From a73ae905bfe576fc3761e56591fb95ca7768fb70 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Mon, 18 Nov 2019 18:45:46 +0100 Subject: python3: upgrade to release 3.5.9 Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056 and expat CVE-2019-15903. python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a mystery why --with-system-expat is used everywhere but on MacOSX, where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no obvious reason, so try to remove the special case and get rid of the patch. Reviewed-on: https://gerrit.libreoffice.org/83117 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076) Reviewed-on: https://gerrit.libreoffice.org/83189 Reviewed-by: Thorsten Behrens (cherry picked from commit 0d4b1f624349361e5bf11b58ccc9e0e295c0e4aa) Remove external/python3/python-3.5.7-c99.patch.1 - was apparently reverted upstream. Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96 Reviewed-on: https://gerrit.libreoffice.org/83417 Reviewed-by: Michael Stahl Tested-by: Michael Stahl --- configure.ac | 2 +- download.lst | 4 +- external/python3/ExternalProject_python3.mk | 6 +-- external/python3/UnpackedTarball_python3.mk | 2 - .../python3/python-3.3.5-pyexpat-symbols.patch.1 | 28 ---------- external/python3/python-3.5.7-c99.patch.1 | 62 ---------------------- 6 files changed, 5 insertions(+), 99 deletions(-) delete mode 100644 external/python3/python-3.3.5-pyexpat-symbols.patch.1 delete mode 100644 external/python3/python-3.5.7-c99.patch.1 diff --git a/configure.ac b/configure.ac index 4a608ab46c28..502e53e28862 100644 --- a/configure.ac +++ b/configure.ac @@ -8297,7 +8297,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=5 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.9 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index f271916cf397..b3cd2e7cdbe4 100644 --- a/download.lst +++ b/download.lst @@ -210,8 +210,8 @@ export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82 export POPPLER_TARBALL := poppler-0.74.0.tar.xz export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461 export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2 -export PYTHON_SHA256SUM := 285892899bf4d5737fd08482aa6171c6b2564a45b9102dfacfb72826aebdc7dc -export PYTHON_TARBALL := Python-3.5.7.tar.xz +export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 +export PYTHON_TARBALL := Python-3.5.9.tar.xz export QXP_SHA256SUM := 8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73 export QXP_TARBALL := libqxp-0.0.1.tar.xz export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk index 09edc2a099f2..99547f384844 100644 --- a/external/python3/ExternalProject_python3.mk +++ b/external/python3/ExternalProject_python3.mk @@ -42,9 +42,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) : else -# this was added in 2004, hopefully is obsolete now (and why only intel anyway)? $(if $(filter SOLARIS-INTEL,$(OS)$(CPUNAME)),--disable-ipv6) - -# --with-system-expat: this should find the one in the solver (or system) +# --with-system-expat: this should find the one in the workdir (or system) # create a symlink "LO_lib" because the .so are in a directory with platform # specific name like build/lib.linux-x86_64-3.3 @@ -66,7 +64,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) : $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(ENABLE_VALGRIND),--with-valgrind) \ --prefix=/python-inst \ - $(if $(filter MACOSX,$(OS)),,--with-system-expat) \ + --with-system-expat \ $(if $(filter AIX,$(OS)), \ --disable-ipv6 --with-threads OPT="-g0 -fwrapv -O3 -Wall", \ $(if $(gb_Module_CURRENTMODULE_DEBUG_ENABLED), \ diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index 66a82955e440..ee99de1f5e0c 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -23,11 +23,9 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/python-3.5.4-msvc-disable.patch.1 \ external/python3/python-3.3.0-pythreadstate.patch.1 \ external/python3/python-3.3.0-clang.patch.1 \ - external/python3/python-3.3.5-pyexpat-symbols.patch.1 \ external/python3/ubsan.patch.0 \ external/python3/python-3.5.tweak.strip.soabi.patch \ external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 \ - external/python3/python-3.5.7-c99.patch.1 \ )) ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),) diff --git a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 b/external/python3/python-3.3.5-pyexpat-symbols.patch.1 deleted file mode 100644 index c04c78cf36e7..000000000000 --- a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 +++ /dev/null @@ -1,28 +0,0 @@ -HACK: Fix build breakage on MacOS: - -*** WARNING: renaming "pyexpat" since importing it failed: dlopen(build/lib.macosx-10.6-i386-3.3/pyexpat.so, 2): Symbol not found: _XML_ErrorString - -This reverts c242a8f30806 from the python hg repo: - -restore namespacing of pyexpat symbols (closes #19186) - - -See http://bugs.python.org/issue19186#msg214069 - -The recommendation to include Modules/inc at first broke the Linux build... - -So do it this way, as it was before. Needs some realignment later. - ---- python3/Modules/expat/expat_external.h -+++ python3/Modules/expat/expat_external.h -@@ -7,10 +7,6 @@ - - /* External API definitions */ - --/* Namespace external symbols to allow multiple libexpat version to -- co-exist. */ --#include "pyexpatns.h" -- - #if defined(_MSC_EXTENSIONS) && !defined(__BEOS__) && !defined(__CYGWIN__) - #define XML_USE_MSC_EXTENSIONS 1 - #endif diff --git a/external/python3/python-3.5.7-c99.patch.1 b/external/python3/python-3.5.7-c99.patch.1 deleted file mode 100644 index 558166d9953f..000000000000 --- a/external/python3/python-3.5.7-c99.patch.1 +++ /dev/null @@ -1,62 +0,0 @@ -remove C99 which isn't suppored by all compilers yet - ---- python3/Modules/_pickle.c.orig 2019-04-03 16:34:01.380124314 +0200 -+++ python3/Modules/_pickle.c 2019-04-03 16:35:18.579005171 +0200 -@@ -674,9 +674,12 @@ - PyErr_NoMemory(); - return NULL; - } -- for (size_t i = 0; i < self->mt_allocated; i++) { -+ { -+ size_t i; -+ for (i = 0; i < self->mt_allocated; i++) { - Py_XINCREF(self->mt_table[i].me_key); - } -+ } - memcpy(new->mt_table, self->mt_table, - sizeof(PyMemoEntry) * self->mt_allocated); - -@@ -4204,7 +4207,9 @@ - return NULL; - - memo = self->pickler->memo; -- for (size_t i = 0; i < memo->mt_allocated; ++i) { -+ { -+ size_t i; -+ for (i = 0; i < memo->mt_allocated; ++i) { - PyMemoEntry entry = memo->mt_table[i]; - if (entry.me_key != NULL) { - int status; -@@ -4225,6 +4230,7 @@ - goto error; - } - } -+ } - return new_memo; - - error: -@@ -6791,10 +6797,13 @@ - if (new_memo == NULL) - return -1; - -- for (size_t i = 0; i < new_memo_size; i++) { -+ { -+ size_t i; -+ for (i = 0; i < new_memo_size; i++) { - Py_XINCREF(unpickler->memo[i]); - new_memo[i] = unpickler->memo[i]; - } -+ } - } - else if (PyDict_Check(obj)) { - Py_ssize_t i = 0; -@@ -6839,7 +6848,8 @@ - - error: - if (new_memo_size) { -- for (size_t i = new_memo_size - 1; i != SIZE_MAX; i--) { -+ size_t i; -+ for (i = new_memo_size - 1; i != SIZE_MAX; i--) { - Py_XDECREF(new_memo[i]); - } - PyMem_FREE(new_memo); -- cgit v1.2.3