On Tue, Dec 06, 2016 at 01:36:04PM +0100, Arne Schwabe wrote: > Am 06.12.16 um 13:26 schrieb Gert Doering: > > The existing code can leak socket FDs to the "--up" script, which is > > not desired. Brought up by Alberto Gonzalez Iniesta, based on debian > > bug 367716. > > > > Since different sockets get create at different times, just moving the > > set_cloexec() to link_socket_init_phase1() is not good enough - so move > > the call into create_socket_<family>(), so we will catch ALL socket > > creations, no matter when or under which conditions they will be > > created (SOCKS proxy socket, listening socket, ...). > > Patch looks good. ACK from me. I also looked at the port-share code path > but that part isn't touched by this commit. >
Works for me (tm) I'm just waiting for the pkcs11-helper maintainer [1] to upload 2.4~rc1 to Debian. If he decides to build against OpenSSL 1.1 I'd have to remove PKCS #11 support from Debian's package in Stretch. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828506 -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
