From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 24 Nov 2025 19:15:32 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNb64-004TL5-1F for lore@lore.pengutronix.de; Mon, 24 Nov 2025 19:15:32 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vNb64-0003ly-81; Mon, 24 Nov 2025 19:15:32 +0100 Received: from mail-northeuropeazlp170100001.outbound.protection.outlook.com ([2a01:111:f403:c200::1] helo=DB3PR0202CU003.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1vNb5v-0003ln-0W for ptxdist@pengutronix.de; Mon, 24 Nov 2025 19:15:23 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=q+HshBjJemPi5EoKo9HMx0IRdsu60GHxaaemO+11uncf+atH3i5D4YRCltdEhhDm6dA9wWMEg/ZFGUZ6pIpvwWAvDtK5QLS4hc3y+H4CFeonk+oQ9MR4uQPQH3tdAN6FwqJ523qRopVtI9p2Wu9AhLqpsxxzgtOY6a9pY7DPUfkzKpRHhUNNiU5fv98GjEH9klfjQXnwk2bQ0SQb5/gIB31YGqOJNncoT6GDKOns50DyA3RIEp3EvL3/SIkf0uKKI9X6c46jOtqOie0tYrzLyqaFR5bKDcu6J8+lJkn7AYl87e1JPldelM+myEzAX1yiKLz6FiLJd9Q0ZMVfzuZXvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=otkrlDhzi12A/+ybSLgfODc2rLDdQSfbhTk1xE8vh3Y=; b=IcQfxlHVn58wrLqGQP+5uzcn6gEKj8WNx0kxVmr1Gr0GoLn6fc1oJSWkEN3KViNyyrfOaZREPFD1JGFAJKTyI2kAXhYRmxZq3EKHaCBCcQPeiXEPgGQVCmO6Ofy9rKUFJbWEVlSisbc60p3zd0+A2vmEd6nN9c52Myx1cVgCWlOsri3c5+h+lmVj1EbI4tQKu3eySnwFZ6glGLOAsmvq/eNm6ks8NbixMZ07WyyM2Eq7TVqXtxyN3PFNZWFtj7C/2NrbyhLUhmYShW9cPrsk9ExKB3ZsLuvq5QLuqdaNuuRfxBzoyk2i3cbxmxwcBF51D3y5Q/TloEMV5vJ/klrCnw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=otkrlDhzi12A/+ybSLgfODc2rLDdQSfbhTk1xE8vh3Y=; b=MsSLiwNDpK7bNKCYYgPqgPCfwVoA2bOrW8/9RqO8mLJRVaC84hXSt1KvHay6EKyIYFOUxd/pXmtCwA0FiABFsY+KTSgk2bfGxtSA8gWIiaxHEYGVaVHIf49vMSzBW9JAf20k2O/FnyHT/3Gxro3yhFrTZRIc/KbdAi3rwauHSCI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by FRWP251MB1114.EURP251.PROD.OUTLOOK.COM (2603:10a6:d10:19b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9366.10; Mon, 24 Nov 2025 18:15:20 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%6]) with mapi id 15.20.9366.009; Mon, 24 Nov 2025 18:15:20 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Mon, 24 Nov 2025 19:15:14 +0100 Message-ID: <20251124181514.760559-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.43.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GVX0EPF00011B60.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:8:0:13) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|FRWP251MB1114:EE_ X-MS-Office365-Filtering-Correlation-Id: 4645cccc-b441-40e8-26a3-08de2b856d6d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|1800799024|376014|52116014|366016|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?MIbefC4tXTaFfgsUmeJQqPRvnXX4DSVIlGa3LnaeX159OyHzubGOWtszOtAR?= =?us-ascii?Q?+wIjHufF5FrKZbhz5om3t6gANVulMsXum6s0h+d1Y6JZuyIXueQ3I+LmZirv?= =?us-ascii?Q?TBonG/7O07+VY/qTaCfSlM3fLuZoQ4D9XCFxqFn+vi72JQ4H12YHbbWWFzui?= =?us-ascii?Q?HAfBAf+0kg8bPTKmjbT78gQF3cGIiFKkbTOZyHJBDIiuRsgijCU1EEktafD6?= =?us-ascii?Q?4uJtvtOFqBd0qFmpDl3PhVXZAdbw0Z+qIwTZeyD5e7FVGRCH+8JKLaEpUISG?= =?us-ascii?Q?GV0woyo1xOGyseSq46a9yYgN9AInoa0ln+FYwyWX2NT8luCIwbj15CCTyQc6?= =?us-ascii?Q?wrG4r95xwgl+NaNkQbRgfrU7tYp7lubsE8IGoHRFElGEv1+shq2Hy2JCzN+7?= =?us-ascii?Q?ZwRdQEoh/PjUgvWaMWw+OeaLR53crXx/Km+++l2thEa/KtwNMiT3zX95/TSl?= =?us-ascii?Q?UM5NaxfnmUTVx+763V/eNIs6ulOo3ow7dKVfPExrAgHOrboqjIBvID79HfmI?= =?us-ascii?Q?16uPRq1qXzWduOO02352df8XfRlfXQ2PEX/uRosxUUGXh7F2FyradrO76Sk+?= =?us-ascii?Q?oldbq6AAlrEzpL3LQfvXaHTyh9bUUlBMCR6NAbaAt93bKEgKSZUDJgczSSQ1?= =?us-ascii?Q?UqNJ6Tb/fuy7ybLEjJVVd0Xm16xR48uJ5MPIimf2mic/IqVH+CRWbiPCcrJ2?= =?us-ascii?Q?wEGjvz4R7wyUrWbP2kyCGNPI2yGD+ukL65STusj1UxdyMKoNgNgmrXM8DAcE?= =?us-ascii?Q?NEldxFuu+hrQTWTM34z9/PYkvrR6ykyl1L9X8x6ZsUu3gtv0SeH8uHTCBZbw?= =?us-ascii?Q?EcKobXYTiP36I2t8NhG3ZbrBP9tYCiLeR3WK/UYupiHMS5CSV/2DYFfeBlZ9?= =?us-ascii?Q?watoZMbo3SZu7KqENgncw9skvWvdid3p3ZuXIwAFQHD0Fu8fzSnCXIl2ebHa?= =?us-ascii?Q?/GqOg3r+k0IfxYYlMuuA+dBXLXM+6kFnE22EgnDRGiOv4mOkTNoOGHaY+dme?= =?us-ascii?Q?GdZAwvy3GqPYO6HtFhSaC/QT/C5EN6Qar6WIiAQrg7XRZBtAghOuUk2kGTaT?= =?us-ascii?Q?pq+4Ge3fcJUq8zImL4Q6a/4vjn/RbtylDo5wJmNVtaPtLhtU+P4XECQFZ7BH?= =?us-ascii?Q?kAoC2V/2c5pGVvdoIayl0Qf1p2+GZQSMXOGXCEsKrkEn1AlAlxzrTRPvQ8/4?= =?us-ascii?Q?GLKyDos4VpQuI55lkq4ClLJ21y/CrXkxa7kqB9BG0S252A0fbWpo+nmQcvNC?= =?us-ascii?Q?RztIQoEHAKtOEvrU2TtMIFViHJwYAkxjO5olqXvH0ITBrnWjrmvD6be4aGYz?= =?us-ascii?Q?9xpvNZE4w55h5u9nW6/+AJDt2Ih5La6+3bFzbwvWkVMTx7/hcb/0R4qATCxT?= =?us-ascii?Q?F3SN/32Ej5OMrpt17pKAU8X8/fu8SJNpWSvPXnZGh51FFUg6xGRdyEpG+/JO?= =?us-ascii?Q?uObhiv6gTvdJPfhIt8WoMCt7usuiymsYSkuuzaD2ZDpvcsnDKVo8eZGAbxqh?= =?us-ascii?Q?3fK4cMEedwZ1HgUXicH48V+d+JZFi4NDG9Uy?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(376014)(52116014)(366016)(38350700014); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?i6yP40iJEaOie6Y6G3tH9y9T8USo0Sk9UFvvKsgE90WjmuwiksZTYSNK0b6D?= =?us-ascii?Q?e26La09kxOkNragEaFrwK+v2a7dcQWrDmBgT9l2+SqeZryYEXtLmFYv5BGL4?= =?us-ascii?Q?LExAl31xuYVM+IqQLvlQ9gtovqlD+KTel0mvMu/9CUZjGF+ubwqoQkkoZi5U?= =?us-ascii?Q?+6yci5ktqq3iwiNJWN5ntqb72mGcNpafTb/a2eaY3XFaxkrqyQxdMiXdCFOy?= =?us-ascii?Q?XSEvmEZ+NpuCMk5aoXittPsS+a+DnC+WKlxP1ylu/sCVl0iuVWn5u96PTE+h?= =?us-ascii?Q?qE8fbn6LNxIdjI/RPXl7lAEyGI22OzS5+6kZWsi8SIuRIbN1qmEpNCNYnIXH?= =?us-ascii?Q?LLQPz+Vl970TER5joYC1XPqrOrfDFFvqtzeoXbXlFUZVYabbkKffpP1uBeUG?= =?us-ascii?Q?mF9LxgdJR6CeZ2mp1J6gzEnNv6adL5scEhA/p0lixnytLP1Xu1pCzhpoSrDz?= =?us-ascii?Q?Yzq0jUW0OH4ew/RC3XByfCrCxxiuWF4d1eMqqH0w6kQaN9lniHPj4NgehLe7?= =?us-ascii?Q?xPGHHEE4U1RG2pDxFIZGKD3bcvuz2O12Gn3RNrLUkQVbiIQQJK1vJm93yjqm?= =?us-ascii?Q?yXAvM1mBPOLk8OW7HBLPKWGYb0BRGJFvKv3LjzL5SIYkWd0F899Tvarqt4er?= =?us-ascii?Q?iFs49iu87YGYkyWCIDLKiraDdgHRZG7xII2J+TW1zo2nBX+vxgJvth07jM2e?= =?us-ascii?Q?GQHYM6uXm4eMy7VKRwAeEEd1A0gpMVyA1Zb/el/dijkKCdKKFdonMcuxtjrX?= =?us-ascii?Q?toF/ynI+uzrExo3V3/tMhJ745SM4n3isCcoBqtLfwOD0t4DMWWf/7rZIYiD+?= =?us-ascii?Q?XsNtA4Xy82PZaid9KQBtCOSX2c/m77wCb+Ee/+eJXaPSv0ATvGcHbmfc2CeJ?= =?us-ascii?Q?cQ9PK7HXko3MeMP70S9ZmLcndTYvLj8HmEcOhXdLdb3OMqf8S+wviVQqev4f?= =?us-ascii?Q?yUSP4w80NzlRZT1AFLudA5ZRERiLojeJzIQHkyCtY6wWFHYRKvsvJLdMa/zR?= =?us-ascii?Q?8Kb0rsAySYViHp/5Ci4wzipVSLM/QoVnhQsrk2ZEa9wRQinRPC3OE3xcR2q9?= =?us-ascii?Q?FeVjsAC16dJogLjd7jN3kSZTf/TtWkj3TqPC+PnOtzIGMoh1edMpv/CW8liw?= =?us-ascii?Q?Fd1bT37zN9VJbTJhYKtnP3lxg9ipT/mhzwmbHo9vs2QTYl/k/FOXGIYchZ3C?= =?us-ascii?Q?y55ktRovtd2z0Cf3Vfv3pXf39l4pOrCWOl9IWK0c6Zh6hS0tSKLkSUzWOCvR?= =?us-ascii?Q?QodYHVXrWfPJM6iVcehkb6fhB2NHUUd/PkVVpgpbxpvhErOKWDg2xVsV3CEE?= =?us-ascii?Q?zg1RvBoHUqV0paEvLJv8OUPm6rOEKFXAGN96Idzb1V6zw2xyaWpUATqjcDi8?= =?us-ascii?Q?dfmksupFcGX4l2Nt//jahACOrXMTM/0Hf6PP4iHIfbLYNznY/UteFTdEMfEl?= =?us-ascii?Q?n5SLXdqS292vMddlMRKy9WRpAiC3tY8MujnNOdnxZH7+s7AajPP213W5yEOn?= =?us-ascii?Q?QFS2OLrdNzpDva/ZEZW1KhwRuVjBqk9vdXm/YEennCBaw9daJHHTZGgn+e8N?= =?us-ascii?Q?MGVS1IwA9X5VtN4auhjrbDdwMdiB7MyH9dKH03qAa9BcboKoAn7mIctVOOLI?= =?us-ascii?Q?Ww=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4645cccc-b441-40e8-26a3-08de2b856d6d X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2025 18:15:20.2103 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OVRBdgazWlU/RfSGkJCW49qwNwEfvEj30JC+Z2pN3wSz/Mp/VKA0utfrLSddosk8AYJRo0ZWyw19V/FtKI9fb9QLQ7osbC4YL2iSXwginE4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: FRWP251MB1114 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libpng: Version bump. 1.6.50 -> 1.6.51 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Security fixes. https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES Plugs CVEs: CVE-2025-64505: Heap buffer overflow in `png_do_quantize` via malformed palette index. CVE-2025-64506: Heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled. CVE-2025-64720: Buffer overflow in `png_image_read_composite` via incorrect palette premultiplication. CVE-2025-65018: Heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`. Pretty bad, suggest update. Signed-off-by: Christian Melki --- rules/libpng.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libpng.make b/rules/libpng.make index 5b0fa8977..8ed76aa67 100644 --- a/rules/libpng.make +++ b/rules/libpng.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng # # Paths and names # -LIBPNG_VERSION := 1.6.50 -LIBPNG_MD5 := e583e61455c4f40d565d85c0e9a2fbf9 +LIBPNG_VERSION := 1.6.51 +LIBPNG_MD5 := 8781d5eb8285ac70100b75a1d2a5fc5e LIBPNG := libpng-$(LIBPNG_VERSION) LIBPNG_SUFFIX := tar.xz LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX)) -- 2.43.0