diff --git a/.flatpak.metadata b/.flatpak.metadata
new file mode 100644
index 0000000..56a0c50
--- /dev/null
+++ b/.flatpak.metadata
@@ -0,0 +1 @@
+41429400eab33868b6c6045fe235e86e1086a056 SOURCES/flatpak-1.12.9.tar.xz
diff --git a/.gitignore b/.gitignore
index f7ca2f2..804ac25 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/flatpak-1.10.8.tar.xz
+SOURCES/flatpak-1.12.9.tar.xz
diff --git a/SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch b/SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
new file mode 100644
index 0000000..8c9dd9f
--- /dev/null
+++ b/SOURCES/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
@@ -0,0 +1,28 @@
+From 1c73110795b865246ce3595042dcd2d5e7891359 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <debarshir@gnome.org>
+Date: Mon, 6 Nov 2023 20:27:16 +0100
+Subject: [PATCH] Revert "selinux: Permit using systemd-userdbd"
+
+This reverts commit 399710ada185c1ee232bc3e6266a71688eb152b7.
+---
+ selinux/flatpak.te | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/selinux/flatpak.te b/selinux/flatpak.te
+index bb3d80e316eb..4cf895c44abe 100644
+--- a/selinux/flatpak.te
++++ b/selinux/flatpak.te
+@@ -33,10 +33,6 @@ optional_policy(`
+    policykit_dbus_chat(flatpak_helper_t)
+ ')
+ 
+-optional_policy(`
+-   systemd_userdbd_stream_connect(flatpak_helper_t)
+-')
+-
+ optional_policy(`                   
+     unconfined_domain(flatpak_helper_t)
+ ')
+-- 
+2.41.0
+
diff --git a/SPECS/flatpak.spec b/SPECS/flatpak.spec
index c75ea9c..a5b210e 100644
--- a/SPECS/flatpak.spec
+++ b/SPECS/flatpak.spec
@@ -2,14 +2,22 @@
 %global ostree_version 2020.8
 
 Name:           flatpak
-Version:        1.10.8
-Release:        2%{?dist}
+Version:        1.12.9
+Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
 URL:            http://flatpak.org/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 
+%if 0%{?fedora}
+# Add Fedora flatpak repositories
+Source1:        flatpak-add-fedora-repos.service
+%endif
+
+# https://issues.redhat.com/browse/RHEL-4220
+Patch0:         flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
+
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
 BuildRequires:  pkgconfig(fuse)
@@ -40,8 +48,6 @@ BuildRequires:  systemd
 BuildRequires:  /usr/bin/xmlto
 BuildRequires:  /usr/bin/xsltproc
 
-%{?systemd_requires}
-
 Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       librsvg2%{?_isa}
 Requires:       ostree-libs%{?_isa} >= %{ostree_version}
@@ -120,7 +126,7 @@ This package contains installed tests for %{name}.
 %prep
 %autosetup -p1
 # Make sure to use the RHEL-lifetime supported Python and no other
-%py3_shebang_fix scripts/*  variant-schema-compiler/*
+%py3_shebang_fix scripts/* subprojects/variant-schema-compiler/* tests/*
 
 
 %build
@@ -144,6 +150,11 @@ install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir}
 install -d %{buildroot}%{_localstatedir}/lib/flatpak
 install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d
 rm -f %{buildroot}%{_libdir}/libflatpak.la
+
+%if 0%{?fedora}
+install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
+%endif
+
 %find_lang %{name}
 
 # Work around selinux denials, see
@@ -160,15 +171,28 @@ getent passwd flatpak >/dev/null || \
 exit 0
 
 
+%if 0%{?fedora}
 %post
-# Create an (empty) system-wide repo.
-flatpak remote-list --system &> /dev/null || :
+%systemd_post flatpak-add-fedora-repos.service
+%endif
 
 
 %post selinux
 %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
 
 
+%if 0%{?fedora}
+%preun
+%systemd_preun flatpak-add-fedora-repos.service
+%endif
+
+
+%if 0%{?fedora}
+%postun
+%systemd_postun_with_restart flatpak-add-fedora-repos.service
+%endif
+
+
 %postun selinux
 if [ $1 -eq 0 ]; then
     %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
@@ -211,6 +235,7 @@ fi
 %{_mandir}/man5/flatpak-installation.5*
 %{_mandir}/man5/flatpak-remote.5*
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
+%dir %{_sysconfdir}/flatpak
 %{_sysconfdir}/flatpak/remotes.d
 %{_sysconfdir}/profile.d/flatpak.sh
 %{_sysusersdir}/flatpak.conf
@@ -219,6 +244,10 @@ fi
 %{_userunitdir}/flatpak-portal.service
 %{_systemd_user_env_generator_dir}/60-flatpak
 
+%if 0%{?fedora}
+%{_unitdir}/flatpak-add-fedora-repos.service
+%endif
+
 %files devel
 %{_datadir}/gir-1.0/Flatpak-1.0.gir
 %{_datadir}/gtk-doc/
@@ -248,6 +277,15 @@ fi
 
 
 %changelog
+* Tue Apr 30 2024 Kalev Lember <klember@redhat.com> - 1.12.9-1
+- Update to 1.12.9 (CVE-2024-32462)
+
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
+- Rebase to 1.12.8 (RHEL-4220)
+
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-3
+- Let flatpak own %%{_sysconfdir}/flatpak (RHEL-15822)
+
 * Mon Sep 04 2023 Miro Hrončok <mhroncok@redhat.com> - 1.10.8-2
 - Make sure to use the RHEL-lifetime supported Python and no other (RHEL-2225)