diff --git a/sudo-1.6.9p17-Makefile.patch b/sudo-1.6.9p17-Makefile.patch
new file mode 100644
index 0000000..ce8b241
--- /dev/null
+++ b/sudo-1.6.9p17-Makefile.patch
@@ -0,0 +1,12 @@
+diff -up sudo-1.6.9p17/Makefile.in.modfix sudo-1.6.9p17/Makefile.in
+--- sudo-1.6.9p17/Makefile.in.modfix	2009-02-24 04:31:34.000000000 +0100
++++ sudo-1.6.9p17/Makefile.in	2009-02-24 04:31:17.000000000 +0100
+@@ -190,7 +190,7 @@ sudo_noexec.lo: $(srcdir)/sudo_noexec.c
+ 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(OPTIONS) $(srcdir)/sudo_noexec.c
+ 
+ sudo_noexec.la: sudo_noexec.lo
+-	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -avoid-version -rpath $(noexecdir)
++	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ sudo_noexec.lo -module -avoid-version -rpath $(noexecdir)
+ 
+ # Uncomment the following if you want "make distclean" to clean the parser
+ @DEV@PARSESRCS = sudo.tab.h sudo.tab.c lex.yy.c def_data.c def_data.h
diff --git a/sudo-1.6.9p17-runas.patch b/sudo-1.6.9p17-runas.patch
new file mode 100644
index 0000000..273e21d
--- /dev/null
+++ b/sudo-1.6.9p17-runas.patch
@@ -0,0 +1,23 @@
+Index: parse.c
+===================================================================
+RCS file: /home/cvs/courtesan/sudo/parse.c,v
+retrieving revision 1.160.2.21
+diff -u -r1.160.2.21 parse.c
+--- parse.c	2 Nov 2008 14:35:53 -0000	1.160.2.21
++++ parse.c	23 Jan 2009 19:16:55 -0000
+@@ -651,9 +651,11 @@
+     /*
+      * If the user has a supplementary group vector, check it first.
+      */
+-    for (i = 0; i < user_ngroups; i++) {
+-	if (grp->gr_gid == user_groups[i])
+-	    return(TRUE);
++    if (strcmp(user, user_name) == 0) {
++	for (i = 0; i < user_ngroups; i++) {
++	    if (grp->gr_gid == user_groups[i])
++		return(TRUE);
++	}
+     }
+     if (grp->gr_mem != NULL) {
+ 	for (cur = grp->gr_mem; *cur; cur++) {
+
diff --git a/sudo.spec b/sudo.spec
index f937856..c22d7df 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.6.9p17
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: BSD
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -28,6 +28,8 @@ Patch2: sudo-1.6.9p4-login.patch
 Patch3: sudo-1.6.9p4-getgrouplist.patch
 Patch4: sudo-1.6.9p12-noPam.patch
 Patch5: sudo-1.6.9p13-audit.patch
+Patch6: sudo-1.6.9p17-Makefile.patch
+Patch7: sudo-1.6.9p17-runas.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -47,10 +49,12 @@ on many different machines.
 %patch3 -p1 -b .getgrouplist
 %patch4 -p1 -b .noPam
 %patch5 -p1 -b .audit
+%patch6 -p1 -b .Makefile
+%patch7 -p0 -b .runas
 
 %build
 #hande newer autoconf
-rm acsite.m4 && mv aclocal.m4 acinclude.m4 && autoreconf
+libtoolize --force && acsite.m4 && mv aclocal.m4 acinclude.m4 && autoreconf
 
 %ifarch s390 s390x sparc64
 F_PIE=-fPIE
@@ -75,7 +79,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie"
         --with-ldap \
 	--with-selinux \
 	--with-passprompt="[sudo] password for %p: " \
-	--with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin"
+	--with-secure-path="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
 #	--without-kerb5 \
 #	--without-kerb4
 make
@@ -133,6 +137,11 @@ rm -rf $RPM_BUILD_ROOT
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Tue Feb 24 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-4
+- fixed building with new libtool
+- fix for incorrect handling of groups in Runas_User
+- added /usr/local/sbin to secure-path
+
 * Tue Jan 13 2009 Daniel Kopecek <dkopecek@redhat.com> 1.6.9p17-3
 - build with sendmail installed
 - Added /usr/local/bin to secure-path