diff --git a/CVE-2019-6129.patch b/CVE-2019-6129.patch
deleted file mode 100644
index 04179b14c88f3700ada94a26206f94a37627965b..0000000000000000000000000000000000000000
--- a/CVE-2019-6129.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From a0ca4293454ef65e67efca5dc440c601d2835e90 Mon Sep 17 00:00:00 2001
-From: tangyaofang <tangyaofang6666@163.com>
-Date: Mon, 10 Jun 2019 11:30:15 +0800
-Subject: [PATCH] Repair of CVE-2019-6129
-
----
- contrib/tools/pngcp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/contrib/tools/pngcp.c b/contrib/tools/pngcp.c
-index 16d4e7f4d..a02d5b7ff 100644
---- a/contrib/tools/pngcp.c
-+++ b/contrib/tools/pngcp.c
-@@ -506,7 +506,7 @@ static void
- display_clean_read(struct display *dp)
- {
-    if (dp->read_pp != NULL)
--      png_destroy_read_struct(&dp->read_pp, NULL, NULL);
-+      png_destroy_read_struct(&dp->read_pp, (dp->ip!=NULL ? &dp->ip : NULL), NULL);
- 
-    if (dp->fp != NULL)
-    {
-
diff --git a/libpng-1.6.38.tar.gz b/libpng-1.6.38.tar.gz
deleted file mode 100644
index 33ded2a77048d8db6f5b5c203a84aeb3fcec278e..0000000000000000000000000000000000000000
Binary files a/libpng-1.6.38.tar.gz and /dev/null differ
diff --git a/libpng-1.6.40.tar.gz b/libpng-1.6.40.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..c7bfde4bc2205c4ed78e574e87221b1c495a693e
Binary files /dev/null and b/libpng-1.6.40.tar.gz differ
diff --git a/libpng.spec b/libpng.spec
index 979464d83177878b7cccfa0158dfed9d6d17adde..544e676057dbc7c09f1f1f42eef32d572d9bbaea 100644
--- a/libpng.spec
+++ b/libpng.spec
@@ -1,7 +1,7 @@
 Name:           libpng
 Epoch:          2
-Version:        1.6.38
-Release:        2
+Version:        1.6.40
+Release:        1
 Summary:        A library of functions for manipulating PNG image format files
 License:        zlib
 URL:            http://www.libpng.org/pub/png/libpng.html
@@ -10,7 +10,6 @@ Source1:        pngusr.dfa
 
 Patch0:         libpng-multilib.patch
 Patch1:         libpng-fix-arm-neon.patch
-Patch2:         CVE-2019-6129.patch
 
 BuildRequires:  zlib-devel autoconf automake libtool
 
@@ -89,6 +88,9 @@ make check
 %{_mandir}/man*/*
 
 %changelog
+* Thu Jul 13 2023 jiangxinyu <jiangxinyu@kylinoss.cn> - 1.6.40-1
+- Update package to version 1.6.40
+
 * Thu Dec 15 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.6.38-2
 - remove example.c from help