Re: nss security update package ready for review
On 2016-11-30 23:59:32, Guido Günther wrote:
> I remember the nss testsuite to run cleanly last time I checked a couple
> of months ago so we should IMHO investigate.
It seems that there are a lot of failing tests regarding FIPS support:
[1034]anarcat@angela:nss-3.26.2$ grep 'FAILED$' /var/cache/pbuilder/build//cow.13026/tmp/buildd/nss-3.26.2/build.log
cert.sh: #320: Enable FIPS mode on database for FIPS PUB 140 Test Certificate (11) - FAILED
fips.sh: #830: Verify this module is in FIPS mode (modutil -chkfips true) . - FAILED
fips.sh: #849: Run PK11MODE in FIPS mode (pk11mode) . - FAILED
fips.sh: #850: Run PK11MODE in Non FIPS mode (pk11mode -n) . - FAILED
fips.sh: #851: Init NSS with a corrupted library (dbtest -r) . - FAILED
ssl.sh: #2681: (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #2683: (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
ssl.sh: #2684: (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #2686: (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
ssl.sh: #3144: (modutil -fips false) produced a returncode of 13, expected is 0 - FAILED
ssl.sh: #3147: (modutil -fips false) produced a returncode of 13, expected is 0 - FAILED
ssl.sh: #3150: (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #3152: (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
ssl.sh: #3153: (modutil -fips true) produced a returncode of 11, expected is 0 - FAILED
ssl.sh: #3155: (grep "FIPS PKCS #11") produced a returncode of 1, expected is 0 - FAILED
[1034]anarcat@angela:nss-3.26.2$ grep 'FAILED$' /var/cache/pbuilder/build//cow.13026/tmp/buildd/nss-3.26.2/build.log | wc
15 222 1279
The test suite hasn't completed yet, so two more are missing... But
basically, this looks like *all* FIPS-related issues, except for #851.
Does that ring a bell to anyone?
A.
--
Il faut tout un village pour élever un enfant.
- Proverbe africain
Reply to: