Bug 1112136 - Rebase nss in RHEL 6.5.z to NSS 3.16.1 (anticipated minimum version for FF 31)
Summary: Rebase nss in RHEL 6.5.z to NSS 3.16.1 (anticipated minimum version for FF 31)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss
Version: 6.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Elio Maldonado Batiz
QA Contact: Hubert Kario
URL:
Whiteboard:
Depends On: 1099619
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-23 08:21 UTC by Jan Kurik
Modified: 2014-07-25 08:40 UTC (History)
13 users (show)

Fixed In Version: nss-3.16.1-4.el6_5, nss-util-3.16.1-1.el6_5
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Clone Of: 1099619
Environment:
Last Closed: 2014-07-22 18:00:38 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0917 normal SHIPPED_LIVE Critical: nss and nspr security, bug fix, and enhancement update 2014-07-22 21:59:48 UTC

Description Jan Kurik 2014-06-23 08:21:26 UTC
This bug has been copied from bug #1099619 and has been proposed
to be backported to 6.5 z-stream (EUS).

Comment 10 errata-xmlrpc 2014-07-22 18:00:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0917.html

Comment 11 Morten Stevens 2014-07-23 20:37:53 UTC
This rebase is a problem for the RHEL7 in-place upgrade!

el6: nss-3.16.1-2.el6_5
el7: nss-3.15.4-7.el7_0

RHEL6 has a newer version than RHEL7...

Comment 12 Elio Maldonado Batiz 2014-07-23 22:07:08 UTC
(In reply to Morten Stevens from comment #11)
> This rebase is a problem for the RHEL7 in-place upgrade!
> 
> el6: nss-3.16.1-2.el6_5
> el7: nss-3.15.4-7.el7_0
> 
> RHEL6 has a newer version than RHEL7...

Yes, that's a problem. Mozilla made their decision regarding a CVE so late that we were forced to just backport a fix rather than rebase as there wasn't enough time for various QE teams to test their products that depend on nss. It was decided to pospone the nss rebase to a subsequent async update which would give sufficient time for comprehensive testing. I posted comments at  https://bugzilla.redhat.com/show_bug.cgi?id=1112136#c11.

Comment 13 Elio Maldonado Batiz 2014-07-23 22:12:42 UTC
Wrong URL, see https://bugzilla.redhat.com/show_bug.cgi?id=1103252#c3 and subequent.

Comment 14 Ondrej Vasik 2014-07-25 07:43:33 UTC
We should document this issue in the KB about in-place upgrades - and recommend downgrade of this specific nss package(s) just before running in-place upgrade. We can deal with package downgrades, but only via preupgrade-assistant-contents - and they contain static lists valid at the time of the package build (unfortunately, we don't have other option, as in preupgrade-assistant we don't operate with RHEL7 repos). This causes issues with z-stream updates.


Note You need to log in before you can comment on or make changes to this bug.