diff --git a/fix-segfault-mangled-rename.patch b/fix-segfault-mangled-rename.patch
new file mode 100644
index 0000000..bd9a008
--- /dev/null
+++ b/fix-segfault-mangled-rename.patch
@@ -0,0 +1,25 @@
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: Fix segfault with mangled rename patch
+Patch-mainline: yes
+Git-commit: f290f48a621867084884bfff87f8093c15195e6a
+References: bsc#1080951, CVE-2018-6951, savannah#53133
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+ 	&& ! inname
+ 	&& ! ((i == OLD || i == NEW) &&
+-	      p_name[! reverse] &&
++	      p_name[reverse] && p_name[! reverse] &&
++	      name_is_valid (p_name[reverse]) &&
+ 	      name_is_valid (p_name[! reverse])))
+       {
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
diff --git a/patch-2.7.5.tar.xz b/patch-2.7.5.tar.xz
deleted file mode 100644
index d976cdf..0000000
--- a/patch-2.7.5.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fd95153655d6b95567e623843a0e77b81612d502ecf78a489a4aed7867caa299
-size 727704
diff --git a/patch-2.7.5.tar.xz.sig b/patch-2.7.5.tar.xz.sig
deleted file mode 100644
index 597cb1a..0000000
--- a/patch-2.7.5.tar.xz.sig
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIcBAABAgAGBQJU+kkKAAoJEMTJJ81dGzbX5kkQAIzmrfE6cNYkfZhpyhdFVeI1
-0BJ74bkhTuu66lcjR3YR/ADP6agAOTxD787hG9WuwSjDjHmVXnFjQ9izdtR5U7Ak
-JcjPR/NEMCbpWTUiK5GToz/hyvOq/H/dl0FA0Myv1LFIrQZFIT28x1+x89bp8j/n
-SLlEV/KKFLZ9yZKuDId2WSQNfFPJgKpUXA71A5JUk1U2csX1vj5IpVu/wjFj1Z+m
-6vuBSJ/iKAGq9hibVqz/q9FC+M3/oVCvBNPXex4RQHjNoviKUoNCw1f4QOjv1OOt
-mXWly0sOTynDlzlv3XQTCm+BKENfl+Uij4Bw7fRHGu4sSUVu3CluZjjsIPmy195l
-WvYuJ181S83VP01iW9o6Tnhdgxp0XH7d0SFKOeIo+xzHW86hgg5UFOAw8AHGfh1i
-lnXjDYvnx2p0hl3/izHXuCq/vJ0O4D8CSbljBHoUXw83piW1k44Fn1NWD691IJKc
-W11V6qbANt5E57/7hwm+zK8xp1ooew/SZBOlVVQYpDXiv4nTIHHxmnk/1z9c56F2
-LqI13farflnxboJwOlDjdxbPXths6G9zWu2Q7+fQOo7WZsCmoa4z7w4YsGCNLZRW
-sv/Hz0U29DokL/m3fZMjfwrWEb3n7T691Lb7NoRGkdXmxfwZiH2hiXWFHJsWwmMW
-Hu8c7dwmco6PrPOg1Gpd
-=9BQ9
------END PGP SIGNATURE-----
diff --git a/patch-2.7.6.tar.xz b/patch-2.7.6.tar.xz
new file mode 100644
index 0000000..86657c7
--- /dev/null
+++ b/patch-2.7.6.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd
+size 783756
diff --git a/patch-2.7.6.tar.xz.sig b/patch-2.7.6.tar.xz.sig
new file mode 100644
index 0000000..3265192
--- /dev/null
+++ b/patch-2.7.6.tar.xz.sig
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABAgAGBQJaed0dAAoJENW/n+sDE2U62ScQAK02GcPxJccBefkcuC6q/or9
+f1im2lIpc1YJqxHmmhDeRu9twjuFycUV55hud+OroJe2xYKZrI6oUwJBldKTRfHu
+whlhRzERO3U4z9pvi8XWbKvObsmqSBIgsM72oby4aPLCWk7IpJprR6BnRZdtnBg1
+jzM3Yka8k01+dmVH2rsoSEGAe9sZbXJazBoYg8N/wHKe2+NY4W3esZ7flxQJ9RvB
+GxjVU/KbyoNXIoFU4EnMalcLTZTHThhv2kQ1/cQZ+gt/1+f00DoieaUaIg3qB8jX
+IqYE4GvXILgx8+REE3utt0zKv7pYGBNRkuACUE2hLZoY4SporJ0J63/7Y8zrzjxQ
+GE27+DcjxBQGd1GnpO/Xb4kpqBGyn4KrlBIiHkhk2GgyBewpXPMog3cJki7A/1vz
+Qb+JTY8PBqvOe7DmxW4Bp1vX6eOKn14FDQ7q3ZPjAd52Jtn7GUEt4etCduQh7ZNt
+ElLLvpPro1wxG1bTbA3+TysCd+9XWWjwKJlPK5Jbdii0R73iy386UZGN1t1kmBzS
+1mn3nh82z/XO9lPU3e1WP0BANAzTrNqA66ZbfQ9fIu6UO8R/+ygT7U5yie+X3xwP
+kM6HR6oD0eDkqbPbOr8hey0kPG3FAWkZ47Oju5ad1ntUBFj4buLybEY0e08hncJS
+gdt7wrbeKKxzdrcyQ1qy
+=mjHo
+-----END PGP SIGNATURE-----
diff --git a/patch.changes b/patch.changes
index 3b998e4..4a946b7 100644
--- a/patch.changes
+++ b/patch.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Mar 22 09:43:43 CET 2018 - jdelvare@suse.de
+
+- Move COPYING from %doc to %license.
+
+-------------------------------------------------------------------
+Wed Mar 21 16:44:09 CET 2018 - jdelvare@suse.de
+
+- Add AUTHORS and COPYING to %doc.
+- fix-segfault-mangled-rename.patch: Fix segfault with mangled
+  rename patch (bsc#1080951, CVE-2018-6951, savannah#53132).
+
+-------------------------------------------------------------------
+Wed Feb  7 18:43:51 UTC 2018 - astieger@suse.com
+
+- patch 2.7.6:
+  * Files specified on the command line are no longer verified to
+    be inside the current working directory, so commands like
+    "patch -i foo.diff ../foo" will work again
+  * Fixes CVE-2016-10713 (Out-of-bounds access within
+    pch_write_line() in pch.c could possibly lead to DoS via a
+    crafted input file; bsc#1080918)
+  * Various fixes
+
 -------------------------------------------------------------------
 Sat Mar  7 10:42:46 CET 2015 - jdelvare@suse.de
 
diff --git a/patch.keyring b/patch.keyring
index 9a04d93..69067a9 100644
Binary files a/patch.keyring and b/patch.keyring differ
diff --git a/patch.spec b/patch.spec
index 265f164..ebae658 100644
--- a/patch.spec
+++ b/patch.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package patch
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           patch
-Version:        2.7.5
+Version:        2.7.6
 Release:        0
 Summary:        GNU patch
 License:        GPL-3.0+
@@ -26,13 +26,13 @@ Url:            http://ftp.gnu.org/gnu/patch/
 Source:         http://ftp.gnu.org/gnu/patch/%{name}-%{version}.tar.xz
 Source2:        http://ftp.gnu.org/gnu/patch/%{name}-%{version}.tar.xz.sig
 Source3:        http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1#/patch.keyring
-%if 0%{?suse_version} < 1220
-BuildRequires:  xz
-%endif
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+Patch1:         fix-segfault-mangled-rename.patch
 # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was
 # invoking patch, so interdiff had to be fixed too.
 Conflicts:      patchutils < 0.3.2
+%if 0%{?suse_version} < 1220
+BuildRequires:  xz
+%endif
 
 %description
 The GNU patch program is used to apply diffs between original and
@@ -40,6 +40,7 @@ changed files (generated by the diff command) to the original files.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 export CFLAGS="%{optflags} -Wall -O2 -pipe"
@@ -53,9 +54,13 @@ make %{?_smp_mflags} check %{verbose:V=1}
 make install DESTDIR=%{buildroot} %{verbose:V=1}
 
 %files
-%defattr(-,root,root)
-%doc NEWS README
+%doc AUTHORS NEWS README
+%if 0%{?suse_version} >= 1500
+%license COPYING
+%else
+%doc COPYING
+%endif
 %{_bindir}/patch
-%doc %{_mandir}/man1/patch.1.gz
+%{_mandir}/man1/patch.1%{ext_man}
 
 %changelog