import UBI dotnet6.0-6.0.130-1.el8_10

.dotnet6.0.metadata

@@ -1 +1 @@
-c712d8d1134e0af3a2730228ada9b6fffb79a569 SOURCES/dotnet-v6.0.114.tar.gz
+f925ab0f538614ababce5aa70b41b096c273d6c3 SOURCES/dotnet-v6.0.130.tar.gz

.gitignore

@@ -1 +1 @@
-SOURCES/dotnet-v6.0.114.tar.gz
+SOURCES/dotnet-v6.0.130.tar.gz

SOURCES/arcade-no-apphost.patch

@@ -1,15 +1,3 @@
-Index: a/src/Microsoft.DotNet.GitSync.CommitManager/Microsoft.DotNet.GitSync.CommitManager.csproj
-===================================================================
---- a/src/Microsoft.DotNet.GitSync.CommitManager/Microsoft.DotNet.GitSync.CommitManager.csproj
-+++ b/src/Microsoft.DotNet.GitSync.CommitManager/Microsoft.DotNet.GitSync.CommitManager.csproj
-@@ -5,6 +5,7 @@
-     <TargetFramework>netcoreapp3.1</TargetFramework>
-     <LangVersion>latest</LangVersion>
-     <ExcludeFromSourceBuild>true</ExcludeFromSourceBuild>
-+    <UseAppHost>false</UseAppHost>
-   </PropertyGroup>
- 
-   <ItemGroup>
 Index: a/src/Microsoft.DotNet.SwaggerGenerator/Microsoft.DotNet.SwaggerGenerator.CmdLine/Microsoft.DotNet.SwaggerGenerator.CmdLine.csproj
 ===================================================================
 --- a/src/Microsoft.DotNet.SwaggerGenerator/Microsoft.DotNet.SwaggerGenerator.CmdLine/Microsoft.DotNet.SwaggerGenerator.CmdLine.csproj

SOURCES/runtime-re-enable-implicit-rejection.patch

@@ -0,0 +1,142 @@
+From 076687f5f9e7e1fce24f33f498b4e03c4150108e Mon Sep 17 00:00:00 2001
+From: Omair Majid <omajid@redhat.com>
+Date: Fri, 2 Feb 2024 12:09:52 -0500
+Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95218)"
+
+This reverts commit e3500b8e8ad18e8bf067dc5250863b64bb8f0de0.
+
+To quote Clemens Lang:
+
+> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle
+> attack against PKCS#1v1.5 decryption. See
+> https://people.redhat.com/~hkario/marvin/ for details and
+> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a
+> comment by the researcher who published the vulnerability and proposed the
+> change in OpenSSL.
+
+For more details, see:
+https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
+---
+ .../RSA/EncryptDecrypt.cs                     | 49 ++++---------------
+ .../opensslshim.h                             |  6 ---
+ .../pal_evp_pkey_rsa.c                        | 13 -----
+ 3 files changed, 10 insertions(+), 58 deletions(-)
+
+diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+index 55a044d62a6..e72d42e87d2 100644
+--- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
++++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+@@ -338,10 +338,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
+             Assert.Equal(TestData.HelloBytes, output);
+         }
+ 
+-        [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))]
++        [ConditionalFact]
+         [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)]
+         public void RoundtripEmptyArray()
+         {
++            if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
++            {
++                throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data.");
++            }
++            if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
++            {
++                throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data.");
++            }
++
+             using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
+             {
+                 void RoundtripEmpty(RSAEncryptionPadding paddingMode)
+@@ -726,23 +715,5 @@ public static IEnumerable<object[]> OaepPaddingModes
+                 }
+             }
+         }
+-
+-        public static bool PlatformSupportsEmptyRSAEncryption
+-        {
+-            get
+-            {
+-                if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
+-                {
+-                    return false;
+-                }
+-
+-                if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
+-                {
+-                    return false;
+-                }
+-
+-                return true;
+-            }
+-        }
+     }
+ }
+diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h b/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
+index 050df1193ff..dad18ebd9a1 100644
+--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
++++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
+@@ -272,10 +272,8 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
+     REQUIRED_FUNCTION(ERR_peek_error) \
+     REQUIRED_FUNCTION(ERR_peek_error_line) \
+     REQUIRED_FUNCTION(ERR_peek_last_error) \
+-    REQUIRED_FUNCTION(ERR_pop_to_mark) \
+     FALLBACK_FUNCTION(ERR_put_error) \
+     REQUIRED_FUNCTION(ERR_reason_error_string) \
+-    REQUIRED_FUNCTION(ERR_set_mark) \
+     LIGHTUP_FUNCTION(ERR_set_debug) \
+     LIGHTUP_FUNCTION(ERR_set_error) \
+     REQUIRED_FUNCTION(EVP_aes_128_cbc) \
+@@ -330,7 +328,6 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
+     REQUIRED_FUNCTION(EVP_PKCS82PKEY) \
+     REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \
+-    REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \
+@@ -728,10 +725,8 @@ FOR_ALL_OPENSSL_FUNCTIONS
+ #define ERR_peek_error_line ERR_peek_error_line_ptr
+ #define ERR_peek_last_error ERR_peek_last_error_ptr
+ #define ERR_put_error ERR_put_error_ptr
+-#define ERR_pop_to_mark ERR_pop_to_mark_ptr
+ #define ERR_reason_error_string ERR_reason_error_string_ptr
+ #define ERR_set_debug ERR_set_debug_ptr
+-#define ERR_set_mark ERR_set_mark_ptr
+ #define ERR_set_error ERR_set_error_ptr
+ #define EVP_aes_128_cbc EVP_aes_128_cbc_ptr
+ #define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr
+@@ -785,7 +780,6 @@ FOR_ALL_OPENSSL_FUNCTIONS
+ #define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr
+ #define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr
+ #define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr
+-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr
+ #define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr
+ #define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr
+ #define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr
+diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+index c3e491a868f..36924abb505 100644
+--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
++++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+@@ -63,19 +63,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const
+         {
+             return false;
+         }
+-
+-        // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding.
+-        // If the padding is invalid, the decryption operation returns random data.
+-        // See https://github.com/openssl/openssl/pull/13817 for background.
+-        // Some Linux distributions backported this change to previous versions of OpenSSL.
+-        // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid.
+-        ERR_set_mark();
+-
+-        EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0");
+-
+-        // Undo any changes to the error queue that may have occured while configuring implicit rejection if the
+-        // current version does not support implicit rejection.
+-        ERR_pop_to_mark();
+     }
+     else
+     {
+-- 
+2.43.0
+

SPECS/dotnet6.0.spec

@@ -1,4 +1,5 @@
-%bcond_with bootstrap
+# CentOS Koji doesn't understand %%bootstrap
+%bcond_with bootstrap_dotnet
 
 # Avoid provides/requires from private libraries
 %global privlibs             libhostfxr
@@ -20,10 +21,10 @@
 # until that's done, disable LTO.  This has to happen before setting the flags below.
 %define _lto_cflags %{nil}
 
-%global host_version 6.0.14
-%global runtime_version 6.0.14
+%global host_version 6.0.30
+%global runtime_version 6.0.30
 %global aspnetcore_runtime_version %{runtime_version}
-%global sdk_version 6.0.114
+%global sdk_version 6.0.130
 %global sdk_feature_band_version %(echo %{sdk_version} | sed -e 's|[[:digit:]][[:digit:]]$|00|')
 %global templates_version %{runtime_version}
 #%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
@@ -65,14 +66,15 @@ Summary:        .NET Runtime and SDK
 License:        MIT and ASL 2.0 and BSD and LGPLv2+ and CC-BY and CC0 and MS-PL and EPL-1.0 and GPL+ and GPLv2 and ISC and OFL and zlib
 URL:            https://github.com/dotnet/
 
-%if %{with bootstrap}
+%if %{with bootstrap_dotnet}
+%global bootstrap_sdk_version 6.0.120
 # The source is generated on a RHEL box via:
 # ./build-dotnet-tarball --bootstrap %%{upstream_tag}
 Source0:        dotnet-%{upstream_tag}-x64-bootstrap.tar.xz
 # Generated via ./build-arm64-bootstrap-tarball
-Source1:        dotnet-arm64-prebuilts-2021-10-29.tar.gz
+Source1:        dotnet-prebuilts-%{bootstrap_sdk_version}-arm64.tar.gz
 # Generated manually, same pattern as the arm64 tarball
-Source2:        dotnet-s390x-prebuilts-2021-10-29.tar.gz
+Source2:        dotnet-prebuilts-%{bootstrap_sdk_version}-s390x.tar.gz
 %else
 # The source is generated on a RHEL box via:
 # ./build-dotnet-tarball %%{upstream_tag}
@@ -85,8 +87,10 @@ Source11:       dotnet.sh.in
 
 # Fix using lld on RHEL
 Patch100:       runtime-arm64-lld-fix.patch
-#  Mono still has a dependency on (now unbuildable) ILStrip which was removed from CoreCLR: https://github.com/dotnet/runtime/pull/60315
+# Mono still has a dependency on (now unbuildable) ILStrip which was removed from CoreCLR: https://github.com/dotnet/runtime/pull/60315
 Patch101:       runtime-mono-remove-ilstrip.patch
+# https://github.com/dotnet/runtime/pull/95217#issuecomment-1842799362
+Patch102:       runtime-re-enable-implicit-rejection.patch
 
 # Disable apphost, needed for s390x
 Patch500:       fsharp-no-apphost.patch
@@ -122,7 +126,7 @@ ExclusiveArch:  x86_64
 BuildRequires:  clang
 BuildRequires:  cmake
 BuildRequires:  coreutils
-%if %{without bootstrap}
+%if %{without bootstrap_dotnet}
 BuildRequires:  dotnet-sdk-6.0
 BuildRequires:  dotnet-sdk-6.0-source-built-artifacts
 %endif
@@ -348,7 +352,7 @@ These are not meant for general use.
 
 
 %prep
-%if %{without bootstrap}
+%if %{without bootstrap_dotnet}
 %setup -q -n dotnet-%{upstream_tag}
 %else
 
@@ -368,11 +372,28 @@ tar xf packages/prebuilt/dotnet-sdk*.tar.gz -C .dotnet/
 rm packages/prebuilt/dotnet-sdk*.tar.gz
 boot_sdk_version=$(ls -1 .dotnet/sdk/)
 sed -i -E 's|"dotnet": "[^"]+"|"dotnet" : "'$boot_sdk_version'"|' global.json
+
+%ifarch ppc64le s390x
+ilasm_version=$(ls packages/prebuilt| grep -i ilasm | tr 'A-Z' 'a-z' | sed -E 's|runtime.linux-'%{runtime_arch}'.microsoft.netcore.ilasm.||' | sed -E 's|.nupkg$||')
+echo $ilasm_version
+
+mkdir -p packages-customized-local
+pushd packages-customized-local
+tar xf ../packages/archive/Private.SourceBuilt.Artifacts.*.tar.gz
+sed -i -E 's|<MicrosoftNETCoreILAsmVersion>[^<]+</MicrosoftNETCoreILAsmVersion>|<MicrosoftNETCoreILAsmVersion>'$ilasm_version'</MicrosoftNETCoreILAsmVersion>|' PackageVersions.props
+sed -i -E 's|<MicrosoftNETCoreILAsmPackageVersion>[^<]+</MicrosoftNETCoreILAsmPackageVersion>|<MicrosoftNETCoreILAsmPackageVersion>'$ilasm_version'</MicrosoftNETCoreILAsmPackageVersion>|' PackageVersions.props
+sed -i -E 's|<MicrosoftNETCoreILDAsmVersion>[^<]+</MicrosoftNETCoreILDAsmVersion>|<MicrosoftNETCoreILDAsmVersion>'$ilasm_version'</MicrosoftNETCoreILDAsmVersion>|' PackageVersions.props
+sed -i -E 's|<MicrosoftNETCoreILDAsmPackageVersion>[^<]+</MicrosoftNETCoreILDAsmPackageVersion>|<MicrosoftNETCoreILDAsmPackageVersion>'$ilasm_version'</MicrosoftNETCoreILDAsmPackageVersion>|' PackageVersions.props
+tar czf ../packages/archive/Private.SourceBuilt.Artifacts.*.tar.gz *
+popd
+
+%endif
+
 %endif
 
 %endif
 
-%if %{without bootstrap}
+%if %{without bootstrap_dotnet}
 # Remove all prebuilts
 find -iname '*.dll' -type f -delete
 find -iname '*.so' -type f -delete
@@ -393,6 +414,7 @@ sed -i 's|/usr/share/dotnet|%{_libdir}/dotnet|' src/runtime/src/native/corehost/
 pushd src/runtime
 %patch100 -p1
 %patch101 -p1
+%patch102 -p1
 popd
 
 pushd src/fsharp
@@ -438,7 +460,7 @@ sed -i -E 's|( /p:BuildDebPackage=false)|\1 --cmakeargs -DCLR_CMAKE_USE_SYSTEM_L
 %build
 cat /etc/os-release
 
-%if %{without bootstrap}
+%if %{without bootstrap_dotnet}
 # We need to create a copy because we will mutate this
 cp -a %{_libdir}/dotnet previously-built-dotnet
 %endif
@@ -479,8 +501,8 @@ export EXTRA_CFLAGS="$CFLAGS"
 export EXTRA_CXXFLAGS="$CXXFLAGS"
 export EXTRA_LDFLAGS="$LDFLAGS"
 
-CheckEolTargetFramework=false VERBOSE=1 ./build.sh \
-%if %{without bootstrap}
+VERBOSE=1 ./build.sh \
+%if %{without bootstrap_dotnet}
     --with-sdk previously-built-dotnet \
 %endif
     -- \
@@ -579,6 +601,7 @@ rm %{buildroot}%{_libdir}/dotnet/dotnet
 # Provided by netstandard-targeting-pack-2.1 from another SRPM
 rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
 
+
 %files -n dotnet-hostfxr-6.0
 %dir %{_libdir}/dotnet/host/fxr
 %{_libdir}/dotnet/host/fxr/%{host_version}
@@ -611,29 +634,81 @@ rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
 
 
 %changelog
-* Thu Feb 02 2023 Omair Majid <omajid@redhat.com> - 6.0.114-1
+* Mon May 06 2024 Omair Majid <omajid@redhat.com> - 6.0.130-1
+- Update to .NET SDK 6.0.130 and Runtime 6.0.30
+- Resolves: RHEL-35309
+
+* Tue Apr 09 2024 Omair Majid <omajid@redhat.com> - 6.0.129-2
+- Update to .NET SDK 6.0.129 and Runtime 6.0.29
+- Resolves: RHEL-31194
+
+* Tue Mar 19 2024 Omair Majid <omajid@redhat.com> - 6.0.128-2
+- Update to .NET SDK 6.0.128 and Runtime 6.0.28
+- Resolves: RHEL-27539
+
+* Wed Feb 14 2024 Omair Majid <omajid@redhat.com> - 6.0.127-2
+- Update to .NET SDK 6.0.127 and Runtime 6.0.27
+- Resolves: RHEL-23784
+
+* Mon Jan 15 2024 Omair Majid <omajid@redhat.com> - 6.0.126-2
+- Update to .NET SDK 6.0.126 and Runtime 6.0.26
+- Resolves: RHEL-19798
+
+* Mon Dec 11 2023 Omair Majid <omajid@redhat.com> - 6.0.125-2
+- Update to .NET SDK 6.0.125 and Runtime 6.0.25
+- Resolves: RHEL-15348
+
+* Tue Oct 24 2023 Omair Majid <omajid@redhat.com> - 6.0.124-2
+- Update to .NET SDK 6.0.124 and Runtime 6.0.24
+- Resolves: RHEL-14466
+
+* Mon Oct 16 2023 Omair Majid <omajid@redhat.com> - 6.0.123-2
+- Update to .NET SDK 6.0.123 and Runtime 6.0.23
+- Resolves: RHEL-11696
+
+* Tue Sep 12 2023 Omair Majid <omajid@redhat.com> - 6.0.122-2
+- Update to .NET SDK 6.0.122 and Runtime 6.0.22
+- Resolves: RHEL-1996
+
+* Thu Aug 24 2023 Omair Majid <omajid@redhat.com> - 6.0.121-4
+- Disable bootstrap
+- Related: RHBZ#2228566
+
+* Wed Aug 23 2023 Omair Majid <omajid@redhat.com> - 6.0.121-3
+- Rebootstrap
+- Related: RHBZ#2228566
+
+* Wed Aug 09 2023 Omair Majid <omajid@redhat.com> - 6.0.121-2
+- Update to .NET SDK 6.0.121 and Runtime 6.0.21
+- Resolves: RHBZ#2228566
+
+* Tue Jul 11 2023 Omair Majid <omajid@redhat.com> - 6.0.120-2
+- Update to .NET SDK 6.0.120 and Runtime 6.0.20
+- Resolves: RHBZ#2219636
+
+* Thu Jul 06 2023 Omair Majid <omajid@redhat.com> - 6.0.119-2
+- Update to .NET SDK 6.0.119 and Runtime 6.0.19
+- Resolves: RHBZ#2216218
+
+* Thu Feb 16 2023 Omair Majid <omajid@redhat.com> - 6.0.114-2
 - Update to .NET SDK 6.0.114 and Runtime 6.0.14
-- Resolves: RHBZ#2166769
+- Resolves: RHBZ#2166765
 
-* Mon Dec 19 2022 Omair Majid <omajid@redhat.com> - 6.0.113-1
+* Wed Jan 11 2023 Omair Majid <omajid@redhat.com> - 6.0.113-2
 - Update to .NET SDK 6.0.113 and Runtime 6.0.13
-- Resolves: RHBZ#2154458
+- Resolves: RHBZ#2154456
 
-* Thu Dec 01 2022 Omair Majid <omajid@redhat.com> - 6.0.112-1
+* Wed Dec 14 2022 Omair Majid <omajid@redhat.com> - 6.0.112-2
 - Update to .NET SDK 6.0.112 and Runtime 6.0.12
-- Resolves: RHBZ#2150147
+- Resolves: RHBZ#2150145
 
-* Wed Nov 02 2022 Omair Majid <omajid@redhat.com> - 6.0.111-1
+* Fri Nov 18 2022 Omair Majid <omajid@redhat.com> - 6.0.111-3
+- Disable subpackages provided by another SRPM
+- Related: RHBZ#2138275
+
+* Wed Nov 16 2022 Omair Majid <omajid@redhat.com> - 6.0.111-2
 - Update to .NET SDK 6.0.111 and Runtime 6.0.11
-- Resolves: RHBZ#2138277
-
-* Sat Sep 17 2022 Omair Majid <omajid@redhat.com> - 6.0.109-3
-- Remove subpackages that are now provided by other packages
-- Related: RHBZ#2123787
-
-* Wed Sep 14 2022 Omair Majid <omajid@redhat.com> - 6.0.109-2
-- Update to .NET SDK 6.0.109 and Runtime 6.0.9
-- Resolves: RHBZ#2123787
+- Resolves: RHBZ#2138275
 
 * Tue Aug 09 2022 Omair Majid <omajid@redhat.com> - 6.0.108-1
 - Update to .NET SDK 6.0.108 and Runtime 6.0.8