diff --git a/change-ActivePrcoessorCount-only-for-HBase.patch b/change-ActivePrcoessorCount-only-for-HBase.patch
index 494246a53494fc636d8f0c9df0eec19373accc5d..3d604e544365aea7793dd6e3212c8369c4c269ff 100644
--- a/change-ActivePrcoessorCount-only-for-HBase.patch
+++ b/change-ActivePrcoessorCount-only-for-HBase.patch
@@ -2,12 +2,13 @@ diff --git a/src/hotspot/cpu/aarch64/vm_version_aarch64.hpp b/src/hotspot/cpu/aa
 index faf109ab1..ab83d2a6b 100644
 --- a/src/hotspot/cpu/aarch64/vm_version_aarch64.hpp
 +++ b/src/hotspot/cpu/aarch64/vm_version_aarch64.hpp
-@@ -121,7 +121,7 @@ public:
+@@ -121,7 +121,8 @@ public:
    static int get_initial_sve_vector_length()  { return _initial_sve_vector_length; };
 
    static bool is_hisi_enabled() {
 -    if (_cpu == CPU_HISILICON && (_model == 0xd01 || _model == 0xd02 || _model == 0xd03)) {
-+    if (_cpu == CPU_HISILICON && (_model == 0xd01 || _model == 0xd02 || _model == 0xd03 || _model == 0xd22 || _model == 0xd45)) {
++    if (_cpu == CPU_HISILICON && (_model == 0xd01 || _model == 0xd02 || _model == 0xd03 ||
++                           _model == 0xd22 || _model == 0xd45)) {
        return true;
      }
      return false;
diff --git a/delete_expired_certificates.patch b/delete_expired_certificates.patch
index 251a0af6a739909f42a130c2422affec7d0d9e61..19a0e1562473a34aaec8579fb4f75bd14d52c163 100644
--- a/delete_expired_certificates.patch
+++ b/delete_expired_certificates.patch
@@ -121,13 +121,13 @@ index 122a01901..c131bd493 100644
  
      // The numbers of certs now.
 -    private static final int COUNT = 112;
-+    private static final int COUNT = 107;
++    private static final int COUNT = 109;
  
      // SHA-256 of cacerts, can be generated with
      // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
      private static final String CHECKSUM
 -            = "8F:E0:6F:7F:21:59:33:A6:43:F3:48:FD:A3:4A:8E:28:35:AA:DD:6E:A5:43:56:F1:28:34:48:DF:5C:D2:7C:72";
-+            = "D5:F6:74:0F:13:CF:6D:35:5E:10:04:C3:1B:57:C4:F4:A0:49:9A:26:38:89:53:C3:71:10:60:9D:48:20:E7:DE";
++            = "20:83:CF:5E:F7:A9:E6:C6:06:ED:2C:28:3E:CE:AF:B9:BF:9D:26:CB:29:0C:E2:CF:B8:4F:DF:E9:59:5F:A6:3C";
 
      // map of cert alias to SHA-256 fingerprint
      @SuppressWarnings("serial")
diff --git a/openjdk-11.spec b/openjdk-11.spec
index 9d202eda097a73b86efe0845dc84896cea1e743d..b695e3c84bbf4ea7b7c6750990657f76725ab261 100644
--- a/openjdk-11.spec
+++ b/openjdk-11.spec
@@ -22,6 +22,9 @@
 # Enable release builds by default on relevant arches.
 %bcond_without release
 
+# Disable global LTO
+%define _lto_cflags %{nil}
+
 # The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
 # This fixes detailed NMT and other tools which need minimal debug info.
 # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
@@ -146,7 +149,7 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global minorver        0
-%global buildver        8
+%global buildver        9
 %global patchver	0
 
 %global project		jdk-updates
@@ -695,6 +698,9 @@ Provides: java-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
 Provides: jre-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
 Provides: java-headless%{?1} = %{epoch}:%{version}-%{release}
 Provides: jre-headless%{?1} = %{epoch}:%{version}-%{release}
+
+# To fix /usr/bin/jjs not provided 
+Provides: /usr/bin/jjs
 }
 
 %define java_devel_rpo() %{expand:
@@ -762,7 +768,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 0
+Release: 1
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -808,15 +814,6 @@ Source9: jconsole.desktop.in
 # nss configuration file
 Source11: nss.cfg.in
 
-############################################
-#
-# RPM/distribution specific patches
-#
-############################################
-# NSS via SunPKCS11 Provider (disabled comment
-# due to memory leak).
-Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
-
 ############################################
 #
 # LoongArch64 specific patches
@@ -1205,8 +1202,6 @@ pushd %{top_level_dir_name}
 %endif
 popd # openjdk
 
-# %patch1000
-
 # Extract systemtap tapsets
 %if %{with_systemtap}
 tar --strip-components=1 -x -I xz -f %{SOURCE8}
@@ -1720,8 +1715,13 @@ cjc.mainProgram(args) -- the returns from copy_jdk_configs.lua should not affect
 
 
 %changelog
-* Wed Oct 16 2024 wuyafang <wuyafang@huawei.com> - 1:1.11.0.25.8-0
-- update to 11.0.25+8(GA)
+* Mon Oct 21 2024 wuyafang <wuyafang@huawei.com> - 1:11.0.25.9-1
+- disable lto in spec
+- add Provides: /usr/bin/jjs
+- update license
+
+* Wed Oct 16 2024 wuyafang <wuyafang@huawei.com> - 1:11.0.25.9-0
+- upgrade to 11.0.25+9(GA)
 - change default ActiveProcessorCount only for HBase
 
 * Fri Aug 30 2024 songliyang <songliyang@kylinos.cn> - 1.11.0.24.8-6
diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
deleted file mode 100644
index 1b92ddcb1154713c534b003a1d9b1d6985c5e549..0000000000000000000000000000000000000000
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -r 5b86f66575b7 src/share/lib/security/java.security-linux
---- openjdk/src/java.base/share/conf/security/java.security	Tue May 16 13:29:05 2017 -0700
-+++ openjdk/src/java.base/share/conf/security/java.security	Tue Jun 06 14:05:12 2017 +0200
-@@ -83,6 +83,7 @@
- #ifndef solaris
- security.provider.tbd=SunPKCS11
- #endif
-+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
- 
- #
- # A list of preferred providers for specific algorithms. These providers will