- Security fix: [bsc#1140101, CVE-2019-13118]
* Fix uninitialized read with UTF-8 grouping chars. Read of
uninitialized stack data due to too narrow xsl:number
instruction and an invalid character
* Added libxslt-CVE-2019-13118.patch
- Security fix: [bsc#1140095, CVE-2019-13117]
* Fix uninitialized read of xsl:number token. An xsl number with
certain format strings could lead to a uninitialized read in
xsltNumberFormatInsertNumbers
* Added libxslt-CVE-2019-13117.patch
- Security fix: [bsc#1140101, CVE-2019-13118]
* Fix uninitialized read with UTF-8 grouping chars. Read of
uninitialized stack data due to too narrow xsl:number
instruction and an invalid character
* Added libxslt-CVE-2019-13118.patch
- Security fix: [bsc#1140095, CVE-2019-13117]
* Fix uninitialized read of xsl:number token. An xsl number with
certain format strings could lead to a uninitialized read in
xsltNumberFormatInsertNumbers
* Added libxslt-CVE-2019-13117.patch
OBS-URL: https://build.opensuse.org/request/show/713209
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=73
- Security fix: [bsc#1132160, CVE-2019-11068]
* Bypass of a protection mechanism because callers of xsltCheckRead
and xsltCheckWrite permit access even upon receiving a -1 error
code. xsltCheckRead can return -1 for a crafted URL that is not
actually invalid and is subsequently loaded.
* Added libxslt-CVE-2019-11068.patch
- Security fix: [bsc#1132160, CVE-2019-11068]
* Bypass of a protection mechanism because callers of xsltCheckRead
and xsltCheckWrite permit access even upon receiving a -1 error
code. xsltCheckRead can return -1 for a crafted URL that is not
actually invalid and is subsequently loaded.
* Added libxslt-CVE-2019-11068.patch
OBS-URL: https://build.opensuse.org/request/show/693129
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=71
- Update to version 1.1.30 [bsc#1063934]
* Documentation:
- Misc doc fixes
* Portability:
- Look for libxml2 via pkg-config first
* Bug Fixes:
- Also fix memory hazards in exsltFuncResultElem
- Fix NULL deref in xsltDefaultSortFunction
- Fix memory hazards in exsltFuncFunctionFunction
- Fix memory leaks in EXSLT error paths
- Fix memory leak in str:concat with empty node-set
- Fix memory leaks in error paths
- Switch to xmlUTF8Strsize in numbers.c
- Fix NULL pointer deref in xsltFormatNumberFunction
- Fix UTF-8 check in str:padding
- Fix xmlStrPrintf argument
- Check for overflow in _exsltDateParseGYear
- Fix double to int conversion
- Check for overflow in exsltDateParseDuration
- Change version of xsltMaxVars back to 1.0.24
- Disable xsltCopyTextString optimization for extensions
- Create DOCTYPE for HTML version 5
- Make xsl:decimal-format work with namespaces
- Remove norm:localTime extension function
- Check for integer overflow in xsltAddTextString
- Detect infinite recursion when evaluating function arguments
- Fix memory leak in xsltElementAvailableFunction
- Fix for pattern predicates calling functions
- Fix cmd.exe invocations in Makefile.mingw
- Don't try to install index.sgml
OBS-URL: https://build.opensuse.org/request/show/535190
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=65
- Version update to 1.1.29 to match libxslt main package
- Sort out with spec-cleaner
- BuildIgnore python to avoid cycles
- Run tests and do not install them as docs
- Update to 1.1.29:
* new release after 4 years with few bugfies all around
- Refresh patch 0009-Make-generate-id-deterministic.patch to apply
- Remove cve patch that was integrated upstream:
libxslt-1.1.28-type_confusion_preprocess_attr.patch
- Unpack the manpage as the compression is set by buildbot not always gz
OBS-URL: https://build.opensuse.org/request/show/401584
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libxslt?expand=0&rev=48
- Version update to 1.1.29 to match libxslt main package
- Sort out with spec-cleaner
- BuildIgnore python to avoid cycles
- Run tests and do not install them as docs
- Update to 1.1.29:
* new release after 4 years with few bugfies all around
- Refresh patch 0009-Make-generate-id-deterministic.patch to apply
- Remove cve patch that was integrated upstream:
libxslt-1.1.28-type_confusion_preprocess_attr.patch
- Unpack the manpage as the compression is set by buildbot not always gz
OBS-URL: https://build.opensuse.org/request/show/401284
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=51
- enforce having the same version of libxslt1
- update to 1.1.28:
* fix generate-id() to avoid generating the same ID
* fix crash with empty xsl:key/@match attribute
* fix crash when passing an uninitialized variable to document()
* fix regression: default namespace not correctly used
* remove xsltTransStorageAdd and xsltTransStorageRemove from symbols.xml
- changes from 1.1.27:
* link python module with python library (Frederic Crozat)
* report errors on variable use in key
* the XSLT namespace string is a constant one
* fix handling of names in xsl:attribute
* reserved namespaces in xsl:element and xsl:attribute
* null-terminate result string of cry:rc4_decrypt
* EXSLT date normalization fix
* exit after compilation of invalid func:result
* fix for EXSLT func:function
* rewrite EXSLT string:replace to be conformant
* avoid a heap use after free error
* fix a dictionary string usage
* output should not include extraneous newlines when indent is off
* document('') fails to return stylesheets parsed from memory
* xsltproc should return an error code if xinclude fails
* forwards-compatible processing of unknown top level elements
* fix system-property with unknown namespace
* fix default template processing on namespace nodes
* fix a bug in selecting XSLT elements
* fix a memory leak with xsl:number
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libxslt?expand=0&rev=41
