Mark H Weaver writes: > Leo Famulari writes: > >> On Mon, Apr 17, 2017 at 11:23:43PM +0200, Marius Bakke wrote: >>> Hello! >>> >>> Since version 3.30.1, one test consistently fails on armhf. It is the >>> same as in this bug report, although we don't see the exception: >>> >>> https://bugzilla.mozilla.org/show_bug.cgi?id=1351459 >>> >>> I initially thought this was due to stalls in the build process as we've >>> seen before and tried increasing the timeouts in a790f2620, but that >>> should probably be reverted. >>> >>> What should we do? We can either patch out this test, or go back to >>> 3.30. Here are the release notes for 3.30.1: >>> >>> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes >>> >>> It fixes a non-public bug in the base64 implementation, but introduced a >>> test failure on at least two arches. >>> >>> Any preference? >> >> Since there were no changes to the set of certificates between 3.30 and >> 3.30.1 [0], I would revert it for now. > > It turns out that the bug fix in 3.30.1 is critical: it fixes > CVE-2017-5461, a potential remote code execution vulnerability. 3.30.2 > has since been released, so I'm currently testing it and will push an > update to it soon. Any issues on armhf will need to be dealt with in > another way. Mark, I checked this. The upstream 3.30 branch[0] contains a fix, but it was not picked to the 3.30.2 release which only contains certificate changes[1]. Squashing these two commits into one should fix the problem (the first fix was incomplete[2]): https://hg.mozilla.org/projects/nss/rev/802ec96a8dd1 https://hg.mozilla.org/projects/nss/rev/00b2cc2b33c7 [0] https://hg.mozilla.org/projects/nss/shortlog/NSS_3_30_BRANCH [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.2_release_notes [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1351459#c6