On Mon, Jan 18, 2016 at 01:50:01PM +0000, Stuart Henderson wrote: > > These seem fine in my tests so far (tried a few files with various > image formats etc and some with passwords). > > > - mupdf-x11-curl > > I ran into a problem with mupdf-x11-curl fetching from http getting > killed on the first file I tried: as luck would have it I haven't been > able to repeat it with another file, but http://dmtx.uk/ugh.pdf > if you'd like to try it. Works ok from disk. It fails to display > in the unpledged version too (sits burning cpu), so there's an > upstream bug anyway. >
I am able to reproduce it. The problem is in mupdf-1.8-source/platform/x11/x11_main.c (but mupdf-x11 isn't impacted). The function winreloadpage() calls XOpenDisplay() in the middle of the program (whereas xdpy contains the already opened display ? I dunno why it tries to open it again). void winreloadpage(pdfapp_t *app) { XEvent xev; Display *dpy = XOpenDisplay(NULL); But as we tries to open display, it is depending of DISPLAY env for how xcb will contact the Xserver. In your backtrace (and mine) it is :0, so it tries unix sockets... and pledge don't let it to pass. This function seems to be called only from HAVE_CURL code (it is why mupdf-x11 isn't impacted), and seems to be used to "emulate" a reload command for http (as the pdf stream arrived by chunks). It downloads a block of octets, try to display a page (reload), if fails downloads more octets... and loop. The following diff adds removing of the extra XOpenDisplay() and reuse xdpy variable. It makes your uri to have same behaviour than unpledged version... (still bugged). -- Sebastien Marie Index: Makefile =================================================================== RCS file: /cvs/ports/textproc/mupdf/Makefile,v retrieving revision 1.59 diff -u -p -r1.59 Makefile --- Makefile 12 Nov 2015 17:26:54 -0000 1.59 +++ Makefile 18 Jan 2016 14:23:32 -0000 @@ -8,6 +8,7 @@ COMMENT = graphic library, pdf parser, v V = 1.8 DISTNAME = mupdf-$V-source PKGNAME = mupdf-$V +REVISION = 0 CATEGORIES = textproc x11 @@ -23,6 +24,7 @@ PERMIT_PACKAGE_CDROM = Yes FLAVORS= js FLAVOR?= +# uses pledge(2) WANTLIB += GL X11 Xcursor Xext Xinerama Xrandr c crypto curl freetype WANTLIB += idn jbig2dec jpeg m nghttp2 openjp2 pthread ssl z Index: patches/patch-platform_gl_gl-main_c =================================================================== RCS file: patches/patch-platform_gl_gl-main_c diff -N patches/patch-platform_gl_gl-main_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-platform_gl_gl-main_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,21 @@ +$OpenBSD$ + +add pledge(2) to mupdf-gl: + - drm : opengl stuff + - proc exec : opening a external browser on uri link + +--- platform/gl/gl-main.c.orig Tue Nov 10 17:19:51 2015 ++++ platform/gl/gl-main.c Sun Jan 17 10:21:44 2016 +@@ -1361,6 +1361,12 @@ int main(int argc, char **argv) + + glfwMakeContextCurrent(window); + ++ if (pledge("stdio rpath drm proc exec", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, 0); + fz_register_document_handlers(ctx); + Index: patches/patch-platform_x11_jstest_main_c =================================================================== RCS file: patches/patch-platform_x11_jstest_main_c diff -N patches/patch-platform_x11_jstest_main_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-platform_x11_jstest_main_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,21 @@ +$OpenBSD$ + +add pledge(2) to mujstest + - rpath : OPEN command + - wpath cpath : SCREENSHOT command + +--- platform/x11/jstest_main.c.orig Sun Jan 17 13:50:58 2016 ++++ platform/x11/jstest_main.c Sun Jan 17 13:52:29 2016 +@@ -310,6 +310,12 @@ main(int argc, char *argv[]) + if (fz_optind == argc) + usage(); + ++ if (pledge("stdio rpath wpath cpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_DEFAULT); + if (!ctx) + { Index: patches/patch-platform_x11_x11_main_c =================================================================== RCS file: patches/patch-platform_x11_x11_main_c diff -N patches/patch-platform_x11_x11_main_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-platform_x11_x11_main_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,47 @@ +$OpenBSD$ + +add pledge(2) to mupdf-x11 and mupdf-x11-curl: + - inet dns : with HAVE_CURL only + - proc exec : opening an external browser on uri link + +--- platform/x11/x11_main.c.orig Tue Nov 10 17:19:51 2015 ++++ platform/x11/x11_main.c Mon Jan 18 15:20:56 2016 +@@ -698,7 +698,6 @@ void onselreq(Window requestor, Atom selection, Atom t + void winreloadpage(pdfapp_t *app) + { + XEvent xev; +- Display *dpy = XOpenDisplay(NULL); + + xev.xclient.type = ClientMessage; + xev.xclient.serial = 0; +@@ -709,8 +708,7 @@ void winreloadpage(pdfapp_t *app) + xev.xclient.data.l[0] = 0; + xev.xclient.data.l[1] = 0; + xev.xclient.data.l[2] = 0; +- XSendEvent(dpy, xwin, 0, 0, &xev); +- XCloseDisplay(dpy); ++ XSendEvent(xdpy, xwin, 0, 0, &xev); + } + + void winopenuri(pdfapp_t *app, char *buf) +@@ -884,6 +882,20 @@ int main(int argc, char **argv) + tmo_at.tv_sec = 0; + tmo_at.tv_usec = 0; + timeout = NULL; ++ ++#ifdef HAVE_CURL ++ if (pledge("stdio rpath inet dns proc exec", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++#else ++ if (pledge("stdio rpath proc exec", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++#endif + + pdfapp_open(&gapp, filename, 0); + Index: patches/patch-source_tools_mudraw_c =================================================================== RCS file: patches/patch-source_tools_mudraw_c diff -N patches/patch-source_tools_mudraw_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_mudraw_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,31 @@ +$OpenBSD$ + +add pledge(2) to "mutool draw": + - wpath cpath : only if output is specified + +--- source/tools/mudraw.c.orig Tue Nov 10 17:19:51 2015 ++++ source/tools/mudraw.c Sun Jan 17 10:21:04 2016 +@@ -909,6 +909,23 @@ int mudraw_main(int argc, char **argv) + if (fz_optind == argc) + usage(); + ++ if (output && output[0] != '-' && *output != 0) ++ { ++ if (pledge("stdio rpath wpath cpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ } ++ else ++ { ++ if (pledge("stdio rpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ } ++ + ctx = fz_new_context((showmemory == 0 ? NULL : &alloc_ctx), NULL, FZ_STORE_DEFAULT); + if (!ctx) + { Index: patches/patch-source_tools_pdfclean_c =================================================================== RCS file: patches/patch-source_tools_pdfclean_c diff -N patches/patch-source_tools_pdfclean_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_pdfclean_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ + +add pledge(2) to "mutool clean" + +--- source/tools/pdfclean.c.orig Sun Jan 17 11:59:42 2016 ++++ source/tools/pdfclean.c Sun Jan 17 12:01:42 2016 +@@ -79,6 +79,12 @@ int pdfclean_main(int argc, char **argv) + outfile = argv[fz_optind++]; + } + ++ if (pledge("stdio rpath wpath cpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED); + if (!ctx) + { Index: patches/patch-source_tools_pdfextract_c =================================================================== RCS file: patches/patch-source_tools_pdfextract_c diff -N patches/patch-source_tools_pdfextract_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_pdfextract_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ + +add pledge(2) to "mutool extract" + +--- source/tools/pdfextract.c.orig Sun Jan 17 12:12:27 2016 ++++ source/tools/pdfextract.c Sun Jan 17 12:13:42 2016 +@@ -202,6 +202,12 @@ int pdfextract_main(int argc, char **argv) + + infile = argv[fz_optind++]; + ++ if (pledge("stdio rpath wpath cpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED); + if (!ctx) + { Index: patches/patch-source_tools_pdfinfo_c =================================================================== RCS file: patches/patch-source_tools_pdfinfo_c diff -N patches/patch-source_tools_pdfinfo_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_pdfinfo_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ + +add pledge(2) to "mutool info" + +--- source/tools/pdfinfo.c.orig Sun Jan 17 10:20:26 2016 ++++ source/tools/pdfinfo.c Sun Jan 17 10:23:26 2016 +@@ -1061,6 +1061,12 @@ int pdfinfo_main(int argc, char **argv) + if (fz_optind == argc) + infousage(); + ++ if (pledge("stdio rpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED); + if (!ctx) + { Index: patches/patch-source_tools_pdfpages_c =================================================================== RCS file: patches/patch-source_tools_pdfpages_c diff -N patches/patch-source_tools_pdfpages_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_pdfpages_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ + +add pledge(2) to "mutool pages" + +--- source/tools/pdfpages.c.orig Sun Jan 17 12:13:56 2016 ++++ source/tools/pdfpages.c Sun Jan 17 12:15:06 2016 +@@ -229,6 +229,12 @@ int pdfpages_main(int argc, char **argv) + if (fz_optind == argc) + infousage(); + ++ if (pledge("stdio rpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED); + if (!ctx) + { Index: patches/patch-source_tools_pdfposter_c =================================================================== RCS file: patches/patch-source_tools_pdfposter_c diff -N patches/patch-source_tools_pdfposter_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_pdfposter_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,19 @@ +$OpenBSD$ + +add pledge(2) to "mutool poster" + +--- source/tools/pdfposter.c.orig Sun Jan 17 12:21:27 2016 ++++ source/tools/pdfposter.c Sun Jan 17 12:22:56 2016 +@@ -189,6 +189,12 @@ int pdfposter_main(int argc, char **argv) + outfile = argv[fz_optind++]; + } + ++ if (pledge("stdio rpath wpath cpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED); + if (!ctx) + { Index: patches/patch-source_tools_pdfshow_c =================================================================== RCS file: patches/patch-source_tools_pdfshow_c diff -N patches/patch-source_tools_pdfshow_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-source_tools_pdfshow_c 18 Jan 2016 14:23:32 -0000 @@ -0,0 +1,35 @@ +$OpenBSD$ + +add pledge(2) to "mutool show": + - rpath : dropped after opening + - no need of wpath cpath for -o, as the open is already done at this place + +--- source/tools/pdfshow.c.orig Sun Jan 17 09:08:52 2016 ++++ source/tools/pdfshow.c Sun Jan 17 09:15:05 2016 +@@ -247,6 +247,12 @@ int pdfshow_main(int argc, char **argv) + } + } + ++ if (pledge("stdio rpath", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + ctx = fz_new_context(NULL, NULL, FZ_STORE_UNLIMITED); + if (!ctx) + { +@@ -258,6 +264,13 @@ int pdfshow_main(int argc, char **argv) + fz_try(ctx) + { + doc = pdf_open_document(ctx, filename); ++ ++ if (pledge("stdio", NULL) == -1) ++ { ++ fprintf(stderr, "pledge: %s\n", strerror(errno)); ++ exit(1); ++ } ++ + if (pdf_needs_password(ctx, doc)) + if (!pdf_authenticate_password(ctx, doc, password)) + fz_warn(ctx, "cannot authenticate password: %s", filename);