diff --git a/.gitignore b/.gitignore
index e22c73d..1dbb5e5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
 /check_mk-1.2.4.tar.gz
 /check_mk-1.2.4p1.tar.gz
 /check_mk-1.2.4p2.tar.gz
+/check_mk-1.2.4p5.tar.gz
diff --git a/01-Set-Legacy-Eval-True.patch b/01-Set-Legacy-Eval-True.patch
new file mode 100644
index 0000000..526fc7d
--- /dev/null
+++ b/01-Set-Legacy-Eval-True.patch
@@ -0,0 +1,11 @@
+--- plugins/config/wato.py	2014-09-17 16:45:20.548080345 +0200
++++ plugins/config/wato.py.patched	2014-09-17 16:45:34.604504277 +0200
+@@ -39,7 +39,7 @@
+ wato_use_git            = False
+ wato_hidden_users       = []
+ wato_user_attrs         = []
+-wato_legacy_eval        = False
++wato_legacy_eval        = True
+ 
+ def tag_alias(tag):
+     for entry in wato_host_tags:
diff --git a/check-mk.spec b/check-mk.spec
index 6853849..c04594b 100644
--- a/check-mk.spec
+++ b/check-mk.spec
@@ -1,8 +1,8 @@
 %define _requires_exceptions pear(default.php)
 
 Name:		check-mk
-Version:	1.2.4p2
-Release:	2%{?dist}
+Version:	1.2.4p5
+Release:	1%{?dist}
 Summary:	A new general purpose Nagios-plugin for retrieving data
 Group:		Applications/Internet
 License:	GPLv2 and GPLv3
@@ -15,6 +15,7 @@ Requires:	mod_python
 Source1:	First-Installation.txt
 Source2:	defaults
 Source3:	defaults.py
+Patch0:     01-Set-Legacy-Eval-True.patch
 AutoReq:	0
 
 # Do not provide from a documentation
@@ -71,6 +72,9 @@ This package contains the check-mk's web interface aka WATO.
 %prep
 %setup -q -n check_mk-%{version}
 tar xf agents.tar.gz
+tar xf web.tar.gz && rm -f web.tar.gz
+%patch0 -p0
+tar zcf web.tar.gz htdocs plugins
 
 %build
 rm -f waitmax
@@ -96,7 +100,8 @@ install -d -m 755 %{buildroot}%{_datadir}/check-mk-agent
 install -d -m 755 %{buildroot}%{_datadir}/check-mk-agent/plugins
 install -d -m 755 %{buildroot}%{_datadir}/check-mk-agent/local
 install -m 644 plugins/mk_logwatch %{buildroot}%{_datadir}/check-mk-agent/plugins
-install -m 644 plugins/j4p_performance %{buildroot}%{_datadir}/check-mk-agent/plugins
+# The j4p_performance plugin has been deprecated.
+# install -m 644 plugins/j4p_performance %{buildroot}%{_datadir}/check-mk-agent/plugins
 install -m 644 plugins/mk_oracle %{buildroot}%{_datadir}/check-mk-agent/plugins
 install -m 644 plugins/sylo %{buildroot}%{_datadir}/check-mk-agent/plugins
 
@@ -185,6 +190,9 @@ rm -rf %{buildroot}%{_datadir}/check_mk/agents/solaris/
 rm -rf %{buildroot}%{_datadir}/check_mk/agents/hpux/
 rm -rf %{buildroot}%{_datadir}/check_mk/agents/sap/
 
+# Remove deprecated agent plugins.
+rm -rf %{buildroot}%{_datadir}/check_mk/agents/plugins/j4p_performance
+
 # Remove Windows files.
 rm -rf %{buildroot}%{_docdir}/check_mk/windows/
 rm -rf %{buildroot}%{_datadir}/check_mk/agents/windows/
@@ -223,11 +231,10 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
 %{_bindir}/mkp
 %{_bindir}/check_mk
 %config(noreplace) %{_sysconfdir}/check_mk/main.mk
-%config(noreplace) %{_sysconfdir}/check_mk/main.mk-1.2.4p2
+%config(noreplace) %{_sysconfdir}/check_mk/main.mk-1.2.4p5
 %{_sysconfdir}/check_mk/First-Installation.txt
 %{_sysconfdir}/check_mk/conf.d
 %{_sysconfdir}/nagios/auth.serials
-%{_datadir}/check_mk/agents
 %{_datadir}/check_mk/modules
 %{_datadir}/check_mk/checks
 %{_datadir}/check_mk/pnp-templates
@@ -239,6 +246,7 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
 %doc COPYING ChangeLog AUTHORS
 
 %files agent
+%{_datadir}/check_mk/agents
 %{_bindir}/check_mk_agent
 %{_bindir}/waitmax
 %{_bindir}/mk-job
@@ -254,7 +262,7 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
 %files multisite
 %{_datadir}/check_mk/web
 %config(noreplace) %{_sysconfdir}/check_mk/multisite.mk
-%config(noreplace) %{_sysconfdir}/check_mk/multisite.mk-1.2.4p2
+%config(noreplace) %{_sysconfdir}/check_mk/multisite.mk-1.2.4p5
 %{_sysconfdir}/check_mk/multisite.d
 %attr(660, apache, nagios) %{_sysconfdir}/check_mk/conf.d/wato
 
@@ -263,6 +271,27 @@ rmdir %{buildroot}%{_prefix}/lib/check_mk
 %{_libdir}/check_mk
 
 %changelog
+* Wed Sep 17 2014 Andrea Veri <averi@fedoraproject.org> - 1.2.4p5-1
+- New upstream release. Fixes CVEs:
+  - CVE-2014-5338 
+  - CVE-2014-5339
+  - CVE-2014-5340 (BZ: #1132337, #1132339, #1132341)
+- Stop shipping the j4p_performance plugin as it's deprecated. (BZ: #1133068)
+- Turn Wato_Legacy_Eval as True as we want to prevent breakages
+  between machines running different Python and/or check-mk releases.
+  This is necessary after the 'ast' move from 'pickle' (that was
+  generating a insecure API call), however the 'ast' module is still
+  not available for RHEL / CentOS 5 machines. The patch is there to 
+  avoid miscommunications between different distribution releases. More
+  information is available at:
+  http://mathias-kettner.com/check_mk_werks.php?werk_id=984.
+
+* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4p2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4p2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
 * Tue May 27 2014 Andrea Veri <averi@fedoraproject.org> - 1.2.4p2-2
 - Install the mk-job binary on /usr/bin.
 - Make sure the proper permissions are given to /var/lib/check_mk_agent/job
diff --git a/sources b/sources
index 2153953..6d6a60d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-1162c007d89558bc20c5655e35a0ba94  check_mk-1.2.4p2.tar.gz
+ef3055d191bd38295d1716b3f7824115  check_mk-1.2.4p5.tar.gz