libxslt: upgrade to release 1.1.34

Fixes CVE-2019-18197.

Remove obsolete e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1.

Change-Id: I95cf498e245083528f98bfef8cdd240bbe2211b9
Reviewed-on: https://gerrit.libreoffice.org/83312
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit e9ea24cc004a8b9a5856f2f268bd40433c504db1)
Reviewed-on: https://gerrit.libreoffice.org/83377
(cherry picked from commit d19b32c779bfeb51ef9570c3de8ed1925ec44473)
Reviewed-on: https://gerrit.libreoffice.org/83419
Tested-by: Michael Stahl <michael.stahl@cib.de>

6 files changed, 85 insertions, 136 deletions

diff --git a/download.lst b/download.lst
index f0a3164fbd0f..274ce1b0b768 100644
--- a/download.lst
+++ b/download.lst
@@ -157,8 +157,8 @@ export XMLSEC_TARBALL := xmlsec1-1.2.25.tar.gz
 export LIBXML_SHA256SUM := aafee193ffb8fe0c82d4afef6ef91972cbaf5feea100edc2f262750611b4be1f
 export LIBXML_VERSION_MICRO := 10
 export LIBXML_TARBALL := libxml2-2.9.$(LIBXML_VERSION_MICRO).tar.gz
-export LIBXSLT_SHA256SUM := 8e36605144409df979cab43d835002f63988f3dc94d5d3537c12796db90e38c8
-export LIBXSLT_VERSION_MICRO := 33
+export LIBXSLT_SHA256SUM := 98b1bd46d6792925ad2dfe9a87452ea2adebf69dcb9919ffd55bf926a7f93f7f
+export LIBXSLT_VERSION_MICRO := 34
 export LIBXSLT_TARBALL := libxslt-1.1.$(LIBXSLT_VERSION_MICRO).tar.gz
 export LPSOLVE_SHA256SUM := 171816288f14215c69e730f7a4f1c325739873e21f946ff83884b350574e6695
 export LPSOLVE_TARBALL := 26b3e95ddf3d9c077c480ea45874b3b8-lp_solve_5.5.tar.gz
diff --git a/external/libxslt/UnpackedTarball_libxslt.mk b/external/libxslt/UnpackedTarball_libxslt.mk
index beb591b8b2a8..b035e99f0a79 100644
--- a/external/libxslt/UnpackedTarball_libxslt.mk
+++ b/external/libxslt/UnpackedTarball_libxslt.mk
@@ -19,7 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libxslt,\
 	external/libxslt/libxslt-msvc.patch.2 \
 	external/libxslt/libxslt-1.1.26-memdump.patch \
 	external/libxslt/rpath.patch.0 \
-	external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 \
+	external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1 b/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
deleted file mode 100644
index 260f35d1a35e..000000000000
--- a/external/libxslt/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch.1
+++ /dev/null
@@ -1,120 +0,0 @@
-From e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Sun, 24 Mar 2019 09:51:39 +0100
-Subject: [PATCH] Fix security framework bypass
-
-xsltCheckRead and xsltCheckWrite return -1 in case of error but callers
-don't check for this condition and allow access. With a specially
-crafted URL, xsltCheckRead could be tricked into returning an error
-because of a supposedly invalid URL that would still be loaded
-succesfully later on.
-
-Fixes #12.
-
-Thanks to Felix Wilhelm for the report.
----
- libxslt/documents.c | 18 ++++++++++--------
- libxslt/imports.c   |  9 +++++----
- libxslt/transform.c |  9 +++++----
- libxslt/xslt.c      |  9 +++++----
- 4 files changed, 25 insertions(+), 20 deletions(-)
-
-diff --git a/libxslt/documents.c b/libxslt/documents.c
-index 3f3a7312..4aad11bb 100644
---- a/libxslt/documents.c
-+++ b/libxslt/documents.c
-@@ -296,10 +296,11 @@ xsltLoadDocument(xsltTransformContextPtr ctxt, const xmlChar *URI) {
- 	int res;
- 
- 	res = xsltCheckRead(ctxt->sec, ctxt, URI);
--	if (res == 0) {
--	    xsltTransformError(ctxt, NULL, NULL,
--		 "xsltLoadDocument: read rights for %s denied\n",
--			     URI);
-+	if (res <= 0) {
-+            if (res == 0)
-+                xsltTransformError(ctxt, NULL, NULL,
-+                     "xsltLoadDocument: read rights for %s denied\n",
-+                                 URI);
- 	    return(NULL);
- 	}
-     }
-@@ -372,10 +373,11 @@ xsltLoadStyleDocument(xsltStylesheetPtr style, const xmlChar *URI) {
- 	int res;
- 
- 	res = xsltCheckRead(sec, NULL, URI);
--	if (res == 0) {
--	    xsltTransformError(NULL, NULL, NULL,
--		 "xsltLoadStyleDocument: read rights for %s denied\n",
--			     URI);
-+	if (res <= 0) {
-+            if (res == 0)
-+                xsltTransformError(NULL, NULL, NULL,
-+                     "xsltLoadStyleDocument: read rights for %s denied\n",
-+                                 URI);
- 	    return(NULL);
- 	}
-     }
-diff --git a/libxslt/imports.c b/libxslt/imports.c
-index 874870cc..3783b247 100644
---- a/libxslt/imports.c
-+++ b/libxslt/imports.c
-@@ -130,10 +130,11 @@ xsltParseStylesheetImport(xsltStylesheetPtr style, xmlNodePtr cur) {
- 	int secres;
- 
- 	secres = xsltCheckRead(sec, NULL, URI);
--	if (secres == 0) {
--	    xsltTransformError(NULL, NULL, NULL,
--		 "xsl:import: read rights for %s denied\n",
--			     URI);
-+	if (secres <= 0) {
-+            if (secres == 0)
-+                xsltTransformError(NULL, NULL, NULL,
-+                     "xsl:import: read rights for %s denied\n",
-+                                 URI);
- 	    goto error;
- 	}
-     }
-diff --git a/libxslt/transform.c b/libxslt/transform.c
-index 13793914..0636dbd0 100644
---- a/libxslt/transform.c
-+++ b/libxslt/transform.c
-@@ -3493,10 +3493,11 @@ xsltDocumentElem(xsltTransformContextPtr ctxt, xmlNodePtr node,
-      */
-     if (ctxt->sec != NULL) {
- 	ret = xsltCheckWrite(ctxt->sec, ctxt, filename);
--	if (ret == 0) {
--	    xsltTransformError(ctxt, NULL, inst,
--		 "xsltDocumentElem: write rights for %s denied\n",
--			     filename);
-+	if (ret <= 0) {
-+            if (ret == 0)
-+                xsltTransformError(ctxt, NULL, inst,
-+                     "xsltDocumentElem: write rights for %s denied\n",
-+                                 filename);
- 	    xmlFree(URL);
- 	    xmlFree(filename);
- 	    return;
-diff --git a/libxslt/xslt.c b/libxslt/xslt.c
-index 780a5ad7..a234eb79 100644
---- a/libxslt/xslt.c
-+++ b/libxslt/xslt.c
-@@ -6763,10 +6763,11 @@ xsltParseStylesheetFile(const xmlChar* filename) {
- 	int res;
- 
- 	res = xsltCheckRead(sec, NULL, filename);
--	if (res == 0) {
--	    xsltTransformError(NULL, NULL, NULL,
--		 "xsltParseStylesheetFile: read rights for %s denied\n",
--			     filename);
-+	if (res <= 0) {
-+            if (res == 0)
-+                xsltTransformError(NULL, NULL, NULL,
-+                     "xsltParseStylesheetFile: read rights for %s denied\n",
-+                                 filename);
- 	    return(NULL);
- 	}
-     }
--- 
-2.18.1
-
diff --git a/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1 b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
new file mode 100644
index 000000000000..f82c2e4f77ee
--- /dev/null
+++ b/external/libxslt/e2584eed1c84c18f16e42188c30d2c3d8e3e8853.patch.1
@@ -0,0 +1,69 @@
+From e2584eed1c84c18f16e42188c30d2c3d8e3e8853 Mon Sep 17 00:00:00 2001
+From: Chun-wei Fan <fanchunwei@src.gnome.org>
+Date: Tue, 12 Nov 2019 17:37:05 +0800
+Subject: [PATCH] win32: Add configuration for profiler
+
+Without this the generated xsltconfig.h will not be complete as there
+will be a configuration variable that is left in the header, breaking
+builds.
+
+This will allow one to enable or disable profiler support in Windows
+builds, and the default is to enable this.
+---
+ win32/configure.js | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/win32/configure.js b/win32/configure.js
+index 56694cce..12c99f30 100644
+--- a/win32/configure.js
++++ b/win32/configure.js
+@@ -47,6 +47,7 @@ var withIconv = true;
+ var withZlib = false;
+ var withCrypto = true;
+ var withModules = false;
++var withProfiler = true;
+ /* Win32 build options. */
+ var dirSep = "\\";
+ var compiler = "msvc";
+@@ -106,6 +107,7 @@ function usage()
+ 	txt += "  zlib:       Use zlib library (" + (withZlib? "yes" : "no") + ")\n";
+ 	txt += "  crypto:     Enable Crypto support (" + (withCrypto? "yes" : "no") + ")\n";
+ 	txt += "  modules:    Enable Module support (" + (withModules? "yes" : "no") + ")\n";
++	txt += "  profiler:   Enable Profiler support (" + (withProfiler? "yes" : "no") + ")\n";
+ 	txt += "\nWin32 build options, default value given in parentheses:\n\n";
+ 	txt += "  compiler:   Compiler to be used [msvc|mingw] (" + compiler + ")\n";
+ 	txt += "  cruntime:   C-runtime compiler option (only msvc) (" + cruntime + ")\n";
+@@ -192,6 +194,7 @@ function discoverVersion()
+ 	vf.WriteLine("WITH_ZLIB=" + (withZlib? "1" : "0"));
+ 	vf.WriteLine("WITH_CRYPTO=" + (withCrypto? "1" : "0"));
+ 	vf.WriteLine("WITH_MODULES=" + (withModules? "1" : "0"));
++	vf.WriteLine("WITH_PROFILER=" + (withProfiler? "1" : "0"));
+ 	vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
+ 	vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
+ 	vf.WriteLine("PREFIX=" + buildPrefix);
+@@ -240,6 +243,8 @@ function configureXslt()
+ 			of.WriteLine(s.replace(/\@WITH_DEBUGGER\@/, withDebugger? "1" : "0"));
+ 		} else if (s.search(/\@WITH_MODULES\@/) != -1) {
+ 			of.WriteLine(s.replace(/\@WITH_MODULES\@/, withModules? "1" : "0"));
++		} else if (s.search(/\@WITH_PROFILER\@/) != -1) {
++			of.WriteLine(s.replace(/\@WITH_PROFILER\@/, withProfiler? "1" : "0"));
+ 		} else if (s.search(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/) != -1) {
+ 			of.WriteLine(s.replace(/\@LIBXSLT_DEFAULT_PLUGINS_PATH\@/, "NULL"));
+ 		} else
+@@ -343,6 +348,8 @@ for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) {
+ 			withCrypto = strToBool(arg.substring(opt.length + 1, arg.length));
+ 		else if (opt == "modules")
+ 			withModules = strToBool(arg.substring(opt.length + 1, arg.length));
++		else if (opt == "profiler")
++			withProfiler = strToBool(arg.substring(opt.length + 1, arg.length));
+ 		else if (opt == "compiler")
+ 			compiler = arg.substring(opt.length + 1, arg.length);
+  		else if (opt == "cruntime")
+@@ -477,6 +484,7 @@ txtOut += "         Use iconv: " + boolToStr(withIconv) + "\n";
+ txtOut += "         With zlib: " + boolToStr(withZlib) + "\n";
+ txtOut += "            Crypto: " + boolToStr(withCrypto) + "\n";
+ txtOut += "           Modules: " + boolToStr(withModules) + "\n";
++txtOut += "          Profiler: " + boolToStr(withProfiler) + "\n";
+ txtOut += "\n";
+ txtOut += "Win32 build configuration\n";
+ txtOut += "-------------------------\n";
diff --git a/external/libxslt/libxslt-config.patch.1 b/external/libxslt/libxslt-config.patch.1
index 5f9d107bd1e7..e4ce5d9e27cf 100644
--- a/external/libxslt/libxslt-config.patch.1
+++ b/external/libxslt/libxslt-config.patch.1
@@ -23,13 +23,13 @@ Hack the xslt-config to return paths into WORKDIR.
  
  usage()
  {
-@@ -89,7 +95,8 @@
-     shift
- done
+@@ -92,7 +98,8 @@
+             libs="@XSLT_LIBDIR@ $libs"
+         fi
  
--the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+#the_libs="@XSLT_LIBDIR@ @XSLT_LIBS@ @EXTRA_LIBS@"
-+the_libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
- if test "$includedir" != "/usr/include"; then
-     the_flags="$the_flags -I$includedir `@XML_CONFIG@ --cflags`"
- else
+-        libs="$libs @EXTRA_LIBS@"
++        #libs="$libs @EXTRA_LIBS@"
++        libs="-L${libdir}/libxslt/.libs -L${libdir}/libexslt/.libs -lxslt -lm"
+        	;;
+ 
+     *)
diff --git a/external/libxslt/libxslt-internal-symbols.patch.1 b/external/libxslt/libxslt-internal-symbols.patch.1
index 7b13e1007c00..84a15154d729 100644
--- a/external/libxslt/libxslt-internal-symbols.patch.1
+++ b/external/libxslt/libxslt-internal-symbols.patch.1
@@ -1,13 +1,13 @@
 --- xslt/libxslt/libxslt.syms.orig	2017-09-05 16:25:50.504966267 +0200
 +++ xslt/libxslt/libxslt.syms	2017-09-05 16:41:00.256895709 +0200
 @@ -497,5 +497,10 @@
- # xsltInternals
-   xsltFlagRVTs;
-   xsltDecimalFormatGetByQName;
+ 
+ # pattern
+   xsltCompMatchClearCache;
 +
 +# Solaris ld needs explicit auto-reduction (or, alternatively, "-B local")
 +    local:
 +  *;
 +
- } LIBXML2_1.1.27;
+ } LIBXML2_1.1.30;