Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-CC: greaterf...@protonmail.com
Please unblock trojan 1.10.0-3. This upload fixed a memory usage bug around using boost::asio::async_write. The patch is provided by upstream in upstream stable branch: https://github.com/trojan-gfw/trojan/commits/1.10.0-stable The new upload builds successfully on all release architectures. The full debdiff is pasted here. -- Regards, Boyuan Yang diff -Nru trojan-1.10.0/debian/changelog trojan-1.10.0/debian/changelog --- trojan-1.10.0/debian/changelog 2019-03-17 02:01:42.000000000 -0400 +++ trojan-1.10.0/debian/changelog 2019-04-23 12:55:30.000000000 -0400 @@ -1,3 +1,11 @@ +trojan (1.10.0-3) unstable; urgency=high + + * Fix a serious memory bug: boost::asio::async_write doesn't copy the data in + the buffer, so the underlying data have to remain available until the + callback is called. + + -- GreaterFire <greaterf...@protonmail.com> Tue, 23 Apr 2019 16:55:30 +0000 + trojan (1.10.0-2) unstable; urgency=high * Fix a file descriptor leak when the remote endpoint closes the TCP diff -Nru trojan-1.10.0/debian/copyright trojan-1.10.0/debian/copyright --- trojan-1.10.0/debian/copyright 2019-03-17 02:01:42.000000000 -0400 +++ trojan-1.10.0/debian/copyright 2019-04-23 12:55:30.000000000 -0400 @@ -3,7 +3,7 @@ Source: https://github.com/trojan-gfw/trojan Files: * -Copyright: Copyright 2018 GreaterFire <greaterf...@protonmail.com> +Copyright: Copyright 2017-2019 GreaterFire <greaterf...@protonmail.com> License: GPL-3+ with OpenSSL exception This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public diff -Nru trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch --- trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch 1969-12-31 19:00:00.000000000 -0500 +++ trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch 2019-04-23 12:55:30.000000000 -0400 @@ -0,0 +1,107 @@ +From: GreaterFire <32649575+greaterf...@users.noreply.github.com> +Date: Sun, 21 Apr 2019 16:03:59 +0000 +Subject: [PATCH] fix boost async_write buffer ownership bug + +boost::asio::async_write doesn't copy the data in the buffer, so the +underlying data have to remain available until the callback is called +--- + src/clientsession.cpp | 9 ++++++--- + src/forwardsession.cpp | 6 ++++-- + src/serversession.cpp | 9 ++++++--- + 3 files changed, 16 insertions(+), 8 deletions(-) + +diff --git a/src/clientsession.cpp b/src/clientsession.cpp +index 7aedc84..001f7c4 100644 +--- a/src/clientsession.cpp ++++ b/src/clientsession.cpp +@@ -70,7 +70,8 @@ void ClientSession::in_async_read() { + + void ClientSession::in_async_write(const string &data) { + auto self = shared_from_this(); +- boost::asio::async_write(in_socket, boost::asio::buffer(data), [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ boost::asio::async_write(in_socket, boost::asio::buffer(*data_copy), [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +@@ -92,7 +93,8 @@ void ClientSession::out_async_read() { + + void ClientSession::out_async_write(const string &data) { + auto self = shared_from_this(); +- boost::asio::async_write(out_socket, boost::asio::buffer(data), [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ boost::asio::async_write(out_socket, boost::asio::buffer(*data_copy), [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +@@ -114,7 +116,8 @@ void ClientSession::udp_async_read() { + + void ClientSession::udp_async_write(const string &data, const udp::endpoint &endpoint) { + auto self = shared_from_this(); +- udp_socket.async_send_to(boost::asio::buffer(data), endpoint, [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ udp_socket.async_send_to(boost::asio::buffer(*data_copy), endpoint, [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +diff --git a/src/forwardsession.cpp b/src/forwardsession.cpp +index acf9918..76da6fd 100644 +--- a/src/forwardsession.cpp ++++ b/src/forwardsession.cpp +@@ -133,7 +133,8 @@ void ForwardSession::in_async_read() { + + void ForwardSession::in_async_write(const string &data) { + auto self = shared_from_this(); +- boost::asio::async_write(in_socket, boost::asio::buffer(data), [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ boost::asio::async_write(in_socket, boost::asio::buffer(*data_copy), [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +@@ -155,7 +156,8 @@ void ForwardSession::out_async_read() { + + void ForwardSession::out_async_write(const string &data) { + auto self = shared_from_this(); +- boost::asio::async_write(out_socket, boost::asio::buffer(data), [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ boost::asio::async_write(out_socket, boost::asio::buffer(*data_copy), [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +diff --git a/src/serversession.cpp b/src/serversession.cpp +index 6d70efb..268dd29 100644 +--- a/src/serversession.cpp ++++ b/src/serversession.cpp +@@ -76,7 +76,8 @@ void ServerSession::in_async_read() { + + void ServerSession::in_async_write(const string &data) { + auto self = shared_from_this(); +- boost::asio::async_write(in_socket, boost::asio::buffer(data), [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ boost::asio::async_write(in_socket, boost::asio::buffer(*data_copy), [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +@@ -98,7 +99,8 @@ void ServerSession::out_async_read() { + + void ServerSession::out_async_write(const string &data) { + auto self = shared_from_this(); +- boost::asio::async_write(out_socket, boost::asio::buffer(data), [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ boost::asio::async_write(out_socket, boost::asio::buffer(*data_copy), [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +@@ -120,7 +122,8 @@ void ServerSession::udp_async_read() { + + void ServerSession::udp_async_write(const string &data, const udp::endpoint &endpoint) { + auto self = shared_from_this(); +- udp_socket.async_send_to(boost::asio::buffer(data), endpoint, [this, self](const boost::system::error_code error, size_t) { ++ auto data_copy = make_shared<string>(data); ++ udp_socket.async_send_to(boost::asio::buffer(*data_copy), endpoint, [this, self, data_copy](const boost::system::error_code error, size_t) { + if (error) { + destroy(); + return; +-- +2.21.0 + diff -Nru trojan-1.10.0/debian/patches/series trojan-1.10.0/debian/patches/series --- trojan-1.10.0/debian/patches/series 2019-03-17 02:01:42.000000000 -0400 +++ trojan-1.10.0/debian/patches/series 2019-04-23 12:55:30.000000000 -0400 @@ -1 +1,2 @@ 0001-fix-resource-leak.patch +0002-fix-boost-async_write-buffer-ownership-bug.patch
