From: <mingli.yu@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Subject: [kirkstone][PATCH] libxslt: Fix CVE-2025-11731
Date: Tue, 23 Dec 2025 15:19:51 +0800 [thread overview]
Message-ID: <20251223071951.3442541-1-mingli.yu@windriver.com> (raw)
From: Mingli Yu <mingli.yu@windriver.com>
Backport patch [1] to fix CVE-2025-11731.
[1] https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
.../libxslt/libxslt/CVE-2025-11731.patch | 42 +++++++++++++++++++
.../recipes-support/libxslt/libxslt_1.1.35.bb | 1 +
2 files changed, 43 insertions(+)
create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch
diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch b/meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch
new file mode 100644
index 00000000000..19702af6cb6
--- /dev/null
+++ b/meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch
@@ -0,0 +1,42 @@
+From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
+Date: Wed, 27 Aug 2025 14:28:40 +0300
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+
+CVE: CVE-2025-11731
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ libexslt/functions.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index 8d35a7ae..a54ee70c 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
+ * instanciation of a func:result element.
+ */
+ for (test = inst->parent; test != NULL; test = test->parent) {
+- if (IS_XSLT_ELEM(test) &&
+- IS_XSLT_NAME(test, "stylesheet")) {
++ if (/* Traversal has reached the top-level document without
++ * finding a func:function ancestor. */
++ (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++ /* Traversal reached a stylesheet-namespace node,
++ * and has left the function namespace. */
++ (IS_XSLT_ELEM(test) &&
++ IS_XSLT_NAME(test, "stylesheet"))) {
+ xsltGenericError(xsltGenericErrorContext,
+ "func:result element not a descendant "
+ "of a func:function\n");
+--
+2.34.1
+
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.35.bb b/meta/recipes-support/libxslt/libxslt_1.1.35.bb
index fc1fafbf195..4f86069d774 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.35.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.35.bb
@@ -22,6 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/libxslt/1.1/libxslt-${PV}.tar.xz \
file://CVE-2023-40403-004.patch \
file://CVE-2023-40403-005.patch \
file://CVE-2025-7424.patch \
+ file://CVE-2025-11731.patch \
"
SRC_URI[sha256sum] = "8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79"
--
2.34.1
reply other threads:[~2025-12-23 7:20 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251223071951.3442541-1-mingli.yu@windriver.com \
--to=mingli.yu@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox