File libzip-ocloexec.patch of Package libzip.5571

Date: Thu Dec 29 19:35:38 UTC 2011
From: crrodriguez@opensuse.org

Use O_CLOEXEC where needed, as calling applications 
may fork.. execve and we end up leaking internal fds.
Index: libzip-0.11/lib/zip_close.c
===================================================================
--- libzip-0.11.orig/lib/zip_close.c
+++ libzip-0.11/lib/zip_close.c
@@ -47,9 +47,9 @@
 #endif
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <fcntl.h>
 #ifdef _WIN32
 #include <io.h>
-#include <fcntl.h>
 #endif
 
 
@@ -269,7 +269,7 @@ zip_close(struct zip *za)
 	free(temp);
 	if (reopen_on_error) {
 	    /* ignore errors, since we're already in an error case */
-	    za->zp = fopen(za->zn, "rb");
+	    za->zp = fopen(za->zn, "rbe");
 	}
 	return -1;
     }
@@ -610,7 +610,7 @@ _zip_create_temp_output(struct zip *za,
         sprintf(temp, "%s.XXXXXX", za->zn);
     }
 
-    if ((tfd=mkstemp(temp)) == -1) {
+    if ((tfd=mkostemp(temp, O_CLOEXEC)) == -1) {
 	_zip_error_set(&za->error, ZIP_ER_TMPOPEN, errno);
 	free(temp);
 	return NULL;
Index: libzip-0.11/lib/zip_open.c
===================================================================
--- libzip-0.11.orig/lib/zip_open.c
+++ libzip-0.11/lib/zip_open.c
@@ -92,7 +92,7 @@ zip_open(const char *fn, int _flags, int
 	break;
     }
 
-    if ((fp=fopen(fn, "rb")) == NULL) {
+    if ((fp=fopen(fn, "rbe")) == NULL) {
 	set_error(zep, NULL, ZIP_ER_OPEN);
 	return NULL;
     }
Index: libzip-0.11/lib/zip_source_filep.c
===================================================================
--- libzip-0.11.orig/lib/zip_source_filep.c
+++ libzip-0.11/lib/zip_source_filep.c
@@ -133,7 +133,7 @@ read_file(void *state, void *data, zip_u
     switch (cmd) {
     case ZIP_SOURCE_OPEN:
 	if (z->fname) {
-	    if ((z->f=fopen(z->fname, "rb")) == NULL) {
+	    if ((z->f=fopen(z->fname, "rbe")) == NULL) {
 		z->e[0] = ZIP_ER_OPEN;
 		z->e[1] = errno;
 		return -1;