From 6cdb2e09d01a5430080b8d0aa2872657f539c61e Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Tue, 7 Oct 2025 17:06:02 +0200 Subject: [PATCH] libraw: upgrade 0.21.2 -> 0.21.4 This upgrade contains fixes for the following vulnerabilities: CVE-2025-43961, CVE-2025-43962, CVE-2025-43963 and CVE-2025-43964 Also drop two old CVE_STATUS entries which are not needed anymore, because the database has been updated with correct info. Changelog: https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-oe/recipes-support/libraw/libraw_0.21.2.bb | 13 ------------- meta-oe/recipes-support/libraw/libraw_0.21.4.bb | 10 ++++++++++ 2 files changed, 10 insertions(+), 13 deletions(-) delete mode 100644 meta-oe/recipes-support/libraw/libraw_0.21.2.bb create mode 100644 meta-oe/recipes-support/libraw/libraw_0.21.4.bb diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb deleted file mode 100644 index 01425c6db0..0000000000 --- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb +++ /dev/null @@ -1,13 +0,0 @@ -SUMMARY = "raw image decoder" -LICENSE = "LGPL-2.1-only | CDDL-1.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f" - -SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https" -SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d" - -inherit autotools pkgconfig - -DEPENDS = "jpeg jasper lcms" - -CVE_STATUS[CVE-2020-22628] = "cpe-incorrect: The current version (0.21.2) is not affected by the CVE which affects versions earlier than 0.21.2" -CVE_STATUS[CVE-2023-1729] = "cpe-incorrect: The current version (0.21.2) is not affected by the CVE which affects versions earlier than 0.21.2" diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb new file mode 100644 index 0000000000..ef0a0255d9 --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb @@ -0,0 +1,10 @@ +SUMMARY = "raw image decoder" +LICENSE = "LGPL-2.1-only | CDDL-1.0" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f" + +SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https;tag=${PV}" +SRCREV = "9646d776c7c61976080a8f2be67928df0750493e" + +inherit autotools pkgconfig + +DEPENDS = "jpeg jasper lcms"