diff --git a/volume_key-0.3.12-fix_resource_leaks.patch b/volume_key-0.3.12-fix_resource_leaks.patch
new file mode 100644
index 0000000000000000000000000000000000000000..31d69d710961adb8710883564671b2c70735fa4e
--- /dev/null
+++ b/volume_key-0.3.12-fix_resource_leaks.patch
@@ -0,0 +1,59 @@
+diff --git a/lib/kmip.c b/lib/kmip.c
+index dda819a..333603c 100644
+--- a/lib/kmip.c
++++ b/lib/kmip.c
+@@ -1152,6 +1152,7 @@ kmip_decode_key_value (struct kmip_decoding_state *kmip,
+       break;
+ 
+     default:
++      kmip_key_value_free (res);
+       g_return_val_if_reached (-1);
+     }
+   res->attributes = g_ptr_array_new ();
+@@ -1348,6 +1349,7 @@ kmip_decode_object_symmetric_key (struct kmip_decoding_state *kmip,
+       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
+       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
+ 		   _("Unsupported symmetric key format %s"), num);
++      kmip_object_symmetric_key_free (res);
+       return -1;
+     }
+   *obj = res;
+@@ -1384,6 +1386,7 @@ kmip_decode_object_secret_data (struct kmip_decoding_state *kmip,
+       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
+       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
+ 		   _("Unsupported symmetric key format %s"), num);
++      kmip_object_secret_data_free (res);
+       return -1;
+     }
+   *obj = res;
+diff --git a/lib/volume_luks.c b/lib/volume_luks.c
+index d1c5d47..4d32d9b 100644
+--- a/lib/volume_luks.c
++++ b/lib/volume_luks.c
+@@ -547,8 +547,8 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+     }
+   g_free (last_log_entry);
+ 
+-  g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+-			-1);
++  if (vol->v.luks->key_bytes != packet->v.luks->key_bytes)
++    goto err_passphrase;
+   luks_replace_key (vol, packet->v.luks->key);
+   luks_replace_passphrase (vol, passphrase);
+   vol->v.luks->passphrase_slot = res;
+diff --git a/src/volume_key.c b/src/volume_key.c
+index 074b187..24b70d6 100644
+--- a/src/volume_key.c
++++ b/src/volume_key.c
+@@ -735,6 +735,11 @@ write_packet (struct packet_output_state *pos, const char *filename,
+       || g_file_set_contents (filename, packet, size, error) == FALSE)
+     {
+       g_prefix_error (error, _("Error creating `%s': "), filename);
++      if (packet != NULL) {
++        if (output_format_cleartext != 0)
++          memset (packet, 0, size);
++        g_free (packet);
++      }
+       return -1;
+     }
+   if (output_format_cleartext != 0)
diff --git a/volume_key-0.3.12-support_LUKS2_and_more.patch b/volume_key-0.3.12-support_LUKS2_and_more.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1e5be56e7cb60ef62b489c88d85cab880b1896f1
--- /dev/null
+++ b/volume_key-0.3.12-support_LUKS2_and_more.patch
@@ -0,0 +1,24 @@
+diff --git a/lib/volume_luks.c b/lib/volume_luks.c
+index f4bf2c8..d1c5d47 100644
+--- a/lib/volume_luks.c
++++ b/lib/volume_luks.c
+@@ -30,6 +30,10 @@ Author: Miloslav Trmač <mitr@redhat.com> */
+ #include "volume.h"
+ #include "volume_luks.h"
+ 
++#ifndef CRYPT_LUKS
++#define CRYPT_LUKS NULL
++#endif
++
+ /* LUKS - specific code */
+ 
+ /* Return an error message for ERR_NO, for g_free (). */
+@@ -105,7 +109,7 @@ open_crypt_device (const char *path, char **last_log_entry, GError **error)
+   if (r < 0)
+     goto err;
+   crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry);
+-  r = crypt_load (cd, CRYPT_LUKS1, NULL);
++  r = crypt_load (cd, CRYPT_LUKS, NULL);
+   if (r < 0)
+     goto err_cd;
+   return cd;
diff --git a/volume_key-upstream-bbac9eb1.patch b/volume_key-upstream-bbac9eb1.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3b5c5816ffb2ba408e28e2343a91882354efaded
--- /dev/null
+++ b/volume_key-upstream-bbac9eb1.patch
@@ -0,0 +1,103 @@
+--- a/volume_key-0.3.12-fix_resource_leaks.patch
++++ b/volume_key-0.3.12-fix_resource_leaks.patch
+@@ -0,0 +1,59 @@
++diff --git a/lib/kmip.c b/lib/kmip.c
++index dda819a..333603c 100644
++--- a/lib/kmip.c
+++++ b/lib/kmip.c
++@@ -1152,6 +1152,7 @@ kmip_decode_key_value (struct kmip_decoding_state *kmip,
++       break;
++ 
++     default:
+++      kmip_key_value_free (res);
++       g_return_val_if_reached (-1);
++     }
++   res->attributes = g_ptr_array_new ();
++@@ -1348,6 +1349,7 @@ kmip_decode_object_symmetric_key (struct kmip_decoding_state *kmip,
++       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
++       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
++ 		   _("Unsupported symmetric key format %s"), num);
+++      kmip_object_symmetric_key_free (res);
++       return -1;
++     }
++   *obj = res;
++@@ -1384,6 +1386,7 @@ kmip_decode_object_secret_data (struct kmip_decoding_state *kmip,
++       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
++       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
++ 		   _("Unsupported symmetric key format %s"), num);
+++      kmip_object_secret_data_free (res);
++       return -1;
++     }
++   *obj = res;
++diff --git a/lib/volume_luks.c b/lib/volume_luks.c
++index d1c5d47..4d32d9b 100644
++--- a/lib/volume_luks.c
+++++ b/lib/volume_luks.c
++@@ -547,8 +547,8 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
++     }
++   g_free (last_log_entry);
++ 
++-  g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
++-			-1);
+++  if (vol->v.luks->key_bytes != packet->v.luks->key_bytes)
+++    goto err_passphrase;
++   luks_replace_key (vol, packet->v.luks->key);
++   luks_replace_passphrase (vol, passphrase);
++   vol->v.luks->passphrase_slot = res;
++diff --git a/src/volume_key.c b/src/volume_key.c
++index 074b187..24b70d6 100644
++--- a/src/volume_key.c
+++++ b/src/volume_key.c
++@@ -735,6 +735,11 @@ write_packet (struct packet_output_state *pos, const char *filename,
++       || g_file_set_contents (filename, packet, size, error) == FALSE)
++     {
++       g_prefix_error (error, _("Error creating `%s': "), filename);
+++      if (packet != NULL) {
+++        if (output_format_cleartext != 0)
+++          memset (packet, 0, size);
+++        g_free (packet);
+++      }
++       return -1;
++     }
++   if (output_format_cleartext != 0)
+
+--- a/volume_key.spec
++++ b/volume_key.spec
+@@ -32,7 +32,7 @@
+ Summary: An utility for manipulating storage encryption keys and passphrases
+ Name: volume_key
+ Version: 0.3.12
+-Release: 10%{?dist}
++Release: 11%{?dist}
+ # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2
+ License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2)
+ URL: https://pagure.io/%{name}/
+@@ -42,6 +42,9 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
+ # Support all LUKS devices
+ # - backport of 26c09768662d8958debe8c9410dae9fda02292c3
+ Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch
++# Fix resource leaks
++# - backport of bf6618ec0b09b4e51fc97fa021e687fbd87599ba
++Patch1: volume_key-0.3.12-fix_resource_leaks.patch
+ BuildRequires: make
+ BuildRequires: gcc
+ BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
+@@ -117,6 +120,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+ %prep
+ %setup -q
+ %patch0 -p1
++%patch1 -p1
+ 
+ %build
+ %configure %{?with_pythons}
+@@ -167,6 +171,9 @@ exit 1; \
+ %endif
+ 
+ %changelog
++* Wed Mar 31 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-11
++- Fix resource leaks
++
+ * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-10
+ - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+ 
+
diff --git a/volume_key.spec b/volume_key.spec
index 69cf120833a6a7ebc629576580acec6ebf2399d3..dab851326e6d397540b950c825db8649dd95d1a3 100644
--- a/volume_key.spec
+++ b/volume_key.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 %{!?python3_sitearch:%global python3_sitearch %(%{__python3} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 
@@ -21,6 +21,8 @@ URL: https://pagure.io/%{name}/
 Requires: %{name}-libs = %{version}-%{release}
 
 Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
+Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch
+Patch1: volume_key-0.3.12-fix_resource_leaks.patch
 BuildRequires: gcc
 BuildRequires: nss-tools
 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel
@@ -99,6 +101,8 @@ volumes.
 
 %prep
 %setup -q
+%patch0 -p1
+%patch1 -p1
 
 %build
 %configure %{?with_pythons}
@@ -143,11 +147,16 @@ exit 1; \
 %doc README contrib AUTHORS ChangeLog NEWS
 
 %changelog
+* Wed Jan 28 2026 wenjie2025 <wency.cn@gmail.com> - 0.3.12-4
+- 添加 volume_key-0.3.12-support_LUKS2_and_more.patch
+- 添加 volume_key-0.3.12-fix_resource_leaks.patch
+- 修复资源泄漏问题
+
 * Thu Apr 13 2023 Xuchun Shang <xuchun.shang@linux.alibaba.com> - 0.3.12-3
 - Update the description
 
 * Sun Oct 09 2022 mgb01105731 <mgb01105731@alibaba-inc.com> - 0.3.12-2
 - add doc package
 
-* Fri Mar 11 2022 Renbo <rb01097748@alibaba-inc.com> - 0.3.12-1 
+* Fri Mar 11 2022 Renbo <rb01097748@alibaba-inc.com> - 0.3.12-1
 - Init for Anolis OS 23