diff --git a/0008-xdg-open-safer-xdg-open-BR89130.patch b/0008-xdg-open-safer-xdg-open-BR89130.patch
new file mode 100644
index 0000000..7bf6c9d
--- /dev/null
+++ b/0008-xdg-open-safer-xdg-open-BR89130.patch
@@ -0,0 +1,114 @@
+From 13d9b0cac97e438bf7dc06452ee7fb3480907d88 Mon Sep 17 00:00:00 2001
+From: Rex Dieter <rdieter@math.unl.edu>
+Date: Fri, 20 Feb 2015 15:54:46 -0600
+Subject: [PATCH 8/8] xdg-open: safer xdg-open (BR89130)
+
+inspired by patch from Vincent Bernat <bernat@debian.org>
+---
+ ChangeLog           |  3 +++
+ scripts/xdg-open.in | 65 ++++++++++++++++++++++++++++++++---------------------
+ 2 files changed, 43 insertions(+), 25 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 9a01f82..0c0ab97 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,5 +1,8 @@
+ === xdg-utils 1.1.x ===
+ 
++2015-02-20 Rex Dieter <rdieter@fedoraproject.org>
++   * xdg-open: safer xdg-open (BR89130), inspired by patch from Vincent Bernat <bernat@debian.org>
++
+ 2015-01-19 Rex Dieter <rdieter@fedoraproject.org>
+    * xdg-open: better fix for command injection vulnerability (BR66670)
+    * xdg-open is extremely slow because get_key executes grep unnecessarily (BR88524)
+diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
+index ee2889e..074ba6f 100644
+--- a/scripts/xdg-open.in
++++ b/scripts/xdg-open.in
+@@ -161,7 +161,7 @@ search_desktop_file()
+ {
+     local default="$1"
+     local dir="$2"
+-    local arg="$3"
++    local target="$3"
+ 
+     local file=""
+     # look for both vendor-app.desktop, vendor/app.desktop
+@@ -174,34 +174,49 @@ search_desktop_file()
+     if [ -r "$file" ] ; then
+         command="$(get_key "${file}" "Exec" | first_word)"
+         command_exec=`which $command 2>/dev/null`
+-        arguments="$(get_key "${file}" "Exec" | last_word)"
+-        arg_one="`echo "$arg" | sed 's/[&*\\]/\\\\&/g'`"
+         icon="$(get_key "${file}" "Icon")"
+-        if [ "${icon}" != "" ]
+-        then
+-            icon="--icon '${icon}'"
+-        else
+-            icon="''"
+-        fi
+         # FIXME: Actually LC_MESSAGES should be used as described in
+         # http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
+-        localised_name="'$(get_key "${file}" "Name")'"
+-        arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
+-                                                  -e 's*%i*'"$icon"'*g' \
+-                                                  -e 's*%c*'"$localised_name"'*g')"
+-
+-        if [ -x "$command_exec" ] ; then
+-            if echo "$arguments" | grep -iq '%[fFuU]' ; then
+-                echo START "$command_exec" "$arguments_exec"
+-                eval "'$command_exec'" "'$arguments_exec'"
+-            else
+-                echo START "$command_exec" "$arguments_exec" "$arg"
+-                eval "'$command_exec'" "'$arguments_exec'" "'$arg'"
+-            fi
++        localised_name="$(get_key "${file}" "Name")"
++        set -- $(get_key "${file}" "Exec" | last_word)
++        # We need to replace any occurrence of "%f", "%F" and
++        # the like by the target file. We examine each
++        # argument and append the modified argument to the
++        # end then shift.
++        local args=$#
++        local replaced=0
++        while [ $args -gt 0 ]; do
++            case $1 in
++                %[c])
++                    replaced=1
++                    arg="${localised_name}"
++                    shift
++                    set -- "$@" "$arg"
++                    ;;
++                %[fFuU])
++                    replaced=1
++                    arg="$(echo $target | sed 's/[&*\\]/\\\\&/g')"
++                    shift
++                    set -- "$@" "$arg"
++                    ;;
++                %[i])
++                    replaced=1
++                    shift
++                    set -- "$@" "--icon" "$icon"
++                    ;;
++                *)
++                    arg="$1"
++                    shift
++                    set -- "$@" "$arg"
++                    ;;
++            esac
++            args=$(( $args - 1 ))
++        done
++        [ $replaced -eq 1 ] || set -- "$@" "$target"
++        "$command_exec" "$@"
+ 
+-            if [ $? -eq 0 ]; then
+-                exit_success
+-            fi
++        if [ $? -eq 0 ]; then
++            exit_success
+         fi
+     fi
+ 
+-- 
+1.9.3
+
diff --git a/xdg-utils.spec b/xdg-utils.spec
index 8eb0a4d..1d14c7c 100644
--- a/xdg-utils.spec
+++ b/xdg-utils.spec
@@ -4,7 +4,7 @@
 Summary: Basic desktop integration functions 
 Name:    xdg-utils
 Version: 1.1.0
-Release: 0.36.%{pre}%{?dist}
+Release: 0.37.%{pre}%{?dist}
 
 URL:     http://portland.freedesktop.org/ 
 %if 0%{?pre:1}
@@ -23,6 +23,7 @@ Patch4: 0004-xdg-screensaver-Change-screensaver_freedesktop-s-int.patch
 Patch5: 0005-xdg-open-better-fix-for-command-injection-vulnerabil.patch
 Patch6: 0006-xdg-open-Improve-performance-of-get_key-function.patch
 Patch7: 0007-Add-changelog-for-prior-commit.patch
+Patch8: 0008-xdg-open-safer-xdg-open-BR89130.patch
 
 # make sure BuildArch comes *after* patches, to ensure %%autosetup works right
 # http://bugzilla.redhat.com/1084309
@@ -97,6 +98,9 @@ make install DESTDIR=%{buildroot}
 
 
 %changelog
+* Fri Feb 20 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.37.rc3
+- xdg-open wrongly passes all command line arguments as one argument to e.g. okular on non Gnome desktops (#1191981)
+
 * Mon Jan 19 2015 Rex Dieter <rdieter@fedoraproject.org> 1.1.0-0.36.rc3
 - pull in upstream performance improvement (fdo#88524)