From: Mingli Yu Date: Mon, 22 Dec 2025 09:38:53 +0000 (+0800) Subject: libxslt: Upgrade 1.1.43 -> 1.1.45 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e664416bef57fc6557a62bb80631143f09946b10;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git libxslt: Upgrade 1.1.43 -> 1.1.45 * Remove the patch gnome-libxslt-bug-139-apple-fix.diff as the CVE-2025-7424 issue has been fixed in new version. * Changelog for v1.1.45 Rebuild of v1.1.44 * Changelog for v1.1.44 ## Major changes Libxml2 changed the meta tag information, removed the: `http-equiv="Content-Type" content="text/html;` attributes leaving only the `charset` attribute. This caused the tests to fail in the gitlab pipeline. Updated the test files accordingly. ## Security - [CVE-2025-9714] Fix: Was a false positive, closed issue #148. - [CVE-2025-7424] Fix: Type confusion in xmlNode.psvi between stylesheet and source nodes (Fixed by Apple's engineers) - [CVE-2025-11731] Fix: End function node ancestor search at document ### Bug fixes - New maintainer: Iván Chavero - CMake: cannot configure on MinGW-w64, missing Iconv::Iconv - Reset context variable when evaluating globals ### Tests - Update test outputs for new libxml2 - Fixed Windows tests Signed-off-by: Mingli Yu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff b/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff deleted file mode 100644 index c7220ab954..0000000000 --- a/meta/recipes-support/libxslt/files/gnome-libxslt-bug-139-apple-fix.diff +++ /dev/null @@ -1,103 +0,0 @@ -From 345d6826d0eae6f0a962456b8ed6f6a1bad0877d Mon Sep 17 00:00:00 2001 -From: David Kilzer -Date: Sat, 24 May 2025 15:06:42 -0700 -Subject: [PATCH] libxslt: Type confusion in xmlNode.psvi between stylesheet - and source nodes - -* libxslt/functions.c: -(xsltDocumentFunctionLoadDocument): -- Implement fix suggested by Ivan Fratric. This copies the xmlDoc, - calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the - xmlDoc to tctxt->docList. -- Add error handling for functions that may return NULL. -* libxslt/transform.c: -- Remove static keyword so this can be called from - xsltDocumentFunctionLoadDocument(). -* libxslt/transformInternals.h: Add. -(xsltCleanupSourceDoc): Add declaration. - -Fixes #139. - -CVE: CVE-2025-7424 -Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/libxslt/-/issues/139] -Signed-off-by: Ross Burton ---- - libxslt/functions.c | 16 +++++++++++++++- - libxslt/transform.c | 3 ++- - libxslt/transformInternals.h | 9 +++++++++ - 3 files changed, 26 insertions(+), 2 deletions(-) - create mode 100644 libxslt/transformInternals.h - -diff --git a/libxslt/functions.c b/libxslt/functions.c -index 72a58dc4..11ec039f 100644 ---- a/libxslt/functions.c -+++ b/libxslt/functions.c -@@ -34,6 +34,7 @@ - #include "numbersInternals.h" - #include "keys.h" - #include "documents.h" -+#include "transformInternals.h" - - #ifdef WITH_XSLT_DEBUG - #define WITH_XSLT_DEBUG_FUNCTION -@@ -125,7 +126,20 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt, - /* - * This selects the stylesheet's doc itself. - */ -- doc = tctxt->style->doc; -+ doc = xmlCopyDoc(tctxt->style->doc, 1); -+ if (doc == NULL) { -+ xsltTransformError(tctxt, NULL, NULL, -+ "document() : failed to copy style doc\n"); -+ goto out_fragment; -+ } -+ xsltCleanupSourceDoc(doc); /* Remove psvi fields. */ -+ idoc = xsltNewDocument(tctxt, doc); -+ if (idoc == NULL) { -+ xsltTransformError(tctxt, NULL, NULL, -+ "document() : failed to create xsltDocument\n"); -+ xmlFreeDoc(doc); -+ goto out_fragment; -+ } - } else { - goto out_fragment; - } -diff --git a/libxslt/transform.c b/libxslt/transform.c -index 54ef821b..38c2dce6 100644 ---- a/libxslt/transform.c -+++ b/libxslt/transform.c -@@ -43,6 +43,7 @@ - #include "xsltlocale.h" - #include "pattern.h" - #include "transform.h" -+#include "transformInternals.h" - #include "variables.h" - #include "numbersInternals.h" - #include "namespaces.h" -@@ -5757,7 +5758,7 @@ xsltCountKeys(xsltTransformContextPtr ctxt) - * - * Resets source node flags and ids stored in 'psvi' member. - */ --static void -+void - xsltCleanupSourceDoc(xmlDocPtr doc) { - xmlNodePtr cur = (xmlNodePtr) doc; - void **psviPtr; -diff --git a/libxslt/transformInternals.h b/libxslt/transformInternals.h -new file mode 100644 -index 00000000..d0f42823 ---- /dev/null -+++ b/libxslt/transformInternals.h -@@ -0,0 +1,9 @@ -+/* -+ * Summary: set of internal interfaces for the XSLT engine transformation part. -+ * -+ * Copy: See Copyright for the status of this software. -+ * -+ * Author: David Kilzer -+ */ -+ -+void xsltCleanupSourceDoc(xmlDocPtr doc); --- -2.39.5 (Apple Git-154) - diff --git a/meta/recipes-support/libxslt/libxslt_1.1.43.bb b/meta/recipes-support/libxslt/libxslt_1.1.45.bb similarity index 92% rename from meta/recipes-support/libxslt/libxslt_1.1.43.bb rename to meta/recipes-support/libxslt/libxslt_1.1.45.bb index 3393be7ebe..c3440a99d4 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.43.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.45.bb @@ -13,10 +13,9 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458" SECTION = "libs" DEPENDS = "libxml2" -SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz \ - file://gnome-libxslt-bug-139-apple-fix.diff" +SRC_URI = "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz" -SRC_URI[sha256sum] = "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a" +SRC_URI[sha256sum] = "9acfe68419c4d06a45c550321b3212762d92f41465062ca4ea19e632ee5d216e" UPSTREAM_CHECK_REGEX = "libxslt-(?P\d+(\.\d+)+)\.tar"