Changelog for libxslt1-1.1.32-lp150.104.4.x86_64.rpm :

* Wed Nov 08 2017 Update to version 1.1.32
* fixes xml-config detection regression (boo#1066525)
* Thu Oct 19 2017 Update to version 1.1.30 [bsc#1063934]
* Documentation: - Misc doc fixes
* Portability: - Look for libxml2 via pkg-config first
* Bug Fixes: - Also fix memory hazards in exsltFuncResultElem - Fix NULL deref in xsltDefaultSortFunction - Fix memory hazards in exsltFuncFunctionFunction - Fix memory leaks in EXSLT error paths - Fix memory leak in str:concat with empty node-set - Fix memory leaks in error paths - Switch to xmlUTF8Strsize in numbers.c - Fix NULL pointer deref in xsltFormatNumberFunction - Fix UTF-8 check in str:padding - Fix xmlStrPrintf argument - Check for overflow in _exsltDateParseGYear - Fix double to int conversion - Check for overflow in exsltDateParseDuration - Change version of xsltMaxVars back to 1.0.24 - Disable xsltCopyTextString optimization for extensions - Create DOCTYPE for HTML version 5 - Make xsl:decimal-format work with namespaces - Remove norm:localTime extension function - Check for integer overflow in xsltAddTextString - Detect infinite recursion when evaluating function arguments - Fix memory leak in xsltElementAvailableFunction - Fix for pattern predicates calling functions - Fix cmd.exe invocations in Makefile.mingw - Don\'t try to install index.sgml - Fix symbols.xml - Fix heap overread in xsltFormatNumberConversion - Fix for non-element nodes - Fix unreachable code in xsltAddChild - Change version number in xsl:version warning - Avoid infinite recursion after failed param evaluation - Stop if potential recursion is detected - Consider built-in templates in apply-imports - Fix precedence with multiple attribute sets - Rework attribute set resolution
* Improvements: - Silence tests a little - Set LIBXML_SRC to absolute path - Add missing #include - Adjust expected error messages in tests - Make xsltDebug more quiet - New-line terminate error message that missed this convention - Use xmlBuffers in EXSLT string functions - Switch to xmlUTF8Strsize in EXSLT string functions - Check for return value of xmlUTF8Strlen - Avoid double/long round trip in FORMAT_ITEM - Separate date and duration structs - Check for overflow in _exsltDateDifference - Clamp seconds field of durations - Change _exsltDateAddDurCalc parameter types - Fix date:difference with time zones - Rework division/remainder arithmetic in date.c - Remove exsltDateCastDateToNumber - Change internal representation of years - Optimize IS_LEAP - Link libraries with libm - Rename xsltCopyTreeInternal to xsltCopyTree - Update linker version script - Add local wildcard to version script - Make some symbols static - Remove redundant NULL check in xsltNumberComp - Fix forwards compatibility for imported stylesheets - Reduce warnings in forwards-compatible mode - Precompute XSLT elements after preprocessing - Fix whitespace in xsltParseStylesheetTop - Consolidate recursion checks - Treat XSLT_STATE_STOPPED same as errors - Make sure that XSLT_STATE_STOPPED isn\'t overwritten - Add comment regarding built-in templates and params - Rewrite memory management of local RVTs - Validate QNames of attribute sets - Add xsl:attribute-set regression tests - Ignore imported stylesheets in xsltApplyAttributeSet- Dropped patches fixed upstream
* libxslt-CVE-2016-4738.patch
* libxslt-1.1.28-CVE-2017-5029.patch
* Mon Sep 11 2017 Fix RPM groups. Drop ineffective --with-pic. Trim conjecture from description.
* Fri Jul 28 2017 Add gpg signature- Cleanup spec file with spec-cleaner
* Tue Apr 25 2017 Fixed CVE-2017-5029 bcs#1035905
* Limit buffer size in xsltAddTextString to INT_MAX- Added patch libxslt-1.1.28-CVE-2017-5029.patch
* Wed Apr 05 2017 security update: initialize random generator, CVE-2015-9019 [bsc#934119] + libxslt-random-seed.patch
* Mon Mar 13 2017 Added patch libxslt-CVE-2016-4738.patch
* Fix heap overread in xsltFormatNumberConversion: An empty decimal-separator could cause a heap overread. This can be exploited to leak a couple of bytes after the buffer that holds the pattern string.
* bsc#1005591 CVE-2016-4738
* Sat Jun 11 2016 Update to 1.1.29:
* new release after 4 years with few bugfies all around- Refresh patch 0009-Make-generate-id-deterministic.patch to apply- Remove cve patch that was integrated upstream: libxslt-1.1.28-type_confusion_preprocess_attr.patch- Unpack the manpage as the compression is set by buildbot not always gz
* Fri May 20 2016 add libxslt-1.1.28-type_confusion_preprocess_attr.patch to fix type confusion in preprocessing attributes [bnc#952474], [CVE-2015-7995]
* Thu Apr 09 2015 fix package with \"soname\" should obsolete libxslt package on suse < 12.2 (SLE11)
* Sun Feb 01 2015 add 0009-Make-generate-id-deterministic.patch from debian\'s reproducible builds project to avoid randomness in generated IDs
* Thu Dec 06 2012 update to 1.1.28:
* fix generate-id() to avoid generating the same ID
* fix crash with empty xsl:key/AATTmatch attribute
* fix crash when passing an uninitialized variable to document()
* fix regression: default namespace not correctly used
* remove xsltTransStorageAdd and xsltTransStorageRemove from symbols.xml- changes from 1.1.27:
* link python module with python library (Frederic Crozat)
* report errors on variable use in key
* the XSLT namespace string is a constant one
* fix handling of names in xsl:attribute
* reserved namespaces in xsl:element and xsl:attribute
* null-terminate result string of cry:rc4_decrypt
* EXSLT date normalization fix
* exit after compilation of invalid func:result
* fix for EXSLT func:function
* rewrite EXSLT string:replace to be conformant
* avoid a heap use after free error
* fix a dictionary string usage
* output should not include extraneous newlines when indent is off
* document(\'\') fails to return stylesheets parsed from memory
* xsltproc should return an error code if xinclude fails
* forwards-compatible processing of unknown top level elements
* fix system-property with unknown namespace
* fix default template processing on namespace nodes
* fix a bug in selecting XSLT elements
* fix a memory leak with xsl:number
* fix a problem with ESXLT date:add() with January
* fix generate-id() to not expose object addresses
* allow whitespace in xsl:variable with select
* fix direct pattern matching bug
* add the saxon:systemId extension
* add an append mode to document output
* fix portability to upcoming libxml2-2.9.0
* precompile patterns in xsl:number- change soname macro back to \"1\" and enforce it in the files list- revert -tools subpackage for openSUSE < 12.2 as that has only become effective since 12.2 on the package that ships with the distribution, to avoid having a completely different package layout in this repository as compared to the stock distribution packages (added a Provides: libxslt-tools though)
* Wed Apr 25 2012 add macro \"soname\" %{name}1- fix \"self obsoletion\"
* Sat Mar 17 2012 Make sure to follow shlib policy; put tools in a separate package like done in libxml2
* Wed Jan 04 2012 Remove redundant tags (License: field is inherited)- Use exact EVR for Provides:
* Wed Jan 04 2012 Tutorial contains GPL-2.0+ code. Either split this off into a subpackage or add GPL-2.0+ as an aggregation to the main licence tag
* Sat Dec 03 2011 don\'t run make check in QEMU builds - breaks due to massive threading
* Mon Nov 21 2011 Remove redundant/unwanted tags/section (cf. specfile guidelines)
* Sun Nov 20 2011 add libtool as buildrequire to avoid implicit dependency
* Thu Sep 08 2011 fix provides/obsoletes
* Tue Aug 02 2011 Add dependency on libgcrypt-devel and libgpg-error-devel for the libxslt-devel package
* Mon Aug 01 2011 Correctly obsolete libxslt package in the baselibs.conf too
* Fri Jul 29 2011 Fix build on SLE
* Fri Jul 29 2011 Fix broken requires,provides,Obsoletes causing \"have choice..\" build system errors- Remove all \"la\" files since they are no longer needed- Fix -devel pacakge requires and messed up -config scripts this may cause build fails of already broken dependant packages that do not link all the needed libraries in an explicit manner (This is not a bug here, it is expected to cause it)
* Wed Jul 27 2011 package clean-up: - include library version number in the name of the binary package - add an alias for xsltproc (required by package xmlto)
* Wed Jul 21 2010 update to libxslt-1.1.26 - Improvements: - Add xsltProcessOneNode to exported symbols for lxml - Features: - Add API versioning and various cleanups - xsl:sort lang support using the locale - Bug fixes - Portability, documentation fixes- drop libxslt-1.1.24-rc4-overflow.patch (included upstream)- drop libxslt-1.1.24-am.patch (included upstream)
* Sat Apr 24 2010 buildrequire pkg-config to fix provides
* Mon Dec 14 2009 add baselibs.conf as a source
* Sun Jun 21 2009 fix build with automake 1.11