SOURCES/libpng-1.6-cve-2026-25646.patch

@@ -1,15 +0,0 @@
-diff --git a/pngrtran.c b/pngrtran.c
-index fe8f9d32c9..1fce9af121 100644
---- a/pngrtran.c
-+++ b/pngrtran.c
-@@ -371,8 +371,8 @@ png_set_dither(png_structrp png_ptr, png_colorp palette,
-                      if (t == NULL)
-                          break;
-                      t->next = hash[d];
--                     t->left = (png_byte)i;
--                     t->right = (png_byte)j;
-+                     t->left = png_ptr->palette_to_index[i];
-+                     t->right = png_ptr->palette_to_index[j];
-                      hash[d] = t;
-                   }
-                }

SPECS/libpng12.spec

@@ -1,7 +1,7 @@
 Summary: Old version of libpng, needed to run old binaries
 Name: libpng12
 Version: 1.2.57
-Release: 6%{?dist}
+Release: 5%{?dist}
 License: zlib
 URL: http://www.libpng.org/pub/png/
 
@@ -14,9 +14,6 @@ Source0: https://ftp-osl.osuosl.org/pub/libpng/src/libpng12/libpng-%{version}.ta
 
 Patch0: libpng12-multilib.patch
 Patch1: libpng12-pngconf.patch
-# from upstream, for <= 1.6.54, RHEL-148339
-# https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
-Patch2: libpng-1.6-cve-2026-25646.patch
 
 BuildRequires: pkgconfig
 BuildRequires: zlib-devel
@@ -39,9 +36,8 @@ for developing programs using libpng12.
 %prep
 %setup -q -n libpng-%{version}
 
-%patch -P 0 -p1
-%patch -P 1 -p1
-%patch -P 2 -p1 -b .cve-2026-25646
+%patch0 -p1
+%patch1 -p1
 
 %build
 %configure \
@@ -86,9 +82,6 @@ make check
 %{_libdir}/pkgconfig/libpng12.pc
 
 %changelog
-* Fri Mar 13 2026 Michal Hlavinka <mhlavink@redhat.com> - 1.2.57-6
-- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148339)
-
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.57-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild