Hello community, here is the log from the commit of package curl for openSUSE:Factory checked in at 2013-02-18 13:46:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/curl (Old) and /work/SRC/openSUSE:Factory/.curl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "curl", Maintainer is "vci...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/curl/curl.changes 2013-02-07 14:16:03.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.curl.new/curl.changes 2013-02-18 13:46:24.000000000 +0100 @@ -1,0 +2,7 @@ +Sun Feb 17 17:04:34 UTC 2013 - crrodrig...@opensuse.org + +- Add curl-secure-getenv.patch: Use secure_getenv if available. + libcurl might be linked to a program where "secure execution" is + required. + +------------------------------------------------------------------- New: ---- curl-secure-getenv.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ curl.spec ++++++ --- /var/tmp/diff_new_pack.zSHdGA/_old 2013-02-18 13:46:26.000000000 +0100 +++ /var/tmp/diff_new_pack.zSHdGA/_new 2013-02-18 13:46:26.000000000 +0100 @@ -34,6 +34,7 @@ Patch: libcurl-ocloexec.patch Patch1: dont-mess-with-rpmoptflags.diff Patch2: curl-CVE-2013-0249.patch +Patch3: curl-secure-getenv.patch # Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run one-shot check by "gpg-offline --verify --package=curl curl-*.asc". %if 0%{?VERIFY_SIG} BuildRequires: gpg-offline @@ -100,7 +101,7 @@ %patch %patch1 %patch2 -p1 - +%patch3 %build autoreconf -fi # local hack to make curl-config --libs stop printing libraries it depends on ++++++ curl-secure-getenv.patch ++++++ --- lib/getenv.c.orig +++ lib/getenv.c @@ -31,6 +31,14 @@ #include "memdebug.h" +#ifndef HAVE_SECURE_GETENV +# ifdef HAVE__SECURE_GETENV +# define secure_getenv __secure_getenv +# else +# error neither secure_getenv nor __secure_getenv is available +# endif +#endif + static char *GetEnv(const char *variable) { @@ -45,7 +53,7 @@ char *GetEnv(const char *variable) ExpandEnvironmentStringsA(temp, env, sizeof(env)); return (env[0] != '\0')?strdup(env):NULL; #else - char *env = getenv(variable); + char *env = secure_getenv(variable); #ifdef __VMS if(env && strcmp("HOME",variable) == 0) env = decc_translate_vms(env); --- configure.ac.orig +++ configure.ac @@ -3480,6 +3480,8 @@ if test "x$want_curldebug_assumed" = "xy ac_configure_args="$ac_configure_args --enable-curldebug" fi +AC_CHECK_FUNCS([__secure_getenv secure_getenv]) + AC_CONFIG_FILES([Makefile \ docs/Makefile \ docs/examples/Makefile \ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org