[libxslt/f17] Update to libxslt-1.1.28 for CVE-2012-6139

Daniel Veillard veillard at fedoraproject.org
Wed Mar 27 10:51:58 UTC 2013 

commit b28e392ef8ae84fc42691ec3bf097d6c214f0a7b
Author: Daniel Veillard <veillard at redhat.com>
Date:   Wed Mar 27 18:51:07 2013 +0800

    Update to libxslt-1.1.28 for CVE-2012-6139

 libxslt-Avoid-a-heap-use-after-free-error.patch    |   54 --
 ...t-Cleanup-of-the-pattern-compilation-code.patch |  214 -------
 libxslt-Fix-a-bug-in-selecting-XSLT-elements.patch |   32 -
 libxslt-Fix-a-dictionary-string-usage.patch        |  113 ----
 libxslt-Fix-bug-602515.patch                       |  142 -----
 ...lt-template-processing-on-namespace-nodes.patch |   42 --
 libxslt-Fix-direct-pattern-matching-bug.patch      |   96 ----
 ...enerate-id-to-not-expose-object-addresses.patch |   66 ---
 ...ix-popping-of-vars-in-xsltCompilerNodePop.patch |   35 --
 ...Fix-portability-to-upcoming-libxml2-2.9.0.patch |   71 ---
 ...t-Fix-some-case-of-pattern-parsing-errors.patch |   33 --
 ...ix-system-property-with-unknown-namespace.patch |   69 ---
 ...ning-of-code-checking-node-types-in-EXSLT.patch |   42 --
 ...hecking-node-types-in-various-entry-point.patch |  594 --------------------
 ...ld-return-an-error-code-if-xinclude-fails.patch |   51 --
 libxslt.spec                                       |   44 +--
 sources                                            |    2 +-
 17 files changed, 9 insertions(+), 1691 deletions(-)
---
diff --git a/libxslt.spec b/libxslt.spec
index fcb7f84..e0febbb 100644
--- a/libxslt.spec
+++ b/libxslt.spec
@@ -1,37 +1,21 @@
 Summary: Library providing the Gnome XSLT engine
 Name: libxslt
-Version: 1.1.26
-Release: 10%{?dist}%{?extra_release}
+Version: 1.1.28
+Release: 1%{?dist}%{?extra_release}
 License: MIT
 Group: Development/Libraries
 Source: ftp://xmlsoft.org/XSLT/libxslt-%{version}.tar.gz
 URL: http://xmlsoft.org/XSLT/
-BuildRequires: libxml2-devel
+BuildRequires: libxml2-devel >= 2.6.27
 BuildRequires: python2-devel
 BuildRequires: libxml2-python
 BuildRequires: libgcrypt-devel
 BuildRequires: automake autoconf
 
-# Fedora specific patch
+# Fedora specific patches
 Patch0: multilib.patch
 Patch1: libxslt-1.1.26-utf8-docs.patch
 
-Patch2: libxslt-Fix-direct-pattern-matching-bug.patch
-Patch3: libxslt-Fix-popping-of-vars-in-xsltCompilerNodePop.patch
-Patch4: libxslt-Fix-bug-602515.patch
-Patch5: libxslt-Fix-generate-id-to-not-expose-object-addresses.patch
-Patch6: libxslt-Fix-some-case-of-pattern-parsing-errors.patch
-Patch7: libxslt-Fix-a-bug-in-selecting-XSLT-elements.patch
-Patch8: libxslt-Fix-portability-to-upcoming-libxml2-2.9.0.patch
-Patch9: libxslt-Fix-default-template-processing-on-namespace-nodes.patch
-Patch10: libxslt-Cleanup-of-the-pattern-compilation-code.patch
-Patch11: libxslt-Hardening-of-code-checking-node-types-in-various-entry-point.patch
-Patch12: libxslt-Hardening-of-code-checking-node-types-in-EXSLT.patch
-Patch13: libxslt-Fix-system-property-with-unknown-namespace.patch
-Patch14: libxslt-xsltproc-should-return-an-error-code-if-xinclude-fails.patch
-Patch15: libxslt-Fix-a-dictionary-string-usage.patch
-Patch16: libxslt-Avoid-a-heap-use-after-free-error.patch
-
 %description
 This C library allows to transform XML files into other XML files
 (or HTML, text, ...) using the standard XSLT stylesheet transformation
@@ -44,6 +28,7 @@ Group: Development/Libraries
 Requires: libxslt = %{version}-%{release}
 Requires: libgcrypt-devel
 
+
 %description devel
 The %{name}-devel package contains libraries and header files for
 developing applications that use %{name}.
@@ -76,22 +61,6 @@ gzip -9 ChangeLog
 touch -r ChangeLog.utf8 ChangeLog.gz
 touch -r NEWS.utf8 NEWS
 
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-
 chmod 644 python/tests/*
 
 %build
@@ -151,6 +120,9 @@ make tests
 %doc python/tests/*.xsl
 
 %changelog
+* Wed Mar 27 2013 Daniel Veillard <veillard at redhat.com> - 1.1.28-1
+- update to upstream release of libxslt-1.1.28 for CVE-2012-6139
+
 * Wed Sep 12 2012 Daniel Veillard <veillard at redhat.com> 1.1.26-10
 - Fixes CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2871 CVE-2012-2870
 - Fix direct pattern matching bug
diff --git a/sources b/sources
index a484e40..12db275 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-e61d0364a30146aaa3001296f853b2b9  libxslt-1.1.26.tar.gz
+9667bf6f9310b957254fdcf6596600b7  libxslt-1.1.28.tar.gz

More information about the scm-commits mailing list