From 838f1df9e36da1df439d1a6ec74b35e681c76b01 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Sat, 11 Feb 2023 09:23:32 +0100
Subject: [PATCH] update openssl

---
 ...crypto-bn-rsa_sup_mul.c-to-file-list.patch | 37 +++++++++++++++++++
 edk2.spec                                     |  8 +++-
 sources                                       |  2 +-
 3 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 0034-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch

diff --git a/0034-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch b/0034-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
new file mode 100644
index 0000000..55bfe20
--- /dev/null
+++ b/0034-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
@@ -0,0 +1,37 @@
+From 630fa990847e14507354a4d921143a8bfb255194 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 10 Feb 2023 10:49:44 +0100
+Subject: [PATCH 34/34] rh openssl: add crypto/bn/rsa_sup_mul.c to file list
+
+---
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 1 +
+ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+index e446b51e66cd..7e78255467b1 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+@@ -576,6 +576,7 @@ [Sources]
+   $(OPENSSL_PATH)/ssl/statem/statem_local.h
+ # Autogenerated files list ends here
+ # RHEL8-specific OpenSSL file list starts here
++  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
+   $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+   $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+index c207dc8f4cfd..1c551cb0990c 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+@@ -526,6 +526,7 @@ [Sources]
+   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+ # Autogenerated files list ends here
+ # RHEL8-specific OpenSSL file list starts here
++  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
+   $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+   $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+-- 
+2.39.1
+
diff --git a/edk2.spec b/edk2.spec
index d81b6a9..a2d317c 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -35,7 +35,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    12%{?dist}
+Release:    13%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
 URL:        http://www.tianocore.org
@@ -46,7 +46,7 @@ URL:        http://www.tianocore.org
 # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
 Source0: edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
 Source3: softfloat-%{softfloat_version}.tar.xz
 Source4: edk2-platforms-b36fe8bc9b68.tar.xz
 Source5: jansson-2.13.1.tar.bz2
@@ -109,6 +109,7 @@ Patch0030: 0030-OvmfPkg-QemuFwCfgLib-rewrite-fw_cfg-probe.patch
 Patch0031: 0031-OvmfPkg-QemuFwCfgLib-remove-mQemuFwCfgSupported-mQem.patch
 Patch0032: 0032-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch
 Patch0033: 0033-ArmVirtPkg-ArmVirtQemu-Avoid-early-ID-map-on-Thunder.patch
+Patch0034: 0034-rh-openssl-add-crypto-bn-rsa_sup_mul.c-to-file-list.patch
 
 
 # python3-devel and libuuid-devel are required for building tools.
@@ -642,6 +643,9 @@ done
 
 
 %changelog
+* Sat Feb 11 2023 Gerd Hoffmann <kraxel@redhat.com> - 20221117gitfff6d81270b5-13
+- update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).
+
 * Wed Feb 08 2023 Gerd Hoffmann <kraxel@redhat.com> - 20221117gitfff6d81270b5-12
 - cherry-pick aarch64 bugfixes.
 - set firmware build release date.
diff --git a/sources b/sources
index 25d1bcc..4c25d40 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (softfloat-20180726-gitb64af41.tar.xz) = f079debd1bfcc0fe64329a8947b0689ef49246793edcdd28a2879f6550c652b0cf0f53ac4f6f5ab61ac4f7933972e0019d0ab63eb9931b6884c2909f3a5ead30
-SHA512 (openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz) = acc725d151666bb433e404e6da460e4ac93bd92dca0e9a64fdeb2f6b0a231af560c900f0f3e5bbba43895ead570fc9cd1273ff78dcc8d5f6be34a1fae55e6d3f
 SHA512 (edk2-fff6d81270b5.tar.xz) = 3b215ae200c6be355aa937ef933cc636867416a24e159a83852d7972b7b70f712df3773c429ed5ac5cc6e300fd6f733d6a5bc1b54a06fc0bc3f98ea14d7cb068
 SHA512 (edk2-platforms-b36fe8bc9b68.tar.xz) = 5d10c72700cf6b63e6b59ca8951fb343881fb01b97ec054804fd33385fe837df80a725fe73336d93cc6957414d865e1648a5daaea8f31891b5f2b217d1da774b
 SHA512 (jansson-2.13.1.tar.bz2) = 057f0eda43e4162569888d739f4d78d1d02fce8359400d8f66fdc6e440b0405cb457e1126820dc8ce51e9c4a7f4b7effc640caf1d54307c78c0c47c3fc093011
+SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 418f8476e80c79e76ba2225670075f95ae75065b23cad9180daac5149e02f11deaa6551e1f70d04fe4b275b0e5f2756f890738693516a737d6f84ee8cd839019