diff --git a/sudo-1.7.2p2-loopsegv3.patch b/sudo-1.7.2p2-loopsegv3.patch
new file mode 100644
index 0000000..e6953bb
--- /dev/null
+++ b/sudo-1.7.2p2-loopsegv3.patch
@@ -0,0 +1,33 @@
+diff -up sudo-1.7.2p2/toke.c.loop sudo-1.7.2p2/toke.c
+--- sudo-1.7.2p2/toke.c.loop	2010-02-09 12:48:33.000000000 +0100
++++ sudo-1.7.2p2/toke.c	2010-02-09 16:54:17.000000000 +0100
+@@ -3461,7 +3461,7 @@ init_lexer()
+ 	    efree(pl);
+ 	}
+ 	efree(istack[idepth].path);
+-	if (!istack[idepth].keepopen)
++	if (idepth && !istack[idepth].keepopen)
+ 	    fclose(istack[idepth].bs->yy_input_file);
+ 	yy_delete_buffer(istack[idepth].bs);
+     }
+@@ -3486,7 +3486,7 @@ _push_include(path, isdir)
+ 	}
+ 	istacksize += SUDOERS_STACK_INCREMENT;
+ 	istack = (struct include_stack *) realloc(istack,
+-	    sizeof(istack) * istacksize);
++	    sizeof(*istack) * istacksize);
+ 	if (istack == NULL) {
+ 	    yyerror("unable to allocate memory");
+ 	    return(FALSE);
+diff -up sudo-1.7.2p2/toke.l.loop sudo-1.7.2p2/toke.l
+--- sudo-1.7.2p2/toke.l.loop	2010-02-09 12:48:30.000000000 +0100
++++ sudo-1.7.2p2/toke.l	2010-02-09 13:18:27.000000000 +0100
+@@ -869,7 +869,7 @@ _push_include(path, isdir)
+ 	}
+ 	istacksize += SUDOERS_STACK_INCREMENT;
+ 	istack = (struct include_stack *) realloc(istack,
+-	    sizeof(istack) * istacksize);
++	    sizeof(*istack) * istacksize);
+ 	if (istack == NULL) {
+ 	    yyerror("unable to allocate memory");
+ 	    return(FALSE);
diff --git a/sudo.spec b/sudo.spec
index 805d490..464a33e 100644
--- a/sudo.spec
+++ b/sudo.spec
@@ -1,7 +1,7 @@
 Summary: Allows restricted root access for specified users
 Name: sudo
 Version: 1.7.2p2
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 Group: Applications/System
 URL: http://www.courtesan.com/sudo/
@@ -31,6 +31,8 @@ Patch4: sudo-1.7.1-libtool.patch
 Patch5: sudo-1.7.1-getgrouplist.patch
 # audit support improvement
 Patch6: sudo-1.7.2p1-audit.patch
+# segfault when #include directive is used in cycles (#561336)
+Patch7: sudo-1.7.2p2-loopsegv3.patch
 
 %description
 Sudo (superuser do) allows a system administrator to give certain
@@ -51,6 +53,7 @@ on many different machines.
 %patch4 -p1 -b .libtool
 %patch5 -p1 -b .getgrouplist
 %patch6 -p1 -b .audit
+%patch7 -p1 -b .loopsegv3
 
 %build
 # handle newer autoconf
@@ -138,6 +141,9 @@ rm -rf $RPM_BUILD_ROOT
 /bin/chmod 0440 /etc/sudoers || :
 
 %changelog
+* Wed Feb 10 2010 Daniel Kopecek <dkopecek@redhat.com> - 1.7.2p2-3
+- fixed segfault when #include directive is used in cycles (#561336)
+
 * Fri Jan  8 2010 Ville Skyttä <ville.skytta@iki.fi> - 1.7.2p2-2
 - Add /etc/sudoers.d dir and use it in default config (#551470).
 - Drop *.pod man page duplicates from docs.