Package Release Info

libxslt-1.1.34-150400.3.3.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-557
Available in Package Hub : 15 SP4 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

libxslt-debugsource
libxslt1-32bit
libxslt1-32bit-debuginfo

Change Logs

* Wed Feb 22 2023 pmonreal@suse.com
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
* Thu Jun 10 2021 pvorel@suse.cz
- Backport upstream xsltproc manpage fix
  f165525f Recreate xsltproc man page with old Docbook stylesheet URL
  Recreate-xsltproc-man-page-with-old-Docbook-styleshe.patch
* Mon Jun 07 2021 schwab@suse.de
- Don't disable testsuite under QEMU
* Wed Jun 02 2021 christophe@krop.fr
- Move the Copyright file to %_defaultlicensedir
  Configure.ac replaces the COPYING file with a symlink.
* Tue Jun 01 2021 pmonreal@suse.com
- Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit
- Add upstream patches:
  * libxslt-Stop-using-maxParserDepth-XPath-limit.patch
  * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch
* Wed Nov 20 2019 pmonrealgonzalez@suse.com
- Update to 1.1.34: Oct 30 2019
  * Documentation:
  - Fix EXSLT web pages, Regenerate web pages
  - Fix Git link in news.html
  - Minor documentation fixes after recent changes
  - Regenerate symbols and API docs
  - Regenerate EXSLT website
  * Portability:
  - Remove stubs when compiling without debugger or profiler
  - configure.ac: Invoke PKG_CHECK_MODULES for building shared libraries
  - configure.ac: Conditionally determine whether xml2-config should pass
    shared libraries or static libraries
  - xslt-config.in: Fix broken --prefix=DIR support
  - libexslt.pc.in: Do not expose private library dependencies unless invoked
  - libxslt.pc.in: Do not expose private library dependencies unless invoked
  - Fix -Wformat-overflow warning (GCC 9)
  - Stop including ansidecl.h
  - Remove WIN32_EXTRA_* variables
  - Build without winsock
  * Bug Fixes:
  - xsl:template without name and match attributes should not be allowed
  - Make sure that Python tests exit with error code
  - Improve handling of invalid UTF-8 in format-number
  - Fix dangling pointer in xsltCopyText
  - Fix memory leak in pattern compilation error path
  - Fix uninitialized read with UTF-8 grouping chars
  - Fix integer overflow in FORMAT_GYEAR
  - Fix performance regression with xsl:number
  - Backup XPath context node in xsltInitCtxtKey
  - Fix unsigned integer overflow in date.c
  - Fix insertion of xsl:fallback content
  - Avoid quadratic behavior in xsltSaveResultTo
  - Fix numbering in non-Latin scripts
  - Fix uninitialized read of xsl:number token
  - Fix integer overflow in _exsltDateDayInWeek
  - Rework xsltAttrVT allocation
  - Fix check of xsltTestCompMatch return value
  - Fix security framework bypass
  - Use xmlNewTextChild in EXSLT dyn:map
  - Fix float casts in exsltDateDuration
  - Always set context node before calling XPath iterators
  - Fix attribute precedence with xsl:use-attribute-sets
  - Backup context node in exsltFuncFunctionFunction
  - Initialize ctxt->output before evaluating global vars
  - Fix memory leak in EXSLT functions error path
  * Improvements:
  - Fix -Wimplicit-fallthrough warnings
  - Adjust number of API index pages
  - Make xsltCompileRelativePathPattern non-recursive
  - Check that crypto:rc4_decrypt produces valid UTF-8
  - Avoid recursion in keys.c:skipPredicate
  - xslt-config.in: Simply handling of $all_flags
  - xslt-config.in: Add a --dynamic option to --libs
  - xslt-config.in: Simplify basic library handling
  - xslt-config.in: Remove unused variable
  - xslt-config: Simply handling of --cflags
  - Improve fuzzers
  - Always reuse XPath context
  - Compile with -Wextra
  - Make profiler support optional
  - Hide unused code when compiling without debugger
  - Reorganize fuzzing code
  - Optional operation limit
  - Improve seed corpus and dictionary
  - Reuse XPath context when compiling stylesheets
  - Reuse XPath context in dyn:map
  - Reuse XPath context in saxon:expression
  - Add libFuzzer targets
  - Adjust error message in expected test output
  - Change bug tracker URL
  - Change git repo URL
  - Regenerate NEWS
  - Fix misleading indentation in security.c
  * Cleanups:
  - Remove empty TODO file
  - Remove generated file libxsltclass.txt from version control
  - Rebuild docs
- Rebase patch libxslt-config-fixes.patch
- Remove patches fixed upstream:
  * libxslt-CVE-2019-11068.patch
  * libxslt-CVE-2019-13117.patch
  * libxslt-CVE-2019-13118.patch
  * libxslt-CVE-2019-18197.patch
* Tue Oct 01 2019 tchvatal@suse.com
- Drop out lilbxslt-python package as it is just py2 based and
  upstream yet didn't bother to port it to python3.
  When there is python3 compatible code it should be enabled as
  multibuild here
  * Drop now unused libxslt-1.1.24-linkflags.patch and
    libxslt-do_not_build_doc_nor_xsltproc.patch
* Mon Mar 04 2019 pmonrealgonzalez@suse.com
- Update to version 1.1.33
  * Portability:
  - Variables need 'extern' in static lib on Cygwin
  - Really declare dllexport/dllimport for Cygwin
  - Fix callback signatures in Python bindings
  - Fix transform callback signatures
  - Fix extension callback signatures
  - Fix deallocator signatures
  - Fix XPath callback signatures
  - Fix hash callback signatures
  * Bug Fixes:
  - Don't cache direct evaluation of patterns with variables
  - Move function result RVTs to context variable
  - Fix EXSLT functions returning RVTs from outer scopes
  - Fix handling of RVTs returned from nested EXSLT functions
  - Fix typos
  * Improvements:
  - Run Travis ASan tests with "sudo: required"
  * Cleanups:
  - Remove doc/libxslt-decl.txt
  - Docs for 1.1.32 release
- Cleaned with spec-cleaner
Version: 1.1.32-150000.3.11.1
* Thu Nov 10 2022 pmonreal@suse.com
- Fix broken license symlink for libxslt-tools [bsc#1203669]
* Mon Oct 21 2019 pmonrealgonzalez@suse.com
- Security fix [bsc#1154609, CVE-2019-18197]
  * Fix dangling pointer in xsltCopyText
  * Add libxslt-CVE-2019-18197.patch
* Tue Jul 02 2019 pmonrealgonzalez@suse.com
- Security fix: [bsc#1140101, CVE-2019-13118]
  * Fix uninitialized read with UTF-8 grouping chars. Read of
    uninitialized stack data due to too narrow xsl:number
    instruction and an invalid character
  * Added libxslt-CVE-2019-13118.patch
* Tue Jul 02 2019 pmonrealgonzalez@suse.com
- Security fix: [bsc#1140095, CVE-2019-13117]
  * Fix uninitialized read of xsl:number token. An xsl number with
    certain format strings could lead to a uninitialized read in
    xsltNumberFormatInsertNumbers
  * Added libxslt-CVE-2019-13117.patch
* Thu Apr 11 2019 pmonrealgonzalez@suse.com
- Security fix: [bsc#1132160, CVE-2019-11068]
  * Bypass of a protection mechanism because callers of xsltCheckRead
    and xsltCheckWrite permit access even upon receiving a -1 error
    code. xsltCheckRead can return -1 for a crafted URL that is not
    actually invalid and is subsequently loaded.
  * Added libxslt-CVE-2019-11068.patch
* Wed Nov 08 2017 vcizek@suse.com
- Update to version 1.1.32
  * fixes xml-config detection regression (boo#1066525)
* Thu Oct 19 2017 pmonrealgonzalez@suse.com
- Update to version 1.1.30 [bsc#1063934]
  * Documentation:
  - Misc doc fixes
  * Portability:
  - Look for libxml2 via pkg-config first
  * Bug Fixes:
  - Also fix memory hazards in exsltFuncResultElem
  - Fix NULL deref in xsltDefaultSortFunction
  - Fix memory hazards in exsltFuncFunctionFunction
  - Fix memory leaks in EXSLT error paths
  - Fix memory leak in str:concat with empty node-set
  - Fix memory leaks in error paths
  - Switch to xmlUTF8Strsize in numbers.c
  - Fix NULL pointer deref in xsltFormatNumberFunction
  - Fix UTF-8 check in str:padding
  - Fix xmlStrPrintf argument
  - Check for overflow in _exsltDateParseGYear
  - Fix double to int conversion
  - Check for overflow in exsltDateParseDuration
  - Change version of xsltMaxVars back to 1.0.24
  - Disable xsltCopyTextString optimization for extensions
  - Create DOCTYPE for HTML version 5
  - Make xsl:decimal-format work with namespaces
  - Remove norm:localTime extension function
  - Check for integer overflow in xsltAddTextString
  - Detect infinite recursion when evaluating function arguments
  - Fix memory leak in xsltElementAvailableFunction
  - Fix for pattern predicates calling functions
  - Fix cmd.exe invocations in Makefile.mingw
  - Don't try to install index.sgml
  - Fix symbols.xml
  - Fix heap overread in xsltFormatNumberConversion
  - Fix <xsl:number level="any"/> for non-element nodes
  - Fix unreachable code in xsltAddChild
  - Change version number in xsl:version warning
  - Avoid infinite recursion after failed param evaluation
  - Stop if potential recursion is detected
  - Consider built-in templates in apply-imports
  - Fix precedence with multiple attribute sets
  - Rework attribute set resolution
  * Improvements:
  - Silence tests a little
  - Set LIBXML_SRC to absolute path
  - Add missing #include
  - Adjust expected error messages in tests
  - Make xsltDebug more quiet
  - New-line terminate error message that missed this convention
  - Use xmlBuffers in EXSLT string functions
  - Switch to xmlUTF8Strsize in EXSLT string functions
  - Check for return value of xmlUTF8Strlen
  - Avoid double/long round trip in FORMAT_ITEM
  - Separate date and duration structs
  - Check for overflow in _exsltDateDifference
  - Clamp seconds field of durations
  - Change _exsltDateAddDurCalc parameter types
  - Fix date:difference with time zones
  - Rework division/remainder arithmetic in date.c
  - Remove exsltDateCastDateToNumber
  - Change internal representation of years
  - Optimize IS_LEAP
  - Link libraries with libm
  - Rename xsltCopyTreeInternal to xsltCopyTree
  - Update linker version script
  - Add local wildcard to version script
  - Make some symbols static
  - Remove redundant NULL check in xsltNumberComp
  - Fix forwards compatibility for imported stylesheets
  - Reduce warnings in forwards-compatible mode
  - Precompute XSLT elements after preprocessing
  - Fix whitespace in xsltParseStylesheetTop
  - Consolidate recursion checks
  - Treat XSLT_STATE_STOPPED same as errors
  - Make sure that XSLT_STATE_STOPPED isn't overwritten
  - Add comment regarding built-in templates and params
  - Rewrite memory management of local RVTs
  - Validate QNames of attribute sets
  - Add xsl:attribute-set regression tests
  - Ignore imported stylesheets in xsltApplyAttributeSet
- Dropped patches fixed upstream
  * libxslt-CVE-2016-4738.patch
  * libxslt-1.1.28-CVE-2017-5029.patch
* Mon Sep 11 2017 jengelh@inai.de
- Fix RPM groups. Drop ineffective --with-pic.
  Trim conjecture from description.
* Fri Jul 28 2017 mpluskal@suse.com
- Add gpg signature
- Cleanup spec file with spec-cleaner
* Tue Apr 25 2017 pmonrealgonzalez@suse.com
- Fixed CVE-2017-5029 bcs#1035905
  * Limit buffer size in xsltAddTextString to INT_MAX
- Added patch libxslt-1.1.28-CVE-2017-5029.patch
* Wed Apr 05 2017 pgajdos@suse.com
- security update: initialize random generator, CVE-2015-9019
  [bsc#934119]
  + libxslt-random-seed.patch
* Mon Mar 13 2017 pmonrealgonzalez@suse.com
- Added patch libxslt-CVE-2016-4738.patch
  * Fix heap overread in xsltFormatNumberConversion: An empty
    decimal-separator could cause a heap overread. This can be
    exploited to leak a couple of bytes after the buffer that holds
    the pattern string.
  * bsc#1005591 CVE-2016-4738
* Sat Jun 11 2016 tchvatal@suse.com
- Update to 1.1.29:
  * new release after 4 years with few bugfies all around
- Refresh patch 0009-Make-generate-id-deterministic.patch to apply
- Remove cve patch that was integrated upstream:
  libxslt-1.1.28-type_confusion_preprocess_attr.patch
- Unpack the manpage as the compression is set by buildbot not always gz
* Fri May 20 2016 kstreitova@suse.com
- add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix
  type confusion in preprocessing attributes [bnc#952474],
  [CVE-2015-7995]
* Thu Apr 09 2015 suse@microstep-mis.com
- fix package with "soname" should obsolete libxslt package on suse < 12.2 (SLE11)
* Sun Feb 01 2015 coolo@suse.com
- add 0009-Make-generate-id-deterministic.patch from debian's
  reproducible builds project to avoid randomness in generated IDs
* Thu Dec 06 2012 pascal.bleser@opensuse.org
- update to 1.1.28:
  * fix generate-id() to avoid generating the same ID
  * fix crash with empty xsl:key/@match attribute
  * fix crash when passing an uninitialized variable to document()
  * fix regression: default namespace not correctly used
  * remove xsltTransStorageAdd and xsltTransStorageRemove from symbols.xml
- changes from 1.1.27:
  * link python module with python library (Frederic Crozat)
  * report errors on variable use in key
  * the XSLT namespace string is a constant one
  * fix handling of names in xsl:attribute
  * reserved namespaces in xsl:element and xsl:attribute
  * null-terminate result string of cry:rc4_decrypt
  * EXSLT date normalization fix
  * exit after compilation of invalid func:result
  * fix for EXSLT func:function
  * rewrite EXSLT string:replace to be conformant
  * avoid a heap use after free error
  * fix a dictionary string usage
  * output should not include extraneous newlines when indent is off
  * document('') fails to return stylesheets parsed from memory
  * xsltproc should return an error code if xinclude fails
  * forwards-compatible processing of unknown top level elements
  * fix system-property with unknown namespace
  * fix default template processing on namespace nodes
  * fix a bug in selecting XSLT elements
  * fix a memory leak with xsl:number
  * fix a problem with ESXLT date:add() with January
  * fix generate-id() to not expose object addresses
  * allow whitespace in xsl:variable with select
  * fix direct pattern matching bug
  * add the saxon:systemId extension
  * add an append mode to document output
  * fix portability to upcoming libxml2-2.9.0
  * precompile patterns in xsl:number
- change soname macro back to "1" and enforce it in the files list
- revert -tools subpackage for openSUSE < 12.2 as that has only
  become effective since 12.2 on the package that ships with the
  distribution, to avoid having a completely different package
  layout in this repository as compared to the stock distribution
  packages (added a Provides: libxslt-tools though)
* Wed Apr 25 2012 chris@computersalat.de
- add macro "soname" %{name}1
- fix "self obsoletion"
* Sat Mar 17 2012 jengelh@medozas.de
- Make sure to follow shlib policy; put tools in a separate package
  like done in libxml2
* Wed Jan 04 2012 jengelh@medozas.de
- Remove redundant tags (License: field is inherited)
- Use exact EVR for Provides: