diff --git a/tigervnc.spec b/tigervnc.spec
index 38bb2dc7002daa73caf900f1ca729edb21b87981..c1e60256f8ad3b46645f84cd9edc0aa1872b06af 100644
--- a/tigervnc.spec
+++ b/tigervnc.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 1.1
 #defining macros needed by SELinux
 %global selinuxtype targeted
 %global modulename vncsession
@@ -30,6 +30,9 @@ Patch50:        tigervnc-vncsession-restore-script-systemd-service.patch
 # This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
 Patch100:       tigervnc-xserver120.patch
 
+#https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c684d035c06fd41c727f0ef0744517580864cef
+Patch1000:      xorg-CVE-2024-31082.patch
+
 BuildRequires:  make
 BuildRequires:  gcc-c++
 BuildRequires:  automake, autoconf, libtool, gettext, gettext-autopoint
@@ -152,15 +155,16 @@ runs properly under an environment with SELinux enabled.
 %prep
 %setup -q
 
-%patch50 -p1 -b .vncsession-restore-script-systemd-service
+%patch -P50 -p1 -b .vncsession-restore-script-systemd-service
 
 cp -r /usr/share/xorg-x11-server-source/* unix/xserver
 pushd unix/xserver
 for all in `find . -type f -perm -001`; do
         chmod -x "$all"
 done
-%patch100 -p1 -b .xserver120-rebased
+%patch -P100 -p1 -b .xserver120-rebased 
 popd
+#%patch1000 -p1
 
 # Downstream patches
 
@@ -331,6 +335,9 @@ fi
 %ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
 
 %changelog
+* Tue Oct 22 2024 yangxinyu <yangxinyu@nfschina.com> - 1.13.1-1.1
+- fix cve-2024-31082
+
 * Wed Mar 08 2023 Ziyang Zhang <ZiyangZhang@linux.alibaba.com> - 1.13.1-1
 - Update to 1.13.1(Add libappstream-glib and libXrender-devel build requirement)
 
diff --git a/xorg-CVE-2024-31082.patch b/xorg-CVE-2024-31082.patch
new file mode 100644
index 0000000000000000000000000000000000000000..df0a498f1c69daa5099e89c6ac3227fac928e3ee
--- /dev/null
+++ b/xorg-CVE-2024-31082.patch
@@ -0,0 +1,47 @@
+From 6c684d035c06fd41c727f0ef0744517580864cef Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Fri, 22 Mar 2024 19:07:34 -0700
+Subject: [PATCH 3/4] Xquartz: ProcAppleDRICreatePixmap needs to use unswapped
+ length to send reply
+
+CVE-2024-31082
+
+Fixes: 14205ade0 ("XQuartz: appledri: Fix byte swapping in replies")
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
+---
+ hw/xquartz/xpr/appledri.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/hw/xquartz/xpr/appledri.c b/hw/xquartz/xpr/appledri.c
+index 77574655b..40422b61a 100644
+--- a/hw/xquartz/xpr/appledri.c
++++ b/hw/xquartz/xpr/appledri.c
+@@ -272,6 +272,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
+     xAppleDRICreatePixmapReply rep;
+     int width, height, pitch, bpp;
+     void *ptr;
++    CARD32 stringLength;
+ 
+     REQUEST_SIZE_MATCH(xAppleDRICreatePixmapReq);
+ 
+@@ -307,6 +308,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
+     if (sizeof(rep) != sz_xAppleDRICreatePixmapReply)
+         ErrorF("error sizeof(rep) is %zu\n", sizeof(rep));
+ 
++    stringLength = rep.stringLength;  /* save unswapped value */
+     if (client->swapped) {
+         swaps(&rep.sequenceNumber);
+         swapl(&rep.length);
+@@ -319,7 +321,7 @@ ProcAppleDRICreatePixmap(ClientPtr client)
+     }
+ 
+     WriteToClient(client, sizeof(rep), &rep);
+-    WriteToClient(client, rep.stringLength, path);
++    WriteToClient(client, stringLength, path);
+ 
+     return Success;
+ }
+-- 
+2.44.0
+