diff --git a/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch b/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch
new file mode 100644
index 0000000000000000000000000000000000000000..82a9d2af6076521ef0dbee286044db4b4976c480
--- /dev/null
+++ b/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch
@@ -0,0 +1,34 @@
+From 0b8a272359685c5b9b3c87444c79eeb3b75c9992 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Thu, 11 Oct 2018 16:44:45 +0200
+Subject: [PATCH] abuild-rmtemp: Do not follow symbolic links
+
+Symbolic links might point to files outside of the chroot and
+thus might delete files outside the chroot. This allows deletion
+of arbitrary directories on the host from a malicious APKBUILD.
+
+Following hard links shouldn't be a problem since hard links (usually)
+cannot refer to directories and since remove(3) removes the link, not
+the file it points to it shouldn't cause a problem.
+
+I noticed this because alpine-baselayout creates /var/run as a symlink
+to /run. Therefore causing /run to be deleted on the host when using
+abuild-rmtemp which in turn causes a bunch of software to no longer
+function properly (including OpenRC).
+---
+ abuild-rmtemp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/abuild-rmtemp.c b/abuild-rmtemp.c
+index 1fca31c..b9511ce 100644
+--- a/abuild-rmtemp.c
++++ b/abuild-rmtemp.c
+@@ -44,7 +44,7 @@ int main(int argc, char **argv) {
+ 	if (!p) errx(1, "Incorrect user");
+ 	if (s.st_uid != p->pw_uid) errx(1, "Permission denied");
+ 
+-	if (nftw(argv[1], handler, 512, FTW_DEPTH)) fail();
++	if (nftw(argv[1], handler, 512, FTW_DEPTH|FTW_PHYS)) fail();
+ 
+ 	return 0;
+ }
diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD
index 9debc4f2401212ccbdac7ec59ea0d13ac8aba813..d041459a109e10049c37091e88ab2fd44c0b50a5 100644
--- a/main/abuild/APKBUILD
+++ b/main/abuild/APKBUILD
@@ -2,7 +2,7 @@
 pkgname=abuild
 pkgver=3.3.0_pre1
 _ver=${pkgver%_git*}
-pkgrel=0
+pkgrel=1
 pkgdesc="Script to build Alpine Packages"
 url="https://git.alpinelinux.org/cgit/abuild/"
 arch="all"
@@ -20,7 +20,8 @@ subpackages="apkbuild-cpan:cpan:noarch apkbuild-gem-resolver:gems:noarch
              abuild-rootbld:_rootbld:noarch $pkgname-doc"
 options="suid !check"
 pkggroups="abuild"
-source="https://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz"
+source="https://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz
+	0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch"
 builddir="$srcdir/$pkgname-$_ver"
 
 prepare() {
@@ -66,4 +67,5 @@ _rootbld() {
 	mkdir -p "$subpkgdir"
 }
 
-sha512sums="5d3c2c04a7d6ede2c08b524423f9594ced42d4d67f10327996a38e0782fc2de1f8086187aa9a9072df5c1aced540bdcf1b8002b832df4cf2c6a56f6f89657aa7  abuild-3.3.0_pre1.tar.xz"
+sha512sums="5d3c2c04a7d6ede2c08b524423f9594ced42d4d67f10327996a38e0782fc2de1f8086187aa9a9072df5c1aced540bdcf1b8002b832df4cf2c6a56f6f89657aa7  abuild-3.3.0_pre1.tar.xz
+e2cefff3b9d460132a7ef90c5f8ddb309b748e2ef40157c31d3dc047b0516838d8c5a0fe51952e004252ad15a76c5758d61f8deb35a970a0841fec188f8d521d  0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch"