diff --git a/SOURCES/0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch b/SOURCES/0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch
new file mode 100644
index 0000000..1503ae2
--- /dev/null
+++ b/SOURCES/0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch
@@ -0,0 +1,31 @@
+From 3a12e8892984a96088e3d2b4a65188db60d91564 Mon Sep 17 00:00:00 2001
+From: Jack Magne <jmagne@localhost.localdomain>
+Date: Wed, 20 May 2020 16:50:24 -0700
+Subject: [PATCH 1/8] Related: Bug 1710105 - JSS: add RSA PSS support
+
+Add PSS cases to algorithm name translating method.
+---
+ org/mozilla/jss/netscape/security/util/Cert.java | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/org/mozilla/jss/netscape/security/util/Cert.java b/org/mozilla/jss/netscape/security/util/Cert.java
+index ccbbcc0..bcd04b6 100644
+--- a/org/mozilla/jss/netscape/security/util/Cert.java
++++ b/org/mozilla/jss/netscape/security/util/Cert.java
+@@ -63,6 +63,13 @@ public class Cert {
+ return SignatureAlgorithm.ECSignatureWithSHA384Digest;
+ else if (algname.equals("SHA512withEC"))
+ return SignatureAlgorithm.ECSignatureWithSHA512Digest;
++ else if (algname.equals("SHA256withRSA/PSS"))
++ return SignatureAlgorithm.RSAPSSSignatureWithSHA256Digest;
++ else if (algname.equals("SHA384withRSA/PSS"))
++ return SignatureAlgorithm.RSAPSSSignatureWithSHA384Digest;
++ else if (algname.equals("SHA512withRSA/PSS"))
++ return SignatureAlgorithm.RSAPSSSignatureWithSHA512Digest;
++
+ return null;
+ }
+
+--
+1.8.3.1
+
diff --git a/SOURCES/0006-Update-.gitignore.patch b/SOURCES/0006-Update-.gitignore.patch
new file mode 100644
index 0000000..53dfc9f
--- /dev/null
+++ b/SOURCES/0006-Update-.gitignore.patch
@@ -0,0 +1,31 @@
+From 27d929c6c451b01c3c1b5a61964fdaded8a855e9 Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Wed, 12 May 2021 13:05:39 -0500
+Subject: [PATCH 2/8] Update .gitignore
+
+---
+ .gitignore | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/.gitignore b/.gitignore
+index ba077a4..936aa24 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -1 +1,13 @@
+-bin
++# Ignore build directories and artifacts
++/bin
++*.OBJ/
++build/
++src/*.a
++src/*.o
++target/
++
++# These files are automatically generated from their .in equivalents
++org/mozilla/jss/util/jssver.h
++org/mozilla/jss/jssconfig.h
++src/main/java/org/mozilla/jss/util/jssver.h
++src/main/java/org/mozilla/jss/jssconfig.h
+--
+1.8.3.1
+
diff --git a/SOURCES/0007-Update-CI-tests.patch b/SOURCES/0007-Update-CI-tests.patch
new file mode 100644
index 0000000..1cc2ea1
--- /dev/null
+++ b/SOURCES/0007-Update-CI-tests.patch
@@ -0,0 +1,52 @@
+From b0b720bcbb74115cf15aeee84c9fe27309e8c95e Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Wed, 12 May 2021 14:51:57 -0500
+Subject: [PATCH 3/8] Update CI tests
+
+The CI tests has been modified to run on push and
+pull requests regardless of branch name.
+
+The Fedora 26 and 29 tests have been removed since
+apparently the container images are no longer
+available.
+---
+ .github/workflows/required-v4.4.x.yml | 22 +---------------------
+ 1 file changed, 1 insertion(+), 21 deletions(-)
+
+diff --git a/.github/workflows/required-v4.4.x.yml b/.github/workflows/required-v4.4.x.yml
+index ce096a6..015001f 100644
+--- a/.github/workflows/required-v4.4.x.yml
++++ b/.github/workflows/required-v4.4.x.yml
+@@ -1,28 +1,8 @@
+ name: Required Tests for v4.4.x branch
+
+-on:
+- push:
+- branches:
+- - v4.4.x
+- pull_request:
+- branches:
+- - v4.4.x
++on: [push, pull_request]
+
+ jobs:
+- fedora26:
+- runs-on: ubuntu-latest
+- steps:
+- - name: Clone the repository
+- uses: actions/checkout@v2
+- - name: Build and Run the Docker Image
+- run: bash tools/run_container.sh "fedora_26"
+- fedora29:
+- runs-on: ubuntu-latest
+- steps:
+- - name: Clone the repository
+- uses: actions/checkout@v2
+- - name: Build and Run the Docker Image
+- run: bash tools/run_container.sh "fedora_29"
+ fedora31:
+ runs-on: ubuntu-latest
+ steps:
+--
+1.8.3.1
+
diff --git a/SOURCES/0008-Add-GitLab-synchronization-job.patch b/SOURCES/0008-Add-GitLab-synchronization-job.patch
new file mode 100644
index 0000000..2c7dd0a
--- /dev/null
+++ b/SOURCES/0008-Add-GitLab-synchronization-job.patch
@@ -0,0 +1,100 @@
+From ce25f8d7f8d9f17c8509b60209eecff1e36d08f2 Mon Sep 17 00:00:00 2001
+From: "Endi S. Dewata" <edewata@redhat.com>
+Date: Thu, 15 Jul 2021 13:27:43 -0500
+Subject: [PATCH 4/8] Add GitLab synchronization job
+
+The .gitlab-ci.yml has been added to define a job to
+synchronize a branch from an upstream repository to a
+GitLab repository.
+---
+ .gitlab-ci.yml | 22 +++++++++++
+ docs/development/Synchronizing-GitLab-Branch.adoc | 48 +++++++++++++++++++++++
+ 2 files changed, 70 insertions(+)
+ create mode 100644 .gitlab-ci.yml
+ create mode 100644 docs/development/Synchronizing-GitLab-Branch.adoc
+
+diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
+new file mode 100644
+index 0000000..249e240
+--- /dev/null
++++ b/.gitlab-ci.yml
+@@ -0,0 +1,22 @@
++image: fedora
++
++sync:
++
++ script:
++ - echo "Synchronizing $CI_COMMIT_BRANCH branch from $UPSTREAM_URL to $CI_PROJECT_URL"
++ - dnf install -y git
++ - git remote set-url origin https://sync:$ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git
++ - git remote remove upstream || true
++ - git remote add upstream $UPSTREAM_URL
++ - git remote -v
++ - git fetch upstream $CI_COMMIT_BRANCH
++ - git checkout upstream/$CI_COMMIT_BRANCH
++ - git log origin/$CI_COMMIT_BRANCH..upstream/$CI_COMMIT_BRANCH --oneline
++ - GIT_SSL_NO_VERIFY=true git push origin HEAD:$CI_COMMIT_BRANCH
++
++ rules:
++ - if: $SYNC == "true"
++
++ tags:
++ # Use shared runners.
++ - shared
+diff --git a/docs/development/Synchronizing-GitLab-Branch.adoc b/docs/development/Synchronizing-GitLab-Branch.adoc
+new file mode 100644
+index 0000000..b0937f2
+--- /dev/null
++++ b/docs/development/Synchronizing-GitLab-Branch.adoc
+@@ -0,0 +1,48 @@
++= Synchronizing GitLab Branch =
++
++== Overview ==
++
++This page describes the procedure to synchronize a branch from an upstream repository
++to a GitLab repository.
++
++== Creating Access Token ==
++
++In the GitLab repository create a project access token with a **write_repository** permission.
++
++See link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#creating-a-project-access-token[Creating a project access token].
++
++== Configuring Synchronization ==
++
++In the GitLab repository create the following variables:
++
++* `UPSTREAM_URL`: The URL of the upstream repository.
++** Unselect **Protect variable** to synchronize unprotected branches.
++* `ACCESS_TOKEN`: The value of the access token.
++** Unselect **Protect variable** to synchronize unprotected branches.
++** Select **Mask variable** to keep the access token hidden.
++
++See link:https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project[Add a CI/CD variable to a project].
++
++== Running Synchronization Manually ==
++
++In the GitLab repository run a pipeline with the following parameters:
++
++* **Run for branch name or tag**: The branch to be synchronized.
++* **Variables**:
++** `SYNC`: `true`
++
++See link:https://docs.gitlab.com/ee/ci/pipelines/#run-a-pipeline-manually[Run a pipeline manually].
++
++== Scheduling Automatic Synchronization ==
++
++In the GitLab repository create a schedule with the following parameters:
++
++* **Interval Pattern**: The frequency of synchronization.
++** To synchronize every hour, enter: `0 * * * *`
++* **Target Branch**: The branch to be synchronized.
++* **Variables**:
++** `SYNC`: `true`
++
++Additional schedules can be created for synchronizing other branches.
++
++See link:https://docs.gitlab.com/ee/ci/pipelines/schedules.html#configuring-pipeline-schedules[Configuring pipeline schedules].
+--
+1.8.3.1
+
diff --git a/SOURCES/0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch b/SOURCES/0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch
new file mode 100644
index 0000000..61b5a8c
--- /dev/null
+++ b/SOURCES/0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch
@@ -0,0 +1,75 @@
+From 3adb695ea6a7f50d7631a4c048f75dae078889fa Mon Sep 17 00:00:00 2001
+From: Jack Magne <jmagne@redhat.com>
+Date: Thu, 24 Aug 2023 20:41:00 -0400
+Subject: [PATCH 5/8] Fix Bug 2180920 add AES support for TMS server-side
+ keygen on latest HSM / FIPS environment [RHCS 9.7.z]
+
+Back port AES KWP wrap alg support only for JSS in this branch to allow for the TMS bug referenced above to work.
+---
+ org/mozilla/jss/crypto/Algorithm.c | 3 ++-
+ org/mozilla/jss/crypto/Algorithm.h | 2 +-
+ org/mozilla/jss/crypto/Algorithm.java | 2 ++
+ org/mozilla/jss/crypto/KeyWrapAlgorithm.java | 8 ++++++++
+ 4 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/org/mozilla/jss/crypto/Algorithm.c b/org/mozilla/jss/crypto/Algorithm.c
+index 84290ad..9492d01 100644
+--- a/org/mozilla/jss/crypto/Algorithm.c
++++ b/org/mozilla/jss/crypto/Algorithm.c
+@@ -96,7 +96,8 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
+ /* the CKM_AES_KEY_WRAP_* have different defs than CKM_NSS_AES_KEY_WRAP_* */
+ /* 65 */ {CKM_AES_KEY_WRAP, PK11_MECH},
+ /* 66 */ {CKM_AES_KEY_WRAP_PAD, PK11_MECH},
+-/* 67 */ {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG}
++/* 67 */ {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG},
++/* 68 */ {CKM_AES_KEY_WRAP_KWP, PK11_MECH}
+ /* REMEMBER TO UPDATE NUM_ALGS!!! */
+ };
+
+diff --git a/org/mozilla/jss/crypto/Algorithm.h b/org/mozilla/jss/crypto/Algorithm.h
+index 09b5869..6bf4d96 100644
+--- a/org/mozilla/jss/crypto/Algorithm.h
++++ b/org/mozilla/jss/crypto/Algorithm.h
+@@ -24,7 +24,7 @@ typedef struct JSS_AlgInfoStr {
+ JSS_AlgType type;
+ } JSS_AlgInfo;
+
+-#define NUM_ALGS 68
++#define NUM_ALGS 69
+
+ extern JSS_AlgInfo JSS_AlgTable[];
+ extern CK_ULONG JSS_symkeyUsage[];
+diff --git a/org/mozilla/jss/crypto/Algorithm.java b/org/mozilla/jss/crypto/Algorithm.java
+index 26d4758..bd93f13 100644
+--- a/org/mozilla/jss/crypto/Algorithm.java
++++ b/org/mozilla/jss/crypto/Algorithm.java
+@@ -229,5 +229,7 @@ public class Algorithm {
+ protected static final short CKM_AES_KEY_WRAP_PAD=66;
+ // RSA-PSS
+ protected static final short SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 67;
++ // CKM_AES_KEY_WRAP_KWP for HSM support
++ protected static final int CKM_AES_KEY_WRAP_KWP = 68;
+
+ }
+diff --git a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
+index 3113f61..346eca7 100644
+--- a/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
++++ b/org/mozilla/jss/crypto/KeyWrapAlgorithm.java
+@@ -130,6 +130,14 @@ public class KeyWrapAlgorithm extends Algorithm {
+ AES_KEY_WRAP_PAD = new KeyWrapAlgorithm(CKM_NSS_AES_KEY_WRAP_PAD, "AES KeyWrap/Padding",
+ (Class<?>) null, true, 8);
+
++ /*
++ * Added to support HSMs. There is no CKM_NSS equivalent, unlike the
++ * above two mechanisms.
++ */
++ public static final KeyWrapAlgorithm
++ AES_KEY_WRAP_PAD_KWP = new KeyWrapAlgorithm(CKM_AES_KEY_WRAP_KWP, "AES KeyWrap/Wrapped",
++ (Class<?>) null, true, 8);
++
+ public static final OBJECT_IDENTIFIER AES_KEY_WRAP_PAD_OID = new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.1.8");
+ public static final OBJECT_IDENTIFIER AES_KEY_WRAP_OID = new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.1.5");
+ public static final OBJECT_IDENTIFIER AES_CBC_PAD_OID = new OBJECT_IDENTIFIER("2.16.840.1.101.3.4.1.2");
+--
+1.8.3.1
+
diff --git a/SOURCES/0011-Bug2184930_Fix-AIA-externsion-print.patch b/SOURCES/0011-Bug2184930_Fix-AIA-externsion-print.patch
new file mode 100644
index 0000000..074e5f1
--- /dev/null
+++ b/SOURCES/0011-Bug2184930_Fix-AIA-externsion-print.patch
@@ -0,0 +1,62 @@
+From 454808d107f1d97d55b1c052740e5449e7a0d9ab Mon Sep 17 00:00:00 2001
+From: Marco Fargetta <mfargett@redhat.com>
+Date: Fri, 5 May 2023 19:12:43 +0200
+Subject: [PATCH 7/8] Bug2184930_Fix AIA externsion print
+
+The "Authority Info Access" extension was not included in the oid
+extension map so it was not correctly printed.
+
+This add AIA extension to the oid map.
+---
+ org/mozilla/jss/netscape/security/x509/OIDMap.java | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/org/mozilla/jss/netscape/security/x509/OIDMap.java b/org/mozilla/jss/netscape/security/x509/OIDMap.java
+index 750bc80..d664f42 100644
+--- a/org/mozilla/jss/netscape/security/x509/OIDMap.java
++++ b/org/mozilla/jss/netscape/security/x509/OIDMap.java
+@@ -25,6 +25,7 @@ import java.util.Hashtable;
+ import java.util.Iterator;
+ import java.util.Properties;
+
++import org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension;
+ import org.mozilla.jss.netscape.security.util.ObjectIdentifier;
+
+ /**
+@@ -61,6 +62,8 @@ public class OIDMap {
+ AuthorityKeyIdentifierExtension.NAME;
+ private static final String SUB_KEY_IDENTIFIER = ROOT + "." +
+ SubjectKeyIdentifierExtension.NAME;
++ private static final String AUTHORITY_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
++ AuthInfoAccessExtension.NAME;
+ private static final String KEY_USAGE = ROOT + "." +
+ KeyUsageExtension.NAME;
+ private static final String PRIVATE_KEY_USAGE = ROOT + "." +
+@@ -81,6 +84,7 @@ public class OIDMap {
+ CertificatePoliciesExtension.NAME;
+ private static final String SUBJ_DIR_ATTR = //ROOT + "." +
+ SubjectDirAttributesExtension.NAME;
++
+ public static final String EXT_KEY_USAGE_NAME = "ExtendedKeyUsageExtension";
+ public static final String EXT_INHIBIT_ANY_POLICY_NAME = "InhibitAnyPolicyExtension";
+ private static final String EXT_KEY_USAGE = //ROOT + "." +
+@@ -105,6 +109,7 @@ public class OIDMap {
+ // Load the default name to oid map (EXTENSIONS_OIDS)
+ private static void loadNamesDefault(Properties props) {
+ props.put(SUB_KEY_IDENTIFIER, "2.5.29.14");
++ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.1");
+ props.put(KEY_USAGE, "2.5.29.15");
+ props.put(PRIVATE_KEY_USAGE, "2.5.29.16");
+ props.put(SUB_ALT_NAME, "2.5.29.17");
+@@ -127,6 +132,8 @@ public class OIDMap {
+ "org.mozilla.jss.netscape.security.x509.AuthorityKeyIdentifierExtension");
+ props.put(SUB_KEY_IDENTIFIER,
+ "org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension");
++ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER,
++ "org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension");
+ props.put(KEY_USAGE,
+ "org.mozilla.jss.netscape.security.x509.KeyUsageExtension");
+ props.put(PRIVATE_KEY_USAGE,
+--
+1.8.3.1
+
diff --git a/SOURCES/0012-Bug2209624_Fix-SIA-extension.patch b/SOURCES/0012-Bug2209624_Fix-SIA-extension.patch
new file mode 100644
index 0000000..730cfdd
--- /dev/null
+++ b/SOURCES/0012-Bug2209624_Fix-SIA-extension.patch
@@ -0,0 +1,54 @@
+From 9c1f9f35baa5a88f739e96fd0f053224b43591af Mon Sep 17 00:00:00 2001
+From: Marco Fargetta <mfargett@redhat.com>
+Date: Wed, 24 May 2023 13:25:29 +0200
+Subject: [PATCH 8/8] Bug2209624_Fix SIA extension
+
+The "Subject Info Access" extension was not included in the oid
+extension map so it was not correctly printed.
+
+This add SIA extension to the oid map.
+---
+ org/mozilla/jss/netscape/security/x509/OIDMap.java | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/org/mozilla/jss/netscape/security/x509/OIDMap.java b/org/mozilla/jss/netscape/security/x509/OIDMap.java
+index d664f42..eac8b5c 100644
+--- a/org/mozilla/jss/netscape/security/x509/OIDMap.java
++++ b/org/mozilla/jss/netscape/security/x509/OIDMap.java
+@@ -26,6 +26,7 @@ import java.util.Iterator;
+ import java.util.Properties;
+
+ import org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension;
++import org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension;
+ import org.mozilla.jss.netscape.security.util.ObjectIdentifier;
+
+ /**
+@@ -64,6 +65,8 @@ public class OIDMap {
+ SubjectKeyIdentifierExtension.NAME;
+ private static final String AUTHORITY_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
+ AuthInfoAccessExtension.NAME;
++ private static final String SUBJECT_INFORMATION_ACCESS_IDENTIFIER = ROOT + "." +
++ SubjectInfoAccessExtension.NAME;
+ private static final String KEY_USAGE = ROOT + "." +
+ KeyUsageExtension.NAME;
+ private static final String PRIVATE_KEY_USAGE = ROOT + "." +
+@@ -110,6 +113,7 @@ public class OIDMap {
+ private static void loadNamesDefault(Properties props) {
+ props.put(SUB_KEY_IDENTIFIER, "2.5.29.14");
+ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.1");
++ props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER, "1.3.6.1.5.5.7.1.11");
+ props.put(KEY_USAGE, "2.5.29.15");
+ props.put(PRIVATE_KEY_USAGE, "2.5.29.16");
+ props.put(SUB_ALT_NAME, "2.5.29.17");
+@@ -134,6 +138,8 @@ public class OIDMap {
+ "org.mozilla.jss.netscape.security.x509.SubjectKeyIdentifierExtension");
+ props.put(AUTHORITY_INFORMATION_ACCESS_IDENTIFIER,
+ "org.mozilla.jss.netscape.security.extensions.AuthInfoAccessExtension");
++ props.put(SUBJECT_INFORMATION_ACCESS_IDENTIFIER,
++ "org.mozilla.jss.netscape.security.extensions.SubjectInfoAccessExtension");
+ props.put(KEY_USAGE,
+ "org.mozilla.jss.netscape.security.x509.KeyUsageExtension");
+ props.put(PRIVATE_KEY_USAGE,
+--
+1.8.3.1
+
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index b578c43..26ba6aa 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/JSS
License: MPLv1.1 or GPLv2+ or LGPLv2+
Version: 4.4.9
-Release: 3%{?dist}
+Release: 4%{?dist}
# To generate the source tarball:
# $ git clone https://github.com/dogtagpki/jss.git
@@ -27,6 +27,15 @@ Patch0: 0001-Remove-space-from-AlgorithmId.toString.patch
Patch1: 0002-Fix-SHA512withRSA-PSS-identifier.patch
Patch2: 0003-Add-AlgorithmId.toStringWithParams-fix-toString.patch
Patch3: 0004-More-SHA256withRSA-PSS-algorithm-fixes.-Various-typo.patch
+Patch4: 0005-Related-Bug-1710105-JSS-add-RSA-PSS-support.patch
+Patch5: 0006-Update-.gitignore.patch
+Patch6: 0007-Update-CI-tests.patch
+Patch7: 0008-Add-GitLab-synchronization-job.patch
+Patch8: 0009-Fix-Bug-2180920-add-AES-support-for-TMS-server-side-.patch
+#Patch9: 0010-Fix-Issue-RHCS-4675.patch
+Patch10: 0011-Bug2184930_Fix-AIA-externsion-print.patch
+Patch11: 0012-Bug2209624_Fix-SIA-extension.patch
+
Conflicts: idm-console-framework < 1.1.17-4
Conflicts: pki-base < 10.4.0
@@ -35,8 +44,8 @@ Conflicts: tomcatjss < 7.2.1
# autosetup
BuildRequires: git
-BuildRequires: nss-devel >= 3.28.4-6
-BuildRequires: nspr-devel >= 4.13.1
+BuildRequires: nss-devel >= 3.90.0-2
+BuildRequires: nspr-devel >= 4.35.0-1
BuildRequires: java-1.8.0-openjdk-devel
BuildRequires: jpackage-utils
%if 0%{?fedora} >= 25 || 0%{?rhel} > 7
@@ -45,7 +54,7 @@ BuildRequires: perl-interpreter
BuildRequires: apache-commons-lang
BuildRequires: apache-commons-codec
-Requires: nss >= 3.28.4-6
+Requires: nss >= 3.90.0-2
Requires: java-1.8.0-openjdk-headless
Requires: jpackage-utils
Requires: apache-commons-lang
@@ -181,6 +190,34 @@ cp -p jss/*.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
################################################################################
%changelog
+* Tue Mar 5 2024 Dogtag PKI Team <pki-devel@redhat.com> 4.4.9-4
+- Updated nspr-devel and nss-devel build requirements as well as nss runtime
+ requirements [mharmsen]
+- RHEL-18401 - JSS - add AES support for TMS server-side keygen on latest
+ HSM / FIPS environment [RHEL 7.9.z] [jmagne]
+- JSS: add RSA PSS support
+ Add PSS cases to algorithm name translating method [jmagne]
+- Add GitLab synchronization job [edewata]
+- Add AES support for TMS server-side keygen on latest
+ HSM / FIPS environment [RHCS 9.7.z]
+ Back port AES KWP wrap alg support only for JSS in this branch to allow for
+ the TMS bug referenced above to work. [jmagne]
+- Empty commit to fix commit msg from previous commit
+ JSS- add AES support for TMS server-side keygen on latest HSM / FIPS
+ environment [RHCS 9.7.z]
+ Back port AES KWP wrap alg support only for JSS in this branch to allow for
+ the TMS bug referenced above to work. [jmagne]
+- RHEL-23935 - JSS - PrettyPrintCert does not properly translate AIA
+ information into a readable format [RHEL 7.9.z] [mfargett]
+- Fix AIA extension print
+ The "Authority Info Access" extension was not included in the oid
+ extension map so it was not correctly printed.
+ This add AIA extension to the oid map. [mfargett]
+- Fix SIA extension
+ The "Subject Info Access" extension was not included in the oid
+ extension map so it was not correctly printed.
+ This add SIA extension to the oid map. [mfargett]
+
* Thu May 7 2020 Dogtag PKI Team <pki-devel@redhat.com> 4.4.9-3
- Fix issue with RSA/PSS and SHA-512
Bugzilla #1710105