diff --git a/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch b/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
new file mode 100644
index 0000000000000000000000000000000000000000..63f63ef710d9dd66ff4e22a8914318f5c472eced
--- /dev/null
+++ b/backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
@@ -0,0 +1,32 @@
+From af48f6fec9a7b6374d4153c5db894d4a1f349645 Mon Sep 17 00:00:00 2001
+From: Jonas Jelten <jj@sft.mx>
+Date: Sat, 2 Feb 2019 20:53:37 +0100
+Subject: [PATCH] db_gdbm: fix gdbm_errno overlay from gdbm_close
+
+`gdbm_close` also sets gdbm_errno since version 1.17.
+This leads to a problem in `libsasl` as the `gdbm_close` incovation overlays
+the `gdbm_errno` value which is then later used for the error handling.
+---
+ sasldb/db_gdbm.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/sasldb/db_gdbm.c b/sasldb/db_gdbm.c
+index ee56a6b..c908808 100644
+--- a/sasldb/db_gdbm.c
++++ b/sasldb/db_gdbm.c
+@@ -107,9 +107,11 @@ int _sasldb_getdata(const sasl_utils_t *utils,
+   gkey.dptr = key;
+   gkey.dsize = key_len;
+   gvalue = gdbm_fetch(db, gkey);
++  int fetch_errno = gdbm_errno;
++
+   gdbm_close(db);
+   if (! gvalue.dptr) {
+-      if (gdbm_errno == GDBM_ITEM_NOT_FOUND) {
++      if (fetch_errno == GDBM_ITEM_NOT_FOUND) {
+           utils->seterror(conn, SASL_NOLOG,
+ 			  "user: %s@%s property: %s not found in %s",
+ 			  authid, realm, propName, path);
+-- 
+1.8.3.1
+
diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec
index 2baff4ae61e30435ca57bdd6ea5252bc6f34ca81..ab7c5756142cd368e1aed3ee9d6099c8717f1b5b 100644
--- a/cyrus-sasl.spec
+++ b/cyrus-sasl.spec
@@ -6,7 +6,7 @@
 
 Name: cyrus-sasl
 Version: 2.1.27
-Release: 12
+Release: 13
 Summary: The Cyrus SASL API Implementation
 
 License: BSD with advertising
@@ -18,11 +18,11 @@ Source2: saslauthd.sysconfig
 Patch0: 0003-Prevent-double-free-of-RC4-context.patch
 Patch1: fix-CVE-2019-19906.patch
 Patch2: backport-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
+Patch3: backport-db_gdbm-fix-gdbm_errno-overlay-from-gdbm_close.patch
 
 BuildRequires: autoconf, automake, libtool, gdbm-devel, groff
 BuildRequires: krb5-devel >= 1.2.2, openssl-devel, pam-devel, pkgconfig
 BuildRequires: mariadb-connector-c-devel, postgresql-devel, zlib-devel
-BuildRequires: libdb-devel
 
 %{?systemd_requires}
 
@@ -193,8 +193,7 @@ echo "$LDFLAGS"
         --enable-gssapi${krb5_prefix:+=${krb5_prefix}} \
         --with-gss_impl=mit \
         --with-rc4 \
-        --with-dblib=berkeley \
-        --with-bdb=db \
+        --with-bdb=gdbm \
         --with-saslauthd=/run/saslauthd --without-pwcheck \
 %if ! %{bootstrap_cyrus_sasl}
         --with-ldap \
@@ -329,6 +328,10 @@ getent passwd %{username} >/dev/null || useradd -r -g %{username} -d %{homedir}
 
 
 %changelog
+* Wed Aug 31 2022 panxiaohe <panxh.life@foxmail.com> - 2.1.27-13
+- BuildRequires: replace libdb with gdbm
+- Fix gdbm_errno overlay from gdbm_close
+
 * Thu Feb 24 2022 yixiangzhike <yixiangzhike007@163.com> - 2.1.27-12
 - fix CVE-2022-24407