libxml2: patch CVE-2025-32415

Pick commit from 2.13 branch as 2.9 branch is unmaintained now. (From OE-Core rev: 7777cd6b28988a0981b990d9da9d448dcdfe7b8b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-04-27 18:34:47 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-05-02 08:12:41 -0700
commit: 4c33a6acfbd7cf83b1bcf144be331b9bc7143953 (patch)
tree: 269d1b467237b65c9dd03202d5ff8a24222529d8
parent: 2d34048266ba9c9b50f898360a8865fc6b055f48 (diff)
download: poky-4c33a6acfbd7cf83b1bcf144be331b9bc7143953.tar.gz
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
new file mode 100644
index 0000000000..4f39bb824b
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,39 @@
+From 384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 6 Apr 2025 12:41:11 +0200
+Subject: [PATCH] [CVE-2025-32415] schemas: Fix heap buffer overflow in
+ xmlSchemaIDCFillNodeTables
+Don't use local variable which could contain a stale value.
+Fixes #890.
+CVE: CVE-2025-32415
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ xmlschemas.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 28b14bd4..428e3c82 100644
+--- a/xmlschemas.c
+++ b/xmlschemas.c
+@@ -23607,7 +23607,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+                        j++;
+                    } while (j < nbDupls);
+                }
+-               if (nbNodeTable) {
+               if (bind->nbNodes) {
+                    j = 0;
+                    do {
+                        if (nbFields == 1) {
+@@ -23657,7 +23657,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 
+ next_node_table_entry:
+                        j++;
+-                   } while (j < nbNodeTable);
+                   } while (j < bind->nbNodes);
+                }
+                /*
+                * If everything is fine, then add the IDC target-node to
diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb
index e281a39fd4..bd6dd88dee 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.14.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -38,6 +38,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
           file://CVE-2024-56171.patch \
           file://CVE-2025-24928.patch \
           file://CVE-2025-32414.patch \
+           file://CVE-2025-32415.patch \
           "
 SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"
author	Peter Marko <peter.marko@siemens.com>	2025-04-27 18:34:47 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-05-02 08:12:41 -0700
commit	4c33a6acfbd7cf83b1bcf144be331b9bc7143953 (patch)
tree	269d1b467237b65c9dd03202d5ff8a24222529d8
parent	2d34048266ba9c9b50f898360a8865fc6b055f48 (diff)
download	poky-4c33a6acfbd7cf83b1bcf144be331b9bc7143953.tar.gz

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch new file mode 100644 index 0000000000..4f39bb824b --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,39 @@
		1	From 384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84 Mon Sep 17 00:00:00 2001
		2	From: Nick Wellnhofer <wellnhofer@aevum.de>
		3	Date: Sun, 6 Apr 2025 12:41:11 +0200
		4	Subject: [PATCH] [CVE-2025-32415] schemas: Fix heap buffer overflow in
		5	xmlSchemaIDCFillNodeTables
		6
		7	Don't use local variable which could contain a stale value.
		8
		9	Fixes #890.
		10
		11	CVE: CVE-2025-32415
		12	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84]
		13	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		14	---
		15	xmlschemas.c \| 4 ++--
		16	1 file changed, 2 insertions(+), 2 deletions(-)
		17
		18	diff --git a/xmlschemas.c b/xmlschemas.c
		19	index 28b14bd4..428e3c82 100644
		20	--- a/xmlschemas.c
		21	+++ b/xmlschemas.c
		22	@@ -23607,7 +23607,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
		23	j++;
		24	} while (j < nbDupls);
		25	}
		26	- if (nbNodeTable) {
		27	+ if (bind->nbNodes) {
		28	j = 0;
		29	do {
		30	if (nbFields == 1) {
		31	@@ -23657,7 +23657,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
		32
		33	next_node_table_entry:
		34	j++;
		35	- } while (j < nbNodeTable);
		36	+ } while (j < bind->nbNodes);
		37	}
		38	/*
		39	* If everything is fine, then add the IDC target-node to


diff --git a/meta/recipes-core/libxml/libxml2_2.9.14.bb b/meta/recipes-core/libxml/libxml2_2.9.14.bb index e281a39fd4..bd6dd88dee 100644 --- a/meta/recipes-core/libxml/libxml2_2.9.14.bb +++ b/meta/recipes-core/libxml/libxml2_2.9.14.bb
@@ -38,6 +38,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20080827.tar;subdir=${BP};name=testt
38	file://CVE-2024-56171.patch \	38	file://CVE-2024-56171.patch \
39	file://CVE-2025-24928.patch \	39	file://CVE-2025-24928.patch \
40	file://CVE-2025-32414.patch \	40	file://CVE-2025-32414.patch \
		41	file://CVE-2025-32415.patch \
41	"	42	"
42		43
43	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"	44	SRC_URI[archive.sha256sum] = "60d74a257d1ccec0475e749cba2f21559e48139efba6ff28224357c7c798dfee"