From patchwork Sat Feb 14 15:20:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9511 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4fCt663tlRz3xnK for ; Sat, 14 Feb 2026 15:21:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4fCt634L0tz5hG for ; Sat, 14 Feb 2026 15:20:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4fCt5x2Cd2z36X7 for ; Sat, 14 Feb 2026 15:20:53 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4fCt5r4wgKz32fW for ; Sat, 14 Feb 2026 15:20:48 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4fCt5q2p55z5l4; Sat, 14 Feb 2026 15:20:47 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1771082447; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eiH0nHXXQ7SlU3VpCrHKMk3ZCE7yN++cYTAw+jtv3FA=; b=hajMV8LpheyNB0vjEzgK6gMWMx6lmj7VI5tFymqE1wM7nOU4tStOfTVKP/KL1eYRza9D7M JoKL5BlYZ8uR8HCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1771082447; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eiH0nHXXQ7SlU3VpCrHKMk3ZCE7yN++cYTAw+jtv3FA=; b=fZk5oI1rYshx8Cfzjc8Ozy6jeUyY47NpUb+UN5NI7OvZJglPGr8sEmOlrocjv0HPAGIZ9P gYnS3NQp0SiaQOiSY9Rey6irjCGwKvr8wy7tj0QmiIkN4QGcUAC5xswbdK7Q/FVDxr30Uj 0mHsqsyRpZH8hOrxoU21htcLzSJSh/Ib3jXZKmkvxHD+FI6bZICol5VQHPF1e6bICJQJw2 eRHzNB5XD5cwD6AttpT6e3KcZXJDcBMYgUnuPVoLBEkzk2ndISjFuVQwG3l+FXlGpRzqDR jK1I50t9RlXb+kdouJHLzPNexv7qouKMxuR/zmxb7SCSMtcyyWTUmIaiYwMBSA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] libpng: Update to version 1.6.55 Date: Sat, 14 Feb 2026 16:20:33 +0100 Message-ID: <20260214152040.3720549-13-adolf.belka@ipfire.org> In-Reply-To: <20260214152040.3720549-1-adolf.belka@ipfire.org> References: <20260214152040.3720549-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 1.6.53 to 1.6.55 - Update of rootfile - Three CVE fixes - Changelog 1.6.55 Fixed CVE-2026-25646 (high severity): Heap buffer overflow in `png_set_quantize`. (Reported and fixed by Joshua Inscoe.) Resolved an oss-fuzz build issue involving nalloc. (Contributed by Philippe Antoine.) 1.6.54 Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in `png_image_read_direct_scaled`. (Reported and fixed by Petr Simecek.) Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in `png_image_write_*`. Implemented various improvements in oss-fuzz. (Contributed by Philippe Antoine.) Signed-off-by: Adolf Belka --- config/rootfiles/common/libpng | 2 +- lfs/libpng | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libpng b/config/rootfiles/common/libpng index 4983219e3..3a263172a 100644 --- a/config/rootfiles/common/libpng +++ b/config/rootfiles/common/libpng @@ -16,7 +16,7 @@ usr/lib/libpng.so #usr/lib/libpng16.la usr/lib/libpng16.so usr/lib/libpng16.so.16 -usr/lib/libpng16.so.16.53.0 +usr/lib/libpng16.so.16.55.0 #usr/lib/pkgconfig/libpng.pc #usr/lib/pkgconfig/libpng16.pc #usr/share/man/man3/libpng.3 diff --git a/lfs/libpng b/lfs/libpng index 089f22f5b..cadba768d 100644 --- a/lfs/libpng +++ b/lfs/libpng @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team # +# Copyright (C) 2007-2026 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 1.6.53 +VER = 1.6.55 THISAPP = libpng-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 62e28068e1885305828fff3296b19a7d61e11a52ca425be91289e17087be2c42f06ea2df000169632cc556b398cdcb4784a639879e038962310c53becae779f6 +$(DL_FILE)_BLAKE2 = 2fd88e6e9f4e72edbafbfdd6d8e78522033920a250f8cb37f29ba8e9593cdf006b06f4e73de4e83fc5ddaaa3725362f27f5a16727ae841fd8969b74f28517ec4 install : $(TARGET)