summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorJay Freeman <saurik@saurik.com>2014-09-26 10:03:21 +0000
committerJay Freeman <saurik@saurik.com>2014-09-26 10:03:21 +0000
commitd513c95110fbec3a9c1f6bb3d56e5ecf0971f058 (patch)
tree2183c599c8b9648ee8da49512604fe296c066c31 /data
parenteaacbeade6c101df568afad2308bae83ebd56359 (diff)
Fix the shellshock vulnerability (not regression).
git-svn-id: http://svn.telesphoreo.org/trunk@793 514c082c-b64e-11dc-b46d-3d985efe055d
Diffstat (limited to 'data')
-rw-r--r--data/bash/_metadata/version2
-rw-r--r--data/bash/bash40-01878
-rw-r--r--data/bash/bash40-019125
-rw-r--r--data/bash/bash40-02083
-rw-r--r--data/bash/bash40-02148
-rw-r--r--data/bash/bash40-02248
-rw-r--r--data/bash/bash40-02362
-rw-r--r--data/bash/bash40-024112
-rw-r--r--data/bash/bash40-025104
-rw-r--r--data/bash/bash40-02656
-rw-r--r--data/bash/bash40-02767
-rw-r--r--data/bash/bash40-028172
-rw-r--r--data/bash/bash40-029106
-rw-r--r--data/bash/bash40-03064
-rw-r--r--data/bash/bash40-03162
-rw-r--r--data/bash/bash40-03246
-rw-r--r--data/bash/bash40-03350
-rw-r--r--data/bash/bash40-03459
-rw-r--r--data/bash/bash40-03562
-rw-r--r--data/bash/bash40-03690
-rw-r--r--data/bash/bash40-03760
-rw-r--r--data/bash/bash40-03856
-rw-r--r--data/bash/bash40-039104
-rw-r--r--data/bash/bash40-04060
24 files changed, 1775 insertions, 1 deletions
diff --git a/data/bash/_metadata/version b/data/bash/_metadata/version
index 9d58a584e..266f85706 100644
--- a/data/bash/_metadata/version
+++ b/data/bash/_metadata/version
@@ -1 +1 @@
-4.0.17
+4.0.40
diff --git a/data/bash/bash40-018 b/data/bash/bash40-018
new file mode 100644
index 000000000..35f33e5fe
--- /dev/null
+++ b/data/bash/bash40-018
@@ -0,0 +1,78 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-018
+
+Bug-Reported-by: Dan Price <dp@eng.sun.com>
+Bug-Reference-ID: <20090324171502.GA20582@eng.sun.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-03/msg00184.html
+
+Bug-Description:
+
+A missing include file results in an empty function definition and a no-op
+when checking whether or not the window size has changed.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/sh/winsize.c 2008-08-12 13:53:51.000000000 -0400
+--- lib/sh/winsize.c 2009-04-06 10:44:20.000000000 -0400
+***************
+*** 31,44 ****
+ #include <sys/ioctl.h>
+
+! #if !defined (STRUCT_WINSIZE_IN_SYS_IOCTL)
+! /* For struct winsize on SCO */
+! /* sys/ptem.h has winsize but needs mblk_t from sys/stream.h */
+! # if defined (HAVE_SYS_PTEM_H) && defined (TIOCGWINSZ) && defined (SIGWINCH)
+! # if defined (HAVE_SYS_STREAM_H)
+! # include <sys/stream.h>
+! # endif
+ # include <sys/ptem.h>
+! # endif /* HAVE_SYS_PTEM_H && TIOCGWINSZ && SIGWINCH */
+! #endif /* !STRUCT_WINSIZE_IN_SYS_IOCTL */
+
+ #include <stdio.h>
+--- 31,57 ----
+ #include <sys/ioctl.h>
+
+! /* Try to find the definitions of `struct winsize' and TIOGCWINSZ */
+!
+! #if defined (GWINSZ_IN_SYS_IOCTL) && !defined (TIOCGWINSZ)
+! # include <sys/ioctl.h>
+! #endif /* GWINSZ_IN_SYS_IOCTL && !TIOCGWINSZ */
+!
+! #if defined (STRUCT_WINSIZE_IN_TERMIOS) && !defined (STRUCT_WINSIZE_IN_SYS_IOCTL)
+! # include <termios.h>
+! #endif /* STRUCT_WINSIZE_IN_TERMIOS && !STRUCT_WINSIZE_IN_SYS_IOCTL */
+!
+! /* Not in either of the standard places, look around. */
+! #if !defined (STRUCT_WINSIZE_IN_TERMIOS) && !defined (STRUCT_WINSIZE_IN_SYS_IOCTL)
+! # if defined (HAVE_SYS_STREAM_H)
+! # include <sys/stream.h>
+! # endif /* HAVE_SYS_STREAM_H */
+! # if defined (HAVE_SYS_PTEM_H) /* SVR4.2, at least, has it here */
+ # include <sys/ptem.h>
+! # define _IO_PTEM_H /* work around SVR4.2 1.1.4 bug */
+! # endif /* HAVE_SYS_PTEM_H */
+! # if defined (HAVE_SYS_PTE_H) /* ??? */
+! # include <sys/pte.h>
+! # endif /* HAVE_SYS_PTE_H */
+! #endif /* !STRUCT_WINSIZE_IN_TERMIOS && !STRUCT_WINSIZE_IN_SYS_IOCTL */
+
+ #include <stdio.h>
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 17
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 18
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-019 b/data/bash/bash40-019
new file mode 100644
index 000000000..30efd6806
--- /dev/null
+++ b/data/bash/bash40-019
@@ -0,0 +1,125 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-019
+
+Bug-Reported-by: Oleksiy Melnyk <lex@upc.ua>
+Bug-Reference-ID: <20090224142233.D2FEFC004@floyd.upc.ua>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-02/msg00200.html
+
+Bug-Description:
+
+Using an external command as part of the DEBUG trap when job control is
+enabled causes pipelines to misbehave. The problem has to do with process
+groups assigned to the pipeline and terminal.
+
+Patch:
+
+*** ../bash-4.0-patched/jobs.c 2009-01-29 17:09:49.000000000 -0500
+--- jobs.c 2009-04-17 21:08:20.000000000 -0400
+***************
+*** 443,447 ****
+ the_pipeline = saved_pipeline;
+ already_making_children = saved_already_making_children;
+! if (discard)
+ discard_pipeline (old_pipeline);
+ }
+--- 443,447 ----
+ the_pipeline = saved_pipeline;
+ already_making_children = saved_already_making_children;
+! if (discard && old_pipeline)
+ discard_pipeline (old_pipeline);
+ }
+***************
+*** 4203,4205 ****
+--- 4204,4225 ----
+ }
+
++ void
++ save_pgrp_pipe (p, clear)
++ int *p;
++ int clear;
++ {
++ p[0] = pgrp_pipe[0];
++ p[1] = pgrp_pipe[1];
++ if (clear)
++ pgrp_pipe[0] = pgrp_pipe[1] = -1;
++ }
++
++ void
++ restore_pgrp_pipe (p)
++ int *p;
++ {
++ pgrp_pipe[0] = p[0];
++ pgrp_pipe[1] = p[1];
++ }
++
+ #endif /* PGRP_PIPE */
+*** ../bash-4.0-patched/jobs.h 2009-01-04 14:32:29.000000000 -0500
+--- jobs.h 2009-04-17 15:07:51.000000000 -0400
+***************
+*** 236,239 ****
+--- 236,241 ----
+
+ extern void close_pgrp_pipe __P((void));
++ extern void save_pgrp_pipe __P((int *, int));
++ extern void restore_pgrp_pipe __P((int *));
+
+ #if defined (JOB_CONTROL)
+*** ../bash-4.0-patched/trap.c 2009-01-16 17:07:53.000000000 -0500
+--- trap.c 2009-04-17 22:22:36.000000000 -0400
+***************
+*** 799,802 ****
+--- 799,804 ----
+ {
+ int trap_exit_value;
++ pid_t save_pgrp;
++ int save_pipe[2];
+
+ /* XXX - question: should the DEBUG trap inherit the RETURN trap? */
+***************
+*** 804,808 ****
+--- 806,832 ----
+ if ((sigmodes[DEBUG_TRAP] & SIG_TRAPPED) && ((sigmodes[DEBUG_TRAP] & SIG_IGNORED) == 0) && ((sigmodes[DEBUG_TRAP] & SIG_INPROGRESS) == 0))
+ {
++ #if defined (JOB_CONTROL)
++ save_pgrp = pipeline_pgrp;
++ pipeline_pgrp = 0;
++ save_pipeline (1);
++ # if defined (PGRP_PIPE)
++ save_pgrp_pipe (save_pipe, 1);
++ # endif
++ stop_making_children ();
++ #endif
++
+ trap_exit_value = _run_trap_internal (DEBUG_TRAP, "debug trap");
++
++ #if defined (JOB_CONTROL)
++ pipeline_pgrp = save_pgrp;
++ restore_pipeline (1);
++ # if defined (PGRP_PIPE)
++ close_pgrp_pipe ();
++ restore_pgrp_pipe (save_pipe);
++ # endif
++ if (pipeline_pgrp > 0)
++ give_terminal_to (pipeline_pgrp, 1);
++ notify_and_cleanup ();
++ #endif
+
+ #if defined (DEBUGGER)
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 18
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 19
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-020 b/data/bash/bash40-020
new file mode 100644
index 000000000..885f15efe
--- /dev/null
+++ b/data/bash/bash40-020
@@ -0,0 +1,83 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-020
+
+Bug-Reported-by: Nicolai Lissner <nlissne@linux01.org>
+Bug-Reference-ID: <20090412020510.GA29658@lilith>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00104.html
+
+Bug-Description:
+
+If a SIGWINCH arrives while bash is performing redisplay, multi-line prompts
+are displayed incorrectly due to the display code being called recursively.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/readline.h 2009-01-04 14:32:33.000000000 -0500
+--- lib/readline/readline.h 2009-04-13 08:47:00.000000000 -0400
+***************
+*** 815,820 ****
+ #define RL_STATE_MULTIKEY 0x200000 /* reading multiple-key command */
+ #define RL_STATE_VICMDONCE 0x400000 /* entered vi command mode at least once */
+
+! #define RL_STATE_DONE 0x800000 /* done; accepted line */
+
+ #define RL_SETSTATE(x) (rl_readline_state |= (x))
+--- 815,821 ----
+ #define RL_STATE_MULTIKEY 0x200000 /* reading multiple-key command */
+ #define RL_STATE_VICMDONCE 0x400000 /* entered vi command mode at least once */
++ #define RL_STATE_REDISPLAYING 0x800000 /* updating terminal display */
+
+! #define RL_STATE_DONE 0x1000000 /* done; accepted line */
+
+ #define RL_SETSTATE(x) (rl_readline_state |= (x))
+*** ../bash-4.0-patched/lib/readline/display.c 2009-01-04 14:32:32.000000000 -0500
+--- lib/readline/display.c 2009-04-13 08:29:54.000000000 -0400
+***************
+*** 513,516 ****
+--- 513,517 ----
+ data structures. */
+ _rl_block_sigint ();
++ RL_SETSTATE (RL_STATE_REDISPLAYING);
+
+ if (!rl_display_prompt)
+***************
+*** 1237,1240 ****
+--- 1238,1242 ----
+ }
+
++ RL_UNSETSTATE (RL_STATE_REDISPLAYING);
+ _rl_release_sigint ();
+ }
+*** ../bash-4.0-patched/lib/readline/terminal.c 2009-01-04 14:32:34.000000000 -0500
+--- lib/readline/terminal.c 2009-04-13 08:43:00.000000000 -0400
+***************
+*** 356,360 ****
+ if (CUSTOM_REDISPLAY_FUNC ())
+ rl_forced_update_display ();
+! else
+ _rl_redisplay_after_sigwinch ();
+ }
+--- 356,360 ----
+ if (CUSTOM_REDISPLAY_FUNC ())
+ rl_forced_update_display ();
+! else if (RL_ISSTATE(RL_STATE_REDISPLAYING) == 0)
+ _rl_redisplay_after_sigwinch ();
+ }
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 19
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 20
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-021 b/data/bash/bash40-021
new file mode 100644
index 000000000..cf6ee1f5a
--- /dev/null
+++ b/data/bash/bash40-021
@@ -0,0 +1,48 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-021
+
+Bug-Reported-by: Matt Zyzik <matt.zyzik@nyu.edu>
+Bug-Reference-ID: <20090319015542.696F62B8E8@ice.filescope.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-03/msg00149.html
+
+Bug-Description:
+
+When not in a locale supporting multibyte characters, readline will occasionally
+not erase characters between the cursor position and the end of the line
+when killing text backwards.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/display.c 2009-01-04 14:32:32.000000000 -0500
+--- lib/readline/display.c 2009-04-14 14:00:18.000000000 -0400
+***************
+*** 1775,1779 ****
+ adjust col_lendiff based on the difference between _rl_last_c_pos
+ and _rl_screenwidth */
+! if (col_lendiff && (_rl_last_c_pos < _rl_screenwidth))
+ #endif
+ {
+--- 1775,1779 ----
+ adjust col_lendiff based on the difference between _rl_last_c_pos
+ and _rl_screenwidth */
+! if (col_lendiff && ((MB_CUR_MAX == 1 || rl_byte_oriented) || (_rl_last_c_pos < _rl_screenwidth)))
+ #endif
+ {
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 20
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 21
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-022 b/data/bash/bash40-022
new file mode 100644
index 000000000..5b6853805
--- /dev/null
+++ b/data/bash/bash40-022
@@ -0,0 +1,48 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-022
+
+Bug-Reported-by: Bernd Eggink <monoped@sudrala.de>
+Bug-Reference-ID: <49E65407.5010206@sudrala.de>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00118.html
+
+Bug-Description:
+
+When parsing case statements in command substitutions, the shell did not
+note that a newline is a shell metacharacter and can legally be followed
+by a reserved word (e.g., `esac').
+
+Patch:
+
+*** ../bash-4.0-patched/parse.y 2009-03-08 21:24:47.000000000 -0400
+--- parse.y 2009-04-15 22:27:56.000000000 -0400
+***************
+*** 3355,3359 ****
+
+ /* Meta-characters that can introduce a reserved word. Not perfect yet. */
+! if MBTEST((tflags & LEX_RESWDOK) == 0 && (tflags & LEX_CKCASE) && (tflags & LEX_INCOMMENT) == 0 && shellmeta(ch))
+ {
+ /* Add this character. */
+--- 3375,3379 ----
+
+ /* Meta-characters that can introduce a reserved word. Not perfect yet. */
+! if MBTEST((tflags & LEX_RESWDOK) == 0 && (tflags & LEX_CKCASE) && (tflags & LEX_INCOMMENT) == 0 && (shellmeta(ch) || ch == '\n'))
+ {
+ /* Add this character. */
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 21
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 22
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-023 b/data/bash/bash40-023
new file mode 100644
index 000000000..d2376c7da
--- /dev/null
+++ b/data/bash/bash40-023
@@ -0,0 +1,62 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-023
+
+Bug-Reported-by: Andreas Schwab <schwab@linux-m68k.org>
+Bug-Reference-ID: <m21vrhhx08.fsf@igel.home>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00160.html
+
+Bug-Description:
+
+If the prompt length exactly matches the screen width, and the prompt ends
+with invisible characters, readline positions the cursor incorrectly.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/display.c 2009-01-04 14:32:32.000000000 -0500
+--- lib/readline/display.c 2009-04-25 21:42:18.000000000 -0400
+***************
+*** 1895,1898 ****
+--- 1897,1904 ----
+ woff = WRAP_OFFSET (_rl_last_v_pos, wrap_offset);
+ cpos = _rl_last_c_pos;
++
++ if (cpos == 0 && cpos == new)
++ return;
++
+ #if defined (HANDLE_MULTIBYTE)
+ /* If we have multibyte characters, NEW is indexed by the buffer point in
+***************
+*** 1908,1914 ****
+ desired display position. */
+ if ((new > prompt_last_invisible) || /* XXX - don't use woff here */
+! (prompt_physical_chars > _rl_screenwidth &&
+ _rl_last_v_pos == prompt_last_screen_line &&
+! wrap_offset >= woff &&
+ new > (prompt_last_invisible-(_rl_screenwidth*_rl_last_v_pos)-wrap_offset)))
+ /* XXX last comparison might need to be >= */
+--- 1914,1920 ----
+ desired display position. */
+ if ((new > prompt_last_invisible) || /* XXX - don't use woff here */
+! (prompt_physical_chars >= _rl_screenwidth &&
+ _rl_last_v_pos == prompt_last_screen_line &&
+! wrap_offset >= woff && dpos >= woff &&
+ new > (prompt_last_invisible-(_rl_screenwidth*_rl_last_v_pos)-wrap_offset)))
+ /* XXX last comparison might need to be >= */
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 22
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 23
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-024 b/data/bash/bash40-024
new file mode 100644
index 000000000..ac2058ae3
--- /dev/null
+++ b/data/bash/bash40-024
@@ -0,0 +1,112 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-024
+
+Bug-Reported-by: Matt Zyzik <matt.zyzik@nyu.edu>
+Bug-Reference-ID: <20090405205428.4FDEA1C7175@ice.filescope.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-04/msg00021.html
+
+Bug-Description:
+
+When using the ** globbing operator, bash will incorrectly add an extra
+directory name when the preceding directory name ends with `*' or an empty
+string when there is no preceding directory name.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c 2009-01-04 14:32:30.000000000 -0500
+--- lib/glob/glob.c 2009-04-28 10:22:29.000000000 -0400
+***************
+*** 357,361 ****
+ if (ep)
+ *ep = 0;
+! if (r)
+ free (r);
+ return (struct globval *)0;
+--- 357,361 ----
+ if (ep)
+ *ep = 0;
+! if (r && r != &glob_error_return)
+ free (r);
+ return (struct globval *)0;
+***************
+*** 666,671 ****
+ }
+
+! /* compat: if GX_ALLDIRS, add the passed directory also */
+! if (add_current)
+ {
+ sdlen = strlen (dir);
+--- 666,672 ----
+ }
+
+! /* compat: if GX_ALLDIRS, add the passed directory also, but don't add an
+! empty directory name. */
+! if (add_current && (flags & GX_NULLDIR) == 0)
+ {
+ sdlen = strlen (dir);
+***************
+*** 679,686 ****
+ nextlink->next = lastlink;
+ lastlink = nextlink;
+! if (flags & GX_NULLDIR)
+! nextname[0] = '\0';
+! else
+! bcopy (dir, nextname, sdlen + 1);
+ ++count;
+ }
+--- 680,684 ----
+ nextlink->next = lastlink;
+ lastlink = nextlink;
+! bcopy (dir, nextname, sdlen + 1);
+ ++count;
+ }
+***************
+*** 943,947 ****
+ register unsigned int l;
+
+! array = glob_dir_to_array (directories[i], temp_results, flags);
+ l = 0;
+ while (array[l] != NULL)
+--- 941,950 ----
+ register unsigned int l;
+
+! /* If we're expanding **, we don't need to glue the directory
+! name to the results; we've already done it in glob_vector */
+! if ((dflags & GX_ALLDIRS) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+! array = temp_results;
+! else
+! array = glob_dir_to_array (directories[i], temp_results, flags);
+ l = 0;
+ while (array[l] != NULL)
+***************
+*** 960,964 ****
+
+ /* Note that the elements of ARRAY are not freed. */
+! free ((char *) array);
+ }
+ }
+--- 963,968 ----
+
+ /* Note that the elements of ARRAY are not freed. */
+! if (array != temp_results)
+! free ((char *) array);
+ }
+ }
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 23
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 24
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-025 b/data/bash/bash40-025
new file mode 100644
index 000000000..30b38ba31
--- /dev/null
+++ b/data/bash/bash40-025
@@ -0,0 +1,104 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-025
+
+Bug-Reported-by: Matt Zyzik <matt.zyzik@nyu.edu>
+Bug-Reference-ID: <20090519011418.GA21431@ice.filescope.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00044.html
+
+Bug-Description:
+
+bash40-024 introduced a regression for constructs like **/*.cs; that
+expansion would no longer include matching files in the current directory.
+This patch undoes portions of bash40-024 and fixes the original problem
+in a different way.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c 2009-05-22 12:32:26.000000000 -0400
+--- lib/glob/glob.c 2009-05-22 12:35:55.000000000 -0400
+***************
+*** 666,672 ****
+ }
+
+! /* compat: if GX_ALLDIRS, add the passed directory also, but don't add an
+! empty directory name. */
+! if (add_current && (flags & GX_NULLDIR) == 0)
+ {
+ sdlen = strlen (dir);
+--- 666,673 ----
+ }
+
+! /* compat: if GX_ADDCURDIR, add the passed directory also. Add an empty
+! directory name as a placeholder if GX_NULLDIR (in which case the passed
+! directory name is "."). */
+! if (add_current)
+ {
+ sdlen = strlen (dir);
+***************
+*** 680,684 ****
+ nextlink->next = lastlink;
+ lastlink = nextlink;
+! bcopy (dir, nextname, sdlen + 1);
+ ++count;
+ }
+--- 681,688 ----
+ nextlink->next = lastlink;
+ lastlink = nextlink;
+! if (flags & GX_NULLDIR)
+! nextname[0] = '\0';
+! else
+! bcopy (dir, nextname, sdlen + 1);
+ ++count;
+ }
+***************
+*** 1008,1016 ****
+ /* Just return what glob_vector () returns appended to the
+ directory name. */
+ dflags = flags & ~GX_MARKDIRS;
+ if (directory_len == 0)
+ dflags |= GX_NULLDIR;
+ if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+! dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+ temp_results = glob_vector (filename,
+ (directory_len == 0 ? "." : directory_name),
+--- 1012,1033 ----
+ /* Just return what glob_vector () returns appended to the
+ directory name. */
++ /* If flags & GX_ALLDIRS, we're called recursively */
+ dflags = flags & ~GX_MARKDIRS;
+ if (directory_len == 0)
+ dflags |= GX_NULLDIR;
+ if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+! {
+! dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+! #if 0
+! /* If we want all directories (dflags & GX_ALLDIRS) and we're not
+! being called recursively as something like `echo **/*.o'
+! ((flags & GX_ALLDIRS) == 0), we want to prevent glob_vector from
+! adding a null directory name to the front of the temp_results
+! array. We turn off ADDCURDIR if not called recursively and
+! dlen == 0 */
+! #endif
+! if (directory_len == 0 && (flags & GX_ALLDIRS) == 0)
+! dflags &= ~GX_ADDCURDIR;
+! }
+ temp_results = glob_vector (filename,
+ (directory_len == 0 ? "." : directory_name),
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 24
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 25
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-026 b/data/bash/bash40-026
new file mode 100644
index 000000000..412b2c71b
--- /dev/null
+++ b/data/bash/bash40-026
@@ -0,0 +1,56 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-026
+
+Bug-Reported-by: Sergei Steshenko <sergstesh@yahoo.com>
+Bug-Reference-ID: <670181.38883.qm@web35204.mail.mud.yahoo.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00059.html
+
+Bug-Description:
+
+A forgotten line in externs.h caused compilation errors to occur on some
+systems (e.g., Cygwin).
+
+Patch:
+
+*** ../bash-4.0-patched/externs.h 2009-01-18 18:29:29.000000000 -0500
+--- externs.h 2009-06-02 09:05:40.000000000 -0400
+***************
+*** 193,196 ****
+--- 193,198 ----
+
+ /* Declarations for functions defined in lib/sh/fpurge.c */
++
++ #if defined NEED_FPURGE_DECL
+ #if !HAVE_DECL_FPURGE
+
+***************
+*** 201,205 ****
+
+ #endif /* HAVE_DECL_FPURGE */
+!
+
+ /* Declarations for functions defined in lib/sh/getcwd.c */
+--- 203,207 ----
+
+ #endif /* HAVE_DECL_FPURGE */
+! #endif /* NEED_FPURGE_DECL */
+
+ /* Declarations for functions defined in lib/sh/getcwd.c */
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 25
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-027 b/data/bash/bash40-027
new file mode 100644
index 000000000..a96ce4b1a
--- /dev/null
+++ b/data/bash/bash40-027
@@ -0,0 +1,67 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-027
+
+Bug-Reported-by: jim@jim.sh
+Bug-Reference-ID: <200905262140.n4QLeO4X030664@psychosis.jim.sh>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-05/msg00074.html
+
+Bug-Description:
+
+There are occasional cursor positioning errors when using readline's
+horizontal scroll mode.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/display.c 2009-05-22 12:32:25.000000000 -0400
+--- lib/readline/display.c 2009-05-29 23:32:20.000000000 -0400
+***************
+*** 1190,1196 ****
+ line[t - 1] = '>';
+
+! if (!rl_display_fixed || forced_display || lmargin != last_lmargin)
+ {
+ forced_display = 0;
+ update_line (&visible_line[last_lmargin],
+ &invisible_line[lmargin],
+--- 1192,1200 ----
+ line[t - 1] = '>';
+
+! if (rl_display_fixed == 0 || forced_display || lmargin != last_lmargin)
+ {
+ forced_display = 0;
++ o_cpos = _rl_last_c_pos;
++ cpos_adjusted = 0;
+ update_line (&visible_line[last_lmargin],
+ &invisible_line[lmargin],
+***************
+*** 1200,1203 ****
+--- 1204,1214 ----
+ 0);
+
++ if ((MB_CUR_MAX > 1 && rl_byte_oriented == 0) &&
++ cpos_adjusted == 0 &&
++ _rl_last_c_pos != o_cpos &&
++ _rl_last_c_pos > wrap_offset &&
++ o_cpos < prompt_last_invisible)
++ _rl_last_c_pos -= prompt_invis_chars_first_line; /* XXX - was wrap_offset */
++
+ /* If the visible new line is shorter than the old, but the number
+ of invisible characters is greater, and we are at the end of
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-028 b/data/bash/bash40-028
new file mode 100644
index 000000000..a5b0b60a3
--- /dev/null
+++ b/data/bash/bash40-028
@@ -0,0 +1,172 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-028
+
+Bug-Reported-by: martin f krafft <madduck@debian.org>
+Bug-Reference-ID: <4A4E39E7.5080807@debian.org>
+Bug-Reference-URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519165
+ http://lists.gnu.org/archive/html/bug-bash/2009-07/msg00011.html
+
+Bug-Description:
+
+bash-4.0 reverted to the historical shell behavior of raising an error
+when $@ or $* was expanded after `set -u' had been executed and there
+were no positional parameters. The Posix working group has since
+clarified the standard's position on the issue, and $@ and $* are now the
+only variables, parameters, or special parameters that do not raise an
+error when unset if set -u is enabled.
+
+Patch:
+
+*** ../bash-4.0-patched/subst.c Mon Mar 23 11:34:55 2009
+--- subst.c Wed Jun 17 18:12:18 2009
+***************
+*** 6768,6778 ****
+
+ case RBRACE:
+! if (var_is_set == 0 && unbound_vars_is_error)
+ {
+ err_unboundvar (name);
+ FREE (value);
+ FREE (temp);
+ free (name);
+- last_command_exit_value = EXECUTION_FAILURE;
+ return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+ }
+--- 6794,6804 ----
+
+ case RBRACE:
+! if (var_is_set == 0 && unbound_vars_is_error && ((name[0] != '@' && name[0] != '*') || name[1]))
+ {
++ last_command_exit_value = EXECUTION_FAILURE;
+ err_unboundvar (name);
+ FREE (value);
+ FREE (temp);
+ free (name);
+ return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+ }
+***************
+*** 6991,6994 ****
+--- 7017,7029 ----
+ list = list_rest_of_args ();
+
++ #if 0
++ /* According to austin-group posix proposal by Geoff Clare in
++ <20090505091501.GA10097@squonk.masqnet> of 5 May 2009:
++
++ "The shell shall write a message to standard error and
++ immediately exit when it tries to expand an unset parameter
++ other than the '@' and '*' special parameters."
++ */
++
+ if (list == 0 && unbound_vars_is_error && (pflags & PF_IGNUNBOUND) == 0)
+ {
+***************
+*** 6996,7003 ****
+ uerror[1] = '*';
+ uerror[2] = '\0';
+- err_unboundvar (uerror);
+ last_command_exit_value = EXECUTION_FAILURE;
+ return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+ }
+
+ /* If there are no command-line arguments, this should just
+--- 7031,7039 ----
+ uerror[1] = '*';
+ uerror[2] = '\0';
+ last_command_exit_value = EXECUTION_FAILURE;
++ err_unboundvar (uerror);
+ return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+ }
++ #endif
+
+ /* If there are no command-line arguments, this should just
+***************
+*** 7053,7056 ****
+--- 7089,7101 ----
+ list = list_rest_of_args ();
+
++ #if 0
++ /* According to austin-group posix proposal by Geoff Clare in
++ <20090505091501.GA10097@squonk.masqnet> of 5 May 2009:
++
++ "The shell shall write a message to standard error and
++ immediately exit when it tries to expand an unset parameter
++ other than the '@' and '*' special parameters."
++ */
++
+ if (list == 0 && unbound_vars_is_error && (pflags & PF_IGNUNBOUND) == 0)
+ {
+***************
+*** 7058,7065 ****
+ uerror[1] = '@';
+ uerror[2] = '\0';
+- err_unboundvar (uerror);
+ last_command_exit_value = EXECUTION_FAILURE;
+ return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+ }
+
+ /* We want to flag the fact that we saw this. We can't turn
+--- 7103,7111 ----
+ uerror[1] = '@';
+ uerror[2] = '\0';
+ last_command_exit_value = EXECUTION_FAILURE;
++ err_unboundvar (uerror);
+ return (interactive_shell ? &expand_wdesc_error : &expand_wdesc_fatal);
+ }
++ #endif
+
+ /* We want to flag the fact that we saw this. We can't turn
+*** ../bash-4.0-patched/doc/bash.1 Wed Feb 18 15:13:56 2009
+--- doc/bash.1 Wed Jun 17 08:51:19 2009
+***************
+*** 8258,8264 ****
+ .TP 8
+ .B \-u
+! Treat unset variables as an error when performing
+ parameter expansion. If expansion is attempted on an
+! unset variable, the shell prints an error message, and,
+ if not interactive, exits with a non-zero status.
+ .TP 8
+--- 8274,8281 ----
+ .TP 8
+ .B \-u
+! Treat unset variables and parameters other than the special
+! parameters "@" and "*" as an error when performing
+ parameter expansion. If expansion is attempted on an
+! unset variable or parameter, the shell prints an error message, and,
+ if not interactive, exits with a non-zero status.
+ .TP 8
+*** ../bash-4.0-patched/doc/bashref.texi Wed Feb 18 15:14:43 2009
+--- doc/bashref.texi Wed Jun 17 08:50:46 2009
+***************
+*** 4139,4143 ****
+
+ @item -u
+! Treat unset variables as an error when performing parameter expansion.
+ An error message will be written to the standard error, and a non-interactive
+ shell will exit.
+--- 4151,4156 ----
+
+ @item -u
+! Treat unset variables and parameters other than the special parameters
+! @samp{@@} or @samp{*} as an error when performing parameter expansion.
+ An error message will be written to the standard error, and a non-interactive
+ shell will exit.
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 28
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-029 b/data/bash/bash40-029
new file mode 100644
index 000000000..a13176de2
--- /dev/null
+++ b/data/bash/bash40-029
@@ -0,0 +1,106 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-029
+
+Bug-Reported-by: Christian Krause <chkr@plauener.de>
+Bug-Reference-ID: Thu, 25 Jun 2009 21:47:59 +0200
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-06/msg00078.html
+
+Bug-Description:
+
+Previous versions of bash accepted strings in the initial environment
+that were not valid shell variable assignments, usually because the
+names were invalid, but still created shell variables from them and
+passed them to child processes in the environment.
+
+Bash-4.0 ignores those names and does not pass them to child processes.
+Some users and automated processes depend on invalid variables being
+ignored and passed to child processes.
+
+This patch makes bash continue to ignore the invalid names, but pass
+them to child processes in the export environment.
+
+Patch:
+
+*** ../bash-4.0-patched/variables.c 2009-01-04 14:32:46.000000000 -0500
+--- variables.c 2009-06-29 09:17:20.000000000 -0400
+***************
+*** 253,256 ****
+--- 255,259 ----
+ static int visible_var __P((SHELL_VAR *));
+ static int visible_and_exported __P((SHELL_VAR *));
++ static int export_environment_candidate __P((SHELL_VAR *));
+ static int local_and_exported __P((SHELL_VAR *));
+ static int variable_in_context __P((SHELL_VAR *));
+***************
+*** 376,383 ****
+ # endif
+ #endif
+ else if (legal_identifier (name))
+ {
+ temp_var = bind_variable (name, string, 0);
+! VSETATTR (temp_var, (att_exported | att_imported));
+ array_needs_making = 1;
+ }
+--- 379,393 ----
+ # endif
+ #endif
++ #if 0
+ else if (legal_identifier (name))
++ #else
++ else
++ #endif
+ {
+ temp_var = bind_variable (name, string, 0);
+! if (legal_identifier (name))
+! VSETATTR (temp_var, (att_exported | att_imported));
+! else
+! VSETATTR (temp_var, (att_exported | att_imported | att_invisible));
+ array_needs_making = 1;
+ }
+***************
+*** 3083,3086 ****
+--- 3098,3111 ----
+ }
+
++ /* Candidate variables for the export environment are either valid variables
++ with the export attribute or invalid variables inherited from the initial
++ environment and simply passed through. */
++ static int
++ export_environment_candidate (var)
++ SHELL_VAR *var;
++ {
++ return (exported_p (var) && (invisible_p (var) == 0 || imported_p (var)));
++ }
++
+ /* Return non-zero if VAR is a local variable in the current context and
+ is exported. */
+***************
+*** 3439,3443 ****
+--- 3464,3472 ----
+ SHELL_VAR **vars;
+
++ #if 0
+ vars = map_over (visible_and_exported, vcxt);
++ #else
++ vars = map_over (export_environment_candidate, vcxt);
++ #endif
+
+ if (vars == 0)
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 28
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-030 b/data/bash/bash40-030
new file mode 100644
index 000000000..e4f038933
--- /dev/null
+++ b/data/bash/bash40-030
@@ -0,0 +1,64 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-030
+
+Bug-Reported-by: Henning Bekel <h.bekel@googlemail.com>
+Bug-Reference-ID: <7c6eacF262ctuU1@mid.individual.net>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-07/msg00054.html
+
+Bug-Description:
+
+A shell function invoked with `bind -x' is supposed to be able to move the
+cursor by setting READLINE_POINT. The effects of this assignment were
+sometimes ignored.
+
+Patch:
+
+*** ../bash-4.0-patched/bashline.c 2009-01-08 09:29:24.000000000 -0500
+--- bashline.c 2009-07-16 14:13:41.000000000 -0400
+***************
+*** 3389,3393 ****
+ register int i;
+ intmax_t mi;
+- int save_point;
+ sh_parser_state_t ps;
+ char *cmd, *value, *l;
+--- 3389,3392 ----
+***************
+*** 3433,3437 ****
+ VSETATTR (v, att_exported);
+ l = value_cell (v);
+- save_point = rl_point;
+ value = inttostr (rl_point, ibuf, sizeof (ibuf));
+ v = bind_int_variable ("READLINE_POINT", value);
+--- 3432,3435 ----
+***************
+*** 3451,3455 ****
+ {
+ i = mi;
+! if (i != save_point)
+ {
+ rl_point = i;
+--- 3449,3453 ----
+ {
+ i = mi;
+! if (i != rl_point)
+ {
+ rl_point = i;
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-031 b/data/bash/bash40-031
new file mode 100644
index 000000000..db46aa3fc
--- /dev/null
+++ b/data/bash/bash40-031
@@ -0,0 +1,62 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-031
+
+Bug-Reported-by: Roman Rakus <rrakus@redhat.com>
+Bug-Reference-ID: <4A93F6E9.4050401@redhat.com>
+Bug-Reference-URL:
+
+Bug-Description:
+
+An implicit assignment to index "0" of an existing array variable caused
+the shell to crash when the variable was unset.
+
+Patch:
+
+*** ../bash-4.0-patched/arrayfunc.c 2009-03-08 21:24:39.000000000 -0400
+--- arrayfunc.c 2009-08-24 09:29:43.000000000 -0400
+***************
+*** 99,103 ****
+ hash = assoc_create (0);
+ if (oldval)
+! assoc_insert (hash, "0", oldval);
+
+ FREE (value_cell (var));
+--- 99,103 ----
+ hash = assoc_create (0);
+ if (oldval)
+! assoc_insert (hash, savestring ("0"), oldval);
+
+ FREE (value_cell (var));
+*** ../bash-4.0-patched/variables.c 2009-01-04 14:32:46.000000000 -0500
+--- variables.c 2009-08-24 09:29:58.000000000 -0400
+***************
+*** 2218,2222 ****
+ else if (assoc_p (entry))
+ {
+! assoc_insert (assoc_cell (entry), "0", newval);
+ free (newval);
+ }
+--- 2218,2222 ----
+ else if (assoc_p (entry))
+ {
+! assoc_insert (assoc_cell (entry), savestring ("0"), newval);
+ free (newval);
+ }
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 31
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-032 b/data/bash/bash40-032
new file mode 100644
index 000000000..0c9ba74da
--- /dev/null
+++ b/data/bash/bash40-032
@@ -0,0 +1,46 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-032
+
+Bug-Reported-by: muszi@muszi.kite.hu
+Bug-Reference-ID: <20090826113159.18815.qmail@muszi.kite.hu>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-08/msg00090.html
+
+Bug-Description:
+
+Bash-4.0 has a memory leak when processing ${!prefix@}.
+
+Patch:
+
+*** ../bash-4.0-patched/subst.c 2009-07-22 23:18:55.000000000 -0400
+--- subst.c 2009-08-26 23:08:51.000000000 -0400
+***************
+*** 6607,6611 ****
+ }
+ free (x);
+! free (xlist);
+ free (temp1);
+ *indexp = sindex;
+--- 6769,6773 ----
+ }
+ free (x);
+! dispose_words (xlist);
+ free (temp1);
+ *indexp = sindex;
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 31
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 32
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-033 b/data/bash/bash40-033
new file mode 100644
index 000000000..80fcb6be3
--- /dev/null
+++ b/data/bash/bash40-033
@@ -0,0 +1,50 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-033
+
+Bug-Reported-by: Dr. Werner Fink <werner@suse.de>
+Bug-Reference-ID: <200907010951.n619p76I013912@boole.suse.de>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-07/msg00000.html
+
+Bug-Description:
+
+Bash-4.0 has a memory leak in the `read' builtin when the number of fields
+read is not the same as the number of variables passed as arguments.
+
+Patch:
+
+*** ../bash-4.0-patched/builtins/read.def 2009-03-08 21:24:45.000000000 -0400
+--- builtins/read.def 2009-07-01 15:32:42.000000000 -0400
+***************
+*** 764,768 ****
+ tofree = input_string = t;
+ else
+! input_string = strip_trailing_ifs_whitespace (t1, ifs_chars, saw_escape);
+ }
+ #endif
+--- 764,771 ----
+ tofree = input_string = t;
+ else
+! {
+! input_string = strip_trailing_ifs_whitespace (t1, ifs_chars, saw_escape);
+! tofree = t;
+! }
+ }
+ #endif
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 32
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-034 b/data/bash/bash40-034
new file mode 100644
index 000000000..bacb33ce1
--- /dev/null
+++ b/data/bash/bash40-034
@@ -0,0 +1,59 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-034
+
+Bug-Reported-by: Anders Kaseorg <andersk@mit.edu>
+Bug-Reference-ID: <1252856832.991059.8162.nullmailer@balanced-tree.mit.edu>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-09/msg00043.html
+
+Bug-Description:
+
+When using the globstar option, bash incorrectly interprets wildcarded path
+components between a **/ and the last / as matching any path, even if the
+constructed path does not match any files.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/glob/glob.c 2009-07-22 23:18:50.000000000 -0400
+--- lib/glob/glob.c 2009-09-18 17:53:25.000000000 -0400
+***************
+*** 920,928 ****
+ char **temp_results;
+
+ /* Scan directory even on a NULL filename. That way, `*h/'
+ returns only directories ending in `h', instead of all
+ files ending in `h' with a `/' appended. */
+ dname = directories[i];
+! dflags = flags & ~GX_MARKDIRS;
+ if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+ dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+--- 927,938 ----
+ char **temp_results;
+
++ /* XXX -- we've recursively scanned any directories resulting from
++ a `**', so turn off the flag. We turn it on again below if
++ filename is `**' */
+ /* Scan directory even on a NULL filename. That way, `*h/'
+ returns only directories ending in `h', instead of all
+ files ending in `h' with a `/' appended. */
+ dname = directories[i];
+! dflags = flags & ~(GX_MARKDIRS|GX_ALLDIRS|GX_ADDCURDIR);
+ if ((flags & GX_GLOBSTAR) && filename[0] == '*' && filename[1] == '*' && filename[2] == '\0')
+ dflags |= GX_ALLDIRS|GX_ADDCURDIR;
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-035 b/data/bash/bash40-035
new file mode 100644
index 000000000..3b1af7505
--- /dev/null
+++ b/data/bash/bash40-035
@@ -0,0 +1,62 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-035
+
+Bug-Reported-by: Freddy Vulto <fvulto@gmail.com>
+Bug-Reference-ID: <e9c463930909171341p7cbe6e43pa3788ebbe3adec4d@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2009-09/msg00044.html
+
+Bug-Description:
+
+Bash-4.0 incorrectly treated single and double quotes as delimiters rather
+than introducing quoted strings when splitting the line into words for
+programmable completion functions.
+
+Patch:
+
+*** ../bash-4.0-patched/pcomplete.c 2009-03-08 21:24:31.000000000 -0400
+--- pcomplete.c 2009-09-26 16:30:16.000000000 -0400
+***************
+*** 1176,1186 ****
+ WORD_LIST *ret;
+ char *delims;
+
+! #if 0
+! delims = "()<>;&| \t\n"; /* shell metacharacters break words */
+! #else
+! delims = rl_completer_word_break_characters;
+! #endif
+ ret = split_at_delims (line, llen, delims, sentinel, nwp, cwp);
+ return (ret);
+ }
+--- 1176,1188 ----
+ WORD_LIST *ret;
+ char *delims;
++ int i, j;
+
+! delims = xmalloc (strlen (rl_completer_word_break_characters) + 1);
+! for (i = j = 0; rl_completer_word_break_characters[i]; i++)
+! if (rl_completer_word_break_characters[i] != '\'' && rl_completer_word_break_characters[i] != '"')
+! delims[j++] = rl_completer_word_break_characters[i];
+! delims[j] = '\0';
+ ret = split_at_delims (line, llen, delims, sentinel, nwp, cwp);
++ free (delims);
+ return (ret);
+ }
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 35
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-036 b/data/bash/bash40-036
new file mode 100644
index 000000000..ed08e3936
--- /dev/null
+++ b/data/bash/bash40-036
@@ -0,0 +1,90 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-036
+
+Bug-Reported-by: Jerome Reybert <jreybert@gmail.com>
+Bug-Reference-ID: <f5da50720908070109p1faa3847x5a9dff68d24a7197@mail.gmail.com>
+Bug-Reference-URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538013
+
+Bug-Description:
+
+Under some circumstances, menu-complete is unable to complete filenames.
+
+Patch:
+
+*** ../bash-4.0-patched/lib/readline/complete.c 2009-01-22 15:15:14.000000000 -0500
+--- lib/readline/complete.c 2009-08-26 17:15:59.000000000 -0400
+***************
+*** 2209,2213 ****
+ /* The first time through, we generate the list of matches and set things
+ up to insert them. */
+! if (rl_last_func != rl_menu_complete)
+ {
+ /* Clean up from previous call, if any. */
+--- 2252,2256 ----
+ /* The first time through, we generate the list of matches and set things
+ up to insert them. */
+! if (rl_last_func != rl_old_menu_complete)
+ {
+ /* Clean up from previous call, if any. */
+***************
+*** 2221,2224 ****
+--- 2264,2269 ----
+ rl_completion_invoking_key = invoking_key;
+
++ RL_SETSTATE(RL_STATE_COMPLETING);
++
+ /* Only the completion entry function can change these. */
+ set_completion_defaults ('%');
+***************
+*** 2260,2266 ****
+--- 2305,2314 ----
+ orig_text = (char *)0;
+ completion_changed_buffer = 0;
++ RL_UNSETSTATE(RL_STATE_COMPLETING);
+ return (0);
+ }
+
++ RL_UNSETSTATE(RL_STATE_COMPLETING);
++
+ for (match_list_size = 0; matches[match_list_size]; match_list_size++)
+ ;
+***************
+*** 2338,2341 ****
+--- 2386,2391 ----
+ full_completion = 0;
+
++ RL_SETSTATE(RL_STATE_COMPLETING);
++
+ /* Only the completion entry function can change these. */
+ set_completion_defaults ('%');
+***************
+*** 2379,2385 ****
+--- 2429,2438 ----
+ orig_text = (char *)0;
+ completion_changed_buffer = 0;
++ RL_UNSETSTATE(RL_STATE_COMPLETING);
+ return (0);
+ }
+
++ RL_UNSETSTATE(RL_STATE_COMPLETING);
++
+ for (match_list_size = 0; matches[match_list_size]; match_list_size++)
+ ;
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 35
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 36
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-037 b/data/bash/bash40-037
new file mode 100644
index 000000000..95baeb319
--- /dev/null
+++ b/data/bash/bash40-037
@@ -0,0 +1,60 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-037
+
+Bug-Reported-by: Chet Ramey <chet.ramey@case.edu>
+Bug-Reference-ID: <4AD7D749.5030601@case.edu>
+Bug-Reference-URL:
+
+Bug-Description:
+
+The configure script does not work on Snow Leopard and will result in
+attempts to link against the incorrect version of readline.
+
+Patch:
+
+*** ../bash-4.0-patched/configure.in 2009-02-06 12:03:44.000000000 -0500
+--- configure.in 2009-10-01 16:38:24.000000000 -0400
+***************
+*** 534,538 ****
+ # dynamic version
+ case "${host_os}" in
+! darwin[[89]]*) READLINE_LIB='${READLINE_LIBRARY}' ;;
+ *) READLINE_LIB=-lreadline ;;
+ esac
+--- 534,538 ----
+ # dynamic version
+ case "${host_os}" in
+! darwin[[89]]*|darwin10*) READLINE_LIB='${READLINE_LIBRARY}' ;;
+ *) READLINE_LIB=-lreadline ;;
+ esac
+***************
+*** 569,573 ****
+ # dynamic version
+ case "${host_os}" in
+! darwin[[89]]*) HISTORY_LIB='${HISTORY_LIBRARY}' ;;
+ *) HISTORY_LIB=-lhistory ;;
+ esac
+--- 569,573 ----
+ # dynamic version
+ case "${host_os}" in
+! darwin[[89]]*|darwin10*) HISTORY_LIB='${HISTORY_LIBRARY}' ;;
+ *) HISTORY_LIB=-lhistory ;;
+ esac
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 36
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 37
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-038 b/data/bash/bash40-038
new file mode 100644
index 000000000..80505cc34
--- /dev/null
+++ b/data/bash/bash40-038
@@ -0,0 +1,56 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-038
+
+Bug-Reported-by: werner@suse.de
+Bug-Reference-ID: <201002251238.o1PCcYcg016893@boole.suse.de>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2010-02/msg00132.html
+
+Bug-Description:
+
+When the `read' builtin times out after the timeout specified with -t is
+exceeded, it does not reset the flags that tell signal handlers to process
+signals immediately instead of deferring their handling. This can result
+in unsafe functions being called from signal handlers, which can cause bash
+to hang or dump core.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.0-patched/builtins/read.def 2009-09-03 14:40:03.000000000 -0400
+--- builtins/read.def 2010-03-17 17:35:39.000000000 -0400
+***************
+*** 602,607 ****
+ zsyncfd (fd);
+
+- interrupt_immediately--;
+- terminate_immediately--;
+ discard_unwind_frame ("read_builtin");
+
+--- 616,619 ----
+***************
+*** 610,613 ****
+--- 622,628 ----
+ assign_vars:
+
++ interrupt_immediately--;
++ terminate_immediately--;
++
+ #if defined (ARRAY_VARS)
+ /* If -a was given, take the string read, break it into a list of words,
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 37
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 38
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-039 b/data/bash/bash40-039
new file mode 100644
index 000000000..3eac28cef
--- /dev/null
+++ b/data/bash/bash40-039
@@ -0,0 +1,104 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-039
+
+Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under certain circumstances, bash will execute user code while processing the
+environment for exported function definitions.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.0.38/builtins/common.h 2009-01-15 23:08:54.000000000 -0500
+--- builtins/common.h 2014-09-16 19:20:48.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+
+ /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
++ #define SEVAL_ONECMD 0x100 /* only allow a single command */
+ #define CDESC_ALL 0x001 /* type -a */
+ #define CDESC_SHORTDESC 0x002 /* command -V */
+*** ../bash-4.0.38/builtins/evalstring.c 2009-01-13 14:44:12.000000000 -0500
+--- builtins/evalstring.c 2014-09-16 19:20:48.000000000 -0400
+***************
+*** 259,262 ****
+--- 259,270 ----
+ struct fd_bitmap *bitmap;
+
++ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ {
++ internal_warning ("%s: ignoring function definition attempt", from_file);
++ should_jump_to_top_level = 0;
++ last_result = last_command_exit_value = EX_BADUSAGE;
++ break;
++ }
++
+ bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+ begin_unwind_frame ("pe_dispose");
+***************
+*** 319,322 ****
+--- 327,333 ----
+ dispose_fd_bitmap (bitmap);
+ discard_unwind_frame ("pe_dispose");
++
++ if (flags & SEVAL_ONECMD)
++ break;
+ }
+ }
+*** ../bash-4.0.38/variables.c 2009-09-19 13:04:23.000000000 -0400
+--- variables.c 2014-09-16 19:20:48.000000000 -0400
+***************
+*** 344,353 ****
+ strcpy (temp_string + char_index + 1, string);
+
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+!
+! /* Ancient backwards compatibility. Old versions of bash exported
+! functions like name()=() {...} */
+! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! name[char_index - 2] = '\0';
+
+ if (temp_var = find_function (name))
+--- 344,351 ----
+ strcpy (temp_string + char_index + 1, string);
+
+! /* Don't import function names that are invalid identifiers from the
+! environment. */
+! if (legal_identifier (name))
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+ if (temp_var = find_function (name))
+***************
+*** 358,365 ****
+ else
+ report_error (_("error importing function definition for `%s'"), name);
+-
+- /* ( */
+- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- name[char_index - 2] = '('; /* ) */
+ }
+ #if defined (ARRAY_VARS)
+--- 356,359 ----
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 38
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 39
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/data/bash/bash40-040 b/data/bash/bash40-040
new file mode 100644
index 000000000..a8ae2c577
--- /dev/null
+++ b/data/bash/bash40-040
@@ -0,0 +1,60 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.0
+Patch-ID: bash40-040
+
+Bug-Reported-by: Tavis Ormandy <taviso () cmpxchg8b com>
+Bug-Reference-ID:
+Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.0.39/parse.y 2009-06-02 09:08:07.000000000 -0400
+--- parse.y 2014-09-25 16:15:47.000000000 -0400
+***************
+*** 2671,2674 ****
+--- 2671,2676 ----
+ word_desc_to_read = (WORD_DESC *)NULL;
+
++ eol_ungetc_lookahead = 0;
++
+ current_token = '\n'; /* XXX */
+ last_read_token = '\n';
+*** ../bash-4.0.39/y.tab.c 2009-01-08 09:30:24.000000000 -0500
+--- y.tab.c 2014-09-25 20:27:08.000000000 -0400
+***************
+*** 4927,4930 ****
+--- 4927,4932 ----
+ word_desc_to_read = (WORD_DESC *)NULL;
+
++ eol_ungetc_lookahead = 0;
++
+ last_read_token = '\n';
+ token_to_read = '\n';
+***************
+*** 7910,7912 ****
+ }
+ #endif /* HANDLE_MULTIBYTE */
+-
+--- 7912,7913 ----
+*** ../bash-4.0/patchlevel.h 2009-01-04 14:32:40.000000000 -0500
+--- patchlevel.h 2009-02-22 16:11:31.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 39
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 40
+
+ #endif /* _PATCHLEVEL_H_ */