This patch introduces pledge(2) to mcabber with the following promises:

rpath/wpath/cpath/fattr: it needs to read, write and create files and set the
correct attributes
inet/dns: network application needs both promises
tty: ncurses is used for the interface so it needs this
proc/exec: this is only needed if events are configured in the config files

In order to apply this we have disabled modules support since it would need to
load libraries dinamically and therefore prot_exec promise would be needed but
that is not a good strategy. This is mentioned in DESCR to reflect the change.

OK tim@ after his suggestions and also OK by the maintainer Markus Hennecke
since no users objected this change.

net/mcabber/Makefile

@@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.26 2016/03/18 23:57:57 tim Exp $
+# $OpenBSD: Makefile,v 1.27 2016/03/24 20:04:25 mestre Exp $
 
 COMMENT=		console jabber client
 DISTNAME=		mcabber-1.0.2
-REVISION=		0
+REVISION=		1
 CATEGORIES=		net
 
 HOMEPAGE=		http://mcabber.com/
@@ -17,6 +17,7 @@ EXTRACT_SUFX=		.tar.bz2
 
 MODULES=		devel/gettext
 
+# uses pledge()
 WANTLIB=		c crypto gcrypt gpg-error ncursesw panelw pcre pthread \
 			ssl glib-2.0 gmodule-2.0 gpgme loudmouth-1>=3 \
 			idn otr assuan ffi gobject-2.0
@@ -36,6 +37,7 @@ CONFIGURE_STYLE=	gnu
 CONFIGURE_ARGS= 	--enable-gpgme \
 			--disable-aspell \
 			--disable-enchant \
+			--disable-modules \
 			--enable-otr \
 			--enable-sigwinch \
 			--with-libotr-prefix=${LOCALBASE}/lib \

net/mcabber/patches/patch-mcabber_main_c

@@ -0,0 +1,23 @@
+$OpenBSD: patch-mcabber_main_c,v 1.1 2016/03/24 20:04:25 mestre Exp $
+--- mcabber/main.c.orig	Sat Feb 27 12:41:08 2016
++++ mcabber/main.c	Thu Mar 24 17:36:48 2016
+@@ -455,6 +455,19 @@ int main(int argc, char **argv)
+   if (ret == -2)
+     exit(EXIT_FAILURE);
+ 
++  if (settings_opt_get("events_command")) {
++    if (pledge("stdio rpath wpath cpath fattr inet dns tty proc exec", NULL) ==
++      -1) {
++      fprintf(stderr, "Cannot pledge: %s\n", strerror(errno));
++      exit(EXIT_FAILURE);
++    }
++  } else {
++    if (pledge("stdio rpath wpath cpath fattr inet dns tty", NULL) == -1) {
++      fprintf(stderr, "Cannot pledge: %s\n", strerror(errno));
++      exit(EXIT_FAILURE);exit(EXIT_FAILURE);
++    }
++  }
++
+   /* Display configuration settings */
+   {
+     const char *p;

net/mcabber/pkg/DESCR

@@ -1,2 +1,4 @@
 Small console Jabber client which features SSL support, history logging
 and external actions.
+
+Module support has been disabled in favour of a strong pledge(2).

net/mcabber/pkg/PLIST

@@ -1,47 +1,5 @@
-@comment $OpenBSD: PLIST,v 1.7 2015/11/10 20:38:19 tim Exp $
+@comment $OpenBSD: PLIST,v 1.8 2016/03/24 20:04:25 mestre Exp $
 @bin bin/mcabber
-include/mcabber/
-include/mcabber/api.h
-include/mcabber/caps.h
-include/mcabber/commands.h
-include/mcabber/compl.h
-include/mcabber/config.h
-include/mcabber/events.h
-include/mcabber/fifo.h
-include/mcabber/hbuf.h
-include/mcabber/help.h
-include/mcabber/hgcset.h
-include/mcabber/histolog.h
-include/mcabber/hooks.h
-include/mcabber/logprint.h
-include/mcabber/main.h
-include/mcabber/modules.h
-include/mcabber/nohtml.h
-include/mcabber/otr.h
-include/mcabber/pgp.h
-include/mcabber/roster.h
-include/mcabber/screen.h
-include/mcabber/settings.h
-include/mcabber/utf8.c
-include/mcabber/utf8.h
-include/mcabber/utils.h
-include/mcabber/xmpp.h
-include/mcabber/xmpp_defines.h
-include/mcabber/xmpp_helper.h
-include/mcabber/xmpp_iq.h
-include/mcabber/xmpp_iqrequest.h
-include/mcabber/xmpp_muc.h
-include/mcabber/xmpp_s10n.h
-lib/mcabber/
-lib/mcabber/libbeep.la
-lib/mcabber/libbeep.so
-lib/mcabber/libfifo.la
-lib/mcabber/libfifo.so
-lib/mcabber/liburlregex.la
-lib/mcabber/liburlregex.so
-lib/mcabber/libxttitle.la
-lib/mcabber/libxttitle.so
-lib/pkgconfig/mcabber.pc
 @man man/man1/mcabber.1
 share/applications/mcabber.desktop
 share/examples/mcabber/