From: Roland Kovacs Date: Thu, 17 Jul 2025 11:44:13 +0000 (+0200) Subject: libxml2: fix CVE-2025-49795 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b144c3ef3ba1797d925ea44d9450a6ec0fe32047;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git libxml2: fix CVE-2025-49795 A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Signed-off-by: Roland Kovacs Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch new file mode 100644 index 0000000000..2e21a99b45 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch @@ -0,0 +1,92 @@ +From 19e0a3ed092085a4d6689397d4f08cf5d86267af Mon Sep 17 00:00:00 2001 +From: Michael Mann +Date: Sat, 21 Jun 2025 12:11:30 -0400 +Subject: [PATCH] Schematron: Fix null pointer dereference leading to DoS + +(CVE-2025-49795) + +Fixes #932 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667] +CVE: CVE-2025-49795 + +(cherry picked from commit c24909ba2601848825b49a60f988222da3019667) +Signed-off-by: Roland Kovacs +--- + result/schematron/zvon16_0 | 6 ++++++ + result/schematron/zvon16_0.err | 5 +++++ + schematron.c | 5 +++++ + test/schematron/zvon16.sct | 7 +++++++ + test/schematron/zvon16_0.xml | 5 +++++ + 5 files changed, 28 insertions(+) + create mode 100644 result/schematron/zvon16_0 + create mode 100644 result/schematron/zvon16_0.err + create mode 100644 test/schematron/zvon16.sct + create mode 100644 test/schematron/zvon16_0.xml + +diff --git a/result/schematron/zvon16_0 b/result/schematron/zvon16_0 +new file mode 100644 +index 00000000..768cf6f5 +--- /dev/null ++++ b/result/schematron/zvon16_0 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ Test Author ++ ++ +diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err +new file mode 100644 +index 00000000..a4fab4c8 +--- /dev/null ++++ b/result/schematron/zvon16_0.err +@@ -0,0 +1,5 @@ ++Pattern: TestPattern ++xmlXPathCompOpEval: function falae not found ++XPath error : Unregistered function ++/library/book line 2: Book ++./test/schematron/zvon16_0.xml fails to validate +diff --git a/schematron.c b/schematron.c +index a8259201..86c63e64 100644 +--- a/schematron.c ++++ b/schematron.c +@@ -1481,6 +1481,11 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt, + select = xmlGetNoNsProp(child, BAD_CAST "select"); + comp = xmlXPathCtxtCompile(ctxt->xctxt, select); + eval = xmlXPathCompiledEval(comp, ctxt->xctxt); ++ if (eval == NULL) { ++ xmlXPathFreeCompExpr(comp); ++ xmlFree(select); ++ return ret; ++ } + + switch (eval->type) { + case XPATH_NODESET: { +diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct +new file mode 100644 +index 00000000..f03848aa +--- /dev/null ++++ b/test/schematron/zvon16.sct +@@ -0,0 +1,7 @@ ++ ++ ++ ++ Book test ++ ++ ++ +diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml +new file mode 100644 +index 00000000..551e2d65 +--- /dev/null ++++ b/test/schematron/zvon16_0.xml +@@ -0,0 +1,5 @@ ++ ++ ++ Test Author ++ ++ +-- +2.34.1 + diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 488ace62e5..c289de6f73 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb @@ -22,6 +22,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://CVE-2025-32415.patch \ file://CVE-2025-6021.patch \ file://CVE-2025-49794-CVE-2025-49796.patch \ + file://CVE-2025-49795.patch \ " SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995"