From 728c7e948202c7d34fbf5d4ee78994c76bcabc8a Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 30 Apr 2024 16:09:04 +0000 Subject: [PATCH] import UBI dotnet6.0-6.0.129-2.el9_4 --- .dotnet6.0.metadata | 2 +- SOURCES/runtime-openssl-sha1.patch | 34 ------------------------- SPECS/dotnet6.0.spec | 40 +++++++++--------------------- 3 files changed, 13 insertions(+), 63 deletions(-) delete mode 100644 SOURCES/runtime-openssl-sha1.patch diff --git a/.dotnet6.0.metadata b/.dotnet6.0.metadata index 156e870..d4ab078 100644 --- a/.dotnet6.0.metadata +++ b/.dotnet6.0.metadata @@ -1 +1 @@ -c7a7b8fdb6f58198a88ac194e8d6ce69d0a81d36 SOURCES/dotnet-v6.0.129.tar.gz +50c5c031356e8cc4f362aecdfe819bfcf9581c2a SOURCES/dotnet-v6.0.129.tar.gz diff --git a/SOURCES/runtime-openssl-sha1.patch b/SOURCES/runtime-openssl-sha1.patch deleted file mode 100644 index 98f48d7..0000000 --- a/SOURCES/runtime-openssl-sha1.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001 -From: Tom Deseyn -Date: Wed, 28 Feb 2024 14:08:15 +0100 -Subject: [PATCH] Allow certificate validation with SHA-1 signatures. - -RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate -validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag -with a chain where the last certificate uses a SHA-1 signature. - -This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default -OpenSSL behavior for certificate validation. ---- - .../libs/System.Security.Cryptography.Native/pal_x509.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c -index 04c6ba06cd..2cd3413dae 100644 ---- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c -+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c -@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5 - { - int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore); - -- if (val != 0) -- { -- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE); -- } -- - return val; - } - --- -2.43.2 - diff --git a/SPECS/dotnet6.0.spec b/SPECS/dotnet6.0.spec index b01b02e..0cd89bc 100644 --- a/SPECS/dotnet6.0.spec +++ b/SPECS/dotnet6.0.spec @@ -60,7 +60,7 @@ Name: dotnet6.0 Version: %{sdk_rpm_version} -Release: 1%{?dist} +Release: 2%{?dist} Summary: .NET Runtime and SDK License: MIT and ASL 2.0 and BSD and LGPLv2+ and CC-BY and CC0 and MS-PL and EPL-1.0 and GPL+ and GPLv2 and ISC and OFL and zlib URL: https://github.com/dotnet/ @@ -86,15 +86,8 @@ Source11: dotnet.sh.in Patch100: runtime-arm64-lld-fix.patch # Mono still has a dependency on (now unbuildable) ILStrip which was removed from CoreCLR: https://github.com/dotnet/runtime/pull/60315 Patch101: runtime-mono-remove-ilstrip.patch -# https://github.com/dotnet/runtime/pull/95218#issuecomment-1842799422 +# https://github.com/dotnet/runtime/pull/95217#issuecomment-1842799362 Patch102: runtime-re-enable-implicit-rejection.patch -# We disable checking the signature of the last certificate in a chain -# if the certificate is supposedly self-signed. A side effect of not -# checking the self-signature of such a certificate is that disabled -# or unsupported message digests used for the signature are not -# treated as fatal errors. https://issues.redhat.com/browse/RHEL-25254 -Patch103: runtime-openssl-sha1.patch - # Disable apphost, needed for s390x Patch500: fsharp-no-apphost.patch @@ -385,7 +378,6 @@ pushd src/runtime %patch100 -p1 %patch101 -p1 %patch102 -p1 -%patch103 -p1 popd pushd src/fsharp @@ -620,33 +612,25 @@ rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0 %changelog -* Tue Apr 02 2024 Omair Majid - 6.0.129-1 +* Tue Apr 09 2024 Omair Majid - 6.0.129-2 - Update to .NET SDK 6.0.129 and Runtime 6.0.29 -- Resolves: RHEL-31197 +- Resolves: RHEL-31198 -* Wed Mar 06 2024 Tom Deseyn - 6.0.128-2 -- We disable checking the signature of the last certificate in a chain - if the certificate is supposedly self-signed. A side effect of not - checking the self-signature of such a certificate is that disabled - or unsupported message digests used for the signature are not - treated as fatal errors. -- Resolves: RHEL-28359 - -* Thu Feb 29 2024 Omair Majid - 6.0.128-1 +* Tue Mar 19 2024 Omair Majid - 6.0.128-2 - Update to .NET SDK 6.0.128 and Runtime 6.0.28 -- Resolves: RHEL-27540 +- Resolves: RHEL-27541 -* Thu Feb 01 2024 Omair Majid - 6.0.127-1 +* Wed Feb 14 2024 Omair Majid - 6.0.127-2 - Update to .NET SDK 6.0.127 and Runtime 6.0.27 -- Resolves: RHEL-23787 +- Resolves: RHEL-23785 -* Wed Dec 20 2023 Omair Majid - 6.0.126-1 +* Mon Jan 15 2024 Omair Majid - 6.0.126-2 - Update to .NET SDK 6.0.126 and Runtime 6.0.26 -- Resolves: RHEL-19807 +- Resolves: RHEL-19801 -* Thu Nov 02 2023 Omair Majid - 6.0.125-1 +* Mon Dec 11 2023 Omair Majid - 6.0.125-2 - Update to .NET SDK 6.0.125 and Runtime 6.0.25 -- Resolves: RHEL-15359 +- Resolves: RHEL-15349 * Tue Oct 24 2023 Omair Majid - 6.0.124-2 - Update to .NET SDK 6.0.124 and Runtime 6.0.24