The attached patch changes a number of system library functions to set the O_CLOEXEC flag immediately while the file is being opened. This will assure that there will be no time window between opening the file and setting the close-on-exec flag. Esp. in a threaded program even the small time window could cause the file descriptors being leaked to a child program, if another independent library module decides to call exec() inside another thread while the new file has been opened but the close-on-exec flag has not been set yet. NOTICE! This patch requires as a precondition the second enhanced version of the patch to http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/169320 Fix: Find the patch attached. Patch attached with submission follows: How-To-Repeat: See full description above.
The libfetch portion of the patch was committed in r289420 in late 2015. I can't speak for the rest.
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>