From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Zhang Peng <peng.zhang1.cn@windriver.com>,
Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>,
Richard Purdie <richard.purdie@linuxfoundation.org>,
Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][whinlatter][PATCH v2 19/29] libpng: upgrade 1.6.50 -> 1.6.51
Date: Fri, 19 Dec 2025 08:51:58 +0530 [thread overview]
Message-ID: <20251219032209.960840-20-ankur.tyagi85@gmail.com> (raw)
In-Reply-To: <20251219032209.960840-1-ankur.tyagi85@gmail.com>
From: Zhang Peng <peng.zhang1.cn@windriver.com>
Changes from version 1.6.50 to version 1.6.51
- Fixed CVE-2025-64505 (moderate severity): Heap buffer overflow in `png_do_quantize`
via malformed palette index. (Reported by Samsung; analyzed by Fabio Gritti.)
- Fixed CVE-2025-64506 (moderate severity): Heap buffer over-read in `png_write_image_8bit`
with 8-bit input and `convert_to_8bit` enabled.
(Reported by Samsung and weijinjinnihao@users.noreply.github.com; analyzed by Fabio Gritti.)
- Fixed CVE-2025-64720 (high severity): Buffer overflow in `png_image_read_composite` via
incorrect palette premultiplication. (Reported by Samsung; analyzed by John Bowler.)
- Fixed CVE-2025-65018 (high severity): Heap buffer overflow in `png_combine_row` triggered
via `png_image_finish_read`. (Reported by yosiimich@users.noreply.github.com.)
- Fixed a memory leak in `png_set_quantize`. (Reported by Samsung; analyzed by Fabio Gritti.)
- Removed the experimental and incomplete ERROR_NUMBERS code. (Contributed by Tobias Stoeckmann.)
- Improved the RISC-V vector extension support; required RVV 1.0 or newer. (Contributed by Filip Wasil.)
- Added GitHub Actions workflows for automated testing.
- Performed various refactorings and cleanups.
Ptest successfully passed:
============================================================================
Testsuite summary for libpng 1.6.51
============================================================================
# TOTAL: 32
# PASS: 32
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df0121211dca11df8a495d23ff5ac6d3d820a0a6)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
.../libpng/{libpng_1.6.50.bb => libpng_1.6.51.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-multimedia/libpng/{libpng_1.6.50.bb => libpng_1.6.51.bb} (97%)
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.50.bb b/meta/recipes-multimedia/libpng/libpng_1.6.51.bb
similarity index 97%
rename from meta/recipes-multimedia/libpng/libpng_1.6.50.bb
rename to meta/recipes-multimedia/libpng/libpng_1.6.51.bb
index aa2dc99f10..e499f61ff4 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.50.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.51.bb
@@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
file://run-ptest \
"
-SRC_URI[sha256sum] = "4df396518620a7aa3651443e87d1b2862e4e88cad135a8b93423e01706232307"
+SRC_URI[sha256sum] = "a050a892d3b4a7bb010c3a95c7301e49656d72a64f1fc709a90b8aded192bed2"
MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/"
next prev parent reply other threads:[~2025-12-19 3:23 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-19 3:21 [OE-core][whinlatter][PATCH v2 00/29] Updates for Whinlatter ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 01/29] libxmlb: upgrade 0.3.23 -> 0.3.24 ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 02/29] libarchive: upgrade 3.8.2 -> 3.8.3 ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 03/29] glib-2.0: Upgrade 2.86.0 -> 2.86.1 ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 04/29] ell: upgrade 0.79 -> 0.80 ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 05/29] spirv-llvm-translator: Upgrade to 21.1.2 ankur.tyagi85
2025-12-29 17:32 ` Steve Sakoman
2025-12-29 17:49 ` Khem Raj
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 06/29] gst-devtools: upgrade 1.26.5 -> 1.26.7 ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 07/29] gst-examples: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 08/29] gstreamer1.0-libav: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 09/29] gstreamer1.0-plugins-bad: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 10/29] gstreamer1.0-plugins-base: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 11/29] gstreamer1.0-plugins-good: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 12/29] gstreamer1.0-plugins-ugly: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 13/29] gstreamer1.0-python: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 14/29] gstreamer1.0-rtsp-server: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 15/29] gstreamer1.0: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 16/29] gstreamer1.0-vaapi: " ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 17/29] go: upgrade 1.25.4 -> 1.25.5 ankur.tyagi85
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 18/29] enchant2: upgrade 2.8.12 -> 2.8.14 ankur.tyagi85
2025-12-19 3:21 ` ankur.tyagi85 [this message]
2025-12-19 3:21 ` [OE-core][whinlatter][PATCH v2 20/29] llvm/clang: Upgrade to 21.1.6 release ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 21/29] llvm/clang: Upgrade to 21.1.7 release ankur.tyagi85
2025-12-29 20:34 ` Steve Sakoman
2025-12-29 20:41 ` Khem Raj
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 22/29] mesa: upgrade 25.2.5 -> 25.2.8 ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 23/29] e2fsprogs: misc/create_inode.c: Fix for file larger than 2GB ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 24/29] ccache: upgrade 4.12 -> 4.12.1 ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 25/29] ccache: 4.12.1 -> 4.12.2 ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 26/29] gnutls: patch CVE-2025-9820 ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 27/29] cups: upgrade from 2.4.14 to 2.4.15 ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 28/29] sqlite3: patch CVE-2025-3277 ankur.tyagi85
2025-12-19 3:22 ` [OE-core][whinlatter][PATCH v2 29/29] sqlite3: patch CVE-2025-6965 ankur.tyagi85
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251219032209.960840-20-ankur.tyagi85@gmail.com \
--to=ankur.tyagi85@gmail.com \
--cc=mathieu.dubois-briand@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=peng.zhang1.cn@windriver.com \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox