On 2018-10-27 18:36:12 [+0200], Christoph Biedl wrote: > +--- a/ipseckey.c > ++++ b/ipseckey.c > +@@ -111,8 +111,11 @@ > + default: > + strcpy(gw, "??"); > + } > ++#pragma GCC diagnostic push > ++#pragma GCC diagnostic ignored "-Wformat-truncation" > + snprintf(s, 1024, "( %d %d %d %s ... )", > + rr->precedence, rr->gateway_type, rr->algorithm, gw); > ++#pragma GCC diagnostic pop
This looks odd. There has to be a better way of dealing with this than just shutting off the warning so things compile again. > diff -Nru validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch > validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch > --- validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch > 1970-01-01 01:00:00.000000000 +0100 > +++ validns-0.8+git20160720/debian/patches/use-openssl-1.1.patch > 2018-10-27 18:13:35.000000000 +0200 > +--- a/dnskey.c > ++++ b/dnskey.c > +@@ -154,6 +154,7 @@ > + unsigned int e_bytes; > + unsigned char *pk; > + int l; > ++ BIGNUM *n, *e; > + > + rsa = RSA_new(); > + if (!rsa) > +@@ -174,11 +175,12 @@ > + if (l < e_bytes) /* public key is too short */ > + goto done; > + > +- rsa->e = BN_bin2bn(pk, e_bytes, NULL); > ++ e = BN_bin2bn(pk, e_bytes, NULL); BN_bin2bn() and EVP_MD_CTX_new() which were introduced as part of this patch may return NULL. Not a single instance in the patch checks the return value. This is just sloppy. > + pk += e_bytes; > + l -= e_bytes; > + > +- rsa->n = BN_bin2bn(pk, l, NULL); > ++ n = BN_bin2bn(pk, l, NULL); > ++ RSA_set0_key(rsa, n, e, NULL); > + > + pkey = EVP_PKEY_new(); > + if (!pkey) > +--- a/rrsig.c > ++++ b/rrsig.c > +@@ -374,7 +374,7 @@ > + static pthread_mutex_t *lock_cs; > + static long *lock_count; > + > +-static unsigned long pthreads_thread_id(void) > ++unsigned long pthreads_thread_id(void) not only there is no need for this hunk IMHO the thread locking used here is not required for openssl 1.1.0+. > + { > + unsigned long ret; > + Sebastian