Tighten pledge

pigz starts with "stdio rpath wpath cpath fattr chown" like base gzip(1). For `g.pipeout' aka. -c --stdout and `g.decode == 2' aka. -t --test, pigz drops to "stdio rpath cpath" while gzip uses "stdio rpath". The original pledge diff added "cpath" for the case where pigz's signal handler unlink(2)s output files, but this is actually not needed since -c and -t never open any file for output/writing. Drop "cpath" to match gzip behaviour. Do the same for `g.list' aka. -l --list.
2023-01-24 12:53:42 +00:00 · 2023-01-24 12:53:42 +00:00 · 8cf4361551
parent a3166ccfac
commit 8cf4361551
2 changed files with 3 additions and 3 deletions
--- a/archivers/pigz/Makefile
+++ b/archivers/pigz/Makefile
@ -6,7 +6,7 @@ COMMENT =	parallel implementation of gzip utilizing multiple cores
 DISTNAME =	pigz-2.7
 CATEGORIES =	archivers
 HOMEPAGE =	https://zlib.net/pigz/
-REVISION =	0
+REVISION =	1

 MAINTAINER =	Klemens Nanni <kn@openbsd.org>

--- a/archivers/pigz/patches/patch-pigz_c
+++ b/archivers/pigz/patches/patch-pigz_c
@ -33,8 +33,8 @@ Index: pigz.c
                 argv[n] = NULL;         // remove if option
         option(NULL);                   // check for missing parameter
 +
-+        if (g.pipeout || g.decode == 2)
-+            if (pledge("stdio rpath cpath", NULL) == -1) {
+        if (g.pipeout || g.decode == 2 || g.list)
+            if (pledge("stdio rpath", NULL) == -1) {
 +                complain("pledge");
 +                exit(1);
 +            }