configure.ac
| 2
download.lst
| 4
external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
| 59 ----------
external/python3/i100492-freebsd.patch.1
| 6 -
external/python3/internal-zlib.patch.0
| 6 -
external/python3/macos-11.patch.0
| 6 -
external/python3/python-3.3.0-darwin.patch.1
| 4
external/python3/python-3.3.3-disable-obmalloc.patch.0
| 4
external/python3/python-3.3.3-elf-rpath.patch.1
| 4
external/python3/python-3.5.4-msvc-disable.patch.1
| 6 -
external/python3/python-3.5.tweak.strip.soabi.patch
| 2
external/python3/python-3.7.6-msvc-ssl.patch.1
| 2
external/python3/ubsan.patch.0
| 4
13 files changed, 25 insertions(+), 84 deletions(-)
New commits:
commit ea5843b67f1c2006aa1f68f2d00a991e1d463262
Author: Taichi Haradaguchi <[email protected]>
AuthorDate: Mon Oct 24 00:52:04 2022 +0900
Commit: Caolán McNamara <[email protected]>
CommitDate: Mon Oct 24 21:01:48 2022 +0200
Python3: update to 3.8.15
* Fixes CVE-2022-40674
* Removed 0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
as fixed upstream
Change-Id: I8e71f9a6b013ca4c45bf8774b284be98eee71bab
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141691
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
diff --git a/configure.ac b/configure.ac
index a40c08e16b29..064e0683637d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10026,7 +10026,7 @@ if test \( "$cross_compiling" = yes -a -z
"$PYTHON_FOR_BUILD" \) -o "$enable_pyt
SYSTEM_PYTHON=
PYTHON_VERSION_MAJOR=3
PYTHON_VERSION_MINOR=8
- PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.14
+ PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.15
if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in
download.lst])
fi
diff --git a/download.lst b/download.lst
index 8cda34cd6d51..07dbd60d2143 100644
--- a/download.lst
+++ b/download.lst
@@ -214,8 +214,8 @@ export POPPLER_DATA_SHA256SUM :=
2cec05cd1bb03af98a8b06a1e22f6e6e1a65b1e2f3816cb
export POPPLER_DATA_TARBALL := poppler-data-0.4.11.tar.gz
export POSTGRESQL_SHA256SUM :=
73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded
export POSTGRESQL_TARBALL := postgresql-13.8.tar.bz2
-export PYTHON_SHA256SUM :=
5d77e278271ba803e9909a41a4f3baca006181c93ada682a5e5fe8dc4a24c5f3
-export PYTHON_TARBALL := Python-3.8.14.tar.xz
+export PYTHON_SHA256SUM :=
5114fc7918a2a5e20eb5aac696b30c36f412c6ef24b13f5c9eb9e056982d9550
+export PYTHON_TARBALL := Python-3.8.15.tar.xz
export QXP_SHA256SUM :=
e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
export QXP_TARBALL := libqxp-0.0.2.tar.xz
export RAPTOR_SHA256SUM :=
ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
diff --git
a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
deleted file mode 100644
index 489e5d0e89ee..000000000000
---
a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
+++ /dev/null
@@ -1,59 +0,0 @@
-From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <[email protected]>
-Date: Mon, 24 Sep 2018 14:38:31 +0200
-Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser
- (GH-9217) (GH-9512)
-
-The SAX parser no longer processes general external entities by default
-to increase security. Before, the parser created network connections
-to fetch remote files or loaded local files from the file system for DTD
-and entities.
-
-Signed-off-by: Christian Heimes <[email protected]>
-
-https://bugs.python.org/issue17239.
-(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
-
-Co-authored-by: Christian Heimes <[email protected]>
-
-
-
-https://bugs.python.org/issue17239
----
- Doc/library/xml.dom.pulldom.rst | 14 +++++
- Doc/library/xml.rst | 6 +-
- Doc/library/xml.sax.rst | 8 +++
- Doc/whatsnew/3.6.rst | 18 +++++-
- Lib/test/test_pulldom.py | 7 +++
- Lib/test/test_sax.py | 60 ++++++++++++++++++-
- Lib/test/test_xml_etree.py | 13 ++++
- Lib/xml/sax/expatreader.py | 2 +-
- .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst | 3 +
- 9 files changed, 125 insertions(+), 6 deletions(-)
- create mode 100644
Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-
-diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
-index 421358fa5b..5066ffc2fa 100644
---- a/Lib/xml/sax/expatreader.py
-+++ b/Lib/xml/sax/expatreader.py
-@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser,
xmlreader.Locator):
- self._lex_handler_prop = None
- self._parsing = 0
- self._entity_stack = []
-- self._external_ges = 1
-+ self._external_ges = 0
- self._interning = None
-
- # XMLReader methods
-diff --git
a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-new file mode 100644
-index 0000000000..8dd0fe8c1b
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-@@ -0,0 +1,3 @@
-+The xml.sax and xml.dom.minidom parsers no longer processes external
-+entities by default. External DTD and ENTITY declarations no longer
-+load files or create network connections.
---
-2.20.1
-
diff --git a/external/python3/i100492-freebsd.patch.1
b/external/python3/i100492-freebsd.patch.1
index 074e5fc489f8..b2ca1ee7117f 100644
--- a/external/python3/i100492-freebsd.patch.1
+++ b/external/python3/i100492-freebsd.patch.1
@@ -2,7 +2,7 @@ FreeBSD porting fixes, patch by [email protected]
--- Python-3.3.0/Python/thread_pthread.h 2012-11-28 09:00:41.097955124
+0000
+++ Python-3.3.0/Python/thread_pthread.h 2012-11-28 09:01:13.018329351
+0000
-@@ -186,6 +189,9 @@
+@@ -238,6 +238,9 @@
{
pthread_t th;
int status;
@@ -12,7 +12,7 @@ FreeBSD porting fixes, patch by [email protected]
#if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED)
pthread_attr_t attrs;
#endif
-@@ -214,6 +220,10 @@
+@@ -277,6 +280,10 @@
callback->func = func;
callback->arg = arg;
@@ -23,7 +23,7 @@ FreeBSD porting fixes, patch by [email protected]
status = pthread_create(&th,
#if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED)
&attrs,
-@@ -225,6 +234,9 @@
+@@ -285,6 +292,9 @@
#endif
pythread_wrapper, callback);
diff --git a/external/python3/internal-zlib.patch.0
b/external/python3/internal-zlib.patch.0
index de68d9e7dec8..27bb737db0c7 100644
--- a/external/python3/internal-zlib.patch.0
+++ b/external/python3/internal-zlib.patch.0
@@ -19,7 +19,7 @@
--- setup.py
+++ setup.py
-@@ -1362,7 +1362,7 @@
+@@ -1483,7 +1483,7 @@
#
# You can upgrade zlib to version 1.1.4 yourself by going to
# http://www.gzip.org/zlib/
@@ -28,7 +28,7 @@
have_zlib = False
if zlib_inc is not None:
zlib_h = zlib_inc[0] + '/zlib.h'
-@@ -1379,13 +1379,13 @@
+@@ -1500,13 +1500,13 @@
version = line.split()[2]
break
if version >= version_req:
@@ -44,7 +44,7 @@
extra_link_args=zlib_extra_link_args))
have_zlib = True
else:
-@@ -1399,7 +1399,7 @@
+@@ -1520,7 +1520,7 @@
# crc32 if we have it. Otherwise binascii uses its own.
if have_zlib:
extra_compile_args = ['-DUSE_ZLIB_CRC32']
diff --git a/external/python3/macos-11.patch.0
b/external/python3/macos-11.patch.0
index e2f13ac4c426..2c8b419bbdb9 100644
--- a/external/python3/macos-11.patch.0
+++ b/external/python3/macos-11.patch.0
@@ -1,6 +1,6 @@
--- setup.py
+++ setup.py
-@@ -670,7 +670,10 @@
+@@ -655,7 +655,10 @@
add_dir_to_list(self.compiler.include_dirs,
sysconfig.get_config_var("INCLUDEDIR"))
@@ -14,7 +14,7 @@
# if a file is found in one of those directories, it can
--- Modules/_posixsubprocess.c
+++ Modules/_posixsubprocess.c
-@@ -31,6 +31,8 @@
+@@ -30,6 +30,8 @@
# define SYS_getdents64 __NR_getdents64
#endif
@@ -23,7 +23,7 @@
#if defined(__sun) && defined(__SVR4)
/* readdir64 is used to work around Solaris 9 bug 6395699. */
# define readdir readdir64
-@@ -202,7 +202,7 @@
+@@ -201,7 +203,7 @@
#endif
#ifdef _SC_OPEN_MAX
local_max_fd = sysconf(_SC_OPEN_MAX);
diff --git a/external/python3/python-3.3.0-darwin.patch.1
b/external/python3/python-3.3.0-darwin.patch.1
index 27a355e2ad21..39d3c9180a19 100644
--- a/external/python3/python-3.3.0-darwin.patch.1
+++ b/external/python3/python-3.3.0-darwin.patch.1
@@ -5,7 +5,7 @@ LO needs to build both against MacOSX SDK and not produce
universal binaries.
diff -ru python3.orig/configure python3/configure
--- python3.orig/configure 2015-07-26 17:36:11.808497783 +0200
+++ python3/configure 2015-07-26 17:38:49.016508337 +0200
-@@ -6794,7 +6794,20 @@
+@@ -7385,7 +7385,20 @@
then
case "$UNIVERSAL_ARCHS" in
32-bit)
@@ -30,7 +30,7 @@ diff -ru python3.orig/configure python3/configure
diff -ru python3.orig/Mac/Makefile.in python3/Mac/Makefile.in
--- python3.orig/Mac/Makefile.in 2015-07-05 18:50:07.000000000 +0200
+++ python3/Mac/Makefile.in 2015-07-26 17:40:14.860514100 +0200
-@@ -43,7 +43,7 @@
+@@ -44,7 +44,7 @@
INSTALL_SCRIPT= @INSTALL_SCRIPT@
INSTALL_DATA=@INSTALL_DATA@
LN=@LN@
diff --git a/external/python3/python-3.3.3-disable-obmalloc.patch.0
b/external/python3/python-3.3.3-disable-obmalloc.patch.0
index 0963a5f1bb1d..c4a1dea61ecf 100644
--- a/external/python3/python-3.3.3-disable-obmalloc.patch.0
+++ b/external/python3/python-3.3.3-disable-obmalloc.patch.0
@@ -1,6 +1,6 @@
--- Objects/obmalloc.c
+++ Objects/obmalloc.c
-@@ -413,8 +413,8 @@
+@@ -712,8 +712,8 @@
#ifdef WITH_PYMALLOC
@@ -10,7 +10,7 @@
/* If we're using GCC, use __builtin_expect() to reduce overhead of
the valgrind checks */
-@@ -1181,7 +1181,7 @@
+@@ -1430,7 +1430,7 @@
#ifdef WITH_VALGRIND
if (UNLIKELY(running_on_valgrind == -1)) {
diff --git a/external/python3/python-3.3.3-elf-rpath.patch.1
b/external/python3/python-3.3.3-elf-rpath.patch.1
index 55546afd9844..a408858f5917 100644
--- a/external/python3/python-3.3.3-elf-rpath.patch.1
+++ b/external/python3/python-3.3.3-elf-rpath.patch.1
@@ -5,7 +5,7 @@ set RPATH (only to be used on ELF platforms)
diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in
--- python3.orig/Makefile.pre.in 2015-07-26 20:29:07.126194320 +0200
+++ python3/Makefile.pre.in 2015-07-26 20:37:21.814227530 +0200
-@@ -563,7 +563,7 @@
+@@ -566,7 +566,7 @@
# Build the interpreter
$(BUILDPYTHON): Programs/python.o $(LIBRARY) $(LDLIBRARY) $(PY3LIBRARY)
@@ -14,7 +14,7 @@ diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in
platform: $(BUILDPYTHON) pybuilddir.txt
$(RUNSHARED) $(PYTHON_FOR_BUILD) -c 'import sys ; from sysconfig import
get_platform ; print("%s-%d.%d" % (get_platform(), *sys.version_info[:2]))'
>platform
-@@ -625,7 +625,7 @@
+@@ -628,7 +628,7 @@
fi
libpython3.so: libpython$(LDVERSION).so
diff --git a/external/python3/python-3.5.4-msvc-disable.patch.1
b/external/python3/python-3.5.4-msvc-disable.patch.1
index 52c007d7d5b6..d5b4e3f6264b 100644
--- a/external/python3/python-3.5.4-msvc-disable.patch.1
+++ b/external/python3/python-3.5.4-msvc-disable.patch.1
@@ -3,7 +3,7 @@ Disable some stuff LO does not need, especially stuff with
external dependencies
diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
--- python3.orig/PCbuild/pcbuild.sln 2017-08-10 00:04:44.359879894 +0200
+++ python3/PCbuild/pcbuild.sln 2017-08-10 00:13:51.179873748 +0200
-@@ -12,8 +12,6 @@
+@@ -15,8 +15,6 @@
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pythoncore",
"pythoncore.vcxproj", "{CF7AC3D1-E2DF-41D2-BEA6-1E2556CDEA26}"
EndProject
@@ -12,7 +12,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln
python3/PCbuild/pcbuild.sln
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winsound",
"winsound.vcxproj", "{28B5D777-DDF2-4B6B-B34F-31D938813856}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_decimal",
"_decimal.vcxproj", "{0E9791DB-593A-465F-98BC-681011311617}"
-@@ -28,34 +26,20 @@
+@@ -31,34 +29,20 @@
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_socket",
"_socket.vcxproj", "{86937F53-C189-40EF-8CE8-8759D8E7D480}"
EndProject
@@ -47,7 +47,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln
python3/PCbuild/pcbuild.sln
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_multiprocessing",
"_multiprocessing.vcxproj", "{9E48B300-37D1-11DD-8C41-005056C00008}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "python3dll",
"python3dll.vcxproj", "{885D4898-D08D-4091-9C40-C700CFE3FC5A}"
-@@ -75,8 +75,6 @@
+@@ -93,8 +77,6 @@
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_queue",
"_queue.vcxproj", "{78D80A15-BD8C-44E2-B49E-1F05B0A0A687}"
EndProject
diff --git a/external/python3/python-3.5.tweak.strip.soabi.patch
b/external/python3/python-3.5.tweak.strip.soabi.patch
index 48ac7f82f8be..4c2bb2bb9a29 100644
--- a/external/python3/python-3.5.tweak.strip.soabi.patch
+++ b/external/python3/python-3.5.tweak.strip.soabi.patch
@@ -1,7 +1,7 @@
diff -ru python3.orig/configure python3/configure
--- misc/python3.orig/configure 2015-07-26 21:14:31.127377193 +0200
+++ misc/python3/configure 2015-07-26 21:21:34.975405648 +0200
-@@ -14388,7 +14388,7 @@
+@@ -15229,7 +15229,7 @@
$as_echo "$ABIFLAGS" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking SOABI" >&5
$as_echo_n "checking SOABI... " >&6; }
diff --git a/external/python3/python-3.7.6-msvc-ssl.patch.1
b/external/python3/python-3.7.6-msvc-ssl.patch.1
index 610035d734c1..50b1c65645df 100644
--- a/external/python3/python-3.7.6-msvc-ssl.patch.1
+++ b/external/python3/python-3.7.6-msvc-ssl.patch.1
@@ -2,7 +2,7 @@ No use for applink.c OPENSSL_Applink, everything is compiled
with the same MSVC
--- python3/PCbuild/_ssl.vcxproj.orig2 2019-12-23 15:54:19.254298900 +0100
+++ python3/PCbuild/_ssl.vcxproj 2019-12-23 15:54:24.693251200 +0100
-@@ -67,9 +67,6 @@
+@@ -99,9 +99,6 @@
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="..\Modules\_ssl.c" />
diff --git a/external/python3/ubsan.patch.0 b/external/python3/ubsan.patch.0
index 9f458b1e0f95..d44fbe055c86 100644
--- a/external/python3/ubsan.patch.0
+++ b/external/python3/ubsan.patch.0
@@ -20,7 +20,7 @@
This is clc or stc, together with the first byte of the jmp. */
--- Modules/posixmodule.c
+++ Modules/posixmodule.c
-@@ -23,6 +23,9 @@
+@@ -13998,6 +13998,9 @@
};
static int
@@ -32,7 +32,7 @@
#ifdef F_OK
--- Objects/listobject.c
+++ Objects/listobject.c
-@@ -548,7 +548,7 @@
+@@ -554,7 +554,7 @@
dest[i] = v;
}
src = b->ob_item;
