mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
libxslt: Fix CVE-2025-11731
Backport the patch [1] to fix CVE-2025-11731.
[1] fe508f201e
(From OE-Core rev: e70c70e0359418197699f18c9e2cbfd7ebac705d)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Mingli Yu
Steve Sakoman
parent
d27f4a8879
commit
fee180d783
42
meta/recipes-support/libxslt/files/CVE-2025-11731.patch
Normal file
42
meta/recipes-support/libxslt/files/CVE-2025-11731.patch
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
|
||||||
|
Date: Wed, 27 Aug 2025 14:28:40 +0300
|
||||||
|
Subject: [PATCH] End function node ancestor search at document
|
||||||
|
|
||||||
|
Avoids dereferencing a non-existent ->ns property on an
|
||||||
|
XML_DOCUMENT_NODE pointer.
|
||||||
|
|
||||||
|
Fixes #151.
|
||||||
|
|
||||||
|
CVE: CVE-2025-11731
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3]
|
||||||
|
|
||||||
|
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
|
||||||
|
---
|
||||||
|
libexslt/functions.c | 9 +++++++--
|
||||||
|
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libexslt/functions.c b/libexslt/functions.c
|
||||||
|
index 8d35a7ae..a54ee70c 100644
|
||||||
|
--- a/libexslt/functions.c
|
||||||
|
+++ b/libexslt/functions.c
|
||||||
|
@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
|
||||||
|
* instanciation of a func:result element.
|
||||||
|
*/
|
||||||
|
for (test = inst->parent; test != NULL; test = test->parent) {
|
||||||
|
- if (IS_XSLT_ELEM(test) &&
|
||||||
|
- IS_XSLT_NAME(test, "stylesheet")) {
|
||||||
|
+ if (/* Traversal has reached the top-level document without
|
||||||
|
+ * finding a func:function ancestor. */
|
||||||
|
+ (test != NULL && test->type == XML_DOCUMENT_NODE) ||
|
||||||
|
+ /* Traversal reached a stylesheet-namespace node,
|
||||||
|
+ * and has left the function namespace. */
|
||||||
|
+ (IS_XSLT_ELEM(test) &&
|
||||||
|
+ IS_XSLT_NAME(test, "stylesheet"))) {
|
||||||
|
xsltGenericError(xsltGenericErrorContext,
|
||||||
|
"func:result element not a descendant "
|
||||||
|
"of a func:function\n");
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
||||||
|
|
@ -14,7 +14,8 @@ SECTION = "libs"
|
||||||
DEPENDS = "libxml2"
|
DEPENDS = "libxml2"
|
||||||
|
|
||||||
SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \
|
SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \
|
||||||
file://gnome-libxslt-bug-139-apple-fix.diff"
|
file://gnome-libxslt-bug-139-apple-fix.diff \
|
||||||
|
file://CVE-2025-11731.patch"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"
|
SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user