core.git: Branch 'distro/cib/libreoffice-6-4' - configure.ac download.lst

2024-03-20 Thread Michael Stahl (via logerrit) 
 configure.ac |2 +-
 download.lst |4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

New commits:
commit d96f1f068a46187e3138e74933fa412e52ef0e55
Author: Michael Stahl 
AuthorDate: Wed Mar 20 10:52:09 2024 +0100
Commit: Michael Stahl 
CommitDate: Wed Mar 20 21:53:57 2024 +0100

python3: upgrade to release 3.8.19

Fixes CVE-2023-6597 and also CVE-2024-0450

Change-Id: Iebca2608e16a966356736201c63f1be5185430d4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165053
Tested-by: Jenkins
Reviewed-by: Michael Stahl 
(cherry picked from commit 0633e4b4205334dd65ec64d7f3e306ee125e31be)

diff --git a/configure.ac b/configure.ac
index 6121d25e6b41..4b7de8d43669 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8796,7 +8796,7 @@ internal)
 SYSTEM_PYTHON=
 PYTHON_VERSION_MAJOR=3
 PYTHON_VERSION_MINOR=8
-PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.18
+PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.19
 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
 AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in 
download.lst])
 fi
diff --git a/download.lst b/download.lst
index 79bf14911ba0..4353d04acf67 100644
--- a/download.lst
+++ b/download.lst
@@ -480,8 +480,8 @@ POSTGRESQL_TARBALL := postgresql-13.10.tar.bz2
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts
-PYTHON_SHA256SUM := 
3ffb71cd349a326ba7b2fadc7e7df86ba577dd9c4917e52a8401adbda7405e3f
-PYTHON_TARBALL := Python-3.8.18.tar.xz
+PYTHON_SHA256SUM := 
d2807ac69f69b84fd46a0b93bbd02a4fa48d3e70f4b2835ff0f72a2885040076
+PYTHON_TARBALL := Python-3.8.19.tar.xz
 # three static lines
 # so that git cherry-pick
 # will not run into conflicts

[Libreoffice-commits] core.git: Branch 'distro/cib/libreoffice-6-4' - configure.ac download.lst external/python3

2021-02-17 Thread Michael Stahl (via logerrit) 
 configure.ac   
|2 
 download.lst   
|4 
 
external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
 |   59 --
 external/python3/python-3.3.0-darwin.patch.1   
|2 
 4 files changed, 4 insertions(+), 63 deletions(-)

New commits:
commit 576be77c00bf925b02405da3a13236526a8948b4
Author: Michael Stahl 
AuthorDate: Wed Feb 17 13:56:52 2021 +0100
Commit: Michael Stahl 
CommitDate: Wed Feb 17 15:46:51 2021 +0100

python3: upgrade to release 3.7.10

Fixes CVE-2021-3177 plus these less important ones:
CVE-2021-23336 CVE-2020-27619 CVE-2020-14422 CVE-2020-26116
CVE-2019-20907 CVE-2020-8492 CVE-2019-18348

Change-Id: I8e83395bd3e871eb2ed030a03827b7d261c96049

diff --git a/configure.ac b/configure.ac
index 211ec987d05f..000ed8c340c7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8798,7 +8798,7 @@ internal)
 SYSTEM_PYTHON=
 PYTHON_VERSION_MAJOR=3
 PYTHON_VERSION_MINOR=7
-PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.7
+PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.10
 if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
 AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in 
download.lst])
 fi
diff --git a/download.lst b/download.lst
index bdbed280f3e0..702a921e929b 100644
--- a/download.lst
+++ b/download.lst
@@ -212,8 +212,8 @@ export POPPLER_SHA256SUM := 
016dde34e5f868ea98a32ca99b643325a9682281500942b7113f
 export POPPLER_TARBALL := poppler-21.01.0.tar.xz
 export POSTGRESQL_SHA256SUM := 
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
 export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
-export PYTHON_SHA256SUM := 
06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136
-export PYTHON_TARBALL := Python-3.7.7.tar.xz
+export PYTHON_SHA256SUM := 
f8d82e7572c86ec9d55c8627aae5040124fd2203af400c383c821b980306ee6b
+export PYTHON_TARBALL := Python-3.7.10.tar.xz
 export QRCODEGEN_SHA256SUM := 
fcdf9fd69fde07ae4dca2351d84271a9de8093002f733b77c70f52f1630f6e4a
 export QRCODEGEN_TARBALL := QR-Code-generator-1.4.0.tar.gz
 export QXP_SHA256SUM := 
e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
diff --git 
a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
 
b/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
deleted file mode 100644
index 489e5d0e89ee..
--- 
a/external/python3/0001-3.6-bpo-17239-Disable-external-entities-in-SAX-parse.patch.1
+++ /dev/null
@@ -1,59 +0,0 @@
-From 582d188e6e3487180891f1fc457a80dec8be26a8 Mon Sep 17 00:00:00 2001
-From: Christian Heimes 
-Date: Mon, 24 Sep 2018 14:38:31 +0200
-Subject: [PATCH] [3.6] bpo-17239: Disable external entities in SAX parser
- (GH-9217) (GH-9512)
-
-The SAX parser no longer processes general external entities by default
-to increase security. Before, the parser created network connections
-to fetch remote files or loaded local files from the file system for DTD
-and entities.
-
-Signed-off-by: Christian Heimes 
-
-https://bugs.python.org/issue17239.
-(cherry picked from commit 17b1d5d4e36aa57a9b25a0e694affbd1ee637e45)
-
-Co-authored-by: Christian Heimes 
-
-
-
-https://bugs.python.org/issue17239

- Doc/library/xml.dom.pulldom.rst   | 14 +
- Doc/library/xml.rst   |  6 +-
- Doc/library/xml.sax.rst   |  8 +++
- Doc/whatsnew/3.6.rst  | 18 +-
- Lib/test/test_pulldom.py  |  7 +++
- Lib/test/test_sax.py  | 60 ++-
- Lib/test/test_xml_etree.py| 13 
- Lib/xml/sax/expatreader.py|  2 +-
- .../2018-09-11-18-30-55.bpo-17239.kOpwK2.rst  |  3 +
- 9 files changed, 125 insertions(+), 6 deletions(-)
- create mode 100644 
Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-
-diff --git a/Lib/xml/sax/expatreader.py b/Lib/xml/sax/expatreader.py
-index 421358fa5b..5066ffc2fa 100644
 a/Lib/xml/sax/expatreader.py
-+++ b/Lib/xml/sax/expatreader.py
-@@ -95,7 +95,7 @@ class ExpatParser(xmlreader.IncrementalParser, 
xmlreader.Locator):
- self._lex_handler_prop = None
- self._parsing = 0
- self._entity_stack = []
--self._external_ges = 1
-+self._external_ges = 0
- self._interning = None
- 
- # XMLReader methods
-diff --git 
a/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst 
b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-new file mode 100644
-index 00..8dd0fe8c1b
 /dev/null
-+++ b/Misc/NEWS.d/next/Security/2018-09-11-18-30-55.bpo-17239.kOpwK2.rst
-@@ -0,0 +1,3 @@
-+The xml.sax and xml.dom.minidom parsers no