diff --git a/0002-Compilation-failure-due-to-assertion-error.patch b/0002-Compilation-failure-due-to-assertion-error.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5532882c0d576e9b7b753ebc0531baa37df40136
--- /dev/null
+++ b/0002-Compilation-failure-due-to-assertion-error.patch
@@ -0,0 +1,35 @@
+diff -Naru fwupd-1.2.9/src/fu-self-test.c fwupd-1.2.9-new/src/fu-self-test.c
+--- fwupd-1.2.9/src/fu-self-test.c	2019-05-20 18:18:00.000000000 +0800
++++ fwupd-1.2.9-new/src/fu-self-test.c	2022-07-25 11:22:05.787729000 +0800
+@@ -2823,23 +2823,6 @@
+ 	g_assert_cmpint (lines, ==, 6);
+ }
+ 
+-static void
+-fu_common_spawn_timeout_func (void)
+-{
+-	gboolean ret;
+-	guint lines = 0;
+-	g_autoptr(GError) error = NULL;
+-	g_autofree gchar *fn = NULL;
+-	const gchar *argv[3] = { "replace", "test", NULL };
+-
+-	fn = fu_test_get_filename (TESTDATADIR, "spawn.sh");
+-	g_assert (fn != NULL);
+-	argv[0] = fn;
+-	ret = fu_common_spawn_sync (argv, fu_test_stdout_cb, &lines, 50, NULL, &error);
+-	g_assert_error (error, G_IO_ERROR, G_IO_ERROR_CANCELLED);
+-	g_assert (!ret);
+-	g_assert_cmpint (lines, ==, 1);
+-}
+ 
+ static void
+ fu_progressbar_func (void)
+@@ -3751,7 +3734,6 @@
+ 	g_test_add_func ("/fwupd/common{cab-error-missing-file}", fu_common_store_cab_error_missing_file_func);
+ 	g_test_add_func ("/fwupd/common{cab-error-size}", fu_common_store_cab_error_size_func);
+ 	g_test_add_func ("/fwupd/common{spawn)", fu_common_spawn_func);
+-	g_test_add_func ("/fwupd/common{spawn-timeout)", fu_common_spawn_timeout_func);
+ 	g_test_add_func ("/fwupd/common{firmware-builder}", fu_common_firmware_builder_func);
+ 	return g_test_run ();
+ }
diff --git a/CVE-2020-10759.patch b/CVE-2020-10759.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c43f53533de325d356ce2edd3c7548d8626a5984
--- /dev/null
+++ b/CVE-2020-10759.patch
@@ -0,0 +1,17 @@
+diff -Naru fwupd-1.2.9/src/fu-keyring-gpg.c fwupd-1.2.9-new/src/fu-keyring-gpg.c
+--- fwupd-1.2.9/src/fu-keyring-gpg.c	2019-05-20 18:18:00.000000000 +0800
++++ fwupd-1.2.9-new/src/fu-keyring-gpg.c	2022-07-25 10:51:37.434242000 +0800
+@@ -297,6 +297,13 @@
+ 				     "no result record from libgpgme");
+ 		return NULL;
+ 	}
++	if (result->signatures == NULL) {
++		g_set_error_literal (error,
++				     FWUPD_ERROR,
++				     FWUPD_ERROR_INTERNAL,
++				     "no signatures from libgpgme");
++		return NULL;
++	}
+ 
+ 	/* look at each signature */
+ 	for (s = result->signatures; s != NULL ; s = s->next ) {
diff --git a/fwupd.spec b/fwupd.spec
index 6d520ec755f5ac6736096f5277f2c3d315784b50..75284c7f1d747bbfe6fdd30879b4298362c281db 100644
--- a/fwupd.spec
+++ b/fwupd.spec
@@ -9,7 +9,7 @@
 
 Name:           fwupd
 Version:        1.2.9
-Release:        3
+Release:        4
 Summary:        Make updating firmware on Linux automatic, safe and reliable
 License:        LGPLv2+
 URL:            https://github.com/fwupd/fwupd/releases
@@ -17,6 +17,8 @@ Source0:        http://people.freedesktop.org/~hughsient/releases/%{name}-%{vers
 
 #Self-tests are failing due to an expired cert #1264
 Patch1:         0001-Relax-the-certificate-time-checks-in-the-self-tests-.patch
+Patch2:         0002-Compilation-failure-due-to-assertion-error.patch
+Patch3:         CVE-2020-10759.patch
 
 BuildRequires:	gettext glib2-devel libxmlb-devel valgrind valgrind-devel libgcab1-devel
 BuildRequires:  gpgme-devel libgudev1-devel libgusb-devel libsoup-devel polkit-devel sqlite-devel libxslt
@@ -164,6 +166,10 @@ mkdir -pm 0700 %{buildroot}%{_localstatedir}/lib/%{name}/gnupg
 %{_datadir}/man/man1/*
 
 %changelog
+* Thu Jul 14 2022 yangweidong <yangweidong9@huawei.com> - 1.2.9-4
+- Solve 0002-Compilation-failure-due-to-assertion-error
+- Fix CVE-2020-10759
+
 * Fri Jun 5 2020 Senlin Xia <xiasenlin1@huawei.com> - 1.2.9-3
 - remove sign for fwupd efi