From 1fc84917d0a5e5c52ba89677e7c0f7a6d856e0d2 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Sat, 15 Feb 2020 23:16:25 +0000
Subject: [PATCH] Open /dev/urandom with O_CLOEXEC.

Let's avoid bleeding file descriptors into our clients' children,
shall we?

XXX pullup
---
 crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c b/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
index 69efcdeed752..0914b0094d6b 100644
--- a/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
+++ b/crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
@@ -479,7 +479,7 @@ static int get_random_device(size_t n)
         return rd->fd;
 
     /* open the random device ... */
-    if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+    if ((rd->fd = open(random_device_paths[n], O_RDONLY|O_CLOEXEC)) == -1)
         return rd->fd;
 
     /* ... and cache its relevant stat(2) data */