| Message ID | 20260406194141.3893319-2-skandigraun@gmail.com |
|---|---|
| State | Superseded, archived |
| Headers | show |
| Series | [meta-oe,whinlatter,1/2] giflib: Fix CVE-2026-23868 | expand |
typo in the commit message "gitlib" -> "giflib" On Tue, Apr 7, 2026 at 7:41 AM Gyorgy Sarvari via lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org> wrote: > > Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 > > Backport the commit that mentions this CVE ID explicitly > in its message. > > Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> > --- > .../giflib/giflib/CVE-2025-31344.patch | 28 +++++++++++++++++++ > .../recipes-devtools/giflib/giflib_5.2.2.bb | 3 +- > 2 files changed, 30 insertions(+), 1 deletion(-) > create mode 100644 meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch > > diff --git a/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch > new file mode 100644 > index 0000000000..8f52154955 > --- /dev/null > +++ b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch > @@ -0,0 +1,28 @@ > +From 949bf7ded2c23449439e2c3e1f63368cf7985800 Mon Sep 17 00:00:00 2001 > +From: "Eric S. Raymond" <esr@thyrsus.com> > +Date: Wed, 18 Feb 2026 18:06:50 -0500 > +Subject: [PATCH] Resolve SourceForge bug #187: CVE-2025-31344 > + > +CVE: CVE-2025-31344 > +Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af] > +Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> > +--- > + gif2rgb.c | 5 +++++ > + 1 file changed, 5 insertions(+) > + > +diff --git a/gif2rgb.c b/gif2rgb.c > +index d51226d..4ce2104 100644 > +--- a/gif2rgb.c > ++++ b/gif2rgb.c > +@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag, > + GifRow = ScreenBuffer[i]; > + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); > + for (j = 0; j < ScreenWidth; j++) { > ++ /* Check if color is within color palete */ > ++ if (GifRow[j] >= ColorMap->ColorCount) { > ++ GIF_EXIT(GifErrorString( > ++ D_GIF_ERR_IMAGE_DEFECT)); > ++ } > + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; > + Buffers[0][j] = ColorMapEntry->Red; > + Buffers[1][j] = ColorMapEntry->Green; > diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb > index 8226e9b6c7..c26f3cf160 100644 > --- a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb > +++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb > @@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \ > https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \ > file://0001-Makefile-fix-typo-in-soname-argument.patch \ > file://CVE-2026-23868.patch \ > -" > + file://CVE-2025-31344.patch \ > + " > > SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9" > SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#126066): https://lists.openembedded.org/g/openembedded-devel/message/126066 > Mute This Topic: https://lists.openembedded.org/mt/118696569/3619737 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch new file mode 100644 index 0000000000..8f52154955 --- /dev/null +++ b/meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch @@ -0,0 +1,28 @@ +From 949bf7ded2c23449439e2c3e1f63368cf7985800 Mon Sep 17 00:00:00 2001 +From: "Eric S. Raymond" <esr@thyrsus.com> +Date: Wed, 18 Feb 2026 18:06:50 -0500 +Subject: [PATCH] Resolve SourceForge bug #187: CVE-2025-31344 + +CVE: CVE-2025-31344 +Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af] +Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> +--- + gif2rgb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/gif2rgb.c b/gif2rgb.c +index d51226d..4ce2104 100644 +--- a/gif2rgb.c ++++ b/gif2rgb.c +@@ -329,6 +329,11 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag, + GifRow = ScreenBuffer[i]; + GifQprintf("\b\b\b\b%-4d", ScreenHeight - i); + for (j = 0; j < ScreenWidth; j++) { ++ /* Check if color is within color palete */ ++ if (GifRow[j] >= ColorMap->ColorCount) { ++ GIF_EXIT(GifErrorString( ++ D_GIF_ERR_IMAGE_DEFECT)); ++ } + ColorMapEntry = &ColorMap->Colors[GifRow[j]]; + Buffers[0][j] = ColorMapEntry->Red; + Buffers[1][j] = ColorMapEntry->Green; diff --git a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb index 8226e9b6c7..c26f3cf160 100644 --- a/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb +++ b/meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb @@ -11,7 +11,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \ https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \ file://0001-Makefile-fix-typo-in-soname-argument.patch \ file://CVE-2026-23868.patch \ -" + file://CVE-2025-31344.patch \ + " SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9" SRC_URI[sha256sum] = "be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb"
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 Backport the commit that mentions this CVE ID explicitly in its message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../giflib/giflib/CVE-2025-31344.patch | 28 +++++++++++++++++++ .../recipes-devtools/giflib/giflib_5.2.2.bb | 3 +- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-devtools/giflib/giflib/CVE-2025-31344.patch