diff mbox series

libpng: Update to version 1.6.51

Message ID	20251202115747.50373-6-adolf.belka@ipfire.org
State	Staged
Commit	67fdbe0b3b7ce4f01742a274141e3e850bf439d9
Headers	From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Cc: Adolf Belka <adolf.belka@ipfire.org> Subject: [PATCH] libpng: Update to version 1.6.51 Date: Tue, 2 Dec 2025 12:57:44 +0100 Message-ID: <20251202115747.50373-6-adolf.belka@ipfire.org> In-Reply-To: <20251202115747.50373-1-adolf.belka@ipfire.org> References: <20251202115747.50373-1-adolf.belka@ipfire.org> Precedence: list Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	libpng: Update to version 1.6.51 \| libpng: Update to version 1.6.51

Commit Message

Adolf Belka 2 Dec 2025, 11:57 a.m. UTC

- Update from version 1.6.50 to 1.6.51
- Update of rootfile
- Four CVE fixes
- Changelog
    1.6.51
	  Fixed CVE-2025-64505 (moderate severity):
	    Heap buffer overflow in `png_do_quantize` via malformed palette index.
	    (Reported by Samsung; analyzed by Fabio Gritti.)
	  Fixed CVE-2025-64506 (moderate severity):
	    Heap buffer over-read in `png_write_image_8bit` with 8-bit input and
	    `convert_to_8bit` enabled.
	    (Reported by Samsung and <weijinjinnihao@users.noreply.github.com>;
	    analyzed by Fabio Gritti.)
	  Fixed CVE-2025-64720 (high severity):
	    Buffer overflow in `png_image_read_composite` via incorrect palette
	    premultiplication.
	    (Reported by Samsung; analyzed by John Bowler.)
	  Fixed CVE-2025-65018 (high severity):
	    Heap buffer overflow in `png_combine_row` triggered via
	    `png_image_finish_read`.
	    (Reported by <yosiimich@users.noreply.github.com>.)
	  Fixed a memory leak in `png_set_quantize`.
	    (Reported by Samsung; analyzed by Fabio Gritti.)
	  Removed the experimental and incomplete ERROR_NUMBERS code.
	    (Contributed by Tobias Stoeckmann.)
	  Improved the RISC-V vector extension support; required RVV 1.0 or newer.
	    (Contributed by Filip Wasil.)
	  Added GitHub Actions workflows for automated testing.
	  Performed various refactorings and cleanups.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/libpng | 2 +-
 lfs/libpng                     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff mbox series

Patch

diff --git a/config/rootfiles/common/libpng b/config/rootfiles/common/libpng
index 5f3f801d5..9dfdef5c6 100644
--- a/config/rootfiles/common/libpng
+++ b/config/rootfiles/common/libpng
@@ -16,7 +16,7 @@  usr/lib/libpng.so
 #usr/lib/libpng16.la
 usr/lib/libpng16.so
 usr/lib/libpng16.so.16
-usr/lib/libpng16.so.16.50.0
+usr/lib/libpng16.so.16.51.0
 #usr/lib/pkgconfig/libpng.pc
 #usr/lib/pkgconfig/libpng16.pc
 #usr/share/man/man3/libpng.3
diff --git a/lfs/libpng b/lfs/libpng
index e181be4e3..545b3efef 100644
--- a/lfs/libpng
+++ b/lfs/libpng
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 1.6.50
+VER        = 1.6.51
 
 THISAPP    = libpng-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 2191536b4448d3a058b9dbb31f3d780959c9daf7b104550cc89e8ae984a3c9f01b86bf6c6708983989b4bfbe7232e3716b8a3b8cd3313a12c31e0623b6241d11
+$(DL_FILE)_BLAKE2 = 2d1ee36f9796e90a533abf26597df82c39cfab42f8d4044d35e0fdbab65612b9fc0234780677e2ea758450db9815b9d30870e8024bcebc0170c87361b7c4cc0a
 
 install : $(TARGET)