diff --git a/pam-1.1.4-access-split.patch b/pam-1.1.4-access-split.patch
new file mode 100644
index 0000000..613de6c
--- /dev/null
+++ b/pam-1.1.4-access-split.patch
@@ -0,0 +1,35 @@
+commit 61f4f06abc9b8fcb3c478fa430b52499fd2ca300
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Date:   Thu Aug 25 15:48:51 2011 +0200
+
+    Fix the split on @ in the user field. (Red Hat Bug #732081)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7563098..b4f1ef8 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,8 @@
++2011-08-25  Tomas Mraz  <tm@t8m.info>
++
++	* modules/pam_access/pam_access.c (user_match): Fix the split
++	  on @ in the user field. (Red Hat Bug #732081)
++
+ 2011-08-23  Tomas Mraz  <tm@t8m.info>
+ 
+ 	* modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference.
+diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
+index 0eb1e8c..472116c 100644
+--- a/modules/pam_access/pam_access.c
++++ b/modules/pam_access/pam_access.c
+@@ -521,7 +521,10 @@ user_match (pam_handle_t *pamh, char *tok, struct login_info *item)
+      * name of the user's primary group.
+      */
+ 
+-    if (tok[0] != '@' && (at = strchr(tok + 1, '@')) != 0) {
++    /* Try to split on a pattern (@*[^@]+)(@+.*) */
++    for (at = tok; *at == '@'; ++at);
++
++    if ((at = strchr(at, '@')) != NULL) {
+         /* split user@host pattern */
+ 	if (item->hostname == NULL)
+ 	    return NO;
diff --git a/pam-1.1.4-console-fixes.patch b/pam-1.1.4-console-fixes.patch
new file mode 100644
index 0000000..11c03e6
--- /dev/null
+++ b/pam-1.1.4-console-fixes.patch
@@ -0,0 +1,72 @@
+diff -up Linux-PAM-1.1.4/modules/pam_console/handlers.c.console-fixes Linux-PAM-1.1.4/modules/pam_console/handlers.c
+--- Linux-PAM-1.1.4/modules/pam_console/handlers.c.console-fixes	2008-12-16 13:37:52.000000000 +0100
++++ Linux-PAM-1.1.4/modules/pam_console/handlers.c	2011-07-15 14:49:39.000000000 +0200
+@@ -172,13 +172,13 @@ call_exec(struct console_handler *handle
+         const char *flagptr;
+         const char **argv;
+         int i = 0;
+-        argv = malloc(sizeof(*argv)*nparams+2);
+-        
++        argv = malloc(sizeof(*argv)*(nparams+2));
++
+         if (argv == NULL)
+                 return;
+-        
++
+         argv[i++] = handler->executable;
+-        
++
+         for (flagptr = handler->flags; *flagptr != '\0'; flagptr += strlen(flagptr)+1) {
+                 switch (testflag(flagptr)) {
+                 case HF_LOGFAIL:
+@@ -231,7 +231,7 @@ execute_handler(pam_handle_t *pamh, stru
+         }
+ 
+ 	sighandler = signal(SIGCHLD, SIG_DFL);
+-        
++
+         child = fork();
+         switch (child) {
+         case -1:
+@@ -246,30 +246,32 @@ execute_handler(pam_handle_t *pamh, stru
+                 if (!wait_exit) {
+ 			switch(fork()) {
+ 			case 0:
+-				exit(0);
++				if(setsid() == -1) {
++					_exit(255);
++				}
++				break;
+ 			case -1:
+-				exit(255);
++				_exit(255);
+ 			default:
+-                    		if(setsid() == -1) {
+-                            		exit(255);
+-				}
++				_exit(0);
+ 			}
+                 }
+                 if (set_uid) {
+                         struct passwd *pw;
+                         pw = getpwnam(user);
+                         if (pw == NULL)
+-                                exit(255);
++                                _exit(255);
+                         if (setgid(pw->pw_gid) == -1 ||
++			    setgroups(0, NULL) == -1 ||
+                             setuid(pw->pw_uid) == -1)
+-                                exit(255);
++                                _exit(255);
+                 }
+                 call_exec(handler, nparams, user, tty);
+-                exit(255);
++                _exit(255);
+         default:
+                 break;
+         }
+-        
++
+         waitpid(child, &rv, 0);
+ 
+ 	if (sighandler != SIG_ERR)
diff --git a/pam-1.1.4-env-deref.patch b/pam-1.1.4-env-deref.patch
new file mode 100644
index 0000000..f87e393
--- /dev/null
+++ b/pam-1.1.4-env-deref.patch
@@ -0,0 +1,49 @@
+commit ca6fbe92205fe5b4acf2e92e4c2bf73327b26780
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Date:   Tue Aug 23 12:42:32 2011 +0200
+
+    Fix missing dereference.
+
+diff --git a/ChangeLog b/ChangeLog
+index 07f120f..7563098 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,7 @@
++2011-08-23  Tomas Mraz  <tm@t8m.info>
++
++	* modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference.
++
+ 2011-06-22  Thorsten Kukuk  <kukuk@thkukuk.de>
+ 
+ 	* release version 1.1.4
+diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
+index 865fbaf..1ec01ca 100644
+--- a/modules/pam_env/pam_env.c
++++ b/modules/pam_env/pam_env.c
+@@ -99,7 +99,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ 	if (!strcmp(*argv,"debug"))
+ 	    ctrl |= PAM_DEBUG_ARG;
+ 	else if (!strncmp(*argv,"conffile=",9)) {
+-	  if (*argv+9 == '\0') {
++	  if ((*argv)[9] == '\0') {
+ 	    pam_syslog(pamh, LOG_ERR,
+ 		       "conffile= specification missing argument - ignored");
+ 	  } else {
+@@ -107,7 +107,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ 	    D(("new Configuration File: %s", *conffile));
+ 	  }
+ 	} else if (!strncmp(*argv,"envfile=",8)) {
+-	  if (*argv+8 == '\0') {
++	  if ((*argv)[8] == '\0') {
+ 	    pam_syslog (pamh, LOG_ERR,
+ 			"envfile= specification missing argument - ignored");
+ 	  } else {
+@@ -115,7 +115,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
+ 	    D(("new Env File: %s", *envfile));
+ 	  }
+ 	} else if (!strncmp(*argv,"user_envfile=",13)) {
+-	  if (*argv+13 == '\0') {
++	  if ((*argv)[13] == '\0') {
+ 	    pam_syslog (pamh, LOG_ERR,
+ 			"user_envfile= specification missing argument - ignored");
+ 	  } else {
diff --git a/pam.spec b/pam.spec
index 273f33f..35a7a60 100644
--- a/pam.spec
+++ b/pam.spec
@@ -4,8 +4,9 @@ Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.1.4
 Release: 2%{?dist}
-# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
-# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
+# The library is BSD licensed with option to relicense as GPLv2+
+# - this option is redundant as the BSD license allows that anyway.
+# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
 License: BSD and GPLv2+
 Group: System Environment/Base
 Source0: http://ftp.us.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
@@ -35,6 +36,8 @@ Patch10: pam-1.1.3-nouserenv.patch
 Patch11: pam-1.1.3-console-abstract.patch
 Patch12: pam-1.1.3-faillock-screensaver.patch
 # Upstreamed patches
+Patch30: pam-1.1.4-env-deref.patch
+Patch31: pam-1.1.4-access-split.patch
 
 %define _sbindir /sbin
 %define _moduledir /%{_lib}/security
@@ -49,7 +52,7 @@ Patch12: pam-1.1.3-faillock-screensaver.patch
 %endif
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: cracklib, cracklib-dicts >= 2.8
+Requires: cracklib-dicts >= 2.8
 Requires(post): coreutils, /sbin/ldconfig
 BuildRequires: autoconf >= 2.60
 BuildRequires: automake, libtool
@@ -80,7 +83,7 @@ having to recompile programs that handle authentication.
 %package devel
 Group: Development/Libraries
 Summary: Files needed for developing PAM-aware applications and modules for PAM
-Requires: pam = %{version}-%{release}
+Requires: pam%{?_isa} = %{version}-%{release}
 
 %description devel
 PAM (Pluggable Authentication Modules) is a system security tool that
@@ -106,6 +109,9 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch11 -p1 -b .abstract
 %patch12 -p1 -b .screensaver
 
+%patch30 -p1 -b .deref
+%patch31 -p1 -b .split
+
 libtoolize -f
 autoreconf
 
@@ -359,6 +365,10 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 
 %changelog
+* Thu Aug 25 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-3
+- fix dereference in pam_env
+- fix wrong parse of user@host pattern in pam_access (#732081)
+
 * Fri Jul 15 2011 Tomas Mraz <tmraz@redhat.com> 1.1.4-2
 - clear supplementary groups in pam_console handler execution