From 7f49deaf7e365b56f5f666aec97569c29e523d70 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 20 Apr 2026 08:27:49 +0200
Subject: [PATCH] libraw: mark CVE-2026-20911 and CVE-2026-21413 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911
https://nvd.nist.gov/vuln/detail/CVE-2026-21413

Both CVEs are tracked with incorrect version info: NVD indicates that
0.22.1 is explicitly vulnerable, but the fixes are actually included
in this release.

Relevant commits:
CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
---
 meta-oe/recipes-support/libraw/libraw_0.22.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
index 2e11a7f1f9..e99f0e46b6 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
@@ -13,3 +13,5 @@ CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-20911] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-21413] = "fixed-version: fixed since 0.22.1"