[AutoPR- Security] Patch libxslt for CVE-2025-11731 [LOW] (#15148)

azurelinux-security · web-flow · commit ed6657d2ea9e · 2025-12-04T12:32:59.000+05:30
diff --git a/SPECS/libxslt/CVE-2025-11731.patch b/SPECS/libxslt/CVE-2025-11731.patch
@@ -0,0 +1,39 @@
+From c1ded529004f379e25f3b2825dab86ce50e36943 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
+Date: Wed, 27 Aug 2025 14:28:40 +0300
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78.patch
+---
+ libexslt/functions.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index 2f74431..65ea223 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -619,8 +619,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
+      * instanciation of a func:result element.
+      */
+     for (test = inst->parent; test != NULL; test = test->parent) {
+-	if (IS_XSLT_ELEM(test) &&
+-	    IS_XSLT_NAME(test, "stylesheet")) {
++	if (/* Traversal has reached the top-level document without
++         * finding a func:function ancestor. */
++        (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++        /* Traversal reached a stylesheet-namespace node,
++         * and has left the function namespace. */
++        (IS_XSLT_ELEM(test) &&
++         IS_XSLT_NAME(test, "stylesheet"))) {
+ 	    xsltGenericError(xsltGenericErrorContext,
+ 			     "func:result element not a descendant "
+ 			     "of a func:function\n");
+-- 
+2.45.4
+
diff --git a/SPECS/libxslt/libxslt.spec b/SPECS/libxslt/libxslt.spec
@@ -1,7 +1,7 @@
 Summary:        Libxslt is the XSLT C library developed for the GNOME project. XSLT is a an XML language to define transformation for XML.
 Name:           libxslt
 Version:        1.1.34
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -13,6 +13,7 @@ Patch0:         CVE-2021-30560.patch
 Patch1:         CVE-2022-29824.nopatch
 Patch2:         CVE-2024-55549.patch
 Patch3:         CVE-2025-24855.patch
+Patch4:         CVE-2025-11731.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libxml2-devel
 Requires:       libgcrypt
@@ -76,6 +77,9 @@ make %{?_smp_mflags} check
 %{_mandir}/man3/*
 
 %changelog
+* Fri Nov 21 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.1.34-9
+- Patch for CVE-2025-11731
+
 * Mon Mar 17 2025 Sindhu Karri <lakarri@microsoft.com> - 1.1.34-8
 - Fix CVE-2025-24855 and CVE-2024-55549
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -218,7 +218,7 @@ libgpg-error-1.46-1.cm2.aarch64.rpm
 libgcrypt-1.10.3-1.cm2.aarch64.rpm
 libksba-1.6.3-1.cm2.aarch64.rpm
 libksba-devel-1.6.3-1.cm2.aarch64.rpm
-libxslt-1.1.34-8.cm2.aarch64.rpm
+libxslt-1.1.34-9.cm2.aarch64.rpm
 npth-1.6-4.cm2.aarch64.rpm
 pinentry-1.2.0-1.cm2.aarch64.rpm
 gnupg2-2.4.0-2.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -218,7 +218,7 @@ libgpg-error-1.46-1.cm2.x86_64.rpm
 libgcrypt-1.10.3-1.cm2.x86_64.rpm
 libksba-1.6.3-1.cm2.x86_64.rpm
 libksba-devel-1.6.3-1.cm2.x86_64.rpm
-libxslt-1.1.34-8.cm2.x86_64.rpm
+libxslt-1.1.34-9.cm2.x86_64.rpm
 npth-1.6-4.cm2.x86_64.rpm
 pinentry-1.2.0-1.cm2.x86_64.rpm
 gnupg2-2.4.0-2.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -212,9 +212,9 @@ libtool-debuginfo-2.4.6-8.cm2.aarch64.rpm
 libxml2-2.10.4-9.cm2.aarch64.rpm
 libxml2-debuginfo-2.10.4-9.cm2.aarch64.rpm
 libxml2-devel-2.10.4-9.cm2.aarch64.rpm
-libxslt-1.1.34-8.cm2.aarch64.rpm
-libxslt-debuginfo-1.1.34-8.cm2.aarch64.rpm
-libxslt-devel-1.1.34-8.cm2.aarch64.rpm
+libxslt-1.1.34-9.cm2.aarch64.rpm
+libxslt-debuginfo-1.1.34-9.cm2.aarch64.rpm
+libxslt-devel-1.1.34-9.cm2.aarch64.rpm
 lua-5.4.4-1.cm2.aarch64.rpm
 lua-debuginfo-5.4.4-1.cm2.aarch64.rpm
 lua-devel-5.4.4-1.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -218,9 +218,9 @@ libtool-debuginfo-2.4.6-8.cm2.x86_64.rpm
 libxml2-2.10.4-9.cm2.x86_64.rpm
 libxml2-debuginfo-2.10.4-9.cm2.x86_64.rpm
 libxml2-devel-2.10.4-9.cm2.x86_64.rpm
-libxslt-1.1.34-8.cm2.x86_64.rpm
-libxslt-debuginfo-1.1.34-8.cm2.x86_64.rpm
-libxslt-devel-1.1.34-8.cm2.x86_64.rpm
+libxslt-1.1.34-9.cm2.x86_64.rpm
+libxslt-debuginfo-1.1.34-9.cm2.x86_64.rpm
+libxslt-devel-1.1.34-9.cm2.x86_64.rpm
 lua-5.4.4-1.cm2.x86_64.rpm
 lua-debuginfo-5.4.4-1.cm2.x86_64.rpm
 lua-devel-5.4.4-1.cm2.x86_64.rpm
