From 1b4887fc71c955ae897cca0bf21da84a438c3344 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Sat, 11 Apr 2015 16:16:15 +0000
Subject: [PATCH] Send OPENSSL_issetugid() straight to hell, no final
 cigarette.

The issetugid() API is supposed to make a strong promise where "0
means it is safe to look at the environment".  Way back in the past
someone on the OpenSSL team responded to the environment access danger
by creating a wrapper called OPENSSL_issetugid, and went to use it a
number of places.  However, by default on systems lacking true
issetugid(), OPENSSL_issetugid returns 0.  0 indicating safely.  False
safety.  Which means OPENSSL_issetugid() fails to make any sort of
promise about safety, in fact it is just the opposite.

Can you believe the OpenSSL team?

This nastiness was noticed over the years, however noone could gain traction
and get it fixed in OpenSSL.  Also see a paragraph about this in
http://www.tedunangst.com/flak/post/worst-common-denominator-programming

ok jsing
---
 src/lib/libcrypto/crypto/Makefile      | 4 ++--
 src/lib/libcrypto/crypto/shlib_version | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
index 4e8f489c..a4e65fd6 100644
--- a/src/lib/libcrypto/crypto/Makefile
+++ b/src/lib/libcrypto/crypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.56 2015/02/10 13:28:17 jsing Exp $
+# $OpenBSD: Makefile,v 1.57 2015/04/11 16:16:15 deraadt Exp $
 
 LIB=	crypto
 
@@ -27,7 +27,7 @@ CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp
 
 # crypto/
 SRCS+= cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c
-SRCS+= uid.c o_time.c o_str.c o_init.c
+SRCS+= o_time.c o_str.c o_init.c
 SRCS+= mem_clr.c
 
 # aes/
diff --git a/src/lib/libcrypto/crypto/shlib_version b/src/lib/libcrypto/crypto/shlib_version
index 2e4d25cd..ed8f7473 100644
--- a/src/lib/libcrypto/crypto/shlib_version
+++ b/src/lib/libcrypto/crypto/shlib_version
@@ -1,2 +1,2 @@
-major=32
+major=33
 minor=0