diff --git a/jss-5.4.2-nss-3.97.patch b/jss-5.4.2-nss-3.97.patch new file mode 100644 index 0000000..8b9d64d --- /dev/null +++ b/jss-5.4.2-nss-3.97.patch @@ -0,0 +1,40 @@ +From 130d543f3a7c33196bef386b4ee87ccc4ed53d0b Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Wed, 7 Feb 2024 14:59:31 -0600 +Subject: [PATCH] Update kea_alg_defs to match NSS 3.97 + +The kea_alg_defs array in SSLCipher.c has been updated to match +the one defined in NSS 3.97. The assertion that compares the size +of the array with ssl_kea_size has also been removed. These +changes will allow JSS to work with the newer NSS 3.97 on Fedora +Rawhide as well as the older NSS versions on other platforms. + +Resolves: https://github.com/dogtagpki/jss/issues/991 +--- + native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c b/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c +index 4f2dacb0b..ea739617a 100644 +--- a/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c ++++ b/native/src/main/native/org/mozilla/jss/ssl/SSLCipher.c +@@ -23,7 +23,7 @@ static const CK_MECHANISM_TYPE auth_alg_defs[] = { + }; + PR_STATIC_ASSERT(PR_ARRAY_SIZE(auth_alg_defs) == ssl_auth_size); + +-/* Copied from NSS's ssl3con.c. */ ++/* Copied from NSS 3.97's ssl3con.c. */ + static const CK_MECHANISM_TYPE kea_alg_defs[] = { + CKM_INVALID_MECHANISM, /* ssl_kea_null */ + CKM_RSA_PKCS, /* ssl_kea_rsa */ +@@ -33,8 +33,9 @@ static const CK_MECHANISM_TYPE kea_alg_defs[] = { + CKM_ECDH1_DERIVE, /* ssl_kea_ecdh_psk */ + CKM_DH_PKCS_DERIVE, /* ssl_kea_dh_psk */ + CKM_INVALID_MECHANISM, /* ssl_kea_tls13_any */ ++ CKM_INVALID_MECHANISM, /* ssl_kea_ecdh_hybrid */ ++ CKM_INVALID_MECHANISM, /* ssl_kea_ecdh_hybrid_psk */ + }; +-PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size); + + #ifdef HAVE_NSS_CIPHER_SUITE_INFO_KDFHASH + /* Not present in ssl3con.c. */ diff --git a/jss.spec b/jss.spec index 0b3c810..a3e30bd 100644 --- a/jss.spec +++ b/jss.spec @@ -27,7 +27,7 @@ Summary: Java Security Services (JSS) URL: https://github.com/dogtagpki/jss License: MPL-1.1 or GPL-2.0-or-later or LGPL-2.1-or-later Version: 5.4.2 -Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.3 +Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}.4 # To generate the source tarball: # $ git clone https://github.com/dogtagpki/jss.git @@ -45,6 +45,9 @@ Source: https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}% # > jss-VERSION-RELEASE.patch # Patch: jss-VERSION-RELEASE.patch +# https://github.com/dogtagpki/jss/pull/992 +Patch: jss-5.4.2-nss-3.97.patch + %if 0%{?fedora} && 0%{?fedora} > 35 ExclusiveArch: %{java_arches} %else @@ -215,6 +218,9 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA ################################################################################ %changelog +* Thu Feb 08 2024 Yaakov Selkowitz - 5.4.2-1.4 +- Fix compatibility with NSS 3.97 + * Wed Jan 24 2024 Fedora Release Engineering - 5.4.2-1.3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild