[PATCH] libpng: Update to version 1.6.55

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH] libpng: Update to version 1.6.55
Date: Sat, 14 Feb 2026 16:20:33 +0100	[thread overview]
Message-ID: <20260214152040.3720549-13-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20260214152040.3720549-1-adolf.belka@ipfire.org>

- Update from version 1.6.53 to 1.6.55
- Update of rootfile
- Three CVE fixes
- Changelog
    1.6.55
  Fixed CVE-2026-25646 (high severity):
    Heap buffer overflow in `png_set_quantize`.
    (Reported and fixed by Joshua Inscoe.)
  Resolved an oss-fuzz build issue involving nalloc.
    (Contributed by Philippe Antoine.)
    1.6.54
  Fixed CVE-2026-22695 (medium severity):
    Heap buffer over-read in `png_image_read_direct_scaled`.
    (Reported and fixed by Petr Simecek.)
  Fixed CVE-2026-22801 (medium severity):
    Integer truncation causing heap buffer over-read in `png_image_write_*`.
  Implemented various improvements in oss-fuzz.
    (Contributed by Philippe Antoine.)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/libpng | 2 +-
 lfs/libpng                     | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/rootfiles/common/libpng b/config/rootfiles/common/libpng
index 4983219e3..3a263172a 100644
--- a/config/rootfiles/common/libpng
+++ b/config/rootfiles/common/libpng
@@ -16,7 +16,7 @@ usr/lib/libpng.so
 #usr/lib/libpng16.la
 usr/lib/libpng16.so
 usr/lib/libpng16.so.16
-usr/lib/libpng16.so.16.53.0
+usr/lib/libpng16.so.16.55.0
 #usr/lib/pkgconfig/libpng.pc
 #usr/lib/pkgconfig/libpng16.pc
 #usr/share/man/man3/libpng.3
diff --git a/lfs/libpng b/lfs/libpng
index 089f22f5b..cadba768d 100644
--- a/lfs/libpng
+++ b/lfs/libpng
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.6.53
+VER        = 1.6.55
 
 THISAPP    = libpng-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 62e28068e1885305828fff3296b19a7d61e11a52ca425be91289e17087be2c42f06ea2df000169632cc556b398cdcb4784a639879e038962310c53becae779f6
+$(DL_FILE)_BLAKE2 = 2fd88e6e9f4e72edbafbfdd6d8e78522033920a250f8cb37f29ba8e9593cdf006b06f4e73de4e83fc5ddaaa3725362f27f5a16727ae841fd8969b74f28517ec4
 
 install : $(TARGET)
 
-- 
2.53.0

next prev parent reply	other threads:[~2026-02-14 15:20 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-14 15:20 [PATCH] core201: Ship hwdata Adolf Belka
2026-02-14 15:20 ` [PATCH] core201: Ship intel-microcode Adolf Belka
2026-02-14 15:20 ` [PATCH] core201: Ship libgcrypt Adolf Belka
2026-02-14 15:20 ` [PATCH] core201: Ship libpng Adolf Belka
2026-02-14 15:20 ` [PATCH] core201: Ship libuv Adolf Belka
2026-02-14 15:20 ` [PATCH] core201: Ship openvpn Adolf Belka
2026-02-14 15:20 ` [PATCH] core201: Ship vim Adolf Belka
2026-02-14 15:20 ` [PATCH] git: Update to version 2.53.0 Adolf Belka
2026-02-14 15:20 ` [PATCH] hwdata: Update to version 0.404 Adolf Belka
2026-02-14 15:20 ` [PATCH] intel-microcode: Update to version 20260210 Adolf Belka
2026-02-14 15:20 ` [PATCH] less: Update to version 692 Adolf Belka
2026-02-14 15:20 ` [PATCH] libgcrypt: Update to version 1.12.0 Adolf Belka
2026-02-14 15:20 ` Adolf Belka [this message]
2026-02-14 15:20 ` [PATCH] libtalloc: Update to version 2.4.4 Adolf Belka
2026-02-14 15:20 ` [PATCH] libuv: Update to version 1.52.0 Adolf Belka
2026-02-14 15:20 ` [PATCH] nfs: Update to version 2.8.5 Adolf Belka
2026-02-14 15:20 ` [PATCH] openvpn: Update to version 2.6.19 Adolf Belka
2026-02-14 15:20 ` [PATCH] p11-kit: Update to version 0.26.2 Adolf Belka
2026-02-14 15:20 ` [PATCH] postfix: Update to version 3.10.7 Adolf Belka
2026-02-14 15:20 ` [PATCH] vim: Update to version 9.1.2147 Adolf Belka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260214152040.3720549-13-adolf.belka@ipfire.org \
    --to=adolf.belka@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox