Source: gnutls28 Version: 3.5.8-2 Severity: serious Tags: patch upstream Justification: fails to build from source (but built successfully in the past)
The build fails in the pkcs7 testsuite because of a wrong date; the testsuite fudges to 2038-10-12 00:00:00 localtime: (pbuild22064)root@tglase:/tmp/buildd/gnutls28-3.5.8 # openssl x509 -noout -text -in doc/credentials/x509/ca.pem | fgrep Not Not Before: May 28 08:36:30 2011 GMT Not After : Oct 12 08:36:33 2038 GMT The fix is easy: --- /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7~ 2017-01-31 10:37:42.041736473 +0000 +++ /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7 2017-01-31 10:39:00.490675092 +0000 @@ -74,7 +74,7 @@ fi # check validation with date after intermediate cert issuance -datefudge -s "2038-10-12" \ +datefudge -s "2038-10-12 08:36:34 UTC" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? This has been verified (including that "2038-10-12 08:36:32 UTC" toggles $?) on x32 after #853724 was resolved (issue with post-32bit timestamps), but is extremely likely to affect other architectures and thus is likely RC. (Also, why didn’t the reproducible builds efforts catch this? Probably because of the bug in datefudge…) (Also, why did upstream not catch this…) -- System Information: Debian Release: 9.0 APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'buildd-unstable'), (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: i386, amd64 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init)