diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2019-11-18 18:45:46 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2021-10-11 16:27:06 +0200 |
| commit | d539915738a2a5ab30c3060abc748cfca2107b07 (patch) | |
| tree | 557c3825d29149041b289b2d3fab9c0a25f19ffd | |
| parent | 872f34ee115349a1866dc72f61d5f90311b90439 (diff) | |
python3: upgrade to release 3.5.9
Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056
and expat CVE-2019-15903.
python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a
mystery why --with-system-expat is used everywhere but on MacOSX,
where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no
obvious reason, so try to remove the special case and get rid of the
patch.
Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96
Reviewed-on: https://gerrit.libreoffice.org/83117
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076)
Reviewed-on: https://gerrit.libreoffice.org/83189
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 | 175 | ||||
| -rw-r--r-- | external/python3/ExternalProject_python3.mk | 11 | ||||
| -rw-r--r-- | external/python3/UnpackedTarball_python3.mk | 4 | ||||
| -rw-r--r-- | external/python3/darwin.patch.0 | 10 | ||||
| -rw-r--r-- | external/python3/python-3.3.5-pyexpat-symbols.patch.1 | 28 | ||||
| -rw-r--r-- | external/python3/python-3.5.7-c99.patch.1 | 62 |
8 files changed, 19 insertions, 277 deletions
diff --git a/configure.ac b/configure.ac index a60bef2d6124..fd2fda691e95 100644 --- a/configure.ac +++ b/configure.ac @@ -8449,7 +8449,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=5 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.9 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index 3840aa7ffdca..48f0e39f77c7 100644 --- a/download.lst +++ b/download.lst @@ -210,8 +210,8 @@ export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f export POPPLER_TARBALL := poppler-21.01.0.tar.xz export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2 -export PYTHON_SHA256SUM := 285892899bf4d5737fd08482aa6171c6b2564a45b9102dfacfb72826aebdc7dc -export PYTHON_TARBALL := Python-3.5.7.tar.xz +export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 +export PYTHON_TARBALL := Python-3.5.9.tar.xz export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c export QXP_TARBALL := libqxp-0.0.2.tar.xz export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed diff --git a/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 b/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 deleted file mode 100644 index fdcc5cb65267..000000000000 --- a/external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 +++ /dev/null @@ -1,175 +0,0 @@ -From 34df10a9a16b38d54421eeeaf73ec89828563be7 Mon Sep 17 00:00:00 2001 -From: Benjamin Peterson <benjamin@python.org> -Date: Mon, 18 Jan 2021 15:11:46 -0600 -Subject: [PATCH] [3.6] closes bpo-42938: Replace snprintf with Python unicode - formatting in ctypes param reprs. (GH-24250) - -(cherry picked from commit 916610ef90a0d0761f08747f7b0905541f0977c7) - -Co-authored-by: Benjamin Peterson <benjamin@python.org> ---- - Lib/ctypes/test/test_parameters.py | 43 +++++++++++++++ - .../2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst | 2 + - Modules/_ctypes/callproc.c | 55 +++++++------------ - 3 files changed, 66 insertions(+), 34 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst - -diff --git a/Lib/ctypes/test/test_parameters.py b/Lib/ctypes/test/test_parameters.py -index e4c25fd880..531894fdec 100644 ---- a/Lib/ctypes/test/test_parameters.py -+++ b/Lib/ctypes/test/test_parameters.py -@@ -201,6 +201,49 @@ def __dict__(self): - self.assertRaises(ArgumentError, func, 99) - - -+ def test_parameter_repr(self): -+ from ctypes import ( -+ c_bool, -+ c_char, -+ c_wchar, -+ c_byte, -+ c_ubyte, -+ c_short, -+ c_ushort, -+ c_int, -+ c_uint, -+ c_long, -+ c_ulong, -+ c_longlong, -+ c_ulonglong, -+ c_float, -+ c_double, -+ c_longdouble, -+ c_char_p, -+ c_wchar_p, -+ c_void_p, -+ ) -+ self.assertRegex(repr(c_bool.from_param(True)), r"^<cparam '\?' at 0x[A-Fa-f0-9]+>$") -+ self.assertEqual(repr(c_char.from_param(97)), "<cparam 'c' ('a')>") -+ self.assertRegex(repr(c_wchar.from_param('a')), r"^<cparam 'u' at 0x[A-Fa-f0-9]+>$") -+ self.assertEqual(repr(c_byte.from_param(98)), "<cparam 'b' (98)>") -+ self.assertEqual(repr(c_ubyte.from_param(98)), "<cparam 'B' (98)>") -+ self.assertEqual(repr(c_short.from_param(511)), "<cparam 'h' (511)>") -+ self.assertEqual(repr(c_ushort.from_param(511)), "<cparam 'H' (511)>") -+ self.assertRegex(repr(c_int.from_param(20000)), r"^<cparam '[li]' \(20000\)>$") -+ self.assertRegex(repr(c_uint.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$") -+ self.assertRegex(repr(c_long.from_param(20000)), r"^<cparam '[li]' \(20000\)>$") -+ self.assertRegex(repr(c_ulong.from_param(20000)), r"^<cparam '[LI]' \(20000\)>$") -+ self.assertRegex(repr(c_longlong.from_param(20000)), r"^<cparam '[liq]' \(20000\)>$") -+ self.assertRegex(repr(c_ulonglong.from_param(20000)), r"^<cparam '[LIQ]' \(20000\)>$") -+ self.assertEqual(repr(c_float.from_param(1.5)), "<cparam 'f' (1.5)>") -+ self.assertEqual(repr(c_double.from_param(1.5)), "<cparam 'd' (1.5)>") -+ self.assertEqual(repr(c_double.from_param(1e300)), "<cparam 'd' (1e+300)>") -+ self.assertRegex(repr(c_longdouble.from_param(1.5)), r"^<cparam ('d' \(1.5\)|'g' at 0x[A-Fa-f0-9]+)>$") -+ self.assertRegex(repr(c_char_p.from_param(b'hihi')), "^<cparam 'z' \(0x[A-Fa-f0-9]+\)>$") -+ self.assertRegex(repr(c_wchar_p.from_param('hihi')), "^<cparam 'Z' \(0x[A-Fa-f0-9]+\)>$") -+ self.assertRegex(repr(c_void_p.from_param(0x12)), r"^<cparam 'P' \(0x0*12\)>$") -+ - ################################################################ - - if __name__ == '__main__': -diff --git a/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst -new file mode 100644 -index 0000000000..7df65a156f ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2021-01-18-09-27-31.bpo-42938.4Zn4Mp.rst -@@ -0,0 +1,2 @@ -+Avoid static buffers when computing the repr of :class:`ctypes.c_double` and -+:class:`ctypes.c_longdouble` values. -diff --git a/Modules/_ctypes/callproc.c b/Modules/_ctypes/callproc.c -index 70e416b950..9fcf95f543 100644 ---- a/Modules/_ctypes/callproc.c -+++ b/Modules/_ctypes/callproc.c -@@ -451,54 +451,43 @@ PyCArg_dealloc(PyCArgObject *self) - static PyObject * - PyCArg_repr(PyCArgObject *self) - { -- char buffer[256]; - switch(self->tag) { - case 'b': - case 'B': -- sprintf(buffer, "<cparam '%c' (%d)>", -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>", - self->tag, self->value.b); -- break; - case 'h': - case 'H': -- sprintf(buffer, "<cparam '%c' (%d)>", -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>", - self->tag, self->value.h); -- break; - case 'i': - case 'I': -- sprintf(buffer, "<cparam '%c' (%d)>", -+ return PyUnicode_FromFormat("<cparam '%c' (%d)>", - self->tag, self->value.i); -- break; - case 'l': - case 'L': -- sprintf(buffer, "<cparam '%c' (%ld)>", -+ return PyUnicode_FromFormat("<cparam '%c' (%ld)>", - self->tag, self->value.l); -- break; - - #ifdef HAVE_LONG_LONG - case 'q': - case 'Q': -- sprintf(buffer, --#ifdef MS_WIN32 -- "<cparam '%c' (%I64d)>", --#else -- "<cparam '%c' (%qd)>", --#endif -+ return PyUnicode_FromFormat("<cparam '%c' (%qd)>", - self->tag, self->value.q); -- break; - #endif - case 'd': -- sprintf(buffer, "<cparam '%c' (%f)>", -- self->tag, self->value.d); -- break; -- case 'f': -- sprintf(buffer, "<cparam '%c' (%f)>", -- self->tag, self->value.f); -- break; -- -+ case 'f': { -+ PyObject *f = PyFloat_FromDouble((self->tag == 'f') ? self->value.f : self->value.d); -+ if (f == NULL) { -+ return NULL; -+ } -+ { PyObject *result = PyUnicode_FromFormat("<cparam '%c' (%R)>", self->tag, f); -+ Py_DECREF(f); -+ return result; } -+ } - case 'c': -- sprintf(buffer, "<cparam '%c' (%c)>", -+ return PyUnicode_FromFormat("<cparam '%c' ('%c')>", - self->tag, self->value.c); -- break; - - /* Hm, are these 'z' and 'Z' codes useful at all? - Shouldn't they be replaced by the functionality of c_string -@@ -507,16 +495,14 @@ PyCArg_repr(PyCArgObject *self) - case 'z': - case 'Z': - case 'P': -- sprintf(buffer, "<cparam '%c' (%p)>", -+ return PyUnicode_FromFormat("<cparam '%c' (%p)>", - self->tag, self->value.p); - break; - - default: -- sprintf(buffer, "<cparam '%c' at %p>", -- self->tag, self); -- break; -+ return PyUnicode_FromFormat("<cparam '%c' at %p>", -+ (unsigned char)self->tag, (void *)self); - } -- return PyUnicode_FromString(buffer); - } - - static PyMemberDef PyCArgType_members[] = { --- -2.29.2 - diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk index 7e9952ac6cc7..ca81fd2ed77b 100644 --- a/external/python3/ExternalProject_python3.mk +++ b/external/python3/ExternalProject_python3.mk @@ -39,14 +39,13 @@ $(call gb_ExternalProject_get_state_target,python3,build) : /maxcpucount \ $(if $(filter 140,$(VCVER)),/p:PlatformToolset=v140 /p:VisualStudioVersion=14.0 /ToolsVersion:14.0) \ $(if $(filter 150,$(VCVER)),/p:PlatformToolset=v141 /p:VisualStudioVersion=15.0 /ToolsVersion:15.0) \ - $(if $(filter 150-10,$(VCVER)-$(WINDOWS_SDK_VERSION)),/p:WindowsTargetPlatformVersion=$(UCRTVERSION)) \ + $(if $(filter 160,$(VCVER)),/p:PlatformToolset=v142 /p:VisualStudioVersion=16.0 /ToolsVersion:Current) \ + $(if $(filter 10,$(WINDOWS_SDK_VERSION)),/p:WindowsTargetPlatformVersion=$(UCRTVERSION)) \ ,PCBuild) else -# this was added in 2004, hopefully is obsolete now (and why only intel anyway)? $(if $(filter SOLARIS-INTEL,$(OS)$(CPUNAME)),--disable-ipv6) - -# --with-system-expat: this should find the one in the solver (or system) +# --with-system-expat: this should find the one in the workdir (or system) # create a symlink "LO_lib" because the .so are in a directory with platform # specific name like build/lib.linux-x86_64-3.3 @@ -68,11 +67,11 @@ $(call gb_ExternalProject_get_state_target,python3,build) : $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(ENABLE_VALGRIND),--with-valgrind) \ --prefix=/python-inst \ - $(if $(filter MACOSX,$(OS)),,--with-system-expat) \ + --with-system-expat \ $(if $(filter AIX,$(OS)), \ --disable-ipv6 --with-threads OPT="-g0 -fwrapv -O3 -Wall", \ $(if $(gb_Module_CURRENTMODULE_DEBUG_ENABLED), \ - OPT="$(gb_COMPILERNOOPTFLAGS) $(gb_DEBUGINFO_FLAGS) $(gb_DEBUG_CFLAGS)")) \ + OPT="$(gb_COMPILERNOOPTFLAGS) $(gb_DEBUGINFO_FLAGS)")) \ $(if $(filter MACOSX,$(OS)), \ $(if $(filter INTEL,$(CPUNAME)),--enable-universalsdk=$(MACOSX_SDK_PATH) \ --with-universal-archs=intel \ diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index 07ff3b6f2ced..29d417e57833 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -23,12 +23,10 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/python-3.5.4-msvc-disable.patch.1 \ external/python3/python-3.3.0-pythreadstate.patch.1 \ external/python3/python-3.3.0-clang.patch.1 \ - external/python3/python-3.3.5-pyexpat-symbols.patch.1 \ external/python3/ubsan.patch.0 \ external/python3/python-3.5.tweak.strip.soabi.patch \ + external/python3/darwin.patch.0 \ external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 \ - external/python3/python-3.5.7-c99.patch.1 \ - external/python3/0001-3.6-closes-bpo-42938-Replace-snprintf-with-Python-un.patch.1 \ )) ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),) diff --git a/external/python3/darwin.patch.0 b/external/python3/darwin.patch.0 new file mode 100644 index 000000000000..139cdc9780bb --- /dev/null +++ b/external/python3/darwin.patch.0 @@ -0,0 +1,10 @@ +--- Modules/_ctypes/libffi_osx/x86/darwin64.S ++++ Modules/_ctypes/libffi_osx/x86/darwin64.S +@@ -29,7 +29,6 @@ + #include <fficonfig.h> + #include <ffi.h> + +- .file "darwin64.S" + .text + + /* ffi_call_unix64 (void *args, unsigned long bytes, unsigned flags, diff --git a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 b/external/python3/python-3.3.5-pyexpat-symbols.patch.1 deleted file mode 100644 index c04c78cf36e7..000000000000 --- a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 +++ /dev/null @@ -1,28 +0,0 @@ -HACK: Fix build breakage on MacOS: - -*** WARNING: renaming "pyexpat" since importing it failed: dlopen(build/lib.macosx-10.6-i386-3.3/pyexpat.so, 2): Symbol not found: _XML_ErrorString - -This reverts c242a8f30806 from the python hg repo: - -restore namespacing of pyexpat symbols (closes #19186) - - -See http://bugs.python.org/issue19186#msg214069 - -The recommendation to include Modules/inc at first broke the Linux build... - -So do it this way, as it was before. Needs some realignment later. - ---- python3/Modules/expat/expat_external.h -+++ python3/Modules/expat/expat_external.h -@@ -7,10 +7,6 @@ - - /* External API definitions */ - --/* Namespace external symbols to allow multiple libexpat version to -- co-exist. */ --#include "pyexpatns.h" -- - #if defined(_MSC_EXTENSIONS) && !defined(__BEOS__) && !defined(__CYGWIN__) - #define XML_USE_MSC_EXTENSIONS 1 - #endif diff --git a/external/python3/python-3.5.7-c99.patch.1 b/external/python3/python-3.5.7-c99.patch.1 deleted file mode 100644 index 558166d9953f..000000000000 --- a/external/python3/python-3.5.7-c99.patch.1 +++ /dev/null @@ -1,62 +0,0 @@ -remove C99 which isn't suppored by all compilers yet - ---- python3/Modules/_pickle.c.orig 2019-04-03 16:34:01.380124314 +0200 -+++ python3/Modules/_pickle.c 2019-04-03 16:35:18.579005171 +0200 -@@ -674,9 +674,12 @@ - PyErr_NoMemory(); - return NULL; - } -- for (size_t i = 0; i < self->mt_allocated; i++) { -+ { -+ size_t i; -+ for (i = 0; i < self->mt_allocated; i++) { - Py_XINCREF(self->mt_table[i].me_key); - } -+ } - memcpy(new->mt_table, self->mt_table, - sizeof(PyMemoEntry) * self->mt_allocated); - -@@ -4204,7 +4207,9 @@ - return NULL; - - memo = self->pickler->memo; -- for (size_t i = 0; i < memo->mt_allocated; ++i) { -+ { -+ size_t i; -+ for (i = 0; i < memo->mt_allocated; ++i) { - PyMemoEntry entry = memo->mt_table[i]; - if (entry.me_key != NULL) { - int status; -@@ -4225,6 +4230,7 @@ - goto error; - } - } -+ } - return new_memo; - - error: -@@ -6791,10 +6797,13 @@ - if (new_memo == NULL) - return -1; - -- for (size_t i = 0; i < new_memo_size; i++) { -+ { -+ size_t i; -+ for (i = 0; i < new_memo_size; i++) { - Py_XINCREF(unpickler->memo[i]); - new_memo[i] = unpickler->memo[i]; - } -+ } - } - else if (PyDict_Check(obj)) { - Py_ssize_t i = 0; -@@ -6839,7 +6848,8 @@ - - error: - if (new_memo_size) { -- for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) { -+ size_t i; -+ for (i = new_memo_size - 1; i != SIZE_MAX; i--) { - Py_XDECREF(new_memo[i]); - } - PyMem_FREE(new_memo); |