On Wed, Jun 1, 2022 at 12:53 AM omkar <[email protected]> wrote: > > From: Markus Volk <[email protected]> > > Security > > [CVE-2021-30560] Fix use-after-free in xsltApplyTemplates > Fix memory leak in xsltDocumentElem (David King) > Fix memory leak in xsltCompileIdKeyPattern (David King) > Fix double-free with stylesheets containing entity nodes > > Fixed regressions > > Fix performance regression with predicates in patterns > Fix regression in xsltComputeSortResult > > Bug fixes > > Fix conflict resolution for templates with same priority > Fix xsl:number generating invalid UTF-8 > Support attribute value templates in xsl:sort lang attributes > Don't pass first xsl:sort in xsl:apply-templates twice > Fix quadratic runtime with text and xsl:message > > Don't allow empty EXSLT durations > > Improvements > Add xsltproc --huge Argument via libxml XML_PARSE_HUGE (William N. Braswell, > Jr.) > > Tests, code quality, fuzzing > > Remove .travis.yml > Fix some misleading indentation (David King) > Use actual types for templates in struct _xsltStylesheet > Add CI for CMake on MSVC (Markus Rickert) > Check for null pointer before calling freelocale > Add CI test for Python 3 > Don't set maxDepth in XPath contexts > Transfer XPath limits to XPtr context > Stop using maxParserDepth XPath limit > Make long-to-double cast explicit in date.c > Disable LeakSanitizer > Run clang CI tests with -Wimplicit-int-conversion > Fix implicit-int-conversion warning in exslt/crypto.c > Fix clang -Wimplicit-int-conversion warning (David Kilzer) > Fix clang -Wconditional-uninitialized warning in libxslt/numbers.c (David > Kilzer) > Fix -Wshadow warnings in libexslt/dynamic.c (David Kilzer) > Also search parent dir for source XML when fuzzing > > Build system, portability > > Add CMake build files (Markus Rickert) > Initial support for Python 3 (Suleyman Poyraz) > Call ANSI versions of WinAPI functions explicitly > Remove redundant flags from pkg-config files > Suppress automake warning in tests/XSLTMark > Fix linking libexslt dynamic library when using MinGW (Vadim Zeitlin) > Added platform specific path separators (Dmitriy Korovkin) > win32: allow passing *FLAGS on command line > Fix export of xsltExtMarker on Windows (David Kilzer) > Fix redundant includes already in libexslt.h (David Kilzer) > Minor fixes to configure.js > Fix variable syntax in Python configuration > Add new EXSLT string tests to EXTRA_DIST > Fix xml2-config check in configure script > win32: Add configuration for profiler (Chun-wei Fan) > Check whether 'xml2-config --dynamic' is supported > > Documentation > > Add Makefile rule to regenerate xsltproc.html > Update links > Remove MAINTAINERS > Upload documentation to GitLab Pages > Add documentation in devhelp format > Add --enable-rebuild-docs configure option > Fix libexslt header summaries > Fix validity of tutorial XML (David King) > Use DocBook URL for tutorial DTD (David King) > Update libxslt.doap > Add missing options to xsltproc man page
This seems to be much more than a bug fix/security release, so I'm not sure it is suitable for an LTS branch. If the intent was to fix CVE-2021-30560, I'd prefer to see a patch adding the relevant commits for just that fix. Thanks for helping out with CVEs, I appreciate it! Steve > (From OE-Core rev: 6b5b1486bbd381b2b657645e91a1712332ddcb94) > > Signed-off-by: Markus Volk <[email protected]> > Signed-off-by: Richard Purdie <[email protected]> > (cherry picked from commit daa312851681c55d81391b37a30a518f3e74e540) > > Signed-off-by: Omkar Patil <[email protected]> > --- > .../libxslt/{libxslt_1.1.34.bb => libxslt_1.1.35.bb} | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > rename meta/recipes-support/libxslt/{libxslt_1.1.34.bb => libxslt_1.1.35.bb} > (89%) > > diff --git a/meta/recipes-support/libxslt/libxslt_1.1.34.bb > b/meta/recipes-support/libxslt/libxslt_1.1.35.bb > similarity index 89% > rename from meta/recipes-support/libxslt/libxslt_1.1.34.bb > rename to meta/recipes-support/libxslt/libxslt_1.1.35.bb > index 63cce6fe06..0f25043743 100644 > --- a/meta/recipes-support/libxslt/libxslt_1.1.34.bb > +++ b/meta/recipes-support/libxslt/libxslt_1.1.35.bb > @@ -13,11 +13,9 @@ LIC_FILES_CHKSUM = > "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458" > SECTION = "libs" > DEPENDS = "libxml2" > > -SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \ > - " > +SRC_URI = > "https://download.gnome.org/sources/libxslt/1.1/libxslt-${PV}.tar.xz"; > > -SRC_URI[md5sum] = "db8765c8d076f1b6caafd9f2542a304a" > -SRC_URI[sha256sum] = > "98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f" > +SRC_URI[sha256sum] = > "8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79" > > UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" > > -- > 2.17.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166381): https://lists.openembedded.org/g/openembedded-core/message/166381 Mute This Topic: https://lists.openembedded.org/mt/91472461/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
