diff --git a/dist b/dist
index 9c0e36ec42a2d9bfefacb21ac6354c9ddd910533..1fe92cf0fdf9c2625d878a2ace258f64c1e8ca44 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8
+an8_10
diff --git a/libxml2-2.9.7-CVE-2023-39615.patch b/libxml2-2.11.0-fix-CVE-2023-39615.patch
similarity index 100%
rename from libxml2-2.9.7-CVE-2023-39615.patch
rename to libxml2-2.11.0-fix-CVE-2023-39615.patch
diff --git a/libxml2-2.9.13-CVE-2023-28484.2.patch b/libxml2-2.9.13-CVE-2023-28484.2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7e0b61dd88654cadf50a2576e38d03e4d863d602
--- /dev/null
+++ b/libxml2-2.9.13-CVE-2023-28484.2.patch
@@ -0,0 +1,71 @@
+From 4c6922f763ad958c48ff66f82823ae21f2e92ee6 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 13 Sep 2022 16:40:31 +0200
+Subject: [PATCH] schemas: Fix null-pointer-deref in
+ xmlSchemaCheckCOSSTDerivedOK
+
+Found by OSS-Fuzz.
+---
+ result/schemas/oss-fuzz-51295_0_0.err |  2 ++
+ test/schemas/oss-fuzz-51295_0.xml     |  1 +
+ test/schemas/oss-fuzz-51295_0.xsd     |  4 ++++
+ xmlschemas.c                          | 15 +++++++++++++--
+ 4 files changed, 20 insertions(+), 2 deletions(-)
+ create mode 100644 result/schemas/oss-fuzz-51295_0_0.err
+ create mode 100644 test/schemas/oss-fuzz-51295_0.xml
+ create mode 100644 test/schemas/oss-fuzz-51295_0.xsd
+
+diff --git a/result/schemas/oss-fuzz-51295_0_0.err b/result/schemas/oss-fuzz-51295_0_0.err
+new file mode 100644
+index 00000000..1e89524f
+--- /dev/null
++++ b/result/schemas/oss-fuzz-51295_0_0.err
+@@ -0,0 +1,2 @@
++./test/schemas/oss-fuzz-51295_0.xsd:2: element element: Schemas parser error : element decl. 'e': The element declaration 'e' defines a circular substitution group to element declaration 'e'.
++./test/schemas/oss-fuzz-51295_0.xsd:2: element element: Schemas parser error : element decl. 'e': The element declaration 'e' defines a circular substitution group to element declaration 'e'.
+diff --git a/test/schemas/oss-fuzz-51295_0.xml b/test/schemas/oss-fuzz-51295_0.xml
+new file mode 100644
+index 00000000..10a7e703
+--- /dev/null
++++ b/test/schemas/oss-fuzz-51295_0.xml
+@@ -0,0 +1 @@
++<e/>
+diff --git a/test/schemas/oss-fuzz-51295_0.xsd b/test/schemas/oss-fuzz-51295_0.xsd
+new file mode 100644
+index 00000000..fde96af5
+--- /dev/null
++++ b/test/schemas/oss-fuzz-51295_0.xsd
+@@ -0,0 +1,4 @@
++<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
++    <xs:element name="e" substitutionGroup="e"/>
++    <xs:element name="t" substitutionGroup="e" type='xs:decimal'/>
++</xs:schema>
+diff --git a/xmlschemas.c b/xmlschemas.c
+index f31d3d1f..152b7c3f 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -13345,8 +13345,19 @@ xmlSchemaResolveElementReferences(xmlSchemaElementPtr elemDecl,
+ 	    * declaration `resolved` to by the `actual value`
+ 	    * of the substitutionGroup [attribute], if present"
+ 	    */
+-	    if (elemDecl->subtypes == NULL)
+-		elemDecl->subtypes = substHead->subtypes;
++	    if (elemDecl->subtypes == NULL) {
++                if (substHead->subtypes == NULL) {
++                    /*
++                     * This can happen with self-referencing substitution
++                     * groups. The cycle will be detected later, but we have
++                     * to set subtypes to avoid null-pointer dereferences.
++                     */
++	            elemDecl->subtypes = xmlSchemaGetBuiltInType(
++                            XML_SCHEMAS_ANYTYPE);
++                } else {
++		    elemDecl->subtypes = substHead->subtypes;
++                }
++            }
+ 	}
+     }
+     /*
+-- 
+GitLab
+
diff --git a/libxml2-2.9.7-CVE-2023-28484.patch b/libxml2-2.9.13-CVE-2023-28484.patch
similarity index 95%
rename from libxml2-2.9.7-CVE-2023-28484.patch
rename to libxml2-2.9.13-CVE-2023-28484.patch
index c5c4d9cfe8c7d6e4a3c57a09d7e36bdb583cfa37..052ab155b4faebb59f02da22e82e22a97a392644 100644
--- a/libxml2-2.9.7-CVE-2023-28484.patch
+++ b/libxml2-2.9.13-CVE-2023-28484.patch
@@ -20,21 +20,21 @@ Fixes #491.
 
 diff --git a/result/schemas/issue491_0_0.err b/result/schemas/issue491_0_0.err
 new file mode 100644
-index 000000000..9b2bb9691
+index 00000000..9b2bb969
 --- /dev/null
 +++ b/result/schemas/issue491_0_0.err
 @@ -0,0 +1 @@
 +./test/schemas/issue491_0.xsd:8: element complexType: Schemas parser error : complex type 'ChildType': The content type of both, the type and its base type, must either 'mixed' or 'element-only'.
 diff --git a/test/schemas/issue491_0.xml b/test/schemas/issue491_0.xml
 new file mode 100644
-index 000000000..e2b2fc2e3
+index 00000000..e2b2fc2e
 --- /dev/null
 +++ b/test/schemas/issue491_0.xml
 @@ -0,0 +1 @@
 +<Child xmlns="http://www.test.com">5</Child>
 diff --git a/test/schemas/issue491_0.xsd b/test/schemas/issue491_0.xsd
 new file mode 100644
-index 000000000..817026498
+index 00000000..81702649
 --- /dev/null
 +++ b/test/schemas/issue491_0.xsd
 @@ -0,0 +1,18 @@
@@ -57,7 +57,7 @@ index 000000000..817026498
 +  <xs:element name="Child" type="ChildType" />
 +</xs:schema>
 diff --git a/xmlschemas.c b/xmlschemas.c
-index 152b7c3f5..eec24a95f 100644
+index 152b7c3f..eec24a95 100644
 --- a/xmlschemas.c
 +++ b/xmlschemas.c
 @@ -18619,7 +18619,7 @@ xmlSchemaFixupComplexType(xmlSchemaParserCtxtPtr pctxt,
@@ -71,3 +71,4 @@ index 152b7c3f5..eec24a95f 100644
  		    /*
 -- 
 GitLab
+
diff --git a/libxml2-2.9.13-CVE-2024-56171.patch b/libxml2-2.9.13-CVE-2024-56171.patch
new file mode 100644
index 0000000000000000000000000000000000000000..96a2ab19336852d019dacb27eb8d2c06a0c7264a
--- /dev/null
+++ b/libxml2-2.9.13-CVE-2024-56171.patch
@@ -0,0 +1,41 @@
+From 245b70d7d2768572ae1b05b3668ca858b9ec4ed4 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 10 Dec 2024 16:52:05 +0100
+Subject: [PATCH] [CVE-2024-56171] Fix use-after-free after
+ xmlSchemaItemListAdd
+
+xmlSchemaItemListAdd can reallocate the items array. Update local
+variables after adding item in
+
+- xmlSchemaIDCFillNodeTables
+- xmlSchemaBubbleIDCNodeTables
+
+Fixes #828.
+---
+ xmlschemas.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/xmlschemas.c b/xmlschemas.c
+index d276faf10..28b14bd44 100644
+--- a/xmlschemas.c
++++ b/xmlschemas.c
+@@ -23388,6 +23388,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt,
+ 			}
+ 			if (xmlSchemaItemListAdd(bind->dupls, bind->nodeTable[j]) == -1)
+ 			    goto internal_error;
++                        dupls = (xmlSchemaPSVIIDCNodePtr *) bind->dupls->items;
+ 			/*
+ 			* Remove the duplicate entry from the IDC node-table.
+ 			*/
+@@ -23604,6 +23605,8 @@ xmlSchemaBubbleIDCNodeTables(xmlSchemaValidCtxtPtr vctxt)
+ 				goto internal_error;
+ 			}
+ 			xmlSchemaItemListAdd(parBind->dupls, parNode);
++		        dupls = (xmlSchemaPSVIIDCNodePtr *)
++                            parBind->dupls->items;
+ 		    } else {
+ 			/*
+ 			* Add the node-table entry (node and key-sequence) of
+-- 
+GitLab
+
diff --git a/libxml2-2.9.13-CVE-2025-24928.patch b/libxml2-2.9.13-CVE-2025-24928.patch
new file mode 100644
index 0000000000000000000000000000000000000000..22e5686d11941d236d3f651581b8ca5c6f92d52f
--- /dev/null
+++ b/libxml2-2.9.13-CVE-2025-24928.patch
@@ -0,0 +1,57 @@
+From 858ca26c0689161a6b903a6682cc8a1cc10a0ea8 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 11 Feb 2025 17:30:40 +0100
+Subject: [PATCH] [CVE-2025-24928] Fix stack-buffer-overflow in
+ xmlSnprintfElements
+
+Fixes #847.
+---
+ valid.c | 25 +++++++++++++------------
+ 1 file changed, 13 insertions(+), 12 deletions(-)
+
+diff --git a/valid.c b/valid.c
+index 76d657d62..abefdc50a 100644
+--- a/valid.c
++++ b/valid.c
+@@ -5057,25 +5057,26 @@ xmlSnprintfElements(char *buf, int size, xmlNodePtr node, int glob) {
+ 	    return;
+ 	}
+         switch (cur->type) {
+-            case XML_ELEMENT_NODE:
++            case XML_ELEMENT_NODE: {
++                int qnameLen = xmlStrlen(cur->name);
++
++                if ((cur->ns != NULL) && (cur->ns->prefix != NULL))
++                    qnameLen += xmlStrlen(cur->ns->prefix) + 1;
++                if (size - len < qnameLen + 10) {
++                    if ((size - len > 4) && (buf[len - 1] != '.'))
++                        strcat(buf, " ...");
++                    return;
++                }
+ 		if ((cur->ns != NULL) && (cur->ns->prefix != NULL)) {
+-		    if (size - len < xmlStrlen(cur->ns->prefix) + 10) {
+-			if ((size - len > 4) && (buf[len - 1] != '.'))
+-			    strcat(buf, " ...");
+-			return;
+-		    }
+ 		    strcat(buf, (char *) cur->ns->prefix);
+ 		    strcat(buf, ":");
+ 		}
+-                if (size - len < xmlStrlen(cur->name) + 10) {
+-		    if ((size - len > 4) && (buf[len - 1] != '.'))
+-			strcat(buf, " ...");
+-		    return;
+-		}
+-	        strcat(buf, (char *) cur->name);
++                if (cur->name != NULL)
++	            strcat(buf, (char *) cur->name);
+ 		if (cur->next != NULL)
+ 		    strcat(buf, " ");
+ 		break;
++            }
+             case XML_TEXT_NODE:
+ 		if (xmlIsBlankNode(cur))
+ 		    break;
+-- 
+GitLab
+
diff --git a/libxml2-2.9.7-CVE-2023-29469.patch b/libxml2-2.9.7-CVE-2023-29469.patch
index bcd9fe0c21e90fecb7928384e3c8fc4d1b979f6b..d7a97781a9cc9f4d2239c7ef09dedba539011bd6 100644
--- a/libxml2-2.9.7-CVE-2023-29469.patch
+++ b/libxml2-2.9.7-CVE-2023-29469.patch
@@ -1,4 +1,4 @@
-From 09a2dd453007f9c7205274623acdd73747c22d64 Mon Sep 17 00:00:00 2001
+From a40db8fde759261b042138646da36c632a739f31 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Fri, 7 Apr 2023 11:49:27 +0200
 Subject: [PATCH] [CVE-2023-29469] Hashing of empty dict strings isn't
@@ -14,23 +14,29 @@ have an impact on security.
 Found by OSS-Fuzz.
 
 Fixes #510.
+
+Incorporates change from commit
+09a2dd453007f9c7205274623acdd73747c22d64.
 ---
- dict.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
+ dict.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/dict.c b/dict.c
-index c29d2af77..12ba94fd5 100644
+index 0ef3718d..5e84cfca 100644
 --- a/dict.c
 +++ b/dict.c
-@@ -453,7 +453,8 @@ static unsigned long
+@@ -444,8 +444,9 @@ static unsigned long
  xmlDictComputeFastKey(const xmlChar *name, int namelen, int seed) {
      unsigned long value = seed;
  
 -    if (name == NULL) return(0);
+-    value = *name;
 +    if ((name == NULL) || (namelen <= 0))
 +        return(value);
-     value = *name;
++    value += *name;
      value <<= 5;
      if (namelen > 10) {
+         value += name[namelen - 1];
 -- 
-GitLab
+2.41.0
+
diff --git a/libxml2.spec b/libxml2.spec
index 04221e3fd125ca21ad048a9fdf341ecc1ea587f7..0df273589d9601e77be67a5d1e2e4c099606a705 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.4
+%define anolis_release .0.1
 
 %if 0%{?rhel} > 7
 # Disable python2 build by default
@@ -9,7 +9,7 @@
 
 Name:           libxml2
 Version:        2.9.7
-Release:        18%{anolis_release}%{?dist}
+Release:        19%{anolis_release}%{?dist}
 Summary:        Library providing XML and HTML support
 
 License:        MIT
@@ -58,17 +58,20 @@ Patch18:        libxml2-2.9.7-CVE-2016-3709.patch
 Patch19:        libxml2-2.9.7-CVE-2022-40303.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2136568
 Patch20:        libxml2-2.9.7-CVE-2022-40304.patch
-# https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
-Patch21:        libxml2-2.9.7-CVE-2023-28484.patch
-# https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64.patch
-Patch22:        libxml2-2.9.7-CVE-2023-29469.patch
-# https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9
-Patch23:        libxml2-2.9.7-CVE-2023-39615.patch
-
-# upstream fix:https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a66b176055d25ee635bf328c7b35b381db0b71d
-Patch24:        libxml2-2.9.7-CVE-2024-25062.patch
-# https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b
-Patch25:        libxml2-2.9.13-CVE-2022-49043.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2186692
+Patch21:         libxml2-2.9.13-CVE-2023-28484.patch
+Patch22:         libxml2-2.9.13-CVE-2023-28484.2.patch
+Patch23:         libxml2-2.9.7-CVE-2023-29469.patch
+# https://issues.redhat.com/browse/RHEL-5179
+Patch24:         libxml2-2.11.0-fix-CVE-2023-39615.patch
+# https://issues.redhat.com/browse/RHEL-31056
+Patch25:         libxml2-2.9.7-CVE-2024-25062.patch
+# https://issues.redhat.com/browse/RHEL-76289
+Patch26:         libxml2-2.9.13-CVE-2022-49043.patch
+# https://issues.redhat.com/browse/RHEL-80122
+Patch27:        libxml2-2.9.13-CVE-2024-56171.patch
+# https://issues.redhat.com/browse/RHEL-80137
+Patch28:        libxml2-2.9.13-CVE-2025-24928.patch
 
 # Add by Anolis
 Patch1000:	0001-modify-home-page.patch
@@ -244,24 +247,26 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %{python3_sitearch}/libxml2mod.so
 
 %changelog
-* Tue Feb 18 2025 wangzhe <wanglan.wz@alibaba-inc.com> - 2.9.7-18.0.4
-- Fix CVE-2022-49043
+* Fri Mar 14 2025 Mahailiang <mahailiang@openanolis.org> - 2.9.7-19.0.1
+- Modify home page
+- Replace logo in html doc with anolis.gif
 
-* Fri Jun 07 2024 Kai Song <songkai01@inspur.com> - 2.9.7-18.0.3
-- Fix CVE-2024-25062
+* Tue Mar 11 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.9.7-19
+- Fix CVE-2024-56171 (RHEL-80122)
+- Fix CVE-2025-24928 (RHEL-80137)
 
-* Tue Dec 05 2023 Bo Liu <liubo03@inspur.com> - 2.9.7-18.0.2
-- Fix CVE-2023-39615
+* Tue Feb 11 2025 David King <dking@redhat.com> - 2.9.7.18.2
+- Fix CVE-2022-49043 (RHEL-76289)
 
-* Wed Sep 06 2023 chengshengyu <cheng.shengyu1@zte.com.cn> - 2.9.7-17.0.2
-- Fix CVE-2023-29469 (#2185984)
+* Mon Apr 29 2024 David King <amigadave@amigadave.com> - 2.9.7-18.1
+- Fix CVE-2024-25062 (RHEL-31056)
 
-* Wed May 24 2023 Mahailiang <mahailiang@openanolis.org> - 2.9.7-17.0.1
-- Modify home page
-- Replace logo in html doc with anolis.gif
+* Thu Sep 14 2023 David King <amigadave@amigadave.com> - 2.9.7-18
+- Fix CVE-2023-39615 (RHEL-5179)
 
-* Fri Apr 07 2023 Nick Wellnhofer <wellnhofer@aevum.de> - 2.9.7-17
-- Fix CVE-2023-28484 (#2185994)
+* Fri Jul 14 2023 David King <amigadave@amigadave.com> - 2.9.7-17
+- Fix CVE-2023-28484 (#2186692)
+- Fix CVE-2023-29469 (#2186692)
 
 * Wed Nov 02 2022 David King <dking@redhat.com> - 2.9.7-16
 - Fix CVE-2022-40303 (#2136563)