Commit Graph

9 Commits

Author SHA1 Message Date
Ankur Tyagi 964432f3af libraw: ignore CVE-2026-5318
Vulnerability exists in the function which was added in version 0.22.0[1]

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-5318

[1] https://github.com/LibRaw/LibRaw/commit/12b0e5d60c57bb795382fda8494fc45f683550b8

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-04-13 12:40:21 +05:30
Ankur Tyagi e9af1614d1 libraw: patch CVE-2025-43964
Details https://nvd.nist.gov/vuln/detail/CVE-2025-43964

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 95f680e0df)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:34 +08:00
Ankur Tyagi 7c56524a8d libraw: patch CVE-2025-43963
Details https://nvd.nist.gov/vuln/detail/CVE-2025-43963

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 287ed36b86)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:34 +08:00
Ankur Tyagi a8c1967976 libraw: patch CVE-2025-43961 CVE-2025-43962
Details
 - https://nvd.nist.gov/vuln/detail/CVE-2025-43961
 - https://nvd.nist.gov/vuln/detail/CVE-2025-43962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 337ab48ff8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:34 +08:00
Wang Mingyu 204e694ac2 libraw: upgrade 0.21.1 -> 0.21.2
Changelog
========
* New compile-defined limit LIBRAW_MAX_PROFILE_SIZE_MB:
  limits allocation/read size for embedded color profile (default: 256Mb)
* Embedded color profile allocation/read size: limited by input file size.
* Multiple fixes (mostly inspired by oss-fuzz) to improve library stability and/or input checks.
* raw-identify: use fallback if PATH_MAX not available
* Disabled color conversion for Canon 16-bit thumbnails
* docs/changelog: explained the case when no thumbnail is found in specific file
* swapXX renamed to libraw_swapXX to avoid name conflict
* better striped thumbnails handling

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-01-08 19:54:42 -08:00
Khem Raj a651f50385 libraw: upgrade 0.20.2 -> 0.21.1
License-Update: Copyright years changed

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-11-06 08:47:08 -08:00
Khem Raj 14c7d8a0d7 recipes: Update LICENSE variable to use SPDX license identifiers
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-03-04 17:41:45 -08:00
Richard Purdie b402a3076f recipes: Update SRC_URI branch and protocols
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2021-11-03 06:57:49 -07:00
Khem Raj ea0af875ca libraw: Move from meta-qt5-extra to meta-oe
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
2021-05-17 09:00:36 -07:00