rpms/libxslt
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:imports/c10s/libxslt-1.1.39-6.el10
rpms:imports/c10s/libxslt-1.1.39-5.el10
rpms:imports/c10s/libxslt-1.1.39-4.el10
rpms:imports/c9/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-7.el9
rpms:imports/c8-beta/libxslt-1.1.32-6.el8
rpms:imports/c8-beta/libxslt-1.1.32-5.el8
rpms:imports/c8-beta/libxslt-1.1.32-3.el8
rpms:imports/c8s/libxslt-1.1.32-6.el8
rpms:imports/c8s/libxslt-1.1.32-5.el8
rpms:imports/c8s/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-6.el8
rpms:imports/c8/libxslt-1.1.32-5.el8
rpms:imports/c8/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-3.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c9s
rpms:c8-beta
rpms:c8
rpms:imports/c10s/libxslt-1.1.39-6.el10
rpms:imports/c10s/libxslt-1.1.39-5.el10
rpms:imports/c10s/libxslt-1.1.39-4.el10
rpms:imports/c9/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-9.el9
rpms:imports/c9-beta/libxslt-1.1.34-7.el9
rpms:imports/c8-beta/libxslt-1.1.32-6.el8
rpms:imports/c8-beta/libxslt-1.1.32-5.el8
rpms:imports/c8-beta/libxslt-1.1.32-3.el8
rpms:imports/c8s/libxslt-1.1.32-6.el8
rpms:imports/c8s/libxslt-1.1.32-5.el8
rpms:imports/c8s/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-6.el8
rpms:imports/c8/libxslt-1.1.32-5.el8
rpms:imports/c8/libxslt-1.1.32-4.el8
rpms:imports/c8/libxslt-1.1.32-3.el8

No commits in common. "c8" and "c10s" have entirely different histories.
c8 ... c10s

12 changed files with 151 additions and 623 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/libxslt-1.1.32.tar.gz
/*.tar.*

1
.libxslt.metadata
View File

@ -1 +0,0 @@
c47969f16747a72f9095b6a7a56d3afdd1e6e9ac SOURCES/libxslt-1.1.32.tar.gz

103
SOURCES/libxslt-1.1.26-utf8-docs.patch
View File

@ -1,103 +0,0 @@
--- libxslt-1.1.26/ChangeLog.utf8 2009-07-24 10:16:49.000000000 +0200
+++ libxslt-1.1.26/ChangeLog 2011-03-20 03:28:28.142684293 +0100
@@ -284,7 +284,7 @@
Thu Aug 23 11:47:20 CEST 2007 Daniel Veillard <daniel@veillard.com>
- * libexslt/date.c: apply patch from Björn Wiberg fixing build on AIX
+ * libexslt/date.c: apply patch from Björn Wiberg fixing build on AIX
and closing bug #332173
Fri Aug 3 15:49:26 CEST 2007 Daniel Veillard <daniel@veillard.com>
@@ -2112,7 +2112,7 @@
Tue Feb 17 11:29:15 CET 2004 Daniel Veillard <daniel@veillard.com>
* libxslt/templates.c: applied patch from #134588 provided by
- Mariano Suárez-Alvarez, attribute text node without doc.
+ Mariano Suárez-Alvarez, attribute text node without doc.
Mon Feb 16 15:55:57 CET 2004 Daniel Veillard <daniel@veillard.com>
@@ -3121,7 +3121,7 @@
* python/generator.py: fixed a problem in the generator where
the way functions are remapped as methods on classes was
not symetric and dependant on python internal hash order,
- as reported by Stéphane Bidoul
+ as reported by Stéphane Bidoul
* libexslt/strings.c: attempt at fixing an object type pbm
* libxslt/triodef.h: update for OpenVMS from libxml2
@@ -3497,7 +3497,7 @@
Thu Jan 2 23:23:30 CET 2003 Daniel Veillard <daniel@veillard.com>
- * libexslt/strings.c: applied patch from Jörg Walter to provide
+ * libexslt/strings.c: applied patch from Jörg Walter to provide
URI escaping and unescaping functions.
Thu Dec 26 15:43:31 CET 2002 Daniel Veillard <daniel@veillard.com>
@@ -3507,7 +3507,7 @@
Mon Dec 23 15:43:59 CET 2002 Daniel Veillard <daniel@veillard.com>
- * python/libxslt.c: patch from Stéphane Bidoul for Python 2.1
+ * python/libxslt.c: patch from Stéphane Bidoul for Python 2.1
Sun Dec 22 22:54:04 CET 2002 Daniel Veillard <daniel@veillard.com>
@@ -3648,7 +3648,7 @@
Sun Nov 24 13:58:48 CET 2002 Daniel Veillard <daniel@veillard.com>
- * python/libxsl.py: updated with new version from Stéphane Bidoul
+ * python/libxsl.py: updated with new version from Stéphane Bidoul
Sat Nov 23 22:49:08 CET 2002 Igor Zlatkovic <igor@stud.fh-frankfurt.de>
@@ -5036,7 +5036,7 @@
Mon Nov 26 11:21:27 CET 2001 Daniel Veillard <daniel@veillard.com>
- * libxslt/pattern.c: fixing bug #64044 reported by Gero Meißner,
+ * libxslt/pattern.c: fixing bug #64044 reported by Gero Meißner,
template matches compilation was failing to skip blanks bewteen
consecutive predicates
@@ -5119,7 +5119,7 @@
Tue Oct 30 19:32:08 CET 2001 Daniel Veillard <daniel@veillard.com>
- * configure.in: applied patches from David Härdeman closing
+ * configure.in: applied patches from David Härdeman closing
bug #62891
Tue Oct 30 15:25:19 CET 2001 Daniel Veillard <daniel@veillard.com>
--- libxslt-1.1.26/NEWS.utf8 2009-09-24 16:38:20.000000000 +0200
+++ libxslt-1.1.26/NEWS 2011-03-20 03:27:37.440684281 +0100
@@ -312,7 +312,7 @@
1.1.4: Feb 23 2004:
- - bugfixes: attributes without doc (Mariano Suárez-Alvarez), problem with
+ - bugfixes: attributes without doc (Mariano Suárez-Alvarez), problem with
Yelp, extension problem
- display extension modules (Steve Little)
- Windows compilation patch (Mark Vadoc), Mingw (Mikhail Grushinskiy)
@@ -472,7 +472,7 @@
1.0.24: Jan 14 2003:
- - bug fixes: imported global varables, python bindings (Stéphane Bidoul),
+ - bug fixes: imported global varables, python bindings (Stéphane Bidoul),
EXSLT memory leak (Charles Bozeman), namespace generation on
xsl:attribute, space handling with imports (Daniel Stodden),
extension-element-prefixes (Josh Parsons), comments within xsl:text (Matt
@@ -485,7 +485,7 @@
- fix the API generation scripts
- API to provide the sorting routines (Richard Jinks)
- added XML description of the EXSLT API
- - added ESXLT URI (un)escaping (Jörg Walter)
+ - added ESXLT URI (un)escaping (Jörg Walter)
- Some memory leaks have been found and fixed
- document() now support fragment identifiers in URIs

120
SOURCES/libxslt-1.1.32-CVE-2019-11068.patch
View File

@ -1,120 +0,0 @@
From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 24 Mar 2019 09:51:39 +0100
Subject: [PATCH] Fix security framework bypass
xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
don't check for this condition and allow access. With a specially
crafted URL, xsltCheckRead could be tricked into returning an error
because of a supposedly invalid URL that would still be loaded
succesfully later on.
Fixes #12.
Thanks to Felix Wilhelm for the report.
---
libxslt/documents.c | 18 ++++++++++--------
libxslt/imports.c | 9 +++++----
libxslt/transform.c | 9 +++++----
libxslt/xslt.c | 9 +++++----
4 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/libxslt/documents.c b/libxslt/documents.c
index 3f3a7312..4aad11bb 100644
--- a/libxslt/documents.c
+++ b/libxslt/documents.c
@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
int res;
res = xsltCheckRead(ctxt->sec, ctxt, URI);
- if (res == 0) {
- xsltTransformError(ctxt, NULL, NULL,
- "xsltLoadDocument: read rights for %s denied\n",
- URI);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(ctxt, NULL, NULL,
+ "xsltLoadDocument: read rights for %s denied\n",
+ URI);
return(NULL);
}
}
@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
int res;
res = xsltCheckRead(sec, NULL, URI);
- if (res == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsltLoadStyleDocument: read rights for %s denied\n",
- URI);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsltLoadStyleDocument: read rights for %s denied\n",
+ URI);
return(NULL);
}
}
diff --git a/libxslt/imports.c b/libxslt/imports.c
index 874870cc..3783b247 100644
--- a/libxslt/imports.c
+++ b/libxslt/imports.c
@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
int secres;
secres = xsltCheckRead(sec, NULL, URI);
- if (secres == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsl:import: read rights for %s denied\n",
- URI);
+ if (secres <= 0) {
+ if (secres == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsl:import: read rights for %s denied\n",
+ URI);
goto error;
}
}
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 13793914..0636dbd0 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
*/
if (ctxt->sec != NULL) {
ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
- if (ret == 0) {
- xsltTransformError(ctxt, NULL, inst,
- "xsltDocumentElem: write rights for %s denied\n",
- filename);
+ if (ret <= 0) {
+ if (ret == 0)
+ xsltTransformError(ctxt, NULL, inst,
+ "xsltDocumentElem: write rights for %s denied\n",
+ filename);
xmlFree(URL);
xmlFree(filename);
return;
diff --git a/libxslt/xslt.c b/libxslt/xslt.c
index 780a5ad7..a234eb79 100644
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
int res;
res = xsltCheckRead(sec, NULL, filename);
- if (res == 0) {
- xsltTransformError(NULL, NULL, NULL,
- "xsltParseStylesheetFile: read rights for %s denied\n",
- filename);
+ if (res <= 0) {
+ if (res == 0)
+ xsltTransformError(NULL, NULL, NULL,
+ "xsltParseStylesheetFile: read rights for %s denied\n",
+ filename);
return(NULL);
}
}
--
2.24.1

30
SOURCES/libxslt-1.1.32-CVE-2019-18197.patch
View File

@ -1,30 +0,0 @@
From 2232473733b7313d67de8836ea3b29eec6e8e285 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 17 Aug 2019 16:51:53 +0200
Subject: [PATCH] Fix dangling pointer in xsltCopyText
xsltCopyText didn't reset ctxt->lasttext in some cases which could
lead to various memory errors in relation with CDATA sections in input
documents.
Found by OSS-Fuzz.
---
libxslt/transform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 95ebd073..d7ab0b66 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -1094,6 +1094,8 @@ xsltCopyText(xsltTransformContextPtr ctxt, xmlNodePtr target,
if ((copy->content = xmlStrdup(cur->content)) == NULL)
return NULL;
}
+
+ ctxt->lasttext = NULL;
} else {
/*
* normal processing. keep counters to extend the text node
--
2.22.0

313
SOURCES/libxslt-1.1.32-unexpected-rvt-flag.patch
View File

@ -1,313 +0,0 @@
From 7d81bd62d5788a9e2931c20a3d0a6be7e703c608 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 23 Jul 2018 22:52:12 +0200
Subject: [PATCH] Fix EXSLT functions returning RVTs from outer scopes
The RVTs referenced from function results must not be blindly registered
as local, as they might be part of variables from an outer scope. Remove
LOCAL/VARIABLE distinction for RVTs. Don't register as local RVT
unconditionally when reflagging as LOCAL. Instead, register function
result RVTs from inner variables as local RVTs when they're released in
xsltFreeStackElem. Keep local function result RVTs xsltReleaseLocalRVTs
instead of reregistering.
Closes: https://gitlab.gnome.org/GNOME/libxslt/issues/2
Thanks to Daniel Mendler and Martin Gieseking for the reports.
---
libexslt/functions.c | 11 ++++++++++-
libxslt/transform.c | 17 ++++++++++++++---
libxslt/variables.c | 27 +++++++++++----------------
libxslt/variables.h | 12 ++----------
tests/docs/bug-210.xml | 1 +
tests/docs/bug-211.xml | 1 +
tests/general/bug-210.out | 2 ++
tests/general/bug-210.xsl | 20 ++++++++++++++++++++
tests/general/bug-211.out | 2 ++
tests/general/bug-211.xsl | 26 ++++++++++++++++++++++++++
10 files changed, 89 insertions(+), 30 deletions(-)
create mode 100644 tests/docs/bug-210.xml
create mode 100644 tests/docs/bug-211.xml
create mode 100644 tests/general/bug-210.out
create mode 100644 tests/general/bug-210.xsl
create mode 100644 tests/general/bug-211.out
create mode 100644 tests/general/bug-211.xsl
diff --git a/libexslt/functions.c b/libexslt/functions.c
index 2b83ca34..b7b968f8 100644
--- a/libexslt/functions.c
+++ b/libexslt/functions.c
@@ -426,7 +426,15 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
}
}
/*
- * actual processing
+ * Actual processing. Note that contextVariable is set to NULL which
+ * means that RVTs returned from functions always end up as local RVTs,
+ * not as variable fragments if the function is called in the select
+ * expression of an xsl:variable. This is a hack that only works because
+ * xsltReleaseLocalRVTs isn't called after processing xsl:variable.
+ *
+ * It would probably be better to remove the fragile contextVariable
+ * logic and make xsltEvalVariable move the required RVTs into the
+ * variable manually.
*/
fake = xmlNewDocNode(tctxt->output, NULL,
(const xmlChar *)"fake", NULL);
@@ -766,6 +774,7 @@ exsltFuncResultElem (xsltTransformContextPtr ctxt,
return;
}
/* Mark as function result. */
+ xsltRegisterLocalRVT(ctxt, container);
container->psvi = XSLT_RVT_FUNC_RESULT;
oldInsert = ctxt->insert;
diff --git a/libxslt/transform.c b/libxslt/transform.c
index 90d2731d..d7af31f1 100644
--- a/libxslt/transform.c
+++ b/libxslt/transform.c
@@ -2295,6 +2295,7 @@ static void
xsltReleaseLocalRVTs(xsltTransformContextPtr ctxt, xmlDocPtr base)
{
xmlDocPtr cur = ctxt->localRVT, tmp;
+ xmlDocPtr prev = NULL;
if (cur == base)
return;
@@ -2308,16 +2309,26 @@ xsltReleaseLocalRVTs(xsltTransformContextPtr ctxt, xmlDocPtr base)
xsltReleaseRVT(ctxt, tmp);
} else if (tmp->psvi == XSLT_RVT_GLOBAL) {
xsltRegisterPersistRVT(ctxt, tmp);
- } else if (tmp->psvi != XSLT_RVT_FUNC_RESULT) {
+ } else if (tmp->psvi == XSLT_RVT_FUNC_RESULT) {
+ if (prev == NULL)
+ ctxt->localRVT = tmp;
+ else
+ prev->next = (xmlNodePtr) tmp;
+ tmp->prev = (xmlNodePtr) prev;
+ prev = tmp;
+ } else {
xmlGenericError(xmlGenericErrorContext,
"xsltReleaseLocalRVTs: Unexpected RVT flag %p\n",
tmp->psvi);
}
} while (cur != base);
+ if (prev == NULL)
+ ctxt->localRVT = base;
+ else
+ prev->next = (xmlNodePtr) base;
if (base != NULL)
- base->prev = NULL;
- ctxt->localRVT = base;
+ base->prev = (xmlNodePtr) prev;
}
/**
diff --git a/libxslt/variables.c b/libxslt/variables.c
index fe6f299c..8f88e573 100644
--- a/libxslt/variables.c
+++ b/libxslt/variables.c
@@ -123,7 +123,7 @@ xsltRegisterTmpRVT(xsltTransformContextPtr ctxt, xmlDocPtr RVT)
return(-1);
RVT->prev = NULL;
- RVT->psvi = XSLT_RVT_VARIABLE;
+ RVT->psvi = XSLT_RVT_LOCAL;
/*
* We'll restrict the lifetime of user-created fragments
@@ -163,6 +163,7 @@ xsltRegisterLocalRVT(xsltTransformContextPtr ctxt,
return(-1);
RVT->prev = NULL;
+ RVT->psvi = XSLT_RVT_LOCAL;
/*
* When evaluating "select" expressions of xsl:variable
@@ -173,7 +174,6 @@ xsltRegisterLocalRVT(xsltTransformContextPtr ctxt,
if ((ctxt->contextVariable != NULL) &&
(XSLT_TCTXT_VARIABLE(ctxt)->flags & XSLT_VAR_IN_SELECT))
{
- RVT->psvi = XSLT_RVT_VARIABLE;
RVT->next = (xmlNodePtr) XSLT_TCTXT_VARIABLE(ctxt)->fragment;
XSLT_TCTXT_VARIABLE(ctxt)->fragment = RVT;
return(0);
@@ -183,7 +183,6 @@ xsltRegisterLocalRVT(xsltTransformContextPtr ctxt,
* If not reference by a returning instruction (like EXSLT's function),
* then this fragment will be freed, when the instruction exits.
*/
- RVT->psvi = XSLT_RVT_LOCAL;
RVT->next = (xmlNodePtr) ctxt->localRVT;
if (ctxt->localRVT != NULL)
ctxt->localRVT->prev = (xmlNodePtr) RVT;
@@ -314,14 +313,8 @@ xsltFlagRVTs(xsltTransformContextPtr ctxt, xmlXPathObjectPtr obj, void *val) {
#endif
if (val == XSLT_RVT_LOCAL) {
- if (doc->psvi != XSLT_RVT_FUNC_RESULT) {
- xmlGenericError(xmlGenericErrorContext,
- "xsltFlagRVTs: Invalid transition %p => LOCAL\n",
- doc->psvi);
- return(-1);
- }
-
- xsltRegisterLocalRVT(ctxt, doc);
+ if (doc->psvi == XSLT_RVT_FUNC_RESULT)
+ doc->psvi = XSLT_RVT_LOCAL;
} else if (val == XSLT_RVT_GLOBAL) {
if (doc->psvi != XSLT_RVT_LOCAL) {
xmlGenericError(xmlGenericErrorContext,
@@ -585,10 +578,12 @@ xsltFreeStackElem(xsltStackElemPtr elem) {
cur = elem->fragment;
elem->fragment = (xmlDocPtr) cur->next;
- if (cur->psvi == XSLT_RVT_VARIABLE) {
- xsltReleaseRVT((xsltTransformContextPtr) elem->context,
- cur);
- } else if (cur->psvi != XSLT_RVT_FUNC_RESULT) {
+ if (cur->psvi == XSLT_RVT_LOCAL) {
+ xsltReleaseRVT(elem->context, cur);
+ } else if (cur->psvi == XSLT_RVT_FUNC_RESULT) {
+ xsltRegisterLocalRVT(elem->context, cur);
+ cur->psvi = XSLT_RVT_FUNC_RESULT;
+ } else {
xmlGenericError(xmlGenericErrorContext,
"xsltFreeStackElem: Unexpected RVT flag %p\n",
cur->psvi);
@@ -992,7 +987,7 @@ xsltEvalVariable(xsltTransformContextPtr ctxt, xsltStackElemPtr variable,
* the Result Tree Fragment.
*/
variable->fragment = container;
- container->psvi = XSLT_RVT_VARIABLE;
+ container->psvi = XSLT_RVT_LOCAL;
oldOutput = ctxt->output;
oldInsert = ctxt->insert;
diff --git a/libxslt/variables.h b/libxslt/variables.h
index 24acf8d1..039288fb 100644
--- a/libxslt/variables.h
+++ b/libxslt/variables.h
@@ -45,14 +45,6 @@ extern "C" {
*/
#define XSLT_RVT_LOCAL ((void *)1)
-/**
- * XSLT_RVT_VARIABLE:
- *
- * RVT is part of a local variable and destroyed after the variable goes out
- * of scope.
- */
-#define XSLT_RVT_VARIABLE ((void *)2)
-
/**
* XSLT_RVT_FUNC_RESULT:
*
@@ -60,14 +52,14 @@ extern "C" {
* destroyed after exiting a template and will be reset to XSLT_RVT_LOCAL or
* XSLT_RVT_VARIABLE in the template that receives the return value.
*/
-#define XSLT_RVT_FUNC_RESULT ((void *)3)
+#define XSLT_RVT_FUNC_RESULT ((void *)2)
/**
* XSLT_RVT_GLOBAL:
*
* RVT is part of a global variable.
*/
-#define XSLT_RVT_GLOBAL ((void *)4)
+#define XSLT_RVT_GLOBAL ((void *)3)
/*
* Interfaces for the variable module.
diff --git a/tests/docs/bug-210.xml b/tests/docs/bug-210.xml
new file mode 100644
index 00000000..69d62f2c
--- /dev/null
+++ b/tests/docs/bug-210.xml
@@ -0,0 +1 @@
+<doc/>
diff --git a/tests/docs/bug-211.xml b/tests/docs/bug-211.xml
new file mode 100644
index 00000000..69d62f2c
--- /dev/null
+++ b/tests/docs/bug-211.xml
@@ -0,0 +1 @@
+<doc/>
diff --git a/tests/general/bug-210.out b/tests/general/bug-210.out
new file mode 100644
index 00000000..445906d6
--- /dev/null
+++ b/tests/general/bug-210.out
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<var>value</var>
diff --git a/tests/general/bug-210.xsl b/tests/general/bug-210.xsl
new file mode 100644
index 00000000..1915171d
--- /dev/null
+++ b/tests/general/bug-210.xsl
@@ -0,0 +1,20 @@
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:exsl="http://exslt.org/common"
+ xmlns:func="http://exslt.org/functions"
+ xmlns:my="my-namespace"
+ extension-element-prefixes="exsl func">
+
+<xsl:template match="/">
+ <xsl:variable name="var">
+ <var>value</var>
+ </xsl:variable>
+ <xsl:copy-of select="my:func($var)"/>
+</xsl:template>
+
+<func:function name="my:func">
+ <xsl:param name="var"/>
+ <func:result select="$var"/>
+</func:function>
+
+</xsl:stylesheet>
diff --git a/tests/general/bug-211.out b/tests/general/bug-211.out
new file mode 100644
index 00000000..7b3cf11c
--- /dev/null
+++ b/tests/general/bug-211.out
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+__
diff --git a/tests/general/bug-211.xsl b/tests/general/bug-211.xsl
new file mode 100644
index 00000000..557f5fb3
--- /dev/null
+++ b/tests/general/bug-211.xsl
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:str="http://exslt.org/strings"
+ xmlns:fn="http://exslt.org/functions"
+ xmlns:adoc="http://asciidoc.org/"
+ extension-element-prefixes="fn">
+
+ <fn:function name="adoc:sanitize">
+ <xsl:param name="id"/>
+ <xsl:variable name="tmp" select="str:replace($id, '__', '_')"/>
+ <xsl:choose>
+ <xsl:when test="contains($tmp, '__')">
+ <fn:result select="adoc:sanitize($tmp)"/>
+ </xsl:when>
+ <xsl:otherwise>
+ <fn:result select="$id"/>
+ </xsl:otherwise>
+ </xsl:choose>
+ </fn:function>
+
+ <xsl:template match="*">
+ <xsl:value-of select="adoc:sanitize('________')"/>
+ </xsl:template>
+
+</xsl:stylesheet>
--
GitLab

6
gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

194
SPECS/libxslt.spec → libxslt.spec
View File

@ -1,38 +1,26 @@
%if 0%{?rhel} > 7
# Disable python2 build by default
%bcond_with python2
%else
%bcond_without python2
%endif
Name: libxslt
Summary: Library providing the Gnome XSLT engine
Version: 1.1.32
Version: 1.1.39
Release: 6%{?dist}
License: MIT
URL: http://xmlsoft.org/XSLT
Source: ftp://xmlsoft.org/XSLT/%{name}-%{version}.tar.gz
URL: https://gitlab.gnome.org/GNOME/libxslt
Source0: https://download.gnome.org/sources/%{name}/1.1/%{name}-%{version}.tar.xz
Provides: xsltproc = %{version}-%{release}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: make
BuildRequires: gcc
BuildRequires: %{_bindir}/libgcrypt-config
BuildRequires: pkgconfig(libxml-2.0) >= 2.6.27
BuildRequires: python3-devel
# Fedora specific patches
Patch0: multilib.patch
Patch1: libxslt-1.1.26-utf8-docs.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1765632
Patch2: multilib2.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1775517
Patch3: libxslt-1.1.32-CVE-2019-18197.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1715732
Patch4: libxslt-1.1.32-CVE-2019-11068.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1860467
Patch5: libxslt-1.1.32-unexpected-rvt-flag.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1467435
Patch1: multilib2.patch
%description
This C library allows to transform XML files into other XML files
@ -43,27 +31,25 @@ installed. The xsltproc command is a command line interface to the XSLT engine
%package devel
Summary: Development libraries and header files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: libgcrypt-devel%{?_isa}
Requires: libgpg-error-devel%{?_isa}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%if %{with python2}
%package -n python2-libxslt
Summary: Python 2 bindings for %{name}
BuildRequires: python2-devel
BuildRequires: python2-libxml2
%if 0%{?fedora}
# Upstream package has not been ported to Python 3. I have
# converted this section so it could be used to compile the
# Python 3 bindings one day once that has happened, but
# commented it out. - RWMJ 2019-09-10
%package -n python3-libxslt
Summary: Python 3 bindings for %{name}
BuildRequires: python3-libxml2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: python2-libxml2
%{?python_provide:%python_provide python2-libxslt}
# Remove before F30
Provides: %{name}-python = %{version}-%{release}
Provides: %{name}-python%{?_isa} = %{version}-%{release}
Obsoletes: %{name}-python < %{version}-%{release}
Requires: python3-libxml2
%{?python_provide:%python_provide python3-%{name}}
%description -n python2-libxslt
%description -n python3-libxslt
The libxslt-python package contains a module that permits applications
written in the Python programming language to use the interface
supplied by the libxslt library to apply XSLT transformations.
@ -72,7 +58,7 @@ This library allows to parse sytlesheets, uses the libxml2-python
to load and save XML and HTML files. Direct access to XPath and
the XSLT transformation context are possible to extend the XSLT language
with XPath functions written in Python.
%endif # with python2
%endif
%prep
%autosetup -p1
@ -80,7 +66,17 @@ chmod 644 python/tests/*
%build
autoreconf -vfi
%configure --disable-static --disable-silent-rules
#export PYTHON=%{__python3}
#%configure --disable-static --disable-silent-rules --with-python
%configure \
--disable-static \
--disable-silent-rules \
%if 0%{?fedora}
--with-python=yes \
%else
--with-python=no \
%endif
--with-crypto=no
%make_build
%install
@ -97,7 +93,7 @@ rm -vrf %{buildroot}%{_docdir}
%files
%license Copyright
%doc AUTHORS ChangeLog NEWS README FEATURES
%doc AUTHORS NEWS README.md FEATURES
%{_bindir}/xsltproc
%{_libdir}/libxslt.so.*
%{_libdir}/libexslt.so.*
@ -106,16 +102,16 @@ rm -vrf %{buildroot}%{_docdir}
%files devel
%doc doc/libxslt-api.xml
%doc doc/libxslt-refs.xml
%doc doc/EXSLT/libexslt-api.xml
%doc doc/EXSLT/libexslt-refs.xml
%doc %{_mandir}/man3/libxslt.3*
%doc %{_mandir}/man3/libexslt.3*
%doc doc/*.html doc/html doc/*.gif doc/*.png
%doc doc/images
#%doc doc/*.html doc/html doc/*.gif doc/*.png
#%doc doc/images
%doc doc/tutorial
%doc doc/tutorial2
%doc doc/EXSLT
#%%doc doc/EXSLT
%{_datadir}/gtk-doc/
%{_libdir}/cmake/libxslt/
%{_libdir}/libxslt.so
%{_libdir}/libexslt.so
%{_libdir}/xsltConf.sh
@ -126,29 +122,117 @@ rm -vrf %{buildroot}%{_docdir}
%{_libdir}/pkgconfig/libexslt.pc
%{_bindir}/xslt-config
%if %{with python2}
%files -n python2-libxslt
%{python2_sitearch}/libxslt.py*
%{python2_sitearch}/libxsltmod.so
%if 0%{?fedora}
%files -n python3-libxslt
%{python3_sitelib}/libxslt.py*
%{python3_sitearch}/libxsltmod.so
%{python3_sitelib}/__pycache__/libxslt*
%doc python/libxsltclass.txt
%doc python/tests/*.py
%doc python/tests/*.xml
%doc python/tests/*.xsl
%endif # with python2
%endif
%changelog
* Mon Aug 24 2020 David King <dking@redhat.com> - 1.1.32-6
- Fix unexpected RVT flag error (#1860467)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.1.39-6
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Thu Jan 09 2020 David King <dking@redhat.com> - 1.1.32-5
- Fix CVE-2019-18197 (#1775517)
- Fix CVE-2019-11068 (#1715732)
* Tue Aug 06 2024 Tomas Popela <tpopela@redhat.com> - 1.1.39-5
- Only build python support on Fedora
* Thu Jan 09 2020 David King <dking@redhat.com> - 1.1.32-4
- Fix multilib issues with devel subpackage (#1765632)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.1.39-4
- Bump release for June 2024 mass rebuild
* Mon Jun 25 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.1.32-3
- Conditionalize the python2 subpackage
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.39-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.39-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Nov 16 2023 Gwyn Ciesla <gwync@protonmail.com> - 1.1.39-1
- 1.1.39
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.38-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 1.1.38-2
- Rebuilt for Python 3.12
* Mon May 08 2023 Gwyn Ciesla <gwync@protonmail.com> - 1.1.38-1
- 1.1.38
* Sun Mar 05 2023 Gwyn Ciesla <gwync@protonmail.com> - 1.1.37-3
- migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.37-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Aug 29 2022 Gwyn Ciesla <gwync@protonmail.com> - 1.1.37-1
- 1.1.37
* Wed Aug 17 2022 Gwyn Ciesla <gwync@protonmail.com> - 1.1.36-1
- 1.1.36
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.35-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 16 2022 Gwyn Ciesla <gwync@protonmail.com> - 1.1.35-2
- Exclude arch-specific Makefile from -devel.
* Wed Feb 16 2022 David King <amigadave@amigadave.com> - 1.1.35-1
- Update to 1.1.35
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.34-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.34-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.34-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Sep 14 2020 Gwyn Ciesla <gwync@protonmail.com> - 1.1.34-4
- Patch for incorrect man page stylesheet.
* Tue Sep 1 2020 Simo Sorce <simo@redhat.com> - 1.1.34-3
- Drop crypto dependency.
- The "cryptography" implemented in exslt is outdated and bad supporting only
insecure algorithms (RC4, SHA1, MD5, MD4), and should not be used anyway.
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.34-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Mar 09 2020 Gwyn Ciesla <gwync@protonmail.com> - 1.1.34-1
- 1.1.34
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.33-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 11 2019 Jakub Jelen <jjelen@redhat.com> - 1.1.33-4
- Do not build python bindings even if the python is available
- Fix CVE-2019-13117 (#1728547)
- Fix CVE-2019-13118 (#1728542)
* Tue Sep 10 2019 Richard W.M. Jones <rjones@redhat.com> - 1.1.33-3
- Comment out Python bindings until upstream can convert them to Python 3.
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.33-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Jun 07 2019 David King <amigadave@amigadave.com> - 1.1.33-1
- Update to 1.1.33
- Fix CVE-2019-11068 (#1709698)
* Mon May 06 2019 Artem S. Tashkinov <artem@tashkinov.com> - 1.1.32-5
- Apply an extra patch to fix PR1467435 and make it possible to coinstall
libxslt-devel.x64 and libxslt-devel.i686
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.32-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.32-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.1.32-2
- Fix typo in Requires

0
SOURCES/multilib.patch → multilib.patch
View File

0
SOURCES/multilib2.patch → multilib2.patch
View File

4
rpminspect.yaml Normal file
View File

@ -0,0 +1,4 @@
xml:
ignore:
- /usr/share/doc/libxslt-devel/tutorial/libxslttutorial.xml
- /usr/share/doc/libxslt-devel/tutorial2/libxslt_pipes.xml

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (libxslt-1.1.39.tar.xz) = c0c99dc63f8b2acb6cc3ad7ad684ffa2a427ee8d1740495cbf8a7c9b9c8679f96351b4b676c73ccc191014db4cb4ab42b9a0070f6295565f39dbc665c5c16f89