diff --git a/backport-src-groupmod-fix-double-free.patch b/backport-src-groupmod-fix-double-free.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ee6faae43caa871de685a63ee4de9aacf06e5aa9
--- /dev/null
+++ b/backport-src-groupmod-fix-double-free.patch
@@ -0,0 +1,25 @@
+From 10429edc14673fbb8c78b25f1872c34e88e5f07f
+From: lixinyun <li.xinyun@h3c.com>
+Date:   Wed May 29 06:53:02 2024 +0800
+Subject: [PATCH] src/groupmod: double free
+
+    src/groupmod.c: delete gr_free_members(&grp) to avoid double free
+
+Reference: https://github.com/shadow-maint/shadow/commit/10429edc14673fbb8c78b25f1872c34e88e5f07f
+Conflict: NA
+---
+ src/groupmod.c | 2 -
+ 1 file changed, 2 deletions(-)
+
+diff -urN a/src/groupmod.c b/src/groupmod.c
+--- a/src/groupmod.c	2024-07-01 09:25:24.729698444 +0800
++++ b/src/groupmod.c	2024-07-01 10:12:44.530698444 +0800
+@@ -269,8 +269,6 @@
+ 
+ 		if (!aflg) {
+ 			// requested to replace the existing groups
+-			if (NULL != grp.gr_mem[0])
+-				gr_free_members(&grp);
+ 			grp.gr_mem = (char **)xmalloc(sizeof(char *));
+ 			grp.gr_mem[0] = (char *)0;
+ 		} else {
diff --git a/shadow.spec b/shadow.spec
index 4d21f1d518bb276ba215c26547418f6d35493c7f..15f430394e7a7f459db43c7f52e2174472361ef4 100644
--- a/shadow.spec
+++ b/shadow.spec
@@ -1,6 +1,6 @@
 Name: shadow
 Version: 4.9
-Release: 17
+Release: 18
 Epoch: 2
 License: BSD and GPLv2+
 Summary: Tools for managing accounts and shadow password files
@@ -97,9 +97,10 @@ Patch77: backport-lib-btrfs-avoid-NULL-dereference.patch
 Patch78: backport-src-passwd.c-Switch-to-day-precision.patch
 Patch79: backport-src-passwd-add-overflow-check.patch 
 Patch80: backport-src-useradd-free-string.patch
-Patch81: backport-src-useradd.c-get_groups-Fix-memory-leak.patch
-Patch82: backport-src-gpasswd-Clear-password-in-more-cases.patch
-Patch83: backport-lib-encrypt.c-Do-not-exit-in-error-case.patch
+Patch81: backport-src-groupmod-fix-double-free.patch
+Patch82: backport-src-useradd.c-get_groups-Fix-memory-leak.patch
+Patch83: backport-src-gpasswd-Clear-password-in-more-cases.patch
+Patch84: backport-lib-encrypt.c-Do-not-exit-in-error-case.patch
 
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel
@@ -269,7 +270,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_mandir}/*/*
 
 %changelog
-* Tue Mar 18 2025 wangjiang <app@cameyan.com> - 2:4.9-17
+* Tue Mar 18 2025 wangjiang <app@cameyan.com> - 2:4.9-18
+- backport patches from upstream
+
+* Tue Jul 2 2024 lixinyun <li.xinyun@h3c.com> - 2:4.9-17
 - backport patches from upstream
 
 * Sat Mar 16 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 2:4.9-16