diff --git a/.gitignore b/.gitignore
index 93d511a..730ec17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/jss-5.0.3.tar.gz
+SOURCES/jss-5.2.1.tar.gz
diff --git a/.jss.metadata b/.jss.metadata
index 32b4efe..9ec88a7 100644
--- a/.jss.metadata
+++ b/.jss.metadata
@@ -1 +1 @@
-6351e00796eb7639da6a974044ef5101a9ecf67a SOURCES/jss-5.0.3.tar.gz
+e9a7e0d19159d2409365a32d6bcd3068c3d41ed5 SOURCES/jss-5.2.1.tar.gz
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index 5383b4e..bb75faa 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -2,15 +2,32 @@
Name: jss
################################################################################
+%global product_id idm-jss
+
+# Upstream version number:
+%global major_version 5
+%global minor_version 2
+%global update_version 1
+
+# Downstream release number:
+# - development/stabilization (unsupported): 0.<n> where n >= 1
+# - GA/update (supported): <n> where n >= 1
+%global release_number 1
+
+# Development phase:
+# - development (unsupported): alpha<n> where n >= 1
+# - stabilization (unsupported): beta<n> where n >= 1
+# - GA/update (supported): <none>
+%undefine phase
+
+%undefine timestamp
+%undefine commit_id
+
Summary: Java Security Services (JSS)
-URL: http://www.dogtagpki.org/wiki/JSS
+URL: https://github.com/dogtagpki/jss
License: MPLv1.1 or GPLv2+ or LGPLv2+
-
-# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
-# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-Version: 5.0.3
-Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
-#global _phase -alpha1
+Version: %{major_version}.%{minor_version}.%{update_version}
+Release: %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
# To generate the source tarball:
# $ git clone https://github.com/dogtagpki/jss.git
@@ -19,7 +36,7 @@ Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
# $ git push origin v4.5.<z>
# Then go to https://github.com/dogtagpki/jss/releases and download the source
# tarball.
-Source: https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
+Source: https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%{?phase}/jss-%{version}%{?phase:-}%{?phase}.tar.gz
# To create a patch for all changes since a version tag:
# $ git format-patch \
@@ -28,13 +45,16 @@ Source: https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
# > jss-VERSION-RELEASE.patch
# Patch: jss-VERSION-RELEASE.patch
+# Java 17 and md2man are not available on i686
+ExcludeArch: i686
+
################################################################################
# Java
################################################################################
-%define java_devel java-11-openjdk-devel
-%define java_headless java-11-openjdk-headless
-%define java_home %{_jvmdir}/jre-11-openjdk
+%define java_devel java-17-openjdk-devel
+%define java_headless java-17-openjdk-headless
+%define java_home %{_jvmdir}/jre-17-openjdk
################################################################################
# Build Options
@@ -45,10 +65,10 @@ Source: https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
%bcond_without javadoc
-# By default the build will execute unit tests unless --without test
+# By default the build will not execute unit tests unless --with tests
# option is specified.
-%bcond_without test
+%bcond_with tests
################################################################################
# Build Dependencies
@@ -70,6 +90,17 @@ BuildRequires: apache-commons-lang3
BuildRequires: junit
+%description
+Java Security Services (JSS) is a java native interface which provides a bridge
+for java-based applications to use native Network Security Services (NSS).
+This only works with gcj. Other JREs require that JCE providers be signed.
+
+################################################################################
+%package -n %{product_id}
+################################################################################
+
+Summary: Java Security Services (JSS)
+
Requires: nss >= 3.66
Requires: %{java_headless}
Requires: jpackage-utils
@@ -77,36 +108,45 @@ Requires: slf4j
Requires: slf4j-jdk14
Requires: apache-commons-lang3
+Obsoletes: jss < %{version}-%{release}
+Provides: jss = %{version}-%{release}
+
Conflicts: ldapjdk < 4.20
Conflicts: idm-console-framework < 1.2
Conflicts: tomcatjss < 7.6.0
Conflicts: pki-base < 10.10.0
-%description
+%description -n %{product_id}
Java Security Services (JSS) is a java native interface which provides a bridge
for java-based applications to use native Network Security Services (NSS).
This only works with gcj. Other JREs require that JCE providers be signed.
%if %{with javadoc}
################################################################################
-%package javadoc
+%package -n %{product_id}-javadoc
################################################################################
Summary: Java Security Services (JSS) Javadocs
-Requires: jss = %{version}-%{release}
-%description javadoc
+Obsoletes: jss-javadoc < %{version}-%{release}
+Provides: jss-javadoc = %{version}-%{release}
+
+%description -n %{product_id}-javadoc
This package contains the API documentation for JSS.
%endif
################################################################################
%prep
+################################################################################
-%autosetup -n %{name}-%{version}%{?_phase} -p 1
+%autosetup -n jss-%{version}%{?phase:-}%{?phase} -p 1
################################################################################
%build
+################################################################################
+# Set build flags for CMake
+# (see /usr/lib/rpm/macros.d/macros.cmake)
%set_build_flags
export JAVA_HOME=%{java_home}
@@ -124,15 +164,22 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA
./build.sh \
%{?_verbose:-v} \
--work-dir=%{_vpath_builddir} \
- --java-lib-dir=%{_jnidir} \
- --jss-lib-dir=%{_libdir}/jss \
+ --prefix-dir=%{_prefix} \
+ --include-dir=%{_includedir} \
+ --lib-dir=%{_libdir} \
+ --sysconf-dir=%{_sysconfdir} \
+ --share-dir=%{_datadir} \
+ --cmake=%{__cmake} \
+ --java-home=%{java_home} \
+ --jni-dir=%{_jnidir} \
--version=%{version} \
%{!?with_javadoc:--without-javadoc} \
- %{!?with_test:--without-test} \
+ %{?with_tests:--with-tests} \
dist
################################################################################
%install
+################################################################################
./build.sh \
%{?_verbose:-v} \
@@ -141,25 +188,40 @@ modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENA
install
################################################################################
-%files
+%files -n %{product_id}
+################################################################################
%defattr(-,root,root,-)
%doc jss.html
-%license MPL-1.1.txt gpl.txt lgpl.txt
+%license MPL-1.1.txt gpl.txt lgpl.txt symkey/LICENSE
%{_libdir}/*
%{_jnidir}/*
%if %{with javadoc}
################################################################################
-%files javadoc
+%files -n %{product_id}-javadoc
+################################################################################
%defattr(-,root,root,-)
-%{_javadocdir}/%{name}/
+%{_javadocdir}/jss/
%endif
################################################################################
%changelog
-%changelog
+* Fri Sep 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.1-1
+- Rebase to JSS 5.2.1
+- Bug 2100807 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
+
+* Wed Jun 29 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-1
+- Rebase to JSS 5.2.0
+
+* Mon May 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.3.beta2
+- Rebase to JSS 5.2.0-beta2
+- Rename packages to idm-jss
+
+* Wed Apr 13 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.2.beta1
+- Rebase to JSS 5.2.0-beta1
+
* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.3-1
- Rebase to JSS 5.0.3
- Bug 2046023 - CVE-2021-4213 jss: memory leak in TLS connection leads to OOM [rhel-9.0]