Bug#849967: jessie-pu: package exim4/4.84.2-2+deb8u3

2017-01-06 Thread Adam D. Barratt 
Control: tags -1 + pending

On Thu, 2017-01-05 at 19:52 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2017-01-02 at 19:44 +0100, Andreas Metzler wrote:
> > I (and Heiko from exim upstream) would like to fix #845569 in jessie.
> > sid/testing already include the fix, it was part of 4.88~RC6.
> > 
> > The issue is a memleak in the GnuTLS code, the patch is a towo line
> > change. Heiko has provided a very nice writeup in
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845569#20
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Processed: Re: Bug#849967: jessie-pu: package exim4/4.84.2-2+deb8u3

2017-01-06 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + pending
Bug #849967 [release.debian.org] jessie-pu: package exim4/4.84.2-2+deb8u3
Added tag(s) pending.

-- 
849967: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849967
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#849967: jessie-pu: package exim4/4.84.2-2+deb8u3

2017-01-05 Thread Debian Bug Tracking System 
Processing control commands:

> tags -1 + confirmed
Bug #849967 [release.debian.org] jessie-pu: package exim4/4.84.2-2+deb8u3
Added tag(s) confirmed.

-- 
849967: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849967
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#849967: jessie-pu: package exim4/4.84.2-2+deb8u3

2017-01-05 Thread Adam D. Barratt 
Control: tags -1 + confirmed

On Mon, 2017-01-02 at 19:44 +0100, Andreas Metzler wrote:
> I (and Heiko from exim upstream) would like to fix #845569 in jessie.
> sid/testing already include the fix, it was part of 4.88~RC6.
> 
> The issue is a memleak in the GnuTLS code, the patch is a towo line
> change. Heiko has provided a very nice writeup in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845569#20

Please go ahead.

Regards,

Adam

Bug#849967: jessie-pu: package exim4/4.84.2-2+deb8u3

2017-01-02 Thread Andreas Metzler 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hello,

I (and Heiko from exim upstream) would like to fix #845569 in jessie.
sid/testing already include the fix, it was part of 4.88~RC6.

The issue is a memleak in the GnuTLS code, the patch is a towo line
change. Heiko has provided a very nice writeup in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845569#20

thanks, cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru exim4-4.84.2/debian/changelog exim4-4.84.2/debian/changelog
--- exim4-4.84.2/debian/changelog   2016-12-22 12:17:01.0 +0100
+++ exim4-4.84.2/debian/changelog   2017-01-02 19:42:06.0 +0100
@@ -1,3 +1,11 @@
+exim4 (4.84.2-2+deb8u3) jessie; urgency=medium
+
+  * 94_Fix-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes
+branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!)
+Closes: #845569
+
+ -- Andreas Metzler   Mon, 02 Jan 2017 19:18:05 +0100
+
 exim4 (4.84.2-2+deb8u2) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru exim4-4.84.2/debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch 
exim4-4.84.2/debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch
--- exim4-4.84.2/debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch   
1970-01-01 01:00:00.0 +0100
+++ exim4-4.84.2/debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch   
2016-12-31 17:46:00.0 +0100
@@ -0,0 +1,52 @@
+From 867e8fe25dbfb1e31493488ad695bde55b890397 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" 
+Date: Wed, 23 Nov 2016 12:02:26 +0100
+Subject: [PATCH] Fix memory leak on (Gnu)TLS close.
+
+This leak doesn't show up under normal operation, as the process
+normally dies right after closing the session.
+
+But during callout repetitive TLS sessions are opened and closed from
+the same process (the process receiving the message). Depending on
+the amount of RAM and the number of callouts the same process does,
+this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000
+recipients the memory is exhausted.)
+
+(cherry picked from commit ed62aae3051c9a713d35c8ae516fbd193d1401ba)
+---
+ src/tls-gnu.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/tls-gnu.c b/src/tls-gnu.c
+index 61ed0e81..670f8cbc 100644
+--- a/src/tls-gnu.c
 b/src/tls-gnu.c
+@@ -1729,6 +1729,7 @@ if (rc != GNUTLS_E_SUCCESS)
+ 
+   if (!sigalrm_seen)
+ {
++gnutls_certificate_free_credentials(state->x509_cred);
+ (void)fclose(smtp_out);
+ (void)fclose(smtp_in);
+ }
+@@ -2014,6 +2015,8 @@ if (shutdown)
+   }
+ 
+ gnutls_deinit(state->session);
++gnutls_certificate_free_credentials(state->x509_cred);
++
+ 
+ state->tlsp->active = -1;
+ memcpy(state, _gnutls_state_init, sizeof(exim_gnutls_state_init));
+@@ -2074,6 +2077,8 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
+ receive_smtp_buffered = smtp_buffered;
+ 
+ gnutls_deinit(state->session);
++gnutls_certificate_free_credentials(state->x509_cred);
++
+ state->session = NULL;
+ state->tlsp->active = -1;
+ state->tlsp->bits = 0;
+-- 
+2.11.0
+
diff -Nru exim4-4.84.2/debian/patches/series exim4-4.84.2/debian/patches/series
--- exim4-4.84.2/debian/patches/series  2016-12-22 12:17:01.0 +0100
+++ exim4-4.84.2/debian/patches/series  2016-12-31 17:45:15.0 +0100
@@ -23,3 +23,4 @@
 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch
 92_CVE-2016-1238.diff
 93_CVE-2016-9963-Fix-DKIM-information-leakage.patch
+94_Fix-memory-leak-on-Gnu-TLS-close.patch


signature.asc
Description: PGP signature