--- rpms/openssl/sme8/openssl.spec	2014/09/02 22:22:35	1.4
+++ rpms/openssl/sme8/openssl.spec	2015/01/15 08:49:13	1.7
@@ -21,7 +21,7 @@
 Summary: The OpenSSL toolkit
 Name: openssl
 Version: 0.9.8e
-Release: 28%{?dist}
+Release: 32.1%{?dist}
 # The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball
 Source: openssl-fips-%{version}-usa.tar.bz2
 Source1: hobble-openssl
@@ -100,6 +100,8 @@ Patch110: openssl-fips-0.9.8e-cve-2014-3
 Patch111: openssl-fips-0.9.8e-cve-2014-3506.patch
 Patch112: openssl-fips-0.9.8e-cve-2014-3508.patch
 Patch113: openssl-fips-0.9.8e-cve-2014-3510.patch
+Patch114: openssl-fips-0.9.8e-fallback-scsv.patch
+Patch115: openssl-fips-0.9.8e-x509-store-lock.patch
 
 License: BSDish
 Group: System Environment/Libraries
@@ -207,6 +209,8 @@ from other formats to the formats used b
 %patch111 -p1 -b .dtls-sizechecks
 %patch112 -p1 -b .oid-handling
 %patch113 -p1 -b .adh-dos
+%patch114 -p1 -b .fallback-scsv
+%patch115 -p1 -b .lock
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -460,20 +464,27 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openss
 %postun -p /sbin/ldconfig
 
 %changelog
-* Tue Sep  2 2014 Charlie Brady <charlie_brady@mitel.com> 0.9.8e-28.el5.sme
-- update with ca-bundle.crt from SME 9 [SME: 8208]
+* Thu Jan 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-32.1.sme
+- update with ca-bundle.crt from SME 9 [SME: 8799]
 
-* Fri Aug  8 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.4
+* Wed Dec 17 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-32
+- properly lock X509_STORE accesses (#1168938)
+
+* Wed Oct 15 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-31
+- add support for fallback SCSV to partially mitigate CVE-2014-3566
+  (padding attack on SSL3)
+
+* Fri Aug  8 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-30
 - fix CVE-2014-0221 - recursion in DTLS code leading to DoS
 - fix CVE-2014-3505 - doublefree in DTLS packet processing
 - fix CVE-2014-3506 - avoid memory exhaustion in DTLS
 - fix CVE-2014-3508 - fix OID handling to avoid information leak
 - fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
 
-* Tue Jun  3 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.3
+* Mon Jun  2 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-29
 - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
 
-* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27.1
+* Tue Jan 28 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-28
 - replace expired GlobalSign Root CA certificate in ca-bundle.crt
 
 * Mon Feb 25 2013 Tomas Mraz <tmraz@redhat.com> 0.9.8e-27