From 728c7e948202c7d34fbf5d4ee78994c76bcabc8a Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Tue, 30 Apr 2024 16:09:04 +0000
Subject: [PATCH] import UBI dotnet6.0-6.0.129-2.el9_4

---
 .dotnet6.0.metadata                |  2 +-
 SOURCES/runtime-openssl-sha1.patch | 34 -------------------------
 SPECS/dotnet6.0.spec               | 40 +++++++++---------------------
 3 files changed, 13 insertions(+), 63 deletions(-)
 delete mode 100644 SOURCES/runtime-openssl-sha1.patch

diff --git a/.dotnet6.0.metadata b/.dotnet6.0.metadata
index 156e870..d4ab078 100644
--- a/.dotnet6.0.metadata
+++ b/.dotnet6.0.metadata
@@ -1 +1 @@
-c7a7b8fdb6f58198a88ac194e8d6ce69d0a81d36 SOURCES/dotnet-v6.0.129.tar.gz
+50c5c031356e8cc4f362aecdfe819bfcf9581c2a SOURCES/dotnet-v6.0.129.tar.gz
diff --git a/SOURCES/runtime-openssl-sha1.patch b/SOURCES/runtime-openssl-sha1.patch
deleted file mode 100644
index 98f48d7..0000000
--- a/SOURCES/runtime-openssl-sha1.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
-From: Tom Deseyn <tom.deseyn@gmail.com>
-Date: Wed, 28 Feb 2024 14:08:15 +0100
-Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
-
-RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
-validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
-with a chain where the last certificate uses a SHA-1 signature.
-
-This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
-OpenSSL behavior for certificate validation.
----
- .../libs/System.Security.Cryptography.Native/pal_x509.c      | 5 -----
- 1 file changed, 5 deletions(-)
-
-diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
-index 04c6ba06cd..2cd3413dae 100644
---- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
-+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
-@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
- {
-     int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
- 
--    if (val != 0)
--    {
--        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
--    }
--
-     return val;
- }
- 
--- 
-2.43.2
-
diff --git a/SPECS/dotnet6.0.spec b/SPECS/dotnet6.0.spec
index b01b02e..0cd89bc 100644
--- a/SPECS/dotnet6.0.spec
+++ b/SPECS/dotnet6.0.spec
@@ -60,7 +60,7 @@
 
 Name:           dotnet6.0
 Version:        %{sdk_rpm_version}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        .NET Runtime and SDK
 License:        MIT and ASL 2.0 and BSD and LGPLv2+ and CC-BY and CC0 and MS-PL and EPL-1.0 and GPL+ and GPLv2 and ISC and OFL and zlib
 URL:            https://github.com/dotnet/
@@ -86,15 +86,8 @@ Source11:       dotnet.sh.in
 Patch100:       runtime-arm64-lld-fix.patch
 # Mono still has a dependency on (now unbuildable) ILStrip which was removed from CoreCLR: https://github.com/dotnet/runtime/pull/60315
 Patch101:       runtime-mono-remove-ilstrip.patch
-# https://github.com/dotnet/runtime/pull/95218#issuecomment-1842799422
+# https://github.com/dotnet/runtime/pull/95217#issuecomment-1842799362
 Patch102:       runtime-re-enable-implicit-rejection.patch
-# We disable checking the signature of the last certificate in a chain
-# if the certificate is supposedly self-signed. A side effect of not
-# checking the self-signature of such a certificate is that disabled
-# or unsupported message digests used for the signature are not
-# treated as fatal errors. https://issues.redhat.com/browse/RHEL-25254
-Patch103:       runtime-openssl-sha1.patch
-
 
 # Disable apphost, needed for s390x
 Patch500:       fsharp-no-apphost.patch
@@ -385,7 +378,6 @@ pushd src/runtime
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
-%patch103 -p1
 popd
 
 pushd src/fsharp
@@ -620,33 +612,25 @@ rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
 
 
 %changelog
-* Tue Apr 02 2024 Omair Majid <omajid@redhat.com> - 6.0.129-1
+* Tue Apr 09 2024 Omair Majid <omajid@redhat.com> - 6.0.129-2
 - Update to .NET SDK 6.0.129 and Runtime 6.0.29
-- Resolves: RHEL-31197
+- Resolves: RHEL-31198
 
-* Wed Mar 06 2024 Tom Deseyn <tom.deseyn@gmail.com> - 6.0.128-2
-- We disable checking the signature of the last certificate in a chain
-  if the certificate is supposedly self-signed. A side effect of not
-  checking the self-signature of such a certificate is that disabled
-  or unsupported message digests used for the signature are not
-  treated as fatal errors.
-- Resolves: RHEL-28359
-
-* Thu Feb 29 2024 Omair Majid <omajid@redhat.com> - 6.0.128-1
+* Tue Mar 19 2024 Omair Majid <omajid@redhat.com> - 6.0.128-2
 - Update to .NET SDK 6.0.128 and Runtime 6.0.28
-- Resolves: RHEL-27540
+- Resolves: RHEL-27541
 
-* Thu Feb 01 2024 Omair Majid <omajid@redhat.com> - 6.0.127-1
+* Wed Feb 14 2024 Omair Majid <omajid@redhat.com> - 6.0.127-2
 - Update to .NET SDK 6.0.127 and Runtime 6.0.27
-- Resolves: RHEL-23787
+- Resolves: RHEL-23785
 
-* Wed Dec 20 2023 Omair Majid <omajid@redhat.com> - 6.0.126-1
+* Mon Jan 15 2024 Omair Majid <omajid@redhat.com> - 6.0.126-2
 - Update to .NET SDK 6.0.126 and Runtime 6.0.26
-- Resolves: RHEL-19807
+- Resolves: RHEL-19801
 
-* Thu Nov 02 2023 Omair Majid <omajid@redhat.com> - 6.0.125-1
+* Mon Dec 11 2023 Omair Majid <omajid@redhat.com> - 6.0.125-2
 - Update to .NET SDK 6.0.125 and Runtime 6.0.25
-- Resolves: RHEL-15359
+- Resolves: RHEL-15349
 
 * Tue Oct 24 2023 Omair Majid <omajid@redhat.com> - 6.0.124-2
 - Update to .NET SDK 6.0.124 and Runtime 6.0.24