diff --git a/libnettle.changes b/libnettle.changes
index 0a8e59f..5608ca2 100644
--- a/libnettle.changes
+++ b/libnettle.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Jan 28 20:45:45 UTC 2016 - tchvatal@suse.com
+
+- Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847
+  CVE-2015-8804 bnc#964845 CVE-2015-8803:
+  * New functions for RSA private key operations, identified by
+    the "_tr" suffix, with better resistance to side channel
+    attacks and to hardware or software failures which could
+    break the CRT optimization
+  * SHA3 implementation is updated according to the FIPS 202 standard
+  * New ARM Neon implementation of the chacha stream cipher
+  * Should be compatible binary with 3.1 series
+- Add patch to fix build with cflags:
+  * nettle-respect-cflags.patch
+
 -------------------------------------------------------------------
 Mon Jun 22 08:43:05 UTC 2015 - tchvatal@suse.com
 
diff --git a/libnettle.spec b/libnettle.spec
index 996ea0a..bbf44e1 100644
--- a/libnettle.spec
+++ b/libnettle.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libnettle
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define soname 6
 %define hogweed_soname 4
 Name:           libnettle
-Version:        3.1.1
+Version:        3.2
 Release:        0
 Summary:        Cryptographic Library
 License:        LGPL-2.1+ and GPL-2.0+
@@ -29,6 +29,8 @@ Source0:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz
 Source1:        https://ftp.gnu.org/gnu/nettle/nettle-%{version}.tar.gz.sig
 Source2:        %{name}.keyring
 Source3:        baselibs.conf
+# PATCH-FIX-UPSTREAM respect cflags while building
+Patch0:         nettle-respect-cflags.patch
 BuildRequires:  gmp-devel
 BuildRequires:  makeinfo
 BuildRequires:  pkgconfig
@@ -91,6 +93,7 @@ operations using the nettle library.
 
 %prep
 %setup -q -n nettle-%{version}
+%patch0 -p1
 
 %build
 %configure \
diff --git a/nettle-3.1.1.tar.gz b/nettle-3.1.1.tar.gz
deleted file mode 100644
index 4d1e508..0000000
--- a/nettle-3.1.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5fd4d25d64d8ddcb85d0d897572af73b05b4d163c6cc49438a5bfbb8ff293d4c
-size 1851876
diff --git a/nettle-3.1.1.tar.gz.sig b/nettle-3.1.1.tar.gz.sig
deleted file mode 100644
index fbb00b9..0000000
Binary files a/nettle-3.1.1.tar.gz.sig and /dev/null differ
diff --git a/nettle-3.2.tar.gz b/nettle-3.2.tar.gz
new file mode 100644
index 0000000..d02080e
--- /dev/null
+++ b/nettle-3.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ea4283def236413edab5a4cf9cf32adf540c8df1b9b67641cfc2302fca849d97
+size 1879604
diff --git a/nettle-3.2.tar.gz.sig b/nettle-3.2.tar.gz.sig
new file mode 100644
index 0000000..08c2ab0
Binary files /dev/null and b/nettle-3.2.tar.gz.sig differ
diff --git a/nettle-respect-cflags.patch b/nettle-respect-cflags.patch
new file mode 100644
index 0000000..d55e3ac
--- /dev/null
+++ b/nettle-respect-cflags.patch
@@ -0,0 +1,38 @@
+Index: nettle-3.2/Makefile.in
+===================================================================
+--- nettle-3.2.orig/Makefile.in
++++ nettle-3.2/Makefile.in
+@@ -278,27 +278,27 @@ $(LIBHOGWEED_FORLINK): $(hogweed_OBJS) $
+ # executable. Avoid object file targets to make it easy to run the
+ # right compiler.
+ aesdata$(EXEEXT_FOR_BUILD): aesdata.c
+-	$(CC_FOR_BUILD) `test -f aesdata.c || echo '$(srcdir)/'`aesdata.c \
++	$(CC_FOR_BUILD) $(CFLAGS) `test -f aesdata.c || echo '$(srcdir)/'`aesdata.c \
+ 	-o aesdata$(EXEEXT_FOR_BUILD)
+ 
+ desdata$(EXEEXT_FOR_BUILD): desdata.c
+-	$(CC_FOR_BUILD) `test -f desdata.c || echo '$(srcdir)/'`desdata.c \
++	$(CC_FOR_BUILD) $(CFLAGS) `test -f desdata.c || echo '$(srcdir)/'`desdata.c \
+ 	-o desdata$(EXEEXT_FOR_BUILD)
+ 
+ twofishdata$(EXEEXT_FOR_BUILD): twofishdata.c
+-	$(CC_FOR_BUILD) `test -f twofishdata.c || echo '$(srcdir)/'`twofishdata.c \
++	$(CC_FOR_BUILD) $(CFLAGS) `test -f twofishdata.c || echo '$(srcdir)/'`twofishdata.c \
+ 	-o twofishdata$(EXEEXT_FOR_BUILD)
+ 
+ shadata$(EXEEXT_FOR_BUILD): shadata.c
+-	$(CC_FOR_BUILD) `test -f shadata.c || echo '$(srcdir)/'`shadata.c -lm \
++	$(CC_FOR_BUILD) $(CFLAGS) `test -f shadata.c || echo '$(srcdir)/'`shadata.c -lm \
+ 	-o shadata$(EXEEXT_FOR_BUILD)
+ 
+ gcmdata$(EXEEXT_FOR_BUILD): gcmdata.c
+-	$(CC_FOR_BUILD) `test -f gcmdata.c || echo '$(srcdir)/'`gcmdata.c \
++	$(CC_FOR_BUILD) $(CFLAGS) `test -f gcmdata.c || echo '$(srcdir)/'`gcmdata.c \
+ 	-o gcmdata$(EXEEXT_FOR_BUILD)
+ 
+ eccdata$(EXEEXT_FOR_BUILD): eccdata.c mini-gmp.c mini-gmp.h
+-	$(CC_FOR_BUILD) `test -f eccdata.c || echo '$(srcdir)/'`eccdata.c \
++	$(CC_FOR_BUILD) $(CFLAGS) `test -f eccdata.c || echo '$(srcdir)/'`eccdata.c \
+ 	-o eccdata$(EXEEXT_FOR_BUILD)
+ 
+ # desCore rules