diff --git a/0001-cms_common-Fixed-Segmentation-fault.patch b/0001-cms_common-Fixed-Segmentation-fault.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4464ed037fab53b8f7429e5c1ad34da9926a1365
--- /dev/null
+++ b/0001-cms_common-Fixed-Segmentation-fault.patch
@@ -0,0 +1,27 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Nicolas Frayer <nfrayer@redhat.com>
+Date: Mon, 20 Feb 2023 15:26:20 +0100
+Subject: [PATCH] cms_common: Fixed Segmentation fault
+
+When running efikeygen, the binary crashes with a segfault due
+to dereferencing a **ptr instead of a *ptr.
+
+Signed-off-by: Nicolas Frayer <nfrayer@redhat.com>
+(cherry picked from commit 227435af461f38fc4abeafe02884675ad4b1feb4)
+---
+ src/cms_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cms_common.c b/src/cms_common.c
+index 24576f2..89d946a 100644
+--- a/src/cms_common.c
++++ b/src/cms_common.c
+@@ -956,7 +956,7 @@ find_certificate_by_issuer_and_sn(cms_context *cms,
+ 	if (!ias)
+ 		cnreterr(-1, cms, "invalid issuer and serial number");
+ 
+-	return find_certificate_by_callback(cms, match_issuer_and_serial, &ias, cert);
++	return find_certificate_by_callback(cms, match_issuer_and_serial, ias, cert);
+ }
+ 
+ int
diff --git a/115.tar.gz b/115.tar.gz
deleted file mode 100644
index 6817ef25cb3f01555b3c4d63dd7c9e8345ea3e7a..0000000000000000000000000000000000000000
Binary files a/115.tar.gz and /dev/null differ
diff --git a/116.tar.gz b/116.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..ab4cf75130a2b6390af9d4fc1daa956c40579380
Binary files /dev/null and b/116.tar.gz differ
diff --git a/Bugfix-Free-resources-if-certificate-cannot-be-found.patch b/Bugfix-Free-resources-if-certificate-cannot-be-found.patch
deleted file mode 100644
index b128b2c83c0b47b1b4480cb3237f3bef1728db9c..0000000000000000000000000000000000000000
--- a/Bugfix-Free-resources-if-certificate-cannot-be-found.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From d8ea40d773dc1bcd90d8fc3b1f71ce49044ccef0 Mon Sep 17 00:00:00 2001
-From: Chenxi Mao <chenxi.mao@suse.com>
-Date: Tue, 13 Dec 2022 22:12:29 +0800
-Subject: [PATCH 1/1] Free resources if certificate cannot be found
-
-In find_certificate_by_callback, function return -1 directly without
-free resource if node is null, that will lead to nss shut down failed.
-
-The error message as below:
-could not shut down NSS: NSS could not shutdown. Objects are still in use.
-
-To fix this issue, free all resources before function return -1.
-
-Signed-off-by: Chenxi Mao <chenxi.mao@suse.com>
----
- src/cms_common.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/cms_common.c b/src/cms_common.c
-index 1c54c90..24576f2 100644
---- a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -878,8 +878,12 @@ find_certificate_by_callback(cms_context *cms,
- 		}
- 	}
- 
--	if (!node)
-+	if (!node) {
-+		PK11_DestroySlotListElement(slots, &psle);
-+		PK11_FreeSlotList(slots);
-+		CERT_DestroyCertList(certlist);
- 		cnreterr(-1, cms, "Could not find certificate");
-+	}
- 
- 	*cert = CERT_DupCertificate(node->cert);
- 
--- 
-2.33.0
-
diff --git a/Feature-pesign-support-SM2-signature-algorithm.patch b/Feature-pesign-support-SM2-signature-algorithm.patch
deleted file mode 100644
index 682dce5df0df9fbd8dc7f1ab0a6cebae236d3457..0000000000000000000000000000000000000000
--- a/Feature-pesign-support-SM2-signature-algorithm.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 6c47b45347c946221a8acc3ea3a6a9cfcd734756 Mon Sep 17 00:00:00 2001
-From: godcansee <liu332084460@foxmail.com>
-Date: Sun, 2 Oct 2022 04:33:40 +0800
-Subject: [PATCH 2/2] pesign support SM2 signature algorithm.
-
-Co-authored-by:Huaxin Lu <luhuaxin1@huawei.com>
----
- src/signer_info.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 71 insertions(+), 1 deletion(-)
-
-diff --git a/src/signer_info.c b/src/signer_info.c
-index afa00e2..4aabf5d 100644
---- a/src/signer_info.c
-+++ b/src/signer_info.c
-@@ -157,6 +157,65 @@ err:
- 	return -1;
- }
- 
-+#if defined(CKM_SM2_WITH_SM3) || defined(CKM_NSS_SM2_WITH_SM3)
-+static int sm2_sign(SECItem *sig, cms_context *cms, SECKEYPrivateKey *privkey,
-+		SECItem *content, SECOidData *oid)
-+{
-+	int ret = -1;
-+	SECKEYPublicKey *pubkey = NULL;
-+	unsigned char *buf = NULL;
-+	SECStatus status;
-+	SECItem sig_raw = { 0 };
-+
-+	pubkey = CERT_ExtractPublicKey(cms->cert);
-+	if (!pubkey) {
-+		cms->log(cms, LOG_ERR, "could not get public key");
-+		return -1;
-+	}
-+
-+	if (pubkey->keyType != ecKey) {
-+		cms->log(cms, LOG_ERR, "invalid key type for sm2");
-+		goto out;
-+	}
-+
-+	buf = malloc(content->len + SM3_LENGTH);
-+	if (!buf) {
-+		cms->log(cms, LOG_ERR, "fail to alloc item");
-+		goto out;
-+	}
-+
-+	status = SEC_CreateSM2Digest(buf, &pubkey->u.ec.publicValue);
-+	if (status != SECSuccess) {
-+		cms->log(cms, LOG_ERR, "fail to compute sm2 z digest");
-+		goto out;
-+	}
-+
-+	memcpy(buf + SM3_LENGTH, content->data, content->len);
-+	status = SEC_SignData(&sig_raw, buf, content->len + SM3_LENGTH,
-+			privkey, oid->offset);
-+	if (status != SECSuccess) {
-+		cms->log(cms, LOG_ERR, "fail to sign data with sm2");
-+		goto out;
-+	}
-+
-+	status = DSAU_EncodeDerSigWithLen(sig, &sig_raw, 64);
-+	if (status != SECSuccess) {
-+		cms->log(cms, LOG_ERR, "fail to encode sm2 sig");
-+		goto out;
-+	}
-+
-+	ret = 0;
-+out:
-+	SECKEY_DestroyPublicKey(pubkey);
-+	if (buf)
-+		free(buf);
-+	if (sig_raw.data)
-+		PORT_Free(sig_raw.data);
-+
-+	return ret;
-+}
-+#endif
-+
- static int
- sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content)
- {
-@@ -169,7 +228,8 @@ sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content)
- 		return -1;
- 	}
- 
--	SECOidData *oid = SECOID_FindOIDByTag(digest_get_signature_oid(cms));
-+	SECOidTag oidt = digest_get_signature_oid(cms);
-+	SECOidData *oid = SECOID_FindOIDByTag(oidt);
- 	if (!oid)
- 		goto err;
- 
-@@ -186,8 +246,18 @@ sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content)
- 	memset (&tmp, '\0', sizeof (tmp));
- 
- 	SECStatus status;
-+#if defined(CKM_SM2_WITH_SM3) || defined(CKM_NSS_SM2_WITH_SM3)
-+	if (oidt == SEC_OID_SM2_WITH_SM3) {
-+		status = sm2_sign(&tmp, cms, privkey, sign_content, oid) ?
-+			SECFailure : SECSuccess;
-+	} else {
-+		status = SEC_SignData(&tmp, sign_content->data, sign_content->len,
-+				privkey, oid->offset);
-+	}
-+#else
- 	status = SEC_SignData(&tmp, sign_content->data, sign_content->len,
- 			privkey, oid->offset);
-+#endif
- 	SECKEY_DestroyPrivateKey(privkey);
- 	privkey = NULL;
- 
--- 
-2.33.0
-
diff --git a/Feature-pesign-support-SM3-digest-algorithm.patch b/Feature-pesign-support-SM3-digest-algorithm.patch
deleted file mode 100644
index dbfb020e8c19dbecdb099c0f319eac6be6ecf38c..0000000000000000000000000000000000000000
--- a/Feature-pesign-support-SM3-digest-algorithm.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From fa5e86eca363b8d2bcf23feedcc86fdd076be7d4 Mon Sep 17 00:00:00 2001
-From: godcansee <liu332084460@foxmail.com>
-Date: Sun, 2 Oct 2022 04:23:35 +0800
-Subject: [PATCH 1/2] pesign support SM3 digest algorithm.
-
----
- src/cms_common.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/cms_common.c b/src/cms_common.c
-index d13b2cb..7b6dc0e 100644
---- a/src/cms_common.c
-+++ b/src/cms_common.c
-@@ -68,6 +68,15 @@ static struct digest_param digest_params[] = {
- 	 .size = 20
- 	},
- #endif
-+#if defined(CKM_SM2_WITH_SM3) || defined(CKM_NSS_SM2_WITH_SM3)
-+	{.name = "sm3",
-+	 .digest_tag = SEC_OID_SM3,
-+	 .signature_tag = SEC_OID_SM2_WITH_SM3,
-+	 .digest_encryption_tag = SEC_OID_SM2_WITH_SM3,
-+	 .efi_guid = NULL,
-+	 .size = 32
-+	},
-+#endif
- };
- static int n_digest_params = sizeof (digest_params) / sizeof (digest_params[0]);
- 
--- 
-2.33.0
-
diff --git a/Fix-CVE-2022-3560.patch b/Fix-CVE-2022-3560.patch
deleted file mode 100644
index a5506a1c514770459615fe889c7a095c59b46b84..0000000000000000000000000000000000000000
--- a/Fix-CVE-2022-3560.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From d8a8c259994d0278c59b30b41758a8dd0abff998 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Wed, 18 Jan 2023 14:00:22 -0500
-Subject: [PATCH] Use normal file permissions instead of ACLs
-
-Fixes a symlink attack that can't be mitigated using getfacl/setfacl.
-
-pesign-authorize is now deprecated and will be removed in a future
-release.
-
-Resolves: CVE-2022-3560
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
----
- src/pesign-authorize.in | 50 +++--------------------------------------
- 1 file changed, 3 insertions(+), 47 deletions(-)
-
-diff --git a/src/pesign-authorize.in b/src/pesign-authorize.in
-index 69797d5..b4e89e0 100644
---- a/src/pesign-authorize.in
-+++ b/src/pesign-authorize.in
-@@ -2,56 +2,12 @@
- set -e
- set -u
- 
--#
--# With /run/pesign/socket on tmpfs, a simple way of restoring the
--# acls for specific users is useful
--#
--#  Compare to: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6
--#
--
- # License: GPLv2
--declare -a fileusers=()
--declare -a dirusers=()
--while read -r user ; do
--	dirusers[${#dirusers[@]}]=-m
--	dirusers[${#dirusers[@]}]="u:$user:rwx"
--	fileusers[${#fileusers[@]}]=-m
--	fileusers[${#fileusers[@]}]="u:$user:rw"
--done </etc/pesign/users
--
--declare -a filegroups=()
--declare -a dirgroups=()
--while read -r group ; do
--	dirgroups[${#dirgroups[@]}]=-m
--	dirgroups[${#dirgroups[@]}]="g:$group:rwx"
--	filegroups[${#filegroups[@]}]=-m
--	filegroups[${#filegroups[@]}]="g:$group:rw"
--done </etc/pesign/groups
--
--update_subdir() {
--	subdir=$1 && shift
- 
--	setfacl -bk "${subdir}"
--	setfacl "${dirusers[@]}" "${dirgroups[@]}" "${subdir}"
--	for x in "${subdir}"* ; do
--		if [ -d "${x}" ]; then
--			setfacl -bk "${x}"
--			setfacl "${dirusers[@]}" "${dirgroups[@]}" "${x}"
--			update_subdir "${x}/"
--		elif [ -e "${x}" ]; then
--			setfacl -bk "${x}"
--			setfacl "${fileusers[@]}" "${filegroups[@]}" "${x}"
--		else
--			:;
--		fi
--	done
--}
-+# This script is deprecated and will be removed in a future release.
- 
- sleep 3
- for x in @@RUNDIR@@pesign/ /etc/pki/pesign/ ; do
--	if [ -d "${x}" ]; then
--		update_subdir "${x}"
--	else
--		:;
--	fi
-+	chown -R pesign:pesign "${x}" || true
-+	chmod -R ug+rwX "${x}" || true
- done
diff --git a/Fix-build-error-of-gcc-version-too-low.patch b/Fix-build-error-of-gcc-version-too-low.patch
index 4a516131e55eb87a5f134cc7092c8352adcaf542..742211557cddd65af7184f719e2d7155984b01e2 100644
--- a/Fix-build-error-of-gcc-version-too-low.patch
+++ b/Fix-build-error-of-gcc-version-too-low.patch
@@ -4,36 +4,14 @@ Date: Mon, 7 Nov 2022 20:41:08 +0800
 Subject: [PATCH] fix build error of gcc version too low
 
 ---
- src/daemon.c   | 3 ---
  src/password.c | 3 ---
- 2 files changed, 6 deletions(-)
+ 1 file changed, 3 deletions(-)
 
-diff --git a/src/daemon.c b/src/daemon.c
-index 0a66deb..c5061bd 100644
---- a/src/daemon.c
-+++ b/src/daemon.c
-@@ -920,8 +920,6 @@ do_shutdown(context *ctx, int nsockets, struct pollfd *pollfds)
- 
- /* GCC -fanalyzer has trouble with realloc
-  * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */
--#pragma GCC diagnostic push
--#pragma GCC diagnostic ignored "-Wanalyzer-use-of-uninitialized-value"
- static int
- handle_events(context *ctx)
- {
-@@ -1000,7 +998,6 @@ shutdown:
- 	}
- 	return 0;
- }
--#pragma GCC diagnostic pop
- 
- static int
- get_uid_and_gid(context *ctx, char **homedir)
 diff --git a/src/password.c b/src/password.c
-index 05add9a..0f359d2 100644
+index ac1866e..3436ea2 100644
 --- a/src/password.c
 +++ b/src/password.c
-@@ -304,14 +304,11 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
+@@ -312,14 +312,11 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
  
  		/* Workaround for -fanalzer/reallocarray() bug
  		 * https://bugzilla.redhat.com/show_bug.cgi?id=2047926 */
@@ -47,7 +25,7 @@ index 05add9a..0f359d2 100644
 -#pragma GCC diagnostic pop
  
  		span = strspn(start, whitespace_and_eol_chars);
- 		dprintf("whitespace span is %zd", span);
+ 		dbgprintf("whitespace span is %zd", span);
 -- 
-2.27.0
+2.39.1
 
diff --git a/pesign.spec b/pesign.spec
index 844afc8c9647126487acbef4f4192edee70d2136..2fea4948e85308d858c2b3d3223afad0565277d2 100644
--- a/pesign.spec
+++ b/pesign.spec
@@ -1,11 +1,11 @@
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 Name:          pesign
 Summary:       Signing utility for UEFI binaries
-Version:       115
-Release:       4
+Version:       116
+Release:       1
 License:       GPLv2
 URL:           https://github.com/rhboot/pesign
-Source0:       https://github.com/rhboot/pesign/archive/refs/tags/115.tar.gz
+Source0:       https://github.com/rhboot/pesign/archive/refs/tags/116.tar.gz
 Source1:       certs.tar.xz
 Source2:       pesign.py
 Source3:       euleros-certs.tar.bz2
@@ -17,13 +17,8 @@ BuildRequires: nss-devel >= 3.13.6-1 efivar-devel >= 31-1 libuuid-devel tar xz
 BuildRequires: python3-rpm-macros python3 systemd python3-devel gcc mandoc
 
 Patch0001:     Bugfix-cms_common-fix-cert-match-check.patch
-Patch0002:     Bugfix-Free-resources-if-certificate-cannot-be-found.patch
-
-# Feature: support SM2 and SM3
-Patch9000:     Feature-pesign-support-SM3-digest-algorithm.patch
-Patch9001:     Feature-pesign-support-SM2-signature-algorithm.patch
+Patch0002:     0001-cms_common-Fixed-Segmentation-fault.patch
 Patch9002:     Fix-build-error-of-gcc-version-too-low.patch
-Patch9003:     Fix-CVE-2022-3560.patch
 
 %description
 pesign is a command line tool for manipulating signatures and
@@ -84,22 +79,22 @@ exit 0
 %config(noreplace)/%{_sysconfdir}/pesign/*
 %{_sysconfdir}/popt.d/pesign.popt
 %{macrosdir}/macros.pesign
-%dir %attr(0775,pesign,pesign) /etc/pki/pesign/euleros-pesign-db
-%attr(0644,pesign,pesign) /etc/pki/pesign/euleros-pesign-db/*
 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/socket
 %ghost %attr(0660, -, -) %{_localstatedir}/run/%{name}/pesign.pid
 %{_tmpfilesdir}/pesign.conf
 %{_unitdir}/pesign.service
 %{python3_sitelib}/mockbuild/plugins/*/pesign.*
 %{python3_sitelib}/mockbuild/plugins/pesign.*
-%exclude /boot
 %exclude %{_sysconfdir}/rpm
 
 %files help
-%doc README TODO
+%doc README.md TODO
 %{_mandir}/man*/*
 
 %changelog
+* Thu May 04 2023 chenchen <chen_aka_jan@163.com> - 116-1
+- Update to 116
+
 * Tue Feb 14 2023 luopihui <luopihui@ncti-gba.cn> - 115-4
 - Fix CVE-2022-3560