diff --git a/strongswan-5.1.2.tar.bz2 b/strongswan-5.1.2.tar.bz2
deleted file mode 100644
index d02220c..0000000
--- a/strongswan-5.1.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fb4c3066461dade176408840edbc9d830255f4816b0991baebbbedee501fddd6
-size 3767546
diff --git a/strongswan-5.1.2.tar.bz2.sig b/strongswan-5.1.2.tar.bz2.sig
deleted file mode 100644
index c125964..0000000
--- a/strongswan-5.1.2.tar.bz2.sig
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQGcBAABAgAGBQJTEEhjAAoJEN9CwXCzTbp3joQL/27auKbdX8nu/2qtGthWRP9M
-l41/eUZ9hC8K4BO4Td/NCHYBarmvvSe4JNcXJtPmW71DS/8MlOIHJlx4Fti3TZA0
-t/C2IZ61ipGhaWEjEPzFN3NjgCqV4cDdIZsn/a7Z5IkL/4BOuH3snkjVAwc5eZy1
-sZX883XvKHrtnfzkufjoIeGhezzriGxyxCS2QpYUjlM28Ub2nIsGm2lijxL1Ni30
-7e57CXILZZxnMIXH0/B2eUJBd3H0xhBZ5Ub4CLz8oRH8d901IG2g7bZ/FLzNqTnK
-pyrOqGc+F9YKphV099WmLx0iGyfv+3e4KVKEkFU+v8bGvT5i8ZBxomchult1vqVG
-6EfMC1N6/aj9MGKlIDVk0jpdZj9gcgSyKY6CQem7RYUn5a7pO7/KWzwpv5hajneU
-q+EXnvjNVmdQtE4aDEat5znRGxD8d71PH1yUjGpqT+yMt2Flr+FW6vlvyfZu0mod
-+innw2wiOc9jC77lkn4KPYVKXasRiyCJJsTkXDGjiw==
-=O9SH
------END PGP SIGNATURE-----
diff --git a/strongswan-5.1.2-rpmlintrc b/strongswan-5.1.3-rpmlintrc
similarity index 100%
rename from strongswan-5.1.2-rpmlintrc
rename to strongswan-5.1.3-rpmlintrc
diff --git a/strongswan-5.1.3.tar.bz2 b/strongswan-5.1.3.tar.bz2
new file mode 100644
index 0000000..b52ba2d
--- /dev/null
+++ b/strongswan-5.1.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:84e46d5ce801e1b874e2bfba8d21dbd78b432e23b7fb1f4f2d637359e7a183a8
+size 3807212
diff --git a/strongswan-5.1.3.tar.bz2.sig b/strongswan-5.1.3.tar.bz2.sig
new file mode 100644
index 0000000..7884d97
--- /dev/null
+++ b/strongswan-5.1.3.tar.bz2.sig
@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQGcBAABAgAGBQJTS9jUAAoJEN9CwXCzTbp3E3cMAJuQv7IsG5XDNQB/Wcb66hLQ
+2DSZN2zXRI2Ku5ONXDqnzCzyGRO84SOsGVzX9AQTHactr29B0n9rZxSCKZrm+ZRX
+lMKu6UNsS+jSKhXkXfmDSilFnM7ap7tAlFUuH/7uz8LcG34643W5BOJH0oMq7Rx3
+WN/7/TbrYf1aE0s3C8tcJXc5OghkvAfsE0jBPWhwT7dwi5eczluPMyYYdGxg8zNP
+LdBdoHTfnFRnMcL18SGwUYl09hj2YkZMoo+2Qt4I6WNy3yIINRIQluPSl2f91HHG
+VXyzGLpC3W63WYxXhPmjdmkpaT9+kulF6WVhgt3i6VMOv6nSNitHs5/X0W6N5xuX
+BhPmJRFmT0Oej3MJVxSKqUy89Ny3DyRmai5bERAFe+FOt9HN1UWqpK+qYFI+YQw/
+dMS9kviW2UhSq4BM9F9F+QrL66Bz0gc5+jXolm971FII62cV4i6n9U6veGPY9qkg
++Jcn6XpKOe2JXLsIeIMQgc0GitIaEHq/zdST/pn2Gw==
+=NZ/K
+-----END PGP SIGNATURE-----
diff --git a/strongswan.changes b/strongswan.changes
index 9af74ca..bd931f5 100644
--- a/strongswan.changes
+++ b/strongswan.changes
@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Apr 14 23:36:07 UTC 2014 - mt@suse.de
+
+- Updated to strongSwan 5.1.3 providing the following changes:
+  - Fixed an authentication bypass vulnerability triggered by rekeying
+    an unestablished IKEv2 SA while it gets actively initiated. This
+    allowed an attacker to trick a peer's IKE_SA state to established,
+    without the need to provide any valid authentication credentials.
+    (CVE-2014-2338, bnc#870572).
+  - The acert plugin evaluates X.509 Attribute Certificates. Group
+    membership information encoded as strings can be used to fulfill
+    authorization checks defined with the rightgroups option.
+    Attribute Certificates can be loaded locally or get exchanged in
+    IKEv2 certificate payloads.
+  - The pki command gained support to generate X.509 Attribute
+    Certificates using the --acert subcommand, while the --print
+    command supports the ac type. The openac utility has been removed
+    in favor of the new pki functionality.
+  - The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other
+    protocols has been extended by AEAD mode support, currently limited
+    to AES-GCM.
+  - Fixed an issue where CRL/OCSP trustchain validation broke enforcing
+    CA constraints
+  - Limited OCSP signing to specific certificates to improve performance
+  - authKeyIdentifier is not added to self-signed certificates anymore
+  - Fixed the comparison of IKE configs if only the cipher suites were
+    different
+
 -------------------------------------------------------------------
 Mon Apr 14 07:43:37 UTC 2014 - mt@suse.de
 
diff --git a/strongswan.spec b/strongswan.spec
index e526215..50c6f26 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -17,14 +17,14 @@
 
 
 Name:           strongswan
-Version:        5.1.2
+Version:        5.1.3
 Release:        0
 %define         upstream_version     %{version}
 %define         strongswan_docdir    %{_docdir}/%{name}
 %define         strongswan_libdir    %{_libdir}/ipsec
-%define         strongswan_plugins   %{strongswan_libdir}/plugins
 %define         strongswan_configs   %{_sysconfdir}/strongswan.d
 %define         strongswan_datadir   %{_datadir}/strongswan
+%define         strongswan_plugins   %{strongswan_libdir}/plugins
 %define         strongswan_templates %{strongswan_datadir}/templates
 %if 0
 %bcond_without  tests
@@ -437,7 +437,6 @@ fi
 %{_libexecdir}/ipsec/_updown_espmark
 %{_libexecdir}/ipsec/conftest
 %{_libexecdir}/ipsec/duplicheck
-%{_libexecdir}/ipsec/openac
 %{_libexecdir}/ipsec/pool
 %{_libexecdir}/ipsec/pt-tls-client
 %{_libexecdir}/ipsec/scepclient
@@ -462,7 +461,6 @@ fi
 %{strongswan_docdir}/ChangeLog
 %{_mandir}/man8/_updown.8*
 %{_mandir}/man8/_updown_espmark.8*
-%{_mandir}/man8/openac.8*
 %{_mandir}/man8/scepclient.8*
 
 %files libs0