diff --git a/at-3.1.12-fix.patch b/at-3.1.12-fix.patch
new file mode 100644
index 0000000..28d118d
--- /dev/null
+++ b/at-3.1.12-fix.patch
@@ -0,0 +1,69 @@
+diff -up at-3.1.12/atd.c.fix at-3.1.12/atd.c
+--- at-3.1.12/atd.c.fix	2010-01-18 14:22:19.364913059 +0100
++++ at-3.1.12/atd.c	2010-01-18 14:20:17.867912485 +0100
+@@ -458,11 +458,9 @@ run_file(const char *filename, uid_t uid
+     size = buf.st_size;
+ 
+ #ifdef WITH_PAM
+-    PRIV_START
+-    PAM_HANDLING;
++    PAM_HANDLING;
+     closelog(); 
+     openlog("atd", LOG_PID, LOG_ATD);
+-    PRIV_END
+ #endif
+ 
+     close(STDIN_FILENO);
+@@ -484,7 +482,6 @@ run_file(const char *filename, uid_t uid
+ 	if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
+ 		nenvp = pam_envp;
+ #endif
+-	PRIV_END
+ 	/* Set up things for the child; we want standard input from the
+ 	 * input file, and standard output and error sent to our output file.
+ 	 */
+@@ -505,8 +502,6 @@ run_file(const char *filename, uid_t uid
+ 	if (chdir(ATJOB_DIR) < 0)
+ 	    perr("Cannot chdir to " ATJOB_DIR);
+ 
+-	PRIV_START
+-
+ 	    nice((tolower((int) queue) - 'a' + 1) * 2);
+ 
+ 	    if (initgroups(pentry->pw_name, pentry->pw_gid))
+@@ -531,6 +526,17 @@ run_file(const char *filename, uid_t uid
+ 
+ 	    if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
+ 		perr("Exec failed for /bin/sh");
++
++//add for fedora
++#ifdef WITH_SELINUX
++   if (selinux_enabled>0)
++           if (setexeccon(NULL) < 0)
++               if (security_getenforce()==1)
++               perr("Could not resset exec context for user %s\n", pentry->pw_name);
++
++#endif
++//end
++//add for fedora
+ #ifdef  WITH_PAM
+ 	    if ( ( nenvp != &nul ) && (pam_envp != 0L)  && (*pam_envp != 0L))
+ 	    {
+@@ -553,7 +559,7 @@ run_file(const char *filename, uid_t uid
+        return with an ECHILD error. 
+      */
+     waitpid(pid, (int *) NULL, 0);
+-
++/*
+ #ifdef WITH_PAM
+     PRIV_START
+ 	pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+@@ -561,7 +567,7 @@ run_file(const char *filename, uid_t uid
+ 	pam_end(pamh, retcode);
+     PRIV_END
+ #endif
+-
++*/
+     /* Send mail.  Unlink the output file after opening it, so it
+      * doesn't hang around after the run.
+      */
diff --git a/at-3.1.12-nitpicks.patch b/at-3.1.12-nitpicks.patch
index 4b73a79..845c707 100644
--- a/at-3.1.12-nitpicks.patch
+++ b/at-3.1.12-nitpicks.patch
@@ -1,6 +1,6 @@
 diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in
 --- at-3.1.12/at.1.in.nit	2009-11-23 16:11:52.000000000 +0100
-+++ at-3.1.12/at.1.in	2009-12-03 10:32:19.018261655 +0100
++++ at-3.1.12/at.1.in	2010-01-18 14:43:58.287163082 +0100
 @@ -121,7 +121,7 @@ and to run a job at 1am tomorrow, you wo
  .B at 1am tomorrow.
  .PP
@@ -10,9 +10,27 @@ diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in
  .PP
  For both
  .BR at " and " batch ,
+@@ -216,7 +216,7 @@ queue for
+ .BR batch .
+ Queues with higher letters run with increased niceness.  The special
+ queue "=" is reserved for jobs which are currently running.
+-.P
++
+ If a job is submitted to a queue designated with an uppercase letter, the
+ job is treated as if it were submitted to batch at the time of the job.
+ Once the time is reached, the batch processing rules with respect to load
+@@ -253,7 +253,7 @@ is an alias for
+ .TP
+ .B \-v
+ Shows the time the job will be executed before reading the job.
+-.P
++
+ Times displayed will be in the format "Thu Feb 20 14:50:00 1997".
+ .TP
+ .B
 diff -up at-3.1.12/atd.c.nit at-3.1.12/atd.c
 --- at-3.1.12/atd.c.nit	2009-11-23 16:11:52.000000000 +0100
-+++ at-3.1.12/atd.c	2009-12-03 10:33:12.494259601 +0100
++++ at-3.1.12/atd.c	2010-01-18 14:42:58.024161433 +0100
 @@ -83,6 +83,9 @@
  #include "getloadavg.h"
  #endif
diff --git a/at-3.1.12-shell.patch b/at-3.1.12-shell.patch
index 891fa97..617b8f9 100644
--- a/at-3.1.12-shell.patch
+++ b/at-3.1.12-shell.patch
@@ -31,7 +31,7 @@ diff -up at-3.1.12/at.c.shell at-3.1.12/at.c
  	    "inaccessible' >&2\n\t exit 1\n}\n");
  
 +    i = random();
-+    fprintf(fp, "${SHELL:-/bin/sh} << marcinDELIMITER%08lx\n", i);
++    fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i);
 +
      istty = isatty(fileno(stdin));
      if (istty) {
diff --git a/at.spec b/at.spec
index d653196..29698db 100644
--- a/at.spec
+++ b/at.spec
@@ -6,7 +6,7 @@
 Summary: Job spooling tools
 Name: at
 Version: %{major_ver}
-Release: 1%{dist}
+Release: 2%{dist}
 License: GPLv2+
 Group: System Environment/Daemons
 URL: http://ftp.debian.org/debian/pool/main/a/at
@@ -23,6 +23,7 @@ Patch3: at-3.1.12-shell.patch
 Patch4: at-3.1.12-nitpicks.patch
 Patch5: at-3.1.12-pam.patch
 Patch6: at-3.1.12-selinux.patch
+Patch7: at-3.1.12-fix.patch
 
 BuildRequires: fileutils chkconfig /etc/init.d
 BuildRequires: flex bison autoconf
@@ -58,6 +59,7 @@ cp %{SOURCE1} .
 %patch4 -p1 -b .nit
 %patch5 -p1 -b .pam
 %patch6 -p1 -b .selinux
+%patch7 -p1 -b .fix
 
 %build
 # patch9 touches configure.in
@@ -159,6 +161,9 @@ fi
 %attr(0755,root,root)		%{_libdir}/pm-utils/sleep.d/56atd
 
 %changelog
+* Mon Jan 18 2010 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-2
+- polish pam in atd again
+
 * Thu Dec  3 2009 Marcela Mašláňová <mmaslano@redhat.com> - 3.1.12-1
 - update to the new version of at
 - adapt patches for new version