Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: transmiss...@packages.debian.org Control: affects -1 + src:transmission
[ Reason ] transmission in bookworm suffers from a memory leak in bookworm (see #1015003). This issue was fixed in unstable in the new upstream releaase. [ Impact ] A memory issue remains in a long running daemon. [ Tests ] The patch was used in gentoo. Build-time tests pass. As I have no interest in transmission itself and users reported that the new patch is supposed to work, I didn't perform any other tests. [ Risks ] New patch looks sane enough to load the legacy openssl provider. So I don't expect any major risks. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] The patch from Ubuntu for OpenSSL compatibility is exchanged with the one from Gentoo. Cheers -- Sebastian Ramacher
diff -Nru transmission-3.00/debian/changelog transmission-3.00/debian/changelog --- transmission-3.00/debian/changelog 2022-05-21 09:22:10.000000000 +0200 +++ transmission-3.00/debian/changelog 2023-07-16 19:09:31.000000000 +0200 @@ -1,3 +1,10 @@ +transmission (3.00-2.1+deb12u1) bookworm; urgency=medium + + * debian/patches/: Replace openssl3 compat patch to fix memory leak. + (Closes: #1015003) + + -- Sebastian Ramacher <sramac...@debian.org> Sun, 16 Jul 2023 19:09:31 +0200 + transmission (3.00-2.1) unstable; urgency=low [ Steve Langasek ] diff -Nru transmission-3.00/debian/patches/openssl3-compat.patch transmission-3.00/debian/patches/openssl3-compat.patch --- transmission-3.00/debian/patches/openssl3-compat.patch 2022-05-21 09:21:15.000000000 +0200 +++ transmission-3.00/debian/patches/openssl3-compat.patch 2023-07-16 19:09:29.000000000 +0200 @@ -1,130 +1,37 @@ -Description: Compatibility with OpenSSL 3 - We rely on RC4 because of the torrent protocol we're implementing, but this - is no longer available in the default provider. -Author: Steve Langasek <steve.langa...@ubuntu.com> -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1946215 -Last-Update: 2021-12-13 -Forwarded: no +From 6ee128b95bacaff20746538dc97c2b8e2b9fcc29 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <flop...@gentoo.org> +Date: Sun, 15 May 2022 10:54:38 -0400 +Subject: [PATCH] openssl: load "legacy" provider for RC4 -Index: transmission-3.00/libtransmission/crypto-utils-openssl.c -=================================================================== ---- transmission-3.00.orig/libtransmission/crypto-utils-openssl.c -+++ transmission-3.00/libtransmission/crypto-utils-openssl.c +--- + libtransmission/crypto-utils-openssl.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c +index 45fd71913..14d680654 100644 +--- a/libtransmission/crypto-utils-openssl.c ++++ b/libtransmission/crypto-utils-openssl.c @@ -20,6 +20,9 @@ #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/x509.h> -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++#if OPENSSL_VERSION_MAJOR >= 3 +#include <openssl/provider.h> +#endif #include "transmission.h" #include "crypto-utils.h" -@@ -182,46 +185,86 @@ - - #endif +@@ -184,6 +187,10 @@ static void openssl_evp_cipher_context_free(EVP_CIPHER_CTX* handle) -+typedef struct tr_rc4_ctx { -+ EVP_CIPHER_CTX *cipher_ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ OSSL_LIB_CTX *lib_ctx; -+#endif -+} tr_rc4_ctx; -+ tr_rc4_ctx_t tr_rc4_new(void) { -- EVP_CIPHER_CTX* handle = EVP_CIPHER_CTX_new(); -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ OSSL_PROVIDER *legacy_provider = NULL; -+ OSSL_PROVIDER *default_provider = NULL; -+#endif -+ const EVP_CIPHER *cipher; - -- if (check_result(EVP_CipherInit_ex(handle, EVP_rc4(), NULL, NULL, NULL, -1))) -+ tr_rc4_ctx *handle = malloc(sizeof(tr_rc4_ctx)); -+ -+ handle->cipher_ctx = EVP_CIPHER_CTX_new(); -+ -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ handle->lib_ctx = OSSL_LIB_CTX_new(); -+ TR_ASSERT(handle->lib_ctx); -+ legacy_provider = OSSL_PROVIDER_load(handle->lib_ctx, "legacy"); -+ TR_ASSERT(legacy_provider); -+ default_provider = OSSL_PROVIDER_load(handle->lib_ctx, "default"); -+ TR_ASSERT(default_provider); -+ -+ cipher = EVP_CIPHER_fetch(handle->lib_ctx, "RC4", NULL); -+#else -+ cipher = EVP_rc4(); -+#endif -+ -+ if (check_result(EVP_CipherInit_ex(handle->cipher_ctx, cipher, NULL, NULL, -+ NULL, -1))) - { - return handle; - } - -- EVP_CIPHER_CTX_free(handle); -+ EVP_CIPHER_CTX_free(handle->cipher_ctx); -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ OSSL_LIB_CTX_free(handle->lib_ctx); -+#endif - return NULL; - } - --void tr_rc4_free(tr_rc4_ctx_t handle) -+void tr_rc4_free(tr_rc4_ctx_t h) - { -- if (handle == NULL) -+ if (h == NULL) - { - return; - } - -- EVP_CIPHER_CTX_free(handle); -+ tr_rc4_ctx *handle = (tr_rc4_ctx *)h; -+ -+ EVP_CIPHER_CTX_free(handle->cipher_ctx); -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ OSSL_LIB_CTX_free(handle->lib_ctx); -+#endif -+ free(handle); - } - --void tr_rc4_set_key(tr_rc4_ctx_t handle, uint8_t const* key, size_t key_length) -+void tr_rc4_set_key(tr_rc4_ctx_t h, uint8_t const* key, size_t key_length) - { -- TR_ASSERT(handle != NULL); -+ TR_ASSERT(h != NULL); - TR_ASSERT(key != NULL); - -- if (!check_result(EVP_CIPHER_CTX_set_key_length(handle, key_length))) -+ tr_rc4_ctx *handle = (tr_rc4_ctx *)h; -+ if (!check_result(EVP_CIPHER_CTX_set_key_length(handle->cipher_ctx, key_length))) - { - return; - } - -- check_result(EVP_CipherInit_ex(handle, NULL, NULL, key, NULL, -1)); -+ check_result(EVP_CipherInit_ex(handle->cipher_ctx, NULL, NULL, key, NULL, -1)); - } - --void tr_rc4_process(tr_rc4_ctx_t handle, void const* input, void* output, size_t length) -+void tr_rc4_process(tr_rc4_ctx_t h, void const* input, void* output, size_t length) - { -- TR_ASSERT(handle != NULL); -+ TR_ASSERT(h != NULL); - -+ tr_rc4_ctx *handle = (tr_rc4_ctx *)h; - if (length == 0) - { - return; -@@ -232,7 +275,7 @@ - - int output_length; - -- check_result(EVP_CipherUpdate(handle, output, &output_length, input, length)); -+ check_result(EVP_CipherUpdate(handle->cipher_ctx, output, &output_length, input, length)); - } - - /*** ++#if OPENSSL_VERSION_MAJOR >= 3 ++ OSSL_PROVIDER_load(NULL, "default"); ++ OSSL_PROVIDER_load(NULL, "legacy"); ++#endif + EVP_CIPHER_CTX* handle = EVP_CIPHER_CTX_new(); + + if (check_result(EVP_CipherInit_ex(handle, EVP_rc4(), NULL, NULL, NULL, -1))) +-- +2.35.1 +
