Debian Patches
Status for libxslt/1.1.35-1+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-fix-autoconf-automake.patch | fix autoconf automake | Aron Xu <aron@debian.org> | no | 2012-10-03 | ||
| 0003-remove-plugin-in-xslt-config.patch | remove-plugin-in-xslt-config Done in Debian upload 1.1.29-1 |
YunQiang Su <syq@debian.org> | no | 2017-10-29 | ||
| 0004-do-not-clean-manpage.patch | use the just-built xsltproc and the packaged stylesheet to rebuild the manpage if needed | Mattia Rizzolo <mattia@debian.org> | no | debian | 2020-03-04 | |
| 0005-Drop-libdir-and-static-linking-information-from-xslt.patch | Drop libdir and static linking information from xslt-config See https://bugs.debian.org/952115 for the static linking details. |
Mattia Rizzolo <mattia@debian.org> | no | debian | 2020-03-04 | |
| 0012-CVE-2024-55549-Fix-UAF-related-to-excluded-namespace.patch | [CVE-2024-55549] Fix UAF related to excluded namespaces Definitions of excluded namespaces could be deleted in xsltParseTemplateContent. Store excluded namespace URIs in the stylesheet's dictionary instead of referencing the namespace definition. Thanks to Ivan Fratric for the report! Fixes #127. |
Nick Wellnhofer <wellnhofer@aevum.de> | yes | debian upstream | https://gitlab.gnome.org/GNOME/libxslt/-/commit/46041b65f2fbddf5c284ee1a1332fa2c515c0515 | 2024-12-05 |
| 0013-CVE-2025-24855-Fix-use-after-free-of-XPath-context-n.patch | [CVE-2025-24855] Fix use-after-free of XPath context node There are several places where the XPath context node isn't restored after modifying it, leading to use-after-free errors with nested XPath evaluations and dynamically allocated context nodes. Restore XPath context node in - xsltNumberFormatGetValue - xsltEvalXPathPredicate - xsltEvalXPathStringNs - xsltComputeSortResultInternal In some places, the transformation context node was saved and restored which shouldn't be necessary. Thanks to Ivan Fratric for the report! Fixes #128. |
Nick Wellnhofer <wellnhofer@aevum.de> | yes | debian upstream | https://gitlab.gnome.org/GNOME/libxslt/-/commit/c7c7f1f78dd202a053996fcefe57eb994aec8ef2 | 2024-12-17 |
| 0014-Don-t-declare-disabled-functions.patch | [PATCH] Don't declare disabled functions | Nick Wellnhofer <wellnhofer@aevum.de> | no | 2022-08-30 | ||
| 0015-Infrastructure-to-store-extra-data-in-source-nodes.patch | [PATCH] Infrastructure to store extra data in source nodes Provide a mechanism to store bit flags in nodes from the source document. This will later be used to store key and id status. Provide a function to find the psvi member of a node. Revert any changes to the source document after the transformation. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | 2022-08-31 | ||
| 0016-Store-key-status-of-source-nodes-as-bit-flag.patch | [PATCH] Store key status of source nodes as bit flag This frees up the psvi member. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | 2022-08-31 | ||
| 0017-Make-generate-id-deterministic.patch | [PATCH] Make generate-id() deterministic Rework the generate-id() function to return deterministic values. We use a simple incrementing counter and store ids in the 'psvi' member of nodes which was freed up by previous commits. The presence of an id is indicated by a new "source node" flag. This fixes long-standing problems with reproducible builds, see https://bugzilla.gnome.org/show_bug.cgi?id=751621 This also hardens security, as the old implementation leaked the difference between a heap and a global pointer, see https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 The old implementation could also generate the same id for dynamically created nodes which happened to reuse the same memory. Ids for namespace nodes were completely broken. They now use the id of the parent element together with the hex-encoded namespace prefix. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | 2022-08-31 | ||
| 0018-malloc-fail-Fix-memory-leak-in-xsltEvalGlobalVariabl.patch | [PATCH] malloc-fail: Fix memory leak in xsltEvalGlobalVariables Found with libFuzzer, see #84. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | 2023-02-26 | ||
| 0019-variables-Fix-non-deterministic-generated-IDs.patch | [PATCH] variables: Fix non-deterministic generated IDs Evaluate global variables in deterministic order. Otherwise, generated IDs could be non-deterministic if generate-id() is called. Fixes #123. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | 2024-09-19 | ||
| 0020-Clean-up-attributes-in-source-doc.patch | [PATCH] Clean up attributes in source doc Also make bit flag constants unsigned to avoid implicit-conversion warnings. |
Nick Wellnhofer <wellnhofer@aevum.de> | no | 2022-08-31 | ||
| gnome-libxslt-bug-139-apple-fix.diff | [PATCH] libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes * libxslt/functions.c: (xsltDocumentFunctionLoadDocument): - Implement fix suggested by Ivan Fratric. This copies the xmlDoc, calls xsltCleanupSourceDoc() to remove pvsi fields, then adds the xmlDoc to tctxt->docList. - Add error handling for functions that may return NULL. * libxslt/transform.c: - Remove static keyword so this can be called from xsltDocumentFunctionLoadDocument(). * libxslt/transformInternals.h: Add. (xsltCleanupSourceDoc): Add declaration. Fixes #139. |
David Kilzer <ddkilzer@apple.com> | no | 2025-05-24 |
All known versions for source package 'libxslt'
- 1.1.43-0.2 (forky, sid)
- 1.1.35-1.2+deb13u2 (trixie-security, trixie-proposed-updates)
- 1.1.35-1.2+deb13u1 (trixie)
- 1.1.35-1+deb12u3 (bookworm-proposed-updates, bookworm-security)
- 1.1.35-1+deb12u2 (bookworm)