[meta-oe,scarthgap,09/18] libraw: patch CVE-2025-43963

Message ID	20251014205402.1487867-9-ankur.tyagi85@gmail.com
State	New
Headers	show Return-Path: <ankur.tyagi85@gmail.com> ip: 209.85.214.171, mailfrom: ankur.tyagi85@gmail.com) From: Ankur Tyagi <ankur.tyagi85@gmail.com> To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>, Gyorgy Sarvari <skandigraun@gmail.com> Subject: [oe][meta-oe][scarthgap][PATCH 09/18] libraw: patch CVE-2025-43963 Date: Wed, 15 Oct 2025 09:53:52 +1300 Message-ID: <20251014205402.1487867-9-ankur.tyagi85@gmail.com> In-Reply-To: <20251014205402.1487867-1-ankur.tyagi85@gmail.com> References: <20251014205402.1487867-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,scarthgap,01/18] dash: set CVE_PRODUCT \| expand [meta-oe,scarthgap,01/18] dash: set CVE_PRODUCT [meta-oe,scarthgap,02/18] libppd: patch CVE-2024-47175 [meta-oe,scarthgap,03/18] hdf5: patch CVE-2025-2923 [meta-oe,scarthgap,04/18] hdf5: patch CVE-2025-2924 [meta-oe,scarthgap,05/18] hdf5: patch CVE-2025-2925 [meta-oe,scarthgap,06/18] hdf5: patch CVE-2025-6269 [meta-oe,scarthgap,07/18] libcupsfilters: patch CVE-2024-47076 [meta-oe,scarthgap,08/18] libraw: patch CVE-2025-43961 CVE-2025-43962 [meta-oe,scarthgap,09/18] libraw: patch CVE-2025-43963 [meta-oe,scarthgap,10/18] libraw: patch CVE-2025-43964 [meta-oe,scarthgap,11/18] zlog: fix CVE-2024-22857 [meta-oe,scarthgap,12/18] exiv2: patch CVE-2025-26623 [meta-oe,scarthgap,13/18] exiv2: patch CVE-2025-54080 [meta-oe,scarthgap,14/18] exiv2: patch CVE-2025-55304 [meta-oe,scarthgap,15/18] gattlib: mark CVE-2019-6498 as fixed [meta-oe,scarthgap,16/18] influxdb: Do not remove non-existing files [meta-oe,scarthgap,17/18] influxdb: Update CVE status for CVE-2019-10329 [meta-oe,scarthgap,18/18] jasper: upgrade to 4.1.2 release

Message ID

20251014205402.1487867-9-ankur.tyagi85@gmail.com

State

New

Headers

From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH 09/18] libraw: patch CVE-2025-43963
Date: Wed, 15 Oct 2025 09:53:52 +1300
Message-ID: <20251014205402.1487867-9-ankur.tyagi85@gmail.com>
In-Reply-To: <20251014205402.1487867-1-ankur.tyagi85@gmail.com>
References: <20251014205402.1487867-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,scarthgap,01/18] dash: set CVE_PRODUCT | expand

Commit Message

Ankur Tyagi Oct. 14, 2025, 8:53 p.m. UTC

Details https://nvd.nist.gov/vuln/detail/CVE-2025-43963

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 287ed36b866adf46b0ec6245947da64531a98fa2)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../libraw/libraw/0002-CVE-2025-43963.patch   | 40 +++++++++++++++++++
 .../recipes-support/libraw/libraw_0.21.2.bb   |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch

diff --git a/meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch b/meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch
new file mode 100644
index 0000000000..d571164781
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch
@@ -0,0 +1,40 @@ 
+From 975393c804bc321fd4bc709c3c221733dac2d80a Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Thu, 6 Feb 2025 21:01:58 +0300
+Subject: [PATCH] CVE-2025-43963
+
+check split_col/split_row values in phase_one_correct
+
+CVE: CVE-2025-43963
+Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964]
+
+(cherry picked from commit be26e7639ecf8beb55f124ce780e99842de2e964)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/decoders/load_mfbacks.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index 1a1bdfb3..f89aecce 100644
+--- a/src/decoders/load_mfbacks.cpp
++++ b/src/decoders/load_mfbacks.cpp
+@@ -348,7 +348,8 @@ int LibRaw::phase_one_correct()
+           off_412 = ftell(ifp) - 38;
+         }
+       }
+-      else if (tag == 0x041f && !qlin_applied)
++      else if (tag == 0x041f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width
++		&& ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant linearization */
+         ushort lc[2][2][16], ref[16];
+         int qr, qc;
+@@ -432,7 +433,8 @@ int LibRaw::phase_one_correct()
+         }
+         qmult_applied = 1;
+       }
+-      else if (tag == 0x0431 && !qmult_applied)
++      else if (tag == 0x0431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width 
++		&& ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant combined - four tile gain calibration */
+         ushort lc[2][2][7], ref[7];
+         int qr, qc;
diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
index c6d9acb960..d4750630e0 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
@@ -5,6 +5,7 @@  LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f"
 SRC_URI = " \
     git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https \
     file://0001-CVE-2025-43961-CVE-2025-43962.patch \
+    file://0002-CVE-2025-43963.patch \
 "
 SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d"
 S = "${WORKDIR}/git"

[meta-oe,scarthgap,09/18] libraw: patch CVE-2025-43963

Commit Message

Patch