tags 859784 pending tags 897882 pending user debian-rele...@lists.debian.org usertags 859784 + bsp-2018-10-de-karlsruhe usertags 897882 + bsp-2018-10-de-karlsruhe thanks
Dear maintainer, find attached a debdiff to fix both serious bugs in validns. Also I've prepared an NMU for validns (versioned as 0.8+git20160720-3.1) and uploaded it to DELAYED/5. Please feel free to tell me if I should delay it longer. Regards, Christoph
diff -Nru validns-0.8+git20160720/debian/changelog validns-0.8+git20160720/debian/changelog --- validns-0.8+git20160720/debian/changelog 2016-12-14 16:01:55.000000000 +0100 +++ validns-0.8+git20160720/debian/changelog 2018-10-27 18:14:01.000000000 +0200 @@ -1,3 +1,11 @@ +validns (0.8+git20160720-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Build against openssl 1.1. Closes: #859784 + * Fix build error with GCC-8. Closes: #897882 + + -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Sat, 27 Oct 2018 18:14:01 +0200 + validns (0.8+git20160720-3) unstable; urgency=medium * debian/copyright Add License: statement. diff -Nru validns-0.8+git20160720/debian/control validns-0.8+git20160720/debian/control --- validns-0.8+git20160720/debian/control 2016-12-14 16:01:55.000000000 +0100 +++ validns-0.8+git20160720/debian/control 2018-10-27 18:09:17.000000000 +0200 @@ -3,7 +3,7 @@ Priority: extra Maintainer: Casper Gielen <casper-ali...@gielen.name> Uploaders: Joost van Baal-Ilić <joos...@debian.org> -Build-Depends: debhelper (>= 9), libssl1.0-dev, libjudy-dev, libtest-command-simple-perl, dpkg-dev (>= 1.16.1~) +Build-Depends: debhelper (>= 9), libssl-dev, libjudy-dev, libtest-command-simple-perl, dpkg-dev (>= 1.16.1~) Standards-Version: 3.9.8 Homepage: http://www.validns.net/ Vcs-Git: https://anonscm.debian.org/git/collab-maint/validns.git diff -Nru validns-0.8+git20160720/debian/patches/fix-ftbfs-gcc8.patch validns-0.8+git20160720/debian/patches/fix-ftbfs-gcc8.patch --- validns-0.8+git20160720/debian/patches/fix-ftbfs-gcc8.patch 1970-01-01 01:00:00.000000000 +0100 +++ validns-0.8+git20160720/debian/patches/fix-ftbfs-gcc8.patch 2018-10-27 18:13:35.000000000 +0200 @@ -0,0 +1,19 @@ +Subject: Fix build error with GCC-8 +Author: Christoph Biedl <debian.a...@manchmal.in-ulm.de> +Date: 2018-10-27 +Bug-Debian: https://bugs.debian.org/897882 + +--- a/ipseckey.c ++++ b/ipseckey.c +@@ -111,8 +111,11 @@ + default: + strcpy(gw, "??"); + } ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wformat-truncation" + snprintf(s, 1024, "( %d %d %d %s ... )", + rr->precedence, rr->gateway_type, rr->algorithm, gw); ++#pragma GCC diagnostic pop + return quickstrdup_temp(s); + } + diff -Nru validns-0.8+git20160720/debian/patches/series validns-0.8+git20160720/debian/patches/series --- validns-0.8+git20160720/debian/patches/series 2016-12-14 16:01:55.000000000 +0100 +++ validns-0.8+git20160720/debian/patches/series 2018-10-27 18:13:35.000000000 +0200 @@ -1,3 +1,5 @@ fix-makefile-clean.patch fix-dont-overwrite-cflags.patch ignoreQuilt.patch +use-openssl-1.1.patch +fix-ftbfs-gcc8.patch diff -Nru validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch --- validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch 1970-01-01 01:00:00.000000000 +0100 +++ validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch 2018-10-27 18:13:35.000000000 +0200 @@ -0,0 +1,184 @@ +Subject: Build against openssl 1.1. +Author: Chris <solo-debianb...@goeswhere.com> +Date: 2018-10-27 +Bug-Debian: https://bugs.debian.org/859784 + +--- a/dnskey.c ++++ b/dnskey.c +@@ -154,6 +154,7 @@ + unsigned int e_bytes; + unsigned char *pk; + int l; ++ BIGNUM *n, *e; + + rsa = RSA_new(); + if (!rsa) +@@ -174,11 +175,12 @@ + if (l < e_bytes) /* public key is too short */ + goto done; + +- rsa->e = BN_bin2bn(pk, e_bytes, NULL); ++ e = BN_bin2bn(pk, e_bytes, NULL); + pk += e_bytes; + l -= e_bytes; + +- rsa->n = BN_bin2bn(pk, l, NULL); ++ n = BN_bin2bn(pk, l, NULL); ++ RSA_set0_key(rsa, n, e, NULL); + + pkey = EVP_PKEY_new(); + if (!pkey) +--- a/nsec3checks.c ++++ b/nsec3checks.c +@@ -28,7 +28,7 @@ + static struct binary_data name2hash(char *name, struct rr *param) + { + struct rr_nsec3param *p = (struct rr_nsec3param *)param; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + unsigned char md0[EVP_MAX_MD_SIZE]; + unsigned char md1[EVP_MAX_MD_SIZE]; + unsigned char *md[2]; +@@ -45,22 +45,23 @@ + + /* XXX Maybe use Init_ex and Final_ex for speed? */ + +- EVP_MD_CTX_init(&ctx); +- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) ++ ctx = EVP_MD_CTX_new(); ++ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) + return r; +- digest_size = EVP_MD_CTX_size(&ctx); +- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); +- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); +- EVP_DigestFinal(&ctx, md[mdi], NULL); ++ digest_size = EVP_MD_CTX_size(ctx); ++ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length); ++ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); ++ EVP_DigestFinal(ctx, md[mdi], NULL); + + for (i = 0; i < p->iterations; i++) { +- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) ++ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) + return r; +- EVP_DigestUpdate(&ctx, md[mdi], digest_size); ++ EVP_DigestUpdate(ctx, md[mdi], digest_size); + mdi = (mdi + 1) % 2; +- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); +- EVP_DigestFinal(&ctx, md[mdi], NULL); ++ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); ++ EVP_DigestFinal(ctx, md[mdi], NULL); + } ++ EVP_MD_CTX_free(ctx); + + r.length = digest_size; + r.data = getmem(digest_size); +--- a/rrsig.c ++++ b/rrsig.c +@@ -26,7 +26,7 @@ + struct verification_data + { + struct verification_data *next; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + struct rr_dnskey *key; + struct rr_rrsig *rr; + int ok; +@@ -180,7 +180,7 @@ + if (d) { + int r; + d->next = NULL; +- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); ++ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); + if (r == 1) { + d->ok = 1; + } else { +@@ -232,7 +232,7 @@ + } else { + int r; + G.stats.signatures_verified++; +- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); ++ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); + if (r == 1) { + d->ok = 1; + } else { +@@ -250,21 +250,21 @@ + struct rr *signed_rr; + int i; + +- EVP_MD_CTX_init(&d->ctx); ++ d->ctx = EVP_MD_CTX_new(); + switch (d->rr->algorithm) { + case ALG_DSA: + case ALG_RSASHA1: + case ALG_DSA_NSEC3_SHA1: + case ALG_RSASHA1_NSEC3_SHA1: +- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1) + return 0; + break; + case ALG_RSASHA256: +- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1) + return 0; + break; + case ALG_RSASHA512: +- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) ++ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1) + return 0; + break; + default: +@@ -274,7 +274,7 @@ + chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); + if (chunk.length < 0) + return 0; +- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); ++ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); + + set = getmem_temp(sizeof(*set) * signed_set->count); + +@@ -294,12 +294,12 @@ + chunk = name2wire_name(signed_set->named_rr->name); + if (chunk.length < 0) + return 0; +- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); +- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); +- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); +- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); +- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); +- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); ++ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); ++ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2); ++ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2); ++ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4); ++ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2); ++ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length); + } + + schedule_verification(d); +@@ -374,7 +374,7 @@ + static pthread_mutex_t *lock_cs; + static long *lock_count; + +-static unsigned long pthreads_thread_id(void) ++unsigned long pthreads_thread_id(void) + { + unsigned long ret; + +@@ -382,7 +382,7 @@ + return(ret); + } + +-static void pthreads_locking_callback(int mode, int type, char *file, int line) ++void pthreads_locking_callback(int mode, int type, char *file, int line) + { + if (mode & CRYPTO_LOCK) { + pthread_mutex_lock(&(lock_cs[type])); +@@ -446,6 +446,7 @@ + if (k->to_verify[i].openssl_error != 0) + e = k->to_verify[i].openssl_error; + } ++ EVP_MD_CTX_free(k->to_verify[i].ctx); + } + if (!ok) { + struct named_rr *named_rr;
signature.asc
Description: PGP signature