diff --git a/fetchmail-6.3.5.tar.bz2 b/fetchmail-6.3.5.tar.bz2
deleted file mode 100644
index 4596f16..0000000
--- a/fetchmail-6.3.5.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0af641629fc1b7ee2561eccd5ecd0efea20fea935656d155886061c530114f2b
-size 1237821
diff --git a/fetchmail-6.3.6-kpop.patch b/fetchmail-6.3.6-kpop.patch
new file mode 100644
index 0000000..5fce420
--- /dev/null
+++ b/fetchmail-6.3.6-kpop.patch
@@ -0,0 +1,15 @@
+--- fetchmail-6.3.6/pop3.c.kpop	2007-01-22 23:42:14.000000000 +0100
++++ fetchmail-6.3.6/pop3.c	2007-01-22 23:44:28.000000000 +0100
+@@ -612,7 +612,11 @@
+ 
+ 	/* check if we are actually allowed to send the password */
+ 	if (ctl->server.authenticate == A_ANY
+-		|| ctl->server.authenticate == A_PASSWORD) {
++	    || ctl->server.authenticate == A_PASSWORD
++	    || ((ctl->server.authenticate == A_KERBEROS_V4
++		 || ctl->server.authenticate == A_KERBEROS_V5)
++		&& ctl->server.service
++		&& strcmp(ctl->server.service, KPOP_PORT) == 0)) {
+ 	    strlcpy(shroud, ctl->password, sizeof(shroud));
+ 	    ok = gen_transact(sock, "PASS %s", ctl->password);
+ 	} else {
diff --git a/fetchmail-6.3.6.tar.bz2 b/fetchmail-6.3.6.tar.bz2
new file mode 100644
index 0000000..295a15e
--- /dev/null
+++ b/fetchmail-6.3.6.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3c81e7776617b78f18d9cd8b5e5f62944e70f1d7bd47a840fd8d44bcded784ff
+size 1307730
diff --git a/fetchmail.changes b/fetchmail.changes
index 675e5d4..0c43e11 100644
--- a/fetchmail.changes
+++ b/fetchmail.changes
@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Thu Jan 25 15:57:47 CET 2007 - sbrabec@suse.cz
+
+- Fixed regression in KPOP support (#223507#c8).
+  http://lists.berlios.de/pipermail/fetchmail-devel/2007-January/000857.html
+
+-------------------------------------------------------------------
+Wed Jan 24 16:32:55 CET 2007 - sbrabec@suse.cz
+
+- Updated to version 6.3.6 (#223507):
+  * Password disclosure vulnerability fixed (CVE-2006-5867).
+  * Repairs a regression in 6.3.5 that crashes fetchmail when a
+    message with invalid headers is found while fetchmail's mda
+    option is in use (CVE-2006-5974).
+  * Repair --logfile, broken in 6.3.5.
+  * Repair --user, broken in 6.3.5.
+  * RPOP: used to log the password locally rather than an asterisk
+    as the other protocols do.
+  * POP3: Probes capabilities now when Kerberos V5 is enabled, so
+    that we can actually detect if the server supports it.
+  * DNS: Detect /etc/resolv.conf changes
+  * When HOME and FETCHMAILHOME are unset, be sure to copy user
+    database information.
+- Spec file cleanup.
+
 -------------------------------------------------------------------
 Wed Oct 25 19:36:22 CEST 2006 - sbrabec@suse.cz
 
diff --git a/fetchmail.spec b/fetchmail.spec
index ce7eec5..e7588b2 100644
--- a/fetchmail.spec
+++ b/fetchmail.spec
@@ -1,7 +1,7 @@
 #
-# spec file for package fetchmail (Version 6.3.5)
+# spec file for package fetchmail (Version 6.3.6)
 #
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@@ -12,16 +12,16 @@
 
 Name:           fetchmail
 BuildRequires:  dante-devel ed krb5-devel openssl-devel opie postfix procmail python-devel rsaref
-License:        Other License(s), see package
+License:        GNU General Public License (GPL), Other uncritical OpenSource License
 Group:          Productivity/Networking/Email/Utilities
 Autoreqprov:    on
-Version:        6.3.5
-Release:        4
+Version:        6.3.6
+Release:        1
 Source:         %{name}-%{version}.tar.bz2
 Source1:        %{name}.init
 Source2:        %{name}.logrotate
 Source3:        sysconfig.%{name}
-Patch:          fm635-daemon-logfile.patch
+Patch:          fetchmail-6.3.6-kpop.patch
 %if %suse_version > 800
 PreReq:         %insserv_prereq %fillup_prereq coreutils
 %endif
@@ -58,9 +58,9 @@ Authors:
 %package -n fetchmailconf
 Summary:        Fetchmail Configuration Utility
 Group:          Productivity/Networking/Email/Utilities
-Requires:       fetchmail = %{version} python python-tk
-Provides:       fetchmcf fetchml:/usr/bin/fetchmailconf
-Obsoletes:      fetchmcf
+Requires:       %{name} = %{version} python-tk
+
+%py_requires
 
 %description -n fetchmailconf
 A GUI configuration utility for generating fetchmail configuration
@@ -78,38 +78,30 @@ Authors:
 
 %prep
 %setup -q
-%patch
-%{?suse_update_config}
+%patch -p1
 cp -a %{S:1} %{S:2} %{S:3} .
 
 %build
-aclocal -I m4 -I m4-local
-autoconf
-automake -acf
+ACLOCAL="aclocal -I m4 -I m4-local" autoreconf -f -i 
 if [ -f /usr/%_lib/libkrb5.so ] ; then
    GSS="--with-gssapi"
 else
    GSS=""
 fi
 export CFLAGS="$RPM_OPT_FLAGS"
-./configure --prefix=/usr \
-	--enable-POP2 \
-	--enable-RPA \
-	--enable-NTLM \
-	--enable-SDPS \
-	--enable-opie \
-	--mandir=%{_mandir} \
-	--infodir=%{_infodir} \
-	--sysconfdir=/etc \
-	--sharedstatedir=/var \
-	--with-socks \
-	$GSS \
+%configure\
+	--enable-POP2\
+	--enable-RPA\
+	--enable-NTLM\
+	--enable-SDPS\
+	--enable-opie\
+	--with-socks\
+	$GSS\
 	--with-ssl=/usr
 make %{?jobs:-j%jobs}
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man1
+%makeinstall
 ln -sf fetchmail.1.gz $RPM_BUILD_ROOT/%{_mandir}/man1/fetchmailconf.1.gz
 mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
 cp fetchmail.logrotate $RPM_BUILD_ROOT/etc/logrotate.d/fetchmail
@@ -118,12 +110,13 @@ mkdir -p $RPM_BUILD_ROOT/sbin
 cp fetchmail.init $RPM_BUILD_ROOT/etc/init.d/fetchmail
 chmod +x $RPM_BUILD_ROOT/etc/init.d/fetchmail
 ln -s ../etc/init.d/fetchmail $RPM_BUILD_ROOT/sbin/rcfetchmail
-touch $RPM_BUILD_ROOT/etc/fetchmailrc
+touch $RPM_BUILD_ROOT%{_sysconfdir}/fetchmailrc
 mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
 cp sysconfig.%{name} $RPM_BUILD_ROOT/var/adm/fillup-templates
-mkdir -p $RPM_BUILD_ROOT/var/log
-touch $RPM_BUILD_ROOT/var/log/fetchmail
-mkdir -p $RPM_BUILD_ROOT/var/lib/fetchmail
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log
+touch $RPM_BUILD_ROOT%{_localstatedir}/log/fetchmail
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/fetchmail
+%find_lang %{name}
 
 %pre
 usr/sbin/useradd -r -o -g daemon -s /bin/false \
@@ -148,27 +141,45 @@ fi
 %clean
 rm -rf $RPM_BUILD_ROOT
 
-%files
+%files -f %{name}.lang
 %defattr(-, root, root)
 %doc COPYING FAQ FEATURES NEWS NOTES OLDNEWS README README.NTLM README.SSL TODO contrib *.html *.txt *.pdf
+%{_bindir}/fetchmail
+%dir %attr (0700, fetchmail, root) %{_localstatedir}/lib/fetchmail
+%ghost %attr (0600, fetchmail, root) %{_localstatedir}/log/fetchmail
 %doc %{_mandir}/man1/fetchmail.1.gz
-/usr/bin/fetchmail
-/usr/share/locale/*/LC_MESSAGES/fetchmail.mo
+%ghost %config(noreplace) %attr (0600, fetchmail, root) %{_sysconfdir}/fetchmailrc
 /etc/logrotate.d/fetchmail
 /etc/init.d/fetchmail
-%ghost %config(noreplace) %attr (0600, fetchmail, root) /etc/fetchmailrc
 /sbin/rcfetchmail
 /var/adm/fillup-templates/sysconfig.%{name}
-%ghost %attr (0600, fetchmail, root) /var/log/fetchmail
-%dir %attr (0700, fetchmail, root) /var/lib/fetchmail
 
 %files -n fetchmailconf
 %defattr(-, root, root)
-/usr/bin/fetchmailconf
-/usr/%_lib/python*/site-packages/fetchmailconf.*
+%{_bindir}/fetchmailconf
 %doc %{_mandir}/man1/fetchmailconf.1.gz
+%{py_sitedir}/fetchmailconf.*
 
 %changelog -n fetchmail
+* Thu Jan 25 2007 - sbrabec@suse.cz
+- Fixed regression in KPOP support (#223507#c8).
+  http://lists.berlios.de/pipermail/fetchmail-devel/2007-January/000857.html
+* Wed Jan 24 2007 - sbrabec@suse.cz
+- Updated to version 6.3.6 (#223507):
+  * Password disclosure vulnerability fixed (CVE-2006-5867).
+  * Repairs a regression in 6.3.5 that crashes fetchmail when a
+  message with invalid headers is found while fetchmail's mda
+  option is in use (CVE-2006-5974).
+  * Repair --logfile, broken in 6.3.5.
+  * Repair --user, broken in 6.3.5.
+  * RPOP: used to log the password locally rather than an asterisk
+  as the other protocols do.
+  * POP3: Probes capabilities now when Kerberos V5 is enabled, so
+  that we can actually detect if the server supports it.
+  * DNS: Detect /etc/resolv.conf changes
+  * When HOME and FETCHMAILHOME are unset, be sure to copy user
+  database information.
+- Spec file cleanup.
 * Wed Oct 25 2006 - sbrabec@suse.cz
 - Fixed problems caused by calling daemon as non-root (#207305).
 * Mon Oct 23 2006 - sbrabec@suse.cz
diff --git a/fm635-daemon-logfile.patch b/fm635-daemon-logfile.patch
deleted file mode 100644
index 71cb192..0000000
--- a/fm635-daemon-logfile.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Index: daemon.c
-===================================================================
---- daemon.c	(revision 4920)
-+++ daemon.c	(working copy)
-@@ -218,10 +218,9 @@
-       if ((logfd = open(logfile, O_CREAT|O_WRONLY|O_APPEND, 0666)) < 0) {	/* stdout */
- 	  report(stderr, "cannot open %s: %s\n", logfile, strerror(errno));
- 	  return PS_IOERR;
--      } else
--	  logfd = 0;	/* use /dev/null */
-+      }
-   } else
--      logfd = 0;    /* this is /dev/null */
-+      logfd = 0;    /* else use /dev/null */
- 
-   /* Close any/all open file descriptors */
- #if 	defined(HAVE_GETDTABLESIZE)