Hello community, here is the log from the commit of package libxslt for openSUSE:Factory checked in at 2017-10-28 14:17:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxslt (Old) and /work/SRC/openSUSE:Factory/.libxslt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxslt" Sat Oct 28 14:17:38 2017 rev:54 rq:535219 version:1.1.30 Changes: -------- --- /work/SRC/openSUSE:Factory/libxslt/libxslt-python.changes 2017-09-13 21:35:11.365214304 +0200 +++ /work/SRC/openSUSE:Factory/.libxslt.new/libxslt-python.changes 2017-10-28 14:17:39.252393427 +0200 @@ -1,0 +2,89 @@ +Thu Oct 19 11:18:49 UTC 2017 - pmonrealgonza...@suse.com + +- Update to version 1.1.30 [bsc#1063934] + * Documentation: + - Misc doc fixes + * Portability: + - Look for libxml2 via pkg-config first + * Bug Fixes: + - Also fix memory hazards in exsltFuncResultElem + - Fix NULL deref in xsltDefaultSortFunction + - Fix memory hazards in exsltFuncFunctionFunction + - Fix memory leaks in EXSLT error paths + - Fix memory leak in str:concat with empty node-set + - Fix memory leaks in error paths + - Switch to xmlUTF8Strsize in numbers.c + - Fix NULL pointer deref in xsltFormatNumberFunction + - Fix UTF-8 check in str:padding + - Fix xmlStrPrintf argument + - Check for overflow in _exsltDateParseGYear + - Fix double to int conversion + - Check for overflow in exsltDateParseDuration + - Change version of xsltMaxVars back to 1.0.24 + - Disable xsltCopyTextString optimization for extensions + - Create DOCTYPE for HTML version 5 + - Make xsl:decimal-format work with namespaces + - Remove norm:localTime extension function + - Check for integer overflow in xsltAddTextString + - Detect infinite recursion when evaluating function arguments + - Fix memory leak in xsltElementAvailableFunction + - Fix for pattern predicates calling functions + - Fix cmd.exe invocations in Makefile.mingw + - Don't try to install index.sgml + - Fix symbols.xml + - Fix heap overread in xsltFormatNumberConversion + - Fix <xsl:number level="any"/> for non-element nodes + - Fix unreachable code in xsltAddChild + - Change version number in xsl:version warning + - Avoid infinite recursion after failed param evaluation + - Stop if potential recursion is detected + - Consider built-in templates in apply-imports + - Fix precedence with multiple attribute sets + - Rework attribute set resolution + * Improvements: + - Silence tests a little + - Set LIBXML_SRC to absolute path + - Add missing #include + - Adjust expected error messages in tests + - Make xsltDebug more quiet + - New-line terminate error message that missed this convention + - Use xmlBuffers in EXSLT string functions + - Switch to xmlUTF8Strsize in EXSLT string functions + - Check for return value of xmlUTF8Strlen + - Avoid double/long round trip in FORMAT_ITEM + - Separate date and duration structs + - Check for overflow in _exsltDateDifference + - Clamp seconds field of durations + - Change _exsltDateAddDurCalc parameter types + - Fix date:difference with time zones + - Rework division/remainder arithmetic in date.c + - Remove exsltDateCastDateToNumber + - Change internal representation of years + - Optimize IS_LEAP + - Link libraries with libm + - Rename xsltCopyTreeInternal to xsltCopyTree + - Update linker version script + - Add local wildcard to version script + - Make some symbols static + - Remove redundant NULL check in xsltNumberComp + - Fix forwards compatibility for imported stylesheets + - Reduce warnings in forwards-compatible mode + - Precompute XSLT elements after preprocessing + - Fix whitespace in xsltParseStylesheetTop + - Consolidate recursion checks + - Treat XSLT_STATE_STOPPED same as errors + - Make sure that XSLT_STATE_STOPPED isn't overwritten + - Add comment regarding built-in templates and params + - Rewrite memory management of local RVTs + - Validate QNames of attribute sets + - Add xsl:attribute-set regression tests + - Ignore imported stylesheets in xsltApplyAttributeSet + +------------------------------------------------------------------- +Thu Oct 19 11:15:22 UTC 2017 - pmonrealgonza...@suse.com + +- security update: initialize random generator, CVE-2015-9019 + [bsc#934119] + + libxslt-random-seed.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libxslt/libxslt.changes 2017-09-13 21:35:11.593182230 +0200 +++ /work/SRC/openSUSE:Factory/.libxslt.new/libxslt.changes 2017-10-28 14:17:39.284392257 +0200 @@ -1,0 +2,86 @@ +Thu Oct 19 10:09:45 UTC 2017 - pmonrealgonza...@suse.com + +- Update to version 1.1.30 [bsc#1063934] + * Documentation: + - Misc doc fixes + * Portability: + - Look for libxml2 via pkg-config first + * Bug Fixes: + - Also fix memory hazards in exsltFuncResultElem + - Fix NULL deref in xsltDefaultSortFunction + - Fix memory hazards in exsltFuncFunctionFunction + - Fix memory leaks in EXSLT error paths + - Fix memory leak in str:concat with empty node-set + - Fix memory leaks in error paths + - Switch to xmlUTF8Strsize in numbers.c + - Fix NULL pointer deref in xsltFormatNumberFunction + - Fix UTF-8 check in str:padding + - Fix xmlStrPrintf argument + - Check for overflow in _exsltDateParseGYear + - Fix double to int conversion + - Check for overflow in exsltDateParseDuration + - Change version of xsltMaxVars back to 1.0.24 + - Disable xsltCopyTextString optimization for extensions + - Create DOCTYPE for HTML version 5 + - Make xsl:decimal-format work with namespaces + - Remove norm:localTime extension function + - Check for integer overflow in xsltAddTextString + - Detect infinite recursion when evaluating function arguments + - Fix memory leak in xsltElementAvailableFunction + - Fix for pattern predicates calling functions + - Fix cmd.exe invocations in Makefile.mingw + - Don't try to install index.sgml + - Fix symbols.xml + - Fix heap overread in xsltFormatNumberConversion + - Fix <xsl:number level="any"/> for non-element nodes + - Fix unreachable code in xsltAddChild + - Change version number in xsl:version warning + - Avoid infinite recursion after failed param evaluation + - Stop if potential recursion is detected + - Consider built-in templates in apply-imports + - Fix precedence with multiple attribute sets + - Rework attribute set resolution + * Improvements: + - Silence tests a little + - Set LIBXML_SRC to absolute path + - Add missing #include + - Adjust expected error messages in tests + - Make xsltDebug more quiet + - New-line terminate error message that missed this convention + - Use xmlBuffers in EXSLT string functions + - Switch to xmlUTF8Strsize in EXSLT string functions + - Check for return value of xmlUTF8Strlen + - Avoid double/long round trip in FORMAT_ITEM + - Separate date and duration structs + - Check for overflow in _exsltDateDifference + - Clamp seconds field of durations + - Change _exsltDateAddDurCalc parameter types + - Fix date:difference with time zones + - Rework division/remainder arithmetic in date.c + - Remove exsltDateCastDateToNumber + - Change internal representation of years + - Optimize IS_LEAP + - Link libraries with libm + - Rename xsltCopyTreeInternal to xsltCopyTree + - Update linker version script + - Add local wildcard to version script + - Make some symbols static + - Remove redundant NULL check in xsltNumberComp + - Fix forwards compatibility for imported stylesheets + - Reduce warnings in forwards-compatible mode + - Precompute XSLT elements after preprocessing + - Fix whitespace in xsltParseStylesheetTop + - Consolidate recursion checks + - Treat XSLT_STATE_STOPPED same as errors + - Make sure that XSLT_STATE_STOPPED isn't overwritten + - Add comment regarding built-in templates and params + - Rewrite memory management of local RVTs + - Validate QNames of attribute sets + - Add xsl:attribute-set regression tests + - Ignore imported stylesheets in xsltApplyAttributeSet + +- Dropped patches fixed upstream + * libxslt-CVE-2016-4738.patch + * libxslt-1.1.28-CVE-2017-5029.patch + +------------------------------------------------------------------- Old: ---- libxslt-1.1.28-CVE-2017-5029.patch libxslt-1.1.29.tar.gz libxslt-1.1.29.tar.gz.asc libxslt-CVE-2016-4738.patch New: ---- libxslt-1.1.30.tar.gz libxslt-1.1.30.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxslt-python.spec ++++++ --- /var/tmp/diff_new_pack.YFp6DG/_old 2017-10-28 14:17:40.148360664 +0200 +++ /var/tmp/diff_new_pack.YFp6DG/_new 2017-10-28 14:17:40.148360664 +0200 @@ -18,7 +18,7 @@ %define libname libxslt1 Name: libxslt-python -Version: 1.1.29 +Version: 1.1.30 Release: 0 Summary: Python Bindings for libxslt License: MIT @@ -31,13 +31,14 @@ # pbleser: don't build the doc subdir as it's broken and we don't install # it anyway; neither build the xsltproc subdir (not packaged here, faster) Patch1: libxslt-do_not_build_doc_nor_xsltproc.patch +Patch2: libxslt-random-seed.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool BuildRequires: libxml2-devel -BuildRequires: libxml2-python BuildRequires: libxslt-tools BuildRequires: python-devel +BuildRequires: python-libxml2 BuildRequires: python-xml #!BuildIgnore: python Requires: %{libname} = %{version} @@ -56,6 +57,7 @@ %setup -q -n libxslt-%{version} %patch0 %patch1 +%patch2 -p1 %build autoreconf -fvi ++++++ libxslt.spec ++++++ --- /var/tmp/diff_new_pack.YFp6DG/_old 2017-10-28 14:17:40.168359932 +0200 +++ /var/tmp/diff_new_pack.YFp6DG/_new 2017-10-28 14:17:40.176359639 +0200 @@ -19,7 +19,7 @@ %define libname %{name}1 %define exname libexslt0 Name: libxslt -Version: 1.1.29 +Version: 1.1.30 Release: 0 Summary: XSL Transformation Library License: MIT AND GPL-2.0+ @@ -33,10 +33,7 @@ Patch0: %{name}-1.1.24-no-net-autobuild.patch Patch1: libxslt-config-fixes.patch Patch2: 0009-Make-generate-id-deterministic.patch -Patch3: libxslt-CVE-2016-4738.patch -Patch4: libxslt-random-seed.patch -# PATCH-FIX-UPSTREAM CVE-2017-5029 bsc#1035905 -Patch5: libxslt-1.1.28-CVE-2017-5029.patch +Patch3: libxslt-random-seed.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool @@ -105,8 +102,6 @@ %patch1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build autoreconf -fvi ++++++ libxslt-1.1.29.tar.gz -> libxslt-1.1.30.tar.gz ++++++ ++++ 10368 lines of diff (skipped)