4 changed files with 319 additions and 152 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/jss-5.4.1.tar.gz
+SOURCES/jss-4.9.4.tar.gz
--- a/.jss.metadata
+++ b/.jss.metadata
@ -1 +1 @@
-e5418bf90626b135ab43e0caefa04c4b1c6763fa SOURCES/jss-5.4.1.tar.gz
+b99d8fd7a9296f7cf480ca92a097dcf18c41eb53 SOURCES/jss-4.9.4.tar.gz
--- a/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch
+++ b/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch
@ -0,0 +1,129 @@
 From 52f273439a4012bb1426e59b14195c2d4f2d45e5 Mon Sep 17 00:00:00 2001
 From: tigro <tigro@msvsphere-os.ru>
 Date: Mon, 20 May 2024 10:13:36 +0300
 Subject: [PATCH] Skip SSLClient tests for old openssl
 ---
 cmake/JSSTests.cmake | 69 --------------------------------------------
 1 file changed, 69 deletions(-)
 diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake
 index 453e3e0..4f93ce3 100644
 --- a/cmake/JSSTests.cmake
 +++ b/cmake/JSSTests.cmake
@@ -185,11 +185,6 @@ macro(jss_tests)
         COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose"
         DEPENDS "Generate_known_ECDSA_cert_pair"
     )
 -    jss_test_java(
 -        NAME "SSLClientAuth"
 -        COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH}" "50"
 -        DEPENDS "List_CA_certs"
 -    )
     jss_test_java(
         NAME "Key_Generation"
         COMMAND "org.mozilla.jss.tests.TestKeyGen" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
@@ -268,26 +263,6 @@ macro(jss_tests)
         COMMAND "org.mozilla.jss.tests.X509CertTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
         DEPENDS "List_CA_certs"
     )
 -    jss_test_java(
 -        NAME "KeyStoreTest"
 -        COMMAND "org.mozilla.jss.tests.KeyStoreTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" getAliases
 -        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
 -    )
 -    jss_test_java(
 -        NAME "JSSProvider"
 -        COMMAND "org.mozilla.jss.tests.JSSProvider" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
 -        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
 -    )
 -    jss_test_java(
 -        NAME "SSLEngine_RSA"
 -        COMMAND "org.mozilla.jss.tests.TestSSLEngine" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "Client_RSA" "Server_RSA"
 -        DEPENDS "List_CA_certs"
 -    )
 -    jss_test_java(
 -        NAME "SSLEngine_ECDSA"
 -        COMMAND "org.mozilla.jss.tests.TestSSLEngine" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "Client_ECDSA" "Server_ECDSA"
 -        DEPENDS "SSLEngine_RSA"
 -    )
     if(NOT FIPS_ENABLED)
         jss_test_java(
@@ -321,21 +296,11 @@ macro(jss_tests)
         )
         # SSL Engine related tests
 -        jss_test_exec(
 -            NAME "TestBufferPRFDSSL_RSA"
 -            COMMAND "${BIN_OUTPUT_DIR}/TestBufferPRFDSSL" "${RESULTS_NSSDB_OUTPUT_DIR}" "${DB_PWD}" "Server_RSA"
 -            DEPENDS "List_CA_certs" "generate_c_TestBufferPRFDSSL"
 -        )
         jss_test_exec(
             NAME "TestBufferPRFDSSL_ECDSA"
             COMMAND "${BIN_OUTPUT_DIR}/TestBufferPRFDSSL" "${RESULTS_NSSDB_OUTPUT_DIR}" "${DB_PWD}" "Server_ECDSA"
             DEPENDS "List_CA_certs" "generate_c_TestBufferPRFDSSL"
         )
 -        jss_test_java(
 -            NAME "JSS_Test_BufferPRFD"
 -            COMMAND "org.mozilla.jss.tests.TestBufferPRFD" "${RESULTS_NSSDB_OUTPUT_DIR}" "${DB_PWD}"
 -            DEPENDS "List_CA_certs"
 -        )
         # FIPS-related tests
         jss_test_java(
@@ -365,22 +330,6 @@ macro(jss_tests)
         # The current version of NSS features partial support for TLS 1.3 in
         # FIPS mode.
 -        if (NOT SANDBOX)
 -            jss_test_java(
 -                NAME "SSLClientAuth_FIPSMODE"
 -                COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH_FIPS}" "60"
 -                DEPENDS "Enable_FipsMODE"
 -                MODE "FIPS"
 -            )
 -        else()
 -            jss_test_java(
 -                NAME "SSLClientAuth_FIPSMODE"
 -                COMMAND "org.mozilla.jss.tests.JSSProvider"
 -                DEPENDS "Enable_FipsMODE"
 -                MODE "FIPS"
 -            )
 -        endif()
 -
         jss_test_java(
             NAME "HMAC_FIPSMODE"
             COMMAND "org.mozilla.jss.tests.CrossHMACTest" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}"
@@ -405,28 +354,10 @@ macro(jss_tests)
             DEPENDS "Enable_FipsMODE"
             MODE "FIPS"
         )
 -        jss_test_java(
 -            NAME "SSLEngine_RSA_FIPSMODE"
 -            COMMAND "org.mozilla.jss.tests.TestSSLEngine" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}" "Client_RSA" "Server_RSA"
 -            DEPENDS "Enable_FipsMODE" "SSLEngine_ECDSA"
 -            MODE "FIPS"
 -        )
 -        jss_test_java(
 -            NAME "SSLEngine_ECDSA_FIPSMODE"
 -            COMMAND "org.mozilla.jss.tests.TestSSLEngine" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}" "Client_ECDSA" "Server_ECDSA"
 -            DEPENDS "SSLEngine_RSA_FIPSMODE" "SSLEngine_ECDSA"
 -            MODE "FIPS"
 -        )
         # Since we need to disable FIPS mode _after_ all FIPS-mode tests have
         # run, we have to add a strict dependency from Disable_FipsMODE onto all
         # FIPS-related checks.
 -        jss_test_java(
 -            NAME "Disable_FipsMODE"
 -            COMMAND "org.mozilla.jss.tests.FipsTest" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "disable"
 -            DEPENDS "check_FipsMODE" "SSLClientAuth_FIPSMODE" "HMAC_FIPSMODE" "KeyWrapping_FIPSMODE" "Mozilla_JSS_JCA_Signature_FIPSMODE" "JSS_Signature_test_FipsMODE" "SSLEngine_RSA_FIPSMODE" "SSLEngine_ECDSA_FIPSMODE"
 -            MODE "NONE"
 -        )
     endif()
     jss_test_java(
 -- 
 2.45.0
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@ -2,32 +2,19 @@
 Name:           jss
 ################################################################################
-%global         product_id idm-jss
+%global         major_version 4
-
+%global         minor_version 9
-# Upstream version number:
+%global         update_version 4
 %global         major_version 5
 %global         minor_version 4
 %global         update_version 1
 # Downstream release number:
 # - development/stabilization (unsupported): 0.<n> where n >= 1
 # - GA/update (supported): <n> where n >= 1
 %global         release_number 2
 # Development phase:
 # - development (unsupported): alpha<n> where n >= 1
 # - stabilization (unsupported): beta<n> where n >= 1
 # - GA/update (supported): <none>
 #global         phase
 %undefine       timestamp
 %undefine       commit_id
 Summary:        Java Security Services (JSS)
-URL:            https://github.com/dogtagpki/jss
+URL:            http://www.dogtagpki.org/wiki/JSS
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
 Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp}%{?commit_id:.}%{?commit_id}%{?dist}
+Release:        1%{?_timestamp}%{?_commit_id}%{?dist}.inferit
 #global         _phase -alpha1
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@ -36,7 +23,8 @@ Release:        %{release_number}%{?phase:.}%{?phase}%{?timestamp:.}%{?timestamp
 # $ git push origin v4.5.<z>
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
-Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%{?phase}/jss-%{version}%{?phase:-}%{?phase}.tar.gz
+Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phase}/%{name}-%{version}%{?_phase}.tar.gz
 Patch0:         0001-Skip-SSLClient-tests-for-old-openssl.patch
 # To create a patch for all changes since a version tag:
 # $ git format-patch \
@ -45,33 +33,28 @@ Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?phase:-}%
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
 %if 0%{?fedora} && 0%{?fedora} > 35
 ExclusiveArch: %{java_arches}
 %else
 ExcludeArch: i686
 %endif
 ################################################################################
 # Java
 ################################################################################
-%define java_devel java-17-openjdk-devel
+%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
-%define java_headless java-17-openjdk-headless
+%define java_devel java-1.8.0-openjdk-devel
-%define java_home %{_jvmdir}/jre-17-openjdk
+%define java_headless java-1.8.0-openjdk-headless
 %define java_home /usr/lib/jvm/jre-1.8.0-openjdk
 %else
 %define java_devel java-11-openjdk-devel
 %define java_headless java-11-openjdk-headless
 %define java_home /usr/lib/jvm/jre-11-openjdk
 %endif
 ################################################################################
 # Build Options
 ################################################################################
-# By default the javadoc package will be built unless --without javadoc
+# By default the build will execute unit tests unless --without test
 # option is specified.
-%bcond_without javadoc
+%bcond_without test
 # By default the build will not execute unit tests unless --with tests
 # option is specified.
 %bcond_with tests
 ################################################################################
 # Build Dependencies
@ -83,81 +66,58 @@ BuildRequires:  zip
 BuildRequires:  unzip
 BuildRequires:  gcc-c++
-BuildRequires:  nss-devel >= 3.66
+BuildRequires:  nss-devel >= 3.44
-BuildRequires:  nss-tools >= 3.66
+BuildRequires:  nss-tools >= 3.44
 BuildRequires:  %{java_devel}
-BuildRequires:  maven-local
+BuildRequires:  jpackage-utils
-BuildRequires:  mvn(org.apache.commons:commons-lang3)
+BuildRequires:  slf4j
-BuildRequires:  mvn(org.slf4j:slf4j-api)
+BuildRequires:  glassfish-jaxb-api
-BuildRequires:  mvn(org.slf4j:slf4j-jdk14)
+BuildRequires:  slf4j-jdk14
-BuildRequires:  mvn(junit:junit)
+BuildRequires:  apache-commons-lang3
-%description
+BuildRequires:  junit
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 ################################################################################
 %package -n %{product_id}
 ################################################################################
 Summary:        Java Security Services (JSS)
 Requires:       nss >= 3.66
 Requires:       nss >= 3.44
 Requires:       %{java_headless}
-Requires:       mvn(org.apache.commons:commons-lang3)
+Requires:       jpackage-utils
-Requires:       mvn(org.slf4j:slf4j-api)
+Requires:       slf4j
-Requires:       mvn(org.slf4j:slf4j-jdk14)
+Requires:       glassfish-jaxb-api
 Requires:       slf4j-jdk14
 Requires:       apache-commons-lang3
 Obsoletes:      jss < %{version}-%{release}
 Provides:       jss = %{version}-%{release}
 Provides:       jss = %{major_version}.%{minor_version}
 Provides:       %{product_id} = %{major_version}.%{minor_version}
 Conflicts:      ldapjdk < 4.20
 Conflicts:      idm-console-framework < 1.2
 Conflicts:      tomcatjss < 7.6.0
 Conflicts:      pki-base < 10.10.0
-%description -n %{product_id}
+%description
 Java Security Services (JSS) is a java native interface which provides a bridge
 for java-based applications to use native Network Security Services (NSS).
 This only works with gcj. Other JREs require that JCE providers be signed.
 %if %{with javadoc}
 ################################################################################
-%package -n %{product_id}-javadoc
+%package javadoc
 ################################################################################
 Summary:        Java Security Services (JSS) Javadocs
-Obsoletes:      jss-javadoc < %{version}-%{release}
+Provides:       javadoc = %{major_version}.%{minor_version}
 Provides:       jss-javadoc = %{version}-%{release}
 Provides:       jss-javadoc = %{major_version}.%{minor_version}
 Provides:       %{product_id}-javadoc = %{major_version}.%{minor_version}
-%description -n %{product_id}-javadoc
+%description javadoc
 This package contains the API documentation for JSS.
 %endif
 ################################################################################
 %prep
 ################################################################################
-%autosetup -n jss-%{version}%{?phase:-}%{?phase} -p 1
+%autosetup -n %{name}-%{version}%{?_phase} -p 1
 ################################################################################
 %build
 ################################################################################
 # Set build flags for CMake
 # (see /usr/lib/rpm/macros.d/macros.cmake)
 %set_build_flags
 export JAVA_HOME=%{java_home}
 # Enable compiler optimizations
 export BUILD_OPT=1
@ -168,107 +128,185 @@ export CFLAGS
 # Check if we're in FIPS mode
 modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
-./build.sh \
+# The Makefile is not thread-safe
-    %{?_verbose:-v} \
+%cmake \
-    --work-dir=%{_vpath_builddir} \
+    -DVERSION=%{version} \
-    --prefix-dir=%{_prefix} \
+    -DJAVA_HOME=%{java_home} \
-    --include-dir=%{_includedir} \
+    -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-    --lib-dir=%{_libdir} \
+    -DJSS_LIB_INSTALL_DIR=%{_libdir}/jss \
-    --sysconf-dir=%{_sysconfdir} \
+    -B %{_vpath_builddir}
-    --share-dir=%{_datadir} \
+
-    --cmake=%{__cmake} \
+cd %{_vpath_builddir}
-    --java-home=%{java_home} \
+
-    --jni-dir=%{_jnidir} \
+%{__make} \
-    --version=%{version} \
+    VERBOSE=%{?_verbose} \
-    %{!?with_javadoc:--without-javadoc} \
+    CMAKE_NO_VERBOSE=1 \
-    %{?with_tests:--with-tests} \
+    --no-print-directory \
-    dist
+    all
 %{__make} \
    VERBOSE=%{?_verbose} \
    CMAKE_NO_VERBOSE=1 \
    --no-print-directory \
    javadoc
 %if %{with test}
 ctest --output-on-failure
 %endif
 ################################################################################
 %install
 ################################################################################
-./build.sh \
+cd %{_vpath_builddir}
-    %{?_verbose:-v} \
+
-    --work-dir=%{_vpath_builddir} \
+%{__make} \
-    --install-dir=%{buildroot} \
+    VERBOSE=%{?_verbose} \
    CMAKE_NO_VERBOSE=1 \
    DESTDIR=%{buildroot} \
    INSTALL="install -p" \
    --no-print-directory \
    install
 ################################################################################
-%files -n %{product_id}
+%files
 ################################################################################
 %defattr(-,root,root,-)
 %doc jss.html
-%license MPL-1.1.txt gpl.txt lgpl.txt symkey/LICENSE
+%license MPL-1.1.txt gpl.txt lgpl.txt
 %{_libdir}/*
 %{_jnidir}/*
 %if %{with javadoc}
 ################################################################################
 %files -n %{product_id}-javadoc
 ################################################################################
 %files javadoc
 %defattr(-,root,root,-)
-%{_javadocdir}/jss/
+%{_javadocdir}/%{name}-%{version}/
 %endif
 ################################################################################
 %changelog
-* Wed May 31 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.4.1-1
+* Mon May 20 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 4.11.0-1.inferit
- Rebase to JSS 5.4.1
+- Skip SSLClient tests for old openssl
 * Wed Apr 03 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 4.11.0-1
 - Rebuilt for MSVSphere 8.10 beta
 * Thu Feb 08 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.11.0-1
 - Rebase to JSS 4.11.0
 * Tue Jan 16 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.10.0-0.1
 - Rebase to JSS 4.10.0-alpha1
 * Fri Jan 12 2024 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.8-1
 - Rebase to JSS 4.9.8
 * Wed Jun 01 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.4-1
 - Rebase to JSS 4.9.4
 - Bug 2013674 - JSS cannot be properly initialized after using another NSS-backed security provider
 * Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.3-1
 - Rebase to JSS 4.9.3
 - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8]
 * Mon Nov 15 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.2-1
 - Rebase to JSS 4.9.2
 * Tue Sep 21 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.1-1
 - Rebase to JSS 4.9.1
 * Mon Jul 26 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-1
 - Rebase to JSS 4.9.0
 * Fri Jun 11 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.2
 - Rebase to JSS 4.9.0-alpha2
 * Wed Jun 02 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.9.0-0.1
 - Rebase to JSS 4.9.0-alpha1
 * Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
 - Rebase to upstream JSS v4.8.1
 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
 - Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
 * Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
 - Only check PKCS11Constants on beta builds
 - Bump tomcatjss, pki-core conflicts due to lang3
 * Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
 - Rebase to upstream JSS v4.8.0
 * Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
 - Rebase to upstream JSS v4.8.0-b1
 * Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
 - Rebase to upstream stable release JSS v4.7.3
 - Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
 * Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.2-1
 - Rebase to upstream stable release JSS v4.7.2
 - Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close
 * Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.1-1
 - Rebase to upstream stable release JSS v4.7.1
 * Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-1
 - Rebase to upstream stable release JSS v4.7.0
 - Fixed TestSSLEngine
 * Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.4
 - Rebased to JSS 4.7.0-b4
 * Mon Jun 22 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.3
 - Rebased to JSS 4.7.0-b3
 * Tue May 26 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.1
 - Rebased to JSS 4.7.0-b1
-* Thu Feb 09 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-1
+* Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4
- Rebase to JSS 5.3.0
+- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
-* Thu Jan 05 2023 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.3.beta2
+* Mon Mar 02 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-3
- Rebase to JSS 5.3.0-beta2
+- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing
 - Bug 2017098 - pki pkcs12-cert-add command failing with 'Unable to validate PKCS #12 file: Digests do not match' exception
-* Wed Nov 30 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.3.0-0.2.beta1
+* Tue Oct 29 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-2
- Rebase to JSS 5.3.0-beta1
+- Red Hat Bugzilla #1730767 - JSS: Wrap NSS CMAC + KDF implementations
 - Rebased to JSS 4.6.2
-* Fri Sep 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.1-1
+* Wed Sep 11 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-5
- Rebase to JSS 5.2.1
+- Red Hat Bugzilla #1747987 - CVE 2019-14823 jss: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
 - Bug 2100807 - pki-tomcat/kra unable to decrypt when using RSA-OAEP padding in RHEL9 with FIPS enabled
-* Wed Jun 29 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-1
+* Wed Aug 14 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-4
- Rebase to JSS 5.2.0
+- Red Hat Bugzilla #1698059 - pki-core implements crypto
-* Mon May 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.3.beta2
+* Tue Jul 16 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-3
- Rebase to JSS 5.2.0-beta2
+- Red Hat Bugzilla #1721135 - JSS - LD_FLAGS support
 - Rename packages to idm-jss
-* Wed Apr 13 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.2.0-0.2.beta1
+* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-2
- Rebase to JSS 5.2.0-beta1
+- Minor updates to release
-* Tue Feb 15 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.3-1
+* Wed Jun 12 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.0-1
- Rebase to JSS 5.0.3
+- Rebased to JSS 4.6.0
 - Bug 2046023 - CVE-2021-4213 jss: memory leak in TLS connection leads to OOM [rhel-9.0]
-* Wed Feb 02 2022 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.2-1
+* Thu Apr 25 2019 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.3-1
- Rebase to JSS 5.0.2
+- Rebased to JSS 4.5.3
 - Bug 2029838 - SHA1withRSA being listed in signing certificates while approving certificate via Agent page in browser
-* Fri Nov 19 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.1-1
+* Fri Aug 10 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-1
- Rebase to JSS 5.0.1
+- Rebased to JSS 4.5.0
-* Tue Oct 05 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-1
+* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.6
- Rebase to JSS 5.0.0
+- Rebased to JSS 4.5.0-b1
-* Thu Sep 16 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.5.beta1
+* Tue Aug 07 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.5
- Rebase to JSS 5.0.0-beta1
+- Red Hat Bugzilla #1612063 - Do not override system crypto policy (support TLS 1.3)
-* Thu Sep 09 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.4.alpha1
+* Fri Jul 20 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.4
- Drop BuildRequires and Requires on glassfish-jaxb-api
+- Rebased to JSS 4.5.0-a4
-  Resolves #2002576
+- Red Hat Bugzilla #1604462 - jss: FTBFS in Fedora rawhide
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.0.0-0.3.alpha1
+* Thu Jul 05 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rebased to JSS 4.5.0-a3
  Related: rhbz#1991688
-* Mon Aug  2 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.2
+* Fri Jun 22 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.2
- Drop javadoc package
+- Rebased to JSS 4.5.0-a2
-* Fri Jun 25 2021 Red Hat PKI Team <rhcs-maint@redhat.com> - 5.0.0-0.1
+* Fri Jun 15 2018 Red Hat PKI Team <rhcs-maint@redhat.com> 4.5.0-0.1
- Rebase to JSS 5.0.0-alpha1
+- Rebased to JSS 4.5.0-a1
`@ -1 +1 @@`
	`SOURCES/jss-5.4.1.tar.gz`	`SOURCES/jss-4.9.4.tar.gz`
`@ -1 +1 @@`
	`e5418bf90626b135ab43e0caefa04c4b1c6763fa SOURCES/jss-5.4.1.tar.gz`	`b99d8fd7a9296f7cf480ca92a097dcf18c41eb53 SOURCES/jss-4.9.4.tar.gz`