diff --git a/.dotnet6.0.metadata b/.dotnet6.0.metadata
index 36b519d..6521720 100644
--- a/.dotnet6.0.metadata
+++ b/.dotnet6.0.metadata
@@ -1 +1 @@
-81198a6aab86269f1a3b418f8e7e112b3dceda3f SOURCES/dotnet-v6.0.114.tar.gz
+2ab042bd26f92c6d7608a790b43a284e8721463e SOURCES/dotnet-v6.0.133.tar.gz
diff --git a/.gitignore b/.gitignore
index 8260a5c..d5876d4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/dotnet-v6.0.114.tar.gz
+SOURCES/dotnet-v6.0.133.tar.gz
diff --git a/SOURCES/arcade-no-apphost.patch b/SOURCES/arcade-no-apphost.patch
index cec03a1..04507f9 100644
--- a/SOURCES/arcade-no-apphost.patch
+++ b/SOURCES/arcade-no-apphost.patch
@@ -1,15 +1,3 @@
-Index: a/src/Microsoft.DotNet.GitSync.CommitManager/Microsoft.DotNet.GitSync.CommitManager.csproj
-===================================================================
---- a/src/Microsoft.DotNet.GitSync.CommitManager/Microsoft.DotNet.GitSync.CommitManager.csproj
-+++ b/src/Microsoft.DotNet.GitSync.CommitManager/Microsoft.DotNet.GitSync.CommitManager.csproj
-@@ -5,6 +5,7 @@
- netcoreapp3.1
- latest
- true
-+ false
-
-
-
Index: a/src/Microsoft.DotNet.SwaggerGenerator/Microsoft.DotNet.SwaggerGenerator.CmdLine/Microsoft.DotNet.SwaggerGenerator.CmdLine.csproj
===================================================================
--- a/src/Microsoft.DotNet.SwaggerGenerator/Microsoft.DotNet.SwaggerGenerator.CmdLine/Microsoft.DotNet.SwaggerGenerator.CmdLine.csproj
diff --git a/SOURCES/runtime-re-enable-implicit-rejection.patch b/SOURCES/runtime-re-enable-implicit-rejection.patch
new file mode 100644
index 0000000..3e96a1e
--- /dev/null
+++ b/SOURCES/runtime-re-enable-implicit-rejection.patch
@@ -0,0 +1,142 @@
+From 076687f5f9e7e1fce24f33f498b4e03c4150108e Mon Sep 17 00:00:00 2001
+From: Omair Majid
+Date: Fri, 2 Feb 2024 12:09:52 -0500
+Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95218)"
+
+This reverts commit e3500b8e8ad18e8bf067dc5250863b64bb8f0de0.
+
+To quote Clemens Lang:
+
+> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle
+> attack against PKCS#1v1.5 decryption. See
+> https://people.redhat.com/~hkario/marvin/ for details and
+> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a
+> comment by the researcher who published the vulnerability and proposed the
+> change in OpenSSL.
+
+For more details, see:
+https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
+---
+ .../RSA/EncryptDecrypt.cs | 49 ++++---------------
+ .../opensslshim.h | 6 ---
+ .../pal_evp_pkey_rsa.c | 13 -----
+ 3 files changed, 10 insertions(+), 58 deletions(-)
+
+diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+index 55a044d62a6..e72d42e87d2 100644
+--- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
++++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+@@ -338,10 +338,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
+ Assert.Equal(TestData.HelloBytes, output);
+ }
+
+- [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))]
++ [ConditionalFact]
+ [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)]
+ public void RoundtripEmptyArray()
+ {
++ if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
++ {
++ throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data.");
++ }
++ if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
++ {
++ throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data.");
++ }
++
+ using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
+ {
+ void RoundtripEmpty(RSAEncryptionPadding paddingMode)
+@@ -726,23 +715,5 @@ public static IEnumerable OaepPaddingModes
+ }
+ }
+ }
+-
+- public static bool PlatformSupportsEmptyRSAEncryption
+- {
+- get
+- {
+- if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
+- {
+- return false;
+- }
+-
+- if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
+- {
+- return false;
+- }
+-
+- return true;
+- }
+- }
+ }
+ }
+diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
+index 050df1193ff..dad18ebd9a1 100644
+--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
++++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
+@@ -272,10 +272,8 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
+ REQUIRED_FUNCTION(ERR_peek_error) \
+ REQUIRED_FUNCTION(ERR_peek_error_line) \
+ REQUIRED_FUNCTION(ERR_peek_last_error) \
+- REQUIRED_FUNCTION(ERR_pop_to_mark) \
+ FALLBACK_FUNCTION(ERR_put_error) \
+ REQUIRED_FUNCTION(ERR_reason_error_string) \
+- REQUIRED_FUNCTION(ERR_set_mark) \
+ LIGHTUP_FUNCTION(ERR_set_debug) \
+ LIGHTUP_FUNCTION(ERR_set_error) \
+ REQUIRED_FUNCTION(EVP_aes_128_cbc) \
+@@ -330,7 +328,6 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
+ REQUIRED_FUNCTION(EVP_PKCS82PKEY) \
+ REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \
+ REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \
+- REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \
+ REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \
+ REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \
+ REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \
+@@ -728,10 +725,8 @@ FOR_ALL_OPENSSL_FUNCTIONS
+ #define ERR_peek_error_line ERR_peek_error_line_ptr
+ #define ERR_peek_last_error ERR_peek_last_error_ptr
+ #define ERR_put_error ERR_put_error_ptr
+-#define ERR_pop_to_mark ERR_pop_to_mark_ptr
+ #define ERR_reason_error_string ERR_reason_error_string_ptr
+ #define ERR_set_debug ERR_set_debug_ptr
+-#define ERR_set_mark ERR_set_mark_ptr
+ #define ERR_set_error ERR_set_error_ptr
+ #define EVP_aes_128_cbc EVP_aes_128_cbc_ptr
+ #define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr
+@@ -785,7 +780,6 @@ FOR_ALL_OPENSSL_FUNCTIONS
+ #define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr
+ #define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr
+ #define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr
+-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr
+ #define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr
+ #define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr
+ #define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr
+diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+index c3e491a868f..36924abb505 100644
+--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
++++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+@@ -63,19 +63,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const
+ {
+ return false;
+ }
+-
+- // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding.
+- // If the padding is invalid, the decryption operation returns random data.
+- // See https://github.com/openssl/openssl/pull/13817 for background.
+- // Some Linux distributions backported this change to previous versions of OpenSSL.
+- // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid.
+- ERR_set_mark();
+-
+- EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0");
+-
+- // Undo any changes to the error queue that may have occured while configuring implicit rejection if the
+- // current version does not support implicit rejection.
+- ERR_pop_to_mark();
+ }
+ else
+ {
+--
+2.43.0
+
diff --git a/SPECS/dotnet6.0.spec b/SPECS/dotnet6.0.spec
index f6dfae8..ce9f608 100644
--- a/SPECS/dotnet6.0.spec
+++ b/SPECS/dotnet6.0.spec
@@ -20,10 +20,10 @@
# until that's done, disable LTO. This has to happen before setting the flags below.
%define _lto_cflags %{nil}
-%global host_version 6.0.14
-%global runtime_version 6.0.14
+%global host_version 6.0.33
+%global runtime_version 6.0.33
%global aspnetcore_runtime_version %{runtime_version}
-%global sdk_version 6.0.114
+%global sdk_version 6.0.133
%global sdk_feature_band_version %(echo %{sdk_version} | sed -e 's|[[:digit:]][[:digit:]]$|00|')
%global templates_version %{runtime_version}
#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
@@ -60,7 +60,7 @@
Name: dotnet6.0
Version: %{sdk_rpm_version}
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: .NET Runtime and SDK
License: MIT and ASL 2.0 and BSD and LGPLv2+ and CC-BY and CC0 and MS-PL and EPL-1.0 and GPL+ and GPLv2 and ISC and OFL and zlib
URL: https://github.com/dotnet/
@@ -86,6 +86,8 @@ Source11: dotnet.sh.in
Patch100: runtime-arm64-lld-fix.patch
# Mono still has a dependency on (now unbuildable) ILStrip which was removed from CoreCLR: https://github.com/dotnet/runtime/pull/60315
Patch101: runtime-mono-remove-ilstrip.patch
+# https://github.com/dotnet/runtime/pull/95217#issuecomment-1842799362
+Patch102: runtime-re-enable-implicit-rejection.patch
# Disable apphost, needed for s390x
Patch500: fsharp-no-apphost.patch
@@ -375,6 +377,7 @@ sed -i 's|/usr/share/dotnet|%{_libdir}/dotnet|' src/runtime/src/native/corehost/
pushd src/runtime
%patch100 -p1
%patch101 -p1
+%patch102 -p1
popd
pushd src/fsharp
@@ -609,17 +612,81 @@ rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
%changelog
-* Thu Feb 02 2023 Omair Majid - 6.0.114-1
+* Wed Aug 14 2024 Omair Majid - 6.0.133-2
+- Update to .NET SDK 6.0.133 and Runtime 6.0.33
+- Resolves: RHEL-52385
+
+* Tue Jul 09 2024 Omair Majid - 6.0.132-2
+- Update to .NET SDK 6.0.132 and Runtime 6.0.32
+- Resolves: RHEL-45320
+
+* Wed May 15 2024 Omair Majid - 6.0.130-2
+- Update to .NET SDK 6.0.130 and Runtime 6.0.30
+- Resolves: RHEL-35308
+
+* Tue Apr 09 2024 Omair Majid - 6.0.129-2
+- Update to .NET SDK 6.0.129 and Runtime 6.0.29
+- Resolves: RHEL-31198
+
+* Tue Mar 19 2024 Omair Majid - 6.0.128-2
+- Update to .NET SDK 6.0.128 and Runtime 6.0.28
+- Resolves: RHEL-27541
+
+* Wed Feb 14 2024 Omair Majid - 6.0.127-2
+- Update to .NET SDK 6.0.127 and Runtime 6.0.27
+- Resolves: RHEL-23785
+
+* Mon Jan 15 2024 Omair Majid - 6.0.126-2
+- Update to .NET SDK 6.0.126 and Runtime 6.0.26
+- Resolves: RHEL-19801
+
+* Mon Dec 11 2023 Omair Majid - 6.0.125-2
+- Update to .NET SDK 6.0.125 and Runtime 6.0.25
+- Resolves: RHEL-15349
+
+* Tue Oct 24 2023 Omair Majid - 6.0.124-2
+- Update to .NET SDK 6.0.124 and Runtime 6.0.24
+- Resolves: RHEL-14462
+
+* Mon Oct 16 2023 Omair Majid - 6.0.123-2
+- Update to .NET SDK 6.0.123 and Runtime 6.0.23
+- Resolves: RHEL-11689
+
+* Tue Sep 12 2023 Omair Majid - 6.0.122-2
+- Update to .NET SDK 6.0.122 and Runtime 6.0.22
+- Resolves: RHEL-1997
+
+* Wed Aug 09 2023 Omair Majid - 6.0.121-2
+- Update to .NET SDK 6.0.121 and Runtime 6.0.21
+- Resolves: RHBZ#2228567
+
+* Tue Jul 11 2023 Omair Majid - 6.0.120-2
+- Update to .NET SDK 6.0.120 and Runtime 6.0.20
+- Resolves: RHBZ#2219637
+
+* Tue Jun 13 2023 Andrew Slice - 6.0.118-2
+- Update to .NET SDK 6.0.118 and Runtime 6.0.18
+- Resolves: RHBZ#2211719
+
+* Wed Apr 12 2023 Omair Majid - 6.0.116-2
+- Update to .NET SDK 6.0.116 and Runtime 6.0.16
+- Resolves: RHBZ#2183582
+
+* Wed Mar 15 2023 Omair Majid - 6.0.115-2
+- Update to .NET SDK 6.0.115 and Runtime 6.0.15
+- Resolves: RHBZ#2174981
+
+* Thu Feb 16 2023 Omair Majid - 6.0.114-2
- Update to .NET SDK 6.0.114 and Runtime 6.0.14
-- Resolves: RHBZ#2166770
+- Resolves: RHBZ#2166767
-* Mon Dec 19 2022 Omair Majid - 6.0.113-1
+* Wed Jan 11 2023 Omair Majid - 6.0.113-2
- Update to .NET SDK 6.0.113 and Runtime 6.0.13
-- Resolves: RHBZ#2154459
+- Resolves: RHBZ#2154457
-* Fri Dec 02 2022 Omair Majid - 6.0.112-1
+* Wed Dec 14 2022 Omair Majid - 6.0.112-2
- Update to .NET SDK 6.0.112 and Runtime 6.0.12
-- Resolves: RHBZ#2150148
+- Resolves: RHBZ#2150146
* Wed Nov 09 2022 Omair Majid - 6.0.111-1
- Update to .NET SDK 6.0.111 and Runtime 6.0.11