Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package giflib for openSUSE:Factory checked in at 2026-03-12 22:20:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/giflib (Old) and /work/SRC/openSUSE:Factory/.giflib.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "giflib" Thu Mar 12 22:20:39 2026 rev:45 rq:1338303 version:5.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/giflib/giflib.changes 2025-04-09 21:49:57.833343973 +0200 +++ /work/SRC/openSUSE:Factory/.giflib.new.8177/giflib.changes 2026-03-12 22:22:12.654120468 +0100 @@ -1,0 +2,8 @@ +Wed Mar 11 12:28:48 UTC 2026 - Fridrich Strba <[email protected]> + +- Added patch: + * 0001-Avoid-potentuial-double-free-on-weird-images.patch + + fixing bsc#1259502 (CVE-2026-23868): double-free result of a + shallow copy can lead to memory corruption + +------------------------------------------------------------------- New: ---- 0001-Avoid-potentuial-double-free-on-weird-images.patch ----------(New B)---------- New:- Added patch: * 0001-Avoid-potentuial-double-free-on-weird-images.patch + fixing bsc#1259502 (CVE-2026-23868): double-free result of a ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ giflib.spec ++++++ --- /var/tmp/diff_new_pack.MlD3sw/_old 2026-03-12 22:22:13.290146781 +0100 +++ /var/tmp/diff_new_pack.MlD3sw/_new 2026-03-12 22:22:13.294146947 +0100 @@ -1,7 +1,7 @@ # # spec file for package giflib # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,6 +31,7 @@ Patch2: reproducible.patch Patch3: 0001-Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch Patch4: giflib-bsc1240416.patch +Patch5: 0001-Avoid-potentuial-double-free-on-weird-images.patch BuildRequires: fdupes BuildRequires: libtool >= 2 ++++++ 0001-Avoid-potentuial-double-free-on-weird-images.patch ++++++ >From badbb40d7c1125a15b8908a800bb3642c6086e15 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" <[email protected]> Date: Wed, 4 Mar 2026 18:49:49 -0500 Subject: [PATCH] Avoid potentuial double-free on weird images. --- gifalloc.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gifalloc.c b/gifalloc.c index 47c6539..479c6c5 100644 --- a/gifalloc.c +++ b/gifalloc.c @@ -349,6 +349,14 @@ SavedImage *GifMakeSavedImage(GifFileType *GifFile, * aliasing problems. */ + /* Null out aliased pointers before any allocations + * so that FreeLastSavedImage won't free CopyFrom's + * data if an allocation fails partway through. */ + sp->ImageDesc.ColorMap = NULL; + sp->RasterBits = NULL; + sp->ExtensionBlocks = NULL; + sp->ExtensionBlockCount = 0; + /* first, the local color map */ if (CopyFrom->ImageDesc.ColorMap != NULL) { sp->ImageDesc.ColorMap = GifMakeMapObject( -- 2.53.0
