[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSS test failure on armhf

From: Marius Bakke
Subject: Re: NSS test failure on armhf
Date: Thu, 20 Apr 2017 21:28:10 +0200
User-agent: Notmuch/0.24.1 ( Emacs/25.1.1 (x86_64-unknown-linux-gnu)

Mark H Weaver <address@hidden> writes:

> Leo Famulari <address@hidden> writes:
>> On Mon, Apr 17, 2017 at 11:23:43PM +0200, Marius Bakke wrote:
>>> Hello!
>>> Since version 3.30.1, one test consistently fails on armhf. It is the
>>> same as in this bug report, although we don't see the exception:
>>> I initially thought this was due to stalls in the build process as we've
>>> seen before and tried increasing the timeouts in a790f2620, but that
>>> should probably be reverted.
>>> What should we do? We can either patch out this test, or go back to
>>> 3.30. Here are the release notes for 3.30.1:
>>> It fixes a non-public bug in the base64 implementation, but introduced a
>>> test failure on at least two arches.
>>> Any preference?
>> Since there were no changes to the set of certificates between 3.30 and
>> 3.30.1 [0], I would revert it for now.
> It turns out that the bug fix in 3.30.1 is critical: it fixes
> CVE-2017-5461, a potential remote code execution vulnerability.  3.30.2
> has since been released, so I'm currently testing it and will push an
> update to it soon.  Any issues on armhf will need to be dealt with in
> another way.


I checked this. The upstream 3.30 branch[0] contains a fix, but it was
not picked to the 3.30.2 release which only contains certificate

Squashing these two commits into one should fix the problem (the first
fix was incomplete[2]):


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]