[gentoo-commits] repo/gentoo:master commit in: sys-apps/mawk/files/, sys-apps/mawk/

[gentoo-commits] repo/gentoo:master commit in: sys-apps/mawk/files/, sys-apps/mawk/

[Tim Harder]

commit:     18975c2a8e9fd761585dddcc1d1e8c974f4cf458
Author:     Tim Harder <radhermit <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  7 05:36:23 2016 +0000
Commit:     Tim Harder <radhermit <AT> gentoo <DOT> org>
CommitDate: Sun Aug  7 05:36:23 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18975c2a

sys-apps/mawk: remove old

 sys-apps/mawk/Manifest                             |  2 -
 sys-apps/mawk/files/mawk-1.3.4-cross-compile.patch | 13 -------
 sys-apps/mawk/mawk-1.3.4_p20100625.ebuild          | 32 ----------------
 sys-apps/mawk/mawk-1.3.4_p20141206.ebuild          | 43 ----------------------
 4 files changed, 90 deletions(-)

diff --git a/sys-apps/mawk/Manifest b/sys-apps/mawk/Manifest
index f551876..cecd426 100644
--- a/sys-apps/mawk/Manifest
+++ b/sys-apps/mawk/Manifest
@@ -1,4 +1,2 @@
-DIST mawk-1.3.4-20100625.tgz 304970 SHA256 a8837a66ecee746edc149d7c38686209656c455290a1805c5e05ebad3184d2c9 SHA512 06623b8e647dabffd34d6e655cee72fb8a70eaf70b5cd8165d687c6913fecd868c584306d9b37666e36a473fb6c8dd7c211cdf89fffe1c838eaa826e2865de69 WHIRLPOOL bc375ddfd423fe45a0a89ac5b16a4dbf04ef360cdacc9ca9aa33cceb92e6e9ebfc8447604bf396c5c89529a42555b4d7d55474740a4117717224f983604d1b20
-DIST mawk-1.3.4-20141206.tgz 465025 SHA256 efa092ec3ea5dfd54571e8ba3b0327073f1fa51b8efa0953c2cadd87a87389c8 SHA512 636c863d759c8001fd51dea5fd1bfabed193976e9d7e7d614848bf8b5b4714b16325833099abf33c0a94c9cd746608da10e6e7b1199cd2480cab419f89813814 WHIRLPOOL a10a6517092fe97f0ae23766b055c20b73b26d5fcdf18c50e8a9f571be5d694b01a039d3ce6e7ca6294477d013b6a70ae24f5f48426e827a7673e8282a0bf91b
 DIST mawk-1.3.4-20150503.tgz 468794 SHA256 461673c7c4572e1e67e69e7bf7582e02d3c175b814485f2aa52c2c28099b3c6f SHA512 ac9dde6948328d8db94458448abdf7389f8862ae6093315dd19ed9d1cbeab60fca1fc7b084cda4ce09505010f7108612585e3c4ba9663ddf3adb869bf1d9d7b6 WHIRLPOOL 171c82659cfbae255c7209a1ef700a981bebb46ebcfabe37852ef4edfe60f28e6f3b8509700fbdf6edd10af2bdf4a5be898686666f2a61e59c1771b475645a0a
 DIST mawk-1.3.4-20160615.tgz 466312 SHA256 230a2a2c707e184eb7e56681b993862ab0c4ed2165a893df4e96fac61e7813ac SHA512 97062fe278f1ec30db2233f9bd5a2f60557e2362a2c785bce94a7b9eec9065138cf1349bc145c18194b5af56c8e943e63c95baea839282a65ba09062bdcca2ae WHIRLPOOL 981676b445bf6ed7edbfd3bbc5e62675d1467b5e047a692a006765fbc7e3da45314c59f9959585f7d4ca5ef3f736f6b134352e6d97ba3097cba8673490d89538

diff --git a/sys-apps/mawk/files/mawk-1.3.4-cross-compile.patch b/sys-apps/mawk/files/mawk-1.3.4-cross-compile.patch
deleted file mode 100644
index 104bb46..0000000
--- a/sys-apps/mawk/files/mawk-1.3.4-cross-compile.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -104,8 +104,9 @@
- 	-@rm -f $@
- 	notangle -R'"array.h"' array.w | $(NOIDENT) | cpif array.h
- 
-+BUILD_CC ?= gcc
- scancode.c :  $(srcdir)/makescan.c  scancode.h nstd.h config.h
--	@ECHO_LD@$(CC) $(CFLAGS) $(CPPFLAGS) -o makescan.exe $(srcdir)/makescan.c
-+	@ECHO_LD@$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) -o makescan.exe $(srcdir)/makescan.c
- 	rm -f scancode.c
- 	./makescan.exe > scancode.c
- 	rm makescan.exe

diff --git a/sys-apps/mawk/mawk-1.3.4_p20100625.ebuild b/sys-apps/mawk/mawk-1.3.4_p20100625.ebuild
deleted file mode 100644
index 061566e..0000000
--- a/sys-apps/mawk/mawk-1.3.4_p20100625.ebuild
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="2"
-
-inherit toolchain-funcs eutils
-
-MY_P=${P/_p/-}
-DESCRIPTION="an (often faster than gawk) awk-interpreter"
-HOMEPAGE="http://invisible-island.net/mawk/mawk.html"
-SRC_URI="ftp://invisible-island.net/mawk/${MY_P}.tgz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 ~hppa ia64 ppc sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
-IUSE=""
-
-S=${WORKDIR}/${MY_P}
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-1.3.4-cross-compile.patch
-	tc-export BUILD_CC
-}
-
-src_install() {
-	emake install DESTDIR="${D}" || die
-	dodoc ACKNOWLEDGMENT CHANGES INSTALL README
-
-	exeinto /usr/share/doc/${PF}/examples
-	doexe examples/*  # avoid compression of dodoc + make executable
-}

diff --git a/sys-apps/mawk/mawk-1.3.4_p20141206.ebuild b/sys-apps/mawk/mawk-1.3.4_p20141206.ebuild
deleted file mode 100644
index 720265d..0000000
--- a/sys-apps/mawk/mawk-1.3.4_p20141206.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit toolchain-funcs
-
-MY_P=${P/_p/-}
-DESCRIPTION="an (often faster than gawk) awk-interpreter"
-HOMEPAGE="http://invisible-island.net/mawk/mawk.html"
-SRC_URI="ftp://invisible-island.net/mawk/${MY_P}.tgz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
-
-RDEPEND="app-eselect/eselect-awk"
-DEPEND="${RDEPEND}"
-
-S=${WORKDIR}/${MY_P}
-
-DOCS=( ACKNOWLEDGMENT CHANGES README )
-
-src_prepare() {
-	tc-export BUILD_CC
-}
-
-src_install() {
-	default
-
-	exeinto /usr/share/doc/${PF}/examples
-	doexe examples/*
-	docompress -x /usr/share/doc/${PF}/examples
-}
-
-pkg_postinst() {
-	eselect awk update ifunset
-}
-
-pkg_postrm() {
-	eselect awk update ifunset
-}

[gentoo-commits] repo/gentoo:master commit in: sys-apps/mawk/files/, sys-apps/mawk/

[Mike Frysinger]

commit:     7675026aa7867fd9d5bf678e3206c3261a473205
Author:     Mike Frysinger <vapier <AT> chromium <DOT> org>
AuthorDate: Tue Jan  2 11:37:58 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Jan  2 11:38:36 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7675026a

sys-apps/mawk: add support for -W sandbox mode

 .../mawk/files/mawk-1.3.4-sandbox-default.patch    |  91 +++++++++++++
 sys-apps/mawk/files/mawk-1.3.4-sandbox.patch       | 141 +++++++++++++++++++++
 sys-apps/mawk/mawk-1.3.4_p20171017-r1.ebuild       |  49 +++++++
 sys-apps/mawk/metadata.xml                         |   3 +
 4 files changed, 284 insertions(+)

diff --git a/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch b/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch
new file mode 100644
index 00000000000..c3b0fc1c892
--- /dev/null
+++ b/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch
@@ -0,0 +1,91 @@
+https://github.com/ThomasDickey/original-mawk/issues/49
+
+Note: We hand modify the configure file here because the version of autotools
+used by upstream is very old/finicky, and it's a simple enough change.
+
+From 1ac333b97615c451d7a4743b4724edd46d37a8b2 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Tue, 7 Nov 2017 01:07:47 -0500
+Subject: [PATCH 2/2] add a configure flag to lock sandbox by default
+
+This lets us deploy systems with the sandbox always enabled.
+---
+ configure    | 23 +++++++++++++++++++++++
+ configure.in | 11 +++++++++++
+ init.c       |  4 ++++
+ 3 files changed, 38 insertions(+)
+
+diff --git a/configure.in b/configure.in
+index 8b795fbd264b..770092005386 100644
+--- a/configure.in
++++ b/configure.in
+@@ -112,6 +112,17 @@ fi
+ AC_MSG_RESULT($with_init_srand)
+ 
+ ###############################################################################
++AC_MSG_CHECKING(if you want mawk to always run in sandbox mode)
++CF_ARG_ENABLE([forced-sandbox],
++[  --enable-forced-sandbox always run in sandbox mode],
++	[with_forced_sandbox=yes],
++	[with_forced_sandbox=no])
++if test "x${with_forced_sandbox}" != xno; then
++	CPPFLAGS="$CPPFLAGS -DFORCED_SANDBOX"
++fi
++AC_MSG_RESULT($with_forced_sandbox)
++
++###############################################################################
+ 
+ AC_PROG_YACC
+ CF_PROG_LINT
+diff --git a/init.c b/init.c
+index f7babb337e04..e035d6ea2fc0 100644
+--- a/init.c
++++ b/init.c
+@@ -492,6 +492,10 @@ process_cmdline(int argc, char **argv)
+ 
+   no_more_opts:
+ 
++#ifdef FORCED_SANDBOX
++    sandbox_flag = 1;
++#endif
++
+     tail->link = (PFILE *) 0;
+     pfile_list = dummy.link;
+ 
+diff --git a/configure b/configure
+index a3bf42fe9245..442875b8e58a 100755
+--- a/configure
++++ b/configure
+@@ -4132,6 +4132,29 @@ echo "$as_me:4131: result: $with_init_srand" >&5
+ echo "${ECHO_T}$with_init_srand" >&6
+ 
+ ###############################################################################
++echo "$as_me:4109: checking if you want mawk to always run in sandbox mode" >&5
++echo $ECHO_N "checking if you want mawk to always run in sandbox mode... $ECHO_C" >&6
++
++if test "${enable_forced_sandbox+set}" = set; then
++  enableval="$enable_forced_sandbox"
++  test "$enableval" != yes && enableval=no
++	if test "$enableval" != "no" ; then
++    with_forced_sandbox=yes
++	else
++		with_forced_sandbox=no
++	fi
++else
++  enableval=no
++	with_forced_sandbox=no
++
++fi;
++if test "x${with_forced_sandbox}" != xno; then
++	CPPFLAGS="$CPPFLAGS -DFORCED_SANDBOX"
++fi
++echo "$as_me:4131: result: $with_forced_sandbox" >&5
++echo "${ECHO_T}$with_forced_sandbox" >&6
++
++###############################################################################
+ 
+ for ac_prog in 'bison -y' byacc
+ do
+-- 
+2.13.5
+

diff --git a/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch b/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch
new file mode 100644
index 00000000000..ae2ccbd50ec
--- /dev/null
+++ b/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch
@@ -0,0 +1,141 @@
+https://github.com/ThomasDickey/original-mawk/issues/49
+
+From ae3a324a5af1350aa1a6f648e10b9d6656d9fde4 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Tue, 7 Nov 2017 00:41:36 -0500
+Subject: [PATCH 1/2] add a -W sandbox mode
+
+This is like gawk's sandbox mode where arbitrary code execution and
+file redirection are locked down.  This way awk can be a more secure
+input/output mode.
+---
+ bi_funct.c | 3 +++
+ init.c     | 8 ++++++++
+ man/mawk.1 | 4 ++++
+ mawk.h     | 2 +-
+ scan.c     | 6 ++++++
+ 5 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/bi_funct.c b/bi_funct.c
+index 7742308c72a5..b524ac8dac8b 100644
+--- a/bi_funct.c
++++ b/bi_funct.c
+@@ -908,6 +908,9 @@ bi_system(CELL *sp GCC_UNUSED)
+ #ifdef HAVE_REAL_PIPES
+     int ret_val;
+ 
++    if (sandbox_flag)
++	rt_error("'system' function not allowed in sandbox mode");
++
+     TRACE_FUNC("bi_system", sp);
+ 
+     if (sp->type < C_STRING)
+diff --git a/init.c b/init.c
+index 0ab17b003f20..f7babb337e04 100644
+--- a/init.c
++++ b/init.c
+@@ -40,6 +40,7 @@ typedef enum {
+     W_RANDOM,
+     W_SPRINTF,
+     W_POSIX_SPACE,
++    W_SANDBOX,
+     W_USAGE
+ } W_OPTIONS;
+ 
+@@ -96,6 +97,7 @@ initialize(int argc, char **argv)
+ 
+ int dump_code_flag;		/* if on dump internal code */
+ short posix_space_flag;
++short sandbox_flag;
+ 
+ #ifdef	 DEBUG
+ int dump_RE = 1;		/* if on dump compiled REs  */
+@@ -153,6 +155,7 @@ usage(void)
+ 	"    -W random=number set initial random seed.",
+ 	"    -W sprintf=number adjust size of sprintf buffer.",
+ 	"    -W posix_space   do not consider \"\\n\" a space.",
++	"    -W sandbox       disable system() and I/O redirection.",
+ 	"    -W usage         show this message and exit.",
+     };
+     size_t n;
+@@ -255,6 +258,7 @@ parse_w_opt(char *source, char **next)
+ 	    DATA(RANDOM),
+ 	    DATA(SPRINTF),
+ 	    DATA(POSIX_SPACE),
++	    DATA(SANDBOX),
+ 	    DATA(USAGE)
+     };
+ #undef DATA
+@@ -389,6 +393,10 @@ process_cmdline(int argc, char **argv)
+ 		    posix_space_flag = 1;
+ 		    break;
+ 
++		case W_SANDBOX:
++		    sandbox_flag = 1;
++		    break;
++
+ 		case W_RANDOM:
+ 		    if (haveValue(optNext)) {
+ 			int x = atoi(optNext + 1);
+diff --git a/man/mawk.1 b/man/mawk.1
+index a3c794167dc9..0915d9d7ed5d 100644
+--- a/man/mawk.1
++++ b/man/mawk.1
+@@ -150,6 +150,10 @@ forces
+ \fB\*n\fP
+ not to consider '\en' to be space.
+ .TP
++\-\fBW \fRsandbox
++runs in a restricted mode where system(), input redirection (e.g. getline),
++output redirection (e.g. print and printf), and pipelines are disabled.
++.TP
+ \-\fBW \fRrandom=\fInum\fR
+ calls \fBsrand\fP with the given parameter
+ (and overrides the auto-seeding behavior).
+diff --git a/mawk.h b/mawk.h
+index 2d04be1adb34..a6ccc0071ecc 100644
+--- a/mawk.h
++++ b/mawk.h
+@@ -63,7 +63,7 @@ extern int dump_RE;
+ #define USE_BINMODE 0
+ #endif
+ 
+-extern short posix_space_flag, interactive_flag;
++extern short posix_space_flag, interactive_flag, sandbox_flag;
+ 
+ /*----------------
+  *  GLOBAL VARIABLES
+diff --git a/scan.c b/scan.c
+index 3a8fc9181ab8..c1833b8b7315 100644
+--- a/scan.c
++++ b/scan.c
+@@ -455,6 +455,8 @@ yylex(void)
+ 	    un_next();
+ 
+ 	if (getline_flag) {
++	    if (sandbox_flag)
++		rt_error("redirection not allowed in sandbox mode");
+ 	    getline_flag = 0;
+ 	    ct_ret(IO_IN);
+ 	} else
+@@ -462,6 +464,8 @@ yylex(void)
+ 
+     case SC_GT:		/* '>' */
+ 	if (print_flag && paren_cnt == 0) {
++	    if (sandbox_flag)
++		rt_error("redirection not allowed in sandbox mode");
+ 	    print_flag = 0;
+ 	    /* there are 3 types of IO_OUT
+ 	       -- build the error string in string_buff */
+@@ -488,6 +492,8 @@ yylex(void)
+ 	    un_next();
+ 
+ 	    if (print_flag && paren_cnt == 0) {
++		if (sandbox_flag)
++		    rt_error("pipe execution not allowed in sandbox mode");
+ 		print_flag = 0;
+ 		yylval.ival = PIPE_OUT;
+ 		string_buff[0] = '|';
+-- 
+2.13.5
+

diff --git a/sys-apps/mawk/mawk-1.3.4_p20171017-r1.ebuild b/sys-apps/mawk/mawk-1.3.4_p20171017-r1.ebuild
new file mode 100644
index 00000000000..e50d8aa1277
--- /dev/null
+++ b/sys-apps/mawk/mawk-1.3.4_p20171017-r1.ebuild
@@ -0,0 +1,49 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit toolchain-funcs
+
+MY_P=${P/_p/-}
+DESCRIPTION="an (often faster than gawk) awk-interpreter"
+HOMEPAGE="https://invisible-island.net/mawk/mawk.html"
+SRC_URI="ftp://ftp.invisible-island.net/mawk/${MY_P}.tgz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
+IUSE="forced-sandbox"
+
+RDEPEND="app-eselect/eselect-awk"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+DOCS=( ACKNOWLEDGMENT CHANGES README )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.3.4-sandbox.patch
+	"${FILESDIR}"/${PN}-1.3.4-sandbox-default.patch
+)
+
+src_configure() {
+	tc-export BUILD_CC
+	econf $(use_enable forced-sandbox)
+}
+
+src_install() {
+	default
+
+	exeinto /usr/share/doc/${PF}/examples
+	doexe examples/*
+	docompress -x /usr/share/doc/${PF}/examples
+}
+
+pkg_postinst() {
+	eselect awk update ifunset
+}
+
+pkg_postrm() {
+	eselect awk update ifunset
+}

diff --git a/sys-apps/mawk/metadata.xml b/sys-apps/mawk/metadata.xml
index 56c12441305..fb5ddc9df93 100644
--- a/sys-apps/mawk/metadata.xml
+++ b/sys-apps/mawk/metadata.xml
@@ -5,4 +5,7 @@
 	<email>base-system@gentoo.org</email>
 	<name>Gentoo Base System</name>
 </maintainer>
+<use>
+	<flag name="forced-sandbox">Always enable -W sandbox mode for simpler/secure runtime</flag>
+</use>
 </pkgmetadata>

[gentoo-commits] repo/gentoo:master commit in: sys-apps/mawk/files/, sys-apps/mawk/

[Mike Gilbert]

commit:     1b0f89267a0f0b1d9d7312efe988aaf8d8f84bd2
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 16 21:18:12 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Jan 17 16:02:35 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b0f8926

sys-apps/mawk: remove sandbox patches

We can pick up this feature if/when upstream supports it.

Closes: https://github.com/gentoo/gentoo/pull/14359
Package-Manager: Portage-2.3.84_p2, Repoman-2.3.20_p24
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../mawk/files/mawk-1.3.4-sandbox-default.patch    |  91 -------------
 sys-apps/mawk/files/mawk-1.3.4-sandbox.patch       | 141 ---------------------
 ...90203.ebuild => mawk-1.3.4_p20190203-r1.ebuild} |  10 +-
 ...00106.ebuild => mawk-1.3.4_p20200106-r1.ebuild} |   8 +-
 sys-apps/mawk/metadata.xml                         |   3 -
 5 files changed, 3 insertions(+), 250 deletions(-)

diff --git a/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch b/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch
deleted file mode 100644
index c3b0fc1c892..00000000000
--- a/sys-apps/mawk/files/mawk-1.3.4-sandbox-default.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-https://github.com/ThomasDickey/original-mawk/issues/49
-
-Note: We hand modify the configure file here because the version of autotools
-used by upstream is very old/finicky, and it's a simple enough change.
-
-From 1ac333b97615c451d7a4743b4724edd46d37a8b2 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@chromium.org>
-Date: Tue, 7 Nov 2017 01:07:47 -0500
-Subject: [PATCH 2/2] add a configure flag to lock sandbox by default
-
-This lets us deploy systems with the sandbox always enabled.
----
- configure    | 23 +++++++++++++++++++++++
- configure.in | 11 +++++++++++
- init.c       |  4 ++++
- 3 files changed, 38 insertions(+)
-
-diff --git a/configure.in b/configure.in
-index 8b795fbd264b..770092005386 100644
---- a/configure.in
-+++ b/configure.in
-@@ -112,6 +112,17 @@ fi
- AC_MSG_RESULT($with_init_srand)
- 
- ###############################################################################
-+AC_MSG_CHECKING(if you want mawk to always run in sandbox mode)
-+CF_ARG_ENABLE([forced-sandbox],
-+[  --enable-forced-sandbox always run in sandbox mode],
-+	[with_forced_sandbox=yes],
-+	[with_forced_sandbox=no])
-+if test "x${with_forced_sandbox}" != xno; then
-+	CPPFLAGS="$CPPFLAGS -DFORCED_SANDBOX"
-+fi
-+AC_MSG_RESULT($with_forced_sandbox)
-+
-+###############################################################################
- 
- AC_PROG_YACC
- CF_PROG_LINT
-diff --git a/init.c b/init.c
-index f7babb337e04..e035d6ea2fc0 100644
---- a/init.c
-+++ b/init.c
-@@ -492,6 +492,10 @@ process_cmdline(int argc, char **argv)
- 
-   no_more_opts:
- 
-+#ifdef FORCED_SANDBOX
-+    sandbox_flag = 1;
-+#endif
-+
-     tail->link = (PFILE *) 0;
-     pfile_list = dummy.link;
- 
-diff --git a/configure b/configure
-index a3bf42fe9245..442875b8e58a 100755
---- a/configure
-+++ b/configure
-@@ -4132,6 +4132,29 @@ echo "$as_me:4131: result: $with_init_srand" >&5
- echo "${ECHO_T}$with_init_srand" >&6
- 
- ###############################################################################
-+echo "$as_me:4109: checking if you want mawk to always run in sandbox mode" >&5
-+echo $ECHO_N "checking if you want mawk to always run in sandbox mode... $ECHO_C" >&6
-+
-+if test "${enable_forced_sandbox+set}" = set; then
-+  enableval="$enable_forced_sandbox"
-+  test "$enableval" != yes && enableval=no
-+	if test "$enableval" != "no" ; then
-+    with_forced_sandbox=yes
-+	else
-+		with_forced_sandbox=no
-+	fi
-+else
-+  enableval=no
-+	with_forced_sandbox=no
-+
-+fi;
-+if test "x${with_forced_sandbox}" != xno; then
-+	CPPFLAGS="$CPPFLAGS -DFORCED_SANDBOX"
-+fi
-+echo "$as_me:4131: result: $with_forced_sandbox" >&5
-+echo "${ECHO_T}$with_forced_sandbox" >&6
-+
-+###############################################################################
- 
- for ac_prog in 'bison -y' byacc
- do
--- 
-2.13.5
-

diff --git a/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch b/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch
deleted file mode 100644
index ae2ccbd50ec..00000000000
--- a/sys-apps/mawk/files/mawk-1.3.4-sandbox.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-https://github.com/ThomasDickey/original-mawk/issues/49
-
-From ae3a324a5af1350aa1a6f648e10b9d6656d9fde4 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@chromium.org>
-Date: Tue, 7 Nov 2017 00:41:36 -0500
-Subject: [PATCH 1/2] add a -W sandbox mode
-
-This is like gawk's sandbox mode where arbitrary code execution and
-file redirection are locked down.  This way awk can be a more secure
-input/output mode.
----
- bi_funct.c | 3 +++
- init.c     | 8 ++++++++
- man/mawk.1 | 4 ++++
- mawk.h     | 2 +-
- scan.c     | 6 ++++++
- 5 files changed, 22 insertions(+), 1 deletion(-)
-
-diff --git a/bi_funct.c b/bi_funct.c
-index 7742308c72a5..b524ac8dac8b 100644
---- a/bi_funct.c
-+++ b/bi_funct.c
-@@ -908,6 +908,9 @@ bi_system(CELL *sp GCC_UNUSED)
- #ifdef HAVE_REAL_PIPES
-     int ret_val;
- 
-+    if (sandbox_flag)
-+	rt_error("'system' function not allowed in sandbox mode");
-+
-     TRACE_FUNC("bi_system", sp);
- 
-     if (sp->type < C_STRING)
-diff --git a/init.c b/init.c
-index 0ab17b003f20..f7babb337e04 100644
---- a/init.c
-+++ b/init.c
-@@ -40,6 +40,7 @@ typedef enum {
-     W_RANDOM,
-     W_SPRINTF,
-     W_POSIX_SPACE,
-+    W_SANDBOX,
-     W_USAGE
- } W_OPTIONS;
- 
-@@ -96,6 +97,7 @@ initialize(int argc, char **argv)
- 
- int dump_code_flag;		/* if on dump internal code */
- short posix_space_flag;
-+short sandbox_flag;
- 
- #ifdef	 DEBUG
- int dump_RE = 1;		/* if on dump compiled REs  */
-@@ -153,6 +155,7 @@ usage(void)
- 	"    -W random=number set initial random seed.",
- 	"    -W sprintf=number adjust size of sprintf buffer.",
- 	"    -W posix_space   do not consider \"\\n\" a space.",
-+	"    -W sandbox       disable system() and I/O redirection.",
- 	"    -W usage         show this message and exit.",
-     };
-     size_t n;
-@@ -255,6 +258,7 @@ parse_w_opt(char *source, char **next)
- 	    DATA(RANDOM),
- 	    DATA(SPRINTF),
- 	    DATA(POSIX_SPACE),
-+	    DATA(SANDBOX),
- 	    DATA(USAGE)
-     };
- #undef DATA
-@@ -389,6 +393,10 @@ process_cmdline(int argc, char **argv)
- 		    posix_space_flag = 1;
- 		    break;
- 
-+		case W_SANDBOX:
-+		    sandbox_flag = 1;
-+		    break;
-+
- 		case W_RANDOM:
- 		    if (haveValue(optNext)) {
- 			int x = atoi(optNext + 1);
-diff --git a/man/mawk.1 b/man/mawk.1
-index a3c794167dc9..0915d9d7ed5d 100644
---- a/man/mawk.1
-+++ b/man/mawk.1
-@@ -150,6 +150,10 @@ forces
- \fB\*n\fP
- not to consider '\en' to be space.
- .TP
-+\-\fBW \fRsandbox
-+runs in a restricted mode where system(), input redirection (e.g. getline),
-+output redirection (e.g. print and printf), and pipelines are disabled.
-+.TP
- \-\fBW \fRrandom=\fInum\fR
- calls \fBsrand\fP with the given parameter
- (and overrides the auto-seeding behavior).
-diff --git a/mawk.h b/mawk.h
-index 2d04be1adb34..a6ccc0071ecc 100644
---- a/mawk.h
-+++ b/mawk.h
-@@ -63,7 +63,7 @@ extern int dump_RE;
- #define USE_BINMODE 0
- #endif
- 
--extern short posix_space_flag, interactive_flag;
-+extern short posix_space_flag, interactive_flag, sandbox_flag;
- 
- /*----------------
-  *  GLOBAL VARIABLES
-diff --git a/scan.c b/scan.c
-index 3a8fc9181ab8..c1833b8b7315 100644
---- a/scan.c
-+++ b/scan.c
-@@ -455,6 +455,8 @@ yylex(void)
- 	    un_next();
- 
- 	if (getline_flag) {
-+	    if (sandbox_flag)
-+		rt_error("redirection not allowed in sandbox mode");
- 	    getline_flag = 0;
- 	    ct_ret(IO_IN);
- 	} else
-@@ -462,6 +464,8 @@ yylex(void)
- 
-     case SC_GT:		/* '>' */
- 	if (print_flag && paren_cnt == 0) {
-+	    if (sandbox_flag)
-+		rt_error("redirection not allowed in sandbox mode");
- 	    print_flag = 0;
- 	    /* there are 3 types of IO_OUT
- 	       -- build the error string in string_buff */
-@@ -488,6 +492,8 @@ yylex(void)
- 	    un_next();
- 
- 	    if (print_flag && paren_cnt == 0) {
-+		if (sandbox_flag)
-+		    rt_error("pipe execution not allowed in sandbox mode");
- 		print_flag = 0;
- 		yylval.ival = PIPE_OUT;
- 		string_buff[0] = '|';
--- 
-2.13.5
-

diff --git a/sys-apps/mawk/mawk-1.3.4_p20190203.ebuild b/sys-apps/mawk/mawk-1.3.4_p20190203-r1.ebuild
similarity index 80%
rename from sys-apps/mawk/mawk-1.3.4_p20190203.ebuild
rename to sys-apps/mawk/mawk-1.3.4_p20190203-r1.ebuild
index 84b29b099fc..110cbc7c9a0 100644
--- a/sys-apps/mawk/mawk-1.3.4_p20190203.ebuild
+++ b/sys-apps/mawk/mawk-1.3.4_p20190203-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -13,7 +13,6 @@ SRC_URI="ftp://ftp.invisible-island.net/mawk/${MY_P}.tgz"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="forced-sandbox"
 
 RDEPEND="app-eselect/eselect-awk"
 DEPEND="${RDEPEND}"
@@ -22,14 +21,9 @@ S="${WORKDIR}/${MY_P}"
 
 DOCS=( ACKNOWLEDGMENT CHANGES README )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.3.4-sandbox.patch
-	"${FILESDIR}"/${PN}-1.3.4-sandbox-default.patch
-)
-
 src_configure() {
 	tc-export BUILD_CC
-	econf $(use_enable forced-sandbox)
+	econf
 }
 
 src_install() {

diff --git a/sys-apps/mawk/mawk-1.3.4_p20200106.ebuild b/sys-apps/mawk/mawk-1.3.4_p20200106-r1.ebuild
similarity index 84%
rename from sys-apps/mawk/mawk-1.3.4_p20200106.ebuild
rename to sys-apps/mawk/mawk-1.3.4_p20200106-r1.ebuild
index c0ef9e890ec..7645505ca1f 100644
--- a/sys-apps/mawk/mawk-1.3.4_p20200106.ebuild
+++ b/sys-apps/mawk/mawk-1.3.4_p20200106-r1.ebuild
@@ -13,7 +13,6 @@ SRC_URI="https://invisible-mirror.net/archives/${PN}/${MY_P}.tgz"
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="forced-sandbox"
 
 RDEPEND="app-eselect/eselect-awk"
 DEPEND="${RDEPEND}"
@@ -22,14 +21,9 @@ S="${WORKDIR}/${MY_P}"
 
 DOCS=( ACKNOWLEDGMENT CHANGES README )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.3.4-sandbox.patch
-	"${FILESDIR}"/${PN}-1.3.4-sandbox-default.patch
-)
-
 src_configure() {
 	tc-export BUILD_CC
-	econf $(use_enable forced-sandbox)
+	econf
 }
 
 src_install() {

diff --git a/sys-apps/mawk/metadata.xml b/sys-apps/mawk/metadata.xml
index fb5ddc9df93..56c12441305 100644
--- a/sys-apps/mawk/metadata.xml
+++ b/sys-apps/mawk/metadata.xml
@@ -5,7 +5,4 @@
 	<email>base-system@gentoo.org</email>
 	<name>Gentoo Base System</name>
 </maintainer>
-<use>
-	<flag name="forced-sandbox">Always enable -W sandbox mode for simpler/secure runtime</flag>
-</use>
 </pkgmetadata>