[packages/libxslt] up to 1.1.45 (fixes CVE-2025-11731)

Mon Dec 1 21:11:27 CET 2025

commit 4f349393c6170f386abef599043551e9be189133
Author: Jan Palus <atler at pld-linux.org>
Date:   Mon Dec 1 21:09:40 2025 +0100

    up to 1.1.45 (fixes CVE-2025-11731)

 gnome-libxslt-bug-139-apple-fix.diff | 99 ------------------------------------
 libxslt.spec                         | 10 ++--
 2 files changed, 4 insertions(+), 105 deletions(-)
---

diff --git a/libxslt.spec b/libxslt.spec
index 022f311..0d4b78f 100644
--- a/libxslt.spec
+++ b/libxslt.spec
@@ -5,21 +5,20 @@
 %bcond_without	static_libs	# static libraries
 %bcond_with	tests		# test suite
 
-%define		libxml2ver	1:2.6.30
+%define		libxml2ver	1:2.15.1
 Summary:	XSLT processor
 Summary(pl.UTF-8):	Procesor XSLT
 Summary(pt_BR.UTF-8):	Biblioteca que disponibiliza o sistema XSLT do GNOME
 Name:		libxslt
-Version:	1.1.43
-Release:	5
+Version:	1.1.45
+Release:	1
 License:	MIT
 Group:		Libraries
 #Source0:	ftp://xmlsoft.org/libxml2/%{name}-%{version}.tar.gz
 Source0:	https://download.gnome.org/sources/libxslt/1.1/%{name}-%{version}.tar.xz
-# Source0-md5:	5dc0179c81be7a3082b43030ecfdebd4
+# Source0-md5:	84bb3f6ba7f5ee98af5dcd72e828c73e
 Patch0:		LFS.patch
 Patch1:		%{name}-libs-no-libdir.patch
-Patch2:		gnome-libxslt-bug-139-apple-fix.diff
 URL:		http://xmlsoft.org/XSLT/
 BuildRequires:	autoconf >= 2.63
 BuildRequires:	automake >= 1:1.16.3
@@ -161,7 +160,6 @@ Moduły języka Python 3 dla biblioteki libxslt.
 %setup -q
 %patch -P 0 -p1
 %patch -P 1 -p1
-%patch -P 2 -p1
 
 %{__sed} -i -e 's,\$(datadir)/gtk-doc/html,%{_gtkdocdir},' \
 	doc/devhelp/Makefile.am doc/EXSLT/devhelp/Makefile.am
diff --git a/gnome-libxslt-bug-139-apple-fix.diff b/gnome-libxslt-bug-139-apple-fix.diff
deleted file mode 100644
index 62a34fa..0000000
--- a/gnome-libxslt-bug-139-apple-fix.diff
+++ /dev/null
@@ -1,99 +0,0 @@
-From 345d6826d0eae6f0a962456b8ed6f6a1bad0877d Mon Sep 17 00:00:00 2001
-From: David Kilzer <ddkilzer at apple.com>
-Date: Sat, 24 May 2025 15:06:42 -0700
-Subject: [PATCH] libxslt: Type confusion in xmlNode.psvi between stylesheet
- and source nodes
-
-* libxslt/functions.c:
-(xsltDocumentFunctionLoadDocument):
-- Implement fix suggested by Ivan Fratric.  This copies the xmlDoc,
-  calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the
-  xmlDoc to tctxt->docList.
-- Add error handling for functions that may return NULL.
-* libxslt/transform.c:
-- Remove static keyword so this can be called from
-  xsltDocumentFunctionLoadDocument().
-* libxslt/transformInternals.h: Add.
-(xsltCleanupSourceDoc): Add declaration.
-
-Fixes #139.
----
- libxslt/functions.c          | 16 +++++++++++++++-
- libxslt/transform.c          |  3 ++-
- libxslt/transformInternals.h |  9 +++++++++
- 3 files changed, 26 insertions(+), 2 deletions(-)
- create mode 100644 libxslt/transformInternals.h
-
-diff --git a/libxslt/functions.c b/libxslt/functions.c
-index 72a58dc4..11ec039f 100644
---- a/libxslt/functions.c
-+++ b/libxslt/functions.c
-@@ -34,6 +34,7 @@
- #include "numbersInternals.h"
- #include "keys.h"
- #include "documents.h"
-+#include "transformInternals.h"
- 
- #ifdef WITH_XSLT_DEBUG
- #define WITH_XSLT_DEBUG_FUNCTION
-@@ -125,7 +126,20 @@ xsltDocumentFunctionLoadDocument(xmlXPathParserContextPtr ctxt,
- 	    /*
- 	    * This selects the stylesheet's doc itself.
- 	    */
--	    doc = tctxt->style->doc;
-+	    doc = xmlCopyDoc(tctxt->style->doc, 1);
-+	    if (doc == NULL) {
-+		xsltTransformError(tctxt, NULL, NULL,
-+		    "document() : failed to copy style doc\n");
-+		goto out_fragment;
-+	    }
-+	    xsltCleanupSourceDoc(doc); /* Remove psvi fields. */
-+	    idoc = xsltNewDocument(tctxt, doc);
-+	    if (idoc == NULL) {
-+		xsltTransformError(tctxt, NULL, NULL,
-+		    "document() : failed to create xsltDocument\n");
-+		xmlFreeDoc(doc);
-+		goto out_fragment;
-+	    }
- 	} else {
-             goto out_fragment;
- 	}
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 54ef821b..38c2dce6 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -43,6 +43,7 @@
- #include "xsltlocale.h"
- #include "pattern.h"
- #include "transform.h"
-+#include "transformInternals.h"
- #include "variables.h"
- #include "numbersInternals.h"
- #include "namespaces.h"
-@@ -5757,7 +5758,7 @@ xsltCountKeys(xsltTransformContextPtr ctxt)
-  *
-  * Resets source node flags and ids stored in 'psvi' member.
-  */
--static void
-+void
- xsltCleanupSourceDoc(xmlDocPtr doc) {
-     xmlNodePtr cur = (xmlNodePtr) doc;
-     void **psviPtr;
-diff --git a/libxslt/transformInternals.h b/libxslt/transformInternals.h
-new file mode 100644
-index 00000000..d0f42823
---- /dev/null
-+++ b/libxslt/transformInternals.h
-@@ -0,0 +1,9 @@
-+/*
-+ * Summary: set of internal interfaces for the XSLT engine transformation part.
-+ *
-+ * Copy: See Copyright for the status of this software.
-+ *
-+ * Author: David Kilzer <ddkilzer at apple.com>
-+ */
-+
-+void xsltCleanupSourceDoc(xmlDocPtr doc);
--- 
-2.39.5 (Apple Git-154)
-
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/libxslt.git/commitdiff/4f349393c6170f386abef599043551e9be189133


