diff --git a/0003-overflow-processing-gecos.patch b/0003-overflow-processing-gecos.patch
deleted file mode 100644
index 29711cd..0000000
--- a/0003-overflow-processing-gecos.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-(2016-08-10) The patch authored by Raed Albuliwi addresses a buffer overflow in the parser
-of GECOS field of user account information. CVE-2016-6318 has been assigned to
-the issue.
-
-diff -rupN cracklib-2.9.5/lib/fascist.c cracklib-2.9.5-patched/lib/fascist.c
---- cracklib-2.9.5/lib/fascist.c	2015-04-11 19:18:12.000000000 +0200
-+++ cracklib-2.9.5-patched/lib/fascist.c	2016-08-16 11:08:59.635876877 +0200
-@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const c
-     char gbuffer[STRINGSIZE];
-     char tbuffer[STRINGSIZE];
-     char *uwords[STRINGSIZE];
--    char longbuffer[STRINGSIZE * 2];
-+    char longbuffer[STRINGSIZE];
- 
-     if (gecos == NULL)
- 	gecos = "";
-@@ -583,38 +583,46 @@ FascistGecosUser(char *password, const c
-     {
- 	for (i = 0; i < j; i++)
- 	{
--	    strcpy(longbuffer, uwords[i]);
--	    strcat(longbuffer, uwords[j]);
--
--	    if (GTry(longbuffer, password))
-+        if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
- 	    {
--		return _("it is derived from your password entry");
-+            strcpy(longbuffer, uwords[i]);
-+            strcat(longbuffer, uwords[j]);
-+            if (GTry(longbuffer, password))
-+            {
-+                return _("it is derived from your password entry");
-+            }
-+
-+            strcpy(longbuffer, uwords[j]);
-+            strcat(longbuffer, uwords[i]);
-+
-+            if (GTry(longbuffer, password))
-+            {
-+                return _("it's derived from your password entry");
-+            }
- 	    }
- 
--	    strcpy(longbuffer, uwords[j]);
--	    strcat(longbuffer, uwords[i]);
--
--	    if (GTry(longbuffer, password))
-+        if (strlen(uwords[j]) < STRINGSIZE - 1)
- 	    {
--		return _("it's derived from your password entry");
-+            longbuffer[0] = uwords[i][0];
-+            longbuffer[1] = '\0';
-+            strcat(longbuffer, uwords[j]);
-+
-+            if (GTry(longbuffer, password))
-+            {
-+                return _("it is derivable from your password entry");
-+            }
- 	    }
- 
--	    longbuffer[0] = uwords[i][0];
--	    longbuffer[1] = '\0';
--	    strcat(longbuffer, uwords[j]);
--
--	    if (GTry(longbuffer, password))
--	    {
--		return _("it is derivable from your password entry");
--	    }
--
--	    longbuffer[0] = uwords[j][0];
--	    longbuffer[1] = '\0';
--	    strcat(longbuffer, uwords[i]);
--
--	    if (GTry(longbuffer, password))
-+        if (strlen(uwords[i]) < STRINGSIZE - 1)
- 	    {
--		return _("it's derivable from your password entry");
-+            longbuffer[0] = uwords[j][0];
-+            longbuffer[1] = '\0';
-+            strcat(longbuffer, uwords[i]);
-+
-+            if (GTry(longbuffer, password))
-+            {
-+                return _("it's derivable from your password entry");
-+            }
- 	    }
- 	}
-     }
diff --git a/0004-overflow-processing-long-words.patch b/0004-overflow-processing-long-words.patch
deleted file mode 100644
index 1a4d50c..0000000
--- a/0004-overflow-processing-long-words.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-The input word is guaranteed to be at most STRINGSIZE-1 in length. One of the
-mangle operations involves duplicating the input word, resulting in a string
-twice the length to be accommodated by both area variables.
-
-Howard Guo <hguo@suse.com> 2016-08-17
-
-diff -rupN 3/lib/rules.c 3-patched/lib/rules.c
---- 3/lib/rules.c	2016-08-16 14:16:24.033261876 +0200
-+++ 3-patched/lib/rules.c	2016-08-17 13:57:14.485782894 +0200
-@@ -434,9 +434,8 @@ Mangle(input, control)		/* returns a poi
- {
-     int limit;
-     register char *ptr;
--    static char area[STRINGSIZE];
--    char area2[STRINGSIZE];
--    area[0] = '\0';
-+    static char area[STRINGSIZE * 2] = {0};
-+    char area2[STRINGSIZE * 2] = {0};
-     strcpy(area, input);
- 
-     for (ptr = control; *ptr; ptr++)
diff --git a/cracklib-2.9.6.tar.gz b/cracklib-2.9.6.tar.gz
deleted file mode 100644
index 2426eff..0000000
--- a/cracklib-2.9.6.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17cf76943de272fd579ed831a1fd85339b393f8d00bf9e0d17c91e972f583343
-size 642402
diff --git a/cracklib-2.9.7.tar.bz2 b/cracklib-2.9.7.tar.bz2
new file mode 100644
index 0000000..86c43f5
--- /dev/null
+++ b/cracklib-2.9.7.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fe82098509e4d60377b998662facf058dc405864a8947956718857dbb4bc35e6
+size 603630
diff --git a/cracklib.changes b/cracklib.changes
index da916df..153bc24 100644
--- a/cracklib.changes
+++ b/cracklib.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Tue Jun  2 18:41:21 UTC 2020 - Michael Gorse <mgorse@suse.com>
+
+- Update to version 2.9.7: 
+  + fix a buffer overflow processing long words.
+- Drop 0003-overflow-processing-gecos.patch and
+  0004-overflow-processing-long-words.patch: fixed upstream.
+- Update source URI.
+- Remove use of translation-update-upstream. It cannot be added to
+  ring 0 on leap, and 2.9.7 has some translation fixes
+  (bsc#1172396).
+
 -------------------------------------------------------------------
 Fri May 22 16:06:54 UTC 2020 - Michael Gorse <mgorse@suse.com>
 
diff --git a/cracklib.spec b/cracklib.spec
index 5ae8bbc..35fbf37 100644
--- a/cracklib.spec
+++ b/cracklib.spec
@@ -17,30 +17,25 @@
 
 
 Name:           cracklib
-Version:        2.9.6
+Version:        2.9.7
 Release:        0
 Summary:        Library to crack passwords using dictionaries
 License:        LGPL-2.1-only
 Group:          System/Libraries
 URL:            http://sourceforge.net/projects/cracklib
-Source:         https://github.com/%{name}/%{name}/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
+Source:         https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name}-%{version}.tar.bz2
 Source2:        baselibs.conf
 # PATCH-FIX-OPENSUSE (should be upstreamed)
 # Remove support for broken 64bit indexes from magic entry [bnc#106007]
 Patch1:         0001-cracklib-magic.diff
 # PATCH-FIX-OPENSUSE Hide non-public functions
 Patch2:         0002-cracklib-2.9.2-visibility.patch
-Patch3:         0003-overflow-processing-gecos.patch
-Patch4:         0004-overflow-processing-long-words.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gzip
 BuildRequires:  libtool
 BuildRequires:  zlib-devel
 Requires:       cracklib-dict
-%if 0%{?sle_version}
-BuildRequires:  translation-update-upstream
-%endif
 
 %description
 CrackLib tests passwords to determine whether they match
@@ -87,13 +82,8 @@ This package contains a small dictionay file used by cracklib.
 
 %prep
 %setup -q
-%if 0%{?sle_version}
-translation-update-upstream
-%endif
 %patch1
 %patch2
-%patch3 -p1
-%patch4 -p1
 
 %build
 AUTOPOINT=true autoreconf -fi