diff --git a/backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch b/backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch
new file mode 100644
index 0000000000000000000000000000000000000000..42f8fb7ebec2fce2b1e7c646c00bac9fa6830d08
--- /dev/null
+++ b/backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch
@@ -0,0 +1,43 @@
+From ed4faae00cdab23244704660c099e41ec64f5dc0 Mon Sep 17 00:00:00 2001
+From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
+Date: Wed, 12 Aug 2020 17:37:50 +0200
+Subject: [PATCH] Fix mem leaks on PKCS#12 read error in
+ PKCS12_key_gen_{asc,utf8}
+ 
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
+(Merged from https://github.com/openssl/openssl/pull/12639)
+---
+ crypto/pkcs12/p12_key.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+ 
+diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
+index a40ae4cbe8..bbe212d125 100644
+--- a/crypto/pkcs12/p12_key.c
++++ b/crypto/pkcs12/p12_key.c
+@@ -44,10 +44,8 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+     }
+     ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                              id, iter, n, out, md_type);
+-    if (ret <= 0)
+-        return 0;
+     OPENSSL_clear_free(unipass, uniplen);
+-    return ret;
++    return ret > 0;
+ }
+ 
+ int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+@@ -67,10 +65,8 @@ int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+     }
+     ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                              id, iter, n, out, md_type);
+-    if (ret <= 0)
+-        return 0;
+     OPENSSL_clear_free(unipass, uniplen);
+-    return ret;
++    return ret > 0;
+ }
+ 
+ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+-- 
+2.27.0
diff --git a/backport-apps-passwd.c-free-before-error-exiting.patch b/backport-apps-passwd.c-free-before-error-exiting.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7c9e7cdbf9760890124342fb1f861171ac03bb64
--- /dev/null
+++ b/backport-apps-passwd.c-free-before-error-exiting.patch
@@ -0,0 +1,61 @@
+From dd05385e36582f34e691b1350dd7daf74df5cc90 Mon Sep 17 00:00:00 2001
+From: Peiwei Hu <jlu.hpw@foxmail.com>
+Date: Tue, 4 Jan 2022 09:10:32 +0800
+Subject: [PATCH] apps/passwd.c: free before error exiting
+ 
+use goto instead of returning directly while error handling
+ 
+Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
+ 
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17404)
+ 
+(cherry picked from commit ea4d16bc60dee53feb71997c1e78379eeb69b7ac)
+---
+ apps/passwd.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+ 
+diff --git a/apps/passwd.c b/apps/passwd.c
+index d741d05335..2a4199d080 100644
+--- a/apps/passwd.c
++++ b/apps/passwd.c
+@@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+         n >>= 1;
+     }
+     if (!EVP_DigestFinal_ex(md, buf, NULL))
+-        return NULL;
++        goto err;
+ 
+     for (i = 0; i < 1000; i++) {
+         if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
+@@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
+         n >>= 1;
+     }
+     if (!EVP_DigestFinal_ex(md, buf, NULL))
+-        return NULL;
++        goto err;
+ 
+     /* P sequence */
+     if (!EVP_DigestInit_ex(md2, sha, NULL))
+@@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
+             goto err;
+ 
+     if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
+-        return NULL;
++        goto err;
+ 
+     if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
+         goto err;
+@@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
+             goto err;
+ 
+     if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
+-        return NULL;
++        goto err;
+ 
+     if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
+         goto err;
+-- 
+2.33.0
diff --git a/openssl.spec b/openssl.spec
index 57704f07531f61c8b4708d2dd602ccb836746c81..0aa9a7f395fb46adf6a1b394c5efaae577883a57 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     32
+Release:     33
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -142,6 +142,8 @@ Patch131:    backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch
 Patch132:    backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch
 Patch133:    backport-Fix-EVP_PKEY_asn1_copy.patch
 Patch134:    backport-CVE-2024-0727-fix-pkcs12-decoding-crashes.patch
+Patch135:    backport-apps-passwd.c-free-before-error-exiting.patch
+Patch136:    backport-Fix-mem-leaks-on-PKCS-12-read-error-in-PKCS12_key_ge.patch
 
 Patch1000:   1000-add-sw_64-support-not-upstream-modified-files.patch
 Patch1001:   1001-add-loongarch64-support-not-upstream-modified-files.patch
@@ -355,6 +357,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Tue Mar 26 2024 wangjiang <wangjiang37@h-partners.com> - 1:1.1.1m-33
+- fix some bugs
+
 * Mon Feb 5 2024 lixiao <lixiao57@huawei.com> - 1:1.1.1m-32
 - add openssl-SMx-perl rpm provides