core.git: Branch 'distro/collabora/co-23.05' - 3 commits - configure.ac download.lst external/expat

[Andras Timar (via logerrit)]

 configure.ac|4 +-
 download.lst|8 ++--
 external/expat/0001-Fix-compiler-warnings.patch |   47 
 external/expat/UnpackedTarball_expat.mk |3 -
 4 files changed, 6 insertions(+), 56 deletions(-)

New commits:
commit 7e698f51550e366e76fadd19eea5461a70140043
Author: Andras Timar 
AuthorDate: Mon Mar 25 18:51:16 2024 +0100
Commit: Andras Timar 
CommitDate: Mon Mar 25 20:20:16 2024 +0100

Bump version to 23.05.10.1

Change-Id: I44284fe9816161a4ec98d1ee079cfde84951c421

diff --git a/configure.ac b/configure.ac
index 665e59b9a1f3..ea178f56c8e4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
 # several non-alphanumeric characters, those are split off and used only for 
the
 # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no 
idea.
 
-AC_INIT([Collabora Office],[23.05.9.4],[],[],[https://collaboraoffice.com/])
+AC_INIT([Collabora Office],[23.05.10.1],[],[],[https://collaboraoffice.com/])
 
 dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just 
fine if it is installed
 dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails 
hard
commit 64ea22d83d791351f33d6d30a8036bd7b1c36b96
Author: Michael Stahl 
AuthorDate: Wed Mar 20 10:52:09 2024 +0100
Commit: Andras Timar 
CommitDate: Mon Mar 25 20:20:16 2024 +0100

python3: upgrade to release 3.8.19

Fixes CVE-2023-6597 and also CVE-2024-0450

Change-Id: Iebca2608e16a966356736201c63f1be5185430d4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165053
Tested-by: Jenkins
Reviewed-by: Michael Stahl 
(cherry picked from commit 0633e4b4205334dd65ec64d7f3e306ee125e31be)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165009
Reviewed-by: Xisco Fauli 

diff --git a/configure.ac b/configure.ac
index e512feac736f..665e59b9a1f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10002,7 +10002,7 @@ if test \( "$cross_compiling" = yes -a -z 
"$PYTHON_FOR_BUILD" \) -o "$enable_pyt
 SYSTEM_PYTHON=
 PYTHON_VERSION_MAJOR=3
 PYTHON_VERSION_MINOR=8
-PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.18
+PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.19
 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
 AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in 
download.lst])
 fi
diff --git a/download.lst b/download.lst
index 75b05604496a..0f41363c1b28 100644
--- a/download.lst
+++ b/download.lst
@@ -534,8 +534,8 @@ POSTGRESQL_TARBALL := postgresql-13.10.tar.bz2
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
-PYTHON_SHA256SUM := 
3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f
-PYTHON_TARBALL := Python-3.8.18.tar.xz
+PYTHON_SHA256SUM := 
d2807ac69f69b84fd46a0b93bbd02a4fa48d3e70f4b2835ff0f72a2885040076
+PYTHON_TARBALL := Python-3.8.19.tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
commit 2f92cb37f7df574d0e6322107d01b000933a52cc
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Fri Mar 22 13:43:14 2024 +0100
Commit: Andras Timar 
CommitDate: Mon Mar 25 20:20:16 2024 +0100

Expat: upgrade to release 2.6.2

Fixes CVE-2024-28757

Change-Id: Id85044fa9d8eda922425e580e9d6979f6563e98a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165129
Tested-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit 370ca73a45b291e172918b4c8fcbc37ccaa434cf)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165177
Tested-by: Jenkins
Reviewed-by: Xisco Fauli 

diff --git a/download.lst b/download.lst
index 1145fa8d08e1..75b05604496a 100644
--- a/download.lst
+++ b/download.lst
@@ -106,8 +106,8 @@ ETONYEK_TARBALL := 
libetonyek-0.1.$(ETONYEK_VERSION_MICRO).tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
-EXPAT_SHA256SUM := 
cb5f5a8ea211e1cabd59be0a933a52e3c02cc326e86a4d387d8d218e7ee47a3e
-EXPAT_TARBALL := expat-2.6.0.tar.xz
+EXPAT_SHA256SUM := 
ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364
+EXPAT_TARBALL := expat-2.6.2.tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
diff --git a/external/expat/0001-Fix-compiler-warnings.patch 
b/external/expat/0001-Fix-compiler-warnings.patch
deleted file mode 100644
index adec5ed0d9be..
--- a/external/expat/0001-Fix-compiler-warnings.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 3f60a47cb5716bb810789a12ef6024c1dc448164 Mon Sep 17 00:00:00 2001
-From: Taichi Haradaguchi <20001...@ymail.ne.jp>
-Date: Fri, 9 Feb 2024 19:28:35 +0900
-Subject: [PATCH] Fix compiler warnings
-
-> In file included from ./../lib/internal.h:149,
->

core.git: Branch 'distro/collabora/co-23.05' - 3 commits - configure.ac download.lst

[Andras Timar (via logerrit)]

 configure.ac |2 +-
 download.lst |4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

New commits:
commit 7e4f6df850ffb9488eff7aa5f3e548052ae57062
Author: Andras Timar 
AuthorDate: Wed Jan 31 17:27:55 2024 +0100
Commit: Andras Timar 
CommitDate: Wed Jan 31 17:27:55 2024 +0100

Bump version to 23.05.8.3

Change-Id: I557f4fdee141abecdd56f3ed4f48c69fae6cdc08

diff --git a/configure.ac b/configure.ac
index 8e06687ee26c..6fe4f08d4c31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -9,7 +9,7 @@ dnl in order to create a configure script.
 # several non-alphanumeric characters, those are split off and used only for 
the
 # ABOUTBOXPRODUCTVERSIONSUFFIX in openoffice.lst. Why that is necessary, no 
idea.
 
-AC_INIT([Collabora Office],[23.05.8.2],[],[],[https://collaboraoffice.com/])
+AC_INIT([Collabora Office],[23.05.8.3],[],[],[https://collaboraoffice.com/])
 
 dnl libnumbertext needs autoconf 2.68, but that can pick up autoconf268 just 
fine if it is installed
 dnl whereas aclocal (as run by autogen.sh) insists on using autoconf and fails 
hard
commit a990e726efb2bcb4cb8de9aaade0f35e429ea330
Author: Michael Stahl 
AuthorDate: Wed Jan 31 10:30:18 2024 +0100
Commit: Andras Timar 
CommitDate: Wed Jan 31 17:27:20 2024 +0100

curl: upgrade to release 8.6.0

Fixes CVE-2024-0853

Change-Id: Iabba0748f7c48ee03a8223aef9ca81bf379738e9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162793
Tested-by: Jenkins
Reviewed-by: Michael Stahl 
(cherry picked from commit 9667ea7e274c4e29cf7c35d9e124a8fbcb2af3da)

diff --git a/download.lst b/download.lst
index 5ce7604e1f32..7555fe0ba249 100644
--- a/download.lst
+++ b/download.lst
@@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
-CURL_SHA256SUM := 
42ab8db9e20d8290a3b633e7fbb3cec15db34df65fd1015ef8ac1e4723750eeb
-CURL_TARBALL := curl-8.5.0.tar.xz
+CURL_SHA256SUM := 
3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15
+CURL_TARBALL := curl-8.6.0.tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
commit 04eddbaa4530d75c4984125dab7bb3f58113a3ff
Author: Michael Stahl 
AuthorDate: Mon Dec 11 13:07:22 2023 +0100
Commit: Andras Timar 
CommitDate: Wed Jan 31 17:27:20 2024 +0100

curl: upgrade to release 8.5.0

Fixes CVE-2023-46218 (cookies apparently used by libcmis)

Change-Id: I6f903ab63589d3318c0cc7d47f5183f7ae55f52b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160592
Tested-by: Jenkins
Reviewed-by: Michael Stahl 
(cherry picked from commit 0a2df11fb563177951db1e8890d67cee8d44246a)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160577
Reviewed-by: Xisco Fauli 

diff --git a/download.lst b/download.lst
index 0a5bc2fb6fcf..5ce7604e1f32 100644
--- a/download.lst
+++ b/download.lst
@@ -75,8 +75,8 @@ CPPUNIT_TARBALL := cppunit-1.15.1.tar.gz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
-CURL_SHA256SUM := 
16c62a9c4af0f703d28bda6d7bbf37ba47055ad3414d70dec63e2e6336f2a82d
-CURL_TARBALL := curl-8.4.0.tar.xz
+CURL_SHA256SUM := 
42ab8db9e20d8290a3b633e7fbb3cec15db34df65fd1015ef8ac1e4723750eeb
+CURL_TARBALL := curl-8.5.0.tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts