libpng: Update to version 1.6.55
Commit Message
- Update from version 1.6.53 to 1.6.55
- Update of rootfile
- Three CVE fixes
- Changelog
1.6.55
Fixed CVE-2026-25646 (high severity):
Heap buffer overflow in `png_set_quantize`.
(Reported and fixed by Joshua Inscoe.)
Resolved an oss-fuzz build issue involving nalloc.
(Contributed by Philippe Antoine.)
1.6.54
Fixed CVE-2026-22695 (medium severity):
Heap buffer over-read in `png_image_read_direct_scaled`.
(Reported and fixed by Petr Simecek.)
Fixed CVE-2026-22801 (medium severity):
Integer truncation causing heap buffer over-read in `png_image_write_*`.
Implemented various improvements in oss-fuzz.
(Contributed by Philippe Antoine.)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/libpng | 2 +-
lfs/libpng | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
@@ -16,7 +16,7 @@ usr/lib/libpng.so
#usr/lib/libpng16.la
usr/lib/libpng16.so
usr/lib/libpng16.so.16
-usr/lib/libpng16.so.16.53.0
+usr/lib/libpng16.so.16.55.0
#usr/lib/pkgconfig/libpng.pc
#usr/lib/pkgconfig/libpng16.pc
#usr/share/man/man3/libpng.3
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 1.6.53
+VER = 1.6.55
THISAPP = libpng-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 62e28068e1885305828fff3296b19a7d61e11a52ca425be91289e17087be2c42f06ea2df000169632cc556b398cdcb4784a639879e038962310c53becae779f6
+$(DL_FILE)_BLAKE2 = 2fd88e6e9f4e72edbafbfdd6d8e78522033920a250f8cb37f29ba8e9593cdf006b06f4e73de4e83fc5ddaaa3725362f27f5a16727ae841fd8969b74f28517ec4
install : $(TARGET)