git: f1bbe43c186c - main - graphics/png: security update to 1.6.52

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Matthias Andree <mandree_at_FreeBSD.org>
Date: Fri, 05 Dec 2025 20:18:17 UTC
The branch main has been updated by mandree:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f1bbe43c186c567cd96c0a5c6fd0c1a159accaf9

commit f1bbe43c186c567cd96c0a5c6fd0c1a159accaf9
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-12-05 20:15:37 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-12-05 20:18:14 +0000

    graphics/png: security update to 1.6.52
    
    Note this isn't the offered patch from the PR, but one that
    instead puts the APNG patch version into a variable.
    
    Reported by:    FiLiS
    Approved by:    desktop@ (vishwin)
    PR:             291266
    MFH:            2025Q4 (after a few days)
    
    png -- Multiple vulnerabilities
    Security:       CVE-2025-64505
    Security:       CVE-2025-64506
    Security:       CVE-2025-64720
    Security:       CVE-2025-65018
    Security:       4b297f5a-cbad-11f0-ac9f-b42e991fc52e
    
    png -- Out-of-bounds read
    Security:       CVE-2025-66293
    Security:       f323f148-d181-11f0-841f-843a4b343614
---
 graphics/png/Makefile  |  7 ++++---
 graphics/png/distinfo  | 10 +++++-----
 graphics/png/pkg-plist |  2 +-
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index 2c4b4ff9f2ad..cdeb4c557d12 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,8 +1,9 @@
 PORTNAME=	png
-DISTVERSION=	1.6.50
+DISTVERSION=	1.6.52
 CATEGORIES=	graphics
 MASTER_SITES=	SF/lib${PORTNAME}/lib${PORTNAME}16/${DISTVERSION}/
-PATCH_SITES=	SF/lib${PORTNAME}-apng/lib${PORTNAME}16/${DISTVERSION}/
+PATCH_SITES=	SF/lib${PORTNAME}-apng/lib${PORTNAME}16/${_PATCH_VERSION}/
+_PATCH_VERSION=	1.6.51
 # Keep this because you normally need to keep patch version in sync with release 
 DISTNAME=	lib${PORTNAME}-${DISTVERSION}
 
@@ -50,7 +51,7 @@ CFLAGS+=	-maltivec -mvsx
 .if ${PORT_OPTIONS:MAPNG} || make(makesum)
 #PATCHFILES=	${DISTNAME}-apng.patch.gz:-p1
 # Keep this because you normally need to keep patch version in sync with release
-PATCHFILES=	lib${PORTNAME}-${DISTVERSION}-apng.patch.gz:-p1
+PATCHFILES=	lib${PORTNAME}-${_PATCH_VERSION}-apng.patch.gz:-p1
 .endif
 
 .include <bsd.port.mk>
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index 1cf3f8ff069e..8a2e9325d6bc 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1757049264
-SHA256 (libpng-1.6.50.tar.xz) = 4df396518620a7aa3651443e87d1b2862e4e88cad135a8b93423e01706232307
-SIZE (libpng-1.6.50.tar.xz) = 1060992
-SHA256 (libpng-1.6.50-apng.patch.gz) = 687ddc0c7cb128a3ea58e159b5129252537c27ede0c32a93f11f03127f0c0165
-SIZE (libpng-1.6.50-apng.patch.gz) = 10705
+TIMESTAMP = 1764965517
+SHA256 (libpng-1.6.52.tar.xz) = 36bd726228ec93a3b6c22fdb49e94a67b16f2fe9b39b78b7cb65772966661ccc
+SIZE (libpng-1.6.52.tar.xz) = 1063580
+SHA256 (libpng-1.6.51-apng.patch.gz) = 9c16ec5654be709f062a705d0c6f529193f1c2123fe7f102fda6733913689023
+SIZE (libpng-1.6.51-apng.patch.gz) = 10686
diff --git a/graphics/png/pkg-plist b/graphics/png/pkg-plist
index cfca0872f7ae..8087b4b7bf39 100644
--- a/graphics/png/pkg-plist
+++ b/graphics/png/pkg-plist
@@ -19,7 +19,7 @@ lib/libpng/libpng16.cmake
 lib/libpng16.a
 lib/libpng16.so
 lib/libpng16.so.16
-lib/libpng16.so.16.50.0
+lib/libpng16.so.16.52.0
 libdata/pkgconfig/libpng.pc
 libdata/pkgconfig/libpng16.pc
 share/man/man3/libpng.3.gz