giflib: Fix CVE-2026-23868

Pick patch according to [1]

[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-oe/recipes-devtools/giflib/giflib/CVE-2026-23868.patch

@@ -0,0 +1,34 @@
+From f5b7267aed3665ef025c13823e454170d031c106 Mon Sep 17 00:00:00 2001
+From: Eric S. Raymond <esr@thyrsus.com>
+Date: Wed Mar 4 18:49:49 2026 -0500
+Subject: [PATCH] Avoid potentuial double-free on weird images.
+
+Upstream-Status: Backport [https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106]
+CVE: CVE-2026-23868
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ gifalloc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/gifalloc.c b/gifalloc.c
+index 47c6539..cfb6e33 100644
+--- a/gifalloc.c
++++ b/gifalloc.c
+@@ -349,6 +349,14 @@ SavedImage *GifMakeSavedImage(GifFileType *GifFile,
+ 			 * aliasing problems.
+ 			 */
+ 
++			/* Null out aliased pointers before any allocations
++			 * so that FreeLastSavedImage won't free CopyFrom's
++			 * data if an allocation fails partway through. */
++			sp->ImageDesc.ColorMap = NULL;
++			sp->RasterBits = NULL;
++			sp->ExtensionBlocks = NULL;
++			sp->ExtensionBlockCount = 0;
++
+ 			/* first, the local color map */
+ 			if (CopyFrom->ImageDesc.ColorMap != NULL) {
+ 				sp->ImageDesc.ColorMap = GifMakeMapObject(
+-- 
+2.25.1
+

meta-oe/recipes-devtools/giflib/giflib_5.2.2.bb

@@ -10,6 +10,7 @@ DEPENDS = "xmlto-native"
 SRC_URI = "${SOURCEFORGE_MIRROR}/giflib/${BP}.tar.gz \
            https://sourceforge.net/p/giflib/code/ci/d54b45b0240d455bbaedee4be5203d2703e59967/tree/doc/giflib-logo.gif?format=raw;subdir=${BP}/doc;name=logo;downloadfilename=giflib-logo.gif \
            file://0001-Makefile-fix-typo-in-soname-argument.patch \
+           file://CVE-2026-23868.patch \
 "
 
 SRC_URI[logo.sha256sum] = "1a54383986adad1521d00e003b4c482c27e8bc60690be944a1f3319c75abc2c9"