CVS commit: pkgsrc/textproc/libxslt

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/textproc/libxslt
From: "Nia Alarie" <nia%netbsd.org@localhost>
Date: Tue, 6 Jan 2026 10:21:13 +0000

Module Name:    pkgsrc
Committed By:   nia
Date:           Tue Jan  6 10:21:13 UTC 2026

Modified Files:
        pkgsrc/textproc/libxslt: Makefile distinfo
Added Files:
        pkgsrc/textproc/libxslt/patches: patch-CVE-2025-11731

Log Message:
libxslt: Add local patch for CVE-2025-11731, bump revision.

This patch was merged upstream but is not yet in a release.


To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 pkgsrc/textproc/libxslt/Makefile
cvs rdiff -u -r1.75 -r1.76 pkgsrc/textproc/libxslt/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/textproc/libxslt/patches/patch-CVE-2025-11731

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/textproc/libxslt/Makefile
diff -u pkgsrc/textproc/libxslt/Makefile:1.144 pkgsrc/textproc/libxslt/Makefile:1.145
--- pkgsrc/textproc/libxslt/Makefile:1.144      Fri May 30 15:34:55 2025
+++ pkgsrc/textproc/libxslt/Makefile    Tue Jan  6 10:21:12 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.144 2025/05/30 15:34:55 jperkin Exp $
+# $NetBSD: Makefile,v 1.145 2026/01/06 10:21:12 nia Exp $
 
-PKGREVISION=   4
+PKGREVISION=   5
 .include "Makefile.common"
 
 TOOL_DEPENDS+= docbook-xml-[0-9]*:../../textproc/docbook-xml

Index: pkgsrc/textproc/libxslt/distinfo
diff -u pkgsrc/textproc/libxslt/distinfo:1.75 pkgsrc/textproc/libxslt/distinfo:1.76
--- pkgsrc/textproc/libxslt/distinfo:1.75       Mon May 26 10:54:49 2025
+++ pkgsrc/textproc/libxslt/distinfo    Tue Jan  6 10:21:12 2026
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.75 2025/05/26 10:54:49 nia Exp $
+$NetBSD: distinfo,v 1.76 2026/01/06 10:21:12 nia Exp $
 
 BLAKE2s (libxslt-1.1.43.tar.xz) = f5b46cbf27816b93b69f155844d0d08e7b1a2c35b5836012fa48e07f9a347435
 SHA512 (libxslt-1.1.43.tar.xz) = 96110b0397a8f5791f489127574e2143845feb61bea0581d7b7e3c1101fd0718483bae81a7ce417b971bd678293bfd95daddad0dadd3e256c87d41a69faed85a
 Size (libxslt-1.1.43.tar.xz) = 1518364 bytes
+SHA1 (patch-CVE-2025-11731) = 1cba0cf96ec4c6934a697fbd8136923c45ec2a95

Added files:

Index: pkgsrc/textproc/libxslt/patches/patch-CVE-2025-11731
diff -u /dev/null pkgsrc/textproc/libxslt/patches/patch-CVE-2025-11731:1.1
--- /dev/null   Tue Jan  6 10:21:13 2026
+++ pkgsrc/textproc/libxslt/patches/patch-CVE-2025-11731        Tue Jan  6 10:21:12 2026
@@ -0,0 +1,27 @@
+$NetBSD: patch-CVE-2025-11731,v 1.1 2026/01/06 10:21:12 nia Exp $
+
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+
+--- libexslt/functions.c.orig  2025-03-12 17:57:19.000000000 +0000
++++ libexslt/functions.c
+@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodeP
+      * instanciation of a func:result element.
+      */
+     for (test = inst->parent; test != NULL; test = test->parent) {
+-      if (IS_XSLT_ELEM(test) &&
+-          IS_XSLT_NAME(test, "stylesheet")) {
++      if (/* Traversal has reached the top-level document without
++         * finding a func:function ancestor. */
++        (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++        /* Traversal reached a stylesheet-namespace node,
++         * and has left the function namespace. */
++        (IS_XSLT_ELEM(test) &&
++         IS_XSLT_NAME(test, "stylesheet"))) {
+           xsltGenericError(xsltGenericErrorContext,
+                            "func:result element not a descendant "
+                            "of a func:function\n");

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index