Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/jss.git#89bcbe8882b72b2957680ff66ec6a45ab234f0e8

.gitignore

@@ -30,3 +30,4 @@ jss-4.2.6.tar.gz
 /jss-4.7.0.tar.gz
 /jss-4.7.2.tar.gz
 /jss-4.7.3.tar.gz
+/jss-4.8.0-b1.tar.gz

jss-crypto-policies-1.patch

@@ -1,49 +0,0 @@
-From 1fb6097a2ab73ef897d011e7383d7f5f1bf6a1df Mon Sep 17 00:00:00 2001
-From: Alexander Scheel <ascheel@redhat.com>
-Date: Wed, 1 Jul 2020 12:41:20 -0400
-Subject: [PATCH] Replace SHA-1 signature with SHA-256
-
-A recent change in Fedora Rawhide's crypto-policies package caused
-failures in the tests like the following:
-
-    Exception in thread "main" java.io.IOException: SocketException cannot read on socket: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
-        at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1494)
-        at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:38)
-        at org.mozilla.jss.ssl.SSLInputStream.read(SSLInputStream.java:25)
-        at org.mozilla.jss.tests.SSLClientAuth.run(SSLClientAuth.java:435)
-        at java.lang.Thread.run(Thread.java:748)
-    Caused by: org.mozilla.jss.ssl.SSLSocketException: Error reading from socket: (-12271) SSL peer cannot verify your certificate.
-        at org.mozilla.jss.ssl.SSLSocket.socketRead(Native Method)
-        at org.mozilla.jss.ssl.SSLSocket.read(SSLSocket.java:1488)
-        ... 4 more
-    Server exiting
-    org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8016) Unknown error
-        at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
-        at org.mozilla.jss.tests.SSLClientAuth.testConnection(SSLClientAuth.java:345)
-        at org.mozilla.jss.tests.SSLClientAuth.doIt(SSLClientAuth.java:156)
-        at org.mozilla.jss.tests.SSLClientAuth.main(SSLClientAuth.java:90)
-
-This was caused by dropping SHA-1 as an allowed hash during handshakes.
-However, because SSLClientAuth manually generated its certificate (and
-explicitly asked for SHA-1), it failed.
-
-Switch to SHA-256 instead.
-
-Signed-off-by: Alexander Scheel <ascheel@redhat.com>
----
- org/mozilla/jss/tests/SSLClientAuth.java | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/org/mozilla/jss/tests/SSLClientAuth.java b/org/mozilla/jss/tests/SSLClientAuth.java
-index 6f1fd2b12..bf270a634 100644
---- a/org/mozilla/jss/tests/SSLClientAuth.java
-+++ b/org/mozilla/jss/tests/SSLClientAuth.java
-@@ -28,7 +28,7 @@
-     
-     private CryptoManager cm;
-     public static final SignatureAlgorithm sigAlg =
--            SignatureAlgorithm.RSASignatureWithSHA1Digest;
-+            SignatureAlgorithm.RSASignatureWithSHA256Digest;
-     
-     /**
-      * Method that generates a certificate for given credential

jss-crypto-policies-2.patch

@@ -1,47 +0,0 @@
-From 8ed5a82a973922d07d0610fd42c48b2a0ec97d6c Mon Sep 17 00:00:00 2001
-From: Alexander Scheel <ascheel@redhat.com>
-Date: Wed, 1 Jul 2020 12:44:53 -0400
-Subject: [PATCH] Remove all legacy DSS/DSA tests
-
-The only signature algorithm suppoted with DSS is SHA-1, which will soon
-become deprecated and broken. DSS itself isn't widely used either, so we
-should remove it from the test suite as well.
-
-Signed-off-by: Alexander Scheel <ascheel@redhat.com>
----
- cmake/JSSTests.cmake | 12 +-----------
- 1 file changed, 1 insertion(+), 11 deletions(-)
-
-diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake
-index a26b95425..a0fe36e22 100644
---- a/cmake/JSSTests.cmake
-+++ b/cmake/JSSTests.cmake
-@@ -170,11 +170,6 @@ macro(jss_tests)
-         COMMAND "org.mozilla.jss.tests.GenerateTestCert" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "30" "localhost" "SHA-256/EC" "CA_ECDSA" "Server_ECDSA" "Client_ECDSA"
-         DEPENDS "Generate_known_RSA_cert_pair"
-     )
--    jss_test_java(
--        NAME "Generate_known_DSS_cert_pair"
--        COMMAND "org.mozilla.jss.tests.GenerateTestCert" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "40" "localhost" "SHA-1/DSA" "CA_DSS" "Server_DSS" "Client_DSS"
--        DEPENDS "Generate_known_ECDSA_cert_pair"
--    )
-     jss_test_exec(
-         NAME "Create_PKCS11_cert_to_PKCS12_rsa.pfx"
-         COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/rsa.pfx" "-n" "CA_RSA" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
-@@ -185,15 +180,10 @@ macro(jss_tests)
-         COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/ecdsa.pfx" "-n" "CA_ECDSA" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
-         DEPENDS "Generate_known_ECDSA_cert_pair"
-     )
--    jss_test_exec(
--        NAME "Create_PKCS11_cert_to_PKCS12_dss.pfx"
--        COMMAND "pk12util" "-o" "${RESULTS_NSSDB_OUTPUT_DIR}/dss.pfx" "-n" "CA_DSS" "-d" "${RESULTS_NSSDB_OUTPUT_DIR}" "-K" "${DB_PWD}" "-W" "${DB_PWD}"
--        DEPENDS "Generate_known_DSS_cert_pair"
--    )
-     jss_test_java(
-         NAME "List_CA_certs"
-         COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose"
--        DEPENDS "Generate_known_DSS_cert_pair"
-+        DEPENDS "Generate_known_ECDSA_cert_pair"
-     )
-     jss_test_java(
-         NAME "SSLClientAuth"

jss.spec

@@ -6,9 +6,9 @@ Summary:        Java Security Services (JSS)
 URL:            http://www.dogtagpki.org/wiki/JSS
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
-Version:        4.7.3
+Version:        4.8.0
-Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
+Release:        0.1%{?_timestamp}%{?_commit_id}%{?dist}
-#global         _phase -a1
+%global         _phase -b1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@@ -50,7 +50,7 @@ BuildRequires:  glassfish-jaxb-api
 %else
 BuildRequires:  slf4j-jdk14
 %endif
-BuildRequires:  apache-commons-lang
+BuildRequires:  apache-commons-lang3
 
 BuildRequires:  junit
 
@@ -64,7 +64,7 @@ Requires:       glassfish-jaxb-api
 %else
 Requires:       slf4j-jdk14
 %endif
-Requires:       apache-commons-lang
+Requires:       apache-commons-lang3
 
 Conflicts:      ldapjdk < 4.20
 Conflicts:      idm-console-framework < 1.2
@@ -108,26 +108,13 @@ export CFLAGS
 # Check if we're in FIPS mode
 modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
 
-# RHEL's CMake doesn't support -B flag.
-%if 0%{?rhel}
-%{__mkdir_p} %{_vpath_builddir}
-cd %{_vpath_builddir}
-%endif
-
 # The Makefile is not thread-safe
 %cmake \
     -DJAVA_HOME=%{java_home} \
     -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-%if 0%{?rhel}
-    ..
-%else
     -B %{_vpath_builddir}
-%endif
 
-%if 0%{?fedora}
 cd %{_vpath_builddir}
-%endif
-
 %{__make} all
 %{__make} javadoc
 ctest --output-on-failure
@@ -173,6 +160,9 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 
 ################################################################################
 %changelog
+* Wed Oct 21 2020 Dogtag PKI Team <pki-devel@redhat.com> - 4.8.0-b1
+- Rebase to upstream beta release JSS v4.8.0-b1
+
 * Fri Sep 11 2020 Dogtag PKI Team <pki-devel@redhat.com> - 4.7.3-1
 - Rebase to upstream stable release JSS v4.7.3
 

sources

@@ -1 +1 @@
-SHA512 (jss-4.7.3.tar.gz) = 9358cf78d99e5e32a07dd457d6b0c916bdf9bf6959efe889f1cb91af75aa79fc419c2d057a40bfbe4e2a4924bffc1cafa04d917622cafe07062bcb633f330f98
+SHA512 (jss-4.8.0-b1.tar.gz) = 5601922b1c2e8006951a01e50486f585e2f6e3c0cd987a7e75c62755b4e14e2c7d489b583f92ba09281ceee2b5b1363f3d8fc94b039232fb3694975bd041a332