From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 06 Dec 2025 20:00:10 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vRxVq-008czQ-0O for lore@lore.pengutronix.de; Sat, 06 Dec 2025 20:00:10 +0100 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1vRxVp-0002Mk-U4; Sat, 06 Dec 2025 20:00:09 +0100 Received: from mail-westeuropeazon11021117.outbound.protection.outlook.com ([52.101.70.117] helo=AS8PR04CU009.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1vRxVS-0002MJ-Uu for ptxdist@pengutronix.de; Sat, 06 Dec 2025 19:59:49 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fDv7XSI0GYPvtTUX2rz5Y3P+OpIXHZoJOoz9UC+0ZM2yZ352PmOnm/kWvSL4YEOUtvE1qKp9WjMzC/StyJeDW16bhSqajREdi2QoNSYhtNh9gagSYaaBz2bvhZguoHYObYrR0+75XOdzvx9XXOWKP9f4CqJ80mFpwNrJhTAlsFdv8r/NuUrVgoQtt5IfHyCafPj07x90J2wtmfL2ldh50TnAKCSpOL2bndN28KACCNKSWMe+KPBUrOMohkAUtE2jska8kqmPlI3zI4/BvwE/wBsuKCS9y0BOa/bqTzKIepKR5AdUOxuy4kSR681l2L082ygHHpV+P1Vv1V9bxM6icA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RNs0100soi5Agrh64azpE9cKA8coCS1RI9t3PKfLXoQ=; b=byhcETBYQrbJx/BmwALVC2ENQPLFJTYOH1BHVDk7oXpPXWPxHEXYKnjy/iVB4J27qv0oKL8TGeKs0erChU+1bvAqm+i+rEU7OZMVougE1NTScZskn9wuRhxyONV09TtRoXXV/wGsQsxERDgK248UmugKt8kqTXF+pY568KoSnywCeVNj9hDITcDwYjBBpyp3GsV6s+CYTaSfibPUZrMmYW/uynsAEfI+jHf5jKnFAvI/3xfKlFxmrTVo5yLrf4UwTL0hxwbQapJNVWdtc86ru9xti8cgBcE8WkJOzT98eHjHso4Hob7leDFbgPOxfspWeMJBbu2VQgP/zBwBpKz02A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RNs0100soi5Agrh64azpE9cKA8coCS1RI9t3PKfLXoQ=; b=aUzYKgPWB2QA3eS/LQdfQ0X2IJMRSXuapMRZO0yTWEnWJWonPklgA8GHxWNg2eJy7ByUNovr+aHXlKZErLeAYtqkPIPQm6mKRFOylLSa2kRdzCE+2VIWk9uDsfVu/eY71eilHFeSdCzGYesItc8BOoBaD7SyTTpqpa/W+97x7rA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by AS8P251MB0068.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:34f::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9388.9; Sat, 6 Dec 2025 18:59:43 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%6]) with mapi id 15.20.9412.004; Sat, 6 Dec 2025 18:59:43 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Sat, 6 Dec 2025 19:59:23 +0100 Message-ID: <20251206185923.3135342-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.43.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3P280CA0017.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:b::15) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|AS8P251MB0068:EE_ X-MS-Office365-Filtering-Correlation-Id: ae281ffd-e021-4ae0-c678-08de34f99dbf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|376014|366016|52116014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?j+j3oXJVwEFsz+0LCrwCADUTxwWwCaF2g5gTA9+zfqkYw/p0u2a1mF9z2UxX?= =?us-ascii?Q?Hv+ZzdHmCdcaL2oYC0h/2vhn51vmFgLJ/gDEHbyvUGnY5cmWoMh1hmyyfdNh?= =?us-ascii?Q?f+uxx0KsB8OI2kO4BDr5XOv8kPSGx58FMyPUafhv7K4ssje19ssAqbqMqCmn?= =?us-ascii?Q?vB6y9rIhE7yvNMY8bhdQHnOlG1U/qJajJe83M9X46QsafSCZUnkbjKXQ5grC?= =?us-ascii?Q?GJrGpDHewyN3/TfjwbajdtVIyWoFiSHFFbkEenFhc6M91TUddE+3+69jitNa?= =?us-ascii?Q?lDHufXX1ZR7sidAr+xMZc3d+NanE1jt2ZW5GXJTYEsgnfcHmfeIz/Jxu8uEm?= =?us-ascii?Q?xxpWmfDS+l7UA4t+hb7MEQqIlYPLyBjptmM60w9LoqDB6UZ67v8qtf2YgUcs?= =?us-ascii?Q?J0y08DTk2USQCOsr7VgFGqY26srWAvkFfc1vaVd09TZmmgwxyRNoybagWNMA?= =?us-ascii?Q?GlADH0olGRBASlyt8WkOQIzGdjpqtKJyNkSbCpZE2Ro5320/xoMx7a125ZNY?= =?us-ascii?Q?RDej9wF8acU+G/BlhhKwi/3hCK3V0OYGk/gYfn3vhks6vl7hC9P3xdoYrCtz?= =?us-ascii?Q?GklIJWYxEClHvdzkSRQuJ3v66i6bmhaoPW4g5x1jeAU4uCGhlM6uTyrO0uEa?= =?us-ascii?Q?57e/q8twLVkZq+bGJ8SCbrQZj5nvNg+/Rw+OLLGDKP8WEuHCIQWqs3yssdTR?= =?us-ascii?Q?GffwP4/pp/axVoBc2fDBLfT1cPWDX6a8WrGpcJd2OwQtPxuXCBGDu1noPr+g?= =?us-ascii?Q?5fi+rqxYcUWhzeiUBxy5oiLMOtMYhFTsRlbj+xEiaZvYR42c0YQ8MAuolDZN?= =?us-ascii?Q?/eOcBcwWBrlaShCzKBKQ8ZsA596IXiQvma+2PhoXaQZ3o0YEcrjhO1MWkCwY?= =?us-ascii?Q?qd6KrQyNciTbFe/U0HEhFpW+qMq+ioVX30K+AB40J7rmdl+YUoe+UyU/vUCf?= =?us-ascii?Q?xk7KLvfxVtIYALSYXsPuaj44qwniJCXERr6IbNi0EPemx97qPVhK2osXQCB3?= =?us-ascii?Q?4hylnbJFdP0lS5nOCqKVaFArqVouyw7vWbrH634d0MKRm0cuOzYY1DxjRCls?= =?us-ascii?Q?36I1PZk9Bx7nLiMhu5Qqt87Mr190p63dNjryat0IiEIB+V4sWGYiIk+/iB+T?= =?us-ascii?Q?SPZ5fS0kEJc28O0w5b/FJl5uRpCGeUfxs3SKwpo2VVmrXZv+rDu7VYsxsciQ?= =?us-ascii?Q?OFKZEaKPXX6JjioGrOsknJCEfF/ExtYrN4lmUap01vDtv1GcX4bWInVfZpSB?= =?us-ascii?Q?O73GB8yknC+Zq38AqaTNUg+OeI5CPNKy2GuON5+IzrTiYBmXCqW++zVMOfox?= =?us-ascii?Q?Ukjf8wCTRD3hor0mKrZBLPV4eSEfuVs1aLVQemK/THTmYaFzU7yH90KHtng3?= =?us-ascii?Q?6hznIhfdKRrcMmAuxLtUzjiZK7cfKf62wUhDGMr/GVVnZR55XyFlINqzNrfk?= =?us-ascii?Q?S2i0sl24OVmHkqzyKXXIDcg6AjwMwdrTep55/bydx/08GQg8A8Vq3KwHIxAD?= =?us-ascii?Q?Us5osCQ4Dxy25dRE7BvbZTvsUxJlV2R5yJGX?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(376014)(366016)(52116014)(1800799024)(38350700014); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1WMeDeT0ULsz1xdJ5Z0kE6+BS5PlFw1PQSPfNja+uW5mmgbxRQWbKO6ZrRKp?= =?us-ascii?Q?a7BI2J13IAoPhEAY8p+5FCoYx2NVe1jk4ogd/arrZ1sOWU+tSjqvZhLcr/fL?= =?us-ascii?Q?nuvrbgtoZy4Qp1Ev2wkT3S9SupowNB4kgAdjDUoiaabh1pVmRxDo9VYnFvTn?= =?us-ascii?Q?J/FDDtHHQi/A1n9gppKj/JtF9NBQpu9DCLjK16v+vSUX6Sred1OTlH/raOUr?= =?us-ascii?Q?kGTFEqV2DMSIy6ysc9zqmHlXDO9wdVgFpe5/I6rN/Mu2A3wl0ikIh3hb5jkg?= =?us-ascii?Q?BsFxhpD7iL6yzit8gvghmzYgzPVbTXcQS0cSDP7xYgri0rRfkbl3Zz1UYY3q?= =?us-ascii?Q?cCMYYhdDG7F/yXYqfHmOTOSTMxSLRVyaqTsSbQC0zC4HFosoSS/uC5b/n2jS?= =?us-ascii?Q?rkSGA8DdBteba45qNXkjYUmbMxDgZBGRPMScJG+jKe6+DtpELfw6mYSW0BOv?= =?us-ascii?Q?JGC4zHVYCJgzWmHkXtMsVWVVWcEMmvGjhMrYU4co5O005mZxpiIy5cpT8GJK?= =?us-ascii?Q?TZmCCfhC3I7G0NrFV5rrhnY/ZtNnJDF+fArPioRI8EFej3Ht+H0+4XM67tf9?= =?us-ascii?Q?jArAKIIamGghSvEDOjcmx3YsRa8XcrQLYNi7PIc7xoKd4OcXOoUnjtreuej+?= =?us-ascii?Q?4Mi9qnmpB3YsBLY715huq94ROsiOqXoSrFVWKMGogK5a6YMLa3/q9yRpZPaY?= =?us-ascii?Q?fIXI24Vl9aILu1398F/TceaKpDZaEfmQ3nNrpQ+7SzcILP52NuJyDB5d1z7S?= =?us-ascii?Q?Uvoz7zurcwCfElhmwIZe91TKCIsGmO7UsdvJrcC4ad7KudVjTkLjnQ/RzZ5I?= =?us-ascii?Q?gC9uvZhXJ2isfbU92EUQQpakvEquLU+7bwWASjd6STr6dw4i+j4BxkLNFXdM?= =?us-ascii?Q?2MDBRB+GrpSyGBFpzAbH3ZV/kpdbVw+x+HXmpdR8mR3Oqj2XxbTdIkgN867U?= =?us-ascii?Q?jSZgj7TdHKV85YvyJrdMMjmEY0+U+MBBn5jzWwcIKB0N9rm3FvmsWfwA8g+Z?= =?us-ascii?Q?S4cMDjpWWsV10b3fnabmJ2SQ1LLFzpBfwzFxqJd9yXHOmLFLJlEt6slcpqgF?= =?us-ascii?Q?V6q6qE6y4vloXnQxFlv20EjdGOa28n/WR1fIAnIF9jBsEwwOFiqvxGCyE27M?= =?us-ascii?Q?+8GgDS46/MtnJekJ8yIa+n4NQrEhTM3BIQJbv6e7ows5ELvzlNsIyha70ci8?= =?us-ascii?Q?fTpEW/FMmHJ78PVrIjzRg2cvW00bhLQ487I8eBpdAVxYsRFYGsFgRwEoYm+Z?= =?us-ascii?Q?z42ZNXgnoZxf4hBU/BBY3Ssd6G9e+cRxH4ct1wpx9zPKSX3vQZzjXtvC/sWe?= =?us-ascii?Q?Sd2CJ6PEYPeNX/PAIcYd3Tfm+xN9XjysYnhl56efiJGeh3Ul7V4NMt/m8xLB?= =?us-ascii?Q?fm7Gl3dyZ1ImLDyBz7AKWywWC9LYhBrS684JdYtRN+v5cIaI1g25wfzi5+Dw?= =?us-ascii?Q?WJaRcPrWXEX9Kdj05giYrWqMlnNJH+Fu32Ekai4s07xqfFQbzA/ac2bcfxkQ?= =?us-ascii?Q?rjNLcy1KmL9ay1ys5dVHNFr+Gl1AW/E9K/U1iKK0Tgv3mWRs23tAzdlchzAv?= =?us-ascii?Q?LCUAo3mkbyi96Wx7xUknx6q1/udn6fMbMKnZOMzL0Xxb9aLaJO+WtSlPheEk?= =?us-ascii?Q?nQ=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: ae281ffd-e021-4ae0-c678-08de34f99dbf X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Dec 2025 18:59:43.3907 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: iYKfDUAltQnTOXabhqB0CLvvmRREslY4SAZLyDgi1uIcp0FiWY+EWdEUzYQE7fMxed2OX2fJXlHt1nDaHYYwrZpU944BATewqQxnwh7kojg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P251MB0068 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libpng: Version bump. 1.6.51 -> 1.6.52 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Security fix. https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES Plugs CVE: CVE-2025-66293 - Out-of-bounds read in `png_image_read_composite`. Signed-off-by: Christian Melki --- rules/libpng.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libpng.make b/rules/libpng.make index 86eed1ae5..d7fed2054 100644 --- a/rules/libpng.make +++ b/rules/libpng.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng # # Paths and names # -LIBPNG_VERSION := 1.6.51 -LIBPNG_MD5 := 8781d5eb8285ac70100b75a1d2a5fc5e +LIBPNG_VERSION := 1.6.52 +LIBPNG_MD5 := a496982a92ec964e7ca7be4580ee466f LIBPNG := libpng-$(LIBPNG_VERSION) LIBPNG_SUFFIX := tar.xz LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX)) -- 2.43.0