Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1422165 - Export CERT_CompareAVA, and Export PK11_HasAttributeSet, required by Firefox to distinguish Mozilla Policy CAs [RHEL 7.x]
Export CERT_CompareAVA, and Export PK11_HasAttributeSet, required by Firefox ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Daiki Ueno
Hubert Kario
:
: 1418891 (view as bug list)
Depends On:
Blocks: 1414564
  Show dependency treegraph
 
Reported: 2017-02-14 10:50 EST by Kai Engert (:kaie) (inactive account)
Modified: 2017-08-01 12:50 EDT (History)
4 users (show)

See Also:
Fixed In Version: nss-3.28.3-4.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 12:50:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
nss-util-1334976-1336487.patch (641 bytes, patch)
2017-03-10 07:41 EST, Kai Engert (:kaie) (inactive account) 		no flags Details | Diff
nss-1334976-1336487-1345083.patch (179.02 KB, patch)
2017-03-10 07:42 EST, Kai Engert (:kaie) (inactive account) 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1334976 None None None 2017-02-14 10:50 EST
Red Hat Product Errata RHEA-2017:1977 normal SHIPPED_LIVE nss bug fix and enhancement update 2017-08-01 13:57:47 EDT

  None (edit)
Description Kai Engert (:kaie) (inactive account) 2017-02-14 10:50:53 EST 
In order to fix bug 1414564, we require that NSS exports function PK11_HasAttributeSet.

It's required to allow Firefox to query p11-kit-trust (or libnssckbi) for the new pkcs#11 attribute, that allows it to distinguish between Mozilla Policy CAs and locally installed CAs.

The linked upstream bug will export that API in NSS 3.30.

We need to decide if this can be backported to NSS 3.28.x without rebasing.
(We probably can, by using the correct version number 3.30 in the nss.def file, IIRC we have done similar things in the past.)
Comment 3 Kai Engert (:kaie) (inactive account) 2017-03-10 07:41 EST 
Created attachment 1261929 [details]
nss-util-1334976-1336487.patch

nss-util patch
Comment 4 Kai Engert (:kaie) (inactive account) 2017-03-10 07:42 EST 
Created attachment 1261930 [details]
nss-1334976-1336487-1345083.patch

nss patch
Comment 5 Kai Engert (:kaie) (inactive account) 2017-03-10 07:44:38 EST 
Daiki, could you please add these patches to nss-util and nss?

I've used the patches we already have in Fedora, and on top of that, I added the fix from upstream 1345083.

I think it's OK to commit the nss-util patch with "Related: this bug number"

This patch also includes the fix for bug 1418891.
Comment 6 Kai Engert (:kaie) (inactive account) 2017-03-10 07:47:43 EST 
*** Bug 1418891 has been marked as a duplicate of this bug. ***
Comment 10 errata-xmlrpc 2017-08-01 12:50:07 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1977
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.