.gitignore

@@ -1 +1 @@
-SOURCES/jss-5.4.1.tar.gz
+SOURCES/jss-4.11.0.tar.gz

.jss.metadata

@@ -1 +1 @@
-e5418bf90626b135ab43e0caefa04c4b1c6763fa SOURCES/jss-5.4.1.tar.gz
+a068537cd958000dcd3b34847533101f95fc792b SOURCES/jss-4.11.0.tar.gz

SPECS/jss.spec

@@ -5,29 +5,20 @@ Name:           jss
 %global         product_id idm-jss
 
 # Upstream version number:
-%global         major_version 5
+%global         major_version 4
-%global         minor_version 4
+%global         minor_version 11
-%global         update_version 1
+%global         update_version 0
-
-# Downstream release number:
-# - development/stabilization (unsupported): 0.<n> where n >= 1
-# - GA/update (supported): <n> where n >= 1
-%global         release_number 2
-
-# Development phase:
-# - development (unsupported): alpha<n> where n >= 1
-# - stabilization (unsupported): beta<n> where n >= 1
-# - GA/update (supported): <none>
-#global         phase
-
-%undefine       timestamp
-%undefine       commit_id
 
 Summary:        Java Security Services (JSS)
 URL:            https://github.com/dogtagpki/jss
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
+
+# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
+# For official (i.e. supported) releases, use x.y.z-r where r >=1.
+%global         release_number 1
 Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
+Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}
+#global         _phase -alpha1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@@ -36,7 +27,11 @@ Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp
 # $ git push origin v4.5.<z>
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
-Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%{?phase}/jss-%{version}%{?phase:-}%{?phase}.tar.gz
+Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?_phase}/jss-%{version}%{?_phase}.tar.gz
+
+# md2man not available on i686
+ExcludeArch: i686
+
 
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@@ -45,33 +40,28 @@ Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
 
-%if 0%{?fedora} && 0%{?fedora} > 35
-ExclusiveArch: %{java_arches}
-%else
-ExcludeArch: i686
-%endif
-
 ################################################################################
 # Java
 ################################################################################
 
-%define java_devel java-17-openjdk-devel
+%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
-%define java_headless java-17-openjdk-headless
+%define java_devel java-1.8.0-openjdk-devel
-%define java_home %{_jvmdir}/jre-17-openjdk
+%define java_headless java-1.8.0-openjdk-headless
+%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
+%else
+%define java_devel java-11-openjdk-devel
+%define java_headless java-11-openjdk-headless
+%define java_home /usr/lib/jvm/jre-11-openjdk
+%endif
 
 ################################################################################
 # Build Options
 ################################################################################
 
-# By default the javadoc package will be built unless --without javadoc
+# By default the build will execute unit tests unless --without tests
 # option is specified.
 
-%bcond_without javadoc
+%bcond_without tests
-
-# By default the build will not execute unit tests unless --with tests
-# option is specified.
-
-%bcond_with tests
 
 ################################################################################
 # Build Dependencies
@@ -83,15 +73,16 @@ BuildRequires:  zip
 BuildRequires:  unzip
 
 BuildRequires:  gcc-c++
-BuildRequires:  nss-devel >= 3.66
+BuildRequires:  nss-devel >= 3.44
-BuildRequires:  nss-tools >= 3.66
+BuildRequires:  nss-tools >= 3.44
-
 BuildRequires:  %{java_devel}
-BuildRequires:  maven-local
+BuildRequires:  jpackage-utils
-BuildRequires:  mvn(org.apache.commons:commons-lang3)
+BuildRequires:  slf4j
-BuildRequires:  mvn(org.slf4j:slf4j-api)
+BuildRequires:  glassfish-jaxb-api
-BuildRequires:  mvn(org.slf4j:slf4j-jdk14)
+BuildRequires:  slf4j-jdk14
-BuildRequires:  mvn(junit:junit)
+BuildRequires:  apache-commons-lang3
+
+BuildRequires:  junit
 
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
@@ -104,12 +95,13 @@ This only works with gcj. Other JREs require that JCE providers be signed.
 
 Summary:        Java Security Services (JSS)
 
-Requires:       nss >= 3.66
+Requires:       nss >= 3.44
-
 Requires:       %{java_headless}
-Requires:       mvn(org.apache.commons:commons-lang3)
+Requires:       jpackage-utils
-Requires:       mvn(org.slf4j:slf4j-api)
+Requires:       slf4j
-Requires:       mvn(org.slf4j:slf4j-jdk14)
+Requires:       glassfish-jaxb-api
+Requires:       slf4j-jdk14
+Requires:       apache-commons-lang3
 
 Obsoletes:      jss < %{version}-%{release}
 Provides:       jss = %{version}-%{release}
@@ -126,7 +118,6 @@ Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 
-%if %{with javadoc}
 ################################################################################
 %package -n %{product_id}-javadoc
 ################################################################################
@@ -140,24 +131,19 @@ Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
 
 %description -n %{product_id}-javadoc
 This package contains the API documentation for JSS.
-%endif
 
 ################################################################################
 %prep
 ################################################################################
 
-%autosetup -n jss-%{version}%{?phase:-}%{?phase} -p 1
+%autosetup -n jss-%{version}%{?_phase} -p 1
 
 ################################################################################
 %build
 ################################################################################
 
-# Set build flags for CMake
-# (see /usr/lib/rpm/macros.d/macros.cmake)
 %set_build_flags
 
-export JAVA_HOME=%{java_home}
-
 # Enable compiler optimizations
 export BUILD_OPT=1
 
@@ -168,30 +154,44 @@ export CFLAGS
 # Check if we're in FIPS mode
 modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
 
-./build.sh \
+# The Makefile is not thread-safe
-    %{?_verbose:-v} \
+%cmake \
-    --work-dir=%{_vpath_builddir} \
+    -DVERSION=%{version} \
-    --prefix-dir=%{_prefix} \
+    -DJAVA_HOME=%{java_home} \
-    --include-dir=%{_includedir} \
+    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-    --lib-dir=%{_libdir} \
+    -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \
-    --sysconf-dir=%{_sysconfdir} \
+    -B %{_vpath_builddir}
-    --share-dir=%{_datadir} \
+
-    --cmake=%{__cmake} \
+cd %{_vpath_builddir}
-    --java-home=%{java_home} \
+
-    --jni-dir=%{_jnidir} \
+%{__make} \
-    --version=%{version} \
+    VERBOSE=%{?_verbose} \
-    %{!?with_javadoc:--without-javadoc} \
+    CMAKE_NO_VERBOSE=1 \
-    %{?with_tests:--with-tests} \
+    --no-print-directory \
-    dist
+    all
+
+%{__make} \
+    VERBOSE=%{?_verbose} \
+    CMAKE_NO_VERBOSE=1 \
+    --no-print-directory \
+    javadoc
+
+%if %{with tests}
+ctest --output-on-failure
+%endif
 
 ################################################################################
 %install
 ################################################################################
 
-./build.sh \
+cd %{_vpath_builddir}
-    %{?_verbose:-v} \
+
-    --work-dir=%{_vpath_builddir} \
+%{__make} \
-    --install-dir=%{buildroot} \
+    VERBOSE=%{?_verbose} \
+    CMAKE_NO_VERBOSE=1 \
+    DESTDIR=%{buildroot} \
+    INSTALL="install -p" \
+    --no-print-directory \
     install
 
 ################################################################################
@@ -200,75 +200,136 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA
 
 %defattr(-,root,root,-)
 %doc jss.html
-%license MPL-1.1.txt gpl.txt lgpl.txt symkey/LICENSE
+%license MPL-1.1.txt gpl.txt lgpl.txt
 %{_libdir}/*
 %{_jnidir}/*
 
-%if %{with javadoc}
 ################################################################################
 %files -n %{product_id}-javadoc
 ################################################################################
 
 %defattr(-,root,root,-)
-%{_javadocdir}/jss/
+%{_javadocdir}/jss-%{version}/
-%endif
 
 ################################################################################
 %changelog
-* Wed May 31 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.4.1-1
+* Thu Feb 08 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.11.0-1
-- Rebase to JSS 5.4.1
+- Rebase to JSS 4.11.0
 
-* Thu Feb 09 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-1
+* Tue Jan 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.10.0-0.1
-- Rebase to JSS 5.3.0
+- Rebase to JSS 4.10.0-alpha1
 
-* Thu Jan 05 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.3.beta2
+* Fri Jan 12 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.8-1
-- Rebase to JSS 5.3.0-beta2
+- Rebase to JSS 4.9.8
-- Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception
 
-* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.2.beta1
+* Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
-- Rebase to JSS 5.3.0-beta1
+- Rebase to JSS 4.9.4
+- Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider
 
-* Fri Sep 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.1-1
+* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.3-1
-- Rebase to JSS 5.2.1
+- Rebase to JSS 4.9.3
-- Bug 2100807 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
+- Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8]
 
-* Wed Jun 29 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-1
+* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.2-1
-- Rebase to JSS 5.2.0
+- Rebase to JSS 4.9.2
 
-* Mon May 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.3.beta2
+* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.1-1
-- Rebase to JSS 5.2.0-beta2
+- Rebase to JSS 4.9.1
-- Rename packages to idm-jss
 
-* Wed Apr 13 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.2.beta1
+* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-1
-- Rebase to JSS 5.2.0-beta1
+- Rebase to JSS 4.9.0
 
-* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.3-1
+* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.2
-- Rebase to JSS 5.0.3
+- Rebase to JSS 4.9.0-alpha2
-- Bug 2046023 - CVE-2021-4213 jss: memory leak in TLS connection leads to OOM [rhel-9.0]
 
-* Wed Feb 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.2-1
+* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.1
-- Rebase to JSS 5.0.2
+- Rebase to JSS 4.9.0-alpha1
-- Bug 2029838 - SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser
 
-* Fri Nov 19 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.1-1
+* Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
-- Rebase to JSS 5.0.1
+- Rebase to upstream JSS v4.8.1
+- Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
+- Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
 
-* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-1
+* Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
-- Rebase to JSS 5.0.0
+- Only check PKCS11Constants on beta builds
+- Bump tomcatjss, pki-core conflicts due to lang3
 
-* Thu Sep 16 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.5.beta1
+* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
-- Rebase to JSS 5.0.0-beta1
+- Rebase to upstream JSS v4.8.0
 
-* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.4.alpha1
+* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
-- Drop BuildRequires and Requires on glassfish-jaxb-api
+- Rebase to upstream JSS v4.8.0-b1
-  Resolves #2002576
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.0.0-0.3.alpha1
+* Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rebase to upstream stable release JSS v4.7.3
-  Related: rhbz#1991688
+- Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
 
-* Mon Aug  2 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.2
+* Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.2-1
-- Drop javadoc package
+- Rebase to upstream stable release JSS v4.7.2
+- Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close
 
-* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.1
+* Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.1-1
-- Rebase to JSS 5.0.0-alpha1
+- Rebase to upstream stable release JSS v4.7.1
+
+* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-1
+- Rebase to upstream stable release JSS v4.7.0
+- Fixed TestSSLEngine
+
+* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.4
+- Rebased to JSS 4.7.0-b4
+
+* Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.3
+- Rebased to JSS 4.7.0-b3
+
+* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.1
+- Rebased to JSS 4.7.0-b1
+
+* Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4
+- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
+
+* Mon Mar 02 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-3
+- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
+
+* Tue Oct 29 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-2
+- Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations
+- Rebased to JSS 4.6.2
+
+* Wed Sep 11 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-5
+- Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
+
+* Wed Aug 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-4
+- Red Hat Bugzilla #1698059 - pki-core implements crypto
+
+* Tue Jul 16 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-3
+- Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support
+
+* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-2
+- Minor updates to release
+
+* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-1
+- Rebased to JSS 4.6.0
+
+* Thu Apr 25 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.3-1
+- Rebased to JSS 4.5.3
+
+* Fri Aug 10 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-1
+- Rebased to JSS 4.5.0
+
+* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.6
+- Rebased to JSS 4.5.0-b1
+
+* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.5
+- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
+
+* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.4
+- Rebased to JSS 4.5.0-a4
+- Red Hat Bugzilla #1604462 - jss: FTBFS in Fedora rawhide
+
+* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.3
+- Rebased to JSS 4.5.0-a3
+
+* Fri Jun 22 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.2
+- Rebased to JSS 4.5.0-a2
+
+* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.1
+- Rebased to JSS 4.5.0-a1