--- rpms/openssl/sme8/openssl.spec	2015/01/15 08:49:13	1.7
+++ rpms/openssl/sme8/openssl.spec	2015/04/15 14:21:07	1.8
@@ -21,7 +21,7 @@
 Summary: The OpenSSL toolkit
 Name: openssl
 Version: 0.9.8e
-Release: 32.1%{?dist}
+Release: 33.1%{?dist}
 # The tarball is based on the openssl-fips-1.2.0-test.tar.gz tarball
 Source: openssl-fips-%{version}-usa.tar.bz2
 Source1: hobble-openssl
@@ -102,6 +102,14 @@ Patch112: openssl-fips-0.9.8e-cve-2014-3
 Patch113: openssl-fips-0.9.8e-cve-2014-3510.patch
 Patch114: openssl-fips-0.9.8e-fallback-scsv.patch
 Patch115: openssl-fips-0.9.8e-x509-store-lock.patch
+# This patch includes the CVE-2015-0286 fix
+Patch116: openssl-fips-0.9.8e-cve-2014-8275.patch
+Patch117: openssl-fips-0.9.8e-cve-2015-0204.patch
+Patch118: openssl-fips-0.9.8e-cve-2015-0287.patch
+Patch119: openssl-fips-0.9.8e-cve-2015-0288.patch
+Patch120: openssl-fips-0.9.8e-cve-2015-0289.patch
+Patch121: openssl-fips-0.9.8e-cve-2015-0292.patch
+Patch122: openssl-fips-0.9.8e-cve-2015-0293.patch
 
 License: BSDish
 Group: System Environment/Libraries
@@ -211,6 +219,13 @@ from other formats to the formats used b
 %patch113 -p1 -b .adh-dos
 %patch114 -p1 -b .fallback-scsv
 %patch115 -p1 -b .lock
+%patch116 -p1 -b .cert-fingerprint
+%patch117 -p1 -b .rsa-ephemeral
+%patch118 -p1 -b .item-reuse
+%patch119 -p1 -b .req-null-deref
+%patch120 -p1 -b .pkcs7-null-deref
+%patch121 -p1 -b .b64-underflow
+%patch122 -p1 -b .ssl2-assert
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -464,8 +479,19 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openss
 %postun -p /sbin/ldconfig
 
 %changelog
-* Thu Jan 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-32.1.sme
-- update with ca-bundle.crt from SME 9 [SME: 8799]
+* Wed Apr 15 2015 Daniel Berteaud <daniel@firewall-services.com 0.9.8e-33.1.sme
+- update with ca-bundle.crt from SME 9 [SME: 8909]
+
+* Thu Apr  2 2015 Tomas Mraz <tmraz@redhat.com> 0.9.8e-33
+- fix CVE-2014-8275 (without introduction of CVE-2015-0286) - various
+  certificate fingerprint issues
+- fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export
+  ciphersuites and on server
+- fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption
+- fix CVE-2015-0288 - X509_to_X509_REQ NULL pointer dereference
+- fix CVE-2015-0289 - NULL dereference decoding invalid PKCS#7 data
+- fix CVE-2015-0292 - integer underflow in base64 decoder
+- fix CVE-2015-0293 - triggerable assert in SSLv2 server
 
 * Wed Dec 17 2014 Tomas Mraz <tmraz@redhat.com> 0.9.8e-32
 - properly lock X509_STORE accesses (#1168938)