depends: Remove export of glibc 2.17 secure_getenv
Patches openssl 1.0.2's usage of secure_getenv to always use the fallback OPENSSL_issetugid() instead, to remove reliance on a higher glibc than the minimum we currently support (2.11) See depends/patches/openssl/secure_getenv.patch for a full description of the patch.
This commit is contained in:
parent
61c1cf3a3c
commit
cbc3aaeed8
|
@ -4,6 +4,7 @@ $(package)_version_suffix=u
|
|||
$(package)_download_path=https://www.openssl.org/source/old/$($(package)_version)
|
||||
$(package)_file_name=$(package)-$($(package)_version)$($(package)_version_suffix).tar.gz
|
||||
$(package)_sha256_hash=ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16
|
||||
$(package)_patches=secure_getenv.patch
|
||||
|
||||
define $(package)_set_vars
|
||||
$(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
|
||||
|
@ -58,6 +59,7 @@ $(package)_config_opts_i686_mingw32=mingw
|
|||
endef
|
||||
|
||||
define $(package)_preprocess_cmds
|
||||
patch -p1 < $($(package)_patch_dir)/secure_getenv.patch && \
|
||||
sed -i.old "/define DATE/d" util/mkbuildinf.pl && \
|
||||
sed -i.old "s|engines apps test|engines|" Makefile.org
|
||||
endef
|
||||
|
|
37
depends/patches/openssl/secure_getenv.patch
Normal file
37
depends/patches/openssl/secure_getenv.patch
Normal file
|
@ -0,0 +1,37 @@
|
|||
Solves export of glibc 2.17 secure_getenv because we support down to 2.11
|
||||
|
||||
Patches openssl 1.0.2's usage of secure_getenv from glibc 2.17 to instead
|
||||
always use the fallback OPENSSL_issetugid(), which essentially does the
|
||||
same thing on linux, with the only difference that the glibc version makes
|
||||
decisions on startup, whereas the openssl version does the same check each
|
||||
time the environment is read.
|
||||
|
||||
glibc check: https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/enbl-secure.c;h=9e47526bd3e444e1a19a8ea9fd310b6f47c4db52;hb=HEAD
|
||||
glibc implementation: https://sourceware.org/git/?p=glibc.git;a=blob;f=stdlib/secure-getenv.c;h=a394eebcf794c1279d66e5bcb71d4b15725e6e5a;hb=HEAD
|
||||
|
||||
openssl check: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2u/crypto/uid.c
|
||||
|
||||
This patch can be removed when glibc 2.17 is the minimum version supported
|
||||
|
||||
Author: Patrick Lodder <patricklodder@users.noreply.github.com>
|
||||
|
||||
diff -dur a/crypto/getenv.c b/crypto/getenv.c
|
||||
--- a/crypto/getenv.c 2019-12-20 13:02:41.000000000 +0000
|
||||
+++ b/crypto/getenv.c 2021-09-20 03:02:04.125747397 +0000
|
||||
@@ -16,16 +16,7 @@
|
||||
|
||||
char *ossl_safe_getenv(const char *name)
|
||||
{
|
||||
-#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
|
||||
-# if __GLIBC_PREREQ(2, 17)
|
||||
-# define SECURE_GETENV
|
||||
- return secure_getenv(name);
|
||||
-# endif
|
||||
-#endif
|
||||
-
|
||||
-#ifndef SECURE_GETENV
|
||||
if (OPENSSL_issetugid())
|
||||
return NULL;
|
||||
return getenv(name);
|
||||
-#endif
|
||||
}
|
Loading…
Reference in a new issue