Merge pull request #639 from espressif/fix/libpng_security_2

fix(libpng): Update libpng to 1.6.52

Author: mahavirj

.github/workflows/test_sbom.yml

@@ -9,8 +9,9 @@ jobs:
     name: Run SBOM manifests validation test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - run: |
+      - uses: actions/checkout@v6
+      - name: Validate SBOM manifests
+        run: |
           git config --global safe.directory $(pwd)
           pip install esp-idf-sbom
           python3 -m esp_idf_sbom manifest validate

libpng/idf_component.yml

@@ -1,4 +1,4 @@
-version: "1.6.51"
+version: "1.6.52"
 description: Portable Network Graphics(png) C library
 url: https://github.com/espressif/idf-extra-components/tree/master/libpng
 repository: "https://github.com/espressif/idf-extra-components.git"

libpng/libpng

@@ -1,6 +1,6 @@
 /* pnglibconf.h - library build configuration */
 
-/* libpng version 1.6.51 */
+/* libpng version 1.6.52 */
 
 /* Copyright (c) 2018-2025 Cosmin Truta */
 /* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */

libpng/pnglibconf.h

@@ -1,12 +1,12 @@
 name: libpng
-version: 1.6.51
+version: 1.6.52
 cpe:
  - cpe:2.3:a:pnggroup:libpng:{}:*:*:*:*:*:*:*
  - cpe:2.3:a:libpng:libpng:{}:*:*:*:*:*:*:*
 supplier: 'Organization: pnggroup'
 description: Portable Network Graphics support, official PNG reference library
 url: https://github.com/pnggroup/libpng
-hash: 49363adcfaf098748d7a4c8c624ad8c45a8c3a86
+hash: fbed16182b92eeb3a06d96e49f0836d450318098
 cve-exclude-list:
   - cve: CVE-2025-64720
     reason: Resolved in version 1.6.51
@@ -16,3 +16,5 @@ cve-exclude-list:
     reason: Resolved in version 1.6.51
   - cve: CVE-2025-64506
     reason: Resolved in version 1.6.51
+  - cve: CVE-2025-66293
+    reason: Resolved in version 1.6.52