[libpng] Update: v1.6.57 -> v1.6.58

GerbilSoft · GerbilSoft · commit d609d6d676e7 · 2026-04-18T20:38:10.000-04:00
Includes the APNG patch.
diff --git a/extlib/libpng/ANNOUNCE b/extlib/libpng/ANNOUNCE
@@ -1,5 +1,5 @@
-libpng 1.6.57 - April 8, 2026
-=============================
+libpng 1.6.58 - April 15, 2026
+==============================
 
 This is a public release of libpng, intended for use in production code.
 
@@ -9,10 +9,10 @@ Files available for download
 
 Source files:
 
- * libpng-1.6.57.tar.xz (LZMA-compressed, recommended)
- * libpng-1.6.57.tar.gz (deflate-compressed)
- * lpng1657.7z (LZMA-compressed)
- * lpng1657.zip (deflate-compressed)
+ * libpng-1.6.58.tar.xz (LZMA-compressed, recommended)
+ * libpng-1.6.58.tar.gz (deflate-compressed)
+ * lpng1658.7z (LZMA-compressed)
+ * lpng1658.zip (deflate-compressed)
 
 Other information:
 
@@ -22,18 +22,13 @@ Other information:
  * TRADEMARK.md
 
 
-Changes from version 1.6.56 to version 1.6.57
+Changes from version 1.6.57 to version 1.6.58
 ---------------------------------------------
 
- * Fixed CVE-2026-34757 (medium severity):
-   Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST`
-   leading to corrupted chunk data and potential heap information disclosure.
-   Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`,
-   `png_set_unknown_chunks`) against a theoretical variant of the same
-   aliasing pattern.
-   (Reported by Iv4n <Iv4n550@users.noreply.github.com>.)
- * Fixed integer overflow in rowbytes computation in read transforms.
-   (Contributed by Mohammad Seet.)
+ * Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE`
+   to return stale palette data after applying gamma and background transforms
+   in-place.
+   (Reported by ralfjunker <ralfjunker@users.noreply.github.com>.)
 
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
diff --git a/extlib/libpng/CHANGES b/extlib/libpng/CHANGES
@@ -6379,6 +6379,13 @@ Version 1.6.57 [April 8, 2026]
   Fixed integer overflow in rowbytes computation in read transforms.
     (Contributed by Mohammad Seet.)
 
+Version 1.6.58 [April 15, 2026]
+  Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE`
+    to return stale palette data after applying gamma and background transforms
+    in-place.
+    (Reported by ralfjunker <ralfjunker@users.noreply.github.com>.)
+
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
 Subscription is required; visit
 <https://lists.sourceforge.net/lists/listinfo/png-mng-implement>
diff --git a/extlib/libpng/CMakeLists.txt b/extlib/libpng/CMakeLists.txt
@@ -20,7 +20,7 @@ ENDIF(0)
 
 set(PNGLIB_MAJOR 1)
 set(PNGLIB_MINOR 6)
-set(PNGLIB_REVISION 57)
+set(PNGLIB_REVISION 58)
 set(PNGLIB_SUBREVISION 0)
 #set(PNGLIB_SUBREVISION "git")
 set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_REVISION})
diff --git a/extlib/libpng/README b/extlib/libpng/README
@@ -1,4 +1,4 @@
-README for libpng version 1.6.57
+README for libpng version 1.6.58
 ================================
 
 See the note about version numbers near the top of `png.h`.
diff --git a/extlib/libpng/_MODIFIED_LIBPNG.txt b/extlib/libpng/_MODIFIED_LIBPNG.txt
@@ -1,9 +1,9 @@
-This copy of libpng-1.6.57 is a modified version of the original.
+This copy of libpng-1.6.58 is a modified version of the original.
 
-commit 95ab3fdca83ea294efd3b092e9a53c5a39886444
-Release libpng version 1.6.57
+commit 3061454d980de7d53608f594194cfac722721d2a
+Release libpng version 1.6.58
     
-Tag: v1.6.57
+Tag: v1.6.58
 
 The following changes have been made to the original:
 
@@ -14,5 +14,5 @@ The following changes have been made to the original:
 - APNG support has been added via the APNG patch:
   http://sourceforge.net/projects/libpng-apng/
 
-To obtain the original libpng-1.6.57, visit:
+To obtain the original libpng-1.6.58, visit:
 http://www.libpng.org/pub/png/libpng.html
diff --git a/extlib/libpng/libpng-manual.txt b/extlib/libpng/libpng-manual.txt
@@ -9,7 +9,7 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36, December 2018, through 1.6.57 - April 2026
+ libpng version 1.6.36, December 2018, through 1.6.58 - April 2026
  Updated and distributed by Cosmin Truta
  Copyright (c) 2018-2026 Cosmin Truta
 
diff --git a/extlib/libpng/libpng.3 b/extlib/libpng/libpng.3
@@ -1,6 +1,6 @@
-.TH LIBPNG 3 "April 8, 2026"
+.TH LIBPNG 3 "April 15, 2026"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.6.57
+libpng \- Portable Network Graphics (PNG) Reference Library 1.6.58
 
 .SH SYNOPSIS
 \fB#include <png.h>\fP
@@ -528,7 +528,7 @@ libpng-manual.txt - A description on how to use and modify libpng
 
  Based on:
 
- libpng version 1.6.36, December 2018, through 1.6.57 - April 2026
+ libpng version 1.6.36, December 2018, through 1.6.58 - April 2026
  Updated and distributed by Cosmin Truta
  Copyright (c) 2018-2026 Cosmin Truta
 
diff --git a/extlib/libpng/libpngpf.3 b/extlib/libpng/libpngpf.3
@@ -1,6 +1,6 @@
-.TH LIBPNGPF 3 "April 8, 2026"
+.TH LIBPNGPF 3 "April 15, 2026"
 .SH NAME
-libpng \- Portable Network Graphics (PNG) Reference Library 1.6.57
+libpng \- Portable Network Graphics (PNG) Reference Library 1.6.58
 
 .SH SYNOPSIS
 \fB#include "pngpriv.h"\fP
diff --git a/extlib/libpng/png.5 b/extlib/libpng/png.5
@@ -1,4 +1,4 @@
-.TH PNG 5 "April 8, 2026"
+.TH PNG 5 "April 15, 2026"
 .SH NAME
 png \- Portable Network Graphics (PNG) format
 
diff --git a/extlib/libpng/png.c b/extlib/libpng/png.c
@@ -13,7 +13,7 @@
 #include "pngpriv.h"
 
 /* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_57 Your_png_h_is_not_version_1_6_57;
+typedef png_libpng_version_1_6_58 Your_png_h_is_not_version_1_6_58;
 
 /* Sanity check the chunks definitions - PNG_KNOWN_CHUNKS from pngpriv.h and the
  * corresponding macro definitions.  This causes a compile time failure if
@@ -820,7 +820,7 @@ png_get_copyright(png_const_structrp png_ptr)
    return PNG_STRING_COPYRIGHT
 #else
    return PNG_STRING_NEWLINE \
-      "libpng version 1.6.57" PNG_STRING_NEWLINE \
+      "libpng version 1.6.58" PNG_STRING_NEWLINE \
       "Copyright (c) 2018-2026 Cosmin Truta" PNG_STRING_NEWLINE \
       "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \
       PNG_STRING_NEWLINE \
diff --git a/extlib/libpng/png.h b/extlib/libpng/png.h
@@ -1,6 +1,6 @@
 /* png.h - header file for PNG reference library
  *
- * libpng version 1.6.57
+ * libpng version 1.6.58
  *
  * Copyright (c) 2018-2026 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
@@ -14,7 +14,7 @@
  *   libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
  *   libpng versions 0.97, January 1998, through 1.6.35, July 2018:
  *     Glenn Randers-Pehrson
- *   libpng versions 1.6.36, December 2018, through 1.6.57, April 2026:
+ *   libpng versions 1.6.36, December 2018, through 1.6.58, April 2026:
  *     Cosmin Truta
  *   See also "Contributing Authors", below.
  */
@@ -238,7 +238,7 @@
  *    ...
  *    1.5.30                  15    10530  15.so.15.30[.0]
  *    ...
- *    1.6.57                  16    10657  16.so.16.57[.0]
+ *    1.6.58                  16    10658  16.so.16.58[.0]
  *
  *    Henceforth the source version will match the shared-library major and
  *    minor numbers; the shared-library major version number will be used for
@@ -274,7 +274,7 @@
  */
 
 /* Version information for png.h - this should match the version in png.c */
-#define PNG_LIBPNG_VER_STRING "1.6.57"
+#define PNG_LIBPNG_VER_STRING "1.6.58"
 #define PNG_HEADER_VERSION_STRING " libpng version " PNG_LIBPNG_VER_STRING "\n"
 
 /* The versions of shared library builds should stay in sync, going forward */
@@ -285,7 +285,7 @@
 /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */
 #define PNG_LIBPNG_VER_MAJOR   1
 #define PNG_LIBPNG_VER_MINOR   6
-#define PNG_LIBPNG_VER_RELEASE 57
+#define PNG_LIBPNG_VER_RELEASE 58
 
 /* This should be zero for a public release, or non-zero for a
  * development version.
@@ -316,7 +316,7 @@
  * From version 1.0.1 it is:
  * XXYYZZ, where XX=major, YY=minor, ZZ=release
  */
-#define PNG_LIBPNG_VER 10657 /* 1.6.57 */
+#define PNG_LIBPNG_VER 10658 /* 1.6.58 */
 
 /* Library configuration: these options cannot be changed after
  * the library has been built.
@@ -441,7 +441,7 @@ extern "C" {
 /* This triggers a compiler error in png.c, if png.c and png.h
  * do not agree upon the version number.
  */
-typedef char *png_libpng_version_1_6_57;
+typedef char *png_libpng_version_1_6_58;
 
 /* Basic control structions.  Read libpng-manual.txt or libpng.3 for more info.
  *
diff --git a/extlib/libpng/pngconf.h b/extlib/libpng/pngconf.h
@@ -1,6 +1,6 @@
 /* pngconf.h - machine-configurable file for libpng
  *
- * libpng version 1.6.57
+ * libpng version 1.6.58
  *
  * Copyright (c) 2018-2026 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson
diff --git a/extlib/libpng/pngpread.c b/extlib/libpng/pngpread.c
@@ -1,6 +1,6 @@
 /* pngpread.c - read a png file in push mode
  *
- * Copyright (c) 2018-2025 Cosmin Truta
+ * Copyright (c) 2018-2026 Cosmin Truta
  * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
  * Copyright (c) 1996-1997 Andreas Dilger
  * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
@@ -216,19 +216,12 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
             return;
          }
 
+         png_crc_finish(png_ptr, png_ptr->push_length);
          png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
          return;
       }
       else if (chunk_name == png_fdAT)
       {
-         if (png_ptr->buffer_size < 4)
-         {
-            png_push_save_buffer(png_ptr);
-            return;
-         }
-
-         png_ensure_sequence_number(png_ptr, 4);
-
          if (!(png_ptr->mode & PNG_HAVE_fcTL))
          {
             /* Discard trailing fdATs for frames other than the first. */
@@ -241,13 +234,22 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
                return;
             }
 
+            png_ensure_sequence_number(png_ptr, png_ptr->push_length);
+            png_crc_finish(png_ptr, png_ptr->push_length - 4);
             png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
             return;
          }
 
          else
          {
             /* Frame data follows. */
+            if (png_ptr->buffer_size < 4)
+            {
+               png_push_save_buffer(png_ptr);
+               return;
+            }
+
+            png_ensure_sequence_number(png_ptr, png_ptr->push_length);
             png_ptr->idat_size = png_ptr->push_length - 4;
             png_ptr->mode |= PNG_HAVE_IDAT;
             png_ptr->process_mode = PNG_READ_IDAT_MODE;
@@ -291,6 +293,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
             return;
          }
          png_warning(png_ptr, "Ignoring unexpected chunk in APNG sequence");
+         png_crc_finish(png_ptr, png_ptr->push_length);
          png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
          return;
       }
diff --git a/extlib/libpng/pngrtran.c b/extlib/libpng/pngrtran.c
@@ -2071,19 +2071,15 @@ png_read_transform_info(png_structrp png_ptr, png_inforp info_ptr)
 {
    png_debug(1, "in png_read_transform_info");
 
-   if (png_ptr->transformations != 0)
+   if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
+       info_ptr->palette != NULL && png_ptr->palette != NULL)
    {
-      if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
-          info_ptr->palette != NULL && png_ptr->palette != NULL)
-      {
-         /* Sync info_ptr->palette with png_ptr->palette.
-          * The function png_init_read_transformations may have modified
-          * png_ptr->palette in place (e.g. for gamma correction or for
-          * background compositing).
-          */
-         memcpy(info_ptr->palette, png_ptr->palette,
-             PNG_MAX_PALETTE_LENGTH * (sizeof (png_color)));
-      }
+      /* Sync info_ptr->palette with png_ptr->palette, which may
+       * have been modified by png_init_read_transformations
+       * (e.g. for gamma correction or background compositing).
+       */
+      memcpy(info_ptr->palette, png_ptr->palette,
+          PNG_MAX_PALETTE_LENGTH * (sizeof (png_color)));
    }
 
 #ifdef PNG_READ_EXPAND_SUPPORTED
diff --git a/extlib/libpng/pngtest.c b/extlib/libpng/pngtest.c
@@ -49,9 +49,6 @@
  */
 #define STDERR stdout
 
-/* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_57 Your_png_h_is_not_version_1_6_57;
-
 /* Ensure that all version numbers in png.h are consistent with one another. */
 #if (PNG_LIBPNG_VER != PNG_LIBPNG_VER_MAJOR * 10000 + \
                        PNG_LIBPNG_VER_MINOR * 100 + \
diff --git a/extlib/libpng/scripts/libpng-config-head.in b/extlib/libpng/scripts/libpng-config-head.in
@@ -11,7 +11,7 @@
 
 # Modeled after libxml-config.
 
-version=1.6.57
+version=1.6.58
 prefix=""
 libdir=""
 libs=""
diff --git a/extlib/libpng/scripts/libpng.pc.in b/extlib/libpng/scripts/libpng.pc.in
@@ -5,6 +5,6 @@ includedir=@includedir@/libpng16
 
 Name: libpng
 Description: Loads and saves PNG files
-Version: 1.6.57
+Version: 1.6.58
 Libs: -L${libdir} -lpng16
 Cflags: -I${includedir}
diff --git a/extlib/libpng/scripts/pnglibconf.h.prebuilt b/extlib/libpng/scripts/pnglibconf.h.prebuilt
@@ -1,6 +1,6 @@
 /* pnglibconf.h - library build configuration */
 
-/* libpng version 1.6.57 */
+/* libpng version 1.6.58 */
 
 /* Copyright (c) 2018-2026 Cosmin Truta */
 /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-README for libpng version 1.6.57`
	`1`	`+README for libpng version 1.6.58`
`2`	`2`	`================================`
`3`	`3`
`4`	`4`	See the note about version numbers near the top of `png.h`.
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-.TH PNG 5 "April 8, 2026"`
	`1`	`+.TH PNG 5 "April 15, 2026"`
`2`	`2`	`.SH NAME`
`3`	`3`	`png \- Portable Network Graphics (PNG) format`
`4`	`4`