From 7023bab44027f27b55d496e1ce338740a227fa73 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Fri, 9 Dec 2022 11:51:22 +0100 Subject: python3: upgrade to release 3.8.16 Fixes CVE-2022-37454 and a few other ones that look less relevant including CVE-2022-45061 and CVE-2015-20107. Change-Id: I10fd254f7f0801d47119234bb3436874e98d8c91 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143849 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit 05f55b3898407828bb24347be56247f58803f7bb) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143859 Reviewed-by: Xisco Fauli --- configure.ac | 2 +- download.lst | 4 +- ...-Disable-external-entities-in-SAX-parse.patch.1 | 59 ------- external/python3/ExternalProject_python3.mk | 2 +- external/python3/UnpackedTarball_python3.mk | 1 + external/python3/darwin.patch.0 | 12 -- external/python3/i100492-freebsd.patch.1 | 6 +- external/python3/internal-zlib.patch.0 | 6 +- external/python3/macos-11.patch.0 | 6 +- external/python3/python-3.3.0-darwin.patch.1 | 4 +- .../python3/python-3.3.3-disable-obmalloc.patch.0 | 4 +- external/python3/python-3.3.3-elf-rpath.patch.1 | 4 +- external/python3/python-3.5.4-msvc-disable.patch.1 | 6 +- .../python3/python-3.5.tweak.strip.soabi.patch | 2 +- external/python3/python-3.7.6-msvc-ssl.patch.1 | 2 +- external/python3/python-3.8-msvc-sdk.patch.1 | 173 +++++++++++++++++++++ external/python3/ubsan.patch.0 | 4 +- 17 files changed, 200 insertions(+), 97 deletions(-) delete mode 100644 external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 create mode 100644 external/python3/python-3.8-msvc-sdk.patch.1 diff --git a/configure.ac b/configure.ac index 56872ba94285..731bcd4fb0d3 100644 --- a/configure.ac +++ b/configure.ac @@ -9712,7 +9712,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=8 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.10 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.16 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index 325aa3af680f..9b29751f82d7 100644 --- a/download.lst +++ b/download.lst @@ -222,8 +222,8 @@ export POPPLER_DATA_SHA256SUM := 6e2fcef66ec8c44625f94292ccf8af9f1d918b410d5aa69 export POPPLER_DATA_TARBALL := poppler-data-0.4.10.tar.gz export POSTGRESQL_SHA256SUM := 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3 export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2 -export PYTHON_SHA256SUM := 6af24a66093dd840bcccf371d4044a3027e655cf24591ce26e48022bc79219d9 -export PYTHON_TARBALL := Python-3.8.10.tar.xz +export PYTHON_SHA256SUM := d85dbb3774132473d8081dcb158f34a10ccad7a90b96c7e50ea4bb61f5ce4562 +export PYTHON_TARBALL := Python-3.8.16.tar.xz export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c export QXP_TARBALL := libqxp-0.0.2.tar.xz export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed diff --git a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 deleted file mode 100644 index 489e5d0e89ee..000000000000 --- a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1 +++ /dev/null @@ -1,59 +0,0 @@ -From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001 -From: Christian Heimes -Date: Mon, 24 Sep 2018 14:38:31 +0200 -Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser - (GH-9217) (GH-9512) - -The SAX parser no longer processes general external entities by default -to increase security. Before, the parser created network connections -to fetch remote files or loaded local files from the file system for DTD -and entities. - -Signed-off-by: Christian Heimes - -https://bugs.python.org/issue17239. -(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45) - -Co-authored-by: Christian Heimes - - - -https://bugs.python.org/issue17239 ---- - Doc/library/xml.dom.pulldom.rst | 14 +++++ - Doc/library/xml.rst | 6 +- - Doc/library/xml.sax.rst | 8 +++ - Doc/whatsnew/3.6.rst | 18 +++++- - Lib/test/test_pulldom.py | 7 +++ - Lib/test/test_sax.py | 60 ++++++++++++++++++- - Lib/test/test_xml_etree.py | 13 ++++ - Lib/xml/sax/expatreader.py | 2 +- - .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst | 3 + - 9 files changed, 125 insertions(+), 6 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst - -diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py -index 421358fa5b..5066ffc2fa 100644 ---- a/Lib/xml/sax/expatreader.py -+++ b/Lib/xml/sax/expatreader.py -@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, xmlreader.Locator): - self._lex_handler_prop = None - self._parsing = 0 - self._entity_stack = [] -- self._external_ges = 1 -+ self._external_ges = 0 - self._interning = None - - # XMLReader methods -diff --git a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst -new file mode 100644 -index 0000000000..8dd0fe8c1b ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst -@@ -0,0 +1,3 @@ -+The xml.sax and xml.dom.minidom parsers no longer processes external -+entities by default. External DTD and ENTITY declarations no longer -+load files or create network connections. --- -2.20.1 - diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk index 807b3875d8b2..dc268e8bb619 100644 --- a/external/python3/ExternalProject_python3.mk +++ b/external/python3/ExternalProject_python3.mk @@ -154,7 +154,7 @@ $(call gb_ExternalProject_get_state_target,python3,fixscripts) : $(call gb_Exter pydoc$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR) \ python$(PYTHON_VERSION_MAJOR).$(PYTHON_VERSION_MINOR)-config \ ; do { rm "$$file" && $(gb_AWK) '\ - BEGIN {print "#!/bin/bash\n\ + BEGIN {print "#!/usr/bin/env bash\n\ origpath=$$(pwd)\n\ bindir=$$(cd $$(dirname \"$$0\") ; pwd)\n\ cd \"$$origpath\"\n\ diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index af514446fff2..31b6a166e6ae 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -21,6 +21,7 @@ $(eval $(call gb_UnpackedTarball_fix_end_of_line,python3,\ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/i100492-freebsd.patch.1 \ external/python3/python-3.3.0-darwin.patch.1 \ + external/python3/python-3.8-msvc-sdk.patch.1 \ external/python3/python-3.7.6-msvc-ssl.patch.1 \ external/python3/python-3.5.4-msvc-disable.patch.1 \ external/python3/ubsan.patch.0 \ diff --git a/external/python3/darwin.patch.0 b/external/python3/darwin.patch.0 index 30d20ed57578..139cdc9780bb 100644 --- a/external/python3/darwin.patch.0 +++ b/external/python3/darwin.patch.0 @@ -8,15 +8,3 @@ .text /* ffi_call_unix64 (void *args, unsigned long bytes, unsigned flags, ---- configure -+++ configure -@@ -5167,7 +5167,9 @@ - fi - - -+if test "$(uname -s)" = Darwin; then MULTIARCH=; else - MULTIARCH=$($CC --print-multiarch 2>/dev/null) -+fi - - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the platform triplet based on compiler characteristics" >&5 diff --git a/external/python3/i100492-freebsd.patch.1 b/external/python3/i100492-freebsd.patch.1 index 074e5fc489f8..b2ca1ee7117f 100644 --- a/external/python3/i100492-freebsd.patch.1 +++ b/external/python3/i100492-freebsd.patch.1 @@ -2,7 +2,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org --- Python-3.3.0/Python/thread_pthread.h 2012-11-28 09:00:41.097955124 +0000 +++ Python-3.3.0/Python/thread_pthread.h 2012-11-28 09:01:13.018329351 +0000 -@@ -186,6 +189,9 @@ +@@ -238,6 +238,9 @@ { pthread_t th; int status; @@ -12,7 +12,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org #if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED) pthread_attr_t attrs; #endif -@@ -214,6 +220,10 @@ +@@ -277,6 +280,10 @@ callback->func = func; callback->arg = arg; @@ -23,7 +23,7 @@ FreeBSD porting fixes, patch by maho@openoffice.org status = pthread_create(&th, #if defined(THREAD_STACK_SIZE) || defined(PTHREAD_SYSTEM_SCHED_SUPPORTED) &attrs, -@@ -225,6 +234,9 @@ +@@ -285,6 +292,9 @@ #endif pythread_wrapper, callback); diff --git a/external/python3/internal-zlib.patch.0 b/external/python3/internal-zlib.patch.0 index de68d9e7dec8..27bb737db0c7 100644 --- a/external/python3/internal-zlib.patch.0 +++ b/external/python3/internal-zlib.patch.0 @@ -19,7 +19,7 @@ --- setup.py +++ setup.py -@@ -1362,7 +1362,7 @@ +@@ -1483,7 +1483,7 @@ # # You can upgrade zlib to version 1.1.4 yourself by going to # http://www.gzip.org/zlib/ @@ -28,7 +28,7 @@ have_zlib = False if zlib_inc is not None: zlib_h = zlib_inc[0] + '/zlib.h' -@@ -1379,13 +1379,13 @@ +@@ -1500,13 +1500,13 @@ version = line.split()[2] break if version >= version_req: @@ -44,7 +44,7 @@ extra_link_args=zlib_extra_link_args)) have_zlib = True else: -@@ -1399,7 +1399,7 @@ +@@ -1520,7 +1520,7 @@ # crc32 if we have it. Otherwise binascii uses its own. if have_zlib: extra_compile_args = ['-DUSE_ZLIB_CRC32'] diff --git a/external/python3/macos-11.patch.0 b/external/python3/macos-11.patch.0 index e2f13ac4c426..2c8b419bbdb9 100644 --- a/external/python3/macos-11.patch.0 +++ b/external/python3/macos-11.patch.0 @@ -1,6 +1,6 @@ --- setup.py +++ setup.py -@@ -670,7 +670,10 @@ +@@ -655,7 +655,10 @@ add_dir_to_list(self.compiler.include_dirs, sysconfig.get_config_var("INCLUDEDIR")) @@ -14,7 +14,7 @@ # if a file is found in one of those directories, it can --- Modules/_posixsubprocess.c +++ Modules/_posixsubprocess.c -@@ -31,6 +31,8 @@ +@@ -30,6 +30,8 @@ # define SYS_getdents64 __NR_getdents64 #endif @@ -23,7 +23,7 @@ #if defined(__sun) && defined(__SVR4) /* readdir64 is used to work around Solaris 9 bug 6395699. */ # define readdir readdir64 -@@ -202,7 +202,7 @@ +@@ -201,7 +203,7 @@ #endif #ifdef _SC_OPEN_MAX local_max_fd = sysconf(_SC_OPEN_MAX); diff --git a/external/python3/python-3.3.0-darwin.patch.1 b/external/python3/python-3.3.0-darwin.patch.1 index 27a355e2ad21..39d3c9180a19 100644 --- a/external/python3/python-3.3.0-darwin.patch.1 +++ b/external/python3/python-3.3.0-darwin.patch.1 @@ -5,7 +5,7 @@ LO needs to build both against MacOSX SDK and not produce universal binaries. diff -ru python3.orig/configure python3/configure --- python3.orig/configure 2015-07-26 17:36:11.808497783 +0200 +++ python3/configure 2015-07-26 17:38:49.016508337 +0200 -@@ -6794,7 +6794,20 @@ +@@ -7385,7 +7385,20 @@ then case "$UNIVERSAL_ARCHS" in 32-bit) @@ -30,7 +30,7 @@ diff -ru python3.orig/configure python3/configure diff -ru python3.orig/Mac/Makefile.in python3/Mac/Makefile.in --- python3.orig/Mac/Makefile.in 2015-07-05 18:50:07.000000000 +0200 +++ python3/Mac/Makefile.in 2015-07-26 17:40:14.860514100 +0200 -@@ -43,7 +43,7 @@ +@@ -44,7 +44,7 @@ INSTALL_SCRIPT= @INSTALL_SCRIPT@ INSTALL_DATA=@INSTALL_DATA@ LN=@LN@ diff --git a/external/python3/python-3.3.3-disable-obmalloc.patch.0 b/external/python3/python-3.3.3-disable-obmalloc.patch.0 index 0963a5f1bb1d..c4a1dea61ecf 100644 --- a/external/python3/python-3.3.3-disable-obmalloc.patch.0 +++ b/external/python3/python-3.3.3-disable-obmalloc.patch.0 @@ -1,6 +1,6 @@ --- Objects/obmalloc.c +++ Objects/obmalloc.c -@@ -413,8 +413,8 @@ +@@ -712,8 +712,8 @@ #ifdef WITH_PYMALLOC @@ -10,7 +10,7 @@ /* If we're using GCC, use __builtin_expect() to reduce overhead of the valgrind checks */ -@@ -1181,7 +1181,7 @@ +@@ -1430,7 +1430,7 @@ #ifdef WITH_VALGRIND if (UNLIKELY(running_on_valgrind == -1)) { diff --git a/external/python3/python-3.3.3-elf-rpath.patch.1 b/external/python3/python-3.3.3-elf-rpath.patch.1 index 55546afd9844..a408858f5917 100644 --- a/external/python3/python-3.3.3-elf-rpath.patch.1 +++ b/external/python3/python-3.3.3-elf-rpath.patch.1 @@ -5,7 +5,7 @@ set RPATH (only to be used on ELF platforms) diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in --- python3.orig/Makefile.pre.in 2015-07-26 20:29:07.126194320 +0200 +++ python3/Makefile.pre.in 2015-07-26 20:37:21.814227530 +0200 -@@ -563,7 +563,7 @@ +@@ -566,7 +566,7 @@ # Build the interpreter $(BUILDPYTHON): Programs/python.o $(LIBRARY) $(LDLIBRARY) $(PY3LIBRARY) @@ -14,7 +14,7 @@ diff -ru python3.orig/Makefile.pre.in python3/Makefile.pre.in platform: $(BUILDPYTHON) pybuilddir.txt $(RUNSHARED) $(PYTHON_FOR_BUILD) -c 'import sys ; from sysconfig import get_platform ; print("%s-%d.%d" % (get_platform(), *sys.version_info[:2]))' >platform -@@ -625,7 +625,7 @@ +@@ -628,7 +628,7 @@ fi libpython3.so: libpython$(LDVERSION).so diff --git a/external/python3/python-3.5.4-msvc-disable.patch.1 b/external/python3/python-3.5.4-msvc-disable.patch.1 index 52c007d7d5b6..d5b4e3f6264b 100644 --- a/external/python3/python-3.5.4-msvc-disable.patch.1 +++ b/external/python3/python-3.5.4-msvc-disable.patch.1 @@ -3,7 +3,7 @@ Disable some stuff LO does not need, especially stuff with external dependencies diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln --- python3.orig/PCbuild/pcbuild.sln 2017-08-10 00:04:44.359879894 +0200 +++ python3/PCbuild/pcbuild.sln 2017-08-10 00:13:51.179873748 +0200 -@@ -12,8 +12,6 @@ +@@ -15,8 +15,6 @@ EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pythoncore", "pythoncore.vcxproj", "{CF7AC3D1-E2DF-41D2-BEA6-1E2556CDEA26}" EndProject @@ -12,7 +12,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "winsound", "winsound.vcxproj", "{28B5D777-DDF2-4B6B-B34F-31D938813856}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_decimal", "_decimal.vcxproj", "{0E9791DB-593A-465F-98BC-681011311617}" -@@ -28,34 +26,20 @@ +@@ -31,34 +29,20 @@ EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_socket", "_socket.vcxproj", "{86937F53-C189-40EF-8CE8-8759D8E7D480}" EndProject @@ -47,7 +47,7 @@ diff -ru python3.orig/PCbuild/pcbuild.sln python3/PCbuild/pcbuild.sln Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_multiprocessing", "_multiprocessing.vcxproj", "{9E48B300-37D1-11DD-8C41-005056C00008}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "python3dll", "python3dll.vcxproj", "{885D4898-D08D-4091-9C40-C700CFE3FC5A}" -@@ -75,8 +75,6 @@ +@@ -93,8 +77,6 @@ EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "_queue", "_queue.vcxproj", "{78D80A15-BD8C-44E2-B49E-1F05B0A0A687}" EndProject diff --git a/external/python3/python-3.5.tweak.strip.soabi.patch b/external/python3/python-3.5.tweak.strip.soabi.patch index 48ac7f82f8be..4c2bb2bb9a29 100644 --- a/external/python3/python-3.5.tweak.strip.soabi.patch +++ b/external/python3/python-3.5.tweak.strip.soabi.patch @@ -1,7 +1,7 @@ diff -ru python3.orig/configure python3/configure --- misc/python3.orig/configure 2015-07-26 21:14:31.127377193 +0200 +++ misc/python3/configure 2015-07-26 21:21:34.975405648 +0200 -@@ -14388,7 +14388,7 @@ +@@ -15229,7 +15229,7 @@ $as_echo "$ABIFLAGS" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking SOABI" >&5 $as_echo_n "checking SOABI... " >&6; } diff --git a/external/python3/python-3.7.6-msvc-ssl.patch.1 b/external/python3/python-3.7.6-msvc-ssl.patch.1 index 7c4a6ebc0fb7..17cc440f2204 100644 --- a/external/python3/python-3.7.6-msvc-ssl.patch.1 +++ b/external/python3/python-3.7.6-msvc-ssl.patch.1 @@ -2,7 +2,7 @@ No use for applink.c OPENSSL_Applink, everything is compiled with the same MSVC --- python3/PCbuild/_ssl.vcxproj.orig2 2019-12-23 15:54:19.254298900 +0100 +++ python3/PCbuild/_ssl.vcxproj 2019-12-23 15:54:24.693251200 +0100 -@@ -67,9 +67,6 @@ +@@ -99,9 +99,6 @@ diff --git a/external/python3/python-3.8-msvc-sdk.patch.1 b/external/python3/python-3.8-msvc-sdk.patch.1 new file mode 100644 index 000000000000..fabdbb53ea63 --- /dev/null +++ b/external/python3/python-3.8-msvc-sdk.patch.1 @@ -0,0 +1,173 @@ +diff --git a/PC/pylauncher.rc b/PC/pylauncher.rc +index 92987af713..d21f9b6e9d 100644 +--- a/PC/pylauncher.rc ++++ b/PC/pylauncher.rc +@@ -4,7 +4,6 @@ + + // Include the manifest file that indicates we support all + // current versions of Windows. +-#include + 1 RT_MANIFEST "python.manifest" + + #if defined(PY_ICON) +diff --git a/PC/pyshellext.rc b/PC/pyshellext.rc +index e5924a42da..fc607e9784 100644 +--- a/PC/pyshellext.rc ++++ b/PC/pyshellext.rc +@@ -4,7 +4,6 @@ + + // Include the manifest file that indicates we support all + // current versions of Windows. +-#include + 1 RT_MANIFEST "python.manifest" + + ///////////////////////////////////////////////////////////////////////////// +diff --git a/PC/python_exe.rc b/PC/python_exe.rc +index ae0b029b80..5eba89962b 100644 +--- a/PC/python_exe.rc ++++ b/PC/python_exe.rc +@@ -4,7 +4,6 @@ + + // Include the manifest file that indicates we support all + // current versions of Windows. +-#include + 1 RT_MANIFEST "python.manifest" + + 1 ICON DISCARDABLE "icons\python.ico" +diff --git a/PC/python_nt.rc b/PC/python_nt.rc +index fac6105d8a..33cee42cb7 100644 +--- a/PC/python_nt.rc ++++ b/PC/python_nt.rc +@@ -4,7 +4,6 @@ + + // Include the manifest file that indicates we support all + // current versions of Windows. +-#include + 2 RT_MANIFEST "python.manifest" + + // String Tables +diff --git a/PC/pythonw_exe.rc b/PC/pythonw_exe.rc +index 88bf3592e1..562652be18 100644 +--- a/PC/pythonw_exe.rc ++++ b/PC/pythonw_exe.rc +@@ -4,7 +4,6 @@ + + // Include the manifest file that indicates we support all + // current versions of Windows. +-#include + 1 RT_MANIFEST "python.manifest" + + 1 ICON DISCARDABLE "icons\pythonw.ico" +diff --git a/PC/sqlite3.rc b/PC/sqlite3.rc +index 84bd87d9d5..d2c18f8add 100644 +--- a/PC/sqlite3.rc ++++ b/PC/sqlite3.rc +@@ -4,7 +4,6 @@ + + // Include the manifest file that indicates we support all + // current versions of Windows. +-#include + 2 RT_MANIFEST "python.manifest" + + ///////////////////////////////////////////////////////////////////////////// +diff --git a/PC/pylauncher.rc b/PC/pylauncher.rc +index d21f9b6e9d..ff7e71e0fd 100644 +--- a/PC/pylauncher.rc ++++ b/PC/pylauncher.rc +@@ -2,6 +2,11 @@ + + #include "python_ver_rc.h" + ++#ifndef RT_MANIFEST ++// bpo-45220: Cannot reliably #include RT_MANIFEST from ++// anywhere, so we hardcode it ++#define RT_MANIFEST 24 ++#endif + // Include the manifest file that indicates we support all + // current versions of Windows. + 1 RT_MANIFEST "python.manifest" +diff --git a/PC/pyshellext.rc b/PC/pyshellext.rc +index fc607e9784..af797ce95d 100644 +--- a/PC/pyshellext.rc ++++ b/PC/pyshellext.rc +@@ -2,6 +2,12 @@ + + #include "python_ver_rc.h" + ++#ifndef RT_MANIFEST ++// bpo-45220: Cannot reliably #include RT_MANIFEST from ++// anywhere, so we hardcode it ++#define RT_MANIFEST 24 ++#endif ++ + // Include the manifest file that indicates we support all + // current versions of Windows. + 1 RT_MANIFEST "python.manifest" +diff --git a/PC/python_exe.rc b/PC/python_exe.rc +index 5eba89962b..c3d3bff019 100644 +--- a/PC/python_exe.rc ++++ b/PC/python_exe.rc +@@ -2,6 +2,12 @@ + + #include "python_ver_rc.h" + ++#ifndef RT_MANIFEST ++// bpo-45220: Cannot reliably #include RT_MANIFEST from ++// anywhere, so we hardcode it ++#define RT_MANIFEST 24 ++#endif ++ + // Include the manifest file that indicates we support all + // current versions of Windows. + 1 RT_MANIFEST "python.manifest" +diff --git a/PC/python_nt.rc b/PC/python_nt.rc +index 33cee42cb7..539362cdc2 100644 +--- a/PC/python_nt.rc ++++ b/PC/python_nt.rc +@@ -2,6 +2,12 @@ + + #include "python_ver_rc.h" + ++#ifndef RT_MANIFEST ++// bpo-45220: Cannot reliably #include RT_MANIFEST from ++// anywhere, so we hardcode it ++#define RT_MANIFEST 24 ++#endif ++ + // Include the manifest file that indicates we support all + // current versions of Windows. + 2 RT_MANIFEST "python.manifest" +diff --git a/PC/pythonw_exe.rc b/PC/pythonw_exe.rc +index 562652be18..38570b74fa 100644 +--- a/PC/pythonw_exe.rc ++++ b/PC/pythonw_exe.rc +@@ -2,6 +2,12 @@ + + #include "python_ver_rc.h" + ++#ifndef RT_MANIFEST ++// bpo-45220: Cannot reliably #include RT_MANIFEST from ++// anywhere, so we hardcode it ++#define RT_MANIFEST 24 ++#endif ++ + // Include the manifest file that indicates we support all + // current versions of Windows. + 1 RT_MANIFEST "python.manifest" +diff --git a/PC/sqlite3.rc b/PC/sqlite3.rc +index d2c18f8add..9ae2aa0f6f 100644 +--- a/PC/sqlite3.rc ++++ b/PC/sqlite3.rc +@@ -2,6 +2,12 @@ + + #include + ++#ifndef RT_MANIFEST ++// bpo-45220: Cannot reliably #include RT_MANIFEST from ++// anywhere, so we hardcode it ++#define RT_MANIFEST 24 ++#endif ++ + // Include the manifest file that indicates we support all + // current versions of Windows. + 2 RT_MANIFEST "python.manifest" diff --git a/external/python3/ubsan.patch.0 b/external/python3/ubsan.patch.0 index 9f458b1e0f95..d44fbe055c86 100644 --- a/external/python3/ubsan.patch.0 +++ b/external/python3/ubsan.patch.0 @@ -20,7 +20,7 @@ This is clc or stc, together with the first byte of the jmp. */ --- Modules/posixmodule.c +++ Modules/posixmodule.c -@@ -23,6 +23,9 @@ +@@ -13998,6 +13998,9 @@ }; static int @@ -32,7 +32,7 @@ #ifdef F_OK --- Objects/listobject.c +++ Objects/listobject.c -@@ -548,7 +548,7 @@ +@@ -554,7 +554,7 @@ dest[i] = v; } src = b->ob_item; -- cgit