On Sat, Jan 16, 2016 at 08:37:16PM -0500, Michael McConville wrote: > Also, yet another tweak. deraadt@ pointed out that I should use the > local err clone (die()) rather than including err.h.
Comments inline. > Index: Makefile > =================================================================== > RCS file: /cvs/ports/textproc/the_silver_searcher/Makefile,v > retrieving revision 1.19 > diff -u -p -r1.19 Makefile > --- Makefile 9 Oct 2015 12:48:22 -0000 1.19 > +++ Makefile 17 Jan 2016 01:28:24 -0000 > @@ -3,6 +3,7 @@ > COMMENT = code searching tool, with a focus on speed (ag) > > DISTNAME = the_silver_searcher-0.31.0 > +REVISION = 0 > CATEGORIES = textproc > > HOMEPAGE = https://github.com/ggreer/the_silver_searcher > Index: patches/patch-src_main_c > =================================================================== > RCS file: patches/patch-src_main_c > diff -N patches/patch-src_main_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_main_c 17 Jan 2016 01:28:24 -0000 > @@ -0,0 +1,14 @@ > +$OpenBSD$ > +--- src/main.c.orig Sun Sep 6 00:29:27 2015 > ++++ src/main.c Sat Jan 16 20:25:38 2016 Why remove the pledge at the start of main in your diff? I think it was correct to have this: +@@ -35,6 +35,9 @@ int main(int argc, char **argv) { + int workers_len; + int num_cores; + ++ if (pledge("stdio rpath proc exec", NULL) == -1) ++ die("pledge: %s", strerror(errno)); ++ + set_log_level(LOG_LEVEL_WARN); + + work_queue = NULL; > +@@ -156,6 +156,10 @@ int main(int argc, char **argv) { > + log_debug("No CPU affinity support."); > + #endif > + } > ++ > ++ if (pledge("stdio rpath", NULL) == -1) > ++ die("pledge: %s", strerror(errno)); > ++ > + for (i = 0; paths[i] != NULL; i++) { > + log_debug("searching path %s for %s", paths[i], opts.query); > + symhash = NULL; > Index: patches/patch-src_options_c > =================================================================== > RCS file: patches/patch-src_options_c > diff -N patches/patch-src_options_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_options_c 17 Jan 2016 01:28:24 -0000 > @@ -0,0 +1,13 @@ > +$OpenBSD$ > +--- src/options.c.orig Sun Sep 6 02:20:35 2015 > ++++ src/options.c Sat Jan 16 20:25:13 2016 > +@@ -574,6 +574,9 @@ void parse_options(int argc, char **argv, char **base_ > + } > + } > + > ++ if (pledge("stdio rpath proc", NULL) == -1) > ++ die("pledge: %s", strerror(errno)); > ++ > + if (help) { > + usage(); > + exit(0); You can't do this pledge unconditionally. There may be another popen() for VCS includes. I've been using this: +@@ -574,6 +574,11 @@ void parse_options(int argc, char **argv, char **base_ + } + } + ++ if (opts.skip_vcs_ignores) { ++ if (pledge("stdio rpath proc", NULL) == -1) ++ die("pledge: %s", strerror(errno)); ++ } ++ + if (help) { + usage(); + exit(0); +@@ -620,6 +625,10 @@ void parse_options(int argc, char **argv, char **base_ + #else + gitconfig_file = popen("git config -z --path --get core.excludesfile 2>/dev/null", "r"); + #endif ++ ++ if (pledge("stdio rpath proc", NULL) == -1) ++ die("pledge: %s", strerror(errno)); ++ + if (gitconfig_file != NULL) { + do { + gitconfig_res = ag_realloc(gitconfig_res, buf_len + 65);
