.gitignore

@@ -1 +1 @@
-SOURCES/jss-4.8.1.tar.gz
+SOURCES/jss-4.11.0.tar.gz

.jss.metadata

@@ -1 +1 @@
-5bf724d866e8fd7e577ffdecb06dbb679b113ce3 SOURCES/jss-4.8.1.tar.gz
+a068537cd958000dcd3b34847533101f95fc792b SOURCES/jss-4.11.0.tar.gz

SPECS/jss.spec

@@ -2,13 +2,23 @@
 Name:           jss
 ################################################################################
 
+%global         product_id idm-jss
+
+# Upstream version number:
+%global         major_version 4
+%global         minor_version 11
+%global         update_version 0
+
 Summary:        Java Security Services (JSS)
-URL:            http://www.dogtagpki.org/wiki/JSS
+URL:            https://github.com/dogtagpki/jss
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
-Version:        4.8.1
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
-Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-#global         _phase -a1
+%global         release_number 1
+Version:        %{major_version}.%{minor_version}.%{update_version}
+Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}
+#global         _phase -alpha1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@@ -17,7 +27,11 @@ Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
 # $ git push origin v4.5.<z>
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
-Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
+Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?_phase}/jss-%{version}%{?_phase}.tar.gz
+
+# md2man not available on i686
+ExcludeArch: i686
+
 
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@@ -26,78 +40,110 @@ Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
 
+################################################################################
+# Java
+################################################################################
+
+%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
+%define java_devel java-1.8.0-openjdk-devel
+%define java_headless java-1.8.0-openjdk-headless
+%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
+%else
+%define java_devel java-11-openjdk-devel
+%define java_headless java-11-openjdk-headless
+%define java_home /usr/lib/jvm/jre-11-openjdk
+%endif
+
+################################################################################
+# Build Options
+################################################################################
+
+# By default the build will execute unit tests unless --without tests
+# option is specified.
+
+%bcond_without tests
+
 ################################################################################
 # Build Dependencies
 ################################################################################
 
-# autosetup
-BuildRequires:  git
 BuildRequires:  make
 BuildRequires:  cmake >= 3.14
 BuildRequires:  zip
 BuildRequires:  unzip
 
 BuildRequires:  gcc-c++
-BuildRequires:  nspr-devel >= 4.13.1
 BuildRequires:  nss-devel >= 3.44
 BuildRequires:  nss-tools >= 3.44
-BuildRequires:  java-devel
+BuildRequires:  %{java_devel}
 BuildRequires:  jpackage-utils
 BuildRequires:  slf4j
 BuildRequires:  glassfish-jaxb-api
-%if 0%{?rhel} && 0%{?rhel} <= 7
-# no slf4j-jdk14
-%else
 BuildRequires:  slf4j-jdk14
-%endif
 BuildRequires:  apache-commons-lang3
 
 BuildRequires:  junit
 
-Requires:       nss >= 3.44
-Requires:       java-headless
-Requires:       jpackage-utils
-Requires:       slf4j
-Requires:       glassfish-jaxb-api
-%if 0%{?rhel} && 0%{?rhel} <= 7
-# no slf4j-jdk14
-%else
-Requires:       slf4j-jdk14
-%endif
-Requires:       apache-commons-lang3
-
-Conflicts:      ldapjdk < 4.20
-Conflicts:      idm-console-framework < 1.2
-Conflicts:      tomcatjss < 7.6.0
-Conflicts:      pki-base < 10.10.0
-
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 
 ################################################################################
-%package javadoc
+%package -n %{product_id}
+################################################################################
+
+Summary:        Java Security Services (JSS)
+
+Requires:       nss >= 3.44
+Requires:       %{java_headless}
+Requires:       jpackage-utils
+Requires:       slf4j
+Requires:       glassfish-jaxb-api
+Requires:       slf4j-jdk14
+Requires:       apache-commons-lang3
+
+Obsoletes:      jss < %{version}-%{release}
+Provides:       jss = %{version}-%{release}
+Provides:       jss = %{major_version}.%{minor_version}
+Provides:       %{product_id} = %{major_version}.%{minor_version}
+
+Conflicts:      ldapjdk < 4.20
+Conflicts:      idm-console-framework < 1.2
+Conflicts:      tomcatjss < 7.6.0
+Conflicts:      pki-base < 10.10.0
+
+%description -n %{product_id}
+Java Security Services (JSS) is a java native interface which provides a bridge
+for java-based applications to use native Network Security Services (NSS).
+This only works with gcj. Other JREs require that JCE providers be signed.
+
+################################################################################
+%package -n %{product_id}-javadoc
 ################################################################################
 
 Summary:        Java Security Services (JSS) Javadocs
-Requires:       jss = %{version}-%{release}
 
-%description javadoc
+Obsoletes:      jss-javadoc < %{version}-%{release}
+Provides:       jss-javadoc = %{version}-%{release}
+Provides:       jss-javadoc = %{major_version}.%{minor_version}
+Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
+
+%description -n %{product_id}-javadoc
 This package contains the API documentation for JSS.
 
 ################################################################################
 %prep
+################################################################################
 
-%autosetup -n %{name}-%{version}%{?_phase} -p 1 -S git
+%autosetup -n jss-%{version}%{?_phase} -p 1
 
 ################################################################################
 %build
+################################################################################
 
 %set_build_flags
 
-[ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
-
 # Enable compiler optimizations
 export BUILD_OPT=1
 
@@ -110,41 +156,47 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA
 
 # The Makefile is not thread-safe
 %cmake \
+    -DVERSION=%{version} \
     -DJAVA_HOME=%{java_home} \
     -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
+    -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \
     -B %{_vpath_builddir}
 
 cd %{_vpath_builddir}
-%{__make} all
+
-%{__make} javadoc
+%{__make} \
+    VERBOSE=%{?_verbose} \
+    CMAKE_NO_VERBOSE=1 \
+    --no-print-directory \
+    all
+
+%{__make} \
+    VERBOSE=%{?_verbose} \
+    CMAKE_NO_VERBOSE=1 \
+    --no-print-directory \
+    javadoc
+
+%if %{with tests}
 ctest --output-on-failure
+%endif
 
 ################################################################################
 %install
-
-# There is no install target so we'll do it by hand
-
-# jars
-install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
-install -m 644 %{_vpath_builddir}/jss4.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar
-
-# We have to use the name libjss4.so because this is dynamically
-# loaded by the jar file.
-install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss
-install -m 0755 %{_vpath_builddir}/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/
-pushd  ${RPM_BUILD_ROOT}%{_libdir}/jss
-    ln -fs %{_jnidir}/jss4.jar jss4.jar
-popd
-
-# javadoc
-install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-cp -rp %{_vpath_builddir}/docs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-cp -p jss.html $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-
-# No ldconfig is required since this library is loaded by Java itself.
 ################################################################################
-%files
+
+cd %{_vpath_builddir}
+
+%{__make} \
+    VERBOSE=%{?_verbose} \
+    CMAKE_NO_VERBOSE=1 \
+    DESTDIR=%{buildroot} \
+    INSTALL="install -p" \
+    --no-print-directory \
+    install
+
+################################################################################
+%files -n %{product_id}
+################################################################################
 
 %defattr(-,root,root,-)
 %doc jss.html
@@ -153,13 +205,46 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 %{_jnidir}/*
 
 ################################################################################
-%files javadoc
+%files -n %{product_id}-javadoc
+################################################################################
 
 %defattr(-,root,root,-)
-%{_javadocdir}/%{name}-%{version}/
+%{_javadocdir}/jss-%{version}/
 
 ################################################################################
 %changelog
+* Thu Feb 08 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.11.0-1
+- Rebase to JSS 4.11.0
+
+* Tue Jan 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.10.0-0.1
+- Rebase to JSS 4.10.0-alpha1
+
+* Fri Jan 12 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.8-1
+- Rebase to JSS 4.9.8
+
+* Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
+- Rebase to JSS 4.9.4
+- Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider
+
+* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.3-1
+- Rebase to JSS 4.9.3
+- Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8]
+
+* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.2-1
+- Rebase to JSS 4.9.2
+
+* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.1-1
+- Rebase to JSS 4.9.1
+
+* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-1
+- Rebase to JSS 4.9.0
+
+* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.2
+- Rebase to JSS 4.9.0-alpha2
+
+* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.1
+- Rebase to JSS 4.9.0-alpha1
+
 * Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
 - Rebase to upstream JSS v4.8.1
 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class