From ef2c09c8cbdcdab41ff1ee1ee710277178099c24 Mon Sep 17 00:00:00 2001
From: espie <espie@openbsd.org>
Date: Tue, 23 Dec 2014 08:46:31 +0000
Subject: [PATCH] tweak meta-info checking a bit. - remove IsLink tests,
 there's no reason to treat them specially. - files are forced to root, no
 need to allow for bin anymore.

- force libraries to be not executable, if there's no explicit @mode
annotation
---
 usr.sbin/pkg_add/OpenBSD/ArcCheck.pm       | 14 +++++++++-----
 usr.sbin/pkg_add/OpenBSD/PackingElement.pm |  5 ++++-
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm b/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm
index 1495a48533c..0c62aa8d9b0 100644
--- a/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm
+++ b/usr.sbin/pkg_add/OpenBSD/ArcCheck.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: ArcCheck.pm,v 1.30 2014/11/30 16:44:04 espie Exp $
+# $OpenBSD: ArcCheck.pm,v 1.31 2014/12/23 08:46:31 espie Exp $
 #
 # Copyright (c) 2005-2006 Marc Espie <espie@openbsd.org>
 #
@@ -53,14 +53,14 @@ sub verify_modes
 	my ($o, $item) = @_;
 	my $result = 1;
 
-	if (!defined $item->{owner} && !$o->isSymLink) {
-	    if ($o->{uname} ne 'root' && $o->{uname} ne 'bin') {
+	if (!defined $item->{owner}) {
+	    if ($o->{uname} ne 'root') {
 		    $o->errsay("Error: no \@owner for #1 (#2)",
 			$item->fullname, $o->{uname});
 	    		$result = 0;
 	    }
 	}
-	if (!defined $item->{group} && !$o->isSymLink) {
+	if (!defined $item->{group}) {
 	    if ($o->{gname} ne 'bin' && $o->{gname} ne 'wheel') {
 		if (($o->{mode} & (S_ISUID | S_ISGID | S_IWGRP)) != 0) {
 		    $o->errsay("Error: no \@group for #1 (#2), which has mode #3",
@@ -73,7 +73,7 @@ sub verify_modes
 	    	}
 	    }
 	}
-	if (!defined $item->{mode} && $o->isFile) {
+	if (!defined $item->{mode}) {
 	    if (($o->{mode} & (S_ISUID | S_ISGID | S_IWOTH)) != 0 ||
 	    	($o->{mode} & S_IROTH) == 0 || ($o->{mode} & S_IRGRP) == 0) {
 		    $o->errsay("Error: weird mode for #1: #2",
@@ -152,6 +152,10 @@ sub prepare_long
 	# disallow writable files/dirs without explicit annotation
 	if (!defined $item->{mode}) {
 		$entry->{mode} &= ~(S_IWUSR|S_IWGRP|S_IWOTH);
+		# and make libraries non-executable
+		if ($item->is_a_library) {
+			$entry->{mode} &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
+		}
 	}
 	# if we're going to set the group or owner, sguid bits won't
 	# survive the extraction
diff --git a/usr.sbin/pkg_add/OpenBSD/PackingElement.pm b/usr.sbin/pkg_add/OpenBSD/PackingElement.pm
index 7fd3b2b383d..09ec15cd344 100644
--- a/usr.sbin/pkg_add/OpenBSD/PackingElement.pm
+++ b/usr.sbin/pkg_add/OpenBSD/PackingElement.pm
@@ -1,5 +1,5 @@
 # ex:ts=8 sw=4:
-# $OpenBSD: PackingElement.pm,v 1.237 2014/10/13 12:44:16 espie Exp $
+# $OpenBSD: PackingElement.pm,v 1.238 2014/12/23 08:46:31 espie Exp $
 #
 # Copyright (c) 2003-2014 Marc Espie <espie@openbsd.org>
 #
@@ -162,6 +162,7 @@ sub stringize
 
 sub IsFile() { 0 }
 
+sub is_a_library() { 0 }
 sub NoDuplicateNames() { 0 }
 
 
@@ -692,6 +693,8 @@ sub parse
 	}
 }
 
+sub is_a_library() { 1 }
+
 package OpenBSD::PackingElement::PkgConfig;
 our @ISA=qw(OpenBSD::PackingElement::FileBase);
 
-- 
2.20.1