From 3cedd1dd9877a0bae3e69d27c3d1a2fcd98787c0 Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Tue, 13 Dec 2011 11:04:22 +0100 Subject: Imported Debian patch 2.2.1-1 --- debian/patches/close_socket_before_scripts.patch | 32 ++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 debian/patches/close_socket_before_scripts.patch (limited to 'debian/patches/close_socket_before_scripts.patch') diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch new file mode 100644 index 0000000..011a8e7 --- /dev/null +++ b/debian/patches/close_socket_before_scripts.patch @@ -0,0 +1,32 @@ +Description: Set socket's FD_CLOEXEC flag before calling up script + Moving the set_cloexec() call from link_socket_init_phase2() to + link_socket_init_phase1(). +Author: Julien Cristau +Bug-Debian: http://bugs.debian.org/367716 + +Index: openvpn-2.2.0/socket.c +=================================================================== +--- openvpn-2.2.0.orig/socket.c 2011-04-21 21:13:34.000000000 +0200 ++++ openvpn-2.2.0/socket.c 2011-05-10 16:18:35.300018716 +0200 +@@ -1327,6 +1327,10 @@ + resolve_bind_local (sock); + resolve_remote (sock, 1, NULL, NULL); + } ++ ++ /* set socket file descriptor to not pass across execs, so that ++ scripts don't have access to it */ ++ set_cloexec (sock->sd); + } + + /* finalize socket initialization */ +@@ -1532,10 +1536,6 @@ + /* set socket to non-blocking mode */ + set_nonblock (sock->sd); + +- /* set socket file descriptor to not pass across execs, so that +- scripts don't have access to it */ +- set_cloexec (sock->sd); +- + #ifdef ENABLE_SOCKS + if (socket_defined (sock->ctrl_sd)) + set_cloexec (sock->ctrl_sd); -- cgit v1.2.3