diff --git a/README.security b/README.security
index bad04af..c1d4d68 100644
--- a/README.security
+++ b/README.security
@@ -1,10 +1,10 @@
 By default etcd doesn't require authentication.  If you configure etcd to be reachable
 over the network, have untrustworthy local users on the system where etc runs or store
-date in etcd that needs to be kept confidential please make sure to enable authentication.
+data in etcd that needs to be kept confidential please make sure to enable authentication.
 
 You can do that by configuring the settings under [security] in /etc/sysconfig/etcd.
-For additional guidance please red
-https://coreos.com/etcd/docs/latest/v2/security.html
+For additional guidance please read
+https://etcd.io/docs/v3.5/op-guide/configuration/#security
 and
-https://coreos.com/etcd/docs/latest/op-guide/authentication.html
+https://etcd.io/docs/v3.5/op-guide/authentication
 to ensure that you enforce proper access control
diff --git a/_service b/_service
index 4e87190..9403014 100644
--- a/_service
+++ b/_service
@@ -3,7 +3,7 @@
     <param name="url">git://github.com/etcd-io/etcd.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v3.4.16</param>
+    <param name="revision">v3.5.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
diff --git a/_servicedata b/_servicedata
index 14311fb..1ab3c13 100644
--- a/_servicedata
+++ b/_servicedata
@@ -3,4 +3,4 @@
                 <param name="url">https://github.com/coreos/etcd.git</param>
               <param name="changesrevision">94745a4eed0425653b3b4275a208d38babceeaec</param></service><service name="tar_scm">
                 <param name="url">git://github.com/etcd-io/etcd.git</param>
-              <param name="changesrevision">d19fbe541bf9c81e2d69d71d1068bd40c04de200</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">99018a77bea9a9d29962e5169876c64e02739c52</param></service></servicedata>
\ No newline at end of file
diff --git a/etcd-3.4.16.tar.gz b/etcd-3.4.16.tar.gz
deleted file mode 100644
index 37af4e3..0000000
--- a/etcd-3.4.16.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:febaa801cbb80e10a79044250827e7810c417235da25674cb205293ddb0f452a
-size 8935573
diff --git a/etcd-3.5.2.tar.gz b/etcd-3.5.2.tar.gz
new file mode 100644
index 0000000..41fa8d1
--- /dev/null
+++ b/etcd-3.5.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f4a15f51e2b08f17f64cad8a9b4803e725a416d4b200e9abd8f467c54960c7f
+size 4083269
diff --git a/etcd.changes b/etcd.changes
index a677505..a6ec8f5 100644
--- a/etcd.changes
+++ b/etcd.changes
@@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Wed Mar  9 14:07:20 UTC 2022 - Elisei Roca <eroca@suse.com>
+
+- Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported
+- Update go version to 1.16
+- Update etcd.conf variables
+- Add the new etcdutl into separate subpackage
+- Update vendor.tar.gz to include vendoring for server, etcdctl and etcdutl
+  * see ./vendor-update.sh
+
+-------------------------------------------------------------------
+Wed Feb 23 15:54:14 UTC 2022 - Elisei Roca <eroca@suse.com>
+
+- Update to version 3.5.2:
+  * version: bump up to 3.5.2
+  * Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254.
+  * fix runlock bug
+  * server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL
+  * etcdserver,integration: Store remaining TTL on checkpoint
+  * lease,integration: add checkpoint scheduling after leader change
+  * set the backend again after recovering v3 backend from snapshot
+  * *: implement a retry logic for auth old revision in the client
+  * client/v3: refresh the token when ErrUserEmpty is received while retrying
+  * server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers
+  * storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6)
+
+- Update to version 3.5.1:
+  * version: 3.5.1
+  * Dockerfile: bump debian bullseye-20210927
+  * client: Use first endpoint as http2 authority header
+  * tests: Add grpc authority e2e tests
+  * client: Add grpc authority header integration tests
+  * tests: Allow configuring integration tests to use TCP
+  * test: Use unique number for grpc port
+  * tests: Cleanup member interface by exposing Bridge directly
+  * tests: Make using bridge optional
+  * tests: Rename grpcAddr to grpcURL to imply that it includes schema
+  * tests: Remove bridge dependency on unix
+  * Decouple prefixArgs from os.Env dependency
+  * server: Ensure that adding and removing members handle storev2 and backend out of sync
+  * Stop using tip golang version in CI
+  * fix self-signed-cert-validity parameter cannot be specified in the config file
+  * fix health endpoint not usable when authentication is enabled
+  * workflows: remove ARM64 job for maintenance
+
+- Update to version 3.5.0:
+  * See link below, diff is too big
+    https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0
+
 -------------------------------------------------------------------
 Tue Sep 14 07:23:37 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/etcd.conf b/etcd.conf
index 8804e5e..fce46a7 100644
--- a/etcd.conf
+++ b/etcd.conf
@@ -26,14 +26,7 @@ ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
 #ETCD_DISCOVERY_SRV=""
 #ETCD_DISCOVERY_FALLBACK="proxy"
 #ETCD_DISCOVERY_PROXY=""
-#
-#[proxy]
-#ETCD_PROXY="off"
-#ETCD_PROXY_FAILURE_WAIT="5000"
-#ETCD_PROXY_REFRESH_INTERVAL="30000"
-#ETCD_PROXY_DIAL_TIMEOUT="1000"
-#ETCD_PROXY_WRITE_TIMEOUT="5000"
-#ETCD_PROXY_READ_TIMEOUT="0"
+
 #
 #[security]
 #ETCD_CERT_FILE=""
@@ -46,6 +39,14 @@ ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
 #ETCD_PEER_TRUSTED_CA_FILE=""
 #
 #[logging]
-#ETCD_DEBUG="false"
+#ETCD_LOG_LEVEL="debug"
 # examples for -log-package-levels etcdserver=WARNING,security=DEBUG
 #ETCD_LOG_PACKAGE_LEVELS=""
+#
+#[proxy] Note: flags will be deprecated in v3.6. "proxy" supports v2 API only.
+#ETCD_PROXY="off"
+#ETCD_PROXY_FAILURE_WAIT="5000"
+#ETCD_PROXY_REFRESH_INTERVAL="30000"
+#ETCD_PROXY_DIAL_TIMEOUT="1000"
+#ETCD_PROXY_WRITE_TIMEOUT="5000"
+#ETCD_PROXY_READ_TIMEOUT="0"
diff --git a/etcd.spec b/etcd.spec
index 4bab4b5..bd46b3d 100644
--- a/etcd.spec
+++ b/etcd.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package etcd
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           etcd
-Version:        3.4.16
+Version:        3.5.2
 Release:        0
 Summary:        Highly-available key value store for configuration and service discovery
 License:        Apache-2.0
@@ -34,13 +34,13 @@ Source11:       %{name}.conf
 Source12:       %{name}.service
 Source15:       README.security
 Source16:       system-user-etcd.conf
-BuildRequires:  golang(API) = 1.14
+BuildRequires:  golang(API) >= 1.16
 BuildRequires:  golang-packaging
-BuildRequires:  sysuser-tools
 BuildRequires:  systemd-rpm-macros
+BuildRequires:  sysuser-tools
 BuildRequires:  xz
 Requires(post): %fillup_prereq
-ExcludeArch:    s390 %ix86
+ExcludeArch:    s390 %{ix86}
 %sysusers_requires
 %{go_provides}
 # Make sure that the binary is not getting stripped.
@@ -63,26 +63,46 @@ Group:          System/Management
 A command line client for etcd. It can be used in scripts or for administrators
 to explore an etcd cluster.
 
+%package -n etcdutl
+Summary:        A simple command line client for etcd
+Group:          System/Management
+
+%description -n etcdutl
+A command line administration utility for etcd.
+It's designed to operate directly on etcd data files.
+
+For operations over a network, please use `etcdctl`.
+
 %prep
 %setup -q -a1
 cp %{SOURCE15} .
+cp -rla vendor/* ./ && rm -r vendor/
 
 %build
 %{goprep} %{project}
 
 mkdir -p ./bin
 
-go build -v -buildmode=pie -mod=vendor -o ./bin/etcd
-go build -v -buildmode=pie -mod=vendor -o ./bin/etcdctl ./etcdctl
+dir=$(pwd)
+for item in server etcdctl etcdutl;do
+  cd "$dir/$item"
+  go build -v \
+    -buildmode=pie \
+    -mod=vendor \
+    -ldflags="-s -X main.Version=%{version}" \
+    -o ../bin/"$item"
+done
+cd "$dir"
 
 %sysusers_generate_pre %{SOURCE16} %{name} system-user-etcd.conf
 
 %install
-install -d %{buildroot}/%{_sbindir}
-install -D -m 0755 ./bin/etcd %{buildroot}/%{_sbindir}/etcd
+install -d %{buildroot}%{_sbindir}
+install -D -m 0755 ./bin/server %{buildroot}%{_sbindir}/etcd
 
 install -d %{buildroot}/%{_bindir}
-install -D -m 0755 ./bin/etcdctl %{buildroot}/%{_bindir}/etcdctl
+install -D -m 0755 ./bin/etcdctl %{buildroot}%{_bindir}/etcdctl
+install -D -m 0755 ./bin/etcdutl %{buildroot}%{_bindir}/etcdutl
 
 # Service
 install -D -p -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}.service
@@ -90,14 +110,9 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 
 # Sysconfig
 install -D -p -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}/sysconfig.%{name}
-%ifarch aarch64
-# arm64 is not yet officially supported
-echo -e "\n#Enable arm64\nETCD_UNSUPPORTED_ARCH=arm64\n" >> %{buildroot}%{_fillupdir}/sysconfig.%{name}
-%endif
 
 # Additional
 install -d -m 750 %{buildroot}%{_localstatedir}/lib/%{name}
-
 install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
 
 %pre -f %{name}.pre
@@ -115,7 +130,7 @@ install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
 
 %files
 %license LICENSE
-%doc CONTRIBUTING.md README.md DCO NOTICE README.security
+%doc CONTRIBUTING.md README.md DCO README.security
 %{_sbindir}/%{name}
 %{_sysusersdir}/system-user-etcd.conf
 
@@ -131,5 +146,10 @@ install -Dm0644 %{SOURCE16} %{buildroot}%{_sysusersdir}/system-user-etcd.conf
 
 %files -n etcdctl
 %{_bindir}/etcdctl
+%doc etcdctl/README.md etcdctl/READMEv2.md
+
+%files -n etcdutl
+%{_bindir}/etcdutl
+%doc etcdutl/README.md
 
 %changelog
diff --git a/vendor-update.sh b/vendor-update.sh
new file mode 100644
index 0000000..ca7b9c3
--- /dev/null
+++ b/vendor-update.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/bash
+#
+# Script to update the vendor tarball
+# Author: Elisei Roca
+#------------------------------------
+
+# set -x
+
+NAME=etcd
+STACK=("server" "etcdctl" "etcdutl")
+VERSION=$(grep -oP '(?<=Version:)(.*)' etcd.spec | xargs)
+
+[ ! -f "$NAME-$VERSION".tar.gz ] && echo "$NAME-$VERSION.tar.gz does not exist" && exit 1 
+
+echo "Updating vendor file..."
+
+rm -rf /tmp/"$NAME" ||:
+mkdir -p /tmp/"$NAME"/vendor
+
+tar --strip-components=1 -xvf "$NAME-$VERSION".tar.gz -C /tmp/"$NAME" &> /dev/null
+
+dir=$(pwd)
+for item in ${STACK[*]}; do
+	mkdir /tmp/"$NAME"/vendor/"$item"
+	cd /tmp/"$NAME/$item"
+	go mod vendor
+	mv vendor/ ../vendor/"$item"
+done
+cd "$dir"
+
+fdupes -r -1 /tmp/"$NAME"/vendor/ |
+  while read line; do 
+    target="";
+    for file in ${line[*]}; do
+      if [ "x${target}" == "x" ]; then
+        target=$file;
+      else
+        ln -f "${target}" "${file}";
+      fi; 
+    done;
+  done
+
+tar -czvf vendor.tar.gz -C /tmp/"$NAME" vendor &> /dev/null
+rm -rf /tmp/"$NAME"  ||:
+
+echo "Repacked to vendor.tar.gz"
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 5442148..b3901dc 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cabd64a16316a618b65396c46f7d3488c9caea30b3ac4ff39afe0117880c4e3e
-size 2990865
+oid sha256:c7182a5250b1f74b73ed92b4d2e45349654eb38f11c7fca7c82fb4be3f771011
+size 4785590