Update OpenSSL with the fix for CVE-2023-5678

pshipton · pshipton · commit 2d1c10db8790 · 2023-11-09T10:33:38.000-05:00
See eclipse-openj9/openj9#18423 Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>
diff --git a/sbin/prepareWorkspace.sh b/sbin/prepareWorkspace.sh
@@ -287,7 +287,7 @@ updateOpenj9Sources() {
   if [ "${BUILD_CONFIG[BUILD_VARIANT]}" == "${BUILD_VARIANT_OPENJ9}" ]; then
     cd "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}" || return
     # NOTE: fetched openssl will NOT be used in the RISC-V cross-compile situation
-    bash get_source.sh --openssl-version=3.0.12
+    bash get_source.sh --openssl-version=openssl-3.0.12+CVEs1 --openssl-repo=https://github.com/ibmruntimes/openssl.git
     cd "${BUILD_CONFIG[WORKSPACE_DIR]}"
   fi
 }

Original file line number	Diff line number	Diff line change
`@@ -287,7 +287,7 @@ updateOpenj9Sources() {`
`287`	`287`	`if [ "${BUILD_CONFIG[BUILD_VARIANT]}" == "${BUILD_VARIANT_OPENJ9}" ]; then`
`288`	`288`	`cd "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}" \|\| return`
`289`	`289`	`# NOTE: fetched openssl will NOT be used in the RISC-V cross-compile situation`
`290`		`- bash get_source.sh --openssl-version=3.0.12`
	`290`	`+ bash get_source.sh --openssl-version=openssl-3.0.12+CVEs1 --openssl-repo=https://github.com/ibmruntimes/openssl.git`
`291`	`291`	`cd "${BUILD_CONFIG[WORKSPACE_DIR]}"`
`292`	`292`	`fi`
`293`	`293`	`}`