diff --git a/0001-logrotate-3.20.1-lock-state-msg.patch b/0001-logrotate-3.20.1-lock-state-msg.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a472d1155cff1fc5f14a582a3191ff979fa50c90
--- /dev/null
+++ b/0001-logrotate-3.20.1-lock-state-msg.patch
@@ -0,0 +1,31 @@
+From e509c7db71cefd150e9c4360b8abd3b378b129b2 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 27 May 2022 09:56:07 +0200
+Subject: [PATCH] lockState: do not print `error:` when exit code is unaffected
+
+Closes: https://github.com/logrotate/logrotate/pull/448
+
+Upstream-commit: 31cf1099ab8514dfcae5a980bc77352edd5292f8
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ logrotate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/logrotate.c b/logrotate.c
+index 2350672..6188a35 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -3050,8 +3050,8 @@ static int lockState(const char *stateFilename, int skip_state_lock)
+     }
+ 
+     if (sb.st_mode & S_IROTH) {
+-        message(MESS_ERROR, "state file %s is world-readable and thus can"
+-                " be locked from other unprivileged users."
++        message(MESS_NORMAL, "warning: state file %s is world-readable"
++                " and thus can be locked from other unprivileged users."
+                 " Skipping lock acquisition...\n",
+                 stateFilename);
+         close(lockFd);
+-- 
+2.35.3
+
diff --git a/logrotate-3.18.1.tar.xz b/logrotate-3.18.1.tar.xz
deleted file mode 100644
index 8b7dba5dd63ff3fdba773cdccdda38b7e663ba4f..0000000000000000000000000000000000000000
Binary files a/logrotate-3.18.1.tar.xz and /dev/null differ
diff --git a/logrotate-3.20.1.tar.xz b/logrotate-3.20.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..6548d854609c8aa5dd46d6c525bac87399f0b1f0
Binary files /dev/null and b/logrotate-3.20.1.tar.xz differ
diff --git a/logrotate.spec b/logrotate.spec
index 16e0d1e0dd7bc64721c056edd5302793c654b38e..77804b2229095cd046a8d07cbeac761bb4f1a7eb 100644
--- a/logrotate.spec
+++ b/logrotate.spec
@@ -1,12 +1,14 @@
 %global _configure ../configure
 
 Name: logrotate
-Version: 3.18.1
+Version: 3.20.1
 Release: 1
 Summary: simplify the administration of log files
 License: GPLv2+
 Url: https://github.com/logrotate/logrotate
 Source0: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz
+# lockState: do not print `error:` when exit code is unaffected
+Patch0: 0001-logrotate-3.20.1-lock-state-msg.patch
 BuildRequires: acl gcc automake libacl-devel libselinux-devel popt-devel
 Requires: coreutils
 
@@ -73,6 +75,9 @@ fi
 %{_mandir}/man5/logrotate.conf.5*
 
 %changelog
+* Tue Jun 21 2022 duyiwei <duyiwei@kylinos.cn> - 3.20.1-1
+- upgrade version to 3.20.1 and fix CVE-2022-1348
+
 * Mon Dec 06 2021 wuchaochao <wuchaochao4@huawei.com> - 3.18.1-1
 - update upstream to 3.18.1