diff --git a/backport-CVE-2021-3565.patch b/backport-CVE-2021-3565.patch
deleted file mode 100644
index 7fc946d..0000000
--- a/backport-CVE-2021-3565.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001
-From: William Roberts <william.c.roberts@intel.com>
-Date: Fri, 21 May 2021 12:22:31 -0500
-Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
-
-tpm2_import used a fixed AES key for the inner wrapper, which means that
-a MITM attack would be able to unwrap the imported key. Even the
-use of an encrypted session will not prevent this. The TPM only
-encrypts the first parameter which is the fixed symmetric key.
-
-To fix this, ensure the key size is 16 bytes or bigger and use
-OpenSSL to generate a secure random AES key.
-
-Fixes: #2738
-
-Signed-off-by: William Roberts <william.c.roberts@intel.com>
----
- tools/tpm2_import.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
-index cfb6f20..f44326c 100644
---- a/tools/tpm2_import.c
-+++ b/tools/tpm2_import.c
-@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
-     TPM2B_DATA enc_sensitive_key = {
-         .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
-     };
--    memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
-+
-+    if(enc_sensitive_key.size < 16) {
-+        LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
-+        return tool_rc_general_error;
-+    }
-+
-+    int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
-+    if (ossl_rc != 1) {
-+        LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
-+        return tool_rc_general_error;
-+    }
- 
-     /*
-      * Calculate the object name.
--- 
-1.8.3.1
-
diff --git a/backport-Don-t-assume-end-of-argv-is-NULL.patch b/backport-Don-t-assume-end-of-argv-is-NULL.patch
deleted file mode 100644
index 731ee18..0000000
--- a/backport-Don-t-assume-end-of-argv-is-NULL.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From fb1e0d98eca5279bf33304deedd9019b0130393a Mon Sep 17 00:00:00 2001
-From: Erik Larsson <who+github@cnackers.org>
-Date: Sat, 21 Nov 2020 10:59:13 +0100
-Subject: [PATCH] Don't assume end of argv is NULL
-
-On a musl based system argv[optind] && strcmp(...) where optind > argc might read random memory and segfault.
-
-Signed-off-by: Erik Larsson <who+github@cnackers.org>
----
- lib/tpm2_options.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/tpm2_options.c b/lib/tpm2_options.c
-index e9aaa0364..9fa583c60 100644
---- a/lib/tpm2_options.c
-+++ b/lib/tpm2_options.c
-@@ -300,7 +300,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
-             if (argv[optind - 1]) {
-                 if (!strcmp(argv[optind - 1], "--help=no-man") ||
-                     !strcmp(argv[optind - 1], "-h=no-man") ||
--                    (argv[optind] && !strcmp(argv[optind], "no-man"))) {
-+                    (argc < optind && !strcmp(argv[optind], "no-man"))) {
-                     manpager = false;
-                     optind++;
-                 /*
-@@ -309,7 +309,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
-                  */
-                 } else if (!strcmp(argv[optind - 1], "--help=man") ||
-                            !strcmp(argv[optind - 1], "-h=man") ||
--                           (argv[optind] && !strcmp(argv[optind], "man"))) {
-+                           (argc < optind && !strcmp(argv[optind], "man"))) {
-                     manpager = true;
-                     explicit_manpager = true;
-                     optind++;
-@@ -318,7 +318,7 @@ tpm2_option_code tpm2_handle_options(int argc, char **argv,
-                      * argv[0] = "tool name"
-                      * argv[1] = "--help" argv[2] = 0
-                      */
--                    if (!argv[optind] && argc == 2) {
-+                    if (optind >= argc && argc == 2) {
-                         manpager = false;
-                     } else {
-                         /*
diff --git a/tpm2-tools-5.0.tar.gz b/tpm2-tools-5.0.tar.gz
deleted file mode 100644
index 80adb10..0000000
Binary files a/tpm2-tools-5.0.tar.gz and /dev/null differ
diff --git a/tpm2-tools-5.4.tar.gz b/tpm2-tools-5.4.tar.gz
new file mode 100644
index 0000000..ca9dbd6
Binary files /dev/null and b/tpm2-tools-5.4.tar.gz differ
diff --git a/tpm2-tools.spec b/tpm2-tools.spec
index 87e76a1..e5b0d69 100644
--- a/tpm2-tools.spec
+++ b/tpm2-tools.spec
@@ -1,13 +1,11 @@
 Name:          tpm2-tools
-Version:       5.0
-Release:       5
+Version:       5.4
+Release:       1
 Summary:       A TPM2.0 testing tool based on TPM2.0-TSS
 License:       BSD
 URL:           https://github.com/tpm2-software/tpm2-tools
 Source0:       https://github.com/tpm2-software/tpm2-tools/releases/download/%{version}/%{name}-%{version}.tar.gz
 
-Patch0:        backport-Don-t-assume-end-of-argv-is-NULL.patch
-Patch1:        backport-CVE-2021-3565.patch
 
 BuildRequires: gcc-c++ libtool autoconf-archive pkgconfig(cmocka) pkgconfig(libcurl) pkgconfig(openssl)
 BuildRequires: pkgconfig(tss2-mu) pkgconfig(tss2-sys) pkgconfig(tss2-esys) pkgconfig(uuid) libgcrypt
@@ -49,16 +47,19 @@ make check
 
 %files
 %defattr(-,root,root)
-%license doc/LICENSE
+%license docs/LICENSE
 %{_bindir}/*
 %{_datadir}/bash-completion/completions/tpm2*
 %{_datadir}/bash-completion/completions/tss2*
 
 %files help
-%doc README.md doc/CHANGELOG.md
+%doc docs/README.md docs/CHANGELOG.md
 %{_mandir}/*/*
 
 %changelog
+* Tue Dec 20 2022 wangyunjia <yunjia.wang@huawei.com> - 5.4-1
+- update to 5.4
+
 * Mon Sep 27 2021 fuanan <fuanan3@huawei.com> - 5.0-5
 - fix CVE-2021-3565