1200905 – Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11]

Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11]

Summary: Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	nss
Sub Component:
Version:	5.11
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Elio Maldonado Batiz
QA Contact:	Alicja Kario
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1200942 (view as bug list)
Depends On:	1200921
Blocks:	1200500
TreeView+	depends on / blocked

Reported:	2015-03-11 15:40 UTC by Elio Maldonado Batiz
Modified:	2015-05-05 06:36 UTC (History)
CC List:	7 users (show)
Fixed In Version:	nss-3.18.0-6.el5_11
Doc Type:	Rebase: Bug Fixes and Enhancements
Doc Text:	The nss packages have been upgraded to upstream version 3.18.0, and the nspr packages have been upgraded to upstream version 4.10.8. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 38 Extended Support Release.
Clone Of:
Environment:
Last Closed:	2015-05-05 06:36:20 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Patch to keep 1024 bit legacy CA certificates enabled in the NSS root CA module (117.31 KB, patch) 2015-03-25 17:29 UTC, Kai Engert (:kaie) (inactive account)	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0925	0	normal	SHIPPED_LIVE	nss and nspr bug fix and enhancement update	2015-05-05 10:36:01 UTC

Description Elio Maldonado Batiz 2015-03-11 15:40:21 UTC

Firefox 38 ESR, upstream release date is May 12 2015, requires nss-3.18.

Comment 1 Kai Engert (:kaie) (inactive account) 2015-03-11 17:14:10 UTC

*** Bug 1200942 has been marked as a duplicate of this bug. ***

Comment 2 RHEL Program Management 2015-03-14 17:33:19 UTC

This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 5 Kai Engert (:kaie) (inactive account) 2015-03-25 17:29:09 UTC

Created attachment 1006379 [details]
Patch to keep 1024 bit legacy CA certificates enabled in the NSS root CA module

I suggest to include this patch in the NSS 3.18 package.

It keeps the trust flags of legacy root CA certificates enabled, as they were before Mozilla decided to phase them out in Firefox.

This patch has the certificates that were changed in the upstream releases version 2.1, 2.2 and 2.3

See also this page which documents the changes:
https://fedoraproject.org/wiki/CA-Certificates

Comment 13 errata-xmlrpc 2015-05-05 06:36:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0925.html

Note You need to log in before you can comment on or make changes to this bug.