diff --git a/enscript-CVE-vasnprintf.patch b/enscript-CVE-vasnprintf.patch
new file mode 100644
index 0000000000000000000000000000000000000000..623f2ab5e1c4b327e5f695aa5ff194e0061d99b9
--- /dev/null
+++ b/enscript-CVE-vasnprintf.patch
@@ -0,0 +1,15 @@
+diff --git a/intl/vasnprintf.c b/intl/vasnprintf.c
+index 4a8e7f0..65ade71 100644
+--- a/intl/vasnprintf.c
++++ b/intl/vasnprintf.c
+@@ -758,7 +758,9 @@ convert_to_decimal (mpn_t a, size_t extra_zeroes)
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;
diff --git a/enscript.spec b/enscript.spec
index bfef6fc3497fafcec227ff68c80f3a5bd87165bd..3479feea20360537cda3f5b4df7a7c477a710ce1 100644
--- a/enscript.spec
+++ b/enscript.spec
@@ -1,10 +1,10 @@
 Name:              enscript
 Version:           1.6.6
-Release:           19
+Release:           22
 Summary:           A plain ASCII to PostScript converter
 License:           GPLv3+
 URL:               http://www.gnu.org/software/enscript
-Source0:           enscript-1.6.6.tar.gz
+Source0:           http://ftp.gnu.org/gnu/enscript/enscript-1.6.6.tar.gz
 Source1:           enscript-ruby-1.6.4.tar.gz
 Source2:           enscript-php-1.6.4.st
 BuildRequires:     gcc autoconf automake gettext gettext-devel
@@ -17,6 +17,7 @@ Patch0002:         enscript-1.6.4-rh457720.patch
 Patch0003:         enscript-rh477382.patch
 Patch0004:         enscript-build.patch
 Patch0005:         enscript-bufpos-crash.patch
+Patch0006:         enscript-CVE-vasnprintf.patch
 
 %description
 GNU enscript is a computer program that converts text files to PostScript,
@@ -28,7 +29,7 @@ which can be used to customize print-outs.
 Summary:          Help documents for enscript
 
 %description      help
-The enscript-help package conatins manual pages and other related files for enscript.
+The enscript-help package contains manual pages and other related files for enscript.
 
 %prep
 %autosetup -p1
@@ -73,5 +74,14 @@ done
 %{_infodir}/enscript*
 
 %changelog
+* Tue Jan 14 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 1.6.6-22
+- fix CVE-2018-17942
+
+* Wed Oct 9 2024 lvzhonglin<lvzhonglin@inspur.com> - 1.6.6-21
+- update package description
+
+* Mon Sep 7 2020 baizhonggui<baizhonggui@huawei.com> - 1.6.6-20
+- Modify Source0
+
 * Thu Nov 21 2019 liujing<liujing144@huawei.com> - 1.6.6-19
 - Package init
diff --git a/enscript.yaml b/enscript.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..35e2c76305216901a495afbaa0fd94f222afc2d1
--- /dev/null
+++ b/enscript.yaml
@@ -0,0 +1,4 @@
+version_control: git
+src_repo: git://git.savannah.gnu.org/enscript.git
+tag_prefix: ^v
+seperator: .