diff --git a/Hook-exit-when-shim_lock-protocol-installed.patch b/Hook-exit-when-shim_lock-protocol-installed.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6f9f049cc6d9756f58c31d8729c56c5f7faf7ec9
--- /dev/null
+++ b/Hook-exit-when-shim_lock-protocol-installed.patch
@@ -0,0 +1,47 @@
+From 06c92591e9420bdc290abf49072991b96fa467ef Mon Sep 17 00:00:00 2001
+From: Stuart Hayes <stuart.w.hayes@gmail.com>
+Date: Fri, 8 Feb 2019 15:48:20 -0500
+Subject: [PATCH] Hook exit when shim_lock protocol installed
+
+A recent commit moved where the shim_lock protocol is loaded and
+unloaded, but did not move where exit was hooked and unhooked.  Exit
+needs to be hooked when the protocol is installed, so that the protocol
+will be uninstalled on exit.  Otherwise, the system can crash if, for
+example, shim loads grub, the user exits grub, shim is run again, which
+installs a second instance of the protocol, and then grub tries to use
+the shim_lock protocol that was installed by the first instance of shim.
+
+Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
+---
+ shim.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/shim.c b/shim.c
+index 37afbbde..433f1901 100644
+--- a/shim.c
++++ b/shim.c
+@@ -2504,9 +2504,9 @@ shim_init(void)
+ 			loader_is_participating = 0;
+ 		}
+ 
+-		hook_exit(systab);
+ 	}
+ 
++	hook_exit(systab);
+ 	return install_shim_protocols();
+ }
+ 
+@@ -2524,9 +2524,10 @@ shim_fini(void)
+ 		 * Remove our hooks from system services.
+ 		 */
+ 		unhook_system_services();
+-		unhook_exit();
+ 	}
+ 
++	unhook_exit();
++
+ 	/*
+ 	 * Free the space allocated for the alternative 2nd stage loader
+ 	 */
+--
+2.19.1
diff --git a/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprint.patch b/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprint.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b746553230dda531393e03fc1a57915d218a1cd6
--- /dev/null
+++ b/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprint.patch
@@ -0,0 +1,64 @@
+From 20e731f423a438f53738de73af9ef3d67c4cba2f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Tue, 12 Feb 2019 18:04:49 -0500
+Subject: [PATCH] VLogError(): Avoid NULL pointer dereferences in (V)Sprint
+ calls
+
+VLogError() calculates the size of format strings by using calls to
+SPrint and VSPrint with a StrSize of 0 and NULL for an output buffer.
+Unfortunately, this is an incorrect usage of (V)Sprint. A StrSize
+of "0" is special-cased to mean "there is no limit". So, we end up
+writing our string to address 0x0. This was discovered because it
+causes a crash on ARM where, unlike x86, it does not necessarily
+have memory mapped at 0x0.
+
+Avoid the (V)Sprint calls altogether by using (V)PoolPrint, which
+handles the size calculation and allocation for us.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+Fixes: 25f6fd08cd26 ("try to show errors more usefully.")
+[dannf: commit message ]
+Signed-off-by: dann frazier <dann.frazier@canonical.com>
+---
+ errlog.c | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/errlog.c b/errlog.c
+index 18be4822..eebb266d 100644
+--- a/errlog.c
++++ b/errlog.c
+@@ -14,29 +14,20 @@ EFI_STATUS
+ VLogError(const char *file, int line, const char *func, CHAR16 *fmt, va_list args)
+ {
+ 	va_list args2;
+-	UINTN size = 0, size2;
+ 	CHAR16 **newerrs;
+ 
+-	size = SPrint(NULL, 0, L"%a:%d %a() ", file, line, func);
+-	va_copy(args2, args);
+-	size2 = VSPrint(NULL, 0, fmt, args2);
+-	va_end(args2);
+-
+ 	newerrs = ReallocatePool(errs, (nerrs + 1) * sizeof(*errs),
+ 				       (nerrs + 3) * sizeof(*errs));
+ 	if (!newerrs)
+ 		return EFI_OUT_OF_RESOURCES;
+ 
+-	newerrs[nerrs] = AllocatePool(size*2+2);
++	newerrs[nerrs] = PoolPrint(L"%a:%d %a() ", file, line, func);
+ 	if (!newerrs[nerrs])
+ 		return EFI_OUT_OF_RESOURCES;
+-	newerrs[nerrs+1] = AllocatePool(size2*2+2);
++	va_copy(args2, args);
++	newerrs[nerrs+1] = VPoolPrint(fmt, args2);
+ 	if (!newerrs[nerrs+1])
+ 		return EFI_OUT_OF_RESOURCES;
+-
+-	SPrint(newerrs[nerrs], size*2+2, L"%a:%d %a() ", file, line, func);
+-	va_copy(args2, args);
+-	VSPrint(newerrs[nerrs+1], size2*2+2, fmt, args2);
+ 	va_end(args2);
+ 
+ 	nerrs += 2;
+--
+2.19.1
diff --git a/shim.spec b/shim.spec
index 0df6a909dcdcce478eb90abb88d165eaa504e552..2f18d99d92228146949c64507e08b255e2cb396d 100644
--- a/shim.spec
+++ b/shim.spec
@@ -22,7 +22,7 @@
 
 Name:		shim
 Version:	15
-Release:        18
+Release:        20
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:  x86_64 aarch64
 License:	BSD
@@ -31,6 +31,9 @@ Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{vers
 Source1:        BOOTAA64.CSV
 Source2:        BOOTX64.CSV
 
+Patch0:		Hook-exit-when-shim_lock-protocol-installed.patch
+Patch1:		VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprint.patch
+
 BuildRequires:	elfutils-libelf-devel openssl-devel openssl git pesign gnu-efi gnu-efi-devel gcc
 Requires:       dbxtool efi-filesystem mokutil
 Provides:	bundled(openssl) = 1.0.2j
@@ -128,6 +131,9 @@ cd ..
 /usr/src/debug/%{name}-%{version}-%{release}/*
 
 %changelog
+* Tue Feb 9 2021 Steven Y.Gui <steven_ygui@163.com> - 15-20
+- backport some upstream patches
+
 * Tue Mar 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 15-18
 - fix wrong information