Python3: update to 3.8.15

* Fixes CVE-2022-40674
* Removed 0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 as fixed upstream

Change-Id: I8e71f9a6b013ca4c45bf8774b284be98eee71bab
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/141746
Tested-by: Jenkins
Reviewed-by: Christian Lohmaier <lohmaier+LibreOffice@googlemail.com>

13 files changed, 25 insertions, 84 deletions

diff --git a/configure.ac b/configure.ac
index 4258dd0225f6..53ddc45502f9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9849,7 +9849,7 @@ internal)
     SYSTEM_PYTHON=
     PYTHON_VERSION_MAJOR=3
     PYTHON_VERSION_MINOR=8
-    PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.14
+    PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.15
     if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
         AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst])
     fi
diff --git a/download.lst b/download.lst
index 71323519bac0..14bc39ac7316 100644
--- a/download.lst
+++ b/download.lst
@@ -220,8 +220,8 @@ export POPPLER_DATA_SHA256SUM := 2cec05cd1bb03af98a8b06a1e22f6e6e1a65b1e2f3816cb
 export POPPLER_DATA_TARBALL := poppler-data-0.4.11.tar.gz
 export POSTGRESQL_SHA256SUM := 73876fdd3a517087340458dca4ce15b8d2a4dbceb334c0441424551ae6c4cded
 export POSTGRESQL_TARBALL := postgresql-13.8.tar.bz2
-export PYTHON_SHA256SUM := 5d77e278271ba803e9909a41a4f3baca006181c93ada682a5e5fe8dc4a24c5f3
-export PYTHON_TARBALL := Python-3.8.14.tar.xz
+export PYTHON_SHA256SUM := 5114fc7918a2a5e20eb5aac696b30c36f412c6ef24b13f5c9eb9e056982d9550
+export PYTHON_TARBALL := Python-3.8.15.tar.xz
 export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
 export QXP_TARBALL := libqxp-0.0.2.tar.xz
 export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
diff --git a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
deleted file mode 100644
index 489e5d0e89ee..000000000000
--- a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
+++ /dev/null
@@ -1,59 +0,0 @@
-From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Mon, 24 Sep 2018 14:38:31 +0200
-Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser
- (GH-9217) (GH-9512)
-
-The SAX parser no longer processes general external entities by default
-to increase security. Before, the parser created network connections
-to fetch remote files or loaded local files from the file system for DTD
-and entities.
-
-Signed-off-by: Christian Heimes <christian@python.org>
-
-https://bugs.python.org/issue17239.
-(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
-
-Co-authored-by: Christian Heimes <christian@python.org>
-
-
-
-https://bugs.python.org/issue17239
----
- Doc/library/xml.dom.pulldom.rst               | 14 +++++
- Doc/library/xml.rst                           |  6 +-
- Doc/library/xml.sax.rst                       |  8 +++
- Doc/whatsnew/3.6.rst                          | 18 +++++-
- Lib/test/test_pulldom.py                      |  7 +++
- Lib/test/test_sax.py                          | 60 ++++++++++++++++++-
- Lib/test/test_xml_etree.py                    | 13 ++++
- Lib/xml/sax/expatreader.py                    |  2 +-
- .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst  |  3 +
- 9 files changed, 125 insertions(+), 6 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-
-diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
-index 421358fa5b..5066ffc2fa 100644
---- a/Lib/xml/sax/expatreader.py
-+++ b/Lib/xml/sax/expatreader.py
-@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator):
-         self._lex_handler_prop = None
-         self._parsing = 0
-         self._entity_stack = []
--        self._external_ges = 1
-+        self._external_ges = 0
-         self._interning = None
- 
-     # XMLReader methods
-diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-new file mode 100644
-index 0000000000..8dd0fe8c1b
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-@@ -0,0 +1,3 @@
-+The xml.sax and xml.dom.minidom parsers no longer processes external
-+entities by default. External DTD and ENTITY declarations no longer
-+load files or create network connections.
--- 
-2.20.1
-
diff --git a/external/python3/i100492-freebsd.patch.1 b/external/python3/i100492-freebsd.patch.1
index 074e5fc489f8..b2ca1ee7117f 100644
--- a/external/python3/i100492-freebsd.patch.1
+++ b/external/python3/i100492-freebsd.patch.1
@@ -2,7 +2,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org
 
 --- Python-3.3.0/Python/thread_pthread.h	2012-11-28 09:00:41.097955124 +0000
 +++ Python-3.3.0/Python/thread_pthread.h	2012-11-28 09:01:13.018329351 +0000
-@@ -186,6 +189,9 @@
+@@ -238,6 +238,9 @@
  {
      pthread_t th;
      int status;
@@ -12,7 +12,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org
  #if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED)
      pthread_attr_t attrs;
  #endif
-@@ -214,6 +220,10 @@
+@@ -277,6 +280,10 @@
      callback->func = func;
      callback->arg = arg;
  
@@ -23,7 +23,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org
      status = pthread_create(&th,
  #if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED)
                               &attrs,
-@@ -225,6 +234,9 @@
+@@ -285,6 +292,9 @@
  #endif
                               pythread_wrapper, callback);
  
diff --git a/external/python3/internal-zlib.patch.0 b/external/python3/internal-zlib.patch.0
index de68d9e7dec8..27bb737db0c7 100644
--- a/external/python3/internal-zlib.patch.0
+++ b/external/python3/internal-zlib.patch.0
@@ -19,7 +19,7 @@
  
 --- setup.py
 +++ setup.py
-@@ -1362,7 +1362,7 @@
+@@ -1483,7 +1483,7 @@
          #
          # You can upgrade zlib to version 1.1.4 yourself by going to
          # http://www.gzip.org/zlib/
@@ -28,7 +28,7 @@
          have_zlib = False
          if zlib_inc is not None:
              zlib_h = zlib_inc[0] + '/zlib.h'
-@@ -1379,13 +1379,13 @@
+@@ -1500,13 +1500,13 @@
                          version = line.split()[2]
                          break
              if version >= version_req:
@@ -44,7 +44,7 @@
                                         extra_link_args=zlib_extra_link_args))
                      have_zlib = True
                  else:
-@@ -1399,7 +1399,7 @@
+@@ -1520,7 +1520,7 @@
          # crc32 if we have it.  Otherwise binascii uses its own.
          if have_zlib:
              extra_compile_args = ['-DUSE_ZLIB_CRC32']
diff --git a/external/python3/macos-11.patch.0 b/external/python3/macos-11.patch.0
index e2f13ac4c426..2c8b419bbdb9 100644
--- a/external/python3/macos-11.patch.0
+++ b/external/python3/macos-11.patch.0
@@ -1,6 +1,6 @@
 --- setup.py
 +++ setup.py
-@@ -670,7 +670,10 @@
+@@ -655,7 +655,10 @@
              add_dir_to_list(self.compiler.include_dirs,
                              sysconfig.get_config_var("INCLUDEDIR"))
  
@@ -14,7 +14,7 @@
          # if a file is found in one of those directories, it can
 --- Modules/_posixsubprocess.c
 +++ Modules/_posixsubprocess.c
-@@ -31,6 +31,8 @@
+@@ -30,6 +30,8 @@
  # define SYS_getdents64  __NR_getdents64
  #endif
  
@@ -23,7 +23,7 @@
  #if defined(__sun) && defined(__SVR4)
  /* readdir64 is used to work around Solaris 9 bug 6395699. */
  # define readdir readdir64
-@@ -202,7 +202,7 @@
+@@ -201,7 +203,7 @@
  #endif
  #ifdef _SC_OPEN_MAX
      local_max_fd = sysconf(_SC_OPEN_MAX);
diff --git a/external/python3/python-3.3.0-darwin.patch.1 b/external/python3/python-3.3.0-darwin.patch.1
index 27a355e2ad21..39d3c9180a19 100644
--- a/external/python3/python-3.3.0-darwin.patch.1
+++ b/external/python3/python-3.3.0-darwin.patch.1
@@ -5,7 +5,7 @@ LO needs to build both against MacOSX SDK and not produce universal binaries.
 diff -ru python3.orig/configure python3/configure
 --- python3.orig/configure	2015-07-26 17:36:11.808497783 +0200
 +++ python3/configure	2015-07-26 17:38:49.016508337 +0200
-@@ -6794,7 +6794,20 @@
+@@ -7385,7 +7385,20 @@
          then
              case "$UNIVERSAL_ARCHS" in
              32-bit)
@@ -30,7 +30,7 @@ diff -ru python3.orig/configure python3/configure
 diff -ru python3.orig/Mac/Makefile.in python3/Mac/Makefile.in
 --- python3.orig/Mac/Makefile.in	2015-07-05 18:50:07.000000000 +0200
 +++ python3/Mac/Makefile.in	2015-07-26 17:40:14.860514100 +0200
-@@ -43,7 +43,7 @@
+@@ -44,7 +44,7 @@
  INSTALL_SCRIPT= @INSTALL_SCRIPT@
  INSTALL_DATA=@INSTALL_DATA@
  LN=@LN@
diff --git a/external/python3/python-3.3.3-disable-obmalloc.patch.0 b/external/python3/python-3.3.3-disable-obmalloc.patch.0
index 0963a5f1bb1d..c4a1dea61ecf 100644
--- a/external/python3/python-3.3.3-disable-obmalloc.patch.0
+++ b/external/python3/python-3.3.3-disable-obmalloc.patch.0
@@ -1,6 +1,6 @@
 --- Objects/obmalloc.c
 +++ Objects/obmalloc.c
-@@ -413,8 +413,8 @@
+@@ -712,8 +712,8 @@
  
  #ifdef WITH_PYMALLOC
  
@@ -10,7 +10,7 @@
  
  /* If we're using GCC, use __builtin_expect() to reduce overhead of
     the valgrind checks */
-@@ -1181,7 +1181,7 @@
+@@ -1430,7 +1430,7 @@
  
  #ifdef WITH_VALGRIND
      if (UNLIKELY(running_on_valgrind == -1)) {
diff --git a/external/python3/python-3.3.3-elf-rpath.patch.1 b/external/python3/python-3.3.3-elf-rpath.patch.1
index 55546afd9844..a408858f5917 100644
--- a/external/python3/python-3.3.3-elf-rpath.patch.1
+++ b/external/python3/python-3.3.3-elf-rpath.patch.1
@@ -5,7 +5,7 @@ set RPATH (only to be used on ELF platforms)
 diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in
 --- python3.orig/Makefile.pre.in	2015-07-26 20:29:07.126194320 +0200
 +++ python3/Makefile.pre.in	2015-07-26 20:37:21.814227530 +0200
-@@ -563,7 +563,7 @@
+@@ -566,7 +566,7 @@
  
  # Build the interpreter
  $(BUILDPYTHON):	Programs/python.o $(LIBRARY) $(LDLIBRARY) $(PY3LIBRARY)
@@ -14,7 +14,7 @@ diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in
  
  platform: $(BUILDPYTHON) pybuilddir.txt
  	$(RUNSHARED) $(PYTHON_FOR_BUILD) -c 'import sys ; from sysconfig import get_platform ; print("%s-%d.%d" % (get_platform(), *sys.version_info[:2]))' >platform
-@@ -625,7 +625,7 @@
+@@ -628,7 +628,7 @@
  	fi
  
  libpython3.so:	libpython$(LDVERSION).so
diff --git a/external/python3/python-3.5.4-msvc-disable.patch.1 b/external/python3/python-3.5.4-msvc-disable.patch.1
index 52c007d7d5b6..d5b4e3f6264b 100644
--- a/external/python3/python-3.5.4-msvc-disable.patch.1
+++ b/external/python3/python-3.5.4-msvc-disable.patch.1
@@ -3,7 +3,7 @@ Disable some stuff LO does not need, especially stuff with external dependencies
 diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
 --- python3.orig/PCbuild/pcbuild.sln	2017-08-10 00:04:44.359879894 +0200
 +++ python3/PCbuild/pcbuild.sln	2017-08-10 00:13:51.179873748 +0200
-@@ -12,8 +12,6 @@
+@@ -15,8 +15,6 @@
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pythoncore", "pythoncore.vcxproj", "{CF7AC3D1-E2DF-41D2-BEA6-1E2556CDEA26}"
  EndProject
@@ -12,7 +12,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winsound", "winsound.vcxproj", "{28B5D777-DDF2-4B6B-B34F-31D938813856}"
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_decimal", "_decimal.vcxproj", "{0E9791DB-593A-465F-98BC-681011311617}"
-@@ -28,34 +26,20 @@
+@@ -31,34 +29,20 @@
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_socket", "_socket.vcxproj", "{86937F53-C189-40EF-8CE8-8759D8E7D480}"
  EndProject
@@ -47,7 +47,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_multiprocessing", "_multiprocessing.vcxproj", "{9E48B300-37D1-11DD-8C41-005056C00008}"
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "python3dll", "python3dll.vcxproj", "{885D4898-D08D-4091-9C40-C700CFE3FC5A}"
-@@ -75,8 +75,6 @@
+@@ -93,8 +77,6 @@
  EndProject
  Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_queue", "_queue.vcxproj", "{78D80A15-BD8C-44E2-B49E-1F05B0A0A687}"
  EndProject
diff --git a/external/python3/python-3.5.tweak.strip.soabi.patch b/external/python3/python-3.5.tweak.strip.soabi.patch
index 48ac7f82f8be..4c2bb2bb9a29 100644
--- a/external/python3/python-3.5.tweak.strip.soabi.patch
+++ b/external/python3/python-3.5.tweak.strip.soabi.patch
@@ -1,7 +1,7 @@
 diff -ru python3.orig/configure python3/configure
 --- misc/python3.orig/configure	2015-07-26 21:14:31.127377193 +0200
 +++ misc/python3/configure	2015-07-26 21:21:34.975405648 +0200
-@@ -14388,7 +14388,7 @@
+@@ -15229,7 +15229,7 @@
  $as_echo "$ABIFLAGS" >&6; }
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking SOABI" >&5
  $as_echo_n "checking SOABI... " >&6; }
diff --git a/external/python3/python-3.7.6-msvc-ssl.patch.1 b/external/python3/python-3.7.6-msvc-ssl.patch.1
index 7c4a6ebc0fb7..17cc440f2204 100644
--- a/external/python3/python-3.7.6-msvc-ssl.patch.1
+++ b/external/python3/python-3.7.6-msvc-ssl.patch.1
@@ -2,7 +2,7 @@ No use for applink.c OPENSSL_Applink, everything is compiled with the same MSVC
 
 --- python3/PCbuild/_ssl.vcxproj.orig2	2019-12-23 15:54:19.254298900 +0100
 +++ python3/PCbuild/_ssl.vcxproj	2019-12-23 15:54:24.693251200 +0100
-@@ -67,9 +67,6 @@
+@@ -99,9 +99,6 @@
    </ItemDefinitionGroup>

    <ItemGroup>

      <ClCompile Include="..\Modules\_ssl.c" />

diff --git a/external/python3/ubsan.patch.0 b/external/python3/ubsan.patch.0
index 9f458b1e0f95..d44fbe055c86 100644
--- a/external/python3/ubsan.patch.0
+++ b/external/python3/ubsan.patch.0
@@ -20,7 +20,7 @@
  		This is clc or stc, together with the first byte of the jmp.  */
 --- Modules/posixmodule.c
 +++ Modules/posixmodule.c
-@@ -23,6 +23,9 @@
+@@ -13998,6 +13998,9 @@
  };
  
  static int
@@ -32,7 +32,7 @@
  #ifdef F_OK
 --- Objects/listobject.c
 +++ Objects/listobject.c
-@@ -548,7 +548,7 @@
+@@ -554,7 +554,7 @@
          dest[i] = v;
      }
      src = b->ob_item;