diff --git a/vsftpd-3.0.2-wnohang.patch b/vsftpd-3.0.2-wnohang.patch
new file mode 100644
index 0000000..d3af04f
--- /dev/null
+++ b/vsftpd-3.0.2-wnohang.patch
@@ -0,0 +1,59 @@
+--- vsftpd-3.0.2/sysutil.c.wnohang	2015-08-03 07:35:33.619620425 +0200
++++ vsftpd-3.0.2/sysutil.c	2015-08-03 07:35:33.626620480 +0200
+@@ -608,13 +608,13 @@ vsf_sysutil_exit(int exit_code)
+ }
+ 
+ struct vsf_sysutil_wait_retval
+-vsf_sysutil_wait(void)
++vsf_sysutil_wait(int hang)
+ {
+   struct vsf_sysutil_wait_retval retval;
+   vsf_sysutil_memclr(&retval, sizeof(retval));
+   while (1)
+   {
+-    int sys_ret = wait(&retval.exit_status);
++    int sys_ret = waitpid(-1, &retval.exit_status, hang ? 0 : WNOHANG);
+     if (sys_ret < 0 && errno == EINTR)
+     {
+       vsf_sysutil_check_pending_actions(kVSFSysUtilUnknown, 0, 0);
+--- vsftpd-3.0.2/sysutil.h.wnohang	2015-08-03 07:35:33.610620354 +0200
++++ vsftpd-3.0.2/sysutil.h	2015-08-03 07:35:33.626620480 +0200
+@@ -176,7 +176,7 @@ struct vsf_sysutil_wait_retval
+   int PRIVATE_HANDS_OFF_syscall_retval;
+   int PRIVATE_HANDS_OFF_exit_status;
+ };
+-struct vsf_sysutil_wait_retval vsf_sysutil_wait(void);
++struct vsf_sysutil_wait_retval vsf_sysutil_wait(int hang);
+ int vsf_sysutil_wait_reap_one(void);
+ int vsf_sysutil_wait_get_retval(
+   const struct vsf_sysutil_wait_retval* p_waitret);
+--- vsftpd-3.0.2/twoprocess.c.wnohang	2012-09-16 09:15:49.000000000 +0200
++++ vsftpd-3.0.2/twoprocess.c	2015-08-03 07:35:33.626620480 +0200
+@@ -47,8 +47,17 @@ static void
+ handle_sigchld(void* duff)
+ {
+ 
+-  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait();
++  struct vsf_sysutil_wait_retval wait_retval = vsf_sysutil_wait(0);
+   (void) duff;
++  if (!vsf_sysutil_wait_get_exitcode(&wait_retval) &&
++      !vsf_sysutil_wait_get_retval(&wait_retval))
++    /* There was nobody to wait for, possibly caused by underlying library
++     * which created a new process through fork()/vfork() and already picked
++     * it up, e.g. by pam_exec.so or integrity check routines for libraries
++     * when FIPS mode is on (nss freebl), which can lead to calling prelink
++     * if the prelink package is installed.
++     */
++    return;
+   /* Child died, so we'll do the same! Report it as an error unless the child
+    * exited normally with zero exit code
+    */
+@@ -390,7 +399,7 @@ common_do_login(struct vsf_session* p_se
+   priv_sock_send_result(p_sess->parent_fd, PRIV_SOCK_RESULT_OK);
+   if (!p_sess->control_use_ssl)
+   {
+-    (void) vsf_sysutil_wait();
++    (void) vsf_sysutil_wait(1);
+   }
+   else
+   {
diff --git a/vsftpd.changes b/vsftpd.changes
index dcec9c8..dd87e43 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Wed Mar 23 10:07:55 UTC 2016 - tchvatal@suse.com
+
+- Require shadow and do not output the error out of useradd
+
+-------------------------------------------------------------------
+Tue Mar 22 14:27:27 UTC 2016 - tchvatal@suse.com
+
+- Fix user creation to not report error when user alredy exist
+  bnc#972169
+
+-------------------------------------------------------------------
+Mon Mar 21 12:53:59 UTC 2016 - tchvatal@suse.com
+
+- Fix bnc#970982 hanging on pam_exec in pam.d
+  * Add patch vsftpd-3.0.2-wnohang.patch
+
 -------------------------------------------------------------------
 Thu Mar 10 18:15:03 UTC 2016 - jcejka@suse.com
 
diff --git a/vsftpd.spec b/vsftpd.spec
index ce59dd0..c82a7ef 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -68,11 +68,13 @@ Patch20:        vsftpd-2.2.0-wildchar.patch
 Patch21:        vsftpd-2.3.4-sqb.patch
 Patch22:        vsftpd-path-normalize.patch
 Patch23:        vsftpd-ls-memleak.patch
+#PATCH-FIX-UPSTREAM: bnc#970982
+Patch24:        vsftpd-3.0.2-wnohang.patch
 BuildRequires:  libcap-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 Requires:       logrotate
-Requires(pre):  %{_sbindir}/useradd
+Requires(pre):  shadow
 Provides:       ftp-server
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{with_systemd}
@@ -116,6 +118,7 @@ tests.
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
+%patch24 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP
@@ -148,7 +151,7 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/
 install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
 
 %pre
-%{_sbindir}/useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure 2> /dev/null || :
+getent passwd ftpsecure >/dev/null || useradd -r -g nogroup -s /bin/false -c "Secure FTP User" -d %{_localstatedir}/lib/empty ftpsecure
 %if %{with_systemd}
 %service_add_pre %{name}.service %{name}@.service %{name}.socket
 %endif