From: Joey Hess Date: Thu, 18 Mar 2010 21:44:46 +0000 (-0400) Subject: Allow wrappers to be built using tcc. X-Git-Tag: 3.20100403~142 X-Git-Url: http://git.tremily.us/?p=ikiwiki.git;a=commitdiff_plain;h=dddd6aa99055d8505f73e39b12f049633d9cb4c3 Allow wrappers to be built using tcc. --- diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm index 830b04877..f175b4a0b 100644 --- a/IkiWiki/Wrapper.pm +++ b/IkiWiki/Wrapper.pm @@ -101,7 +101,6 @@ EOF #include #include -extern char **environ; char *newenviron[$#envsave+6]; int i=0; @@ -121,8 +120,13 @@ $check_commit_hook $envsave newenviron[i++]="HOME=$ENV{HOME}"; newenviron[i++]="WRAPPED_OPTIONS=$configstring"; - newenviron[i]=NULL; - environ=newenviron; + + if (clearenv() != 0) { + perror("clearenv"); + exit(1); + } + for (; i>0; i--) + putenv(newenviron[i-1]); if (setregid(getegid(), -1) != 0 && setregid(getegid(), -1) != 0) { diff --git a/debian/changelog b/debian/changelog index e5347e2a1..73f6fcff8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,7 @@ ikiwiki (3.20100313) UNRELEASED; urgency=low wiki source files, such as .htaccess, that would normally be skipped for security or other reasons. Closes: #447267 (Thanks to Aaron Wilson for the original patch.) + * Allow wrappers to be built using tcc. -- Joey Hess Sat, 13 Mar 2010 14:48:10 -0500 diff --git a/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn b/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn index 4226c026a..a8fb19888 100644 --- a/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn +++ b/doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn @@ -9,6 +9,11 @@ Everything works fine with gcc. versions: Debian lenny + backports - - - +> Seems that tcc does not respect changing where `environ` points as a way +> to change the environment seen after `exec` +> +> Given that the man page for `clearenv` suggests using `environ=NULL` +> if `clearenv` is not available, I would be lerry or using tcc to compile +> stuff, since that could easily lead to a security compromise of code that +> expects that to work. However, I have fixed ikiwiki to use `clearenv`. +> --[[Joey]] [[done]]