Merge tag 'v1.6.55' into branch 'libpng18' into develop

Author: ctruta

.markdownlint.yml

@@ -0,0 +1,25 @@
+# Markdownlint configuration
+# See https://github.com/markdownlint/markdownlint/blob/main/docs/RULES.md
+
+# MD004
+ul-style:
+  style: sublist
+
+# MD007
+ul-indent:
+  start_indented: true
+  start_indent: 1
+  indent: 3
+
+# MD012
+no-multiple-blanks:
+  maximum: 2
+
+# MD024
+no-duplicate-heading: false
+
+# MD025
+single-title: false
+
+# MD028
+no-blanks-blockquote: false

AUTHORS.md

@@ -18,6 +18,7 @@ Authors, for copyright and licensing purposes.
  * Guy Eric Schalnat
  * James Yu
  * John Bowler
+ * Joshua Inscoe
  * Kevin Bracey
  * Lucas Chollet
  * Maarten Bent

CHANGES

@@ -5988,7 +5988,7 @@ Version 1.6.32rc01 [August 18, 2017]
 
 Version 1.6.32rc02 [August 22, 2017]
   Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
-    project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
+    project <https://github.com/google/oss-fuzz/tree/master/projects/libpng>.
 
 Version 1.6.32 [August 24, 2017]
   No changes.
@@ -6323,16 +6323,23 @@ Version 1.6.53 [December 5, 2025]
 
 Version 1.6.54 [January 12, 2026]
   Fixed CVE-2026-22695 (medium severity):
-    Heap buffer over-read in `png_image_read_direct_scaled.
+    Heap buffer over-read in `png_image_read_direct_scaled`.
     (Reported and fixed by Petr Simecek.)
   Fixed CVE-2026-22801 (medium severity):
     Integer truncation causing heap buffer over-read in `png_image_write_*`.
   Implemented various improvements in oss-fuzz.
     (Contributed by Philippe Antoine.)
 
+Version 1.6.55 [February 9, 2026]
+  Fixed CVE-2026-25646 (high severity):
+    Heap buffer overflow in `png_set_quantize`.
+    (Reported and fixed by Joshua Inscoe.)
+  Resolved an oss-fuzz build issue involving nalloc.
+    (Contributed by Philippe Antoine.)
+
 Version 2.0.0 [TODO]
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
 Subscription is required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-implement
+<https://lists.sourceforge.net/lists/listinfo/png-mng-implement>
 to subscribe.

README.md

@@ -24,27 +24,27 @@ for more things than just PNG files.  You can use zlib as a drop-in
 replacement for `fread()` and `fwrite()`, if you are so inclined.
 
 zlib should be available at the same place that libpng is, or at
-https://zlib.net .
+<https://zlib.net>.
 
 You may also want a copy of the PNG specification.  It is available
 as an RFC, a W3C Recommendation, and an ISO/IEC Standard.  You can find
-these at http://www.libpng.org/pub/png/pngdocs.html .
+these at <http://www.libpng.org/pub/png/pngdocs.html>.
 
-This code is currently being archived at https://libpng.sourceforge.io
-in the download area, and at http://libpng.download/src .
+This code is currently being archived at <https://libpng.sourceforge.io>
+in the download area, and at <http://libpng.download/src>.
 
 This release, based in a large way on Glenn's, Guy's and Andreas'
 earlier work, was created and will be supported by myself and the PNG
 development group.
 
 Send comments, corrections and commendations to `png-mng-implement`
 at `lists.sourceforge.net`.  (Subscription is required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-implement
+<https://lists.sourceforge.net/lists/listinfo/png-mng-implement>
 to subscribe.)
 
 Send general questions about the PNG specification to `png-mng-misc`
 at `lists.sourceforge.net`.  (Subscription is required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-misc
+<https://lists.sourceforge.net/lists/listinfo/png-mng-misc>
 to subscribe.)
 
 Historical notes

TODO.md

@@ -1,5 +1,5 @@
 TODO list for libpng
---------------------
+====================
 
  * Fix all defects (duh!)
  * cHRM transformation.

ci/README.md

@@ -4,11 +4,11 @@ Scripts for the Continuous Integration of the PNG Reference Library
 Copyright Notice
 ----------------
 
-Copyright (c) 2019-2025 Cosmin Truta.
+Copyright (c) 2019-2026 Cosmin Truta.
 
 Use, modification and distribution are subject to the MIT License.
 Please see the accompanying file `LICENSE_MIT.txt` or visit
-https://opensource.org/license/mit
+<https://opensource.org/license/mit>
 
 File List
 ---------

manuals/libpng-manual.txt

@@ -1,6 +1,6 @@
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018-2025 Cosmin Truta
+ Copyright (c) 2018-2026 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -9,7 +9,7 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36, December 2018, through 1.6.54 - January 2026
+ libpng version 1.6.36, December 2018, through 1.6.55 - February 2026
  Updated and distributed by Cosmin Truta
  Copyright (c) 2018-2026 Cosmin Truta
 

manuals/libpng.3

@@ -1,4 +1,4 @@
-.TH LIBPNG 3 "January 12, 2026"
+.TH LIBPNG 3 "February 9, 2026"
 .SH NAME
 libpng \- Portable Network Graphics (PNG) Reference Library 1.8.0.git
 
@@ -507,7 +507,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng.
 .SH LIBPNG.TXT
 libpng-manual.txt - A description on how to use and modify libpng
 
- Copyright (c) 2018-2025 Cosmin Truta
+ Copyright (c) 2018-2026 Cosmin Truta
  Copyright (c) 1998-2018 Glenn Randers-Pehrson
 
  This document is released under the libpng license.
@@ -516,7 +516,7 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36, December 2018, through 1.6.54 - January 2026
+ libpng version 1.6.36, December 2018, through 1.6.55 - February 2026
  Updated and distributed by Cosmin Truta
  Copyright (c) 2018-2026 Cosmin Truta
 

manuals/png.5

@@ -1,4 +1,4 @@
-.TH PNG 5 "January 12, 2026"
+.TH PNG 5 "February 9, 2026"
 .SH NAME
 png \- Portable Network Graphics (PNG) format
 

png.h

@@ -14,7 +14,7 @@
  *   libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
  *   libpng versions 0.97, January 1998, through 1.6.35, July 2018:
  *     Glenn Randers-Pehrson
- *   libpng versions 1.6.36, December 2018, through 1.6.54, January 2026:
+ *   libpng versions 1.6.36, December 2018, through 1.6.55, February 2026:
  *     Cosmin Truta
  *   See also "Contributing Authors", below.
  */