aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/ceph/42-no-virtualenvs.patch2
-rw-r--r--community/ceph/APKBUILD6
-rw-r--r--community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch50
-rw-r--r--community/ffmpeg/APKBUILD23
-rw-r--r--community/ffmpeg/CVE-2020-35965.patch28
-rw-r--r--community/firefox-esr/APKBUILD27
-rw-r--r--community/imagemagick/APKBUILD11
-rw-r--r--community/jenkins/APKBUILD12
-rw-r--r--community/jool-modules-lts/APKBUILD2
-rw-r--r--community/lua-resty-openidc/APKBUILD8
-rw-r--r--community/nextcloud/APKBUILD15
-rw-r--r--community/nnn/APKBUILD4
-rw-r--r--community/nss/APKBUILD4
-rw-r--r--community/nss/CVE-2021-43527.patch352
-rw-r--r--community/php7-pecl-imagick/APKBUILD2
-rw-r--r--community/php7/APKBUILD8
-rw-r--r--community/php8-pecl-imagick/APKBUILD2
-rw-r--r--community/php8/APKBUILD8
-rw-r--r--community/py3-wgnlpy/APKBUILD4
-rw-r--r--community/rtl8821ce-lts/APKBUILD2
-rw-r--r--community/rtpengine-lts/APKBUILD2
-rw-r--r--community/zbar/APKBUILD2
-rw-r--r--main/alpine-base/APKBUILD2
-rw-r--r--main/alpine-keys/APKBUILD18
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub14
-rw-r--r--main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub14
-rw-r--r--main/apache2/APKBUILD7
-rw-r--r--main/busybox/APKBUILD25
-rw-r--r--main/busybox/CVE-2021-42374.patch45
-rw-r--r--main/busybox/CVE-2021-42375.patch53
-rw-r--r--main/busybox/awk-fixes.patch3163
-rw-r--r--main/cryptsetup/APKBUILD8
-rw-r--r--main/dahdi-linux-lts/APKBUILD2
-rw-r--r--main/expat/APKBUILD24
-rw-r--r--main/expat/CVE-2021-45960.patch59
-rw-r--r--main/expat/CVE-2021-46143.patch43
-rw-r--r--main/expat/CVE-2022-22822.patch250
-rw-r--r--main/libarchive/APKBUILD8
-rw-r--r--main/linux-lts/APKBUILD10
-rw-r--r--main/linux-lts/config-lts.x86_6412
-rw-r--r--main/linux-lts/config-virt.x86_6410
-rw-r--r--main/lz4/APKBUILD11
-rw-r--r--main/lz4/CVE-2021-3520.patch22
-rw-r--r--main/mariadb/APKBUILD8
-rw-r--r--main/mbedtls/APKBUILD6
-rw-r--r--main/ncurses/APKBUILD2
-rw-r--r--main/perl-datetime-timezone/APKBUILD11
-rw-r--r--main/postgresql/APKBUILD7
-rw-r--r--main/privoxy/APKBUILD13
-rw-r--r--main/py3-pillow/APKBUILD12
-rw-r--r--main/py3-pillow/cve-2021-23437.patch40
-rw-r--r--main/ruby/APKBUILD9
-rw-r--r--main/squid/APKBUILD6
-rw-r--r--main/squid/CVE-2021-41611.patch25
-rw-r--r--main/strongswan/APKBUILD15
-rw-r--r--main/tzdata/APKBUILD8
-rw-r--r--main/xen/APKBUILD21
-rw-r--r--main/xen/xsa386.patch29
-rw-r--r--main/xen/xsa388-4.14-1.patch174
-rw-r--r--main/xen/xsa388-4.14-2.patch36
-rw-r--r--main/xen/xsa389-4.14.patch180
-rw-r--r--main/xtables-addons-lts/APKBUILD2
-rw-r--r--main/zfs-lts/APKBUILD2
69 files changed, 4870 insertions, 194 deletions
diff --git a/community/ceph/42-no-virtualenvs.patch b/community/ceph/42-no-virtualenvs.patch
index 828e4a6338..2ccf795661 100644
--- a/community/ceph/42-no-virtualenvs.patch
+++ b/community/ceph/42-no-virtualenvs.patch
@@ -26,7 +26,7 @@
-
-add_custom_command(
- OUTPUT ${CEPH_VOLUME_VIRTUALENV}/bin/python
-- COMMAND ${CMAKE_SOURCE_DIR}/src/tools/setup-virtualenv.sh --python=${Python_EXECUTABLE} ${CEPH_VOLUME_VIRTUALENV}
+- COMMAND ${CMAKE_SOURCE_DIR}/src/tools/setup-virtualenv.sh --python=${Python3_EXECUTABLE} ${CEPH_VOLUME_VIRTUALENV}
- WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/src/ceph-volume
- COMMENT "ceph-volume venv is being created")
-
diff --git a/community/ceph/APKBUILD b/community/ceph/APKBUILD
index a7905e140e..02e01e8852 100644
--- a/community/ceph/APKBUILD
+++ b/community/ceph/APKBUILD
@@ -3,7 +3,7 @@
# Contributor: Duncan Bellamy <dunk@denkimushi.com>
# Maintainer: Duncan Bellamy <dunk@denkimushi.com>
pkgname=ceph
-pkgver=15.2.14
+pkgver=15.2.15
pkgrel=0
pkgdesc="Ceph is a distributed object store and file system"
pkgusers="ceph"
@@ -545,7 +545,7 @@ _pkg() {
}
sha512sums="
-eacc4dea0d8dfe2753aff78d89324d81c5634a784313c3da8ded778e2734958c216f8c705b25f070d7ba66b559424ad3c47cb68852f66f8c9c83a83ca78ad5a5 ceph_15.2.14.orig.tar.gz
+e4d929ffda5c3e31767d93340fb97b5d49ca1d5641f6c30134ce5542486fc4f72684aef2ef47cb940a332e8b9144d8cec63ce8a9f86c773dbc0ccebdd8e7fb19 ceph_15.2.15.orig.tar.gz
110bdbcb40216c7ed155a8d23020784741b4992d895f4f04a146d275506e4e68053854d3b063b41e9c9b3e3e4f95b6b90602f92c185c853c0d8f47ad0c6b7121 ceph.confd
ce5f162501f6b67fe254546dddf880d1a5b1d1a0fa69e0b1918de17e8da45c5c6124512b8cbd98b76f29d931403de0d11c5ffd330ed8ee1f4dc75bb04baecae3 ceph.initd
c608f11cf358d76daf5281467a4ea941a81474fbe7f5faa41f7f4d0abaf9136a01576bbb1ab24bdd7bc91a49f66bd7f0a84717de5ec27250d74dd1e47e3b5dd3 10-musl-fixes.patch
@@ -558,6 +558,6 @@ ec8aec40fa04fd475834801232d644ff3baf0777b59dcede36a6caa0d63b2c379292253babc3678b
60ea21b17640edf5bd644c23fa27abcf166a709795ad29bb917a38e59f069dceb4666479819626421340f7c70dd76545a4f1fbee8b2db781cadb9c061cdb7728 37-fix_tests.patch
92b5776925587c9c1491e975d49fe1a980cf65a1d556c22dd8547ff012e1a8a01c8cd04eedacdfa208e56aa9c260a8d8c0896c607bfc8079cfa38e8f1ece1a8a 40-uint.patch
445f3ca5c582e0fe02c18061c98cd13358684091c8a45262552c8af75d1c52320de538f6b71765e8267d326402a14c21dc27fd0781c997ab491bd3cdecc2e49f 41-test-uint.patch
-c9af66d374682d5671abfca27c426f5958889dc6734e90572f3998333ba2bd69a70b2ab13961f4d5222db6b17b3104d170c950aa2e87aac957352797b66e0117 42-no-virtualenvs.patch
+ae4e9a543bffda0e3ca382cb913eace5d214939d2b129fc89d29fa760a8acea65fd49293c724943d50b372da0272eaf71572b034d466e200ce889f33dd1b4d97 42-no-virtualenvs.patch
aea43c2a99f16f7fccf33aeca3565077bb2274816ca68db64b672addc85bde5c479bc9ad0fb33dbde79c9390f9acf1d98545e20e311e40dd428dad5ed02f0651 43-aarch64-erasure.patch
"
diff --git a/community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch b/community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
deleted file mode 100644
index 449551114e..0000000000
--- a/community/ffmpeg/7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315 Mon Sep 17 00:00:00 2001
-From: Jun Zhao <barryjzhao@tencent.com>
-Date: Sun, 12 Jul 2020 13:48:48 +0800
-Subject: [PATCH] lavf/srt: fix build fail when used the libsrt 1.4.1
-
-libsrt changed the:
-SRTO_SMOOTHER -> SRTO_CONGESTION
-SRTO_STRICTENC -> SRTO_ENFORCEDENCRYPTION
-and removed the front of deprecated options (SRTO_SMOOTHER/SRTO_STRICTENC)
-in the header, it's lead to build fail
-
-fix #8760
-
-Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
----
- libavformat/libsrt.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/libavformat/libsrt.c b/libavformat/libsrt.c
-index 4de575b37c..4719ce0d4b 100644
---- a/libavformat/libsrt.c
-+++ b/libavformat/libsrt.c
-@@ -313,8 +313,12 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
- (s->pbkeylen >= 0 && libsrt_setsockopt(h, fd, SRTO_PBKEYLEN, "SRTO_PBKEYLEN", &s->pbkeylen, sizeof(s->pbkeylen)) < 0) ||
- (s->passphrase && libsrt_setsockopt(h, fd, SRTO_PASSPHRASE, "SRTO_PASSPHRASE", s->passphrase, strlen(s->passphrase)) < 0) ||
- #if SRT_VERSION_VALUE >= 0x010302
-+#if SRT_VERSION_VALUE >= 0x010401
-+ (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_ENFORCEDENCRYPTION, "SRTO_ENFORCEDENCRYPTION", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
-+#else
- /* SRTO_STRICTENC == SRTO_ENFORCEDENCRYPTION (53), but for compatibility, we used SRTO_STRICTENC */
- (s->enforced_encryption >= 0 && libsrt_setsockopt(h, fd, SRTO_STRICTENC, "SRTO_STRICTENC", &s->enforced_encryption, sizeof(s->enforced_encryption)) < 0) ||
-+#endif
- (s->kmrefreshrate >= 0 && libsrt_setsockopt(h, fd, SRTO_KMREFRESHRATE, "SRTO_KMREFRESHRATE", &s->kmrefreshrate, sizeof(s->kmrefreshrate)) < 0) ||
- (s->kmpreannounce >= 0 && libsrt_setsockopt(h, fd, SRTO_KMPREANNOUNCE, "SRTO_KMPREANNOUNCE", &s->kmpreannounce, sizeof(s->kmpreannounce)) < 0) ||
- #endif
-@@ -333,7 +337,11 @@ static int libsrt_set_options_pre(URLContext *h, int fd)
- (s->lossmaxttl >= 0 && libsrt_setsockopt(h, fd, SRTO_LOSSMAXTTL, "SRTO_LOSSMAXTTL", &s->lossmaxttl, sizeof(s->lossmaxttl)) < 0) ||
- (s->minversion >= 0 && libsrt_setsockopt(h, fd, SRTO_MINVERSION, "SRTO_MINVERSION", &s->minversion, sizeof(s->minversion)) < 0) ||
- (s->streamid && libsrt_setsockopt(h, fd, SRTO_STREAMID, "SRTO_STREAMID", s->streamid, strlen(s->streamid)) < 0) ||
-+#if SRT_VERSION_VALUE >= 0x010401
-+ (s->smoother && libsrt_setsockopt(h, fd, SRTO_CONGESTION, "SRTO_CONGESTION", s->smoother, strlen(s->smoother)) < 0) ||
-+#else
- (s->smoother && libsrt_setsockopt(h, fd, SRTO_SMOOTHER, "SRTO_SMOOTHER", s->smoother, strlen(s->smoother)) < 0) ||
-+#endif
- (s->messageapi >= 0 && libsrt_setsockopt(h, fd, SRTO_MESSAGEAPI, "SRTO_MESSAGEAPI", &s->messageapi, sizeof(s->messageapi)) < 0) ||
- (s->payload_size >= 0 && libsrt_setsockopt(h, fd, SRTO_PAYLOADSIZE, "SRTO_PAYLOADSIZE", &s->payload_size, sizeof(s->payload_size)) < 0) ||
- ((h->flags & AVIO_FLAG_WRITE) && libsrt_setsockopt(h, fd, SRTO_SENDER, "SRTO_SENDER", &yes, sizeof(yes)) < 0)) {
---
-2.20.1
-
diff --git a/community/ffmpeg/APKBUILD b/community/ffmpeg/APKBUILD
index 365aa99738..52e7ca2022 100644
--- a/community/ffmpeg/APKBUILD
+++ b/community/ffmpeg/APKBUILD
@@ -3,8 +3,8 @@
# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ffmpeg
-pkgver=4.3.1
-pkgrel=4
+pkgver=4.3.3
+pkgrel=0
pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
url="https://ffmpeg.org/"
arch="all"
@@ -45,11 +45,22 @@ checkdepends="rsync"
source="https://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
3e098cca6e51db0f19928c12d0348deaa17137b3.patch
- 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
- CVE-2020-35965.patch
"
# secfixes:
+# 4.3.3-r0:
+# - CVE-2020-20446
+# - CVE-2020-20450
+# - CVE-2020-20453
+# - CVE-2020-22015
+# - CVE-2020-22019
+# - CVE-2020-22021
+# - CVE-2020-22037
+# - CVE-2020-22042
+# - CVE-2020-35964
+# - CVE-2021-38114
+# - CVE-2021-38171
+# - CVE-2021-38291
# 4.3.1-r4:
# - CVE-2020-35965
# 4.3.1-r0:
@@ -195,9 +206,7 @@ libs() {
}
sha512sums="
-64e1052c45145e27726e43d4fe49c9a92058e55562d34fd3b3adf54d3506e6bd680f016b748828215e1bfc8ce19aa85b6f7e4eb05fafe21479118a4ad528a81f ffmpeg-4.3.1.tar.xz
+5324ee6711006372a7b6ac2d853df2ad5d78411531e79b72dcdb57709ea66b516bc0e6b0d1321c110d3a0acbac716b2b47e90dc673d5807b23d15699f83951e3 ffmpeg-4.3.3.tar.xz
1047a23eda51b576ac200d5106a1cd318d1d5291643b3a69e025c0a7b6f3dbc9f6eb0e1e6faa231b7e38c8dd4e49a54f7431f87a93664da35825cc2e9e8aedf4 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
7151e98829c215619b82e27fdff98b9a0d6a778f499170f3688e111a8bf7b2cc8895f09aa49bcb812ba5b5f06dd0243ebc79c31af246420f7d0869859b4a0241 3e098cca6e51db0f19928c12d0348deaa17137b3.patch
-acf4b34feaa1c57f621d5a8f56967e6d77ebe1d6288d94b853b513d6b2339debbaa38063ec11900258f31753cf24fef81bd60225149af45c03bfddf0b231f881 7c59e1b0f285cd7c7b35fcd71f49c5fd52cf9315.patch
-ab5006a99af6e0402e1a2bc13a76f55b13144fcd7b71124fe3f82989d03bf1e1c306b66da7ce63662b6dfbdbb3edebef2cf280c08ac793fc3b983bd65c0f0ad5 CVE-2020-35965.patch
"
diff --git a/community/ffmpeg/CVE-2020-35965.patch b/community/ffmpeg/CVE-2020-35965.patch
deleted file mode 100644
index b3ecc45b63..0000000000
--- a/community/ffmpeg/CVE-2020-35965.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 3e5959b3457f7f1856d997261e6ac672bba49e8b Mon Sep 17 00:00:00 2001
-From: Michael Niedermayer <michael@niedermayer.cc>
-Date: Sat, 24 Oct 2020 22:21:48 +0200
-Subject: [PATCH] avcodec/exr: Check ymin vs. h
-
-Fixes: out of array access
-Fixes: 26532/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5613925708857344
-Fixes: 27443/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5631239813595136
-
-Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
-Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
----
- libavcodec/exr.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libavcodec/exr.c b/libavcodec/exr.c
-index e907c5c46401..8b701d1cd298 100644
---- a/libavcodec/exr.c
-+++ b/libavcodec/exr.c
-@@ -1830,7 +1830,7 @@ static int decode_frame(AVCodecContext *avctx, void *data,
- // Zero out the start if ymin is not 0
- for (i = 0; i < planes; i++) {
- ptr = picture->data[i];
-- for (y = 0; y < s->ymin; y++) {
-+ for (y = 0; y < FFMIN(s->ymin, s->h); y++) {
- memset(ptr, 0, out_line_size);
- ptr += picture->linesize[i];
- }
diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD
index b35c21034e..961aa2c554 100644
--- a/community/firefox-esr/APKBUILD
+++ b/community/firefox-esr/APKBUILD
@@ -2,9 +2,9 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
-pkgver=78.14.0
+pkgver=78.15.0
# Date of release, YY-MM-DD for metainfo file (see package())
-_releasedate=2021-09-07
+_releasedate=2021-10-05
pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
@@ -86,6 +86,9 @@ _mozappdir=/usr/lib/firefox
ldpath="$_mozappdir"
# secfixes:
+# 78.15.0-r0:
+# - CVE-2021-38496
+# - CVE-2021-38500
# 78.14.0-r0:
# - CVE-2021-38492
# - CVE-2021-38493
@@ -467,25 +470,7 @@ npapi() {
}
sha512sums="
-5d5e4b1197f87b458a8ab14a62701fa0f3071e9facbb4fba71a64ef69abf31edbb4c5efa6c20198de573216543b5289270b5929c6e917f01bb165ce8c139c1ac firefox-78.14.0esr.source.tar.xz
-0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
-2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
-4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch
-a4a3e062661bda64d502d426c480ac9645345860118de9df9ffe6e0597738c70c11e5cdef2d4fd12c5e2ee30a09310159230524655a419a4f7e4eeeb0f3c06b0 mallinfo.patch
-454ea3263cabce099accbdc47aaf83be26a19f8b5a4568c01a7ef0384601cf8315efd86cd917f9c8bf419c2c845db89a905f3ff9a8eb0c8e41042e93aa96a85c disable-moz-stackwalk.patch
-089c97e6011e86a9b9d9e7b0c8ba3af0519d1ce4e2b1e9ab7719762d6968388bfa47dad3bf23a6d41c3d66fdcc6c15e2c926e3ff9500bfd4fbf1b53e6d19dc57 fix-rust-target.patch
-d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569c3f3db0a18ee5db24f8086a9311a05077892be43a3dd8d79 fix-webrtc-glibcisms.patch
-60845dcb034b2c4459c30f7d5f25c8176cf42df794e2cc0e86c3e2abb6541c24b962f3a16ca70a288d4d6f377b68d00b2904b22463108559612053d835d9bff1 fd6847c9416f9eebde636e21d794d25d1be8791d.patch
-4e584621145cf8add069c6dac18e805b3274a1ee402d84e924df2341f7d3c5be261a93ef51283bacbd606f47fbdc628c4323ecc31efc5b403b8d224b18dc278f allow-custom-rust-vendor.patch
-f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454 firefox.desktop
-5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed firefox-safe.desktop
-bb75b2abda86e455d81571052a2cfec5a9d858ffa91c50a7217b4b6c02cbfc0400e9114a27bd54ce78d7d3a44e9b03927cf0317654d98c0f39d26c63c9670117 remove-faulty-libvpx-check.patch
-f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch
-4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6 sandbox-fork.patch
-db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch
-"
-sha512sums="
-5d5e4b1197f87b458a8ab14a62701fa0f3071e9facbb4fba71a64ef69abf31edbb4c5efa6c20198de573216543b5289270b5929c6e917f01bb165ce8c139c1ac firefox-78.14.0esr.source.tar.xz
+ac3de735b246ce4f0e1619cd2664321ffa374240ce6843e785d79a350dc30c967996bbcc5e3b301cb3d822ca981cbea116758fc4122f1738d75ddfd1165b6378 firefox-78.15.0esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66 fix-tools.patch
diff --git a/community/imagemagick/APKBUILD b/community/imagemagick/APKBUILD
index 594335f2a7..19456e2096 100644
--- a/community/imagemagick/APKBUILD
+++ b/community/imagemagick/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=imagemagick
_pkgname=ImageMagick
-pkgver=7.0.11.13
+pkgver=7.0.11.14
pkgrel=0
_pkgver=${pkgver%.*}-${pkgver##*.}
_abiver=7
@@ -33,11 +33,14 @@ subpackages="
$pkgname-perlmagick:_perlmagick
$pkgname-perlmagick-doc:_perlmagick_doc
"
-source="$_pkgname-$_pkgver.tar.gz::https://github.com/ImageMagick/ImageMagick/archive/$_pkgver.tar.gz
- disable-avaraging-tests.patch"
+source="https://download.imagemagick.org/ImageMagick/download/releases/ImageMagick-$_pkgver.tar.xz
+ disable-avaraging-tests.patch
+ "
builddir="$srcdir/$_pkgname-$_pkgver"
# secfixes:
+# 7.0.11.14-r0:
+# - CVE-2021-34183
# 7.0.11.13-r0:
# - CVE-2021-20241
# - CVE-2021-20243
@@ -195,6 +198,6 @@ _perlmagick_doc() {
}
sha512sums="
-de66df70b7a7dc72ffef1e1dd5ed3c92b5a4bbbe2454a8e1436c3f16254a11e3c37946af79d49214945f24d9350ebe5b3423800fb5983b6ef43d550e397372d1 ImageMagick-7.0.11-13.tar.gz
+56e3e3823e2f78da45d190e734f32c245a41727321a0a7d500700ac4e9377e85baa0e48e54246a3d59922c3b9a8bc95dbb53eb5017606184e135185daf82ffdf ImageMagick-7.0.11-14.tar.xz
58afb2da075a6208b6a990ff297b3a827d260687c3355198a8b4d987e1596c0b0cd78aff6f0be0e1896e537fbe44a3d467473183f5f149664ea6e6fb3d3291a9 disable-avaraging-tests.patch
"
diff --git a/community/jenkins/APKBUILD b/community/jenkins/APKBUILD
index 1acdc75c4e..3f0708f722 100644
--- a/community/jenkins/APKBUILD
+++ b/community/jenkins/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=jenkins
-pkgver=2.287
+pkgver=2.319.2
pkgrel=0
pkgdesc="Extendable continuous integration server (stable version)"
url="https://jenkins.io"
@@ -14,13 +14,15 @@ options="!check"
pkgusers="$pkgname"
pkggroups="$pkgname"
subpackages="$pkgname-openrc"
-source="$pkgname-$pkgver.war::http://mirrors.jenkins.io/war/$pkgver/jenkins.war
+source="$pkgname-$pkgver.war::https://get.jenkins.io/war-stable/$pkgver/jenkins.war
$pkgname.logrotate
$pkgname.initd
$pkgname.confd"
builddir="$srcdir/"
# secfixes:
+# 2.319.2-r0:
+# - CVE-2022-20612
# 2.287-r0:
# - CVE-2021-21639
# - CVE-2021-21640
@@ -61,7 +63,9 @@ package() {
chown -R $pkgusers:$pkggroups "$pkgdir"/var/log/jenkins
}
-sha512sums="03c64fa595bd2b9b8463fcd47cdb2ccbe46cd820bcfdc2b2f0a9ae406d2dd32e6a5c8f51ddb8bdbc20498ae27672fb0b6e6f3e3f894f00bbc3f8e80dd627faf1 jenkins-2.287.war
+sha512sums="
+f6f0846d9e032b48e85fc20a030baa2d5c500a65c6c909d00852be3324d1b79c31ea8b7ff45ac05299ff9797b17aeb61d094ad425ce5198f6e13aa050007e650 jenkins-2.319.2.war
74423d3c66e2312eb3a1590e0582ccd82fc01b410d3bfc0627bef56fe6f4e7f4ea01a7a2d92a7a0c4870a1a1c48e911fe7eab3073e14db4910b52158182e5856 jenkins.logrotate
43686a537248c7a0a8fe53c3ca9577c8ffb50a141248de028d398d0fd3b3be8562b6cb2c63b44b3b0ac58d6431e8907790553791b2e125d1bfc2e3263ffaa83e jenkins.initd
-7247750a13fc2537dc1e405f6d8221ccdc80cfbaf40c47327ee04c206afa8607ada52e7b895c8eb3489dd9f6a94b42b8b38110b3120948a35dc4f197fe4c08ed jenkins.confd"
+7247750a13fc2537dc1e405f6d8221ccdc80cfbaf40c47327ee04c206afa8607ada52e7b895c8eb3489dd9f6a94b42b8b38110b3120948a35dc4f197fe4c08ed jenkins.confd
+"
diff --git a/community/jool-modules-lts/APKBUILD b/community/jool-modules-lts/APKBUILD
index 16ab91e8e2..57997ed3b1 100644
--- a/community/jool-modules-lts/APKBUILD
+++ b/community/jool-modules-lts/APKBUILD
@@ -21,7 +21,7 @@ fi
# Kernel version
# Keep in sync with main/linux-lts!
_kpkg=linux-$_flavor
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/lua-resty-openidc/APKBUILD b/community/lua-resty-openidc/APKBUILD
index f33d0636d1..69d1e20a3f 100644
--- a/community/lua-resty-openidc/APKBUILD
+++ b/community/lua-resty-openidc/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=lua-resty-openidc
-pkgver=1.7.1
-pkgrel=1
+pkgver=1.7.5
+pkgrel=0
pkgdesc="OpenID Connect library for the nginx lua module"
url="https://github.com/zmartzone/$pkgname"
arch="noarch"
@@ -18,4 +18,6 @@ package() {
cp -r ./lib/resty "$pkgdir/usr/share/lua/common"
}
-sha512sums="ce52684ebb3a492382e93a71a11c62d1cd17d1a3fd266e7d95453729abeb036ed99fded1a9cee55aec444d7a3e36d7cebd7a537006dff71fafd5dc8aa4c32378 lua-resty-openidc-1.7.1.tar.gz"
+sha512sums="
+d483efff27a0566ffadeb8f0da0df0147e9510bcfd5f4d295c7ce11925af882c9604e8d72f676bd9d6b6ded83c2c9f65ff958605856a8d218d4992136f0f4577 lua-resty-openidc-1.7.5.tar.gz
+"
diff --git a/community/nextcloud/APKBUILD b/community/nextcloud/APKBUILD
index 52b54cd967..5f748580c3 100644
--- a/community/nextcloud/APKBUILD
+++ b/community/nextcloud/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=nextcloud
-pkgver=20.0.13
+pkgver=20.0.14
pkgrel=0
pkgdesc="A safe home for all your data"
url="http://nextcloud.com"
@@ -260,3 +260,16 @@ edb699ea6127b231793254115b334006c2d50a0d2ecc846188c3521ddffc3c0e19c5e2944f03cae8
ee9073a6df4286cba2d1d855cf40863968f20677729b2c7848ab50a70d4915b8e84c957a850a03a707231256c11312e5792e7817dd50afbf73efe767fef2112d fpm-pool.conf
959852e34f010e635470829d66713f3e22c47717ec2c6487759eed2b6aeff9fd1421fe0271d494a02781bd1c98beb2823583623ee2cf03057cd5db794627d6c2 occ
"
+sha512sums="ff5acc9ada4dca3af155c154b43602141ee341c1e4707482068c916a399063b5b85c758826e7f055508c0ba0802ea16fd8d86930b0f25a25c49f1fcc7de99239 nextcloud-20.0.14.zip
+aea0adb2c3a48ec6af2958c6ccfe13adff86316a56084e763b7e6df9e21aa3435b13305b7c15cc2b795e83c9388b05006862f6465c29e3dc2c1fbd8eb8befcb9 nextcloud19-dont-chmod.patch
+2d03b90c1e2f3d96001f31f1bbf902e4c411c8de7dc5a4f956fa8297533324cb12092d3ad2198f2e02ff4835dc22febee2d49e449b003caef5b990d9dcff1e70 nextcloud-app-encryption-info-add-mcrypt.patch
+aef3c92497d738d6968e0f0b0d415b4953500db24ae14af41ef972665cf7eff00cb6c53dc953845fdbb389c3c965a75b8b14b9247513c05cf4130fe1cfc61731 dont-update-htaccess.patch
+d2100a837fef1eeae5f706650ab4c985d9e00f61efa5526ef76c7c1f5811c3906eb6c3c13c151eff9677a0c303faab64411a5a84d6792728bc520d2c618d7d5b disable-integrity-check-as-default.patch
+3fc3e06580a619d81b12f448976ffac34f0bb80fc73e9443fa213a73f160ba4b9bd14a26c134258ee12c04d8e103b46f4de10d7b11e4544a328878e57d436055 iconv-ascii-translit-not-supported.patch
+df1a16414a278c205876ec86c210a02a9009954e2d4f9033ff3c9b76c371e2764ef3587db5a4b8f76302655c6c8688c8729d1685279a77d279d3839cc359fbcd use-external-docs-if-local-not-avail.patch
+5f73cd9399fa484ef15bd47e803c93381deffbc7699eceadbb5c27e43b20156806d74e5021a64d28f0165ef87b519e962780651711a37bceb9f0b04455dfdce1 nextcloud-config.php
+7388458a9e8b7afd3d3269718306410ffa59c3c23da4bef367a4d7f6d2570136fae9dd421b19c1441e7ffb15a5405e18bb5da67b1a15f9f45e8b98d3fda532ba nextcloud.logrotate
+dcc57735d7d4af4a7ebbdd1186d301e51d2ae4675022aea6bf1111222dfa188a3a490ebd6e7c8a7ac30046cb7d93f81cec72a51acbc60d0c10b7fb64630c637a nextcloud.confd
+edb699ea6127b231793254115b334006c2d50a0d2ecc846188c3521ddffc3c0e19c5e2944f03cae81e6c645c859258380691081b1c522a22d40939b31db36e8a nextcloud.cron
+ee9073a6df4286cba2d1d855cf40863968f20677729b2c7848ab50a70d4915b8e84c957a850a03a707231256c11312e5792e7817dd50afbf73efe767fef2112d fpm-pool.conf
+959852e34f010e635470829d66713f3e22c47717ec2c6487759eed2b6aeff9fd1421fe0271d494a02781bd1c98beb2823583623ee2cf03057cd5db794627d6c2 occ"
diff --git a/community/nnn/APKBUILD b/community/nnn/APKBUILD
index 0d2d17b36d..ac794966e6 100644
--- a/community/nnn/APKBUILD
+++ b/community/nnn/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=nnn
pkgver=3.5
-pkgrel=2
+pkgrel=3
pkgdesc="The unorthodox terminal file manager"
url="https://github.com/jarun/nnn"
arch="all"
@@ -41,7 +41,7 @@ plugins() {
install -D -m 0755 "$srcdir"/nnn-getplugs "$destdir"/getplugs
mkdir -p "$subpkgdir"/usr/bin
- ln -s "$destdir"/getplugs "$subpkgdir"/usr/bin/nnn-getplugs
+ ln -s ../share/$pkgname/plugins/getplugs "$subpkgdir"/usr/bin/nnn-getplugs
}
bashcomp() {
diff --git a/community/nss/APKBUILD b/community/nss/APKBUILD
index 194fb63406..f21f25b5ff 100644
--- a/community/nss/APKBUILD
+++ b/community/nss/APKBUILD
@@ -12,6 +12,7 @@ depends_dev="nspr-dev"
makedepends="nspr-dev sqlite-dev zlib-dev perl bsd-compat-headers linux-headers"
subpackages="$pkgname-static $pkgname-dev $pkgname-tools"
source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-$pkgver.tar.gz
+ CVE-2021-43527.patch
nss.pc.in
nss-util.pc.in
nss-softokn.pc.in
@@ -24,6 +25,8 @@ source="https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM
options="!strip"
# secfixes:
+# 3.66-r0:
+# - CVE-2021-43527
# 3.58-r0:
# - CVE-2020-25648
# 3.55-r0:
@@ -186,6 +189,7 @@ tools() {
sha512sums="
327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467 nss-3.66.tar.gz
+aff96b509bd649f9d5d5850b19daf1296210868dedd3ca9c1d198a9cf4cb2cfeb9ed6c530a8c9b7e1fbc0284e728ccf61c149fa07d940ef30e8ebc6588af76e6 CVE-2021-43527.patch
75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531 nss.pc.in
0f2efa8563b11da68669d281b4459289a56f5a3a906eb60382126f3adcfe47420cdcedc6ab57727a3afeeffa2bbb4c750b43bef8b5f343a75c968411dfa30e09 nss-util.pc.in
09c69d4cc39ec9deebc88696a80d0f15eb2d8c94d9daa234a2adfec941b63805eb4ce7f2e1943857b938bddcaee1beac246a0ec627b71563d9f846e6119a4a15 nss-softokn.pc.in
diff --git a/community/nss/CVE-2021-43527.patch b/community/nss/CVE-2021-43527.patch
new file mode 100644
index 0000000000..afec728805
--- /dev/null
+++ b/community/nss/CVE-2021-43527.patch
@@ -0,0 +1,352 @@
+
+# HG changeset patch
+# User Dennis Jackson <djackson@mozilla.com>
+# Date 1637577642 0
+# Node ID dea71cbef9e03636f37c6cb120f8deccce6e17dd
+# Parent da3d22d708c9cc0a32cff339658aeb627575e371
+Bug 1737470 - Ensure DER encoded signatures are within size limits. r=jschanck,mt,bbeurdouche,rrelyea
+
+Differential Revision: https://phabricator.services.mozilla.com/D129514
+
+diff --git a/lib/cryptohi/secvfy.c b/lib/cryptohi/secvfy.c
+--- a/nss/lib/cryptohi/secvfy.c
++++ b/nss/lib/cryptohi/secvfy.c
+@@ -159,58 +159,89 @@ verifyPKCS1DigestInfo(const VFYContext *
+ SECItem pkcs1DigestInfo;
+ pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
+ pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
+ return _SGN_VerifyPKCS1DigestInfo(
+ cx->hashAlg, digest, &pkcs1DigestInfo,
+ PR_FALSE /*XXX: unsafeAllowMissingParameters*/);
+ }
+
++static unsigned int
++checkedSignatureLen(const SECKEYPublicKey *pubk)
++{
++ unsigned int sigLen = SECKEY_SignatureLen(pubk);
++ if (sigLen == 0) {
++ /* Error set by SECKEY_SignatureLen */
++ return sigLen;
++ }
++ unsigned int maxSigLen;
++ switch (pubk->keyType) {
++ case rsaKey:
++ case rsaPssKey:
++ maxSigLen = (RSA_MAX_MODULUS_BITS + 7) / 8;
++ break;
++ case dsaKey:
++ maxSigLen = DSA_MAX_SIGNATURE_LEN;
++ break;
++ case ecKey:
++ maxSigLen = 2 * MAX_ECKEY_LEN;
++ break;
++ default:
++ PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
++ return 0;
++ }
++ if (sigLen > maxSigLen) {
++ PORT_SetError(SEC_ERROR_INVALID_KEY);
++ return 0;
++ }
++ return sigLen;
++}
++
+ /*
+ * decode the ECDSA or DSA signature from it's DER wrapping.
+ * The unwrapped/raw signature is placed in the buffer pointed
+ * to by dsig and has enough room for len bytes.
+ */
+ static SECStatus
+ decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
+ unsigned int len)
+ {
+ SECItem *dsasig = NULL; /* also used for ECDSA */
+- SECStatus rv = SECSuccess;
+
+- if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+- (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+- if (sig->len != len) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
++ /* Safety: Ensure algId is as expected and that signature size is within maxmimums */
++ if (algid == SEC_OID_ANSIX9_DSA_SIGNATURE) {
++ if (len > DSA_MAX_SIGNATURE_LEN) {
++ goto loser;
+ }
+-
+- PORT_Memcpy(dsig, sig->data, sig->len);
+- return SECSuccess;
++ } else if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
++ if (len > MAX_ECKEY_LEN * 2) {
++ goto loser;
++ }
++ } else {
++ goto loser;
+ }
+
+- if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+- if (len > MAX_ECKEY_LEN * 2) {
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return SECFailure;
+- }
++ /* Decode and pad to length */
++ dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
++ if (dsasig == NULL) {
++ goto loser;
+ }
+- dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+-
+- if ((dsasig == NULL) || (dsasig->len != len)) {
+- rv = SECFailure;
+- } else {
+- PORT_Memcpy(dsig, dsasig->data, dsasig->len);
++ if (dsasig->len != len) {
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++ goto loser;
+ }
+
+- if (dsasig != NULL)
+- SECITEM_FreeItem(dsasig, PR_TRUE);
+- if (rv == SECFailure)
+- PORT_SetError(SEC_ERROR_BAD_DER);
+- return rv;
++ PORT_Memcpy(dsig, dsasig->data, len);
++ SECITEM_FreeItem(dsasig, PR_TRUE);
++
++ return SECSuccess;
++
++loser:
++ PORT_SetError(SEC_ERROR_BAD_DER);
++ return SECFailure;
+ }
+
+ const SEC_ASN1Template hashParameterTemplate[] =
+ {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+ { SEC_ASN1_OBJECT_ID, 0 },
+ { SEC_ASN1_SKIP_REST },
+ { 0 }
+@@ -276,17 +307,17 @@ sec_GetEncAlgFromSigAlg(SECOidTag sigAlg
+ *
+ * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the
+ * algorithm was not found or was not a signing algorithm.
+ */
+ SECStatus
+ sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+ const SECItem *param, SECOidTag *encalgp, SECOidTag *hashalg)
+ {
+- int len;
++ unsigned int len;
+ PLArenaPool *arena;
+ SECStatus rv;
+ SECItem oid;
+ SECOidTag encalg;
+
+ PR_ASSERT(hashalg != NULL);
+ PR_ASSERT(encalgp != NULL);
+
+@@ -461,58 +492,62 @@ vfy_CreateContext(const SECKEYPublicKey
+ cx->wincx = wincx;
+ cx->hasSignature = (sig != NULL);
+ cx->encAlg = encAlg;
+ cx->hashAlg = hashAlg;
+ cx->key = SECKEY_CopyPublicKey(key);
+ cx->pkcs1RSADigestInfo = NULL;
+ rv = SECSuccess;
+ if (sig) {
+- switch (type) {
+- case rsaKey:
+- rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+- &cx->pkcs1RSADigestInfo,
+- &cx->pkcs1RSADigestInfoLen,
+- cx->key,
+- sig, wincx);
+- break;
+- case rsaPssKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
++ rv = SECFailure;
++ if (type == rsaKey) {
++ rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
++ &cx->pkcs1RSADigestInfo,
++ &cx->pkcs1RSADigestInfoLen,
++ cx->key,
++ sig, wincx);
++ } else {
++ sigLen = checkedSignatureLen(key);
++ /* Check signature length is within limits */
++ if (sigLen == 0) {
++ /* error set by checkedSignatureLen */
++ rv = SECFailure;
++ goto loser;
++ }
++ if (sigLen > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ switch (type) {
++ case rsaPssKey:
++ if (sig->len != sigLen) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ rv = SECFailure;
++ goto loser;
++ }
++ PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
++ rv = SECSuccess;
+ break;
+- }
+- if (sig->len != sigLen) {
+- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ case ecKey:
++ case dsaKey:
++ /* decodeECorDSASignature will check sigLen == sig->len after padding */
++ rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
++ break;
++ default:
++ /* Unreachable */
+ rv = SECFailure;
+- break;
+- }
+- PORT_Memcpy(cx->u.buffer, sig->data, sigLen);
+- break;
+- case dsaKey:
+- case ecKey:
+- sigLen = SECKEY_SignatureLen(key);
+- if (sigLen == 0) {
+- /* error set by SECKEY_SignatureLen */
+- rv = SECFailure;
+- break;
+- }
+- rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+- break;
+- default:
+- rv = SECFailure;
+- PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+- break;
++ goto loser;
++ }
++ }
++ if (rv != SECSuccess) {
++ goto loser;
+ }
+ }
+
+- if (rv)
+- goto loser;
+-
+ /* check hash alg again, RSA may have changed it.*/
+ if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+ /* error set by HASH_GetHashTypeByOidTag */
+ goto loser;
+ }
+ /* check the policy on the hash algorithm. Do this after
+ * the rsa decode because some uses of this function get hash implicitly
+ * from the RSA signature itself. */
+@@ -645,21 +680,26 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ if (cx->hashcx == NULL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
+ }
+ (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
+ switch (cx->key->keyType) {
+ case ecKey:
+ case dsaKey:
+- dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
+ return SECFailure;
+ }
++ if (dsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
++ return SECFailure;
++ }
++ dsasig.data = cx->u.buffer;
++
+ if (sig) {
+ rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+ dsasig.len);
+ if (rv != SECSuccess) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ }
+@@ -681,18 +721,23 @@ VFY_EndWithSignature(VFYContext *cx, SEC
+ cx->params,
+ &mech);
+ PORT_DestroyCheapArena(&tmpArena);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+
+ rsasig.data = cx->u.buffer;
+- rsasig.len = SECKEY_SignatureLen(cx->key);
++ rsasig.len = checkedSignatureLen(cx->key);
+ if (rsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ return SECFailure;
++ }
++ if (rsasig.len > sizeof(cx->u)) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ if (sig) {
+ if (sig->len != rsasig.len) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ return SECFailure;
+ }
+ PORT_Memcpy(rsasig.data, sig->data, rsasig.len);
+@@ -744,37 +789,42 @@ VFY_End(VFYContext *cx)
+ static SECStatus
+ vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+ const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+ void *wincx)
+ {
+ SECStatus rv;
+ VFYContext *cx;
+ SECItem dsasig; /* also used for ECDSA */
+-
+ rv = SECFailure;
+
+ cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+ if (cx != NULL) {
+ switch (key->keyType) {
+ case rsaKey:
+ rv = verifyPKCS1DigestInfo(cx, digest);
++ /* Error (if any) set by verifyPKCS1DigestInfo */
+ break;
+- case dsaKey:
+ case ecKey:
++ case dsaKey:
+ dsasig.data = cx->u.buffer;
+- dsasig.len = SECKEY_SignatureLen(cx->key);
++ dsasig.len = checkedSignatureLen(cx->key);
+ if (dsasig.len == 0) {
++ /* Error set by checkedSignatureLen */
++ rv = SECFailure;
+ break;
+ }
+- if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+- SECSuccess) {
++ if (dsasig.len > sizeof(cx->u)) {
+ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+- } else {
+- rv = SECSuccess;
++ rv = SECFailure;
++ break;
++ }
++ rv = PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx);
++ if (rv != SECSuccess) {
++ PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+ }
+ break;
+ default:
+ break;
+ }
+ VFY_DestroyContext(cx, PR_TRUE);
+ }
+ return rv;
+
diff --git a/community/php7-pecl-imagick/APKBUILD b/community/php7-pecl-imagick/APKBUILD
index 6ff2d96f8a..dba11f73a6 100644
--- a/community/php7-pecl-imagick/APKBUILD
+++ b/community/php7-pecl-imagick/APKBUILD
@@ -3,7 +3,7 @@
pkgname=php7-pecl-imagick
_extname=imagick
pkgver=3.4.4
-pkgrel=8
+pkgrel=9
pkgdesc="PHP 7 extension provides a wrapper to the ImageMagick library - PECL"
url="https://pecl.php.net/package/imagick"
arch="all !x86" # https://gitlab.alpinelinux.org/alpine/aports/-/issues/12537
diff --git a/community/php7/APKBUILD b/community/php7/APKBUILD
index ea81ac853a..a85719ff66 100644
--- a/community/php7/APKBUILD
+++ b/community/php7/APKBUILD
@@ -25,7 +25,7 @@
pkgname=php7
_pkgreal=php
-pkgver=7.4.24
+pkgver=7.4.26
pkgrel=0
_apiver=20190902
_suffix=${pkgname#php}
@@ -174,6 +174,10 @@ done
subpackages="$subpackages $pkgname-common::noarch"
# secfixes:
+# 7.4.26-r0:
+# - CVE-2021-21707
+# 7.4.25-r0:
+# - CVE-2021-21703
# 7.4.24-r0:
# - CVE-2021-21706
# 7.4.21-r0:
@@ -682,7 +686,7 @@ _mv() {
}
sha512sums="
-30dd0a83d6184791f4cff3edcffeb05470de8f98ddadba3c11544449bf500280ff2048a8ca8588b35d0622dcbbf16f55ea297f51d469ae137048cab2d40da9cd php-7.4.24.tar.xz
+36cd493c9c95aabb1ee47e82cb0c20b2be99fe7ebd98743355139064590d0b9a1746d71e31dd47f164df34ebe3f8366a75f3efc149262e1391b43d83d3045c6e php-7.4.26.tar.xz
1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd
cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate
274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf
diff --git a/community/php8-pecl-imagick/APKBUILD b/community/php8-pecl-imagick/APKBUILD
index 21d3909148..070cf1da9d 100644
--- a/community/php8-pecl-imagick/APKBUILD
+++ b/community/php8-pecl-imagick/APKBUILD
@@ -3,7 +3,7 @@
pkgname=php8-pecl-imagick
_extname=imagick
pkgver=3.4.4
-pkgrel=1
+pkgrel=2
pkgdesc="PHP 8 extension provides a wrapper to the ImageMagick library - PECL"
url="https://pecl.php.net/package/imagick"
arch="all !x86" # https://gitlab.alpinelinux.org/alpine/aports/-/issues/12537
diff --git a/community/php8/APKBUILD b/community/php8/APKBUILD
index 3ba058d3c3..9407a76659 100644
--- a/community/php8/APKBUILD
+++ b/community/php8/APKBUILD
@@ -25,7 +25,7 @@
pkgname=php8
_pkgreal=php
-pkgver=8.0.11
+pkgver=8.0.13
pkgrel=0
_apiver=20200930
_suffix=${pkgname#php}
@@ -172,6 +172,10 @@ done
subpackages="$subpackages $pkgname-common::noarch"
# secfixes:
+# 8.0.13-r0:
+# - CVE-2021-21707
+# 8.0.12-r0:
+# - CVE-2021-21703
# 8.0.11-r0:
# - CVE-2021-21706
# 8.0.8-r0:
@@ -614,7 +618,7 @@ _mv() {
}
sha512sums="
-2d346959b2691ea0d5334dc9cad225b7a65ec53d6a6493f3b95c4819a0c088bec36aa1bf4ab3c8044a631bcfefb689d85463ff2259d42000e65dac30badcc59d php-8.0.11.tar.xz
+cb00482b74146670c4644f4b5da63b40d9afd111e198cdf1e67bfcf4280501a657b4fbad8fd7580f4e3f537db3c8a9db5f4115d3a466392cefac9866e233fa49 php-8.0.13.tar.xz
8a9a63cddfd9bdde23db85a7be0711e14688bab35b580abd0184d370c54de80b72cbdeb369570cd23927154984f024eaad5d222d53d9e19130fb2e8758dd4540 php8-fpm.initd
cd3a96d3febde3b6657ed80ff58945641443e84e5e0fd3d9df29e640e9549bc452a3412f1999fa02ae1ee2b64c08040998fa75805f67e0252741c376e26e1c3c php8-fpm.logrotate
95f536addfbb28fbca8b14da46d95a3595369d6e98d345f55f0fda1b12bdefd1579a27505424e7d1088a987d330798253cec9bd42b544bb567189cba746217c7 php8-module.conf
diff --git a/community/py3-wgnlpy/APKBUILD b/community/py3-wgnlpy/APKBUILD
index c7e2b8182f..59c4a95ec9 100644
--- a/community/py3-wgnlpy/APKBUILD
+++ b/community/py3-wgnlpy/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Thomas Liske <thomas@fiasko-nw.net>
pkgname=py3-wgnlpy
_pkgname=wgnlpy
-pkgver=0.1.4
+pkgver=0.1.5
pkgrel=0
pkgdesc="Python Netlink connector to WireGuard"
url="https://github.com/ArgosyLabs/wgnlpy"
@@ -22,4 +22,4 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="9969bf6663d1da0dfb30b68df4e6647332df461697b3f4f53e931064af7378e1ec2187f97b83ebc69e246b9555dbc89a27a844fc5acd686a2659f54421c345bb wgnlpy-0.1.4.tar.gz"
+sha512sums="a5a7c49143bd699f230988b928c7e8b1563fd2b86ab74154e641c5e2c152efe1daab5c3b19e436ddd03d2f5336d43d176bd2bd57261260b8baeab3e4d65d4e19 wgnlpy-0.1.5.tar.gz"
diff --git a/community/rtl8821ce-lts/APKBUILD b/community/rtl8821ce-lts/APKBUILD
index c21e408e73..f1cdfa1763 100644
--- a/community/rtl8821ce-lts/APKBUILD
+++ b/community/rtl8821ce-lts/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Kevin Daudt <kdaudt@alpinelinux.org>
# Maintainer: Kevin Daudt <kdaudt@alpinelinux.org>
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_flavor="$FLAVOR"
[ -z "$_flavor" ] && _flavor=lts
diff --git a/community/rtpengine-lts/APKBUILD b/community/rtpengine-lts/APKBUILD
index f20d9a3b46..86e3c7b874 100644
--- a/community/rtpengine-lts/APKBUILD
+++ b/community/rtpengine-lts/APKBUILD
@@ -5,7 +5,7 @@ _ver=9.0.1.10
_rel=0
# kernel version
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/community/zbar/APKBUILD b/community/zbar/APKBUILD
index d6496b0e83..d02cd8b1bf 100644
--- a/community/zbar/APKBUILD
+++ b/community/zbar/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Diego Queiroz <diego.queiroz@gmail.com>
pkgname=zbar
pkgver=0.23.1
-pkgrel=2
+pkgrel=3
pkgdesc="Port of ZBAR BAR CODE READER"
url="http://zbar.sourceforge.net/"
arch="all"
diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD
index 852f74b19f..42b593bacc 100644
--- a/main/alpine-base/APKBUILD
+++ b/main/alpine-base/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-base
-pkgver=3.13.6
+pkgver=3.13.7
pkgrel=0
pkgdesc="Meta package for minimal alpine base"
url="https://alpinelinux.org"
diff --git a/main/alpine-keys/APKBUILD b/main/alpine-keys/APKBUILD
index 39465f0c69..9c95f33c46 100644
--- a/main/alpine-keys/APKBUILD
+++ b/main/alpine-keys/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=alpine-keys
-pkgver=2.3
+pkgver=2.4
pkgrel=0
pkgdesc="Public keys for Alpine Linux packages"
url="https://alpinelinux.org"
@@ -12,19 +12,27 @@ options="!check" # No testsuite
_arch_keys="
aarch64:alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub
+ aarch64:alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
armhf,armv7:alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
+ armv7:alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
+ armhf:alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
x86:alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+ x86:alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
x86,x86_64:alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
x86_64:alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+ x86_64:alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
ppc64le:alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub
+ ppc64le:alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
s390x:alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub
+ s390x:alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
mips64:alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub
riscv64:alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub
+ riscv64:alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
"
for _i in $_arch_keys; do
@@ -99,12 +107,20 @@ package() {
sha512sums="
e4f9e314f8e506fba2cb3e599c6412a036ec37ce3a54990fc7d80a821d8728f40ee3b4aa8a15218d50341fa785d9ddf7c7471f45018c6a2065ab13664a1aa9e9 alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub
+51a5ec21283fe218809b2325202e1f8c9b2551705db48254b9d48a04f4ed0075de51e9886c4704647ffb309fd32d9850d14013848a53038039e85011251fe1cc alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
698fda502f70365a852de3c10636eadfc4f70a7a00f096581119aef665e248b787004ceef63f4c8cb18c6f88d18b8b1bd6b3c5d260e79e6d73a3cc09537b196e alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub
+a98095a626f2dcbda73ffd8873ba2d609ee1d881f5da13b0eb3469ddd58b06440b4b0b2f791b037c88073e9a17c6dfc62dc1a4c8491bed871524d772ef04ad24 alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
+7aa5526a88519ae91f997bf914a9bd3d230b21c011587f155ce22c4bb94b70181b28590027eb555d96d1122dffb8242c1fb044228e99b4e9b7650fcf6f5121c7 alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
e18e65ee911eb1f8ea869f758e8f2c94cf2ac254ee7ab90a3de1d47b94a547c2066214abf710da21910ebedc0153d05fd4fe579cc5ce24f46e0cfd29a02b1a68 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub
+b89d825e6af73687339848817791b294e2404162e2e069d9212d76d4ee53d6216eb75421a07b02f9778ef57dbb27962b2436247264eea1a1d882967ca0c18724 alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
2d4064cbe09ff958493ec86bcb925af9b7517825d1d9d8d00f2986201ad5952f986fea83d1e2c177e92130700bafa8c0bff61411b3cdb59a41e460ed719580a6 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
721134f289ab1e7dde9158359906017daee40983199fe55f28206c8cdc46b8fcf177a36f270ce374b0eba5dbe01f68cbb3e385ae78a54bb0a2ed1e83a4d820a5 alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
+8b9c2208c904c9f34d9d01d3d68b224208530e684265df214deb8c9e6b4b19633aa48a405e673249c9e93a8ee194a336e951cd82a4e27e5e66e85fdc5e0d495e alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
bb5a3df8fac14a62d5936fb3722873fa6a121219b703cba955eb77de38c4384aeaf378fb9321a655e255f0be761e894e309b3789867279c1524dab6300cd8ef1 alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub
+bad4da65221150a5d4cc6f63981e4dd203d40844d32e82c17f346eee5350e460e32d28f0e231a2b78d326ec32b898eec597d3787dae47dcacc9a9776d19fb4a1 alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
0666389ca53121453578cd4bef5fd06e159e291164b3e3233e7d6521604f8bebd30caeef1663adcd5309e07278833402c8a92c33294ec0c5cada24dc47c8cc98 alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub
+83fc29066f6073418ecf01176ce24c1c0e788508f3083a97691706e2c78323e53448060fb0d2abb8118a759570f1f0db9d39953c63fe26fe06da2be05dff393c alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
66ce9677e9c2a7961d5d7bc5b162ed3114a7aef6d01181073c1f42a9934966eecded2ec09deb210f5a389d434d1641ba35fe3abdd5246b2e97d5a5b26a945c5c alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub
34514100e502f449dcabe0aa550232c3330ed2f0b789b977eb228d4ac86afc93479474ac005914992a3b47c18ee3eb32ca27ccd0d392700a8f11f47d64a78969 alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub
+7cea57204a50d72bddff201c509ccbf06773d87062a3ead0a206cc6e4a00e0960f52d21f7cee7aaec6a4abba7a697e2e2e7f630fa1ccef7ee2c33908fca18998 alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
"
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
new file mode 100644
index 0000000000..f2165aebad
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAutQkua2CAig4VFSJ7v54
+ALyu/J1WB3oni7qwCZD3veURw7HxpNAj9hR+S5N/pNeZgubQvJWyaPuQDm7PTs1+
+tFGiYNfAsiibX6Rv0wci3M+z2XEVAeR9Vzg6v4qoofDyoTbovn2LztaNEjTkB+oK
+tlvpNhg1zhou0jDVYFniEXvzjckxswHVb8cT0OMTKHALyLPrPOJzVtM9C1ew2Nnc
+3848xLiApMu3NBk0JqfcS3Bo5Y2b1FRVBvdt+2gFoKZix1MnZdAEZ8xQzL/a0YS5
+Hd0wj5+EEKHfOd3A75uPa/WQmA+o0cBFfrzm69QDcSJSwGpzWrD1ScH3AK8nWvoj
+v7e9gukK/9yl1b4fQQ00vttwJPSgm9EnfPHLAtgXkRloI27H6/PuLoNvSAMQwuCD
+hQRlyGLPBETKkHeodfLoULjhDi1K2gKJTMhtbnUcAA7nEphkMhPWkBpgFdrH+5z4
+Lxy+3ek0cqcI7K68EtrffU8jtUj9LFTUC8dERaIBs7NgQ/LfDbDfGh9g6qVj1hZl
+k9aaIPTm/xsi8v3u+0qaq7KzIBc9s59JOoA8TlpOaYdVgSQhHHLBaahOuAigH+VI
+isbC9vmqsThF2QdDtQt37keuqoda2E6sL7PUvIyVXDRfwX7uMDjlzTxHTymvq2Ck
+htBqojBnThmjJQFgZXocHG8CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
new file mode 100644
index 0000000000..aa63d81d66
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlEyxkHggKCXC2Wf5Mzx4
+nZLFZvU2bgcA3exfNPO/g1YunKfQY+Jg4fr6tJUUTZ3XZUrhmLNWvpvSwDS19ZmC
+IXOu0+V94aNgnhMsk9rr59I8qcbsQGIBoHzuAl8NzZCgdbEXkiY90w1skUw8J57z
+qCsMBydAueMXuWqF5nGtYbi5vHwK42PffpiZ7G5Kjwn8nYMW5IZdL6ZnMEVJUWC9
+I4waeKg0yskczYDmZUEAtrn3laX9677ToCpiKrvmZYjlGl0BaGp3cxggP2xaDbUq
+qfFxWNgvUAb3pXD09JM6Mt6HSIJaFc9vQbrKB9KT515y763j5CC2KUsilszKi3mB
+HYe5PoebdjS7D1Oh+tRqfegU2IImzSwW3iwA7PJvefFuc/kNIijfS/gH/cAqAK6z
+bhdOtE/zc7TtqW2Wn5Y03jIZdtm12CxSxwgtCF1NPyEWyIxAQUX9ACb3M0FAZ61n
+fpPrvwTaIIxxZ01L3IzPLpbc44x/DhJIEU+iDt6IMTrHOphD9MCG4631eIdB0H1b
+6zbNX1CXTsafqHRFV9XmYYIeOMggmd90s3xIbEujA6HKNP/gwzO6CDJ+nHFDEqoF
+SkxRdTkEqjTjVKieURW7Swv7zpfu5PrsrrkyGnsRrBJJzXlm2FOOxnbI2iSL1B5F
+rO5kbUxFeZUIDq+7Yv4kLWcCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
new file mode 100644
index 0000000000..59c330e9f7
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnC+bR4bHf/L6QdU4puhQ
+gl1MHePszRC38bzvVFDUJsmCaMCL2suCs2A2yxAgGb9pu9AJYLAmxQC4mM3jNqhg
+/E7yuaBbek3O02zN/ctvflJ250wZCy+z0ZGIp1ak6pu1j14IwHokl9j36zNfGtfv
+ADVOcdpWITFFlPqwq1qt/H3UsKVmtiF3BNWWTeUEQwKvlU8ymxgS99yn0+4OPyNT
+L3EUeS+NQJtDS01unau0t7LnjUXn+XIneWny8bIYOQCuVR6s/gpIGuhBaUqwaJOw
+7jkJZYF2Ij7uPb4b5/R3vX2FfxxqEHqssFSg8FFUNTZz3qNZs0CRVyfA972g9WkJ
+hPfn31pQYil4QGRibCMIeU27YAEjXoqfJKEPh4UWMQsQLrEfdGfb8VgwrPbniGfU
+L3jKJR3VAafL9330iawzVQDlIlwGl6u77gEXMl9K0pfazunYhAp+BMP+9ot5ckK+
+osmrqj11qMESsAj083GeFdfV3pXEIwUytaB0AKEht9DbqUfiE/oeZ/LAXgySMtVC
+sbC4ESmgVeY2xSBIJdDyUap7FR49GGrw0W49NUv9gRgQtGGaNVQQO9oGL2PBC41P
+iWF9GLoX30HIz1P8PF/cZvicSSPkQf2Z6TV+t0ebdGNS5DjapdnCrq8m9Z0pyKsQ
+uxAL2a7zX8l5i1CZh1ycUGsCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
new file mode 100644
index 0000000000..915bc566b7
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0MfCDrhODRCIxR9Dep1s
+eXafh5CE5BrF4WbCgCsevyPIdvTeyIaW4vmO3bbG4VzhogDZju+R3IQYFuhoXP5v
+Y+zYJGnwrgz3r5wYAvPnLEs1+dtDKYOgJXQj+wLJBW1mzRDL8FoRXOe5iRmn1EFS
+wZ1DoUvyu7/J5r0itKicZp3QKED6YoilXed+1vnS4Sk0mzN4smuMR9eO1mMCqNp9
+9KTfRDHTbakIHwasECCXCp50uXdoW6ig/xUAFanpm9LtK6jctNDbXDhQmgvAaLXZ
+LvFqoaYJ/CvWkyYCgL6qxvMvVmPoRv7OPcyni4xR/WgWa0MSaEWjgPx3+yj9fiMA
+1S02pFWFDOr5OUF/O4YhFJvUCOtVsUPPfA/Lj6faL0h5QI9mQhy5Zb9TTaS9jB6p
+Lw7u0dJlrjFedk8KTJdFCcaGYHP6kNPnOxMylcB/5WcztXZVQD5WpCicGNBxCGMm
+W64SgrV7M07gQfL/32QLsdqPUf0i8hoVD8wfQ3EpbQzv6Fk1Cn90bZqZafg8XWGY
+wddhkXk7egrr23Djv37V2okjzdqoyLBYBxMz63qQzFoAVv5VoY2NDTbXYUYytOvG
+GJ1afYDRVWrExCech1mX5ZVUB1br6WM+psFLJFoBFl6mDmiYt0vMYBddKISsvwLl
+IJQkzDwtXzT2cSjoj3T5QekCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
new file mode 100644
index 0000000000..1e49d24690
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvaaoSLab+IluixwKV5Od
+0gib2YurjPatGIbn5Ov2DLUFYiebj2oJINXJSwUOO+4WcuHFEqiL/1rya+k5hLZt
+hnPL1tn6QD4rESznvGSasRCQNT2vS/oyZbTYJRyAtFkEYLlq0t3S3xBxxHWuvIf0
+qVxVNYpQWyM3N9RIeYBR/euXKJXileSHk/uq1I5wTC0XBIHWcthczGN0m9wBEiWS
+0m3cnPk4q0Ea8mUJ91Rqob19qETz6VbSPYYpZk3qOycjKosuwcuzoMpwU8KRiMFd
+5LHtX0Hx85ghGsWDVtS0c0+aJa4lOMGvJCAOvDfqvODv7gKlCXUpgumGpLdTmaZ8
+1RwqspAe3IqBcdKTqRD4m2mSg23nVx2FAY3cjFvZQtfooT7q1ItRV5RgH6FhQSl7
++6YIMJ1Bf8AAlLdRLpg+doOUGcEn+pkDiHFgI8ylH1LKyFKw+eXaAml/7DaWZk1d
+dqggwhXOhc/UUZFQuQQ8A8zpA13PcbC05XxN2hyP93tCEtyynMLVPtrRwDnHxFKa
+qKzs3rMDXPSXRn3ZZTdKH3069ApkEjQdpcwUh+EmJ1Ve/5cdtzT6kKWCjKBFZP/s
+91MlRrX2BTRdHaU5QJkUheUtakwxuHrdah2F94lRmsnQlpPr2YseJu6sIE+Dnx4M
+CfhdVbQL2w54R645nlnohu8CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
new file mode 100644
index 0000000000..bb15efe96d
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq0BFD1D4lIxQcsqEpQzU
+pNCYM3aP1V/fxxVdT4DWvSI53JHTwHQamKdMWtEXetWVbP5zSROniYKFXd/xrD9X
+0jiGHey3lEtylXRIPxe5s+wXoCmNLcJVnvTcDtwx/ne2NLHxp76lyc25At+6RgE6
+ADjLVuoD7M4IFDkAsd8UQ8zM0Dww9SylIk/wgV3ZkifecvgUQRagrNUdUjR56EBZ
+raQrev4hhzOgwelT0kXCu3snbUuNY/lU53CoTzfBJ5UfEJ5pMw1ij6X0r5S9IVsy
+KLWH1hiO0NzU2c8ViUYCly4Fe9xMTFc6u2dy/dxf6FwERfGzETQxqZvSfrRX+GLj
+/QZAXiPg5178hT/m0Y3z5IGenIC/80Z9NCi+byF1WuJlzKjDcF/TU72zk0+PNM/H
+Kuppf3JT4DyjiVzNC5YoWJT2QRMS9KLP5iKCSThwVceEEg5HfhQBRT9M6KIcFLSs
+mFjx9kNEEmc1E8hl5IR3+3Ry8G5/bTIIruz14jgeY9u5jhL8Vyyvo41jgt9sLHR1
+/J1TxKfkgksYev7PoX6/ZzJ1ksWKZY5NFoDXTNYUgzFUTOoEaOg3BAQKadb3Qbbq
+XIrxmPBdgrn9QI7NCgfnAY3Tb4EEjs3ON/BNyEhUENcXOH6I1NbcuBQ7g9P73kE4
+VORdoc8MdJ5eoKBpO8Ww8HECAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
new file mode 100644
index 0000000000..0ecbccc2e4
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyduVzi1mWm+lYo2Tqt/0
+XkCIWrDNP1QBMVPrE0/ZlU2bCGSoo2Z9FHQKz/mTyMRlhNqTfhJ5qU3U9XlyGOPJ
+piM+b91g26pnpXJ2Q2kOypSgOMOPA4cQ42PkHBEqhuzssfj9t7x47ppS94bboh46
+xLSDRff/NAbtwTpvhStV3URYkxFG++cKGGa5MPXBrxIp+iZf9GnuxVdST5PGiVGP
+ODL/b69sPJQNbJHVquqUTOh5Ry8uuD2WZuXfKf7/C0jC/ie9m2+0CttNu9tMciGM
+EyKG1/Xhk5iIWO43m4SrrT2WkFlcZ1z2JSf9Pjm4C2+HovYpihwwdM/OdP8Xmsnr
+DzVB4YvQiW+IHBjStHVuyiZWc+JsgEPJzisNY0Wyc/kNyNtqVKpX6dRhMLanLmy+
+f53cCSI05KPQAcGj6tdL+D60uKDkt+FsDa0BTAobZ31OsFVid0vCXtsbplNhW1IF
+HwsGXBTVcfXg44RLyL8Lk/2dQxDHNHzAUslJXzPxaHBLmt++2COa2EI1iWlvtznk
+Ok9WP8SOAIj+xdqoiHcC4j72BOVVgiITIJNHrbppZCq6qPR+fgXmXa+sDcGh30m6
+9Wpbr28kLMSHiENCWTdsFij+NQTd5S47H7XTROHnalYDuF1RpS+DpQidT5tUimaT
+JZDr++FjKrnnijbyNF8b98UCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
new file mode 100644
index 0000000000..ceffa3ace9
--- /dev/null
+++ b/main/alpine-keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub
@@ -0,0 +1,14 @@
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnpUpyWDWjlUk3smlWeA0
+lIMW+oJ38t92CRLHH3IqRhyECBRW0d0aRGtq7TY8PmxjjvBZrxTNDpJT6KUk4LRm
+a6A6IuAI7QnNK8SJqM0DLzlpygd7GJf8ZL9SoHSH+gFsYF67Cpooz/YDqWrlN7Vw
+tO00s0B+eXy+PCXYU7VSfuWFGK8TGEv6HfGMALLjhqMManyvfp8hz3ubN1rK3c8C
+US/ilRh1qckdbtPvoDPhSbTDmfU1g/EfRSIEXBrIMLg9ka/XB9PvWRrekrppnQzP
+hP9YE3x/wbFc5QqQWiRCYyQl/rgIMOXvIxhkfe8H5n1Et4VAorkpEAXdsfN8KSVv
+LSMazVlLp9GYq5SUpqYX3KnxdWBgN7BJoZ4sltsTpHQ/34SXWfu3UmyUveWj7wp0
+x9hwsPirVI00EEea9AbP7NM2rAyu6ukcm4m6ATd2DZJIViq2es6m60AE6SMCmrQF
+wmk4H/kdQgeAELVfGOm2VyJ3z69fQuywz7xu27S6zTKi05Qlnohxol4wVb6OB7qG
+LPRtK9ObgzRo/OPumyXqlzAi/Yvyd1ZQk8labZps3e16bQp8+pVPiumWioMFJDWV
+GZjCmyMSU8V6MB6njbgLHoyg2LCukCAeSjbPGGGYhnKLm1AKSoJh3IpZuqcKCk5C
+8CM1S15HxV78s9dFntEqIokCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD
index 4b6dc0e204..ff191b3f8b 100644
--- a/main/apache2/APKBUILD
+++ b/main/apache2/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Valery Kartel <valery.kartel@gmail.com>
pkgname=apache2
_pkgreal=httpd
-pkgver=2.4.51
+pkgver=2.4.52
pkgrel=0
pkgdesc="A high performance Unix-based HTTP server"
url="https://httpd.apache.org/"
@@ -51,6 +51,9 @@ options="suid"
builddir="$srcdir"/$_pkgreal-$pkgver
# secfixes:
+# 2.4.52-r0:
+# - CVE-2021-44224
+# - CVE-2021-44790
# 2.4.51-r0:
# - CVE-2021-42013
# 2.4.50-r0:
@@ -379,7 +382,7 @@ _lua() {
}
sha512sums="
-9fb07c4b176f5c0485a143e2b1bb1085345ca9120b959974f68c37a8911a57894d2cb488b1b42fdf3102860b99e890204f5e9fa7ae3828b481119c563812cc66 httpd-2.4.51.tar.bz2
+97c021c576022a9d32f4a390f62e07b5f550973aef2f299fd52defce1a9fa5d27bd4a676e7bf214373ba46063d34aecce42de62fdd93678a4e925cfcbb2afdf6 httpd-2.4.52.tar.bz2
8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd
18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate
81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
index 832c7e8c9c..794f086804 100644
--- a/main/busybox/APKBUILD
+++ b/main/busybox/APKBUILD
@@ -4,7 +4,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=busybox
pkgver=1.32.1
-pkgrel=6
+pkgrel=7
pkgdesc="Size optimized toolbox of many common UNIX utilities"
url="https://busybox.net/"
arch="all"
@@ -40,6 +40,10 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
traceroute-opt-x.patch::https://git.busybox.net/busybox/patch/?id=89358a7131d3e75c74af834bb117b4fad7914983
+ CVE-2021-42374.patch
+ CVE-2021-42375.patch
+ awk-fixes.patch
+
acpid.logrotate
busyboxconfig
busyboxconfig-extras
@@ -50,6 +54,18 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
"
# secfixes:
+# 1.32.1-r7:
+# - CVE-2021-42374
+# - CVE-2021-42375
+# - CVE-2021-42378
+# - CVE-2021-42379
+# - CVE-2021-42380
+# - CVE-2021-42381
+# - CVE-2021-42382
+# - CVE-2021-42383
+# - CVE-2021-42384
+# - CVE-2021-42385
+# - CVE-2021-42386
# 1.32.1-r4:
# - CVE-2021-28831
# 1.30.1-r2:
@@ -62,6 +78,10 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2
# - CVE-2017-16544
# - CVE-2017-15873
# - CVE-2017-15874
+# 0:
+# - CVE-2021-42373
+# - CVE-2021-42376
+# - CVE-2021-42377
_staticdir="$srcdir"/build-static
@@ -246,6 +266,9 @@ df02adb3e3cd3349cc8d070911e3392164cb2e30bd72cae7ceaa974b2db6f958fdcedf809abc7b4b
4d043999ffbf6875e6b28ffdb43a36dd5d37d51e862ed7d89c6007e38cdda056292c5322a3ac3189fd489bf3ad1cce7b20508a96aee55c09f09354e1c3f5f5fe 0012-udhcpc-Don-t-background-if-n-is-given.patch
1ec62ab67e32684e2bbfbafefc9e2bffeb758248a97a1ed9468f449d1fc67fca5c1a6743acc889e12c6f18636708e35ba4bab3345c4994eea6be11f10c9a128c 0001-echo-do-not-assume-that-free-leaves-errno-unmodified.patch
c6dc917e67ab4c9aa0294f22707fd3cfc8cb37d703d8a0bce7f257ac9fb931dc4b815ab1d5e4f3ed3520b6ba046bdc1fbd0d1f8ed73b8d2d51f9238f03e03688 traceroute-opt-x.patch
+0e241dc63d49103569852089c07149a2ff2599331f988ca20e8f6f606e560795b919ceffb6b3f4f1aba56b688b969c52bfdc2d1deb7c6ec08deaf707771b996a CVE-2021-42374.patch
+9efaef6fd2099e3f2adf04a6c77a67bf6be84324565ce39725111b1538974d2e2c7febe9ad17086e7f900e9c0335a8e43e2330ddb6547772b4e5443f5cbc704e CVE-2021-42375.patch
+52c885b9e0f9cfaf6d1ab8f7c988f9e43bc422a9017ea4e369fc79cd0e63510b8eb375dde88ec138382b1d67c8045b661fda150434d80c131bd1b7302ee02771 awk-fixes.patch
aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate
2f093f620b6d9dcef6e2e00c5395143b6497882653b4155ff313dff26210be91059cabafc606324c0230e80a461e0560839b14bf37e20671a7b8762f488b6c8f busyboxconfig
931e628184a25ae29760f7853c15c570dfb33075af167346e9662b9c7c5829e834ec81027bb10526c376261d229152bb096eb741cea0a5c0e3c614dd2c9d287e busyboxconfig-extras
diff --git a/main/busybox/CVE-2021-42374.patch b/main/busybox/CVE-2021-42374.patch
new file mode 100644
index 0000000000..000ea4eb4f
--- /dev/null
+++ b/main/busybox/CVE-2021-42374.patch
@@ -0,0 +1,45 @@
+From 0a79496ff649bd4b426b14a2a8810e84c3dccb34 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Tue, 15 Jun 2021 15:07:57 +0200
+Subject: [PATCH] unlzma: fix a case where we could read before beginning of
+ buffer
+
+CVE-2021-42374
+
+Testcase:
+
+ 21 01 01 00 00 00 00 00 e7 01 01 01 ef 00 df b6
+ 00 17 02 10 11 0f ff 00 16 00 00
+
+Unfortunately, the bug is not reliably causing a segfault,
+the behavior depends on what's in memory before the buffer.
+
+function old new delta
+unpack_lzma_stream 2762 2768 +6
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 04f052c56ded5ab6a904e3a264a73dc0412b2e78)
+---
+ archival/libarchive/decompress_unlzma.c | 5 ++++-
+ testsuite/unlzma.tests | 17 +++++++++++++----
+ testsuite/unlzma_issue_3.lzma | Bin 0 -> 27 bytes
+ 3 files changed, 17 insertions(+), 5 deletions(-)
+ create mode 100644 testsuite/unlzma_issue_3.lzma
+
+diff --git a/archival/libarchive/decompress_unlzma.c b/archival/libarchive/decompress_unlzma.c
+index 0744f231a..fb5aac8fe 100644
+--- a/archival/libarchive/decompress_unlzma.c
++++ b/archival/libarchive/decompress_unlzma.c
+@@ -290,8 +290,11 @@ unpack_lzma_stream(transformer_state_t *xstate)
+ uint32_t pos;
+
+ pos = buffer_pos - rep0;
+- if ((int32_t)pos < 0)
++ if ((int32_t)pos < 0) {
+ pos += header.dict_size;
++ if ((int32_t)pos < 0)
++ goto bad;
++ }
+ match_byte = buffer[pos];
+ do {
+ int bit;
diff --git a/main/busybox/CVE-2021-42375.patch b/main/busybox/CVE-2021-42375.patch
new file mode 100644
index 0000000000..612fe080b7
--- /dev/null
+++ b/main/busybox/CVE-2021-42375.patch
@@ -0,0 +1,53 @@
+From fb907d48644ff499a0957e717ca16840859ef0da Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Fri, 25 Jun 2021 02:09:41 +0200
+Subject: [PATCH] ash: parser: Fix VSLENGTH parsing with trailing garbage
+
+CVE-2021-42375
+
+Let's adopt Herbert Xu's patch, not waiting for it to reach dash git:
+hush already has a similar fix.
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+(cherry picked from commit 53a7a9cd8c15d64fcc2278cf8981ba526dfbe0d2)
+---
+ shell/ash.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/shell/ash.c b/shell/ash.c
+index 00b33cc86..e7a1b4161 100644
+--- a/shell/ash.c
++++ b/shell/ash.c
+@@ -12633,7 +12633,7 @@ parsesub: {
+ do {
+ STPUTC(c, out);
+ c = pgetc_eatbnl();
+- } while (!subtype && isdigit(c));
++ } while ((subtype == 0 || subtype == VSLENGTH) && isdigit(c));
+ } else if (c != '}') {
+ /* $[{[#]]<specialchar>[}] */
+ int cc = c;
+@@ -12663,11 +12663,6 @@ parsesub: {
+ } else
+ goto badsub;
+
+- if (c != '}' && subtype == VSLENGTH) {
+- /* ${#VAR didn't end with } */
+- goto badsub;
+- }
+-
+ if (subtype == 0) {
+ static const char types[] ALIGN1 = "}-+?=";
+ /* ${VAR...} but not $VAR or ${#VAR} */
+@@ -12724,6 +12719,8 @@ parsesub: {
+ #endif
+ }
+ } else {
++ if (subtype == VSLENGTH && c != '}')
++ subtype = 0;
+ badsub:
+ pungetc();
+ }
+--
+2.33.1
+
diff --git a/main/busybox/awk-fixes.patch b/main/busybox/awk-fixes.patch
new file mode 100644
index 0000000000..632e12d221
--- /dev/null
+++ b/main/busybox/awk-fixes.patch
@@ -0,0 +1,3163 @@
+Diff from all patches 1.32_0..1_34_0.
+
+Generated with:
+git format-patch --stdout 1_32_0..1_34_0 -- editors/awk.c | git am -3
+
+diff --git a/editors/awk.c b/editors/awk.c
+index f7451ae32..3adbca7aa 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -66,6 +66,8 @@
+ #endif
+ #ifndef debug_printf_parse
+ # define debug_printf_parse(...) (fprintf(stderr, __VA_ARGS__))
++#else
++# define debug_parse_print_tc(...) ((void)0)
+ #endif
+
+
+@@ -91,7 +93,6 @@ enum {
+ };
+
+ #define MAXVARFMT 240
+-#define MINNVBLOCK 64
+
+ /* variable flags */
+ #define VF_NUMBER 0x0001 /* 1 = primary type is number */
+@@ -101,7 +102,7 @@ enum {
+ #define VF_USER 0x0200 /* 1 = user input (may be numeric string) */
+ #define VF_SPECIAL 0x0400 /* 1 = requires extra handling when changed */
+ #define VF_WALK 0x0800 /* 1 = variable has alloc'd x.walker list */
+-#define VF_FSTR 0x1000 /* 1 = var::string points to fstring buffer */
++#define VF_FSTR 0x1000 /* 1 = don't free() var::string (not malloced, or is owned by something else) */
+ #define VF_CHILD 0x2000 /* 1 = function arg; x.parent points to source */
+ #define VF_DIRTY 0x4000 /* 1 = variable was set explicitly */
+
+@@ -118,8 +119,8 @@ typedef struct walker_list {
+ /* Variable */
+ typedef struct var_s {
+ unsigned type; /* flags */
+- double number;
+ char *string;
++ double number;
+ union {
+ int aidx; /* func arg idx (for compilation stage) */
+ struct xhash_s *array; /* array ptr */
+@@ -138,6 +139,7 @@ typedef struct chain_s {
+ /* Function */
+ typedef struct func_s {
+ unsigned nargs;
++ smallint defined;
+ struct chain_s body;
+ } func;
+
+@@ -177,7 +179,7 @@ typedef struct node_s {
+ struct node_s *n;
+ var *v;
+ int aidx;
+- char *new_progname;
++ const char *new_progname;
+ regex_t *re;
+ } l;
+ union {
+@@ -190,91 +192,120 @@ typedef struct node_s {
+ } a;
+ } node;
+
+-/* Block of temporary variables */
+-typedef struct nvblock_s {
+- int size;
+- var *pos;
+- struct nvblock_s *prev;
+- struct nvblock_s *next;
+- var nv[];
+-} nvblock;
+-
+ typedef struct tsplitter_s {
+ node n;
+ regex_t re[2];
+ } tsplitter;
+
+ /* simple token classes */
+-/* Order and hex values are very important!!! See next_token() */
+-#define TC_SEQSTART (1 << 0) /* ( */
+-#define TC_SEQTERM (1 << 1) /* ) */
+-#define TC_REGEXP (1 << 2) /* /.../ */
+-#define TC_OUTRDR (1 << 3) /* | > >> */
+-#define TC_UOPPOST (1 << 4) /* unary postfix operator */
+-#define TC_UOPPRE1 (1 << 5) /* unary prefix operator */
+-#define TC_BINOPX (1 << 6) /* two-opnd operator */
+-#define TC_IN (1 << 7)
+-#define TC_COMMA (1 << 8)
+-#define TC_PIPE (1 << 9) /* input redirection pipe */
+-#define TC_UOPPRE2 (1 << 10) /* unary prefix operator */
+-#define TC_ARRTERM (1 << 11) /* ] */
+-#define TC_GRPSTART (1 << 12) /* { */
+-#define TC_GRPTERM (1 << 13) /* } */
+-#define TC_SEMICOL (1 << 14)
+-#define TC_NEWLINE (1 << 15)
+-#define TC_STATX (1 << 16) /* ctl statement (for, next...) */
+-#define TC_WHILE (1 << 17)
+-#define TC_ELSE (1 << 18)
+-#define TC_BUILTIN (1 << 19)
++/* order and hex values are very important!!! See next_token() */
++#define TC_LPAREN (1 << 0) /* ( */
++#define TC_RPAREN (1 << 1) /* ) */
++#define TC_REGEXP (1 << 2) /* /.../ */
++#define TC_OUTRDR (1 << 3) /* | > >> */
++#define TC_UOPPOST (1 << 4) /* unary postfix operator ++ -- */
++#define TC_UOPPRE1 (1 << 5) /* unary prefix operator ++ -- $ */
++#define TC_BINOPX (1 << 6) /* two-opnd operator */
++#define TC_IN (1 << 7) /* 'in' */
++#define TC_COMMA (1 << 8) /* , */
++#define TC_PIPE (1 << 9) /* input redirection pipe | */
++#define TC_UOPPRE2 (1 << 10) /* unary prefix operator + - ! */
++#define TC_ARRTERM (1 << 11) /* ] */
++#define TC_LBRACE (1 << 12) /* { */
++#define TC_RBRACE (1 << 13) /* } */
++#define TC_SEMICOL (1 << 14) /* ; */
++#define TC_NEWLINE (1 << 15)
++#define TC_STATX (1 << 16) /* ctl statement (for, next...) */
++#define TC_WHILE (1 << 17) /* 'while' */
++#define TC_ELSE (1 << 18) /* 'else' */
++#define TC_BUILTIN (1 << 19)
+ /* This costs ~50 bytes of code.
+ * A separate class to support deprecated "length" form. If we don't need that
+ * (i.e. if we demand that only "length()" with () is valid), then TC_LENGTH
+ * can be merged with TC_BUILTIN:
+ */
+-#define TC_LENGTH (1 << 20)
+-#define TC_GETLINE (1 << 21)
+-#define TC_FUNCDECL (1 << 22) /* 'function' 'func' */
+-#define TC_BEGIN (1 << 23)
+-#define TC_END (1 << 24)
+-#define TC_EOF (1 << 25)
+-#define TC_VARIABLE (1 << 26)
+-#define TC_ARRAY (1 << 27)
+-#define TC_FUNCTION (1 << 28)
+-#define TC_STRING (1 << 29)
+-#define TC_NUMBER (1 << 30)
+-
+-#define TC_UOPPRE (TC_UOPPRE1 | TC_UOPPRE2)
+-
+-/* combined token classes */
+-#define TC_BINOP (TC_BINOPX | TC_COMMA | TC_PIPE | TC_IN)
+-//#define TC_UNARYOP (TC_UOPPRE | TC_UOPPOST)
+-#define TC_OPERAND (TC_VARIABLE | TC_ARRAY | TC_FUNCTION \
+- | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
+- | TC_SEQSTART | TC_STRING | TC_NUMBER)
+-
+-#define TC_STATEMNT (TC_STATX | TC_WHILE)
+-#define TC_OPTERM (TC_SEMICOL | TC_NEWLINE)
++#define TC_LENGTH (1 << 20) /* 'length' */
++#define TC_GETLINE (1 << 21) /* 'getline' */
++#define TC_FUNCDECL (1 << 22) /* 'function' 'func' */
++#define TC_BEGIN (1 << 23) /* 'BEGIN' */
++#define TC_END (1 << 24) /* 'END' */
++#define TC_EOF (1 << 25)
++#define TC_VARIABLE (1 << 26) /* name */
++#define TC_ARRAY (1 << 27) /* name[ */
++#define TC_FUNCTION (1 << 28) /* name( */
++#define TC_STRING (1 << 29) /* "..." */
++#define TC_NUMBER (1 << 30)
++
++#ifndef debug_parse_print_tc
++static void debug_parse_print_tc(uint32_t n)
++{
++ if (n & TC_LPAREN ) debug_printf_parse(" LPAREN" );
++ if (n & TC_RPAREN ) debug_printf_parse(" RPAREN" );
++ if (n & TC_REGEXP ) debug_printf_parse(" REGEXP" );
++ if (n & TC_OUTRDR ) debug_printf_parse(" OUTRDR" );
++ if (n & TC_UOPPOST ) debug_printf_parse(" UOPPOST" );
++ if (n & TC_UOPPRE1 ) debug_printf_parse(" UOPPRE1" );
++ if (n & TC_BINOPX ) debug_printf_parse(" BINOPX" );
++ if (n & TC_IN ) debug_printf_parse(" IN" );
++ if (n & TC_COMMA ) debug_printf_parse(" COMMA" );
++ if (n & TC_PIPE ) debug_printf_parse(" PIPE" );
++ if (n & TC_UOPPRE2 ) debug_printf_parse(" UOPPRE2" );
++ if (n & TC_ARRTERM ) debug_printf_parse(" ARRTERM" );
++ if (n & TC_LBRACE ) debug_printf_parse(" LBRACE" );
++ if (n & TC_RBRACE ) debug_printf_parse(" RBRACE" );
++ if (n & TC_SEMICOL ) debug_printf_parse(" SEMICOL" );
++ if (n & TC_NEWLINE ) debug_printf_parse(" NEWLINE" );
++ if (n & TC_STATX ) debug_printf_parse(" STATX" );
++ if (n & TC_WHILE ) debug_printf_parse(" WHILE" );
++ if (n & TC_ELSE ) debug_printf_parse(" ELSE" );
++ if (n & TC_BUILTIN ) debug_printf_parse(" BUILTIN" );
++ if (n & TC_LENGTH ) debug_printf_parse(" LENGTH" );
++ if (n & TC_GETLINE ) debug_printf_parse(" GETLINE" );
++ if (n & TC_FUNCDECL) debug_printf_parse(" FUNCDECL");
++ if (n & TC_BEGIN ) debug_printf_parse(" BEGIN" );
++ if (n & TC_END ) debug_printf_parse(" END" );
++ if (n & TC_EOF ) debug_printf_parse(" EOF" );
++ if (n & TC_VARIABLE) debug_printf_parse(" VARIABLE");
++ if (n & TC_ARRAY ) debug_printf_parse(" ARRAY" );
++ if (n & TC_FUNCTION) debug_printf_parse(" FUNCTION");
++ if (n & TC_STRING ) debug_printf_parse(" STRING" );
++ if (n & TC_NUMBER ) debug_printf_parse(" NUMBER" );
++}
++#endif
++
++/* combined token classes ("token [class] sets") */
++#define TS_UOPPRE (TC_UOPPRE1 | TC_UOPPRE2)
++
++#define TS_BINOP (TC_BINOPX | TC_COMMA | TC_PIPE | TC_IN)
++//#define TS_UNARYOP (TS_UOPPRE | TC_UOPPOST)
++#define TS_OPERAND (TC_VARIABLE | TC_ARRAY | TC_FUNCTION \
++ | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
++ | TC_LPAREN | TC_STRING | TC_NUMBER)
++
++#define TS_LVALUE (TC_VARIABLE | TC_ARRAY)
++#define TS_STATEMNT (TC_STATX | TC_WHILE)
+
+ /* word tokens, cannot mean something else if not expected */
+-#define TC_WORD (TC_IN | TC_STATEMNT | TC_ELSE \
+- | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
+- | TC_FUNCDECL | TC_BEGIN | TC_END)
++#define TS_WORD (TC_IN | TS_STATEMNT | TC_ELSE \
++ | TC_BUILTIN | TC_LENGTH | TC_GETLINE \
++ | TC_FUNCDECL | TC_BEGIN | TC_END)
+
+ /* discard newlines after these */
+-#define TC_NOTERM (TC_COMMA | TC_GRPSTART | TC_GRPTERM \
+- | TC_BINOP | TC_OPTERM)
++#define TS_NOTERM (TS_BINOP | TC_COMMA | TC_LBRACE | TC_RBRACE \
++ | TC_SEMICOL | TC_NEWLINE)
+
+ /* what can expression begin with */
+-#define TC_OPSEQ (TC_OPERAND | TC_UOPPRE | TC_REGEXP)
++#define TS_OPSEQ (TS_OPERAND | TS_UOPPRE | TC_REGEXP)
+ /* what can group begin with */
+-#define TC_GRPSEQ (TC_OPSEQ | TC_OPTERM | TC_STATEMNT | TC_GRPSTART)
++#define TS_GRPSEQ (TS_OPSEQ | TS_STATEMNT \
++ | TC_SEMICOL | TC_NEWLINE | TC_LBRACE)
+
+-/* if previous token class is CONCAT1 and next is CONCAT2, concatenation */
++/* if previous token class is CONCAT_L and next is CONCAT_R, concatenation */
+ /* operator is inserted between them */
+-#define TC_CONCAT1 (TC_VARIABLE | TC_ARRTERM | TC_SEQTERM \
++#define TS_CONCAT_L (TC_VARIABLE | TC_ARRTERM | TC_RPAREN \
+ | TC_STRING | TC_NUMBER | TC_UOPPOST \
+ | TC_LENGTH)
+-#define TC_CONCAT2 (TC_OPERAND | TC_UOPPRE)
++#define TS_CONCAT_R (TS_OPERAND | TS_UOPPRE)
+
+ #define OF_RES1 0x010000
+ #define OF_RES2 0x020000
+@@ -284,13 +315,12 @@ typedef struct tsplitter_s {
+ #define OF_CHECKED 0x200000
+ #define OF_REQUIRED 0x400000
+
+-
+ /* combined operator flags */
+ #define xx 0
+ #define xV OF_RES2
+ #define xS (OF_RES2 | OF_STR2)
+ #define Vx OF_RES1
+-#define Rx (OF_RES1 | OF_NUM1 | OF_REQUIRED)
++#define Rx OF_REQUIRED
+ #define VV (OF_RES1 | OF_RES2)
+ #define Nx (OF_RES1 | OF_NUM1)
+ #define NV (OF_RES1 | OF_NUM1 | OF_RES2)
+@@ -302,8 +332,7 @@ typedef struct tsplitter_s {
+ #define OPNMASK 0x007F
+
+ /* operator priority is a highest byte (even: r->l, odd: l->r grouping)
+- * For builtins it has different meaning: n n s3 s2 s1 v3 v2 v1,
+- * n - min. number of args, vN - resolve Nth arg to var, sN - resolve to string
++ * (for builtins it has different meaning)
+ */
+ #undef P
+ #undef PRIMASK
+@@ -313,10 +342,8 @@ typedef struct tsplitter_s {
+ #define PRIMASK2 0x7E000000
+
+ /* Operation classes */
+-
+ #define SHIFT_TIL_THIS 0x0600
+ #define RECUR_FROM_THIS 0x1000
+-
+ enum {
+ OC_DELETE = 0x0100, OC_EXEC = 0x0200, OC_NEWSOURCE = 0x0300,
+ OC_PRINT = 0x0400, OC_PRINTF = 0x0500, OC_WALKINIT = 0x0600,
+@@ -358,8 +385,8 @@ enum {
+ #define NTCC '\377'
+
+ static const char tokenlist[] ALIGN1 =
+- "\1(" NTC /* TC_SEQSTART */
+- "\1)" NTC /* TC_SEQTERM */
++ "\1(" NTC /* TC_LPAREN */
++ "\1)" NTC /* TC_RPAREN */
+ "\1/" NTC /* TC_REGEXP */
+ "\2>>" "\1>" "\1|" NTC /* TC_OUTRDR */
+ "\2++" "\2--" NTC /* TC_UOPPOST */
+@@ -376,8 +403,8 @@ static const char tokenlist[] ALIGN1 =
+ "\1|" NTC /* TC_PIPE */
+ "\1+" "\1-" "\1!" NTC /* TC_UOPPRE2 */
+ "\1]" NTC /* TC_ARRTERM */
+- "\1{" NTC /* TC_GRPSTART */
+- "\1}" NTC /* TC_GRPTERM */
++ "\1{" NTC /* TC_LBRACE */
++ "\1}" NTC /* TC_RBRACE */
+ "\1;" NTC /* TC_SEMICOL */
+ "\1\n" NTC /* TC_NEWLINE */
+ "\2if" "\2do" "\3for" "\5break" /* TC_STATX */
+@@ -391,7 +418,7 @@ static const char tokenlist[] ALIGN1 =
+ "\5close" "\6system" "\6fflush" "\5atan2"
+ "\3cos" "\3exp" "\3int" "\3log"
+ "\4rand" "\3sin" "\4sqrt" "\5srand"
+- "\6gensub" "\4gsub" "\5index" /* "\6length" was here */
++ "\6gensub" "\4gsub" "\5index" /* "\6length" was here */
+ "\5match" "\5split" "\7sprintf" "\3sub"
+ "\6substr" "\7systime" "\10strftime" "\6mktime"
+ "\7tolower" "\7toupper" NTC
+@@ -403,25 +430,32 @@ static const char tokenlist[] ALIGN1 =
+ /* compiler adds trailing "\0" */
+ ;
+
+-#define OC_B OC_BUILTIN
+-
+-static const uint32_t tokeninfo[] = {
++static const uint32_t tokeninfo[] ALIGN4 = {
+ 0,
+ 0,
+- OC_REGEXP,
++#define TI_REGEXP OC_REGEXP
++ TI_REGEXP,
+ xS|'a', xS|'w', xS|'|',
+ OC_UNARY|xV|P(9)|'p', OC_UNARY|xV|P(9)|'m',
+- OC_UNARY|xV|P(9)|'P', OC_UNARY|xV|P(9)|'M', OC_FIELD|xV|P(5),
++#define TI_PREINC (OC_UNARY|xV|P(9)|'P')
++#define TI_PREDEC (OC_UNARY|xV|P(9)|'M')
++ TI_PREINC, TI_PREDEC, OC_FIELD|xV|P(5),
+ OC_COMPARE|VV|P(39)|5, OC_MOVE|VV|P(74), OC_REPLACE|NV|P(74)|'+', OC_REPLACE|NV|P(74)|'-',
+ OC_REPLACE|NV|P(74)|'*', OC_REPLACE|NV|P(74)|'/', OC_REPLACE|NV|P(74)|'%', OC_REPLACE|NV|P(74)|'&',
+ OC_BINARY|NV|P(29)|'+', OC_BINARY|NV|P(29)|'-', OC_REPLACE|NV|P(74)|'&', OC_BINARY|NV|P(15)|'&',
+ OC_BINARY|NV|P(25)|'/', OC_BINARY|NV|P(25)|'%', OC_BINARY|NV|P(15)|'&', OC_BINARY|NV|P(25)|'*',
+ OC_COMPARE|VV|P(39)|4, OC_COMPARE|VV|P(39)|3, OC_COMPARE|VV|P(39)|0, OC_COMPARE|VV|P(39)|1,
+- OC_COMPARE|VV|P(39)|2, OC_MATCH|Sx|P(45)|'!', OC_MATCH|Sx|P(45)|'~', OC_LAND|Vx|P(55),
+- OC_LOR|Vx|P(59), OC_TERNARY|Vx|P(64)|'?', OC_COLON|xx|P(67)|':',
+- OC_IN|SV|P(49), /* TC_IN */
+- OC_COMMA|SS|P(80),
+- OC_PGETLINE|SV|P(37),
++#define TI_LESS (OC_COMPARE|VV|P(39)|2)
++ TI_LESS, OC_MATCH|Sx|P(45)|'!', OC_MATCH|Sx|P(45)|'~', OC_LAND|Vx|P(55),
++#define TI_TERNARY (OC_TERNARY|Vx|P(64)|'?')
++#define TI_COLON (OC_COLON|xx|P(67)|':')
++ OC_LOR|Vx|P(59), TI_TERNARY, TI_COLON,
++#define TI_IN (OC_IN|SV|P(49))
++ TI_IN,
++#define TI_COMMA (OC_COMMA|SS|P(80))
++ TI_COMMA,
++#define TI_PGETLINE (OC_PGETLINE|SV|P(37))
++ TI_PGETLINE,
+ OC_UNARY|xV|P(19)|'+', OC_UNARY|xV|P(19)|'-', OC_UNARY|xV|P(19)|'!',
+ 0, /* ] */
+ 0,
+@@ -434,20 +468,45 @@ static const uint32_t tokeninfo[] = {
+ OC_RETURN|Vx, OC_EXIT|Nx,
+ ST_WHILE,
+ 0, /* else */
+- OC_B|B_an|P(0x83), OC_B|B_co|P(0x41), OC_B|B_ls|P(0x83), OC_B|B_or|P(0x83),
+- OC_B|B_rs|P(0x83), OC_B|B_xo|P(0x83),
+- OC_FBLTIN|Sx|F_cl, OC_FBLTIN|Sx|F_sy, OC_FBLTIN|Sx|F_ff, OC_B|B_a2|P(0x83),
+- OC_FBLTIN|Nx|F_co, OC_FBLTIN|Nx|F_ex, OC_FBLTIN|Nx|F_in, OC_FBLTIN|Nx|F_lg,
+- OC_FBLTIN|F_rn, OC_FBLTIN|Nx|F_si, OC_FBLTIN|Nx|F_sq, OC_FBLTIN|Nx|F_sr,
+- OC_B|B_ge|P(0xd6), OC_B|B_gs|P(0xb6), OC_B|B_ix|P(0x9b), /* OC_FBLTIN|Sx|F_le, was here */
+- OC_B|B_ma|P(0x89), OC_B|B_sp|P(0x8b), OC_SPRINTF, OC_B|B_su|P(0xb6),
+- OC_B|B_ss|P(0x8f), OC_FBLTIN|F_ti, OC_B|B_ti|P(0x0b), OC_B|B_mt|P(0x0b),
+- OC_B|B_lo|P(0x49), OC_B|B_up|P(0x49),
+- OC_FBLTIN|Sx|F_le, /* TC_LENGTH */
+- OC_GETLINE|SV|P(0),
+- 0, 0,
+- 0,
+- 0 /* TC_END */
++// OC_B's are builtins with enforced minimum number of arguments (two upper bits).
++// Highest byte bit pattern: nn s3s2s1 v3v2v1
++// nn - min. number of args, sN - resolve Nth arg to string, vN - resolve to var
++// OC_F's are builtins with zero or one argument.
++// |Rx| enforces that arg is present for: system, close, cos, sin, exp, int, log, sqrt
++// Check for no args is present in builtins' code (not in this table): rand, systime
++// Have one _optional_ arg: fflush, srand, length
++#define OC_B OC_BUILTIN
++#define OC_F OC_FBLTIN
++#define A1 P(0x40) /*one arg*/
++#define A2 P(0x80) /*two args*/
++#define A3 P(0xc0) /*three args*/
++#define __v P(1)
++#define _vv P(3)
++#define __s__v P(9)
++#define __s_vv P(0x0b)
++#define __svvv P(0x0f)
++#define _ss_vv P(0x1b)
++#define _s_vv_ P(0x16)
++#define ss_vv_ P(0x36)
++ OC_B|B_an|_vv|A2, OC_B|B_co|__v|A1, OC_B|B_ls|_vv|A2, OC_B|B_or|_vv|A2, // and compl lshift or
++ OC_B|B_rs|_vv|A2, OC_B|B_xo|_vv|A2, // rshift xor
++ OC_F|F_cl|Sx|Rx, OC_F|F_sy|Sx|Rx, OC_F|F_ff|Sx, OC_B|B_a2|_vv|A2, // close system fflush atan2
++ OC_F|F_co|Nx|Rx, OC_F|F_ex|Nx|Rx, OC_F|F_in|Nx|Rx, OC_F|F_lg|Nx|Rx, // cos exp int log
++ OC_F|F_rn, OC_F|F_si|Nx|Rx, OC_F|F_sq|Nx|Rx, OC_F|F_sr|Nx, // rand sin sqrt srand
++ OC_B|B_ge|_s_vv_|A3,OC_B|B_gs|ss_vv_|A2,OC_B|B_ix|_ss_vv|A2, // gensub gsub index /*length was here*/
++ OC_B|B_ma|__s__v|A2,OC_B|B_sp|__s_vv|A2,OC_SPRINTF, OC_B|B_su|ss_vv_|A2,// match split sprintf sub
++ OC_B|B_ss|__svvv|A2,OC_F|F_ti, OC_B|B_ti|__s_vv, OC_B|B_mt|__s_vv, // substr systime strftime mktime
++ OC_B|B_lo|__s__v|A1,OC_B|B_up|__s__v|A1, // tolower toupper
++ OC_F|F_le|Sx, // length
++ OC_GETLINE|SV, // getline
++ 0, 0, // func function
++ 0, // BEGIN
++ 0 // END
++#undef A1
++#undef A2
++#undef A3
++#undef OC_B
++#undef OC_F
+ };
+
+ /* internal variable names and their initial values */
+@@ -488,21 +547,29 @@ struct globals {
+ chain *seq;
+ node *break_ptr, *continue_ptr;
+ rstream *iF;
+- xhash *vhash, *ahash, *fdhash, *fnhash;
++ xhash *ahash; /* argument names, used only while parsing function bodies */
++ xhash *fnhash; /* function names, used only in parsing stage */
++ xhash *vhash; /* variables and arrays */
++ //xhash *fdhash; /* file objects, used only in execution stage */
++ //we are reusing ahash as fdhash, via define (see later)
+ const char *g_progname;
+ int g_lineno;
+ int nfields;
+ int maxfields; /* used in fsrealloc() only */
+ var *Fields;
+- nvblock *g_cb;
+ char *g_pos;
+- char *g_buf;
++ char g_saved_ch;
+ smallint icase;
+ smallint exiting;
+ smallint nextrec;
+ smallint nextfile;
+ smallint is_f0_split;
+ smallint t_rollback;
++
++ /* former statics from various functions */
++ smallint next_token__concat_inserted;
++ uint32_t next_token__save_tclass;
++ uint32_t next_token__save_info;
+ };
+ struct globals2 {
+ uint32_t t_info; /* often used */
+@@ -515,32 +582,35 @@ struct globals2 {
+ /* former statics from various functions */
+ char *split_f0__fstrings;
+
+- uint32_t next_token__save_tclass;
+- uint32_t next_token__save_info;
+- uint32_t next_token__ltclass;
+- smallint next_token__concat_inserted;
+-
+- smallint next_input_file__files_happen;
+ rstream next_input_file__rsm;
++ smallint next_input_file__files_happen;
++
++ smalluint exitcode;
+
+- var *evaluate__fnargs;
+ unsigned evaluate__seed;
++ var *evaluate__fnargs;
+ regex_t evaluate__sreg;
+
+- var ptest__v;
++ var ptest__tmpvar;
++ var awk_printf__tmpvar;
++ var as_regex__tmpvar;
++ var exit__tmpvar;
++ var main__tmpvar;
+
+ tsplitter exec_builtin__tspl;
+
+ /* biggest and least used members go last */
+ tsplitter fsplitter, rsplitter;
++
++ char g_buf[MAXVARFMT + 1];
+ };
+ #define G1 (ptr_to_globals[-1])
+ #define G (*(struct globals2 *)ptr_to_globals)
+ /* For debug. nm --size-sort awk.o | grep -vi ' [tr] ' */
+-/*char G1size[sizeof(G1)]; - 0x74 */
+-/*char Gsize[sizeof(G)]; - 0x1c4 */
++//char G1size[sizeof(G1)]; // 0x70
++//char Gsize[sizeof(G)]; // 0x2f8
+ /* Trying to keep most of members accessible with short offsets: */
+-/*char Gofs_seed[offsetof(struct globals2, evaluate__seed)]; - 0x90 */
++//char Gofs_seed[offsetof(struct globals2, evaluate__seed)]; // 0x7c
+ #define t_double (G1.t_double )
+ #define beginseq (G1.beginseq )
+ #define mainseq (G1.mainseq )
+@@ -549,18 +619,20 @@ struct globals2 {
+ #define break_ptr (G1.break_ptr )
+ #define continue_ptr (G1.continue_ptr)
+ #define iF (G1.iF )
+-#define vhash (G1.vhash )
+ #define ahash (G1.ahash )
+-#define fdhash (G1.fdhash )
+ #define fnhash (G1.fnhash )
++#define vhash (G1.vhash )
++#define fdhash ahash
++//^^^^^^^^^^^^^^^^^^ ahash is cleared after every function parsing,
++// and ends up empty after parsing phase. Thus, we can simply reuse it
++// for fdhash in execution stage.
+ #define g_progname (G1.g_progname )
+ #define g_lineno (G1.g_lineno )
+ #define nfields (G1.nfields )
+ #define maxfields (G1.maxfields )
+ #define Fields (G1.Fields )
+-#define g_cb (G1.g_cb )
+ #define g_pos (G1.g_pos )
+-#define g_buf (G1.g_buf )
++#define g_saved_ch (G1.g_saved_ch )
+ #define icase (G1.icase )
+ #define exiting (G1.exiting )
+ #define nextrec (G1.nextrec )
+@@ -574,25 +646,13 @@ struct globals2 {
+ #define intvar (G.intvar )
+ #define fsplitter (G.fsplitter )
+ #define rsplitter (G.rsplitter )
++#define g_buf (G.g_buf )
+ #define INIT_G() do { \
+ SET_PTR_TO_GLOBALS((char*)xzalloc(sizeof(G1)+sizeof(G)) + sizeof(G1)); \
+- G.next_token__ltclass = TC_OPTERM; \
++ t_tclass = TC_NEWLINE; \
+ G.evaluate__seed = 1; \
+ } while (0)
+
+-
+-/* function prototypes */
+-static void handle_special(var *);
+-static node *parse_expr(uint32_t);
+-static void chain_group(void);
+-static var *evaluate(node *, var *);
+-static rstream *next_input_file(void);
+-static int fmt_num(char *, int, const char *, double, int);
+-static int awk_exit(int) NORETURN;
+-
+-/* ---- error handling ---- */
+-
+-static const char EMSG_INTERNAL_ERROR[] ALIGN1 = "Internal error";
+ static const char EMSG_UNEXP_EOS[] ALIGN1 = "Unexpected end of string";
+ static const char EMSG_UNEXP_TOKEN[] ALIGN1 = "Unexpected token";
+ static const char EMSG_DIV_BY_ZERO[] ALIGN1 = "Division by zero";
+@@ -604,10 +664,7 @@ static const char EMSG_UNDEF_FUNC[] ALIGN1 = "Call to undefined function";
+ static const char EMSG_NO_MATH[] ALIGN1 = "Math support is not compiled in";
+ static const char EMSG_NEGATIVE_FIELD[] ALIGN1 = "Access to negative field";
+
+-static void zero_out_var(var *vp)
+-{
+- memset(vp, 0, sizeof(*vp));
+-}
++static int awk_exit(void) NORETURN;
+
+ static void syntax_error(const char *message) NORETURN;
+ static void syntax_error(const char *message)
+@@ -638,12 +695,40 @@ static xhash *hash_init(void)
+ return newhash;
+ }
+
++static void hash_clear(xhash *hash)
++{
++ unsigned i;
++ hash_item *hi, *thi;
++
++ for (i = 0; i < hash->csize; i++) {
++ hi = hash->items[i];
++ while (hi) {
++ thi = hi;
++ hi = hi->next;
++//FIXME: this assumes that it's a hash of *variables*:
++ free(thi->data.v.string);
++ free(thi);
++ }
++ hash->items[i] = NULL;
++ }
++ hash->glen = hash->nel = 0;
++}
++
++#if 0 //UNUSED
++static void hash_free(xhash *hash)
++{
++ hash_clear(hash);
++ free(hash->items);
++ free(hash);
++}
++#endif
++
+ /* find item in hash, return ptr to data, NULL if not found */
+-static void *hash_search(xhash *hash, const char *name)
++static NOINLINE void *hash_search3(xhash *hash, const char *name, unsigned idx)
+ {
+ hash_item *hi;
+
+- hi = hash->items[hashidx(name) % hash->csize];
++ hi = hash->items[idx % hash->csize];
+ while (hi) {
+ if (strcmp(hi->name, name) == 0)
+ return &hi->data;
+@@ -652,6 +737,11 @@ static void *hash_search(xhash *hash, const char *name)
+ return NULL;
+ }
+
++static void *hash_search(xhash *hash, const char *name)
++{
++ return hash_search3(hash, name, hashidx(name));
++}
++
+ /* grow hash if it becomes too big */
+ static void hash_rebuild(xhash *hash)
+ {
+@@ -687,16 +777,17 @@ static void *hash_find(xhash *hash, const char *name)
+ unsigned idx;
+ int l;
+
+- hi = hash_search(hash, name);
++ idx = hashidx(name);
++ hi = hash_search3(hash, name, idx);
+ if (!hi) {
+- if (++hash->nel / hash->csize > 10)
++ if (++hash->nel > hash->csize * 8)
+ hash_rebuild(hash);
+
+ l = strlen(name) + 1;
+ hi = xzalloc(sizeof(*hi) + l);
+ strcpy(hi->name, name);
+
+- idx = hashidx(name) % hash->csize;
++ idx = idx % hash->csize;
+ hi->next = hash->items[idx];
+ hash->items[idx] = hi;
+ hash->glen += l;
+@@ -731,7 +822,7 @@ static void hash_remove(xhash *hash, const char *name)
+
+ static char *skip_spaces(char *p)
+ {
+- while (1) {
++ for (;;) {
+ if (*p == '\\' && p[1] == '\n') {
+ p++;
+ t_lineno++;
+@@ -747,8 +838,10 @@ static char *skip_spaces(char *p)
+ static char *nextword(char **s)
+ {
+ char *p = *s;
+- while (*(*s)++ != '\0')
++ char *q = p;
++ while (*q++ != '\0')
+ continue;
++ *s = q;
+ return p;
+ }
+
+@@ -811,10 +904,27 @@ static double my_strtod(char **pp)
+
+ /* -------- working with variables (set/get/copy/etc) -------- */
+
+-static xhash *iamarray(var *v)
++static void fmt_num(const char *format, double n)
+ {
+- var *a = v;
++ if (n == (long long)n) {
++ snprintf(g_buf, MAXVARFMT, "%lld", (long long)n);
++ } else {
++ const char *s = format;
++ char c;
++
++ do { c = *s; } while (c && *++s);
++ if (strchr("diouxX", c)) {
++ snprintf(g_buf, MAXVARFMT, format, (int)n);
++ } else if (strchr("eEfFgGaA", c)) {
++ snprintf(g_buf, MAXVARFMT, format, n);
++ } else {
++ syntax_error(EMSG_INV_FMT);
++ }
++ }
++}
+
++static xhash *iamarray(var *a)
++{
+ while (a->type & VF_CHILD)
+ a = a->x.parent;
+
+@@ -825,23 +935,7 @@ static xhash *iamarray(var *v)
+ return a->x.array;
+ }
+
+-static void clear_array(xhash *array)
+-{
+- unsigned i;
+- hash_item *hi, *thi;
+-
+- for (i = 0; i < array->csize; i++) {
+- hi = array->items[i];
+- while (hi) {
+- thi = hi;
+- hi = hi->next;
+- free(thi->data.v.string);
+- free(thi);
+- }
+- array->items[i] = NULL;
+- }
+- array->glen = array->nel = 0;
+-}
++#define clear_array(array) hash_clear(array)
+
+ /* clear a variable */
+ static var *clrvar(var *v)
+@@ -855,6 +949,8 @@ static var *clrvar(var *v)
+ return v;
+ }
+
++static void handle_special(var *);
++
+ /* assign string value to variable */
+ static var *setvar_p(var *v, char *value)
+ {
+@@ -901,7 +997,7 @@ static const char *getvar_s(var *v)
+ {
+ /* if v is numeric and has no cached string, convert it to string */
+ if ((v->type & (VF_NUMBER | VF_CACHED)) == VF_NUMBER) {
+- fmt_num(g_buf, MAXVARFMT, getvar_s(intvar[CONVFMT]), v->number, TRUE);
++ fmt_num(getvar_s(intvar[CONVFMT]), v->number);
+ v->string = xstrdup(g_buf);
+ v->type |= VF_CACHED;
+ }
+@@ -920,6 +1016,7 @@ static double getvar_i(var *v)
+ v->number = my_strtod(&s);
+ debug_printf_eval("%f (s:'%s')\n", v->number, s);
+ if (v->type & VF_USER) {
++//TODO: skip_spaces() also skips backslash+newline, is it intended here?
+ s = skip_spaces(s);
+ if (*s != '\0')
+ v->type &= ~VF_USER;
+@@ -981,94 +1078,28 @@ static int istrue(var *v)
+ return (v->string && v->string[0]);
+ }
+
+-/* temporary variables allocator. Last allocated should be first freed */
+-static var *nvalloc(int n)
+-{
+- nvblock *pb = NULL;
+- var *v, *r;
+- int size;
+-
+- while (g_cb) {
+- pb = g_cb;
+- if ((g_cb->pos - g_cb->nv) + n <= g_cb->size)
+- break;
+- g_cb = g_cb->next;
+- }
+-
+- if (!g_cb) {
+- size = (n <= MINNVBLOCK) ? MINNVBLOCK : n;
+- g_cb = xzalloc(sizeof(nvblock) + size * sizeof(var));
+- g_cb->size = size;
+- g_cb->pos = g_cb->nv;
+- g_cb->prev = pb;
+- /*g_cb->next = NULL; - xzalloc did it */
+- if (pb)
+- pb->next = g_cb;
+- }
+-
+- v = r = g_cb->pos;
+- g_cb->pos += n;
+-
+- while (v < g_cb->pos) {
+- v->type = 0;
+- v->string = NULL;
+- v++;
+- }
+-
+- return r;
+-}
+-
+-static void nvfree(var *v)
+-{
+- var *p;
+-
+- if (v < g_cb->nv || v >= g_cb->pos)
+- syntax_error(EMSG_INTERNAL_ERROR);
+-
+- for (p = v; p < g_cb->pos; p++) {
+- if ((p->type & (VF_ARRAY | VF_CHILD)) == VF_ARRAY) {
+- clear_array(iamarray(p));
+- free(p->x.array->items);
+- free(p->x.array);
+- }
+- if (p->type & VF_WALK) {
+- walker_list *n;
+- walker_list *w = p->x.walker;
+- debug_printf_walker("nvfree: freeing walker @%p\n", &p->x.walker);
+- p->x.walker = NULL;
+- while (w) {
+- n = w->prev;
+- debug_printf_walker(" free(%p)\n", w);
+- free(w);
+- w = n;
+- }
+- }
+- clrvar(p);
+- }
+-
+- g_cb->pos = v;
+- while (g_cb->prev && g_cb->pos == g_cb->nv) {
+- g_cb = g_cb->prev;
+- }
+-}
+-
+ /* ------- awk program text parsing ------- */
+
+-/* Parse next token pointed by global pos, place results into global ttt.
+- * If token isn't expected, give away. Return token class
++/* Parse next token pointed by global pos, place results into global t_XYZ variables.
++ * If token isn't expected, print error message and die.
++ * Return token class (also store it in t_tclass).
+ */
+ static uint32_t next_token(uint32_t expected)
+ {
+-#define concat_inserted (G.next_token__concat_inserted)
+-#define save_tclass (G.next_token__save_tclass)
+-#define save_info (G.next_token__save_info)
+-/* Initialized to TC_OPTERM: */
+-#define ltclass (G.next_token__ltclass)
++#define concat_inserted (G1.next_token__concat_inserted)
++#define save_tclass (G1.next_token__save_tclass)
++#define save_info (G1.next_token__save_info)
+
+- char *p, *s;
++ char *p;
+ const char *tl;
+- uint32_t tc;
+ const uint32_t *ti;
++ uint32_t tc, last_token_class;
++
++ last_token_class = t_tclass; /* t_tclass is initialized to TC_NEWLINE */
++
++ debug_printf_parse("%s() expected(%x):", __func__, expected);
++ debug_parse_print_tc(expected);
++ debug_printf_parse("\n");
+
+ if (t_rollback) {
+ debug_printf_parse("%s: using rolled-back token\n", __func__);
+@@ -1080,6 +1111,10 @@ static uint32_t next_token(uint32_t expected)
+ t_info = save_info;
+ } else {
+ p = g_pos;
++ if (g_saved_ch != '\0') {
++ *p = g_saved_ch;
++ g_saved_ch = '\0';
++ }
+ readnext:
+ p = skip_spaces(p);
+ g_lineno = t_lineno;
+@@ -1087,15 +1122,12 @@ static uint32_t next_token(uint32_t expected)
+ while (*p != '\n' && *p != '\0')
+ p++;
+
+- if (*p == '\n')
+- t_lineno++;
+-
+ if (*p == '\0') {
+ tc = TC_EOF;
+ debug_printf_parse("%s: token found: TC_EOF\n", __func__);
+ } else if (*p == '\"') {
+ /* it's a string */
+- t_string = s = ++p;
++ char *s = t_string = ++p;
+ while (*p != '\"') {
+ char *pp;
+ if (*p == '\0' || *p == '\n')
+@@ -1110,7 +1142,7 @@ static uint32_t next_token(uint32_t expected)
+ debug_printf_parse("%s: token found:'%s' TC_STRING\n", __func__, t_string);
+ } else if ((expected & TC_REGEXP) && *p == '/') {
+ /* it's regexp */
+- t_string = s = ++p;
++ char *s = t_string = ++p;
+ while (*p != '/') {
+ if (*p == '\0' || *p == '\n')
+ syntax_error(EMSG_UNEXP_EOS);
+@@ -1141,6 +1173,11 @@ static uint32_t next_token(uint32_t expected)
+ tc = TC_NUMBER;
+ debug_printf_parse("%s: token found:%f TC_NUMBER\n", __func__, t_double);
+ } else {
++ char *end_of_name;
++
++ if (*p == '\n')
++ t_lineno++;
++
+ /* search for something known */
+ tl = tokenlist;
+ tc = 0x00000001;
+@@ -1155,9 +1192,9 @@ static uint32_t next_token(uint32_t expected)
+ * token matches,
+ * and it's not a longer word,
+ */
+- if ((tc & (expected | TC_WORD | TC_NEWLINE))
++ if ((tc & (expected | TS_WORD | TC_NEWLINE))
+ && strncmp(p, tl, l) == 0
+- && !((tc & TC_WORD) && isalnum_(p[l]))
++ && !((tc & TS_WORD) && isalnum_(p[l]))
+ ) {
+ /* then this is what we are looking for */
+ t_info = *ti;
+@@ -1174,67 +1211,94 @@ static uint32_t next_token(uint32_t expected)
+ if (!isalnum_(*p))
+ syntax_error(EMSG_UNEXP_TOKEN); /* no */
+ /* yes */
+- t_string = --p;
+- while (isalnum_(*++p)) {
+- p[-1] = *p;
+- }
+- p[-1] = '\0';
+- tc = TC_VARIABLE;
+- /* also consume whitespace between functionname and bracket */
+- if (!(expected & TC_VARIABLE) || (expected & TC_ARRAY))
++ t_string = p;
++ while (isalnum_(*p))
++ p++;
++ end_of_name = p;
++
++ if (last_token_class == TC_FUNCDECL)
++ /* eat space in "function FUNC (...) {...}" declaration */
+ p = skip_spaces(p);
++ else if (expected & TC_ARRAY) {
++ /* eat space between array name and [ */
++ char *s = skip_spaces(p);
++ if (*s == '[') /* array ref, not just a name? */
++ p = s;
++ }
++ /* else: do NOT consume whitespace after variable name!
++ * gawk allows definition "function FUNC (p) {...}" - note space,
++ * but disallows the call "FUNC (p)" because it isn't one -
++ * expression "v (a)" should NOT be parsed as TC_FUNCTION:
++ * it is a valid concatenation if "v" is a variable,
++ * not a function name (and type of name is not known at parse time).
++ */
++
+ if (*p == '(') {
++ p++;
+ tc = TC_FUNCTION;
+ debug_printf_parse("%s: token found:'%s' TC_FUNCTION\n", __func__, t_string);
++ } else if (*p == '[') {
++ p++;
++ tc = TC_ARRAY;
++ debug_printf_parse("%s: token found:'%s' TC_ARRAY\n", __func__, t_string);
+ } else {
+- if (*p == '[') {
+- p++;
+- tc = TC_ARRAY;
+- debug_printf_parse("%s: token found:'%s' TC_ARRAY\n", __func__, t_string);
+- } else
+- debug_printf_parse("%s: token found:'%s' TC_VARIABLE\n", __func__, t_string);
++ tc = TC_VARIABLE;
++ debug_printf_parse("%s: token found:'%s' TC_VARIABLE\n", __func__, t_string);
++ if (end_of_name == p) {
++ /* there is no space for trailing NUL in t_string!
++ * We need to save the char we are going to NUL.
++ * (we'll use it in future call to next_token())
++ */
++ g_saved_ch = *end_of_name;
++// especially pathological example is V="abc"; V.2 - it's V concatenated to .2
++// (it evaluates to "abc0.2"). Because of this case, we can't simply cache
++// '.' and analyze it later: we also have to *store it back* in next
++// next_token(), in order to give my_strtod() the undamaged ".2" string.
++ }
+ }
++ *end_of_name = '\0'; /* terminate t_string */
+ }
+ token_found:
+ g_pos = p;
+
+ /* skipping newlines in some cases */
+- if ((ltclass & TC_NOTERM) && (tc & TC_NEWLINE))
++ if ((last_token_class & TS_NOTERM) && (tc & TC_NEWLINE))
+ goto readnext;
+
+ /* insert concatenation operator when needed */
+- debug_printf_parse("%s: %x %x %x concat_inserted?\n", __func__,
+- (ltclass & TC_CONCAT1), (tc & TC_CONCAT2), (expected & TC_BINOP));
+- if ((ltclass & TC_CONCAT1) && (tc & TC_CONCAT2) && (expected & TC_BINOP)
+- && !(ltclass == TC_LENGTH && tc == TC_SEQSTART) /* but not for "length(..." */
++ debug_printf_parse("%s: concat_inserted if all nonzero: %x %x %x %x\n", __func__,
++ (last_token_class & TS_CONCAT_L), (tc & TS_CONCAT_R), (expected & TS_BINOP),
++ !(last_token_class == TC_LENGTH && tc == TC_LPAREN));
++ if ((last_token_class & TS_CONCAT_L) && (tc & TS_CONCAT_R) && (expected & TS_BINOP)
++ && !(last_token_class == TC_LENGTH && tc == TC_LPAREN) /* but not for "length(..." */
+ ) {
+ concat_inserted = TRUE;
+ save_tclass = tc;
+ save_info = t_info;
+- tc = TC_BINOP;
++ tc = TC_BINOPX;
+ t_info = OC_CONCAT | SS | P(35);
+ }
+
+- debug_printf_parse("%s: t_tclass=tc=%x\n", __func__, t_tclass);
+ t_tclass = tc;
++ debug_printf_parse("%s: t_tclass=tc=%x\n", __func__, tc);
+ }
+- ltclass = t_tclass;
+-
+ /* Are we ready for this? */
+- if (!(ltclass & expected)) {
+- syntax_error((ltclass & (TC_NEWLINE | TC_EOF)) ?
++ if (!(t_tclass & expected)) {
++ syntax_error((last_token_class & (TC_NEWLINE | TC_EOF)) ?
+ EMSG_UNEXP_EOS : EMSG_UNEXP_TOKEN);
+ }
+
+- debug_printf_parse("%s: returning, ltclass:%x t_double:%f\n", __func__, ltclass, t_double);
+- return ltclass;
++ debug_printf_parse("%s: returning, t_double:%f t_tclass:", __func__, t_double);
++ debug_parse_print_tc(t_tclass);
++ debug_printf_parse("\n");
++
++ return t_tclass;
+ #undef concat_inserted
+ #undef save_tclass
+ #undef save_info
+-#undef ltclass
+ }
+
+-static void rollback_token(void)
++static ALWAYS_INLINE void rollback_token(void)
+ {
+ t_rollback = TRUE;
+ }
+@@ -1251,169 +1315,188 @@ static node *new_node(uint32_t info)
+
+ static void mk_re_node(const char *s, node *n, regex_t *re)
+ {
+- n->info = OC_REGEXP;
++ n->info = TI_REGEXP;
+ n->l.re = re;
+ n->r.ire = re + 1;
+ xregcomp(re, s, REG_EXTENDED);
+ xregcomp(re + 1, s, REG_EXTENDED | REG_ICASE);
+ }
+
+-static node *condition(void)
++static node *parse_expr(uint32_t);
++
++static node *parse_lrparen_list(void)
+ {
+- next_token(TC_SEQSTART);
+- return parse_expr(TC_SEQTERM);
++ next_token(TC_LPAREN);
++ return parse_expr(TC_RPAREN);
+ }
+
+ /* parse expression terminated by given argument, return ptr
+ * to built subtree. Terminator is eaten by parse_expr */
+-static node *parse_expr(uint32_t iexp)
++static node *parse_expr(uint32_t term_tc)
+ {
+ node sn;
+ node *cn = &sn;
+ node *vn, *glptr;
+- uint32_t tc, xtc;
++ uint32_t tc, expected_tc;
+ var *v;
+
+- debug_printf_parse("%s(%x)\n", __func__, iexp);
++ debug_printf_parse("%s() term_tc(%x):", __func__, term_tc);
++ debug_parse_print_tc(term_tc);
++ debug_printf_parse("\n");
+
+ sn.info = PRIMASK;
+ sn.r.n = sn.a.n = glptr = NULL;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP | iexp;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP | term_tc;
+
+- while (!((tc = next_token(xtc)) & iexp)) {
++ while (!((tc = next_token(expected_tc)) & term_tc)) {
+
+- if (glptr && (t_info == (OC_COMPARE | VV | P(39) | 2))) {
++ if (glptr && (t_info == TI_LESS)) {
+ /* input redirection (<) attached to glptr node */
+ debug_printf_parse("%s: input redir\n", __func__);
+ cn = glptr->l.n = new_node(OC_CONCAT | SS | P(37));
+ cn->a.n = glptr;
+- xtc = TC_OPERAND | TC_UOPPRE;
++ expected_tc = TS_OPERAND | TS_UOPPRE;
+ glptr = NULL;
+-
+- } else if (tc & (TC_BINOP | TC_UOPPOST)) {
+- debug_printf_parse("%s: TC_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
++ continue;
++ }
++ if (tc & (TS_BINOP | TC_UOPPOST)) {
++ debug_printf_parse("%s: TS_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
+ /* for binary and postfix-unary operators, jump back over
+ * previous operators with higher priority */
+ vn = cn;
+ while (((t_info & PRIMASK) > (vn->a.n->info & PRIMASK2))
+- || ((t_info == vn->info) && ((t_info & OPCLSMASK) == OC_COLON))
++ || ((t_info == vn->info) && t_info == TI_COLON)
+ ) {
+ vn = vn->a.n;
+ if (!vn->a.n) syntax_error(EMSG_UNEXP_TOKEN);
+ }
+- if ((t_info & OPCLSMASK) == OC_TERNARY)
++ if (t_info == TI_TERNARY)
++//TODO: why?
+ t_info += P(6);
+ cn = vn->a.n->r.n = new_node(t_info);
+ cn->a.n = vn->a.n;
+- if (tc & TC_BINOP) {
++ if (tc & TS_BINOP) {
+ cn->l.n = vn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP;
+- if ((t_info & OPCLSMASK) == OC_PGETLINE) {
++//FIXME: this is the place to detect and reject assignments to non-lvalues.
++//Currently we allow "assignments" to consts and temporaries, nonsense like this:
++// awk 'BEGIN { "qwe" = 1 }'
++// awk 'BEGIN { 7 *= 7 }'
++// awk 'BEGIN { length("qwe") = 1 }'
++// awk 'BEGIN { (1+1) += 3 }'
++ expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
++ if (t_info == TI_PGETLINE) {
+ /* it's a pipe */
+ next_token(TC_GETLINE);
+ /* give maximum priority to this pipe */
+ cn->info &= ~PRIMASK;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_BINOP | iexp;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TS_BINOP | term_tc;
+ }
+ } else {
+ cn->r.n = vn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_BINOP | iexp;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TS_BINOP | term_tc;
+ }
+ vn->a.n = cn;
++ continue;
++ }
+
+- } else {
+- debug_printf_parse("%s: other\n", __func__);
+- /* for operands and prefix-unary operators, attach them
+- * to last node */
+- vn = cn;
+- cn = vn->r.n = new_node(t_info);
+- cn->a.n = vn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_REGEXP;
+- if (tc & (TC_OPERAND | TC_REGEXP)) {
+- debug_printf_parse("%s: TC_OPERAND | TC_REGEXP\n", __func__);
+- xtc = TC_UOPPRE | TC_UOPPOST | TC_BINOP | TC_OPERAND | iexp;
+- /* one should be very careful with switch on tclass -
+- * only simple tclasses should be used! */
+- switch (tc) {
+- case TC_VARIABLE:
+- case TC_ARRAY:
+- debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
+- cn->info = OC_VAR;
+- v = hash_search(ahash, t_string);
+- if (v != NULL) {
+- cn->info = OC_FNARG;
+- cn->l.aidx = v->x.aidx;
+- } else {
+- cn->l.v = newvar(t_string);
+- }
+- if (tc & TC_ARRAY) {
+- cn->info |= xS;
+- cn->r.n = parse_expr(TC_ARRTERM);
+- }
+- break;
++ debug_printf_parse("%s: other, t_info:%x\n", __func__, t_info);
++ /* for operands and prefix-unary operators, attach them
++ * to last node */
++ vn = cn;
++ cn = vn->r.n = new_node(t_info);
++ cn->a.n = vn;
+
+- case TC_NUMBER:
+- case TC_STRING:
+- debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
+- cn->info = OC_VAR;
+- v = cn->l.v = xzalloc(sizeof(var));
+- if (tc & TC_NUMBER)
+- setvar_i(v, t_double);
+- else {
+- setvar_s(v, t_string);
+- xtc &= ~TC_UOPPOST; /* "str"++ is not allowed */
+- }
+- break;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TC_REGEXP;
++ if (t_info == TI_PREINC || t_info == TI_PREDEC)
++ expected_tc = TS_LVALUE | TC_UOPPRE1;
+
+- case TC_REGEXP:
+- debug_printf_parse("%s: TC_REGEXP\n", __func__);
+- mk_re_node(t_string, cn, xzalloc(sizeof(regex_t)*2));
+- break;
++ if (!(tc & (TS_OPERAND | TC_REGEXP)))
++ continue;
+
+- case TC_FUNCTION:
+- debug_printf_parse("%s: TC_FUNCTION\n", __func__);
+- cn->info = OC_FUNC;
+- cn->r.f = newfunc(t_string);
+- cn->l.n = condition();
+- break;
++ debug_printf_parse("%s: TS_OPERAND | TC_REGEXP\n", __func__);
++ expected_tc = TS_UOPPRE | TC_UOPPOST | TS_BINOP | TS_OPERAND | term_tc;
++ /* one should be very careful with switch on tclass -
++ * only simple tclasses should be used (TC_xyz, not TS_xyz) */
++ switch (tc) {
++ case TC_VARIABLE:
++ case TC_ARRAY:
++ debug_printf_parse("%s: TC_VARIABLE | TC_ARRAY\n", __func__);
++ cn->info = OC_VAR;
++ v = hash_search(ahash, t_string);
++ if (v != NULL) {
++ cn->info = OC_FNARG;
++ cn->l.aidx = v->x.aidx;
++ } else {
++ cn->l.v = newvar(t_string);
++ }
++ if (tc & TC_ARRAY) {
++ cn->info |= xS;
++ cn->r.n = parse_expr(TC_ARRTERM);
++ }
++ break;
+
+- case TC_SEQSTART:
+- debug_printf_parse("%s: TC_SEQSTART\n", __func__);
+- cn = vn->r.n = parse_expr(TC_SEQTERM);
+- if (!cn)
+- syntax_error("Empty sequence");
+- cn->a.n = vn;
+- break;
++ case TC_NUMBER:
++ case TC_STRING:
++ debug_printf_parse("%s: TC_NUMBER | TC_STRING\n", __func__);
++ cn->info = OC_VAR;
++ v = cn->l.v = xzalloc(sizeof(var));
++ if (tc & TC_NUMBER)
++ setvar_i(v, t_double);
++ else {
++ setvar_s(v, t_string);
++ expected_tc &= ~TC_UOPPOST; /* "str"++ is not allowed */
++ }
++ break;
+
+- case TC_GETLINE:
+- debug_printf_parse("%s: TC_GETLINE\n", __func__);
+- glptr = cn;
+- xtc = TC_OPERAND | TC_UOPPRE | TC_BINOP | iexp;
+- break;
++ case TC_REGEXP:
++ debug_printf_parse("%s: TC_REGEXP\n", __func__);
++ mk_re_node(t_string, cn, xzalloc(sizeof(regex_t)*2));
++ break;
+
+- case TC_BUILTIN:
+- debug_printf_parse("%s: TC_BUILTIN\n", __func__);
+- cn->l.n = condition();
+- break;
++ case TC_FUNCTION:
++ debug_printf_parse("%s: TC_FUNCTION\n", __func__);
++ cn->info = OC_FUNC;
++ cn->r.f = newfunc(t_string);
++ cn->l.n = parse_expr(TC_RPAREN);
++ break;
+
+- case TC_LENGTH:
+- debug_printf_parse("%s: TC_LENGTH\n", __func__);
+- next_token(TC_SEQSTART /* length(...) */
+- | TC_OPTERM /* length; (or newline)*/
+- | TC_GRPTERM /* length } */
+- | TC_BINOPX /* length <op> NUM */
+- | TC_COMMA /* print length, 1 */
+- );
+- rollback_token();
+- if (t_tclass & TC_SEQSTART) {
+- /* It was a "(" token. Handle just like TC_BUILTIN */
+- cn->l.n = condition();
+- }
+- break;
+- }
++ case TC_LPAREN:
++ debug_printf_parse("%s: TC_LPAREN\n", __func__);
++ cn = vn->r.n = parse_expr(TC_RPAREN);
++ if (!cn)
++ syntax_error("Empty sequence");
++ cn->a.n = vn;
++ break;
++
++ case TC_GETLINE:
++ debug_printf_parse("%s: TC_GETLINE\n", __func__);
++ glptr = cn;
++ expected_tc = TS_OPERAND | TS_UOPPRE | TS_BINOP | term_tc;
++ break;
++
++ case TC_BUILTIN:
++ debug_printf_parse("%s: TC_BUILTIN\n", __func__);
++ cn->l.n = parse_lrparen_list();
++ break;
++
++ case TC_LENGTH:
++ debug_printf_parse("%s: TC_LENGTH\n", __func__);
++ tc = next_token(TC_LPAREN /* length(...) */
++ | TC_SEMICOL /* length; */
++ | TC_NEWLINE /* length<newline> */
++ | TC_RBRACE /* length } */
++ | TC_BINOPX /* length <op> NUM */
++ | TC_COMMA /* print length, 1 */
++ );
++ if (tc != TC_LPAREN)
++ rollback_token();
++ else {
++ /* It was a "(" token. Handle just like TC_BUILTIN */
++ cn->l.n = parse_expr(TC_RPAREN);
+ }
++ break;
+ }
+- }
++ } /* while() */
+
+ debug_printf_parse("%s() returns %p\n", __func__, sn.r.n);
+ return sn.r.n;
+@@ -1430,7 +1513,7 @@ static node *chain_node(uint32_t info)
+ if (seq->programname != g_progname) {
+ seq->programname = g_progname;
+ n = chain_node(OC_NEWSOURCE);
+- n->l.new_progname = xstrdup(g_progname);
++ n->l.new_progname = g_progname;
+ }
+
+ n = seq->last;
+@@ -1446,14 +1529,16 @@ static void chain_expr(uint32_t info)
+
+ n = chain_node(info);
+
+- n->l.n = parse_expr(TC_OPTERM | TC_GRPTERM);
++ n->l.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_RBRACE);
+ if ((info & OF_REQUIRED) && !n->l.n)
+ syntax_error(EMSG_TOO_FEW_ARGS);
+
+- if (t_tclass & TC_GRPTERM)
++ if (t_tclass & TC_RBRACE)
+ rollback_token();
+ }
+
++static void chain_group(void);
++
+ static node *chain_loop(node *nn)
+ {
+ node *n, *n2, *save_brk, *save_cont;
+@@ -1477,207 +1562,284 @@ static node *chain_loop(node *nn)
+ return n;
+ }
+
++static void chain_until_rbrace(void)
++{
++ uint32_t tc;
++ while ((tc = next_token(TS_GRPSEQ | TC_RBRACE)) != TC_RBRACE) {
++ debug_printf_parse("%s: !TC_RBRACE\n", __func__);
++ if (tc == TC_NEWLINE)
++ continue;
++ rollback_token();
++ chain_group();
++ }
++ debug_printf_parse("%s: TC_RBRACE\n", __func__);
++}
++
+ /* parse group and attach it to chain */
+ static void chain_group(void)
+ {
+- uint32_t c;
++ uint32_t tc;
+ node *n, *n2, *n3;
+
+ do {
+- c = next_token(TC_GRPSEQ);
+- } while (c & TC_NEWLINE);
+-
+- if (c & TC_GRPSTART) {
+- debug_printf_parse("%s: TC_GRPSTART\n", __func__);
+- while (next_token(TC_GRPSEQ | TC_GRPTERM) != TC_GRPTERM) {
+- debug_printf_parse("%s: !TC_GRPTERM\n", __func__);
+- if (t_tclass & TC_NEWLINE)
+- continue;
+- rollback_token();
+- chain_group();
+- }
+- debug_printf_parse("%s: TC_GRPTERM\n", __func__);
+- } else if (c & (TC_OPSEQ | TC_OPTERM)) {
+- debug_printf_parse("%s: TC_OPSEQ | TC_OPTERM\n", __func__);
++ tc = next_token(TS_GRPSEQ);
++ } while (tc == TC_NEWLINE);
++
++ if (tc == TC_LBRACE) {
++ debug_printf_parse("%s: TC_LBRACE\n", __func__);
++ chain_until_rbrace();
++ return;
++ }
++ if (tc & (TS_OPSEQ | TC_SEMICOL)) {
++ debug_printf_parse("%s: TS_OPSEQ | TC_SEMICOL\n", __func__);
+ rollback_token();
+ chain_expr(OC_EXEC | Vx);
+- } else {
+- /* TC_STATEMNT */
+- debug_printf_parse("%s: TC_STATEMNT(?)\n", __func__);
+- switch (t_info & OPCLSMASK) {
+- case ST_IF:
+- debug_printf_parse("%s: ST_IF\n", __func__);
+- n = chain_node(OC_BR | Vx);
+- n->l.n = condition();
++ return;
++ }
++
++ /* TS_STATEMNT */
++ debug_printf_parse("%s: TS_STATEMNT(?)\n", __func__);
++ switch (t_info & OPCLSMASK) {
++ case ST_IF:
++ debug_printf_parse("%s: ST_IF\n", __func__);
++ n = chain_node(OC_BR | Vx);
++ n->l.n = parse_lrparen_list();
++ chain_group();
++ n2 = chain_node(OC_EXEC);
++ n->r.n = seq->last;
++ if (next_token(TS_GRPSEQ | TC_RBRACE | TC_ELSE) == TC_ELSE) {
+ chain_group();
+- n2 = chain_node(OC_EXEC);
+- n->r.n = seq->last;
+- if (next_token(TC_GRPSEQ | TC_GRPTERM | TC_ELSE) == TC_ELSE) {
+- chain_group();
+- n2->a.n = seq->last;
+- } else {
+- rollback_token();
+- }
+- break;
++ n2->a.n = seq->last;
++ } else {
++ rollback_token();
++ }
++ break;
+
+- case ST_WHILE:
+- debug_printf_parse("%s: ST_WHILE\n", __func__);
+- n2 = condition();
+- n = chain_loop(NULL);
+- n->l.n = n2;
+- break;
++ case ST_WHILE:
++ debug_printf_parse("%s: ST_WHILE\n", __func__);
++ n2 = parse_lrparen_list();
++ n = chain_loop(NULL);
++ n->l.n = n2;
++ break;
+
+- case ST_DO:
+- debug_printf_parse("%s: ST_DO\n", __func__);
+- n2 = chain_node(OC_EXEC);
+- n = chain_loop(NULL);
+- n2->a.n = n->a.n;
+- next_token(TC_WHILE);
+- n->l.n = condition();
+- break;
++ case ST_DO:
++ debug_printf_parse("%s: ST_DO\n", __func__);
++ n2 = chain_node(OC_EXEC);
++ n = chain_loop(NULL);
++ n2->a.n = n->a.n;
++ next_token(TC_WHILE);
++ n->l.n = parse_lrparen_list();
++ break;
+
+- case ST_FOR:
+- debug_printf_parse("%s: ST_FOR\n", __func__);
+- next_token(TC_SEQSTART);
+- n2 = parse_expr(TC_SEMICOL | TC_SEQTERM);
+- if (t_tclass & TC_SEQTERM) { /* for-in */
+- if (!n2 || (n2->info & OPCLSMASK) != OC_IN)
+- syntax_error(EMSG_UNEXP_TOKEN);
+- n = chain_node(OC_WALKINIT | VV);
+- n->l.n = n2->l.n;
+- n->r.n = n2->r.n;
+- n = chain_loop(NULL);
+- n->info = OC_WALKNEXT | Vx;
+- n->l.n = n2->l.n;
+- } else { /* for (;;) */
+- n = chain_node(OC_EXEC | Vx);
+- n->l.n = n2;
+- n2 = parse_expr(TC_SEMICOL);
+- n3 = parse_expr(TC_SEQTERM);
+- n = chain_loop(n3);
+- n->l.n = n2;
+- if (!n2)
+- n->info = OC_EXEC;
+- }
+- break;
++ case ST_FOR:
++ debug_printf_parse("%s: ST_FOR\n", __func__);
++ next_token(TC_LPAREN);
++ n2 = parse_expr(TC_SEMICOL | TC_RPAREN);
++ if (t_tclass & TC_RPAREN) { /* for (I in ARRAY) */
++ if (!n2 || n2->info != TI_IN)
++ syntax_error(EMSG_UNEXP_TOKEN);
++ n = chain_node(OC_WALKINIT | VV);
++ n->l.n = n2->l.n;
++ n->r.n = n2->r.n;
++ n = chain_loop(NULL);
++ n->info = OC_WALKNEXT | Vx;
++ n->l.n = n2->l.n;
++ } else { /* for (;;) */
++ n = chain_node(OC_EXEC | Vx);
++ n->l.n = n2;
++ n2 = parse_expr(TC_SEMICOL);
++ n3 = parse_expr(TC_RPAREN);
++ n = chain_loop(n3);
++ n->l.n = n2;
++ if (!n2)
++ n->info = OC_EXEC;
++ }
++ break;
+
+- case OC_PRINT:
+- case OC_PRINTF:
+- debug_printf_parse("%s: OC_PRINT[F]\n", __func__);
+- n = chain_node(t_info);
+- n->l.n = parse_expr(TC_OPTERM | TC_OUTRDR | TC_GRPTERM);
+- if (t_tclass & TC_OUTRDR) {
+- n->info |= t_info;
+- n->r.n = parse_expr(TC_OPTERM | TC_GRPTERM);
+- }
+- if (t_tclass & TC_GRPTERM)
+- rollback_token();
+- break;
++ case OC_PRINT:
++ case OC_PRINTF:
++ debug_printf_parse("%s: OC_PRINT[F]\n", __func__);
++ n = chain_node(t_info);
++ n->l.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_OUTRDR | TC_RBRACE);
++ if (t_tclass & TC_OUTRDR) {
++ n->info |= t_info;
++ n->r.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_RBRACE);
++ }
++ if (t_tclass & TC_RBRACE)
++ rollback_token();
++ break;
+
+- case OC_BREAK:
+- debug_printf_parse("%s: OC_BREAK\n", __func__);
+- n = chain_node(OC_EXEC);
+- n->a.n = break_ptr;
+- chain_expr(t_info);
+- break;
++ case OC_BREAK:
++ debug_printf_parse("%s: OC_BREAK\n", __func__);
++ n = chain_node(OC_EXEC);
++ if (!break_ptr)
++ syntax_error("'break' not in a loop");
++ n->a.n = break_ptr;
++ chain_expr(t_info);
++ break;
+
+- case OC_CONTINUE:
+- debug_printf_parse("%s: OC_CONTINUE\n", __func__);
+- n = chain_node(OC_EXEC);
+- n->a.n = continue_ptr;
+- chain_expr(t_info);
+- break;
++ case OC_CONTINUE:
++ debug_printf_parse("%s: OC_CONTINUE\n", __func__);
++ n = chain_node(OC_EXEC);
++ if (!continue_ptr)
++ syntax_error("'continue' not in a loop");
++ n->a.n = continue_ptr;
++ chain_expr(t_info);
++ break;
+
+- /* delete, next, nextfile, return, exit */
+- default:
+- debug_printf_parse("%s: default\n", __func__);
+- chain_expr(t_info);
+- }
++ /* delete, next, nextfile, return, exit */
++ default:
++ debug_printf_parse("%s: default\n", __func__);
++ chain_expr(t_info);
+ }
+ }
+
+ static void parse_program(char *p)
+ {
+- uint32_t tclass;
+- node *cn;
+- func *f;
+- var *v;
++ debug_printf_parse("%s()\n", __func__);
+
+ g_pos = p;
+ t_lineno = 1;
+- while ((tclass = next_token(TC_EOF | TC_OPSEQ | TC_GRPSTART |
+- TC_OPTERM | TC_BEGIN | TC_END | TC_FUNCDECL)) != TC_EOF) {
++ for (;;) {
++ uint32_t tclass;
+
+- if (tclass & TC_OPTERM) {
+- debug_printf_parse("%s: TC_OPTERM\n", __func__);
++ tclass = next_token(TS_OPSEQ | TC_LBRACE | TC_BEGIN | TC_END | TC_FUNCDECL
++ | TC_EOF | TC_NEWLINE /* but not TC_SEMICOL */);
++ got_tok:
++ if (tclass == TC_EOF) {
++ debug_printf_parse("%s: TC_EOF\n", __func__);
++ break;
++ }
++ if (tclass == TC_NEWLINE) {
++ debug_printf_parse("%s: TC_NEWLINE\n", __func__);
+ continue;
+ }
+-
+- seq = &mainseq;
+- if (tclass & TC_BEGIN) {
++ if (tclass == TC_BEGIN) {
+ debug_printf_parse("%s: TC_BEGIN\n", __func__);
+ seq = &beginseq;
+- chain_group();
+- } else if (tclass & TC_END) {
++ /* ensure there is no newline between BEGIN and { */
++ next_token(TC_LBRACE);
++ chain_until_rbrace();
++ goto next_tok;
++ }
++ if (tclass == TC_END) {
+ debug_printf_parse("%s: TC_END\n", __func__);
+ seq = &endseq;
+- chain_group();
+- } else if (tclass & TC_FUNCDECL) {
++ /* ensure there is no newline between END and { */
++ next_token(TC_LBRACE);
++ chain_until_rbrace();
++ goto next_tok;
++ }
++ if (tclass == TC_FUNCDECL) {
++ func *f;
++
+ debug_printf_parse("%s: TC_FUNCDECL\n", __func__);
+ next_token(TC_FUNCTION);
+- g_pos++;
+ f = newfunc(t_string);
+- f->body.first = NULL;
+- f->nargs = 0;
+- /* Match func arg list: a comma sep list of >= 0 args, and a close paren */
+- while (next_token(TC_VARIABLE | TC_SEQTERM | TC_COMMA)) {
+- /* Either an empty arg list, or trailing comma from prev iter
+- * must be followed by an arg */
+- if (f->nargs == 0 && t_tclass == TC_SEQTERM)
+- break;
+-
+- /* TC_SEQSTART/TC_COMMA must be followed by TC_VARIABLE */
+- if (t_tclass != TC_VARIABLE)
++ if (f->defined)
++ syntax_error("Duplicate function");
++ f->defined = 1;
++ //f->body.first = NULL; - already is
++ //f->nargs = 0; - already is
++ /* func arg list: comma sep list of args, and a close paren */
++ for (;;) {
++ var *v;
++ if (next_token(TC_VARIABLE | TC_RPAREN) == TC_RPAREN) {
++ if (f->nargs == 0)
++ break; /* func() is ok */
++ /* func(a,) is not ok */
+ syntax_error(EMSG_UNEXP_TOKEN);
+-
++ }
+ v = findvar(ahash, t_string);
+ v->x.aidx = f->nargs++;
+-
+ /* Arg followed either by end of arg list or 1 comma */
+- if (next_token(TC_COMMA | TC_SEQTERM) & TC_SEQTERM)
++ if (next_token(TC_COMMA | TC_RPAREN) == TC_RPAREN)
+ break;
+- if (t_tclass != TC_COMMA)
+- syntax_error(EMSG_UNEXP_TOKEN);
++ /* it was a comma, we ate it */
+ }
+ seq = &f->body;
+- chain_group();
+- clear_array(ahash);
+- } else if (tclass & TC_OPSEQ) {
+- debug_printf_parse("%s: TC_OPSEQ\n", __func__);
++ /* ensure there is { after "func F(...)" - but newlines are allowed */
++ while (next_token(TC_LBRACE | TC_NEWLINE) == TC_NEWLINE)
++ continue;
++ chain_until_rbrace();
++ hash_clear(ahash);
++ goto next_tok;
++ }
++ seq = &mainseq;
++ if (tclass & TS_OPSEQ) {
++ node *cn;
++
++ debug_printf_parse("%s: TS_OPSEQ\n", __func__);
+ rollback_token();
+ cn = chain_node(OC_TEST);
+- cn->l.n = parse_expr(TC_OPTERM | TC_EOF | TC_GRPSTART);
+- if (t_tclass & TC_GRPSTART) {
+- debug_printf_parse("%s: TC_GRPSTART\n", __func__);
+- rollback_token();
+- chain_group();
++ cn->l.n = parse_expr(TC_SEMICOL | TC_NEWLINE | TC_EOF | TC_LBRACE);
++ if (t_tclass == TC_LBRACE) {
++ debug_printf_parse("%s: TC_LBRACE\n", __func__);
++ chain_until_rbrace();
+ } else {
+- debug_printf_parse("%s: !TC_GRPSTART\n", __func__);
++ /* no action, assume default "{ print }" */
++ debug_printf_parse("%s: !TC_LBRACE\n", __func__);
+ chain_node(OC_PRINT);
+ }
+ cn->r.n = mainseq.last;
+- } else /* if (tclass & TC_GRPSTART) */ {
+- debug_printf_parse("%s: TC_GRPSTART(?)\n", __func__);
+- rollback_token();
+- chain_group();
++ goto next_tok;
+ }
+- }
+- debug_printf_parse("%s: TC_EOF\n", __func__);
++ /* tclass == TC_LBRACE */
++ debug_printf_parse("%s: TC_LBRACE(?)\n", __func__);
++ chain_until_rbrace();
++ next_tok:
++ /* Same as next_token() at the top of the loop, + TC_SEMICOL */
++ tclass = next_token(TS_OPSEQ | TC_LBRACE | TC_BEGIN | TC_END | TC_FUNCDECL
++ | TC_EOF | TC_NEWLINE | TC_SEMICOL);
++ /* gawk allows many newlines, but does not allow more than one semicolon:
++ * BEGIN {...}<newline>;<newline>;
++ * would complain "each rule must have a pattern or an action part".
++ * Same message for
++ * ; BEGIN {...}
++ */
++ if (tclass != TC_SEMICOL)
++ goto got_tok; /* use this token */
++ /* else: loop back - ate the semicolon, get and use _next_ token */
++ } /* for (;;) */
+ }
+
+-
+ /* -------- program execution part -------- */
+
++/* temporary variables allocator */
++static var *nvalloc(int sz)
++{
++ return xzalloc(sz * sizeof(var));
++}
++
++static void nvfree(var *v, int sz)
++{
++ var *p = v;
++
++ while (--sz >= 0) {
++ if ((p->type & (VF_ARRAY | VF_CHILD)) == VF_ARRAY) {
++ clear_array(iamarray(p));
++ free(p->x.array->items);
++ free(p->x.array);
++ }
++ if (p->type & VF_WALK) {
++ walker_list *n;
++ walker_list *w = p->x.walker;
++ debug_printf_walker("nvfree: freeing walker @%p\n", &p->x.walker);
++ p->x.walker = NULL;
++ while (w) {
++ n = w->prev;
++ debug_printf_walker(" free(%p)\n", w);
++ free(w);
++ w = n;
++ }
++ }
++ clrvar(p);
++ p++;
++ }
++
++ free(v);
++}
++
+ static node *mk_splitter(const char *s, tsplitter *spl)
+ {
+ regex_t *re, *ire;
+@@ -1686,7 +1848,7 @@ static node *mk_splitter(const char *s, tsplitter *spl)
+ re = &spl->re[0];
+ ire = &spl->re[1];
+ n = &spl->n;
+- if ((n->info & OPCLSMASK) == OC_REGEXP) {
++ if (n->info == TI_REGEXP) {
+ regfree(re);
+ regfree(ire); // TODO: nuke ire, use re+1?
+ }
+@@ -1699,21 +1861,28 @@ static node *mk_splitter(const char *s, tsplitter *spl)
+ return n;
+ }
+
+-/* use node as a regular expression. Supplied with node ptr and regex_t
++static var *evaluate(node *, var *);
++
++/* Use node as a regular expression. Supplied with node ptr and regex_t
+ * storage space. Return ptr to regex (if result points to preg, it should
+- * be later regfree'd manually
++ * be later regfree'd manually).
+ */
+ static regex_t *as_regex(node *op, regex_t *preg)
+ {
+ int cflags;
+- var *v;
+ const char *s;
+
+- if ((op->info & OPCLSMASK) == OC_REGEXP) {
++ if (op->info == TI_REGEXP) {
+ return icase ? op->r.ire : op->l.re;
+ }
+- v = nvalloc(1);
+- s = getvar_s(evaluate(op, v));
++
++ //tmpvar = nvalloc(1);
++#define TMPVAR (&G.as_regex__tmpvar)
++ // We use a single "static" tmpvar (instead of on-stack or malloced one)
++ // to decrease memory consumption in deeply-recursive awk programs.
++ // The rule to work safely is to never call evaluate() while our static
++ // TMPVAR's value is still needed.
++ s = getvar_s(evaluate(op, TMPVAR));
+
+ cflags = icase ? REG_EXTENDED | REG_ICASE : REG_EXTENDED;
+ /* Testcase where REG_EXTENDED fails (unpaired '{'):
+@@ -1725,7 +1894,8 @@ static regex_t *as_regex(node *op, regex_t *preg)
+ cflags &= ~REG_EXTENDED;
+ xregcomp(preg, s, cflags);
+ }
+- nvfree(v);
++ //nvfree(tmpvar, 1);
++#undef TMPVAR
+ return preg;
+ }
+
+@@ -1745,12 +1915,22 @@ static char* qrealloc(char *b, int n, int *size)
+ /* resize field storage space */
+ static void fsrealloc(int size)
+ {
+- int i;
++ int i, newsize;
+
+ if (size >= maxfields) {
++ /* Sanity cap, easier than catering for overflows */
++ if (size > 0xffffff)
++ bb_die_memory_exhausted();
++
+ i = maxfields;
+ maxfields = size + 16;
+- Fields = xrealloc(Fields, maxfields * sizeof(Fields[0]));
++
++ newsize = maxfields * sizeof(Fields[0]);
++ debug_printf_eval("fsrealloc: xrealloc(%p, %u)\n", Fields, newsize);
++ Fields = xrealloc(Fields, newsize);
++ debug_printf_eval("fsrealloc: Fields=%p..%p\n", Fields, (char*)Fields + newsize - 1);
++ /* ^^^ did Fields[] move? debug aid for L.v getting "upstaged" by R.v in evaluate() */
++
+ for (; i < maxfields; i++) {
+ Fields[i].type = VF_SPECIAL;
+ Fields[i].string = NULL;
+@@ -1763,12 +1943,34 @@ static void fsrealloc(int size)
+ nfields = size;
+ }
+
++static int regexec1_nonempty(const regex_t *preg, const char *s, regmatch_t pmatch[])
++{
++ int r = regexec(preg, s, 1, pmatch, 0);
++ if (r == 0 && pmatch[0].rm_eo == 0) {
++ /* For example, happens when FS can match
++ * an empty string (awk -F ' *'). Logically,
++ * this should split into one-char fields.
++ * However, gawk 5.0.1 searches for first
++ * _non-empty_ separator string match:
++ */
++ size_t ofs = 0;
++ do {
++ ofs++;
++ if (!s[ofs])
++ return REG_NOMATCH;
++ regexec(preg, s + ofs, 1, pmatch, 0);
++ } while (pmatch[0].rm_eo == 0);
++ pmatch[0].rm_so += ofs;
++ pmatch[0].rm_eo += ofs;
++ }
++ return r;
++}
++
+ static int awk_split(const char *s, node *spl, char **slist)
+ {
+- int l, n;
++ int n;
+ char c[4];
+ char *s1;
+- regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough...
+
+ /* in worst case, each char would be a separate field */
+ *slist = s1 = xzalloc(strlen(s) * 2 + 3);
+@@ -1780,34 +1982,36 @@ static int awk_split(const char *s, node *spl, char **slist)
+ c[2] = '\n';
+
+ n = 0;
+- if ((spl->info & OPCLSMASK) == OC_REGEXP) { /* regex split */
++ if (spl->info == TI_REGEXP) { /* regex split */
+ if (!*s)
+ return n; /* "": zero fields */
+ n++; /* at least one field will be there */
+ do {
++ int l;
++ regmatch_t pmatch[1];
++
+ l = strcspn(s, c+2); /* len till next NUL or \n */
+- if (regexec(icase ? spl->r.ire : spl->l.re, s, 1, pmatch, 0) == 0
++ if (regexec1_nonempty(icase ? spl->r.ire : spl->l.re, s, pmatch) == 0
+ && pmatch[0].rm_so <= l
+ ) {
++ /* if (pmatch[0].rm_eo == 0) ... - impossible */
+ l = pmatch[0].rm_so;
+- if (pmatch[0].rm_eo == 0) {
+- l++;
+- pmatch[0].rm_eo++;
+- }
+ n++; /* we saw yet another delimiter */
+ } else {
+ pmatch[0].rm_eo = l;
+ if (s[l])
+ pmatch[0].rm_eo++;
+ }
+- memcpy(s1, s, l);
+- /* make sure we remove *all* of the separator chars */
+- do {
+- s1[l] = '\0';
+- } while (++l < pmatch[0].rm_eo);
+- nextword(&s1);
++ s1 = mempcpy(s1, s, l);
++ *s1++ = '\0';
+ s += pmatch[0].rm_eo;
+ } while (*s);
++
++ /* echo a-- | awk -F-- '{ print NF, length($NF), $NF }'
++ * should print "2 0 ":
++ */
++ *s1 = '\0';
++
+ return n;
+ }
+ if (c[0] == '\0') { /* null split */
+@@ -1945,7 +2149,7 @@ static node *nextarg(node **pn)
+ node *n;
+
+ n = *pn;
+- if (n && (n->info & OPCLSMASK) == OC_COMMA) {
++ if (n && n->info == TI_COMMA) {
+ *pn = n->r.n;
+ n = n->l.n;
+ } else {
+@@ -1976,8 +2180,7 @@ static void hashwalk_init(var *v, xhash *array)
+ for (i = 0; i < array->csize; i++) {
+ hi = array->items[i];
+ while (hi) {
+- strcpy(w->end, hi->name);
+- nextword(&w->end);
++ w->end = stpcpy(w->end, hi->name) + 1;
+ hi = hi->next;
+ }
+ }
+@@ -2003,15 +2206,18 @@ static int hashwalk_next(var *v)
+ /* evaluate node, return 1 when result is true, 0 otherwise */
+ static int ptest(node *pattern)
+ {
+- /* ptest__v is "static": to save stack space? */
+- return istrue(evaluate(pattern, &G.ptest__v));
++ // We use a single "static" tmpvar (instead of on-stack or malloced one)
++ // to decrease memory consumption in deeply-recursive awk programs.
++ // The rule to work safely is to never call evaluate() while our static
++ // TMPVAR's value is still needed.
++ return istrue(evaluate(pattern, &G.ptest__tmpvar));
+ }
+
+ /* read next record from stream rsm into a variable v */
+ static int awk_getline(rstream *rsm, var *v)
+ {
+ char *b;
+- regmatch_t pmatch[2];
++ regmatch_t pmatch[1];
+ int size, a, p, pp = 0;
+ int fd, so, eo, r, rp;
+ char c, *m, *s;
+@@ -2037,7 +2243,7 @@ static int awk_getline(rstream *rsm, var *v)
+ so = eo = p;
+ r = 1;
+ if (p > 0) {
+- if ((rsplitter.n.info & OPCLSMASK) == OC_REGEXP) {
++ if (rsplitter.n.info == TI_REGEXP) {
+ if (regexec(icase ? rsplitter.n.r.ire : rsplitter.n.l.re,
+ b, 1, pmatch, 0) == 0) {
+ so = pmatch[0].rm_so;
+@@ -2109,42 +2315,36 @@ static int awk_getline(rstream *rsm, var *v)
+ return r;
+ }
+
+-static int fmt_num(char *b, int size, const char *format, double n, int int_as_int)
+-{
+- int r = 0;
+- char c;
+- const char *s = format;
+-
+- if (int_as_int && n == (long long)n) {
+- r = snprintf(b, size, "%lld", (long long)n);
+- } else {
+- do { c = *s; } while (c && *++s);
+- if (strchr("diouxX", c)) {
+- r = snprintf(b, size, format, (int)n);
+- } else if (strchr("eEfgG", c)) {
+- r = snprintf(b, size, format, n);
+- } else {
+- syntax_error(EMSG_INV_FMT);
+- }
+- }
+- return r;
+-}
+-
+ /* formatted output into an allocated buffer, return ptr to buffer */
+-static char *awk_printf(node *n)
++#if !ENABLE_FEATURE_AWK_GNU_EXTENSIONS
++# define awk_printf(a, b) awk_printf(a)
++#endif
++static char *awk_printf(node *n, size_t *len)
+ {
+- char *b = NULL;
+- char *fmt, *s, *f;
+- const char *s1;
+- int i, j, incr, bsize;
+- char c, c1;
+- var *v, *arg;
+-
+- v = nvalloc(1);
+- fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), v)));
+-
++ char *b;
++ char *fmt, *f;
++ size_t i;
++
++ //tmpvar = nvalloc(1);
++#define TMPVAR (&G.awk_printf__tmpvar)
++ // We use a single "static" tmpvar (instead of on-stack or malloced one)
++ // to decrease memory consumption in deeply-recursive awk programs.
++ // The rule to work safely is to never call evaluate() while our static
++ // TMPVAR's value is still needed.
++ fmt = f = xstrdup(getvar_s(evaluate(nextarg(&n), TMPVAR)));
++ // ^^^^^^^^^ here we immediately strdup() the value, so the later call
++ // to evaluate() potentially recursing into another awk_printf() can't
++ // mangle the value.
++
++ b = NULL;
+ i = 0;
+- while (*f) {
++ while (*f) { /* "print one format spec" loop */
++ char *s;
++ char c;
++ char sv;
++ var *arg;
++ size_t slen;
++
+ s = f;
+ while (*f && (*f != '%' || *++f == '%'))
+ f++;
+@@ -2153,38 +2353,68 @@ static char *awk_printf(node *n)
+ syntax_error("%*x formats are not supported");
+ f++;
+ }
+-
+- incr = (f - s) + MAXVARFMT;
+- b = qrealloc(b, incr + i, &bsize);
+ c = *f;
+- if (c != '\0')
+- f++;
+- c1 = *f;
++ if (!c) {
++ /* Tail of fmt with no percent chars,
++ * or "....%" (percent seen, but no format specifier char found)
++ */
++ slen = strlen(s);
++ goto tail;
++ }
++ sv = *++f;
+ *f = '\0';
+- arg = evaluate(nextarg(&n), v);
+-
+- j = i;
+- if (c == 'c' || !c) {
+- i += sprintf(b+i, s, is_numeric(arg) ?
+- (char)getvar_i(arg) : *getvar_s(arg));
+- } else if (c == 's') {
+- s1 = getvar_s(arg);
+- b = qrealloc(b, incr+i+strlen(s1), &bsize);
+- i += sprintf(b+i, s, s1);
++ arg = evaluate(nextarg(&n), TMPVAR);
++
++ /* Result can be arbitrarily long. Example:
++ * printf "%99999s", "BOOM"
++ */
++ if (c == 'c') {
++ char cc = is_numeric(arg) ? getvar_i(arg) : *getvar_s(arg);
++ char *r = xasprintf(s, cc ? cc : '^' /* else strlen will be wrong */);
++ slen = strlen(r);
++ if (cc == '\0') /* if cc is NUL, re-format the string with it */
++ sprintf(r, s, cc);
++ s = r;
+ } else {
+- i += fmt_num(b+i, incr, s, getvar_i(arg), FALSE);
++ if (c == 's') {
++ s = xasprintf(s, getvar_s(arg));
++ } else {
++ double d = getvar_i(arg);
++ if (strchr("diouxX", c)) {
++//TODO: make it wider here (%x -> %llx etc)?
++ s = xasprintf(s, (int)d);
++ } else if (strchr("eEfFgGaA", c)) {
++ s = xasprintf(s, d);
++ } else {
++ syntax_error(EMSG_INV_FMT);
++ }
++ }
++ slen = strlen(s);
+ }
+- *f = c1;
++ *f = sv;
+
+- /* if there was an error while sprintf, return value is negative */
+- if (i < j)
+- i = j;
++ if (i == 0) {
++ b = s;
++ i = slen;
++ continue;
++ }
++ tail:
++ b = xrealloc(b, i + slen + 1);
++ strcpy(b + i, s);
++ i += slen;
++ if (!c) /* tail? */
++ break;
++ free(s);
+ }
+
+ free(fmt);
+- nvfree(v);
+- b = xrealloc(b, i + 1);
+- b[i] = '\0';
++ //nvfree(tmpvar, 1);
++#undef TMPVAR
++
++#if ENABLE_FEATURE_AWK_GNU_EXTENSIONS
++ if (len)
++ *len = i;
++#endif
+ return b;
+ }
+
+@@ -2314,33 +2544,59 @@ static NOINLINE int do_mktime(const char *ds)
+ return mktime(&then);
+ }
+
++/* Reduce stack usage in exec_builtin() by keeping match() code separate */
++static NOINLINE var *do_match(node *an1, const char *as0)
++{
++ regmatch_t pmatch[1];
++ regex_t sreg, *re;
++ int n, start, len;
++
++ re = as_regex(an1, &sreg);
++ n = regexec(re, as0, 1, pmatch, 0);
++ if (re == &sreg)
++ regfree(re);
++ start = 0;
++ len = -1;
++ if (n == 0) {
++ start = pmatch[0].rm_so + 1;
++ len = pmatch[0].rm_eo - pmatch[0].rm_so;
++ }
++ setvar_i(newvar("RLENGTH"), len);
++ return setvar_i(newvar("RSTART"), start);
++}
++
++/* Reduce stack usage in evaluate() by keeping builtins' code separate */
+ static NOINLINE var *exec_builtin(node *op, var *res)
+ {
+ #define tspl (G.exec_builtin__tspl)
+
+- var *tv;
++ var *tmpvars;
+ node *an[4];
+ var *av[4];
+ const char *as[4];
+- regmatch_t pmatch[2];
+- regex_t sreg, *re;
+ node *spl;
+ uint32_t isr, info;
+ int nargs;
+ time_t tt;
+ int i, l, ll, n;
+
+- tv = nvalloc(4);
++ tmpvars = nvalloc(4);
++#define TMPVAR0 (tmpvars)
++#define TMPVAR1 (tmpvars + 1)
++#define TMPVAR2 (tmpvars + 2)
++#define TMPVAR3 (tmpvars + 3)
++#define TMPVAR(i) (tmpvars + (i))
+ isr = info = op->info;
+ op = op->l.n;
+
+ av[2] = av[3] = NULL;
+ for (i = 0; i < 4 && op; i++) {
+ an[i] = nextarg(&op);
+- if (isr & 0x09000000)
+- av[i] = evaluate(an[i], &tv[i]);
+- if (isr & 0x08000000)
+- as[i] = getvar_s(av[i]);
++ if (isr & 0x09000000) {
++ av[i] = evaluate(an[i], TMPVAR(i));
++ if (isr & 0x08000000)
++ as[i] = getvar_s(av[i]);
++ }
+ isr >>= 1;
+ }
+
+@@ -2362,8 +2618,8 @@ static NOINLINE var *exec_builtin(node *op, var *res)
+ char *s, *s1;
+
+ if (nargs > 2) {
+- spl = (an[2]->info & OPCLSMASK) == OC_REGEXP ?
+- an[2] : mk_splitter(getvar_s(evaluate(an[2], &tv[2])), &tspl);
++ spl = (an[2]->info == TI_REGEXP) ? an[2]
++ : mk_splitter(getvar_s(evaluate(an[2], TMPVAR2)), &tspl);
+ } else {
+ spl = &fsplitter.n;
+ }
+@@ -2477,20 +2733,7 @@ static NOINLINE var *exec_builtin(node *op, var *res)
+ break;
+
+ case B_ma:
+- re = as_regex(an[1], &sreg);
+- n = regexec(re, as[0], 1, pmatch, 0);
+- if (n == 0) {
+- pmatch[0].rm_so++;
+- pmatch[0].rm_eo++;
+- } else {
+- pmatch[0].rm_so = 0;
+- pmatch[0].rm_eo = -1;
+- }
+- setvar_i(newvar("RSTART"), pmatch[0].rm_so);
+- setvar_i(newvar("RLENGTH"), pmatch[0].rm_eo - pmatch[0].rm_so);
+- setvar_i(res, pmatch[0].rm_so);
+- if (re == &sreg)
+- regfree(re);
++ res = do_match(an[1], as[0]);
+ break;
+
+ case B_ge:
+@@ -2506,14 +2749,79 @@ static NOINLINE var *exec_builtin(node *op, var *res)
+ break;
+ }
+
+- nvfree(tv);
++ nvfree(tmpvars, 4);
++#undef TMPVAR0
++#undef TMPVAR1
++#undef TMPVAR2
++#undef TMPVAR3
++#undef TMPVAR
++
+ return res;
+ #undef tspl
+ }
+
++/* if expr looks like "var=value", perform assignment and return 1,
++ * otherwise return 0 */
++static int is_assignment(const char *expr)
++{
++ char *exprc, *val;
++
++ val = (char*)endofname(expr);
++ if (val == (char*)expr || *val != '=') {
++ return FALSE;
++ }
++
++ exprc = xstrdup(expr);
++ val = exprc + (val - expr);
++ *val++ = '\0';
++
++ unescape_string_in_place(val);
++ setvar_u(newvar(exprc), val);
++ free(exprc);
++ return TRUE;
++}
++
++/* switch to next input file */
++static rstream *next_input_file(void)
++{
++#define rsm (G.next_input_file__rsm)
++#define files_happen (G.next_input_file__files_happen)
++
++ const char *fname, *ind;
++
++ if (rsm.F)
++ fclose(rsm.F);
++ rsm.F = NULL;
++ rsm.pos = rsm.adv = 0;
++
++ for (;;) {
++ if (getvar_i(intvar[ARGIND])+1 >= getvar_i(intvar[ARGC])) {
++ if (files_happen)
++ return NULL;
++ fname = "-";
++ rsm.F = stdin;
++ break;
++ }
++ ind = getvar_s(incvar(intvar[ARGIND]));
++ fname = getvar_s(findvar(iamarray(intvar[ARGV]), ind));
++ if (fname && *fname && !is_assignment(fname)) {
++ rsm.F = xfopen_stdin(fname);
++ break;
++ }
++ }
++
++ files_happen = TRUE;
++ setvar_s(intvar[FILENAME], fname);
++ return &rsm;
++#undef rsm
++#undef files_happen
++}
++
+ /*
+ * Evaluate node - the heart of the program. Supplied with subtree
+- * and place where to store result. returns ptr to result.
++ * and "res" variable to assign the result to if we evaluate an expression.
++ * If node refers to e.g. a variable or a field, no assignment happens.
++ * Return ptr to the result (which may or may not be the "res" variable!)
+ */
+ #define XC(n) ((n) >> 8)
+
+@@ -2525,14 +2833,16 @@ static var *evaluate(node *op, var *res)
+ #define seed (G.evaluate__seed)
+ #define sreg (G.evaluate__sreg)
+
+- var *v1;
++ var *tmpvars;
+
+ if (!op)
+ return setvar_s(res, NULL);
+
+ debug_printf_eval("entered %s()\n", __func__);
+
+- v1 = nvalloc(2);
++ tmpvars = nvalloc(2);
++#define TMPVAR0 (tmpvars)
++#define TMPVAR1 (tmpvars + 1)
+
+ while (op) {
+ struct {
+@@ -2554,48 +2864,35 @@ static var *evaluate(node *op, var *res)
+ op1 = op->l.n;
+ debug_printf_eval("opinfo:%08x opn:%08x\n", opinfo, opn);
+
+- /* "delete" is special:
+- * "delete array[var--]" must evaluate index expr only once,
+- * must not evaluate it in "execute inevitable things" part.
+- */
+- if (XC(opinfo & OPCLSMASK) == XC(OC_DELETE)) {
+- uint32_t info = op1->info & OPCLSMASK;
+- var *v;
+-
+- debug_printf_eval("DELETE\n");
+- if (info == OC_VAR) {
+- v = op1->l.v;
+- } else if (info == OC_FNARG) {
+- v = &fnargs[op1->l.aidx];
+- } else {
+- syntax_error(EMSG_NOT_ARRAY);
++ /* execute inevitable things */
++ if (opinfo & OF_RES1) {
++ if ((opinfo & OF_REQUIRED) && !op1)
++ syntax_error(EMSG_TOO_FEW_ARGS);
++ L.v = evaluate(op1, TMPVAR0);
++ if (opinfo & OF_STR1) {
++ L.s = getvar_s(L.v);
++ debug_printf_eval("L.s:'%s'\n", L.s);
+ }
+- if (op1->r.n) { /* array ref? */
+- const char *s;
+- s = getvar_s(evaluate(op1->r.n, v1));
+- hash_remove(iamarray(v), s);
+- } else {
+- clear_array(iamarray(v));
++ if (opinfo & OF_NUM1) {
++ L_d = getvar_i(L.v);
++ debug_printf_eval("L_d:%f\n", L_d);
+ }
+- goto next;
+- }
+-
+- /* execute inevitable things */
+- if (opinfo & OF_RES1)
+- L.v = evaluate(op1, v1);
+- if (opinfo & OF_RES2)
+- R.v = evaluate(op->r.n, v1+1);
+- if (opinfo & OF_STR1) {
+- L.s = getvar_s(L.v);
+- debug_printf_eval("L.s:'%s'\n", L.s);
+ }
+- if (opinfo & OF_STR2) {
+- R.s = getvar_s(R.v);
+- debug_printf_eval("R.s:'%s'\n", R.s);
+- }
+- if (opinfo & OF_NUM1) {
+- L_d = getvar_i(L.v);
+- debug_printf_eval("L_d:%f\n", L_d);
++ /* NB: Must get string/numeric values of L (done above)
++ * _before_ evaluate()'ing R.v: if both L and R are $NNNs,
++ * and right one is large, then L.v points to Fields[NNN1],
++ * second evaluate() reallocates and moves (!) Fields[],
++ * R.v points to Fields[NNN2] but L.v now points to freed mem!
++ * (Seen trying to evaluate "$444 $44444")
++ */
++ if (opinfo & OF_RES2) {
++ R.v = evaluate(op->r.n, TMPVAR1);
++ //TODO: L.v may be invalid now, set L.v to NULL to catch bugs?
++ //L.v = NULL;
++ if (opinfo & OF_STR2) {
++ R.s = getvar_s(R.v);
++ debug_printf_eval("R.s:'%s'\n", R.s);
++ }
+ }
+
+ debug_printf_eval("switch(0x%x)\n", XC(opinfo & OPCLSMASK));
+@@ -2605,7 +2902,8 @@ static var *evaluate(node *op, var *res)
+
+ /* test pattern */
+ case XC( OC_TEST ):
+- if ((op1->info & OPCLSMASK) == OC_COMMA) {
++ debug_printf_eval("TEST\n");
++ if (op1->info == TI_COMMA) {
+ /* it's range pattern */
+ if ((opinfo & OF_CHECKED) || ptest(op1->l.n)) {
+ op->info |= OF_CHECKED;
+@@ -2622,25 +2920,32 @@ static var *evaluate(node *op, var *res)
+
+ /* just evaluate an expression, also used as unconditional jump */
+ case XC( OC_EXEC ):
++ debug_printf_eval("EXEC\n");
+ break;
+
+ /* branch, used in if-else and various loops */
+ case XC( OC_BR ):
++ debug_printf_eval("BR\n");
+ op = istrue(L.v) ? op->a.n : op->r.n;
+ break;
+
+ /* initialize for-in loop */
+ case XC( OC_WALKINIT ):
++ debug_printf_eval("WALKINIT\n");
+ hashwalk_init(L.v, iamarray(R.v));
+ break;
+
+ /* get next array item */
+ case XC( OC_WALKNEXT ):
++ debug_printf_eval("WALKNEXT\n");
+ op = hashwalk_next(L.v) ? op->a.n : op->r.n;
+ break;
+
+ case XC( OC_PRINT ):
+- case XC( OC_PRINTF ): {
++ debug_printf_eval("PRINT /\n");
++ case XC( OC_PRINTF ):
++ debug_printf_eval("PRINTF\n");
++ {
+ FILE *F = stdout;
+
+ if (op->r.n) {
+@@ -2658,55 +2963,94 @@ static var *evaluate(node *op, var *res)
+ F = rsm->F;
+ }
+
++ /* Can't just check 'opinfo == OC_PRINT' here, parser ORs
++ * additional bits to opinfos of print/printf with redirects
++ */
+ if ((opinfo & OPCLSMASK) == OC_PRINT) {
+ if (!op1) {
+ fputs(getvar_s(intvar[F0]), F);
+ } else {
+- while (op1) {
+- var *v = evaluate(nextarg(&op1), v1);
++ for (;;) {
++ var *v = evaluate(nextarg(&op1), TMPVAR0);
+ if (v->type & VF_NUMBER) {
+- fmt_num(g_buf, MAXVARFMT, getvar_s(intvar[OFMT]),
+- getvar_i(v), TRUE);
++ fmt_num(getvar_s(intvar[OFMT]),
++ getvar_i(v));
+ fputs(g_buf, F);
+ } else {
+ fputs(getvar_s(v), F);
+ }
+-
+- if (op1)
+- fputs(getvar_s(intvar[OFS]), F);
++ if (!op1)
++ break;
++ fputs(getvar_s(intvar[OFS]), F);
+ }
+ }
+ fputs(getvar_s(intvar[ORS]), F);
+-
+- } else { /* OC_PRINTF */
+- char *s = awk_printf(op1);
++ } else { /* PRINTF */
++ IF_FEATURE_AWK_GNU_EXTENSIONS(size_t len;)
++ char *s = awk_printf(op1, &len);
++#if ENABLE_FEATURE_AWK_GNU_EXTENSIONS
++ fwrite(s, len, 1, F);
++#else
+ fputs(s, F);
++#endif
+ free(s);
+ }
+ fflush(F);
+ break;
+ }
+
+- /* case XC( OC_DELETE ): - moved to happen before arg evaluation */
++ case XC( OC_DELETE ):
++ debug_printf_eval("DELETE\n");
++ {
++ /* "delete" is special:
++ * "delete array[var--]" must evaluate index expr only once.
++ */
++ uint32_t info = op1->info & OPCLSMASK;
++ var *v;
++
++ if (info == OC_VAR) {
++ v = op1->l.v;
++ } else if (info == OC_FNARG) {
++ v = &fnargs[op1->l.aidx];
++ } else {
++ syntax_error(EMSG_NOT_ARRAY);
++ }
++ if (op1->r.n) { /* array ref? */
++ const char *s;
++ s = getvar_s(evaluate(op1->r.n, TMPVAR0));
++ hash_remove(iamarray(v), s);
++ } else {
++ clear_array(iamarray(v));
++ }
++ break;
++ }
+
+ case XC( OC_NEWSOURCE ):
++ debug_printf_eval("NEWSOURCE\n");
+ g_progname = op->l.new_progname;
+ break;
+
+ case XC( OC_RETURN ):
++ debug_printf_eval("RETURN\n");
+ copyvar(res, L.v);
+ break;
+
+ case XC( OC_NEXTFILE ):
++ debug_printf_eval("NEXTFILE\n");
+ nextfile = TRUE;
+ case XC( OC_NEXT ):
++ debug_printf_eval("NEXT\n");
+ nextrec = TRUE;
+ case XC( OC_DONE ):
++ debug_printf_eval("DONE\n");
+ clrvar(res);
+ break;
+
+ case XC( OC_EXIT ):
+- awk_exit(L_d);
++ debug_printf_eval("EXIT\n");
++ if (op1)
++ G.exitcode = (int)L_d;
++ awk_exit();
+
+ /* -- recursive node type -- */
+
+@@ -2725,15 +3069,18 @@ static var *evaluate(node *op, var *res)
+ break;
+
+ case XC( OC_IN ):
++ debug_printf_eval("IN\n");
+ setvar_i(res, hash_search(iamarray(R.v), L.s) ? 1 : 0);
+ break;
+
+ case XC( OC_REGEXP ):
++ debug_printf_eval("REGEXP\n");
+ op1 = op;
+ L.s = getvar_s(intvar[F0]);
+ goto re_cont;
+
+ case XC( OC_MATCH ):
++ debug_printf_eval("MATCH\n");
+ op1 = op->r.n;
+ re_cont:
+ {
+@@ -2748,61 +3095,80 @@ static var *evaluate(node *op, var *res)
+ case XC( OC_MOVE ):
+ debug_printf_eval("MOVE\n");
+ /* if source is a temporary string, jusk relink it to dest */
+-//Disabled: if R.v is numeric but happens to have cached R.v->string,
+-//then L.v ends up being a string, which is wrong
+-// if (R.v == v1+1 && R.v->string) {
+-// res = setvar_p(L.v, R.v->string);
+-// R.v->string = NULL;
+-// } else {
++ if (R.v == TMPVAR1
++ && !(R.v->type & VF_NUMBER)
++ /* Why check !NUMBER? if R.v is a number but has cached R.v->string,
++ * L.v ends up a string, which is wrong */
++ /*&& R.v->string - always not NULL (right?) */
++ ) {
++ res = setvar_p(L.v, R.v->string); /* avoids strdup */
++ R.v->string = NULL;
++ } else {
+ res = copyvar(L.v, R.v);
+-// }
++ }
+ break;
+
+ case XC( OC_TERNARY ):
+- if ((op->r.n->info & OPCLSMASK) != OC_COLON)
++ debug_printf_eval("TERNARY\n");
++ if (op->r.n->info != TI_COLON)
+ syntax_error(EMSG_POSSIBLE_ERROR);
+ res = evaluate(istrue(L.v) ? op->r.n->l.n : op->r.n->r.n, res);
+ break;
+
+ case XC( OC_FUNC ): {
+- var *vbeg, *v;
++ var *argvars, *sv_fnargs;
+ const char *sv_progname;
++ int nargs, i;
+
+- /* The body might be empty, still has to eval the args */
+- if (!op->r.n->info && !op->r.f->body.first)
++ debug_printf_eval("FUNC\n");
++
++ if (!op->r.f->defined)
+ syntax_error(EMSG_UNDEF_FUNC);
+
+- vbeg = v = nvalloc(op->r.f->nargs + 1);
++ /* The body might be empty, still has to eval the args */
++ nargs = op->r.f->nargs;
++ argvars = nvalloc(nargs);
++ i = 0;
+ while (op1) {
+- var *arg = evaluate(nextarg(&op1), v1);
+- copyvar(v, arg);
+- v->type |= VF_CHILD;
+- v->x.parent = arg;
+- if (++v - vbeg >= op->r.f->nargs)
+- break;
++ var *arg = evaluate(nextarg(&op1), TMPVAR0);
++ if (i == nargs) {
++ /* call with more arguments than function takes.
++ * (gawk warns: "warning: function 'f' called with more arguments than declared").
++ * They are still evaluated, but discarded: */
++ clrvar(arg);
++ continue;
++ }
++ copyvar(&argvars[i], arg);
++ argvars[i].type |= VF_CHILD;
++ argvars[i].x.parent = arg;
++ i++;
+ }
+
+- v = fnargs;
+- fnargs = vbeg;
++ sv_fnargs = fnargs;
+ sv_progname = g_progname;
+
++ fnargs = argvars;
+ res = evaluate(op->r.f->body.first, res);
++ nvfree(argvars, nargs);
+
+ g_progname = sv_progname;
+- nvfree(fnargs);
+- fnargs = v;
++ fnargs = sv_fnargs;
+
+ break;
+ }
+
+ case XC( OC_GETLINE ):
+- case XC( OC_PGETLINE ): {
++ debug_printf_eval("GETLINE /\n");
++ case XC( OC_PGETLINE ):
++ debug_printf_eval("PGETLINE\n");
++ {
+ rstream *rsm;
+ int i;
+
+ if (op1) {
+ rsm = newfile(L.s);
+ if (!rsm->F) {
++ /* NB: can't use "opinfo == TI_PGETLINE", would break "cmd" | getline */
+ if ((opinfo & OPCLSMASK) == OC_PGETLINE) {
+ rsm->F = popen(L.s, "r");
+ rsm->is_pipe = TRUE;
+@@ -2837,16 +3203,34 @@ static var *evaluate(node *op, var *res)
+ /* simple builtins */
+ case XC( OC_FBLTIN ): {
+ double R_d = R_d; /* for compiler */
++ debug_printf_eval("FBLTIN\n");
++
++ if (op1 && op1->info == TI_COMMA)
++ /* Simple builtins take one arg maximum */
++ syntax_error("Too many arguments");
+
+ switch (opn) {
+ case F_in:
+ R_d = (long long)L_d;
+ break;
+
+- case F_rn:
+- R_d = (double)rand() / (double)RAND_MAX;
++ case F_rn: /*rand*/
++ if (op1)
++ syntax_error("Too many arguments");
++ {
++#if RAND_MAX >= 0x7fffffff
++ uint32_t u = ((uint32_t)rand() << 16) ^ rand();
++ uint64_t v = ((uint64_t)rand() << 32) | u;
++ /* the above shift+or is optimized out on 32-bit arches */
++# if RAND_MAX > 0x7fffffff
++ v &= 0x7fffffffffffffffULL;
++# endif
++ R_d = (double)v / 0x8000000000000000ULL;
++#else
++# error Not implemented for this value of RAND_MAX
++#endif
+ break;
+-
++ }
+ case F_co:
+ if (ENABLE_FEATURE_AWK_LIBM) {
+ R_d = cos(L_d);
+@@ -2886,7 +3270,9 @@ static var *evaluate(node *op, var *res)
+ srand(seed);
+ break;
+
+- case F_ti:
++ case F_ti: /*systime*/
++ if (op1)
++ syntax_error("Too many arguments");
+ R_d = time(NULL);
+ break;
+
+@@ -2925,7 +3311,7 @@ static var *evaluate(node *op, var *res)
+ rstream *rsm;
+ int err = 0;
+ rsm = (rstream *)hash_search(fdhash, L.s);
+- debug_printf_eval("OC_FBLTIN F_cl rsm:%p\n", rsm);
++ debug_printf_eval("OC_FBLTIN close: op1:%p s:'%s' rsm:%p\n", op1, L.s, rsm);
+ if (rsm) {
+ debug_printf_eval("OC_FBLTIN F_cl "
+ "rsm->is_pipe:%d, ->F:%p\n",
+@@ -2936,6 +3322,11 @@ static var *evaluate(node *op, var *res)
+ */
+ if (rsm->F)
+ err = rsm->is_pipe ? pclose(rsm->F) : fclose(rsm->F);
++//TODO: fix this case:
++// $ awk 'BEGIN { print close(""); print ERRNO }'
++// -1
++// close of redirection that was never opened
++// (we print 0, 0)
+ free(rsm->buffer);
+ hash_remove(fdhash, L.s);
+ }
+@@ -2950,14 +3341,18 @@ static var *evaluate(node *op, var *res)
+ }
+
+ case XC( OC_BUILTIN ):
++ debug_printf_eval("BUILTIN\n");
+ res = exec_builtin(op, res);
+ break;
+
+ case XC( OC_SPRINTF ):
+- setvar_p(res, awk_printf(op1));
++ debug_printf_eval("SPRINTF\n");
++ setvar_p(res, awk_printf(op1, NULL));
+ break;
+
+- case XC( OC_UNARY ): {
++ case XC( OC_UNARY ):
++ debug_printf_eval("UNARY\n");
++ {
+ double Ld, R_d;
+
+ Ld = R_d = getvar_i(R.v);
+@@ -2987,7 +3382,9 @@ static var *evaluate(node *op, var *res)
+ break;
+ }
+
+- case XC( OC_FIELD ): {
++ case XC( OC_FIELD ):
++ debug_printf_eval("FIELD\n");
++ {
+ int i = (int)getvar_i(R.v);
+ if (i < 0)
+ syntax_error(EMSG_NEGATIVE_FIELD);
+@@ -3004,26 +3401,33 @@ static var *evaluate(node *op, var *res)
+
+ /* concatenation (" ") and index joining (",") */
+ case XC( OC_CONCAT ):
++ debug_printf_eval("CONCAT /\n");
+ case XC( OC_COMMA ): {
+ const char *sep = "";
+- if ((opinfo & OPCLSMASK) == OC_COMMA)
++ debug_printf_eval("COMMA\n");
++ if (opinfo == TI_COMMA)
+ sep = getvar_s(intvar[SUBSEP]);
+ setvar_p(res, xasprintf("%s%s%s", L.s, sep, R.s));
+ break;
+ }
+
+ case XC( OC_LAND ):
++ debug_printf_eval("LAND\n");
+ setvar_i(res, istrue(L.v) ? ptest(op->r.n) : 0);
+ break;
+
+ case XC( OC_LOR ):
++ debug_printf_eval("LOR\n");
+ setvar_i(res, istrue(L.v) ? 1 : ptest(op->r.n));
+ break;
+
+ case XC( OC_BINARY ):
+- case XC( OC_REPLACE ): {
++ debug_printf_eval("BINARY /\n");
++ case XC( OC_REPLACE ):
++ debug_printf_eval("REPLACE\n");
++ {
+ double R_d = getvar_i(R.v);
+- debug_printf_eval("BINARY/REPLACE: R_d:%f opn:%c\n", R_d, opn);
++ debug_printf_eval("R_d:%f opn:%c\n", R_d, opn);
+ switch (opn) {
+ case '+':
+ L_d += R_d;
+@@ -3059,6 +3463,7 @@ static var *evaluate(node *op, var *res)
+ case XC( OC_COMPARE ): {
+ int i = i; /* for compiler */
+ double Ld;
++ debug_printf_eval("COMPARE\n");
+
+ if (is_numeric(L.v) && is_numeric(R.v)) {
+ Ld = getvar_i(L.v) - getvar_i(R.v);
+@@ -3085,7 +3490,7 @@ static var *evaluate(node *op, var *res)
+ default:
+ syntax_error(EMSG_POSSIBLE_ERROR);
+ } /* switch */
+- next:
++
+ if ((opinfo & OPCLSMASK) <= SHIFT_TIL_THIS)
+ op = op->a.n;
+ if ((opinfo & OPCLSMASK) >= RECUR_FROM_THIS)
+@@ -3094,7 +3499,10 @@ static var *evaluate(node *op, var *res)
+ break;
+ } /* while (op) */
+
+- nvfree(v1);
++ nvfree(tmpvars, 2);
++#undef TMPVAR0
++#undef TMPVAR1
++
+ debug_printf_eval("returning from %s(): %p\n", __func__, res);
+ return res;
+ #undef fnargs
+@@ -3102,25 +3510,21 @@ static var *evaluate(node *op, var *res)
+ #undef sreg
+ }
+
+-
+ /* -------- main & co. -------- */
+
+-static int awk_exit(int r)
++static int awk_exit(void)
+ {
+- var tv;
+ unsigned i;
+- hash_item *hi;
+-
+- zero_out_var(&tv);
+
+ if (!exiting) {
+ exiting = TRUE;
+ nextrec = FALSE;
+- evaluate(endseq.first, &tv);
++ evaluate(endseq.first, &G.exit__tmpvar);
+ }
+
+ /* waiting for children */
+ for (i = 0; i < fdhash->csize; i++) {
++ hash_item *hi;
+ hi = fdhash->items[i];
+ while (hi) {
+ if (hi->data.rs.F && hi->data.rs.is_pipe)
+@@ -3129,65 +3533,7 @@ static int awk_exit(int r)
+ }
+ }
+
+- exit(r);
+-}
+-
+-/* if expr looks like "var=value", perform assignment and return 1,
+- * otherwise return 0 */
+-static int is_assignment(const char *expr)
+-{
+- char *exprc, *val;
+-
+- if (!isalnum_(*expr) || (val = strchr(expr, '=')) == NULL) {
+- return FALSE;
+- }
+-
+- exprc = xstrdup(expr);
+- val = exprc + (val - expr);
+- *val++ = '\0';
+-
+- unescape_string_in_place(val);
+- setvar_u(newvar(exprc), val);
+- free(exprc);
+- return TRUE;
+-}
+-
+-/* switch to next input file */
+-static rstream *next_input_file(void)
+-{
+-#define rsm (G.next_input_file__rsm)
+-#define files_happen (G.next_input_file__files_happen)
+-
+- FILE *F;
+- const char *fname, *ind;
+-
+- if (rsm.F)
+- fclose(rsm.F);
+- rsm.F = NULL;
+- rsm.pos = rsm.adv = 0;
+-
+- for (;;) {
+- if (getvar_i(intvar[ARGIND])+1 >= getvar_i(intvar[ARGC])) {
+- if (files_happen)
+- return NULL;
+- fname = "-";
+- F = stdin;
+- break;
+- }
+- ind = getvar_s(incvar(intvar[ARGIND]));
+- fname = getvar_s(findvar(iamarray(intvar[ARGV]), ind));
+- if (fname && *fname && !is_assignment(fname)) {
+- F = xfopen_stdin(fname);
+- break;
+- }
+- }
+-
+- files_happen = TRUE;
+- setvar_s(intvar[FILENAME], fname);
+- rsm.F = F;
+- return &rsm;
+-#undef rsm
+-#undef files_happen
++ exit(G.exitcode);
+ }
+
+ int awk_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+@@ -3200,12 +3546,7 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ #if ENABLE_FEATURE_AWK_GNU_EXTENSIONS
+ llist_t *list_e = NULL;
+ #endif
+- int i, j;
+- var *v;
+- var tv;
+- char **envp;
+- char *vnames = (char *)vNames; /* cheat */
+- char *vvalues = (char *)vValues;
++ int i;
+
+ INIT_G();
+
+@@ -3214,48 +3555,43 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ if (ENABLE_LOCALE_SUPPORT)
+ setlocale(LC_NUMERIC, "C");
+
+- zero_out_var(&tv);
+-
+- /* allocate global buffer */
+- g_buf = xmalloc(MAXVARFMT + 1);
+-
+- vhash = hash_init();
+- ahash = hash_init();
+- fdhash = hash_init();
+- fnhash = hash_init();
+-
+ /* initialize variables */
+- for (i = 0; *vnames; i++) {
+- intvar[i] = v = newvar(nextword(&vnames));
+- if (*vvalues != '\377')
+- setvar_s(v, nextword(&vvalues));
+- else
+- setvar_i(v, 0);
+-
+- if (*vnames == '*') {
+- v->type |= VF_SPECIAL;
+- vnames++;
++ vhash = hash_init();
++ {
++ char *vnames = (char *)vNames; /* cheat */
++ char *vvalues = (char *)vValues;
++ for (i = 0; *vnames; i++) {
++ var *v;
++ intvar[i] = v = newvar(nextword(&vnames));
++ if (*vvalues != '\377')
++ setvar_s(v, nextword(&vvalues));
++ else
++ setvar_i(v, 0);
++
++ if (*vnames == '*') {
++ v->type |= VF_SPECIAL;
++ vnames++;
++ }
+ }
+ }
+
+ handle_special(intvar[FS]);
+ handle_special(intvar[RS]);
+
+- newfile("/dev/stdin")->F = stdin;
+- newfile("/dev/stdout")->F = stdout;
+- newfile("/dev/stderr")->F = stderr;
+-
+ /* Huh, people report that sometimes environ is NULL. Oh well. */
+- if (environ) for (envp = environ; *envp; envp++) {
+- /* environ is writable, thus we don't strdup it needlessly */
+- char *s = *envp;
+- char *s1 = strchr(s, '=');
+- if (s1) {
+- *s1 = '\0';
+- /* Both findvar and setvar_u take const char*
+- * as 2nd arg -> environment is not trashed */
+- setvar_u(findvar(iamarray(intvar[ENVIRON]), s), s1 + 1);
+- *s1 = '=';
++ if (environ) {
++ char **envp;
++ for (envp = environ; *envp; envp++) {
++ /* environ is writable, thus we don't strdup it needlessly */
++ char *s = *envp;
++ char *s1 = strchr(s, '=');
++ if (s1) {
++ *s1 = '\0';
++ /* Both findvar and setvar_u take const char*
++ * as 2nd arg -> environment is not trashed */
++ setvar_u(findvar(iamarray(intvar[ENVIRON]), s), s1 + 1);
++ *s1 = '=';
++ }
+ }
+ }
+ opt = getopt32(argv, OPTSTR_AWK, &opt_F, &list_v, &list_f, IF_FEATURE_AWK_GNU_EXTENSIONS(&list_e,) NULL);
+@@ -3271,20 +3607,19 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ if (!is_assignment(llist_pop(&list_v)))
+ bb_show_usage();
+ }
++
++ /* Parse all supplied programs */
++ fnhash = hash_init();
++ ahash = hash_init();
+ while (list_f) {
+- char *s = NULL;
+- FILE *from_file;
++ int fd;
++ char *s;
+
+ g_progname = llist_pop(&list_f);
+- from_file = xfopen_stdin(g_progname);
+- /* one byte is reserved for some trick in next_token */
+- for (i = j = 1; j > 0; i += j) {
+- s = xrealloc(s, i + 4096);
+- j = fread(s + i, 1, 4094, from_file);
+- }
+- s[i] = '\0';
+- fclose(from_file);
+- parse_program(s + 1);
++ fd = xopen_stdin(g_progname);
++ s = xmalloc_read(fd, NULL); /* it's NUL-terminated */
++ close(fd);
++ parse_program(s);
+ free(s);
+ }
+ g_progname = "cmd. line";
+@@ -3293,11 +3628,23 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ parse_program(llist_pop(&list_e));
+ }
+ #endif
++//FIXME: preserve order of -e and -f
++//TODO: implement -i LIBRARY and -E FILE too, they are easy-ish
+ if (!(opt & (OPT_f | OPT_e))) {
+ if (!*argv)
+ bb_show_usage();
+ parse_program(*argv++);
+ }
++ /* Free unused parse structures */
++ //hash_free(fnhash); // ~250 bytes when empty, used only for function names
++ //^^^^^^^^^^^^^^^^^ does not work, hash_clear() inside SEGVs
++ // (IOW: hash_clear() assumes it's a hash of variables. fnhash is not).
++ free(fnhash->items);
++ free(fnhash);
++ fnhash = NULL; // debug
++ //hash_free(ahash); // empty after parsing, will reuse as fdhash instead of freeing
++
++ /* Parsing done, on to executing */
+
+ /* fill in ARGV array */
+ setari_u(intvar[ARGV], 0, "awk");
+@@ -3306,9 +3653,14 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ setari_u(intvar[ARGV], ++i, *argv++);
+ setvar_i(intvar[ARGC], i + 1);
+
+- evaluate(beginseq.first, &tv);
++ //fdhash = ahash; // done via define
++ newfile("/dev/stdin")->F = stdin;
++ newfile("/dev/stdout")->F = stdout;
++ newfile("/dev/stderr")->F = stderr;
++
++ evaluate(beginseq.first, &G.main__tmpvar);
+ if (!mainseq.first && !endseq.first)
+- awk_exit(EXIT_SUCCESS);
++ awk_exit();
+
+ /* input file could already be opened in BEGIN block */
+ if (!iF)
+@@ -3323,7 +3675,7 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ nextrec = FALSE;
+ incvar(intvar[NR]);
+ incvar(intvar[FNR]);
+- evaluate(mainseq.first, &tv);
++ evaluate(mainseq.first, &G.main__tmpvar);
+
+ if (nextfile)
+ break;
+@@ -3335,6 +3687,6 @@ int awk_main(int argc UNUSED_PARAM, char **argv)
+ iF = next_input_file();
+ }
+
+- awk_exit(EXIT_SUCCESS);
++ awk_exit();
+ /*return 0;*/
+ }
diff --git a/main/cryptsetup/APKBUILD b/main/cryptsetup/APKBUILD
index 797e43b7b8..f0de5353a3 100644
--- a/main/cryptsetup/APKBUILD
+++ b/main/cryptsetup/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cryptsetup
-pkgver=2.3.4
-pkgrel=1
+pkgver=2.3.7
+pkgrel=0
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
url="https://gitlab.com/cryptsetup/cryptsetup"
arch="all"
@@ -19,6 +19,8 @@ source="https://www.kernel.org/pub/linux/utils/cryptsetup/v${pkgver%.*}/cryptset
"
# secfixes:
+# 2.3.7-r0:
+# - CVE-2021-4122
# 2.3.4-r0:
# - CVE-2020-14382
@@ -59,7 +61,7 @@ libs() {
mv "$pkgdir"/lib "$subpkgdir"/
}
-sha512sums="a0a4981ca7294d6f0568bc9465e78ee1781ad73fe77e8daa0bbe67693534f02d3510e6fba9f76749b90ce7533bc9ac96dd27b73d733f8051e9560a3b4196ca3c cryptsetup-2.3.4.tar.gz
+sha512sums="754f1b5c3dd234f256549118789af4187d75466743e5ec43d929d402c01e9c6997a9166fd8e4dc30c177f58d43284f7e28cc02fc015f02d605f3d6e5784a6b4c cryptsetup-2.3.7.tar.gz
dc896fdb7697d01443a168819f01af02db00a9de75589f062a1ebbfc0bc185b6d2109b18352309c41b818e3ad89609dcea3660d6f3cda890de825f053f94de97 flush-stdout.patch
74422d5e1614b43af894ea01da1ea80d805ec7f77981cbb80a6b1a4becad737a8825d7269812499095a7f50d39fa7da5bf4e4edae63529b1fe87b9176943a733 dmcrypt.confd
a3ca3e648749136ee724692b61488cd855f118eb93435942c2b04964a34fe49d0f0da4ef64cd2531c1c0f650e77808cf5d802789fd7664398248ead668bb35e5 dmcrypt.initd"
diff --git a/main/dahdi-linux-lts/APKBUILD b/main/dahdi-linux-lts/APKBUILD
index 75850e5c53..c7d2107881 100644
--- a/main/dahdi-linux-lts/APKBUILD
+++ b/main/dahdi-linux-lts/APKBUILD
@@ -9,7 +9,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
index 9bf52beab2..c166f72a66 100644
--- a/main/expat/APKBUILD
+++ b/main/expat/APKBUILD
@@ -1,16 +1,29 @@
# Maintainer: Carlo Landmeter <clandmeter@alpinelinux.org>
pkgname=expat
pkgver=2.2.10
-pkgrel=1
+pkgrel=2
pkgdesc="XML Parser library written in C"
url="http://www.libexpat.org/"
arch="all"
license='MIT'
checkdepends="bash"
-source="https://downloads.sourceforge.net/project/expat/expat/$pkgver/expat-$pkgver.tar.bz2"
+source="https://github.com/libexpat/libexpat/releases/download/R_${pkgver//./_}/expat-$pkgver.tar.xz
+ CVE-2021-45960.patch
+ CVE-2021-46143.patch
+ CVE-2022-22822.patch
+ "
subpackages="$pkgname-static $pkgname-dev $pkgname-doc"
# secfixes:
+# 2.2.10-r2:
+# - CVE-2021-45960
+# - CVE-2021-46143
+# - CVE-2022-22822
+# - CVE-2022-22823
+# - CVE-2022-22824
+# - CVE-2022-22825
+# - CVE-2022-22826
+# - CVE-2022-22827
# 2.2.7-r1:
# - CVE-2019-15903
# 2.2.7-r0:
@@ -36,4 +49,9 @@ package() {
make DESTDIR="$pkgdir/" install
}
-sha512sums="9623e86024d09e3bb0cf51fd0d56ecaee5fb8c8acb71589104a63b510f73c1e84abb0ccea4e2c196bdf1d30b5ad0633a915758f75813717d031d633e34f022b7 expat-2.2.10.tar.bz2"
+sha512sums="
+a8e0c8a9cf7e6fbacdc6e709f3c99c533ab550fba52557d24259bb8b360f9697624c7500c0e9886fa57ee2b529aadd0d1835d66fe8112e15c20df75cd3eb090f expat-2.2.10.tar.xz
+4afd3777fc682a2f9057d4cc42afe6e04680d7d24f93dc11a2677cb8b1a4b400921f6d689e2953aff4a3312118ea801c9e161f85774360b3b5c2d3bd0067f7ad CVE-2021-45960.patch
+dd0339a0cdf5b18638a5732f2f9930af7adb5b20aa3bf102317a571f0f7d4f453313f0d8fdaa60f89c7a8f2e59eeaaca4b9c2e427a45594b7e21ed7c253d547a CVE-2021-46143.patch
+dcf6bfc07b4919b1248dba5fc6d4e425d09975b09255d77456bb44b40495e92b4d4ffae6a9e949b204770848b70edfc4be1869c191cb01ebe967b1906ffc9d59 CVE-2022-22822.patch
+"
diff --git a/main/expat/CVE-2021-45960.patch b/main/expat/CVE-2021-45960.patch
new file mode 100644
index 0000000000..7c366ab390
--- /dev/null
+++ b/main/expat/CVE-2021-45960.patch
@@ -0,0 +1,59 @@
+From 0adcb34c49bee5b19bd29b16a578c510c23597ea Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Mon, 27 Dec 2021 20:15:02 +0100
+Subject: [PATCH] lib: Detect and prevent troublesome left shifts in function
+ storeAtts (CVE-2021-45960)
+
+---
+ expat/lib/xmlparse.c | 31 +++++++++++++++++++++++++++++--
+ 1 file changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index d730f41c3..b47c31b05 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3414,7 +3414,13 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ if (nPrefixes) {
+ int j; /* hash table index */
+ unsigned long version = parser->m_nsAttsVersion;
+- int nsAttsSize = (int)1 << parser->m_nsAttsPower;
++
++ /* Detect and prevent invalid shift */
++ if (parser->m_nsAttsPower >= sizeof(unsigned int) * 8 /* bits per byte */) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
++ unsigned int nsAttsSize = 1u << parser->m_nsAttsPower;
+ unsigned char oldNsAttsPower = parser->m_nsAttsPower;
+ /* size of hash table must be at least 2 * (# of prefixed attributes) */
+ if ((nPrefixes << 1)
+@@ -3425,7 +3431,28 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ ;
+ if (parser->m_nsAttsPower < 3)
+ parser->m_nsAttsPower = 3;
+- nsAttsSize = (int)1 << parser->m_nsAttsPower;
++
++ /* Detect and prevent invalid shift */
++ if (parser->m_nsAttsPower >= sizeof(nsAttsSize) * 8 /* bits per byte */) {
++ /* Restore actual size of memory in m_nsAtts */
++ parser->m_nsAttsPower = oldNsAttsPower;
++ return XML_ERROR_NO_MEMORY;
++ }
++
++ nsAttsSize = 1u << parser->m_nsAttsPower;
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (nsAttsSize > (size_t)(-1) / sizeof(NS_ATT)) {
++ /* Restore actual size of memory in m_nsAtts */
++ parser->m_nsAttsPower = oldNsAttsPower;
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ temp = (NS_ATT *)REALLOC(parser, parser->m_nsAtts,
+ nsAttsSize * sizeof(NS_ATT));
+ if (! temp) {
diff --git a/main/expat/CVE-2021-46143.patch b/main/expat/CVE-2021-46143.patch
new file mode 100644
index 0000000000..d6bafba0ff
--- /dev/null
+++ b/main/expat/CVE-2021-46143.patch
@@ -0,0 +1,43 @@
+From 85ae9a2d7d0e9358f356b33977b842df8ebaec2b Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sat, 25 Dec 2021 20:52:08 +0100
+Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function
+ doProlog (CVE-2021-46143)
+
+---
+ expat/lib/xmlparse.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index b47c31b0..8f243126 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -5046,6 +5046,11 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ if (parser->m_prologState.level >= parser->m_groupSize) {
+ if (parser->m_groupSize) {
+ {
++ /* Detect and prevent integer overflow */
++ if (parser->m_groupSize > (unsigned int)(-1) / 2u) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ char *const new_connector = (char *)REALLOC(
+ parser, parser->m_groupConnector, parser->m_groupSize *= 2);
+ if (new_connector == NULL) {
+@@ -5056,6 +5061,16 @@ doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
+ }
+
+ if (dtd->scaffIndex) {
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (parser->m_groupSize > (size_t)(-1) / sizeof(int)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ int *const new_scaff_index = (int *)REALLOC(
+ parser, dtd->scaffIndex, parser->m_groupSize * sizeof(int));
+ if (new_scaff_index == NULL)
diff --git a/main/expat/CVE-2022-22822.patch b/main/expat/CVE-2022-22822.patch
new file mode 100644
index 0000000000..4fed22e63c
--- /dev/null
+++ b/main/expat/CVE-2022-22822.patch
@@ -0,0 +1,250 @@
+From 9f93e8036e842329863bf20395b8fb8f73834d9e Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Thu, 30 Dec 2021 22:46:03 +0100
+Subject: [PATCH] lib: Prevent integer overflow at multiple places
+ (CVE-2022-22822 to CVE-2022-22827)
+
+The involved functions are:
+- addBinding (CVE-2022-22822)
+- build_model (CVE-2022-22823)
+- defineAttribute (CVE-2022-22824)
+- lookup (CVE-2022-22825)
+- nextScaffoldPart (CVE-2022-22826)
+- storeAtts (CVE-2022-22827)
+---
+ expat/lib/xmlparse.c | 153 ++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 151 insertions(+), 2 deletions(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 8f243126..575e73ee 100644
+--- a/lib/xmlparse.c
++++ b/lib/xmlparse.c
+@@ -3261,13 +3261,38 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+
+ /* get the attributes from the tokenizer */
+ n = XmlGetAttributes(enc, attStr, parser->m_attsSize, parser->m_atts);
++
++ /* Detect and prevent integer overflow */
++ if (n > INT_MAX - nDefaultAtts) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ if (n + nDefaultAtts > parser->m_attsSize) {
+ int oldAttsSize = parser->m_attsSize;
+ ATTRIBUTE *temp;
+ #ifdef XML_ATTR_INFO
+ XML_AttrInfo *temp2;
+ #endif
++
++ /* Detect and prevent integer overflow */
++ if ((nDefaultAtts > INT_MAX - INIT_ATTS_SIZE)
++ || (n > INT_MAX - (nDefaultAtts + INIT_ATTS_SIZE))) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ parser->m_attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(ATTRIBUTE)) {
++ parser->m_attsSize = oldAttsSize;
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ temp = (ATTRIBUTE *)REALLOC(parser, (void *)parser->m_atts,
+ parser->m_attsSize * sizeof(ATTRIBUTE));
+ if (temp == NULL) {
+@@ -3276,6 +3301,17 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ }
+ parser->m_atts = temp;
+ #ifdef XML_ATTR_INFO
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++# if UINT_MAX >= SIZE_MAX
++ if ((unsigned)parser->m_attsSize > (size_t)(-1) / sizeof(XML_AttrInfo)) {
++ parser->m_attsSize = oldAttsSize;
++ return XML_ERROR_NO_MEMORY;
++ }
++# endif
++
+ temp2 = (XML_AttrInfo *)REALLOC(parser, (void *)parser->m_attInfo,
+ parser->m_attsSize * sizeof(XML_AttrInfo));
+ if (temp2 == NULL) {
+@@ -3610,9 +3646,31 @@ storeAtts(XML_Parser parser, const ENCODING *enc, const char *attStr,
+ tagNamePtr->prefixLen = prefixLen;
+ for (i = 0; localPart[i++];)
+ ; /* i includes null terminator */
++
++ /* Detect and prevent integer overflow */
++ if (binding->uriLen > INT_MAX - prefixLen
++ || i > INT_MAX - (binding->uriLen + prefixLen)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
+ n = i + binding->uriLen + prefixLen;
+ if (n > binding->uriAlloc) {
+ TAG *p;
++
++ /* Detect and prevent integer overflow */
++ if (n > INT_MAX - EXPAND_SPARE) {
++ return XML_ERROR_NO_MEMORY;
++ }
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)(n + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ uri = (XML_Char *)MALLOC(parser, (n + EXPAND_SPARE) * sizeof(XML_Char));
+ if (! uri)
+ return XML_ERROR_NO_MEMORY;
+@@ -3708,6 +3766,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+ if (parser->m_freeBindingList) {
+ b = parser->m_freeBindingList;
+ if (len > b->uriAlloc) {
++ /* Detect and prevent integer overflow */
++ if (len > INT_MAX - EXPAND_SPARE) {
++ return XML_ERROR_NO_MEMORY;
++ }
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ XML_Char *temp = (XML_Char *)REALLOC(
+ parser, b->uri, sizeof(XML_Char) * (len + EXPAND_SPARE));
+ if (temp == NULL)
+@@ -3720,6 +3793,21 @@ addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId,
+ b = (BINDING *)MALLOC(parser, sizeof(BINDING));
+ if (! b)
+ return XML_ERROR_NO_MEMORY;
++
++ /* Detect and prevent integer overflow */
++ if (len > INT_MAX - EXPAND_SPARE) {
++ return XML_ERROR_NO_MEMORY;
++ }
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)(len + EXPAND_SPARE) > (size_t)(-1) / sizeof(XML_Char)) {
++ return XML_ERROR_NO_MEMORY;
++ }
++#endif
++
+ b->uri
+ = (XML_Char *)MALLOC(parser, sizeof(XML_Char) * (len + EXPAND_SPARE));
+ if (! b->uri) {
+@@ -6141,7 +6229,24 @@ defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, XML_Bool isCdata,
+ }
+ } else {
+ DEFAULT_ATTRIBUTE *temp;
++
++ /* Detect and prevent integer overflow */
++ if (type->allocDefaultAtts > INT_MAX / 2) {
++ return 0;
++ }
++
+ int count = type->allocDefaultAtts * 2;
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if ((unsigned)count > (size_t)(-1) / sizeof(DEFAULT_ATTRIBUTE)) {
++ return 0;
++ }
++#endif
++
+ temp = (DEFAULT_ATTRIBUTE *)REALLOC(parser, type->defaultAtts,
+ (count * sizeof(DEFAULT_ATTRIBUTE)));
+ if (temp == NULL)
+@@ -6792,8 +6897,20 @@ lookup(XML_Parser parser, HASH_TABLE *table, KEY name, size_t createSize) {
+ /* check for overflow (table is half full) */
+ if (table->used >> (table->power - 1)) {
+ unsigned char newPower = table->power + 1;
++
++ /* Detect and prevent invalid shift */
++ if (newPower >= sizeof(unsigned long) * 8 /* bits per byte */) {
++ return NULL;
++ }
++
+ size_t newSize = (size_t)1 << newPower;
+ unsigned long newMask = (unsigned long)newSize - 1;
++
++ /* Detect and prevent integer overflow */
++ if (newSize > (size_t)(-1) / sizeof(NAMED *)) {
++ return NULL;
++ }
++
+ size_t tsize = newSize * sizeof(NAMED *);
+ NAMED **newV = (NAMED **)table->mem->malloc_fcn(tsize);
+ if (! newV)
+@@ -7143,6 +7260,20 @@ nextScaffoldPart(XML_Parser parser) {
+ if (dtd->scaffCount >= dtd->scaffSize) {
+ CONTENT_SCAFFOLD *temp;
+ if (dtd->scaffold) {
++ /* Detect and prevent integer overflow */
++ if (dtd->scaffSize > UINT_MAX / 2u) {
++ return -1;
++ }
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (dtd->scaffSize > (size_t)(-1) / 2u / sizeof(CONTENT_SCAFFOLD)) {
++ return -1;
++ }
++#endif
++
+ temp = (CONTENT_SCAFFOLD *)REALLOC(
+ parser, dtd->scaffold, dtd->scaffSize * 2 * sizeof(CONTENT_SCAFFOLD));
+ if (temp == NULL)
+@@ -7212,8 +7343,26 @@ build_model(XML_Parser parser) {
+ XML_Content *ret;
+ XML_Content *cpos;
+ XML_Char *str;
+- int allocsize = (dtd->scaffCount * sizeof(XML_Content)
+- + (dtd->contentStringLen * sizeof(XML_Char)));
++
++ /* Detect and prevent integer overflow.
++ * The preprocessor guard addresses the "always false" warning
++ * from -Wtype-limits on platforms where
++ * sizeof(unsigned int) < sizeof(size_t), e.g. on x86_64. */
++#if UINT_MAX >= SIZE_MAX
++ if (dtd->scaffCount > (size_t)(-1) / sizeof(XML_Content)) {
++ return NULL;
++ }
++ if (dtd->contentStringLen > (size_t)(-1) / sizeof(XML_Char)) {
++ return NULL;
++ }
++#endif
++ if (dtd->scaffCount * sizeof(XML_Content)
++ > (size_t)(-1) - dtd->contentStringLen * sizeof(XML_Char)) {
++ return NULL;
++ }
++
++ const size_t allocsize = (dtd->scaffCount * sizeof(XML_Content)
++ + (dtd->contentStringLen * sizeof(XML_Char)));
+
+ ret = (XML_Content *)MALLOC(parser, allocsize);
+ if (! ret)
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index c508d79c42..88a813794c 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libarchive
-pkgver=3.5.1
+pkgver=3.5.2
pkgrel=0
pkgdesc="library that can create and read several streaming archive formats"
url="https://libarchive.org/"
@@ -10,7 +10,7 @@ license="BSD-2-Clause AND BSD-3-Clause AND Public-Domain"
makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev
attr-dev zstd-dev"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-tools"
-source="https://github.com/libarchive/libarchive/releases/download/$pkgver/libarchive-$pkgver.tar.xz"
+source="https://libarchive.org/downloads/libarchive-$pkgver.tar.xz"
# secfixes:
# 3.4.2-r0:
@@ -41,4 +41,6 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="04ad3e98e840fee19eb4c2652f29eccef1cffc071fd5c6a6feb358fea6048699281c7baacbb9ca8f823b1bfaaef6d4c87d9cf6a8b0c28aab53b75b2d259b2045 libarchive-3.5.1.tar.xz"
+sha512sums="
+ac7c47f9ddfe5d4d5db6ca9c1bcba788af95662bf0e54ca5426fe66cd8262896e12acc426eecdf0e0d6681c180bcd37f4c4469619273607e95399c7f49b61c7c libarchive-3.5.2.tar.xz
+"
diff --git a/main/linux-lts/APKBUILD b/main/linux-lts/APKBUILD
index cdc6379ce8..87fa348f83 100644
--- a/main/linux-lts/APKBUILD
+++ b/main/linux-lts/APKBUILD
@@ -2,7 +2,7 @@
_flavor=lts
pkgname=linux-${_flavor}
-pkgver=5.10.61
+pkgver=5.10.88
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
@@ -11,7 +11,7 @@ pkgrel=0
pkgdesc="Linux lts kernel"
url="https://www.kernel.org"
depends="mkinitfs"
-_depends_dev="perl gmp-dev elfutils-dev bash flex bison"
+_depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison"
makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev
diffutils findutils"
options="!strip"
@@ -238,7 +238,7 @@ cbe85cf34e8420c91d2276c2d2aa0ab5023af68e57a1fa613f073f16a76766c67f585eda71c28f23
89934520a6acb51b20f403cdf0531c54c9bd96ea51ae71597bd7bbb230d0e4cc4e213e6f4abdbdac70770f9d571e6dab18f15a7d205fccc2b0e01a29539f397f config-lts.aarch64
7586c2c14e3e5d1733ba6b10f9e505884e69ebd73f5660a83d6e0a229067be10bd74fdd3c39f3e86a6d370713e3c515023a98a590804f46092ff8ae7c069b657 config-lts.armv7
2e1191008bb2e73af4863152cdcd28f8b5ad7e8c383712de32c389b8b34e8cb5453a1875999e035e17e6adc3620372716e0dad2d89f63d4a7f9d4a4c1563f311 config-lts.x86
-7054e12a504ba4104ae64f15b1751630ca865ab0501f57338d672c7265eee742c691ab6f5cfb8ca2f8b4646017ad40ec4ab4af317ea0af030847662bab654db3 config-lts.x86_64
+7229889327c3aa205956a59266ce7c4ea7a7935e6bd8a833718bfa5c53bd3390214f4e094009f89cf9d53ab7ef71ebd4ea8c9f7d4ce85c321c43bf368ee49f24 config-lts.x86_64
9f35e146fd04ac383306eef06214da9991dc452f941b53acc6d8922452fbbb432098a0b1eb65a206a69b84f26e1dc21dc6542f74f7f472714e9a9fc50807f6a6 config-lts.ppc64le
2ff28ec6132d54a843a8d83d48d6264622ccaf0bf5b8dfba052328c7370b177bb89a74bcc4c1fbde13a5966dbc76e563b7568747d3319a329f399e45aa73ce3b config-lts.s390x
c3f71766203e547c0bc4390de0389b6593c6cce2a36618a9c683af2cf09e0ec10dec288c0e6bd58eab0c0e1b1d0afceb13c7d8a7a1ef68a5689955a714654567 config-lts.mips64
@@ -246,5 +246,5 @@ a351ed481a3d8346811869fd72ea62541d4e7a5019154022061c9c90765fe33d73ea1c8981acda6d
59d622fc8425995da40bc600fe0013c4e1fabd4d5ffff03de075d798e11d575fc061ce602ec2950f4aacae00b4f61a3195152d3bdf015d7d511609ec451b91d6 config-virt.armv7
c666e9c8e2b9981cd5bba8196610c4ec364e512935d6f094e41b27189f23568f749562e146b67c8f06f196e235c428f11c5ee78ab5af5e0c42cfdad081b26267 config-virt.ppc64le
dbfec3bbdd6a2920ffeb677d672dc85f0bc7b76a4a10eca5c092799b22cf887c441ee5db314f65e1634ec9f6a625a99bf289864989172d0cbb8f2a8042d3cb9e config-virt.x86
-4816b2fb44164a6823fc4554b228ac42ae864f535f0976a71c63ae1d12fbfddda90f2519258b44fdbdea56faeee7a63a1c79797ea4b3fc8f50d7971471635cee config-virt.x86_64
-13397d1b126dccbac00fc05a2fbd6af316a0fdea86f7f4ed3c447dbecfa20fce9f30b1fa2fdbb1c570ab7ea514f2f02691844231c0d2e318aea26a72b4c75b93 patch-5.10.61.xz"
+0968137fe44b8200095f9c72d42dd87a6456087350622928790a5d5f46182d285b4f2214f7d57d30aefeeb8a373487b92eb717ed8914612e23d288ac8ce1dce2 config-virt.x86_64
+ff571d7a15a2fbcfaef10f226b71c5c614a627841db9b2d5cc90036ee8fe02930d832fe38db323e582863439d0578d3ab85d25fbcc98a8953579a5b90133ab55 patch-5.10.88.xz"
diff --git a/main/linux-lts/config-lts.x86_64 b/main/linux-lts/config-lts.x86_64
index 0f9a14248e..6e07b4e7af 100644
--- a/main/linux-lts/config-lts.x86_64
+++ b/main/linux-lts/config-lts.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 5.10.61 Kernel Configuration
+# Linux/x86_64 5.10.88 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203"
CONFIG_CC_IS_GCC=y
@@ -826,6 +826,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
# end of GCOV-based kernel profiling
CONFIG_HAVE_GCC_PLUGINS=y
+CONFIG_GCC_PLUGINS=y
+# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
+# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
# end of General architecture-dependent options
CONFIG_RT_MUTEXES=y
@@ -6558,7 +6562,7 @@ CONFIG_INTEL_ISH_HID=m
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
CONFIG_USB_SUPPORT=y
-CONFIG_USB_COMMON=y
+CONFIG_USB_COMMON=m
CONFIG_USB_LED_TRIG=y
# CONFIG_USB_ULPI_BUS is not set
# CONFIG_USB_CONN_GPIO is not set
@@ -8565,6 +8569,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity"
# Memory initialization
#
CONFIG_INIT_STACK_NONE=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
+# CONFIG_GCC_PLUGIN_STACKLEAK is not set
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
# end of Memory initialization
diff --git a/main/linux-lts/config-virt.x86_64 b/main/linux-lts/config-virt.x86_64
index dc191e3e58..fd51a93b30 100644
--- a/main/linux-lts/config-virt.x86_64
+++ b/main/linux-lts/config-virt.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 5.10.61 Kernel Configuration
+# Linux/x86_64 5.10.88 Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (Alpine 10.2.1_pre1) 10.2.1 20201203"
CONFIG_CC_IS_GCC=y
@@ -774,6 +774,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
# end of GCOV-based kernel profiling
CONFIG_HAVE_GCC_PLUGINS=y
+CONFIG_GCC_PLUGINS=y
+# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
+# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
# end of General architecture-dependent options
CONFIG_RT_MUTEXES=y
@@ -4242,6 +4246,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity"
# Memory initialization
#
CONFIG_INIT_STACK_NONE=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
+# CONFIG_GCC_PLUGIN_STACKLEAK is not set
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
# end of Memory initialization
diff --git a/main/lz4/APKBUILD b/main/lz4/APKBUILD
index b3b89891c0..49eaa4af3e 100644
--- a/main/lz4/APKBUILD
+++ b/main/lz4/APKBUILD
@@ -2,16 +2,20 @@
# Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
pkgname=lz4
pkgver=1.9.2
-pkgrel=0
+pkgrel=1
pkgdesc="LZ4 is lossless compression algorithm with fast decoder @ multiple GB/s per core."
url="https://github.com/lz4/lz4"
arch="all"
license="BSD-2-Clause GPL-2.0-only"
checkdepends="diffutils"
subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs $pkgname-tests:tests"
-source="$pkgname-$pkgver.tar.gz::https://github.com/lz4/lz4/archive/v$pkgver.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/lz4/lz4/archive/v$pkgver.tar.gz
+ CVE-2021-3520.patch
+ "
# secfixes:
+# 1.9.2-r1:
+# - CVE-2021-3520
# 1.9.2-r0:
# - CVE-2019-17543
@@ -34,4 +38,5 @@ package() {
make PREFIX="/usr" DESTDIR="$pkgdir" install
}
-sha512sums="ae714c61ec8e33ed91359b63f2896cfa102d66b730dce112b74696ec5850e59d88bd5527173e01e354a70fbe8f036557a47c767ee0766bc5f9c257978116c3c1 lz4-1.9.2.tar.gz"
+sha512sums="ae714c61ec8e33ed91359b63f2896cfa102d66b730dce112b74696ec5850e59d88bd5527173e01e354a70fbe8f036557a47c767ee0766bc5f9c257978116c3c1 lz4-1.9.2.tar.gz
+29038d80c4399ded52b49e69d0f0d80bef8bf424e3540de366ef539706c8c1119784d6137c96130f131239d74a4c110dd9790cae5c9b17c102820446582c5637 CVE-2021-3520.patch"
diff --git a/main/lz4/CVE-2021-3520.patch b/main/lz4/CVE-2021-3520.patch
new file mode 100644
index 0000000000..053958dfe8
--- /dev/null
+++ b/main/lz4/CVE-2021-3520.patch
@@ -0,0 +1,22 @@
+From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
+From: Jasper Lievisse Adriaanse <j@jasper.la>
+Date: Fri, 26 Feb 2021 15:21:20 +0100
+Subject: [PATCH] Fix potential memory corruption with negative memmove() size
+
+---
+ lib/lz4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/lz4.c b/lib/lz4.c
+index 5f524d01d..c2f504ef3 100644
+--- a/lib/lz4.c
++++ b/lib/lz4.c
+@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
+ const size_t dictSize /* note : = 0 if noDict */
+ )
+ {
+- if (src == NULL) { return -1; }
++ if ((src == NULL) || (outputSize < 0)) { return -1; }
+
+ { const BYTE* ip = (const BYTE*) src;
+ const BYTE* const iend = ip + srcSize;
diff --git a/main/mariadb/APKBUILD b/main/mariadb/APKBUILD
index 6225400bfc..193e067a25 100644
--- a/main/mariadb/APKBUILD
+++ b/main/mariadb/APKBUILD
@@ -7,7 +7,7 @@
# Contributor: Jake Buchholz <tomalok@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mariadb
-pkgver=10.5.12
+pkgver=10.5.13
pkgrel=0
pkgdesc="A fast SQL database server"
url="https://www.mariadb.org/"
@@ -37,7 +37,7 @@ case "$CARCH" in
;;
esac
-source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz
+source="https://archive.mariadb.org/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz
$pkgname.initd
ppc-remove-glibc-dep.patch
disable-failing-test.patch
@@ -45,6 +45,8 @@ source="https://downloads.mariadb.org/interstitial/mariadb-$pkgver/source/mariad
"
# secfixes:
+# 10.5.13-r0:
+# - CVE-2021-35604
# 10.5.12-r0:
# - CVE-2021-2372
# - CVE-2021-2389
@@ -459,7 +461,7 @@ _plugin_rocksdb() {
}
sha512sums="
-c732c2033304f273900b3dcf21936e28aebb147316fcabc7efdc43b75bc47c198daacfaaae082b997d4e695139d2aeaa2619bd29935f1b6f0aa25b9b9cde9ae5 mariadb-10.5.12.tar.gz
+5d5ac04a3c8099a982cacb98dd4c162966fc7957e11c28e8b5645e49ffcf0513b9c8956f43d215c37e5eaa34aa8db6c71cfe993c89d62cab123021ee83169e7f mariadb-10.5.13.tar.gz
c352969f6665b0ffa387f7b185a5dea7751f4b16c12c809627857b27321efa09159369d7dd5c852d6159a9f173cb895fb601f0c52a1fa6e3527899520030964c mariadb.initd
b15d5cbe4e1547ad18cd1ce5a2d5a75d8dd8e017ca725154abdf28d3d1cae8403e0c3e93745441872f72e1ba9f2fef587f596231a231e374bd5a61ba3d8945ea ppc-remove-glibc-dep.patch
598490b4bb45c9f7be46086d25c2b6c601d417c45f11aa519c2290065e7d6e98a7519f9860b823e67a8fd3e6ce3b4728af73ec3a2c66eec32b42fd4ad7cc07f7 disable-failing-test.patch
diff --git a/main/mbedtls/APKBUILD b/main/mbedtls/APKBUILD
index 0a7ddba6b0..b35e34be09 100644
--- a/main/mbedtls/APKBUILD
+++ b/main/mbedtls/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Łukasz Jendrysik <scadu@yandex.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=mbedtls
-pkgver=2.16.10
+pkgver=2.16.12
pkgrel=0
pkgdesc="Light-weight cryptographic and SSL/TLS library"
url="https://tls.mbed.org"
@@ -16,6 +16,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/ARMmbed/mbedtls/archive/v$pk
# https://tls.mbed.org/security
# secfixes:
+# 2.16.12-r0:
+# - CVE-2021-44732
# 2.16.8-r0:
# - CVE-2020-16150
# 2.16.6-r0:
@@ -80,4 +82,4 @@ static() {
chmod -x "$subpkgdir"/usr/lib/*.a
}
-sha512sums="9a2d7b5e786d7bc377c9fbf36322621b8873037e6f28d1ff16bd81650f87d421aaf1c34f8b8f1829c824710c63b2c262208dc3f242dac7f361c1d9607fe9933c mbedtls-2.16.10.tar.gz"
+sha512sums="8d96d8cd906cc0999134320e4e1f550631426d166eab5da6e65469ee7286093810fcc6ac4bd5500ee55972d159f8bef7f9e53245f7f0eec72f72c35265b4313b mbedtls-2.16.12.tar.gz"
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
index 13ac1ba827..42c2215b4f 100644
--- a/main/ncurses/APKBUILD
+++ b/main/ncurses/APKBUILD
@@ -15,6 +15,8 @@ source="https://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz"
builddir="$srcdir"/ncurses-$_ver
# secfixes:
+# 6.2_p20200530-r0:
+# - CVE-2021-39537
# 6.1_p20180414-r0:
# - CVE-2018-10754
# 6.0_p20171125-r0:
diff --git a/main/perl-datetime-timezone/APKBUILD b/main/perl-datetime-timezone/APKBUILD
index 3ddfafbede..33bcc57472 100644
--- a/main/perl-datetime-timezone/APKBUILD
+++ b/main/perl-datetime-timezone/APKBUILD
@@ -4,15 +4,14 @@
pkgname=perl-datetime-timezone
#_pkgreal is used by apkbuild-cpan to find modules at MetaCpan
_pkgreal=DateTime-TimeZone
-pkgver=2.47
+pkgver=2.51
pkgrel=0
pkgdesc="Time zone object base class and factory"
url="https://metacpan.org/release/DateTime-TimeZone/"
arch="noarch"
license="GPL-1.0-or-later OR Artistic-1.0-Perl"
-depends="
- perl perl-specio perl-class-singleton perl-module-runtime perl-params-validationcompiler
- perl-try-tiny perl-namespace-autoclean
+depends="perl perl-specio perl-class-singleton perl-module-runtime
+ perl-params-validationcompiler perl-try-tiny perl-namespace-autoclean
"
makedepends="perl-dev"
checkdepends="perl-test-requires perl-test-fatal"
@@ -37,4 +36,6 @@ package() {
}
-sha512sums="483c5314fa520c1597ad9c819b6785302cc77d719e4042babe6a35e72e7600e9b9d506950979d4051825588ad45efb0a2023bc08340e6fbb308f03706f3438bf DateTime-TimeZone-2.47.tar.gz"
+sha512sums="
+11a506d71cb0875b322c9fe4bdb76a4ab2569127f33530a0970f50a851dc13b2e70dd110eca24a23fd997b3dae3c595045c6d3b03223615b40e6855be28ede08 DateTime-TimeZone-2.51.tar.gz
+"
diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD
index 6a1d8c0914..8307bf5424 100644
--- a/main/postgresql/APKBUILD
+++ b/main/postgresql/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: G.J.R. Timmer <gjr.timmer@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
pkgname=postgresql
-pkgver=13.4
+pkgver=13.5
pkgrel=0
pkgdesc="A sophisticated object-relational DBMS"
url="https://www.postgresql.org/"
@@ -35,6 +35,9 @@ source="https://ftp.postgresql.org/pub/source/v$pkgver/postgresql-$pkgver.tar.bz
"
# secfixes:
+# 13.5-r0:
+# - CVE-2021-23214
+# - CVE-2021-23222
# 13.4-r0:
# - CVE-2021-3677
# 13.3-r0:
@@ -271,7 +274,7 @@ _run_tests() {
}
sha512sums="
-f1faf676ffdcee3e7f2c3b78f4badf44770d6be58090036d119d8fb0688e2b9f9159dd44fe850c179b8e23f256942c05edb8fcc385f0e852d16b37eace785b5a postgresql-13.4.tar.bz2
+c76effbca8ee63be48fa3aeb39c7038221848fe83ca2afc4e0904ba8c6a50b89aa2ad37080d4e3be75e9bdc2d6ca6dfefcda334ef55a5e1a8954bb955ce905e5 postgresql-13.5.tar.bz2
1f8e7dc58f5b0a12427cf2fd904ffa898a34f23f3332c8382b94e0d991c007289e7913a69e04498f3d93fc5701855796c207b4b1cc4a0b366f586050124d7fcc initdb.patch
27e00b58fe5c3899c66fc0dde51846c14701bcfedd132b106d676783ba603e8cbdc6e620f29b52dc892bdaa9302052788cf5e575a1659f61c017a12e0d2ee4d0 perl-rpath.patch
8439a6fdfdea0a4867daeb8bc23d6c825f30c00d91d4c39f48653f5ee77341f23282ce03a77aad94b5369700f11d2cb28d5aee360e59138352a9ab331a9f9d0f conf-unix_socket_directories.patch
diff --git a/main/privoxy/APKBUILD b/main/privoxy/APKBUILD
index f517834c99..496f9e905d 100644
--- a/main/privoxy/APKBUILD
+++ b/main/privoxy/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=privoxy
-pkgver=3.0.32
+pkgver=3.0.33
pkgrel=0
pkgdesc="web proxy with advanced filtering capabilities"
url="https://www.privoxy.org/"
@@ -20,6 +20,11 @@ options="!check" # No test suite
builddir="$srcdir/$pkgname-$pkgver-stable"
# secfixes:
+# 3.0.33-r0:
+# - CVE-2021-44540
+# - CVE-2021-44541
+# - CVE-2021-44542
+# - CVE-2021-44543
# 3.0.32-r0:
# - CVE-2021-20272
# - CVE-2021-20273
@@ -75,7 +80,9 @@ package() {
"$pkgdir"/etc/privoxy
}
-sha512sums="da41c0045bf593219df64718645eff984b5df43737811cc0fa12fce7e8ae1ab59eefbe20f23d6ce8f62216cfd81f1a9c319688d15693c25eed36010f3e1d5ffd privoxy-3.0.32-stable-src.tar.gz
+sha512sums="
+9684455dbce7f6d8f5defd31aa9a7316e0c1dc896525ab4d562d0359462b541b1c366dea9db07b798f3e00b9cbcc44f494d8c431bcb10f2cb05b5bca3cfeaf75 privoxy-3.0.33-stable-src.tar.gz
346bda3a2108547569af3397c77e092c54fa0c20bc6d3bb1d4c202b4e2b8d9c13018eab0a326cd9632310ec8052600ee7db4b6011610faec386c399cdd01af9c privoxy.initd
118caaeac3aba751584c5bdfc737bf5bfeddf1a62fda1f44bcd4654ae2e33183bc1ce6fc66d4a1bdd79766e42e669b1615a6d46d528a1bd49cabdf98385a3bb9 privoxy.logrotate
-1059feed20a31d7d2b5d1f44b7b1af40373d87dbd9e7e83c8998ac1b4e27dfbfdfeb6a9ea7934e15d0c14fed1fd03fb63d2ec8d2a6b53e5884a21dc8df4828fc privoxy-alpine.patch"
+1059feed20a31d7d2b5d1f44b7b1af40373d87dbd9e7e83c8998ac1b4e27dfbfdfeb6a9ea7934e15d0c14fed1fd03fb63d2ec8d2a6b53e5884a21dc8df4828fc privoxy-alpine.patch
+"
diff --git a/main/py3-pillow/APKBUILD b/main/py3-pillow/APKBUILD
index 0e72de82fc..dc2b225d33 100644
--- a/main/py3-pillow/APKBUILD
+++ b/main/py3-pillow/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Fabian Affolter <fabian@affolter-engineering.ch>
pkgname=py3-pillow
pkgver=7.2.0
-pkgrel=1
+pkgrel=2
pkgdesc="Python Imaging Library"
options="!check"
url="https://python-pillow.org/"
@@ -13,6 +13,7 @@ makedepends="python3-dev py3-setuptools freetype-dev openjpeg-dev libimagequant-
checkdepends="py3-pytest py3-numpy"
source="https://files.pythonhosted.org/packages/source/P/Pillow/Pillow-$pkgver.tar.gz
CVE-2020-35655.patch
+ cve-2021-23437.patch
"
builddir="$srcdir/Pillow-$pkgver"
@@ -20,6 +21,8 @@ provides="py-pillow=$pkgver-r$pkgrel" # backwards compatibility
replaces="py-pillow" # backwards compatiblity
# secfixes:
+# 7.2.0-r2:
+# - CVE-2021-23437
# 7.2.0-r1:
# - CVE-2020-35655
# 6.2.2-r0:
@@ -44,5 +47,8 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="493d6cbaa625b62dc2c4ca2424f1cd1b41103060e34a4759fe89961e20e7d9cd1e99bfd2c9be6fc95c14a2a6f90f983233cb33950ec972cb67ee874ac9a769e2 Pillow-7.2.0.tar.gz
-89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch"
+sha512sums="
+493d6cbaa625b62dc2c4ca2424f1cd1b41103060e34a4759fe89961e20e7d9cd1e99bfd2c9be6fc95c14a2a6f90f983233cb33950ec972cb67ee874ac9a769e2 Pillow-7.2.0.tar.gz
+89984ca666bafc356ba8af50a3f96dc84965b882577f488c10550558a316982c52378bf52ec24b5ed53a4f8b1019e9e5e03bbff6e32c4009ea8ef71093f33f18 CVE-2020-35655.patch
+0c991bf55bd2b73e1f5539f8c2110c47ef48029ff1a91710384d1612903850b1bbedeacef90359e738a02faacffd2e3a1d48d14a800681cd04f0f98c453b609b cve-2021-23437.patch
+"
diff --git a/main/py3-pillow/cve-2021-23437.patch b/main/py3-pillow/cve-2021-23437.patch
new file mode 100644
index 0000000000..9933ed8ced
--- /dev/null
+++ b/main/py3-pillow/cve-2021-23437.patch
@@ -0,0 +1,40 @@
+From 1dc6564eb7ee8f28fb16eeffaf3572f3e1d5aa29 Mon Sep 17 00:00:00 2001
+From: Hugo van Kemenade <hugovk@users.noreply.github.com>
+Date: Mon, 23 Aug 2021 19:10:49 +0300
+Subject: [PATCH] Raise ValueError if color specifier is too long
+
+---
+ Tests/test_imagecolor.py | 9 +++++++++
+ src/PIL/ImageColor.py | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/Tests/test_imagecolor.py b/Tests/test_imagecolor.py
+index b5d69379655..dbe8b9e957b 100644
+--- a/Tests/test_imagecolor.py
++++ b/Tests/test_imagecolor.py
+@@ -191,3 +191,12 @@ def test_rounding_errors():
+ assert (255, 255) == ImageColor.getcolor("white", "LA")
+ assert (163, 33) == ImageColor.getcolor("rgba(0, 255, 115, 33)", "LA")
+ Image.new("LA", (1, 1), "white")
++
++
++def test_color_too_long():
++ # Arrange
++ color_too_long = "hsl(" + "1" * 100 + ")"
++
++ # Act / Assert
++ with pytest.raises(ValueError):
++ ImageColor.getrgb(color_too_long)
+diff --git a/src/PIL/ImageColor.py b/src/PIL/ImageColor.py
+index 51df4404039..25f92f2c732 100644
+--- a/src/PIL/ImageColor.py
++++ b/src/PIL/ImageColor.py
+@@ -32,6 +32,8 @@ def getrgb(color):
+ :param color: A color string
+ :return: ``(red, green, blue[, alpha])``
+ """
++ if len(color) > 100:
++ raise ValueError("color specifier is too long")
+ color = color.lower()
+
+ rgb = colormap.get(color, None)
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
index d53e7fa841..4517f29631 100644
--- a/main/ruby/APKBUILD
+++ b/main/ruby/APKBUILD
@@ -1,8 +1,13 @@
# Contributor: Carlo Landmeter <clandmeter@alpinelinux.org>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Contributor: Nulo <git@nulo.in>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.7.5-r0:
+# - CVE-2021-41817
+# - CVE-2021-41816
+# - CVE-2021-41819
# 2.7.4-r0:
# - CVE-2021-31799
# - CVE-2021-31810
@@ -43,7 +48,7 @@
# - CVE-2017-17405
#
pkgname=ruby
-pkgver=2.7.4
+pkgver=2.7.5
_abiver="${pkgver%.*}.0"
pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
@@ -347,7 +352,7 @@ _mvgem() {
}
sha512sums="
-a317752e9a32c8d1261e67ca89c396722ee779ec8ba4594987812d065b73751f51485a1ede8044aae14b3b16e8d049c6953cef530ae1b82abb135b446c653f8a ruby-2.7.4.tar.gz
+09e029b5cc15b6e4e37bcf15adb28213eaedec3ea22106d63095b37ea6b2a2b68e82e74e6b50746c87dd77e5185795d014e0db118bf0f45ffa0b0a307f5f65da ruby-2.7.5.tar.gz
a142199140fa711a64717429e9069fd2082319abaf4b129f561db374b3bc16e2a90cc4c849b5d28334505d1c71fed242aef3c44d983da3513d239dcb778673a5 rubygems-avoid-platform-specific-gems.patch
43c1fc80f0dcb4f24d891478889808583da90dc9e0df74c3b1cf41253c13a0d416d2b7ae17e7d53ac1238340a845b088f0fe20324a79905cc6b950b3dcfa4ac6 test_insns-lower-recursion-depth.patch
3ffc034c01110ee5531265333ca5ee8d61d08131843fe3004c5b34c88c9c1b32cb4ed89574f393177c8bd526e9c15da61ab344f93adf07b9148c561ee19e2eb5 fix-get_main_stack.patch
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
index 9ba693df4d..592c40ad0b 100644
--- a/main/squid/APKBUILD
+++ b/main/squid/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squid
pkgver=5.0.6
-pkgrel=1
+pkgrel=2
pkgdesc="A full-featured Web proxy cache server."
url="http://www.squid-cache.org"
install="squid.pre-install squid.pre-upgrade"
@@ -19,6 +19,7 @@ linguas="af ar az bg ca cs da de el es et fa fi fr he hu hy id it ja ka ko lt
langdir="/usr/share/squid/errors"
source="http://www.squid-cache.org/Versions/v${pkgver%%.*}/squid-$pkgver.tar.xz
CVE-2021-28116.patch
+ CVE-2021-41611.patch
$pkgname.initd
$pkgname.confd
@@ -28,6 +29,8 @@ pkgusers="squid"
pkggroups="squid"
# secfixes:
+# 5.0.6-r2:
+# - CVE-2021-41611
# 5.0.6-r1:
# - CVE-2021-28116
# 5.0.6-r0:
@@ -126,6 +129,7 @@ squid_kerb_auth() {
sha512sums="
97300844145ea5488a88a531fc0fbbf3c96051169eb20f8b95ba9a4c37f73edfbbedb69ee446e81f45b663e5c7c9a82e2978239c2613da7e5da2365fdaeceb6e squid-5.0.6.tar.xz
60440e80e62609584bb5c0eba314fa5e5d68add39fd4d4e3899f3a268552f2dfd31da616b5b1820a1c7096382b82fbc01dc9dc92107feed6cd4b0df40c3c43bd CVE-2021-28116.patch
+651d700e45c12910ce9a03894ad8c3549a8ffce55b6ee24da9425b4272f6433e69ade113b1a57e77a692982aae54bcec4b6865c9f0e68cf76cd0388356c9d008 CVE-2021-41611.patch
8320820c02c824ed96065e0b66cabdd80b11c23e911880a42f5bd7e3f6e7a5c1c6def910a1843cca810c62a7dc8ccdb9ae82c0cf52bf08259c3b50058232132d squid.initd
7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd
89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate
diff --git a/main/squid/CVE-2021-41611.patch b/main/squid/CVE-2021-41611.patch
new file mode 100644
index 0000000000..f96d4f74ef
--- /dev/null
+++ b/main/squid/CVE-2021-41611.patch
@@ -0,0 +1,25 @@
+commit 533b4359f16cf9ed15a6d709a57a4b06e4222cfe
+Author: Alex Rousskov <rousskov@measurement-factory.com>
+Date: 2021-09-24 20:10:37 +0000
+
+ TLS: Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling (#898)
+
+diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc
+index 58db7b057..c601fffb2 100644
+--- a/src/security/PeerConnector.cc
++++ b/src/security/PeerConnector.cc
+@@ -653,11 +653,11 @@ Security::PeerConnector::handleMissingCertificates(const Security::IoResult &ioR
+ Must(callerHandlesMissingCertificates);
+ callerHandlesMissingCertificates = false;
+
+- if (!computeMissingCertificateUrls(sconn))
+- return handleNegotiationResult(ioResult);
+-
+ suspendNegotiation(ioResult);
+
++ if (!computeMissingCertificateUrls(sconn))
++ return resumeNegotiation();
++
+ assert(!urlsOfMissingCerts.empty());
+ startCertDownloading(urlsOfMissingCerts.front());
+ urlsOfMissingCerts.pop();
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index f79cecd000..132c261d57 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
pkgname=strongswan
pkgver=5.9.1
_pkgver=${pkgver//_rc/rc}
-pkgrel=0
+pkgrel=1
pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
url="https://www.strongswan.org/"
arch="all"
@@ -17,6 +17,8 @@ makedepends="linux-headers python3 sqlite-dev openssl-dev curl-dev
install="$pkgname.pre-install"
subpackages="$pkgname-doc $pkgname-dbg $pkgname-logfile $pkgname-openrc"
source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
+ https://download.strongswan.org/security/CVE-2021-41990/strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch
+ https://download.strongswan.org/security/CVE-2021-41991/strongswan-4.4.1-5.9.3_cert-cache-random.patch
1001-charon-add-optional-source-and-remote-overrides-for-.patch
1002-vici-send-certificates-for-ike-sa-events.patch
@@ -29,6 +31,9 @@ source="https://download.strongswan.org/strongswan-$_pkgver.tar.bz2
"
# secfixes:
+# 5.9.1-r1:
+# - CVE-2021-41990
+# - CVE-2021-41991
# 5.7.1-r0:
# - CVE-2018-17540
# 5.7.0-r0:
@@ -127,11 +132,15 @@ logfile() {
install -m 2750 -o ipsec -g wheel -d "$subpkgdir/var/log/ipsec"
}
-sha512sums="222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 strongswan-5.9.1.tar.bz2
+sha512sums="
+222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497 strongswan-5.9.1.tar.bz2
+42bb9dc02e04735183cb2966e23f26bdb2b14b56b10dc3df770cfbea066a690130ce84dc3a17b1369c2d45852bcd8a2902f19368099a1e71c858293decdb48ee strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch
+39f607625bc6aa128b71e65e9806c60051015378d0250961bafbe787aa652141e1b3126d235b9cede08e4fe816b3220dbae54e40492b0aeb48f034220f1ee446 strongswan-4.4.1-5.9.3_cert-cache-random.patch
8cd2f7e10dca25c8739b18f26f0aba427d00c5689ee126da5fc2699ce75ed567f0d25b4e50b716eab58097c06a51418e489e7f853d02bb53ba32aca72a6ae7c8 1001-charon-add-optional-source-and-remote-overrides-for-.patch
f92609a1f6810786baeae1688688cbdd2a3116200cdba8d23e13da08992f5280bcbe04712cc89402f1e39aff6f4ebc8da05a2529b1e61e25a5229deb74c4dc3f 1002-vici-send-certificates-for-ike-sa-events.patch
da39b5654c6f39d175c5491dabd5ed5c1b552857af7cbe7eeb8d0ecb34dad265bb8cd7725930eb75ceb99d51813f8e59631e687b09c1ff5c6437388f5f4d9647 1003-vici-add-support-for-individual-sa-state-changes.patch
8b61e3ffbb39b837733e602ec329e626dc519bf7308d3d4192b497d18f38176789d23ef5afec51f8463ee1ddaf4d74546b965c03184132e217cbc27017e886c9 strongswan.initd
4ac8dc83f08998fe672d5446dc6071f95a6a437b9df7c19d5f1a41707fb44451ec37aa237d0b86b0a9edf36a9ce7c29ba8959a38b04536c994dd4300daf737e5 charon.initd
0417de0c0aa779602b216f29b1ad58cc842f0b0fbb8f5238d39199125dac30eaae89d869b337f8f504f8427f074ee7a363f55e3b3875516fe1ed5f0ed7f34c6f charon.logrotate
-5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf"
+5896a9c5ecbef1a6c36b7bd31c83e18603f49105aedd4af80c42b0036c75950eac6e92abccfca09c9cb5bb3f3c4010f0daba068208e7dff05e7b1849d5a6e363 charon-logfile.conf
+"
diff --git a/main/tzdata/APKBUILD b/main/tzdata/APKBUILD
index b208b78ea4..a7611d6e3a 100644
--- a/main/tzdata/APKBUILD
+++ b/main/tzdata/APKBUILD
@@ -2,8 +2,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=tzdata
-pkgver=2021d
-_tzcodever=2021d
+pkgver=2021e
+_tzcodever=2021e
_ptzver=0.5
pkgrel=0
pkgdesc="Timezone data"
@@ -51,8 +51,8 @@ package() {
}
sha512sums="
-dbd7e3df02a11676600aa7efa14592feb2ac9ab5807b0d395e0c29ff1ed4a31580120287df9fe0c65a78162157dcd31d9fbe90a2a93bfd891d59ae3668a3adda tzcode2021d.tar.gz
-e25e85679256cfa57072cc8902aad1ca1df5ddc4a06844ca38bd57c8b5ad386e38303654dc85525f4fb470a924db4deb3576827a14d3ff87f4a1c679414b95c9 tzdata2021d.tar.gz
+87b0335129ea41c5f42f687f548712e5da892baa8494cecf5d34851beceecf6ae52f22104696ed187713cf9e502570eb2041e277dfd3c043c11d0253bfde685a tzcode2021e.tar.gz
+c1e8d04e049157ed5d4af0868855bbd75517e3d7e1db9c41d5283ff260109de46b6fac6be94828201d093e163d868044ac2a9db2bf0aeab800e264d0c73a9119 tzdata2021e.tar.gz
68dbaab9f4aef166ac2f2d40b49366527b840bebe17a47599fe38345835e4adb8a767910745ece9c384b57af815a871243c3e261a29f41d71f8054df3061b3fd posixtz-0.5.tar.xz
0f2a10ee2bb4007f57b59123d1a0b8ef6accf99e568f21537f0bb19f290fff46e24050f55f12569d7787be600e1b62aa790ea85a333153f3ea081a812c81b1b5 0001-posixtz-ensure-the-file-offset-we-pass-to-lseek-is-o.patch
fb322ab7867517ba39265d56d3576cbcea107c205d524e87015c1819bbb7361f7322232ee3b86ea9b8df2886e7e06a6424e3ac83b2006be290a33856c7d40ac4 0002-fix-implicit-declaration-warnings-by-including-strin.patch
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD
index e4f32c6085..c50f0fbace 100644
--- a/main/xen/APKBUILD
+++ b/main/xen/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=xen
pkgver=4.14.3
-pkgrel=0
+pkgrel=2
pkgdesc="Xen hypervisor"
url="https://www.xenproject.org/"
arch="x86_64 armhf aarch64" # enable armv7 when builds with gcc8
@@ -232,7 +232,14 @@ options="!strip"
# - CVE-2021-28700 XSA-383
# 4.14.2-r1:
# - CVE-2021-28701 XSA-384
-
+# 4.14.3-r1:
+# - CVE-2021-28702 XSA-386
+# 4.14.3-r2:
+# - CVE-2021-28704 XSA-388
+# - CVE-2021-28707 XSA-388
+# - CVE-2021-28708 XSA-388
+# - CVE-2021-28705 XSA-389
+# - CVE-2021-28709 XSA-389
case "$CARCH" in
x86*)
@@ -296,6 +303,12 @@ source="https://downloads.xenproject.org/release/xen/$pkgver/xen-$pkgver.tar.gz
qemu-xen-time64.patch
gcc10-etherboot-enum.patch
+ xsa386.patch
+
+ xsa388-4.14-1.patch
+ xsa388-4.14-2.patch
+ xsa389-4.14.patch
+
xenstored.initd
xenstored.confd
xenconsoled.initd
@@ -544,6 +557,10 @@ f095ea373f36381491ad36f0662fb4f53665031973721256b23166e596318581da7cbb0146d0beb2
5b582453ea64fae138e9442c7f4c083bbef82c216b25bb3e509c0e8f5c0e88487f9e12152367760fb8a6133266e7d8b58eda5e20cf7234a0f39ed6804070cc8d tpm-version.patch
231b5d0abf6420722534bf48b4f263bdf70dd258f5f34b344f230b4e166edb3ebaf769592f40653ea5836b4431ef951ebcf1995f09e2beb4a591edd3b024a652 qemu-xen-time64.patch
e72ae17cb80c78412996845b996e442cdc21ee4b840c8b7ebacca101619b3d47104bf6b6330520aecf0d7ccf2699826b4f2a649c729b21d5ac81b37f7fc505fc gcc10-etherboot-enum.patch
+77811232c5cf199d24fb8e4a5367a56d56e61ad218397913fa22bd89d0dffabe92acfded246aa731d450f80dcffee84268b27e73e60f19eec15d0ada988a0574 xsa386.patch
+5e8165695a7e5a7fdc332de0d4ee31626eb72c8765f12855543592cb86f0eb4f98ea49cae31c8fc356a0645f6a2fe05ddf2b38f9f2bb04196bb4b9efc204dc26 xsa388-4.14-1.patch
+9e7b5f66480d3c0898cc080d0506dddbe35a814ccd72619abb82e8241b8cddc726e7bb38ce818335451b56ba549ed9ea1743f46fb9f0fd81ac1310ec6e94fea4 xsa388-4.14-2.patch
+a3196bac727ed19185cf61f6e0c5a43400556f42239055cdb03f2689a82647110ab77d06f059185c7ab12ccedd520d2951f258ca61a6ed06507343356571abb4 xsa389-4.14.patch
52c43beb2596d645934d0f909f2d21f7587b6898ed5e5e7046799a8ed6d58f7a09c5809e1634fa26152f3fd4f3e7cfa07da7076f01b4a20cc8f5df8b9cb77e50 xenstored.initd
093f7fbd43faf0a16a226486a0776bade5dc1681d281c5946a3191c32d74f9699c6bf5d0ab8de9d1195a2461165d1660788e92a3156c9b3c7054d7b2d52d7ff0 xenstored.confd
3c86ed48fbee0af4051c65c4a3893f131fa66e47bf083caf20c9b6aa4b63fdead8832f84a58d0e27964bc49ec8397251b34e5be5c212c139f556916dc8da9523 xenconsoled.initd
diff --git a/main/xen/xsa386.patch b/main/xen/xsa386.patch
new file mode 100644
index 0000000000..83f24d30d5
--- /dev/null
+++ b/main/xen/xsa386.patch
@@ -0,0 +1,29 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: VT-d: fix deassign of device with RMRR
+Date: Fri, 1 Oct 2021 15:05:42 +0200
+
+Ignoring a specific error code here was not meant to short circuit
+deassign to _just_ the unmapping of RMRRs. This bug was previously
+hidden by the bogus (potentially indefinite) looping in
+pci_release_devices(), until f591755823a7 ("IOMMU/PCI: don't let domain
+cleanup continue when device de-assignment failed") fixed that loop.
+
+This is CVE-2021-28702 / XSA-386.
+
+Fixes: 8b99f4400b69 ("VT-d: fix RMRR related error handling")
+Reported-by: Ivan Kardykov <kardykov@tabit.pro>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Tested-by: Ivan Kardykov <kardykov@tabit.pro>
+
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -2409,7 +2409,7 @@ static int reassign_device_ownership(
+ ret = iommu_identity_mapping(source, p2m_access_x,
+ rmrr->base_address,
+ rmrr->end_address, 0);
+- if ( ret != -ENOENT )
++ if ( ret && ret != -ENOENT )
+ return ret;
+ }
+ }
+
diff --git a/main/xen/xsa388-4.14-1.patch b/main/xen/xsa388-4.14-1.patch
new file mode 100644
index 0000000000..f76f2d56b6
--- /dev/null
+++ b/main/xen/xsa388-4.14-1.patch
@@ -0,0 +1,174 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/PoD: deal with misaligned GFNs
+
+Users of XENMEM_decrease_reservation and XENMEM_populate_physmap aren't
+required to pass in order-aligned GFN values. (While I consider this
+bogus, I don't think we can fix this there, as that might break existing
+code, e.g Linux'es swiotlb, which - while affecting PV only - until
+recently had been enforcing only page alignment on the original
+allocation.) Only non-PoD code paths (guest_physmap_{add,remove}_page(),
+p2m_set_entry()) look to be dealing with this properly (in part by being
+implemented inefficiently, handling every 4k page separately).
+
+Introduce wrappers taking care of splitting the incoming request into
+aligned chunks, without putting much effort in trying to determine the
+largest possible chunk at every iteration.
+
+Also "handle" p2m_set_entry() failure for non-order-0 requests by
+crashing the domain in one more place. Alongside putting a log message
+there, also add one to the other similar path.
+
+Note regarding locking: This is left in the actual worker functions on
+the assumption that callers aren't guaranteed atomicity wrt acting on
+multiple pages at a time. For mis-aligned GFNs gfn_lock() wouldn't have
+locked the correct GFN range anyway, if it didn't simply resolve to
+p2m_lock(), and for well-behaved callers there continues to be only a
+single iteration, i.e. behavior is unchanged for them. (FTAOD pulling
+out just pod_lock() into p2m_pod_decrease_reservation() would result in
+a lock order violation.)
+
+This is CVE-2021-28704 and CVE-2021-28707 / part of XSA-388.
+
+Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m-pod.c
++++ b/xen/arch/x86/mm/p2m-pod.c
+@@ -495,7 +495,7 @@ p2m_pod_zero_check_superpage(struct p2m_
+
+
+ /*
+- * This function is needed for two reasons:
++ * This pair of functions is needed for two reasons:
+ * + To properly handle clearing of PoD entries
+ * + To "steal back" memory being freed for the PoD cache, rather than
+ * releasing it.
+@@ -503,8 +503,8 @@ p2m_pod_zero_check_superpage(struct p2m_
+ * Once both of these functions have been completed, we can return and
+ * allow decrease_reservation() to handle everything else.
+ */
+-unsigned long
+-p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
++static unsigned long
++decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
+ {
+ unsigned long ret = 0, i, n;
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+@@ -551,8 +551,10 @@ p2m_pod_decrease_reservation(struct doma
+ * All PoD: Mark the whole region invalid and tell caller
+ * we're done.
+ */
+- if ( p2m_set_entry(p2m, gfn, INVALID_MFN, order, p2m_invalid,
+- p2m->default_access) )
++ int rc = p2m_set_entry(p2m, gfn, INVALID_MFN, order, p2m_invalid,
++ p2m->default_access);
++
++ if ( rc )
+ {
+ /*
+ * If this fails, we can't tell how much of the range was changed.
+@@ -560,7 +562,12 @@ p2m_pod_decrease_reservation(struct doma
+ * impossible.
+ */
+ if ( order != 0 )
++ {
++ printk(XENLOG_G_ERR
++ "%pd: marking GFN %#lx (order %u) as non-PoD failed: %d\n",
++ d, gfn_x(gfn), order, rc);
+ domain_crash(d);
++ }
+ goto out_unlock;
+ }
+ ret = 1UL << order;
+@@ -667,6 +674,22 @@ out_unlock:
+ return ret;
+ }
+
++unsigned long
++p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
++{
++ unsigned long left = 1UL << order, ret = 0;
++ unsigned int chunk_order = find_first_set_bit(gfn_x(gfn) | left);
++
++ do {
++ ret += decrease_reservation(d, gfn, chunk_order);
++
++ left -= 1UL << chunk_order;
++ gfn = gfn_add(gfn, 1UL << chunk_order);
++ } while ( left );
++
++ return ret;
++}
++
+ void p2m_pod_dump_data(struct domain *d)
+ {
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+@@ -1266,19 +1289,15 @@ remap_and_retry:
+ return true;
+ }
+
+-
+-int
+-guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn_l,
+- unsigned int order)
++static int
++mark_populate_on_demand(struct domain *d, unsigned long gfn_l,
++ unsigned int order)
+ {
+ struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ gfn_t gfn = _gfn(gfn_l);
+ unsigned long i, n, pod_count = 0;
+ int rc = 0;
+
+- if ( !paging_mode_translate(d) )
+- return -EINVAL;
+-
+ gfn_lock(p2m, gfn, order);
+
+ P2M_DEBUG("mark pod gfn=%#lx\n", gfn_l);
+@@ -1316,12 +1335,44 @@ guest_physmap_mark_populate_on_demand(st
+ BUG_ON(p2m->pod.entry_count < 0);
+ pod_unlock(p2m);
+ }
++ else if ( order )
++ {
++ /*
++ * If this failed, we can't tell how much of the range was changed.
++ * Best to crash the domain.
++ */
++ printk(XENLOG_G_ERR
++ "%pd: marking GFN %#lx (order %u) as PoD failed: %d\n",
++ d, gfn_l, order, rc);
++ domain_crash(d);
++ }
+
+ out:
+ gfn_unlock(p2m, gfn, order);
+
+ return rc;
+ }
++
++int
++guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
++ unsigned int order)
++{
++ unsigned long left = 1UL << order;
++ unsigned int chunk_order = find_first_set_bit(gfn | left);
++ int rc;
++
++ if ( !paging_mode_translate(d) )
++ return -EINVAL;
++
++ do {
++ rc = mark_populate_on_demand(d, gfn, chunk_order);
++
++ left -= 1UL << chunk_order;
++ gfn += 1UL << chunk_order;
++ } while ( !rc && left );
++
++ return rc;
++}
+
+ void p2m_pod_init(struct p2m_domain *p2m)
+ {
diff --git a/main/xen/xsa388-4.14-2.patch b/main/xen/xsa388-4.14-2.patch
new file mode 100644
index 0000000000..2f8cc881f0
--- /dev/null
+++ b/main/xen/xsa388-4.14-2.patch
@@ -0,0 +1,36 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/PoD: handle intermediate page orders in p2m_pod_cache_add()
+
+p2m_pod_decrease_reservation() may pass pages to the function which
+aren't 4k, 2M, or 1G. Handle all intermediate orders as well, to avoid
+hitting the BUG() at the switch() statement's "default" case.
+
+This is CVE-2021-28708 / part of XSA-388.
+
+Fixes: 3c352011c0d3 ("x86/PoD: shorten certain operations on higher order ranges")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m-pod.c
++++ b/xen/arch/x86/mm/p2m-pod.c
+@@ -111,15 +111,13 @@ p2m_pod_cache_add(struct p2m_domain *p2m
+ /* Then add to the appropriate populate-on-demand list. */
+ switch ( order )
+ {
+- case PAGE_ORDER_1G:
+- for ( i = 0; i < (1UL << PAGE_ORDER_1G); i += 1UL << PAGE_ORDER_2M )
++ case PAGE_ORDER_2M ... PAGE_ORDER_1G:
++ for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_2M )
+ page_list_add_tail(page + i, &p2m->pod.super);
+ break;
+- case PAGE_ORDER_2M:
+- page_list_add_tail(page, &p2m->pod.super);
+- break;
+- case PAGE_ORDER_4K:
+- page_list_add_tail(page, &p2m->pod.single);
++ case PAGE_ORDER_4K ... PAGE_ORDER_2M - 1:
++ for ( i = 0; i < (1UL << order); i += 1UL << PAGE_ORDER_4K )
++ page_list_add_tail(page + i, &p2m->pod.single);
+ break;
+ default:
+ BUG();
diff --git a/main/xen/xsa389-4.14.patch b/main/xen/xsa389-4.14.patch
new file mode 100644
index 0000000000..1d893f123f
--- /dev/null
+++ b/main/xen/xsa389-4.14.patch
@@ -0,0 +1,180 @@
+From: Jan Beulich <jbeulich@suse.com>
+Subject: x86/P2M: deal with partial success of p2m_set_entry()
+
+M2P and PoD stats need to remain in sync with P2M; if an update succeeds
+only partially, respective adjustments need to be made. If updates get
+made before the call, they may also need undoing upon complete failure
+(i.e. including the single-page case).
+
+Log-dirty state would better also be kept in sync.
+
+Note that the change to set_typed_p2m_entry() may not be strictly
+necessary (due to the order restriction enforced near the top of the
+function), but is being kept here to be on the safe side.
+
+This is CVE-2021-28705 and CVE-2021-28709 / XSA-389.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
+
+--- a/xen/arch/x86/mm/p2m.c
++++ b/xen/arch/x86/mm/p2m.c
+@@ -780,6 +780,7 @@ p2m_remove_page(struct p2m_domain *p2m,
+ unsigned long i;
+ p2m_type_t t;
+ p2m_access_t a;
++ int rc;
+
+ /* IOMMU for PV guests is handled in get_page_type() and put_page(). */
+ if ( !paging_mode_translate(p2m->domain) )
+@@ -813,8 +814,27 @@ p2m_remove_page(struct p2m_domain *p2m,
+ }
+ }
+
+- return p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid,
+- p2m->default_access);
++ rc = p2m_set_entry(p2m, gfn, INVALID_MFN, page_order, p2m_invalid,
++ p2m->default_access);
++ if ( likely(!rc) || !mfn_valid(mfn) )
++ return rc;
++
++ /*
++ * The operation may have partially succeeded. For the failed part we need
++ * to undo the M2P update and, out of precaution, mark the pages dirty
++ * again.
++ */
++ for ( i = 0; i < (1UL << page_order); ++i )
++ {
++ p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL);
++ if ( !p2m_is_hole(t) && !p2m_is_special(t) && !p2m_is_shared(t) )
++ {
++ set_gpfn_from_mfn(mfn_x(mfn) + i, gfn_x(gfn) + i);
++ paging_mark_pfn_dirty(p2m->domain, _pfn(gfn_x(gfn) + i));
++ }
++ }
++
++ return rc;
+ }
+
+ int
+@@ -1003,13 +1023,8 @@ guest_physmap_add_entry(struct domain *d
+
+ /* Now, actually do the two-way mapping */
+ rc = p2m_set_entry(p2m, gfn, mfn, page_order, t, p2m->default_access);
+- if ( rc == 0 )
++ if ( likely(!rc) )
+ {
+- pod_lock(p2m);
+- p2m->pod.entry_count -= pod_count;
+- BUG_ON(p2m->pod.entry_count < 0);
+- pod_unlock(p2m);
+-
+ if ( !p2m_is_grant(t) )
+ {
+ for ( i = 0; i < (1UL << page_order); i++ )
+@@ -1017,6 +1032,42 @@ guest_physmap_add_entry(struct domain *d
+ gfn_x(gfn_add(gfn, i)));
+ }
+ }
++ else
++ {
++ /*
++ * The operation may have partially succeeded. For the successful part
++ * we need to update M2P and dirty state, while for the failed part we
++ * may need to adjust PoD stats as well as undo the earlier M2P update.
++ */
++ for ( i = 0; i < (1UL << page_order); ++i )
++ {
++ omfn = p2m->get_entry(p2m, gfn_add(gfn, i), &ot, &a, 0, NULL, NULL);
++ if ( p2m_is_pod(ot) )
++ {
++ BUG_ON(!pod_count);
++ --pod_count;
++ }
++ else if ( mfn_eq(omfn, mfn_add(mfn, i)) && ot == t &&
++ a == p2m->default_access && !p2m_is_grant(t) )
++ {
++ set_gpfn_from_mfn(mfn_x(omfn), gfn_x(gfn) + i);
++ paging_mark_pfn_dirty(d, _pfn(gfn_x(gfn) + i));
++ }
++ else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
++ {
++ ASSERT(mfn_valid(omfn));
++ set_gpfn_from_mfn(mfn_x(omfn), gfn_x(gfn) + i);
++ }
++ }
++ }
++
++ if ( pod_count )
++ {
++ pod_lock(p2m);
++ p2m->pod.entry_count -= pod_count;
++ BUG_ON(p2m->pod.entry_count < 0);
++ pod_unlock(p2m);
++ }
+
+ out:
+ p2m_unlock(p2m);
+@@ -1308,6 +1359,49 @@ static int set_typed_p2m_entry(struct do
+ return 0;
+ }
+ }
++
++ P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
++ rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
++ if ( unlikely(rc) )
++ {
++ gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
++ gfn_l, order, rc, mfn_x(mfn));
++
++ /*
++ * The operation may have partially succeeded. For the successful part
++ * we need to update PoD stats, M2P, and dirty state.
++ */
++ if ( order != PAGE_ORDER_4K )
++ {
++ unsigned long i;
++
++ for ( i = 0; i < (1UL << order); ++i )
++ {
++ p2m_type_t t;
++ mfn_t cmfn = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0,
++ NULL, NULL);
++
++ if ( !mfn_eq(cmfn, mfn_add(mfn, i)) || t != gfn_p2mt ||
++ a != access )
++ continue;
++
++ if ( p2m_is_ram(ot) )
++ {
++ ASSERT(mfn_valid(mfn_add(omfn, i)));
++ set_gpfn_from_mfn(mfn_x(omfn) + i, INVALID_M2P_ENTRY);
++ }
++#ifdef CONFIG_HVM
++ else if ( p2m_is_pod(ot) )
++ {
++ pod_lock(p2m);
++ BUG_ON(!p2m->pod.entry_count);
++ --p2m->pod.entry_count;
++ pod_unlock(p2m);
++ }
++#endif
++ }
++ }
++ }
+ else if ( p2m_is_ram(ot) )
+ {
+ unsigned long i;
+@@ -1318,12 +1412,6 @@ static int set_typed_p2m_entry(struct do
+ set_gpfn_from_mfn(mfn_x(omfn) + i, INVALID_M2P_ENTRY);
+ }
+ }
+-
+- P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
+- rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
+- if ( rc )
+- gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
+- gfn_l, order, rc, mfn_x(mfn));
+ #ifdef CONFIG_HVM
+ else if ( p2m_is_pod(ot) )
+ {
diff --git a/main/xtables-addons-lts/APKBUILD b/main/xtables-addons-lts/APKBUILD
index 662c0f06e6..6540c51068 100644
--- a/main/xtables-addons-lts/APKBUILD
+++ b/main/xtables-addons-lts/APKBUILD
@@ -7,7 +7,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"
diff --git a/main/zfs-lts/APKBUILD b/main/zfs-lts/APKBUILD
index 0c53a695cd..c6115d7e87 100644
--- a/main/zfs-lts/APKBUILD
+++ b/main/zfs-lts/APKBUILD
@@ -8,7 +8,7 @@ _rel=0
_flavor=${FLAVOR:-lts}
_kpkg=linux-$_flavor
-_kver=5.10.61
+_kver=5.10.88
_krel=0
_kpkgver="$_kver-r$_krel"