From d4aec77a533cf51ae1a443c9f46e18fb6567c47c Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Thu, 11 Apr 2024 12:38:34 -0400 Subject: [PATCH] Update to .NET SDK 8.0.104 and Runtime 8.0.4 Resolves: RHEL-31208 --- .gitignore | 2 + dotnet-3673-rc2-version-mismatch.patch | 38 -- dotnet8.0.spec | 14 +- release.json | 11 +- runtime-92274-webcil-s390x.patch | 260 ------------- runtime-92920-multiple-ssl-dirs.patch | 416 --------------------- runtime-re-enable-implicit-rejection.patch | 4 +- sources | 4 +- 8 files changed, 21 insertions(+), 728 deletions(-) delete mode 100644 dotnet-3673-rc2-version-mismatch.patch delete mode 100644 runtime-92274-webcil-s390x.patch delete mode 100644 runtime-92920-multiple-ssl-dirs.patch diff --git a/.gitignore b/.gitignore index ff5c810..788a395 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,5 @@ /dotnet-v8.0.2.tar.gz /dotnet-8.0.3.tar.gz /dotnet-8.0.3.tar.gz.sig +/dotnet-8.0.4.tar.gz +/dotnet-8.0.4.tar.gz.sig diff --git a/dotnet-3673-rc2-version-mismatch.patch b/dotnet-3673-rc2-version-mismatch.patch deleted file mode 100644 index d277252..0000000 --- a/dotnet-3673-rc2-version-mismatch.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Matt Thalman -Date: Tue, 24 Oct 2023 16:20:26 -0500 -Subject: [PATCH] Use correct runtime package version - ---- - prereqs/git-info/AllRepoVersions.props | 2 +- - prereqs/git-info/runtime.props | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/prereqs/git-info/AllRepoVersions.props b/prereqs/git-info/AllRepoVersions.props -index 79a789e1cd..a3f3ccf094 100644 ---- a/prereqs/git-info/AllRepoVersions.props -+++ b/prereqs/git-info/AllRepoVersions.props -@@ -32,7 +32,7 @@ - bdd9c5ba66b00beebdc3516acc5e29b83efd89af - 4.8.0-3.23471.11 - 0b25e38ad32a69cd83ae246104b32449203cc71c -- 8.0.0-rc.2.23475.17 -+ 8.0.0-rc.2.23479.6 - 67e671f384bee6937630b52b02cc78e69b27e280 - 8.0.100-rc.2.23480.5 - 6dbf3aaa0fc9664df86462f5c70b99800934fccd -diff --git a/prereqs/git-info/runtime.props b/prereqs/git-info/runtime.props -index 546469c3a0..20c2bf8840 100644 ---- a/prereqs/git-info/runtime.props -+++ b/prereqs/git-info/runtime.props -@@ -2,8 +2,8 @@ - - - 0b25e38ad32a69cd83ae246104b32449203cc71c -- 20230925.17 -- 8.0.0-rc.2.23475.17 -+ 20230929.6 -+ 8.0.0-rc.2.23479.6 - rc.2 - false - diff --git a/dotnet8.0.spec b/dotnet8.0.spec index e4aaa88..26c65db 100644 --- a/dotnet8.0.spec +++ b/dotnet8.0.spec @@ -8,10 +8,10 @@ %global dotnetver 8.0 -%global host_version 8.0.3 -%global runtime_version 8.0.3 +%global host_version 8.0.4 +%global runtime_version 8.0.4 %global aspnetcore_runtime_version %{runtime_version} -%global sdk_version 8.0.103 +%global sdk_version 8.0.104 %global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|') %global templates_version %{runtime_version} #%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }') @@ -53,7 +53,7 @@ Name: dotnet%{dotnetver} Version: %{sdk_rpm_version} -Release: 3%{?dist} +Release: 2%{?dist} Summary: .NET Runtime and SDK License: 0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib @@ -413,7 +413,7 @@ if [[ ${release_json_tag} != %{upstream_tag} ]]; then fi %if %{without bootstrap} -%setup -q -c -n dotnet-%{upstream_tag_without_v} +%setup -q -n dotnet-%{upstream_tag_without_v} # Remove all prebuilts find -iname '*.dll' -type f -delete @@ -712,6 +712,10 @@ export COMPlus_LTTng=0 %changelog +* Tue Apr 09 2024 Omair Majid - 8.0.104-2 +- Update to .NET SDK 8.0.104 and Runtime 8.0.4 +- Resolves: RHEL-31208 + * Sun Mar 31 2024 Tom Deseyn - 8.0.103-3 - We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed. A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message diff --git a/release.json b/release.json index 16ac31c..9a63353 100644 --- a/release.json +++ b/release.json @@ -1,9 +1,10 @@ { - "release": "8.0.3", + "release": "8.0.4", "channel": "8.0", - "tag": "v8.0.3", - "sdkVersion": "8.0.103", - "runtimeVersion": "8.0.3", + "tag": "v8.0.4", + "sdkVersion": "8.0.104", + "runtimeVersion": "8.0.4", + "aspNetCoreVersion": "8.0.4", "sourceRepository": "https://github.com/dotnet/dotnet", - "sourceVersion": "49a39629323839c28481dd42545ce44d11c75c5a" + "sourceVersion": "83659133a1aa2b2d94f9c4ecebfa10d960e27706" } diff --git a/runtime-92274-webcil-s390x.patch b/runtime-92274-webcil-s390x.patch deleted file mode 100644 index 1a39223..0000000 --- a/runtime-92274-webcil-s390x.patch +++ /dev/null @@ -1,260 +0,0 @@ -From 72f310a6c3dccbabf9edc29677b51ed78c87cc67 Mon Sep 17 00:00:00 2001 -From: Sanjam Panda -Date: Tue, 19 Sep 2023 15:16:02 +0200 -Subject: [PATCH 1/3] [wasm] Endian fix for Webcil - -'dotnet new blazorwasm' command failed on s390x and was throwing a not implemented exception - -The issue was with with the WebCil writer and reader, specific endianness conversions relating to the webcil payload were not implemented for big endian machines. - -We considered fixing the generic implementation, but there were only two structures in use: WebcilHeader and WebcilSectionHeader, so it was easier to handle them explicitly. ---- - .../Microsoft.NET.WebAssembly.Webcil.csproj | 1 + - .../WebcilConverter.cs | 35 +++++++++++++----- - .../WebcilReader.cs | 37 +++++++++++++++---- - 3 files changed, 57 insertions(+), 16 deletions(-) - -diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj -index c35eb57e80686..d09ae4a569a59 100644 ---- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj -+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj -@@ -16,6 +16,7 @@ - - - -+ - - - -diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -index a38af7270a2da..7b882c42d579e 100644 ---- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -@@ -2,6 +2,7 @@ - // The .NET Foundation licenses this file to you under the MIT license. - - using System; -+using System.Buffers.Binary; - using System.IO; - using System.Collections.Immutable; - using System.Reflection.PortableExecutable; -@@ -181,9 +182,6 @@ private static void WriteHeader(Stream s, WebcilHeader header) - - private static void WriteSectionHeaders(Stream s, ImmutableArray sectionsHeaders) - { -- // FIXME: fixup endianness -- if (!BitConverter.IsLittleEndian) -- throw new NotImplementedException(); - foreach (var sectionHeader in sectionsHeaders) - { - WriteSectionHeader(s, sectionHeader); -@@ -192,16 +190,38 @@ private static void WriteSectionHeaders(Stream s, ImmutableArray(Stream s, T structure) - where T : unmanaged - { -- // FIXME: fixup endianness -- if (!BitConverter.IsLittleEndian) -- throw new NotImplementedException(); - unsafe - { - byte* p = (byte*)&structure; -@@ -212,9 +232,6 @@ private static void WriteStructure(Stream s, T structure) - private static void WriteStructure(Stream s, T structure) - where T : unmanaged - { -- // FIXME: fixup endianness -- if (!BitConverter.IsLittleEndian) -- throw new NotImplementedException(); - int size = Marshal.SizeOf(); - byte[] buffer = new byte[size]; - IntPtr ptr = IntPtr.Zero; -diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs -index 4f42f82798664..ac4f9d86095a9 100644 ---- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs -+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs -@@ -6,7 +6,7 @@ - using System.IO; - using System.Reflection; - using System.Runtime.InteropServices; -- -+using System.Buffers.Binary; - using System.Reflection.Metadata; - using System.Reflection.PortableExecutable; - -@@ -63,14 +63,20 @@ private unsafe bool ReadHeader() - { - return false; - } -- if (!BitConverter.IsLittleEndian) -- { -- throw new NotImplementedException("TODO: implement big endian support"); -- } - fixed (byte* p = buffer) - { - header = *(WebcilHeader*)p; - } -+ if (!BitConverter.IsLittleEndian) -+ { -+ header.version_major = BinaryPrimitives.ReverseEndianness(header.version_major); -+ header.version_minor = BinaryPrimitives.ReverseEndianness(header.version_minor); -+ header.coff_sections = BinaryPrimitives.ReverseEndianness(header.coff_sections); -+ header.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(header.pe_cli_header_rva); -+ header.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(header.pe_cli_header_size); -+ header.pe_debug_rva = BinaryPrimitives.ReverseEndianness(header.pe_debug_rva); -+ header.pe_debug_rva = BinaryPrimitives.ReverseEndianness(header.pe_debug_size); -+ } - if (header.id[0] != 'W' || header.id[1] != 'b' - || header.id[2] != 'I' || header.id[3] != 'L' - || header.version_major != Internal.Constants.WC_VERSION_MAJOR -@@ -346,6 +352,7 @@ private long TranslateRVA(uint rva) - - private unsafe ImmutableArray ReadSections() - { -+ WebcilSectionHeader secheader; - var sections = ImmutableArray.CreateBuilder(_header.coff_sections); - var buffer = new byte[Marshal.SizeOf()]; - _stream.Seek(SectionDirectoryOffset + _webcilInWasmOffset, SeekOrigin.Begin); -@@ -357,8 +364,24 @@ private unsafe ImmutableArray ReadSections() - } - fixed (byte* p = buffer) - { -- // FIXME endianness -- sections.Add(*(WebcilSectionHeader*)p); -+ secheader = (*(WebcilSectionHeader*)p); -+ } -+ if (!BitConverter.IsLittleEndian) -+ { -+ sections.Add -+ ( -+ new WebcilSectionHeader -+ ( -+ virtualSize: BinaryPrimitives.ReverseEndianness(secheader.VirtualSize), -+ virtualAddress: BinaryPrimitives.ReverseEndianness(secheader.VirtualAddress), -+ sizeOfRawData: BinaryPrimitives.ReverseEndianness(secheader.SizeOfRawData), -+ pointerToRawData: BinaryPrimitives.ReverseEndianness(secheader.PointerToRawData) -+ ) -+ ); -+ } -+ else -+ { -+ sections.Add(secheader); - } - } - return sections.MoveToImmutable(); - -From 0c78184347335db183a38cf6bd26e2fe69160931 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Aleksey=20Kliger=20=28=CE=BBgeek=29?= -Date: Thu, 21 Sep 2023 14:31:12 -0400 -Subject: [PATCH 2/3] Fix infinite recursion - ---- - .../WebcilConverter.cs | 25 ++++++++----------- - 1 file changed, 10 insertions(+), 15 deletions(-) - -diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -index 7b882c42d579e..fc95eded5bc33 100644 ---- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -@@ -177,6 +177,16 @@ public unsafe void GatherInfo(PEReader peReader, out WCFileInfo wcInfo, out PEFi - - private static void WriteHeader(Stream s, WebcilHeader header) - { -+ if (!BitConverter.IsLittleEndian) -+ { -+ webcilHeader.version_major = BinaryPrimitives.ReverseEndianness(webcilHeader.version_major); -+ webcilHeader.version_minor = BinaryPrimitives.ReverseEndianness(webcilHeader.version_minor); -+ webcilHeader.coff_sections = BinaryPrimitives.ReverseEndianness(webcilHeader.coff_sections); -+ webcilHeader.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_rva); -+ webcilHeader.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_size); -+ webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva); -+ webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size); -+ } - WriteStructure(s, header); - } - -@@ -203,21 +213,6 @@ private static void WriteSectionHeader(Stream s, WebcilSectionHeader sectionHead - WriteStructure(s, sectionHeader); - } - -- private static void WriteStructure(Stream s, WebcilHeader webcilHeader) -- { -- if (!BitConverter.IsLittleEndian) -- { -- webcilHeader.version_major = BinaryPrimitives.ReverseEndianness(webcilHeader.version_major); -- webcilHeader.version_minor = BinaryPrimitives.ReverseEndianness(webcilHeader.version_minor); -- webcilHeader.coff_sections = BinaryPrimitives.ReverseEndianness(webcilHeader.coff_sections); -- webcilHeader.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_rva); -- webcilHeader.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_size); -- webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva); -- webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size); -- } -- WriteStructure(s, webcilHeader); -- } -- - #if NETCOREAPP2_1_OR_GREATER - private static void WriteStructure(Stream s, T structure) - where T : unmanaged - -From cecf4f09f0c52340c753811098f0f2d9593049aa Mon Sep 17 00:00:00 2001 -From: Aleksey Kliger -Date: Thu, 21 Sep 2023 14:36:20 -0400 -Subject: [PATCH 3/3] rename var - ---- - src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -index fc95eded5bc33..13c34bde4b8ea 100644 ---- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs -@@ -175,7 +175,7 @@ public unsafe void GatherInfo(PEReader peReader, out WCFileInfo wcInfo, out PEFi - SectionStart: firstWCSection); - } - -- private static void WriteHeader(Stream s, WebcilHeader header) -+ private static void WriteHeader(Stream s, WebcilHeader webcilHeader) - { - if (!BitConverter.IsLittleEndian) - { -@@ -187,7 +187,7 @@ private static void WriteHeader(Stream s, WebcilHeader header) - webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva); - webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size); - } -- WriteStructure(s, header); -+ WriteStructure(s, webcilHeader); - } - - private static void WriteSectionHeaders(Stream s, ImmutableArray sectionsHeaders) diff --git a/runtime-92920-multiple-ssl-dirs.patch b/runtime-92920-multiple-ssl-dirs.patch deleted file mode 100644 index 8ea9c77..0000000 --- a/runtime-92920-multiple-ssl-dirs.patch +++ /dev/null @@ -1,416 +0,0 @@ -From 9aec1e3b0b9ddc02b81bd115399f8951288b261b Mon Sep 17 00:00:00 2001 -From: Tom Deseyn -Date: Wed, 11 Oct 2023 18:32:20 +0200 -Subject: [PATCH] Support specifying multiple directories through SSL_CERT_DIR - -Co-authored-by: Jeremy Barton -Co-authored-by: Kevin Jones ---- - .../OpenSslCachedSystemStoreProvider.cs | 232 +++++++++--------- - .../X509Certificates/X509StoreTests.Unix.cs | 42 +++- - 2 files changed, 157 insertions(+), 117 deletions(-) - -diff --git a/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs b/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs -index 4c9643c01e2..e66b3d1ad11 100644 ---- a/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs -+++ b/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs -@@ -21,14 +21,14 @@ internal sealed class OpenSslCachedSystemStoreProvider : IStorePal - private static readonly TimeSpan s_lastWriteRecheckInterval = TimeSpan.FromSeconds(5); - private static readonly TimeSpan s_assumeInvalidInterval = TimeSpan.FromMinutes(5); - private static readonly Stopwatch s_recheckStopwatch = new Stopwatch(); -- private static DirectoryInfo? s_rootStoreDirectoryInfo = SafeOpenRootDirectoryInfo(); -+ private static string[]? s_rootStoreDirectories; - private static bool s_defaultRootDir; -- private static readonly FileInfo? s_rootStoreFileInfo = SafeOpenRootFileInfo(); -+ private static string? s_rootStoreFile; -+ private static DateTime[]? s_directoryLastWrite; -+ private static DateTime s_fileLastWrite; - - // Use non-Value-Tuple so that it's an atomic update. - private static Tuple? s_nativeCollections; -- private static DateTime s_directoryCertsLastWrite; -- private static DateTime s_fileCertsLastWrite; - - private readonly bool _isRoot; - -@@ -93,18 +93,11 @@ public void Remove(ICertificatePal cert) - { - lock (s_recheckStopwatch) - { -- FileInfo? fileInfo = s_rootStoreFileInfo; -- DirectoryInfo? dirInfo = s_rootStoreDirectoryInfo; -- -- fileInfo?.Refresh(); -- dirInfo?.Refresh(); -- - if (ret == null || - elapsed > s_assumeInvalidInterval || -- (fileInfo != null && fileInfo.Exists && ContentWriteTime(fileInfo) != s_fileCertsLastWrite) || -- (dirInfo != null && dirInfo.Exists && ContentWriteTime(dirInfo) != s_directoryCertsLastWrite)) -+ LastWriteTimesHaveChanged()) - { -- ret = LoadMachineStores(dirInfo, fileInfo); -+ ret = LoadMachineStores(); - } - } - } -@@ -113,9 +106,37 @@ public void Remove(ICertificatePal cert) - return ret; - } - -- private static Tuple LoadMachineStores( -- DirectoryInfo? rootStorePath, -- FileInfo? rootStoreFile) -+ private static bool LastWriteTimesHaveChanged() -+ { -+ Debug.Assert( -+ Monitor.IsEntered(s_recheckStopwatch), -+ "LastWriteTimesHaveChanged assumes a lock(s_recheckStopwatch)"); -+ -+ if (s_rootStoreFile != null) -+ { -+ _ = TryStatFile(s_rootStoreFile, out DateTime lastModified); -+ if (lastModified != s_fileLastWrite) -+ { -+ return true; -+ } -+ } -+ -+ if (s_rootStoreDirectories != null && s_directoryLastWrite != null) -+ { -+ for (int i = 0; i < s_rootStoreDirectories.Length; i++) -+ { -+ _ = TryStatDirectory(s_rootStoreDirectories[i], out DateTime lastModified); -+ if (lastModified != s_directoryLastWrite[i]) -+ { -+ return true; -+ } -+ } -+ } -+ -+ return false; -+ } -+ -+ private static Tuple LoadMachineStores() - { - Debug.Assert( - Monitor.IsEntered(s_recheckStopwatch), -@@ -126,61 +147,76 @@ public void Remove(ICertificatePal cert) - SafeX509StackHandle intermedStore = Interop.Crypto.NewX509Stack(); - Interop.Crypto.CheckValidOpenSslHandle(intermedStore); - -- DateTime newFileTime = default; -- DateTime newDirTime = default; -- - var uniqueRootCerts = new HashSet(); - var uniqueIntermediateCerts = new HashSet(); - bool firstLoad = (s_nativeCollections == null); - -- if (rootStoreFile != null && rootStoreFile.Exists) -+ if (firstLoad) - { -- newFileTime = ContentWriteTime(rootStoreFile); -- ProcessFile(rootStoreFile); -+ s_rootStoreDirectories = GetRootStoreDirectories(out s_defaultRootDir); -+ s_directoryLastWrite = new DateTime[s_rootStoreDirectories.Length]; -+ s_rootStoreFile = GetRootStoreFile(); -+ } -+ else -+ { -+ Debug.Assert(s_rootStoreDirectories is not null); -+ Debug.Assert(s_directoryLastWrite is not null); -+ } -+ -+ if (s_rootStoreFile != null) -+ { -+ ProcessFile(s_rootStoreFile, out s_fileLastWrite); - } - - bool hasStoreData = false; - -- if (rootStorePath != null && rootStorePath.Exists) -+ for (int i = 0; i < s_rootStoreDirectories.Length; i++) - { -- newDirTime = ContentWriteTime(rootStorePath); -- hasStoreData = ProcessDir(rootStorePath); -+ hasStoreData = ProcessDir(s_rootStoreDirectories[i], out s_directoryLastWrite[i]); - } - - if (firstLoad && !hasStoreData && s_defaultRootDir) - { -- DirectoryInfo etcSslCerts = new DirectoryInfo("/etc/ssl/certs"); -- -- if (etcSslCerts.Exists) -+ const string DefaultCertDir = "/etc/ssl/certs"; -+ hasStoreData = ProcessDir(DefaultCertDir, out DateTime lastModified); -+ if (hasStoreData) - { -- DateTime tmpTime = ContentWriteTime(etcSslCerts); -- hasStoreData = ProcessDir(etcSslCerts); -- -- if (hasStoreData) -- { -- newDirTime = tmpTime; -- s_rootStoreDirectoryInfo = etcSslCerts; -- } -+ s_rootStoreDirectories = new[] { DefaultCertDir }; -+ s_directoryLastWrite = new[] { lastModified }; - } - } - -- bool ProcessDir(DirectoryInfo dir) -+ bool ProcessDir(string dir, out DateTime lastModified) - { -+ if (!TryStatDirectory(dir, out lastModified)) -+ { -+ return false; -+ } -+ - bool hasStoreData = false; - -- foreach (FileInfo file in dir.EnumerateFiles()) -+ foreach (string file in Directory.EnumerateFiles(dir)) - { -- hasStoreData |= ProcessFile(file); -+ hasStoreData |= ProcessFile(file, out _, skipStat: true); - } - - return hasStoreData; - } - -- bool ProcessFile(FileInfo file) -+ bool ProcessFile(string file, out DateTime lastModified, bool skipStat = false) - { - bool readData = false; - -- using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(file.FullName, "rb")) -+ if (skipStat) -+ { -+ lastModified = default; -+ } -+ else if (!TryStatFile(file, out lastModified)) -+ { -+ return false; -+ } -+ -+ using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(file, "rb")) - { - // The handle may be invalid, for example when we don't have read permission for the file. - if (fileBio.IsInvalid) -@@ -274,114 +310,78 @@ bool ProcessFile(FileInfo file) - // on every call. - - Volatile.Write(ref s_nativeCollections, newCollections); -- s_directoryCertsLastWrite = newDirTime; -- s_fileCertsLastWrite = newFileTime; - s_recheckStopwatch.Restart(); - return newCollections; - } - -- private static FileInfo? SafeOpenRootFileInfo() -+ private static string? GetRootStoreFile() - { - string? rootFile = Interop.Crypto.GetX509RootStoreFile(); - - if (!string.IsNullOrEmpty(rootFile)) - { -- try -- { -- return new FileInfo(rootFile); -- } -- catch (ArgumentException) -- { -- // If SSL_CERT_FILE is set to the empty string, or anything else which gives -- // "The path is not of a legal form", then the GetX509RootStoreFile value is ignored. -- } -+ return Path.GetFullPath(rootFile); - } - - return null; - } - -- private static DirectoryInfo? SafeOpenRootDirectoryInfo() -+ private static string[] GetRootStoreDirectories(out bool isDefault) - { -- string? rootDirectory = Interop.Crypto.GetX509RootStorePath(out s_defaultRootDir); -+ string rootDirectory = Interop.Crypto.GetX509RootStorePath(out isDefault) ?? ""; - -- if (!string.IsNullOrEmpty(rootDirectory)) -- { -- try -- { -- return new DirectoryInfo(rootDirectory); -- } -- catch (ArgumentException) -- { -- // If SSL_CERT_DIR is set to the empty string, or anything else which gives -- // "The path is not of a legal form", then the GetX509RootStoreFile value is ignored. -- } -- } -- -- return null; -- } -- -- private static DateTime ContentWriteTime(FileInfo info) -- { -- string path = info.FullName; -- string? target = Interop.Sys.ReadLink(path); -- -- if (string.IsNullOrEmpty(target)) -- { -- return info.LastWriteTimeUtc; -- } -+ string[] directories = rootDirectory.Split(Path.PathSeparator, StringSplitOptions.RemoveEmptyEntries); - -- if (target[0] != '/') -+ for (int i = 0; i < directories.Length; i++) - { -- target = Path.Join(info.Directory?.FullName, target); -+ directories[i] = Path.GetFullPath(directories[i]); - } - -- try -+ // Remove duplicates. -+ if (directories.Length > 1) - { -- var targetInfo = new FileInfo(target); -- -- if (targetInfo.Exists) -+ var set = new HashSet(directories, StringComparer.Ordinal); -+ if (set.Count != directories.Length) - { -- return targetInfo.LastWriteTimeUtc; -+ // Preserve the original order. -+ string[] directoriesTrimmed = new string[set.Count]; -+ int j = 0; -+ for (int i = 0; i < directories.Length; i++) -+ { -+ string directory = directories[i]; -+ if (set.Remove(directory)) -+ { -+ directoriesTrimmed[j++] = directory; -+ } -+ } -+ Debug.Assert(set.Count == 0); -+ directories = directoriesTrimmed; - } - } -- catch (ArgumentException) -- { -- // If we can't load information about the link path, just treat it as not a link. -- } - -- return info.LastWriteTimeUtc; -+ return directories; - } - -- private static DateTime ContentWriteTime(DirectoryInfo info) -- { -- string path = info.FullName; -- string? target = Interop.Sys.ReadLink(path); -- -- if (string.IsNullOrEmpty(target)) -- { -- return info.LastWriteTimeUtc; -- } -+ private static bool TryStatFile(string path, out DateTime lastModified) -+ => TryStat(path, Interop.Sys.FileTypes.S_IFREG, out lastModified); - -- if (target[0] != '/') -- { -- target = Path.Join(info.Parent?.FullName, target); -- } -+ private static bool TryStatDirectory(string path, out DateTime lastModified) -+ => TryStat(path, Interop.Sys.FileTypes.S_IFDIR, out lastModified); - -- try -- { -- var targetInfo = new DirectoryInfo(target); -+ private static bool TryStat(string path, int fileType, out DateTime lastModified) -+ { -+ lastModified = default; - -- if (targetInfo.Exists) -- { -- return targetInfo.LastWriteTimeUtc; -- } -- } -- catch (ArgumentException) -+ Interop.Sys.FileStatus status; -+ // Use Stat to follow links. -+ if (Interop.Sys.Stat(path, out status) < 0 || -+ (status.Mode & Interop.Sys.FileTypes.S_IFMT) != fileType) - { -- // If we can't load information about the link path, just treat it as not a link. -+ return false; - } - -- return info.LastWriteTimeUtc; -+ lastModified = DateTime.UnixEpoch + TimeSpan.FromTicks(status.MTime * TimeSpan.TicksPerSecond + status.MTimeNsec / TimeSpan.NanosecondsPerTick); -+ return true; - } - } - } -diff --git a/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs b/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs -index 0efb6c12028..f460d6b9bd6 100644 ---- a/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs -+++ b/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs -@@ -10,7 +10,6 @@ namespace System.Security.Cryptography.X509Certificates.Tests - { - public partial class X509StoreTests - { -- - [ConditionalFact(nameof(NotRunningAsRootAndRemoteExecutorSupported))] // root can read '2.pem' - [PlatformSpecific(TestPlatforms.Linux)] // Windows/OSX doesn't use SSL_CERT_{DIR,FILE}. - private void X509Store_MachineStoreLoadSkipsInvalidFiles() -@@ -50,6 +49,47 @@ private void X509Store_MachineStoreLoadSkipsInvalidFiles() - }, new RemoteInvokeOptions { StartInfo = psi }).Dispose(); - } - -+ [ConditionalFact(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))] -+ [PlatformSpecific(TestPlatforms.Linux)] // Windows/OSX doesn't use SSL_CERT_{DIR,FILE}. -+ private void X509Store_MachineStoreLoadsMutipleSslCertDirectories() -+ { -+ // Create 3 certificates and place them in two directories that will be passed -+ // using SSL_CERT_DIR. -+ string sslCertDir1 = GetTestFilePath(); -+ Directory.CreateDirectory(sslCertDir1); -+ File.WriteAllBytes(Path.Combine(sslCertDir1, "1.pem"), TestData.SelfSigned1PemBytes); -+ File.WriteAllBytes(Path.Combine(sslCertDir1, "2.pem"), TestData.SelfSigned2PemBytes); -+ string sslCertDir2 = GetTestFilePath(); -+ Directory.CreateDirectory(sslCertDir2); -+ File.WriteAllBytes(Path.Combine(sslCertDir2, "3.pem"), TestData.SelfSigned3PemBytes); -+ -+ // Add a non-existing directory after each valid directory to verify they are ignored. -+ string sslCertDir = string.Join(Path.PathSeparator, -+ new[] { -+ sslCertDir1, -+ sslCertDir2, -+ "", // empty string -+ sslCertDir2, // duplicate directory -+ "/invalid2", // path that does not exist -+ }); -+ -+ var psi = new ProcessStartInfo(); -+ psi.Environment.Add("SSL_CERT_DIR", sslCertDir); -+ // Set SSL_CERT_FILE to avoid loading the default bundle file. -+ psi.Environment.Add("SSL_CERT_FILE", "/nonexisting"); -+ RemoteExecutor.Invoke(() => -+ { -+ Assert.NotNull(Environment.GetEnvironmentVariable("SSL_CERT_DIR")); -+ using (var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine)) -+ { -+ store.Open(OpenFlags.OpenExistingOnly); -+ -+ // Check nr of certificates in store. -+ Assert.Equal(3, store.Certificates.Count); -+ } -+ }, new RemoteInvokeOptions { StartInfo = psi }).Dispose(); -+ } -+ - public static bool NotRunningAsRootAndRemoteExecutorSupported => !Environment.IsPrivilegedProcess && RemoteExecutor.IsSupported; - } - } --- -2.41.0 - diff --git a/runtime-re-enable-implicit-rejection.patch b/runtime-re-enable-implicit-rejection.patch index 5276e79..841850f 100644 --- a/runtime-re-enable-implicit-rejection.patch +++ b/runtime-re-enable-implicit-rejection.patch @@ -71,9 +71,9 @@ index 39f3ebc82ec..5b97f468a42 100644 - } - } - - public static IEnumerable OaepPaddingModes + [Fact] + public void Decrypt_Pkcs1_BadPadding() { - get @@ -757,23 +746,5 @@ public static IEnumerable OaepPaddingModes } } diff --git a/sources b/sources index 1587d42..be22525 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dotnet-8.0.3.tar.gz) = ba5f17716a61e954c1191ef01671b255192161b6d642c225ce2b733cc14586b8edf275a26c475de20896351f970ed4298dd45a9bb7d51b318691f86c552a7e3f -SHA512 (dotnet-8.0.3.tar.gz.sig) = 7783a0831c94778d062e5f3701cf816b5e4543bddea22633601329a3f2507ee657fa9a3d1f4e0c04f714c60f575ab38173026f31e4fdc8cab0727f6d8398043f +SHA512 (dotnet-8.0.4.tar.gz) = 1b00d0ce342c174249d947a7b6d859d7de98937a2ca7fef68e73b10cc8d40da208be9eca2461f62b866a88453ad46dc6e5df4b77d36681e83532d27a271d93b9 +SHA512 (dotnet-8.0.4.tar.gz.sig) = f5c9bf1d58e804b15f32144f4003c51e2e05c5e758a5c2b6474387594363327ebfc3370ccbcb1d814380f3628527e6dc792d56e9c50aa36440f5d5da8fae7a5a