diff --git a/dist b/dist
index 89c1faffc18349bb12eee2371e9dc43bf419b95c..0b1f29d1996a6e51bc20a44b790adcb166a234f4 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an9
+an9_3
diff --git a/libreoffice.spec b/libreoffice.spec
index 30269c352306c521e38f0b322d58d4e55d15b0fa..16bd3a2201c4b322f0ffd8f88aef73a2db804de4 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -58,7 +58,7 @@ Summary:        Free Software Productivity Suite
 Name:           libreoffice
 Epoch:          1
 Version:        %{libo_version}.1
-Release:        12%{?libo_prerelease}%{anolis_release}%{?dist}
+Release:        12%{?libo_prerelease}%{anolis_release}%{?dist}.1
 License:        (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0
 URL:            http://www.libreoffice.org/
 Excludearch:    loongarch64
@@ -1055,6 +1055,10 @@ git commit -q -a -m 'add Anolis colors to palette'
 # apply patches
 %autopatch -M 99
 %if 0%{?rhel}
+# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1954999
+# From https://src.fedoraproject.org/rpms/python3.9/pull-request/60
+# Make at least a local rhpkg prep on Fedora work..
+%{?!apply_patch:%define apply_patch(qp:m:) {%__apply_patch %**}}
 %apply_patch -q %{PATCH500}
 %endif
 %if 0%{?anolis}
@@ -1077,6 +1081,9 @@ sed -i -e /CppunitTest_dbaccess_hsqlbinary_import/d dbaccess/Module_dbaccess.mk
 sed -i -e /CppunitTest_vcl_svm_test/d vcl/Module_vcl.mk
 sed -i -e /CustomTarget_uno_test/d testtools/Module_testtools.mk
 %endif
+# Broken with system nss. See also upstream commit ac519af951541b7313a4c98e1bee463bf47356be
+sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_ODT);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
+sed -i -e '/^\s*CPPUNIT_TEST(testInsertCertificate_PEM_DOCX);/d' desktop/qa/desktop_lib/test_desktop_lib.cxx
 
 git commit -q -a -m 'temporarily disable failing tests'
 
@@ -2309,15 +2316,17 @@ gtk-update-icon-cache -q %{_datadir}/icons/hicolor &>/dev/null || :
 %{_includedir}/LibreOfficeKit
 
 %changelog
-* Tue Mar 26 2024 Kaiqiang Wang <wangkaiqiang@inspur.com> - 1:7.18.1-12.0.1
-- fix CVE-2023-6185 CVE-2023-6186
-
-* Wed Dec 06 2023 yangxiaoxuan <yangxiaoxuan@openanolis.org> 1:7.1.8.1-11.0.1
+* Thu May 16 2024 yangxiaoxuan <yangxiaoxuan@openanolis.org> 1:7.1.8.1-12.0.1.1
 - Add configuration file and vemdor for Anolis OS
 - Fit build on Anolis OS 8
 - Remove loongarch64 arch
 - skip failed tests for anolis
 - remove Esperanto
+- fix CVE-2023-6185 CVE-2023-6186 (wangkaiqiang@inspur.com)
+
+* Fri Mar 08 2024 Eike Rathke <erack@redhat.com> - 1:7.1.8.1-12.1
+- Fix CVE-2023-6185 escape url passed to gstreamer
+- Fix CVE-2023-6186 check link target protocols
 
 * Tue Jun 20 2023 Stephan Bergmann <sbergman@redhat.com> - 1:7.1.8.1-11
 - Resolves: rhbz#2210193 CVE-2023-0950 Array Index UnderFlow in Calc Formula