diff --git a/CVE-2022-0699.patch b/CVE-2022-0699.patch
new file mode 100644
index 0000000..f443af3
--- /dev/null
+++ b/CVE-2022-0699.patch
@@ -0,0 +1,10 @@
+--- a/contrib/shpsort.c	2022-08-17 14:48:59.276669116 +0800
++++ b/contrib/shpsort.c	2022-08-17 14:49:22.836834517 +0800
+@@ -279,7 +279,6 @@
+ 	free(result[--i]);
+       }
+       free(result);
+-      free(copy);
+       return NULL;
+     }
+     result = tmp;
diff --git a/shapelib.spec b/shapelib.spec
index dd3d375..d3592d2 100644
--- a/shapelib.spec
+++ b/shapelib.spec
@@ -1,12 +1,14 @@
 Name:           shapelib
 Version:        1.5.0
-Release:        1
+Release:        2
 Summary:        A Shapefile C Library
 License:        (LGPLv2+ or MIT) and GPLv2+ and Public Domain
 URL:            http://shapelib.maptools.org/
 Source0:        http://download.osgeo.org/shapelib/%{name}-%{version}.tar.gz
 Source1:        https://salsa.debian.org/debian-gis-team/shapelib/-/archive/master/shapelib-master.tar.gz
 
+Patch0:         CVE-2022-0699.patch
+
 BuildRequires:  automake autoconf libtool gcc-c++ make
 BuildRequires:  rubygem-ronn-ng
 
@@ -72,6 +74,9 @@ install -pm 0644 man/*.1 %{buildroot}%{_mandir}/man1/
 %{_mandir}/man1/*.1*
 
 %changelog
+* Wed Aug 17 2022 luopihui <luopihui@ncti-gba.cn> - 1.5.0-2
+- Fix CVE-2022-0699
+
 * Tue Feb 15 2022 xu_ping <xuping33@huawei.com> - 1.5.0-1
 - Upgrage 1.5.0