diff --git a/add-aki-to-child-certs.patch b/add-aki-to-child-certs.patch
deleted file mode 100644
index fc2826a..0000000
--- a/add-aki-to-child-certs.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 84e347d9221e304f0158330e5101d23969d424d0 Mon Sep 17 00:00:00 2001
-From: Illia Volochii <illia.volochii@gmail.com>
-Date: Wed, 27 Mar 2024 11:45:41 +0000
-Subject: [PATCH 1/3] Add AKI to child CA certificates
-
----
- src/trustme/__init__.py | 14 +++++++++++---
- tests/test_trustme.py   |  5 +++++
- 2 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/src/trustme/__init__.py b/src/trustme/__init__.py
-index 5fb24fb..0db1bb0 100644
---- a/src/trustme/__init__.py
-+++ b/src/trustme/__init__.py
-@@ -250,14 +250,22 @@ def __init__(
-             sign_key = parent_cert._private_key
-             parent_certificate = parent_cert._certificate
-             issuer = parent_certificate.subject
--
--        self._certificate = (
-+            ski_ext = parent_certificate.extensions.get_extension_for_class(
-+                x509.SubjectKeyIdentifier)
-+            aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski_ext.value)
-+        else:
-+            aki = None
-+        cert_builder = (
-             _cert_builder_common(name, issuer, self._private_key.public_key())
-             .add_extension(
-                 x509.BasicConstraints(ca=True, path_length=path_length),
-                 critical=True,
-             )
--            .add_extension(
-+        )
-+        if aki:
-+            cert_builder = cert_builder.add_extension(aki, critical=False)
-+        self._certificate = (
-+            cert_builder.add_extension(
-                 x509.KeyUsage(
-                     digital_signature=True,  # OCSP
-                     content_commitment=False,
-diff --git a/tests/test_trustme.py b/tests/test_trustme.py
-index 1d901ad..581716e 100644
---- a/tests/test_trustme.py
-+++ b/tests/test_trustme.py
-@@ -200,6 +200,11 @@ def test_intermediate() -> None:
-     assert_is_ca(child_ca_cert)
-     assert child_ca_cert.issuer == ca_cert.subject
-     assert _path_length(child_ca_cert) == 8
-+    aki = child_ca_cert.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier)
-+    assert aki.critical is False
-+    expected_aki_key_id = ca_cert.extensions.get_extension_for_class(
-+        x509.SubjectKeyIdentifier).value.digest
-+    assert aki.value.key_identifier == expected_aki_key_id
- 
-     child_server = child_ca.issue_cert("test-host.example.org")
-     assert len(child_server.cert_chain_pems) == 2
-
-From f507a28e0f4d97d63716aa5a81669bb747235f07 Mon Sep 17 00:00:00 2001
-From: Illia Volochii <illia.volochii@gmail.com>
-Date: Wed, 27 Mar 2024 12:02:59 +0000
-Subject: [PATCH 2/3] Fix a typing issue
-
----
- src/trustme/__init__.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/trustme/__init__.py b/src/trustme/__init__.py
-index 0db1bb0..d126180 100644
---- a/src/trustme/__init__.py
-+++ b/src/trustme/__init__.py
-@@ -246,6 +246,7 @@ def __init__(
-         )
-         issuer = name
-         sign_key = self._private_key
-+        aki: Optional[x509.AuthorityKeyIdentifier]
-         if parent_cert is not None:
-             sign_key = parent_cert._private_key
-             parent_certificate = parent_cert._certificate
-
-From cdd2fd61aae9c92f902932bacd6b39189ecde4b1 Mon Sep 17 00:00:00 2001
-From: Illia Volochii <illia.volochii@gmail.com>
-Date: Wed, 27 Mar 2024 12:09:38 +0000
-Subject: [PATCH 3/3] Add a news entry
-
----
- newsfragments/642.bugfix.rst | 1 +
- 1 file changed, 1 insertion(+)
- create mode 100644 newsfragments/642.bugfix.rst
-
-diff --git a/newsfragments/642.bugfix.rst b/newsfragments/642.bugfix.rst
-new file mode 100644
-index 0000000..9d75e7a
---- /dev/null
-+++ b/newsfragments/642.bugfix.rst
-@@ -0,0 +1 @@
-+Add the Authority Key Identifier extension to child CA certificates.
diff --git a/fix2038.patch b/fix2038.patch
deleted file mode 100644
index 918b8aa..0000000
--- a/fix2038.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Author: Bernhard M. Wiedemann <bwiedemann suse de>
-Date: 2023-01-14
-Subject: Fix tests of python-aiosmtplib after 2038
-
-Index: trustme-1.0.0/src/trustme/__init__.py
-===================================================================
---- trustme-1.0.0.orig/src/trustme/__init__.py
-+++ trustme-1.0.0/src/trustme/__init__.py
-@@ -37,7 +37,7 @@ __all__ = ["CA"]
- # Some versions of cryptography on 32-bit platforms fail if you give
- # them dates after ~2038-01-19:
- #   https://github.com/pyca/cryptography/pull/4658
--DEFAULT_EXPIRY = datetime.datetime(2038, 1, 1)
-+DEFAULT_EXPIRY = datetime.datetime(2098, 1, 1)
- 
- def _name(name: str, organization_name: Optional[str] = None, common_name: Optional[str] = None) -> x509.Name:
-     name_pieces = [
diff --git a/python-trustme.changes b/python-trustme.changes
index 461aff1..b13d1e1 100644
--- a/python-trustme.changes
+++ b/python-trustme.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Nov  5 15:14:17 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.2.0
+  * Add support for Python 3.13. (#664)
+  * Allow setting of cert's notBefore attribute (#628)
+  * Add the Authority Key Identifier extension to child
+    CA certificates. (#642)
+  * Remove support for Python 3.8 and PyPy 3.9. (#664)
+- Drop add-aki-to-child-certs.patch, merged upstream
+- Drop fix2038.patch, fixed upstream
+- Update BuildRequires from pyproject.toml
+
 -------------------------------------------------------------------
 Wed Aug 28 06:38:39 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
 
diff --git a/python-trustme.spec b/python-trustme.spec
index d3c1def..568c799 100644
--- a/python-trustme.spec
+++ b/python-trustme.spec
@@ -18,16 +18,14 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-trustme
-Version:        1.1.0
+Version:        1.2.0
 Release:        0
 Summary:        Fake CA provider for Python tests
 License:        Apache-2.0 OR MIT
 URL:            https://github.com/python-trio/trustme
 Source:         https://files.pythonhosted.org/packages/source/t/trustme/trustme-%{version}.tar.gz
-Patch0:         fix2038.patch
-# PATCH-FIX-UPSTREAM gh#python-trio/trustme#642
-Patch1:         add-aki-to-child-certs.patch
 BuildRequires:  %{python_module cryptography}
+BuildRequires:  %{python_module hatchling}
 BuildRequires:  %{python_module idna}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pyOpenSSL}
diff --git a/trustme-1.1.0.tar.gz b/trustme-1.1.0.tar.gz
deleted file mode 100644
index 48b1b9d..0000000
--- a/trustme-1.1.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5375ad7fb427074bec956592e0d4ee2a4cf4da68934e1ba4bcf4217126bc45e6
-size 29611
diff --git a/trustme-1.2.0.tar.gz b/trustme-1.2.0.tar.gz
new file mode 100644
index 0000000..cd49899
--- /dev/null
+++ b/trustme-1.2.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ed2264fb46c35459e6de9e454ed4bab73be44b6a2a26ad417f9b6854aebb644a
+size 26350