diff --git a/audit.spec b/audit.spec
index 23fbaa2a7c2f68c08d6d5c52be46131634edbe70..5eef9edea7c8d40f0e4128175b434b11af2d881b 100644
--- a/audit.spec
+++ b/audit.spec
@@ -2,7 +2,7 @@ Summary:            User space tools for kernel auditing
 Name:               audit
 Epoch:              1
 Version:            3.0.1
-Release:            9
+Release:            10
 License:            GPLv2+ and LGPLv2+
 URL:                https://people.redhat.com/sgrubb/audit/
 Source0:            https://people.redhat.com/sgrubb/audit/%{name}-%{version}.tar.gz
@@ -43,6 +43,9 @@ Patch31:         backport-asprintf-can-return-a-negative-number.patch
 Patch32:         backport-Cleanup-gssapi-code.patch
 Patch33:         backport-Fix-another-krb5-memory-leak.patch
 Patch34:         backport-Try-to-interpret-OPENAT2-fields-correctly.patch
+Patch35:         backport-Add-a-buffer-limit-just-in-case.patch
+Patch36:         backport-Teardown-SIGCONT-watcher-on-exit.patch
+Patch37:         backport-Correct-path-of-config-file.patch
 
 BuildRequires:      gcc swig libtool systemd kernel-headers >= 2.6.29
 BuildRequires:      openldap-devel krb5-devel libcap-ng-devel
@@ -378,6 +381,9 @@ fi
 %attr(644,root,root) %{_mandir}/man8/*.8.gz
 
 %changelog
+* Thu Jun 8 2023 xuraoqing <xuraoqing@huawei.com> - 1:3.0.1-10
+- backport patches from upstream
+
 * Thu Mar 23 2023 dongyuzhen <dongyuzhen@h-partners.com> - 1:3.0.1-9
 - backport patches from upstream
 
diff --git a/backport-Add-a-buffer-limit-just-in-case.patch b/backport-Add-a-buffer-limit-just-in-case.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5ce332fd59d299cfd5f109b3a863a6d32798b4d9
--- /dev/null
+++ b/backport-Add-a-buffer-limit-just-in-case.patch
@@ -0,0 +1,33 @@
+From 1ab94d6873b33b1a3f343e58a0af9a0f03481ef0 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Mon, 3 Apr 2023 17:31:39 -0400
+Subject: [PATCH] Add a buffer limit just in case
+ 
+Reference:https://github.com/linux-audit/audit-userspace/commit/1ab94d6873b33b1a3f343e58a0af9a0f03481ef0
+Conflict:NA
+ 
+---
+ audisp/plugins/syslog/audisp-syslog.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+ 
+diff --git a/audisp/plugins/syslog/audisp-syslog.c b/audisp/plugins/syslog/audisp-syslog.c
+index da76b84..332aa12 100644
+--- a/audisp/plugins/syslog/audisp-syslog.c
++++ b/audisp/plugins/syslog/audisp-syslog.c
+@@ -156,10 +156,11 @@ static inline void write_syslog(char *s)
+ 
+ 		// Now iterate over the fields and print each one
+ 		mptr = record;
+-		while (rc > 0) {
++		while (rc > 0 &&
++		       ((mptr-record) < (MAX_AUDIT_MESSAGE_LENGTH-128))) {
+ 			int ftype = auparse_get_field_type(au);
+ 			const char *fname = auparse_get_field_name(au);
+-			const char *fval; 
++			const char *fval;
+ 			switch (ftype) {
+ 				case AUPARSE_TYPE_ESCAPED_FILE:
+ 					fval = auparse_interpret_realpath(au);
+-- 
+2.33.0
+ 
\ No newline at end of file
diff --git a/backport-Correct-path-of-config-file.patch b/backport-Correct-path-of-config-file.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ed40fed8d503193bf35403c00bf7ea1d22a991ce
--- /dev/null
+++ b/backport-Correct-path-of-config-file.patch
@@ -0,0 +1,28 @@
+From aa4293ccf874af40b8071c0af1898ded5c57b537 Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Wed, 12 Apr 2023 15:13:51 -0400
+Subject: [PATCH] Correct path of config file
+ 
+Reference:https://github.com/linux-audit/audit-userspace/commit/aa4293ccf874af40b8071c0af1898ded5c57b537
+Conflict:audisp/plugins/syslog/audisp-syslog.8
+ 
+---
+ audisp/plugins/syslog/audisp-syslog.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+ 
+diff --git a/audisp/plugins/syslog/audisp-syslog.8 b/audisp/plugins/syslog/audisp-syslog.8
+index f6a0fe3..30c8a43 100644
+--- a/audisp/plugins/syslog/audisp-syslog.8
++++ b/audisp/plugins/syslog/audisp-syslog.8
+@@ -14,7 +14,7 @@ to the args line. This will cause all events to be interpreted. The drawback to
+ If you are aggregating multiple machines, you should edit auditd.conf to set the name_format to something meaningful and the log_format to enriched. This way you can tell where the event came from and have the user name and groups resolved locally before it is sent off of the machine.
+ 
+ .SH FILES
+-/etc/audit/syslog.conf
++/etc/audit/plugins/syslog.conf
+ /etc/audit/auditd.conf
+ .SH "SEE ALSO"
+ .BR auditd.conf(8),
+-- 
+2.33.0
+ 
\ No newline at end of file
diff --git a/backport-Teardown-SIGCONT-watcher-on-exit.patch b/backport-Teardown-SIGCONT-watcher-on-exit.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d3eb7b6ad63f5309ca8da321ca0bb705e1b0fb81
--- /dev/null
+++ b/backport-Teardown-SIGCONT-watcher-on-exit.patch
@@ -0,0 +1,27 @@
+From 5bc0a68fcc6307a5fad1b5c6ec6862f528c52f0d Mon Sep 17 00:00:00 2001
+From: Steve Grubb <sgrubb@redhat.com>
+Date: Tue, 11 Apr 2023 13:30:20 -0400
+Subject: [PATCH] Teardown SIGCONT watcher on exit
+ 
+Reference:https://github.com/linux-audit/audit-userspace/commit/5bc0a68fcc6307a5fad1b5c6ec6862f528c52f0d
+Conflict:NA
+ 
+---
+ src/auditd.c | 1 +
+ 1 file changed, 1 insertion(+)
+ 
+diff --git a/src/auditd.c b/src/auditd.c
+index 5933703..99d661f 100644
+--- a/src/auditd.c
++++ b/src/auditd.c
+@@ -989,6 +989,7 @@ int main(int argc, char *argv[])
+ 	ev_signal_stop (loop, &sigusr1_watcher);
+ 	ev_signal_stop (loop, &sigusr2_watcher);
+ 	ev_signal_stop (loop, &sigterm_watcher);
++	ev_signal_stop (loop, &sigcont_watcher);
+ 
+ 	/* Write message to log that we are going down */
+ 	rc = audit_request_signal_info(fd);
+-- 
+2.33.0
+ 
\ No newline at end of file