diff --git a/0001-hif-Fix-use-after-free-during-untrusted-repo-check.patch b/0001-hif-Fix-use-after-free-during-untrusted-repo-check.patch
new file mode 100644
index 0000000..75de5e7
--- /dev/null
+++ b/0001-hif-Fix-use-after-free-during-untrusted-repo-check.patch
@@ -0,0 +1,44 @@
+From e3d857e50e2a9d587e59e377238adb7ed2e82a58 Mon Sep 17 00:00:00 2001
+From: Kalev Lember <kalevlember@gmail.com>
+Date: Fri, 13 Mar 2015 22:47:49 +0100
+Subject: [PATCH] hif: Fix use-after-free during untrusted repo check
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1185544
+---
+ backends/hif/pk-backend-hif.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/backends/hif/pk-backend-hif.c b/backends/hif/pk-backend-hif.c
+index 2e497cd..5988ab1 100644
+--- a/backends/hif/pk-backend-hif.c
++++ b/backends/hif/pk-backend-hif.c
+@@ -2090,7 +2090,7 @@ pk_backend_transaction_check_untrusted_repos (PkBackend *backend, GPtrArray *sou
+ 					 HIF_PACKAGE_INFO_DOWNGRADE,
+ 					 HIF_PACKAGE_INFO_UPDATE,
+ 					 -1);
+-	array = g_ptr_array_new ();
++	array = g_ptr_array_new_with_free_func ((GDestroyNotify) hy_package_free);
+ 	for (i = 0; i < install->len; i++) {
+ 		pkg = g_ptr_array_index (install, i);
+ 
+@@ -2098,7 +2098,7 @@ pk_backend_transaction_check_untrusted_repos (PkBackend *backend, GPtrArray *sou
+ 		 * untrusted repo */
+ 		if (g_strcmp0 (hy_package_get_reponame (pkg),
+ 			       HY_CMDLINE_REPO_NAME) == 0) {
+-			g_ptr_array_add (array, pkg);
++			g_ptr_array_add (array, hy_package_link (pkg));
+ 			continue;
+ 		}
+ 
+@@ -2115,7 +2115,7 @@ pk_backend_transaction_check_untrusted_repos (PkBackend *backend, GPtrArray *sou
+ 
+ 		/* repo has no gpg key */
+ 		if (!hif_source_get_gpgcheck (src))
+-			g_ptr_array_add (array, pkg);
++			g_ptr_array_add (array, hy_package_link (pkg));
+ 	}
+ out:
+ 	if (array != NULL && !ret) {
+-- 
+2.3.4
+
diff --git a/PackageKit.spec b/PackageKit.spec
index d6dd2f3..5d65183 100644
--- a/PackageKit.spec
+++ b/PackageKit.spec
@@ -7,7 +7,7 @@
 Summary:   Package management service
 Name:      PackageKit
 Version:   1.0.5
-Release:   1%{?dist}
+Release:   2%{?dist}
 License:   GPLv2+ and LGPLv2+
 URL:       http://www.freedesktop.org/software/PackageKit/
 Source0:   http://www.freedesktop.org/software/PackageKit/releases/%{name}-%{version}.tar.xz
@@ -19,6 +19,7 @@ Source1:   cached-metadata.tar
 Patch0:    PackageKit-0.3.8-Fedora-Vendor.conf.patch
 # Backported from upstream
 Patch1:    PackageKit-new-missing-codecs-API.patch
+Patch2:    0001-hif-Fix-use-after-free-during-untrusted-repo-check.patch
 
 Requires: %{name}-glib%{?_isa} = %{version}-%{release}
 Requires: shared-mime-info
@@ -176,6 +177,7 @@ using PackageKit.
 %setup -q
 %patch0 -p1 -b .fedora
 %patch1 -p1 -b .new-missing-codecs-API
+%patch2 -p1
 
 %build
 %configure \
@@ -314,6 +316,9 @@ systemctl disable packagekit-offline-update.service > /dev/null 2>&1 || :
 %{_datadir}/gtk-doc/html/PackageKit
 
 %changelog
+* Sat Mar 28 2015 Kalev Lember <kalevlember@gmail.com> - 1.0.5-2
+- Backport a crash fix from upstream (#1185544)
+
 * Sat Feb 21 2015 Kalev Lember <kalevlember@gmail.com> - 1.0.5-1
 - Update to 1.0.5
 - Backport new missing gstreamer codecs API