diff --git a/backport-CVE-2025-11731-End-function-node-ancestor-search-at-document.patch b/backport-CVE-2025-11731-End-function-node-ancestor-search-at-document.patch new file mode 100644 index 0000000000000000000000000000000000000000..cdd6b5d7fcd2ea7f543e645d5f8b41e7272418a7 --- /dev/null +++ b/backport-CVE-2025-11731-End-function-node-ancestor-search-at-document.patch @@ -0,0 +1,36 @@ +From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= +Date: Wed, 27 Aug 2025 14:28:40 +0300 +Subject: [PATCH] End function node ancestor search at document + +Avoids dereferencing a non-existent ->ns property on an +XML_DOCUMENT_NODE pointer. + +Fixes #151. +--- + libexslt/functions.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/libexslt/functions.c b/libexslt/functions.c +index 8d35a7ae..a54ee70c 100644 +--- a/libexslt/functions.c ++++ b/libexslt/functions.c +@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst, + * instanciation of a func:result element. + */ + for (test = inst->parent; test != NULL; test = test->parent) { +- if (IS_XSLT_ELEM(test) && +- IS_XSLT_NAME(test, "stylesheet")) { ++ if (/* Traversal has reached the top-level document without ++ * finding a func:function ancestor. */ ++ (test != NULL && test->type == XML_DOCUMENT_NODE) || ++ /* Traversal reached a stylesheet-namespace node, ++ * and has left the function namespace. */ ++ (IS_XSLT_ELEM(test) && ++ IS_XSLT_NAME(test, "stylesheet"))) { + xsltGenericError(xsltGenericErrorContext, + "func:result element not a descendant " + "of a func:function\n"); +-- +2.33.0 + diff --git a/libxslt.spec b/libxslt.spec index c5de5b9e06f4431ed05c7f749c408b702767f456..eee33fe169ad4dfb08d7367ec7d315c15fc34bbb 100644 --- a/libxslt.spec +++ b/libxslt.spec @@ -1,6 +1,6 @@ Name: libxslt Version: 1.1.39 -Release: 6 +Release: 7 Summary: XSLT Transformation Library License: MIT URL: https://gitlab.gnome.org/GNOME/libxslt @@ -11,6 +11,7 @@ Patch1: CVE-2024-55549.patch Patch2: CVE-2025-24855.patch Patch3: backport-CVE-2025-7424.patch Patch4: backport-CVE-2025-10911.patch +Patch5: backport-CVE-2025-11731-End-function-node-ancestor-search-at-document.patch Patch9001:huawei-add-autogen.sh-for-fuzz-compile.patch @@ -106,6 +107,9 @@ pushd $RPM_BUILD_ROOT/%{_includedir}/%{name}; touch -m --reference=xslt.h ../../ %exclude %{_docdir}/../licenses/libxslt/Copyright %changelog +* Tue Oct 14 2025 fuanan - 1.1.39-7 +- fix CVE-2025-11731 + * Thu Oct 9 2025 fuanan - 1.1.39-6 - fix CVE-2025-10911