diff --git a/emacs-25.2-rc2.tar.xz b/emacs-25.2-rc2.tar.xz
deleted file mode 100644
index eac1289..0000000
--- a/emacs-25.2-rc2.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4f405314b427f9fdfc3fe89c3a062524156b23e07396427bb16d30ba1a8bf687
-size 43014244
diff --git a/emacs-25.2.tar.xz b/emacs-25.2.tar.xz
new file mode 100644
index 0000000..b8e754a
--- /dev/null
+++ b/emacs-25.2.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:59b55194c9979987c5e9f1a1a4ab5406714e80ffcfd415cc6b9222413bc073fa
+size 46900336
diff --git a/emacs.changes b/emacs.changes
index d8d8851..2fb8a3c 100644
--- a/emacs.changes
+++ b/emacs.changes
@@ -1,3 +1,46 @@
+-------------------------------------------------------------------
+Tue May  2 11:02:57 UTC 2017 - werner@suse.de
+
+- Add patch gnulib.git-94e01571.patch to fix CVE-2017-7476
+
+-------------------------------------------------------------------
+Wed Apr 26 07:33:45 UTC 2017 - werner@suse.de
+
+- Use socket activation to get dbus up before starting emacs 
+
+-------------------------------------------------------------------
+Tue Apr 25 14:51:25 UTC 2017 - werner@suse.de
+
+- Fix emacs.sh wrapper script to check modern dbus session (boo#1032759)
+
+-------------------------------------------------------------------
+Tue Apr 25 10:43:33 UTC 2017 - werner@suse.de
+
+- Update to emacs version 25.2 a bugfix release
+  * 'find-library', 'help-function-def' and 'help-variable-def' now run
+    'find-function-after-hook'.
+  * New basic face 'fixed-pitch-serif', for a fixed-width font with serifs.
+    The 'Info-quoted' and 'tex-verbatim' faces inherit from it by default.
+  * New variable 'use-default-font-for-symbols', for backward compatibility.
+    This variable allows you to get back pre-Emacs 25 behavior where the
+    font for displaying symbol and punctuation characters was always
+    selected according to your fontset setup.  By default, Emacs 25 tries
+    to use the default face's font for such characters, if it supports
+    them, disregarding the fontsets.  Set this variable to nil to disable
+    this and get back the old behavior.
+  * 'electric-quote-mode' is no longer suppressed in a buffer whose
+    coding system cannot represent curved quote characters.
+    Instead, users can deal with the unrepresentable characters in the
+    usual way when they save the buffer.
+  * New variable 'inhibit-compacting-font-caches'.
+    Set this variable to a non-nil value to speed up display of characters
+    using large fonts, at the price of a larger memory footprint.
+  * The version number of CC Mode has been changed from 5.33 to
+    5.32.99, although the software itself hasn't changed.  This aims to
+    reduce confusion with the standalone CC Mode 5.33 (available from
+    http://cc-mode.sourceforge.net), which is a more mature version than
+    the one included in Emacs 25.2.
+
 -------------------------------------------------------------------
 Wed Apr 12 09:25:13 UTC 2017 - pgajdos@suse.com
 
diff --git a/emacs.sh b/emacs.sh
index 5517cd7..529465b 100644
--- a/emacs.sh
+++ b/emacs.sh
@@ -78,7 +78,12 @@ if test -n "$dbusdaemon" ; then
 	    unset DBUS_SESSION_BUS_ADDRESS
 	    break
 	done
-	test -n "$dpid" || unset DBUS_SESSION_BUS_ADDRESS
+	if test -z "$dpid" ; then
+	    case ":$DBUS_SESSION_BUS_ADDRESS" in
+	    *:path=/run/user/${UID}/bus*) ;;
+	    *)  unset DBUS_SESSION_BUS_ADDRESS
+	    esac
+	fi
     fi
     # Find a valid dbus-daemon if active
     if test -z "$DBUS_SESSION_BUS_ADDRESS" ; then
@@ -90,6 +95,10 @@ if test -n "$dbusdaemon" ; then
 	    DBUS_SESSION_BUS_ADDRESS=${dadd#*=}
 	    export DBUS_SESSION_BUS_ADDRESS
 	done
+	if test -z "$DBUS_SESSION_BUS_ADDRESS" -a -S "${XDG_RUNTIME_DIR}/bus" ; then
+	    DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
+	    export DBUS_SESSION_BUS_ADDRESS
+	fi
     fi
     unset mid guid suid dadd
     # Oops ... no dbus-daemon then launch a new session
@@ -105,6 +114,12 @@ if test -n "$dbusdaemon" ; then
 	else
 	    arg0=emacs
 	fi
+    elif test -S "${XDG_RUNTIME_DIR}/bus" ; then
+	dbusupdate=$(type -p dbus-update-activation-environment 2>/dev/null)
+	dbusstatus=$(systemctl --user is-active dbus.service 2>/dev/null)
+	if test -n "$dbusupdate" -a "$dbusstatus" != active ; then
+	    $dbusupdate --systemd DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
+        fi
     fi
     unset dbuslaunch dbusdaemon
 fi
diff --git a/emacs.spec b/emacs.spec
index 52287ce..911e098 100644
--- a/emacs.spec
+++ b/emacs.spec
@@ -20,7 +20,7 @@
 %if %{suse_version} >= 1330
 %bcond_without  autoconf
 %endif
-# Experimental, not for production (see https://www.gnu.org/software/emacs/news/NEWS.25.1)
+# Experimental, not for production (see https://www.gnu.org/software/emacs/news/NEWS.25.2)
 %bcond_with     cairo
 
 Name:           emacs
@@ -103,8 +103,7 @@ Obsoletes:      nxml-mode < 20041004
 Provides:       epg = 1.0.0
 Obsoletes:      epg < 1.0.0
 Requires(pre):  fileutils
-#Source:         ftp://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
-Source:         ftp://alpha.gnu.org/gnu/emacs/pretest/emacs-%{version}-rc2.tar.xz
+Source:         ftp://ftp.gnu.org/gnu/emacs/emacs-%{version}.tar.xz
 Source1:        app-defaults.Emacs
 Source2:        site-lisp.tar.bz2
 Source3:        dot.gnu-emacs
@@ -128,6 +127,8 @@ Patch23:        emacs-25.1-custom-fonts.patch
 # but that is because we ship /usr/include/ImageMagick-7/wand compat
 # symlink
 Patch24:        emacs-25.2-ImageMagick7.patch
+# PATCH-FIX-UPSTREAM-GNULIB CVE-2017-7476
+Patch25:        gnulib.git-94e01571.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{expand: %%global include_info %(test -s /usr/share/info/info.info* && echo 0 || echo 1)}
@@ -241,8 +242,9 @@ and most assembler-like syntaxes.
 %patch16 -p0 -b .flyspell
 %patch22 -p0 -b .obsolate
 %patch23 -p0 -b .custfnt
-%patch   -p0 -b .0
 %patch24 -p1
+%patch25 -p0
+%patch   -p0 -b .0
 
 %if %{without autoconf}
 # We don't want to run autoconf
@@ -380,6 +382,7 @@ DESKTOP="--with-x \
 %else
 	 --with-x-toolkit=gtk2 \
 %endif
+	 --with-toolkit-scroll-bars \
 	 --x-includes=%{_x11inc} \
 	 --x-libraries=%{_x11lib} \
 	 --with-libotf \
@@ -390,6 +393,7 @@ DESKTOP="--with-x \
 "
     X11="${DESKTOP} \
 	 --with-x-toolkit=lucid \
+	 --with-toolkit-scroll-bars \
 	 --x-includes=%{_x11inc} \
 	 --x-libraries=%{_x11lib}:%{_x11data} \
 	 --without-libotf \
diff --git a/gnulib.git-94e01571.patch b/gnulib.git-94e01571.patch
new file mode 100644
index 0000000..ed71415
--- /dev/null
+++ b/gnulib.git-94e01571.patch
@@ -0,0 +1,85 @@
+From 94e01571507835ff59dd8ce2a0b56a4b566965a4 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
+Date: Mon, 24 Apr 2017 01:43:36 -0700
+Subject: [PATCH] time_rz: fix heap buffer overflow vulnerability
+
+This issue has been assigned CVE-2017-7476 and was
+detected with American Fuzzy Lop 2.41b run on the
+coreutils date(1) program with ASAN enabled.
+
+  ERROR: AddressSanitizer: heap-buffer-overflow on address 0x...
+  WRITE of size 8 at 0x60d00000cff8 thread T0
+  #1 0x443020 in extend_abbrs lib/time_rz.c:88
+  #2 0x443356 in save_abbr lib/time_rz.c:155
+  #3 0x44393f in localtime_rz lib/time_rz.c:290
+  #4 0x41e4fe in parse_datetime2 lib/parse-datetime.y:1798
+
+A minimized reproducer is the following 120 byte TZ value,
+which goes beyond the value of ABBR_SIZE_MIN (119) on x86_64.
+Extend the aa...b portion to overwrite more of the heap.
+
+  date -d $(printf 'TZ="aaa%020daaaaaab%089d"')
+
+localtime_rz and mktime_z were affected since commit 4bc76593.
+parse_datetime was affected since commit 4e6e16b3f.
+
+* lib/time_rz.c (save_abbr): Rearrange the calculation determining
+whether there is enough buffer space available.  The rearrangement
+ensures we're only dealing with positive numbers, thus avoiding
+the problematic promotion of signed to unsigned causing an invalid
+comparison when zone_copy is more than ABBR_SIZE_MIN bytes beyond
+the start of the buffer.
+* tests/test-parse-datetime.c (main): Add a test case written by
+Paul Eggert, which overwrites enough of the heap so that
+standard glibc will fail with "free(): invalid pointer"
+without the patch applied.
+Reported and analyzed at https://bugzilla.redhat.com/1444774
+---
+ lib/time_rz.c |   15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+--- lib/time_rz.c
++++ lib/time_rz.c	2017-05-02 11:00:09.386018503 +0000
+@@ -27,6 +27,7 @@
+ #include <time.h>
+ 
+ #include <errno.h>
++#include <limits.h>
+ #include <stdbool.h>
+ #include <stddef.h>
+ #include <stdlib.h>
+@@ -34,6 +35,10 @@
+ 
+ #include "time-internal.h"
+ 
++#ifndef SIZE_MAX
++# define SIZE_MAX ((size_t) -1)
++#endif
++
+ #if !HAVE_TZSET
+ static void tzset (void) { }
+ #endif
+@@ -42,7 +47,7 @@ static void tzset (void) { }
+    the largest "small" request for the GNU C library malloc.  */
+ enum { DEFAULT_MXFAST = 64 * sizeof (size_t) / 4 };
+ 
+-/* Minimum size of the ABBRS member of struct abbr.  ABBRS is larger
++/* Minimum size of the ABBRS member of struct tm_zone.  ABBRS is larger
+    only in the unlikely case where an abbreviation longer than this is
+    used.  */
+ enum { ABBR_SIZE_MIN = DEFAULT_MXFAST - offsetof (struct tm_zone, abbrs) };
+@@ -149,7 +154,13 @@ save_abbr (timezone_t tz, struct tm *tm)
+           if (! (*zone_copy || (zone_copy == tz->abbrs && tz->tz_is_set)))
+             {
+               size_t zone_size = strlen (zone) + 1;
+-              if (zone_size < tz->abbrs + ABBR_SIZE_MIN - zone_copy)
++              size_t zone_used = zone_copy - tz->abbrs;
++              if (SIZE_MAX - zone_used < zone_size)
++                {
++                  errno = ENOMEM;
++                  return false;
++                }
++              if (zone_used + zone_size < ABBR_SIZE_MIN)
+                 extend_abbrs (zone_copy, zone, zone_size);
+               else
+                 {