diff --git a/SOURCES/0001-dlm_controld-fix-printf-args-in-log-messages.patch b/SOURCES/0001-dlm_controld-fix-printf-args-in-log-messages.patch
new file mode 100644
index 0000000..45aee1f
--- /dev/null
+++ b/SOURCES/0001-dlm_controld-fix-printf-args-in-log-messages.patch
@@ -0,0 +1,48 @@
+From 4f6e9461edb571577eebb712e676eec4c7edd5ec Mon Sep 17 00:00:00 2001
+From: David Teigland <teigland@redhat.com>
+Date: Tue, 8 Feb 2022 09:54:06 -0600
+Subject: [PATCH 1/5] dlm_controld: fix printf args in log messages
+
+Fix log message arg types in two recent commits:
+
+dcc945a9d40b90a7b13d7f826f2726f35921f95b
+  "dlm_controld: use uint64_t for cluster ringid"
+
+b0222892f0b82ff680d4b3f9ac4250f47300d897
+  "dlm_controld: add support for per nodeid configuration"
+---
+ dlm_controld/cpg.c         | 2 +-
+ dlm_controld/node_config.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/dlm_controld/cpg.c b/dlm_controld/cpg.c
+index f3365ee4cd77..b9f9a16b8ae0 100644
+--- a/dlm_controld/cpg.c
++++ b/dlm_controld/cpg.c
+@@ -450,7 +450,7 @@ static int check_ringid_done(struct lockspace *ls)
+ 	   but that's probably not guaranteed.) */
+ 
+ 	if (ls->cpg_ringid_wait) {
+-		log_group(ls, "check_ringid wait cluster %u cpg %llu:%llu",
++		log_group(ls, "check_ringid wait cluster %llu cpg %u:%llu",
+ 			  (unsigned long long)cluster_ringid_seq,
+ 			  ls->cpg_ringid.nodeid,
+ 			  (unsigned long long)ls->cpg_ringid.seq);
+diff --git a/dlm_controld/node_config.c b/dlm_controld/node_config.c
+index fe794be72f22..9845e8988e8c 100644
+--- a/dlm_controld/node_config.c
++++ b/dlm_controld/node_config.c
+@@ -58,8 +58,8 @@ int node_config_init(const char *path)
+ 			}
+ 			nc[nodeid].mark = mark;
+ 
+-			log_debug("parsed node config id=%d mark=%" PRIu32,
+-				  nodeid, mark);
++			log_debug("parsed node config id=%d mark=%llu",
++				  nodeid, (unsigned long long)mark);
+ 		}
+ 	}
+ 
+-- 
+2.7.5
+
diff --git a/SOURCES/0002-stonith_helper-Don-t-link-dlm_stonith-against-libxml.patch b/SOURCES/0002-stonith_helper-Don-t-link-dlm_stonith-against-libxml.patch
new file mode 100644
index 0000000..6dbb187
--- /dev/null
+++ b/SOURCES/0002-stonith_helper-Don-t-link-dlm_stonith-against-libxml.patch
@@ -0,0 +1,36 @@
+From c745ac4ce06df71b13c5901aa2e6c3772f3661dd Mon Sep 17 00:00:00 2001
+From: Alexander Aring <aahringo@redhat.com>
+Date: Thu, 2 Dec 2021 13:27:26 -0500
+Subject: [PATCH 2/5] stonith_helper: Don't link dlm_stonith against libxml2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Took it from the debian patches. There is no need to link against
+libxml2 for the stonith_helper tool.
+
+Reported-by: Ferenc Wágner <wferi@debian.org>
+---
+ fence/Makefile | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/fence/Makefile b/fence/Makefile
+index 2b080468eaa0..547f7ba946ff 100644
+--- a/fence/Makefile
++++ b/fence/Makefile
+@@ -18,12 +18,10 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
+ 	-fstack-clash-protection -Wl,-z,now
+ 
+ CFLAGS += -fPIE -DPIE
+-CFLAGS += `xml2-config --cflags`
+ CFLAGS += -I../include
+ CFLAGS += $(shell pkg-config --cflags pacemaker-fencing)
+ 
+ LDFLAGS += -Wl,-z,relro -Wl,-z,defs -pie
+-LDFLAGS += `xml2-config --libs`
+ LDFLAGS += -ldl
+ 
+ all: $(BIN_TARGET)
+-- 
+2.7.5
+
diff --git a/SOURCES/0003-treewide-do-always-Wl-z-now-in-LDFLAGS.patch b/SOURCES/0003-treewide-do-always-Wl-z-now-in-LDFLAGS.patch
new file mode 100644
index 0000000..f6bf80f
--- /dev/null
+++ b/SOURCES/0003-treewide-do-always-Wl-z-now-in-LDFLAGS.patch
@@ -0,0 +1,106 @@
+From 681b54fd40b7a5e5c960bbd3e8aedca0fd4db575 Mon Sep 17 00:00:00 2001
+From: Alexander Aring <aahringo@redhat.com>
+Date: Tue, 8 Feb 2022 14:42:53 -0500
+Subject: [PATCH 3/5] treewide: do always -Wl,-z,now in LDFLAGS
+
+This patch reverts commit 7bb5570a ("treewide: try to resolve symbols at
+linking time") because the recommended way to avoid security related
+issues is always to use -Wl,-z,now.
+
+This is solving the following annocheck failure:
+
+https://sourceware.org/annobin/annobin.html/Test-bind-now.html
+---
+ dlm_controld/Makefile | 6 +++---
+ dlm_tool/Makefile     | 4 ++--
+ fence/Makefile        | 4 ++--
+ libdlm/Makefile       | 7 +++----
+ 4 files changed, 10 insertions(+), 11 deletions(-)
+
+diff --git a/dlm_controld/Makefile b/dlm_controld/Makefile
+index 8cfc97e6909a..a92fdebe2cba 100644
+--- a/dlm_controld/Makefile
++++ b/dlm_controld/Makefile
+@@ -43,15 +43,15 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
+ 	-Wno-sign-compare -Wno-unused-parameter -Wp,-D_FORTIFY_SOURCE=2 \
+ 	-fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option \
+ 	-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong \
+-	-fstack-clash-protection -Wl,-z,now
++	-fstack-clash-protection
+ 
+ BIN_CFLAGS += $(CFLAGS) -fPIE -DPIE
+ BIN_CFLAGS += -I../include -I../libdlm
+ LIB_CFLAGS += $(CFLAGS) -fPIC
+ 
+-BIN_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,defs -pie
++BIN_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,now -pie
+ BIN_LDFLAGS += -lpthread -lrt -lcpg -lcmap -lcfg -lquorum -luuid
+-LIB_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,defs -pie
++LIB_LDFLAGS += $(LDFLAGS) -Wl,-z,relro -Wl,-z,now -pie
+ 
+ PKG_CONFIG ?= pkg-config
+ ifeq ($(USE_SD_NOTIFY),yes)
+diff --git a/dlm_tool/Makefile b/dlm_tool/Makefile
+index 7b42638c0e4a..1c3d61d5c860 100644
+--- a/dlm_tool/Makefile
++++ b/dlm_tool/Makefile
+@@ -15,12 +15,12 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
+ 	-Wno-sign-compare -Wno-unused-parameter -Wp,-D_FORTIFY_SOURCE=2 \
+ 	-fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option \
+ 	-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong \
+-	-fstack-clash-protection -Wl,-z,now
++	-fstack-clash-protection
+ 
+ CFLAGS += -fPIE -DPIE
+ CFLAGS += -I../include -I../libdlm -I../dlm_controld
+ 
+-LDFLAGS += -Wl,-z,relro -Wl,-z,defs -pie
++LDFLAGS += -Wl,-z,relro -Wl,-z,now -pie
+ LDFLAGS += -L../libdlm -L../dlm_controld
+ LDFLAGS += -lpthread -ldlm -ldlmcontrol
+ 
+diff --git a/fence/Makefile b/fence/Makefile
+index 547f7ba946ff..ee4dfb886d4c 100644
+--- a/fence/Makefile
++++ b/fence/Makefile
+@@ -15,13 +15,13 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
+ 	-Wno-sign-compare -Wno-unused-parameter -Wp,-D_FORTIFY_SOURCE=2 \
+ 	-fexceptions -fasynchronous-unwind-tables -fdiagnostics-show-option \
+ 	-Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong \
+-	-fstack-clash-protection -Wl,-z,now
++	-fstack-clash-protection
+ 
+ CFLAGS += -fPIE -DPIE
+ CFLAGS += -I../include
+ CFLAGS += $(shell pkg-config --cflags pacemaker-fencing)
+ 
+-LDFLAGS += -Wl,-z,relro -Wl,-z,defs -pie
++LDFLAGS += -Wl,-z,relro -Wl,-z,now -pie
+ LDFLAGS += -ldl
+ 
+ all: $(BIN_TARGET)
+diff --git a/libdlm/Makefile b/libdlm/Makefile
+index 313c2a08f17e..5069ccf1f7f9 100644
+--- a/libdlm/Makefile
++++ b/libdlm/Makefile
+@@ -78,14 +78,13 @@ CFLAGS += -D_GNU_SOURCE -O2 -ggdb \
+ 	-fexceptions \
+ 	-fasynchronous-unwind-tables \
+ 	-fdiagnostics-show-option \
+-	-fPIC \
+-	-Wl,-z,now
++	-fPIC
+ 
+ LIB_CFLAGS += $(CFLAGS) -D_REENTRANT
+ LLT_CFLAGS += $(CFLAGS)
+ 
+-LIB_LDFLAGS += $(LDFLAGS) -lpthread -Wl,-z,defs
+-LLT_LDFLAGS += $(LDFLAGS) -Wl,-z,defs
++LIB_LDFLAGS += $(LDFLAGS) -lpthread -Wl,-z,now
++LLT_LDFLAGS += $(LDFLAGS) -Wl,-z,now
+ 
+ all: $(LIB_TARGET) $(LLT_TARGET) $(LIB_PC) $(LLT_PC)
+ 
+-- 
+2.7.5
+
diff --git a/SPECS/dlm.spec b/SPECS/dlm.spec
index c7939ec..250195c 100644
--- a/SPECS/dlm.spec
+++ b/SPECS/dlm.spec
@@ -1,6 +1,6 @@
 Name:           dlm
 Version:        4.1.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2 and GPLv2+ and LGPLv2+
 # For a breakdown of the licensing, see README.license
 Summary:        dlm control daemon and tool
@@ -15,7 +15,10 @@ BuildRequires:  systemd-devel
 BuildRequires: make
 Source0:	https://releases.pagure.org/dlm/%{name}-%{version}.tar.gz
 
-# Patch0: 0001-foo.patch
+Patch0: 0001-dlm_controld-fix-printf-args-in-log-messages.patch
+Patch1: 0002-stonith_helper-Don-t-link-dlm_stonith-against-libxml.patch
+Patch2: 0003-treewide-do-always-Wl-z-now-in-LDFLAGS.patch
+
 
 %if 0%{?rhel} && 0%{?rhel} <= 7
 ExclusiveArch: i686 x86_64
@@ -34,7 +37,9 @@ The kernel dlm requires a user daemon to control membership.
 
 %prep
 %setup -q
-# %patch0 -p1 -b .0001-foo.patch
+%patch0 -p1 -b .backup0
+%patch1 -p1 -b .backup1
+%patch2 -p1 -b .backup2
 
 %build
 # upstream does not require configure
@@ -99,6 +104,9 @@ developing applications that use %{name}.
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Tue Feb 15 2022 David Teigland <teigland@redhat.com> - 4.1.1-2
+- compiler warnings and makefile flags
+
 * Mon Nov 15 2021 David Teigland <teigland@redhat.com> - 4.1.1-1
 - new upstream version