When exec'ing child processes (netstat and vmstat), make sure the standard

file descriptors (0, 1, 2) are open.  This avoids multiple warnings issued
under NetBSD about running set[ug]id programs with those descriptors closed.

Fixes PR pkg/26079; although it talks about gaim, the problem is here, in
libgcrypt.  Bump PKGREVISION to 1.

1 files changed, 31 insertions, 0 deletions

diff --git a/security/libgcrypt/patches/patch-ab b/security/libgcrypt/patches/patch-ab
new file mode 100644
index 00000000000..c98930604b3
--- /dev/null
+++ b/security/libgcrypt/patches/patch-ab
@@ -0,0 +1,31 @@
+$NetBSD: patch-ab,v 1.1 2004/07/02 13:14:28 jmmv Exp $
+
+--- cipher/rndunix.c.orig	2003-12-11 16:43:01.000000000 +0100
++++ cipher/rndunix.c
+@@ -676,6 +676,15 @@ start_gatherer( int pipefd )
+ 	    if( i != n1 && i != n2 && i != pipefd )
+ 		close(i);
+ 	}
++
++	/* Reopen standard files (only if needed) so that NetBSD does not
++	   complain about executing set[ug]id programs with descriptors 0
++	   and/or 1 closed.  At this point, 2 is still open. */
++	if ((i = open("/dev/null", O_RDONLY)) != STDIN_FILENO)
++		close(i);
++	if ((i = open("/dev/null", O_WRONLY)) != STDOUT_FILENO)
++		close(i);
++
+ 	errno = 0;
+     }
+ 
+@@ -703,6 +712,10 @@ start_gatherer( int pipefd )
+ #endif
+ 
+     fclose(stderr);		/* Arrghh!!  It's Stuart code!! */
++    {
++	int i = open("/dev/null", O_WRONLY);
++	assert(i == STDERR_FILENO);
++    }
+ 
+     for(;;) {
+ 	GATHER_MSG msg;