Release libpng version 1.6.58
diff --git a/ANNOUNCE b/ANNOUNCE index 13f5346..02969b0 100644 --- a/ANNOUNCE +++ b/ANNOUNCE
@@ -1,13 +1,5 @@ -libpng 1.6.58.git -================= - -This is a development version, not intended to be a public release. -It will be replaced by a public release, or by another development -version, at a later time. - - -libpng 1.6.57 - April 8, 2026 -============================= +libpng 1.6.58 - April 15, 2026 +============================== This is a public release of libpng, intended for use in production code. @@ -17,10 +9,10 @@ Source files: - * libpng-1.6.57.tar.xz (LZMA-compressed, recommended) - * libpng-1.6.57.tar.gz (deflate-compressed) - * lpng1657.7z (LZMA-compressed) - * lpng1657.zip (deflate-compressed) + * libpng-1.6.58.tar.xz (LZMA-compressed, recommended) + * libpng-1.6.58.tar.gz (deflate-compressed) + * lpng1658.7z (LZMA-compressed) + * lpng1658.zip (deflate-compressed) Other information: @@ -30,18 +22,13 @@ * TRADEMARK.md -Changes from version 1.6.56 to version 1.6.57 +Changes from version 1.6.57 to version 1.6.58 --------------------------------------------- - * Fixed CVE-2026-34757 (medium severity): - Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` - leading to corrupted chunk data and potential heap information disclosure. - Also hardened the append-style setters (`png_set_text`, `png_set_sPLT`, - `png_set_unknown_chunks`) against a theoretical variant of the same - aliasing pattern. - (Reported by Iv4n <Iv4n550@users.noreply.github.com>.) - * Fixed integer overflow in rowbytes computation in read transforms. - (Contributed by Mohammad Seet.) + * Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE` + to return stale palette data after applying gamma and background transforms + in-place. + (Reported by ralfjunker <ralfjunker@users.noreply.github.com>.) Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
diff --git a/CHANGES b/CHANGES index 2a3fb53..208ca6e 100644 --- a/CHANGES +++ b/CHANGES
@@ -6379,7 +6379,12 @@ Fixed integer overflow in rowbytes computation in read transforms. (Contributed by Mohammad Seet.) -Version 1.6.58 [TODO] +Version 1.6.58 [April 15, 2026] + Fixed a regression introduced in version 1.6.56 that caused `png_get_PLTE` + to return stale palette data after applying gamma and background transforms + in-place. + (Reported by ralfjunker <ralfjunker@users.noreply.github.com>.) + Send comments/corrections/commendations to png-mng-implement at lists.sf.net. Subscription is required; visit
diff --git a/CMakeLists.txt b/CMakeLists.txt index 9d38e66..6904296 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt
@@ -19,8 +19,8 @@ set(PNGLIB_MAJOR 1) set(PNGLIB_MINOR 6) set(PNGLIB_REVISION 58) -#set(PNGLIB_SUBREVISION 0) -set(PNGLIB_SUBREVISION "git") +set(PNGLIB_SUBREVISION 0) +#set(PNGLIB_SUBREVISION "git") set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_REVISION}) set(PNGLIB_ABI_VERSION ${PNGLIB_MAJOR}${PNGLIB_MINOR}) set(PNGLIB_SHARED_VERSION ${PNGLIB_ABI_VERSION}.${PNGLIB_REVISION}.${PNGLIB_SUBREVISION})
diff --git a/README b/README index e6f3594..75a92ab 100644 --- a/README +++ b/README
@@ -1,5 +1,5 @@ -README for libpng version 1.6.58.git -==================================== +README for libpng version 1.6.58 +================================ See the note about version numbers near the top of `png.h`. See `INSTALL` for instructions on how to install libpng.
diff --git a/configure b/configure index 6a89111..f745826 100755 --- a/configure +++ b/configure
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.73 for libpng 1.6.58.git. +# Generated by GNU Autoconf 2.73 for libpng 1.6.58. # # Report bugs to <png-mng-implement@lists.sourceforge.net>. # @@ -598,8 +598,8 @@ # Identity of this package. PACKAGE_NAME='libpng' PACKAGE_TARNAME='libpng' -PACKAGE_VERSION='1.6.58.git' -PACKAGE_STRING='libpng 1.6.58.git' +PACKAGE_VERSION='1.6.58' +PACKAGE_STRING='libpng 1.6.58' PACKAGE_BUGREPORT='png-mng-implement@lists.sourceforge.net' PACKAGE_URL='' @@ -1408,7 +1408,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures libpng 1.6.58.git to adapt to many kinds of systems. +'configure' configures libpng 1.6.58 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1479,7 +1479,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libpng 1.6.58.git:";; + short | recursive ) echo "Configuration of libpng 1.6.58:";; esac cat <<\_ACEOF @@ -1682,7 +1682,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libpng configure 1.6.58.git +libpng configure 1.6.58 generated by GNU Autoconf 2.73 Copyright (C) 2026 Free Software Foundation, Inc. @@ -1945,7 +1945,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libpng $as_me 1.6.58.git, which was +It was created by libpng $as_me 1.6.58, which was generated by GNU Autoconf 2.73. Invocation command line was $ $0$ac_configure_args_raw @@ -3565,7 +3565,7 @@ # Define the identity of the package. PACKAGE='libpng' - VERSION='1.6.58.git' + VERSION='1.6.58' printf '%s\n' "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -3784,7 +3784,7 @@ -PNGLIB_VERSION=1.6.58.git +PNGLIB_VERSION=1.6.58 PNGLIB_MAJOR=1 PNGLIB_MINOR=6 PNGLIB_RELEASE=58 @@ -16525,7 +16525,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libpng $as_me 1.6.58.git, which was +This file was extended by libpng $as_me 1.6.58, which was generated by GNU Autoconf 2.73. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -16593,7 +16593,7 @@ cat >>"$CONFIG_STATUS" <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -libpng config.status 1.6.58.git +libpng config.status 1.6.58 configured by $0, generated by GNU Autoconf 2.73, with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac index 4e585db..4adf6bb 100644 --- a/configure.ac +++ b/configure.ac
@@ -25,7 +25,7 @@ dnl Version number stuff here: -AC_INIT([libpng],[1.6.58.git],[png-mng-implement@lists.sourceforge.net]) +AC_INIT([libpng],[1.6.58],[png-mng-implement@lists.sourceforge.net]) AC_CONFIG_MACRO_DIR([scripts/autoconf]) # libpng does not follow GNU file name conventions (hence 'foreign') @@ -46,7 +46,7 @@ dnl AM_PREREQ([1.11.2]) dnl stop configure from automagically running automake -PNGLIB_VERSION=1.6.58.git +PNGLIB_VERSION=1.6.58 PNGLIB_MAJOR=1 PNGLIB_MINOR=6 PNGLIB_RELEASE=58
diff --git a/libpng-manual.txt b/libpng-manual.txt index 6c5c18d..4413ce9 100644 --- a/libpng-manual.txt +++ b/libpng-manual.txt
@@ -9,7 +9,7 @@ Based on: - libpng version 1.6.36, December 2018, through 1.6.57 - April 2026 + libpng version 1.6.36, December 2018, through 1.6.58 - April 2026 Updated and distributed by Cosmin Truta Copyright (c) 2018-2026 Cosmin Truta
diff --git a/libpng.3 b/libpng.3 index c21f4ce..8100402 100644 --- a/libpng.3 +++ b/libpng.3
@@ -1,6 +1,6 @@ -.TH LIBPNG 3 "April 8, 2026" +.TH LIBPNG 3 "April 15, 2026" .SH NAME -libpng \- Portable Network Graphics (PNG) Reference Library 1.6.57 +libpng \- Portable Network Graphics (PNG) Reference Library 1.6.58 .SH SYNOPSIS \fB#include <png.h>\fP @@ -528,7 +528,7 @@ Based on: - libpng version 1.6.36, December 2018, through 1.6.57 - April 2026 + libpng version 1.6.36, December 2018, through 1.6.58 - April 2026 Updated and distributed by Cosmin Truta Copyright (c) 2018-2026 Cosmin Truta
diff --git a/libpngpf.3 b/libpngpf.3 index 51f0c38..4d486d7 100644 --- a/libpngpf.3 +++ b/libpngpf.3
@@ -1,6 +1,6 @@ -.TH LIBPNGPF 3 "April 8, 2026" +.TH LIBPNGPF 3 "April 15, 2026" .SH NAME -libpng \- Portable Network Graphics (PNG) Reference Library 1.6.57 +libpng \- Portable Network Graphics (PNG) Reference Library 1.6.58 .SH SYNOPSIS \fB#include "pngpriv.h"\fP
diff --git a/png.5 b/png.5 index df25110..803f8f6 100644 --- a/png.5 +++ b/png.5
@@ -1,4 +1,4 @@ -.TH PNG 5 "April 8, 2026" +.TH PNG 5 "April 15, 2026" .SH NAME png \- Portable Network Graphics (PNG) format
diff --git a/png.c b/png.c index 0d45485..cebe7af 100644 --- a/png.c +++ b/png.c
@@ -13,7 +13,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_58_git Your_png_h_is_not_version_1_6_58_git; +typedef png_libpng_version_1_6_58 Your_png_h_is_not_version_1_6_58; /* Sanity check the chunks definitions - PNG_KNOWN_CHUNKS from pngpriv.h and the * corresponding macro definitions. This causes a compile time failure if @@ -820,7 +820,7 @@ return PNG_STRING_COPYRIGHT #else return PNG_STRING_NEWLINE \ - "libpng version 1.6.58.beta" PNG_STRING_NEWLINE \ + "libpng version 1.6.58" PNG_STRING_NEWLINE \ "Copyright (c) 2018-2026 Cosmin Truta" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \
diff --git a/png.h b/png.h index 95e2132..1d98cc5 100644 --- a/png.h +++ b/png.h
@@ -1,6 +1,6 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.58.git + * libpng version 1.6.58 * * Copyright (c) 2018-2026 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson @@ -14,7 +14,7 @@ * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger * libpng versions 0.97, January 1998, through 1.6.35, July 2018: * Glenn Randers-Pehrson - * libpng versions 1.6.36, December 2018, through 1.6.57, April 2026: + * libpng versions 1.6.36, December 2018, through 1.6.58, April 2026: * Cosmin Truta * See also "Contributing Authors", below. */ @@ -238,7 +238,7 @@ * ... * 1.5.30 15 10530 15.so.15.30[.0] * ... - * 1.6.57 16 10657 16.so.16.57[.0] + * 1.6.58 16 10658 16.so.16.58[.0] * * Henceforth the source version will match the shared-library major and * minor numbers; the shared-library major version number will be used for @@ -274,7 +274,7 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.58.git" +#define PNG_LIBPNG_VER_STRING "1.6.58" #define PNG_HEADER_VERSION_STRING " libpng version " PNG_LIBPNG_VER_STRING "\n" /* The versions of shared library builds should stay in sync, going forward */ @@ -290,7 +290,7 @@ /* This should be zero for a public release, or non-zero for a * development version. */ -#define PNG_LIBPNG_VER_BUILD 1 +#define PNG_LIBPNG_VER_BUILD 0 /* Release Status */ #define PNG_LIBPNG_BUILD_ALPHA 1 @@ -307,7 +307,7 @@ #define PNG_LIBPNG_BUILD_SPECIAL 32 /* Cannot be OR'ed with PNG_LIBPNG_BUILD_PRIVATE */ -#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_BETA +#define PNG_LIBPNG_BUILD_BASE_TYPE PNG_LIBPNG_BUILD_STABLE /* Careful here. At one time, Guy wanted to use 082, but that * would be octal. We must not include leading zeros. @@ -316,7 +316,7 @@ * From version 1.0.1 it is: * XXYYZZ, where XX=major, YY=minor, ZZ=release */ -#define PNG_LIBPNG_VER 10658 /* 1.6.58.git */ +#define PNG_LIBPNG_VER 10658 /* 1.6.58 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -426,7 +426,7 @@ /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char *png_libpng_version_1_6_58_git; +typedef char *png_libpng_version_1_6_58; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. *
diff --git a/pngconf.h b/pngconf.h index 9e52ad7..3eda9d0 100644 --- a/pngconf.h +++ b/pngconf.h
@@ -1,6 +1,6 @@ /* pngconf.h - machine-configurable file for libpng * - * libpng version 1.6.58.git + * libpng version 1.6.58 * * Copyright (c) 2018-2026 Cosmin Truta * Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson
diff --git a/pngtest.c b/pngtest.c index f96a82c..098d7f1 100644 --- a/pngtest.c +++ b/pngtest.c
@@ -49,9 +49,6 @@ */ #define STDERR stdout -/* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_58_git Your_png_h_is_not_version_1_6_58_git; - /* Ensure that all version numbers in png.h are consistent with one another. */ #if (PNG_LIBPNG_VER != PNG_LIBPNG_VER_MAJOR * 10000 + \ PNG_LIBPNG_VER_MINOR * 100 + \
diff --git a/scripts/libpng-config-head.in b/scripts/libpng-config-head.in index baadea5..efafb11 100644 --- a/scripts/libpng-config-head.in +++ b/scripts/libpng-config-head.in
@@ -11,7 +11,7 @@ # Modeled after libxml-config. -version=1.6.58.git +version=1.6.58 prefix="" libdir="" libs=""
diff --git a/scripts/libpng.pc.in b/scripts/libpng.pc.in index 7d527e7..d75d7d6 100644 --- a/scripts/libpng.pc.in +++ b/scripts/libpng.pc.in
@@ -5,6 +5,6 @@ Name: libpng Description: Loads and saves PNG files -Version: 1.6.58.git +Version: 1.6.58 Libs: -L${libdir} -lpng16 Cflags: -I${includedir}
diff --git a/scripts/pnglibconf.h.prebuilt b/scripts/pnglibconf.h.prebuilt index 3778e3b..435c752 100644 --- a/scripts/pnglibconf.h.prebuilt +++ b/scripts/pnglibconf.h.prebuilt
@@ -1,6 +1,6 @@ /* pnglibconf.h - library build configuration */ -/* libpng version 1.6.58.git */ +/* libpng version 1.6.58 */ /* Copyright (c) 2018-2026 Cosmin Truta */ /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */