diff --git a/librepo.changes b/librepo.changes
index f2b8ae0..d2ab606 100644
--- a/librepo.changes
+++ b/librepo.changes
@@ -34,6 +34,14 @@ Sat Aug 22 20:18:17 UTC 2020 - Neal Gompa <ngompa13@gmail.com>
 
 - Upgrade to 1.12.1
   + Validate path read from repomd.xml (rh#1868639, CVE-2020-14352)
+- Dropped validate_path.patch to prevent directory traversal attacks
+  (boo#1175475, CVE-2020-14352) since it is upstream with version 1.12.1
+
+-------------------------------------------------------------------
+Thu Aug 20 10:30:12 UTC 2020 - Christian Vögl <christian.voegl@suse.com>
+
+- Add validate_path.patch to prevent directory traversal attacks
+  (boo#1175475, CVE-2020-14352)
 
 -------------------------------------------------------------------
 Tue Jul  7 10:38:49 UTC 2020 - Neal Gompa <ngompa13@gmail.com>
diff --git a/librepo.spec b/librepo.spec
index a4e40db..8a5b638 100644
--- a/librepo.spec
+++ b/librepo.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package librepo
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 # Copyright (c) 2020-2021 Neal Gompa <ngompa13@gmail.com>.
 #
 # All modifications and additions to the file contributed by third parties
@@ -51,9 +51,9 @@ BuildRequires:  doxygen
 BuildRequires:  gpgme-devel
 BuildRequires:  pkgconfig(check)
 BuildRequires:  pkgconfig(glib-2.0) >= 2.26.0
+BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:  pkgconfig(libcurl) >= 7.52.0
 BuildRequires:  pkgconfig(libxml-2.0)
-BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:  pkgconfig(openssl)
 %if %{with zchunk}
 BuildRequires:  pkgconfig(zck) >= 0.9.11
@@ -88,8 +88,8 @@ Summary:        Python 3 bindings for the librepo library
 Group:          Development/Libraries/Python
 BuildRequires:  python3-devel
 %if %{with tests}
-BuildRequires:  python3-gpg
 BuildRequires:  python3-Flask
+BuildRequires:  python3-gpg
 BuildRequires:  python3-requests
 %endif
 BuildRequires:  python3-Sphinx