diff --git a/CVE-2020-8252.patch b/CVE-2020-8252.patch
deleted file mode 100644
index d4967e4ea251df639aa8ee229213ce6c69a734cd..0000000000000000000000000000000000000000
--- a/CVE-2020-8252.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
-From: Ben Noordhuis <info@bnoordhuis.nl>
-Date: Mon, 24 Aug 2020 11:42:27 +0200
-Subject: [PATCH] unix: don't use _POSIX_PATH_MAX
-
-Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
-("unix: do not require PATH_MAX to be defined") from September 2018.
-
-_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
-the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
-is always 256, the real max is often much bigger.
-
-This commit fixes buffer overruns when processing very long paths in
-uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
-enough memory to store the result.
-
-Fixes: https://github.com/libuv/libuv/issues/2965
-PR-URL: https://github.com/libuv/libuv/pull/2966
-Reviewed-By: Richard Lau <riclau@uk.ibm.com>
-Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
-Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
-Reviewed-By: Jameson Nash <vtjnash@gmail.com>
----
- src/unix/internal.h | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/src/unix/internal.h b/src/unix/internal.h
-index 30711673e0..9d3c2297f8 100644
---- a/src/unix/internal.h
-+++ b/src/unix/internal.h
-@@ -62,9 +62,7 @@
- # include <AvailabilityMacros.h>
- #endif
- 
--#if defined(_POSIX_PATH_MAX)
--# define UV__PATH_MAX _POSIX_PATH_MAX
--#elif defined(PATH_MAX)
-+#if defined(PATH_MAX)
- # define UV__PATH_MAX PATH_MAX
- #else
- # define UV__PATH_MAX 8192
diff --git a/libuv-v1.38.1.tar.gz b/libuv-v1.38.1.tar.gz
deleted file mode 100644
index 1b9fa8b4784787123e07ce3d2e4a8987a27500d2..0000000000000000000000000000000000000000
Binary files a/libuv-v1.38.1.tar.gz and /dev/null differ
diff --git a/libuv-v1.40.0.tar.gz b/libuv-v1.40.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..10335702b7333fe57ad70911ee8b35dedb03d9ab
Binary files /dev/null and b/libuv-v1.40.0.tar.gz differ
diff --git a/libuv.spec b/libuv.spec
index c88c4ae59b8b4c96ff659f1eebd5f03021ba2595..a52e5d4a4098b1e3e8a07fb43491d72e7871c2e1 100644
--- a/libuv.spec
+++ b/libuv.spec
@@ -1,7 +1,7 @@
 Name:           libuv
 Epoch:          1
-Version:        1.38.1
-Release:        2
+Version:        1.40.0
+Release:        1
 Summary:        A multi-platform support library with a focus on asynchronous I/O
 
 # the licensing breakdown is described in detail in the LICENSE file
@@ -9,7 +9,6 @@ License:        MIT and BSD and ISC
 URL:            http://libuv.org/
 Source0:        http://dist.libuv.org/dist/v%{version}/%{name}-v%{version}.tar.gz
 Source2:        %{name}.pc.in
-Patch0:         CVE-2020-8252.patch
 
 BuildRequires:  autoconf automake libtool gcc
 
@@ -61,6 +60,9 @@ Development libraries for libuv
 %doc ChangeLog
 
 %changelog
+* Tue Jan 26 2021 liudabo <liudabo1@huawei.com> - 1.40.0-1
+- upgrade version to 1.40.0
+
 * Mon Dec 14 2020 wangxiao <wangxiao65@huawei.com> - 1.38.1-2
 - fix CVE-2020-8252