head 1.2; access; symbols pkgsrc-2025Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2026.02.19.15.10.30; author wiz; state dead; branches; next 1.1; commitid lbSUgLQhNchTZZuG; 1.1 date 2026.01.06.10.21.12; author nia; state Exp; branches 1.1.2.1; next ; commitid x0EotRUP4TIdOjpG; 1.1.2.1 date 2026.01.06.10.21.12; author maya; state dead; branches; next 1.1.2.2; commitid Cnd83Bu2ki8sUwpG; 1.1.2.2 date 2026.01.08.01.48.21; author maya; state Exp; branches; next ; commitid Cnd83Bu2ki8sUwpG; desc @@ 1.2 log @libxslt: update to 1.1.45. v1.1.45: Nov 30 2025 ## Major changes Rebuild of v1.1.44 v1.1.44: Nov 23 2025 ## Major changes Libxml2 changed the meta tag information, removed the: `http-equiv="Content-Type" content="text/html;` attributes leaving only the `charset` attribute. This caused the tests to fail in the gitlab pipeline. Updated the test files accordingly. ## Security - [CVE-2025-9714] Fix: Was a false positive, closed issue #148. - [CVE-2025-7424] Fix: Type confusion in xmlNode.psvi between stylesheet and source nodes (Fixed by Apple's engineers) - [CVE-2025-11731] Fix: End function node ancestor search at document ### Bug fixes - New maintainer: Iván Chavero - CMake: cannot configure on MinGW-w64, missing Iconv::Iconv - Reset context variable when evaluating globals ### Tests - Update test outputs for new libxml2 - Fixed Windows tests @ text @$NetBSD: patch-CVE-2025-11731,v 1.1 2026/01/06 10:21:12 nia Exp $ Subject: [PATCH] End function node ancestor search at document Avoids dereferencing a non-existent ->ns property on an XML_DOCUMENT_NODE pointer. Fixes #151. --- libexslt/functions.c.orig 2025-03-12 17:57:19.000000000 +0000 +++ libexslt/functions.c @@@@ -617,8 +617,13 @@@@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodeP * instanciation of a func:result element. */ for (test = inst->parent; test != NULL; test = test->parent) { - if (IS_XSLT_ELEM(test) && - IS_XSLT_NAME(test, "stylesheet")) { + if (/* Traversal has reached the top-level document without + * finding a func:function ancestor. */ + (test != NULL && test->type == XML_DOCUMENT_NODE) || + /* Traversal reached a stylesheet-namespace node, + * and has left the function namespace. */ + (IS_XSLT_ELEM(test) && + IS_XSLT_NAME(test, "stylesheet"))) { xsltGenericError(xsltGenericErrorContext, "func:result element not a descendant " "of a func:function\n"); @ 1.1 log @libxslt: Add local patch for CVE-2025-11731, bump revision. This patch was merged upstream but is not yet in a release. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2025-11731 was added on branch pkgsrc-2025Q4 on 2026-01-08 01:48:21 +0000 @ text @d1 27 @ 1.1.2.2 log @Pullup ticket #7041 - requested by nia textproc/libxslt: Security fix Revisions pulled up: - textproc/libxslt/Makefile 1.145 - textproc/libxslt/distinfo 1.76 - textproc/libxslt/patches/patch-CVE-2025-11731 1.1 --- Module Name: pkgsrc Committed By: nia Date: Tue Jan 6 10:21:13 UTC 2026 Modified Files: pkgsrc/textproc/libxslt: Makefile distinfo Added Files: pkgsrc/textproc/libxslt/patches: patch-CVE-2025-11731 Log Message: libxslt: Add local patch for CVE-2025-11731, bump revision. This patch was merged upstream but is not yet in a release. @ text @a0 27 $NetBSD: patch-CVE-2025-11731,v 1.1 2026/01/06 10:21:12 nia Exp $ Subject: [PATCH] End function node ancestor search at document Avoids dereferencing a non-existent ->ns property on an XML_DOCUMENT_NODE pointer. Fixes #151. --- libexslt/functions.c.orig 2025-03-12 17:57:19.000000000 +0000 +++ libexslt/functions.c @@@@ -617,8 +617,13 @@@@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodeP * instanciation of a func:result element. */ for (test = inst->parent; test != NULL; test = test->parent) { - if (IS_XSLT_ELEM(test) && - IS_XSLT_NAME(test, "stylesheet")) { + if (/* Traversal has reached the top-level document without + * finding a func:function ancestor. */ + (test != NULL && test->type == XML_DOCUMENT_NODE) || + /* Traversal reached a stylesheet-namespace node, + * and has left the function namespace. */ + (IS_XSLT_ELEM(test) && + IS_XSLT_NAME(test, "stylesheet"))) { xsltGenericError(xsltGenericErrorContext, "func:result element not a descendant " "of a func:function\n"); @