aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2021-02-17 13:56:52 +0100
committerMichael Stahl <michael.stahl@allotropia.de>2021-02-17 19:18:29 +0100
commit470819d59a595abd6eb89f98c675ac3141f7728c (patch)
tree2e694edbe79a01aa2b91520f1ecc258618cceb7b
parentaad28ac2ac2b76d7ab1ffad7d7fe62229f59d066 (diff)
python3: upgrade to release 3.7.10
Fixes CVE-2021-3177 plus these less important ones: CVE-2021-23336 CVE-2020-27619 CVE-2020-14422 CVE-2020-26116 CVE-2019-20907 CVE-2020-8492 CVE-2019-18348 Change-Id: I8e83395bd3e871eb2ed030a03827b7d261c96049 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111069 Tested-by: Michael Stahl <michael.stahl@allotropia.de> Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
-rw-r--r--configure.ac2
-rw-r--r--download.lst4
-rw-r--r--external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.159
-rw-r--r--external/python3/python-3.3.0-darwin.patch.12
4 files changed, 4 insertions, 63 deletions
diff --git a/configure.ac b/configure.ac
index 0b7415549198..a8056fdeaa6f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8789,7 +8789,7 @@ internal)
SYSTEM_PYTHON=
PYTHON_VERSION_MAJOR=3
PYTHON_VERSION_MINOR=7
- PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7
+ PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.10
if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst])
fi
diff --git a/download.lst b/download.lst
index bdbed280f3e0..702a921e929b 100644
--- a/download.lst
+++ b/download.lst
@@ -212,8 +212,8 @@ export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f
export POPPLER_TARBALL := poppler-21.01.0.tar.xz
export POSTGRESQL_SHA256SUM := 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
-export PYTHON_SHA256SUM := 06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136
-export PYTHON_TARBALL := Python-3.7.7.tar.xz
+export PYTHON_SHA256SUM := f8d82e7572c86ec9d55c8627aae5040124fd2203af400c383c821b980306ee6b
+export PYTHON_TARBALL := Python-3.7.10.tar.xz
export QRCODEGEN_SHA256SUM := fcdf9fd69fde07ae4dca2351d84271a9de8093002f733b77c70f52f1630f6e4a
export QRCODEGEN_TARBALL := QR-Code-generator-1.4.0.tar.gz
export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
diff --git a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
deleted file mode 100644
index 489e5d0e89ee..000000000000
--- a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
+++ /dev/null
@@ -1,59 +0,0 @@
-From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Mon, 24 Sep 2018 14:38:31 +0200
-Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser
- (GH-9217) (GH-9512)
-
-The SAX parser no longer processes general external entities by default
-to increase security. Before, the parser created network connections
-to fetch remote files or loaded local files from the file system for DTD
-and entities.
-
-Signed-off-by: Christian Heimes <christian@python.org>
-
-https://bugs.python.org/issue17239.
-(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
-
-Co-authored-by: Christian Heimes <christian@python.org>
-
-
-
-https://bugs.python.org/issue17239
----
- Doc/library/xml.dom.pulldom.rst | 14 +++++
- Doc/library/xml.rst | 6 +-
- Doc/library/xml.sax.rst | 8 +++
- Doc/whatsnew/3.6.rst | 18 +++++-
- Lib/test/test_pulldom.py | 7 +++
- Lib/test/test_sax.py | 60 ++++++++++++++++++-
- Lib/test/test_xml_etree.py | 13 ++++
- Lib/xml/sax/expatreader.py | 2 +-
- .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst | 3 +
- 9 files changed, 125 insertions(+), 6 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-
-diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
-index 421358fa5b..5066ffc2fa 100644
---- a/Lib/xml/sax/expatreader.py
-+++ b/Lib/xml/sax/expatreader.py
-@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator):
- self._lex_handler_prop = None
- self._parsing = 0
- self._entity_stack = []
-- self._external_ges = 1
-+ self._external_ges = 0
- self._interning = None
-
- # XMLReader methods
-diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-new file mode 100644
-index 0000000000..8dd0fe8c1b
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-@@ -0,0 +1,3 @@
-+The xml.sax and xml.dom.minidom parsers no longer processes external
-+entities by default. External DTD and ENTITY declarations no longer
-+load files or create network connections.
---
-2.20.1
-
diff --git a/external/python3/python-3.3.0-darwin.patch.1 b/external/python3/python-3.3.0-darwin.patch.1
index d5cb17e339a2..10a696aa6e93 100644
--- a/external/python3/python-3.3.0-darwin.patch.1
+++ b/external/python3/python-3.3.0-darwin.patch.1
@@ -49,7 +49,7 @@ diff -ru python3.orig/Mac/Resources/app/Info.plist.in python3/Mac/Resources/app/
- <string>Python</string>
+ <string>LibreOfficePython</string>
<key>CFBundleGetInfoString</key>
- <string>%version%, (c) 2001-2016 Python Software Foundation.</string>
+ <string>%version%, (c) 2001-2020 Python Software Foundation.</string>
<key>CFBundleHelpBookFolder</key>
diff -ru python3.orig/Mac/Resources/framework/Info.plist.in python3/Mac/Resources/framework/Info.plist.in
--- python3.orig/Mac/Resources/framework/Info.plist.in 2015-07-05 18:50:07.000000000 +0200