[xml/sgml-pkgs] Bug#1009232: libxslt: New upstream release (v1.1.35, 2022 Feb 16), not detected by debian/watch

Florian Ernst florian_ernst at gmx.net
Sat Apr 9 12:05:20 BST 2022


Source: libxslt
Version: 1.1.34-4
Severity: wishlist

Dear maintainer,

there is a new upstream release available, cf.
<https://gitlab.gnome.org/GNOME/libxslt/-/tags>.

Its NEWS read
| v1.1.35: Feb 16 2022:
|    - Security:
|   [CVE-2021-30560] Fix use-after-free in xsltApplyTemplates
|   Fix memory leak in xsltDocumentElem (David King)
|   Fix memory leak in xsltCompileIdKeyPattern (David King)
|   Fix double-free with stylesheets containing entity nodes
| 
|    - Fixed regressions:
|   Fix performance regression with predicates in patterns
|   Fix regression in xsltComputeSortResult
| 
|    - Bug fixes:
|   Fix conflict resolution for templates with same priority
|   Fix xsl:number generating invalid UTF-8
|   Support attribute value templates in xsl:sort lang attributes
|   Don't pass first <xsl:sort> in <xsl:apply-templates> twice
|   Fix quadratic runtime with text and <xsl:message>
|   Don't allow empty EXSLT durations
| 
|    - Improvements:
|   Add xsltproc --huge Argument via libxml XML_PARSE_HUGE (William N. Braswell, Jr.)
| 
|    - Tests, code quality, fuzzing:
|   Remove .travis.yml
|   Fix some misleading indentation (David King)
|   Use actual types for templates in struct _xsltStylesheet
|   Add CI for CMake on MSVC (Markus Rickert)
|   Check for null pointer before calling freelocale
|   Add CI test for Python 3
|   Don't set maxDepth in XPath contexts
|   Transfer XPath limits to XPtr context
|   Stop using maxParserDepth XPath limit
|   Make long-to-double cast explicit in date.c
|   Disable LeakSanitizer
|   Run clang CI tests with -Wimplicit-int-conversion
|   Fix implicit-int-conversion warning in exslt/crypto.c
|   Fix clang -Wimplicit-int-conversion warning (David Kilzer)
|   Fix clang -Wconditional-uninitialized warning in libxslt/numbers.c (David Kilzer)
|   Fix -Wshadow warnings in libexslt/dynamic.c (David Kilzer)
|   Also search parent dir for source XML when fuzzing
| 
|    - Build system, portability:
|   Add CMake build files (Markus Rickert)
|   Initial support for Python 3 (Suleyman Poyraz)
|   Call ANSI versions of WinAPI functions explicitly
|   Remove redundant flags from pkg-config files
|   Suppress automake warning in tests/XSLTMark
|   Fix linking libexslt dynamic library when using MinGW (Vadim Zeitlin)
|   Added platform specific path separators (Dmitriy Korovkin)
|   win32: allow passing *FLAGS on command line
|   Fix export of xsltExtMarker on Windows (David Kilzer)
|   Fix redundant includes already in libexslt.h (David Kilzer)
|   Minor fixes to configure.js
|   Fix variable syntax in Python configuration
|   Add new EXSLT string tests to EXTRA_DIST
|   Fix xml2-config check in configure script
|   win32: Add configuration for profiler (Chun-wei Fan)
|   Check whether 'xml2-config --dynamic' is supported
| 
|    - Documentation:
|   Add Makefile rule to regenerate xsltproc.html
|   Update links
|   Remove MAINTAINERS
|   Upload documentation to GitLab Pages
|   Add documentation in devhelp format
|   Add --enable-rebuild-docs configure option
|   Fix libexslt header summaries
|   Fix validity of tutorial XML (David King)
|   Use DocBook URL for tutorial DTD (David King)
|   Update libxslt.doap
|   Add missing options to xsltproc man page

The security fixes, the fixed regressions, and the misc bug fixes make
this worthwile, it seems. Please update the package when you think it is
due time.

Please find attached a patch fixing the Homepage (the former now
redirects to the latter) and allowing debian/watch to detect new
releases at GNOME's gitlab instance.

Cheers,
Flo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libxslt_homepage_watch.diff
Type: text/x-diff
Size: 921 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20220409/a97ca4cb/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-xml-sgml-pkgs/attachments/20220409/a97ca4cb/attachment.sig>


More information about the debian-xml-sgml-pkgs mailing list