[patch] UPDATE: converters/libiconv: pledge iconv binary

Mon, 11 Jan 2021 10:51:27 -0800 

Hi,

The below patch pledges the iconv binary in the libiconv package. The tool is
useful for converting text-encoding of text data to UTF-8 for example.

It now uses pledge("stdio", NULL) if only using stdin/stdout. It uses
pledge("stdio rpath", NULL) when specifying files.

I've tested many command-line option combinations and haven't found missing
promises which cause an abort().

Patch:


>From f3b6b4de0a010bd7e9725eeaceddb33a61953a72 Mon Sep 17 00:00:00 2001
From: Hiltjo Posthuma <hil...@codemadness.org>
Date: Mon, 11 Jan 2021 19:39:31 +0100
Subject: [PATCH] libiconv: pledge iconv(1) binary

---
 converters/libiconv/Makefile                  |  3 ++-
 converters/libiconv/patches/patch-src_iconv_c | 22 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 converters/libiconv/patches/patch-src_iconv_c

diff --git a/converters/libiconv/Makefile b/converters/libiconv/Makefile
index 2ab58ea4519..5c8043270de 100644
--- a/converters/libiconv/Makefile
+++ b/converters/libiconv/Makefile
@@ -5,7 +5,7 @@ COMMENT=        character set conversion library
 DISTNAME=      libiconv-1.16
 CATEGORIES=    converters devel
 MASTER_SITES=  ${MASTER_SITE_GNU:=libiconv/}
-REVISION=      0
+REVISION=      1
 
 SHARED_LIBS=   charset         1.1 \
                iconv           7.0
@@ -17,6 +17,7 @@ MAINTAINER=   Brad Smith <b...@comstyle.com>
 # LGPLv2 and GPLv3
 PERMIT_PACKAGE=        Yes
 
+# uses pledge()
 WANTLIB=       c
 
 SEPARATE_BUILD=        Yes
diff --git a/converters/libiconv/patches/patch-src_iconv_c 
b/converters/libiconv/patches/patch-src_iconv_c
new file mode 100644
index 00000000000..2f3eaac346d
--- /dev/null
+++ b/converters/libiconv/patches/patch-src_iconv_c
@@ -0,0 +1,22 @@
+--- src/iconv.c.orig   Mon Jan 11 19:28:35 2021
++++ src/iconv.c        Mon Jan 11 19:31:36 2021
+@@ -19,6 +19,9 @@
+ # define ICONV_CONST
+ #endif
+ 
++#include <err.h>
++#include <unistd.h>
++
+ #include <limits.h>
+ #include <stddef.h>
+ #include <stdio.h>
+@@ -846,6 +849,9 @@
+   struct iconv_hooks hooks;
+   int i;
+   int status;
++
++  if (pledge(i == argc ? "stdio" : "stdio rpath", NULL) == -1)
++    err(1, "pledge");
+ 
+   set_program_name (argv[0]);
+ #if HAVE_SETLOCALE
-- 
2.30.0

-- 
Kind regards,
Hiltjo

Reply via email to