Bug 1112136

Summary: Rebase nss in RHEL 6.5.z to NSS 3.16.1 (anticipated minimum version for FF 31)
Product: Red Hat Enterprise Linux 6 Reporter: Jan Kurik <jkurik>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: amarecek, emaldona, hkario, huzaifas, kengert, ksrot, ms, ovasik, pm-eus, rrelyea, salmy, sforsber, stransky
Target Milestone: rcKeywords: Rebase, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.16.1-4.el6_5, nss-util-3.16.1-1.el6_5 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: 1099619 Environment:
Last Closed: 2014-07-22 18:00:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1099619    
Bug Blocks:    

Description Jan Kurik 2014-06-23 08:21:26 UTC 
This bug has been copied from bug #1099619 and has been proposed
to be backported to 6.5 z-stream (EUS).
Comment 10 errata-xmlrpc 2014-07-22 18:00:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0917.html
Comment 11 Morten Stevens 2014-07-23 20:37:53 UTC 
This rebase is a problem for the RHEL7 in-place upgrade!

el6: nss-3.16.1-2.el6_5
el7: nss-3.15.4-7.el7_0

RHEL6 has a newer version than RHEL7...
Comment 12 Elio Maldonado Batiz 2014-07-23 22:07:08 UTC 
(In reply to Morten Stevens from comment #11)
> This rebase is a problem for the RHEL7 in-place upgrade!
> 
> el6: nss-3.16.1-2.el6_5
> el7: nss-3.15.4-7.el7_0
> 
> RHEL6 has a newer version than RHEL7...

Yes, that's a problem. Mozilla made their decision regarding a CVE so late that we were forced to just backport a fix rather than rebase as there wasn't enough time for various QE teams to test their products that depend on nss. It was decided to pospone the nss rebase to a subsequent async update which would give sufficient time for comprehensive testing. I posted comments at  https://bugzilla.redhat.com/show_bug.cgi?id=1112136#c11.
Comment 13 Elio Maldonado Batiz 2014-07-23 22:12:42 UTC 
Wrong URL, see https://bugzilla.redhat.com/show_bug.cgi?id=1103252#c3 and subequent.
Comment 14 Ondrej Vasik 2014-07-25 07:43:33 UTC 
We should document this issue in the KB about in-place upgrades - and recommend downgrade of this specific nss package(s) just before running in-place upgrade. We can deal with package downgrades, but only via preupgrade-assistant-contents - and they contain static lists valid at the time of the package build (unfortunately, we don't have other option, as in preupgrade-assistant we don't operate with RHEL7 repos). This causes issues with z-stream updates.