libpng: 1.6.56 -> 1.6.58

Fixes: CVE-2026-34757 and CVE-2026-40930 (#528286) (cherry picked from commit 316db7c96c)
2026-06-05 21:03:40 +00:00 · 2026-06-05 12:52:54 +02:00
parent d75964c098
commit d2abe837df
1 changed files with 4 additions and 4 deletions
--- a/pkgs/development/libraries/libpng/default.nix
+++ b/pkgs/development/libraries/libpng/default.nix
@@ -10,21 +10,21 @@
 assert zlib != null;

 let
-  patchVersion = "1.6.56";
+  patchVersion = "1.6.58";
  patch_src = fetchurl {
    url = "mirror://sourceforge/libpng-apng/libpng-${patchVersion}-apng.patch.gz";
-    hash = "sha256-nOMtSidjoqxfJYcmui9J6QETJ8HujDCGKjLQ8wiJ++g=";
+    hash = "sha256-7ufeoi7VAoaAF5cchsY8TtHmCF3guuv9zD0zIvAPPrA=";
  };
  whenPatched = lib.optionalString apngSupport;

 in
 stdenv.mkDerivation (finalAttrs: {
  pname = "libpng" + whenPatched "-apng";
-  version = "1.6.56";
+  version = "1.6.58";

  src = fetchurl {
    url = "mirror://sourceforge/libpng/libpng-${finalAttrs.version}.tar.xz";
-    hash = "sha256-99i/FgG3gE9YOiVKs0OmVJymzyfSVcMCxHry2dNqbxg=";
+    hash = "sha256-KOtAP1Hw90BSSRMs7P6C6lwO+X8bMsWmWCiBSuDTR3U=";
  };
  postPatch =
    whenPatched "gunzip < ${patch_src} | patch -Np1"