diff --git a/Extend-BIND_NOW-to-installed-programs.patch b/Extend-BIND_NOW-to-installed-programs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0c4cd9bbcebe8c70522b713f30177d14687ef18e
--- /dev/null
+++ b/Extend-BIND_NOW-to-installed-programs.patch
@@ -0,0 +1,66 @@
+From 3bc4d117cce46fc50ab194546330e0dccc141756 Mon Sep 17 00:00:00 2001
+From: lipengyu <lipengyu@kylinos.cn>
+Date: Tue, 15 Apr 2025 17:55:50 +0800
+Subject: [PATCH] Extend BIND_NOW to installed programs with --enable-bind-now
+
+---
+ Makeconfig          | 8 +++++---
+ manual/install.texi | 2 +-
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/Makeconfig b/Makeconfig
+index 92e76d62..71a879ed 100644
+--- a/Makeconfig
++++ b/Makeconfig
+@@ -398,6 +398,8 @@ endif
+ # test modules.
+ ifeq ($(bind-now),yes)
+ LDFLAGS-lib.so += -Wl,-z,now
++# Extra flags for dynamically linked non-test main programs.
++link-extra-flags += -Wl,-z,now
+ endif
+ 
+ # Command to run after every final link (executable or shared object).
+@@ -426,7 +428,7 @@ ifndef +link-pie
+ 	     $(link-extra-libs)
+ +link-pie-after-libc = $(+postctorS) $(+postinit)
+ define +link-pie
+-$(+link-pie-before-libc) $(rtld-LDFLAGS) $(link-libc) $(+link-pie-after-libc)
++$(+link-pie-before-libc) $(rtld-LDFLAGS) $(link-extra-flags) $(link-libc) $(+link-pie-after-libc)
+ $(call after-link,$@)
+ endef
+ define +link-pie-tests
+@@ -454,7 +456,7 @@ ifndef +link-static
+ 	      $(link-extra-libs-static)
+ +link-static-after-libc = $(+postctorT) $(+postinit)
+ define +link-static
+-$(+link-static-before-libc) $(link-libc-static) $(+link-static-after-libc)
++$(+link-static-before-libc) $(link-extra-flags) $(link-libc-static) $(+link-static-after-libc)
+ $(call after-link,$@)
+ endef
+ define +link-static-tests
+@@ -485,7 +487,7 @@ else  # not build-pie-default
+ 	      $(link-extra-libs)
+ +link-after-libc = $(+postctor) $(+postinit)
+ define +link
+-$(+link-before-libc) $(rtld-LDFLAGS) $(link-libc) $(+link-after-libc)
++$(+link-before-libc) $(rtld-LDFLAGS)  $(link-extra-flags) $(link-libc) $(+link-after-libc)
+ $(call after-link,$@)
+ endef
+ define +link-tests
+diff --git a/manual/install.texi b/manual/install.texi
+index e757891d..bed9f5b0 100644
+--- a/manual/install.texi
++++ b/manual/install.texi
+@@ -199,7 +199,7 @@ number of routines called directly from assembler are excluded from this
+ protection.
+ 
+ @item --enable-bind-now
+-Disable lazy binding for installed shared objects.  This provides
++Disable lazy binding for installed shared objects and programs.  This provides
+ additional security hardening because it enables full RELRO and a
+ read-only global offset table (GOT), at the cost of slightly increased
+ program load times.
+-- 
+2.23.0
+
diff --git a/glibc.spec b/glibc.spec
index a1a1181696039a84659a3cc7cb10c98954d9d860..67caff026ed450829b1971a28a02b75ded608f29 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -62,7 +62,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.28
-Release: 	105
+Release: 	106
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -172,6 +172,7 @@ Patch85: backport-x86-Optimizing-memcpy-for-AMD-Zen-architect.patch
 Patch86: backport-x86-Add-Hygon-support.patch
 Patch87: backport-CVE-2025-0395-underallocation-of-abort_msg_s-struct.patch
 Patch88: Add-BIND_NOW-for-sotruss-lib.patch
+Patch89: Extend-BIND_NOW-to-installed-programs.patch
 
 Provides: ldconfig rtld(GNU_HASH) bundled(gnulib)
 
@@ -1288,6 +1289,12 @@ fi
 %endif
 
 %changelog
+* Tue Apr 15 2025 lipengyu <lipengyu@kylinos.cn> - 2.28-106
+- Type:update
+- ID:NA
+- SUG:NA
+- DESC:Extend BIND_NOW to installed-programs
+
 * Fri Mar 14 2025 lipengyu <lipengyu@kylinos.cn> - 2.28-105
 - Type:update
 - ID:NA