diff --git a/dist b/dist
index 9c0e36ec42a2d9bfefacb21ac6354c9ddd910533..1fe92cf0fdf9c2625d878a2ace258f64c1e8ca44 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8
+an8_10
diff --git a/download b/download
index 09412f7a33ecfa06a3aee76aebeb297c1305df90..ee52a19dbcfdd8ea8680ec8ce18126fbea55db6c 100644
--- a/download
+++ b/download
@@ -1 +1 @@
-25ee921580f591e87b1a8a476026e67f  flatpak-1.10.8.tar.xz
+6a371323ee889b010ab277df21f6db41  flatpak-1.12.9.tar.xz
diff --git a/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch b/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8c9dd9ffce460e6c7120d3e5bcb6834264d5d0ff
--- /dev/null
+++ b/flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
@@ -0,0 +1,28 @@
+From 1c73110795b865246ce3595042dcd2d5e7891359 Mon Sep 17 00:00:00 2001
+From: Debarshi Ray <debarshir@gnome.org>
+Date: Mon, 6 Nov 2023 20:27:16 +0100
+Subject: [PATCH] Revert "selinux: Permit using systemd-userdbd"
+
+This reverts commit 399710ada185c1ee232bc3e6266a71688eb152b7.
+---
+ selinux/flatpak.te | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/selinux/flatpak.te b/selinux/flatpak.te
+index bb3d80e316eb..4cf895c44abe 100644
+--- a/selinux/flatpak.te
++++ b/selinux/flatpak.te
+@@ -33,10 +33,6 @@ optional_policy(`
+    policykit_dbus_chat(flatpak_helper_t)
+ ')
+ 
+-optional_policy(`
+-   systemd_userdbd_stream_connect(flatpak_helper_t)
+-')
+-
+ optional_policy(`                   
+     unconfined_domain(flatpak_helper_t)
+ ')
+-- 
+2.41.0
+
diff --git a/flatpak.spec b/flatpak.spec
index 557e76cff37f904845cc9b13557387f071044fea..a5b210ed0122eca3f3b0d28a8e3fa7bfc7be8652 100644
--- a/flatpak.spec
+++ b/flatpak.spec
@@ -1,16 +1,23 @@
-%define anolis_release .0.1
 %global bubblewrap_version 0.4.0
 %global ostree_version 2020.8
 
 Name:           flatpak
-Version:        1.10.8
-Release:        1%{anolis_release}%{?dist}
+Version:        1.12.9
+Release:        1%{?dist}
 Summary:        Application deployment framework for desktop apps
 
 License:        LGPLv2+
 URL:            http://flatpak.org/
 Source0:        https://github.com/flatpak/flatpak/releases/download/%{version}/%{name}-%{version}.tar.xz
 
+%if 0%{?fedora}
+# Add Fedora flatpak repositories
+Source1:        flatpak-add-fedora-repos.service
+%endif
+
+# https://issues.redhat.com/browse/RHEL-4220
+Patch0:         flatpak-Revert-selinux-Permit-using-systemd-userdbd.patch
+
 BuildRequires:  pkgconfig(appstream-glib)
 BuildRequires:  pkgconfig(dconf)
 BuildRequires:  pkgconfig(fuse)
@@ -35,14 +42,12 @@ BuildRequires:  docbook-style-xsl
 BuildRequires:  gettext
 BuildRequires:  libassuan-devel
 BuildRequires:  libcap-devel
+BuildRequires:  python3-devel
 BuildRequires:  python3-pyparsing
 BuildRequires:  systemd
-BuildRequires:  /usr/bin/python3
 BuildRequires:  /usr/bin/xmlto
 BuildRequires:  /usr/bin/xsltproc
 
-%{?systemd_requires}
-
 Requires:       bubblewrap >= %{bubblewrap_version}
 Requires:       librsvg2%{?_isa}
 Requires:       ostree-libs%{?_isa} >= %{ostree_version}
@@ -120,6 +125,8 @@ This package contains installed tests for %{name}.
 
 %prep
 %autosetup -p1
+# Make sure to use the RHEL-lifetime supported Python and no other
+%py3_shebang_fix scripts/* subprojects/variant-schema-compiler/* tests/*
 
 
 %build
@@ -143,6 +150,11 @@ install -pm 644 NEWS README.md %{buildroot}/%{_pkgdocdir}
 install -d %{buildroot}%{_localstatedir}/lib/flatpak
 install -d %{buildroot}%{_sysconfdir}/flatpak/remotes.d
 rm -f %{buildroot}%{_libdir}/libflatpak.la
+
+%if 0%{?fedora}
+install -D -t %{buildroot}%{_unitdir} %{SOURCE1}
+%endif
+
 %find_lang %{name}
 
 # Work around selinux denials, see
@@ -159,15 +171,28 @@ getent passwd flatpak >/dev/null || \
 exit 0
 
 
+%if 0%{?fedora}
 %post
-# Create an (empty) system-wide repo.
-flatpak remote-list --system &> /dev/null || :
+%systemd_post flatpak-add-fedora-repos.service
+%endif
 
 
 %post selinux
 %selinux_modules_install %{_datadir}/selinux/packages/flatpak.pp.bz2
 
 
+%if 0%{?fedora}
+%preun
+%systemd_preun flatpak-add-fedora-repos.service
+%endif
+
+
+%if 0%{?fedora}
+%postun
+%systemd_postun_with_restart flatpak-add-fedora-repos.service
+%endif
+
+
 %postun selinux
 if [ $1 -eq 0 ]; then
     %selinux_modules_uninstall %{_datadir}/selinux/packages/flatpak.pp.bz2
@@ -210,6 +235,7 @@ fi
 %{_mandir}/man5/flatpak-installation.5*
 %{_mandir}/man5/flatpak-remote.5*
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.Flatpak.SystemHelper.conf
+%dir %{_sysconfdir}/flatpak
 %{_sysconfdir}/flatpak/remotes.d
 %{_sysconfdir}/profile.d/flatpak.sh
 %{_sysusersdir}/flatpak.conf
@@ -218,6 +244,10 @@ fi
 %{_userunitdir}/flatpak-portal.service
 %{_systemd_user_env_generator_dir}/60-flatpak
 
+%if 0%{?fedora}
+%{_unitdir}/flatpak-add-fedora-repos.service
+%endif
+
 %files devel
 %{_datadir}/gir-1.0/Flatpak-1.0.gir
 %{_datadir}/gtk-doc/
@@ -247,8 +277,17 @@ fi
 
 
 %changelog
-* Tue Jan 02 2024 Zhao Hang <wb-zh951434@alibaba-inc.com> - 1.10.8-1.0.1
-- Modify dependency version
+* Tue Apr 30 2024 Kalev Lember <klember@redhat.com> - 1.12.9-1
+- Update to 1.12.9 (CVE-2024-32462)
+
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.12.8-1
+- Rebase to 1.12.8 (RHEL-4220)
+
+* Mon Nov 06 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-3
+- Let flatpak own %%{_sysconfdir}/flatpak (RHEL-15822)
+
+* Mon Sep 04 2023 Miro Hrončok <mhroncok@redhat.com> - 1.10.8-2
+- Make sure to use the RHEL-lifetime supported Python and no other (RHEL-2225)
 
 * Tue Jul 11 2023 Debarshi Ray <rishi@fedoraproject.org> - 1.10.8-1
 - Rebase to 1.10.8 (#2222103)