Hi,
Here a diff for adding pledge(2) to textproc/mupdf. I added ports@ in Cc
in order to get wider reviewing.
I pledged all programs inside textproc/mupdf:
- mupdf-x11
- mupdf-x11-curl
- mupdf-gl
- mutool draw,clean,extract,info,pages,poster,show
- mujstest
The patch files explains "unusual" promises or specials cases.
Thanks.
--
Sebastien Marie
Index: Makefile
===================================================================
RCS file: /cvs/ports/textproc/mupdf/Makefile,v
retrieving revision 1.59
diff -u -p -r1.59 Makefile
--- Makefile 12 Nov 2015 17:26:54 -0000 1.59
+++ Makefile 17 Jan 2016 13:23:42 -0000
@@ -8,6 +8,7 @@ COMMENT = graphic library, pdf parser, v
V = 1.8
DISTNAME = mupdf-$V-source
PKGNAME = mupdf-$V
+REVISION = 0
CATEGORIES = textproc x11
@@ -23,6 +24,7 @@ PERMIT_PACKAGE_CDROM = Yes
FLAVORS= js
FLAVOR?=
+# uses pledge(2)
WANTLIB += GL X11 Xcursor Xext Xinerama Xrandr c crypto curl freetype
WANTLIB += idn jbig2dec jpeg m nghttp2 openjp2 pthread ssl z
Index: patches/patch-platform_gl_gl-main_c
===================================================================
RCS file: patches/patch-platform_gl_gl-main_c
diff -N patches/patch-platform_gl_gl-main_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-platform_gl_gl-main_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+
+add pledge(2) to mupdf-gl:
+ - drm : opengl stuff
+ - proc exec : opening a external browser on uri link
+
+--- platform/gl/gl-main.c.orig Tue Nov 10 17:19:51 2015
++++ platform/gl/gl-main.c Sun Jan 17 10:21:44 2016
+@@ -1361,6 +1361,12 @@ int main(int argc, char **argv)
+
+ glfwMakeContextCurrent(window);
+
++ if (pledge("stdio rpath drm proc exec", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, 0);
+ fz_register_document_handlers(ctx);
+
Index: patches/patch-platform_x11_jstest_main_c
===================================================================
RCS file: patches/patch-platform_x11_jstest_main_c
diff -N patches/patch-platform_x11_jstest_main_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-platform_x11_jstest_main_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+
+add pledge(2) to mujstest
+ - rpath : OPEN command
+ - wpath cpath : SCREENSHOT command
+
+--- platform/x11/jstest_main.c.orig Sun Jan 17 13:50:58 2016
++++ platform/x11/jstest_main.c Sun Jan 17 13:52:29 2016
+@@ -310,6 +310,12 @@ main(int argc, char *argv[])
+ if (fz_optind == argc)
+ usage();
+
++ if (pledge("stdio rpath wpath cpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_DEFAULT);
+ if (!ctx)
+ {
Index: patches/patch-platform_x11_x11_main_c
===================================================================
RCS file: patches/patch-platform_x11_x11_main_c
diff -N patches/patch-platform_x11_x11_main_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-platform_x11_x11_main_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,29 @@
+$OpenBSD$
+
+add pledge(2) to mupdf-x11 and mupdf-x11-curl:
+ - inet dns : with HAVE_CURL only
+ - proc exec : opening an external browser on uri link
+
+--- platform/x11/x11_main.c.orig Tue Nov 10 17:19:51 2015
++++ platform/x11/x11_main.c Sun Jan 17 12:19:55 2016
+@@ -885,6 +885,20 @@ int main(int argc, char **argv)
+ tmo_at.tv_usec = 0;
+ timeout = NULL;
+
++#ifdef HAVE_CURL
++ if (pledge("stdio rpath inet dns proc exec", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++#else
++ if (pledge("stdio rpath proc exec", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++#endif
++
+ pdfapp_open(&gapp, filename, 0);
+
+ FD_ZERO(&fds);
Index: patches/patch-source_tools_mudraw_c
===================================================================
RCS file: patches/patch-source_tools_mudraw_c
diff -N patches/patch-source_tools_mudraw_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_mudraw_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,31 @@
+$OpenBSD$
+
+add pledge(2) to "mutool draw":
+ - wpath cpath : only if output is specified
+
+--- source/tools/mudraw.c.orig Tue Nov 10 17:19:51 2015
++++ source/tools/mudraw.c Sun Jan 17 10:21:04 2016
+@@ -909,6 +909,23 @@ int mudraw_main(int argc, char **argv)
+ if (fz_optind == argc)
+ usage();
+
++ if (output && output[0] != '-' && *output != 0)
++ {
++ if (pledge("stdio rpath wpath cpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++ }
++ else
++ {
++ if (pledge("stdio rpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++ }
++
+ ctx = fz_new_context((showmemory == 0 ? NULL : &alloc_ctx), NULL,
FZ_STORE_DEFAULT);
+ if (!ctx)
+ {
Index: patches/patch-source_tools_pdfclean_c
===================================================================
RCS file: patches/patch-source_tools_pdfclean_c
diff -N patches/patch-source_tools_pdfclean_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_pdfclean_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+add pledge(2) to "mutool clean"
+
+--- source/tools/pdfclean.c.orig Sun Jan 17 11:59:42 2016
++++ source/tools/pdfclean.c Sun Jan 17 12:01:42 2016
+@@ -79,6 +79,12 @@ int pdfclean_main(int argc, char **argv)
+ outfile = argv[fz_optind++];
+ }
+
++ if (pledge("stdio rpath wpath cpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED);
+ if (!ctx)
+ {
Index: patches/patch-source_tools_pdfextract_c
===================================================================
RCS file: patches/patch-source_tools_pdfextract_c
diff -N patches/patch-source_tools_pdfextract_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_pdfextract_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+add pledge(2) to "mutool extract"
+
+--- source/tools/pdfextract.c.orig Sun Jan 17 12:12:27 2016
++++ source/tools/pdfextract.c Sun Jan 17 12:13:42 2016
+@@ -202,6 +202,12 @@ int pdfextract_main(int argc, char **argv)
+
+ infile = argv[fz_optind++];
+
++ if (pledge("stdio rpath wpath cpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED);
+ if (!ctx)
+ {
Index: patches/patch-source_tools_pdfinfo_c
===================================================================
RCS file: patches/patch-source_tools_pdfinfo_c
diff -N patches/patch-source_tools_pdfinfo_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_pdfinfo_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+add pledge(2) to "mutool info"
+
+--- source/tools/pdfinfo.c.orig Sun Jan 17 10:20:26 2016
++++ source/tools/pdfinfo.c Sun Jan 17 10:23:26 2016
+@@ -1061,6 +1061,12 @@ int pdfinfo_main(int argc, char **argv)
+ if (fz_optind == argc)
+ infousage();
+
++ if (pledge("stdio rpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED);
+ if (!ctx)
+ {
Index: patches/patch-source_tools_pdfpages_c
===================================================================
RCS file: patches/patch-source_tools_pdfpages_c
diff -N patches/patch-source_tools_pdfpages_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_pdfpages_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+add pledge(2) to "mutool pages"
+
+--- source/tools/pdfpages.c.orig Sun Jan 17 12:13:56 2016
++++ source/tools/pdfpages.c Sun Jan 17 12:15:06 2016
+@@ -229,6 +229,12 @@ int pdfpages_main(int argc, char **argv)
+ if (fz_optind == argc)
+ infousage();
+
++ if (pledge("stdio rpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED);
+ if (!ctx)
+ {
Index: patches/patch-source_tools_pdfposter_c
===================================================================
RCS file: patches/patch-source_tools_pdfposter_c
diff -N patches/patch-source_tools_pdfposter_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_pdfposter_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+
+add pledge(2) to "mutool poster"
+
+--- source/tools/pdfposter.c.orig Sun Jan 17 12:21:27 2016
++++ source/tools/pdfposter.c Sun Jan 17 12:22:56 2016
+@@ -189,6 +189,12 @@ int pdfposter_main(int argc, char **argv)
+ outfile = argv[fz_optind++];
+ }
+
++ if (pledge("stdio rpath wpath cpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED);
+ if (!ctx)
+ {
Index: patches/patch-source_tools_pdfshow_c
===================================================================
RCS file: patches/patch-source_tools_pdfshow_c
diff -N patches/patch-source_tools_pdfshow_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-source_tools_pdfshow_c 17 Jan 2016 13:23:42 -0000
@@ -0,0 +1,35 @@
+$OpenBSD$
+
+add pledge(2) to "mutool show":
+ - rpath : dropped after opening
+ - no need of wpath cpath for -o, as the open is already done at this place
+
+--- source/tools/pdfshow.c.orig Sun Jan 17 09:08:52 2016
++++ source/tools/pdfshow.c Sun Jan 17 09:15:05 2016
+@@ -247,6 +247,12 @@ int pdfshow_main(int argc, char **argv)
+ }
+ }
+
++ if (pledge("stdio rpath", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED);
+ if (!ctx)
+ {
+@@ -258,6 +264,13 @@ int pdfshow_main(int argc, char **argv)
+ fz_try(ctx)
+ {
+ doc = pdf_open_document(ctx, filename);
++
++ if (pledge("stdio", NULL) == -1)
++ {
++ fprintf(stderr, "pledge: %s\n", strerror(errno));
++ exit(1);
++ }
++
+ if (pdf_needs_password(ctx, doc))
+ if (!pdf_authenticate_password(ctx, doc, password))
+ fz_warn(ctx, "cannot authenticate password:
%s", filename);
