diff --git a/.gitignore b/.gitignore
index 1dc4941..e4fd554 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,4 @@
 /MapServer-7.6.4.tar.gz
 /MapServer-8.0.0.tar.gz
 /MapServer-8.0.1.tar.gz
+/MapServer-8.2.1.tar.gz
diff --git a/f202bd52b35c82508555af722a8ad0f04910c403.patch b/f202bd52b35c82508555af722a8ad0f04910c403.patch
new file mode 100644
index 0000000..cdef9e5
--- /dev/null
+++ b/f202bd52b35c82508555af722a8ad0f04910c403.patch
@@ -0,0 +1,54 @@
+From f202bd52b35c82508555af722a8ad0f04910c403 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 9 Jul 2024 23:34:35 +0200
+Subject: [PATCH] mappostgresql.c: avoid potential invalid use of strcpy()
+
+---
+ src/mappostgresql.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/mappostgresql.c b/src/mappostgresql.c
+index f474650e35..deadbd8a60 100644
+--- a/src/mappostgresql.c
++++ b/src/mappostgresql.c
+@@ -308,14 +308,18 @@ int msPOSTGRESQLJoinNext(joinObj *join) {
+     for (i = 0; i < join->numitems; i++) {
+       length += 8 + strlen(join->items[i]) + 2;
+     }
++    if (length > 1024 * 1024) {
++      msSetError(MS_MEMERR, "Too many joins.\n", "msPOSTGRESQLJoinNext()");
++      return MS_FAILURE;
++    }
+ 
+-    columns = (char *)malloc(length);
++    columns = (char *)malloc(length + 1);
+     if (!columns) {
+       msSetError(MS_MEMERR, "Failure to malloc.\n", "msPOSTGRESQLJoinNext()");
+       return MS_FAILURE;
+     }
+ 
+-    strcpy(columns, "");
++    columns[0] = 0;
+     for (i = 0; i < join->numitems; i++) {
+       strcat(columns, "\"");
+       strcat(columns, join->items[i]);
+@@ -326,14 +330,15 @@ int msPOSTGRESQLJoinNext(joinObj *join) {
+     }
+ 
+     /* Create the query string. */
+-    sql = (char *)malloc(26 + strlen(columns) + strlen(join->table) +
+-                         strlen(join->to) + strlen(joininfo->from_value));
++    const size_t nSize = 26 + strlen(columns) + strlen(join->table) +
++                         strlen(join->to) + strlen(joininfo->from_value);
++    sql = (char *)malloc(nSize);
+     if (!sql) {
+       msSetError(MS_MEMERR, "Failure to malloc.\n", "msPOSTGRESQLJoinNext()");
+       return MS_FAILURE;
+     }
+-    sprintf(sql, "SELECT %s FROM %s WHERE %s = '%s'", columns, join->table,
+-            join->to, joininfo->from_value);
++    snprintf(sql, nSize, "SELECT %s FROM %s WHERE %s = '%s'", columns,
++             join->table, join->to, joininfo->from_value);
+     if (joininfo->layer_debug) {
+       msDebug("msPOSTGRESQLJoinNext(): executing %s.\n", sql);
+     }
diff --git a/mapserver.spec b/mapserver.spec
index 2e575e9..e7e3200 100644
--- a/mapserver.spec
+++ b/mapserver.spec
@@ -1,9 +1,9 @@
-%global ini_name 40-mapserver.ini
+%global ini_name 39-mapserver.ini
 %global project_owner MapServer
 %global project_name MapServer
-# MapServer should support Python 3 but still builds with Python 2.
-# This should be investigated.
+
 %global python_mapscript 1
+%global srcname mapscript
 
 %ifarch %{java_arches}
 %bcond_without java
@@ -23,8 +23,8 @@
 
 
 Name:           mapserver
-Version:        8.0.1
-Release:        18%{?dist}
+Version:        8.2.1
+Release:        1%{?dist}
 Summary:        Environment for building spatially-enabled internet applications
 %global dashver %(echo %version | sed 's|\\.|-|g')
 
@@ -32,12 +32,12 @@ License:        MIT
 URL:            http://www.mapserver.org
 
 Source0:        https://github.com/%{project_owner}/%{project_name}/archive/rel-%{dashver}/%{project_name}-%{version}.tar.gz
-# Avoid implicit declarations of strlcat
-Patch0:         mapserver-implicit-declarations.patch
-# https://github.com/MapServer/MapServer/pull/6975
-# Fix build with libxml2 2.12.0
-Patch1:         mapserver-pr6975-libxml2-2_12_0.patch
-Patch2: mapserver-c99.patch
+
+
+## Upstream patches
+# mappostgresql.c: avoid potential invalid use of strcpy()
+Patch1001:      f202bd52b35c82508555af722a8ad0f04910c403.patch
+
 Requires:       httpd
 Requires:       dejavu-sans-fonts
 
@@ -238,14 +238,20 @@ export CXXFLAGS="%{optflags} -fno-strict-aliasing"
 %install
 %cmake_install
 
+# cmake tries to invoke pip and download things. we'll just use setuptools.
+mkdir -p %{buildroot}%{python3_sitearch}
+pushd redhat-linux-build/src/mapscript/python
+%py3_install
+popd
+
 mkdir -p %{buildroot}%{_datadir}/%{name}
-install -p -m 644 xmlmapfile/mapfile.xsd %{buildroot}%{_datadir}/%{name}
-install -p -m 644 xmlmapfile/mapfile.xsl %{buildroot}%{_datadir}/%{name}
+install -p -m 644 src/xmlmapfile/mapfile.xsd %{buildroot}%{_datadir}/%{name}
+install -p -m 644 src/xmlmapfile/mapfile.xsl %{buildroot}%{_datadir}/%{name}
 
 %if %{with java}
 # install java
 mkdir -p %{buildroot}%{_javadir}
-install -p -m 644 %{_vpath_builddir}/mapscript/java/mapscript.jar %{buildroot}%{_javadir}/
+install -p -m 644 %{_vpath_builddir}/src/mapscript/java/mapscript.jar %{buildroot}%{_javadir}/
 %endif
 
 %if %{with php}
@@ -258,7 +264,7 @@ EOF
 %endif
 
 # Install sample config file as %%doc
-rm %{buildroot}%{_sysconfdir}/mapserver-sample.conf
+rm %{buildroot}%{_usr}/%{_sysconfdir}/mapserver-sample.conf
 
 
 %files
@@ -289,41 +295,54 @@ rm %{buildroot}%{_sysconfdir}/mapserver-sample.conf
 
 %if %{with php}
 %files -n php-%{name}
+%doc src/mapscript/php/README.md
 %config(noreplace) %{php_inidir}/%{ini_name}
+
+# this is only installed when swig < 4.0.2 https://github.com/MapServer/MapServer/blob/25ef061bec310773511eb84ef03f4a91e0f5a081/src/mapscript/phpng/CMakeLists.txt#L86
+%if ! 0%{?fedora} && 0%{?rhel} < 10
+%{php_extdir}/mapscript.php
+%endif
+
 %{php_extdir}/php_mapscriptng.so
 %endif
+# end php-mapcache
 
 %files perl
 %doc README.md
-%doc mapscript/perl/examples
+%doc src/mapscript/perl/examples
 %dir %{perl_vendorarch}/auto/mapscript
 %{perl_vendorarch}/auto/mapscript/*
 %{perl_vendorarch}/mapscript.pm
 
 %if 0%{python_mapscript}
 %files -n python3-mapserver
-%doc mapscript/python/README.rst
-%doc mapscript/python/examples
-%doc mapscript/python/tests
+%doc src/mapscript/python/README.rst
+%doc src/mapscript/python/examples
+%doc src/mapscript/python/tests
 %{python3_sitearch}/*mapscript*
 %endif
 
 %if %{with java}
 %files java
-%doc mapscript/java/README
-%doc mapscript/java/examples
-%doc mapscript/java/tests
+%doc src/mapscript/java/README
+%doc src/mapscript/java/examples
+%doc src/mapscript/java/tests
 %{_javadir}/*.jar
 %{_libdir}/libjavamapscript.so
 %endif
 
 %files ruby
-%doc mapscript/ruby/README
-%doc mapscript/ruby/examples
+%doc src/mapscript/ruby/README
+%doc src/mapscript/ruby/examples
+%doc mapserver-ruby/README
+%doc mapserver-ruby/examples
 %{ruby_sitearchdir}/mapscript.so
 
-
 %changelog
+* Tue Aug 20 2024 Neil Hanlon <neil@shrug.pw> - 8.2.1-1
+- update to 8.2.1
+- bring in patch for zero-size malloc and buffer overflow
+
 * Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.1-18
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
 
diff --git a/sources b/sources
index 83cfd3c..6fa323d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (MapServer-8.0.1.tar.gz) = 2382f8db5f98c14895e90dad5cb6aee63d39e020ec95bee7e574f364d35e9a2e03c4d943c8e3776e240e38e323f120b97ec0cfad3e38eb0a406d154c84c350f8
+SHA512 (MapServer-8.2.1.tar.gz) = e00b1d612ce9da047a2d1d26ce970bd07c73ce4fcffa7e59af35ff668fddef2f5d4fb2e350ba374658ae4ab7645eee1b18b4ee958e8d325b4edb349d0b12e8b2