Re: [patch] UPDATE: converters/libiconv: pledge iconv binary

Sat, 16 Jan 2021 07:29:53 -0800 

On Mon, Jan 11, 2021 at 07:50:55PM +0100, Hiltjo Posthuma wrote:
> Hi,
> 
> The below patch pledges the iconv binary in the libiconv package. The tool is
> useful for converting text-encoding of text data to UTF-8 for example.
> 
> It now uses pledge("stdio", NULL) if only using stdin/stdout. It uses
> pledge("stdio rpath", NULL) when specifying files.
> 
> I've tested many command-line option combinations and haven't found missing
> promises which cause an abort().
> 
> Patch:
> 
> 
> From f3b6b4de0a010bd7e9725eeaceddb33a61953a72 Mon Sep 17 00:00:00 2001
> From: Hiltjo Posthuma <hil...@codemadness.org>
> Date: Mon, 11 Jan 2021 19:39:31 +0100
> Subject: [PATCH] libiconv: pledge iconv(1) binary
> 
> ---
>  converters/libiconv/Makefile                  |  3 ++-
>  converters/libiconv/patches/patch-src_iconv_c | 22 +++++++++++++++++++
>  2 files changed, 24 insertions(+), 1 deletion(-)
>  create mode 100644 converters/libiconv/patches/patch-src_iconv_c
> 
> diff --git a/converters/libiconv/Makefile b/converters/libiconv/Makefile
> index 2ab58ea4519..5c8043270de 100644
> --- a/converters/libiconv/Makefile
> +++ b/converters/libiconv/Makefile
> @@ -5,7 +5,7 @@ COMMENT=      character set conversion library
>  DISTNAME=    libiconv-1.16
>  CATEGORIES=  converters devel
>  MASTER_SITES=        ${MASTER_SITE_GNU:=libiconv/}
> -REVISION=    0
> +REVISION=    1
>  
>  SHARED_LIBS= charset         1.1 \
>               iconv           7.0
> @@ -17,6 +17,7 @@ MAINTAINER= Brad Smith <b...@comstyle.com>
>  # LGPLv2 and GPLv3
>  PERMIT_PACKAGE=      Yes
>  
> +# uses pledge()
>  WANTLIB=     c
>  
>  SEPARATE_BUILD=      Yes
> diff --git a/converters/libiconv/patches/patch-src_iconv_c 
> b/converters/libiconv/patches/patch-src_iconv_c
> new file mode 100644
> index 00000000000..2f3eaac346d
> --- /dev/null
> +++ b/converters/libiconv/patches/patch-src_iconv_c
> @@ -0,0 +1,22 @@
> +--- src/iconv.c.orig Mon Jan 11 19:28:35 2021
> ++++ src/iconv.c      Mon Jan 11 19:31:36 2021
> +@@ -19,6 +19,9 @@
> + # define ICONV_CONST
> + #endif
> + 
> ++#include <err.h>
> ++#include <unistd.h>
> ++
> + #include <limits.h>
> + #include <stddef.h>
> + #include <stdio.h>
> +@@ -846,6 +849,9 @@
> +   struct iconv_hooks hooks;
> +   int i;
> +   int status;
> ++
> ++  if (pledge(i == argc ? "stdio" : "stdio rpath", NULL) == -1)
> ++    err(1, "pledge");
> + 
> +   set_program_name (argv[0]);
> + #if HAVE_SETLOCALE
> -- 
> 2.30.0
> 

Any thoughts/OKs for the above patch?

I use it to convert the text-encoding of some RSS/Atom feeds which are
non-UTF-8 to UTF-8.

With this patch it completes pledge(2)'ing my entire software bundle to handle
RSS/Atom feeds.

In a nutshell: ftp someurl | iconv -f encoding -t utf-8 | myprogram

Thanks,

-- 
Kind regards,
Hiltjo

Reply via email to