| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libxslt1 | Distribution: openSUSE Tumbleweed |
| Version: 1.1.45 | Vendor: openSUSE |
| Release: 1.1 | Build date: Sun Mar 15 09:55:59 2026 |
| Group: System/Libraries | Build host: reproducible |
| Size: 225721 | Source RPM: libxslt-1.1.45-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://gitlab.gnome.org/GNOME/libxslt | |
| Summary: XSL Transformation Library | |
This C library allows you to transform XML files into other XML files (or HTML, text, and more) using the standard XSLT stylesheet transformation mechanism. It is based on libxml (version 2) for XML parsing, tree manipulation, and XPath support. It is written in plain C, making as few assumptions as possible and sticks closely to ANSI C/POSIX for easy embedding. It includes support for the EXSLT set of extension functions as well as some common extensions present in other XSLT engines.
LGPL-2.1-or-later
* Sun Mar 15 2026 Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.1.45:
* updates for new libxml2, needs libxml2 >= 1.15.1
* test updates
* security fixes previously patched
- drop patches now included upstream:
* libxslt-CVE-2025-7424.patch
* libxslt-CVE-2025-11731.patch
* Sat Mar 14 2026 David Anes <david.anes@suse.com>
- Add libxslt-raise-max-parameters.patch to raise the number
of MAX_PARAMETERS [bsc#1258990]
* Wed Feb 04 2026 Petr Gajdos <pgajdos@suse.com>
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
* Wed Oct 15 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
* libxslt-CVE-2025-11731.patch
* Thu Oct 02 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT
* libxslt-CVE-2025-10911.patch
* Thu Jul 17 2025 pgajdos@suse.com
- security update
- added patches
CVE-2025-7424 [bsc#1246360], Type confusion in xmlNode.psvi between stylesheet and source nodes
+ libxslt-CVE-2025-7424.patch
* Fri Mar 14 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 1.1.43:
* Major changes:
- The non-standard EXSLT crypto extensions and support for dynamically
loaded plugins are now disabled by default. These features can be
enabled by passing --with-crypto or --with-plugins to configure.
In a future release, these features will be removed.
- Debug output and the debugger are disabled by default and can be
enabled by passing --with-debug or --with-debugger.
* Security:
- [bsc#1239625, CVE-2025-24855] Fix use-after-free of XPath context node
- [bsc#1239637, CVE-2024-55549] Fix UAF related to excluded namespaces
* Bug fixes:
- variables: Fix non-deterministic generated IDs
* libxml2 related cleanup:
- python: Don't use removed libxml2 macro
- tests: Skip test_bad.xsl with libxml2 before 2.13
- python: Don't include nanoftp.h and nanohttp.h
- tests: Avoid namespace warning on Windows
- numbers: Stop using libxml2 XPath axis API
- numbers: Use private copy of xmlCopyCharMultiByte
- documents: Use xmlCtxtParseDocument if available
- tests: Make runtest compile with older libxml2 versions
- utils: Account for libxml2 change
- tests: Make bug-219.xsl compatible with older libxml2
- extensions: always include stdlib.h (Hugo Beauzée-Luyssen)
- extensions: Don't use libxml2's "modules" feature
* Code cleanup:
- numbers: Make static variables const
- variables: Remove debug code
* Portability:
- python: Declare init func with PyMODINIT_FUNC
- exslt: Use C99 NAN macro
* Build:
- cmake: Always build Python module as shared library
- cmake: Fix compatibility in package version file
- configure.ac: Find libgcrypt via pkg-config (Alessandro Astone)
* Remove patches fixed in the update:
- libxslt-reproducible.patch
- libxslt-test-compile-with-older-libxml2-versions.patch
* Sat Jan 18 2025 Pedro Monreal <pmonreal@suse.com>
- Remove the test_bad regression test that fails with old libxml2
as suggested by upstream devs:
* https://gitlab.gnome.org/GNOME/libxslt/-/issues/126
* Sat Jan 18 2025 Pedro Monreal <pmonreal@suse.com>
- Allow building with older libxml2 versions:
* tests: Make runtest compile with older libxml2 versions
* https://gitlab.gnome.org/GNOME/libxslt/issues/125
* Add libxslt-test-compile-with-older-libxml2-versions.patch
* Fri Jan 17 2025 Pedro Monreal <pmonreal@suse.com>
- Update to 1.1.42:
* Regressions:
- extensions: Readd call to xmlCheckFilename with older libxml2
* Improvments:
- utils: Don't use deprecated xmlCharEncodingHandler member
- transform: Handle filesystem paths after libxml2 changes
- locale: Work around issue with FreeBSD's strxfrm_l
* Build systems:
- cmake: Add LIBXSLT_WITH_PROGRAMS option (Don Olmstead)
- cmake: Fix HAVE_GCRYPT check
- Update to 1.1.41:
* Removals:
- autotools: Stop installing libxslt.m4
- autotools: Remove RPM build
* Improvements:
- libxslt: Set _FILE_OFFSET_BITS to 64
- xsltproc: Remove unneeded includes
- include: Don't define ATTRIBUTE_UNUSED in public header
- xsltproc: Make "-" read from stdin
* Build systems:
- cmake: Adjust paths for UNIX or UNIX-like target systems (Daniel E)
* Tests:
- cmake: Link testplugin with libxml2
- tests: Link testplugin with libxml2
- tests: Fix expected error after libxml2 change
- runtest: Switch to xmlFormatError
- fuzz: Avoid accessing internal struct members
- Update to 1.1.40:
* Removals:
- xsltproc: remove maxparserdepth option (Mike Dalessio)
* Improvements:
- functions: xmlXPtrNewContext is deprecated
- xsltproc: Stop calling xmlMemoryDump
- xsltproc: Prefer XML_PARSE_NONET over xmlNoNetEntityLoader
- functions: Fix build if libxml2 modules are disabled
- extensions: Don't call deprecated xmlCheckFilename
- documents: Don't set ctxt->directory
- exslt: Fix EXSLT functions without parameters
* Build systems:
- build: Remove mem-debug option
* Remove patches upstream:
- gcc14-runtest-no-const.patch
- 0001-tests-Fix-build-with-older-libxml2.patch
* Fri Sep 20 2024 Bernhard Wiedemann <bwiedemann@suse.com>
- Add libxslt-reproducible.patch to make xml output deterministic (boo#1062303)
* Fri May 24 2024 Christophe Marin <christophe@krop.fr>
- Add upstream build fix:
* 0001-tests-Fix-build-with-older-libxml2.patch
* Sun May 05 2024 Bruno Pitrus <brunopitrus@hotmail.com>
- Fix ftbfs with GCC14 (bsc#1220571)
* correct libxslt-random-seed.patch to include time.h unconditionally
* add gcc14-runtest-no-const.patch
* Fri Nov 24 2023 Bjørn Lie <bjorn.lie@gmail.com>
- Update to version 1.1.39:
* Bug fixes: extensions: Don't search imports for extension
prefixes
* Improvements:
- transform: Check maximum depth when processing default
templates
- build:
. Add more missing include
. Add missing includes
- python: Don't set deprecated global
- imports: Limit nesting depth
- extensions: Report top-level elements in
xsltDebugDumpExtensions
- Add extern "C" { } block to xsltlocale.h
* Portability:
- python: Make it compatible with python3.12
- date:
. Fix check for localtime_s
. Fix check for gmtime_s
* Build systems:
- pkg-config files include cflags for static builds
- Handle NOCONFIG case when setting locations from CMake target
properties
- autotools: Make xslt-config executable
* Tests:
- tests: Structured error handler now passes a const xmlError
- python: Fix tests on MinGW
- fuzz: Fix xmlFuzzEntityLoader after recent libxml2 changes
* Tue May 09 2023 David Anes <david.anes@suse.com>
- Removed patch 0009-Make-generate-id-deterministic.patch as it's
already fixed upstream.
- Update to version 1.1.38:
* Major changes:
- About 40 memory errors in code paths handling malloc failures
have been fixed.
- While these issues shouldn't impact security, this improves
robustness under memory pressure.
- The result of generate-id() is now deterministic across
multiple transformations fixing many issues with reproducible
builds.
- Most of the test suite has been ported to C.
* Bug fixes:
- Fix memory errors in code handling malloc failures
- imports: Fix import/include cycle check
- xsltlocale: Fix xsltNewLocale on macOS
- Make xsl:sort thread-safe
- Make generate-id() deterministic
* Improvements
- Stop using xmlStringCurrentChar
- attributes.h needs to include xsltInternals.h (David Kilzer)
- transform: Avoid null deref on documents without root node
- numbers: Fix floating point overflows
- date: Fix integer overflow in exsltDateFormatDuration
- numbers: Fix harmless integer sign change
- date: Add more overflow checks to formatting code (David Kilzer)
- date: Fix rounding to make Windows tests pass
- date: Rewrite duration and seconds formatting
- xsltlocale: Make API platform-independent
- Also accept application/xslt+xml media type in stylesheet PIs
- warnings: Fix strict prototypes warning
- xsltEvalUserParams() and xsltQuoteUserParams() are susceptible to integer
overflow when iterating through const char** array (David Kilzer)
- xslt: Return NULL stylesheet on attribute set errors
- xsltproc: Fix unused variable warning
- xslt: Remove declaration for old libxml2
- Fix various compiler warnings
- Fix compiler warnings in xsltGenerateIdFunction
- Disable Python bindings for debugger
- Don't declare disabled functions
- Migrate from PyEval_ to PyObject_
/usr/lib/libxslt.so.1 /usr/lib/libxslt.so.1.1.45 /usr/share/licenses/libxslt1 /usr/share/licenses/libxslt1/Copyright
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Apr 27 23:15:04 2026