Created attachment 671539 [details] Testcase for curl https queries that leak memory. I made a testcase that eats memory with libressl-3.2.2 and not with libressl-3.2.1. Who knows if libressl leaks or curl handles ssl badly..?! Discussion: https://forums.gentoo.org/viewtopic-p-8531092.html#8531092
(In reply to Hanno Zysik (geki) from comment #0) > Created attachment 671539 [details] > Testcase for curl https queries that leak memory. > > I made a testcase that eats memory with libressl-3.2.2 and not with > libressl-3.2.1. Who knows if libressl leaks or curl handles ssl badly..?! > > Discussion: https://forums.gentoo.org/viewtopic-p-8531092.html#8531092 Hi, Hanno. Have you reported this upstream yet?
No, short on time, sadly. Just got around to test and verify on my machine. Should it be reported to libressl or curl or both?
(In reply to Hanno Zysik (geki) from comment #2) > No, short on time, sadly. Just got around to test and verify on my machine. > Should it be reported to libressl or curl or both? Initial review it looks like a libressl issue. So, I would report it there.
Added libressl report to URL. I hope that was the correct libressl issue tracker.
Created attachment 672001 [details] Valgrind report of leaks.
JFYI, if you do not follow uptream report. Result: "We will land fixes shortly and new releases should follow soonish."
Created attachment 674119 [details, diff] Memory leak fixes to upcoming release 3.3.0. Based on the commit: https://github.com/libressl-portable/openbsd/commit/20481f01c9beea48fb93963aeb13c680b3133e68
Clean fixes by upstream; applies to above-mentioned libressl-portable release 3.3.0: https://cvsweb.openbsd.org/src/lib/libcrypto/x509/x509_vfy.c?rev=1.84&content-type=text/x-cvsweb-markup https://cvsweb.openbsd.org/src/lib/libcrypto/x509/x509_verify.c?rev=1.24&content-type=text/x-cvsweb-markup
Can be closed as soon as libressl-3.3.0 lands in repository.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc952dfa39959c18b7729aa314a3f30967281b83 commit fc952dfa39959c18b7729aa314a3f30967281b83 Author: Anthony G. Basile <blueness@gentoo.org> AuthorDate: 2020-11-26 17:18:17 +0000 Commit: Anthony G. Basile <blueness@gentoo.org> CommitDate: 2020-11-26 17:18:17 +0000 dev-libs/libressl: remove 3.2.2, bug #754735 Closes: https://bugs.gentoo.org/754735 Package-Manager: Portage-3.0.9, Repoman-3.0.2 Signed-off-by: Anthony G. Basile <blueness@gentoo.org> dev-libs/libressl/Manifest | 1 - dev-libs/libressl/libressl-3.2.2.ebuild | 64 --------------------------------- 2 files changed, 65 deletions(-)