python3: upgrade to release 3.8.16

Fixes CVE-2022-37454 and a few other ones that look less relevant including CVE-2022-45061 and CVE-2015-20107. Change-Id: I10fd254f7f0801d47119234bb3436874e98d8c91 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143849 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 05f55b3898407828bb24347be56247f58803f7bb) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143859 Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
author: Michael Stahl <michael.stahl@allotropia.de> 2022-12-09 11:51:22 +0100
committer: Andras Timar <andras.timar@collabora.com> 2023-01-29 22:01:30 +0100
commit: 7023bab44027f27b55d496e1ce338740a227fa73 (patch)
tree: eab12aae5f4ebbc530aa0154843f101a965a0fec
parent: 86c3fd212994e16a05a8b12387e7a00e6cc64b9a (diff)
17 files changed, 200 insertions, 97 deletions
diff --git a/configure.ac b/configure.ac
index 56872ba94285..731bcd4fb0d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9712,7 +9712,7 @@ internal)
     SYSTEM_PYTHON=
     PYTHON_VERSION_MAJOR=3
     PYTHON_VERSION_MINOR=8
-    PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.10
+    PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.16
     if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
         AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst])
     fi
diff --git a/download.lst b/download.lst
index 325aa3af680f..9b29751f82d7 100644
--- a/download.lst
+++ b/download.lst
@@ -222,8 +222,8 @@ export POPPLER_DATA_SHA256SUM := 6e2fcef66ec8c44625f94292ccf8af9f1d918b410d5aa69
 export POPPLER_DATA_TARBALL := poppler-data-0.4.10.tar.gz
 export POSTGRESQL_SHA256SUM := 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
 export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
-export PYTHON_SHA256SUM := 6af24a66093dd840bcccf371d4044a3027e655cf24591ce26e48022bc79219d9
-export PYTHON_TARBALL := Python-3.8.10.tar.xz
+export PYTHON_SHA256SUM := d85dbb3774132473d8081dcb158f34a10ccad7a90b96c7e50ea4bb61f5ce4562
+export PYTHON_TARBALL := Python-3.8.16.tar.xz
 export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
 export QXP_TARBALL := libqxp-0.0.2.tar.xz
 export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
diff --git a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
deleted file mode 100644
index 489e5d0e89ee..000000000000
--- a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
+++ /dev/null
@@ -1,59 +0,0 @@
-From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Mon, 24 Sep 2018 14:38:31 +0200
-Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser
- (GH-9217) (GH-9512)
-
-The SAX parser no longer processes general external entities by default
-to increase security. Before, the parser created network connections
-to fetch remote files or loaded local files from the file system for DTD
-and entities.
-
-Signed-off-by: Christian Heimes <christian@python.org>
-
-https://bugs.python.org/issue17239.
-(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
-
-Co-authored-by: Christian Heimes <christian@python.org>
-
-
-
-https://bugs.python.org/issue17239
----
- Doc/library/xml.dom.pulldom.rst               | 14 +++++
- Doc/library/xml.rst                           |  6 +-
- Doc/library/xml.sax.rst                       |  8 +++
- Doc/whatsnew/3.6.rst                          | 18 +++++-
- Lib/test/test_pulldom.py                      |  7 +++
- Lib/test/test_sax.py                          | 60 ++++++++++++++++++-
- Lib/test/test_xml_etree.py                    | 13 ++++
- Lib/xml/sax/expatreader.py                    |  2 +-
- .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst  |  3 +
- 9 files changed, 125 insertions(+), 6 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-
-diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
-index 421358fa5b..5066ffc2fa 100644
---- a/Lib/xml/sax/expatreader.py
-+++ b/Lib/xml/sax/expatreader.py
-@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator):
-         self._lex_handler_prop = None
-         self._parsing = 0
-         self._entity_stack = []
--        self._external_ges = 1
-+        self._external_ges = 0
-         self._interning = None
- 
-     # XMLReader methods
-diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-new file mode 100644
-index 0000000000..8dd0fe8c1b
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-@@ -0,0 +1,3 @@
-+The xml.sax and xml.dom.minidom parsers no longer processes external
-+entities by default. External DTD and ENTITY declarations no longer
-+load files or create network connections.
--- 
-2.20.1
-
diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk
index 807b3875d8b2..dc268e8bb619 100644
--- a/external/python3/ExternalProject_python3.mk
+++ b/external/python3/ExternalProject_python3.mk
@@ -154,7 +154,7 @@ $(call gb_ExternalProject_get_state_target,python3,fixscripts) : $(call gb_Exter
 		pydoc$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \
 		python$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)-config \
 	; do { rm "$$file" && $(gb_AWK) '\
-		BEGIN {print "#!/bin/bash\n\
+		BEGIN {print "#!/usr/bin/env bash\n\
 origpath=$$(pwd)\n\
 bindir=$$(cd $$(dirname \"$$0\") ; pwd)\n\
 cd \"$$origpath\"\n\
diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk
index af514446fff2..31b6a166e6ae 100644
--- a/external/python3/UnpackedTarball_python3.mk
+++ b/external/python3/UnpackedTarball_python3.mk
@@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,python3,\
 $(eval $(call gb_UnpackedTarball_add_patches,python3,\
 	external/python3/i100492-freebsd.patch.1 \
 	external/python3/python-3.3.0-darwin.patch.1 \
+	external/python3/python-3.8-msvc-sdk.patch.1 \
 	external/python3/python-3.7.6-msvc-ssl.patch.1 \
 	external/python3/python-3.5.4-msvc-disable.patch.1 \
 	external/python3/ubsan.patch.0 \
diff --git a/external/python3/darwin.patch.0 b/external/python3/darwin.patch.0
index 30d20ed57578..139cdc9780bb 100644
--- a/external/python3/darwin.patch.0
+++ b/external/python3/darwin.patch.0
@@ -8,15 +8,3 @@
  .text
  
  /* ffi_call_unix64 (void *args, unsigned long bytes, unsigned flags,
---- configure
-+++ configure
-@@ -5167,7 +5167,9 @@
- fi
- 
- 
-+if test "$(uname -s)" = Darwin; then MULTIARCH=; else
- MULTIARCH=$($CC --print-multiarch 2>/dev/null)
-+fi
- 
- 
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the platform triplet based on compiler characteristics" >&5
diff --git a/external/python3/i100492-freebsd.patch.1 b/external/python3/i100492-freebsd.patch.1
index 074e5fc489f8..b2ca1ee7117f 100644
--- a/external/python3/i100492-freebsd.patch.1
+++ b/external/python3/i100492-freebsd.patch.1
@@ -2,7 +2,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org
 
 --- Python-3.3.0/Python/thread_pthread.h	2012-11-28 09:00:41.097955124 +0000
 +++ Python-3.3.0/Python/thread_pthread.h	2012-11-28 09:01:13.018329351 +0000
-@@ -186,6 +189,9 @@
+@@ -238,6 +238,9 @@
  {
      pthread_t th;
      int status;
@@ -12,7 +12,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org
  #if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED)
      pthread_attr_t attrs;
  #endif
-@@ -214,6 +220,10 @@
+@@ -277,6 +280,10 @@
      callback->func = func;
      callback->arg = arg;
  
@@ -23,7 +23,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org
      status = pthread_create(&th,
  #if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED)
                               &attrs,
-@@ -225,6 +234,9 @@
+@@ -285,6 +292,9 @@
  #endif
                               pythread_wrapper, callback);
  
diff --git a/external/python3/internal-zlib.patch.0 b/external/python3/internal-zlib.patch.0
index de68d9e7dec8..27bb737db0c7 100644
--- a/external/python3/internal-zlib.patch.0
+++ b/external/python3/internal-zlib.patch.0
@@ -19,7 +19,7 @@
  
 --- setup.py
 +++ setup.py
-@@ -1362,7 +1362,7 @@
+@@ -1483,7 +1483,7 @@
          #
          # You can upgrade zlib to version 1.1.4 yourself by going to
          # http://www.gzip.org/zlib/
@@ -28,7 +28,7 @@
          have_zlib = False
          if zlib_inc is not None:
              zlib_h = zlib_inc[0] + '/zlib.h'
-@@ -1379,13 +1379,13 @@
+@@ -1500,13 +1500,13 @@
                          version = line.split()[2]
                          break
              if version >= version_req:
@@ -44,7 +44,7 @@
                                         extra_link_args=zlib_extra_link_args))
                      have_zlib = True
                  else:
-@@ -1399,7 +1399,7 @@
+@@ -1520,7 +1520,7 @@
          # crc32 if we have it.  Otherwise binascii uses its own.
          if have_zlib:
              extra_compile_args = ['-DUSE_ZLIB_CRC32']
diff --git a/external/python3/macos-11.patch.0 b/external/python3/macos-11.patch.0
index e2f13ac4c426..2c8b419bbdb9 100644
--- a/external/python3/macos-11.patch.0
+++ b/external/python3/macos-11.patch.0
@@ -1,6 +1,6 @@
 --- setup.py
 +++ setup.py
-@@ -670,7 +670,10 @@
+@@ -655,7 +655,10 @@
              add_dir_to_list(self.compiler.include_dirs,
                              sysconfig.get_config_var("INCLUDEDIR"))
  
@@ -14,7 +14,7 @@
          # if a file is found in one of those directories, it can
 --- Modules/_posixsubprocess.c
 +++ Modules/_posixsubprocess.c
-@@ -31,6 +31,8 @@
+@@ -30,6 +30,8 @@
  # define SYS_getdents64  __NR_getdents64
  #endif
  
@@ -23,7 +23,7 @@
  #if defined(__sun) && defined(__SVR4)
  /* readdir64 is used to work around Solaris 9 bug 6395699. */
  # define readdir readdir64
-@@ -202,7 +202,7 @@
+@@ -201,7 +203,7 @@
  #endif
  #ifdef _SC_OPEN_MAX
      local_max_fd = sysconf(_SC_OPEN_MAX);
diff --git a/external/python3/python-3.3.0-darwin.patch.1 b/external/python3/python-3.3.0-darwin.patch.1
index 27a355e2ad21..39d3c9180a19 100644
--- a/external/python3/python-3.3.0-darwin.patch.1
+++ b/external/python3/python-3.3.0-darwin.patch.1
@@ -5,7 +5,7 @@ LO needs to build both against MacOSX SDK and not produce universal binaries.
 diff -ru python3.orig/configure python3/configure
 --- python3.orig/configure	2015-07-26 17:36:11.808497783 +0200
 +++ python3/configure	2015-07-26 17:38:49.016508337 +0200
-@@ -6794,7 +6794,20 @@
+@@ -7385,7 +7385,20 @@
          then
              case "$UNIVERSAL_ARCHS" in
              32-bit)
@@ -30,7 +30,7 @@ diff -ru python3.orig/configure python3/configure
 diff -ru python3.orig/Mac/Makefile.in python3/Mac/Makefile.in
 --- python3.orig/Mac/Makefile.in	2015-07-05 18:50:07.000000000 +0200
 +++ python3/Mac/Makefile.in	2015-07-26 17:40:14.860514100 +0200
-@@ -43,7 +43,7 @@
+@@ -44,7 +44,7 @@
  INSTALL_SCRIPT= @INSTALL_SCRIPT@
  INSTALL_DATA=@INSTALL_DATA@
  LN=@LN@
diff --git a/external/python3/python-3.3.3-disable-obmalloc.patch.0 b/external/python3/python-3.3.3-disable-obmalloc.patch.0
index 0963a5f1bb1d..c4a1dea61ecf 100644
--- a/external/python3/python-3.3.3-disable-obmalloc.patch.0
+++ b/external/python3/python-3.3.3-disable-obmalloc.patch.0
@@ -1,6 +1,6 @@
 --- Objects/obmalloc.c
 +++ Objects/obmalloc.c
-@@ -413,8 +413,8 @@
+@@ -712,8 +712,8 @@
  
  #ifdef WITH_PYMALLOC
  
@@ -10,7 +10,7 @@
  
  /* If we're using GCC, use __builtin_expect() to reduce overhead of
     the valgrind checks */
-@@ -1181,7 +1181,7 @@
+@@ -1430,7 +1430,7 @@
  
  #ifdef WITH_VALGRIND
      if (UNLIKELY(running_on_valgrind == -1)) {
diff --git a/external/python3/python-3.3.3-elf-rpath.patch.1 b/external/python3/python-3.3.3-elf-rpath.patch.1
index 55546afd9844..a408858f5917 100644
--- a/external/python3/python-3.3.3-elf-rpath.patch.1
+++ b/external/python3/python-3.3.3-elf-rpath.patch.1
@@ -5,7 +5,7 @@ set RPATH (only to be used on ELF platforms)
 diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in
 --- python3.orig/Makefile.pre.in	2015-07-26 20:29:07.126194320 +0200
 +++ python3/Makefile.pre.in	2015-07-26 20:37:21.814227530 +0200
-@@ -563,7 +563,7 @@
+@@ -566,7 +566,7 @@
  
  # Build the interpreter
  $(BUILDPYTHON):	Programs/python.o $(LIBRARY) $(LDLIBRARY) $(PY3LIBRARY)
@@ -14,7 +14,7 @@ diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in
  
  platform: $(BUILDPYTHON) pybuilddir.txt
  	$(RUNSHARED) $(PYTHON_FOR_BUILD) -c 'import sys ; from sysconfig import get_platform ; print("%s-%d.%d" % (get_platform(), *sys.version_info[:2]))' >platform
-@@ -625,7 +625,7 @@
+@@ -628,7 +628,7 @@
  	fi
  
  libpython3.so:	libpython$(LDVERSION).so
diff --git a/external/python3/python-3.5.4-msvc-disable.patch.1 b/external/python3/python-3.5.4-msvc-disable.patch.1
index 52c007d7d5b6..d5b4e3f6264b 100644
--- a/external/python3/python-3.5.4-msvc-disable.patch.1
+++ b/external/python3/python-3.5.4-msvc-disable.patch.1
@@ -3,7 +3,7 @@ Disable some stuff LO does not need, especially stuff with external dependencies
 diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
 --- python3.orig/PCbuild/pcbuild.sln	2017-08-10 00:04:44.359879894 +0200
 +++ python3/PCbuild/pcbuild.sln	2017-08-10 00:13:51.179873748 +0200
-@@ -12,8 +12,6 @@
+@@ -15,8 +15,6 @@
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pythoncore", "pythoncore.vcxproj", "{CF7AC3D1-E2DF-41D2-BEA6-1E2556CDEA26}"
  EndProject
@@ -12,7 +12,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winsound", "winsound.vcxproj", "{28B5D777-DDF2-4B6B-B34F-31D938813856}"
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_decimal", "_decimal.vcxproj", "{0E9791DB-593A-465F-98BC-681011311617}"
-@@ -28,34 +26,20 @@
+@@ -31,34 +29,20 @@
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_socket", "_socket.vcxproj", "{86937F53-C189-40EF-8CE8-8759D8E7D480}"
  EndProject
@@ -47,7 +47,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_multiprocessing", "_multiprocessing.vcxproj", "{9E48B300-37D1-11DD-8C41-005056C00008}"
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "python3dll", "python3dll.vcxproj", "{885D4898-D08D-4091-9C40-C700CFE3FC5A}"
-@@ -75,8 +75,6 @@
+@@ -93,8 +77,6 @@
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_queue", "_queue.vcxproj", "{78D80A15-BD8C-44E2-B49E-1F05B0A0A687}"
  EndProject
diff --git a/external/python3/python-3.5.tweak.strip.soabi.patch b/external/python3/python-3.5.tweak.strip.soabi.patch
index 48ac7f82f8be..4c2bb2bb9a29 100644
--- a/external/python3/python-3.5.tweak.strip.soabi.patch
+++ b/external/python3/python-3.5.tweak.strip.soabi.patch
@@ -1,7 +1,7 @@
 diff -ru python3.orig/configure python3/configure
 --- misc/python3.orig/configure	2015-07-26 21:14:31.127377193 +0200
 +++ misc/python3/configure	2015-07-26 21:21:34.975405648 +0200
-@@ -14388,7 +14388,7 @@
+@@ -15229,7 +15229,7 @@
  $as_echo "$ABIFLAGS" >&6; }
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking SOABI" >&5
  $as_echo_n "checking SOABI... " >&6; }
diff --git a/external/python3/python-3.7.6-msvc-ssl.patch.1 b/external/python3/python-3.7.6-msvc-ssl.patch.1
index 7c4a6ebc0fb7..17cc440f2204 100644
--- a/external/python3/python-3.7.6-msvc-ssl.patch.1
+++ b/external/python3/python-3.7.6-msvc-ssl.patch.1
@@ -2,7 +2,7 @@ No use for applink.c OPENSSL_Applink, everything is compiled with the same MSVC
 
 --- python3/PCbuild/_ssl.vcxproj.orig2	2019-12-23 15:54:19.254298900 +0100
 +++ python3/PCbuild/_ssl.vcxproj	2019-12-23 15:54:24.693251200 +0100
-@@ -67,9 +67,6 @@
+@@ -99,9 +99,6 @@
    </ItemDefinitionGroup>
    <ItemGroup>
      <ClCompile Include="..\Modules\_ssl.c" />
diff --git a/external/python3/python-3.8-msvc-sdk.patch.1 b/external/python3/python-3.8-msvc-sdk.patch.1
new file mode 100644
index 000000000000..fabdbb53ea63
--- /dev/null
+++ b/external/python3/python-3.8-msvc-sdk.patch.1
@@ -0,0 +1,173 @@
+diff --git a/PC/pylauncher.rc b/PC/pylauncher.rc
+index 92987af713..d21f9b6e9d 100644
+--- a/PC/pylauncher.rc
++++ b/PC/pylauncher.rc
+@@ -4,7 +4,6 @@
+ 
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+-#include <winuser.h>
+ 1 RT_MANIFEST "python.manifest"
+ 
+ #if defined(PY_ICON)
+diff --git a/PC/pyshellext.rc b/PC/pyshellext.rc
+index e5924a42da..fc607e9784 100644
+--- a/PC/pyshellext.rc
++++ b/PC/pyshellext.rc
+@@ -4,7 +4,6 @@
+ 
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+-#include <winuser.h>
+ 1 RT_MANIFEST "python.manifest"
+ 
+ /////////////////////////////////////////////////////////////////////////////
+diff --git a/PC/python_exe.rc b/PC/python_exe.rc
+index ae0b029b80..5eba89962b 100644
+--- a/PC/python_exe.rc
++++ b/PC/python_exe.rc
+@@ -4,7 +4,6 @@
+ 
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+-#include <winuser.h>
+ 1 RT_MANIFEST "python.manifest"
+ 
+ 1 ICON DISCARDABLE "icons\python.ico" 
+diff --git a/PC/python_nt.rc b/PC/python_nt.rc
+index fac6105d8a..33cee42cb7 100644
+--- a/PC/python_nt.rc
++++ b/PC/python_nt.rc
+@@ -4,7 +4,6 @@
+ 
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+-#include <winuser.h>
+ 2 RT_MANIFEST "python.manifest"
+ 
+ // String Tables
+diff --git a/PC/pythonw_exe.rc b/PC/pythonw_exe.rc
+index 88bf3592e1..562652be18 100644
+--- a/PC/pythonw_exe.rc
++++ b/PC/pythonw_exe.rc
+@@ -4,7 +4,6 @@
+ 
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+-#include <winuser.h>
+ 1 RT_MANIFEST "python.manifest"
+ 
+ 1 ICON DISCARDABLE "icons\pythonw.ico" 
+diff --git a/PC/sqlite3.rc b/PC/sqlite3.rc
+index 84bd87d9d5..d2c18f8add 100644
+--- a/PC/sqlite3.rc
++++ b/PC/sqlite3.rc
+@@ -4,7 +4,6 @@
+ 
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+-#include <winuser.h>
+ 2 RT_MANIFEST "python.manifest"
+ 
+ /////////////////////////////////////////////////////////////////////////////
+diff --git a/PC/pylauncher.rc b/PC/pylauncher.rc
+index d21f9b6e9d..ff7e71e0fd 100644
+--- a/PC/pylauncher.rc
++++ b/PC/pylauncher.rc
+@@ -2,6 +2,11 @@
+ 
+ #include "python_ver_rc.h"
+ 
++#ifndef RT_MANIFEST
++// bpo-45220: Cannot reliably #include RT_MANIFEST from
++// anywhere, so we hardcode it
++#define RT_MANIFEST 24
++#endif
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+ 1 RT_MANIFEST "python.manifest"
+diff --git a/PC/pyshellext.rc b/PC/pyshellext.rc
+index fc607e9784..af797ce95d 100644
+--- a/PC/pyshellext.rc
++++ b/PC/pyshellext.rc
+@@ -2,6 +2,12 @@
+ 
+ #include "python_ver_rc.h"
+ 
++#ifndef RT_MANIFEST
++// bpo-45220: Cannot reliably #include RT_MANIFEST from
++// anywhere, so we hardcode it
++#define RT_MANIFEST 24
++#endif
++
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+ 1 RT_MANIFEST "python.manifest"
+diff --git a/PC/python_exe.rc b/PC/python_exe.rc
+index 5eba89962b..c3d3bff019 100644
+--- a/PC/python_exe.rc
++++ b/PC/python_exe.rc
+@@ -2,6 +2,12 @@
+ 
+ #include "python_ver_rc.h"
+ 
++#ifndef RT_MANIFEST
++// bpo-45220: Cannot reliably #include RT_MANIFEST from
++// anywhere, so we hardcode it
++#define RT_MANIFEST 24
++#endif
++
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+ 1 RT_MANIFEST "python.manifest"
+diff --git a/PC/python_nt.rc b/PC/python_nt.rc
+index 33cee42cb7..539362cdc2 100644
+--- a/PC/python_nt.rc
++++ b/PC/python_nt.rc
+@@ -2,6 +2,12 @@
+ 
+ #include "python_ver_rc.h"
+ 
++#ifndef RT_MANIFEST
++// bpo-45220: Cannot reliably #include RT_MANIFEST from
++// anywhere, so we hardcode it
++#define RT_MANIFEST 24
++#endif
++
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+ 2 RT_MANIFEST "python.manifest"
+diff --git a/PC/pythonw_exe.rc b/PC/pythonw_exe.rc
+index 562652be18..38570b74fa 100644
+--- a/PC/pythonw_exe.rc
++++ b/PC/pythonw_exe.rc
+@@ -2,6 +2,12 @@
+ 
+ #include "python_ver_rc.h"
+ 
++#ifndef RT_MANIFEST
++// bpo-45220: Cannot reliably #include RT_MANIFEST from
++// anywhere, so we hardcode it
++#define RT_MANIFEST 24
++#endif
++
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+ 1 RT_MANIFEST "python.manifest"
+diff --git a/PC/sqlite3.rc b/PC/sqlite3.rc
+index d2c18f8add..9ae2aa0f6f 100644
+--- a/PC/sqlite3.rc
++++ b/PC/sqlite3.rc
+@@ -2,6 +2,12 @@
+ 
+ #include <winver.h>
+ 
++#ifndef RT_MANIFEST
++// bpo-45220: Cannot reliably #include RT_MANIFEST from
++// anywhere, so we hardcode it
++#define RT_MANIFEST 24
++#endif
++
+ // Include the manifest file that indicates we support all
+ // current versions of Windows.
+ 2 RT_MANIFEST "python.manifest"
diff --git a/external/python3/ubsan.patch.0 b/external/python3/ubsan.patch.0
index 9f458b1e0f95..d44fbe055c86 100644
--- a/external/python3/ubsan.patch.0
+++ b/external/python3/ubsan.patch.0
@@ -20,7 +20,7 @@
  		This is clc or stc, together with the first byte of the jmp.  */
 --- Modules/posixmodule.c
 +++ Modules/posixmodule.c
-@@ -23,6 +23,9 @@
+@@ -13998,6 +13998,9 @@
  };
  
  static int
@@ -32,7 +32,7 @@
  #ifdef F_OK
 --- Objects/listobject.c
 +++ Objects/listobject.c
-@@ -548,7 +548,7 @@
+@@ -554,7 +554,7 @@
          dest[i] = v;
      }
      src = b->ob_item;
author	Michael Stahl <michael.stahl@allotropia.de>	2022-12-09 11:51:22 +0100
committer	Andras Timar <andras.timar@collabora.com>	2023-01-29 22:01:30 +0100
commit	7023bab44027f27b55d496e1ce338740a227fa73 (patch)
tree	eab12aae5f4ebbc530aa0154843f101a965a0fec
parent	86c3fd212994e16a05a8b12387e7a00e6cc64b9a (diff)