From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: NSS test failure on armhf
Date: Thu, 20 Apr 2017 14:39:17 -0400
Message-ID: <87k26e7wkq.fsf@netris.org>
References: <874lxmlodc.fsf@fastmail.com> <20170417215234.GA32573@jasmine>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45136)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1d1GzO-00085T-RJ
	for guix-devel@gnu.org; Thu, 20 Apr 2017 14:39:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1d1GzK-000234-VT
	for guix-devel@gnu.org; Thu, 20 Apr 2017 14:39:34 -0400
Received: from world.peace.net ([50.252.239.5]:50636)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <mhw@netris.org>) id 1d1GzK-00022r-RR
	for guix-devel@gnu.org; Thu, 20 Apr 2017 14:39:30 -0400
In-Reply-To: <20170417215234.GA32573@jasmine> (Leo Famulari's message of "Mon,
	17 Apr 2017 17:52:34 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

Leo Famulari <leo@famulari.name> writes:

> On Mon, Apr 17, 2017 at 11:23:43PM +0200, Marius Bakke wrote:
>> Hello!
>> 
>> Since version 3.30.1, one test consistently fails on armhf. It is the
>> same as in this bug report, although we don't see the exception:
>> 
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1351459
>> 
>> I initially thought this was due to stalls in the build process as we've
>> seen before and tried increasing the timeouts in a790f2620, but that
>> should probably be reverted.
>> 
>> What should we do? We can either patch out this test, or go back to
>> 3.30. Here are the release notes for 3.30.1:
>> 
>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
>> 
>> It fixes a non-public bug in the base64 implementation, but introduced a
>> test failure on at least two arches.
>> 
>> Any preference?
>
> Since there were no changes to the set of certificates between 3.30 and
> 3.30.1 [0], I would revert it for now.

It turns out that the bug fix in 3.30.1 is critical: it fixes
CVE-2017-5461, a potential remote code execution vulnerability.  3.30.2
has since been released, so I'm currently testing it and will push an
update to it soon.  Any issues on armhf will need to be dealt with in
another way.

      Mark