diff --git a/avoid-too-large-dates.patch b/avoid-too-large-dates.patch
deleted file mode 100644
index 4387cf9..0000000
--- a/avoid-too-large-dates.patch
+++ /dev/null
@@ -1,105 +0,0 @@
---- a/tests/InCommon-metadata.xml
-+++ b/tests/InCommon-metadata.xml
-@@ -1,4 +1,4 @@
--<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="INC20140204T195141" Name="urn:mace:incommon" validUntil="2999-02-18T10:00:00Z" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-+<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="INC20140204T195141" Name="urn:mace:incommon" validUntil="2036-02-18T10:00:00Z" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
- <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
- <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
---- a/tests/attribute_response.xml
-+++ b/tests/attribute_response.xml
-@@ -32,13 +32,13 @@
-                     Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-                 <saml2:SubjectConfirmationData Address="192.168.1.1"
-                                                InResponseTo="id-f4d370f3d03650f3ec0da694e2348bfe"
--                                               NotOnOrAfter="2999-09-14T21:06:32.081Z"
-+                                               NotOnOrAfter="2036-09-14T21:06:32.081Z"
-                                                Recipient="https://myreviewroom.com/saml2/acs/"
-                         />
-             </saml2:SubjectConfirmation>
-         </saml2:Subject>
-         <saml2:Conditions NotBefore="2014-09-14T21:01:32.081Z"
--                          NotOnOrAfter="2999-09-14T21:06:32.081Z"
-+                          NotOnOrAfter="2036-09-14T21:06:32.081Z"
-                 >
-             <saml2:AudienceRestriction>
-                 <saml2:Audience>urn:mace:example.com:saml:roland:sp
---- a/tests/idp_example.xml
-+++ b/tests/idp_example.xml
-@@ -2,7 +2,7 @@
- <ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"
-                       xmlns:ns1="http://www.w3.org/2000/09/xmldsig#"
-                       entityID="http://localhost:8088/idp.xml"
--                      validUntil="2014-04-12T06:06:13Z">
-+                      validUntil="2036-04-12T06:06:13Z">
-     <ns0:IDPSSODescriptor WantAuthnRequestsOnlyWithValidCert="false"
-                           WantAuthnRequestsSigned="false"
-                           protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
---- a/tests/metadata.aaitest.xml
-+++ b/tests/metadata.aaitest.xml
-@@ -7,7 +7,7 @@
-                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                     ID="AAITest-20140205105921"
-                     Name="urn:mace:switch.ch:aaitest"
--                    validUntil="2999-02-10T09:59:21Z"
-+                    validUntil="2036-02-10T09:59:21Z"
-                     xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
-     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-         <ds:SignedInfo>
---- a/tests/metadata.xml
-+++ b/tests/metadata.xml
-@@ -1,6 +1,6 @@
- <?xml version='1.0' encoding='UTF-8'?>
- <ns0:EntitiesDescriptor name="urn:mace:example.com:saml:test"
--                        validUntil="2999-12-04T17:31:07Z"
-+                        validUntil="2036-12-04T17:31:07Z"
-                         xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata">
-   <ns0:EntityDescriptor entityID="urn:mace:example.com:saml:roland:sp">
-     <ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True"
---- a/tests/metasp.xml
-+++ b/tests/metasp.xml
-@@ -1,5 +1,5 @@
- <?xml version="1.0" encoding="UTF-8"?>
--<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" name="urn:mace:umu.se:saml:test" validUntil="2010-12-01T09:22:16Z">
-+<ns0:EntitiesDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" name="urn:mace:umu.se:saml:test" validUntil="2036-12-01T09:22:16Z">
-   <ns0:EntityDescriptor entityID="urn:mace:umu.se:saml:roland:sp">
-     <ns0:SPSSODescriptor AuthnRequestsSigned="False" WantAssertionsSigned="True" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
-       <ns0:KeyDescriptor>
---- a/tests/remote_data/InCommon-metadata-export.xml
-+++ b/tests/remote_data/InCommon-metadata-export.xml
-@@ -1,4 +1,4 @@
--<?xml version="1.0" encoding="UTF-8" standalone="no"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_20191126T193752" validUntil="3001-01-01T00:00:00Z">
-+<?xml version="1.0" encoding="UTF-8" standalone="no"?><EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="_20191126T193752" validUntil="2036-01-01T00:00:00Z">
- <md:Extensions xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
- <mdrpi:PublicationInfo creationInstant="2019-11-26T19:37:52Z" publisher="https://incommon.org"/>
- </md:Extensions>
---- a/tests/swamid-2.0.xml
-+++ b/tests/swamid-2.0.xml
-@@ -4,7 +4,7 @@
-       This file was automatically generated - do not edit 
- 
-     -->
--<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" Name="http://md.swamid.se/md/swamid-2.0.xml" cacheDuration="PT8H" validUntil="2999-12-13T10:05:05Z"><ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>wdokYz5tEa8aCh+fEPqytS/y9W8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Wsr/+VrII3wK5rAzQKmjSzflCIuIhQboSc6sIxQwWw3toALPfY5fBl1XHPKGFXxY
-+<md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" Name="http://md.swamid.se/md/swamid-2.0.xml" cacheDuration="PT8H" validUntil="2036-12-13T10:05:05Z"><ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>wdokYz5tEa8aCh+fEPqytS/y9W8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Wsr/+VrII3wK5rAzQKmjSzflCIuIhQboSc6sIxQwWw3toALPfY5fBl1XHPKGFXxY
- t6W7MxPjU1FKh4PdISeTgqYUwvrX2YDE7HxoYAZR5n5cZlogBZIR3dUwXAcJ75pX
- tDUHpoqNyEJgoaeTiFhNBrfwGPlWNb0RstfM+iMIpdNTlSFHvuHMxkJSEunjzbcj
- 7OU8KcYSlosw4wqdI/G50aQAjSJf+M1wARHtbPvH9ULeks5AUhKyJYztrPJc1UJL
---- a/tests/vo_metadata.xml
-+++ b/tests/vo_metadata.xml
-@@ -1,11 +1,11 @@
- <?xml version='1.0' encoding='UTF-8'?>
--<ns0:EntitiesDescriptor 
--  name="urn:mace:example.com:votest" 
--  validUntil="2999-11-28T09:10:09Z"
-+<ns0:EntitiesDescriptor
-+  name="urn:mace:example.com:votest"
-+  validUntil="2036-11-28T09:10:09Z"
-   xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata">
--  <ns0:EntityDescriptor 
-+  <ns0:EntityDescriptor
-     entityID="urn:mace:example.com:it:tek">
--    <ns0:AffiliationDescriptor 
-+    <ns0:AffiliationDescriptor
-       affiliationOwnerID="http://vo.example.org/vo">
-       <ns0:AffiliateMember>
-         urn:mace:example.com:saml:aa
diff --git a/python-pysaml2.changes b/python-pysaml2.changes
index caa9c82..b8a773d 100644
--- a/python-pysaml2.changes
+++ b/python-pysaml2.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Wed Jan 20 20:12:26 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- Update to 6.5.0 - Security release
+  * Fix processing of invalid SAML XML documents - CVE-2021-21238
+  * Fix unspecified xmlsec1 key-type preference - CVE-2021-21239
+  * Add more tests regarding XSW attacks
+  * Add XML Schemas for SAML2 and common extensions
+  * Fix the XML parser to not break on ePTID AttributeValues
+  * Fix the initialization value of the return_addrs property of the StatusResponse object
+  * Fix SWAMID entity-category policy regarding eduPersonTargetedID
+  * data: use importlib to load package data (backwards compatibility through the importlib_resources package)
+  * docs: improve the documentation for the signing_algorithm and digest_algorithm options
+  * examples: fix the logging configuration of the example-IdP
+  * tests: allow tests to pass on 32bit systems by properly choosing dates in test XML documents
+  * tests: improvements on the generation of response and assertion objects
+  * tests: expand tests on python-3.9 and python-3.10-dev
+- added new build dependencies:
+  * python3-importlib-resources
+  * python3-xmlschema
+  * update-alternatives
+- removed obsolete avoid-too-large-dates.patch
+- replaced %python3_alternative by %python_alternative
+
 -------------------------------------------------------------------
 Wed Jan  6 10:49:48 UTC 2021 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python-pysaml2.spec b/python-pysaml2.spec
index 02a3a8d..921e38e 100644
--- a/python-pysaml2.spec
+++ b/python-pysaml2.spec
@@ -20,19 +20,17 @@
 %global modname pysaml2
 %global skip_python2 1
 Name:           python-pysaml2
-Version:        6.3.1
+Version:        6.5.0
 Release:        0
 Summary:        Python implementation of SAML Version 2 to be used in a WSGI environment
 License:        Apache-2.0
 URL:            https://github.com/IdentityPython/pysaml2
 Source:         https://github.com/IdentityPython/pysaml2/archive/v%{version}.tar.gz
-# PATCH-FIX-UPSTREAM avoid-too-large-dates.patch gh#IdentityPython/pysaml2#759 mcepl@suse.com
-# avoid Y38K bug on 32bit machines.
-Patch0:         avoid-too-large-dates.patch
 BuildRequires:  %{python_module Paste}
 BuildRequires:  %{python_module cryptography >= 1.4}
 BuildRequires:  %{python_module dbm}
 BuildRequires:  %{python_module defusedxml}
+BuildRequires:  %{python_module importlib-resources}
 BuildRequires:  %{python_module mock}
 BuildRequires:  %{python_module pyOpenSSL}
 BuildRequires:  %{python_module pymongo}
@@ -44,8 +42,10 @@ BuildRequires:  %{python_module requests >= 1.0.0}
 BuildRequires:  %{python_module responses}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module six}
+BuildRequires:  %{python_module xmlschema}
 BuildRequires:  %{python_module zope.interface}
 BuildRequires:  fdupes
+BuildRequires:  update-alternatives
 # This is needed as xmlsec itself does not pull any backend by default
 # Will be fixed in future xmlsec releases
 BuildRequires:  libxmlsec1-openssl1
@@ -75,7 +75,6 @@ SAML2 service provider or an identity provider.
 %prep
 %setup -q -n %{modname}-%{version}
 %ifarch %{ix86}
-%patch0 -p1
 %endif
 
 # delete shebang of files not in executable path
@@ -110,10 +109,10 @@ done
 %files %{python_files}
 %license LICENSE
 %doc README.rst CHANGELOG.md
-%python3_alternative %{_bindir}/make_metadata.py
-%python3_alternative %{_bindir}/parse_xsd2.py
-%python3_alternative %{_bindir}/mdexport.py
-%python3_alternative %{_bindir}/merge_metadata.py
+%python_alternative %{_bindir}/make_metadata.py
+%python_alternative %{_bindir}/parse_xsd2.py
+%python_alternative %{_bindir}/mdexport.py
+%python_alternative %{_bindir}/merge_metadata.py
 %{python_sitelib}/*
 
 %changelog
diff --git a/v6.3.1.tar.gz b/v6.3.1.tar.gz
deleted file mode 100644
index 4e9c9f7..0000000
--- a/v6.3.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:54a5ec11da37abde1792207412a83e7f1da817179ffe864e35014dcdfdf2227d
-size 5959873
diff --git a/v6.5.0.tar.gz b/v6.5.0.tar.gz
new file mode 100644
index 0000000..a0b6443
--- /dev/null
+++ b/v6.5.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:97ed9307a870e4591472e021cf54cb9507010a3acca93cd36fe1ef4b2438fb50
+size 5991803