519766 – (nss) FORTIFY_SOURCE buffer overflows and other issues in test suite

Bug 519766 - (nss) FORTIFY_SOURCE buffer overflows and other issues in test suite

Summary: (nss) FORTIFY_SOURCE buffer overflows and other issues in test suite

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	nss
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Elio Maldonado Batiz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F12Blocker, F12FinalBlocker
TreeView+	depends on / blocked

Reported:	2009-08-27 18:26 UTC by Warren Togami
Modified:	2013-01-10 05:26 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-10-21 22:44:29 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Warren Togami 2009-08-27 18:26:37 UTC

http://koji.fedoraproject.org/koji/taskinfo?taskID=1639120
nss-3.12.3.99.3-19.fc12

1) These build logs are showing multiple problems during the test suite.  ppc and ppc64 are showing glibc FORTIFY_SOURCE runtime errors due to something wrong with how it is using strcpy().  i386 and x86_64 are not showing this particular problem.

2) Note the "command not found", missing utilities in BuildRequires?

3) Do they tests rely on the network or try to access anything via the network?  If so then the tests must be disabled, or those parts of the tests must be disabled during package build.  Network access is forbidden during buildtime on the buildsystem.

PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #3375: Revocation: Verifying certificate(s)  EE21CA2.der with flags  -g chain -m crl -d AllDB    -t Root.der - PASSED
./chains.sh: line 728: ping: command not found
OCSP server not accessible, skipping OCSP tests
TIMESTAMP chains END: Thu Aug 27 13:51:09 EDT 2009
chains.sh: Testing with upgraded library ===============================
cp: cannot stat `/builddir/build/BUILD/nss-3.12.3.99.3/mozilla/tests_results/security/localhost.1/eccurves': No such file or directory
cp: cannot stat `/builddir/build/BUILD/nss-3.12.3.99.3/mozilla/tests_results/security/localhost.1/cert.done': No such file or directory
Running tests for dbupgrade
TIMESTAMP dbupgrade BEGIN: Thu Aug 27 13:51:09 EDT 2009
dbupgrade.sh: DB upgrade tests ===============================
Reset databases to their initial values:
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
dbupgrade.sh: Legacy to shared Library update ===============================
alicedir
upgrading db alicedir
*** buffer overflow detected ***: /builddir/build/BUILD/nss-3.12.3.99.3/mozilla/dist/Linux2.6_ppc_glibc_PTH_64_OPT.OBJ/bin/certutil terminated

Comment 1 Rex Dieter 2009-08-28 15:18:43 UTC

nss-3.12.3.99.3-24.fc12 
http://koji.fedoraproject.org/koji/buildinfo?buildID=129665

seems happy now.

Comment 2 Elio Maldonado Batiz 2009-09-01 00:55:37 UTC

(In reply to comment #1) Happy because the tests weren't run.

Comment 3 Elio Maldonado Batiz 2009-09-01 01:25:03 UTC

A build fix with all tests passing in all platforms can be seen in
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=1647031

Fix is in for nss-3_12_3_99_3-30_fc12
http://koji.fedoraproject.org/koji/buildinfo?buildID=13006

Comment 4 Jesse Keating 2009-10-21 22:44:29 UTC

This is in rawhide/F12.

Note You need to log in before you can comment on or make changes to this bug.