Disable packages provided by another .NET version

Disable dotnet-host and netstandard-targeting-pack-2.1 subpackages which
duplicate the packages provided by the dotnet9.0 SRPM. Providing these
duplicates packages causes issues in composing and dependency-testing.

Related: RHEL-60801

.gitignore

@@ -33,3 +33,20 @@
 /dotnet-prebuilts-8.0.100-rc.1.23410.12-arm64.tar.gz
 /dotnet-prebuilts-8.0.100-rc.1.23410.12-ppc64le.tar.gz
 /dotnet-prebuilts-8.0.100-rc.1.23410.12-s390x.tar.gz
+/dotnet-v8.0.0-rc.1.23419.4.tar.gz
+/dotnet-v8.0.0-rc.2.23479.6.tar.gz
+/dotnet-v8.0.0.tar.gz
+/dotnet-v8.0.1.tar.gz
+/dotnet-v8.0.2.tar.gz
+/dotnet-8.0.3.tar.gz
+/dotnet-8.0.3.tar.gz.sig
+/dotnet-8.0.4.tar.gz
+/dotnet-8.0.4.tar.gz.sig
+/dotnet-8.0.5.tar.gz
+/dotnet-8.0.5.tar.gz.sig
+/dotnet-8.0.7.tar.gz
+/dotnet-8.0.7.tar.gz.sig
+/dotnet-8.0.8.tar.gz
+/dotnet-8.0.8.tar.gz.sig
+/dotnet-8.0.10.tar.gz
+/dotnet-8.0.10.tar.gz.sig

dotnet8.0.spec

@@ -1,4 +1,4 @@
-%bcond_without bootstrap
+%bcond_with bootstrap
 
 # LTO triggers a compilation error for a source level issue.  Given that LTO should not
 # change the validity of any given source and the nature of the error (undefined enum), I
@@ -8,22 +8,25 @@
 
 %global dotnetver 8.0
 
-%global host_version 8.0.0-rc.1.23419.4
+# Only the package for the latest dotnet version should provide RPMs like
-%global runtime_version 8.0.0-rc.1.23419.4
+# dotnet-host and netstandard-targeting-pack-2.1
-%global aspnetcore_runtime_version 8.0.0-rc.1.23421.29
+%global is_latest_dotnet 0
-%global sdk_version 8.0.100-rc.1.23455.1
+
+%global host_version 8.0.10
+%global runtime_version 8.0.10
+%global aspnetcore_runtime_version %{runtime_version}
+%global sdk_version 8.0.110
 %global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|')
-%global templates_version 8.0.0-rc.1.23421.29
+%global templates_version %{runtime_version}
 #%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
 
-# upstream can produce releases with a different tag than the SDK version
+%global upstream_tag v%{runtime_version}
-%global upstream_tag v8.0.0-rc.1.23419.4
 %global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||')
 
-%global host_rpm_version 8.0.0~rc.1
+%global host_rpm_version %{host_version}
-%global runtime_rpm_version 8.0.0~rc.1
+%global runtime_rpm_version %{runtime_version}
-%global aspnetcore_runtime_rpm_version 8.0.0~rc.1
+%global aspnetcore_runtime_rpm_version %{aspnetcore_runtime_version}
-%global sdk_rpm_version 8.0.100~rc.1
+%global sdk_rpm_version %{sdk_version}
 
 %if 0%{?fedora} || 0%{?rhel} < 8
 %global use_bundled_libunwind 0
@@ -48,13 +51,13 @@
 %global runtime_arch x64
 %endif
 
-%global mono_archs s390x ppc64le
+%global mono_archs ppc64le s390x
 
 %{!?runtime_id:%global runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{runtime_arch}}
 
 Name:           dotnet%{dotnetver}
 Version:        %{sdk_rpm_version}
-Release:        0.2%{?dist}
+Release:        3%{?dist}
 Summary:        .NET Runtime and SDK
 License:        0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib
 
@@ -73,16 +76,12 @@ Source2:        dotnet-prebuilts-%{bootstrap_sdk_version}-ppc64le.tar.gz
 # Generated manually, same pattern as the arm64 tarball
 Source3:        dotnet-prebuilts-%{bootstrap_sdk_version}-s390x.tar.gz
 %else
-# For non-releases, the source is generated on a Fedora box via:
+Source0:        https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz
-# ./build-dotnet-tarball %%{upstream_tag} or commit
+Source1:        https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz.sig
-%global tarball_name dotnet-sdk-source-%{upstream_tag}
+Source2:        https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc
-Source0:        https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag}.tar.gz
 %endif
 Source5:        https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json
 
-#Source10:       %%{tarball_name}-nm-dev.tgz
-#Source11:       %%{tarball_name}-nm-prod.tgz
-
 Source20:       check-debug-symbols.py
 Source21:       dotnet.sh.in
 
@@ -90,18 +89,18 @@ Source21:       dotnet.sh.in
 Patch1:         roslyn-analyzers-ppc64le-apphost.patch
 # https://github.com/dotnet/source-build/discussions/3481
 Patch2:         vstest-intent-net8.0.patch
-# https://github.com/dotnet/source-build/issues/3571
+# https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
-Patch3:         fix-mono-typeloadexception.patch
+Patch3:         runtime-re-enable-implicit-rejection.patch
-# https://github.com/dotnet/runtime/pull/91008
+# https://github.com/dotnet/msbuild/pull/9449
-Patch4:         runtime-91008-mono-var-opcode-OP_REGOFFSET.patch
+Patch4:         msbuild-9449-exec-stop-setting-a-locale.patch
-# https://github.com/dotnet/runtime/pull/91865
+# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
-Patch5:         runtime-91865-arm64-page-size.patch
+# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message
+# digests used for the signature are not treated as fatal errors.
+# https://issues.redhat.com/browse/RHEL-25254
+Patch5:         runtime-openssl-sha1.patch
+
 
-%if 0%{?fedora} || 0%{?rhel} >= 8
 ExclusiveArch:  aarch64 ppc64le s390x x86_64
-%else
-ExclusiveArch:  x86_64
-%endif
 
 
 BuildRequires:  clang
@@ -116,6 +115,7 @@ BuildRequires:  git
 %if 0%{?fedora} || 0%{?rhel} > 7
 BuildRequires:  glibc-langpack-en
 %endif
+BuildRequires:  gnupg2
 BuildRequires:  hostname
 BuildRequires:  krb5-devel
 BuildRequires:  libicu-devel
@@ -269,6 +269,18 @@ It particularly focuses on creating console applications, web
 applications and micro-services.
 
 
+%package -n dotnet-runtime-dbg-%{dotnetver}
+
+Version:        %{runtime_rpm_version}
+Summary:        Managed debug symbols NET %{dotnetver} runtime
+
+Requires:       dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release}
+
+%description -n dotnet-runtime-dbg-%{dotnetver}
+This package contains the managed symbol (pdb) files useful to debug the
+managed parts of the .NET runtime itself.
+
+
 %package -n aspnetcore-runtime-%{dotnetver}
 
 Version:        %{aspnetcore_runtime_rpm_version}
@@ -288,6 +300,18 @@ It particularly focuses on creating console applications, web
 applications and micro-services.
 
 
+%package -n aspnetcore-runtime-dbg-%{dotnetver}
+
+Version:        %{aspnetcore_runtime_rpm_version}
+Summary:        Managed debug symbols for the ASP.NET Core %{dotnetver} runtime
+
+Requires:       aspnetcore-runtime-%{dotnetver}%{?_isa} = %{aspnetcore_runtime_rpm_version}-%{release}
+
+%description -n aspnetcore-runtime-dbg-%{dotnetver}
+This package contains the managed symbol (pdb) files useful to debug the
+managed parts of the ASP.NET Core runtime itself.
+
+
 %package -n dotnet-templates-%{dotnetver}
 
 Version:        %{sdk_rpm_version}
@@ -335,6 +359,18 @@ It particularly focuses on creating console applications, web
 applications and micro-services.
 
 
+%package -n dotnet-sdk-dbg-%{dotnetver}
+
+Version:        %{sdk_rpm_version}
+Summary:        Managed debug symbols for the .NET %{dotnetver} Software Development Kit
+
+Requires:       dotnet-sdk-%{dotnetver}%{?_isa} = %{sdk_rpm_version}-%{release}
+
+%description -n dotnet-sdk-dbg-%{dotnetver}
+This package contains the managed symbol (pdb) files useful to debug the .NET
+Software Development Kit (SDK) itself.
+
+
 %global dotnet_targeting_pack() %{expand:
 %package -n %{1}
 
@@ -356,7 +392,9 @@ applications using the .NET SDK.
 %dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id}
 %dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Ref
 %dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref
+%if %{is_latest_dotnet}
 %dotnet_targeting_pack netstandard-targeting-pack-2.1 %{sdk_rpm_version} NETStandard.Library 2.1 NETStandard.Library.Ref
+%endif
 
 
 %package -n dotnet-sdk-%{dotnetver}-source-built-artifacts
@@ -372,6 +410,8 @@ These are not meant for general use.
 
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+
 release_json_tag=$(grep tag %{SOURCE5} | cut -d: -f2 | sed -E 's/[," ]*//g')
 if [[ ${release_json_tag} != %{upstream_tag} ]]; then
    echo "error: tag in release.json doesn't match tag in spec file"
@@ -379,7 +419,7 @@ if [[ ${release_json_tag} != %{upstream_tag} ]]; then
 fi
 
 %if %{without bootstrap}
-%setup -q -n dotnet-%{upstream_tag}
+%setup -q -n dotnet-%{upstream_tag_without_v}
 
 # Remove all prebuilts
 find -iname '*.dll' -type f -delete
@@ -541,8 +581,9 @@ if [[ $(find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print | wc -l) != 1 ]]
 fi
 
 # Install managed symbols
-tar xf artifacts/%{runtime_arch}/Release/dotnet-runtime-symbols-%{runtime_id}-%{runtime_version}.tar.gz \
+tar xf artifacts/%{runtime_arch}/Release/dotnet-symbols-sdk-%{sdk_version}*-%{runtime_id}.tar.gz \
-   -C %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}/
+   -C %{buildroot}%{_libdir}/dotnet/
+find %{buildroot}%{_libdir}/dotnet/packs -iname '*.pdb' -delete
 
 # Fix executable permissions on files
 find %{buildroot}%{_libdir}/dotnet/ -type f -name 'apphost' -exec chmod +x {} \;
@@ -559,6 +600,7 @@ find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {}
 find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \;
 find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \;
 
+%if %{is_latest_dotnet}
 install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/
 install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/
 
@@ -583,6 +625,7 @@ echo "%{_libdir}/dotnet" >> install_location
 install install_location %{buildroot}%{_sysconfdir}/dotnet/
 echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch}
 install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/
+%endif
 
 install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts
 install -m 0644 artifacts/%{runtime_arch}/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/
@@ -598,6 +641,27 @@ echo "Testing build results for debug symbols..."
 %{SOURCE20} -v %{buildroot}%{_libdir}/dotnet/
 
 
+find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-non-dbg-files
+find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -name '*.pdb'  | sed -E 's|%{buildroot}||' > dotnet-runtime-dbg-files
+find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -and -not -name '*.pdb'  | sed -E 's|%{buildroot}||' > aspnetcore-runtime-non-dbg-files
+find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-dbg-files
+find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildroot}||' | sed -E 's|^|%dir |' > dotnet-sdk-non-dbg-files
+find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files
+find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb'  | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files
+
+%if %{is_latest_dotnet} == 0
+# If this is an older version, self-test now, before we delete files. After we
+# delete files, we will not have everything we need to self-test in %%check.
+%{buildroot}%{_libdir}/dotnet/dotnet --info
+%{buildroot}%{_libdir}/dotnet/dotnet --version
+
+# Provided by dotnet-host from another SRPM
+rm %{buildroot}%{_libdir}/dotnet/LICENSE.txt
+rm %{buildroot}%{_libdir}/dotnet/ThirdPartyNotices.txt
+rm %{buildroot}%{_libdir}/dotnet/dotnet
+# Provided by netstandard-targeting-pack-2.1 from another SRPM
+rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
+%endif
 
 %check
 %if 0%{?fedora} > 35
@@ -605,8 +669,10 @@ echo "Testing build results for debug symbols..."
 export COMPlus_LTTng=0
 %endif
 
+%if %{is_latest_dotnet}
 %{buildroot}%{_libdir}/dotnet/dotnet --info
 %{buildroot}%{_libdir}/dotnet/dotnet --version
+%endif
 
 
 %if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 )
@@ -614,6 +680,7 @@ export COMPlus_LTTng=0
 # empty package useful for dependencies
 %endif
 
+%if %{is_latest_dotnet}
 %files -n dotnet-host
 %dir %{_libdir}/dotnet
 %{_libdir}/dotnet/dotnet
@@ -629,41 +696,119 @@ export COMPlus_LTTng=0
 %dir %{_datadir}/bash-completion
 %dir %{_datadir}/bash-completion/completions
 %{_datadir}/bash-completion/completions/dotnet
+%endif
 
 %files -n dotnet-hostfxr-%{dotnetver}
 %dir %{_libdir}/dotnet/host/fxr
 %{_libdir}/dotnet/host/fxr/%{host_version}
 
-%files -n dotnet-runtime-%{dotnetver}
+%files -n dotnet-runtime-%{dotnetver} -f dotnet-runtime-non-dbg-files
 %dir %{_libdir}/dotnet/shared
 %dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App
-%{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}
+%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}
 
-%files -n aspnetcore-runtime-%{dotnetver}
+%files -n dotnet-runtime-dbg-%{dotnetver} -f dotnet-runtime-dbg-files
+
+%files -n aspnetcore-runtime-%{dotnetver} -f aspnetcore-runtime-non-dbg-files
 %dir %{_libdir}/dotnet/shared
 %dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App
-%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}
+%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}
+
+%files -n aspnetcore-runtime-dbg-%{dotnetver} -f aspnetcore-runtime-dbg-files
 
 %files -n dotnet-templates-%{dotnetver}
 %dir %{_libdir}/dotnet/templates
 %{_libdir}/dotnet/templates/%{templates_version}
 
-%files -n dotnet-sdk-%{dotnetver}
+%files -n dotnet-sdk-%{dotnetver} -f dotnet-sdk-non-dbg-files
 %dir %{_libdir}/dotnet/sdk
-%{_libdir}/dotnet/sdk/%{sdk_version}
 %dir %{_libdir}/dotnet/sdk-manifests
 %{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}*
 %{_libdir}/dotnet/metadata
 %dir %{_libdir}/dotnet/packs
+%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}
 %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version}
+%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}
 %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version}
 
+%files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files
+
 %files -n dotnet-sdk-%{dotnetver}-source-built-artifacts
 %dir %{_libdir}/dotnet
 %{_libdir}/dotnet/source-built-artifacts
 
 
 %changelog
+* Fri Oct 18 2024 Omair Majid <omajid@redhat.com> - 8.0.110-3
+- Disable packages provided by another .NET version
+- Related: RHEL-60801
+
+* Tue Oct 15 2024 Omair Majid <omajid@redhat.com> - 8.0.110-2
+- Update to .NET SDK 8.0.110 and Runtime 8.0.10
+- Resolves: RHEL-60801
+
+* Wed Aug 14 2024 Omair Majid <omajid@redhat.com> - 8.0.108-2
+- Update to .NET SDK 8.0.108 and Runtime 8.0.8
+- Resolves: RHEL-52387
+
+* Wed Jul 10 2024 Omair Majid <omajid@redhat.com> - 8.0.107-3
+- Fix ownership of some missed directories
+- Resolves: RHEL-47079
+
+* Tue Jul 09 2024 Omair Majid <omajid@redhat.com> - 8.0.107-2
+- Update to .NET SDK 8.0.107 and Runtime 8.0.7
+- Resolves: RHEL-45323
+
+* Wed May 15 2024 Omair Majid <omajid@redhat.com> - 8.0.105-2
+- Update to .NET SDK 8.0.105 and Runtime 8.0.5
+- Resolves: RHEL-35315
+
+* Tue Apr 09 2024 Omair Majid <omajid@redhat.com> - 8.0.104-2
+- Update to .NET SDK 8.0.104 and Runtime 8.0.4
+- Resolves: RHEL-31208
+
+* Sun Mar 31 2024 Tom Deseyn <tom.deseyn@gmail.com> - 8.0.103-3
+- We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
+  A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message
+  digests used for the signature are not treated as fatal errors.
+- Resolves: RHEL-28344
+
+* Tue Mar 19 2024 Omair Majid <omajid@redhat.com> - 8.0.103-2
+- Update to .NET SDK 8.0.103 and Runtime 8.0.3
+- Resolves: RHEL-27553
+
+* Tue Feb 20 2024 Tom Deseyn <tom.deseyn@gmail.com> - 8.0.102-3
+- Backport MSBuild locale fix
+- Resolves: RHEL-23936
+
+* Wed Feb 14 2024 Omair Majid <omajid@redhat.com> - 8.0.102-2
+- Update to .NET SDK 8.0.102 and Runtime 8.0.2
+- Resolves: RHEL-23804
+
+* Mon Jan 29 2024 Omair Majid <omajid@redhat.com> - 8.0.101-3
+- Add -dbg subpackages for symbol files
+- Resolves: RHEL-23070
+
+* Mon Jan 15 2024 Omair Majid <omajid@redhat.com> - 8.0.101-2
+- Update to .NET SDK 8.0.101 and Runtime 8.0.1
+- Resolves: RHEL-19803
+
+* Wed Nov 15 2023 Omair Majid <omajid@redhat.com> - 8.0.100-3
+- Update to .NET SDK 8.0.100 and Runtime 8.0.0
+- Resolves: RHEL-15352
+
+* Mon Oct 16 2023 Omair Majid <omajid@redhat.com> - 8.0.100~rc.2-0.1
+- Update to .NET 8 RC 2
+- Resolves: RHEL-13790
+
+* Thu Sep 28 2023 Omair Majid <omajid@redhat.com> - 8.0.100~rc.1-0.4
+- Disable bootstrap
+- Related: RHEL-4074
+
+* Wed Sep 27 2023 Omair Majid <omajid@redhat.com> - 8.0.100~rc.1-0.3
+- Add backported patches for additional s390x issues
+- Related: RHEL-4074
+
 * Mon Sep 18 2023 Omair Majid <omajid@redhat.com> - 8.0.100~rc.1-0.2
 - Add patches to fix mono and arm64 issues
 - Include libmono-*.a files in the SDK

fix-mono-typeloadexception.patch

@@ -1,23 +0,0 @@
-From 02f6303d86672997ec2e6b79b16d5ddbf52118a0 Mon Sep 17 00:00:00 2001
-From: Tom Deseyn <tom.deseyn@gmail.com>
-Date: Tue, 22 Aug 2023 14:52:36 +0200
-Subject: [PATCH] Avoid loading System.Security.Permissions.
-
-source-built Mono fails to load types from this assembly.
----
- src/msbuild/src/Shared/ExceptionHandling.cs | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/msbuild/src/Shared/ExceptionHandling.cs b/src/msbuild/src/Shared/ExceptionHandling.cs
-index a7ef74e873..3dce645df1 100644
---- a/src/msbuild/src/Shared/ExceptionHandling.cs
-+++ b/src/msbuild/src/Shared/ExceptionHandling.cs
-@@ -167,7 +167,7 @@ internal static bool IsIoRelatedException(Exception e)
-         internal static bool IsXmlException(Exception e)
-         {
-             return e is XmlException
--                || e is XmlSyntaxException
-+                // || e is XmlSyntaxException
-                 || e is XmlSchemaException
-                 || e is UriFormatException; // XmlTextReader for example uses this under the covers
-         }

msbuild-9449-exec-stop-setting-a-locale.patch

@@ -0,0 +1,104 @@
+From 68fa6537305beda5cb059c898349f37bda285ca7 Mon Sep 17 00:00:00 2001
+From: Tom Deseyn <tom.deseyn@gmail.com>
+Date: Thu, 1 Feb 2024 09:23:16 +0100
+Subject: [PATCH 1/1] Exec: stop setting a locale on Unix.
+
+This backports a fix that is part of Microsoft's upcoming
+8.0.2xx SDK to the 8.0.1xx SDK that we package.
+
+This fix stops MSBuild Exec from printing warnings and/or
+failing in bash envionments where the glibc en_US locale
+is not available (which is common in container images).
+
+The backport includes the changewave opt-out that allows
+users to revert back to the previous behavior by setting
+the MSBUILDDISABLEFEATURESFROMVERSION envvar to the
+version where the feature is introduced ("17.10").
+---
+ src/msbuild/src/Framework/ChangeWaves.cs      |  3 +-
+ src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs | 36 +++++++++++++++++++
+ src/msbuild/src/Tasks/Exec.cs                 |  7 +++-
+ 3 files changed, 44 insertions(+), 2 deletions(-)
+
+diff --git a/src/msbuild/src/Framework/ChangeWaves.cs b/src/msbuild/src/Framework/ChangeWaves.cs
+index 0050723798..1f925324ac 100644
+--- a/src/msbuild/src/Framework/ChangeWaves.cs
++++ b/src/msbuild/src/Framework/ChangeWaves.cs
+@@ -27,7 +27,8 @@ namespace Microsoft.Build.Framework
+         internal static readonly Version Wave17_4 = new Version(17, 4);
+         internal static readonly Version Wave17_6 = new Version(17, 6);
+         internal static readonly Version Wave17_8 = new Version(17, 8);
+-        internal static readonly Version[] AllWaves = { Wave17_4, Wave17_6, Wave17_8 };
++        internal static readonly Version Wave17_10 = new Version(17, 10);
++        internal static readonly Version[] AllWaves = { Wave17_4, Wave17_6, Wave17_8, Wave17_10 };
+ 
+         /// <summary>
+         /// Special value indicating that all features behind all Change Waves should be enabled.
+diff --git a/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs b/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs
+index cb468a6cce..c0598e4978 100644
+--- a/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs
++++ b/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs
+@@ -69,6 +69,42 @@ namespace Microsoft.Build.UnitTests
+             }
+         }
+ 
++        [UnixOnlyTheory]
++        [InlineData(true)]
++        [InlineData(false)]
++        public void ExecSetsLocaleOnUnix(bool enableChangeWave)
++        {
++            using (var env = TestEnvironment.Create())
++            {
++                env.SetEnvironmentVariable("LANG", null);
++                env.SetEnvironmentVariable("LC_ALL", null);
++
++                if (enableChangeWave)
++                {
++                    ChangeWaves.ResetStateForTests();
++                    // Important: use the version here
++                    env.SetEnvironmentVariable("MSBUILDDISABLEFEATURESFROMVERSION", ChangeWaves.Wave17_10.ToString());
++                    BuildEnvironmentHelper.ResetInstance_ForUnitTestsOnly();
++                }
++
++                Exec exec = PrepareExec("echo LANG=$LANG; echo LC_ALL=$LC_ALL;");
++                bool result = exec.Execute();
++                Assert.True(result);
++
++                MockEngine engine = (MockEngine)exec.BuildEngine;
++                if (enableChangeWave)
++                {
++                    engine.AssertLogContains("LANG=en_US.UTF-8");
++                    engine.AssertLogContains("LC_ALL=en_US.UTF-8");
++                }
++                else
++                {
++                    engine.AssertLogDoesntContain("LANG=en_US.UTF-8");
++                    engine.AssertLogDoesntContain("LC_ALL=en_US.UTF-8");
++                }
++            }
++        }
++
+         /// <summary>
+         /// Ensures that calling the Exec task does not leave any extra TEMP files
+         /// lying around.
+diff --git a/src/msbuild/src/Tasks/Exec.cs b/src/msbuild/src/Tasks/Exec.cs
+index dbf4be1fc5..9faaa68887 100644
+--- a/src/msbuild/src/Tasks/Exec.cs
++++ b/src/msbuild/src/Tasks/Exec.cs
+@@ -591,7 +591,12 @@ namespace Microsoft.Build.Tasks
+             {
+                 commandLine.AppendSwitch("-c");
+                 commandLine.AppendTextUnquoted(" \"");
+-                commandLine.AppendTextUnquoted("export LANG=en_US.UTF-8; export LC_ALL=en_US.UTF-8; . ");
++                bool setLocale = !ChangeWaves.AreFeaturesEnabled(ChangeWaves.Wave17_10);
++                if (setLocale)
++                {
++                    commandLine.AppendTextUnquoted("export LANG=en_US.UTF-8; export LC_ALL=en_US.UTF-8; ");
++                }
++                commandLine.AppendTextUnquoted(". ");
+                 commandLine.AppendFileNameIfNotNull(batchFileForCommandLine);
+                 commandLine.AppendTextUnquoted("\"");
+             }
+-- 
+2.43.0
+

release-key-2023.asc

@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: BSN Pgp v1.1.0.0
+
+mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA
+vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX
+zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp
+pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr
+EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa
+b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+
+Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5
+4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V
+xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX
+fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5
+9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB
+tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ
+CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo
+BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2
+feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh
+w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4
+W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD
++clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ
+J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1
+KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq
+QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh
+0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm
+wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x
+Sr+CkhS8vrktfnRgc8yBssJnvNfqXA==
+=pKgS
+-----END PGP PUBLIC KEY BLOCK-----

release.json

@@ -1,9 +1,10 @@
 {
-  "release": "8.0.0-rc.1",
+  "release": "8.0.10",
   "channel": "8.0",
-  "tag": "v8.0.0-rc.1.23419.4",
+  "tag": "v8.0.10",
-  "sdkVersion": "8.0.100-rc.1.23455.8",
+  "sdkVersion": "8.0.110",
-  "runtimeVersion": "8.0.0-rc.1.23419.4",
+  "runtimeVersion": "8.0.10",
+  "aspNetCoreVersion": "8.0.10",
   "sourceRepository": "https://github.com/dotnet/dotnet",
-  "sourceVersion": "113d797bc90104bb4f1cc51e1a462cf3d4ef18fc"
+  "sourceVersion": "8922fe64a1903ed4e35e24568efb056b3e0fad43"
 }

runtime-91008-mono-var-opcode-OP_REGOFFSET.patch

@@ -1,29 +0,0 @@
-From a73b8bacfcc5819926bc05173ab2f7850eb00da3 Mon Sep 17 00:00:00 2001
-From: Ulrich Weigand <ulrich.weigand@de.ibm.com>
-Date: Wed, 23 Aug 2023 21:11:37 +0200
-Subject: [PATCH] [mono] Handle enum return type when inlining CreateInstance
-
-Use underlying base type when deciding how to inline a
-CreateInstance invocation in mini_emit_inst_for_method.
-
-Fixes https://github.com/dotnet/runtime/issues/90292
-(Mono abort causing .NET 8 msbuild regression).
----
- src/mono/mono/mini/intrinsics.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/runtime/src/mono/mono/mini/intrinsics.c b/src/runtime/src/mono/mono/mini/intrinsics.c
-index b1e5e76723147..ef77b7dc89f2e 100644
---- a/src/runtime/src/mono/mono/mini/intrinsics.c
-+++ b//src/runtimesrc/mono/mono/mini/intrinsics.c
-@@ -2079,7 +2079,9 @@ mini_emit_inst_for_method (MonoCompile *cfg, MonoMethod *cmethod, MonoMethodSign
- 			MonoType *t = method_context->method_inst->type_argv [0];
- 			MonoClass *arg0 = mono_class_from_mono_type_internal (t);
- 			if (m_class_is_valuetype (arg0) && !mono_class_has_default_constructor (arg0, FALSE)) {
--				if (m_class_is_primitive (arg0)) {
-+				if (m_class_is_primitive (arg0) || m_class_is_enumtype (arg0)) {
-+					if (m_class_is_enumtype (arg0))
-+						t = mono_class_enum_basetype_internal (arg0);
- 					int dreg = alloc_dreg (cfg, mini_type_to_stack_type (cfg, t));
- 					mini_emit_init_rvar (cfg, dreg, t);
- 					ins = cfg->cbb->last_ins;

runtime-91865-arm64-page-size.patch

@@ -1,39 +0,0 @@
-From 7d3b041c09aa1d6cf532e64d24b75a7e5bd4d106 Mon Sep 17 00:00:00 2001
-From: Tom Deseyn <tom.deseyn@gmail.com>
-Date: Tue, 12 Sep 2023 07:43:45 +0200
-Subject: [PATCH] Limit special diagnostics size region to 4KiB.
-
-This fixes out-of-bounds access when trying to write the
-diagnostics info on platforms where the PAGE_SIZE is larger
-than the DumpWriter's 16KiB m_tempBuffer.
----
- src/coreclr/debug/createdump/crashinfo.cpp     | 2 +-
- src/coreclr/debug/createdump/specialdiaginfo.h | 2 ++
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/runtime/src/coreclr/debug/createdump/crashinfo.cpp b/src/runtime/src/coreclr/debug/createdump/crashinfo.cpp
-index ef903767ba027..8af6ec4a54f5b 100644
---- a/src/runtime/src/coreclr/debug/createdump/crashinfo.cpp
-+++ b/src/runtime/src/coreclr/debug/createdump/crashinfo.cpp
-@@ -195,7 +195,7 @@ CrashInfo::GatherCrashInfo(DumpType dumpType)
-         return false;
-     }
-     // Add the special (fake) memory region for the special diagnostics info
--    MemoryRegion special(PF_R, SpecialDiagInfoAddress, SpecialDiagInfoAddress + PAGE_SIZE);
-+    MemoryRegion special(PF_R, SpecialDiagInfoAddress, SpecialDiagInfoAddress + SpecialDiagInfoSize);
-     m_memoryRegions.insert(special);
- #ifdef __APPLE__
-     InitializeOtherMappings();
-diff --git a/src/runtime/src/coreclr/debug/createdump/specialdiaginfo.h b/src/runtime/src/coreclr/debug/createdump/specialdiaginfo.h
-index 3a04a9f551e6d..a857129c9c91f 100644
---- a/src/runtime/src/coreclr/debug/createdump/specialdiaginfo.h
-+++ b/src/runtime/src/coreclr/debug/createdump/specialdiaginfo.h
-@@ -24,6 +24,8 @@ const uint64_t SpecialDiagInfoAddress = 0x7fff1000;
- #endif
- #endif
- 
-+const uint64_t SpecialDiagInfoSize = 0x1000;
-+
- struct SpecialDiagInfoHeader
- {
-     char Signature[16];

runtime-openssl-sha1.patch

@@ -0,0 +1,34 @@
+From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
+From: Tom Deseyn <tom.deseyn@gmail.com>
+Date: Wed, 28 Feb 2024 14:08:15 +0100
+Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
+
+RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
+validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
+with a chain where the last certificate uses a SHA-1 signature.
+
+This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
+OpenSSL behavior for certificate validation.
+---
+ .../libs/System.Security.Cryptography.Native/pal_x509.c      | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
+index 04c6ba06cd..2cd3413dae 100644
+--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
+@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
+ 
+     int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
+ 
+-    if (val != 0)
+-    {
+-        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
+-    }
+-
+     return val;
+ }
+ 
+-- 
+2.43.2
+

runtime-re-enable-implicit-rejection.patch

@@ -0,0 +1,142 @@
+From 5fdc289903bd3a77d455583650b00297da0cae8f Mon Sep 17 00:00:00 2001
+From: Omair Majid <omajid@redhat.com>
+Date: Fri, 2 Feb 2024 15:51:23 -0500
+Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95216)"
+
+This reverts commit a5fc8ff9b03ffb2fdb81dad524ad1a20a0714995.
+
+To quote Clemens Lang:
+
+> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle
+> attack against PKCS#1v1.5 decryption. See
+> https://people.redhat.com/~hkario/marvin/ for details and
+> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a
+> comment by the researcher who published the vulnerability and proposed the
+> change in OpenSSL.
+
+For more details, see:
+https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
+---
+ .../RSA/EncryptDecrypt.cs                     | 49 ++++---------------
+ .../opensslshim.h                             |  6 ---
+ .../pal_evp_pkey_rsa.c                        | 13 -----
+ 3 files changed, 10 insertions(+), 58 deletions(-)
+
+diff --git a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+index 39f3ebc82ec..5b97f468a42 100644
+--- a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
++++ b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+@@ -353,10 +353,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
+             Assert.Equal(TestData.HelloBytes, output);
+         }
+ 
+-        [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))]
++        [ConditionalFact]
+         [SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)]
+         public void RoundtripEmptyArray()
+         {
++            if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
++            {
++                throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data.");
++            }
++            if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
++            {
++                throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data.");
++            }
++
+             using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
+             {
+                 void RoundtripEmpty(RSAEncryptionPadding paddingMode)
+@@ -757,23 +746,5 @@ public static IEnumerable<object[]> OaepPaddingModes
+                 }
+             }
+         }
+-
+-        public static bool PlatformSupportsEmptyRSAEncryption
+-        {
+-            get
+-            {
+-                if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
+-                {
+-                    return false;
+-                }
+-
+-                if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
+-                {
+-                    return false;
+-                }
+-
+-                return true;
+-            }
+-        }
+     }
+ }
+diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
+index 0748e305d5c..cf10d2f7949 100644
+--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
+@@ -296,10 +296,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
+     REQUIRED_FUNCTION(ERR_peek_error) \
+     REQUIRED_FUNCTION(ERR_peek_error_line) \
+     REQUIRED_FUNCTION(ERR_peek_last_error) \
+-    REQUIRED_FUNCTION(ERR_pop_to_mark) \
+     FALLBACK_FUNCTION(ERR_put_error) \
+     REQUIRED_FUNCTION(ERR_reason_error_string) \
+-    REQUIRED_FUNCTION(ERR_set_mark) \
+     LIGHTUP_FUNCTION(ERR_set_debug) \
+     LIGHTUP_FUNCTION(ERR_set_error) \
+     REQUIRED_FUNCTION(EVP_aes_128_cbc) \
+@@ -355,7 +353,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
+     REQUIRED_FUNCTION(EVP_PKCS82PKEY) \
+     REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \
+-    REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \
+     REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \
+@@ -797,10 +794,8 @@ FOR_ALL_OPENSSL_FUNCTIONS
+ #define ERR_peek_error_line ERR_peek_error_line_ptr
+ #define ERR_peek_last_error ERR_peek_last_error_ptr
+ #define ERR_put_error ERR_put_error_ptr
+-#define ERR_pop_to_mark ERR_pop_to_mark_ptr
+ #define ERR_reason_error_string ERR_reason_error_string_ptr
+ #define ERR_set_debug ERR_set_debug_ptr
+-#define ERR_set_mark ERR_set_mark_ptr
+ #define ERR_set_error ERR_set_error_ptr
+ #define EVP_aes_128_cbc EVP_aes_128_cbc_ptr
+ #define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr
+@@ -855,7 +850,6 @@ FOR_ALL_OPENSSL_FUNCTIONS
+ #define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr
+ #define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr
+ #define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr
+-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr
+ #define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr
+ #define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr
+ #define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr
+diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+index 043bf9f9d1e..c9ccdf33e3a 100644
+--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
++++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+@@ -67,19 +67,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const
+         {
+             return false;
+         }
+-
+-        // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding.
+-        // If the padding is invalid, the decryption operation returns random data.
+-        // See https://github.com/openssl/openssl/pull/13817 for background.
+-        // Some Linux distributions backported this change to previous versions of OpenSSL.
+-        // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid.
+-        ERR_set_mark();
+-
+-        EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0");
+-
+-        // Undo any changes to the error queue that may have occured while configuring implicit rejection if the
+-        // current version does not support implicit rejection.
+-        ERR_pop_to_mark();
+     }
+     else
+     {
+-- 
+2.43.0
+

sources

@@ -1,4 +1,2 @@
-SHA512 (dotnet-v8.0.0-rc.1.23419.4-x64-bootstrap.tar.xz) = 247d43ae0100753a6ed18f8302e818f450ea648120bee857ea5e9d8e0130a6cb9a48b76a6c39956cf5b18f9c1dc8645d2d4eed9ea3b791456cb65ec67314f807
+SHA512 (dotnet-8.0.10.tar.gz) = 5bb660d4bf750392d4022ceb02a7f76a04a8f789c9fbbde329019bc3e097fd7296984b52d29dfc027d31b7b4defdf3807f10e37a9696f8f0026c77cea6ad0d18
-SHA512 (dotnet-prebuilts-8.0.100-rc.1.23410.12-arm64.tar.gz) = c57c8a249de603c8c6f62e7b3cb18d5a1ff32bdaaa6ac9fdd37a9a577cc89fdd0de82d7f099f754e566d473a32d19093003caeea9bff02865e51f46938271bb4
+SHA512 (dotnet-8.0.10.tar.gz.sig) = 3c4ea982659f00d84528ac26493712d9f786d588797649bb4f551d8e5f7a0aca51a6e27dbe71b1979eeb3307acbac7306da83c14782bb944dd4510ea7761f8d8
-SHA512 (dotnet-prebuilts-8.0.100-rc.1.23410.12-ppc64le.tar.gz) = 1252b993d0aed94cda53389f16b209656f161a43d77e1099d59e563afa1d74c1dab474e0c636d91e7a94f8c72df4e2430393f220363b5ef39811e9cd0d33d122
-SHA512 (dotnet-prebuilts-8.0.100-rc.1.23410.12-s390x.tar.gz) = 662c4689fa1b5752cae9c7a9f75e71f60e63ae013e130457c3f7d0a73fec0d58489ef32279d0a7e046ebba12cfb16ae6fa5e8f5bbbe3bc59b860207e132b3640

tests/ci.fmf

@@ -39,3 +39,7 @@ execute:
         - dotnet turkey/Turkey.dll --version
         - git clone "https://github.com/redhat-developer/dotnet-regular-tests.git"
         - dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200
+        - dnf remove -yq 'dotnet*'
+        - set -x; if command -v dotnet ; then exit 1; fi
+        - set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi
+        - set -x; if man dotnet; then exit 1; fi

update-release

@@ -8,7 +8,7 @@ IFS=$'\n\t'
 
 print_usage() {
     echo " Usage:"
-    echo "     ./update-release sdk-version runtime-version [--bug bug-id] [--tarball tarball-name] [--larger-rpm-release]"
+    echo "     ./update-release sdk-version runtime-version [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]"
 }
 
 user_provided_tarball_name=""
@@ -28,6 +28,11 @@ while [[ "$#" -gt 0 ]]; do
             print_usage
             exit 0
             ;;
+        --release-json)
+            release_json="$2"
+            shift;
+            shift;
+            ;;
         --tarball)
             user_provided_tarball_name="$2"
             shift;
@@ -61,46 +66,68 @@ fi
 
 host_version="$runtime_version"
 
-if [[ "$runtime_version" == "3.1"* ]]; then
+if [[ "$runtime_version" == "6.0"* ]] || [[ "$runtime_version" == "7.0"* ]] ; then
-    tag=v${sdk_version}-SDK
-elif [[ "$runtime_version" == "6.0"* ]] || [[ "$runtime_version" == "7.0"* ]]; then
     tag=v${sdk_version}
 else
     tag=v${runtime_version}
 fi
 
-if [[ -f "dotnet-${tag}-original.tar.gz" ]]; then
-    echo "dotnet-${tag}-original.tar.gz alredy exists, not rebuilding tarball"
-else
-    if [[ -n "${user_provided_tarball_name}" ]]; then
-        mv "$user_provided_tarball_name" "dotnet-${tag}-original.tar.gz"
-    elif [[ -f "dotnet-${sdk_version}-SDK.tar.gz" ]]; then
-        mv "dotnet-${sdk_version}-SDK.tar.gz" "dotnet-${tag}-original.tar.gz"
-    elif [[ -f "dotnet-${sdk_version}.tar.gz" ]]; then
-        mv "dotnet-${sdk_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
-    elif [[ -f "dotnet-${runtime_version}.tar.gz" ]]; then
-        mv "dotnet-${runtime_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
-    fi
-fi
-
-if [[ ! -f "dotnet-${tag}.tar.gz" ]]; then
-    ./build-dotnet-tarball "${tag}"
-fi
-
 set -x
 
 sed -i -E "s|^%global host_version [[:digit:]]\.[[:digit:]]\.[[:digit:]]+|%global host_version ${host_version}|" "$spec_file"
 sed -i -E "s|^%global runtime_version [[:digit:]]\.[[:digit:]]\.[[:digit:]]+|%global runtime_version ${runtime_version}|" "$spec_file"
 sed -i -E "s|^%global sdk_version [[:digit:]]\.[[:digit:]]\.[[:digit:]][[:digit:]][[:digit:]]|%global sdk_version ${sdk_version}|" "$spec_file"
 
+
+if [[ "$runtime_version" == "6.0"* ]] || [[ "$runtime_version" == "7.0"* ]] ; then
+    if [[ -f "dotnet-${tag}.tar.gz" ]]; then
+        echo "dotnet-${tag}.tar.gz already exists, not rebuilding tarball"
+    else
+        if [[ -f "dotnet-${tag}-original.tar.gz" ]]; then
+            echo "dotnet-${tag}-original.tar.gz alredy exists, not rebuilding tarball"
+        else
+            if [[ -n "${user_provided_tarball_name}" ]]; then
+                cp -a "$user_provided_tarball_name" "dotnet-${tag}-original.tar.gz"
+            elif [[ -f "dotnet-${sdk_version}-SDK.tar.gz" ]]; then
+                cp -a "dotnet-${sdk_version}-SDK.tar.gz" "dotnet-${tag}-original.tar.gz"
+            elif [[ -f "dotnet-${sdk_version}.tar.gz" ]]; then
+                cp -a "dotnet-${sdk_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
+            elif [[ -f "dotnet-${runtime_version}.tar.gz" ]]; then
+                cp -a "dotnet-${runtime_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
+            fi
+        fi
+
+        ./build-dotnet-tarball "${tag}"
+    fi
+else
+    if [[ -f "dotnet-${tag}.tar.gz" ]]; then
+        echo "dotnet-${tag}.tar.gz already exists, not rebuilding tarball"
+    elif [[ -n ${user_provided_tarball_name} ]]; then
+        tag_without_v=${tag#v}
+        cp -a "${user_provided_tarball_name}" dotnet-${tag_without_v}.tar.gz
+        cp -a "${user_provided_tarball_name}.sig" dotnet-${tag_without_v}.tar.gz.sig
+        cp -a "${release_json}" release.json
+    else
+        rm -f release.json
+        spectool -g "$spec_file"
+    fi
+fi
+
 comment="Update to .NET SDK ${sdk_version} and Runtime ${runtime_version}"
 commit_message="$comment
 "
 for bug_id in "${bug_ids[@]}"; do
-    comment="$comment
+    if [[ "$bug_id" =~ ^[[:digit:]]+$ ]]; then
+        comment="$comment
 - Resolves: RHBZ#$bug_id"
-    commit_message="$commit_message
+        commit_message="$commit_message
 Resolves: RHBZ#$bug_id"
+    else
+        comment="$comment
+- Resolves: $bug_id"
+        commit_message="$commit_message
+Resolves: $bug_id"
+    fi
 done
 
 echo "$commit_message" > git-commit-message
@@ -113,6 +140,4 @@ sed -i -E 's|^Release:        [[:digit:]]+%|Release:        '"$rpm_release"'%|'
 # See https://stackoverflow.com/questions/18620153/find-matching-text-and-replace-next-line
 sed -i -E '/^%changelog$/!b;n;s/-[[:digit:]]+$/-'"$rpm_release"'/' "$spec_file"
 
-release_json_url=$(spectool -l --sources ./dotnet8.0.spec | grep release.json | cut -d' ' -f2)
+echo "Done updating sources. Commit message in ./git-commit-message"
-rm "$(basename "$release_json_url")"
-wget "$release_json_url"