Browse Source

bash package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
commit
8882ad6a33
  1. 11
      SOURCES/bash-2.02-security.patch
  2. 30
      SOURCES/bash-2.03-paths.patch
  3. 12
      SOURCES/bash-2.03-profile.patch
  4. 218
      SOURCES/bash-2.05a-interpreter.patch
  5. 10
      SOURCES/bash-2.05b-debuginfo.patch
  6. 10
      SOURCES/bash-2.05b-manso.patch
  7. 11
      SOURCES/bash-2.05b-pgrp_sync.patch
  8. 10
      SOURCES/bash-2.05b-readline-oom.patch
  9. 18
      SOURCES/bash-2.05b-xcc.patch
  10. 107
      SOURCES/bash-3.2-audit.patch
  11. 12
      SOURCES/bash-3.2-ssh_source_bash.patch
  12. 154
      SOURCES/bash-4.0-nobits.patch
  13. 12
      SOURCES/bash-4.1-broken_pipe.patch
  14. 30
      SOURCES/bash-4.1-defer-sigchld-trap.patch
  15. 24
      SOURCES/bash-4.1-examples.patch
  16. 46
      SOURCES/bash-4.1-trap.patch
  17. 24
      SOURCES/bash-4.2-brace-expand.patch
  18. 21
      SOURCES/bash-4.2-case-in-command-subst.patch
  19. 86
      SOURCES/bash-4.2-check-debugger.patch
  20. 99
      SOURCES/bash-4.2-coverity.patch
  21. 11
      SOURCES/bash-4.2-cve-2014-7169-0.patch
  22. 147
      SOURCES/bash-4.2-cve-2014-7169-1.patch
  23. 83
      SOURCES/bash-4.2-cve-2014-7169-2.patch
  24. 11
      SOURCES/bash-4.2-double-alloc.patch
  25. 10
      SOURCES/bash-4.2-enable-hyphened-fn-export.patch
  26. 73
      SOURCES/bash-4.2-env-inject.patch
  27. 28
      SOURCES/bash-4.2-extglob-man.patch
  28. 11
      SOURCES/bash-4.2-history-hang.patch
  29. 35
      SOURCES/bash-4.2-ifs-in-temp-env.patch
  30. 12
      SOURCES/bash-4.2-leak-compound.patch
  31. 23
      SOURCES/bash-4.2-man-ulimit.patch
  32. 53
      SOURCES/bash-4.2-manpage.patch
  33. 12
      SOURCES/bash-4.2-manpage_trap.patch
  34. 12
      SOURCES/bash-4.2-missing-opt-cd.patch
  35. 38
      SOURCES/bash-4.2-missing_closes.patch
  36. 39
      SOURCES/bash-4.2-noecho.patch
  37. 36
      SOURCES/bash-4.2-rc2-logout.patch
  38. 36
      SOURCES/bash-4.2-signal.patch
  39. 14
      SOURCES/bash-4.2-size_type.patch
  40. 94
      SOURCES/bash-4.3-cve-2016-0634.patch
  41. 19
      SOURCES/bash-4.3-cve-2016-7543.patch
  42. 99
      SOURCES/bash-4.3-dircomp-append-slash.patch
  43. 60
      SOURCES/bash-4.3-pipefd-leak.patch
  44. 23
      SOURCES/bash-4.3-trapped-signals.patch
  45. 149
      SOURCES/bash-4.3-wshouldquote.patch
  46. 72
      SOURCES/bash-4.4-param-expansion.patch
  47. 16
      SOURCES/bash-4.4-pipeline-pgrp.patch
  48. 55
      SOURCES/bash-bashbug.patch
  49. 27
      SOURCES/bash-cve-2016-9401.patch
  50. 30
      SOURCES/bash-infotags.patch
  51. 310
      SOURCES/bash-requires.patch
  52. 10
      SOURCES/bash-setlocale.patch
  53. 53
      SOURCES/bash-tty-tests.patch
  54. 78
      SOURCES/bash42-001
  55. 59
      SOURCES/bash42-002
  56. 318
      SOURCES/bash42-003
  57. 53
      SOURCES/bash42-004
  58. 131
      SOURCES/bash42-005
  59. 46
      SOURCES/bash42-006
  60. 46
      SOURCES/bash42-007
  61. 74
      SOURCES/bash42-008
  62. 82
      SOURCES/bash42-009
  63. 61
      SOURCES/bash42-010
  64. 46
      SOURCES/bash42-011
  65. 151
      SOURCES/bash42-012
  66. 52
      SOURCES/bash42-013
  67. 47
      SOURCES/bash42-014
  68. 81
      SOURCES/bash42-015
  69. 46
      SOURCES/bash42-016
  70. 47
      SOURCES/bash42-017
  71. 74
      SOURCES/bash42-018
  72. 47
      SOURCES/bash42-019
  73. 60
      SOURCES/bash42-020
  74. 61
      SOURCES/bash42-021
  75. 61
      SOURCES/bash42-022
  76. 62
      SOURCES/bash42-023
  77. 45
      SOURCES/bash42-024
  78. 143
      SOURCES/bash42-025
  79. 58
      SOURCES/bash42-026
  80. 47
      SOURCES/bash42-027
  81. 52
      SOURCES/bash42-028
  82. 524
      SOURCES/bash42-029
  83. 178
      SOURCES/bash42-030
  84. 80
      SOURCES/bash42-031
  85. 75
      SOURCES/bash42-032
  86. 57
      SOURCES/bash42-033
  87. 46
      SOURCES/bash42-034
  88. 66
      SOURCES/bash42-035
  89. 92
      SOURCES/bash42-036
  90. 112
      SOURCES/bash42-037
  91. 47
      SOURCES/bash42-038
  92. 58
      SOURCES/bash42-039
  93. 56
      SOURCES/bash42-040
  94. 47
      SOURCES/bash42-041
  95. 57
      SOURCES/bash42-042
  96. 65
      SOURCES/bash42-043
  97. 70
      SOURCES/bash42-044
  98. 53
      SOURCES/bash42-045
  99. 55
      SOURCES/bash42-046
  100. 44
      SOURCES/bash42-052
  101. Some files were not shown because too many files have changed in this diff Show More

11
SOURCES/bash-2.02-security.patch

@ -0,0 +1,11 @@
--- bash-2.02-orig/parse.y Wed Mar 25 18:16:23 1998
+++ bash-2.02/parse.y Sun Apr 19 16:46:34 1998
@@ -923,7 +923,7 @@

#if defined (READLINE)
char *current_readline_prompt = (char *)NULL;
-char *current_readline_line = (char *)NULL;
+unsigned char *current_readline_line = (unsigned char *)NULL;
int current_readline_line_index = 0;

static int

30
SOURCES/bash-2.03-paths.patch

@ -0,0 +1,30 @@
--- bash-3.0/config.h.in.paths 2004-07-21 21:08:31.000000000 +0100
+++ bash-3.0/config.h.in 2004-07-28 09:16:27.257884999 +0100
@@ -197,7 +197,7 @@

/* System paths */

-#define DEFAULT_MAIL_DIRECTORY "/usr/spool/mail"
+#define DEFAULT_MAIL_DIRECTORY "/var/spool/mail"

/* Characteristics of the system's header files and libraries that affect
the compilation environment. */
--- bash-3.0/config-top.h.paths 2003-08-05 15:36:12.000000000 +0100
+++ bash-3.0/config-top.h 2004-07-28 09:36:27.117205637 +0100
@@ -52,14 +52,14 @@
/* The default value of the PATH variable. */
#ifndef DEFAULT_PATH_VALUE
#define DEFAULT_PATH_VALUE \
- "/usr/gnu/bin:/usr/local/bin:/bin:/usr/bin:."
+ "/usr/local/bin:/bin:/usr/bin"
#endif

/* The value for PATH when invoking `command -p'. This is only used when
the Posix.2 confstr () function, or CS_PATH define are not present. */
#ifndef STANDARD_UTILS_PATH
#define STANDARD_UTILS_PATH \
- "/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc"
+ "/bin:/usr/bin:/usr/sbin:/sbin"
#endif

/* Default primary and secondary prompt strings. */

12
SOURCES/bash-2.03-profile.patch

@ -0,0 +1,12 @@
diff -up bash-3.2/config-top.h.profile bash-3.2/config-top.h
--- bash-3.2/config-top.h.profile 2008-07-17 13:35:39.000000000 +0200
+++ bash-3.2/config-top.h 2008-07-17 13:42:18.000000000 +0200
@@ -26,6 +26,8 @@
what POSIX.2 specifies. */
#define CONTINUE_AFTER_KILL_ERROR

+#define NON_INTERACTIVE_LOGIN_SHELLS
+
/* Define BREAK_COMPLAINS if you want the non-standard, but useful
error messages about `break' and `continue' out of context. */
#define BREAK_COMPLAINS

218
SOURCES/bash-2.05a-interpreter.patch

@ -0,0 +1,218 @@
diff -up bash-4.2-rc2/config.h.in.interpreter bash-4.2-rc2/config.h.in
--- bash-4.2-rc2/config.h.in.interpreter 2011-02-09 07:59:21.000000000 +0100
+++ bash-4.2-rc2/config.h.in 2011-02-09 07:59:21.000000000 +0100
@@ -706,6 +706,9 @@
/* Define if you have the pathconf function. */
#undef HAVE_PATHCONF

+/* Define if you have the pread function. */
+#undef HAVE_PREAD
+
/* Define if you have the putenv function. */
#undef HAVE_PUTENV

@@ -898,6 +901,9 @@
/* Define if you have the <dlfcn.h> header file. */
#undef HAVE_DLFCN_H

+/* Define if you have the <elf.h> header file. */
+#undef HAVE_ELF_H
+
/* Define if you have the <grp.h> header file. */
#undef HAVE_GRP_H

diff -up bash-4.2-rc2/configure.in.interpreter bash-4.2-rc2/configure.in
--- bash-4.2-rc2/configure.in.interpreter 2011-01-16 21:31:12.000000000 +0100
+++ bash-4.2-rc2/configure.in 2011-02-09 08:02:27.000000000 +0100
@@ -659,7 +659,7 @@ BASH_HEADER_INTTYPES
AC_CHECK_HEADERS(unistd.h stdlib.h stdarg.h varargs.h limits.h string.h \
memory.h locale.h termcap.h termio.h termios.h dlfcn.h \
stddef.h stdint.h netdb.h pwd.h grp.h strings.h regex.h \
- syslog.h ulimit.h)
+ syslog.h ulimit.h elf.h)
AC_CHECK_HEADERS(sys/pte.h sys/stream.h sys/select.h sys/file.h \
sys/resource.h sys/param.h sys/socket.h sys/stat.h \
sys/time.h sys/times.h sys/types.h sys/wait.h)
@@ -723,7 +723,7 @@ dnl checks for system calls
AC_CHECK_FUNCS(dup2 eaccess fcntl getdtablesize getgroups gethostname \
getpagesize getpeername getrlimit getrusage gettimeofday \
kill killpg lstat readlink sbrk select setdtablesize \
- setitimer tcgetpgrp uname ulimit waitpid)
+ setitimer tcgetpgrp uname ulimit waitpid pread)
AC_REPLACE_FUNCS(rename)

dnl checks for c library functions
diff -up bash-4.2-rc2/execute_cmd.c.interpreter bash-4.2-rc2/execute_cmd.c
--- bash-4.2-rc2/execute_cmd.c.interpreter 2011-01-20 04:24:47.000000000 +0100
+++ bash-4.2-rc2/execute_cmd.c 2011-02-09 07:59:21.000000000 +0100
@@ -41,6 +41,10 @@
# include <unistd.h>
#endif

+#ifdef HAVE_ELF_H
+# include <elf.h>
+#endif
+
#include "posixtime.h"

#if defined (HAVE_SYS_RESOURCE_H) && !defined (RLIMTYPE)
@@ -4975,13 +4979,21 @@ shell_execve (command, args, env)
{
/* The file has the execute bits set, but the kernel refuses to
run it for some reason. See why. */
+#if defined (HAVE_HASH_BANG_EXEC) || defined (HAVE_ELF_H)
+ int fd = open (command, O_RDONLY);
+
+ if (fd >= 0)
+ sample_len = read (fd, sample, sizeof (sample));
+ else
+ sample_len = -1;
+#endif
#if defined (HAVE_HASH_BANG_EXEC)
- READ_SAMPLE_BUF (command, sample, sample_len);
if (sample_len > 2 && sample[0] == '#' && sample[1] == '!')
{
char *interp;
int ilen;

+ close (fd);
interp = getinterp (sample, sample_len, (int *)NULL);
ilen = strlen (interp);
errno = i;
@@ -4997,6 +5009,136 @@ shell_execve (command, args, env)
return (EX_NOEXEC);
}
#endif
+#if defined (HAVE_ELF_H)
+ if (i == ENOENT
+ && sample_len > EI_NIDENT
+ && memcmp (sample, ELFMAG, SELFMAG) == 0)
+ {
+ off_t offset = -1;
+
+ /* It is an ELF file. Now determine whether it is dynamically
+ linked and if yes, get the offset of the interpreter
+ string. */
+ if (sample[EI_CLASS] == ELFCLASS32
+ && sample_len > sizeof (Elf32_Ehdr))
+ {
+ Elf32_Ehdr ehdr;
+ Elf32_Phdr *phdr;
+ int nphdr;
+
+ /* We have to copy the data since the sample buffer
+ might not be aligned correctly to be accessed as
+ an Elf32_Ehdr struct. */
+ memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));
+
+ nphdr = ehdr.e_phnum;
+ phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
+ if (phdr != NULL)
+ {
+#ifdef HAVE_PREAD
+ sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
+ ehdr.e_phoff);
+#else
+ if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
+ sample_len = read (fd, phdr,
+ nphdr * ehdr.e_phentsize);
+ else
+ sample_len = -1;
+#endif
+ if (sample_len == nphdr * ehdr.e_phentsize)
+ while (nphdr-- > 0)
+ if (phdr[nphdr].p_type == PT_INTERP)
+ {
+ offset = phdr[nphdr].p_offset;
+ break;
+ }
+ free (phdr);
+ }
+ }
+ else if (sample[EI_CLASS] == ELFCLASS64
+ && sample_len > sizeof (Elf64_Ehdr))
+ {
+ Elf64_Ehdr ehdr;
+ Elf64_Phdr *phdr;
+ int nphdr;
+
+ /* We have to copy the data since the sample buffer
+ might not be aligned correctly to be accessed as
+ an Elf64_Ehdr struct. */
+ memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));
+
+ nphdr = ehdr.e_phnum;
+ phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
+ if (phdr != NULL)
+ {
+#ifdef HAVE_PREAD
+ sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
+ ehdr.e_phoff);
+#else
+ if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
+ sample_len = read (fd, phdr,
+ nphdr * ehdr.e_phentsize);
+ else
+ sample_len = -1;
+#endif
+ if (sample_len == nphdr * ehdr.e_phentsize)
+ while (nphdr-- > 0)
+ if (phdr[nphdr].p_type == PT_INTERP)
+ {
+ offset = phdr[nphdr].p_offset;
+ break;
+ }
+ free (phdr);
+ }
+ }
+
+ if (offset != -1)
+ {
+ size_t maxlen = 0;
+ size_t actlen = 0;
+ char *interp = NULL;
+
+ do
+ {
+ if (actlen == maxlen)
+ {
+ char *newinterp = realloc (interp, maxlen += 200);
+ if (newinterp == NULL)
+ {
+ actlen = 0;
+ break;
+ }
+ interp = newinterp;
+
+#ifdef HAVE_PREAD
+ actlen = pread (fd, interp, maxlen, offset);
+#else
+ if (lseek (fd, offset, SEEK_SET) != -1)
+ actlen = read (fd, interp, maxlen);
+ else
+ actlen = -1;
+#endif
+ }
+ }
+ while (actlen > 0 && memchr (interp, '\0', actlen) == NULL);
+
+ if (actlen > 0)
+ {
+ close (fd);
+ errno = i;
+ sys_error ("%s: %s: bad ELF interpreter", command,
+ interp);
+ free (interp);
+ return (EX_NOEXEC);
+ }
+
+ free (interp);
+ }
+ }
+#endif
+#if defined (HAVE_HASH_BANG_EXEC) || defined (HAVE_ELF_H)
+ close (fd);
+#endif
errno = i;
file_error (command);
}

10
SOURCES/bash-2.05b-debuginfo.patch

@ -0,0 +1,10 @@
--- bash-2.05b/builtins/Makefile.in.debuginfo 2003-03-25 17:25:21.000000000 +0000
+++ bash-2.05b/builtins/Makefile.in 2003-03-25 17:25:49.000000000 +0000
@@ -93,7 +93,6 @@
$(RM) $@
./$(MKBUILTINS) $(DIRECTDEFINE) $<
$(CC) -c $(CCFLAGS) $*.c || ( $(RM) $*.c ; exit 1 )
- $(RM) $*.c

# How to make a .c file from a .def file.
.def.c:

10
SOURCES/bash-2.05b-manso.patch

@ -0,0 +1,10 @@
--- bash-2.05b/doc/builtins.1.manso 2003-02-10 18:58:21.000000000 +0000
+++ bash-2.05b/doc/builtins.1 2003-02-10 18:58:28.000000000 +0000
@@ -10,6 +10,6 @@
ulimit, umask, unalias, unset, wait \- bash built-in commands, see \fBbash\fR(1)
.SH BASH BUILTIN COMMANDS
.nr zZ 1
-.so bash.1
+.so man1/bash.1
.SH SEE ALSO
bash(1), sh(1)

11
SOURCES/bash-2.05b-pgrp_sync.patch

@ -0,0 +1,11 @@
--- bash-2.05b/aclocal.m4.pgrp_sync 2002-06-25 14:45:43.000000000 +0100
+++ bash-2.05b/aclocal.m4 2003-01-15 18:17:35.000000000 +0000
@@ -1255,7 +1255,7 @@
wait(&status);
exit(ok ? 0 : 5);
}
-], bash_cv_pgrp_pipe=no,bash_cv_pgrp_pipe=yes,
+], bash_cv_pgrp_pipe=yes,bash_cv_pgrp_pipe=yes,
[AC_MSG_WARN(cannot check pgrp synchronization if cross compiling -- defaulting to no)
bash_cv_pgrp_pipe=no])
])

10
SOURCES/bash-2.05b-readline-oom.patch

@ -0,0 +1,10 @@
--- bash-2.05b/lib/readline/readline.c.oom 2002-03-13 23:10:46.000000000 +0100
+++ bash-2.05b/lib/readline/readline.c 2002-08-07 12:02:04.000000000 +0200
@@ -567,7 +567,7 @@
{
/* Special case rl_do_lowercase_version (). */
if (func == rl_do_lowercase_version)
- return (_rl_dispatch (_rl_to_lower (key), map));
+ return (_rl_dispatch (_rl_to_lower ((unsigned char)key), map));

rl_executing_keymap = map;

18
SOURCES/bash-2.05b-xcc.patch

@ -0,0 +1,18 @@
--- bash-3.1/Makefile.in.xcc 2005-10-25 19:37:52.000000000 +0100
+++ bash-3.1/Makefile.in 2005-12-23 16:11:09.000000000 +0000
@@ -68,6 +68,7 @@
ARFLAGS = @ARFLAGS@
RANLIB = @RANLIB@
SIZE = @SIZE@
+STRIP = strip

INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -535,7 +536,7 @@
@chmod a+rx bashbug

strip: $(Program) .made
- strip $(Program)
+ $(STRIP) $(Program)
ls -l $(Program)
-$(SIZE) $(Program)

107
SOURCES/bash-3.2-audit.patch

@ -0,0 +1,107 @@
diff -up bash-4.2/config.h.in.audit bash-4.2/config.h.in
--- bash-4.2/config.h.in.audit 2013-01-31 16:26:16.857698992 +0100
+++ bash-4.2/config.h.in 2013-01-31 16:26:16.876699255 +0100
@@ -1131,6 +1131,14 @@

/* End additions for lib/intl */

+
+/* Additions for lib/readline */
+
+/* Define if you have <linux/audit.h> and it defines AUDIT_USER_TTY */
+#undef HAVE_DECL_AUDIT_USER_TTY
+
+/* End additions for lib/readline */
+
#include "config-bot.h"

#endif /* _CONFIG_H_ */
diff -up bash-4.2/configure.in.audit bash-4.2/configure.in
--- bash-4.2/configure.in.audit 2013-01-31 16:26:16.858699005 +0100
+++ bash-4.2/configure.in 2013-01-31 16:26:16.877699269 +0100
@@ -888,6 +888,8 @@ BASH_FUNC_DUP2_CLOEXEC_CHECK
BASH_SYS_PGRP_SYNC
BASH_SYS_SIGNAL_VINTAGE

+AC_CHECK_DECLS([AUDIT_USER_TTY],,, [[#include <linux/audit.h>]])
+
dnl checking for the presence of certain library symbols
BASH_SYS_ERRLIST
BASH_SYS_SIGLIST
diff -up bash-4.2/lib/readline/readline.c.audit bash-4.2/lib/readline/readline.c
--- bash-4.2/lib/readline/readline.c.audit 2013-01-31 16:26:16.871699185 +0100
+++ bash-4.2/lib/readline/readline.c 2013-01-31 17:24:23.902744860 +0100
@@ -55,6 +55,12 @@
extern int errno;
#endif /* !errno */

+#if defined (HAVE_DECL_AUDIT_USER_TTY)
+# include <sys/socket.h>
+# include <linux/audit.h>
+# include <linux/netlink.h>
+#endif
+
/* System-specific feature definitions and include files. */
#include "rldefs.h"
#include "rlmbutil.h"
@@ -301,7 +307,48 @@ rl_set_prompt (prompt)
rl_visible_prompt_length = rl_expand_prompt (rl_prompt);
return 0;
}
-
+
+#if defined (HAVE_DECL_AUDIT_USER_TTY)
+/* Report STRING to the audit system. */
+static void
+audit_tty (char *string)
+{
+ struct sockaddr_nl addr;
+ struct msghdr msg;
+ struct nlmsghdr nlm;
+ struct iovec iov[2];
+ size_t size;
+ int fd;
+
+ size = strlen (string) + 1;
+ fd = socket (AF_NETLINK, SOCK_RAW, NETLINK_AUDIT);
+ if (fd < 0)
+ return;
+ nlm.nlmsg_len = NLMSG_LENGTH (size);
+ nlm.nlmsg_type = AUDIT_USER_TTY;
+ nlm.nlmsg_flags = NLM_F_REQUEST;
+ nlm.nlmsg_seq = 0;
+ nlm.nlmsg_pid = 0;
+ iov[0].iov_base = &nlm;
+ iov[0].iov_len = sizeof (nlm);
+ iov[1].iov_base = string;
+ iov[1].iov_len = size;
+ addr.nl_family = AF_NETLINK;
+ addr.nl_pad = 0;
+ addr.nl_pid = 0;
+ addr.nl_groups = 0;
+ msg.msg_name = &addr;
+ msg.msg_namelen = sizeof (addr);
+ msg.msg_iov = iov;
+ msg.msg_iovlen = 2;
+ msg.msg_control = NULL;
+ msg.msg_controllen = 0;
+ msg.msg_flags = 0;
+ (void)sendmsg (fd, &msg, 0);
+ close (fd);
+}
+#endif
+
/* Read a line of input. Prompt with PROMPT. An empty PROMPT means
none. A return value of NULL means that EOF was encountered. */
char *
@@ -352,6 +399,11 @@ readline (prompt)
RL_SETSTATE (RL_STATE_CALLBACK);
#endif

+#if defined (HAVE_DECL_AUDIT_USER_TTY)
+ if (value != NULL)
+ audit_tty (value);
+#endif
+
return (value);
}

12
SOURCES/bash-3.2-ssh_source_bash.patch

@ -0,0 +1,12 @@
diff -up bash-4.0/config-top.h.ssh_source_bash bash-4.0/config-top.h
--- bash-4.0/config-top.h.ssh_source_bash 2009-01-21 15:20:06.000000000 +0100
+++ bash-4.0/config-top.h 2009-01-21 15:25:46.000000000 +0100
@@ -90,7 +90,7 @@
sshd and source the .bashrc if so (like the rshd behavior). This checks
for the presence of SSH_CLIENT or SSH2_CLIENT in the initial environment,
which can be fooled under certain not-uncommon circumstances. */
-/* #define SSH_SOURCE_BASHRC */
+#define SSH_SOURCE_BASHRC

/* Define if you want the case-capitalizing operators (~[~]) and the
`capcase' variable attribute (declare -c). */

154
SOURCES/bash-4.0-nobits.patch

@ -0,0 +1,154 @@
diff -up bash-4.0/execute_cmd.c.nobits bash-4.0/execute_cmd.c
--- bash-4.0/execute_cmd.c.nobits 2009-08-11 11:53:38.000000000 +0200
+++ bash-4.0/execute_cmd.c 2009-08-14 16:18:18.000000000 +0200
@@ -4747,6 +4747,7 @@ shell_execve (command, args, env)
&& memcmp (sample, ELFMAG, SELFMAG) == 0)
{
off_t offset = -1;
+ int dynamic_nobits = 0;

/* It is an ELF file. Now determine whether it is dynamically
linked and if yes, get the offset of the interpreter
@@ -4756,13 +4757,61 @@ shell_execve (command, args, env)
{
Elf32_Ehdr ehdr;
Elf32_Phdr *phdr;
- int nphdr;
+ Elf32_Shdr *shdr;
+ int nphdr, nshdr;

/* We have to copy the data since the sample buffer
might not be aligned correctly to be accessed as
an Elf32_Ehdr struct. */
memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));

+ nshdr = ehdr.e_shnum;
+ shdr = (Elf32_Shdr *) malloc (nshdr * ehdr.e_shentsize);
+
+ if (shdr != NULL)
+ {
+#ifdef HAVE_PREAD
+ sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
+ ehdr.e_shoff);
+#else
+ if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
+ sample_len = read (fd, shdr,
+ nshdr * ehdr.e_shentsize);
+ else
+ sample_len = -1;
+#endif
+ if (sample_len == nshdr * ehdr.e_shentsize)
+ {
+ char *strings = (char *) malloc (shdr[ehdr.e_shstrndx].sh_size);
+ if (strings != NULL)
+ {
+#ifdef HAVE_PREAD
+ sample_len = pread (fd, strings,
+ shdr[ehdr.e_shstrndx].sh_size,
+ shdr[ehdr.e_shstrndx].sh_offset);
+#else
+ if (lseek (fd, shdr[ehdr.e_shstrndx].sh_offset,
+ SEEK_SET) != -1)
+ sample_len = read (fd, strings,
+ shdr[ehdr.e_shstrndx].sh_size);
+ else
+ sample_len = -1;
+#endif
+ if (sample_len == shdr[ehdr.e_shstrndx].sh_size)
+ while (nshdr-- > 0)
+ if (strcmp (strings + shdr[nshdr].sh_name,
+ ".interp") == 0 &&
+ shdr[nshdr].sh_type == SHT_NOBITS)
+ {
+ dynamic_nobits++;
+ break;
+ }
+ free (strings);
+ }
+ }
+ free (shdr);
+ }
+
nphdr = ehdr.e_phnum;
phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
if (phdr != NULL)
@@ -4792,13 +4841,60 @@ shell_execve (command, args, env)
{
Elf64_Ehdr ehdr;
Elf64_Phdr *phdr;
- int nphdr;
+ Elf64_Shdr *shdr;
+ int nphdr, nshdr;

/* We have to copy the data since the sample buffer
might not be aligned correctly to be accessed as
an Elf64_Ehdr struct. */
memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));

+ nshdr = ehdr.e_shnum;
+ shdr = (Elf64_Shdr *) malloc (nshdr * ehdr.e_shentsize);
+ if (shdr != NULL)
+ {
+#ifdef HAVE_PREAD
+ sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
+ ehdr.e_shoff);
+#else
+ if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
+ sample_len = read (fd, shdr,
+ nshdr * ehdr.e_shentsize);
+ else
+ sample_len = -1;
+#endif
+ if (sample_len == nshdr * ehdr.e_shentsize)
+ {
+ char *strings = (char *) malloc (shdr[ehdr.e_shstrndx].sh_size);
+ if (strings != NULL)
+ {
+#ifdef HAVE_PREAD
+ sample_len = pread (fd, strings,
+ shdr[ehdr.e_shstrndx].sh_size,
+ shdr[ehdr.e_shstrndx].sh_offset);
+#else
+ if (lseek (fd, shdr[ehdr.e_shstrndx].sh_offset,
+ SEEK_SET) != -1)
+ sample_len = read (fd, strings,
+ shdr[ehdr.e_shstrndx].sh_size);
+ else
+ sample_len = -1;
+#endif
+ if (sample_len == shdr[ehdr.e_shstrndx].sh_size)
+ while (nshdr-- > 0)
+ if (strcmp (strings + shdr[nshdr].sh_name,
+ ".interp") == 0 &&
+ shdr[nshdr].sh_type == SHT_NOBITS)
+ {
+ dynamic_nobits++;
+ break;
+ }
+ free (strings);
+ }
+ }
+ free (shdr);
+ }
+
nphdr = ehdr.e_phnum;
phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
if (phdr != NULL)
@@ -4858,8 +4954,15 @@ shell_execve (command, args, env)
{
close (fd);
errno = i;
- sys_error ("%s: %s: bad ELF interpreter", command,
- interp);
+ if (dynamic_nobits > 0)
+ {
+ sys_error ("%s: bad ELF interpreter", command);
+ }
+ else
+ {
+ sys_error ("%s: %s: bad ELF interpreter", command,
+ interp);
+ }
free (interp);
return (EX_NOEXEC);
}

12
SOURCES/bash-4.1-broken_pipe.patch

@ -0,0 +1,12 @@
diff -up bash-4.1/config-top.h.broken_pipe bash-4.1/config-top.h
--- bash-4.1/config-top.h.broken_pipe 2011-01-06 18:01:30.000000000 +0100
+++ bash-4.1/config-top.h 2011-01-06 18:02:14.000000000 +0100
@@ -51,7 +51,7 @@
/* Define DONT_REPORT_BROKEN_PIPE_WRITE_ERRORS if you don't want builtins
like `echo' and `printf' to report errors when output does not succeed
due to EPIPE. */
-/* #define DONT_REPORT_BROKEN_PIPE_WRITE_ERRORS */
+#define DONT_REPORT_BROKEN_PIPE_WRITE_ERRORS

/* The default value of the PATH variable. */
#ifndef DEFAULT_PATH_VALUE

30
SOURCES/bash-4.1-defer-sigchld-trap.patch

@ -0,0 +1,30 @@
diff -pruN bash-4.1/jobs.c bash-4.1.patched/jobs.c
--- bash-4.1/jobs.c 2009-11-30 03:42:05.000000000 +0530
+++ bash-4.1.patched/jobs.c 2012-03-06 16:44:15.706595703 +0530
@@ -3037,6 +3037,7 @@ waitchld (wpid, block)
PROCESS *child;
pid_t pid;
int call_set_current, last_stopped_job, job, children_exited, waitpid_flags;
+ int called_from_sighand = sigchld;
static int wcontinued = WCONTINUED; /* run-time fix for glibc problem */

call_set_current = children_exited = 0;
@@ -3161,7 +3162,17 @@ waitchld (wpid, block)
longjmp (wait_intr_buf, 1);
}

- run_sigchld_trap (children_exited);
+ /* Queue up the trap handler if we're called directly from within the
+ signal handler. */
+ if (called_from_sighand)
+ {
+ int i = children_exited;
+ interrupt_immediately = 0;
+ while (i--)
+ trap_handler (SIGCHLD);
+ }
+ else
+ run_sigchld_trap (children_exited);
}

/* We have successfully recorded the useful information about this process

24
SOURCES/bash-4.1-examples.patch

@ -0,0 +1,24 @@
diff -up bash-4.1/examples/loadables/Makefile.in.examples bash-4.1/examples/loadables/Makefile.in
--- bash-4.1/examples/loadables/Makefile.in.examples 2010-06-22 16:20:02.000000000 +0200
+++ bash-4.1/examples/loadables/Makefile.in 2010-06-22 16:20:41.000000000 +0200
@@ -43,7 +43,7 @@ host_os = @host_os@
host_cpu = @host_cpu@
host_vendor = @host_vendor@

-CFLAGS = @CFLAGS@
+CFLAGS = -O2 -g
LOCAL_CFLAGS = @LOCAL_CFLAGS@
DEFS = @DEFS@
LOCAL_DEFS = @LOCAL_DEFS@
diff -up bash-4.1/examples/loadables/perl/Makefile.in.examples bash-4.1/examples/loadables/perl/Makefile.in
--- bash-4.1/examples/loadables/perl/Makefile.in.examples 2010-06-22 16:20:46.000000000 +0200
+++ bash-4.1/examples/loadables/perl/Makefile.in 2010-06-22 16:21:04.000000000 +0200
@@ -42,7 +42,7 @@ SHELL = @MAKE_SHELL@

PERL5 = perl5

-CFLAGS = @CFLAGS@
+CFLAGS = -O2 -g

#
# These values are generated for configure by ${topdir}/support/shobj-conf.

46
SOURCES/bash-4.1-trap.patch

@ -0,0 +1,46 @@
Only in bash-4.1: _patchlevel
diff -rup bash-4.1.orig/trap.c bash-4.1/trap.c
--- bash-4.1.orig/trap.c 2013-05-14 13:58:06.224000564 +0900
+++ bash-4.1/trap.c 2013-06-26 16:59:42.968001502 +0900
@@ -269,6 +269,9 @@ run_pending_traps ()
if (catch_flag == 0) /* simple optimization */
return;

+ if (running_trap > 0)
+ return; /* no recursive trap invocations */
+
catch_flag = 0;

/* Preserve $? when running trap. */
@@ -294,6 +297,8 @@ run_pending_traps ()
# endif
#endif /* HAVE_POSIX_SIGNALS */

+ running_trap = sig + 1;
+
if (sig == SIGINT)
{
run_interrupt_trap ();
@@ -338,7 +343,14 @@ run_pending_traps ()
save_subst_varlist = subst_assign_varlist;
subst_assign_varlist = 0;

+#if defined (JOB_CONTROL)
+ save_pipeline (1); /* XXX only provides one save level */
+#endif
parse_and_execute (savestring (trap_list[sig]), "trap", SEVAL_NONINT|SEVAL_NOHIST|SEVAL_RESETLINE);
+#if defined (JOB_CONTROL)
+ restore_pipeline (1);
+#endif
+
restore_token_state (token_state);
free (token_state);

@@ -346,6 +358,7 @@ run_pending_traps ()
}

pending_traps[sig] = 0;
+ running_trap = 0;

#if defined (HAVE_POSIX_SIGNALS)
sigprocmask (SIG_SETMASK, &oset, (sigset_t *)NULL);

24
SOURCES/bash-4.2-brace-expand.patch

@ -0,0 +1,24 @@
diff --git a/braces.c b/braces.c
index 2febed7..61c1ab1 100644
--- a/braces.c
+++ b/braces.c
@@ -529,6 +529,11 @@ brace_gobbler (text, tlen, indx, satisfy)
{
if (c == quoted)
quoted = 0;
+#if defined (SHELL)
+ /* The shell allows quoted command substitutions */
+ if (quoted == '"' && c == '$' && text[i+1] == '(') /*)*/
+ goto comsub;
+#endif
ADVANCE_CHAR (text, tlen, i);
continue;
}
@@ -551,6 +556,7 @@ brace_gobbler (text, tlen, indx, satisfy)
/* Pass new-style command and process substitutions through unchanged. */
if ((c == '$' || c == '<' || c == '>') && text[i+1] == '(') /* ) */
{
+comsub:
si = i + 2;
t = extract_command_subst (text, &si, 0);
i = si;

21
SOURCES/bash-4.2-case-in-command-subst.patch

@ -0,0 +1,21 @@
diff -up bash-4.2/parse.y.old bash-4.2/parse.y
--- bash-4.2/parse.y.old 2015-05-18 13:04:30.341494305 +0200
+++ bash-4.2/parse.y 2015-05-18 13:05:18.245509202 +0200
@@ -3693,6 +3693,17 @@ eof_error:
}
else if MBTEST((tflags & LEX_CKCOMMENT) && ch == '#' && (lex_rwlen == 0 || ((tflags & LEX_INWORD) && lex_wlen == 0)))
; /* don't modify LEX_RESWDOK if we're starting a comment */
+ /* Allow `do' followed by space, tab, or newline to preserve the
+ RESWDOK flag, but reset the reserved word length counter so we
+ can read another one. */
+ else if MBTEST(((tflags & LEX_INCASE) == 0) &&
+ (isblank(ch) || ch == '\n') &&
+ lex_rwlen == 2 &&
+ STREQN (ret + retind - 2, "do", 2))
+{
+/*itrace("parse_comsub:%d: lex_incase == 1 found `%c', found \"do\"", line_number, ch);*/
+ lex_rwlen = 0;
+}
else if MBTEST((tflags & LEX_INCASE) && ch != '\n')
/* If we can read a reserved word and we're in case, we're at the
point where we can read a new pattern list or an esac. We

86
SOURCES/bash-4.2-check-debugger.patch

@ -0,0 +1,86 @@
diff -up bash-4.2/builtins/evalfile.c.old bash-4.2/builtins/evalfile.c
--- bash-4.2/builtins/evalfile.c.old 2015-05-14 20:45:31.402793505 +0200
+++ bash-4.2/builtins/evalfile.c 2015-05-14 20:45:47.632794791 +0200
@@ -317,6 +317,23 @@ maybe_execute_file (fname, force_noninte
return result;
}

+int
+force_execute_file (fname, force_noninteractive)
+ const char *fname;
+ int force_noninteractive;
+{
+ char *filename;
+ int result, flags;
+
+ filename = bash_tilde_expand (fname, 0);
+ flags = 0;
+ if (force_noninteractive)
+ flags |= FEVAL_NONINT;
+ result = _evalfile (filename, flags);
+ free (filename);
+ return result;
+}
+
#if defined (HISTORY)
int
fc_execute_file (filename)
diff -up bash-4.2/configure.in.old bash-4.2/configure.in
--- bash-4.2/configure.in.old 2015-05-14 21:27:20.882449456 +0200
+++ bash-4.2/configure.in 2015-05-14 21:19:25.654612738 +0200
@@ -149,7 +149,7 @@ fi
fi

if test -z "${DEBUGGER_START_FILE}"; then
- DEBUGGER_START_FILE='${datadir}/bashdb/bashdb-main.inc'
+ DEBUGGER_START_FILE='/usr/share/bashdb/bashdb-main.inc'
fi

dnl optional shell features in config.h.in
diff -up bash-4.2/shell.c.old bash-4.2/shell.c
--- bash-4.2/shell.c.old 2015-05-14 20:42:54.379781066 +0200
+++ bash-4.2/shell.c 2015-05-14 20:43:04.966781904 +0200
@@ -1373,12 +1373,19 @@ start_debugger ()
{
#if defined (DEBUGGER) && defined (DEBUGGER_START_FILE)
int old_errexit;
+ int r;

old_errexit = exit_immediately_on_error;
exit_immediately_on_error = 0;

- maybe_execute_file (DEBUGGER_START_FILE, 1);
- function_trace_mode = 1;
+ r = force_execute_file (DEBUGGER_START_FILE, 1);
+ if (r < 0)
+ {
+ internal_warning ("cannot start debugger; debugging mode disabled");
+ debugging_mode = function_trace_mode = 0;
+ }
+ else
+ function_trace_mode = 1;

exit_immediately_on_error += old_errexit;
#endif
diff -up bash-4.2/builtins/evalfile.c.old bash-4.2/builtins/evalfile.c
--- bash-4.2/builtins/evalfile.c.old 2015-05-15 00:52:01.357266353 +0200
+++ bash-4.2/builtins/evalfile.c 2015-05-15 00:52:08.734263236 +0200
@@ -125,7 +125,7 @@ file_error_and_exit:
}

return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE
- : ((errno == ENOENT) ? 0 : -1));
+ : ((errno == ENOENT && (flags & FEVAL_ENOENTOK) != 0) ? 0 : -1));
}

errfunc = ((flags & FEVAL_BUILTIN) ? builtin_error : internal_error);
diff -up bash-4.2/builtins/common.h.old bash-4.2/builtins/common.h
--- bash-4.2/builtins/common.h.old 2015-05-15 00:52:01.357266353 +0200
+++ bash-4.2/builtins/common.h 2015-05-15 00:52:08.734263236 +0200
@@ -170,6 +170,7 @@

/* Functions from evalfile.c */
extern int maybe_execute_file __P((const char *, int));
+extern int force_execute_file __P((const char *, int));
extern int source_file __P((const char *, int));
extern int fc_execute_file __P((const char *));

99
SOURCES/bash-4.2-coverity.patch

@ -0,0 +1,99 @@
diff -up bash-4.2/execute_cmd.c.coverity bash-4.2/execute_cmd.c
--- bash-4.2/execute_cmd.c.coverity 2011-02-24 13:04:35.000000000 +0100
+++ bash-4.2/execute_cmd.c 2011-02-24 13:49:13.000000000 +0100
@@ -5036,7 +5036,7 @@ shell_execve (command, args, env)
Elf32_Ehdr ehdr;
Elf32_Phdr *phdr;
Elf32_Shdr *shdr;
- int nphdr, nshdr;
+ Elf32_Half nphdr, nshdr;

/* We have to copy the data since the sample buffer
might not be aligned correctly to be accessed as
@@ -5044,12 +5044,12 @@ shell_execve (command, args, env)
memcpy (&ehdr, sample, sizeof (Elf32_Ehdr));

nshdr = ehdr.e_shnum;
- shdr = (Elf32_Shdr *) malloc (nshdr * ehdr.e_shentsize);
+ shdr = (Elf32_Shdr *) malloc ((size_t)nshdr * (size_t)ehdr.e_shentsize);

if (shdr != NULL)
{
#ifdef HAVE_PREAD
- sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
+ sample_len = pread (fd, shdr, (size_t)nshdr * (size_t)ehdr.e_shentsize,
ehdr.e_shoff);
#else
if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
@@ -5091,11 +5091,11 @@ shell_execve (command, args, env)
}

nphdr = ehdr.e_phnum;
- phdr = (Elf32_Phdr *) malloc (nphdr * ehdr.e_phentsize);
+ phdr = (Elf32_Phdr *) malloc ((size_t)nphdr * (size_t)ehdr.e_phentsize);
if (phdr != NULL)
{
#ifdef HAVE_PREAD
- sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
+ sample_len = pread (fd, phdr, (size_t)nphdr * (size_t)ehdr.e_phentsize,
ehdr.e_phoff);
#else
if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
@@ -5120,7 +5120,7 @@ shell_execve (command, args, env)
Elf64_Ehdr ehdr;
Elf64_Phdr *phdr;
Elf64_Shdr *shdr;
- int nphdr, nshdr;
+ Elf32_Half nphdr, nshdr;

/* We have to copy the data since the sample buffer
might not be aligned correctly to be accessed as
@@ -5128,11 +5128,11 @@ shell_execve (command, args, env)
memcpy (&ehdr, sample, sizeof (Elf64_Ehdr));

nshdr = ehdr.e_shnum;
- shdr = (Elf64_Shdr *) malloc (nshdr * ehdr.e_shentsize);
+ shdr = (Elf64_Shdr *) malloc ((size_t)nshdr * (size_t)ehdr.e_shentsize);
if (shdr != NULL)
{
#ifdef HAVE_PREAD
- sample_len = pread (fd, shdr, nshdr * ehdr.e_shentsize,
+ sample_len = pread (fd, shdr, (size_t)nshdr * (size_t)ehdr.e_shentsize,
ehdr.e_shoff);
#else
if (lseek (fd, ehdr.e_shoff, SEEK_SET) != -1)
@@ -5174,11 +5174,11 @@ shell_execve (command, args, env)
}

nphdr = ehdr.e_phnum;
- phdr = (Elf64_Phdr *) malloc (nphdr * ehdr.e_phentsize);
+ phdr = (Elf64_Phdr *) malloc ((size_t)nphdr * (size_t)ehdr.e_phentsize);
if (phdr != NULL)
{
#ifdef HAVE_PREAD
- sample_len = pread (fd, phdr, nphdr * ehdr.e_phentsize,
+ sample_len = pread (fd, phdr, (size_t)nphdr * (size_t)ehdr.e_phentsize,
ehdr.e_phoff);
#else
if (lseek (fd, ehdr.e_phoff, SEEK_SET) != -1)
@@ -5200,8 +5200,8 @@ shell_execve (command, args, env)

if (offset != -1)
{
- size_t maxlen = 0;
- size_t actlen = 0;
+ ssize_t maxlen = 0;
+ ssize_t actlen = 0;
char *interp = NULL;

do
@@ -5250,7 +5250,8 @@ shell_execve (command, args, env)
}
#endif
#if defined (HAVE_HASH_BANG_EXEC) || defined (HAVE_ELF_H)
- close (fd);
+ if (fd >= 0)
+ close (fd);
#endif
errno = i;
file_error (command);

11
SOURCES/bash-4.2-cve-2014-7169-0.patch

@ -0,0 +1,11 @@
*** ../bash-20140912/parse.y 2014-08-26 15:09:42.000000000 -0400
--- parse.y 2014-09-24 22:47:28.000000000 -0400
***************
*** 2959,2962 ****
--- 2959,2964 ----
word_desc_to_read = (WORD_DESC *)NULL;

+ eol_ungetc_lookahead = 0;
+
current_token = '\n'; /* XXX */
last_read_token = '\n';

147
SOURCES/bash-4.2-cve-2014-7169-1.patch

@ -0,0 +1,147 @@
--- ../bash-4.2-orig/variables.c 2014-09-25 13:07:59.313209541 +0200
+++ variables.c 2014-09-25 13:15:29.869420719 +0200
@@ -268,7 +268,7 @@
static void propagate_temp_var __P((PTR_T));
static void dispose_temporary_env __P((sh_free_func_t *));

-static inline char *mk_env_string __P((const char *, const char *));
+static inline char *mk_env_string __P((const char *, const char *, int));
static char **make_env_array_from_var_list __P((SHELL_VAR **));
static char **make_var_export_array __P((VAR_CONTEXT *));
static char **make_func_export_array __P((void));
@@ -301,6 +301,14 @@
#endif
}

+/* Prefix and suffix for environment variable names which contain
+ shell functions. */
+#define FUNCDEF_PREFIX "BASH_FUNC_"
+#define FUNCDEF_PREFIX_LEN (strlen (FUNCDEF_PREFIX))
+#define FUNCDEF_SUFFIX "()"
+#define FUNCDEF_SUFFIX_LEN (strlen (FUNCDEF_SUFFIX))
+
+
/* Initialize the shell variables from the current environment.
If PRIVMODE is nonzero, don't import functions from ENV or
parse $SHELLOPTS. */
@@ -338,28 +346,40 @@

/* If exported function, define it now. Don't import functions from
the environment in privileged mode. */
- if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
- {
- string_length = strlen (string);
- temp_string = (char *)xmalloc (3 + string_length + char_index);
+ if (privmode == 0 && read_but_dont_execute == 0
+ && STREQN (FUNCDEF_PREFIX, name, FUNCDEF_PREFIX_LEN)
+ && STREQ (name + char_index - FUNCDEF_SUFFIX_LEN, FUNCDEF_SUFFIX)
+ && STREQN ("() {", string, 4))
+ {
+ size_t name_length
+ = char_index - (FUNCDEF_PREFIX_LEN + FUNCDEF_SUFFIX_LEN);
+ char *temp_name = name + FUNCDEF_PREFIX_LEN;
+ /* Temporarily remove the suffix. */
+ temp_name[name_length] = '\0';

- strcpy (temp_string, name);
- temp_string[char_index] = ' ';
- strcpy (temp_string + char_index + 1, string);
+ string_length = strlen (string);
+ temp_string = (char *)xmalloc (name_length + 1 + string_length + 1);
+ memcpy (temp_string, temp_name, name_length);
+ temp_string[name_length] = ' ';
+ memcpy (temp_string + name_length + 1, string, string_length + 1);

/* Don't import function names that are invalid identifiers from the
environment, though we still allow them to be defined as shell
variables. */
- if (legal_identifier (name))
- parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+ if (legal_identifier (temp_name))
+ parse_and_execute (temp_string, temp_name,
+ SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);

- if (temp_var = find_function (name))
+ if (temp_var = find_function (temp_name))
{
VSETATTR (temp_var, (att_exported|att_imported));
array_needs_making = 1;
}
else
report_error (_("error importing function definition for `%s'"), name);
+
+ /* Restore the original suffix. */
+ temp_name[name_length] = FUNCDEF_SUFFIX[0];
}
#if defined (ARRAY_VARS)
# if 0
@@ -2537,7 +2557,7 @@
var->context = variable_context; /* XXX */

INVALIDATE_EXPORTSTR (var);
- var->exportstr = mk_env_string (name, value);
+ var->exportstr = mk_env_string (name, value, 0);

array_needs_making = 1;

@@ -3388,22 +3408,43 @@
/* */
/* **************************************************************** */

+/* Returns the string NAME=VALUE if !FUNCTIONP or if VALUE == NULL (in
+ which case it is treated as empty). Otherwise, decorate NAME with
+ FUNCDEF_PREFIX and FUNCDEF_SUFFIX, and return a string of the form
+ FUNCDEF_PREFIX NAME FUNCDEF_SUFFIX = VALUE (without spaces). */
static inline char *
-mk_env_string (name, value)
+mk_env_string (name, value, functionp)
const char *name, *value;
+ int functionp;
{
- int name_len, value_len;
- char *p;
+ size_t name_len, value_len;
+ char *p, *q;

name_len = strlen (name);
value_len = STRLEN (value);
- p = (char *)xmalloc (2 + name_len + value_len);
- strcpy (p, name);
- p[name_len] = '=';
+ if (functionp && value != NULL)
+ {
+ p = (char *)xmalloc (FUNCDEF_PREFIX_LEN + name_len + FUNCDEF_SUFFIX_LEN
+ + 1 + value_len + 1);
+ q = p;
+ memcpy (q, FUNCDEF_PREFIX, FUNCDEF_PREFIX_LEN);
+ q += FUNCDEF_PREFIX_LEN;
+ memcpy (q, name, name_len);
+ q += name_len;
+ memcpy (q, FUNCDEF_SUFFIX, FUNCDEF_SUFFIX_LEN);
+ q += FUNCDEF_SUFFIX_LEN;
+ }
+ else
+ {
+ p = (char *)xmalloc (name_len + 1 + value_len + 1);
+ memcpy (p, name, name_len);
+ q = p + name_len;
+ }
+ q[0] = '=';
if (value && *value)
- strcpy (p + name_len + 1, value);
+ memcpy (q + 1, value, value_len + 1);
else
- p[name_len + 1] = '\0';
+ q[1] = '\0';
return (p);
}

@@ -3489,7 +3530,7 @@
/* Gee, I'd like to get away with not using savestring() if we're
using the cached exportstr... */
list[list_index] = USE_EXPORTSTR ? savestring (value)
- : mk_env_string (var->name, value);
+ : mk_env_string (var->name, value, function_p (var));

if (USE_EXPORTSTR == 0)
SAVE_EXPORTSTR (var, list[list_index]);

83
SOURCES/bash-4.2-cve-2014-7169-2.patch

@ -0,0 +1,83 @@
--- ../bash-4.2-orig/parse.y 2014-09-25 13:07:59.218209276 +0200
+++ parse.y 2014-09-25 15:26:52.813159810 +0200
@@ -264,9 +264,21 @@

/* Variables to manage the task of reading here documents, because we need to
defer the reading until after a complete command has been collected. */
-static REDIRECT *redir_stack[10];
+static REDIRECT **redir_stack;
int need_here_doc;

+/* Pushes REDIR onto redir_stack, resizing it as needed. */
+static void
+push_redir_stack (REDIRECT *redir)
+{
+ /* Guard against oveflow. */
+ if (need_here_doc + 1 > INT_MAX / sizeof (*redir_stack))
+ abort ();
+ redir_stack = xrealloc (redir_stack,
+ (need_here_doc + 1) * sizeof (*redir_stack));
+ redir_stack[need_here_doc++] = redir;
+}
+
/* Where shell input comes from. History expansion is performed on each
line when the shell is interactive. */
static char *shell_input_line = (char *)NULL;
@@ -519,42 +531,42 @@
source.dest = 0;
redir.filename = $2;
$$ = make_redirection (source, r_reading_until, redir, 0);
- redir_stack[need_here_doc++] = $$;
+ push_redir_stack ($$);
}
| NUMBER LESS_LESS WORD
{
source.dest = $1;
redir.filename = $3;
$$ = make_redirection (source, r_reading_until, redir, 0);
- redir_stack[need_here_doc++] = $$;
+ push_redir_stack ($$);
}
| REDIR_WORD LESS_LESS WORD
{
source.filename = $1;
redir.filename = $3;
$$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
- redir_stack[need_here_doc++] = $$;
+ push_redir_stack ($$);
}
| LESS_LESS_MINUS WORD
{
source.dest = 0;
redir.filename = $2;
$$ = make_redirection (source, r_deblank_reading_until, redir, 0);
- redir_stack[need_here_doc++] = $$;
+ push_redir_stack ($$);
}
| NUMBER LESS_LESS_MINUS WORD
{
source.dest = $1;
redir.filename = $3;
$$ = make_redirection (source, r_deblank_reading_until, redir, 0);
- redir_stack[need_here_doc++] = $$;
+ push_redir_stack ($$);
}
| REDIR_WORD LESS_LESS_MINUS WORD
{
source.filename = $1;
redir.filename = $3;
$$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
- redir_stack[need_here_doc++] = $$;
+ push_redir_stack ($$);
}
| LESS_LESS_LESS WORD
{
@@ -4757,7 +4769,7 @@
case CASE:
case SELECT:
case FOR:
- if (word_top < MAX_CASE_NEST)
+ if (word_top + 1 < MAX_CASE_NEST)
word_top++;
word_lineno[word_top] = line_number;
break;

11
SOURCES/bash-4.2-double-alloc.patch

@ -0,0 +1,11 @@
--- bash-4.1/subst.c 2015-04-07 10:00:00.482931289 +0900
+++ bash-4.1/subst.c 2015-04-07 10:01:28.258111134 +0900
@@ -7039,8 +7039,6 @@

ret = alloc_word_desc ();
ret->word = temp1;
- ret = alloc_word_desc ();
- ret->word = temp1;
if (temp1 && QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
return ret;

10
SOURCES/bash-4.2-enable-hyphened-fn-export.patch

@ -0,0 +1,10 @@
--- variables.cold 2015-01-16 13:53:13.817363093 +0100
+++ variables.c 2015-01-16 13:57:41.839425969 +0100
@@ -366,7 +366,7 @@ initialize_shell_variables (env, privmod
/* Don't import function names that are invalid identifiers from the
environment, though we still allow them to be defined as shell
variables. */
- if (legal_identifier (temp_name))
+ if (absolute_program (temp_name) == 0 && (posixly_correct == 0 || legal_identifier (temp_name)))
parse_and_execute (temp_string, temp_name,
SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);

73
SOURCES/bash-4.2-env-inject.patch

@ -0,0 +1,73 @@
*** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000 -0400
--- builtins/common.h 2014-09-12 14:25:47.000000000 -0400
***************
*** 34,37 ****
--- 49,54 ----
#define SEVAL_PARSEONLY 0x020
#define SEVAL_NOLONGJMP 0x040
+ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
+ #define SEVAL_ONECMD 0x100 /* only allow a single command */

/* Flags for describe_command, shared between type.def and command.def */
*** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000 -0500
--- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400
***************
*** 309,312 ****
--- 313,324 ----
struct fd_bitmap *bitmap;

+ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+ {
+ internal_warning ("%s: ignoring function definition attempt", from_file);
+ should_jump_to_top_level = 0;
+ last_result = last_command_exit_value = EX_BADUSAGE;
+ break;
+ }
+
bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
begin_unwind_frame ("pe_dispose");
***************
*** 369,372 ****
--- 381,387 ----
dispose_fd_bitmap (bitmap);
discard_unwind_frame ("pe_dispose");
+
+ if (flags & SEVAL_ONECMD)
+ break;
}
}
*** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400
--- variables.c 2014-09-14 14:23:35.000000000 -0400
***************
*** 359,368 ****
strcpy (temp_string + char_index + 1, string);

! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
!
! /* Ancient backwards compatibility. Old versions of bash exported
! functions like name()=() {...} */
! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
! name[char_index - 2] = '\0';

if (temp_var = find_function (name))
--- 364,372 ----
strcpy (temp_string + char_index + 1, string);

! /* Don't import function names that are invalid identifiers from the
! environment, though we still allow them to be defined as shell
! variables. */
! if (legal_identifier (name))
! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);

if (temp_var = find_function (name))
***************
*** 362,369 ****
else
report_error (_("error importing function definition for `%s'"), name);
-
- /* ( */
- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
- name[char_index - 2] = '('; /* ) */
}
#if defined (ARRAY_VARS)
--- 360,363 ----

28
SOURCES/bash-4.2-extglob-man.patch

@ -0,0 +1,28 @@
diff --git a/doc/bash.1 b/doc/bash.1
--- a/doc/bash.1 2010-07-28 08:42:54.000000000 +0200
+++ b/doc/bash.1 2010-07-28 08:43:17.000000000 +0200
@@ -3220,8 +3220,7 @@
.RE
.PD
.PP
-If the \fBextglob\fP shell option is enabled using the \fBshopt\fP
-builtin, several extended pattern matching operators are recognized.
+Several extended pattern matching operators are recognized.
In the following description, a \fIpattern-list\fP is a list of one
or more patterns separated by a \fB|\fP.
Composite patterns may be formed using one or more of the following
@@ -3241,6 +3240,14 @@
.TP
\fB@(\fP\^\fIpattern-list\^\fP\fB)\fP
Matches one of the given patterns
+.RE
+.PD
+.PP
+If the \fBextglob\fP shell option is enabled using the \fBshopt\fP
+builtin, following pattern matching operator is recognized as well:
+.sp 1
+.PD 0
+.RS
.TP
\fB!(\fP\^\fIpattern-list\^\fP\fB)\fP
Matches anything except one of the given patterns

11
SOURCES/bash-4.2-history-hang.patch

@ -0,0 +1,11 @@
--- a/lib/readline/history.c 2014-05-27 16:55:58.040214069 +0200
+++ b/lib/readline/history.c 2014-05-27 16:56:11.243204928 +0200
@@ -318,7 +318,7 @@ add_history_time (string)
{
HIST_ENTRY *hs;

- if (string == 0)
+ if (string == 0 || history_length < 1)
return;
hs = the_history[history_length - 1];
FREE (hs->timestamp);

35
SOURCES/bash-4.2-ifs-in-temp-env.patch

@ -0,0 +1,35 @@
--- bash-4.2/redir.c 2015-04-27 23:03:55.663182162 +0200
+++ bash-4.2/redir.c 2015-04-27 23:03:13.995181816 +0200
@@ -63,6 +63,7 @@ int expanding_redir;

extern int posixly_correct;
extern int last_command_exit_value;
+extern int executing_builtin;
extern REDIRECT *redirection_undo_list;
extern REDIRECT *exec_redirection_undo_list;

@@ -307,11 +308,23 @@ write_here_string (fd, redirectee)
WORD_DESC *redirectee;
{
char *herestr;
- int herelen, n, e;
+ int herelen, n, e, old;

expanding_redir = 1;
+ /* Now that we've changed the variable search order to ignore the temp
+ environment, see if we need to change the cached IFS values. */
+ sv_ifs ("IFS");
herestr = expand_string_to_string (redirectee->word, 0);
expanding_redir = 0;
+ /* Now we need to change the variable search order back to include the temp
+ environment. We force the temp environment search by forcing
+ executing_builtin to 1. This is what makes `read' get the right values
+ for the IFS-related cached variables, for example. */
+ old = executing_builtin;
+ executing_builtin = 1;
+ sv_ifs ("IFS");
+ executing_builtin = old;
+
herelen = STRLEN (herestr);

n = write (fd, herestr, herelen);

12
SOURCES/bash-4.2-leak-compound.patch

@ -0,0 +1,12 @@
diff -up bash-4.2/subst.c.old bash-4.2/subst.c
--- bash-4.2/subst.c.old 2015-12-09 13:24:47.369738319 +0100
+++ bash-4.2/subst.c 2015-12-09 13:28:27.366024824 +0100
@@ -2713,6 +2713,8 @@ do_compound_assignment (name, value, fla
else if (v == 0 || (array_p (v) == 0 && assoc_p (v) == 0) || v->context != variable_context)
v = make_local_array_variable (name);
assign_compound_array_list (v, list, flags);
+ if (list)
+ dispose_words (list);
}
else
v = assign_array_from_string (name, value, flags);

23
SOURCES/bash-4.2-man-ulimit.patch

@ -0,0 +1,23 @@
From ccd35766d2451677f4c49f66b8e18ad6e274d56a Mon Sep 17 00:00:00 2001
From: Jan Chaloupka <jchaloup@redhat.com>
Date: Mon, 7 Jul 2014 07:15:41 +0200
Subject: [PATCH] bash.1: posix block size for cf options

---
doc/bash.1 | 1 +
1 file changed, 1 insertion(+)

diff --git a/doc/bash.1 b/doc/bash.1
index a4ad746..1916515 100644
--- a/doc/bash.1
+++ b/doc/bash.1
@@ -9451,6 +9451,7 @@ and
which are unscaled values.
The return status is 0 unless an invalid option or argument is supplied,
or an error occurs while setting a new limit.
+In POSIX Mode 512-byte blocks are used for the `-c' and `-f' options.
.RE
.TP
\fBumask\fP [\fB\-p\fP] [\fB\-S\fP] [\fImode\fP]
--
1.9.3

53
SOURCES/bash-4.2-manpage.patch

@ -0,0 +1,53 @@
diff -up bash-4.2/doc/bash.1.manpage bash-4.2/doc/bash.1
--- bash-4.2/doc/bash.1.manpage 2011-01-26 15:30:03.000000000 +0100
+++ bash-4.2/doc/bash.1 2011-01-26 15:47:16.000000000 +0100
@@ -6646,7 +6646,9 @@ must be \(>= 1. If
.I n
is greater than the number of enclosing loops, all enclosing loops
are exited.
-The return value is 0 unless \fIn\fP is not greater than or equal to 1.
+The return value is non-zero when \fIn\fP is \(<= 0; Otherwise,
+.BR break
+returns 0 value.
.TP
\fBbuiltin\fP \fIshell\-builtin\fP [\fIarguments\fP]
Execute the specified shell builtin, passing it
@@ -7017,7 +7019,15 @@ must be \(>= 1. If
.I n
is greater than the number of enclosing loops, the last enclosing loop
(the ``top-level'' loop) is resumed.
-The return value is 0 unless \fIn\fP is not greater than or equal to 1.
+When
+.BR continue
+is executed inside of loop, the return value is non-zero when
+.I n
+is \(<= 0; Otherwise,
+.BR continue
+returns 0 value. When
+.BR continue
+is executed outside of loop, the return value is 0.
.TP
\fBdeclare\fP [\fB\-aAfFgilrtux\fP] [\fB\-p\fP] [\fIname\fP[=\fIvalue\fP] ...]
.PD 0
@@ -9019,9 +9029,19 @@ by default.
Suspend the execution of this shell until it receives a
.SM
.B SIGCONT
-signal. A login shell cannot be suspended; the
+signal. When the suspended shell is a background process, it can be restarted
+by the
+.B fg
+command. For more information, read the
+.SM
+.B JOB CONTROL
+section. The
+.B suspend
+command can not suspend the login shell. However, when
.B \-f
-option can be used to override this and force the suspension.
+option is specified,
+.B suspend
+command can suspend even login shell.
The return status is 0 unless the shell is a login shell and
.B \-f
is not supplied, or if job control is not enabled.

12
SOURCES/bash-4.2-manpage_trap.patch

@ -0,0 +1,12 @@
diff -up bash-4.1/doc/bash.1.manpage_trap bash-4.1/doc/bash.1
--- bash-4.1/doc/bash.1.manpage_trap 2012-08-28 10:06:00.561999092 +0200
+++ bash-4.1/doc/bash.1 2012-08-28 10:06:24.225304505 +0200
@@ -9251,7 +9251,7 @@ being inverted via
These are the same conditions obeyed by the \fBerrexit\fP option.
.if t .sp 0.5
.if n .sp 1
-Signals ignored upon entry to the shell cannot be trapped or reset.
+Signals ignored upon entry to the shell cannot be trapped, reset or listed.
Trapped signals that are not being ignored are reset to their original
values in a subshell or subshell environment when one is created.
The return status is false if any

12
SOURCES/bash-4.2-missing-opt-cd.patch

@ -0,0 +1,12 @@
diff -up bash-4.2/builtins/cd.def.old bash-4.2/builtins/cd.def
--- bash-4.2/builtins/cd.def.old 2015-12-09 11:47:59.113106805 +0100
+++ bash-4.2/builtins/cd.def 2015-12-09 11:48:13.702060840 +0100
@@ -200,7 +200,7 @@ cd_builtin (list)
eflag = 0;
no_symlinks = no_symbolic_links;
reset_internal_getopt ();
- while ((opt = internal_getopt (list, "LP")) != -1)
+ while ((opt = internal_getopt (list, "LPe")) != -1)
{
switch (opt)
{

38
SOURCES/bash-4.2-missing_closes.patch

@ -0,0 +1,38 @@
There are missing calls of close() leading to resource leak (fd leak).
Simple reproducer:
. /
and /proc/$$/fd contain one open fd for each above call

Signed-off-by: Roman Rakus <rrakus@redhat.com>
---
builtins/evalfile.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/builtins/evalfile.c b/builtins/evalfile.c
index 60f89d1..d30bd96 100644
--- a/builtins/evalfile.c
+++ b/builtins/evalfile.c
@@ -133,11 +133,13 @@ file_error_and_exit:
if (S_ISDIR (finfo.st_mode))
{
(*errfunc) (_("%s: is a directory"), filename);
+ close(fd);
return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1);
}
else if ((flags & FEVAL_REGFILE) && S_ISREG (finfo.st_mode) == 0)
{
(*errfunc) (_("%s: not a regular file"), filename);
+ close(fd);
return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1);
}

@@ -146,6 +148,7 @@ file_error_and_exit:
if (file_size != finfo.st_size || file_size + 1 < file_size)
{
(*errfunc) (_("%s: file is too large"), filename);
+ close(fd);
return ((flags & FEVAL_BUILTIN) ? EXECUTION_FAILURE : -1);
}

--
1.7.11.7

39
SOURCES/bash-4.2-noecho.patch

@ -0,0 +1,39 @@
--- bash-4.2/parse.y 2014-05-29 14:46:09.545543384 +0200
+++ bash-4.2/parse.y 2014-05-29 14:48:40.758626213 +0200
@@ -3858,6 +3858,8 @@ xparse_dolparen (base, string, indp, fla
sflags |= SEVAL_NOLONGJMP;
save_parser_state (&ps);
save_input_line_state (&ls);
+ /* avoid echoing every substitution again */
+ echo_input_at_read = 0;

/*(*/
parser_state |= PST_CMDSUBST|PST_EOFTOKEN; /* allow instant ')' */ /*(*/
--- bash-4.2/subst.c 2014-05-29 16:04:35.802784549 +0200
+++ bash-4.2/subst.c 2014-05-29 16:08:25.021942676 +0200
@@ -7103,6 +7103,7 @@ param_expand (string, sindex, quoted, ex
WORD_LIST *list;
WORD_DESC *tdesc, *ret;
int tflag;
+ int old_echo_input;

zindex = *sindex;
c = string[++zindex];
@@ -7401,6 +7402,9 @@ arithsub:
}

comsub:
+ old_echo_input = echo_input_at_read;
+ /* avoid echoing every substitution again */
+ echo_input_at_read = 0;
if (pflags & PF_NOCOMSUB)
/* we need zindex+1 because string[zindex] == RPAREN */
temp1 = substring (string, *sindex, zindex+1);
@@ -7413,6 +7417,7 @@ comsub:
}
FREE (temp);
temp = temp1;
+ echo_input_at_read = old_echo_input;
break;

/* Do POSIX.2d9-style arithmetic substitution. This will probably go

36
SOURCES/bash-4.2-rc2-logout.patch

@ -0,0 +1,36 @@
diff -up bash-3.2/config-top.h.logout bash-3.2/config-top.h
--- bash-3.2/config-top.h.logout 2011-04-14 08:55:55.000000000 +0200
+++ bash-3.2/config-top.h 2011-04-14 08:55:55.000000000 +0200
@@ -78,7 +78,7 @@
/* #define SYS_BASHRC "/etc/bash.bashrc" */

/* System-wide .bash_logout for login shells. */
-/* #define SYS_BASH_LOGOUT "/etc/bash.bash_logout" */
+#define SYS_BASH_LOGOUT "/etc/bash.bash_logout"

/* Define this to make non-interactive shells begun with argv[0][0] == '-'
run the startup files when not in posix mode. */
diff -up bash-3.2/doc/bash.1.logout bash-3.2/doc/bash.1
--- bash-3.2/doc/bash.1.logout 2011-04-14 09:16:32.000000000 +0200
+++ bash-3.2/doc/bash.1 2011-04-14 11:59:33.000000000 +0200
@@ -326,8 +326,8 @@ option may be used when the shell is sta
.PP
When a login shell exits,
.B bash
-reads and executes commands from the file \fI~/.bash_logout\fP, if it
-exists.
+reads and executes commands from the files \fI~/.bash_logout\fP
+and \fI/etc/bash.bash_logout\fP, if the files exists.
.PP
When an interactive shell that is not a login shell is started,
.B bash
@@ -8814,6 +8814,9 @@ The \fBbash\fP executable
.FN /etc/profile
The systemwide initialization file, executed for login shells
.TP
+.FN /etc/bash.bash_logout
+The systemwide login shell cleanup file, executed when a login shell exits
+.TP
.FN ~/.bash_profile
The personal initialization file, executed for login shells
.TP

36
SOURCES/bash-4.2-signal.patch

@ -0,0 +1,36 @@
diff -up bash-4.1/sig.h.signal bash-4.1/sig.h
--- bash-4.1/sig.h.signal 2009-01-04 20:32:41.000000000 +0100
+++ bash-4.1/sig.h 2012-08-28 11:19:14.920224571 +0200
@@ -96,6 +96,8 @@ do { \
sigprocmask (SIG_BLOCK, &nvar, &ovar); \
} while (0)

+#define UNBLOCK_SIGNAL(ovar) sigprocmask (SIG_SETMASK, &ovar, (sigset_t *)NULL)
+
#if defined (HAVE_POSIX_SIGNALS)
# define BLOCK_CHILD(nvar, ovar) \
BLOCK_SIGNAL (SIGCHLD, nvar, ovar)
diff -up bash-4.1/trap.c.signal bash-4.1/trap.c
--- bash-4.1/trap.c.signal 2009-10-10 23:21:44.000000000 +0200
+++ bash-4.1/trap.c 2012-08-28 10:58:14.746345797 +0200
@@ -516,6 +516,8 @@ set_signal (sig, string)
int sig;
char *string;
{
+ sigset_t set, oset;
+
if (SPECIAL_TRAP (sig))
{
change_signal (sig, savestring (string));
@@ -546,9 +548,10 @@ set_signal (sig, string)
environment in which it is safe to do so. */
if ((sigmodes[sig] & SIG_NO_TRAP) == 0)
{
- set_signal_handler (sig, SIG_IGN);
+ BLOCK_SIGNAL (sig, set, oset);
change_signal (sig, savestring (string));
set_signal_handler (sig, trap_handler);
+ UNBLOCK_SIGNAL (oset);
}
else
change_signal (sig, savestring (string));

14
SOURCES/bash-4.2-size_type.patch

@ -0,0 +1,14 @@
diff -up bash-4.2/variables.h.size_type bash-4.2/variables.h
--- bash-4.2/variables.h.size_type 2012-11-29 10:33:25.109036844 +0100
+++ bash-4.2/variables.h 2012-11-29 10:46:12.718530162 +0100
@@ -95,8 +95,8 @@ typedef struct variable {

typedef struct _vlist {
SHELL_VAR **list;
- int list_size; /* allocated size */
- int list_len; /* current number of entries */
+ size_t list_size; /* allocated size */
+ size_t list_len; /* current number of entries */
} VARLIST;

/* The various attributes that a given variable can have. */

94
SOURCES/bash-4.3-cve-2016-0634.patch

@ -0,0 +1,94 @@
diff --git a/parse.y b/parse.y
index 12d6def..d4a93a2 100644
--- a/parse.y
+++ b/parse.y
@@ -5103,7 +5103,7 @@ decode_prompt_string (string)
size_t result_size;
int result_index;
int c, n, i;
- char *temp, octal_string[4];
+ char *temp, *t_host, octal_string[4];
struct tm *tm;
time_t the_time;
char timebuf[128];
@@ -5251,7 +5251,11 @@ decode_prompt_string (string)

case 's':
temp = base_pathname (shell_name);
- temp = savestring (temp);
+ /* Try to quote anything the user can set in the file system */
+ if (promptvars || posixly_correct)
+ temp = sh_backslash_quote_for_double_quotes (temp);
+ else
+ temp = savestring (temp);
goto add_string;

case 'v':
@@ -5337,9 +5341,17 @@ decode_prompt_string (string)

case 'h':
case 'H':
- temp = savestring (current_host_name);
- if (c == 'h' && (t = (char *)strchr (temp, '.')))
+ t_host = savestring (current_host_name);
+ if (c == 'h' && (t = (char *)strchr (t_host, '.')))
*t = '\0';
+ if (promptvars || posixly_correct)
+ /* Make sure that expand_prompt_string is called with a
+ second argument of Q_DOUBLE_QUOTES if we use this
+ function here. */
+ temp = sh_backslash_quote_for_double_quotes (t_host);
+ else
+ temp = savestring (t_host);
+ free (t_host);
goto add_string;

case '#':
diff --git a/y.tab.c b/y.tab.c
index 23b88bc..1c0f5a1 100644
--- a/y.tab.c
+++ b/y.tab.c
@@ -7368,7 +7368,7 @@ decode_prompt_string (string)
size_t result_size;
int result_index;
int c, n, i;
- char *temp, octal_string[4];
+ char *temp, *t_host, octal_string[4];
struct tm *tm;
time_t the_time;
char timebuf[128];
@@ -7513,7 +7513,11 @@ decode_prompt_string (string)

case 's':
temp = base_pathname (shell_name);
- temp = savestring (temp);
+ /* Try to quote anything the user can set in the file system */
+ if (promptvars || posixly_correct)
+ temp = sh_backslash_quote_for_double_quotes (temp);
+ else
+ temp = savestring (temp);
goto add_string;

case 'v':
@@ -7599,9 +7603,17 @@ decode_prompt_string (string)

case 'h':
case 'H':
- temp = savestring (current_host_name);
- if (c == 'h' && (t = (char *)strchr (temp, '.')))
+ t_host = savestring (current_host_name);
+ if (c == 'h' && (t = (char *)strchr (t_host, '.')))
*t = '\0';
+ if (promptvars || posixly_correct)
+ /* Make sure that expand_prompt_string is called with a
+ second argument of Q_DOUBLE_QUOTES if we use this
+ function here. */
+ temp = sh_backslash_quote_for_double_quotes (t_host);
+ else
+ temp = savestring (t_host);
+ free (t_host);
goto add_string;

case '#':
--
2.9.3

19
SOURCES/bash-4.3-cve-2016-7543.patch

@ -0,0 +1,19 @@
diff --git a/variables.c b/variables.c
index b7ebaea..5e2986f 100644
--- a/variables.c
+++ b/variables.c
@@ -467,7 +467,11 @@ initialize_shell_variables (env, privmode)
#endif
set_if_not ("PS2", secondary_prompt);
}
- set_if_not ("PS4", "+ ");
+
+ if (current_user.euid == 0)
+ bind_variable ("PS4", "+ ", 0);
+ else
+ set_if_not ("PS4", "+ ");

/* Don't allow IFS to be imported from the environment. */
temp_var = bind_variable ("IFS", " \t\n", 0);
--
2.9.3

99
SOURCES/bash-4.3-dircomp-append-slash.patch

@ -0,0 +1,99 @@
diff --git a/bashline.c b/bashline.c
--- a/bashline.c
+++ b/bashline.c
@@ -117,6 +117,7 @@ static char *restore_tilde __P((char *, char *));

static char *bash_filename_rewrite_hook __P((char *, int));
static void bash_directory_expansion __P((char **));
+static int bash_filename_stat_hook __P((char **));
static int bash_directory_completion_hook __P((char **));
static int filename_completion_ignore __P((char **));
static int bash_push_line __P((void));
@@ -1414,7 +1415,7 @@ bash_default_completion (text, start, end, qc, compflags)
const char *text;
int start, end, qc, compflags;
{
- char **matches;
+ char **matches, *t;

matches = (char **)NULL;

@@ -1424,7 +1425,19 @@ bash_default_completion (text, start, end, qc, compflags)
if (qc != '\'' && text[1] == '(') /* ) */
matches = rl_completion_matches (text, command_subst_completion_function);
else
- matches = rl_completion_matches (text, variable_completion_function);
+ {
+ matches = rl_completion_matches (text, variable_completion_function);
+ if (matches && matches[0] && matches[1] == 0)
+ {
+ t = savestring (matches[0]);
+ bash_filename_stat_hook (&t);
+ /* doesn't use test_for_directory because that performs tilde
+ expansion */
+ if (file_isdir (t))
+ rl_completion_append_character = '/';
+ free (t);
+ }
+ }
}

/* If the word starts in `~', and there is no slash in the word, then
@@ -2763,6 +2776,57 @@ restore_directory_hook (hookf)
rl_directory_rewrite_hook = hookf;
}

+static int
+bash_filename_stat_hook (dirname)
+ char **dirname;
+{
+ char *local_dirname, *new_dirname, *t;
+ int should_expand_dirname, return_value;
+ WORD_LIST *wl;
+ struct stat sb;
+
+ local_dirname = *dirname;
+ should_expand_dirname = return_value = 0;
+ if (t = mbschr (local_dirname, '$'))
+ should_expand_dirname = '$';
+ else if (t = mbschr (local_dirname, '`')) /* XXX */
+ should_expand_dirname = '`';
+
+#if defined (HAVE_LSTAT)
+ if (should_expand_dirname && lstat (local_dirname, &sb) == 0)
+#else
+ if (should_expand_dirname && stat (local_dirname, &sb) == 0)
+#endif
+ should_expand_dirname = 0;
+
+ if (should_expand_dirname)
+ {
+ new_dirname = savestring (local_dirname);
+ wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB); /* does the right thing */
+ if (wl)
+ {
+ free (new_dirname);
+ new_dirname = string_list (wl);
+ /* Tell the completer we actually expanded something and change
+ *dirname only if we expanded to something non-null -- stat
+ behaves unpredictably when passed null or empty strings */
+ if (new_dirname && *new_dirname)
+ {
+ free (local_dirname); /* XXX */
+ local_dirname = *dirname = new_dirname;
+ return_value = STREQ (local_dirname, *dirname) == 0;
+ }
+ else
+ free (new_dirname);
+ dispose_words (wl);
+ }
+ else
+ free (new_dirname);
+ }
+
+ return (return_value);
+}
+
/* Handle symbolic link references and other directory name
expansions while hacking completion. This should return 1 if it modifies
the DIRNAME argument, 0 otherwise. It should make sure not to modify

60
SOURCES/bash-4.3-pipefd-leak.patch

@ -0,0 +1,60 @@
diff --git a/execute_cmd.c b/execute_cmd.c
--- a/execute_cmd.c
+++ b/execute_cmd.c
@@ -536,6 +536,10 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
REDIRECT *my_undo_list, *exec_undo_list;
volatile int last_pid;
volatile int save_line_number;
+#if defined (PROCESS_SUBSTITUTION)
+ volatile int ofifo, nfifo, osize, saved_fifo;
+ volatile char *ofifo_list = NULL;
+#endif

#if 0
if (command == 0 || breaking || continuing || read_but_dont_execute)
@@ -681,6 +685,17 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
if (shell_control_structure (command->type) && command->redirects)
stdin_redir = stdin_redirects (command->redirects);

+#if defined (PROCESS_SUBSTITUTION)
+ if (variable_context != 0)
+ {
+ ofifo = num_fifos ();
+ ofifo_list = copy_fifo_list ((int*)&osize);
+ saved_fifo = 1;
+ }
+ else
+ saved_fifo = 0;
+#endif
+
/* Handle WHILE FOR CASE etc. with redirections. (Also '&' input
redirection.) */
if (do_redirections (command->redirects, RX_ACTIVE|RX_UNDOABLE) != 0)
@@ -688,6 +703,9 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
cleanup_redirects (redirection_undo_list);
redirection_undo_list = (REDIRECT *)NULL;
dispose_exec_redirects ();
+#if defined (PROCESS_SUBSTITUTION)
+ free ((void*)ofifo_list);
+#endif
return (last_command_exit_value = EXECUTION_FAILURE);
}

@@ -982,6 +1000,17 @@ execute_command_internal (command, asynchronous, pipe_in, pipe_out,
if (my_undo_list || exec_undo_list)
discard_unwind_frame ("loop_redirections");

+#if defined (PROCESS_SUBSTITUTION)
+ if (saved_fifo)
+ {
+ nfifo = num_fifos ();
+ if (nfifo > ofifo)
+ close_new_fifos ((char*)ofifo_list, osize);
+ free ((void*)ofifo_list);
+ }
+#endif
+
+
/* Invert the return value if we have to */
if (invert)
exec_result = (exec_result == EXECUTION_SUCCESS)

23
SOURCES/bash-4.3-trapped-signals.patch

@ -0,0 +1,23 @@
diff --git a/jobs.c b/jobs.c
index 37edece..31395fe 100644
--- a/jobs.c
+++ b/jobs.c
@@ -2244,10 +2244,14 @@ wait_sigint_handler (sig)
signal_is_trapped (SIGINT) &&
((sigint_handler = trap_to_sighandler (SIGINT)) == trap_handler))
{
- interrupt_immediately = 0;
trap_handler (SIGINT); /* set pending_traps[SIGINT] */
wait_signal_received = SIGINT;
- longjmp (wait_intr_buf, 1);
+ if (interrupt_immediately)
+ {
+ interrupt_immediately = 0;
+ longjmp (wait_intr_buf, 1);
+ }
+ SIGRETURN (0);
}

ADDINTERRUPT;
--
2.5.5

149
SOURCES/bash-4.3-wshouldquote.patch

@ -0,0 +1,149 @@
diff --git a/lib/sh/strtrans.c b/lib/sh/strtrans.c
--- a/lib/sh/strtrans.c
+++ b/lib/sh/strtrans.c
@@ -30,6 +30,9 @@

#include "shell.h"

+#include "shmbchar.h"
+#include "shmbutil.h"
+
#ifdef ESC
#undef ESC
#endif
@@ -74,7 +77,7 @@ ansicstr (string, len, flags, sawc, rlen)
case 'a': c = '\a'; break;
case 'v': c = '\v'; break;
#else
- case 'a': c = '\007'; break;
+ case 'a': c = (int) 0x07; break;
case 'v': c = (int) 0x0B; break;
#endif
case 'b': c = '\b'; break;
@@ -208,6 +211,11 @@ ansic_quote (str, flags, rlen)
char *r, *ret, *s;
int l, rsize;
unsigned char c;
+ size_t clen;
+ int b;
+#if defined (HANDLE_MULTIBYTE)
+ wchar_t wc;
+#endif

if (str == 0 || *str == 0)
return ((char *)0);
@@ -219,10 +227,11 @@ ansic_quote (str, flags, rlen)
*r++ = '$';
*r++ = '\'';

- for (s = str, l = 0; *s; s++)
+ for (s = str; c = *s; s++)
{
- c = *s;
- l = 1; /* 1 == add backslash; 0 == no backslash */
+ b = l = 1; /* 1 == add backslash; 0 == no backslash */
+ clen = 1;
+
switch (c)
{
case ESC: c = 'E'; break;
@@ -230,7 +239,7 @@ ansic_quote (str, flags, rlen)
case '\a': c = 'a'; break;
case '\v': c = 'v'; break;
#else
- case '\007': c = 'a'; break;
+ case 0x07: c = 'a'; break;
case 0x0b: c = 'v'; break;
#endif

@@ -243,7 +252,13 @@ ansic_quote (str, flags, rlen)
case '\'':
break;
default:
+#if defined (HANDLE_MULTIBYTE)
+ b = is_basic (c);
+ if ((b == 0 && ((clen = mbrtowc (&wc, s, MB_CUR_MAX, 0)) < 0 || MB_INVALIDCH (clen) || iswprint (wc) == 0)) ||
+ (b == 1 && ISPRINT (c) == 0))
+#else
if (ISPRINT (c) == 0)
+#endif
{
*r++ = '\\';
*r++ = TOCHAR ((c >> 6) & 07);
@@ -254,9 +269,20 @@ ansic_quote (str, flags, rlen)
l = 0;
break;
}
+ if (b == 0 && clen == 0)
+ break;
+
if (l)
*r++ = '\\';
- *r++ = c;
+
+ if (clen == 1)
+ *r++ = c;
+ else
+ {
+ for (b = 0; b < (int)clen; b++)
+ *r++ = (unsigned char)s[b];
+ s += clen - 1; /* -1 because of the increment above */
+ }
}

*r++ = '\'';
@@ -266,6 +292,37 @@ ansic_quote (str, flags, rlen)
return ret;
}

+#if defined (HANDLE_MULTIBYTE)
+int
+ansic_wshouldquote (string)
+ const char *string;
+{
+ const wchar_t *wcs;
+ wchar_t wcc;
+
+ wchar_t *wcstr = NULL;
+ size_t slen;
+
+
+ slen = mbstowcs (wcstr, string, 0);
+
+ if (slen == -1)
+ slen = 0;
+ wcstr = (wchar_t *)xmalloc (sizeof (wchar_t) * (slen + 1));
+ mbstowcs (wcstr, string, slen + 1);
+
+ for (wcs = wcstr; wcc = *wcs; wcs++)
+ if (iswprint(wcc) == 0)
+ {
+ free (wcstr);
+ return 1;
+ }
+
+ free (wcstr);
+ return 0;
+}
+#endif
+
/* return 1 if we need to quote with $'...' because of non-printing chars. */
int
ansic_shouldquote (string)
@@ -278,8 +335,14 @@ ansic_shouldquote (string)
return 0;

for (s = string; c = *s; s++)
- if (ISPRINT (c) == 0)
- return 1;
+ {
+#if defined (HANDLE_MULTIBYTE)
+ if (is_basic (c) == 0)
+ return (ansic_wshouldquote (s));
+#endif
+ if (ISPRINT (c) == 0)
+ return 1;
+ }

return 0;
}

72
SOURCES/bash-4.4-param-expansion.patch

@ -0,0 +1,72 @@
diff --git a/parse.y b/parse.y
index 9a78d0c..7df7d99 100644
--- a/parse.y
+++ b/parse.y
@@ -4993,7 +4993,8 @@ decode_prompt_string (string)
struct dstack save_dstack;
int last_exit_value, last_comsub_pid;
#if defined (PROMPT_STRING_DECODE)
- int result_size, result_index;
+ size_t result_size;
+ int result_index;
int c, n, i;
char *temp, octal_string[4];
struct tm *tm;
diff --git a/subst.c b/subst.c
index 9f15f0b..e5ffd03 100644
--- a/subst.c
+++ b/subst.c
@@ -644,11 +644,13 @@ unquoted_substring (substr, string)
INLINE char *
sub_append_string (source, target, indx, size)
char *source, *target;
- int *indx, *size;
+ int *indx;
+ size_t *size;
{
if (source)
{
- int srclen, n;
+ int n;
+ size_t srclen;

srclen = STRLEN (source);
if (srclen >= (int)(*size - *indx))
@@ -7676,7 +7678,7 @@ expand_word_internal (word, quoted, isexp, contains_dollar_at, expanded_somethin
char *istring;

/* The current size of the above object. */
- int istring_size;
+ size_t istring_size;

/* Index into ISTRING. */
int istring_index;
diff --git a/subst.h b/subst.h
index b06e8c2..fc66faf 100644
--- a/subst.h
+++ b/subst.h
@@ -127,7 +127,7 @@ extern int do_word_assignment __P((WORD_DESC *));
of space allocated to TARGET. SOURCE can be NULL, in which
case nothing happens. Gets rid of SOURCE by free ()ing it.
Returns TARGET in case the location has changed. */
-extern char *sub_append_string __P((char *, char *, int *, int *));
+extern char *sub_append_string __P((char *, char *, int *, size_t *));

/* Append the textual representation of NUMBER to TARGET.
INDEX and SIZE are as in SUB_APPEND_STRING. */
diff --git a/y.tab.c b/y.tab.c
index d702554..31faa4a 100644
--- a/y.tab.c
+++ b/y.tab.c
@@ -7280,7 +7280,8 @@ decode_prompt_string (string)
struct dstack save_dstack;
int last_exit_value, last_comsub_pid;
#if defined (PROMPT_STRING_DECODE)
- int result_size, result_index;
+ size_t result_size;
+ int result_index;
int c, n, i;
char *temp, octal_string[4];
struct tm *tm;
--
2.5.5

16
SOURCES/bash-4.4-pipeline-pgrp.patch

@ -0,0 +1,16 @@
diff --git a/subst.c b/subst.c
index 1dbfb5e..049962e 100644
--- a/subst.c
+++ b/subst.c
@@ -5011,7 +5011,8 @@ process_substitute (string, open_for_read_in_child)

#if defined (JOB_CONTROL)
old_pipeline_pgrp = pipeline_pgrp;
- pipeline_pgrp = shell_pgrp;
+ if (pipeline_pgrp == 0 || (subshell_environment & (SUBSHELL_PIPE|SUBSHELL_FORK|SUBSHELL_ASYNC)) == 0)
+ pipeline_pgrp = shell_pgrp;
save_pipeline (1);
#endif /* JOB_CONTROL */

--
2.9.3

55
SOURCES/bash-bashbug.patch

@ -0,0 +1,55 @@
diff -up bash-4.2-rc2/doc/bash.1.bashbug bash-4.2-rc2/doc/bash.1
--- bash-4.2-rc2/doc/bash.1.bashbug 2011-01-16 21:31:39.000000000 +0100
+++ bash-4.2-rc2/doc/bash.1 2011-02-09 08:52:14.000000000 +0100
@@ -9857,7 +9857,7 @@ The latest version is always available f
.PP
Once you have determined that a bug actually exists, use the
.I bashbug
-command to submit a bug report.
+command (from the source package) to submit a bug report.
If you have a fix, you are encouraged to mail that as well!
Suggestions and `philosophical' bug reports may be mailed
to \fIbug-bash@gnu.org\fP or posted to the Usenet
@@ -9879,10 +9879,6 @@ A description of the bug behaviour
A short script or `recipe' which exercises the bug
.PD
.PP
-.I bashbug
-inserts the first three items automatically into the template
-it provides for filing a bug report.
-.PP
Comments and bug reports concerning
this manual page should be directed to
.IR chet.ramey@case.edu .
diff -up bash-4.2-rc2/doc/bashref.texi.bashbug bash-4.2-rc2/doc/bashref.texi
--- bash-4.2-rc2/doc/bashref.texi.bashbug 2011-01-16 21:31:57.000000000 +0100
+++ bash-4.2-rc2/doc/bashref.texi 2011-02-09 08:47:07.000000000 +0100
@@ -7635,7 +7635,7 @@ The latest version of Bash is always ava
@uref{ftp://ftp.gnu.org/pub/gnu/bash/}.

Once you have determined that a bug actually exists, use the
-@code{bashbug} command to submit a bug report.
+@code{bashbug} command (from the source package) to submit a bug report.
If you have a fix, you are encouraged to mail that as well!
Suggestions and `philosophical' bug reports may be mailed
to @email{bug-bash@@gnu.org} or posted to the Usenet
@@ -7657,9 +7657,6 @@ to reproduce it.
@end itemize

@noindent
-@code{bashbug} inserts the first three items automatically into
-the template it provides for filing a bug report.
-
Please send all reports concerning this manual to
@email{chet.ramey@@case.edu}.

diff -up bash-4.2-rc2/shell.c.bashbug bash-4.2-rc2/shell.c
--- bash-4.2-rc2/shell.c.bashbug 2011-01-02 22:04:51.000000000 +0100
+++ bash-4.2-rc2/shell.c 2011-02-09 08:47:07.000000000 +0100
@@ -1823,7 +1823,6 @@ show_shell_usage (fp, extra)
{
fprintf (fp, _("Type `%s -c \"help set\"' for more information about shell options.\n"), shell_name);
fprintf (fp, _("Type `%s -c help' for more information about shell builtin commands.\n"), shell_name);
- fprintf (fp, _("Use the `bashbug' command to report bugs.\n"));
}
}

27
SOURCES/bash-cve-2016-9401.patch

@ -0,0 +1,27 @@
diff --git a/builtins/pushd.def b/builtins/pushd.def
index 05b7529..4eb0132 100644
--- a/builtins/pushd.def
+++ b/builtins/pushd.def
@@ -353,7 +353,7 @@ popd_builtin (list)
break;
}

- if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
+ if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
{
pushd_error (directory_list_offset, which_word ? which_word : "");
return (EXECUTION_FAILURE);
@@ -375,6 +375,11 @@ popd_builtin (list)
remove that directory from the list and shift the remainder
of the list into place. */
i = (direction == '+') ? directory_list_offset - which : which;
+ if (i < 0 || i > directory_list_offset)
+ {
+ pushd_error (directory_list_offset, which_word ? which_word : "");
+ return (EXECUTION_FAILURE);
+ }
free (pushd_directory_list[i]);
directory_list_offset--;

--
2.9.3

30
SOURCES/bash-infotags.patch

@ -0,0 +1,30 @@
--- bash-3.1/doc/Makefile.in.infotags 2006-07-12 13:57:18.000000000 +0100
+++ bash-3.1/doc/Makefile.in 2006-07-12 13:58:25.000000000 +0100
@@ -69,7 +69,6 @@
TEXI2HTML = ${SUPPORT_SRCDIR}/texi2html
MAN2HTML = ${BUILD_DIR}/support/man2html
HTMLPOST = ${srcdir}/htmlpost.sh
-INFOPOST = ${srcdir}/infopost.sh
QUIETPS = #set this to -q to shut up dvips
PAPERSIZE = letter # change to a4 for A4-size paper
PSDPI = 600 # could be 300 if you like
@@ -146,7 +145,7 @@

PSFILES = bash.ps bashbug.ps article.ps builtins.ps rbash.ps
DVIFILES = bashref.dvi bashref.ps
-INFOFILES = bashref.info
+INFOFILES = bashref.info bash.info
MAN0FILES = bash.0 bashbug.0 builtins.0 rbash.0
HTMLFILES = bashref.html bash.html
PDFFILES = bash.pdf bashref.pdf article.pdf rose94.pdf
@@ -167,8 +166,8 @@
bashref.html: $(BASHREF_FILES) $(HSUSER) $(RLUSER)
$(TEXI2HTML) -menu -monolithic -I $(TEXINPUTDIR) $(srcdir)/bashref.texi

-bash.info: bashref.info
- ${SHELL} ${INFOPOST} < $(srcdir)/bashref.info > $@ ; \
+bash.info: $(BASHREF_FILES) $(HSUSER) $(RLUSER)
+ $(MAKEINFO) --no-split -I$(TEXINPUTDIR) $(srcdir)/bashref.texi -o $@

bash.txt: bash.1
bash.ps: bash.1

310
SOURCES/bash-requires.patch

@ -0,0 +1,310 @@
diff -up bash-4.1/builtins.h.requires bash-4.1/builtins.h
--- bash-4.1/builtins.h.requires 2009-01-04 20:32:23.000000000 +0100
+++ bash-4.1/builtins.h 2010-08-02 17:42:41.000000000 +0200
@@ -41,6 +41,8 @@
#define SPECIAL_BUILTIN 0x08 /* This is a Posix `special' builtin. */
#define ASSIGNMENT_BUILTIN 0x10 /* This builtin takes assignment statements. */
#define POSIX_BUILTIN 0x20 /* This builtins is special in the Posix command search order. */
+#define REQUIRES_BUILTIN 0x40 /* This builtin requires other files. */
+

#define BASE_INDENT 4

diff -up bash-4.1/builtins/mkbuiltins.c.requires bash-4.1/builtins/mkbuiltins.c
--- bash-4.1/builtins/mkbuiltins.c.requires 2009-01-04 20:32:23.000000000 +0100
+++ bash-4.1/builtins/mkbuiltins.c 2010-08-02 17:42:41.000000000 +0200
@@ -69,9 +69,15 @@ extern char *strcpy ();
#define whitespace(c) (((c) == ' ') || ((c) == '\t'))

/* Flag values that builtins can have. */
+/* These flags are for the C code generator,
+ the C which is produced (./builtin.c)
+ includes the flags definitions found
+ in ../builtins.h */
#define BUILTIN_FLAG_SPECIAL 0x01
#define BUILTIN_FLAG_ASSIGNMENT 0x02
#define BUILTIN_FLAG_POSIX_BUILTIN 0x04
+#define BUILTIN_FLAG_REQUIRES 0x08
+

#define BASE_INDENT 4

@@ -163,10 +169,18 @@ char *posix_builtins[] =
(char *)NULL
};

+/* The builtin commands that cause requirements on other files. */
+static char *requires_builtins[] =
+{
+ ".", "command", "exec", "source", "inlib",
+ (char *)NULL
+};
+
/* Forward declarations. */
static int is_special_builtin ();
static int is_assignment_builtin ();
static int is_posix_builtin ();
+static int is_requires_builtin ();

#if !defined (HAVE_RENAME)
static int rename ();
@@ -812,6 +826,9 @@ builtin_handler (self, defs, arg)
new->flags |= BUILTIN_FLAG_ASSIGNMENT;
if (is_posix_builtin (name))
new->flags |= BUILTIN_FLAG_POSIX_BUILTIN;
+ if (is_requires_builtin (name))
+ new->flags |= BUILTIN_FLAG_REQUIRES;
+

array_add ((char *)new, defs->builtins);
building_builtin = 1;
@@ -1229,11 +1246,12 @@ write_builtins (defs, structfile, extern
else
fprintf (structfile, "(sh_builtin_func_t *)0x0, ");

- fprintf (structfile, "%s%s%s%s, %s_doc,\n",
+ fprintf (structfile, "%s%s%s%s%s, %s_doc,\n",
"BUILTIN_ENABLED | STATIC_BUILTIN",
(builtin->flags & BUILTIN_FLAG_SPECIAL) ? " | SPECIAL_BUILTIN" : "",
(builtin->flags & BUILTIN_FLAG_ASSIGNMENT) ? " | ASSIGNMENT_BUILTIN" : "",
(builtin->flags & BUILTIN_FLAG_POSIX_BUILTIN) ? " | POSIX_BUILTIN" : "",
+ (builtin->flags & BUILTIN_FLAG_REQUIRES) ? " | REQUIRES_BUILTIN" : "",
document_name (builtin));

fprintf
@@ -1581,6 +1599,13 @@ is_posix_builtin (name)
return (_find_in_table (name, posix_builtins));
}

+static int
+is_requires_builtin (name)
+ char *name;
+{
+ return (_find_in_table (name, requires_builtins));
+}
+
#if !defined (HAVE_RENAME)
static int
rename (from, to)
diff -up bash-4.1/doc/bash.1.requires bash-4.1/doc/bash.1
--- bash-4.1/doc/bash.1.requires 2010-08-02 17:42:41.000000000 +0200
+++ bash-4.1/doc/bash.1 2010-08-02 18:09:27.000000000 +0200
@@ -231,6 +231,14 @@ The shell becomes restricted (see
.B "RESTRICTED SHELL"
below).
.TP
+.B \-\-rpm-requires
+Produce the list of files that are required for the
+shell script to run. This implies '-n' and is subject
+to the same limitations as compile time error checking checking;
+Command substitutions, Conditional expressions and
+.BR eval
+builtin are not parsed so some dependencies may be missed.
+.TP
.B \-\-verbose
Equivalent to \fB\-v\fP.
.TP
diff -up bash-4.1/doc/bashref.texi.requires bash-4.1/doc/bashref.texi
--- bash-4.1/doc/bashref.texi.requires 2010-08-02 17:42:41.000000000 +0200
+++ bash-4.1/doc/bashref.texi 2010-08-02 18:11:58.000000000 +0200
@@ -5343,6 +5343,13 @@ standard. @xref{Bash POSIX Mode}, for a
@item --restricted
Make the shell a restricted shell (@pxref{The Restricted Shell}).

+@item --rpm-requires
+Produce the list of files that are required for the
+shell script to run. This implies '-n' and is subject
+to the same limitations as compile time error checking checking;
+Command substitutions, Conditional expressions and @command{eval}
+are not parsed so some dependencies may be missed.
+
@item --verbose
Equivalent to @option{-v}. Print shell input lines as they're read.

diff -up bash-4.1/eval.c.requires bash-4.1/eval.c
--- bash-4.1/eval.c.requires 2009-01-04 20:32:26.000000000 +0100
+++ bash-4.1/eval.c 2010-08-02 17:42:41.000000000 +0200
@@ -53,6 +53,7 @@ extern int last_command_exit_value, stdi
extern int need_here_doc;
extern int current_command_number, current_command_line_count, line_number;
extern int expand_aliases;
+extern int rpm_requires;

static void send_pwd_to_eterm __P((void));
static sighandler alrm_catcher __P((int));
@@ -136,7 +137,7 @@ reader_loop ()

if (read_command () == 0)
{
- if (interactive_shell == 0 && read_but_dont_execute)
+ if (interactive_shell == 0 && (read_but_dont_execute && !rpm_requires))
{
last_command_exit_value = EXECUTION_SUCCESS;
dispose_command (global_command);
diff -up bash-4.1/execute_cmd.c.requires bash-4.1/execute_cmd.c
--- bash-4.1/execute_cmd.c.requires 2010-08-02 17:42:41.000000000 +0200
+++ bash-4.1/execute_cmd.c 2010-08-02 17:42:41.000000000 +0200
@@ -503,6 +503,8 @@ async_redirect_stdin ()

#define DESCRIBE_PID(pid) do { if (interactive) describe_pid (pid); } while (0)

+extern int rpm_requires;
+
/* Execute the command passed in COMMAND, perhaps doing it asynchrounously.
COMMAND is exactly what read_command () places into GLOBAL_COMMAND.
ASYNCHROUNOUS, if non-zero, says to do this command in the background.
@@ -534,7 +536,13 @@ execute_command_internal (command, async
#else
if (breaking || continuing)
return (last_command_exit_value);
- if (command == 0 || read_but_dont_execute)
+ if (command == 0 || (read_but_dont_execute && !rpm_requires))
+ return (EXECUTION_SUCCESS);
+ if (rpm_requires && command->type == cm_function_def)
+ return last_command_exit_value =
+ execute_intern_function (command->value.Function_def->name,
+ command->value.Function_def->command);
+ if (read_but_dont_execute)
return (EXECUTION_SUCCESS);
#endif

@@ -5066,7 +5074,7 @@ execute_intern_function (name, function)

if (check_identifier (name, posixly_correct) == 0)
{
- if (posixly_correct && interactive_shell == 0)
+ if (posixly_correct && interactive_shell == 0 && rpm_requires == 0)
{
last_command_exit_value = EX_BADUSAGE;
jump_to_top_level (ERREXIT);
diff -up bash-4.1/execute_cmd.h.requires bash-4.1/execute_cmd.h
--- bash-4.1/execute_cmd.h.requires 2009-01-16 22:20:15.000000000 +0100
+++ bash-4.1/execute_cmd.h 2010-08-02 17:42:41.000000000 +0200
@@ -22,6 +22,8 @@
#define _EXECUTE_CMD_H_

#include "stdc.h"
+#include "variables.h"
+#include "command.h"

extern struct fd_bitmap *new_fd_bitmap __P((int));
extern void dispose_fd_bitmap __P((struct fd_bitmap *));
diff -up bash-4.1/make_cmd.c.requires bash-4.1/make_cmd.c
--- bash-4.1/make_cmd.c.requires 2009-09-11 23:26:12.000000000 +0200
+++ bash-4.1/make_cmd.c 2010-08-02 17:42:41.000000000 +0200
@@ -42,11 +42,15 @@
#include "flags.h"
#include "make_cmd.h"
#include "dispose_cmd.h"
+#include "execute_cmd.h"
#include "variables.h"
#include "subst.h"
#include "input.h"
#include "ocache.h"
#include "externs.h"
+#include "builtins.h"
+
+#include "builtins/common.h"

#if defined (JOB_CONTROL)
#include "jobs.h"
@@ -56,6 +60,10 @@

extern int line_number, current_command_line_count, parser_state;
extern int last_command_exit_value;
+extern int rpm_requires;
+
+static char *alphabet_set = "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ";

/* Object caching */
sh_obj_cache_t wdcache = {0, 0, 0};
@@ -820,6 +828,27 @@ make_coproc_command (name, command)
return (make_command (cm_coproc, (SIMPLE_COM *)temp));
}

+static void
+output_requirement (deptype, filename)
+const char *deptype;
+char *filename;
+{
+ if (strchr(filename, '$') || (filename[0] != '/' && strchr(filename, '/')))
+ return;
+
+ /*
+ if the executable is called via variable substitution we can
+ not dermine what it is at compile time.
+
+ if the executable consists only of characters not in the
+ alphabet we do not consider it a dependency just an artifact
+ of shell parsing (ex "exec < ${infile}").
+ */
+
+ if (strpbrk(filename, alphabet_set))
+ printf ("%s(%s)\n", deptype, filename);
+}
+
/* Reverse the word list and redirection list in the simple command
has just been parsed. It seems simpler to do this here the one
time then by any other method that I can think of. */
@@ -837,6 +866,27 @@ clean_simple_command (command)
REVERSE_LIST (command->value.Simple->redirects, REDIRECT *);
}

+ if (rpm_requires && command->value.Simple->words)
+ {
+ char *cmd0;
+ char *cmd1;
+ struct builtin *b;
+
+ cmd0 = command->value.Simple->words->word->word;
+ b = builtin_address_internal (cmd0, 0);
+ cmd1 = 0;
+ if (command->value.Simple->words->next)
+ cmd1 = command->value.Simple->words->next->word->word;
+
+ if (b) {
+ if ( (b->flags & REQUIRES_BUILTIN) && cmd1)
+ output_requirement ("executable", cmd1);
+ } else {
+ if (!assignment(cmd0, 0))
+ output_requirement (find_function(cmd0) ? "function" : "executable", cmd0);
+ }
+ } /*rpm_requires*/
+
parser_state &= ~PST_REDIRLIST;
return (command);
}
diff -up bash-4.1/shell.c.requires bash-4.1/shell.c
--- bash-4.1/shell.c.requires 2010-08-02 17:42:41.000000000 +0200
+++ bash-4.1/shell.c 2010-08-02 17:42:41.000000000 +0200
@@ -193,6 +193,9 @@ int have_devfd = 0;
/* The name of the .(shell)rc file. */
static char *bashrc_file = "~/.bashrc";

+/* Non-zero if we are finding the scripts requirements. */
+int rpm_requires;
+
/* Non-zero means to act more like the Bourne shell on startup. */
static int act_like_sh;

@@ -251,6 +254,7 @@ static const struct {
{ "posix", Int, &posixly_correct, (char **)0x0 },
{ "protected", Int, &protected_mode, (char **)0x0 },
{ "rcfile", Charp, (int *)0x0, &bashrc_file },
+ { "rpm-requires", Int, &rpm_requires, (char **)0x0 },
#if defined (RESTRICTED_SHELL)
{ "restricted", Int, &restricted, (char **)0x0 },
#endif
@@ -485,6 +489,12 @@ main (argc, argv, env)
if (dump_translatable_strings)
read_but_dont_execute = 1;

+ if (rpm_requires)
+ {
+ read_but_dont_execute = 1;
+ initialize_shell_builtins ();
+ }
+
if (running_setuid && privileged_mode == 0)
disable_priv_mode ();

10
SOURCES/bash-setlocale.patch

@ -0,0 +1,10 @@
--- bash-3.0/builtins/setattr.def.setlocale 2005-08-08 12:22:42.000000000 +0100
+++ bash-3.0/builtins/setattr.def 2005-08-08 12:25:16.000000000 +0100
@@ -423,4 +423,7 @@

if (var && (exported_p (var) || (attribute & att_exported)))
array_needs_making++; /* XXX */
+
+ if (var)
+ stupidly_hack_special_variables (name);
}

53
SOURCES/bash-tty-tests.patch

@ -0,0 +1,53 @@
diff -up bash-4.2-rc2/tests/exec.right.tty_tests bash-4.2-rc2/tests/exec.right
--- bash-4.2-rc2/tests/exec.right.tty_tests 2011-02-09 10:42:48.000000000 +0100
+++ bash-4.2-rc2/tests/exec.right 2011-02-09 10:42:59.000000000 +0100
@@ -50,7 +50,6 @@ this is ohio-state
0
1
testb
-expand_aliases on
1
1
1
diff -up bash-4.2-rc2/tests/execscript.tty_tests bash-4.2-rc2/tests/execscript
--- bash-4.2-rc2/tests/execscript.tty_tests 2010-12-27 22:01:02.000000000 +0100
+++ bash-4.2-rc2/tests/execscript 2011-02-09 10:42:34.000000000 +0100
@@ -107,8 +107,6 @@ ${THIS_SH} ./exec6.sub
# checks for properly deciding what constitutes an executable file
${THIS_SH} ./exec7.sub

-${THIS_SH} -i ./exec8.sub
-
${THIS_SH} ./exec9.sub

true | `echo true` &
diff -up bash-4.2-rc2/tests/read.right.tty_tests bash-4.2-rc2/tests/read.right
--- bash-4.2-rc2/tests/read.right.tty_tests 2010-12-21 16:49:00.000000000 +0100
+++ bash-4.2-rc2/tests/read.right 2011-02-09 10:42:34.000000000 +0100
@@ -33,14 +33,6 @@ a = abcdefg
a = xyz
a = -xyz 123-
a = abc
-timeout 1: ok
-
-timeout 2: ok
-
-./read2.sub: line 23: read: -3: invalid timeout specification
-1
-
-abcde
./read3.sub: line 4: read: -1: invalid number
abc
ab
diff -up bash-4.2-rc2/tests/read.tests.tty_tests bash-4.2-rc2/tests/read.tests
--- bash-4.2-rc2/tests/read.tests.tty_tests 2008-09-06 19:09:11.000000000 +0200
+++ bash-4.2-rc2/tests/read.tests 2011-02-09 10:42:34.000000000 +0100
@@ -82,9 +82,6 @@ echo " foo" | { IFS=$':' ; read line; re
# test read -d delim behavior
${THIS_SH} ./read1.sub

-# test read -t timeout behavior
-${THIS_SH} ./read2.sub
-
# test read -n nchars behavior
${THIS_SH} ./read3.sub

78
SOURCES/bash42-001

@ -0,0 +1,78 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-001

Bug-Reported-by: Juergen Daubert <jue@jue.li>
Bug-Reference-ID: <20110214175132.GA19813@jue.netz>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00125.html

Bug-Description:

When running in Posix mode, bash does not correctly expand the right-hand
side of a double-quoted word expansion containing single quotes.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2011-01-02 16:12:51.000000000 -0500
--- subst.c 2011-02-19 00:00:00.000000000 -0500
***************
*** 1380,1387 ****

/* The handling of dolbrace_state needs to agree with the code in parse.y:
! parse_matched_pair() */
! dolbrace_state = 0;
! if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
! dolbrace_state = (flags & SX_POSIXEXP) ? DOLBRACE_QUOTE : DOLBRACE_PARAM;

i = *sindex;
--- 1380,1389 ----

/* The handling of dolbrace_state needs to agree with the code in parse.y:
! parse_matched_pair(). The different initial value is to handle the
! case where this function is called to parse the word in
! ${param op word} (SX_WORD). */
! dolbrace_state = (flags & SX_WORD) ? DOLBRACE_WORD : DOLBRACE_PARAM;
! if ((quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && (flags & SX_POSIXEXP))
! dolbrace_state = DOLBRACE_QUOTE;

i = *sindex;
***************
*** 7177,7181 ****
/* Extract the contents of the ${ ... } expansion
according to the Posix.2 rules. */
! value = extract_dollar_brace_string (string, &sindex, quoted, (c == '%' || c == '#') ? SX_POSIXEXP : 0);
if (string[sindex] == RBRACE)
sindex++;
--- 7181,7185 ----
/* Extract the contents of the ${ ... } expansion
according to the Posix.2 rules. */
! value = extract_dollar_brace_string (string, &sindex, quoted, (c == '%' || c == '#' || c =='/' || c == '^' || c == ',' || c ==':') ? SX_POSIXEXP|SX_WORD : SX_WORD);
if (string[sindex] == RBRACE)
sindex++;
*** ../bash-4.2-patched/subst.h 2010-12-02 20:21:29.000000000 -0500
--- subst.h 2011-02-16 21:12:09.000000000 -0500
***************
*** 57,60 ****
--- 57,61 ----
#define SX_ARITHSUB 0x0080 /* extracting $(( ... )) (currently unused) */
#define SX_POSIXEXP 0x0100 /* extracting new Posix pattern removal expansions in extract_dollar_brace_string */
+ #define SX_WORD 0x0200 /* extracting word in ${param op word} */

/* Remove backslashes which are quoting backquotes from STRING. Modifies
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 0

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 1

#endif /* _PATCHLEVEL_H_ */

59
SOURCES/bash42-002

@ -0,0 +1,59 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-002

Bug-Reported-by: Clark J. Wang <dearvoid@gmail.com>
Bug-Reference-ID: <AANLkTimGbW7aC4E5infXP6ku5WPci4t=xVc+L1SyHqrD@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00157.html

Bug-Description:

The readline vi-mode `cc', `dd', and `yy' commands failed to modify the
entire line.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/readline/vi_mode.c 2010-11-20 19:51:39.000000000 -0500
--- lib/readline/vi_mode.c 2011-02-17 20:24:25.000000000 -0500
***************
*** 1115,1119 ****
_rl_vi_last_motion = c;
RL_UNSETSTATE (RL_STATE_VIMOTION);
! return (0);
}
#if defined (READLINE_CALLBACKS)
--- 1115,1119 ----
_rl_vi_last_motion = c;
RL_UNSETSTATE (RL_STATE_VIMOTION);
! return (vidomove_dispatch (m));
}
#if defined (READLINE_CALLBACKS)
*** ../bash-4.2-patched/lib/readline/callback.c 2010-06-06 12:18:58.000000000 -0400
--- lib/readline/callback.c 2011-02-17 20:43:28.000000000 -0500
***************
*** 149,152 ****
--- 149,155 ----
/* Should handle everything, including cleanup, numeric arguments,
and turning off RL_STATE_VIMOTION */
+ if (RL_ISSTATE (RL_STATE_NUMERICARG) == 0)
+ _rl_internal_char_cleanup ();
+
return;
}
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 1

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 2

#endif /* _PATCHLEVEL_H_ */

318
SOURCES/bash42-003

@ -0,0 +1,318 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-003

Bug-Reported-by: Clark J. Wang <dearvoid@gmail.com>
Bug-Reference-ID: <AANLkTikZ_rVV-frR8Fh0PzhXnMKnm5XsUR-F3qtPPs5G@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00136.html

Bug-Description:

When using the pattern replacement and pattern removal word expansions, bash
miscalculates the possible match length in the presence of an unescaped left
bracket without a closing right bracket, resulting in a failure to match
the pattern.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/glob/gmisc.c 2011-02-05 16:11:17.000000000 -0500
--- lib/glob/gmisc.c 2011-02-18 23:53:42.000000000 -0500
***************
*** 78,83 ****
size_t wmax;
{
! wchar_t wc, *wbrack;
! int matlen, t, in_cclass, in_collsym, in_equiv;

if (*wpat == 0)
--- 78,83 ----
size_t wmax;
{
! wchar_t wc;
! int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;

if (*wpat == 0)
***************
*** 119,123 ****
case L'[':
/* scan for ending `]', skipping over embedded [:...:] */
! wbrack = wpat;
wc = *wpat++;
do
--- 119,123 ----
case L'[':
/* scan for ending `]', skipping over embedded [:...:] */
! bracklen = 1;
wc = *wpat++;
do
***************
*** 125,140 ****
if (wc == 0)
{
! matlen += wpat - wbrack - 1; /* incremented below */
! break;
}
else if (wc == L'\\')
{
! wc = *wpat++;
! if (*wpat == 0)
! break;
}
else if (wc == L'[' && *wpat == L':') /* character class */
{
wpat++;
in_cclass = 1;
}
--- 125,148 ----
if (wc == 0)
{
! wpat--; /* back up to NUL */
! matlen += bracklen;
! goto bad_bracket;
}
else if (wc == L'\\')
{
! /* *wpat == backslash-escaped character */
! bracklen++;
! /* If the backslash or backslash-escape ends the string,
! bail. The ++wpat skips over the backslash escape */
! if (*wpat == 0 || *++wpat == 0)
! {
! matlen += bracklen;
! goto bad_bracket;
! }
}
else if (wc == L'[' && *wpat == L':') /* character class */
{
wpat++;
+ bracklen++;
in_cclass = 1;
}
***************
*** 142,145 ****
--- 150,154 ----
{
wpat++;
+ bracklen++;
in_cclass = 0;
}
***************
*** 147,152 ****
{
wpat++;
if (*wpat == L']') /* right bracket can appear as collating symbol */
! wpat++;
in_collsym = 1;
}
--- 156,165 ----
{
wpat++;
+ bracklen++;
if (*wpat == L']') /* right bracket can appear as collating symbol */
! {
! wpat++;
! bracklen++;
! }
in_collsym = 1;
}
***************
*** 154,157 ****
--- 167,171 ----
{
wpat++;
+ bracklen++;
in_collsym = 0;
}
***************
*** 159,164 ****
{
wpat++;
if (*wpat == L']') /* right bracket can appear as equivalence class */
! wpat++;
in_equiv = 1;
}
--- 173,182 ----
{
wpat++;
+ bracklen++;
if (*wpat == L']') /* right bracket can appear as equivalence class */
! {
! wpat++;
! bracklen++;
! }
in_equiv = 1;
}
***************
*** 166,174 ****
--- 184,196 ----
{
wpat++;
+ bracklen++;
in_equiv = 0;
}
+ else
+ bracklen++;
}
while ((wc = *wpat++) != L']');
matlen++; /* bracket expression can only match one char */
+ bad_bracket:
break;
}
***************
*** 214,219 ****
size_t max;
{
! char c, *brack;
! int matlen, t, in_cclass, in_collsym, in_equiv;

if (*pat == 0)
--- 236,241 ----
size_t max;
{
! char c;
! int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;

if (*pat == 0)
***************
*** 255,259 ****
case '[':
/* scan for ending `]', skipping over embedded [:...:] */
! brack = pat;
c = *pat++;
do
--- 277,281 ----
case '[':
/* scan for ending `]', skipping over embedded [:...:] */
! bracklen = 1;
c = *pat++;
do
***************
*** 261,276 ****
if (c == 0)
{
! matlen += pat - brack - 1; /* incremented below */
! break;
}
else if (c == '\\')
{
! c = *pat++;
! if (*pat == 0)
! break;
}
else if (c == '[' && *pat == ':') /* character class */
{
pat++;
in_cclass = 1;
}
--- 283,306 ----
if (c == 0)
{
! pat--; /* back up to NUL */
! matlen += bracklen;
! goto bad_bracket;
}
else if (c == '\\')
{
! /* *pat == backslash-escaped character */
! bracklen++;
! /* If the backslash or backslash-escape ends the string,
! bail. The ++pat skips over the backslash escape */
! if (*pat == 0 || *++pat == 0)
! {
! matlen += bracklen;
! goto bad_bracket;
! }
}
else if (c == '[' && *pat == ':') /* character class */
{
pat++;
+ bracklen++;
in_cclass = 1;
}
***************
*** 278,281 ****
--- 308,312 ----
{
pat++;
+ bracklen++;
in_cclass = 0;
}
***************
*** 283,288 ****
{
pat++;
if (*pat == ']') /* right bracket can appear as collating symbol */
! pat++;
in_collsym = 1;
}
--- 314,323 ----
{
pat++;
+ bracklen++;
if (*pat == ']') /* right bracket can appear as collating symbol */
! {
! pat++;
! bracklen++;
! }
in_collsym = 1;
}
***************
*** 290,293 ****
--- 325,329 ----
{
pat++;
+ bracklen++;
in_collsym = 0;
}
***************
*** 295,300 ****
{
pat++;
if (*pat == ']') /* right bracket can appear as equivalence class */
! pat++;
in_equiv = 1;
}
--- 331,340 ----
{
pat++;
+ bracklen++;
if (*pat == ']') /* right bracket can appear as equivalence class */
! {
! pat++;
! bracklen++;
! }
in_equiv = 1;
}
***************
*** 302,310 ****
--- 342,354 ----
{
pat++;
+ bracklen++;
in_equiv = 0;
}
+ else
+ bracklen++;
}
while ((c = *pat++) != ']');
matlen++; /* bracket expression can only match one char */
+ bad_bracket:
break;
}
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 2

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 3

#endif /* _PATCHLEVEL_H_ */

53
SOURCES/bash42-004

@ -0,0 +1,53 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-004

Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
Bug-Reference-ID: <201102182106.17834.vapier@gentoo.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00222.html

Bug-Description:

When used in contexts where word splitting and quote removal were not
performed, such as pattern removal or pattern substitution, empty strings
(either literal or resulting from quoted variables that were unset or
null) were not matched correctly, resulting in failure.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2011-01-02 16:12:51.000000000 -0500
--- subst.c 2011-02-18 22:30:13.000000000 -0500
***************
*** 3373,3379 ****
if (string == 0 || *string == '\0')
return (WORD_LIST *)NULL;

! td.flags = 0;
td.word = string;
tresult = call_expand_word_internal (&td, quoted, 1, dollar_at_p, has_dollar_at);
return (tresult);
--- 3373,3379 ----
if (string == 0 || *string == '\0')
return (WORD_LIST *)NULL;

! td.flags = W_NOSPLIT2; /* no splitting, remove "" and '' */
td.word = string;
tresult = call_expand_word_internal (&td, quoted, 1, dollar_at_p, has_dollar_at);
return (tresult);
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 3

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 4

#endif /* _PATCHLEVEL_H_ */

131
SOURCES/bash42-005

@ -0,0 +1,131 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-005

Bug-Reported-by: Dennis Williamson <dennistwilliamson@gmail.com>
Bug-Reference-ID: <AANLkTikDbEV5rnbPc0zOfmZfBcg0xGetzLLzK+KjRiNa@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00147.html

Bug-Description:

Systems that use tzset() to set the local timezone require the TZ variable
to be in the environment. Bash must make sure the environment has been
modified with any updated value for TZ before calling tzset(). This
affects prompt string expansions and the `%T' printf conversion specification
on systems that do not allow bash to supply a replacement for getenv(3).

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/variables.h 2010-12-02 20:22:01.000000000 -0500
--- variables.h 2011-02-19 19:57:12.000000000 -0500
***************
*** 314,317 ****
--- 314,318 ----
extern void sort_variables __P((SHELL_VAR **));

+ extern int chkexport __P((char *));
extern void maybe_make_export_env __P((void));
extern void update_export_env_inplace __P((char *, int, char *));
*** ../bash-4.2-patched/variables.c 2011-01-24 20:07:48.000000000 -0500
--- variables.c 2011-02-19 20:04:50.000000000 -0500
***************
*** 3654,3657 ****
--- 3654,3673 ----
}

+ int
+ chkexport (name)
+ char *name;
+ {
+ SHELL_VAR *v;
+
+ v = find_variable (name);
+ if (exported_p (v))
+ {
+ array_needs_making = 1;
+ maybe_make_export_env ();
+ return 1;
+ }
+ return 0;
+ }
+
void
maybe_make_export_env ()
***************
*** 4215,4219 ****
{ "TEXTDOMAINDIR", sv_locale },

! #if defined (HAVE_TZSET) && defined (PROMPT_STRING_DECODE)
{ "TZ", sv_tz },
#endif
--- 4231,4235 ----
{ "TEXTDOMAINDIR", sv_locale },

! #if defined (HAVE_TZSET)
{ "TZ", sv_tz },
#endif
***************
*** 4559,4568 ****
#endif /* HISTORY */

! #if defined (HAVE_TZSET) && defined (PROMPT_STRING_DECODE)
void
sv_tz (name)
char *name;
{
! tzset ();
}
#endif
--- 4575,4585 ----
#endif /* HISTORY */

! #if defined (HAVE_TZSET)
void
sv_tz (name)
char *name;
{
! if (chkexport (name))
! tzset ();
}
#endif
*** ../bash-4.2-patched/parse.y 2011-01-02 15:48:11.000000000 -0500
--- parse.y 2011-02-19 20:05:00.000000000 -0500
***************
*** 5136,5139 ****
--- 5136,5142 ----
/* Make the current time/date into a string. */
(void) time (&the_time);
+ #if defined (HAVE_TZSET)
+ sv_tz ("TZ"); /* XXX -- just make sure */
+ #endif
tm = localtime (&the_time);

*** ../bash-4.2-patched/builtins/printf.def 2010-11-23 10:02:55.000000000 -0500
--- builtins/printf.def 2011-02-19 20:05:04.000000000 -0500
***************
*** 466,469 ****
--- 466,472 ----
else
secs = arg;
+ #if defined (HAVE_TZSET)
+ sv_tz ("TZ"); /* XXX -- just make sure */
+ #endif
tm = localtime (&secs);
n = strftime (timebuf, sizeof (timebuf), timefmt, tm);
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 4

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 5

#endif /* _PATCHLEVEL_H_ */

46
SOURCES/bash42-006

@ -0,0 +1,46 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-006

Bug-Reported-by: Allan McRae <allan@archlinux.org>
Bug-Reference-ID: <4D6D0D0B.50908@archlinux.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00001.html

Bug-Description:

A problem with bash42-005 caused it to dump core if TZ was unset.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/variables.c 2011-02-25 12:07:41.000000000 -0500
--- variables.c 2011-03-01 10:13:04.000000000 -0500
***************
*** 3661,3665 ****

v = find_variable (name);
! if (exported_p (v))
{
array_needs_making = 1;
--- 3661,3665 ----

v = find_variable (name);
! if (v && exported_p (v))
{
array_needs_making = 1;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 5

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 6

#endif /* _PATCHLEVEL_H_ */

46
SOURCES/bash42-007

@ -0,0 +1,46 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-007

Bug-Reported-by: Matthias Klose <doko@debian.org>
Bug-Reference-ID: <4D6FD2AC.1010500@debian.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00015.html

Bug-Description:

When used in contexts where word splitting and quote removal were not
performed, such as case statement word expansion, empty strings
(either literal or resulting from quoted variables that were unset or
null) were not expanded correctly, resulting in failure.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2011-02-25 12:03:58.000000000 -0500
--- subst.c 2011-03-03 14:08:23.000000000 -0500
***************
*** 4609,4614 ****
--- 4611,4617 ----
if (ifs_firstc == 0)
#endif
word->flags |= W_NOSPLIT;
+ word->flags |= W_NOSPLIT2;
result = call_expand_word_internal (word, quoted, 0, (int *)NULL, (int *)NULL);
expand_no_split_dollar_star = 0;

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 6

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 7

#endif /* _PATCHLEVEL_H_ */

74
SOURCES/bash42-008

@ -0,0 +1,74 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-008

Bug-Reported-by: Doug McMahon <mc2man@optonline.net>
Bug-Reference-ID: <1299441211.2535.11.camel@doug-XPS-M1330>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00050.html

Bug-Description:

Bash-4.2 does not attempt to save the shell history on receipt of a
terminating signal that is handled synchronously. Unfortunately, the
`close' button on most X11 terminal emulators sends SIGHUP, which
kills the shell.

This is a very small patch to save the history in the case that an
interactive shell receives a SIGHUP or SIGTERM while in readline and
reading a command.

The next version of bash will do this differently.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/sig.c Tue Nov 23 08:21:22 2010
--- sig.c Tue Mar 8 21:28:32 2011
***************
*** 47,50 ****
--- 47,51 ----
#if defined (READLINE)
# include "bashline.h"
+ # include <readline/readline.h>
#endif

***************
*** 63,66 ****
--- 64,68 ----
extern int history_lines_this_session;
#endif
+ extern int no_line_editing;

extern void initialize_siglist ();
***************
*** 506,510 ****
#if defined (HISTORY)
/* XXX - will inhibit history file being written */
! history_lines_this_session = 0;
#endif
terminate_immediately = 0;
--- 508,515 ----
#if defined (HISTORY)
/* XXX - will inhibit history file being written */
! # if defined (READLINE)
! if (interactive_shell == 0 || interactive == 0 || (sig != SIGHUP && sig != SIGTERM) || no_line_editing || (RL_ISSTATE (RL_STATE_READCMD) == 0))
! # endif
! history_lines_this_session = 0;
#endif
terminate_immediately = 0;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 7

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 8

#endif /* _PATCHLEVEL_H_ */

82
SOURCES/bash42-009

@ -0,0 +1,82 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-009

Bug-Reported-by: <piuma@piumalab.org>
Bug-Reference-ID: <4DAAC0DB.7060606@piumalab.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00075.html

Bug-Description:

Under certain circumstances, running `fc -l' two times in succession with a
relative history offset at the end of the history will result in an incorrect
calculation of the last history entry and a seg fault.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/fc.def 2010-05-30 18:25:38.000000000 -0400
--- builtins/fc.def 2011-04-19 15:46:17.000000000 -0400
***************
*** 305,309 ****

/* XXX */
! if (saved_command_line_count > 0 && i == last_hist && hlist[last_hist] == 0)
while (last_hist >= 0 && hlist[last_hist] == 0)
last_hist--;
--- 305,309 ----

/* XXX */
! if (i == last_hist && hlist[last_hist] == 0)
while (last_hist >= 0 && hlist[last_hist] == 0)
last_hist--;
***************
*** 476,480 ****
{
int sign, n, clen, rh;
! register int i, j;
register char *s;

--- 476,480 ----
{
int sign, n, clen, rh;
! register int i, j, last_hist;
register char *s;

***************
*** 496,500 ****
calculation as if it were on. */
rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
! i -= rh + hist_last_line_added;

/* No specification defaults to most recent command. */
--- 496,508 ----
calculation as if it were on. */
rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
! last_hist = i - rh - hist_last_line_added;
!
! if (i == last_hist && hlist[last_hist] == 0)
! while (last_hist >= 0 && hlist[last_hist] == 0)
! last_hist--;
! if (last_hist < 0)
! return (-1);
!
! i = last_hist;

/* No specification defaults to most recent command. */
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 8

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 9

#endif /* _PATCHLEVEL_H_ */

61
SOURCES/bash42-010

@ -0,0 +1,61 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-010

Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
Bug-Reference-ID: <201104122356.20160.vapier@gentoo.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00058.html

Bug-Description:

Bash did not correctly print/reproduce here documents attached to commands
inside compound commands such as arithmetic for loops and user-specified
subshells. This affected the execution of such commands inside a shell
function when the function definition is saved and later restored using
`.' or `eval'.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/print_cmd.c 2010-05-30 18:34:08.000000000 -0400
--- print_cmd.c 2011-04-14 10:43:18.000000000 -0400
***************
*** 316,319 ****
--- 317,321 ----
skip_this_indent++;
make_command_string_internal (command->value.Subshell->command);
+ PRINT_DEFERRED_HEREDOCS ("");
cprintf (" )");
break;
***************
*** 593,596 ****
--- 606,610 ----
indentation += indentation_amount;
make_command_string_internal (arith_for_command->action);
+ PRINT_DEFERRED_HEREDOCS ("");
semicolon ();
indentation -= indentation_amount;
***************
*** 654,657 ****
--- 668,672 ----

make_command_string_internal (group_command->command);
+ PRINT_DEFERRED_HEREDOCS ("");

if (inside_function_def)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 9

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 10

#endif /* _PATCHLEVEL_H_ */

46
SOURCES/bash42-011

@ -0,0 +1,46 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-011

Bug-Reported-by: "David Parks" <davidparks21@yahoo.com>
Bug-Reference-ID: <014101cc82c6$46ac1540$d4043fc0$@com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-10/msg00031.html

Bug-Description:

Overwriting a value in an associative array causes the memory allocated to
store the key on the second and subsequent assignments to leak.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/assoc.c 2009-08-05 20:19:40.000000000 -0400
--- assoc.c 2011-10-04 20:23:07.000000000 -0400
***************
*** 78,81 ****
--- 78,86 ----
if (b == 0)
return -1;
+ /* If we are overwriting an existing element's value, we're not going to
+ use the key. Nothing in the array assignment code path frees the key
+ string, so we can free it here to avoid a memory leak. */
+ if (b->key != key)
+ free (key);
FREE (b->data);
b->data = value ? savestring (value) : (char *)0;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 10

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 11

#endif /* _PATCHLEVEL_H_ */

151
SOURCES/bash42-012

@ -0,0 +1,151 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-012

Bug-Reported-by: Rui Santos <rsantos@grupopie.com>
Bug-Reference-ID: <4E04C6D0.2020507@grupopie.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00079.html

Bug-Description:

When calling the parser to recursively parse a command substitution within
an arithmetic expansion, the shell overwrote the saved shell input line and
associated state, resulting in a garbled command.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/parse.y 2011-02-26 19:19:05.000000000 -0500
--- parse.y 2011-06-24 20:08:22.000000000 -0400
***************
*** 3843,3846 ****
--- 3849,3853 ----
{
sh_parser_state_t ps;
+ sh_input_line_state_t ls;
int orig_ind, nc, sflags;
char *ret, *s, *ep, *ostring;
***************
*** 3850,3857 ****
--- 3857,3866 ----
ostring = string;

+ /*itrace("xparse_dolparen: size = %d shell_input_line = `%s'", shell_input_line_size, shell_input_line);*/
sflags = SEVAL_NONINT|SEVAL_NOHIST|SEVAL_NOFREE;
if (flags & SX_NOLONGJMP)
sflags |= SEVAL_NOLONGJMP;
save_parser_state (&ps);
+ save_input_line_state (&ls);

/*(*/
***************
*** 3862,3865 ****
--- 3871,3876 ----
restore_parser_state (&ps);
reset_parser ();
+ /* reset_parser clears shell_input_line and associated variables */
+ restore_input_line_state (&ls);
if (interactive)
token_to_read = 0;
***************
*** 5909,5912 ****
--- 5920,5929 ----
ps->echo_input_at_read = echo_input_at_read;

+ ps->token = token;
+ ps->token_buffer_size = token_buffer_size;
+ /* Force reallocation on next call to read_token_word */
+ token = 0;
+ token_buffer_size = 0;
+
return (ps);
}
***************
*** 5950,5953 ****
--- 5967,6006 ----
expand_aliases = ps->expand_aliases;
echo_input_at_read = ps->echo_input_at_read;
+
+ FREE (token);
+ token = ps->token;
+ token_buffer_size = ps->token_buffer_size;
+ }
+
+ sh_input_line_state_t *
+ save_input_line_state (ls)
+ sh_input_line_state_t *ls;
+ {
+ if (ls == 0)
+ ls = (sh_input_line_state_t *)xmalloc (sizeof (sh_input_line_state_t));
+ if (ls == 0)
+ return ((sh_input_line_state_t *)NULL);
+
+ ls->input_line = shell_input_line;
+ ls->input_line_size = shell_input_line_size;
+ ls->input_line_len = shell_input_line_len;
+ ls->input_line_index = shell_input_line_index;
+
+ /* force reallocation */
+ shell_input_line = 0;
+ shell_input_line_size = shell_input_line_len = shell_input_line_index = 0;
+ }
+
+ void
+ restore_input_line_state (ls)
+ sh_input_line_state_t *ls;
+ {
+ FREE (shell_input_line);
+ shell_input_line = ls->input_line;
+ shell_input_line_size = ls->input_line_size;
+ shell_input_line_len = ls->input_line_len;
+ shell_input_line_index = ls->input_line_index;
+
+ set_line_mbstate ();
}

*** ../bash-4.2-patched/shell.h 2011-01-06 22:16:55.000000000 -0500
--- shell.h 2011-06-24 19:12:25.000000000 -0400
***************
*** 137,140 ****
--- 139,145 ----
int *token_state;

+ char *token;
+ int token_buffer_size;
+
/* input line state -- line number saved elsewhere */
int input_line_terminator;
***************
*** 167,171 ****
--- 172,186 ----
} sh_parser_state_t;

+ typedef struct _sh_input_line_state_t {
+ char *input_line;
+ int input_line_index;
+ int input_line_size;
+ int input_line_len;
+ } sh_input_line_state_t;
+
/* Let's try declaring these here. */
extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
extern void restore_parser_state __P((sh_parser_state_t *));
+
+ extern sh_input_line_state_t *save_input_line_state __P((sh_input_line_state_t *));
+ extern void restore_input_line_state __P((sh_input_line_state_t *));
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 11

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 12

#endif /* _PATCHLEVEL_H_ */

52
SOURCES/bash42-013

@ -0,0 +1,52 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-013

Bug-Reported-by: Marten Wikstrom <marten.wikstrom@keystream.se>
Bug-Reference-ID: <BANLkTikKECAh94ZEX68iQvxYuPeEM_xoSQ@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-05/msg00049.html

Bug-Description:

An off-by-one error caused the shell to skip over CTLNUL characters,
which are used internally to mark quoted null strings. The effect
was to have stray 0x7f characters left after expanding words like
""""""""aa.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2011-03-06 14:11:11.000000000 -0500
--- subst.c 2011-05-11 11:23:33.000000000 -0400
***************
*** 3707,3711 ****
}
else if (string[i] == CTLNUL)
! i++;

prev_i = i;
--- 3710,3717 ----
}
else if (string[i] == CTLNUL)
! {
! i++;
! continue;
! }

prev_i = i;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 12

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 13

#endif /* _PATCHLEVEL_H_ */

47
SOURCES/bash42-014

@ -0,0 +1,47 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-014

Bug-Reported-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
Bug-Reference-ID: <20110504152320.6E8F28130527@dev1.rgmadvisors.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-05/msg00018.html

Bug-Description:

The regular expression matching operator did not correctly match
expressions with an embedded ^A.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/pathexp.c 2010-08-13 23:21:57.000000000 -0400
--- pathexp.c 2011-05-05 16:40:58.000000000 -0400
***************
*** 197,201 ****
if ((qflags & QGLOB_FILENAME) && pathname[i+1] == '/')
continue;
! if ((qflags & QGLOB_REGEXP) && ere_char (pathname[i+1]) == 0)
continue;
temp[j++] = '\\';
--- 197,201 ----
if ((qflags & QGLOB_FILENAME) && pathname[i+1] == '/')
continue;
! if (pathname[i+1] != CTLESC && (qflags & QGLOB_REGEXP) && ere_char (pathname[i+1]) == 0)
continue;
temp[j++] = '\\';
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 13

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 14

#endif /* _PATCHLEVEL_H_ */

81
SOURCES/bash42-015

@ -0,0 +1,81 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-015

Bug-Reported-by: <dnade.ext@orange-ftgroup.com>
Bug-Reference-ID: <728_1312188080_4E3666B0_728_118711_1_3B5D3E0F95CC5C478D6500CDCE8B691F7AAAA4AA3D@PUEXCB2B.nanterre.francetelecom.fr>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-08/msg00000.html

Bug-Description:

When in a context where arithmetic evaluation is not taking place, the
evaluator should not check for division by 0.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/expr.c 2010-12-21 11:12:13.000000000 -0500
--- expr.c 2011-08-02 20:58:28.000000000 -0400
***************
*** 477,480 ****
--- 481,492 ----
if (special)
{
+ if ((op == DIV || op == MOD) && value == 0)
+ {
+ if (noeval == 0)
+ evalerror (_("division by 0"));
+ else
+ value = 1;
+ }
+
switch (op)
{
***************
*** 483,493 ****
break;
case DIV:
- if (value == 0)
- evalerror (_("division by 0"));
lvalue /= value;
break;
case MOD:
- if (value == 0)
- evalerror (_("division by 0"));
lvalue %= value;
break;
--- 495,501 ----
***************
*** 805,809 ****

if (((op == DIV) || (op == MOD)) && (val2 == 0))
! evalerror (_("division by 0"));

if (op == MUL)
--- 813,822 ----

if (((op == DIV) || (op == MOD)) && (val2 == 0))
! {
! if (noeval == 0)
! evalerror (_("division by 0"));
! else
! val2 = 1;
! }

if (op == MUL)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 14

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 15

#endif /* _PATCHLEVEL_H_ */

46
SOURCES/bash42-016

@ -0,0 +1,46 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-016

Bug-Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
Bug-Reference-ID: <4E43AD9E.8060501@gmx.net>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-08/msg00141.html

Bug-Description:

Bash should not check for mail while executing the `eval' builtin.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/parse.y Fri Feb 25 12:07:41 2011
--- parse.y Thu Aug 11 19:02:26 2011
***************
*** 2500,2504 ****
is the mail alarm reset; nothing takes place in check_mail ()
except the checking of mail. Please don't change this. */
! if (prompt_is_ps1 && time_to_check_mail ())
{
check_mail ();
--- 2498,2502 ----
is the mail alarm reset; nothing takes place in check_mail ()
except the checking of mail. Please don't change this. */
! if (prompt_is_ps1 && parse_and_execute_level == 0 && time_to_check_mail ())
{
check_mail ();
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 15

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 16

#endif /* _PATCHLEVEL_H_ */

47
SOURCES/bash42-017

@ -0,0 +1,47 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-017

Bug-Reported-by: Curtis Doty <Curtis@GreenKey.net>
Bug-Reference-ID: <20110621035324.A4F70849F59@mx1.iParadigms.net>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00053.html

Bug-Description:

Using `read -a foo' where foo was an already-declared associative array
caused the shell to die with a segmentation fault.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/read.def 2011-01-04 11:43:36.000000000 -0500
--- builtins/read.def 2011-06-21 10:31:02.000000000 -0400
***************
*** 643,646 ****
--- 642,651 ----
return EXECUTION_FAILURE; /* readonly or noassign */
}
+ if (assoc_p (var))
+ {
+ builtin_error (_("%s: cannot convert associative to indexed array"), arrayname);
+ xfree (input_string);
+ return EXECUTION_FAILURE; /* existing associative array */
+ }
array_flush (array_cell (var));

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 16

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 17

#endif /* _PATCHLEVEL_H_ */

74
SOURCES/bash42-018

@ -0,0 +1,74 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-018

Bug-Reported-by: Thomas Cort <tcort@minix3.org>
Bug-Reference-ID: <BANLkTik-ebGGw3k_1YtB=RyfV1bsqdxC_g@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00110.html

Bug-Description:

Bash fails to compile unless JOB_CONTROL is defined.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/execute_cmd.c 2011-02-09 17:32:25.000000000 -0500
--- execute_cmd.c 2011-11-06 15:12:48.000000000 -0500
***************
*** 2197,2200 ****
--- 2315,2319 ----
cmd->flags |= CMD_IGNORE_RETURN;

+ #if defined (JOB_CONTROL)
lastpipe_flag = 0;
begin_unwind_frame ("lastpipe-exec");
***************
*** 2216,2228 ****
add_unwind_protect (lastpipe_cleanup, lastpipe_jid);
}
! cmd->flags |= CMD_LASTPIPE;
}
if (prev >= 0)
add_unwind_protect (close, prev);

exec_result = execute_command_internal (cmd, asynchronous, prev, pipe_out, fds_to_close);

if (lstdin > 0)
restore_stdin (lstdin);

if (prev >= 0)
--- 2335,2351 ----
add_unwind_protect (lastpipe_cleanup, lastpipe_jid);
}
! if (cmd)
! cmd->flags |= CMD_LASTPIPE;
}
if (prev >= 0)
add_unwind_protect (close, prev);
+ #endif

exec_result = execute_command_internal (cmd, asynchronous, prev, pipe_out, fds_to_close);

+ #if defined (JOB_CONTROL)
if (lstdin > 0)
restore_stdin (lstdin);
+ #endif

if (prev >= 0)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 17

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 18

#endif /* _PATCHLEVEL_H_ */

47
SOURCES/bash42-019

@ -0,0 +1,47 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-019

Bug-Reported-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
Bug-Reference-ID: <CAGOxLdHcSQu3ck9Qy3pRjj_NBU5tAPSAvNm-95-nLQ9Szwb6aA@mail.gmail.com>
Bug-Reference-URL: lists.gnu.org/archive/html/bug-bash/2011-09/msg00047.html

Bug-Description:

Using `declare' with attributes and an invalid array variable name or
assignment reference resulted in a segmentation fault instead of a
declaration error.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/declare.def 2010-05-30 18:25:21.000000000 -0400
--- builtins/declare.def 2011-09-15 15:20:20.000000000 -0400
***************
*** 514,517 ****
--- 514,522 ----
var = assign_array_element (name, value, 0); /* XXX - not aflags */
*subscript_start = '\0';
+ if (var == 0) /* some kind of assignment error */
+ {
+ assign_error++;
+ NEXT_VARIABLE ();
+ }
}
else if (simple_array_assign)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 18

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 19

#endif /* _PATCHLEVEL_H_ */

60
SOURCES/bash42-020

@ -0,0 +1,60 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-020

Bug-Reported-by: Vincent Sheffer <vince.sheffer@apisphere.com>
Bug-Reference-ID: <F13C1C4F-C44C-4071-BFED-4BB6D13CF92F@apisphere.com>
Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2011-08/msg00000.html

Bug-Description:

The shared object helper script needs to be updated for Mac OS X 10.7
(Lion, darwin11).

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/support/shobj-conf 2009-10-28 09:20:21.000000000 -0400
--- support/shobj-conf 2011-08-27 13:25:23.000000000 -0400
***************
*** 158,162 ****

# Darwin/MacOS X
! darwin[89]*|darwin10*)
SHOBJ_STATUS=supported
SHLIB_STATUS=supported
--- 172,176 ----

# Darwin/MacOS X
! darwin[89]*|darwin1[012]*)
SHOBJ_STATUS=supported
SHLIB_STATUS=supported
***************
*** 187,191 ****

case "${host_os}" in
! darwin[789]*|darwin10*) SHOBJ_LDFLAGS=''
SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
;;
--- 201,205 ----

case "${host_os}" in
! darwin[789]*|darwin1[012]*) SHOBJ_LDFLAGS=''
SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
;;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 19

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 20

#endif /* _PATCHLEVEL_H_ */

61
SOURCES/bash42-021

@ -0,0 +1,61 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-021

Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
Bug-Reference-ID: <4585554.nZWb4q7YoZ@smorgbox>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-12/msg00084.html

Bug-Description:

Using `read -N' to assign values to an array can result in NUL values being
assigned to some array elements. These values cause seg faults when referenced
later.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/read.def 2011-11-21 18:03:38.000000000 -0500
--- builtins/read.def 2011-12-19 19:52:12.000000000 -0500
***************
*** 738,742 ****
}
else
! var = bind_read_variable (varname, t);
}
else
--- 775,779 ----
}
else
! var = bind_read_variable (varname, t ? t : "");
}
else
***************
*** 799,803 ****
}
else
! var = bind_read_variable (list->word->word, input_string);

if (var)
--- 836,840 ----
}
else
! var = bind_read_variable (list->word->word, input_string ? input_string : "");

if (var)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 20

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 21

#endif /* _PATCHLEVEL_H_ */

61
SOURCES/bash42-022

@ -0,0 +1,61 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-022

Bug-Reported-by: Gregory Margo <gmargo@pacbell.net>
Bug-Reference-ID: <20110727174529.GA3333@pacbell.net>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-07/msg00102.html

Bug-Description:

The return value from lseek is `off_t'. This can cause corrupted return
values when the file offset is greater than 2**31 - 1.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/sh/zread.c Mon Mar 2 08:54:45 2009
--- lib/sh/zread.c Thu Jul 28 18:16:53 2011
***************
*** 161,166 ****
int fd;
{
! off_t off;
! int r;

off = lused - lind;
--- 161,165 ----
int fd;
{
! off_t off, r;

off = lused - lind;
***************
*** 169,173 ****
r = lseek (fd, -off, SEEK_CUR);

! if (r >= 0)
lused = lind = 0;
}
--- 168,172 ----
r = lseek (fd, -off, SEEK_CUR);

! if (r != -1)
lused = lind = 0;
}
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 21

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 22

#endif /* _PATCHLEVEL_H_ */

62
SOURCES/bash42-023

@ -0,0 +1,62 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-023

Bug-Reported-by: Ewan Mellor <Ewan.Mellor@eu.citrix.com>
Bug-Reference-ID: <6005BE083BF501439A84DC3523BAC82DC4B964FD12@LONPMAILBOX01.citrite.net>
Bug-Reference-URL:

Bug-Description:

Under some circumstances, an exit trap triggered by a bad substitution
error when errexit is enabled will cause the shell to exit with an
incorrect exit status (0).

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2011-11-21 12:04:38.000000000 -0500
--- subst.c 2012-02-08 13:36:28.000000000 -0500
***************
*** 7275,7278 ****
--- 7281,7285 ----
case '\0':
bad_substitution:
+ last_command_exit_value = EXECUTION_FAILURE;
report_error (_("%s: bad substitution"), string ? string : "??");
FREE (value);
*** ../bash-4.2-patched/error.c 2009-08-21 22:31:31.000000000 -0400
--- error.c 2012-02-25 15:54:40.000000000 -0500
***************
*** 201,205 ****
va_end (args);
if (exit_immediately_on_error)
! exit_shell (1);
}

--- 201,209 ----
va_end (args);
if (exit_immediately_on_error)
! {
! if (last_command_exit_value == 0)
! last_command_exit_value = 1;
! exit_shell (last_command_exit_value);
! }
}

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 22

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 23

#endif /* _PATCHLEVEL_H_ */

45
SOURCES/bash42-024

@ -0,0 +1,45 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-024

Bug-Reported-by: Jim Avera <james_avera@yahoo.com>
Bug-Reference-ID: <4F29E07A.80405@yahoo.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-02/msg00001.html

Bug-Description:

When `printf -v' is used to set an array element, the format string contains
`%b', and the corresponding argument is the empty string, the buffer used
to store the value to be assigned can be NULL, which results in NUL being
assigned to the array element. This causes a seg fault when it's used later.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/printf.def 2011-02-25 12:07:41.000000000 -0500
--- builtins/printf.def 2012-02-02 08:37:12.000000000 -0500
***************
*** 256,259 ****
--- 257,262 ----
{
vflag = 1;
+ if (vbsize == 0)
+ vbuf = xmalloc (vbsize = 16);
vblen = 0;
if (vbuf)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 23

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 24

#endif /* _PATCHLEVEL_H_ */

143
SOURCES/bash42-025

@ -0,0 +1,143 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-025

Bug-Reported-by: Bill Gradwohl <bill@ycc.com>
Bug-Reference-ID: <CAFyvKis-UfuOWr5THBRKh=vYHDoKEEgdW8hN1RviTuYQ00Lu5A@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/help-bash/2012-03/msg00078.html

Bug-Description:

When used in a shell function, `declare -g -a array=(compound assignment)'
creates a local variable instead of a global one.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/command.h 2010-08-02 19:36:51.000000000 -0400
--- command.h 2012-04-01 12:38:35.000000000 -0400
***************
*** 98,101 ****
--- 98,102 ----
#define W_ASSIGNASSOC 0x400000 /* word looks like associative array assignment */
#define W_ARRAYIND 0x800000 /* word is an array index being expanded */
+ #define W_ASSNGLOBAL 0x1000000 /* word is a global assignment to declare (declare/typeset -g) */

/* Possible values for subshell_environment */
*** ../bash-4.2-patched/execute_cmd.c 2011-11-21 18:03:41.000000000 -0500
--- execute_cmd.c 2012-04-01 12:42:03.000000000 -0400
***************
*** 3581,3585 ****
WORD_LIST *w;
struct builtin *b;
! int assoc;

if (words == 0)
--- 3581,3585 ----
WORD_LIST *w;
struct builtin *b;
! int assoc, global;

if (words == 0)
***************
*** 3587,3591 ****

b = 0;
! assoc = 0;

for (w = words; w; w = w->next)
--- 3587,3591 ----

b = 0;
! assoc = global = 0;

for (w = words; w; w = w->next)
***************
*** 3604,3607 ****
--- 3604,3609 ----
if (assoc)
w->word->flags |= W_ASSIGNASSOC;
+ if (global)
+ w->word->flags |= W_ASSNGLOBAL;
#endif
}
***************
*** 3609,3613 ****
/* Note that we saw an associative array option to a builtin that takes
assignment statements. This is a bit of a kludge. */
! else if (w->word->word[0] == '-' && strchr (w->word->word, 'A'))
{
if (b == 0)
--- 3611,3618 ----
/* Note that we saw an associative array option to a builtin that takes
assignment statements. This is a bit of a kludge. */
! else if (w->word->word[0] == '-' && (strchr (w->word->word+1, 'A') || strchr (w->word->word+1, 'g')))
! #else
! else if (w->word->word[0] == '-' && strchr (w->word->word+1, 'g'))
! #endif
{
if (b == 0)
***************
*** 3619,3626 ****
words->word->flags |= W_ASSNBLTIN;
}
! if (words->word->flags & W_ASSNBLTIN)
assoc = 1;
}
- #endif
}

--- 3624,3632 ----
words->word->flags |= W_ASSNBLTIN;
}
! if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'A'))
assoc = 1;
+ if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'g'))
+ global = 1;
}
}

*** ../bash-4.2-patched/subst.c 2012-03-11 17:35:13.000000000 -0400
--- subst.c 2012-04-01 12:38:35.000000000 -0400
***************
*** 367,370 ****
--- 367,375 ----
fprintf (stderr, "W_ASSNBLTIN%s", f ? "|" : "");
}
+ if (f & W_ASSNGLOBAL)
+ {
+ f &= ~W_ASSNGLOBAL;
+ fprintf (stderr, "W_ASSNGLOBAL%s", f ? "|" : "");
+ }
if (f & W_COMPASSIGN)
{
***************
*** 2804,2808 ****
else if (assign_list)
{
! if (word->flags & W_ASSIGNARG)
aflags |= ASS_MKLOCAL;
if (word->flags & W_ASSIGNASSOC)
--- 2809,2813 ----
else if (assign_list)
{
! if ((word->flags & W_ASSIGNARG) && (word->flags & W_ASSNGLOBAL) == 0)
aflags |= ASS_MKLOCAL;
if (word->flags & W_ASSIGNASSOC)

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 24

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 25

#endif /* _PATCHLEVEL_H_ */

58
SOURCES/bash42-026

@ -0,0 +1,58 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-026

Bug-Reported-by: Greg Wooledge <wooledg@eeg.ccf.org>
Bug-Reference-ID: <20120425180443.GO22241@eeg.ccf.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00172.html

Bug-Description:

The `lastpipe' option does not behave correctly on machines where the
open file limit is less than 256.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/execute_cmd.c 2011-11-21 12:04:47.000000000 -0500
--- execute_cmd.c 2012-04-26 11:09:30.000000000 -0400
***************
*** 2206,2210 ****
if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
{
! lstdin = move_to_high_fd (0, 0, 255);
if (lstdin > 0)
{
--- 2325,2329 ----
if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
{
! lstdin = move_to_high_fd (0, 1, -1);
if (lstdin > 0)
{
***************
*** 2252,2256 ****
--- 2371,2377 ----
}

+ #if defined (JOB_CONTROL)
discard_unwind_frame ("lastpipe-exec");
+ #endif

return (exec_result);

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 25

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 26

#endif /* _PATCHLEVEL_H_ */

47
SOURCES/bash42-027

@ -0,0 +1,47 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-027

Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
Bug-Reference-ID: <201204211243.30163.vapier@gentoo.org>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00134.html

Bug-Description:

When the `extglob' shell option is enabled, pattern substitution does not
work correctly in the presence of multibyte characters.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2012-03-11 17:52:57.000000000 -0400
--- subst.c 2012-04-22 16:19:10.000000000 -0400
***************
*** 4167,4171 ****
#if defined (EXTENDED_GLOB)
if (extended_glob)
! simple |= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
#endif

--- 4167,4171 ----
#if defined (EXTENDED_GLOB)
if (extended_glob)
! simple &= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
#endif

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 26

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 27

#endif /* _PATCHLEVEL_H_ */

52
SOURCES/bash42-028

@ -0,0 +1,52 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-028

Bug-Reported-by: Mark Edgar <medgar123@gmail.com>
Bug-Reference-ID: <CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html

Bug-Description:

When using a word expansion for which the right hand side is evaluated,
certain expansions of quoted null strings include spurious ^? characters.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2012-03-11 17:35:13.000000000 -0400
--- subst.c 2012-03-20 19:30:13.000000000 -0400
***************
*** 5810,5813 ****
--- 5810,5823 ----
if (qdollaratp && ((hasdol && quoted) || l->next))
*qdollaratp = 1;
+ /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
+ a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
+ flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
+ expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+ (which is more paranoia than anything else), we need to return the
+ quoted null string and set the flags to indicate it. */
+ if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
+ {
+ w->flags |= W_HASQUOTEDNULL;
+ }
dispose_words (l);
}

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 27

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 28

#endif /* _PATCHLEVEL_H_ */

524
SOURCES/bash42-029

@ -0,0 +1,524 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-029

Bug-Reported-by: "Michael Kalisz" <michael@kalisz.homelinux.net>
Bug-Reference-ID: <50241.78.69.11.112.1298585641.squirrel@kalisz.homelinux.net>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00274.html

Bug-Description:

Bash-4.2 tries to leave completed directory names as the user typed them,
without expanding them to a full pathname. One effect of this is that
shell variables used in pathnames being completed (e.g., $HOME) are left
unchanged, but the `$' is quoted by readline because it is a special
character to the shell.

This patch introduces two things:

1. A new shell option, `direxpand', which, if set, attempts to emulate the
bash-4.1 behavior of expanding words to full pathnames during
completion;
2. A set of heuristics that reduce the number of times special characters
such as `$' are quoted when the directory name is not expanded.

Patch (apply with `patch -p0'):

diff -NrC 2 ../bash-4.2-patched/bashline.c ./bashline.c
*** ../bash-4.2-patched/bashline.c 2011-01-16 15:32:47.000000000 -0500
--- ./bashline.c 2012-05-07 16:27:18.000000000 -0400
***************
*** 122,125 ****
--- 122,128 ----
static int bash_push_line __P((void));

+ static rl_icppfunc_t *save_directory_hook __P((void));
+ static void reset_directory_hook __P((rl_icppfunc_t *));
+
static void cleanup_expansion_error __P((void));
static void maybe_make_readline_line __P((char *));
***************
*** 244,251 ****
--- 247,261 ----
int dircomplete_spelling = 0;

+ /* Expand directory names during word/filename completion. */
+ int dircomplete_expand = 0;
+ int dircomplete_expand_relpath = 0;
+
static char *bash_completer_word_break_characters = " \t\n\"'@><=;|&(:";
static char *bash_nohostname_word_break_characters = " \t\n\"'><=;|&(:";
/* )) */

+ static const char *default_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~"; /*}*/
+ static char *custom_filename_quote_characters = 0;
+
static rl_hook_func_t *old_rl_startup_hook = (rl_hook_func_t *)NULL;

***************
*** 502,506 ****
/* Tell the completer that we might want to follow symbolic links or
do other expansion on directory names. */
! rl_directory_rewrite_hook = bash_directory_completion_hook;

rl_filename_rewrite_hook = bash_filename_rewrite_hook;
--- 512,516 ----
/* Tell the completer that we might want to follow symbolic links or
do other expansion on directory names. */
! set_directory_hook ();

rl_filename_rewrite_hook = bash_filename_rewrite_hook;
***************
*** 530,534 ****

/* characters that need to be quoted when appearing in filenames. */
! rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~"; /*}*/

rl_filename_quoting_function = bash_quote_filename;
--- 540,544 ----

/* characters that need to be quoted when appearing in filenames. */
! rl_filename_quote_characters = default_filename_quote_characters;

rl_filename_quoting_function = bash_quote_filename;
***************
*** 565,570 ****
rl_attempted_completion_function = attempt_shell_completion;
rl_completion_entry_function = NULL;
- rl_directory_rewrite_hook = bash_directory_completion_hook;
rl_ignore_some_completions_function = filename_completion_ignore;
}

--- 575,582 ----
rl_attempted_completion_function = attempt_shell_completion;
rl_completion_entry_function = NULL;
rl_ignore_some_completions_function = filename_completion_ignore;
+ rl_filename_quote_characters = default_filename_quote_characters;
+
+ set_directory_hook ();
}

***************
*** 1280,1283 ****
--- 1292,1298 ----
rl_ignore_some_completions_function = filename_completion_ignore;

+ rl_filename_quote_characters = default_filename_quote_characters;
+ set_directory_hook ();
+
/* Determine if this could be a command word. It is if it appears at
the start of the line (ignoring preceding whitespace), or if it
***************
*** 1592,1595 ****
--- 1607,1616 ----
else
{
+ if (dircomplete_expand && dot_or_dotdot (filename_hint))
+ {
+ dircomplete_expand = 0;
+ set_directory_hook ();
+ dircomplete_expand = 1;
+ }
mapping_over = 4;
goto inner;
***************
*** 1792,1795 ****
--- 1813,1819 ----
inner:
val = rl_filename_completion_function (filename_hint, istate);
+ if (mapping_over == 4 && dircomplete_expand)
+ set_directory_hook ();
+
istate = 1;

***************
*** 2694,2697 ****
--- 2718,2767 ----
}

+ /* Functions to save and restore the appropriate directory hook */
+ /* This is not static so the shopt code can call it */
+ void
+ set_directory_hook ()
+ {
+ if (dircomplete_expand)
+ {
+ rl_directory_completion_hook = bash_directory_completion_hook;
+ rl_directory_rewrite_hook = (rl_icppfunc_t *)0;
+ }
+ else
+ {
+ rl_directory_rewrite_hook = bash_directory_completion_hook;
+ rl_directory_completion_hook = (rl_icppfunc_t *)0;
+ }
+ }
+
+ static rl_icppfunc_t *
+ save_directory_hook ()
+ {
+ rl_icppfunc_t *ret;
+
+ if (dircomplete_expand)
+ {
+ ret = rl_directory_completion_hook;
+ rl_directory_completion_hook = (rl_icppfunc_t *)NULL;
+ }
+ else
+ {
+ ret = rl_directory_rewrite_hook;
+ rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
+ }
+
+ return ret;
+ }
+
+ static void
+ restore_directory_hook (hookf)
+ rl_icppfunc_t *hookf;
+ {
+ if (dircomplete_expand)
+ rl_directory_completion_hook = hookf;
+ else
+ rl_directory_rewrite_hook = hookf;
+ }
+
/* Handle symbolic link references and other directory name
expansions while hacking completion. This should return 1 if it modifies
***************
*** 2703,2720 ****
{
char *local_dirname, *new_dirname, *t;
! int return_value, should_expand_dirname;
WORD_LIST *wl;
struct stat sb;

! return_value = should_expand_dirname = 0;
local_dirname = *dirname;

! if (mbschr (local_dirname, '$'))
! should_expand_dirname = 1;
else
{
t = mbschr (local_dirname, '`');
if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
! should_expand_dirname = 1;
}

--- 2773,2801 ----
{
char *local_dirname, *new_dirname, *t;
! int return_value, should_expand_dirname, nextch, closer;
WORD_LIST *wl;
struct stat sb;

! return_value = should_expand_dirname = nextch = closer = 0;
local_dirname = *dirname;

! if (t = mbschr (local_dirname, '$'))
! {
! should_expand_dirname = '$';
! nextch = t[1];
! /* Deliberately does not handle the deprecated $[...] arithmetic
! expansion syntax */
! if (nextch == '(')
! closer = ')';
! else if (nextch == '{')
! closer = '}';
! else
! nextch = 0;
! }
else
{
t = mbschr (local_dirname, '`');
if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
! should_expand_dirname = '`';
}

***************
*** 2740,2743 ****
--- 2821,2841 ----
dispose_words (wl);
local_dirname = *dirname;
+ /* XXX - change rl_filename_quote_characters here based on
+ should_expand_dirname/nextch/closer. This is the only place
+ custom_filename_quote_characters is modified. */
+ if (rl_filename_quote_characters && *rl_filename_quote_characters)
+ {
+ int i, j, c;
+ i = strlen (default_filename_quote_characters);
+ custom_filename_quote_characters = xrealloc (custom_filename_quote_characters, i+1);
+ for (i = j = 0; c = default_filename_quote_characters[i]; i++)
+ {
+ if (c == should_expand_dirname || c == nextch || c == closer)
+ continue;
+ custom_filename_quote_characters[j++] = c;
+ }
+ custom_filename_quote_characters[j] = '\0';
+ rl_filename_quote_characters = custom_filename_quote_characters;
+ }
}
else
***************
*** 2759,2762 ****
--- 2857,2871 ----
}

+ /* no_symbolic_links == 0 -> use (default) logical view of the file system.
+ local_dirname[0] == '.' && local_dirname[1] == '/' means files in the
+ current directory (./).
+ local_dirname[0] == '.' && local_dirname[1] == 0 means relative pathnames
+ in the current directory (e.g., lib/sh).
+ XXX - should we do spelling correction on these? */
+
+ /* This is test as it was in bash-4.2: skip relative pathnames in current
+ directory. Change test to
+ (local_dirname[0] != '.' || (local_dirname[1] && local_dirname[1] != '/'))
+ if we want to skip paths beginning with ./ also. */
if (no_symbolic_links == 0 && (local_dirname[0] != '.' || local_dirname[1]))
{
***************
*** 2764,2767 ****
--- 2873,2885 ----
int len1, len2;

+ /* If we have a relative path
+ (local_dirname[0] != '/' && local_dirname[0] != '.')
+ that is canonical after appending it to the current directory, then
+ temp1 = temp2+'/'
+ That is,
+ strcmp (temp1, temp2) == 0
+ after adding a slash to temp2 below. It should be safe to not
+ change those.
+ */
t = get_working_directory ("symlink-hook");
temp1 = make_absolute (local_dirname, t);
***************
*** 2798,2802 ****
}
}
! return_value |= STREQ (local_dirname, temp2) == 0;
free (local_dirname);
*dirname = temp2;
--- 2916,2928 ----
}
}
!
! /* dircomplete_expand_relpath == 0 means we want to leave relative
! pathnames that are unchanged by canonicalization alone.
! *local_dirname != '/' && *local_dirname != '.' == relative pathname
! (consistent with general.c:absolute_pathname())
! temp1 == temp2 (after appending a slash to temp2) means the pathname
! is not changed by canonicalization as described above. */
! if (dircomplete_expand_relpath || ((local_dirname[0] != '/' && local_dirname[0] != '.') && STREQ (temp1, temp2) == 0))
! return_value |= STREQ (local_dirname, temp2) == 0;
free (local_dirname);
*dirname = temp2;
***************
*** 3003,3012 ****
orig_func = rl_completion_entry_function;
orig_attempt_func = rl_attempted_completion_function;
- orig_dir_func = rl_directory_rewrite_hook;
orig_ignore_func = rl_ignore_some_completions_function;
orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
rl_completion_entry_function = rl_filename_completion_function;
rl_attempted_completion_function = (rl_completion_func_t *)NULL;
- rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
rl_ignore_some_completions_function = filename_completion_ignore;
rl_completer_word_break_characters = " \t\n\"\'";
--- 3129,3139 ----
orig_func = rl_completion_entry_function;
orig_attempt_func = rl_attempted_completion_function;
orig_ignore_func = rl_ignore_some_completions_function;
orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
+
+ orig_dir_func = save_directory_hook ();
+
rl_completion_entry_function = rl_filename_completion_function;
rl_attempted_completion_function = (rl_completion_func_t *)NULL;
rl_ignore_some_completions_function = filename_completion_ignore;
rl_completer_word_break_characters = " \t\n\"\'";
***************
*** 3016,3023 ****
rl_completion_entry_function = orig_func;
rl_attempted_completion_function = orig_attempt_func;
- rl_directory_rewrite_hook = orig_dir_func;
rl_ignore_some_completions_function = orig_ignore_func;
rl_completer_word_break_characters = orig_rl_completer_word_break_characters;

return r;
}
--- 3143,3151 ----
rl_completion_entry_function = orig_func;
rl_attempted_completion_function = orig_attempt_func;
rl_ignore_some_completions_function = orig_ignore_func;
rl_completer_word_break_characters = orig_rl_completer_word_break_characters;

+ restore_directory_hook (orig_dir_func);
+
return r;
}
diff -NrC 2 ../bash-4.2-patched/bashline.h ./bashline.h
*** ../bash-4.2-patched/bashline.h 2009-01-04 14:32:22.000000000 -0500
--- ./bashline.h 2012-05-07 16:27:18.000000000 -0400
***************
*** 34,41 ****
--- 34,46 ----
extern int bash_re_edit __P((char *));

+ extern void bashline_set_event_hook __P((void));
+ extern void bashline_reset_event_hook __P((void));
+
extern int bind_keyseq_to_unix_command __P((char *));

extern char **bash_default_completion __P((const char *, int, int, int, int));

+ void set_directory_hook __P((void));
+
/* Used by programmable completion code. */
extern char *command_word_completion_function __P((const char *, int));
diff -NrC 2 ../bash-4.2-patched/builtins/shopt.def ./builtins/shopt.def
*** ../bash-4.2-patched/builtins/shopt.def 2010-07-02 22:42:44.000000000 -0400
--- ./builtins/shopt.def 2012-05-07 16:27:18.000000000 -0400
***************
*** 62,65 ****
--- 62,69 ----
#include "bashgetopt.h"

+ #if defined (READLINE)
+ # include "../bashline.h"
+ #endif
+
#if defined (HISTORY)
# include "../bashhist.h"
***************
*** 95,99 ****
extern int no_empty_command_completion;
extern int force_fignore;
! extern int dircomplete_spelling;

extern int enable_hostname_completion __P((int));
--- 99,103 ----
extern int no_empty_command_completion;
extern int force_fignore;
! extern int dircomplete_spelling, dircomplete_expand;

extern int enable_hostname_completion __P((int));
***************
*** 122,125 ****
--- 126,133 ----
#endif

+ #if defined (READLINE)
+ static int shopt_set_complete_direxpand __P((char *, int));
+ #endif
+
static int shopt_login_shell;
static int shopt_compat31;
***************
*** 151,154 ****
--- 159,163 ----
{ "compat41", &shopt_compat41, set_compatibility_level },
#if defined (READLINE)
+ { "direxpand", &dircomplete_expand, shopt_set_complete_direxpand },
{ "dirspell", &dircomplete_spelling, (shopt_set_func_t *)NULL },
#endif
***************
*** 536,539 ****
--- 545,559 ----
}

+ #if defined (READLINE)
+ static int
+ shopt_set_complete_direxpand (option_name, mode)
+ char *option_name;
+ int mode;
+ {
+ set_directory_hook ();
+ return 0;
+ }
+ #endif
+
#if defined (RESTRICTED_SHELL)
/* Don't allow the value of restricted_shell to be modified. */
Binary files ../bash-4.2-patched/doc/._bashref.pdf and ./doc/._bashref.pdf differ
diff -NrC 2 ../bash-4.2-patched/doc/bash.1 ./doc/bash.1
*** ../bash-4.2-patched/doc/bash.1 2011-01-16 15:31:39.000000000 -0500
--- ./doc/bash.1 2012-05-07 16:27:18.000000000 -0400
***************
*** 8949,8952 ****
--- 8949,8962 ----
The default bash behavior remains as in previous versions.
.TP 8
+ .B direxpand
+ If set,
+ .B bash
+ replaces directory names with the results of word expansion when performing
+ filename completion. This changes the contents of the readline editing
+ buffer.
+ If not set,
+ .B bash
+ attempts to preserve what the user typed.
+ .TP 8
.B dirspell
If set,
diff -NrC 2 ../bash-4.2-patched/doc/bashref.texi ./doc/bashref.texi
*** ../bash-4.2-patched/doc/bashref.texi 2011-01-16 15:31:57.000000000 -0500
--- ./doc/bashref.texi 2012-05-07 16:27:18.000000000 -0400
***************
*** 4536,4539 ****
--- 4536,4546 ----
The default Bash behavior remains as in previous versions.

+ @item direxpand
+ If set, Bash
+ replaces directory names with the results of word expansion when performing
+ filename completion. This changes the contents of the readline editing
+ buffer.
+ If not set, Bash attempts to preserve what the user typed.
+
@item dirspell
If set, Bash
diff -NrC 2 ../bash-4.2-patched/tests/shopt.right ./tests/shopt.right
*** ../bash-4.2-patched/tests/shopt.right 2010-07-02 23:36:30.000000000 -0400
--- ./tests/shopt.right 2012-05-07 16:27:18.000000000 -0400
***************
*** 13,16 ****
--- 13,17 ----
shopt -u compat40
shopt -u compat41
+ shopt -u direxpand
shopt -u dirspell
shopt -u dotglob
***************
*** 69,72 ****
--- 70,74 ----
shopt -u compat40
shopt -u compat41
+ shopt -u direxpand
shopt -u dirspell
shopt -u dotglob
***************
*** 102,105 ****
--- 104,108 ----
compat40 off
compat41 off
+ direxpand off
dirspell off
dotglob off
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 28

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 29

#endif /* _PATCHLEVEL_H_ */

178
SOURCES/bash42-030

@ -0,0 +1,178 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-030

Bug-Reported-by: Roman Rakus <rrakus@redhat.com>
Bug-Reference-ID: <4D7DD91E.7040808@redhat.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00126.html

Bug-Description:

When attempting to glob strings in a multibyte locale, and those strings
contain invalid multibyte characters that cause mbsnrtowcs to return 0,
the globbing code loops infinitely.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c 2010-05-30 18:36:27.000000000 -0400
--- lib/glob/xmbsrtowcs.c 2011-03-22 16:06:47.000000000 -0400
***************
*** 36,39 ****
--- 36,41 ----
#if HANDLE_MULTIBYTE

+ #define WSBUF_INC 32
+
#ifndef FREE
# define FREE(x) do { if (x) free (x); } while (0)
***************
*** 149,153 ****
size_t wcnum; /* Number of wide characters in WSBUF */
mbstate_t state; /* Conversion State */
! size_t wcslength; /* Number of wide characters produced by the conversion. */
const char *end_or_backslash;
size_t nms; /* Number of multibyte characters to convert at one time. */
--- 151,155 ----
size_t wcnum; /* Number of wide characters in WSBUF */
mbstate_t state; /* Conversion State */
! size_t n, wcslength; /* Number of wide characters produced by the conversion. */
const char *end_or_backslash;
size_t nms; /* Number of multibyte characters to convert at one time. */
***************
*** 172,176 ****
tmp_p = p;
tmp_state = state;
! wcslength = mbsnrtowcs(NULL, &tmp_p, nms, 0, &tmp_state);

/* Conversion failed. */
--- 174,189 ----
tmp_p = p;
tmp_state = state;
!
! if (nms == 0 && *p == '\\') /* special initial case */
! nms = wcslength = 1;
! else
! wcslength = mbsnrtowcs (NULL, &tmp_p, nms, 0, &tmp_state);
!
! if (wcslength == 0)
! {
! tmp_p = p; /* will need below */
! tmp_state = state;
! wcslength = 1; /* take a single byte */
! }

/* Conversion failed. */
***************
*** 187,191 ****
wchar_t *wstmp;

! wsbuf_size = wcnum+wcslength+1; /* 1 for the L'\0' or the potential L'\\' */

wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
--- 200,205 ----
wchar_t *wstmp;

! while (wsbuf_size < wcnum+wcslength+1) /* 1 for the L'\0' or the potential L'\\' */
! wsbuf_size += WSBUF_INC;

wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
***************
*** 200,207 ****

/* Perform the conversion. This is assumed to return 'wcslength'.
! * It may set 'p' to NULL. */
! mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);

! wcnum += wcslength;

if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
--- 214,229 ----

/* Perform the conversion. This is assumed to return 'wcslength'.
! It may set 'p' to NULL. */
! n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);

! /* Compensate for taking single byte on wcs conversion failure above. */
! if (wcslength == 1 && (n == 0 || n == (size_t)-1))
! {
! state = tmp_state;
! p = tmp_p;
! wsbuf[wcnum++] = *p++;
! }
! else
! wcnum += wcslength;

if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
***************
*** 231,236 ****
of DESTP and INDICESP are NULL. */

- #define WSBUF_INC 32
-
size_t
xdupmbstowcs (destp, indicesp, src)
--- 253,256 ----
*** ../bash-4.2-patched/lib/glob/glob.c 2009-11-14 18:39:30.000000000 -0500
--- lib/glob/glob.c 2012-07-07 12:09:56.000000000 -0400
***************
*** 201,206 ****
size_t pat_n, dn_n;

pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
! dn_n = xdupmbstowcs (&dn_wc, NULL, dname);

ret = 0;
--- 201,209 ----
size_t pat_n, dn_n;

+ pat_wc = dn_wc = (wchar_t *)NULL;
+
pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
! if (pat_n != (size_t)-1)
! dn_n = xdupmbstowcs (&dn_wc, NULL, dname);

ret = 0;
***************
*** 222,225 ****
--- 225,230 ----
ret = 1;
}
+ else
+ ret = skipname (pat, dname, flags);

FREE (pat_wc);
***************
*** 267,272 ****
n = xdupmbstowcs (&wpathname, NULL, pathname);
if (n == (size_t) -1)
! /* Something wrong. */
! return;
orig_wpathname = wpathname;

--- 272,280 ----
n = xdupmbstowcs (&wpathname, NULL, pathname);
if (n == (size_t) -1)
! {
! /* Something wrong. Fall back to single-byte */
! udequote_pathname (pathname);
! return;
! }
orig_wpathname = wpathname;

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 29

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 30

#endif /* _PATCHLEVEL_H_ */

80
SOURCES/bash42-031

@ -0,0 +1,80 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-031

Bug-Reported-by: Max Horn <max@quendi.de>
Bug-Reference-ID: <20CC5C60-07C3-4E41-9817-741E48D407C5@quendi.de>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2012-06/msg00005.html

Bug-Description:

A change between bash-4.1 and bash-4.2 to prevent the readline input hook
from being called too frequently had the side effect of causing delays
when reading pasted input on systems such as Mac OS X. This patch fixes
those delays while retaining the bash-4.2 behavior.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/readline/input.c 2010-05-30 18:33:01.000000000 -0400
--- lib/readline/input.c 2012-06-25 21:08:42.000000000 -0400
***************
*** 410,414 ****
rl_read_key ()
{
! int c;

rl_key_sequence_length++;
--- 412,416 ----
rl_read_key ()
{
! int c, r;

rl_key_sequence_length++;
***************
*** 430,441 ****
while (rl_event_hook)
{
! if (rl_gather_tyi () < 0) /* XXX - EIO */
{
rl_done = 1;
return ('\n');
}
RL_CHECK_SIGNALS ();
- if (rl_get_char (&c) != 0)
- break;
if (rl_done) /* XXX - experimental */
return ('\n');
--- 432,447 ----
while (rl_event_hook)
{
! if (rl_get_char (&c) != 0)
! break;
!
! if ((r = rl_gather_tyi ()) < 0) /* XXX - EIO */
{
rl_done = 1;
return ('\n');
}
+ else if (r == 1) /* read something */
+ continue;
+
RL_CHECK_SIGNALS ();
if (rl_done) /* XXX - experimental */
return ('\n');
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 30

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 31

#endif /* _PATCHLEVEL_H_ */

75
SOURCES/bash42-032

@ -0,0 +1,75 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-032

Bug-Reported-by: Ruediger Kuhlmann <RKuhlmann@orga-systems.com>
Bug-Reference-ID: <OFDE975207.0C3622E5-ONC12579F3.00361A06-C12579F3.00365E39@orga-systems.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-05/msg00010.html

Bug-Description:

Bash-4.2 has problems with DEL characters in the expanded value of variables
used in the same quoted string as variables that expand to nothing.

Patch (apply with `patch -p0'):

*** ../bash-20120427/subst.c 2012-04-22 16:19:10.000000000 -0400
--- subst.c 2012-05-07 16:06:35.000000000 -0400
***************
*** 8152,8155 ****
--- 8152,8163 ----
dispose_word_desc (tword);

+ /* Kill quoted nulls; we will add them back at the end of
+ expand_word_internal if nothing else in the string */
+ if (had_quoted_null && temp && QUOTED_NULL (temp))
+ {
+ FREE (temp);
+ temp = (char *)NULL;
+ }
+
goto add_string;
break;
***************
*** 8556,8560 ****
if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
tword->flags |= W_QUOTED;
! if (had_quoted_null)
tword->flags |= W_HASQUOTEDNULL;
list = make_word_list (tword, (WORD_LIST *)NULL);
--- 8564,8568 ----
if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
tword->flags |= W_QUOTED;
! if (had_quoted_null && QUOTED_NULL (istring))
tword->flags |= W_HASQUOTEDNULL;
list = make_word_list (tword, (WORD_LIST *)NULL);
***************
*** 8587,8591 ****
if (word->flags & W_NOEXPAND)
tword->flags |= W_NOEXPAND;
! if (had_quoted_null)
tword->flags |= W_HASQUOTEDNULL; /* XXX */
list = make_word_list (tword, (WORD_LIST *)NULL);
--- 8595,8599 ----
if (word->flags & W_NOEXPAND)
tword->flags |= W_NOEXPAND;
! if (had_quoted_null && QUOTED_NULL (istring))
tword->flags |= W_HASQUOTEDNULL; /* XXX */
list = make_word_list (tword, (WORD_LIST *)NULL);
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 31

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 32

#endif /* _PATCHLEVEL_H_ */

57
SOURCES/bash42-033

@ -0,0 +1,57 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-033

Bug-Reported-by: David Leverton <levertond@googlemail.com>
Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
Bug-Reference-URL:

Bug-Description:

Bash uses a static buffer when expanding the /dev/fd prefix for the test
and conditional commands, among other uses, when it should use a dynamic
buffer to avoid buffer overflow.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500
--- lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400
***************
*** 83,86 ****
--- 83,88 ----
struct stat *finfo;
{
+ static char *pbuf = 0;
+
if (*path == '\0')
{
***************
*** 107,111 ****
On most systems, with the notable exception of linux, this is
effectively a no-op. */
! char pbuf[32];
strcpy (pbuf, DEV_FD_PREFIX);
strcat (pbuf, path + 8);
--- 109,113 ----
On most systems, with the notable exception of linux, this is
effectively a no-op. */
! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
strcpy (pbuf, DEV_FD_PREFIX);
strcat (pbuf, path + 8);
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 32

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 33

#endif /* _PATCHLEVEL_H_ */

46
SOURCES/bash42-034

@ -0,0 +1,46 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-034

Bug-Reported-by: "Davide Brini" <dave_br@gmx.com>
Bug-Reference-ID: <20120604164154.69781EC04B@imaps.oficinas.atrapalo.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-06/msg00030.html

Bug-Description:

In bash-4.2, the history code would inappropriately add a semicolon to
multi-line compound array assignments when adding them to the history.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/parse.y 2011-11-21 18:03:36.000000000 -0500
--- parse.y 2012-06-07 12:48:47.000000000 -0400
***************
*** 4900,4905 ****
--- 4916,4924 ----
return (current_command_line_count == 2 ? "\n" : "");
}

+ if (parser_state & PST_COMPASSIGN)
+ return (" ");
+
/* First, handle some special cases. */
/*(*/
/* If we just read `()', assume it's a function definition, and don't
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 33

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 34

#endif /* _PATCHLEVEL_H_ */

66
SOURCES/bash42-035

@ -0,0 +1,66 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-035

Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
Bug-Reference-ID: <2766482.Ksm3GrSoYi@smorgbox>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-06/msg00071.html

Bug-Description:

When given a number of lines to read, `mapfile -n lines' reads one too many.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/mapfile.def 2010-05-29 22:09:47.000000000 -0400
--- builtins/mapfile.def 2012-06-20 09:48:33.000000000 -0400
***************
*** 196,206 ****
interrupt_immediately++;
for (array_index = origin, line_count = 1;
! zgetline (fd, &line, &line_length, unbuffered_read) != -1;
! array_index++, line_count++)
{
- /* Have we exceeded # of lines to store? */
- if (line_count_goal != 0 && line_count > line_count_goal)
- break;
-
/* Remove trailing newlines? */
if (flags & MAPF_CHOP)
--- 196,202 ----
interrupt_immediately++;
for (array_index = origin, line_count = 1;
! zgetline (fd, &line, &line_length, unbuffered_read) != -1;
! array_index++)
{
/* Remove trailing newlines? */
if (flags & MAPF_CHOP)
***************
*** 218,221 ****
--- 214,222 ----

bind_array_element (entry, array_index, line, 0);
+
+ /* Have we exceeded # of lines to store? */
+ line_count++;
+ if (line_count_goal != 0 && line_count > line_count_goal)
+ break;
}

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 34

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 35

#endif /* _PATCHLEVEL_H_ */

92
SOURCES/bash42-036

@ -0,0 +1,92 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-036

Bug-Reported-by: gregrwm <backuppc-users@whitleymott.net>
Bug-Reference-ID: <CAD+dB9B4JG+qUwZBQUwiQmVt0j6NDn=DDTxr9R+nkA8DL4KLJA@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-05/msg00108.html

Bug-Description:

Bash-4.2 produces incorrect word splitting results when expanding
double-quoted $@ in the same string as and adjacent to other variable
expansions. The $@ should be split, the other expansions should not.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2012-05-02 12:02:33.000000000 -0400
--- subst.c 2012-07-08 21:19:32.000000000 -0400
***************
*** 7923,7927 ****
/* State flags */
int had_quoted_null;
! int has_dollar_at;
int tflag;
int pflags; /* flags passed to param_expand */
--- 7923,7927 ----
/* State flags */
int had_quoted_null;
! int has_dollar_at, temp_has_dollar_at;
int tflag;
int pflags; /* flags passed to param_expand */
***************
*** 8128,8138 ****
*expanded_something = 1;

! has_dollar_at = 0;
pflags = (word->flags & W_NOCOMSUB) ? PF_NOCOMSUB : 0;
if (word->flags & W_NOSPLIT2)
pflags |= PF_NOSPLIT2;
tword = param_expand (string, &sindex, quoted, expanded_something,
! &has_dollar_at, &quoted_dollar_at,
&had_quoted_null, pflags);

if (tword == &expand_wdesc_error || tword == &expand_wdesc_fatal)
--- 8128,8139 ----
*expanded_something = 1;

! temp_has_dollar_at = 0;
pflags = (word->flags & W_NOCOMSUB) ? PF_NOCOMSUB : 0;
if (word->flags & W_NOSPLIT2)
pflags |= PF_NOSPLIT2;
tword = param_expand (string, &sindex, quoted, expanded_something,
! &temp_has_dollar_at, &quoted_dollar_at,
&had_quoted_null, pflags);
+ has_dollar_at += temp_has_dollar_at;

if (tword == &expand_wdesc_error || tword == &expand_wdesc_fatal)
***************
*** 8275,8281 ****
temp = (char *)NULL;

! has_dollar_at = 0;
/* Need to get W_HASQUOTEDNULL flag through this function. */
! list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &has_dollar_at, (int *)NULL);

if (list == &expand_word_error || list == &expand_word_fatal)
--- 8276,8283 ----
temp = (char *)NULL;

! temp_has_dollar_at = 0; /* XXX */
/* Need to get W_HASQUOTEDNULL flag through this function. */
! list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &temp_has_dollar_at, (int *)NULL);
! has_dollar_at += temp_has_dollar_at;

if (list == &expand_word_error || list == &expand_word_fatal)
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 35

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 36

#endif /* _PATCHLEVEL_H_ */

112
SOURCES/bash42-037

@ -0,0 +1,112 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-037

Bug-Reported-by: Jakub Filak
Bug-Reference-ID:
Bug-Reference-URL: https://bugzilla.redhat.com/show_bug.cgi?id=813289

Bug-Description:

Attempting to redo (using `.') the vi editing mode `cc', `dd', or `yy'
commands leads to an infinite loop.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/readline/vi_mode.c 2011-02-25 11:17:02.000000000 -0500
--- lib/readline/vi_mode.c 2012-06-02 12:24:47.000000000 -0400
***************
*** 1235,1243 ****
r = rl_domove_motion_callback (_rl_vimvcxt);
}
! else if (vi_redoing)
{
_rl_vimvcxt->motion = _rl_vi_last_motion;
r = rl_domove_motion_callback (_rl_vimvcxt);
}
#if defined (READLINE_CALLBACKS)
else if (RL_ISSTATE (RL_STATE_CALLBACK))
--- 1297,1313 ----
r = rl_domove_motion_callback (_rl_vimvcxt);
}
! else if (vi_redoing && _rl_vi_last_motion != 'd') /* `dd' is special */
{
_rl_vimvcxt->motion = _rl_vi_last_motion;
r = rl_domove_motion_callback (_rl_vimvcxt);
}
+ else if (vi_redoing) /* handle redoing `dd' here */
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ rl_mark = rl_end;
+ rl_beg_of_line (1, key);
+ RL_UNSETSTATE (RL_STATE_VIMOTION);
+ r = vidomove_dispatch (_rl_vimvcxt);
+ }
#if defined (READLINE_CALLBACKS)
else if (RL_ISSTATE (RL_STATE_CALLBACK))
***************
*** 1317,1325 ****
r = rl_domove_motion_callback (_rl_vimvcxt);
}
! else if (vi_redoing)
{
_rl_vimvcxt->motion = _rl_vi_last_motion;
r = rl_domove_motion_callback (_rl_vimvcxt);
}
#if defined (READLINE_CALLBACKS)
else if (RL_ISSTATE (RL_STATE_CALLBACK))
--- 1387,1403 ----
r = rl_domove_motion_callback (_rl_vimvcxt);
}
! else if (vi_redoing && _rl_vi_last_motion != 'c') /* `cc' is special */
{
_rl_vimvcxt->motion = _rl_vi_last_motion;
r = rl_domove_motion_callback (_rl_vimvcxt);
}
+ else if (vi_redoing) /* handle redoing `cc' here */
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ rl_mark = rl_end;
+ rl_beg_of_line (1, key);
+ RL_UNSETSTATE (RL_STATE_VIMOTION);
+ r = vidomove_dispatch (_rl_vimvcxt);
+ }
#if defined (READLINE_CALLBACKS)
else if (RL_ISSTATE (RL_STATE_CALLBACK))
***************
*** 1378,1381 ****
--- 1456,1472 ----
r = rl_domove_motion_callback (_rl_vimvcxt);
}
+ else if (vi_redoing && _rl_vi_last_motion != 'y') /* `yy' is special */
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+ else if (vi_redoing) /* handle redoing `yy' here */
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ rl_mark = rl_end;
+ rl_beg_of_line (1, key);
+ RL_UNSETSTATE (RL_STATE_VIMOTION);
+ r = vidomove_dispatch (_rl_vimvcxt);
+ }
#if defined (READLINE_CALLBACKS)
else if (RL_ISSTATE (RL_STATE_CALLBACK))
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 36

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 37

#endif /* _PATCHLEVEL_H_ */

47
SOURCES/bash42-038

@ -0,0 +1,47 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-038

Bug-Reported-by: armandsl@gmail.com
Bug-Reference-ID: <20120822112810.8D14920040@windmill.latviatours.lv>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-08/msg00049.html

Bug-Description:

If a backslash-newline (which is removed) with no other input is given as
input to `read', the shell tries to dereference a null pointer and seg faults.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/read.def 2012-03-11 17:52:44.000000000 -0400
--- builtins/read.def 2012-08-22 11:53:09.000000000 -0400
***************
*** 792,796 ****
#endif

! if (saw_escape)
{
t = dequote_string (input_string);
--- 847,851 ----
#endif

! if (saw_escape && input_string && *input_string)
{
t = dequote_string (input_string);
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 37

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 38

#endif /* _PATCHLEVEL_H_ */

58
SOURCES/bash42-039

@ -0,0 +1,58 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-039

Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
Bug-Reference-ID: <1498458.MpVlmOXDB7@smorgbox>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-09/msg00008.html

Bug-Description:

Under certain circumstances, bash attempts to expand variables in arithmetic
expressions even when evaluation is being suppressed.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/expr.c 2011-11-21 18:03:35.000000000 -0500
--- expr.c 2012-09-09 16:31:18.000000000 -0400
***************
*** 1010,1013 ****
--- 1073,1082 ----
#endif

+ /*itrace("expr_streval: %s: noeval = %d", tok, noeval);*/
+ /* If we are suppressing evaluation, just short-circuit here instead of
+ going through the rest of the evaluator. */
+ if (noeval)
+ return (0);
+
/* [[[[[ */
#if defined (ARRAY_VARS)
***************
*** 1183,1186 ****
--- 1256,1263 ----

*cp = '\0';
+ /* XXX - watch out for pointer aliasing issues here */
+ if (curlval.tokstr && curlval.tokstr == tokstr)
+ init_lvalue (&curlval);
+
FREE (tokstr);
tokstr = savestring (tp);
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 38

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 39

#endif /* _PATCHLEVEL_H_ */

56
SOURCES/bash42-040

@ -0,0 +1,56 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-040

Bug-Reported-by: Andrey Zaitsev <jstcdr@gmail.com>
Bug-Reference-ID: <CAEZVQT5PJ1Mb_Zh8LT5qz8sv+-9Q6hGfQ5DU9ZxdJ+gV7xBUaQ@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00144.html

Bug-Description:

Output redirection applied to builtin commands missed I/O errors if
they happened when the file descriptor was closed, rather than on write
(e.g., like with an out-of-space error on a remote NFS file system).

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/redir.c 2011-01-02 16:00:31.000000000 -0500
--- redir.c 2012-04-24 20:42:12.000000000 -0400
***************
*** 1092,1099 ****
#if defined (BUFFERED_INPUT)
check_bash_input (redirector);
! close_buffered_fd (redirector);
#else /* !BUFFERED_INPUT */
! close (redirector);
#endif /* !BUFFERED_INPUT */
}
break;
--- 1092,1101 ----
#if defined (BUFFERED_INPUT)
check_bash_input (redirector);
! r = close_buffered_fd (redirector);
#else /* !BUFFERED_INPUT */
! r = close (redirector);
#endif /* !BUFFERED_INPUT */
+ if (r < 0 && (flags & RX_INTERNAL) && (errno == EIO || errno == ENOSPC))
+ REDIRECTION_ERROR (r, errno, -1);
}
break;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 39

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 40

#endif /* _PATCHLEVEL_H_ */

47
SOURCES/bash42-041

@ -0,0 +1,47 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-041

Bug-Reported-by: Andrey Borzenkov <arvidjaar@gmail.com>
Bug-Reference-ID: <20121202205200.2134478e@opensuse.site>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-12/msg00008.html

Bug-Description:

Process substitution incorrectly inherited a flag that inhibited using the
(local) temporary environment for variable lookups if it was providing
the filename to a redirection. The intent the flag is to enforce the
Posix command expansion ordering rules.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2012-07-14 15:53:20.000000000 -0400
--- subst.c 2012-12-02 22:26:54.000000000 -0500
***************
*** 5125,5128 ****
--- 5129,5136 ----
#endif /* HAVE_DEV_FD */

+ /* subshells shouldn't have this flag, which controls using the temporary
+ environment for variable lookups. */
+ expanding_redir = 0;
+
result = parse_and_execute (string, "process substitution", (SEVAL_NONINT|SEVAL_NOHIST));

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 40

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 41

#endif /* _PATCHLEVEL_H_ */

57
SOURCES/bash42-042

@ -0,0 +1,57 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-042

Bug-Reported-by: Adam Pippin <adam@gp-inc.ca>
Bug-Reference-ID: <CAPYbNHr6ucZFOoWsRdUJj6KP3Ju0j1bkESa_cmb7iU+kZwdVpg@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-11/msg00087.html

Bug-Description:

Compilation failed after specifying the `--enable-minimal-config' option to
configure (more specifically, specifying `--disable-alias').

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/parse.y 2012-07-08 21:53:33.000000000 -0400
--- parse.y 2012-10-14 20:20:34.000000000 -0400
***************
*** 2394,2397 ****
--- 2392,2396 ----
to consume the quoted newline and move to the next character in
the expansion. */
+ #if defined (ALIAS)
if (expanding_alias () && shell_input_line[shell_input_line_index+1] == '\0')
{
***************
*** 2404,2408 ****
goto next_alias_char; /* and get next character */
}
! else
goto restart_read;
}
--- 2403,2408 ----
goto next_alias_char; /* and get next character */
}
! else
! #endif
goto restart_read;
}

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 41

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 42

#endif /* _PATCHLEVEL_H_ */

65
SOURCES/bash42-043

@ -0,0 +1,65 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-043

Bug-Reported-by: konsolebox <konsolebox@gmail.com>
Bug-Reference-ID: <CAJnmqwZuGKLgMsMwxRK4LL+2NN+HgvmKzrnode99QBGrcgX1Lw@mail.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-01/msg00138.html

Bug-Description:

When SIGCHLD is trapped, and a SIGCHLD trap handler runs when a pending
`read -t' invocation times out and generates SIGALRM, bash can crash with
a segmentation fault.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/builtins/read.def 2012-10-31 21:22:51.000517000 -0400
--- builtins/read.def 2013-01-25 10:28:16.000038000 -0500
***************
*** 386,393 ****
/* Tricky. The top of the unwind-protect stack is the free of
input_string. We want to run all the rest and use input_string,
! so we have to remove it from the stack. */
! remove_unwind_protect ();
! run_unwind_frame ("read_builtin");
input_string[i] = '\0'; /* make sure it's terminated */
retval = 128+SIGALRM;
goto assign_vars;
--- 386,403 ----
/* Tricky. The top of the unwind-protect stack is the free of
input_string. We want to run all the rest and use input_string,
! so we have to save input_string temporarily, run the unwind-
! protects, then restore input_string so we can use it later. */
!
input_string[i] = '\0'; /* make sure it's terminated */
+ if (i == 0)
+ {
+ t = (char *)xmalloc (1);
+ t[0] = 0;
+ }
+ else
+ t = savestring (input_string);
+
+ run_unwind_frame ("read_builtin");
+ input_string = t;
retval = 128+SIGALRM;
goto assign_vars;

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 42

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 43

#endif /* _PATCHLEVEL_H_ */

70
SOURCES/bash42-044

@ -0,0 +1,70 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-044

Bug-Reported-by: "Dashing" <dashing@hushmail.com>
Bug-Reference-ID: <20130211175049.D90786F446@smtp.hushmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00030.html

Bug-Description:

When converting a multibyte string to a wide character string as part of
pattern matching, bash does not handle the end of the string correctly,
causing the search for the NUL to go beyond the end of the string and
reference random memory. Depending on the contents of that memory, bash
can produce errors or crash.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c 2012-07-08 21:53:19.000000000 -0400
--- lib/glob/xmbsrtowcs.c 2013-02-12 12:00:39.000000000 -0500
***************
*** 217,220 ****
--- 217,226 ----
n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);

+ if (n == 0 && p == 0)
+ {
+ wsbuf[wcnum] = L'\0';
+ break;
+ }
+
/* Compensate for taking single byte on wcs conversion failure above. */
if (wcslength == 1 && (n == 0 || n == (size_t)-1))
***************
*** 222,226 ****
state = tmp_state;
p = tmp_p;
! wsbuf[wcnum++] = *p++;
}
else
--- 228,238 ----
state = tmp_state;
p = tmp_p;
! wsbuf[wcnum] = *p;
! if (*p == 0)
! break;
! else
! {
! wcnum++; p++;
! }
}
else

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 43

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 44

#endif /* _PATCHLEVEL_H_ */

53
SOURCES/bash42-045

@ -0,0 +1,53 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-045

Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
Bug-Reference-ID: <20130218195539.GA9620@chaz.gmail.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-02/msg00080.html

Bug-Description:

The <&n- and >&n- redirections, which move one file descriptor to another,
leave the file descriptor closed when applied to builtins or compound
commands.

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/redir.c 2013-01-30 11:56:09.000000000 -0500
--- redir.c 2013-02-19 09:38:36.000000000 -0500
***************
*** 1008,1011 ****
--- 1008,1021 ----
REDIRECTION_ERROR (r, errno, -1);
}
+ if ((flags & RX_UNDOABLE) && (ri == r_move_input || ri == r_move_output))
+ {
+ /* r_move_input and r_move_output add an additional close()
+ that needs to be undone */
+ if (fcntl (redirector, F_GETFD, 0) != -1)
+ {
+ r = add_undo_redirect (redir_fd, r_close_this, -1);
+ REDIRECTION_ERROR (r, errno, -1);
+ }
+ }
#if defined (BUFFERED_INPUT)
check_bash_input (redirector);

*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 44

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 45

#endif /* _PATCHLEVEL_H_ */

55
SOURCES/bash42-046

@ -0,0 +1,55 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-046

Bug-Reported-by: "Theodoros V. Kalamatianos" <thkala@gmail.com>
Bug-Reference-ID: <20140112011131.GE17667@infinity.metashade.com>
Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-01/msg00044.html

Bug-Description:

Bash-4.2 patch 32 introduced a problem with "$@" and arrays expanding empty
positional parameters or array elements when using substring expansion,
pattern substitution, or case modfication. The empty parameters or array
elements are removed instead of expanding to empty strings ("").

Patch (apply with `patch -p0'):

*** ../bash-4.2-patched/subst.c 2012-12-31 11:52:56.000000000 -0500
--- subst.c 2014-03-31 14:19:56.000000000 -0400
***************
*** 7243,7247 ****
ret = alloc_word_desc ();
ret->word = temp1;
! if (temp1 && QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
return ret;
--- 7243,7253 ----
ret = alloc_word_desc ();
ret->word = temp1;
! /* We test quoted_dollar_atp because we want variants with double-quoted
! "$@" to take a different code path. In fact, we make sure at the end
! of expand_word_internal that we're only looking at these flags if
! quoted_dollar_at == 0. */
! if (temp1 &&
! (quoted_dollar_atp == 0 || *quoted_dollar_atp == 0) &&
! QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
return ret;
*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
--- patchlevel.h Thu Feb 24 21:41:34 2011
***************
*** 26,30 ****
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 45

#endif /* _PATCHLEVEL_H_ */
--- 26,30 ----
looks for to find the patch level (for the sccs version string). */

! #define PATCHLEVEL 46

#endif /* _PATCHLEVEL_H_ */

44
SOURCES/bash42-052

@ -0,0 +1,44 @@
BASH PATCH REPORT
=================

Bash-Release: 4.2
Patch-ID: bash42-052

Bug-Reported-by: Michal Zalewski <lcamtuf@coredump.cx>
Bug-Reference-ID:
Bug-Reference-URL:

Bug-Description:

When bash is parsing a function definition that contains a here-document
delimited by end-of-file (or end-of-string), it leaves the closing delimiter
uninitialized. This can result in an invalid memory access when the parsed
function is later copied.

Patch (apply with `patch -p0'):

*** ../bash-4.2.51/make_cmd.c 2009-09-11 17:26:12.000000000 -0400
--- make_cmd.c 2014-10-02 11:26:58.000000000 -0400
***************
*** 690,693 ****
--- 690,694 ----
temp->redirector = source;
temp->redirectee = dest_and_filename;
+ temp->here_doc_eof = 0;
temp->instruction = instruction;
temp->flags = 0;
*** ../bash-4.2.51/copy_cmd.c 2009-09-11 16:28:02.000000000 -0400
--- copy_cmd.c 2014-10-02 11:26:58.000000000 -0400
***************
*** 127,131 ****
case r_reading_until:
case r_deblank_reading_until:
! new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
/*FALLTHROUGH*/
case r_reading_string:
--- 127,131 ----
case r_reading_until:
case r_deblank_reading_until:
! new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
/*FALLTHROUGH*/
case r_reading_string:

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save