Blame SOURCES/0027-Don-t-close-STDOUT-when-calling-the-CA-fetch_roots-f.patch

398fc5
From b7bcb1b3b953c2052e2d89cb2b3e9d9ccd1b3864 Mon Sep 17 00:00:00 2001
398fc5
From: Rob Crittenden <rcritten@redhat.com>
398fc5
Date: Thu, 10 Oct 2019 16:28:18 -0400
398fc5
Subject: [PATCH] Don't close STDOUT when calling the CA fetch_roots function
398fc5
398fc5
cm_subproc_mark_most_cloexec() now closes all open file
398fc5
descriptors except for up to three requested for stdin, stdout
398fc5
and stderr. Before the optimization those three were always
398fc5
left open.
398fc5
398fc5
This was causing errors in the IPA helper ipa-server-guard
398fc5
because it tries to display the contents of stderr which was
398fc5
always being closed, causing ipa-server-guard to blow up.
398fc5
---
398fc5
 src/cadata.c | 2 +-
398fc5
 1 file changed, 1 insertion(+), 1 deletion(-)
398fc5
398fc5
diff --git a/src/cadata.c b/src/cadata.c
398fc5
index eb87eb76..3e916c96 100644
398fc5
--- a/src/cadata.c
398fc5
+++ b/src/cadata.c
398fc5
@@ -109,7 +109,7 @@ fetch(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *data)
398fc5
 		}
398fc5
 		return -1;
398fc5
 	}
398fc5
-	cm_subproc_mark_most_cloexec(STDOUT_FILENO, -1, -1);
398fc5
+	cm_subproc_mark_most_cloexec(STDOUT_FILENO, STDERR_FILENO, -1);
398fc5
 	cm_log(1, "Running enrollment/cadata helper \"%s\".\n", argv[0]);
398fc5
 	execvp(argv[0], argv);
398fc5
 	u = errno;
398fc5
-- 
398fc5
2.21.0
398fc5