- Sep 04, 2017
-
-
Daniel Veillard authored
* configure.in, doc/xslt.html: updated for the release * doc/*: regenerated
-
- Aug 29, 2017
-
-
Nick Wellnhofer authored
Similar to the previous fix to exsltFuncFunctionFunction, exsltFuncResultElem also has to get the current node from the transform context instead of the XPath context. Thanks to Nicolas Gregoire for the report. Fixes bug 786989.
-
- Jul 31, 2017
-
-
Nick Wellnhofer authored
An evaluation error in a secondary sort key could lead to a NULL pointer dereference. Thanks to Nicolas Gregoire for the report. Fixes bug 785588.
-
Nick Wellnhofer authored
Get the current node from the transform context. The current node in the XPath context isn't guaranteed to be preserved when evaluating the function template and could point to an invalid address. Thanks to Nicolas Gregoire for the report. Fixes bug 785589.
-
- Jun 01, 2017
-
-
Nick Wellnhofer authored
For now this is mainly useful if you work on a fork of the libxslt mirror on GitHub: https://github.com/GNOME/libxslt Start with two build setups: - GCC with as many GNU extensions disabled as possible, trying to emulate a C89 compiler on a POSIX system. - clang with ASan and UBSan. The test suite doesn't set an exit code on failure, so log the test output and grep for unexpected lines. This doesn't work for the Python tests yet, so they're still disabled.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
Fixes Python tests when using --with-libxml-src with a relative path.
-
Nick Wellnhofer authored
-
- May 27, 2017
-
-
Nick Wellnhofer authored
libxml2 commit c851970 removed some useless error messages.
-
Nick Wellnhofer authored
Found with libFuzzer and ASan.
-
Nick Wellnhofer authored
Found with libFuzzer and ASan.
-
Nick Wellnhofer authored
Found with libFuzzer and ASan.
-
Nick Wellnhofer authored
Only call xmlXPathDebugDumpObject if the debug context is stdout or stderr.
-
Nick Wellnhofer authored
When encountering invalid UTF-8, xsltUTF8Size can return a size greater than the actual string length or -1. Switch to xmlUTF8Strsize which returns a sensible size even with invalid UTF-8. Under normal conditions, libxslt should never receive invalid UTF-8. But this change helps when fuzzing and hardens security.
-
Nick Wellnhofer authored
Introduced recently with my commit 38d4a907 Make xsl:decimal-format work with namespaces Coverity CID 1434477. Also found with libFuzzer and ASan.
-
Nick Wellnhofer authored
Make sure that all arguments are popped before checking for UTF-8 validity. Improves upon recent commit 1785d118.
-
- May 18, 2017
-
-
If no explicit path is specified, try pkg-config first, before xml2-config. The reason is that pkg-config knows the difference between static and shared dependencies and thus doesn't cause libxslt to be linked against a bunch of extra stuff. Say for example that libxml2 is compiled --with-icu, then it will be linked against various libicu shared libraries. xml2-config will _also_ specify those libraries (because it doesn't know whether you are doing static or shared linking) and thus libxslt is also linked against libicu even though it does not use it. On the other hand, pkg-config has Libs/Libs.private which separates shared&static dependencies and so you can get libxslt to link to _only_ libxml2 without any other things. Fixes bug #778549: https://bugzilla.gnome.org/show_bug.cgi?id=778549
-
That could confuse library users that set their own error handler, because there are already cases in libxslt that push a single message in chunks (the same way as libxml2 does) and the user may be interested in performing the message reconstruction on its own.
-
Nick Wellnhofer authored
The type of the msg parameter of xmlStrPrintf has changed. See the following libxml2 commit: 4472c3a Fix some format string warnings with possible format string vulnerability
-
Nick Wellnhofer authored
This improves performance with (pathologically) long strings. Make sure to use a fast allocation scheme.
-
Nick Wellnhofer authored
When encountering invalid UTF-8, xmlUTF8Size can return a size greater than the actual string length or -1. Switch to xmlUTF8Strsize which returns a sensible size even with invalid UTF-8. Under normal conditions, libxslt should never receive invalid UTF-8. But this change helps when fuzzing and hardens security.
-
Nick Wellnhofer authored
Check whether xmlUTF8Strlen returns -1 for invalid UTF-8. Under normal conditions, libxslt should never receive invalid UTF-8. But this change helps when fuzzing and hardens security.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
Fixes bug #765379: https://bugzilla.gnome.org/show_bug.cgi?id=765379
-
Nick Wellnhofer authored
Add range checks to avoid undefined behavior. Limit str:padding length to 100,000 chars.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
Also fix parsing of duSecondFrag, see https://www.w3.org/TR/xmlschema11-2/#nt-duSeFrag Fix memory leak in error case.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
Clamp seconds field of durations to range 0..SECS_PER_DAY, simplifying some calculations. Also add overflow checks in _exsltDateAddDurCalc.
-
Nick Wellnhofer authored
-
Nick Wellnhofer authored
With time zones, the time difference can be more than two days, requiring a modulo operation.
-
Nick Wellnhofer authored
Use integer arithmetic where possible. Remove MODULO and FQUOTIENT macros. Simplify _exsltDateAddDurCalc.
-
Nick Wellnhofer authored
This function was only used with durations.
-
Nick Wellnhofer authored
XML Schema Part 2 doesn't allow the year 0000 which seems to imply that year 0001 is preceded by -0001. The old code followed this convention but it represented the year -0001 as -1, requiring some adjustments when crossing the beginning of year 0001. Now the year -0001 is represented by 0 internally (astronomical year numbering). This simplifies some calculations. As a side effect, (XML Schema) years -0001, -0005, ... are now leap years. Previously, years -0004, -0008, ... were leap years. The new behavior seems more correct and better matches other implementations of the proleptic Gregorian calendar. Also fixes some bugs: - Previously, date:day-in-week() returned wrong values for dates before the year 3 BC. For example, it returned 6 (Friday) for both '-0004-12-31' and '-0003-01-01'. Now it returns 4 (Wednesday) for '-0004-12-31' and 5 (Thursday) for '-0003-01-01' (because of the leap year change). - date:add could return wrong results when crossing AD 1. For example, date:add('-0001-01-01', 'P2Y') would return '0001-01-01' instead of '0002-01-01'. - Likewise, date:difference produced wrong results when working on years or yearMonths.
-
- May 17, 2017
-
-
Nick Wellnhofer authored
See http://stackoverflow.com/a/11595914
-
- Mar 15, 2017
-
-
Nick Wellnhofer authored
xsltMaxVars was added in 1.1.27 with a wrong version. We have to keep the wrong version to not break the ABI. Also regenerate libxslt.syms. Fixes bug #780089: https://bugzilla.gnome.org/show_bug.cgi?id=780089
-
- Feb 10, 2017
-
-
Jussi Kukkonen authored
Otherwise linking the resulting libraries to a binary (e.g. xsltproc) fails when using gold linker: | ../libxslt/.libs/libxslt.so: error: undefined reference to 'fmod' | ../libxslt/.libs/libxslt.so: error: undefined reference to 'pow' | ../libexslt/.libs/libexslt.so: error: undefined reference to 'floor' | collect2: error: ld returned 1 exit status
-
Nick Wellnhofer authored
Extensions could append text using xmlAddChild which will free the buffer pointed to by 'lasttext'. This buffer could later be reallocated with a different size than recorded in 'lasttsize'. Fixes bug #777432: https://bugzilla.gnome.org/show_bug.cgi?id=777432
-
- Feb 07, 2017
-
-
Nick Wellnhofer authored
Make stylesheets with <xsl:output method="html" version="5"/> generate a HTML5 doctype. Fixes bug #778192: https://bugzilla.gnome.org/show_bug.cgi?id=778192
-
Nick Wellnhofer authored
Fixes bug #778170: https://bugzilla.gnome.org/show_bug.cgi?id=778170
-