[global-libreoffice-ci] UBSAN Linux Build - Build # 2217 - Still Failing!
Michael Stahl
mst at libreoffice.org
Wed Dec 1 12:46:50 UTC 2021
On 01.12.21 13:24, Stephan Bergmann wrote:
> On 30/11/2021 03:23, ci at libreoffice.org wrote:
>> UBSAN Linux Build - Build # 2217 - Still Failing:
>> Identified problems:
>> * cppunit failure: the cppunit test CppunitTest_desktop_lib failed
>> * Indication 1:
>>
>> <https://ci.libreoffice.org//job/lo_ubsan/2217/consoleFull#-1103831567d893063f-7f3d-4b7e-b56f-4e0f225817cd>
>>
>
> ...due to
>
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:824:
>> Can't get the private key from the certificate.
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> keys.c:1253: xmlSecKeysMngrGetKey() '' 'xmlSecKeysMngrFindKey' 1 ' '
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> xmldsig.c:793: xmlSecDSigCtxProcessKeyInfoNode() '' '' 45 'details=NULL'
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> xmldsig.c:508: xmlSecDSigCtxProcessSignatureNode() ''
>> 'xmlSecDSigCtxProcessKeyInfoNode' 1 ' '
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> xmldsig.c:291: xmlSecDSigCtxSign() ''
>> 'xmlSecDSigCtxProcessSignatureNode' 1 ' '
^ iirc the above from xmlsec don't matter, it can validate the signature
regardless, the problem is that later the validation of the certificate
fails.
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx:824:
>> Can't get the private key from the certificate.
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> digests.c:219: xmlSecNssDigestVerify() 'sha256' '' 12 'invalid data:
>> actual value 'dataSize'=0, actual value 'dgstSize'=32 and expected
>> dataSize == dgstSize'
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> digests.c:219: xmlSecNssDigestVerify() 'sha256' '' 12 'invalid data:
>> actual value 'dataSize'=0, actual value 'dgstSize'=32 and expected
>> dataSize == dgstSize'
>> warn:xmlsecurity.xmlsec:17850:17850:xmlsecurity/source/xmlsec/errorcallback.cxx:53:
>> digests.c:219: xmlSecNssDigestVerify() 'sha256' '' 12 'invalid data:
>> actual value 'dataSize'=0, actual value 'dgstSize'=32 and expected
>> dataSize == dgstSize'
>> /home/tdf/lode/jenkins/workspace/lo_ubsan/desktop/qa/desktop_lib/test_desktop_lib.cxx:2614:DesktopLOKTest::testInsertCertificate_DER_ODT
>>
>> equality assertion failed
>> - Expected: 1
>> - Actual : 2
>>
>
> I cannot reproduce that with my own local ASan+UBSan build. Does
> anybody have an idea what is going wrong here?
>
> Unfortunately, the last preceding build with a (successful)
>
>> [build CUT] desktop_lib
>
> is <https://ci.libreoffice.org/job/lo_ubsan/2212> (the intermediate
> builds failed for some other reasons before they would have run that
> test), so we are looking at the range
> ddc57169ac8d1de00403dbb09fef5221beaa0f3d..e9332dcdc8f2ea268d1b17c73d43a8834cf75365
> of 162 commits.
i think it's caused by --with-system-nss on the CentOS7 baseline,
doesn't happen on more recent Fedora, would be great if somebody had
time to debug why this happens...
More information about the LibreOffice
mailing list