test_CVE_2012_2944 autopkgtest is racy

Bug #1291378 reported by Martin Pitt on 2014-03-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nut (Ubuntu)
High
Martin Pitt

Bug Description

As you can see in the build history of https://jenkins.qa.ubuntu.com/job/trusty-adt-nut/? the test_CVE_2012_2944 test is rather flaky:

======================================================================
FAIL: test_CVE_2012_2944 (__main__.BasicTest)
Test CVE-2012-2944
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/tmp/adt-run.akeFyu/dsc0-build/nut-2.7.1/debian/tests/test-nut.py", line 396, in test_CVE_2012_2944
    self.assertFalse(os.path.exists(pidfile), "Found %s" % pidfile)
AssertionError: Found /var/run/nut/upsd.pid

I often have to retry the package test two or three times before it succeeds, particularly when the test machines are busy. So either the test isn't right, or the security issue that it's supposed to fix isn't really fixed?

Martin Pitt (pitti) on 2014-03-12
Changed in nut (Ubuntu):
assignee: nobody → Chuck Short (zulcss)
Changed in nut (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Martin Pitt (pitti) wrote :

*sigh*, this test is impossible to satisfy, I now got ~ 15 failures in a row and this is holding up other packages. This has been ignored for 4 months, taking bug now.

Changed in nut (Ubuntu):
assignee: Chuck Short (zulcss) → Martin Pitt (pitti)
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nut - 2.7.1-1ubuntu3

---------------
nut (2.7.1-1ubuntu3) utopic; urgency=medium

  * debian/tests/test-nut.py: in the CVE_2012_2944 test, give nut at most 5
    seconds to shut down, instead of expecting it to be shut down immediately
    after sending the killall. (LP: #1291378)
 -- Martin Pitt <email address hidden> Mon, 07 Jul 2014 07:56:43 +0200

Changed in nut (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers