diff --git a/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch b/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch
new file mode 100644
index 0000000..b449a70
--- /dev/null
+++ b/0001-CVE-2012-3524-Don-t-access-environment-variables-or-.patch
@@ -0,0 +1,234 @@
+From 450d975046bbd54271da62ce5fcbe50113f2e453 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Wed, 22 Aug 2012 10:03:34 -0400
+Subject: [PATCH] CVE-2012-3524: Don't access environment variables or run
+ dbus-launch when setuid
+
+This matches a corresponding change in GLib.  See
+glib/gutils.c:g_check_setuid().
+
+Some programs attempt to use libdbus when setuid; notably the X.org
+server is shipped in such a configuration. libdbus never had an
+explicit policy about its use in setuid programs.
+
+I'm not sure whether we should advertise such support.  However, given
+that there are real-world programs that do this currently, we can make
+them safer with not too much effort.
+
+Better to fix a problem caused by an interaction between two
+components in *both* places if possible.
+
+How to determine whether or not we're running in a privilege-escalated
+path is operating system specific.  Note that GTK+'s code to check
+euid versus uid worked historically on Unix, more modern systems have
+filesystem capabilities and SELinux domain transitions, neither of
+which are captured by the uid comparison.
+
+On Linux/glibc, the way this works is that the kernel sets an
+AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
+startup.  If found, then glibc sets a public-but-undocumented
+__libc_enable_secure variable which we can use.  Unfortunately, while
+it *previously* worked to check this variable, a combination of newer
+binutils and RPM break it:
+http://www.openwall.com/lists/owl-dev/2012/08/14/1
+
+So for now on Linux/glibc, we fall back to the historical Unix version
+until we get glibc fixed.
+
+On some BSD variants, there is a issetugid() function.  On other Unix
+variants, we fall back to what GTK+ has been doing.
+
+Reported-by: Sebastian Krahmer <krahmer@suse.de>
+Signed-off-by: Colin Walters <walters@verbum.org>
+---
+ configure.ac             |  2 +-
+ dbus/dbus-keyring.c      |  7 +++++
+ dbus/dbus-sysdeps-unix.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++
+ dbus/dbus-sysdeps-win.c  |  6 ++++
+ dbus/dbus-sysdeps.c      |  5 ++++
+ dbus/dbus-sysdeps.h      |  1 +
+ 6 files changed, 94 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index e2c9bdf..b0f2ec2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -595,7 +595,7 @@ AC_DEFINE_UNQUOTED([DBUS_USE_SYNC], [$have_sync], [Use the gcc __sync extension]
+ AC_SEARCH_LIBS(socket,[socket network])
+ AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)])
+ 
+-AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull)
++AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull issetugid getresuid)
+ 
+ AC_CHECK_HEADERS([syslog.h])
+ if test "x$ac_cv_header_syslog_h" = "xyes"; then
+diff --git a/dbus/dbus-keyring.c b/dbus/dbus-keyring.c
+index 23b9df5..3b9ce31 100644
+--- a/dbus/dbus-keyring.c
++++ b/dbus/dbus-keyring.c
+@@ -717,6 +717,13 @@ _dbus_keyring_new_for_credentials (DBusCredentials  *credentials,
+   DBusCredentials *our_credentials;
+   
+   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
++
++  if (_dbus_check_setuid ())
++    {
++      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
++                            "Unable to create DBus keyring when setuid");
++      return NULL;
++    }
+   
+   keyring = NULL;
+   error_set = FALSE;
+diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
+index cef8bd3..b4ecc96 100644
+--- a/dbus/dbus-sysdeps-unix.c
++++ b/dbus/dbus-sysdeps-unix.c
+@@ -3434,6 +3434,13 @@ _dbus_get_autolaunch_address (const char *scope,
+   DBusString uuid;
+   dbus_bool_t retval;
+ 
++  if (_dbus_check_setuid ())
++    {
++      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
++                            "Unable to autolaunch when setuid");
++      return FALSE;
++    }
++
+   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+   retval = FALSE;
+ 
+@@ -3551,6 +3558,13 @@ _dbus_lookup_launchd_socket (DBusString *socket_path,
+ 
+   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
+ 
++  if (_dbus_check_setuid ())
++    {
++      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
++                            "Unable to find launchd socket when setuid");
++      return FALSE;
++    }
++
+   i = 0;
+   argv[i] = "launchctl";
+   ++i;
+@@ -3591,6 +3605,13 @@ _dbus_lookup_session_address_launchd (DBusString *address, DBusError  *error)
+   dbus_bool_t valid_socket;
+   DBusString socket_path;
+ 
++  if (_dbus_check_setuid ())
++    {
++      dbus_set_error_const (error, DBUS_ERROR_NOT_SUPPORTED,
++                            "Unable to find launchd socket when setuid");
++      return FALSE;
++    }
++
+   if (!_dbus_string_init (&socket_path))
+     {
+       _DBUS_SET_OOM (error);
+@@ -4086,4 +4107,57 @@ _dbus_close_all (void)
+     close (i);
+ }
+ 
++/**
++ * **NOTE**: If you modify this function, please also consider making
++ * the corresponding change in GLib.  See
++ * glib/gutils.c:g_check_setuid().
++ *
++ * Returns TRUE if the current process was executed as setuid (or an
++ * equivalent __libc_enable_secure is available).  See:
++ * http://osdir.com/ml/linux.lfs.hardened/2007-04/msg00032.html
++ */
++dbus_bool_t
++_dbus_check_setuid (void)
++{
++  /* TODO: get __libc_enable_secure exported from glibc.
++   * See http://www.openwall.com/lists/owl-dev/2012/08/14/1
++   */
++#if 0 && defined(HAVE_LIBC_ENABLE_SECURE)
++  {
++    /* See glibc/include/unistd.h */
++    extern int __libc_enable_secure;
++    return __libc_enable_secure;
++  }
++#elif defined(HAVE_ISSETUGID)
++  /* BSD: http://www.freebsd.org/cgi/man.cgi?query=issetugid&sektion=2 */
++  return issetugid ();
++#else
++  uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
++  gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
++
++  static dbus_bool_t check_setuid_initialised;
++  static dbus_bool_t is_setuid;
++
++  if (_DBUS_UNLIKELY (!check_setuid_initialised))
++    {
++#ifdef HAVE_GETRESUID
++      if (getresuid (&ruid, &euid, &suid) != 0 ||
++          getresgid (&rgid, &egid, &sgid) != 0)
++#endif /* HAVE_GETRESUID */
++        {
++          suid = ruid = getuid ();
++          sgid = rgid = getgid ();
++          euid = geteuid ();
++          egid = getegid ();
++        }
++
++      check_setuid_initialised = TRUE;
++      is_setuid = (ruid != euid || ruid != suid ||
++                   rgid != egid || rgid != sgid);
++
++    }
++  return is_setuid;
++#endif
++}
++
+ /* tests in dbus-sysdeps-util.c */
+diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c
+index 397520a..bc4951b 100644
+--- a/dbus/dbus-sysdeps-win.c
++++ b/dbus/dbus-sysdeps-win.c
+@@ -3632,6 +3632,12 @@ _dbus_path_is_absolute (const DBusString *filename)
+     return FALSE;
+ }
+ 
++dbus_bool_t
++_dbus_check_setuid (void)
++{
++  return FALSE;
++}
++
+ /** @} end of sysdeps-win */
+ /* tests in dbus-sysdeps-util.c */
+ 
+diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c
+index 861bfec..04fb8d7 100644
+--- a/dbus/dbus-sysdeps.c
++++ b/dbus/dbus-sysdeps.c
+@@ -182,6 +182,11 @@ _dbus_setenv (const char *varname,
+ const char*
+ _dbus_getenv (const char *varname)
+ {  
++  /* Don't respect any environment variables if the current process is
++   * setuid.  This is the equivalent of glibc's __secure_getenv().
++   */
++  if (_dbus_check_setuid ())
++    return NULL;
+   return getenv (varname);
+ }
+ 
+diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
+index 4052cda..eee9160 100644
+--- a/dbus/dbus-sysdeps.h
++++ b/dbus/dbus-sysdeps.h
+@@ -87,6 +87,7 @@ typedef struct DBusPipe DBusPipe;
+ 
+ void _dbus_abort (void) _DBUS_GNUC_NORETURN;
+ 
++dbus_bool_t _dbus_check_setuid (void);
+ const char* _dbus_getenv (const char *varname);
+ dbus_bool_t _dbus_setenv (const char *varname,
+ 			  const char *value);
+-- 
+1.7.11.4
+
diff --git a/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch b/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch
new file mode 100644
index 0000000..e072b4b
--- /dev/null
+++ b/0001-selinux-when-dropping-capabilities-only-include-AUDI.patch
@@ -0,0 +1,37 @@
+From e1b83fb58eadfd02227673db9a7e2833d29b0c98 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Mon, 23 Apr 2012 00:32:43 +0200
+Subject: [PATCH] selinux: when dropping capabilities only include AUDIT caps
+ if we have them
+
+When we drop capabilities we shouldn't assume we can keep
+CAP_AUDIT_WRITE unconditionally, since it will not be available when
+running in containers.
+
+This patch only adds CAP_AUDIT_WRITE to the list of caps we keep if we
+actually have it in the first place.
+
+This makes audit/selinux enabled D-Bus work in a Linux container.
+---
+ bus/selinux.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bus/selinux.c b/bus/selinux.c
+index 36287e9..1bfc791 100644
+--- a/bus/selinux.c
++++ b/bus/selinux.c
+@@ -1053,8 +1053,9 @@ _dbus_change_to_daemon_user  (const char    *user,
+       int rc;
+ 
+       capng_clear (CAPNG_SELECT_BOTH);
+-      capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+-                    CAP_AUDIT_WRITE);
++      if (capng_have_capability (CAPNG_PERMITTED, CAP_AUDIT_WRITE))
++        capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
++                      CAP_AUDIT_WRITE);
+       rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP);
+       if (rc)
+         {
+-- 
+1.7.10
+
diff --git a/dbus-1.0.1-generate-xml-docs.patch b/dbus-1.0.1-generate-xml-docs.patch
new file mode 100644
index 0000000..60598bc
--- /dev/null
+++ b/dbus-1.0.1-generate-xml-docs.patch
@@ -0,0 +1,11 @@
+--- dbus-1.0.1/Doxyfile.in.generate-xml-docs	2006-11-25 23:42:59.000000000 -0500
++++ dbus-1.0.1/Doxyfile.in	2006-11-25 23:43:12.000000000 -0500
+@@ -133,7 +133,7 @@
+ #---------------------------------------------------------------------------
+ # configuration options related to the XML output
+ #---------------------------------------------------------------------------
+-GENERATE_XML           = NO
++GENERATE_XML           = YES
+ #---------------------------------------------------------------------------
+ # Configuration options related to the preprocessor   
+ #---------------------------------------------------------------------------
diff --git a/dbus.spec b/dbus.spec
index 3edd3de..ec88dd9 100644
--- a/dbus.spec
+++ b/dbus.spec
@@ -9,7 +9,7 @@ Summary: D-BUS message bus
 Name: dbus
 Epoch: 1
 Version: 1.6.8
-Release: 3%{?dist}
+Release: 2%{?dist}
 URL: http://www.freedesktop.org/software/dbus/
 #VCS: git:git://git.freedesktop.org/git/dbus/dbus
 Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
@@ -33,7 +33,7 @@ Requires(post): systemd-units chkconfig
 Requires(preun): systemd-units
 Requires(postun): systemd-units
 Requires: libselinux >= %{libselinux_version}
-Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: dbus-libs = %{epoch}:%{version}-%{release}
 Requires(pre): /usr/sbin/useradd
 
 # Conflict with cups prior to configuration file change, so that the
@@ -59,7 +59,7 @@ This package contains lowlevel libraries for accessing D-BUS.
 %package doc
 Summary: Developer documentation for D-BUS
 Group: Documentation
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %name = %{epoch}:%{version}-%{release}
 BuildArch: noarch
 
 %description doc
@@ -69,7 +69,8 @@ other supporting documentation such as the introspect dtd file.
 %package devel
 Summary: Development files for D-BUS
 Group: Development/Libraries
-Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: %name = %{epoch}:%{version}-%{release}
+Requires: pkgconfig
 
 %description devel
 This package contains libraries and header files needed for
@@ -78,7 +79,7 @@ developing software that uses D-BUS.
 %package x11
 Summary: X11-requiring add-ons for D-BUS
 Group: Development/Libraries
-Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: %name = %{epoch}:%{version}-%{release}
 
 %description x11
 D-BUS contains some tools that require Xlib to be installed, those are
@@ -101,7 +102,7 @@ COMMON_ARGS="--enable-libaudit --enable-selinux=yes --with-init-scripts=redhat -
 # leave verbose mode so people can debug their apps but make sure to
 # turn it off on stable releases with --disable-verbose-mode
 %configure $COMMON_ARGS --disable-tests --disable-asserts --enable-doxygen-docs --enable-xml-docs --with-systemdsystemunitdir=/lib/systemd/system/
-make %{?_smp_mflags} V=1
+make
 
 %install
 rm -rf %{buildroot}
@@ -200,7 +201,7 @@ fi
 
 %files libs
 %defattr(-,root,root,-)
-/%{_lib}/libdbus-1.so.3*
+/%{_lib}/*dbus-1*.so.*
 
 %files x11
 %defattr(-,root,root)
@@ -217,20 +218,13 @@ fi
 %files devel
 %defattr(-,root,root)
 
-/%{_lib}/libdbus-1.so
-%dir %{_libdir}/dbus-1.0/
+/%{_lib}/lib*.so
+%dir %{_libdir}/dbus-1.0
 %{_libdir}/dbus-1.0/include/
 %{_libdir}/pkgconfig/dbus-1.pc
-%{_includedir}/dbus-1.0/
+%{_includedir}/*
 
 %changelog
-* Wed Nov 14 2012 Rex Dieter <rdieter@fedoraproject.org> 
-- 1:1.6.8-3
-- %%build: verbose build, use %%_smp_mflags
-- %%files: tighten up, use less globs
-- tighten deps via %%_isa
-- drop old/unused patches
-
 * Wed Oct  3 2012 Bill Nottingham <notting@redhat.com> - 1:1.6.8-2
 - Drop systemd-sysv-convert in trigger, and resulting dependency (#852822)