Re: NSS test failure on armhf

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSS test failure on armhf

From:	Marius Bakke
Subject:	Re: NSS test failure on armhf
Date:	Thu, 20 Apr 2017 21:43:26 +0200
User-agent:	Notmuch/0.24.1 (https://notmuchmail.org) Emacs/25.1.1 (x86_64-unknown-linux-gnu)

Marius Bakke <address@hidden> writes:

> Mark H Weaver <address@hidden> writes:
>
>> Leo Famulari <address@hidden> writes:
>>
>>> On Mon, Apr 17, 2017 at 11:23:43PM +0200, Marius Bakke wrote:
>>>> Hello!
>>>> 
>>>> Since version 3.30.1, one test consistently fails on armhf. It is the
>>>> same as in this bug report, although we don't see the exception:
>>>> 
>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1351459
>>>> 
>>>> I initially thought this was due to stalls in the build process as we've
>>>> seen before and tried increasing the timeouts in a790f2620, but that
>>>> should probably be reverted.
>>>> 
>>>> What should we do? We can either patch out this test, or go back to
>>>> 3.30. Here are the release notes for 3.30.1:
>>>> 
>>>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
>>>> 
>>>> It fixes a non-public bug in the base64 implementation, but introduced a
>>>> test failure on at least two arches.
>>>> 
>>>> Any preference?
>>>
>>> Since there were no changes to the set of certificates between 3.30 and
>>> 3.30.1 [0], I would revert it for now.
>>
>> It turns out that the bug fix in 3.30.1 is critical: it fixes
>> CVE-2017-5461, a potential remote code execution vulnerability.  3.30.2
>> has since been released, so I'm currently testing it and will push an
>> update to it soon.  Any issues on armhf will need to be dealt with in
>> another way.
>
> Mark,
>
> I checked this. The upstream 3.30 branch[0] contains a fix, but it was
> not picked to the 3.30.2 release which only contains certificate
> changes[1].
>
> Squashing these two commits into one should fix the problem (the first
> fix was incomplete[2]):
>
> https://hg.mozilla.org/projects/nss/rev/802ec96a8dd1
> https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7

Here is a patch that updates to 3.30.1 and disables the b64 test.

I'm building it on x86_64 now, but think it should be safe to push.

What do you think?

0001-gnu-nss-Update-to-3.30.1-and-disable-failing-test-fi.patch
Description: Text Data

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

NSS test failure on armhf, Marius Bakke, 2017/04/17
- Re: NSS test failure on armhf, Leo Famulari, 2017/04/17
  - Re: NSS test failure on armhf, Marius Bakke, 2017/04/17
  - Re: NSS test failure on armhf, Mark H Weaver, 2017/04/20
    - Re: NSS test failure on armhf, Leo Famulari, 2017/04/20
    - Re: NSS test failure on armhf, Marius Bakke, 2017/04/20
    - Re: NSS test failure on armhf, Marius Bakke <=
    - Re: NSS test failure on armhf, Marius Bakke, 2017/04/20
    - Re: NSS test failure on armhf, Mark H Weaver, 2017/04/20
    - Re: NSS test failure on armhf, Marius Bakke, 2017/04/20

Prev by Date: Re: NSS test failure on armhf
Next by Date: Re: [PATCH] DRAFT: gnu: icecat: Update to 52.0.2-gnu1; add fixes from ESR 52.1.
Previous by thread: Re: NSS test failure on armhf
Next by thread: Re: NSS test failure on armhf
Index(es):
- Date
- Thread