.gitignore

@@ -1 +1 @@
-SOURCES/jss-5.3.0.tar.gz
+SOURCES/jss-4.9.4.tar.gz

.jss.metadata

@@ -1 +1 @@
-fa14d86c52d3d8d443be5ca451e758addedd5e58 SOURCES/jss-5.3.0.tar.gz
+b99d8fd7a9296f7cf480ca92a097dcf18c41eb53 SOURCES/jss-4.9.4.tar.gz

SPECS/jss.spec

@@ -2,32 +2,19 @@
 Name:           jss
 ################################################################################
 
-%global         product_id idm-jss
+%global         major_version 4
-
+%global         minor_version 9
-# Upstream version number:
+%global         update_version 4
-%global         major_version 5
-%global         minor_version 3
-%global         update_version 0
-
-# Downstream release number:
-# - development/stabilization (unsupported): 0.<n> where n >= 1
-# - GA/update (supported): <n> where n >= 1
-%global         release_number 1
-
-# Development phase:
-# - development (unsupported): alpha<n> where n >= 1
-# - stabilization (unsupported): beta<n> where n >= 1
-# - GA/update (supported): <none>
-#global         phase
-
-%undefine       timestamp
-%undefine       commit_id
 
 Summary:        Java Security Services (JSS)
-URL:            https://github.com/dogtagpki/jss
+URL:            http://www.dogtagpki.org/wiki/JSS
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
+
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
 Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
+Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
+#global         _phase -alpha1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@@ -36,7 +23,7 @@ Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp
 # $ git push origin v4.5.<z>
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
-Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%{?phase}/jss-%{version}%{?phase:-}%{?phase}.tar.gz
+Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
 
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@@ -45,33 +32,28 @@ Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
 
-%if 0%{?fedora} && 0%{?fedora} > 35
-ExclusiveArch: %{java_arches}
-%else
-ExcludeArch: i686
-%endif
-
 ################################################################################
 # Java
 ################################################################################
 
-%define java_devel java-17-openjdk-devel
+%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
-%define java_headless java-17-openjdk-headless
+%define java_devel java-1.8.0-openjdk-devel
-%define java_home %{_jvmdir}/jre-17-openjdk
+%define java_headless java-1.8.0-openjdk-headless
+%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
+%else
+%define java_devel java-11-openjdk-devel
+%define java_headless java-11-openjdk-headless
+%define java_home /usr/lib/jvm/jre-11-openjdk
+%endif
 
 ################################################################################
 # Build Options
 ################################################################################
 
-# By default the javadoc package will be built unless --without javadoc
+# By default the build will execute unit tests unless --without test
 # option is specified.
 
-%bcond_without javadoc
+%bcond_without test
-
-# By default the build will not execute unit tests unless --with tests
-# option is specified.
-
-%bcond_with tests
 
 ################################################################################
 # Build Dependencies
@@ -83,81 +65,58 @@ BuildRequires:  zip
 BuildRequires:  unzip
 
 BuildRequires:  gcc-c++
-BuildRequires:  nss-devel >= 3.66
+BuildRequires:  nss-devel >= 3.44
-BuildRequires:  nss-tools >= 3.66
+BuildRequires:  nss-tools >= 3.44
 BuildRequires:  %{java_devel}
 BuildRequires:  jpackage-utils
 BuildRequires:  slf4j
+BuildRequires:  glassfish-jaxb-api
 BuildRequires:  slf4j-jdk14
 BuildRequires:  apache-commons-lang3
 
 BuildRequires:  junit
 
+Requires:       nss >= 3.44
+Requires:       %{java_headless}
+Requires:       jpackage-utils
+Requires:       slf4j
+Requires:       glassfish-jaxb-api
+Requires:       slf4j-jdk14
+Requires:       apache-commons-lang3
+
+Provides:       jss = %{major_version}.%{minor_version}
+
+Conflicts:      ldapjdk < 4.20
+Conflicts:      idm-console-framework < 1.2
+Conflicts:      tomcatjss < 7.6.0
+Conflicts:      pki-base < 10.10.0
+
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 
 ################################################################################
-%package -n %{product_id}
+%package javadoc
-################################################################################
-
-Summary:        Java Security Services (JSS)
-
-Requires:       nss >= 3.66
-Requires:       %{java_headless}
-Requires:       jpackage-utils
-Requires:       slf4j
-Requires:       slf4j-jdk14
-Requires:       apache-commons-lang3
-
-Obsoletes:      jss < %{version}-%{release}
-Provides:       jss = %{version}-%{release}
-Provides:       jss = %{major_version}.%{minor_version}
-Provides:       %{product_id} = %{major_version}.%{minor_version}
-
-Conflicts:      ldapjdk < 4.20
-Conflicts:      idm-console-framework < 1.2
-Conflicts:      tomcatjss < 7.6.0
-Conflicts:      pki-base < 10.10.0
-
-%description -n %{product_id}
-Java Security Services (JSS) is a java native interface which provides a bridge
-for java-based applications to use native Network Security Services (NSS).
-This only works with gcj. Other JREs require that JCE providers be signed.
-
-%if %{with javadoc}
-################################################################################
-%package -n %{product_id}-javadoc
 ################################################################################
 
 Summary:        Java Security Services (JSS) Javadocs
 
-Obsoletes:      jss-javadoc < %{version}-%{release}
+Provides:       javadoc = %{major_version}.%{minor_version}
-Provides:       jss-javadoc = %{version}-%{release}
-Provides:       jss-javadoc = %{major_version}.%{minor_version}
-Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
 
-%description -n %{product_id}-javadoc
+%description javadoc
 This package contains the API documentation for JSS.
-%endif
 
 ################################################################################
 %prep
-################################################################################
 
-%autosetup -n jss-%{version}%{?phase:-}%{?phase} -p 1
+%autosetup -n %{name}-%{version}%{?_phase} -p 1
 
 ################################################################################
 %build
-################################################################################
 
-# Set build flags for CMake
-# (see /usr/lib/rpm/macros.d/macros.cmake)
 %set_build_flags
 
-export JAVA_HOME=%{java_home}
-
 # Enable compiler optimizations
 export BUILD_OPT=1
 
@@ -168,104 +127,170 @@ export CFLAGS
 # Check if we're in FIPS mode
 modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
 
-./build.sh \
+# The Makefile is not thread-safe
-    %{?_verbose:-v} \
+%cmake \
-    --work-dir=%{_vpath_builddir} \
+    -DVERSION=%{version} \
-    --prefix-dir=%{_prefix} \
+    -DJAVA_HOME=%{java_home} \
-    --include-dir=%{_includedir} \
+    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-    --lib-dir=%{_libdir} \
+    -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \
-    --sysconf-dir=%{_sysconfdir} \
+    -B %{_vpath_builddir}
-    --share-dir=%{_datadir} \
-    --cmake=%{__cmake} \
-    --java-home=%{java_home} \
-    --jni-dir=%{_jnidir} \
-    --version=%{version} \
-    %{!?with_javadoc:--without-javadoc} \
-    %{?with_tests:--with-tests} \
-    dist
 
-################################################################################
+cd %{_vpath_builddir}
-%install
-################################################################################
 
-./build.sh \
+%{__make} \
-    %{?_verbose:-v} \
+    VERBOSE=%{?_verbose} \
-    --work-dir=%{_vpath_builddir} \
+    CMAKE_NO_VERBOSE=1 \
-    --install-dir=%{buildroot} \
+    --no-print-directory \
-    install
+    all
 
-################################################################################
+%{__make} \
-%files -n %{product_id}
+    VERBOSE=%{?_verbose} \
-################################################################################
+    CMAKE_NO_VERBOSE=1 \
+    --no-print-directory \
+    javadoc
 
-%defattr(-,root,root,-)
+%if %{with test}
-%doc jss.html
+ctest --output-on-failure
-%license MPL-1.1.txt gpl.txt lgpl.txt symkey/LICENSE
-%{_libdir}/*
-%{_jnidir}/*
-
-%if %{with javadoc}
-################################################################################
-%files -n %{product_id}-javadoc
-################################################################################
-
-%defattr(-,root,root,-)
-%{_javadocdir}/jss/
 %endif
 
+################################################################################
+%install
+
+cd %{_vpath_builddir}
+
+%{__make} \
+    VERBOSE=%{?_verbose} \
+    CMAKE_NO_VERBOSE=1 \
+    DESTDIR=%{buildroot} \
+    INSTALL="install -p" \
+    --no-print-directory \
+    install
+
+################################################################################
+%files
+
+%defattr(-,root,root,-)
+%doc jss.html
+%license MPL-1.1.txt gpl.txt lgpl.txt
+%{_libdir}/*
+%{_jnidir}/*
+
+################################################################################
+%files javadoc
+
+%defattr(-,root,root,-)
+%{_javadocdir}/%{name}-%{version}/
+
 ################################################################################
 %changelog
-* Thu Feb 09 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-1
+* Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
-- Rebase to JSS 5.3.0
+- Rebase to JSS 4.9.4
+- Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider
 
-* Thu Jan 05 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.3.beta2
+* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.3-1
-- Rebase to JSS 5.3.0-beta2
+- Rebase to JSS 4.9.3
-- Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception
+- Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8]
 
-* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.2.beta1
+* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.2-1
-- Rebase to JSS 5.3.0-beta1
+- Rebase to JSS 4.9.2
 
-* Fri Sep 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.1-1
+* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.1-1
-- Rebase to JSS 5.2.1
+- Rebase to JSS 4.9.1
-- Bug 2100807 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
 
-* Wed Jun 29 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-1
+* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-1
-- Rebase to JSS 5.2.0
+- Rebase to JSS 4.9.0
 
-* Mon May 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.3.beta2
+* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.2
-- Rebase to JSS 5.2.0-beta2
+- Rebase to JSS 4.9.0-alpha2
-- Rename packages to idm-jss
 
-* Wed Apr 13 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.2.beta1
+* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.1
-- Rebase to JSS 5.2.0-beta1
+- Rebase to JSS 4.9.0-alpha1
 
-* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.3-1
+* Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
-- Rebase to JSS 5.0.3
+- Rebase to upstream JSS v4.8.1
-- Bug 2046023 - CVE-2021-4213 jss: memory leak in TLS connection leads to OOM [rhel-9.0]
+- Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
+- Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
 
-* Wed Feb 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.2-1
+* Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
-- Rebase to JSS 5.0.2
+- Only check PKCS11Constants on beta builds
-- Bug 2029838 - SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser
+- Bump tomcatjss, pki-core conflicts due to lang3
 
-* Fri Nov 19 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.1-1
+* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
-- Rebase to JSS 5.0.1
+- Rebase to upstream JSS v4.8.0
 
-* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-1
+* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
-- Rebase to JSS 5.0.0
+- Rebase to upstream JSS v4.8.0-b1
 
-* Thu Sep 16 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.5.beta1
+* Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
-- Rebase to JSS 5.0.0-beta1
+- Rebase to upstream stable release JSS v4.7.3
+- Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
 
-* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.4.alpha1
+* Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.2-1
-- Drop BuildRequires and Requires on glassfish-jaxb-api
+- Rebase to upstream stable release JSS v4.7.2
-  Resolves #2002576
+- Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.0.0-0.3.alpha1
+* Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.1-1
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rebase to upstream stable release JSS v4.7.1
-  Related: rhbz#1991688
 
-* Mon Aug  2 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.2
+* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-1
-- Drop javadoc package
+- Rebase to upstream stable release JSS v4.7.0
+- Fixed TestSSLEngine
 
-* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.1
+* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.4
-- Rebase to JSS 5.0.0-alpha1
+- Rebased to JSS 4.7.0-b4
+
+* Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.3
+- Rebased to JSS 4.7.0-b3
+
+* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.1
+- Rebased to JSS 4.7.0-b1
+
+* Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4
+- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
+
+* Mon Mar 02 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-3
+- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
+
+* Tue Oct 29 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-2
+- Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations
+- Rebased to JSS 4.6.2
+
+* Wed Sep 11 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-5
+- Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
+
+* Wed Aug 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-4
+- Red Hat Bugzilla #1698059 - pki-core implements crypto
+
+* Tue Jul 16 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-3
+- Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support
+
+* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-2
+- Minor updates to release
+
+* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-1
+- Rebased to JSS 4.6.0
+
+* Thu Apr 25 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.3-1
+- Rebased to JSS 4.5.3
+
+* Fri Aug 10 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-1
+- Rebased to JSS 4.5.0
+
+* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.6
+- Rebased to JSS 4.5.0-b1
+
+* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.5
+- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
+
+* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.4
+- Rebased to JSS 4.5.0-a4
+- Red Hat Bugzilla #1604462 - jss: FTBFS in Fedora rawhide
+
+* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.3
+- Rebased to JSS 4.5.0-a3
+
+* Fri Jun 22 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.2
+- Rebased to JSS 4.5.0-a2
+
+* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.1
+- Rebased to JSS 4.5.0-a1