diff --git a/SOURCES/bz1624110-1-harden-fPIE.patch b/SOURCES/bz1624110-1-harden-fPIE.patch
new file mode 100644
index 0000000..2d5d19c
--- /dev/null
+++ b/SOURCES/bz1624110-1-harden-fPIE.patch
@@ -0,0 +1,147 @@
+diff -uNr a/client/Makefile.in b/client/Makefile.in
+--- a/client/Makefile.in	2017-06-05 20:24:36.000000000 +0200
++++ b/client/Makefile.in	2019-04-09 15:04:01.910270557 +0200
+@@ -24,7 +24,7 @@
+ 	 `xml2-config --cflags`
+ 
+ # nss sucks in way too much stuff
+-LIBS+=-lnss3 `xml2-config --libs`
++LIBS+=-lnss3 `xml2-config --libs` -Wl,-z,now
+ 
+ TARGETS=${TARGET}
+ 
+@@ -40,7 +40,16 @@
+ 	ln -snf $^ $@
+ 
+ fence_virt: ${fence_virt_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -L../common -lfence_virt
++	$(CC) $(CFLAGS) -o $@ $^ -shared $(LIBS) -L../common -lfence_virt
++
++mcast.o: mcast.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++options.o: options.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++serial.o: serial.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
+ 
+ %.o: %.c
+ 	$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
+diff -uNr a/common/Makefile.in b/common/Makefile.in
+--- a/common/Makefile.in	2017-06-05 20:24:36.000000000 +0200
++++ b/common/Makefile.in	2019-04-09 15:07:17.456815023 +0200
+@@ -24,6 +24,18 @@
+ libfence_virt.a: ${libfence_virt_a_SOURCE:.c=.o}
+ 	ar rc $@ $^
+ 
++fdops.o: fdops.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++ip_lookup.o: ip_lookup.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++mcast.o: mcast.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++tcp.o: tcp.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
+ %.o: %.c
+ 	$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
+ 
+diff -uNr a/config/Makefile.in b/config/Makefile.in
+--- a/config/Makefile.in	2017-06-05 20:24:36.000000000 +0200
++++ b/config/Makefile.in	2019-04-09 13:53:38.538444645 +0200
+@@ -42,7 +42,7 @@
+ 	$(LEX) -oconfig.c config.l
+ 
+ %.o: %.c
+-	$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
++	$(CC) $(CFLAGS) -fPIE -c -o $@ $^ $(INCLUDES)
+ 
+ clean:
+ 	rm -f ${TARGETS} *~ *.o testprog config.tab.c config.tab.h config.c
+diff -uNr a/Makefile.top.in b/Makefile.top.in
+--- a/Makefile.top.in	2017-06-05 20:24:36.000000000 +0200
++++ b/Makefile.top.in	2019-04-09 15:17:52.488438333 +0200
+@@ -2,7 +2,9 @@
+ CXX=@CXX@
+ 
+ CFLAGS=@CFLAGS@
+-CFLAGS+=-fPIC -Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE
++CFLAGS+=-Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE
++CXXFLAGS=@CXXFLAGS@
++CXXFLAGS+=-Wall -Wformat=2 -Wstrict-prototypes -Wshadow -D_GNU_SOURCE
+ 
+ LEX=@LEX@
+ YACC=@YACC@
+diff -uNr a/server/Makefile.in b/server/Makefile.in
+--- a/server/Makefile.in	2017-06-05 20:24:36.000000000 +0200
++++ b/server/Makefile.in	2019-04-09 15:11:51.692932810 +0200
+@@ -32,7 +32,7 @@
+ XML_LIBS=`xml2-config --libs`
+ INCLUDES=-I../include `nss-config --cflags` `nspr-config --cflags` `xml2-config --cflags`
+ 
+-LIBS+=-L../common -lfence_virt -Wl,-wrap,syslog,-wrap,closelog -lpthread -luuid
++LIBS+=-L../common -lfence_virt -Wl,-z,now,-wrap,syslog,-wrap,closelog -lpthread -luuid
+ 
+ MODULE_PATH=${libdir}/${PACKAGE_NAME}
+ 
+@@ -150,37 +150,46 @@
+ all: ${TARGETS} ${MODULES}
+ 
+ fence_virtd: ${fence_virtd_SOURCES:.c=.o} ${fence_virtd_cxx_SOURCES:.cpp=.opp}
+-	$(CXX) -o $@ $^ $(MAIN_LIBS) $(LIBS)
++	$(CXX) $(CXXFLAGS) -o $@ $^ $(MAIN_LIBS) $(LIBS)
+ 
+ multicast.so: ${multicast_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
+ 
+ libvirt.so: ${libvirt_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS)
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS)
+ 
+ libvirt-qmf.so: ${libvirt_qmf_so_SOURCES:.c=.o} ${libvirt_qmf_cxx_so_SOURCES:.cpp=.opp}
+-	$(CXX) -o $@ $^ $(LIBS) -shared $(VIRT_QPID)
++	$(CXX) $(CXXFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_QPID)
+ 
+ pm-fence.so: ${pm_fence_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared $(PACEMAKER_LIBS)
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(PACEMAKER_LIBS)
+ 
+ cpg.so: ${cpg_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) $(COROSYNC_LIBS)
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS) $(COROSYNC_LIBS)
+ 
+ null.so: ${null_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared
+ 
+ serial.so: ${serial_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS)
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(VIRT_LIBS) $(UUID_LIBS) $(XML_LIBS)
+ 
+ tcp.so: ${tcp_so_SOURCES:.c=.o}
+-	$(CC) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
++	$(CC) $(CFLAGS) -o $@ $^ $(LIBS) -shared $(NSS_LIBS)
++
++cpg-virt.o: cpg-virt.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++virt.o: virt.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++
++virt-serial.o: virt-serial.c
++	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
+ 
+ %.o: %.c
+ 	$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
+ 
+ %.opp: %.cpp
+-	$(CXX) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
++	$(CXX) $(CXXFLAGS) -c -o $@ $^ $(INCLUDES)
+ 
+ install: all
+ 	if [ ! -d ${DESTDIR}/${sbindir} ]; then \
diff --git a/SOURCES/bz1624110-2-fence_virt-fix-coredump.patch b/SOURCES/bz1624110-2-fence_virt-fix-coredump.patch
new file mode 100644
index 0000000..0e74386
--- /dev/null
+++ b/SOURCES/bz1624110-2-fence_virt-fix-coredump.patch
@@ -0,0 +1,21 @@
+diff -uNr a/client/Makefile.in b/client/Makefile.in
+--- a/client/Makefile.in	2019-04-10 11:06:55.428378274 +0200
++++ b/client/Makefile.in	2019-04-10 13:02:54.734002880 +0200
+@@ -40,16 +40,7 @@
+ 	ln -snf $^ $@
+ 
+ fence_virt: ${fence_virt_SOURCES:.c=.o}
+-	$(CC) $(CFLAGS) -o $@ $^ -shared $(LIBS) -L../common -lfence_virt
+-
+-mcast.o: mcast.c
+-	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
+-
+-options.o: options.c
+-	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
+-
+-serial.o: serial.c
+-	$(CC) $(CFLAGS) -fPIC -c -o $@ $^ $(INCLUDES)
++	$(CC) $(CFLAGS) -pie -o $@ $^ $(LIBS) -L../common -lfence_virt
+ 
+ %.o: %.c
+ 	$(CC) $(CFLAGS) -c -o $@ $^ $(INCLUDES)
diff --git a/SOURCES/bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch b/SOURCES/bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch
new file mode 100644
index 0000000..6c541f9
--- /dev/null
+++ b/SOURCES/bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch
@@ -0,0 +1,35 @@
+From 83e507cd236c304ce6b95b2ba52d3894f8002dc8 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Fri, 9 Nov 2018 13:10:29 +0100
+Subject: [PATCH] fence_virt: dont report success for incorrect parameters
+
+---
+ client/main.c    | 2 +-
+ client/options.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/client/main.c b/client/main.c
+index 8e94093..a3135e3 100644
+--- a/client/main.c
++++ b/client/main.c
+@@ -112,7 +112,7 @@ main(int argc, char **argv)
+ 		args.mode = MODE_VSOCK;
+ 
+ 	if (args.flags & F_ERR) {
+-        if (args.op != FENCE_VALIDATEALL)
++		if (args.op != FENCE_VALIDATEALL)
+ 			args_usage(argv[0], my_options, (argc == 1));
+ 		exit(1);
+ 	}
+diff --git a/client/options.c b/client/options.c
+index a3f321b..4b5ed56 100644
+--- a/client/options.c
++++ b/client/options.c
+@@ -904,6 +904,7 @@ args_get_stdin(const char *optstr, fence_virt_args_t *args)
+ 				"parse warning: "
+ 				"illegal variable '%s' on line %d\n", name,
+ 				line);
++			args->flags |= F_ERR;
+ 			continue;
+ 		}
+ 
diff --git a/SPECS/fence-virt.spec b/SPECS/fence-virt.spec
index 36be5b7..6d8af66 100644
--- a/SPECS/fence-virt.spec
+++ b/SPECS/fence-virt.spec
@@ -1,6 +1,6 @@
 Name:		fence-virt
 Version:	0.4.0
-Release:	4%{?dist}
+Release:	7%{?dist}
 Summary:	A pluggable fencing framework for virtual machines
 Group:		System Environment/Base
 License:	GPLv2+
@@ -11,6 +11,9 @@ ExclusiveArch: i686 x86_64
 
 URL:		http://fence-virt.sourceforge.net
 Source0:	http://people.redhat.com/rmccabe/fence-virt/%{name}-%{version}.tar.bz2
+Patch0:		bz1624110-1-harden-fPIE.patch
+Patch1:		bz1624110-2-fence_virt-fix-coredump.patch
+Patch2:		bz1668357-fence_virt-dont-report-success-incorrect-parameter.patch
 
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
@@ -95,6 +98,9 @@ are located on corosync cluster nodes.
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1 -F1
 
 %build
 ./autogen.sh
@@ -186,6 +192,16 @@ fi
 %{_libdir}/%{name}/cpg.so
 
 %changelog
+* Tue Jul 23 2019 Oyvind Albrigtsen <oalbrigt@redhat.com> - 0.4.0-7
+- fence_xvm/fence_virt: dont report success for incorrect parameter
+  Resolves: rhbz#1668357
+
+* Tue Apr  9 2019 Oyvind Albrigtsen <oalbrigt@redhat.com> - 0.4.0-6
+- Harden with -fPIE and -Wl,-z,now
+  Resolves: rhbz#1624110
+- Add CI gating tests
+  Resolves: rhbz#1682883
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild