diff --git a/CVE-2020-28935.patch b/CVE-2020-28935.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2d6c4a52b7bdc70089496d22795d3c3781254459
--- /dev/null
+++ b/CVE-2020-28935.patch
@@ -0,0 +1,54 @@
+From ad387832979b6ce4c93f64fe706301cd7d034e87 Mon Sep 17 00:00:00 2001
+From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
+Date: Mon, 23 Nov 2020 13:42:11 +0100
+Subject: [PATCH] - Fix for #303 CVE-2020-28935 : Fix that symlink does not
+ interfere   with chown of pidfile.
+
+---
+ daemon/unbound.c | 26 ++++++++++++++++++++------
+ doc/Changelog    |  2 ++
+ 2 files changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/daemon/unbound.c b/daemon/unbound.c
+index cd0fd69f2..45537d5c9 100644
+--- a/daemon/unbound.c
++++ b/daemon/unbound.c
+@@ -341,18 +341,32 @@ readpid (const char* file)
+ static void
+ writepid (const char* pidfile, pid_t pid)
+ {
+-	FILE* f;
++	int fd;
++	char pidbuf[32];
++	size_t count = 0;
++	snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long)pid);
+ 
+-	if ((f = fopen(pidfile, "w")) ==  NULL ) {
++	if((fd = open(pidfile, O_WRONLY | O_CREAT | O_TRUNC
++#ifdef O_NOFOLLOW
++		| O_NOFOLLOW
++#endif
++		, 0644)) == -1) {
+ 		log_err("cannot open pidfile %s: %s", 
+ 			pidfile, strerror(errno));
+ 		return;
+ 	}
+-	if(fprintf(f, "%lu\n", (unsigned long)pid) < 0) {
+-		log_err("cannot write to pidfile %s: %s", 
+-			pidfile, strerror(errno));
++	while(count < strlen(pidbuf)) {
++		ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
++		if(r == -1) {
++			if(errno == EAGAIN || errno == EINTR)
++				continue;
++			log_err("cannot write to pidfile %s: %s",
++				pidfile, strerror(errno));
++			break;
++		}
++		count += r;
+ 	}
+-	fclose(f);
++	close(fd);
+ }
+ 
+ /**
diff --git a/unbound.spec b/unbound.spec
index 47407c50752af01dc8c9f6a6549b3974a68d3be0..c461c2366eca3b902edece0971ec1a5f639ec848 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -2,7 +2,7 @@
 
 Name:          unbound
 Version:       1.10.1
-Release:       2
+Release:       3
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -22,6 +22,7 @@ Source12:      unbound-anchor.timer
 Source13:      unbound-anchor.service
 
 Patch0:        unbound-1.10.0-auth-callback.patch
+Patch1:        CVE-2020-28935.patch
 
 BuildRequires: make flex swig pkgconfig systemd
 BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@@ -74,6 +75,7 @@ Package help includes includes man pages for unbound.
 pushd %{name}-%{version}
 
 %patch0 -p1
+%patch1 -p1
 
 cp -pr doc pythonmod libunbound ../
 popd
@@ -229,6 +231,12 @@ popd
 %{_mandir}/man*
 
 %changelog
+* Tue Feb 23 2021 zhouyihang <zhouyihang3@huawei.com> - 1.10.1-3
+- Type:CVE
+- ID:NA
+- SUG:NA
+- DESC:fix CVE-2020-28935
+
 * Thu Oct 29 2020 gaihuiying <gaihuiying1@huawei.com> - 1.10.1-2
 - Type:requirement
 - ID:NA