diff --git a/backport-CVE-2021-36222.patch b/backport-CVE-2021-36222.patch
deleted file mode 100644
index 4a7c7aecfa228ce6bd048f7ed5c9caea725225b0..0000000000000000000000000000000000000000
--- a/backport-CVE-2021-36222.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 791211b00a53b394376d096c881b725ee739a936 Mon Sep 17 00:00:00 2001
-From: Joseph Sutton <josephsutton@catalyst.net.nz>
-Date: Wed, 7 Jul 2021 11:47:44 +1200
-Subject: [PATCH] Fix KDC null deref on bad encrypted challenge
-
-The function ec_verify() in src/kdc/kdc_preauth_ec.c contains a check
-to avoid further processing if the armor key is NULL.  However, this
-check is bypassed by a call to k5memdup0() which overwrites retval
-with 0 if the allocation succeeds.  If the armor key is NULL, a call
-to krb5_c_fx_cf2_simple() will then dereference it, resulting in a
-crash.  Add a check before the k5memdup0() call to avoid overwriting
-retval.
-
-CVE-2021-36222:
-
-In MIT krb5 releases 1.16 and later, an unauthenticated attacker can
-cause a null dereference in the KDC by sending a request containing a
-PA-ENCRYPTED-CHALLENGE padata element without using FAST.
-
-[ghudson@mit.edu: trimmed patch; added test case; edited commit
-message]
-
-ticket: 9007 (new)
-tags: pullup
-target_version: 1.19-next
-target_version: 1.18-next
-
-(cherry picked from commit fc98f520caefff2e5ee9a0026fdf5109944b3562)
----
- src/kdc/kdc_preauth_ec.c      |  3 ++-
- src/tests/Makefile.in         |  1 +
- src/tests/t_cve-2021-36222.py | 46 +++++++++++++++++++++++++++++++++++
- 3 files changed, 49 insertions(+), 1 deletion(-)
- create mode 100644 src/tests/t_cve-2021-36222.py
-
-diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c
-index 7e636b3f9..43a9902cc 100644
---- a/src/kdc/kdc_preauth_ec.c
-+++ b/src/kdc/kdc_preauth_ec.c
-@@ -87,7 +87,8 @@ ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
-     }
- 
-     /* Check for a configured FAST ec auth indicator. */
--    realmstr = k5memdup0(realm.data, realm.length, &retval);
-+    if (retval == 0)
-+        realmstr = k5memdup0(realm.data, realm.length, &retval);
-     if (realmstr != NULL)
-         retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
-                                     realmstr,
-diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
-index ab416cc5f..20f27d748 100644
---- a/src/tests/Makefile.in
-+++ b/src/tests/Makefile.in
-@@ -159,6 +159,7 @@ check-pytests: unlockiter s4u2self
- 	$(RUNPYTEST) $(srcdir)/t_cve-2012-1015.py $(PYTESTFLAGS)
- 	$(RUNPYTEST) $(srcdir)/t_cve-2013-1416.py $(PYTESTFLAGS)
- 	$(RUNPYTEST) $(srcdir)/t_cve-2013-1417.py $(PYTESTFLAGS)
-+	$(RUNPYTEST) $(srcdir)/t_cve-2021-36222.py $(PYTESTFLAGS)
- 	$(RM) au.log
- 	$(RUNPYTEST) $(srcdir)/t_audit.py $(PYTESTFLAGS)
- 	$(RUNPYTEST) $(srcdir)/jsonwalker.py -d $(srcdir)/au_dict.json \
-diff --git a/src/tests/t_cve-2021-36222.py b/src/tests/t_cve-2021-36222.py
-new file mode 100644
-index 000000000..57e04993b
---- /dev/null
-+++ b/src/tests/t_cve-2021-36222.py
-@@ -0,0 +1,46 @@
-+import socket
-+from k5test import *
-+
-+realm = K5Realm()
-+
-+# CVE-2021-36222 KDC null dereference on encrypted challenge preauth
-+# without FAST
-+
-+s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-+a = (hostname, realm.portbase)
-+
-+m = ('6A81A0' '30819D'          # [APPLICATION 10] SEQUENCE
-+     'A103' '0201' '05'         #  [1] pvno = 5
-+     'A203' '0201' '0A'         #  [2] msg-type = 10
-+     'A30E' '300C'              #  [3] padata = SEQUENCE OF
-+     '300A'                     #   SEQUENCE
-+     'A104' '0202' '008A'       #    [1] padata-type = PA-ENCRYPTED-CHALLENGE
-+     'A202' '0400'              #    [2] padata-value = ""
-+     'A48180' '307E'            #  [4] req-body = SEQUENCE
-+     'A007' '0305' '0000000000' #   [0] kdc-options = 0
-+     'A120' '301E'              #   [1] cname = SEQUENCE
-+     'A003' '0201' '01'         #    [0] name-type = NT-PRINCIPAL
-+     'A117' '3015'              #    [1] name-string = SEQUENCE-OF
-+     '1B06' '6B7262746774'      #     krbtgt
-+     '1B0B' '4B5242544553542E434F4D'
-+                                #     KRBTEST.COM
-+     'A20D' '1B0B' '4B5242544553542E434F4D'
-+                                #   [2] realm = KRBTEST.COM
-+     'A320' '301E'              #   [3] sname = SEQUENCE
-+     'A003' '0201' '01'         #    [0] name-type = NT-PRINCIPAL
-+     'A117' '3015'              #    [1] name-string = SEQUENCE-OF
-+     '1B06' '6B7262746774'      #     krbtgt
-+     '1B0B' '4B5242544553542E434F4D'
-+                                #     KRBTEST.COM
-+     'A511' '180F' '31393934303631303036303331375A'
-+                                #   [5] till = 19940610060317Z
-+     'A703' '0201' '00'         #   [7] nonce = 0
-+     'A808' '3006'              #   [8] etype = SEQUENCE OF
-+     '020112' '020111')         #    aes256-cts aes128-cts
-+
-+s.sendto(bytes.fromhex(m), a)
-+
-+# Make sure kinit still works.
-+realm.kinit(realm.user_princ, password('user'))
-+
-+success('CVE-2021-36222 regression test')
diff --git a/kdc.conf b/kdc.conf
index bec794663f1695c93dc79f239f4d8e28b52409c2..fbe93caf678fb4e3759d6d05fb880168d4ca4ec5 100644
--- a/kdc.conf
+++ b/kdc.conf
@@ -8,5 +8,5 @@
   acl_file = /var/kerberos/krb5kdc/kadm5.acl
   dict_file = /usr/share/dict/words
   admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
-  permitted_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
+  supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal
  }
diff --git a/krb5-1.19.1.tar.gz.asc b/krb5-1.19.1.tar.gz.asc
deleted file mode 100644
index dbd55f29cf618e483bbae8c62e67945f78fa02f6..0000000000000000000000000000000000000000
--- a/krb5-1.19.1.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmAuntAACgkQDLoIV1+D
-ct8TIhAArFittFBcz4ZfMxqhHVGdK6kOeQXrrV27d3FW6y28BvS7yHJ8CkyK+I3g
-4rsaaf7srkH8jaiCjmjHC2rWJIuceOwkD4GRqXtb2CiqKxXI9eZ+g9ipB7DGKixg
-+1nki7mOhd3oaeUkCRFXgyiOqSE/ird7/itLYzEoAroLpTazNp6Kk4gXmhJIENlq
-dj1God+JxhuwzzWZRdsy2SyvMQPQMOTIilsXRboObZFvPrhZKkJmgNm+RzU/YRSg
-/1Po7takBXq8qhgnwPHTnTPb+BYRdrqQc/a2WcmEdgbzeMpijNmkFsgAFeKDijSz
-1nmFO4SQd/rAfgUovkDd+GMAYZ6DCLFqoI/WeKOgCrRMxJMMRbLlr48bTvMwjuIl
-xE5gy8h2Iju/UP1lxz8KheCm/FyNzNw4pe74zbGgK5fdiEQ8xNlKZOs9LRrtvyfL
-j1G+IX6cK+5yTo/NceYjnHVAatbuW6C6xJmsIQ1GYdMPvto7Wctq/4/BmwxqgFAJ
-HCPuQgAGi875JpPYvi/c3tioRiIPwOz54CXCrcFyKELvgHi6lGN6MRNSzAP4QdA0
-HlXZQ4/4NFOJxjLGu9ZXKUbYPaGizhI+ayzg5/RJLHPIgW7yLvwFqkBIa1xs26bA
-xiP5JKuDC4mqDPwVjwpufkUBH6SoBFnbiIWEYSKVPLJFw+Dbhv0=
-=PP6r
------END PGP SIGNATURE-----
diff --git a/krb5-1.19.1.tar.gz b/krb5-1.19.2.tar.gz
similarity index 53%
rename from krb5-1.19.1.tar.gz
rename to krb5-1.19.2.tar.gz
index ea39f18fd83f66ab9d594ff5f5d995f3adbaa804..a96d447d291d7c481cfb584724604bc2267c9435 100644
Binary files a/krb5-1.19.1.tar.gz and b/krb5-1.19.2.tar.gz differ
diff --git a/krb5-1.19.2.tar.gz.asc b/krb5-1.19.2.tar.gz.asc
new file mode 100644
index 0000000000000000000000000000000000000000..8b892e63eb9b90068126aa3b673480ab3877288d
--- /dev/null
+++ b/krb5-1.19.2.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEExEk8tzn0qJ+YUsvCDLoIV1+Dct8FAmD5qLoACgkQDLoIV1+D
+ct9NEw//XhDJPE38UzvURT/RsuL3TQZoHGHtRA/seXcKkrX1wFLUjnOUK39RxzkS
+5y0BGOBoByGlqMxcpBlQv3mdtOAkdbgUtb9sT90eUObsG3cqa/0ou3Nm2ta+UNb7
+UC72UC9ZCXzUEl3be2/q/geHHE69e62t4YGcnwZ4koI3b/cZU6xL3N0ox9Gxdi37
++rUe7i5TZAKvKo+eKhLpC/k1F0HSvLzxcPyRlfpAYb607lvc4MYNvbOZZUk8aNEt
+0OhoSak1mXSdYwt4HHTj2NY1q5d+wviGOYby/Q1Wv7qVZHLFvCCr7Lr7ba0bIWas
+cYl13OgLq2uwA85k9/BzAxIgPVpMpt0aRaoTeiH2fKm8kNA9YfIagyRgX4vNfFWp
+RKXpVu5SFNMgFVAHJu/QID8Lf8YV/PU4H7kdMyFy9gA66nTN4KvdeoRyrHgv2r1c
+c5MhV9bJDDFalC1VLYTJ3iSZFy5Y95wrr59KI2OTQKgQxsylfGXW+OR1hWKua5Y5
+nqF0b/TKiryrdah3aw2Ac78MggC+3RDHQ8yHG4tC0/nJzbf4WnP6lqUJhQIat+lE
+g62Kh+fAUjuYw/8tuxVUFlMMa9cDHV7XGGYQS/JoUq/BaGWheNYrvPXxr4u0oSOa
+kJyOUfZuJvgiDakbEAuVNm8Gr6lKDH/omn8dl9r/CHdyEANqvi0=
+=QM0F
+-----END PGP SIGNATURE-----
diff --git a/krb5.spec b/krb5.spec
index 845ce3d6e297cd6ed4320af002f237ca38b95aaa..92b07eada306cca54173022776004ae76d6c030a 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -2,8 +2,8 @@
 %global WITH_DIRSRV 1
 
 Name:     krb5
-Version:  1.19.1
-Release:  3
+Version:  1.19.2
+Release:  1
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -26,8 +26,7 @@ Patch3: netlib-and-dns.patch
 Patch4: fix-debuginfo-with-y.tab.c.patch
 Patch5: Remove-3des-support.patch
 Patch6: FIPS-with-PRNG-and-RADIUS-and-MD4.patch
-Patch7: backport-CVE-2021-36222.patch
-Patch8: backport-CVE-2021-37750.patch
+Patch7: backport-CVE-2021-37750.patch
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -319,6 +318,9 @@ make -C src check || :
 %{_mandir}/man8/*
 
 %changelog
+* Mon Dec 13 2021 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-1
+- Update to 1.19.2
+
 * Wed Aug 25 2021 gaoyusong <gaoyusong1@huawei.com> - 1.19.1-3
 - Fix CVE-2021-37750