[AutoPR- Security] Patch libxslt for CVE-2025-11731 [LOW] (#15147)

azurelinux-security · web-flow · commit 088b3c771ff8 · 2025-12-04T12:38:08.000+05:30
diff --git a/SPECS/libxslt/CVE-2025-11731.patch b/SPECS/libxslt/CVE-2025-11731.patch
@@ -0,0 +1,39 @@
+From 126a8478361719176d26b87eaf487aa858fd5d6e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= <drott@chromium.org>
+Date: Wed, 27 Aug 2025 14:28:40 +0300
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78.patch
+---
+ libexslt/functions.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index 8d35a7a..a54ee70 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst,
+      * instanciation of a func:result element.
+      */
+     for (test = inst->parent; test != NULL; test = test->parent) {
+-	if (IS_XSLT_ELEM(test) &&
+-	    IS_XSLT_NAME(test, "stylesheet")) {
++	if (/* Traversal has reached the top-level document without
++         * finding a func:function ancestor. */
++        (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++        /* Traversal reached a stylesheet-namespace node,
++         * and has left the function namespace. */
++        (IS_XSLT_ELEM(test) &&
++         IS_XSLT_NAME(test, "stylesheet"))) {
+ 	    xsltGenericError(xsltGenericErrorContext,
+ 			     "func:result element not a descendant "
+ 			     "of a func:function\n");
+-- 
+2.45.4
+
diff --git a/SPECS/libxslt/libxslt.spec b/SPECS/libxslt/libxslt.spec
@@ -2,13 +2,14 @@
 Summary:        Libxslt is the XSLT C library developed for the GNOME project. XSLT is a an XML language to define transformation for XML.
 Name:           libxslt
 Version:        1.1.43
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System Environment/General Libraries
 URL:            http://xmlsoft.org/libxslt/
 Source0:        https://download.gnome.org/sources/libxslt/%{majminorver}/%{name}-%{version}.tar.xz
+Patch0:         CVE-2025-11731.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  libxml2-devel
 Requires:       libgcrypt
@@ -76,6 +77,9 @@ make %{?_smp_mflags} check
 
 
 %changelog
+* Fri Nov 21 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.1.43-2
+- Patch for CVE-2025-11731
+
 * Tue Mar 18 2025 Sindhu Karri <lakarri@microsoft.com> - 1.1.43-1
 - Upgrade to version 1.1.43 to fix CVE-2024-55549 and CVE-2025-24855
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -225,7 +225,7 @@ libgpg-error-1.48-1.azl3.aarch64.rpm
 libgcrypt-1.10.3-1.azl3.aarch64.rpm
 libksba-1.6.4-1.azl3.aarch64.rpm
 libksba-devel-1.6.4-1.azl3.aarch64.rpm
-libxslt-1.1.43-1.azl3.aarch64.rpm
+libxslt-1.1.43-2.azl3.aarch64.rpm
 npth-1.6-4.azl3.aarch64.rpm
 pinentry-1.2.1-1.azl3.aarch64.rpm
 gnupg2-2.4.7-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -225,7 +225,7 @@ libgpg-error-1.48-1.azl3.x86_64.rpm
 libgcrypt-1.10.3-1.azl3.x86_64.rpm
 libksba-1.6.4-1.azl3.x86_64.rpm
 libksba-devel-1.6.4-1.azl3.x86_64.rpm
-libxslt-1.1.43-1.azl3.x86_64.rpm
+libxslt-1.1.43-2.azl3.x86_64.rpm
 npth-1.6-4.azl3.x86_64.rpm
 pinentry-1.2.1-1.azl3.x86_64.rpm
 gnupg2-2.4.7-1.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -245,9 +245,9 @@ libxcrypt-devel-4.4.36-2.azl3.aarch64.rpm
 libxml2-2.11.5-7.azl3.aarch64.rpm
 libxml2-debuginfo-2.11.5-7.azl3.aarch64.rpm
 libxml2-devel-2.11.5-7.azl3.aarch64.rpm
-libxslt-1.1.43-1.azl3.aarch64.rpm
-libxslt-debuginfo-1.1.43-1.azl3.aarch64.rpm
-libxslt-devel-1.1.43-1.azl3.aarch64.rpm
+libxslt-1.1.43-2.azl3.aarch64.rpm
+libxslt-debuginfo-1.1.43-2.azl3.aarch64.rpm
+libxslt-devel-1.1.43-2.azl3.aarch64.rpm
 lua-5.4.6-1.azl3.aarch64.rpm
 lua-debuginfo-5.4.6-1.azl3.aarch64.rpm
 lua-devel-5.4.6-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -253,9 +253,9 @@ libxml2-devel-2.11.5-7.azl3.x86_64.rpm
 libxcrypt-4.4.36-2.azl3.x86_64.rpm
 libxcrypt-debuginfo-4.4.36-2.azl3.x86_64.rpm
 libxcrypt-devel-4.4.36-2.azl3.x86_64.rpm
-libxslt-1.1.43-1.azl3.x86_64.rpm
-libxslt-debuginfo-1.1.43-1.azl3.x86_64.rpm
-libxslt-devel-1.1.43-1.azl3.x86_64.rpm
+libxslt-1.1.43-2.azl3.x86_64.rpm
+libxslt-debuginfo-1.1.43-2.azl3.x86_64.rpm
+libxslt-devel-1.1.43-2.azl3.x86_64.rpm
 lua-5.4.6-1.azl3.x86_64.rpm
 lua-debuginfo-5.4.6-1.azl3.x86_64.rpm
 lua-devel-5.4.6-1.azl3.x86_64.rpm
