microsoft · kgodara912 · Feb 19, 2026 · Feb 3, 2026 · Feb 3, 2026 · Feb 5, 2026
@@ -0,0 +1,144 @@
+From eae9291aa73907694dd3a4274d306e31217e746e Mon Sep 17 00:00:00 2001
+From: Nathan <nathan.shain@echohq.com>
+Date: Wed, 10 Sep 2025 18:11:50 +0300
+Subject: [PATCH] fix: Prevent infinite recursion in xmlCatalogListXMLResolve
+
+Upstream patch reference:
+https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/337.patch
+---
+ catalog.c                      | 28 ++++++++++++++++++++--------
+ result/catalogs/recursive      |  1 +
+ test/catalogs/recursive.script |  0
+ test/catalogs/recursive.sgml   |  1 +
+ 4 files changed, 22 insertions(+), 8 deletions(-)
+ create mode 100644 result/catalogs/recursive
+ create mode 100644 test/catalogs/recursive.script
+ create mode 100644 test/catalogs/recursive.sgml
+
+diff --git a/catalog.c b/catalog.c
+index 8e96f4b..e8e0a0d 100644
+--- a/catalog.c
++++ b/catalog.c
+@@ -84,7 +84,7 @@ unsigned long __stdcall GetModuleFileNameA(void*, char*, unsigned long);
+ #endif
+
+ static xmlChar *xmlCatalogNormalizePublic(const xmlChar *pubID);
+-static int xmlExpandCatalog(xmlCatalogPtr catal, const char *filename);
++static int xmlExpandCatalog(xmlCatalogPtr catal, const char *filename, int depth);
+
+ /************************************************************************
+  *									*
+@@ -2357,17 +2357,24 @@ xmlGetSGMLCatalogEntryType(const xmlChar *name) {
+  * Parse an SGML catalog content and fill up the @catal hash table with
+  * the new entries found.
+  *
++ * @param depth  the current depth of the catalog
+  * Returns 0 in case of success, -1 in case of error.
+  */
+ static int
+ xmlParseSGMLCatalog(xmlCatalogPtr catal, const xmlChar *value,
+-	            const char *file, int super) {
++                   const char *file, int super, int depth) {
+     const xmlChar *cur = value;
+     xmlChar *base = NULL;
+     int res;
+
+     if ((cur == NULL) || (file == NULL))
+         return(-1);
++
++    /* Check recursion depth */
++    if (depth > MAX_CATAL_DEPTH) {
++        return(-1);
++    }
++
+     base = xmlStrdup((const xmlChar *) file);
+
+     while ((cur != NULL) && (cur[0] != 0)) {
+@@ -2545,7 +2552,7 @@ xmlParseSGMLCatalog(xmlCatalogPtr catal, const xmlChar *value,
+
+ 		    filename = xmlBuildURI(sysid, base);
+ 		    if (filename != NULL) {
+-			xmlExpandCatalog(catal, (const char *)filename);
++			xmlExpandCatalog(catal, (const char *)filename, depth);
+ 			xmlFree(filename);
+ 		    }
+ 		}
+@@ -2695,7 +2702,7 @@ xmlLoadSGMLSuperCatalog(const char *filename)
+ 	return(NULL);
+     }
+
+-    ret = xmlParseSGMLCatalog(catal, content, filename, 1);
++    ret = xmlParseSGMLCatalog(catal, content, filename, 1, 0);
+     xmlFree(content);
+     if (ret < 0) {
+ 	xmlFreeCatalog(catal);
+@@ -2741,7 +2748,7 @@ xmlLoadACatalog(const char *filename)
+ 	    xmlFree(content);
+ 	    return(NULL);
+ 	}
+-        ret = xmlParseSGMLCatalog(catal, content, filename, 0);
++        ret = xmlParseSGMLCatalog(catal, content, filename, 0, 0);
+ 	if (ret < 0) {
+ 	    xmlFreeCatalog(catal);
+ 	    xmlFree(content);
+@@ -2768,16 +2775,21 @@ xmlLoadACatalog(const char *filename)
+  * Load the catalog and expand the existing catal structure.
+  * This can be either an XML Catalog or an SGML Catalog
+  *
++ * @param depth  the current depth of the catalog
+  * Returns 0 in case of success, -1 in case of error
+  */
+ static int
+-xmlExpandCatalog(xmlCatalogPtr catal, const char *filename)
++xmlExpandCatalog(xmlCatalogPtr catal, const char *filename, int depth)
+ {
+     int ret;
+
+     if ((catal == NULL) || (filename == NULL))
+ 	return(-1);
+
++    /* Check recursion depth */
++    if (depth > MAX_CATAL_DEPTH) {
++       return(-1);
++    }
+
+     if (catal->type == XML_SGML_CATALOG_TYPE) {
+ 	xmlChar *content;
+@@ -2786,7 +2798,7 @@ xmlExpandCatalog(xmlCatalogPtr catal, const char *filename)
+ 	if (content == NULL)
+ 	    return(-1);
+
+-        ret = xmlParseSGMLCatalog(catal, content, filename, 0);
++        ret = xmlParseSGMLCatalog(catal, content, filename, 0, depth + 1);
+ 	if (ret < 0) {
+ 	    xmlFree(content);
+ 	    return(-1);
+@@ -3254,7 +3266,7 @@ xmlLoadCatalog(const char *filename)
+ 	return(0);
+     }
+
+-    ret = xmlExpandCatalog(xmlDefaultCatalog, filename);
++    ret = xmlExpandCatalog(xmlDefaultCatalog, filename, 0);
+     xmlRMutexUnlock(xmlCatalogMutex);
+     return(ret);
+ }
+diff --git a/result/catalogs/recursive b/result/catalogs/recursive
+new file mode 100644
+index 0000000..d9e80f6
+--- /dev/null
++++ b/result/catalogs/recursive
+@@ -0,0 +1 @@
++>
+diff --git a/test/catalogs/recursive.script b/test/catalogs/recursive.script
+new file mode 100644
+index 0000000..e69de29
+diff --git a/test/catalogs/recursive.sgml b/test/catalogs/recursive.sgml
+new file mode 100644
+index 0000000..ac2148b
+--- /dev/null
++++ b/test/catalogs/recursive.sgml
+@@ -0,0 +1 @@
++CATALOG recursive.sgml
+-- 
+2.45.4
+
@@ -1,7 +1,7 @@
 Summary:        Libxml2
 Name:           libxml2
 Version:        2.10.4
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -24,6 +24,7 @@ Patch12:        CVE-2025-49795.patch
 Patch13:        CVE-2025-7425.patch
 Patch14:        CVE-2026-0990.patch
 Patch15:        CVE-2026-0992.patch
+Patch16:        CVE-2025-8732.patch
 BuildRequires:  python3-devel
 BuildRequires:  python3-xml
 Provides:       %{name}-tools = %{version}-%{release}
@@ -94,6 +95,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_libdir}/cmake/libxml2/libxml2-config.cmake
 
 %changelog
+* Tue Feb 03 2026 Ratiranjan Behera <v-ratbehera@microsoft.com> - 2.10.4-11
+- Patch for CVE-2025-8732
+
 * Tue Jan 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.10.4-10
 - Patch for CVE-2026-0992, CVE-2026-0990, CVE-2025-7425
 

@@ -194,8 +194,8 @@ curl-8.8.0-8.cm2.aarch64.rpm
 curl-devel-8.8.0-8.cm2.aarch64.rpm
 curl-libs-8.8.0-8.cm2.aarch64.rpm
 createrepo_c-0.17.5-1.cm2.aarch64.rpm
-libxml2-2.10.4-10.cm2.aarch64.rpm
-libxml2-devel-2.10.4-10.cm2.aarch64.rpm
+libxml2-2.10.4-11.cm2.aarch64.rpm
+libxml2-devel-2.10.4-11.cm2.aarch64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.aarch64.rpm

@@ -194,8 +194,8 @@ curl-8.8.0-8.cm2.x86_64.rpm
 curl-devel-8.8.0-8.cm2.x86_64.rpm
 curl-libs-8.8.0-8.cm2.x86_64.rpm
 createrepo_c-0.17.5-1.cm2.x86_64.rpm
-libxml2-2.10.4-10.cm2.x86_64.rpm
-libxml2-devel-2.10.4-10.cm2.x86_64.rpm
+libxml2-2.10.4-11.cm2.x86_64.rpm
+libxml2-devel-2.10.4-11.cm2.x86_64.rpm
 docbook-dtd-xml-4.5-11.cm2.noarch.rpm
 docbook-style-xsl-1.79.1-14.cm2.noarch.rpm
 libsepol-3.2-2.cm2.x86_64.rpm

@@ -209,9 +209,9 @@ libtasn1-debuginfo-4.19.0-3.cm2.aarch64.rpm
 libtasn1-devel-4.19.0-3.cm2.aarch64.rpm
 libtool-2.4.6-8.cm2.aarch64.rpm
 libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm
-libxml2-2.10.4-10.cm2.aarch64.rpm
-libxml2-debuginfo-2.10.4-10.cm2.aarch64.rpm
-libxml2-devel-2.10.4-10.cm2.aarch64.rpm
+libxml2-2.10.4-11.cm2.aarch64.rpm
+libxml2-debuginfo-2.10.4-11.cm2.aarch64.rpm
+libxml2-devel-2.10.4-11.cm2.aarch64.rpm
 libxslt-1.1.34-10.cm2.aarch64.rpm
 libxslt-debuginfo-1.1.34-10.cm2.aarch64.rpm
 libxslt-devel-1.1.34-10.cm2.aarch64.rpm
@@ -521,7 +521,7 @@ python3-gpg-1.16.0-2.cm2.aarch64.rpm
 python3-jinja2-3.0.3-7.cm2.noarch.rpm
 python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm
 python3-libs-3.9.19-19.cm2.aarch64.rpm
-python3-libxml2-2.10.4-10.cm2.aarch64.rpm
+python3-libxml2-2.10.4-11.cm2.aarch64.rpm
 python3-lxml-4.9.1-1.cm2.aarch64.rpm
 python3-magic-5.40-3.cm2.noarch.rpm
 python3-markupsafe-2.1.0-1.cm2.aarch64.rpm

@@ -215,9 +215,9 @@ libtasn1-debuginfo-4.19.0-3.cm2.x86_64.rpm
 libtasn1-devel-4.19.0-3.cm2.x86_64.rpm
 libtool-2.4.6-8.cm2.x86_64.rpm
 libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm
-libxml2-2.10.4-10.cm2.x86_64.rpm
-libxml2-debuginfo-2.10.4-10.cm2.x86_64.rpm
-libxml2-devel-2.10.4-10.cm2.x86_64.rpm
+libxml2-2.10.4-11.cm2.x86_64.rpm
+libxml2-debuginfo-2.10.4-11.cm2.x86_64.rpm
+libxml2-devel-2.10.4-11.cm2.x86_64.rpm
 libxslt-1.1.34-10.cm2.x86_64.rpm
 libxslt-debuginfo-1.1.34-10.cm2.x86_64.rpm
 libxslt-devel-1.1.34-10.cm2.x86_64.rpm
@@ -527,7 +527,7 @@ python3-gpg-1.16.0-2.cm2.x86_64.rpm
 python3-jinja2-3.0.3-7.cm2.noarch.rpm
 python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm
 python3-libs-3.9.19-19.cm2.x86_64.rpm
-python3-libxml2-2.10.4-10.cm2.x86_64.rpm
+python3-libxml2-2.10.4-11.cm2.x86_64.rpm
 python3-lxml-4.9.1-1.cm2.x86_64.rpm
 python3-magic-5.40-3.cm2.noarch.rpm
 python3-markupsafe-2.1.0-1.cm2.x86_64.rpm