aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/jenkins/APKBUILD12
-rw-r--r--community/jool-modules-lts/APKBUILD2
-rw-r--r--community/lua-resty-openidc/APKBUILD8
-rw-r--r--community/php7/APKBUILD8
-rw-r--r--community/rtl8821ce-lts/APKBUILD2
-rw-r--r--community/virtualbox-guest-modules-lts/APKBUILD2
-rw-r--r--community/wireguard-lts/APKBUILD2
-rw-r--r--main/alpine-base/APKBUILD2
-rw-r--r--main/alpine-keys/APKBUILD18
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub14
-rw-r--r--main/apache2/APKBUILD7
-rw-r--r--main/busybox/APKBUILD33
-rw-r--r--main/busybox/CVE-2021-42374.patch45
-rw-r--r--main/busybox/awk-fixes.patch3208
-rw-r--r--main/busybox/traceroute-opt-x.patch26
-rw-r--r--main/ca-certificates/APKBUILD19
-rw-r--r--main/cryptsetup/APKBUILD12
-rw-r--r--main/dahdi-linux-lts/APKBUILD2
-rw-r--r--main/drbd-lts/APKBUILD2
-rw-r--r--main/expat/APKBUILD26
-rw-r--r--main/expat/CVE-2021-45960.patch59
-rw-r--r--main/expat/CVE-2021-46143.patch43
-rw-r--r--main/expat/CVE-2022-22822.patch250
-rw-r--r--main/linux-lts/APKBUILD4
-rw-r--r--main/lz4/APKBUILD11
-rw-r--r--main/lz4/CVE-2021-3520.patch22
-rw-r--r--main/mariadb/APKBUILD8
-rw-r--r--main/mbedtls/APKBUILD9
-rw-r--r--main/ncurses/APKBUILD10
-rw-r--r--main/ncurses/CVE-2021-39537.patch26
-rw-r--r--main/nss/APKBUILD12
-rw-r--r--main/nss/CVE-2021-43527.patch352
-rw-r--r--main/postgresql/APKBUILD7
-rw-r--r--main/privoxy/APKBUILD16
-rw-r--r--main/py3-pillow/APKBUILD12
-rw-r--r--main/py3-pillow/cve-2021-23437.patch40
-rw-r--r--main/ruby/APKBUILD9
-rw-r--r--main/snmptt/APKBUILD8
-rw-r--r--main/strongswan/APKBUILD16
-rw-r--r--main/tzdata/APKBUILD8
-rw-r--r--main/xen/APKBUILD22
-rw-r--r--main/xen/xsa386.patch29
-rw-r--r--main/xen/xsa388-4.14-1.patch174
-rw-r--r--main/xen/xsa388-4.14-2.patch36
-rw-r--r--main/xen/xsa389-4.13.patch180
-rw-r--r--main/xtables-addons-lts/APKBUILD2
-rw-r--r--main/zfs-lts/APKBUILD2
54 files changed, 4826 insertions, 89 deletions
diff --git a/community/jenkins/APKBUILD b/community/jenkins/APKBUILD
index 4d318e15bb..960c243149 100644
--- a/community/jenkins/APKBUILD
+++ b/community/jenkins/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=jenkins
-pkgver=2.275
+pkgver=2.319.2
pkgrel=0
pkgdesc="Extendable continuous integration server (stable version)"
url="https://jenkins.io"
@@ -14,13 +14,15 @@ options="!check"
pkgusers="$pkgname"
pkggroups="$pkgname"
subpackages="$pkgname-openrc"
-source="$pkgname-$pkgver.war::http://mirrors.jenkins.io/war/$pkgver/jenkins.war
+source="$pkgname-$pkgver.war::https://get.jenkins.io/war-stable/$pkgver/jenkins.war
$pkgname.logrotate
$pkgname.initd
$pkgname.confd"
builddir="$srcdir/"
# secfixes:
+# 2.319.2-r0:
+# - CVE-2022-20612
# 2.275-r0:
# - CVE-2021-21603
# - CVE-2021-21608
@@ -59,7 +61,9 @@ package() {
chown -R $pkgusers:$pkggroups "$pkgdir"/var/log/jenkins
}
-sha512sums="6c473e8d117ba99fa6a25820f0e0793f5b95f2d4c8ae2969c3e6c38fa076cbce91003d9d3e5c41c158a6d9ac69c192addbd3c0487af8b220878a1c08435b2a5a jenkins-2.275.war
+sha512sums="
+f6f0846d9e032b48e85fc20a030baa2d5c500a65c6c909d00852be3324d1b79c31ea8b7ff45ac05299ff9797b17aeb61d094ad425ce5198f6e13aa050007e650 jenkins-2.319.2.war
74423d3c66e2312eb3a1590e0582ccd82fc01b410d3bfc0627bef56fe6f4e7f4ea01a7a2d92a7a0c4870a1a1c48e911fe7eab3073e14db4910b52158182e5856 jenkins.logrotate
43686a537248c7a0a8fe53c3ca9577c8ffb50a141248de028d398d0fd3b3be8562b6cb2c63b44b3b0ac58d6431e8907790553791b2e125d1bfc2e3263ffaa83e jenkins.initd
-7247750a13fc2537dc1e405f6d8221ccdc80cfbaf40c47327ee04c206afa8607ada52e7b895c8eb3489dd9f6a94b42b8b38110b3120948a35dc4f197fe4c08ed jenkins.confd"
+7247750a13fc2537dc1e405f6d8221ccdc80cfbaf40c47327ee04c206afa8607ada52e7b895c8eb3489dd9f6a94b42b8b38110b3120948a35dc4f197fe4c08ed jenkins.confd
+"
diff --git a/community/jool-modules-lts/APKBUILD b/community/jool-modules-lts/APKBUILD
index b2c8d703af..07073bf35b 100644
--- a/community/jool-modules-lts/APKBUILD
+++ b/community/jool-modules-lts/APKBUILD
@@ -21,7 +21,7 @@ fi
# Kernel version
# Keep in sync with main/linux-lts!
_kpkg=linux-$_flavor
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/lua-resty-openidc/APKBUILD b/community/lua-resty-openidc/APKBUILD
index f33d0636d1..69d1e20a3f 100644
--- a/community/lua-resty-openidc/APKBUILD
+++ b/community/lua-resty-openidc/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=lua-resty-openidc
-pkgver=1.7.1
-pkgrel=1
+pkgver=1.7.5
+pkgrel=0
pkgdesc="OpenID Connect library for the nginx lua module"
url="https://github.com/zmartzone/$pkgname"
arch="noarch"
@@ -18,4 +18,6 @@ package() {
cp -r ./lib/resty "$pkgdir/usr/share/lua/common"
}
-sha512sums="ce52684ebb3a492382e93a71a11c62d1cd17d1a3fd266e7d95453729abeb036ed99fded1a9cee55aec444d7a3e36d7cebd7a537006dff71fafd5dc8aa4c32378 lua-resty-openidc-1.7.1.tar.gz"
+sha512sums="
+d483efff27a0566ffadeb8f0da0df0147e9510bcfd5f4d295c7ce11925af882c9604e8d72f676bd9d6b6ded83c2c9f65ff958605856a8d218d4992136f0f4577 lua-resty-openidc-1.7.5.tar.gz
+"
diff --git a/community/php7/APKBUILD b/community/php7/APKBUILD
index 712aa3934a..2ee9f0e775 100644
--- a/community/php7/APKBUILD
+++ b/community/php7/APKBUILD
@@ -26,7 +26,7 @@
pkgname=php7
_pkgreal=php
-pkgver=7.3.31
+pkgver=7.3.33
pkgrel=0
_apiver=20180731
_suffix=${pkgname#php}
@@ -185,6 +185,10 @@ case "$CARCH" in
esac
# secfixes:
+# 7.3.33-r0:
+# - CVE-2021-21707
+# 7.3.32-r0:
+# - CVE-2021-21703
# 7.3.31-r0:
# - CVE-2021-21706
# 7.3.29-r0:
@@ -699,7 +703,7 @@ _mv() {
}
sha512sums="
-63a8122233b9892453b6b92429497a7ad9761ad88063e2b95607b5d4d4c0a0e1135073bcae5a0e69a17082d2348911cbbd4807c0d20905d93324d89e5b019a05 php-7.3.31.tar.xz
+b05edb3e87775c0b2d7bd5990e47751279076e6ef2356f59dc917f4a1447d95894f596cd8de711f03278650ff74ff9f2687ed96cec69d2d669a6af563a455e25 php-7.3.33.tar.xz
1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd
cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate
274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf
diff --git a/community/rtl8821ce-lts/APKBUILD b/community/rtl8821ce-lts/APKBUILD
index 257b8ffd59..b6164bdd9d 100644
--- a/community/rtl8821ce-lts/APKBUILD
+++ b/community/rtl8821ce-lts/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Kevin Daudt <kdaudt@alpinelinux.org>
# Maintainer: Kevin Daudt <kdaudt@alpinelinux.org>
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_flavor="$FLAVOR"
[ -z "$_flavor" ] && _flavor=lts
diff --git a/community/virtualbox-guest-modules-lts/APKBUILD b/community/virtualbox-guest-modules-lts/APKBUILD
index 44176a6d0b..ac19b900d8 100644
--- a/community/virtualbox-guest-modules-lts/APKBUILD
+++ b/community/virtualbox-guest-modules-lts/APKBUILD
@@ -8,7 +8,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/wireguard-lts/APKBUILD b/community/wireguard-lts/APKBUILD
index cda23d8255..604cd120b0 100644
--- a/community/wireguard-lts/APKBUILD
+++ b/community/wireguard-lts/APKBUILD
@@ -6,7 +6,7 @@ _ver=1.0.20201112
_rel=0
# kernel version
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD
index c3eee98e1d..75b9da23cc 100644
--- a/main/alpine-base/APKBUILD
+++ b/main/alpine-base/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-base
-pkgver=3.12.8
+pkgver=3.12.9
pkgrel=0
pkgdesc="Meta package for minimal alpine base"
url="https://alpinelinux.org"
diff --git a/main/alpine-keys/APKBUILD b/main/alpine-keys/APKBUILD
index 39465f0c69..9c95f33c46 100644
--- a/main/alpine-keys/APKBUILD
+++ b/main/alpine-keys/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-keys
-pkgver=2.3
+pkgver=2.4
pkgrel=0
pkgdesc="Public keys for Alpine Linux packages"
url="https://alpinelinux.org"
@@ -12,19 +12,27 @@ options="!check" # No testsuite
_arch_keys="
aarch64:alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub
+ aarch64:alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
armhf,armv7:alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
+ armv7:alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
+ armhf:alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
x86:alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+ x86:alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
x86,x86_64:alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
x86_64:alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+ x86_64:alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
ppc64le:alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub
+ ppc64le:alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
s390x:alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub
+ s390x:alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
mips64:alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub
riscv64:alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub
+ riscv64:alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
"
for _i in $_arch_keys; do
@@ -99,12 +107,20 @@ package() {
sha512sums="
e4f9e314f8e506fba2cb3e599c6412a036ec37ce3a54990fc7d80a821d8728f40ee3b4aa8a15218d50341fa785d9ddf7c7471f45018c6a2065ab13664a1aa9e9 alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub
+51a5ec21283fe218809b2325202e1f8c9b2551705db48254b9d48a04f4ed0075de51e9886c4704647ffb309fd32d9850d14013848a53038039e85011251fe1cc alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
698fda502f70365a852de3c10636eadfc4f70a7a00f096581119aef665e248b787004ceef63f4c8cb18c6f88d18b8b1bd6b3c5d260e79e6d73a3cc09537b196e alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
+a98095a626f2dcbda73ffd8873ba2d609ee1d881f5da13b0eb3469ddd58b06440b4b0b2f791b037c88073e9a17c6dfc62dc1a4c8491bed871524d772ef04ad24 alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
+7aa5526a88519ae91f997bf914a9bd3d230b21c011587f155ce22c4bb94b70181b28590027eb555d96d1122dffb8242c1fb044228e99b4e9b7650fcf6f5121c7 alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
e18e65ee911eb1f8ea869f758e8f2c94cf2ac254ee7ab90a3de1d47b94a547c2066214abf710da21910ebedc0153d05fd4fe579cc5ce24f46e0cfd29a02b1a68 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+b89d825e6af73687339848817791b294e2404162e2e069d9212d76d4ee53d6216eb75421a07b02f9778ef57dbb27962b2436247264eea1a1d882967ca0c18724 alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
2d4064cbe09ff958493ec86bcb925af9b7517825d1d9d8d00f2986201ad5952f986fea83d1e2c177e92130700bafa8c0bff61411b3cdb59a41e460ed719580a6 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
721134f289ab1e7dde9158359906017daee40983199fe55f28206c8cdc46b8fcf177a36f270ce374b0eba5dbe01f68cbb3e385ae78a54bb0a2ed1e83a4d820a5 alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+8b9c2208c904c9f34d9d01d3d68b224208530e684265df214deb8c9e6b4b19633aa48a405e673249c9e93a8ee194a336e951cd82a4e27e5e66e85fdc5e0d495e alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
bb5a3df8fac14a62d5936fb3722873fa6a121219b703cba955eb77de38c4384aeaf378fb9321a655e255f0be761e894e309b3789867279c1524dab6300cd8ef1 alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub
+bad4da65221150a5d4cc6f63981e4dd203d40844d32e82c17f346eee5350e460e32d28f0e231a2b78d326ec32b898eec597d3787dae47dcacc9a9776d19fb4a1 alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
0666389ca53121453578cd4bef5fd06e159e291164b3e3233e7d6521604f8bebd30caeef1663adcd5309e07278833402c8a92c33294ec0c5cada24dc47c8cc98 alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub
+83fc29066f6073418ecf01176ce24c1c0e788508f3083a97691706e2c78323e53448060fb0d2abb8118a759570f1f0db9d39953c63fe26fe06da2be05dff393c alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
66ce9677e9c2a7961d5d7bc5b162ed3114a7aef6d01181073c1f42a9934966eecded2ec09deb210f5a389d434d1641ba35fe3abdd5246b2e97d5a5b26a945c5c alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub
34514100e502f449dcabe0aa550232c3330ed2f0b789b977eb228d4ac86afc93479474ac005914992a3b47c18ee3eb32ca27ccd0d392700a8f11f47d64a78969 alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub
+7cea57204a50d72bddff201c509ccbf06773d87062a3ead0a206cc6e4a00e0960f52d21f7cee7aaec6a4abba7a697e2e2e7f630fa1ccef7ee2c33908fca18998 alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
"
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
new file mode 100644
index 0000000000..f2165aebad
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54
+ALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+
+tFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK
+tlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc
+3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5
+Hd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj
+v7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD
+hQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4
+Lxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl
+k9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI
+isbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck
+htBqojBnThmjJQFgZXocHG8CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
new file mode 100644
index 0000000000..aa63d81d66
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlEyxkHggKCXC2Wf5Mzx4
+nZLFZvU2bgcA3exfNPO/g1YunKfQY+Jg4fr6tJUUTZ3XZUrhmLNWvpvSwDS19ZmC
+IXOu0+V94aNgnhMsk9rr59I8qcbsQGIBoHzuAl8NzZCgdbEXkiY90w1skUw8J57z
+qCsMBydAueMXuWqF5nGtYbi5vHwK42PffpiZ7G5Kjwn8nYMW5IZdL6ZnMEVJUWC9
+I4waeKg0yskczYDmZUEAtrn3laX9677ToCpiKrvmZYjlGl0BaGp3cxggP2xaDbUq
+qfFxWNgvUAb3pXD09JM6Mt6HSIJaFc9vQbrKB9KT515y763j5CC2KUsilszKi3mB
+HYe5PoebdjS7D1Oh+tRqfegU2IImzSwW3iwA7PJvefFuc/kNIijfS/gH/cAqAK6z
+bhdOtE/zc7TtqW2Wn5Y03jIZdtm12CxSxwgtCF1NPyEWyIxAQUX9ACb3M0FAZ61n
+fpPrvwTaIIxxZ01L3IzPLpbc44x/DhJIEU+iDt6IMTrHOphD9MCG4631eIdB0H1b
+6zbNX1CXTsafqHRFV9XmYYIeOMggmd90s3xIbEujA6HKNP/gwzO6CDJ+nHFDEqoF
+SkxRdTkEqjTjVKieURW7Swv7zpfu5PrsrrkyGnsRrBJJzXlm2FOOxnbI2iSL1B5F
+rO5kbUxFeZUIDq+7Yv4kLWcCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
new file mode 100644
index 0000000000..59c330e9f7
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnC+bR4bHf/L6QdU4puhQ
+gl1MHePszRC38bzvVFDUJsmCaMCL2suCs2A2yxAgGb9pu9AJYLAmxQC4mM3jNqhg
+/E7yuaBbek3O02zN/ctvflJ250wZCy+z0ZGIp1ak6pu1j14IwHokl9j36zNfGtfv
+ADVOcdpWITFFlPqwq1qt/H3UsKVmtiF3BNWWTeUEQwKvlU8ymxgS99yn0+4OPyNT
+L3EUeS+NQJtDS01unau0t7LnjUXn+XIneWny8bIYOQCuVR6s/gpIGuhBaUqwaJOw
+7jkJZYF2Ij7uPb4b5/R3vX2FfxxqEHqssFSg8FFUNTZz3qNZs0CRVyfA972g9WkJ
+hPfn31pQYil4QGRibCMIeU27YAEjXoqfJKEPh4UWMQsQLrEfdGfb8VgwrPbniGfU
+L3jKJR3VAafL9330iawzVQDlIlwGl6u77gEXMl9K0pfazunYhAp+BMP+9ot5ckK+
+osmrqj11qMESsAj083GeFdfV3pXEIwUytaB0AKEht9DbqUfiE/oeZ/LAXgySMtVC
+sbC4ESmgVeY2xSBIJdDyUap7FR49GGrw0W49NUv9gRgQtGGaNVQQO9oGL2PBC41P
+iWF9GLoX30HIz1P8PF/cZvicSSPkQf2Z6TV+t0ebdGNS5DjapdnCrq8m9Z0pyKsQ
+uxAL2a7zX8l5i1CZh1ycUGsCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
new file mode 100644
index 0000000000..915bc566b7
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0MfCDrhODRCIxR9Dep1s
+eXafh5CE5BrF4WbCgCsevyPIdvTeyIaW4vmO3bbG4VzhogDZju+R3IQYFuhoXP5v
+Y+zYJGnwrgz3r5wYAvPnLEs1+dtDKYOgJXQj+wLJBW1mzRDL8FoRXOe5iRmn1EFS
+wZ1DoUvyu7/J5r0itKicZp3QKED6YoilXed+1vnS4Sk0mzN4smuMR9eO1mMCqNp9
+9KTfRDHTbakIHwasECCXCp50uXdoW6ig/xUAFanpm9LtK6jctNDbXDhQmgvAaLXZ
+LvFqoaYJ/CvWkyYCgL6qxvMvVmPoRv7OPcyni4xR/WgWa0MSaEWjgPx3+yj9fiMA
+1S02pFWFDOr5OUF/O4YhFJvUCOtVsUPPfA/Lj6faL0h5QI9mQhy5Zb9TTaS9jB6p
+Lw7u0dJlrjFedk8KTJdFCcaGYHP6kNPnOxMylcB/5WcztXZVQD5WpCicGNBxCGMm
+W64SgrV7M07gQfL/32QLsdqPUf0i8hoVD8wfQ3EpbQzv6Fk1Cn90bZqZafg8XWGY
+wddhkXk7egrr23Djv37V2okjzdqoyLBYBxMz63qQzFoAVv5VoY2NDTbXYUYytOvG
+GJ1afYDRVWrExCech1mX5ZVUB1br6WM+psFLJFoBFl6mDmiYt0vMYBddKISsvwLl
+IJQkzDwtXzT2cSjoj3T5QekCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
new file mode 100644
index 0000000000..1e49d24690
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvaaoSLab+IluixwKV5Od
+0gib2YurjPatGIbn5Ov2DLUFYiebj2oJINXJSwUOO+4WcuHFEqiL/1rya+k5hLZt
+hnPL1tn6QD4rESznvGSasRCQNT2vS/oyZbTYJRyAtFkEYLlq0t3S3xBxxHWuvIf0
+qVxVNYpQWyM3N9RIeYBR/euXKJXileSHk/uq1I5wTC0XBIHWcthczGN0m9wBEiWS
+0m3cnPk4q0Ea8mUJ91Rqob19qETz6VbSPYYpZk3qOycjKosuwcuzoMpwU8KRiMFd
+5LHtX0Hx85ghGsWDVtS0c0+aJa4lOMGvJCAOvDfqvODv7gKlCXUpgumGpLdTmaZ8
+1RwqspAe3IqBcdKTqRD4m2mSg23nVx2FAY3cjFvZQtfooT7q1ItRV5RgH6FhQSl7
++6YIMJ1Bf8AAlLdRLpg+doOUGcEn+pkDiHFgI8ylH1LKyFKw+eXaAml/7DaWZk1d
+dqggwhXOhc/UUZFQuQQ8A8zpA13PcbC05XxN2hyP93tCEtyynMLVPtrRwDnHxFKa
+qKzs3rMDXPSXRn3ZZTdKH3069ApkEjQdpcwUh+EmJ1Ve/5cdtzT6kKWCjKBFZP/s
+91MlRrX2BTRdHaU5QJkUheUtakwxuHrdah2F94lRmsnQlpPr2YseJu6sIE+Dnx4M
+CfhdVbQL2w54R645nlnohu8CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
new file mode 100644
index 0000000000..bb15efe96d
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0BFD1D4lIxQcsqEpQzU
+pNCYM3aP1V/fxxVdT4DWvSI53JHTwHQamKdMWtEXetWVbP5zSROniYKFXd/xrD9X
+0jiGHey3lEtylXRIPxe5s+wXoCmNLcJVnvTcDtwx/ne2NLHxp76lyc25At+6RgE6
+ADjLVuoD7M4IFDkAsd8UQ8zM0Dww9SylIk/wgV3ZkifecvgUQRagrNUdUjR56EBZ
+raQrev4hhzOgwelT0kXCu3snbUuNY/lU53CoTzfBJ5UfEJ5pMw1ij6X0r5S9IVsy
+KLWH1hiO0NzU2c8ViUYCly4Fe9xMTFc6u2dy/dxf6FwERfGzETQxqZvSfrRX+GLj
+/QZAXiPg5178hT/m0Y3z5IGenIC/80Z9NCi+byF1WuJlzKjDcF/TU72zk0+PNM/H
+Kuppf3JT4DyjiVzNC5YoWJT2QRMS9KLP5iKCSThwVceEEg5HfhQBRT9M6KIcFLSs
+mFjx9kNEEmc1E8hl5IR3+3Ry8G5/bTIIruz14jgeY9u5jhL8Vyyvo41jgt9sLHR1
+/J1TxKfkgksYev7PoX6/ZzJ1ksWKZY5NFoDXTNYUgzFUTOoEaOg3BAQKadb3Qbbq
+XIrxmPBdgrn9QI7NCgfnAY3Tb4EEjs3ON/BNyEhUENcXOH6I1NbcuBQ7g9P73kE4
+VORdoc8MdJ5eoKBpO8Ww8HECAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
new file mode 100644
index 0000000000..0ecbccc2e4
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyduVzi1mWm+lYo2Tqt/0
+XkCIWrDNP1QBMVPrE0/ZlU2bCGSoo2Z9FHQKz/mTyMRlhNqTfhJ5qU3U9XlyGOPJ
+piM+b91g26pnpXJ2Q2kOypSgOMOPA4cQ42PkHBEqhuzssfj9t7x47ppS94bboh46
+xLSDRff/NAbtwTpvhStV3URYkxFG++cKGGa5MPXBrxIp+iZf9GnuxVdST5PGiVGP
+ODL/b69sPJQNbJHVquqUTOh5Ry8uuD2WZuXfKf7/C0jC/ie9m2+0CttNu9tMciGM
+EyKG1/Xhk5iIWO43m4SrrT2WkFlcZ1z2JSf9Pjm4C2+HovYpihwwdM/OdP8Xmsnr
+DzVB4YvQiW+IHBjStHVuyiZWc+JsgEPJzisNY0Wyc/kNyNtqVKpX6dRhMLanLmy+
+f53cCSI05KPQAcGj6tdL+D60uKDkt+FsDa0BTAobZ31OsFVid0vCXtsbplNhW1IF
+HwsGXBTVcfXg44RLyL8Lk/2dQxDHNHzAUslJXzPxaHBLmt++2COa2EI1iWlvtznk
+Ok9WP8SOAIj+xdqoiHcC4j72BOVVgiITIJNHrbppZCq6qPR+fgXmXa+sDcGh30m6
+9Wpbr28kLMSHiENCWTdsFij+NQTd5S47H7XTROHnalYDuF1RpS+DpQidT5tUimaT
+JZDr++FjKrnnijbyNF8b98UCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
new file mode 100644
index 0000000000..ceffa3ace9
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnpUpyWDWjlUk3smlWeA0
+lIMW+oJ38t92CRLHH3IqRhyECBRW0d0aRGtq7TY8PmxjjvBZrxTNDpJT6KUk4LRm
+a6A6IuAI7QnNK8SJqM0DLzlpygd7GJf8ZL9SoHSH+gFsYF67Cpooz/YDqWrlN7Vw
+tO00s0B+eXy+PCXYU7VSfuWFGK8TGEv6HfGMALLjhqMManyvfp8hz3ubN1rK3c8C
+US/ilRh1qckdbtPvoDPhSbTDmfU1g/EfRSIEXBrIMLg9ka/XB9PvWRrekrppnQzP
+hP9YE3x/wbFc5QqQWiRCYyQl/rgIMOXvIxhkfe8H5n1Et4VAorkpEAXdsfN8KSVv
+LSMazVlLp9GYq5SUpqYX3KnxdWBgN7BJoZ4sltsTpHQ/34SXWfu3UmyUveWj7wp0
+x9hwsPirVI00EEea9AbP7NM2rAyu6ukcm4m6ATd2DZJIViq2es6m60AE6SMCmrQF
+wmk4H/kdQgeAELVfGOm2VyJ3z69fQuywz7xu27S6zTKi05Qlnohxol4wVb6OB7qG
+LPRtK9ObgzRo/OPumyXqlzAi/Yvyd1ZQk8labZps3e16bQp8+pVPiumWioMFJDWV
+GZjCmyMSU8V6MB6njbgLHoyg2LCukCAeSjbPGGGYhnKLm1AKSoJh3IpZuqcKCk5C
+8CM1S15HxV78s9dFntEqIokCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index e8ad6cfa80..eb2f827582 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=apache2
_pkgreal=httpd
-pkgver=2.4.51
+pkgver=2.4.52
pkgrel=0
pkgdesc="A high performance Unix-based HTTP server"
url="https://httpd.apache.org/"
@@ -50,6 +50,9 @@ options="suid"
builddir="$srcdir"/$_pkgreal-$pkgver
# secfixes:
+# 2.4.52-r0:
+# - CVE-2021-44224
+# - CVE-2021-44790
# 2.4.51-r0:
# - CVE-2021-42013
# 2.4.50-r0:
@@ -368,7 +371,7 @@ _lua() {
}
sha512sums="
-9fb07c4b176f5c0485a143e2b1bb1085345ca9120b959974f68c37a8911a57894d2cb488b1b42fdf3102860b99e890204f5e9fa7ae3828b481119c563812cc66 httpd-2.4.51.tar.bz2
+97c021c576022a9d32f4a390f62e07b5f550973aef2f299fd52defce1a9fa5d27bd4a676e7bf214373ba46063d34aecce42de62fdd93678a4e925cfcbb2afdf6 httpd-2.4.52.tar.bz2
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index b053fb148d..ae4c7b2c85 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.31.1
-pkgrel=20
+pkgrel=21
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url="https://busybox.net/"
arch="all"
@@ -37,7 +37,10 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
busybox-bc.patch
nslookup.patch
- traceroute-opt-x.patch::https://git.busybox.net/busybox/patch/?id=89358a7131d3e75c74af834bb117b4fad7914983
+ traceroute-opt-x.patch
+
+ CVE-2021-42374.patch
+ awk-fixes.patch
acpid.logrotate
busyboxconfig
@@ -49,6 +52,17 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
"
# secfixes:
+# 1.31.1-r21:
+# - CVE-2021-42374
+# - CVE-2021-42378
+# - CVE-2021-42379
+# - CVE-2021-42380
+# - CVE-2021-42381
+# - CVE-2021-42382
+# - CVE-2021-42383
+# - CVE-2021-42384
+# - CVE-2021-42385
+# - CVE-2021-42386
# 1.31.1-r20:
# - CVE-2021-28831
# 1.30.1-r2:
@@ -61,6 +75,11 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
# - CVE-2017-16544
# - CVE-2017-15873
# - CVE-2017-15874
+# 0:
+# - CVE-2021-42373
+# - CVE-2021-42375
+# - CVE-2021-42376
+# - CVE-2021-42377
_staticdir="$srcdir"/build-static
@@ -218,7 +237,8 @@ ssl_client() {
}
-sha512sums="0d1197c25d963d7f95ef21e08c06c0d6124ac7b59c99989e891f744ffee4878a3b1fe44a247241a9da39fa5de0ba87f1b6d862401b591f277e66e89c02764bbf busybox-1.31.1.tar.bz2
+sha512sums="
+0d1197c25d963d7f95ef21e08c06c0d6124ac7b59c99989e891f744ffee4878a3b1fe44a247241a9da39fa5de0ba87f1b6d862401b591f277e66e89c02764bbf busybox-1.31.1.tar.bz2
07e79138c80a12fd3c8770c4a1beaba986465b099816511d2de744b34f7457f22351d991f510cce8665effd651cca34a85f685ed52747313b3980ebf25988958 0001-ln-no-target-directory-implies-no-dereference.patch
ead3403578c071c2216de17ab0543984c1f1509c12c062f03af49141547c3ea21356f3e8f0f0695550f05a41a1379dd73fc3cc18dcd78addbb411f247351e353 0001-nologin-Install-applet-to-sbin-instead-of-usr-sbin.patch
a2787a3ecaf6746dadef62166e8ee6ecaa166147e5ad8b917c5838536057c875bab5f9cf40c3e05eba74d575484ac662929ac3799d58432d3a99ac46f364f302 0001-adduser-default-to-sbin-nologin-as-shell-for-system-.patch
@@ -236,11 +256,14 @@ b0f956e98ed1b670dc27f835441407d32395d371599780cf87a5fb2eee43ad2f77c8c484d20f08b1
d8926f0e4ed7d2fe5af89ff2a944d781b45b109c9edf1ef2591e7bce2a8bbadd7c8ca814cb3c928ae09027d9603434fe70496f308d701f3d42260ebd1e9e9b29 0013-testsuite-fix-cpio-tests.patch
9bb4d16ca418b6fd3c0b6dc867c92920e66ddb0c98040373d1166608284d2755b8d6eed0022bfddfcc07f5df93974fb7ed79402511a9728eb6c95ce05c37cfeb busybox-bc.patch
00d7f186bac8f228ebda3c486282df34c0021b58948946f4b2c7efe0cccf5f34a0e0430318359f1008ed51455747ffb525010f2feef450faf05fbc511d99d1d6 nslookup.patch
-c6dc917e67ab4c9aa0294f22707fd3cfc8cb37d703d8a0bce7f257ac9fb931dc4b815ab1d5e4f3ed3520b6ba046bdc1fbd0d1f8ed73b8d2d51f9238f03e03688 traceroute-opt-x.patch
+90598077e3000efa92167d446211965737bd3ee8c9dc29b6a33ebbd7c2e2a52eaadd225a1695bc4375ae0ec90a533915926de5fa4364d880b6c99934d7b0f916 traceroute-opt-x.patch
+0e241dc63d49103569852089c07149a2ff2599331f988ca20e8f6f606e560795b919ceffb6b3f4f1aba56b688b969c52bfdc2d1deb7c6ec08deaf707771b996a CVE-2021-42374.patch
+e4fae8467f2f3c6c3274a5f7e4b9d9c3e9742fe478379ae0096b5b0dc93a52e5a295acd2d4d12f0cc4679b3df5b5490076de5196a70cc4e17d8dbc829c57d903 awk-fixes.patch
aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate
33ee716a324a622e03ae3303afb50c856d0706a5e78923e313040e98513aaa311ecfbc1e4acf784eba9e35cc6f91fa72862bbbfe3b1f7c2a76f94b6f55cb13c0 busyboxconfig
5f9739b9d0c1ba5d77e3153c373593a1bcb813cf466f951b00a2a040262e5077fb13c1a7aa17d67d1533a473bfcacc1a22833b7f491b4dde9dcb5638ad585f9a busyboxconfig-extras
0becc2186d6c32fb0c401cf7bc0e46268b38ce8892db33be1daf40273024c1c02d518283f44086a313a2ccef34230a1d945ec148cc173f26e6aa9d88a7426e54 bbsuid.c
b993ce589685d5d1f806153d0b7f71657f2d37556654ec60884130a40f09acc4944a13e0a4d02914000bedd779e5a35da08c760fed5f7ca5b601243aff7ba2c9 dad.if-up
646ad9aefe3596d0170d92c8506ca1846e43b5b83cbef97ae565f15ffa7b14665a8c7061bc69c608c043f834c134c5d63f042509f8999031e89163508a868e46 ssl_client.c
-c047594a1a3c685f679b98bb80015020ed51e7502c0b2f535f8483a8852b8d43b894b36f34ba680ef96a52c67f3d1af706edbfe43c4a2117c469bb2967215252 default.script"
+c047594a1a3c685f679b98bb80015020ed51e7502c0b2f535f8483a8852b8d43b894b36f34ba680ef96a52c67f3d1af706edbfe43c4a2117c469bb2967215252 default.script
+"
diff --git a/main/busybox/CVE-2021-42374.patch b/main/busybox/CVE-2021-42374.patch
new file mode 100644
index 0000000000..000ea4eb4f
--- /dev/null
+++ b/main/busybox/CVE-2021-42374.patch
@@ -0,0 +1,45 @@
+From 0a79496ff649bd4b426b14a2a8810e84c3dccb34 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 15 Jun 2021 15:07:57 +0200
+Subject: [PATCH] unlzma: fix a case where we could read before beginning of
+ buffer
+
+CVE-2021-42374
+
+Testcase:
+
+ 21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6
+ 00 17 02 10 11 0f ff 00 16 00 00
+
+Unfortunately, the bug is not reliably causing a segfault,
+the behavior depends on what's in memory before the buffer.
+
+function old new delta
+unpack_lzma_stream 2762 2768 +6
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 04f052c56ded5ab6a904e3a264a73dc0412b2e78)
+---
+ archival/libarchive/decompress_unlzma.c | 5 ++++-
+ testsuite/unlzma.tests | 17 +++++++++++++----
+ testsuite/unlzma_issue_3.lzma | Bin 0 -> 27 bytes
+ 3 files changed, 17 insertions(+), 5 deletions(-)
+ create mode 100644 testsuite/unlzma_issue_3.lzma
+
+diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
+index 0744f231a..fb5aac8fe 100644
+--- a/archival/libarchive/decompress_unlzma.c
++++ b/archival/libarchive/decompress_unlzma.c
+@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ uint32_t pos;
+
+ pos = buffer_pos - rep0;
+- if ((int32_t)pos < 0)
++ if ((int32_t)pos < 0) {
+ pos += header.dict_size;
++ if ((int32_t)pos < 0)
++ goto bad;
++ }
+ match_byte = buffer[pos];
+ do {
+ int bit;
diff --git a/main/busybox/awk-fixes.patch b/main/busybox/awk-fixes.patch
new file mode 100644
index 0000000000..f5127c0ebe
--- /dev/null
+++ b/main/busybox/awk-fixes.patch
@@ -0,0 +1,3208 @@
+Diff from all patches 1.31_0..1_34_0.
+
+diff --git a/editors/awk.c b/editors/awk.c
+index d25508e5d..bbdd64e09 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -66,6 +66,8 @@
+ #endif
+ #ifndef debug_printf_parse
+ # define debug_printf_parse(...) (fprintf(stderr, __VA_ARGS__))
++#else
++# define debug_parse_print_tc(...) ((void)0)
+ #endif
+
+
+@@ -91,7 +93,6 @@ enum {
+ };
+
+ #define MAXVARFMT 240
+-#define MINNVBLOCK 64
+
+ /* variable flags */
+ #define VF_NUMBER 0x0001 /* 1 = primary type is number */
+@@ -101,7 +102,7 @@ enum {
+ #define VF_USER 0x0200 /* 1 = user input (may be numeric string) */
+ #define VF_SPECIAL 0x0400 /* 1 = requires extra handling when changed */
+ #define VF_WALK 0x0800 /* 1 = variable has alloc'd x.walker list */
+-#define VF_FSTR 0x1000 /* 1 = var::string points to fstring buffer */
++#define VF_FSTR 0x1000 /* 1 = don't free() var::string (not malloced, or is owned by something else) */
+ #define VF_CHILD 0x2000 /* 1 = function arg; x.parent points to source */
+ #define VF_DIRTY 0x4000 /* 1 = variable was set explicitly */
+
+@@ -118,8 +119,8 @@ typedef struct walker_list {
+ /* Variable */
+ typedef struct var_s {
+ unsigned type; /* flags */
+- double number;
+ char *string;
++ double number;
+ union {
+ int aidx; /* func arg idx (for compilation stage) */
+ struct xhash_s *array; /* array ptr */
+@@ -138,6 +139,7 @@ typedef struct chain_s {
+ /* Function */
+ typedef struct func_s {
+ unsigned nargs;
++ smallint defined;
+ struct chain_s body;
+ } func;
+
+@@ -177,7 +179,7 @@ typedef struct node_s {
+ struct node_s *n;
+ var *v;
+ int aidx;
+- char *new_progname;
++ const char *new_progname;
+ regex_t *re;
+ } l;
+ union {
+@@ -190,90 +192,120 @@ typedef struct node_s {
+ } a;
+ } node;
+
+-/* Block of temporary variables */
+-typedef struct nvblock_s {
+- int size;
+- var *pos;
+- struct nvblock_s *prev;
+- struct nvblock_s *next;
+- var nv[];
+-} nvblock;
+-
+ typedef struct tsplitter_s {
+ node n;
+ regex_t re[2];
+ } tsplitter;
+
+ /* simple token classes */
+-/* Order and hex values are very important!!! See next_token() */
+-#define TC_SEQSTART (1 << 0) /* ( */
+-#define TC_SEQTERM (1 << 1) /* ) */
+-#define TC_REGEXP (1 << 2) /* /.../ */
+-#define TC_OUTRDR (1 << 3) /* | > >> */
+-#define TC_UOPPOST (1 << 4) /* unary postfix operator */
+-#define TC_UOPPRE1 (1 << 5) /* unary prefix operator */
+-#define TC_BINOPX (1 << 6) /* two-opnd operator */
+-#define TC_IN (1 << 7)
+-#define TC_COMMA (1 << 8)
+-#define TC_PIPE (1 << 9) /* input redirection pipe */
+-#define TC_UOPPRE2 (1 << 10) /* unary prefix operator */
+-#define TC_ARRTERM (1 << 11) /* ] */
+-#define TC_GRPSTART (1 << 12) /* { */
+-#define TC_GRPTERM (1 << 13) /* } */
+-#define TC_SEMICOL (1 << 14)
+-#define TC_NEWLINE (1 << 15)
+-#define TC_STATX (1 << 16) /* ctl statement (for, next...) */
+-#define TC_WHILE (1 << 17)
+-#define TC_ELSE (1 << 18)
+-#define TC_BUILTIN (1 << 19)
++/* order and hex values are very important!!! See next_token() */
++#define TC_LPAREN (1 << 0) /* ( */
++#define TC_RPAREN (1 << 1) /* ) */
++#define TC_REGEXP (1 << 2) /* /.../ */
++#define TC_OUTRDR (1 << 3) /* | > >> */
++#define TC_UOPPOST (1 << 4) /* unary postfix operator ++ -- */
++#define TC_UOPPRE1 (1 << 5) /* unary prefix operator ++ -- $ */
++#define TC_BINOPX (1 << 6) /* two-opnd operator */
++#define TC_IN (1 << 7) /* 'in' */
++#define TC_COMMA (1 << 8) /* , */
++#define TC_PIPE (1 << 9) /* input redirection pipe | */
++#define TC_UOPPRE2 (1 << 10) /* unary prefix operator + - ! */
++#define TC_ARRTERM (1 << 11) /* ] */
++#define TC_LBRACE (1 << 12) /* { */
++#define TC_RBRACE (1 << 13) /* } */
++#define TC_SEMICOL (1 << 14) /* ; */
++#define TC_NEWLINE (1 << 15)
++#define TC_STATX (1 << 16) /* ctl statement (for, next...) */
++#define TC_WHILE (1 << 17) /* 'while' */
++#define TC_ELSE (1 << 18) /* 'else' */
++#define TC_BUILTIN (1 << 19)
+ /* This costs ~50 bytes of code.
+ * A separate class to support deprecated "length" form. If we don't need that
+ * (i.e. if we demand that only "length()" with () is valid), then TC_LENGTH
+ * can be merged with TC_BUILTIN:
+ */
+-#define TC_LENGTH (1 << 20)
+-#define TC_GETLINE (1 << 21)
+-#define TC_FUNCDECL (1 << 22) /* 'function' 'func' */
+-#define TC_BEGIN (1 << 23)
+-#define TC_END (1 << 24)
+-#define TC_EOF (1 << 25)
+-#define TC_VARIABLE (1 << 26)
+-#define TC_ARRAY (1 << 27)
+-#define TC_FUNCTION (1 << 28)
+-#define TC_STRING (1 << 29)
+-#define TC_NUMBER (1 << 30)
+-
+-#define TC_UOPPRE (TC_UOPPRE1 | TC_UOPPRE2)
+-
+-/* combined token classes */
+-#define TC_BINOP (TC_BINOPX | TC_COMMA | TC_PIPE | TC_IN)
+-//#define TC_UNARYOP (TC_UOPPRE | TC_UOPPOST)
+-#define TC_OPERAND (TC_VARIABLE | TC_ARRAY | TC_FUNCTION \
+- | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
+- | TC_SEQSTART | TC_STRING | TC_NUMBER)
+-
+-#define TC_STATEMNT (TC_STATX | TC_WHILE)
+-#define TC_OPTERM (TC_SEMICOL | TC_NEWLINE)
++#define TC_LENGTH (1 << 20) /* 'length' */
++#define TC_GETLINE (1 << 21) /* 'getline' */
++#define TC_FUNCDECL (1 << 22) /* 'function' 'func' */
++#define TC_BEGIN (1 << 23) /* 'BEGIN' */
++#define TC_END (1 << 24) /* 'END' */
++#define TC_EOF (1 << 25)
++#define TC_VARIABLE (1 << 26) /* name */
++#define TC_ARRAY (1 << 27) /* name[ */
++#define TC_FUNCTION (1 << 28) /* name( */
++#define TC_STRING (1 << 29) /* "..." */
++#define TC_NUMBER (1 << 30)
++
++#ifndef debug_parse_print_tc
++static void debug_parse_print_tc(uint32_t n)
++{
++ if (n & TC_LPAREN ) debug_printf_parse(" LPAREN" );
++ if (n & TC_RPAREN ) debug_printf_parse(" RPAREN" );
++ if (n & TC_REGEXP ) debug_printf_parse(" REGEXP" );
++ if (n & TC_OUTRDR ) debug_printf_parse(" OUTRDR" );
++ if (n & TC_UOPPOST ) debug_printf_parse(" UOPPOST" );
++ if (n & TC_UOPPRE1 ) debug_printf_parse(" UOPPRE1" );
++ if (n & TC_BINOPX ) debug_printf_parse(" BINOPX" );
++ if (n & TC_IN ) debug_printf_parse(" IN" );
++ if (n & TC_COMMA ) debug_printf_parse(" COMMA" );
++ if (n & TC_PIPE ) debug_printf_parse(" PIPE" );
++ if (n & TC_UOPPRE2 ) debug_printf_parse(" UOPPRE2" );
++ if (n & TC_ARRTERM ) debug_printf_parse(" ARRTERM" );
++ if (n & TC_LBRACE ) debug_printf_parse(" LBRACE" );
++ if (n & TC_RBRACE ) debug_printf_parse(" RBRACE" );
++ if (n & TC_SEMICOL ) debug_printf_parse(" SEMICOL" );
++ if (n & TC_NEWLINE ) debug_printf_parse(" NEWLINE" );
++ if (n & TC_STATX ) debug_printf_parse(" STATX" );
++ if (n & TC_WHILE ) debug_printf_parse(" WHILE" );
++ if (n & TC_ELSE ) debug_printf_parse(" ELSE" );
++ if (n & TC_BUILTIN ) debug_printf_parse(" BUILTIN" );
++ if (n & TC_LENGTH ) debug_printf_parse(" LENGTH" );
++ if (n & TC_GETLINE ) debug_printf_parse(" GETLINE" );
++ if (n & TC_FUNCDECL) debug_printf_parse(" FUNCDECL");
++ if (n & TC_BEGIN ) debug_printf_parse(" BEGIN" );
++ if (n & TC_END ) debug_printf_parse(" END" );
++ if (n & TC_EOF ) debug_printf_parse(" EOF" );
++ if (n & TC_VARIABLE) debug_printf_parse(" VARIABLE");
++ if (n & TC_ARRAY ) debug_printf_parse(" ARRAY" );
++ if (n & TC_FUNCTION) debug_printf_parse(" FUNCTION");
++ if (n & TC_STRING ) debug_printf_parse(" STRING" );
++ if (n & TC_NUMBER ) debug_printf_parse(" NUMBER" );
++}
++#endif
++
++/* combined token classes ("token [class] sets") */
++#define TS_UOPPRE (TC_UOPPRE1 | TC_UOPPRE2)
++
++#define TS_BINOP (TC_BINOPX | TC_COMMA | TC_PIPE | TC_IN)
++//#define TS_UNARYOP (TS_UOPPRE | TC_UOPPOST)
++#define TS_OPERAND (TC_VARIABLE | TC_ARRAY | TC_FUNCTION \
++ | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
++ | TC_LPAREN | TC_STRING | TC_NUMBER)
++
++#define TS_LVALUE (TC_VARIABLE | TC_ARRAY)
++#define TS_STATEMNT (TC_STATX | TC_WHILE)
+
+ /* word tokens, cannot mean something else if not expected */
+-#define TC_WORD (TC_IN | TC_STATEMNT | TC_ELSE \
+- | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
+- | TC_FUNCDECL | TC_BEGIN | TC_END)
++#define TS_WORD (TC_IN | TS_STATEMNT | TC_ELSE \
++ | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
++ | TC_FUNCDECL | TC_BEGIN | TC_END)
+
+ /* discard newlines after these */
+-#define TC_NOTERM (TC_COMMA | TC_GRPSTART | TC_GRPTERM \
+- | TC_BINOP | TC_OPTERM)
++#define TS_NOTERM (TS_BINOP | TC_COMMA | TC_LBRACE | TC_RBRACE \
++ | TC_SEMICOL | TC_NEWLINE)
+
+ /* what can expression begin with */
+-#define TC_OPSEQ (TC_OPERAND | TC_UOPPRE | TC_REGEXP)
++#define TS_OPSEQ (TS_OPERAND | TS_UOPPRE | TC_REGEXP)
+ /* what can group begin with */
+-#define TC_GRPSEQ (TC_OPSEQ | TC_OPTERM | TC_STATEMNT | TC_GRPSTART)
++#define TS_GRPSEQ (TS_OPSEQ | TS_STATEMNT \
++ | TC_SEMICOL | TC_NEWLINE | TC_LBRACE)
+
+-/* if previous token class is CONCAT1 and next is CONCAT2, concatenation */
++/* if previous token class is CONCAT_L and next is CONCAT_R, concatenation */
+ /* operator is inserted between them */
+-#define TC_CONCAT1 (TC_VARIABLE | TC_ARRTERM | TC_SEQTERM \
+- | TC_STRING | TC_NUMBER | TC_UOPPOST)
+-#define TC_CONCAT2 (TC_OPERAND | TC_UOPPRE)
++#define TS_CONCAT_L (TC_VARIABLE | TC_ARRTERM | TC_RPAREN \
++ | TC_STRING | TC_NUMBER | TC_UOPPOST \
++ | TC_LENGTH)
++#define TS_CONCAT_R (TS_OPERAND | TS_UOPPRE)
+
+ #define OF_RES1 0x010000
+ #define OF_RES2 0x020000
+@@ -283,13 +315,12 @@ typedef struct tsplitter_s {
+ #define OF_CHECKED 0x200000
+ #define OF_REQUIRED 0x400000
+
+-
+ /* combined operator flags */
+ #define xx 0
+ #define xV OF_RES2
+ #define xS (OF_RES2 | OF_STR2)
+ #define Vx OF_RES1
+-#define Rx (OF_RES1 | OF_NUM1 | OF_REQUIRED)
++#define Rx OF_REQUIRED
+ #define VV (OF_RES1 | OF_RES2)
+ #define Nx (OF_RES1 | OF_NUM1)
+ #define NV (OF_RES1 | OF_NUM1 | OF_RES2)
+@@ -301,8 +332,7 @@ typedef struct tsplitter_s {
+ #define OPNMASK 0x007F
+
+ /* operator priority is a highest byte (even: r->l, odd: l->r grouping)
+- * For builtins it has different meaning: n n s3 s2 s1 v3 v2 v1,
+- * n - min. number of args, vN - resolve Nth arg to var, sN - resolve to string
++ * (for builtins it has different meaning)
+ */
+ #undef P
+ #undef PRIMASK
+@@ -312,10 +342,8 @@ typedef struct tsplitter_s {
+ #define PRIMASK2 0x7E000000
+
+ /* Operation classes */
+-
+ #define SHIFT_TIL_THIS 0x0600
+ #define RECUR_FROM_THIS 0x1000
+-
+ enum {
+ OC_DELETE = 0x0100, OC_EXEC = 0x0200, OC_NEWSOURCE = 0x0300,
+ OC_PRINT = 0x0400, OC_PRINTF = 0x0500, OC_WALKINIT = 0x0600,
+@@ -357,8 +385,8 @@ enum {
+ #define NTCC '\377'
+
+ static const char tokenlist[] ALIGN1 =
+- "\1(" NTC /* TC_SEQSTART */
+- "\1)" NTC /* TC_SEQTERM */
++ "\1(" NTC /* TC_LPAREN */
++ "\1)" NTC /* TC_RPAREN */
+ "\1/" NTC /* TC_REGEXP */
+ "\2>>" "\1>" "\1|" NTC /* TC_OUTRDR */
+ "\2++" "\2--" NTC /* TC_UOPPOST */
+@@ -375,8 +403,8 @@ static const char tokenlist[] ALIGN1 =
+ "\1|" NTC /* TC_PIPE */
+ "\1+" "\1-" "\1!" NTC /* TC_UOPPRE2 */
+ "\1]" NTC /* TC_ARRTERM */
+- "\1{" NTC /* TC_GRPSTART */
+- "\1}" NTC /* TC_GRPTERM */
++ "\1{" NTC /* TC_LBRACE */
++ "\1}" NTC /* TC_RBRACE */
+ "\1;" NTC /* TC_SEMICOL */
+ "\1\n" NTC /* TC_NEWLINE */
+ "\2if" "\2do" "\3for" "\5break" /* TC_STATX */
+@@ -390,7 +418,7 @@ static const char tokenlist[] ALIGN1 =
+ "\5close" "\6system" "\6fflush" "\5atan2"
+ "\3cos" "\3exp" "\3int" "\3log"
+ "\4rand" "\3sin" "\4sqrt" "\5srand"
+- "\6gensub" "\4gsub" "\5index" /* "\6length" was here */
++ "\6gensub" "\4gsub" "\5index" /* "\6length" was here */
+ "\5match" "\5split" "\7sprintf" "\3sub"
+ "\6substr" "\7systime" "\10strftime" "\6mktime"
+ "\7tolower" "\7toupper" NTC
+@@ -402,25 +430,32 @@ static const char tokenlist[] ALIGN1 =
+ /* compiler adds trailing "\0" */
+ ;
+
+-#define OC_B OC_BUILTIN
+-
+-static const uint32_t tokeninfo[] = {
++static const uint32_t tokeninfo[] ALIGN4 = {
+ 0,
+ 0,
+- OC_REGEXP,
++#define TI_REGEXP OC_REGEXP
++ TI_REGEXP,
+ xS|'a', xS|'w', xS|'|',
+ OC_UNARY|xV|P(9)|'p', OC_UNARY|xV|P(9)|'m',
+- OC_UNARY|xV|P(9)|'P', OC_UNARY|xV|P(9)|'M', OC_FIELD|xV|P(5),
++#define TI_PREINC (OC_UNARY|xV|P(9)|'P')
++#define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
++ TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5),
+ OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(74), OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
+ OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
+ OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
+ OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*',
+ OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1,
+- OC_COMPARE|VV|P(39)|2, OC_MATCH|Sx|P(45)|'!', OC_MATCH|Sx|P(45)|'~', OC_LAND|Vx|P(55),
+- OC_LOR|Vx|P(59), OC_TERNARY|Vx|P(64)|'?', OC_COLON|xx|P(67)|':',
+- OC_IN|SV|P(49), /* TC_IN */
+- OC_COMMA|SS|P(80),
+- OC_PGETLINE|SV|P(37),
++#define TI_LESS (OC_COMPARE|VV|P(39)|2)
++ TI_LESS, OC_MATCH|Sx|P(45)|'!', OC_MATCH|Sx|P(45)|'~', OC_LAND|Vx|P(55),
++#define TI_TERNARY (OC_TERNARY|Vx|P(64)|'?')
++#define TI_COLON (OC_COLON|xx|P(67)|':')
++ OC_LOR|Vx|P(59), TI_TERNARY, TI_COLON,
++#define TI_IN (OC_IN|SV|P(49))
++ TI_IN,
++#define TI_COMMA (OC_COMMA|SS|P(80))
++ TI_COMMA,
++#define TI_PGETLINE (OC_PGETLINE|SV|P(37))
++ TI_PGETLINE,
+ OC_UNARY|xV|P(19)|'+', OC_UNARY|xV|P(19)|'-', OC_UNARY|xV|P(19)|'!',
+ 0, /* ] */
+ 0,
+@@ -433,20 +468,45 @@ static const uint32_t tokeninfo[] = {
+ OC_RETURN|Vx, OC_EXIT|Nx,
+ ST_WHILE,
+ 0, /* else */
+- OC_B|B_an|P(0x83), OC_B|B_co|P(0x41), OC_B|B_ls|P(0x83), OC_B|B_or|P(0x83),
+- OC_B|B_rs|P(0x83), OC_B|B_xo|P(0x83),
+- OC_FBLTIN|Sx|F_cl, OC_FBLTIN|Sx|F_sy, OC_FBLTIN|Sx|F_ff, OC_B|B_a2|P(0x83),
+- OC_FBLTIN|Nx|F_co, OC_FBLTIN|Nx|F_ex, OC_FBLTIN|Nx|F_in, OC_FBLTIN|Nx|F_lg,
+- OC_FBLTIN|F_rn, OC_FBLTIN|Nx|F_si, OC_FBLTIN|Nx|F_sq, OC_FBLTIN|Nx|F_sr,
+- OC_B|B_ge|P(0xd6), OC_B|B_gs|P(0xb6), OC_B|B_ix|P(0x9b), /* OC_FBLTIN|Sx|F_le, was here */
+- OC_B|B_ma|P(0x89), OC_B|B_sp|P(0x8b), OC_SPRINTF, OC_B|B_su|P(0xb6),
+- OC_B|B_ss|P(0x8f), OC_FBLTIN|F_ti, OC_B|B_ti|P(0x0b), OC_B|B_mt|P(0x0b),
+- OC_B|B_lo|P(0x49), OC_B|B_up|P(0x49),
+- OC_FBLTIN|Sx|F_le, /* TC_LENGTH */
+- OC_GETLINE|SV|P(0),
+- 0, 0,
+- 0,
+- 0 /* TC_END */
++// OC_B's are builtins with enforced minimum number of arguments (two upper bits).
++// Highest byte bit pattern: nn s3s2s1 v3v2v1
++// nn - min. number of args, sN - resolve Nth arg to string, vN - resolve to var
++// OC_F's are builtins with zero or one argument.
++// |Rx| enforces that arg is present for: system, close, cos, sin, exp, int, log, sqrt
++// Check for no args is present in builtins' code (not in this table): rand, systime
++// Have one _optional_ arg: fflush, srand, length
++#define OC_B OC_BUILTIN
++#define OC_F OC_FBLTIN
++#define A1 P(0x40) /*one arg*/
++#define A2 P(0x80) /*two args*/
++#define A3 P(0xc0) /*three args*/
++#define __v P(1)
++#define _vv P(3)
++#define __s__v P(9)
++#define __s_vv P(0x0b)
++#define __svvv P(0x0f)
++#define _ss_vv P(0x1b)
++#define _s_vv_ P(0x16)
++#define ss_vv_ P(0x36)
++ OC_B|B_an|_vv|A2, OC_B|B_co|__v|A1, OC_B|B_ls|_vv|A2, OC_B|B_or|_vv|A2, // and compl lshift or
++ OC_B|B_rs|_vv|A2, OC_B|B_xo|_vv|A2, // rshift xor
++ OC_F|F_cl|Sx|Rx, OC_F|F_sy|Sx|Rx, OC_F|F_ff|Sx, OC_B|B_a2|_vv|A2, // close system fflush atan2
++ OC_F|F_co|Nx|Rx, OC_F|F_ex|Nx|Rx, OC_F|F_in|Nx|Rx, OC_F|F_lg|Nx|Rx, // cos exp int log
++ OC_F|F_rn, OC_F|F_si|Nx|Rx, OC_F|F_sq|Nx|Rx, OC_F|F_sr|Nx, // rand sin sqrt srand
++ OC_B|B_ge|_s_vv_|A3,OC_B|B_gs|ss_vv_|A2,OC_B|B_ix|_ss_vv|A2, // gensub gsub index /*length was here*/
++ OC_B|B_ma|__s__v|A2,OC_B|B_sp|__s_vv|A2,OC_SPRINTF, OC_B|B_su|ss_vv_|A2,// match split sprintf sub
++ OC_B|B_ss|__svvv|A2,OC_F|F_ti, OC_B|B_ti|__s_vv, OC_B|B_mt|__s_vv, // substr systime strftime mktime
++ OC_B|B_lo|__s__v|A1,OC_B|B_up|__s__v|A1, // tolower toupper
++ OC_F|F_le|Sx, // length
++ OC_GETLINE|SV, // getline
++ 0, 0, // func function
++ 0, // BEGIN
++ 0 // END
++#undef A1
++#undef A2
++#undef A3
++#undef OC_B
++#undef OC_F
+ };
+
+ /* internal variable names and their initial values */
+@@ -487,21 +547,29 @@ struct globals {
+ chain *seq;
+ node *break_ptr, *continue_ptr;
+ rstream *iF;
+- xhash *vhash, *ahash, *fdhash, *fnhash;
++ xhash *ahash; /* argument names, used only while parsing function bodies */
++ xhash *fnhash; /* function names, used only in parsing stage */
++ xhash *vhash; /* variables and arrays */
++ //xhash *fdhash; /* file objects, used only in execution stage */
++ //we are reusing ahash as fdhash, via define (see later)
+ const char *g_progname;
+ int g_lineno;
+ int nfields;
+ int maxfields; /* used in fsrealloc() only */
+ var *Fields;
+- nvblock *g_cb;
+ char *g_pos;
+- char *g_buf;
++ char g_saved_ch;
+ smallint icase;
+ smallint exiting;
+ smallint nextrec;
+ smallint nextfile;
+ smallint is_f0_split;
+ smallint t_rollback;
++
++ /* former statics from various functions */
++ smallint next_token__concat_inserted;
++ uint32_t next_token__save_tclass;
++ uint32_t next_token__save_info;
+ };
+ struct globals2 {
+ uint32_t t_info; /* often used */
+@@ -514,32 +582,35 @@ struct globals2 {
+ /* former statics from various functions */
+ char *split_f0__fstrings;
+
+- uint32_t next_token__save_tclass;
+- uint32_t next_token__save_info;
+- uint32_t next_token__ltclass;
+- smallint next_token__concat_inserted;
+-
+- smallint next_input_file__files_happen;
+ rstream next_input_file__rsm;
++ smallint next_input_file__files_happen;
++
++ smalluint exitcode;
+
+- var *evaluate__fnargs;
+ unsigned evaluate__seed;
++ var *evaluate__fnargs;
+ regex_t evaluate__sreg;
+
+- var ptest__v;
++ var ptest__tmpvar;
++ var awk_printf__tmpvar;
++ var as_regex__tmpvar;
++ var exit__tmpvar;
++ var main__tmpvar;
+
+ tsplitter exec_builtin__tspl;
+
+ /* biggest and least used members go last */
+ tsplitter fsplitter, rsplitter;
++
++ char g_buf[MAXVARFMT + 1];
+ };
+ #define G1 (ptr_to_globals[-1])
+ #define G (*(struct globals2 *)ptr_to_globals)
+ /* For debug. nm --size-sort awk.o | grep -vi ' [tr] ' */
+-/*char G1size[sizeof(G1)]; - 0x74 */
+-/*char Gsize[sizeof(G)]; - 0x1c4 */
++//char G1size[sizeof(G1)]; // 0x70
++//char Gsize[sizeof(G)]; // 0x2f8
+ /* Trying to keep most of members accessible with short offsets: */
+-/*char Gofs_seed[offsetof(struct globals2, evaluate__seed)]; - 0x90 */
++//char Gofs_seed[offsetof(struct globals2, evaluate__seed)]; // 0x7c
+ #define t_double (G1.t_double )
+ #define beginseq (G1.beginseq )
+ #define mainseq (G1.mainseq )
+@@ -548,18 +619,20 @@ struct globals2 {
+ #define break_ptr (G1.break_ptr )
+ #define continue_ptr (G1.continue_ptr)
+ #define iF (G1.iF )
+-#define vhash (G1.vhash )
+ #define ahash (G1.ahash )
+-#define fdhash (G1.fdhash )
+ #define fnhash (G1.fnhash )
++#define vhash (G1.vhash )
++#define fdhash ahash
++//^^^^^^^^^^^^^^^^^^ ahash is cleared after every function parsing,
++// and ends up empty after parsing phase. Thus, we can simply reuse it
++// for fdhash in execution stage.
+ #define g_progname (G1.g_progname )
+ #define g_lineno (G1.g_lineno )
+ #define nfields (G1.nfields )
+ #define maxfields (G1.maxfields )
+ #define Fields (G1.Fields )
+-#define g_cb (G1.g_cb )
+ #define g_pos (G1.g_pos )
+-#define g_buf (G1.g_buf )
++#define g_saved_ch (G1.g_saved_ch )
+ #define icase (G1.icase )
+ #define exiting (G1.exiting )
+ #define nextrec (G1.nextrec )
+@@ -573,25 +646,13 @@ struct globals2 {
+ #define intvar (G.intvar )
+ #define fsplitter (G.fsplitter )
+ #define rsplitter (G.rsplitter )
++#define g_buf (G.g_buf )
+ #define INIT_G() do { \
+ SET_PTR_TO_GLOBALS((char*)xzalloc(sizeof(G1)+sizeof(G)) + sizeof(G1)); \
+- G.next_token__ltclass = TC_OPTERM; \
++ t_tclass = TC_NEWLINE; \
+ G.evaluate__seed = 1; \
+ } while (0)
+
+-
+-/* function prototypes */
+-static void handle_special(var *);
+-static node *parse_expr(uint32_t);
+-static void chain_group(void);
+-static var *evaluate(node *, var *);
+-static rstream *next_input_file(void);
+-static int fmt_num(char *, int, const char *, double, int);
+-static int awk_exit(int) NORETURN;
+-
+-/* ---- error handling ---- */
+-
+-static const char EMSG_INTERNAL_ERROR[] ALIGN1 = "Internal error";
+ static const char EMSG_UNEXP_EOS[] ALIGN1 = "Unexpected end of string";
+ static const char EMSG_UNEXP_TOKEN[] ALIGN1 = "Unexpected token";
+ static const char EMSG_DIV_BY_ZERO[] ALIGN1 = "Division by zero";
+@@ -603,10 +664,7 @@ static const char EMSG_UNDEF_FUNC[] ALIGN1 = "Call to undefined function";
+ static const char EMSG_NO_MATH[] ALIGN1 = "Math support is not compiled in";
+ static const char EMSG_NEGATIVE_FIELD[] ALIGN1 = "Access to negative field";
+
+-static void zero_out_var(var *vp)
+-{
+- memset(vp, 0, sizeof(*vp));
+-}
++static int awk_exit(void) NORETURN;
+
+ static void syntax_error(const char *message) NORETURN;
+ static void syntax_error(const char *message)
+@@ -637,12 +695,40 @@ static xhash *hash_init(void)
+ return newhash;
+ }
+
++static void hash_clear(xhash *hash)
++{
++ unsigned i;
++ hash_item *hi, *thi;
++
++ for (i = 0; i < hash->csize; i++) {
++ hi = hash->items[i];
++ while (hi) {
++ thi = hi;
++ hi = hi->next;
++//FIXME: this assumes that it's a hash of *variables*:
++ free(thi->data.v.string);
++ free(thi);
++ }
++ hash->items[i] = NULL;
++ }
++ hash->glen = hash->nel = 0;
++}
++
++#if 0 //UNUSED
++static void hash_free(xhash *hash)
++{
++ hash_clear(hash);
++ free(hash->items);
++ free(hash);
++}
++#endif
++
+ /* find item in hash, return ptr to data, NULL if not found */
+-static void *hash_search(xhash *hash, const char *name)
++static NOINLINE void *hash_search3(xhash *hash, const char *name, unsigned idx)
+ {
+ hash_item *hi;
+
+- hi = hash->items[hashidx(name) % hash->csize];
++ hi = hash->items[idx % hash->csize];
+ while (hi) {
+ if (strcmp(hi->name, name) == 0)
+ return &hi->data;
+@@ -651,6 +737,11 @@ static void *hash_search(xhash *hash, const char *name)
+ return NULL;
+ }
+
++static void *hash_search(xhash *hash, const char *name)
++{
++ return hash_search3(hash, name, hashidx(name));
++}
++
+ /* grow hash if it becomes too big */
+ static void hash_rebuild(xhash *hash)
+ {
+@@ -686,16 +777,17 @@ static void *hash_find(xhash *hash, const char *name)
+ unsigned idx;
+ int l;
+
+- hi = hash_search(hash, name);
++ idx = hashidx(name);
++ hi = hash_search3(hash, name, idx);
+ if (!hi) {
+- if (++hash->nel / hash->csize > 10)
++ if (++hash->nel > hash->csize * 8)
+ hash_rebuild(hash);
+
+ l = strlen(name) + 1;
+ hi = xzalloc(sizeof(*hi) + l);
+ strcpy(hi->name, name);
+
+- idx = hashidx(name) % hash->csize;
++ idx = idx % hash->csize;
+ hi->next = hash->items[idx];
+ hash->items[idx] = hi;
+ hash->glen += l;
+@@ -730,7 +822,7 @@ static void hash_remove(xhash *hash, const char *name)
+
+ static char *skip_spaces(char *p)
+ {
+- while (1) {
++ for (;;) {
+ if (*p == '\\' && p[1] == '\n') {
+ p++;
+ t_lineno++;
+@@ -746,8 +838,10 @@ static char *skip_spaces(char *p)
+ static char *nextword(char **s)
+ {
+ char *p = *s;
+- while (*(*s)++ != '\0')
++ char *q = p;
++ while (*q++ != '\0')
+ continue;
++ *s = q;
+ return p;
+ }
+
+@@ -810,10 +904,27 @@ static double my_strtod(char **pp)
+
+ /* -------- working with variables (set/get/copy/etc) -------- */
+
+-static xhash *iamarray(var *v)
++static void fmt_num(const char *format, double n)
+ {
+- var *a = v;
++ if (n == (long long)n) {
++ snprintf(g_buf, MAXVARFMT, "%lld", (long long)n);
++ } else {
++ const char *s = format;
++ char c;
++
++ do { c = *s; } while (c && *++s);
++ if (strchr("diouxX", c)) {
++ snprintf(g_buf, MAXVARFMT, format, (int)n);
++ } else if (strchr("eEfFgGaA", c)) {
++ snprintf(g_buf, MAXVARFMT, format, n);
++ } else {
++ syntax_error(EMSG_INV_FMT);
++ }
++ }
++}
+
++static xhash *iamarray(var *a)
++{
+ while (a->type & VF_CHILD)
+ a = a->x.parent;
+
+@@ -824,23 +935,7 @@ static xhash *iamarray(var *v)
+ return a->x.array;
+ }
+
+-static void clear_array(xhash *array)
+-{
+- unsigned i;
+- hash_item *hi, *thi;
+-
+- for (i = 0; i < array->csize; i++) {
+- hi = array->items[i];
+- while (hi) {
+- thi = hi;
+- hi = hi->next;
+- free(thi->data.v.string);
+- free(thi);
+- }
+- array->items[i] = NULL;
+- }
+- array->glen = array->nel = 0;
+-}
++#define clear_array(array) hash_clear(array)
+
+ /* clear a variable */
+ static var *clrvar(var *v)
+@@ -854,6 +949,8 @@ static var *clrvar(var *v)
+ return v;
+ }
+
++static void handle_special(var *);
++
+ /* assign string value to variable */
+ static var *setvar_p(var *v, char *value)
+ {
+@@ -900,7 +997,7 @@ static const char *getvar_s(var *v)
+ {
+ /* if v is numeric and has no cached string, convert it to string */
+ if ((v->type & (VF_NUMBER | VF_CACHED)) == VF_NUMBER) {
+- fmt_num(g_buf, MAXVARFMT, getvar_s(intvar[CONVFMT]), v->number, TRUE);
++ fmt_num(getvar_s(intvar[CONVFMT]), v->number);
+ v->string = xstrdup(g_buf);
+ v->type |= VF_CACHED;
+ }
+@@ -919,6 +1016,7 @@ static double getvar_i(var *v)
+ v->number = my_strtod(&s);
+ debug_printf_eval("%f (s:'%s')\n", v->number, s);
+ if (v->type & VF_USER) {
++//TODO: skip_spaces() also skips backslash+newline, is it intended here?
+ s = skip_spaces(s);
+ if (*s != '\0')
+ v->type &= ~VF_USER;
+@@ -980,103 +1078,43 @@ static int istrue(var *v)
+ return (v->string && v->string[0]);
+ }
+
+-/* temporary variables allocator. Last allocated should be first freed */
+-static var *nvalloc(int n)
+-{
+- nvblock *pb = NULL;
+- var *v, *r;
+- int size;
+-
+- while (g_cb) {
+- pb = g_cb;
+- if ((g_cb->pos - g_cb->nv) + n <= g_cb->size)
+- break;
+- g_cb = g_cb->next;
+- }
+-
+- if (!g_cb) {
+- size = (n <= MINNVBLOCK) ? MINNVBLOCK : n;
+- g_cb = xzalloc(sizeof(nvblock) + size * sizeof(var));
+- g_cb->size = size;
+- g_cb->pos = g_cb->nv;
+- g_cb->prev = pb;
+- /*g_cb->next = NULL; - xzalloc did it */
+- if (pb)
+- pb->next = g_cb;
+- }
+-
+- v = r = g_cb->pos;
+- g_cb->pos += n;
+-
+- while (v < g_cb->pos) {
+- v->type = 0;
+- v->string = NULL;
+- v++;
+- }
+-
+- return r;
+-}
+-
+-static void nvfree(var *v)
+-{
+- var *p;
+-
+- if (v < g_cb->nv || v >= g_cb->pos)
+- syntax_error(EMSG_INTERNAL_ERROR);
+-
+- for (p = v; p < g_cb->pos; p++) {
+- if ((p->type & (VF_ARRAY | VF_CHILD)) == VF_ARRAY) {
+- clear_array(iamarray(p));
+- free(p->x.array->items);
+- free(p->x.array);
+- }
+- if (p->type & VF_WALK) {
+- walker_list *n;
+- walker_list *w = p->x.walker;
+- debug_printf_walker("nvfree: freeing walker @%p\n", &p->x.walker);
+- p->x.walker = NULL;
+- while (w) {
+- n = w->prev;
+- debug_printf_walker(" free(%p)\n", w);
+- free(w);
+- w = n;
+- }
+- }
+- clrvar(p);
+- }
+-
+- g_cb->pos = v;
+- while (g_cb->prev && g_cb->pos == g_cb->nv) {
+- g_cb = g_cb->prev;
+- }
+-}
+-
+ /* ------- awk program text parsing ------- */
+
+-/* Parse next token pointed by global pos, place results into global ttt.
+- * If token isn't expected, give away. Return token class
++/* Parse next token pointed by global pos, place results into global t_XYZ variables.
++ * If token isn't expected, print error message and die.
++ * Return token class (also store it in t_tclass).
+ */
+ static uint32_t next_token(uint32_t expected)
+ {
+-#define concat_inserted (G.next_token__concat_inserted)
+-#define save_tclass (G.next_token__save_tclass)
+-#define save_info (G.next_token__save_info)
+-/* Initialized to TC_OPTERM: */
+-#define ltclass (G.next_token__ltclass)
++#define concat_inserted (G1.next_token__concat_inserted)
++#define save_tclass (G1.next_token__save_tclass)
++#define save_info (G1.next_token__save_info)
+
+- char *p, *s;
++ char *p;
+ const char *tl;
+- uint32_t tc;
+ const uint32_t *ti;
++ uint32_t tc, last_token_class;
++
++ last_token_class = t_tclass; /* t_tclass is initialized to TC_NEWLINE */
++
++ debug_printf_parse("%s() expected(%x):", __func__, expected);
++ debug_parse_print_tc(expected);
++ debug_printf_parse("\n");
+
+ if (t_rollback) {
++ debug_printf_parse("%s: using rolled-back token\n", __func__);
+ t_rollback = FALSE;
+ } else if (concat_inserted) {
++ debug_printf_parse("%s: using concat-inserted token\n", __func__);
+ concat_inserted = FALSE;
+ t_tclass = save_tclass;
+ t_info = save_info;
+ } else {
+ p = g_pos;
++ if (g_saved_ch != '\0') {
++ *p = g_saved_ch;
++ g_saved_ch = '\0';
++ }
+ readnext:
+ p = skip_spaces(p);
+ g_lineno = t_lineno;
+@@ -1084,15 +1122,12 @@ static uint32_t next_token(uint32_t expected)
+ while (*p != '\n' && *p != '\0')
+ p++;
+
+- if (*p == '\n')
+- t_lineno++;
+-
+ if (*p == '\0') {
+ tc = TC_EOF;
+ debug_printf_parse("%s: token found: TC_EOF\n", __func__);
+ } else if (*p == '\"') {
+ /* it's a string */
+- t_string = s = ++p;
++ char *s = t_string = ++p;
+ while (*p != '\"') {
+ char *pp;
+ if (*p == '\0' || *p == '\n')
+@@ -1107,7 +1142,7 @@ static uint32_t next_token(uint32_t expected)
+ debug_printf_parse("%s: token found:'%s' TC_STRING\n", __func__, t_string);
+ } else if ((expected & TC_REGEXP) && *p == '/') {
+ /* it's regexp */
+- t_string = s = ++p;
++ char *s = t_string = ++p;
+ while (*p != '/') {
+ if (*p == '\0' || *p == '\n')
+ syntax_error(EMSG_UNEXP_EOS);
+@@ -1138,6 +1173,11 @@ static uint32_t next_token(uint32_t expected)
+ tc = TC_NUMBER;
+ debug_printf_parse("%s: token found:%f TC_NUMBER\n", __func__, t_double);
+ } else {
++ char *end_of_name;
++
++ if (*p == '\n')
++ t_lineno++;
++
+ /* search for something known */
+ tl = tokenlist;
+ tc = 0x00000001;
+@@ -1152,9 +1192,9 @@ static uint32_t next_token(uint32_t expected)
+ * token matches,
+ * and it's not a longer word,
+ */
+- if ((tc & (expected | TC_WORD | TC_NEWLINE))
++ if ((tc & (expected | TS_WORD | TC_NEWLINE))
+ && strncmp(p, tl, l) == 0
+- && !((tc & TC_WORD) && isalnum_(p[l]))
++ && !((tc & TS_WORD) && isalnum_(p[l]))
+ ) {
+ /* then this is what we are looking for */
+ t_info = *ti;
+@@ -1171,61 +1211,94 @@ static uint32_t next_token(uint32_t expected)
+ if (!isalnum_(*p))
+ syntax_error(EMSG_UNEXP_TOKEN); /* no */
+ /* yes */
+- t_string = --p;
+- while (isalnum_(*++p)) {
+- p[-1] = *p;
+- }
+- p[-1] = '\0';
+- tc = TC_VARIABLE;
+- /* also consume whitespace between functionname and bracket */
+- if (!(expected & TC_VARIABLE) || (expected & TC_ARRAY))
++ t_string = p;
++ while (isalnum_(*p))
++ p++;
++ end_of_name = p;
++
++ if (last_token_class == TC_FUNCDECL)
++ /* eat space in "function FUNC (...) {...}" declaration */
+ p = skip_spaces(p);
++ else if (expected & TC_ARRAY) {
++ /* eat space between array name and [ */
++ char *s = skip_spaces(p);
++ if (*s == '[') /* array ref, not just a name? */
++ p = s;
++ }
++ /* else: do NOT consume whitespace after variable name!
++ * gawk allows definition "function FUNC (p) {...}" - note space,
++ * but disallows the call "FUNC (p)" because it isn't one -
++ * expression "v (a)" should NOT be parsed as TC_FUNCTION:
++ * it is a valid concatenation if "v" is a variable,
++ * not a function name (and type of name is not known at parse time).
++ */
++
+ if (*p == '(') {
++ p++;
+ tc = TC_FUNCTION;
+ debug_printf_parse("%s: token found:'%s' TC_FUNCTION\n", __func__, t_string);
++ } else if (*p == '[') {
++ p++;
++ tc = TC_ARRAY;
++ debug_printf_parse("%s: token found:'%s' TC_ARRAY\n", __func__, t_string);
+ } else {
+- if (*p == '[') {
+- p++;
+- tc = TC_ARRAY;
+- debug_printf_parse("%s: token found:'%s' TC_ARRAY\n", __func__, t_string);
+- } else
+- debug_printf_parse("%s: token found:'%s' TC_VARIABLE\n", __func__, t_string);
++ tc = TC_VARIABLE;
++ debug_printf_parse("%s: token found:'%s' TC_VARIABLE\n", __func__, t_string);
++ if (end_of_name == p) {
++ /* there is no space for trailing NUL in t_string!
++ * We need to save the char we are going to NUL.
++ * (we'll use it in future call to next_token())
++ */
++ g_saved_ch = *end_of_name;
++// especially pathological example is V="abc"; V.2 - it's V concatenated to .2
++// (it evaluates to "abc0.2"). Because of this case, we can't simply cache
++// '.' and analyze it later: we also have to *store it back* in next
++// next_token(), in order to give my_strtod() the undamaged ".2" string.
++ }
+ }
++ *end_of_name = '\0'; /* terminate t_string */
+ }
+ token_found:
+ g_pos = p;
+
+ /* skipping newlines in some cases */
+- if ((ltclass & TC_NOTERM) && (tc & TC_NEWLINE))
++ if ((last_token_class & TS_NOTERM) && (tc & TC_NEWLINE))
+ goto readnext;
+
+ /* insert concatenation operator when needed */
+- if ((ltclass & TC_CONCAT1) && (tc & TC_CONCAT2) && (expected & TC_BINOP)) {
++ debug_printf_parse("%s: concat_inserted if all nonzero: %x %x %x %x\n", __func__,
++ (last_token_class & TS_CONCAT_L), (tc & TS_CONCAT_R), (expected & TS_BINOP),
++ !(last_token_class == TC_LENGTH && tc == TC_LPAREN));
++ if ((last_token_class & TS_CONCAT_L) && (tc & TS_CONCAT_R) && (expected & TS_BINOP)
++ && !(last_token_class == TC_LENGTH && tc == TC_LPAREN) /* but not for "length(..." */
++ ) {
+ concat_inserted = TRUE;
+ save_tclass = tc;
+ save_info = t_info;
+- tc = TC_BINOP;
++ tc = TC_BINOPX;
+ t_info = OC_CONCAT | SS | P(35);
+ }
+
+ t_tclass = tc;
++ debug_printf_parse("%s: t_tclass=tc=%x\n", __func__, tc);
+ }
+- ltclass = t_tclass;
+-
+ /* Are we ready for this? */
+- if (!(ltclass & expected)) {
+- syntax_error((ltclass & (TC_NEWLINE | TC_EOF)) ?
++ if (!(t_tclass & expected)) {
++ syntax_error((last_token_class & (TC_NEWLINE | TC_EOF)) ?
+ EMSG_UNEXP_EOS : EMSG_UNEXP_TOKEN);
+ }
+
+- return ltclass;
++ debug_printf_parse("%s: returning, t_double:%f t_tclass:", __func__, t_double);
++ debug_parse_print_tc(t_tclass);
++ debug_printf_parse("\n");
++
++ return t_tclass;
+ #undef concat_inserted
+ #undef save_tclass
+ #undef save_info
+-#undef ltclass
+ }
+
+-static void rollback_token(void)
++static ALWAYS_INLINE void rollback_token(void)
+ {
+ t_rollback = TRUE;
+ }
+@@ -1242,162 +1315,188 @@ static node *new_node(uint32_t info)
+
+ static void mk_re_node(const char *s, node *n, regex_t *re)
+ {
+- n->info = OC_REGEXP;
++ n->info = TI_REGEXP;
+ n->l.re = re;
+ n->r.ire = re + 1;
+ xregcomp(re, s, REG_EXTENDED);
+ xregcomp(re + 1, s, REG_EXTENDED | REG_ICASE);
+ }
+
+-static node *condition(void)
++static node *parse_expr(uint32_t);
++
++static node *parse_lrparen_list(void)
+ {
+- next_token(TC_SEQSTART);
+- return parse_expr(TC_SEQTERM);
++ next_token(TC_LPAREN);
++ return parse_expr(TC_RPAREN);
+ }
+
+ /* parse expression terminated by given argument, return ptr
+ * to built subtree. Terminator is eaten by parse_expr */
+-static node *parse_expr(uint32_t iexp)
++static node *parse_expr(uint32_t term_tc)
+ {
+ node sn;
+ node *cn = &sn;
+ node *vn, *glptr;
+- uint32_t tc, xtc;
++ uint32_t tc, expected_tc;
+ var *v;
+
+- debug_printf_parse("%s(%x)\n", __func__, iexp);
++ debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
++ debug_parse_print_tc(term_tc);
++ debug_printf_parse("\n");
+
+ sn.info = PRIMASK;
+ sn.r.n = sn.a.n = glptr = NULL;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP | iexp;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc;
+
+- while (!((tc = next_token(xtc)) & iexp)) {
++ while (!((tc = next_token(expected_tc)) & term_tc)) {
+
+- if (glptr && (t_info == (OC_COMPARE | VV | P(39) | 2))) {
++ if (glptr && (t_info == TI_LESS)) {
+ /* input redirection (<) attached to glptr node */
+ debug_printf_parse("%s: input redir\n", __func__);
+ cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37));
+ cn->a.n = glptr;
+- xtc = TC_OPERAND | TC_UOPPRE;
++ expected_tc = TS_OPERAND | TS_UOPPRE;
+ glptr = NULL;
+-
+- } else if (tc & (TC_BINOP | TC_UOPPOST)) {
+- debug_printf_parse("%s: TC_BINOP | TC_UOPPOST\n", __func__);
++ continue;
++ }
++ if (tc & (TS_BINOP | TC_UOPPOST)) {
++ debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
+ /* for binary and postfix-unary operators, jump back over
+ * previous operators with higher priority */
+ vn = cn;
+ while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
+- || ((t_info == vn->info) && ((t_info & OPCLSMASK) == OC_COLON))
++ || ((t_info == vn->info) && t_info == TI_COLON)
+ ) {
+ vn = vn->a.n;
+ if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
+ }
+- if ((t_info & OPCLSMASK) == OC_TERNARY)
++ if (t_info == TI_TERNARY)
++//TODO: why?
+ t_info += P(6);
+ cn = vn->a.n->r.n = new_node(t_info);
+ cn->a.n = vn->a.n;
+- if (tc & TC_BINOP) {
++ if (tc & TS_BINOP) {
+ cn->l.n = vn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP;
+- if ((t_info & OPCLSMASK) == OC_PGETLINE) {
++//FIXME: this is the place to detect and reject assignments to non-lvalues.
++//Currently we allow "assignments" to consts and temporaries, nonsense like this:
++// awk 'BEGIN { "qwe" = 1 }'
++// awk 'BEGIN { 7 *= 7 }'
++// awk 'BEGIN { length("qwe") = 1 }'
++// awk 'BEGIN { (1+1) += 3 }'
++ expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
++ if (t_info == TI_PGETLINE) {
+ /* it's a pipe */
+ next_token(TC_GETLINE);
+ /* give maximum priority to this pipe */
+ cn->info &= ~PRIMASK;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_BINOP | iexp;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TS_BINOP | term_tc;
+ }
+ } else {
+ cn->r.n = vn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_BINOP | iexp;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TS_BINOP | term_tc;
+ }
+ vn->a.n = cn;
++ continue;
++ }
+
+- } else {
+- debug_printf_parse("%s: other\n", __func__);
+- /* for operands and prefix-unary operators, attach them
+- * to last node */
+- vn = cn;
+- cn = vn->r.n = new_node(t_info);
+- cn->a.n = vn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP;
+- if (tc & (TC_OPERAND | TC_REGEXP)) {
+- debug_printf_parse("%s: TC_OPERAND | TC_REGEXP\n", __func__);
+- xtc = TC_UOPPRE | TC_UOPPOST | TC_BINOP | TC_OPERAND | iexp;
+- /* one should be very careful with switch on tclass -
+- * only simple tclasses should be used! */
+- switch (tc) {
+- case TC_VARIABLE:
+- case TC_ARRAY:
+- debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
+- cn->info = OC_VAR;
+- v = hash_search(ahash, t_string);
+- if (v != NULL) {
+- cn->info = OC_FNARG;
+- cn->l.aidx = v->x.aidx;
+- } else {
+- cn->l.v = newvar(t_string);
+- }
+- if (tc & TC_ARRAY) {
+- cn->info |= xS;
+- cn->r.n = parse_expr(TC_ARRTERM);
+- }
+- break;
++ debug_printf_parse("%s: other, t_info:%x\n", __func__, t_info);
++ /* for operands and prefix-unary operators, attach them
++ * to last node */
++ vn = cn;
++ cn = vn->r.n = new_node(t_info);
++ cn->a.n = vn;
+
+- case TC_NUMBER:
+- case TC_STRING:
+- debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
+- cn->info = OC_VAR;
+- v = cn->l.v = xzalloc(sizeof(var));
+- if (tc & TC_NUMBER)
+- setvar_i(v, t_double);
+- else
+- setvar_s(v, t_string);
+- break;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
++ if (t_info == TI_PREINC || t_info == TI_PREDEC)
++ expected_tc = TS_LVALUE | TC_UOPPRE1;
+
+- case TC_REGEXP:
+- debug_printf_parse("%s: TC_REGEXP\n", __func__);
+- mk_re_node(t_string, cn, xzalloc(sizeof(regex_t)*2));
+- break;
++ if (!(tc & (TS_OPERAND | TC_REGEXP)))
++ continue;
+
+- case TC_FUNCTION:
+- debug_printf_parse("%s: TC_FUNCTION\n", __func__);
+- cn->info = OC_FUNC;
+- cn->r.f = newfunc(t_string);
+- cn->l.n = condition();
+- break;
++ debug_printf_parse("%s: TS_OPERAND | TC_REGEXP\n", __func__);
++ expected_tc = TS_UOPPRE | TC_UOPPOST | TS_BINOP | TS_OPERAND | term_tc;
++ /* one should be very careful with switch on tclass -
++ * only simple tclasses should be used (TC_xyz, not TS_xyz) */
++ switch (tc) {
++ case TC_VARIABLE:
++ case TC_ARRAY:
++ debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
++ cn->info = OC_VAR;
++ v = hash_search(ahash, t_string);
++ if (v != NULL) {
++ cn->info = OC_FNARG;
++ cn->l.aidx = v->x.aidx;
++ } else {
++ cn->l.v = newvar(t_string);
++ }
++ if (tc & TC_ARRAY) {
++ cn->info |= xS;
++ cn->r.n = parse_expr(TC_ARRTERM);
++ }
++ break;
+
+- case TC_SEQSTART:
+- debug_printf_parse("%s: TC_SEQSTART\n", __func__);
+- cn = vn->r.n = parse_expr(TC_SEQTERM);
+- if (!cn)
+- syntax_error("Empty sequence");
+- cn->a.n = vn;
+- break;
++ case TC_NUMBER:
++ case TC_STRING:
++ debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
++ cn->info = OC_VAR;
++ v = cn->l.v = xzalloc(sizeof(var));
++ if (tc & TC_NUMBER)
++ setvar_i(v, t_double);
++ else {
++ setvar_s(v, t_string);
++ expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
++ }
++ break;
+
+- case TC_GETLINE:
+- debug_printf_parse("%s: TC_GETLINE\n", __func__);
+- glptr = cn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_BINOP | iexp;
+- break;
++ case TC_REGEXP:
++ debug_printf_parse("%s: TC_REGEXP\n", __func__);
++ mk_re_node(t_string, cn, xzalloc(sizeof(regex_t)*2));
++ break;
+
+- case TC_BUILTIN:
+- debug_printf_parse("%s: TC_BUILTIN\n", __func__);
+- cn->l.n = condition();
+- break;
++ case TC_FUNCTION:
++ debug_printf_parse("%s: TC_FUNCTION\n", __func__);
++ cn->info = OC_FUNC;
++ cn->r.f = newfunc(t_string);
++ cn->l.n = parse_expr(TC_RPAREN);
++ break;
+
+- case TC_LENGTH:
+- debug_printf_parse("%s: TC_LENGTH\n", __func__);
+- next_token(TC_SEQSTART | TC_OPTERM | TC_GRPTERM);
+- rollback_token();
+- if (t_tclass & TC_SEQSTART) {
+- /* It was a "(" token. Handle just like TC_BUILTIN */
+- cn->l.n = condition();
+- }
+- break;
+- }
++ case TC_LPAREN:
++ debug_printf_parse("%s: TC_LPAREN\n", __func__);
++ cn = vn->r.n = parse_expr(TC_RPAREN);
++ if (!cn)
++ syntax_error("Empty sequence");
++ cn->a.n = vn;
++ break;
++
++ case TC_GETLINE:
++ debug_printf_parse("%s: TC_GETLINE\n", __func__);
++ glptr = cn;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TS_BINOP | term_tc;
++ break;
++
++ case TC_BUILTIN:
++ debug_printf_parse("%s: TC_BUILTIN\n", __func__);
++ cn->l.n = parse_lrparen_list();
++ break;
++
++ case TC_LENGTH:
++ debug_printf_parse("%s: TC_LENGTH\n", __func__);
++ tc = next_token(TC_LPAREN /* length(...) */
++ | TC_SEMICOL /* length; */
++ | TC_NEWLINE /* length<newline> */
++ | TC_RBRACE /* length } */
++ | TC_BINOPX /* length <op> NUM */
++ | TC_COMMA /* print length, 1 */
++ );
++ if (tc != TC_LPAREN)
++ rollback_token();
++ else {
++ /* It was a "(" token. Handle just like TC_BUILTIN */
++ cn->l.n = parse_expr(TC_RPAREN);
+ }
++ break;
+ }
+- }
++ } /* while() */
+
+ debug_printf_parse("%s() returns %p\n", __func__, sn.r.n);
+ return sn.r.n;
+@@ -1414,7 +1513,7 @@ static node *chain_node(uint32_t info)
+ if (seq->programname != g_progname) {
+ seq->programname = g_progname;
+ n = chain_node(OC_NEWSOURCE);
+- n->l.new_progname = xstrdup(g_progname);
++ n->l.new_progname = g_progname;
+ }
+
+ n = seq->last;
+@@ -1430,14 +1529,16 @@ static void chain_expr(uint32_t info)
+
+ n = chain_node(info);
+
+- n->l.n = parse_expr(TC_OPTERM | TC_GRPTERM);
++ n->l.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_RBRACE);
+ if ((info & OF_REQUIRED) && !n->l.n)
+ syntax_error(EMSG_TOO_FEW_ARGS);
+
+- if (t_tclass & TC_GRPTERM)
++ if (t_tclass & TC_RBRACE)
+ rollback_token();
+ }
+
++static void chain_group(void);
++
+ static node *chain_loop(node *nn)
+ {
+ node *n, *n2, *save_brk, *save_cont;
+@@ -1461,207 +1562,284 @@ static node *chain_loop(node *nn)
+ return n;
+ }
+
++static void chain_until_rbrace(void)
++{
++ uint32_t tc;
++ while ((tc = next_token(TS_GRPSEQ | TC_RBRACE)) != TC_RBRACE) {
++ debug_printf_parse("%s: !TC_RBRACE\n", __func__);
++ if (tc == TC_NEWLINE)
++ continue;
++ rollback_token();
++ chain_group();
++ }
++ debug_printf_parse("%s: TC_RBRACE\n", __func__);
++}
++
+ /* parse group and attach it to chain */
+ static void chain_group(void)
+ {
+- uint32_t c;
++ uint32_t tc;
+ node *n, *n2, *n3;
+
+ do {
+- c = next_token(TC_GRPSEQ);
+- } while (c & TC_NEWLINE);
+-
+- if (c & TC_GRPSTART) {
+- debug_printf_parse("%s: TC_GRPSTART\n", __func__);
+- while (next_token(TC_GRPSEQ | TC_GRPTERM) != TC_GRPTERM) {
+- debug_printf_parse("%s: !TC_GRPTERM\n", __func__);
+- if (t_tclass & TC_NEWLINE)
+- continue;
+- rollback_token();
+- chain_group();
+- }
+- debug_printf_parse("%s: TC_GRPTERM\n", __func__);
+- } else if (c & (TC_OPSEQ | TC_OPTERM)) {
+- debug_printf_parse("%s: TC_OPSEQ | TC_OPTERM\n", __func__);
++ tc = next_token(TS_GRPSEQ);
++ } while (tc == TC_NEWLINE);
++
++ if (tc == TC_LBRACE) {
++ debug_printf_parse("%s: TC_LBRACE\n", __func__);
++ chain_until_rbrace();
++ return;
++ }
++ if (tc & (TS_OPSEQ | TC_SEMICOL)) {
++ debug_printf_parse("%s: TS_OPSEQ | TC_SEMICOL\n", __func__);
+ rollback_token();
+ chain_expr(OC_EXEC | Vx);
+- } else {
+- /* TC_STATEMNT */
+- debug_printf_parse("%s: TC_STATEMNT(?)\n", __func__);
+- switch (t_info & OPCLSMASK) {
+- case ST_IF:
+- debug_printf_parse("%s: ST_IF\n", __func__);
+- n = chain_node(OC_BR | Vx);
+- n->l.n = condition();
++ return;
++ }
++
++ /* TS_STATEMNT */
++ debug_printf_parse("%s: TS_STATEMNT(?)\n", __func__);
++ switch (t_info & OPCLSMASK) {
++ case ST_IF:
++ debug_printf_parse("%s: ST_IF\n", __func__);
++ n = chain_node(OC_BR | Vx);
++ n->l.n = parse_lrparen_list();
++ chain_group();
++ n2 = chain_node(OC_EXEC);
++ n->r.n = seq->last;
++ if (next_token(TS_GRPSEQ | TC_RBRACE | TC_ELSE) == TC_ELSE) {
+ chain_group();
+- n2 = chain_node(OC_EXEC);
+- n->r.n = seq->last;
+- if (next_token(TC_GRPSEQ | TC_GRPTERM | TC_ELSE) == TC_ELSE) {
+- chain_group();
+- n2->a.n = seq->last;
+- } else {
+- rollback_token();
+- }
+- break;
++ n2->a.n = seq->last;
++ } else {
++ rollback_token();
++ }
++ break;
+
+- case ST_WHILE:
+- debug_printf_parse("%s: ST_WHILE\n", __func__);
+- n2 = condition();
+- n = chain_loop(NULL);
+- n->l.n = n2;
+- break;
++ case ST_WHILE:
++ debug_printf_parse("%s: ST_WHILE\n", __func__);
++ n2 = parse_lrparen_list();
++ n = chain_loop(NULL);
++ n->l.n = n2;
++ break;
+
+- case ST_DO:
+- debug_printf_parse("%s: ST_DO\n", __func__);
+- n2 = chain_node(OC_EXEC);
+- n = chain_loop(NULL);
+- n2->a.n = n->a.n;
+- next_token(TC_WHILE);
+- n->l.n = condition();
+- break;
++ case ST_DO:
++ debug_printf_parse("%s: ST_DO\n", __func__);
++ n2 = chain_node(OC_EXEC);
++ n = chain_loop(NULL);
++ n2->a.n = n->a.n;
++ next_token(TC_WHILE);
++ n->l.n = parse_lrparen_list();
++ break;
+
+- case ST_FOR:
+- debug_printf_parse("%s: ST_FOR\n", __func__);
+- next_token(TC_SEQSTART);
+- n2 = parse_expr(TC_SEMICOL | TC_SEQTERM);
+- if (t_tclass & TC_SEQTERM) { /* for-in */
+- if (!n2 || (n2->info & OPCLSMASK) != OC_IN)
+- syntax_error(EMSG_UNEXP_TOKEN);
+- n = chain_node(OC_WALKINIT | VV);
+- n->l.n = n2->l.n;
+- n->r.n = n2->r.n;
+- n = chain_loop(NULL);
+- n->info = OC_WALKNEXT | Vx;
+- n->l.n = n2->l.n;
+- } else { /* for (;;) */
+- n = chain_node(OC_EXEC | Vx);
+- n->l.n = n2;
+- n2 = parse_expr(TC_SEMICOL);
+- n3 = parse_expr(TC_SEQTERM);
+- n = chain_loop(n3);
+- n->l.n = n2;
+- if (!n2)
+- n->info = OC_EXEC;
+- }
+- break;
++ case ST_FOR:
++ debug_printf_parse("%s: ST_FOR\n", __func__);
++ next_token(TC_LPAREN);
++ n2 = parse_expr(TC_SEMICOL | TC_RPAREN);
++ if (t_tclass & TC_RPAREN) { /* for (I in ARRAY) */
++ if (!n2 || n2->info != TI_IN)
++ syntax_error(EMSG_UNEXP_TOKEN);
++ n = chain_node(OC_WALKINIT | VV);
++ n->l.n = n2->l.n;
++ n->r.n = n2->r.n;
++ n = chain_loop(NULL);
++ n->info = OC_WALKNEXT | Vx;
++ n->l.n = n2->l.n;
++ } else { /* for (;;) */
++ n = chain_node(OC_EXEC | Vx);
++ n->l.n = n2;
++ n2 = parse_expr(TC_SEMICOL);
++ n3 = parse_expr(TC_RPAREN);
++ n = chain_loop(n3);
++ n->l.n = n2;
++ if (!n2)
++ n->info = OC_EXEC;
++ }
++ break;
+
+- case OC_PRINT:
+- case OC_PRINTF:
+- debug_printf_parse("%s: OC_PRINT[F]\n", __func__);
+- n = chain_node(t_info);
+- n->l.n = parse_expr(TC_OPTERM | TC_OUTRDR | TC_GRPTERM);
+- if (t_tclass & TC_OUTRDR) {
+- n->info |= t_info;
+- n->r.n = parse_expr(TC_OPTERM | TC_GRPTERM);
+- }
+- if (t_tclass & TC_GRPTERM)
+- rollback_token();
+- break;
++ case OC_PRINT:
++ case OC_PRINTF:
++ debug_printf_parse("%s: OC_PRINT[F]\n", __func__);
++ n = chain_node(t_info);
++ n->l.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_OUTRDR | TC_RBRACE);
++ if (t_tclass & TC_OUTRDR) {
++ n->info |= t_info;
++ n->r.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_RBRACE);
++ }
++ if (t_tclass & TC_RBRACE)
++ rollback_token();
++ break;
+
+- case OC_BREAK:
+- debug_printf_parse("%s: OC_BREAK\n", __func__);
+- n = chain_node(OC_EXEC);
+- n->a.n = break_ptr;
+- chain_expr(t_info);
+- break;
++ case OC_BREAK:
++ debug_printf_parse("%s: OC_BREAK\n", __func__);
++ n = chain_node(OC_EXEC);
++ if (!break_ptr)
++ syntax_error("'break' not in a loop");
++ n->a.n = break_ptr;
++ chain_expr(t_info);
++ break;
+
+- case OC_CONTINUE:
+- debug_printf_parse("%s: OC_CONTINUE\n", __func__);
+- n = chain_node(OC_EXEC);
+- n->a.n = continue_ptr;
+- chain_expr(t_info);
+- break;
++ case OC_CONTINUE:
++ debug_printf_parse("%s: OC_CONTINUE\n", __func__);
++ n = chain_node(OC_EXEC);
++ if (!continue_ptr)
++ syntax_error("'continue' not in a loop");
++ n->a.n = continue_ptr;
++ chain_expr(t_info);
++ break;
+
+- /* delete, next, nextfile, return, exit */
+- default:
+- debug_printf_parse("%s: default\n", __func__);
+- chain_expr(t_info);
+- }
++ /* delete, next, nextfile, return, exit */
++ default:
++ debug_printf_parse("%s: default\n", __func__);
++ chain_expr(t_info);
+ }
+ }
+
+ static void parse_program(char *p)
+ {
+- uint32_t tclass;
+- node *cn;
+- func *f;
+- var *v;
++ debug_printf_parse("%s()\n", __func__);
+
+ g_pos = p;
+ t_lineno = 1;
+- while ((tclass = next_token(TC_EOF | TC_OPSEQ | TC_GRPSTART |
+- TC_OPTERM | TC_BEGIN | TC_END | TC_FUNCDECL)) != TC_EOF) {
++ for (;;) {
++ uint32_t tclass;
+
+- if (tclass & TC_OPTERM) {
+- debug_printf_parse("%s: TC_OPTERM\n", __func__);
++ tclass = next_token(TS_OPSEQ | TC_LBRACE | TC_BEGIN | TC_END | TC_FUNCDECL
++ | TC_EOF | TC_NEWLINE /* but not TC_SEMICOL */);
++ got_tok:
++ if (tclass == TC_EOF) {
++ debug_printf_parse("%s: TC_EOF\n", __func__);
++ break;
++ }
++ if (tclass == TC_NEWLINE) {
++ debug_printf_parse("%s: TC_NEWLINE\n", __func__);
+ continue;
+ }
+-
+- seq = &mainseq;
+- if (tclass & TC_BEGIN) {
++ if (tclass == TC_BEGIN) {
+ debug_printf_parse("%s: TC_BEGIN\n", __func__);
+ seq = &beginseq;
+- chain_group();
+- } else if (tclass & TC_END) {
++ /* ensure there is no newline between BEGIN and { */
++ next_token(TC_LBRACE);
++ chain_until_rbrace();
++ goto next_tok;
++ }
++ if (tclass == TC_END) {
+ debug_printf_parse("%s: TC_END\n", __func__);
+ seq = &endseq;
+- chain_group();
+- } else if (tclass & TC_FUNCDECL) {
++ /* ensure there is no newline between END and { */
++ next_token(TC_LBRACE);
++ chain_until_rbrace();
++ goto next_tok;
++ }
++ if (tclass == TC_FUNCDECL) {
++ func *f;
++
+ debug_printf_parse("%s: TC_FUNCDECL\n", __func__);
+ next_token(TC_FUNCTION);
+- g_pos++;
+ f = newfunc(t_string);
+- f->body.first = NULL;
+- f->nargs = 0;
+- /* Match func arg list: a comma sep list of >= 0 args, and a close paren */
+- while (next_token(TC_VARIABLE | TC_SEQTERM | TC_COMMA)) {
+- /* Either an empty arg list, or trailing comma from prev iter
+- * must be followed by an arg */
+- if (f->nargs == 0 && t_tclass == TC_SEQTERM)
+- break;
+-
+- /* TC_SEQSTART/TC_COMMA must be followed by TC_VARIABLE */
+- if (t_tclass != TC_VARIABLE)
++ if (f->defined)
++ syntax_error("Duplicate function");
++ f->defined = 1;
++ //f->body.first = NULL; - already is
++ //f->nargs = 0; - already is
++ /* func arg list: comma sep list of args, and a close paren */
++ for (;;) {
++ var *v;
++ if (next_token(TC_VARIABLE | TC_RPAREN) == TC_RPAREN) {
++ if (f->nargs == 0)
++ break; /* func() is ok */
++ /* func(a,) is not ok */
+ syntax_error(EMSG_UNEXP_TOKEN);
+-
++ }
+ v = findvar(ahash, t_string);
+ v->x.aidx = f->nargs++;
+-
+ /* Arg followed either by end of arg list or 1 comma */
+- if (next_token(TC_COMMA | TC_SEQTERM) & TC_SEQTERM)
++ if (next_token(TC_COMMA | TC_RPAREN) == TC_RPAREN)
+ break;
+- if (t_tclass != TC_COMMA)
+- syntax_error(EMSG_UNEXP_TOKEN);
++ /* it was a comma, we ate it */
+ }
+ seq = &f->body;
+- chain_group();
+- clear_array(ahash);
+- } else if (tclass & TC_OPSEQ) {
+- debug_printf_parse("%s: TC_OPSEQ\n", __func__);
++ /* ensure there is { after "func F(...)" - but newlines are allowed */
++ while (next_token(TC_LBRACE | TC_NEWLINE) == TC_NEWLINE)
++ continue;
++ chain_until_rbrace();
++ hash_clear(ahash);
++ goto next_tok;
++ }
++ seq = &mainseq;
++ if (tclass & TS_OPSEQ) {
++ node *cn;
++
++ debug_printf_parse("%s: TS_OPSEQ\n", __func__);
+ rollback_token();
+ cn = chain_node(OC_TEST);
+- cn->l.n = parse_expr(TC_OPTERM | TC_EOF | TC_GRPSTART);
+- if (t_tclass & TC_GRPSTART) {
+- debug_printf_parse("%s: TC_GRPSTART\n", __func__);
+- rollback_token();
+- chain_group();
++ cn->l.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_EOF | TC_LBRACE);
++ if (t_tclass == TC_LBRACE) {
++ debug_printf_parse("%s: TC_LBRACE\n", __func__);
++ chain_until_rbrace();
+ } else {
+- debug_printf_parse("%s: !TC_GRPSTART\n", __func__);
++ /* no action, assume default "{ print }" */
++ debug_printf_parse("%s: !TC_LBRACE\n", __func__);
+ chain_node(OC_PRINT);
+ }
+ cn->r.n = mainseq.last;
+- } else /* if (tclass & TC_GRPSTART) */ {
+- debug_printf_parse("%s: TC_GRPSTART(?)\n", __func__);
+- rollback_token();
+- chain_group();
++ goto next_tok;
+ }
+- }
+- debug_printf_parse("%s: TC_EOF\n", __func__);
++ /* tclass == TC_LBRACE */
++ debug_printf_parse("%s: TC_LBRACE(?)\n", __func__);
++ chain_until_rbrace();
++ next_tok:
++ /* Same as next_token() at the top of the loop, + TC_SEMICOL */
++ tclass = next_token(TS_OPSEQ | TC_LBRACE | TC_BEGIN | TC_END | TC_FUNCDECL
++ | TC_EOF | TC_NEWLINE | TC_SEMICOL);
++ /* gawk allows many newlines, but does not allow more than one semicolon:
++ * BEGIN {...}<newline>;<newline>;
++ * would complain "each rule must have a pattern or an action part".
++ * Same message for
++ * ; BEGIN {...}
++ */
++ if (tclass != TC_SEMICOL)
++ goto got_tok; /* use this token */
++ /* else: loop back - ate the semicolon, get and use _next_ token */
++ } /* for (;;) */
+ }
+
+-
+ /* -------- program execution part -------- */
+
++/* temporary variables allocator */
++static var *nvalloc(int sz)
++{
++ return xzalloc(sz * sizeof(var));
++}
++
++static void nvfree(var *v, int sz)
++{
++ var *p = v;
++
++ while (--sz >= 0) {
++ if ((p->type & (VF_ARRAY | VF_CHILD)) == VF_ARRAY) {
++ clear_array(iamarray(p));
++ free(p->x.array->items);
++ free(p->x.array);
++ }
++ if (p->type & VF_WALK) {
++ walker_list *n;
++ walker_list *w = p->x.walker;
++ debug_printf_walker("nvfree: freeing walker @%p\n", &p->x.walker);
++ p->x.walker = NULL;
++ while (w) {
++ n = w->prev;
++ debug_printf_walker(" free(%p)\n", w);
++ free(w);
++ w = n;
++ }
++ }
++ clrvar(p);
++ p++;
++ }
++
++ free(v);
++}
++
+ static node *mk_splitter(const char *s, tsplitter *spl)
+ {
+ regex_t *re, *ire;
+@@ -1670,7 +1848,7 @@ static node *mk_splitter(const char *s, tsplitter *spl)
+ re = &spl->re[0];
+ ire = &spl->re[1];
+ n = &spl->n;
+- if ((n->info & OPCLSMASK) == OC_REGEXP) {
++ if (n->info == TI_REGEXP) {
+ regfree(re);
+ regfree(ire); // TODO: nuke ire, use re+1?
+ }
+@@ -1683,21 +1861,28 @@ static node *mk_splitter(const char *s, tsplitter *spl)
+ return n;
+ }
+
+-/* use node as a regular expression. Supplied with node ptr and regex_t
++static var *evaluate(node *, var *);
++
++/* Use node as a regular expression. Supplied with node ptr and regex_t
+ * storage space. Return ptr to regex (if result points to preg, it should
+- * be later regfree'd manually
++ * be later regfree'd manually).
+ */
+ static regex_t *as_regex(node *op, regex_t *preg)
+ {
+ int cflags;
+- var *v;
+ const char *s;
+
+- if ((op->info & OPCLSMASK) == OC_REGEXP) {
++ if (op->info == TI_REGEXP) {
+ return icase ? op->r.ire : op->l.re;
+ }
+- v = nvalloc(1);
+- s = getvar_s(evaluate(op, v));
++
++ //tmpvar = nvalloc(1);
++#define TMPVAR (&G.as_regex__tmpvar)
++ // We use a single "static" tmpvar (instead of on-stack or malloced one)
++ // to decrease memory consumption in deeply-recursive awk programs.
++ // The rule to work safely is to never call evaluate() while our static
++ // TMPVAR's value is still needed.
++ s = getvar_s(evaluate(op, TMPVAR));
+
+ cflags = icase ? REG_EXTENDED | REG_ICASE : REG_EXTENDED;
+ /* Testcase where REG_EXTENDED fails (unpaired '{'):
+@@ -1709,7 +1894,8 @@ static regex_t *as_regex(node *op, regex_t *preg)
+ cflags &= ~REG_EXTENDED;
+ xregcomp(preg, s, cflags);
+ }
+- nvfree(v);
++ //nvfree(tmpvar, 1);
++#undef TMPVAR
+ return preg;
+ }
+
+@@ -1729,12 +1915,22 @@ static char* qrealloc(char *b, int n, int *size)
+ /* resize field storage space */
+ static void fsrealloc(int size)
+ {
+- int i;
++ int i, newsize;
+
+ if (size >= maxfields) {
++ /* Sanity cap, easier than catering for overflows */
++ if (size > 0xffffff)
++ bb_die_memory_exhausted();
++
+ i = maxfields;
+ maxfields = size + 16;
+- Fields = xrealloc(Fields, maxfields * sizeof(Fields[0]));
++
++ newsize = maxfields * sizeof(Fields[0]);
++ debug_printf_eval("fsrealloc: xrealloc(%p, %u)\n", Fields, newsize);
++ Fields = xrealloc(Fields, newsize);
++ debug_printf_eval("fsrealloc: Fields=%p..%p\n", Fields, (char*)Fields + newsize - 1);
++ /* ^^^ did Fields[] move? debug aid for L.v getting "upstaged" by R.v in evaluate() */
++
+ for (; i < maxfields; i++) {
+ Fields[i].type = VF_SPECIAL;
+ Fields[i].string = NULL;
+@@ -1747,12 +1943,34 @@ static void fsrealloc(int size)
+ nfields = size;
+ }
+
++static int regexec1_nonempty(const regex_t *preg, const char *s, regmatch_t pmatch[])
++{
++ int r = regexec(preg, s, 1, pmatch, 0);
++ if (r == 0 && pmatch[0].rm_eo == 0) {
++ /* For example, happens when FS can match
++ * an empty string (awk -F ' *'). Logically,
++ * this should split into one-char fields.
++ * However, gawk 5.0.1 searches for first
++ * _non-empty_ separator string match:
++ */
++ size_t ofs = 0;
++ do {
++ ofs++;
++ if (!s[ofs])
++ return REG_NOMATCH;
++ regexec(preg, s + ofs, 1, pmatch, 0);
++ } while (pmatch[0].rm_eo == 0);
++ pmatch[0].rm_so += ofs;
++ pmatch[0].rm_eo += ofs;
++ }
++ return r;
++}
++
+ static int awk_split(const char *s, node *spl, char **slist)
+ {
+- int l, n;
++ int n;
+ char c[4];
+ char *s1;
+- regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough...
+
+ /* in worst case, each char would be a separate field */
+ *slist = s1 = xzalloc(strlen(s) * 2 + 3);
+@@ -1764,34 +1982,36 @@ static int awk_split(const char *s, node *spl, char **slist)
+ c[2] = '\n';
+
+ n = 0;
+- if ((spl->info & OPCLSMASK) == OC_REGEXP) { /* regex split */
++ if (spl->info == TI_REGEXP) { /* regex split */
+ if (!*s)
+ return n; /* "": zero fields */
+ n++; /* at least one field will be there */
+ do {
++ int l;
++ regmatch_t pmatch[1];
++
+ l = strcspn(s, c+2); /* len till next NUL or \n */
+- if (regexec(icase ? spl->r.ire : spl->l.re, s, 1, pmatch, 0) == 0
++ if (regexec1_nonempty(icase ? spl->r.ire : spl->l.re, s, pmatch) == 0
+ && pmatch[0].rm_so <= l
+ ) {
++ /* if (pmatch[0].rm_eo == 0) ... - impossible */
+ l = pmatch[0].rm_so;
+- if (pmatch[0].rm_eo == 0) {
+- l++;
+- pmatch[0].rm_eo++;
+- }
+ n++; /* we saw yet another delimiter */
+ } else {
+ pmatch[0].rm_eo = l;
+ if (s[l])
+ pmatch[0].rm_eo++;
+ }
+- memcpy(s1, s, l);
+- /* make sure we remove *all* of the separator chars */
+- do {
+- s1[l] = '\0';
+- } while (++l < pmatch[0].rm_eo);
+- nextword(&s1);
++ s1 = mempcpy(s1, s, l);
++ *s1++ = '\0';
+ s += pmatch[0].rm_eo;
+ } while (*s);
++
++ /* echo a-- | awk -F-- '{ print NF, length($NF), $NF }'
++ * should print "2 0 ":
++ */
++ *s1 = '\0';
++
+ return n;
+ }
+ if (c[0] == '\0') { /* null split */
+@@ -1929,7 +2149,7 @@ static node *nextarg(node **pn)
+ node *n;
+
+ n = *pn;
+- if (n && (n->info & OPCLSMASK) == OC_COMMA) {
++ if (n && n->info == TI_COMMA) {
+ *pn = n->r.n;
+ n = n->l.n;
+ } else {
+@@ -1960,8 +2180,7 @@ static void hashwalk_init(var *v, xhash *array)
+ for (i = 0; i < array->csize; i++) {
+ hi = array->items[i];
+ while (hi) {
+- strcpy(w->end, hi->name);
+- nextword(&w->end);
++ w->end = stpcpy(w->end, hi->name) + 1;
+ hi = hi->next;
+ }
+ }
+@@ -1987,15 +2206,18 @@ static int hashwalk_next(var *v)
+ /* evaluate node, return 1 when result is true, 0 otherwise */
+ static int ptest(node *pattern)
+ {
+- /* ptest__v is "static": to save stack space? */
+- return istrue(evaluate(pattern, &G.ptest__v));
++ // We use a single "static" tmpvar (instead of on-stack or malloced one)
++ // to decrease memory consumption in deeply-recursive awk programs.
++ // The rule to work safely is to never call evaluate() while our static
++ // TMPVAR's value is still needed.
++ return istrue(evaluate(pattern, &G.ptest__tmpvar));
+ }
+
+ /* read next record from stream rsm into a variable v */
+ static int awk_getline(rstream *rsm, var *v)
+ {
+ char *b;
+- regmatch_t pmatch[2];
++ regmatch_t pmatch[1];
+ int size, a, p, pp = 0;
+ int fd, so, eo, r, rp;
+ char c, *m, *s;
+@@ -2021,7 +2243,7 @@ static int awk_getline(rstream *rsm, var *v)
+ so = eo = p;
+ r = 1;
+ if (p > 0) {
+- if ((rsplitter.n.info & OPCLSMASK) == OC_REGEXP) {
++ if (rsplitter.n.info == TI_REGEXP) {
+ if (regexec(icase ? rsplitter.n.r.ire : rsplitter.n.l.re,
+ b, 1, pmatch, 0) == 0) {
+ so = pmatch[0].rm_so;
+@@ -2093,42 +2315,36 @@ static int awk_getline(rstream *rsm, var *v)
+ return r;
+ }
+
+-static int fmt_num(char *b, int size, const char *format, double n, int int_as_int)
+-{
+- int r = 0;
+- char c;
+- const char *s = format;
+-
+- if (int_as_int && n == (long long)n) {
+- r = snprintf(b, size, "%lld", (long long)n);
+- } else {
+- do { c = *s; } while (c && *++s);
+- if (strchr("diouxX", c)) {
+- r = snprintf(b, size, format, (int)n);
+- } else if (strchr("eEfgG", c)) {
+- r = snprintf(b, size, format, n);
+- } else {
+- syntax_error(EMSG_INV_FMT);
+- }
+- }
+- return r;
+-}
+-
+ /* formatted output into an allocated buffer, return ptr to buffer */
+-static char *awk_printf(node *n)
++#if !ENABLE_FEATURE_AWK_GNU_EXTENSIONS
++# define awk_printf(a, b) awk_printf(a)
++#endif
++static char *awk_printf(node *n, size_t *len)
+ {
+- char *b = NULL;
+- char *fmt, *s, *f;
+- const char *s1;
+- int i, j, incr, bsize;
+- char c, c1;
+- var *v, *arg;
+-
+- v = nvalloc(1);
+- fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), v)));
+-
++ char *b;
++ char *fmt, *f;
++ size_t i;
++
++ //tmpvar = nvalloc(1);
++#define TMPVAR (&G.awk_printf__tmpvar)
++ // We use a single "static" tmpvar (instead of on-stack or malloced one)
++ // to decrease memory consumption in deeply-recursive awk programs.
++ // The rule to work safely is to never call evaluate() while our static
++ // TMPVAR's value is still needed.
++ fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), TMPVAR)));
++ // ^^^^^^^^^ here we immediately strdup() the value, so the later call
++ // to evaluate() potentially recursing into another awk_printf() can't
++ // mangle the value.
++
++ b = NULL;
+ i = 0;
+- while (*f) {
++ while (*f) { /* "print one format spec" loop */
++ char *s;
++ char c;
++ char sv;
++ var *arg;
++ size_t slen;
++
+ s = f;
+ while (*f && (*f != '%' || *++f == '%'))
+ f++;
+@@ -2137,38 +2353,68 @@ static char *awk_printf(node *n)
+ syntax_error("%*x formats are not supported");
+ f++;
+ }
+-
+- incr = (f - s) + MAXVARFMT;
+- b = qrealloc(b, incr + i, &bsize);
+ c = *f;
+- if (c != '\0')
+- f++;
+- c1 = *f;
++ if (!c) {
++ /* Tail of fmt with no percent chars,
++ * or "....%" (percent seen, but no format specifier char found)
++ */
++ slen = strlen(s);
++ goto tail;
++ }
++ sv = *++f;
+ *f = '\0';
+- arg = evaluate(nextarg(&n), v);
+-
+- j = i;
+- if (c == 'c' || !c) {
+- i += sprintf(b+i, s, is_numeric(arg) ?
+- (char)getvar_i(arg) : *getvar_s(arg));
+- } else if (c == 's') {
+- s1 = getvar_s(arg);
+- b = qrealloc(b, incr+i+strlen(s1), &bsize);
+- i += sprintf(b+i, s, s1);
++ arg = evaluate(nextarg(&n), TMPVAR);
++
++ /* Result can be arbitrarily long. Example:
++ * printf "%99999s", "BOOM"
++ */
++ if (c == 'c') {
++ char cc = is_numeric(arg) ? getvar_i(arg) : *getvar_s(arg);
++ char *r = xasprintf(s, cc ? cc : '^' /* else strlen will be wrong */);
++ slen = strlen(r);
++ if (cc == '\0') /* if cc is NUL, re-format the string with it */
++ sprintf(r, s, cc);
++ s = r;
+ } else {
+- i += fmt_num(b+i, incr, s, getvar_i(arg), FALSE);
++ if (c == 's') {
++ s = xasprintf(s, getvar_s(arg));
++ } else {
++ double d = getvar_i(arg);
++ if (strchr("diouxX", c)) {
++//TODO: make it wider here (%x -> %llx etc)?
++ s = xasprintf(s, (int)d);
++ } else if (strchr("eEfFgGaA", c)) {
++ s = xasprintf(s, d);
++ } else {
++ syntax_error(EMSG_INV_FMT);
++ }
++ }
++ slen = strlen(s);
+ }
+- *f = c1;
++ *f = sv;
+
+- /* if there was an error while sprintf, return value is negative */
+- if (i < j)
+- i = j;
++ if (i == 0) {
++ b = s;
++ i = slen;
++ continue;
++ }
++ tail:
++ b = xrealloc(b, i + slen + 1);
++ strcpy(b + i, s);
++ i += slen;
++ if (!c) /* tail? */
++ break;
++ free(s);
+ }
+
+ free(fmt);
+- nvfree(v);
+- b = xrealloc(b, i + 1);
+- b[i] = '\0';
++ //nvfree(tmpvar, 1);
++#undef TMPVAR
++
++#if ENABLE_FEATURE_AWK_GNU_EXTENSIONS
++ if (len)
++ *len = i;
++#endif
+ return b;
+ }
+
+@@ -2298,33 +2544,59 @@ static NOINLINE int do_mktime(const char *ds)
+ return mktime(&then);
+ }
+
++/* Reduce stack usage in exec_builtin() by keeping match() code separate */
++static NOINLINE var *do_match(node *an1, const char *as0)
++{
++ regmatch_t pmatch[1];
++ regex_t sreg, *re;
++ int n, start, len;
++
++ re = as_regex(an1, &sreg);
++ n = regexec(re, as0, 1, pmatch, 0);
++ if (re == &sreg)
++ regfree(re);
++ start = 0;
++ len = -1;
++ if (n == 0) {
++ start = pmatch[0].rm_so + 1;
++ len = pmatch[0].rm_eo - pmatch[0].rm_so;
++ }
++ setvar_i(newvar("RLENGTH"), len);
++ return setvar_i(newvar("RSTART"), start);
++}
++
++/* Reduce stack usage in evaluate() by keeping builtins' code separate */
+ static NOINLINE var *exec_builtin(node *op, var *res)
+ {
+ #define tspl (G.exec_builtin__tspl)
+
+- var *tv;
++ var *tmpvars;
+ node *an[4];
+ var *av[4];
+ const char *as[4];
+- regmatch_t pmatch[2];
+- regex_t sreg, *re;
+ node *spl;
+ uint32_t isr, info;
+ int nargs;
+ time_t tt;
+ int i, l, ll, n;
+
+- tv = nvalloc(4);
++ tmpvars = nvalloc(4);
++#define TMPVAR0 (tmpvars)
++#define TMPVAR1 (tmpvars + 1)
++#define TMPVAR2 (tmpvars + 2)
++#define TMPVAR3 (tmpvars + 3)
++#define TMPVAR(i) (tmpvars + (i))
+ isr = info = op->info;
+ op = op->l.n;
+
+ av[2] = av[3] = NULL;
+ for (i = 0; i < 4 && op; i++) {
+ an[i] = nextarg(&op);
+- if (isr & 0x09000000)
+- av[i] = evaluate(an[i], &tv[i]);
+- if (isr & 0x08000000)
+- as[i] = getvar_s(av[i]);
++ if (isr & 0x09000000) {
++ av[i] = evaluate(an[i], TMPVAR(i));
++ if (isr & 0x08000000)
++ as[i] = getvar_s(av[i]);
++ }
+ isr >>= 1;
+ }
+
+@@ -2346,8 +2618,8 @@ static NOINLINE var *exec_builtin(node *op, var *res)
+ char *s, *s1;
+
+ if (nargs > 2) {
+- spl = (an[2]->info & OPCLSMASK) == OC_REGEXP ?
+- an[2] : mk_splitter(getvar_s(evaluate(an[2], &tv[2])), &tspl);
++ spl = (an[2]->info == TI_REGEXP) ? an[2]
++ : mk_splitter(getvar_s(evaluate(an[2], TMPVAR2)), &tspl);
+ } else {
+ spl = &fsplitter.n;
+ }
+@@ -2461,20 +2733,7 @@ static NOINLINE var *exec_builtin(node *op, var *res)
+ break;
+
+ case B_ma:
+- re = as_regex(an[1], &sreg);
+- n = regexec(re, as[0], 1, pmatch, 0);
+- if (n == 0) {
+- pmatch[0].rm_so++;
+- pmatch[0].rm_eo++;
+- } else {
+- pmatch[0].rm_so = 0;
+- pmatch[0].rm_eo = -1;
+- }
+- setvar_i(newvar("RSTART"), pmatch[0].rm_so);
+- setvar_i(newvar("RLENGTH"), pmatch[0].rm_eo - pmatch[0].rm_so);
+- setvar_i(res, pmatch[0].rm_so);
+- if (re == &sreg)
+- regfree(re);
++ res = do_match(an[1], as[0]);
+ break;
+
+ case B_ge:
+@@ -2490,14 +2749,79 @@ static NOINLINE var *exec_builtin(node *op, var *res)
+ break;
+ }
+
+- nvfree(tv);
++ nvfree(tmpvars, 4);
++#undef TMPVAR0
++#undef TMPVAR1
++#undef TMPVAR2
++#undef TMPVAR3
++#undef TMPVAR
++
+ return res;
+ #undef tspl
+ }
+
++/* if expr looks like "var=value", perform assignment and return 1,
++ * otherwise return 0 */
++static int is_assignment(const char *expr)
++{
++ char *exprc, *val;
++
++ val = (char*)endofname(expr);
++ if (val == (char*)expr || *val != '=') {
++ return FALSE;
++ }
++
++ exprc = xstrdup(expr);
++ val = exprc + (val - expr);
++ *val++ = '\0';
++
++ unescape_string_in_place(val);
++ setvar_u(newvar(exprc), val);
++ free(exprc);
++ return TRUE;
++}
++
++/* switch to next input file */
++static rstream *next_input_file(void)
++{
++#define rsm (G.next_input_file__rsm)
++#define files_happen (G.next_input_file__files_happen)
++
++ const char *fname, *ind;
++
++ if (rsm.F)
++ fclose(rsm.F);
++ rsm.F = NULL;
++ rsm.pos = rsm.adv = 0;
++
++ for (;;) {
++ if (getvar_i(intvar[ARGIND])+1 >= getvar_i(intvar[ARGC])) {
++ if (files_happen)
++ return NULL;
++ fname = "-";
++ rsm.F = stdin;
++ break;
++ }
++ ind = getvar_s(incvar(intvar[ARGIND]));
++ fname = getvar_s(findvar(iamarray(intvar[ARGV]), ind));
++ if (fname && *fname && !is_assignment(fname)) {
++ rsm.F = xfopen_stdin(fname);
++ break;
++ }
++ }
++
++ files_happen = TRUE;
++ setvar_s(intvar[FILENAME], fname);
++ return &rsm;
++#undef rsm
++#undef files_happen
++}
++
+ /*
+ * Evaluate node - the heart of the program. Supplied with subtree
+- * and place where to store result. returns ptr to result.
++ * and "res" variable to assign the result to if we evaluate an expression.
++ * If node refers to e.g. a variable or a field, no assignment happens.
++ * Return ptr to the result (which may or may not be the "res" variable!)
+ */
+ #define XC(n) ((n) >> 8)
+
+@@ -2509,14 +2833,16 @@ static var *evaluate(node *op, var *res)
+ #define seed (G.evaluate__seed)
+ #define sreg (G.evaluate__sreg)
+
+- var *v1;
++ var *tmpvars;
+
+ if (!op)
+ return setvar_s(res, NULL);
+
+ debug_printf_eval("entered %s()\n", __func__);
+
+- v1 = nvalloc(2);
++ tmpvars = nvalloc(2);
++#define TMPVAR0 (tmpvars)
++#define TMPVAR1 (tmpvars + 1)
+
+ while (op) {
+ struct {
+@@ -2538,48 +2864,35 @@ static var *evaluate(node *op, var *res)
+ op1 = op->l.n;
+ debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn);
+
+- /* "delete" is special:
+- * "delete array[var--]" must evaluate index expr only once,
+- * must not evaluate it in "execute inevitable things" part.
+- */
+- if (XC(opinfo & OPCLSMASK) == XC(OC_DELETE)) {
+- uint32_t info = op1->info & OPCLSMASK;
+- var *v;
+-
+- debug_printf_eval("DELETE\n");
+- if (info == OC_VAR) {
+- v = op1->l.v;
+- } else if (info == OC_FNARG) {
+- v = &fnargs[op1->l.aidx];
+- } else {
+- syntax_error(EMSG_NOT_ARRAY);
++ /* execute inevitable things */
++ if (opinfo & OF_RES1) {
++ if ((opinfo & OF_REQUIRED) && !op1)
++ syntax_error(EMSG_TOO_FEW_ARGS);
++ L.v = evaluate(op1, TMPVAR0);
++ if (opinfo & OF_STR1) {
++ L.s = getvar_s(L.v);
++ debug_printf_eval("L.s:'%s'\n", L.s);
+ }
+- if (op1->r.n) { /* array ref? */
+- const char *s;
+- s = getvar_s(evaluate(op1->r.n, v1));
+- hash_remove(iamarray(v), s);
+- } else {
+- clear_array(iamarray(v));
++ if (opinfo & OF_NUM1) {
++ L_d = getvar_i(L.v);
++ debug_printf_eval("L_d:%f\n", L_d);
+ }
+- goto next;
+- }
+-
+- /* execute inevitable things */
+- if (opinfo & OF_RES1)
+- L.v = evaluate(op1, v1);
+- if (opinfo & OF_RES2)
+- R.v = evaluate(op->r.n, v1+1);
+- if (opinfo & OF_STR1) {
+- L.s = getvar_s(L.v);
+- debug_printf_eval("L.s:'%s'\n", L.s);
+ }
+- if (opinfo & OF_STR2) {
+- R.s = getvar_s(R.v);
+- debug_printf_eval("R.s:'%s'\n", R.s);
+- }
+- if (opinfo & OF_NUM1) {
+- L_d = getvar_i(L.v);
+- debug_printf_eval("L_d:%f\n", L_d);
++ /* NB: Must get string/numeric values of L (done above)
++ * _before_ evaluate()'ing R.v: if both L and R are $NNNs,
++ * and right one is large, then L.v points to Fields[NNN1],
++ * second evaluate() reallocates and moves (!) Fields[],
++ * R.v points to Fields[NNN2] but L.v now points to freed mem!
++ * (Seen trying to evaluate "$444 $44444")
++ */
++ if (opinfo & OF_RES2) {
++ R.v = evaluate(op->r.n, TMPVAR1);
++ //TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
++ //L.v = NULL;
++ if (opinfo & OF_STR2) {
++ R.s = getvar_s(R.v);
++ debug_printf_eval("R.s:'%s'\n", R.s);
++ }
+ }
+
+ debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK));
+@@ -2589,7 +2902,8 @@ static var *evaluate(node *op, var *res)
+
+ /* test pattern */
+ case XC( OC_TEST ):
+- if ((op1->info & OPCLSMASK) == OC_COMMA) {
++ debug_printf_eval("TEST\n");
++ if (op1->info == TI_COMMA) {
+ /* it's range pattern */
+ if ((opinfo & OF_CHECKED) || ptest(op1->l.n)) {
+ op->info |= OF_CHECKED;
+@@ -2606,25 +2920,32 @@ static var *evaluate(node *op, var *res)
+
+ /* just evaluate an expression, also used as unconditional jump */
+ case XC( OC_EXEC ):
++ debug_printf_eval("EXEC\n");
+ break;
+
+ /* branch, used in if-else and various loops */
+ case XC( OC_BR ):
++ debug_printf_eval("BR\n");
+ op = istrue(L.v) ? op->a.n : op->r.n;
+ break;
+
+ /* initialize for-in loop */
+ case XC( OC_WALKINIT ):
++ debug_printf_eval("WALKINIT\n");
+ hashwalk_init(L.v, iamarray(R.v));
+ break;
+
+ /* get next array item */
+ case XC( OC_WALKNEXT ):
++ debug_printf_eval("WALKNEXT\n");
+ op = hashwalk_next(L.v) ? op->a.n : op->r.n;
+ break;
+
+ case XC( OC_PRINT ):
+- case XC( OC_PRINTF ): {
++ debug_printf_eval("PRINT /\n");
++ case XC( OC_PRINTF ):
++ debug_printf_eval("PRINTF\n");
++ {
+ FILE *F = stdout;
+
+ if (op->r.n) {
+@@ -2642,55 +2963,94 @@ static var *evaluate(node *op, var *res)
+ F = rsm->F;
+ }
+
++ /* Can't just check 'opinfo == OC_PRINT' here, parser ORs
++ * additional bits to opinfos of print/printf with redirects
++ */
+ if ((opinfo & OPCLSMASK) == OC_PRINT) {
+ if (!op1) {
+ fputs(getvar_s(intvar[F0]), F);
+ } else {
+- while (op1) {
+- var *v = evaluate(nextarg(&op1), v1);
++ for (;;) {
++ var *v = evaluate(nextarg(&op1), TMPVAR0);
+ if (v->type & VF_NUMBER) {
+- fmt_num(g_buf, MAXVARFMT, getvar_s(intvar[OFMT]),
+- getvar_i(v), TRUE);
++ fmt_num(getvar_s(intvar[OFMT]),
++ getvar_i(v));
+ fputs(g_buf, F);
+ } else {
+ fputs(getvar_s(v), F);
+ }
+-
+- if (op1)
+- fputs(getvar_s(intvar[OFS]), F);
++ if (!op1)
++ break;
++ fputs(getvar_s(intvar[OFS]), F);
+ }
+ }
+ fputs(getvar_s(intvar[ORS]), F);
+-
+- } else { /* OC_PRINTF */
+- char *s = awk_printf(op1);
++ } else { /* PRINTF */
++ IF_FEATURE_AWK_GNU_EXTENSIONS(size_t len;)
++ char *s = awk_printf(op1, &len);
++#if ENABLE_FEATURE_AWK_GNU_EXTENSIONS
++ fwrite(s, len, 1, F);
++#else
+ fputs(s, F);
++#endif
+ free(s);
+ }
+ fflush(F);
+ break;
+ }
+
+- /* case XC( OC_DELETE ): - moved to happen before arg evaluation */
++ case XC( OC_DELETE ):
++ debug_printf_eval("DELETE\n");
++ {
++ /* "delete" is special:
++ * "delete array[var--]" must evaluate index expr only once.
++ */
++ uint32_t info = op1->info & OPCLSMASK;
++ var *v;
++
++ if (info == OC_VAR) {
++ v = op1->l.v;
++ } else if (info == OC_FNARG) {
++ v = &fnargs[op1->l.aidx];
++ } else {
++ syntax_error(EMSG_NOT_ARRAY);
++ }
++ if (op1->r.n) { /* array ref? */
++ const char *s;
++ s = getvar_s(evaluate(op1->r.n, TMPVAR0));
++ hash_remove(iamarray(v), s);
++ } else {
++ clear_array(iamarray(v));
++ }
++ break;
++ }
+
+ case XC( OC_NEWSOURCE ):
++ debug_printf_eval("NEWSOURCE\n");
+ g_progname = op->l.new_progname;
+ break;
+
+ case XC( OC_RETURN ):
++ debug_printf_eval("RETURN\n");
+ copyvar(res, L.v);
+ break;
+
+ case XC( OC_NEXTFILE ):
++ debug_printf_eval("NEXTFILE\n");
+ nextfile = TRUE;
+ case XC( OC_NEXT ):
++ debug_printf_eval("NEXT\n");
+ nextrec = TRUE;
+ case XC( OC_DONE ):
++ debug_printf_eval("DONE\n");
+ clrvar(res);
+ break;
+
+ case XC( OC_EXIT ):
+- awk_exit(L_d);
++ debug_printf_eval("EXIT\n");
++ if (op1)
++ G.exitcode = (int)L_d;
++ awk_exit();
+
+ /* -- recursive node type -- */
+
+@@ -2709,15 +3069,18 @@ static var *evaluate(node *op, var *res)
+ break;
+
+ case XC( OC_IN ):
++ debug_printf_eval("IN\n");
+ setvar_i(res, hash_search(iamarray(R.v), L.s) ? 1 : 0);
+ break;
+
+ case XC( OC_REGEXP ):
++ debug_printf_eval("REGEXP\n");
+ op1 = op;
+ L.s = getvar_s(intvar[F0]);
+ goto re_cont;
+
+ case XC( OC_MATCH ):
++ debug_printf_eval("MATCH\n");
+ op1 = op->r.n;
+ re_cont:
+ {
+@@ -2732,61 +3095,80 @@ static var *evaluate(node *op, var *res)
+ case XC( OC_MOVE ):
+ debug_printf_eval("MOVE\n");
+ /* if source is a temporary string, jusk relink it to dest */
+-//Disabled: if R.v is numeric but happens to have cached R.v->string,
+-//then L.v ends up being a string, which is wrong
+-// if (R.v == v1+1 && R.v->string) {
+-// res = setvar_p(L.v, R.v->string);
+-// R.v->string = NULL;
+-// } else {
++ if (R.v == TMPVAR1
++ && !(R.v->type & VF_NUMBER)
++ /* Why check !NUMBER? if R.v is a number but has cached R.v->string,
++ * L.v ends up a string, which is wrong */
++ /*&& R.v->string - always not NULL (right?) */
++ ) {
++ res = setvar_p(L.v, R.v->string); /* avoids strdup */
++ R.v->string = NULL;
++ } else {
+ res = copyvar(L.v, R.v);
+-// }
++ }
+ break;
+
+ case XC( OC_TERNARY ):
+- if ((op->r.n->info & OPCLSMASK) != OC_COLON)
++ debug_printf_eval("TERNARY\n");
++ if (op->r.n->info != TI_COLON)
+ syntax_error(EMSG_POSSIBLE_ERROR);
+ res = evaluate(istrue(L.v) ? op->r.n->l.n : op->r.n->r.n, res);
+ break;
+
+ case XC( OC_FUNC ): {
+- var *vbeg, *v;
++ var *argvars, *sv_fnargs;
+ const char *sv_progname;
++ int nargs, i;
+
+- /* The body might be empty, still has to eval the args */
+- if (!op->r.n->info && !op->r.f->body.first)
++ debug_printf_eval("FUNC\n");
++
++ if (!op->r.f->defined)
+ syntax_error(EMSG_UNDEF_FUNC);
+
+- vbeg = v = nvalloc(op->r.f->nargs + 1);
++ /* The body might be empty, still has to eval the args */
++ nargs = op->r.f->nargs;
++ argvars = nvalloc(nargs);
++ i = 0;
+ while (op1) {
+- var *arg = evaluate(nextarg(&op1), v1);
+- copyvar(v, arg);
+- v->type |= VF_CHILD;
+- v->x.parent = arg;
+- if (++v - vbeg >= op->r.f->nargs)
+- break;
++ var *arg = evaluate(nextarg(&op1), TMPVAR0);
++ if (i == nargs) {
++ /* call with more arguments than function takes.
++ * (gawk warns: "warning: function 'f' called with more arguments than declared").
++ * They are still evaluated, but discarded: */
++ clrvar(arg);
++ continue;
++ }
++ copyvar(&argvars[i], arg);
++ argvars[i].type |= VF_CHILD;
++ argvars[i].x.parent = arg;
++ i++;
+ }
+
+- v = fnargs;
+- fnargs = vbeg;
++ sv_fnargs = fnargs;
+ sv_progname = g_progname;
+
++ fnargs = argvars;
+ res = evaluate(op->r.f->body.first, res);
++ nvfree(argvars, nargs);
+
+ g_progname = sv_progname;
+- nvfree(fnargs);
+- fnargs = v;
++ fnargs = sv_fnargs;
+
+ break;
+ }
+
+ case XC( OC_GETLINE ):
+- case XC( OC_PGETLINE ): {
++ debug_printf_eval("GETLINE /\n");
++ case XC( OC_PGETLINE ):
++ debug_printf_eval("PGETLINE\n");
++ {
+ rstream *rsm;
+ int i;
+
+ if (op1) {
+ rsm = newfile(L.s);
+ if (!rsm->F) {
++ /* NB: can't use "opinfo == TI_PGETLINE", would break "cmd" | getline */
+ if ((opinfo & OPCLSMASK) == OC_PGETLINE) {
+ rsm->F = popen(L.s, "r");
+ rsm->is_pipe = TRUE;
+@@ -2821,16 +3203,34 @@ static var *evaluate(node *op, var *res)
+ /* simple builtins */
+ case XC( OC_FBLTIN ): {
+ double R_d = R_d; /* for compiler */
++ debug_printf_eval("FBLTIN\n");
++
++ if (op1 && op1->info == TI_COMMA)
++ /* Simple builtins take one arg maximum */
++ syntax_error("Too many arguments");
+
+ switch (opn) {
+ case F_in:
+ R_d = (long long)L_d;
+ break;
+
+- case F_rn:
+- R_d = (double)rand() / (double)RAND_MAX;
++ case F_rn: /*rand*/
++ if (op1)
++ syntax_error("Too many arguments");
++ {
++#if RAND_MAX >= 0x7fffffff
++ uint32_t u = ((uint32_t)rand() << 16) ^ rand();
++ uint64_t v = ((uint64_t)rand() << 32) | u;
++ /* the above shift+or is optimized out on 32-bit arches */
++# if RAND_MAX > 0x7fffffff
++ v &= 0x7fffffffffffffffULL;
++# endif
++ R_d = (double)v / 0x8000000000000000ULL;
++#else
++# error Not implemented for this value of RAND_MAX
++#endif
+ break;
+-
++ }
+ case F_co:
+ if (ENABLE_FEATURE_AWK_LIBM) {
+ R_d = cos(L_d);
+@@ -2870,7 +3270,9 @@ static var *evaluate(node *op, var *res)
+ srand(seed);
+ break;
+
+- case F_ti:
++ case F_ti: /*systime*/
++ if (op1)
++ syntax_error("Too many arguments");
+ R_d = time(NULL);
+ break;
+
+@@ -2909,7 +3311,7 @@ static var *evaluate(node *op, var *res)
+ rstream *rsm;
+ int err = 0;
+ rsm = (rstream *)hash_search(fdhash, L.s);
+- debug_printf_eval("OC_FBLTIN F_cl rsm:%p\n", rsm);
++ debug_printf_eval("OC_FBLTIN close: op1:%p s:'%s' rsm:%p\n", op1, L.s, rsm);
+ if (rsm) {
+ debug_printf_eval("OC_FBLTIN F_cl "
+ "rsm->is_pipe:%d, ->F:%p\n",
+@@ -2920,6 +3322,11 @@ static var *evaluate(node *op, var *res)
+ */
+ if (rsm->F)
+ err = rsm->is_pipe ? pclose(rsm->F) : fclose(rsm->F);
++//TODO: fix this case:
++// $ awk 'BEGIN { print close(""); print ERRNO }'
++// -1
++// close of redirection that was never opened
++// (we print 0, 0)
+ free(rsm->buffer);
+ hash_remove(fdhash, L.s);
+ }
+@@ -2934,14 +3341,18 @@ static var *evaluate(node *op, var *res)
+ }
+
+ case XC( OC_BUILTIN ):
++ debug_printf_eval("BUILTIN\n");
+ res = exec_builtin(op, res);
+ break;
+
+ case XC( OC_SPRINTF ):
+- setvar_p(res, awk_printf(op1));
++ debug_printf_eval("SPRINTF\n");
++ setvar_p(res, awk_printf(op1, NULL));
+ break;
+
+- case XC( OC_UNARY ): {
++ case XC( OC_UNARY ):
++ debug_printf_eval("UNARY\n");
++ {
+ double Ld, R_d;
+
+ Ld = R_d = getvar_i(R.v);
+@@ -2971,7 +3382,9 @@ static var *evaluate(node *op, var *res)
+ break;
+ }
+
+- case XC( OC_FIELD ): {
++ case XC( OC_FIELD ):
++ debug_printf_eval("FIELD\n");
++ {
+ int i = (int)getvar_i(R.v);
+ if (i < 0)
+ syntax_error(EMSG_NEGATIVE_FIELD);
+@@ -2988,26 +3401,33 @@ static var *evaluate(node *op, var *res)
+
+ /* concatenation (" ") and index joining (",") */
+ case XC( OC_CONCAT ):
++ debug_printf_eval("CONCAT /\n");
+ case XC( OC_COMMA ): {
+ const char *sep = "";
+- if ((opinfo & OPCLSMASK) == OC_COMMA)
++ debug_printf_eval("COMMA\n");
++ if (opinfo == TI_COMMA)
+ sep = getvar_s(intvar[SUBSEP]);
+ setvar_p(res, xasprintf("%s%s%s", L.s, sep, R.s));
+ break;
+ }
+
+ case XC( OC_LAND ):
++ debug_printf_eval("LAND\n");
+ setvar_i(res, istrue(L.v) ? ptest(op->r.n) : 0);
+ break;
+
+ case XC( OC_LOR ):
++ debug_printf_eval("LOR\n");
+ setvar_i(res, istrue(L.v) ? 1 : ptest(op->r.n));
+ break;
+
+ case XC( OC_BINARY ):
+- case XC( OC_REPLACE ): {
++ debug_printf_eval("BINARY /\n");
++ case XC( OC_REPLACE ):
++ debug_printf_eval("REPLACE\n");
++ {
+ double R_d = getvar_i(R.v);
+- debug_printf_eval("BINARY/REPLACE: R_d:%f opn:%c\n", R_d, opn);
++ debug_printf_eval("R_d:%f opn:%c\n", R_d, opn);
+ switch (opn) {
+ case '+':
+ L_d += R_d;
+@@ -3043,6 +3463,7 @@ static var *evaluate(node *op, var *res)
+ case XC( OC_COMPARE ): {
+ int i = i; /* for compiler */
+ double Ld;
++ debug_printf_eval("COMPARE\n");
+
+ if (is_numeric(L.v) && is_numeric(R.v)) {
+ Ld = getvar_i(L.v) - getvar_i(R.v);
+@@ -3069,7 +3490,7 @@ static var *evaluate(node *op, var *res)
+ default:
+ syntax_error(EMSG_POSSIBLE_ERROR);
+ } /* switch */
+- next:
++
+ if ((opinfo & OPCLSMASK) <= SHIFT_TIL_THIS)
+ op = op->a.n;
+ if ((opinfo & OPCLSMASK) >= RECUR_FROM_THIS)
+@@ -3078,7 +3499,10 @@ static var *evaluate(node *op, var *res)
+ break;
+ } /* while (op) */
+
+- nvfree(v1);
++ nvfree(tmpvars, 2);
++#undef TMPVAR0
++#undef TMPVAR1
++
+ debug_printf_eval("returning from %s(): %p\n", __func__, res);
+ return res;
+ #undef fnargs
+@@ -3086,25 +3510,21 @@ static var *evaluate(node *op, var *res)
+ #undef sreg
+ }
+
+-
+ /* -------- main & co. -------- */
+
+-static int awk_exit(int r)
++static int awk_exit(void)
+ {
+- var tv;
+ unsigned i;
+- hash_item *hi;
+-
+- zero_out_var(&tv);
+
+ if (!exiting) {
+ exiting = TRUE;
+ nextrec = FALSE;
+- evaluate(endseq.first, &tv);
++ evaluate(endseq.first, &G.exit__tmpvar);
+ }
+
+ /* waiting for children */
+ for (i = 0; i < fdhash->csize; i++) {
++ hash_item *hi;
+ hi = fdhash->items[i];
+ while (hi) {
+ if (hi->data.rs.F && hi->data.rs.is_pipe)
+@@ -3113,65 +3533,7 @@ static int awk_exit(int r)
+ }
+ }
+
+- exit(r);
+-}
+-
+-/* if expr looks like "var=value", perform assignment and return 1,
+- * otherwise return 0 */
+-static int is_assignment(const char *expr)
+-{
+- char *exprc, *val;
+-
+- if (!isalnum_(*expr) || (val = strchr(expr, '=')) == NULL) {
+- return FALSE;
+- }
+-
+- exprc = xstrdup(expr);
+- val = exprc + (val - expr);
+- *val++ = '\0';
+-
+- unescape_string_in_place(val);
+- setvar_u(newvar(exprc), val);
+- free(exprc);
+- return TRUE;
+-}
+-
+-/* switch to next input file */
+-static rstream *next_input_file(void)
+-{
+-#define rsm (G.next_input_file__rsm)
+-#define files_happen (G.next_input_file__files_happen)
+-
+- FILE *F;
+- const char *fname, *ind;
+-
+- if (rsm.F)
+- fclose(rsm.F);
+- rsm.F = NULL;
+- rsm.pos = rsm.adv = 0;
+-
+- for (;;) {
+- if (getvar_i(intvar[ARGIND])+1 >= getvar_i(intvar[ARGC])) {
+- if (files_happen)
+- return NULL;
+- fname = "-";
+- F = stdin;
+- break;
+- }
+- ind = getvar_s(incvar(intvar[ARGIND]));
+- fname = getvar_s(findvar(iamarray(intvar[ARGV]), ind));
+- if (fname && *fname && !is_assignment(fname)) {
+- F = xfopen_stdin(fname);
+- break;
+- }
+- }
+-
+- files_happen = TRUE;
+- setvar_s(intvar[FILENAME], fname);
+- rsm.F = F;
+- return &rsm;
+-#undef rsm
+-#undef files_happen
++ exit(G.exitcode);
+ }
+
+ int awk_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+@@ -3184,12 +3546,7 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ #if ENABLE_FEATURE_AWK_GNU_EXTENSIONS
+ llist_t *list_e = NULL;
+ #endif
+- int i, j;
+- var *v;
+- var tv;
+- char **envp;
+- char *vnames = (char *)vNames; /* cheat */
+- char *vvalues = (char *)vValues;
++ int i;
+
+ INIT_G();
+
+@@ -3198,48 +3555,43 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ if (ENABLE_LOCALE_SUPPORT)
+ setlocale(LC_NUMERIC, "C");
+
+- zero_out_var(&tv);
+-
+- /* allocate global buffer */
+- g_buf = xmalloc(MAXVARFMT + 1);
+-
+- vhash = hash_init();
+- ahash = hash_init();
+- fdhash = hash_init();
+- fnhash = hash_init();
+-
+ /* initialize variables */
+- for (i = 0; *vnames; i++) {
+- intvar[i] = v = newvar(nextword(&vnames));
+- if (*vvalues != '\377')
+- setvar_s(v, nextword(&vvalues));
+- else
+- setvar_i(v, 0);
+-
+- if (*vnames == '*') {
+- v->type |= VF_SPECIAL;
+- vnames++;
++ vhash = hash_init();
++ {
++ char *vnames = (char *)vNames; /* cheat */
++ char *vvalues = (char *)vValues;
++ for (i = 0; *vnames; i++) {
++ var *v;
++ intvar[i] = v = newvar(nextword(&vnames));
++ if (*vvalues != '\377')
++ setvar_s(v, nextword(&vvalues));
++ else
++ setvar_i(v, 0);
++
++ if (*vnames == '*') {
++ v->type |= VF_SPECIAL;
++ vnames++;
++ }
+ }
+ }
+
+ handle_special(intvar[FS]);
+ handle_special(intvar[RS]);
+
+- newfile("/dev/stdin")->F = stdin;
+- newfile("/dev/stdout")->F = stdout;
+- newfile("/dev/stderr")->F = stderr;
+-
+ /* Huh, people report that sometimes environ is NULL. Oh well. */
+- if (environ) for (envp = environ; *envp; envp++) {
+- /* environ is writable, thus we don't strdup it needlessly */
+- char *s = *envp;
+- char *s1 = strchr(s, '=');
+- if (s1) {
+- *s1 = '\0';
+- /* Both findvar and setvar_u take const char*
+- * as 2nd arg -> environment is not trashed */
+- setvar_u(findvar(iamarray(intvar[ENVIRON]), s), s1 + 1);
+- *s1 = '=';
++ if (environ) {
++ char **envp;
++ for (envp = environ; *envp; envp++) {
++ /* environ is writable, thus we don't strdup it needlessly */
++ char *s = *envp;
++ char *s1 = strchr(s, '=');
++ if (s1) {
++ *s1 = '\0';
++ /* Both findvar and setvar_u take const char*
++ * as 2nd arg -> environment is not trashed */
++ setvar_u(findvar(iamarray(intvar[ENVIRON]), s), s1 + 1);
++ *s1 = '=';
++ }
+ }
+ }
+ opt = getopt32(argv, OPTSTR_AWK, &opt_F, &list_v, &list_f, IF_FEATURE_AWK_GNU_EXTENSIONS(&list_e,) NULL);
+@@ -3255,20 +3607,19 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ if (!is_assignment(llist_pop(&list_v)))
+ bb_show_usage();
+ }
++
++ /* Parse all supplied programs */
++ fnhash = hash_init();
++ ahash = hash_init();
+ while (list_f) {
+- char *s = NULL;
+- FILE *from_file;
++ int fd;
++ char *s;
+
+ g_progname = llist_pop(&list_f);
+- from_file = xfopen_stdin(g_progname);
+- /* one byte is reserved for some trick in next_token */
+- for (i = j = 1; j > 0; i += j) {
+- s = xrealloc(s, i + 4096);
+- j = fread(s + i, 1, 4094, from_file);
+- }
+- s[i] = '\0';
+- fclose(from_file);
+- parse_program(s + 1);
++ fd = xopen_stdin(g_progname);
++ s = xmalloc_read(fd, NULL); /* it's NUL-terminated */
++ close(fd);
++ parse_program(s);
+ free(s);
+ }
+ g_progname = "cmd. line";
+@@ -3277,11 +3628,23 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ parse_program(llist_pop(&list_e));
+ }
+ #endif
++//FIXME: preserve order of -e and -f
++//TODO: implement -i LIBRARY and -E FILE too, they are easy-ish
+ if (!(opt & (OPT_f | OPT_e))) {
+ if (!*argv)
+ bb_show_usage();
+ parse_program(*argv++);
+ }
++ /* Free unused parse structures */
++ //hash_free(fnhash); // ~250 bytes when empty, used only for function names
++ //^^^^^^^^^^^^^^^^^ does not work, hash_clear() inside SEGVs
++ // (IOW: hash_clear() assumes it's a hash of variables. fnhash is not).
++ free(fnhash->items);
++ free(fnhash);
++ fnhash = NULL; // debug
++ //hash_free(ahash); // empty after parsing, will reuse as fdhash instead of freeing
++
++ /* Parsing done, on to executing */
+
+ /* fill in ARGV array */
+ setari_u(intvar[ARGV], 0, "awk");
+@@ -3290,9 +3653,14 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ setari_u(intvar[ARGV], ++i, *argv++);
+ setvar_i(intvar[ARGC], i + 1);
+
+- evaluate(beginseq.first, &tv);
++ //fdhash = ahash; // done via define
++ newfile("/dev/stdin")->F = stdin;
++ newfile("/dev/stdout")->F = stdout;
++ newfile("/dev/stderr")->F = stderr;
++
++ evaluate(beginseq.first, &G.main__tmpvar);
+ if (!mainseq.first && !endseq.first)
+- awk_exit(EXIT_SUCCESS);
++ awk_exit();
+
+ /* input file could already be opened in BEGIN block */
+ if (!iF)
+@@ -3307,7 +3675,7 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ nextrec = FALSE;
+ incvar(intvar[NR]);
+ incvar(intvar[FNR]);
+- evaluate(mainseq.first, &tv);
++ evaluate(mainseq.first, &G.main__tmpvar);
+
+ if (nextfile)
+ break;
+@@ -3319,6 +3687,6 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ iF = next_input_file();
+ }
+
+- awk_exit(EXIT_SUCCESS);
++ awk_exit();
+ /*return 0;*/
+ }
+diff --git a/testsuite/awk.tests b/testsuite/awk.tests
+index a7a533ba0..87f6b5007 100755
+--- a/testsuite/awk.tests
++++ b/testsuite/awk.tests
+@@ -85,7 +85,8 @@ testing "awk floating const with leading zeroes" \
+ "" "\n"
+
+ # long field seps requiring regex
+-testing "awk long field sep" "awk -F-- '{ print NF, length(\$NF), \$NF }'" \
++testing "awk long field sep" \
++ "awk -F-- '{ print NF, length(\$NF), \$NF }'" \
+ "2 0 \n3 0 \n4 0 \n5 0 \n" \
+ "" \
+ "a--\na--b--\na--b--c--\na--b--c--d--"
+@@ -317,6 +318,26 @@ testing "awk length()" \
+ "3\n3\n3\n3\n" \
+ "" "qwe"
+
++testing "awk print length, 1" \
++ "awk '{ print length, 1 }'" \
++ "0 1\n" \
++ "" "\n"
++
++testing "awk print length 1" \
++ "awk '{ print length 1 }'" \
++ "01\n" \
++ "" "\n"
++
++testing "awk length == 0" \
++ "awk 'length == 0 { print \"foo\" }'" \
++ "foo\n" \
++ "" "\n"
++
++testing "awk if (length == 0)" \
++ "awk '{ if (length == 0) { print \"bar\" } }'" \
++ "bar\n" \
++ "" "\n"
++
+ testing "awk -f and ARGC" \
+ "awk -f - input" \
+ "re\n2\n" \
+@@ -369,5 +390,13 @@ testing 'awk negative field access' \
+ '' \
+ 'anything'
+
++# was misinterpreted as (("str"++) i) instead of ("str" (++i))
++# (and was executed: "str"++ is "0", thus concatenating "0" and "1"):
++testing 'awk do not allow "str"++' \
++ 'awk -v i=1 "BEGIN {print \"str\" ++i}"' \
++ "str2\n" \
++ '' \
++ 'anything'
++
+
+ exit $FAILCOUNT
diff --git a/main/busybox/traceroute-opt-x.patch b/main/busybox/traceroute-opt-x.patch
new file mode 100644
index 0000000000..eea1789100
--- /dev/null
+++ b/main/busybox/traceroute-opt-x.patch
@@ -0,0 +1,26 @@
+From 89358a7131d3e75c74af834bb117b4fad7914983 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 2 Feb 2021 13:48:21 +0100
+Subject: traceroute: fix option parsing
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ networking/traceroute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/networking/traceroute.c b/networking/traceroute.c
+index 3f1a9ab46..29f5e480b 100644
+--- a/networking/traceroute.c
++++ b/networking/traceroute.c
+@@ -896,7 +896,7 @@ traceroute_init(int op, char **argv)
+
+ op |= getopt32(argv, "^"
+ OPT_STRING
+- "\0" "-1:x-x" /* minimum 1 arg */
++ "\0" "-1" /* minimum 1 arg */
+ , &tos_str, &device, &max_ttl_str, &port_str, &nprobes_str
+ , &source, &waittime_str, &pausemsecs_str, &first_ttl_str
+ );
+--
+cgit v1.2.3
+
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 4b9e93adaa..c81d6632a0 100644
--- a/main/ca-certificates/APKBUILD
+++ b/main/ca-certificates/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
-pkgver=20191127
-pkgrel=4
+pkgver=20211220
+pkgrel=0
pkgdesc="Common CA certificates PEM files from Mozilla"
url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
arch="all"
@@ -15,16 +15,10 @@ replaces="libcrypto1.0 openssl openssl1.0"
options="!fhs !check"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
-source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2
- 0001-update-ca-fix-compiler-warning.patch
- 0002-replace-python-script-with-perl-script.patch
- 0003-update-ca-insert-newline-between-certs.patch
- "
+source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2"
build() {
make
- # remove expired cert (https://gitlab.alpinelinux.org/alpine/aports/issues/11607)
- rm AddTrust_External_Root.crt
}
package() {
@@ -69,7 +63,6 @@ bundle() {
"$subpkgdir"/etc/ssl/cert.pem
}
-sha512sums="05e3a11efd80ea88eb81774e084febe4b8d1fa48f01f49e5ed3d469e10a2769260a264faed42ea3a0b725659cda1cc4a67ce5575fe04cdff9dc1c08207911c9b ca-certificates-20191127.tar.bz2
-aafe6d9047380fc403792fbf27146dc9c0532ef401e6eb9bd8b533c110f902cad0a66701cf3563ad625d07ae54619e9f2f3091ec14772b92e178dbed142ecd97 0001-update-ca-fix-compiler-warning.patch
-4d9c71b9ea0596f5efaa188f244b7ab587f96c218bb6fed01f11e34c553909f65bbe660156f8300be9511ae50614661c5dcd3b493ac146a8e888f62fc52bd9d4 0002-replace-python-script-with-perl-script.patch
-051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595 0003-update-ca-insert-newline-between-certs.patch"
+sha512sums="
+6b486384c80b29632939a28524acfeeedc60f5df44da86bc16ce79f3cf2ff464455e963ebeb410c3072829b9083215961b32c18673ff77b211652d4c1e870799 ca-certificates-20211220.tar.bz2
+"
diff --git a/main/cryptsetup/APKBUILD b/main/cryptsetup/APKBUILD
index 8bba60cee6..9073b6e49f 100644
--- a/main/cryptsetup/APKBUILD
+++ b/main/cryptsetup/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cryptsetup
-pkgver=2.3.2
-pkgrel=1
+pkgver=2.3.7
+pkgrel=0
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
url="https://gitlab.com/cryptsetup/cryptsetup"
arch="all"
@@ -16,10 +16,11 @@ source="https://www.kernel.org/pub/linux/utils/cryptsetup/v${pkgver%.*}/cryptset
flush-stdout.patch
dmcrypt.confd
dmcrypt.initd
- CVE-2020-14382.patch::https://gitlab.com/cryptsetup/cryptsetup/-/commit/52f5cb8cedf22fb3e14c744814ec8af7614146c7.patch
"
# secfixes:
+# 2.3.7-r0:
+# - CVE-2021-4122
# 2.3.2-r1:
# - CVE-2020-14382
@@ -60,8 +61,7 @@ libs() {
mv "$pkgdir"/lib "$subpkgdir"/
}
-sha512sums="a3e8694e52b2d92269f74d5c796a18ef3bf8fe8b082192b1a31090542ca95392f4909218581eb9df5c79a465a03ef08e25df3358c382a7ab1394e9df276357df cryptsetup-2.3.2.tar.gz
+sha512sums="754f1b5c3dd234f256549118789af4187d75466743e5ec43d929d402c01e9c6997a9166fd8e4dc30c177f58d43284f7e28cc02fc015f02d605f3d6e5784a6b4c cryptsetup-2.3.7.tar.gz
dc896fdb7697d01443a168819f01af02db00a9de75589f062a1ebbfc0bc185b6d2109b18352309c41b818e3ad89609dcea3660d6f3cda890de825f053f94de97 flush-stdout.patch
74422d5e1614b43af894ea01da1ea80d805ec7f77981cbb80a6b1a4becad737a8825d7269812499095a7f50d39fa7da5bf4e4edae63529b1fe87b9176943a733 dmcrypt.confd
-81dad61cdecf1dc529b26eb3cdc15979a582c876b01268f88e7a71c8fae6911137c03bfa63fee64e064e5fb31f673610be27ecab9fc432229f13e7040698bd5c dmcrypt.initd
-5a8e68f4efc68a34a917c298ccf7d45a67adb67de06bf3560d58a01b4d6c77c52b868af9f322c3b82789c2e890f120e5c6e56b96f8cff083413301f24a6befc1 CVE-2020-14382.patch"
+81dad61cdecf1dc529b26eb3cdc15979a582c876b01268f88e7a71c8fae6911137c03bfa63fee64e064e5fb31f673610be27ecab9fc432229f13e7040698bd5c dmcrypt.initd"
diff --git a/main/dahdi-linux-lts/APKBUILD b/main/dahdi-linux-lts/APKBUILD
index 3ca1f199bf..0bdf331f4a 100644
--- a/main/dahdi-linux-lts/APKBUILD
+++ b/main/dahdi-linux-lts/APKBUILD
@@ -9,7 +9,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/drbd-lts/APKBUILD b/main/drbd-lts/APKBUILD
index 5b326e8afe..895cf40f05 100644
--- a/main/drbd-lts/APKBUILD
+++ b/main/drbd-lts/APKBUILD
@@ -8,7 +8,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kabi="$_kver-$_krel-$_flavor"
_kpkgver="$_kver-r$_krel"
diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 35cb8bcf65..0136289099 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -1,16 +1,29 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=expat
-pkgver=2.2.9
-pkgrel=1
+pkgver=2.2.10
+pkgrel=0
pkgdesc="An XML Parser library written in C"
url="http://www.libexpat.org/"
arch="all"
license='MIT'
checkdepends="bash"
-source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
+source="https://github.com/libexpat/libexpat/releases/download/R_${pkgver//./_}/expat-$pkgver.tar.xz
+ CVE-2021-45960.patch
+ CVE-2021-46143.patch
+ CVE-2022-22822.patch
+ "
subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
# secfixes:
+# 2.2.10-r0:
+# - CVE-2021-45960
+# - CVE-2021-46143
+# - CVE-2022-22822
+# - CVE-2022-22823
+# - CVE-2022-22824
+# - CVE-2022-22825
+# - CVE-2022-22826
+# - CVE-2022-22827
# 2.2.7-r1:
# - CVE-2019-15903
# 2.2.7-r0:
@@ -39,4 +52,9 @@ package() {
make DESTDIR="$pkgdir/" install
}
-sha512sums="8ea4b89a171dfda8267c8b7a0295516d169bf7f46587ebe460fe0ae7a31478a119ae2a7eaa09b3ce46b107ec7cd2274ea66d91c08b8a4ad6b98ba984cdd4e15b expat-2.2.9.tar.bz2"
+sha512sums="
+a8e0c8a9cf7e6fbacdc6e709f3c99c533ab550fba52557d24259bb8b360f9697624c7500c0e9886fa57ee2b529aadd0d1835d66fe8112e15c20df75cd3eb090f expat-2.2.10.tar.xz
+4afd3777fc682a2f9057d4cc42afe6e04680d7d24f93dc11a2677cb8b1a4b400921f6d689e2953aff4a3312118ea801c9e161f85774360b3b5c2d3bd0067f7ad CVE-2021-45960.patch
+dd0339a0cdf5b18638a5732f2f9930af7adb5b20aa3bf102317a571f0f7d4f453313f0d8fdaa60f89c7a8f2e59eeaaca4b9c2e427a45594b7e21ed7c253d547a CVE-2021-46143.patch
+dcf6bfc07b4919b1248dba5fc6d4e425d09975b09255d77456bb44b40495e92b4d4ffae6a9e949b204770848b70edfc4be1869c191cb01ebe967b1906ffc9d59 CVE-2022-22822.patch
+"
diff --git a/main/expat/CVE-2021-45960.patch b/main/expat/CVE-2021-45960.patch
new file mode 100644
index 0000000000..7c366ab390
--- /dev/null
+++ b/main/expat/CVE-2021-45960.patch
@@ -0,0 +1,59 @@
+From 0adcb34c49bee5b19bd29b16a578c510c23597ea Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 27 Dec 2021 20:15:02 +0100
+Subject: [PATCH] lib: Detect and prevent troublesome left shifts in function
+ storeAtts (CVE-2021-45960)
+
+---
+ expat/lib/xmlparse.c | 31 +++++++++++++++++++++++++++++--
+ 1 file changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index d730f41c3..b47c31b05 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3414,7 +3414,13 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ if (nPrefixes) {
+ int j; /* hash table index */
+ unsigned long version = parser->m_nsAttsVersion;
+- int nsAttsSize = (int)1 << parser->m_nsAttsPower;
++
++ /* Detect and prevent invalid shift */
++ if (parser->m_nsAttsPower >= sizeof(unsigned int) * 8 /* bits per byte */) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
++ unsigned int nsAttsSize = 1u << parser->m_nsAttsPower;
+ unsigned char oldNsAttsPower = parser->m_nsAttsPower;
+ /* size of hash table must be at least 2 * (# of prefixed attributes) */
+ if ((nPrefixes << 1)
+@@ -3425,7 +3431,28 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ ;
+ if (parser->m_nsAttsPower < 3)
+ parser->m_nsAttsPower = 3;
+- nsAttsSize = (int)1 << parser->m_nsAttsPower;
++
++ /* Detect and prevent invalid shift */
++ if (parser->m_nsAttsPower >= sizeof(nsAttsSize) * 8 /* bits per byte */) {
++ /* Restore actual size of memory in m_nsAtts */
++ parser->m_nsAttsPower = oldNsAttsPower;
++ return XML_ERROR_NO_MEMORY;
++ }
++
++ nsAttsSize = 1u << parser->m_nsAttsPower;
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) {
++ /* Restore actual size of memory in m_nsAtts */
++ parser->m_nsAttsPower = oldNsAttsPower;
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts,
+ nsAttsSize * sizeof(NS_ATT));
+ if (! temp) {
diff --git a/main/expat/CVE-2021-46143.patch b/main/expat/CVE-2021-46143.patch
new file mode 100644
index 0000000000..d6bafba0ff
--- /dev/null
+++ b/main/expat/CVE-2021-46143.patch
@@ -0,0 +1,43 @@
+From 85ae9a2d7d0e9358f356b33977b842df8ebaec2b Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 25 Dec 2021 20:52:08 +0100
+Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function
+ doProlog (CVE-2021-46143)
+
+---
+ expat/lib/xmlparse.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index b47c31b0..8f243126 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -5046,6 +5046,11 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ if (parser->m_prologState.level >= parser->m_groupSize) {
+ if (parser->m_groupSize) {
+ {
++ /* Detect and prevent integer overflow */
++ if (parser->m_groupSize > (unsigned int)(-1) / 2u) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ char *const new_connector = (char *)REALLOC(
+ parser, parser->m_groupConnector, parser->m_groupSize *= 2);
+ if (new_connector == NULL) {
+@@ -5056,6 +5061,16 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ }
+
+ if (dtd->scaffIndex) {
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ int *const new_scaff_index = (int *)REALLOC(
+ parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int));
+ if (new_scaff_index == NULL)
diff --git a/main/expat/CVE-2022-22822.patch b/main/expat/CVE-2022-22822.patch
new file mode 100644
index 0000000000..4fed22e63c
--- /dev/null
+++ b/main/expat/CVE-2022-22822.patch
@@ -0,0 +1,250 @@
+From 9f93e8036e842329863bf20395b8fb8f73834d9e Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Thu, 30 Dec 2021 22:46:03 +0100
+Subject: [PATCH] lib: Prevent integer overflow at multiple places
+ (CVE-2022-22822 to CVE-2022-22827)
+
+The involved functions are:
+- addBinding (CVE-2022-22822)
+- build_model (CVE-2022-22823)
+- defineAttribute (CVE-2022-22824)
+- lookup (CVE-2022-22825)
+- nextScaffoldPart (CVE-2022-22826)
+- storeAtts (CVE-2022-22827)
+---
+ expat/lib/xmlparse.c | 153 ++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 151 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 8f243126..575e73ee 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3261,13 +3261,38 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+
+ /* get the attributes from the tokenizer */
+ n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts);
++
++ /* Detect and prevent integer overflow */
++ if (n > INT_MAX - nDefaultAtts) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ if (n + nDefaultAtts > parser->m_attsSize) {
+ int oldAttsSize = parser->m_attsSize;
+ ATTRIBUTE *temp;
+ #ifdef XML_ATTR_INFO
+ XML_AttrInfo *temp2;
+ #endif
++
++ /* Detect and prevent integer overflow */
++ if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE)
++ || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) {
++ parser->m_attsSize = oldAttsSize;
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts,
+ parser->m_attsSize * sizeof(ATTRIBUTE));
+ if (temp == NULL) {
+@@ -3276,6 +3301,17 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ }
+ parser->m_atts = temp;
+ #ifdef XML_ATTR_INFO
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++# if UINT_MAX >= SIZE_MAX
++ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) {
++ parser->m_attsSize = oldAttsSize;
++ return XML_ERROR_NO_MEMORY;
++ }
++# endif
++
+ temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo,
+ parser->m_attsSize * sizeof(XML_AttrInfo));
+ if (temp2 == NULL) {
+@@ -3610,9 +3646,31 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ tagNamePtr->prefixLen = prefixLen;
+ for (i = 0; localPart[i++];)
+ ; /* i includes null terminator */
++
++ /* Detect and prevent integer overflow */
++ if (binding->uriLen > INT_MAX - prefixLen
++ || i > INT_MAX - (binding->uriLen + prefixLen)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ n = i + binding->uriLen + prefixLen;
+ if (n > binding->uriAlloc) {
+ TAG *p;
++
++ /* Detect and prevent integer overflow */
++ if (n > INT_MAX - EXPAND_SPARE) {
++ return XML_ERROR_NO_MEMORY;
++ }
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char));
+ if (! uri)
+ return XML_ERROR_NO_MEMORY;
+@@ -3708,6 +3766,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+ if (parser->m_freeBindingList) {
+ b = parser->m_freeBindingList;
+ if (len > b->uriAlloc) {
++ /* Detect and prevent integer overflow */
++ if (len > INT_MAX - EXPAND_SPARE) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ XML_Char *temp = (XML_Char *)REALLOC(
+ parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE));
+ if (temp == NULL)
+@@ -3720,6 +3793,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+ b = (BINDING *)MALLOC(parser, sizeof(BINDING));
+ if (! b)
+ return XML_ERROR_NO_MEMORY;
++
++ /* Detect and prevent integer overflow */
++ if (len > INT_MAX - EXPAND_SPARE) {
++ return XML_ERROR_NO_MEMORY;
++ }
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ b->uri
+ = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE));
+ if (! b->uri) {
+@@ -6141,7 +6229,24 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,
+ }
+ } else {
+ DEFAULT_ATTRIBUTE *temp;
++
++ /* Detect and prevent integer overflow */
++ if (type->allocDefaultAtts > INT_MAX / 2) {
++ return 0;
++ }
++
+ int count = type->allocDefaultAtts * 2;
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) {
++ return 0;
++ }
++#endif
++
+ temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts,
+ (count * sizeof(DEFAULT_ATTRIBUTE)));
+ if (temp == NULL)
+@@ -6792,8 +6897,20 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
+ /* check for overflow (table is half full) */
+ if (table->used >> (table->power - 1)) {
+ unsigned char newPower = table->power + 1;
++
++ /* Detect and prevent invalid shift */
++ if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) {
++ return NULL;
++ }
++
+ size_t newSize = (size_t)1 << newPower;
+ unsigned long newMask = (unsigned long)newSize - 1;
++
++ /* Detect and prevent integer overflow */
++ if (newSize > (size_t)(-1) / sizeof(NAMED *)) {
++ return NULL;
++ }
++
+ size_t tsize = newSize * sizeof(NAMED *);
+ NAMED **newV = (NAMED **)table->mem->malloc_fcn(tsize);
+ if (! newV)
+@@ -7143,6 +7260,20 @@ nextScaffoldPart(XML_Parser parser) {
+ if (dtd->scaffCount >= dtd->scaffSize) {
+ CONTENT_SCAFFOLD *temp;
+ if (dtd->scaffold) {
++ /* Detect and prevent integer overflow */
++ if (dtd->scaffSize > UINT_MAX / 2u) {
++ return -1;
++ }
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) {
++ return -1;
++ }
++#endif
++
+ temp = (CONTENT_SCAFFOLD *)REALLOC(
+ parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD));
+ if (temp == NULL)
+@@ -7212,8 +7343,26 @@ build_model(XML_Parser parser) {
+ XML_Content *ret;
+ XML_Content *cpos;
+ XML_Char *str;
+- int allocsize = (dtd->scaffCount * sizeof(XML_Content)
+- + (dtd->contentStringLen * sizeof(XML_Char)));
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) {
++ return NULL;
++ }
++ if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) {
++ return NULL;
++ }
++#endif
++ if (dtd->scaffCount * sizeof(XML_Content)
++ > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) {
++ return NULL;
++ }
++
++ const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content)
++ + (dtd->contentStringLen * sizeof(XML_Char)));
+
+ ret = (XML_Content *)MALLOC(parser, allocsize);
+ if (! ret)
diff --git a/main/linux-lts/APKBUILD b/main/linux-lts/APKBUILD
index c9ceacf4d2..5feadf6462 100644
--- a/main/linux-lts/APKBUILD
+++ b/main/linux-lts/APKBUILD
@@ -2,7 +2,7 @@
_flavor=lts
pkgname=linux-${_flavor}
-pkgver=5.4.143
+pkgver=5.4.168
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
@@ -235,4 +235,4 @@ e19a0e494bfead5846770fef9a8d4fa8ab9e7290b78a14403404f61dc71c3d667f5f199f29a817c1
3a9bad315329228b368e399854c94ecbdf3f211de35c2f70cb1287f5ecbe5f50cb31f97b02f99e880ca1cf1772dd3341c8d888509718baaf78593664bc822d70 config-virt.armv7
bbf2b9b8d1cf45e95d02438c23c8b5646dc21b51b16ac34498213f8517ea94f4769781e8902a6d8a32b5f7c1b174e15afde147aeefde221024af2dc686f1b575 config-virt.x86
8a64728776209d1305f10d8310694088ec38ada723da0ef9caf1ac4390c580704cefb0f8487bd9632974fac31b6db4684e650ab2db222a63e3223658254dc8d7 config-virt.x86_64
-5850c88f4cfe6d26e543bb96b77691d846e5f3d506a607a7a083fc54561113f4b5afb48e93a963b056f34beb4f75cc64dd693f128ae5be795cdd8274c5955330 patch-5.4.143.xz"
+057e5e4a43dcc1500d38c516320ec9a36efb0962a86ad3deaf37ca20334c59f6cfb3d49c840f0c3447b77b2d1ac1ca2fac2a397c47475d5217af3b7be4ff58d4 patch-5.4.168.xz"
diff --git a/main/lz4/APKBUILD b/main/lz4/APKBUILD
index b3b89891c0..49eaa4af3e 100644
--- a/main/lz4/APKBUILD
+++ b/main/lz4/APKBUILD
@@ -2,16 +2,20 @@
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=lz4
pkgver=1.9.2
-pkgrel=0
+pkgrel=1
pkgdesc="LZ4 is lossless compression algorithm with fast decoder @ multiple GB/s per core."
url="https://github.com/lz4/lz4"
arch="all"
license="BSD-2-Clause GPL-2.0-only"
checkdepends="diffutils"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs $pkgname-tests:tests"
-source="$pkgname-$pkgver.tar.gz::https://github.com/lz4/lz4/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/lz4/lz4/archive/v$pkgver.tar.gz
+ CVE-2021-3520.patch
+ "
# secfixes:
+# 1.9.2-r1:
+# - CVE-2021-3520
# 1.9.2-r0:
# - CVE-2019-17543
@@ -34,4 +38,5 @@ package() {
make PREFIX="/usr" DESTDIR="$pkgdir" install
}
-sha512sums="ae714c61ec8e33ed91359b63f2896cfa102d66b730dce112b74696ec5850e59d88bd5527173e01e354a70fbe8f036557a47c767ee0766bc5f9c257978116c3c1 lz4-1.9.2.tar.gz"
+sha512sums="ae714c61ec8e33ed91359b63f2896cfa102d66b730dce112b74696ec5850e59d88bd5527173e01e354a70fbe8f036557a47c767ee0766bc5f9c257978116c3c1 lz4-1.9.2.tar.gz
+29038d80c4399ded52b49e69d0f0d80bef8bf424e3540de366ef539706c8c1119784d6137c96130f131239d74a4c110dd9790cae5c9b17c102820446582c5637 CVE-2021-3520.patch"
diff --git a/main/lz4/CVE-2021-3520.patch b/main/lz4/CVE-2021-3520.patch
new file mode 100644
index 0000000000..053958dfe8
--- /dev/null
+++ b/main/lz4/CVE-2021-3520.patch
@@ -0,0 +1,22 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d01d..c2f504ef3 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+ const size_t dictSize /* note : = 0 if noDict */
+ )
+ {
+- if (src == NULL) { return -1; }
++ if ((src == NULL) || (outputSize < 0)) { return -1; }
+
+ { const BYTE* ip = (const BYTE*) src;
+ const BYTE* const iend = ip + srcSize;
diff --git a/main/mariadb/APKBUILD b/main/mariadb/APKBUILD
index a31189fade..f472e84011 100644
--- a/main/mariadb/APKBUILD
+++ b/main/mariadb/APKBUILD
@@ -7,7 +7,7 @@
# Contributor: Jake Buchholz <tomalok@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mariadb
-pkgver=10.4.21
+pkgver=10.4.22
pkgrel=0
pkgdesc="A fast SQL database server"
url="https://www.mariadb.org/"
@@ -37,7 +37,7 @@ case "$CARCH" in
;;
esac
-source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz
+source="https://archive.mariadb.org/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz
$pkgname.initd
pcre.cmake.patch
ppc-remove-glibc-dep.patch
@@ -46,6 +46,8 @@ source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariad
#options="!check"
# secfixes:
+# 10.4.22-r0:
+# - CVE-2021-35604
# 10.4.21-r0:
# - CVE-2021-2372
# - CVE-2021-2389
@@ -463,7 +465,7 @@ _plugin_rocksdb() {
}
sha512sums="
-2be398cd80f0b8c938ab310f47ccd410f0209f8308bfc202014b71aee3f0bea7f535d1eceb82a4407202d9732c77874d773c6f13e54cf556fc79ed0d49390345 mariadb-10.4.21.tar.gz
+e505a56346cfcaf5b8fba80abad6b2ce819dd410f6e6f36e290ad4127aaa9fb580264c28068f9f9e04c3a2fcccd101ef73d2bf5944aedde6b2d4369163fb9248 mariadb-10.4.22.tar.gz
c352969f6665b0ffa387f7b185a5dea7751f4b16c12c809627857b27321efa09159369d7dd5c852d6159a9f173cb895fb601f0c52a1fa6e3527899520030964c mariadb.initd
70da971aa78815495098205bcbd28428430aa83c3f1050fec0231ca86af9d9def2d2108a48ee08d86812c8dc5ad8ab1ef4e17a49b4936ed5187ae0f6a7ef8f63 pcre.cmake.patch
dbd0970ea34e8bc8510431b3dc78f90b68be6f84bd27909a88516a469c2d5b402cfa62c548d78bac1e3eb717bb1b361cc375a3a77321a497e16dfba883233949 ppc-remove-glibc-dep.patch
diff --git a/main/mbedtls/APKBUILD b/main/mbedtls/APKBUILD
index 0455d8bd27..b35e34be09 100644
--- a/main/mbedtls/APKBUILD
+++ b/main/mbedtls/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mbedtls
-pkgver=2.16.9
+pkgver=2.16.12
pkgrel=0
pkgdesc="Light-weight cryptographic and SSL/TLS library"
url="https://tls.mbed.org"
@@ -10,13 +10,14 @@ arch="all"
license="Apache-2.0"
makedepends="cmake perl python3"
subpackages="$pkgname-static $pkgname-dev $pkgname-utils"
-source="$pkgname-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/mbedtls-$pkgver.tar.gz"
-builddir="$srcdir/mbedtls-mbedtls-$pkgver"
+source="$pkgname-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/v$pkgver.tar.gz"
# Track security issues
# https://tls.mbed.org/security
# secfixes:
+# 2.16.12-r0:
+# - CVE-2021-44732
# 2.16.8-r0:
# - CVE-2020-16150
# 2.16.6-r0:
@@ -81,4 +82,4 @@ static() {
chmod -x "$subpkgdir"/usr/lib/*.a
}
-sha512sums="f72538851c7a24ac14b5c153220260a49a083bfff44a52e9c1e77c51109bac779b5b4caac21f995176fe8f9d27843f3495692d6c7e9dc733cbcec896823ff0e0 mbedtls-2.16.9.tar.gz"
+sha512sums="8d96d8cd906cc0999134320e4e1f550631426d166eab5da6e65469ee7286093810fcc6ac4bd5500ee55972d159f8bef7f9e53245f7f0eec72f72c35265b4313b mbedtls-2.16.12.tar.gz"
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
index a8736fda6c..62557c5ecf 100644
--- a/main/ncurses/APKBUILD
+++ b/main/ncurses/APKBUILD
@@ -2,7 +2,7 @@
pkgname=ncurses
pkgver=6.2_p20200523
_ver=${pkgver/_p/-}
-pkgrel=0
+pkgrel=1
pkgdesc="Console display library"
url="https://invisible-island.net/ncurses/"
arch="all"
@@ -11,10 +11,13 @@ license="MIT"
makedepends_build="ncurses"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs
$pkgname-terminfo-base:base:noarch $pkgname-terminfo:terminfo:noarch"
-source="https://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz"
+source="https://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz
+ CVE-2021-39537.patch"
builddir="$srcdir"/ncurses-$_ver
# secfixes:
+# 6.2_p20200523-r1:
+# - CVE-2021-39537
# 6.1_p20180414-r0:
# - CVE-2018-10754
# 6.0_p20171125-r0:
@@ -110,4 +113,5 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
}
-sha512sums="bcfee078ba4b4152909aad636dc6e354a9a0499e228db4c710d73d171fa73e208b4e62f403e0f90d16f8e367414bf2b6297f1acd47d9ba58e60b88d560862fb4 ncurses-6.2-20200523.tgz"
+sha512sums="bcfee078ba4b4152909aad636dc6e354a9a0499e228db4c710d73d171fa73e208b4e62f403e0f90d16f8e367414bf2b6297f1acd47d9ba58e60b88d560862fb4 ncurses-6.2-20200523.tgz
+8019db1f739c5e8ad0078d8266875bb1132a063406403ff1fd0686b6650eccd44cc3381a16adf89f3476fdf708bbac73cb29cf1fb48c28ab224637869c1e7714 CVE-2021-39537.patch"
diff --git a/main/ncurses/CVE-2021-39537.patch b/main/ncurses/CVE-2021-39537.patch
new file mode 100644
index 0000000000..f37cca2145
--- /dev/null
+++ b/main/ncurses/CVE-2021-39537.patch
@@ -0,0 +1,26 @@
+$NetBSD: patch-ncurses_tinfo_captoinfo.c,v 1.1 2021/10/09 07:52:36 wiz Exp $
+
+Fix for CVE-2021-39537 from upstream:
+https://github.com/ThomasDickey/ncurses-snapshots/commit/63ca9e061f4644795d6f3f559557f3e1ed8c738b#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340
+
+--- ./ncurses/tinfo/captoinfo.c.orig 2020-02-02 23:34:34.000000000 +0000
++++ ./ncurses/tinfo/captoinfo.c
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ }
+ break;
+ case '^':
++ len = 2;
+ c = UChar(*++sp);
+- if (c == '?')
++ if (c == '?') {
+ c = 127;
+- else
++ } else if (c == '\0') {
++ len = 1;
++ } else {
+ c &= 0x1f;
+- len = 2;
++ }
+ break;
+ default:
+ c = UChar(*sp);
diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index 53385534de..206e067c18 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=nss
pkgver=3.60
-pkgrel=1
+pkgrel=2
pkgdesc="Mozilla Network Security Services"
url="https://developer.mozilla.org/docs/Mozilla/Projects/NSS"
arch="all"
@@ -13,6 +13,7 @@ depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
+ CVE-2021-43527.patch
nss.pc.in
nss-util.pc.in
nss-softokn.pc.in
@@ -23,6 +24,8 @@ source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM
options="!strip !check"
# secfixes:
+# 3.60-r2:
+# - CVE-2021-43527
# 3.58-r0:
# - CVE-2020-25648
# 3.55-r0:
@@ -179,8 +182,11 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695 nss-3.60.tar.gz
+sha512sums="
+6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695 nss-3.60.tar.gz
+aff96b509bd649f9d5d5850b19daf1296210868dedd3ca9c1d198a9cf4cb2cfeb9ed6c530a8c9b7e1fbc0284e728ccf61c149fa07d940ef30e8ebc6588af76e6 CVE-2021-43527.patch
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in
-2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in"
+2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b nss-config.in
+"
diff --git a/main/nss/CVE-2021-43527.patch b/main/nss/CVE-2021-43527.patch
new file mode 100644
index 0000000000..afec728805
--- /dev/null
+++ b/main/nss/CVE-2021-43527.patch
@@ -0,0 +1,352 @@
+
+# HG changeset patch
+# User Dennis Jackson <djackson@mozilla.com>
+# Date 1637577642 0
+# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd
+# Parent da3d22d708c9cc0a32cff339658aeb627575e371
+Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D129514
+
+diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c
+--- a/nss/lib/cryptohi/secvfy.c
++++ b/nss/lib/cryptohi/secvfy.c
+@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext *
+ SECItem pkcs1DigestInfo;
+ pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
+ pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
+ return _SGN_VerifyPKCS1DigestInfo(
+ cx->hashAlg, digest, &pkcs1DigestInfo,
+ PR_FALSE /*XXX: unsafeAllowMissingParameters*/);
+ }
+
++static unsigned int
++checkedSignatureLen(const SECKEYPublicKey *pubk)
++{
++ unsigned int sigLen = SECKEY_SignatureLen(pubk);
++ if (sigLen == 0) {
++ /* Error set by SECKEY_SignatureLen */
++ return sigLen;
++ }
++ unsigned int maxSigLen;
++ switch (pubk->keyType) {
++ case rsaKey:
++ case rsaPssKey:
++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
++ break;
++ case dsaKey:
++ maxSigLen = DSA_MAX_SIGNATURE_LEN;
++ break;
++ case ecKey:
++ maxSigLen = 2 * MAX_ECKEY_LEN;
++ break;
++ default:
++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
++ return 0;
++ }
++ if (sigLen > maxSigLen) {
++ PORT_SetError(SEC_ERROR_INVALID_KEY);
++ return 0;
++ }
++ return sigLen;
++}
++
+ /*
+ * decode the ECDSA or DSA signature from it's DER wrapping.
+ * The unwrapped/raw signature is placed in the buffer pointed
+ * to by dsig and has enough room for len bytes.
+ */
+ static SECStatus
+ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
+ unsigned int len)
+ {
+ SECItem *dsasig = NULL; /* also used for ECDSA */
+- SECStatus rv = SECSuccess;
+
+- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+- if (sig->len != len) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
++ if (len > DSA_MAX_SIGNATURE_LEN) {
++ goto loser;
+ }
+-
+- PORT_Memcpy(dsig, sig->data, sig->len);
+- return SECSuccess;
++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
++ if (len > MAX_ECKEY_LEN * 2) {
++ goto loser;
++ }
++ } else {
++ goto loser;
+ }
+
+- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+- if (len > MAX_ECKEY_LEN * 2) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
+- }
++ /* Decode and pad to length */
++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
++ if (dsasig == NULL) {
++ goto loser;
+ }
+- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+-
+- if ((dsasig == NULL) || (dsasig->len != len)) {
+- rv = SECFailure;
+- } else {
+- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
++ if (dsasig->len != len) {
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++ goto loser;
+ }
+
+- if (dsasig != NULL)
+- SECITEM_FreeItem(dsasig, PR_TRUE);
+- if (rv == SECFailure)
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return rv;
++ PORT_Memcpy(dsig, dsasig->data, len);
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++
++ return SECSuccess;
++
++loser:
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ return SECFailure;
+ }
+
+ const SEC_ASN1Template hashParameterTemplate[] =
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_OBJECT_ID, 0 },
+ { SEC_ASN1_SKIP_REST },
+ { 0 }
+@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg
+ *
+ * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the
+ * algorithm was not found or was not a signing algorithm.
+ */
+ SECStatus
+ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+ const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg)
+ {
+- int len;
++ unsigned int len;
+ PLArenaPool *arena;
+ SECStatus rv;
+ SECItem oid;
+ SECOidTag encalg;
+
+ PR_ASSERT(hashalg != NULL);
+ PR_ASSERT(encalgp != NULL);
+
+@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey
+ cx->wincx = wincx;
+ cx->hasSignature = (sig != NULL);
+ cx->encAlg = encAlg;
+ cx->hashAlg = hashAlg;
+ cx->key = SECKEY_CopyPublicKey(key);
+ cx->pkcs1RSADigestInfo = NULL;
+ rv = SECSuccess;
+ if (sig) {
+- switch (type) {
+- case rsaKey:
+- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+- &cx->pkcs1RSADigestInfo,
+- &cx->pkcs1RSADigestInfoLen,
+- cx->key,
+- sig, wincx);
+- break;
+- case rsaPssKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
++ rv = SECFailure;
++ if (type == rsaKey) {
++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
++ &cx->pkcs1RSADigestInfo,
++ &cx->pkcs1RSADigestInfoLen,
++ cx->key,
++ sig, wincx);
++ } else {
++ sigLen = checkedSignatureLen(key);
++ /* Check signature length is within limits */
++ if (sigLen == 0) {
++ /* error set by checkedSignatureLen */
++ rv = SECFailure;
++ goto loser;
++ }
++ if (sigLen > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ switch (type) {
++ case rsaPssKey:
++ if (sig->len != sigLen) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
++ rv = SECSuccess;
+ break;
+- }
+- if (sig->len != sigLen) {
+- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ case ecKey:
++ case dsaKey:
++ /* decodeECorDSASignature will check sigLen == sig->len after padding */
++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
++ break;
++ default:
++ /* Unreachable */
+ rv = SECFailure;
+- break;
+- }
+- PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+- break;
+- case dsaKey:
+- case ecKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
+- break;
+- }
+- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+- break;
+- default:
+- rv = SECFailure;
+- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+- break;
++ goto loser;
++ }
++ }
++ if (rv != SECSuccess) {
++ goto loser;
+ }
+ }
+
+- if (rv)
+- goto loser;
+-
+ /* check hash alg again, RSA may have changed it.*/
+ if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+ /* error set by HASH_GetHashTypeByOidTag */
+ goto loser;
+ }
+ /* check the policy on the hash algorithm. Do this after
+ * the rsa decode because some uses of this function get hash implicitly
+ * from the RSA signature itself. */
+@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ if (cx->hashcx == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
+ switch (cx->key->keyType) {
+ case ecKey:
+ case dsaKey:
+- dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ return SECFailure;
+ }
++ if (dsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ return SECFailure;
++ }
++ dsasig.data = cx->u.buffer;
++
+ if (sig) {
+ rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+ dsasig.len);
+ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ }
+@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ cx->params,
+ &mech);
+ PORT_DestroyCheapArena(&tmpArena);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+
+ rsasig.data = cx->u.buffer;
+- rsasig.len = SECKEY_SignatureLen(cx->key);
++ rsasig.len = checkedSignatureLen(cx->key);
+ if (rsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ return SECFailure;
++ }
++ if (rsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ if (sig) {
+ if (sig->len != rsasig.len) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ PORT_Memcpy(rsasig.data, sig->data, rsasig.len);
+@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx)
+ static SECStatus
+ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+ void *wincx)
+ {
+ SECStatus rv;
+ VFYContext *cx;
+ SECItem dsasig; /* also used for ECDSA */
+-
+ rv = SECFailure;
+
+ cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+ if (cx != NULL) {
+ switch (key->keyType) {
+ case rsaKey:
+ rv = verifyPKCS1DigestInfo(cx, digest);
++ /* Error (if any) set by verifyPKCS1DigestInfo */
+ break;
+- case dsaKey:
+ case ecKey:
++ case dsaKey:
+ dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ rv = SECFailure;
+ break;
+ }
+- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+- SECSuccess) {
++ if (dsasig.len > sizeof(cx->u)) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+- } else {
+- rv = SECSuccess;
++ rv = SECFailure;
++ break;
++ }
++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
++ if (rv != SECSuccess) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ }
+ break;
+ default:
+ break;
+ }
+ VFY_DestroyContext(cx, PR_TRUE);
+ }
+ return rv;
+
diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD
index 1cbd6b7db4..8155d995b9 100644
--- a/main/postgresql/APKBUILD
+++ b/main/postgresql/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: G.J.R. Timmer <gjr.timmer@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=postgresql
-pkgver=12.8
+pkgver=12.9
pkgrel=0
pkgdesc="A sophisticated object-relational DBMS"
url="https://www.postgresql.org/"
@@ -33,6 +33,9 @@ source="https://ftp.postgresql.org/pub/source/v$pkgver/postgresql-$pkgver.tar.bz
"
# secfixes:
+# 12.9-r0:
+# - CVE-2021-23214
+# - CVE-2021-23222
# 12.8-r0:
# - CVE-2021-3677
# 12.7-r0:
@@ -269,7 +272,7 @@ _run_tests() {
}
sha512sums="
-970fe1041e427ac1c8a786c93e2079b0a9c8b3fcaf9d38877894eb02e8a9afc7cd73d7ac28078c455845a922a1b7d9c1e22cb7990d8d523dd6496af9442fba01 postgresql-12.8.tar.bz2
+11697d8283f5df5a9c74c2406e94d1b6da6df8358ad48f3b773825aab98e8395f9fd4e3fc8b1e6ebad3743c3dadbda8b795d4fe84a447d7913223e136cf2b88f postgresql-12.9.tar.bz2
1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch
5f9d8bb4957194069d01af8ab3abc6d4d83a7e7f8bd7ebe1caae5361d621a3e58f91b14b952958138a794e0a80bc154fbb7e3e78d211e2a95b9b7901335de854 perl-rpath.patch
8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch
diff --git a/main/privoxy/APKBUILD b/main/privoxy/APKBUILD
index c896a5fd6b..e19fa387da 100644
--- a/main/privoxy/APKBUILD
+++ b/main/privoxy/APKBUILD
@@ -1,9 +1,9 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=privoxy
-pkgver=3.0.32
+pkgver=3.0.33
pkgrel=0
pkgdesc="A web proxy with advanced filtering capabilities"
-url="https://www.privoxy.org"
+url="https://www.privoxy.org/"
arch="all"
license="GPL"
pkgusers="privoxy"
@@ -20,6 +20,11 @@ options="!check" # No test suite
builddir="$srcdir/$pkgname-$pkgver-stable"
# secfixes:
+# 3.0.33-r0:
+# - CVE-2021-44540
+# - CVE-2021-44541
+# - CVE-2021-44542
+# - CVE-2021-44543
# 3.0.32-r0:
# - CVE-2021-20272
# - CVE-2021-20273
@@ -40,7 +45,6 @@ builddir="$srcdir/$pkgname-$pkgver-stable"
prepare() {
cd "$builddir"
- update_config_sub
default_prepare
aclocal && autoheader && autoconf
@@ -81,7 +85,9 @@ package() {
"$pkgdir"/etc/privoxy
}
-sha512sums="da41c0045bf593219df64718645eff984b5df43737811cc0fa12fce7e8ae1ab59eefbe20f23d6ce8f62216cfd81f1a9c319688d15693c25eed36010f3e1d5ffd privoxy-3.0.32-stable-src.tar.gz
+sha512sums="
+9684455dbce7f6d8f5defd31aa9a7316e0c1dc896525ab4d562d0359462b541b1c366dea9db07b798f3e00b9cbcc44f494d8c431bcb10f2cb05b5bca3cfeaf75 privoxy-3.0.33-stable-src.tar.gz
346bda3a2108547569af3397c77e092c54fa0c20bc6d3bb1d4c202b4e2b8d9c13018eab0a326cd9632310ec8052600ee7db4b6011610faec386c399cdd01af9c privoxy.initd
118caaeac3aba751584c5bdfc737bf5bfeddf1a62fda1f44bcd4654ae2e33183bc1ce6fc66d4a1bdd79766e42e669b1615a6d46d528a1bd49cabdf98385a3bb9 privoxy.logrotate
-1059feed20a31d7d2b5d1f44b7b1af40373d87dbd9e7e83c8998ac1b4e27dfbfdfeb6a9ea7934e15d0c14fed1fd03fb63d2ec8d2a6b53e5884a21dc8df4828fc privoxy-alpine.patch"
+1059feed20a31d7d2b5d1f44b7b1af40373d87dbd9e7e83c8998ac1b4e27dfbfdfeb6a9ea7934e15d0c14fed1fd03fb63d2ec8d2a6b53e5884a21dc8df4828fc privoxy-alpine.patch
+"
diff --git a/main/py3-pillow/APKBUILD b/main/py3-pillow/APKBUILD
index e5874205bc..a9b988728e 100644
--- a/main/py3-pillow/APKBUILD
+++ b/main/py3-pillow/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=py3-pillow
pkgver=7.1.2
-pkgrel=1
+pkgrel=2
pkgdesc="Python Imaging Library"
options="!check"
url="https://python-pillow.org/"
@@ -15,6 +15,7 @@ makedepends="python3-dev py3-setuptools freetype-dev
checkdepends="py3-pytest py3-numpy"
source="https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-$pkgver.tar.gz
CVE-2020-35655.patch
+ cve-2021-23437.patch
"
builddir="$srcdir/Pillow-$pkgver"
@@ -22,6 +23,8 @@ provides="py-pillow=$pkgver-r$pkgrel" # backwards compatibility
replaces="py-pillow" # backwards compatiblity
# secfixes:
+# 7.1.2-r2:
+# - CVE-2021-23437
# 7.1.2-r1:
# - CVE-2020-35655
# 6.2.2-r0:
@@ -46,5 +49,8 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="75d88c5c967d600b84caf9af62eeda6f235fb1357ba7ca47656be6d48018f2df6f2442df2d2ea50d4cc0955f55dce05c2e2676f9b4bca5aa72bfda61e407dd97 Pillow-7.1.2.tar.gz
-89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch"
+sha512sums="
+75d88c5c967d600b84caf9af62eeda6f235fb1357ba7ca47656be6d48018f2df6f2442df2d2ea50d4cc0955f55dce05c2e2676f9b4bca5aa72bfda61e407dd97 Pillow-7.1.2.tar.gz
+89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch
+0c991bf55bd2b73e1f5539f8c2110c47ef48029ff1a91710384d1612903850b1bbedeacef90359e738a02faacffd2e3a1d48d14a800681cd04f0f98c453b609b cve-2021-23437.patch
+"
diff --git a/main/py3-pillow/cve-2021-23437.patch b/main/py3-pillow/cve-2021-23437.patch
new file mode 100644
index 0000000000..9933ed8ced
--- /dev/null
+++ b/main/py3-pillow/cve-2021-23437.patch
@@ -0,0 +1,40 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+---
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index b5d69379655..dbe8b9e957b 100644
+--- a/Tests/test_imagecolor.py
++++ b/Tests/test_imagecolor.py
+@@ -191,3 +191,12 @@ def test_rounding_errors():
+ assert (255, 255) == ImageColor.getcolor("white", "LA")
+ assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
+ Image.new("LA", (1, 1), "white")
++
++
++def test_color_too_long():
++ # Arrange
++ color_too_long = "hsl(" + "1" * 100 + ")"
++
++ # Act / Assert
++ with pytest.raises(ValueError):
++ ImageColor.getrgb(color_too_long)
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df4404039..25f92f2c732 100644
+--- a/src/PIL/ImageColor.py
++++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+ :param color: A color string
+ :return: ``(red, green, blue[, alpha])``
+ """
++ if len(color) > 100:
++ raise ValueError("color specifier is too long")
+ color = color.lower()
+
+ rgb = colormap.get(color, None)
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
index 0b6ac7c989..39bf68f1e8 100644
--- a/main/ruby/APKBUILD
+++ b/main/ruby/APKBUILD
@@ -1,8 +1,13 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: Nulo <git@nulo.in>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.7.5-r0:
+# - CVE-2021-41817
+# - CVE-2021-41816
+# - CVE-2021-41819
# 2.7.4-r0:
# - CVE-2021-31799
# - CVE-2021-31810
@@ -43,7 +48,7 @@
# - CVE-2017-17405
#
pkgname=ruby
-pkgver=2.7.4
+pkgver=2.7.5
_abiver="${pkgver%.*}.0"
pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
@@ -378,7 +383,7 @@ _mvgem() {
}
sha512sums="
-a317752e9a32c8d1261e67ca89c396722ee779ec8ba4594987812d065b73751f51485a1ede8044aae14b3b16e8d049c6953cef530ae1b82abb135b446c653f8a ruby-2.7.4.tar.gz
+09e029b5cc15b6e4e37bcf15adb28213eaedec3ea22106d63095b37ea6b2a2b68e82e74e6b50746c87dd77e5185795d014e0db118bf0f45ffa0b0a307f5f65da ruby-2.7.5.tar.gz
cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch
814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch
8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch
diff --git a/main/snmptt/APKBUILD b/main/snmptt/APKBUILD
index 5b9eeb924e..b8b1326ce3 100644
--- a/main/snmptt/APKBUILD
+++ b/main/snmptt/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Jeff Bilyk <jbilyk at gmail>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=snmptt
-pkgver=1.4
+pkgver=1.4.2
pkgrel=0
pkgdesc="Translates traps received from snmptrapd into easy to understand messages"
url="http://www.snmptt.org"
@@ -17,6 +17,10 @@ source="https://downloads.sourceforge.net/$pkgname/${pkgname}_$pkgver.tgz
snmptt.confd
"
+# secfixes:
+# 1.4.2-r0:
+# - CVE-2020-24361
+
build() {
return 0
}
@@ -36,6 +40,6 @@ package() {
install -D -m644 ../snmptt.confd "$pkgdir"/etc/conf.d/snmptt
}
-sha512sums="200ebe565766c15f85b9b9cbc178baeef740663efc951af4c790c4b28d27398c14a95c4b38306ec3503cefe9b86634d5f24ec5f2482694f07789e9025ea39a80 snmptt_1.4.tgz
+sha512sums="b8782aa5789227253c1b65c98771de7eba319f1f29b56224415f89d0c687515cd099f0ba7d0e304d43a9d054fa66335fe09d99545f50415745ac86b8b56a2b9d snmptt_1.4.2.tgz
233e781150fdb217991e0d9eae4de1430e01f54c9ae7354a6ebef6676595c5497863a4ab2a829e67473c7a901c120b2dbb7aa51e67fd49fd7643ff9efca633f8 snmptt.initd
905f9c10b6daa43b112166c90d569c0737d569117c320a4a652ca22533195b559fe62628bf67bfc4df107db6af88a44ac4ffc58514c8dcc5bb45981240b90776 snmptt.confd"
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index 2ac8c18478..7143fb4417 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.8.4
_pkgver=${pkgver//_rc/rc}
-pkgrel=2
+pkgrel=3
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="https://www.strongswan.org/"
arch="all"
@@ -16,8 +16,11 @@ makedepends="linux-headers python3 sqlite-dev openssl-dev curl-dev
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc"
source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
+ https://download.strongswan.org/security/CVE-2021-41990/strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch
+ https://download.strongswan.org/security/CVE-2021-41991/strongswan-4.4.1-5.9.3_cert-cache-random.patch
0001-file-logger-Set-owner-group-of-log-file.patch
0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
+
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
1003-vici-add-support-for-individual-sa-state-changes.patch
@@ -29,6 +32,9 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
"
# secfixes:
+# 5.8.4-r3:
+# - CVE-2021-41990
+# - CVE-2021-41991
# 5.7.1-r0:
# - CVE-2018-17540
# 5.7.0-r0:
@@ -123,7 +129,10 @@ logfile() {
install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec"
}
-sha512sums="15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 strongswan-5.8.4.tar.bz2
+sha512sums="
+15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103 strongswan-5.8.4.tar.bz2
+42bb9dc02e04735183cb2966e23f26bdb2b14b56b10dc3df770cfbea066a690130ce84dc3a17b1369c2d45852bcd8a2902f19368099a1e71c858293decdb48ee strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch
+39f607625bc6aa128b71e65e9806c60051015378d0250961bafbe787aa652141e1b3126d235b9cede08e4fe816b3220dbae54e40492b0aeb48f034220f1ee446 strongswan-4.4.1-5.9.3_cert-cache-random.patch
7ea3cecb6ed1d730b4417699715ec1f02f592848a7736448187c3fff8df7c194983021c370019a63cc56ee3cfec881e13e950ac31ba49a5ecae75abab64dbcfc 0001-file-logger-Set-owner-group-of-log-file.patch
c829b59d33f5dcffd86fbc81d824b51397ed48dc94da6271ec2d7d70e5975cff0c13d235147f92e1981b391857d5573507972593fed0ce831968da10d119da0f 0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch
cdc8b9d56fbd7c079dfa37e8de822cfa925d3b6741ff7d04afbc8b856d717ed090750e85b19af2296e28ee030c2d91597d2492f4b9b3540a5647b120bf609556 1001-charon-add-optional-source-and-remote-overrides-for-.patch
@@ -132,4 +141,5 @@ da39b5654c6f39d175c5491dabd5ed5c1b552857af7cbe7eeb8d0ecb34dad265bb8cd7725930eb75
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5 charon.initd
0417de0c0aa779602b216f29b1ad58cc842f0b0fbb8f5238d39199125dac30eaae89d869b337f8f504f8427f074ee7a363f55e3b3875516fe1ed5f0ed7f34c6f charon.logrotate
-5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf"
+5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf
+"
diff --git a/main/tzdata/APKBUILD b/main/tzdata/APKBUILD
index b208b78ea4..a7611d6e3a 100644
--- a/main/tzdata/APKBUILD
+++ b/main/tzdata/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=tzdata
-pkgver=2021d
-_tzcodever=2021d
+pkgver=2021e
+_tzcodever=2021e
_ptzver=0.5
pkgrel=0
pkgdesc="Timezone data"
@@ -51,8 +51,8 @@ package() {
}
sha512sums="
-dbd7e3df02a11676600aa7efa14592feb2ac9ab5807b0d395e0c29ff1ed4a31580120287df9fe0c65a78162157dcd31d9fbe90a2a93bfd891d59ae3668a3adda tzcode2021d.tar.gz
-e25e85679256cfa57072cc8902aad1ca1df5ddc4a06844ca38bd57c8b5ad386e38303654dc85525f4fb470a924db4deb3576827a14d3ff87f4a1c679414b95c9 tzdata2021d.tar.gz
+87b0335129ea41c5f42f687f548712e5da892baa8494cecf5d34851beceecf6ae52f22104696ed187713cf9e502570eb2041e277dfd3c043c11d0253bfde685a tzcode2021e.tar.gz
+c1e8d04e049157ed5d4af0868855bbd75517e3d7e1db9c41d5283ff260109de46b6fac6be94828201d093e163d868044ac2a9db2bf0aeab800e264d0c73a9119 tzdata2021e.tar.gz
68dbaab9f4aef166ac2f2d40b49366527b840bebe17a47599fe38345835e4adb8a767910745ece9c384b57af815a871243c3e261a29f41d71f8054df3061b3fd posixtz-0.5.tar.xz
0f2a10ee2bb4007f57b59123d1a0b8ef6accf99e568f21537f0bb19f290fff46e24050f55f12569d7787be600e1b62aa790ea85a333153f3ea081a812c81b1b5 0001-posixtz-ensure-the-file-offset-we-pass-to-lseek-is-o.patch
fb322ab7867517ba39265d56d3576cbcea107c205d524e87015c1819bbb7361f7322232ee3b86ea9b8df2886e7e06a6424e3ac83b2006be290a33856c7d40ac4 0002-fix-implicit-declaration-warnings-by-including-strin.patch
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index 5054641f7f..1fae4d63f9 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=xen
pkgver=4.13.4
-pkgrel=0
+pkgrel=2
pkgdesc="Xen hypervisor"
url="https://www.xenproject.org/"
arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8
@@ -231,6 +231,16 @@ options="!strip"
# - CVE-2021-28700 XSA-383
# 4.13.3-r3:
# - CVE-2021-28701 XSA-384
+# 4.13.4-r0:
+# - CVE-2021-28703 XSA-387
+# 4.13.4-r1:
+# - CVE-2021-28702 XSA-386
+# 4.13.4-r2:
+# - CVE-2021-28704 XSA-388
+# - CVE-2021-28707 XSA-388
+# - CVE-2021-28708 XSA-388
+# - CVE-2021-28705 XSA-389
+# - CVE-2021-28706 XSA-389
case "$CARCH" in
@@ -297,6 +307,12 @@ source="https://downloads.xenproject.org/release/xen/$pkgver/xen-$pkgver.tar.gz
drop-test.py.patch
py3-compat.patch
+ xsa386.patch
+
+ xsa388-4.14-1.patch
+ xsa388-4.14-2.patch
+ xsa389-4.13.patch
+
xenstored.initd
xenstored.confd
xenconsoled.initd
@@ -544,6 +560,10 @@ e76816c6ad0e91dc5f81947f266da3429b20e6d976c3e8c41202c6179532eec878a3f0913921ef3a
8c9cfc6afca325df1d8026e21ed03fa8cd2c7e1a21a56cc1968301c5ab634bfe849951899e75d328951d7a41273d1e49a2448edbadec0029ed410c43c0549812 hotplug-Linux-iscsi-block-handle-lun-1.patch
61f66bab603778fb41bfe8e85320c15f2bf3e5d8583e077b56a93784dbdb9b2c7c5e55ce18f06b87501429086f8410d102d3ed5f2a77d54bcfa328bc07681f4d drop-test.py.patch
8cb12dbfc05a53898a97d47d71ab6b8a6f81c5e5579fd765b37303faea95c645cb8dedc05e3d064bdf070e93814e00bf8939767acc1127513375bab0fe2f4436 py3-compat.patch
+77811232c5cf199d24fb8e4a5367a56d56e61ad218397913fa22bd89d0dffabe92acfded246aa731d450f80dcffee84268b27e73e60f19eec15d0ada988a0574 xsa386.patch
+5e8165695a7e5a7fdc332de0d4ee31626eb72c8765f12855543592cb86f0eb4f98ea49cae31c8fc356a0645f6a2fe05ddf2b38f9f2bb04196bb4b9efc204dc26 xsa388-4.14-1.patch
+9e7b5f66480d3c0898cc080d0506dddbe35a814ccd72619abb82e8241b8cddc726e7bb38ce818335451b56ba549ed9ea1743f46fb9f0fd81ac1310ec6e94fea4 xsa388-4.14-2.patch
+bd18e7f61a28ebd99f8d7fe33b6130646493489bd4a21fa9febb81860b3c4a6c20aaf51f1cfa7c19340dbd21333c2e6859f852868f8de29e2862bd93e02040ba xsa389-4.13.patch
52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd
093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd
3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd
diff --git a/main/xen/xsa386.patch b/main/xen/xsa386.patch
new file mode 100644
index 0000000000..83f24d30d5
--- /dev/null
+++ b/main/xen/xsa386.patch
@@ -0,0 +1,29 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: VT-d: fix deassign of device with RMRR
+Date: Fri, 1 Oct 2021 15:05:42 +0200
+
+Ignoring a specific error code here was not meant to short circuit
+deassign to _just_ the unmapping of RMRRs. This bug was previously
+hidden by the bogus (potentially indefinite) looping in
+pci_release_devices(), until f591755823a7 ("IOMMU/PCI: don't let domain
+cleanup continue when device de-assignment failed") fixed that loop.
+
+This is CVE-2021-28702 / XSA-386.
+
+Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling")
+Reported-by: Ivan Kardykov <kardykov@tabit.pro>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Tested-by: Ivan Kardykov <kardykov@tabit.pro>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -2409,7 +2409,7 @@ static int reassign_device_ownership(
+ ret = iommu_identity_mapping(source, p2m_access_x,
+ rmrr->base_address,
+ rmrr->end_address, 0);
+- if ( ret != -ENOENT )
++ if ( ret && ret != -ENOENT )
+ return ret;
+ }
+ }
+
diff --git a/main/xen/xsa388-4.14-1.patch b/main/xen/xsa388-4.14-1.patch
new file mode 100644
index 0000000000..f76f2d56b6
--- /dev/null
+++ b/main/xen/xsa388-4.14-1.patch
@@ -0,0 +1,174 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/PoD: deal with misaligned GFNs
+
+Users of XENMEM_decrease_reservation and XENMEM_populate_physmap aren't
+required to pass in order-aligned GFN values. (While I consider this
+bogus, I don't think we can fix this there, as that might break existing
+code, e.g Linux'es swiotlb, which - while affecting PV only - until
+recently had been enforcing only page alignment on the original
+allocation.) Only non-PoD code paths (guest_physmap_{add,remove}_page(),
+p2m_set_entry()) look to be dealing with this properly (in part by being
+implemented inefficiently, handling every 4k page separately).
+
+Introduce wrappers taking care of splitting the incoming request into
+aligned chunks, without putting much effort in trying to determine the
+largest possible chunk at every iteration.
+
+Also "handle" p2m_set_entry() failure for non-order-0 requests by
+crashing the domain in one more place. Alongside putting a log message
+there, also add one to the other similar path.
+
+Note regarding locking: This is left in the actual worker functions on
+the assumption that callers aren't guaranteed atomicity wrt acting on
+multiple pages at a time. For mis-aligned GFNs gfn_lock() wouldn't have
+locked the correct GFN range anyway, if it didn't simply resolve to
+p2m_lock(), and for well-behaved callers there continues to be only a
+single iteration, i.e. behavior is unchanged for them. (FTAOD pulling
+out just pod_lock() into p2m_pod_decrease_reservation() would result in
+a lock order violation.)
+
+This is CVE-2021-28704 and CVE-2021-28707 / part of XSA-388.
+
+Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m-pod.c
++++ b/xen/arch/x86/mm/p2m-pod.c
+@@ -495,7 +495,7 @@ p2m_pod_zero_check_superpage(struct p2m_
+
+
+ /*
+- * This function is needed for two reasons:
++ * This pair of functions is needed for two reasons:
+ * + To properly handle clearing of PoD entries
+ * + To "steal back" memory being freed for the PoD cache, rather than
+ * releasing it.
+@@ -503,8 +503,8 @@ p2m_pod_zero_check_superpage(struct p2m_
+ * Once both of these functions have been completed, we can return and
+ * allow decrease_reservation() to handle everything else.
+ */
+-unsigned long
+-p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
++static unsigned long
++decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
+ {
+ unsigned long ret = 0, i, n;
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+@@ -551,8 +551,10 @@ p2m_pod_decrease_reservation(struct doma
+ * All PoD: Mark the whole region invalid and tell caller
+ * we're done.
+ */
+- if ( p2m_set_entry(p2m, gfn, INVALID_MFN, order, p2m_invalid,
+- p2m->default_access) )
++ int rc = p2m_set_entry(p2m, gfn, INVALID_MFN, order, p2m_invalid,
++ p2m->default_access);
++
++ if ( rc )
+ {
+ /*
+ * If this fails, we can't tell how much of the range was changed.
+@@ -560,7 +562,12 @@ p2m_pod_decrease_reservation(struct doma
+ * impossible.
+ */
+ if ( order != 0 )
++ {
++ printk(XENLOG_G_ERR
++ "%pd: marking GFN %#lx (order %u) as non-PoD failed: %d\n",
++ d, gfn_x(gfn), order, rc);
+ domain_crash(d);
++ }
+ goto out_unlock;
+ }
+ ret = 1UL << order;
+@@ -667,6 +674,22 @@ out_unlock:
+ return ret;
+ }
+
++unsigned long
++p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
++{
++ unsigned long left = 1UL << order, ret = 0;
++ unsigned int chunk_order = find_first_set_bit(gfn_x(gfn) | left);
++
++ do {
++ ret += decrease_reservation(d, gfn, chunk_order);
++
++ left -= 1UL << chunk_order;
++ gfn = gfn_add(gfn, 1UL << chunk_order);
++ } while ( left );
++
++ return ret;
++}
++
+ void p2m_pod_dump_data(struct domain *d)
+ {
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+@@ -1266,19 +1289,15 @@ remap_and_retry:
+ return true;
+ }
+
+-
+-int
+-guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l,
+- unsigned int order)
++static int
++mark_populate_on_demand(struct domain *d, unsigned long gfn_l,
++ unsigned int order)
+ {
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ gfn_t gfn = _gfn(gfn_l);
+ unsigned long i, n, pod_count = 0;
+ int rc = 0;
+
+- if ( !paging_mode_translate(d) )
+- return -EINVAL;
+-
+ gfn_lock(p2m, gfn, order);
+
+ P2M_DEBUG("mark pod gfn=%#lx\n", gfn_l);
+@@ -1316,12 +1335,44 @@ guest_physmap_mark_populate_on_demand(st
+ BUG_ON(p2m->pod.entry_count < 0);
+ pod_unlock(p2m);
+ }
++ else if ( order )
++ {
++ /*
++ * If this failed, we can't tell how much of the range was changed.
++ * Best to crash the domain.
++ */
++ printk(XENLOG_G_ERR
++ "%pd: marking GFN %#lx (order %u) as PoD failed: %d\n",
++ d, gfn_l, order, rc);
++ domain_crash(d);
++ }
+
+ out:
+ gfn_unlock(p2m, gfn, order);
+
+ return rc;
+ }
++
++int
++guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
++ unsigned int order)
++{
++ unsigned long left = 1UL << order;
++ unsigned int chunk_order = find_first_set_bit(gfn | left);
++ int rc;
++
++ if ( !paging_mode_translate(d) )
++ return -EINVAL;
++
++ do {
++ rc = mark_populate_on_demand(d, gfn, chunk_order);
++
++ left -= 1UL << chunk_order;
++ gfn += 1UL << chunk_order;
++ } while ( !rc && left );
++
++ return rc;
++}
+
+ void p2m_pod_init(struct p2m_domain *p2m)
+ {
diff --git a/main/xen/xsa388-4.14-2.patch b/main/xen/xsa388-4.14-2.patch
new file mode 100644
index 0000000000..2f8cc881f0
--- /dev/null
+++ b/main/xen/xsa388-4.14-2.patch
@@ -0,0 +1,36 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/PoD: handle intermediate page orders in p2m_pod_cache_add()
+
+p2m_pod_decrease_reservation() may pass pages to the function which
+aren't 4k, 2M, or 1G. Handle all intermediate orders as well, to avoid
+hitting the BUG() at the switch() statement's "default" case.
+
+This is CVE-2021-28708 / part of XSA-388.
+
+Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m-pod.c
++++ b/xen/arch/x86/mm/p2m-pod.c
+@@ -111,15 +111,13 @@ p2m_pod_cache_add(struct p2m_domain *p2m
+ /* Then add to the appropriate populate-on-demand list. */
+ switch ( order )
+ {
+- case PAGE_ORDER_1G:
+- for ( i = 0; i < (1UL << PAGE_ORDER_1G); i += 1UL << PAGE_ORDER_2M )
++ case PAGE_ORDER_2M ... PAGE_ORDER_1G:
++ for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_2M )
+ page_list_add_tail(page + i, &p2m->pod.super);
+ break;
+- case PAGE_ORDER_2M:
+- page_list_add_tail(page, &p2m->pod.super);
+- break;
+- case PAGE_ORDER_4K:
+- page_list_add_tail(page, &p2m->pod.single);
++ case PAGE_ORDER_4K ... PAGE_ORDER_2M - 1:
++ for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_4K )
++ page_list_add_tail(page + i, &p2m->pod.single);
+ break;
+ default:
+ BUG();
diff --git a/main/xen/xsa389-4.13.patch b/main/xen/xsa389-4.13.patch
new file mode 100644
index 0000000000..10a8a9b9ed
--- /dev/null
+++ b/main/xen/xsa389-4.13.patch
@@ -0,0 +1,180 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/P2M: deal with partial success of p2m_set_entry()
+
+M2P and PoD stats need to remain in sync with P2M; if an update succeeds
+only partially, respective adjustments need to be made. If updates get
+made before the call, they may also need undoing upon complete failure
+(i.e. including the single-page case).
+
+Log-dirty state would better also be kept in sync.
+
+Note that the change to set_typed_p2m_entry() may not be strictly
+necessary (due to the order restriction enforced near the top of the
+function), but is being kept here to be on the safe side.
+
+This is CVE-2021-28705 and CVE-2021-28709 / XSA-389.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m.c
++++ b/xen/arch/x86/mm/p2m.c
+@@ -781,6 +781,7 @@ p2m_remove_page(struct p2m_domain *p2m,
+ gfn_t gfn = _gfn(gfn_l);
+ p2m_type_t t;
+ p2m_access_t a;
++ int rc;
+
+ /* IOMMU for PV guests is handled in get_page_type() and put_page(). */
+ if ( !paging_mode_translate(p2m->domain) )
+@@ -812,8 +813,27 @@ p2m_remove_page(struct p2m_domain *p2m,
+ set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY);
+ }
+ }
+- return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid,
+- p2m->default_access);
++ rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid,
++ p2m->default_access);
++ if ( likely(!rc) || !mfn_valid(_mfn(mfn)) )
++ return rc;
++
++ /*
++ * The operation may have partially succeeded. For the failed part we need
++ * to undo the M2P update and, out of precaution, mark the pages dirty
++ * again.
++ */
++ for ( i = 0; i < (1UL << page_order); ++i )
++ {
++ p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL);
++ if ( !p2m_is_hole(t) && !p2m_is_special(t) && !p2m_is_shared(t) )
++ {
++ set_gpfn_from_mfn(mfn + i, gfn_l + i);
++ paging_mark_pfn_dirty(p2m->domain, _pfn(gfn_l + i));
++ }
++ }
++
++ return rc;
+ }
+
+ int
+@@ -1002,13 +1022,8 @@ guest_physmap_add_entry(struct domain *d
+
+ /* Now, actually do the two-way mapping */
+ rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access);
+- if ( rc == 0 )
++ if ( likely(!rc) )
+ {
+- pod_lock(p2m);
+- p2m->pod.entry_count -= pod_count;
+- BUG_ON(p2m->pod.entry_count < 0);
+- pod_unlock(p2m);
+-
+ if ( !p2m_is_grant(t) )
+ {
+ for ( i = 0; i < (1UL << page_order); i++ )
+@@ -1016,6 +1031,42 @@ guest_physmap_add_entry(struct domain *d
+ gfn_x(gfn_add(gfn, i)));
+ }
+ }
++ else
++ {
++ /*
++ * The operation may have partially succeeded. For the successful part
++ * we need to update M2P and dirty state, while for the failed part we
++ * may need to adjust PoD stats as well as undo the earlier M2P update.
++ */
++ for ( i = 0; i < (1UL << page_order); ++i )
++ {
++ omfn = p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, NULL, NULL);
++ if ( p2m_is_pod(ot) )
++ {
++ BUG_ON(!pod_count);
++ --pod_count;
++ }
++ else if ( mfn_eq(omfn, mfn_add(mfn, i)) && ot == t &&
++ a == p2m->default_access && !p2m_is_grant(t) )
++ {
++ set_gpfn_from_mfn(mfn_x(omfn), gfn_x(gfn) + i);
++ paging_mark_pfn_dirty(d, _pfn(gfn_x(gfn) + i));
++ }
++ else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
++ {
++ ASSERT(mfn_valid(omfn));
++ set_gpfn_from_mfn(mfn_x(omfn), gfn_x(gfn) + i);
++ }
++ }
++ }
++
++ if ( pod_count )
++ {
++ pod_lock(p2m);
++ p2m->pod.entry_count -= pod_count;
++ BUG_ON(p2m->pod.entry_count < 0);
++ pod_unlock(p2m);
++ }
+
+ out:
+ p2m_unlock(p2m);
+@@ -1307,6 +1358,49 @@ static int set_typed_p2m_entry(struct do
+ return 0;
+ }
+ }
++
++ P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
++ rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
++ if ( unlikely(rc) )
++ {
++ gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
++ gfn_l, order, rc, mfn_x(mfn));
++
++ /*
++ * The operation may have partially succeeded. For the successful part
++ * we need to update PoD stats, M2P, and dirty state.
++ */
++ if ( order != PAGE_ORDER_4K )
++ {
++ unsigned long i;
++
++ for ( i = 0; i < (1UL << order); ++i )
++ {
++ p2m_type_t t;
++ mfn_t cmfn = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0,
++ NULL, NULL);
++
++ if ( !mfn_eq(cmfn, mfn_add(mfn, i)) || t != gfn_p2mt ||
++ a != access )
++ continue;
++
++ if ( p2m_is_ram(ot) )
++ {
++ ASSERT(mfn_valid(mfn_add(omfn, i)));
++ set_gpfn_from_mfn(mfn_x(omfn) + i, INVALID_M2P_ENTRY);
++ }
++#ifdef CONFIG_HVM
++ else if ( p2m_is_pod(ot) )
++ {
++ pod_lock(p2m);
++ BUG_ON(!p2m->pod.entry_count);
++ --p2m->pod.entry_count;
++ pod_unlock(p2m);
++ }
++#endif
++ }
++ }
++ }
+ else if ( p2m_is_ram(ot) )
+ {
+ unsigned long i;
+@@ -1317,12 +1411,6 @@ static int set_typed_p2m_entry(struct do
+ set_gpfn_from_mfn(mfn_x(omfn) + i, INVALID_M2P_ENTRY);
+ }
+ }
+-
+- P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
+- rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
+- if ( rc )
+- gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
+- gfn_l, order, rc, mfn_x(mfn));
+ #ifdef CONFIG_HVM
+ else if ( p2m_is_pod(ot) )
+ {
diff --git a/main/xtables-addons-lts/APKBUILD b/main/xtables-addons-lts/APKBUILD
index f2c808db8b..a2b39c7aea 100644
--- a/main/xtables-addons-lts/APKBUILD
+++ b/main/xtables-addons-lts/APKBUILD
@@ -7,7 +7,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/zfs-lts/APKBUILD b/main/zfs-lts/APKBUILD
index 632c64cba9..0121d6916c 100644
--- a/main/zfs-lts/APKBUILD
+++ b/main/zfs-lts/APKBUILD
@@ -8,7 +8,7 @@ _rel=2
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.4.143
+_kver=5.4.168
_krel=0
_kpkgver="$_kver-r$_krel"