diff --git a/.gitignore b/.gitignore
index bfc1422..fd915c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 nano-2.2.5.tar.gz
+/nano-2.2.6.tar.gz
diff --git a/0001-check-stat-s-result-and-avoid-calling-stat-on-a-NULL.patch b/0001-check-stat-s-result-and-avoid-calling-stat-on-a-NULL.patch
new file mode 100644
index 0000000..b6ce9b1
--- /dev/null
+++ b/0001-check-stat-s-result-and-avoid-calling-stat-on-a-NULL.patch
@@ -0,0 +1,77 @@
+From de9e2d69f9ce3ec89ab499be96cda69509205ffd Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 19 Aug 2010 13:58:12 +0200
+Subject: [PATCH 1/2] check stat's result and avoid calling stat on a NULL pointer
+
+---
+ src/files.c |   33 ++++++++++++++++++++++-----------
+ 1 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/src/files.c b/src/files.c
+index c5b9d6a..49555a5 100644
+--- a/src/files.c
++++ b/src/files.c
+@@ -103,6 +103,24 @@ void initialize_buffer_text(void)
+     openfile->totsize = 0;
+ }
+ 
++#ifndef NANO_TINY
++/* If *pstat is NULL, perform a stat call with the given file name.  On success,
++ * *pstat points to a newly allocated buffer that contains the stat's result.
++ * On stat's failure, the NULL pointer in *pstat is left intact. */
++void stat_if_needed(const char *filename, struct stat **pstat)
++{
++    struct stat *tmp;
++    if (*pstat)
++	return;
++
++    tmp = (struct stat *)nmalloc(sizeof(struct stat));
++    if (0 == stat(filename, tmp))
++	*pstat = tmp;
++    else
++	free(tmp);
++}
++#endif
++
+ /* If it's not "", filename is a file to open.  We make a new buffer, if
+  * necessary, and then open and read the file, if applicable. */
+ void open_buffer(const char *filename, bool undoable)
+@@ -148,11 +166,7 @@ void open_buffer(const char *filename, bool undoable)
+     if (rc > 0) {
+ 	read_file(f, rc, filename, undoable, new_buffer);
+ #ifndef NANO_TINY
+-	if (openfile->current_stat == NULL) {
+-	    openfile->current_stat =
+-		(struct stat *)nmalloc(sizeof(struct stat));
+-	    stat(filename, openfile->current_stat);
+-	}
++	stat_if_needed(filename, &openfile->current_stat);
+ #endif
+     }
+ 
+@@ -1511,8 +1525,8 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
+      * specified it interactively), stat and save the value
+      * or else we will chase null pointers when we do
+      * modtime checks, preserve file times, etc. during backup */
+-    if (openfile->current_stat == NULL && !tmp && realexists)
+-	stat(realname, openfile->current_stat);
++    if (!tmp && realexists)
++	stat_if_needed(realname, &openfile->current_stat);
+ 
+     /* We backup only if the backup toggle is set, the file isn't
+      * temporary, and the file already exists.  Furthermore, if we
+@@ -1891,10 +1905,7 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
+ 
+ #ifndef NANO_TINY
+ 	/* Update current_stat to reference the file as it is now. */
+-	if (openfile->current_stat == NULL)
+-	    openfile->current_stat =
+-		(struct stat *)nmalloc(sizeof(struct stat));
+-	stat(realname, openfile->current_stat);
++	stat_if_needed(realname, &openfile->current_stat);
+ #endif
+ 
+ 	statusbar(P_("Wrote %lu line", "Wrote %lu lines",
+-- 
+1.7.3.2
+
diff --git a/0002-use-futimens-if-available-instead-of-utime.patch b/0002-use-futimens-if-available-instead-of-utime.patch
new file mode 100644
index 0000000..74bed4b
--- /dev/null
+++ b/0002-use-futimens-if-available-instead-of-utime.patch
@@ -0,0 +1,99 @@
+From ea6be4984d6fa72afb41dcb9f0039d0fd80dd5c1 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 19 Aug 2010 15:23:06 +0200
+Subject: [PATCH 2/2] use futimens() if available, instead of utime()
+
+---
+ config.h.in  |    3 +++
+ configure    |    2 +-
+ configure.ac |    2 +-
+ src/files.c  |   26 +++++++++++++++++++++++++-
+ 4 files changed, 30 insertions(+), 3 deletions(-)
+
+diff --git a/config.h.in b/config.h.in
+index 8fbe824..fb0e65d 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -64,6 +64,9 @@
+ /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+ #undef HAVE_DOPRNT
+ 
++/* Define to 1 if you have the `futimens' function. */
++#undef HAVE_FUTIMENS
++
+ /* Define to 1 if you have the `getdelim' function. */
+ #undef HAVE_GETDELIM
+ 
+diff --git a/configure b/configure
+index 238dbf9..f1ef55b 100755
+--- a/configure
++++ b/configure
+@@ -7484,7 +7484,7 @@ fi
+ 
+ 
+ 
+-for ac_func in getdelim getline isblank strcasecmp strcasestr strncasecmp strnlen vsnprintf
++for ac_func in futimens getdelim getline isblank strcasecmp strcasestr strncasecmp strnlen vsnprintf
+ do :
+   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+diff --git a/configure.ac b/configure.ac
+index 6388c03..255ec5d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -415,7 +415,7 @@ fi])
+ 
+ dnl Checks for functions.
+ 
+-AC_CHECK_FUNCS(getdelim getline isblank strcasecmp strcasestr strncasecmp strnlen vsnprintf)
++AC_CHECK_FUNCS(futimens getdelim getline isblank strcasecmp strcasestr strncasecmp strnlen vsnprintf)
+ 
+ if test x$enable_utf8 != xno; then
+     AC_CHECK_FUNCS(iswalnum iswblank iswpunct iswspace nl_langinfo mblen mbstowcs mbtowc wctomb wcwidth)
+diff --git a/src/files.c b/src/files.c
+index 49555a5..a3917b7 100644
+--- a/src/files.c
++++ b/src/files.c
+@@ -1434,6 +1434,29 @@ int copy_file(FILE *inn, FILE *out)
+     return retval;
+ }
+ 
++#ifdef HAVE_FUTIMENS
++/* set atime/mtime by file descriptor */
++int utime_wrap(int fd, const char *filename, struct utimbuf *ut)
++{
++    struct timespec times[2];
++    (void) filename;
++
++    times[0].tv_sec = ut->actime;
++    times[1].tv_sec = ut->modtime;
++    times[0].tv_nsec = 0L;
++    times[1].tv_nsec = 0L;
++
++    return futimens(fd, times);
++}
++#else
++/* set atime/mtime by file name */
++int utime_wrap(int fd, const char *filename, struct utimbuf *ut)
++{
++    (void) fd;
++    return utime(filename, ut);
++}
++#endif
++
+ /* Write a file out to disk.  If f_open isn't NULL, we assume that it is
+  * a stream associated with the file, and we don't try to open it
+  * ourselves.  If tmp is TRUE, we set the umask to disallow anyone else
+@@ -1677,7 +1700,8 @@ bool write_file(const char *name, FILE *f_open, bool tmp, append_type
+ 	}
+ 
+ 	/* And set its metadata. */
+-	if (utime(backupname, &filetime) == -1 && !ISSET(INSECURE_BACKUP)) {
++	if (utime_wrap(backup_fd, backupname, &filetime) == -1
++		&& !ISSET(INSECURE_BACKUP)) {
+ 	    statusbar(_("Error writing backup file %s: %s"), backupname,
+ 			strerror(errno));
+ 	    /* If we can't write to the backup, DONT go on, since
+-- 
+1.7.3.2
+
diff --git a/nano-2.2.3-warnings.patch b/nano-2.2.3-warnings.patch
index 94b172c..e003f99 100644
--- a/nano-2.2.3-warnings.patch
+++ b/nano-2.2.3-warnings.patch
@@ -19,7 +19,7 @@ diff --git a/src/nano.c b/src/nano.c
 index 59e2a9d..1d1d40c 100644
 --- a/src/nano.c
 +++ b/src/nano.c
-@@ -1901,7 +1901,7 @@ precalc_cleanup:
+@@ -1907,7 +1907,7 @@ precalc_cleanup:
   * TRUE. */
  void do_output(char *output, size_t output_len, bool allow_cntrls)
  {
diff --git a/nano-2.2.5.tar.gz.asc b/nano-2.2.5.tar.gz.asc
deleted file mode 100644
index 3ad99b8..0000000
--- a/nano-2.2.5.tar.gz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-
-iEYEABECAAYFAkxbgmUACgkQvLNW35EAn6ebDwCcDLadGVi4FugSvjpplA4nmalB
-EecAoN7nvbtUbx0fnGloFPtiRGtxcc4V
-=ZXoa
------END PGP SIGNATURE-----
diff --git a/nano-2.2.6.tar.gz.sig b/nano-2.2.6.tar.gz.sig
new file mode 100644
index 0000000..e13912b
Binary files /dev/null and b/nano-2.2.6.tar.gz.sig differ
diff --git a/nano.spec b/nano.spec
index ab08073..2d9fd2f 100644
--- a/nano.spec
+++ b/nano.spec
@@ -1,6 +1,6 @@
 Summary:         A small text editor
 Name:            nano
-Version:         2.2.5
+Version:         2.2.6
 Release:         1%{?dist}
 License:         GPLv3+
 Group:           Applications/Editors
@@ -8,6 +8,13 @@ URL:             http://www.nano-editor.org
 Source:          http://www.nano-editor.org/dist/v2.2/%{name}-%{version}.tar.gz
 Source2:         nanorc
 Patch0:          nano-2.2.3-warnings.patch
+
+# http://lists.gnu.org/archive/html/nano-devel/2010-08/msg00004.html
+Patch1:          0001-check-stat-s-result-and-avoid-calling-stat-on-a-NULL.patch
+
+# http://lists.gnu.org/archive/html/nano-devel/2010-08/msg00005.html
+Patch2:          0002-use-futimens-if-available-instead-of-utime.patch
+
 BuildRoot:       %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:   autoconf
 BuildRequires:   gettext-devel
@@ -23,12 +30,18 @@ GNU nano is a small and friendly text editor.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
+%patch2 -p1
 
 for f in doc/man/fr/{nano.1,nanorc.5,rnano.1} ; do
   iconv -f iso-8859-1 -t utf-8 -o $f.tmp $f && mv $f.tmp $f
   touch $f.html
 done
 
+# do not run autotools, we have already reflected the configure.ac
+# changes in configure and config.h.in
+touch -c aclocal.m4 config.h.in configure Makefile.in
+
 %build
 %configure --bindir=/bin
 make %{?_smp_mflags}
@@ -81,6 +94,10 @@ rm -rf %{buildroot}
 %{_datadir}/nano
 
 %changelog
+* Mon Nov 22 2010 Kamil Dudka <kdudka@redhat.com> - 2.2.6-1
+- new upstream release (#655978)
+- increase code robustness (patches related to CVE-2010-1160, CVE-2010-1161)
+
 * Sat Aug 07 2010 Kamil Dudka <kdudka@redhat.com> - 2.2.5-1
 - new upstream release (#621857)
 
diff --git a/sources b/sources
index c335908..b68b3fd 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-77a10a49589f975ce98350a4527a2ebf  nano-2.2.5.tar.gz
+03233ae480689a008eb98feb1b599807  nano-2.2.6.tar.gz