diff --git a/libxcrypt-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch b/libxcrypt-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
new file mode 100644
index 0000000..f5b96dd
--- /dev/null
+++ b/libxcrypt-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
@@ -0,0 +1,35 @@
+From 664bfda5a51dbaa75904b29a7cd3c51888db6bd9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Wed, 21 Nov 2018 18:27:51 +0100
+Subject: [PATCH] Use XCRYPT_STRCPY_OR_ABORT in crypt_nt_rn.
+
+---
+ crypt-nthash.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/crypt-nthash.c b/crypt-nthash.c
+index bb7c1ff..83c45ea 100644
+--- a/crypt-nthash.c
++++ b/crypt-nthash.c
+@@ -49,9 +49,9 @@
+ 
+ void
+ crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
+-                 const char *setting, size_t ARG_UNUSED (set_size),
+-                 uint8_t *output, size_t out_size,
+-                 void *scratch, size_t scr_size)
++             const char *setting, size_t ARG_UNUSED (set_size),
++             uint8_t *output, size_t out_size,
++             void *scratch, size_t scr_size)
+ {
+   size_t unipwLen;
+   int i;
+@@ -86,7 +86,7 @@ crypt_nt_rn (const char *phrase, size_t ARG_UNUSED (phr_size),
+   MD4_Update (ctx, unipw, unipwLen*sizeof(uint16_t));
+   MD4_Final (hash, ctx);
+ 
+-  output = (uint8_t *)stpcpy ((char *)output, magic);
++  output += XCRYPT_STRCPY_OR_ABORT (output, out_size, magic);
+   *output++ = '$';
+   for (i = 0; i < 16; i++)
+     {
diff --git a/libxcrypt.spec b/libxcrypt.spec
index 3e345bc..1883580 100644
--- a/libxcrypt.spec
+++ b/libxcrypt.spec
@@ -89,7 +89,7 @@ fi                                                             \
 
 Name:           libxcrypt
 Version:        4.4.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Extended crypt library for DES, MD5, Blowfish and others
 
 # For explicit license breakdown, see the
@@ -100,6 +100,7 @@ Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 
 # Patch 0000 - 2999: Backported patches from upstream.
 Patch0:         %{url}/commit/a60130b2211c6666bee69051b2b76413af2d679f.patch#/%{name}-4.4.0-fix_manual-page-warning_list-type-stack0.patch
+Patch1:         %{url}/commit/664bfda5a51dbaa75904b29a7cd3c51888db6bd9.patch#/%{name}-4.4.0-use_XCRYPT_STRCPY_OR_ABORT_in_crypt_nt_rn.patch
 
 # Patch 3000 - 5999: Backported patches from pull requests.
 
@@ -327,6 +328,9 @@ done
 
 
 %changelog
+* Mon Nov 26 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-2
+- Backport upstream commit to use a safer strcpy for the NT method
+
 * Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1
 - New upstream release