diff -pruN 2.6.3-1/debian/changelog 2.6.3-2/debian/changelog
--- 2.6.3-1/debian/changelog	2023-04-13 07:19:40.000000000 +0000
+++ 2.6.3-2/debian/changelog	2023-05-20 15:43:32.000000000 +0000
@@ -1,3 +1,11 @@
+openvpn (2.6.3-2) unstable; urgency=medium
+
+  * Cherry-pick two bugfix commits from upstream
+    - Memory leak in dco_get_peer_stats_multi for Linux
+    - dangling pointer passed to pkcs11-helper
+
+ -- Bernhard Schmidt <berni@debian.org>  Sat, 20 May 2023 17:43:32 +0200
+
 openvpn (2.6.3-1) unstable; urgency=medium
 
   * New upstream version 2.6.2
diff -pruN 2.6.3-1/debian/patches/fix-dangling-pointer-in-pkcs11.patch 2.6.3-2/debian/patches/fix-dangling-pointer-in-pkcs11.patch
--- 2.6.3-1/debian/patches/fix-dangling-pointer-in-pkcs11.patch	1970-01-01 00:00:00.000000000 +0000
+++ 2.6.3-2/debian/patches/fix-dangling-pointer-in-pkcs11.patch	2023-05-20 15:43:32.000000000 +0000
@@ -0,0 +1,37 @@
+From 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 Mon Sep 17 00:00:00 2001
+From: Selva Nair <selva.nair@gmail.com>
+Date: Tue, 9 May 2023 13:05:17 -0400
+Subject: [PATCH] Bugfix: dangling pointer passed to pkcs11-helper
+
+Github: Fixes OpenVPN/openvpn#323
+
+Signed-off-by: Selva Nair <selva.nair@gmail.com>
+Acked-by: Gert Doering <gert@greenie.muc.de>
+Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+(cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2)
+---
+ src/openvpn/pkcs11_openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
+index eee86e17b6f..9b0ab39f9cf 100644
+--- a/src/openvpn/pkcs11_openssl.c
++++ b/src/openvpn/pkcs11_openssl.c
+@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
+ {
+     pkcs11h_certificate_t cert = handle;
+     CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */
++    CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
+ 
+     unsigned char buf[EVP_MAX_MD_SIZE];
+     size_t buflen;
+@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
+         }
+         else if (!strcmp(sigalg.padmode, "pss"))
+         {
+-            CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
+             mech.mechanism = CKM_RSA_PKCS_PSS;
+ 
+             if (!set_pss_params(&pss_params, sigalg, cert))
diff -pruN 2.6.3-1/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch 2.6.3-2/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch
--- 2.6.3-1/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch	1970-01-01 00:00:00.000000000 +0000
+++ 2.6.3-2/debian/patches/fix-memleak-in-dco_get_peer_stats_multi.patch	2023-05-20 15:43:32.000000000 +0000
@@ -0,0 +1,33 @@
+From 5e8a571af165c867ccb9c4c9e6334620f42013ac Mon Sep 17 00:00:00 2001
+From: Frank Lichtenheld <frank@lichtenheld.com>
+Date: Mon, 15 May 2023 16:21:16 +0200
+Subject: [PATCH] DCO: fix memory leak in dco_get_peer_stats_multi for Linux
+
+Leaks a small amount of memory every 15s.
+
+Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
+Acked-by: Antonio Quartulli <a@unstable.cc>
+Message-Id: <20230515142116.33135-1-frank@lichtenheld.com>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26659.html
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+(cherry picked from commit 276f7c86d70666bc2ab4e6192ef5f1dcbd6a230f)
+---
+ src/openvpn/dco_linux.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
+index 796e6f25da4..2bfdf980a3a 100644
+--- a/src/openvpn/dco_linux.c
++++ b/src/openvpn/dco_linux.c
+@@ -925,7 +925,10 @@ dco_get_peer_stats_multi(dco_context_t *dco, struct multi_context *m)
+ 
+     nlmsg_hdr(nl_msg)->nlmsg_flags |= NLM_F_DUMP;
+ 
+-    return ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__);
++    int ret = ovpn_nl_msg_send(dco, nl_msg, dco_parse_peer_multi, m, __func__);
++
++    nlmsg_free(nl_msg);
++    return ret;
+ }
+ 
+ static int
diff -pruN 2.6.3-1/debian/patches/series 2.6.3-2/debian/patches/series
--- 2.6.3-1/debian/patches/series	2023-04-13 07:19:40.000000000 +0000
+++ 2.6.3-2/debian/patches/series	2023-05-20 15:43:32.000000000 +0000
@@ -3,3 +3,5 @@ auth-pam_libpam_so_filename.patch
 #debian_nogroup_for_sample_files.patch
 openvpn-pkcs11warn.patch
 systemd.patch
+fix-dangling-pointer-in-pkcs11.patch
+fix-memleak-in-dco_get_peer_stats_multi.patch