From 357f65dd13211e867bd96af130fabd88f9084d5e Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 6 Apr 2026 14:03:14 +0200 Subject: [PATCH] libraw: upgrade 0.21.4 -> 0.22.1 Contains fixes for CVE-2026-5318[1] and CVE-2026-5318[2] (both are tracked without a version by NVD, so they are explicitly marked as patched) License-update: copyright year bump Changelog: https://github.com/LibRaw/LibRaw/blob/0.22-stable/Changelog.txt [1]: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b [2]: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-oe/recipes-support/libraw/libraw_0.21.4.bb | 10 ---------- meta-oe/recipes-support/libraw/libraw_0.22.1.bb | 13 +++++++++++++ 2 files changed, 13 insertions(+), 10 deletions(-) delete mode 100644 meta-oe/recipes-support/libraw/libraw_0.21.4.bb create mode 100644 meta-oe/recipes-support/libraw/libraw_0.22.1.bb diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb b/meta-oe/recipes-support/libraw/libraw_0.21.4.bb deleted file mode 100644 index ef0a0255d9..0000000000 --- a/meta-oe/recipes-support/libraw/libraw_0.21.4.bb +++ /dev/null @@ -1,10 +0,0 @@ -SUMMARY = "raw image decoder" -LICENSE = "LGPL-2.1-only | CDDL-1.0" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f" - -SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https;tag=${PV}" -SRCREV = "9646d776c7c61976080a8f2be67928df0750493e" - -inherit autotools pkgconfig - -DEPENDS = "jpeg jasper lcms" diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb new file mode 100644 index 0000000000..bd0a4c0b03 --- /dev/null +++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb @@ -0,0 +1,13 @@ +SUMMARY = "raw image decoder" +LICENSE = "LGPL-2.1-only | CDDL-1.0" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1d66195044cfbe4327c055d1c9c1a229" + +SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.22-stable;protocol=https;tag=${PV}" +SRCREV = "b860248a89d9082b8e0a1e202e516f46af9adb29" + +inherit autotools pkgconfig + +DEPENDS = "jpeg jasper lcms" + +CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1" +CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"