curl/curl-secure-getenv.patch

Index: lib/getenv.c
===================================================================
--- lib/getenv.c.orig
+++ lib/getenv.c
@@ -27,6 +27,14 @@
 
 #include "memdebug.h"
 
+#ifndef HAVE_SECURE_GETENV
+#  ifdef HAVE___SECURE_GETENV
+#    define secure_getenv __secure_getenv
+#  else
+#    error neither secure_getenv nor __secure_getenv is available
+#  endif
+#endif
+
 static char *GetEnv(const char *variable)
 {
 #if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP)
@@ -66,7 +74,7 @@ static char *GetEnv(const char *variable
     /* else rc is bytes needed, try again */
   }
 #else
-  char *env = getenv(variable);
+  char *env = secure_getenv(variable);
   return (env && env[0])?strdup(env):NULL;
 #endif
 }
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -4836,6 +4836,8 @@ if test "x$want_curldebug_assumed" = "xy
   ac_configure_args="$ac_configure_args --enable-curldebug"
 fi
 
+AC_CHECK_FUNCS([__secure_getenv secure_getenv])
+
 AC_CONFIG_FILES([Makefile \
            docs/Makefile \
            docs/examples/Makefile \
Accepting request 163742 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - update to 7.30.0 includes security fixes for CVE-2013-0249 and CVE-2013-1944 (bugs bnc#814655 and bnc#802411 respectively) (dropped curl-CVE-2013-0249.patch) - Changes: imap: Changed response tag generation to be completely unique imap: Added support for SASL-IR extension imap: Added support for the list command imap: Added support for the append command imap: Added custom request parsing imap: Added support to the fetch command for UID and SECTION properties imap: Added parsing and verification of the UIDVALIDITY mailbox attribute imap/pop3/smtp: Added support for the STARTTLS capability checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control test: offer "automake" output and check for perl better always-multi: always use non-blocking internals imap: Added support for sasl digest-md5 authentication imap: Added support for sasl cram-md5 authentication imap: Added support for sasl ntlm authentication imap: Added support for sasl login authentication imap: Added support for sasl plain text authentication imap: Added support for login disabled server capability mk-ca-bundle: add -f, support passing to stdout and more writeout: -w now supports remote_ip/port and local_ip/port OBS-URL: https://build.opensuse.org/request/show/163742 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=92 2013-04-13 17:46:54 +02:00			`Index: lib/getenv.c`
			`===================================================================`
Accepting request 781412 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support OBS-URL: https://build.opensuse.org/request/show/781412 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=270 2020-03-04 11:49:53 +01:00			`--- lib/getenv.c.orig`
			`+++ lib/getenv.c`
Accepting request 163742 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - update to 7.30.0 includes security fixes for CVE-2013-0249 and CVE-2013-1944 (bugs bnc#814655 and bnc#802411 respectively) (dropped curl-CVE-2013-0249.patch) - Changes: imap: Changed response tag generation to be completely unique imap: Added support for SASL-IR extension imap: Added support for the list command imap: Added support for the append command imap: Added custom request parsing imap: Added support to the fetch command for UID and SECTION properties imap: Added parsing and verification of the UIDVALIDITY mailbox attribute imap/pop3/smtp: Added support for the STARTTLS capability checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control test: offer "automake" output and check for perl better always-multi: always use non-blocking internals imap: Added support for sasl digest-md5 authentication imap: Added support for sasl cram-md5 authentication imap: Added support for sasl ntlm authentication imap: Added support for sasl login authentication imap: Added support for sasl plain text authentication imap: Added support for login disabled server capability mk-ca-bundle: add -f, support passing to stdout and more writeout: -w now supports remote_ip/port and local_ip/port OBS-URL: https://build.opensuse.org/request/show/163742 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=92 2013-04-13 17:46:54 +02:00			`@@ -27,6 +27,14 @@`
Accepting request 155666 from home:elvigia:branches:devel:libraries:c_c++ - Use secure_getenv if available. libcurl might be linked to a program where "secure execution" is required. OBS-URL: https://build.opensuse.org/request/show/155666 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=89 2013-02-18 10:00:56 +01:00
			`#include "memdebug.h"`

			`+#ifndef HAVE_SECURE_GETENV`
Accepting request 314959 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - fix a typo in curl-secure-getenv.patch (bsc#936676) OBS-URL: https://build.opensuse.org/request/show/314959 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=136 2015-07-03 11:34:44 +02:00			`+# ifdef HAVE___SECURE_GETENV`
Accepting request 155666 from home:elvigia:branches:devel:libraries:c_c++ - Use secure_getenv if available. libcurl might be linked to a program where "secure execution" is required. OBS-URL: https://build.opensuse.org/request/show/155666 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=89 2013-02-18 10:00:56 +01:00			`+# define secure_getenv __secure_getenv`
			`+# else`
			`+# error neither secure_getenv nor __secure_getenv is available`
			`+# endif`
			`+#endif`
			`+`
Accepting request 781412 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support OBS-URL: https://build.opensuse.org/request/show/781412 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=270 2020-03-04 11:49:53 +01:00			`static char GetEnv(const char variable)`
Accepting request 155666 from home:elvigia:branches:devel:libraries:c_c++ - Use secure_getenv if available. libcurl might be linked to a program where "secure execution" is required. OBS-URL: https://build.opensuse.org/request/show/155666 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=89 2013-02-18 10:00:56 +01:00			`{`
Accepting request 781412 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support OBS-URL: https://build.opensuse.org/request/show/781412 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=270 2020-03-04 11:49:53 +01:00			`#if defined(_WIN32_WCE) \|\| defined(CURL_WINDOWS_APP)`
			`@@ -66,7 +74,7 @@ static char GetEnv(const char variable`
			`/* else rc is bytes needed, try again */`
			`}`
Accepting request 155666 from home:elvigia:branches:devel:libraries:c_c++ - Use secure_getenv if available. libcurl might be linked to a program where "secure execution" is required. OBS-URL: https://build.opensuse.org/request/show/155666 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=89 2013-02-18 10:00:56 +01:00			`#else`
			`- char *env = getenv(variable);`
			`+ char *env = secure_getenv(variable);`
Accepting request 163742 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - update to 7.30.0 includes security fixes for CVE-2013-0249 and CVE-2013-1944 (bugs bnc#814655 and bnc#802411 respectively) (dropped curl-CVE-2013-0249.patch) - Changes: imap: Changed response tag generation to be completely unique imap: Added support for SASL-IR extension imap: Added support for the list command imap: Added support for the append command imap: Added custom request parsing imap: Added support to the fetch command for UID and SECTION properties imap: Added parsing and verification of the UIDVALIDITY mailbox attribute imap/pop3/smtp: Added support for the STARTTLS capability checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control test: offer "automake" output and check for perl better always-multi: always use non-blocking internals imap: Added support for sasl digest-md5 authentication imap: Added support for sasl cram-md5 authentication imap: Added support for sasl ntlm authentication imap: Added support for sasl login authentication imap: Added support for sasl plain text authentication imap: Added support for login disabled server capability mk-ca-bundle: add -f, support passing to stdout and more writeout: -w now supports remote_ip/port and local_ip/port OBS-URL: https://build.opensuse.org/request/show/163742 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=92 2013-04-13 17:46:54 +02:00			`return (env && env[0])?strdup(env):NULL;`
			`#endif`
Accepting request 781412 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support OBS-URL: https://build.opensuse.org/request/show/781412 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=270 2020-03-04 11:49:53 +01:00			`}`
Accepting request 163742 from home:vitezslav_cizek:branches:devel:libraries:c_c++ - update to 7.30.0 includes security fixes for CVE-2013-0249 and CVE-2013-1944 (bugs bnc#814655 and bnc#802411 respectively) (dropped curl-CVE-2013-0249.patch) - Changes: imap: Changed response tag generation to be completely unique imap: Added support for SASL-IR extension imap: Added support for the list command imap: Added support for the append command imap: Added custom request parsing imap: Added support to the fetch command for UID and SECTION properties imap: Added parsing and verification of the UIDVALIDITY mailbox attribute imap/pop3/smtp: Added support for the STARTTLS capability checksrc: ban use of sprintf, vsprintf, strcat, strncat and gets curl_global_init() now accepts the CURL_GLOBAL_ACK_EINTR flag Added CURLMOPT_MAX_HOST_CONNECTIONS, CURLMOPT_MAX_TOTAL_CONNECTIONS for new multi interface connection handling Added CURLMOPT_MAX_PIPELINE_LENGTH, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLMOPT_PIPELINING_SITE_BL and CURLMOPT_PIPELI NING_SERVER_BL for new pipelining control test: offer "automake" output and check for perl better always-multi: always use non-blocking internals imap: Added support for sasl digest-md5 authentication imap: Added support for sasl cram-md5 authentication imap: Added support for sasl ntlm authentication imap: Added support for sasl login authentication imap: Added support for sasl plain text authentication imap: Added support for login disabled server capability mk-ca-bundle: add -f, support passing to stdout and more writeout: -w now supports remote_ip/port and local_ip/port OBS-URL: https://build.opensuse.org/request/show/163742 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=92 2013-04-13 17:46:54 +02:00			`Index: configure.ac`
			`===================================================================`
Accepting request 781412 from home:pmonrealgonzalez:branches:devel:libraries:c_c++ - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support OBS-URL: https://build.opensuse.org/request/show/781412 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=270 2020-03-04 11:49:53 +01:00			`--- configure.ac.orig`
			`+++ configure.ac`
			`@@ -4836,6 +4836,8 @@ if test "x$want_curldebug_assumed" = "xy`
Accepting request 155666 from home:elvigia:branches:devel:libraries:c_c++ - Use secure_getenv if available. libcurl might be linked to a program where "secure execution" is required. OBS-URL: https://build.opensuse.org/request/show/155666 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=89 2013-02-18 10:00:56 +01:00			`ac_configure_args="$ac_configure_args --enable-curldebug"`
			`fi`

			`+AC_CHECK_FUNCS([__secure_getenv secure_getenv])`
			`+`
			`AC_CONFIG_FILES([Makefile \`
			`docs/Makefile \`
			`docs/examples/Makefile \`