diff --git a/.gitignore b/.gitignore
index a6ff50e..f67c885 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 /Python-3.4.3.tar.xz
 /Python-3.4.5.tar.xz
 /Python-3.4.7.tar.xz
+/Python-3.4.8.tar.xz
diff --git a/00286-pystring-decodeescape-integer-overflow.patch b/00286-pystring-decodeescape-integer-overflow.patch
deleted file mode 100644
index 8c22f3c..0000000
--- a/00286-pystring-decodeescape-integer-overflow.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001
-From: Jay Bosamiya <jaybosamiya@gmail.com>
-Date: Sun, 18 Jun 2017 22:11:03 +0530
-Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in
- PyString_DecodeEscape (#2174)
-
-diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
-index 77dd45e..9b29dc3 100644
---- a/Objects/bytesobject.c
-+++ b/Objects/bytesobject.c
-@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,
-     char *p, *buf;
-     const char *end;
-     PyObject *v;
--    Py_ssize_t newlen = recode_encoding ? 4*len:len;
-+    Py_ssize_t newlen;
-+    /* Check for integer overflow */
-+    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
-+        PyErr_SetString(PyExc_OverflowError, "string is too large");
-+        return NULL;
-+    }
-+    newlen = recode_encoding ? 4*len:len;
-     v = PyBytes_FromStringAndSize((char *)NULL, newlen);
-     if (v == NULL)
-         return NULL;
diff --git a/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch b/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch
new file mode 100644
index 0000000..18ccf7b
--- /dev/null
+++ b/00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch
@@ -0,0 +1,50 @@
+diff -U3 -r Python-3.4.8-orig/configure Python-3.4.8/configure
+--- Python-3.4.8-orig/configure	2018-02-13 11:08:48.126741021 +0100
++++ Python-3.4.8/configure	2018-02-13 11:32:32.579790986 +0100
+@@ -7006,7 +7006,7 @@
+ 
+ fi
+ 
+-for ac_header in asm/types.h conio.h direct.h dlfcn.h errno.h \
++for ac_header in asm/types.h crypt.h conio.h direct.h dlfcn.h errno.h \
+ fcntl.h grp.h \
+ ieeefp.h io.h langinfo.h libintl.h process.h pthread.h \
+ sched.h shadow.h signal.h stdint.h stropts.h termios.h \
+diff -U3 -r Python-3.4.8-orig/configure.ac Python-3.4.8/configure.ac
+--- Python-3.4.8-orig/configure.ac	2018-02-13 11:08:48.060740742 +0100
++++ Python-3.4.8/configure.ac	2018-02-13 11:09:59.208039082 +0100
+@@ -1563,7 +1563,7 @@
+ 
+ # checks for header files
+ AC_HEADER_STDC
+-AC_CHECK_HEADERS(asm/types.h conio.h direct.h dlfcn.h errno.h \
++AC_CHECK_HEADERS(asm/types.h crypt.h conio.h direct.h dlfcn.h errno.h \
+ fcntl.h grp.h \
+ ieeefp.h io.h langinfo.h libintl.h process.h pthread.h \
+ sched.h shadow.h signal.h stdint.h stropts.h termios.h \
+diff -U3 -r Python-3.4.8-orig/Include/Python.h Python-3.4.8/Include/Python.h
+--- Python-3.4.8-orig/Include/Python.h	2018-02-05 00:40:38.000000000 +0100
++++ Python-3.4.8/Include/Python.h	2018-02-13 11:09:40.689963273 +0100
+@@ -35,6 +35,9 @@
+ #ifdef HAVE_UNISTD_H
+ #include <unistd.h>
+ #endif
++#ifdef HAVE_CRYPT_H
++#include <crypt.h>
++#endif
+ 
+ /* For size_t? */
+ #ifdef HAVE_STDDEF_H
+diff -U3 -r Python-3.4.8-orig/Modules/_cryptmodule.c Python-3.4.8/Modules/_cryptmodule.c
+--- Python-3.4.8-orig/Modules/_cryptmodule.c	2018-02-05 00:40:38.000000000 +0100
++++ Python-3.4.8/Modules/_cryptmodule.c	2018-02-13 12:00:51.636164978 +0100
+@@ -69,7 +69,8 @@
+ {
+     /* On some platforms (AtheOS) crypt returns NULL for an invalid
+        salt. Return None in that case. XXX Maybe raise an exception?  */
+-    return Py_BuildValue("s", crypt(word, salt));
++    char *result = crypt(word, salt)
++    return Py_BuildValue("s", result);
+ }
+ 
+ 
diff --git a/python34.spec b/python34.spec
index 5a48f12..0155cfd 100644
--- a/python34.spec
+++ b/python34.spec
@@ -125,8 +125,8 @@
 # ==================
 Summary: Version 3.4 of the Python programming language
 Name: python%{pyshortver}
-Version: %{pybasever}.7
-Release: 4%{?dist}
+Version: %{pybasever}.8
+Release: 1%{?dist}
 License: Python
 Group: Development/Languages
 
@@ -500,11 +500,12 @@ Patch250: 00250-getentropy.patch
 # See https://bugzilla.redhat.com/show_bug.cgi?id=1484497
 Patch273: 00273-skip-float-test.patch
 
-# 00286 #
-# CVE-2017-1000158
-# Check & prevent integer overflow in PyString_DecodeEscape
-# Fixed upstream: https://bugs.python.org/issue30657
-Patch286: 00286-pystring-decodeescape-integer-overflow.patch
+# 00290 #
+# Not every target system may provide a crypt() function in its stdlibc
+# and may use an external or replacement library, like libxcrypt, for
+# providing such functions.
+# Fixed upstream: https://bugs.python.org/issue32635
+Patch290: 00290-cryptmodule-Include-crypt.h-for-declaration-of-crypt.patch
 
 # (New patches go here ^^^)
 #
@@ -659,7 +660,7 @@ done
 %patch203 -p1
 %patch250 -p1
 %patch273 -p1
-%patch286 -p1
+%patch290 -p1
 
 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
 # are many differences between 2.6 and the Python 3 library.
@@ -1111,6 +1112,8 @@ CheckPython() {
   #   @unittest._expectedFailureInRpmBuild
   # test_faulthandler.test_register_chain currently fails on ppc64le and
   #   aarch64, see upstream bug http://bugs.python.org/issue21131
+  # test_buffer fails with Decimal on ppc64le,
+  #   see https://bugzilla.redhat.com/show_bug.cgi?id=1544833
   WITHIN_PYTHON_RPM_BUILD= \
   LD_LIBRARY_PATH=$ConfDir $ConfDir/python -m test.regrtest \
     --verbose --findleaks \
@@ -1118,6 +1121,9 @@ CheckPython() {
     %ifarch ppc64le aarch64
     -x test_faulthandler \
     %endif
+    %ifarch ppc64le
+    -x test_buffer \
+    %endif
     %ifarch %{power64} s390 s390x armv7hl aarch64
     -x test_gdb
     %endif
@@ -1214,6 +1220,11 @@ CheckPython optimized
 # ======================================================
 
 %changelog
+* Tue Feb 13 2018 Petr Viktorin <pviktori@redhat.com> - 3.4.8-1
+- Update to 3.4.8 bugfix release
+- Add patch 00290 to fix build with libxcrypt
+- Disable test_buffer on ppc64le
+
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
diff --git a/sources b/sources
index b54c52f..27f889d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (Python-3.4.7.tar.xz) = 34d303f510210d7e695f65f69819049bdf71607b100cf4658af4620b14385f2e5acc3363f2e1b573509cca651e91c836ccd4fb00982f061a58e9b5c9504cd060
+SHA512 (Python-3.4.8.tar.xz) = 478552c72efe606cb1993024b81839c51d01f1c949564c007ab2b76016f110e1f7bd418e5de3f4f93b466ce7dbe6583d3c150830d1f28f75e0809625b568a7ec