diff --git a/41bd04234b104312f54d25822f68738ba8d7133d.patch b/41bd04234b104312f54d25822f68738ba8d7133d.patch
deleted file mode 100644
index 0568f27..0000000
--- a/41bd04234b104312f54d25822f68738ba8d7133d.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 41bd04234b104312f54d25822f68738ba8d7133d Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Tue, 25 Jul 2017 23:44:44 +0200
-Subject: [PATCH] fixes some (not all) buffer overreads during decoding pentax
- makernote entries.
-
-This should fix:
-https://sourceforge.net/p/libexif/bugs/125/ CVE-2016-6328
----
- libexif/pentax/mnote-pentax-entry.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/pentax/mnote-pentax-entry.c b/libexif/pentax/mnote-pentax-entry.c
-index d03d159..ea0429a 100644
---- a/libexif/pentax/mnote-pentax-entry.c
-+++ b/libexif/pentax/mnote-pentax-entry.c
-@@ -425,24 +425,34 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		case EXIF_FORMAT_SHORT:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 2)
-+					break;
- 				vs = exif_get_short (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%i ", vs);
- 				len = strlen(val);
- 				data += 2;
-+				sizeleft -= 2;
- 			}
- 		  }
- 		  break;
- 		case EXIF_FORMAT_LONG:
- 		  {
- 			const unsigned char *data = entry->data;
--		  	size_t k, len = strlen(val);
-+		  	size_t k, len = strlen(val), sizeleft;
-+
-+			sizeleft = entry->size;
- 		  	for(k=0; k<entry->components; k++) {
-+				if (sizeleft < 4)
-+					break;
- 				vl = exif_get_long (data, entry->order);
- 				snprintf (val+len, maxlen-len, "%li", (long int) vl);
- 				len = strlen(val);
- 				data += 4;
-+				sizeleft -= 4;
- 			}
- 		  }
- 		  break;
-@@ -455,5 +465,5 @@ mnote_pentax_entry_get_value (MnotePentaxEntry *entry,
- 		break;
- 	}
- 
--	return (val);
-+	return val;
- }
diff --git a/CVE-2018-20030.patch b/CVE-2018-20030.patch
deleted file mode 100644
index 5c15587..0000000
--- a/CVE-2018-20030.patch
+++ /dev/null
@@ -1,93 +0,0 @@
---- libexif-0.6.21-bak/libexif/exif-data.c	2019-06-13 21:49:15.711000000 -0400
-+++ libexif-0.6.21/libexif/exif-data.c	2019-06-13 23:31:41.672000000 -0400
-@@ -35,6 +35,7 @@
- #include <libexif/olympus/exif-mnote-data-olympus.h>
- #include <libexif/pentax/exif-mnote-data-pentax.h>
- 
-+#include <math.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
-@@ -350,6 +351,20 @@ if (data->ifd[(i)]->count) {				\
- 	break;						\
- }
- 
-+/*! Calculate the recursion cost added by one level of IFD loading.
-+ *
-+ * The work performed is related to the cost in the exponential relation
-+ *   work=1.1**cost
-+ */
-+static unsigned int
-+level_cost(unsigned int n)
-+{
-+    static const double log_1_1 = 0.09531017980432493;
-+
-+	/* Adding 0.1 protects against the case where n==1 */
-+	return ceil(log(n + 0.1)/log_1_1);
-+}
-+
- /*! Load data for an IFD.
-  *
-  * \param[in,out] data #ExifData
-@@ -357,13 +372,13 @@ if (data->ifd[(i)]->count) {				\
-  * \param[in] d pointer to buffer containing raw IFD data
-  * \param[in] ds size of raw data in buffer at \c d
-  * \param[in] offset offset into buffer at \c d at which IFD starts
-- * \param[in] recursion_depth number of times this function has been
-- * recursively called without returning
-+ * \param[in] recursion_cost factor indicating how expensive this recursive
-+ * call could be
-  */
- static void
- exif_data_load_data_content (ExifData *data, ExifIfd ifd,
- 			     const unsigned char *d,
--			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
-+			     unsigned int ds, unsigned int offset, unsigned int recursion_cost)
- {
- 	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
- 	ExifShort n;
-@@ -378,9 +393,20 @@ exif_data_load_data_content (ExifData *d
- 	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
- 	  return;
- 
--	if (recursion_depth > 30) {
-+      	if (recursion_cost > 170) {
-+		/*
-+		 * recursion_cost is a logarithmic-scale indicator of how expensive this
-+		 * recursive call might end up being. It is an indicator of the depth of
-+		 * recursion as well as the potential for worst-case future recursive
-+		 * calls. Since it's difficult to tell ahead of time how often recursion
-+		 * will occur, this assumes the worst by assuming every tag could end up
-+		 * causing recursion.
-+		 * The value of 170 was chosen to limit typical EXIF structures to a
-+		 * recursive depth of about 6, but pathological ones (those with very
-+		 * many tags) to only 2.
-+		 */ 
- 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
--			  "Deep recursion detected!");
-+               		  "Deep/expensive recursion detected!"); 
- 		return;
- 	}
- 
-@@ -422,15 +448,18 @@ exif_data_load_data_content (ExifData *d
- 			switch (tag) {
- 			case EXIF_TAG_EXIF_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_EXIF);
--				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_GPS_INFO_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_GPS);
--				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
- 				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
--				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
-+				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o,
-+					recursion_cost + level_cost(n));
- 				break;
- 			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
- 				thumbnail_offset = o;
diff --git a/CVE-2020-0198.patch b/CVE-2020-0198.patch
new file mode 100644
index 0000000..e0358c2
--- /dev/null
+++ b/CVE-2020-0198.patch
@@ -0,0 +1,58 @@
+From ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <marcus@jet.franken.de>
+Date: Mon, 8 Jun 2020 17:27:06 +0200
+Subject: [PATCH] fixed another unsigned integer overflow
+
+first fixed by google in android fork,
+https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0
+
+(use a more generic overflow check method, also check second overflow instance.)
+
+https://security-tracker.debian.org/tracker/CVE-2020-0198
+---
+ libexif/exif-data.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/libexif/exif-data.c b/libexif/exif-data.c
+index 8b280d3..b495726 100644
+--- a/libexif/exif-data.c
++++ b/libexif/exif-data.c
+@@ -47,6 +47,8 @@
+ #undef JPEG_MARKER_APP1
+ #define JPEG_MARKER_APP1 0xe1
+ 
++#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
++
+ static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
+ 
+ struct _ExifDataPrivate
+@@ -327,7 +329,7 @@ exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail offset (%u).", o);
+ 		return;
+ 	}
+-	if (s > ds - o) {
++	if (CHECKOVERFLOW(o,ds,s)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData", "Bogus thumbnail size (%u), max would be %u.", s, ds-o);
+ 		return;
+ 	}
+@@ -420,9 +422,9 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	}
+ 
+ 	/* Read the number of entries */
+-	if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
++	if (CHECKOVERFLOW(offset, ds, 2)) {
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
+-			  "Tag data past end of buffer (%u > %u)", offset+2, ds);
++			  "Tag data past end of buffer (%u+2 > %u)", offset, ds);
+ 		return;
+ 	}
+ 	n = exif_get_short (d + offset, data->priv->order);
+@@ -431,7 +433,7 @@ exif_data_load_data_content (ExifData *data, ExifIfd ifd,
+ 	offset += 2;
+ 
+ 	/* Check if we have enough data. */
+-	if (offset + 12 * n > ds) {
++	if (CHECKOVERFLOW(offset, ds, 12*n)) {
+ 		n = (ds - offset) / 12;
+ 		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
+ 				  "Short data; only loading %hu entries...", n);
diff --git a/libexif-0.6.21.tar.bz2 b/libexif-0.6.21.tar.bz2
deleted file mode 100644
index 1864b66..0000000
Binary files a/libexif-0.6.21.tar.bz2 and /dev/null differ
diff --git a/libexif-0.6.21_CVE-2017-7544.patch b/libexif-0.6.21_CVE-2017-7544.patch
deleted file mode 100644
index 166334a..0000000
--- a/libexif-0.6.21_CVE-2017-7544.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/libexif/exif-data.c b/libexif/exif-data.c
-index 67df4db..91f4c33 100644
---- a/libexif/exif-data.c
-+++ b/libexif/exif-data.c
-@@ -255,6 +255,12 @@ exif_data_save_data_entry (ExifData *data, ExifEntry *e,
- 			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
- 			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
- 			e->components = e->size;
-+			if (exif_format_get_size (e->format) != 1) {
-+				/* e->format is taken from input code,
-+				 * but we need to make sure it is a 1 byte
-+				 * entity due to the multiplication below. */
-+				e->format = EXIF_FORMAT_UNDEFINED;
-+			}
- 		}
- 	}
- 
diff --git a/libexif-0_6_22-release.tar.gz b/libexif-0_6_22-release.tar.gz
new file mode 100644
index 0000000..77c8215
Binary files /dev/null and b/libexif-0_6_22-release.tar.gz differ
diff --git a/libexif-bugfix-division-0.patch b/libexif-bugfix-division-0.patch
deleted file mode 100644
index 934ddcb..0000000
--- a/libexif-bugfix-division-0.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d66dea055522290c1ef34e3ae914146cd52b5d8e Mon Sep 17 00:00:00 2001
-From: songnannan2 <songnannan2@huawei.com>
-Date: Sat, 15 Feb 2020 20:44:53 +0800
-Subject: [PATCH] libexif: modification summary
-
----
- libexif-0.6.21/libexif/exif-entry.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
-index 54a90a2..436e8a7 100644
---- a/libexif/exif-entry.c
-+++ b/libexif/exif-entry.c
-@@ -1085,7 +1085,7 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 			break;
- 		}
- 		d = (double) v_rat.numerator / (double) v_rat.denominator;
--		if (d < 1)
-+		if (d < 1 && d)
- 			snprintf (val, maxlen, _("1/%i"), (int) (0.5 + 1. / d));
- 		else
- 			snprintf (val, maxlen, "%i", (int) d);
-@@ -1102,8 +1102,9 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 		}
- 		d = (double) v_srat.numerator / (double) v_srat.denominator;
- 		snprintf (val, maxlen, _("%.02f EV"), d);
--		d = 1. / pow (2, d);
--		if (d < 1)
-+		if (pow (2, d))
-+			d = 1. / pow (2, d);
-+		if (d < 1 && d)
- 		  snprintf (b, sizeof (b), _(" (1/%d sec.)"), (int) (1. / d));
- 		else
- 		  snprintf (b, sizeof (b), _(" (%d sec.)"), (int) d);
--- 
-2.19.1
-
diff --git a/libexif-bugfix-integer-overflow.patch b/libexif-bugfix-integer-overflow.patch
deleted file mode 100644
index 8f3c174..0000000
--- a/libexif-bugfix-integer-overflow.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From c7c4de72c04b5b795ce8df9c49648431bd22ee7e Mon Sep 17 00:00:00 2001
-From: songnannan2 <songnannan2@huawei.com>
-Date: Mon, 17 Feb 2020 15:41:28 +0800
-Subject: [PATCH] bugfix in Integer overflow
-
----
- libexif/exif-loader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libexif-0.6.21/libexif/exif-loader.c b/libexif-0.6.21/libexif/exif-loader.c
-index 317b86b..e376465 100644
---- a/libexif/exif-loader.c
-+++ b/libexif/exif-loader.c
-@@ -239,7 +239,7 @@ exif_loader_write (ExifLoader *eld, unsigned char *buf, unsigned int len)
- 			break;
- 
- 		case EL_READ_SIZE_BYTE_24:
--			eld->size |= eld->b[i] << 24;
-+			eld->size |= (unsigned int)eld->b[i] << 24;
- 			eld->state = EL_READ_SIZE_BYTE_16;
- 			break;
- 		case EL_READ_SIZE_BYTE_16:
--- 
-2.19.1
-
diff --git a/libexif-bugfix-overflow.patch b/libexif-bugfix-overflow.patch
deleted file mode 100644
index 8d0aa73..0000000
--- a/libexif-bugfix-overflow.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From f9bb9f263fb00f0603ecbefa8957cad24168cbff Mon Sep 17 00:00:00 2001
-From: Dan Fandrich <dan@coneharvesters.com>
-Date: Wed, 4 Jul 2018 11:06:09 +0200
-Subject: [PATCH] Fix a buffer read overflow in exif_entry_get_value
-
-While parsing EXIF_TAG_FOCAL_LENGTH it was possible to read 8 bytes past
-the end of a heap buffer. This was detected by the OSS Fuzz project.
-Patch from Google.
-
-Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7344 and
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14543
----
- libexif/exif-entry.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libexif/exif-entry.c b/libexif/exif-entry.c
-index 61260d3..a224ac2 100644
---- a/libexif/exif-entry.c
-+++ b/libexif/exif-entry.c
-@@ -1040,12 +1040,12 @@ exif_entry_get_value (ExifEntry *e, char *val, unsigned int maxlen)
- 		d = 0.;
- 		entry = exif_content_get_entry (
- 			e->parent->parent->ifd[EXIF_IFD_0], EXIF_TAG_MAKE);
--		if (entry && entry->data &&
-+		if (entry && entry->data && entry->size >= 7 &&
- 		    !strncmp ((char *)entry->data, "Minolta", 7)) {
- 			entry = exif_content_get_entry (
- 					e->parent->parent->ifd[EXIF_IFD_0],
- 					EXIF_TAG_MODEL);
--			if (entry && entry->data) {
-+			if (entry && entry->data && entry->size >= 8) {
- 				if (!strncmp ((char *)entry->data, "DiMAGE 7", 8))
- 					d = 3.9;
- 				else if (!strncmp ((char *)entry->data, "DiMAGE 5", 8))
-
-
diff --git a/libexif-bugfix-unsigned-int.patch b/libexif-bugfix-unsigned-int.patch
deleted file mode 100644
index d60ec80..0000000
--- a/libexif-bugfix-unsigned-int.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From cf37dc7934bbb10dc5d0c17db260a25aa2831595 Mon Sep 17 00:00:00 2001
-From: Marcus Meissner <marcus@jet.franken.de>
-Date: Sat, 18 Jan 2020 19:50:38 +0100
-Subject: [PATCH] cast to unsigned int before shifting left
-
-(weird integer promotion, a unsigned char will be first tried to be promoted to "int" apparently,
-so we need to cast it to avoid implicit behaviour)
-
-fixes https://github.com/libexif/libexif/issues/20
----
- libexif/exif-utils.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libexif/exif-utils.c b/libexif/exif-utils.c
-index 9083ddc..8a92907 100644
---- a/libexif/exif-utils.c
-+++ b/libexif/exif-utils.c
-@@ -132,9 +132,9 @@ exif_get_slong (const unsigned char *b, ExifByteOrder order)
- 	if (!b) return 0;
-         switch (order) {
-         case EXIF_BYTE_ORDER_MOTOROLA:
--                return ((b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]);
-+                return (((uint32_t)b[0] << 24) | ((uint32_t)b[1] << 16) | ((uint32_t)b[2] << 8) | (uint32_t)b[3]);
-         case EXIF_BYTE_ORDER_INTEL:
--                return ((b[3] << 24) | (b[2] << 16) | (b[1] << 8) | b[0]);
-+                return (((uint32_t)b[3] << 24) | ((uint32_t)b[2] << 16) | ((uint32_t)b[1] << 8) | (uint32_t)b[0]);
-         }
- 
- 	/* Won't be reached */
-
diff --git a/libexif.spec b/libexif.spec
index 2be61e8..f008b28 100644
--- a/libexif.spec
+++ b/libexif.spec
@@ -1,21 +1,17 @@
 Name:           libexif
 Summary:        Library for extracting extra information from image files
-Version:        0.6.21
-Release:        20
+Version:        0.6.22
+Release:        1
 License:        LGPLv2+
 URL:            https://libexif.github.io/
-Source0:        https://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
 
-Patch0:         41bd04234b104312f54d25822f68738ba8d7133d.patch
-Patch6000:      libexif-0.6.21_CVE-2017-7544.patch
-Patch6001:      CVE-2018-20030.patch
-Patch6003:      libexif-bugfix-division-0.patch
-Patch6004:	libexif-bugfix-integer-overflow.patch
-Patch6005: 	libexif-bugfix-unsigned-int.patch
-Patch6006:	libexif-bugfix-overflow.patch
-Patch9001:	libexif-bugfix-integer-overflow-pentax.patch
+%global tarball_version %(echo %{version} | sed -e 's|\\.|_|g')
+Source0:        https://github.com/libexif/libexif/archive/libexif-%{tarball_version}-release.tar.gz
 
-BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig git
+Patch0:         CVE-2020-0198.patch
+Patch9000:	libexif-bugfix-integer-overflow-pentax.patch
+
+BuildRequires:  autoconf automake doxygen gettext-devel libtool pkgconfig
 
 %description
 Most digital cameras produce EXIF files, which are JPEG files with
@@ -25,6 +21,7 @@ allows you to parse an EXIF file and read the data from those tags.
 %package        devel
 Summary:        Files needed for libexif application development
 Requires:       %{name}%{?_isa} = %{version}-%{release} pkgconfig
+Requires:       pkgconfig
 
 %description devel
 The libexif-devel package contains the libraries and header files
@@ -33,15 +30,18 @@ for writing programs that use libexif.
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version} -p1 -S git
+%autosetup -n libexif-libexif-%{tarball_version}-release -p1 
+
 %build
 autoreconf -fiv
-%configure
+%configure --disable-static
 %make_build
 
 %install
 %make_install
 %delete_la
+
+rm -rf %{buildroot}%{_datadir}/doc/libexif
 cp -R doc/doxygen-output/libexif-api.html .
 iconv -f latin1 -t utf-8 < COPYING > COPYING.utf8; cp COPYING.utf8 COPYING
 iconv -f latin1 -t utf-8 < README > README.utf8; cp README.utf8 README
@@ -62,15 +62,16 @@ make check
 %defattr(-,root,root)
 %{_includedir}/libexif
 %{_libdir}/*.so
-%{_libdir}/*.a
 %{_libdir}/pkgconfig/*.pc
-%exclude %{_datadir}/doc/libexif
 
 %files help
 %defattr(-,root,root)
 %doc libexif-api.html NEWS
 
 %changelog
+* Sat Aug 8 2020 yanan <yanan@huawei.com> - 0.6.22-1
+- update to 0.6.22
+
 * Tue Mar 10 2020 songnannan <songnannan2@huawei.com> - 0.6.21-20
 - bugfix in oss-fuzz