Update libxmlsec to 1.2.35

- backport 2 patches to fix the build

- replace calls to the now deprecated xmlSecBase64Decode()

Change-Id: Ib3254002fff5e49bb6dd4eb1bf62e7d2ee7be83e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141865
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Tested-by: Jenkins

8 files changed, 75 insertions, 10 deletions

diff --git a/download.lst b/download.lst
index 146b58391232..b3d439d3cbd1 100644
--- a/download.lst
+++ b/download.lst
@@ -158,8 +158,8 @@ export LIBTOMMATH_SHA256SUM := 083daa92d8ee6f4af96a6143b12d7fc8fe1a547e14f862304
 export LIBTOMMATH_TARBALL := ltm-1.0.zip
 export LIBWEBP_SHA256SUM := 7bf5a8a28cc69bcfa8cb214f2c3095703c6b73ac5fba4d5480c205331d9494df
 export LIBWEBP_TARBALL := libwebp-1.2.4.tar.gz
-export XMLSEC_SHA256SUM := 52ced4943f35bd7d0818a38298c1528ca4ac8a54440fd71134a07d2d1370a262
-export XMLSEC_TARBALL := xmlsec1-1.2.34.tar.gz
+export XMLSEC_SHA256SUM := a39f86f6fe8e8cdc998b9a911ef1fae03f57a9ef99c2b704cd492007a52ac223
+export XMLSEC_TARBALL := xmlsec1-1.2.35.tar.gz
 export LIBXML_SHA256SUM := 5d2cc3d78bec3dbe212a9d7fa629ada25a7da928af432c93060ff5c17ee28a9c
 export LIBXML_VERSION_MICRO := 3
 export LIBXML_TARBALL := libxml2-2.10.$(LIBXML_VERSION_MICRO).tar.xz
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 3ad978cdb829..7b4f082bf931 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -8,6 +8,8 @@
 #
 
 xmlsec_patches :=
+xmlsec_patches += remove-unnecessary-macro-417.patch.1
+xmlsec_patches += fix-size_max-412.patch.1
 
 $(eval $(call gb_UnpackedTarball_UnpackedTarball,xmlsec))
 
diff --git a/external/xmlsec/fix-size_max-412.patch.1 b/external/xmlsec/fix-size_max-412.patch.1
new file mode 100644
index 000000000000..5b4e2b69d960
--- /dev/null
+++ b/external/xmlsec/fix-size_max-412.patch.1
@@ -0,0 +1,31 @@
+From 3445fbfe1aceb88a255b90ee1c06df2d05c188b0 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Mon, 24 Oct 2022 17:38:59 -0700
+Subject: [PATCH] fix size_max (#412)
+
+---
+ src/cast_helpers.h | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/cast_helpers.h b/src/cast_helpers.h
+index 67330822..2b670ad1 100644
+--- a/src/cast_helpers.h
++++ b/src/cast_helpers.h
+@@ -17,13 +17,9 @@
+ #endif /* XMLSEC_PRIVATE */
+ 
+ #include <limits.h>
++#include <stdint.h>
+ #include "errors_helpers.h"
+ 
+-/* if it is missing */
+-#ifndef SIZE_MAX
+-#define SIZE_MAX (~(size_t)0)
+-#endif /* SIZE_MAX */
+-
+ /**
+  * Helpers for printing out enum values (mostly debugging).
+  */
+-- 
+2.38.0.rc2
+
diff --git a/external/xmlsec/remove-unnecessary-macro-417.patch.1 b/external/xmlsec/remove-unnecessary-macro-417.patch.1
new file mode 100644
index 000000000000..18cd5252b68e
--- /dev/null
+++ b/external/xmlsec/remove-unnecessary-macro-417.patch.1
@@ -0,0 +1,24 @@
+From 3da1d53fce229d8a72d41b68aacbc115574012e0 Mon Sep 17 00:00:00 2001
+From: lsh123 <aleksey@aleksey.com>
+Date: Tue, 25 Oct 2022 05:47:51 -0700
+Subject: [PATCH] remove unnecessary macro (#417)
+
+---
+ configure.ac | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 67c8e50b..bb5d3e4b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -65,7 +65,6 @@ AM_CONDITIONAL(HAS_XSLTPROC, [test x"$XSLTPROC" != x])
+ 
+ dnl Checks for header files.
+ AC_HEADER_DIRENT
+-AC_CHECK_INCLUDES_DEFAULT
+ 
+ 
+ dnl ==========================================================================
+-- 
+2.38.0.rc2
+
diff --git a/xmlsecurity/source/gpg/SecurityEnvironment.cxx b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
index da2310765315..dcddca194762 100644
--- a/xmlsecurity/source/gpg/SecurityEnvironment.cxx
+++ b/xmlsecurity/source/gpg/SecurityEnvironment.cxx
@@ -162,7 +162,9 @@ Reference< XCertificate > SecurityEnvironmentGpg::getCertificate( const OUString
     //xmlChar* pSignatureValue=xmlNodeGetContent(cur);
     OString ostr = OUStringToOString( keyId , RTL_TEXTENCODING_UTF8 );
     const xmlChar* strKeyId = reinterpret_cast<const xmlChar*>(ostr.getStr());
-    if(xmlSecBase64Decode(strKeyId, const_cast<xmlSecByte*>(strKeyId), xmlStrlen(strKeyId)) < 0)
+    xmlSecSize nWritten;
+    int nRet = xmlSecBase64Decode_ex(strKeyId, const_cast<xmlSecByte*>(strKeyId), xmlStrlen(strKeyId), &nWritten);
+    if(nRet < 0)
         throw RuntimeException("Base64 decode failed");
 
     m_ctx->setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
diff --git a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
index 3b4e138aebee..dd7a4a14873f 100644
--- a/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
+++ b/xmlsecurity/source/gpg/xmlsignature_gpgimpl.cxx
@@ -190,7 +190,9 @@ SAL_CALL XMLSignature_GpgImpl::generate(
     rCtx.setKeyListMode(GPGME_KEYLIST_MODE_LOCAL);
     GpgME::Error err;
     xmlChar* pKey=xmlNodeGetContent(cur);
-    if(xmlSecBase64Decode(pKey, reinterpret_cast<xmlSecByte*>(pKey), xmlStrlen(pKey)) < 0)
+    xmlSecSize nWritten;
+    int nRet = xmlSecBase64Decode_ex(pKey, reinterpret_cast<xmlSecByte*>(pKey), xmlStrlen(pKey), &nWritten);
+    if(nRet < 0)
         throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
     if( rCtx.addSigningKey(
             rCtx.key(
@@ -358,8 +360,9 @@ SAL_CALL XMLSignature_GpgImpl::validate(
         if(!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))
             throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
         xmlChar* pSignatureValue=xmlNodeGetContent(cur);
-        int nSigSize = xmlSecBase64Decode(pSignatureValue, reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue));
-        if( nSigSize < 0)
+        xmlSecSize nSigSize;
+        int nRet = xmlSecBase64Decode_ex(pSignatureValue, reinterpret_cast<xmlSecByte*>(pSignatureValue), xmlStrlen(pSignatureValue), &nSigSize);
+        if( nRet < 0)
             throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
 
         GpgME::Data data_signature(
@@ -410,8 +413,9 @@ SAL_CALL XMLSignature_GpgImpl::validate(
 
             // got a key packet, import & re-validate
             xmlChar* pKeyPacket=xmlNodeGetContent(cur);
-            int nKeyLen = xmlSecBase64Decode(pKeyPacket, reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket));
-            if( nKeyLen < 0)
+            xmlSecSize nKeyLen;
+            nRet = xmlSecBase64Decode_ex(pKeyPacket, reinterpret_cast<xmlSecByte*>(pKeyPacket), xmlStrlen(pKeyPacket), &nKeyLen);
+            if( nRet < 0)
                 throw RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
 
             GpgME::Data data_key(
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index f198f839f76b..80ddff58c624 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -706,7 +706,8 @@ uno::Reference< XCertificate > SecurityEnvironment_MSCryptImpl::createCertificat
 
     xmlChar* chCert = xmlStrndup( reinterpret_cast<const xmlChar*>(oscert.getStr()), static_cast<int>(oscert.getLength()) ) ;
 
-    xmlSecSize certSize = xmlSecBase64Decode( chCert, chCert, xmlStrlen( chCert ) ) ;
+    xmlSecSize certSize;
+    xmlSecBase64Decode_ex( chCert, chCert, xmlStrlen( chCert ), &certSize ) ;
 
     uno::Sequence< sal_Int8 > rawCert( certSize ) ;
     auto rawCertRange = asNonConstRange(rawCert);
diff --git a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
index f6c35257f80f..97f2ce3b4ea7 100644
--- a/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
+++ b/xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx
@@ -474,7 +474,8 @@ Reference< XCertificate > SecurityEnvironment_NssImpl::createCertificateFromAsci
 {
     OString oscert = OUStringToOString( asciiCertificate , RTL_TEXTENCODING_ASCII_US ) ;
     xmlChar* chCert = xmlStrndup( reinterpret_cast<const xmlChar*>(oscert.getStr()), static_cast<int>(oscert.getLength()) ) ;
-    int certSize = xmlSecBase64Decode( chCert, reinterpret_cast<xmlSecByte*>(chCert), xmlStrlen( chCert ) ) ;
+    xmlSecSize certSize;
+    xmlSecBase64Decode_ex( chCert, reinterpret_cast<xmlSecByte*>(chCert), xmlStrlen( chCert ), &certSize ) ;
     if (certSize == 0)
         return nullptr;