diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index de58d4f..5643f9a 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -6258,7 +6258,7 @@ index 79bf923..e11ccf8 100644
  	if ((fp = fopen(path, "r")) == NULL)
  		return -1;
 diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
-index 02b3cd2..7f140dd 100644
+index 02b3cd2..5f697f3 100644
 --- a/libselinux/src/label_file.c
 +++ b/libselinux/src/label_file.c
 @@ -8,6 +8,7 @@
@@ -6282,7 +6282,7 @@ index 02b3cd2..7f140dd 100644
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <unistd.h>
-@@ -229,6 +235,176 @@ static int process_line(struct selabel_handle *rec,
+@@ -229,6 +235,190 @@ static int process_line(struct selabel_handle *rec,
  	return 0;
  }
  
@@ -6296,6 +6296,7 @@ index 02b3cd2..7f140dd 100644
 +	char *addr;
 +	size_t len;
 +	int stem_map_len, *stem_map;
++	struct mmap_area *mmap_area;
 +
 +	uint32_t *magic;
 +	uint32_t *section_len;
@@ -6332,13 +6333,26 @@ index 02b3cd2..7f140dd 100644
 +	len += (sysconf(_SC_PAGE_SIZE) - 1);
 +	len &= ~(sysconf(_SC_PAGE_SIZE) - 1);
 +
++	mmap_area = malloc(sizeof(*mmap_area));
++	if (!mmap_area) {
++		close(mmapfd);
++		return -1;
++	}
++
 +	addr = mmap(NULL, len, PROT_READ, MAP_PRIVATE, mmapfd, 0);
 +	close(mmapfd);
 +	if (addr == MAP_FAILED) {
++		free(mmap_area);
 +		perror("mmap");
 +		return -1;
 +	}
 +
++	/* save where we mmap'd the file to cleanup on close() */
++	mmap_area->addr = addr;
++	mmap_area->len = len;
++	mmap_area->next = data->mmap_areas;
++	data->mmap_areas = mmap_area;
++
 +	/* check if this looks like an fcontext file */
 +	magic = (uint32_t *)addr;
 +	if (*magic != SELINUX_MAGIC_COMPILED_FCONTEXT)
@@ -6459,7 +6473,7 @@ index 02b3cd2..7f140dd 100644
  static int process_file(const char *path, const char *suffix, struct selabel_handle *rec, const char *prefix)
  {
  	FILE *fp;
-@@ -261,6 +437,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
+@@ -261,6 +451,10 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
  		return -1;
  	}
  
@@ -6470,7 +6484,7 @@ index 02b3cd2..7f140dd 100644
  	/*
  	 * The do detailed validation of the input and fill the spec array
  	 */
-@@ -270,6 +450,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
+@@ -270,6 +464,7 @@ static int process_file(const char *path, const char *suffix, struct selabel_han
  		if (rc)
  			return rc;
  	}
@@ -6478,16 +6492,29 @@ index 02b3cd2..7f140dd 100644
  	free(line_buf);
  	fclose(fp);
  
-@@ -357,6 +538,8 @@ static void closef(struct selabel_handle *rec)
+@@ -351,16 +546,19 @@ finish:
+ static void closef(struct selabel_handle *rec)
+ {
+ 	struct saved_data *data = (struct saved_data *)rec->data;
++	struct mmap_area *area, *last_area;
+ 	struct spec *spec;
+ 	struct stem *stem;
+ 	unsigned int i;
  
  	for (i = 0; i < data->nspec; i++) {
  		spec = &data->spec_arr[i];
++		free(spec->lr.ctx_trans);
++		free(spec->lr.ctx_raw);
 +		if (spec->from_mmap)
 +			continue;
  		free(spec->regex_str);
  		free(spec->type_str);
- 		free(spec->lr.ctx_raw);
-@@ -369,6 +552,8 @@ static void closef(struct selabel_handle *rec)
+-		free(spec->lr.ctx_raw);
+-		free(spec->lr.ctx_trans);
+ 		if (spec->regcomp) {
+ 			pcre_free(spec->regex);
+ 			pcre_free_study(spec->sd);
+@@ -369,6 +567,8 @@ static void closef(struct selabel_handle *rec)
  
  	for (i = 0; i < (unsigned int)data->num_stems; i++) {
  		stem = &data->stem_arr[i];
@@ -6496,11 +6523,27 @@ index 02b3cd2..7f140dd 100644
  		free(stem->buf);
  	}
  
+@@ -376,7 +576,14 @@ static void closef(struct selabel_handle *rec)
+ 		free(data->spec_arr);
+ 	if (data->stem_arr)
+ 		free(data->stem_arr);
+-	
++
++	area = data->mmap_areas;
++	while (area) {
++		munmap(area->addr, area->len);
++		last_area = area;
++		area = area->next;
++		free(last_area);
++	}
+ 	free(data);
+ }
+ 
 diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h
-index cb5633b..9799bbb 100644
+index cb5633b..bf0c9e2 100644
 --- a/libselinux/src/label_file.h
 +++ b/libselinux/src/label_file.h
-@@ -5,24 +5,32 @@
+@@ -5,24 +5,39 @@
  
  #include "label_internal.h"
  
@@ -6531,10 +6574,22 @@ index cb5633b..9799bbb 100644
  	char *buf;
  	int len;
 +	char from_mmap;
++};
++
++/* Where we map the file in during selabel_open() */
++struct mmap_area {
++	void *addr;
++	size_t len;
++	struct mmap_area *next;
  };
  
  /* Our stored configuration */
-@@ -45,7 +53,10 @@ struct saved_data {
+@@ -41,11 +56,15 @@ struct saved_data {
+ 	struct stem *stem_arr;
+ 	int num_stems;
+ 	int alloc_stems;
++	struct mmap_area *mmap_areas;
+ };
  
  static inline pcre_extra *get_pcre_extra(struct spec *spec)
  {
@@ -6700,7 +6755,7 @@ index 2d7369e..2a00807 100644
  }
  
 diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
-index 83381e4..c1d4990 100644
+index 83381e4..6c5b45a 100644
 --- a/libselinux/src/procattr.c
 +++ b/libselinux/src/procattr.c
 @@ -1,6 +1,7 @@
@@ -6711,7 +6766,7 @@ index 83381e4..c1d4990 100644
  #include <string.h>
  #include <stdlib.h>
  #include <stdio.h>
-@@ -8,33 +9,135 @@
+@@ -8,32 +9,137 @@
  #include "selinux_internal.h"
  #include "policy.h"
  
@@ -6776,7 +6831,7 @@ index 83381e4..c1d4990 100644
 +	}
 +}
 +
-+static int openattr(pid_t pid, const char *attr, int flags) 
++static int openattr(pid_t pid, const char *attr, int flags)
  {
 -	char *path, *buf;
 -	size_t size;
@@ -6785,6 +6840,9 @@ index 83381e4..c1d4990 100644
 -	pid_t tid;
 -	int errno_hold;
 +	char *path;
++
++	if (cpid != getpid())
++		free_procattr();
  
  	if (pid > 0)
  		rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
@@ -6798,9 +6856,8 @@ index 83381e4..c1d4990 100644
  		return -1;
  
 -	fd = open(path, O_RDONLY);
-+	fd = open(path, flags);
++	fd = open(path, flags | O_CLOEXEC);
  	free(path);
--	if (fd < 0)
 +	return fd;
 +}
 +
@@ -6851,13 +6908,12 @@ index 83381e4..c1d4990 100644
 +		}
 +		return 0;
 +	}
-+		
++
 +	fd = openattr(pid, attr, O_RDONLY);
-+	if (fd < 0) 
+ 	if (fd < 0)
  		return -1;
  
- 	size = selinux_page_size;
-@@ -90,40 +193,70 @@ static int getprocattrcon(security_context_t * context,
+@@ -90,40 +196,70 @@ static int getprocattrcon(security_context_t * context,
  static int setprocattrcon_raw(security_context_t context,
  			      pid_t pid, const char *attr)
  {
diff --git a/libselinux.spec b/libselinux.spec
index 5d7d0ef..ffca062 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -4,13 +4,13 @@
 
 %define ruby_inc %(pkg-config --cflags ruby)
 %define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
-%define libsepolver 2.1.8-6
+%define libsepolver 2.1.8-7
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.1.12
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -241,6 +241,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Fri Jan 25 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
+- Update to latest patches from eparis/Upstream
+
 * Wed Jan 23 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.12-18
 - Try procatt speedup patch again