diff --git a/76af6380776a81ffd6ff50de254fb448ec6bce79.patch b/76af6380776a81ffd6ff50de254fb448ec6bce79.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a22765eb5407a8d5f61af5c79efd0cae6616a9de
--- /dev/null
+++ b/76af6380776a81ffd6ff50de254fb448ec6bce79.patch
@@ -0,0 +1,27 @@
+From 76af6380776a81ffd6ff50de254fb448ec6bce79 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Thu, 4 Jan 2024 17:46:51 +0100
+Subject: [PATCH] pam_timestamp: correct failure condition
+
+Bail out on NULL pointer, not otherwise.
+
+Reported by cppcheck.
+
+Fixes: 8a3f0810 ("Y2038: use logind instead of utmp")
+---
+ modules/pam_timestamp/pam_timestamp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c
+index 083001644e..7c5457c425 100644
+--- a/modules/pam_timestamp/pam_timestamp.c
++++ b/modules/pam_timestamp/pam_timestamp.c
+@@ -557,7 +557,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+ 		}
+ #ifdef USE_LOGIND
+ 		struct passwd *pwd = pam_modutil_getpwnam(pamh, ruser);
+-		if (pwd != NULL) {
++		if (pwd == NULL) {
+ 		  return PAM_SERVICE_ERR;
+ 		}
+ 		if (check_login_time(pwd->pw_uid, then) != PAM_SUCCESS)
diff --git a/d3b8c0723d0d691585474b0e14982f62b115a672.patch b/d3b8c0723d0d691585474b0e14982f62b115a672.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9db939ef2feb4cc927eed7e579571c25441bae1b
--- /dev/null
+++ b/d3b8c0723d0d691585474b0e14982f62b115a672.patch
@@ -0,0 +1,62 @@
+From d3b8c0723d0d691585474b0e14982f62b115a672 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Mon, 8 Jan 2024 21:59:23 +0100
+Subject: [PATCH] pam_unix: do not truncate user names
+
+This could allow users with very long names to impersonate a user
+with a 255 characters long name.
+
+The check if the argument argv[1] actually matches the user name
+implies that "user" can unconditionally be set to argv[1]: If they are
+equal, the strings are obviously equal. If they are not or if null is
+returned by getuidname, "user" is set to argv[1] anyway.
+
+This way, the static buffer can be safely removed because the result
+of getpwuid() is not stored, which means that subsequent calls to
+such functions can safely overwrite their internal buffers.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ modules/pam_unix/passverify.c  | 6 +-----
+ modules/pam_unix/unix_chkpwd.c | 2 +-
+ 2 files changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
+index c48e3c5a79..c6515a65c0 100644
+--- a/modules/pam_unix/passverify.c
++++ b/modules/pam_unix/passverify.c
+@@ -1190,16 +1190,12 @@ char *
+ getuidname(uid_t uid)
+ {
+         struct passwd *pw;
+-        static char username[256];
+ 
+         pw = getpwuid(uid);
+         if (pw == NULL)
+                 return NULL;
+ 
+-        strncpy(username, pw->pw_name, sizeof(username));
+-        username[sizeof(username) - 1] = '\0';
+-
+-        return username;
++        return pw->pw_name;
+ }
+ 
+ #endif
+diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c
+index 556a2e2cc5..50570dbc84 100644
+--- a/modules/pam_unix/unix_chkpwd.c
++++ b/modules/pam_unix/unix_chkpwd.c
+@@ -138,11 +138,11 @@ int main(int argc, char *argv[])
+ 	  /* if the caller specifies the username, verify that user
+ 	     matches it */
+ 	  if (user == NULL || strcmp(user, argv[1])) {
+-	    user = argv[1];
+ 	    /* no match -> permanently change to the real user and proceed */
+ 	    if (setuid(getuid()) != 0)
+ 		return PAM_AUTH_ERR;
+ 	  }
++	  user = argv[1];
+ 	}
+ 
+ 	option=argv[2];
diff --git a/pam.spec b/pam.spec
index 59b52236b81905a176fed75f06543a2029c54390..12ca21bd57fc54a47fbde448d3a9e661bfe92c29 100644
--- a/pam.spec
+++ b/pam.spec
@@ -1,7 +1,7 @@
 Summary: An extensible library providing authentication for applications
 Name: pam
 Version: 1.5.3
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: BSD and GPLv2+
 URL: http://www.linux-pam.org
 Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
@@ -20,6 +20,8 @@ Patch0001: pam-1.5.3-CVE-2024-22365.patch
 Patch0002: pam-1.5.3-CVE-2024-10963.patch
 #https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be
 Patch0003: pam-1.5.3-CVE-2024-10041.patch
+Patch0004: https://github.com/linux-pam/linux-pam/commit/76af6380776a81ffd6ff50de254fb448ec6bce79.patch
+Patch0005: https://github.com/linux-pam/linux-pam/commit/d3b8c0723d0d691585474b0e14982f62b115a672.patch
 
 Patch3000: pam-1.5.3-userdb-gdbm.patch
 Patch5000: add-sm3-support.patch
@@ -149,6 +151,11 @@ install -p -m 644 doc/specs/rfc86.0.txt %{buildroot}%{_pkgdocdir}
 %{_libdir}/pkgconfig/pamc.pc
 
 %changelog
+* Thu Dec 26 2024 Tracker Robot <trackbot@opencloudos.tech> - 1.5.3-9
+- Apply patches from rpm-tracker
+- [Bug Fix] d3b8c0723d0d691585474b0e14982f62b115a672.patch: pam_unix: do not truncate user names
+- [Bug Fix] 76af6380776a81ffd6ff50de254fb448ec6bce79.patch: pam_timestamp: correct failure condition
+
 * Tue Dec 24 2024 wynnfeng <wynnfeng@tencent.com> - 1.5.3-8
 - [Type] security
 - [DESC] fix CVE-2024-10041