diff --git a/.gitignore b/.gitignore
index e107b82..4570e26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ opencryptoki-2.3.1.tar.gz
 /opencryptoki-2.4.tar.gz
 /opencryptoki-2.4.1.tar.gz
 /opencryptoki-2.4.2.tar.gz
+/opencryptoki-2.4.3.tar.gz
+/opencryptoki-2.4.3.1-tar.gz
diff --git a/opencryptoki-2.4.1-830129.patch b/opencryptoki-2.4.1-830129.patch
deleted file mode 100644
index df404fa..0000000
--- a/opencryptoki-2.4.1-830129.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/cca_stdll/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/cca_stdll/h_extern.h
---- opencryptoki-2.4.1/usr/lib/pkcs11/cca_stdll/h_extern.h	2012-02-22 13:37:51.000000000 -0600
-+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/cca_stdll/h_extern.h	2012-06-11 09:56:02.509036554 -0500
-@@ -1642,10 +1642,6 @@ CK_RV    object_mgr_get_attribute_values
- CK_RV    object_mgr_get_object_size( CK_OBJECT_HANDLE   handle,
-                                      CK_ULONG         * size );
- 
--CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle );
--
--CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj );
--
- CK_BBOOL object_mgr_purge_session_objects( SESSION       * sess,
-                                            SESS_OBJ_TYPE   type );
- 
-diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/common/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/common/h_extern.h
---- opencryptoki-2.4.1/usr/lib/pkcs11/common/h_extern.h	2012-02-22 13:37:51.000000000 -0600
-+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/common/h_extern.h	2012-06-11 09:56:02.510036534 -0500
-@@ -1955,10 +1955,6 @@ CK_RV    object_mgr_get_attribute_values
- CK_RV    object_mgr_get_object_size( CK_OBJECT_HANDLE   handle,
-                                      CK_ULONG         * size );
- 
--CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle );
--
--CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj );
--
- CK_BBOOL object_mgr_purge_session_objects( SESSION       * sess,
-                                            SESS_OBJ_TYPE   type );
- 
-diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/common/mech_ssl3.c opencryptoki-2.4.1-key/usr/lib/pkcs11/common/mech_ssl3.c
---- opencryptoki-2.4.1/usr/lib/pkcs11/common/mech_ssl3.c	2012-02-22 13:37:51.000000000 -0600
-+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/common/mech_ssl3.c	2012-06-11 09:56:02.510036534 -0500
-@@ -1746,16 +1746,7 @@ ssl3_key_and_mac_derive( SESSION
- #endif
-    }
- 
--   return rc;
--
- error:
--
--   if (client_write_handle != 0)
--      object_mgr_invalidate_handle1( client_write_handle );
--
--   if (server_write_handle != 0)
--      object_mgr_invalidate_handle1( server_write_handle );
--
-    return rc;
- }
- 
-@@ -1917,8 +1908,8 @@ ssl3_kmd_process_mac_keys( SESSION
-    return CKR_OK;
- 
- error:
--   if (*client_handle != 0) object_mgr_invalidate_handle1( *client_handle );
--   if (*server_handle != 0) object_mgr_invalidate_handle1( *server_handle );
-+   *client_handle = 0;
-+   *server_handle = 0;
- 
-    if (client_obj) {
-       object_free( client_obj );
-@@ -2173,11 +2164,8 @@ ssl3_kmd_process_write_keys( SESSION
-    return CKR_OK;
- 
- error:
--   if (*client_handle != 0)
--      object_mgr_invalidate_handle1( *client_handle );
--
--   if (*server_handle != 0)
--      object_mgr_invalidate_handle1( *server_handle );
-+   *client_handle = 0;
-+   *server_handle = 0;
- 
-    if (client_obj)
-       object_free( client_obj );
-diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/h_extern.h opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/h_extern.h
---- opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/h_extern.h	2012-02-22 13:37:51.000000000 -0600
-+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/h_extern.h	2012-06-11 09:56:02.511036516 -0500
-@@ -1533,10 +1533,6 @@ CK_RV    object_mgr_get_attribute_values
- CK_RV    object_mgr_get_object_size( CK_OBJECT_HANDLE   handle,
-                                      CK_ULONG         * size );
- 
--CK_BBOOL object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle );
--
--CK_BBOOL object_mgr_invalidate_handle2( OBJECT *obj );
--
- CK_BBOOL object_mgr_purge_session_objects( SESSION       * sess,
-                                            SESS_OBJ_TYPE   type );
- 
-diff -X /root/gitignore -pburN opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/key_mgr.c opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/key_mgr.c
---- opencryptoki-2.4.1/usr/lib/pkcs11/tpm_stdll/key_mgr.c	2012-02-22 13:37:51.000000000 -0600
-+++ opencryptoki-2.4.1-key/usr/lib/pkcs11/tpm_stdll/key_mgr.c	2012-06-11 09:42:48.351005308 -0500
-@@ -844,7 +844,7 @@ key_mgr_unwrap_key( SESSION           *
-          //
-          break;
-      default:
--	OCK_LOG_ERROR(ERR_MECHANISM_INVALID);
-+	OCK_LOG_ERR(ERR_MECHANISM_INVALID);
- 	return CKR_MECHANISM_INVALID;
-    }
- 
diff --git a/opencryptoki-2.4.1-man.patch b/opencryptoki-2.4.1-man.patch
deleted file mode 100644
index fec3a0a..0000000
--- a/opencryptoki-2.4.1-man.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff --git a/configure.in b/configure.in
-index 483a092..083a766 100644
---- a/configure.in
-+++ b/configure.in
-@@ -663,6 +663,7 @@ AC_CONFIG_FILES([Makefile usr/Makefile \
- 	  man/Makefile \
- 	  man/man1/Makefile \
- 	  man/man1/pkcsconf.1 \
-+	  man/man1/pkcs_slot.1 \
- 	  man/man1/pkcs11_startup.1 \
- 	  man/man5/Makefile \
- 	  man/man5/pk_config_data.5 \
-diff --git a/man/man1/Makefile.am b/man/man1/Makefile.am
-index 8f0e5ee..1560fec 100644
---- a/man/man1/Makefile.am
-+++ b/man/man1/Makefile.am
-@@ -1,2 +1,2 @@
--man1_MANS=pkcs11_startup.1 pkcsconf.1
-+man1_MANS=pkcs11_startup.1 pkcs_slot.1 pkcsconf.1
- EXTRA_DIST = $(man1_MANS)
-diff --git a/man/man1/pkcs_slot.1.in b/man/man1/pkcs_slot.1.in
-new file mode 100644
-index 0000000..8d55c9a
---- /dev/null
-+++ b/man/man1/pkcs_slot.1.in
-@@ -0,0 +1,23 @@
-+.TH PKCS_SLOT 1 "February 2010"  "@PACKAGE_VERSION@" "openCryptoki"
-+.SH NAME
-+pkcs_slot \- configuration program for opencryptoki
-+.SH SYNOPSIS
-+.B pkcs_slot
-+\fIdevicenumber depth\fR
-+.SH DESCRIPTION
-+
-+This utility is used internal by pkcs11_startup.
-+It writes the configuration file to disk as @localstatedir@/lib/opencryptoki/pk_config_data.
-+
-+.SH "SEE ALSO"
-+.PD 0
-+.TP
-+\fBpkcs11_startup\fP(1),
-+.TP
-+\fBopencryptoki\fP(7),
-+.TP
-+\fBpkcsslotd\fP(8),
-+.TP
-+\fBpk_config_data\fP(5).
-+.PD
-+
diff --git a/opencryptoki-2.4.1-systemd.patch b/opencryptoki-2.4.1-systemd.patch
deleted file mode 100644
index 5c0ac52..0000000
--- a/opencryptoki-2.4.1-systemd.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 5f9d27ae7180324a9a808790356d842df87ca695 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
-Date: Mon, 27 Feb 2012 11:43:49 +0100
-Subject: [PATCH] add support for systemd
-
-New configure parameter is introduced (--with-systemdsystemunitdir) and when set
-it means that systemd service file will be installed instead of the classis initscript.
----
- .gitignore                |    1 +
- configure.in              |   12 ++++++++++++
- misc/Makefile.am          |   16 +++++++++++++---
- misc/pkcsslotd.service.in |   13 +++++++++++++
- 4 files changed, 39 insertions(+), 3 deletions(-)
- create mode 100644 misc/pkcsslotd.service.in
-
-diff --git a/configure.in b/configure.in
-index 483a092..577b148 100644
---- a/configure.in
-+++ b/configure.in
-@@ -175,6 +175,12 @@ AC_ARG_WITH([xcryptolinz],
- 	[],
- 	[with_xcryptolinz=check])
- 
-+dnl --- systemd system unit files location
-+AC_ARG_WITH([systemdsystemunitdir],
-+	AS_HELP_STRING([--with-systemdsystemunitdir@<:@=DIR@:>@],[systemd system unit files location]),
-+	[enable_systemd=yes],
-+	[enable_systemd=no])
-+
- dnl ---
- dnl ---
- dnl --- Now that we have all the options, let's check for a valid build
-@@ -495,6 +501,11 @@ AM_CONDITIONAL([ENABLE_DAEMON], [test "x$enable_daemon" = "xyes"])
- dnl --- enable_library
- AM_CONDITIONAL([ENABLE_LIBRARY], [test "x$enable_library" = "xyes"])
- 
-+dnl --- enable systemd and set unit dir
-+AM_CONDITIONAL([ENABLE_SYSTEMD], [test "x$enable_systemd" = "xyes"])
-+unitdir=$with_systemdsystemunitdir
-+AC_SUBST(unitdir)
-+
- dnl --- enable_icatok
- if test "x$enable_icatok" = "xyes"; then
- 	if test "x$with_libica" != "xyes"; then
-@@ -677,6 +688,7 @@ echo "	Debug build:		$enable_debug"
- echo "	Testcases:		$enable_testcases"
- echo "	Daemon build:		$enable_daemon"
- echo "	Library build:		$enable_library"
-+echo "	Systemd service:        $enable_systemd"
- echo
- echo "Enabled token types:"
- echo "	ICA token:		$enable_icatok"
-diff --git a/misc/Makefile.am b/misc/Makefile.am
-index d0c6e9b..2954483 100644
---- a/misc/Makefile.am
-+++ b/misc/Makefile.am
-@@ -1,8 +1,17 @@
--initddir = $(sysconfdir)/rc.d/init.d
--
--EXTRA_DIST = pkcsslotd.in
-+EXTRA_DIST = pkcsslotd.in pkcsslotd.service.in
- 
- if ENABLE_DAEMON
-+if ENABLE_SYSTEMD
-+servicedir = $(unitdir)
-+service_SCRIPTS = pkcsslotd.service
-+
-+CLEANFILES = pkcsslotd.service
-+
-+pkcsslotd.service: pkcsslotd.service.in
-+	@SED@ -e s!\@sbindir\@!"@sbindir@"!g < $< > $@-t
-+	mv $@-t $@
-+else
-+initddir = $(sysconfdir)/rc.d/init.d
- initd_SCRIPTS = pkcsslotd
- 
- CLEANFILES = pkcsslotd
-@@ -12,3 +21,4 @@ pkcsslotd: pkcsslotd.in
- 	@CHMOD@ a+x $@-t
- 	mv $@-t $@
- endif
-+endif
-diff --git a/misc/pkcsslotd.service.in b/misc/pkcsslotd.service.in
-new file mode 100644
-index 0000000..3e64363
---- /dev/null
-+++ b/misc/pkcsslotd.service.in
-@@ -0,0 +1,13 @@
-+[Unit]
-+Description=Daemon which manages cryptographic hardware tokens for the openCryptoki package
-+After=syslog.target
-+
-+[Service]
-+Type=forking
-+PIDFile=/var/run/pkcsslotd.pid
-+ExecStartPre=@sbindir@/pkcs11_startup
-+ExecStart=@sbindir@/pkcsslotd
-+
-+[Install]
-+WantedBy=multi-user.target
-+
--- 
-1.7.7.6
-
diff --git a/opencryptoki-2.4.2-locks.patch b/opencryptoki-2.4.3-locks.patch
similarity index 57%
rename from opencryptoki-2.4.2-locks.patch
rename to opencryptoki-2.4.3-locks.patch
index 98a2fc5..8fa2c1f 100644
--- a/opencryptoki-2.4.2-locks.patch
+++ b/opencryptoki-2.4.3-locks.patch
@@ -1,18 +1,4 @@
 diff --git a/usr/Makefile.am b/usr/Makefile.am
-index bced120..20352d5 100644
---- a/usr/Makefile.am
-+++ b/usr/Makefile.am
-@@ -5,6 +5,6 @@ endif
- SUBDIRS = lib $(DAEMONDIRS)
- 
- install-data-hook:
--	$(MKDIR_P) $(lockdir)
--	$(CHGRP) pkcs11 $(lockdir)
--	$(CHMOD) 0770 $(lockdir)
-+	$(MKDIR_P) $(DESTDIR)$(lockdir)
-+	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)
-+	$(CHMOD) 0770 $(DESTDIR)$(lockdir)
-diff --git a/usr/Makefile.am b/usr/Makefile.am
 index 20352d5..5d42b0f 100644
 --- a/usr/Makefile.am
 +++ b/usr/Makefile.am
diff --git a/opencryptoki.spec b/opencryptoki.spec
index 71b92bc..eb21a22 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -2,25 +2,19 @@
 
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
-Version:		2.4.2
-Release:		4%{?dist}
+Version:		2.4.3.1
+Release:		1%{?dist}
 License:		CPL
 Group:			System Environment/Base
 URL:			http://sourceforge.net/projects/opencryptoki
-Source0:		http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Source0:		http://downloads.sourceforge.net/%{name}/%{name}-%{version}-tar.gz
 Source1:		%{name}-tmpfiles.conf
 # the pkcs11 group is created and populated in scriptlet
 Patch0:			%{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=732756
 Patch1:			%{name}-2.4-group.patch
-# convert from initscript to systemd unit
-Patch2:			%{name}-2.4.1-systemd.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=830129
-Patch3:			%{name}-2.4.1-830129.patch
-# add pkcs_slot man page
-Patch4:			%{name}-2.4.1-man.patch
 # fix locks dir installation
-Patch5:			%{name}-2.4.2-locks.patch
+Patch2:			%{name}-2.4.3-locks.patch
 Requires(pre):		shadow-utils coreutils sed
 BuildRequires:		openssl-devel
 BuildRequires:		trousers-devel
@@ -146,13 +140,10 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
 
 
 %prep
-%setup -q
+%setup -q -n %{name}-%{name}
 %patch0 -p1
 %patch1 -p1 -b .group
-%patch2 -p1 -b .systemd
-%patch3 -p1 -b .bz830129
-%patch4 -p1 -b .man
-%patch5 -p1 -b .locks
+%patch2 -p1 -b .locks
 
 # Upstream tarball has unnecessary executable perms set on the sources
 find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@@ -161,7 +152,7 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
 %build
 ./bootstrap.sh
 
-%configure --with-systemdsystemunitdir=%{_unitdir}	\
+%configure --with-systemd=%{_unitdir}	\
 %ifarch s390 s390x
     --enable-icatok --enable-ccatok
 %else
@@ -267,6 +258,12 @@ exit 0
 
 
 %changelog
+* Tue Jun 25 2013 Dan Horák <dan[at]danny.cz> - 2.4.3.1-1
+- new upstream release 2.4.3.1
+
+* Fri May 03 2013 Dan Horák <dan[at]danny.cz> - 2.4.3-1
+- new upstream release 2.4.3
+
 * Thu Apr 04 2013 Dan Horák <dan[at]danny.cz> - 2.4.2-4
 - enable hardened build
 - switch to systemd macros in scriptlets (#850240)
diff --git a/sources b/sources
index a6205a8..c07f3dc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ec020070237ef652e4e1dc06a642f717  opencryptoki-2.4.2.tar.gz
+452227185f93a25e7664e2dfbc466ec4  opencryptoki-2.4.3.1-tar.gz