diff --git a/giflib-5.2.1-cve-2026-23868.patch b/giflib-5.2.1-cve-2026-23868.patch new file mode 100644 index 0000000..3f27cf9 --- /dev/null +++ b/giflib-5.2.1-cve-2026-23868.patch @@ -0,0 +1,18 @@ +--- a/gifalloc.c ++++ b/gifalloc.c +@@ -349,6 +349,14 @@ + * problems. + */ + ++ /* Null out aliased pointers before any allocations ++ * so that FreeLastSavedImage won't free CopyFrom's ++ * data if an allocation fails partway through. */ ++ sp->ImageDesc.ColorMap = NULL; ++ sp->RasterBits = NULL; ++ sp->ExtensionBlocks = NULL; ++ sp->ExtensionBlockCount = 0; ++ + /* first, the local color map */ + if (CopyFrom->ImageDesc.ColorMap != NULL) { + sp->ImageDesc.ColorMap = GifMakeMapObject( + diff --git a/giflib.spec b/giflib.spec index 1aaf101..22dd705 100644 --- a/giflib.spec +++ b/giflib.spec @@ -1,7 +1,7 @@ Name: giflib Summary: A library and utilities for processing GIFs Version: 5.2.1 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT URL: http://www.sourceforge.net/projects/%{name}/ @@ -12,6 +12,9 @@ Patch0: giflib_quantize.patch Patch1: giflib_coverity.patch # Generate HTML docs with consistent section IDs to avoid multilib difference Patch2: giflib_html-docs-consistent-ids.patch +# from upstream, for <= 6.1.1, RHEL-154864 +# https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/ +Patch3: giflib-5.2.1-cve-2026-23868.patch BuildRequires: gcc BuildRequires: make @@ -47,6 +50,9 @@ format image files. %build %make_build CFLAGS="%{optflags} -fPIC" LDFLAGS="%{__global_ldflags}" +# remove extra index.html.in +rm doc/index.html.in + %install %make_install PREFIX="%{_prefix}" LIBDIR="%{_libdir}" @@ -74,6 +80,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a %changelog +* Tue Mar 24 2026 Michal Hlavinka - 5.2.1-10 +- fix CVE-2026-23868: double free in GifMakeSavedImage (RHEL-154864) + * Mon Aug 09 2021 Mohan Boddu - 5.2.1-9 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688