upgrade version to 1.1.37

2022-11-05 19:34:13 +08:00 · 2022-11-05 19:34:13 +08:00 · 678b1cc59d
commit 678b1cc59d
parent 28c96dddff
11 changed files with 48 additions and 433 deletions
--- a/CVE-2015-9019.patch
+++ b/CVE-2015-9019.patch
@ -1,9 +1,11 @@
--- a/libexslt/math.c	2017-10-30 15:49:55.000000000 +0800
+diff --git a/libexslt/math.c b/libexslt/math.c
-+++ b/libexslt/math.c	2019-04-18 15:00:54.524000000 +0800
+index 17138b2..c9f9e5a 100644
-@@ -23,6 +23,13 @@
+--- a/libexslt/math.c
- #ifdef HAVE_STDLIB_H
+++ b/libexslt/math.c
@@ -11,6 +11,13 @@
 #include <math.h>
 #include <stdlib.h>
 #endif
 +#ifdef HAVE_UNISTD_H
 +#include <unistd.h>
 +#endif
@ -14,7 +16,7 @@
 #include "exslt.h"
-@@ -474,6 +481,20 @@ static double
+@@ -460,6 +467,20 @@ static double
 exsltMathRandom (void) {
     double ret;
     int num;
@ -35,3 +37,6 @@
     num = rand();
     ret = (double)num / (double)RAND_MAX;
 -- 
 2.27.0
--- a/Fix-clang-Wconditional-uninitialized-warning-in-libx.patch
+++ b/Fix-clang-Wconditional-uninitialized-warning-in-libx.patch
@ -1,28 +0,0 @@
 From 291d190b3d37bfe58efe7328e37a5334c553126b Mon Sep 17 00:00:00 2001
 From: David Kilzer <ddkilzer@apple.com>
 Date: Tue, 7 Jan 2020 15:15:53 -0800
 Subject: [PATCH 10/24] Fix clang -Wconditional-uninitialized warning in
 libxslt/numbers.c
 * libxslt/numbers.c:
 (xsltFormatNumberConversion): Initialize `len` to fix warning.
 ---
 libxslt/numbers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libxslt/numbers.c b/libxslt/numbers.c
 index 92023f8..7969dc9 100644
 --- a/libxslt/numbers.c
 +++ b/libxslt/numbers.c
@@ -960,7 +960,7 @@ xsltFormatNumberConversion(xsltDecimalFormatPtr self,
     xmlChar *nprefix, *nsuffix = NULL;
     int	    prefix_length, suffix_length = 0, nprefix_length, nsuffix_length;
     double  scale;
 -    int	    j, len;
 +    int	    j, len = 0;
     int     self_grouping_len;
     xsltFormatNumberInfo format_info;
     /*
 -- 
 1.8.3.1
--- a/Fix-clang-Wimplicit-int-conversion-warning.patch
+++ b/Fix-clang-Wimplicit-int-conversion-warning.patch
@ -1,28 +0,0 @@
 From aac4bccdd893713dd058305e385d7f13f94e6add Mon Sep 17 00:00:00 2001
 From: David Kilzer <ddkilzer@apple.com>
 Date: Tue, 7 Jan 2020 15:23:17 -0800
 Subject: [PATCH 11/24] Fix clang -Wimplicit-int-conversion warning
 * libxslt/numbers.c:
 (xsltNumberFormatDecimal): Cast `val` to `(xmlChar)` to fix the
 warning.
 ---
 libxslt/numbers.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libxslt/numbers.c b/libxslt/numbers.c
 index 7969dc9..4cb2125 100644
 --- a/libxslt/numbers.c
 +++ b/libxslt/numbers.c
@@ -177,7 +177,7 @@ xsltNumberFormatDecimal(xmlBufferPtr buffer,
 	        i = -1;
 		break;
 	    }
 -	    *(--pointer) = val;
 +	    *(--pointer) = (xmlChar)val;
 	}
 	else {
 	/*
 -- 
 1.8.3.1
--- a/Fix-double-free-with-stylesheets-containing-entity-n.patch
+++ b/Fix-double-free-with-stylesheets-containing-entity-n.patch
@ -1,36 +0,0 @@
 From 3e8bbcdec8d2318ca8ab27a2a4a509a5d9bb2d51 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Tue, 2 Feb 2021 04:28:15 +0100
 Subject: [PATCH] Fix double-free with stylesheets containing entity nodes
 Fix broken logic to make sure that entity nodes are deleted from the
 stylesheet. Note that stylesheets parsed with XML_PARSE_NOENT, which
 is included in XSLT_PARSE_OPTIONS, aren't affected.
 Found by OSS-Fuzz.
 ---
 libxslt/xslt.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)
 diff --git a/libxslt/xslt.c b/libxslt/xslt.c
 index 7a1ce01..69116f2 100644
 --- a/libxslt/xslt.c
 +++ b/libxslt/xslt.c
@@ -3656,12 +3656,8 @@ xsltPreprocessStylesheet(xsltStylesheetPtr style, xmlNodePtr cur)
 	    (!xsltCheckExtURI(style, cur->ns->href))) {
 	    goto skip_children;
 	} else if (cur->children != NULL) {
 -	    if ((cur->children->type != XML_ENTITY_DECL) &&
 -		(cur->children->type != XML_ENTITY_REF_NODE) &&
 -		(cur->children->type != XML_ENTITY_NODE)) {
 -		cur = cur->children;
 -		continue;
 -	    }
 +	    cur = cur->children;
 +	    continue;
 	}
 skip_children:
 -- 
 1.8.3.1
--- a/Fix-implicit-int-conversion-warning-in-exslt-crypto..patch
+++ b/Fix-implicit-int-conversion-warning-in-exslt-crypto..patch
@ -1,25 +0,0 @@
 From f235404b13f17d5343b854fe5d459a0c98bbd2d2 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Fri, 10 Jan 2020 13:11:45 +0100
 Subject: [PATCH 12/24] Fix implicit-int-conversion warning in exslt/crypto.c
 ---
 libexslt/crypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/libexslt/crypto.c b/libexslt/crypto.c
 index 621fd90..c6bf34f 100644
 --- a/libexslt/crypto.c
 +++ b/libexslt/crypto.c
@@ -101,7 +101,7 @@ exsltCryptoHex2Bin (const unsigned char *hex, int hexlen,
 	else if (tmp >= 'a' && tmp <= 'f')
 	    lo = 10 + (tmp - 'a');
 -	result = hi << 4;
 +	result = (unsigned char) (hi << 4);
 	result += lo;
 	bin[j++] = result;
     }
 -- 
 1.8.3.1
--- a/Fix-quadratic-runtime-with-text-and-xsl-message.patch
+++ b/Fix-quadratic-runtime-with-text-and-xsl-message.patch
@ -1,49 +0,0 @@
 From 4ccc06b56b8b6d39c29932c92cd1ed82f6698d6f Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Sun, 20 Sep 2020 15:14:47 +0200
 Subject: [PATCH 33/37] Fix quadratic runtime with text and <xsl:message>
 Backup and restore "last text" data in xsltEvalTemplateString.
 Otherwise, optimization of string concatenation would be disabled
 whenever an xsl:message was processed.
 Found by OSS-Fuzz.
 ---
 libxslt/templates.c | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/libxslt/templates.c b/libxslt/templates.c
 index 48b73a5..4108ed2 100644
 --- a/libxslt/templates.c
 +++ b/libxslt/templates.c
@@ -210,6 +210,8 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
 {
     xmlNodePtr oldInsert, insert = NULL;
     xmlChar *ret;
 +    const xmlChar *oldLastText;
 +    int oldLastTextSize, oldLastTextUse;
     if ((ctxt == NULL) || (contextNode == NULL) || (inst == NULL) ||
         (inst->type != XML_ELEMENT_NODE))
@@ -233,12 +235,18 @@ xsltEvalTemplateString(xsltTransformContextPtr ctxt,
     }
     oldInsert = ctxt->insert;
     ctxt->insert = insert;
 +    oldLastText = ctxt->lasttext;
 +    oldLastTextSize = ctxt->lasttsize;
 +    oldLastTextUse = ctxt->lasttuse;
     /*
     * OPTIMIZE TODO: if inst->children consists only of text-nodes.
     */
     xsltApplyOneTemplate(ctxt, contextNode, inst->children, NULL, NULL);
     ctxt->insert = oldInsert;
 +    ctxt->lasttext = oldLastText;
 +    ctxt->lasttsize = oldLastTextSize;
 +    ctxt->lasttuse = oldLastTextUse;
     ret = xmlNodeGetContent(insert);
     if (insert != NULL)
 -- 
 1.8.3.1
--- a/Fix-use-after-free-in-xsltApplyTemplates.patch
+++ b/Fix-use-after-free-in-xsltApplyTemplates.patch
@ -1,198 +0,0 @@
 From 50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Sat, 12 Jun 2021 20:02:53 +0200
 Subject: [PATCH] Fix use-after-free in xsltApplyTemplates
 xsltApplyTemplates without a select expression could delete nodes in
 the source document.
 1. Text nodes with strippable whitespace
 Whitespace from input documents is already stripped, so there's no
 need to strip it again. Under certain circumstances, xsltApplyTemplates
 could be fooled into deleting text nodes that are still referenced,
 resulting in a use-after-free.
 2. The DTD
 The DTD was only unlinked, but there's no good reason to do this just
 now. Maybe it was meant as a micro-optimization.
 3. Unknown nodes
 Useless and dangerous as well, especially with XInclude nodes.
 See https://gitlab.gnome.org/GNOME/libxml2/-/issues/268
 Simply stop trying to uselessly delete nodes when applying a template.
 This part of the code is probably a leftover from a time where
 xsltApplyStripSpaces wasn't implemented yet. Also note that
 xsltApplyTemplates with a select expression never tried to delete
 nodes.
 Also stop xsltDefaultProcessOneNode from deleting nodes for the same
 reasons.
 This fixes CVE-2021-30560.
 ---
 libxslt/transform.c | 119 +++-----------------------------------------
 1 file changed, 7 insertions(+), 112 deletions(-)
 diff --git a/libxslt/transform.c b/libxslt/transform.c
 index 04522154..3aba354f 100644
 --- a/libxslt/transform.c
 +++ b/libxslt/transform.c
@@ -1895,7 +1895,7 @@ static void
 xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node,
 			  xsltStackElemPtr params) {
     xmlNodePtr copy;
 -    xmlNodePtr delete = NULL, cur;
 +    xmlNodePtr cur;
     int nbchild = 0, oldSize;
     int childno = 0, oldPos;
     xsltTemplatePtr template;
@@ -1968,54 +1968,13 @@ xsltDefaultProcessOneNode(xsltTransformContextPtr ctxt, xmlNodePtr node,
 	    return;
     }
     /*
 -     * Handling of Elements: first pass, cleanup and counting
 +     * Handling of Elements: first pass, counting
      */
     cur = node->children;
     while (cur != NULL) {
 -	switch (cur->type) {
 -	    case XML_TEXT_NODE:
 -	    case XML_CDATA_SECTION_NODE:
 -	    case XML_DOCUMENT_NODE:
 -	    case XML_HTML_DOCUMENT_NODE:
 -	    case XML_ELEMENT_NODE:
 -	    case XML_PI_NODE:
 -	    case XML_COMMENT_NODE:
 -		nbchild++;
 -		break;
 -            case XML_DTD_NODE:
 -		/* Unlink the DTD, it's still reachable using doc->intSubset */
 -		if (cur->next != NULL)
 -		    cur->next->prev = cur->prev;
 -		if (cur->prev != NULL)
 -		    cur->prev->next = cur->next;
 -		break;
 -	    default:
 -#ifdef WITH_XSLT_DEBUG_PROCESS
 -		XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext,
 -		 "xsltDefaultProcessOneNode: skipping node type %d\n",
 -		                 cur->type));
 -#endif
 -		delete = cur;
 -	}
 +	if (IS_XSLT_REAL_NODE(cur))
 +	    nbchild++;
 	cur = cur->next;
 -	if (delete != NULL) {
 -#ifdef WITH_XSLT_DEBUG_PROCESS
 -	    XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext,
 -		 "xsltDefaultProcessOneNode: removing ignorable blank node\n"));
 -#endif
 -	    xmlUnlinkNode(delete);
 -	    xmlFreeNode(delete);
 -	    delete = NULL;
 -	}
 -    }
 -    if (delete != NULL) {
 -#ifdef WITH_XSLT_DEBUG_PROCESS
 -	XSLT_TRACE(ctxt,XSLT_TRACE_PROCESS_NODE,xsltGenericDebug(xsltGenericDebugContext,
 -	     "xsltDefaultProcessOneNode: removing ignorable blank node\n"));
 -#endif
 -	xmlUnlinkNode(delete);
 -	xmlFreeNode(delete);
 -	delete = NULL;
     }
     /*
@@ -4864,7 +4823,7 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node,
     xsltStylePreCompPtr comp = (xsltStylePreCompPtr) castedComp;
 #endif
     int i;
 -    xmlNodePtr cur, delNode = NULL, oldContextNode;
 +    xmlNodePtr cur, oldContextNode;
     xmlNodeSetPtr list = NULL, oldList;
     xsltStackElemPtr withParams = NULL;
     int oldXPProximityPosition, oldXPContextSize;
@@ -4998,73 +4957,9 @@ xsltApplyTemplates(xsltTransformContextPtr ctxt, xmlNodePtr node,
 	else
 	    cur = NULL;
 	while (cur != NULL) {
 -	    switch (cur->type) {
 -		case XML_TEXT_NODE:
 -		    if ((IS_BLANK_NODE(cur)) &&
 -			(cur->parent != NULL) &&
 -			(cur->parent->type == XML_ELEMENT_NODE) &&
 -			(ctxt->style->stripSpaces != NULL)) {
 -			const xmlChar *val;
 -
 -			if (cur->parent->ns != NULL) {
 -			    val = (const xmlChar *)
 -				  xmlHashLookup2(ctxt->style->stripSpaces,
 -						 cur->parent->name,
 -						 cur->parent->ns->href);
 -			    if (val == NULL) {
 -				val = (const xmlChar *)
 -				  xmlHashLookup2(ctxt->style->stripSpaces,
 -						 BAD_CAST "*",
 -						 cur->parent->ns->href);
 -			    }
 -			} else {
 -			    val = (const xmlChar *)
 -				  xmlHashLookup2(ctxt->style->stripSpaces,
 -						 cur->parent->name, NULL);
 -			}
 -			if ((val != NULL) &&
 -			    (xmlStrEqual(val, (xmlChar *) "strip"))) {
 -			    delNode = cur;
 -			    break;
 -			}
 -		    }
 -		    /* Intentional fall-through */
 -		case XML_ELEMENT_NODE:
 -		case XML_DOCUMENT_NODE:
 -		case XML_HTML_DOCUMENT_NODE:
 -		case XML_CDATA_SECTION_NODE:
 -		case XML_PI_NODE:
 -		case XML_COMMENT_NODE:
 -		    xmlXPathNodeSetAddUnique(list, cur);
 -		    break;
 -		case XML_DTD_NODE:
 -		    /* Unlink the DTD, it's still reachable
 -		     * using doc->intSubset */
 -		    if (cur->next != NULL)
 -			cur->next->prev = cur->prev;
 -		    if (cur->prev != NULL)
 -			cur->prev->next = cur->next;
 -		    break;
 -		case XML_NAMESPACE_DECL:
 -		    break;
 -		default:
 -#ifdef WITH_XSLT_DEBUG_PROCESS
 -		    XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext,
 -		     "xsltApplyTemplates: skipping cur type %d\n",
 -				     cur->type));
 -#endif
 -		    delNode = cur;
 -	    }
 +            if (IS_XSLT_REAL_NODE(cur))
 +		xmlXPathNodeSetAddUnique(list, cur);
 	    cur = cur->next;
 -	    if (delNode != NULL) {
 -#ifdef WITH_XSLT_DEBUG_PROCESS
 -		XSLT_TRACE(ctxt,XSLT_TRACE_APPLY_TEMPLATES,xsltGenericDebug(xsltGenericDebugContext,
 -		     "xsltApplyTemplates: removing ignorable blank cur\n"));
 -#endif
 -		xmlUnlinkNode(delNode);
 -		xmlFreeNode(delNode);
 -		delNode = NULL;
 -	    }
 	}
     }
 -- 
 GitLab
--- a/Fix-variable-syntax-in-Python-configuration.patch
+++ b/Fix-variable-syntax-in-Python-configuration.patch
@ -1,50 +0,0 @@
 From b90e1063a83d9c0328d2559cdb6e9455da9747c7 Mon Sep 17 00:00:00 2001
 From: Nick Wellnhofer <wellnhofer@aevum.de>
 Date: Fri, 10 Jan 2020 12:58:35 +0100
 Subject: [PATCH 08/24] Fix variable syntax in Python configuration
 Resolves #30.
 ---
 configure.ac | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index 585b9d7..d676b12 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -272,17 +272,17 @@ except: print 0"`
 	   -d $with_python/lib/python$PYTHON_VERSION/site-packages
 	then
 	    PYTHON_INCLUDES=$with_python/include/python$PYTHON_VERSION
 -	    PYTHON_SITE_PACKAGES='$(libdir)/python$(PYTHON_VERSION)/site-packages'
 +	    PYTHON_SITE_PACKAGES=$libdir/python$PYTHON_VERSION/site-packages
 	else
 	    if test -r $prefix/include/python$PYTHON_VERSION/Python.h
 	    then
 	        PYTHON_INCLUDES=$prefix/include/python$PYTHON_VERSION
 -		PYTHON_SITE_PACKAGES='$(libdir)/python$(PYTHON_VERSION)/site-packages'
 +		PYTHON_SITE_PACKAGES=$libdir/python$PYTHON_VERSION/site-packages
 	    else
 		if test -r /usr/include/python$PYTHON_VERSION/Python.h
 		then
 		    PYTHON_INCLUDES=/usr/include/python$PYTHON_VERSION
 -		    PYTHON_SITE_PACKAGES='$(libdir)/python$(PYTHON_VERSION)/site-packages'
 +		    PYTHON_SITE_PACKAGES=$libdir/python$PYTHON_VERSION/site-packages
 		else
 		    echo could not find python$PYTHON_VERSION/Python.h
 		fi
@@ -296,9 +296,9 @@ except: print 0"`
     fi
     if test "$with_python" != ""
     then
 -        pythondir='$(PYTHON_SITE_PACKAGES)'
 +        pythondir=$PYTHON_SITE_PACKAGES
     else
 -        pythondir='$(libdir)/python$(PYTHON_VERSION)/site-packages'
 +        pythondir=$libdir/python$PYTHON_VERSION/site-packages
     fi
 fi
 AM_CONDITIONAL(WITH_PYTHON, test "$PYTHON_INCLUDES" != "")
 -- 
 1.8.3.1
--- a/libxslt-1.1.34.tar.gz
+++ b/libxslt-1.1.34.tar.gz
--- a/libxslt-1.1.37.tar.gz
+++ b/libxslt-1.1.37.tar.gz
--- a/libxslt.spec
+++ b/libxslt.spec
@ -1,19 +1,12 @@
 Name:     libxslt
-Version:  1.1.34
+Version:  1.1.37
-Release:  7
+Release:  1
 Summary:  XSLT Transformation Library
 License:  MIT
 URL:      http://xmlsoft.org/libxslt/
 Source0:  https://github.com/GNOME/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 # PATCH-FIX-UPSTREAM bug-fix https://github.com/GNOME/libxslt/
 Patch0: CVE-2015-9019.patch
 Patch1: Fix-variable-syntax-in-Python-configuration.patch
 Patch2: Fix-clang-Wconditional-uninitialized-warning-in-libx.patch
 Patch3: Fix-clang-Wimplicit-int-conversion-warning.patch
 Patch4: Fix-implicit-int-conversion-warning-in-exslt-crypto..patch
 Patch5: Fix-quadratic-runtime-with-text-and-xsl-message.patch
 Patch6: Fix-double-free-with-stylesheets-containing-entity-n.patch
 Patch7: Fix-use-after-free-in-xsltApplyTemplates.patch
 BuildRequires: gcc make libtool autoconf automake libgcrypt-devel pkgconfig(libxml-2.0) >= 2.6.27
@ -30,6 +23,24 @@ Requires: libgcrypt-devel libgpg-error-devel
 (or HTML, text, and more) using the standard XSLT stylesheet
 transformation mechanism.
 %package -n python3-libxslt
 Summary:Python 3 bindings for %{name}
 BuildRequires:  python3-devel python3-libxml2
 Requires: %{name} = %{version}-%{release}
 Requires: python3-libxml2 >= 2.6.27
 Requires: libxml2 >= 2.6.27
 %{?python_provide:%python_provide python3-%{name}}
 %description -n python3-libxslt
 The libxslt-python package contains a module that permits applications
 written in the Python programming language to use the interface
 supplied by the libxslt library to apply XSLT transformations.
 This library allows to parse sytlesheets, uses the libxml2-python
 to load and save XML and HTML files. Direct access to XPath and
 the XSLT transformation context are possible to extend the XSLT language
 with XPath functions written in Python.
 %package_help
 %prep
@ -56,7 +67,7 @@ pushd $RPM_BUILD_ROOT/%{_includedir}/%{name}; touch -m --reference=xslt.h ../../
 %files
 %defattr(-,root,root)
-%doc ChangeLog NEWS README FEATURES AUTHORS
+%doc NEWS README FEATURES AUTHORS
 %license Copyright
 %{_bindir}/xsltproc
 %{_libdir}/libxslt.so.*
@ -68,20 +79,33 @@ pushd $RPM_BUILD_ROOT/%{_includedir}/%{name}; touch -m --reference=xslt.h ../../
 %{_libdir}/libxslt.so
 %{_libdir}/libexslt.so
 %{_libdir}/xsltConf.sh
 %{_libdir}/cmake/libxslt/
 %{_datadir}/aclocal/libxslt.m4
 %{_datadir}/gtk-doc/
 %{_includedir}/libxslt/
 %{_includedir}/libexslt/
 %{_libdir}/pkgconfig/libxslt.pc
 %{_libdir}/pkgconfig/libexslt.pc
 %{_bindir}/xslt-config
 %files -n python3-libxslt
 %{python3_sitelib}/libxslt.py*
 %{python3_sitearch}/libxsltmod.so
 %{python3_sitelib}/__pycache__/libxslt*
 %files help
-%doc %{_docdir}/%{name}-%{version}
+%doc %{_docdir}/%{name}
 %doc %{_mandir}/man3/*
-%exclude %{_docdir}/%{name}/{ChangeLog,NEWS,README,FEATURES,AUTHORS}
+%exclude %{_docdir}/%{name}/{NEWS,README,FEATURES,AUTHORS}
-%exclude %{_docdir}/../licenses/Copyright
+%exclude %{_docdir}/../licenses/libxslt/Copyright
 %changelog
 * Sat Nov 05 2022 shixuantong <shixuantong1@huawei.com> - 1.1.37-1
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:upgrade version to 1.1.37
 * Fri Jul 01 2022 fuanan <fuanan3@h-partners.com> - 1.1.34-7
 - Type:CVE
 - ID:CVE-2021-30560