From a7deb703a8fc5a9156580693a9158f07d1942b22 Mon Sep 17 00:00:00 2001
From: fly_fzc <2385803914@qq.com>
Date: Thu, 31 Jul 2025 10:28:22 +0800
Subject: [PATCH] fix xsltCleanupSourceDoc function

(cherry picked from commit 8baf1701cae7b8ac6b9bc1f67ab81cdf18a98e61)
---
 ...rt-Clean-up-attributes-in-source-doc.patch | 49 +++++++++++++++++++
 ...null-deref-on-documents-without-root.patch | 29 +++++++++++
 libxslt.spec                                  | 11 ++++-
 3 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 backport-Clean-up-attributes-in-source-doc.patch
 create mode 100644 backport-transform-Avoid-null-deref-on-documents-without-root.patch

diff --git a/backport-Clean-up-attributes-in-source-doc.patch b/backport-Clean-up-attributes-in-source-doc.patch
new file mode 100644
index 0000000..1975869
--- /dev/null
+++ b/backport-Clean-up-attributes-in-source-doc.patch
@@ -0,0 +1,49 @@
+From 452fb4ca9b9803448826008b9573987c615912a1 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 31 Aug 2022 21:37:44 +0200
+Subject: [PATCH] Clean up attributes in source doc
+
+Also make bit flag constants unsigned to avoid implicit-conversion
+warnings.
+---
+ libxslt/transform.c | 10 ++++++++++
+ libxslt/xsltutils.h |  6 +++---
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 7489504f..38a70c62 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -5763,6 +5763,16 @@ xsltCleanupSourceDoc(xmlDocPtr doc) {
+         if (psviPtr)
+             *psviPtr = NULL;
+ 
++        if (cur->type == XML_ELEMENT_NODE) {
++            xmlAttrPtr prop = cur->properties;
++
++            while (prop) {
++                prop->atype &= ~(XSLT_SOURCE_NODE_MASK << 27);
++                prop->psvi = NULL;
++                prop = prop->next;
++            }
++        }
++
+         if (cur->children != NULL && cur->type != XML_ENTITY_REF_NODE) {
+             cur = cur->children;
+         } else {
+diff --git a/libxslt/xsltutils.h b/libxslt/xsltutils.h
+index d858b04e..484032e7 100644
+--- a/libxslt/xsltutils.h
++++ b/libxslt/xsltutils.h
+@@ -245,7 +245,7 @@ XSLTPUBFUN xmlXPathCompExprPtr XSLTCALL
+ 						 int flags);
+ 
+ #ifdef IN_LIBXSLT
+-#define XSLT_SOURCE_NODE_MASK       15
++#define XSLT_SOURCE_NODE_MASK       15u
+ int
+ xsltGetSourceNodeFlags(xmlNodePtr node);
+ int
+-- 
+2.33.0
+
diff --git a/backport-transform-Avoid-null-deref-on-documents-without-root.patch b/backport-transform-Avoid-null-deref-on-documents-without-root.patch
new file mode 100644
index 0000000..12e9919
--- /dev/null
+++ b/backport-transform-Avoid-null-deref-on-documents-without-root.patch
@@ -0,0 +1,29 @@
+From c401ed2166493eeaf5d00dc47fe139a6f47fd5cf Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Thu, 16 Mar 2023 17:50:53 +0100
+Subject: [PATCH] transform: Avoid null deref on documents without root node
+
+Documents should always have a root node, but we shouldn't segfault if
+it's missing.
+
+Found by OSS-Fuzz.
+---
+ libxslt/transform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index d7992605..0fc0400c 100644
+--- a/libxslt/transform.c
++++ b/libxslt/transform.c
+@@ -5767,6 +5767,8 @@ xsltCleanupSourceDoc(xmlDocPtr doc) {
+         if (cur->children != NULL && cur->type != XML_ENTITY_REF_NODE) {
+             cur = cur->children;
+         } else {
++            if (cur == (xmlNodePtr) doc)
++                return;
+             while (cur->next == NULL) {
+                 cur = cur->parent;
+                 if (cur == (xmlNodePtr) doc)
+-- 
+2.33.0
+
diff --git a/libxslt.spec b/libxslt.spec
index 94b9df2..3923f0d 100644
--- a/libxslt.spec
+++ b/libxslt.spec
@@ -1,6 +1,6 @@
 Name:     libxslt
 Version:  1.1.37
-Release:  3
+Release:  4
 Summary:  XSLT Transformation Library
 License:  MIT
 URL:      http://xmlsoft.org/libxslt/
@@ -10,7 +10,9 @@ Patch0: CVE-2015-9019.patch
 Patch1: CVE-2024-55549.patch
 Patch2: CVE-2025-24855.patch
 Patch3: backport-Infrastructure-to-store-extra-data-in-source-nodes.patch
-Patch4: backport-CVE-2025-7424.patch
+Patch4: backport-Clean-up-attributes-in-source-doc.patch
+Patch5: backport-transform-Avoid-null-deref-on-documents-without-root.patch
+Patch6: backport-CVE-2025-7424.patch
 
 BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27
 
@@ -104,6 +106,11 @@ pushd $RPM_BUILD_ROOT/%{_includedir}/%{name}; touch -m --reference=xslt.h ../../
 %exclude %{_docdir}/../licenses/libxslt/Copyright
 
 %changelog
+* Thu Jul 31 2025 fuanan <fuanan3@h-partners.com> - 1.1.37-4
+- fix xsltCleanupSourceDoc function:
+  Clean up attributes in source doc
+  Avoid null deref on documents without root
+
 * Tue Jul 29 2025 fuanan <fuanan3@h-partners.com> - 1.1.37-3
 - fix CVE-2025-7424
 
-- 
Gitee