$NetBSD

strcpy used on overlapping strings. Place in a string to avoid this.
Fixes package on Darwin. 

--- src/config.parse.c.orig	1994-07-21 02:03:26.000000000 +0100
+++ src/config.parse.c	2021-02-09 14:24:32.000000000 +0000
@@ -55,7 +55,6 @@
 #endif
 
 /* prototypes */
-char *mktemp();
 static void configfile_descend();
 
 #ifndef L_tmpnam
@@ -83,6 +82,7 @@
 {
     FILE 	*fpin, *fpout = (FILE *) NULL;
     char	filename[MAXPATHLEN+512];
+    char	cpfilename[MAXPATHLEN+512];
     char	ignorestring[1024];
     char	s[MAXPATHLEN+1024];
     char	configfile[MAXPATHLEN+512];
@@ -90,6 +90,7 @@
     char	number[128];
     int		entrynum = 0;
     int		err;
+    int		fdout;
 
     /* to make code semi-reentrant */
     list_reset(&prune_list);
@@ -105,8 +106,9 @@
     };
     (void) strcpy(tmpfilename, TEMPFILE_TEMPLATE);
 
-    if ((char *) mktemp(tmpfilename) == NULL) {
-	perror("configfile_read: mktemp()");
+    fdout = mkstemp(tmpfilename);
+    if (fdout == -1) {
+	perror("configfile_read: mkstemp()");
 	exit(1);
     }
 
@@ -149,7 +151,7 @@
 
     err = umask(077);  /* to protect the tempfile */
 
-    if ((fpout = fopen(tmpfilename, "w+")) == NULL) {
+    if ((fpout = fdopen(fdout, "w+")) == NULL) {
 	sprintf(s, "tripwire: Couldn't open config file '%s'", configfile);
 	perror(s);
 	exit(1);
@@ -221,11 +223,17 @@
 	switch (*filename) {
       	case '!':
 	    prune_mode = PRUNE_ALL;
-	    (void) strcpy(filename, filename+1);	/* adjust name */
+	    /* overlapping strings - undefined behaviour, at least
+	     * on Darwin 
+	     * (void) strcpy(filename, filename+1);	
+	     */
+	    (void) strcpy(cpfilename, filename+1);	/* adjust name */
+	    (void) strcpy(filename, cpfilename);	/* adjust name */
   	    break;
         case '=':
 	    prune_mode = PRUNE_ONE;
-	    (void) strcpy(filename, filename+1);	/* adjust name */
+	    (void) strcpy(cpfilename, filename+1);	/* adjust name */
+	    (void) strcpy(filename, cpfilename);	/* adjust name */
 	    break;
         default:
 	  continue; /* nothing */
@@ -295,7 +303,8 @@
 
 	/* check for leading '=', prune after one recursion */
 	else if (*filename == '=') {
-	    (void) strcpy(filename, filename+1);
+	    (void) strcpy(cpfilename, filename+1);	/* adjust name */
+	    (void) strcpy(filename, cpfilename);	/* adjust name */
 	    prunedir++;
 	}
 
