* [ptxdist] [PATCH] libpng: Version bump. 1.6.53 -> 1.6.54
@ 2026-01-15 20:12 Christian Melki
2026-01-23 15:02 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Christian Melki @ 2026-01-15 20:12 UTC (permalink / raw)
To: ptxdist
Security fixes.
https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES
Plugs CVEs:
CVE-2026-22695: Heap buffer over-read in png_image_read_direct_scaled.
CVE-2026-22801: Integer truncation causing heap buffer over-read in png_image_write_*
* License hash changed, copyright year updates.
Signed-off-by: Christian Melki <christian.melki@t2data.com>
---
rules/libpng.make | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/rules/libpng.make b/rules/libpng.make
index 7bd6d2376..f69de3e08 100644
--- a/rules/libpng.make
+++ b/rules/libpng.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng
#
# Paths and names
#
-LIBPNG_VERSION := 1.6.53
-LIBPNG_MD5 := 0d95e8af31991e976811bbf55f693d2d
+LIBPNG_VERSION := 1.6.54
+LIBPNG_MD5 := ba9e86853c794d111398b66a42bfa0dc
LIBPNG := libpng-$(LIBPNG_VERSION)
LIBPNG_SUFFIX := tar.xz
LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX))
@@ -25,7 +25,7 @@ LIBPNG_SOURCE := $(SRCDIR)/$(LIBPNG).$(LIBPNG_SUFFIX)
LIBPNG_DIR := $(BUILDDIR)/$(LIBPNG)
LIBPNG_LICENSE := libpng-2.0
LIBPNG_LICENSE_FILES := \
- file://LICENSE;md5=5516d77a3cf75f55a0d37254e3e65a20
+ file://LICENSE;md5=9dc350edbbbee660c7d9af79487168f2
# ----------------------------------------------------------------------------
# Prepare
--
2.43.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] libpng: Version bump. 1.6.53 -> 1.6.54
2026-01-15 20:12 [ptxdist] [PATCH] libpng: Version bump. 1.6.53 -> 1.6.54 Christian Melki
@ 2026-01-23 15:02 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2026-01-23 15:02 UTC (permalink / raw)
To: ptxdist; +Cc: Christian Melki
Thanks, applied as 94c0f1589817c397dc57e6bcaa097c0766d20ad8.
Michael
[sent from post-receive hook]
On Fri, 23 Jan 2026 16:02:08 +0100, Christian Melki <christian.melki@t2data.com> wrote:
> Security fixes.
> https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES
>
> Plugs CVEs:
> CVE-2026-22695: Heap buffer over-read in png_image_read_direct_scaled.
> CVE-2026-22801: Integer truncation causing heap buffer over-read in png_image_write_*
>
> * License hash changed, copyright year updates.
>
> Signed-off-by: Christian Melki <christian.melki@t2data.com>
> Message-Id: <20260115201203.1824095-1-christian.melki@t2data.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/libpng.make b/rules/libpng.make
> index 7bd6d2376c1b..f69de3e081f5 100644
> --- a/rules/libpng.make
> +++ b/rules/libpng.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng
> #
> # Paths and names
> #
> -LIBPNG_VERSION := 1.6.53
> -LIBPNG_MD5 := 0d95e8af31991e976811bbf55f693d2d
> +LIBPNG_VERSION := 1.6.54
> +LIBPNG_MD5 := ba9e86853c794d111398b66a42bfa0dc
> LIBPNG := libpng-$(LIBPNG_VERSION)
> LIBPNG_SUFFIX := tar.xz
> LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX))
> @@ -25,7 +25,7 @@ LIBPNG_SOURCE := $(SRCDIR)/$(LIBPNG).$(LIBPNG_SUFFIX)
> LIBPNG_DIR := $(BUILDDIR)/$(LIBPNG)
> LIBPNG_LICENSE := libpng-2.0
> LIBPNG_LICENSE_FILES := \
> - file://LICENSE;md5=5516d77a3cf75f55a0d37254e3e65a20
> + file://LICENSE;md5=9dc350edbbbee660c7d9af79487168f2
>
> # ----------------------------------------------------------------------------
> # Prepare
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-01-23 15:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-15 20:12 [ptxdist] [PATCH] libpng: Version bump. 1.6.53 -> 1.6.54 Christian Melki
2026-01-23 15:02 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox