diff --git a/CVE-2020-1712-5.patch b/CVE-2020-1712-5.patch
new file mode 100644
index 0000000000000000000000000000000000000000..616f36eaf3d5b8f6278cfdb4ed7029627aae501c
--- /dev/null
+++ b/CVE-2020-1712-5.patch
@@ -0,0 +1,164 @@
+From 637486261528e8aa3da9f26a4487dc254f4b7abb Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 22 Jan 2020 17:07:47 +0100
+Subject: [PATCH 1613/1760] polkit: when authorizing via PK let's re-resolve
+ callback/userdata instead of caching it
+
+Previously, when doing an async PK query we'd store the original
+callback/userdata pair and call it again after the PK request is
+complete. This is problematic, since PK queries might be slow and in the
+meantime the userdata might be released and re-acquired. Let's avoid
+this by always traversing through the message handlers so that we always
+re-resolve the callback and userdata pair and thus can be sure it's
+up-to-date and properly valid.
+
+https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb
+
+---
+ src/shared/bus-util.c | 75 ++++++++++++++++++++++++++++---------------
+ 1 file changed, 50 insertions(+), 25 deletions(-)
+
+diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
+index 0690a82..41288a7 100644
+--- a/src/shared/bus-util.c
++++ b/src/shared/bus-util.c
+@@ -340,14 +340,13 @@ typedef struct AsyncPolkitQuery {
+         char **details;
+ 
+         sd_bus_message *request, *reply;
+-        sd_bus_message_handler_t callback;
+-        void *userdata;
+         sd_bus_slot *slot;
++
+         Hashmap *registry;
++        sd_event_source *defer_event_source;
+ } AsyncPolkitQuery;
+ 
+ static void async_polkit_query_free(AsyncPolkitQuery *q) {
+-
+         if (!q)
+                 return;
+ 
+@@ -362,9 +361,22 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) {
+         free(q->action);
+         strv_free(q->details);
+ 
++        sd_event_source_disable_unref(q->defer_event_source);
+         free(q);
+ }
+ 
++static int async_polkit_defer(sd_event_source *s, void *userdata) {
++        AsyncPolkitQuery *q = userdata;
++
++        assert(s);
++
++        /* This is called as idle event source after we processed the async polkit reply, hopefully after the
++         * method call we re-enqueued has been properly processed. */
++
++        async_polkit_query_free(q);
++        return 0;
++}
++
+ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) {
+         _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
+         AsyncPolkitQuery *q = userdata;
+@@ -373,19 +385,45 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
+         assert(reply);
+         assert(q);
+ 
++        assert(q->slot);
+         q->slot = sd_bus_slot_unref(q->slot);
++
++        assert(!q->reply);
+         q->reply = sd_bus_message_ref(reply);
+ 
++	        /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the
++         * whole message processing again, and thus re-validating and re-retrieving the "userdata" field
++         * again.
++         *
++         * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again,
++         * i.e. after the second time the message is processed is complete. */
++
++        assert(!q->defer_event_source);
++        r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q);
++        if (r < 0)
++                goto fail;
++
++        r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE);
++        if (r < 0)
++                goto fail;
++
++        r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT);
++        if (r < 0)
++                goto fail;
++
+         r = sd_bus_message_rewind(q->request, true);
+-        if (r < 0) {
+-                r = sd_bus_reply_method_errno(q->request, r, NULL);
+-                goto finish;
+-        }
++        if (r < 0)
++                goto fail;
+ 
+-        r = q->callback(q->request, q->userdata, &error_buffer);
+-        r = bus_maybe_reply_error(q->request, r, &error_buffer);
++        r = sd_bus_enqeue_for_read(sd_bus_message_get_bus(q->request), q->request);
++        if (r < 0)
++                goto fail;
++
++        return 1;
+ 
+-finish:
++fail:
++        log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m");
++        (void) sd_bus_reply_method_errno(q->request, r, NULL);
+         async_polkit_query_free(q);
+ 
+         return r;
+@@ -406,11 +444,9 @@ int bus_verify_polkit_async(
+ #if ENABLE_POLKIT
+         _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
+         AsyncPolkitQuery *q;
+-        const char *sender;
+-        sd_bus_message_handler_t callback;
+-        void *userdata;
+         int c;
+ #endif
++        const char *sender;
+         int r;
+ 
+         assert(call);
+@@ -474,20 +510,11 @@ int bus_verify_polkit_async(
+         else if (r > 0)
+                 return 1;
+ 
+-#if ENABLE_POLKIT
+-        if (sd_bus_get_current_message(call->bus) != call)
+-                return -EINVAL;
+-
+-        callback = sd_bus_get_current_handler(call->bus);
+-        if (!callback)
+-                return -EINVAL;
+-
+-        userdata = sd_bus_get_current_userdata(call->bus);
+-
+         sender = sd_bus_message_get_sender(call);
+         if (!sender)
+                 return -EBADMSG;
+ 
++#if ENABLE_POLKIT
+         c = sd_bus_message_get_allow_interactive_authorization(call);
+         if (c < 0)
+                 return c;
+@@ -530,8 +557,6 @@ int bus_verify_polkit_async(
+ 
+         *q = (AsyncPolkitQuery) {
+                 .request = sd_bus_message_ref(call),
+-                .callback = callback,
+-                .userdata = userdata,
+         };
+ 
+         q->action = strdup(action);
+-- 
+2.19.1
+
diff --git a/systemd.spec b/systemd.spec
index 18efd81169dde6632cec2357b12a607dc5810d7f..86c75ed0bb56bd9a3568d4c675d2f0072446a8f2 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -16,7 +16,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        243
-Release:        18
+Release:        19
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -58,9 +58,10 @@ Patch0011:      CVE-2020-1712-1.patch
 Patch0012:      CVE-2020-1712-2.patch
 Patch0013:      CVE-2020-1712-3.patch
 Patch0014:      CVE-2020-1712-4.patch
-Patch0015:      sd-journal-close-journal-files-that-were-deleted-by-.patch
-Patch0016:      pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
-Patch0017:      fix-two-VF-virtual-machines-have-same-mac-address.patch
+Patch0015:      CVE-2020-1712-5.patch
+Patch0016:      sd-journal-close-journal-files-that-were-deleted-by-.patch
+Patch0017:      pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
+Patch0018:      fix-two-VF-virtual-machines-have-same-mac-address.patch
 
 #openEuler
 Patch9002:      1509-fix-journal-file-descriptors-leak-problems.patch
@@ -1464,6 +1465,12 @@ fi
 %exclude /usr/share/man/man3/*
 
 %changelog
+* Wed Mar 25 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-19
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:add patch of CVE-2020-1714-5
+
 * Fri Mar 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 243-18
 - Type:enhancement
 - ID:NA