| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libexslt0 | Distribution: openSUSE Tumbleweed |
| Version: 1.1.45 | Vendor: openSUSE |
| Release: 1.1 | Build date: Sun Mar 15 09:55:59 2026 |
| Group: System/Libraries | Build host: reproducible |
| Size: 91026 | Source RPM: libxslt-1.1.45-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://gitlab.gnome.org/GNOME/libxslt | |
| Summary: EXSLT Library | |
This is the EXSLT C library developed for libxslt. EXSLT is a community initiative to provide extensions to XSLT.
LGPL-2.1-or-later
* Sun Mar 15 2026 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.1.45:
* updates for new libxml2, needs libxml2 >= 1.15.1
* test updates
* security fixes previously patched
- drop patches now included upstream:
* libxslt-CVE-2025-7424.patch
* libxslt-CVE-2025-11731.patch
* Sat Mar 14 2026 David Anes <david.anes@suse.com>
- Add libxslt-raise-max-parameters.patch to raise the number
of MAX_PARAMETERS [bsc#1258990]
* Wed Feb 04 2026 Petr Gajdos <pgajdos@suse.com>
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
* Wed Oct 15 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
* libxslt-CVE-2025-11731.patch
* Thu Oct 02 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT
* libxslt-CVE-2025-10911.patch
* Thu Jul 17 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes
+ libxslt-CVE-2025-7424.patch
* Fri Mar 14 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 1.1.43:
* Major changes:
- The non-standard EXSLT crypto extensions and support for dynamically
loaded plugins are now disabled by default. These features can be
enabled by passing --with-crypto or --with-plugins to configure.
In a future release, these features will be removed.
- Debug output and the debugger are disabled by default and can be
enabled by passing --with-debug or --with-debugger.
* Security:
- [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node
- [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces
* Bug fixes:
- variables: Fix non-deterministic generated IDs
* libxml2 related cleanup:
- python: Don't use removed libxml2 macro
- tests: Skip test_bad.xsl with libxml2 before 2.13
- python: Don't include nanoftp.h and nanohttp.h
- tests: Avoid namespace warning on Windows
- numbers: Stop using libxml2 XPath axis API
- numbers: Use private copy of xmlCopyCharMultiByte
- documents: Use xmlCtxtParseDocument if available
- tests: Make runtest compile with older libxml2 versions
- utils: Account for libxml2 change
- tests: Make bug-219.xsl compatible with older libxml2
- extensions: always include stdlib.h (Hugo Beauzée-Luyssen)
- extensions: Don't use libxml2's "modules" feature
* Code cleanup:
- numbers: Make static variables const
- variables: Remove debug code
* Portability:
- python: Declare init func with PyMODINIT_FUNC
- exslt: Use C99 NAN macro
* Build:
- cmake: Always build Python module as shared library
- cmake: Fix compatibility in package version file
- configure.ac: Find libgcrypt via pkg-config (Alessandro Astone)
* Remove patches fixed in the update:
- libxslt-reproducible.patch
- libxslt-test-compile-with-older-libxml2-versions.patch
* Sat Jan 18 2025 Pedro Monreal <pmonreal@suse.com>
- Remove the test_bad regression test that fails with old libxml2
as suggested by upstream devs:
* https://gitlab.gnome.org/GNOME/libxslt/-/issues/126
* Sat Jan 18 2025 Pedro Monreal <pmonreal@suse.com>
- Allow building with older libxml2 versions:
* tests: Make runtest compile with older libxml2 versions
* https://gitlab.gnome.org/GNOME/libxslt/issues/125
* Add libxslt-test-compile-with-older-libxml2-versions.patch
* Fri Jan 17 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 1.1.42:
* Regressions:
- extensions: Readd call to xmlCheckFilename with older libxml2
* Improvments:
- utils: Don't use deprecated xmlCharEncodingHandler member
- transform: Handle filesystem paths after libxml2 changes
- locale: Work around issue with FreeBSD's strxfrm_l
* Build systems:
- cmake: Add LIBXSLT_WITH_PROGRAMS option (Don Olmstead)
- cmake: Fix HAVE_GCRYPT check
- Update to 1.1.41:
* Removals:
- autotools: Stop installing libxslt.m4
- autotools: Remove RPM build
* Improvements:
- libxslt: Set _FILE_OFFSET_BITS to 64
- xsltproc: Remove unneeded includes
- include: Don't define ATTRIBUTE_UNUSED in public header
- xsltproc: Make "-" read from stdin
* Build systems:
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel E)
* Tests:
- cmake: Link testplugin with libxml2
- tests: Link testplugin with libxml2
- tests: Fix expected error after libxml2 change
- runtest: Switch to xmlFormatError
- fuzz: Avoid accessing internal struct members
- Update to 1.1.40:
* Removals:
- xsltproc: remove maxparserdepth option (Mike Dalessio)
* Improvements:
- functions: xmlXPtrNewContext is deprecated
- xsltproc: Stop calling xmlMemoryDump
- xsltproc: Prefer XML_PARSE_NONET over xmlNoNetEntityLoader
- functions: Fix build if libxml2 modules are disabled
- extensions: Don't call deprecated xmlCheckFilename
- documents: Don't set ctxt->directory
- exslt: Fix EXSLT functions without parameters
* Build systems:
- build: Remove mem-debug option
* Remove patches upstream:
- gcc14-runtest-no-const.patch
- 0001-tests-Fix-build-with-older-libxml2.patch
* Fri Sep 20 2024 Bernhard Wiedemann <bwiedemann@suse.com>
- Add libxslt-reproducible.patch to make xml output deterministic (boo#1062303)
* Fri May 24 2024 Christophe Marin <christophe@krop.fr>
- Add upstream build fix:
* 0001-tests-Fix-build-with-older-libxml2.patch
* Sun May 05 2024 Bruno Pitrus <brunopitrus@hotmail.com>
- Fix ftbfs with GCC14 (bsc#1220571)
* correct libxslt-random-seed.patch to include time.h unconditionally
* add gcc14-runtest-no-const.patch
* Fri Nov 24 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.1.39:
* Bug fixes: extensions: Don't search imports for extension
prefixes
* Improvements:
- transform: Check maximum depth when processing default
templates
- build:
. Add more missing include
. Add missing includes
- python: Don't set deprecated global
- imports: Limit nesting depth
- extensions: Report top-level elements in
xsltDebugDumpExtensions
- Add extern "C" { } block to xsltlocale.h
* Portability:
- python: Make it compatible with python3.12
- date:
. Fix check for localtime_s
. Fix check for gmtime_s
* Build systems:
- pkg-config files include cflags for static builds
- Handle NOCONFIG case when setting locations from CMake target
properties
- autotools: Make xslt-config executable
* Tests:
- tests: Structured error handler now passes a const xmlError
- python: Fix tests on MinGW
- fuzz: Fix xmlFuzzEntityLoader after recent libxml2 changes
* Tue May 09 2023 David Anes <david.anes@suse.com>
- Removed patch 0009-Make-generate-id-deterministic.patch as it's
already fixed upstream.
- Update to version 1.1.38:
* Major changes:
- About 40 memory errors in code paths handling malloc failures
have been fixed.
- While these issues shouldn't impact security, this improves
robustness under memory pressure.
- The result of generate-id() is now deterministic across
multiple transformations fixing many issues with reproducible
builds.
- Most of the test suite has been ported to C.
* Bug fixes:
- Fix memory errors in code handling malloc failures
- imports: Fix import/include cycle check
- xsltlocale: Fix xsltNewLocale on macOS
- Make xsl:sort thread-safe
- Make generate-id() deterministic
* Improvements
- Stop using xmlStringCurrentChar
- attributes.h needs to include xsltInternals.h (David Kilzer)
- transform: Avoid null deref on documents without root node
- numbers: Fix floating point overflows
- date: Fix integer overflow in exsltDateFormatDuration
- numbers: Fix harmless integer sign change
- date: Add more overflow checks to formatting code (David Kilzer)
- date: Fix rounding to make Windows tests pass
- date: Rewrite duration and seconds formatting
- xsltlocale: Make API platform-independent
- Also accept application/xslt+xml media type in stylesheet PIs
- warnings: Fix strict prototypes warning
- xsltEvalUserParams() and xsltQuoteUserParams() are susceptible to integer
overflow when iterating through const char** array (David Kilzer)
- xslt: Return NULL stylesheet on attribute set errors
- xsltproc: Fix unused variable warning
- xslt: Remove declaration for old libxml2
- Fix various compiler warnings
- Fix compiler warnings in xsltGenerateIdFunction
- Disable Python bindings for debugger
- Don't declare disabled functions
- Migrate from PyEval_ to PyObject_
/usr/lib64/libexslt.so.0 /usr/lib64/libexslt.so.0.8.25 /usr/share/licenses/libexslt0 /usr/share/licenses/libexslt0/Copyright
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 21 22:32:08 2026