From adcb3a2875cd723065b5d814b6bc729cf6a33f02 Mon Sep 17 00:00:00 2001
From: Koichiro Iwao
Date: Tue, 12 Nov 2024 14:11:38 +0900
Subject: [PATCH] Update to v6.12.0-rc7 20241111
---
.raspberrypi2.metadata | 2 +-
SOURCES/openssl-3.0.patch | 613 --------------------------------------
SPECS/raspberrypi2.spec | 13 +-
3 files changed, 8 insertions(+), 620 deletions(-)
delete mode 100644 SOURCES/openssl-3.0.patch
diff --git a/.raspberrypi2.metadata b/.raspberrypi2.metadata
index ca82235..ccf9d62 100644
--- a/.raspberrypi2.metadata
+++ b/.raspberrypi2.metadata
@@ -1,2 +1,2 @@
ac72e2f196857ecf73167250e87d33838a3859f7 SOURCES/1.20241008.tar.gz
-7c13fdfb9aeaad427d53500612a49849afb9cc7a SOURCES/efda653d39a46aa5ed2d5f8af420c1e4eddb2dca.tar.gz
+4b879d0d4a701bbd4afa7abefe6987289ca45851 SOURCES/bf70ebd2aa440a2dc3626d6e836482a445470e64.tar.gz
diff --git a/SOURCES/openssl-3.0.patch b/SOURCES/openssl-3.0.patch
deleted file mode 100644
index 4629ab6..0000000
--- a/SOURCES/openssl-3.0.patch
+++ /dev/null
@@ -1,613 +0,0 @@
-From 1fdf61d4739f818edb85e50f7fa4c474196a0b0a Mon Sep 17 00:00:00 2001
-From: Jan Stancek
-Date: Fri, 12 Jul 2024 09:11:14 +0200
-Subject: [PATCH 1/3] sign-file,extract-cert: move common SSL helper functions
- to a header
-
-Couple error handling helpers are repeated in both tools, so
-move them to a common header.
-
-Signed-off-by: Jan Stancek
-Reviewed-by: Jarkko Sakkinen
-Tested-by: R Nageswara Sastry
-Reviewed-by: Neal Gompa
-Signed-off-by: Jarkko Sakkinen
----
- MAINTAINERS | 1 +
- certs/Makefile | 2 +-
- certs/extract-cert.c | 37 ++-----------------------------------
- scripts/sign-file.c | 37 ++-----------------------------------
- scripts/ssl-common.h | 39 +++++++++++++++++++++++++++++++++++++++
- 5 files changed, 45 insertions(+), 71 deletions(-)
- create mode 100644 scripts/ssl-common.h
-
-diff --git a/MAINTAINERS b/MAINTAINERS
-index 6a6e2941c497..7aa208b18267 100644
---- a/MAINTAINERS
-+++ b/MAINTAINERS
-@@ -4823,6 +4823,7 @@ S: Maintained
- F: Documentation/admin-guide/module-signing.rst
- F: certs/
- F: scripts/sign-file.c
-+F: scripts/ssl-common.h
- F: tools/certs/
-
- CFAG12864B LCD DRIVER
-diff --git a/certs/Makefile b/certs/Makefile
-index 799ad7b9e68a..67e1f2707c2f 100644
---- a/certs/Makefile
-+++ b/certs/Makefile
-@@ -84,5 +84,5 @@ targets += x509_revocation_list
-
- hostprogs := extract-cert
-
--HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
-+HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
- HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
-diff --git a/certs/extract-cert.c b/certs/extract-cert.c
-index 70e9ec89d87d..8e7ba9974a1f 100644
---- a/certs/extract-cert.c
-+++ b/certs/extract-cert.c
-@@ -23,6 +23,8 @@
- #include
- #include
-
-+#include "ssl-common.h"
-+
- /*
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
- *
-@@ -40,41 +42,6 @@ void format(void)
- exit(2);
- }
-
--static void display_openssl_errors(int l)
--{
-- const char *file;
-- char buf[120];
-- int e, line;
--
-- if (ERR_peek_error() == 0)
-- return;
-- fprintf(stderr, "At main.c:%d:\n", l);
--
-- while ((e = ERR_get_error_line(&file, &line))) {
-- ERR_error_string(e, buf);
-- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-- }
--}
--
--static void drain_openssl_errors(void)
--{
-- const char *file;
-- int line;
--
-- if (ERR_peek_error() == 0)
-- return;
-- while (ERR_get_error_line(&file, &line)) {}
--}
--
--#define ERR(cond, fmt, ...) \
-- do { \
-- bool __cond = (cond); \
-- display_openssl_errors(__LINE__); \
-- if (__cond) { \
-- err(1, fmt, ## __VA_ARGS__); \
-- } \
-- } while(0)
--
- static const char *key_pass;
- static BIO *wb;
- static char *cert_dst;
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index 3edb156ae52c..39ba58db5d4e 100644
---- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -29,6 +29,8 @@
- #include
- #include
-
-+#include "ssl-common.h"
-+
- /*
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
- *
-@@ -83,41 +85,6 @@ void format(void)
- exit(2);
- }
-
--static void display_openssl_errors(int l)
--{
-- const char *file;
-- char buf[120];
-- int e, line;
--
-- if (ERR_peek_error() == 0)
-- return;
-- fprintf(stderr, "At main.c:%d:\n", l);
--
-- while ((e = ERR_get_error_line(&file, &line))) {
-- ERR_error_string(e, buf);
-- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-- }
--}
--
--static void drain_openssl_errors(void)
--{
-- const char *file;
-- int line;
--
-- if (ERR_peek_error() == 0)
-- return;
-- while (ERR_get_error_line(&file, &line)) {}
--}
--
--#define ERR(cond, fmt, ...) \
-- do { \
-- bool __cond = (cond); \
-- display_openssl_errors(__LINE__); \
-- if (__cond) { \
-- errx(1, fmt, ## __VA_ARGS__); \
-- } \
-- } while(0)
--
- static const char *key_pass;
-
- static int pem_pw_cb(char *buf, int len, int w, void *v)
-diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
-new file mode 100644
-index 000000000000..e6711c75ed91
---- /dev/null
-+++ b/scripts/ssl-common.h
-@@ -0,0 +1,39 @@
-+/* SPDX-License-Identifier: LGPL-2.1+ */
-+/*
-+ * SSL helper functions shared by sign-file and extract-cert.
-+ */
-+
-+static void display_openssl_errors(int l)
-+{
-+ const char *file;
-+ char buf[120];
-+ int e, line;
-+
-+ if (ERR_peek_error() == 0)
-+ return;
-+ fprintf(stderr, "At main.c:%d:\n", l);
-+
-+ while ((e = ERR_get_error_line(&file, &line))) {
-+ ERR_error_string(e, buf);
-+ fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-+ }
-+}
-+
-+static void drain_openssl_errors(void)
-+{
-+ const char *file;
-+ int line;
-+
-+ if (ERR_peek_error() == 0)
-+ return;
-+ while (ERR_get_error_line(&file, &line)) {}
-+}
-+
-+#define ERR(cond, fmt, ...) \
-+ do { \
-+ bool __cond = (cond); \
-+ display_openssl_errors(__LINE__); \
-+ if (__cond) { \
-+ errx(1, fmt, ## __VA_ARGS__); \
-+ } \
-+ } while (0)
---
-2.46.2
-
-
-From 98dbd2b45aa5185d63b839f482d43c16b71f31a5 Mon Sep 17 00:00:00 2001
-From: Jan Stancek
-Date: Fri, 12 Jul 2024 09:11:15 +0200
-Subject: [PATCH 2/3] sign-file,extract-cert: avoid using deprecated
- ERR_get_error_line()
-
-ERR_get_error_line() is deprecated since OpenSSL 3.0.
-
-Use ERR_peek_error_line() instead, and combine display_openssl_errors()
-and drain_openssl_errors() to a single function where parameter decides
-if it should consume errors silently.
-
-Signed-off-by: Jan Stancek
-Reviewed-by: Jarkko Sakkinen
-Tested-by: R Nageswara Sastry
-Reviewed-by: Neal Gompa
-Signed-off-by: Jarkko Sakkinen
----
- certs/extract-cert.c | 4 ++--
- scripts/sign-file.c | 6 +++---
- scripts/ssl-common.h | 23 ++++++++---------------
- 3 files changed, 13 insertions(+), 20 deletions(-)
-
-diff --git a/certs/extract-cert.c b/certs/extract-cert.c
-index 8e7ba9974a1f..61bbe0085671 100644
---- a/certs/extract-cert.c
-+++ b/certs/extract-cert.c
-@@ -99,11 +99,11 @@ int main(int argc, char **argv)
- parms.cert = NULL;
-
- ENGINE_load_builtin_engines();
-- drain_openssl_errors();
-+ drain_openssl_errors(__LINE__, 1);
- e = ENGINE_by_id("pkcs11");
- ERR(!e, "Load PKCS#11 ENGINE");
- if (ENGINE_init(e))
-- drain_openssl_errors();
-+ drain_openssl_errors(__LINE__, 1);
- else
- ERR(1, "ENGINE_init");
- if (key_pass)
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index 39ba58db5d4e..bb3fdf1a617c 100644
---- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
- ENGINE *e;
-
- ENGINE_load_builtin_engines();
-- drain_openssl_errors();
-+ drain_openssl_errors(__LINE__, 1);
- e = ENGINE_by_id("pkcs11");
- ERR(!e, "Load PKCS#11 ENGINE");
- if (ENGINE_init(e))
-- drain_openssl_errors();
-+ drain_openssl_errors(__LINE__, 1);
- else
- ERR(1, "ENGINE_init");
- if (key_pass)
-@@ -273,7 +273,7 @@ int main(int argc, char **argv)
-
- /* Digest the module data. */
- OpenSSL_add_all_digests();
-- display_openssl_errors(__LINE__);
-+ drain_openssl_errors(__LINE__, 0);
- digest_algo = EVP_get_digestbyname(hash_algo);
- ERR(!digest_algo, "EVP_get_digestbyname");
-
-diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
-index e6711c75ed91..2db0e181143c 100644
---- a/scripts/ssl-common.h
-+++ b/scripts/ssl-common.h
-@@ -3,7 +3,7 @@
- * SSL helper functions shared by sign-file and extract-cert.
- */
-
--static void display_openssl_errors(int l)
-+static void drain_openssl_errors(int l, int silent)
- {
- const char *file;
- char buf[120];
-@@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
-
- if (ERR_peek_error() == 0)
- return;
-- fprintf(stderr, "At main.c:%d:\n", l);
-+ if (!silent)
-+ fprintf(stderr, "At main.c:%d:\n", l);
-
-- while ((e = ERR_get_error_line(&file, &line))) {
-+ while ((e = ERR_peek_error_line(&file, &line))) {
- ERR_error_string(e, buf);
-- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-+ if (!silent)
-+ fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-+ ERR_get_error();
- }
- }
-
--static void drain_openssl_errors(void)
--{
-- const char *file;
-- int line;
--
-- if (ERR_peek_error() == 0)
-- return;
-- while (ERR_get_error_line(&file, &line)) {}
--}
--
- #define ERR(cond, fmt, ...) \
- do { \
- bool __cond = (cond); \
-- display_openssl_errors(__LINE__); \
-+ drain_openssl_errors(__LINE__, 0); \
- if (__cond) { \
- errx(1, fmt, ## __VA_ARGS__); \
- } \
---
-2.46.2
-
-
-From eeffebeb081fcb81ae8a85b6a774dc14791dbc56 Mon Sep 17 00:00:00 2001
-From: Jan Stancek
-Date: Fri, 20 Sep 2024 19:52:48 +0300
-Subject: [PATCH 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL
- MAJOR >= 3
-
-ENGINE API has been deprecated since OpenSSL version 3.0 [1].
-Distros have started dropping support from headers and in future
-it will likely disappear also from library.
-
-It has been superseded by the PROVIDER API, so use it instead
-for OPENSSL MAJOR >= 3.
-
-[1] https://github.com/openssl/openssl/blob/master/README-ENGINES.md
-
-[jarkko: fixed up alignment issues reported by checkpatch.pl --strict]
-
-Signed-off-by: Jan Stancek
-Reviewed-by: Jarkko Sakkinen
-Tested-by: R Nageswara Sastry
-Reviewed-by: Neal Gompa
-Signed-off-by: Jarkko Sakkinen
----
- certs/extract-cert.c | 103 ++++++++++++++++++++++++++++++-------------
- scripts/sign-file.c | 93 ++++++++++++++++++++++++++------------
- 2 files changed, 138 insertions(+), 58 deletions(-)
-
-diff --git a/certs/extract-cert.c b/certs/extract-cert.c
-index 61bbe0085671..7d6d468ed612 100644
---- a/certs/extract-cert.c
-+++ b/certs/extract-cert.c
-@@ -21,17 +21,18 @@
- #include
- #include
- #include
--#include
--
-+#if OPENSSL_VERSION_MAJOR >= 3
-+# define USE_PKCS11_PROVIDER
-+# include
-+# include
-+#else
-+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-+# define USE_PKCS11_ENGINE
-+# include
-+# endif
-+#endif
- #include "ssl-common.h"
-
--/*
-- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
-- *
-- * Remove this if/when that API is no longer used
-- */
--#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
--
- #define PKEY_ID_PKCS7 2
-
- static __attribute__((noreturn))
-@@ -61,6 +62,66 @@ static void write_cert(X509 *x509)
- fprintf(stderr, "Extracted cert: %s\n", buf);
- }
-
-+static X509 *load_cert_pkcs11(const char *cert_src)
-+{
-+ X509 *cert = NULL;
-+#ifdef USE_PKCS11_PROVIDER
-+ OSSL_STORE_CTX *store;
-+
-+ if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
-+ ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
-+ if (!OSSL_PROVIDER_try_load(NULL, "default", true))
-+ ERR(1, "OSSL_PROVIDER_try_load(default)");
-+
-+ store = OSSL_STORE_open(cert_src, NULL, NULL, NULL, NULL);
-+ ERR(!store, "OSSL_STORE_open");
-+
-+ while (!OSSL_STORE_eof(store)) {
-+ OSSL_STORE_INFO *info = OSSL_STORE_load(store);
-+
-+ if (!info) {
-+ drain_openssl_errors(__LINE__, 0);
-+ continue;
-+ }
-+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_CERT) {
-+ cert = OSSL_STORE_INFO_get1_CERT(info);
-+ ERR(!cert, "OSSL_STORE_INFO_get1_CERT");
-+ }
-+ OSSL_STORE_INFO_free(info);
-+ if (cert)
-+ break;
-+ }
-+ OSSL_STORE_close(store);
-+#elif defined(USE_PKCS11_ENGINE)
-+ ENGINE *e;
-+ struct {
-+ const char *cert_id;
-+ X509 *cert;
-+ } parms;
-+
-+ parms.cert_id = cert_src;
-+ parms.cert = NULL;
-+
-+ ENGINE_load_builtin_engines();
-+ drain_openssl_errors(__LINE__, 1);
-+ e = ENGINE_by_id("pkcs11");
-+ ERR(!e, "Load PKCS#11 ENGINE");
-+ if (ENGINE_init(e))
-+ drain_openssl_errors(__LINE__, 1);
-+ else
-+ ERR(1, "ENGINE_init");
-+ if (key_pass)
-+ ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
-+ ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
-+ ERR(!parms.cert, "Get X.509 from PKCS#11");
-+ cert = parms.cert;
-+#else
-+ fprintf(stderr, "no pkcs11 engine/provider available\n");
-+ exit(1);
-+#endif
-+ return cert;
-+}
-+
- int main(int argc, char **argv)
- {
- char *cert_src;
-@@ -89,28 +150,10 @@ int main(int argc, char **argv)
- fclose(f);
- exit(0);
- } else if (!strncmp(cert_src, "pkcs11:", 7)) {
-- ENGINE *e;
-- struct {
-- const char *cert_id;
-- X509 *cert;
-- } parms;
-+ X509 *cert = load_cert_pkcs11(cert_src);
-
-- parms.cert_id = cert_src;
-- parms.cert = NULL;
--
-- ENGINE_load_builtin_engines();
-- drain_openssl_errors(__LINE__, 1);
-- e = ENGINE_by_id("pkcs11");
-- ERR(!e, "Load PKCS#11 ENGINE");
-- if (ENGINE_init(e))
-- drain_openssl_errors(__LINE__, 1);
-- else
-- ERR(1, "ENGINE_init");
-- if (key_pass)
-- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
-- ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
-- ERR(!parms.cert, "Get X.509 from PKCS#11");
-- write_cert(parms.cert);
-+ ERR(!cert, "load_cert_pkcs11 failed");
-+ write_cert(cert);
- } else {
- BIO *b;
- X509 *x509;
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index bb3fdf1a617c..7070245edfc1 100644
---- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -27,17 +27,18 @@
- #include
- #include
- #include
--#include
--
-+#if OPENSSL_VERSION_MAJOR >= 3
-+# define USE_PKCS11_PROVIDER
-+# include
-+# include
-+#else
-+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-+# define USE_PKCS11_ENGINE
-+# include
-+# endif
-+#endif
- #include "ssl-common.h"
-
--/*
-- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
-- *
-- * Remove this if/when that API is no longer used
-- */
--#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
--
- /*
- * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to
- * assume that it's not available and its header file is missing and that we
-@@ -106,28 +107,64 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
- return pwlen;
- }
-
--static EVP_PKEY *read_private_key(const char *private_key_name)
-+static EVP_PKEY *read_private_key_pkcs11(const char *private_key_name)
- {
-- EVP_PKEY *private_key;
-+ EVP_PKEY *private_key = NULL;
-+#ifdef USE_PKCS11_PROVIDER
-+ OSSL_STORE_CTX *store;
-
-- if (!strncmp(private_key_name, "pkcs11:", 7)) {
-- ENGINE *e;
-+ if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
-+ ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
-+ if (!OSSL_PROVIDER_try_load(NULL, "default", true))
-+ ERR(1, "OSSL_PROVIDER_try_load(default)");
-+
-+ store = OSSL_STORE_open(private_key_name, NULL, NULL, NULL, NULL);
-+ ERR(!store, "OSSL_STORE_open");
-
-- ENGINE_load_builtin_engines();
-+ while (!OSSL_STORE_eof(store)) {
-+ OSSL_STORE_INFO *info = OSSL_STORE_load(store);
-+
-+ if (!info) {
-+ drain_openssl_errors(__LINE__, 0);
-+ continue;
-+ }
-+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
-+ private_key = OSSL_STORE_INFO_get1_PKEY(info);
-+ ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
-+ }
-+ OSSL_STORE_INFO_free(info);
-+ if (private_key)
-+ break;
-+ }
-+ OSSL_STORE_close(store);
-+#elif defined(USE_PKCS11_ENGINE)
-+ ENGINE *e;
-+
-+ ENGINE_load_builtin_engines();
-+ drain_openssl_errors(__LINE__, 1);
-+ e = ENGINE_by_id("pkcs11");
-+ ERR(!e, "Load PKCS#11 ENGINE");
-+ if (ENGINE_init(e))
- drain_openssl_errors(__LINE__, 1);
-- e = ENGINE_by_id("pkcs11");
-- ERR(!e, "Load PKCS#11 ENGINE");
-- if (ENGINE_init(e))
-- drain_openssl_errors(__LINE__, 1);
-- else
-- ERR(1, "ENGINE_init");
-- if (key_pass)
-- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
-- "Set PKCS#11 PIN");
-- private_key = ENGINE_load_private_key(e, private_key_name,
-- NULL, NULL);
-- ERR(!private_key, "%s", private_key_name);
-+ else
-+ ERR(1, "ENGINE_init");
-+ if (key_pass)
-+ ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
-+ private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
-+ ERR(!private_key, "%s", private_key_name);
-+#else
-+ fprintf(stderr, "no pkcs11 engine/provider available\n");
-+ exit(1);
-+#endif
-+ return private_key;
-+}
-+
-+static EVP_PKEY *read_private_key(const char *private_key_name)
-+{
-+ if (!strncmp(private_key_name, "pkcs11:", 7)) {
-+ return read_private_key_pkcs11(private_key_name);
- } else {
-+ EVP_PKEY *private_key;
- BIO *b;
-
- b = BIO_new_file(private_key_name, "rb");
-@@ -136,9 +173,9 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
- NULL);
- ERR(!private_key, "%s", private_key_name);
- BIO_free(b);
-- }
-
-- return private_key;
-+ return private_key;
-+ }
- }
-
- static X509 *read_x509(const char *x509_name)
---
-2.46.2
-
diff --git a/SPECS/raspberrypi2.spec b/SPECS/raspberrypi2.spec
index 5bb5cd8..efee7d0 100644
--- a/SPECS/raspberrypi2.spec
+++ b/SPECS/raspberrypi2.spec
@@ -1,5 +1,5 @@
%global firmware_tag 1.20241008
-%global version_tag efda653d39a46aa5ed2d5f8af420c1e4eddb2dca
+%global version_tag bf70ebd2aa440a2dc3626d6e836482a445470e64
ExclusiveArch: aarch64
@@ -18,8 +18,8 @@ ExclusiveArch: aarch64
%define rpisuffix 2
%define ksuffix 4
-%define kversion 6.11
-%define patchlevel 7
+%define kversion 6.12
+%define patchlevel 0
%if 0%{?rhel} >= 10
%define pathfix %{__python3} %{_rpmconfigdir}/redhat/pathfix.py
@@ -38,14 +38,13 @@ ExclusiveArch: aarch64
Name: raspberrypi%{rpisuffix}
Version: %{kversion}.%{patchlevel}
-Release: 20241110.%{local_version}.%{extra_version}%{?dist}
+Release: 20241111.%{local_version}.%{extra_version}%{?dist}
Summary: Specific kernel and bootcode for Raspberry Pi
License: GPLv2
URL: https://github.com/raspberrypi/linux
Source0: https://github.com/raspberrypi/linux/archive/%{version_tag}.tar.gz
Source1: https://github.com/raspberrypi/firmware/archive/refs/tags/%{firmware_tag}.tar.gz
-Patch1: openssl-3.0.patch
Patch100: config_2711.patch
Patch101: config_2712.patch
# Sources for kernel-tools
@@ -172,7 +171,6 @@ glibc package.
%prep
%setup -q -n linux-%{version_tag}
-%patch -P 1 -p1
%patch -P 100 -p1
%patch -P 101 -p1
perl -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}/" Makefile
@@ -440,6 +438,9 @@ cp $(ls -1 /boot/config-kernel-*-*|sort -V|tail -1) /boot/config-kernel.inc
%endif
%changelog
+* Tue Nov 12 2024 Koichiro Iwao - 6.12.0-20241111.v8.1
+- Update kernel to v6.12.0-rc720241110 bf70ebd2
+
* Tue Nov 12 2024 Koichiro Iwao - 6.11.7-20241110.v8.1
- Update kernel to v6.11.7 20241110 efda653d