[libuser] Use secure_getenv() if available, don't fall back to getenv()
Miloslav Trmac
mitr at fedoraproject.org
Mon Feb 4 14:47:04 UTC 2013
commit e24a4214d29d225f1ed111c370a0bddd186151cf
Author: Miloslav Trmač <mitr at redhat.com>
Date: Mon Feb 4 15:46:22 2013 +0100
Use secure_getenv() if available, don't fall back to getenv()
libuser-force-secure-getenv.patch | 49 +++++++++++++++++++++++++++++++++++++
libuser.spec | 19 +++++++++++++-
2 files changed, 67 insertions(+), 1 deletions(-)
---
diff --git a/libuser-force-secure-getenv.patch b/libuser-force-secure-getenv.patch
new file mode 100644
index 0000000..9ffd936
--- /dev/null
+++ b/libuser-force-secure-getenv.patch
@@ -0,0 +1,49 @@
+diff --git a/configure.in b/configure.in
+index b9692c8..28364c3 100644
+--- a/configure.in
++++ b/configure.in
+@@ -13,6 +13,7 @@ AC_CHECK_PROG([YACC], [bison -y], [bison -y], [:])
+ AC_PATH_PROG([NSCD], [nscd], [/usr/sbin/nscd],
+ [$PATH$PATH_SEPARATOR/usr/sbin$PATH_SEPARATOR/sbin])
+ AC_ARG_VAR([NSCD], [Path to nscd])
++AC_USE_SYSTEM_EXTENSIONS
+
+ LT_INIT([disable-static])
+
+@@ -115,7 +116,7 @@ AC_TYPE_MODE_T
+ AC_TYPE_OFF_T
+ AC_TYPE_SIZE_T
+
+-AC_CHECK_FUNCS_ONCE([__secure_getenv])
++AC_CHECK_FUNCS([__secure_getenv secure_getenv])
+
+ # Modify CFLAGS after all tests are run (some of them could fail because
+ # of the -Werror).
+diff --git a/lib/config.c b/lib/config.c
+index 1b30f97..29e7120 100644
+--- a/lib/config.c
++++ b/lib/config.c
+@@ -40,8 +40,12 @@
+ * from the libuser configuration.
+ */
+
+-#ifdef HAVE___SECURE_GETENV
+-#define getenv(string) __secure_getenv(string)
++#if defined(HAVE_SECURE_GETENV)
++# define safe_getenv(string) secure_getenv(string)
++#elif defined(HAVE___SECURE_GETENV)
++# define safe_getenv(string) __secure_getenv(string)
++#else
++# error Neither secure_getenv not __secure_getenv are available
+ #endif
+
+ struct config_config {
+@@ -266,7 +270,7 @@ lu_cfg_init(struct lu_context *context, struct lu_error **error)
+ if ((getuid() == geteuid()) && (getgid() == getegid())) {
+ const char *t;
+
+- t = getenv("LIBUSER_CONF");
++ t = safe_getenv("LIBUSER_CONF");
+ if (t != NULL)
+ filename = t;
+ }
diff --git a/libuser.spec b/libuser.spec
index 735e5ad..6772e78 100644
--- a/libuser.spec
+++ b/libuser.spec
@@ -2,10 +2,12 @@
Name: libuser
Version: 0.58
-Release: 1%{?dist}
+Release: 2%{?dist}
Group: System Environment/Base
License: LGPLv2+
URL: https://fedorahosted.org/libuser/
+# Upstream commit 51e9d56ed656c3aeceb39b7de5a1db7d976d4e51
+Patch0: libuser-force-secure-getenv.patch
Source: https://fedorahosted.org/releases/l/i/libuser/libuser-%{version}.tar.xz
BuildRequires: glib2-devel, linuxdoc-tools, pam-devel, popt-devel, python2-devel
BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel
@@ -13,6 +15,8 @@ BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel
BuildRequires: nscd
# For %%check
BuildRequires: openldap-clients, openldap-servers, openssl
+# For regenerating autoconf/automake files
+BuildRequires: gtk-doc, libtool, gettext-devel, automake, autoconf
Summary: A user and group account administration library
%description
@@ -45,8 +49,17 @@ administering user and group accounts.
%prep
%setup -q
+%patch0 -p1 -b .force_secure_getenv
%build
+# Copied from upstream autogen.sh
+gtkdocize --docdir docs/reference
+libtoolize --force
+autopoint
+aclocal -I m4
+autoconf -Wall
+autoheader -Wall
+automake -Wall --add-missing
%configure --with-selinux --with-ldap --with-html-dir=%{_datadir}/gtk-doc/html
make
@@ -96,6 +109,10 @@ python -c "import libuser"
%{_datadir}/gtk-doc/html/*
%changelog
+* Mon Feb 4 2013 Miloslav Trmač <mitr at redhat.com> - 0.58-2
+- Always use secure_getenv() or __secure_getenv(), fail build if neither is
+ available. Patch by Viktor Hercinger <vhercing at redhat.com>.
+
* Thu Nov 8 2012 Miloslav Trmač <mitr at redhat.com> - 0.58-1
- Update to libuser-0.58
Resolves: #844140, #854236
More information about the scm-commits
mailing list