Merge pull request #626 from espressif/fix/libpng_security

fix(libpng): Update to version 1.6.51

Author: tore-espressif

libpng/idf_component.yml

@@ -1,11 +1,13 @@
-version: "1.6.39~1"
+version: "1.6.51"
 description: Portable Network Graphics(png) C library
 url: https://github.com/espressif/idf-extra-components/tree/master/libpng
 repository: "https://github.com/espressif/idf-extra-components.git"
+repository_info:
+  path: "libpng"
 documentation: "http://www.libpng.org/pub/png/pngdocs.html"
 issues: "https://github.com/espressif/idf-extra-components/issues"
 dependencies:
-  idf: ">=4.4"
+  idf: ">=5.0"
   zlib:
     version: "^1.2.13"
     override_path: "../zlib"

libpng/libpng

@@ -1,8 +1,8 @@
 /* pnglibconf.h - library build configuration */
 
-/* libpng version 1.6.40.git */
+/* libpng version 1.6.51 */
 
-/* Copyright (c) 2018-2023 Cosmin Truta */
+/* Copyright (c) 2018-2025 Cosmin Truta */
 /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */
 
 /* This code is released under the libpng license. */
@@ -27,6 +27,7 @@
 #define PNG_COLORSPACE_SUPPORTED
 #define PNG_CONSOLE_IO_SUPPORTED
 #define PNG_CONVERT_tIME_SUPPORTED
+/*#undef PNG_DISABLE_ADLER32_CHECK_SUPPORTED*/
 #define PNG_EASY_ACCESS_SUPPORTED
 /*#undef PNG_ERROR_NUMBERS_SUPPORTED*/
 #define PNG_ERROR_TEXT_SUPPORTED
@@ -41,6 +42,10 @@
 #define PNG_INCH_CONVERSIONS_SUPPORTED
 #define PNG_INFO_IMAGE_SUPPORTED
 #define PNG_IO_STATE_SUPPORTED
+/*#undef PNG_MIPS_MMI_API_SUPPORTED*/
+/*#undef PNG_MIPS_MMI_CHECK_SUPPORTED*/
+/*#undef PNG_MIPS_MSA_API_SUPPORTED*/
+/*#undef PNG_MIPS_MSA_CHECK_SUPPORTED*/
 #define PNG_MNG_FEATURES_SUPPORTED
 #define PNG_POINTER_INDEXING_SUPPORTED
 /*#undef PNG_POWERPC_VSX_API_SUPPORTED*/
@@ -83,11 +88,14 @@
 #define PNG_READ_USER_TRANSFORM_SUPPORTED
 #define PNG_READ_bKGD_SUPPORTED
 #define PNG_READ_cHRM_SUPPORTED
+#define PNG_READ_cICP_SUPPORTED
+#define PNG_READ_cLLI_SUPPORTED
 #define PNG_READ_eXIf_SUPPORTED
 #define PNG_READ_gAMA_SUPPORTED
 #define PNG_READ_hIST_SUPPORTED
 #define PNG_READ_iCCP_SUPPORTED
 #define PNG_READ_iTXt_SUPPORTED
+#define PNG_READ_mDCV_SUPPORTED
 #define PNG_READ_oFFs_SUPPORTED
 #define PNG_READ_pCAL_SUPPORTED
 #define PNG_READ_pHYs_SUPPORTED
@@ -153,11 +161,14 @@
 #define PNG_WRITE_WEIGHTED_FILTER_SUPPORTED
 #define PNG_WRITE_bKGD_SUPPORTED
 #define PNG_WRITE_cHRM_SUPPORTED
+#define PNG_WRITE_cICP_SUPPORTED
+#define PNG_WRITE_cLLI_SUPPORTED
 #define PNG_WRITE_eXIf_SUPPORTED
 #define PNG_WRITE_gAMA_SUPPORTED
 #define PNG_WRITE_hIST_SUPPORTED
 #define PNG_WRITE_iCCP_SUPPORTED
 #define PNG_WRITE_iTXt_SUPPORTED
+#define PNG_WRITE_mDCV_SUPPORTED
 #define PNG_WRITE_oFFs_SUPPORTED
 #define PNG_WRITE_pCAL_SUPPORTED
 #define PNG_WRITE_pHYs_SUPPORTED
@@ -171,11 +182,14 @@
 #define PNG_WRITE_zTXt_SUPPORTED
 #define PNG_bKGD_SUPPORTED
 #define PNG_cHRM_SUPPORTED
+#define PNG_cICP_SUPPORTED
+#define PNG_cLLI_SUPPORTED
 #define PNG_eXIf_SUPPORTED
 #define PNG_gAMA_SUPPORTED
 #define PNG_hIST_SUPPORTED
 #define PNG_iCCP_SUPPORTED
 #define PNG_iTXt_SUPPORTED
+#define PNG_mDCV_SUPPORTED
 #define PNG_oFFs_SUPPORTED
 #define PNG_pCAL_SUPPORTED
 #define PNG_pHYs_SUPPORTED

libpng/pnglibconf.h

@@ -1,7 +1,18 @@
 name: libpng
-version: 1.6.39
-cpe: cpe:2.3:a:libpng:libpng:{}:*:*:*:*:*:*:*
-supplier: 'Organization: libpng'
+version: 1.6.51
+cpe:
+ - cpe:2.3:a:pnggroup:libpng:{}:*:*:*:*:*:*:*
+ - cpe:2.3:a:libpng:libpng:{}:*:*:*:*:*:*:*
+supplier: 'Organization: pnggroup'
 description: Portable Network Graphics support, official PNG reference library
-url: https://github.com/glennrp/libpng
-hash: 07b8803110da160b158ebfef872627da6c85cbdf
+url: https://github.com/pnggroup/libpng
+hash: 49363adcfaf098748d7a4c8c624ad8c45a8c3a86
+cve-exclude-list:
+  - cve: CVE-2025-64720
+    reason: Resolved in version 1.6.51
+  - cve: CVE-2025-65018
+    reason: Resolved in version 1.6.51
+  - cve: CVE-2025-64505
+    reason: Resolved in version 1.6.51
+  - cve: CVE-2025-64506
+    reason: Resolved in version 1.6.51