libraw: upgrade 0.21.2 -> 0.21.4

This upgrade contains fixes for the following vulnerabilities: CVE-2025-43961, CVE-2025-43962, CVE-2025-43963 and CVE-2025-43964 Also drop two old CVE_STATUS entries which are not needed anymore, because the database has been updated with correct info. Changelog: https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-10-22 15:03:59 +02:00 · 2025-10-07 17:06:02 +02:00 · 2025-10-07 17:06:02 +02:00 · 6cdb2e09d0
commit 6cdb2e09d0
parent 072623d578
2 changed files with 10 additions and 13 deletions
--- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
@ -1,13 +0,0 @@
-SUMMARY = "raw image decoder"
-LICENSE = "LGPL-2.1-only | CDDL-1.0"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f"
-
-SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https"
-SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d"
-
-inherit autotools pkgconfig
-
-DEPENDS = "jpeg jasper lcms"
-
-CVE_STATUS[CVE-2020-22628] = "cpe-incorrect: The current version (0.21.2) is not affected by the CVE which affects versions earlier than 0.21.2"
-CVE_STATUS[CVE-2023-1729] = "cpe-incorrect: The current version (0.21.2) is not affected by the CVE which affects versions earlier than 0.21.2"
--- a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb
@ -0,0 +1,10 @@
+SUMMARY = "raw image decoder"
+LICENSE = "LGPL-2.1-only | CDDL-1.0"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f"
+
+SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https;tag=${PV}"
+SRCREV = "9646d776c7c61976080a8f2be67928df0750493e"
+
+inherit autotools pkgconfig
+
+DEPENDS = "jpeg jasper lcms"