[Pkg-javascript-devel] Bug#1112009: Bug#1112009: node-cipher-base: autopkgtest regression on s390x: endianness issue

Mon, 25 Aug 2025 03:23:10 -0700 

On 8/25/25 07:52, Paul Gevers wrote:

Source: node-cipher-base
Version: 1.0.6-1
Severity: serious
User: debian...@lists.debian.org
Usertags: regression
X-Debbugs-CC: debian-s...@lists.debian.org
User: debian-s...@lists.debian.org
Usertags: s390x

Dear maintainer(s),
With a recent upload of node-cipher-base the autopkgtest of node-cipher- base fails in testing when that autopkgtest is run with the binary packages of node-cipher-base from unstable. Looking at the output, it seems that the fix for CVE-2025-9287 has endianness problem (bytes are swapped). I have no idea if this is a test only problem, or the patch has a problem. I copied some of the output at the bottom of this report.
Currently this regression is blocking the migration to testing [1]. Can you please investigate the situation and fix it? 

Paul

[1] https://qa.debian.org/excuses.php?package=node-cipher-base
https://ci.debian.net/data/autopkgtest/testing/s390x/n/node-cipher- base/63663875/log.gz 


  84s not ok 17 should be strictly equal
  84s   ---
  84s     operator: equal
  84s     expected: 'd2040002'
  84s     actual:   '04d20200'
 84s     at: Test.<anonymous> (/tmp/autopkgtest-lxc.7hdyz_hz/downtmp/ autopkgtest_tmp/smokegJXUWQ/test/index.js:215:5) 
  84s     stack: |-
  84s       Error: should be strictly equal
 84s           at Test.assert [as _assert] (/usr/share/nodejs/tape/lib/ test.js:312:48)  84s           at Test.bound [as _assert] (/usr/share/nodejs/tape/lib/ test.js:95:17)  84s           at Test.strictEqual (/usr/share/nodejs/tape/lib/ test.js:476:7)  84s           at Test.bound [as equals] (/usr/share/nodejs/tape/lib/ test.js:95:17)  84s           at Test.<anonymous> (/tmp/autopkgtest-lxc.7hdyz_hz/ downtmp/autopkgtest_tmp/smokegJXUWQ/test/index.js:215:5)  84s           at Test.bound [as _cb] (/usr/share/nodejs/tape/lib/ test.js:95:17) 
  84s           at Test.run (/usr/share/nodejs/tape/lib/test.js:115:28)
 84s           at Test.bound [as run] (/usr/share/nodejs/tape/lib/ test.js:95:17)  84s           at Immediate.next [as _onImmediate] (/usr/share/nodejs/ tape/lib/results.js:157:7) 
  84s           at process.processImmediate (node:internal/timers:483:21)
  84s   ...
  84s  84s 1..17
  84s # tests 17
  84s # pass  16
  84s # fail  1
  84s  84s autopkgtest [18:12:07]: test pkg-js-autopkgtest
It's not really a regression, but a new test added in last version that shows a different behavior between big-endian and little-endian platforms. 
I asked to upstream what should be fixed; the test or the code

--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to