import dotnet8.0-8.0.103-2.el9_3

i9c changed/i9c/dotnet8.0-8.0.103-2.el9_3
MSVSphere Packaging Team 8 months ago
parent 8a49869a10
commit dcc72b4145

@ -1 +1 @@
94c84fca4115a65111a3ce808564a7273c565022 SOURCES/dotnet-v8.0.2.tar.gz
495e25373e8f6076db3652fcea4edd3342bd3d17 SOURCES/dotnet-8.0.3.tar.gz

2
.gitignore vendored

@ -1 +1 @@
SOURCES/dotnet-v8.0.2.tar.gz
SOURCES/dotnet-8.0.3.tar.gz

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: BSN Pgp v1.0.0.0
iQIcBAABCAAGBQJl3iU8AAoJEP2/U8JNtIcuJ4sP/Rkoq/dL4zxZfx6EQy3we262
9D7fhMPlkxFoMWgqTTGcmxuNE9bfJEjgUBMjGCY39fSqcM9l3bkKa9Trls+2nF1K
f637Z94FKfZsfjtaU+b9xPB3ekD9GRZSjhei1QSInjHlF4UYiJxF+Y91jgilw4Kj
I+/3IH2AN9ZAgUuSS7xdsP6CSa5vCglo/d2ImRsw+cw9X8Fmnze6z3p/nGzkVfWV
0argZNqCnD1v2LNmpYJlctWDfXaDVQcTClo+K6UnHAoDx9JiAV1JLlDvv6h78fRj
Fr6vm/0bZDJo9MnjLdBVzJ+9WkEOUmuneOviW3nThiXprJNbE2CK2Fk38CL7hU1r
pBQpMBKuSDALR6W5I0bty8OBJeWIu3vyxzvNGQC0F7MoxZeKdgrwY/nuP49seEYZ
tOC0xzLbqQT/7VSmECLm/udx91rMLOZ827qC43IR1p8TQinijqsFlnyMkXuBwOjF
MdyOaIXPTd39JMn32qqqTr84+dg1TfNKwQEco6IIzDsG+2YmSzhS8dDE9lLKYrwM
qC5gcaEauCjzclnpHs+Mqx4ADsuftf7zI+gky9NK4Pz1/4pDC+ZqP8ucxSYCy2sA
PFi+M4aRMBfKzCw4Wa8828G2wPjIaA+d6n5T0XoIrg4xI7ii223J18qr0vMoBMvE
CrxUFI4N/Gb6+36NB047
=WrWT
-----END PGP SIGNATURE-----

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BSN Pgp v1.1.0.0
mQINBGUKsUYBEADVCJm4EhXALr1ld42kWeh/vM0XMZ2orNT6NRLDRYjpE4mm4UqA
vpjfGCwt5fLcrT4yZng8ABkB3QwTsZzmxesAMD5AZR/gdU1G96DuDGsjp6zJvTuX
zvz3PXUYfcl9n5X32acA6N9J5Xfp10xqX3oitUODBdYy/vKW/v/y87ZxgaR6a3wp
pPJBJIVKwFJx13v4BHRsGp1fepliQcXPvmNKFNI20le5+FbLq6C9hY5wcwGHGfQr
EokH79GsmqgSImqxDOIh06J5VfWA+JwV+3vf95pD8IUrRfGQ+GK7b1/bySxtM5Qa
b/IDgvl/Qq3AzEpGarMBaqGbqMz1C7jd8Y6nyKMP/V+OCjbEdYNM8GRz6kBP3Un+
Frat5Lc2o4DF+zB3PKIJS3hku5gwlJu6IU1F23vmYFtjUcpRGmyQZDoWyBbOWlB5
4SXqVu16amUsRFYmOK8BJMjdotcVbriVIv6WRmugfhIMoRJzVGxYkdbuiuMAX69V
xDoGpxX5A8S5A79y0USUVtadQfFavMTyb/gUuUe8oDsqK9gdI3ETxLYG4gYwauVX
fCGfoLOKsq5dPzEuEA7GCRrMau+rHKFaM7BigSdnHFW7xNZ4v0YnXAagoqM2G5o5
9sak0l57vxxTVk2V3iZzkoU2J2Zlyxyh72n5vjRmb7aNwmQh4Eav6a8ssQARAQAB
tBlvbm54Y29yZWRldkBtaWNyb3NvZnQuY29tiQI4BBMBCAAiBQJlCrFGAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD9v1PCTbSHLtfzEADIKq15XDeQxLSo
BG1aFa9n82K1YADVcu1LeddfhDmQWLnZNgyHtQlKN2n59282CXtgymzae3uc05s2
feIJaqF4M4NnCX8Ct3K7Hq1jI7ZktlquPCCy9XHq9aQY8XTxmdtRevtclKgYTwDh
w+D/KbE8vTZ6o7JoubA3MKf4k3S8qL/0rIyaC6h0EpiWoMy1TdNMMK7BT4kl6Vz4
W6KmNgOux1Pzku5ULM4WuOzmwW+NAzpOLJowfDs1ZC2RM3+g9i1/DmwWtCHngvGD
+clA0I0agXxo05toOBTfwxd2gWYczuo/Ole16fYTzqT6n0DHqOjjcc9A7EmC72fQ
J+hHAqM+4+CbEGuMpNnTMpCZs98bcK3Rqx/bDJYtbclZzm5O/V4nVbDrJZKzpgA1
KuzNMLkr62P6/t15UsStgmrlTILmE5NG0CR1mj/46+mNbsMZCel3dcvnT1Zf4rTq
QxMC7Dd/DECKQVC339G/BRfNyhOk2S1mZR/g1uS4bznL+tiwudDh/TAi5C3ZBDMh
0muwD9caXS/QFIBWtb2ai3IcpU357R/ERPKLcWYtoYJ80RuKi6XYr1WxSPBmd5Qm
wuncye+wR2dveo2jnIXZGUSgz50ZNgBxs/cYWAQ8J6KMgIBa+JY2qalzvIGbrC5x
Sr+CkhS8vrktfnRgc8yBssJnvNfqXA==
=pKgS
-----END PGP PUBLIC KEY BLOCK-----

@ -1,9 +1,9 @@
{
"release": "8.0.2",
"release": "8.0.3",
"channel": "8.0",
"tag": "8.0.2",
"sdkVersion": "8.0.102",
"runtimeVersion": "8.0.2",
"tag": "v8.0.3",
"sdkVersion": "8.0.103",
"runtimeVersion": "8.0.3",
"sourceRepository": "https://github.com/dotnet/dotnet",
"sourceVersion": "d396b0c4d3e51c2d8d679b2f7233912bc5bfc2fa"
"sourceVersion": "49a39629323839c28481dd42545ce44d11c75c5a"
}

@ -0,0 +1,34 @@
From d7805229ffe6906cd0832c0482b963caf4b4fd82 Mon Sep 17 00:00:00 2001
From: Tom Deseyn <tom.deseyn@gmail.com>
Date: Wed, 28 Feb 2024 14:08:15 +0100
Subject: [PATCH] Allow certificate validation with SHA-1 signatures.
RHEL OpenSSL builds disable SHA-1 signatures. This causes certificate
validation to fail when using the X509_V_FLAG_CHECK_SS_SIGNATURE flag
with a chain where the last certificate uses a SHA-1 signature.
This removes X509_V_FLAG_CHECK_SS_SIGNATURE flag to have the default
OpenSSL behavior for certificate validation.
---
.../libs/System.Security.Cryptography.Native/pal_x509.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
index 04c6ba06cd..2cd3413dae 100644
--- a/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
+++ b/src/runtime/src/native/libs/System.Security.Cryptography.Native/pal_x509.c
@@ -272,11 +272,6 @@ int32_t CryptoNative_X509StoreCtxInit(X509_STORE_CTX* ctx, X509_STORE* store, X5
int32_t val = X509_STORE_CTX_init(ctx, store, x509, extraStore);
- if (val != 0)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_CHECK_SS_SIGNATURE);
- }
-
return val;
}
--
2.43.2

@ -8,10 +8,10 @@
%global dotnetver 8.0
%global host_version 8.0.2
%global runtime_version 8.0.2
%global host_version 8.0.3
%global runtime_version 8.0.3
%global aspnetcore_runtime_version %{runtime_version}
%global sdk_version 8.0.102
%global sdk_version 8.0.103
%global sdk_feature_band_version %(echo %{sdk_version} | cut -d '-' -f 1 | sed -e 's|[[:digit:]][[:digit:]]$|00|')
%global templates_version %{runtime_version}
#%%global templates_version %%(echo %%{runtime_version} | awk 'BEGIN { FS="."; OFS="." } {print $1, $2, $3+1 }')
@ -76,7 +76,9 @@ Source3: dotnet-prebuilts-%{bootstrap_sdk_version}-s390x.tar.gz
# For non-releases, the source is generated on a Fedora box via:
# ./build-dotnet-tarball %%{upstream_tag} or commit
%global tarball_name dotnet-sdk-source-%{upstream_tag}
Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag}.tar.gz
Source0: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz
Source1: https://github.com/dotnet/dotnet/archive/refs/tags/%{upstream_tag}.tar.gz#/dotnet-%{upstream_tag_without_v}.tar.gz.sig
Source2: https://dotnet.microsoft.com/download/dotnet/release-key-2023.asc
%endif
Source5: https://github.com/dotnet/dotnet/releases/download/%{upstream_tag}/release.json
@ -94,6 +96,12 @@ Patch2: vstest-intent-net8.0.patch
Patch3: runtime-re-enable-implicit-rejection.patch
# https://github.com/dotnet/msbuild/pull/9449
Patch4: msbuild-9449-exec-stop-setting-a-locale.patch
# We disable checking the signature of the last certificate in a chain
# if the certificate is supposedly self-signed. A side effect of not
# checking the self-signature of such a certificate is that disabled
# or unsupported message digests used for the signature are not
# treated as fatal errors. https://issues.redhat.com/browse/RHEL-25254
Patch5: runtime-openssl-sha1.patch
ExclusiveArch: aarch64 ppc64le s390x x86_64
@ -111,6 +119,7 @@ BuildRequires: git
%if 0%{?fedora} || 0%{?rhel} > 7
BuildRequires: glibc-langpack-en
%endif
BuildRequires: gnupg2
BuildRequires: hostname
BuildRequires: krb5-devel
BuildRequires: libicu-devel
@ -403,8 +412,10 @@ These are not meant for general use.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
release_json_tag=$(grep tag %{SOURCE5} | cut -d: -f2 | sed -E 's/[," ]*//g')
if [[ ${release_json_tag} != %{upstream_tag_without_v} ]]; then
if [[ ${release_json_tag} != %{upstream_tag} ]]; then
echo "error: tag in release.json doesn't match tag in spec file"
exit 1
fi
@ -706,6 +717,18 @@ export COMPlus_LTTng=0
%changelog
* Wed Mar 06 2024 Tom Deseyn <tom.deseyn@gmail.com> - 8.0.103-2
- We disable checking the signature of the last certificate in a chain
if the certificate is supposedly self-signed. A side effect of not
checking the self-signature of such a certificate is that disabled
or unsupported message digests used for the signature are not
treated as fatal errors.
- Resolves: RHEL-28343
* Thu Feb 29 2024 Omair Majid <omajid@redhat.com> - 8.0.103-1
- Update to .NET SDK 8.0.103 and Runtime 8.0.3
- Resolves: RHEL-27552
* Sat Feb 03 2024 Omair Majid <omajid@redhat.com> - 8.0.102-2
- Don't set a locale when running msbuild Exec on Unix
- Resolves: RHEL-23938

Loading…
Cancel
Save