Re: [OE-core][whinlatter][PATCH 3/3] libxml2: patch CVE-2026-0992

Yoann Congal via lists.openembedded.org Thu, 29 Jan 2026 08:38:33 -0800

Le jeu. 29 janv. 2026 à 17:32, Marko, Peter <[email protected]> a
écrit :


> Thanks for finding that issue.
>
> I’ll add pick additional commit during next days.
>
>
>
> Since on master this was already merged, should I keep it as two commits
> also for stable branches?
>

I'm fine taking a single commit on the stable branch as long as the
followup is merged on master.

Thanks!


>
>
> Peter
>
>
>
> *From:* Yoann Congal <[email protected]>
> *Sent:* Thursday, January 29, 2026 10:39
> *To:* Marko, Peter (FT D EU SK BFS1) <[email protected]>
> *Cc:* [email protected]
> *Subject:* Re: [OE-core][whinlatter][PATCH 3/3] libxml2: patch
> CVE-2026-0992
>
>
>
>
>
>
>
> Le dim. 25 janv. 2026 à 19:41, Peter Marko via lists.openembedded.org
> <[email protected]> a écrit :
>
> From: Peter Marko <[email protected]>
>
> Pick patch which closed [1].
>
> [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
>
>
>
> Hello,
>
>
>
> Did you see
>
> Fix for CVE-2026-0992 is incomplete (#1040) · Issue · GNOME/libxml2
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040
>
> ... and the fixing commit:
>
> catalog: Do not check value for duplication nextCatalog (deed3b78) ·
> Commits · GNOME / libxml2 · GitLab
>
> https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522
>
> ?
>
>
>
> Signed-off-by: Peter Marko <[email protected]>
> ---
>  .../libxml/libxml2/CVE-2026-0992.patch        | 49 +++++++++++++++++++
>  meta/recipes-core/libxml/libxml2_2.14.6.bb    |  1 +
>  2 files changed, 50 insertions(+)
>  create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch
>
> diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch
> b/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch
> new file mode 100644
> index 0000000000..ad23498a4c
> --- /dev/null
> +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch
> @@ -0,0 +1,49 @@
> +From f75abfcaa419a740a3191e56c60400f3ff18988d Mon Sep 17 00:00:00 2001
> +From: Daniel Garcia Moreno <[email protected]>
> +Date: Fri, 19 Dec 2025 11:02:18 +0100
> +Subject: [PATCH] catalog: Ignore repeated nextCatalog entries
> +
> +This patch makes the catalog parsing to ignore repeated entries of
> +nextCatalog with the same value.
> +
> +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
> +
> +CVE: CVE-2026-0992
> +Upstream-Status: Backport [
> https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
> ]
> +Signed-off-by: Peter Marko <[email protected]>
> +---
> + catalog.c | 18 ++++++++++++++++++
> + 1 file changed, 18 insertions(+)
> +
> +diff --git a/catalog.c b/catalog.c
> +index 46b877e6..fa6d77ca 100644
> +--- a/catalog.c
> ++++ b/catalog.c
> +@@ -1227,9 +1227,27 @@ xmlParseXMLCatalogNode(xmlNodePtr cur,
> xmlCatalogPrefer prefer,
> +               BAD_CAST "delegateURI", BAD_CAST "uriStartString",
> +               BAD_CAST "catalog", prefer, cgroup);
> +     } else if (xmlStrEqual(cur->name, BAD_CAST "nextCatalog")) {
> ++      xmlCatalogEntryPtr prev = parent->children;
> ++
> +       entry = xmlParseXMLCatalogOneNode(cur, XML_CATA_NEXT_CATALOG,
> +               BAD_CAST "nextCatalog", NULL,
> +               BAD_CAST "catalog", prefer, cgroup);
> ++      /* Avoid duplication of nextCatalog */
> ++      while (prev != NULL) {
> ++          if ((prev->type == XML_CATA_NEXT_CATALOG) &&
> ++              (xmlStrEqual (prev->URL, entry->URL)) &&
> ++              (xmlStrEqual (prev->value, entry->value)) &&
> ++              (prev->prefer == entry->prefer) &&
> ++              (prev->group == entry->group)) {
> ++                  if (xmlDebugCatalogs)
> ++                      xmlCatalogPrintDebug(
> ++                          "Ignoring repeated nextCatalog %s\n",
> entry->URL);
> ++                  xmlFreeCatalogEntry(entry, NULL);
> ++                  entry = NULL;
> ++                  break;
> ++          }
> ++          prev = prev->next;
> ++      }
> +     }
> +     if (entry != NULL) {
> +         if (parent != NULL) {
> diff --git a/meta/recipes-core/libxml/libxml2_2.14.6.bb
> b/meta/recipes-core/libxml/libxml2_2.14.6.bb
> index 7b47f823f9..b881a89a5f 100644
> --- a/meta/recipes-core/libxml/libxml2_2.14.6.bb
> +++ b/meta/recipes-core/libxml/libxml2_2.14.6.bb
> @@ -21,6 +21,7 @@ SRC_URI += "
> http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
>             file://CVE-2025-6021.patch \
>             file://CVE-2026-0989.patch \
>             file://CVE-2026-0990.patch \
> +           file://CVE-2026-0992.patch \
>             "
>
>  SRC_URI[archive.sha256sum] =
> "7ce458a0affeb83f0b55f1f4f9e0e55735dbfc1a9de124ee86fb4a66b597203a"
>
> 
>
>
>
> --
>
> Yoann Congal
>
> Smile ECS
>


-- 
Yoann Congal
Smile ECS

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#230140): 
https://lists.openembedded.org/g/openembedded-core/message/230140
Mute This Topic: https://lists.openembedded.org/mt/117455086/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [OE-core][whinlatter][PATCH 3/3] libxml2: patch CVE-2026-0992

Reply via email to