Update to linux-6.12-rc4

Update to linux-6.12-rc4 which contains the patches to remove dependency on deprecated <openssl/engine.h> Resolves: RHEL-63613 Signed-off-by: John Kacur <jkacur@redhat.com>
2024-10-25 10:44:49 -04:00 · 2024-10-25 10:44:49 -04:00 · 35824f373d
commit 35824f373d
parent cd76e12089
7 changed files with 10 additions and 605 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@
 /linux-6.1.8.tar.xz
 /linux-6.6.1.tar.xz
 /linux-6.10.5-rteval.tar.xz
+/linux-6.12-rc4.tar.gz
--- a/0001_sign_file_extract_cert_move_common_ssl_helper_functions_to_a_header.patch
+++ b/0001_sign_file_extract_cert_move_common_ssl_helper_functions_to_a_header.patch
@ -1,199 +0,0 @@
-From: Jan Stancek <jstancek@redhat.com>
-Subject: sign-file,extract-cert: move common SSL helper functions to a header
-Date: Fri, 12 Jul 2024 09:11:14 +0200
-
-Couple error handling helpers are repeated in both tools, so
-move them to a common header.
-
-Signed-off-by: Jan Stancek <jstancek@redhat.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
-Reviewed-by: Neal Gompa <neal@gompa.dev>
---
- MAINTAINERS          |  1 +
- certs/Makefile       |  2 +-
- certs/extract-cert.c | 37 ++-----------------------------------
- scripts/sign-file.c  | 37 ++-----------------------------------
- scripts/ssl-common.h | 39 +++++++++++++++++++++++++++++++++++++++
- 5 files changed, 45 insertions(+), 71 deletions(-)
- create mode 100644 scripts/ssl-common.h
-
-diff --git a/MAINTAINERS b/MAINTAINERS
-index 2a4d4b3a9b40..4681e3cd0d20 100644
--- a/MAINTAINERS
-+++ b/MAINTAINERS
-@@ -5042,6 +5042,7 @@ S:	Maintained
- F:	Documentation/admin-guide/module-signing.rst
- F:	certs/
- F:	scripts/sign-file.c
-+F:	scripts/ssl-common.h
- F:	tools/certs/
- 
- CFAG12864B LCD DRIVER
-diff --git a/certs/Makefile b/certs/Makefile
-index 1094e3860c2a..f6fa4d8d75e0 100644
--- a/certs/Makefile
-+++ b/certs/Makefile
-@@ -84,5 +84,5 @@ targets += x509_revocation_list
- 
- hostprogs := extract-cert
- 
-HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
-+HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
- HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
-diff --git a/certs/extract-cert.c b/certs/extract-cert.c
-index 70e9ec89d87d..8e7ba9974a1f 100644
--- a/certs/extract-cert.c
-+++ b/certs/extract-cert.c
-@@ -23,6 +23,8 @@
- #include <openssl/err.h>
- #include <openssl/engine.h>
- 
-+#include "ssl-common.h"
-+
- /*
-  * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
-  *
-@@ -40,41 +42,6 @@ void format(void)
- 	exit(2);
- }
- 
-static void display_openssl_errors(int l)
-{
-	const char *file;
-	char buf[120];
-	int e, line;
-
-	if (ERR_peek_error() == 0)
-		return;
-	fprintf(stderr, "At main.c:%d:\n", l);
-
-	while ((e = ERR_get_error_line(&file, &line))) {
-		ERR_error_string(e, buf);
-		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-	}
-}
-
-static void drain_openssl_errors(void)
-{
-	const char *file;
-	int line;
-
-	if (ERR_peek_error() == 0)
-		return;
-	while (ERR_get_error_line(&file, &line)) {}
-}
-
-#define ERR(cond, fmt, ...)				\
-	do {						\
-		bool __cond = (cond);			\
-		display_openssl_errors(__LINE__);	\
-		if (__cond) {				\
-			err(1, fmt, ## __VA_ARGS__);	\
-		}					\
-	} while(0)
-
- static const char *key_pass;
- static BIO *wb;
- static char *cert_dst;
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index 3edb156ae52c..39ba58db5d4e 100644
--- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -29,6 +29,8 @@
- #include <openssl/err.h>
- #include <openssl/engine.h>
- 
-+#include "ssl-common.h"
-+
- /*
-  * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
-  *
-@@ -83,41 +85,6 @@ void format(void)
- 	exit(2);
- }
- 
-static void display_openssl_errors(int l)
-{
-	const char *file;
-	char buf[120];
-	int e, line;
-
-	if (ERR_peek_error() == 0)
-		return;
-	fprintf(stderr, "At main.c:%d:\n", l);
-
-	while ((e = ERR_get_error_line(&file, &line))) {
-		ERR_error_string(e, buf);
-		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-	}
-}
-
-static void drain_openssl_errors(void)
-{
-	const char *file;
-	int line;
-
-	if (ERR_peek_error() == 0)
-		return;
-	while (ERR_get_error_line(&file, &line)) {}
-}
-
-#define ERR(cond, fmt, ...)				\
-	do {						\
-		bool __cond = (cond);			\
-		display_openssl_errors(__LINE__);	\
-		if (__cond) {				\
-			errx(1, fmt, ## __VA_ARGS__);	\
-		}					\
-	} while(0)
-
- static const char *key_pass;
- 
- static int pem_pw_cb(char *buf, int len, int w, void *v)
-diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
-new file mode 100644
-index 000000000000..e6711c75ed91
--- /dev/null
-+++ b/scripts/ssl-common.h
-@@ -0,0 +1,39 @@
-+/* SPDX-License-Identifier: LGPL-2.1+ */
-+/*
-+ * SSL helper functions shared by sign-file and extract-cert.
-+ */
-+
-+static void display_openssl_errors(int l)
-+{
-+	const char *file;
-+	char buf[120];
-+	int e, line;
-+
-+	if (ERR_peek_error() == 0)
-+		return;
-+	fprintf(stderr, "At main.c:%d:\n", l);
-+
-+	while ((e = ERR_get_error_line(&file, &line))) {
-+		ERR_error_string(e, buf);
-+		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-+	}
-+}
-+
-+static void drain_openssl_errors(void)
-+{
-+	const char *file;
-+	int line;
-+
-+	if (ERR_peek_error() == 0)
-+		return;
-+	while (ERR_get_error_line(&file, &line)) {}
-+}
-+
-+#define ERR(cond, fmt, ...)				\
-+	do {						\
-+		bool __cond = (cond);			\
-+		display_openssl_errors(__LINE__);	\
-+		if (__cond) {				\
-+			errx(1, fmt, ## __VA_ARGS__);	\
-+		}					\
-+	} while (0)
-- 
-2.39.3
--- a/0002_sign_file_extract_cert_avoid_using_deprecated_err_get_error_line.patch
+++ b/0002_sign_file_extract_cert_avoid_using_deprecated_err_get_error_line.patch
@ -1,115 +0,0 @@
-From: Jan Stancek <jstancek@redhat.com>
-Subject: sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
-Date: Fri, 12 Jul 2024 09:11:15 +0200
-
-ERR_get_error_line() is deprecated since OpenSSL 3.0.
-
-Use ERR_peek_error_line() instead, and combine display_openssl_errors()
-and drain_openssl_errors() to a single function where parameter decides
-if it should consume errors silently.
-
-Signed-off-by: Jan Stancek <jstancek@redhat.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
-Reviewed-by: Neal Gompa <neal@gompa.dev>
---
- certs/extract-cert.c |  4 ++--
- scripts/sign-file.c  |  6 +++---
- scripts/ssl-common.h | 23 ++++++++---------------
- 3 files changed, 13 insertions(+), 20 deletions(-)
-
-diff --git a/certs/extract-cert.c b/certs/extract-cert.c
-index 8e7ba9974a1f..61bbe0085671 100644
--- a/certs/extract-cert.c
-+++ b/certs/extract-cert.c
-@@ -99,11 +99,11 @@ int main(int argc, char **argv)
- 		parms.cert = NULL;
- 
- 		ENGINE_load_builtin_engines();
-		drain_openssl_errors();
-+		drain_openssl_errors(__LINE__, 1);
- 		e = ENGINE_by_id("pkcs11");
- 		ERR(!e, "Load PKCS#11 ENGINE");
- 		if (ENGINE_init(e))
-			drain_openssl_errors();
-+			drain_openssl_errors(__LINE__, 1);
- 		else
- 			ERR(1, "ENGINE_init");
- 		if (key_pass)
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index 39ba58db5d4e..bb3fdf1a617c 100644
--- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
- 		ENGINE *e;
- 
- 		ENGINE_load_builtin_engines();
-		drain_openssl_errors();
-+		drain_openssl_errors(__LINE__, 1);
- 		e = ENGINE_by_id("pkcs11");
- 		ERR(!e, "Load PKCS#11 ENGINE");
- 		if (ENGINE_init(e))
-			drain_openssl_errors();
-+			drain_openssl_errors(__LINE__, 1);
- 		else
- 			ERR(1, "ENGINE_init");
- 		if (key_pass)
-@@ -273,7 +273,7 @@ int main(int argc, char **argv)
- 
- 		/* Digest the module data. */
- 		OpenSSL_add_all_digests();
-		display_openssl_errors(__LINE__);
-+		drain_openssl_errors(__LINE__, 0);
- 		digest_algo = EVP_get_digestbyname(hash_algo);
- 		ERR(!digest_algo, "EVP_get_digestbyname");
- 
-diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
-index e6711c75ed91..2db0e181143c 100644
--- a/scripts/ssl-common.h
-+++ b/scripts/ssl-common.h
-@@ -3,7 +3,7 @@
-  * SSL helper functions shared by sign-file and extract-cert.
-  */
- 
-static void display_openssl_errors(int l)
-+static void drain_openssl_errors(int l, int silent)
- {
- 	const char *file;
- 	char buf[120];
-@@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
- 
- 	if (ERR_peek_error() == 0)
- 		return;
-	fprintf(stderr, "At main.c:%d:\n", l);
-+	if (!silent)
-+		fprintf(stderr, "At main.c:%d:\n", l);
- 
-	while ((e = ERR_get_error_line(&file, &line))) {
-+	while ((e = ERR_peek_error_line(&file, &line))) {
- 		ERR_error_string(e, buf);
-		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-+		if (!silent)
-+			fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
-+		ERR_get_error();
- 	}
- }
- 
-static void drain_openssl_errors(void)
-{
-	const char *file;
-	int line;
-
-	if (ERR_peek_error() == 0)
-		return;
-	while (ERR_get_error_line(&file, &line)) {}
-}
-
- #define ERR(cond, fmt, ...)				\
- 	do {						\
- 		bool __cond = (cond);			\
-		display_openssl_errors(__LINE__);	\
-+		drain_openssl_errors(__LINE__, 0);	\
- 		if (__cond) {				\
- 			errx(1, fmt, ## __VA_ARGS__);	\
- 		}					\
-- 
-2.39.3
--- a/0003_sign_file_extract_cert_use_pkcs11_provider_for_openssl_major_3.patch
+++ b/0003_sign_file_extract_cert_use_pkcs11_provider_for_openssl_major_3.patch
@ -1,282 +0,0 @@
-From: Jan Stancek <jstancek@redhat.com>
-Subject: sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
-Date: Fri, 12 Jul 2024 09:11:16 +0200
-
-ENGINE API has been deprecated since OpenSSL version 3.0 [1].
-Distros have started dropping support from headers and in future
-it will likely disappear also from library.
-
-It has been superseded by the PROVIDER API, so use it instead
-for OPENSSL MAJOR >= 3.
-
-[1] https://github.com/openssl/openssl/blob/master/README-ENGINES.md
-
-Signed-off-by: Jan Stancek <jstancek@redhat.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
-Reviewed-by: Neal Gompa <neal@gompa.dev>
---
- certs/extract-cert.c | 103 ++++++++++++++++++++++++++++++-------------
- scripts/sign-file.c  |  95 +++++++++++++++++++++++++++------------
- 2 files changed, 140 insertions(+), 58 deletions(-)
-
-diff --git a/certs/extract-cert.c b/certs/extract-cert.c
-index 61bbe0085671..7d6d468ed612 100644
--- a/certs/extract-cert.c
-+++ b/certs/extract-cert.c
-@@ -21,17 +21,18 @@
- #include <openssl/bio.h>
- #include <openssl/pem.h>
- #include <openssl/err.h>
-#include <openssl/engine.h>
-
-+#if OPENSSL_VERSION_MAJOR >= 3
-+# define USE_PKCS11_PROVIDER
-+# include <openssl/provider.h>
-+# include <openssl/store.h>
-+#else
-+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-+#  define USE_PKCS11_ENGINE
-+#  include <openssl/engine.h>
-+# endif
-+#endif
- #include "ssl-common.h"
- 
-/*
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
- *
- * Remove this if/when that API is no longer used
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-
- #define PKEY_ID_PKCS7 2
- 
- static __attribute__((noreturn))
-@@ -61,6 +62,66 @@ static void write_cert(X509 *x509)
- 		fprintf(stderr, "Extracted cert: %s\n", buf);
- }
- 
-+static X509 *load_cert_pkcs11(const char *cert_src)
-+{
-+	X509 *cert = NULL;
-+#ifdef USE_PKCS11_PROVIDER
-+	OSSL_STORE_CTX *store;
-+
-+	if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
-+		ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
-+	if (!OSSL_PROVIDER_try_load(NULL, "default", true))
-+		ERR(1, "OSSL_PROVIDER_try_load(default)");
-+
-+	store = OSSL_STORE_open(cert_src, NULL, NULL, NULL, NULL);
-+	ERR(!store, "OSSL_STORE_open");
-+
-+	while (!OSSL_STORE_eof(store)) {
-+		OSSL_STORE_INFO *info = OSSL_STORE_load(store);
-+
-+		if (!info) {
-+			drain_openssl_errors(__LINE__, 0);
-+			continue;
-+		}
-+		if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_CERT) {
-+			cert = OSSL_STORE_INFO_get1_CERT(info);
-+			ERR(!cert, "OSSL_STORE_INFO_get1_CERT");
-+		}
-+		OSSL_STORE_INFO_free(info);
-+		if (cert)
-+			break;
-+	}
-+	OSSL_STORE_close(store);
-+#elif defined(USE_PKCS11_ENGINE)
-+		ENGINE *e;
-+		struct {
-+			const char *cert_id;
-+			X509 *cert;
-+		} parms;
-+
-+		parms.cert_id = cert_src;
-+		parms.cert = NULL;
-+
-+		ENGINE_load_builtin_engines();
-+		drain_openssl_errors(__LINE__, 1);
-+		e = ENGINE_by_id("pkcs11");
-+		ERR(!e, "Load PKCS#11 ENGINE");
-+		if (ENGINE_init(e))
-+			drain_openssl_errors(__LINE__, 1);
-+		else
-+			ERR(1, "ENGINE_init");
-+		if (key_pass)
-+			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
-+		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
-+		ERR(!parms.cert, "Get X.509 from PKCS#11");
-+		cert = parms.cert;
-+#else
-+		fprintf(stderr, "no pkcs11 engine/provider available\n");
-+		exit(1);
-+#endif
-+	return cert;
-+}
-+
- int main(int argc, char **argv)
- {
- 	char *cert_src;
-@@ -89,28 +150,10 @@ int main(int argc, char **argv)
- 		fclose(f);
- 		exit(0);
- 	} else if (!strncmp(cert_src, "pkcs11:", 7)) {
-		ENGINE *e;
-		struct {
-			const char *cert_id;
-			X509 *cert;
-		} parms;
-+		X509 *cert = load_cert_pkcs11(cert_src);
- 
-		parms.cert_id = cert_src;
-		parms.cert = NULL;
-
-		ENGINE_load_builtin_engines();
-		drain_openssl_errors(__LINE__, 1);
-		e = ENGINE_by_id("pkcs11");
-		ERR(!e, "Load PKCS#11 ENGINE");
-		if (ENGINE_init(e))
-			drain_openssl_errors(__LINE__, 1);
-		else
-			ERR(1, "ENGINE_init");
-		if (key_pass)
-			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
-		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
-		ERR(!parms.cert, "Get X.509 from PKCS#11");
-		write_cert(parms.cert);
-+		ERR(!cert, "load_cert_pkcs11 failed");
-+		write_cert(cert);
- 	} else {
- 		BIO *b;
- 		X509 *x509;
-diff --git a/scripts/sign-file.c b/scripts/sign-file.c
-index bb3fdf1a617c..ba413dc69a20 100644
--- a/scripts/sign-file.c
-+++ b/scripts/sign-file.c
-@@ -27,17 +27,18 @@
- #include <openssl/evp.h>
- #include <openssl/pem.h>
- #include <openssl/err.h>
-#include <openssl/engine.h>
-
-+#if OPENSSL_VERSION_MAJOR >= 3
-+# define USE_PKCS11_PROVIDER
-+# include <openssl/provider.h>
-+# include <openssl/store.h>
-+#else
-+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
-+#  define USE_PKCS11_ENGINE
-+#  include <openssl/engine.h>
-+# endif
-+#endif
- #include "ssl-common.h"
- 
-/*
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
- *
- * Remove this if/when that API is no longer used
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-
- /*
-  * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to
-  * assume that it's not available and its header file is missing and that we
-@@ -106,28 +107,66 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
- 	return pwlen;
- }
- 
-static EVP_PKEY *read_private_key(const char *private_key_name)
-+static EVP_PKEY *read_private_key_pkcs11(const char *private_key_name)
- {
-	EVP_PKEY *private_key;
-+	EVP_PKEY *private_key = NULL;
-+#ifdef USE_PKCS11_PROVIDER
-+	OSSL_STORE_CTX *store;
- 
-	if (!strncmp(private_key_name, "pkcs11:", 7)) {
-		ENGINE *e;
-+	if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
-+		ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
-+	if (!OSSL_PROVIDER_try_load(NULL, "default", true))
-+		ERR(1, "OSSL_PROVIDER_try_load(default)");
-+
-+	store = OSSL_STORE_open(private_key_name, NULL, NULL, NULL, NULL);
-+	ERR(!store, "OSSL_STORE_open");
- 
-		ENGINE_load_builtin_engines();
-+	while (!OSSL_STORE_eof(store)) {
-+		OSSL_STORE_INFO *info = OSSL_STORE_load(store);
-+
-+		if (!info) {
-+			drain_openssl_errors(__LINE__, 0);
-+			continue;
-+		}
-+		if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
-+			private_key = OSSL_STORE_INFO_get1_PKEY(info);
-+			ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
-+		}
-+		OSSL_STORE_INFO_free(info);
-+		if (private_key)
-+			break;
-+	}
-+	OSSL_STORE_close(store);
-+#elif defined(USE_PKCS11_ENGINE)
-+	ENGINE *e;
-+
-+	ENGINE_load_builtin_engines();
-+	drain_openssl_errors(__LINE__, 1);
-+	e = ENGINE_by_id("pkcs11");
-+	ERR(!e, "Load PKCS#11 ENGINE");
-+	if (ENGINE_init(e))
- 		drain_openssl_errors(__LINE__, 1);
-		e = ENGINE_by_id("pkcs11");
-		ERR(!e, "Load PKCS#11 ENGINE");
-		if (ENGINE_init(e))
-			drain_openssl_errors(__LINE__, 1);
-		else
-			ERR(1, "ENGINE_init");
-		if (key_pass)
-			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
-			    "Set PKCS#11 PIN");
-		private_key = ENGINE_load_private_key(e, private_key_name,
-						      NULL, NULL);
-		ERR(!private_key, "%s", private_key_name);
-+	else
-+		ERR(1, "ENGINE_init");
-+	if (key_pass)
-+		ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
-+				"Set PKCS#11 PIN");
-+	private_key = ENGINE_load_private_key(e, private_key_name,
-+			NULL, NULL);
-+	ERR(!private_key, "%s", private_key_name);
-+#else
-+	fprintf(stderr, "no pkcs11 engine/provider available\n");
-+	exit(1);
-+#endif
-+	return private_key;
-+}
-+
-+static EVP_PKEY *read_private_key(const char *private_key_name)
-+{
-+	if (!strncmp(private_key_name, "pkcs11:", 7)) {
-+		return read_private_key_pkcs11(private_key_name);
- 	} else {
-+		EVP_PKEY *private_key;
- 		BIO *b;
- 
- 		b = BIO_new_file(private_key_name, "rb");
-@@ -136,9 +175,9 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
- 						      NULL);
- 		ERR(!private_key, "%s", private_key_name);
- 		BIO_free(b);
-	}
- 
-	return private_key;
-+		return private_key;
-+	}
- }
- 
- static X509 *read_x509(const char *x509_name)
-- 
-2.39.3
--- a/rteval-loads.spec
+++ b/rteval-loads.spec
@ -1,20 +1,15 @@
 Name:		rteval-loads
 Version:	1.6
-Release:	12%{?dist}
+Release:	13%{?dist}
 Summary:	Source files for rteval loads
 Group:		Development/Tools
 License:	GPL-2.0-only
 URL:		https://git.kernel.org/pub/scm/utils/rteval/rteval.git
-Source0:	https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.10.5-rteval.tar.xz
+Source0:	https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.12-rc4.tar.gz

 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:	noarch

-# Patches
-Patch1: 0001_sign_file_extract_cert_move_common_ssl_helper_functions_to_a_header.patch
-Patch2: 0002_sign_file_extract_cert_avoid_using_deprecated_err_get_error_line.patch
-Patch3: 0003_sign_file_extract_cert_use_pkcs11_provider_for_openssl_major_3.patch
-
 %description
 This package provides source code for system loads used by the rteval package

@ -32,6 +27,11 @@ install -m 644 %{SOURCE0} %{buildroot}%{_datadir}/rteval/loadsource
 %{_datadir}/rteval/loadsource/*

 %changelog
+* Fri Oct 25 2024 John Kacur <jkacur@redhat.com> - 1.6-13
+- Update to linux-6.12-rc4 which contains the patches
+  to remove dependency on deprecated <openssl/engine.h>
+Resolves: RHEL-63613
+
 * Mon Aug 19 2024 John Kacur <jkacur@redhat.com> - 1.6-12
 - Create a kernel based off of linux-6.10.5 and three upstream patches
  to remove a dependency on deprecated <openssl/engine.h>
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (linux-6.10.5-rteval.tar.xz) = 7b55a11df32fb94ac80734efea982efff2aff51e84366a88cf272ec25434885fc102b76fcc3b26665d4a203434046cd36a5359e04e2c104ac70d491dd0763bb1
+SHA512 (linux-6.12-rc4.tar.gz) = 8cfdf21c054071ec56643bda00b0d39a74846e41bec3f98c6197c7772b653d03dd293282d4dce2fec4fa9ce4369e5d438386c2654c55310e823d54687f4fe188
--- a/tests/scripts/run_tests.sh
+++ b/tests/scripts/run_tests.sh
@ -12,7 +12,7 @@ else
 fi

 # check that the tarball is in place
-if [[ ! -f /usr/share/rteval/loadsource/linux-6.6.1.tar.xz ]]; then
+if [[ ! -f /usr/share/rteval/loadsource/linux-6.12-rc4.tar.gz ]]; then
    echo "No load tarball found!"
    exit 3
 fi