diff --git a/SOURCES/nss-646045.patch b/SOURCES/nss-646045.patch
deleted file mode 100644
index 765f25e..0000000
--- a/SOURCES/nss-646045.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-diff --git a/tests/dbtests/dbtests.sh b/tests/dbtests/dbtests.sh
---- a/tests/dbtests/dbtests.sh
-+++ b/tests/dbtests/dbtests.sh
-@@ -165,28 +165,28 @@ dbtest_main()
-     # opens immediately see the files are readonly.  As a
-     # workaround we open the files once first.  (Bug 185074)
-     if [ "${OS_ARCH}" = "Darwin" ]; then
-         cat $RONLY_DIR/* > /dev/null
-     fi
- 
-     # skipping the next two tests when user is root,
-     # otherwise they would fail due to rooty powers
--    if [ $UID -ne 0 ]; then
-+    if [[ $UID -ne 0 ]]; then
-       ${BINDIR}/dbtest -d $RONLY_DIR
-     ret=$?
-     if [ $ret -ne 46 ]; then
-       html_failed "Dbtest r/w succeeded in a readonly directory $ret"
-     else
-       html_passed "Dbtest r/w didn't work in an readonly dir $ret" 
-     fi
-     else
-       html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
-     fi
--    if [ $UID -ne 0 ]; then
-+    if [[ $UID -ne 0 ]]; then
-       ${BINDIR}/certutil -D -n "TestUser" -d .
-     ret=$?
-     if [ $ret -ne 255 ]; then
-       html_failed "Certutil succeeded in deleting a cert in a readonly directory $ret"
-     else
-       html_passed "Certutil didn't work in an readonly dir $ret"
-     fi
-     else
diff --git a/SOURCES/nss-sni-c-v-fix.patch b/SOURCES/nss-sni-c-v-fix.patch
index 3e2fea2..cc52515 100644
--- a/SOURCES/nss-sni-c-v-fix.patch
+++ b/SOURCES/nss-sni-c-v-fix.patch
@@ -1,6 +1,6 @@
-diff -up ./nss/tests/ssl/sslauth.txt.sni_c_v_fix ./nss/tests/ssl/sslauth.txt
---- ./nss/tests/ssl/sslauth.txt.sni_c_v_fix	2016-08-16 12:48:58.886105082 +0200
-+++ ./nss/tests/ssl/sslauth.txt	2016-08-16 12:51:29.142147183 +0200
+diff -up nss/tests/ssl/sslauth.txt.sni_c_v_fix nss/tests/ssl/sslauth.txt
+--- nss/tests/ssl/sslauth.txt.sni_c_v_fix	2017-04-05 14:23:56.000000000 +0200
++++ nss/tests/ssl/sslauth.txt	2017-06-02 10:22:27.457072785 +0200
 @@ -64,13 +64,13 @@
  #
  # SNI Tests
@@ -16,6 +16,6 @@ diff -up ./nss/tests/ssl/sslauth.txt.sni_c_v_fix ./nss/tests/ssl/sslauth.txt
 +  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser                          TLS Server hello response without SNI
    SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
 -  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
-+  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
++  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
    SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
    SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
diff --git a/SOURCES/nss-sysinit-getenv.patch b/SOURCES/nss-sysinit-getenv.patch
new file mode 100644
index 0000000..d3f47bc
--- /dev/null
+++ b/SOURCES/nss-sysinit-getenv.patch
@@ -0,0 +1,57 @@
+diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
+--- a/lib/sysinit/nsssysinit.c
++++ b/lib/sysinit/nsssysinit.c
+@@ -1,11 +1,15 @@
+ /* This Source Code Form is subject to the terms of the Mozilla Public
+  * License, v. 2.0. If a copy of the MPL was not distributed with this
+  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
++
++#define _GNU_SOURCE 1
++#include <stdlib.h>
++
+ #include "seccomon.h"
+ #include "prio.h"
+ #include "prprf.h"
+ #include "plhash.h"
+ #include "prenv.h"
+ 
+ /*
+  * The following provides a default example for operating systems to set up
+@@ -37,17 +41,17 @@ testdir(char *dir)
+     return S_ISDIR(buf.st_mode);
+ }
+ 
+ #define NSS_USER_PATH1 "/.pki"
+ #define NSS_USER_PATH2 "/nssdb"
+ static char *
+ getUserDB(void)
+ {
+-    char *userdir = PR_GetEnvSecure("HOME");
++    char *userdir = secure_getenv("HOME");
+     char *nssdir = NULL;
+ 
+     if (userdir == NULL) {
+         return NULL;
+     }
+ 
+     nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
+     if (nssdir == NULL) {
+@@ -129,17 +133,17 @@ userCanModifySystemDB()
+ #else
+ #error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
+ #endif
+ #endif
+ 
+ static PRBool
+ getFIPSEnv(void)
+ {
+-    char *fipsEnv = PR_GetEnvSecure("NSS_FIPS");
++    char *fipsEnv = secure_getenv("NSS_FIPS");
+     if (!fipsEnv) {
+         return PR_FALSE;
+     }
+     if ((strcasecmp(fipsEnv, "fips") == 0) ||
+         (strcasecmp(fipsEnv, "true") == 0) ||
+         (strcasecmp(fipsEnv, "on") == 0) ||
+         (strcasecmp(fipsEnv, "1") == 0)) {
+         return PR_TRUE;
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index aaaa8d1..bb0ec75 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -27,7 +27,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.28.4
-Release:          8%{?dist}
+Release:          11%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -92,7 +92,6 @@ Source32:         nss-rhel7.config
 Patch2:           add-relro-linker-option.patch
 Patch3:           renegotiate-transitional.patch
 Patch16:          nss-539183.patch
-Patch18:          nss-646045.patch
 # TODO: Remove this patch when the ocsp test are fixed
 Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator
@@ -151,6 +150,9 @@ Patch138: nss-pk12util.patch
 Patch139: nss-disable-pss-gtests.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1328122
 Patch140: nss-ssl3gthr.patch
+# Work around for yum
+# https://bugzilla.redhat.com/show_bug.cgi?id=1469526
+Patch141: nss-sysinit-getenv.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -263,6 +265,7 @@ pushd nss
 %patch138 -p1 -b .pk12util
 %patch139 -p1 -b .disable-pss-gtests
 %patch140 -p1 -b .ssl3gthr
+%patch141 -p1 -b .sysinit-getenv
 popd
 
 #########################################################
@@ -853,6 +856,16 @@ fi
 
 
 %changelog
+* Fri Jul 14 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-11
+- Rebuild to get correct release suffix (.el7 -> .el7_4)
+
+* Thu Jul 13 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-10
+- Work around yum crash due to new NSPR symbol being used in nss-sysinit,
+  patch by Kai Engert
+
+* Fri Jun  2 2017 Daiki Ueno <dueno@redhat.com> - 3.28.4-9
+- Fix typo in nss-sni-c-v-fix.patch
+
 * Fri May  5 2017 Kai Engert <kaie@redhat.com> - 3.28.4-8
 - Include CKBI 2.14 and updated CA constraints from NSS 3.28.5