Hello community,
here is the log from the commit of package libxslt for openSUSE:Factory checked
in at 2017-10-28 14:17:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxslt (Old)
and /work/SRC/openSUSE:Factory/.libxslt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxslt"
Sat Oct 28 14:17:38 2017 rev:54 rq:535219 version:1.1.30
Changes:
--------
--- /work/SRC/openSUSE:Factory/libxslt/libxslt-python.changes 2017-09-13
21:35:11.365214304 +0200
+++ /work/SRC/openSUSE:Factory/.libxslt.new/libxslt-python.changes
2017-10-28 14:17:39.252393427 +0200
@@ -1,0 +2,89 @@
+Thu Oct 19 11:18:49 UTC 2017 - pmonrealgonza...@suse.com
+
+- Update to version 1.1.30 [bsc#1063934]
+ * Documentation:
+ - Misc doc fixes
+ * Portability:
+ - Look for libxml2 via pkg-config first
+ * Bug Fixes:
+ - Also fix memory hazards in exsltFuncResultElem
+ - Fix NULL deref in xsltDefaultSortFunction
+ - Fix memory hazards in exsltFuncFunctionFunction
+ - Fix memory leaks in EXSLT error paths
+ - Fix memory leak in str:concat with empty node-set
+ - Fix memory leaks in error paths
+ - Switch to xmlUTF8Strsize in numbers.c
+ - Fix NULL pointer deref in xsltFormatNumberFunction
+ - Fix UTF-8 check in str:padding
+ - Fix xmlStrPrintf argument
+ - Check for overflow in _exsltDateParseGYear
+ - Fix double to int conversion
+ - Check for overflow in exsltDateParseDuration
+ - Change version of xsltMaxVars back to 1.0.24
+ - Disable xsltCopyTextString optimization for extensions
+ - Create DOCTYPE for HTML version 5
+ - Make xsl:decimal-format work with namespaces
+ - Remove norm:localTime extension function
+ - Check for integer overflow in xsltAddTextString
+ - Detect infinite recursion when evaluating function arguments
+ - Fix memory leak in xsltElementAvailableFunction
+ - Fix for pattern predicates calling functions
+ - Fix cmd.exe invocations in Makefile.mingw
+ - Don't try to install index.sgml
+ - Fix symbols.xml
+ - Fix heap overread in xsltFormatNumberConversion
+ - Fix <xsl:number level="any"/> for non-element nodes
+ - Fix unreachable code in xsltAddChild
+ - Change version number in xsl:version warning
+ - Avoid infinite recursion after failed param evaluation
+ - Stop if potential recursion is detected
+ - Consider built-in templates in apply-imports
+ - Fix precedence with multiple attribute sets
+ - Rework attribute set resolution
+ * Improvements:
+ - Silence tests a little
+ - Set LIBXML_SRC to absolute path
+ - Add missing #include
+ - Adjust expected error messages in tests
+ - Make xsltDebug more quiet
+ - New-line terminate error message that missed this convention
+ - Use xmlBuffers in EXSLT string functions
+ - Switch to xmlUTF8Strsize in EXSLT string functions
+ - Check for return value of xmlUTF8Strlen
+ - Avoid double/long round trip in FORMAT_ITEM
+ - Separate date and duration structs
+ - Check for overflow in _exsltDateDifference
+ - Clamp seconds field of durations
+ - Change _exsltDateAddDurCalc parameter types
+ - Fix date:difference with time zones
+ - Rework division/remainder arithmetic in date.c
+ - Remove exsltDateCastDateToNumber
+ - Change internal representation of years
+ - Optimize IS_LEAP
+ - Link libraries with libm
+ - Rename xsltCopyTreeInternal to xsltCopyTree
+ - Update linker version script
+ - Add local wildcard to version script
+ - Make some symbols static
+ - Remove redundant NULL check in xsltNumberComp
+ - Fix forwards compatibility for imported stylesheets
+ - Reduce warnings in forwards-compatible mode
+ - Precompute XSLT elements after preprocessing
+ - Fix whitespace in xsltParseStylesheetTop
+ - Consolidate recursion checks
+ - Treat XSLT_STATE_STOPPED same as errors
+ - Make sure that XSLT_STATE_STOPPED isn't overwritten
+ - Add comment regarding built-in templates and params
+ - Rewrite memory management of local RVTs
+ - Validate QNames of attribute sets
+ - Add xsl:attribute-set regression tests
+ - Ignore imported stylesheets in xsltApplyAttributeSet
+
+-------------------------------------------------------------------
+Thu Oct 19 11:15:22 UTC 2017 - pmonrealgonza...@suse.com
+
+- security update: initialize random generator, CVE-2015-9019
+ [bsc#934119]
+ + libxslt-random-seed.patch
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/libxslt/libxslt.changes 2017-09-13
21:35:11.593182230 +0200
+++ /work/SRC/openSUSE:Factory/.libxslt.new/libxslt.changes 2017-10-28
14:17:39.284392257 +0200
@@ -1,0 +2,86 @@
+Thu Oct 19 10:09:45 UTC 2017 - pmonrealgonza...@suse.com
+
+- Update to version 1.1.30 [bsc#1063934]
+ * Documentation:
+ - Misc doc fixes
+ * Portability:
+ - Look for libxml2 via pkg-config first
+ * Bug Fixes:
+ - Also fix memory hazards in exsltFuncResultElem
+ - Fix NULL deref in xsltDefaultSortFunction
+ - Fix memory hazards in exsltFuncFunctionFunction
+ - Fix memory leaks in EXSLT error paths
+ - Fix memory leak in str:concat with empty node-set
+ - Fix memory leaks in error paths
+ - Switch to xmlUTF8Strsize in numbers.c
+ - Fix NULL pointer deref in xsltFormatNumberFunction
+ - Fix UTF-8 check in str:padding
+ - Fix xmlStrPrintf argument
+ - Check for overflow in _exsltDateParseGYear
+ - Fix double to int conversion
+ - Check for overflow in exsltDateParseDuration
+ - Change version of xsltMaxVars back to 1.0.24
+ - Disable xsltCopyTextString optimization for extensions
+ - Create DOCTYPE for HTML version 5
+ - Make xsl:decimal-format work with namespaces
+ - Remove norm:localTime extension function
+ - Check for integer overflow in xsltAddTextString
+ - Detect infinite recursion when evaluating function arguments
+ - Fix memory leak in xsltElementAvailableFunction
+ - Fix for pattern predicates calling functions
+ - Fix cmd.exe invocations in Makefile.mingw
+ - Don't try to install index.sgml
+ - Fix symbols.xml
+ - Fix heap overread in xsltFormatNumberConversion
+ - Fix <xsl:number level="any"/> for non-element nodes
+ - Fix unreachable code in xsltAddChild
+ - Change version number in xsl:version warning
+ - Avoid infinite recursion after failed param evaluation
+ - Stop if potential recursion is detected
+ - Consider built-in templates in apply-imports
+ - Fix precedence with multiple attribute sets
+ - Rework attribute set resolution
+ * Improvements:
+ - Silence tests a little
+ - Set LIBXML_SRC to absolute path
+ - Add missing #include
+ - Adjust expected error messages in tests
+ - Make xsltDebug more quiet
+ - New-line terminate error message that missed this convention
+ - Use xmlBuffers in EXSLT string functions
+ - Switch to xmlUTF8Strsize in EXSLT string functions
+ - Check for return value of xmlUTF8Strlen
+ - Avoid double/long round trip in FORMAT_ITEM
+ - Separate date and duration structs
+ - Check for overflow in _exsltDateDifference
+ - Clamp seconds field of durations
+ - Change _exsltDateAddDurCalc parameter types
+ - Fix date:difference with time zones
+ - Rework division/remainder arithmetic in date.c
+ - Remove exsltDateCastDateToNumber
+ - Change internal representation of years
+ - Optimize IS_LEAP
+ - Link libraries with libm
+ - Rename xsltCopyTreeInternal to xsltCopyTree
+ - Update linker version script
+ - Add local wildcard to version script
+ - Make some symbols static
+ - Remove redundant NULL check in xsltNumberComp
+ - Fix forwards compatibility for imported stylesheets
+ - Reduce warnings in forwards-compatible mode
+ - Precompute XSLT elements after preprocessing
+ - Fix whitespace in xsltParseStylesheetTop
+ - Consolidate recursion checks
+ - Treat XSLT_STATE_STOPPED same as errors
+ - Make sure that XSLT_STATE_STOPPED isn't overwritten
+ - Add comment regarding built-in templates and params
+ - Rewrite memory management of local RVTs
+ - Validate QNames of attribute sets
+ - Add xsl:attribute-set regression tests
+ - Ignore imported stylesheets in xsltApplyAttributeSet
+
+- Dropped patches fixed upstream
+ * libxslt-CVE-2016-4738.patch
+ * libxslt-1.1.28-CVE-2017-5029.patch
+
+-------------------------------------------------------------------
Old:
----
libxslt-1.1.28-CVE-2017-5029.patch
libxslt-1.1.29.tar.gz
libxslt-1.1.29.tar.gz.asc
libxslt-CVE-2016-4738.patch
New:
----
libxslt-1.1.30.tar.gz
libxslt-1.1.30.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxslt-python.spec ++++++
--- /var/tmp/diff_new_pack.YFp6DG/_old 2017-10-28 14:17:40.148360664 +0200
+++ /var/tmp/diff_new_pack.YFp6DG/_new 2017-10-28 14:17:40.148360664 +0200
@@ -18,7 +18,7 @@
%define libname libxslt1
Name: libxslt-python
-Version: 1.1.29
+Version: 1.1.30
Release: 0
Summary: Python Bindings for libxslt
License: MIT
@@ -31,13 +31,14 @@
# pbleser: don't build the doc subdir as it's broken and we don't install
# it anyway; neither build the xsltproc subdir (not packaged here, faster)
Patch1: libxslt-do_not_build_doc_nor_xsltproc.patch
+Patch2: libxslt-random-seed.patch
BuildRequires: libgcrypt-devel
BuildRequires: libgpg-error-devel
BuildRequires: libtool
BuildRequires: libxml2-devel
-BuildRequires: libxml2-python
BuildRequires: libxslt-tools
BuildRequires: python-devel
+BuildRequires: python-libxml2
BuildRequires: python-xml
#!BuildIgnore: python
Requires: %{libname} = %{version}
@@ -56,6 +57,7 @@
%setup -q -n libxslt-%{version}
%patch0
%patch1
+%patch2 -p1
%build
autoreconf -fvi
++++++ libxslt.spec ++++++
--- /var/tmp/diff_new_pack.YFp6DG/_old 2017-10-28 14:17:40.168359932 +0200
+++ /var/tmp/diff_new_pack.YFp6DG/_new 2017-10-28 14:17:40.176359639 +0200
@@ -19,7 +19,7 @@
%define libname %{name}1
%define exname libexslt0
Name: libxslt
-Version: 1.1.29
+Version: 1.1.30
Release: 0
Summary: XSL Transformation Library
License: MIT AND GPL-2.0+
@@ -33,10 +33,7 @@
Patch0: %{name}-1.1.24-no-net-autobuild.patch
Patch1: libxslt-config-fixes.patch
Patch2: 0009-Make-generate-id-deterministic.patch
-Patch3: libxslt-CVE-2016-4738.patch
-Patch4: libxslt-random-seed.patch
-# PATCH-FIX-UPSTREAM CVE-2017-5029 bsc#1035905
-Patch5: libxslt-1.1.28-CVE-2017-5029.patch
+Patch3: libxslt-random-seed.patch
BuildRequires: libgcrypt-devel
BuildRequires: libgpg-error-devel
BuildRequires: libtool
@@ -105,8 +102,6 @@
%patch1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
%build
autoreconf -fvi
++++++ libxslt-1.1.29.tar.gz -> libxslt-1.1.30.tar.gz ++++++
++++ 10368 lines of diff (skipped)
