diff --git a/1001-Fix-GCC-warnings-about-possible-string-truncations-a.patch b/1001-Fix-GCC-warnings-about-possible-string-truncations-a.patch
new file mode 100644
index 0000000000000000000000000000000000000000..db16955faa98ef766842969ede093197758309c0
--- /dev/null
+++ b/1001-Fix-GCC-warnings-about-possible-string-truncations-a.patch
@@ -0,0 +1,107 @@
+From 9a2fc457659cc2baee7d13ed6b0f8c864ae605d9 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 5 Feb 2019 17:29:11 +0100
+Subject: [PATCH] Fix GCC warnings about possible string truncations and buffer
+ overflows
+
+Building with -Werror=stringop-truncation and -Werror=stringop-overflow
+leads to GCC complaining about possible string truncation and overflows.
+
+Fix this by using memcpy(), explicitly calculating the buffers lenghts
+and set a NUL byte terminator after copying the buffers.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grubby.c | 38 ++++++++++++++++++++++++++++++--------
+ 1 file changed, 30 insertions(+), 8 deletions(-)
+
+diff --git a/grubby.c b/grubby.c
+index 396041a..947b458 100644
+--- a/grubby.c
++++ b/grubby.c
+@@ -479,20 +479,28 @@ char *grub2ExtractTitle(struct singleLine *line)
+ 	snprintf(result, resultMaxSize, "%s", ++current);
+ 
+ 	i++;
++	int result_len = 0;
+ 	for (; i < line->numElements; ++i) {
+ 		current = line->elements[i].item;
+ 		current_len = strlen(current);
+ 		current_indent = line->elements[i].indent;
+ 		current_indent_len = strlen(current_indent);
+ 
+-		strncat(result, current_indent, current_indent_len);
++		memcpy(result + result_len, current_indent, current_indent_len);
++		result_len += current_indent_len;
++
+ 		if (current[current_len - 1] != quote_char) {
+-			strncat(result, current, current_len);
++			memcpy(result + result_len, current_indent,
++			       current_indent_len);
++			result_len += current_len;
+ 		} else {
+-			strncat(result, current, current_len - 1);
++			memcpy(result + result_len, current_indent,
++			       current_indent_len);
++			result_len += (current_len - 1);
+ 			break;
+ 		}
+ 	}
++	result[result_len] = '\0';
+ 	return result;
+ }
+ 
+@@ -1437,6 +1445,7 @@ static struct grubConfig *readConfig(const char *inName,
+ 			extras = malloc(len + 1);
+ 			*extras = '\0';
+ 
++			int buf_len = 0;
+ 			/* get title. */
+ 			for (int i = 0; i < line->numElements; i++) {
+ 				if (!strcmp
+@@ -1453,13 +1462,18 @@ static struct grubConfig *readConfig(const char *inName,
+ 
+ 				len = strlen(title);
+ 				if (title[len - 1] == quote_char) {
+-					strncat(buf, title, len - 1);
++					memcpy(buf + buf_len, title, len - 1);
++					buf_len += (len - 1);
+ 					break;
+ 				} else {
+-					strcat(buf, title);
+-					strcat(buf, line->elements[i].indent);
++					memcpy(buf + buf_len, title, len);
++					buf_len += len;
++					len = strlen(line->elements[i].indent);
++					memcpy(buf + buf_len, line->elements[i].indent, len);
++					buf_len += len;
+ 				}
+ 			}
++			buf[buf_len] = '\0';
+ 
+ 			/* get extras */
+ 			int count = 0;
+@@ -5209,10 +5223,18 @@ int main(int argc, const char **argv)
+ 		exit(1);
+ 	}
+ 	saved_command_line[0] = '\0';
++	int cmdline_len = 0, arg_len;
+ 	for (int j = 1; j < argc; j++) {
+-		strcat(saved_command_line, argv[j]);
+-		strncat(saved_command_line, j == argc - 1 ? "" : " ", 1);
++		arg_len = strlen(argv[j]);
++		memcpy(saved_command_line + cmdline_len, argv[j], arg_len);
++		cmdline_len += arg_len;
++		if (j != argc - 1) {
++			memcpy(saved_command_line + cmdline_len, " ", 1);
++			cmdline_len++;
++		}
++
+ 	}
++	saved_command_line[cmdline_len] = '\0';
+ 
+ 	optCon = poptGetContext("grubby", argc, argv, options, 0);
+ 	poptReadDefaultConfig(optCon, 1);
+-- 
+1.8.3.1
+
diff --git a/1002-Fix-stringop-overflow-warning.patch b/1002-Fix-stringop-overflow-warning.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f7f298842ee3216d1fc4deb60842143a241fae94
--- /dev/null
+++ b/1002-Fix-stringop-overflow-warning.patch
@@ -0,0 +1,73 @@
+From a38efb3c072811eb4e3bce265f1b8903a10ffad4 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Sun, 27 Sep 2020 22:40:28 +0800
+Subject: [PATCH] Fix stringop-overflow warning
+
+GCC gives the following compile warning:
+
+grubby.c: In function 'main':
+grubby.c:4508:27: error: writing 1 byte into a region of size 0
+[-Werror=stringop-overflow=]
+ 4508 |     saved_command_line[0] = '\0';
+      |     ~~~~~~~~~~~~~~~~~~~~~~^~~~~~
+grubby.c:4503:26: note: at offset 0 to an object with size 0 allocated
+by 'malloc' here
+ 4503 |     saved_command_line = malloc(i);
+          |                          ^~~~~~~~~
+cc1: all warnings being treated as errors
+make: *** [Makefile:38: grubby.o] Error 1
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+---
+ grubby.c | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/grubby.c b/grubby.c
+index 947b458..7923a7d 100644
+--- a/grubby.c
++++ b/grubby.c
+@@ -5217,24 +5217,26 @@ int main(int argc, const char **argv)
+ 	int i = 0;
+ 	for (int j = 1; j < argc; j++)
+ 		i += strlen(argv[j]) + 1;
+-	saved_command_line = malloc(i);
+-	if (!saved_command_line) {
+-		fprintf(stderr, "grubby: %m\n");
+-		exit(1);
+-	}
+-	saved_command_line[0] = '\0';
+-	int cmdline_len = 0, arg_len;
+-	for (int j = 1; j < argc; j++) {
+-		arg_len = strlen(argv[j]);
+-		memcpy(saved_command_line + cmdline_len, argv[j], arg_len);
+-		cmdline_len += arg_len;
+-		if (j != argc - 1) {
+-			memcpy(saved_command_line + cmdline_len, " ", 1);
+-			cmdline_len++;
++	if (i > 0) {
++		saved_command_line = malloc(i);
++		if (!saved_command_line) {
++			fprintf(stderr, "grubby: %m\n");
++			exit(1);
+ 		}
++		saved_command_line[0] = '\0';
++		int cmdline_len = 0, arg_len;
++		for (int j = 1; j < argc; j++) {
++			arg_len = strlen(argv[j]);
++			memcpy(saved_command_line + cmdline_len, argv[j], arg_len);
++			cmdline_len += arg_len;
++			if (j != argc - 1) {
++				memcpy(saved_command_line + cmdline_len, " ", 1);
++				cmdline_len++;
++			}
+ 
++		}
++		saved_command_line[cmdline_len] = '\0';
+ 	}
+-	saved_command_line[cmdline_len] = '\0';
+ 
+ 	optCon = poptGetContext("grubby", argc, argv, options, 0);
+ 	poptReadDefaultConfig(optCon, 1);
+-- 
+2.19.1.6.gb485710b
+
diff --git a/grubby.spec b/grubby.spec
index f23e2524c92531786711d8fa86ba408f464e28bc..b9eae4cb916e2e8f2edb926c2cd94415a2aef5dc 100644
--- a/grubby.spec
+++ b/grubby.spec
@@ -75,7 +75,10 @@ Patch0056: 0056-Improve-man-page-for-info-option.patch
 
 #Add by anolis
 Patch1000: 0001-grubby-anolis-rebrand.patch 
-
+# backport from upstream
+Patch1001: 1001-Fix-GCC-warnings-about-possible-string-truncations-a.patch
+# port patch from fc33
+Patch1002: 1002-Fix-stringop-overflow-warning.patch
 #end
 
 BuildRequires: gcc
@@ -179,6 +182,10 @@ current boot environment.
 %{_mandir}/man8/*.8*
 
 %changelog
+* Mon Feb 21 2022 Weitao Zhou <zhouwt@linux.alibaba.com> 8.40-42.0.3
+- fix build error with gcc9.2
+- Fix gcc10 build issue
+
 * Tue Jan 25 2022 zhangwenlong <zhangwenlong@loongson.cn> - 8.40-42.0.2
 - Support loongarch64