diff --git a/thttpd-2.25b-strcpy.patch b/thttpd-2.25b-strcpy.patch
deleted file mode 100644
index 42b5ee8..0000000
--- a/thttpd-2.25b-strcpy.patch
+++ /dev/null
@@ -1,84 +0,0 @@
---- libhttpd.c
-+++ libhttpd.c
-@@ -294,7 +294,8 @@
- 	    }
- 	/* Nuke any leading slashes in the cgi pattern. */
- 	while ( ( cp = strstr( hs->cgi_pattern, "|/" ) ) != (char*) 0 )
--	    (void) strcpy( cp + 1, cp + 2 );
-+	    /* -2 for the offset, +1 for the '\0' */
-+	    (void) memmove( cp + 1, cp + 2, strlen( cp ) - 1 );
- 	}
-     hs->cgi_limit = cgi_limit;
-     hs->cgi_count = 0;
-@@ -1496,7 +1497,8 @@
- 	/* Remove any leading slashes. */
- 	while ( rest[0] == '/' )
- 	    {
--	    (void) strcpy( rest, &(rest[1]) );
-+	    /*One more for '\0', one less for the eaten first*/
-+	    (void) memmove( rest, &(rest[1]), strlen(rest) );
- 	    --restlen;
- 	    }
-     r = rest;
-@@ -2333,8 +2335,8 @@
- 		 hc->expnfilename, hc->hs->cwd, strlen( hc->hs->cwd ) ) == 0 )
- 	    {
- 	    /* Elide the current directory. */
--	    (void) strcpy(
--		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )] );
-+	    (void) memmove(
-+		hc->expnfilename, &hc->expnfilename[strlen( hc->hs->cwd )], strlen(hc->expnfilename) - strlen( hc->hs->cwd ) + 1 );
- 	    }
- #ifdef TILDE_MAP_2
- 	else if ( hc->altdir[0] != '\0' &&
-@@ -2405,15 +2407,15 @@
- 
-     /* Remove leading ./ and any /./ sequences. */
-     while ( strncmp( file, "./", 2 ) == 0 )
--	(void) strcpy( file, file + 2 );
-+	(void) memmove( file, file + 2, strlen( file ) - 1 );
-     while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
--	(void) strcpy( cp, cp + 2 );
-+	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
- 
-     /* Alternate between removing leading ../ and removing xxx/../ */
-     for (;;)
- 	{
- 	while ( strncmp( file, "../", 3 ) == 0 )
--	    (void) strcpy( file, file + 3 );
-+	    (void) memmove( file, file + 3, strlen( file ) - 2 );
- 	cp = strstr( file, "/../" );
- 	if ( cp == (char*) 0 )
- 	    break;
-@@ -4083,7 +4085,7 @@
- 	}
-     else if ( IN6_IS_ADDR_V4MAPPED( &saP->sa_in6.sin6_addr ) && strncmp( str, "::ffff:", 7 ) == 0 )
- 	/* Elide IPv6ish prefix for IPv4 addresses. */
--	(void) strcpy( str, &str[7] );
-+	(void) memmove( str, &str[7], strlen( str ) - 6 );
- 
-     return str;
- 
---- thttpd.c
-+++ thttpd.c
-@@ -573,7 +573,7 @@
- 	    {
- 	    if ( strncmp( logfile, cwd, strlen( cwd ) ) == 0 )
- 		{
--		(void) strcpy( logfile, &logfile[strlen( cwd ) - 1] );
-+		(void) memmove( logfile, &logfile[strlen( cwd ) - 1], strlen(logfile) - (strlen( cwd ) - 1) + 1 );
- 		/* (We already guaranteed that cwd ends with a slash, so leaving
- 		** that slash in logfile makes it an absolute pathname within
- 		** the chroot tree.)
-@@ -1422,9 +1422,9 @@
- 
- 	/* Nuke any leading slashes in pattern. */
- 	if ( pattern[0] == '/' )
--	    (void) strcpy( pattern, &pattern[1] );
-+	    (void) memmove( pattern, &pattern[1], strlen(pattern) );
- 	while ( ( cp = strstr( pattern, "|/" ) ) != (char*) 0 )
--	    (void) strcpy( cp + 1, cp + 2 );
-+	    (void) memmove( cp + 1, cp + 2, strlen(cp) - 1 );
- 
- 	/* Check for room in throttles. */
- 	if ( numthrottles >= maxthrottles )
diff --git a/thttpd-2.26.tar.gz b/thttpd-2.26.tar.gz
deleted file mode 100644
index 9e6bd2a..0000000
--- a/thttpd-2.26.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:15b3f6c60f854061e333227e9ea9ff789d34a092c9365690a8c0d3ecfc85cbb7
-size 132950
diff --git a/thttpd-2.27.tar.gz b/thttpd-2.27.tar.gz
new file mode 100644
index 0000000..d8b5e3f
--- /dev/null
+++ b/thttpd-2.27.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b1c4bc37ada7c39cc2bcfbf86b3bc05be91be49f8bb4f55379eaff1f66516d7a
+size 134005
diff --git a/thttpd.changes b/thttpd.changes
index ef16735..c0495c3 100644
--- a/thttpd.changes
+++ b/thttpd.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jun 26 11:58:22 UTC 2017 - vcizek@suse.com
+
+- update to 2.27
+  Stats syslogs changed from LOG_INFO to LOG_NOTICE.
+  Use memmove() for self-overlapping string copies instead of strcpy().
+  Couple of subroutine name changes for consistency.
+- drop thttpd-2.25b-strcpy.patch (upstream)
+- enforce single process build, as parallel does fail sometimes
+
 -------------------------------------------------------------------
 Thu Sep 17 14:10:46 UTC 2015 - vcizek@suse.com
 
diff --git a/thttpd.spec b/thttpd.spec
index f8dbde4..29decc7 100644
--- a/thttpd.spec
+++ b/thttpd.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package thttpd
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
 %define with_systemd 0
 %endif
 Name:           thttpd
-Version:        2.26
+Version:        2.27
 Release:        0
 Summary:        Small and very simple webserver
 License:        BSD-3-Clause
@@ -45,7 +45,6 @@ Patch7:         %{name}-2.25b-syslogtocern.diff
 Patch8:         %{name}-2.25b-overflow.diff
 Patch9:         %{name}-2.25b-chown.diff
 Patch10:        %{name}-2.25b-zerolen.patch
-Patch11:        %{name}-2.25b-strcpy.patch
 # PATCH-FIX-SUSE CVE-2012-5640
 Patch13:        thttpd-2.25b-CVE-2012-5640-check_crypt_return_value.patch
 Patch14:        thttpd-CVE-2013-0348.patch
@@ -54,12 +53,11 @@ BuildRequires:  automake
 BuildRequires:  libtool
 Requires(post): permissions
 Recommends:     logrotate
-# both packages provide /usr/bin/htpasswd
-Conflicts:      apache2-utils
 # both packages provide /srw/www/htdocs/index.html
 Conflicts:      apache2-example-pages
+# both packages provide /usr/bin/htpasswd
+Conflicts:      apache2-utils
 Provides:       http_daemon
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{with_systemd}
 BuildRequires:  systemd
 %{?systemd_requires}
@@ -89,7 +87,6 @@ traffic.
 %patch8
 %patch9
 %patch10
-%patch11
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
@@ -104,7 +101,8 @@ export V_CCOPT="%{optflags} -fPIC -DPIC -fPIE"
 export CFLAGS="%{optflags} -fPIC -DPIC -fPIE"
 export LDFLAGS="-pie -Wl,-z,relro,-z,now"
 %configure
-make
+# parallel build causes problems, single thread build takes only 10s anyway
+make -j1
 
 %install
 install -d %{buildroot}%{_bindir} \
@@ -112,7 +110,7 @@ install -d %{buildroot}%{_bindir} \
     %{buildroot}%{_mandir}/man1 \
     %{buildroot}%{_mandir}/man8 \
     %{buildroot}%{serverroot}/htdocs/users
-make DESTDIR=%{buildroot} install %{?_smp_mflags}
+%make_install
 install -D -m0644 index.html %{buildroot}/%{serverroot}/htdocs/index.html
 install -D -m0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{name}.conf
 install -D -m0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
@@ -135,11 +133,7 @@ ln -s %{buildroot}%{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
 %else
 %{fillup_and_insserv thttpd}
 %endif
-%if 0%{?suse_version} <= 1130
-%run_permissions
-%else
 %set_permissions %{_bindir}/makeweb
-%endif
 
 %verifyscript
 %verify_permissions -e %{_bindir}/makeweb
@@ -160,7 +154,6 @@ ln -s %{buildroot}%{_initddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
 %endif
 
 %files
-%defattr(-, root, root)
 %doc README config.h
 %{serverroot}/htdocs/*
 %attr(775, root, www) %{serverroot}/htdocs/users