Package: libxslt | Debian Sources

Package: libxslt / 1.1.35-2

Metadata

Package	Version	Patches format
libxslt	1.1.35-2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 fix autoconf automake.patch \| (download)	configure.ac \| 5 3 + 2 - 0 ! 1 file changed, 3 insertions(+), 2 deletions(-)	fix autoconf automake
0003 remove plugin in xslt config.patch \| (download)	xslt-config.in \| 5 0 + 5 - 0 ! 1 file changed, 5 deletions(-)	remove-plugin-in-xslt-config Done in Debian upload 1.1.29-1
0004 do not clean manpage.patch \| (download)	doc/Makefile.am \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	use the just-built xsltproc and the packaged stylesheet to rebuild the manpage if needed Bug-Debian: https://bugs.debian.org/947914
0005 Drop libdir and static linking information from xslt.patch \| (download)	xslt-config.in \| 15 2 + 13 - 0 ! 1 file changed, 2 insertions(+), 13 deletions(-)	drop libdir and static linking information from xslt-config See https://bugs.debian.org/952115 for the static linking details. Bug-Debian: https://bugs.debian.org/952768
0010_missing_include.diff \| (download)	libexslt/date.c \| 1 1 + 0 - 0 ! libxslt/extensions.c \| 1 1 + 0 - 0 ! 2 files changed, 2 insertions(+)	add missing #include <stdlib.h> to fix ftfbs.
0011_libgcrypt_pkgconfig.diff \| (download)	configure.ac \| 21 3 + 18 - 0 ! 1 file changed, 3 insertions(+), 18 deletions(-)	use pkg-config to locate libgcrypt.
0012 CVE 2024 55549 Fix UAF related to excluded namespace.patch \| (download)	libxslt/xslt.c \| 12 11 + 1 - 0 ! 1 file changed, 11 insertions(+), 1 deletion(-)	[cve-2024-55549] fix uaf related to excluded namespaces
0013 CVE 2025 24855 Fix use after free of XPath context n.patch \| (download)	libxslt/numbers.c \| 5 5 + 0 - 0 ! libxslt/templates.c \| 9 6 + 3 - 0 ! libxslt/xsltutils.c \| 4 2 + 2 - 0 ! 3 files changed, 13 insertions(+), 5 deletions(-)	[cve-2025-24855] fix use-after-free of xpath context node
0014 Don t declare disabled functions.patch \| (download)	libxslt/xsltutils.h \| 8 6 + 2 - 0 ! 1 file changed, 6 insertions(+), 2 deletions(-)	[patch] don't declare disabled functions
0015 Infrastructure to store extra data in source nodes.patch \| (download)	libxslt/transform.c \| 34 34 + 0 - 0 ! libxslt/xsltInternals.h \| 1 1 + 0 - 0 ! libxslt/xsltutils.c \| 135 135 + 0 - 0 ! libxslt/xsltutils.h \| 13 13 + 0 - 0 ! 4 files changed, 183 insertions(+)	[patch] infrastructure to store extra data in source nodes Provide a mechanism to store bit flags in nodes from the source document. This will later be used to store key and id status. Provide a function to find the psvi member of a node. Revert any changes to the source document after the transformation.
0016 Store key status of source nodes as bit flag.patch \| (download)	libxslt/keys.c \| 19 1 + 18 - 0 ! libxslt/pattern.c \| 37 2 + 35 - 0 ! libxslt/xsltutils.h \| 1 1 + 0 - 0 ! 3 files changed, 4 insertions(+), 53 deletions(-)	[patch] store key status of source nodes as bit flag This frees up the psvi member.
0017 Make generate id deterministic.patch \| (download)	libxslt/functions.c \| 107 91 + 16 - 0 ! libxslt/xsltInternals.h \| 1 1 + 0 - 0 ! libxslt/xsltutils.h \| 1 1 + 0 - 0 ! tests/REC/test-12.4-1.out \| 11 11 + 0 - 0 ! tests/REC/test-12.4-1.xml \| 6 6 + 0 - 0 ! tests/REC/test-12.4-1.xsl \| 38 38 + 0 - 0 ! tests/exslt/common/dynamic-id.out \| 13 13 + 0 - 0 ! tests/exslt/common/dynamic-id.xml \| 1 1 + 0 - 0 ! tests/exslt/common/dynamic-id.xsl \| 29 29 + 0 - 0 ! 9 files changed, 191 insertions(+), 16 deletions(-)	[patch] make generate-id() deterministic Rework the generate-id() function to return deterministic values. We use a simple incrementing counter and store ids in the 'psvi' member of nodes which was freed up by previous commits. The presence of an id is indicated by a new "source node" flag. This fixes long-standing problems with reproducible builds, see https://bugzilla.gnome.org/show_bug.cgi?id=751621 This also hardens security, as the old implementation leaked the
0018 malloc fail Fix memory leak in xsltEvalGlobalVariabl.patch \| (download)	libxslt/variables.c \| 9 7 + 2 - 0 ! 1 file changed, 7 insertions(+), 2 deletions(-)	[patch] malloc-fail: fix memory leak in xsltevalglobalvariables Found with libFuzzer, see #84.
0019 variables Fix non deterministic generated IDs.patch \| (download)	libxslt/variables.c \| 22 13 + 9 - 0 ! 1 file changed, 13 insertions(+), 9 deletions(-)	[patch] variables: fix non-deterministic generated ids Evaluate global variables in deterministic order. Otherwise, generated IDs could be non-deterministic if generate-id() is called. Fixes #123.
0020 Clean up attributes in source doc.patch \| (download)	libxslt/transform.c \| 10 10 + 0 - 0 ! libxslt/xsltutils.h \| 6 3 + 3 - 0 ! 2 files changed, 13 insertions(+), 3 deletions(-)	[patch] clean up attributes in source doc Also make bit flag constants unsigned to avoid implicit-conversion warnings.
gnome libxslt bug 139 apple fix.diff \| (download)	libxslt/functions.c \| 16 15 + 1 - 0 ! libxslt/transform.c \| 3 2 + 1 - 0 ! libxslt/transformInternals.h \| 9 9 + 0 - 0 ! 3 files changed, 26 insertions(+), 2 deletions(-)	[patch] libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes * libxslt/functions.c: (xsltDocumentFunctionLoadDocument): - Implement fix suggested by Ivan Fratric. This copies the xmlDoc, calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the xmlDoc to tctxt->docList. - Add error handling for functions that may return NULL. * libxslt/transform.c: - Remove static keyword so this can be called from xsltDocumentFunctionLoadDocument(). * libxslt/transformInternals.h: Add. (xsltCleanupSourceDoc): Add declaration. Fixes #139.

1