From: Alexander Bluhm Subject: html2text pledge To: ports@openbsd.org Date: Mon, 23 Jun 2025 16:01:15 +0200 Hi, I use html2text to convert HTML mails automatically into something readable in mutt. Recently I got a segmantation fault. I would feel much safer when parsing untrusted user input with pledge. ok? bluhm Index: Makefile =================================================================== RCS file: /cvs/ports/converters/html2text/Makefile,v diff -u -p -r1.22 Makefile --- Makefile 19 Jun 2025 11:09:27 -0000 1.22 +++ Makefile 23 Jun 2025 13:59:59 -0000 @@ -1,6 +1,7 @@ COMMENT= advanced HTML-to-text converter V= 2.3.0 +REVISION= 0 DISTNAME= html2text-$V SITES= https://github.com/grobian/html2text/releases/download/v$V/ @@ -10,6 +11,8 @@ HOMEPAGE= https://github.com/grobian/htm # GPLv2+ PERMIT_PACKAGE= Yes + +# uses pledge() WANTLIB += c iconv m ${COMPILER_LIBCXX} Index: patches/patch-html2text_cpp =================================================================== RCS file: patches/patch-html2text_cpp diff -N patches/patch-html2text_cpp --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-html2text_cpp 23 Jun 2025 13:59:59 -0000 @@ -0,0 +1,40 @@ +Index: html2text.cpp +--- html2text.cpp.orig ++++ html2text.cpp +@@ -18,9 +18,11 @@ + * GNU General Public License in the file COPYING for more details. + */ + ++#include + #include + #include + #include ++#include + + #include "html.h" + #include "HTMLControl.h" +@@ -187,6 +189,14 @@ main(int argc, char **argv) + exit(1); + } + ++ if (strcmp(output_file_name, "-") == 0) { ++ if (pledge("stdio rpath", NULL) == -1) ++ err(1, "pledge"); ++ } else { ++ if (pledge("stdio rpath wpath cpath", NULL) == -1) ++ err(1, "pledge"); ++ } ++ + /* historical default used to be ISO-8859-1, auto is not a valid + * encoding, but handled in iconvstream */ + if (from_encoding == NULL) +@@ -236,6 +246,9 @@ main(int argc, char **argv) + << std::endl; + exit(1); + } ++ ++ if (pledge("stdio rpath", NULL) == -1) ++ err(1, "pledge"); + + if (!is.os_isatty() && !explicit_rendering_req) { + /* disable "weird" chars unless explicitly requested, #64 */