Bug 1200905

Summary: Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11]
Product: Red Hat Enterprise Linux 5 Reporter: Elio Maldonado Batiz <emaldona>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.11CC: bgollahe, hkario, jherrman, jkurik, kengert, ksrot, rrelyea
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.18.0-6.el5_11 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
The nss packages have been upgraded to upstream version 3.18.0, and the nspr packages have been upgraded to upstream version 4.10.8. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 38 Extended Support Release.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-05 06:36:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1200921    
Bug Blocks: 1200500    
Attachments:
Description Flags
Patch to keep 1024 bit legacy CA certificates enabled in the NSS root CA module none

Description Elio Maldonado Batiz 2015-03-11 15:40:21 UTC 
Firefox 38 ESR, upstream release date is May 12 2015, requires nss-3.18.
Comment 1 Kai Engert (:kaie) (inactive account) 2015-03-11 17:14:10 UTC 
*** Bug 1200942 has been marked as a duplicate of this bug. ***
Comment 2 RHEL Program Management 2015-03-14 17:33:19 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Kai Engert (:kaie) (inactive account) 2015-03-25 17:29:09 UTC 
Created attachment 1006379 [details]
Patch to keep 1024 bit legacy CA certificates enabled in the NSS root CA module

I suggest to include this patch in the NSS 3.18 package.

It keeps the trust flags of legacy root CA certificates enabled, as they were before Mozilla decided to phase them out in Firefox.

This patch has the certificates that were changed in the upstream releases version 2.1, 2.2 and 2.3

See also this page which documents the changes:
https://fedoraproject.org/wiki/CA-Certificates
Comment 13 errata-xmlrpc 2015-05-05 06:36:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0925.html