diff options
| author | Ross Burton <ross.burton@arm.com> | 2025-09-24 21:37:07 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-09-25 12:25:51 -0700 |
| commit | a20ad9c56b970bfe24163a0a6e4b5a2c719e5198 (patch) | |
| tree | 5491aa3d68194b0bcb98b5f98d284032fd578ff1 /meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff | |
| parent | 9b55caf95e75ccc30e06725408f258ff18120e07 (diff) | |
| download | poky-a20ad9c56b970bfe24163a0a6e4b5a2c719e5198.tar.gz | |
libxslt: apply patch for CVE-2025-7424
This patch is taken from the upstream bug, and is used by Apple in their
build of WebKit.
(From OE-Core rev: 2fd2384df66dc41b12d6fa481fbc2814141c54d1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 19122ccb05282e9b8803c4d1aaf06b61c22a1bab)
Signed-off-by: Jeroen Hofstee <jhofstee@victronenergy.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff')
| -rw-r--r-- | meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff b/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff new file mode 100644 index 0000000000..c7220ab954 --- /dev/null +++ b/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff | |||
| @@ -0,0 +1,103 @@ | |||
| 1 | From 345d6826d0eae6f0a962456b8ed6f6a1bad0877d Mon Sep 17 00:00:00 2001 | ||
| 2 | From: David Kilzer <ddkilzer@apple.com> | ||
| 3 | Date: Sat, 24 May 2025 15:06:42 -0700 | ||
| 4 | Subject: [PATCH] libxslt: Type confusion in xmlNode.psvi between stylesheet | ||
| 5 | and source nodes | ||
| 6 | |||
| 7 | * libxslt/functions.c: | ||
| 8 | (xsltDocumentFunctionLoadDocument): | ||
| 9 | - Implement fix suggested by Ivan Fratric. This copies the xmlDoc, | ||
| 10 | calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the | ||
| 11 | xmlDoc to tctxt->docList. | ||
| 12 | - Add error handling for functions that may return NULL. | ||
| 13 | * libxslt/transform.c: | ||
| 14 | - Remove static keyword so this can be called from | ||
| 15 | xsltDocumentFunctionLoadDocument(). | ||
| 16 | * libxslt/transformInternals.h: Add. | ||
| 17 | (xsltCleanupSourceDoc): Add declaration. | ||
| 18 | |||
| 19 | Fixes #139. | ||
| 20 | |||
| 21 | CVE: CVE-2025-7424 | ||
| 22 | Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/libxslt/-/issues/139] | ||
| 23 | Signed-off-by: Ross Burton <ross.burton@arm.com> | ||
| 24 | --- | ||
| 25 | libxslt/functions.c | 16 +++++++++++++++- | ||
| 26 | libxslt/transform.c | 3 ++- | ||
| 27 | libxslt/transformInternals.h | 9 +++++++++ | ||
| 28 | 3 files changed, 26 insertions(+), 2 deletions(-) | ||
| 29 | create mode 100644 libxslt/transformInternals.h | ||
| 30 | |||
| 31 | diff --git a/libxslt/functions.c b/libxslt/functions.c | ||
| 32 | index 72a58dc4..11ec039f 100644 | ||
| 33 | --- a/libxslt/functions.c | ||
| 34 | +++ b/libxslt/functions.c | ||
| 35 | @@ -34,6 +34,7 @@ | ||
| 36 | #include "numbersInternals.h" | ||
| 37 | #include "keys.h" | ||
| 38 | #include "documents.h" | ||
| 39 | +#include "transformInternals.h" | ||
| 40 | |||
| 41 | #ifdef WITH_XSLT_DEBUG | ||
| 42 | #define WITH_XSLT_DEBUG_FUNCTION | ||
| 43 | @@ -125,7 +126,20 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, | ||
| 44 | /* | ||
| 45 | * This selects the stylesheet's doc itself. | ||
| 46 | */ | ||
| 47 | - doc = tctxt->style->doc; | ||
| 48 | + doc = xmlCopyDoc(tctxt->style->doc, 1); | ||
| 49 | + if (doc == NULL) { | ||
| 50 | + xsltTransformError(tctxt, NULL, NULL, | ||
| 51 | + "document() : failed to copy style doc\n"); | ||
| 52 | + goto out_fragment; | ||
| 53 | + } | ||
| 54 | + xsltCleanupSourceDoc(doc); /* Remove psvi fields. */ | ||
| 55 | + idoc = xsltNewDocument(tctxt, doc); | ||
| 56 | + if (idoc == NULL) { | ||
| 57 | + xsltTransformError(tctxt, NULL, NULL, | ||
| 58 | + "document() : failed to create xsltDocument\n"); | ||
| 59 | + xmlFreeDoc(doc); | ||
| 60 | + goto out_fragment; | ||
| 61 | + } | ||
| 62 | } else { | ||
| 63 | goto out_fragment; | ||
| 64 | } | ||
| 65 | diff --git a/libxslt/transform.c b/libxslt/transform.c | ||
| 66 | index 54ef821b..38c2dce6 100644 | ||
| 67 | --- a/libxslt/transform.c | ||
| 68 | +++ b/libxslt/transform.c | ||
| 69 | @@ -43,6 +43,7 @@ | ||
| 70 | #include "xsltlocale.h" | ||
| 71 | #include "pattern.h" | ||
| 72 | #include "transform.h" | ||
| 73 | +#include "transformInternals.h" | ||
| 74 | #include "variables.h" | ||
| 75 | #include "numbersInternals.h" | ||
| 76 | #include "namespaces.h" | ||
| 77 | @@ -5757,7 +5758,7 @@ xsltCountKeys(xsltTransformContextPtr ctxt) | ||
| 78 | * | ||
| 79 | * Resets source node flags and ids stored in 'psvi' member. | ||
| 80 | */ | ||
| 81 | -static void | ||
| 82 | +void | ||
| 83 | xsltCleanupSourceDoc(xmlDocPtr doc) { | ||
| 84 | xmlNodePtr cur = (xmlNodePtr) doc; | ||
| 85 | void **psviPtr; | ||
| 86 | diff --git a/libxslt/transformInternals.h b/libxslt/transformInternals.h | ||
| 87 | new file mode 100644 | ||
| 88 | index 00000000..d0f42823 | ||
| 89 | --- /dev/null | ||
| 90 | +++ b/libxslt/transformInternals.h | ||
| 91 | @@ -0,0 +1,9 @@ | ||
| 92 | +/* | ||
| 93 | + * Summary: set of internal interfaces for the XSLT engine transformation part. | ||
| 94 | + * | ||
| 95 | + * Copy: See Copyright for the status of this software. | ||
| 96 | + * | ||
| 97 | + * Author: David Kilzer <ddkilzer@apple.com> | ||
| 98 | + */ | ||
| 99 | + | ||
| 100 | +void xsltCleanupSourceDoc(xmlDocPtr doc); | ||
| 101 | -- | ||
| 102 | 2.39.5 (Apple Git-154) | ||
| 103 | |||