giflib: Fix CVE-2026-23868

Pick patch according to [1] [1] https://www.facebook.com/security/advisories/cve-2026-23868 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Vijay Anusuri <vanusuri@mvista.com> 2026-03-26 09:20:04 +0530
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2026-03-26 06:54:14 +0100
commit: b54d0fb888b8784afd99a0720a3efe8d4e35f02d (patch)
tree: 08f12eba0a749736faf0e64b2ada2122d58cc3b6
parent: 2fd8d7e4852ca25ca91b7bdb276b4d4ff8fc9527 (diff)
download: meta-openembedded-b54d0fb888b8784afd99a0720a3efe8d4e35f02d.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch b/meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch
new file mode 100644
index 0000000000..4243344d9e
--- /dev/null
+++ b/meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch
@@ -0,0 +1,34 @@
+From f5b7267aed3665ef025c13823e454170d031c106 Mon Sep 17 00:00:00 2001
+From: Eric S. Raymond <esr@thyrsus.com>
+Date: Wed Mar 4 18:49:49 2026 -0500
+Subject: [PATCH] Avoid potentuial double-free on weird images.
+Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106]
+CVE: CVE-2026-23868
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gifalloc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+diff --git a/gifalloc.c b/gifalloc.c
+index 47c6539..cfb6e33 100644
+--- a/gifalloc.c
+++ b/gifalloc.c
+@@ -349,6 +349,14 @@ SavedImage *GifMakeSavedImage(GifFileType *GifFile,
+                         * aliasing problems.
+                         */
+ 
+                       /* Null out aliased pointers before any allocations
+                        * so that FreeLastSavedImage won't free CopyFrom's
+                        * data if an allocation fails partway through. */
+                       sp->ImageDesc.ColorMap = NULL;
+                       sp->RasterBits = NULL;
+                       sp->ExtensionBlocks = NULL;
+                       sp->ExtensionBlockCount = 0;
+
+                        /* first, the local color map */
+                        if (CopyFrom->ImageDesc.ColorMap != NULL) {
+                                sp->ImageDesc.ColorMap = GifMakeMapObject(
+-- 
+2.25.1
diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
index aa47f93095..8226e9b6c7 100644
--- a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
+++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
@@ -10,6 +10,7 @@ DEPENDS = "xmlto-native"
 SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \
           https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \
           file://0001-Makefile-fix-typo-in-soname-argument.patch \
+           file://CVE-2026-23868.patch \
 "
 SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9"
author	Vijay Anusuri <vanusuri@mvista.com>	2026-03-26 09:20:04 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2026-03-26 06:54:14 +0100
commit	b54d0fb888b8784afd99a0720a3efe8d4e35f02d (patch)
tree	08f12eba0a749736faf0e64b2ada2122d58cc3b6
parent	2fd8d7e4852ca25ca91b7bdb276b4d4ff8fc9527 (diff)
download	meta-openembedded-b54d0fb888b8784afd99a0720a3efe8d4e35f02d.tar.gz

diff --git a/meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch b/meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch new file mode 100644 index 0000000000..4243344d9e --- /dev/null +++ b/meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch
@@ -0,0 +1,34 @@
		1	From f5b7267aed3665ef025c13823e454170d031c106 Mon Sep 17 00:00:00 2001
		2	From: Eric S. Raymond <esr@thyrsus.com>
		3	Date: Wed Mar 4 18:49:49 2026 -0500
		4	Subject: [PATCH] Avoid potentuial double-free on weird images.
		5
		6	Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106]
		7	CVE: CVE-2026-23868
		8	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		9	---
		10	gifalloc.c \| 8 ++++++++
		11	1 file changed, 8 insertions(+)
		12
		13	diff --git a/gifalloc.c b/gifalloc.c
		14	index 47c6539..cfb6e33 100644
		15	--- a/gifalloc.c
		16	+++ b/gifalloc.c
		17	@@ -349,6 +349,14 @@ SavedImage GifMakeSavedImage(GifFileType GifFile,
		18	* aliasing problems.
		19	*/
		20
		21	+ /* Null out aliased pointers before any allocations
		22	+ * so that FreeLastSavedImage won't free CopyFrom's
		23	+ * data if an allocation fails partway through. */
		24	+ sp->ImageDesc.ColorMap = NULL;
		25	+ sp->RasterBits = NULL;
		26	+ sp->ExtensionBlocks = NULL;
		27	+ sp->ExtensionBlockCount = 0;
		28	+
		29	/* first, the local color map */
		30	if (CopyFrom->ImageDesc.ColorMap != NULL) {
		31	sp->ImageDesc.ColorMap = GifMakeMapObject(
		32	--
		33	2.25.1
		34


diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb index aa47f93095..8226e9b6c7 100644 --- a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb +++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb
@@ -10,6 +10,7 @@ DEPENDS = "xmlto-native"
10	SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \	10	SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \
11	https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \	11	https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \
12	file://0001-Makefile-fix-typo-in-soname-argument.patch \	12	file://0001-Makefile-fix-typo-in-soname-argument.patch \
		13	file://CVE-2026-23868.patch \
13	"	14	"
14		15
15	SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9"	16	SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9"