From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 27 Mar 2026 22:33:59 +0100 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w6EoZ-005r20-2u for lore@lore.pengutronix.de; Fri, 27 Mar 2026 22:33:59 +0100 Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1w6EoZ-0006SW-PL; Fri, 27 Mar 2026 22:33:59 +0100 Received: from mail-northeuropeazon11022110.outbound.protection.outlook.com ([52.101.66.110] helo=DUZPR83CU001.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1w6EoP-0006Qk-IS for ptxdist@pengutronix.de; Fri, 27 Mar 2026 22:33:51 +0100 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=tT34IkCTKgwtWDJP2KSO1xSMaxYaiUG7vLLvxDIAzLD0S/+QR72CjMc+qn8dbH8FVbBuRO1kPYa0w7g91LgbT3ghXuElgISBy9MSu6+zMKd/J7IKdXUhEp1MwzhEfX3P/kY8bFG7/HQY97kE6Kh2fGr0kwikrKNL74Uh48u9GwMq25gHh8IbvXUR/weLMGSEAqfD0sZt8z0Jqlx5VkwrZxImOsCy9kKxdClzlMJNXgRjDrrNVojiqQ+Cp5XJpZ4QbstknrAPfyDFysC3ItVu2rZUjqMRzrF3HCi4kvEwfC8NvZZovsqKDaCiPCzGm4xA7H8aEJjNgRivyRiw/JZeDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MN1JKhQMOPfcg3U6OEP7EBgeX+4/RigOv0BOheFuxKw=; b=EhFknUDHvbsu1sn1yx/4pMNqKu4HCNGvDL6oHD6UffCVPfSn+2Yjz3ZaIW7qEDEjcrmld7ivM8aWnGyZf741R0bk7sTYoh7WwvpH18ZERRSO92AU/gQWjw1RLlZ+7f+eCuGjplEIrtYGbWijbsZ9X/2kweKj6UDnlLCKA5LtXQAkJafBOUJP3A6kZBOKd8XHm8XJI9QVH/uvVQr6DKi7SiA16f2bgs2ZHOGn1XvnuHFXo6lUQDMnnOwuhtKIe8NvPBZQHyNwvXxdfzWR0jzYsgtUwZu4TS5AbZT1IRdpAEc6iWl37SEkZvfdoKy280lNpMpPLf4XXQPh2+w5QEI59A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MN1JKhQMOPfcg3U6OEP7EBgeX+4/RigOv0BOheFuxKw=; b=g142DuusP0YzWzEO7nbb29zk+r7nzaw7Ihr4zCreKajAzDjQH6mBRkrLHg9MytEWvUk4Yon92O0YNouxN7HXSpD3wNpMVhuaNZ5JVrXO+dcoxQ9KcxoU7tlIyW8m3F9gntZVexNjsUZ5LG1iptS47VkuV6XL8HFSz3i7ZA/WyiA= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DB9P251MB0474.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:33d::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.23; Fri, 27 Mar 2026 21:33:46 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::a4b2:58d7:8549:4b19%4]) with mapi id 15.20.9745.023; Fri, 27 Mar 2026 21:33:45 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Fri, 27 Mar 2026 22:33:39 +0100 Message-ID: <20260327213339.90440-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.43.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV2PEPF000239DD.SWEP280.PROD.OUTLOOK.COM (2603:10a6:158:400::16a) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DB9P251MB0474:EE_ X-MS-Office365-Filtering-Correlation-Id: 19bddcb3-0991-4566-0608-08de8c48869c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|52116014|376014|366016|1800799024|38350700014|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: zhGkFPBtkmCZZLLirL1U7OpIwgMk5tc2InzkXGAg9bfY41N9ORF1uI6QcM6ri2lUZwofjPc1SiG+xExiFuH8EYVwhNBiMUzUumpQesIdRnaVQ+97pgQu4+M1ct73sJ3i6Md9/uN6W2WBgBu8CyH0q1M+PK0HxM6xdjUz9jaoGTG1MWogReqAYm6yxj1SVH/DBT+zoDyjir+2q4HiBtHeS3m+W+kfwkjQujSpyJVi6S98+E/SimRxPd5/KFZnsRF8hGObecMNzm0mF/iyXHWbgOu8MjXOL/viTIgdhoAdl6O1iIplxS5rJ6DM15XH9FaNOI5x6HcnY43fSzmTbuk4SYIbzLGl8YLbDbvpTlB3J+NiBhMMyDp7XWq6FH8/SBOr9A3Ee3EGux4tUu8RRxdQq4Mzq3ghxGtld51c3wYt2HDOsxm2CSatDw2s9OzAkbaUrjafcMAOiJpOFGkOni+c/BaJuYbWNj+EbxqSqnRaRcfFcnsFIyXEOTVfJCmPq9qwtHYMbSERQaJa7xpi5q7Fs1YKDyfdT2+uaMBGkRS8j8ULuFA2xOyPWip0c+cbV99bSrcAT9yt6mL/rQYIEmvRomOu1EXjanqgwvAGMBqZdh+wRm+pCPJm+gVyyvZAqo/MVJaISHA9op+1dqjshgUhY+FsDDBNyluh4dZZLdPxZdN/c78YR/1RkhOP8bkxbvdBemCaxPnxlJ0BwCJJOECkkBW+3dYpa0Q/CqNs7vCpMEVIOJ6QZWc5XBfHtU1k4dQjKRFlY2LPe36armImqv1Ks46KKl2gAnSlIdtBZBOPqsA= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(52116014)(376014)(366016)(1800799024)(38350700014)(56012099003)(18002099003); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?gfQBGfimxu620TbnqJjNOApign0li/Lytr9CsDxahhMX97gZZZ8MNEiQ1D/N?= =?us-ascii?Q?EryA4rcRSuWk/5TBYyP5l0BYPvlDXdqpA5JeDKVOtMtLZ0chePMwCRXcR6sw?= =?us-ascii?Q?NBGayX104cnqKgyoLui7EISyRJ5LFwEm7xMrHzrXNu+KY+7xrBWELfxUlOKc?= =?us-ascii?Q?Xe+5pLyChrLnCX52g//CP2IrplRhLgg30rUqdrYTnFnNMIikbawgvz5RKHEf?= =?us-ascii?Q?+3e599AwR/XswblxZvEBtprJRsBQF7RrqxYzwSeCVPmWOR0yoXm8Rc9R3r4X?= =?us-ascii?Q?qEzfm48rCZ5oYH9vEALgfWBMjZ7A2rdXkdtVi6hk/lj3gRlK/HOj77kGc6pd?= =?us-ascii?Q?aS0t6oEZac98SKPAkIDP74dvwkynEhZSA9d3VxVWrwVHVwoTHbuhkpYBWOBG?= =?us-ascii?Q?Y64ZHKKThxi7dX+BxeNDD8RzlfnGKrpxwKuYGg1EUG/Orfk8dYyXf56pMT7D?= =?us-ascii?Q?w4lPNm44m/OdlJZkRTYs5LyROdKS18XezV04fi0srTdwL+af2UWCtKYNSiBL?= =?us-ascii?Q?GnN50kGj1J2IIYT7exMKe2ElupRLaVrN9bfpPaRnck6uehLOAxqR/ZMrzCM0?= =?us-ascii?Q?zWkGcIfGIoi7NI4XW6QdKE99H7VwXQeoDNfbMYKhDpBtjgXO0jF8kijcsmCy?= =?us-ascii?Q?gCCyuO2Z6SSLYJNcEtlyjDNfoG28cEqDLIbdwFRhP9qeGxHcqwBEHTqiJh2O?= =?us-ascii?Q?TagLLjF8merLQmfW8KgRLf/1OOi7GPcwbqW1UpNCwxtlLHl8m7EssrBVI4qx?= =?us-ascii?Q?Yq+qhYkLBG3v3mX1rh1zllGOCphunDcPmIcdMp8yh2L1lNO1+9vaPNHEiYP7?= =?us-ascii?Q?gSSosWnM8/O3THhcjIFXUAD7npMwQVhfimEohZbtp8d+Gmg+SsDeMo+frYTt?= =?us-ascii?Q?gEwW5nsNf71f/Kmyyhh0nqbOcxnvrOt/+F3xuqG4dpSKha/wZniwT2mAvzsZ?= =?us-ascii?Q?hCEYZIh/HgTsjVPlZhKFFwVeLSDj1gxKjqs3lJm7hQ8kUpdHo5pJDJGPZLBa?= =?us-ascii?Q?Nk6U8kWKHqE/H2lo4CgFgKbZEVuKiT0yDJRlvRnSCufKx886SBUFnwvFs0Ao?= =?us-ascii?Q?ET4CoJZq/7jqD6ea/xIab4J2oIpVfUiO00Klg7E9GdpaRw2QZ1rnwubbAy2h?= =?us-ascii?Q?pBnwa5ayoio7VnynS70L5rU4RGIv864vlaPlR7jFOP3v7TXYVYd37daxmSAj?= =?us-ascii?Q?j+sAx+bP3MZARWbneNX4QXK3kNbWEGrDt5DVQ/2Zg/NGUI3LYCghtlFc+ELI?= =?us-ascii?Q?dPrC/v7PVsVmOweUjB09XcWfGx6ThDg02CWsKJBBRyBh7j0Ge+Xm8JX24bWB?= =?us-ascii?Q?uoRupzlpk8fcBkv9bat6SUAtz/HIYNashJOQfbcVVwGwKpPXpnwVdECKZ3p0?= =?us-ascii?Q?LBDv6n9T7xlwVchyy+7J92cj78PDsHgkNdkCuyldGsomZwksFmGJpDuZHjzA?= =?us-ascii?Q?BC0zYbVyBpO0MBl20dbIEh+fdOuucH+kThgI5rGtp4iNZHKi2kf028Kz+4Em?= =?us-ascii?Q?/Vi6FsoAFqSL3Mxpht9uT3eDZGSTZl7opeW1GSfcqhtQsKyeclLlnoPXrO2q?= =?us-ascii?Q?mxNmkAui5+wzVqsrpKUIisMvs5pWWhHyxNFaFCgGfyZtfkbWP8kLxcV3MiNL?= =?us-ascii?Q?D+lBZhJM+5WifAt5Tn73L1CYRSj5FmEyPM+kZn1OzeEgx7kaZOkDEYEobd+i?= =?us-ascii?Q?bVvHIVNrU9kVizsOFZpkIIXvi+WVLUUIRtghRN3OvmNyg77SqpWhHrMHzJbN?= =?us-ascii?Q?L/yYqHbxLG+BZ391W0UqqRZdozFpSVI=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: 19bddcb3-0991-4566-0608-08de8c48869c X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Mar 2026 21:33:45.8893 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TPg6wTF11L5m3GDlNmG6flgFh/vQuU9AdONU/ViP6+ehWs7IG3qw2bjyIU/LfP82L+dF1sRuh2r9yz58nGJLnaBewIkmCUbELPsS3+Hk010= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P251MB0474 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] libpng: Version bump. 1.6.55 -> 1.6.56 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Bugfixes and security. https://sourceforge.net/p/libpng/code/ci/libpng16/tree/CHANGES Plugs CVEs: CVE-2026-33416: Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE CVE-2026-33636: Out-of-bounds read/write in the palette expansion on ARM Neon. Signed-off-by: Christian Melki --- rules/libpng.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/libpng.make b/rules/libpng.make index 8cdfacf64..43ad8c8eb 100644 --- a/rules/libpng.make +++ b/rules/libpng.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_LIBPNG) += libpng # # Paths and names # -LIBPNG_VERSION := 1.6.55 -LIBPNG_MD5 := bc950b5a06ec1028285e14a127f6fb6e +LIBPNG_VERSION := 1.6.56 +LIBPNG_MD5 := e30798a97361f11390a624b5b48c1c74 LIBPNG := libpng-$(LIBPNG_VERSION) LIBPNG_SUFFIX := tar.xz LIBPNG_URL := $(call ptx/mirror, SF, libpng/$(LIBPNG).$(LIBPNG_SUFFIX)) -- 2.43.0