From e03551112ef9011253b721cd1fb66a040f9062d8 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Fri, 8 Sep 2017 09:42:47 -0400 Subject: [PATCH] Update to 17.2.0 and backport memory leak fix Signed-off-by: Jeremy Cline --- Provide-a-destructor-for-the-CRL-object.patch | 49 +++++++++++++++++++ pyOpenSSL.spec | 13 +++-- 2 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 Provide-a-destructor-for-the-CRL-object.patch diff --git a/Provide-a-destructor-for-the-CRL-object.patch b/Provide-a-destructor-for-the-CRL-object.patch new file mode 100644 index 0000000..83bcfb9 --- /dev/null +++ b/Provide-a-destructor-for-the-CRL-object.patch @@ -0,0 +1,49 @@ +From 7b5cecf595cd1f4d0fb5b73e97f5fe2e00c4e255 Mon Sep 17 00:00:00 2001 +From: Jeremy Cline +Date: Thu, 7 Sep 2017 20:11:08 -0400 +Subject: [PATCH] Provide a destructor for the CRL object (#690) + +This frees the memory allocated for the CRL object. Prior to this +commit, the following script would leak memory: + +``` +from OpenSSL.crypto import load_crl, FILETYPE_PEM + +crl = """ +-----BEGIN X509 CRL----- +MIIBfDCB5jANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT +Ak5DMRAwDgYDVQQHEwdSYWxlaWdoMRcwFQYDVQQKEw5GZWRvcmEgUHJvamVjdDEP +MA0GA1UECxMGZmVkbXNnMQ8wDQYDVQQDEwZmZWRtc2cxDzANBgNVBCkTBmZlZG1z +ZzEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcXDTE3MDYx +NTIxMDMwOFoXDTM3MDYxMDIxMDMwOFowFDASAgECFw0xMjA3MTUyMTE4NTJaMA0G +CSqGSIb3DQEBCwUAA4GBAGOBuDxmRFNcYP71LBsCOfFzKij00qpxM01d5/G6+0kM +WJT8oTajMQoY6oISvQDq6TkwEoKc1yl6Ld1/XTtCNOhbybzRBAVf/Lxi/nRPP1JO +qOdZs5jMLLQq1mRJz+MgKHHTDlnvpbjHMuyTss1RblFDr4iZPHMcBNKPGIj3pmpA +-----END X509 CRL----- +""" + +for _ in range(0, 1000000): + load_crl(FILETYPE_PEM, crl) +``` + +Signed-off-by: Jeremy Cline +--- + src/OpenSSL/crypto.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py +index 52fcdaf..85c60b7 100644 +--- a/src/OpenSSL/crypto.py ++++ b/src/OpenSSL/crypto.py +@@ -2758,7 +2758,7 @@ def load_crl(type, buffer): + _raise_current_error() + + result = CRL.__new__(CRL) +- result._crl = crl ++ result._crl = _ffi.gc(crl, _lib.X509_CRL_free) + return result + + +-- +2.13.5 + diff --git a/pyOpenSSL.spec b/pyOpenSSL.spec index 5827887..be262b4 100644 --- a/pyOpenSSL.spec +++ b/pyOpenSSL.spec @@ -4,10 +4,13 @@ Summary: Python wrapper module around the OpenSSL library Name: pyOpenSSL -Version: 17.1.0 -Release: 2%{?dist} +Version: 17.2.0 +Release: 1%{?dist} Source0: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz Source1: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz.asc +# A backport of https://github.com/pyca/pyopenssl/pull/690 which will be included +# in the next pyOpenSSL release (17.3.0 or later). +Patch0: Provide-a-destructor-for-the-CRL-object.patch BuildArch: noarch License: ASL 2.0 @@ -68,7 +71,7 @@ BuildArch: noarch Documentation for pyOpenSSL %prep -%setup -q -n pyOpenSSL-%{version} +%autosetup -p1 -n pyOpenSSL-%{version} %build %py2_build @@ -106,6 +109,10 @@ rm doc/_build/html/.buildinfo %doc CHANGELOG.rst examples doc/_build/html %changelog +* Fri Sep 08 2017 Jeremy Cline - 17.2.0-1 +- New upstream release 17.2.0 +- Backport a memory leak fix with CRLs (upstream PR #690). + * Thu Jul 27 2017 Fedora Release Engineering - 17.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild