diff --git a/dcraw-9.21-lcms2-error-reporting.patch b/dcraw-9.21-lcms2-error-reporting.patch
new file mode 100644
index 0000000..7b37d12
--- /dev/null
+++ b/dcraw-9.21-lcms2-error-reporting.patch
@@ -0,0 +1,38 @@
+From affda75b7d868350d7ef9e7a67367826fb3e950d Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Wed, 4 Sep 2013 17:13:49 +0200
+Subject: [PATCH] Report errors with LCMS version 2.x.
+
+---
+ dcraw.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/dcraw.c b/dcraw.c
+index 6f8dbbe..d80db64 100644
+--- a/dcraw.c
++++ b/dcraw.c
+@@ -8902,6 +8902,13 @@ notraw:
+ }
+ 
+ #ifndef NO_LCMS
++static void lcms2_error_show_handler (cmsContext ContextID,
++                                      cmsUInt32Number ErrorCode,
++                                      const char *Text)
++{
++  fprintf (stderr, "lcms2: Error #%d; %s\n", ErrorCode, Text);
++}
++
+ void CLASS apply_profile (const char *input, const char *output)
+ {
+   char *prof;
+@@ -8910,6 +8917,7 @@ void CLASS apply_profile (const char *input, const char *output)
+   FILE *fp;
+   unsigned size;
+ 
++  cmsSetLogErrorHandler (lcms2_error_show_handler);
+   if (strcmp (input, "embed"))
+     hInProfile = cmsOpenProfileFromFile (input, "r");
+   else if (profile_length) {
+-- 
+1.9.0
+
diff --git a/dcraw-9.28.0.tar.gz b/dcraw-9.28.0.tar.gz
new file mode 100644
index 0000000..81ebeea
Binary files /dev/null and b/dcraw-9.28.0.tar.gz differ
diff --git a/dcraw-CVE-2018-5801.patch b/dcraw-CVE-2018-5801.patch
new file mode 100644
index 0000000..2f742a1
--- /dev/null
+++ b/dcraw-CVE-2018-5801.patch
@@ -0,0 +1,125 @@
+diff -urNp old/dcraw.c new/dcraw.c
+--- old/dcraw.c	2018-06-14 12:38:10.519964843 +0200
++++ new/dcraw.c	2018-06-14 13:31:46.304679761 +0200
+@@ -1248,6 +1248,10 @@ void CLASS nikon_load_raw()
+ 
+ void CLASS nikon_yuv_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   int row, col, yuv[4], rgb[3], b, c;
+   UINT64 bitbuf=0;
+ 
+@@ -1889,6 +1893,10 @@ void CLASS sinar_4shot_load_raw()
+     unpacked_load_raw();
+     return;
+   }
++#ifdef LIBRAW_LIBRARY_BUILD
++  else if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   pixel = (ushort *) calloc (raw_width, sizeof *pixel);
+   merror (pixel, "sinar_4shot_load_raw()");
+   for (shot=0; shot < 4; shot++) {
+@@ -2188,6 +2196,11 @@ void CLASS quicktake_100_load_raw()
+ 
+ void CLASS kodak_radc_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  // All kodak radc images are 768x512
++  if(width>768 || raw_width>768 || height > 512 || raw_height>512 )
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   static const char src[] = {
+     1,1, 2,3, 3,4, 4,2, 5,7, 6,5, 7,6, 7,8,
+     1,0, 2,1, 3,3, 4,4, 5,2, 6,7, 7,6, 8,5, 8,8,
+@@ -2348,6 +2361,10 @@ void CLASS gamma_curve (double pwr, doub
+ 
+ void CLASS lossy_dng_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   struct jpeg_decompress_struct cinfo;
+   struct jpeg_error_mgr jerr;
+   JSAMPARRAY buf;
+@@ -2444,6 +2461,10 @@ void CLASS eight_bit_load_raw()
+ 
+ void CLASS kodak_c330_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   uchar *pixel;
+   int row, col, y, cb, cr, rgb[3], c;
+ 
+@@ -2469,6 +2490,10 @@ void CLASS kodak_c330_load_raw()
+ 
+ void CLASS kodak_c603_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   uchar *pixel;
+   int row, col, y, cb, cr, rgb[3], c;
+ 
+@@ -2596,6 +2621,10 @@ void CLASS kodak_65000_load_raw()
+ 
+ void CLASS kodak_ycbcr_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   short buf[384], *bp;
+   int row, col, len, c, i, j, k, y[2][2], cb, cr, rgb[3];
+   ushort *ip;
+@@ -2624,6 +2653,10 @@ void CLASS kodak_ycbcr_load_raw()
+ 
+ void CLASS kodak_rgb_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   short buf[768], *bp;
+   int row, col, len, c, i, rgb[3];
+   ushort *ip=image[0];
+@@ -2640,6 +2673,10 @@ void CLASS kodak_rgb_load_raw()
+ 
+ void CLASS kodak_thumb_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   int row, col;
+   colors = thumb_misc >> 5;
+   for (row=0; row < height; row++)
+@@ -3109,6 +3146,10 @@ void CLASS foveon_thumb()
+ 
+ void CLASS foveon_sd_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   struct decode *dindex;
+   short diff[1024];
+   unsigned bitbuf=0;
+@@ -3156,6 +3197,10 @@ void CLASS foveon_huff (ushort *huff)
+ 
+ void CLASS foveon_dp_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   unsigned c, roff[4], row, col, diff;
+   ushort huff[512], vpred[2][2], hpred[2];
+ 
diff --git a/dcraw.spec b/dcraw.spec
new file mode 100644
index 0000000..79e689f
--- /dev/null
+++ b/dcraw.spec
@@ -0,0 +1,63 @@
+Summary:             Tool for decoding raw image data from digital cameras
+Name:                dcraw
+Version:             9.28.0
+Release:             3
+License:             GPLv2+
+URL:                 http://cybercom.net/~dcoffin/dcraw
+Source0:             https://sources.voidlinux.org/dcraw-%{version}/dcraw-%{version}.tar.gz
+Patch0:              dcraw-CVE-2018-5801.patch
+Patch1:              dcraw-9.21-lcms2-error-reporting.patch
+BuildRequires:       gcc gettext libjpeg-devel lcms2-devel jasper-devel
+Provides:            bundled(dcraw)
+%description
+This package contains dcraw, a command line tool to decode raw image data
+downloaded from digital cameras.
+
+%prep
+%autosetup -n dcraw -p1 -S git
+
+%package             help
+Summary:             Documentation for user of dcraw
+Requires:            dcraw = %{version}-%{release}
+
+%description         help
+
+%build
+gcc %optflags $RPM_LD_FLAGS -lm -ljpeg -llcms2 -ljasper \
+    -DLOCALEDIR="\"%{_datadir}/locale\"" -o dcraw dcraw.c
+for catsrc in dcraw_*.po; do
+    lang="${catsrc%.po}"
+    lang="${lang#dcraw_}"
+    msgfmt -o "dcraw_${lang}.mo" "$catsrc"
+done
+
+%install
+install -Dp -m 0755 dcraw %{buildroot}%{_bindir}/dcraw
+for catalog in dcraw_*.mo; do
+    lang="${catalog%.mo}"
+    lang="${lang#dcraw_}"
+    install -d -m 0755 "%{buildroot}%{_datadir}/locale/${lang}/LC_MESSAGES"
+    install -m 0644 "$catalog" "%{buildroot}%{_datadir}/locale/${lang}/LC_MESSAGES/dcraw.mo"
+done
+install -d -m 0755 %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man1
+install -m 0644 dcraw.1 %{buildroot}%{_mandir}/man1/dcraw.1
+rm -f %{name}-man-files
+touch %{name}-man-files
+for manpage in dcraw_*.1; do
+    lang="${manpage%.1}"
+    lang="${lang#dcraw_}"
+    install -d -m 0755 "%{buildroot}%{_mandir}/${lang}/man1"
+    install -m 0644 "${manpage}" "%{buildroot}%{_mandir}/${lang}/man1/dcraw.1"
+    echo "%%lang($lang) %%{_mandir}/${lang}/man1/*" >> %{name}-man-files
+done
+%find_lang %{name}
+
+%files -f %{name}.lang
+%{_bindir}/dcraw
+
+%files help  -f %{name}-man-files
+%{_mandir}/man1/*
+
+%changelog
+* Tue Apr 21 2020 Jeffery.Gao <gaojianxing@huawei.com> - 9.28.0-3
+- Package init
diff --git a/dcraw.yaml b/dcraw.yaml
new file mode 100644
index 0000000..f7aa7eb
--- /dev/null
+++ b/dcraw.yaml
@@ -0,0 +1,4 @@
+version-ctrl: NA
+src_repo: NA
+tag_prefix: NA
+seperator: NA