Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libpng16 for openSUSE:Factory checked in at 2026-03-28 20:12:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libpng16 (Old) and /work/SRC/openSUSE:Factory/.libpng16.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libpng16" Sat Mar 28 20:12:22 2026 rev:64 rq:1343165 version:1.6.56 Changes: -------- --- /work/SRC/openSUSE:Factory/libpng16/libpng16.changes 2026-02-12 17:25:43.639116873 +0100 +++ /work/SRC/openSUSE:Factory/.libpng16.new.8177/libpng16.changes 2026-03-28 20:12:33.463458332 +0100 @@ -1,0 +2,35 @@ +Fri Mar 27 11:03:04 UTC 2026 - Petr Gajdos <[email protected]> + +- verson update to 1.6.56: + * Fixed CVE-2026-33416 (high severity): + * Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`. + (Reported by Halil Oktay and Ryo Shimada; + fixed by Halil Oktay and Cosmin Truta.) + * Fixed CVE-2026-33636 (high severity): + * Out-of-bounds read/write in the palette expansion on ARM Neon. + (Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.) + * Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers. + (Contributed by Halil Oktay.) + * Fixed stale `info_ptr->palette` after in-place gamma and background + transforms. + * Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path. + (Contributed by Yuelin Wang.) + * Fixed wrong background color in colormap read. + (Contributed by Yuelin Wang.) + * Fixed dead loop in sPLT write. + (Contributed by Yuelin Wang.) + * Added missing null pointer checks in four public API functions. + (Contributed by Yuelin Wang.) + * Validated shift bit depths in `png_set_shift` to prevent infinite loop. + (Contributed by Yuelin Wang.) + * Avoided undefined behavior in library and tests. + * Deprecated the hardly-ever-tested POINTER_INDEXING config option. + * Added negative-stride test coverage for the simplified API. + * Fixed memory leaks and API misuse in oss-fuzz. + (Contributed by Owen Sanzas.) + * Implemented various fixes and improvements in oss-fuzz. + (Contributed by Bob Friesenhahn and Philippe Antoine.) + * Performed various refactorings and cleanups. +- fixes (bsc#1260754) and (bsc#1260755) + +------------------------------------------------------------------- Old: ---- libpng-1.6.55.tar.gz New: ---- libpng-1.6.56.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libpng16.spec ++++++ --- /var/tmp/diff_new_pack.jnbiiN/_old 2026-03-28 20:12:34.003480619 +0100 +++ /var/tmp/diff_new_pack.jnbiiN/_new 2026-03-28 20:12:34.003480619 +0100 @@ -1,8 +1,7 @@ # # spec file for package libpng16 # -# Copyright (c) 2026 SUSE LLC -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +20,7 @@ %define asan_build 0 %define major 1 %define minor 6 -%define micro 55 +%define micro 56 %define branch %{major}%{minor} %define libname libpng%{branch}-%{branch} %define debug_package_requires %{libname} = %{version}-%{release} ++++++ libpng-1.6.55.tar.gz -> libpng-1.6.56.tar.gz ++++++ ++++ 9296 lines of diff (skipped)
