diff --git a/CVE-2022-39170.patch b/CVE-2022-39170.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a4c865260ae42a203bd50173d610c12d15b316c9
--- /dev/null
+++ b/CVE-2022-39170.patch
@@ -0,0 +1,23 @@
+From 428235e3d132fb62faf7732735fdbb034d6264b4 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea42@linuxmail.org>
+Date: Sat, 27 Aug 2022 10:45:37 -0700
+Subject: [PATCH] Fixes DW202208-001. Fuzzed object gets double free in
+ libdwarf. 	modified:   dwarf_frame.c
+
+---
+ src/lib/libdwarf/dwarf_frame.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lib/libdwarf/dwarf_frame.c b/src/lib/libdwarf/dwarf_frame.c
+index 65946d9c9..d0836e107 100644
+--- a/src/lib/libdwarf/dwarf_frame.c
++++ b/src/lib/libdwarf/dwarf_frame.c
+@@ -1491,6 +1491,8 @@ _dwarf_exec_frame_instr(Dwarf_Bool make_instr,
+             instr_count++;
+             (*ilistlastptr) = dfi;
+             ilistlastptr = &dfi->fi_next;
++            /* dfi itself is stale, the pointer is on the list */
++            dfi = 0;
+         }
+     } /*  end for-loop on ops */
+ 
diff --git a/libdwarf-0.4.1.tar.xz b/libdwarf-0.4.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..6e6e0d5318c95a6a942b674bed86e2c3f8427f41
Binary files /dev/null and b/libdwarf-0.4.1.tar.xz differ
diff --git a/libdwarf-20210528.tar.gz b/libdwarf-20210528.tar.gz
deleted file mode 100644
index 163b5d91d85e3d75039a8802f6dd815c3d44fcd0..0000000000000000000000000000000000000000
Binary files a/libdwarf-20210528.tar.gz and /dev/null differ
diff --git a/libdwarf.spec b/libdwarf.spec
old mode 100644
new mode 100755
index e38517ba38fffafe1e5f1a3ce6e49a022aa2bfe8..343f5dd0ced83a2db2ab1c81535755c8cad52ee9
--- a/libdwarf.spec
+++ b/libdwarf.spec
@@ -1,78 +1,89 @@
 Name:          libdwarf
-Version:       20210528
+Epoch:         1
+Version:       0.4.1
 Release:       1
-Summary:       Library to access DWARF debugging information
+Summary:       Library to access the DWARF Debugging file format 
+ 
 License:       LGPLv2
-URL:           http://www.prevanders.net/dwarf.html
-Source0:       http://www.prevanders.net/%{name}-%{version}.tar.gz
-BuildRequires: gcc binutils-devel elfutils-libelf-devel dos2unix
+URL:           https://www.prevanders.net/dwarf.html
+Source0:       https://www.prevanders.net/%{name}-%{version}.tar.xz
+Patch0:        CVE-2022-39170.patch 
+BuildRequires: gcc make
 
 %description
-Libdwarf is a library of functions to provide read/write DWARF
-debugging records.
-
+Library to access the DWARF debugging file format which supports
+source level debugging of a number of procedural languages, such as C, C++,
+and Fortran.  Please see http://www.dwarfstd.org for DWARF specification.
+ 
 %package devel
 Summary:       Library and header files of libdwarf
-Requires:      %{name} = %{version}-%{release}
-Provides:      libdwarf-static = %{version}-%{release}
-Obsoletes:     libdwarf-static < %{version}-%{release}
-
+License:       LGPLv2
+Requires:      %{name} = %{epoch}:%{version}-%{release}
+ 
 %description devel
-Libdwarf-devel provides libraries and header files for libdwarf.
-
+Development package containing library and header files of libdwarf.
+ 
+%package static
+Summary:       Static libdwarf library
+License:       LGPLv2
+Requires:      %{name}-devel = %{epoch}:%{version}-%{release}
+ 
+%description static
+Static libdwarf library.
+ 
 %package tools
-Summary:       Tools to access the DWARF debugging file format
-Requires:      %{name} = %{version}-%{release}
-
+Summary:       Tools for accessing DWARF debugging information
+License:       GPLv2
+Requires:      %{name} = %{epoch}:%{version}-%{release}
+ 
 %description tools
-Libdwarf-tools contains dwarfdump, a tool to access DWARF debug information.
-
-%package_help
-
+C++ version of dwarfdump (dwarfdump2) command-line utilities 
+to access DWARF debug information.
+ 
+ 
 %prep
-%autosetup -n %{name}-%{version} -p1
-
-
+%autosetup -p1
+ 
+ 
 %build
 %configure --enable-shared
-sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
-sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %make_build
-
+ 
 %install
 %make_install
-install -d %{buildroot}%{_includedir}/libdwarf
-mv %{buildroot}%{_includedir}/*.h %{buildroot}%{_includedir}/libdwarf
-%delete_la
-
+ 
 %check
-LD_LIBRARY_PATH=$PWD/libdwarf/.libs %__make check
-
+TZ=:America/Los_Angeles %__make check
+ 
+ 
 %files
-%defattr(-,root,root)
-%license libdwarf/{COPYING,LIBDWARFCOPYRIGHT,LGPL.txt}
+%doc src/lib/libdwarf/ChangeLog src/lib/libdwarf/README
+%license src/lib/libdwarf/COPYING src/lib/libdwarf/LIBDWARFCOPYRIGHT src/lib/libdwarf/LGPL.txt
 %{_libdir}/libdwarf.so.*
-%exclude %{_datadir}/libdwarf
-
+ 
+ 
+%files static
+%{_libdir}/libdwarf.a
+ 
+ 
 %files devel
-%defattr(-,root,root)
-%{_includedir}/libdwarf
+%doc doc/*.pdf
+%{_includedir}/libdwarf-0
 %{_libdir}/libdwarf.so
-%{_libdir}/{libdwarf.so,libdwarf.a}
-
+%{_libdir}/pkgconfig/libdwarf.pc
+%exclude %{_libdir}/*.la
+ 
+ 
 %files tools
-%defattr(-,root,root)
-%doc dwarfdump/{README,ChangeLog}
-%license dwarfdump/{COPYING,DWARFDUMPCOPYRIGHT,GPL.txt}
+%license src/bin/dwarfdump/COPYING src/bin/dwarfdump/DWARFDUMPCOPYRIGHT src/bin/dwarfdump/GPL.txt
 %{_bindir}/dwarfdump
 %{_datadir}/dwarfdump/dwarfdump.conf
-
-%files help
-%defattr(-,root,root)
-%doc libdwarf/{ChangeLog,README,*.pdf}
 %{_mandir}/man1/dwarfdump.1.gz
 
 %changelog
+* Tue Sep 13 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 0.4.1-1
+- upgrade to version 0.4.1 to fixed CVE-2022-39170
+
 * Tue Jul 26 2022 panys<panyanshuang@nati-gba.cn> - 20210528-1
 - upgrade to version 20210528