diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2019-04-03 11:03:17 +0200 |
|---|---|---|
| committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2019-04-04 01:26:49 +0200 |
| commit | a072b91c03f7e24cc5fe99e4b7462d37ef8d703b (patch) | |
| tree | 06a8d9060ad51d346707042322048693e5d277e2 | |
| parent | 39de7d73fdab86a1531f19076ab1d07fcff97b55 (diff) | |
python3: upgrade to release 3.5.7
Fixes CVE-2019-9636 CVE-2019-5010 CVE-2018-14647
Change-Id: If0a115960aed1ee90b63e6716c844669f0ec91e5
Reviewed-on: https://gerrit.libreoffice.org/70182
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
(cherry picked from commit 3c7354a85a9bd47a2676aadaad2f6622fe2d959c)
Reviewed-on: https://gerrit.libreoffice.org/70194
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/python3/UnpackedTarball_python3.mk | 1 | ||||
| -rw-r--r-- | external/python3/python-3.5.7-c99.patch.1 | 62 |
4 files changed, 66 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index f895e3ba1177..1f4b41603e93 100644 --- a/configure.ac +++ b/configure.ac @@ -8289,7 +8289,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=5 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.6 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index d1c494eddecf..4149c8fea800 100644 --- a/download.lst +++ b/download.lst @@ -210,8 +210,8 @@ export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82 export POPPLER_TARBALL := poppler-0.74.0.tar.xz export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461 export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2 -export PYTHON_SHA256SUM := f55cde04f521f273c7cba08912921cc5642cfc15ca7b22d5829f0aff4371155f -export PYTHON_TARBALL := Python-3.5.6.tar.xz +export PYTHON_SHA256SUM := 285892899bf4d5737fd08482aa6171c6b2564a45b9102dfacfb72826aebdc7dc +export PYTHON_TARBALL := Python-3.5.7.tar.xz export QXP_SHA256SUM := 8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73 export QXP_TARBALL := libqxp-0.0.1.tar.xz export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index ec1bdabe4fdd..66a82955e440 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -27,6 +27,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/ubsan.patch.0 \ external/python3/python-3.5.tweak.strip.soabi.patch \ external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 \ + external/python3/python-3.5.7-c99.patch.1 \ )) ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),) diff --git a/external/python3/python-3.5.7-c99.patch.1 b/external/python3/python-3.5.7-c99.patch.1 new file mode 100644 index 000000000000..558166d9953f --- /dev/null +++ b/external/python3/python-3.5.7-c99.patch.1 @@ -0,0 +1,62 @@ +remove C99 which isn't suppored by all compilers yet + +--- python3/Modules/_pickle.c.orig 2019-04-03 16:34:01.380124314 +0200 ++++ python3/Modules/_pickle.c 2019-04-03 16:35:18.579005171 +0200 +@@ -674,9 +674,12 @@ + PyErr_NoMemory(); + return NULL; + } +- for (size_t i = 0; i < self->mt_allocated; i++) { ++ { ++ size_t i; ++ for (i = 0; i < self->mt_allocated; i++) { + Py_XINCREF(self->mt_table[i].me_key); + } ++ } + memcpy(new->mt_table, self->mt_table, + sizeof(PyMemoEntry) * self->mt_allocated); + +@@ -4204,7 +4207,9 @@ + return NULL; + + memo = self->pickler->memo; +- for (size_t i = 0; i < memo->mt_allocated; ++i) { ++ { ++ size_t i; ++ for (i = 0; i < memo->mt_allocated; ++i) { + PyMemoEntry entry = memo->mt_table[i]; + if (entry.me_key != NULL) { + int status; +@@ -4225,6 +4230,7 @@ + goto error; + } + } ++ } + return new_memo; + + error: +@@ -6791,10 +6797,13 @@ + if (new_memo == NULL) + return -1; + +- for (size_t i = 0; i < new_memo_size; i++) { ++ { ++ size_t i; ++ for (i = 0; i < new_memo_size; i++) { + Py_XINCREF(unpickler->memo[i]); + new_memo[i] = unpickler->memo[i]; + } ++ } + } + else if (PyDict_Check(obj)) { + Py_ssize_t i = 0; +@@ -6839,7 +6848,8 @@ + + error: + if (new_memo_size) { +- for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) { ++ size_t i; ++ for (i = new_memo_size - 1; i != SIZE_MAX; i--) { + Py_XDECREF(new_memo[i]); + } + PyMem_FREE(new_memo); |