Avoid hangs when spawhning child processes by not setting pkcs11-helper "safe fork mode" (Closes: #772812, #900805, #907452)

author: Hilko Bengen <bengen@debian.org> 2019-02-19 10:37:53 +0100
committer: Bernhard Schmidt <berni@debian.org> 2019-02-20 14:29:56 +0100
commit: 89368d36202104dd4bc3827ab0611b229de05b27 (patch)
tree: 145bedb9232588bbdbefad963bb1a0e0f971c94a
parent: d391b6992cfe5223aa58e714ec6710bd63013db4 (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/debian/patches/fix-pkcs11-helper-hang.patch b/debian/patches/fix-pkcs11-helper-hang.patch
new file mode 100644
index 0000000..41d9be1
--- /dev/null
+++ b/debian/patches/fix-pkcs11-helper-hang.patch
@@ -0,0 +1,13 @@
+Index: openvpn/src/openvpn/pkcs11.c
+===================================================================
+--- openvpn.orig/src/openvpn/pkcs11.c
++++ openvpn/src/openvpn/pkcs11.c
+@@ -312,7 +312,7 @@ pkcs11_initialize(
+ 
+     pkcs11h_setLogLevel(_pkcs11_msg_openvpn2pkcs11(get_debug_level()));
+ 
+-    if ((rv = pkcs11h_setForkMode(TRUE)) != CKR_OK)
++    if ((rv = pkcs11h_setForkMode(FALSE)) != CKR_OK)
+     {
+         msg(M_FATAL, "PKCS#11: Cannot set fork mode %ld-'%s'", rv, pkcs11h_getMessage(rv));
+         goto cleanup;
diff --git a/debian/patches/series b/debian/patches/series
index a903d3d..8b19c3d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ kfreebsd_support.patch
 match-manpage-and-command-help.patch
 spelling_errors.patch
 systemd.patch
+fix-pkcs11-helper-hang.patch
author	Hilko Bengen <bengen@debian.org>	2019-02-19 10:37:53 +0100
committer	Bernhard Schmidt <berni@debian.org>	2019-02-20 14:29:56 +0100
commit	89368d36202104dd4bc3827ab0611b229de05b27 (patch)
tree	145bedb9232588bbdbefad963bb1a0e0f971c94a
parent	d391b6992cfe5223aa58e714ec6710bd63013db4 (diff)