--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bookworm-pu: package transmission/3.00-2.1+deb12u1
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Sun, 16 Jul 2023 19:29:31 +0200
- Message-id: <ZLQo+7yGJLA6pcCp@ramacher.at>
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: transmission@packages.debian.org
Control: affects -1 + src:transmission
[ Reason ]
transmission in bookworm suffers from a memory leak in bookworm (see
#1015003). This issue was fixed in unstable in the new upstream
releaase.
[ Impact ]
A memory issue remains in a long running daemon.
[ Tests ]
The patch was used in gentoo. Build-time tests pass. As I have no
interest in transmission itself and users reported that the new patch is
supposed to work, I didn't perform any other tests.
[ Risks ]
New patch looks sane enough to load the legacy openssl provider. So I
don't expect any major risks.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The patch from Ubuntu for OpenSSL compatibility is exchanged with the
one from Gentoo.
Cheers
--
Sebastian Ramacher
diff -Nru transmission-3.00/debian/changelog transmission-3.00/debian/changelog
--- transmission-3.00/debian/changelog 2022-05-21 09:22:10.000000000 +0200
+++ transmission-3.00/debian/changelog 2023-07-16 19:09:31.000000000 +0200
@@ -1,3 +1,10 @@
+transmission (3.00-2.1+deb12u1) bookworm; urgency=medium
+
+ * debian/patches/: Replace openssl3 compat patch to fix memory leak.
+ (Closes: #1015003)
+
+ -- Sebastian Ramacher <sramacher@debian.org> Sun, 16 Jul 2023 19:09:31 +0200
+
transmission (3.00-2.1) unstable; urgency=low
[ Steve Langasek ]
diff -Nru transmission-3.00/debian/patches/openssl3-compat.patch transmission-3.00/debian/patches/openssl3-compat.patch
--- transmission-3.00/debian/patches/openssl3-compat.patch 2022-05-21 09:21:15.000000000 +0200
+++ transmission-3.00/debian/patches/openssl3-compat.patch 2023-07-16 19:09:29.000000000 +0200
@@ -1,130 +1,37 @@
-Description: Compatibility with OpenSSL 3
- We rely on RC4 because of the torrent protocol we're implementing, but this
- is no longer available in the default provider.
-Author: Steve Langasek <steve.langasek@ubuntu.com>
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1946215
-Last-Update: 2021-12-13
-Forwarded: no
+From 6ee128b95bacaff20746538dc97c2b8e2b9fcc29 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 15 May 2022 10:54:38 -0400
+Subject: [PATCH] openssl: load "legacy" provider for RC4
-Index: transmission-3.00/libtransmission/crypto-utils-openssl.c
-===================================================================
---- transmission-3.00.orig/libtransmission/crypto-utils-openssl.c
-+++ transmission-3.00/libtransmission/crypto-utils-openssl.c
+---
+ libtransmission/crypto-utils-openssl.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
+index 45fd71913..14d680654 100644
+--- a/libtransmission/crypto-utils-openssl.c
++++ b/libtransmission/crypto-utils-openssl.c
@@ -20,6 +20,9 @@
#include <openssl/rand.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++#if OPENSSL_VERSION_MAJOR >= 3
+#include <openssl/provider.h>
+#endif
#include "transmission.h"
#include "crypto-utils.h"
-@@ -182,46 +185,86 @@
-
- #endif
+@@ -184,6 +187,10 @@ static void openssl_evp_cipher_context_free(EVP_CIPHER_CTX* handle)
-+typedef struct tr_rc4_ctx {
-+ EVP_CIPHER_CTX *cipher_ctx;
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ OSSL_LIB_CTX *lib_ctx;
-+#endif
-+} tr_rc4_ctx;
-+
tr_rc4_ctx_t tr_rc4_new(void)
{
-- EVP_CIPHER_CTX* handle = EVP_CIPHER_CTX_new();
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ OSSL_PROVIDER *legacy_provider = NULL;
-+ OSSL_PROVIDER *default_provider = NULL;
-+#endif
-+ const EVP_CIPHER *cipher;
-
-- if (check_result(EVP_CipherInit_ex(handle, EVP_rc4(), NULL, NULL, NULL, -1)))
-+ tr_rc4_ctx *handle = malloc(sizeof(tr_rc4_ctx));
-+
-+ handle->cipher_ctx = EVP_CIPHER_CTX_new();
-+
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ handle->lib_ctx = OSSL_LIB_CTX_new();
-+ TR_ASSERT(handle->lib_ctx);
-+ legacy_provider = OSSL_PROVIDER_load(handle->lib_ctx, "legacy");
-+ TR_ASSERT(legacy_provider);
-+ default_provider = OSSL_PROVIDER_load(handle->lib_ctx, "default");
-+ TR_ASSERT(default_provider);
-+
-+ cipher = EVP_CIPHER_fetch(handle->lib_ctx, "RC4", NULL);
-+#else
-+ cipher = EVP_rc4();
-+#endif
-+
-+ if (check_result(EVP_CipherInit_ex(handle->cipher_ctx, cipher, NULL, NULL,
-+ NULL, -1)))
- {
- return handle;
- }
-
-- EVP_CIPHER_CTX_free(handle);
-+ EVP_CIPHER_CTX_free(handle->cipher_ctx);
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ OSSL_LIB_CTX_free(handle->lib_ctx);
-+#endif
- return NULL;
- }
-
--void tr_rc4_free(tr_rc4_ctx_t handle)
-+void tr_rc4_free(tr_rc4_ctx_t h)
- {
-- if (handle == NULL)
-+ if (h == NULL)
- {
- return;
- }
-
-- EVP_CIPHER_CTX_free(handle);
-+ tr_rc4_ctx *handle = (tr_rc4_ctx *)h;
-+
-+ EVP_CIPHER_CTX_free(handle->cipher_ctx);
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ OSSL_LIB_CTX_free(handle->lib_ctx);
-+#endif
-+ free(handle);
- }
-
--void tr_rc4_set_key(tr_rc4_ctx_t handle, uint8_t const* key, size_t key_length)
-+void tr_rc4_set_key(tr_rc4_ctx_t h, uint8_t const* key, size_t key_length)
- {
-- TR_ASSERT(handle != NULL);
-+ TR_ASSERT(h != NULL);
- TR_ASSERT(key != NULL);
-
-- if (!check_result(EVP_CIPHER_CTX_set_key_length(handle, key_length)))
-+ tr_rc4_ctx *handle = (tr_rc4_ctx *)h;
-+ if (!check_result(EVP_CIPHER_CTX_set_key_length(handle->cipher_ctx, key_length)))
- {
- return;
- }
-
-- check_result(EVP_CipherInit_ex(handle, NULL, NULL, key, NULL, -1));
-+ check_result(EVP_CipherInit_ex(handle->cipher_ctx, NULL, NULL, key, NULL, -1));
- }
-
--void tr_rc4_process(tr_rc4_ctx_t handle, void const* input, void* output, size_t length)
-+void tr_rc4_process(tr_rc4_ctx_t h, void const* input, void* output, size_t length)
- {
-- TR_ASSERT(handle != NULL);
-+ TR_ASSERT(h != NULL);
-
-+ tr_rc4_ctx *handle = (tr_rc4_ctx *)h;
- if (length == 0)
- {
- return;
-@@ -232,7 +275,7 @@
-
- int output_length;
-
-- check_result(EVP_CipherUpdate(handle, output, &output_length, input, length));
-+ check_result(EVP_CipherUpdate(handle->cipher_ctx, output, &output_length, input, length));
- }
-
- /***
++#if OPENSSL_VERSION_MAJOR >= 3
++ OSSL_PROVIDER_load(NULL, "default");
++ OSSL_PROVIDER_load(NULL, "legacy");
++#endif
+ EVP_CIPHER_CTX* handle = EVP_CIPHER_CTX_new();
+
+ if (check_result(EVP_CipherInit_ex(handle, EVP_rc4(), NULL, NULL, NULL, -1)))
+--
+2.35.1
+
--- End Message ---