diff --git a/squid.spec b/squid.spec
index 79ff1eb..7475160 100644
--- a/squid.spec
+++ b/squid.spec
@@ -5,7 +5,7 @@
 Summary: The Squid proxy caching server.
 Name: squid
 Version: 2.5.STABLE7
-Release: 1
+Release: 2
 Epoch: 7
 License: GPL
 Group: System Environment/Daemons
@@ -23,12 +23,25 @@ Patch3: squid-2.5.STABLE4-location.patch
 Patch4: squid-2.5.STABLE7-build.patch
 Patch5: squid-2.5.STABLE4-perlpath.patch
 Patch6: squid-2.5.STABLE5-pipe.patch
-Patch7: squid-2.5.STABLE6-nonbl.patch
-Patch8: squid-2.5.STABLE6-close.patch
 
 Patch100: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-half_closed_POST.patch
 Patch101: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-LDAP_version_documentation.patch
 Patch102: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7_req_resp_header.patch
+Patch103: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-helper_shutdown.patch
+Patch104: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-non_blocking_disk.patch
+Patch105: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-blank_response.patch
+Patch106: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-dothost.patch
+Patch107: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-PURGE_internal.patch
+Patch108: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-httpd_accel_vport.patch
+Patch109: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-cachemgr_vmobjects.patch
+Patch110: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
+Patch111: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-close_other.patch
+Patch112: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fakeauth_auth.patch
+Patch113: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch
+Patch114: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch
+Patch115: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-dns_memleak.patch
+Patch116: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-fqdn_truncated.patch
+Patch117: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Prereq: /sbin/chkconfig logrotate shadow-utils
@@ -57,15 +70,27 @@ lookup program (dnsserver), a program for retrieving FTP data
 %patch5 -p1 -b .perlpath
 %patch6 -p1 -b .pipe
 
-%patch7 -p1 -b .nonbl
-%patch8 -p1 -b .close
-
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
+%patch103 -p1
+%patch104 -p1
+%patch105 -p1
+%patch106 -p1
+%patch107 -p1
+%patch108 -p1
+%patch109 -p1
+%patch110 -p1
+%patch111 -p1
+%patch112 -p1
+%patch113 -p1
+%patch114 -p1
+%patch115 -p1
+%patch116 -p1
+%patch117 -p1
 
 %build
- export CFLAGS="-fPIE -Os -g -pipe -fsigned-char" ; export LDFLAGS=-pie ; 
+ export CFLAGS="-fPIE -Os -g -pipe -fsigned-char" ; export LDFLAGS=-pie ;
 %configure \
    --exec_prefix=/usr \
    --bindir=%{_sbindir} \
@@ -100,7 +125,7 @@ make %{?_smp_mflags}
 
 mkdir faq
 cp %{SOURCE1} faq
-cd faq 
+cd faq
 sgml2html FAQ.sgml
 
 #cd ..
@@ -278,12 +303,31 @@ if [ "$1" -ge "1" ] ; then
 	service squid condrestart >/dev/null 2>&1
 fi
 
+%triggerin -- samba-common
+chgrp squid /var/cache/samba/winbindd_privileged > /dev/null 2>& 1 || true
+
 %changelog
+* Tue Jan 18 2005 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE7-2
+- Add a triggerin on samba-common to make /var/cache/samba/winbindd_privileged
+  accessable so that ntlm_auth will work.  It needs to be in this rpm,
+  because the Samba RPM can't assume the squid user exists.
+  Note that this will only work if the Samba RPM is recent enough to create
+  that directory at install time instead of at winbindd startup time.
+  That should be samba-common-3.0.0-15 or later.
+  This fixes bugzilla #103726
+- Clean up extra whitespace in this spec file.
+- Add additional upstream patches. (Now 18 upstream patches).
+- patch #112 closes CAN-2005-0096 and CAN-2005-0097, remote DOS security holes.
+- patch #113 closes CAN-2005-0094, a remote buffer-overflow DOS security hole.
+- patch #114 closes CAN-2005-0095, a remote DOS security hole.
+- Remove the -nonbl (replaced by #104) and -close (replaced by #111) patches, since
+  they're now fixed by upstream patches.
+
 * Mon Oct 25 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE7-1
 - new upstream version, with 3 upstream patches.
   Updated the -build and -config patches
 - Include patch from Ulrich Drepper <frepper@redhat.com> to more
-  intelligently close all file descriptors. 
+  intelligently close all file descriptors.
 
 * Mon Oct 18 2004 Jay Fenlason <fenlason@redhat.com> 7:2.5.STABLE6-3
 - include patch from Ulrich Drepper <drepper@redhat.com> to stop
@@ -627,7 +671,7 @@ fi
 * Tue Mar 23 1999 Bill Nottingham <notting@redhat.com>
 - logrotate changes
 
-* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
 - auto rebuild in the new build environment (release 4)
 
 * Wed Feb 10 1999 Bill Nottingham <notting@redhat.com>