1 files changed, 38 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch
new file mode 100644
index 0000000000..31183399f8
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch
@@ -0,0 +1,38 @@
+From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 9 Nov 2020 17:55:44 +0100
+Subject: [PATCH] Avoid call stack overflow with XML reader and recursive
+ XIncludes
+Don't process XIncludes in the result of another inclusion to avoid
+infinite recursion resulting in a call stack overflow.
+This is something the XInclude engine shouldn't allow but correct
+handling of intra-document includes would require major changes.
+Found by OSS-Fuzz.
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508]
+CVE: CVE-2024-25062 #Dependency Patch
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xmlreader.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/xmlreader.c b/xmlreader.c
+index 01adf74f4..72e40b032 100644
+--- a/xmlreader.c
+++ b/xmlreader.c
+@@ -1585,7 +1585,8 @@ node_found:
+     /*
+      * Handle XInclude if asked for
+      */
+-    if ((reader->xinclude) && (reader->node != NULL) &&
+    if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->node != NULL) &&
+        (reader->node->type == XML_ELEMENT_NODE) &&
+        (reader->node->ns != NULL) &&
+        ((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||
+-- 
+GitLab

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch new file mode 100644 index 0000000000..31183399f8 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2024-25062-pre1.patch
@@ -0,0 +1,38 @@
	1	From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001
	2	From: Nick Wellnhofer <wellnhofer@aevum.de>
	3	Date: Mon, 9 Nov 2020 17:55:44 +0100
	4	Subject: [PATCH] Avoid call stack overflow with XML reader and recursive
	5	XIncludes
	6
	7	Don't process XIncludes in the result of another inclusion to avoid
	8	infinite recursion resulting in a call stack overflow.
	9
	10	This is something the XInclude engine shouldn't allow but correct
	11	handling of intra-document includes would require major changes.
	12
	13	Found by OSS-Fuzz.
	14
	15	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508]
	16	CVE: CVE-2024-25062 #Dependency Patch
	17	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
	18	---
	19	xmlreader.c \| 3 ++-
	20	1 file changed, 2 insertions(+), 1 deletion(-)
	21
	22	diff --git a/xmlreader.c b/xmlreader.c
	23	index 01adf74f4..72e40b032 100644
	24	--- a/xmlreader.c
	25	+++ b/xmlreader.c
	26	@@ -1585,7 +1585,8 @@ node_found:
	27	/*
	28	* Handle XInclude if asked for
	29	*/
	30	- if ((reader->xinclude) && (reader->node != NULL) &&
	31	+ if ((reader->xinclude) && (reader->in_xinclude == 0) &&
	32	+ (reader->node != NULL) &&
	33	(reader->node->type == XML_ELEMENT_NODE) &&
	34	(reader->node->ns != NULL) &&
	35	((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) \|\|
	36	--
	37	GitLab
	38