diff --git a/proftpd-1.3.2b-segfault-on-auth-fail.patch b/proftpd-1.3.2b-segfault-on-auth-fail.patch
new file mode 100644
index 0000000..4700858
--- /dev/null
+++ b/proftpd-1.3.2b-segfault-on-auth-fail.patch
@@ -0,0 +1,54 @@
+Got this backtrace on auth failures on Fedora 12 with OpenSSL 1.0.0 beta 4
+
+Core was generated by `proftpd -n'.
+Program terminated with signal 11, Segmentation fault.
+#0  strcmp () at ../sysdeps/x86_64/strcmp.S:64
+64		cmpb	(%rsi), %al
+(gdb) bt
+#0  strcmp () at ../sysdeps/x86_64/strcmp.S:64
+#1  0x0000003a1b00e965 in _dl_name_match_p (name=0x3a1b53a89e "libgcc_s.so.1", map=0x7fc600) at dl-misc.c:302
+#2  0x0000003a1b007ad2 in _dl_map_object (loader=0x3a1b21f0e8, name=0x3a1b53a89e "libgcc_s.so.1", preloaded=<value optimized out>, 
+    type=<value optimized out>, trace_mode=<value optimized out>, mode=-1879048191, nsid=<value optimized out>) at dl-load.c:1977
+#3  0x0000003a1b012500 in dl_open_worker (a=0x7fff079d1010) at dl-open.c:254
+#4  0x0000003a1b00dd46 in _dl_catch_error (objname=<value optimized out>, errstring=<value optimized out>, mallocedp=<value optimized out>, 
+    operate=<value optimized out>, args=<value optimized out>) at dl-error.c:178
+#5  0x0000003a1b011f87 in _dl_open (file=0x3a1b53a89e "libgcc_s.so.1", mode=-2147483647, caller_dlopen=0x0, nsid=-2, argc=2, 
+    argv=<value optimized out>, env=<value optimized out>) at dl-open.c:583
+#6  0x0000003a1b51a620 in do_dlopen (ptr=0x7fff079d1200) at dl-libc.c:86
+#7  0x0000003a1b00dd46 in _dl_catch_error (objname=<value optimized out>, errstring=<value optimized out>, mallocedp=<value optimized out>, 
+    operate=<value optimized out>, args=<value optimized out>) at dl-error.c:178
+#8  0x0000003a1b51a777 in dlerror_run (args=<value optimized out>, operate=<value optimized out>) at dl-libc.c:47
+#9  __libc_dlopen_mode (args=<value optimized out>, operate=<value optimized out>) at dl-libc.c:160
+#10 0x0000003a1b4f3345 in init () at ../sysdeps/ia64/backtrace.c:41
+#11 0x0000003a1bc0c733 in pthread_once () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_once.S:104
+#12 0x0000003a1b4f3444 in __backtrace (array=<value optimized out>, size=32) at ../sysdeps/ia64/backtrace.c:85
+#13 0x0000000000414312 in handle_segv (signo=11, info=0x7fff079d1530, ptr=0x7fff079d1400) at main.c:1871
+#14 <signal handler called>
+#15 OPENSSL_cleanse () at x86_64cpuid.s:135
+#16 0x0000000000424abb in pr_memscrub (ptr=0x7fbe40, ptrlen=0) at support.c:570
+#17 0x0000000000473322 in setup_env (p=0x80b150, cmd=0x7fbdb8, user=0x80c3f0 "", pass=0x7fbe40 "") at mod_auth.c:1381
+#18 0x0000000000474eb3 in auth_pass (cmd=0x7fbdb8) at mod_auth.c:1963
+#19 0x000000000043a0ee in pr_module_call (m=0x6e3480, func=0x474d9e <auth_pass>, cmd=0x7fbdb8) at modules.c:502
+#20 0x0000000000411702 in _dispatch (cmd=0x7fbdb8, cmd_type=2, validate=1, match=0x7fbe38 "PASS") at main.c:446
+#21 0x0000000000411f5e in pr_cmd_dispatch_phase (cmd=0x7fbdb8, phase=0, flags=3) at main.c:703
+#22 0x000000000041220d in pr_cmd_dispatch (cmd=0x7fbdb8) at main.c:773
+#23 0x0000000000412796 in cmd_loop (server=0x7b4628, c=0x805e88) at main.c:914
+#24 0x00000000004136be in fork_server (fd=9, l=0x804408, nofork=0 '\000') at main.c:1436
+#25 0x0000000000413ca7 in daemon_loop () at main.c:1643
+#26 0x00000000004151ff in standalone_main () at main.c:2504
+#27 0x0000000000415e08 in main (argc=2, argv=0x7fff079d2118, envp=0x7fff079d2130) at main.c:3124
+
+--- proftpd-1.3.3rc2/src/support.c	2009-08-04 16:53:28.000000000 +0100
++++ proftpd-1.3.3rc2/src/support.c	2009-12-10 13:52:06.916586992 +0000
+@@ -567,6 +567,11 @@
+   /* Just use OpenSSL's function for this.  They have optimized it for
+    * performance in later OpenSSL releases.
+    */
++
++  if (!ptr || ptrlen == 0) {
++    return;
++  }
++
+   OPENSSL_cleanse(ptr, ptrlen);
+ 
+ #else 
diff --git a/proftpd.spec b/proftpd.spec
index 9de55ec..47d89bc 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -7,7 +7,7 @@
 %endif
 
 #global prever rc3
-%global rpmrel 2
+%global rpmrel 3
 
 Summary:		Flexible, stable and highly-configurable FTP server
 Name:			proftpd
@@ -31,6 +31,7 @@ Source11:		http://www.castaglia.org/proftpd/modules/proftpd-mod-exec-0.9.6.tar.g
 Patch0:			proftpd-1.3.2rc3-nostrip.patch
 Patch2:			proftpd-1.3.2-parallel-build.patch
 Patch3:			proftpd-1.3.2a-mlsd.patch
+Patch4:			proftpd-1.3.2b-segfault-on-auth-fail.patch
 BuildRoot:		%{_tmppath}/%{name}-%{version}-%{release}-root
 Requires(post):		/sbin/chkconfig
 Requires(preun):	/sbin/service, /sbin/chkconfig, coreutils, findutils
@@ -99,6 +100,9 @@ Module to add PostgreSQL support to the ProFTPD FTP server.
 # (upstream patch)
 %patch3 -p1 -b .mlsd
 
+# Fix segfault on auth failures (bug 3350)
+%patch4 -p1 -b .segfault-on-auth-failure
+
 # Avoid documentation name conflicts
 %{__mv} contrib/README contrib/README.contrib
 
@@ -291,6 +295,9 @@ fi
 
 
 %changelog
+* Thu Dec 10 2009 Paul Howarth <paul@city-fan.org> 1.3.2b-3
+- Add patch for upstream bug 3350 - segfault on auth failures
+
 * Wed Dec  9 2009 Paul Howarth <paul@city-fan.org> 1.3.2b-2
 - Reduce the mod_facts patch to the single commit addressing the issue with
   directory names with glob characters (#521634), avoiding introducing a