From: Alexander Kanavin <[email protected]> Signed-off-by: Alexander Kanavin <[email protected]> --- .../gnome-libxslt-bug-139-apple-fix.diff | 103 ------------------ .../{libxslt_1.1.43.bb => libxslt_1.1.45.bb} | 5 +- 2 files changed, 2 insertions(+), 106 deletions(-) delete mode 100644 meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff rename meta/recipes-support/libxslt/{libxslt_1.1.43.bb => libxslt_1.1.45.bb} (92%)
diff --git a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff b/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff deleted file mode 100644 index c7220ab954..0000000000 --- a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff +++ /dev/null @@ -1,103 +0,0 @@ -From 345d6826d0eae6f0a962456b8ed6f6a1bad0877d Mon Sep 17 00:00:00 2001 -From: David Kilzer <[email protected]> -Date: Sat, 24 May 2025 15:06:42 -0700 -Subject: [PATCH] libxslt: Type confusion in xmlNode.psvi between stylesheet - and source nodes - -* libxslt/functions.c: -(xsltDocumentFunctionLoadDocument): -- Implement fix suggested by Ivan Fratric. This copies the xmlDoc, - calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the - xmlDoc to tctxt->docList. -- Add error handling for functions that may return NULL. -* libxslt/transform.c: -- Remove static keyword so this can be called from - xsltDocumentFunctionLoadDocument(). -* libxslt/transformInternals.h: Add. -(xsltCleanupSourceDoc): Add declaration. - -Fixes #139. - -CVE: CVE-2025-7424 -Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/libxslt/-/issues/139] -Signed-off-by: Ross Burton <[email protected]> ---- - libxslt/functions.c | 16 +++++++++++++++- - libxslt/transform.c | 3 ++- - libxslt/transformInternals.h | 9 +++++++++ - 3 files changed, 26 insertions(+), 2 deletions(-) - create mode 100644 libxslt/transformInternals.h - -diff --git a/libxslt/functions.c b/libxslt/functions.c -index 72a58dc4..11ec039f 100644 ---- a/libxslt/functions.c -+++ b/libxslt/functions.c -@@ -34,6 +34,7 @@ - #include "numbersInternals.h" - #include "keys.h" - #include "documents.h" -+#include "transformInternals.h" - - #ifdef WITH_XSLT_DEBUG - #define WITH_XSLT_DEBUG_FUNCTION -@@ -125,7 +126,20 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, - /* - * This selects the stylesheet's doc itself. - */ -- doc = tctxt->style->doc; -+ doc = xmlCopyDoc(tctxt->style->doc, 1); -+ if (doc == NULL) { -+ xsltTransformError(tctxt, NULL, NULL, -+ "document() : failed to copy style doc\n"); -+ goto out_fragment; -+ } -+ xsltCleanupSourceDoc(doc); /* Remove psvi fields. */ -+ idoc = xsltNewDocument(tctxt, doc); -+ if (idoc == NULL) { -+ xsltTransformError(tctxt, NULL, NULL, -+ "document() : failed to create xsltDocument\n"); -+ xmlFreeDoc(doc); -+ goto out_fragment; -+ } - } else { - goto out_fragment; - } -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 54ef821b..38c2dce6 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -43,6 +43,7 @@ - #include "xsltlocale.h" - #include "pattern.h" - #include "transform.h" -+#include "transformInternals.h" - #include "variables.h" - #include "numbersInternals.h" - #include "namespaces.h" -@@ -5757,7 +5758,7 @@ xsltCountKeys(xsltTransformContextPtr ctxt) - * - * Resets source node flags and ids stored in 'psvi' member. - */ --static void -+void - xsltCleanupSourceDoc(xmlDocPtr doc) { - xmlNodePtr cur = (xmlNodePtr) doc; - void **psviPtr; -diff --git a/libxslt/transformInternals.h b/libxslt/transformInternals.h -new file mode 100644 -index 00000000..d0f42823 ---- /dev/null -+++ b/libxslt/transformInternals.h -@@ -0,0 +1,9 @@ -+/* -+ * Summary: set of internal interfaces for the XSLT engine transformation part. -+ * -+ * Copy: See Copyright for the status of this software. -+ * -+ * Author: David Kilzer <[email protected]> -+ */ -+ -+void xsltCleanupSourceDoc(xmlDocPtr doc); --- -2.39.5 (Apple Git-154) - diff --git a/meta/recipes-support/libxslt/libxslt_1.1.43.bb b/meta/recipes-support/libxslt/libxslt_1.1.45.bb similarity index 92% rename from meta/recipes-support/libxslt/libxslt_1.1.43.bb rename to meta/recipes-support/libxslt/libxslt_1.1.45.bb index 3393be7ebe..c3440a99d4 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.43.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.45.bb @@ -13,10 +13,9 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458" SECTION = "libs" DEPENDS = "libxml2" -SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \ - file://gnome-libxslt-bug-139-apple-fix.diff" +SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz"; -SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a" +SRC_URI[sha256sum] = "9acfe68419c4d06a45c550321b3212762d92f41465062ca4ea19e632ee5d216e" UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" -- 2.47.3
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#228369): https://lists.openembedded.org/g/openembedded-core/message/228369 Mute This Topic: https://lists.openembedded.org/mt/116906941/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
