From 4d7bb1fbec6887309537dcf1394b78c1a3e8f7d2 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 23 Apr 2026 09:12:20 +0200
Subject: [PATCH] * Thu Apr 23 2026 Miroslav Rezanina <mrezanin@redhat.com> -
 20260221-2

- edk2-Bumped-to-OpenSSL-3.5.5-2.patch [RHEL-161575]
- Resolves: RHEL-161575
  (CVE-2026-31790 edk2: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key [rhel-10.3])
---
 edk2.spec | 9 +++++++--
 sources   | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/edk2.spec b/edk2.spec
index c2b7c4a..eca3b89 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -6,7 +6,7 @@ ExclusiveArch: x86_64 aarch64 riscv64
 %define TOOLCHAIN      GCC
 
 %define OPENSSL_VER    3.5.5
-%define OPENSSL_HASH   c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c
+%define OPENSSL_HASH   5e13c4eed2856269a92b58914b19503ba1401b55
 
 %define DBXDATE        20251016
 
@@ -25,7 +25,7 @@ ExclusiveArch: x86_64 aarch64 riscv64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@@ -487,6 +487,11 @@ install -m 0644 \
 
 
 %changelog
+* Thu Apr 23 2026 Miroslav Rezanina <mrezanin@redhat.com> - 20260221-2
+- edk2-Bumped-to-OpenSSL-3.5.5-2.patch [RHEL-161575]
+- Resolves: RHEL-161575
+  (CVE-2026-31790 edk2: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key [rhel-10.3])
+
 * Thu Mar 12 2026 Miroslav Rezanina <mrezanin@redhat.com> - 20260221-1
 - Rebase to edk2-stable202602 [RHEL-151719]
 - Resolves: RHEL-151719
diff --git a/sources b/sources
index aae037c..d0f6281 100644
--- a/sources
+++ b/sources
@@ -2,4 +2,4 @@ SHA512 (DBXUpdate-20251016.aa64.bin) = 2af6d22d139ff58cb2d0dc0883257b6131f1bd9cc
 SHA512 (DBXUpdate-20251016.x64.bin) = 0452d2c302f702eeb2d549fd5ac4b3c3623172de9559a881bc92875590f3c5b65e301b880f5f76786e22b1af145b2aa6e58c74fef00a279950f3d6641aef484e
 SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb
 SHA512 (edk2-b7a715f7c03c.tar.xz) = c7f24a5bc56ce9e9ef53aef3610fc399e43bcc5a17a0c389c02ffced22baf6dce42d0e577dd18771fc0f52dec5f992feaf3aa8fad15d10b10ace73ceb56afabd
-SHA512 (openssl-rhel-c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c.tar.xz) = be9bb76ba1b8c3f16f4d6d15d4b4a8c57b9361dab56996b9a19bb6360996144c556c0e07827c8734b37f071e842dc0abe39d2321f09f42c47f610808f15aa0a5
+SHA512 (openssl-rhel-5e13c4eed2856269a92b58914b19503ba1401b55.tar.xz) = ce8e811eb82d5a904145daf9557aabb9ff31bfd7b94d2bb34f2819c436478bb74f02feefd2eb3300f36483dfac0c729a42311f22ae5ceb28eee0fadaf44a6fc2