package/libxml2: add patch for CVE-2025-49795

This patch mitigates CVE-2025-49795 [1] by backporting the commit [2] to
libxml2 2.13.

[1] https://nvd.nist.gov/vuln/detail/cve-2025-49795
[2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765
[3] https://security-tracker.debian.org/tracker/CVE-2025-49795

Signed-off-by: Tim Soubry <tim.soubry@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit bb1a5689459a6f6fead0c0cfec0052cafa77d2c3)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>

package/libxml2/0003-Schematron-Fix-null-pointer-dereference-leading-to-D.patch

@@ -0,0 +1,70 @@
+From 4df1c80c4edc51ecb9f2f574203128a06fd31406 Mon Sep 17 00:00:00 2001
+From: Michael Mann <mmann78@netscape.net>
+Date: Sat, 21 Jun 2025 12:11:30 -0400
+Subject: [PATCH] Schematron: Fix null pointer dereference leading to DoS
+
+(CVE-2025-49795)
+
+Fixes #932
+
+Upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765
+CVE: CVE-2025-49795
+Signed-off-by: Tim Soubry <tim.soubry@mind.be>
+---
+ result/schematron/zvon16_0.err | 1 +
+ schematron.c                   | 2 ++
+ test/schematron/zvon16.sct     | 7 +++++++
+ test/schematron/zvon16_0.xml   | 5 +++++
+ 4 files changed, 15 insertions(+)
+ create mode 100644 result/schematron/zvon16_0.err
+ create mode 100644 test/schematron/zvon16.sct
+ create mode 100644 test/schematron/zvon16_0.xml
+
+diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err
+new file mode 100644
+index 00000000..465cf2eb
+--- /dev/null
++++ b/result/schematron/zvon16_0.err
+@@ -0,0 +1 @@
++xmlSchematronParse: could not load './test/schematron/zvon16.sct'
+\ No newline at end of file
+diff --git a/schematron.c b/schematron.c
+index 426300c8..b51b20e1 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1509,6 +1509,8 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+             select = xmlGetNoNsProp(child, BAD_CAST "select");
+             comp = xmlXPathCtxtCompile(ctxt->xctxt, select);
+             eval = xmlXPathCompiledEval(comp, ctxt->xctxt);
++            if (eval == NULL)
++                return ret;
+ 
+             switch (eval->type) {
+             case XPATH_NODESET: {
+diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct
+new file mode 100644
+index 00000000..4d24c054
+--- /dev/null
++++ b/test/schematron/zvon16.sct
+@@ -0,0 +1,7 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron"
++	<sch:pattern id="TestPattern">
++		<sch:rule context="book">
++			<sch:report test="not(@available)">Book <sch:value-of select="falae()"/> test</sch:report>
++		</sch:rule>
++	</sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml
+new file mode 100644
+index 00000000..551e2d65
+--- /dev/null
++++ b/test/schematron/zvon16_0.xml
+@@ -0,0 +1,5 @@
++<library>
++	<book title="Test Book" id="bk101">
++		<author>Test Author</author>
++	</book>
++</library>
+-- 
+2.39.5
+

package/libxml2/libxml2.mk

@@ -21,6 +21,9 @@ LIBXML2_IGNORE_CVES += CVE-2025-6021
 #0002-schematron-Fix-memory-safety-issues-in-xmlSchematron.patch
 LIBXML2_IGNORE_CVES += CVE-2025-49794 CVE-2025-49796
 
+#0003-Schematron-Fix-null-pointer-dereference-leading-to-D.patch
+LIBXML2_IGNORE_CVES += CVE-2025-49795
+
 # relocation truncated to fit: R_68K_GOT16O
 ifeq ($(BR2_m68k_cf),y)
 LIBXML2_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -mxgot"