diff --git a/backport-Added-documentation-around-CREATE_MAIL_SPOOL.patch b/backport-Added-documentation-around-CREATE_MAIL_SPOOL.patch
new file mode 100644
index 0000000000000000000000000000000000000000..356fe49d7b501f8a85dd135e6f101d0ebe3fae81
--- /dev/null
+++ b/backport-Added-documentation-around-CREATE_MAIL_SPOOL.patch
@@ -0,0 +1,26 @@
+From aff4989d1acf3afc718813144658c295d8d10f20 Mon Sep 17 00:00:00 2001
+From: Andy Zaugg <andy.zaugg@gmail.com>
+Date: Mon, 20 Sep 2021 20:41:50 -0700
+Subject: [PATCH] Added documentation around CREATE_MAIL_SPOOL
+
+Adding documentation aroud the parameter CREATE_MAIL_SPOOL in the
+/etc/default/useradd file
+---
+ man/login.defs.d/MAIL_DIR.xml | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/man/login.defs.d/MAIL_DIR.xml b/man/login.defs.d/MAIL_DIR.xml
+index 60b82d6b..b5adb888 100644
+--- a/man/login.defs.d/MAIL_DIR.xml
++++ b/man/login.defs.d/MAIL_DIR.xml
+@@ -35,6 +35,8 @@
+       The mail spool directory. This is needed to manipulate the mailbox
+       when its corresponding user account is modified or deleted. If not
+       specified, a compile-time default is used.
++      The parameter CREATE_MAIL_SPOOL in <filename>/etc/default/useradd</filename>
++      determines whether the mail spool should be created.
+     </para>
+   </listitem>
+ </varlistentry><varlistentry>
+-- 
+
diff --git a/backport-Fix-parentheses-in-configure.ac.patch b/backport-Fix-parentheses-in-configure.ac.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4abbb1d50f177378f8724d9ffc11f7440492a7f3
--- /dev/null
+++ b/backport-Fix-parentheses-in-configure.ac.patch
@@ -0,0 +1,25 @@
+From 049f9a7f6b320c728a6274299041e360381d7cd5 Mon Sep 17 00:00:00 2001
+From: Andy Zaugg <andy.zaugg@gmail.com>
+Date: Tue, 21 Sep 2021 21:51:10 -0700
+Subject: [PATCH] Fix parentheses in configure.ac
+
+Resolving issue https://github.com/shadow-maint/shadow/issues/419
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 994836bd..6cbb6bd2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -345,7 +345,7 @@ if test "$with_sssd" = "yes"; then
+ 	              [AC_MSG_ERROR([posix_spawn is needed for sssd support])])
+ fi
+ 
+-AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
++AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su]))
+ AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
+ 
+ dnl Check for some functions in libc first, only if not found check for
+-- 
+
diff --git a/backport-Handle-malformed-lines-in-hushlogins-file.patch b/backport-Handle-malformed-lines-in-hushlogins-file.patch
new file mode 100644
index 0000000000000000000000000000000000000000..afbf7b226b51400001ce8770910b0314f7cca597
--- /dev/null
+++ b/backport-Handle-malformed-lines-in-hushlogins-file.patch
@@ -0,0 +1,32 @@
+From 63a96706b1205f91c4a57de21ac56e996d270ff1 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Fri, 29 Oct 2021 19:44:46 +0200
+Subject: [PATCH] Handle malformed lines in hushlogins file.
+
+If a line in hushlogins file, e.g. /etc/hushlogins, starts with
+'\0', then current code performs an out of boundary write.
+If the line lacks a newline at the end, then another character is
+overridden.
+
+With strcspn both cases are solved.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ libmisc/hushed.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libmisc/hushed.c b/libmisc/hushed.c
+index b71b99ce..3c3adafc 100644
+--- a/libmisc/hushed.c
++++ b/libmisc/hushed.c
+@@ -90,7 +90,7 @@ bool hushed (const char *username)
+ 		return false;
+ 	}
+ 	for (found = false; !found && (fgets (buf, (int) sizeof buf, fp) == buf);) {
+-		buf[strlen (buf) - 1] = '\0';
++		buf[strcspn (buf, "\n")] = '\0';
+ 		found = (strcmp (buf, pw->pw_shell) == 0) ||
+ 		        (strcmp (buf, pw->pw_name) == 0);
+ 	}
+-- 
+
diff --git a/backport-Only-free-sgent-if-it-was-initialized.patch b/backport-Only-free-sgent-if-it-was-initialized.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5733717f3cc93c2d96299954fa63d11584cefe52
--- /dev/null
+++ b/backport-Only-free-sgent-if-it-was-initialized.patch
@@ -0,0 +1,41 @@
+From 117bc66c6f95fa85ca75ecfdb8fbd3615deca0b6 Mon Sep 17 00:00:00 2001
+From: Michael Vetter <jubalh@iodoru.org>
+Date: Mon, 20 Sep 2021 11:04:50 +0200
+Subject: [PATCH] Only free sgent if it was initialized
+
+`sgent` is only initialized in `get_group()` if `is_shadowgrp` is true.
+So we should also only attempt to free it if this is actually the case.
+
+Can otherwise lead to:
+```
+free() double free detected in tcache 2 (gpasswd)
+```
+---
+ src/gpasswd.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/src/gpasswd.c b/src/gpasswd.c
+index a43d9a59..04bed83d 100644
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -1207,11 +1207,13 @@ int main (int argc, char **argv)
+ 	sssd_flush_cache (SSSD_DB_GROUP);
+ 
+ #ifdef SHADOWGRP
+-	if (sgent.sg_adm) {
+-		xfree(sgent.sg_adm);
+-	}
+-	if (sgent.sg_mem) {
+-		xfree(sgent.sg_mem);
++	if (is_shadowgrp) {
++		if (sgent.sg_adm) {
++			xfree(sgent.sg_adm);
++		}
++		if (sgent.sg_mem) {
++			xfree(sgent.sg_mem);
++		}
+ 	}
+ #endif
+ 	if (grent.gr_mem) {
+-- 
+
diff --git a/backport-gpasswd.c-fix-memory-leak-in-sg_adm.patch b/backport-gpasswd.c-fix-memory-leak-in-sg_adm.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6639f10783e7a4b66e047a8fe031d5a89e3ec7df
--- /dev/null
+++ b/backport-gpasswd.c-fix-memory-leak-in-sg_adm.patch
@@ -0,0 +1,34 @@
+From 22bfaf9e266eb78c6f352423114005cd3db455ac Mon Sep 17 00:00:00 2001
+From: w00475903 <wanghongzhe@huawei.com>
+Date: Wed, 16 Sep 2020 04:15:06 -0400
+Subject: [PATCH] gpasswd.c: fix memory leak in sg_adm
+
+Signed-off-by: whzhe <wanghongzhe@huawei.com>
+---
+ src/gpasswd.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/gpasswd.c b/src/gpasswd.c
+index 4d75af96..9331d30c 100644
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -1204,6 +1204,17 @@ int main (int argc, char **argv)
+ 	nscd_flush_cache ("group");
+ 	sssd_flush_cache (SSSD_DB_GROUP);
+ 
++#ifdef SHADOWGRP
++	if (sgent.sg_adm) {
++		xfree(sgent.sg_adm);
++	}
++	if (sgent.sg_mem) {
++		xfree(sgent.sg_mem);
++	}
++#endif
++	if (grent.gr_mem) {
++		xfree(grent.gr_mem);
++	}
+ 	exit (E_SUCCESS);
+ }
+ 
+-- 
+
diff --git a/shadow.spec b/shadow.spec
index 5b55aa55f2379d99ba9f15cb2395b9409e334758..358b8b4fa75e81f3f5506f90f3c4c19d31bba93a 100644
--- a/shadow.spec
+++ b/shadow.spec
@@ -1,6 +1,6 @@
 Name: shadow
 Version: 4.8.1
-Release: 7
+Release: 8
 Epoch: 2
 License: BSD and GPLv2+
 Summary: Tools for managing accounts and shadow password files
@@ -27,6 +27,11 @@ Patch10: man-zh_CN-fix-typo.patch
 Patch11: useradd-free-grp-to-avoid-leak.patch
 Patch12: useradd.c-fix-memleaks-of-grp.patch
 Patch13: useradd.c-fix-memleak-in-get_groups.patch
+Patch14: backport-Added-documentation-around-CREATE_MAIL_SPOOL.patch
+Patch15: backport-Fix-parentheses-in-configure.ac.patch
+Patch16: backport-gpasswd.c-fix-memory-leak-in-sg_adm.patch
+Patch17: backport-Only-free-sgent-if-it-was-initialized.patch
+Patch18: backport-Handle-malformed-lines-in-hushlogins-file.patch
 
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel
@@ -173,6 +178,9 @@ done
 %{_mandir}/*/*
 
 %changelog
+* Mon Nov 29 2021 steven Y.Gui <steven_ygui@163.com> - 2:4.8.1-8
+- backport some patches from upstream
+
 * Thu Sep 30 2021 steven Y.Gui <steven_ygui@163.com> - 2:4.8.1-7
 - backport some patches to fix memory leak