diff --git a/nss-3.13.3-notimestamps.patch b/nss-3.13.3-notimestamps.patch
index 3de9f1a..f8f2387 100644
--- a/nss-3.13.3-notimestamps.patch
+++ b/nss-3.13.3-notimestamps.patch
@@ -1,7 +1,7 @@
-Index: nss-3.20.1/nss/lib/ckfw/pem/ckpemver.c
+Index: nss-3.34/nss/lib/ckfw/pem/ckpemver.c
 ===================================================================
---- nss-3.20.1.orig/nss/lib/ckfw/pem/ckpemver.c
-+++ nss-3.20.1/nss/lib/ckfw/pem/ckpemver.c
+--- nss-3.34.orig/nss/lib/ckfw/pem/ckpemver.c
++++ nss-3.34/nss/lib/ckfw/pem/ckpemver.c
 @@ -53,7 +53,7 @@
   */
  const char __nss_ckpem_rcsid[] = "$Header: NSS Access to Flat Files in PEM format"
diff --git a/nss-3.20.1.tar.gz b/nss-3.20.1.tar.gz
deleted file mode 100644
index eb79c5a..0000000
Binary files a/nss-3.20.1.tar.gz and /dev/null differ
diff --git a/nss-3.34.tar.gz b/nss-3.34.tar.gz
new file mode 100644
index 0000000..6de9810
Binary files /dev/null and b/nss-3.34.tar.gz differ
diff --git a/nss-pem-pobject-fix.patch b/nss-pem-pobject-fix.patch
new file mode 100644
index 0000000..9773f6a
--- /dev/null
+++ b/nss-pem-pobject-fix.patch
@@ -0,0 +1,34 @@
+--- nss/lib/ckfw/pem/pobject.c.orig	2014-01-23 16:28:18.000000000 +0200
++++ nss/lib/ckfw/pem/pobject.c	2017-11-23 10:27:54.223998464 +0200
+@@ -630,6 +630,11 @@ pem_DestroyInternalObject
+         if (io->u.key.ivstring)
+             free(io->u.key.ivstring);
+         break;
++    case pemAll:
++        /* pemAll is not used, keep the compiler happy
++         * TODO: investigate a proper solution
++         */
++        return;
+     }
+ 
+     if (NULL != gobj)
+@@ -1044,7 +1049,9 @@ pem_CreateObject
+     int nobjs = 0;
+     int i;
+     int objid;
++#if 0
+     pemToken *token;
++#endif
+     int cipher;
+     char *ivstring = NULL;
+     pemInternalObject *listObj = NULL;
+@@ -1073,7 +1080,9 @@ pem_CreateObject
+     }
+     slotID = nssCKFWSlot_GetSlotID(fwSlot);
+ 
++#if 0
+     token = (pemToken *) mdToken->etc;
++#endif
+ 
+     /*
+      * only create keys and certs.
diff --git a/nss-sysinit-userdb-first.patch b/nss-sysinit-userdb-first.patch
index eea78e6..526419a 100644
--- a/nss-sysinit-userdb-first.patch
+++ b/nss-sysinit-userdb-first.patch
@@ -1,54 +1,38 @@
-diff -up ./nss/lib/sysinit/nsssysinit.c.603313 ./nss/lib/sysinit/nsssysinit.c
---- ./nss/lib/sysinit/nsssysinit.c.603313	2010-10-15 13:57:42.719738316 -0700
-+++ ./nss/lib/sysinit/nsssysinit.c	2010-10-15 14:07:51.704637349 -0700
-@@ -263,16 +263,26 @@ get_list(char *filename, char *stripped_
+--- ./nss/lib/sysinit/nsssysinit.c.603313	2017-11-14 10:01:25.000000000 +0200
++++ ./nss/lib/sysinit/nsssysinit.c	2017-11-22 16:28:56.324234787 +0200
+@@ -231,6 +231,17 @@ get_list(char *filename, char *stripped_
      sysdb = getSystemDB();
      userdb = getUserDB();
  
--    /* Don't open root's user DB */
 +    /* return a list of databases to open. First the system database */
 +    if (sysdb) {
 +        const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
-+	module_list[next++] = PR_smprintf(
-+	    "library= "
-+	    "module=\"NSS system database\" "
-+	    "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
-+	    "NSS=\"trustOrder=80 %sflags=internal,critical\"",
++        module_list[next++] = PR_smprintf(
++            "library= "
++            "module=\"NSS system database\" "
++            "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
++            "NSS=\"trustOrder=80 %sflags=internal,critical\"",
 +            sysdb, readonly, nssflags);
 +    }
 +
-+    /* Next the user database, but not for root. */
+     /* Don't open root's user DB */
      if (userdb != NULL && !userIsRoot()) {
--	/* return a list of databases to open. First the user Database */
- 	module_list[next++] = PR_smprintf(
- 	    "library= "
- 	    "module=\"NSS User database\" "
- 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
--        "NSS=\"trustOrder=75 %sflags=internal%s\"",
--        userdb, stripped_parameters, nssflags,
--        isFIPS ? ",FIPS" : "");
-+            "NSS=\"trustOrder=75 %sflags=internal%s\"",
-+            userdb, stripped_parameters, nssflags,
-+            isFIPS ? ",FIPS" : "");
+         /* return a list of databases to open. First the user Database */
+@@ -252,17 +263,6 @@ get_list(char *filename, char *stripped_
+             userdb, stripped_parameters);
+     }
  
- 	/* now open the user's defined PKCS #11 modules */
- 	/* skip the local user DB entry */
-@@ -283,17 +293,7 @@ get_list(char *filename, char *stripped_
- 	    "module=\"NSS User database\" "
- 	    "parameters=\"configdir='sql:%s' %s\" "
- 	    "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"", 
--		userdb, stripped_parameters);
--	}
--
 -    /* now the system database (always read only unless it's root) */
 -    if (sysdb) {
--	    const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
--	    module_list[next++] = PR_smprintf(
--	      "library= "
--	      "module=\"NSS system database\" "
--	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
--	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
-+            userdb, stripped_parameters);
-     }
- 
+-        const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+-        module_list[next++] = PR_smprintf(
+-            "library= "
+-            "module=\"NSS system database\" "
+-            "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+-            "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+-            sysdb, readonly, nssflags);
+-    }
+-
      /* that was the last module */
+     module_list[next] = 0;
+ 
diff --git a/nss.changes b/nss.changes
index 1aa20d2..a586747 100644
--- a/nss.changes
+++ b/nss.changes
@@ -1,3 +1,7 @@
+* Wed Nov 22 2017 Raine Mäkeläinen <raine.makelainen@jollamobile.com> - 3.34.0
+- Update to 3.34.0
+- Fixes CVE-2017-7805, CVE-2017-5461, CVE-2016-1938, and CVE-2015-7575. Fixes JB#36180
+
 * Wed Nov 04 2015 Pasi Sjöholm <pasi.sjoholm@jollamobile.com> - 3.20.1
 - Update to 3.20.1
 - Fixes CVE-2015-7181 and CVE-2015-7182. Contributes to MER#1407
diff --git a/nss.spec b/nss.spec
index 6749054..c7e0505 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,9 +1,9 @@
-%define nspr_version 4.10.8
+%define nspr_version 4.17
 %define unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.20.1
+Version:          3.34
 Release:          1
 License:          MPLv2
 URL:              http://www.mozilla.org/projects/security/pki/nss/
@@ -37,6 +37,7 @@ Patch2:           nss-nolocalsql.patch
 Patch6:           nss-enable-pem.patch
 Patch8:           nss-sysinit-userdb-first.patch
 Patch9:           nss-3.13.3-notimestamps.patch
+Patch10:          nss-pem-pobject-fix.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -129,8 +130,9 @@ low level services.
 %patch1 -p0
 %patch2 -p0
 %patch6 -p0 -b .libpem
-%patch8 -p0 -b .rh603313
+%patch8 -p0
 %patch9 -p1 -b .timestamping
+%patch10 -p0
 
 %build