From 037d8ec930e8bb7a36e737fcd271f0e299a35c4c Mon Sep 17 00:00:00 2001
From: Wang Mingyu <wangmy@fujitsu.com>
Date: Thu, 30 Apr 2026 18:48:34 +0800
Subject: [PATCH] lcms: upgrade 2.18 -> 2.19

CVE-2026-41254_1.patch
CVE-2026-41254_2.patch
removed since they're included in 2.19

Changes:
========
- CMake build system. Thanks to Vlad Erium for the initial implementation and
  kmilos for improvements.
- Large files support to use profiles up to 4Gb
- Black point compensation works on multi-channel profiles
- Added more test platforms/architectures in GitHub tests, Cygwin and MSYS are
  now fully checked.
- jpgicc banner is not shown on normal operation, only when help is requested.
- Added a way to access internal transform pipelines. For read only.
- Add a way to retrieve the CMM signature
- Added extra checks on postscript undocumented functions
- Added guard on integer overflow when reading .cube files
- Added unneeded checks as a try to get rid of spam reports about
  "vulnerabilities" that are not real.
- Utility program names generated by Visual Studio 2026 are now same as all
  other platforms.
- Creating an output profile by cmsTransform2DeviceLink does not propagate
  correctly the colorant table. Fixed.
- Added some profile class definitions from iccMAX
- Deprecated uint16 and uint32 types removed from tifdiff
- fixed generation of tifdiff on Cmake and meson

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
---
 .../lcms/lcms/CVE-2026-41254_1.patch          | 28 ---------------
 .../lcms/lcms/CVE-2026-41254_2.patch          | 34 -------------------
 .../lcms/{lcms_2.18.bb => lcms_2.19.bb}       |  7 ++--
 3 files changed, 2 insertions(+), 67 deletions(-)
 delete mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
 delete mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
 rename meta-oe/recipes-support/lcms/{lcms_2.18.bb => lcms_2.19.bb} (60%)

diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
deleted file mode 100644
index 2ed8e9f587..0000000000
--- a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From c83cfcd249d06950a307cee8d1e22b7f6a78a8a7 Mon Sep 17 00:00:00 2001
-From: Marti Maria <marti.maria@littlecms.com>
-Date: Thu, 19 Feb 2026 09:07:20 +0100
-Subject: [PATCH] Fix integer overflow in CubeSize()
-
-Thanks to @zerojackyi for reporting
-
-CVE: CVE-2026-41254
-Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
----
- src/cmslut.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/cmslut.c b/src/cmslut.c
-index 1089148..b245209 100644
---- a/src/cmslut.c
-+++ b/src/cmslut.c
-@@ -460,7 +460,8 @@ void EvaluateCLUTfloatIn16(const cmsFloat32Number In[], cmsFloat32Number Out[],
- static
- cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
- {
--    cmsUInt32Number rv, dim;
-+    cmsUInt32Number dim;
-+    cmsUInt64Number rv;
- 
-     _cmsAssert(Dims != NULL);
- 
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
deleted file mode 100644
index be8c759a6f..0000000000
--- a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From f5994aea02d5620f3182cafdcf116ffe9d6c9fd2 Mon Sep 17 00:00:00 2001
-From: Marti Maria <marti.maria@littlecms.com>
-Date: Thu, 12 Mar 2026 22:57:35 +0100
-Subject: [PATCH] check for overflow
-
-Thanks to Guanni Qu for detecting & reporting the issue
-
-CVE: CVE-2026-41254
-Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
----
- src/cmslut.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/cmslut.c b/src/cmslut.c
-index b245209..c1dbb32 100644
---- a/src/cmslut.c
-+++ b/src/cmslut.c
-@@ -468,12 +468,12 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
-     for (rv = 1; b > 0; b--) {
- 
-         dim = Dims[b-1];
--        if (dim <= 1) return 0;  // Error
--
--        rv *= dim;
-+        if (dim <= 1) return 0;  
- 
-         // Check for overflow
-         if (rv > UINT_MAX / dim) return 0;
-+
-+        rv *= dim;
-     }
- 
-     // Again, prevent overflow
diff --git a/meta-oe/recipes-support/lcms/lcms_2.18.bb b/meta-oe/recipes-support/lcms/lcms_2.19.bb
similarity index 60%
rename from meta-oe/recipes-support/lcms/lcms_2.18.bb
rename to meta-oe/recipes-support/lcms/lcms_2.19.bb
index 1ff3b3908f..fa33678b18 100644
--- a/meta-oe/recipes-support/lcms/lcms_2.18.bb
+++ b/meta-oe/recipes-support/lcms/lcms_2.19.bb
@@ -3,11 +3,8 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \
-           file://CVE-2026-41254_1.patch \
-           file://CVE-2026-41254_2.patch \
-           "
-SRC_URI[sha256sum] = "ee67be3566f459362c1ee094fde2c159d33fa0390aa4ed5f5af676f9e5004347"
+SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz"
+SRC_URI[sha256sum] = "49e7e134e4299733dd0eda434fa468997a28ab3d33fa397c642b03644f552216"
 
 DEPENDS = "tiff"