Hello community, here is the log from the commit of package libxslt for openSUSE:Factory checked in at 2019-12-07 15:22:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxslt (Old) and /work/SRC/openSUSE:Factory/.libxslt.new.4691 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxslt" Sat Dec 7 15:22:10 2019 rev:61 rq:750091 version:1.1.34 Changes: -------- --- /work/SRC/openSUSE:Factory/libxslt/libxslt.changes 2019-10-22 15:43:55.769613035 +0200 +++ /work/SRC/openSUSE:Factory/.libxslt.new.4691/libxslt.changes 2019-12-07 15:23:18.919729418 +0100 @@ -1,0 +2,87 @@ +Wed Nov 20 12:58:31 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Update to 1.1.34: Oct 30 2019 + * Documentation: + - Fix EXSLT web pages, Regenerate web pages + - Fix Git link in news.html + - Minor documentation fixes after recent changes + - Regenerate symbols and API docs + - Regenerate EXSLT website + * Portability: + - Remove stubs when compiling without debugger or profiler + - configure.ac: Invoke PKG_CHECK_MODULES for building shared libraries + - configure.ac: Conditionally determine whether xml2-config should pass + shared libraries or static libraries + - xslt-config.in: Fix broken --prefix=DIR support + - libexslt.pc.in: Do not expose private library dependencies unless invoked + - libxslt.pc.in: Do not expose private library dependencies unless invoked + - Fix -Wformat-overflow warning (GCC 9) + - Stop including ansidecl.h + - Remove WIN32_EXTRA_* variables + - Build without winsock + * Bug Fixes: + - xsl:template without name and match attributes should not be allowed + - Make sure that Python tests exit with error code + - Improve handling of invalid UTF-8 in format-number + - Fix dangling pointer in xsltCopyText + - Fix memory leak in pattern compilation error path + - Fix uninitialized read with UTF-8 grouping chars + - Fix integer overflow in FORMAT_GYEAR + - Fix performance regression with xsl:number + - Backup XPath context node in xsltInitCtxtKey + - Fix unsigned integer overflow in date.c + - Fix insertion of xsl:fallback content + - Avoid quadratic behavior in xsltSaveResultTo + - Fix numbering in non-Latin scripts + - Fix uninitialized read of xsl:number token + - Fix integer overflow in _exsltDateDayInWeek + - Rework xsltAttrVT allocation + - Fix check of xsltTestCompMatch return value + - Fix security framework bypass + - Use xmlNewTextChild in EXSLT dyn:map + - Fix float casts in exsltDateDuration + - Always set context node before calling XPath iterators + - Fix attribute precedence with xsl:use-attribute-sets + - Backup context node in exsltFuncFunctionFunction + - Initialize ctxt->output before evaluating global vars + - Fix memory leak in EXSLT functions error path + * Improvements: + - Fix -Wimplicit-fallthrough warnings + - Adjust number of API index pages + - Make xsltCompileRelativePathPattern non-recursive + - Check that crypto:rc4_decrypt produces valid UTF-8 + - Avoid recursion in keys.c:skipPredicate + - xslt-config.in: Simply handling of $all_flags + - xslt-config.in: Add a --dynamic option to --libs + - xslt-config.in: Simplify basic library handling + - xslt-config.in: Remove unused variable + - xslt-config: Simply handling of --cflags + - Improve fuzzers + - Always reuse XPath context + - Compile with -Wextra + - Make profiler support optional + - Hide unused code when compiling without debugger + - Reorganize fuzzing code + - Optional operation limit + - Improve seed corpus and dictionary + - Reuse XPath context when compiling stylesheets + - Reuse XPath context in dyn:map + - Reuse XPath context in saxon:expression + - Add libFuzzer targets + - Adjust error message in expected test output + - Change bug tracker URL + - Change git repo URL + - Regenerate NEWS + - Fix misleading indentation in security.c + * Cleanups: + - Remove empty TODO file + - Remove generated file libxsltclass.txt from version control + - Rebuild docs +- Rebase patch libxslt-config-fixes.patch +- Remove patches fixed upstream: + * libxslt-CVE-2019-11068.patch + * libxslt-CVE-2019-13117.patch + * libxslt-CVE-2019-13118.patch + * libxslt-CVE-2019-18197.patch + +------------------------------------------------------------------- Old: ---- libxslt-1.1.33.tar.gz libxslt-1.1.33.tar.gz.asc libxslt-CVE-2019-11068.patch libxslt-CVE-2019-13117.patch libxslt-CVE-2019-13118.patch libxslt-CVE-2019-18197.patch New: ---- libxslt-1.1.34.tar.gz libxslt-1.1.34.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxslt.spec ++++++ --- /var/tmp/diff_new_pack.pPJDYC/_old 2019-12-07 15:23:19.475729341 +0100 +++ /var/tmp/diff_new_pack.pPJDYC/_new 2019-12-07 15:23:19.479729340 +0100 @@ -1,7 +1,7 @@ # # spec file for package libxslt # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define libname %{name}1 %define exname libexslt0 Name: libxslt -Version: 1.1.33 +Version: 1.1.34 Release: 0 Summary: XSL Transformation Library License: MIT AND GPL-2.0-or-later @@ -34,14 +34,6 @@ Patch1: libxslt-config-fixes.patch Patch2: 0009-Make-generate-id-deterministic.patch Patch3: libxslt-random-seed.patch -# PATCH-FIX-UPSTREAM bsc#1132160 CVE-2019-11068 Fix security framework bypass -Patch4: libxslt-CVE-2019-11068.patch -# PATCH-FIX-UPSTREAM bsc#1140095 CVE-2019-13117 Fix uninitialized read of xsl:number token -Patch5: libxslt-CVE-2019-13117.patch -# PATCH-FIX-UPSTREAM bsc#1140101 CVE-2019-13118 Fix uninitialized read with UTF-8 grouping chars -Patch6: libxslt-CVE-2019-13118.patch -# PATCH-FIX-UPSTREAM bsc#1154609 CVE-2019-18197 Fix dangling pointer in xsltCopyText -Patch7: libxslt-CVE-2019-18197.patch BuildRequires: libgcrypt-devel BuildRequires: libgpg-error-devel BuildRequires: libtool @@ -111,10 +103,6 @@ %patch1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %build autoreconf -fvi ++++++ libxslt-1.1.33.tar.gz -> libxslt-1.1.34.tar.gz ++++++ ++++ 18079 lines of diff (skipped) ++++++ libxslt-config-fixes.patch ++++++ --- /var/tmp/diff_new_pack.pPJDYC/_old 2019-12-07 15:23:20.067729259 +0100 +++ /var/tmp/diff_new_pack.pPJDYC/_new 2019-12-07 15:23:20.067729259 +0100 @@ -1,21 +1,13 @@ ---- xsltConf.sh.in.orig 2012-12-06 08:43:13.843408831 +0100 -+++ xsltConf.sh.in 2012-12-06 08:43:22.617391851 +0100 -@@ -2,6 +2,6 @@ +Index: xsltConf.sh.in +=================================================================== +--- xsltConf.sh.in.orig ++++ xsltConf.sh.in +@@ -2,7 +2,7 @@ # Configuration file for using the xslt library # XSLT_LIBDIR="@XSLT_LIBDIR@" -XSLT_LIBS="@XSLT_LIBS@" +XSLT_LIBS="-lxslt" + XSLT_PRIVATE_LIBS="@XSLT_PRIVATE_LIBS@" XSLT_INCLUDEDIR="@XSLT_INCLUDEDIR@" MODULE_VERSION="xslt-@VERSION@" ---- xslt-config.in.orig 2012-12-06 08:42:48.797457330 +0100 -+++ xslt-config.in 2012-12-06 08:43:10.402415492 +0100 -@@ -89,7 +89,7 @@ - shift - done - --the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@" -+the_libs="-lxslt" - if test "$includedir" != "/usr/include"; then - the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`" - else
