pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/graphics/png

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sat Nov 22 07:06:11 UTC 2025

Modified Files:
        pkgsrc/graphics/png: Makefile distinfo

Log Message:
png: update to 1.6.51.

Version 1.6.51 [November 21, 2025]
  Fixed CVE-2025-64505 (moderate severity):
    Heap buffer overflow in `png_do_quantize` via malformed palette index.
    (Reported by Samsung; analyzed by Fabio Gritti.)
  Fixed CVE-2025-64506 (moderate severity):
    Heap buffer over-read in `png_write_image_8bit` with 8-bit input and
    `convert_to_8bit` enabled.
    (Reported by Samsung and <weijinjinnihao%users.noreply.github.com@localhost>;
    analyzed by Fabio Gritti.)
  Fixed CVE-2025-64720 (high severity):
    Buffer overflow in `png_image_read_composite` via incorrect palette
    premultiplication.
    (Reported by Samsung; analyzed by John Bowler.)
  Fixed CVE-2025-65018 (high severity):
    Heap buffer overflow in `png_combine_row` triggered via
    `png_image_finish_read`.
    (Reported by <yosiimich%users.noreply.github.com@localhost>.)
  Fixed a memory leak in `png_set_quantize`.
    (Reported by Samsung; analyzed by Fabio Gritti.)
  Removed the experimental and incomplete ERROR_NUMBERS code.
    (Contributed by Tobias Stoeckmann.)
  Improved the RISC-V vector extension support; required RVV 1.0 or newer.
    (Contributed by Filip Wasil.)
  Added GitHub Actions workflows for automated testing.
  Performed various refactorings and cleanups.


To generate a diff of this commit:
cvs rdiff -u -r1.214 -r1.215 pkgsrc/graphics/png/Makefile
cvs rdiff -u -r1.159 -r1.160 pkgsrc/graphics/png/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: pkgsrc/graphics/png/Makefile
diff -u pkgsrc/graphics/png/Makefile:1.214 pkgsrc/graphics/png/Makefile:1.215
--- pkgsrc/graphics/png/Makefile:1.214  Thu Jul  3 13:15:49 2025
+++ pkgsrc/graphics/png/Makefile        Sat Nov 22 07:06:11 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.214 2025/07/03 13:15:49 wiz Exp $
+# $NetBSD: Makefile,v 1.215 2025/11/22 07:06:11 wiz Exp $
 
-DISTNAME=      libpng-1.6.50
+DISTNAME=      libpng-1.6.51
 PKGNAME=       ${DISTNAME:S/lib//}
 CATEGORIES=    graphics
 MASTER_SITES+= ${MASTER_SITE_SOURCEFORGE:=libpng/}

Index: pkgsrc/graphics/png/distinfo
diff -u pkgsrc/graphics/png/distinfo:1.159 pkgsrc/graphics/png/distinfo:1.160
--- pkgsrc/graphics/png/distinfo:1.159  Thu Jul  3 13:15:49 2025
+++ pkgsrc/graphics/png/distinfo        Sat Nov 22 07:06:11 2025
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.159 2025/07/03 13:15:49 wiz Exp $
+$NetBSD: distinfo,v 1.160 2025/11/22 07:06:11 wiz Exp $
 
 BLAKE2s (apng-20250220.patch) = 456a8fcead8bb3fd29936de9a6288bef6769026ff2c955371db0c2098548d68b
 SHA512 (apng-20250220.patch) = 120ac618b60d5e1ff2406d241e4ddc2c1893978653adcf462ce394ce3b6b2e5847545e04b0fcb20aab563a1546017ce622d1d2dd14f89d1d594130d626f1e6eb
 Size (apng-20250220.patch) = 49281 bytes
-BLAKE2s (libpng-1.6.50.tar.xz) = bebe99204ef8ba7b90b8f9961c0a788ffaa11a8ff3344afd9d2de85ab700cfed
-SHA512 (libpng-1.6.50.tar.xz) = 05adc94ef532bbddaae46e087088a23236e6528fd3fc705c8edfb5ff293983b790d4361d6b20c20df73632a9fbe55d2f394296385cd8efd646f58393ff21257d
-Size (libpng-1.6.50.tar.xz) = 1060992 bytes
+BLAKE2s (libpng-1.6.51.tar.xz) = 2b2543cdf303625b2901be987f0b6d07de849af3b9ecca3a0b14a3e35b5d21b8
+SHA512 (libpng-1.6.51.tar.xz) = c723406f050f99783b2576e7e2c84774630a7f46bb8ea82bf4932f82bbb4899f47cb1b19ff9020245a474a0b2fee82c55ac1c58db43e3888ad5cc3a1767e7433
+Size (libpng-1.6.51.tar.xz) = 1060772 bytes
 SHA1 (patch-libpng-config.in) = 04f8d6af31114017ce9d1280e62f1768c35c289d
 SHA1 (patch-pngpriv.h) = 16f80df18a2f58eec784e2d821e8bb93c3e81747
Home | Main Index | Thread Index | Old Index