Bug#853732: gnutls28: build fails depending on timezone

[Andreas Metzler]

Conrol: found -1 3.5.8-1

On 2017-01-31 Thorsten Glaser <tg at mirbsd.de> wrote:
> Source: gnutls28
> Version: 3.5.8-2
> Severity: serious
> Tags: patch upstream
> Justification: fails to build from source (but built successfully in the past)

> The build fails in the pkcs7 testsuite because of a wrong date;
> the testsuite fudges to 2038-10-12 00:00:00 localtime:

> (pbuild22064)root at tglase:/tmp/buildd/gnutls28-3.5.8 # openssl x509 -noout -text -in doc/credentials/x509/ca.pem | fgrep Not
>             Not Before: May 28 08:36:30 2011 GMT
>             Not After : Oct 12 08:36:33 2038 GMT

> The fix is easy:

> --- /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7~	2017-01-31 10:37:42.041736473 +0000
> +++ /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7	2017-01-31 10:39:00.490675092 +0000
> @@ -74,7 +74,7 @@
>  fi

>  # check validation with date after intermediate cert issuance
> -datefudge -s "2038-10-12" \
> +datefudge -s "2038-10-12 08:36:34 UTC" \
>  ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
>  rc=$?

> This has been verified (including that "2038-10-12 08:36:32 UTC"
> toggles $?) on x32 after #853724 was resolved (issue with post-32bit
> timestamps), but is extremely likely to affect other architectures
> and thus is likely RC.

Hello,

thanks for the report. I intend to get this fixed for stretch and
therefore confirm it as serious since it is timebombish. (Breaks after
datefudge is fixed.)

> Also, why didn’t the reproducible builds
> efforts catch this? Probably because of the bug in datefudge…)

That is probably the case.

> (Also, why did upstream not catch this…)

Same reason. ;-)

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'