diff --git a/0001-Fix-NativeProxy-reference-tracker.patch b/0001-Fix-NativeProxy-reference-tracker.patch deleted file mode 100644 index 529b576..0000000 --- a/0001-Fix-NativeProxy-reference-tracker.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 91514ca0a2979ba778d27220ced0cd312e2cd2d2 Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Tue, 29 Oct 2019 10:43:56 -0400 -Subject: [PATCH] Fix NativeProxy reference tracker - -In eb5df01003d74b57473eacb84e538d31f5bb06ca, I introduced a bug by -setting mPointer after trying to add NativeProxy to the registry. In -most instances this won't matter, however, if another instance exists in -the HashSet with the same hash value, the equals comparator will be -used, triggering a NPE. - -Signed-off-by: Alexander Scheel ---- - org/mozilla/jss/util/NativeProxy.java | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/org/mozilla/jss/util/NativeProxy.java b/org/mozilla/jss/util/NativeProxy.java -index 1c6d1aa5..a0811f76 100644 ---- a/org/mozilla/jss/util/NativeProxy.java -+++ b/org/mozilla/jss/util/NativeProxy.java -@@ -40,8 +40,8 @@ public abstract class NativeProxy implements AutoCloseable - */ - public NativeProxy(byte[] pointer) { - assert(pointer!=null); -- registry.add(this); - mPointer = pointer; -+ registry.add(this); - - if (saveStacktraces) { - mTrace = Arrays.toString(Thread.currentThread().getStackTrace()); -@@ -61,15 +61,12 @@ public abstract class NativeProxy implements AutoCloseable - if( ! (obj instanceof NativeProxy) ) { - return false; - } -- if( ((NativeProxy)obj).mPointer.length != mPointer.length) { -+ if (((NativeProxy)obj).mPointer == null) { -+ /* If mPointer is null, we have no way to compare the values -+ * of the pointers, so assume they're unequal. */ - return false; - } -- for(int i=0; i < mPointer.length; i++) { -- if(mPointer[i] != ((NativeProxy)obj).mPointer[i]) { -- return false; -- } -- } -- return true; -+ return Arrays.equals(((NativeProxy)obj).mPointer, mPointer); - } - - /** --- -2.21.0 - diff --git a/Move-from-_NETSCAPE_-to-_NSS_-PKCS#11-constants.patch b/Move-from-_NETSCAPE_-to-_NSS_-PKCS#11-constants.patch deleted file mode 100644 index 7901450..0000000 --- a/Move-from-_NETSCAPE_-to-_NSS_-PKCS#11-constants.patch +++ /dev/null @@ -1,43 +0,0 @@ -From dd9fc06b9ba487cf982c8dbfd73c616754dbac0d Mon Sep 17 00:00:00 2001 -From: Alexander Scheel -Date: Tue, 7 Apr 2020 11:28:24 -0400 -Subject: [PATCH] Move from _NETSCAPE_ to _NSS_ PKCS#11 constants - -In NSS v3.52, support is coming for PKCS#11 v3.0. This deprecates the -_NETSCAPE_ namespace for PKCS#11 constants in favor of _NSS_. The few -remaining _NETSCAPE_ constants will be moved to _NSS_. We only use one, -CKM_NETSCAPE_PBE_SHA1_DES_CBC. Add an #ifdef for compatibility with the -new preferred name. - -See also: moz-bz#1603628 - -Signed-off-by: Alexander Scheel ---- - org/mozilla/jss/pkcs11/PK11SymKey.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/org/mozilla/jss/pkcs11/PK11SymKey.c b/org/mozilla/jss/pkcs11/PK11SymKey.c -index 8eaf9b77e..60a37c45b 100644 ---- a/org/mozilla/jss/pkcs11/PK11SymKey.c -+++ b/org/mozilla/jss/pkcs11/PK11SymKey.c -@@ -14,6 +14,11 @@ - #include - #include "pk11util.h" - -+/* For PKCS#11 v3.0 compatibility */ -+#ifndef CKM_NSS_PBE_SHA1_DES_CBC -+#define CKM_NSS_PBE_SHA1_DES_CBC (CKM_NETSCAPE_PBE_SHA1_DES_CBC) -+#endif -+ - /*********************************************************************** - * - * J S S _ P K 1 1 _ w r a p S y m K e y -@@ -262,7 +267,7 @@ Java_org_mozilla_jss_pkcs11_PK11SymKey_getKeyType - /* PBE mechanisms have to be handled by hand */ - case CKM_PBE_MD2_DES_CBC: - case CKM_PBE_MD5_DES_CBC: -- case CKM_NETSCAPE_PBE_SHA1_DES_CBC: -+ case CKM_NSS_PBE_SHA1_DES_CBC: - typeFieldName = DES_KEYTYPE_FIELD; - break; - case CKM_PBE_SHA1_RC4_128: diff --git a/jss-4.6.2.tar.gz b/jss-4.6.2.tar.gz deleted file mode 100644 index 7da0738..0000000 Binary files a/jss-4.6.2.tar.gz and /dev/null differ diff --git a/jss-4.9.3.tar.gz b/jss-4.9.3.tar.gz new file mode 100644 index 0000000..4b18ce2 Binary files /dev/null and b/jss-4.9.3.tar.gz differ diff --git a/jss.spec b/jss.spec index 2d342c5..1d99ecf 100644 --- a/jss.spec +++ b/jss.spec @@ -2,20 +2,19 @@ Name: jss Summary: Java Security Services URL: http://www.dogtagpki.org/wiki/JSS License: MPLv1.1 or GPLv2+ or LGPLv2+ -Version: 4.6.2 -Release: 4 +Version: 4.9.3 +Release: 1 Source: https://github.com/dogtagpki/jss/archive/v%{version}/jss-%{version}.tar.gz -Patch0001: 0001-Fix-NativeProxy-reference-tracker.patch -Patch0002: Move-from-_NETSCAPE_-to-_NSS_-PKCS#11-constants.patch -BuildRequires: git make cmake gcc-c++ nspr-devel >= 4.13.1 nss-devel >= 3.30 nss-tools >= 3.30 java-devel +BuildRequires: make cmake gcc-c++ nspr-devel >= 4.13.1 nss-devel >= 3.44 nss-tools >= 3.44 java-devel BuildRequires: jpackage-utils slf4j glassfish-jaxb-api slf4j-jdk14 apache-commons-lang apache-commons-codec -BuildRequires: junit +BuildRequires: junit apache-commons-lang3 -Requires: nss >= 3.30 java-headless jpackage-utils slf4j glassfish-jaxb-api +Requires: nss >= 3.44 java-headless jpackage-utils slf4j glassfish-jaxb-api Requires: slf4j-jdk14 apache-commons-lang apache-commons-codec +Requires: apache-commons-lang3 -Conflicts: ldapjdk < 4.20 idm-console-framework < 1.2 tomcatjss < 7.3.4 pki-base < 10.6.5 +Conflicts: ldapjdk < 4.20 idm-console-framework < 1.2 tomcatjss < 7.6.0 pki-base < 10.10.0 %description JSS offers a implementation for java-based applications to use native NSS. @@ -29,7 +28,7 @@ Obsoletes: jss-javadoc < %{version}-%{release} API documentation for JSS. %prep -%autosetup -n jss-%{version} -p 1 -S git +%autosetup -n jss-%{version} -p 1 %build @@ -79,6 +78,9 @@ cp -rp build/docs/* jss.html *.txt $RPM_BUILD_ROOT%{_javadocdir}/jss-%{version} %{_javadocdir}/jss-%{version}/ %changelog +* Mon Feb 19 2024 yaoxin - 4.9.3-1 +- Upgrade to 4.9.3 for fix CVE-2021-4213 + * Wed Aug 05 2020 lingsheng - 4.6.2-4 - Fix build with nss 3.54