import UBI dotnet6.0-6.0.128-2.el9_3

This commit is contained in:
eabdullin 2024-03-12 21:19:38 +00:00
parent fd5a41120a
commit cb1dfbe298
4 changed files with 60 additions and 6 deletions

View File

@ -1 +1 @@
722442f6afac60d4d6dce2c43752717a4d396d84 SOURCES/dotnet-v6.0.127.tar.gz c649ed6290120976258e02ab5bab39e37f565b86 SOURCES/dotnet-v6.0.128.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/dotnet-v6.0.127.tar.gz SOURCES/dotnet-v6.0.128.tar.gz

View File

@ -0,0 +1,34 @@
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Wed, 28 Feb 2024 14:08:15 +0100
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
with a chain where the last certificate uses a SHA-1 signature.
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
OpenSSL behavior for certificate validation.
---
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
index 04c6ba06cd..2cd3413dae 100644
--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_x509.c
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
{
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
- if (val != 0)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
- }
-
return val;
}
--
2.43.2

View File

@ -20,10 +20,10 @@
# until that's done, disable LTO. This has to happen before setting the flags below. # until that's done, disable LTO. This has to happen before setting the flags below.
%define _lto_cflags %{nil} %define _lto_cflags %{nil}
%global host_version 6.0.27 %global host_version 6.0.28
%global runtime_version 6.0.27 %global runtime_version 6.0.28
%global aspnetcore_runtime_version %{runtime_version} %global aspnetcore_runtime_version %{runtime_version}
%global sdk_version 6.0.127 %global sdk_version 6.0.128
%global sdk_feature_band_version %(echo %{sdk_version} | sed -e 's|[[:digit:]][[:digit:]]$|00|') %global sdk_feature_band_version %(echo %{sdk_version} | sed -e 's|[[:digit:]][[:digit:]]$|00|')
%global templates_version %{runtime_version} %global templates_version %{runtime_version}
#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }') #%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
@ -60,7 +60,7 @@
Name: dotnet6.0 Name: dotnet6.0
Version: %{sdk_rpm_version} Version: %{sdk_rpm_version}
Release: 1%{?dist} Release: 2%{?dist}
Summary: .NET Runtime and SDK Summary: .NET Runtime and SDK
License: MIT and ASL 2.0 and BSD and LGPLv2+ and CC-BY and CC0 and MS-PL and EPL-1.0 and GPL+ and GPLv2 and ISC and OFL and zlib License: MIT and ASL 2.0 and BSD and LGPLv2+ and CC-BY and CC0 and MS-PL and EPL-1.0 and GPL+ and GPLv2 and ISC and OFL and zlib
URL: https://github.com/dotnet/ URL: https://github.com/dotnet/
@ -88,6 +88,13 @@ Patch100: runtime-arm64-lld-fix.patch
Patch101: runtime-mono-remove-ilstrip.patch Patch101: runtime-mono-remove-ilstrip.patch
# https://github.com/dotnet/runtime/pull/95218#issuecomment-1842799422 # https://github.com/dotnet/runtime/pull/95218#issuecomment-1842799422
Patch102: runtime-re-enable-implicit-rejection.patch Patch102: runtime-re-enable-implicit-rejection.patch
# We disable checking the signature of the last certificate in a chain
# if the certificate is supposedly self-signed. A side effect of not
# checking the self-signature of such a certificate is that disabled
# or unsupported message digests used for the signature are not
# treated as fatal errors. https://issues.redhat.com/browse/RHEL-25254
Patch103: runtime-openssl-sha1.patch
# Disable apphost, needed for s390x # Disable apphost, needed for s390x
Patch500: fsharp-no-apphost.patch Patch500: fsharp-no-apphost.patch
@ -378,6 +385,7 @@ pushd src/runtime
%patch100 -p1 %patch100 -p1
%patch101 -p1 %patch101 -p1
%patch102 -p1 %patch102 -p1
%patch103 -p1
popd popd
pushd src/fsharp pushd src/fsharp
@ -612,6 +620,18 @@ rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
%changelog %changelog
* Wed Mar 06 2024 Tom Deseyn <tom.deseyn@gmail.com> - 6.0.128-2
- We disable checking the signature of the last certificate in a chain
if the certificate is supposedly self-signed. A side effect of not
checking the self-signature of such a certificate is that disabled
or unsupported message digests used for the signature are not
treated as fatal errors.
- Resolves: RHEL-28359
* Thu Feb 29 2024 Omair Majid <omajid@redhat.com> - 6.0.128-1
- Update to .NET SDK 6.0.128 and Runtime 6.0.28
- Resolves: RHEL-27540
* Thu Feb 01 2024 Omair Majid <omajid@redhat.com> - 6.0.127-1 * Thu Feb 01 2024 Omair Majid <omajid@redhat.com> - 6.0.127-1
- Update to .NET SDK 6.0.127 and Runtime 6.0.27 - Update to .NET SDK 6.0.127 and Runtime 6.0.27
- Resolves: RHEL-23787 - Resolves: RHEL-23787