Bug 519766

Summary: (nss) FORTIFY_SOURCE buffer overflows and other issues in test suite
Product: [Fedora] Fedora Reporter: Warren Togami <wtogami>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: dcantrell, emaldona, kdudka, kengert, rdieter
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-21 22:44:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 473303    

Description Warren Togami 2009-08-27 18:26:37 UTC 
http://koji.fedoraproject.org/koji/taskinfo?taskID=1639120
nss-3.12.3.99.3-19.fc12

1) These build logs are showing multiple problems during the test suite.  ppc and ppc64 are showing glibc FORTIFY_SOURCE runtime errors due to something wrong with how it is using strcpy().  i386 and x86_64 are not showing this particular problem.

2) Note the "command not found", missing utilities in BuildRequires?

3) Do they tests rely on the network or try to access anything via the network?  If so then the tests must be disabled, or those parts of the tests must be disabled during package build.  Network access is forbidden during buildtime on the buildsystem.

PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #3375: Revocation: Verifying certificate(s)  EE21CA2.der with flags  -g chain -m crl -d AllDB    -t Root.der - PASSED
./chains.sh: line 728: ping: command not found
OCSP server not accessible, skipping OCSP tests
TIMESTAMP chains END: Thu Aug 27 13:51:09 EDT 2009
chains.sh: Testing with upgraded library ===============================
cp: cannot stat `/builddir/build/BUILD/nss-3.12.3.99.3/mozilla/tests_results/security/localhost.1/eccurves': No such file or directory
cp: cannot stat `/builddir/build/BUILD/nss-3.12.3.99.3/mozilla/tests_results/security/localhost.1/cert.done': No such file or directory
Running tests for dbupgrade
TIMESTAMP dbupgrade BEGIN: Thu Aug 27 13:51:09 EDT 2009
dbupgrade.sh: DB upgrade tests ===============================
Reset databases to their initial values:
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
dbupgrade.sh: Legacy to shared Library update ===============================
alicedir
upgrading db alicedir
*** buffer overflow detected ***: /builddir/build/BUILD/nss-3.12.3.99.3/mozilla/dist/Linux2.6_ppc_glibc_PTH_64_OPT.OBJ/bin/certutil terminated
Comment 1 Rex Dieter 2009-08-28 15:18:43 UTC 
nss-3.12.3.99.3-24.fc12 
http://koji.fedoraproject.org/koji/buildinfo?buildID=129665

seems happy now.
Comment 2 Elio Maldonado Batiz 2009-09-01 00:55:37 UTC 
(In reply to comment #1) Happy because the tests weren't run.
Comment 3 Elio Maldonado Batiz 2009-09-01 01:25:03 UTC 
A build fix with all tests passing in all platforms can be seen in
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=1647031

Fix is in for nss-3_12_3_99_3-30_fc12
http://koji.fedoraproject.org/koji/buildinfo?buildID=13006
Comment 4 Jesse Keating 2009-10-21 22:44:29 UTC 
This is in rawhide/F12.