diff --git a/SOURCES/0021-reds-Disable-TLS-1.0.patch b/SOURCES/0021-reds-Disable-TLS-1.0.patch
new file mode 100644
index 0000000..6b338dd
--- /dev/null
+++ b/SOURCES/0021-reds-Disable-TLS-1.0.patch
@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Sun, 11 Feb 2018 18:27:41 +0000
+Subject: [spice-server] reds: Disable TLS 1.0
+
+TLS 1.0 is considered now insecure.
+TLS 1.1 was introduced in 2006.
+Our SPICE clients uses OpenSSL to use TLS and the support for TLS 1.1
+in OpenSSL was introduced in 2006 too so even in systems like
+Windows XP which are not officially supporting TLS 1.0 will work
+with SPICE and TLS 1.1.
+This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1521053.
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Victor Toso <victortoso@redhat.com>
+---
+ server/reds.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index 401d242..0af5643 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2836,9 +2836,10 @@ static int reds_init_ssl(RedsState *reds)
+ SSL_METHOD *ssl_method;
+ #endif
+ int return_code;
+- /* When some other SSL/TLS version becomes obsolete, add it to this
++ /* Limit connection to TLSv1.1 or newer.
++ * When some other SSL/TLS version becomes obsolete, add it to this
+ * variable. */
+- long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
++ long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
+
+ /* Global system initialization*/
+ g_once(&openssl_once, openssl_global_init, NULL);
diff --git a/SOURCES/0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch b/SOURCES/0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch
new file mode 100644
index 0000000..f6d4e69
--- /dev/null
+++ b/SOURCES/0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch
@@ -0,0 +1,71 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christophe Fergeau <cfergeau@redhat.com>
+Date: Tue, 10 Apr 2018 17:32:48 +0200
+Subject: [spice-server] cursor: Delay release of QXL guest cursor resources
+
+There's an implicit API/ABI contract between QEMU and SPICE that SPICE
+will keep the guest QXL resources alive as long as QEMU can hold a
+pointer to them. This implicit contract was broken in 1c6e7cf7 "Release
+cursor as soon as possible", causing crashes at migration time.
+While the proper fix would be in QEMU so that spice-server does not need
+to have that kind of knowledge regarding QEMU internal implementation,
+this commit reverts to the pre-1c6e7cf7 behaviour to avoid a regression
+while QEMU is being fixed.
+
+This version of the fix is based on a suggestion from Frediano Ziglio.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1540919
+
+Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
+Acked-by: Frediano Ziglio <fziglio@redhat.com>
+---
+ server/red-parse-qxl.c | 4 ++++
+ server/red-parse-qxl.h | 1 +
+ server/red-worker.c | 2 +-
+ 3 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
+index 33f3692..c436214 100644
+--- a/server/red-parse-qxl.c
++++ b/server/red-parse-qxl.c
+@@ -24,6 +24,7 @@
+ #include <common/lz_common.h>
+ #include "spice-bitmap-utils.h"
+ #include "red-common.h"
++#include "red-qxl.h"
+ #include "memslot.h"
+ #include "red-parse-qxl.h"
+
+@@ -1497,4 +1498,7 @@ void red_put_cursor_cmd(RedCursorCmd *red)
+ red_put_cursor(&red->u.set.shape);
+ break;
+ }
++ if (red->qxl) {
++ red_qxl_release_resource(red->qxl, red->release_info_ext);
++ }
+ }
+diff --git a/server/red-parse-qxl.h b/server/red-parse-qxl.h
+index 4a576ca..f0407b5 100644
+--- a/server/red-parse-qxl.h
++++ b/server/red-parse-qxl.h
+@@ -99,6 +99,7 @@ typedef struct RedSurfaceCmd {
+ } RedSurfaceCmd;
+
+ typedef struct RedCursorCmd {
++ QXLInstance *qxl;
+ QXLReleaseInfoExt release_info_ext;
+ uint8_t type;
+ union {
+diff --git a/server/red-worker.c b/server/red-worker.c
+index 8a63fde..ccf5df9 100644
+--- a/server/red-worker.c
++++ b/server/red-worker.c
+@@ -112,7 +112,7 @@ static gboolean red_process_cursor_cmd(RedWorker *worker, const QXLCommandExt *e
+ free(cursor_cmd);
+ return FALSE;
+ }
+- red_qxl_release_resource(worker->qxl, cursor_cmd->release_info_ext);
++ cursor_cmd->qxl = worker->qxl;
+ cursor_channel_process_cmd(worker->cursor_channel, cursor_cmd);
+ return TRUE;
+ }
diff --git a/SPECS/spice.spec b/SPECS/spice.spec
index 2838eb9..0d8b086 100644
--- a/SPECS/spice.spec
+++ b/SPECS/spice.spec
@@ -1,6 +1,6 @@
Name: spice
Version: 0.14.0
-Release: 2%{?dist}
+Release: 2%{?dist}.3
Summary: Implements the SPICE protocol
Group: User Interface/Desktops
License: LGPLv2+
@@ -26,6 +26,8 @@ Patch17: 0017-stream-device-Start-supporting-resetting-device-when.patch
Patch18: 0018-stream-device-Create-channel-when-needed.patch
Patch19: 0019-stream-device-Limit-sending-queue-from-guest-to-serv.patch
Patch20: 0020-stream-channel-Activate-streaming-report-from-client.patch
+Patch21: 0021-reds-Disable-TLS-1.0.patch
+Patch22: 0022-cursor-Delay-release-of-QXL-guest-cursor-resources.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=613529
%if 0%{?rhel}
@@ -115,6 +117,20 @@ mkdir -p %{buildroot}%{_libexecdir}
%changelog
+* Fri Apr 27 2018 Christophe Fergeau <cfergeau@redhat.com> - 0.14.0-2.3
+- Revert back to spice 0.12 behaviour where QXL guest resources for cursor
+ commands are only released when the current cursor is replaced. This avoids
+ a QEMU regression causing crashes during migration
+ Resolves: rhbz#1572489
+
+* Mon Mar 19 2018 Christophe Fergeau <cfergeau@redhat.com> - 0.14.0-2.2
+- Rebuild for missing changelog entry
+ Related: rhbz#1551072
+
+* Thu Mar 15 2018 Christophe Fergeau <cfergeau@redhat.com> - 0.14.0-2.1
+- Disable TLSv1.0
+ Related: rhbz#1551072
+
* Thu Oct 12 2017 Christophe Fergeau <cfergeau@redhat.com> - 0.14.0-2
- Add streaming patches for use with spice-streaming-agent
Related: rhbz#1478356