Bug#1038824: marked as done (bookworm-pu: package openvpn/2.6.3-1+deb12u1)

Debian Bug Tracking System Sat, 22 Jul 2023 06:30:38 -0700

Your message dated Sat, 22 Jul 2023 13:19:41 +0000
with message-id <e1qncwl-005rpn...@coccia.debian.org>
and subject line Released with 12.1
has caused the Debian Bug report #1038824,
regarding bookworm-pu: package openvpn/2.6.3-1+deb12u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1038824: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038824
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: open...@packages.debian.org
Control: affects -1 + src:openvpn

This -pu cherry-picks two fixes from upstream. One fixing a memory
leak that is noticable on long running servers, and one dangling pointer that
might lead to crashes. Both have been in 2.6.3-2 for about a month now,
migrated to testing flawlessly and are part of the recent upstream stable
release. 

There is nothing else in 2.6.3-2 that is not suitable for bookworm, I have just
changed the version and set the correct branch in gbp.conf

[ Reason ]
Bugfix

[ Impact ]
Memory leak

[ Tests ]
Upstream has an extensive testsuite/CI coverage. Part of it is ran during
build.

[ Risks ]
Isolated fixes that have been vetted upstream and have been part of an upstream
release

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

Bernhard

diff -Nru openvpn-2.6.3/debian/changelog openvpn-2.6.3/debian/changelog
--- openvpn-2.6.3/debian/changelog      2023-04-13 09:19:40.000000000 +0200
+++ openvpn-2.6.3/debian/changelog      2023-06-21 21:41:33.000000000 +0200
@@ -1,3 +1,12 @@
+openvpn (2.6.3-1+deb12u1) bookworm; urgency=medium
+
+  * Cherry-pick two bugfix commits from upstream
+    - Memory leak in dco_get_peer_stats_multi for Linux
+    - dangling pointer passed to pkcs11-helper
+  * d/gbp.conf: set branch to bookworm
+
+ -- Bernhard Schmidt <be...@debian.org>  Wed, 21 Jun 2023 21:41:33 +0200
+
 openvpn (2.6.3-1) unstable; urgency=medium
 
   * New upstream version 2.6.2
diff -Nru openvpn-2.6.3/debian/gbp.conf openvpn-2.6.3/debian/gbp.conf
--- openvpn-2.6.3/debian/gbp.conf       2023-04-13 09:19:40.000000000 +0200
+++ openvpn-2.6.3/debian/gbp.conf       2023-06-21 21:41:33.000000000 +0200
@@ -1,2 +1,3 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = debian/bookworm
diff -Nru openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch 
openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch
--- openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch   
1970-01-01 01:00:00.000000000 +0100
+++ openvpn-2.6.3/debian/patches/fix-dangling-pointer-in-pkcs11.patch   
2023-06-21 21:41:33.000000000 +0200
@@ -0,0 +1,37 @@
+From 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 Mon Sep 17 00:00:00 2001
+From: Selva Nair <selva.n...@gmail.com>
+Date: Tue, 9 May 2023 13:05:17 -0400
+Subject: [PATCH] Bugfix: dangling pointer passed to pkcs11-helper
+
+Github: Fixes OpenVPN/openvpn#323
+
+Signed-off-by: Selva Nair <selva.n...@gmail.com>
+Acked-by: Gert Doering <g...@greenie.muc.de>
+Message-Id: <20230509170517.2637245-1-selva.n...@gmail.com>
+URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html
+Signed-off-by: Gert Doering <g...@greenie.muc.de>
+(cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2)
+---
+ src/openvpn/pkcs11_openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
+index eee86e17b6f..9b0ab39f9cf 100644
+--- a/src/openvpn/pkcs11_openssl.c
++++ b/src/openvpn/pkcs11_openssl.c
+@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
+ {
+     pkcs11h_certificate_t cert = handle;
+     CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */
++    CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
+ 
+     unsigned char buf[EVP_MAX_MD_SIZE];
+     size_t buflen;
+@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
+         }
+         else if (!strcmp(sigalg.padmode, "pss"))
+         {
+-            CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
+             mech.mechanism = CKM_RSA_PKCS_PSS;
+ 
+             if (!set_pss_params(&pss_params, sigalg, cert))
diff -Nru 
openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch 
openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch
--- openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch  
1970-01-01 01:00:00.000000000 +0100
+++ openvpn-2.6.3/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch  
2023-06-21 21:41:33.000000000 +0200
@@ -0,0 +1,33 @@
+From 5e8a571af165c867ccb9c4c9e6334620f42013ac Mon Sep 17 00:00:00 2001
+From: Frank Lichtenheld <fr...@lichtenheld.com>
+Date: Mon, 15 May 2023 16:21:16 +0200
+Subject: [PATCH] DCO: fix memory leak in dco_get_peer_stats_multi for Linux
+
+Leaks a small amount of memory every 15s.
+
+Signed-off-by: Frank Lichtenheld <fr...@lichtenheld.com>
+Acked-by: Antonio Quartulli <a...@unstable.cc>
+Message-Id: <20230515142116.33135-1-fr...@lichtenheld.com>
+URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26659.html
+Signed-off-by: Gert Doering <g...@greenie.muc.de>
+(cherry picked from commit 276f7c86d70666bc2ab4e6192ef5f1dcbd6a230f)
+---
+ src/openvpn/dco_linux.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
+index 796e6f25da4..2bfdf980a3a 100644
+--- a/src/openvpn/dco_linux.c
++++ b/src/openvpn/dco_linux.c
+@@ -925,7 +925,10 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct 
multi_context *m)
+ 
+     nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP;
+ 
+-    return ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__);
++    int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, 
__func__);
++
++    nlmsg_free(nl_msg);
++    return ret;
+ }
+ 
+ static int
diff -Nru openvpn-2.6.3/debian/patches/series 
openvpn-2.6.3/debian/patches/series
--- openvpn-2.6.3/debian/patches/series 2023-04-13 09:19:40.000000000 +0200
+++ openvpn-2.6.3/debian/patches/series 2023-06-21 21:41:33.000000000 +0200
@@ -3,3 +3,5 @@
 #debian_nogroup_for_sample_files.patch
 openvpn-pkcs11warn.patch
 systemd.patch
+fix-dangling-pointer-in-pkcs11.patch
+fix-memleak-in-dco_get_peer_stats_multi.patch

--- End Message ---

--- Begin Message ---
Version: 12.1

The upload requested in this bug has been released as part of 12.1.
--- End Message ---

Bug#1038824: marked as done (bookworm-pu: package openvpn/2.6.3-1+deb12u1)

Reply via email to