diff --git a/contrib/mport/libexec/mport.create/mport.create.c b/contrib/mport/libexec/mport.create/mport.create.c
index 3c7e5dfa65..f965b6a77c 100644
--- a/contrib/mport/libexec/mport.create/mport.create.c
+++ b/contrib/mport/libexec/mport.create/mport.create.c
@@ -71,7 +71,7 @@ int main(int argc, char *argv[])
 	while ((ch = getopt(argc, argv, "C:D:E:M:O:P:S:c:d:e:f:i:j:l:m:n:o:p:r:s:t:v:x:")) != -1) {
 		switch (ch) {
 			case 'o':
-				extra->pkg_filename = strdup(optarg);
+			    strlcpy(extra->pkg_filename, optarg, sizeof(extra->pkg_filename));
 				break;
 			case 'n':
 				if (optarg != NULL) {
@@ -104,7 +104,7 @@ int main(int argc, char *argv[])
 				}
 				break;
 			case 's':
-				extra->sourcedir = strdup(optarg);
+				strlcpy(extra->sourcedir, optarg, sizeof(extra->sourcedir));
 				break;
 			case 'd':
 				if (optarg != NULL) {
@@ -132,7 +132,7 @@ int main(int argc, char *argv[])
 				}
 				break;
 			case 'D':
-				mport_parselist(optarg, &(extra->depends));
+				mport_parselist(optarg, &(extra->depends), &(extra->depends_count));
 				break;
 			case 'M':
 				extra->mtree = strdup(optarg);
@@ -143,7 +143,7 @@ int main(int argc, char *argv[])
 				}
 				break;
 			case 'C':
-				mport_parselist(optarg, &(extra->conflicts));
+				mport_parselist(optarg, &(extra->conflicts), &(extra->conflicts_count));
 				break;
 			case 'E':
 				strptime(optarg, "%Y-%m-%d", &expDate);
@@ -165,7 +165,7 @@ int main(int argc, char *argv[])
 				extra->pkgmessage = strdup(optarg);
 				break;
 			case 't':
-				mport_parselist(optarg, &(pack->categories));
+				mport_parselist(optarg, &(pack->categories), &(pack->categories_count));
 				break;
 			case 'x':
 				if (optarg != NULL) {
diff --git a/contrib/mport/libmport/bundle_read_update_pkg.c b/contrib/mport/libmport/bundle_read_update_pkg.c
index a9429a163b..5463a0c8d9 100644
--- a/contrib/mport/libmport/bundle_read_update_pkg.c
+++ b/contrib/mport/libmport/bundle_read_update_pkg.c
@@ -124,8 +124,8 @@ static int build_create_extras(mportInstance *mport, mportPackageMeta *pkg, char
   extra = mport_createextras_new();
   *extra_p = extra;
  
-  extra->pkg_filename = strdup(tempfile); /* this MUST be on the heap, as it will be freed */
-  extra->sourcedir = strdup("");
+  strlcpy(extra->pkg_filename, tempfile, FILENAME_MAX);
+  extra->sourcedir[0] = '\0';
  
   if (build_create_extras_depends(mport, pkg, extra) != MPORT_OK)
     RETURN_CURRENT_ERROR;
@@ -205,6 +205,7 @@ static int build_create_extras_depends(mportInstance *mport, mportPackageMeta *p
 
   if ((extra->depends = (char **)calloc(count + 1, sizeof(char *))) == NULL)
     RETURN_ERROR(MPORT_ERR_FATAL, "Out of memory.");
+  extra->depends_count = count;
  
   if (mport_db_prepare(mport->db, &stmt, "SELECT depend_pkgname, depend_pkgversion, depend_port FROM depends WHERE pkg=%Q", pkg->name) != MPORT_OK) {
 	  sqlite3_finalize(stmt);
diff --git a/contrib/mport/libmport/mport.h b/contrib/mport/libmport/mport.h
index a2bd4f6543..bbe131eaff 100644
--- a/contrib/mport/libmport/mport.h
+++ b/contrib/mport/libmport/mport.h
@@ -149,6 +149,7 @@ typedef struct {
     char *prefix;
     char *origin;
     char **categories;
+    size_t categories_count;
     char *os_release;
     char *cpe;
     int locked;
@@ -253,11 +254,13 @@ typedef struct package_message {
 } mportPackageMessage;
 
 typedef struct {
-  char *pkg_filename;
-  char *sourcedir;
+  char pkg_filename[FILENAME_MAX];
+  char sourcedir[FILENAME_MAX];
   char **depends;
+  size_t depends_count;
   char *mtree;
   char **conflicts;
+  size_t conflicts_count;  
   char *pkginstall;
   char *pkgdeinstall;
   char *pkgmessage;
@@ -322,7 +325,7 @@ int mport_setting_set(mportInstance *, const char *, const char *);
 char ** mport_setting_list(mportInstance *);
 
 /* Utils */
-void mport_parselist(char *, char ***);
+void mport_parselist(char *, char ***, size_t *);
 int mport_verify_hash(const char *, const char *);
 int mport_file_exists(const char *);
 char * mport_version(mportInstance *);
diff --git a/contrib/mport/libmport/util.c b/contrib/mport/libmport/util.c
index eb0c60489d..a5d431a874 100644
--- a/contrib/mport/libmport/util.c
+++ b/contrib/mport/libmport/util.c
@@ -63,8 +63,8 @@ mport_createextras_new(void)
 	if (extra == NULL)
 		return NULL;
 
-	extra->pkg_filename = NULL;
-	extra->sourcedir = NULL;
+	extra->pkg_filename[0] = '\0';
+	extra->sourcedir[0] = '\0';
 	extra->mtree = NULL;
 	extra->pkginstall = NULL;
 	extra->pkgdeinstall = NULL;
@@ -78,15 +78,11 @@ mport_createextras_new(void)
 MPORT_PUBLIC_API void
 mport_createextras_free(mportCreateExtras *extra)
 {
-	int i;
+	size_t i;
 
 	if (extra == NULL)
 		return;
 
-	free(extra->pkg_filename);
-	extra->pkg_filename = NULL;
-	free(extra->sourcedir);
-	extra->sourcedir = NULL;
 	free(extra->mtree);
 	extra->mtree = NULL;
 	free(extra->pkginstall);
@@ -96,24 +92,26 @@ mport_createextras_free(mportCreateExtras *extra)
 	free(extra->pkgmessage);
 	extra->pkgmessage = NULL;
 
-	i = 0;
-	if (extra->conflicts != NULL) {
-		while (extra->conflicts[i] != NULL) {
+	if (extra->conflicts_count > 0 && extra->conflicts != NULL) {
+		for (i = 0; i < extra->conflicts_count; i++) {
+			if (extra->conflicts[i] == NULL) {
+				break;
+			}
 			free(extra->conflicts[i]);
 			extra->conflicts[i] = NULL;
-			i++;
 		}
-
+		
 		free(extra->conflicts);
 		extra->conflicts = NULL;
 	}
 
-	i = 0;
-	if (extra->depends != NULL) {
-		while (extra->depends[i] != NULL) {
+	if (extra->depends_count > 0 && extra->depends != NULL) {
+		for (i = 0; i < extra->depends_count; i++) {
+			if (extra->depends[i] == NULL) {
+				break;
+			}
 			free(extra->depends[i]);
 			extra->depends[i] = NULL;
-			i++;
 		}
 
 		free(extra->depends);
@@ -414,14 +412,14 @@ mport_xsystem(mportInstance *mport, const char *fmt, ...)
  *
  * char input[] = "foo bar baz"
  * char **list;
+ * size_t list_size;
  *
- * mport_parselist(input, &list);
+ * mport_parselist(input, &list, &list_size);
  * list = {"foo", "bar", "baz"};
  */
 void
-mport_parselist(char *opt, char ***list)
+mport_parselist(char *opt, char ***list, size_t *list_size)
 {
-	size_t len;
 	char *input;
 	char *field;
 
@@ -432,28 +430,33 @@ mport_parselist(char *opt, char ***list)
 	}
 
 	/* first we need to get the length of the dependency list */
-	for (len = 0; (field = strsep(&opt, " \t\n")) != NULL;) {
+	for (*list_size = 0; (field = strsep(&opt, " \t\n")) != NULL;) {
 		if (*field != '\0')
-			len++;
+			(*list_size)++;
 	}
 
-	if ((*list = (char **)calloc((len + 1), sizeof(char *))) == NULL) {
+	if (*list_size == 0) {
+		**list = NULL;
 		return;
 	}
 
-	if (len == 0) {
-		**list = NULL;
+	if ((*list = (char **)calloc((*list_size + 1), sizeof(char *))) == NULL) {
 		return;
 	}
 
 	/* dereference once so we don't lose our minds. */
 	char **vec = *list;
 
+	size_t loc = 0;
 	while ((field = strsep(&input, " \t\n")) != NULL) {
+		if (loc == *list_size)
+			break;
+
 		if (*field == '\0')
 			continue;
 
-		*vec = field;
+		*vec = strdup(field);
+		loc++;
 		vec++;
 	}
 
diff --git a/contrib/mport/mport/Makefile b/contrib/mport/mport/Makefile
index 0c2d8dc23c..7451bd0366 100644
--- a/contrib/mport/mport/Makefile
+++ b/contrib/mport/mport/Makefile
@@ -1,6 +1,7 @@
 PROG= mport
 
 CFLAGS= -I ../libmport/ -g -L../libmport -lmport -lutil
+CFLAGS+= -Werror -Wunused-variable -Wshadow -Wincompatible-pointer-types-discards-qualifiers
 
 LIBADD+=	mport util