Package: libgcrypt11
Version: 1.2.3-2
Tags: patch
The function _gcry_rndlinux_gather_random() in cipher/rndlinux.c opens
two file handles (fd_random and fd_urandom) which are never closed.
Since it does not apply the FD_CLOEXEC flag, all subprocesses will
inherit these two handles without ever using them.
Please apply this patch which sets the FD_CLOEXEC flag.
--- cipher/rndlinux.c.orig 2006-12-18 12:53:28.006813500 +0100
+++ cipher/rndlinux.c 2006-12-18 12:54:34.346959500 +0100
@@ -54,6 +54,8 @@
if( fd == -1 )
log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+
/* We used to do the follwing check, however it turned out that this
is not portable since more OSes provide a random device which is
sometimes implemented as anoteher device type.
