Fix the shellshock vulnerability (not regression).

git-svn-id: http://svn.telesphoreo.org/trunk@793 514c082c-b64e-11dc-b46d-3d985efe055d

24 files changed, 1775 insertions, 1 deletions

diff --git a/data/bash/_metadata/version b/data/bash/_metadata/version
index 9d58a584e..266f85706 100644
--- a/data/bash/_metadata/version
+++ b/data/bash/_metadata/version
@@ -1 +1 @@
-4.0.17
+4.0.40
diff --git a/data/bash/bash40-018 b/data/bash/bash40-018
new file mode 100644
index 000000000..35f33e5fe
--- /dev/null
+++ b/data/bash/bash40-018
@@ -0,0 +1,78 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-018
+
+Bug-Reported-by: Dan Price <dp@eng.sun.com>
+Bug-Reference-ID: <20090324171502.GA20582@eng.sun.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-03/msg00184.html
+
+Bug-Description:
+
+A missing include file results in an empty function definition and a no-op
+when checking whether or not the window size has changed.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/sh/winsize.c	2008-08-12 13:53:51.000000000 -0400
+--- lib/sh/winsize.c	2009-04-06 10:44:20.000000000 -0400
+***************
+*** 31,44 ****
+  #include <sys/ioctl.h>
+  
+! #if !defined (STRUCT_WINSIZE_IN_SYS_IOCTL)
+! /* For struct winsize on SCO */
+! /*   sys/ptem.h has winsize but needs mblk_t from sys/stream.h */
+! #  if defined (HAVE_SYS_PTEM_H) && defined (TIOCGWINSZ) && defined (SIGWINCH)
+! #    if defined (HAVE_SYS_STREAM_H)
+! #      include <sys/stream.h>
+! #    endif
+  #    include <sys/ptem.h>
+! #  endif /* HAVE_SYS_PTEM_H && TIOCGWINSZ && SIGWINCH */
+! #endif /* !STRUCT_WINSIZE_IN_SYS_IOCTL */
+  
+  #include <stdio.h>
+--- 31,57 ----
+  #include <sys/ioctl.h>
+  
+! /* Try to find the definitions of `struct winsize' and TIOGCWINSZ */
+! 
+! #if defined (GWINSZ_IN_SYS_IOCTL) && !defined (TIOCGWINSZ)
+! #  include <sys/ioctl.h>
+! #endif /* GWINSZ_IN_SYS_IOCTL && !TIOCGWINSZ */
+! 
+! #if defined (STRUCT_WINSIZE_IN_TERMIOS) && !defined (STRUCT_WINSIZE_IN_SYS_IOCTL)
+! #  include <termios.h>
+! #endif /* STRUCT_WINSIZE_IN_TERMIOS && !STRUCT_WINSIZE_IN_SYS_IOCTL */
+! 
+! /* Not in either of the standard places, look around. */
+! #if !defined (STRUCT_WINSIZE_IN_TERMIOS) && !defined (STRUCT_WINSIZE_IN_SYS_IOCTL)
+! #  if defined (HAVE_SYS_STREAM_H)
+! #    include <sys/stream.h>
+! #  endif /* HAVE_SYS_STREAM_H */
+! #  if defined (HAVE_SYS_PTEM_H) /* SVR4.2, at least, has it here */
+  #    include <sys/ptem.h>
+! #    define _IO_PTEM_H          /* work around SVR4.2 1.1.4 bug */
+! #  endif /* HAVE_SYS_PTEM_H */
+! #  if defined (HAVE_SYS_PTE_H)  /* ??? */
+! #    include <sys/pte.h>
+! #  endif /* HAVE_SYS_PTE_H */
+! #endif /* !STRUCT_WINSIZE_IN_TERMIOS && !STRUCT_WINSIZE_IN_SYS_IOCTL */
+  
+  #include <stdio.h>
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 17
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 18
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-019 b/data/bash/bash40-019
new file mode 100644
index 000000000..30efd6806
--- /dev/null
+++ b/data/bash/bash40-019
@@ -0,0 +1,125 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-019
+
+Bug-Reported-by: Oleksiy Melnyk <lex@upc.ua>
+Bug-Reference-ID: <20090224142233.D2FEFC004@floyd.upc.ua>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-02/msg00200.html
+
+Bug-Description:
+
+Using an external command as part of the DEBUG trap when job control is
+enabled causes pipelines to misbehave.  The problem has to do with process
+groups assigned to the pipeline and terminal.
+
+Patch:
+
+*** ../bash-4.0-patched/jobs.c	2009-01-29 17:09:49.000000000 -0500
+--- jobs.c	2009-04-17 21:08:20.000000000 -0400
+***************
+*** 443,447 ****
+    the_pipeline = saved_pipeline;
+    already_making_children = saved_already_making_children;
+!   if (discard)
+      discard_pipeline (old_pipeline);
+  }
+--- 443,447 ----
+    the_pipeline = saved_pipeline;
+    already_making_children = saved_already_making_children;
+!   if (discard && old_pipeline)
+      discard_pipeline (old_pipeline);
+  }
+***************
+*** 4203,4205 ****
+--- 4204,4225 ----
+  }
+  
++ void
++ save_pgrp_pipe (p, clear)
++      int *p;
++      int clear;
++ {
++   p[0] = pgrp_pipe[0];
++   p[1] = pgrp_pipe[1];
++   if (clear)
++     pgrp_pipe[0] = pgrp_pipe[1] = -1;
++ }
++ 
++ void
++ restore_pgrp_pipe (p)
++      int *p;
++ {
++   pgrp_pipe[0] = p[0];
++   pgrp_pipe[1] = p[1];
++ }
++ 
+  #endif /* PGRP_PIPE */
+*** ../bash-4.0-patched/jobs.h	2009-01-04 14:32:29.000000000 -0500
+--- jobs.h	2009-04-17 15:07:51.000000000 -0400
+***************
+*** 236,239 ****
+--- 236,241 ----
+  
+  extern void close_pgrp_pipe __P((void));
++ extern void save_pgrp_pipe __P((int *, int));
++ extern void restore_pgrp_pipe __P((int *));
+  
+  #if defined (JOB_CONTROL)
+*** ../bash-4.0-patched/trap.c	2009-01-16 17:07:53.000000000 -0500
+--- trap.c	2009-04-17 22:22:36.000000000 -0400
+***************
+*** 799,802 ****
+--- 799,804 ----
+  {
+    int trap_exit_value;
++   pid_t save_pgrp;
++   int save_pipe[2];
+  
+    /* XXX - question:  should the DEBUG trap inherit the RETURN trap? */
+***************
+*** 804,808 ****
+--- 806,832 ----
+    if ((sigmodes[DEBUG_TRAP] & SIG_TRAPPED) && ((sigmodes[DEBUG_TRAP] & SIG_IGNORED) == 0) && ((sigmodes[DEBUG_TRAP] & SIG_INPROGRESS) == 0))
+      {
++ #if defined (JOB_CONTROL)
++       save_pgrp = pipeline_pgrp;
++       pipeline_pgrp = 0;
++       save_pipeline (1);
++ #  if defined (PGRP_PIPE)
++       save_pgrp_pipe (save_pipe, 1);
++ #  endif
++       stop_making_children ();
++ #endif
++ 
+        trap_exit_value = _run_trap_internal (DEBUG_TRAP, "debug trap");
++ 
++ #if defined (JOB_CONTROL)
++       pipeline_pgrp = save_pgrp;
++       restore_pipeline (1);
++ #  if defined (PGRP_PIPE)
++       close_pgrp_pipe ();
++       restore_pgrp_pipe (save_pipe);
++ #  endif
++       if (pipeline_pgrp > 0)
++ 	give_terminal_to (pipeline_pgrp, 1);
++       notify_and_cleanup ();
++ #endif
+        
+  #if defined (DEBUGGER)
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 18
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 19
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-020 b/data/bash/bash40-020
new file mode 100644
index 000000000..885f15efe
--- /dev/null
+++ b/data/bash/bash40-020
@@ -0,0 +1,83 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-020
+
+Bug-Reported-by: Nicolai Lissner <nlissne@linux01.org>
+Bug-Reference-ID: <20090412020510.GA29658@lilith>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00104.html
+
+Bug-Description:
+
+If a SIGWINCH arrives while bash is performing redisplay, multi-line prompts
+are displayed incorrectly due to the display code being called recursively.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/readline.h	2009-01-04 14:32:33.000000000 -0500
+--- lib/readline/readline.h	2009-04-13 08:47:00.000000000 -0400
+***************
+*** 815,820 ****
+  #define RL_STATE_MULTIKEY	0x200000	/* reading multiple-key command */
+  #define RL_STATE_VICMDONCE	0x400000	/* entered vi command mode at least once */
+  
+! #define RL_STATE_DONE		0x800000	/* done; accepted line */
+  
+  #define RL_SETSTATE(x)		(rl_readline_state |= (x))
+--- 815,821 ----
+  #define RL_STATE_MULTIKEY	0x200000	/* reading multiple-key command */
+  #define RL_STATE_VICMDONCE	0x400000	/* entered vi command mode at least once */
++ #define RL_STATE_REDISPLAYING	0x800000	/* updating terminal display */
+  
+! #define RL_STATE_DONE		0x1000000	/* done; accepted line */
+  
+  #define RL_SETSTATE(x)		(rl_readline_state |= (x))
+*** ../bash-4.0-patched/lib/readline/display.c	2009-01-04 14:32:32.000000000 -0500
+--- lib/readline/display.c	2009-04-13 08:29:54.000000000 -0400
+***************
+*** 513,516 ****
+--- 513,517 ----
+       data structures. */
+    _rl_block_sigint ();  
++   RL_SETSTATE (RL_STATE_REDISPLAYING);
+  
+    if (!rl_display_prompt)
+***************
+*** 1237,1240 ****
+--- 1238,1242 ----
+    }
+  
++   RL_UNSETSTATE (RL_STATE_REDISPLAYING);
+    _rl_release_sigint ();
+  }
+*** ../bash-4.0-patched/lib/readline/terminal.c	2009-01-04 14:32:34.000000000 -0500
+--- lib/readline/terminal.c	2009-04-13 08:43:00.000000000 -0400
+***************
+*** 356,360 ****
+        if (CUSTOM_REDISPLAY_FUNC ())
+  	rl_forced_update_display ();
+!       else
+  	_rl_redisplay_after_sigwinch ();
+      }
+--- 356,360 ----
+        if (CUSTOM_REDISPLAY_FUNC ())
+  	rl_forced_update_display ();
+!       else if (RL_ISSTATE(RL_STATE_REDISPLAYING) == 0)
+  	_rl_redisplay_after_sigwinch ();
+      }
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 19
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 20
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-021 b/data/bash/bash40-021
new file mode 100644
index 000000000..cf6ee1f5a
--- /dev/null
+++ b/data/bash/bash40-021
@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-021
+
+Bug-Reported-by:  Matt Zyzik <matt.zyzik@nyu.edu>
+Bug-Reference-ID: <20090319015542.696F62B8E8@ice.filescope.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-03/msg00149.html
+
+Bug-Description:
+
+When not in a locale supporting multibyte characters, readline will occasionally
+not erase characters between the cursor position and the end of the line
+when killing text backwards.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/display.c	2009-01-04 14:32:32.000000000 -0500
+--- lib/readline/display.c	2009-04-14 14:00:18.000000000 -0400
+***************
+*** 1775,1779 ****
+  	     adjust col_lendiff based on the difference between _rl_last_c_pos
+  	     and _rl_screenwidth */
+! 	  if (col_lendiff && (_rl_last_c_pos < _rl_screenwidth))
+  #endif
+  	    {	  
+--- 1775,1779 ----
+  	     adjust col_lendiff based on the difference between _rl_last_c_pos
+  	     and _rl_screenwidth */
+! 	  if (col_lendiff && ((MB_CUR_MAX == 1 || rl_byte_oriented) || (_rl_last_c_pos < _rl_screenwidth)))
+  #endif
+  	    {	  
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 20
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 21
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-022 b/data/bash/bash40-022
new file mode 100644
index 000000000..5b6853805
--- /dev/null
+++ b/data/bash/bash40-022
@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-022
+
+Bug-Reported-by:  Bernd Eggink <monoped@sudrala.de>
+Bug-Reference-ID: <49E65407.5010206@sudrala.de>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00118.html
+
+Bug-Description:
+
+When parsing case statements in command substitutions, the shell did not
+note that a newline is a shell metacharacter and can legally be followed
+by a reserved word (e.g., `esac').
+
+Patch:
+
+*** ../bash-4.0-patched/parse.y	2009-03-08 21:24:47.000000000 -0400
+--- parse.y	2009-04-15 22:27:56.000000000 -0400
+***************
+*** 3355,3359 ****
+  
+        /* Meta-characters that can introduce a reserved word.  Not perfect yet. */
+!       if MBTEST((tflags & LEX_RESWDOK) == 0 && (tflags & LEX_CKCASE) && (tflags & LEX_INCOMMENT) == 0 && shellmeta(ch))
+  	{
+  	  /* Add this character. */
+--- 3375,3379 ----
+  
+        /* Meta-characters that can introduce a reserved word.  Not perfect yet. */
+!       if MBTEST((tflags & LEX_RESWDOK) == 0 && (tflags & LEX_CKCASE) && (tflags & LEX_INCOMMENT) == 0 && (shellmeta(ch) || ch == '\n'))
+  	{
+  	  /* Add this character. */
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 21
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 22
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-023 b/data/bash/bash40-023
new file mode 100644
index 000000000..d2376c7da
--- /dev/null
+++ b/data/bash/bash40-023
@@ -0,0 +1,62 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-023
+
+Bug-Reported-by: Andreas Schwab <schwab@linux-m68k.org>
+Bug-Reference-ID: <m21vrhhx08.fsf@igel.home>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00160.html
+
+Bug-Description:
+
+If the prompt length exactly matches the screen width, and the prompt ends
+with invisible characters, readline positions the cursor incorrectly.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/display.c	2009-01-04 14:32:32.000000000 -0500
+--- lib/readline/display.c	2009-04-25 21:42:18.000000000 -0400
+***************
+*** 1895,1898 ****
+--- 1897,1904 ----
+    woff = WRAP_OFFSET (_rl_last_v_pos, wrap_offset);
+    cpos = _rl_last_c_pos;
++ 
++   if (cpos == 0 && cpos == new)
++     return;
++ 
+  #if defined (HANDLE_MULTIBYTE)
+    /* If we have multibyte characters, NEW is indexed by the buffer point in
+***************
+*** 1908,1914 ****
+  	 desired display position. */
+        if ((new > prompt_last_invisible) ||		/* XXX - don't use woff here */
+! 	  (prompt_physical_chars > _rl_screenwidth &&
+  	   _rl_last_v_pos == prompt_last_screen_line &&
+! 	   wrap_offset >= woff &&
+  	   new > (prompt_last_invisible-(_rl_screenwidth*_rl_last_v_pos)-wrap_offset)))
+  	   /* XXX last comparison might need to be >= */
+--- 1914,1920 ----
+  	 desired display position. */
+        if ((new > prompt_last_invisible) ||		/* XXX - don't use woff here */
+! 	  (prompt_physical_chars >= _rl_screenwidth &&
+  	   _rl_last_v_pos == prompt_last_screen_line &&
+! 	   wrap_offset >= woff && dpos >= woff &&
+  	   new > (prompt_last_invisible-(_rl_screenwidth*_rl_last_v_pos)-wrap_offset)))
+  	   /* XXX last comparison might need to be >= */
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 22
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 23
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-024 b/data/bash/bash40-024
new file mode 100644
index 000000000..ac2058ae3
--- /dev/null
+++ b/data/bash/bash40-024
@@ -0,0 +1,112 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-024
+
+Bug-Reported-by:  Matt Zyzik <matt.zyzik@nyu.edu>
+Bug-Reference-ID:  <20090405205428.4FDEA1C7175@ice.filescope.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00021.html
+
+Bug-Description:
+
+When using the ** globbing operator, bash will incorrectly add an extra
+directory name when the preceding directory name ends with `*' or an empty
+string when there is no preceding directory name.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c	2009-01-04 14:32:30.000000000 -0500
+--- lib/glob/glob.c	2009-04-28 10:22:29.000000000 -0400
+***************
+*** 357,361 ****
+        if (ep)
+          *ep = 0;
+!       if (r)
+  	free (r);
+        return (struct globval *)0;
+--- 357,361 ----
+        if (ep)
+          *ep = 0;
+!       if (r && r != &glob_error_return)
+  	free (r);
+        return (struct globval *)0;
+***************
+*** 666,671 ****
+      }
+  
+!   /* compat: if GX_ALLDIRS, add the passed directory also */
+!   if (add_current)
+      {
+        sdlen = strlen (dir);
+--- 666,672 ----
+      }
+  
+!   /* compat: if GX_ALLDIRS, add the passed directory also, but don't add an
+!      empty directory name. */
+!   if (add_current && (flags & GX_NULLDIR) == 0)
+      {
+        sdlen = strlen (dir);
+***************
+*** 679,686 ****
+  	  nextlink->next = lastlink;
+  	  lastlink = nextlink;
+! 	  if (flags & GX_NULLDIR)
+! 	    nextname[0] = '\0';
+! 	  else
+! 	    bcopy (dir, nextname, sdlen + 1);
+  	  ++count;
+  	}
+--- 680,684 ----
+  	  nextlink->next = lastlink;
+  	  lastlink = nextlink;
+! 	  bcopy (dir, nextname, sdlen + 1);
+  	  ++count;
+  	}
+***************
+*** 943,947 ****
+  	      register unsigned int l;
+  
+! 	      array = glob_dir_to_array (directories[i], temp_results, flags);
+  	      l = 0;
+  	      while (array[l] != NULL)
+--- 941,950 ----
+  	      register unsigned int l;
+  
+! 	      /* If we're expanding **, we don't need to glue the directory
+! 		 name to the results; we've already done it in glob_vector */
+! 	      if ((dflags & GX_ALLDIRS) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+! 		array = temp_results;
+! 	      else
+! 		array = glob_dir_to_array (directories[i], temp_results, flags);
+  	      l = 0;
+  	      while (array[l] != NULL)
+***************
+*** 960,964 ****
+  
+  	      /* Note that the elements of ARRAY are not freed.  */
+! 	      free ((char *) array);
+  	    }
+  	}
+--- 963,968 ----
+  
+  	      /* Note that the elements of ARRAY are not freed.  */
+! 	      if (array != temp_results)
+! 		free ((char *) array);
+  	    }
+  	}
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 23
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 24
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-025 b/data/bash/bash40-025
new file mode 100644
index 000000000..30b38ba31
--- /dev/null
+++ b/data/bash/bash40-025
@@ -0,0 +1,104 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-025
+
+Bug-Reported-by:	Matt Zyzik <matt.zyzik@nyu.edu>
+Bug-Reference-ID:	<20090519011418.GA21431@ice.filescope.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00044.html
+
+Bug-Description:
+
+bash40-024 introduced a regression for constructs like **/*.cs; that
+expansion would no longer include matching files in the current directory.
+This patch undoes portions of bash40-024 and fixes the original problem
+in a different way.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c	2009-05-22 12:32:26.000000000 -0400
+--- lib/glob/glob.c	2009-05-22 12:35:55.000000000 -0400
+***************
+*** 666,672 ****
+      }
+  
+!   /* compat: if GX_ALLDIRS, add the passed directory also, but don't add an
+!      empty directory name. */
+!   if (add_current && (flags & GX_NULLDIR) == 0)
+      {
+        sdlen = strlen (dir);
+--- 666,673 ----
+      }
+  
+!   /* compat: if GX_ADDCURDIR, add the passed directory also.  Add an empty
+!      directory name as a placeholder if GX_NULLDIR (in which case the passed
+!      directory name is "."). */
+!   if (add_current)
+      {
+        sdlen = strlen (dir);
+***************
+*** 680,684 ****
+  	  nextlink->next = lastlink;
+  	  lastlink = nextlink;
+! 	  bcopy (dir, nextname, sdlen + 1);
+  	  ++count;
+  	}
+--- 681,688 ----
+  	  nextlink->next = lastlink;
+  	  lastlink = nextlink;
+! 	  if (flags & GX_NULLDIR)
+! 	    nextname[0] = '\0';
+! 	  else
+! 	    bcopy (dir, nextname, sdlen + 1);
+  	  ++count;
+  	}
+***************
+*** 1008,1016 ****
+        /* Just return what glob_vector () returns appended to the
+  	 directory name. */
+        dflags = flags & ~GX_MARKDIRS;
+        if (directory_len == 0)
+  	dflags |= GX_NULLDIR;
+        if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+! 	dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+        temp_results = glob_vector (filename,
+  				  (directory_len == 0 ? "." : directory_name),
+--- 1012,1033 ----
+        /* Just return what glob_vector () returns appended to the
+  	 directory name. */
++       /* If flags & GX_ALLDIRS, we're called recursively */
+        dflags = flags & ~GX_MARKDIRS;
+        if (directory_len == 0)
+  	dflags |= GX_NULLDIR;
+        if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+! 	{
+! 	  dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+! #if 0
+! 	  /* If we want all directories (dflags & GX_ALLDIRS) and we're not
+! 	     being called recursively as something like `echo **/*.o'
+! 	     ((flags & GX_ALLDIRS) == 0), we want to prevent glob_vector from
+! 	     adding a null directory name to the front of the temp_results
+! 	     array.  We turn off ADDCURDIR if not called recursively and
+! 	     dlen == 0 */
+! #endif
+! 	  if (directory_len == 0 && (flags & GX_ALLDIRS) == 0)
+! 	    dflags &= ~GX_ADDCURDIR;
+! 	}
+        temp_results = glob_vector (filename,
+  				  (directory_len == 0 ? "." : directory_name),
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 24
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 25
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-026 b/data/bash/bash40-026
new file mode 100644
index 000000000..412b2c71b
--- /dev/null
+++ b/data/bash/bash40-026
@@ -0,0 +1,56 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-026
+
+Bug-Reported-by:	Sergei Steshenko <sergstesh@yahoo.com>
+Bug-Reference-ID:	<670181.38883.qm@web35204.mail.mud.yahoo.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00059.html
+
+Bug-Description:
+
+A forgotten line in externs.h caused compilation errors to occur on some
+systems (e.g., Cygwin).
+
+Patch:
+
+*** ../bash-4.0-patched/externs.h	2009-01-18 18:29:29.000000000 -0500
+--- externs.h	2009-06-02 09:05:40.000000000 -0400
+***************
+*** 193,196 ****
+--- 193,198 ----
+  
+  /* Declarations for functions defined in lib/sh/fpurge.c */
++ 
++ #if defined NEED_FPURGE_DECL
+  #if !HAVE_DECL_FPURGE
+  
+***************
+*** 201,205 ****
+  
+  #endif /* HAVE_DECL_FPURGE */
+! 
+  
+  /* Declarations for functions defined in lib/sh/getcwd.c */
+--- 203,207 ----
+  
+  #endif /* HAVE_DECL_FPURGE */
+! #endif /* NEED_FPURGE_DECL */
+  
+  /* Declarations for functions defined in lib/sh/getcwd.c */
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 25
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-027 b/data/bash/bash40-027
new file mode 100644
index 000000000..a96ce4b1a
--- /dev/null
+++ b/data/bash/bash40-027
@@ -0,0 +1,67 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID: bash40-027
+
+Bug-Reported-by:	jim@jim.sh
+Bug-Reference-ID:	<200905262140.n4QLeO4X030664@psychosis.jim.sh>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00074.html
+
+Bug-Description:
+
+There are occasional cursor positioning errors when using readline's
+horizontal scroll mode.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/display.c	2009-05-22 12:32:25.000000000 -0400
+--- lib/readline/display.c	2009-05-29 23:32:20.000000000 -0400
+***************
+*** 1190,1196 ****
+  	line[t - 1] = '>';
+  
+!       if (!rl_display_fixed || forced_display || lmargin != last_lmargin)
+  	{
+  	  forced_display = 0;
+  	  update_line (&visible_line[last_lmargin],
+  		       &invisible_line[lmargin],
+--- 1192,1200 ----
+  	line[t - 1] = '>';
+  
+!       if (rl_display_fixed == 0 || forced_display || lmargin != last_lmargin)
+  	{
+  	  forced_display = 0;
++ 	  o_cpos = _rl_last_c_pos;
++ 	  cpos_adjusted = 0;
+  	  update_line (&visible_line[last_lmargin],
+  		       &invisible_line[lmargin],
+***************
+*** 1200,1203 ****
+--- 1204,1214 ----
+  		       0);
+  
++ 	  if ((MB_CUR_MAX > 1 && rl_byte_oriented == 0) &&
++ 	      cpos_adjusted == 0 &&
++ 	      _rl_last_c_pos != o_cpos &&
++ 	      _rl_last_c_pos > wrap_offset &&
++ 	      o_cpos < prompt_last_invisible)
++ 		_rl_last_c_pos -= prompt_invis_chars_first_line;	/* XXX - was wrap_offset */
++ 
+  	  /* If the visible new line is shorter than the old, but the number
+  	     of invisible characters is greater, and we are at the end of
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 26
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 27
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-028 b/data/bash/bash40-028
new file mode 100644
index 000000000..a5b0b60a3
--- /dev/null
+++ b/data/bash/bash40-028
@@ -0,0 +1,172 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-028
+
+Bug-Reported-by:	martin f krafft <madduck@debian.org>
+Bug-Reference-ID:	<4A4E39E7.5080807@debian.org>
+Bug-Reference-URL:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519165
+			http://lists.gnu.org/archive/html/bug-bash/2009-07/msg00011.html
+
+Bug-Description:
+
+bash-4.0 reverted to the historical shell behavior of raising an error
+when $@ or $* was expanded after `set -u' had been executed and there
+were no positional parameters.  The Posix working group has since
+clarified the standard's position on the issue, and $@ and $* are now the
+only variables, parameters, or special parameters that do not raise an
+error when unset if set -u is enabled.
+
+Patch:
+
+*** ../bash-4.0-patched/subst.c	Mon Mar 23 11:34:55 2009
+--- subst.c	Wed Jun 17 18:12:18 2009
+***************
+*** 6768,6778 ****
+  
+      case RBRACE:
+!       if (var_is_set == 0 && unbound_vars_is_error)
+  	{
+  	  err_unboundvar (name);
+  	  FREE (value);
+  	  FREE (temp);
+  	  free (name);
+- 	  last_command_exit_value = EXECUTION_FAILURE;
+  	  return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+  	}
+--- 6794,6804 ----
+  
+      case RBRACE:
+!       if (var_is_set == 0 && unbound_vars_is_error && ((name[0] != '@' && name[0] != '*') || name[1]))
+  	{
++ 	  last_command_exit_value = EXECUTION_FAILURE;
+  	  err_unboundvar (name);
+  	  FREE (value);
+  	  FREE (temp);
+  	  free (name);
+  	  return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+  	}
+***************
+*** 6991,6994 ****
+--- 7017,7029 ----
+        list = list_rest_of_args ();
+  
++ #if 0
++       /* According to austin-group posix proposal by Geoff Clare in
++ 	 <20090505091501.GA10097@squonk.masqnet> of 5 May 2009:
++ 
++  	"The shell shall write a message to standard error and
++  	 immediately exit when it tries to expand an unset parameter
++  	 other than the '@' and '*' special parameters."
++       */
++ 
+        if (list == 0 && unbound_vars_is_error && (pflags & PF_IGNUNBOUND) == 0)
+  	{
+***************
+*** 6996,7003 ****
+  	  uerror[1] = '*';
+  	  uerror[2] = '\0';
+- 	  err_unboundvar (uerror);
+  	  last_command_exit_value = EXECUTION_FAILURE;
+  	  return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+  	}
+  
+        /* If there are no command-line arguments, this should just
+--- 7031,7039 ----
+  	  uerror[1] = '*';
+  	  uerror[2] = '\0';
+  	  last_command_exit_value = EXECUTION_FAILURE;
++ 	  err_unboundvar (uerror);
+  	  return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+  	}
++ #endif
+  
+        /* If there are no command-line arguments, this should just
+***************
+*** 7053,7056 ****
+--- 7089,7101 ----
+        list = list_rest_of_args ();
+  
++ #if 0
++       /* According to austin-group posix proposal by Geoff Clare in
++ 	 <20090505091501.GA10097@squonk.masqnet> of 5 May 2009:
++ 
++  	"The shell shall write a message to standard error and
++  	 immediately exit when it tries to expand an unset parameter
++  	 other than the '@' and '*' special parameters."
++       */
++ 
+        if (list == 0 && unbound_vars_is_error && (pflags & PF_IGNUNBOUND) == 0)
+  	{
+***************
+*** 7058,7065 ****
+  	  uerror[1] = '@';
+  	  uerror[2] = '\0';
+- 	  err_unboundvar (uerror);
+  	  last_command_exit_value = EXECUTION_FAILURE;
+  	  return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+  	}
+  
+        /* We want to flag the fact that we saw this.  We can't turn
+--- 7103,7111 ----
+  	  uerror[1] = '@';
+  	  uerror[2] = '\0';
+  	  last_command_exit_value = EXECUTION_FAILURE;
++ 	  err_unboundvar (uerror);
+  	  return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+  	}
++ #endif
+  
+        /* We want to flag the fact that we saw this.  We can't turn
+*** ../bash-4.0-patched/doc/bash.1	Wed Feb 18 15:13:56 2009
+--- doc/bash.1	Wed Jun 17 08:51:19 2009
+***************
+*** 8258,8264 ****
+  .TP 8
+  .B \-u
+! Treat unset variables as an error when performing
+  parameter expansion.  If expansion is attempted on an
+! unset variable, the shell prints an error message, and,
+  if not interactive, exits with a non-zero status.
+  .TP 8
+--- 8274,8281 ----
+  .TP 8
+  .B \-u
+! Treat unset variables and parameters other than the special
+! parameters "@" and "*" as an error when performing
+  parameter expansion.  If expansion is attempted on an
+! unset variable or parameter, the shell prints an error message, and,
+  if not interactive, exits with a non-zero status.
+  .TP 8
+*** ../bash-4.0-patched/doc/bashref.texi	Wed Feb 18 15:14:43 2009
+--- doc/bashref.texi	Wed Jun 17 08:50:46 2009
+***************
+*** 4139,4143 ****
+  
+  @item -u
+! Treat unset variables as an error when performing parameter expansion.
+  An error message will be written to the standard error, and a non-interactive
+  shell will exit.
+--- 4151,4156 ----
+  
+  @item -u
+! Treat unset variables and parameters other than the special parameters
+! @samp{@@} or @samp{*} as an error when performing parameter expansion.
+  An error message will be written to the standard error, and a non-interactive
+  shell will exit.
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 27
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 28
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-029 b/data/bash/bash40-029
new file mode 100644
index 000000000..a13176de2
--- /dev/null
+++ b/data/bash/bash40-029
@@ -0,0 +1,106 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-029
+
+Bug-Reported-by:	Christian Krause <chkr@plauener.de>
+Bug-Reference-ID:	Thu, 25 Jun 2009 21:47:59 +0200
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-06/msg00078.html
+
+Bug-Description:
+
+Previous versions of bash accepted strings in the initial environment
+that were not valid shell variable assignments, usually because the
+names were invalid, but still created shell variables from them and
+passed them to child processes in the environment.
+
+Bash-4.0 ignores those names and does not pass them to child processes.
+Some users and automated processes depend on invalid variables being
+ignored and passed to child processes.
+
+This patch makes bash continue to ignore the invalid names, but pass
+them to child processes in the export environment.
+
+Patch:
+
+*** ../bash-4.0-patched/variables.c	2009-01-04 14:32:46.000000000 -0500
+--- variables.c	2009-06-29 09:17:20.000000000 -0400
+***************
+*** 253,256 ****
+--- 255,259 ----
+  static int visible_var __P((SHELL_VAR *));
+  static int visible_and_exported __P((SHELL_VAR *));
++ static int export_environment_candidate __P((SHELL_VAR *));
+  static int local_and_exported __P((SHELL_VAR *));
+  static int variable_in_context __P((SHELL_VAR *));
+***************
+*** 376,383 ****
+  #  endif
+  #endif
+        else if (legal_identifier (name))
+  	{
+  	  temp_var = bind_variable (name, string, 0);
+! 	  VSETATTR (temp_var, (att_exported | att_imported));
+  	  array_needs_making = 1;
+  	}
+--- 379,393 ----
+  #  endif
+  #endif
++ #if 0
+        else if (legal_identifier (name))
++ #else
++       else
++ #endif
+  	{
+  	  temp_var = bind_variable (name, string, 0);
+! 	  if (legal_identifier (name))
+! 	    VSETATTR (temp_var, (att_exported | att_imported));
+! 	  else
+! 	    VSETATTR (temp_var, (att_exported | att_imported | att_invisible));
+  	  array_needs_making = 1;
+  	}
+***************
+*** 3083,3086 ****
+--- 3098,3111 ----
+  }
+  
++ /* Candidate variables for the export environment are either valid variables
++    with the export attribute or invalid variables inherited from the initial
++    environment and simply passed through. */
++ static int
++ export_environment_candidate (var)
++      SHELL_VAR *var;
++ {
++   return (exported_p (var) && (invisible_p (var) == 0 || imported_p (var)));
++ }
++ 
+  /* Return non-zero if VAR is a local variable in the current context and
+     is exported. */
+***************
+*** 3439,3443 ****
+--- 3464,3472 ----
+    SHELL_VAR **vars;
+  
++ #if 0
+    vars = map_over (visible_and_exported, vcxt);
++ #else
++   vars = map_over (export_environment_candidate, vcxt);
++ #endif
+  
+    if (vars == 0)
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 28
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 29
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-030 b/data/bash/bash40-030
new file mode 100644
index 000000000..e4f038933
--- /dev/null
+++ b/data/bash/bash40-030
@@ -0,0 +1,64 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-030
+
+Bug-Reported-by:	Henning Bekel <h.bekel@googlemail.com>
+Bug-Reference-ID:	<7c6eacF262ctuU1@mid.individual.net>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-07/msg00054.html
+
+Bug-Description:
+
+A shell function invoked with `bind -x' is supposed to be able to move the
+cursor by setting READLINE_POINT.  The effects of this assignment were
+sometimes ignored.
+
+Patch:
+
+*** ../bash-4.0-patched/bashline.c	2009-01-08 09:29:24.000000000 -0500
+--- bashline.c	2009-07-16 14:13:41.000000000 -0400
+***************
+*** 3389,3393 ****
+    register int i;
+    intmax_t mi;
+-   int save_point;
+    sh_parser_state_t ps;
+    char *cmd, *value, *l;
+--- 3389,3392 ----
+***************
+*** 3433,3437 ****
+      VSETATTR (v, att_exported);
+    l = value_cell (v);
+-   save_point = rl_point;
+    value = inttostr (rl_point, ibuf, sizeof (ibuf));
+    v = bind_int_variable ("READLINE_POINT", value);
+--- 3432,3435 ----
+***************
+*** 3451,3455 ****
+      {
+        i = mi;
+!       if (i != save_point)
+  	{
+  	  rl_point = i;
+--- 3449,3453 ----
+      {
+        i = mi;
+!       if (i != rl_point)
+  	{
+  	  rl_point = i;
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 29
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 30
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-031 b/data/bash/bash40-031
new file mode 100644
index 000000000..db46aa3fc
--- /dev/null
+++ b/data/bash/bash40-031
@@ -0,0 +1,62 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-031
+
+Bug-Reported-by:	Roman Rakus <rrakus@redhat.com>
+Bug-Reference-ID:	<4A93F6E9.4050401@redhat.com>
+Bug-Reference-URL:	
+
+Bug-Description:
+
+An implicit assignment to index "0" of an existing array variable caused
+the shell to crash when the variable was unset.
+
+Patch:
+
+*** ../bash-4.0-patched/arrayfunc.c	2009-03-08 21:24:39.000000000 -0400
+--- arrayfunc.c	2009-08-24 09:29:43.000000000 -0400
+***************
+*** 99,103 ****
+    hash = assoc_create (0);
+    if (oldval)
+!     assoc_insert (hash, "0", oldval);
+  
+    FREE (value_cell (var));
+--- 99,103 ----
+    hash = assoc_create (0);
+    if (oldval)
+!     assoc_insert (hash, savestring ("0"), oldval);
+  
+    FREE (value_cell (var));
+*** ../bash-4.0-patched/variables.c	2009-01-04 14:32:46.000000000 -0500
+--- variables.c	2009-08-24 09:29:58.000000000 -0400
+***************
+*** 2218,2222 ****
+        else if (assoc_p (entry))
+  	{
+! 	  assoc_insert (assoc_cell (entry), "0", newval);
+  	  free (newval);
+  	}
+--- 2218,2222 ----
+        else if (assoc_p (entry))
+  	{
+! 	  assoc_insert (assoc_cell (entry), savestring ("0"), newval);
+  	  free (newval);
+  	}
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 30
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 31
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-032 b/data/bash/bash40-032
new file mode 100644
index 000000000..0c9ba74da
--- /dev/null
+++ b/data/bash/bash40-032
@@ -0,0 +1,46 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-032
+
+Bug-Reported-by:	muszi@muszi.kite.hu
+Bug-Reference-ID:	<20090826113159.18815.qmail@muszi.kite.hu>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-08/msg00090.html
+
+Bug-Description:
+
+Bash-4.0 has a memory leak when processing ${!prefix@}.
+
+Patch:
+
+*** ../bash-4.0-patched/subst.c	2009-07-22 23:18:55.000000000 -0400
+--- subst.c	2009-08-26 23:08:51.000000000 -0400
+***************
+*** 6607,6611 ****
+  	}
+        free (x);
+!       free (xlist);
+        free (temp1);
+        *indexp = sindex;
+--- 6769,6773 ----
+  	}
+        free (x);
+!       dispose_words (xlist);
+        free (temp1);
+        *indexp = sindex;
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 31
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 32
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-033 b/data/bash/bash40-033
new file mode 100644
index 000000000..80fcb6be3
--- /dev/null
+++ b/data/bash/bash40-033
@@ -0,0 +1,50 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-033
+
+Bug-Reported-by:	Dr. Werner Fink <werner@suse.de>
+Bug-Reference-ID:	<200907010951.n619p76I013912@boole.suse.de>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-07/msg00000.html
+
+Bug-Description:
+
+Bash-4.0 has a memory leak in the `read' builtin when the number of fields
+read is not the same as the number of variables passed as arguments.
+
+Patch:
+
+*** ../bash-4.0-patched/builtins/read.def	2009-03-08 21:24:45.000000000 -0400
+--- builtins/read.def	2009-07-01 15:32:42.000000000 -0400
+***************
+*** 764,768 ****
+  	tofree = input_string = t;
+        else
+! 	input_string = strip_trailing_ifs_whitespace (t1, ifs_chars, saw_escape);
+      }
+  #endif
+--- 764,771 ----
+  	tofree = input_string = t;
+        else
+! 	{
+! 	  input_string = strip_trailing_ifs_whitespace (t1, ifs_chars, saw_escape);
+! 	  tofree = t;
+! 	}
+      }
+  #endif
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 32
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 33
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-034 b/data/bash/bash40-034
new file mode 100644
index 000000000..bacb33ce1
--- /dev/null
+++ b/data/bash/bash40-034
@@ -0,0 +1,59 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-034
+
+Bug-Reported-by:	Anders Kaseorg <andersk@mit.edu>
+Bug-Reference-ID:	<1252856832.991059.8162.nullmailer@balanced-tree.mit.edu>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-09/msg00043.html
+
+Bug-Description:
+
+When using the globstar option, bash incorrectly interprets wildcarded path
+components between a **/ and the last / as matching any path, even if the
+constructed path does not match any files.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c	2009-07-22 23:18:50.000000000 -0400
+--- lib/glob/glob.c	2009-09-18 17:53:25.000000000 -0400
+***************
+*** 920,928 ****
+  	  char **temp_results;
+  
+  	  /* Scan directory even on a NULL filename.  That way, `*h/'
+  	     returns only directories ending in `h', instead of all
+  	     files ending in `h' with a `/' appended. */
+  	  dname = directories[i];
+! 	  dflags = flags & ~GX_MARKDIRS;
+  	  if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+  	    dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+--- 927,938 ----
+  	  char **temp_results;
+  
++ 	  /* XXX -- we've recursively scanned any directories resulting from
++ 	     a `**', so turn off the flag.  We turn it on again below if
++ 	     filename is `**' */
+  	  /* Scan directory even on a NULL filename.  That way, `*h/'
+  	     returns only directories ending in `h', instead of all
+  	     files ending in `h' with a `/' appended. */
+  	  dname = directories[i];
+! 	  dflags = flags & ~(GX_MARKDIRS|GX_ALLDIRS|GX_ADDCURDIR);
+  	  if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+  	    dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 33
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 34
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-035 b/data/bash/bash40-035
new file mode 100644
index 000000000..3b1af7505
--- /dev/null
+++ b/data/bash/bash40-035
@@ -0,0 +1,62 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-035
+
+Bug-Reported-by:	Freddy Vulto <fvulto@gmail.com>
+Bug-Reference-ID:	<e9c463930909171341p7cbe6e43pa3788ebbe3adec4d@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2009-09/msg00044.html
+
+Bug-Description:
+
+Bash-4.0 incorrectly treated single and double quotes as delimiters rather
+than introducing quoted strings when splitting the line into words for
+programmable completion functions.
+
+Patch:
+
+*** ../bash-4.0-patched/pcomplete.c	2009-03-08 21:24:31.000000000 -0400
+--- pcomplete.c	2009-09-26 16:30:16.000000000 -0400
+***************
+*** 1176,1186 ****
+    WORD_LIST *ret;
+    char *delims;
+  
+! #if 0
+!   delims = "()<>;&| \t\n";	/* shell metacharacters break words */
+! #else
+!   delims = rl_completer_word_break_characters;
+! #endif
+    ret = split_at_delims (line, llen, delims, sentinel, nwp, cwp);
+    return (ret);
+  }
+--- 1176,1188 ----
+    WORD_LIST *ret;
+    char *delims;
++   int i, j;
+  
+!   delims = xmalloc (strlen (rl_completer_word_break_characters) + 1);
+!   for (i = j = 0; rl_completer_word_break_characters[i]; i++)
+!     if (rl_completer_word_break_characters[i] != '\'' && rl_completer_word_break_characters[i] != '"')
+!       delims[j++] = rl_completer_word_break_characters[i];
+!   delims[j] = '\0';
+    ret = split_at_delims (line, llen, delims, sentinel, nwp, cwp);
++   free (delims);
+    return (ret);
+  }
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 34
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 35
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-036 b/data/bash/bash40-036
new file mode 100644
index 000000000..ed08e3936
--- /dev/null
+++ b/data/bash/bash40-036
@@ -0,0 +1,90 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-036
+
+Bug-Reported-by:	Jerome Reybert <jreybert@gmail.com>
+Bug-Reference-ID:	<f5da50720908070109p1faa3847x5a9dff68d24a7197@mail.gmail.com>
+Bug-Reference-URL:	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538013
+
+Bug-Description:
+
+Under some circumstances, menu-complete is unable to complete filenames.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/complete.c	2009-01-22 15:15:14.000000000 -0500
+--- lib/readline/complete.c	2009-08-26 17:15:59.000000000 -0400
+***************
+*** 2209,2213 ****
+    /* The first time through, we generate the list of matches and set things
+       up to insert them. */
+!   if (rl_last_func != rl_menu_complete)
+      {
+        /* Clean up from previous call, if any. */
+--- 2252,2256 ----
+    /* The first time through, we generate the list of matches and set things
+       up to insert them. */
+!   if (rl_last_func != rl_old_menu_complete)
+      {
+        /* Clean up from previous call, if any. */
+***************
+*** 2221,2224 ****
+--- 2264,2269 ----
+        rl_completion_invoking_key = invoking_key;
+  
++       RL_SETSTATE(RL_STATE_COMPLETING);
++ 
+        /* Only the completion entry function can change these. */
+        set_completion_defaults ('%');
+***************
+*** 2260,2266 ****
+--- 2305,2314 ----
+  	  orig_text = (char *)0;
+      	  completion_changed_buffer = 0;
++  	  RL_UNSETSTATE(RL_STATE_COMPLETING);
+            return (0);
+  	}
+  
++       RL_UNSETSTATE(RL_STATE_COMPLETING);
++ 
+        for (match_list_size = 0; matches[match_list_size]; match_list_size++)
+          ;
+***************
+*** 2338,2341 ****
+--- 2386,2391 ----
+        full_completion = 0;
+  
++       RL_SETSTATE(RL_STATE_COMPLETING);
++ 
+        /* Only the completion entry function can change these. */
+        set_completion_defaults ('%');
+***************
+*** 2379,2385 ****
+--- 2429,2438 ----
+  	  orig_text = (char *)0;
+      	  completion_changed_buffer = 0;
++  	  RL_UNSETSTATE(RL_STATE_COMPLETING);
+            return (0);
+  	}
+  
++       RL_UNSETSTATE(RL_STATE_COMPLETING);
++ 
+        for (match_list_size = 0; matches[match_list_size]; match_list_size++)
+          ;
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 35
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 36
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-037 b/data/bash/bash40-037
new file mode 100644
index 000000000..95baeb319
--- /dev/null
+++ b/data/bash/bash40-037
@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-037
+
+Bug-Reported-by:	Chet Ramey <chet.ramey@case.edu>
+Bug-Reference-ID:	<4AD7D749.5030601@case.edu>
+Bug-Reference-URL:
+
+Bug-Description:
+
+The configure script does not work on Snow Leopard and will result in
+attempts to link against the incorrect version of readline.
+
+Patch:
+
+*** ../bash-4.0-patched/configure.in	2009-02-06 12:03:44.000000000 -0500
+--- configure.in	2009-10-01 16:38:24.000000000 -0400
+***************
+*** 534,538 ****
+  		# dynamic version
+  		case "${host_os}" in
+! 		darwin[[89]]*)	READLINE_LIB='${READLINE_LIBRARY}' ;;
+  		*)		READLINE_LIB=-lreadline ;;
+  		esac
+--- 534,538 ----
+  		# dynamic version
+  		case "${host_os}" in
+! 		darwin[[89]]*|darwin10*) READLINE_LIB='${READLINE_LIBRARY}' ;;
+  		*)		READLINE_LIB=-lreadline ;;
+  		esac
+***************
+*** 569,573 ****
+  		# dynamic version
+  		case "${host_os}" in
+! 		darwin[[89]]*)	HISTORY_LIB='${HISTORY_LIBRARY}' ;;
+  		*)		HISTORY_LIB=-lhistory ;;
+  		esac
+--- 569,573 ----
+  		# dynamic version
+  		case "${host_os}" in
+! 		darwin[[89]]*|darwin10*) HISTORY_LIB='${HISTORY_LIBRARY}' ;;
+  		*)		HISTORY_LIB=-lhistory ;;
+  		esac
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 36
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 37
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-038 b/data/bash/bash40-038
new file mode 100644
index 000000000..80505cc34
--- /dev/null
+++ b/data/bash/bash40-038
@@ -0,0 +1,56 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-038
+
+Bug-Reported-by:	werner@suse.de
+Bug-Reference-ID:	<201002251238.o1PCcYcg016893@boole.suse.de>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-02/msg00132.html
+
+Bug-Description:
+
+When the `read' builtin times out after the timeout specified with -t is
+exceeded, it does not reset the flags that tell signal handlers to process
+signals immediately instead of deferring their handling.  This can result
+in unsafe functions being called from signal handlers, which can cause bash
+to hang or dump core.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.0-patched/builtins/read.def	2009-09-03 14:40:03.000000000 -0400
+--- builtins/read.def	2010-03-17 17:35:39.000000000 -0400
+***************
+*** 602,607 ****
+      zsyncfd (fd);
+  
+-   interrupt_immediately--;
+-   terminate_immediately--;
+    discard_unwind_frame ("read_builtin");
+  
+--- 616,619 ----
+***************
+*** 610,613 ****
+--- 622,628 ----
+  assign_vars:
+  
++   interrupt_immediately--;
++   terminate_immediately--;
++ 
+  #if defined (ARRAY_VARS)
+    /* If -a was given, take the string read, break it into a list of words,
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 37
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 38
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-039 b/data/bash/bash40-039
new file mode 100644
index 000000000..3eac28cef
--- /dev/null
+++ b/data/bash/bash40-039
@@ -0,0 +1,104 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-039
+
+Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under certain circumstances, bash will execute user code while processing the
+environment for exported function definitions.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.0.38/builtins/common.h	2009-01-15 23:08:54.000000000 -0500
+--- builtins/common.h	2014-09-16 19:20:48.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+  
+  /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
++ #define SEVAL_ONECMD	0x100		/* only allow a single command */
+  #define CDESC_ALL		0x001	/* type -a */
+  #define CDESC_SHORTDESC		0x002	/* command -V */
+*** ../bash-4.0.38/builtins/evalstring.c	2009-01-13 14:44:12.000000000 -0500
+--- builtins/evalstring.c	2014-09-16 19:20:48.000000000 -0400
+***************
+*** 259,262 ****
+--- 259,270 ----
+  	      struct fd_bitmap *bitmap;
+  
++ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ 		{
++ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
++ 		  should_jump_to_top_level = 0;
++ 		  last_result = last_command_exit_value = EX_BADUSAGE;
++ 		  break;
++ 		}
++ 
+  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+  	      begin_unwind_frame ("pe_dispose");
+***************
+*** 319,322 ****
+--- 327,333 ----
+  	      dispose_fd_bitmap (bitmap);
+  	      discard_unwind_frame ("pe_dispose");
++ 
++ 	      if (flags & SEVAL_ONECMD)
++ 		break;
+  	    }
+  	}
+*** ../bash-4.0.38/variables.c	2009-09-19 13:04:23.000000000 -0400
+--- variables.c	2014-09-16 19:20:48.000000000 -0400
+***************
+*** 344,353 ****
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+! 
+! 	  /* Ancient backwards compatibility.  Old versions of bash exported
+! 	     functions like name()=() {...} */
+! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! 	    name[char_index - 2] = '\0';
+  
+  	  if (temp_var = find_function (name))
+--- 344,351 ----
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  /* Don't import function names that are invalid identifiers from the
+! 	     environment. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+  	  if (temp_var = find_function (name))
+***************
+*** 358,365 ****
+  	  else
+  	    report_error (_("error importing function definition for `%s'"), name);
+- 
+- 	  /* ( */
+- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- 	    name[char_index - 2] = '(';		/* ) */
+  	}
+  #if defined (ARRAY_VARS)
+--- 356,359 ----
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 38
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 39
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-040 b/data/bash/bash40-040
new file mode 100644
index 000000000..a8ae2c577
--- /dev/null
+++ b/data/bash/bash40-040
@@ -0,0 +1,60 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.0
+Patch-ID:	bash40-040
+
+Bug-Reported-by:	Tavis Ormandy <taviso () cmpxchg8b com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.0.39/parse.y	2009-06-02 09:08:07.000000000 -0400
+--- parse.y	2014-09-25 16:15:47.000000000 -0400
+***************
+*** 2671,2674 ****
+--- 2671,2676 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** ../bash-4.0.39/y.tab.c	2009-01-08 09:30:24.000000000 -0500
+--- y.tab.c	2014-09-25 20:27:08.000000000 -0400
+***************
+*** 4927,4930 ****
+--- 4927,4932 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++   
+    last_read_token = '\n';
+    token_to_read = '\n';
+***************
+*** 7910,7912 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 7912,7913 ----
+*** ../bash-4.0/patchlevel.h	2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h	2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 39
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 40
+  
+  #endif /* _PATCHLEVEL_H_ */