mirror of
https://git.yoctoproject.org/poky
synced 2026-02-25 19:09:41 +01:00
8d61eb390a
References: * https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 (From OE-Core rev: 2c8e455148e12e097ff757bcf0a57d7d5bd77c30) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From deed3b7873dff30b7f87f7f33154c9932a772522 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Garcia Moreno <dani@danigm.net>
|
|
Date: Sun, 18 Jan 2026 19:47:11 +0100
|
|
Subject: [PATCH] catalog: Do not check value for duplication nextCatalog
|
|
|
|
The value field stores the path as it appears in the catalog definition,
|
|
the URL is built using xmlBuildURI that changes the relative paths to
|
|
absolute.
|
|
|
|
This change fixes the issue of using relative path to the same catalog
|
|
in the same file.
|
|
|
|
Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040
|
|
|
|
CVE: CVE-2026-0992
|
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522]
|
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
|
---
|
|
catalog.c | 1 -
|
|
1 file changed, 1 deletion(-)
|
|
|
|
diff --git a/catalog.c b/catalog.c
|
|
index eb889162..ba9ee7ae 100644
|
|
--- a/catalog.c
|
|
+++ b/catalog.c
|
|
@@ -1286,7 +1286,6 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer,
|
|
while (prev != NULL) {
|
|
if ((prev->type == XML_CATA_NEXT_CATALOG) &&
|
|
(xmlStrEqual (prev->URL, entry->URL)) &&
|
|
- (xmlStrEqual (prev->value, entry->value)) &&
|
|
(prev->prefer == entry->prefer) &&
|
|
(prev->group == entry->group)) {
|
|
if (xmlDebugCatalogs)
|