Pledge patchelf(1), it only reads/writes/creates files.

Do so in main() since mainWrapped() itself parses files whilst parsing command line arguments (--rename-dynamic-symbols).
2023-11-30 19:31:37 +00:00 · 2023-11-30 19:31:37 +00:00 · 5e3ab5c08a
parent f67de49689
commit 5e3ab5c08a
2 changed files with 17 additions and 1 deletions
--- a/sysutils/patchelf/Makefile
+++ b/sysutils/patchelf/Makefile
@ -3,7 +3,7 @@ COMMENT =	utility for modifying existing ELF executables and libraries
 V =			0.18.0
 DISTNAME =		patchelf-${V}
 SITES =			https://github.com/NixOS/patchelf/releases/download/${V}/
-REVISION =		0
+REVISION =		1

 CATEGORIES =		sysutils

@ -12,6 +12,7 @@ MAINTAINER =		Klemens Nanni <kn@openbsd.org>
 # GPLv3
 PERMIT_PACKAGE =	Yes

+# uses pledge()
 WANTLIB +=		${COMPILER_LIBCXX} c m

 # -std=c++17
--- a/sysutils/patchelf/patches/patch-src_patchelf_cc
+++ b/sysutils/patchelf/patches/patch-src_patchelf_cc
@ -0,0 +1,15 @@
+Index: src/patchelf.cc
+--- src/patchelf.cc.orig
+++ src/patchelf.cc
+@@ -2689,6 +2689,11 @@ static int mainWrapped(int argc, char * * argv)
+ 
+ int main(int argc, char * * argv)
+ {
+#ifdef __OpenBSD__
+    if (pledge("stdio rpath wpath cpath", NULL) == -1)
+        error("pledge");
+#endif
+
+     try {
+         return mainWrapped(argc, argv);
+     } catch (std::exception & e) {