rpms/vpnc/devel vpnc-0.3.3-cloexec.patch, NONE, 1.1 vpnc.spec, 1.17, 1.18

Tomas Mraz (tmraz) fedora-extras-commits at redhat.com
Tue Nov 7 17:28:05 UTC 2006 

Author: tmraz

Update of /cvs/extras/rpms/vpnc/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24383

Modified Files:
	vpnc.spec 
Added Files:
	vpnc-0.3.3-cloexec.patch 
Log Message:
* Tue Nov  7 2006 Tomas Mraz <tmraz at redhat.com> - 0.3.3-13
- don't leak socket fds


vpnc-0.3.3-cloexec.patch:

--- NEW FILE vpnc-0.3.3-cloexec.patch ---
--- vpnc-0.3.3/vpnc.c.cloexec	2006-11-07 18:00:52.000000000 +0100
+++ vpnc-0.3.3/vpnc.c	2006-11-07 18:06:29.000000000 +0100
@@ -221,6 +221,8 @@
 	if (sock < 0)
 		error(1, errno, "making socket");
 
+	fcntl(sock, F_SETFD, FD_CLOEXEC);
+	
 	/* Give the socket a name. */
 	name.sin_family = AF_INET;
 	name.sin_port = port;
@@ -2216,6 +2218,7 @@
 				if (tunnelfd == -1) {
 					error(1, errno, "socket(SOCK_RAW) failed");
 				}
+				fcntl(tunnelfd, F_SETFD, FD_CLOEXEC);
 			}
 		}
 		if (dh_grp)


Index: vpnc.spec
===================================================================
RCS file: /cvs/extras/rpms/vpnc/devel/vpnc.spec,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- vpnc.spec	12 Sep 2006 16:38:12 -0000	1.17
+++ vpnc.spec	7 Nov 2006 17:27:35 -0000	1.18
@@ -1,6 +1,6 @@
 Name:           vpnc
 Version:        0.3.3
-Release:        12
+Release:        13%{?dist}
 
 Summary:        IPSec VPN client compatible with Cisco equipment
 
@@ -14,6 +14,7 @@
 Patch2:		vpnc-0.3.3-ip-output.patch
 Patch3:		vpnc-0.3.3-no-srcport.patch
 Patch4:		vpnc-0.3.3-rekeying.patch
+Patch5:		vpnc-0.3.3-cloexec.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -33,6 +34,7 @@
 %patch2 -p1 -b .ip-output
 %patch3 -p1 -b .no-srcport
 %patch4 -p1 -b .rekeying
+%patch5 -p1 -b .cloexec
 
 %build
 make PREFIX=/usr
@@ -65,6 +67,9 @@
 %ghost %verify(not md5 size mtime) %{_var}/run/vpnc/resolv.conf-backup
 
 %changelog
+* Tue Nov  7 2006 Tomas Mraz <tmraz at redhat.com> - 0.3.3-13
+- don't leak socket fds
+
 * Tue Sep 12 2006 Tomas Mraz <tmraz at redhat.com> - 0.3.3-12
 - drop hoplimit from ip route output (#205923)
 - let's try enabling -fstack-protector again, seems to work now

More information about the fedora-extras-commits mailing list