diff options
| author | Mingli Yu <mingli.yu@windriver.com> | 2025-12-22 14:59:58 +0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-12-31 07:49:31 -0800 |
| commit | fee180d783a2b1cff6c79e109ef9ebe06dd6def7 (patch) | |
| tree | 39555fac46845546a05c36c467f2b90171331803 | |
| parent | d27f4a8879b206171623fe5192dab4732f008428 (diff) | |
| download | poky-fee180d783a2b1cff6c79e109ef9ebe06dd6def7.tar.gz | |
libxslt: Fix CVE-2025-11731
Backport the patch [1] to fix CVE-2025-11731.
[1] https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3
(From OE-Core rev: e70c70e0359418197699f18c9e2cbfd7ebac705d)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-support/libxslt/files/CVE-2025-11731.patch | 42 | ||||
| -rw-r--r-- | meta/recipes-support/libxslt/libxslt_1.1.43.bb | 3 |
2 files changed, 44 insertions, 1 deletions
diff --git a/meta/recipes-support/libxslt/files/CVE-2025-11731.patch b/meta/recipes-support/libxslt/files/CVE-2025-11731.patch new file mode 100644 index 0000000000..19702af6cb --- /dev/null +++ b/meta/recipes-support/libxslt/files/CVE-2025-11731.patch | |||
| @@ -0,0 +1,42 @@ | |||
| 1 | From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org> | ||
| 3 | Date: Wed, 27 Aug 2025 14:28:40 +0300 | ||
| 4 | Subject: [PATCH] End function node ancestor search at document | ||
| 5 | |||
| 6 | Avoids dereferencing a non-existent ->ns property on an | ||
| 7 | XML_DOCUMENT_NODE pointer. | ||
| 8 | |||
| 9 | Fixes #151. | ||
| 10 | |||
| 11 | CVE: CVE-2025-11731 | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3] | ||
| 14 | |||
| 15 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
| 16 | --- | ||
| 17 | libexslt/functions.c | 9 +++++++-- | ||
| 18 | 1 file changed, 7 insertions(+), 2 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/libexslt/functions.c b/libexslt/functions.c | ||
| 21 | index 8d35a7ae..a54ee70c 100644 | ||
| 22 | --- a/libexslt/functions.c | ||
| 23 | +++ b/libexslt/functions.c | ||
| 24 | @@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst, | ||
| 25 | * instanciation of a func:result element. | ||
| 26 | */ | ||
| 27 | for (test = inst->parent; test != NULL; test = test->parent) { | ||
| 28 | - if (IS_XSLT_ELEM(test) && | ||
| 29 | - IS_XSLT_NAME(test, "stylesheet")) { | ||
| 30 | + if (/* Traversal has reached the top-level document without | ||
| 31 | + * finding a func:function ancestor. */ | ||
| 32 | + (test != NULL && test->type == XML_DOCUMENT_NODE) || | ||
| 33 | + /* Traversal reached a stylesheet-namespace node, | ||
| 34 | + * and has left the function namespace. */ | ||
| 35 | + (IS_XSLT_ELEM(test) && | ||
| 36 | + IS_XSLT_NAME(test, "stylesheet"))) { | ||
| 37 | xsltGenericError(xsltGenericErrorContext, | ||
| 38 | "func:result element not a descendant " | ||
| 39 | "of a func:function\n"); | ||
| 40 | -- | ||
| 41 | 2.34.1 | ||
| 42 | |||
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.43.bb b/meta/recipes-support/libxslt/libxslt_1.1.43.bb index e08e92085d..e33b1bb902 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.43.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.43.bb | |||
| @@ -14,7 +14,8 @@ SECTION = "libs" | |||
| 14 | DEPENDS = "libxml2" | 14 | DEPENDS = "libxml2" |
| 15 | 15 | ||
| 16 | SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \ | 16 | SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \ |
| 17 | file://gnome-libxslt-bug-139-apple-fix.diff" | 17 | file://gnome-libxslt-bug-139-apple-fix.diff \ |
| 18 | file://CVE-2025-11731.patch" | ||
| 18 | 19 | ||
| 19 | SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a" | 20 | SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a" |
| 20 | 21 | ||