diff --git a/backport-Leaking-zombie-child-processes.patch b/backport-Leaking-zombie-child-processes.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8d05a225ade361eace084488b9791a5342cfb41a
--- /dev/null
+++ b/backport-Leaking-zombie-child-processes.patch
@@ -0,0 +1,33 @@
+From 8638ec5cd534dcc616b68e5b0744c493c0c71dc9 Mon Sep 17 00:00:00 2001
+From: Jan Rybar <jrybar@redhat.com>
+Date: Wed, 15 Aug 2018 16:11:22 +0200
+Subject: [PATCH] Leaking zombie child processes Resolves: bz#106021
+
+Subject: [PATCH] polkitd: fix zombie not reaped when js spawned process timed
+ out
+
+The child watch source attached to thread context didn't work due
+to the release of it's main loop and context outside. So we attach
+the source to the global default main context to make it work and
+avoid zombies.
+---
+ src/polkitbackend/polkitbackendcommon.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/polkitbackend/polkitbackendcommon.c b/src/polkitbackend/polkitbackendcommon.c
+index 517f3c6..7602714 100644
+--- a/src/polkitbackend/polkitbackendcommon.c
++++ b/src/polkitbackend/polkitbackendcommon.c
+@@ -1595,7 +1595,8 @@ utils_spawn_data_free (UtilsSpawnData *data)
+                              (GSourceFunc) utils_child_watch_from_release_cb,
+                              source,
+                              (GDestroyNotify) g_source_destroy);
+-      g_source_attach (source, data->main_context);
++      /* attach source to the global default main context */
++      g_source_attach (source, NULL);
+       g_source_unref (source);
+       data->child_pid = 0;
+     }
+-- 
+2.33.0
+
diff --git a/polkit.spec b/polkit.spec
index b2e9652842149eeb121e153dd2d28b2a26103fe3..9a096de37c3d2cafe5757cd190dcff0a0d8e2188 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -1,6 +1,6 @@
 Name:             polkit
 Version:          125
-Release:          2
+Release:          3
 Summary:          Define and Handle authorizations tool
 License:          LGPL-2.0-or-later
 URL:              https://polkit.pages.freedesktop.org/polkit/
@@ -8,6 +8,7 @@ Source0:          https://github.com/polkit-org/polkit/archive/refs/tags/%{versi
 
 Patch0:           modify-admin-authorization-from-wheel-group-to-root.patch
 Patch1:           backport-CVE-2025-7519.patch
+Patch2:           backport-Leaking-zombie-child-processes.patch
 
 BuildRequires: meson >= 0.63.0
 BuildRequires: pkgconfig(dbus-1)
@@ -133,6 +134,9 @@ exit 0
 %{_mandir}/man?/*
 
 %changelog
+* Tue Aug 5 2025 fuanan <fuanan3@h-partners.com> - 125-3
+- fix Leaking zombie child processes
+
 * Mon Jul 28 2025 yanglongkang <yanglongkang@h-partners.com> - 125-2
 - fix CVE-2025-7519