| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
* Switch to autoreconf in autogen.sh
* Rename configure.in to configure.ac
* Use modern form of AC_INIT and AM_INIT_AUTOMAKE
* Set "foreign" automake option to avoid creation of a default
COPYING and INSTALL.
* Remove AC_PATH_PROG(RM), otherwise libtool's $RM will be overwritten
and cause the infamous "cannot remove libtoolT" warning.
* Remove autogenerated config.h.in from version control
* Update .gitignore
|
| |
|
|
|
|
|
|
|
|
| |
Fix bashism in configure.in. Resulted in pkg-config never getting used
for libxml if sh is not bash.
Move pkg-config block to correct location. Rework libxml2 detection
logic.
Fixes bugs 787602 and 787617.
|
| |
|
|
|
| |
* configure.in, doc/xslt.html: updated for the release
* doc/*: regenerated
|
| |
|
|
|
|
|
|
|
|
| |
Similar to the previous fix to exsltFuncFunctionFunction,
exsltFuncResultElem also has to get the current node from the transform
context instead of the XPath context.
Thanks to Nicolas Gregoire for the report.
Fixes bug 786989.
|
| |
|
|
|
|
|
|
|
| |
An evaluation error in a secondary sort key could lead to a NULL pointer
dereference.
Thanks to Nicolas Gregoire for the report.
Fixes bug 785588.
|
| |
|
|
|
|
|
|
|
|
| |
Get the current node from the transform context. The current node in
the XPath context isn't guaranteed to be preserved when evaluating the
function template and could point to an invalid address.
Thanks to Nicolas Gregoire for the report.
Fixes bug 785589.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For now this is mainly useful if you work on a fork of the libxslt
mirror on GitHub:
https://github.com/GNOME/libxslt
Start with two build setups:
- GCC with as many GNU extensions disabled as possible, trying to
emulate a C89 compiler on a POSIX system.
- clang with ASan and UBSan.
The test suite doesn't set an exit code on failure, so log the test
output and grep for unexpected lines. This doesn't work for the Python
tests yet, so they're still disabled.
|
| | |
|
| |
|
|
| |
Fixes Python tests when using --with-libxml-src with a relative path.
|
| | |
|
| |
|
|
| |
libxml2 commit c851970 removed some useless error messages.
|
| |
|
|
| |
Found with libFuzzer and ASan.
|
| |
|
|
| |
Found with libFuzzer and ASan.
|
| |
|
|
| |
Found with libFuzzer and ASan.
|
| |
|
|
|
| |
Only call xmlXPathDebugDumpObject if the debug context is stdout or
stderr.
|
| |
|
|
|
|
|
|
|
| |
When encountering invalid UTF-8, xsltUTF8Size can return a size greater
than the actual string length or -1. Switch to xmlUTF8Strsize which
returns a sensible size even with invalid UTF-8.
Under normal conditions, libxslt should never receive invalid UTF-8.
But this change helps when fuzzing and hardens security.
|
| |
|
|
|
|
|
|
| |
Introduced recently with my commit
38d4a90 Make xsl:decimal-format work with namespaces
Coverity CID 1434477. Also found with libFuzzer and ASan.
|
| |
|
|
|
| |
Make sure that all arguments are popped before checking for UTF-8
validity. Improves upon recent commit 1785d11.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If no explicit path is specified, try pkg-config first, before
xml2-config. The reason is that pkg-config knows the difference between
static and shared dependencies and thus doesn't cause libxslt to be
linked against a bunch of extra stuff.
Say for example that libxml2 is compiled --with-icu, then it will be
linked against various libicu shared libraries. xml2-config will _also_
specify those libraries (because it doesn't know whether you are doing
static or shared linking) and thus libxslt is also linked against libicu
even though it does not use it.
On the other hand, pkg-config has Libs/Libs.private which separates
shared&static dependencies and so you can get libxslt to link to _only_
libxml2 without any other things.
Fixes bug #778549:
https://bugzilla.gnome.org/show_bug.cgi?id=778549
|
| |
|
|
|
|
|
| |
That could confuse library users that set their own error handler,
because there are already cases in libxslt that push a single message
in chunks (the same way as libxml2 does) and the user may be interested
in performing the message reconstruction on its own.
|
| |
|
|
|
|
|
|
| |
The type of the msg parameter of xmlStrPrintf has changed. See the
following libxml2 commit:
4472c3a Fix some format string warnings with possible format string
vulnerability
|
| |
|
|
|
| |
This improves performance with (pathologically) long strings. Make sure
to use a fast allocation scheme.
|
| |
|
|
|
|
|
|
|
| |
When encountering invalid UTF-8, xmlUTF8Size can return a size greater
than the actual string length or -1. Switch to xmlUTF8Strsize which
returns a sensible size even with invalid UTF-8.
Under normal conditions, libxslt should never receive invalid UTF-8.
But this change helps when fuzzing and hardens security.
|
| |
|
|
|
|
|
| |
Check whether xmlUTF8Strlen returns -1 for invalid UTF-8.
Under normal conditions, libxslt should never receive invalid UTF-8.
But this change helps when fuzzing and hardens security.
|
| | |
|
| |
|
|
|
|
| |
Fixes bug #765379:
https://bugzilla.gnome.org/show_bug.cgi?id=765379
|
| |
|
|
|
|
| |
Add range checks to avoid undefined behavior.
Limit str:padding length to 100,000 chars.
|
| | |
|
| |
|
|
|
|
|
|
| |
Also fix parsing of duSecondFrag, see
https://www.w3.org/TR/xmlschema11-2/#nt-duSeFrag
Fix memory leak in error case.
|
| | |
|
| |
|
|
|
|
|
| |
Clamp seconds field of durations to range 0..SECS_PER_DAY, simplifying
some calculations.
Also add overflow checks in _exsltDateAddDurCalc.
|
| | |
|
| |
|
|
|
| |
With time zones, the time difference can be more than two days,
requiring a modulo operation.
|
| |
|
|
|
| |
Use integer arithmetic where possible. Remove MODULO and FQUOTIENT
macros. Simplify _exsltDateAddDurCalc.
|
| |
|
|
| |
This function was only used with durations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
XML Schema Part 2 doesn't allow the year 0000 which seems to imply that
year 0001 is preceded by -0001. The old code followed this convention but
it represented the year -0001 as -1, requiring some adjustments when
crossing the beginning of year 0001.
Now the year -0001 is represented by 0 internally (astronomical year
numbering). This simplifies some calculations.
As a side effect, (XML Schema) years -0001, -0005, ... are now leap years.
Previously, years -0004, -0008, ... were leap years. The new behavior
seems more correct and better matches other implementations of the
proleptic Gregorian calendar.
Also fixes some bugs:
- Previously, date:day-in-week() returned wrong values for dates before
the year 3 BC. For example, it returned 6 (Friday) for both
'-0004-12-31' and '-0003-01-01'. Now it returns 4 (Wednesday) for
'-0004-12-31' and 5 (Thursday) for '-0003-01-01' (because of the leap
year change).
- date:add could return wrong results when crossing AD 1. For example,
date:add('-0001-01-01', 'P2Y') would return '0001-01-01' instead of
'0002-01-01'.
- Likewise, date:difference produced wrong results when working on
years or yearMonths.
|
| |
|
|
| |
See http://stackoverflow.com/a/11595914
|
| |
|
|
|
|
|
|
|
|
| |
xsltMaxVars was added in 1.1.27 with a wrong version. We have to keep
the wrong version to not break the ABI.
Also regenerate libxslt.syms.
Fixes bug #780089:
https://bugzilla.gnome.org/show_bug.cgi?id=780089
|
| |
|
|
|
|
|
|
|
| |
Otherwise linking the resulting libraries to a binary (e.g. xsltproc)
fails when using gold linker:
| ../libxslt/.libs/libxslt.so: error: undefined reference to 'fmod'
| ../libxslt/.libs/libxslt.so: error: undefined reference to 'pow'
| ../libexslt/.libs/libexslt.so: error: undefined reference to 'floor'
| collect2: error: ld returned 1 exit status
|
| |
|
|
|
|
|
|
|
|
| |
Extensions could append text using xmlAddChild which will free the
buffer pointed to by 'lasttext'. This buffer could later be
reallocated with a different size than recorded in 'lasttsize'.
Fixes bug #777432:
https://bugzilla.gnome.org/show_bug.cgi?id=777432
|
| |
|
|
|
|
|
| |
Make stylesheets with <xsl:output method="html" version="5"/>
generate a HTML5 doctype. Fixes bug #778192:
https://bugzilla.gnome.org/show_bug.cgi?id=778192
|
| |
|
|
|
|
| |
Fixes bug #778170:
https://bugzilla.gnome.org/show_bug.cgi?id=778170
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The length of the input string wasn't checked, resulting in a
minor information leak. This extension function was non-standard
and undocumented and used a custom date format, so it seems best
to remove it.
Note that with the fix to bug #758192, it's possible to convert
between time zones using date:add and date:difference:
date:add($tz, date:difference($tz, $date-time))
$tz is an arbitrary dateTime in the target time zone. If you
want to convert to the local time zone, set $tz to the current
dateTime returned by date:date-time().
Originally reported to Chromium:
https://crbug.com/670720
|
| |
|
|
|
|
|
|
|
| |
Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
exploited to trigger an out of bounds write on 64-bit systems.
Originally reported to Chromium:
https://crbug.com/676623
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes a regression introduced when consolidating recursion checks
in commit 1c8e0e5. When a function is called recursively during
evaluation of its arguments, the recursion check in
xsltApplySequenceConstructor is never reached. Readd recursion check
in exsltFuncFunctionFunction but use the template depth counter.
Fixes bug #777293:
https://bugzilla.gnome.org/show_bug.cgi?id=777293
|
| |
|
|
| |
The old xsltCopyTree was unused.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Set correct XSLT instruction when evaluating predicates in patterns.
This is needed by functions like element-available. Could also lead
to a NULL pointer dereference.
Thanks to Wang Junjie for the report. Fixes bug #776792:
https://bugzilla.gnome.org/show_bug.cgi?id=776792
|
| |
|
|
|
|
|
|
| |
The /C parameter should be quoted.
Fixes bug #774089:
https://bugzilla.gnome.org/show_bug.cgi?id=774089
|
| |
|
|
|
|
|
|
| |
Under MinGW, the convention is to install DLLs under bin.
Fixes bug #774090:
https://bugzilla.gnome.org/show_bug.cgi?id=774090
|
