From 502d717054106969d49fb16f4480df64c5ab37b7 Mon Sep 17 00:00:00 2001 From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com> Date: Tue, 14 Apr 2026 20:25:05 +0530 Subject: [PATCH] Upgrade `libpng` to 1.6.57 for CVE-2026-34757 (#16596) Co-authored-by: CBL-Mariner Servicing Account (cherry picked from commit c52de494da35b91af79d5e261d8d601a6d320b31) --- SPECS/libpng/libpng.signatures.json | 2 +- SPECS/libpng/libpng.spec | 5 ++++- cgmanifest.json | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/SPECS/libpng/libpng.signatures.json b/SPECS/libpng/libpng.signatures.json index 3d3b9474997..52b1000f829 100644 --- a/SPECS/libpng/libpng.signatures.json +++ b/SPECS/libpng/libpng.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libpng-1.6.56.tar.xz": "f7d8bf1601b7804f583a254ab343a6549ca6cf27d255c302c47af2d9d36a6f18" + "libpng-1.6.57.tar.xz": "d10c20d7171569804cae8dfc13ba6dcd0662c41ed39d43d4d429314aafb10a80" } } diff --git a/SPECS/libpng/libpng.spec b/SPECS/libpng/libpng.spec index 2bbf3177c61..85eda53239e 100644 --- a/SPECS/libpng/libpng.spec +++ b/SPECS/libpng/libpng.spec @@ -1,6 +1,6 @@ Summary: contains libraries for reading and writing PNG files. Name: libpng -Version: 1.6.56 +Version: 1.6.57 Release: 1%{?dist} License: zlib Vendor: Microsoft Corporation @@ -57,6 +57,9 @@ make %{?_smp_mflags} -k check %{_mandir}/man3/* %changelog +* Sat Apr 11 2026 CBL-Mariner Servicing Account - 1.6.57-1 +- Auto-upgrade to 1.6.57 - for CVE-2026-34757 + * Sat Mar 28 2026 CBL-Mariner Servicing Account - 1.6.56-1 - Auto-upgrade to 1.6.56 - for CVE-2026-33636, CVE-2026-33416 diff --git a/cgmanifest.json b/cgmanifest.json index f1cc4d52c7c..e067ec3977e 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10901,8 +10901,8 @@ "type": "other", "other": { "name": "libpng", - "version": "1.6.56", - "downloadUrl": "https://downloads.sourceforge.net/libpng/libpng-1.6.56.tar.xz" + "version": "1.6.57", + "downloadUrl": "https://downloads.sourceforge.net/libpng/libpng-1.6.57.tar.xz" } } },