Christian Hesse pushed to branch main at Arch Linux / Packaging / Packages /
lib32-libpng
Commits:
dd0b815c by Christian Hesse at 2026-01-13T08:01:10+01:00
upgpkg: 1.6.53-2: cherry-pick vulnerability fixes
- - - - -
2 changed files:
- .SRCINFO
- PKGBUILD
Changes:
=====================================
.SRCINFO
=====================================
@@ -1,7 +1,7 @@
pkgbase = lib32-libpng
pkgdesc = A collection of routines used to create PNG format graphics
files (32-bit)
pkgver = 1.6.53
- pkgrel = 1
+ pkgrel = 2
url = http://www.libpng.org/pub/png/libpng.html
arch = x86_64
license = libpng-2.0
=====================================
PKGBUILD
=====================================
@@ -8,7 +8,7 @@ _pkgbasename=libpng
pkgname=lib32-$_pkgbasename
pkgver=1.6.53
_libversion=16
-pkgrel=1
+pkgrel=2
pkgdesc='A collection of routines used to create PNG format graphics files
(32-bit)'
arch=('x86_64')
url='http://www.libpng.org/pub/png/libpng.html'
@@ -23,6 +23,15 @@ validpgpkeys=('F57A55036A4D45837074FD92C9E384533403C2F8' #
Cosmin Truta <ctruta
prepare() {
cd libpng
+
+ # fix: Use `png_voidp` instead of `voidp` in pngread.c and pngwrite.c
+ # Fix a heap buffer over-read in `png_image_read_direct_scaled`
+ # fix: Remove incorrect truncation casts from `png_write_image_*`
+ git cherry-pick -n \
+ 0e894374dd7ee53039c6d84bd538dd7f16fc4cbe \
+ e4f7ad4ea2a471776c81dda4846b7691925d9786 \
+ cf155de014fc6c5cb199dd681dd5c8fb70429072
+
autoreconf -fiv
}
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/lib32-libpng/-/commit/dd0b815cf18d6dae0db2e3d7087fd7645e168203
--
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/lib32-libpng/-/commit/dd0b815cf18d6dae0db2e3d7087fd7645e168203
You're receiving this email because of your account on gitlab.archlinux.org.
