[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Regression problem, call for advice Re: Call for advice and testing of nss (and nspr) and intention to upload correction

Hi Ola,

On Fri, Nov 04, 2016 at 01:17:36PM +0100, Ola Lundqvist wrote:
[..snip analysis..]
> As I can see it there are the following options:
> 1) Do nothing. Let it be like this. We have a regression problem but only
> for software that fork and use nss in several threads.
> 2) Try to reverse the library split. This is a non-trivial task.
> 3) Try to fix the dlopen problem. I have tried in many ways but always
> fail. If anyone have a really good idea about this, please let me know.
> 4) Reverse the whole nss update. I'm not 100% sure how to do that as we did
> a version update and it is hard to "downgrade". We can certainly fix the
> CVE that this update solved. It should not be too hard.
> What do you all think is the best option?

I would neither do 4 (it's good to have newer nspr/nss, see #824872) or
2 (would deviate us from stretch, jessie and upstream). Given we don't
find other regressions it'd go for 3 or 1.

Although chromium is unsupported there might be people using it to
access "trusted" hosts for things that dont work with Firefix (at least
VCenter comes to mind).

Did you check what upstream chromium did when they updated nss? Maybe we
can cherry-pick a simple fix from there? If not this just leaves us with 1.

 -- Guido

Reply to: