diff --git a/xen.fedora.crypt.patch b/xen.fedora.crypt.patch
new file mode 100644
index 0000000..439f7f8
--- /dev/null
+++ b/xen.fedora.crypt.patch
@@ -0,0 +1,11 @@
+--- xen-4.5.1/tools/qemu-xen-traditional/vnc.c.orig	2015-07-12 21:55:32.875504811 +0100
++++ xen-4.5.1/tools/qemu-xen-traditional/vnc.c	2015-07-12 22:03:03.860005391 +0100
+@@ -2140,7 +2140,7 @@
+ 
+ static int vnc_set_gnutls_priority(gnutls_session_t s, int x509)
+ {
+-    const char *priority = x509 ? "NORMAL" : "NORMAL:+ANON-DH";
++    const char *priority = x509 ? "@SYSTEM" : "@SYSTEM:+ANON-DH";
+     int rc;
+ 
+     rc = gnutls_priority_set_direct(s, priority, NULL);
diff --git a/xen.fedora.systemd.patch b/xen.fedora.systemd.patch
index 5753229..acdf9d2 100644
--- a/xen.fedora.systemd.patch
+++ b/xen.fedora.systemd.patch
@@ -89,6 +89,15 @@ diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/xen-qemu-dom0-disk-backend.s
  Before=xendomains.service libvirtd.service libvirt-guests.service
  RefuseManualStop=true
  ConditionPathExists=/proc/xen/capabilities
+@@ -11,7 +11,7 @@
+ PIDFile=@XEN_RUN_DIR@/qemu-dom0.pid
+ ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities
+ ExecStartPre=/bin/mkdir -p @XEN_RUN_DIR@
+-ExecStart=@LIBEXEC_BIN@/qemu-system-i386 -xen-domid 0 \
++ExecStart=@BINDIR@/qemu-system-i386 -xen-domid 0 \
+ 	-xen-attach -name dom0 -nographic -M xenpv -daemonize \
+ 	-monitor /dev/null -serial /dev/null -parallel /dev/null \
+ 	-pidfile @XEN_RUN_DIR@/qemu-dom0.pid
 diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/xenstored.service.in xen-4.5.0/tools/hotplug/Linux/systemd/xenstored.service.in
 --- xen-4.5.0/tools/hotplug/Linux/systemd.orig/xenstored.service.in	2015-01-12 16:53:24.000000000 +0000
 +++ xen-4.5.0/tools/hotplug/Linux/systemd/xenstored.service.in	2015-01-25 22:37:27.000000000 +0000
diff --git a/xen.spec b/xen.spec
index 0c0798f..87fb7fa 100644
--- a/xen.spec
+++ b/xen.spec
@@ -51,7 +51,7 @@
 Summary: Xen is a virtual machine monitor
 Name:    xen
 Version: 4.5.1
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group:   Development/Libraries
 License: GPLv2+ and LGPLv2+ and BSD
 URL:     http://xen.org/
@@ -89,6 +89,7 @@ Patch20: qemu.trad.build.patch
 Patch21: xsa135-qemut-1.patch
 Patch22: xsa135-qemut-2.patch
 Patch23: xsa137.patch
+Patch24: xen.fedora.crypt.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: transfig libidn-devel zlib-devel texi2html SDL-devel curl-devel
@@ -124,6 +125,8 @@ BuildRequires: bzip2-devel xz-devel
 BuildRequires: e2fsprogs-devel
 # tools now require yajl and wget
 BuildRequires: yajl-devel wget
+# remus support now needs libnl3
+BuildRequires: libnl3-devel
 %if %with_xsm
 # xsm policy file needs needs checkpolicy and m4
 BuildRequires: checkpolicy m4
@@ -277,6 +280,7 @@ manage Xen virtual machines.
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
 
 # stubdom sources
 cp -v %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} stubdom
@@ -517,13 +521,23 @@ fi
 
 %if %build_hyp
 %post hypervisor
-if [ $1 == 1 -a -f /sbin/grub2-mkconfig -a -f /boot/grub2/grub.cfg ]; then
-  /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
+if [ $1 == 1 -a -f /sbin/grub2-mkconfig ]; then
+  if [ -f /boot/grub2/grub.cfg ]; then
+    /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
+  fi
+  if [ -f /boot/efi/EFI/fedora/grub.cfg ]; then
+    /sbin/grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
+  fi
 fi
 
 %postun hypervisor
-if [ -f /sbin/grub2-mkconfig -a -f /boot/grub2/grub.cfg ]; then
-  /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
+if [ -f /sbin/grub2-mkconfig ]; then
+  if [ -f /boot/grub2/grub.cfg ]; then
+    /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
+  fi
+  if [ -f /boot/efi/EFI/fedora/grub.cfg ]; then
+    /sbin/grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
+  fi
 fi
 %endif
 
@@ -781,7 +795,13 @@ rm -rf %{buildroot}
 %endif
 
 %changelog
-* Tue Jul 7 2015 Michael Young <m.a.young@durham.ac.uk> - 4.5.1-2
+* Thu Jul 23 2015 Michael Young <m.a.young@durham.ac.uk> - 4.5.1-3
+- correct qemu location in xen-qemu-dom0-disk-backend.service (#1242246)
+- rebuild efi grub.cfg if it is present (#1239309)
+- re-enable remus by building with libnl3
+- modify gnutls use in line with Fedora's crypto policies (#1179352)
+
+* Tue Jul 07 2015 Michael Young <m.a.young@durham.ac.uk> - 4.5.1-2
 - xl command line config handling stack overflow [XSA-137, CVE-2015-3259]
 
 * Mon Jun 22 2015 Michael Young <m.a.young@durham.ac.uk> - 4.5.1-1