diff --git a/SOURCES/bz1205848-Do-not-set-two_node-in-corosync-if-auto_tie_breaker-is-on.patch b/SOURCES/bz1205848-Do-not-set-two_node-in-corosync-if-auto_tie_breaker-is-on.patch
new file mode 100644
index 0000000..c5c63d3
--- /dev/null
+++ b/SOURCES/bz1205848-Do-not-set-two_node-in-corosync-if-auto_tie_breaker-is-on.patch
@@ -0,0 +1,122 @@
+From e751df5b0e5d6849fa5a8332c7a0fed53c5b5141 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline@redhat.com>
+Date: Tue, 3 Mar 2015 15:21:29 +0100
+Subject: [PATCH] Do not set two_node in corosync if auto_tie_breaker is on
+
+---
+ pcs/cluster.py           |  23 ++++++--
+ pcs/utils.py             |  26 +++++++--
+ 3 files changed, 170 insertions(+), 14 deletions(-)
+
+diff --git a/pcs/cluster.py b/pcs/cluster.py
+index 8569b92..c4a9b4c 100644
+--- a/pcs/cluster.py
++++ b/pcs/cluster.py
+@@ -351,6 +351,20 @@ def corosync_setup(argv,returnConfig=False):
+             cib_path = os.path.join(settings.cib_dir, "cib.xml")
+             if os.path.exists(cib_path) and not "--force" in utils.pcs_options:
+                 utils.err("%s already exists, use --force to overwrite" % cib_path)
++
++        for opt in ["--wait_for_all", "--auto_tie_breaker", "--last_man_standing"]:
++            if (
++                opt in utils.pcs_options
++                and
++                utils.pcs_options[opt] not in ["0", "1"]
++            ):
++                utils.err(
++                    "'%s' is not a valid value for %s, use 0 or 1"
++                    % (utils.pcs_options[opt], opt)
++                )
++
++        auto_tie_breaker = False
++
+         if "--corosync_conf" not in utils.pcs_options:
+             cluster_destroy([])
+ 
+@@ -372,20 +386,21 @@ def corosync_setup(argv,returnConfig=False):
+             new_nodes_section += "       }\n"
+             i = i+1
+ 
+-        two_node_section = ""
+-        if len(nodes) == 2:
+-            two_node_section = "two_node: 1"
+-
+         quorum_options = ""
+         if "--wait_for_all" in utils.pcs_options:
+             quorum_options += "wait_for_all: " + utils.pcs_options["--wait_for_all"] + "\n"
+         if "--auto_tie_breaker" in utils.pcs_options:
+             quorum_options += "auto_tie_breaker: " + utils.pcs_options["--auto_tie_breaker"] + "\n"
++            if utils.pcs_options["--auto_tie_breaker"] == "1":
++                auto_tie_breaker = True
+         if "--last_man_standing" in utils.pcs_options:
+             quorum_options += "last_man_standing: " + utils.pcs_options["--last_man_standing"] + "\n"
+         if "--last_man_standing_window" in utils.pcs_options:
+             quorum_options += "last_man_standing_window: " + utils.pcs_options["--last_man_standing_window"] + "\n"
+ 
++        two_node_section = ""
++        if len(nodes) == 2 and not auto_tie_breaker:
++            two_node_section = "two_node: 1"
+ 
+         transport = "udpu"
+         if "--transport" in utils.pcs_options:
+diff --git a/pcs/utils.py b/pcs/utils.py
+index d35db1d..6911f0c 100644
+--- a/pcs/utils.py
++++ b/pcs/utils.py
+@@ -527,7 +527,8 @@ def removeNodeFromCorosync(node):
+         node0 = node
+         node1 = None
+ 
+-    for c_node in getNodesFromCorosyncConf():
++    corosync_conf = getCorosyncConf()
++    for c_node in getNodesFromCorosyncConf(corosync_conf):
+         if c_node == node0:
+             node_found = True
+         num_nodes_in_conf = num_nodes_in_conf + 1
+@@ -539,7 +540,7 @@ def removeNodeFromCorosync(node):
+     in_node = False
+     node_match = False
+     node_buffer = []
+-    for line in getCorosyncConf().split("\n"):
++    for line in corosync_conf.split("\n"):
+         if in_node:
+             node_buffer.append(line)
+             if (
+@@ -562,7 +563,8 @@ def removeNodeFromCorosync(node):
+     new_corosync_conf = "\n".join(new_corosync_conf_lines) + "\n"
+ 
+     if removed_node:
+-        if num_nodes_in_conf == 3:
++        auto_tie_breaker = getQuorumOption(corosync_conf, "auto_tie_breaker")
++        if num_nodes_in_conf == 3 and auto_tie_breaker != "1":
+             new_corosync_conf = addQuorumOption(new_corosync_conf,("two_node","1"))
+         setCorosyncConf(new_corosync_conf)
+         reloadCorosync()
+@@ -640,6 +642,24 @@ def rmQuorumOption(corosync_conf,option):
+ 
+     return output.rstrip('\n') + "\n"
+ 
++def getQuorumOption(corosync_conf, option):
++    lines = corosync_conf.split("\n")
++    value = None
++
++    inQuorum = False
++    for line in lines:
++        line = line.strip()
++        if line.startswith("#"):
++            continue
++        if inQuorum and "}" in line:
++            inQuorum = False
++        elif inQuorum and line.split(":", 1)[0].strip() == option:
++            value = line.split(":", 1)[1].strip()
++        elif line.startswith("quorum {"):
++            inQuorum = True
++
++    return value
++
+ def getNextNodeID(corosync_conf):
+     currentNodes = []
+     highest = 0
+-- 
+1.9.1
+
diff --git a/SOURCES/secure-cookie.patch b/SOURCES/secure-cookie.patch
new file mode 100644
index 0000000..d7d802f
--- /dev/null
+++ b/SOURCES/secure-cookie.patch
@@ -0,0 +1,22 @@
+--- pcs-0.9.137/pcsd/pcsd.rb.secure_fix        2015-03-30 13:48:50.209887370 -0500
++++ pcs-0.9.137/pcsd/pcsd.rb   2015-03-30 13:50:47.321660377 -0500
+@@ -32,7 +32,9 @@ end
+ 
+ use Rack::Session::Cookie,
+   :expire_after => 60 * 60,
+-  :secret => secret
++  :secret => secret,
++  :secure => true, # only send over HTTPS
++  :httponly => true # don't provide to javascript
+ 
+ #use Rack::SSL
+ 
+@@ -46,8 +48,6 @@ also_reload 'pcs.rb'
+ also_reload 'auth.rb'
+ also_reload 'wizard.rb'
+ 
+-enable :sessions
+-
+ before do
+   $session = session
+   $cookies = cookies
diff --git a/SPECS/pcs.spec b/SPECS/pcs.spec
index 0700e72..f0f6250 100644
--- a/SPECS/pcs.spec
+++ b/SPECS/pcs.spec
@@ -16,7 +16,7 @@
 
 Name: pcs		
 Version: 0.9.137
-Release: 13%{?dist}
+Release: 13%{?dist}.2
 License: GPLv2
 URL: http://github.com/feist/pcs
 Group: System Environment/Base
@@ -37,6 +37,8 @@ Patch8: bz1180390-Stop-deleted-resource-before-removing-its-constraint.patch
 Patch9: bz1180506-stop-cluster-nodes-in-parallel.patch
 Patch10: bz1180506-Warn-if-nodes-stop-will-cause-a-loss-of-the-quorum.patch
 Patch11: bz1180506-3-Keep-cluster-quorate-during-destruction-as-long-as-possible.patch
+Patch12: bz1205848-Do-not-set-two_node-in-corosync-if-auto_tie_breaker-is-on.patch
+Patch13: secure-cookie.patch
 
 # NOTE: Source20 and Patch200+ belong to python-clufter
 
@@ -234,6 +236,14 @@ popd >/dev/null
 
 
 %changelog
+* Wed Apr 15 2015 Tomas Jelinek <tojeline@redhat.com> - 0.9.137-13.el7_1.2
+- Fixes issues with cookie signing in pcsd
+- Resolves: rhbz#1211567
+
+* Thu Mar 26 2015 Tomas Jelinek <tojeline@redhat.com> - 0.9.137-13.el7_1.1
+- Do not set two_nodes=1 in corosync.conf when auto_tie_breaker=1 is set
+- Resolves: rhbz#1205848
+
 * Tue Jan 20 2015 Tomas Jelinek <tojeline@redhat.com> - 0.9.137-13
 - Keep cluster quorate during destruction as long as possible
 - Resolves: rhbz#1180506