git: ce7422b923b5 - main - textproc/par: Add Capsicum for security
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 09 Aug 2025 10:00:04 UTC
The branch main has been updated by markm:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ce7422b923b5271afd3b4423d8c7c986936b671a
commit ce7422b923b5271afd3b4423d8c7c986936b671a
Author: Mark Murray <markm@FreeBSD.org>
AuthorDate: 2025-08-09 09:45:42 +0000
Commit: Mark Murray <markm@FreeBSD.org>
CommitDate: 2025-08-09 09:53:22 +0000
textproc/par: Add Capsicum for security
Par is complicated software which process arbitrary input, this patch
adds support for Capsicum to increase its security, we cap_enter() right
at the beginning of main().
PR: 284322
Reported by: mp39590 at gmail.com
---
textproc/par/Makefile | 2 +-
textproc/par/files/patch-par.c | 24 ++++++++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/textproc/par/Makefile b/textproc/par/Makefile
index 5eaea70a9515..b12e9cd59f24 100644
--- a/textproc/par/Makefile
+++ b/textproc/par/Makefile
@@ -1,6 +1,6 @@
PORTNAME= par
PORTVERSION= 1.53.0
-PORTREVISION= 2
+PORTREVISION= 3
PKGNAMESUFFIX= _format
CATEGORIES= textproc
MASTER_SITES= http://www.nicemice.net/par/
diff --git a/textproc/par/files/patch-par.c b/textproc/par/files/patch-par.c
new file mode 100644
index 000000000000..8e3f237a3181
--- /dev/null
+++ b/textproc/par/files/patch-par.c
@@ -0,0 +1,24 @@
+--- par.c.orig 2025-01-24 19:16:10 UTC
++++ par.c
+@@ -21,6 +21,9 @@ This is ANSI C code (C89).
+ #include <stdlib.h>
+ #include <string.h>
+
++#include <sys/capsicum.h>
++#include <errno.h>
++
+ #undef NULL
+ #define NULL ((void *) 0)
+
+@@ -724,6 +727,11 @@ int main(int argc, const char * const *argv)
+ errmsg_t errmsg = { '\0' };
+ lineprop *props = NULL, *firstprop, *nextprop;
+ FILE *errout;
++
++ if (cap_enter() == -1 && errno != ENOSYS) {
++ strcpy(errmsg, "unable to enter sandbox\n");
++ goto parcleanup;
++ }
+
+ /* Set the current locale from the environment: */
+