Hi Erik, Both commit 02940f5 and commit 042eaf5 appear to compile correctly when applied to both 2.1.12 and 2.1.14. Note however that with commit 02940f5, if patching sources from a release tar ball, you will need to exclude the testing/ directory when applying the patch as the testing/ directory is not included in the release tar ball.
I have not tested this further than doing a configure, make and make install in a Docker Ubuntu 24.0.2 container based on the instructions for building and installing OpenDNSSEC described at https://opendnssec.readthedocs.io/en/latest/quickstart/. We hope to make a release in the coming months though I cannot say exactly when that might be. Ximon > Op 8 mei 2025, om 08:52 heeft Erik P. Ostlyngen via Opendnssec-user > <opendnssec-user@lists.opendnssec.org> het volgende geschreven: > > Hi Ximon, > > The fix that you mention seems to be the commit 02940f5 in the > development branch. Would it be safe for us to apply this commit as a > patch to the released version 2.1.12 of opendnssec (which we are > using) or to version 2.1.14? The patch seems to apply well syntactically. > > Also, I see that Willem Toorop has committed a related fix 042eaf5. > Would it be safe to add this patch also to the above mentioned versions? > > Regards, > Erik Østlyngen > Norid > > > On 03.05.2025 20:55, Ximon Eighteen via Opendnssec-user wrote: >> Hi Boris, >> I also see that the issue you describe looks similar to or might >> even be the same issue fixed by >> https://github.com/opendnssec/opendnssec/pull/866 >> <https://github.com/opendnssec/opendnssec/pull/866>. >> That fix has not yet been included in a release of OpenDNSEC. >> If I recall correctly this is also a case that setting _FORTIFY_SOURCE=0 >> during compilation will workaround. >> Ximom >>> Op 3 mei 2025 om 19:46 heeft Ximon Eighteen <xi...@nlnetlabs.nl >>> <mailto:xi...@nlnetlabs.nl>> >>> het volgende geschreven: >>> Hello Boris, >>> One possible cause could be the stricter checks enforced on newer >>> operating system versions. >>> You could try disabling these stricter checks, e.g. by defining >>> _FORTIFY_SOURCE=0 when compiling OpenDNSSEC from sources: >>> ./configure CFLAGS="-D_FORTIFY_SOURCE=0" >>> See https://opendnssec.readthedocs.io/en/latest/quickstart/ >>> <https://opendnssec.readthedocs.io/en/latest/quickstart/> >>> for more complete instructions on building from sources. >>> Ximon >>>> Op 3 mei 2025 om 16:02 heeft Boris Gulay via Opendnssec-user >>>> <opendnssec-user@lists.opendnssec.org >>>> <mailto:opendnssec-user@lists.opendnssec.org>> het volgende >>>> geschreven: >>>> >>>> Hello. >>>> I'm try to run OpenDNSSEC from repo on Ubuntu 24.04. I'm >>>> starting from scratch with single simple zone. No matter what >>>> algorithm I'm using for keys I'm getting buffer overflow error >>>> when daemon tries to generate KSK. I've past dump from logs >>>> below. >>>> Is it a known issue? How can I work around it? >>>> Similar issue on launchpad: >>>> https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834 >>>> <https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834> >>>> >>>> >>>> > May 02 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] zone >>>> chubarovo.ru added [policy: default] May 02 23:50:45 main >>>> ods-enforcerd[2712313]: INFO: The XML in >>>> /var/lib/opendnssec/enforcer/zones.xml.update is valid May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] internal >>>> zonelist updated successfully May 02 23:50:45 main >>>> ods-enforcerd[2712313]: 1 zone(s) found on policy "default" May >>>> 02 23:50:45 main ods-enforcerd[2712313]: [hsm_key_factory_generate] 1 keys >>>> needed for 1 zones covering 31536000 seconds, generating 1 keys for policy >>>> default May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: 1 new KSK(s) (2048 bits) >>>> need to be created. May 02 23:50:45 main >>>> ods-enforcerd[2712313]: *** buffer overflow detected ***: >>>> terminated May 02 23:50:45 main ods-enforcerd[2712313]: >>>> Aborted: May 02 23:50:45 main ods-enforcerd[2712313]: >>>> unknown May 02 23:50:45 main ods-enforcerd[2712313]: Aborted May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: pthread_kill May >>>> 02 23:50:45 main ods-enforcerd[2712313]: gsignal May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: abort May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: __snprintf_chk May 02 23:50:45 main >>>> ods-enforcerd[2712313]: hsm_generate_rsa_key May 02 23:50:45 >>>> main ods-enforcerd[2712313]: hsm_key_factory_generate May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: hsm_key_factory_generate_policy May >>>> 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: : May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_kill May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: __select May 02 23:50:45 main >>>> ods-enforcerd[2712313]: cmdhandler_start May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: gsignal May 02 23:50:45 main >>>> ods-enforcerd[2712313]: abort May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: __snprintf_chk May 02 23:50:45 main >>>> ods-enforcerd[2712313]: hsm_generate_rsa_key May 02 23:50:45 >>>> main ods-enforcerd[2712313]: hsm_key_factory_generate May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: hsm_key_factory_generate_policy May >>>> 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main >>>> ods-enforcerd[2712313]: : May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main >>>> ods-enforcerd[2712313]: : May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main >>>> ods-enforcerd[2712313]: : May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main >>>> ods-enforcerd[2712313]: : May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May >>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02 >>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45 >>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main >>>> ods-enforcerd[2712313]: : May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: __select May 02 23:50:45 main >>>> ods-enforcerd[2712313]: cmdhandler_start May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main >>>> systemd[1]: opendnssec-enforcer.service: Main process exited, >>>> code=dumped, status=6/ABRT May 02 23:50:45 main systemd[1]: >>>> opendnssec-enforcer.service: Failed with result 'core-dump'. >>>> _______________________________________________ Opendnssec-user >>>> mailing list Opendnssec-user@lists.opendnssec.org >>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user >>> _______________________________________________ Opendnssec-user >>> mailing list Opendnssec-user@lists.opendnssec.org >>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user >> _______________________________________________ Opendnssec-user >> mailing list Opendnssec-user@lists.opendnssec.org >> <mailto:Opendnssec-user@lists.opendnssec.org> >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > > _______________________________________________ > Opendnssec-user mailing list > Opendnssec-user@lists.opendnssec.org > <mailto:Opendnssec-user@lists.opendnssec.org> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
