Christian Hesse pushed to branch main at Arch Linux / Packaging / Packages /
libpng
Commits:
9426bad8 by Christian Hesse at 2026-01-13T08:00:16+01:00
upgpkg: 1.6.53-2: cherry-pick vulnerability fixes
- - - - -
2 changed files:
- .SRCINFO
- PKGBUILD
Changes:
=====================================
.SRCINFO
=====================================
@@ -1,7 +1,7 @@
pkgbase = libpng
pkgdesc = A collection of routines used to create PNG format graphics
files
pkgver = 1.6.53
- pkgrel = 1
+ pkgrel = 2
url = http://www.libpng.org/pub/png/libpng.html
arch = x86_64
license = libpng-2.0
=====================================
PKGBUILD
=====================================
@@ -6,7 +6,7 @@
pkgname=libpng
pkgver=1.6.53
-pkgrel=1
+pkgrel=2
pkgdesc='A collection of routines used to create PNG format graphics files'
arch=('x86_64')
url='http://www.libpng.org/pub/png/libpng.html'
@@ -23,6 +23,14 @@ validpgpkeys=('F57A55036A4D45837074FD92C9E384533403C2F8' #
Cosmin Truta <ctruta
prepare() {
cd $pkgname
+ # fix: Use `png_voidp` instead of `voidp` in pngread.c and pngwrite.c
+ # Fix a heap buffer over-read in `png_image_read_direct_scaled`
+ # fix: Remove incorrect truncation casts from `png_write_image_*`
+ git cherry-pick -n \
+ 0e894374dd7ee53039c6d84bd538dd7f16fc4cbe \
+ e4f7ad4ea2a471776c81dda4846b7691925d9786 \
+ cf155de014fc6c5cb199dd681dd5c8fb70429072
+
autoreconf -fiv
}
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/libpng/-/commit/9426bad897fa49824dbacfbc05bde200373f1ac3
--
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/libpng/-/commit/9426bad897fa49824dbacfbc05bde200373f1ac3
You're receiving this email because of your account on gitlab.archlinux.org.
