base/SOURCES/openssl-1.0.2i-secure-geten...

diff -up openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_api.c
--- openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/conf/conf_api.c	2016-09-22 13:51:29.847742209 +0200
@@ -63,6 +63,8 @@
 # define NDEBUG
 #endif
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <assert.h>
 #include <stdlib.h>
 #include <string.h>
@@ -141,7 +143,7 @@ char *_CONF_get_string(const CONF *conf,
             if (v != NULL)
                 return (v->value);
             if (strcmp(section, "ENV") == 0) {
-                p = getenv(name);
+                p = secure_getenv(name);
                 if (p != NULL)
                     return (p);
             }
@@ -154,7 +156,7 @@ char *_CONF_get_string(const CONF *conf,
         else
             return (NULL);
     } else
-        return (getenv(name));
+        return (secure_getenv(name));
 }
 
 #if 0                           /* There's no way to provide error checking
diff -up openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_mod.c
--- openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/conf/conf_mod.c	2016-09-22 13:51:29.847742209 +0200
@@ -57,6 +57,8 @@
  *
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <ctype.h>
 #include <openssl/crypto.h>
@@ -530,7 +532,7 @@ char *CONF_get1_default_config_file(void
     char *file;
     int len;
 
-    file = getenv("OPENSSL_CONF");
+    file = secure_getenv("OPENSSL_CONF");
     if (file)
         return BUF_strdup(file);
 
diff -up openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2i/crypto/engine/eng_list.c
--- openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/engine/eng_list.c	2016-09-22 13:51:29.847742209 +0200
@@ -62,6 +62,8 @@
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include "eng_int.h"
 
 /*
@@ -369,10 +371,10 @@ ENGINE *ENGINE_by_id(const char *id)
      */
     if (strcmp(id, "dynamic")) {
 # ifdef OPENSSL_SYS_VMS
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+        if (OPENSSL_issetugid() || (load_dir = getenv("OPENSSL_ENGINES")) == 0)
             load_dir = "SSLROOT:[ENGINES]";
 # else
-        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+        if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0)
             load_dir = ENGINESDIR;
 # endif
         iterator = ENGINE_by_id("dynamic");
diff -up openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2i/crypto/md5/md5_dgst.c
--- openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv	2016-09-22 13:51:29.840742047 +0200
+++ openssl-1.0.2i/crypto/md5/md5_dgst.c	2016-09-22 13:51:29.847742209 +0200
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
@@ -75,7 +77,8 @@ const char MD5_version[] = "MD5" OPENSSL
 int MD5_Init(MD5_CTX *c)
 #ifdef OPENSSL_FIPS
 {
-    if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
+    if (FIPS_mode()
+        && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)
         OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");
     return private_MD5_Init(c);
 }
diff -up openssl-1.0.2i/crypto/o_init.c.secure-getenv openssl-1.0.2i/crypto/o_init.c
--- openssl-1.0.2i/crypto/o_init.c.secure-getenv	2016-09-22 13:51:29.830741814 +0200
+++ openssl-1.0.2i/crypto/o_init.c	2016-09-22 13:51:30.046746834 +0200
@@ -53,6 +53,8 @@
  *
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <e_os.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
@@ -72,7 +74,7 @@ static void init_fips_mode(void)
     char buf[2] = "0";
     int fd;
 
-    if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
+    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
         buf[0] = '1';
     } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
         while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
diff -up openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv openssl-1.0.2i/crypto/rand/randfile.c
--- openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/rand/randfile.c	2016-09-22 13:53:17.222237626 +0200
@@ -55,6 +55,8 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* for secure_getenv */
+#define _GNU_SOURCE
 
 #include <errno.h>
 #include <stdio.h>
@@ -327,14 +329,12 @@ const char *RAND_file_name(char *buf, si
     struct stat sb;
 #endif
 
-    if (OPENSSL_issetugid() == 0)
-        s = getenv("RANDFILE");
+    s = secure_getenv("RANDFILE");
     if (s != NULL && *s && strlen(s) + 1 < size) {
         if (BUF_strlcpy(buf, s, size) >= size)
             return NULL;
     } else {
-        if (OPENSSL_issetugid() == 0)
-            s = getenv("HOME");
+        s = secure_getenv("HOME");
 #ifdef DEFAULT_HOME
         if (s == NULL) {
             s = DEFAULT_HOME;
diff -up openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2i/crypto/x509/by_dir.c
--- openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/x509/by_dir.c	2016-09-22 13:51:30.047746858 +0200
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
@@ -128,7 +130,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in
     switch (cmd) {
     case X509_L_ADD_DIR:
         if (argl == X509_FILETYPE_DEFAULT) {
-            dir = (char *)getenv(X509_get_default_cert_dir_env());
+            dir = (char *)secure_getenv(X509_get_default_cert_dir_env());
             if (dir)
                 ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
             else
diff -up openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv openssl-1.0.2i/crypto/x509/by_file.c
--- openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv	2016-09-22 13:51:29.812741396 +0200
+++ openssl-1.0.2i/crypto/x509/by_file.c	2016-09-22 13:51:30.047746858 +0200
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
@@ -97,7 +99,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx
     switch (cmd) {
     case X509_L_FILE_LOAD:
         if (argl == X509_FILETYPE_DEFAULT) {
-            file = (char *)getenv(X509_get_default_cert_file_env());
+            file = (char *)secure_getenv(X509_get_default_cert_file_env());
             if (file)
                 ok = (X509_load_cert_crl_file(ctx, file,
                                               X509_FILETYPE_PEM) != 0);
diff -up openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2i/crypto/x509/x509_vfy.c
--- openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/crypto/x509/x509_vfy.c	2016-09-22 13:51:30.048746881 +0200
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
@@ -620,7 +622,7 @@ static int check_chain_extensions(X509_S
          * A hack to keep people who don't want to modify their software
          * happy
          */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+        if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))
             allow_proxy_certs = 1;
         purpose = ctx->param->purpose;
     }
diff -up openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.2i/engines/ccgost/gost_ctl.c
--- openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv	2016-09-22 12:23:06.000000000 +0200
+++ openssl-1.0.2i/engines/ccgost/gost_ctl.c	2016-09-22 13:51:30.048746881 +0200
@@ -6,6 +6,8 @@
  *        Implementation of control commands for GOST engine          *
  *            OpenSSL 0.9.9 libraries required                        *
  **********************************************************************/
+/* for secure_getenv */
+#define _GNU_SOURCE
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/crypto.h>
@@ -64,7 +66,7 @@ const char *get_gost_engine_param(int pa
     if (gost_params[param] != NULL) {
         return gost_params[param];
     }
-    tmp = getenv(gost_envnames[param]);
+    tmp = secure_getenv(gost_envnames[param]);
     if (tmp) {
         if (gost_params[param])
             OPENSSL_free(gost_params[param]);
@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co
     const char *tmp;
     if (param < 0 || param > GOST_PARAM_MAX)
         return 0;
-    tmp = getenv(gost_envnames[param]);
+    tmp = secure_getenv(gost_envnames[param]);
     /*
      * if there is value in the environment, use it, else -passed string *
      */
openssl package update Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org> 7 years ago			`diff -up openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_api.c`
			`--- openssl-1.0.2i/crypto/conf/conf_api.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/crypto/conf/conf_api.c 2016-09-22 13:51:29.847742209 +0200`
			`@@ -63,6 +63,8 @@`
			`# define NDEBUG`
			`#endif`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <assert.h>`
			`#include <stdlib.h>`
			`#include <string.h>`
			`@@ -141,7 +143,7 @@ char _CONF_get_string(const CONF conf,`
			`if (v != NULL)`
			`return (v->value);`
			`if (strcmp(section, "ENV") == 0) {`
			`- p = getenv(name);`
			`+ p = secure_getenv(name);`
			`if (p != NULL)`
			`return (p);`
			`}`
			`@@ -154,7 +156,7 @@ char _CONF_get_string(const CONF conf,`
			`else`
			`return (NULL);`
			`} else`
			`- return (getenv(name));`
			`+ return (secure_getenv(name));`
			`}`

			`#if 0 /* There's no way to provide error checking`
			`diff -up openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv openssl-1.0.2i/crypto/conf/conf_mod.c`
			`--- openssl-1.0.2i/crypto/conf/conf_mod.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/crypto/conf/conf_mod.c 2016-09-22 13:51:29.847742209 +0200`
			`@@ -57,6 +57,8 @@`
			`*`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <ctype.h>`
			`#include <openssl/crypto.h>`
			`@@ -530,7 +532,7 @@ char *CONF_get1_default_config_file(void`
			`char *file;`
			`int len;`

			`- file = getenv("OPENSSL_CONF");`
			`+ file = secure_getenv("OPENSSL_CONF");`
			`if (file)`
			`return BUF_strdup(file);`

			`diff -up openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv openssl-1.0.2i/crypto/engine/eng_list.c`
			`--- openssl-1.0.2i/crypto/engine/eng_list.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/crypto/engine/eng_list.c 2016-09-22 13:51:29.847742209 +0200`
			`@@ -62,6 +62,8 @@`
			`* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include "eng_int.h"`

			`/*`
			`@@ -369,10 +371,10 @@ ENGINE ENGINE_by_id(const char id)`
			`*/`
			`if (strcmp(id, "dynamic")) {`
			`# ifdef OPENSSL_SYS_VMS`
			`- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)`
			`+ if (OPENSSL_issetugid() \|\| (load_dir = getenv("OPENSSL_ENGINES")) == 0)`
			`load_dir = "SSLROOT:[ENGINES]";`
			`# else`
			`- if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)`
			`+ if ((load_dir = secure_getenv("OPENSSL_ENGINES")) == 0)`
			`load_dir = ENGINESDIR;`
			`# endif`
			`iterator = ENGINE_by_id("dynamic");`
			`diff -up openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv openssl-1.0.2i/crypto/md5/md5_dgst.c`
			`--- openssl-1.0.2i/crypto/md5/md5_dgst.c.secure-getenv 2016-09-22 13:51:29.840742047 +0200`
			`+++ openssl-1.0.2i/crypto/md5/md5_dgst.c 2016-09-22 13:51:29.847742209 +0200`
			`@@ -56,6 +56,8 @@`
			`* [including the GNU Public Licence.]`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include "md5_locl.h"`
			`#include <openssl/opensslv.h>`
			`@@ -75,7 +77,8 @@ const char MD5_version[] = "MD5" OPENSSL`
			`int MD5_Init(MD5_CTX *c)`
			`#ifdef OPENSSL_FIPS`
			`{`
			`- if (FIPS_mode() && getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)`
			`+ if (FIPS_mode()`
			`+ && secure_getenv("OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW") == NULL)`
			`OpenSSLDie(__FILE__, __LINE__, "Digest MD5 forbidden in FIPS mode!");`
			`return private_MD5_Init(c);`
			`}`
			`diff -up openssl-1.0.2i/crypto/o_init.c.secure-getenv openssl-1.0.2i/crypto/o_init.c`
			`--- openssl-1.0.2i/crypto/o_init.c.secure-getenv 2016-09-22 13:51:29.830741814 +0200`
			`+++ openssl-1.0.2i/crypto/o_init.c 2016-09-22 13:51:30.046746834 +0200`
			`@@ -53,6 +53,8 @@`
			`*`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <e_os.h>`
			`#include <openssl/err.h>`
			`#ifdef OPENSSL_FIPS`
			`@@ -72,7 +74,7 @@ static void init_fips_mode(void)`
			`char buf[2] = "0";`
			`int fd;`

			`- if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {`
			`+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {`
			`buf[0] = '1';`
			`} else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {`
			`while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;`
			`diff -up openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv openssl-1.0.2i/crypto/rand/randfile.c`
			`--- openssl-1.0.2i/crypto/rand/randfile.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/crypto/rand/randfile.c 2016-09-22 13:53:17.222237626 +0200`
			`@@ -55,6 +55,8 @@`
			`* copied and put under another distribution licence`
			`* [including the GNU Public Licence.]`
			`*/`
			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`

			`#include <errno.h>`
			`#include <stdio.h>`
			`@@ -327,14 +329,12 @@ const char RAND_file_name(char buf, si`
			`struct stat sb;`
			`#endif`

			`- if (OPENSSL_issetugid() == 0)`
			`- s = getenv("RANDFILE");`
			`+ s = secure_getenv("RANDFILE");`
			`if (s != NULL && *s && strlen(s) + 1 < size) {`
			`if (BUF_strlcpy(buf, s, size) >= size)`
			`return NULL;`
			`} else {`
			`- if (OPENSSL_issetugid() == 0)`
			`- s = getenv("HOME");`
			`+ s = secure_getenv("HOME");`
			`#ifdef DEFAULT_HOME`
			`if (s == NULL) {`
			`s = DEFAULT_HOME;`
			`diff -up openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv openssl-1.0.2i/crypto/x509/by_dir.c`
			`--- openssl-1.0.2i/crypto/x509/by_dir.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/crypto/x509/by_dir.c 2016-09-22 13:51:30.047746858 +0200`
			`@@ -56,6 +56,8 @@`
			`* [including the GNU Public Licence.]`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <time.h>`
			`#include <errno.h>`
			`@@ -128,7 +130,7 @@ static int dir_ctrl(X509_LOOKUP *ctx, in`
			`switch (cmd) {`
			`case X509_L_ADD_DIR:`
			`if (argl == X509_FILETYPE_DEFAULT) {`
			`- dir = (char *)getenv(X509_get_default_cert_dir_env());`
			`+ dir = (char *)secure_getenv(X509_get_default_cert_dir_env());`
			`if (dir)`
			`ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);`
			`else`
			`diff -up openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv openssl-1.0.2i/crypto/x509/by_file.c`
			`--- openssl-1.0.2i/crypto/x509/by_file.c.secure-getenv 2016-09-22 13:51:29.812741396 +0200`
			`+++ openssl-1.0.2i/crypto/x509/by_file.c 2016-09-22 13:51:30.047746858 +0200`
			`@@ -56,6 +56,8 @@`
			`* [including the GNU Public Licence.]`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <time.h>`
			`#include <errno.h>`
			`@@ -97,7 +99,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx`
			`switch (cmd) {`
			`case X509_L_FILE_LOAD:`
			`if (argl == X509_FILETYPE_DEFAULT) {`
			`- file = (char *)getenv(X509_get_default_cert_file_env());`
			`+ file = (char *)secure_getenv(X509_get_default_cert_file_env());`
			`if (file)`
			`ok = (X509_load_cert_crl_file(ctx, file,`
			`X509_FILETYPE_PEM) != 0);`
			`diff -up openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv openssl-1.0.2i/crypto/x509/x509_vfy.c`
			`--- openssl-1.0.2i/crypto/x509/x509_vfy.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/crypto/x509/x509_vfy.c 2016-09-22 13:51:30.048746881 +0200`
			`@@ -56,6 +56,8 @@`
			`* [including the GNU Public Licence.]`
			`*/`

			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdio.h>`
			`#include <time.h>`
			`#include <errno.h>`
			`@@ -620,7 +622,7 @@ static int check_chain_extensions(X509_S`
			`* A hack to keep people who don't want to modify their software`
			`* happy`
			`*/`
			`- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))`
			`+ if (secure_getenv("OPENSSL_ALLOW_PROXY_CERTS"))`
			`allow_proxy_certs = 1;`
			`purpose = ctx->param->purpose;`
			`}`
			`diff -up openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv openssl-1.0.2i/engines/ccgost/gost_ctl.c`
			`--- openssl-1.0.2i/engines/ccgost/gost_ctl.c.secure-getenv 2016-09-22 12:23:06.000000000 +0200`
			`+++ openssl-1.0.2i/engines/ccgost/gost_ctl.c 2016-09-22 13:51:30.048746881 +0200`
			`@@ -6,6 +6,8 @@`
			`* Implementation of control commands for GOST engine *`
			`* OpenSSL 0.9.9 libraries required *`
			`**********************************************************************/`
			`+/* for secure_getenv */`
			`+#define _GNU_SOURCE`
			`#include <stdlib.h>`
			`#include <string.h>`
			`#include <openssl/crypto.h>`
			`@@ -64,7 +66,7 @@ const char *get_gost_engine_param(int pa`
			`if (gost_params[param] != NULL) {`
			`return gost_params[param];`
			`}`
			`- tmp = getenv(gost_envnames[param]);`
			`+ tmp = secure_getenv(gost_envnames[param]);`
			`if (tmp) {`
			`if (gost_params[param])`
			`OPENSSL_free(gost_params[param]);`
			`@@ -79,7 +81,7 @@ int gost_set_default_param(int param, co`
			`const char *tmp;`
			`if (param < 0 \|\| param > GOST_PARAM_MAX)`
			`return 0;`
			`- tmp = getenv(gost_envnames[param]);`
			`+ tmp = secure_getenv(gost_envnames[param]);`
			`/*`
			`* if there is value in the environment, use it, else -passed string *`
			`*/`