diff --git a/perl-5.29.0-Fix-VC6-build-following-commit-aa3c16bd70.patch b/perl-5.29.0-Fix-VC6-build-following-commit-aa3c16bd70.patch
deleted file mode 100644
index 052ef93..0000000
--- a/perl-5.29.0-Fix-VC6-build-following-commit-aa3c16bd70.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 80ebe57f7bd7f07d3ad1ff9604b2580b98579582 Mon Sep 17 00:00:00 2001
-From: Steve Hay <steve.m.hay@googlemail.com>
-Date: Thu, 19 Jul 2018 13:49:00 +0100
-Subject: [PATCH] Fix VC6 build following commit aa3c16bd70
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
----
- utf8.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/utf8.c b/utf8.c
-index 51039aed4f..57eac2d8f2 100644
---- a/utf8.c
-+++ b/utf8.c
-@@ -6363,7 +6363,7 @@ Perl_utf8_to_uvchr(pTHX_ const U8 *s, STRLEN *retlen)
-     }
- 
-     return utf8_to_uvchr_buf(s,
--                             s + strnlen((char *) s, UTF8_MAXBYTES),
-+                             s + my_strnlen((char *) s, UTF8_MAXBYTES),
-                             retlen);
- }
- 
--- 
-2.14.4
-
diff --git a/perl-5.29.0-Make-utf8_to_uvchr-safer.patch b/perl-5.29.0-Make-utf8_to_uvchr-safer.patch
deleted file mode 100644
index ffcaf63..0000000
--- a/perl-5.29.0-Make-utf8_to_uvchr-safer.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From aa3c16bd709ef9b9c8c785af48f368e08f70c74b Mon Sep 17 00:00:00 2001
-From: Karl Williamson <khw@cpan.org>
-Date: Tue, 17 Jul 2018 13:57:54 -0600
-Subject: [PATCH] Make utf8_to_uvchr() safer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This function is deprecated because the API doesn't allow it to
-determine the end of the input string, so it can read off the far end.
-But I just realized that since many strings are NUL-terminated, so we
-can forbid it from reading past the next NUL, and hence make it safe in
-many cases.
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
----
- utf8.c | 21 ++++++++++++++++++++-
- 1 file changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/utf8.c b/utf8.c
-index dec8aa1252..51039aed4f 100644
---- a/utf8.c
-+++ b/utf8.c
-@@ -6345,7 +6345,26 @@ Perl_utf8_to_uvchr(pTHX_ const U8 *s, STRLEN *retlen)
- {
-     PERL_ARGS_ASSERT_UTF8_TO_UVCHR;
- 
--    return utf8_to_uvchr_buf(s, s + UTF8_MAXBYTES, retlen);
-+    /* This function is unsafe if malformed UTF-8 input is given it, which is
-+     * why the function is deprecated.  If the first byte of the input
-+     * indicates that there are more bytes remaining in the sequence that forms
-+     * the character than there are in the input buffer, it can read past the
-+     * end.  But we can make it safe if the input string happens to be
-+     * NUL-terminated, as many strings in Perl are, by refusing to read past a
-+     * NUL.  A NUL indicates the start of the next character anyway.  If the
-+     * input isn't NUL-terminated, the function remains unsafe, as it always
-+     * has been.
-+     *
-+     * An initial NUL has to be handled separately, but all ASCIIs can be
-+     * handled the same way, speeding up this common case */
-+
-+    if (UTF8_IS_INVARIANT(*s)) {  /* Assumes 's' contains at least 1 byte */
-+        return (UV) *s;
-+    }
-+
-+    return utf8_to_uvchr_buf(s,
-+                             s + strnlen((char *) s, UTF8_MAXBYTES),
-+                            retlen);
- }
- 
- /*
--- 
-2.14.4
-
diff --git a/perl-5.29.1-Make-utf8_to_uvchr-slightly-safer.patch b/perl-5.29.1-Make-utf8_to_uvchr-slightly-safer.patch
deleted file mode 100644
index fba7e1c..0000000
--- a/perl-5.29.1-Make-utf8_to_uvchr-slightly-safer.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 2951abb4de83bfd534d332144e6a0bb3e2aaecdc Mon Sep 17 00:00:00 2001
-From: Karl Williamson <khw@cpan.org>
-Date: Mon, 30 Jul 2018 21:41:44 -0600
-Subject: [PATCH] Make utf8_to_uvchr() slightly safer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Recent commit aa3c16bd709ef9b9c8c785af48f368e08f70c74b made this
-function safe if the input is a NUL-terminated string.  But if not, it
-can read past the end of the buffer.  It used as a limit the maximum
-length a UTF-8 code point can be.  But most code points in real-world
-use aren't nearly that long, and we know how long that can be by looking
-at the first byte.  Therefore, use the length determined by the first
-byte as the limit instead of the maximum possible.
-
-Signed-off-by: Petr Písař <ppisar@redhat.com>
----
- utf8.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/utf8.c b/utf8.c
-index ceb8ed82df..06b77689c0 100644
---- a/utf8.c
-+++ b/utf8.c
-@@ -5755,8 +5755,8 @@ Perl_utf8_to_uvchr(pTHX_ const U8 *s, STRLEN *retlen)
-     }
- 
-     return utf8_to_uvchr_buf(s,
--                             s + my_strnlen((char *) s, UTF8_MAXBYTES),
--                            retlen);
-+                             s + my_strnlen((char *) s, UTF8SKIP(s)),
-+                             retlen);
- }
- 
- /*
--- 
-2.14.4
-
diff --git a/perl.spec b/perl.spec
index 7d24c9d..8fa0c97 100644
--- a/perl.spec
+++ b/perl.spec
@@ -81,7 +81,7 @@ License:        GPL+ or Artistic
 Epoch:          %{perl_epoch}
 Version:        %{perl_version}
 # release number must be even higher, because dual-lived modules will be broken otherwise
-Release:        421%{?dist}
+Release:        422%{?dist}
 Summary:        Practical Extraction and Report Language
 Url:            https://www.perl.org/
 Source0:        https://www.cpan.org/src/5.0/perl-%{perl_version}.tar.xz
@@ -181,30 +181,24 @@ Patch22:        perl-5.29.1-perl-133314-always-close-the-directory-handle-on-cle
 # in upstream after 5.29.1
 Patch23:        perl-5.29.1-utf8.c-Make-safer-a-deprecated-function.patch
 
-# Fix a buffer overrun in deprecated utf8_to_uvchr(),
-# in upstrem after 5.29.0
-Patch24:        perl-5.29.0-Make-utf8_to_uvchr-safer.patch
-Patch25:        perl-5.29.0-Fix-VC6-build-following-commit-aa3c16bd70.patch
-Patch26:        perl-5.29.1-Make-utf8_to_uvchr-slightly-safer.patch
-
 # Fix a time race in Time-HiRes/t/itimer.t test, in upstream after 5.29.1
-Patch27:        perl-5.29.1-Time-HiRes-t-itimer.t-avoid-race-condition.patch
+Patch24:        perl-5.29.1-Time-HiRes-t-itimer.t-avoid-race-condition.patch
 
 # Fix matching an ASCII digit followed by a non-ASCII digit using a script
 # run, in upstream after 5.29.1
-Patch28:        perl-5.28.0-Fix-script-run-bug-1-followed-by-Thai-digit.patch
+Patch25:        perl-5.28.0-Fix-script-run-bug-1-followed-by-Thai-digit.patch
 
 # Fix Time::Piece to handle objects in overloaded methods correctly,
 # in upstream after 5.29.1
-Patch29:        perl-5.29.1-Update-Time-Piece-to-CPAN-version-1.33.patch
+Patch26:        perl-5.29.1-Update-Time-Piece-to-CPAN-version-1.33.patch
 
 # Fix an assignment to a lexical variable in multiconcatenation expressions,
 # RT#133441, in upstream after 5.29.2
-Patch30:        perl-5.29.2-multiconcat-mutator-not-seen-in-lex.patch
+Patch27:        perl-5.29.2-multiconcat-mutator-not-seen-in-lex.patch
 
 # Fix a spurious warning about uninitialized value in warn, RT#132683,
 # in upstream after 5.29.2
-Patch31:        perl-5.29.2-perl-132683-don-t-try-to-convert-PL_sv_placeholder-i.patch
+Patch28:        perl-5.29.2-perl-132683-don-t-try-to-convert-PL_sv_placeholder-i.patch
 
 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
 Patch200:       perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@@ -2787,9 +2781,6 @@ Perl extension for Version Objects
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
-%patch29 -p1
-%patch30 -p1
-%patch31 -p1
 %patch200 -p1
 %patch201 -p1
 
@@ -2820,14 +2811,11 @@ perl -x patchlevel.h \
     'Fedora Patch21: Fix a file descriptor leak in in-place edits (RT#133314)' \
     'Fedora Patch22: Fix a file descriptor leak in in-place edits (RT#133314)' \
     'Fedora Patch23: Fix a buffer overrun in deprecated S_is_utf8_common()' \
-    'Fedora Patch24: Fix a buffer overrun in deprecated utf8_to_uvchr()' \
-    'Fedora Patch25: Fix a buffer overrun in deprecated utf8_to_uvchr()' \
-    'Fedora Patch26: Fix a buffer overrun in deprecated utf8_to_uvchr()' \
-    'Fedora Patch27: Fix a time race in Time-HiRes/t/itimer.t test' \
-    'Fedora Patch28: Fix matching an ASCII digit followed by a non-ASCII digit using a script run' \
-    'Fedora Patch29: Fix Time::Piece to handle objects in overloaded methods correctly' \
-    'Fedora Patch30: Fix an assignment to a lexical variable in multiconcatenation expressions (RT#133441)' \
-    'Fedora Patch31: Fix a spurious warning about uninitialized value in warn (RT#132683)' \
+    'Fedora Patch24: Fix a time race in Time-HiRes/t/itimer.t test' \
+    'Fedora Patch25: Fix matching an ASCII digit followed by a non-ASCII digit using a script run' \
+    'Fedora Patch26: Fix Time::Piece to handle objects in overloaded methods correctly' \
+    'Fedora Patch27: Fix an assignment to a lexical variable in multiconcatenation expressions (RT#133441)' \
+    'Fedora Patch28: Fix a spurious warning about uninitialized value in warn (RT#132683)' \
     'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
     'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
     %{nil}
@@ -5116,6 +5104,10 @@ popd
 
 # Old changelog entries are preserved in CVS.
 %changelog
+* Mon Sep 10 2018 Petr Pisar <ppisar@redhat.com> - 4:5.28.0-422
+- Revert a fix for a buffer overrun in deprecated S_is_utf8_common()
+  (bug #1627091)
+
 * Wed Sep 05 2018 Petr Pisar <ppisar@redhat.com> - 4:5.28.0-421
 - Fix a buffer overrun in deprecated S_is_utf8_common()
 - Fix a buffer overrun in deprecated utf8_to_uvchr()