--- rpms/openssl/sme8/openssl.spec	2014/02/18 03:03:10	1.1
+++ rpms/openssl/sme8/openssl.spec	2015/01/15 08:49:13	1.7
@@ -21,7 +21,7 @@
 Summary: The OpenSSL toolkit
 Name: openssl
 Version: 0.9.8e
-Release: 27%{?dist}.1
+Release: 32.1%{?dist}
 # The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball
 Source: openssl-fips-%{version}-usa.tar.bz2
 Source1: hobble-openssl
@@ -94,6 +94,14 @@ Patch104: openssl-fips-0.9.8e-cve-2012-2
 Patch105: openssl-fips-0.9.8e-secure-getenv.patch
 Patch106: openssl-fips-0.9.8e-cve-2013-0166.patch
 Patch107: openssl-fips-0.9.8e-cve-2013-0169.patch
+Patch108: openssl-fips-0.9.8e-cve-2014-0224.patch
+Patch109: openssl-fips-0.9.8e-cve-2014-0221.patch
+Patch110: openssl-fips-0.9.8e-cve-2014-3505.patch
+Patch111: openssl-fips-0.9.8e-cve-2014-3506.patch
+Patch112: openssl-fips-0.9.8e-cve-2014-3508.patch
+Patch113: openssl-fips-0.9.8e-cve-2014-3510.patch
+Patch114: openssl-fips-0.9.8e-fallback-scsv.patch
+Patch115: openssl-fips-0.9.8e-x509-store-lock.patch
 
 License: BSDish
 Group: System Environment/Libraries
@@ -195,6 +203,14 @@ from other formats to the formats used b
 %patch105 -p1 -b .secure-getenv
 %patch106 -p1 -b .ocsp-dos
 %patch107 -p1 -b .lucky13
+%patch108 -p1 -b .keying-mitm
+%patch109 -p1 -b .dtls-recursion
+%patch110 -p1 -b .dtls-doublefree
+%patch111 -p1 -b .dtls-sizechecks
+%patch112 -p1 -b .oid-handling
+%patch113 -p1 -b .adh-dos
+%patch114 -p1 -b .fallback-scsv
+%patch115 -p1 -b .lock
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -448,7 +464,27 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openss
 %postun -p /sbin/ldconfig
 
 %changelog
-* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.1
+* Thu Jan 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-32.1.sme
+- update with ca-bundle.crt from SME 9 [SME: 8799]
+
+* Wed Dec 17 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-32
+- properly lock X509_STORE accesses (#1168938)
+
+* Wed Oct 15 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-31
+- add support for fallback SCSV to partially mitigate CVE-2014-3566
+  (padding attack on SSL3)
+
+* Fri Aug  8 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-30
+- fix CVE-2014-0221 - recursion in DTLS code leading to DoS
+- fix CVE-2014-3505 - doublefree in DTLS packet processing
+- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
+- fix CVE-2014-3508 - fix OID handling to avoid information leak
+- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
+
+* Mon Jun  2 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-29
+- fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
+
+* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-28
 - replace expired GlobalSign Root CA certificate in ca-bundle.crt
 
 * Mon Feb 25 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27