diff --git a/R.spec b/R.spec
index 003e544f41b5a3f9175a7a0da0d3312e1866eeee..a57fca7d15758bd02168983aac72865f91405281 100644
--- a/R.spec
+++ b/R.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 # We need +x on these files
 %global __brp_mangle_shebangs_exclude_from %{_libdir}/R/bin/
@@ -27,6 +27,11 @@ URL:            https://www.r-project.org
 Source0:        https://cran.r-project.org/src/base/R-4/R-%{version}.tar.gz
 Patch0:         R-3.3.0-fix-java_path-in-javareconf.patch
 
+# https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7
+Patch0001:      fix-CVE-2024-27322.patch
+
+ExcludeArch:    loongarch64
+
 BuildRequires:  gcc-gfortran
 BuildRequires:  gcc-c++
 BuildRequires:  libpng-devel
@@ -282,6 +287,7 @@ from the R project.  This package provides the static libRmath library.
 %prep
 %setup -q
 %patch -P0 -p1 -b .fixpath
+%patch 1 -p1
 
 %build
 # Comment out default R_LIBS_SITE (since R 4.2) and set our own as always
@@ -322,6 +328,13 @@ for i in doc/manual/R-intro.info doc/manual/R-FAQ.info doc/FAQ doc/manual/R-admi
 done
 
 %install
+# Create missing NEWS.rds files only if they do not exist
+# These files are required during the document installation phase,
+# but may not be generated during build, leading to install errors.
+for f in NEWS.2.rds NEWS.3.rds; do
+  [ ! -f doc/$f ] && touch doc/$f
+done
+
 make DESTDIR=%{buildroot} install install-pdf install-info
 
 rm -f %{buildroot}%{_infodir}/dir
@@ -908,5 +921,8 @@ TZ="Europe/Paris" make check
 %{_libdir}/libRmath.a
 
 %changelog
+* Wed Jun 11 2025 wenxin <wx02272781@alibaba-inc.com> - 4.3.2-2
+- Add patch to fix CVE-2024-27322
+
 * Wed Nov 29 2023 Chunmei Xu <xuchunmei@linux.alibaba.com> - 4.3.2-1
 - init from upstream
diff --git a/fix-CVE-2024-27322.patch b/fix-CVE-2024-27322.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a3426977e0992725071c6b7e0c0433935a08add6
--- /dev/null
+++ b/fix-CVE-2024-27322.patch
@@ -0,0 +1,49 @@
+From f7c46500f455eb4edfc3656c3fa20af61b16abb7 Mon Sep 17 00:00:00 2001
+From: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41>
+Date: Sun, 31 Mar 2024 19:35:58 +0000
+Subject: [PATCH] readRDS() and unserialize() now signal an errorr instead of
+ returning a PROMSXP.
+
+git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41
+---
+ src/main/serialize.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/main/serialize.c b/src/main/serialize.c
+index a389f713116..a190fbf8f3c 100644
+--- a/src/main/serialize.c
++++ b/src/main/serialize.c
+@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env)
+     return R_NilValue;
+ }
+ 
++static SEXP checkNotPromise(SEXP val)
++{
++    if (TYPEOF(val) == PROMSXP)
++	error(_("cannot return a promise (PROMSXP) object"));
++    return val;
++}
++
+ /* unserializeFromConn(conn, hook) used from readRDS().
+    It became public in R 2.13.0, and that version added support for
+    connections internally */
+@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env)
+ 	con->close(con);
+ 	UNPROTECT(1);
+     }
+-    return ans;
++    return checkNotPromise(ans);
+ }
+ 
+ /*
+@@ -3330,8 +3337,8 @@ attribute_hidden SEXP
+ do_serialize(SEXP call, SEXP op, SEXP args, SEXP env)
+ {
+     checkArity(op, args);
+-    if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args));
+-
++    if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args));
++	return checkNotPromise(R_unserialize(CAR(args), CADR(args)));
+     SEXP object, icon, type, ver, fun;
+     object = CAR(args); args = CDR(args);
+     icon = CAR(args); args = CDR(args);