Skip to content

[AutoPR- Security] Patch libxslt for CVE-2025-7424 [MEDIUM] #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
azurelinux-security wants to merge 1 commit into
base: 3.0-dev
Choose a base branch
from
Draft

[AutoPR- Security] Patch libxslt for CVE-2025-7424 [MEDIUM] #135

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 103 additions & 0 deletions SPECS/libxslt/CVE-2025-7424.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
From a0c908f1f8970d9f10bbd39888d175a61871690e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= <[email protected]>
Date: Mon, 24 Nov 2025 01:05:00 -0600
Subject: [PATCH] Fix Type confusion in xmlNode.psvi between stylesheet and
source nodes

* libxslt/functions.c:
(xsltDocumentFunctionLoadDocument):
- Implement fix suggested by Ivan Fratric. This copies the xmlDoc,
calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the
xmlDoc to tctxt->docList.
- Add error handling for functions that may return NULL.
* libxslt/transform.c:
- Remove static keyword so this can be called from
xsltDocumentFunctionLoadDocument().
* libxslt/transformInternals.h: Add.
(xsltCleanupSourceDoc): Add declaration.

Original author: David Kilzer <[email protected]>

Fixes: #139 CVE-2025-7424
Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
Upstream-reference: https://github.com/GNOME/libxslt/commit/f6f7f59998c0642b395ba07e5a30e68866df277d.patch
---
libxslt/functions.c | 16 +++++++++++++++-
libxslt/transform.c | 3 ++-
libxslt/transformInternals.h | 9 +++++++++
3 files changed, 26 insertions(+), 2 deletions(-)
create mode 100644 libxslt/transformInternals.h

diff --git a/libxslt/functions.c b/libxslt/functions.c
index 72a58dc..11ec039 100644
--- a/libxslt/functions.c
+++ b/libxslt/functions.c
@@ -34,6 +34,7 @@
#include "numbersInternals.h"
#include "keys.h"
#include "documents.h"
+#include "transformInternals.h"

#ifdef WITH_XSLT_DEBUG
#define WITH_XSLT_DEBUG_FUNCTION
@@ -125,7 +126,20 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt,
/*
* This selects the stylesheet's doc itself.
*/
- doc = tctxt->style->doc;
+ doc = xmlCopyDoc(tctxt->style->doc, 1);
+ if (doc == NULL) {
+ xsltTransformError(tctxt, NULL, NULL,
+ "document() : failed to copy style doc\n");
+ goto out_fragment;
+ }
+ xsltCleanupSourceDoc(doc); /* Remove psvi fields. */
+ idoc = xsltNewDocument(tctxt, doc);
+ if (idoc == NULL) {
+ xsltTransformError(tctxt, NULL, NULL,
+ "document() : failed to create xsltDocument\n");
+ xmlFreeDoc(doc);
+ goto out_fragment;
+ }
} else {
goto out_fragment;
}
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 54ef821..38c2dce 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -43,6 +43,7 @@
#include "xsltlocale.h"
#include "pattern.h"
#include "transform.h"
+#include "transformInternals.h"
#include "variables.h"
#include "numbersInternals.h"
#include "namespaces.h"
@@ -5757,7 +5758,7 @@ xsltCountKeys(xsltTransformContextPtr ctxt)
*
* Resets source node flags and ids stored in 'psvi' member.
*/
-static void
+void
xsltCleanupSourceDoc(xmlDocPtr doc) {
xmlNodePtr cur = (xmlNodePtr) doc;
void **psviPtr;
diff --git a/libxslt/transformInternals.h b/libxslt/transformInternals.h
new file mode 100644
index 0000000..d0f4282
--- /dev/null
+++ b/libxslt/transformInternals.h
@@ -0,0 +1,9 @@
+/*
+ * Summary: set of internal interfaces for the XSLT engine transformation part.
+ *
+ * Copy: See Copyright for the status of this software.
+ *
+ * Author: David Kilzer <[email protected]>
+ */
+
+void xsltCleanupSourceDoc(xmlDocPtr doc);
--
2.45.4

6 changes: 5 additions & 1 deletion SPECS/libxslt/libxslt.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,14 @@
Summary: Libxslt is the XSLT C library developed for the GNOME project. XSLT is a an XML language to define transformation for XML.
Name: libxslt
Version: 1.1.43
Release: 1%{?dist}
Release: 2%{?dist}
License: MIT
Vendor: Microsoft Corporation
Distribution: Azure Linux
Group: System Environment/General Libraries
URL: http://xmlsoft.org/libxslt/
Source0: https://download.gnome.org/sources/libxslt/%{majminorver}/%{name}-%{version}.tar.xz
Patch0: CVE-2025-7424.patch
BuildRequires: libgcrypt-devel
BuildRequires: libxml2-devel
Requires: libgcrypt
Expand Down Expand Up @@ -76,6 +77,9 @@ make %{?_smp_mflags} check


%changelog
* Thu Nov 27 2025 Azure Linux Security Servicing Account <[email protected]> - 1.1.43-2
- Patch for CVE-2025-7424

* Tue Mar 18 2025 Sindhu Karri <[email protected]> - 1.1.43-1
- Upgrade to version 1.1.43 to fix CVE-2024-55549 and CVE-2025-24855

Expand Down
2 changes: 1 addition & 1 deletion toolkit/resources/manifests/package/pkggen_core_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ libgpg-error-1.48-1.azl3.aarch64.rpm
libgcrypt-1.10.3-1.azl3.aarch64.rpm
libksba-1.6.4-1.azl3.aarch64.rpm
libksba-devel-1.6.4-1.azl3.aarch64.rpm
libxslt-1.1.43-1.azl3.aarch64.rpm
libxslt-1.1.43-2.azl3.aarch64.rpm
npth-1.6-4.azl3.aarch64.rpm
pinentry-1.2.1-1.azl3.aarch64.rpm
gnupg2-2.4.7-1.azl3.aarch64.rpm
Expand Down
2 changes: 1 addition & 1 deletion toolkit/resources/manifests/package/pkggen_core_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ libgpg-error-1.48-1.azl3.x86_64.rpm
libgcrypt-1.10.3-1.azl3.x86_64.rpm
libksba-1.6.4-1.azl3.x86_64.rpm
libksba-devel-1.6.4-1.azl3.x86_64.rpm
libxslt-1.1.43-1.azl3.x86_64.rpm
libxslt-1.1.43-2.azl3.x86_64.rpm
npth-1.6-4.azl3.x86_64.rpm
pinentry-1.2.1-1.azl3.x86_64.rpm
gnupg2-2.4.7-1.azl3.x86_64.rpm
Expand Down
6 changes: 3 additions & 3 deletions toolkit/resources/manifests/package/toolchain_aarch64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,9 +245,9 @@ libxcrypt-devel-4.4.36-2.azl3.aarch64.rpm
libxml2-2.11.5-7.azl3.aarch64.rpm
libxml2-debuginfo-2.11.5-7.azl3.aarch64.rpm
libxml2-devel-2.11.5-7.azl3.aarch64.rpm
libxslt-1.1.43-1.azl3.aarch64.rpm
libxslt-debuginfo-1.1.43-1.azl3.aarch64.rpm
libxslt-devel-1.1.43-1.azl3.aarch64.rpm
libxslt-1.1.43-2.azl3.aarch64.rpm
libxslt-debuginfo-1.1.43-2.azl3.aarch64.rpm
libxslt-devel-1.1.43-2.azl3.aarch64.rpm
lua-5.4.6-1.azl3.aarch64.rpm
lua-debuginfo-5.4.6-1.azl3.aarch64.rpm
lua-devel-5.4.6-1.azl3.aarch64.rpm
Expand Down
6 changes: 3 additions & 3 deletions toolkit/resources/manifests/package/toolchain_x86_64.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,9 +253,9 @@ libxml2-devel-2.11.5-7.azl3.x86_64.rpm
libxcrypt-4.4.36-2.azl3.x86_64.rpm
libxcrypt-debuginfo-4.4.36-2.azl3.x86_64.rpm
libxcrypt-devel-4.4.36-2.azl3.x86_64.rpm
libxslt-1.1.43-1.azl3.x86_64.rpm
libxslt-debuginfo-1.1.43-1.azl3.x86_64.rpm
libxslt-devel-1.1.43-1.azl3.x86_64.rpm
libxslt-1.1.43-2.azl3.x86_64.rpm
libxslt-debuginfo-1.1.43-2.azl3.x86_64.rpm
libxslt-devel-1.1.43-2.azl3.x86_64.rpm
lua-5.4.6-1.azl3.x86_64.rpm
lua-debuginfo-5.4.6-1.azl3.x86_64.rpm
lua-devel-5.4.6-1.azl3.x86_64.rpm
Expand Down
Loading