bash package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>

SOURCES/bash-2.02-security.patch

@@ -0,0 +1,11 @@
+--- bash-2.02-orig/parse.y	Wed Mar 25 18:16:23 1998
++++ bash-2.02/parse.y	Sun Apr 19 16:46:34 1998
+@@ -923,7 +923,7 @@
+
+ #if defined (READLINE)
+ char *current_readline_prompt = (char *)NULL;
+-char *current_readline_line = (char *)NULL;
++unsigned char *current_readline_line = (unsigned char *)NULL;
+ int current_readline_line_index = 0;
+
+ static int

SOURCES/bash-2.03-paths.patch

@@ -0,0 +1,30 @@
+--- bash-3.0/config.h.in.paths	2004-07-21 21:08:31.000000000 +0100
++++ bash-3.0/config.h.in	2004-07-28 09:16:27.257884999 +0100
+@@ -197,7 +197,7 @@
+
+ /* System paths */
+
+-#define DEFAULT_MAIL_DIRECTORY "/usr/spool/mail"
++#define DEFAULT_MAIL_DIRECTORY "/var/spool/mail"
+
+ /* Characteristics of the system's header files and libraries that affect
+    the compilation environment. */
+--- bash-3.0/config-top.h.paths	2003-08-05 15:36:12.000000000 +0100
++++ bash-3.0/config-top.h	2004-07-28 09:36:27.117205637 +0100
+@@ -52,14 +52,14 @@
+ /* The default value of the PATH variable. */
+ #ifndef DEFAULT_PATH_VALUE
+ #define DEFAULT_PATH_VALUE \
+-  "/usr/gnu/bin:/usr/local/bin:/bin:/usr/bin:."
++  "/usr/local/bin:/bin:/usr/bin"
+ #endif
+
+ /* The value for PATH when invoking `command -p'.  This is only used when
+    the Posix.2 confstr () function, or CS_PATH define are not present. */
+ #ifndef STANDARD_UTILS_PATH
+ #define STANDARD_UTILS_PATH \
+-  "/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc"
++  "/bin:/usr/bin:/usr/sbin:/sbin"
+ #endif
+
+ /* Default primary and secondary prompt strings. */

SOURCES/bash-2.03-profile.patch

@@ -0,0 +1,12 @@
+diff -up bash-3.2/config-top.h.profile bash-3.2/config-top.h
+--- bash-3.2/config-top.h.profile	2008-07-17 13:35:39.000000000 +0200
++++ bash-3.2/config-top.h	2008-07-17 13:42:18.000000000 +0200
+@@ -26,6 +26,8 @@
+    what POSIX.2 specifies. */
+ #define CONTINUE_AFTER_KILL_ERROR
+
++#define NON_INTERACTIVE_LOGIN_SHELLS
++
+ /* Define BREAK_COMPLAINS if you want the non-standard, but useful
+    error messages about `break' and `continue' out of context. */
+ #define BREAK_COMPLAINS

SOURCES/bash-2.05a-interpreter.patch

@@ -0,0 +1,218 @@
+diff -up bash-4.2-rc2/config.h.in.interpreter bash-4.2-rc2/config.h.in
+--- bash-4.2-rc2/config.h.in.interpreter	2011-02-09 07:59:21.000000000 +0100
++++ bash-4.2-rc2/config.h.in	2011-02-09 07:59:21.000000000 +0100
+@@ -706,6 +706,9 @@
+ /* Define if you have the pathconf function. */
+ #undef HAVE_PATHCONF
+
++/* Define if you have the pread function. */
++#undef HAVE_PREAD
++
+ /* Define if you have the putenv function.  */
+ #undef HAVE_PUTENV
+
+@@ -898,6 +901,9 @@
+ /* Define if you have the <dlfcn.h> header file.  */
+ #undef HAVE_DLFCN_H
+
++/* Define if you have the <elf.h> header file.  */
++#undef HAVE_ELF_H
++
+ /* Define if you have the <grp.h> header file.  */
+ #undef HAVE_GRP_H
+
+diff -up bash-4.2-rc2/configure.in.interpreter bash-4.2-rc2/configure.in
+--- bash-4.2-rc2/configure.in.interpreter	2011-01-16 21:31:12.000000000 +0100
++++ bash-4.2-rc2/configure.in	2011-02-09 08:02:27.000000000 +0100
+@@ -659,7 +659,7 @@ BASH_HEADER_INTTYPES
+ AC_CHECK_HEADERS(unistd.h stdlib.h stdarg.h varargs.h limits.h string.h \
+		 memory.h locale.h termcap.h termio.h termios.h dlfcn.h \
+		 stddef.h stdint.h netdb.h pwd.h grp.h strings.h regex.h \
+-		 syslog.h ulimit.h)
++		 syslog.h ulimit.h elf.h)
+ AC_CHECK_HEADERS(sys/pte.h sys/stream.h sys/select.h sys/file.h \
+		 sys/resource.h sys/param.h sys/socket.h sys/stat.h \
+		 sys/time.h sys/times.h sys/types.h sys/wait.h)
+@@ -723,7 +723,7 @@ dnl checks for system calls
+ AC_CHECK_FUNCS(dup2 eaccess fcntl getdtablesize getgroups gethostname \
+		getpagesize getpeername getrlimit getrusage gettimeofday \
+		kill killpg lstat readlink sbrk select setdtablesize \
+-		setitimer tcgetpgrp uname ulimit waitpid)
++		setitimer tcgetpgrp uname ulimit waitpid pread)
+ AC_REPLACE_FUNCS(rename)
+
+ dnl checks for c library functions
+diff -up bash-4.2-rc2/execute_cmd.c.interpreter bash-4.2-rc2/execute_cmd.c
+--- bash-4.2-rc2/execute_cmd.c.interpreter	2011-01-20 04:24:47.000000000 +0100
++++ bash-4.2-rc2/execute_cmd.c	2011-02-09 07:59:21.000000000 +0100
+@@ -41,6 +41,10 @@
+ #  include <unistd.h>
+ #endif
+
++#ifdef HAVE_ELF_H
++# include <elf.h>
++#endif
++
+ #include "posixtime.h"
+
+ #if defined (HAVE_SYS_RESOURCE_H) && !defined (RLIMTYPE)
+@@ -4975,13 +4979,21 @@ shell_execve (command, args, env)
+	{
+	  /* The file has the execute bits set, but the kernel refuses to
+	     run it for some reason.  See why. */
++#if defined (HAVE_HASH_BANG_EXEC) || defined (HAVE_ELF_H)
++	int fd = open (command, O_RDONLY);
++
++	if (fd >= 0)
++		sample_len = read (fd, sample, sizeof (sample));
++	else
++		sample_len = -1;
++#endif
+ #if defined (HAVE_HASH_BANG_EXEC)
+-	  READ_SAMPLE_BUF (command, sample, sample_len);
+	  if (sample_len > 2 && sample[0] == '#' && sample[1] == '!')
+	    {
+	      char *interp;
+	      int ilen;
+
++	      close (fd);
+	      interp = getinterp (sample, sample_len, (int *)NULL);
+	      ilen = strlen (interp);
+	      errno = i;
+@@ -4997,6 +5009,136 @@ shell_execve (command, args, env)
+	      return (EX_NOEXEC);
+	    }
+ #endif
++#if defined (HAVE_ELF_H)
++	  if (i == ENOENT
++	      && sample_len > EI_NIDENT
++	      && memcmp (sample, ELFMAG, SELFMAG) == 0)
++	    {
++	      off_t offset = -1;
++
++	      /* It is an ELF file.  Now determine whether it is dynamically
++		 linked and if yes, get the offset of the interpreter
++		 string.  */
++	      if (sample[EI_CLASS] == ELFCLASS32
++		  && sample_len > sizeof (Elf32_Ehdr))
++		{
++		  Elf32_Ehdr ehdr;
++		  Elf32_Phdr *phdr;
++		  int nphdr;
++
++		  /* We have to copy the data since the sample buffer
++		     might not be aligned correctly to be accessed as
++		     an Elf32_Ehdr struct.  */
++		  memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));
++
++		  nphdr = ehdr.e_phnum;
++		  phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
++		  if (phdr != NULL)
++		    {
++#ifdef HAVE_PREAD
++		      sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
++					  ehdr.e_phoff);
++#else
++		      if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
++			sample_len = read (fd, phdr,
++					   nphdr * ehdr.e_phentsize);
++		      else
++			sample_len = -1;
++#endif
++		      if (sample_len == nphdr * ehdr.e_phentsize)
++			while (nphdr-- > 0)
++			  if (phdr[nphdr].p_type == PT_INTERP)
++			    {
++			      offset = phdr[nphdr].p_offset;
++			      break;
++			    }
++		      free (phdr);
++		    }
++		}
++	      else if (sample[EI_CLASS] == ELFCLASS64
++		       && sample_len > sizeof (Elf64_Ehdr))
++		{
++		  Elf64_Ehdr ehdr;
++		  Elf64_Phdr *phdr;
++		  int nphdr;
++
++		  /* We have to copy the data since the sample buffer
++		     might not be aligned correctly to be accessed as
++		     an Elf64_Ehdr struct.  */
++		  memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));
++
++		  nphdr = ehdr.e_phnum;
++		  phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
++		  if (phdr != NULL)
++		    {
++#ifdef HAVE_PREAD
++		      sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
++					  ehdr.e_phoff);
++#else
++		      if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
++			sample_len = read (fd, phdr,
++					   nphdr * ehdr.e_phentsize);
++		      else
++			sample_len = -1;
++#endif
++		      if (sample_len == nphdr * ehdr.e_phentsize)
++			while (nphdr-- > 0)
++			  if (phdr[nphdr].p_type == PT_INTERP)
++			    {
++			      offset = phdr[nphdr].p_offset;
++			      break;
++			    }
++		      free (phdr);
++		    }
++		}
++
++	      if (offset != -1)
++		{
++		  size_t maxlen = 0;
++		  size_t actlen = 0;
++		  char *interp = NULL;
++
++		  do
++		    {
++		      if (actlen == maxlen)
++			{
++			  char *newinterp = realloc (interp, maxlen += 200);
++			  if (newinterp == NULL)
++			    {
++			      actlen = 0;
++			      break;
++			    }
++			  interp = newinterp;
++
++#ifdef HAVE_PREAD
++			  actlen = pread (fd, interp, maxlen, offset);
++#else
++			  if (lseek (fd, offset, SEEK_SET) != -1)
++			    actlen = read (fd, interp, maxlen);
++			  else
++			    actlen = -1;
++#endif
++			}
++		    }
++		  while (actlen > 0 && memchr (interp, '\0', actlen) == NULL);
++
++		  if (actlen > 0)
++		    {
++		      close (fd);
++		      errno = i;
++		      sys_error ("%s: %s: bad ELF interpreter", command,
++				 interp);
++		      free (interp);
++		      return (EX_NOEXEC);
++		    }
++
++		  free (interp);
++		}
++	    }
++#endif
++#if defined (HAVE_HASH_BANG_EXEC) || defined (HAVE_ELF_H)
++	  close (fd);
++#endif
+	  errno = i;
+	  file_error (command);
+	}

SOURCES/bash-2.05b-debuginfo.patch

@@ -0,0 +1,10 @@
+--- bash-2.05b/builtins/Makefile.in.debuginfo	2003-03-25 17:25:21.000000000 +0000
++++ bash-2.05b/builtins/Makefile.in	2003-03-25 17:25:49.000000000 +0000
+@@ -93,7 +93,6 @@
+	$(RM) $@
+	./$(MKBUILTINS) $(DIRECTDEFINE) $<
+	$(CC) -c $(CCFLAGS) $*.c || ( $(RM) $*.c ; exit 1 )
+-	$(RM) $*.c
+
+ # How to make a .c file from a .def file.
+ .def.c:

SOURCES/bash-2.05b-manso.patch

@@ -0,0 +1,10 @@
+--- bash-2.05b/doc/builtins.1.manso	2003-02-10 18:58:21.000000000 +0000
++++ bash-2.05b/doc/builtins.1	2003-02-10 18:58:28.000000000 +0000
+@@ -10,6 +10,6 @@
+ ulimit, umask, unalias, unset, wait \- bash built-in commands, see \fBbash\fR(1)
+ .SH BASH BUILTIN COMMANDS
+ .nr zZ 1
+-.so bash.1
++.so man1/bash.1
+ .SH SEE ALSO
+ bash(1), sh(1)

SOURCES/bash-2.05b-pgrp_sync.patch

@@ -0,0 +1,11 @@
+--- bash-2.05b/aclocal.m4.pgrp_sync	2002-06-25 14:45:43.000000000 +0100
++++ bash-2.05b/aclocal.m4	2003-01-15 18:17:35.000000000 +0000
+@@ -1255,7 +1255,7 @@
+	wait(&status);
+	exit(ok ? 0 : 5);
+ }
+-], bash_cv_pgrp_pipe=no,bash_cv_pgrp_pipe=yes,
++], bash_cv_pgrp_pipe=yes,bash_cv_pgrp_pipe=yes,
+    [AC_MSG_WARN(cannot check pgrp synchronization if cross compiling -- defaulting to no)
+     bash_cv_pgrp_pipe=no])
+ ])

SOURCES/bash-2.05b-readline-oom.patch

@@ -0,0 +1,10 @@
+--- bash-2.05b/lib/readline/readline.c.oom	2002-03-13 23:10:46.000000000 +0100
++++ bash-2.05b/lib/readline/readline.c	2002-08-07 12:02:04.000000000 +0200
+@@ -567,7 +567,7 @@
+	{
+	  /* Special case rl_do_lowercase_version (). */
+	  if (func == rl_do_lowercase_version)
+-	    return (_rl_dispatch (_rl_to_lower (key), map));
++	    return (_rl_dispatch (_rl_to_lower ((unsigned char)key), map));
+
+	  rl_executing_keymap = map;

SOURCES/bash-2.05b-xcc.patch

@@ -0,0 +1,18 @@
+--- bash-3.1/Makefile.in.xcc	2005-10-25 19:37:52.000000000 +0100
++++ bash-3.1/Makefile.in	2005-12-23 16:11:09.000000000 +0000
+@@ -68,6 +68,7 @@
+ ARFLAGS = @ARFLAGS@
+ RANLIB = @RANLIB@
+ SIZE = @SIZE@
++STRIP = strip
+
+ INSTALL = @INSTALL@
+ INSTALL_PROGRAM = @INSTALL_PROGRAM@
+@@ -535,7 +536,7 @@
+	@chmod a+rx bashbug
+
+ strip:	$(Program) .made
+-	strip $(Program)
++	$(STRIP) $(Program)
+	ls -l $(Program)
+	-$(SIZE) $(Program)

SOURCES/bash-3.2-audit.patch

@@ -0,0 +1,107 @@
+diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in
+--- bash-4.2/config.h.in.audit	2013-01-31 16:26:16.857698992 +0100
++++ bash-4.2/config.h.in	2013-01-31 16:26:16.876699255 +0100
+@@ -1131,6 +1131,14 @@
+
+ /* End additions for lib/intl */
+
++
++/* Additions for lib/readline */
++
++/* Define if you have <linux/audit.h> and it defines AUDIT_USER_TTY */
++#undef HAVE_DECL_AUDIT_USER_TTY
++
++/* End additions for lib/readline */
++
+ #include "config-bot.h"
+
+ #endif /* _CONFIG_H_ */
+diff -up bash-4.2/configure.in.audit bash-4.2/configure.in
+--- bash-4.2/configure.in.audit	2013-01-31 16:26:16.858699005 +0100
++++ bash-4.2/configure.in	2013-01-31 16:26:16.877699269 +0100
+@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK
+ BASH_SYS_PGRP_SYNC
+ BASH_SYS_SIGNAL_VINTAGE
+
++AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include <linux/audit.h>]])
++
+ dnl checking for the presence of certain library symbols
+ BASH_SYS_ERRLIST
+ BASH_SYS_SIGLIST
+diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c
+--- bash-4.2/lib/readline/readline.c.audit	2013-01-31 16:26:16.871699185 +0100
++++ bash-4.2/lib/readline/readline.c	2013-01-31 17:24:23.902744860 +0100
+@@ -55,6 +55,12 @@
+ extern int errno;
+ #endif /* !errno */
+
++#if defined (HAVE_DECL_AUDIT_USER_TTY)
++#  include <sys/socket.h>
++#  include <linux/audit.h>
++#  include <linux/netlink.h>
++#endif
++
+ /* System-specific feature definitions and include files. */
+ #include "rldefs.h"
+ #include "rlmbutil.h"
+@@ -301,7 +307,48 @@ rl_set_prompt (prompt)
+   rl_visible_prompt_length = rl_expand_prompt (rl_prompt);
+   return 0;
+ }
+-
++
++#if defined (HAVE_DECL_AUDIT_USER_TTY)
++/* Report STRING to the audit system. */
++static void
++audit_tty (char *string)
++{
++  struct sockaddr_nl addr;
++  struct msghdr msg;
++  struct nlmsghdr nlm;
++  struct iovec iov[2];
++  size_t size;
++  int fd;
++
++  size = strlen (string) + 1;
++  fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
++  if (fd < 0)
++    return;
++  nlm.nlmsg_len = NLMSG_LENGTH (size);
++  nlm.nlmsg_type = AUDIT_USER_TTY;
++  nlm.nlmsg_flags = NLM_F_REQUEST;
++  nlm.nlmsg_seq = 0;
++  nlm.nlmsg_pid = 0;
++  iov[0].iov_base = &nlm;
++  iov[0].iov_len = sizeof (nlm);
++  iov[1].iov_base = string;
++  iov[1].iov_len = size;
++  addr.nl_family = AF_NETLINK;
++  addr.nl_pad = 0;
++  addr.nl_pid = 0;
++  addr.nl_groups = 0;
++  msg.msg_name = &addr;
++  msg.msg_namelen = sizeof (addr);
++  msg.msg_iov = iov;
++  msg.msg_iovlen = 2;
++  msg.msg_control = NULL;
++  msg.msg_controllen = 0;
++  msg.msg_flags = 0;
++  (void)sendmsg (fd, &msg, 0);
++  close (fd);
++}
++#endif
++
+ /* Read a line of input.  Prompt with PROMPT.  An empty PROMPT means
+    none.  A return value of NULL means that EOF was encountered. */
+ char *
+@@ -352,6 +399,11 @@ readline (prompt)
+     RL_SETSTATE (RL_STATE_CALLBACK);
+ #endif
+
++#if defined (HAVE_DECL_AUDIT_USER_TTY)
++  if (value != NULL)
++    audit_tty (value);
++#endif
++
+   return (value);
+ }

SOURCES/bash-3.2-ssh_source_bash.patch

@@ -0,0 +1,12 @@
+diff -up bash-4.0/config-top.h.ssh_source_bash bash-4.0/config-top.h
+--- bash-4.0/config-top.h.ssh_source_bash	2009-01-21 15:20:06.000000000 +0100
++++ bash-4.0/config-top.h	2009-01-21 15:25:46.000000000 +0100
+@@ -90,7 +90,7 @@
+    sshd and source the .bashrc if so (like the rshd behavior).  This checks
+    for the presence of SSH_CLIENT or SSH2_CLIENT in the initial environment,
+    which can be fooled under certain not-uncommon circumstances. */
+-/* #define SSH_SOURCE_BASHRC */
++#define SSH_SOURCE_BASHRC
+
+ /* Define if you want the case-capitalizing operators (~[~]) and the
+    `capcase' variable attribute (declare -c). */

SOURCES/bash-4.0-nobits.patch

@@ -0,0 +1,154 @@
+diff -up bash-4.0/execute_cmd.c.nobits bash-4.0/execute_cmd.c
+--- bash-4.0/execute_cmd.c.nobits	2009-08-11 11:53:38.000000000 +0200
++++ bash-4.0/execute_cmd.c	2009-08-14 16:18:18.000000000 +0200
+@@ -4747,6 +4747,7 @@ shell_execve (command, args, env)
+	      && memcmp (sample, ELFMAG, SELFMAG) == 0)
+	    {
+	      off_t offset = -1;
++              int dynamic_nobits = 0;
+
+	      /* It is an ELF file.  Now determine whether it is dynamically
+		 linked and if yes, get the offset of the interpreter
+@@ -4756,13 +4757,61 @@ shell_execve (command, args, env)
+		{
+		  Elf32_Ehdr ehdr;
+		  Elf32_Phdr *phdr;
+-		  int nphdr;
++                  Elf32_Shdr *shdr;
++		  int nphdr, nshdr;
+
+		  /* We have to copy the data since the sample buffer
+		     might not be aligned correctly to be accessed as
+		     an Elf32_Ehdr struct.  */
+		  memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));
+
++		  nshdr = ehdr.e_shnum;
++		  shdr = (Elf32_Shdr *) malloc (nshdr * ehdr.e_shentsize);
++
++		  if (shdr != NULL)
++		    {
++#ifdef HAVE_PREAD
++		      sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
++					  ehdr.e_shoff);
++#else
++		      if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
++			sample_len = read (fd, shdr,
++					   nshdr * ehdr.e_shentsize);
++		      else
++			sample_len = -1;
++#endif
++		      if (sample_len == nshdr * ehdr.e_shentsize)
++                        {
++                          char *strings = (char *) malloc (shdr[ehdr.e_shstrndx].sh_size);
++                          if (strings != NULL)
++                            {
++#ifdef HAVE_PREAD
++		              sample_len = pread (fd, strings,
++                                             shdr[ehdr.e_shstrndx].sh_size,
++					     shdr[ehdr.e_shstrndx].sh_offset);
++#else
++		              if (lseek (fd, shdr[ehdr.e_shstrndx].sh_offset,
++                                         SEEK_SET) != -1)
++			        sample_len = read (fd, strings,
++			  		       shdr[ehdr.e_shstrndx].sh_size);
++		              else
++			        sample_len = -1;
++#endif
++                              if (sample_len == shdr[ehdr.e_shstrndx].sh_size)
++			        while (nshdr-- > 0)
++                                  if (strcmp (strings + shdr[nshdr].sh_name,
++                                              ".interp") == 0 &&
++                                      shdr[nshdr].sh_type == SHT_NOBITS)
++                                    {
++                                      dynamic_nobits++;
++                                      break;
++                                    }
++                              free (strings);
++                            }
++                        }
++		      free (shdr);
++		    }
++
+		  nphdr = ehdr.e_phnum;
+		  phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
+		  if (phdr != NULL)
+@@ -4792,13 +4841,60 @@ shell_execve (command, args, env)
+		{
+		  Elf64_Ehdr ehdr;
+		  Elf64_Phdr *phdr;
+-		  int nphdr;
++                  Elf64_Shdr *shdr;
++		  int nphdr, nshdr;
+
+		  /* We have to copy the data since the sample buffer
+		     might not be aligned correctly to be accessed as
+		     an Elf64_Ehdr struct.  */
+		  memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));
+
++		  nshdr = ehdr.e_shnum;
++		  shdr = (Elf64_Shdr *) malloc (nshdr * ehdr.e_shentsize);
++		  if (shdr != NULL)
++		    {
++#ifdef HAVE_PREAD
++		      sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
++					  ehdr.e_shoff);
++#else
++		      if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
++			sample_len = read (fd, shdr,
++					   nshdr * ehdr.e_shentsize);
++		      else
++			sample_len = -1;
++#endif
++		      if (sample_len == nshdr * ehdr.e_shentsize)
++                        {
++                          char *strings = (char *) malloc (shdr[ehdr.e_shstrndx].sh_size);
++                          if (strings != NULL)
++                            {
++#ifdef HAVE_PREAD
++		              sample_len = pread (fd, strings,
++                                             shdr[ehdr.e_shstrndx].sh_size,
++					     shdr[ehdr.e_shstrndx].sh_offset);
++#else
++		              if (lseek (fd, shdr[ehdr.e_shstrndx].sh_offset,
++                                         SEEK_SET) != -1)
++			        sample_len = read (fd, strings,
++			  		       shdr[ehdr.e_shstrndx].sh_size);
++		              else
++			        sample_len = -1;
++#endif
++                              if (sample_len == shdr[ehdr.e_shstrndx].sh_size)
++			        while (nshdr-- > 0)
++                                  if (strcmp (strings + shdr[nshdr].sh_name,
++                                              ".interp") == 0 &&
++                                      shdr[nshdr].sh_type == SHT_NOBITS)
++                                    {
++                                      dynamic_nobits++;
++                                      break;
++                                    }
++                              free (strings);
++                            }
++                        }
++		      free (shdr);
++		    }
++
+		  nphdr = ehdr.e_phnum;
+		  phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
+		  if (phdr != NULL)
+@@ -4858,8 +4954,15 @@ shell_execve (command, args, env)
+		    {
+		      close (fd);
+		      errno = i;
+-		      sys_error ("%s: %s: bad ELF interpreter", command,
+-				 interp);
++                      if (dynamic_nobits > 0)
++                        {
++                          sys_error ("%s: bad ELF interpreter", command);
++                        }
++                      else
++                        {
++		          sys_error ("%s: %s: bad ELF interpreter", command,
++				     interp);
++                        }
+		      free (interp);
+		      return (EX_NOEXEC);
+		    }

SOURCES/bash-4.1-broken_pipe.patch

@@ -0,0 +1,12 @@
+diff -up bash-4.1/config-top.h.broken_pipe bash-4.1/config-top.h
+--- bash-4.1/config-top.h.broken_pipe	2011-01-06 18:01:30.000000000 +0100
++++ bash-4.1/config-top.h	2011-01-06 18:02:14.000000000 +0100
+@@ -51,7 +51,7 @@
+ /* Define DONT_REPORT_BROKEN_PIPE_WRITE_ERRORS if you don't want builtins
+    like `echo' and `printf' to report errors when output does not succeed
+    due to EPIPE. */
+-/* #define DONT_REPORT_BROKEN_PIPE_WRITE_ERRORS */
++#define DONT_REPORT_BROKEN_PIPE_WRITE_ERRORS
+
+ /* The default value of the PATH variable. */
+ #ifndef DEFAULT_PATH_VALUE

SOURCES/bash-4.1-defer-sigchld-trap.patch

@@ -0,0 +1,30 @@
+diff -pruN bash-4.1/jobs.c bash-4.1.patched/jobs.c
+--- bash-4.1/jobs.c	2009-11-30 03:42:05.000000000 +0530
++++ bash-4.1.patched/jobs.c	2012-03-06 16:44:15.706595703 +0530
+@@ -3037,6 +3037,7 @@ waitchld (wpid, block)
+   PROCESS *child;
+   pid_t pid;
+   int call_set_current, last_stopped_job, job, children_exited, waitpid_flags;
++  int called_from_sighand = sigchld;
+   static int wcontinued = WCONTINUED;	/* run-time fix for glibc problem */
+
+   call_set_current = children_exited = 0;
+@@ -3161,7 +3162,17 @@ waitchld (wpid, block)
+	  longjmp (wait_intr_buf, 1);
+	}
+
+-      run_sigchld_trap (children_exited);
++      /* Queue up the trap handler if we're called directly from within the
++         signal handler. */
++      if (called_from_sighand)
++	{
++	  int i = children_exited;
++	  interrupt_immediately = 0;
++	  while (i--)
++	    trap_handler (SIGCHLD);
++	}
++      else
++	run_sigchld_trap (children_exited);
+     }
+
+   /* We have successfully recorded the useful information about this process

SOURCES/bash-4.1-examples.patch

@@ -0,0 +1,24 @@
+diff -up bash-4.1/examples/loadables/Makefile.in.examples bash-4.1/examples/loadables/Makefile.in
+--- bash-4.1/examples/loadables/Makefile.in.examples	2010-06-22 16:20:02.000000000 +0200
++++ bash-4.1/examples/loadables/Makefile.in	2010-06-22 16:20:41.000000000 +0200
+@@ -43,7 +43,7 @@ host_os = @host_os@
+ host_cpu = @host_cpu@
+ host_vendor = @host_vendor@
+
+-CFLAGS = @CFLAGS@
++CFLAGS = -O2 -g
+ LOCAL_CFLAGS = @LOCAL_CFLAGS@
+ DEFS = @DEFS@
+ LOCAL_DEFS = @LOCAL_DEFS@
+diff -up bash-4.1/examples/loadables/perl/Makefile.in.examples bash-4.1/examples/loadables/perl/Makefile.in
+--- bash-4.1/examples/loadables/perl/Makefile.in.examples	2010-06-22 16:20:46.000000000 +0200
++++ bash-4.1/examples/loadables/perl/Makefile.in	2010-06-22 16:21:04.000000000 +0200
+@@ -42,7 +42,7 @@ SHELL = @MAKE_SHELL@
+
+ PERL5 = perl5
+
+-CFLAGS = @CFLAGS@
++CFLAGS = -O2 -g
+
+ #
+ # These values are generated for configure by ${topdir}/support/shobj-conf.

SOURCES/bash-4.1-trap.patch

@@ -0,0 +1,46 @@
+Only in bash-4.1: _patchlevel
+diff -rup bash-4.1.orig/trap.c bash-4.1/trap.c
+--- bash-4.1.orig/trap.c	2013-05-14 13:58:06.224000564 +0900
++++ bash-4.1/trap.c	2013-06-26 16:59:42.968001502 +0900
+@@ -269,6 +269,9 @@ run_pending_traps ()
+   if (catch_flag == 0)		/* simple optimization */
+     return;
+
++  if (running_trap > 0)
++    return;			/* no recursive trap invocations */
++
+   catch_flag = 0;
+
+   /* Preserve $? when running trap. */
+@@ -294,6 +297,8 @@ run_pending_traps ()
+ #  endif
+ #endif /* HAVE_POSIX_SIGNALS */
+
++	  running_trap = sig + 1;
++
+	  if (sig == SIGINT)
+	    {
+	      run_interrupt_trap ();
+@@ -338,7 +343,14 @@ run_pending_traps ()
+	      save_subst_varlist = subst_assign_varlist;
+	      subst_assign_varlist = 0;
+
++#if defined (JOB_CONTROL)
++	      save_pipeline (1);        /* XXX only provides one save level */
++#endif
+	      parse_and_execute (savestring (trap_list[sig]), "trap", SEVAL_NONINT|SEVAL_NOHIST|SEVAL_RESETLINE);
++#if defined (JOB_CONTROL)
++	      restore_pipeline (1);
++#endif
++
+	      restore_token_state (token_state);
+	      free (token_state);
+
+@@ -346,6 +358,7 @@ run_pending_traps ()
+	    }
+
+	  pending_traps[sig] = 0;
++	  running_trap = 0;
+
+ #if defined (HAVE_POSIX_SIGNALS)
+	  sigprocmask (SIG_SETMASK, &oset, (sigset_t *)NULL);

SOURCES/bash-4.2-brace-expand.patch

@@ -0,0 +1,24 @@
+diff --git a/braces.c b/braces.c
+index 2febed7..61c1ab1 100644
+--- a/braces.c
++++ b/braces.c
+@@ -529,6 +529,11 @@ brace_gobbler (text, tlen, indx, satisfy)
+	{
+	  if (c == quoted)
+	    quoted = 0;
++#if defined (SHELL)
++         /* The shell allows quoted command substitutions */
++         if (quoted == '"' && c == '$' && text[i+1] == '(')    /*)*/
++           goto comsub;
++#endif
+	  ADVANCE_CHAR (text, tlen, i);
+	  continue;
+	}
+@@ -551,6 +556,7 @@ brace_gobbler (text, tlen, indx, satisfy)
+       /* Pass new-style command and process substitutions through unchanged. */
+       if ((c == '$' || c == '<' || c == '>') && text[i+1] == '(')			/* ) */
+	{
++comsub:
+	  si = i + 2;
+	  t = extract_command_subst (text, &si, 0);
+	  i = si;

SOURCES/bash-4.2-case-in-command-subst.patch

@@ -0,0 +1,21 @@
+diff -up bash-4.2/parse.y.old bash-4.2/parse.y
+--- bash-4.2/parse.y.old	2015-05-18 13:04:30.341494305 +0200
++++ bash-4.2/parse.y	2015-05-18 13:05:18.245509202 +0200
+@@ -3693,6 +3693,17 @@ eof_error:
+	    }
+	  else if MBTEST((tflags & LEX_CKCOMMENT) && ch == '#' && (lex_rwlen == 0 || ((tflags & LEX_INWORD) && lex_wlen == 0)))
+	    ;	/* don't modify LEX_RESWDOK if we're starting a comment */
++	  /* Allow `do' followed by space, tab, or newline to preserve the
++	     RESWDOK flag, but reset the reserved word length counter so we
++	     can read another one. */
++	  else if MBTEST(((tflags & LEX_INCASE) == 0) &&
++			  (isblank(ch) || ch == '\n') &&
++			  lex_rwlen == 2 &&
++			  STREQN (ret + retind - 2, "do", 2))
++{
++/*itrace("parse_comsub:%d: lex_incase == 1 found `%c', found \"do\"", line_number, ch);*/
++	    lex_rwlen = 0;
++}
+	  else if MBTEST((tflags & LEX_INCASE) && ch != '\n')
+	    /* If we can read a reserved word and we're in case, we're at the
+	       point where we can read a new pattern list or an esac.  We

SOURCES/bash-4.2-check-debugger.patch

@@ -0,0 +1,86 @@
+diff -up bash-4.2/builtins/evalfile.c.old bash-4.2/builtins/evalfile.c
+--- bash-4.2/builtins/evalfile.c.old	2015-05-14 20:45:31.402793505 +0200
++++ bash-4.2/builtins/evalfile.c	2015-05-14 20:45:47.632794791 +0200
+@@ -317,6 +317,23 @@ maybe_execute_file (fname, force_noninte
+   return result;
+ }
+
++int
++force_execute_file (fname, force_noninteractive)
++     const char *fname;
++     int force_noninteractive;
++{
++  char *filename;
++  int result, flags;
++
++  filename = bash_tilde_expand (fname, 0);
++  flags = 0;
++  if (force_noninteractive)
++    flags |= FEVAL_NONINT;
++  result = _evalfile (filename, flags);
++  free (filename);
++  return result;
++}
++
+ #if defined (HISTORY)
+ int
+ fc_execute_file (filename)
+diff -up bash-4.2/configure.in.old bash-4.2/configure.in
+--- bash-4.2/configure.in.old	2015-05-14 21:27:20.882449456 +0200
++++ bash-4.2/configure.in	2015-05-14 21:19:25.654612738 +0200
+@@ -149,7 +149,7 @@ fi
+ fi
+
+ if test -z "${DEBUGGER_START_FILE}"; then
+-	DEBUGGER_START_FILE='${datadir}/bashdb/bashdb-main.inc'
++	DEBUGGER_START_FILE='/usr/share/bashdb/bashdb-main.inc'
+ fi
+
+ dnl optional shell features in config.h.in
+diff -up bash-4.2/shell.c.old bash-4.2/shell.c
+--- bash-4.2/shell.c.old	2015-05-14 20:42:54.379781066 +0200
++++ bash-4.2/shell.c	2015-05-14 20:43:04.966781904 +0200
+@@ -1373,12 +1373,19 @@ start_debugger ()
+ {
+ #if defined (DEBUGGER) && defined (DEBUGGER_START_FILE)
+   int old_errexit;
++  int r;
+
+   old_errexit = exit_immediately_on_error;
+   exit_immediately_on_error = 0;
+
+-  maybe_execute_file (DEBUGGER_START_FILE, 1);
+-  function_trace_mode = 1;
++  r = force_execute_file (DEBUGGER_START_FILE, 1);
++  if (r < 0)
++    {
++      internal_warning ("cannot start debugger; debugging mode disabled");
++      debugging_mode = function_trace_mode = 0;
++    }
++  else
++    function_trace_mode = 1;
+
+   exit_immediately_on_error += old_errexit;
+ #endif
+diff -up bash-4.2/builtins/evalfile.c.old bash-4.2/builtins/evalfile.c
+--- bash-4.2/builtins/evalfile.c.old	2015-05-15 00:52:01.357266353 +0200
++++ bash-4.2/builtins/evalfile.c	2015-05-15 00:52:08.734263236 +0200
+@@ -125,7 +125,7 @@ file_error_and_exit:
+	}
+
+       return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE
+-      				      : ((errno == ENOENT) ? 0 : -1));
++      				      : ((errno == ENOENT && (flags & FEVAL_ENOENTOK) != 0) ? 0 : -1));
+     }
+
+   errfunc = ((flags & FEVAL_BUILTIN) ? builtin_error : internal_error);
+diff -up bash-4.2/builtins/common.h.old bash-4.2/builtins/common.h
+--- bash-4.2/builtins/common.h.old	2015-05-15 00:52:01.357266353 +0200
++++ bash-4.2/builtins/common.h	2015-05-15 00:52:08.734263236 +0200
+@@ -170,6 +170,7 @@
+
+ /* Functions from evalfile.c */
+ extern int maybe_execute_file __P((const char *, int));
++extern int force_execute_file __P((const char *, int));
+ extern int source_file __P((const char *, int));
+ extern int fc_execute_file __P((const char *));

SOURCES/bash-4.2-coverity.patch

@@ -0,0 +1,99 @@
+diff -up bash-4.2/execute_cmd.c.coverity bash-4.2/execute_cmd.c
+--- bash-4.2/execute_cmd.c.coverity	2011-02-24 13:04:35.000000000 +0100
++++ bash-4.2/execute_cmd.c	2011-02-24 13:49:13.000000000 +0100
+@@ -5036,7 +5036,7 @@ shell_execve (command, args, env)
+		  Elf32_Ehdr ehdr;
+		  Elf32_Phdr *phdr;
+                   Elf32_Shdr *shdr;
+-		  int nphdr, nshdr;
++		  Elf32_Half nphdr, nshdr;
+
+		  /* We have to copy the data since the sample buffer
+		     might not be aligned correctly to be accessed as
+@@ -5044,12 +5044,12 @@ shell_execve (command, args, env)
+		  memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));
+
+		  nshdr = ehdr.e_shnum;
+-		  shdr = (Elf32_Shdr *) malloc (nshdr * ehdr.e_shentsize);
++		  shdr = (Elf32_Shdr *) malloc ((size_t)nshdr * (size_t)ehdr.e_shentsize);
+
+		  if (shdr != NULL)
+		    {
+ #ifdef HAVE_PREAD
+-		      sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
++		      sample_len = pread (fd, shdr, (size_t)nshdr * (size_t)ehdr.e_shentsize,
+					  ehdr.e_shoff);
+ #else
+		      if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
+@@ -5091,11 +5091,11 @@ shell_execve (command, args, env)
+		    }
+
+		  nphdr = ehdr.e_phnum;
+-		  phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
++		  phdr = (Elf32_Phdr *) malloc ((size_t)nphdr * (size_t)ehdr.e_phentsize);
+		  if (phdr != NULL)
+		    {
+ #ifdef HAVE_PREAD
+-		      sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
++		      sample_len = pread (fd, phdr, (size_t)nphdr * (size_t)ehdr.e_phentsize,
+					  ehdr.e_phoff);
+ #else
+		      if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
+@@ -5120,7 +5120,7 @@ shell_execve (command, args, env)
+		  Elf64_Ehdr ehdr;
+		  Elf64_Phdr *phdr;
+                   Elf64_Shdr *shdr;
+-		  int nphdr, nshdr;
++		  Elf32_Half nphdr, nshdr;
+
+		  /* We have to copy the data since the sample buffer
+		     might not be aligned correctly to be accessed as
+@@ -5128,11 +5128,11 @@ shell_execve (command, args, env)
+		  memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));
+
+		  nshdr = ehdr.e_shnum;
+-		  shdr = (Elf64_Shdr *) malloc (nshdr * ehdr.e_shentsize);
++		  shdr = (Elf64_Shdr *) malloc ((size_t)nshdr * (size_t)ehdr.e_shentsize);
+		  if (shdr != NULL)
+		    {
+ #ifdef HAVE_PREAD
+-		      sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
++		      sample_len = pread (fd, shdr, (size_t)nshdr * (size_t)ehdr.e_shentsize,
+					  ehdr.e_shoff);
+ #else
+		      if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
+@@ -5174,11 +5174,11 @@ shell_execve (command, args, env)
+		    }
+
+		  nphdr = ehdr.e_phnum;
+-		  phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
++		  phdr = (Elf64_Phdr *) malloc ((size_t)nphdr * (size_t)ehdr.e_phentsize);
+		  if (phdr != NULL)
+		    {
+ #ifdef HAVE_PREAD
+-		      sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
++		      sample_len = pread (fd, phdr, (size_t)nphdr * (size_t)ehdr.e_phentsize,
+					  ehdr.e_phoff);
+ #else
+		      if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
+@@ -5200,8 +5200,8 @@ shell_execve (command, args, env)
+
+	      if (offset != -1)
+		{
+-		  size_t maxlen = 0;
+-		  size_t actlen = 0;
++		  ssize_t maxlen = 0;
++		  ssize_t actlen = 0;
+		  char *interp = NULL;
+
+		  do
+@@ -5250,7 +5250,8 @@ shell_execve (command, args, env)
+	    }
+ #endif
+ #if defined (HAVE_HASH_BANG_EXEC) || defined (HAVE_ELF_H)
+-	  close (fd);
++          if (fd >= 0)
++	    close (fd);
+ #endif
+	  errno = i;
+	  file_error (command);

SOURCES/bash-4.2-cve-2014-7169-0.patch

@@ -0,0 +1,11 @@
+*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
+--- parse.y	2014-09-24 22:47:28.000000000 -0400
+***************
+*** 2959,2962 ****
+--- 2959,2964 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+
++   eol_ungetc_lookahead = 0;
++
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';

SOURCES/bash-4.2-cve-2014-7169-1.patch

@@ -0,0 +1,147 @@
+--- ../bash-4.2-orig/variables.c	2014-09-25 13:07:59.313209541 +0200
++++ variables.c	2014-09-25 13:15:29.869420719 +0200
+@@ -268,7 +268,7 @@
+ static void propagate_temp_var __P((PTR_T));
+ static void dispose_temporary_env __P((sh_free_func_t *));
+
+-static inline char *mk_env_string __P((const char *, const char *));
++static inline char *mk_env_string __P((const char *, const char *, int));
+ static char **make_env_array_from_var_list __P((SHELL_VAR **));
+ static char **make_var_export_array __P((VAR_CONTEXT *));
+ static char **make_func_export_array __P((void));
+@@ -301,6 +301,14 @@
+ #endif
+ }
+
++/* Prefix and suffix for environment variable names which contain
++   shell functions. */
++#define FUNCDEF_PREFIX "BASH_FUNC_"
++#define FUNCDEF_PREFIX_LEN (strlen (FUNCDEF_PREFIX))
++#define FUNCDEF_SUFFIX "()"
++#define FUNCDEF_SUFFIX_LEN (strlen (FUNCDEF_SUFFIX))
++
++
+ /* Initialize the shell variables from the current environment.
+    If PRIVMODE is nonzero, don't import functions from ENV or
+    parse $SHELLOPTS. */
+@@ -338,28 +346,40 @@
+
+       /* If exported function, define it now.  Don't import functions from
+	 the environment in privileged mode. */
+-      if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+-	{
+-	  string_length = strlen (string);
+-	  temp_string = (char *)xmalloc (3 + string_length + char_index);
++      if (privmode == 0 && read_but_dont_execute == 0
++	  && STREQN (FUNCDEF_PREFIX, name, FUNCDEF_PREFIX_LEN)
++	  && STREQ (name + char_index - FUNCDEF_SUFFIX_LEN, FUNCDEF_SUFFIX)
++	  && STREQN ("() {", string, 4))
++	{
++	  size_t name_length
++	    = char_index - (FUNCDEF_PREFIX_LEN + FUNCDEF_SUFFIX_LEN);
++	  char *temp_name = name + FUNCDEF_PREFIX_LEN;
++	  /* Temporarily remove the suffix. */
++	  temp_name[name_length] = '\0';
+
+-	  strcpy (temp_string, name);
+-	  temp_string[char_index] = ' ';
+-	  strcpy (temp_string + char_index + 1, string);
++	  string_length = strlen (string);
++	  temp_string = (char *)xmalloc (name_length + 1 + string_length + 1);
++	  memcpy (temp_string, temp_name, name_length);
++	  temp_string[name_length] = ' ';
++	  memcpy (temp_string + name_length + 1, string, string_length + 1);
+
+	  /* Don't import function names that are invalid identifiers from the
+	     environment, though we still allow them to be defined as shell
+	     variables. */
+-	  if (legal_identifier (name))
+-	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
++	  if (legal_identifier (temp_name))
++	    parse_and_execute (temp_string, temp_name,
++			       SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+-	  if (temp_var = find_function (name))
++	  if (temp_var = find_function (temp_name))
+	    {
+	      VSETATTR (temp_var, (att_exported|att_imported));
+	      array_needs_making = 1;
+	    }
+	  else
+	    report_error (_("error importing function definition for `%s'"), name);
++
++	  /* Restore the original suffix. */
++	  temp_name[name_length] = FUNCDEF_SUFFIX[0];
+	}
+ #if defined (ARRAY_VARS)
+ #  if 0
+@@ -2537,7 +2557,7 @@
+   var->context = variable_context;	/* XXX */
+
+   INVALIDATE_EXPORTSTR (var);
+-  var->exportstr = mk_env_string (name, value);
++  var->exportstr = mk_env_string (name, value, 0);
+
+   array_needs_making = 1;
+
+@@ -3388,22 +3408,43 @@
+ /*								    */
+ /* **************************************************************** */
+
++/* Returns the string NAME=VALUE if !FUNCTIONP or if VALUE == NULL (in
++   which case it is treated as empty).  Otherwise, decorate NAME with
++   FUNCDEF_PREFIX and FUNCDEF_SUFFIX, and return a string of the form
++   FUNCDEF_PREFIX NAME FUNCDEF_SUFFIX = VALUE (without spaces).  */
+ static inline char *
+-mk_env_string (name, value)
++mk_env_string (name, value, functionp)
+      const char *name, *value;
++     int functionp;
+ {
+-  int name_len, value_len;
+-  char	*p;
++  size_t name_len, value_len;
++  char *p, *q;
+
+   name_len = strlen (name);
+   value_len = STRLEN (value);
+-  p = (char *)xmalloc (2 + name_len + value_len);
+-  strcpy (p, name);
+-  p[name_len] = '=';
++  if (functionp && value != NULL)
++    {
++      p = (char *)xmalloc (FUNCDEF_PREFIX_LEN + name_len + FUNCDEF_SUFFIX_LEN
++			   + 1 + value_len + 1);
++      q = p;
++      memcpy (q, FUNCDEF_PREFIX, FUNCDEF_PREFIX_LEN);
++      q += FUNCDEF_PREFIX_LEN;
++      memcpy (q, name, name_len);
++      q += name_len;
++      memcpy (q, FUNCDEF_SUFFIX, FUNCDEF_SUFFIX_LEN);
++      q += FUNCDEF_SUFFIX_LEN;
++    }
++  else
++    {
++      p = (char *)xmalloc (name_len + 1 + value_len + 1);
++      memcpy (p, name, name_len);
++      q = p + name_len;
++    }
++  q[0] = '=';
+   if (value && *value)
+-    strcpy (p + name_len + 1, value);
++    memcpy (q + 1, value, value_len + 1);
+   else
+-    p[name_len + 1] = '\0';
++    q[1] = '\0';
+   return (p);
+ }
+
+@@ -3489,7 +3530,7 @@
+	  /* Gee, I'd like to get away with not using savestring() if we're
+	     using the cached exportstr... */
+	  list[list_index] = USE_EXPORTSTR ? savestring (value)
+-					   : mk_env_string (var->name, value);
++	    : mk_env_string (var->name, value, function_p (var));
+
+	  if (USE_EXPORTSTR == 0)
+	    SAVE_EXPORTSTR (var, list[list_index]);

SOURCES/bash-4.2-cve-2014-7169-2.patch

@@ -0,0 +1,83 @@
+--- ../bash-4.2-orig/parse.y	2014-09-25 13:07:59.218209276 +0200
++++ parse.y	2014-09-25 15:26:52.813159810 +0200
+@@ -264,9 +264,21 @@
+
+ /* Variables to manage the task of reading here documents, because we need to
+    defer the reading until after a complete command has been collected. */
+-static REDIRECT *redir_stack[10];
++static REDIRECT **redir_stack;
+ int need_here_doc;
+
++/* Pushes REDIR onto redir_stack, resizing it as needed. */
++static void
++push_redir_stack (REDIRECT *redir)
++{
++  /* Guard against oveflow. */
++  if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack))
++    abort ();
++  redir_stack = xrealloc (redir_stack,
++			  (need_here_doc + 1) * sizeof (*redir_stack));
++  redir_stack[need_here_doc++] = redir;
++}
++
+ /* Where shell input comes from.  History expansion is performed on each
+    line when the shell is interactive. */
+ static char *shell_input_line = (char *)NULL;
+@@ -519,42 +531,42 @@
+			  source.dest = 0;
+			  redir.filename = $2;
+			  $$ = make_redirection (source, r_reading_until, redir, 0);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_redir_stack ($$);
+			}
+	|	NUMBER LESS_LESS WORD
+			{
+			  source.dest = $1;
+			  redir.filename = $3;
+			  $$ = make_redirection (source, r_reading_until, redir, 0);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_redir_stack ($$);
+			}
+	|	REDIR_WORD LESS_LESS WORD
+			{
+			  source.filename = $1;
+			  redir.filename = $3;
+			  $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_redir_stack ($$);
+			}
+	|	LESS_LESS_MINUS WORD
+			{
+			  source.dest = 0;
+			  redir.filename = $2;
+			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_redir_stack ($$);
+			}
+	|	NUMBER LESS_LESS_MINUS WORD
+			{
+			  source.dest = $1;
+			  redir.filename = $3;
+			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_redir_stack ($$);
+			}
+	|	REDIR_WORD  LESS_LESS_MINUS WORD
+			{
+			  source.filename = $1;
+			  redir.filename = $3;
+			  $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
+-			  redir_stack[need_here_doc++] = $$;
++			  push_redir_stack ($$);
+			}
+	|	LESS_LESS_LESS WORD
+			{
+@@ -4757,7 +4769,7 @@
+     case CASE:
+     case SELECT:
+     case FOR:
+-      if (word_top < MAX_CASE_NEST)
++      if (word_top + 1 < MAX_CASE_NEST)
+	word_top++;
+       word_lineno[word_top] = line_number;
+       break;

SOURCES/bash-4.2-double-alloc.patch

@@ -0,0 +1,11 @@
+--- bash-4.1/subst.c	2015-04-07 10:00:00.482931289 +0900
++++ bash-4.1/subst.c	2015-04-07 10:01:28.258111134 +0900
+@@ -7039,8 +7039,6 @@
+
+       ret = alloc_word_desc ();
+       ret->word = temp1;
+-      ret = alloc_word_desc ();
+-      ret->word = temp1;
+       if (temp1 && QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
+	ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
+       return ret;

SOURCES/bash-4.2-enable-hyphened-fn-export.patch

@@ -0,0 +1,10 @@
+--- variables.cold	2015-01-16 13:53:13.817363093 +0100
++++ variables.c	2015-01-16 13:57:41.839425969 +0100
+@@ -366,7 +366,7 @@ initialize_shell_variables (env, privmod
+	  /* Don't import function names that are invalid identifiers from the
+	     environment, though we still allow them to be defined as shell
+	     variables. */
+-	  if (legal_identifier (temp_name))
++	  if (absolute_program (temp_name) == 0 && (posixly_correct == 0 || legal_identifier (temp_name)))
+	    parse_and_execute (temp_string, temp_name,
+			       SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);

SOURCES/bash-4.2-env-inject.patch

@@ -0,0 +1,73 @@
+*** ../bash-4.3-patched/builtins/common.h	2013-07-08 16:54:47.000000000 -0400
+--- builtins/common.h	2014-09-12 14:25:47.000000000 -0400
+***************
+*** 34,37 ****
+--- 49,54 ----
+  #define SEVAL_PARSEONLY	0x020
+  #define SEVAL_NOLONGJMP 0x040
++ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
++ #define SEVAL_ONECMD	0x100		/* only allow a single command */
+
+  /* Flags for describe_command, shared between type.def and command.def */
+*** ../bash-4.3-patched/builtins/evalstring.c	2014-02-11 09:42:10.000000000 -0500
+--- builtins/evalstring.c	2014-09-14 14:15:13.000000000 -0400
+***************
+*** 309,312 ****
+--- 313,324 ----
+	      struct fd_bitmap *bitmap;
+
++ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ 		{
++ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
++ 		  should_jump_to_top_level = 0;
++ 		  last_result = last_command_exit_value = EX_BADUSAGE;
++ 		  break;
++ 		}
++
+	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+	      begin_unwind_frame ("pe_dispose");
+***************
+*** 369,372 ****
+--- 381,387 ----
+	      dispose_fd_bitmap (bitmap);
+	      discard_unwind_frame ("pe_dispose");
++
++ 	      if (flags & SEVAL_ONECMD)
++ 		break;
+	    }
+	}
+*** ../bash-4.3-patched/variables.c	2014-05-15 08:26:50.000000000 -0400
+--- variables.c	2014-09-14 14:23:35.000000000 -0400
+***************
+*** 359,368 ****
+	  strcpy (temp_string + char_index + 1, string);
+
+! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+!
+! 	  /* Ancient backwards compatibility.  Old versions of bash exported
+! 	     functions like name()=() {...} */
+! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! 	    name[char_index - 2] = '\0';
+
+	  if (temp_var = find_function (name))
+--- 364,372 ----
+	  strcpy (temp_string + char_index + 1, string);
+
+! 	  /* Don't import function names that are invalid identifiers from the
+! 	     environment, though we still allow them to be defined as shell
+! 	     variables. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+	  if (temp_var = find_function (name))
+***************
+*** 362,369 ****
+	  else
+	    report_error (_("error importing function definition for `%s'"), name);
+-
+- 	  /* ( */
+- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- 	    name[char_index - 2] = '(';		/* ) */
+	}
+  #if defined (ARRAY_VARS)
+--- 360,363 ----

SOURCES/bash-4.2-extglob-man.patch

@@ -0,0 +1,28 @@
+diff --git a/doc/bash.1 b/doc/bash.1
+--- a/doc/bash.1	2010-07-28 08:42:54.000000000 +0200
++++ b/doc/bash.1	2010-07-28 08:43:17.000000000 +0200
+@@ -3220,8 +3220,7 @@
+ .RE
+ .PD
+ .PP
+-If the \fBextglob\fP shell option is enabled using the \fBshopt\fP
+-builtin, several extended pattern matching operators are recognized.
++Several extended pattern matching operators are recognized.
+ In the following description, a \fIpattern-list\fP is a list of one
+ or more patterns separated by a \fB|\fP.
+ Composite patterns may be formed using one or more of the following
+@@ -3241,6 +3240,14 @@
+ .TP
+ \fB@(\fP\^\fIpattern-list\^\fP\fB)\fP
+ Matches one of the given patterns
++.RE
++.PD
++.PP
++If the \fBextglob\fP shell option is enabled using the \fBshopt\fP
++builtin, following pattern matching operator is recognized as well:
++.sp 1
++.PD 0
++.RS
+ .TP
+ \fB!(\fP\^\fIpattern-list\^\fP\fB)\fP
+ Matches anything except one of the given patterns

SOURCES/bash-4.2-history-hang.patch

@@ -0,0 +1,11 @@
+--- a/lib/readline/history.c	2014-05-27 16:55:58.040214069 +0200
++++ b/lib/readline/history.c	2014-05-27 16:56:11.243204928 +0200
+@@ -318,7 +318,7 @@ add_history_time (string)
+ {
+   HIST_ENTRY *hs;
+
+-  if (string == 0)
++  if (string == 0 || history_length < 1)
+     return;
+   hs = the_history[history_length - 1];
+   FREE (hs->timestamp);

SOURCES/bash-4.2-ifs-in-temp-env.patch

@@ -0,0 +1,35 @@
+--- bash-4.2/redir.c	2015-04-27 23:03:55.663182162 +0200
++++ bash-4.2/redir.c	2015-04-27 23:03:13.995181816 +0200
+@@ -63,6 +63,7 @@ int expanding_redir;
+
+ extern int posixly_correct;
+ extern int last_command_exit_value;
++extern int executing_builtin;
+ extern REDIRECT *redirection_undo_list;
+ extern REDIRECT *exec_redirection_undo_list;
+
+@@ -307,11 +308,23 @@ write_here_string (fd, redirectee)
+      WORD_DESC *redirectee;
+ {
+   char *herestr;
+-  int herelen, n, e;
++  int herelen, n, e, old;
+
+   expanding_redir = 1;
++  /* Now that we've changed the variable search order to ignore the temp
++     environment, see if we need to change the cached IFS values. */
++  sv_ifs ("IFS");
+   herestr = expand_string_to_string (redirectee->word, 0);
+   expanding_redir = 0;
++  /* Now we need to change the variable search order back to include the temp
++     environment.  We force the temp environment search by forcing
++     executing_builtin to 1.  This is what makes `read' get the right values
++     for the IFS-related cached variables, for example. */
++  old = executing_builtin;
++  executing_builtin = 1;
++  sv_ifs ("IFS");
++  executing_builtin = old;
++
+   herelen = STRLEN (herestr);
+
+   n = write (fd, herestr, herelen);

SOURCES/bash-4.2-leak-compound.patch

@@ -0,0 +1,12 @@
+diff -up bash-4.2/subst.c.old bash-4.2/subst.c
+--- bash-4.2/subst.c.old	2015-12-09 13:24:47.369738319 +0100
++++ bash-4.2/subst.c	2015-12-09 13:28:27.366024824 +0100
+@@ -2713,6 +2713,8 @@ do_compound_assignment (name, value, fla
+       else if (v == 0 || (array_p (v) == 0 && assoc_p (v) == 0) || v->context != variable_context)
+         v = make_local_array_variable (name);
+       assign_compound_array_list (v, list, flags);
++      if (list)
++	dispose_words (list);
+     }
+   else
+     v = assign_array_from_string (name, value, flags);

SOURCES/bash-4.2-man-ulimit.patch

@@ -0,0 +1,23 @@
+From ccd35766d2451677f4c49f66b8e18ad6e274d56a Mon Sep 17 00:00:00 2001
+From: Jan Chaloupka <jchaloup@redhat.com>
+Date: Mon, 7 Jul 2014 07:15:41 +0200
+Subject: [PATCH] bash.1: posix block size for cf options
+
+---
+ doc/bash.1 | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/doc/bash.1 b/doc/bash.1
+index a4ad746..1916515 100644
+--- a/doc/bash.1
++++ b/doc/bash.1
+@@ -9451,6 +9451,7 @@ and
+ which are unscaled values.
+ The return status is 0 unless an invalid option or argument is supplied,
+ or an error occurs while setting a new limit.
++In POSIX Mode 512-byte blocks are used for the `-c' and `-f' options.
+ .RE
+ .TP
+ \fBumask\fP [\fB\-p\fP] [\fB\-S\fP] [\fImode\fP]
+--
+1.9.3

SOURCES/bash-4.2-manpage.patch

@@ -0,0 +1,53 @@
+diff -up bash-4.2/doc/bash.1.manpage bash-4.2/doc/bash.1
+--- bash-4.2/doc/bash.1.manpage	2011-01-26 15:30:03.000000000 +0100
++++ bash-4.2/doc/bash.1	2011-01-26 15:47:16.000000000 +0100
+@@ -6646,7 +6646,9 @@ must be \(>= 1.  If
+ .I n
+ is greater than the number of enclosing loops, all enclosing loops
+ are exited.
+-The return value is 0 unless \fIn\fP is not greater than or equal to 1.
++The return value is non-zero when \fIn\fP is \(<= 0; Otherwise,
++.BR break
++returns 0 value.
+ .TP
+ \fBbuiltin\fP \fIshell\-builtin\fP [\fIarguments\fP]
+ Execute the specified shell builtin, passing it
+@@ -7017,7 +7019,15 @@ must be \(>= 1.  If
+ .I n
+ is greater than the number of enclosing loops, the last enclosing loop
+ (the ``top-level'' loop) is resumed.
+-The return value is 0 unless \fIn\fP is not greater than or equal to 1.
++When
++.BR continue
++is executed inside of loop, the return value is non-zero when
++.I n
++is \(<= 0; Otherwise,
++.BR continue
++returns 0 value. When
++.BR continue
++is executed outside of loop, the return value is 0.
+ .TP
+ \fBdeclare\fP [\fB\-aAfFgilrtux\fP] [\fB\-p\fP] [\fIname\fP[=\fIvalue\fP] ...]
+ .PD 0
+@@ -9019,9 +9029,19 @@ by default.
+ Suspend the execution of this shell until it receives a
+ .SM
+ .B SIGCONT
+-signal.  A login shell cannot be suspended; the
++signal. When the suspended shell is a background process, it can be restarted
++by the
++.B fg
++command. For more information, read the
++.SM
++.B JOB CONTROL
++section. The
++.B suspend
++command can not suspend the login shell. However, when
+ .B \-f
+-option can be used to override this and force the suspension.
++option is specified,
++.B suspend
++command can suspend even login shell.
+ The return status is 0 unless the shell is a login shell and
+ .B \-f
+ is not supplied, or if job control is not enabled.

SOURCES/bash-4.2-manpage_trap.patch

@@ -0,0 +1,12 @@
+diff -up bash-4.1/doc/bash.1.manpage_trap bash-4.1/doc/bash.1
+--- bash-4.1/doc/bash.1.manpage_trap	2012-08-28 10:06:00.561999092 +0200
++++ bash-4.1/doc/bash.1	2012-08-28 10:06:24.225304505 +0200
+@@ -9251,7 +9251,7 @@ being inverted via
+ These are the same conditions obeyed by the \fBerrexit\fP option.
+ .if t .sp 0.5
+ .if n .sp 1
+-Signals ignored upon entry to the shell cannot be trapped or reset.
++Signals ignored upon entry to the shell cannot be trapped, reset or listed.
+ Trapped signals that are not being ignored are reset to their original
+ values in a subshell or subshell environment when one is created.
+ The return status is false if any

SOURCES/bash-4.2-missing-opt-cd.patch

@@ -0,0 +1,12 @@
+diff -up bash-4.2/builtins/cd.def.old bash-4.2/builtins/cd.def
+--- bash-4.2/builtins/cd.def.old	2015-12-09 11:47:59.113106805 +0100
++++ bash-4.2/builtins/cd.def	2015-12-09 11:48:13.702060840 +0100
+@@ -200,7 +200,7 @@ cd_builtin (list)
+   eflag = 0;
+   no_symlinks = no_symbolic_links;
+   reset_internal_getopt ();
+-  while ((opt = internal_getopt (list, "LP")) != -1)
++  while ((opt = internal_getopt (list, "LPe")) != -1)
+     {
+       switch (opt)
+	{

SOURCES/bash-4.2-missing_closes.patch

@@ -0,0 +1,38 @@
+There are missing calls of close() leading to resource leak (fd leak).
+Simple reproducer:
+. /
+and /proc/$$/fd contain one open fd for each above call
+
+Signed-off-by: Roman Rakus <rrakus@redhat.com>
+---
+ builtins/evalfile.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/builtins/evalfile.c b/builtins/evalfile.c
+index 60f89d1..d30bd96 100644
+--- a/builtins/evalfile.c
++++ b/builtins/evalfile.c
+@@ -133,11 +133,13 @@ file_error_and_exit:
+   if (S_ISDIR (finfo.st_mode))
+     {
+       (*errfunc) (_("%s: is a directory"), filename);
++      close(fd);
+       return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1);
+     }
+   else if ((flags & FEVAL_REGFILE) && S_ISREG (finfo.st_mode) == 0)
+     {
+       (*errfunc) (_("%s: not a regular file"), filename);
++      close(fd);
+       return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1);
+     }
+
+@@ -146,6 +148,7 @@ file_error_and_exit:
+   if (file_size != finfo.st_size || file_size + 1 < file_size)
+     {
+       (*errfunc) (_("%s: file is too large"), filename);
++      close(fd);
+       return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1);
+     }
+
+--
+1.7.11.7

SOURCES/bash-4.2-noecho.patch

@@ -0,0 +1,39 @@
+--- bash-4.2/parse.y	2014-05-29 14:46:09.545543384 +0200
++++ bash-4.2/parse.y	2014-05-29 14:48:40.758626213 +0200
+@@ -3858,6 +3858,8 @@ xparse_dolparen (base, string, indp, fla
+     sflags |= SEVAL_NOLONGJMP;
+   save_parser_state (&ps);
+   save_input_line_state (&ls);
++  /* avoid echoing every substitution again */
++  echo_input_at_read = 0;
+
+   /*(*/
+   parser_state |= PST_CMDSUBST|PST_EOFTOKEN;	/* allow instant ')' */ /*(*/
+--- bash-4.2/subst.c	2014-05-29 16:04:35.802784549 +0200
++++ bash-4.2/subst.c	2014-05-29 16:08:25.021942676 +0200
+@@ -7103,6 +7103,7 @@ param_expand (string, sindex, quoted, ex
+   WORD_LIST *list;
+   WORD_DESC *tdesc, *ret;
+   int tflag;
++  int old_echo_input;
+
+   zindex = *sindex;
+   c = string[++zindex];
+@@ -7401,6 +7402,9 @@ arithsub:
+	}
+
+ comsub:
++      old_echo_input = echo_input_at_read;
++      /* avoid echoing every substitution again */
++      echo_input_at_read = 0;
+       if (pflags & PF_NOCOMSUB)
+	/* we need zindex+1 because string[zindex] == RPAREN */
+	temp1 = substring (string, *sindex, zindex+1);
+@@ -7413,6 +7417,7 @@ comsub:
+	}
+       FREE (temp);
+       temp = temp1;
++      echo_input_at_read = old_echo_input;
+       break;
+
+     /* Do POSIX.2d9-style arithmetic substitution.  This will probably go

SOURCES/bash-4.2-rc2-logout.patch

@@ -0,0 +1,36 @@
+diff -up bash-3.2/config-top.h.logout bash-3.2/config-top.h
+--- bash-3.2/config-top.h.logout	2011-04-14 08:55:55.000000000 +0200
++++ bash-3.2/config-top.h	2011-04-14 08:55:55.000000000 +0200
+@@ -78,7 +78,7 @@
+ /* #define SYS_BASHRC "/etc/bash.bashrc" */
+
+ /* System-wide .bash_logout for login shells. */
+-/* #define SYS_BASH_LOGOUT "/etc/bash.bash_logout" */
++#define SYS_BASH_LOGOUT "/etc/bash.bash_logout"
+
+ /* Define this to make non-interactive shells begun with argv[0][0] == '-'
+    run the startup files when not in posix mode. */
+diff -up bash-3.2/doc/bash.1.logout bash-3.2/doc/bash.1
+--- bash-3.2/doc/bash.1.logout	2011-04-14 09:16:32.000000000 +0200
++++ bash-3.2/doc/bash.1	2011-04-14 11:59:33.000000000 +0200
+@@ -326,8 +326,8 @@ option may be used when the shell is sta
+ .PP
+ When a login shell exits,
+ .B bash
+-reads and executes commands from the file \fI~/.bash_logout\fP, if it
+-exists.
++reads and executes commands from the files \fI~/.bash_logout\fP
++and \fI/etc/bash.bash_logout\fP, if the files exists.
+ .PP
+ When an interactive shell that is not a login shell is started,
+ .B bash
+@@ -8814,6 +8814,9 @@ The \fBbash\fP executable
+ .FN /etc/profile
+ The systemwide initialization file, executed for login shells
+ .TP
++.FN /etc/bash.bash_logout
++The systemwide login shell cleanup file, executed when a login shell exits
++.TP
+ .FN ~/.bash_profile
+ The personal initialization file, executed for login shells
+ .TP

SOURCES/bash-4.2-signal.patch

@@ -0,0 +1,36 @@
+diff -up bash-4.1/sig.h.signal bash-4.1/sig.h
+--- bash-4.1/sig.h.signal	2009-01-04 20:32:41.000000000 +0100
++++ bash-4.1/sig.h	2012-08-28 11:19:14.920224571 +0200
+@@ -96,6 +96,8 @@ do { \
+   sigprocmask (SIG_BLOCK, &nvar, &ovar); \
+ } while (0)
+
++#define UNBLOCK_SIGNAL(ovar) sigprocmask (SIG_SETMASK, &ovar, (sigset_t *)NULL)
++
+ #if defined (HAVE_POSIX_SIGNALS)
+ #  define BLOCK_CHILD(nvar, ovar) \
+	BLOCK_SIGNAL (SIGCHLD, nvar, ovar)
+diff -up bash-4.1/trap.c.signal bash-4.1/trap.c
+--- bash-4.1/trap.c.signal	2009-10-10 23:21:44.000000000 +0200
++++ bash-4.1/trap.c	2012-08-28 10:58:14.746345797 +0200
+@@ -516,6 +516,8 @@ set_signal (sig, string)
+      int sig;
+      char *string;
+ {
++  sigset_t set, oset;
++
+   if (SPECIAL_TRAP (sig))
+     {
+       change_signal (sig, savestring (string));
+@@ -546,9 +548,10 @@ set_signal (sig, string)
+      environment in which it is safe to do so. */
+   if ((sigmodes[sig] & SIG_NO_TRAP) == 0)
+     {
+-      set_signal_handler (sig, SIG_IGN);
++      BLOCK_SIGNAL (sig, set, oset);
+       change_signal (sig, savestring (string));
+       set_signal_handler (sig, trap_handler);
++      UNBLOCK_SIGNAL (oset);
+     }
+   else
+     change_signal (sig, savestring (string));

SOURCES/bash-4.2-size_type.patch

@@ -0,0 +1,14 @@
+diff -up bash-4.2/variables.h.size_type bash-4.2/variables.h
+--- bash-4.2/variables.h.size_type	2012-11-29 10:33:25.109036844 +0100
++++ bash-4.2/variables.h	2012-11-29 10:46:12.718530162 +0100
+@@ -95,8 +95,8 @@ typedef struct variable {
+
+ typedef struct _vlist {
+   SHELL_VAR **list;
+-  int list_size;	/* allocated size */
+-  int list_len;		/* current number of entries */
++  size_t list_size;	/* allocated size */
++  size_t list_len;	/* current number of entries */
+ } VARLIST;
+
+ /* The various attributes that a given variable can have. */

SOURCES/bash-4.3-cve-2016-0634.patch

@@ -0,0 +1,94 @@
+diff --git a/parse.y b/parse.y
+index 12d6def..d4a93a2 100644
+--- a/parse.y
++++ b/parse.y
+@@ -5103,7 +5103,7 @@ decode_prompt_string (string)
+   size_t result_size;
+   int result_index;
+   int c, n, i;
+-  char *temp, octal_string[4];
++  char *temp, *t_host, octal_string[4];
+   struct tm *tm;
+   time_t the_time;
+   char timebuf[128];
+@@ -5251,7 +5251,11 @@ decode_prompt_string (string)
+
+	    case 's':
+	      temp = base_pathname (shell_name);
+-	      temp = savestring (temp);
++	      /* Try to quote anything the user can set in the file system */
++	      if (promptvars || posixly_correct)
++		temp = sh_backslash_quote_for_double_quotes (temp);
++	      else
++		temp = savestring (temp);
+	      goto add_string;
+
+	    case 'v':
+@@ -5337,9 +5341,17 @@ decode_prompt_string (string)
+
+	    case 'h':
+	    case 'H':
+-	      temp = savestring (current_host_name);
+-	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
++	      t_host = savestring (current_host_name);
++	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+		*t = '\0';
++	      if (promptvars || posixly_correct)
++		/* Make sure that expand_prompt_string is called with a
++		   second argument of Q_DOUBLE_QUOTES if we use this
++		   function here. */
++		temp = sh_backslash_quote_for_double_quotes (t_host);
++	      else
++		temp = savestring (t_host);
++	      free (t_host);
+	      goto add_string;
+
+	    case '#':
+diff --git a/y.tab.c b/y.tab.c
+index 23b88bc..1c0f5a1 100644
+--- a/y.tab.c
++++ b/y.tab.c
+@@ -7368,7 +7368,7 @@ decode_prompt_string (string)
+   size_t result_size;
+   int result_index;
+   int c, n, i;
+-  char *temp, octal_string[4];
++  char *temp, *t_host, octal_string[4];
+   struct tm *tm;
+   time_t the_time;
+   char timebuf[128];
+@@ -7513,7 +7513,11 @@ decode_prompt_string (string)
+
+	    case 's':
+	      temp = base_pathname (shell_name);
+-	      temp = savestring (temp);
++	      /* Try to quote anything the user can set in the file system */
++	      if (promptvars || posixly_correct)
++		temp = sh_backslash_quote_for_double_quotes (temp);
++	      else
++		temp = savestring (temp);
+	      goto add_string;
+
+	    case 'v':
+@@ -7599,9 +7603,17 @@ decode_prompt_string (string)
+
+	    case 'h':
+	    case 'H':
+-	      temp = savestring (current_host_name);
+-	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
++	      t_host = savestring (current_host_name);
++	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+		*t = '\0';
++	      if (promptvars || posixly_correct)
++		/* Make sure that expand_prompt_string is called with a
++		   second argument of Q_DOUBLE_QUOTES if we use this
++		   function here. */
++		temp = sh_backslash_quote_for_double_quotes (t_host);
++	      else
++		temp = savestring (t_host);
++	      free (t_host);
+	      goto add_string;
+
+	    case '#':
+--
+2.9.3

SOURCES/bash-4.3-cve-2016-7543.patch

@@ -0,0 +1,19 @@
+diff --git a/variables.c b/variables.c
+index b7ebaea..5e2986f 100644
+--- a/variables.c
++++ b/variables.c
+@@ -467,7 +467,11 @@ initialize_shell_variables (env, privmode)
+ #endif
+       set_if_not ("PS2", secondary_prompt);
+     }
+-  set_if_not ("PS4", "+ ");
++
++  if (current_user.euid == 0)
++    bind_variable ("PS4", "+ ", 0);
++  else
++    set_if_not ("PS4", "+ ");
+
+   /* Don't allow IFS to be imported from the environment. */
+   temp_var = bind_variable ("IFS", " \t\n", 0);
+--
+2.9.3

SOURCES/bash-4.3-dircomp-append-slash.patch

@@ -0,0 +1,99 @@
+diff --git a/bashline.c b/bashline.c
+--- a/bashline.c
++++ b/bashline.c
+@@ -117,6 +117,7 @@ static char *restore_tilde __P((char *, char *));
+
+ static char *bash_filename_rewrite_hook __P((char *, int));
+ static void bash_directory_expansion __P((char **));
++static int bash_filename_stat_hook __P((char **));
+ static int bash_directory_completion_hook __P((char **));
+ static int filename_completion_ignore __P((char **));
+ static int bash_push_line __P((void));
+@@ -1414,7 +1415,7 @@ bash_default_completion (text, start, end, qc, compflags)
+      const char *text;
+      int start, end, qc, compflags;
+ {
+-  char **matches;
++  char **matches, *t;
+
+   matches = (char **)NULL;
+
+@@ -1424,7 +1425,19 @@ bash_default_completion (text, start, end, qc, compflags)
+       if (qc != '\'' && text[1] == '(') /* ) */
+	matches = rl_completion_matches (text, command_subst_completion_function);
+       else
+-	matches = rl_completion_matches (text, variable_completion_function);
++	{
++	  matches = rl_completion_matches (text, variable_completion_function);
++	  if (matches && matches[0] && matches[1] == 0)
++	    {
++	      t = savestring (matches[0]);
++	      bash_filename_stat_hook (&t);
++	      /* doesn't use test_for_directory because that performs tilde
++		 expansion */
++	      if (file_isdir (t))
++		rl_completion_append_character = '/';
++	      free (t);
++	    }
++	}
+     }
+
+   /* If the word starts in `~', and there is no slash in the word, then
+@@ -2763,6 +2776,57 @@ restore_directory_hook (hookf)
+     rl_directory_rewrite_hook = hookf;
+ }
+
++static int
++bash_filename_stat_hook (dirname)
++     char **dirname;
++{
++  char *local_dirname, *new_dirname, *t;
++  int should_expand_dirname, return_value;
++  WORD_LIST *wl;
++  struct stat sb;
++
++  local_dirname = *dirname;
++  should_expand_dirname = return_value = 0;
++  if (t = mbschr (local_dirname, '$'))
++    should_expand_dirname = '$';
++  else if (t = mbschr (local_dirname, '`'))	/* XXX */
++    should_expand_dirname = '`';
++
++#if defined (HAVE_LSTAT)
++  if (should_expand_dirname && lstat (local_dirname, &sb) == 0)
++#else
++  if (should_expand_dirname && stat (local_dirname, &sb) == 0)
++#endif
++    should_expand_dirname = 0;
++
++  if (should_expand_dirname)
++    {
++      new_dirname = savestring (local_dirname);
++      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB);    /* does the right thing */
++      if (wl)
++	{
++	  free (new_dirname);
++	  new_dirname = string_list (wl);
++	  /* Tell the completer we actually expanded something and change
++	     *dirname only if we expanded to something non-null -- stat
++	     behaves unpredictably when passed null or empty strings */
++	  if (new_dirname && *new_dirname)
++	    {
++          free (local_dirname); /* XXX */
++	      local_dirname = *dirname = new_dirname;
++	      return_value = STREQ (local_dirname, *dirname) == 0;
++	    }
++      else
++	      free (new_dirname);
++	  dispose_words (wl);
++	}
++      else
++	free (new_dirname);
++    }
++
++  return (return_value);
++}
++
+ /* Handle symbolic link references and other directory name
+    expansions while hacking completion.  This should return 1 if it modifies
+    the DIRNAME argument, 0 otherwise.  It should make sure not to modify

SOURCES/bash-4.3-pipefd-leak.patch

@@ -0,0 +1,60 @@
+diff --git a/execute_cmd.c b/execute_cmd.c
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -536,6 +536,10 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
+   REDIRECT *my_undo_list, *exec_undo_list;
+   volatile int last_pid;
+   volatile int save_line_number;
++#if defined (PROCESS_SUBSTITUTION)
++  volatile int ofifo, nfifo, osize, saved_fifo;
++  volatile char *ofifo_list = NULL;
++#endif
+
+ #if 0
+   if (command == 0 || breaking || continuing || read_but_dont_execute)
+@@ -681,6 +685,17 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
+   if (shell_control_structure (command->type) && command->redirects)
+     stdin_redir = stdin_redirects (command->redirects);
+
++#if defined (PROCESS_SUBSTITUTION)
++  if (variable_context != 0)
++    {
++      ofifo = num_fifos ();
++      ofifo_list = copy_fifo_list ((int*)&osize);
++      saved_fifo = 1;
++    }
++  else
++    saved_fifo = 0;
++#endif
++
+   /* Handle WHILE FOR CASE etc. with redirections.  (Also '&' input
+      redirection.)  */
+   if (do_redirections (command->redirects, RX_ACTIVE|RX_UNDOABLE) != 0)
+@@ -688,6 +703,9 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
+       cleanup_redirects (redirection_undo_list);
+       redirection_undo_list = (REDIRECT *)NULL;
+       dispose_exec_redirects ();
++#if defined (PROCESS_SUBSTITUTION)
++      free ((void*)ofifo_list);
++#endif
+       return (last_command_exit_value = EXECUTION_FAILURE);
+     }
+
+@@ -982,6 +1000,17 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
+   if (my_undo_list || exec_undo_list)
+     discard_unwind_frame ("loop_redirections");
+
++#if defined (PROCESS_SUBSTITUTION)
++  if (saved_fifo)
++    {
++      nfifo = num_fifos ();
++      if (nfifo > ofifo)
++       close_new_fifos ((char*)ofifo_list, osize);
++      free ((void*)ofifo_list);
++    }
++#endif
++
++
+   /* Invert the return value if we have to */
+   if (invert)
+     exec_result = (exec_result == EXECUTION_SUCCESS)

SOURCES/bash-4.3-trapped-signals.patch

@@ -0,0 +1,23 @@
+diff --git a/jobs.c b/jobs.c
+index 37edece..31395fe 100644
+--- a/jobs.c
++++ b/jobs.c
+@@ -2244,10 +2244,14 @@ wait_sigint_handler (sig)
+	  signal_is_trapped (SIGINT) &&
+	  ((sigint_handler = trap_to_sighandler (SIGINT)) == trap_handler))
+	{
+-	  interrupt_immediately = 0;
+	  trap_handler (SIGINT);	/* set pending_traps[SIGINT] */
+	  wait_signal_received = SIGINT;
+-	  longjmp (wait_intr_buf, 1);
++	  if (interrupt_immediately)
++	    {
++	      interrupt_immediately = 0;
++	      longjmp (wait_intr_buf, 1);
++	    }
++	  SIGRETURN (0);
+	}
+
+       ADDINTERRUPT;
+--
+2.5.5

SOURCES/bash-4.3-wshouldquote.patch

@@ -0,0 +1,149 @@
+diff --git a/lib/sh/strtrans.c b/lib/sh/strtrans.c
+--- a/lib/sh/strtrans.c
++++ b/lib/sh/strtrans.c
+@@ -30,6 +30,9 @@
+
+ #include "shell.h"
+
++#include "shmbchar.h"
++#include "shmbutil.h"
++
+ #ifdef ESC
+ #undef ESC
+ #endif
+@@ -74,7 +77,7 @@ ansicstr (string, len, flags, sawc, rlen)
+	    case 'a': c = '\a'; break;
+	    case 'v': c = '\v'; break;
+ #else
+-	    case 'a': c = '\007'; break;
++	    case 'a': c = (int) 0x07; break;
+	    case 'v': c = (int) 0x0B; break;
+ #endif
+	    case 'b': c = '\b'; break;
+@@ -208,6 +211,11 @@ ansic_quote (str, flags, rlen)
+   char *r, *ret, *s;
+   int l, rsize;
+   unsigned char c;
++  size_t clen;
++  int b;
++#if defined (HANDLE_MULTIBYTE)
++  wchar_t wc;
++#endif
+
+   if (str == 0 || *str == 0)
+     return ((char *)0);
+@@ -219,10 +227,11 @@ ansic_quote (str, flags, rlen)
+   *r++ = '$';
+   *r++ = '\'';
+
+-  for (s = str, l = 0; *s; s++)
++  for (s = str; c = *s; s++)
+     {
+-      c = *s;
+-      l = 1;		/* 1 == add backslash; 0 == no backslash */
++      b = l = 1;		/* 1 == add backslash; 0 == no backslash */
++      clen = 1;
++
+       switch (c)
+	{
+	case ESC: c = 'E'; break;
+@@ -230,7 +239,7 @@ ansic_quote (str, flags, rlen)
+	case '\a': c = 'a'; break;
+	case '\v': c = 'v'; break;
+ #else
+-	case '\007': c = 'a'; break;
++	case 0x07: c = 'a'; break;
+	case 0x0b: c = 'v'; break;
+ #endif
+
+@@ -243,7 +252,13 @@ ansic_quote (str, flags, rlen)
+	case '\'':
+	  break;
+	default:
++#if defined (HANDLE_MULTIBYTE)
++	  b = is_basic (c);
++	  if ((b == 0 && ((clen = mbrtowc (&wc, s, MB_CUR_MAX, 0)) < 0 || MB_INVALIDCH (clen) || iswprint (wc) == 0)) ||
++	      (b == 1 && ISPRINT (c) == 0))
++#else
+	  if (ISPRINT (c) == 0)
++#endif
+	    {
+	      *r++ = '\\';
+	      *r++ = TOCHAR ((c >> 6) & 07);
+@@ -254,9 +269,20 @@ ansic_quote (str, flags, rlen)
+	  l = 0;
+	  break;
+	}
++      if (b == 0 && clen == 0)
++	break;
++
+       if (l)
+	*r++ = '\\';
+-      *r++ = c;
++
++      if (clen == 1)
++	*r++ = c;
++      else
++	{
++	  for (b = 0; b < (int)clen; b++)
++	    *r++ = (unsigned char)s[b];
++	  s += clen - 1;	/* -1 because of the increment above */
++	}
+     }
+
+   *r++ = '\'';
+@@ -266,6 +292,37 @@ ansic_quote (str, flags, rlen)
+   return ret;
+ }
+
++#if defined (HANDLE_MULTIBYTE)
++int
++ansic_wshouldquote (string)
++     const char *string;
++{
++  const wchar_t *wcs;
++  wchar_t wcc;
++
++  wchar_t *wcstr = NULL;
++  size_t slen;
++
++
++  slen = mbstowcs (wcstr, string, 0);
++
++  if (slen == -1)
++    slen = 0;
++  wcstr = (wchar_t *)xmalloc (sizeof (wchar_t) * (slen + 1));
++  mbstowcs (wcstr, string, slen + 1);
++
++  for (wcs = wcstr; wcc = *wcs; wcs++)
++    if (iswprint(wcc) == 0)
++      {
++	free (wcstr);
++	return 1;
++      }
++
++  free (wcstr);
++  return 0;
++}
++#endif
++
+ /* return 1 if we need to quote with $'...' because of non-printing chars. */
+ int
+ ansic_shouldquote (string)
+@@ -278,8 +335,14 @@ ansic_shouldquote (string)
+     return 0;
+
+   for (s = string; c = *s; s++)
+-    if (ISPRINT (c) == 0)
+-      return 1;
++    {
++#if defined (HANDLE_MULTIBYTE)
++      if (is_basic (c) == 0)
++	return (ansic_wshouldquote (s));
++#endif
++      if (ISPRINT (c) == 0)
++	return 1;
++    }
+
+   return 0;
+ }

SOURCES/bash-4.4-param-expansion.patch

@@ -0,0 +1,72 @@
+diff --git a/parse.y b/parse.y
+index 9a78d0c..7df7d99 100644
+--- a/parse.y
++++ b/parse.y
+@@ -4993,7 +4993,8 @@ decode_prompt_string (string)
+   struct dstack save_dstack;
+   int last_exit_value, last_comsub_pid;
+ #if defined (PROMPT_STRING_DECODE)
+-  int result_size, result_index;
++  size_t result_size;
++  int result_index;
+   int c, n, i;
+   char *temp, octal_string[4];
+   struct tm *tm;
+diff --git a/subst.c b/subst.c
+index 9f15f0b..e5ffd03 100644
+--- a/subst.c
++++ b/subst.c
+@@ -644,11 +644,13 @@ unquoted_substring (substr, string)
+ INLINE char *
+ sub_append_string (source, target, indx, size)
+      char *source, *target;
+-     int *indx, *size;
++     int *indx;
++     size_t *size;
+ {
+   if (source)
+     {
+-      int srclen, n;
++      int n;
++      size_t srclen;
+
+       srclen = STRLEN (source);
+       if (srclen >= (int)(*size - *indx))
+@@ -7676,7 +7678,7 @@ expand_word_internal (word, quoted, isexp, contains_dollar_at, expanded_somethin
+   char *istring;
+
+   /* The current size of the above object. */
+-  int istring_size;
++  size_t istring_size;
+
+   /* Index into ISTRING. */
+   int istring_index;
+diff --git a/subst.h b/subst.h
+index b06e8c2..fc66faf 100644
+--- a/subst.h
++++ b/subst.h
+@@ -127,7 +127,7 @@ extern int do_word_assignment __P((WORD_DESC *));
+    of space allocated to TARGET.  SOURCE can be NULL, in which
+    case nothing happens.  Gets rid of SOURCE by free ()ing it.
+    Returns TARGET in case the location has changed. */
+-extern char *sub_append_string __P((char *, char *, int *, int *));
++extern char *sub_append_string __P((char *, char *, int *, size_t *));
+
+ /* Append the textual representation of NUMBER to TARGET.
+    INDEX and SIZE are as in SUB_APPEND_STRING. */
+diff --git a/y.tab.c b/y.tab.c
+index d702554..31faa4a 100644
+--- a/y.tab.c
++++ b/y.tab.c
+@@ -7280,7 +7280,8 @@ decode_prompt_string (string)
+   struct dstack save_dstack;
+   int last_exit_value, last_comsub_pid;
+ #if defined (PROMPT_STRING_DECODE)
+-  int result_size, result_index;
++  size_t result_size;
++  int result_index;
+   int c, n, i;
+   char *temp, octal_string[4];
+   struct tm *tm;
+--
+2.5.5

SOURCES/bash-4.4-pipeline-pgrp.patch

@@ -0,0 +1,16 @@
+diff --git a/subst.c b/subst.c
+index 1dbfb5e..049962e 100644
+--- a/subst.c
++++ b/subst.c
+@@ -5011,7 +5011,8 @@ process_substitute (string, open_for_read_in_child)
+
+ #if defined (JOB_CONTROL)
+   old_pipeline_pgrp = pipeline_pgrp;
+-  pipeline_pgrp = shell_pgrp;
++  if (pipeline_pgrp == 0 || (subshell_environment & (SUBSHELL_PIPE|SUBSHELL_FORK|SUBSHELL_ASYNC)) == 0)
++    pipeline_pgrp = shell_pgrp;
+   save_pipeline (1);
+ #endif /* JOB_CONTROL */
+
+--
+2.9.3

SOURCES/bash-bashbug.patch

@@ -0,0 +1,55 @@
+diff -up bash-4.2-rc2/doc/bash.1.bashbug bash-4.2-rc2/doc/bash.1
+--- bash-4.2-rc2/doc/bash.1.bashbug	2011-01-16 21:31:39.000000000 +0100
++++ bash-4.2-rc2/doc/bash.1	2011-02-09 08:52:14.000000000 +0100
+@@ -9857,7 +9857,7 @@ The latest version is always available f
+ .PP
+ Once you have determined that a bug actually exists, use the
+ .I bashbug
+-command to submit a bug report.
++command (from the source package) to submit a bug report.
+ If you have a fix, you are encouraged to mail that as well!
+ Suggestions and `philosophical' bug reports may be mailed
+ to \fIbug-bash@gnu.org\fP or posted to the Usenet
+@@ -9879,10 +9879,6 @@ A description of the bug behaviour
+ A short script or `recipe' which exercises the bug
+ .PD
+ .PP
+-.I bashbug
+-inserts the first three items automatically into the template
+-it provides for filing a bug report.
+-.PP
+ Comments and bug reports concerning
+ this manual page should be directed to
+ .IR chet.ramey@case.edu .
+diff -up bash-4.2-rc2/doc/bashref.texi.bashbug bash-4.2-rc2/doc/bashref.texi
+--- bash-4.2-rc2/doc/bashref.texi.bashbug	2011-01-16 21:31:57.000000000 +0100
++++ bash-4.2-rc2/doc/bashref.texi	2011-02-09 08:47:07.000000000 +0100
+@@ -7635,7 +7635,7 @@ The latest version of Bash is always ava
+ @uref{ftp://ftp.gnu.org/pub/gnu/bash/}.
+
+ Once you have determined that a bug actually exists, use the
+-@code{bashbug} command to submit a bug report.
++@code{bashbug} command (from the source package) to submit a bug report.
+ If you have a fix, you are encouraged to mail that as well!
+ Suggestions and `philosophical' bug reports may be mailed
+ to @email{bug-bash@@gnu.org} or posted to the Usenet
+@@ -7657,9 +7657,6 @@ to reproduce it.
+ @end itemize
+
+ @noindent
+-@code{bashbug} inserts the first three items automatically into
+-the template it provides for filing a bug report.
+-
+ Please send all reports concerning this manual to
+ @email{chet.ramey@@case.edu}.
+
+diff -up bash-4.2-rc2/shell.c.bashbug bash-4.2-rc2/shell.c
+--- bash-4.2-rc2/shell.c.bashbug	2011-01-02 22:04:51.000000000 +0100
++++ bash-4.2-rc2/shell.c	2011-02-09 08:47:07.000000000 +0100
+@@ -1823,7 +1823,6 @@ show_shell_usage (fp, extra)
+     {
+       fprintf (fp, _("Type `%s -c \"help set\"' for more information about shell options.\n"), shell_name);
+       fprintf (fp, _("Type `%s -c help' for more information about shell builtin commands.\n"), shell_name);
+-      fprintf (fp, _("Use the `bashbug' command to report bugs.\n"));
+     }
+ }

SOURCES/bash-cve-2016-9401.patch

@@ -0,0 +1,27 @@
+diff --git a/builtins/pushd.def b/builtins/pushd.def
+index 05b7529..4eb0132 100644
+--- a/builtins/pushd.def
++++ b/builtins/pushd.def
+@@ -353,7 +353,7 @@ popd_builtin (list)
+	break;
+     }
+
+-  if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
++  if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
+     {
+       pushd_error (directory_list_offset, which_word ? which_word : "");
+       return (EXECUTION_FAILURE);
+@@ -375,6 +375,11 @@ popd_builtin (list)
+	 remove that directory from the list and shift the remainder
+	 of the list into place. */
+       i = (direction == '+') ? directory_list_offset - which : which;
++      if (i < 0 || i > directory_list_offset)
++	{
++	  pushd_error (directory_list_offset, which_word ? which_word : "");
++	  return (EXECUTION_FAILURE);
++	}
+       free (pushd_directory_list[i]);
+       directory_list_offset--;
+
+--
+2.9.3

SOURCES/bash-infotags.patch

@@ -0,0 +1,30 @@
+--- bash-3.1/doc/Makefile.in.infotags	2006-07-12 13:57:18.000000000 +0100
++++ bash-3.1/doc/Makefile.in	2006-07-12 13:58:25.000000000 +0100
+@@ -69,7 +69,6 @@
+ TEXI2HTML   = ${SUPPORT_SRCDIR}/texi2html
+ MAN2HTML    = ${BUILD_DIR}/support/man2html
+ HTMLPOST    = ${srcdir}/htmlpost.sh
+-INFOPOST    = ${srcdir}/infopost.sh
+ QUIETPS	    = #set this to -q to shut up dvips
+ PAPERSIZE   = letter	# change to a4 for A4-size paper
+ PSDPI       = 600	# could be 300 if you like
+@@ -146,7 +145,7 @@
+
+ PSFILES = bash.ps bashbug.ps article.ps builtins.ps rbash.ps
+ DVIFILES = bashref.dvi bashref.ps
+-INFOFILES = bashref.info
++INFOFILES = bashref.info bash.info
+ MAN0FILES = bash.0 bashbug.0 builtins.0 rbash.0
+ HTMLFILES = bashref.html bash.html
+ PDFFILES = bash.pdf bashref.pdf article.pdf rose94.pdf
+@@ -167,8 +166,8 @@
+ bashref.html: $(BASHREF_FILES) $(HSUSER) $(RLUSER)
+	$(TEXI2HTML) -menu -monolithic -I $(TEXINPUTDIR) $(srcdir)/bashref.texi
+
+-bash.info: bashref.info
+-	${SHELL} ${INFOPOST} < $(srcdir)/bashref.info > $@ ; \
++bash.info: $(BASHREF_FILES) $(HSUSER) $(RLUSER)
++	$(MAKEINFO) --no-split -I$(TEXINPUTDIR) $(srcdir)/bashref.texi -o $@
+
+ bash.txt: bash.1
+ bash.ps: bash.1

SOURCES/bash-requires.patch

@@ -0,0 +1,310 @@
+diff -up bash-4.1/builtins.h.requires bash-4.1/builtins.h
+--- bash-4.1/builtins.h.requires	2009-01-04 20:32:23.000000000 +0100
++++ bash-4.1/builtins.h	2010-08-02 17:42:41.000000000 +0200
+@@ -41,6 +41,8 @@
+ #define SPECIAL_BUILTIN 0x08	/* This is a Posix `special' builtin. */
+ #define ASSIGNMENT_BUILTIN 0x10	/* This builtin takes assignment statements. */
+ #define POSIX_BUILTIN	0x20	/* This builtins is special in the Posix command search order. */
++#define REQUIRES_BUILTIN 0x40	/* This builtin requires other files. */
++
+
+ #define BASE_INDENT	4
+
+diff -up bash-4.1/builtins/mkbuiltins.c.requires bash-4.1/builtins/mkbuiltins.c
+--- bash-4.1/builtins/mkbuiltins.c.requires	2009-01-04 20:32:23.000000000 +0100
++++ bash-4.1/builtins/mkbuiltins.c	2010-08-02 17:42:41.000000000 +0200
+@@ -69,9 +69,15 @@ extern char *strcpy ();
+ #define whitespace(c) (((c) == ' ') || ((c) == '\t'))
+
+ /* Flag values that builtins can have. */
++/*  These flags are for the C code generator,
++    the C which is produced (./builtin.c)
++    includes the flags definitions found
++    in ../builtins.h */
+ #define BUILTIN_FLAG_SPECIAL	0x01
+ #define BUILTIN_FLAG_ASSIGNMENT 0x02
+ #define BUILTIN_FLAG_POSIX_BUILTIN 0x04
++#define BUILTIN_FLAG_REQUIRES	0x08
++
+
+ #define BASE_INDENT	4
+
+@@ -163,10 +169,18 @@ char *posix_builtins[] =
+   (char *)NULL
+ };
+
++/* The builtin commands that cause requirements on other files. */
++static char *requires_builtins[] =
++{
++  ".", "command", "exec", "source", "inlib",
++  (char *)NULL
++};
++
+ /* Forward declarations. */
+ static int is_special_builtin ();
+ static int is_assignment_builtin ();
+ static int is_posix_builtin ();
++static int is_requires_builtin ();
+
+ #if !defined (HAVE_RENAME)
+ static int rename ();
+@@ -812,6 +826,9 @@ builtin_handler (self, defs, arg)
+     new->flags |= BUILTIN_FLAG_ASSIGNMENT;
+   if (is_posix_builtin (name))
+     new->flags |= BUILTIN_FLAG_POSIX_BUILTIN;
++  if (is_requires_builtin (name))
++    new->flags |= BUILTIN_FLAG_REQUIRES;
++
+
+   array_add ((char *)new, defs->builtins);
+   building_builtin = 1;
+@@ -1229,11 +1246,12 @@ write_builtins (defs, structfile, extern
+		  else
+		    fprintf (structfile, "(sh_builtin_func_t *)0x0, ");
+
+-		  fprintf (structfile, "%s%s%s%s, %s_doc,\n",
++		  fprintf (structfile, "%s%s%s%s%s, %s_doc,\n",
+		    "BUILTIN_ENABLED | STATIC_BUILTIN",
+		    (builtin->flags & BUILTIN_FLAG_SPECIAL) ? " | SPECIAL_BUILTIN" : "",
+		    (builtin->flags & BUILTIN_FLAG_ASSIGNMENT) ? " | ASSIGNMENT_BUILTIN" : "",
+		    (builtin->flags & BUILTIN_FLAG_POSIX_BUILTIN) ? " | POSIX_BUILTIN" : "",
++		    (builtin->flags & BUILTIN_FLAG_REQUIRES) ? " | REQUIRES_BUILTIN" : "",
+		    document_name (builtin));
+
+		  fprintf
+@@ -1581,6 +1599,13 @@ is_posix_builtin (name)
+   return (_find_in_table (name, posix_builtins));
+ }
+
++static int
++is_requires_builtin (name)
++     char *name;
++{
++  return (_find_in_table (name, requires_builtins));
++}
++
+ #if !defined (HAVE_RENAME)
+ static int
+ rename (from, to)
+diff -up bash-4.1/doc/bash.1.requires bash-4.1/doc/bash.1
+--- bash-4.1/doc/bash.1.requires	2010-08-02 17:42:41.000000000 +0200
++++ bash-4.1/doc/bash.1	2010-08-02 18:09:27.000000000 +0200
+@@ -231,6 +231,14 @@ The shell becomes restricted (see
+ .B "RESTRICTED SHELL"
+ below).
+ .TP
++.B \-\-rpm-requires
++Produce the list of files that are required for the
++shell script to run.  This implies '-n' and is subject
++to the same limitations as compile time error checking checking;
++Command substitutions, Conditional expressions and
++.BR eval
++builtin are not parsed so some dependencies may be missed.
++.TP
+ .B \-\-verbose
+ Equivalent to  \fB\-v\fP.
+ .TP
+diff -up bash-4.1/doc/bashref.texi.requires bash-4.1/doc/bashref.texi
+--- bash-4.1/doc/bashref.texi.requires	2010-08-02 17:42:41.000000000 +0200
++++ bash-4.1/doc/bashref.texi	2010-08-02 18:11:58.000000000 +0200
+@@ -5343,6 +5343,13 @@ standard.  @xref{Bash POSIX Mode}, for a
+ @item --restricted
+ Make the shell a restricted shell (@pxref{The Restricted Shell}).
+
++@item --rpm-requires
++Produce the list of files that are required for the
++shell script to run.  This implies '-n' and is subject
++to the same limitations as compile time error checking checking;
++Command substitutions, Conditional expressions and @command{eval}
++are not parsed so some dependencies may be missed.
++
+ @item --verbose
+ Equivalent to @option{-v}.  Print shell input lines as they're read.
+
+diff -up bash-4.1/eval.c.requires bash-4.1/eval.c
+--- bash-4.1/eval.c.requires	2009-01-04 20:32:26.000000000 +0100
++++ bash-4.1/eval.c	2010-08-02 17:42:41.000000000 +0200
+@@ -53,6 +53,7 @@ extern int last_command_exit_value, stdi
+ extern int need_here_doc;
+ extern int current_command_number, current_command_line_count, line_number;
+ extern int expand_aliases;
++extern int rpm_requires;
+
+ static void send_pwd_to_eterm __P((void));
+ static sighandler alrm_catcher __P((int));
+@@ -136,7 +137,7 @@ reader_loop ()
+
+       if (read_command () == 0)
+	{
+-	  if (interactive_shell == 0 && read_but_dont_execute)
++	  if (interactive_shell == 0 && (read_but_dont_execute && !rpm_requires))
+	    {
+	      last_command_exit_value = EXECUTION_SUCCESS;
+	      dispose_command (global_command);
+diff -up bash-4.1/execute_cmd.c.requires bash-4.1/execute_cmd.c
+--- bash-4.1/execute_cmd.c.requires	2010-08-02 17:42:41.000000000 +0200
++++ bash-4.1/execute_cmd.c	2010-08-02 17:42:41.000000000 +0200
+@@ -503,6 +503,8 @@ async_redirect_stdin ()
+
+ #define DESCRIBE_PID(pid) do { if (interactive) describe_pid (pid); } while (0)
+
++extern int rpm_requires;
++
+ /* Execute the command passed in COMMAND, perhaps doing it asynchrounously.
+    COMMAND is exactly what read_command () places into GLOBAL_COMMAND.
+    ASYNCHROUNOUS, if non-zero, says to do this command in the background.
+@@ -534,7 +536,13 @@ execute_command_internal (command, async
+ #else
+   if (breaking || continuing)
+     return (last_command_exit_value);
+-  if (command == 0 || read_but_dont_execute)
++  if (command == 0 || (read_but_dont_execute && !rpm_requires))
++    return (EXECUTION_SUCCESS);
++  if (rpm_requires && command->type == cm_function_def)
++    return last_command_exit_value =
++      execute_intern_function (command->value.Function_def->name,
++                              command->value.Function_def->command);
++  if (read_but_dont_execute)
+     return (EXECUTION_SUCCESS);
+ #endif
+
+@@ -5066,7 +5074,7 @@ execute_intern_function (name, function)
+
+   if (check_identifier (name, posixly_correct) == 0)
+     {
+-      if (posixly_correct && interactive_shell == 0)
++      if (posixly_correct && interactive_shell == 0 && rpm_requires == 0)
+	{
+	  last_command_exit_value = EX_BADUSAGE;
+	  jump_to_top_level (ERREXIT);
+diff -up bash-4.1/execute_cmd.h.requires bash-4.1/execute_cmd.h
+--- bash-4.1/execute_cmd.h.requires	2009-01-16 22:20:15.000000000 +0100
++++ bash-4.1/execute_cmd.h	2010-08-02 17:42:41.000000000 +0200
+@@ -22,6 +22,8 @@
+ #define _EXECUTE_CMD_H_
+
+ #include "stdc.h"
++#include "variables.h"
++#include "command.h"
+
+ extern struct fd_bitmap *new_fd_bitmap __P((int));
+ extern void dispose_fd_bitmap __P((struct fd_bitmap *));
+diff -up bash-4.1/make_cmd.c.requires bash-4.1/make_cmd.c
+--- bash-4.1/make_cmd.c.requires	2009-09-11 23:26:12.000000000 +0200
++++ bash-4.1/make_cmd.c	2010-08-02 17:42:41.000000000 +0200
+@@ -42,11 +42,15 @@
+ #include "flags.h"
+ #include "make_cmd.h"
+ #include "dispose_cmd.h"
++#include "execute_cmd.h"
+ #include "variables.h"
+ #include "subst.h"
+ #include "input.h"
+ #include "ocache.h"
+ #include "externs.h"
++#include "builtins.h"
++
++#include "builtins/common.h"
+
+ #if defined (JOB_CONTROL)
+ #include "jobs.h"
+@@ -56,6 +60,10 @@
+
+ extern int line_number, current_command_line_count, parser_state;
+ extern int last_command_exit_value;
++extern int rpm_requires;
++
++static char *alphabet_set = "abcdefghijklmnopqrstuvwxyz"
++                     "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+
+ /* Object caching */
+ sh_obj_cache_t wdcache = {0, 0, 0};
+@@ -820,6 +828,27 @@ make_coproc_command (name, command)
+   return (make_command (cm_coproc, (SIMPLE_COM *)temp));
+ }
+
++static void
++output_requirement (deptype, filename)
++const char *deptype;
++char *filename;
++{
++  if (strchr(filename, '$') || (filename[0] != '/' && strchr(filename, '/')))
++    return;
++
++  /*
++      if the executable is called via variable substitution we can
++      not dermine what it is at compile time.
++
++      if the executable consists only of characters not in the
++      alphabet we do not consider it a dependency just an artifact
++      of shell parsing (ex "exec < ${infile}").
++  */
++
++  if (strpbrk(filename, alphabet_set))
++    printf ("%s(%s)\n", deptype, filename);
++}
++
+ /* Reverse the word list and redirection list in the simple command
+    has just been parsed.  It seems simpler to do this here the one
+    time then by any other method that I can think of. */
+@@ -837,6 +866,27 @@ clean_simple_command (command)
+	REVERSE_LIST (command->value.Simple->redirects, REDIRECT *);
+     }
+
++  if (rpm_requires && command->value.Simple->words)
++    {
++      char *cmd0;
++      char *cmd1;
++      struct builtin *b;
++
++      cmd0 = command->value.Simple->words->word->word;
++      b = builtin_address_internal (cmd0, 0);
++      cmd1 = 0;
++      if (command->value.Simple->words->next)
++        cmd1 = command->value.Simple->words->next->word->word;
++
++      if (b) {
++        if ( (b->flags & REQUIRES_BUILTIN) && cmd1)
++          output_requirement ("executable", cmd1);
++      } else {
++        if (!assignment(cmd0, 0))
++          output_requirement (find_function(cmd0) ? "function" : "executable", cmd0);
++      }
++    } /*rpm_requires*/
++
+   parser_state &= ~PST_REDIRLIST;
+   return (command);
+ }
+diff -up bash-4.1/shell.c.requires bash-4.1/shell.c
+--- bash-4.1/shell.c.requires	2010-08-02 17:42:41.000000000 +0200
++++ bash-4.1/shell.c	2010-08-02 17:42:41.000000000 +0200
+@@ -193,6 +193,9 @@ int have_devfd = 0;
+ /* The name of the .(shell)rc file. */
+ static char *bashrc_file = "~/.bashrc";
+
++/* Non-zero if we are finding the scripts requirements. */
++int rpm_requires;
++
+ /* Non-zero means to act more like the Bourne shell on startup. */
+ static int act_like_sh;
+
+@@ -251,6 +254,7 @@ static const struct {
+   { "posix", Int, &posixly_correct, (char **)0x0 },
+   { "protected", Int, &protected_mode, (char **)0x0 },
+   { "rcfile", Charp, (int *)0x0, &bashrc_file },
++  { "rpm-requires", Int, &rpm_requires, (char **)0x0 },
+ #if defined (RESTRICTED_SHELL)
+   { "restricted", Int, &restricted, (char **)0x0 },
+ #endif
+@@ -485,6 +489,12 @@ main (argc, argv, env)
+   if (dump_translatable_strings)
+     read_but_dont_execute = 1;
+
++  if (rpm_requires)
++    {
++      read_but_dont_execute = 1;
++      initialize_shell_builtins ();
++    }
++
+   if (running_setuid && privileged_mode == 0)
+     disable_priv_mode ();

SOURCES/bash-setlocale.patch

@@ -0,0 +1,10 @@
+--- bash-3.0/builtins/setattr.def.setlocale	2005-08-08 12:22:42.000000000 +0100
++++ bash-3.0/builtins/setattr.def	2005-08-08 12:25:16.000000000 +0100
+@@ -423,4 +423,7 @@
+
+   if (var && (exported_p (var) || (attribute & att_exported)))
+     array_needs_making++;	/* XXX */
++
++  if (var)
++    stupidly_hack_special_variables (name);
+ }

SOURCES/bash-tty-tests.patch

@@ -0,0 +1,53 @@
+diff -up bash-4.2-rc2/tests/exec.right.tty_tests bash-4.2-rc2/tests/exec.right
+--- bash-4.2-rc2/tests/exec.right.tty_tests	2011-02-09 10:42:48.000000000 +0100
++++ bash-4.2-rc2/tests/exec.right	2011-02-09 10:42:59.000000000 +0100
+@@ -50,7 +50,6 @@ this is ohio-state
+ 0
+ 1
+ testb
+-expand_aliases 	on
+ 1
+ 1
+ 1
+diff -up bash-4.2-rc2/tests/execscript.tty_tests bash-4.2-rc2/tests/execscript
+--- bash-4.2-rc2/tests/execscript.tty_tests	2010-12-27 22:01:02.000000000 +0100
++++ bash-4.2-rc2/tests/execscript	2011-02-09 10:42:34.000000000 +0100
+@@ -107,8 +107,6 @@ ${THIS_SH} ./exec6.sub
+ # checks for properly deciding what constitutes an executable file
+ ${THIS_SH} ./exec7.sub
+
+-${THIS_SH} -i ./exec8.sub
+-
+ ${THIS_SH} ./exec9.sub
+
+ true | `echo true` &
+diff -up bash-4.2-rc2/tests/read.right.tty_tests bash-4.2-rc2/tests/read.right
+--- bash-4.2-rc2/tests/read.right.tty_tests	2010-12-21 16:49:00.000000000 +0100
++++ bash-4.2-rc2/tests/read.right	2011-02-09 10:42:34.000000000 +0100
+@@ -33,14 +33,6 @@ a = abcdefg
+ a = xyz
+ a = -xyz 123-
+ a = abc
+-timeout 1: ok
+-
+-timeout 2: ok
+-
+-./read2.sub: line 23: read: -3: invalid timeout specification
+-1
+-
+-abcde
+ ./read3.sub: line 4: read: -1: invalid number
+ abc
+ ab
+diff -up bash-4.2-rc2/tests/read.tests.tty_tests bash-4.2-rc2/tests/read.tests
+--- bash-4.2-rc2/tests/read.tests.tty_tests	2008-09-06 19:09:11.000000000 +0200
++++ bash-4.2-rc2/tests/read.tests	2011-02-09 10:42:34.000000000 +0100
+@@ -82,9 +82,6 @@ echo " foo" | { IFS=$':' ; read line; re
+ # test read -d delim behavior
+ ${THIS_SH} ./read1.sub
+
+-# test read -t timeout behavior
+-${THIS_SH} ./read2.sub
+-
+ # test read -n nchars behavior
+ ${THIS_SH} ./read3.sub

SOURCES/bash42-001

@@ -0,0 +1,78 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-001
+
+Bug-Reported-by:	Juergen Daubert <jue@jue.li>
+Bug-Reference-ID:	<20110214175132.GA19813@jue.netz>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00125.html
+
+Bug-Description:
+
+When running in Posix mode, bash does not correctly expand the right-hand
+side of a double-quoted word expansion containing single quotes.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2011-01-02 16:12:51.000000000 -0500
+--- subst.c	2011-02-19 00:00:00.000000000 -0500
+***************
+*** 1380,1387 ****
+
+    /* The handling of dolbrace_state needs to agree with the code in parse.y:
+!      parse_matched_pair() */
+!   dolbrace_state = 0;
+!   if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+!     dolbrace_state = (flags & SX_POSIXEXP) ? DOLBRACE_QUOTE : DOLBRACE_PARAM;
+
+    i = *sindex;
+--- 1380,1389 ----
+
+    /* The handling of dolbrace_state needs to agree with the code in parse.y:
+!      parse_matched_pair().  The different initial value is to handle the
+!      case where this function is called to parse the word in
+!      ${param op word} (SX_WORD). */
+!   dolbrace_state = (flags & SX_WORD) ? DOLBRACE_WORD : DOLBRACE_PARAM;
+!   if ((quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && (flags & SX_POSIXEXP))
+!     dolbrace_state = DOLBRACE_QUOTE;
+
+    i = *sindex;
+***************
+*** 7177,7181 ****
+        /* Extract the contents of the ${ ... } expansion
+	 according to the Posix.2 rules. */
+!       value = extract_dollar_brace_string (string, &sindex, quoted, (c == '%' || c == '#') ? SX_POSIXEXP : 0);
+        if (string[sindex] == RBRACE)
+	sindex++;
+--- 7181,7185 ----
+        /* Extract the contents of the ${ ... } expansion
+	 according to the Posix.2 rules. */
+!       value = extract_dollar_brace_string (string, &sindex, quoted, (c == '%' || c == '#' || c =='/' || c == '^' || c == ',' || c ==':') ? SX_POSIXEXP|SX_WORD : SX_WORD);
+        if (string[sindex] == RBRACE)
+	sindex++;
+*** ../bash-4.2-patched/subst.h	2010-12-02 20:21:29.000000000 -0500
+--- subst.h	2011-02-16 21:12:09.000000000 -0500
+***************
+*** 57,60 ****
+--- 57,61 ----
+  #define SX_ARITHSUB	0x0080	/* extracting $(( ... )) (currently unused) */
+  #define SX_POSIXEXP	0x0100	/* extracting new Posix pattern removal expansions in extract_dollar_brace_string */
++ #define SX_WORD		0x0200	/* extracting word in ${param op word} */
+
+  /* Remove backslashes which are quoting backquotes from STRING.  Modifies
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 0
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 1
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-002

@@ -0,0 +1,59 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-002
+
+Bug-Reported-by:	Clark J. Wang <dearvoid@gmail.com>
+Bug-Reference-ID:	<AANLkTimGbW7aC4E5infXP6ku5WPci4t=xVc+L1SyHqrD@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00157.html
+
+Bug-Description:
+
+The readline vi-mode `cc', `dd', and `yy' commands failed to modify the
+entire line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/readline/vi_mode.c	2010-11-20 19:51:39.000000000 -0500
+--- lib/readline/vi_mode.c	2011-02-17 20:24:25.000000000 -0500
+***************
+*** 1115,1119 ****
+        _rl_vi_last_motion = c;
+        RL_UNSETSTATE (RL_STATE_VIMOTION);
+!       return (0);
+      }
+  #if defined (READLINE_CALLBACKS)
+--- 1115,1119 ----
+        _rl_vi_last_motion = c;
+        RL_UNSETSTATE (RL_STATE_VIMOTION);
+!       return (vidomove_dispatch (m));
+      }
+  #if defined (READLINE_CALLBACKS)
+*** ../bash-4.2-patched/lib/readline/callback.c	2010-06-06 12:18:58.000000000 -0400
+--- lib/readline/callback.c	2011-02-17 20:43:28.000000000 -0500
+***************
+*** 149,152 ****
+--- 149,155 ----
+	  /* Should handle everything, including cleanup, numeric arguments,
+	     and turning off RL_STATE_VIMOTION */
++ 	  if (RL_ISSTATE (RL_STATE_NUMERICARG) == 0)
++ 	    _rl_internal_char_cleanup ();
++
+	  return;
+	}
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 1
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 2
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-003

@@ -0,0 +1,318 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-003
+
+Bug-Reported-by:	Clark J. Wang <dearvoid@gmail.com>
+Bug-Reference-ID:	<AANLkTikZ_rVV-frR8Fh0PzhXnMKnm5XsUR-F3qtPPs5G@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00136.html
+
+Bug-Description:
+
+When using the pattern replacement and pattern removal word expansions, bash
+miscalculates the possible match length in the presence of an unescaped left
+bracket without a closing right bracket, resulting in a failure to match
+the pattern.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/glob/gmisc.c	2011-02-05 16:11:17.000000000 -0500
+--- lib/glob/gmisc.c	2011-02-18 23:53:42.000000000 -0500
+***************
+*** 78,83 ****
+       size_t wmax;
+  {
+!   wchar_t wc, *wbrack;
+!   int matlen, t, in_cclass, in_collsym, in_equiv;
+
+    if (*wpat == 0)
+--- 78,83 ----
+       size_t wmax;
+  {
+!   wchar_t wc;
+!   int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;
+
+    if (*wpat == 0)
+***************
+*** 119,123 ****
+	case L'[':
+	  /* scan for ending `]', skipping over embedded [:...:] */
+! 	  wbrack = wpat;
+	  wc = *wpat++;
+	  do
+--- 119,123 ----
+	case L'[':
+	  /* scan for ending `]', skipping over embedded [:...:] */
+! 	  bracklen = 1;
+	  wc = *wpat++;
+	  do
+***************
+*** 125,140 ****
+	      if (wc == 0)
+		{
+! 	          matlen += wpat - wbrack - 1;	/* incremented below */
+! 	          break;
+	        }
+	      else if (wc == L'\\')
+		{
+! 		  wc = *wpat++;
+! 		  if (*wpat == 0)
+! 		    break;
+		}
+	      else if (wc == L'[' && *wpat == L':')	/* character class */
+		{
+		  wpat++;
+		  in_cclass = 1;
+		}
+--- 125,148 ----
+	      if (wc == 0)
+		{
+! 		  wpat--;			/* back up to NUL */
+! 	          matlen += bracklen;
+! 	          goto bad_bracket;
+	        }
+	      else if (wc == L'\\')
+		{
+! 		  /* *wpat == backslash-escaped character */
+! 		  bracklen++;
+! 		  /* If the backslash or backslash-escape ends the string,
+! 		     bail.  The ++wpat skips over the backslash escape */
+! 		  if (*wpat == 0 || *++wpat == 0)
+! 		    {
+! 		      matlen += bracklen;
+! 		      goto bad_bracket;
+! 		    }
+		}
+	      else if (wc == L'[' && *wpat == L':')	/* character class */
+		{
+		  wpat++;
++ 		  bracklen++;
+		  in_cclass = 1;
+		}
+***************
+*** 142,145 ****
+--- 150,154 ----
+		{
+		  wpat++;
++ 		  bracklen++;
+		  in_cclass = 0;
+		}
+***************
+*** 147,152 ****
+		{
+		  wpat++;
+		  if (*wpat == L']')	/* right bracket can appear as collating symbol */
+! 		    wpat++;
+		  in_collsym = 1;
+		}
+--- 156,165 ----
+		{
+		  wpat++;
++ 		  bracklen++;
+		  if (*wpat == L']')	/* right bracket can appear as collating symbol */
+! 		    {
+! 		      wpat++;
+! 		      bracklen++;
+! 		    }
+		  in_collsym = 1;
+		}
+***************
+*** 154,157 ****
+--- 167,171 ----
+		{
+		  wpat++;
++ 		  bracklen++;
+		  in_collsym = 0;
+		}
+***************
+*** 159,164 ****
+		{
+		  wpat++;
+		  if (*wpat == L']')	/* right bracket can appear as equivalence class */
+! 		    wpat++;
+		  in_equiv = 1;
+		}
+--- 173,182 ----
+		{
+		  wpat++;
++ 		  bracklen++;
+		  if (*wpat == L']')	/* right bracket can appear as equivalence class */
+! 		    {
+! 		      wpat++;
+! 		      bracklen++;
+! 		    }
+		  in_equiv = 1;
+		}
+***************
+*** 166,174 ****
+--- 184,196 ----
+		{
+		  wpat++;
++ 		  bracklen++;
+		  in_equiv = 0;
+		}
++ 	      else
++ 		bracklen++;
+	    }
+	  while ((wc = *wpat++) != L']');
+	  matlen++;		/* bracket expression can only match one char */
++ bad_bracket:
+	  break;
+	}
+***************
+*** 214,219 ****
+       size_t max;
+  {
+!   char c, *brack;
+!   int matlen, t, in_cclass, in_collsym, in_equiv;
+
+    if (*pat == 0)
+--- 236,241 ----
+       size_t max;
+  {
+!   char c;
+!   int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;
+
+    if (*pat == 0)
+***************
+*** 255,259 ****
+	case '[':
+	  /* scan for ending `]', skipping over embedded [:...:] */
+! 	  brack = pat;
+	  c = *pat++;
+	  do
+--- 277,281 ----
+	case '[':
+	  /* scan for ending `]', skipping over embedded [:...:] */
+! 	  bracklen = 1;
+	  c = *pat++;
+	  do
+***************
+*** 261,276 ****
+	      if (c == 0)
+		{
+! 	          matlen += pat - brack - 1;	/* incremented below */
+! 	          break;
+	        }
+	      else if (c == '\\')
+		{
+! 		  c = *pat++;
+! 		  if (*pat == 0)
+! 		    break;
+		}
+	      else if (c == '[' && *pat == ':')	/* character class */
+		{
+		  pat++;
+		  in_cclass = 1;
+		}
+--- 283,306 ----
+	      if (c == 0)
+		{
+! 		  pat--;			/* back up to NUL */
+! 		  matlen += bracklen;
+! 		  goto bad_bracket;
+	        }
+	      else if (c == '\\')
+		{
+! 		  /* *pat == backslash-escaped character */
+! 		  bracklen++;
+! 		  /* If the backslash or backslash-escape ends the string,
+! 		     bail.  The ++pat skips over the backslash escape */
+! 		  if (*pat == 0 || *++pat == 0)
+! 		    {
+! 		      matlen += bracklen;
+! 		      goto bad_bracket;
+! 		    }
+		}
+	      else if (c == '[' && *pat == ':')	/* character class */
+		{
+		  pat++;
++ 		  bracklen++;
+		  in_cclass = 1;
+		}
+***************
+*** 278,281 ****
+--- 308,312 ----
+		{
+		  pat++;
++ 		  bracklen++;
+		  in_cclass = 0;
+		}
+***************
+*** 283,288 ****
+		{
+		  pat++;
+		  if (*pat == ']')	/* right bracket can appear as collating symbol */
+! 		    pat++;
+		  in_collsym = 1;
+		}
+--- 314,323 ----
+		{
+		  pat++;
++ 		  bracklen++;
+		  if (*pat == ']')	/* right bracket can appear as collating symbol */
+! 		    {
+! 		      pat++;
+! 		      bracklen++;
+! 		    }
+		  in_collsym = 1;
+		}
+***************
+*** 290,293 ****
+--- 325,329 ----
+		{
+		  pat++;
++ 		  bracklen++;
+		  in_collsym = 0;
+		}
+***************
+*** 295,300 ****
+		{
+		  pat++;
+		  if (*pat == ']')	/* right bracket can appear as equivalence class */
+! 		    pat++;
+		  in_equiv = 1;
+		}
+--- 331,340 ----
+		{
+		  pat++;
++ 		  bracklen++;
+		  if (*pat == ']')	/* right bracket can appear as equivalence class */
+! 		    {
+! 		      pat++;
+! 		      bracklen++;
+! 		    }
+		  in_equiv = 1;
+		}
+***************
+*** 302,310 ****
+--- 342,354 ----
+		{
+		  pat++;
++ 		  bracklen++;
+		  in_equiv = 0;
+		}
++ 	      else
++ 		bracklen++;
+	    }
+	  while ((c = *pat++) != ']');
+	  matlen++;		/* bracket expression can only match one char */
++ bad_bracket:
+	  break;
+	}
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 2
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 3
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-004

@@ -0,0 +1,53 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-004
+
+Bug-Reported-by:	Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID:	<201102182106.17834.vapier@gentoo.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00222.html
+
+Bug-Description:
+
+When used in contexts where word splitting and quote removal were not
+performed, such as pattern removal or pattern substitution, empty strings
+(either literal or resulting from quoted variables that were unset or
+null) were not matched correctly, resulting in failure.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2011-01-02 16:12:51.000000000 -0500
+--- subst.c	2011-02-18 22:30:13.000000000 -0500
+***************
+*** 3373,3379 ****
+    if (string == 0 || *string == '\0')
+      return (WORD_LIST *)NULL;
+
+!   td.flags = 0;
+    td.word = string;
+    tresult = call_expand_word_internal (&td, quoted, 1, dollar_at_p, has_dollar_at);
+    return (tresult);
+--- 3373,3379 ----
+    if (string == 0 || *string == '\0')
+      return (WORD_LIST *)NULL;
+
+!   td.flags = W_NOSPLIT2;		/* no splitting, remove "" and '' */
+    td.word = string;
+    tresult = call_expand_word_internal (&td, quoted, 1, dollar_at_p, has_dollar_at);
+    return (tresult);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 3
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 4
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-005

@@ -0,0 +1,131 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-005
+
+Bug-Reported-by:	Dennis Williamson <dennistwilliamson@gmail.com>
+Bug-Reference-ID:	<AANLkTikDbEV5rnbPc0zOfmZfBcg0xGetzLLzK+KjRiNa@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00147.html
+
+Bug-Description:
+
+Systems that use tzset() to set the local timezone require the TZ variable
+to be in the environment.  Bash must make sure the environment has been
+modified with any updated value for TZ before calling tzset().  This
+affects prompt string expansions and the `%T' printf conversion specification
+on systems that do not allow bash to supply a replacement for getenv(3).
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/variables.h	2010-12-02 20:22:01.000000000 -0500
+--- variables.h	2011-02-19 19:57:12.000000000 -0500
+***************
+*** 314,317 ****
+--- 314,318 ----
+  extern void sort_variables __P((SHELL_VAR **));
+
++ extern int chkexport __P((char *));
+  extern void maybe_make_export_env __P((void));
+  extern void update_export_env_inplace __P((char *, int, char *));
+*** ../bash-4.2-patched/variables.c	2011-01-24 20:07:48.000000000 -0500
+--- variables.c	2011-02-19 20:04:50.000000000 -0500
+***************
+*** 3654,3657 ****
+--- 3654,3673 ----
+  }
+
++ int
++ chkexport (name)
++      char *name;
++ {
++   SHELL_VAR *v;
++
++   v = find_variable (name);
++   if (exported_p (v))
++     {
++       array_needs_making = 1;
++       maybe_make_export_env ();
++       return 1;
++     }
++   return 0;
++ }
++
+  void
+  maybe_make_export_env ()
+***************
+*** 4215,4219 ****
+    { "TEXTDOMAINDIR", sv_locale },
+
+! #if defined (HAVE_TZSET) && defined (PROMPT_STRING_DECODE)
+    { "TZ", sv_tz },
+  #endif
+--- 4231,4235 ----
+    { "TEXTDOMAINDIR", sv_locale },
+
+! #if defined (HAVE_TZSET)
+    { "TZ", sv_tz },
+  #endif
+***************
+*** 4559,4568 ****
+  #endif /* HISTORY */
+
+! #if defined (HAVE_TZSET) && defined (PROMPT_STRING_DECODE)
+  void
+  sv_tz (name)
+       char *name;
+  {
+!   tzset ();
+  }
+  #endif
+--- 4575,4585 ----
+  #endif /* HISTORY */
+
+! #if defined (HAVE_TZSET)
+  void
+  sv_tz (name)
+       char *name;
+  {
+!   if (chkexport (name))
+!     tzset ();
+  }
+  #endif
+*** ../bash-4.2-patched/parse.y	2011-01-02 15:48:11.000000000 -0500
+--- parse.y	2011-02-19 20:05:00.000000000 -0500
+***************
+*** 5136,5139 ****
+--- 5136,5142 ----
+	      /* Make the current time/date into a string. */
+	      (void) time (&the_time);
++ #if defined (HAVE_TZSET)
++ 	      sv_tz ("TZ");		/* XXX -- just make sure */
++ #endif
+	      tm = localtime (&the_time);
+
+*** ../bash-4.2-patched/builtins/printf.def	2010-11-23 10:02:55.000000000 -0500
+--- builtins/printf.def	2011-02-19 20:05:04.000000000 -0500
+***************
+*** 466,469 ****
+--- 466,472 ----
+		else
+		  secs = arg;
++ #if defined (HAVE_TZSET)
++ 		sv_tz ("TZ");		/* XXX -- just make sure */
++ #endif
+		tm = localtime (&secs);
+		n = strftime (timebuf, sizeof (timebuf), timefmt, tm);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 4
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 5
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-006

@@ -0,0 +1,46 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-006
+
+Bug-Reported-by:	Allan McRae <allan@archlinux.org>
+Bug-Reference-ID:	<4D6D0D0B.50908@archlinux.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00001.html
+
+Bug-Description:
+
+A problem with bash42-005 caused it to dump core if TZ was unset.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/variables.c	2011-02-25 12:07:41.000000000 -0500
+--- variables.c	2011-03-01 10:13:04.000000000 -0500
+***************
+*** 3661,3665 ****
+
+    v = find_variable (name);
+!   if (exported_p (v))
+      {
+        array_needs_making = 1;
+--- 3661,3665 ----
+
+    v = find_variable (name);
+!   if (v && exported_p (v))
+      {
+        array_needs_making = 1;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 5
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 6
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-007

@@ -0,0 +1,46 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-007
+
+Bug-Reported-by:	Matthias Klose <doko@debian.org>
+Bug-Reference-ID:	<4D6FD2AC.1010500@debian.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00015.html
+
+Bug-Description:
+
+When used in contexts where word splitting and quote removal were not
+performed, such as case statement word expansion, empty strings
+(either literal or resulting from quoted variables that were unset or
+null) were not expanded correctly, resulting in failure.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2011-02-25 12:03:58.000000000 -0500
+--- subst.c	2011-03-03 14:08:23.000000000 -0500
+***************
+*** 4609,4614 ****
+--- 4611,4617 ----
+    if (ifs_firstc == 0)
+  #endif
+      word->flags |= W_NOSPLIT;
++   word->flags |= W_NOSPLIT2;
+    result = call_expand_word_internal (word, quoted, 0, (int *)NULL, (int *)NULL);
+    expand_no_split_dollar_star = 0;
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 6
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 7
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-008

@@ -0,0 +1,74 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-008
+
+Bug-Reported-by:	Doug McMahon <mc2man@optonline.net>
+Bug-Reference-ID:	<1299441211.2535.11.camel@doug-XPS-M1330>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00050.html
+
+Bug-Description:
+
+Bash-4.2 does not attempt to save the shell history on receipt of a
+terminating signal that is handled synchronously.  Unfortunately, the
+`close' button on most X11 terminal emulators sends SIGHUP, which
+kills the shell.
+
+This is a very small patch to save the history in the case that an
+interactive shell receives a SIGHUP or SIGTERM while in readline and
+reading a command.
+
+The next version of bash will do this differently.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/sig.c	Tue Nov 23 08:21:22 2010
+--- sig.c	Tue Mar  8 21:28:32 2011
+***************
+*** 47,50 ****
+--- 47,51 ----
+  #if defined (READLINE)
+  #  include "bashline.h"
++ #  include <readline/readline.h>
+  #endif
+
+***************
+*** 63,66 ****
+--- 64,68 ----
+  extern int history_lines_this_session;
+  #endif
++ extern int no_line_editing;
+
+  extern void initialize_siglist ();
+***************
+*** 506,510 ****
+  #if defined (HISTORY)
+        /* XXX - will inhibit history file being written */
+!       history_lines_this_session = 0;
+  #endif
+        terminate_immediately = 0;
+--- 508,515 ----
+  #if defined (HISTORY)
+        /* XXX - will inhibit history file being written */
+! #  if defined (READLINE)
+!       if (interactive_shell == 0 || interactive == 0 || (sig != SIGHUP && sig != SIGTERM) || no_line_editing || (RL_ISSTATE (RL_STATE_READCMD) == 0))
+! #  endif
+!         history_lines_this_session = 0;
+  #endif
+        terminate_immediately = 0;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 7
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 8
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-009

@@ -0,0 +1,82 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-009
+
+Bug-Reported-by:	<piuma@piumalab.org>
+Bug-Reference-ID:	<4DAAC0DB.7060606@piumalab.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00075.html
+
+Bug-Description:
+
+Under certain circumstances, running `fc -l' two times in succession with a
+relative history offset at the end of the history will result in an incorrect
+calculation of the last history entry and a seg fault.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/fc.def	2010-05-30 18:25:38.000000000 -0400
+--- builtins/fc.def	2011-04-19 15:46:17.000000000 -0400
+***************
+*** 305,309 ****
+
+    /* XXX */
+!   if (saved_command_line_count > 0 && i == last_hist && hlist[last_hist] == 0)
+      while (last_hist >= 0 && hlist[last_hist] == 0)
+        last_hist--;
+--- 305,309 ----
+
+    /* XXX */
+!   if (i == last_hist && hlist[last_hist] == 0)
+      while (last_hist >= 0 && hlist[last_hist] == 0)
+        last_hist--;
+***************
+*** 476,480 ****
+  {
+    int sign, n, clen, rh;
+!   register int i, j;
+    register char *s;
+
+--- 476,480 ----
+  {
+    int sign, n, clen, rh;
+!   register int i, j, last_hist;
+    register char *s;
+
+***************
+*** 496,500 ****
+       calculation as if it were on. */
+    rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+!   i -= rh + hist_last_line_added;
+
+    /* No specification defaults to most recent command. */
+--- 496,508 ----
+       calculation as if it were on. */
+    rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+!   last_hist = i - rh - hist_last_line_added;
+!
+!   if (i == last_hist && hlist[last_hist] == 0)
+!     while (last_hist >= 0 && hlist[last_hist] == 0)
+!       last_hist--;
+!   if (last_hist < 0)
+!     return (-1);
+!
+!   i = last_hist;
+
+    /* No specification defaults to most recent command. */
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 8
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 9
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-010

@@ -0,0 +1,61 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-010
+
+Bug-Reported-by:	Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID:	<201104122356.20160.vapier@gentoo.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00058.html
+
+Bug-Description:
+
+Bash did not correctly print/reproduce here documents attached to commands
+inside compound commands such as arithmetic for loops and user-specified
+subshells.  This affected the execution of such commands inside a shell
+function when the function definition is saved and later restored using
+`.' or `eval'.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/print_cmd.c	2010-05-30 18:34:08.000000000 -0400
+--- print_cmd.c	2011-04-14 10:43:18.000000000 -0400
+***************
+*** 316,319 ****
+--- 317,321 ----
+	  skip_this_indent++;
+	  make_command_string_internal (command->value.Subshell->command);
++ 	  PRINT_DEFERRED_HEREDOCS ("");
+	  cprintf (" )");
+	  break;
+***************
+*** 593,596 ****
+--- 606,610 ----
+    indentation += indentation_amount;
+    make_command_string_internal (arith_for_command->action);
++   PRINT_DEFERRED_HEREDOCS ("");
+    semicolon ();
+    indentation -= indentation_amount;
+***************
+*** 654,657 ****
+--- 668,672 ----
+
+    make_command_string_internal (group_command->command);
++   PRINT_DEFERRED_HEREDOCS ("");
+
+    if (inside_function_def)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 9
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 10
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-011

@@ -0,0 +1,46 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-011
+
+Bug-Reported-by:	"David Parks" <davidparks21@yahoo.com>
+Bug-Reference-ID:	<014101cc82c6$46ac1540$d4043fc0$@com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-10/msg00031.html
+
+Bug-Description:
+
+Overwriting a value in an associative array causes the memory allocated to
+store the key on the second and subsequent assignments to leak.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/assoc.c	2009-08-05 20:19:40.000000000 -0400
+--- assoc.c	2011-10-04 20:23:07.000000000 -0400
+***************
+*** 78,81 ****
+--- 78,86 ----
+    if (b == 0)
+      return -1;
++   /* If we are overwriting an existing element's value, we're not going to
++      use the key.  Nothing in the array assignment code path frees the key
++      string, so we can free it here to avoid a memory leak. */
++   if (b->key != key)
++     free (key);
+    FREE (b->data);
+    b->data = value ? savestring (value) : (char *)0;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 10
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 11
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-012

@@ -0,0 +1,151 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-012
+
+Bug-Reported-by:	Rui Santos <rsantos@grupopie.com>
+Bug-Reference-ID:	<4E04C6D0.2020507@grupopie.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00079.html
+
+Bug-Description:
+
+When calling the parser to recursively parse a command substitution within
+an arithmetic expansion, the shell overwrote the saved shell input line and
+associated state, resulting in a garbled command.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/parse.y	2011-02-26 19:19:05.000000000 -0500
+--- parse.y	2011-06-24 20:08:22.000000000 -0400
+***************
+*** 3843,3846 ****
+--- 3849,3853 ----
+  {
+    sh_parser_state_t ps;
++   sh_input_line_state_t ls;
+    int orig_ind, nc, sflags;
+    char *ret, *s, *ep, *ostring;
+***************
+*** 3850,3857 ****
+--- 3857,3866 ----
+    ostring = string;
+
++ /*itrace("xparse_dolparen: size = %d shell_input_line = `%s'", shell_input_line_size, shell_input_line);*/
+    sflags = SEVAL_NONINT|SEVAL_NOHIST|SEVAL_NOFREE;
+    if (flags & SX_NOLONGJMP)
+      sflags |= SEVAL_NOLONGJMP;
+    save_parser_state (&ps);
++   save_input_line_state (&ls);
+
+    /*(*/
+***************
+*** 3862,3865 ****
+--- 3871,3876 ----
+    restore_parser_state (&ps);
+    reset_parser ();
++   /* reset_parser clears shell_input_line and associated variables */
++   restore_input_line_state (&ls);
+    if (interactive)
+      token_to_read = 0;
+***************
+*** 5909,5912 ****
+--- 5920,5929 ----
+    ps->echo_input_at_read = echo_input_at_read;
+
++   ps->token = token;
++   ps->token_buffer_size = token_buffer_size;
++   /* Force reallocation on next call to read_token_word */
++   token = 0;
++   token_buffer_size = 0;
++
+    return (ps);
+  }
+***************
+*** 5950,5953 ****
+--- 5967,6006 ----
+    expand_aliases = ps->expand_aliases;
+    echo_input_at_read = ps->echo_input_at_read;
++
++   FREE (token);
++   token = ps->token;
++   token_buffer_size = ps->token_buffer_size;
++ }
++
++ sh_input_line_state_t *
++ save_input_line_state (ls)
++      sh_input_line_state_t *ls;
++ {
++   if (ls == 0)
++     ls = (sh_input_line_state_t *)xmalloc (sizeof (sh_input_line_state_t));
++   if (ls == 0)
++     return ((sh_input_line_state_t *)NULL);
++
++   ls->input_line = shell_input_line;
++   ls->input_line_size = shell_input_line_size;
++   ls->input_line_len = shell_input_line_len;
++   ls->input_line_index = shell_input_line_index;
++
++   /* force reallocation */
++   shell_input_line = 0;
++   shell_input_line_size = shell_input_line_len = shell_input_line_index = 0;
++ }
++
++ void
++ restore_input_line_state (ls)
++      sh_input_line_state_t *ls;
++ {
++   FREE (shell_input_line);
++   shell_input_line = ls->input_line;
++   shell_input_line_size = ls->input_line_size;
++   shell_input_line_len = ls->input_line_len;
++   shell_input_line_index = ls->input_line_index;
++
++   set_line_mbstate ();
+  }
+
+*** ../bash-4.2-patched/shell.h	2011-01-06 22:16:55.000000000 -0500
+--- shell.h	2011-06-24 19:12:25.000000000 -0400
+***************
+*** 137,140 ****
+--- 139,145 ----
+    int *token_state;
+
++   char *token;
++   int token_buffer_size;
++
+    /* input line state -- line number saved elsewhere */
+    int input_line_terminator;
+***************
+*** 167,171 ****
+--- 172,186 ----
+  } sh_parser_state_t;
+
++ typedef struct _sh_input_line_state_t {
++   char *input_line;
++   int input_line_index;
++   int input_line_size;
++   int input_line_len;
++ } sh_input_line_state_t;
++
+  /* Let's try declaring these here. */
+  extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+  extern void restore_parser_state __P((sh_parser_state_t *));
++
++ extern sh_input_line_state_t *save_input_line_state __P((sh_input_line_state_t *));
++ extern void restore_input_line_state __P((sh_input_line_state_t *));
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 11
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 12
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-013

@@ -0,0 +1,52 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-013
+
+Bug-Reported-by:	Marten Wikstrom <marten.wikstrom@keystream.se>
+Bug-Reference-ID:	<BANLkTikKECAh94ZEX68iQvxYuPeEM_xoSQ@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-05/msg00049.html
+
+Bug-Description:
+
+An off-by-one error caused the shell to skip over CTLNUL characters,
+which are used internally to mark quoted null strings.  The effect
+was to have stray 0x7f characters left after expanding words like
+""""""""aa.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2011-03-06 14:11:11.000000000 -0500
+--- subst.c	2011-05-11 11:23:33.000000000 -0400
+***************
+*** 3707,3711 ****
+	}
+        else if (string[i] == CTLNUL)
+! 	i++;
+
+        prev_i = i;
+--- 3710,3717 ----
+	}
+        else if (string[i] == CTLNUL)
+! 	{
+! 	  i++;
+! 	  continue;
+! 	}
+
+        prev_i = i;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 12
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 13
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-014

@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-014
+
+Bug-Reported-by:	Shawn Bohrer <sbohrer@rgmadvisors.com>
+Bug-Reference-ID:	<20110504152320.6E8F28130527@dev1.rgmadvisors.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-05/msg00018.html
+
+Bug-Description:
+
+The regular expression matching operator did not correctly match
+expressions with an embedded ^A.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/pathexp.c	2010-08-13 23:21:57.000000000 -0400
+--- pathexp.c	2011-05-05 16:40:58.000000000 -0400
+***************
+*** 197,201 ****
+	  if ((qflags & QGLOB_FILENAME) && pathname[i+1] == '/')
+	    continue;
+! 	  if ((qflags & QGLOB_REGEXP) && ere_char (pathname[i+1]) == 0)
+	    continue;
+	  temp[j++] = '\\';
+--- 197,201 ----
+	  if ((qflags & QGLOB_FILENAME) && pathname[i+1] == '/')
+	    continue;
+! 	  if (pathname[i+1] != CTLESC && (qflags & QGLOB_REGEXP) && ere_char (pathname[i+1]) == 0)
+	    continue;
+	  temp[j++] = '\\';
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 13
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 14
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-015

@@ -0,0 +1,81 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-015
+
+Bug-Reported-by:	<dnade.ext@orange-ftgroup.com>
+Bug-Reference-ID:	<728_1312188080_4E3666B0_728_118711_1_3B5D3E0F95CC5C478D6500CDCE8B691F7AAAA4AA3D@PUEXCB2B.nanterre.francetelecom.fr>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-08/msg00000.html
+
+Bug-Description:
+
+When in a context where arithmetic evaluation is not taking place, the
+evaluator should not check for division by 0.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/expr.c	2010-12-21 11:12:13.000000000 -0500
+--- expr.c	2011-08-02 20:58:28.000000000 -0400
+***************
+*** 477,480 ****
+--- 481,492 ----
+        if (special)
+	{
++ 	  if ((op == DIV || op == MOD) && value == 0)
++ 	    {
++ 	      if (noeval == 0)
++ 		evalerror (_("division by 0"));
++ 	      else
++ 	        value = 1;
++ 	    }
++
+	  switch (op)
+	    {
+***************
+*** 483,493 ****
+	      break;
+	    case DIV:
+- 	      if (value == 0)
+- 		evalerror (_("division by 0"));
+	      lvalue /= value;
+	      break;
+	    case MOD:
+- 	      if (value == 0)
+- 		evalerror (_("division by 0"));
+	      lvalue %= value;
+	      break;
+--- 495,501 ----
+***************
+*** 805,809 ****
+
+        if (((op == DIV) || (op == MOD)) && (val2 == 0))
+! 	evalerror (_("division by 0"));
+
+        if (op == MUL)
+--- 813,822 ----
+
+        if (((op == DIV) || (op == MOD)) && (val2 == 0))
+! 	{
+! 	  if (noeval == 0)
+! 	    evalerror (_("division by 0"));
+! 	  else
+! 	    val2 = 1;
+! 	}
+
+        if (op == MUL)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 14
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 15
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-016

@@ -0,0 +1,46 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-016
+
+Bug-Reported-by:	Martin von Gagern <Martin.vGagern@gmx.net>
+Bug-Reference-ID:	<4E43AD9E.8060501@gmx.net>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-08/msg00141.html
+
+Bug-Description:
+
+Bash should not check for mail while executing the `eval' builtin.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/parse.y	Fri Feb 25 12:07:41 2011
+--- parse.y	Thu Aug 11 19:02:26 2011
+***************
+*** 2500,2504 ****
+	 is the mail alarm reset; nothing takes place in check_mail ()
+	 except the checking of mail.  Please don't change this. */
+!       if (prompt_is_ps1 && time_to_check_mail ())
+	{
+	  check_mail ();
+--- 2498,2502 ----
+	 is the mail alarm reset; nothing takes place in check_mail ()
+	 except the checking of mail.  Please don't change this. */
+!       if (prompt_is_ps1 && parse_and_execute_level == 0 && time_to_check_mail ())
+	{
+	  check_mail ();
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 15
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 16
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-017

@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-017
+
+Bug-Reported-by:	Curtis Doty <Curtis@GreenKey.net>
+Bug-Reference-ID:	<20110621035324.A4F70849F59@mx1.iParadigms.net>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00053.html
+
+Bug-Description:
+
+Using `read -a foo' where foo was an already-declared associative array
+caused the shell to die with a segmentation fault.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/read.def	2011-01-04 11:43:36.000000000 -0500
+--- builtins/read.def	2011-06-21 10:31:02.000000000 -0400
+***************
+*** 643,646 ****
+--- 642,651 ----
+	  return EXECUTION_FAILURE;	/* readonly or noassign */
+	}
++       if (assoc_p (var))
++ 	{
++           builtin_error (_("%s: cannot convert associative to indexed array"), arrayname);
++ 	  xfree (input_string);
++ 	  return EXECUTION_FAILURE;	/* existing associative array */
++ 	}
+        array_flush (array_cell (var));
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 16
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 17
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-018

@@ -0,0 +1,74 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-018
+
+Bug-Reported-by:	Thomas Cort <tcort@minix3.org>
+Bug-Reference-ID:	<BANLkTik-ebGGw3k_1YtB=RyfV1bsqdxC_g@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00110.html
+
+Bug-Description:
+
+Bash fails to compile unless JOB_CONTROL is defined.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/execute_cmd.c	2011-02-09 17:32:25.000000000 -0500
+--- execute_cmd.c	2011-11-06 15:12:48.000000000 -0500
+***************
+*** 2197,2200 ****
+--- 2315,2319 ----
+      cmd->flags |= CMD_IGNORE_RETURN;
+
++ #if defined (JOB_CONTROL)
+    lastpipe_flag = 0;
+    begin_unwind_frame ("lastpipe-exec");
+***************
+*** 2216,2228 ****
+	  add_unwind_protect (lastpipe_cleanup, lastpipe_jid);
+	}
+!       cmd->flags |= CMD_LASTPIPE;
+      }
+    if (prev >= 0)
+      add_unwind_protect (close, prev);
+
+    exec_result = execute_command_internal (cmd, asynchronous, prev, pipe_out, fds_to_close);
+
+    if (lstdin > 0)
+      restore_stdin (lstdin);
+
+    if (prev >= 0)
+--- 2335,2351 ----
+	  add_unwind_protect (lastpipe_cleanup, lastpipe_jid);
+	}
+!       if (cmd)
+! 	cmd->flags |= CMD_LASTPIPE;
+      }
+    if (prev >= 0)
+      add_unwind_protect (close, prev);
++ #endif
+
+    exec_result = execute_command_internal (cmd, asynchronous, prev, pipe_out, fds_to_close);
+
++ #if defined (JOB_CONTROL)
+    if (lstdin > 0)
+      restore_stdin (lstdin);
++ #endif
+
+    if (prev >= 0)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 17
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 18
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-019

@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-019
+
+Bug-Reported-by:	Diego Augusto Molina <diegoaugustomolina@gmail.com>
+Bug-Reference-ID:	<CAGOxLdHcSQu3ck9Qy3pRjj_NBU5tAPSAvNm-95-nLQ9Szwb6aA@mail.gmail.com>
+Bug-Reference-URL:	lists.gnu.org/archive/html/bug-bash/2011-09/msg00047.html
+
+Bug-Description:
+
+Using `declare' with attributes and an invalid array variable name or
+assignment reference resulted in a segmentation fault instead of a
+declaration error.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/declare.def	2010-05-30 18:25:21.000000000 -0400
+--- builtins/declare.def	2011-09-15 15:20:20.000000000 -0400
+***************
+*** 514,517 ****
+--- 514,522 ----
+	      var = assign_array_element (name, value, 0);	/* XXX - not aflags */
+	      *subscript_start = '\0';
++ 	      if (var == 0)	/* some kind of assignment error */
++ 		{
++ 		  assign_error++;
++ 		  NEXT_VARIABLE ();
++ 		}
+	    }
+	  else if (simple_array_assign)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 18
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 19
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-020

@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-020
+
+Bug-Reported-by:	Vincent Sheffer <vince.sheffer@apisphere.com>
+Bug-Reference-ID:	<F13C1C4F-C44C-4071-BFED-4BB6D13CF92F@apisphere.com>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-readline/2011-08/msg00000.html
+
+Bug-Description:
+
+The shared object helper script needs to be updated for Mac OS X 10.7
+(Lion, darwin11).
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/support/shobj-conf	2009-10-28 09:20:21.000000000 -0400
+--- support/shobj-conf	2011-08-27 13:25:23.000000000 -0400
+***************
+*** 158,162 ****
+
+  # Darwin/MacOS X
+! darwin[89]*|darwin10*)
+	SHOBJ_STATUS=supported
+	SHLIB_STATUS=supported
+--- 172,176 ----
+
+  # Darwin/MacOS X
+! darwin[89]*|darwin1[012]*)
+	SHOBJ_STATUS=supported
+	SHLIB_STATUS=supported
+***************
+*** 187,191 ****
+
+	case "${host_os}" in
+! 	darwin[789]*|darwin10*)	SHOBJ_LDFLAGS=''
+			SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
+			;;
+--- 201,205 ----
+
+	case "${host_os}" in
+! 	darwin[789]*|darwin1[012]*)	SHOBJ_LDFLAGS=''
+			SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
+			;;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 19
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 20
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-021

@@ -0,0 +1,61 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-021
+
+Bug-Reported-by:	Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID:	<4585554.nZWb4q7YoZ@smorgbox>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-12/msg00084.html
+
+Bug-Description:
+
+Using `read -N' to assign values to an array can result in NUL values being
+assigned to some array elements.  These values cause seg faults when referenced
+later.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/read.def	2011-11-21 18:03:38.000000000 -0500
+--- builtins/read.def	2011-12-19 19:52:12.000000000 -0500
+***************
+*** 738,742 ****
+	    }
+	  else
+! 	    var = bind_read_variable (varname, t);
+	}
+        else
+--- 775,779 ----
+	    }
+	  else
+! 	    var = bind_read_variable (varname, t ? t : "");
+	}
+        else
+***************
+*** 799,803 ****
+      }
+    else
+!     var = bind_read_variable (list->word->word, input_string);
+
+    if (var)
+--- 836,840 ----
+      }
+    else
+!     var = bind_read_variable (list->word->word, input_string ? input_string : "");
+
+    if (var)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 20
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 21
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-022

@@ -0,0 +1,61 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-022
+
+Bug-Reported-by:	Gregory Margo <gmargo@pacbell.net>
+Bug-Reference-ID:	<20110727174529.GA3333@pacbell.net>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-07/msg00102.html
+
+Bug-Description:
+
+The return value from lseek is `off_t'.  This can cause corrupted return
+values when the file offset is greater than 2**31 - 1.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/sh/zread.c	Mon Mar  2 08:54:45 2009
+--- lib/sh/zread.c	Thu Jul 28 18:16:53 2011
+***************
+*** 161,166 ****
+       int fd;
+  {
+!   off_t off;
+!   int r;
+
+    off = lused - lind;
+--- 161,165 ----
+       int fd;
+  {
+!   off_t off, r;
+
+    off = lused - lind;
+***************
+*** 169,173 ****
+      r = lseek (fd, -off, SEEK_CUR);
+
+!   if (r >= 0)
+      lused = lind = 0;
+  }
+--- 168,172 ----
+      r = lseek (fd, -off, SEEK_CUR);
+
+!   if (r != -1)
+      lused = lind = 0;
+  }
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 21
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 22
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-023

@@ -0,0 +1,62 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-023
+
+Bug-Reported-by:	Ewan Mellor <Ewan.Mellor@eu.citrix.com>
+Bug-Reference-ID:	<6005BE083BF501439A84DC3523BAC82DC4B964FD12@LONPMAILBOX01.citrite.net>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under some circumstances, an exit trap triggered by a bad substitution
+error when errexit is enabled will cause the shell to exit with an
+incorrect exit status (0).
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2011-11-21 12:04:38.000000000 -0500
+--- subst.c	2012-02-08 13:36:28.000000000 -0500
+***************
+*** 7275,7278 ****
+--- 7281,7285 ----
+      case '\0':
+      bad_substitution:
++       last_command_exit_value = EXECUTION_FAILURE;
+        report_error (_("%s: bad substitution"), string ? string : "??");
+        FREE (value);
+*** ../bash-4.2-patched/error.c	2009-08-21 22:31:31.000000000 -0400
+--- error.c	2012-02-25 15:54:40.000000000 -0500
+***************
+*** 201,205 ****
+    va_end (args);
+    if (exit_immediately_on_error)
+!     exit_shell (1);
+  }
+
+--- 201,209 ----
+    va_end (args);
+    if (exit_immediately_on_error)
+!     {
+!       if (last_command_exit_value == 0)
+! 	last_command_exit_value = 1;
+!       exit_shell (last_command_exit_value);
+!     }
+  }
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 22
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 23
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-024

@@ -0,0 +1,45 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-024
+
+Bug-Reported-by:	Jim Avera <james_avera@yahoo.com>
+Bug-Reference-ID:	<4F29E07A.80405@yahoo.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-02/msg00001.html
+
+Bug-Description:
+
+When `printf -v' is used to set an array element, the format string contains
+`%b', and the corresponding argument is the empty string, the buffer used
+to store the value to be assigned can be NULL, which results in NUL being
+assigned to the array element.  This causes a seg fault when it's used later.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/printf.def	2011-02-25 12:07:41.000000000 -0500
+--- builtins/printf.def	2012-02-02 08:37:12.000000000 -0500
+***************
+*** 256,259 ****
+--- 257,262 ----
+	    {
+	      vflag = 1;
++ 	      if (vbsize == 0)
++ 		vbuf = xmalloc (vbsize = 16);
+	      vblen = 0;
+	      if (vbuf)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 23
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 24
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-025

@@ -0,0 +1,143 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-025
+
+Bug-Reported-by:	Bill Gradwohl <bill@ycc.com>
+Bug-Reference-ID:	<CAFyvKis-UfuOWr5THBRKh=vYHDoKEEgdW8hN1RviTuYQ00Lu5A@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/help-bash/2012-03/msg00078.html
+
+Bug-Description:
+
+When used in a shell function, `declare -g -a array=(compound assignment)'
+creates a local variable instead of a global one.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/command.h	2010-08-02 19:36:51.000000000 -0400
+--- command.h	2012-04-01 12:38:35.000000000 -0400
+***************
+*** 98,101 ****
+--- 98,102 ----
+  #define W_ASSIGNASSOC	0x400000	/* word looks like associative array assignment */
+  #define W_ARRAYIND	0x800000	/* word is an array index being expanded */
++ #define W_ASSNGLOBAL	0x1000000	/* word is a global assignment to declare (declare/typeset -g) */
+
+  /* Possible values for subshell_environment */
+*** ../bash-4.2-patched/execute_cmd.c	2011-11-21 18:03:41.000000000 -0500
+--- execute_cmd.c	2012-04-01 12:42:03.000000000 -0400
+***************
+*** 3581,3585 ****
+    WORD_LIST *w;
+    struct builtin *b;
+!   int assoc;
+
+    if (words == 0)
+--- 3581,3585 ----
+    WORD_LIST *w;
+    struct builtin *b;
+!   int assoc, global;
+
+    if (words == 0)
+***************
+*** 3587,3591 ****
+
+    b = 0;
+!   assoc = 0;
+
+    for (w = words; w; w = w->next)
+--- 3587,3591 ----
+
+    b = 0;
+!   assoc = global = 0;
+
+    for (w = words; w; w = w->next)
+***************
+*** 3604,3607 ****
+--- 3604,3609 ----
+	if (assoc)
+	  w->word->flags |= W_ASSIGNASSOC;
++ 	if (global)
++ 	  w->word->flags |= W_ASSNGLOBAL;
+  #endif
+        }
+***************
+*** 3609,3613 ****
+      /* Note that we saw an associative array option to a builtin that takes
+         assignment statements.  This is a bit of a kludge. */
+!     else if (w->word->word[0] == '-' && strchr (w->word->word, 'A'))
+        {
+	if (b == 0)
+--- 3611,3618 ----
+      /* Note that we saw an associative array option to a builtin that takes
+         assignment statements.  This is a bit of a kludge. */
+!     else if (w->word->word[0] == '-' && (strchr (w->word->word+1, 'A') || strchr (w->word->word+1, 'g')))
+! #else
+!     else if (w->word->word[0] == '-' && strchr (w->word->word+1, 'g'))
+! #endif
+        {
+	if (b == 0)
+***************
+*** 3619,3626 ****
+	      words->word->flags |= W_ASSNBLTIN;
+	  }
+! 	if (words->word->flags & W_ASSNBLTIN)
+	  assoc = 1;
+        }
+- #endif
+  }
+
+--- 3624,3632 ----
+	      words->word->flags |= W_ASSNBLTIN;
+	  }
+! 	if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'A'))
+	  assoc = 1;
++ 	if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'g'))
++ 	  global = 1;
+        }
+  }
+
+*** ../bash-4.2-patched/subst.c	2012-03-11 17:35:13.000000000 -0400
+--- subst.c	2012-04-01 12:38:35.000000000 -0400
+***************
+*** 367,370 ****
+--- 367,375 ----
+        fprintf (stderr, "W_ASSNBLTIN%s", f ? "|" : "");
+      }
++   if (f & W_ASSNGLOBAL)
++     {
++       f &= ~W_ASSNGLOBAL;
++       fprintf (stderr, "W_ASSNGLOBAL%s", f ? "|" : "");
++     }
+    if (f & W_COMPASSIGN)
+      {
+***************
+*** 2804,2808 ****
+    else if (assign_list)
+      {
+!       if (word->flags & W_ASSIGNARG)
+	aflags |= ASS_MKLOCAL;
+        if (word->flags & W_ASSIGNASSOC)
+--- 2809,2813 ----
+    else if (assign_list)
+      {
+!       if ((word->flags & W_ASSIGNARG) && (word->flags & W_ASSNGLOBAL) == 0)
+	aflags |= ASS_MKLOCAL;
+        if (word->flags & W_ASSIGNASSOC)
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 24
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 25
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-026

@@ -0,0 +1,58 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-026
+
+Bug-Reported-by:	Greg Wooledge <wooledg@eeg.ccf.org>
+Bug-Reference-ID:	<20120425180443.GO22241@eeg.ccf.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00172.html
+
+Bug-Description:
+
+The `lastpipe' option does not behave correctly on machines where the
+open file limit is less than 256.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/execute_cmd.c	2011-11-21 12:04:47.000000000 -0500
+--- execute_cmd.c	2012-04-26 11:09:30.000000000 -0400
+***************
+*** 2206,2210 ****
+    if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+      {
+!       lstdin = move_to_high_fd (0, 0, 255);
+        if (lstdin > 0)
+	{
+--- 2325,2329 ----
+    if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+      {
+!       lstdin = move_to_high_fd (0, 1, -1);
+        if (lstdin > 0)
+	{
+***************
+*** 2252,2256 ****
+--- 2371,2377 ----
+      }
+
++ #if defined (JOB_CONTROL)
+    discard_unwind_frame ("lastpipe-exec");
++ #endif
+
+    return (exec_result);
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 25
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-027

@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-027
+
+Bug-Reported-by:	Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID:	<201204211243.30163.vapier@gentoo.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00134.html
+
+Bug-Description:
+
+When the `extglob' shell option is enabled, pattern substitution does not
+work correctly in the presence of multibyte characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2012-03-11 17:52:57.000000000 -0400
+--- subst.c	2012-04-22 16:19:10.000000000 -0400
+***************
+*** 4167,4171 ****
+  #if defined (EXTENDED_GLOB)
+    if (extended_glob)
+!     simple |= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
+  #endif
+
+--- 4167,4171 ----
+  #if defined (EXTENDED_GLOB)
+    if (extended_glob)
+!     simple &= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
+  #endif
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-028

@@ -0,0 +1,52 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-028
+
+Bug-Reported-by:	Mark Edgar <medgar123@gmail.com>
+Bug-Reference-ID:	<CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html
+
+Bug-Description:
+
+When using a word expansion for which the right hand side is evaluated,
+certain expansions of quoted null strings include spurious ^? characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2012-03-11 17:35:13.000000000 -0400
+--- subst.c	2012-03-20 19:30:13.000000000 -0400
+***************
+*** 5810,5813 ****
+--- 5810,5823 ----
+        if (qdollaratp && ((hasdol && quoted) || l->next))
+	*qdollaratp = 1;
++       /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
++ 	 a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
++ 	 flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
++ 	 expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
++ 	 (which is more paranoia than anything else), we need to return the
++ 	 quoted null string and set the flags to indicate it. */
++       if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
++ 	{
++ 	  w->flags |= W_HASQUOTEDNULL;
++ 	}
+        dispose_words (l);
+      }
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 28
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-029

@@ -0,0 +1,524 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-029
+
+Bug-Reported-by:	"Michael Kalisz" <michael@kalisz.homelinux.net>
+Bug-Reference-ID:	<50241.78.69.11.112.1298585641.squirrel@kalisz.homelinux.net>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00274.html
+
+Bug-Description:
+
+Bash-4.2 tries to leave completed directory names as the user typed them,
+without expanding them to a full pathname.  One effect of this is that
+shell variables used in pathnames being completed (e.g., $HOME) are left
+unchanged, but the `$' is quoted by readline because it is a special
+character to the shell.
+
+This patch introduces two things:
+
+1.  A new shell option, `direxpand', which, if set, attempts to emulate the
+    bash-4.1 behavior of expanding words to full pathnames during
+    completion;
+2.  A set of heuristics that reduce the number of times special characters
+    such as `$' are quoted when the directory name is not expanded.
+
+Patch (apply with `patch -p0'):
+
+diff -NrC 2 ../bash-4.2-patched/bashline.c ./bashline.c
+*** ../bash-4.2-patched/bashline.c	2011-01-16 15:32:47.000000000 -0500
+--- ./bashline.c	2012-05-07 16:27:18.000000000 -0400
+***************
+*** 122,125 ****
+--- 122,128 ----
+  static int bash_push_line __P((void));
+
++ static rl_icppfunc_t *save_directory_hook __P((void));
++ static void reset_directory_hook __P((rl_icppfunc_t *));
++
+  static void cleanup_expansion_error __P((void));
+  static void maybe_make_readline_line __P((char *));
+***************
+*** 244,251 ****
+--- 247,261 ----
+  int dircomplete_spelling = 0;
+
++ /* Expand directory names during word/filename completion. */
++ int dircomplete_expand = 0;
++ int dircomplete_expand_relpath = 0;
++
+  static char *bash_completer_word_break_characters = " \t\n\"'@><=;|&(:";
+  static char *bash_nohostname_word_break_characters = " \t\n\"'><=;|&(:";
+  /* )) */
+
++ static const char *default_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~";	/*}*/
++ static char *custom_filename_quote_characters = 0;
++
+  static rl_hook_func_t *old_rl_startup_hook = (rl_hook_func_t *)NULL;
+
+***************
+*** 502,506 ****
+    /* Tell the completer that we might want to follow symbolic links or
+       do other expansion on directory names. */
+!   rl_directory_rewrite_hook = bash_directory_completion_hook;
+
+    rl_filename_rewrite_hook = bash_filename_rewrite_hook;
+--- 512,516 ----
+    /* Tell the completer that we might want to follow symbolic links or
+       do other expansion on directory names. */
+!   set_directory_hook ();
+
+    rl_filename_rewrite_hook = bash_filename_rewrite_hook;
+***************
+*** 530,534 ****
+
+    /* characters that need to be quoted when appearing in filenames. */
+!   rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~";	/*}*/
+
+    rl_filename_quoting_function = bash_quote_filename;
+--- 540,544 ----
+
+    /* characters that need to be quoted when appearing in filenames. */
+!   rl_filename_quote_characters = default_filename_quote_characters;
+
+    rl_filename_quoting_function = bash_quote_filename;
+***************
+*** 565,570 ****
+    rl_attempted_completion_function = attempt_shell_completion;
+    rl_completion_entry_function = NULL;
+-   rl_directory_rewrite_hook = bash_directory_completion_hook;
+    rl_ignore_some_completions_function = filename_completion_ignore;
+  }
+
+--- 575,582 ----
+    rl_attempted_completion_function = attempt_shell_completion;
+    rl_completion_entry_function = NULL;
+    rl_ignore_some_completions_function = filename_completion_ignore;
++   rl_filename_quote_characters = default_filename_quote_characters;
++
++   set_directory_hook ();
+  }
+
+***************
+*** 1280,1283 ****
+--- 1292,1298 ----
+    rl_ignore_some_completions_function = filename_completion_ignore;
+
++   rl_filename_quote_characters = default_filename_quote_characters;
++   set_directory_hook ();
++
+    /* Determine if this could be a command word.  It is if it appears at
+       the start of the line (ignoring preceding whitespace), or if it
+***************
+*** 1592,1595 ****
+--- 1607,1616 ----
+	  else
+	    {
++ 	     if (dircomplete_expand && dot_or_dotdot (filename_hint))
++ 		{
++ 		  dircomplete_expand = 0;
++ 		  set_directory_hook ();
++ 		  dircomplete_expand = 1;
++ 		}
+	      mapping_over = 4;
+	      goto inner;
+***************
+*** 1792,1795 ****
+--- 1813,1819 ----
+   inner:
+    val = rl_filename_completion_function (filename_hint, istate);
++   if (mapping_over == 4 && dircomplete_expand)
++     set_directory_hook ();
++
+    istate = 1;
+
+***************
+*** 2694,2697 ****
+--- 2718,2767 ----
+  }
+
++ /* Functions to save and restore the appropriate directory hook */
++ /* This is not static so the shopt code can call it */
++ void
++ set_directory_hook ()
++ {
++   if (dircomplete_expand)
++     {
++       rl_directory_completion_hook = bash_directory_completion_hook;
++       rl_directory_rewrite_hook = (rl_icppfunc_t *)0;
++     }
++   else
++     {
++       rl_directory_rewrite_hook = bash_directory_completion_hook;
++       rl_directory_completion_hook = (rl_icppfunc_t *)0;
++     }
++ }
++
++ static rl_icppfunc_t *
++ save_directory_hook ()
++ {
++   rl_icppfunc_t *ret;
++
++   if (dircomplete_expand)
++     {
++       ret = rl_directory_completion_hook;
++       rl_directory_completion_hook = (rl_icppfunc_t *)NULL;
++     }
++   else
++     {
++       ret = rl_directory_rewrite_hook;
++       rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
++     }
++
++   return ret;
++ }
++
++ static void
++ restore_directory_hook (hookf)
++      rl_icppfunc_t *hookf;
++ {
++   if (dircomplete_expand)
++     rl_directory_completion_hook = hookf;
++   else
++     rl_directory_rewrite_hook = hookf;
++ }
++
+  /* Handle symbolic link references and other directory name
+     expansions while hacking completion.  This should return 1 if it modifies
+***************
+*** 2703,2720 ****
+  {
+    char *local_dirname, *new_dirname, *t;
+!   int return_value, should_expand_dirname;
+    WORD_LIST *wl;
+    struct stat sb;
+
+!   return_value = should_expand_dirname = 0;
+    local_dirname = *dirname;
+
+!   if (mbschr (local_dirname, '$'))
+!     should_expand_dirname = 1;
+    else
+      {
+        t = mbschr (local_dirname, '`');
+        if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
+! 	should_expand_dirname = 1;
+      }
+
+--- 2773,2801 ----
+  {
+    char *local_dirname, *new_dirname, *t;
+!   int return_value, should_expand_dirname, nextch, closer;
+    WORD_LIST *wl;
+    struct stat sb;
+
+!   return_value = should_expand_dirname = nextch = closer = 0;
+    local_dirname = *dirname;
+
+!   if (t = mbschr (local_dirname, '$'))
+!     {
+!       should_expand_dirname = '$';
+!       nextch = t[1];
+!       /* Deliberately does not handle the deprecated $[...] arithmetic
+! 	 expansion syntax */
+!       if (nextch == '(')
+! 	closer = ')';
+!       else if (nextch == '{')
+! 	closer = '}';
+!       else
+! 	nextch = 0;
+!     }
+    else
+      {
+        t = mbschr (local_dirname, '`');
+        if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
+! 	should_expand_dirname = '`';
+      }
+
+***************
+*** 2740,2743 ****
+--- 2821,2841 ----
+	  dispose_words (wl);
+	  local_dirname = *dirname;
++ 	  /* XXX - change rl_filename_quote_characters here based on
++ 	     should_expand_dirname/nextch/closer.  This is the only place
++ 	     custom_filename_quote_characters is modified. */
++ 	  if (rl_filename_quote_characters && *rl_filename_quote_characters)
++ 	    {
++ 	      int i, j, c;
++ 	      i = strlen (default_filename_quote_characters);
++ 	      custom_filename_quote_characters = xrealloc (custom_filename_quote_characters, i+1);
++ 	      for (i = j = 0; c = default_filename_quote_characters[i]; i++)
++ 		{
++ 		  if (c == should_expand_dirname || c == nextch || c == closer)
++ 		    continue;
++ 		  custom_filename_quote_characters[j++] = c;
++ 		}
++ 	      custom_filename_quote_characters[j] = '\0';
++ 	      rl_filename_quote_characters = custom_filename_quote_characters;
++ 	    }
+	}
+        else
+***************
+*** 2759,2762 ****
+--- 2857,2871 ----
+      }
+
++   /* no_symbolic_links == 0 -> use (default) logical view of the file system.
++      local_dirname[0] == '.' && local_dirname[1] == '/' means files in the
++      current directory (./).
++      local_dirname[0] == '.' && local_dirname[1] == 0 means relative pathnames
++      in the current directory (e.g., lib/sh).
++      XXX - should we do spelling correction on these? */
++
++   /* This is test as it was in bash-4.2: skip relative pathnames in current
++      directory.  Change test to
++       (local_dirname[0] != '.' || (local_dirname[1] && local_dirname[1] != '/'))
++      if we want to skip paths beginning with ./ also. */
+    if (no_symbolic_links == 0 && (local_dirname[0] != '.' || local_dirname[1]))
+      {
+***************
+*** 2764,2767 ****
+--- 2873,2885 ----
+        int len1, len2;
+
++       /* If we have a relative path
++       		(local_dirname[0] != '/' && local_dirname[0] != '.')
++ 	 that is canonical after appending it to the current directory, then
++ 	 	temp1 = temp2+'/'
++ 	 That is,
++ 	 	strcmp (temp1, temp2) == 0
++ 	 after adding a slash to temp2 below.  It should be safe to not
++ 	 change those.
++       */
+        t = get_working_directory ("symlink-hook");
+        temp1 = make_absolute (local_dirname, t);
+***************
+*** 2798,2802 ****
+	    }
+	}
+!       return_value |= STREQ (local_dirname, temp2) == 0;
+        free (local_dirname);
+        *dirname = temp2;
+--- 2916,2928 ----
+	    }
+	}
+!
+!       /* dircomplete_expand_relpath == 0 means we want to leave relative
+! 	 pathnames that are unchanged by canonicalization alone.
+! 	 *local_dirname != '/' && *local_dirname != '.' == relative pathname
+! 	 (consistent with general.c:absolute_pathname())
+! 	 temp1 == temp2 (after appending a slash to temp2) means the pathname
+! 	 is not changed by canonicalization as described above. */
+!       if (dircomplete_expand_relpath || ((local_dirname[0] != '/' && local_dirname[0] != '.') && STREQ (temp1, temp2) == 0))
+! 	return_value |= STREQ (local_dirname, temp2) == 0;
+        free (local_dirname);
+        *dirname = temp2;
+***************
+*** 3003,3012 ****
+    orig_func = rl_completion_entry_function;
+    orig_attempt_func = rl_attempted_completion_function;
+-   orig_dir_func = rl_directory_rewrite_hook;
+    orig_ignore_func = rl_ignore_some_completions_function;
+    orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
+    rl_completion_entry_function = rl_filename_completion_function;
+    rl_attempted_completion_function = (rl_completion_func_t *)NULL;
+-   rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
+    rl_ignore_some_completions_function = filename_completion_ignore;
+    rl_completer_word_break_characters = " \t\n\"\'";
+--- 3129,3139 ----
+    orig_func = rl_completion_entry_function;
+    orig_attempt_func = rl_attempted_completion_function;
+    orig_ignore_func = rl_ignore_some_completions_function;
+    orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
++
++   orig_dir_func = save_directory_hook ();
++
+    rl_completion_entry_function = rl_filename_completion_function;
+    rl_attempted_completion_function = (rl_completion_func_t *)NULL;
+    rl_ignore_some_completions_function = filename_completion_ignore;
+    rl_completer_word_break_characters = " \t\n\"\'";
+***************
+*** 3016,3023 ****
+    rl_completion_entry_function = orig_func;
+    rl_attempted_completion_function = orig_attempt_func;
+-   rl_directory_rewrite_hook = orig_dir_func;
+    rl_ignore_some_completions_function = orig_ignore_func;
+    rl_completer_word_break_characters = orig_rl_completer_word_break_characters;
+
+    return r;
+  }
+--- 3143,3151 ----
+    rl_completion_entry_function = orig_func;
+    rl_attempted_completion_function = orig_attempt_func;
+    rl_ignore_some_completions_function = orig_ignore_func;
+    rl_completer_word_break_characters = orig_rl_completer_word_break_characters;
+
++   restore_directory_hook (orig_dir_func);
++
+    return r;
+  }
+diff -NrC 2 ../bash-4.2-patched/bashline.h ./bashline.h
+*** ../bash-4.2-patched/bashline.h	2009-01-04 14:32:22.000000000 -0500
+--- ./bashline.h	2012-05-07 16:27:18.000000000 -0400
+***************
+*** 34,41 ****
+--- 34,46 ----
+  extern int bash_re_edit __P((char *));
+
++ extern void bashline_set_event_hook __P((void));
++ extern void bashline_reset_event_hook __P((void));
++
+  extern int bind_keyseq_to_unix_command __P((char *));
+
+  extern char **bash_default_completion __P((const char *, int, int, int, int));
+
++ void set_directory_hook __P((void));
++
+  /* Used by programmable completion code. */
+  extern char *command_word_completion_function __P((const char *, int));
+diff -NrC 2 ../bash-4.2-patched/builtins/shopt.def ./builtins/shopt.def
+*** ../bash-4.2-patched/builtins/shopt.def	2010-07-02 22:42:44.000000000 -0400
+--- ./builtins/shopt.def	2012-05-07 16:27:18.000000000 -0400
+***************
+*** 62,65 ****
+--- 62,69 ----
+  #include "bashgetopt.h"
+
++ #if defined (READLINE)
++ #  include "../bashline.h"
++ #endif
++
+  #if defined (HISTORY)
+  #  include "../bashhist.h"
+***************
+*** 95,99 ****
+  extern int no_empty_command_completion;
+  extern int force_fignore;
+! extern int dircomplete_spelling;
+
+  extern int enable_hostname_completion __P((int));
+--- 99,103 ----
+  extern int no_empty_command_completion;
+  extern int force_fignore;
+! extern int dircomplete_spelling, dircomplete_expand;
+
+  extern int enable_hostname_completion __P((int));
+***************
+*** 122,125 ****
+--- 126,133 ----
+  #endif
+
++ #if defined (READLINE)
++ static int shopt_set_complete_direxpand __P((char *, int));
++ #endif
++
+  static int shopt_login_shell;
+  static int shopt_compat31;
+***************
+*** 151,154 ****
+--- 159,163 ----
+    { "compat41", &shopt_compat41, set_compatibility_level },
+  #if defined (READLINE)
++   { "direxpand", &dircomplete_expand, shopt_set_complete_direxpand },
+    { "dirspell", &dircomplete_spelling, (shopt_set_func_t *)NULL },
+  #endif
+***************
+*** 536,539 ****
+--- 545,559 ----
+  }
+
++ #if defined (READLINE)
++ static int
++ shopt_set_complete_direxpand (option_name, mode)
++      char *option_name;
++      int mode;
++ {
++   set_directory_hook ();
++   return 0;
++ }
++ #endif
++
+  #if defined (RESTRICTED_SHELL)
+  /* Don't allow the value of restricted_shell to be modified. */
+Binary files ../bash-4.2-patched/doc/._bashref.pdf and ./doc/._bashref.pdf differ
+diff -NrC 2 ../bash-4.2-patched/doc/bash.1 ./doc/bash.1
+*** ../bash-4.2-patched/doc/bash.1	2011-01-16 15:31:39.000000000 -0500
+--- ./doc/bash.1	2012-05-07 16:27:18.000000000 -0400
+***************
+*** 8949,8952 ****
+--- 8949,8962 ----
+  The default bash behavior remains as in previous versions.
+  .TP 8
++ .B direxpand
++ If set,
++ .B bash
++ replaces directory names with the results of word expansion when performing
++ filename completion.  This changes the contents of the readline editing
++ buffer.
++ If not set,
++ .B bash
++ attempts to preserve what the user typed.
++ .TP 8
+  .B dirspell
+  If set,
+diff -NrC 2 ../bash-4.2-patched/doc/bashref.texi ./doc/bashref.texi
+*** ../bash-4.2-patched/doc/bashref.texi	2011-01-16 15:31:57.000000000 -0500
+--- ./doc/bashref.texi	2012-05-07 16:27:18.000000000 -0400
+***************
+*** 4536,4539 ****
+--- 4536,4546 ----
+  The default Bash behavior remains as in previous versions.
+
++ @item direxpand
++ If set, Bash
++ replaces directory names with the results of word expansion when performing
++ filename completion.  This changes the contents of the readline editing
++ buffer.
++ If not set, Bash attempts to preserve what the user typed.
++
+  @item dirspell
+  If set, Bash
+diff -NrC 2 ../bash-4.2-patched/tests/shopt.right ./tests/shopt.right
+*** ../bash-4.2-patched/tests/shopt.right	2010-07-02 23:36:30.000000000 -0400
+--- ./tests/shopt.right	2012-05-07 16:27:18.000000000 -0400
+***************
+*** 13,16 ****
+--- 13,17 ----
+  shopt -u compat40
+  shopt -u compat41
++ shopt -u direxpand
+  shopt -u dirspell
+  shopt -u dotglob
+***************
+*** 69,72 ****
+--- 70,74 ----
+  shopt -u compat40
+  shopt -u compat41
++ shopt -u direxpand
+  shopt -u dirspell
+  shopt -u dotglob
+***************
+*** 102,105 ****
+--- 104,108 ----
+  compat40       	off
+  compat41       	off
++ direxpand      	off
+  dirspell       	off
+  dotglob        	off
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 28
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-030

@@ -0,0 +1,178 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-030
+
+Bug-Reported-by:	Roman Rakus <rrakus@redhat.com>
+Bug-Reference-ID:	<4D7DD91E.7040808@redhat.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00126.html
+
+Bug-Description:
+
+When attempting to glob strings in a multibyte locale, and those strings
+contain invalid multibyte characters that cause mbsnrtowcs to return 0,
+the globbing code loops infinitely.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c	2010-05-30 18:36:27.000000000 -0400
+--- lib/glob/xmbsrtowcs.c	2011-03-22 16:06:47.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+  #if HANDLE_MULTIBYTE
+
++ #define WSBUF_INC 32
++
+  #ifndef FREE
+  #  define FREE(x)	do { if (x) free (x); } while (0)
+***************
+*** 149,153 ****
+    size_t wcnum;		/* Number of wide characters in WSBUF */
+    mbstate_t state;	/* Conversion State */
+!   size_t wcslength;	/* Number of wide characters produced by the conversion. */
+    const char *end_or_backslash;
+    size_t nms;	/* Number of multibyte characters to convert at one time. */
+--- 151,155 ----
+    size_t wcnum;		/* Number of wide characters in WSBUF */
+    mbstate_t state;	/* Conversion State */
+!   size_t n, wcslength;	/* Number of wide characters produced by the conversion. */
+    const char *end_or_backslash;
+    size_t nms;	/* Number of multibyte characters to convert at one time. */
+***************
+*** 172,176 ****
+        tmp_p = p;
+        tmp_state = state;
+!       wcslength = mbsnrtowcs(NULL, &tmp_p, nms, 0, &tmp_state);
+
+        /* Conversion failed. */
+--- 174,189 ----
+        tmp_p = p;
+        tmp_state = state;
+!
+!       if (nms == 0 && *p == '\\')	/* special initial case */
+! 	nms = wcslength = 1;
+!       else
+! 	wcslength = mbsnrtowcs (NULL, &tmp_p, nms, 0, &tmp_state);
+!
+!       if (wcslength == 0)
+! 	{
+! 	  tmp_p = p;		/* will need below */
+! 	  tmp_state = state;
+! 	  wcslength = 1;	/* take a single byte */
+! 	}
+
+        /* Conversion failed. */
+***************
+*** 187,191 ****
+	  wchar_t *wstmp;
+
+! 	  wsbuf_size = wcnum+wcslength+1;	/* 1 for the L'\0' or the potential L'\\' */
+
+	  wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
+--- 200,205 ----
+	  wchar_t *wstmp;
+
+! 	  while (wsbuf_size < wcnum+wcslength+1) /* 1 for the L'\0' or the potential L'\\' */
+! 	    wsbuf_size += WSBUF_INC;
+
+	  wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
+***************
+*** 200,207 ****
+
+        /* Perform the conversion. This is assumed to return 'wcslength'.
+!        * It may set 'p' to NULL. */
+!       mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
+
+!       wcnum += wcslength;
+
+        if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
+--- 214,229 ----
+
+        /* Perform the conversion. This is assumed to return 'wcslength'.
+! 	 It may set 'p' to NULL. */
+!       n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
+
+!       /* Compensate for taking single byte on wcs conversion failure above. */
+!       if (wcslength == 1 && (n == 0 || n == (size_t)-1))
+! 	{
+! 	  state = tmp_state;
+! 	  p = tmp_p;
+! 	  wsbuf[wcnum++] = *p++;
+! 	}
+!       else
+!         wcnum += wcslength;
+
+        if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
+***************
+*** 231,236 ****
+     of DESTP and INDICESP are NULL. */
+
+- #define WSBUF_INC 32
+-
+  size_t
+  xdupmbstowcs (destp, indicesp, src)
+--- 253,256 ----
+*** ../bash-4.2-patched/lib/glob/glob.c	2009-11-14 18:39:30.000000000 -0500
+--- lib/glob/glob.c	2012-07-07 12:09:56.000000000 -0400
+***************
+*** 201,206 ****
+    size_t pat_n, dn_n;
+
+    pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
+!   dn_n = xdupmbstowcs (&dn_wc, NULL, dname);
+
+    ret = 0;
+--- 201,209 ----
+    size_t pat_n, dn_n;
+
++   pat_wc = dn_wc = (wchar_t *)NULL;
++
+    pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
+!   if (pat_n != (size_t)-1)
+!     dn_n = xdupmbstowcs (&dn_wc, NULL, dname);
+
+    ret = 0;
+***************
+*** 222,225 ****
+--- 225,230 ----
+	ret = 1;
+      }
++   else
++     ret = skipname (pat, dname, flags);
+
+    FREE (pat_wc);
+***************
+*** 267,272 ****
+    n = xdupmbstowcs (&wpathname, NULL, pathname);
+    if (n == (size_t) -1)
+!     /* Something wrong. */
+!     return;
+    orig_wpathname = wpathname;
+
+--- 272,280 ----
+    n = xdupmbstowcs (&wpathname, NULL, pathname);
+    if (n == (size_t) -1)
+!     {
+!       /* Something wrong.  Fall back to single-byte */
+!       udequote_pathname (pathname);
+!       return;
+!     }
+    orig_wpathname = wpathname;
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-031

@@ -0,0 +1,80 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-031
+
+Bug-Reported-by:	Max Horn <max@quendi.de>
+Bug-Reference-ID:	<20CC5C60-07C3-4E41-9817-741E48D407C5@quendi.de>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-readline/2012-06/msg00005.html
+
+Bug-Description:
+
+A change between bash-4.1 and bash-4.2 to prevent the readline input hook
+from being called too frequently had the side effect of causing delays
+when reading pasted input on systems such as Mac OS X.  This patch fixes
+those delays while retaining the bash-4.2 behavior.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/readline/input.c	2010-05-30 18:33:01.000000000 -0400
+--- lib/readline/input.c	2012-06-25 21:08:42.000000000 -0400
+***************
+*** 410,414 ****
+  rl_read_key ()
+  {
+!   int c;
+
+    rl_key_sequence_length++;
+--- 412,416 ----
+  rl_read_key ()
+  {
+!   int c, r;
+
+    rl_key_sequence_length++;
+***************
+*** 430,441 ****
+	  while (rl_event_hook)
+	    {
+! 	      if (rl_gather_tyi () < 0)	/* XXX - EIO */
+		{
+		  rl_done = 1;
+		  return ('\n');
+		}
+	      RL_CHECK_SIGNALS ();
+- 	      if (rl_get_char (&c) != 0)
+- 		break;
+	      if (rl_done)		/* XXX - experimental */
+		return ('\n');
+--- 432,447 ----
+	  while (rl_event_hook)
+	    {
+! 	      if (rl_get_char (&c) != 0)
+! 		break;
+!
+! 	      if ((r = rl_gather_tyi ()) < 0)	/* XXX - EIO */
+		{
+		  rl_done = 1;
+		  return ('\n');
+		}
++ 	      else if (r == 1)			/* read something */
++ 		continue;
++
+	      RL_CHECK_SIGNALS ();
+	      if (rl_done)		/* XXX - experimental */
+		return ('\n');
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 31
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-032

@@ -0,0 +1,75 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-032
+
+Bug-Reported-by:	Ruediger Kuhlmann <RKuhlmann@orga-systems.com>
+Bug-Reference-ID:	<OFDE975207.0C3622E5-ONC12579F3.00361A06-C12579F3.00365E39@orga-systems.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-05/msg00010.html
+
+Bug-Description:
+
+Bash-4.2 has problems with DEL characters in the expanded value of variables
+used in the same quoted string as variables that expand to nothing.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-20120427/subst.c	2012-04-22 16:19:10.000000000 -0400
+--- subst.c	2012-05-07 16:06:35.000000000 -0400
+***************
+*** 8152,8155 ****
+--- 8152,8163 ----
+	  dispose_word_desc (tword);
+
++ 	  /* Kill quoted nulls; we will add them back at the end of
++ 	     expand_word_internal if nothing else in the string */
++ 	  if (had_quoted_null && temp && QUOTED_NULL (temp))
++ 	    {
++ 	      FREE (temp);
++ 	      temp = (char *)NULL;
++ 	    }
++
+	  goto add_string;
+	  break;
+***************
+*** 8556,8560 ****
+        if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+	tword->flags |= W_QUOTED;
+!       if (had_quoted_null)
+	tword->flags |= W_HASQUOTEDNULL;
+        list = make_word_list (tword, (WORD_LIST *)NULL);
+--- 8564,8568 ----
+        if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+	tword->flags |= W_QUOTED;
+!       if (had_quoted_null && QUOTED_NULL (istring))
+	tword->flags |= W_HASQUOTEDNULL;
+        list = make_word_list (tword, (WORD_LIST *)NULL);
+***************
+*** 8587,8591 ****
+	  if (word->flags & W_NOEXPAND)
+	    tword->flags |= W_NOEXPAND;
+! 	  if (had_quoted_null)
+	    tword->flags |= W_HASQUOTEDNULL;	/* XXX */
+	  list = make_word_list (tword, (WORD_LIST *)NULL);
+--- 8595,8599 ----
+	  if (word->flags & W_NOEXPAND)
+	    tword->flags |= W_NOEXPAND;
+! 	  if (had_quoted_null && QUOTED_NULL (istring))
+	    tword->flags |= W_HASQUOTEDNULL;	/* XXX */
+	  list = make_word_list (tword, (WORD_LIST *)NULL);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 31
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 32
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-033

@@ -0,0 +1,57 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-033
+
+Bug-Reported-by:	David Leverton <levertond@googlemail.com>
+Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Bash uses a static buffer when expanding the /dev/fd prefix for the test
+and conditional commands, among other uses, when it should use a dynamic
+buffer to avoid buffer overflow.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/sh/eaccess.c	2011-01-08 20:50:10.000000000 -0500
+--- lib/sh/eaccess.c	2012-06-04 21:06:43.000000000 -0400
+***************
+*** 83,86 ****
+--- 83,88 ----
+       struct stat *finfo;
+  {
++   static char *pbuf = 0;
++
+    if (*path == '\0')
+      {
+***************
+*** 107,111 ****
+       On most systems, with the notable exception of linux, this is
+       effectively a no-op. */
+!       char pbuf[32];
+        strcpy (pbuf, DEV_FD_PREFIX);
+        strcat (pbuf, path + 8);
+--- 109,113 ----
+       On most systems, with the notable exception of linux, this is
+       effectively a no-op. */
+!       pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+        strcpy (pbuf, DEV_FD_PREFIX);
+        strcat (pbuf, path + 8);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 32
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-034

@@ -0,0 +1,46 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-034
+
+Bug-Reported-by:	"Davide Brini" <dave_br@gmx.com>
+Bug-Reference-ID:	<20120604164154.69781EC04B@imaps.oficinas.atrapalo.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-06/msg00030.html
+
+Bug-Description:
+
+In bash-4.2, the history code would inappropriately add a semicolon to
+multi-line compound array assignments when adding them to the history.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/parse.y	2011-11-21 18:03:36.000000000 -0500
+--- parse.y	2012-06-07 12:48:47.000000000 -0400
+***************
+*** 4900,4905 ****
+--- 4916,4924 ----
+        return (current_command_line_count == 2 ? "\n" : "");
+      }
+
++   if (parser_state & PST_COMPASSIGN)
++     return (" ");
++
+    /* First, handle some special cases. */
+    /*(*/
+    /* If we just read `()', assume it's a function definition, and don't
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-035

@@ -0,0 +1,66 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-035
+
+Bug-Reported-by:	Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID:	<2766482.Ksm3GrSoYi@smorgbox>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-06/msg00071.html
+
+Bug-Description:
+
+When given a number of lines to read, `mapfile -n lines' reads one too many.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/mapfile.def	2010-05-29 22:09:47.000000000 -0400
+--- builtins/mapfile.def	2012-06-20 09:48:33.000000000 -0400
+***************
+*** 196,206 ****
+    interrupt_immediately++;
+    for (array_index = origin, line_count = 1;
+!        zgetline (fd, &line, &line_length, unbuffered_read) != -1;
+!        array_index++, line_count++)
+      {
+-       /* Have we exceeded # of lines to store? */
+-       if (line_count_goal != 0 && line_count > line_count_goal)
+- 	break;
+-
+        /* Remove trailing newlines? */
+        if (flags & MAPF_CHOP)
+--- 196,202 ----
+    interrupt_immediately++;
+    for (array_index = origin, line_count = 1;
+!  	zgetline (fd, &line, &line_length, unbuffered_read) != -1;
+! 	array_index++)
+      {
+        /* Remove trailing newlines? */
+        if (flags & MAPF_CHOP)
+***************
+*** 218,221 ****
+--- 214,222 ----
+
+        bind_array_element (entry, array_index, line, 0);
++
++       /* Have we exceeded # of lines to store? */
++       line_count++;
++       if (line_count_goal != 0 && line_count > line_count_goal)
++ 	break;
+      }
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 35
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-036

@@ -0,0 +1,92 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-036
+
+Bug-Reported-by:	gregrwm <backuppc-users@whitleymott.net>
+Bug-Reference-ID:	<CAD+dB9B4JG+qUwZBQUwiQmVt0j6NDn=DDTxr9R+nkA8DL4KLJA@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-05/msg00108.html
+
+Bug-Description:
+
+Bash-4.2 produces incorrect word splitting results when expanding
+double-quoted $@ in the same string as and adjacent to other variable
+expansions.  The $@ should be split, the other expansions should not.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2012-05-02 12:02:33.000000000 -0400
+--- subst.c	2012-07-08 21:19:32.000000000 -0400
+***************
+*** 7923,7927 ****
+    /* State flags */
+    int had_quoted_null;
+!   int has_dollar_at;
+    int tflag;
+    int pflags;			/* flags passed to param_expand */
+--- 7923,7927 ----
+    /* State flags */
+    int had_quoted_null;
+!   int has_dollar_at, temp_has_dollar_at;
+    int tflag;
+    int pflags;			/* flags passed to param_expand */
+***************
+*** 8128,8138 ****
+	    *expanded_something = 1;
+
+! 	  has_dollar_at = 0;
+	  pflags = (word->flags & W_NOCOMSUB) ? PF_NOCOMSUB : 0;
+	  if (word->flags & W_NOSPLIT2)
+	    pflags |= PF_NOSPLIT2;
+	  tword = param_expand (string, &sindex, quoted, expanded_something,
+! 			       &has_dollar_at, &quoted_dollar_at,
+			       &had_quoted_null, pflags);
+
+	  if (tword == &expand_wdesc_error || tword == &expand_wdesc_fatal)
+--- 8128,8139 ----
+	    *expanded_something = 1;
+
+! 	  temp_has_dollar_at = 0;
+	  pflags = (word->flags & W_NOCOMSUB) ? PF_NOCOMSUB : 0;
+	  if (word->flags & W_NOSPLIT2)
+	    pflags |= PF_NOSPLIT2;
+	  tword = param_expand (string, &sindex, quoted, expanded_something,
+! 			       &temp_has_dollar_at, &quoted_dollar_at,
+			       &had_quoted_null, pflags);
++ 	  has_dollar_at += temp_has_dollar_at;
+
+	  if (tword == &expand_wdesc_error || tword == &expand_wdesc_fatal)
+***************
+*** 8275,8281 ****
+	      temp = (char *)NULL;
+
+! 	      has_dollar_at = 0;
+	      /* Need to get W_HASQUOTEDNULL flag through this function. */
+! 	      list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &has_dollar_at, (int *)NULL);
+
+	      if (list == &expand_word_error || list == &expand_word_fatal)
+--- 8276,8283 ----
+	      temp = (char *)NULL;
+
+! 	      temp_has_dollar_at = 0;	/* XXX */
+	      /* Need to get W_HASQUOTEDNULL flag through this function. */
+! 	      list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &temp_has_dollar_at, (int *)NULL);
+! 	      has_dollar_at += temp_has_dollar_at;
+
+	      if (list == &expand_word_error || list == &expand_word_fatal)
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 35
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 36
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-037

@@ -0,0 +1,112 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-037
+
+Bug-Reported-by:	Jakub Filak
+Bug-Reference-ID:
+Bug-Reference-URL:	https://bugzilla.redhat.com/show_bug.cgi?id=813289
+
+Bug-Description:
+
+Attempting to redo (using `.') the vi editing mode `cc', `dd', or `yy'
+commands leads to an infinite loop.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/readline/vi_mode.c	2011-02-25 11:17:02.000000000 -0500
+--- lib/readline/vi_mode.c	2012-06-02 12:24:47.000000000 -0400
+***************
+*** 1235,1243 ****
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
+!   else if (vi_redoing)
+      {
+        _rl_vimvcxt->motion = _rl_vi_last_motion;
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
+  #if defined (READLINE_CALLBACKS)
+    else if (RL_ISSTATE (RL_STATE_CALLBACK))
+--- 1297,1313 ----
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
+!   else if (vi_redoing && _rl_vi_last_motion != 'd')	/* `dd' is special */
+      {
+        _rl_vimvcxt->motion = _rl_vi_last_motion;
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
++   else if (vi_redoing)		/* handle redoing `dd' here */
++     {
++       _rl_vimvcxt->motion = _rl_vi_last_motion;
++       rl_mark = rl_end;
++       rl_beg_of_line (1, key);
++       RL_UNSETSTATE (RL_STATE_VIMOTION);
++       r = vidomove_dispatch (_rl_vimvcxt);
++     }
+  #if defined (READLINE_CALLBACKS)
+    else if (RL_ISSTATE (RL_STATE_CALLBACK))
+***************
+*** 1317,1325 ****
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
+!   else if (vi_redoing)
+      {
+        _rl_vimvcxt->motion = _rl_vi_last_motion;
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
+  #if defined (READLINE_CALLBACKS)
+    else if (RL_ISSTATE (RL_STATE_CALLBACK))
+--- 1387,1403 ----
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
+!   else if (vi_redoing && _rl_vi_last_motion != 'c')	/* `cc' is special */
+      {
+        _rl_vimvcxt->motion = _rl_vi_last_motion;
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
++   else if (vi_redoing)		/* handle redoing `cc' here */
++     {
++       _rl_vimvcxt->motion = _rl_vi_last_motion;
++       rl_mark = rl_end;
++       rl_beg_of_line (1, key);
++       RL_UNSETSTATE (RL_STATE_VIMOTION);
++       r = vidomove_dispatch (_rl_vimvcxt);
++     }
+  #if defined (READLINE_CALLBACKS)
+    else if (RL_ISSTATE (RL_STATE_CALLBACK))
+***************
+*** 1378,1381 ****
+--- 1456,1472 ----
+        r = rl_domove_motion_callback (_rl_vimvcxt);
+      }
++   else if (vi_redoing && _rl_vi_last_motion != 'y')	/* `yy' is special */
++     {
++       _rl_vimvcxt->motion = _rl_vi_last_motion;
++       r = rl_domove_motion_callback (_rl_vimvcxt);
++     }
++   else if (vi_redoing)			/* handle redoing `yy' here */
++     {
++       _rl_vimvcxt->motion = _rl_vi_last_motion;
++       rl_mark = rl_end;
++       rl_beg_of_line (1, key);
++       RL_UNSETSTATE (RL_STATE_VIMOTION);
++       r = vidomove_dispatch (_rl_vimvcxt);
++     }
+  #if defined (READLINE_CALLBACKS)
+    else if (RL_ISSTATE (RL_STATE_CALLBACK))
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 36
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 37
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-038

@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-038
+
+Bug-Reported-by:	armandsl@gmail.com
+Bug-Reference-ID:	<20120822112810.8D14920040@windmill.latviatours.lv>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-08/msg00049.html
+
+Bug-Description:
+
+If a backslash-newline (which is removed) with no other input is given as
+input to `read', the shell tries to dereference a null pointer and seg faults.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/read.def	2012-03-11 17:52:44.000000000 -0400
+--- builtins/read.def	2012-08-22 11:53:09.000000000 -0400
+***************
+*** 792,796 ****
+  #endif
+
+!   if (saw_escape)
+      {
+        t = dequote_string (input_string);
+--- 847,851 ----
+  #endif
+
+!   if (saw_escape && input_string && *input_string)
+      {
+        t = dequote_string (input_string);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 37
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 38
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-039

@@ -0,0 +1,58 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-039
+
+Bug-Reported-by:	Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID:	<1498458.MpVlmOXDB7@smorgbox>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-09/msg00008.html
+
+Bug-Description:
+
+Under certain circumstances, bash attempts to expand variables in arithmetic
+expressions even when evaluation is being suppressed.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/expr.c	2011-11-21 18:03:35.000000000 -0500
+--- expr.c	2012-09-09 16:31:18.000000000 -0400
+***************
+*** 1010,1013 ****
+--- 1073,1082 ----
+  #endif
+
++ /*itrace("expr_streval: %s: noeval = %d", tok, noeval);*/
++   /* If we are suppressing evaluation, just short-circuit here instead of
++      going through the rest of the evaluator. */
++   if (noeval)
++     return (0);
++
+    /* [[[[[ */
+  #if defined (ARRAY_VARS)
+***************
+*** 1183,1186 ****
+--- 1256,1263 ----
+
+        *cp = '\0';
++       /* XXX - watch out for pointer aliasing issues here */
++       if (curlval.tokstr && curlval.tokstr == tokstr)
++ 	init_lvalue (&curlval);
++
+        FREE (tokstr);
+        tokstr = savestring (tp);
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 38
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 39
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-040

@@ -0,0 +1,56 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-040
+
+Bug-Reported-by:	Andrey Zaitsev <jstcdr@gmail.com>
+Bug-Reference-ID:	<CAEZVQT5PJ1Mb_Zh8LT5qz8sv+-9Q6hGfQ5DU9ZxdJ+gV7xBUaQ@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00144.html
+
+Bug-Description:
+
+Output redirection applied to builtin commands missed I/O errors if
+they happened when the file descriptor was closed, rather than on write
+(e.g., like with an out-of-space error on a remote NFS file system).
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/redir.c	2011-01-02 16:00:31.000000000 -0500
+--- redir.c	2012-04-24 20:42:12.000000000 -0400
+***************
+*** 1092,1099 ****
+  #if defined (BUFFERED_INPUT)
+	  check_bash_input (redirector);
+! 	  close_buffered_fd (redirector);
+  #else /* !BUFFERED_INPUT */
+! 	  close (redirector);
+  #endif /* !BUFFERED_INPUT */
+	}
+        break;
+--- 1092,1101 ----
+  #if defined (BUFFERED_INPUT)
+	  check_bash_input (redirector);
+! 	  r = close_buffered_fd (redirector);
+  #else /* !BUFFERED_INPUT */
+! 	  r = close (redirector);
+  #endif /* !BUFFERED_INPUT */
++ 	  if (r < 0 && (flags & RX_INTERNAL) && (errno == EIO || errno == ENOSPC))
++ 	    REDIRECTION_ERROR (r, errno, -1);
+	}
+        break;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 39
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 40
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-041

@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-041
+
+Bug-Reported-by:	Andrey Borzenkov <arvidjaar@gmail.com>
+Bug-Reference-ID:	<20121202205200.2134478e@opensuse.site>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-12/msg00008.html
+
+Bug-Description:
+
+Process substitution incorrectly inherited a flag that inhibited using the
+(local) temporary environment for variable lookups if it was providing
+the filename to a redirection.  The intent the flag is to enforce the
+Posix command expansion ordering rules.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2012-07-14 15:53:20.000000000 -0400
+--- subst.c	2012-12-02 22:26:54.000000000 -0500
+***************
+*** 5125,5128 ****
+--- 5129,5136 ----
+  #endif /* HAVE_DEV_FD */
+
++   /* subshells shouldn't have this flag, which controls using the temporary
++      environment for variable lookups. */
++   expanding_redir = 0;
++
+    result = parse_and_execute (string, "process substitution", (SEVAL_NONINT|SEVAL_NOHIST));
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 40
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 41
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-042

@@ -0,0 +1,57 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-042
+
+Bug-Reported-by:	Adam Pippin <adam@gp-inc.ca>
+Bug-Reference-ID:	<CAPYbNHr6ucZFOoWsRdUJj6KP3Ju0j1bkESa_cmb7iU+kZwdVpg@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-11/msg00087.html
+
+Bug-Description:
+
+Compilation failed after specifying the  `--enable-minimal-config' option to
+configure (more specifically, specifying `--disable-alias').
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/parse.y	2012-07-08 21:53:33.000000000 -0400
+--- parse.y	2012-10-14 20:20:34.000000000 -0400
+***************
+*** 2394,2397 ****
+--- 2392,2396 ----
+	   to consume the quoted newline and move to the next character in
+	   the expansion. */
++ #if defined (ALIAS)
+	if (expanding_alias () && shell_input_line[shell_input_line_index+1] == '\0')
+	  {
+***************
+*** 2404,2408 ****
+	    goto next_alias_char;	/* and get next character */
+	  }
+! 	else
+	  goto restart_read;
+      }
+--- 2403,2408 ----
+	    goto next_alias_char;	/* and get next character */
+	  }
+! 	else
+! #endif
+	  goto restart_read;
+      }
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 41
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 42
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-043

@@ -0,0 +1,65 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-043
+
+Bug-Reported-by:	konsolebox <konsolebox@gmail.com>
+Bug-Reference-ID:	<CAJnmqwZuGKLgMsMwxRK4LL+2NN+HgvmKzrnode99QBGrcgX1Lw@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2013-01/msg00138.html
+
+Bug-Description:
+
+When SIGCHLD is trapped, and a SIGCHLD trap handler runs when a pending
+`read -t' invocation times out and generates SIGALRM, bash can crash with
+a segmentation fault.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/read.def	2012-10-31 21:22:51.000517000 -0400
+--- builtins/read.def	2013-01-25 10:28:16.000038000 -0500
+***************
+*** 386,393 ****
+	  /* Tricky.  The top of the unwind-protect stack is the free of
+	     input_string.  We want to run all the rest and use input_string,
+! 	     so we have to remove it from the stack. */
+! 	  remove_unwind_protect ();
+! 	  run_unwind_frame ("read_builtin");
+	  input_string[i] = '\0';	/* make sure it's terminated */
+	  retval = 128+SIGALRM;
+	  goto assign_vars;
+--- 386,403 ----
+	  /* Tricky.  The top of the unwind-protect stack is the free of
+	     input_string.  We want to run all the rest and use input_string,
+! 	     so we have to save input_string temporarily, run the unwind-
+! 	     protects, then restore input_string so we can use it later. */
+!
+	  input_string[i] = '\0';	/* make sure it's terminated */
++ 	  if (i == 0)
++ 	    {
++ 	      t = (char *)xmalloc (1);
++ 	      t[0] = 0;
++ 	    }
++ 	  else
++ 	    t = savestring (input_string);
++
++ 	  run_unwind_frame ("read_builtin");
++ 	  input_string = t;
+	  retval = 128+SIGALRM;
+	  goto assign_vars;
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 42
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 43
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-044

@@ -0,0 +1,70 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-044
+
+Bug-Reported-by:	"Dashing" <dashing@hushmail.com>
+Bug-Reference-ID:	<20130211175049.D90786F446@smtp.hushmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00030.html
+
+Bug-Description:
+
+When converting a multibyte string to a wide character string as part of
+pattern matching, bash does not handle the end of the string correctly,
+causing the search for the NUL to go beyond the end of the string and
+reference random memory.  Depending on the contents of that memory, bash
+can produce errors or crash.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c	2012-07-08 21:53:19.000000000 -0400
+--- lib/glob/xmbsrtowcs.c	2013-02-12 12:00:39.000000000 -0500
+***************
+*** 217,220 ****
+--- 217,226 ----
+        n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
+
++       if (n == 0 && p == 0)
++ 	{
++ 	  wsbuf[wcnum] = L'\0';
++ 	  break;
++ 	}
++
+        /* Compensate for taking single byte on wcs conversion failure above. */
+        if (wcslength == 1 && (n == 0 || n == (size_t)-1))
+***************
+*** 222,226 ****
+	  state = tmp_state;
+	  p = tmp_p;
+! 	  wsbuf[wcnum++] = *p++;
+	}
+        else
+--- 228,238 ----
+	  state = tmp_state;
+	  p = tmp_p;
+! 	  wsbuf[wcnum] = *p;
+! 	  if (*p == 0)
+! 	    break;
+! 	  else
+! 	    {
+! 	      wcnum++; p++;
+! 	    }
+	}
+        else
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 43
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 44
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-045

@@ -0,0 +1,53 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-045
+
+Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:	<20130218195539.GA9620@chaz.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00080.html
+
+Bug-Description:
+
+The <&n- and >&n- redirections, which move one file descriptor to another,
+leave the file descriptor closed when applied to builtins or compound
+commands.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/redir.c	2013-01-30 11:56:09.000000000 -0500
+--- redir.c	2013-02-19 09:38:36.000000000 -0500
+***************
+*** 1008,1011 ****
+--- 1008,1021 ----
+	      REDIRECTION_ERROR (r, errno, -1);
+	    }
++ 	  if ((flags & RX_UNDOABLE) && (ri == r_move_input || ri == r_move_output))
++ 	    {
++ 	      /* r_move_input and r_move_output add an additional close()
++ 		 that needs to be undone */
++ 	      if (fcntl (redirector, F_GETFD, 0) != -1)
++ 		{
++ 		  r = add_undo_redirect (redir_fd, r_close_this, -1);
++ 		  REDIRECTION_ERROR (r, errno, -1);
++ 		}
++ 	    }
+  #if defined (BUFFERED_INPUT)
+	  check_bash_input (redirector);
+
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 44
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 45
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-046

@@ -0,0 +1,55 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-046
+
+Bug-Reported-by:	"Theodoros V. Kalamatianos" <thkala@gmail.com>
+Bug-Reference-ID:	<20140112011131.GE17667@infinity.metashade.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-01/msg00044.html
+
+Bug-Description:
+
+Bash-4.2 patch 32 introduced a problem with "$@" and arrays expanding empty
+positional parameters or array elements when using substring expansion,
+pattern substitution, or case modfication.  The empty parameters or array
+elements are removed instead of expanding to empty strings ("").
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c	2012-12-31 11:52:56.000000000 -0500
+--- subst.c	2014-03-31 14:19:56.000000000 -0400
+***************
+*** 7243,7247 ****
+        ret = alloc_word_desc ();
+        ret->word = temp1;
+!       if (temp1 && QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
+	ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
+        return ret;
+--- 7243,7253 ----
+        ret = alloc_word_desc ();
+        ret->word = temp1;
+!       /* We test quoted_dollar_atp because we want variants with double-quoted
+! 	 "$@" to take a different code path. In fact, we make sure at the end
+! 	 of expand_word_internal that we're only looking at these flags if
+! 	 quoted_dollar_at == 0. */
+!       if (temp1 &&
+!           (quoted_dollar_atp == 0 || *quoted_dollar_atp == 0) &&
+! 	  QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
+	ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
+        return ret;
+*** ../bash-4.2-patched/patchlevel.h	Sat Jun 12 20:14:48 2010
+--- patchlevel.h	Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 45
+
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 46
+
+  #endif /* _PATCHLEVEL_H_ */

SOURCES/bash42-052

@@ -0,0 +1,44 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-052
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2.51/make_cmd.c	2009-09-11 17:26:12.000000000 -0400
+--- make_cmd.c	2014-10-02 11:26:58.000000000 -0400
+***************
+*** 690,693 ****
+--- 690,694 ----
+    temp->redirector = source;
+    temp->redirectee = dest_and_filename;
++   temp->here_doc_eof = 0;
+    temp->instruction = instruction;
+    temp->flags = 0;
+*** ../bash-4.2.51/copy_cmd.c	2009-09-11 16:28:02.000000000 -0400
+--- copy_cmd.c	2014-10-02 11:26:58.000000000 -0400
+***************
+*** 127,131 ****
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+        /*FALLTHROUGH*/
+      case r_reading_string:
+--- 127,131 ----
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+        /*FALLTHROUGH*/
+      case r_reading_string: