Compare commits

...

14 Commits
c9 ... c9s

Author SHA1 Message Date
Omair Majid
b563a624a0 Disable packages provided by another .NET version
Disable dotnet-host and netstandard-targeting-pack-2.1 subpackages which
duplicate the packages provided by the dotnet9.0 SRPM. Providing these
duplicates packages causes issues in composing and dependency-testing.

Related: RHEL-60801
2024-10-18 21:42:50 -04:00
Omair Majid
9f8b171ce5 Update to .NET SDK 8.0.110 and Runtime 8.0.10
Resolves: RHEL-60801
2024-10-16 00:53:08 -04:00
Omair Majid
1e0234e937 Update to .NET SDK 8.0.108 and Runtime 8.0.8
Resolves: RHEL-52387
2024-08-16 10:18:13 -04:00
Omair Majid
34f1500f81 Fix ownership of some missed directories
Resolves: RHEL-47079
2024-07-10 18:23:52 -04:00
Omair Majid
950e7bee1a Update to .NET SDK 8.0.107 and Runtime 8.0.7
Resolves: RHEL-45323
2024-07-09 19:02:39 -04:00
Omair Majid
a00d1130f7 Update to .NET SDK 8.0.105 and Runtime 8.0.5
Resolves: RHEL-35315
2024-05-16 13:31:26 -04:00
Omair Majid
d4aec77a53 Update to .NET SDK 8.0.104 and Runtime 8.0.4
Resolves: RHEL-31208
2024-04-11 12:38:34 -04:00
Tom Deseyn
33fbcb0f34 Allow certificate validation with SHA-1 signatures.
Resolves: RHEL-28344
2024-03-31 18:21:05 -04:00
Omair Majid
2c5539f849 Update to .NET SDK 8.0.103 and Runtime 8.0.3
Resolves: RHEL-27553
2024-03-20 14:08:27 -04:00
Tom Deseyn
16aeabc199 Backport MSBuild locale fix
Resolves: RHEL-23936
2024-02-20 12:23:20 -05:00
Omair Majid
65654781ed Update to .NET SDK 8.0.102 and Runtime 8.0.2
Resolves: RHEL-23804
2024-02-15 17:03:59 -05:00
Omair Majid
cf0d0b5ff1 Add -dbg subpackages for symbol files
Resolves: RHEL-23070
2024-01-29 12:32:17 -05:00
Omair Majid
48aaf87c4e Update to .NET SDK 8.0.101 and Runtime 8.0.1
Resolves: RHEL-19803
2024-01-15 13:57:48 -05:00
Omair Majid
d272f4a0a5 Update to .NET SDK 8.0.100 and Runtime 8.0.0
Resolves: RHEL-15352
2023-12-06 17:57:23 -05:00
13 changed files with 558 additions and 785 deletions

15
.gitignore vendored
View File

@ -35,3 +35,18 @@
/dotnet-prebuilts-8.0.100-rc.1.23410.12-s390x.tar.gz
/dotnet-v8.0.0-rc.1.23419.4.tar.gz
/dotnet-v8.0.0-rc.2.23479.6.tar.gz
/dotnet-v8.0.0.tar.gz
/dotnet-v8.0.1.tar.gz
/dotnet-v8.0.2.tar.gz
/dotnet-8.0.3.tar.gz
/dotnet-8.0.3.tar.gz.sig
/dotnet-8.0.4.tar.gz
/dotnet-8.0.4.tar.gz.sig
/dotnet-8.0.5.tar.gz
/dotnet-8.0.5.tar.gz.sig
/dotnet-8.0.7.tar.gz
/dotnet-8.0.7.tar.gz.sig
/dotnet-8.0.8.tar.gz
/dotnet-8.0.8.tar.gz.sig
/dotnet-8.0.10.tar.gz
/dotnet-8.0.10.tar.gz.sig

View File

@ -1,38 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Matt Thalman <mthalman@microsoft.com>
Date: Tue, 24 Oct 2023 16:20:26 -0500
Subject: [PATCH] Use correct runtime package version
---
prereqs/git-info/AllRepoVersions.props | 2 +-
prereqs/git-info/runtime.props | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/prereqs/git-info/AllRepoVersions.props b/prereqs/git-info/AllRepoVersions.props
index 79a789e1cd..a3f3ccf094 100644
--- a/prereqs/git-info/AllRepoVersions.props
+++ b/prereqs/git-info/AllRepoVersions.props
@@ -32,7 +32,7 @@
<roslynGitCommitHash>bdd9c5ba66b00beebdc3516acc5e29b83efd89af</roslynGitCommitHash>
<roslynOutputPackageVersion>4.8.0-3.23471.11</roslynOutputPackageVersion>
<runtimeGitCommitHash>0b25e38ad32a69cd83ae246104b32449203cc71c</runtimeGitCommitHash>
- <runtimeOutputPackageVersion>8.0.0-rc.2.23475.17</runtimeOutputPackageVersion>
+ <runtimeOutputPackageVersion>8.0.0-rc.2.23479.6</runtimeOutputPackageVersion>
<sdkGitCommitHash>67e671f384bee6937630b52b02cc78e69b27e280</sdkGitCommitHash>
<sdkOutputPackageVersion>8.0.100-rc.2.23480.5</sdkOutputPackageVersion>
<sourcebuildexternalsGitCommitHash>6dbf3aaa0fc9664df86462f5c70b99800934fccd</sourcebuildexternalsGitCommitHash>
diff --git a/prereqs/git-info/runtime.props b/prereqs/git-info/runtime.props
index 546469c3a0..20c2bf8840 100644
--- a/prereqs/git-info/runtime.props
+++ b/prereqs/git-info/runtime.props
@@ -2,8 +2,8 @@
<Project>
<PropertyGroup>
<GitCommitHash>0b25e38ad32a69cd83ae246104b32449203cc71c</GitCommitHash>
- <OfficialBuildId>20230925.17</OfficialBuildId>
- <OutputPackageVersion>8.0.0-rc.2.23475.17</OutputPackageVersion>
+ <OfficialBuildId>20230929.6</OfficialBuildId>
+ <OutputPackageVersion>8.0.0-rc.2.23479.6</OutputPackageVersion>
<PreReleaseVersionLabel>rc.2</PreReleaseVersionLabel>
<IsStable>false</IsStable>
</PropertyGroup>

View File

@ -8,22 +8,25 @@
%global dotnetver 8.0
%global host_version 8.0.0-rc.2.23479.6
%global runtime_version 8.0.0-rc.2.23479.6
%global aspnetcore_runtime_version 8.0.0-rc.2.23480.2
%global sdk_version 8.0.100-rc.2.23502.1
# Only the package for the latest dotnet version should provide RPMs like
# dotnet-host and netstandard-targeting-pack-2.1
%global is_latest_dotnet 0
%global host_version 8.0.10
%global runtime_version 8.0.10
%global aspnetcore_runtime_version %{runtime_version}
%global sdk_version 8.0.110
%global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|')
%global templates_version 8.0.0-rc.2.23480.2
%global templates_version %{runtime_version}
#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
# upstream can produce releases with a different tag than the SDK version
%global upstream_tag v8.0.0-rc.2.23479.6
%global upstream_tag v%{runtime_version}
%global upstream_tag_without_v %(echo %{upstream_tag} | sed -e 's|^v||')
%global host_rpm_version 8.0.0~rc.2
%global runtime_rpm_version 8.0.0~rc.2
%global aspnetcore_runtime_rpm_version 8.0.0~rc.2
%global sdk_rpm_version 8.0.100~rc.2
%global host_rpm_version %{host_version}
%global runtime_rpm_version %{runtime_version}
%global aspnetcore_runtime_rpm_version %{aspnetcore_runtime_version}
%global sdk_rpm_version %{sdk_version}
%if 0%{?fedora} || 0%{?rhel} < 8
%global use_bundled_libunwind 0
@ -48,13 +51,13 @@
%global runtime_arch x64
%endif
%global mono_archs s390x ppc64le
%global mono_archs ppc64le s390x
%{!?runtime_id:%global runtime_id %(. /etc/os-release ; echo "${ID}.${VERSION_ID%%.*}")-%{runtime_arch}}
Name: dotnet%{dotnetver}
Version: %{sdk_rpm_version}
Release: 0.1%{?dist}
Release: 3%{?dist}
Summary: .NET Runtime and SDK
License: 0BSD AND Apache-2.0 AND (Apache-2.0 WITH LLVM-exception) AND APSL-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-4-Clause AND BSL-1.0 AND bzip2-1.0.6 AND CC0-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-PDDC AND CNRI-Python AND EPL-1.0 AND GPL-2.0-only AND (GPL-2.0-only WITH GCC-exception-2.0) AND GPL-2.0-or-later AND GPL-3.0-only AND ICU AND ISC AND LGPL-2.1-only AND LGPL-2.1-or-later AND LicenseRef-Fedora-Public-Domain AND LicenseRef-ISO-8879 AND MIT AND MIT-Wu AND MS-PL AND MS-RL AND NCSA AND OFL-1.1 AND OpenSSL AND Unicode-DFS-2015 AND Unicode-DFS-2016 AND W3C-19980720 AND X11 AND Zlib
@ -73,16 +76,12 @@ Source2: dotnet-prebuilts-%{bootstrap_sdk_version}-ppc64le.tar.gz
# Generated manually, same pattern as the arm64 tarball
Source3: dotnet-prebuilts-%{bootstrap_sdk_version}-s390x.tar.gz
%else
# For non-releases, the source is generated on a Fedora box via:
# ./build-dotnet-tarball %%{upstream_tag} or commit
%global tarball_name dotnet-sdk-source-%{upstream_tag}
Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag}.tar.gz
Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz
Source1: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz.sig
Source2: https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc
%endif
Source5: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json
#Source10: %%{tarball_name}-nm-dev.tgz
#Source11: %%{tarball_name}-nm-prod.tgz
Source20: check-debug-symbols.py
Source21: dotnet.sh.in
@ -90,19 +89,18 @@ Source21: dotnet.sh.in
Patch1: roslyn-analyzers-ppc64le-apphost.patch
# https://github.com/dotnet/source-build/discussions/3481
Patch2: vstest-intent-net8.0.patch
# https://github.com/dotnet/runtime/pull/92274
Patch3: runtime-92274-webcil-s390x.patch
# https://github.com/dotnet/runtime/pull/92920
Patch4: runtime-92920-multiple-ssl-dirs.patch
# https://github.com/dotnet/source-build/issues/3673
Patch5: dotnet-3673-rc2-version-mismatch.patch
# https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
Patch3: runtime-re-enable-implicit-rejection.patch
# https://github.com/dotnet/msbuild/pull/9449
Patch4: msbuild-9449-exec-stop-setting-a-locale.patch
# We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
# A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message
# digests used for the signature are not treated as fatal errors.
# https://issues.redhat.com/browse/RHEL-25254
Patch5: runtime-openssl-sha1.patch
%if 0%{?fedora} || 0%{?rhel} >= 8
ExclusiveArch: aarch64 ppc64le s390x x86_64
%else
ExclusiveArch: x86_64
%endif
BuildRequires: clang
@ -117,6 +115,7 @@ BuildRequires: git
%if 0%{?fedora} || 0%{?rhel} > 7
BuildRequires: glibc-langpack-en
%endif
BuildRequires: gnupg2
BuildRequires: hostname
BuildRequires: krb5-devel
BuildRequires: libicu-devel
@ -270,6 +269,18 @@ It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-runtime-dbg-%{dotnetver}
Version: %{runtime_rpm_version}
Summary: Managed debug symbols NET %{dotnetver} runtime
Requires: dotnet-runtime-%{dotnetver}%{?_isa} = %{runtime_rpm_version}-%{release}
%description -n dotnet-runtime-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the
managed parts of the .NET runtime itself.
%package -n aspnetcore-runtime-%{dotnetver}
Version: %{aspnetcore_runtime_rpm_version}
@ -289,6 +300,18 @@ It particularly focuses on creating console applications, web
applications and micro-services.
%package -n aspnetcore-runtime-dbg-%{dotnetver}
Version: %{aspnetcore_runtime_rpm_version}
Summary: Managed debug symbols for the ASP.NET Core %{dotnetver} runtime
Requires: aspnetcore-runtime-%{dotnetver}%{?_isa} = %{aspnetcore_runtime_rpm_version}-%{release}
%description -n aspnetcore-runtime-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the
managed parts of the ASP.NET Core runtime itself.
%package -n dotnet-templates-%{dotnetver}
Version: %{sdk_rpm_version}
@ -336,6 +359,18 @@ It particularly focuses on creating console applications, web
applications and micro-services.
%package -n dotnet-sdk-dbg-%{dotnetver}
Version: %{sdk_rpm_version}
Summary: Managed debug symbols for the .NET %{dotnetver} Software Development Kit
Requires: dotnet-sdk-%{dotnetver}%{?_isa} = %{sdk_rpm_version}-%{release}
%description -n dotnet-sdk-dbg-%{dotnetver}
This package contains the managed symbol (pdb) files useful to debug the .NET
Software Development Kit (SDK) itself.
%global dotnet_targeting_pack() %{expand:
%package -n %{1}
@ -357,7 +392,9 @@ applications using the .NET SDK.
%dotnet_targeting_pack dotnet-apphost-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Host.%{runtime_id}
%dotnet_targeting_pack dotnet-targeting-pack-%{dotnetver} %{runtime_rpm_version} Microsoft.NETCore.App %{dotnetver} Microsoft.NETCore.App.Ref
%dotnet_targeting_pack aspnetcore-targeting-pack-%{dotnetver} %{aspnetcore_runtime_rpm_version} Microsoft.AspNetCore.App %{dotnetver} Microsoft.AspNetCore.App.Ref
%if %{is_latest_dotnet}
%dotnet_targeting_pack netstandard-targeting-pack-2.1 %{sdk_rpm_version} NETStandard.Library 2.1 NETStandard.Library.Ref
%endif
%package -n dotnet-sdk-%{dotnetver}-source-built-artifacts
@ -373,6 +410,8 @@ These are not meant for general use.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
release_json_tag=$(grep tag %{SOURCE5} | cut -d: -f2 | sed -E 's/[," ]*//g')
if [[ ${release_json_tag} != %{upstream_tag} ]]; then
echo "error: tag in release.json doesn't match tag in spec file"
@ -542,8 +581,9 @@ if [[ $(find %{buildroot}%{_libdir}/dotnet -name '*.pem' -print | wc -l) != 1 ]]
fi
# Install managed symbols
tar xf artifacts/%{runtime_arch}/Release/dotnet-runtime-symbols-%{runtime_id}-%{runtime_version}.tar.gz \
-C %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}/
tar xf artifacts/%{runtime_arch}/Release/dotnet-symbols-sdk-%{sdk_version}*-%{runtime_id}.tar.gz \
-C %{buildroot}%{_libdir}/dotnet/
find %{buildroot}%{_libdir}/dotnet/packs -iname '*.pdb' -delete
# Fix executable permissions on files
find %{buildroot}%{_libdir}/dotnet/ -type f -name 'apphost' -exec chmod +x {} \;
@ -560,6 +600,7 @@ find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.targets' -exec chmod -x {}
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.txt' -exec chmod -x {} \;
find %{buildroot}%{_libdir}/dotnet/ -type f -name '*.xml' -exec chmod -x {} \;
%if %{is_latest_dotnet}
install -dm 0755 %{buildroot}%{_sysconfdir}/profile.d/
install dotnet.sh %{buildroot}%{_sysconfdir}/profile.d/
@ -584,6 +625,7 @@ echo "%{_libdir}/dotnet" >> install_location
install install_location %{buildroot}%{_sysconfdir}/dotnet/
echo "%{_libdir}/dotnet" >> install_location_%{runtime_arch}
install install_location_%{runtime_arch} %{buildroot}%{_sysconfdir}/dotnet/
%endif
install -dm 0755 %{buildroot}%{_libdir}/dotnet/source-built-artifacts
install -m 0644 artifacts/%{runtime_arch}/Release/Private.SourceBuilt.Artifacts.*.tar.gz %{buildroot}/%{_libdir}/dotnet/source-built-artifacts/
@ -599,6 +641,27 @@ echo "Testing build results for debug symbols..."
%{SOURCE20} -v %{buildroot}%{_libdir}/dotnet/
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.NETCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-runtime-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > aspnetcore-runtime-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type d | tail -n +2 | sed -E 's|%{buildroot}||' | sed -E 's|^|%dir |' > dotnet-sdk-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type f -and -not -name '*.pdb' | sed -E 's|%{buildroot}||' >> dotnet-sdk-non-dbg-files
find %{buildroot}%{_libdir}/dotnet/sdk -type f -name '*.pdb' | sed -E 's|%{buildroot}||' > dotnet-sdk-dbg-files
%if %{is_latest_dotnet} == 0
# If this is an older version, self-test now, before we delete files. After we
# delete files, we will not have everything we need to self-test in %%check.
%{buildroot}%{_libdir}/dotnet/dotnet --info
%{buildroot}%{_libdir}/dotnet/dotnet --version
# Provided by dotnet-host from another SRPM
rm %{buildroot}%{_libdir}/dotnet/LICENSE.txt
rm %{buildroot}%{_libdir}/dotnet/ThirdPartyNotices.txt
rm %{buildroot}%{_libdir}/dotnet/dotnet
# Provided by netstandard-targeting-pack-2.1 from another SRPM
rm -rf %{buildroot}%{_libdir}/dotnet/packs/NETStandard.Library.Ref/2.1.0
%endif
%check
%if 0%{?fedora} > 35
@ -606,8 +669,10 @@ echo "Testing build results for debug symbols..."
export COMPlus_LTTng=0
%endif
%if %{is_latest_dotnet}
%{buildroot}%{_libdir}/dotnet/dotnet --info
%{buildroot}%{_libdir}/dotnet/dotnet --version
%endif
%if ( 0%{?fedora} && 0%{?fedora} < 38 ) || ( 0%{?rhel} && 0%{?rhel} < 9 )
@ -615,6 +680,7 @@ export COMPlus_LTTng=0
# empty package useful for dependencies
%endif
%if %{is_latest_dotnet}
%files -n dotnet-host
%dir %{_libdir}/dotnet
%{_libdir}/dotnet/dotnet
@ -630,41 +696,107 @@ export COMPlus_LTTng=0
%dir %{_datadir}/bash-completion
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/dotnet
%endif
%files -n dotnet-hostfxr-%{dotnetver}
%dir %{_libdir}/dotnet/host/fxr
%{_libdir}/dotnet/host/fxr/%{host_version}
%files -n dotnet-runtime-%{dotnetver}
%files -n dotnet-runtime-%{dotnetver} -f dotnet-runtime-non-dbg-files
%dir %{_libdir}/dotnet/shared
%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App
%{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}
%dir %{_libdir}/dotnet/shared/Microsoft.NETCore.App/%{runtime_version}
%files -n aspnetcore-runtime-%{dotnetver}
%files -n dotnet-runtime-dbg-%{dotnetver} -f dotnet-runtime-dbg-files
%files -n aspnetcore-runtime-%{dotnetver} -f aspnetcore-runtime-non-dbg-files
%dir %{_libdir}/dotnet/shared
%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App
%{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}
%dir %{_libdir}/dotnet/shared/Microsoft.AspNetCore.App/%{aspnetcore_runtime_version}
%files -n aspnetcore-runtime-dbg-%{dotnetver} -f aspnetcore-runtime-dbg-files
%files -n dotnet-templates-%{dotnetver}
%dir %{_libdir}/dotnet/templates
%{_libdir}/dotnet/templates/%{templates_version}
%files -n dotnet-sdk-%{dotnetver}
%files -n dotnet-sdk-%{dotnetver} -f dotnet-sdk-non-dbg-files
%dir %{_libdir}/dotnet/sdk
%{_libdir}/dotnet/sdk/%{sdk_version}
%dir %{_libdir}/dotnet/sdk-manifests
%{_libdir}/dotnet/sdk-manifests/%{sdk_feature_band_version}*
%{_libdir}/dotnet/metadata
%dir %{_libdir}/dotnet/packs
%dir %{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}
%{_libdir}/dotnet/packs/Microsoft.AspNetCore.App.Runtime.%{runtime_id}/%{aspnetcore_runtime_version}
%dir %{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}
%{_libdir}/dotnet/packs/Microsoft.NETCore.App.Runtime.%{runtime_id}/%{runtime_version}
%files -n dotnet-sdk-dbg-%{dotnetver} -f dotnet-sdk-dbg-files
%files -n dotnet-sdk-%{dotnetver}-source-built-artifacts
%dir %{_libdir}/dotnet
%{_libdir}/dotnet/source-built-artifacts
%changelog
* Fri Oct 18 2024 Omair Majid <omajid@redhat.com> - 8.0.110-3
- Disable packages provided by another .NET version
- Related: RHEL-60801
* Tue Oct 15 2024 Omair Majid <omajid@redhat.com> - 8.0.110-2
- Update to .NET SDK 8.0.110 and Runtime 8.0.10
- Resolves: RHEL-60801
* Wed Aug 14 2024 Omair Majid <omajid@redhat.com> - 8.0.108-2
- Update to .NET SDK 8.0.108 and Runtime 8.0.8
- Resolves: RHEL-52387
* Wed Jul 10 2024 Omair Majid <omajid@redhat.com> - 8.0.107-3
- Fix ownership of some missed directories
- Resolves: RHEL-47079
* Tue Jul 09 2024 Omair Majid <omajid@redhat.com> - 8.0.107-2
- Update to .NET SDK 8.0.107 and Runtime 8.0.7
- Resolves: RHEL-45323
* Wed May 15 2024 Omair Majid <omajid@redhat.com> - 8.0.105-2
- Update to .NET SDK 8.0.105 and Runtime 8.0.5
- Resolves: RHEL-35315
* Tue Apr 09 2024 Omair Majid <omajid@redhat.com> - 8.0.104-2
- Update to .NET SDK 8.0.104 and Runtime 8.0.4
- Resolves: RHEL-31208
* Sun Mar 31 2024 Tom Deseyn <tom.deseyn@gmail.com> - 8.0.103-3
- We disable checking the signature of the last certificate in a chain if the certificate is supposedly self-signed.
A side effect of not checking the self-signature of such a certificate is that disabled or unsupported message
digests used for the signature are not treated as fatal errors.
- Resolves: RHEL-28344
* Tue Mar 19 2024 Omair Majid <omajid@redhat.com> - 8.0.103-2
- Update to .NET SDK 8.0.103 and Runtime 8.0.3
- Resolves: RHEL-27553
* Tue Feb 20 2024 Tom Deseyn <tom.deseyn@gmail.com> - 8.0.102-3
- Backport MSBuild locale fix
- Resolves: RHEL-23936
* Wed Feb 14 2024 Omair Majid <omajid@redhat.com> - 8.0.102-2
- Update to .NET SDK 8.0.102 and Runtime 8.0.2
- Resolves: RHEL-23804
* Mon Jan 29 2024 Omair Majid <omajid@redhat.com> - 8.0.101-3
- Add -dbg subpackages for symbol files
- Resolves: RHEL-23070
* Mon Jan 15 2024 Omair Majid <omajid@redhat.com> - 8.0.101-2
- Update to .NET SDK 8.0.101 and Runtime 8.0.1
- Resolves: RHEL-19803
* Wed Nov 15 2023 Omair Majid <omajid@redhat.com> - 8.0.100-3
- Update to .NET SDK 8.0.100 and Runtime 8.0.0
- Resolves: RHEL-15352
* Mon Oct 16 2023 Omair Majid <omajid@redhat.com> - 8.0.100~rc.2-0.1
- Update to .NET 8 RC 2
- Resolves: RHEL-13790

View File

@ -0,0 +1,104 @@
From 68fa6537305beda5cb059c898349f37bda285ca7 Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Thu, 1 Feb 2024 09:23:16 +0100
Subject: [PATCH 1/1] Exec: stop setting a locale on Unix.
This backports a fix that is part of Microsoft's upcoming
8.0.2xx SDK to the 8.0.1xx SDK that we package.
This fix stops MSBuild Exec from printing warnings and/or
failing in bash envionments where the glibc en_US locale
is not available (which is common in container images).
The backport includes the changewave opt-out that allows
users to revert back to the previous behavior by setting
the MSBUILDDISABLEFEATURESFROMVERSION envvar to the
version where the feature is introduced ("17.10").
---
src/msbuild/src/Framework/ChangeWaves.cs | 3 +-
src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs | 36 +++++++++++++++++++
src/msbuild/src/Tasks/Exec.cs | 7 +++-
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/src/msbuild/src/Framework/ChangeWaves.cs b/src/msbuild/src/Framework/ChangeWaves.cs
index 0050723798..1f925324ac 100644
--- a/src/msbuild/src/Framework/ChangeWaves.cs
+++ b/src/msbuild/src/Framework/ChangeWaves.cs
@@ -27,7 +27,8 @@ namespace Microsoft.Build.Framework
internal static readonly Version Wave17_4 = new Version(17, 4);
internal static readonly Version Wave17_6 = new Version(17, 6);
internal static readonly Version Wave17_8 = new Version(17, 8);
- internal static readonly Version[] AllWaves = { Wave17_4, Wave17_6, Wave17_8 };
+ internal static readonly Version Wave17_10 = new Version(17, 10);
+ internal static readonly Version[] AllWaves = { Wave17_4, Wave17_6, Wave17_8, Wave17_10 };
/// <summary>
/// Special value indicating that all features behind all Change Waves should be enabled.
diff --git a/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs b/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs
index cb468a6cce..c0598e4978 100644
--- a/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs
+++ b/src/msbuild/src/Tasks.UnitTests/Exec_Tests.cs
@@ -69,6 +69,42 @@ namespace Microsoft.Build.UnitTests
}
}
+ [UnixOnlyTheory]
+ [InlineData(true)]
+ [InlineData(false)]
+ public void ExecSetsLocaleOnUnix(bool enableChangeWave)
+ {
+ using (var env = TestEnvironment.Create())
+ {
+ env.SetEnvironmentVariable("LANG", null);
+ env.SetEnvironmentVariable("LC_ALL", null);
+
+ if (enableChangeWave)
+ {
+ ChangeWaves.ResetStateForTests();
+ // Important: use the version here
+ env.SetEnvironmentVariable("MSBUILDDISABLEFEATURESFROMVERSION", ChangeWaves.Wave17_10.ToString());
+ BuildEnvironmentHelper.ResetInstance_ForUnitTestsOnly();
+ }
+
+ Exec exec = PrepareExec("echo LANG=$LANG; echo LC_ALL=$LC_ALL;");
+ bool result = exec.Execute();
+ Assert.True(result);
+
+ MockEngine engine = (MockEngine)exec.BuildEngine;
+ if (enableChangeWave)
+ {
+ engine.AssertLogContains("LANG=en_US.UTF-8");
+ engine.AssertLogContains("LC_ALL=en_US.UTF-8");
+ }
+ else
+ {
+ engine.AssertLogDoesntContain("LANG=en_US.UTF-8");
+ engine.AssertLogDoesntContain("LC_ALL=en_US.UTF-8");
+ }
+ }
+ }
+
/// <summary>
/// Ensures that calling the Exec task does not leave any extra TEMP files
/// lying around.
diff --git a/src/msbuild/src/Tasks/Exec.cs b/src/msbuild/src/Tasks/Exec.cs
index dbf4be1fc5..9faaa68887 100644
--- a/src/msbuild/src/Tasks/Exec.cs
+++ b/src/msbuild/src/Tasks/Exec.cs
@@ -591,7 +591,12 @@ namespace Microsoft.Build.Tasks
{
commandLine.AppendSwitch("-c");
commandLine.AppendTextUnquoted(" \"");
- commandLine.AppendTextUnquoted("export LANG=en_US.UTF-8; export LC_ALL=en_US.UTF-8; . ");
+ bool setLocale = !ChangeWaves.AreFeaturesEnabled(ChangeWaves.Wave17_10);
+ if (setLocale)
+ {
+ commandLine.AppendTextUnquoted("export LANG=en_US.UTF-8; export LC_ALL=en_US.UTF-8; ");
+ }
+ commandLine.AppendTextUnquoted(". ");
commandLine.AppendFileNameIfNotNull(batchFileForCommandLine);
commandLine.AppendTextUnquoted("\"");
}
--
2.43.0

29
release-key-2023.asc Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BSN Pgp v1.1.0.0
mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA
vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX
zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp
pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr
EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa
b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+
Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5
4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V
xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX
fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5
9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB
tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo
BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2
feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh
w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4
W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD
+clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ
J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1
KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq
QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh
0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm
wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x
Sr+CkhS8vrktfnRgc8yBssJnvNfqXA==
=pKgS
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,9 +1,10 @@
{
"release": "8.0.0-rc.2",
"release": "8.0.10",
"channel": "8.0",
"tag": "v8.0.0-rc.2.23479.6",
"sdkVersion": "8.0.100-rc.2.23502.2",
"runtimeVersion": "8.0.0-rc.2.23479.6",
"tag": "v8.0.10",
"sdkVersion": "8.0.110",
"runtimeVersion": "8.0.10",
"aspNetCoreVersion": "8.0.10",
"sourceRepository": "https://github.com/dotnet/dotnet",
"sourceVersion": "1e872358329855089d8d14cec1f06d5b075824b5"
"sourceVersion": "8922fe64a1903ed4e35e24568efb056b3e0fad43"
}

View File

@ -1,260 +0,0 @@
From 72f310a6c3dccbabf9edc29677b51ed78c87cc67 Mon Sep 17 00:00:00 2001
From: Sanjam Panda <sanjam.panda@ibm.com>
Date: Tue, 19 Sep 2023 15:16:02 +0200
Subject: [PATCH 1/3] [wasm] Endian fix for Webcil
'dotnet new blazorwasm' command failed on s390x and was throwing a not implemented exception
The issue was with with the WebCil writer and reader, specific endianness conversions relating to the webcil payload were not implemented for big endian machines.
We considered fixing the generic implementation, but there were only two structures in use: WebcilHeader and WebcilSectionHeader, so it was easier to handle them explicitly.
---
.../Microsoft.NET.WebAssembly.Webcil.csproj | 1 +
.../WebcilConverter.cs | 35 +++++++++++++-----
.../WebcilReader.cs | 37 +++++++++++++++----
3 files changed, 57 insertions(+), 16 deletions(-)
diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj
index c35eb57e80686..d09ae4a569a59 100644
--- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj
+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/Microsoft.NET.WebAssembly.Webcil.csproj
@@ -16,6 +16,7 @@
<ItemGroup>
<!-- we need to keep the version of System.Reflection.Metadata in sync with dotnet/msbuild and dotnet/sdk -->
+ <PackageReference Include="System.Memory" Version="$(SystemMemoryVersion)" />
<PackageReference Include="System.Reflection.Metadata" Version="$(SystemReflectionMetadataVersion)" />
<PackageReference Include="System.Collections.Immutable" Version="$(SystemCollectionsImmutableVersion)" />
</ItemGroup>
diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
index a38af7270a2da..7b882c42d579e 100644
--- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
@@ -2,6 +2,7 @@
// The .NET Foundation licenses this file to you under the MIT license.
using System;
+using System.Buffers.Binary;
using System.IO;
using System.Collections.Immutable;
using System.Reflection.PortableExecutable;
@@ -181,9 +182,6 @@ private static void WriteHeader(Stream s, WebcilHeader header)
private static void WriteSectionHeaders(Stream s, ImmutableArray<WebcilSectionHeader> sectionsHeaders)
{
- // FIXME: fixup endianness
- if (!BitConverter.IsLittleEndian)
- throw new NotImplementedException();
foreach (var sectionHeader in sectionsHeaders)
{
WriteSectionHeader(s, sectionHeader);
@@ -192,16 +190,38 @@ private static void WriteSectionHeaders(Stream s, ImmutableArray<WebcilSectionHe
private static void WriteSectionHeader(Stream s, WebcilSectionHeader sectionHeader)
{
+ if (!BitConverter.IsLittleEndian)
+ {
+ sectionHeader = new WebcilSectionHeader
+ (
+ virtualSize: BinaryPrimitives.ReverseEndianness(sectionHeader.VirtualSize),
+ virtualAddress: BinaryPrimitives.ReverseEndianness(sectionHeader.VirtualAddress),
+ sizeOfRawData: BinaryPrimitives.ReverseEndianness(sectionHeader.SizeOfRawData),
+ pointerToRawData: BinaryPrimitives.ReverseEndianness(sectionHeader.PointerToRawData)
+ );
+ }
WriteStructure(s, sectionHeader);
}
+ private static void WriteStructure(Stream s, WebcilHeader webcilHeader)
+ {
+ if (!BitConverter.IsLittleEndian)
+ {
+ webcilHeader.version_major = BinaryPrimitives.ReverseEndianness(webcilHeader.version_major);
+ webcilHeader.version_minor = BinaryPrimitives.ReverseEndianness(webcilHeader.version_minor);
+ webcilHeader.coff_sections = BinaryPrimitives.ReverseEndianness(webcilHeader.coff_sections);
+ webcilHeader.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_rva);
+ webcilHeader.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_size);
+ webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva);
+ webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size);
+ }
+ WriteStructure(s, webcilHeader);
+ }
+
#if NETCOREAPP2_1_OR_GREATER
private static void WriteStructure<T>(Stream s, T structure)
where T : unmanaged
{
- // FIXME: fixup endianness
- if (!BitConverter.IsLittleEndian)
- throw new NotImplementedException();
unsafe
{
byte* p = (byte*)&structure;
@@ -212,9 +232,6 @@ private static void WriteStructure<T>(Stream s, T structure)
private static void WriteStructure<T>(Stream s, T structure)
where T : unmanaged
{
- // FIXME: fixup endianness
- if (!BitConverter.IsLittleEndian)
- throw new NotImplementedException();
int size = Marshal.SizeOf<T>();
byte[] buffer = new byte[size];
IntPtr ptr = IntPtr.Zero;
diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs
index 4f42f82798664..ac4f9d86095a9 100644
--- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs
+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilReader.cs
@@ -6,7 +6,7 @@
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
-
+using System.Buffers.Binary;
using System.Reflection.Metadata;
using System.Reflection.PortableExecutable;
@@ -63,14 +63,20 @@ private unsafe bool ReadHeader()
{
return false;
}
- if (!BitConverter.IsLittleEndian)
- {
- throw new NotImplementedException("TODO: implement big endian support");
- }
fixed (byte* p = buffer)
{
header = *(WebcilHeader*)p;
}
+ if (!BitConverter.IsLittleEndian)
+ {
+ header.version_major = BinaryPrimitives.ReverseEndianness(header.version_major);
+ header.version_minor = BinaryPrimitives.ReverseEndianness(header.version_minor);
+ header.coff_sections = BinaryPrimitives.ReverseEndianness(header.coff_sections);
+ header.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(header.pe_cli_header_rva);
+ header.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(header.pe_cli_header_size);
+ header.pe_debug_rva = BinaryPrimitives.ReverseEndianness(header.pe_debug_rva);
+ header.pe_debug_rva = BinaryPrimitives.ReverseEndianness(header.pe_debug_size);
+ }
if (header.id[0] != 'W' || header.id[1] != 'b'
|| header.id[2] != 'I' || header.id[3] != 'L'
|| header.version_major != Internal.Constants.WC_VERSION_MAJOR
@@ -346,6 +352,7 @@ private long TranslateRVA(uint rva)
private unsafe ImmutableArray<WebcilSectionHeader> ReadSections()
{
+ WebcilSectionHeader secheader;
var sections = ImmutableArray.CreateBuilder<WebcilSectionHeader>(_header.coff_sections);
var buffer = new byte[Marshal.SizeOf<WebcilSectionHeader>()];
_stream.Seek(SectionDirectoryOffset + _webcilInWasmOffset, SeekOrigin.Begin);
@@ -357,8 +364,24 @@ private unsafe ImmutableArray<WebcilSectionHeader> ReadSections()
}
fixed (byte* p = buffer)
{
- // FIXME endianness
- sections.Add(*(WebcilSectionHeader*)p);
+ secheader = (*(WebcilSectionHeader*)p);
+ }
+ if (!BitConverter.IsLittleEndian)
+ {
+ sections.Add
+ (
+ new WebcilSectionHeader
+ (
+ virtualSize: BinaryPrimitives.ReverseEndianness(secheader.VirtualSize),
+ virtualAddress: BinaryPrimitives.ReverseEndianness(secheader.VirtualAddress),
+ sizeOfRawData: BinaryPrimitives.ReverseEndianness(secheader.SizeOfRawData),
+ pointerToRawData: BinaryPrimitives.ReverseEndianness(secheader.PointerToRawData)
+ )
+ );
+ }
+ else
+ {
+ sections.Add(secheader);
}
}
return sections.MoveToImmutable();
From 0c78184347335db183a38cf6bd26e2fe69160931 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aleksey=20Kliger=20=28=CE=BBgeek=29?= <alklig@microsoft.com>
Date: Thu, 21 Sep 2023 14:31:12 -0400
Subject: [PATCH 2/3] Fix infinite recursion
---
.../WebcilConverter.cs | 25 ++++++++-----------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
index 7b882c42d579e..fc95eded5bc33 100644
--- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
@@ -177,6 +177,16 @@ public unsafe void GatherInfo(PEReader peReader, out WCFileInfo wcInfo, out PEFi
private static void WriteHeader(Stream s, WebcilHeader header)
{
+ if (!BitConverter.IsLittleEndian)
+ {
+ webcilHeader.version_major = BinaryPrimitives.ReverseEndianness(webcilHeader.version_major);
+ webcilHeader.version_minor = BinaryPrimitives.ReverseEndianness(webcilHeader.version_minor);
+ webcilHeader.coff_sections = BinaryPrimitives.ReverseEndianness(webcilHeader.coff_sections);
+ webcilHeader.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_rva);
+ webcilHeader.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_size);
+ webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva);
+ webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size);
+ }
WriteStructure(s, header);
}
@@ -203,21 +213,6 @@ private static void WriteSectionHeader(Stream s, WebcilSectionHeader sectionHead
WriteStructure(s, sectionHeader);
}
- private static void WriteStructure(Stream s, WebcilHeader webcilHeader)
- {
- if (!BitConverter.IsLittleEndian)
- {
- webcilHeader.version_major = BinaryPrimitives.ReverseEndianness(webcilHeader.version_major);
- webcilHeader.version_minor = BinaryPrimitives.ReverseEndianness(webcilHeader.version_minor);
- webcilHeader.coff_sections = BinaryPrimitives.ReverseEndianness(webcilHeader.coff_sections);
- webcilHeader.pe_cli_header_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_rva);
- webcilHeader.pe_cli_header_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_cli_header_size);
- webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva);
- webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size);
- }
- WriteStructure(s, webcilHeader);
- }
-
#if NETCOREAPP2_1_OR_GREATER
private static void WriteStructure<T>(Stream s, T structure)
where T : unmanaged
From cecf4f09f0c52340c753811098f0f2d9593049aa Mon Sep 17 00:00:00 2001
From: Aleksey Kliger <alklig@microsoft.com>
Date: Thu, 21 Sep 2023 14:36:20 -0400
Subject: [PATCH 3/3] rename var
---
src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
index fc95eded5bc33..13c34bde4b8ea 100644
--- a/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
+++ b/src/runtime/src/tasks/Microsoft.NET.WebAssembly.Webcil/WebcilConverter.cs
@@ -175,7 +175,7 @@ public unsafe void GatherInfo(PEReader peReader, out WCFileInfo wcInfo, out PEFi
SectionStart: firstWCSection);
}
- private static void WriteHeader(Stream s, WebcilHeader header)
+ private static void WriteHeader(Stream s, WebcilHeader webcilHeader)
{
if (!BitConverter.IsLittleEndian)
{
@@ -187,7 +187,7 @@ private static void WriteHeader(Stream s, WebcilHeader header)
webcilHeader.pe_debug_rva = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_rva);
webcilHeader.pe_debug_size = BinaryPrimitives.ReverseEndianness(webcilHeader.pe_debug_size);
}
- WriteStructure(s, header);
+ WriteStructure(s, webcilHeader);
}
private static void WriteSectionHeaders(Stream s, ImmutableArray<WebcilSectionHeader> sectionsHeaders)

View File

@ -1,416 +0,0 @@
From 9aec1e3b0b9ddc02b81bd115399f8951288b261b Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Wed, 11 Oct 2023 18:32:20 +0200
Subject: [PATCH] Support specifying multiple directories through SSL_CERT_DIR
Co-authored-by: Jeremy Barton <jbarton@microsoft.com>
Co-authored-by: Kevin Jones <vcsjones@github.com>
---
.../OpenSslCachedSystemStoreProvider.cs | 232 +++++++++---------
.../X509Certificates/X509StoreTests.Unix.cs | 42 +++-
2 files changed, 157 insertions(+), 117 deletions(-)
diff --git a/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs b/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs
index 4c9643c01e2..e66b3d1ad11 100644
--- a/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs
+++ b/src/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslCachedSystemStoreProvider.cs
@@ -21,14 +21,14 @@ internal sealed class OpenSslCachedSystemStoreProvider : IStorePal
private static readonly TimeSpan s_lastWriteRecheckInterval = TimeSpan.FromSeconds(5);
private static readonly TimeSpan s_assumeInvalidInterval = TimeSpan.FromMinutes(5);
private static readonly Stopwatch s_recheckStopwatch = new Stopwatch();
- private static DirectoryInfo? s_rootStoreDirectoryInfo = SafeOpenRootDirectoryInfo();
+ private static string[]? s_rootStoreDirectories;
private static bool s_defaultRootDir;
- private static readonly FileInfo? s_rootStoreFileInfo = SafeOpenRootFileInfo();
+ private static string? s_rootStoreFile;
+ private static DateTime[]? s_directoryLastWrite;
+ private static DateTime s_fileLastWrite;
// Use non-Value-Tuple so that it's an atomic update.
private static Tuple<SafeX509StackHandle, SafeX509StackHandle>? s_nativeCollections;
- private static DateTime s_directoryCertsLastWrite;
- private static DateTime s_fileCertsLastWrite;
private readonly bool _isRoot;
@@ -93,18 +93,11 @@ public void Remove(ICertificatePal cert)
{
lock (s_recheckStopwatch)
{
- FileInfo? fileInfo = s_rootStoreFileInfo;
- DirectoryInfo? dirInfo = s_rootStoreDirectoryInfo;
-
- fileInfo?.Refresh();
- dirInfo?.Refresh();
-
if (ret == null ||
elapsed > s_assumeInvalidInterval ||
- (fileInfo != null && fileInfo.Exists && ContentWriteTime(fileInfo) != s_fileCertsLastWrite) ||
- (dirInfo != null && dirInfo.Exists && ContentWriteTime(dirInfo) != s_directoryCertsLastWrite))
+ LastWriteTimesHaveChanged())
{
- ret = LoadMachineStores(dirInfo, fileInfo);
+ ret = LoadMachineStores();
}
}
}
@@ -113,9 +106,37 @@ public void Remove(ICertificatePal cert)
return ret;
}
- private static Tuple<SafeX509StackHandle, SafeX509StackHandle> LoadMachineStores(
- DirectoryInfo? rootStorePath,
- FileInfo? rootStoreFile)
+ private static bool LastWriteTimesHaveChanged()
+ {
+ Debug.Assert(
+ Monitor.IsEntered(s_recheckStopwatch),
+ "LastWriteTimesHaveChanged assumes a lock(s_recheckStopwatch)");
+
+ if (s_rootStoreFile != null)
+ {
+ _ = TryStatFile(s_rootStoreFile, out DateTime lastModified);
+ if (lastModified != s_fileLastWrite)
+ {
+ return true;
+ }
+ }
+
+ if (s_rootStoreDirectories != null && s_directoryLastWrite != null)
+ {
+ for (int i = 0; i < s_rootStoreDirectories.Length; i++)
+ {
+ _ = TryStatDirectory(s_rootStoreDirectories[i], out DateTime lastModified);
+ if (lastModified != s_directoryLastWrite[i])
+ {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
+
+ private static Tuple<SafeX509StackHandle, SafeX509StackHandle> LoadMachineStores()
{
Debug.Assert(
Monitor.IsEntered(s_recheckStopwatch),
@@ -126,61 +147,76 @@ public void Remove(ICertificatePal cert)
SafeX509StackHandle intermedStore = Interop.Crypto.NewX509Stack();
Interop.Crypto.CheckValidOpenSslHandle(intermedStore);
- DateTime newFileTime = default;
- DateTime newDirTime = default;
-
var uniqueRootCerts = new HashSet<X509Certificate2>();
var uniqueIntermediateCerts = new HashSet<X509Certificate2>();
bool firstLoad = (s_nativeCollections == null);
- if (rootStoreFile != null && rootStoreFile.Exists)
+ if (firstLoad)
{
- newFileTime = ContentWriteTime(rootStoreFile);
- ProcessFile(rootStoreFile);
+ s_rootStoreDirectories = GetRootStoreDirectories(out s_defaultRootDir);
+ s_directoryLastWrite = new DateTime[s_rootStoreDirectories.Length];
+ s_rootStoreFile = GetRootStoreFile();
+ }
+ else
+ {
+ Debug.Assert(s_rootStoreDirectories is not null);
+ Debug.Assert(s_directoryLastWrite is not null);
+ }
+
+ if (s_rootStoreFile != null)
+ {
+ ProcessFile(s_rootStoreFile, out s_fileLastWrite);
}
bool hasStoreData = false;
- if (rootStorePath != null && rootStorePath.Exists)
+ for (int i = 0; i < s_rootStoreDirectories.Length; i++)
{
- newDirTime = ContentWriteTime(rootStorePath);
- hasStoreData = ProcessDir(rootStorePath);
+ hasStoreData = ProcessDir(s_rootStoreDirectories[i], out s_directoryLastWrite[i]);
}
if (firstLoad && !hasStoreData && s_defaultRootDir)
{
- DirectoryInfo etcSslCerts = new DirectoryInfo("/etc/ssl/certs");
-
- if (etcSslCerts.Exists)
+ const string DefaultCertDir = "/etc/ssl/certs";
+ hasStoreData = ProcessDir(DefaultCertDir, out DateTime lastModified);
+ if (hasStoreData)
{
- DateTime tmpTime = ContentWriteTime(etcSslCerts);
- hasStoreData = ProcessDir(etcSslCerts);
-
- if (hasStoreData)
- {
- newDirTime = tmpTime;
- s_rootStoreDirectoryInfo = etcSslCerts;
- }
+ s_rootStoreDirectories = new[] { DefaultCertDir };
+ s_directoryLastWrite = new[] { lastModified };
}
}
- bool ProcessDir(DirectoryInfo dir)
+ bool ProcessDir(string dir, out DateTime lastModified)
{
+ if (!TryStatDirectory(dir, out lastModified))
+ {
+ return false;
+ }
+
bool hasStoreData = false;
- foreach (FileInfo file in dir.EnumerateFiles())
+ foreach (string file in Directory.EnumerateFiles(dir))
{
- hasStoreData |= ProcessFile(file);
+ hasStoreData |= ProcessFile(file, out _, skipStat: true);
}
return hasStoreData;
}
- bool ProcessFile(FileInfo file)
+ bool ProcessFile(string file, out DateTime lastModified, bool skipStat = false)
{
bool readData = false;
- using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(file.FullName, "rb"))
+ if (skipStat)
+ {
+ lastModified = default;
+ }
+ else if (!TryStatFile(file, out lastModified))
+ {
+ return false;
+ }
+
+ using (SafeBioHandle fileBio = Interop.Crypto.BioNewFile(file, "rb"))
{
// The handle may be invalid, for example when we don't have read permission for the file.
if (fileBio.IsInvalid)
@@ -274,114 +310,78 @@ bool ProcessFile(FileInfo file)
// on every call.
Volatile.Write(ref s_nativeCollections, newCollections);
- s_directoryCertsLastWrite = newDirTime;
- s_fileCertsLastWrite = newFileTime;
s_recheckStopwatch.Restart();
return newCollections;
}
- private static FileInfo? SafeOpenRootFileInfo()
+ private static string? GetRootStoreFile()
{
string? rootFile = Interop.Crypto.GetX509RootStoreFile();
if (!string.IsNullOrEmpty(rootFile))
{
- try
- {
- return new FileInfo(rootFile);
- }
- catch (ArgumentException)
- {
- // If SSL_CERT_FILE is set to the empty string, or anything else which gives
- // "The path is not of a legal form", then the GetX509RootStoreFile value is ignored.
- }
+ return Path.GetFullPath(rootFile);
}
return null;
}
- private static DirectoryInfo? SafeOpenRootDirectoryInfo()
+ private static string[] GetRootStoreDirectories(out bool isDefault)
{
- string? rootDirectory = Interop.Crypto.GetX509RootStorePath(out s_defaultRootDir);
+ string rootDirectory = Interop.Crypto.GetX509RootStorePath(out isDefault) ?? "";
- if (!string.IsNullOrEmpty(rootDirectory))
- {
- try
- {
- return new DirectoryInfo(rootDirectory);
- }
- catch (ArgumentException)
- {
- // If SSL_CERT_DIR is set to the empty string, or anything else which gives
- // "The path is not of a legal form", then the GetX509RootStoreFile value is ignored.
- }
- }
-
- return null;
- }
-
- private static DateTime ContentWriteTime(FileInfo info)
- {
- string path = info.FullName;
- string? target = Interop.Sys.ReadLink(path);
-
- if (string.IsNullOrEmpty(target))
- {
- return info.LastWriteTimeUtc;
- }
+ string[] directories = rootDirectory.Split(Path.PathSeparator, StringSplitOptions.RemoveEmptyEntries);
- if (target[0] != '/')
+ for (int i = 0; i < directories.Length; i++)
{
- target = Path.Join(info.Directory?.FullName, target);
+ directories[i] = Path.GetFullPath(directories[i]);
}
- try
+ // Remove duplicates.
+ if (directories.Length > 1)
{
- var targetInfo = new FileInfo(target);
-
- if (targetInfo.Exists)
+ var set = new HashSet<string>(directories, StringComparer.Ordinal);
+ if (set.Count != directories.Length)
{
- return targetInfo.LastWriteTimeUtc;
+ // Preserve the original order.
+ string[] directoriesTrimmed = new string[set.Count];
+ int j = 0;
+ for (int i = 0; i < directories.Length; i++)
+ {
+ string directory = directories[i];
+ if (set.Remove(directory))
+ {
+ directoriesTrimmed[j++] = directory;
+ }
+ }
+ Debug.Assert(set.Count == 0);
+ directories = directoriesTrimmed;
}
}
- catch (ArgumentException)
- {
- // If we can't load information about the link path, just treat it as not a link.
- }
- return info.LastWriteTimeUtc;
+ return directories;
}
- private static DateTime ContentWriteTime(DirectoryInfo info)
- {
- string path = info.FullName;
- string? target = Interop.Sys.ReadLink(path);
-
- if (string.IsNullOrEmpty(target))
- {
- return info.LastWriteTimeUtc;
- }
+ private static bool TryStatFile(string path, out DateTime lastModified)
+ => TryStat(path, Interop.Sys.FileTypes.S_IFREG, out lastModified);
- if (target[0] != '/')
- {
- target = Path.Join(info.Parent?.FullName, target);
- }
+ private static bool TryStatDirectory(string path, out DateTime lastModified)
+ => TryStat(path, Interop.Sys.FileTypes.S_IFDIR, out lastModified);
- try
- {
- var targetInfo = new DirectoryInfo(target);
+ private static bool TryStat(string path, int fileType, out DateTime lastModified)
+ {
+ lastModified = default;
- if (targetInfo.Exists)
- {
- return targetInfo.LastWriteTimeUtc;
- }
- }
- catch (ArgumentException)
+ Interop.Sys.FileStatus status;
+ // Use Stat to follow links.
+ if (Interop.Sys.Stat(path, out status) < 0 ||
+ (status.Mode & Interop.Sys.FileTypes.S_IFMT) != fileType)
{
- // If we can't load information about the link path, just treat it as not a link.
+ return false;
}
- return info.LastWriteTimeUtc;
+ lastModified = DateTime.UnixEpoch + TimeSpan.FromTicks(status.MTime * TimeSpan.TicksPerSecond + status.MTimeNsec / TimeSpan.NanosecondsPerTick);
+ return true;
}
}
}
diff --git a/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs b/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs
index 0efb6c12028..f460d6b9bd6 100644
--- a/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs
+++ b/src/runtime/src/libraries/System.Security.Cryptography/tests/X509Certificates/X509StoreTests.Unix.cs
@@ -10,7 +10,6 @@ namespace System.Security.Cryptography.X509Certificates.Tests
{
public partial class X509StoreTests
{
-
[ConditionalFact(nameof(NotRunningAsRootAndRemoteExecutorSupported))] // root can read '2.pem'
[PlatformSpecific(TestPlatforms.Linux)] // Windows/OSX doesn't use SSL_CERT_{DIR,FILE}.
private void X509Store_MachineStoreLoadSkipsInvalidFiles()
@@ -50,6 +49,47 @@ private void X509Store_MachineStoreLoadSkipsInvalidFiles()
}, new RemoteInvokeOptions { StartInfo = psi }).Dispose();
}
+ [ConditionalFact(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
+ [PlatformSpecific(TestPlatforms.Linux)] // Windows/OSX doesn't use SSL_CERT_{DIR,FILE}.
+ private void X509Store_MachineStoreLoadsMutipleSslCertDirectories()
+ {
+ // Create 3 certificates and place them in two directories that will be passed
+ // using SSL_CERT_DIR.
+ string sslCertDir1 = GetTestFilePath();
+ Directory.CreateDirectory(sslCertDir1);
+ File.WriteAllBytes(Path.Combine(sslCertDir1, "1.pem"), TestData.SelfSigned1PemBytes);
+ File.WriteAllBytes(Path.Combine(sslCertDir1, "2.pem"), TestData.SelfSigned2PemBytes);
+ string sslCertDir2 = GetTestFilePath();
+ Directory.CreateDirectory(sslCertDir2);
+ File.WriteAllBytes(Path.Combine(sslCertDir2, "3.pem"), TestData.SelfSigned3PemBytes);
+
+ // Add a non-existing directory after each valid directory to verify they are ignored.
+ string sslCertDir = string.Join(Path.PathSeparator,
+ new[] {
+ sslCertDir1,
+ sslCertDir2,
+ "", // empty string
+ sslCertDir2, // duplicate directory
+ "/invalid2", // path that does not exist
+ });
+
+ var psi = new ProcessStartInfo();
+ psi.Environment.Add("SSL_CERT_DIR", sslCertDir);
+ // Set SSL_CERT_FILE to avoid loading the default bundle file.
+ psi.Environment.Add("SSL_CERT_FILE", "/nonexisting");
+ RemoteExecutor.Invoke(() =>
+ {
+ Assert.NotNull(Environment.GetEnvironmentVariable("SSL_CERT_DIR"));
+ using (var store = new X509Store(StoreName.Root, StoreLocation.LocalMachine))
+ {
+ store.Open(OpenFlags.OpenExistingOnly);
+
+ // Check nr of certificates in store.
+ Assert.Equal(3, store.Certificates.Count);
+ }
+ }, new RemoteInvokeOptions { StartInfo = psi }).Dispose();
+ }
+
public static bool NotRunningAsRootAndRemoteExecutorSupported => !Environment.IsPrivilegedProcess && RemoteExecutor.IsSupported;
}
}
--
2.41.0

View File

@ -0,0 +1,34 @@
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Wed, 28 Feb 2024 14:08:15 +0100
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
with a chain where the last certificate uses a SHA-1 signature.
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
OpenSSL behavior for certificate validation.
---
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
index 04c6ba06cd..2cd3413dae 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
- if (val != 0)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
- }
-
return val;
}
--
2.43.2

View File

@ -0,0 +1,142 @@
From 5fdc289903bd3a77d455583650b00297da0cae8f Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Fri, 2 Feb 2024 15:51:23 -0500
Subject: [PATCH] Revert "Disable implicit rejection for RSA PKCS#1 (#95216)"
This reverts commit a5fc8ff9b03ffb2fdb81dad524ad1a20a0714995.
To quote Clemens Lang:
> [Disabling implcit rejection] re-enables a Bleichenbacher timing oracle
> attack against PKCS#1v1.5 decryption. See
> https://people.redhat.com/~hkario/marvin/ for details and
> https://github.com/dotnet/runtime/pull/95157#issuecomment-1842784399 for a
> comment by the researcher who published the vulnerability and proposed the
> change in OpenSSL.
For more details, see:
https://github.com/dotnet/runtime/pull/95216#issuecomment-1842799314
---
.../RSA/EncryptDecrypt.cs | 49 ++++---------------
.../opensslshim.h | 6 ---
.../pal_evp_pkey_rsa.c | 13 -----
3 files changed, 10 insertions(+), 58 deletions(-)
diff --git a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
index 39f3ebc82ec..5b97f468a42 100644
--- a/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
+++ b/src/runtime/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/EncryptDecrypt.cs
@@ -353,10 +353,19 @@ private void RsaCryptRoundtrip(RSAEncryptionPadding paddingMode, bool expectSucc
Assert.Equal(TestData.HelloBytes, output);
}
- [ConditionalFact(nameof(PlatformSupportsEmptyRSAEncryption))]
+ [ConditionalFact]
[SkipOnTargetFramework(TargetFrameworkMonikers.NetFramework)]
public void RoundtripEmptyArray()
{
+ if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
+ {
+ throw new SkipTestException("iOS prior to 13.6 does not reliably support RSA encryption of empty data.");
+ }
+ if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
+ {
+ throw new SkipTestException("tvOS prior to 14.0 does not reliably support RSA encryption of empty data.");
+ }
+
using (RSA rsa = RSAFactory.Create(TestData.RSA2048Params))
{
void RoundtripEmpty(RSAEncryptionPadding paddingMode)
@@ -757,23 +746,5 @@ public static IEnumerable<object[]> OaepPaddingModes
}
}
}
-
- public static bool PlatformSupportsEmptyRSAEncryption
- {
- get
- {
- if (OperatingSystem.IsIOS() && !OperatingSystem.IsIOSVersionAtLeast(13, 6))
- {
- return false;
- }
-
- if (OperatingSystem.IsTvOS() && !OperatingSystem.IsTvOSVersionAtLeast(14, 0))
- {
- return false;
- }
-
- return true;
- }
- }
}
}
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
index 0748e305d5c..cf10d2f7949 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/opensslshim.h
@@ -296,10 +296,8 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(ERR_peek_error) \
REQUIRED_FUNCTION(ERR_peek_error_line) \
REQUIRED_FUNCTION(ERR_peek_last_error) \
- REQUIRED_FUNCTION(ERR_pop_to_mark) \
FALLBACK_FUNCTION(ERR_put_error) \
REQUIRED_FUNCTION(ERR_reason_error_string) \
- REQUIRED_FUNCTION(ERR_set_mark) \
LIGHTUP_FUNCTION(ERR_set_debug) \
LIGHTUP_FUNCTION(ERR_set_error) \
REQUIRED_FUNCTION(EVP_aes_128_cbc) \
@@ -355,7 +353,6 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(EVP_PKCS82PKEY) \
REQUIRED_FUNCTION(EVP_PKEY2PKCS8) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl) \
- REQUIRED_FUNCTION(EVP_PKEY_CTX_ctrl_str) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_free) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_get0_pkey) \
REQUIRED_FUNCTION(EVP_PKEY_CTX_new) \
@@ -797,10 +794,8 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define ERR_peek_error_line ERR_peek_error_line_ptr
#define ERR_peek_last_error ERR_peek_last_error_ptr
#define ERR_put_error ERR_put_error_ptr
-#define ERR_pop_to_mark ERR_pop_to_mark_ptr
#define ERR_reason_error_string ERR_reason_error_string_ptr
#define ERR_set_debug ERR_set_debug_ptr
-#define ERR_set_mark ERR_set_mark_ptr
#define ERR_set_error ERR_set_error_ptr
#define EVP_aes_128_cbc EVP_aes_128_cbc_ptr
#define EVP_aes_128_cfb8 EVP_aes_128_cfb8_ptr
@@ -855,7 +850,6 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define EVP_PKCS82PKEY EVP_PKCS82PKEY_ptr
#define EVP_PKEY2PKCS8 EVP_PKEY2PKCS8_ptr
#define EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_ctrl_ptr
-#define EVP_PKEY_CTX_ctrl_str EVP_PKEY_CTX_ctrl_str_ptr
#define EVP_PKEY_CTX_free EVP_PKEY_CTX_free_ptr
#define EVP_PKEY_CTX_get0_pkey EVP_PKEY_CTX_get0_pkey_ptr
#define EVP_PKEY_CTX_new EVP_PKEY_CTX_new_ptr
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
index 043bf9f9d1e..c9ccdf33e3a 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
@@ -67,19 +67,6 @@ static bool ConfigureEncryption(EVP_PKEY_CTX* ctx, RsaPaddingMode padding, const
{
return false;
}
-
- // OpenSSL 3.2 introduced a change where PKCS#1 RSA decryption does not fail for invalid padding.
- // If the padding is invalid, the decryption operation returns random data.
- // See https://github.com/openssl/openssl/pull/13817 for background.
- // Some Linux distributions backported this change to previous versions of OpenSSL.
- // Here we do a best-effort to set a flag to revert the behavior to failing if the padding is invalid.
- ERR_set_mark();
-
- EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection", "0");
-
- // Undo any changes to the error queue that may have occured while configuring implicit rejection if the
- // current version does not support implicit rejection.
- ERR_pop_to_mark();
}
else
{
--
2.43.0

View File

@ -1 +1,2 @@
SHA512 (dotnet-v8.0.0-rc.2.23479.6.tar.gz) = 604220e91cfb3b0909b5127ed6b53b0a661f6258dd87068e5eb2f589729fb7b634ce934967e821075f027e0d2e12d15595a2fff57099efba036f760c6eb79493
SHA512 (dotnet-8.0.10.tar.gz) = 5bb660d4bf750392d4022ceb02a7f76a04a8f789c9fbbde329019bc3e097fd7296984b52d29dfc027d31b7b4defdf3807f10e37a9696f8f0026c77cea6ad0d18
SHA512 (dotnet-8.0.10.tar.gz.sig) = 3c4ea982659f00d84528ac26493712d9f786d588797649bb4f551d8e5f7a0aca51a6e27dbe71b1979eeb3307acbac7306da83c14782bb944dd4510ea7761f8d8

View File

@ -39,3 +39,7 @@ execute:
- dotnet turkey/Turkey.dll --version
- git clone "https://github.com/redhat-developer/dotnet-regular-tests.git"
- dotnet turkey/Turkey.dll -l="$TMT_TEST_DATA" dotnet-regular-tests --timeout=1200
- dnf remove -yq 'dotnet*'
- set -x; if command -v dotnet ; then exit 1; fi
- set -x; if [ -d /usr/lib64/dotnet ]; then exit 1; fi
- set -x; if man dotnet; then exit 1; fi

View File

@ -8,7 +8,7 @@ IFS=$'\n\t'
print_usage() {
echo " Usage:"
echo " ./update-release sdk-version runtime-version [--bug bug-id] [--tarball tarball-name] [--larger-rpm-release]"
echo " ./update-release sdk-version runtime-version [--bug bug-id] [--tarball tarball-name] [--release-json release-json] [--larger-rpm-release]"
}
user_provided_tarball_name=""
@ -28,6 +28,11 @@ while [[ "$#" -gt 0 ]]; do
print_usage
exit 0
;;
--release-json)
release_json="$2"
shift;
shift;
;;
--tarball)
user_provided_tarball_name="$2"
shift;
@ -61,46 +66,68 @@ fi
host_version="$runtime_version"
if [[ "$runtime_version" == "3.1"* ]]; then
tag=v${sdk_version}-SDK
elif [[ "$runtime_version" == "6.0"* ]] || [[ "$runtime_version" == "7.0"* ]]; then
if [[ "$runtime_version" == "6.0"* ]] || [[ "$runtime_version" == "7.0"* ]] ; then
tag=v${sdk_version}
else
tag=v${runtime_version}
fi
if [[ -f "dotnet-${tag}-original.tar.gz" ]]; then
echo "dotnet-${tag}-original.tar.gz alredy exists, not rebuilding tarball"
else
if [[ -n "${user_provided_tarball_name}" ]]; then
mv "$user_provided_tarball_name" "dotnet-${tag}-original.tar.gz"
elif [[ -f "dotnet-${sdk_version}-SDK.tar.gz" ]]; then
mv "dotnet-${sdk_version}-SDK.tar.gz" "dotnet-${tag}-original.tar.gz"
elif [[ -f "dotnet-${sdk_version}.tar.gz" ]]; then
mv "dotnet-${sdk_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
elif [[ -f "dotnet-${runtime_version}.tar.gz" ]]; then
mv "dotnet-${runtime_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
fi
fi
if [[ ! -f "dotnet-${tag}.tar.gz" ]]; then
./build-dotnet-tarball "${tag}"
fi
set -x
sed -i -E "s|^%global host_version [[:digit:]]\.[[:digit:]]\.[[:digit:]]+|%global host_version ${host_version}|" "$spec_file"
sed -i -E "s|^%global runtime_version [[:digit:]]\.[[:digit:]]\.[[:digit:]]+|%global runtime_version ${runtime_version}|" "$spec_file"
sed -i -E "s|^%global sdk_version [[:digit:]]\.[[:digit:]]\.[[:digit:]][[:digit:]][[:digit:]]|%global sdk_version ${sdk_version}|" "$spec_file"
if [[ "$runtime_version" == "6.0"* ]] || [[ "$runtime_version" == "7.0"* ]] ; then
if [[ -f "dotnet-${tag}.tar.gz" ]]; then
echo "dotnet-${tag}.tar.gz already exists, not rebuilding tarball"
else
if [[ -f "dotnet-${tag}-original.tar.gz" ]]; then
echo "dotnet-${tag}-original.tar.gz alredy exists, not rebuilding tarball"
else
if [[ -n "${user_provided_tarball_name}" ]]; then
cp -a "$user_provided_tarball_name" "dotnet-${tag}-original.tar.gz"
elif [[ -f "dotnet-${sdk_version}-SDK.tar.gz" ]]; then
cp -a "dotnet-${sdk_version}-SDK.tar.gz" "dotnet-${tag}-original.tar.gz"
elif [[ -f "dotnet-${sdk_version}.tar.gz" ]]; then
cp -a "dotnet-${sdk_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
elif [[ -f "dotnet-${runtime_version}.tar.gz" ]]; then
cp -a "dotnet-${runtime_version}.tar.gz" "dotnet-${tag}-original.tar.gz"
fi
fi
./build-dotnet-tarball "${tag}"
fi
else
if [[ -f "dotnet-${tag}.tar.gz" ]]; then
echo "dotnet-${tag}.tar.gz already exists, not rebuilding tarball"
elif [[ -n ${user_provided_tarball_name} ]]; then
tag_without_v=${tag#v}
cp -a "${user_provided_tarball_name}" dotnet-${tag_without_v}.tar.gz
cp -a "${user_provided_tarball_name}.sig" dotnet-${tag_without_v}.tar.gz.sig
cp -a "${release_json}" release.json
else
rm -f release.json
spectool -g "$spec_file"
fi
fi
comment="Update to .NET SDK ${sdk_version} and Runtime ${runtime_version}"
commit_message="$comment
"
for bug_id in "${bug_ids[@]}"; do
comment="$comment
if [[ "$bug_id" =~ ^[[:digit:]]+$ ]]; then
comment="$comment
- Resolves: RHBZ#$bug_id"
commit_message="$commit_message
commit_message="$commit_message
Resolves: RHBZ#$bug_id"
else
comment="$comment
- Resolves: $bug_id"
commit_message="$commit_message
Resolves: $bug_id"
fi
done
echo "$commit_message" > git-commit-message
@ -113,6 +140,4 @@ sed -i -E 's|^Release: [[:digit:]]+%|Release: '"$rpm_release"'%|'
# See https://stackoverflow.com/questions/18620153/find-matching-text-and-replace-next-line
sed -i -E '/^%changelog$/!b;n;s/-[[:digit:]]+$/-'"$rpm_release"'/' "$spec_file"
release_json_url=$(spectool -l --sources ./dotnet8.0.spec | grep release.json | cut -d' ' -f2)
rm "$(basename "$release_json_url")"
wget "$release_json_url"
echo "Done updating sources. Commit message in ./git-commit-message"