Bug#927880: unblock: trojan/1.10.0-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-CC: GreaterFire@protonmail.com
Please unblock trojan 1.10.0-3. This upload fixed a memory usage bug
around using boost::asio::async_write. The patch is provided by
upstream in upstream stable branch:
https://github.com/trojan-gfw/trojan/commits/1.10.0-stable
The new upload builds successfully on all release architectures.
The full debdiff is pasted here.
--
Regards,
Boyuan Yang
diff -Nru trojan-1.10.0/debian/changelog trojan-1.10.0/debian/changelog
--- trojan-1.10.0/debian/changelog 2019-03-17 02:01:42.000000000 -0400
+++ trojan-1.10.0/debian/changelog 2019-04-23 12:55:30.000000000 -0400
@@ -1,3 +1,11 @@
+trojan (1.10.0-3) unstable; urgency=high
+
+ * Fix a serious memory bug: boost::asio::async_write doesn't copy the data in
+ the buffer, so the underlying data have to remain available until the
+ callback is called.
+
+ -- GreaterFire <GreaterFire@protonmail.com> Tue, 23 Apr 2019 16:55:30 +0000
+
trojan (1.10.0-2) unstable; urgency=high
* Fix a file descriptor leak when the remote endpoint closes the TCP
diff -Nru trojan-1.10.0/debian/copyright trojan-1.10.0/debian/copyright
--- trojan-1.10.0/debian/copyright 2019-03-17 02:01:42.000000000 -0400
+++ trojan-1.10.0/debian/copyright 2019-04-23 12:55:30.000000000 -0400
@@ -3,7 +3,7 @@
Source: https://github.com/trojan-gfw/trojan
Files: *
-Copyright: Copyright 2018 GreaterFire <GreaterFire@protonmail.com>
+Copyright: Copyright 2017-2019 GreaterFire <GreaterFire@protonmail.com>
License: GPL-3+ with OpenSSL exception
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General Public
diff -Nru trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch
trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch
--- trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch
1969-12-31 19:00:00.000000000 -0500
+++ trojan-1.10.0/debian/patches/0002-fix-boost-async_write-buffer-ownership-bug.patch
2019-04-23 12:55:30.000000000 -0400
@@ -0,0 +1,107 @@
+From: GreaterFire <32649575+GreaterFire@users.noreply.github.com>
+Date: Sun, 21 Apr 2019 16:03:59 +0000
+Subject: [PATCH] fix boost async_write buffer ownership bug
+
+boost::asio::async_write doesn't copy the data in the buffer, so the
+underlying data have to remain available until the callback is called
+---
+ src/clientsession.cpp | 9 ++++++---
+ src/forwardsession.cpp | 6 ++++--
+ src/serversession.cpp | 9 ++++++---
+ 3 files changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/src/clientsession.cpp b/src/clientsession.cpp
+index 7aedc84..001f7c4 100644
+--- a/src/clientsession.cpp
++++ b/src/clientsession.cpp
+@@ -70,7 +70,8 @@ void ClientSession::in_async_read() {
+
+ void ClientSession::in_async_write(const string &data) {
+ auto self = shared_from_this();
+- boost::asio::async_write(in_socket, boost::asio::buffer(data),
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ boost::asio::async_write(in_socket,
boost::asio::buffer(*data_copy), [this, self, data_copy](const
boost::system::error_code error, size_t) {
+ if (error) {
+ destroy();
+ return;
+@@ -92,7 +93,8 @@ void ClientSession::out_async_read() {
+
+ void ClientSession::out_async_write(const string &data) {
+ auto self = shared_from_this();
+- boost::asio::async_write(out_socket, boost::asio::buffer(data),
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ boost::asio::async_write(out_socket,
boost::asio::buffer(*data_copy), [this, self, data_copy](const
boost::system::error_code error, size_t) {
+ if (error) {
+ destroy();
+ return;
+@@ -114,7 +116,8 @@ void ClientSession::udp_async_read() {
+
+ void ClientSession::udp_async_write(const string &data, const
udp::endpoint &endpoint) {
+ auto self = shared_from_this();
+- udp_socket.async_send_to(boost::asio::buffer(data), endpoint,
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ udp_socket.async_send_to(boost::asio::buffer(*data_copy),
endpoint, [this, self, data_copy](const boost::system::error_code
error, size_t) {
+ if (error) {
+ destroy();
+ return;
+diff --git a/src/forwardsession.cpp b/src/forwardsession.cpp
+index acf9918..76da6fd 100644
+--- a/src/forwardsession.cpp
++++ b/src/forwardsession.cpp
+@@ -133,7 +133,8 @@ void ForwardSession::in_async_read() {
+
+ void ForwardSession::in_async_write(const string &data) {
+ auto self = shared_from_this();
+- boost::asio::async_write(in_socket, boost::asio::buffer(data),
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ boost::asio::async_write(in_socket,
boost::asio::buffer(*data_copy), [this, self, data_copy](const
boost::system::error_code error, size_t) {
+ if (error) {
+ destroy();
+ return;
+@@ -155,7 +156,8 @@ void ForwardSession::out_async_read() {
+
+ void ForwardSession::out_async_write(const string &data) {
+ auto self = shared_from_this();
+- boost::asio::async_write(out_socket, boost::asio::buffer(data),
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ boost::asio::async_write(out_socket,
boost::asio::buffer(*data_copy), [this, self, data_copy](const
boost::system::error_code error, size_t) {
+ if (error) {
+ destroy();
+ return;
+diff --git a/src/serversession.cpp b/src/serversession.cpp
+index 6d70efb..268dd29 100644
+--- a/src/serversession.cpp
++++ b/src/serversession.cpp
+@@ -76,7 +76,8 @@ void ServerSession::in_async_read() {
+
+ void ServerSession::in_async_write(const string &data) {
+ auto self = shared_from_this();
+- boost::asio::async_write(in_socket, boost::asio::buffer(data),
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ boost::asio::async_write(in_socket,
boost::asio::buffer(*data_copy), [this, self, data_copy](const
boost::system::error_code error, size_t) {
+ if (error) {
+ destroy();
+ return;
+@@ -98,7 +99,8 @@ void ServerSession::out_async_read() {
+
+ void ServerSession::out_async_write(const string &data) {
+ auto self = shared_from_this();
+- boost::asio::async_write(out_socket, boost::asio::buffer(data),
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ boost::asio::async_write(out_socket,
boost::asio::buffer(*data_copy), [this, self, data_copy](const
boost::system::error_code error, size_t) {
+ if (error) {
+ destroy();
+ return;
+@@ -120,7 +122,8 @@ void ServerSession::udp_async_read() {
+
+ void ServerSession::udp_async_write(const string &data, const
udp::endpoint &endpoint) {
+ auto self = shared_from_this();
+- udp_socket.async_send_to(boost::asio::buffer(data), endpoint,
[this, self](const boost::system::error_code error, size_t) {
++ auto data_copy = make_shared<string>(data);
++ udp_socket.async_send_to(boost::asio::buffer(*data_copy),
endpoint, [this, self, data_copy](const boost::system::error_code
error, size_t) {
+ if (error) {
+ destroy();
+ return;
+--
+2.21.0
+
diff -Nru trojan-1.10.0/debian/patches/series
trojan-1.10.0/debian/patches/series
--- trojan-1.10.0/debian/patches/series 2019-03-17 02:01:42.000000000 -0400
+++ trojan-1.10.0/debian/patches/series 2019-04-23 12:55:30.000000000 -0400
@@ -1 +1,2 @@
0001-fix-resource-leak.patch
+0002-fix-boost-async_write-buffer-ownership-bug.patch
Reply to: