From: Mingli Yu <[email protected]>
* Remove the patch gnome-libxslt-bug-139-apple-fix.diff as the CVE-2025-7424
issue has been fixed in new version.
* Changelog for v1.1.45
Rebuild of v1.1.44
* Changelog for v1.1.44
## Major changes
Libxml2 changed the meta tag information, removed the:
`http-equiv="Content-Type" content="text/html;` attributes leaving
only the `charset` attribute. This caused the tests to fail in the
gitlab pipeline. Updated the test files accordingly.
## Security
- [CVE-2025-9714] Fix: Was a false positive, closed issue #148.
- [CVE-2025-7424] Fix: Type confusion in xmlNode.psvi between stylesheet and
source
nodes (Fixed by Apple's engineers)
- [CVE-2025-11731] Fix: End function node ancestor search at document
### Bug fixes
- New maintainer: Iván Chavero
- CMake: cannot configure on MinGW-w64, missing Iconv::Iconv
- Reset context variable when evaluating globals
### Tests
- Update test outputs for new libxml2
- Fixed Windows tests
Signed-off-by: Mingli Yu <[email protected]>
---
.../gnome-libxslt-bug-139-apple-fix.diff | 103 ------------------
.../{libxslt_1.1.43.bb => libxslt_1.1.45.bb} | 5 +-
2 files changed, 2 insertions(+), 106 deletions(-)
delete mode 100644
meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff
rename meta/recipes-support/libxslt/{libxslt_1.1.43.bb => libxslt_1.1.45.bb}
(92%)
diff --git
a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff
b/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff
deleted file mode 100644
index c7220ab954..0000000000
--- a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff
+++ /dev/null
@@ -1,103 +0,0 @@
-From 345d6826d0eae6f0a962456b8ed6f6a1bad0877d Mon Sep 17 00:00:00 2001
-From: David Kilzer <[email protected]>
-Date: Sat, 24 May 2025 15:06:42 -0700
-Subject: [PATCH] libxslt: Type confusion in xmlNode.psvi between stylesheet
- and source nodes
-
-* libxslt/functions.c:
-(xsltDocumentFunctionLoadDocument):
-- Implement fix suggested by Ivan Fratric. This copies the xmlDoc,
- calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the
- xmlDoc to tctxt->docList.
-- Add error handling for functions that may return NULL.
-* libxslt/transform.c:
-- Remove static keyword so this can be called from
- xsltDocumentFunctionLoadDocument().
-* libxslt/transformInternals.h: Add.
-(xsltCleanupSourceDoc): Add declaration.
-
-Fixes #139.
-
-CVE: CVE-2025-7424
-Upstream-Status: Submitted
[https://gitlab.gnome.org/GNOME/libxslt/-/issues/139]
-Signed-off-by: Ross Burton <[email protected]>
----
- libxslt/functions.c | 16 +++++++++++++++-
- libxslt/transform.c | 3 ++-
- libxslt/transformInternals.h | 9 +++++++++
- 3 files changed, 26 insertions(+), 2 deletions(-)
- create mode 100644 libxslt/transformInternals.h
-
-diff --git a/libxslt/functions.c b/libxslt/functions.c
-index 72a58dc4..11ec039f 100644
---- a/libxslt/functions.c
-+++ b/libxslt/functions.c
-@@ -34,6 +34,7 @@
- #include "numbersInternals.h"
- #include "keys.h"
- #include "documents.h"
-+#include "transformInternals.h"
-
- #ifdef WITH_XSLT_DEBUG
- #define WITH_XSLT_DEBUG_FUNCTION
-@@ -125,7 +126,20 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr
ctxt,
- /*
- * This selects the stylesheet's doc itself.
- */
-- doc = tctxt->style->doc;
-+ doc = xmlCopyDoc(tctxt->style->doc, 1);
-+ if (doc == NULL) {
-+ xsltTransformError(tctxt, NULL, NULL,
-+ "document() : failed to copy style doc\n");
-+ goto out_fragment;
-+ }
-+ xsltCleanupSourceDoc(doc); /* Remove psvi fields. */
-+ idoc = xsltNewDocument(tctxt, doc);
-+ if (idoc == NULL) {
-+ xsltTransformError(tctxt, NULL, NULL,
-+ "document() : failed to create xsltDocument\n");
-+ xmlFreeDoc(doc);
-+ goto out_fragment;
-+ }
- } else {
- goto out_fragment;
- }
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 54ef821b..38c2dce6 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -43,6 +43,7 @@
- #include "xsltlocale.h"
- #include "pattern.h"
- #include "transform.h"
-+#include "transformInternals.h"
- #include "variables.h"
- #include "numbersInternals.h"
- #include "namespaces.h"
-@@ -5757,7 +5758,7 @@ xsltCountKeys(xsltTransformContextPtr ctxt)
- *
- * Resets source node flags and ids stored in 'psvi' member.
- */
--static void
-+void
- xsltCleanupSourceDoc(xmlDocPtr doc) {
- xmlNodePtr cur = (xmlNodePtr) doc;
- void **psviPtr;
-diff --git a/libxslt/transformInternals.h b/libxslt/transformInternals.h
-new file mode 100644
-index 00000000..d0f42823
---- /dev/null
-+++ b/libxslt/transformInternals.h
-@@ -0,0 +1,9 @@
-+/*
-+ * Summary: set of internal interfaces for the XSLT engine transformation
part.
-+ *
-+ * Copy: See Copyright for the status of this software.
-+ *
-+ * Author: David Kilzer <[email protected]>
-+ */
-+
-+void xsltCleanupSourceDoc(xmlDocPtr doc);
---
-2.39.5 (Apple Git-154)
-
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.43.bb
b/meta/recipes-support/libxslt/libxslt_1.1.45.bb
similarity index 92%
rename from meta/recipes-support/libxslt/libxslt_1.1.43.bb
rename to meta/recipes-support/libxslt/libxslt_1.1.45.bb
index 3393be7ebe..c3440a99d4 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.43.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.45.bb
@@ -13,10 +13,9 @@ LIC_FILES_CHKSUM =
"file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458"
SECTION = "libs"
DEPENDS = "libxml2"
-SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz
\
- file://gnome-libxslt-bug-139-apple-fix.diff"
+SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz";
-SRC_URI[sha256sum] =
"5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"
+SRC_URI[sha256sum] =
"9acfe68419c4d06a45c550321b3212762d92f41465062ca4ea19e632ee5d216e"
UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#228291):
https://lists.openembedded.org/g/openembedded-core/message/228291
Mute This Topic: https://lists.openembedded.org/mt/116899240/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
