From 91ffda5f3b2f9b5a81401853861631b93cf37b1e Mon Sep 17 00:00:00 2001
From: Klemens Nanni <kn@openbsd.org>
Date: Sun, 20 Aug 2023 20:45:17 +0300
Subject: [PATCH 1/2] OpenBSD: Define _BSD_SOURCE to get pledge(2)

The unconditional define of _POSIX_C_SOURCE in pigz 2.5
(bf19597 "Add MinGW large file support."), later changed to
_XOPEN_SOURCE in pigz 2.6 (c9de6c5 "Portability improvements."),
causes <sys/cdefs.h> to define __POSIX_VISIBLE and, because _BSD_SOURCE
undefined, to also define __BSD_VISIBLE as 0, preventing <unistd.h>
from prototyping pledge(2).
---
 pigz.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pigz.c b/pigz.c
index 0e9d635..0c2701b 100644
--- a/pigz.c
+++ b/pigz.c
@@ -347,6 +347,9 @@
 #define _FILE_OFFSET_BITS 64            // Use large file functions
 #define _LARGE_FILES                    // Same thing for AIX
 #define _XOPEN_SOURCE 700               // For POSIX 2008
+#ifdef __OpenBSD__
+#define _BSD_SOURCE                     // for pledge(2)
+#endif
 
 // Included headers and what is expected from each.
 #include <stdio.h>      // fflush(), fprintf(), fputs(), getchar(), putc(),

From 46846caf427e049ee707f343091f7baff0e32e0c Mon Sep 17 00:00:00 2001
From: Klemens Nanni <kn@openbsd.org>
Date: Sun, 20 Aug 2023 20:51:46 +0300
Subject: [PATCH 2/2] OpenBSD: use pledge(2)

Start with "stdio rpath wpath cpath fattr chown" like OpenBSD's gzip(1).

For `g.pipeout' aka. -c and `g.decode == 2' aka. -t, drop to
"stdio rpath", like gzip;  a previous path retained "cpath" for signal
handler to unlink(2) output files, but this is not needed as -c and -t
never open any file for output/writing.

Do the same for `g.list' aka. -l.

OpenBSD's port started using broader pledge in 2018 and refined promises
to match gzip in january 2023.

https://man.openbsd.org/pledge.2
https://man.openbsd.org/gzip.1
---
 pigz.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pigz.c b/pigz.c
index 0c2701b..238783b 100644
--- a/pigz.c
+++ b/pigz.c
@@ -4607,6 +4607,13 @@ int main(int argc, char **argv) {
     char *opts, *p;                 // environment default options, marker
     ball_t err;                     // error information from throw()
 
+#ifdef __OpenBSD__
+    if (pledge("stdio rpath wpath cpath fattr chown", NULL) == -1) {
+        complain("pledge");
+        exit(1);
+    }
+#endif
+
     g.ret = 0;
     try {
         // initialize globals
@@ -4714,6 +4721,14 @@ int main(int argc, char **argv) {
                 argv[n] = NULL;         // remove if option
         option(NULL);                   // check for missing parameter
 
+#ifdef __OpenBSD__
+        if (g.pipeout || g.decode == 2 || g.list)
+            if (pledge("stdio rpath", NULL) == -1) {
+                complain("pledge");
+                exit(1);
+            }
+#endif
+
         // process command-line filenames
         done = 0;
         for (n = 1; n < argc; n++)