add pledge to xz, xzdec, lzmadec; ok sthen@

2016-01-17 20:28:36 +00:00 · 2016-01-17 20:28:36 +00:00 · a3dab8196f
commit a3dab8196f
parent 54e63ea336
4 changed files with 65 additions and 5 deletions
--- a/archivers/xz/Makefile
+++ b/archivers/xz/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.30 2015/10/18 19:45:13 naddy Exp $
+# $OpenBSD: Makefile,v 1.31 2016/01/17 20:28:36 naddy Exp $

 COMMENT=	LZMA compression and decompression tools

 DISTNAME=	xz-5.2.2
+REVISION=	0
 SHARED_LIBS=	lzma                 2.1      # .7.2
 CATEGORIES=	archivers
 DPB_PROPERTIES=	parallel
@ -16,6 +17,7 @@ PERMIT_PACKAGE_CDROM=	Yes

 MASTER_SITES=	${HOMEPAGE}

+# uses pledge()
 WANTLIB=	c pthread

 SEPARATE_BUILD=	Yes
--- a/archivers/xz/patches/patch-config_h_in
+++ b/archivers/xz/patches/patch-config_h_in
@ -1,7 +1,7 @@
-$OpenBSD: patch-config_h_in,v 1.6 2015/03/31 18:00:23 naddy Exp $
--- config.h.in.orig	Thu Feb 26 09:55:23 2015
-+++ config.h.in	Mon Mar  2 23:25:39 2015
-@@ -352,7 +352,11 @@
+$OpenBSD: patch-config_h_in,v 1.7 2016/01/17 20:28:36 naddy Exp $
+--- config.h.in.orig	Tue Sep 29 13:03:40 2015
+++ config.h.in	Sun Oct 18 21:46:08 2015
+@@ -349,7 +349,11 @@
 
 /* Define to 1 if the system supports fast unaligned access to 16-bit and
    32-bit integers. */
--- a/archivers/xz/patches/patch-src_xz_main_c
+++ b/archivers/xz/patches/patch-src_xz_main_c
@ -0,0 +1,33 @@
+$OpenBSD: patch-src_xz_main_c,v 1.5 2016/01/17 20:28:36 naddy Exp $
+--- src/xz/main.c.orig	Thu Feb 26 15:54:33 2015
+++ src/xz/main.c	Sun Oct 18 02:05:53 2015
+@@ -163,12 +163,29 @@ main(int argc, char **argv)
+ 	// on the command line, thus this must be done before args_parse().
+ 	hardware_init();
+ 
+#ifdef __OpenBSD__
+	if (pledge("stdio rpath wpath cpath fattr proc", NULL) == -1)
+		message_fatal(_("pledge"));
+#endif
+
+ 	// Parse the command line arguments and get an array of filenames.
+ 	// This doesn't return if something is wrong with the command line
+ 	// arguments. If there are no arguments, one filename ("-") is still
+ 	// returned to indicate stdin.
+ 	args_info args;
+ 	args_parse(&args, argc, argv);
+
+#ifdef __OpenBSD__
+	// No files on the command line and no --files.
+	if ((args.arg_count == 1 && strcmp(args.arg_names[0], "-") == 0) &&
+	    args.files_name == NULL) {
+		if (pledge("stdio proc", NULL) == -1)
+			message_fatal(_("pledge"));
+	} else if (opt_stdout || opt_mode == MODE_LIST) {
+		if (pledge("stdio rpath proc", NULL) == -1)
+			message_fatal(_("pledge"));
+	}
+#endif
+ 
+ 	if (opt_mode != MODE_LIST && opt_robot)
+ 		message_fatal(_("Compression and decompression with --robot "
--- a/archivers/xz/patches/patch-src_xzdec_xzdec_c
+++ b/archivers/xz/patches/patch-src_xzdec_xzdec_c
@ -0,0 +1,25 @@
+$OpenBSD: patch-src_xzdec_xzdec_c,v 1.1 2016/01/17 20:28:36 naddy Exp $
+--- src/xzdec/xzdec.c.orig	Thu Feb 26 15:54:33 2015
+++ src/xzdec/xzdec.c	Sun Oct 18 13:27:51 2015
+@@ -292,9 +292,21 @@ main(int argc, char **argv)
+ 
+ 	if (optind == argc) {
+ 		// No filenames given, decode from stdin.
+#ifdef __OpenBSD__
+		if (pledge("stdio", NULL) == -1) {
+			my_errorf("pledge");
+			exit(EXIT_FAILURE);
+		}
+#endif
+ 		uncompress(&strm, stdin, "(stdin)");
+ 	} else {
+ 		// Loop through the filenames given on the command line.
+#ifdef __OpenBSD__
+		if (pledge("stdio rpath", NULL) == -1) {
+			my_errorf("pledge");
+			exit(EXIT_FAILURE);
+		}
+#endif
+ 		do {
+ 			// "-" indicates stdin.
+ 			if (strcmp(argv[optind], "-") == 0) {