{"id":2221436,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2221436/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260409131639.278687-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.2/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260409131639.278687-1-bernd@kuhls.net>","list_archive_url":null,"date":"2026-04-09T13:16:39","name":"[1/1] package/libpng: security bump to version 1.6.57","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"cf97a9d27527aaa09c031e224d54c1980ea8e95f","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/1.2/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260409131639.278687-1-bernd@kuhls.net/mbox/","series":[{"id":499295,"url":"http://patchwork.ozlabs.org/api/1.2/series/499295/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=499295","date":"2026-04-09T13:16:39","name":"[1/1] package/libpng: security bump to version 1.6.57","version":1,"mbox":"http://patchwork.ozlabs.org/series/499295/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2221436/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2221436/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=k/TbuXiP;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fs0nx4fBBz1yCv\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 09 Apr 2026 23:16:52 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id F181B40DB8;\n\tThu,  9 Apr 2026 13:16:48 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id buiF4iqssXcp; Thu,  9 Apr 2026 13:16:46 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 4942241030;\n\tThu,  9 Apr 2026 13:16:46 +0000 (UTC)","from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists1.osuosl.org (Postfix) with ESMTP id E4899237\n for <buildroot@buildroot.org>; Thu,  9 Apr 2026 13:16:44 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id C948040340\n for <buildroot@buildroot.org>; Thu,  9 Apr 2026 13:16:44 +0000 (UTC)","from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id juOfHzuUQIXA for <buildroot@buildroot.org>;\n Thu,  9 Apr 2026 13:16:43 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp2.osuosl.org (Postfix) with ESMTPS id 16A9D400F6\n for <buildroot@buildroot.org>; Thu,  9 Apr 2026 13:16:42 +0000 (UTC)","from fli4l.lan.fli4l (p4fd6ca66.dip0.t-ipconnect.de\n [79.214.202.102])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id BFCB4A4C00FD\n for <buildroot@buildroot.org>; Thu,  9 Apr 2026 15:16:39 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:38546)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from <bernd@kuhls.net>) id 1wApFP-000000002Dm-2wkI\n for buildroot@buildroot.org; Thu, 09 Apr 2026 13:16:39 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4942241030","OpenDKIM Filter v2.11.0 smtp2.osuosl.org 16A9D400F6"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1775740606;\n\tbh=ScdQP+Fgee0p/yhRNLCHop9omJ6nQYQw+cfUpkgqhDw=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=k/TbuXiPXfN5GGOqiSW1rPufcyQ2K8KkSepB2zHkD6YE7i327MNnsuaq/KCuL1X7C\n\t KoPXGcLfDlcM+hl2vCCQ+3Di/UORf8FgE3HBmsPXjIS+vtKeIWT1kSG25wj8qbhrab\n\t y31391YD1mlTu+3TNtJ+JIFMidUxu8keUZc5jwFPOLvl+rPOkxNYaL1Hcudkr7UUAe\n\t ER7hf9lSJ8Q03aX0zLMUndg0kRNZ5CDl322GHpKwYFOACfIZeBk5XJquF2xF9dmNNE\n\t e00F8m2svaRaXbcFDuZv2hd8L484uxxPjKOKR161KUA/qfQxATabk9bRhKw5qJ3Suu\n\t m1s2BA5h8/H+Q==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp2.osuosl.org 16A9D400F6","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Date":"Thu,  9 Apr 2026 15:16:39 +0200","Message-ID":"<20260409131639.278687-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"/","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1775740599;\n bh=yJhKy8bjC465O0DWL3pP875uKmQusF3rXYSRBiXjIE4=;\n h=From:To:Subject:Date:From;\n b=NmKBq0nlvmRoMeG9AIDUxc3nAyDLPVG1gjIW13CMvgG+0EQphxxCVpMmV5ZMOdE2R\n 0EAQL4Vx2xyI7jw6M4wNKlqFN8XEaiqFttYMLowbLX4XNTb/dJO7l7k/A9wwoKZEEl\n Nq4mM4hxz5rQ104cxyECI0Z221Jfs+W9foOa18iZas1IZvvX35h5w4dEgwu94Tvs21\n t6uFBW8bRbsdQSrY6G/YfRxt4VKuVmBB60QvZROe+nCYH11+EvDuCLGNitIkr//pwa\n iX7i74R6SJl245XQBkc1139TN7yvaPTstFBXRjw8b18cfHruUsvZAo0sducH3FsDJW\n DkjWQdZxfrqfQ==","X-Mailman-Original-Authentication-Results":["smtp2.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp2.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=kuhls.net header.i=@kuhls.net header.a=rsa-sha256\n header.s=kas202511301023 header.b=NmKBq0nl"],"Subject":"[Buildroot] [PATCH 1/1] package/libpng: security bump to version\n 1.6.57","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://github.com/pnggroup/libpng/blob/v1.6.57/ANNOUNCE\n\nFixes CVE-2026-34757:\nhttps://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n package/libpng/libpng.hash | 6 +++---\n package/libpng/libpng.mk   | 2 +-\n 2 files changed, 4 insertions(+), 4 deletions(-)","diff":"diff --git a/package/libpng/libpng.hash b/package/libpng/libpng.hash\nindex ae28eee087..977f8fcca4 100644\n--- a/package/libpng/libpng.hash\n+++ b/package/libpng/libpng.hash\n@@ -1,5 +1,5 @@\n-# From https://sourceforge.net/projects/libpng/files/libpng16/1.6.56/\n-sha1  71eb3636e60b6ea66f2f670cdf1f7160b7a1fa8b  libpng-1.6.56.tar.xz\n+# From https://sourceforge.net/projects/libpng/files/libpng16/1.6.57/\n+sha1  866fb81e3355088bb885bb4ded39093ef80eb686  libpng-1.6.57.tar.xz\n # Locally computed:\n-sha256  f7d8bf1601b7804f583a254ab343a6549ca6cf27d255c302c47af2d9d36a6f18  libpng-1.6.56.tar.xz\n+sha256  d10c20d7171569804cae8dfc13ba6dcd0662c41ed39d43d4d429314aafb10a80  libpng-1.6.57.tar.xz\n sha256  bdb0a645ea18c60507d0368379b1ac5474b92255fcc2d115e07486a7672ba526  LICENSE\ndiff --git a/package/libpng/libpng.mk b/package/libpng/libpng.mk\nindex 7c5bc35a77..0081406300 100644\n--- a/package/libpng/libpng.mk\n+++ b/package/libpng/libpng.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-LIBPNG_VERSION = 1.6.56\n+LIBPNG_VERSION = 1.6.57\n LIBPNG_SERIES = 16\n LIBPNG_SOURCE = libpng-$(LIBPNG_VERSION).tar.xz\n LIBPNG_SITE = https://downloads.sourceforge.net/project/libpng/libpng$(LIBPNG_SERIES)/$(LIBPNG_VERSION)\n","prefixes":["1/1"]}