diff --git a/PAM-P11-fixed-minor-mem-leak.patch b/PAM-P11-fixed-minor-mem-leak.patch
new file mode 100644
index 0000000000000000000000000000000000000000..72abaa366243c7db44a7f94b6fb8e8655a185f4c
--- /dev/null
+++ b/PAM-P11-fixed-minor-mem-leak.patch
@@ -0,0 +1,44 @@
+From f1195229e016e2a3e1a7358ff87954d573b1dcac Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 13 May 2022 16:21:46 +0200
+Subject: [PATCH] PAM P11: fixed minor mem-leak
+
+Reviewed-by: Justin Stephenson <jstephen@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/pam/pamsrv_p11.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
+index ae1063365..bd205eb93 100644
+--- a/src/responder/pam/pamsrv_p11.c
++++ b/src/responder/pam/pamsrv_p11.c
+@@ -523,19 +523,22 @@ static errno_t parse_p11_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf,
+         cert_auth_info = talloc_zero(tmp_ctx, struct cert_auth_info);
+         if (cert_auth_info == NULL) {
+             DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
+-            return ENOMEM;
++            ret = ENOMEM;
++            goto done;
+         }
+ 
+         pn = memchr(p, '\n', buf_len - (p - buf));
+         if (pn == NULL) {
+             DEBUG(SSSDBG_OP_FAILURE,
+                   "Missing new-line in p11_child response.\n");
+-            return EINVAL;
++            ret = EINVAL;
++            goto done;
+         }
+         if (pn == p) {
+             DEBUG(SSSDBG_OP_FAILURE,
+                   "Missing token name in p11_child response.\n");
+-            return EINVAL;
++            ret = EINVAL;
++            goto done;
+         }
+ 
+         cert_auth_info->token_name = talloc_strndup(cert_auth_info, (char *)p,
+-- 
+2.25.1
+
diff --git a/PAM-P11-fixed-mistype-in-a-log-message.patch b/PAM-P11-fixed-mistype-in-a-log-message.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c215aeb38ba422fcc8443d2d16069c50fdc7c620
--- /dev/null
+++ b/PAM-P11-fixed-mistype-in-a-log-message.patch
@@ -0,0 +1,27 @@
+From 1ed59fb6e6a1f244b6954e689be10c213ffebed3 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 13 May 2022 16:19:01 +0200
+Subject: [PATCH] PAM P11: fixed mistype in a log message
+
+Reviewed-by: Justin Stephenson <jstephen@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/pam/pamsrv_p11.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
+index 09b247de9..ae1063365 100644
+--- a/src/responder/pam/pamsrv_p11.c
++++ b/src/responder/pam/pamsrv_p11.c
+@@ -534,7 +534,7 @@ static errno_t parse_p11_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf,
+         }
+         if (pn == p) {
+             DEBUG(SSSDBG_OP_FAILURE,
+-                  "Missing counter in p11_child response.\n");
++                  "Missing token name in p11_child response.\n");
+             return EINVAL;
+         }
+ 
+-- 
+2.25.1
+
diff --git a/SSS_CLIENT-mem-cache-fixed-missing-error-code.patch b/SSS_CLIENT-mem-cache-fixed-missing-error-code.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a3341700122cbcd0ab1eb8b7ad5871a5d89e958a
--- /dev/null
+++ b/SSS_CLIENT-mem-cache-fixed-missing-error-code.patch
@@ -0,0 +1,29 @@
+From ffec99930ec84b586f4532246d04be6207396e54 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 17 Jun 2022 15:54:24 +0200
+Subject: [PATCH] SSS_CLIENT: mem-cache: fixed missing error code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/sss_client/nss_mc_common.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c
+index b974d343a..c73a93a9a 100644
+--- a/src/sss_client/nss_mc_common.c
++++ b/src/sss_client/nss_mc_common.c
+@@ -167,6 +167,7 @@ static errno_t sss_nss_mc_init_ctx(const char *name,
+ 
+     ctx->fd = sss_open_cloexec(file, O_RDONLY, &ret);
+     if (ctx->fd == -1) {
++        ret = EIO;
+         goto done;
+     }
+ 
+-- 
+2.25.1
+
diff --git a/confdb-supress-false-positive-warning-src-confdb-con.patch b/confdb-supress-false-positive-warning-src-confdb-con.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2e41f401fe04c2ed26f42c592c215be8ea2c7ec5
--- /dev/null
+++ b/confdb-supress-false-positive-warning-src-confdb-con.patch
@@ -0,0 +1,32 @@
+From 98f2f9f581a4e6a68bf6bf6e409f8f306ee9eb93 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 29 Jun 2022 11:12:26 +0200
+Subject: [PATCH] confdb: supress false positive warning:
+ src/confdb/confdb.c:260:10: warning[-Wanalyzer-use-of-uninitialized-value]:
+ use of uninitialized value 'secdn'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/confdb/confdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index 6d30338ec..ae2d90bf5 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -242,7 +242,7 @@ int confdb_get_param(struct confdb_ctx *cdb,
+     TALLOC_CTX *tmp_ctx;
+     struct ldb_result *res;
+     struct ldb_dn *dn;
+-    char *secdn;
++    char *secdn = NULL;
+     const char *attrs[] = { attribute, NULL };
+     char **vals;
+     struct ldb_message_element *el;
+-- 
+2.25.1
+
diff --git a/sssd.spec b/sssd.spec
index ef1c7e9f0ad663e6f08fb8332edc4e182eb0ed80..50c96a2fd7465021647ae55a98626c7bbc01dd38 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -1,6 +1,6 @@
 Name: sssd
 Version: 2.2.2
-Release: 11
+Release: 12
 Summary: System Security Services Daemon
 License: GPLv3+ and LGPLv3+
 URL: https://pagure.io/SSSD/sssd/
@@ -12,6 +12,10 @@ Patch2:backport-Added-ERROR-and-PRINT-macros-to-the-tools.patch
 Patch3:backport-Remove-redundant-header-file-inclusion.patch
 Patch4:backport-SSSCTL-fix-logs-remove-when-log-directory-is-emtry.patch
 Patch5:backport-CVE-2021-3621.patch
+Patch6:confdb-supress-false-positive-warning-src-confdb-con.patch
+Patch7:SSS_CLIENT-mem-cache-fixed-missing-error-code.patch
+Patch8:PAM-P11-fixed-minor-mem-leak.patch
+Patch9:PAM-P11-fixed-mistype-in-a-log-message.patch
 
 Requires: python3-sssd = %{version}-%{release}
 Requires: libldb
@@ -585,6 +589,15 @@ fi
                                 %{_libdir}/%{name}/modules/libwbclient.so
 
 %changelog
+* Wed Oct 19 2022 zhangjun<zhangjun@kylinos.cn> - 2.2.2-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix use of uninitialized value secdn
+       fix minor mem-leak
+       fixed mistype in a log message
+       fixed mem-cache missing error code
+
 * Wed Aug 31 2022 zhangruifang <zhangruifang1@h-partners.com> - 2.2.2-11
 - delete duplicate file sssd-example.conf