diff --git a/backport-ctrl-Fix-fd-leak-in-ctrl_list.patch b/backport-ctrl-Fix-fd-leak-in-ctrl_list.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8be8a80e244dc583f4539ceaec33d5a6d55aec23
--- /dev/null
+++ b/backport-ctrl-Fix-fd-leak-in-ctrl_list.patch
@@ -0,0 +1,31 @@
+From 35c02157396c847e57f52b5d6d345af2b961a794 Mon Sep 17 00:00:00 2001
+From: Maks Mishin <maks.mishinfz@gmail.com>
+Date: Wed, 7 Feb 2024 02:54:03 +0300
+Subject: [PATCH] ctrl: Fix fd leak in ctrl_list()
+
+if ctrl_list is called with get operation and wrong number
+of parameters, it would forget to close the local netlink
+handle.
+
+Conflict:no
+Reference:https://github.com/iproute2/iproute2/commit/35c02157396c847e57f52b5d6d345af2b961a794
+
+Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ genl/ctrl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/genl/ctrl.c b/genl/ctrl.c
+index aff922a43..bae73a54b 100644
+--- a/genl/ctrl.c
++++ b/genl/ctrl.c
+@@ -267,7 +267,7 @@ static int ctrl_list(int cmd, int argc, char **argv)
+ 
+ 		if (argc != 2) {
+ 			fprintf(stderr, "Wrong number of params\n");
+-			return -1;
++			goto ctrl_done;
+ 		}
+ 
+ 		if (matches(*argv, "name") == 0) {
diff --git a/backport-ctrl-Fix-fd-leak-in-ctrl_listen.patch b/backport-ctrl-Fix-fd-leak-in-ctrl_listen.patch
new file mode 100644
index 0000000000000000000000000000000000000000..73d652b5188610632f34439739311934b531c73e
--- /dev/null
+++ b/backport-ctrl-Fix-fd-leak-in-ctrl_listen.patch
@@ -0,0 +1,34 @@
+From f4dc6a784f6e2cee091027434f05a501f4cc1411 Mon Sep 17 00:00:00 2001
+From: Maks Mishin <maks.mishinfz@gmail.com>
+Date: Wed, 7 Feb 2024 02:54:16 +0300
+Subject: [PATCH] ctrl: Fix fd leak in ctrl_listen()
+
+Use the same pattern for handling rtnl_listen() errors that
+is used across other iproute2 commands. All other commands
+exit with status of 2 if rtnl_listen fails.
+
+Conflict:no
+Reference:https://github.com/iproute2/iproute2/commit/f4dc6a784f6e2cee091027434f05a501f4cc1411
+
+Reported-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ genl/ctrl.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/genl/ctrl.c b/genl/ctrl.c
+index bae73a54b..72a9b0130 100644
+--- a/genl/ctrl.c
++++ b/genl/ctrl.c
+@@ -334,8 +334,9 @@ static int ctrl_listen(int argc, char **argv)
+ 	}
+ 
+ 	if (rtnl_listen(&rth, print_ctrl, (void *) stdout) < 0)
+-		return -1;
+-
++		exit(2);
++	
++	rtnl_close(&rth);	
+ 	return 0;
+ }
+ 
diff --git a/backport-devlink-use-snprintf-instead-of-sprintf.patch b/backport-devlink-use-snprintf-instead-of-sprintf.patch
new file mode 100644
index 0000000000000000000000000000000000000000..229772c1910ef633b2c4b11d22ca864a8e179187
--- /dev/null
+++ b/backport-devlink-use-snprintf-instead-of-sprintf.patch
@@ -0,0 +1,72 @@
+From 8265b39f0c2563b57a610355c9ee9ede5381f013 Mon Sep 17 00:00:00 2001
+From: Jiri Pirko <jiri@nvidia.com>
+Date: Tue, 7 Nov 2023 09:06:02 +0100
+Subject: [PATCH] devlink: use snprintf instead of sprintf
+
+Use snprintf instead of sprintf to ensure only valid memory is printed
+to and the output string is properly terminated.
+
+Conflict:yes
+due to upstream commit:700a8991,06cb288d
+
+Reference:https://github.com/iproute2/iproute2/commit/8265b39f0c2563b57a610355c9ee9ede5381f013
+
+Signed-off-by: Jiri Pirko <jiri@nvidia.com>
+Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ devlink/devlink.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/devlink/devlink.c b/devlink/devlink.c
+index 3baad3557..b711e92ca 100644
+--- a/devlink/devlink.c
++++ b/devlink/devlink.c
+@@ -2773,7 +2774,7 @@ static void __pr_out_handle_start(struct dl *dl, struct nlattr **tb,
+ 	const char *dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]);
+ 	char buf[64];
+ 
+-	sprintf(buf, "%s/%s", bus_name, dev_name);
++	snprintf(buf, sizeof(buf), "%s/%s", bus_name, dev_name);
+ 
+ 	if (dl->json_output) {
+ 		if (array) {
+@@ -2902,9 +2903,10 @@ static void __pr_out_port_handle_start(struct dl *dl, const char *bus_name,
+ 	if (dl->no_nice_names || !try_nice ||
+ 	    ifname_map_rev_lookup(dl, bus_name, dev_name,
+ 				  port_index, &ifname) != 0)
+-		sprintf(buf, "%s/%s/%d", bus_name, dev_name, port_index);
++		snprintf(buf, sizeof(buf), "%s/%s/%d",
++			 bus_name, dev_name, port_index);
+ 	else
+-		sprintf(buf, "%s", ifname);
++		snprintf(buf, sizeof(buf), "%s", ifname);
+ 
+ 	if (dl->json_output) {
+ 		if (array) {
+@@ -5230,7 +5232,7 @@ pr_out_port_rate_handle_start(struct dl *dl, struct nlattr **tb, bool try_nice)
+ 	bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]);
+ 	dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]);
+ 	node_name = mnl_attr_get_str(tb[DEVLINK_ATTR_RATE_NODE_NAME]);
+-	sprintf(buf, "%s/%s/%s", bus_name, dev_name, node_name);
++	snprintf(buf, sizeof(buf), "%s/%s/%s", bus_name, dev_name, node_name);
+ 	if (dl->json_output)
+ 		open_json_object(buf);
+ 	else
+@@ -6305,7 +6307,7 @@ static void pr_out_json_occ_show_item_list(struct dl *dl, const char *label,
+ 
+ 	open_json_object(label);
+ 	list_for_each_entry(occ_item, list, list) {
+-		sprintf(buf, "%u", occ_item->index);
++		snprintf(buf, sizeof(buf), "%u", occ_item->index);
+ 		open_json_object(buf);
+ 		if (bound_pool)
+ 			print_uint(PRINT_JSON, "bound_pool", NULL,
+@@ -8674,7 +8676,7 @@ static void pr_out_region_handle_start(struct dl *dl, struct nlattr **tb)
+ 	const char *region_name = mnl_attr_get_str(tb[DEVLINK_ATTR_REGION_NAME]);
+ 	char buf[256];
+ 
+-	sprintf(buf, "%s/%s/%s", bus_name, dev_name, region_name);
++	snprintf(buf, sizeof(buf), "%s/%s/%s", bus_name, dev_name, region_name);
+ 	if (dl->json_output)
+ 		open_json_object(buf);
+ 	else
diff --git a/iproute.spec b/iproute.spec
index c6a0cfa6185d1901cceb2b1d2de7085c90385464..443ce9e3213ed6c02f5f60da32818a2d14420fd8 100644
--- a/iproute.spec
+++ b/iproute.spec
@@ -2,7 +2,7 @@
 Name:		iproute
 Version:	5.15.0
 Epoch:      1
-Release:	19
+Release:	20
 Summary:	Linux network configuration utilities
 License:	GPLv2+ and Public Domain
 URL:		https://kernel.org/pub/linux/utils/net/iproute2/
@@ -67,6 +67,9 @@ patch6049:      backport-ip-fix-memory-leak-in-ip-maddr-show.patch
 patch6050:      backport-ila-fix-potential-snprintf-buffer-overflow.patch
 patch6051:      backport-bridge-fix-potential-snprintf-overflow.patch
 patch6052:      backport-mnl_utils-sanitize-incoming-netlink-payload-size-in-callbacks.patch
+Patch6053:      backport-devlink-use-snprintf-instead-of-sprintf.patch
+Patch6054:      backport-ctrl-Fix-fd-leak-in-ctrl_list.patch
+Patch6055:      backport-ctrl-Fix-fd-leak-in-ctrl_listen.patch
 
 Patch9000:      feature-iproute-add-support-for-ipvlan-l2e-mode.patch
 Patch9001:      bugfix-iproute2-cancel-some-test-cases.patch
@@ -147,6 +150,14 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 %{_mandir}/*
 
 %changelog
+* Fri Jul 26 2024 caokeming <caokeming@huawei.com> - 1:5.15.0-20
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:ctrl: Fix fd leak in ctrl_list()
+       ctrl: Fix fd leak in ctrl_listen()
+       devlink: use snprintf instead of sprintf    
+
 * Tue Apr 16 2024 liweigang <liweiganga@uniontech.com> - 1:5.15.0-19
 - Type: bugfix
 - ID: NA