From 61c1cf3a3c2dad216e3858b7258b7713e89ead29 Mon Sep 17 00:00:00 2001
From: Ed Tubbs <ectubbs@gmail.com>
Date: Sun, 19 Sep 2021 14:48:45 -0500
Subject: [PATCH 1/3] Updated to OpenSSL 1.0.2

---
 depends/packages/openssl.mk | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk
index 7692a89bf..c4df5cfea 100644
--- a/depends/packages/openssl.mk
+++ b/depends/packages/openssl.mk
@@ -1,9 +1,9 @@
 package=openssl
-$(package)_version=1.0.1
-$(package)_version_suffix=l
+$(package)_version=1.0.2
+$(package)_version_suffix=u
 $(package)_download_path=https://www.openssl.org/source/old/$($(package)_version)
 $(package)_file_name=$(package)-$($(package)_version)$($(package)_version_suffix).tar.gz
-$(package)_sha256_hash=b2cf4d48fe5d49f240c61c9e624193a6f232b5ed0baf010681e725963c40d1d4
+$(package)_sha256_hash=ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16
 
 define $(package)_set_vars
 $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
@@ -63,7 +63,8 @@ define $(package)_preprocess_cmds
 endef
 
 define $(package)_config_cmds
-  ./Configure $($(package)_config_opts)
+  ./Configure $($(package)_config_opts) && \
+  make depend
 endef
 
 define $(package)_build_cmds

From cbc3aaeed8dfbc4dc5c257d2d5626a91a04d0309 Mon Sep 17 00:00:00 2001
From: Patrick Lodder <patricklodder@users.noreply.github.com>
Date: Mon, 20 Sep 2021 04:13:52 +0200
Subject: [PATCH 2/3] depends: Remove export of glibc 2.17 secure_getenv

Patches openssl 1.0.2's usage of secure_getenv to always use the
fallback OPENSSL_issetugid() instead, to remove reliance on a
higher glibc than the minimum we currently support (2.11)

See depends/patches/openssl/secure_getenv.patch for a full
description of the patch.
---
 depends/packages/openssl.mk                 |  2 ++
 depends/patches/openssl/secure_getenv.patch | 37 +++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 depends/patches/openssl/secure_getenv.patch

diff --git a/depends/packages/openssl.mk b/depends/packages/openssl.mk
index c4df5cfea..2a5d1fcf3 100644
--- a/depends/packages/openssl.mk
+++ b/depends/packages/openssl.mk
@@ -4,6 +4,7 @@ $(package)_version_suffix=u
 $(package)_download_path=https://www.openssl.org/source/old/$($(package)_version)
 $(package)_file_name=$(package)-$($(package)_version)$($(package)_version_suffix).tar.gz
 $(package)_sha256_hash=ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16
+$(package)_patches=secure_getenv.patch
 
 define $(package)_set_vars
 $(package)_config_env=AR="$($(package)_ar)" RANLIB="$($(package)_ranlib)" CC="$($(package)_cc)"
@@ -58,6 +59,7 @@ $(package)_config_opts_i686_mingw32=mingw
 endef
 
 define $(package)_preprocess_cmds
+  patch -p1 < $($(package)_patch_dir)/secure_getenv.patch && \
   sed -i.old "/define DATE/d" util/mkbuildinf.pl && \
   sed -i.old "s|engines apps test|engines|" Makefile.org
 endef
diff --git a/depends/patches/openssl/secure_getenv.patch b/depends/patches/openssl/secure_getenv.patch
new file mode 100644
index 000000000..5c7cf68eb
--- /dev/null
+++ b/depends/patches/openssl/secure_getenv.patch
@@ -0,0 +1,37 @@
+Solves export of glibc 2.17 secure_getenv because we support down to 2.11
+
+Patches openssl 1.0.2's usage of secure_getenv from glibc 2.17 to instead
+always use the fallback OPENSSL_issetugid(), which essentially does the
+same thing on linux, with the only difference that the glibc version makes
+decisions on startup, whereas the openssl version does the same check each
+time the environment is read.
+
+glibc check: https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/enbl-secure.c;h=9e47526bd3e444e1a19a8ea9fd310b6f47c4db52;hb=HEAD
+glibc implementation: https://sourceware.org/git/?p=glibc.git;a=blob;f=stdlib/secure-getenv.c;h=a394eebcf794c1279d66e5bcb71d4b15725e6e5a;hb=HEAD
+
+openssl check: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2u/crypto/uid.c
+
+This patch can be removed when glibc 2.17 is the minimum version supported
+
+Author: Patrick Lodder <patricklodder@users.noreply.github.com>
+
+diff -dur a/crypto/getenv.c b/crypto/getenv.c
+--- a/crypto/getenv.c	2019-12-20 13:02:41.000000000 +0000
++++ b/crypto/getenv.c	2021-09-20 03:02:04.125747397 +0000
+@@ -16,16 +16,7 @@
+
+ char *ossl_safe_getenv(const char *name)
+ {
+-#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+-# if __GLIBC_PREREQ(2, 17)
+-#  define SECURE_GETENV
+-    return secure_getenv(name);
+-# endif
+-#endif
+-
+-#ifndef SECURE_GETENV
+     if (OPENSSL_issetugid())
+         return NULL;
+     return getenv(name);
+-#endif
+ }

From 043ce9a2c21da0bee2a0f1ccbdba8c8bed73902a Mon Sep 17 00:00:00 2001
From: Carl Dong <contact@carldong.me>
Date: Thu, 7 Jan 2021 00:25:46 -0500
Subject: [PATCH 3/3] depends: Fully determine path for darwin_{CC,CXX}

Instead of doing the awkward /bin path prepending at config.site
creation time, set darwin_{CC,CXX} in a way that fully determines the
program's path (clang/clang++)

Also see the added comment block in depends/Makefile for more context on
determining $PATH for our config.site.

Cherry-picked from: 880660ac

Conflicts: cherry-picked from a Bitcoin Core build system that is
           optimized for supporting system-provided clang builds
           which Dogecoin Core does not have at this time. I have
           removed all code regarding that functionality and only
           kept the code relevant to Dogecoin Core for this
           major version (1.14), i.e. those lines that use the
           pinned clang from the depends system.
---
 depends/Makefile        | 28 ++++++++++++++++++++++++++--
 depends/hosts/darwin.mk |  8 ++++++--
 2 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/depends/Makefile b/depends/Makefile
index dedb0674c..17eac508d 100644
--- a/depends/Makefile
+++ b/depends/Makefile
@@ -119,11 +119,35 @@ $(host_prefix)/.stamp_$(final_build_id): $(native_packages) $(packages)
 	$(AT)cd $(@D); $(foreach package,$^, tar xf $($(package)_cached); )
 	$(AT)touch $@
 
+# $PATH is not preserved between ./configure and make by convention. Its
+# modification and overriding at ./configure time is (as I understand it)
+# supposed to be captured by the AC_{PROG_{,OBJ}CXX,PATH_{PROG,TOOL}} macros,
+# which will expand the program names to their full absolute paths. The notable
+# exception is command line overriding: ./configure CC=clang, which skips the
+# program name expansion step, and works because the user implicitly indicates
+# with CC=clang that clang will be available in $PATH at all times, and is most
+# likely part of the user's system.
+#
+# Therefore, when we "seed the autoconf cache"/"override well-known program
+# vars" by setting AR=<blah> in our config.site, either one of two things needs
+# to be true for the build system to work correctly:
+#
+#   1. If we refer to the program by name (e.g. AR=riscv64-gnu-linux-ar), the
+#      tool needs to be available in $PATH at all times.
+#
+#   2. If the tool is _**not**_ expected to be available in $PATH at all times
+#      (such as is the case for our native_cctools binutils tools), it needs to
+#      be referred to by its absolute path, such as would be output by the
+#      AC_PATH_{PROG,TOOL} macros.
+#
+# Minor note: it is also okay to refer to tools by their absolute path even if
+# we expect them to be available in $PATH at all times, more specificity does
+# not hurt.
 $(host_prefix)/share/config.site : config.site.in $(host_prefix)/.stamp_$(final_build_id)
 	$(AT)@mkdir -p $(@D)
 	$(AT)sed -e 's|@HOST@|$(host)|' \
-            -e 's|@CC@|$(toolchain_path)$(host_CC)|' \
-            -e 's|@CXX@|$(toolchain_path)$(host_CXX)|' \
+            -e 's|@CC@|$(host_CC)|' \
+            -e 's|@CXX@|$(host_CXX)|' \
             -e 's|@AR@|$(toolchain_path)$(host_AR)|' \
             -e 's|@RANLIB@|$(toolchain_path)$(host_RANLIB)|' \
             -e 's|@NM@|$(toolchain_path)$(host_NM)|' \
diff --git a/depends/hosts/darwin.mk b/depends/hosts/darwin.mk
index 4e58bec74..c5769d695 100644
--- a/depends/hosts/darwin.mk
+++ b/depends/hosts/darwin.mk
@@ -2,8 +2,12 @@ OSX_MIN_VERSION=10.8
 OSX_SDK_VERSION=10.11
 OSX_SDK=$(SDK_PATH)/MacOSX$(OSX_SDK_VERSION).sdk
 LD64_VERSION=253.9
-darwin_CC=clang -target $(host) -mmacosx-version-min=$(OSX_MIN_VERSION) --sysroot $(OSX_SDK) -mlinker-version=$(LD64_VERSION)
-darwin_CXX=clang++ -target $(host) -mmacosx-version-min=$(OSX_MIN_VERSION) --sysroot $(OSX_SDK) -mlinker-version=$(LD64_VERSION) -stdlib=libc++
+
+clang_prog=$(build_prefix)/bin/clang
+clangxx_prog=$(clang_prog)++
+
+darwin_CC=$(build_prefix)/bin/clang -target $(host) -mmacosx-version-min=$(OSX_MIN_VERSION) --sysroot $(OSX_SDK) -mlinker-version=$(LD64_VERSION)
+darwin_CXX=$(clang_prog)++ -target $(host) -mmacosx-version-min=$(OSX_MIN_VERSION) --sysroot $(OSX_SDK) -mlinker-version=$(LD64_VERSION) -stdlib=libc++
 
 darwin_CFLAGS=-pipe
 darwin_CXXFLAGS=$(darwin_CFLAGS)