Add Apache ORC project

[jsnv-dev]

Apache ORC provides both C++ and Java libraries for reading and writing ORC files, which are widely used by major data processing frameworks. Also, ORC-based formats are increasingly used to store AI training datasets at large scale.

Motivation

This integration follows the recent discovery of CVE-2025-47436, a heap buffer overflow vulnerability in the C++ LZO decompressor affecting Apache ORC versions. The vulnerability occurs when specially crafted malformed ORC files can result in memory corruption.

Continuous fuzzing through OSS-Fuzz will help identify similar input validation vulnerabilities earlier and improve the robustness of the ORC file parser.

Project Details

• Language: C++
• Repository: https://github.com/apache/orc
• Homepage: https://orc.apache.org/
• Integration Approval: OSS-Fuzz Integration Request apache/orc#2431

This initial PR includes only the project.yaml configuration. The build infrastructure will be added in a follow-up PR after your approval.

[github-actions]

jsnv-dev is integrating a new project:
- Main repo: https://github.com/apache/orc
- Criticality score: 0.57426

[jsnv-dev]

Hi all,

Just wanted to follow up on this PR and see if there's any feedback or if there's anything I can do to help move this forward. Happy to make any changes needed or provide additional information.