diff --git a/.gitignore b/.gitignore
index b524cec..8264060 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/libX11-1.6.7.tar.bz2
+SOURCES/libX11-1.6.8.tar.bz2
diff --git a/.libX11.metadata b/.libX11.metadata
index 6a78a77..ff15fb1 100644
--- a/.libX11.metadata
+++ b/.libX11.metadata
@@ -1 +1 @@
-5076f7853713d7db958a05f6fd1c18f7e111a0ad SOURCES/libX11-1.6.7.tar.bz2
+f1ea96fe472a981d378b4f2eec90dcd063f9a407 SOURCES/libX11-1.6.8.tar.bz2
diff --git a/SOURCES/0001-Fix-XTS-regression-in-XCopyColormapAndFree.patch b/SOURCES/0001-Fix-XTS-regression-in-XCopyColormapAndFree.patch
new file mode 100644
index 0000000..fd4e5aa
--- /dev/null
+++ b/SOURCES/0001-Fix-XTS-regression-in-XCopyColormapAndFree.patch
@@ -0,0 +1,64 @@
+From a515545065ce6e1924de4bc50aaae7ec9b48cfad Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax@redhat.com>
+Date: Wed, 11 Dec 2019 11:53:11 -0500
+Subject: [PATCH libX11] Fix XTS regression in XCopyColormapAndFree
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+XCopyColormapAndFree/5 threw an assertion:
+
+    520|4 5 00014017 1 2|Assertion XCopyColormapAndFree-5.(A)
+    520|4 5 00014017 1 3|When a colourmap argument does not name a valid colourmap,
+    520|4 5 00014017 1 4|then a BadColor error occurs.
+    520|4 5 00014017 1 5|METH: Create a bad colourmap by creating and freeing a colourmap.
+    520|4 5 00014017 1 6|METH: Call test function using bad colourmap as the colourmap argument.
+    520|4 5 00014017 1 7|METH: Verify that a BadColor error occurs.
+    520|4 5 00014017 1 8|unexpected signal 6 (SIGABRT) received
+    220|4 5 2 15:05:53|UNRESOLVED
+    410|4 5 1 15:05:53|IC End
+    510|4|system 0: Abandoning testset: caught unexpected signal 11 (SIGSEGV)
+
+More specifically:
+
+    lt-XCopyColormapAndFree: xcb_io.c:533: _XAllocID: Assertion `ret != inval_id' failed.
+
+This bug was introduced (by following my advice, d'oh) in:
+
+    commit 99a2cf1aa0b58391078d5d3edf0a7dab18c7745d
+    Author: Tapani Pälli <tapani.palli@intel.com>
+    Date:   Mon May 13 08:29:49 2019 +0300
+
+        Protect colormap add/removal with display lock
+
+In that patch we moved the call to _XcmsCopyCmapRecAndFree inside the
+display lock. The problem is said routine has side effects, including
+trying to implicitly create a colormap in some cases. Since we don't run
+the XID handler until SyncHandle() we would see inconsistent internal
+xlib state, triggering the above assert.
+
+Fix this by dropping and re-taking the display lock before calling into
+XCMS.
+---
+ src/CopyCmap.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/CopyCmap.c b/src/CopyCmap.c
+index b4954b01..b37aba73 100644
+--- a/src/CopyCmap.c
++++ b/src/CopyCmap.c
+@@ -53,6 +53,11 @@ Colormap XCopyColormapAndFree(
+     mid = req->mid = XAllocID(dpy);
+     req->srcCmap = src_cmap;
+ 
++    /* re-lock the display to keep XID handling in sync */
++    UnlockDisplay(dpy);
++    SyncHandle();
++    LockDisplay(dpy);
++
+ #if XCMS
+     _XcmsCopyCmapRecAndFree(dpy, src_cmap, mid);
+ #endif
+-- 
+2.23.0
+
diff --git a/SOURCES/0001-Fix-poll_for_response-race-condition.patch b/SOURCES/0001-Fix-poll_for_response-race-condition.patch
new file mode 100644
index 0000000..77b4d26
--- /dev/null
+++ b/SOURCES/0001-Fix-poll_for_response-race-condition.patch
@@ -0,0 +1,63 @@
+From 77f8517710a724fa1f29de8ad806692782f962bd Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Wed, 29 Jan 2020 09:06:54 +0000
+Subject: [PATCH libX11] Fix poll_for_response race condition
+
+In poll_for_response is it possible that event replies are skipped
+and a more up to date message reply is returned.
+This will cause next poll_for_event call to fail aborting the program.
+
+This was proved using some slow ssh tunnel or using some program
+to slow down server replies (I used a combination of xtrace and strace).
+
+How the race happens:
+- program enters into poll_for_response;
+- poll_for_event is called but the server didn't still send the reply;
+- pending_requests is not NULL because we send a request (see call
+  to  append_pending_request in _XSend);
+- xcb_poll_for_reply64 is called from poll_for_response;
+- xcb_poll_for_reply64 will read from server, at this point
+  server reply with an event (say sequence N) and the reply to our
+  last request (say sequence N+1);
+- xcb_poll_for_reply64 returns the reply for the request we asked;
+- last_request_read is set to N+1 sequence in poll_for_response;
+- poll_for_response returns the response to the request;
+- poll_for_event is called (for instance from another poll_for_response);
+- event with sequence N is retrieved;
+- the N sequence is widen, however, as the "new" number computed from
+  last_request_read is less than N the number is widened to N + 2^32
+  (assuming last_request_read is still contained in 32 bit);
+- poll_for_event enters the nested if statement as req is NULL;
+- we compare the widen N (which now does not fit into 32 bit) with
+  request (which fits into 32 bit) hitting the throw_thread_fail_assert.
+
+I propose to change the widen to not go too far from the wide number
+instead of supposing the result is always bigger than the wide number
+passed.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ src/xcb_io.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/xcb_io.c b/src/xcb_io.c
+index 6a12d150..2aacbda3 100644
+--- a/src/xcb_io.c
++++ b/src/xcb_io.c
+@@ -201,12 +201,10 @@ static int handle_error(Display *dpy, xError *err, Bool in_XReply)
+ }
+ 
+ /* Widen a 32-bit sequence number into a 64bit (uint64_t) sequence number.
+- * Treating the comparison as a 1 and shifting it avoids a conditional branch.
+  */
+ static void widen(uint64_t *wide, unsigned int narrow)
+ {
+-	uint64_t new = (*wide & ~((uint64_t)0xFFFFFFFFUL)) | narrow;
+-	*wide = new + (((uint64_t)(new < *wide)) << 32);
++	*wide += (int32_t) (narrow - *wide);
+ }
+ 
+ /* Thread-safety rules:
+-- 
+2.23.0
+
diff --git a/SPECS/libX11.spec b/SPECS/libX11.spec
index 54ce4a1..2bf1f9c 100644
--- a/SPECS/libX11.spec
+++ b/SPECS/libX11.spec
@@ -4,8 +4,8 @@
 
 Summary: Core X11 protocol client library
 Name: libX11
-Version: 1.6.7
-Release: 1%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
+Version: 1.6.8
+Release: 3%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://www.x.org
@@ -19,6 +19,8 @@ Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.
 %endif
 
 Patch2: dont-forward-keycode-0.patch
+Patch3: 0001-Fix-XTS-regression-in-XCopyColormapAndFree.patch
+Patch4: 0001-Fix-poll_for_response-race-condition.patch
 
 BuildRequires: xorg-x11-util-macros >= 1.11
 BuildRequires: pkgconfig(xproto) >= 7.0.15
@@ -60,6 +62,8 @@ libX11/libxcb interoperability library
 %prep
 %setup -q -n %{tarball}-%{?gitdate:%{gitdate}}%{!?gitdate:%{version}}
 %patch2 -p1 -b .dont-forward-keycode-0
+%patch3 -p1 -b .copycolormapandfree
+%patch4 -p1 -b .race
 
 %build
 autoreconf -v --install --force
@@ -97,7 +101,7 @@ make %{?_smp_mflags} check
 %{_libdir}/libX11-xcb.so.1.0.0
 
 %files common
-%doc AUTHORS COPYING README NEWS
+%doc AUTHORS COPYING README.md NEWS
 %{_datadir}/X11/locale/
 %{_datadir}/X11/XErrorDB
 %dir /var/cache/libX11
@@ -124,6 +128,15 @@ make %{?_smp_mflags} check
 %{_mandir}/man5/*.5*
 
 %changelog
+* Mon Feb 24 2020 Adam Jackson <ajax@redhat.com> - 1.6.8-3
+- Fix race condition in poll_for_reponse
+
+* Fri Dec 13 2019 Adam Jackson <ajax@redhat.com> - 1.6.8-2
+- Fix assertion on error in XCopyColormapAndFree
+
+* Tue Nov 19 2019 Adam Jackson <ajax@redhat.com> - 1.6.8-1
+- libX11 1.6.8
+
 * Tue Oct 09 2018 Adam Jackson <ajax@redhat.com> - 1.6.7-1
 - libX11 1.6.7