Allow wrappers to be built using tcc.

IkiWiki/Wrapper.pm

@@ -101,7 +101,6 @@ EOF
 #include <string.h>
 #include <sys/file.h>
 
-extern char **environ;
 char *newenviron[$#envsave+6];
 int i=0;
 
@@ -121,8 +120,13 @@ $check_commit_hook
 $envsave
 	newenviron[i++]="HOME=$ENV{HOME}";
 	newenviron[i++]="WRAPPED_OPTIONS=$configstring";
-	newenviron[i]=NULL;
-	environ=newenviron;
+
+	if (clearenv() != 0) {
+		perror("clearenv");
+		exit(1);
+	}
+	for (; i>0; i--)
+		putenv(newenviron[i-1]);
 
 	if (setregid(getegid(), -1) != 0 &&
 	    setregid(getegid(), -1) != 0) {

debian/changelog

@@ -12,6 +12,7 @@ ikiwiki (3.20100313) UNRELEASED; urgency=low
     wiki source files, such as .htaccess, that would normally be skipped
     for security or other reasons. Closes: #447267
     (Thanks to Aaron Wilson for the original patch.)
+  * Allow wrappers to be built using tcc.
 
  -- Joey Hess <joeyh@debian.org>  Sat, 13 Mar 2010 14:48:10 -0500
 

doc/bugs/post-update_hook_can__39__t_be_compiled_with_tcc.mdwn

@@ -9,6 +9,11 @@ Everything works fine with gcc.
 
 versions: Debian lenny + backports
 
-
-
-
+> Seems that tcc does not respect changing where `environ` points as a way
+> to change the environment seen after `exec`
+> 
+> Given that the man page for `clearenv` suggests using `environ=NULL`
+> if `clearenv` is not available, I would be lerry or using tcc to compile
+> stuff, since that could easily lead to a security compromise of code that
+> expects that to work. However, I have fixed ikiwiki to use `clearenv`.
+> --[[Joey]] [[done]]