- Update to 1.1.43:
* Major changes:
- The non-standard EXSLT crypto extensions and support for dynamically
loaded plugins are now disabled by default. These features can be
enabled by passing --with-crypto or --with-plugins to configure.
In a future release, these features will be removed.
- Debug output and the debugger are disabled by default and can be
enabled by passing --with-debug or --with-debugger.
* Security:
- [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node
- [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces
* Bug fixes:
- variables: Fix non-deterministic generated IDs
* libxml2 related cleanup:
- python: Don't use removed libxml2 macro
- tests: Skip test_bad.xsl with libxml2 before 2.13
- python: Don't include nanoftp.h and nanohttp.h
- tests: Avoid namespace warning on Windows
- numbers: Stop using libxml2 XPath axis API
- numbers: Use private copy of xmlCopyCharMultiByte
- documents: Use xmlCtxtParseDocument if available
- tests: Make runtest compile with older libxml2 versions
- utils: Account for libxml2 change
- tests: Make bug-219.xsl compatible with older libxml2
- extensions: always include stdlib.h (Hugo Beauzée-Luyssen)
- extensions: Don't use libxml2's "modules" feature
* Code cleanup:
- numbers: Make static variables const
- variables: Remove debug code
* Portability:
OBS-URL: https://build.opensuse.org/request/show/1253116
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=111
