diff --git a/.gitignore b/.gitignore
index a261d6f..c2ba537 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,7 @@
 /urllib3-1.21.1.tar.gz
 /urllib3-1.22.tar.gz
 /urllib3-1.23.tar.gz
+/urllib3-1.24.tar.gz
+/urllib3-1.24.1.tar.gz
+/urllib3-1.24.2.tar.gz
+/urllib3-1.24.3.tar.gz
diff --git a/1645.patch b/1645.patch
new file mode 100644
index 0000000..41f7435
--- /dev/null
+++ b/1645.patch
@@ -0,0 +1,31 @@
+From 19b02fee383647ede591c0368e6ac437c832b871 Mon Sep 17 00:00:00 2001
+From: Seth Michael Larson <sethmichaellarson@gmail.com>
+Date: Tue, 2 Jul 2019 23:08:27 -0500
+Subject: [PATCH] Update RECENT_DATE to 2019-1-1
+
+---
+ src/urllib3/connection.py | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py
+index 57c58fe..96f5d28 100644
+--- a/src/urllib3/connection.py
++++ b/src/urllib3/connection.py
+@@ -56,11 +56,9 @@ port_by_scheme = {
+     'https': 443,
+ }
+ 
+-# When updating RECENT_DATE, move it to within two years of the current date,
+-# and not less than 6 months ago.
+-# Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or
+-# after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months)
+-RECENT_DATE = datetime.date(2017, 6, 30)
++# When it comes time to update this value as a part of regular maintenance
++# (ie test_recent_date is failing) update it to ~6 months before the current date.
++RECENT_DATE = datetime.date(2019, 1, 1)
+ 
+ 
+ class DummyConnection(object):
+-- 
+2.21.0
+
diff --git a/python-urllib3.spec b/python-urllib3.spec
index 4b876b2..caf54d8 100644
--- a/python-urllib3.spec
+++ b/python-urllib3.spec
@@ -4,17 +4,21 @@
 %bcond_without tests
 
 Name:           python-%{srcname}
-Version:        1.23
-Release:        4%{?dist}
+Version:        1.24.3
+Release:        2%{?dist}
 Summary:        Python HTTP library with thread-safe connection pooling and file post
 
 License:        MIT
-URL:            https://github.com/shazow/urllib3
+URL:            https://github.com/urllib3/urllib3
 Source0:        %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz
-# Used with Python 3.5+
+# Unbundle ssl_match_hostname since we depend on it
 Source1:        ssl_match_hostname_py3.py
 BuildArch:      noarch
 
+# Merged upstream, set RECENT_DATE not to be older than 2 years
+# https://bugzilla.redhat.com/show_bug.cgi?id=1727796
+Patch0:         1645.patch
+
 %description
 Python HTTP module with connection pooling and file POST abilities.
 
@@ -34,6 +38,7 @@ Requires:       python2-pysocks
 
 BuildRequires:  python2-devel
 %if %{with tests}
+BuildRequires:  python2-backports-ssl_match_hostname
 BuildRequires:  python2-nose
 BuildRequires:  python2-nose-exclude
 BuildRequires:  python2-coverage
@@ -70,7 +75,7 @@ Python3 HTTP module with connection pooling and file POST abilities.
 
 
 %prep
-%setup -q -n %{srcname}-%{version}
+%autosetup -p1 -n %{srcname}-%{version}
 # Drop the dummyserver tests in koji.  They fail there in real builds, but not
 # in scratch builds (weird).
 rm -rf test/with_dummyserver/
@@ -80,6 +85,10 @@ rm -rf test/appengine/
 # to do with Fedora in particular. They don't fail in upstream build infrastructure
 rm -rf test/contrib/
 
+# Tests for Python built without SSL, but Fedora builds with SSL. These tests
+# fail when combined with the unbundling of backports-ssl_match_hostname
+rm -f test/test_no_ssl.py
+
 %build
 %py2_build
 %py3_build
@@ -94,11 +103,11 @@ rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py*
 rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname/
 
 mkdir -p %{buildroot}/%{python2_sitelib}/urllib3/packages/
-ln -s ../../six.py %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py
-ln -s ../../six.pyc %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyc
-ln -s ../../six.pyo %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyo
-
-ln -s ../../backports/ssl_match_hostname %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname
+ln -s %{python2_sitelib}/six.py %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py
+ln -s %{python2_sitelib}/six.pyc %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyc
+ln -s %{python2_sitelib}/six.pyo %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyo
+ln -s %{python2_sitelib}/backports/ssl_match_hostname \
+      %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname
 
 # Unbundle the Python 3 build
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py*
@@ -106,19 +115,20 @@ rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six*
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/
 
 mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/
-ln -s ../../six.py %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py
-ln -s ../../../__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
-ln -s ../../../__pycache__/six.cpython-%{python3_version_nodots}.pyc %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
-# urllib3 requires Python 3.5 to use the standard library's match_hostname,
-# which we ship in Fedora 26, so we can safely replace the bundled version with
-# this stub which imports the necessary objects.
-cp %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py
+cp -a %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py
+ln -s %{python3_sitelib}/six.py %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py
+ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc \
+      %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
+ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \
+      %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
 
 
 %if %{with tests}
 %check
-py.test
-py.test-3
+pushd test
+PYTHONPATH=%{buildroot}%{python2_sitelib}:%{python2_sitelib} %{__python2} -m pytest -v
+PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pytest -v
+popd
 %endif
 
 
@@ -137,6 +147,21 @@ py.test-3
 
 
 %changelog
+* Mon Jul 08 2019 Miro Hrončok <mhroncok@redhat.com> - 1.24.3-2
+- Set RECENT_DATE not to be older than 2 years (#1727796)
+
+* Tue May 28 2019 Jeremy Cline <jcline@redhat.com> - 1.24.3-1
+- Update to 1.24.3 (fixes CVE-2019-9740)
+
+* Wed Apr 17 2019 Jeremy Cline <jcline@redhat.com> - 1.24.2-1
+- Update to v1.24.2
+
+* Tue Nov 13 2018 Jeremy Cline <jeremy@jcline.org> - 1.24.1-2
+- Adjust unbundling of ssl_match_hostname
+
+* Mon Oct 29 2018 Jeremy Cline <jeremy@jcline.org> - 1.24.1-1
+- Update to v1.24.1
+
 * Wed Jun 20 2018 Lumír Balhar <lbalhar@redhat.com> - 1.23-4
 - Removed unneeded dependency python[23]-psutil
 
diff --git a/sources b/sources
index 392513e..a7a2545 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (urllib3-1.23.tar.gz) = 1d9eccdd2f939a1029fb6e49c45409b3a493f38b5880bba45a6e8a8088c0478190807b1fe7341b22abe363809ef41c5367de831de9618bcc62f34cb9f0cbc7af
+SHA512 (urllib3-1.24.3.tar.gz) = d535fb90cb1f0880f3c170af25ff7c2b5c383e74df8a04781df518e46abd3342699fa295b36649849a95223404980e150ef62489f857b5c38ae98759f9d32221