2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
new file mode 100644
index 0000000000..d8ff654a23
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,39 @@
+From 384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Sun, 6 Apr 2025 12:41:11 +0200
+Subject: [PATCH] [CVE-2025-32415] schemas: Fix heap buffer overflow in
+ xmlSchemaIDCFillNodeTables
+Don't use local variable which could contain a stale value.
+Fixes #890.
+CVE: CVE-2025-32415
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ xmlschemas.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/xmlschemas.c b/xmlschemas.c
+index 28b14bd4..428e3c82 100644
+--- a/xmlschemas.c
+++ b/xmlschemas.c
+@@ -23324,7 +23324,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+                        j++;
+                    } while (j < nbDupls);
+                }
+-               if (nbNodeTable) {
+               if (bind->nbNodes) {
+                    j = 0;
+                    do {
+                        if (nbFields == 1) {
+@@ -23375,7 +23375,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 
+ next_node_table_entry:
+                        j++;
+-                   } while (j < nbNodeTable);
+                   } while (j < bind->nbNodes);
+                }
+                /*
+                * If everything is fine, then add the IDC target-node to
diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb
index 42672e35bd..2eea65732b 100644
--- a/meta/recipes-core/libxml/libxml2_2.12.10.bb
+++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb
@@ -19,6 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
           file://run-ptest \
           file://install-tests.patch \
           file://CVE-2025-32414.patch \
+           file://CVE-2025-32415.patch \
           "
 SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch new file mode 100644 index 0000000000..d8ff654a23 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch
@@ -0,0 +1,39 @@
		1	From 384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84 Mon Sep 17 00:00:00 2001
		2	From: Nick Wellnhofer <wellnhofer@aevum.de>
		3	Date: Sun, 6 Apr 2025 12:41:11 +0200
		4	Subject: [PATCH] [CVE-2025-32415] schemas: Fix heap buffer overflow in
		5	xmlSchemaIDCFillNodeTables
		6
		7	Don't use local variable which could contain a stale value.
		8
		9	Fixes #890.
		10
		11	CVE: CVE-2025-32415
		12	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84]
		13	Signed-off-by: Peter Marko <peter.marko@siemens.com>
		14	---
		15	xmlschemas.c \| 4 ++--
		16	1 file changed, 2 insertions(+), 2 deletions(-)
		17
		18	diff --git a/xmlschemas.c b/xmlschemas.c
		19	index 28b14bd4..428e3c82 100644
		20	--- a/xmlschemas.c
		21	+++ b/xmlschemas.c
		22	@@ -23324,7 +23324,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
		23	j++;
		24	} while (j < nbDupls);
		25	}
		26	- if (nbNodeTable) {
		27	+ if (bind->nbNodes) {
		28	j = 0;
		29	do {
		30	if (nbFields == 1) {
		31	@@ -23375,7 +23375,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
		32
		33	next_node_table_entry:
		34	j++;
		35	- } while (j < nbNodeTable);
		36	+ } while (j < bind->nbNodes);
		37	}
		38	/*
		39	* If everything is fine, then add the IDC target-node to


diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 42672e35bd..2eea65732b 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb
@@ -19,6 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
19	file://run-ptest \	19	file://run-ptest \
20	file://install-tests.patch \	20	file://install-tests.patch \
21	file://CVE-2025-32414.patch \	21	file://CVE-2025-32414.patch \
		22	file://CVE-2025-32415.patch \
22	"	23	"
23		24
24	SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"	25	SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"