diff --git a/gnupg-2.0.14-secmem.patch b/gnupg-2.0.14-secmem.patch
new file mode 100644
index 0000000..194cec3
--- /dev/null
+++ b/gnupg-2.0.14-secmem.patch
@@ -0,0 +1,33 @@
+diff -up gnupg-2.0.14/g10/gpg.c.secmem gnupg-2.0.14/g10/gpg.c
+--- gnupg-2.0.14/g10/gpg.c.secmem	2009-12-21 15:00:55.000000000 +0100
++++ gnupg-2.0.14/g10/gpg.c	2010-06-18 18:03:24.000000000 +0200
+@@ -789,7 +789,7 @@ make_libversion (const char *libname, co
+   
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
+@@ -892,7 +892,7 @@ build_list( const char *text, char lette
+     char *list, *p, *line=NULL;
+ 
+     if (maybe_setuid)
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+ 
+     for(i=0; i <= 110; i++ )
+ 	if( !chkf(i) && (s=mapf(i)) )
+diff -up gnupg-2.0.14/sm/gpgsm.c.secmem gnupg-2.0.14/sm/gpgsm.c
+--- gnupg-2.0.14/sm/gpgsm.c.secmem	2009-12-10 12:35:43.000000000 +0100
++++ gnupg-2.0.14/sm/gpgsm.c	2010-06-18 18:03:07.000000000 +0200
+@@ -493,7 +493,7 @@ make_libversion (const char *libname, co
+   
+   if (maybe_setuid)
+     {
+-      gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
++      gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0);  /* Drop setuid. */
+       maybe_setuid = 0;
+     }
+   s = getfnc (NULL);
diff --git a/gnupg2.spec b/gnupg2.spec
index 9b50a3d..16e9738 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -2,7 +2,7 @@
 Summary: Utility for secure communication and data storage
 Name:    gnupg2
 Version: 2.0.14
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 License: GPLv3+
 Group:   Applications/System
@@ -12,6 +12,7 @@ Source1: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.
 #Source0: gnupg2-20090809svn.tar.bz2
 Patch1:  gnupg-2.0.13-insttools.patch
 Patch2:  gnupg-2.0.14-tests-s2kcount.patch
+Patch3:  gnupg-2.0.14-secmem.patch
 
 URL:     http://www.gnupg.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -72,6 +73,7 @@ to the base GnuPG package
 
 %patch1 -p1 -b .insttools
 %patch2 -p1 -b .s2k
+%patch3 -p1 -b .secmem
 
 # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
 # Note: this is just the name of the default shared lib to load in scdaemon,
@@ -184,6 +186,10 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Jun 18 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-3
+- initialize small amount of secmem for list of algorithms in help (#598847)
+  (necessary in the FIPS mode of libgcrypt)
+
 * Tue Feb  9 2010 Tomas Mraz <tmraz@redhat.com> - 2.0.14-2
 - disable selinux support - it is too rudimentary and restrictive (#562982)