From 72acdb46f62d8ebbc70f7f478f5be155c73ddcda Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Mon, 18 Nov 2019 18:45:46 +0100 Subject: python3: upgrade to release 3.5.9 Fixes CVE-2019-9948 CVE-2019-9740 CVE-2019-10160 CVE-2019-16056 and expat CVE-2019-15903. python-3.3.5-pyexpat-symbols.patch.1 fails to apply, and it's a mystery why --with-system-expat is used everywhere but on MacOSX, where 292af048ace2d4b455b2da3a22c784cb05db1d09 disabled it for no obvious reason, so try to remove the special case and get rid of the patch. Change-Id: I5ba4532eb6e7c2fb90daba95d132dcc7c9013d96 Reviewed-on: https://gerrit.libreoffice.org/83117 Tested-by: Jenkins Reviewed-by: Michael Stahl (cherry picked from commit b0930d56130fdddfe65e92b081a8afad77974076) Reviewed-on: https://gerrit.libreoffice.org/83187 --- configure.ac | 2 +- download.lst | 4 ++-- external/python3/ExternalProject_python3.mk | 6 ++--- external/python3/UnpackedTarball_python3.mk | 1 - .../python3/python-3.3.5-pyexpat-symbols.patch.1 | 28 ---------------------- 5 files changed, 5 insertions(+), 36 deletions(-) delete mode 100644 external/python3/python-3.3.5-pyexpat-symbols.patch.1 diff --git a/configure.ac b/configure.ac index eb8bf78d3cd6..797091af8257 100644 --- a/configure.ac +++ b/configure.ac @@ -8759,7 +8759,7 @@ internal) SYSTEM_PYTHON= PYTHON_VERSION_MAJOR=3 PYTHON_VERSION_MINOR=5 - PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7 + PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.9 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst]) fi diff --git a/download.lst b/download.lst index 502470eb451a..c8b5e0bd8083 100644 --- a/download.lst +++ b/download.lst @@ -210,8 +210,8 @@ export POPPLER_SHA256SUM := 92e09fd3302567fd36146b36bb707db43ce436e8841219025a82 export POPPLER_TARBALL := poppler-0.74.0.tar.xz export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126 export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2 -export PYTHON_SHA256SUM := 285892899bf4d5737fd08482aa6171c6b2564a45b9102dfacfb72826aebdc7dc -export PYTHON_TARBALL := Python-3.5.7.tar.xz +export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 +export PYTHON_TARBALL := Python-3.5.9.tar.xz export QRCODEGEN_SHA256SUM := fcdf9fd69fde07ae4dca2351d84271a9de8093002f733b77c70f52f1630f6e4a export QRCODEGEN_TARBALL := QR-Code-generator-1.4.0.tar.gz export QXP_SHA256SUM := e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c diff --git a/external/python3/ExternalProject_python3.mk b/external/python3/ExternalProject_python3.mk index dafeb1ca5ae8..b03b09a83bc4 100644 --- a/external/python3/ExternalProject_python3.mk +++ b/external/python3/ExternalProject_python3.mk @@ -44,9 +44,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) : else -# this was added in 2004, hopefully is obsolete now (and why only intel anyway)? $(if $(filter SOLARIS-INTEL,$(OS)$(CPUNAME)),--disable-ipv6) - -# --with-system-expat: this should find the one in the solver (or system) +# --with-system-expat: this should find the one in the workdir (or system) # create a symlink "LO_lib" because the .so are in a directory with platform # specific name like build/lib.linux-x86_64-3.3 @@ -68,7 +66,7 @@ $(call gb_ExternalProject_get_state_target,python3,build) : $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(ENABLE_VALGRIND),--with-valgrind) \ --prefix=/python-inst \ - $(if $(filter MACOSX,$(OS)),,--with-system-expat) \ + --with-system-expat \ $(if $(filter AIX,$(OS)), \ --disable-ipv6 --with-threads OPT="-g0 -fwrapv -O3 -Wall", \ $(if $(gb_Module_CURRENTMODULE_DEBUG_ENABLED), \ diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk index 09bd9fa2edf6..29d417e57833 100644 --- a/external/python3/UnpackedTarball_python3.mk +++ b/external/python3/UnpackedTarball_python3.mk @@ -23,7 +23,6 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\ external/python3/python-3.5.4-msvc-disable.patch.1 \ external/python3/python-3.3.0-pythreadstate.patch.1 \ external/python3/python-3.3.0-clang.patch.1 \ - external/python3/python-3.3.5-pyexpat-symbols.patch.1 \ external/python3/ubsan.patch.0 \ external/python3/python-3.5.tweak.strip.soabi.patch \ external/python3/darwin.patch.0 \ diff --git a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 b/external/python3/python-3.3.5-pyexpat-symbols.patch.1 deleted file mode 100644 index c04c78cf36e7..000000000000 --- a/external/python3/python-3.3.5-pyexpat-symbols.patch.1 +++ /dev/null @@ -1,28 +0,0 @@ -HACK: Fix build breakage on MacOS: - -*** WARNING: renaming "pyexpat" since importing it failed: dlopen(build/lib.macosx-10.6-i386-3.3/pyexpat.so, 2): Symbol not found: _XML_ErrorString - -This reverts c242a8f30806 from the python hg repo: - -restore namespacing of pyexpat symbols (closes #19186) - - -See http://bugs.python.org/issue19186#msg214069 - -The recommendation to include Modules/inc at first broke the Linux build... - -So do it this way, as it was before. Needs some realignment later. - ---- python3/Modules/expat/expat_external.h -+++ python3/Modules/expat/expat_external.h -@@ -7,10 +7,6 @@ - - /* External API definitions */ - --/* Namespace external symbols to allow multiple libexpat version to -- co-exist. */ --#include "pyexpatns.h" -- - #if defined(_MSC_EXTENSIONS) && !defined(__BEOS__) && !defined(__CYGWIN__) - #define XML_USE_MSC_EXTENSIONS 1 - #endif -- cgit