diff --git a/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch b/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
new file mode 100644
index 0000000..d3f80b1
--- /dev/null
+++ b/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
@@ -0,0 +1,105 @@
+From 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 Mon Sep 17 00:00:00 2001
+From: "Neal H. Walfield" <neal@g10code.com>
+Date: Tue, 15 Dec 2015 12:21:30 +0100
+Subject: [PATCH] gpg: Improve the keyblock cache's transparency.
+
+* kbx/keybox-search.c (keybox_offset): New function.
+* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
+(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
+HD->KEYBLOCK_CACHE.OFFSET.
+(keydb_search): Don't use the cached result if it comes before the
+current file position.  When caching an entry, also record the
+position at which it was found.
+
+--
+Signed-off-by: Neal H. Walfield <neal@g10code.com>
+GnuPG-bug-id: 2187
+---
+ g10/keydb.c         | 19 ++++++++++++++++++-
+ kbx/keybox-search.c |  8 ++++++++
+ kbx/keybox.h        |  2 ++
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/g10/keydb.c b/g10/keydb.c
+index d7c35de..860187f 100644
+--- a/g10/keydb.c
++++ b/g10/keydb.c
+@@ -81,6 +81,9 @@ struct keyblock_cache {
+   u32 *sigstatus;
+   int pk_no;
+   int uid_no;
++  /* Offset of the record in the keybox.  */
++  int resource;
++  off_t offset;
+ };
+ 
+ 
+@@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd)
+   hd->keyblock_cache.sigstatus = NULL;
+   iobuf_close (hd->keyblock_cache.iobuf);
+   hd->keyblock_cache.iobuf = NULL;
++  hd->keyblock_cache.resource = -1;
++  hd->keyblock_cache.offset = -1;
+ }
+ 
+ 
+@@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+       && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
+           || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
+       && hd->keyblock_cache.state  == KEYBLOCK_CACHE_FILLED
+-      && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20))
++      && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)
++      /* Make sure the current file position occurs before the cached
++         result to avoid an infinite loop.  */
++      && (hd->current < hd->keyblock_cache.resource
++          || (hd->current == hd->keyblock_cache.resource
++              && (keybox_offset (hd->active[hd->current].u.kb)
++                  <= hd->keyblock_cache.offset))))
+     {
+       /* (DESCINDEX is already set).  */
+       if (DBG_CLOCK)
+@@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+       && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
+     {
+       hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
++      hd->keyblock_cache.resource = hd->current;
++      /* The current offset is at the start of the next record.  Since
++         a record is at least 1 byte, we just use offset - 1, which is
++         within the record.  */
++      hd->keyblock_cache.offset
++        = keybox_offset (hd->active[hd->current].u.kb) - 1;
+       memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20);
+     }
+ 
+diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
+index 78e0c23..df959b6 100644
+--- a/kbx/keybox-search.c
++++ b/kbx/keybox-search.c
+@@ -1188,3 +1188,11 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value)
+   ec = get_flag_from_image (buffer, length, what, value);
+   return ec? gpg_error (ec):0;
+ }
++
++off_t
++keybox_offset (KEYBOX_HANDLE hd)
++{
++  if (!hd->fp)
++    return 0;
++  return ftello (hd->fp);
++}
+diff --git a/kbx/keybox.h b/kbx/keybox.h
+index 8c31141..c91a282 100644
+--- a/kbx/keybox.h
++++ b/kbx/keybox.h
+@@ -77,6 +77,8 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
+ 
+ int keybox_lock (KEYBOX_HANDLE hd, int yes);
+ 
++off_t keybox_offset (KEYBOX_HANDLE hd);
++
+ /*-- keybox-file.c --*/
+ /* Fixme: This function does not belong here: Provide a better
+    interface to create a new keybox file.  */
+-- 
+2.6.2
+
diff --git a/gpg2.changes b/gpg2.changes
index 8209510..5db5fee 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jan 19 13:56:58 UTC 2016 - vcizek@suse.com
+
+- fix fingerprint ambiguity (bsc#958891)
+  * https://bugs.gnupg.org/gnupg/issue2198
+  * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
+
 -------------------------------------------------------------------
 Sun Dec  6 14:14:45 UTC 2015 - p.drouand@gmail.com
 
diff --git a/gpg2.spec b/gpg2.spec
index a8d3136..faceafb 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -34,6 +34,7 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:        0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -84,6 +85,7 @@ gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 # build PIEs (position independent executables) for address space randomisation: