Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2026-02-10 21:10:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Tue Feb 10 21:10:29 2026 rev:139 rq:1331970 version:2.14.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2026-01-23 17:31:59.247275965 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.1670/libxml2.changes 2026-02-10 21:10:30.798762871 +0100 @@ -1,0 +2,16 @@ +Wed Feb 4 13:40:16 UTC 2026 - Petr Gajdos <[email protected]> + +- security update +- added patches + CVE-2026-1757 [bsc#1257593], memory leak in the `xmllint` interactive shell + * libxml2-CVE-2026-1757.patch + +------------------------------------------------------------------- +Wed Feb 4 09:39:12 UTC 2026 - Petr Gajdos <[email protected]> + +- security update +- added patches + CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT + * libxml2-CVE-2025-10911.patch + +------------------------------------------------------------------- New: ---- libxml2-CVE-2025-10911.patch libxml2-CVE-2026-1757.patch ----------(New B)---------- New: CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT * libxml2-CVE-2025-10911.patch New: CVE-2026-1757 [bsc#1257593], memory leak in the `xmllint` interactive shell * libxml2-CVE-2026-1757.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.8lUSqW/_old 2026-02-10 21:10:31.626797568 +0100 +++ /var/tmp/diff_new_pack.8lUSqW/_new 2026-02-10 21:10:31.630797736 +0100 @@ -1,6 +1,7 @@ # # spec file for package libxml2 # +# Copyright (c) 2026 SUSE LLC # Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -48,6 +49,10 @@ # PATCH-FIX-UPSTREAM libxml2-CVE-2026-0989.patch bsc#1256805 [email protected] # https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 Patch3: libxml2-CVE-2026-0989.patch +# CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT +Patch4: libxml2-CVE-2025-10911.patch +# CVE-2026-1757 [bsc#1257593], memory leak in the `xmllint` interactive shell +Patch5: libxml2-CVE-2026-1757.patch # BuildRequires: fdupes BuildRequires: pkgconfig ++++++ libxml2-CVE-2025-10911.patch ++++++ >From 0e50b31902cdb1eb242eb361c123e9e033b2af87 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <[email protected]> Date: Wed, 8 Oct 2025 09:18:51 +0200 Subject: [PATCH] Ignore next/prev of documents when traversing XPath See https://gitlab.gnome.org/GNOME/libxml2/-/issues/996 --- xpath.c | 66 ++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 17 deletions(-) Index: libxml2-2.14.5/xpath.c =================================================================== --- libxml2-2.14.5.orig/xpath.c +++ libxml2-2.14.5/xpath.c @@ -6814,12 +6814,18 @@ xmlNodePtr xmlXPathNextFollowingSibling(xmlXPathParserContextPtr ctxt, xmlNodePtr cur) { if ((ctxt == NULL) || (ctxt->context == NULL)) return(NULL); if ((ctxt->context->node->type == XML_ATTRIBUTE_NODE) || - (ctxt->context->node->type == XML_NAMESPACE_DECL)) - return(NULL); + (ctxt->context->node->type == XML_NAMESPACE_DECL)) + return(NULL); + if (cur == (xmlNodePtr) ctxt->context->doc) return(NULL); + if (cur == NULL) - return(ctxt->context->node->next); + cur = ctxt->context->node; + + if (cur->type == XML_DOCUMENT_NODE) + return(NULL); + return(cur->next); } @@ -6839,17 +6845,23 @@ xmlNodePtr xmlXPathNextPrecedingSibling(xmlXPathParserContextPtr ctxt, xmlNodePtr cur) { if ((ctxt == NULL) || (ctxt->context == NULL)) return(NULL); if ((ctxt->context->node->type == XML_ATTRIBUTE_NODE) || - (ctxt->context->node->type == XML_NAMESPACE_DECL)) - return(NULL); + (ctxt->context->node->type == XML_NAMESPACE_DECL)) + return(NULL); + if (cur == (xmlNodePtr) ctxt->context->doc) return(NULL); - if (cur == NULL) - return(ctxt->context->node->prev); - if ((cur->prev != NULL) && (cur->prev->type == XML_DTD_NODE)) { - cur = cur->prev; - if (cur == NULL) - return(ctxt->context->node->prev); + + if (cur == NULL) { + cur = ctxt->context->node; + } else if ((cur->prev != NULL) && (cur->prev->type == XML_DTD_NODE)) { + cur = cur->prev; + if (cur == NULL) + cur = ctxt->context->node; } + + if (cur->type == XML_DOCUMENT_NODE) + return(NULL); + return(cur->prev); } @@ -6886,14 +6898,27 @@ xmlXPathNextFollowing(xmlXPathParserCont cur = (xmlNodePtr) ns->next; } } - if (cur == NULL) return(NULL) ; /* ERROR */ - if (cur->next != NULL) return(cur->next) ; + + /* ERROR */ + if (cur == NULL) + return(NULL); + + if (cur->type == XML_DOCUMENT_NODE) + return(NULL); + + if (cur->next != NULL) + return(cur->next); + do { cur = cur->parent; - if (cur == NULL) break; - if (cur == (xmlNodePtr) ctxt->context->doc) return(NULL); - if (cur->next != NULL) return(cur->next); + if (cur == NULL) + break; + if (cur == (xmlNodePtr) ctxt->context->doc) + return(NULL); + if (cur->next != NULL && cur->type != XML_DOCUMENT_NODE) + return(cur->next); } while (cur != NULL); + return(cur); } @@ -7011,10 +7036,13 @@ xmlXPathNextPrecedingInternal(xmlXPathPa } ctxt->ancestor = cur->parent; } - if (cur->type == XML_NAMESPACE_DECL) + + if (cur->type == XML_NAMESPACE_DECL || cur->type == XML_DOCUMENT_NODE) return(NULL); + if ((cur->prev != NULL) && (cur->prev->type == XML_DTD_NODE)) cur = cur->prev; + while (cur->prev == NULL) { cur = cur->parent; if (cur == NULL) @@ -7025,6 +7053,10 @@ xmlXPathNextPrecedingInternal(xmlXPathPa return (cur); ctxt->ancestor = cur->parent; } + + if (cur->type == XML_DOCUMENT_NODE) + return(NULL); + cur = cur->prev; while (cur->last != NULL) cur = cur->last; ++++++ libxml2-CVE-2026-1757.patch ++++++ >From 160c8a43ba37dfb07ebe6446fbad9d0973d9279d Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <[email protected]> Date: Thu, 23 Oct 2025 07:41:19 +0200 Subject: [PATCH] shell: free cmdline before continue This patch frees the cmdline when it's not empty but it doesn't contain any actual character. If the cmdline is just whitespaces or \r and \n, the loop continues without freeing the cmdline string, so it's a leak. Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 --- shell.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) Index: libxml2-2.14.5/shell.c =================================================================== --- libxml2-2.14.5.orig/shell.c +++ libxml2-2.14.5/shell.c @@ -1176,8 +1176,11 @@ xmllintShell(xmlDocPtr doc, const char * command[i++] = *cur++; } command[i] = 0; - if (i == 0) + if (i == 0) { + free(cmdline); + cmdline = NULL; continue; + } /* * Parse the argument
