diff --git a/0002-fix-compat-test.patch b/0002-fix-compat-test.patch
index d302aa9e2f2d1f9681247aaf69578b3648ae9551..172aa35ae3f4d828b9ab3e3517a16f0306885683 100644
--- a/0002-fix-compat-test.patch
+++ b/0002-fix-compat-test.patch
@@ -8,10 +8,10 @@ Subject: [PATCH 2/2] fix compat test
  1 file changed, 8 insertions(+), 7 deletions(-)
 
 diff --git a/tests/compat-test b/tests/compat-test
-index a61453e..7ee946e 100755
+index a71b247..9e395b1 100755
 --- a/tests/compat-test
 +++ b/tests/compat-test
-@@ -22,6 +22,7 @@ PWD0="compatkey"
+@@ -23,6 +23,7 @@ PWD0="compatkey"
  PWD1="93R4P4pIqAH8"
  PWD2="mymJeD8ivEhE"
  PWD3="ocMakf3fAcQO"
@@ -19,7 +19,7 @@ index a61453e..7ee946e 100755
  PWDW="rUkL4RUryBom"
  VK_FILE="compattest_vkfile"
  
-@@ -225,17 +226,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
+@@ -239,17 +240,17 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
  echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail
  echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail
  echo "[4] change key"
@@ -41,26 +41,29 @@ index a61453e..7ee946e 100755
  [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
  echo $PWD2 | $CRYPTSETUP luksOpen $IMG --test-passphrase 2>/dev/null && fail
  [ $? -ne 1 ] && fail "luksOpen should return ENOENT exit code"
-@@ -867,16 +868,16 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
- send "YES\n"
+@@ -866,11 +867,11 @@ set timeout $EXPECT_TIMEOUT
+ eval spawn $CRYPTSETUP_RAW luksOpen -v -T 2 $LOOPDEV $DEV_NAME
  expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  sleep 0.1
--send "$PWD0\n"
-+send "$PWD4\n"
- expect timeout abort "Verify passphrase:"
+-send "$PWD0 x\n"
++send "$PWD4 x\n"
+ expect timeout abort "No key available with this passphrase."
+ expect timeout abort "Enter passphrase for $EXPECT_DEV:"
  sleep 0.1
--send "$PWD0\n"
-+send "$PWD4\n"
- expect timeout abort "Command successful."
+-send "$PWD0 y\n"
++send "$PWD4 y\n"
+ expect timeout abort "No key available with this passphrase."
  expect timeout abort eof
- eval spawn $CRYPTSETUP luksOpen -v $LOOPDEV --test-passphrase
- expect timeout abort "Enter passphrase for $EXPECT_DEV:"
+ exit
+@@ -886,7 +887,7 @@ expect timeout abort "Are you sure? (Type 'yes' in capital letters):"
+ send "YES\n"
+ expect timeout abort "Enter any remaining passphrase:"
  sleep 0.1
 -send "$PWD0\n"
 +send "$PWD4\n"
  expect timeout abort "Command successful."
  expect timeout abort eof
- exit
+ eval spawn $CRYPTSETUP_RAW luksKillSlot -v $LOOPDEV 0
 -- 
-1.8.3.1
+2.30.0
 
diff --git a/0003-Check-segment-gaps-regardless-of-heap-space.patch b/0003-Check-segment-gaps-regardless-of-heap-space.patch
deleted file mode 100644
index 98895090facb1b0dc463616981b0184f6aee8b50..0000000000000000000000000000000000000000
--- a/0003-Check-segment-gaps-regardless-of-heap-space.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From e8e71e43c3ff2dca951d30af48708bcb411e47d2 Mon Sep 17 00:00:00 2001
-From: Tobias Stoeckmann <tobias@stoeckmann.org>
-Date: Mon, 24 Aug 2020 19:21:43 +0200
-Subject: [PATCH 3/5] Check segment gaps regardless of heap space.
-
-Segments are validated in hdr_validate_segments. Gaps in segment keys
-are detected when collecting offsets. But if an invalid segment is very
-large, larger than count, it could happen that cryptsetup is unable to
-allocate enough memory, not giving a clue about what actually is the
-problem.
-
-Therefore check for gaps even if not enough memory is available. This
-gives much more information with debug output enabled.
-
-Obviously cryptsetup still fails if segments are perfectly fine but not
-enough RAM available. But at that stage, the user knows that it's the
-fault of the system, not of an invalid segment.
----
- lib/luks2/luks2_json_metadata.c | 19 ++++++++++++-------
- 1 file changed, 12 insertions(+), 7 deletions(-)
-
-diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
-index e346067..e4e1424 100644
---- a/lib/luks2/luks2_json_metadata.c
-+++ b/lib/luks2/luks2_json_metadata.c
-@@ -679,11 +679,10 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
- 	if (first_backup < 0)
- 		first_backup = count;
- 
--	intervals = malloc(first_backup * sizeof(*intervals));
--	if (!intervals) {
--		log_dbg(cd, "Not enough memory.");
--		return 1;
--	}
-+	if (first_backup <= count && (size_t)first_backup < SIZE_MAX / sizeof(*intervals))
-+		intervals = malloc(first_backup * sizeof(*intervals));
-+	else
-+		intervals = NULL;
- 
- 	for (i = 0; i < first_backup; i++) {
- 		jobj = json_segments_get_segment(jobj_segments, i);
-@@ -692,8 +691,14 @@ static int hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj)
- 			free(intervals);
- 			return 1;
- 		}
--		intervals[i].offset = json_segment_get_offset(jobj, 0);
--		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
-+		if (intervals != NULL) {
-+			intervals[i].offset = json_segment_get_offset(jobj, 0);
-+			intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
-+		}
-+	}
-+	if (intervals == NULL) {
-+		log_dbg(cd, "Not enough memory.");
-+		return 1;
- 	}
- 
- 	r = !validate_segment_intervals(cd, first_backup, intervals);
--- 
-1.8.3.1
-
diff --git a/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch b/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch
deleted file mode 100644
index c0f11da09dded39108809e4d4663fccf63752601..0000000000000000000000000000000000000000
--- a/0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 88b2d1af10922e0defb3eeacac6bb03aab9cbd60 Mon Sep 17 00:00:00 2001
-From: Ondrej Kozina <okozina@redhat.com>
-Date: Thu, 27 Aug 2020 12:12:13 +0200
-Subject: [PATCH 4/5] Fix posible buffer overflows in LUKS conversion.
-
-cipher[31] and cipher_mode[31] buffers were passed to
-crypt_parse_name_and_mode() routine where sscanf(s, "%31[^-]-%31s",
-cipher, cipher_mode) was called.
-
-In corner case it could cause terminating 0 byte written beyond
-respective arrays.
----
- lib/luks2/luks2_luks1_convert.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
-index 603c44d..9b70df1 100644
---- a/lib/luks2/luks2_luks1_convert.c
-+++ b/lib/luks2/luks2_luks1_convert.c
-@@ -675,7 +675,7 @@ static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *h
- int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct luks_phdr *hdr1)
- {
- 	size_t buf_size, buf_offset;
--	char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
-+	char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
- 	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
- 	const char *hash;
- 	size_t len;
--- 
-1.8.3.1
-
diff --git a/0005-Fix-a-memleak-in-blockwise-test.patch b/0005-Fix-a-memleak-in-blockwise-test.patch
deleted file mode 100644
index d821e7e15b52354f1d0c44112a0f305ec9ce4ec2..0000000000000000000000000000000000000000
--- a/0005-Fix-a-memleak-in-blockwise-test.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From fa57d76de233e22afd79e81c98a741c23dae3498 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Sat, 29 Aug 2020 12:21:32 +0200
-Subject: [PATCH 5/5] Fix a memleak in blockwise test.
-
----
- tests/unit-utils-io.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/unit-utils-io.c b/tests/unit-utils-io.c
-index ff5be52..9e59234 100644
---- a/tests/unit-utils-io.c
-+++ b/tests/unit-utils-io.c
-@@ -99,7 +99,7 @@ static int test_write_buffer(void)
- 	if (ret < 0)
- 		goto out;
- 
--	return (size_t) ret == test_length ? 0 : -EIO;
-+	ret = (size_t) ret == test_length ? 0 : -EIO;
- out:
- 	if (fd >= 0)
- 		close(fd);
--- 
-1.8.3.1
-
diff --git a/cryptsetup-2.3.3.tar.xz b/cryptsetup-2.4.1.tar.xz
similarity index 81%
rename from cryptsetup-2.3.3.tar.xz
rename to cryptsetup-2.4.1.tar.xz
index 674c6aa1a4242d0fd5d3d75dacddba8ed5078db8..311c89fc14aed76fcbe8362203821298744514d6 100644
Binary files a/cryptsetup-2.3.3.tar.xz and b/cryptsetup-2.4.1.tar.xz differ
diff --git a/cryptsetup.spec b/cryptsetup.spec
index 699656927c1df53a1e8dcab873931394520095e1..fab5ca37a90db89be31df76e2810b0c0a0ebe5e0 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,18 +1,15 @@
 Name:     cryptsetup
-Version:  2.3.3
-Release:  5
+Version:  2.4.1
+Release:  1
 Summary:  Utility used to conveniently set up disk encryption
 License:  GPLv2+ and LGPLv2+
 URL:      https://gitlab.com/cryptsetup/cryptsetup
-Source0:  https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-%{version}.tar.xz
+Source0:  https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{version}.tar.xz
 
 Patch1:  0001-cryptsetup-add-system-library-paths.patch
 Patch2:  0002-fix-compat-test.patch
-Patch3:  0003-Check-segment-gaps-regardless-of-heap-space.patch
-Patch4:  0004-Fix-posible-buffer-overflows-in-LUKS-conversion.patch
-Patch5:  0005-Fix-a-memleak-in-blockwise-test.patch
 
-BuildRequires: openssl-devel, popt-devel, device-mapper-devel,  gcc
+BuildRequires: openssl-devel, popt-devel, device-mapper-devel,  gcc, libssh-devel
 BuildRequires: libuuid-devel, json-c-devel, libargon2-devel, libpwquality-devel, libblkid-devel
 Requires:      libpwquality >= 1.2.0
 
@@ -88,10 +85,13 @@ make check
 %license COPYING COPYING.LGPL AUTHORS
 %doc docs/*
 %{_sbindir}/cryptsetup
+%{_sbindir}/cryptsetup-ssh
 %{_libdir}/libcryptsetup.so.*
+%{_libdir}/cryptsetup/*.so
 %{_tmpfilesdir}/cryptsetup.conf
 %ghost %dir /run/cryptsetup
 %exclude %{_libdir}/*.la
+%exclude %{_libdir}/cryptsetup/*.la
 
 %files devel
 %doc docs/examples/*
@@ -113,6 +113,9 @@ make check
 %{_mandir}/man8/*
 
 %changelog
+* Wed Nov 17 2021 Wenchao Hao <haowenchao@huawei.com> - 2.4.1-1
+- Update to 2.4.1 version
+
 * Fri Jul 30 2021 chenyanpanHW <chenyanpan@huawei.com> - 2.3.3-5
 - DESC: delete -S git from %autosetup, and delete BuildRequires git