diff --git a/SOURCES/netcf-call-aug_load-at-most-once-per-second.patch b/SOURCES/netcf-call-aug_load-at-most-once-per-second.patch
new file mode 100644
index 0000000..62b48ef
--- /dev/null
+++ b/SOURCES/netcf-call-aug_load-at-most-once-per-second.patch
@@ -0,0 +1,87 @@
+From 513224ceee718af980b6bc01a3e5f3f0e6452307 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Mon, 28 Sep 2015 17:11:11 -0400
+Subject: [PATCH 1/2] call aug_load() at most once per second
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1268382
+
+Previously, netcf would call aug_load() at the start of each public
+API call, and rely on augeas quickly determining if the files needed
+to be reread based on checking the mtime of all files. With a large
+number of files (i.e. several hundred ifcfg files) just checking the
+mtime of all files ends up taking quite a long time; enough to turn a
+simple "virsh iface-list" of 300 bridges + 300 vlans into a 22 second
+ordeal.
+
+With this patch applied, netcf will only call aug_load() at most once
+every second, resulting in runtime for virsh iface-list going down to
+< 1 second.
+
+The trade-off is that the results of a netcf API call could be up to 1
+second out of date (but only due to changes in the config external to
+netcf). Since ifcfg files change very infrequently, this is likely
+acceptable.
+
+(cherry picked from commit 9b5f4eb57af28a604cd7ac8b2c1be9e49f0b517d)
+---
+ src/dutil_linux.c | 8 +++++++-
+ src/dutil_linux.h | 1 +
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/dutil_linux.c b/src/dutil_linux.c
+index 0850593..24f4d95 100644
+--- a/src/dutil_linux.c
++++ b/src/dutil_linux.c
+@@ -32,6 +32,7 @@
+ #include <unistd.h>
+ #include <ctype.h>
+ #include <errno.h>
++#include <time.h>
+ 
+ #include <dirent.h>
+ #include <sys/wait.h>
+@@ -151,6 +152,7 @@ int remove_augeas_xfm_table(struct netcf *ncf,
+  */
+ augeas *get_augeas(struct netcf *ncf) {
+     int r;
++    time_t current_time;
+ 
+     if (ncf->driver->augeas == NULL) {
+         augeas *aug;
+@@ -186,9 +188,12 @@ augeas *get_augeas(struct netcf *ncf) {
+         }
+         ncf->driver->copy_augeas_xfm = 0;
+         ncf->driver->load_augeas = 1;
++        ncf->driver->load_augeas_time = 0;
+     }
+ 
+-    if (ncf->driver->load_augeas) {
++    current_time = time(NULL);
++    if (ncf->driver->load_augeas &&
++        ncf->driver->load_augeas_time != current_time) {
+         augeas *aug = ncf->driver->augeas;
+ 
+         r = aug_load(aug);
+@@ -207,6 +212,7 @@ augeas *get_augeas(struct netcf *ncf) {
+         }
+         ERR_THROW(r > 0, ncf, EOTHER, "errors in loading some config files");
+         ncf->driver->load_augeas = 0;
++        ncf->driver->load_augeas_time = current_time;
+     }
+     return ncf->driver->augeas;
+  error:
+diff --git a/src/dutil_linux.h b/src/dutil_linux.h
+index a06a15c..75ac631 100644
+--- a/src/dutil_linux.h
++++ b/src/dutil_linux.h
+@@ -41,6 +41,7 @@ struct driver {
+     struct nl_sock     *nl_sock;
+     struct nl_cache   *link_cache;
+     struct nl_cache   *addr_cache;
++    time_t             load_augeas_time;
+     unsigned int       load_augeas : 1;
+     unsigned int       copy_augeas_xfm : 1;
+     unsigned int       augeas_xfm_num_tables;
+-- 
+1.8.3.1
+
diff --git a/SOURCES/netcf-optimize-aug_match-query-for-all-ifcfg-files-related.patch b/SOURCES/netcf-optimize-aug_match-query-for-all-ifcfg-files-related.patch
new file mode 100644
index 0000000..b55aa02
--- /dev/null
+++ b/SOURCES/netcf-optimize-aug_match-query-for-all-ifcfg-files-related.patch
@@ -0,0 +1,115 @@
+From 0be286b3062fc2ff8718cbbc914eb596506d9fac Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Wed, 7 Oct 2015 13:49:45 -0400
+Subject: [PATCH 2/2] optimize aug_match() query for all ifcfg files related to
+ an interface
+
+This resolves:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=1269613
+
+The original augeas search term used by netcf to find, for example, all the
+ifcfg files associated with device "br1" was:
+
+     "/files/etc/sysconfig/network-scripts/*[ "
+     "DEVICE = 'br1' or BRIDGE = 'br1' or MASTER = 'br1' or MASTER = "
+     "../*[BRIDGE = 'br1']/DEVICE ]/DEVICE"
+
+This is *extremely* inefficient - on a test host with 514 host
+bridges, each with an attached vlan interface, a dumpxml of all
+toplevel interfaces took 6m40s (*after* installing an augeas that
+included augeas upstream commits a659f09a, 41e989ca, and 23d5e480
+which were all pushed after the augeas-1.4.0 release).
+
+In these two messages:
+
+ https://www.redhat.com/archives/augeas-devel/2015-October/msg00003.html
+ https://www.redhat.com/archives/augeas-devel/2015-October/msg00004.html
+
+David Lutterkort suggested changing the search term to:
+
+  "(/files/etc/sysconfig/network-scripts/*[(DEVICE|BRIDGE|MASTER) = 'br1']"
+  "|/files/etc/sysconfig/network-scripts/*[MASTER]"
+  "[MASTER = ../*[BRIDGE = 'br1']/DEVICE ])/DEVICE
+
+That's what this patch does. Testing shows that it is functionally
+equivalent, and reduces the dumpxml time in the previously described
+test from 6m40s down to 17 seconds.
+
+(cherry picked from commit 396e4e0698d9fb542f2eb8b32790a069e1c0df61)
+---
+ src/drv_redhat.c | 44 ++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 34 insertions(+), 10 deletions(-)
+
+diff --git a/src/drv_redhat.c b/src/drv_redhat.c
+index 4935f98..092ef5c 100644
+--- a/src/drv_redhat.c
++++ b/src/drv_redhat.c
+@@ -88,6 +88,38 @@ static const struct augeas_xfm_table augeas_xfm_common =
+     { .size = ARRAY_CARDINALITY(augeas_xfm_common_pv),
+       .pv = augeas_xfm_common_pv };
+ 
++/* aug_all_related_ifcfgs() - return the count of (and optionally a list
++ * of, if matches != NULL) the paths for all ifcfg files that are
++ * related to the interface "name".
++ */
++static
++int aug_all_related_ifcfgs(struct netcf *ncf, char ***matches, const char *name) {
++    int nmatches;
++
++    /* this includes the ifcfg files for:
++     *
++     * 1) the named interface itself (DEVICE=$name)
++     *
++     * 2) any interface naming $name as a bridge it is attached to
++     *    (BRIDGE=$name)
++     *
++     * 3) any interface naming $name as the master of a bond it is
++     *    enslaved to (MASTER=$name)
++     *
++     * 4) any interface with a MASTER, where the device named as
++     *    MASTER contains a BRIDGE=$name *and* DEVICE=$itself (thus
++     *    catching ethernet devices that are enslaved to a bond that
++     *    is attached to a bridge).
++     */
++    nmatches = aug_fmt_match(ncf, matches,
++                             "(%s[(DEVICE|BRIDGE|MASTER) = '%s']"
++                             "|%s[MASTER][MASTER = ../*[BRIDGE = '%s']/DEVICE "
++                             "])/DEVICE",
++                             ifcfg_path, name, ifcfg_path, name);
++    return nmatches;
++
++}
++
+ /* Entries in a ifcfg file that tell us that the interface
+  * is not a toplevel interface
+  */
+@@ -108,12 +140,7 @@ static int is_slave(struct netcf *ncf, const char *intf) {
+ static bool has_ifcfg_file(struct netcf *ncf, const char *name) {
+     int nmatches;
+ 
+-    nmatches = aug_fmt_match(ncf, NULL,
+-                             "%s[ DEVICE = '%s'"
+-                             "    or BRIDGE = '%s'"
+-                             "    or MASTER = '%s'"
+-                             "    or MASTER = ../*[BRIDGE = '%s']/DEVICE ]/DEVICE",
+-                             ifcfg_path, name, name, name, name);
++    nmatches = aug_all_related_ifcfgs(ncf, NULL, name);
+     return nmatches > 0;
+ }
+ 
+@@ -588,10 +615,7 @@ static xmlDocPtr aug_get_xml_for_nif(struct netcf_if *nif) {
+     int ndevs = 0, nint = 0;
+ 
+     ncf = nif->ncf;
+-    ndevs = aug_fmt_match(ncf, &devs,
+-              "%s[ DEVICE = '%s' or BRIDGE = '%s' or MASTER = '%s'"
+-              "    or MASTER = ../*[BRIDGE = '%s']/DEVICE ]/DEVICE",
+-              ifcfg_path, nif->name, nif->name, nif->name, nif->name);
++    ndevs = aug_all_related_ifcfgs(ncf, &devs, nif->name);
+     ERR_BAIL(ncf);
+ 
+     nint = uniq_ifcfg_paths(ncf, ndevs, devs, &intf);
+-- 
+1.8.3.1
+
diff --git a/SPECS/netcf.spec b/SPECS/netcf.spec
index b64ecdd..8dddec5 100644
--- a/SPECS/netcf.spec
+++ b/SPECS/netcf.spec
@@ -1,6 +1,6 @@
 Name:           netcf
 Version:        0.2.8
-Release:        1%{?dist}%{?extra_release}
+Release:        2%{?dist}%{?extra_release}
 Summary:        Cross-platform network configuration library
 
 Group:          System Environment/Libraries
@@ -20,6 +20,9 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 # build)
 #
 
+Patch001: netcf-call-aug_load-at-most-once-per-second.patch
+Patch002: netcf-optimize-aug_match-query-for-all-ifcfg-files-related.patch
+
 # Default to skipping autoreconf.  Distros can change just this one
 # line (or provide a command-line override) if they backport any
 # patches that touch configure.ac or Makefile.am.
@@ -212,6 +215,10 @@ fi
 %{_libdir}/pkgconfig/netcf.pc
 
 %changelog
+* Fri Jul 01 2016 Laine Stump <laine@redhat.com> - 0.2.8-2
+ - resolve rhbz#1268382
+ - resolve rhbz#1269613
+
 * Wed May 20 2015 Laine Stump <laine@redhat.com> - 0.2.8-1
  - Rebase to netcf-0.2.8
  - resolve rhbz#1165965 - CVE-2014-8119