guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSS test failure on armhf

From: Mark H Weaver
Subject: Re: NSS test failure on armhf
Date: Thu, 20 Apr 2017 17:52:10 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) 
Marius Bakke <address@hidden> writes:

> Marius Bakke <address@hidden> writes:
>
>>>> It turns out that the bug fix in 3.30.1 is critical: it fixes
>>>> CVE-2017-5461, a potential remote code execution vulnerability.  3.30.2
>>>> has since been released, so I'm currently testing it and will push an
>>>> update to it soon.  Any issues on armhf will need to be dealt with in
>>>> another way.
>>>
>>> Mark,
>>>
>>> I checked this. The upstream 3.30 branch[0] contains a fix, but it was
>>> not picked to the 3.30.2 release which only contains certificate
>>> changes[1].
>>>
>>> Squashing these two commits into one should fix the problem (the first
>>> fix was incomplete[2]):
>>>
>>> https://hg.mozilla.org/projects/nss/rev/802ec96a8dd1
>>> https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7

Good find, thank you!  Since seeing the above post, I prepared my own
patches to update NSS to 3.30.2 and disable the long b64 tests.

And now I see you've prepared your own patch that only updates to
3.30.1.  I'm not sure why we would consider rebuilding everything with
3.30.1 when 3.30.2 already exists, even if the only changes are to
certs.

I'll push this batch of patches soon, including fixes to graphite2 and
the icecat update, after a bit more testing.

     Thanks!
       Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]