Bug#1041272: bookworm-pu: package transmission/3.00-2.1+deb12u1

[ilf]

I installed 3.00-2.1+deb12u1 yesterday and I can confirm that the memory 
leak is gone and transmission-daemon is running stable after 24+ hours. 
Thanks!


Sebastian Ramacher:

[ Tests ]
The patch was used in gentoo. Build-time tests pass. As I have no 
interest in transmission itself and users reported that the new patch is 
supposed to work, I didn't perform any other tests.


--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

Bug#1041272: bookworm-pu: package transmission/3.00-2.1+deb12u1

[Jonathan Wiltshire]

Control: tag -1 confirmed

On Sun, Jul 16, 2023 at 07:29:31PM +0200, Sebastian Ramacher wrote:
> transmission in bookworm suffers from a memory leak in bookworm (see
> #1015003). This issue was fixed in unstable in the new upstream
> releaase.

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1041272: bookworm-pu: package transmission/3.00-2.1+deb12u1

[Sebastian Ramacher]

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: transmiss...@packages.debian.org
Control: affects -1 + src:transmission

[ Reason ]
transmission in bookworm suffers from a memory leak in bookworm (see
#1015003). This issue was fixed in unstable in the new upstream
releaase.

[ Impact ]
A memory issue remains in a long running daemon.

[ Tests ]
The patch was used in gentoo. Build-time tests pass. As I have no
interest in transmission itself and users reported that the new patch is
supposed to work, I didn't perform any other tests.

[ Risks ]
New patch looks sane enough to load the legacy openssl provider. So I
don't expect any major risks.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
The patch from Ubuntu for OpenSSL compatibility is exchanged with the
one from Gentoo.

Cheers
-- 
Sebastian Ramacher
diff -Nru transmission-3.00/debian/changelog transmission-3.00/debian/changelog
--- transmission-3.00/debian/changelog  2022-05-21 09:22:10.0 +0200
+++ transmission-3.00/debian/changelog  2023-07-16 19:09:31.0 +0200
@@ -1,3 +1,10 @@
+transmission (3.00-2.1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches/: Replace openssl3 compat patch to fix memory leak.
+(Closes: #1015003)
+
+ -- Sebastian Ramacher   Sun, 16 Jul 2023 19:09:31 +0200
+
 transmission (3.00-2.1) unstable; urgency=low
 
   [ Steve Langasek ]
diff -Nru transmission-3.00/debian/patches/openssl3-compat.patch 
transmission-3.00/debian/patches/openssl3-compat.patch
--- transmission-3.00/debian/patches/openssl3-compat.patch  2022-05-21 
09:21:15.0 +0200
+++ transmission-3.00/debian/patches/openssl3-compat.patch  2023-07-16 
19:09:29.0 +0200
@@ -1,130 +1,37 @@
-Description: Compatibility with OpenSSL 3
- We rely on RC4 because of the torrent protocol we're implementing, but this
- is no longer available in the default provider.
-Author: Steve Langasek 
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1946215
-Last-Update: 2021-12-13
-Forwarded: no
+From 6ee128b95bacaff20746538dc97c2b8e2b9fcc29 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert 
+Date: Sun, 15 May 2022 10:54:38 -0400
+Subject: [PATCH] openssl: load "legacy" provider for RC4
 
-Index: transmission-3.00/libtransmission/crypto-utils-openssl.c
-===
 transmission-3.00.orig/libtransmission/crypto-utils-openssl.c
-+++ transmission-3.00/libtransmission/crypto-utils-openssl.c
+---
+ libtransmission/crypto-utils-openssl.c | 7 +++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libtransmission/crypto-utils-openssl.c 
b/libtransmission/crypto-utils-openssl.c
+index 45fd71913..14d680654 100644
+--- a/libtransmission/crypto-utils-openssl.c
 b/libtransmission/crypto-utils-openssl.c
 @@ -20,6 +20,9 @@
  #include 
  #include 
  #include 
-+#if OPENSSL_VERSION_NUMBER >= 0x3000L
++#if OPENSSL_VERSION_MAJOR >= 3
 +#include 
 +#endif
  
  #include "transmission.h"
  #include "crypto-utils.h"
-@@ -182,46 +185,86 @@
- 
- #endif
+@@ -184,6 +187,10 @@ static void 
openssl_evp_cipher_context_free(EVP_CIPHER_CTX* handle)
  
-+typedef struct tr_rc4_ctx {
-+EVP_CIPHER_CTX *cipher_ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x3000L
-+OSSL_LIB_CTX *lib_ctx;
-+#endif
-+} tr_rc4_ctx;
-+
  tr_rc4_ctx_t tr_rc4_new(void)
  {
--EVP_CIPHER_CTX* handle = EVP_CIPHER_CTX_new();
-+#if OPENSSL_VERSION_NUMBER >= 0x3000L
-+OSSL_PROVIDER *legacy_provider = NULL;
-+OSSL_PROVIDER *default_provider = NULL;
-+#endif
-+const EVP_CIPHER *cipher;
- 
--if (check_result(EVP_CipherInit_ex(handle, EVP_rc4(), NULL, NULL, NULL, 
-1)))
-+tr_rc4_ctx *handle = malloc(sizeof(tr_rc4_ctx));
-+
-+handle->cipher_ctx = EVP_CIPHER_CTX_new();
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x3000L
-+handle->lib_ctx = OSSL_LIB_CTX_new();
-+TR_ASSERT(handle->lib_ctx);
-+legacy_provider = OSSL_PROVIDER_load(handle->lib_ctx, "legacy");
-+TR_ASSERT(legacy_provider);
-+default_provider = OSSL_PROVIDER_load(handle->lib_ctx, "default");
-+TR_ASSERT(default_provider);
-+
-+cipher = EVP_CIPHER_fetch(handle->lib_ctx, "RC4", NULL);
-+#else
-+cipher = EVP_rc4();
-+#endif
-+
-+if (check_result(EVP_CipherInit_ex(handle->cipher_ctx, cipher, NULL, NULL,
-+   NULL, -1)))
- {
- return handle;
- }
- 
--EVP_CIPHER_CTX_free(handle);
-+EVP_CIPHER_CTX_free(handle->cipher_ctx);
-+#if OPENSSL_VERSION_NUMBER >= 0x3000L
-+OSSL_LIB_CTX_free(handle->lib_ctx);
-+#endif
- return NULL;
- }
- 
--void tr_rc4_free(tr_rc4_ctx_t handle)
-+void tr_rc4_free(tr_rc4_ctx_t h)
- {
--if (handle == NULL)
-+if (h == NULL)
- {
- return;
- }
- 
--