Bug 1744095 - CMCResponse is not working as expected
Summary: CMCResponse is not working as expected
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: pki-core
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Christina Fu
QA Contact: PKI QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-21 10:29 UTC by Geetika Kapoor
Modified: 2020-04-28 15:46 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 15:45:17 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1644 0 None None None 2020-04-28 15:46:03 UTC

Description Geetika Kapoor 2019-08-21 10:29:34 UTC
Description of problem:

CMCResponse is not working as expected. CMCResponse fails with error

# CMCResponse -v -i /tmp/cmc_response.crt -o /tmp/cmc_response_pkcs7.crt
Exception in thread "main" org.mozilla.jss.asn1.InvalidBERException: SEQUENCE(item #0) >> Missing item #0: found UNIVERSAL 2
	at org.mozilla.jss.asn1.SEQUENCE$Template.decode(SEQUENCE.java:393)
	at org.mozilla.jss.pkix.cms.ContentInfo$Template.decode(ContentInfo.java:227)
	at org.mozilla.jss.pkix.cms.ContentInfo$Template.decode(ContentInfo.java:220)
	at com.netscape.cmstools.CMCResponse.<init>(CMCResponse.java:80)
	at com.netscape.cmstools.CMCResponse.main(CMCResponse.java:377)


Version-Release number of selected component (if applicable):

8.x
Major impact is all the automation is failing and this could impact gating when we have all major features in gating runs.

How reproducible:

Always

Steps to Reproduce:
1. Use Any scenario let it be sharedSecret or AgentSigned.
2. CMCResponse fails with error:
InvalidBERException
3.

Actual results:

fails with error : InvalidBERException


Expected results:

It should work as expected like it used to work till 7.7.


Additional info:

Comment 2 Christina Fu 2019-09-16 20:36:42 UTC
Fixed on master:

commit 9b42819779925192788e5c93fc46719e96a0978b (HEAD -> master, origin/master, origin/HEAD)
Author: Christina Fu <cfu@cfu-fedora-30.usersys.redhat.com>
Date:   Mon Sep 16 10:51:12 2019 -0700

    Bug 1744095 - CMCResponse is not working as expected
    
    This patch fixes the issue that HttpClient extracting less bytes than
    the actual data size from the HTTP response.
    My investigation shows that there used to be 6 lines of headers, and
    now it's down to 5.
    The fix is to default to 5, but add an unadvertised numHeaderLines
    that allows one to customize in case the server changes again.
    It is limited to the range of 1 - 56
    
    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1744095

Comment 3 Christina Fu 2019-09-16 20:50:58 UTC
Test procedure:

The issue is with HttpClient, not on CMCResponse, so tests don't necessarily have to be with CMC.  Any existing QE test cases that use HttpClient would do.

Comment 5 Geetika Kapoor 2020-02-05 08:57:13 UTC
Test Environment:
================

# rpm -qa pki-* jss*
pki-tools-10.8.0-0.5.module+el8.2.0+5469+26e16009.x86_64
pki-base-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
pki-symkey-10.8.0-0.5.module+el8.2.0+5469+26e16009.x86_64
pki-base-java-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
pki-servlet-engine-9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch
pki-server-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
pki-kra-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch
jss-4.6.2-2.module+el8.2.0+4573+c3c38c7b.x86_64
pki-servlet-4.0-api-9.0.7-16.module+el8.1.0+3366+6dfb954c.noarch
pki-ca-10.8.0-0.5.module+el8.2.0+5469+26e16009.noarch

Test Case :
==========

1. Run script mentioned in QA whiteboard.
2. Check CMCResponse.


# CMCResponse -v -i /tmp/cmc_response.crt -o /tmp/cmc_response_pkcs7.crt
Cert:0
MIIDsjCCApqgAwIBAgIBDTANBgkqhkiG9w0BAQ0FADBhMSUwIwYDVQQKDBx0b3Bv
bG9neS0wM19Gb29iYXJtYXN0ZXIub3JnMRcwFQYDVQQLDA50b3BvbG9neS0wMy1D
QTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yMDAyMDUwODUx
MjZaFw0yMDA4MDMwNzUxMjZaMD8xEjAQBgNVBAoTCVRlc3QgQ2VydDEXMBUGCgmS
JomT8ixkAQETB1RFc1RpbkcxEDAOBgNVBAMTB1Rlc3RpbmcwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCvCjHRW9vygPw9qlmNcUCb4t2vBZEy3YI7tl0M
XCoSnnt/mwcMsu5JrU7hPrhDdWgmCZat9n6o1Crz1uHh5ttHpH8t/ECXzxAPrYS4
J+P4dOkv0dbO8NDMIT01yb/PHIHju7SCvvlerRUoSI0l15hLyBgiAamCBo5m/P9R
/DlblastzOulPwxaHWmPQSQQiZMMxNGpRzTNZ++Zb7KhwK9NGWo5jYEyjpNeWzII
PZ4EH1Vp2PBDkqFMzqo5gFTsLkixt4/R5DRNDubU2RFrHGW2M/+DV7OGf8KjuwFx
DxM5z87N72ovLqLWilIp9SDswZkOK52gXKgckgoCkIK/l2ODAgMBAAGjgZYwgZMw
HwYDVR0jBBgwFoAUy5H3jS5hgaBEmd6Uvq24jBTnKxgwQQYIKwYBBQUHAQEENTAz
MDEGCCsGAQUFBzABhiVodHRwOi8vcGtpMS5leGFtcGxlLmNvbToyMDA4MC9jYS9v
Y3NwMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH
AwQwDQYJKoZIhvcNAQENBQADggEBAI5ZKnILXW0dO8FP5IO5OOlCE/LdEkpLrmXw
ZmyTWcjOBqUhEaaWdo/MD+6FjdiolZidlfEZIJbqFhyQ7G8IxUmtEuELXi3SGnKb
VaFjkQaer0nBK+lWt//OujPKsMYaN2hnzy1ZYnM6+I4fr9aWfx82NbI+zlbU4+lD
NpQlDHirHQkju3wQCvjsZdFJIbYOuQIAU/xnhl0WYO/3MtDBXJb/rq85Lt+7hO8P
i+ZGe/lIrHTR/EHEbpKShx9Hmto2TMZsVAulo33jdQyR+2+QwTHsFstc4j4kzKLp
mNWo869S8s2h/szDdfTRxydCN68ip6DNlHFidZv6av8Q1O0IJVg=

===
Cert:1
MIID5TCCAs2gAwIBAgIBATANBgkqhkiG9w0BAQ0FADBhMSUwIwYDVQQKDBx0b3Bv
bG9neS0wM19Gb29iYXJtYXN0ZXIub3JnMRcwFQYDVQQLDA50b3BvbG9neS0wMy1D
QTEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0yMDAyMDUwODIw
NDFaFw00MDAyMDUwODIwNDFaMGExJTAjBgNVBAoMHHRvcG9sb2d5LTAzX0Zvb2Jh
cm1hc3Rlci5vcmcxFzAVBgNVBAsMDnRvcG9sb2d5LTAzLUNBMR8wHQYDVQQDDBZD
QSBTaWduaW5nIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEApZhxLd2kiY+396Fuic0rvqNXx+axbuweFDc6KZxul1p3G70NpJiRCWD+
YL9fWn+lHd3jLlxoqP+0pdycH/iooKi6ADBs8dodHwXrUcnK0hbw1ewBPw9m40ae
hrh29elUSojvCbDL/kYA3lo7ZUtPVxhGhO9/hZ4/rE4zhXJecD1JjealCNSFJf2Q
i9/Ylr8+FGjDOUD4GZmTF8btphW8QpsqweynWj+V4bGykZqxbBCPdtrCVkJJuwCj
vbtDYRoU5eypsv1EOSgTEEHUJqll19+NKu1606oM7hoiV1iea07tn4CYpEzUpcpU
UjGXKjUukL1uoO2BhSexKA3MFSwK0wIDAQABo4GnMIGkMB8GA1UdIwQYMBaAFMuR
940uYYGgRJnelL6tuIwU5ysYMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
AgHGMB0GA1UdDgQWBBTLkfeNLmGBoESZ3pS+rbiMFOcrGDBBBggrBgEFBQcBAQQ1
MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9wa2kxLmV4YW1wbGUuY29tOjIwMDgwL2Nh
L29jc3AwDQYJKoZIhvcNAQENBQADggEBAB5rDr45e0PfXJAV8u+BtF64e+4NSvWO
zawuwiy4qt9d+0qwfjv9fN6pKSfj4mofzisk2wvG+wOtFKQcrsT5K4MKovHOyUPr
sKK6tg/OJ/LyIktZJWou8eHa/UgEU39E/Snt1yDf2A002mLvSirdZyeM2QTH8zNq
uORPXzJTJ8Md3R9BWvbr7zyJ/BB1RvvSRz36UE9IdHE/ppz8Nmc1/o1bbQwhFkYO
6B5CVDCaeN8P7zE/tuFrDWk+Hj2QjbOvAZ/gO5CK34SqinJWqhjF4VoiDGj2+pv/
/5O+b3tPkgwTYhWG0k3939cJ4G7lSwFvmkCZwMvd/ZLvWfFz6HRo80I=

===
Certificates: 
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0xD
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=topology-03-CA,O=topology-03_Foobarmaster.org
            Validity: 
                Not Before: Wednesday, February 5, 2020 3:51:26 AM EST America/New_York
                Not  After: Monday, August 3, 2020 3:51:26 AM EDT America/New_York
            Subject: CN=Testing,UID=TEsTinG,O=Test Cert
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        AF:0A:31:D1:5B:DB:F2:80:FC:3D:AA:59:8D:71:40:9B:
                        E2:DD:AF:05:91:32:DD:82:3B:B6:5D:0C:5C:2A:12:9E:
                        7B:7F:9B:07:0C:B2:EE:49:AD:4E:E1:3E:B8:43:75:68:
                        26:09:96:AD:F6:7E:A8:D4:2A:F3:D6:E1:E1:E6:DB:47:
                        A4:7F:2D:FC:40:97:CF:10:0F:AD:84:B8:27:E3:F8:74:
                        E9:2F:D1:D6:CE:F0:D0:CC:21:3D:35:C9:BF:CF:1C:81:
                        E3:BB:B4:82:BE:F9:5E:AD:15:28:48:8D:25:D7:98:4B:
                        C8:18:22:01:A9:82:06:8E:66:FC:FF:51:FC:39:5B:95:
                        AB:2D:CC:EB:A5:3F:0C:5A:1D:69:8F:41:24:10:89:93:
                        0C:C4:D1:A9:47:34:CD:67:EF:99:6F:B2:A1:C0:AF:4D:
                        19:6A:39:8D:81:32:8E:93:5E:5B:32:08:3D:9E:04:1F:
                        55:69:D8:F0:43:92:A1:4C:CE:AA:39:80:54:EC:2E:48:
                        B1:B7:8F:D1:E4:34:4D:0E:E6:D4:D9:11:6B:1C:65:B6:
                        33:FF:83:57:B3:86:7F:C2:A3:BB:01:71:0F:13:39:CF:
                        CE:CD:EF:6A:2F:2E:A2:D6:8A:52:29:F5:20:EC:C1:99:
                        0E:2B:9D:A0:5C:A8:1C:92:0A:02:90:82:BF:97:63:83
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        CB:91:F7:8D:2E:61:81:A0:44:99:DE:94:BE:AD:B8:8C:
                        14:E7:2B:18
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:33:30:31:06:08:2B:06:01:05:05:07:30:01:86:25:
                        68:74:74:70:3A:2F:2F:70:6B:69:31:2E:65:78:61:6D:
                        70:6C:65:2E:63:6F:6D:3A:32:30:30:38:30:2F:63:61:
                        2F:6F:63:73:70
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key Encipherment 
                Identifier: Extended Key Usage: - 2.5.29.37
                    Critical: no 
                    Extended Key Usage: 
                        1.3.6.1.5.5.7.3.2
                        1.3.6.1.5.5.7.3.4
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                8E:59:2A:72:0B:5D:6D:1D:3B:C1:4F:E4:83:B9:38:E9:
                42:13:F2:DD:12:4A:4B:AE:65:F0:66:6C:93:59:C8:CE:
                06:A5:21:11:A6:96:76:8F:CC:0F:EE:85:8D:D8:A8:95:
                98:9D:95:F1:19:20:96:EA:16:1C:90:EC:6F:08:C5:49:
                AD:12:E1:0B:5E:2D:D2:1A:72:9B:55:A1:63:91:06:9E:
                AF:49:C1:2B:E9:56:B7:FF:CE:BA:33:CA:B0:C6:1A:37:
                68:67:CF:2D:59:62:73:3A:F8:8E:1F:AF:D6:96:7F:1F:
                36:35:B2:3E:CE:56:D4:E3:E9:43:36:94:25:0C:78:AB:
                1D:09:23:BB:7C:10:0A:F8:EC:65:D1:49:21:B6:0E:B9:
                02:00:53:FC:67:86:5D:16:60:EF:F7:32:D0:C1:5C:96:
                FF:AE:AF:39:2E:DF:BB:84:EF:0F:8B:E6:46:7B:F9:48:
                AC:74:D1:FC:41:C4:6E:92:92:87:1F:47:9A:DA:36:4C:
                C6:6C:54:0B:A5:A3:7D:E3:75:0C:91:FB:6F:90:C1:31:
                EC:16:CB:5C:E2:3E:24:CC:A2:E9:98:D5:A8:F3:AF:52:
                F2:CD:A1:FE:CC:C3:75:F4:D1:C7:27:42:37:AF:22:A7:
                A0:CD:94:71:62:75:9B:FA:6A:FF:10:D4:ED:08:25:58
        FingerPrint
            MD2:
                34:10:60:0C:65:71:06:6A:15:EA:1A:B0:F7:2A:DB:6C
            MD5:
                AF:BB:F1:58:A8:F7:F0:D5:E5:2A:DF:FF:16:1C:83:2C
            SHA-1:
                27:EA:1C:E7:BB:8B:56:E7:37:8B:47:DF:62:B1:FB:4D:
                52:82:2B:2D
            SHA-256:
                FC:A9:CC:14:70:89:A9:C9:74:03:FE:F8:59:DA:B9:45:
                1B:CC:28:A4:7F:E5:80:8F:0E:5F:9E:9C:25:25:A1:11
            SHA-512:
                00:8E:27:63:41:68:2A:64:9A:2D:83:35:82:7F:43:24:
                23:3A:9E:89:F9:F4:2A:F8:7E:52:BD:E6:29:6C:B2:C3:
                9C:BF:CC:74:A5:17:94:12:1D:17:85:ED:98:F2:ED:77:
                27:6D:B9:F8:AE:7A:DD:AA:9E:39:A7:BD:14:EE:DC:9E
    Certificate: 
        Data: 
            Version:  v3
            Serial Number: 0x1
            Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Issuer: CN=CA Signing Certificate,OU=topology-03-CA,O=topology-03_Foobarmaster.org
            Validity: 
                Not Before: Wednesday, February 5, 2020 3:20:41 AM EST America/New_York
                Not  After: Sunday, February 5, 2040 3:20:41 AM EST America/New_York
            Subject: CN=CA Signing Certificate,OU=topology-03-CA,O=topology-03_Foobarmaster.org
            Subject Public Key Info: 
                Algorithm: RSA - 1.2.840.113549.1.1.1
                Public Key: 
                    Exponent: 65537
                    Public Key Modulus: (2048 bits) :
                        A5:98:71:2D:DD:A4:89:8F:B7:F7:A1:6E:89:CD:2B:BE:
                        A3:57:C7:E6:B1:6E:EC:1E:14:37:3A:29:9C:6E:97:5A:
                        77:1B:BD:0D:A4:98:91:09:60:FE:60:BF:5F:5A:7F:A5:
                        1D:DD:E3:2E:5C:68:A8:FF:B4:A5:DC:9C:1F:F8:A8:A0:
                        A8:BA:00:30:6C:F1:DA:1D:1F:05:EB:51:C9:CA:D2:16:
                        F0:D5:EC:01:3F:0F:66:E3:46:9E:86:B8:76:F5:E9:54:
                        4A:88:EF:09:B0:CB:FE:46:00:DE:5A:3B:65:4B:4F:57:
                        18:46:84:EF:7F:85:9E:3F:AC:4E:33:85:72:5E:70:3D:
                        49:8D:E6:A5:08:D4:85:25:FD:90:8B:DF:D8:96:BF:3E:
                        14:68:C3:39:40:F8:19:99:93:17:C6:ED:A6:15:BC:42:
                        9B:2A:C1:EC:A7:5A:3F:95:E1:B1:B2:91:9A:B1:6C:10:
                        8F:76:DA:C2:56:42:49:BB:00:A3:BD:BB:43:61:1A:14:
                        E5:EC:A9:B2:FD:44:39:28:13:10:41:D4:26:A9:65:D7:
                        DF:8D:2A:ED:7A:D3:AA:0C:EE:1A:22:57:58:9E:6B:4E:
                        ED:9F:80:98:A4:4C:D4:A5:CA:54:52:31:97:2A:35:2E:
                        90:BD:6E:A0:ED:81:85:27:B1:28:0D:CC:15:2C:0A:D3
            Extensions: 
                Identifier: Authority Key Identifier - 2.5.29.35
                    Critical: no 
                    Key Identifier: 
                        CB:91:F7:8D:2E:61:81:A0:44:99:DE:94:BE:AD:B8:8C:
                        14:E7:2B:18
                Identifier: Basic Constraints - 2.5.29.19
                    Critical: yes 
                    Is CA: yes 
                    Path Length Constraint: UNLIMITED
                Identifier: Key Usage: - 2.5.29.15
                    Critical: yes 
                    Key Usage: 
                        Digital Signature 
                        Non Repudiation 
                        Key CertSign 
                        Crl Sign 
                Identifier: Subject Key Identifier - 2.5.29.14
                    Critical: no 
                    Key Identifier: 
                        CB:91:F7:8D:2E:61:81:A0:44:99:DE:94:BE:AD:B8:8C:
                        14:E7:2B:18
                Identifier: 1.3.6.1.5.5.7.1.1
                    Critical: no 
                    Value: 
                        30:33:30:31:06:08:2B:06:01:05:05:07:30:01:86:25:
                        68:74:74:70:3A:2F:2F:70:6B:69:31:2E:65:78:61:6D:
                        70:6C:65:2E:63:6F:6D:3A:32:30:30:38:30:2F:63:61:
                        2F:6F:63:73:70
        Signature: 
            Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
            Signature: 
                1E:6B:0E:BE:39:7B:43:DF:5C:90:15:F2:EF:81:B4:5E:
                B8:7B:EE:0D:4A:F5:8E:CD:AC:2E:C2:2C:B8:AA:DF:5D:
                FB:4A:B0:7E:3B:FD:7C:DE:A9:29:27:E3:E2:6A:1F:CE:
                2B:24:DB:0B:C6:FB:03:AD:14:A4:1C:AE:C4:F9:2B:83:
                0A:A2:F1:CE:C9:43:EB:B0:A2:BA:B6:0F:CE:27:F2:F2:
                22:4B:59:25:6A:2E:F1:E1:DA:FD:48:04:53:7F:44:FD:
                29:ED:D7:20:DF:D8:0D:34:DA:62:EF:4A:2A:DD:67:27:
                8C:D9:04:C7:F3:33:6A:B8:E4:4F:5F:32:53:27:C3:1D:
                DD:1F:41:5A:F6:EB:EF:3C:89:FC:10:75:46:FB:D2:47:
                3D:FA:50:4F:48:74:71:3F:A6:9C:FC:36:67:35:FE:8D:
                5B:6D:0C:21:16:46:0E:E8:1E:42:54:30:9A:78:DF:0F:
                EF:31:3F:B6:E1:6B:0D:69:3E:1E:3D:90:8D:B3:AF:01:
                9F:E0:3B:90:8A:DF:84:AA:8A:72:56:AA:18:C5:E1:5A:
                22:0C:68:F6:FA:9B:FF:FF:93:BE:6F:7B:4F:92:0C:13:
                62:15:86:D2:4D:FD:DF:D7:09:E0:6E:E5:4B:01:6F:9A:
                40:99:C0:CB:DD:FD:92:EF:59:F1:73:E8:74:68:F3:42
        FingerPrint
            MD2:
                53:70:A7:6D:ED:3B:C0:E1:F0:71:FB:3D:8B:0D:53:3C
            MD5:
                E1:19:55:D1:DB:54:62:2A:90:53:E2:3A:47:2E:82:E9
            SHA-1:
                48:ED:35:0B:CE:4F:65:F3:50:F7:F6:67:71:A1:89:04:
                F0:7E:69:AA
            SHA-256:
                D8:F6:72:46:16:4E:8C:9B:14:AA:22:54:09:31:0A:6E:
                FD:9A:93:AE:AB:9A:D5:F4:00:58:D1:9E:E4:71:96:25
            SHA-512:
                90:17:47:30:40:B2:D1:62:F7:5B:8C:AE:F5:0E:C2:E4:
                6A:15:F9:40:01:7E:65:11:21:8B:4A:B5:E2:5C:90:0B:
                A1:C0:37:CF:D4:AE:B2:A2:FA:69:C2:13:21:8A:7F:5E:
                DE:5E:B8:63:C0:E1:54:1E:46:94:1D:13:C3:6B:E6:C2


Number of controls is 1
Control #0: CMCStatusInfoV2
   OID: {1 3 6 1 5 5 7 7 25}
   BodyList: 1 
   Status: SUCCESS
CMC Full Response.

PKCS#7 now stored in file: /tmp/cmc_response_pkcs7.crt

Comment 7 errata-xmlrpc 2020-04-28 15:45:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1644


Note You need to log in before you can comment on or make changes to this bug.