openssl/openssl-1.1.0-secure-getenv.patch

diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c
--- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv	2017-11-02 15:29:02.000000000 +0100
+++ openssl-1.1.0g/crypto/conf/conf_api.c	2017-11-03 16:12:31.826265323 +0100
@@ -9,6 +9,8 @@
 
 /* Part of the code in here was originally in conf.c, which is now removed */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
@@ -82,7 +84,7 @@ char *_CONF_get_string(const CONF *conf,
             if (v != NULL)
                 return (v->value);
             if (strcmp(section, "ENV") == 0) {
-                p = getenv(name);
+                p = secure_getenv(name);
                 if (p != NULL)
                     return (p);
             }
@@ -95,7 +97,7 @@ char *_CONF_get_string(const CONF *conf,
         else
             return (NULL);
     } else
-        return (getenv(name));
+        return (secure_getenv(name));
 }
 
 static unsigned long conf_value_hash(const CONF_VALUE *v)
diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c
--- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv	2017-11-02 15:29:02.000000000 +0100
+++ openssl-1.1.0g/crypto/conf/conf_mod.c	2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <ctype.h>
 #include <openssl/crypto.h>
@@ -478,7 +480,7 @@ char *CONF_get1_default_config_file(void
     char *file;
     int len;
 
-    file = getenv("OPENSSL_CONF");
+    file = secure_getenv("OPENSSL_CONF");
     if (file)
         return OPENSSL_strdup(file);
 
diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c
--- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv	2017-11-02 15:29:03.000000000 +0100
+++ openssl-1.1.0g/crypto/engine/eng_list.c	2017-11-03 16:12:31.827265347 +0100
@@ -13,6 +13,8 @@
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "eng_int.h"
 
 /*
@@ -322,7 +324,7 @@ ENGINE *ENGINE_by_id(const char *id)
      * Prevent infinite recursion if we're looking for the dynamic engine.
      */
     if (strcmp(id, "dynamic")) {
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+        if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0)
             load_dir = ENGINESDIR;
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c
--- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv	2017-11-02 15:29:03.000000000 +0100
+++ openssl-1.1.0g/crypto/rand/randfile.c	2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "internal/cryptlib.h"
 
 #include <errno.h>
@@ -317,10 +319,10 @@ const char *RAND_file_name(char *buf, si
     if (OPENSSL_issetugid() != 0) {
         use_randfile = 0;
     } else {
-        s = getenv("RANDFILE");
+        s = secure_getenv("RANDFILE");
         if (s == NULL || *s == '\0') {
             use_randfile = 0;
-            s = getenv("HOME");
+            s = secure_getenv("HOME");
         }
     }
 #endif
diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c
--- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv	2017-11-02 15:29:04.000000000 +0100
+++ openssl-1.1.0g/crypto/x509/by_dir.c	2017-11-03 16:12:31.827265347 +0100
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
     switch (cmd) {
     case X509_L_ADD_DIR:
         if (argl == X509_FILETYPE_DEFAULT) {
-            dir = (char *)getenv(X509_get_default_cert_dir_env());
+            dir = (char *)secure_getenv(X509_get_default_cert_dir_env());
             if (dir)
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
             else
diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c
--- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv	2017-11-02 15:29:04.000000000 +0100
+++ openssl-1.1.0g/crypto/x509/by_file.c	2017-11-03 16:14:13.230649686 +0100
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
@@ -47,7 +49,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
     switch (cmd) {
     case X509_L_FILE_LOAD:
         if (argl == X509_FILETYPE_DEFAULT) {
-            file = getenv(X509_get_default_cert_file_env());
+            file = secure_getenv(X509_get_default_cert_file_env());
             if (file)
                 ok = (X509_load_cert_crl_file(ctx, file,
                                               X509_FILETYPE_PEM) != 0);
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`diff -up openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_api.c`
			`--- openssl-1.1.0g/crypto/conf/conf_api.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100`
			`+++ openssl-1.1.0g/crypto/conf/conf_api.c 2017-11-03 16:12:31.826265323 +0100`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -9,6 +9,8 @@`

			`/* Part of the code in here was originally in conf.c, which is now removed */`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <openssl/conf.h>`
			`@@ -82,7 +84,7 @@ char _CONF_get_string(const CONF conf,`
			`if (v != NULL)`
			`return (v->value);`
			`if (strcmp(section, "ENV") == 0) {`
			`- p = getenv(name);`
			`+ p = secure_getenv(name);`
			`if (p != NULL)`
			`return (p);`
			`}`
			`@@ -95,7 +97,7 @@ char _CONF_get_string(const CONF conf,`
			`else`
			`return (NULL);`
			`} else`
			`- return (getenv(name));`
			`+ return (secure_getenv(name));`
			`}`

			`static unsigned long conf_value_hash(const CONF_VALUE *v)`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`diff -up openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv openssl-1.1.0g/crypto/conf/conf_mod.c`
			`--- openssl-1.1.0g/crypto/conf/conf_mod.c.secure-getenv 2017-11-02 15:29:02.000000000 +0100`
			`+++ openssl-1.1.0g/crypto/conf/conf_mod.c 2017-11-03 16:12:31.827265347 +0100`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <ctype.h>`
			`#include <openssl/crypto.h>`
			`@@ -478,7 +480,7 @@ char *CONF_get1_default_config_file(void`
			`char *file;`
			`int len;`

			`- file = getenv("OPENSSL_CONF");`
			`+ file = secure_getenv("OPENSSL_CONF");`
			`if (file)`
			`return OPENSSL_strdup(file);`

update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`diff -up openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv openssl-1.1.0g/crypto/engine/eng_list.c`
			`--- openssl-1.1.0g/crypto/engine/eng_list.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100`
			`+++ openssl-1.1.0g/crypto/engine/eng_list.c 2017-11-03 16:12:31.827265347 +0100`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -13,6 +13,8 @@`
			`* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "eng_int.h"`

			`/*`
			`@@ -322,7 +324,7 @@ ENGINE ENGINE_by_id(const char id)`
			`* Prevent infinite recursion if we're looking for the dynamic engine.`
			`*/`
			`if (strcmp(id, "dynamic")) {`
			`- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)`
			`+ if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0)`
			`load_dir = ENGINESDIR;`
			`iterator = ENGINE_by_id("dynamic");`
			`if (!iterator \|\| !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) \|\|`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`diff -up openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv openssl-1.1.0g/crypto/rand/randfile.c`
			`--- openssl-1.1.0g/crypto/rand/randfile.c.secure-getenv 2017-11-02 15:29:03.000000000 +0100`
			`+++ openssl-1.1.0g/crypto/rand/randfile.c 2017-11-03 16:12:31.827265347 +0100`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "internal/cryptlib.h"`

			`#include <errno.h>`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`@@ -317,10 +319,10 @@ const char RAND_file_name(char buf, si`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`if (OPENSSL_issetugid() != 0) {`
			`use_randfile = 0;`
			`} else {`
			`- s = getenv("RANDFILE");`
			`+ s = secure_getenv("RANDFILE");`
			`if (s == NULL \|\| *s == '\0') {`
			`use_randfile = 0;`
			`- s = getenv("HOME");`
			`+ s = secure_getenv("HOME");`
			`}`
			`}`
			`#endif`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`diff -up openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv openssl-1.1.0g/crypto/x509/by_dir.c`
			`--- openssl-1.1.0g/crypto/x509/by_dir.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100`
			`+++ openssl-1.1.0g/crypto/x509/by_dir.c 2017-11-03 16:12:31.827265347 +0100`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <time.h>`
			`#include <errno.h>`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`@@ -78,7 +80,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`switch (cmd) {`
			`case X509_L_ADD_DIR:`
			`if (argl == X509_FILETYPE_DEFAULT) {`
			`- dir = (char *)getenv(X509_get_default_cert_dir_env());`
			`+ dir = (char *)secure_getenv(X509_get_default_cert_dir_env());`
			`if (dir)`
			`ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);`
			`else`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`diff -up openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv openssl-1.1.0g/crypto/x509/by_file.c`
			`--- openssl-1.1.0g/crypto/x509/by_file.c.secure-getenv 2017-11-02 15:29:04.000000000 +0100`
			`+++ openssl-1.1.0g/crypto/x509/by_file.c 2017-11-03 16:14:13.230649686 +0100`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`@@ -7,6 +7,8 @@`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <time.h>`
			`#include <errno.h>`
			`@@ -47,7 +49,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx`
			`switch (cmd) {`
			`case X509_L_FILE_LOAD:`
			`if (argl == X509_FILETYPE_DEFAULT) {`
update to upstream version 1.1.0g 2017-11-03 15:57:03 +00:00			`- file = getenv(X509_get_default_cert_file_env());`
			`+ file = secure_getenv(X509_get_default_cert_file_env());`
update to upstream version 1.1.0b 2016-10-11 08:31:54 +00:00			`if (file)`
			`ok = (X509_load_cert_crl_file(ctx, file,`
			`X509_FILETYPE_PEM) != 0);`