libpng: Update to version 1.6.58
Commit Message
- Update from version 1.6.56 to 1.6.58
- Update of rootfile
- CVE fix applied in 1.6.57
- Changelog
1.6.58
Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE`
to return stale palette data after applying gamma and background transforms
in-place.
(Reported by ralfjunker <ralfjunker@users.noreply.github.com>.)
1.6.57
Fixed CVE-2026-34757 (medium severity):
Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST`
leading to corrupted chunk data and potential heap information disclosure.
Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`,
`png_set_unknown_chunks`) against a theoretical variant of the same
aliasing pattern.
(Reported by Iv4n <Iv4n550@users.noreply.github.com>.)
Fixed integer overflow in rowbytes computation in read transforms.
(Contributed by Mohammad Seet.)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/rootfiles/common/libpng | 2 +-
lfs/libpng | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
@@ -16,7 +16,7 @@ usr/lib/libpng.so
#usr/lib/libpng16.la
usr/lib/libpng16.so
usr/lib/libpng16.so.16
-usr/lib/libpng16.so.16.56.0
+usr/lib/libpng16.so.16.58.0
#usr/lib/pkgconfig/libpng.pc
#usr/lib/pkgconfig/libpng16.pc
#usr/share/man/man3/libpng.3
@@ -24,7 +24,7 @@
include Config
-VER = 1.6.56
+VER = 1.6.58
THISAPP = libpng-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = f653a3177e0910fc156a792d5522fc2a0c04ce0bb43eabb68e06922303dcf6062d8f9b570440bfe1a94ac1b901ef6e9c32b6882d0f4a406e5a9090ea3396f89a
+$(DL_FILE)_BLAKE2 = 51042e8f2b56d469b516db9cbde6d4b6813a62d1b7117898ba32a9a5ac5cd73832c627d7377745e5d5154aade6ec6928fc6b9cd9b96885f64b7ca7df19ca40ec
install : $(TARGET)