curl/curl-secure-getenv.patch

Index: curl-8.11.0/lib/getenv.c
===================================================================
--- curl-8.11.0.orig/lib/getenv.c
+++ curl-8.11.0/lib/getenv.c
@@ -29,6 +29,14 @@
 
 #include "memdebug.h"
 
+#ifndef HAVE_SECURE_GETENV
+#  ifdef HAVE___SECURE_GETENV
+#    define secure_getenv __secure_getenv
+#  else
+#    error neither secure_getenv nor __secure_getenv is available
+#  endif
+#endif
+
 static char *GetEnv(const char *variable)
 {
 #if defined(_WIN32_WCE) || defined(CURL_WINDOWS_UWP) || \
@@ -69,7 +77,7 @@ static char *GetEnv(const char *variable
     /* else rc is bytes needed, try again */
   }
 #else
-  char *env = getenv(variable);
+  char *env = secure_getenv(variable);
   return (env && env[0]) ? strdup(env) : NULL;
 #endif
 }
Index: curl-8.11.0/configure.ac
===================================================================
--- curl-8.11.0.orig/configure.ac
+++ curl-8.11.0/configure.ac
@@ -5370,6 +5370,8 @@ fi
 
 CURL_PREPARE_CONFIGUREHELP_PM
 
+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
+
 AC_CONFIG_FILES([\
   Makefile \
   docs/Makefile \
- Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] * curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=380 2024-11-06 08:59:33 +00:00			`Index: curl-8.11.0/lib/getenv.c`
- Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=378 2024-09-24 12:23:33 +00:00			`===================================================================`
- Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] * curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=380 2024-11-06 08:59:33 +00:00			`--- curl-8.11.0.orig/lib/getenv.c`
			`+++ curl-8.11.0/lib/getenv.c`
- Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=378 2024-09-24 12:23:33 +00:00			`@@ -29,6 +29,14 @@`

			`#include "memdebug.h"`

			`+#ifndef HAVE_SECURE_GETENV`
			`+# ifdef HAVE___SECURE_GETENV`
			`+# define secure_getenv __secure_getenv`
			`+# else`
			`+# error neither secure_getenv nor __secure_getenv is available`
			`+# endif`
			`+#endif`
			`+`
			`static char GetEnv(const char variable)`
			`{`
- Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] * curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=380 2024-11-06 08:59:33 +00:00			`#if defined(_WIN32_WCE) \|\| defined(CURL_WINDOWS_UWP) \|\| \`
- Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=378 2024-09-24 12:23:33 +00:00			`@@ -69,7 +77,7 @@ static char GetEnv(const char variable`
			`/* else rc is bytes needed, try again */`
			`}`
			`#else`
			`- char *env = getenv(variable);`
			`+ char *env = secure_getenv(variable);`
- Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] * curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=380 2024-11-06 08:59:33 +00:00			`return (env && env[0]) ? strdup(env) : NULL;`
- Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=378 2024-09-24 12:23:33 +00:00			`#endif`
			`}`
- Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] * curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=380 2024-11-06 08:59:33 +00:00			`Index: curl-8.11.0/configure.ac`
- Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=378 2024-09-24 12:23:33 +00:00			`===================================================================`
- Update to 8.11.0: * Security fixes: [bsc#1232528, CVE-2024-9681] * curl: HSTS subdomain overwrites parent cache entry * Changes: - curl: --create-dirs works for --dump-header as well - gtls: Add P12 format support - ipfs: add options to disable - TLS: TLSv1.3 earlydata support for curl - WebSockets: make support official (non-experimental) * Bugfixes: - build: clarify CA embed is for curl tool, mark default, improve summary - build: show if CA bundle to embed was found - build: tidy up and improve versioned-symbols options - cmake/FindNGTCP2: use library path as hint for finding crypto module - cmake: disable default OpenSSL if BearSSL, GnuTLS or Rustls is enabled - cmake: rename LDAP dependency config variables to match Find modules - cmake: replace 'check_include_file_concat()' for LDAP and GSS detection - cmake: use OpenSSL for LDAP detection only if available - curl: add build options for safe/no CA bundle search (Windows) - curl: detect ECH support dynamically, not at build time - curl_addrinfo: support operating systems with only getaddrinfo(3) - ftp: fix 0-length last write on upload from stdin - gnutls: use session cache for QUIC - hsts: improve subdomain handling - hsts: support "implied LWS" properly around max-age - http2: auto reset stream on server eos - json.md: cli-option '--json' is an alias of '--data-binary' - lib: move curl_path.[ch] into vssh/ - lib: remove function pointer typecasts for hmac/sha256/md5 - libssh.c: handle EGAINS during proto-connect correctly OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=380 2024-11-06 08:59:33 +00:00			`--- curl-8.11.0.orig/configure.ac`
			`+++ curl-8.11.0/configure.ac`
			`@@ -5370,6 +5370,8 @@ fi`

			`CURL_PREPARE_CONFIGUREHELP_PM`
- Update to 8.10.1: * Bugfixes: - autotools: fix `--with-ca-embed` build rule - cmake: ensure `CURL_USE_OPENSSL`/`USE_OPENSSL_QUIC` are set in sync - cmake: fix MSH3 to appear on the feature list - connect: store connection info when really done - FTP: partly revert eeb7c1280742f5c8fa48a4340fc1e1a1a2c7075a - http2: when uploading data from stdin, fix eos forwarding - http: make max-filesize check not count ignored bodies - lib: fix AF_INET6 use outside of USE_IPV6 - multi: check that the multi handle is valid in curl_multi_assign - QUIC: on connect, keep on trying on draining server - request: correctly reset the eos_sent flag - setopt: remove superfluous use of ternary expressions - singleuse: drop `Curl_memrchr()` for no-HTTP builds - tool_cb_wrt: use "curl_response" if no file name in URL - transfer: fix sendrecv() without interim poll - vtls: fix `Curl_ssl_conn_config_match` doc param OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=378 2024-09-24 12:23:33 +00:00
			`+AC_CHECK_FUNCS([__secure_getenv secure_getenv])`
			`+`
			`AC_CONFIG_FILES([\`
			`Makefile \`
			`docs/Makefile \`