Date: Sun, 07 Dec 2025 12:37:22 +0000 From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: b6cf7cefbe98 - 2025Q4 - graphics/png: security update to 1.6.52 Message-ID: <69357502.21ac3.659f4551@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch 2025Q4 has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=b6cf7cefbe981400d989aa5f0d000e3b49f8ce50 commit b6cf7cefbe981400d989aa5f0d000e3b49f8ce50 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2025-12-05 20:15:37 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2025-12-07 12:15:28 +0000 graphics/png: security update to 1.6.52 Note this isn't the offered patch from the PR, but one that instead puts the APNG patch version into a variable. Reported by: FiLiS Approved by: desktop@ (vishwin) PR: 291266 MFH: 2025Q4 (after a few days) png -- Multiple vulnerabilities Security: CVE-2025-64505 Security: CVE-2025-64506 Security: CVE-2025-64720 Security: CVE-2025-65018 Security: 4b297f5a-cbad-11f0-ac9f-b42e991fc52e png -- Out-of-bounds read Security: CVE-2025-66293 Security: f323f148-d181-11f0-841f-843a4b343614 (cherry picked from commit f1bbe43c186c567cd96c0a5c6fd0c1a159accaf9) --- graphics/png/Makefile | 7 ++++--- graphics/png/distinfo | 10 +++++----- graphics/png/pkg-plist | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/graphics/png/Makefile b/graphics/png/Makefile index 2c4b4ff9f2ad..cdeb4c557d12 100644 --- a/graphics/png/Makefile +++ b/graphics/png/Makefile @@ -1,8 +1,9 @@ PORTNAME= png -DISTVERSION= 1.6.50 +DISTVERSION= 1.6.52 CATEGORIES= graphics MASTER_SITES= SF/lib${PORTNAME}/lib${PORTNAME}16/${DISTVERSION}/ -PATCH_SITES= SF/lib${PORTNAME}-apng/lib${PORTNAME}16/${DISTVERSION}/ +PATCH_SITES= SF/lib${PORTNAME}-apng/lib${PORTNAME}16/${_PATCH_VERSION}/ +_PATCH_VERSION= 1.6.51 # Keep this because you normally need to keep patch version in sync with release DISTNAME= lib${PORTNAME}-${DISTVERSION} @@ -50,7 +51,7 @@ CFLAGS+= -maltivec -mvsx .if ${PORT_OPTIONS:MAPNG} || make(makesum) #PATCHFILES= ${DISTNAME}-apng.patch.gz:-p1 # Keep this because you normally need to keep patch version in sync with release -PATCHFILES= lib${PORTNAME}-${DISTVERSION}-apng.patch.gz:-p1 +PATCHFILES= lib${PORTNAME}-${_PATCH_VERSION}-apng.patch.gz:-p1 .endif .include <bsd.port.mk> diff --git a/graphics/png/distinfo b/graphics/png/distinfo index 1cf3f8ff069e..8a2e9325d6bc 100644 --- a/graphics/png/distinfo +++ b/graphics/png/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1757049264 -SHA256 (libpng-1.6.50.tar.xz) = 4df396518620a7aa3651443e87d1b2862e4e88cad135a8b93423e01706232307 -SIZE (libpng-1.6.50.tar.xz) = 1060992 -SHA256 (libpng-1.6.50-apng.patch.gz) = 687ddc0c7cb128a3ea58e159b5129252537c27ede0c32a93f11f03127f0c0165 -SIZE (libpng-1.6.50-apng.patch.gz) = 10705 +TIMESTAMP = 1764965517 +SHA256 (libpng-1.6.52.tar.xz) = 36bd726228ec93a3b6c22fdb49e94a67b16f2fe9b39b78b7cb65772966661ccc +SIZE (libpng-1.6.52.tar.xz) = 1063580 +SHA256 (libpng-1.6.51-apng.patch.gz) = 9c16ec5654be709f062a705d0c6f529193f1c2123fe7f102fda6733913689023 +SIZE (libpng-1.6.51-apng.patch.gz) = 10686 diff --git a/graphics/png/pkg-plist b/graphics/png/pkg-plist index cfca0872f7ae..8087b4b7bf39 100644 --- a/graphics/png/pkg-plist +++ b/graphics/png/pkg-plist @@ -19,7 +19,7 @@ lib/libpng/libpng16.cmake lib/libpng16.a lib/libpng16.so lib/libpng16.so.16 -lib/libpng16.so.16.50.0 +lib/libpng16.so.16.52.0 libdata/pkgconfig/libpng.pc libdata/pkgconfig/libpng16.pc share/man/man3/libpng.3.gzhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69357502.21ac3.659f4551>