[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSS test failure on armhf

From: Marius Bakke
Subject: Re: NSS test failure on armhf
Date: Thu, 20 Apr 2017 23:14:58 +0200
User-agent: Notmuch/0.24.1 ( Emacs/25.1.1 (x86_64-unknown-linux-gnu)

Marius Bakke <address@hidden> writes:

>>> It turns out that the bug fix in 3.30.1 is critical: it fixes
>>> CVE-2017-5461, a potential remote code execution vulnerability.  3.30.2
>>> has since been released, so I'm currently testing it and will push an
>>> update to it soon.  Any issues on armhf will need to be dealt with in
>>> another way.
>> Mark,
>> I checked this. The upstream 3.30 branch[0] contains a fix, but it was
>> not picked to the 3.30.2 release which only contains certificate
>> changes[1].
>> Squashing these two commits into one should fix the problem (the first
>> fix was incomplete[2]):
> Here is a patch that updates to 3.30.1 and disables the b64 test.
> I'm building it on x86_64 now, but think it should be safe to push.
> What do you think?
> From 7f1a8eda567edb851e0f2cd1f08c6ac07e8a45cd Mon Sep 17 00:00:00 2001
> From: Marius Bakke <address@hidden>
> Date: Thu, 20 Apr 2017 21:36:21 +0200
> Subject: [PATCH] gnu: nss: Update to 3.30.1 [fixes CVE-2017-5461].
> * gnu/packages/patches/nss-disable-b64_unittest.patch: New file.
> * gnu/ (dist_patch_DATA): Add it.
> * gnu/packages/gnuzilla.scm (nss): Update to 3.30.1.
> [source]: Use it.

This built successfully on x86_64. Here's an excerpt from the log:

'B64EncodeDecodeTest: DISABLED_LongFakeDecTest1' SKIPPED
'B64EncodeDecodeTest: DISABLED_LongFakeEncDecTest1' SKIPPED
'B64EncodeDecodeTest: DISABLED_LongFakeEncDecTest2' SKIPPED

Are you currently building a version of this patch on armhf? If not I'd
like to push it.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]