diff --git a/.abf.yml b/.abf.yml
index d9e788d..2d13e24 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,6 +1,6 @@
 ---
 sources:
-  crypt_blowfish-1.0.2.tar.gz: e83e798528e72695e610e2a6419b57272d00fa0b
+  crypt_blowfish-1.2.tar.gz: 306ff83af206fac786900ce5e4800516cae909d9
   glibc-2.13.tar.xz: 38e7d510b41a2c36eb392c79eb5c80e0ec35a7f2
   glibc-2.13.tar.xz.sig: c7953c5c032a3394af6711c21ee8972500f5667d
   glibc-manpages.tar.bz2: ca54bfb832b703c8e35170fcc1c1f5470b45ff0f
diff --git a/glibc-2.11.1-CVE-2011-1089.diff b/glibc-2.11.1-CVE-2011-1089.diff
new file mode 100644
index 0000000..d150002
--- /dev/null
+++ b/glibc-2.11.1-CVE-2011-1089.diff
@@ -0,0 +1,17 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=688980
+http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
+
+--- misc/mntent_r.c	2011-11-25 13:33:42.000000000 +0000
++++ misc/mntent_r.c.oden	2011-11-25 13:33:38.000000000 +0000
+@@ -263,8 +263,8 @@ __addmntent (FILE *stream, const struct
+ 		   mntcopy.mnt_type,
+ 		   mntcopy.mnt_opts,
+ 		   mntcopy.mnt_freq,
+-		   mntcopy.mnt_passno)
+-	  < 0 ? 1 : 0);
++		   mntcopy.mnt_passno) < 0
++	  || fflush (stream) != 0);
+ }
+ weak_alias (__addmntent, addmntent)
+ 
diff --git a/glibc-2.3.6-avx-increase_BF_FRAME.patch b/glibc-2.3.6-avx-increase_BF_FRAME.patch
index 3056698..ee96eda 100644
--- a/glibc-2.3.6-avx-increase_BF_FRAME.patch
+++ b/glibc-2.3.6-avx-increase_BF_FRAME.patch
@@ -1,13 +1,11 @@
---- glibc-2.3.5/crypt/x86.S.avx	2006-07-06 11:16:18.000000000 -0600
-+++ glibc-2.3.5/crypt/x86.S	2006-07-06 11:16:30.000000000 -0600
-@@ -32,8 +32,8 @@
+--- crypt/x86.S	2011-07-16 11:09:42.000000000 -0400
++++ crypt/x86.S.oden	2011-11-25 04:07:23.574489383 -0500
+@@ -42,7 +42,7 @@
  #define DO_ALIGN(log)			.align (1 << (log))
  #endif
  
 -#define BF_FRAME			0x200
--#define BF_CLEAN			0x300
 +#define BF_FRAME			0x400
-+#define BF_CLEAN			0x500
  #define ctx				%esp
  
  #define BF_ptr				(ctx)
diff --git a/glibc-2.7-mdv-wrapper_handle_sha.patch b/glibc-2.7-mdv-wrapper_handle_sha.patch
index 44db632..662dcc4 100644
--- a/glibc-2.7-mdv-wrapper_handle_sha.patch
+++ b/glibc-2.7-mdv-wrapper_handle_sha.patch
@@ -1,78 +1,13 @@
---- crypt/wrapper.c.org	2008-06-17 13:29:30.000000000 -0600
-+++ crypt/wrapper.c	2008-06-17 15:33:47.000000000 -0600
-@@ -43,6 +43,10 @@ extern char *_crypt_gensalt_extended_rn(
- 	__CONST char *input, int size, char *output, int output_size);
- extern char *_crypt_gensalt_md5_rn(unsigned long count,
- 	__CONST char *input, int size, char *output, int output_size);
-+extern char *_crypt_gensalt_sha256c_rn(unsigned long count,
-+	__CONST char *input, int size, char *output, int output_size);
-+extern char *_crypt_gensalt_sha512c_rn(unsigned long count,
-+	__CONST char *input, int size, char *output, int output_size);
- 
- #if defined(__GLIBC__) && defined(_LIBC)
- /* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
-@@ -54,6 +58,11 @@ extern char *__md5_crypt_r(const char *k
- extern char *__des_crypt_r(const char *key, const char *salt,
- 	struct crypt_data *data);
- extern struct crypt_data _ufc_foobar;
-+/* support for sha256-crypt and sha512-crypt */
-+extern char *__sha256_crypt_r (const char *key, const char *salt,
-+			       char *buffer, int buflen);
-+extern char *__sha512_crypt_r (const char *key, const char *salt,
-+			       char *buffer, int buflen);
- #endif
- 
- static int _crypt_data_alloc(void **data, int *size, int need)
-@@ -142,6 +151,10 @@ char *__crypt_rn(__const char *key, __co
- 		return _crypt_blowfish_rn(key, setting, (char *)data, size);
- 	if (setting[0] == '$' && setting[1] == '1')
- 		return __md5_crypt_r(key, setting, (char *)data, size);
-+	if (setting[0] == '$' && setting[1] == '5')
-+		return __sha256_crypt_r(key, setting, (char *)data, size);
-+	if (setting[0] == '$' && setting[1] == '6')
-+		return __sha512_crypt_r(key, setting, (char *)data, size);
- 	if (setting[0] == '$') goto out_einval;
- 	if (setting[0] == '_') {
- 		if (size < sizeof(struct _crypt_extended_data)) goto out_erange;
-@@ -181,6 +194,16 @@ char *__crypt_ra(__const char *key, __co
- 			return NULL;
- 		return __md5_crypt_r(key, setting, (char *)*data, *size);
- 	}
-+	if (setting[0] == '$' && setting[1] == '5') {
-+		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
-+			return NULL;
-+		return __sha256_crypt_r(key, setting, (char *)*data, *size);
-+	}
-+	if (setting[0] == '$' && setting[1] == '6') {
-+		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
-+			return NULL;
-+		return __sha512_crypt_r(key, setting, (char *)*data, *size);
-+	}
- 	if (setting[0] == '$') goto out_einval;
- 	if (setting[0] == '_') {
- 		if (_crypt_data_alloc(data, size,
-@@ -271,6 +294,12 @@ char *__crypt_gensalt_rn(__CONST char *p
- 	if (!strncmp(prefix, "$1$", 3))
- 		use = _crypt_gensalt_md5_rn;
- 	else
-+	if (!strncmp(prefix, "$5$", 3))
-+		use = _crypt_gensalt_sha256c_rn;
-+	else
-+	if (!strncmp(prefix, "$6$", 3))
-+		use = _crypt_gensalt_sha512c_rn;
-+	else
- 	if (prefix[0] == '_')
- 		use = _crypt_gensalt_extended_rn;
- 	else
---- crypt/crypt_gensalt.c.org	2008-06-17 13:31:49.000000000 -0600
-+++ crypt/crypt_gensalt.c	2008-06-17 15:30:35.000000000 -0600
-@@ -109,3 +109,78 @@ char *_crypt_gensalt_md5_rn(unsigned lon
+diff -Naurp glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.c glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.c
+--- glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.c	2011-07-16 11:06:53.000000000 -0400
++++ glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.c	2011-11-25 04:08:39.264489146 -0500
+@@ -122,3 +122,78 @@ char *_crypt_gensalt_md5_rn(const char *
  
  	return output;
  }
 +
 +char *_crypt_gensalt_sha256c_rn(unsigned long count,
-+	__CONST char *input, int size, char *output, int output_size)
++	const char *input, int size, char *output, int output_size)
 +{
 +	unsigned long value;
 +
@@ -110,7 +45,7 @@
 +
 +
 +char *_crypt_gensalt_sha512c_rn(unsigned long count,
-+	__CONST char *input, int size, char *output, int output_size)
++	const char *input, int size, char *output, int output_size)
 +{
 +	unsigned long value;
 +
@@ -145,3 +80,72 @@
 +
 +	return output;
 +}
+diff -Naurp glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.h glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.h
+--- glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.h	2011-07-16 10:58:39.000000000 -0400
++++ glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.h	2011-11-25 04:13:34.984489216 -0500
+@@ -26,5 +26,8 @@ extern char *_crypt_gensalt_extended_rn(
+ 	const char *input, int size, char *output, int output_size);
+ extern char *_crypt_gensalt_md5_rn(const char *prefix, unsigned long count,
+ 	const char *input, int size, char *output, int output_size);
+-
++extern char *_crypt_gensalt_sha256c_rn(unsigned long count,
++	const char *input, int size, char *output, int output_size);
++extern char *_crypt_gensalt_sha512c_rn(unsigned long count,
++	const char *input, int size, char *output, int output_size);
+ #endif
+diff -Naurp glibc-2.14-121-g5551a7b/crypt/wrapper.c glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c
+--- glibc-2.14-121-g5551a7b/crypt/wrapper.c	2011-11-25 04:08:23.654489356 -0500
++++ glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c	2011-11-25 04:08:39.264489146 -0500
+@@ -55,6 +55,11 @@ extern char *__md5_crypt_r(const char *k
+ extern char *__des_crypt_r(const char *key, const char *salt,
+ 	struct crypt_data *data);
+ extern struct crypt_data _ufc_foobar;
++/* support for sha256-crypt and sha512-crypt */
++extern char *__sha256_crypt_r (const char *key, const char *salt,
++			       char *buffer, int buflen);
++extern char *__sha512_crypt_r (const char *key, const char *salt,
++			       char *buffer, int buflen);
+ #endif
+ 
+ static int _crypt_data_alloc(void **data, int *size, int need)
+@@ -140,6 +145,10 @@ char *__crypt_rn(__const char *key, __co
+ 		return _crypt_blowfish_rn(key, setting, (char *)data, size);
+ 	if (setting[0] == '$' && setting[1] == '1')
+ 		return __md5_crypt_r(key, setting, (char *)data, size);
++	if (setting[0] == '$' && setting[1] == '5')
++		return __sha256_crypt_r(key, setting, (char *)data, size);
++	if (setting[0] == '$' && setting[1] == '6')
++		return __sha512_crypt_r(key, setting, (char *)data, size);
+ 	if (setting[0] == '$') goto out_einval;
+ 	if (setting[0] == '_') {
+ 		if (size < sizeof(struct _crypt_extended_data)) goto out_erange;
+@@ -179,6 +188,16 @@ char *__crypt_ra(__const char *key, __co
+ 			return NULL;
+ 		return __md5_crypt_r(key, setting, (char *)*data, *size);
+ 	}
++	if (setting[0] == '$' && setting[1] == '5') {
++		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
++			return NULL;
++		return __sha256_crypt_r(key, setting, (char *)*data, *size);
++	}
++	if (setting[0] == '$' && setting[1] == '6') {
++		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
++			return NULL;
++		return __sha512_crypt_r(key, setting, (char *)*data, *size);
++	}
+ 	if (setting[0] == '$') goto out_einval;
+ 	if (setting[0] == '_') {
+ 		if (_crypt_data_alloc(data, size,
+@@ -270,6 +289,12 @@ char *__crypt_gensalt_rn(const char *pre
+ 	if (!strncmp(prefix, "$1$", 3))
+ 		use = _crypt_gensalt_md5_rn;
+ 	else
++	if (!strncmp(prefix, "$5$", 3))
++		use = _crypt_gensalt_sha256c_rn;
++	else
++	if (!strncmp(prefix, "$6$", 3))
++		use = _crypt_gensalt_sha512c_rn;
++	else
+ 	if (prefix[0] == '_')
+ 		use = _crypt_gensalt_extended_rn;
+ 	else
diff --git a/glibc-2.9-avx-relocate_fcrypt.patch b/glibc-2.9-avx-relocate_fcrypt.patch
index d92cba6..b4e4f2c 100644
--- a/glibc-2.9-avx-relocate_fcrypt.patch
+++ b/glibc-2.9-avx-relocate_fcrypt.patch
@@ -1,6 +1,6 @@
-diff -p -up glibc-2.9/crypt/crypt-entry.c.orig glibc-2.9/crypt/crypt-entry.c
---- glibc-2.9/crypt/crypt-entry.c.orig	2009-01-15 10:43:01.000000000 -0500
-+++ glibc-2.9/crypt/crypt-entry.c	2009-01-15 10:43:18.000000000 -0500
+diff -Naurp glibc-2.14-121-g5551a7b/crypt/crypt-entry.c glibc-2.14-121-g5551a7b.oden/crypt/crypt-entry.c
+--- glibc-2.14-121-g5551a7b/crypt/crypt-entry.c	2011-11-25 05:00:43.214487962 -0500
++++ glibc-2.14-121-g5551a7b.oden/crypt/crypt-entry.c	2011-11-25 05:04:42.044487854 -0500
 @@ -164,18 +164,3 @@ crypt (key, salt)
  #endif
  
@@ -20,14 +20,16 @@ diff -p -up glibc-2.9/crypt/crypt-entry.c.orig glibc-2.9/crypt/crypt-entry.c
 -  return crypt (key, salt);
 -}
 -#endif
-diff -p -up glibc-2.9/crypt/wrapper.c.orig glibc-2.9/crypt/wrapper.c
---- glibc-2.9/crypt/wrapper.c.orig	2009-01-15 10:43:01.000000000 -0500
-+++ glibc-2.9/crypt/wrapper.c	2009-01-15 10:43:18.000000000 -0500
-@@ -326,7 +326,22 @@ weak_alias(__crypt_gensalt_rn, crypt_gen
+diff -Naurp glibc-2.14-121-g5551a7b/crypt/wrapper.c glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c
+--- glibc-2.14-121-g5551a7b/crypt/wrapper.c	2011-11-25 05:00:43.224487962 -0500
++++ glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c	2011-11-25 05:05:14.264487791 -0500
+@@ -324,7 +324,22 @@ weak_alias(__crypt, crypt)
+ weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn)
  weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra)
  weak_alias(__crypt_gensalt, crypt_gensalt)
- #endif
--
+-weak_alias(crypt, fcrypt)
++#endif
++
 +/*
 + * To make fcrypt users happy.
 + * They don't need to call init_des.
@@ -37,13 +39,11 @@ diff -p -up glibc-2.9/crypt/wrapper.c.orig glibc-2.9/crypt/wrapper.c
 +#else
 +char *
 +__fcrypt (key, salt)
-+    const char *key;
-+    const char *salt;
++     const char *key;
++     const char *salt;
 +{
 +  return crypt (key, salt);
 +}
-+#endif
-+               
+ #endif
+ 
  #ifdef TEST
- static struct {
- 	char *hash;
diff --git a/glibc-CVE-2011-1659.diff b/glibc-CVE-2011-1659.diff
new file mode 100644
index 0000000..b62fe5d
--- /dev/null
+++ b/glibc-CVE-2011-1659.diff
@@ -0,0 +1,37 @@
+From 8126d90480fa3e0c5c5cd0d02cb1c93174b45485 Mon Sep 17 00:00:00 2001
+From: Ulrich Drepper <drepper@gmail.com>
+Date: Fri, 18 Mar 2011 05:29:20 -0400
+Subject: [PATCH] Check size of pattern in wide character representation in fnmatch.
+
+diff --git a/posix/fnmatch.c b/posix/fnmatch.c
+index 0af5ee6..819a6a7 100644
+--- a/posix/fnmatch.c
++++ b/posix/fnmatch.c
+@@ -375,6 +375,11 @@ fnmatch (pattern, string, flags)
+ 	       XXX Do we have to set `errno' to something which mbsrtows hasn't
+ 	       already done?  */
+ 	    return -1;
++	  if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
++	    {
++	      __set_errno (ENOMEM);
++	      return -2;
++	    }
+ 	  wpattern_malloc = wpattern
+ 	    = (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
+ 	  assert (mbsinit (&ps));
+@@ -419,6 +424,12 @@ fnmatch (pattern, string, flags)
+ 	       XXX Do we have to set `errno' to something which mbsrtows hasn't
+ 	       already done?  */
+ 	    goto free_return;
++	  if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
++	    {
++	      free (wpattern_malloc);
++	      __set_errno (ENOMEM);
++	      return -2;
++	    }
+ 
+ 	  wstring_malloc = wstring
+ 	    = (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
+-- 
+1.7.3.4
+
diff --git a/glibc.spec b/glibc.spec
index 4e7c9af..3743e7a 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -3,7 +3,7 @@
 
 # <epoch>:<version>-<release> tags for glibc main package
 %define glibcversion	2.13
-%define __glibcrelease	7
+%define __glibcrelease	6
 %define glibcepoch	6
 # for added ports support for arches like arm
 %define build_ports	0
@@ -33,7 +33,7 @@
 %endif
 
 # crypt blowfish support
-%define crypt_bf_ver	1.0.2
+%define crypt_bf_ver	1.2
 
 # Define "cross" to an architecture to which glibc is to be
 # cross-compiled
@@ -133,6 +133,7 @@
 Summary:	The GNU libc libraries
 Name:		%{name}
 Version:	%{glibcversion}
+%define subrel 1
 Release:	%{glibcrelease}
 Epoch:		%{glibcepoch}
 License:	LGPL
@@ -300,6 +301,8 @@ Patch48:	glibc-2.13-prelink.patch
 Patch49:	0001-x86_64-fix-for-new-memcpy-behavior.patch
 # shamlessly taken in linaro. just look dirty woraround
 Patch50:	glibc_local-syscall-mcount.diff
+Patch51:	glibc-CVE-2011-1659.diff
+Patch52:	glibc-2.11.1-CVE-2011-1089.diff
 
 # Determine minium kernel versions
 %define		enablekernel 2.6.9
@@ -559,9 +562,9 @@ cp -a crypt_blowfish-%{crypt_bf_ver}/*.[chS] crypt/
 ## FreeSec support for extended/new-style/BSDI hashes in crypt(3)
 %patch39 -p1 -b .mdv-owl-crypt_freesec
 %patch40 -p1 -b .avx-relocate_fcrypt
-%patch41 -p1 -b .avx-increase_BF_FRAME
+%patch41 -p0 -b .avx-increase_BF_FRAME
 # add sha256-crypt and sha512-crypt support to the Openwall wrapper
-%patch43 -p0 -b .mdv-wrapper_handle_sha
+%patch43 -p1 -b .mdv-wrapper_handle_sha
 
 %if %{build_selinux}
 # XXX kludge to build nscd with selinux support as it added -nostdinc
@@ -569,6 +572,10 @@ cp -a crypt_blowfish-%{crypt_bf_ver}/*.[chS] crypt/
 ln -s %{_includedir}/selinux selinux
 %endif
 
+# security fixes
+%patch51 -p1 -b .CVE-2011-1659
+%patch52 -p0 -b .CVE-2011-1089
+
 find . -type f -size 0 -o -name "*.orig" -exec rm -f {} \;
 
 # (Anssi 03/2008) FIXME: use _provides_exceptions
@@ -1663,6 +1670,12 @@ fi
 
 
 %changelog
+* Fri Nov 25 2011 Oden Eriksson <oeriksson@mandriva.com> 6:2.13-6.1
+- crypt_blowfish-1.2 (crypt_blowfish-1.1 fixed CVE-2011-2483)
+- rediffed the needed patches
+- P51: security fix for CVE-2011-1659 (upstream)
+- P52: security fix for CVE-2011-1089 (upstream)
+
 * Fri Aug 19 2011 Paulo Andrade <pcpa@mandriva.com.br> 6:2.13-6mnb2
 + Revision: 695609
 - Install gconv modules (#64019)