!88 [sync] PR-84: fix CVE-2023-45918

From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock

backport-CVE-2021-39537-add-check-for-end-of-string-in-cvtchar-to-handle-a-malformed.patch

@@ -0,0 +1,46 @@
+From 790a85dbd4a81d5f5d8dd02a44d84f01512ef443 Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Mon, 1 Jun 2020 00:02:30 +0000
+Subject: [PATCH] ncurses 6.2 - patch 20200531
+
++ correct configure version-check/warnng for g++ to allow for 10.x
++ re-enable "bel" in konsole-base (report by Nia Huang)
++ add linux-s entry (patch by Alexandre Montaron).
++ drop long-obsolete convert_configure.pl
++ add test/test_parm.c, for checking tparm changes.
++ improve parameter-checking for tparm, adding function _nc_tiparm() to
+  handle the most-used case, which accepts only numeric parameters
+  (report/testcase by "puppet-meteor").
++ use a more conservative estimate of the buffer-size in lib_tparm.c's
+  save_text() and save_number(), in case the sprintf() function
+  passes-through unexpected characters from a format specifier
+  (report/testcase by "puppet-meteor").
++ add a check for end-of-string in cvtchar to handle a malformed
+  string in infotocap (report/testcase by "puppet-meteor").
+---
+ ncurses/tinfo/captoinfo.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
+index 8b3b83d..f0b8c31 100644
+--- a/ncurses/tinfo/captoinfo.c
++++ b/ncurses/tinfo/captoinfo.c
+@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
+ 	}
+ 	break;
+     case '^':
++       len = 2;
+ 	c = UChar(*++sp);
+-	if (c == '?')
++	if (c == '?') {
+ 	    c = 127;
+-	else
++	} else if (c == '\0') {
++           len = 1;
++       } else {
+ 	    c &= 0x1f;
+-	len = 2;
++       }
+ 	break;
+     default:
+ 	c = UChar(*sp);

backport-CVE-2022-29458.patch

@@ -0,0 +1,81 @@
+From 4c9f63c460cb7134f142aa65f6866c175ed77605 Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Sun, 17 Apr 2022 00:27:48 +0000
+Subject: [PATCH] ncurses 6.3 - patch 20220416
+
+ ncurses/tinfo/alloc_entry.c           |   12 +-
+ ncurses/tinfo/read_entry.c            |   21 +-
+ 2 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c
+index 0bc93942c..aed739436 100644
+--- a/ncurses/tinfo/alloc_entry.c
++++ b/ncurses/tinfo/alloc_entry.c
+@@ -48,8 +48,6 @@
+ #define ABSENT_OFFSET    -1
+ #define CANCELLED_OFFSET -2
+ 
+-#define MAX_STRTAB	4096	/* documented maximum entry size */
+-
+ static char *stringbuf;		/* buffer for string capabilities */
+ static size_t next_free;	/* next free character in stringbuf */
+ 
+@@ -74,7 +72,7 @@ _nc_init_entry(ENTRY * const tp)
+ #endif
+ 
+     if (stringbuf == 0)
+-	TYPE_MALLOC(char, (size_t) MAX_STRTAB, stringbuf);
++	TYPE_MALLOC(char, (size_t) MAX_ENTRY_SIZE, stringbuf);
+ 
+     next_free = 0;
+ 
+@@ -111,11 +109,11 @@ _nc_save_str(const char *string)
+ 	 * Cheat a little by making an empty string point to the end of the
+ 	 * previous string.
+ 	 */
+-	if (next_free < MAX_STRTAB) {
++	if (next_free < MAX_ENTRY_SIZE) {
+ 	    result = (stringbuf + next_free - 1);
+ 	}
+-    } else if (next_free + len < MAX_STRTAB) {
+-	_nc_STRCPY(&stringbuf[next_free], string, MAX_STRTAB);
++    } else if (next_free + len < MAX_ENTRY_SIZE) {
++	_nc_STRCPY(&stringbuf[next_free], string, MAX_ENTRY_SIZE);
+ 	DEBUG(7, ("Saved string %s", _nc_visbuf(string)));
+ 	DEBUG(7, ("at location %d", (int) next_free));
+ 	next_free += len;
+diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
+index 41ef0d0aa..66e3d31ee 100644
+--- a/ncurses/tinfo/read_entry.c
++++ b/ncurses/tinfo/read_entry.c
+@@ -145,6 +145,7 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ {
+     int i;
+     char *p;
++    bool corrupt = FALSE;
+ 
+     for (i = 0; i < count; i++) {
+ 	if (IS_NEG1(buf + 2 * i)) {
+@@ -154,8 +155,20 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ 	} else if (MyNumber(buf + 2 * i) > size) {
+ 	    Strings[i] = ABSENT_STRING;
+ 	} else {
+-	    Strings[i] = (MyNumber(buf + 2 * i) + table);
+-	    TR(TRACE_DATABASE, ("Strings[%d] = %s", i, _nc_visbuf(Strings[i])));
++	    int nn = MyNumber(buf + 2 * i);
++	    if (nn >= 0 && nn < size) {
++		Strings[i] = (nn + table);
++		TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
++				    _nc_visbuf(Strings[i])));
++	    } else {
++		if (!corrupt) {
++		    corrupt = TRUE;
++		    TR(TRACE_DATABASE,
++		       ("ignore out-of-range index %d to Strings[]", nn));
++		    _nc_warning("corrupt data found in convert_strings");
++		}
++		Strings[i] = ABSENT_STRING;
++	    }
+ 	}
+ 
+ 	/* make sure all strings are NUL terminated */

backport-CVE-2023-29491-mitigation.patch

@@ -0,0 +1,43 @@
+Backport of:
+
+Author: Sven Joachim <svenjoac@gmx.de>
+Description: Change the --disable-root-environ configure option behavior
+ By default, the --disable-root-environ option forbids program run by
+ the superuser to load custom terminfo entries.  This patch changes
+ that to only restrict programs running with elevated privileges,
+ matching the behavior of the --disable-setuid-environ option
+ introduced in the 20230423 upstream patchlevel.
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372#29
+Bug: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00018.html
+Forwarded: not-needed
+Last-Update: 2023-05-01
+
+---
+ ncurses/tinfo/access.c |    2 --
+ 1 file changed, 2 deletions(-)
+
+Index: ncurses-6.2/ncurses/tinfo/access.c
+===================================================================
+--- ncurses-6.2.orig/ncurses/tinfo/access.c
++++ ncurses-6.2/ncurses/tinfo/access.c
+@@ -171,15 +171,16 @@ _nc_is_file_path(const char *path)
+ NCURSES_EXPORT(int)
+ _nc_env_access(void)
+ {
++    int result = TRUE;
++
+ #if HAVE_ISSETUGID
+     if (issetugid())
+-	return FALSE;
++	result = FALSE;
+ #elif HAVE_GETEUID && HAVE_GETEGID
+     if (getuid() != geteuid()
+ 	|| getgid() != getegid())
+-	return FALSE;
++	result = FALSE;
+ #endif
+-    /* ...finally, disallow root */
+-    return (getuid() != ROOT_UID) && (geteuid() != ROOT_UID);
++    return result;
+ }
+ #endif

backport-CVE-2023-45918.patch

@@ -0,0 +1,194 @@
+From 6107f670972c4bb79b5f8cfb1f12cc037271a7ee Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Thu, 15 Jun 2023 20:51:06 +0000
+Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230615
+
+Conflict:remove unnecessary modifications and (if (p >= table + size) => if (p > table + size))
+Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/6107f670972c4bb79b5f8cfb1f12cc037271a7ee
+---
+ ncurses/tinfo/comp_error.c       | 17 +++++---
+ ncurses/tinfo/read_entry.c       | 67 ++++++++++++++++++++++----------
+ 2 files changed, 57 insertions(+), 27 deletions(-)
+
+diff --git a/ncurses/tinfo/comp_error.c b/ncurses/tinfo/comp_error.c
+index aa745a6df..3e6b4022a 100644
+--- a/ncurses/tinfo/comp_error.c
++++ b/ncurses/tinfo/comp_error.c
+@@ -42,7 +42,7 @@
+ 
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: comp_error.c,v 1.40 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: comp_error.c,v 1.44 2023/06/15 20:27:02 tom Exp $")
+ 
+ NCURSES_EXPORT_VAR(bool) _nc_suppress_warnings = FALSE;
+ NCURSES_EXPORT_VAR(int) _nc_curr_line = 0; /* current line # in input */
+@@ -60,8 +60,15 @@ _nc_get_source(void)
+ NCURSES_EXPORT(void)
+ _nc_set_source(const char *const name)
+ {
+-    FreeIfNeeded(SourceName);
+-    SourceName = strdup(name);
++    if (name == NULL) {
++	free(SourceName);
++	SourceName = NULL;
++    } else if (SourceName == NULL) {
++	SourceName = strdup(name);
++    } else if (strcmp(name, SourceName)) {
++	free(SourceName);
++	SourceName = strdup(name);
++    }
+ }
+ 
+ NCURSES_EXPORT(void)
+@@ -95,9 +102,9 @@ static NCURSES_INLINE void
+ where_is_problem(void)
+ {
+     fprintf(stderr, "\"%s\"", SourceName ? SourceName : "?");
+-    if (_nc_curr_line >= 0)
++    if (_nc_curr_line > 0)
+ 	fprintf(stderr, ", line %d", _nc_curr_line);
+-    if (_nc_curr_col >= 0)
++    if (_nc_curr_col > 0)
+ 	fprintf(stderr, ", col %d", _nc_curr_col);
+     if (TermType != 0 && TermType[0] != '\0')
+ 	fprintf(stderr, ", terminal '%s'", TermType);
+diff --git a/ncurses/tinfo/read_entry.c b/ncurses/tinfo/read_entry.c
+index 87e422aee..762c6c68c 100644
+--- a/ncurses/tinfo/read_entry.c
++++ b/ncurses/tinfo/read_entry.c
+@@ -42,7 +42,7 @@
+ 
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: read_entry.c,v 1.157 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: read_entry.c,v 1.169 2023/06/15 20:51:06 tom Exp $")
+ 
+ #define TYPE_CALLOC(type,elts) typeCalloc(type, (unsigned)(elts))
+ 
+@@ -138,12 +138,13 @@ convert_16bits(char *buf, NCURSES_INT2 *Numbers, int count)
+ }
+ #endif
+ 
+-static void
+-convert_strings(char *buf, char **Strings, int count, int size, char *table)
++static bool
++convert_strings(char *buf, char **Strings, int count, int size,
++		char *table, bool always)
+ {
+     int i;
+     char *p;
+-    bool corrupt = FALSE;
++    bool success = TRUE;
+ 
+     for (i = 0; i < count; i++) {
+ 	if (IS_NEG1(buf + 2 * i)) {
+@@ -159,13 +160,10 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ 		TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
+ 				    _nc_visbuf(Strings[i])));
+ 	    } else {
+-		if (!corrupt) {
+-		    corrupt = TRUE;
+-		    TR(TRACE_DATABASE,
+-		       ("ignore out-of-range index %d to Strings[]", nn));
+-		    _nc_warning("corrupt data found in convert_strings");
+-		}
+-		Strings[i] = ABSENT_STRING;
++		TR(TRACE_DATABASE,
++		   ("found out-of-range index %d to Strings[%d]", nn, i));
++		success = FALSE;
++		break;
+ 	    }
+ 	}
+ 
+@@ -175,10 +173,25 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ 		if (*p == '\0')
+ 		    break;
+ 	    /* if there is no NUL, ignore the string */
+-	    if (p > table + size)
++	    if (p > table + size) {
+ 		Strings[i] = ABSENT_STRING;
++	    } else if (p == Strings[i] && always) {
++		TR(TRACE_DATABASE,
++		   ("found empty but required Strings[%d]", i));
++		success = FALSE;
++		break;
++	    }
++	} else if (always) {	/* names are always needed */
++	    TR(TRACE_DATABASE,
++	       ("found invalid but required Strings[%d]", i));
++	    success = FALSE;
++	    break;
+ 	}
+     }
++    if (!success) {
++	_nc_warning("corrupt data found in convert_strings");
++    }
++    return success;
+ }
+ 
+ static int
+@@ -382,7 +395,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ 	if (Read(string_table, (unsigned) str_size) != str_size) {
+ 	    returnDB(TGETENT_NO);
+ 	}
+-	convert_strings(buf, ptr->Strings, str_count, str_size, string_table);
++	if (!convert_strings(buf, ptr->Strings, str_count, str_size,
++			     string_table, FALSE)) {
++	    returnDB(TGETENT_NO);
++	}
+     }
+ #if NCURSES_XNAMES
+ 
+@@ -483,8 +499,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ 	       ("Before computing extended-string capabilities "
+ 		"str_count=%d, ext_str_count=%d",
+ 		str_count, ext_str_count));
+-	    convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+-			    ext_str_limit, ptr->ext_str_table);
++	    if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count,
++				 ext_str_limit, ptr->ext_str_table, FALSE)) {
++		returnDB(TGETENT_NO);
++	    }
+ 	    for (i = ext_str_count - 1; i >= 0; i--) {
+ 		TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s",
+ 				    i, i + str_count,
+@@ -516,10 +534,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *buffer, int limit)
+ 	    TR(TRACE_DATABASE,
+ 	       ("ext_NAMES starting @%d in extended_strings, first = %s",
+ 		base, _nc_visbuf(ptr->ext_str_table + base)));
+-	    convert_strings(buf + (2 * ext_str_count),
+-			    ptr->ext_Names,
+-			    (int) need,
+-			    ext_str_limit, ptr->ext_str_table + base);
++	    if (!convert_strings(buf + (2 * ext_str_count),
++				 ptr->ext_Names,
++				 (int) need,
++				 ext_str_limit, ptr->ext_str_table + base,
++				 TRUE)) {
++		returnDB(TGETENT_NO);
++	    }
+ 	}
+ 
+ 	TR(TRACE_DATABASE,
+@@ -572,13 +593,17 @@ _nc_read_file_entry(const char *const filename, TERMTYPE2 *ptr)
+ 	int limit;
+ 	char buffer[MAX_ENTRY_SIZE + 1];
+ 
+-	if ((limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp))
+-	    > 0) {
++	limit = (int) fread(buffer, sizeof(char), sizeof(buffer), fp);
++	if (limit > 0) {
++	    const char *old_source = _nc_get_source();
+ 
+ 	    TR(TRACE_DATABASE, ("read terminfo %s", filename));
++	    if (old_source == NULL)
++		_nc_set_source(filename);
+ 	    if ((code = _nc_read_termtype(ptr, buffer, limit)) == TGETENT_NO) {
+ 		_nc_free_termtype2(ptr);
+ 	    }
++	    _nc_set_source(old_source);
+ 	} else {
+ 	    code = TGETENT_NO;
+ 	}
+ 

backport-CVE-2023-50495.patch

@@ -0,0 +1,92 @@
+From efe9674ee14b14b788f9618941f97d31742f0adc Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Mon, 24 Apr 2023 23:14:45 +0000
+Subject: [PATCH] snapshot of project "ncurses", label v6_4_20230424
+
+Conflict:remove unnecessary modifications
+Reference:https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc#diff-92910179510f7aaf9b70441f3c70521140faa34a192f9e28671ee40bbf052dc4
+---
+ ncurses/tinfo/parse_entry.c | 27 ++++++++++++++++++---------
+ 1 file changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
+index a77cd0b..5390146 100644
+--- a/ncurses/tinfo/parse_entry.c
++++ b/ncurses/tinfo/parse_entry.c
+@@ -1,5 +1,5 @@
+ /****************************************************************************
+- * Copyright 2018-2019,2020 Thomas E. Dickey                                *
++ * Copyright 2018-2022,2023 Thomas E. Dickey                                *
+  * Copyright 1998-2016,2017 Free Software Foundation, Inc.                  *
+  *                                                                          *
+  * Permission is hereby granted, free of charge, to any person obtaining a  *
+@@ -48,7 +48,7 @@
+ #include <ctype.h>
+ #include <tic.h>
+ 
+-MODULE_ID("$Id: parse_entry.c,v 1.99 2020/02/02 23:34:34 tom Exp $")
++MODULE_ID("$Id: parse_entry.c,v 1.108 2023/04/24 22:32:33 tom Exp $")
+ 
+ #ifdef LINT
+ static short const parametrized[] =
+@@ -110,7 +110,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ 	/* Well, we are given a cancel for a name that we don't recognize */
+ 	return _nc_extend_names(entryp, name, STRING);
+     default:
+-	return 0;
++	return NULL;
+     }
+ 
+     /* Adjust the 'offset' (insertion-point) to keep the lists of extended
+@@ -142,6 +142,11 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ 	for (last = (unsigned) (max - 1); last > tindex; last--)
+ 
+     if (!found) {
++	char *saved;
++
++	if ((saved = _nc_save_str(name)) == NULL)
++	    return NULL;
++
+ 	switch (token_type) {
+ 	case BOOLEAN:
+ 	    tp->ext_Booleans++;
+@@ -169,7 +174,7 @@ _nc_extend_names(ENTRY * entryp, const char *name, int token_type)
+ 	TYPE_REALLOC(char *, actual, tp->ext_Names);
+ 	while (--actual > offset)
+ 	    tp->ext_Names[actual] = tp->ext_Names[actual - 1];
+-	tp->ext_Names[offset] = _nc_save_str(name);
++	tp->ext_Names[offset] = saved;
+     }
+ 
+     temp.nte_name = tp->ext_Names[offset];
+@@ -337,6 +342,8 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ 	bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
+ 	bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
+ 	if (is_use || is_tc) {
++	    char *saved;
++
+ 	    if (!VALID_STRING(_nc_curr_token.tk_valstring)
+ 		|| _nc_curr_token.tk_valstring[0] == '\0') {
+ 		_nc_warning("missing name for use-clause");
+@@ -350,11 +357,13 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
+ 			    _nc_curr_token.tk_valstring);
+ 		continue;
+ 	    }
+-	    entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
+-	    entryp->uses[entryp->nuses].line = _nc_curr_line;
+-	    entryp->nuses++;
+-	    if (entryp->nuses > 1 && is_tc) {
+-		BAD_TC_USAGE
++	    if ((saved = _nc_save_str(_nc_curr_token.tk_valstring)) != NULL) {
++		entryp->uses[entryp->nuses].name = saved;
++		entryp->uses[entryp->nuses].line = _nc_curr_line;
++		entryp->nuses++;
++		if (entryp->nuses > 1 && is_tc) {
++		    BAD_TC_USAGE
++		}
+ 	    }
+ 	} else {
+ 	    /* normal token lookup */
+-- 
+2.33.0
+

ncurses.spec

@@ -1,7 +1,7 @@
 %global revision 20200411
 Name:          ncurses
 Version:       6.2
-Release:       1
+Release:       6
 Summary:       Terminal control library
 License:       MIT
 URL:           https://invisible-island.net/ncurses/ncurses.html
@@ -12,6 +12,12 @@ Patch9:        ncurses-libs.patch
 Patch11:       ncurses-urxvt.patch
 Patch12:       ncurses-kbs.patch
 
+Patch13:       backport-CVE-2021-39537-add-check-for-end-of-string-in-cvtchar-to-handle-a-malformed.patch
+Patch14:       backport-CVE-2022-29458.patch
+Patch15:       backport-CVE-2023-29491-mitigation.patch
+Patch16:       backport-CVE-2023-50495.patch
+Patch17:       backport-CVE-2023-45918.patch
+
 BuildRequires: gcc gcc-c++ gpm-devel pkgconfig
 
 Requires:      %{name}-base = %{version}-%{release}
@@ -81,7 +87,7 @@ done
 
 %build
 common_options="--enable-colorfgbg --enable-hard-tabs --enable-overwrite \
-    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros \
+    --enable-pc-files --enable-xmc-glitch --disable-wattr-macros --disable-root-environ \
     --with-cxx-shared --with-ospeed=unsigned \
     --with-pkg-config-libdir=%{_libdir}/pkgconfig \
     --with-shared \
@@ -221,6 +227,36 @@ xz NEWS
 %{_mandir}/man7/*
 
 %changelog
+* Tue Jan 30 2024 yanglu <yanglu72@h-partners.com> - 6.2-6
+- Type:CVE
+- CVE:CVE-2023-45918
+- SUG:NA
+- DESC:fix CVE-2023-45918
+
+* Fri Dec 15 2023 yanglu <yanglu72@h-partners.com> - 6.2-5
+- Type:CVE
+- CVE:CVE-2023-50495
+- SUG:NA
+- DESC:fix CVE-2023-50495
+
+* Mon Jul 03 2023 yanglu <yanglu72@h-partners.com> - 6.2-4
+- Type:CVE
+- CVE:CVE-2023-29491
+- SUG:NA
+- DESC:fix CVE-2023-29491
+
+* Thu Apr 28 2022 gaihuiying <eaglegai@163.com> - 6.2-3
+- Type:CVE
+- CVE:CVE-2022-29458
+- SUG:NA
+- DESC:fix CVE-2022-29458
+
+* Tue Oct 12 2021 xihaochen<xihaochen@huawei.com> - 6.2-2
+- Type:CVE
+- CVE:CVE-2021-39537
+- SUG:NA
+- DESC:fix CVE-2021-39537
+
 * Thu Apr 16 2020 huzunhao <huzunhao2@huawei.com> - 6.2-1
 - Type:bugfix
 - Id:NA