Index | Thread | Search

From:
Rafael Sadowski <rafael@sizeofvoid.org>
Subject:
Re: sysutils/tmate: add missed pledge
To:
ports@openbsd.org
Date:
Tue, 22 Apr 2025 07:51:38 +0200

Download raw body.

Thread 
On Mon Apr 21, 2025 at 10:55:01PM +0200, Kirill A. Korinsky wrote:
> ports@,
> 
> I'd like to add two missed "inet" pledge for sysutils/tmate.
> 
> The last one prevents it from start when I simple calls tmate, and the
> first one leads to crash when client is disconnect.
> 
> Tested on -current/amd64.

Confirmed, could we also ship this with 7.7-stable?

> 
> Ok?

OK rsadowski@

> 
> Index: sysutils/tmate/Makefile
> ===================================================================
> RCS file: /home/cvs/ports/sysutils/tmate/Makefile,v
> diff -u -p -r1.23 Makefile
> --- sysutils/tmate/Makefile	20 Feb 2024 12:01:49 -0000	1.23
> +++ sysutils/tmate/Makefile	21 Apr 2025 20:44:55 -0000
> @@ -4,7 +4,7 @@ GH_ACCOUNT =	tmate-io
>  GH_PROJECT =	tmate
>  GH_TAGNAME =	2.4.0
>  CATEGORIES =	sysutils
> -REVISION =	7
> +REVISION =	8
>  
>  SITES.p =	https://github.com/tmate-io/tmate/commit/
>  PATCHFILES.p =	tmate-bad-fingerprint{cbec43f56dfb48c2fb6e00faa2cb85443d4b7d8f}.patch \
> Index: sysutils/tmate/patches/patch-client_c
> ===================================================================
> RCS file: sysutils/tmate/patches/patch-client_c
> diff -N sysutils/tmate/patches/patch-client_c
> --- /dev/null	1 Jan 1970 00:00:00 -0000
> +++ sysutils/tmate/patches/patch-client_c	21 Apr 2025 20:51:27 -0000
> @@ -0,0 +1,23 @@
> +Add missing inet promise.
> +
> +Index: client.c
> +--- client.c.orig
> ++++ client.c
> +@@ -391,7 +391,7 @@ client_main(struct event_base *base, int argc, char **
> + 	 *
> + 	 * "sendfd" is dropped later in client_dispatch_wait().
> + 	 */
> +-	if (pledge("stdio unix sendfd proc exec tty", NULL) != 0)
> ++	if (pledge("stdio unix sendfd proc exec tty inet", NULL) != 0)
> + 		fatal("pledge failed");
> + #endif
> + 
> +@@ -652,7 +652,7 @@ client_dispatch_wait(struct imsg *imsg, const char *sh
> + 	 * get the first message from the server.
> + 	 */
> + 	if (!pledge_applied) {
> +-		if (pledge("stdio unix proc exec tty", NULL) != 0)
> ++		if (pledge("stdio unix proc exec tty inet", NULL) != 0)
> + 			fatal("pledge failed");
> + 		pledge_applied = 1;
> + 	};
>