libxslt: Patch CVE-2025-11731

Author: alarixnia

textproc/libxslt/Makefile

@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.136 2024/11/14 22:21:52 wiz Exp $
 
-PKGREVISION= 1
+PKGREVISION= 2
 .include "Makefile.common"
 
 TOOL_DEPENDS+=	docbook-xml-[0-9]*:../../textproc/docbook-xml

textproc/libxslt/distinfo

@@ -3,3 +3,4 @@ $NetBSD: distinfo,v 1.74 2024/07/07 15:19:32 gutteridge Exp $
 BLAKE2s (libxslt-1.1.43.tar.xz) = f5b46cbf27816b93b69f155844d0d08e7b1a2c35b5836012fa48e07f9a347435
 SHA512 (libxslt-1.1.43.tar.xz) = 96110b0397a8f5791f489127574e2143845feb61bea0581d7b7e3c1101fd0718483bae81a7ce417b971bd678293bfd95daddad0dadd3e256c87d41a69faed85a
 Size (libxslt-1.1.43.tar.xz) = 1518364 bytes
+SHA1 (patch-CVE-2025-11731) = 1cba0cf96ec4c6934a697fbd8136923c45ec2a95

textproc/libxslt/patches/patch-CVE-2025-11731

@@ -0,0 +1,27 @@
+$NetBSD$
+
+Subject: [PATCH] End function node ancestor search at document
+
+Avoids dereferencing a non-existent ->ns property on an
+XML_DOCUMENT_NODE pointer.
+
+Fixes #151.
+
+--- libexslt/functions.c.orig	2025-03-12 17:57:19.000000000 +0000
++++ libexslt/functions.c
+@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodeP
+      * instanciation of a func:result element.
+      */
+     for (test = inst->parent; test != NULL; test = test->parent) {
+-	if (IS_XSLT_ELEM(test) &&
+-	    IS_XSLT_NAME(test, "stylesheet")) {
++	if (/* Traversal has reached the top-level document without
++         * finding a func:function ancestor. */
++        (test != NULL && test->type == XML_DOCUMENT_NODE) ||
++        /* Traversal reached a stylesheet-namespace node,
++         * and has left the function namespace. */
++        (IS_XSLT_ELEM(test) &&
++         IS_XSLT_NAME(test, "stylesheet"))) {
+ 	    xsltGenericError(xsltGenericErrorContext,
+ 			     "func:result element not a descendant "
+ 			     "of a func:function\n");