update to libxml 2.9.5 and libxslt 1.1.30 #1670
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
and removed the patches we were applying to 2.9.4 and 1.1.29.
note that the test is backwards-compatible with earlier versions of
libxslt.
this is the commit in libxslt that introduced the change in behavior:
commit 45ea7fc4554ee2f39f0a301346f7bd24108c8228
Author: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu May 26 11:38:28 2016 +0200
Consider built-in templates in apply-imports
The XSLT specification says about the built-in templates: "The built-in
template rules are treated as if they were imported implicitly before
the stylesheet and so have lower import precedence than all other
template rules."
That means that the apply-imports instruction needs to consider
built-in templates, as "xsl:apply-imports processes the current node
using only template rules that were imported into the stylesheet
element".
Fixes bug #654150:
https://bugzilla.gnome.org/show_bug.cgi?id=654150
robbkidd
added a commit
to robbkidd/omnibus-software
that referenced
this pull request
Sep 27, 2017
Based on the work done in the nokogiri project to address multiple CVEs in libxml2 and libxslt. https://usn.ubuntu.com/usn/usn-3424-1/ CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050 sparklemotion/nokogiri#1673 sparklemotion/nokogiri#1670 SHA256 generated from downloads. Downloads verified with GPG: gpg --verify libxml2-2.9.5.tar.gz.asc libxml2-2.9.5.tar.gz gpg: Signature made Mon Sep 4 09:00:53 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D gpg --verify libxslt-1.1.30.tar.gz.asc libxslt-1.1.30.tar.gz gpg: Signature made Mon Sep 4 09:36:06 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D Signed-off-by: Robb Kidd <robb@thekidds.org>
robbkidd
added a commit
to robbkidd/omnibus-software
that referenced
this pull request
Sep 27, 2017
Based on the work done in the nokogiri project to address multiple CVEs in libxml2 and libxslt. https://usn.ubuntu.com/usn/usn-3424-1/ CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050 sparklemotion/nokogiri#1673 sparklemotion/nokogiri#1670 SHA256 generated from downloads. Downloads verified with GPG: gpg --verify libxml2-2.9.5.tar.gz.asc libxml2-2.9.5.tar.gz gpg: Signature made Mon Sep 4 09:00:53 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D gpg --verify libxslt-1.1.30.tar.gz.asc libxslt-1.1.30.tar.gz gpg: Signature made Mon Sep 4 09:36:06 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D Signed-off-by: Robb Kidd <robb@thekidds.org>
elthariel
pushed a commit
to elthariel/omnibus-software
that referenced
this pull request
Nov 19, 2017
Based on the work done in the nokogiri project to address multiple CVEs in libxml2 and libxslt. https://usn.ubuntu.com/usn/usn-3424-1/ CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050 sparklemotion/nokogiri#1673 sparklemotion/nokogiri#1670 SHA256 generated from downloads. Downloads verified with GPG: gpg --verify libxml2-2.9.5.tar.gz.asc libxml2-2.9.5.tar.gz gpg: Signature made Mon Sep 4 09:00:53 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D gpg --verify libxslt-1.1.30.tar.gz.asc libxslt-1.1.30.tar.gz gpg: Signature made Mon Sep 4 09:36:06 2017 EDT using RSA key ID 596BEA5D gpg: Good signature from "Daniel Veillard (Red Hat work email) <veillard@redhat.com>" [unknown] gpg: aka "Daniel Veillard <Daniel.Veillard@w3.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: C744 15BA 7C9C 7F78 F02E 1DC3 4606 B8A5 DE95 BC1F Subkey fingerprint: DB46 681B B91A DCEA 170F A2D4 1558 8B26 596B EA5D Signed-off-by: Robb Kidd <robb@thekidds.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.