diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2021-02-17 13:56:52 +0100 |
|---|---|---|
| committer | Christian Lohmaier <lohmaier+LibreOffice@googlemail.com> | 2021-03-02 19:35:13 +0100 |
| commit | 205f3c0e22a6d56f7d2f3ed09dd9aef410e270ad (patch) | |
| tree | 171e910f36a86e31632dc752bbb1f72775dd5aa4 /external | |
| parent | 91c378d422f8b63ab2e8d321b2de9f9f1e0395ad (diff) | |
python3: upgrade to release 3.7.10
Fixes CVE-2021-3177 plus these less important ones:
CVE-2021-23336 CVE-2020-27619 CVE-2020-14422 CVE-2020-26116
CVE-2019-20907 CVE-2020-8492 CVE-2019-18348
Change-Id: I8e83395bd3e871eb2ed030a03827b7d261c96049
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111067
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>
Diffstat (limited to 'external')
| -rw-r--r-- | external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 | 59 | ||||
| -rw-r--r-- | external/python3/macos-11.patch.0 | 21 | ||||
| -rw-r--r-- | external/python3/python-3.3.0-darwin.patch.1 | 2 |
3 files changed, 1 insertions, 81 deletions
diff --git a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 deleted file mode 100644 index 489e5d0e89ee..000000000000 --- a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 +++ /dev/null @@ -1,59 +0,0 @@ -From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001 -From: Christian Heimes <christian@python.org> -Date: Mon, 24 Sep 2018 14:38:31 +0200 -Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser - (GH-9217) (GH-9512) - -The SAX parser no longer processes general external entities by default -to increase security. Before, the parser created network connections -to fetch remote files or loaded local files from the file system for DTD -and entities. - -Signed-off-by: Christian Heimes <christian@python.org> - -https://bugs.python.org/issue17239. -(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45) - -Co-authored-by: Christian Heimes <christian@python.org> - - - -https://bugs.python.org/issue17239 ---- - Doc/library/xml.dom.pulldom.rst | 14 +++++ - Doc/library/xml.rst | 6 +- - Doc/library/xml.sax.rst | 8 +++ - Doc/whatsnew/3.6.rst | 18 +++++- - Lib/test/test_pulldom.py | 7 +++ - Lib/test/test_sax.py | 60 ++++++++++++++++++- - Lib/test/test_xml_etree.py | 13 ++++ - Lib/xml/sax/expatreader.py | 2 +- - .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst | 3 + - 9 files changed, 125 insertions(+), 6 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst - -diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py -index 421358fa5b..5066ffc2fa 100644 ---- a/Lib/xml/sax/expatreader.py -+++ b/Lib/xml/sax/expatreader.py -@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator): - self._lex_handler_prop = None - self._parsing = 0 - self._entity_stack = [] -- self._external_ges = 1 -+ self._external_ges = 0 - self._interning = None - - # XMLReader methods -diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst -new file mode 100644 -index 0000000000..8dd0fe8c1b ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst -@@ -0,0 +1,3 @@ -+The xml.sax and xml.dom.minidom parsers no longer processes external -+entities by default. External DTD and ENTITY declarations no longer -+load files or create network connections. --- -2.20.1 - diff --git a/external/python3/macos-11.patch.0 b/external/python3/macos-11.patch.0 index d3dbbf605639..3b40069bdc23 100644 --- a/external/python3/macos-11.patch.0 +++ b/external/python3/macos-11.patch.0 @@ -1,25 +1,4 @@ -*- Mode: diff -*- ---- configure -+++ configure -@@ -3374,7 +3374,7 @@ - # has no effect, don't bother defining them - Darwin/[6789].*) - define_xopen_source=no;; -- Darwin/1[0-9].*) -+ Darwin/[12][0-9].*) - define_xopen_source=no;; - # On AIX 4 and 5.1, mbstate_t is defined only when _XOPEN_SOURCE == 500 but - # used in wcsnrtombs() and mbsnrtowcs() even if _XOPEN_SOURCE is not defined -@@ -9372,6 +9275,9 @@ - esac - else - case `/usr/bin/arch` in -+ arm64) -+ MACOSX_DEFAULT_ARCH="arm64" -+ ;; - i386) - MACOSX_DEFAULT_ARCH="x86_64" - ;; --- Mac/Tools/pythonw.c +++ Mac/Tools/pythonw.c @@ -121,6 +121,8 @@ diff --git a/external/python3/python-3.3.0-darwin.patch.1 b/external/python3/python-3.3.0-darwin.patch.1 index d5cb17e339a2..10a696aa6e93 100644 --- a/external/python3/python-3.3.0-darwin.patch.1 +++ b/external/python3/python-3.3.0-darwin.patch.1 @@ -49,7 +49,7 @@ diff -ru python3.orig/Mac/Resources/app/Info.plist.in python3/Mac/Resources/app/ - <string>Python</string> + <string>LibreOfficePython</string> <key>CFBundleGetInfoString</key> - <string>%version%, (c) 2001-2016 Python Software Foundation.</string> + <string>%version%, (c) 2001-2020 Python Software Foundation.</string> <key>CFBundleHelpBookFolder</key> diff -ru python3.orig/Mac/Resources/framework/Info.plist.in python3/Mac/Resources/framework/Info.plist.in --- python3.orig/Mac/Resources/framework/Info.plist.in 2015-07-05 18:50:07.000000000 +0200 |