[AUTO-CHERRYPICK] Upgrade libxslt to fix CVE-2024-55549 and CVE-2025-24855 [High] - branch 3.0-dev (#13243)

Co-authored-by: sindhu-karri <[email protected]>

Author: CBL-Mariner-Bot

SPECS/libxslt/libxslt.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "libxslt-1.1.39.tar.xz": "2a20ad621148339b0759c4d4e96719362dee64c9a096dbba625ba053846349f0"
+  "libxslt-1.1.43.tar.xz": "5a3d6b383ca5afc235b171118e90f5ff6aa27e9fea3303065231a6d403f0183a"
  }
 }

SPECS/libxslt/libxslt.spec

@@ -1,7 +1,7 @@
 %define majminorver %(echo %{version} | cut -d. -f 1,2)
 Summary:        Libxslt is the XSLT C library developed for the GNOME project. XSLT is a an XML language to define transformation for XML.
 Name:           libxslt
-Version:        1.1.39
+Version:        1.1.43
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -55,10 +55,10 @@ make %{?_smp_mflags} check
 
 %files
 %defattr(-,root,root)
-%license COPYING
+%license Copyright
+%doc AUTHORS NEWS README.md FEATURES
 %{_libdir}/*.so.*
 %{_libdir}/*.sh
-%{_libdir}/libxslt-plugins
 %{_bindir}/*
 %{_mandir}/man1/*
 
@@ -71,12 +71,14 @@ make %{?_smp_mflags} check
 %{_includedir}/*
 %{_docdir}/*
 %{_datadir}/gtk-doc/*
-%{_datadir}/aclocal/*
 %{_mandir}/man3/*
 
 
 
 %changelog
+* Tue Mar 18 2025 Sindhu Karri <[email protected]> - 1.1.43-1
+- Upgrade to version 1.1.43 to fix CVE-2024-55549 and CVE-2025-24855
+
 * Tue Nov 28 2023 Andrew Phelps <[email protected]> - 1.1.39-1
 - Upgrade to version 1.1.39
 

cgmanifest.json

@@ -12061,8 +12061,8 @@
         "type": "other",
         "other": {
           "name": "libxslt",
-          "version": "1.1.39",
-          "downloadUrl": "https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.39.tar.xz"
+          "version": "1.1.43",
+          "downloadUrl": "https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.43.tar.xz"
         }
       }
     },

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -225,7 +225,7 @@ libgpg-error-1.47-1.azl3.aarch64.rpm
 libgcrypt-1.10.2-1.azl3.aarch64.rpm
 libksba-1.6.4-1.azl3.aarch64.rpm
 libksba-devel-1.6.4-1.azl3.aarch64.rpm
-libxslt-1.1.39-1.azl3.aarch64.rpm
+libxslt-1.1.43-1.azl3.aarch64.rpm
 npth-1.6-4.azl3.aarch64.rpm
 pinentry-1.2.1-1.azl3.aarch64.rpm
 gnupg2-2.4.4-2.azl3.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -225,7 +225,7 @@ libgpg-error-1.47-1.azl3.x86_64.rpm
 libgcrypt-1.10.2-1.azl3.x86_64.rpm
 libksba-1.6.4-1.azl3.x86_64.rpm
 libksba-devel-1.6.4-1.azl3.x86_64.rpm
-libxslt-1.1.39-1.azl3.x86_64.rpm
+libxslt-1.1.43-1.azl3.x86_64.rpm
 npth-1.6-4.azl3.x86_64.rpm
 pinentry-1.2.1-1.azl3.x86_64.rpm
 gnupg2-2.4.4-2.azl3.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -245,9 +245,9 @@ libxcrypt-devel-4.4.36-2.azl3.aarch64.rpm
 libxml2-2.11.5-4.azl3.aarch64.rpm
 libxml2-debuginfo-2.11.5-4.azl3.aarch64.rpm
 libxml2-devel-2.11.5-4.azl3.aarch64.rpm
-libxslt-1.1.39-1.azl3.aarch64.rpm
-libxslt-debuginfo-1.1.39-1.azl3.aarch64.rpm
-libxslt-devel-1.1.39-1.azl3.aarch64.rpm
+libxslt-1.1.43-1.azl3.aarch64.rpm
+libxslt-debuginfo-1.1.43-1.azl3.aarch64.rpm
+libxslt-devel-1.1.43-1.azl3.aarch64.rpm
 lua-5.4.6-1.azl3.aarch64.rpm
 lua-debuginfo-5.4.6-1.azl3.aarch64.rpm
 lua-devel-5.4.6-1.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -253,9 +253,9 @@ libxml2-devel-2.11.5-4.azl3.x86_64.rpm
 libxcrypt-4.4.36-2.azl3.x86_64.rpm
 libxcrypt-debuginfo-4.4.36-2.azl3.x86_64.rpm
 libxcrypt-devel-4.4.36-2.azl3.x86_64.rpm
-libxslt-1.1.39-1.azl3.x86_64.rpm
-libxslt-debuginfo-1.1.39-1.azl3.x86_64.rpm
-libxslt-devel-1.1.39-1.azl3.x86_64.rpm
+libxslt-1.1.43-1.azl3.x86_64.rpm
+libxslt-debuginfo-1.1.43-1.azl3.x86_64.rpm
+libxslt-devel-1.1.43-1.azl3.x86_64.rpm
 lua-5.4.6-1.azl3.x86_64.rpm
 lua-debuginfo-5.4.6-1.azl3.x86_64.rpm
 lua-devel-5.4.6-1.azl3.x86_64.rpm