Changelog for
libxslt-devel-32bit-1.1.32-lp152.5.1.x86_64.rpm :
* Mon Oct 21 2019 Pedro Monreal Gonzalez
- Security fix [bsc#1154609, CVE-2019-18197]
* Fix dangling pointer in xsltCopyText
* Add libxslt-CVE-2019-18197.patch
* Tue Jul 02 2019 Pedro Monreal Gonzalez - Security fix: [bsc#1140101, CVE-2019-13118]
* Fix uninitialized read with UTF-8 grouping chars. Read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character
* Added libxslt-CVE-2019-13118.patch
* Tue Jul 02 2019 Pedro Monreal Gonzalez - Security fix: [bsc#1140095, CVE-2019-13117]
* Fix uninitialized read of xsl:number token. An xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers
* Added libxslt-CVE-2019-13117.patch
* Thu Apr 11 2019 Pedro Monreal Gonzalez - Security fix: [bsc#1132160, CVE-2019-11068]
* Bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
* Added libxslt-CVE-2019-11068.patch
* Wed Nov 08 2017 vcizekAATTsuse.com- Update to version 1.1.32
* fixes xml-config detection regression (boo#1066525)
* Thu Oct 19 2017 pmonrealgonzalezAATTsuse.com- Update to version 1.1.30 [bsc#1063934]
* Documentation: - Misc doc fixes
* Portability: - Look for libxml2 via pkg-config first
* Bug Fixes: - Also fix memory hazards in exsltFuncResultElem - Fix NULL deref in xsltDefaultSortFunction - Fix memory hazards in exsltFuncFunctionFunction - Fix memory leaks in EXSLT error paths - Fix memory leak in str:concat with empty node-set - Fix memory leaks in error paths - Switch to xmlUTF8Strsize in numbers.c - Fix NULL pointer deref in xsltFormatNumberFunction - Fix UTF-8 check in str:padding - Fix xmlStrPrintf argument - Check for overflow in _exsltDateParseGYear - Fix double to int conversion - Check for overflow in exsltDateParseDuration - Change version of xsltMaxVars back to 1.0.24 - Disable xsltCopyTextString optimization for extensions - Create DOCTYPE for HTML version 5 - Make xsl:decimal-format work with namespaces - Remove norm:localTime extension function - Check for integer overflow in xsltAddTextString - Detect infinite recursion when evaluating function arguments - Fix memory leak in xsltElementAvailableFunction - Fix for pattern predicates calling functions - Fix cmd.exe invocations in Makefile.mingw - Don\'t try to install index.sgml - Fix symbols.xml - Fix heap overread in xsltFormatNumberConversion - Fix for non-element nodes - Fix unreachable code in xsltAddChild - Change version number in xsl:version warning - Avoid infinite recursion after failed param evaluation - Stop if potential recursion is detected - Consider built-in templates in apply-imports - Fix precedence with multiple attribute sets - Rework attribute set resolution
* Improvements: - Silence tests a little - Set LIBXML_SRC to absolute path - Add missing #include - Adjust expected error messages in tests - Make xsltDebug more quiet - New-line terminate error message that missed this convention - Use xmlBuffers in EXSLT string functions - Switch to xmlUTF8Strsize in EXSLT string functions - Check for return value of xmlUTF8Strlen - Avoid double/long round trip in FORMAT_ITEM - Separate date and duration structs - Check for overflow in _exsltDateDifference - Clamp seconds field of durations - Change _exsltDateAddDurCalc parameter types - Fix date:difference with time zones - Rework division/remainder arithmetic in date.c - Remove exsltDateCastDateToNumber - Change internal representation of years - Optimize IS_LEAP - Link libraries with libm - Rename xsltCopyTreeInternal to xsltCopyTree - Update linker version script - Add local wildcard to version script - Make some symbols static - Remove redundant NULL check in xsltNumberComp - Fix forwards compatibility for imported stylesheets - Reduce warnings in forwards-compatible mode - Precompute XSLT elements after preprocessing - Fix whitespace in xsltParseStylesheetTop - Consolidate recursion checks - Treat XSLT_STATE_STOPPED same as errors - Make sure that XSLT_STATE_STOPPED isn\'t overwritten - Add comment regarding built-in templates and params - Rewrite memory management of local RVTs - Validate QNames of attribute sets - Add xsl:attribute-set regression tests - Ignore imported stylesheets in xsltApplyAttributeSet- Dropped patches fixed upstream
* libxslt-CVE-2016-4738.patch
* libxslt-1.1.28-CVE-2017-5029.patch
* Mon Sep 11 2017 jengelhAATTinai.de- Fix RPM groups. Drop ineffective --with-pic. Trim conjecture from description.
* Fri Jul 28 2017 mpluskalAATTsuse.com- Add gpg signature- Cleanup spec file with spec-cleaner
* Tue Apr 25 2017 pmonrealgonzalezAATTsuse.com- Fixed CVE-2017-5029 bcs#1035905
* Limit buffer size in xsltAddTextString to INT_MAX- Added patch libxslt-1.1.28-CVE-2017-5029.patch
* Wed Apr 05 2017 pgajdosAATTsuse.com- security update: initialize random generator, CVE-2015-9019 [bsc#934119] + libxslt-random-seed.patch
* Mon Mar 13 2017 pmonrealgonzalezAATTsuse.com- Added patch libxslt-CVE-2016-4738.patch
* Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string.
* bsc#1005591 CVE-2016-4738
* Sat Jun 11 2016 tchvatalAATTsuse.com- Update to 1.1.29:
* new release after 4 years with few bugfies all around- Refresh patch 0009-Make-generate-id-deterministic.patch to apply- Remove cve patch that was integrated upstream: libxslt-1.1.28-type_confusion_preprocess_attr.patch- Unpack the manpage as the compression is set by buildbot not always gz
* Fri May 20 2016 kstreitovaAATTsuse.com- add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix type confusion in preprocessing attributes [bnc#952474], [CVE-2015-7995]
* Thu Apr 09 2015 suseAATTmicrostep-mis.com- fix package with \"soname\" should obsolete libxslt package on suse < 12.2 (SLE11)
* Sun Feb 01 2015 cooloAATTsuse.com- add 0009-Make-generate-id-deterministic.patch from debian\'s reproducible builds project to avoid randomness in generated IDs