On 2018-10-27 18:36:12 [+0200], Christoph Biedl wrote:
> +--- a/ipseckey.c
> ++++ b/ipseckey.c
> +@@ -111,8 +111,11 @@
> + default:
> + strcpy(gw, "??");
> + }
> ++#pragma GCC diagnostic push
> ++#pragma GCC diagnostic ignored "-Wformat-truncation"
> + snprintf(s, 1024, "( %d %d %d %s ... )",
> + rr->precedence, rr->gateway_type, rr->algorithm, gw);
> ++#pragma GCC diagnostic pop
This looks odd. There has to be a better way of dealing with this than
just shutting off the warning so things compile again.
> diff -Nru validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch
> validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch
> --- validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch
> 1970-01-01 01:00:00.000000000 +0100
> +++ validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch
> 2018-10-27 18:13:35.000000000 +0200
> +--- a/dnskey.c
> ++++ b/dnskey.c
> +@@ -154,6 +154,7 @@
> + unsigned int e_bytes;
> + unsigned char *pk;
> + int l;
> ++ BIGNUM *n, *e;
> +
> + rsa = RSA_new();
> + if (!rsa)
> +@@ -174,11 +175,12 @@
> + if (l < e_bytes) /* public key is too short */
> + goto done;
> +
> +- rsa->e = BN_bin2bn(pk, e_bytes, NULL);
> ++ e = BN_bin2bn(pk, e_bytes, NULL);
BN_bin2bn() and EVP_MD_CTX_new() which were introduced as part of this
patch may return NULL. Not a single instance in the patch checks the
return value. This is just sloppy.
> + pk += e_bytes;
> + l -= e_bytes;
> +
> +- rsa->n = BN_bin2bn(pk, l, NULL);
> ++ n = BN_bin2bn(pk, l, NULL);
> ++ RSA_set0_key(rsa, n, e, NULL);
> +
> + pkey = EVP_PKEY_new();
> + if (!pkey)
> +--- a/rrsig.c
> ++++ b/rrsig.c
> +@@ -374,7 +374,7 @@
> + static pthread_mutex_t *lock_cs;
> + static long *lock_count;
> +
> +-static unsigned long pthreads_thread_id(void)
> ++unsigned long pthreads_thread_id(void)
not only there is no need for this hunk IMHO the thread locking used
here is not required for openssl 1.1.0+.
> + {
> + unsigned long ret;
> +
Sebastian
