argv) {
 			char *archive_name;
 			pkg = open_archive(*argv, &archive_name);
 			if (pkg == NULL) {
 				warnx("%s could not be opened", *argv);
 				continue;
+			}
 			if (pkg_full_signature_check(archive_name, &pkg))
 				rc = 1;
 			free(archive_name);
-			if (!pkg)
+			if (pkg != NULL)
-				archive_read_finish(pkg);
+				archive_read_free(pkg);
+		}
 		return rc;
 	} else if (strcasecmp(argv[0], "x509-sign-package") == 0) {
 #ifdef HAVE_SSL
 		--argc;
 		++argv;
 		if (argc != 4)
 			errx(EXIT_FAILURE, "x509-sign-package takes exactly four arguments");
 		pkg_sign_x509(argv[0], argv[1], argv[2], argv[3]);
 #else
 		errx(EXIT_FAILURE, "OpenSSL support is not included");
 #endif
 	} else if (strcasecmp(argv[0], "gpg-sign-package") == 0) {

 @@ -29,47 +29,38 @@
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
 #include <nbcompat.h>
 #if HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
 #if HAVE_ERR_H
 #include <err.h>
 #endif
 #include <fcntl.h>
 #if HAVE_PWD_H
 #include <grp.h>
 #endif
 #include <limits.h>
 #if HAVE_PWD_H
 #include <pwd.h>
 #endif
 #if HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
 #if HAVE_STRING_H
 #include <string.h>
 #endif
 #if HAVE_TIME_H
 #include <time.h>
 #endif
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #if HAVE_FCNTL_H
 #include <fcntl.h>
 #endif
 #include "lib.h"
 #include "create.h"
 static void
 update_ids(struct memory_file *file)
+{
 	if (file->owner != NULL) {
 		uid_t uid;
 		if (uid_from_user(file->owner, &uid) == -1)
 			errx(2, "user %s unknown", file->owner);
 		file->st.st_uid = uid;

 @@ -1,14 +1,14 @@
-# $NetBSD: Makefile.in,v 1.35 2015/09/01 12:14:06 jperkin Exp $
+# $NetBSD: Makefile.in,v 1.36 2017/04/19 21:42:50 joerg Exp $
 srcdir=		@srcdir@
 pkgdbdir=	@pkgdbdir@
 mandir=		@mandir@
 datarootdir=	@datarootdir@
 sysconfdir=	@sysconfdir@
 cat5dir=	$(mandir)/cat5
 cat7dir=	$(mandir)/cat7
 man5dir=	$(mandir)/man5
 man7dir=	$(mandir)/man7
 @@ -18,35 +18,35 @@ SSL_SUPPORT=	@ssl_support@
 RANLIB=		@RANLIB@
 AR=		@AR@
 CC=		@CC@
 CPPFLAGS=	@CPPFLAGS@ -I. -I$(srcdir)
 DEFS=		@DEFS@ -DDEF_LOG_DIR=\"$(pkgdbdir)\"
 CFLAGS=		@CFLAGS@
 INSTALL=	@INSTALL@
 LIB=	libinstall.a
 OBJS=	automatic.o conflicts.o dewey.o fexec.o file.o \
 	global.o iterate.o license.o lpkg.o opattern.o \
-	parse-config.o pkgdb.o plist.o remove.o \
+	parse-config.o pkgdb.o pkg_io.o plist.o remove.o \
 	str.o var.o version.o vulnerabilities-file.o xwrapper.o
 CPPFLAGS+=	-DSYSCONFDIR=\"$(sysconfdir)\"
 .if !empty(BOOTSTRAP)
 CPPFLAGS+=	-DBOOTSTRAP
 .else
-OBJS+=	gpgsig.o pkg_io.o pkg_signature.o
+OBJS+=	gpgsig.o pkg_signature.o
 .endif
 .if !empty(SSL_SUPPORT)
 CPPFLAGS+=	-DHAVE_SSL
 OBJS+=		pkcs7.o
 .endif
 all: $(LIB)
 .c.o:
 	$(CC) $(DEFS) $(CPPFLAGS) $(CFLAGS) -c $<
 $(LIB): $(OBJS)

 @@ -1,14 +1,14 @@
-/*	$NetBSD: version.h,v 1.170 2016/04/10 19:01:19 joerg Exp $	*/
+/*	$NetBSD: version.h,v 1.171 2017/04/19 21:42:50 joerg Exp $	*/
 /*
  * Copyright (c) 2001 Thomas Klausner.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
 @@ -17,16 +17,16 @@
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #ifndef _INST_LIB_VERSION_H_
 #define _INST_LIB_VERSION_H_
-#define PKGTOOLS_VERSION 20160410
+#define PKGTOOLS_VERSION 20170419
 #endif /* _INST_LIB_VERSION_H_ */