From ee708c8c060aa2c7a0fc3dce95a0299bd8f1bc10 Mon Sep 17 00:00:00 2001
From: Peter Shipton <Peter_Shipton@ca.ibm.com>
Date: Wed, 5 Apr 2023 17:44:26 -0400
Subject: [PATCH] Update OpenSSL with additional CVE fixes to 1.1.1t

The tag OpenSSL_1_1_1t+CVEs1 is created on the current head of the
[OpenSSL_1_1_1-stable](https://github.com/ibmruntimes/openssl/tree/OpenSSL_1_1_1-stable)
branch, which includes the following.

CVE-2023-0464 alternative fix
CVE-2023-0465
CVE-2023-0466

Signed-off-by: Peter Shipton <Peter_Shipton@ca.ibm.com>
---
 buildenv/jenkins/variables/defaults.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildenv/jenkins/variables/defaults.yml b/buildenv/jenkins/variables/defaults.yml
index f860414d212..bca30ef3e7a 100644
--- a/buildenv/jenkins/variables/defaults.yml
+++ b/buildenv/jenkins/variables/defaults.yml
@@ -138,7 +138,7 @@ jitserver:
 # OpenSSL
 #========================================#
 openssl:
-  extra_getsource_options: '--openssl-version=1.1.1t'
+  extra_getsource_options: '--openssl-version=OpenSSL_1_1_1t+CVEs1 --openssl-repo=https://github.com/ibmruntimes/openssl.git'
   extra_configure_options: '--with-openssl=fetched'
 #========================================#
 # OpenSSL Bundling