diff --git a/SOURCES/0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch b/SOURCES/0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch new file mode 100644 index 0000000..1503ae2 --- /dev/null +++ b/SOURCES/0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch @@ -0,0 +1,31 @@ +From 3a12e8892984a96088e3d2b4a65188db60d91564 Mon Sep 17 00:00:00 2001 +From: Jack Magne +Date: Wed, 20 May 2020 16:50:24 -0700 +Subject: [PATCH 1/8] Related: Bug 1710105 - JSS: add RSA PSS support + +Add PSS cases to algorithm name translating method. +--- + org/mozilla/jss/netscape/security/util/Cert.java | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/org/mozilla/jss/netscape/security/util/Cert.java b/org/mozilla/jss/netscape/security/util/Cert.java +index ccbbcc0..bcd04b6 100644 +--- a/org/mozilla/jss/netscape/security/util/Cert.java ++++ b/org/mozilla/jss/netscape/security/util/Cert.java +@@ -63,6 +63,13 @@ public class Cert { + return SignatureAlgorithm.ECSignatureWithSHA384Digest; + else if (algname.equals("SHA512withEC")) + return SignatureAlgorithm.ECSignatureWithSHA512Digest; ++ else if (algname.equals("SHA256withRSA/PSS")) ++ return SignatureAlgorithm.RSAPSSSignatureWithSHA256Digest; ++ else if (algname.equals("SHA384withRSA/PSS")) ++ return SignatureAlgorithm.RSAPSSSignatureWithSHA384Digest; ++ else if (algname.equals("SHA512withRSA/PSS")) ++ return SignatureAlgorithm.RSAPSSSignatureWithSHA512Digest; ++ + return null; + } + +-- +1.8.3.1 + diff --git a/SOURCES/0006-Update-.gitignore.patch b/SOURCES/0006-Update-.gitignore.patch new file mode 100644 index 0000000..53dfc9f --- /dev/null +++ b/SOURCES/0006-Update-.gitignore.patch @@ -0,0 +1,31 @@ +From 27d929c6c451b01c3c1b5a61964fdaded8a855e9 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Wed, 12 May 2021 13:05:39 -0500 +Subject: [PATCH 2/8] Update .gitignore + +--- + .gitignore | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/.gitignore b/.gitignore +index ba077a4..936aa24 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -1 +1,13 @@ +-bin ++# Ignore build directories and artifacts ++/bin ++*.OBJ/ ++build/ ++src/*.a ++src/*.o ++target/ ++ ++# These files are automatically generated from their .in equivalents ++org/mozilla/jss/util/jssver.h ++org/mozilla/jss/jssconfig.h ++src/main/java/org/mozilla/jss/util/jssver.h ++src/main/java/org/mozilla/jss/jssconfig.h +-- +1.8.3.1 + diff --git a/SOURCES/0007-Update-CI-tests.patch b/SOURCES/0007-Update-CI-tests.patch new file mode 100644 index 0000000..1cc2ea1 --- /dev/null +++ b/SOURCES/0007-Update-CI-tests.patch @@ -0,0 +1,52 @@ +From b0b720bcbb74115cf15aeee84c9fe27309e8c95e Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Wed, 12 May 2021 14:51:57 -0500 +Subject: [PATCH 3/8] Update CI tests + +The CI tests has been modified to run on push and +pull requests regardless of branch name. + +The Fedora 26 and 29 tests have been removed since +apparently the container images are no longer +available. +--- + .github/workflows/required-v4.4.x.yml | 22 +--------------------- + 1 file changed, 1 insertion(+), 21 deletions(-) + +diff --git a/.github/workflows/required-v4.4.x.yml b/.github/workflows/required-v4.4.x.yml +index ce096a6..015001f 100644 +--- a/.github/workflows/required-v4.4.x.yml ++++ b/.github/workflows/required-v4.4.x.yml +@@ -1,28 +1,8 @@ + name: Required Tests for v4.4.x branch + +-on: +- push: +- branches: +- - v4.4.x +- pull_request: +- branches: +- - v4.4.x ++on: [push, pull_request] + + jobs: +- fedora26: +- runs-on: ubuntu-latest +- steps: +- - name: Clone the repository +- uses: actions/checkout@v2 +- - name: Build and Run the Docker Image +- run: bash tools/run_container.sh "fedora_26" +- fedora29: +- runs-on: ubuntu-latest +- steps: +- - name: Clone the repository +- uses: actions/checkout@v2 +- - name: Build and Run the Docker Image +- run: bash tools/run_container.sh "fedora_29" + fedora31: + runs-on: ubuntu-latest + steps: +-- +1.8.3.1 + diff --git a/SOURCES/0008-Add-GitLab-synchronization-job.patch b/SOURCES/0008-Add-GitLab-synchronization-job.patch new file mode 100644 index 0000000..2c7dd0a --- /dev/null +++ b/SOURCES/0008-Add-GitLab-synchronization-job.patch @@ -0,0 +1,100 @@ +From ce25f8d7f8d9f17c8509b60209eecff1e36d08f2 Mon Sep 17 00:00:00 2001 +From: "Endi S. Dewata" +Date: Thu, 15 Jul 2021 13:27:43 -0500 +Subject: [PATCH 4/8] Add GitLab synchronization job + +The .gitlab-ci.yml has been added to define a job to +synchronize a branch from an upstream repository to a +GitLab repository. +--- + .gitlab-ci.yml | 22 +++++++++++ + docs/development/Synchronizing-GitLab-Branch.adoc | 48 +++++++++++++++++++++++ + 2 files changed, 70 insertions(+) + create mode 100644 .gitlab-ci.yml + create mode 100644 docs/development/Synchronizing-GitLab-Branch.adoc + +diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml +new file mode 100644 +index 0000000..249e240 +--- /dev/null ++++ b/.gitlab-ci.yml +@@ -0,0 +1,22 @@ ++image: fedora ++ ++sync: ++ ++ script: ++ - echo "Synchronizing $CI_COMMIT_BRANCH branch from $UPSTREAM_URL to $CI_PROJECT_URL" ++ - dnf install -y git ++ - git remote set-url origin https://sync:$ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git ++ - git remote remove upstream || true ++ - git remote add upstream $UPSTREAM_URL ++ - git remote -v ++ - git fetch upstream $CI_COMMIT_BRANCH ++ - git checkout upstream/$CI_COMMIT_BRANCH ++ - git log origin/$CI_COMMIT_BRANCH..upstream/$CI_COMMIT_BRANCH --oneline ++ - GIT_SSL_NO_VERIFY=true git push origin HEAD:$CI_COMMIT_BRANCH ++ ++ rules: ++ - if: $SYNC == "true" ++ ++ tags: ++ # Use shared runners. ++ - shared +diff --git a/docs/development/Synchronizing-GitLab-Branch.adoc b/docs/development/Synchronizing-GitLab-Branch.adoc +new file mode 100644 +index 0000000..b0937f2 +--- /dev/null ++++ b/docs/development/Synchronizing-GitLab-Branch.adoc +@@ -0,0 +1,48 @@ ++= Synchronizing GitLab Branch = ++ ++== Overview == ++ ++This page describes the procedure to synchronize a branch from an upstream repository ++to a GitLab repository. ++ ++== Creating Access Token == ++ ++In the GitLab repository create a project access token with a **write_repository** permission. ++ ++See link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#creating-a-project-access-token[Creating a project access token]. ++ ++== Configuring Synchronization == ++ ++In the GitLab repository create the following variables: ++ ++* `UPSTREAM_URL`: The URL of the upstream repository. ++** Unselect **Protect variable** to synchronize unprotected branches. ++* `ACCESS_TOKEN`: The value of the access token. ++** Unselect **Protect variable** to synchronize unprotected branches. ++** Select **Mask variable** to keep the access token hidden. ++ ++See link:https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project[Add a CI/CD variable to a project]. ++ ++== Running Synchronization Manually == ++ ++In the GitLab repository run a pipeline with the following parameters: ++ ++* **Run for branch name or tag**: The branch to be synchronized. ++* **Variables**: ++** `SYNC`: `true` ++ ++See link:https://docs.gitlab.com/ee/ci/pipelines/#run-a-pipeline-manually[Run a pipeline manually]. ++ ++== Scheduling Automatic Synchronization == ++ ++In the GitLab repository create a schedule with the following parameters: ++ ++* **Interval Pattern**: The frequency of synchronization. ++** To synchronize every hour, enter: `0 * * * *` ++* **Target Branch**: The branch to be synchronized. ++* **Variables**: ++** `SYNC`: `true` ++ ++Additional schedules can be created for synchronizing other branches. ++ ++See link:https://docs.gitlab.com/ee/ci/pipelines/schedules.html#configuring-pipeline-schedules[Configuring pipeline schedules]. +-- +1.8.3.1 + diff --git a/SOURCES/0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch b/SOURCES/0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch new file mode 100644 index 0000000..61b5a8c --- /dev/null +++ b/SOURCES/0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch @@ -0,0 +1,75 @@ +From 3adb695ea6a7f50d7631a4c048f75dae078889fa Mon Sep 17 00:00:00 2001 +From: Jack Magne +Date: Thu, 24 Aug 2023 20:41:00 -0400 +Subject: [PATCH 5/8] Fix Bug 2180920 add AES support for TMS server-side + keygen on latest HSM / FIPS environment [RHCS 9.7.z] + +Back port AES KWP wrap alg support only for JSS in this branch to allow for the TMS bug referenced above to work. +--- + org/mozilla/jss/crypto/Algorithm.c | 3 ++- + org/mozilla/jss/crypto/Algorithm.h | 2 +- + org/mozilla/jss/crypto/Algorithm.java | 2 ++ + org/mozilla/jss/crypto/KeyWrapAlgorithm.java | 8 ++++++++ + 4 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/org/mozilla/jss/crypto/Algorithm.c b/org/mozilla/jss/crypto/Algorithm.c +index 84290ad..9492d01 100644 +--- a/org/mozilla/jss/crypto/Algorithm.c ++++ b/org/mozilla/jss/crypto/Algorithm.c +@@ -96,7 +96,8 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = { + /* the CKM_AES_KEY_WRAP_* have different defs than CKM_NSS_AES_KEY_WRAP_* */ + /* 65 */ {CKM_AES_KEY_WRAP, PK11_MECH}, + /* 66 */ {CKM_AES_KEY_WRAP_PAD, PK11_MECH}, +-/* 67 */ {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG} ++/* 67 */ {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG}, ++/* 68 */ {CKM_AES_KEY_WRAP_KWP, PK11_MECH} + /* REMEMBER TO UPDATE NUM_ALGS!!! */ + }; + +diff --git a/org/mozilla/jss/crypto/Algorithm.h b/org/mozilla/jss/crypto/Algorithm.h +index 09b5869..6bf4d96 100644 +--- a/org/mozilla/jss/crypto/Algorithm.h ++++ b/org/mozilla/jss/crypto/Algorithm.h +@@ -24,7 +24,7 @@ typedef struct JSS_AlgInfoStr { + JSS_AlgType type; + } JSS_AlgInfo; + +-#define NUM_ALGS 68 ++#define NUM_ALGS 69 + + extern JSS_AlgInfo JSS_AlgTable[]; + extern CK_ULONG JSS_symkeyUsage[]; +diff --git a/org/mozilla/jss/crypto/Algorithm.java b/org/mozilla/jss/crypto/Algorithm.java +index 26d4758..bd93f13 100644 +--- a/org/mozilla/jss/crypto/Algorithm.java ++++ b/org/mozilla/jss/crypto/Algorithm.java +@@ -229,5 +229,7 @@ public class Algorithm { + protected static final short CKM_AES_KEY_WRAP_PAD=66; + // RSA-PSS + protected static final short SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 67; ++ // CKM_AES_KEY_WRAP_KWP for HSM support ++ protected static final int CKM_AES_KEY_WRAP_KWP = 68; + + } +diff --git a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java +index 3113f61..346eca7 100644 +--- a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java ++++ b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java +@@ -130,6 +130,14 @@ public class KeyWrapAlgorithm extends Algorithm { + AES_KEY_WRAP_PAD = new KeyWrapAlgorithm(CKM_NSS_AES_KEY_WRAP_PAD, "AES KeyWrap/Padding", + (Class) null, true, 8); + ++ /* ++ * Added to support HSMs. There is no CKM_NSS equivalent, unlike the ++ * above two mechanisms. ++ */ ++ public static final KeyWrapAlgorithm ++ AES_KEY_WRAP_PAD_KWP = new KeyWrapAlgorithm(CKM_AES_KEY_WRAP_KWP, "AES KeyWrap/Wrapped", ++ (Class) null, true, 8); ++ + public static final OBJECT_IDENTIFIER AES_KEY_WRAP_PAD_OID = new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.1.8"); + public static final OBJECT_IDENTIFIER AES_KEY_WRAP_OID = new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.1.5"); + public static final OBJECT_IDENTIFIER AES_CBC_PAD_OID = new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.1.2"); +-- +1.8.3.1 + diff --git a/SOURCES/0011-Bug2184930_Fix-AIA-externsion-print.patch b/SOURCES/0011-Bug2184930_Fix-AIA-externsion-print.patch new file mode 100644 index 0000000..074e5f1 --- /dev/null +++ b/SOURCES/0011-Bug2184930_Fix-AIA-externsion-print.patch @@ -0,0 +1,62 @@ +From 454808d107f1d97d55b1c052740e5449e7a0d9ab Mon Sep 17 00:00:00 2001 +From: Marco Fargetta +Date: Fri, 5 May 2023 19:12:43 +0200 +Subject: [PATCH 7/8] Bug2184930_Fix AIA externsion print + +The "Authority Info Access" extension was not included in the oid +extension map so it was not correctly printed. + +This add AIA extension to the oid map. +--- + org/mozilla/jss/netscape/security/x509/OIDMap.java | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/org/mozilla/jss/netscape/security/x509/OIDMap.java b/org/mozilla/jss/netscape/security/x509/OIDMap.java +index 750bc80..d664f42 100644 +--- a/org/mozilla/jss/netscape/security/x509/OIDMap.java ++++ b/org/mozilla/jss/netscape/security/x509/OIDMap.java +@@ -25,6 +25,7 @@ import java.util.Hashtable; + import java.util.Iterator; + import java.util.Properties; + ++import org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension; + import org.mozilla.jss.netscape.security.util.ObjectIdentifier; + + /** +@@ -61,6 +62,8 @@ public class OIDMap { + AuthorityKeyIdentifierExtension.NAME; + private static final String SUB_KEY_IDENTIFIER = ROOT + "." + + SubjectKeyIdentifierExtension.NAME; ++ private static final String AUTHORITY_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." + ++ AuthInfoAccessExtension.NAME; + private static final String KEY_USAGE = ROOT + "." + + KeyUsageExtension.NAME; + private static final String PRIVATE_KEY_USAGE = ROOT + "." + +@@ -81,6 +84,7 @@ public class OIDMap { + CertificatePoliciesExtension.NAME; + private static final String SUBJ_DIR_ATTR = //ROOT + "." + + SubjectDirAttributesExtension.NAME; ++ + public static final String EXT_KEY_USAGE_NAME = "ExtendedKeyUsageExtension"; + public static final String EXT_INHIBIT_ANY_POLICY_NAME = "InhibitAnyPolicyExtension"; + private static final String EXT_KEY_USAGE = //ROOT + "." + +@@ -105,6 +109,7 @@ public class OIDMap { + // Load the default name to oid map (EXTENSIONS_OIDS) + private static void loadNamesDefault(Properties props) { + props.put(SUB_KEY_IDENTIFIER, "2.5.29.14"); ++ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.1"); + props.put(KEY_USAGE, "2.5.29.15"); + props.put(PRIVATE_KEY_USAGE, "2.5.29.16"); + props.put(SUB_ALT_NAME, "2.5.29.17"); +@@ -127,6 +132,8 @@ public class OIDMap { + "org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension"); + props.put(SUB_KEY_IDENTIFIER, + "org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension"); ++ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, ++ "org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension"); + props.put(KEY_USAGE, + "org.mozilla.jss.netscape.security.x509.KeyUsageExtension"); + props.put(PRIVATE_KEY_USAGE, +-- +1.8.3.1 + diff --git a/SOURCES/0012-Bug2209624_Fix-SIA-extension.patch b/SOURCES/0012-Bug2209624_Fix-SIA-extension.patch new file mode 100644 index 0000000..730cfdd --- /dev/null +++ b/SOURCES/0012-Bug2209624_Fix-SIA-extension.patch @@ -0,0 +1,54 @@ +From 9c1f9f35baa5a88f739e96fd0f053224b43591af Mon Sep 17 00:00:00 2001 +From: Marco Fargetta +Date: Wed, 24 May 2023 13:25:29 +0200 +Subject: [PATCH 8/8] Bug2209624_Fix SIA extension + +The "Subject Info Access" extension was not included in the oid +extension map so it was not correctly printed. + +This add SIA extension to the oid map. +--- + org/mozilla/jss/netscape/security/x509/OIDMap.java | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/org/mozilla/jss/netscape/security/x509/OIDMap.java b/org/mozilla/jss/netscape/security/x509/OIDMap.java +index d664f42..eac8b5c 100644 +--- a/org/mozilla/jss/netscape/security/x509/OIDMap.java ++++ b/org/mozilla/jss/netscape/security/x509/OIDMap.java +@@ -26,6 +26,7 @@ import java.util.Iterator; + import java.util.Properties; + + import org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension; ++import org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension; + import org.mozilla.jss.netscape.security.util.ObjectIdentifier; + + /** +@@ -64,6 +65,8 @@ public class OIDMap { + SubjectKeyIdentifierExtension.NAME; + private static final String AUTHORITY_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." + + AuthInfoAccessExtension.NAME; ++ private static final String SUBJECT_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." + ++ SubjectInfoAccessExtension.NAME; + private static final String KEY_USAGE = ROOT + "." + + KeyUsageExtension.NAME; + private static final String PRIVATE_KEY_USAGE = ROOT + "." + +@@ -110,6 +113,7 @@ public class OIDMap { + private static void loadNamesDefault(Properties props) { + props.put(SUB_KEY_IDENTIFIER, "2.5.29.14"); + props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.1"); ++ props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.11"); + props.put(KEY_USAGE, "2.5.29.15"); + props.put(PRIVATE_KEY_USAGE, "2.5.29.16"); + props.put(SUB_ALT_NAME, "2.5.29.17"); +@@ -134,6 +138,8 @@ public class OIDMap { + "org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension"); + props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, + "org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension"); ++ props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER, ++ "org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension"); + props.put(KEY_USAGE, + "org.mozilla.jss.netscape.security.x509.KeyUsageExtension"); + props.put(PRIVATE_KEY_USAGE, +-- +1.8.3.1 + diff --git a/SPECS/jss.spec b/SPECS/jss.spec index b578c43..26ba6aa 100644 --- a/SPECS/jss.spec +++ b/SPECS/jss.spec @@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/JSS License: MPLv1.1 or GPLv2+ or LGPLv2+ Version: 4.4.9 -Release: 3%{?dist} +Release: 4%{?dist} # To generate the source tarball: # $ git clone https://github.com/dogtagpki/jss.git @@ -27,6 +27,15 @@ Patch0: 0001-Remove-space-from-AlgorithmId.toString.patch Patch1: 0002-Fix-SHA512withRSA-PSS-identifier.patch Patch2: 0003-Add-AlgorithmId.toStringWithParams-fix-toString.patch Patch3: 0004-More-SHA256withRSA-PSS-algorithm-fixes.-Various-typo.patch +Patch4: 0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch +Patch5: 0006-Update-.gitignore.patch +Patch6: 0007-Update-CI-tests.patch +Patch7: 0008-Add-GitLab-synchronization-job.patch +Patch8: 0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch +#Patch9: 0010-Fix-Issue-RHCS-4675.patch +Patch10: 0011-Bug2184930_Fix-AIA-externsion-print.patch +Patch11: 0012-Bug2209624_Fix-SIA-extension.patch + Conflicts: idm-console-framework < 1.1.17-4 Conflicts: pki-base < 10.4.0 @@ -35,8 +44,8 @@ Conflicts: tomcatjss < 7.2.1 # autosetup BuildRequires: git -BuildRequires: nss-devel >= 3.28.4-6 -BuildRequires: nspr-devel >= 4.13.1 +BuildRequires: nss-devel >= 3.90.0-2 +BuildRequires: nspr-devel >= 4.35.0-1 BuildRequires: java-1.8.0-openjdk-devel BuildRequires: jpackage-utils %if 0%{?fedora} >= 25 || 0%{?rhel} > 7 @@ -45,7 +54,7 @@ BuildRequires: perl-interpreter BuildRequires: apache-commons-lang BuildRequires: apache-commons-codec -Requires: nss >= 3.28.4-6 +Requires: nss >= 3.90.0-2 Requires: java-1.8.0-openjdk-headless Requires: jpackage-utils Requires: apache-commons-lang @@ -181,6 +190,34 @@ cp -p jss/*.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version} ################################################################################ %changelog +* Tue Mar 5 2024 Dogtag PKI Team 4.4.9-4 +- Updated nspr-devel and nss-devel build requirements as well as nss runtime + requirements [mharmsen] +- RHEL-18401 - JSS - add AES support for TMS server-side keygen on latest + HSM / FIPS environment [RHEL 7.9.z] [jmagne] +- JSS: add RSA PSS support + Add PSS cases to algorithm name translating method [jmagne] +- Add GitLab synchronization job [edewata] +- Add AES support for TMS server-side keygen on latest + HSM / FIPS environment [RHCS 9.7.z] + Back port AES KWP wrap alg support only for JSS in this branch to allow for + the TMS bug referenced above to work. [jmagne] +- Empty commit to fix commit msg from previous commit + JSS- add AES support for TMS server-side keygen on latest HSM / FIPS + environment [RHCS 9.7.z] + Back port AES KWP wrap alg support only for JSS in this branch to allow for + the TMS bug referenced above to work. [jmagne] +- RHEL-23935 - JSS - PrettyPrintCert does not properly translate AIA + information into a readable format [RHEL 7.9.z] [mfargett] +- Fix AIA extension print + The "Authority Info Access" extension was not included in the oid + extension map so it was not correctly printed. + This add AIA extension to the oid map. [mfargett] +- Fix SIA extension + The "Subject Info Access" extension was not included in the oid + extension map so it was not correctly printed. + This add SIA extension to the oid map. [mfargett] + * Thu May 7 2020 Dogtag PKI Team 4.4.9-3 - Fix issue with RSA/PSS and SHA-512 Bugzilla #1710105