On Sat, Oct 29 2022, Mikhail <mp39590@gmail.com> wrote:
> On Sat, Oct 29, 2022 at 09:43:28AM +0100, Stuart Henderson wrote:
>> On 2022/10/29 11:02, Mikhail wrote:
>> > On Sat, Oct 29, 2022 at 09:37:08AM +0200, Omar Polo wrote:
>> > >
>> > > Port-wise, the only thing that needs to be adjusted is CFLAGS, as
>> > > it uses the hardcoded ones '-O2 -pipe -Werror' and not the ones
>> > > provided by the port infrastructure; it's very easy to fix:
>> >
>> > Fixed, new archive attached, also the diff between vanilla and this
>> > ministat.c:
>>
>> imho it would be better for the distfile to be exactly the standard
>> FreeBSD version, then apply any changes by patching it in the port
>
> Such way it looks cleaner indeed. Distfile updated, new archive
> attached.
tl;dr : the pledge(2) promises looks reasonable to me. While
I initially found that three pledge(2) was too much, I must admit
that all of them tighten the program execution before looking at
untrusted data. For the first call pledge(2), one could argue that the
program environment is hardly untrusted data, but past problems like
shellshock have proved this assumption wrong. The second pledge(2) call
is the least useful IMO, since it only drops "tty" before reading data
from files. But I feel strongly about dropping it.
As suspected ministat fails to build on sparc64 (base-gcc) because it
uses math.h functions but doesn't link against libm. Thanks kmos@ for
confirming, suggesting the fix and testing it!
This looks ready to import. ok?
No comments:
Post a Comment