From: Peter Marko <peter.marko@siemens.com>
Date: Tue, 17 Feb 2026 21:05:15 +0000 (+0100)
Subject: libpng: upgrade 1.6.54 -> 1.6.55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc0075350e2a7c1d99b257877280bdad2c772fa6;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

libpng: upgrade 1.6.54 -> 1.6.55

Release notes [1]:
* Fixed CVE-2026-25646 (high severity):
  Heap buffer overflow in `png_set_quantize`.
  (Reported and fixed by Joshua Inscoe.)
* Resolved an oss-fuzz build issue involving nalloc.
  (Contributed by Philippe Antoine.)

[1] https://github.com/pnggroup/libpng/blob/v1.6.55/ANNOUNCE

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.54.bb b/meta/recipes-multimedia/libpng/libpng_1.6.55.bb
similarity index 97%
rename from meta/recipes-multimedia/libpng/libpng_1.6.54.bb
rename to meta/recipes-multimedia/libpng/libpng_1.6.55.bb
index b017be513b2..c6e95e07237 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.54.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.55.bb
@@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \
            file://run-ptest \
 "
 
-SRC_URI[sha256sum] = "01c9d8a303c941ec2c511c14312a3b1d36cedb41e2f5168ccdaa85d53b887805"
+SRC_URI[sha256sum] = "d925722864837ad5ae2a82070d4b2e0603dc72af44bd457c3962298258b8e82d"
 
 MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/"