Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxml2 for openSUSE:Factory checked in at 2026-02-17 16:35:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxml2 (Old) and /work/SRC/openSUSE:Factory/.libxml2.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxml2" Tue Feb 17 16:35:44 2026 rev:140 rq:1333305 version:2.14.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libxml2/libxml2.changes 2026-02-10 21:10:30.798762871 +0100 +++ /work/SRC/openSUSE:Factory/.libxml2.new.1977/libxml2.changes 2026-02-17 16:35:48.118467603 +0100 @@ -1,0 +2,14 @@ +Fri Feb 13 12:16:01 UTC 2026 - David Anes <[email protected]> + +- CVE-2026-0990: call stack overflow leading to application crash + due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811) + * Add patch libxml2-CVE-2026-0990.patch + +- CVE-2026-0992: excessive resource consumption when processing XML + catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812) + * Add patch libxml2-CVE-2026-0992.patch + +- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) + * Add patch libxml2-CVE-2025-8732.patch + +------------------------------------------------------------------- @@ -4,4 +18,2 @@ -- security update -- added patches - CVE-2026-1757 [bsc#1257593], memory leak in the `xmllint` interactive shell - * libxml2-CVE-2026-1757.patch +- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595) + * Add patch libxml2-CVE-2026-1757.patch @@ -12,4 +24,2 @@ -- security update -- added patches - CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT - * libxml2-CVE-2025-10911.patch +- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553) + * Add patch libxml2-CVE-2025-10911.patch @@ -20,4 +30,5 @@ -- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion - leading to application crash due to RelaxNG parser not limiting the - recursion depth when resolving `<include>` directives - CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 +- CVE-2026-0989: call stack exhaustion leading to application crash + due to RelaxNG parser not limiting the recursion depth when + resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810) + * Add patch libxml2-CVE-2026-0989.patch + * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 New: ---- libxml2-CVE-2025-8732.patch libxml2-CVE-2026-0990.patch libxml2-CVE-2026-0992.patch ----------(New B)---------- New:- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) * Add patch libxml2-CVE-2025-8732.patch New: due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811) * Add patch libxml2-CVE-2026-0990.patch New: catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812) * Add patch libxml2-CVE-2026-0992.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxml2.spec ++++++ --- /var/tmp/diff_new_pack.StjnGQ/_old 2026-02-17 16:35:49.674532621 +0100 +++ /var/tmp/diff_new_pack.StjnGQ/_new 2026-02-17 16:35:49.678532789 +0100 @@ -1,7 +1,6 @@ # # spec file for package libxml2 # -# Copyright (c) 2026 SUSE LLC # Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -46,13 +45,28 @@ Patch1: libxml2-python3-string-null-check.patch # CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr Patch2: libxml2-CVE-2025-7425.patch -# PATCH-FIX-UPSTREAM libxml2-CVE-2026-0989.patch bsc#1256805 [email protected] -# https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 -Patch3: libxml2-CVE-2026-0989.patch -# CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT -Patch4: libxml2-CVE-2025-10911.patch -# CVE-2026-1757 [bsc#1257593], memory leak in the `xmllint` interactive shell -Patch5: libxml2-CVE-2026-1757.patch +# CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850) +# - https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/337 +Patch3: libxml2-CVE-2025-8732.patch +# CVE-2026-0989: call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810) +# - https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 +Patch4: libxml2-CVE-2026-0989.patch +# CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553) +# - https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/345 +Patch5: libxml2-CVE-2025-10911.patch +# CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595) +# - https://gitlab.gnome.org/GNOME/libxml2/-/commit/160c8a43ba37dfb07ebe6446fbad9d0973d9279d +# - https://gitlab.gnome.org/GNOME/libxml2/-/issues/1009 +Patch6: libxml2-CVE-2026-1757.patch +# CVE-2026-0990: call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256806, bsc#1256807, bsc#1256811) +# - https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/368 +Patch7: libxml2-CVE-2026-0990.patch +# CVE-2026-0992: excessive resource consumption when processing XML catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812) +# - https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 +Patch8: libxml2-CVE-2026-0992.patch +# IMPORTANT NOTE: remove automake, libtool buildrequires (+ autoreconf in prep section) once CVE-2026-0992 patch is not needed anymore +BuildRequires: automake +BuildRequires: libtool # BuildRequires: fdupes BuildRequires: pkgconfig @@ -158,6 +172,7 @@ %prep %autosetup -p1 -n libxml2-%{version} +autoreconf -ifv # Required by patch for CVE-2026-0992 sed -i '1 s|/usr/bin/env python|/usr/bin/python3|' doc/apibuild.py %build ++++++ libxml2-CVE-2025-8732.patch ++++++ >From eae9291aa73907694dd3a4274d306e31217e746e Mon Sep 17 00:00:00 2001 From: Nathan <[email protected]> Date: Wed, 10 Sep 2025 18:11:50 +0300 Subject: [PATCH] fix: Prevent infinite recursion in xmlCatalogListXMLResolve --- catalog.c | 29 +++++++++++++++++++++-------- result/catalogs/recursive | 1 + test/catalogs/recursive.script | 0 test/catalogs/recursive.sgml | 1 + 4 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 result/catalogs/recursive create mode 100644 test/catalogs/recursive.script create mode 100644 test/catalogs/recursive.sgml Index: libxml2-2.14.5/catalog.c =================================================================== --- libxml2-2.14.5.orig/catalog.c +++ libxml2-2.14.5/catalog.c @@ -62,7 +62,7 @@ #endif static xmlChar *xmlCatalogNormalizePublic(const xmlChar *pubID); -static int xmlExpandCatalog(xmlCatalogPtr catal, const char *filename); +static int xmlExpandCatalog(xmlCatalogPtr catal, const char *filename, int depth); /************************************************************************ * * @@ -2275,6 +2275,7 @@ xmlGetSGMLCatalogEntryType(const xmlChar * @file: the filepath for the catalog * @super: should this be handled as a Super Catalog in which case * parsing is not recursive + * @depth: the current depth of the catalog * * Parse an SGML catalog content and fill up the @catal hash table with * the new entries found. @@ -2283,13 +2284,19 @@ xmlGetSGMLCatalogEntryType(const xmlChar */ static int xmlParseSGMLCatalog(xmlCatalogPtr catal, const xmlChar *value, - const char *file, int super) { + const char *file, int super, int depth) { const xmlChar *cur = value; xmlChar *base = NULL; int res; if ((cur == NULL) || (file == NULL)) return(-1); + + /* Check recursion depth */ + if (depth > MAX_CATAL_DEPTH) { + return(-1); + } + base = xmlStrdup((const xmlChar *) file); while ((cur != NULL) && (cur[0] != 0)) { @@ -2467,7 +2474,7 @@ xmlParseSGMLCatalog(xmlCatalogPtr catal, filename = xmlBuildURI(sysid, base); if (filename != NULL) { - xmlExpandCatalog(catal, (const char *)filename); + xmlExpandCatalog(catal, (const char *)filename, depth); xmlFree(filename); } } @@ -2617,7 +2624,7 @@ xmlLoadSGMLSuperCatalog(const char *file return(NULL); } - ret = xmlParseSGMLCatalog(catal, content, filename, 1); + ret = xmlParseSGMLCatalog(catal, content, filename, 1, 0); xmlFree(content); if (ret < 0) { xmlFreeCatalog(catal); @@ -2663,7 +2670,7 @@ xmlLoadACatalog(const char *filename) xmlFree(content); return(NULL); } - ret = xmlParseSGMLCatalog(catal, content, filename, 0); + ret = xmlParseSGMLCatalog(catal, content, filename, 0, 0); if (ret < 0) { xmlFreeCatalog(catal); xmlFree(content); @@ -2686,6 +2693,7 @@ xmlLoadACatalog(const char *filename) * xmlExpandCatalog: * @catal: a catalog * @filename: a file path + * @depth: the current depth of the catalog * * Load the catalog and expand the existing catal structure. * This can be either an XML Catalog or an SGML Catalog @@ -2693,13 +2701,17 @@ xmlLoadACatalog(const char *filename) * Returns 0 in case of success, -1 in case of error */ static int -xmlExpandCatalog(xmlCatalogPtr catal, const char *filename) +xmlExpandCatalog(xmlCatalogPtr catal, const char *filename, int depth) { int ret; if ((catal == NULL) || (filename == NULL)) return(-1); + /* Check recursion depth */ + if (depth > MAX_CATAL_DEPTH) { + return(-1); + } if (catal->type == XML_SGML_CATALOG_TYPE) { xmlChar *content; @@ -2708,7 +2720,7 @@ xmlExpandCatalog(xmlCatalogPtr catal, co if (content == NULL) return(-1); - ret = xmlParseSGMLCatalog(catal, content, filename, 0); + ret = xmlParseSGMLCatalog(catal, content, filename, 0, depth + 1); if (ret < 0) { xmlFree(content); return(-1); @@ -3142,7 +3154,7 @@ xmlLoadCatalog(const char *filename) return(0); } - ret = xmlExpandCatalog(xmlDefaultCatalog, filename); + ret = xmlExpandCatalog(xmlDefaultCatalog, filename, 0); xmlRMutexUnlock(&xmlCatalogMutex); return(ret); } Index: libxml2-2.14.5/result/catalogs/recursive =================================================================== --- /dev/null +++ libxml2-2.14.5/result/catalogs/recursive @@ -0,0 +1 @@ +> \ No newline at end of file Index: libxml2-2.14.5/test/catalogs/recursive.sgml =================================================================== --- /dev/null +++ libxml2-2.14.5/test/catalogs/recursive.sgml @@ -0,0 +1 @@ +CATALOG recursive.sgml ++++++ libxml2-CVE-2026-0990.patch ++++++ >From 1961208e958ca22f80a0b4e4c9d71cfa050aa982 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <[email protected]> Date: Wed, 17 Dec 2025 15:24:08 +0100 Subject: [PATCH 1/2] catalog: prevent inf recursion in xmlCatalogXMLResolveURI Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 --- catalog.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/catalog.c b/catalog.c index 76c063a8b..46b877e62 100644 --- a/catalog.c +++ b/catalog.c @@ -2025,12 +2025,21 @@ static xmlChar * xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { xmlChar *ret = NULL; xmlChar *urnID = NULL; + xmlCatalogEntryPtr cur = NULL; if (catal == NULL) return(NULL); if (URI == NULL) return(NULL); + if (catal->depth > MAX_CATAL_DEPTH) { + xmlCatalogErr(catal, NULL, XML_CATALOG_RECURSION, + "Detected recursion in catalog %s\n", + catal->name, NULL, NULL); + return(NULL); + } + catal->depth++; + if (!xmlStrncmp(URI, BAD_CAST XML_URN_PUBID, sizeof(XML_URN_PUBID) - 1)) { urnID = xmlCatalogUnWrapURN(URI); if (xmlDebugCatalogs) { @@ -2044,21 +2053,27 @@ xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { ret = xmlCatalogListXMLResolve(catal, urnID, NULL); if (urnID != NULL) xmlFree(urnID); + catal->depth--; return(ret); } - while (catal != NULL) { - if (catal->type == XML_CATA_CATALOG) { - if (catal->children == NULL) { - xmlFetchXMLCatalogFile(catal); + cur = catal; + while (cur != NULL) { + if (cur->type == XML_CATA_CATALOG) { + if (cur->children == NULL) { + xmlFetchXMLCatalogFile(cur); } - if (catal->children != NULL) { - ret = xmlCatalogXMLResolveURI(catal->children, URI); - if (ret != NULL) + if (cur->children != NULL) { + ret = xmlCatalogXMLResolveURI(cur->children, URI); + if (ret != NULL) { + catal->depth--; return(ret); + } } } - catal = catal->next; + cur = cur->next; } + + catal->depth--; return(ret); } -- GitLab >From f75abfcaa419a740a3191e56c60400f3ff18988d Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <[email protected]> Date: Fri, 19 Dec 2025 11:02:18 +0100 Subject: [PATCH 2/2] catalog: Ignore repeated nextCatalog entries This patch makes the catalog parsing to ignore repeated entries of nextCatalog with the same value. Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 --- catalog.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/catalog.c b/catalog.c index 46b877e62..fa6d77ca1 100644 --- a/catalog.c +++ b/catalog.c @@ -1223,9 +1223,27 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer, BAD_CAST "delegateURI", BAD_CAST "uriStartString", BAD_CAST "catalog", prefer, cgroup); } else if (xmlStrEqual(cur->name, BAD_CAST "nextCatalog")) { + xmlCatalogEntryPtr prev = parent->children; + entry = xmlParseXMLCatalogOneNode(cur, XML_CATA_NEXT_CATALOG, BAD_CAST "nextCatalog", NULL, BAD_CAST "catalog", prefer, cgroup); + /* Avoid duplication of nextCatalog */ + while (prev != NULL) { + if ((prev->type == XML_CATA_NEXT_CATALOG) && + (xmlStrEqual (prev->URL, entry->URL)) && + (xmlStrEqual (prev->value, entry->value)) && + (prev->prefer == entry->prefer) && + (prev->group == entry->group)) { + if (xmlDebugCatalogs) + xmlCatalogPrintDebug( + "Ignoring repeated nextCatalog %s\n", entry->URL); + xmlFreeCatalogEntry(entry, NULL); + entry = NULL; + break; + } + prev = prev->next; + } } if (entry != NULL) { if (parent != NULL) { -- GitLab ++++++ libxml2-CVE-2026-0992.patch ++++++ >From f8399e62a31095bf1ced01827c33f9b29494046f Mon Sep 17 00:00:00 2001 From: Daniel Garcia Moreno <[email protected]> Date: Fri, 19 Dec 2025 12:27:54 +0100 Subject: [PATCH 1/2] testcatalog: Add new tests for catalog.c Adds a new test program to run specific tests related to catalog parsing. This initial version includes a couple of tests, the first one to check the infinite recursion detection related to: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018. The second one tests the nextCatalog element repeated parsing, related to: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040 --- CMakeLists.txt | 2 + Makefile.am | 6 ++ catalog.c | 63 +++++++++++----- include/libxml/catalog.h | 2 + meson.build | 1 + test/catalogs/catalog-recursive.xml | 3 + test/catalogs/repeated-next-catalog.xml | 10 +++ testcatalog.c | 96 +++++++++++++++++++++++++ 8 files changed, 164 insertions(+), 19 deletions(-) create mode 100644 test/catalogs/catalog-recursive.xml create mode 100644 test/catalogs/repeated-next-catalog.xml create mode 100644 testcatalog.c Index: libxml2-2.14.5/CMakeLists.txt =================================================================== --- libxml2-2.14.5.orig/CMakeLists.txt +++ libxml2-2.14.5/CMakeLists.txt @@ -488,6 +488,7 @@ if(LIBXML2_WITH_TESTS) runxmlconf runsuite testapi + testcatalog testchar testdict testModule @@ -512,6 +513,7 @@ if(LIBXML2_WITH_TESTS) if(NOT WIN32) add_test(NAME testapi COMMAND testapi) endif() + add_test(NAME testcatalog COMMAND testcatalog) add_test(NAME testchar COMMAND testchar) add_test(NAME testdict COMMAND testdict) add_test(NAME testparser COMMAND testparser WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) Index: libxml2-2.14.5/Makefile.am =================================================================== --- libxml2-2.14.5.orig/Makefile.am +++ libxml2-2.14.5/Makefile.am @@ -20,6 +20,7 @@ check_PROGRAMS = \ runxmlconf \ testModule \ testapi \ + testcatalog \ testchar \ testdict \ testlimits \ @@ -120,6 +121,10 @@ testlimits_SOURCES=testlimits.c testlimits_DEPENDENCIES = $(DEPS) testlimits_LDADD= $(LDADDS) +testcatalog_SOURCES=testcatalog.c +testcatalog_DEPENDENCIES = $(DEPS) +testcatalog_LDADD= $(LDADDS) + testchar_SOURCES=testchar.c testchar_DEPENDENCIES = $(DEPS) testchar_LDADD= $(LDADDS) @@ -169,6 +174,7 @@ check-local: $(CHECKER) ./runtest$(EXEEXT) $(CHECKER) ./testrecurse$(EXEEXT) $(CHECKER) ./testapi$(EXEEXT) + $(CHECKER) ./testcatalog$(EXEEXT) $(CHECKER) ./testchar$(EXEEXT) $(CHECKER) ./testdict$(EXEEXT) $(CHECKER) ./testparser$(EXEEXT) Index: libxml2-2.14.5/catalog.c =================================================================== --- libxml2-2.14.5.orig/catalog.c +++ libxml2-2.14.5/catalog.c @@ -637,43 +637,54 @@ static void xmlDumpXMLCatalogNode(xmlCat } } -static int -xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) { - int ret; - xmlDocPtr doc; +static xmlDocPtr +xmlDumpXMLCatalogToDoc(xmlCatalogEntryPtr catal) { xmlNsPtr ns; xmlDtdPtr dtd; xmlNodePtr catalog; - xmlOutputBufferPtr buf; + xmlDocPtr doc = xmlNewDoc(NULL); + if (doc == NULL) { + return(NULL); + } - /* - * Rebuild a catalog - */ - doc = xmlNewDoc(NULL); - if (doc == NULL) - return(-1); dtd = xmlNewDtd(doc, BAD_CAST "catalog", - BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN", -BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"); + BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN", + BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"); xmlAddChild((xmlNodePtr) doc, (xmlNodePtr) dtd); ns = xmlNewNs(NULL, XML_CATALOGS_NAMESPACE, NULL); if (ns == NULL) { - xmlFreeDoc(doc); - return(-1); + xmlFreeDoc(doc); + return(NULL); } catalog = xmlNewDocNode(doc, ns, BAD_CAST "catalog", NULL); if (catalog == NULL) { - xmlFreeNs(ns); - xmlFreeDoc(doc); - return(-1); + xmlFreeDoc(doc); + xmlFreeNs(ns); + return(NULL); } catalog->nsDef = ns; xmlAddChild((xmlNodePtr) doc, catalog); - xmlDumpXMLCatalogNode(catal, catalog, doc, ns, NULL); + return(doc); +} + +static int +xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) { + int ret; + xmlDocPtr doc; + xmlOutputBufferPtr buf; + + /* + * Rebuild a catalog + */ + doc = xmlDumpXMLCatalogToDoc(catal); + if (doc == NULL) { + return(-1); + } + /* * reserialize it */ @@ -1236,7 +1247,6 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, x while (prev != NULL) { if ((prev->type == XML_CATA_NEXT_CATALOG) && (xmlStrEqual (prev->URL, entry->URL)) && - (xmlStrEqual (prev->value, entry->value)) && (prev->prefer == entry->prefer) && (prev->group == entry->group)) { if (xmlDebugCatalogs) @@ -3369,6 +3379,20 @@ xmlCatalogDump(FILE *out) { xmlACatalogDump(xmlDefaultCatalog, out); } + +/** + * Dump all the global catalog content as a xmlDoc + * This function is just for testing/debugging purposes + * + * @returns The catalog as xmlDoc or NULL if failed, it must be freed by the caller. + */ +xmlDocPtr +xmlCatalogDumpDoc(void) { + if (!xmlCatalogInitialized) + xmlInitializeCatalog(); + + return xmlDumpXMLCatalogToDoc(xmlDefaultCatalog->xml); +} #endif /* LIBXML_OUTPUT_ENABLED */ /** Index: libxml2-2.14.5/include/libxml/catalog.h =================================================================== --- libxml2-2.14.5.orig/include/libxml/catalog.h +++ libxml2-2.14.5/include/libxml/catalog.h @@ -119,6 +119,8 @@ XMLPUBFUN void #ifdef LIBXML_OUTPUT_ENABLED XMLPUBFUN void xmlCatalogDump (FILE *out); +XMLPUBFUN xmlDocPtr + xmlCatalogDumpDoc (void); #endif /* LIBXML_OUTPUT_ENABLED */ XMLPUBFUN xmlChar * xmlCatalogResolve (const xmlChar *pubID, Index: libxml2-2.14.5/meson.build =================================================================== --- libxml2-2.14.5.orig/meson.build +++ libxml2-2.14.5/meson.build @@ -539,6 +539,7 @@ checks = { # Disabled for now, see #694 # 'testModule': [], 'testapi': [], + 'testcatalog': [], 'testchar': [], 'testdict': [], 'testlimits': [], Index: libxml2-2.14.5/test/catalogs/catalog-recursive.xml =================================================================== --- /dev/null +++ libxml2-2.14.5/test/catalogs/catalog-recursive.xml @@ -0,0 +1,3 @@ +<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"> + <delegateURI uriStartString="/foo" catalog="catalog-recursive.xml"/> +</catalog> Index: libxml2-2.14.5/test/catalogs/repeated-next-catalog.xml =================================================================== --- /dev/null +++ libxml2-2.14.5/test/catalogs/repeated-next-catalog.xml @@ -0,0 +1,10 @@ +<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"> + <nextCatalog catalog="registry.xml"/> + <nextCatalog catalog="registry.xml"/> + <nextCatalog catalog="./registry.xml"/> + <nextCatalog catalog="././registry.xml"/> + <nextCatalog catalog="./././registry.xml"/> + <nextCatalog catalog="./../catalogs/registry.xml"/> + <nextCatalog catalog="./../catalogs/./registry.xml"/> +</catalog> + Index: libxml2-2.14.5/testcatalog.c =================================================================== --- /dev/null +++ libxml2-2.14.5/testcatalog.c @@ -0,0 +1,96 @@ +/* + * testcatalog.c: C program to run libxml2 catalog.c unit tests + * + * To compile on Unixes: + * cc -o testcatalog `xml2-config --cflags` testcatalog.c `xml2-config --libs` -lpthread + * + * See Copyright for the status of this software. + * + * Author: Daniel Garcia <[email protected]> + */ + + +#include "libxml.h" +#include <stdio.h> + +#ifdef LIBXML_CATALOG_ENABLED +#include <libxml/catalog.h> + +/* Test catalog resolve uri with recursive catalog */ +static int +testRecursiveDelegateUri(void) { + int ret = 0; + const char *cat = "test/catalogs/catalog-recursive.xml"; + const char *entity = "/foo.ent"; + xmlChar *resolved = NULL; + + xmlInitParser(); + xmlLoadCatalog(cat); + + /* This should trigger recursive error */ + resolved = xmlCatalogResolveURI(BAD_CAST entity); + if (resolved != NULL) { + fprintf(stderr, "CATALOG-FAILURE: Catalog %s entity should fail to resolve\n", entity); + ret = 1; + } + xmlCatalogCleanup(); + + return ret; +} + +/* Test parsing repeated NextCatalog */ +static int +testRepeatedNextCatalog(void) { + int ret = 0; + int i = 0; + const char *cat = "test/catalogs/repeated-next-catalog.xml"; + const char *entity = "/foo.ent"; + xmlDocPtr doc = NULL; + xmlNodePtr node = NULL; + + xmlInitParser(); + + xmlLoadCatalog(cat); + /* To force the complete recursive load */ + xmlCatalogResolveURI(BAD_CAST entity); + /** + * Ensure that the doc doesn't contain the same nextCatalog + */ + doc = xmlCatalogDumpDoc(); + xmlCatalogCleanup(); + + if (doc == NULL) { + fprintf(stderr, "CATALOG-FAILURE: Failed to dump the catalog\n"); + return 1; + } + + /* Just the root "catalog" node with a series of nextCatalog */ + node = xmlDocGetRootElement(doc); + node = node->children; + for (i=0; node != NULL; node=node->next, i++) {} + if (i > 1) { + fprintf(stderr, "CATALOG-FAILURE: Found %d nextCatalog entries and should be 1\n", i); + ret = 1; + } + + xmlFreeDoc(doc); + + return ret; +} + +int +main(void) { + int err = 0; + + err |= testRecursiveDelegateUri(); + err |= testRepeatedNextCatalog(); + + return err; +} +#else +/* No catalog, so everything okay */ +int +main(void) { + return 0; +} +#endif Index: libxml2-2.14.5/configure.ac =================================================================== --- libxml2-2.14.5.orig/configure.ac +++ libxml2-2.14.5/configure.ac @@ -41,7 +41,7 @@ AC_SUBST(LIBXML_VERSION_INFO) AC_SUBST(LIBXML_VERSION_NUMBER) AC_SUBST(LIBXML_VERSION_EXTRA) -AM_INIT_AUTOMAKE([1.16.3 foreign subdir-objects no-dist-gzip dist-xz]) +AM_INIT_AUTOMAKE([1.15.1 foreign subdir-objects no-dist-gzip dist-xz]) AM_MAINTAINER_MODE([enable]) AM_SILENT_RULES([yes]) ++++++ libxml2-CVE-2026-1757.patch ++++++ --- /var/tmp/diff_new_pack.StjnGQ/_old 2026-02-17 16:35:49.826538973 +0100 +++ /var/tmp/diff_new_pack.StjnGQ/_new 2026-02-17 16:35:49.834539307 +0100 @@ -14,11 +14,11 @@ shell.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -Index: libxml2-2.14.5/shell.c -=================================================================== ---- libxml2-2.14.5.orig/shell.c -+++ libxml2-2.14.5/shell.c -@@ -1176,8 +1176,11 @@ xmllintShell(xmlDocPtr doc, const char * +diff --git a/shell.c b/shell.c +index 43024b089..67f61c307 100644 +--- a/shell.c ++++ b/shell.c +@@ -1138,8 +1138,11 @@ xmllintShell(xmlDoc *doc, const char *filename, FILE * output) command[i++] = *cur++; } command[i] = 0; @@ -31,4 +31,7 @@ /* * Parse the argument +-- +GitLab +
