Package: release.debian.org Severity: normal Tags: bookworm User: [email protected] Usertags: pu X-Debbugs-Cc: [email protected] Control: affects -1 + src:openvpn
This -pu cherry-picks two fixes from upstream. One fixing a memory leak that is noticable on long running servers, and one dangling pointer that might lead to crashes. Both have been in 2.6.3-2 for about a month now, migrated to testing flawlessly and are part of the recent upstream stable release. There is nothing else in 2.6.3-2 that is not suitable for bookworm, I have just changed the version and set the correct branch in gbp.conf [ Reason ] Bugfix [ Impact ] Memory leak [ Tests ] Upstream has an extensive testsuite/CI coverage. Part of it is ran during build. [ Risks ] Isolated fixes that have been vetted upstream and have been part of an upstream release [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable Bernhard
diff -Nru openvpn-2.6.3/debian/changelog openvpn-2.6.3/debian/changelog --- openvpn-2.6.3/debian/changelog 2023-04-13 09:19:40.000000000 +0200 +++ openvpn-2.6.3/debian/changelog 2023-06-21 21:41:33.000000000 +0200 @@ -1,3 +1,12 @@ +openvpn (2.6.3-1+deb12u1) bookworm; urgency=medium + + * Cherry-pick two bugfix commits from upstream + - Memory leak in dco_get_peer_stats_multi for Linux + - dangling pointer passed to pkcs11-helper + * d/gbp.conf: set branch to bookworm + + -- Bernhard Schmidt <[email protected]> Wed, 21 Jun 2023 21:41:33 +0200 + openvpn (2.6.3-1) unstable; urgency=medium * New upstream version 2.6.2 diff -Nru openvpn-2.6.3/debian/gbp.conf openvpn-2.6.3/debian/gbp.conf --- openvpn-2.6.3/debian/gbp.conf 2023-04-13 09:19:40.000000000 +0200 +++ openvpn-2.6.3/debian/gbp.conf 2023-06-21 21:41:33.000000000 +0200 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch = debian/bookworm diff -Nru openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch --- openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch 1970-01-01 01:00:00.000000000 +0100 +++ openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch 2023-06-21 21:41:33.000000000 +0200 @@ -0,0 +1,37 @@ +From 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 Mon Sep 17 00:00:00 2001 +From: Selva Nair <[email protected]> +Date: Tue, 9 May 2023 13:05:17 -0400 +Subject: [PATCH] Bugfix: dangling pointer passed to pkcs11-helper + +Github: Fixes OpenVPN/openvpn#323 + +Signed-off-by: Selva Nair <[email protected]> +Acked-by: Gert Doering <[email protected]> +Message-Id: <[email protected]> +URL: https://www.mail-archive.com/[email protected]/msg26640.html +Signed-off-by: Gert Doering <[email protected]> +(cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2) +--- + src/openvpn/pkcs11_openssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c +index eee86e17b6f..9b0ab39f9cf 100644 +--- a/src/openvpn/pkcs11_openssl.c ++++ b/src/openvpn/pkcs11_openssl.c +@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, + { + pkcs11h_certificate_t cert = handle; + CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */ ++ CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; + + unsigned char buf[EVP_MAX_MD_SIZE]; + size_t buflen; +@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig, + } + else if (!strcmp(sigalg.padmode, "pss")) + { +- CK_RSA_PKCS_PSS_PARAMS pss_params = {0}; + mech.mechanism = CKM_RSA_PKCS_PSS; + + if (!set_pss_params(&pss_params, sigalg, cert)) diff -Nru openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch --- openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch 1970-01-01 01:00:00.000000000 +0100 +++ openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch 2023-06-21 21:41:33.000000000 +0200 @@ -0,0 +1,33 @@ +From 5e8a571af165c867ccb9c4c9e6334620f42013ac Mon Sep 17 00:00:00 2001 +From: Frank Lichtenheld <[email protected]> +Date: Mon, 15 May 2023 16:21:16 +0200 +Subject: [PATCH] DCO: fix memory leak in dco_get_peer_stats_multi for Linux + +Leaks a small amount of memory every 15s. + +Signed-off-by: Frank Lichtenheld <[email protected]> +Acked-by: Antonio Quartulli <[email protected]> +Message-Id: <[email protected]> +URL: https://www.mail-archive.com/[email protected]/msg26659.html +Signed-off-by: Gert Doering <[email protected]> +(cherry picked from commit 276f7c86d70666bc2ab4e6192ef5f1dcbd6a230f) +--- + src/openvpn/dco_linux.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c +index 796e6f25da4..2bfdf980a3a 100644 +--- a/src/openvpn/dco_linux.c ++++ b/src/openvpn/dco_linux.c +@@ -925,7 +925,10 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m) + + nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP; + +- return ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); ++ int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__); ++ ++ nlmsg_free(nl_msg); ++ return ret; + } + + static int diff -Nru openvpn-2.6.3/debian/patches/series openvpn-2.6.3/debian/patches/series --- openvpn-2.6.3/debian/patches/series 2023-04-13 09:19:40.000000000 +0200 +++ openvpn-2.6.3/debian/patches/series 2023-06-21 21:41:33.000000000 +0200 @@ -3,3 +3,5 @@ #debian_nogroup_for_sample_files.patch openvpn-pkcs11warn.patch systemd.patch +fix-dangling-pointer-in-pkcs11.patch +fix-memleak-in-dco_get_peer_stats_multi.patch
