Bug#853732: gnutls28: build fails depending on timezone

[Thorsten Glaser]

Source: gnutls28
Version: 3.5.8-2
Severity: serious
Tags: patch upstream
Justification: fails to build from source (but built successfully in the past)

The build fails in the pkcs7 testsuite because of a wrong date;
the testsuite fudges to 2038-10-12 00:00:00 localtime:

(pbuild22064)root at tglase:/tmp/buildd/gnutls28-3.5.8 # openssl x509 -noout -text -in doc/credentials/x509/ca.pem | fgrep Not
            Not Before: May 28 08:36:30 2011 GMT
            Not After : Oct 12 08:36:33 2038 GMT

The fix is easy:

--- /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7~	2017-01-31 10:37:42.041736473 +0000
+++ /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7	2017-01-31 10:39:00.490675092 +0000
@@ -74,7 +74,7 @@
 fi
 
 # check validation with date after intermediate cert issuance
-datefudge -s "2038-10-12" \
+datefudge -s "2038-10-12 08:36:34 UTC" \
 ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
 rc=$?
 

This has been verified (including that "2038-10-12 08:36:32 UTC"
toggles $?) on x32 after #853724 was resolved (issue with post-32bit
timestamps), but is extremely likely to affect other architectures
and thus is likely RC. (Also, why didn’t the reproducible builds
efforts catch this? Probably because of the bug in datefudge…)
(Also, why did upstream not catch this…)

-- System Information:
Debian Release: 9.0
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: x32 (x86_64)
Foreign Architectures: i386, amd64

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)