diff --git a/.gitignore b/.gitignore
index e41cca4..7468eb9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ quagga-0.99.17.tar.gz
 /quagga-0.99.19.tar.gz
 /quagga-0.99.20.tar.gz
 /quagga-0.99.20.1.tar.gz
+/quagga-0.99.22.tar.xz
diff --git a/quagga-CVE-2012-1820.patch b/quagga-CVE-2012-1820.patch
deleted file mode 100644
index aae2d7b..0000000
--- a/quagga-CVE-2012-1820.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-@@ -, +, @@ 
-    bgpd: CVE-2012-1820, DoS in bgp_capability_orf()
-    
-    An ORF (code 3) capability TLV is defined to contain exactly one
-    AFI/SAFI block. Function bgp_capability_orf(), which parses ORF
-    capability TLV, uses do-while cycle to call its helper function
-    bgp_capability_orf_entry(), which actually processes the AFI/SAFI data
-    block. The call is made at least once and repeated as long as the input
-    buffer has enough data for the next call.
-    
-    The helper function, bgp_capability_orf_entry(), uses "Number of ORFs"
-    field of the provided AFI/SAFI block to verify, if it fits the input
-    buffer. However, the check is made based on the total length of the ORF
-    TLV regardless of the data already consumed by the previous helper
-    function call(s). This way, the check condition is only valid for the
-    first AFI/SAFI block inside an ORF capability TLV.
-    
-    For the subsequent calls of the helper function, if any are made, the
-    check condition may erroneously tell, that the current "Number of ORFs"
-    field fits the buffer boundary, where in fact it does not. This makes it
-    possible to trigger an assertion by feeding an OPEN message with a
-    specially-crafted malformed ORF capability TLV.
-    
-    This commit fixes the vulnerability by making the implementation follow
-    the spec.
---- a/bgpd/bgp_open.c	
-+++ a/bgpd/bgp_open.c	
-@@ -231,7 +231,7 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
-     }
-   
-   /* validate number field */
--  if (sizeof (struct capability_orf_entry) + (entry.num * 2) > hdr->length)
-+  if (sizeof (struct capability_orf_entry) + (entry.num * 2) != hdr->length)
-     {
-       zlog_info ("%s ORF Capability entry length error,"
-                  " Cap length %u, num %u",
-@@ -335,28 +335,6 @@ bgp_capability_orf_entry (struct peer *peer, struct capability_header *hdr)
- }
- 
- static int
--bgp_capability_orf (struct peer *peer, struct capability_header *hdr)
--{
--  struct stream *s = BGP_INPUT (peer);
--  size_t end = stream_get_getp (s) + hdr->length;
--  
--  assert (stream_get_getp(s) + sizeof(struct capability_orf_entry) <= end);
--  
--  /* We must have at least one ORF entry, as the caller has already done
--   * minimum length validation for the capability code - for ORF there must
--   * at least one ORF entry (header and unknown number of pairs of bytes).
--   */
--  do
--    {
--      if (bgp_capability_orf_entry (peer, hdr) == -1)
--        return -1;
--    } 
--  while (stream_get_getp(s) + sizeof(struct capability_orf_entry) < end);
--  
--  return 0;
--}
--
--static int
- bgp_capability_restart (struct peer *peer, struct capability_header *caphdr)
- {
-   struct stream *s = BGP_INPUT (peer);
-@@ -573,7 +551,7 @@ bgp_capability_parse (struct peer *peer, size_t length, int *mp_capability,
-             break;
-           case CAPABILITY_CODE_ORF:
-           case CAPABILITY_CODE_ORF_OLD:
--            if (bgp_capability_orf (peer, &caphdr))
-+            if (bgp_capability_orf_entry (peer, &caphdr))
-               return -1;
-             break;
-           case CAPABILITY_CODE_RESTART:
diff --git a/quagga.spec b/quagga.spec
index 3acb4dd..d1ffef1 100644
--- a/quagga.spec
+++ b/quagga.spec
@@ -31,8 +31,8 @@
 
 Summary:    Routing daemon
 Name:       quagga
-Version:    0.99.21
-Release:    5%{?dist}
+Version:    0.99.22
+Release:    1%{?dist}
 License:    GPLv2+
 Group:      System Environment/Daemons
 Source0:    http://www.quagga.net/download/%{name}-%{version}.tar.xz
@@ -70,8 +70,6 @@ Requires(postun): systemd-units
 Provides:	routingdaemon = %{version}-%{release}
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-Patch0: quagga-CVE-2012-1820.patch
-
 %description
 Quagga is free software that operates TCP/IP-based routing protocols. It takes
 a multi-server and multi-threaded approach to resolving the current complexity
@@ -115,8 +113,6 @@ developing OSPF-API and quagga applications.
 %prep
 %setup  -q
 
-%patch0 -p1 -b .CVE-2012-1820
-
 %build
 # FC5+ automatic -fstack-protector-all switch
 export RPM_OPT_FLAGS=${RPM_OPT_FLAGS//-fstack-protector/-fstack-protector-all}
@@ -133,7 +129,7 @@ export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS -fno-strict-aliasing"
 	--enable-isisd=yes \
 %endif
 %if %with_snmp
-	--enable-snmp=yes \
+	--enable-snmp=agentx \
 %endif
 %if %with_multipath
 	--enable-multipath=%with_multipath \
@@ -436,6 +432,11 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Feb 20 2013 Adam Tkac <atkac redhat com> - 0.99.22-1
+- update to 0.99.22
+- quagga-CVE-2012-1820.patch has been merged
+- explicitly enable SMNP AgentX interface
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.99.21-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
diff --git a/sources b/sources
index 14baba9..f050aeb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-0980758b1865b9aa0c60975120bf3453  quagga-0.99.21.tar.xz
+0a8b01d01a1e02a7a6ec90a781fb774c  quagga-0.99.22.tar.xz