diff --git a/_service b/_service
new file mode 100644
index 0000000..af8273c
--- /dev/null
+++ b/_service
@@ -0,0 +1,7 @@
+<services>
+ <service name="go_modules" mode="manual">
+  <param name="replace">
+   golang.org/x/crypto=golang.org/x/crypto@v0.45.0
+  </param>
+ </service>
+</services>
diff --git a/mcphost-0.32.0-vendor.tar.gz b/mcphost-0.32.0-vendor.tar.gz
deleted file mode 100644
index e74e574..0000000
--- a/mcphost-0.32.0-vendor.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc958b52d71db6c32fe3910357dd18b5e482a3d7139623fec673e178deab6212
-size 11514276
diff --git a/mcphost.changes b/mcphost.changes
index 6684b75..1bff913 100644
--- a/mcphost.changes
+++ b/mcphost.changes
@@ -1,12 +1,46 @@
+-------------------------------------------------------------------
+Fri Jan  2 17:24:56 UTC 2026 - Egbert Eich <eich@suse.com>
+
+- Fix CVEs
+  * GO-2025-4135 (CVE-2025-47914)
+    SSH Agent servers do not validate the size of messages
+    when processing new identity requests, which may cause
+    the program to panic if the message is malformed due to
+    an out of bounds read.
+  * GO-2025-4116 (CVE-2025-47913)
+    SSH clients receiving SSH_AGENT_SUCCESS when expecting a
+    typed response will panic and cause early termination of
+    the client process.
+  * GO-2025-4134 (CVE-2025-58181, bsc#1253952).
+    SSH servers parsing GSSAPI authentication
+    requests do not validate the number of mechanisms
+    specified in the request, allowing an attacker to cause
+    unbounded memory consumption.
+
 -------------------------------------------------------------------
 Wed Dec 10 11:52:10 UTC 2025 - Darragh O'Reilly <doreilly@suse.com>
 
 - Update to 0.32.0
+  Feat: Add option to require approval before tool.
+  Bump github.com/cloudwego/eino to fix panic.
+  Changes to 0.31.4:
+  Update dependencies.
+  Changes to 0.31.3:
+  Fix format & update models.
+  Changes to 0.31.2:
+  Fix: suppress health check logging to debug output only/
+  Changes to 0.31.1:
+  Update dependency update mcp-go.
 
 -------------------------------------------------------------------
 Wed Nov  5 10:17:13 UTC 2025 - Sai Karthik Karra <kskarthik@disroot.org>
 
-- Add shell completions & basic %check during build time 
+- Add shell completions & basic %check during build time.
+
+-------------------------------------------------------------------
+Fri Oct 24 11:26:42 UTC 2025 - Ana Guerrero <ana.guerrero@suse.com>
+
+- Modernise packaging
 
 -------------------------------------------------------------------
 Fri Oct 10 12:43:31 UTC 2025 - Egbert Eich <eich@suse.com>
diff --git a/mcphost.spec b/mcphost.spec
index a34529a..a523bb7 100644
--- a/mcphost.spec
+++ b/mcphost.spec
@@ -14,28 +14,16 @@
 
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
-%global provider github
-%global provider_tld com
-%global project mark3labs
-%global repo mcphost
-%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
-%global name %{provider}-%{provider_tld}-%{project}-%{repo}
-%{!?goprep: %define goprep go version #}
-%{!?gobuild: %define gobuild go build -buildmode=pie -mod=vendor}
-%{!?goinstall: %define goinstall install -D -m 0755 %{repo} %{buildroot}%{_bindir}/%{repo}}
 
-Name:           %repo
+Name:           mcphost
 Version:        0.32.0
-Release:        4.mge
+Release:        0
 Summary:        A CLI host application for the Model Context Protocol (MCP)
-License:        MIT and Apache-2.0 and BSD-2-Clause and BSD-3-Clause
+License:        MIT and Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause
 URL:            https://github.com/mark3labs/mcphost
-Source0:        https://%{import_path}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        %{name}-%{version}-vendor.tar.gz
-BuildRequires:  go >= 1.24
-%if 0%{?suse_version} >= 1500
-BuildRequires:  golang-packaging
-%endif
+Source0:        https://github.com/mark3labs/mcphost/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) >= 1.24
 
 %description
 A CLI host application that enables Large Language Models (LLMs) to interact
@@ -74,18 +62,15 @@ Supplements:    (%{name} and fish)
 The official fish completion script for %{name}, generated during the build.
 
 %prep
-# Setup the main source code
-%setup -q -n %{name}-%{version}
-%setup -q -D -T -a 1 -n %{name}-%{version}
-
-sed -i -e "s/go1.24.5/go1.24/g" go.mod
-%{goprep} %{import_path}
+%autosetup -a 1
 
 %build
-%{gobuild}
+go build \
+       -mod=vendor \
+       -buildmode=pie
 
 %install
-%{goinstall}
+install -D -m 0755 %{name} "%{buildroot}%{_bindir}/%{name}"
 
 # Build the shell autocomplete files
 %{buildroot}/%{_bindir}/%{name} completion bash > %{name}-autocomplete.bash
diff --git a/vendor.tar.gz b/vendor.tar.gz
new file mode 100644
index 0000000..92639ba
--- /dev/null
+++ b/vendor.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:892f290db7cbaf6efb3415fc4004ae1cc451de652cbe745047deaf7da14e95e3
+size 11343509