ce3eda
################################################################################
ce3eda
Name:           jss
ce3eda
################################################################################
ce3eda
ce3eda
Summary:        Java Security Services (JSS)
ce3eda
URL:            http://www.dogtagpki.org/wiki/JSS
ce3eda
License:        MPLv1.1 or GPLv2+ or LGPLv2+
ce3eda
11bb3c
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
11bb3c
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
7e9ef7
Version:        4.9.3
11bb3c
Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
11bb3c
#global         _phase -alpha1
ce3eda
ce3eda
# To generate the source tarball:
ce3eda
# $ git clone https://github.com/dogtagpki/jss.git
ce3eda
# $ cd jss
69f63c
# $ git tag v4.5.<z>
69f63c
# $ git push origin v4.5.<z>
69f63c
# Then go to https://github.com/dogtagpki/jss/releases and download the source
69f63c
# tarball.
ce3eda
Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
ce3eda
ce3eda
# To create a patch for all changes since a version tag:
ce3eda
# $ git format-patch \
ce3eda
#     --stdout \
ce3eda
#     <version tag> \
ce3eda
#     > jss-VERSION-RELEASE.patch
ce3eda
# Patch: jss-VERSION-RELEASE.patch
11bb3c
11bb3c
################################################################################
11bb3c
# Java
11bb3c
################################################################################
11bb3c
11bb3c
%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
11bb3c
%define java_devel java-1.8.0-openjdk-devel
11bb3c
%define java_headless java-1.8.0-openjdk-headless
11bb3c
%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
11bb3c
%else
11bb3c
%define java_devel java-11-openjdk-devel
11bb3c
%define java_headless java-11-openjdk-headless
11bb3c
%define java_home /usr/lib/jvm/jre-11-openjdk
11bb3c
%endif
11bb3c
11bb3c
################################################################################
11bb3c
# Build Options
11bb3c
################################################################################
11bb3c
11bb3c
# By default the build will execute unit tests unless --without test
11bb3c
# option is specified.
11bb3c
11bb3c
%bcond_without test
ce3eda
ce3eda
################################################################################
ce3eda
# Build Dependencies
ce3eda
################################################################################
ce3eda
69f63c
BuildRequires:  make
23f496
BuildRequires:  cmake >= 3.14
16e5c2
BuildRequires:  zip
16e5c2
BuildRequires:  unzip
ce3eda
ce3eda
BuildRequires:  gcc-c++
16e5c2
BuildRequires:  nss-devel >= 3.44
16e5c2
BuildRequires:  nss-tools >= 3.44
11bb3c
BuildRequires:  %{java_devel}
ce3eda
BuildRequires:  jpackage-utils
ce3eda
BuildRequires:  slf4j
69f63c
BuildRequires:  glassfish-jaxb-api
ce3eda
BuildRequires:  slf4j-jdk14
23f496
BuildRequires:  apache-commons-lang3
ce3eda
69f63c
BuildRequires:  junit
ce3eda
16e5c2
Requires:       nss >= 3.44
11bb3c
Requires:       %{java_headless}
ce3eda
Requires:       jpackage-utils
ce3eda
Requires:       slf4j
69f63c
Requires:       glassfish-jaxb-api
ce3eda
Requires:       slf4j-jdk14
23f496
Requires:       apache-commons-lang3
ce3eda
ce3eda
Conflicts:      ldapjdk < 4.20
ce3eda
Conflicts:      idm-console-framework < 1.2
23f496
Conflicts:      tomcatjss < 7.6.0
23f496
Conflicts:      pki-base < 10.10.0
ce3eda
ce3eda
%description
ce3eda
Java Security Services (JSS) is a java native interface which provides a bridge
ce3eda
for java-based applications to use native Network Security Services (NSS).
ce3eda
This only works with gcj. Other JREs require that JCE providers be signed.
ce3eda
ce3eda
################################################################################
ce3eda
%package javadoc
ce3eda
################################################################################
ce3eda
ce3eda
Summary:        Java Security Services (JSS) Javadocs
ce3eda
Requires:       jss = %{version}-%{release}
ce3eda
ce3eda
%description javadoc
ce3eda
This package contains the API documentation for JSS.
ce3eda
ce3eda
################################################################################
ce3eda
%prep
ce3eda
11bb3c
%autosetup -n %{name}-%{version}%{?_phase} -p 1
ce3eda
ce3eda
################################################################################
ce3eda
%build
ce3eda
ce3eda
%set_build_flags
ce3eda
ce3eda
# Enable compiler optimizations
ce3eda
export BUILD_OPT=1
ce3eda
ce3eda
# Generate symbolic info for debuggers
69f63c
CFLAGS="-g $RPM_OPT_FLAGS"
69f63c
export CFLAGS
ce3eda
6fc53e
# Check if we're in FIPS mode
6fc53e
modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
6fc53e
ce3eda
# The Makefile is not thread-safe
69f63c
%cmake \
11bb3c
    -DVERSION=%{version} \
69f63c
    -DJAVA_HOME=%{java_home} \
69f63c
    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
11bb3c
    -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \
16e5c2
    -B %{_vpath_builddir}
16e5c2
16e5c2
cd %{_vpath_builddir}
11bb3c
11bb3c
%{__make} \
11bb3c
    VERBOSE=%{?_verbose} \
11bb3c
    CMAKE_NO_VERBOSE=1 \
11bb3c
    --no-print-directory \
11bb3c
    all
11bb3c
11bb3c
%{__make} \
11bb3c
    VERBOSE=%{?_verbose} \
11bb3c
    CMAKE_NO_VERBOSE=1 \
11bb3c
    --no-print-directory \
11bb3c
    javadoc
11bb3c
11bb3c
%if %{with test}
69f63c
ctest --output-on-failure
11bb3c
%endif
ce3eda
ce3eda
################################################################################
ce3eda
%install
ce3eda
11bb3c
cd %{_vpath_builddir}
ce3eda
11bb3c
%{__make} \
11bb3c
    VERBOSE=%{?_verbose} \
11bb3c
    CMAKE_NO_VERBOSE=1 \
11bb3c
    DESTDIR=%{buildroot} \
11bb3c
    INSTALL="install -p" \
11bb3c
    --no-print-directory \
11bb3c
    install
ce3eda
ce3eda
################################################################################
ce3eda
%files
ce3eda
ce3eda
%defattr(-,root,root,-)
16e5c2
%doc jss.html
16e5c2
%license MPL-1.1.txt gpl.txt lgpl.txt
ce3eda
%{_libdir}/*
ce3eda
%{_jnidir}/*
ce3eda
ce3eda
################################################################################
ce3eda
%files javadoc
ce3eda
ce3eda
%defattr(-,root,root,-)
ce3eda
%{_javadocdir}/%{name}-%{version}/
ce3eda
ce3eda
################################################################################
ce3eda
%changelog
7e9ef7
* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.3-1
7e9ef7
- Rebase to JSS 4.9.3
7e9ef7
- Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8]
7e9ef7
7e9ef7
* Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.2-1
7e9ef7
- Rebase to JSS 4.9.2
7e9ef7
11bb3c
* Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.1-1
11bb3c
- Rebase to JSS 4.9.1
11bb3c
11bb3c
* Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-1
11bb3c
- Rebase to JSS 4.9.0
11bb3c
11bb3c
* Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.2
11bb3c
- Rebase to JSS 4.9.0-alpha2
11bb3c
11bb3c
* Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.1
11bb3c
- Rebase to JSS 4.9.0-alpha1
23f496
23f496
* Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
23f496
- Rebase to upstream JSS v4.8.1
23f496
- Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
23f496
- Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
23f496
23f496
* Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
23f496
- Only check PKCS11Constants on beta builds
23f496
- Bump tomcatjss, pki-core conflicts due to lang3
23f496
23f496
* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
23f496
- Rebase to upstream JSS v4.8.0
23f496
23f496
* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
23f496
- Rebase to upstream JSS v4.8.0-b1
23f496
16e5c2
* Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
16e5c2
- Rebase to upstream stable release JSS v4.7.3
16e5c2
- Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
16e5c2
16e5c2
* Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.2-1
16e5c2
- Rebase to upstream stable release JSS v4.7.2
16e5c2
- Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close
16e5c2
16e5c2
* Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.1-1
16e5c2
- Rebase to upstream stable release JSS v4.7.1
16e5c2
16e5c2
* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-1
16e5c2
- Rebase to upstream stable release JSS v4.7.0
16e5c2
- Fixed TestSSLEngine
16e5c2
16e5c2
* Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.4
16e5c2
- Rebased to JSS 4.7.0-b4
16e5c2
16e5c2
* Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.3
16e5c2
- Rebased to JSS 4.7.0-b3
16e5c2
16e5c2
* Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.1
16e5c2
- Rebased to JSS 4.7.0-b1
fe62e3
6fc53e
* Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4
6fc53e
- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
6fc53e
6fc53e
* Mon Mar 02 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-3
6fc53e
- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
6fc53e
6fc53e
* Tue Oct 29 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-2
6fc53e
- Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations
6fc53e
- Rebased to JSS 4.6.2
6fc53e
69f63c
* Wed Sep 11 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-5
6fc53e
- Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
69f63c
69f63c
* Wed Aug 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-4
69f63c
- Red Hat Bugzilla #1698059 - pki-core implements crypto
69f63c
69f63c
* Tue Jul 16 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-3
6fc53e
- Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support
69f63c
69f63c
* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-2
69f63c
- Minor updates to release
69f63c
69f63c
* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-1
69f63c
- Rebased to JSS 4.6.0
69f63c
69f63c
* Thu Apr 25 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.3-1
69f63c
- Rebased to JSS 4.5.3
69f63c
69f63c
* Fri Aug 10 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-1
ce3eda
- Rebased to JSS 4.5.0
ce3eda
69f63c
* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.6
ce3eda
- Rebased to JSS 4.5.0-b1
ce3eda
69f63c
* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.5
ce3eda
- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
ce3eda
69f63c
* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.4
ce3eda
- Rebased to JSS 4.5.0-a4
ce3eda
- Red Hat Bugzilla #1604462 - jss: FTBFS in Fedora rawhide
ce3eda
69f63c
* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.3
ce3eda
- Rebased to JSS 4.5.0-a3
ce3eda
69f63c
* Fri Jun 22 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.2
ce3eda
- Rebased to JSS 4.5.0-a2
ce3eda
69f63c
* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.1
ce3eda
- Rebased to JSS 4.5.0-a1