PKG_NAME:=bash
PKG_VERSION:=4.2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/bash
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-001
+
+Bug-Reported-by: Juergen Daubert <jue@jue.li>
+Bug-Reference-ID: <20110214175132.GA19813@jue.netz>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00125.html
+
+Bug-Description:
+
+When running in Posix mode, bash does not correctly expand the right-hand
+side of a double-quoted word expansion containing single quotes.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -1379,10 +1379,12 @@ extract_dollar_brace_string (string, sin
+ slen = strlen (string + *sindex) + *sindex;
+
+ /* The handling of dolbrace_state needs to agree with the code in parse.y:
+- parse_matched_pair() */
+- dolbrace_state = 0;
+- if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+- dolbrace_state = (flags & SX_POSIXEXP) ? DOLBRACE_QUOTE : DOLBRACE_PARAM;
++ parse_matched_pair(). The different initial value is to handle the
++ case where this function is called to parse the word in
++ ${param op word} (SX_WORD). */
++ dolbrace_state = (flags & SX_WORD) ? DOLBRACE_WORD : DOLBRACE_PARAM;
++ if ((quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && (flags & SX_POSIXEXP))
++ dolbrace_state = DOLBRACE_QUOTE;
+
+ i = *sindex;
+ while (c = string[i])
+@@ -7176,7 +7178,7 @@ parameter_brace_expand (string, indexp,
+ {
+ /* Extract the contents of the ${ ... } expansion
+ according to the Posix.2 rules. */
+- value = extract_dollar_brace_string (string, &sindex, quoted, (c == '%' || c == '#') ? SX_POSIXEXP : 0);
++ value = extract_dollar_brace_string (string, &sindex, quoted, (c == '%' || c == '#' || c =='/' || c == '^' || c == ',' || c ==':') ? SX_POSIXEXP|SX_WORD : SX_WORD);
+ if (string[sindex] == RBRACE)
+ sindex++;
+ else
+--- a/subst.h
++++ b/subst.h
+@@ -56,6 +56,7 @@
+ #define SX_NOLONGJMP 0x0040 /* don't longjmp on fatal error */
+ #define SX_ARITHSUB 0x0080 /* extracting $(( ... )) (currently unused) */
+ #define SX_POSIXEXP 0x0100 /* extracting new Posix pattern removal expansions in extract_dollar_brace_string */
++#define SX_WORD 0x0200 /* extracting word in ${param op word} */
+
+ /* Remove backslashes which are quoting backquotes from STRING. Modifies
+ STRING, and returns a pointer to it. */
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 0
++#define PATCHLEVEL 1
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-002
+
+Bug-Reported-by: Clark J. Wang <dearvoid@gmail.com>
+Bug-Reference-ID: <AANLkTimGbW7aC4E5infXP6ku5WPci4t=xVc+L1SyHqrD@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00157.html
+
+Bug-Description:
+
+The readline vi-mode `cc', `dd', and `yy' commands failed to modify the
+entire line.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/readline/vi_mode.c
++++ b/lib/readline/vi_mode.c
+@@ -1114,7 +1114,7 @@ rl_domove_read_callback (m)
+ rl_beg_of_line (1, c);
+ _rl_vi_last_motion = c;
+ RL_UNSETSTATE (RL_STATE_VIMOTION);
+- return (0);
++ return (vidomove_dispatch (m));
+ }
+ #if defined (READLINE_CALLBACKS)
+ /* XXX - these need to handle rl_universal_argument bindings */
+--- a/lib/readline/callback.c
++++ b/lib/readline/callback.c
+@@ -148,6 +148,9 @@ rl_callback_read_char ()
+ eof = _rl_vi_domove_callback (_rl_vimvcxt);
+ /* Should handle everything, including cleanup, numeric arguments,
+ and turning off RL_STATE_VIMOTION */
++ if (RL_ISSTATE (RL_STATE_NUMERICARG) == 0)
++ _rl_internal_char_cleanup ();
++
+ return;
+ }
+ #endif
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 1
++#define PATCHLEVEL 2
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-003
+
+Bug-Reported-by: Clark J. Wang <dearvoid@gmail.com>
+Bug-Reference-ID: <AANLkTikZ_rVV-frR8Fh0PzhXnMKnm5XsUR-F3qtPPs5G@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00136.html
+
+Bug-Description:
+
+When using the pattern replacement and pattern removal word expansions, bash
+miscalculates the possible match length in the presence of an unescaped left
+bracket without a closing right bracket, resulting in a failure to match
+the pattern.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/glob/gmisc.c
++++ b/lib/glob/gmisc.c
+@@ -77,8 +77,8 @@ wmatchlen (wpat, wmax)
+ wchar_t *wpat;
+ size_t wmax;
+ {
+- wchar_t wc, *wbrack;
+- int matlen, t, in_cclass, in_collsym, in_equiv;
++ wchar_t wc;
++ int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;
+
+ if (*wpat == 0)
+ return (0);
+@@ -118,58 +118,80 @@ wmatchlen (wpat, wmax)
+ break;
+ case L'[':
+ /* scan for ending `]', skipping over embedded [:...:] */
+- wbrack = wpat;
++ bracklen = 1;
+ wc = *wpat++;
+ do
+ {
+ if (wc == 0)
+ {
+- matlen += wpat - wbrack - 1; /* incremented below */
+- break;
++ wpat--; /* back up to NUL */
++ matlen += bracklen;
++ goto bad_bracket;
+ }
+ else if (wc == L'\\')
+ {
+- wc = *wpat++;
+- if (*wpat == 0)
+- break;
++ /* *wpat == backslash-escaped character */
++ bracklen++;
++ /* If the backslash or backslash-escape ends the string,
++ bail. The ++wpat skips over the backslash escape */
++ if (*wpat == 0 || *++wpat == 0)
++ {
++ matlen += bracklen;
++ goto bad_bracket;
++ }
+ }
+ else if (wc == L'[' && *wpat == L':') /* character class */
+ {
+ wpat++;
++ bracklen++;
+ in_cclass = 1;
+ }
+ else if (in_cclass && wc == L':' && *wpat == L']')
+ {
+ wpat++;
++ bracklen++;
+ in_cclass = 0;
+ }
+ else if (wc == L'[' && *wpat == L'.') /* collating symbol */
+ {
+ wpat++;
++ bracklen++;
+ if (*wpat == L']') /* right bracket can appear as collating symbol */
+- wpat++;
++ {
++ wpat++;
++ bracklen++;
++ }
+ in_collsym = 1;
+ }
+ else if (in_collsym && wc == L'.' && *wpat == L']')
+ {
+ wpat++;
++ bracklen++;
+ in_collsym = 0;
+ }
+ else if (wc == L'[' && *wpat == L'=') /* equivalence class */
+ {
+ wpat++;
++ bracklen++;
+ if (*wpat == L']') /* right bracket can appear as equivalence class */
+- wpat++;
++ {
++ wpat++;
++ bracklen++;
++ }
+ in_equiv = 1;
+ }
+ else if (in_equiv && wc == L'=' && *wpat == L']')
+ {
+ wpat++;
++ bracklen++;
+ in_equiv = 0;
+ }
++ else
++ bracklen++;
+ }
+ while ((wc = *wpat++) != L']');
+ matlen++; /* bracket expression can only match one char */
++bad_bracket:
+ break;
+ }
+ }
+@@ -213,8 +235,8 @@ umatchlen (pat, max)
+ char *pat;
+ size_t max;
+ {
+- char c, *brack;
+- int matlen, t, in_cclass, in_collsym, in_equiv;
++ char c;
++ int matlen, bracklen, t, in_cclass, in_collsym, in_equiv;
+
+ if (*pat == 0)
+ return (0);
+@@ -254,58 +276,80 @@ umatchlen (pat, max)
+ break;
+ case '[':
+ /* scan for ending `]', skipping over embedded [:...:] */
+- brack = pat;
++ bracklen = 1;
+ c = *pat++;
+ do
+ {
+ if (c == 0)
+ {
+- matlen += pat - brack - 1; /* incremented below */
+- break;
++ pat--; /* back up to NUL */
++ matlen += bracklen;
++ goto bad_bracket;
+ }
+ else if (c == '\\')
+ {
+- c = *pat++;
+- if (*pat == 0)
+- break;
++ /* *pat == backslash-escaped character */
++ bracklen++;
++ /* If the backslash or backslash-escape ends the string,
++ bail. The ++pat skips over the backslash escape */
++ if (*pat == 0 || *++pat == 0)
++ {
++ matlen += bracklen;
++ goto bad_bracket;
++ }
+ }
+ else if (c == '[' && *pat == ':') /* character class */
+ {
+ pat++;
++ bracklen++;
+ in_cclass = 1;
+ }
+ else if (in_cclass && c == ':' && *pat == ']')
+ {
+ pat++;
++ bracklen++;
+ in_cclass = 0;
+ }
+ else if (c == '[' && *pat == '.') /* collating symbol */
+ {
+ pat++;
++ bracklen++;
+ if (*pat == ']') /* right bracket can appear as collating symbol */
+- pat++;
++ {
++ pat++;
++ bracklen++;
++ }
+ in_collsym = 1;
+ }
+ else if (in_collsym && c == '.' && *pat == ']')
+ {
+ pat++;
++ bracklen++;
+ in_collsym = 0;
+ }
+ else if (c == '[' && *pat == '=') /* equivalence class */
+ {
+ pat++;
++ bracklen++;
+ if (*pat == ']') /* right bracket can appear as equivalence class */
+- pat++;
++ {
++ pat++;
++ bracklen++;
++ }
+ in_equiv = 1;
+ }
+ else if (in_equiv && c == '=' && *pat == ']')
+ {
+ pat++;
++ bracklen++;
+ in_equiv = 0;
+ }
++ else
++ bracklen++;
+ }
+ while ((c = *pat++) != ']');
+ matlen++; /* bracket expression can only match one char */
++bad_bracket:
+ break;
+ }
+ }
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 2
++#define PATCHLEVEL 3
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-004
+
+Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID: <201102182106.17834.vapier@gentoo.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00222.html
+
+Bug-Description:
+
+When used in contexts where word splitting and quote removal were not
+performed, such as pattern removal or pattern substitution, empty strings
+(either literal or resulting from quoted variables that were unset or
+null) were not matched correctly, resulting in failure.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -3373,7 +3373,7 @@ expand_string_for_rhs (string, quoted, d
+ if (string == 0 || *string == '\0')
+ return (WORD_LIST *)NULL;
+
+- td.flags = 0;
++ td.flags = W_NOSPLIT2; /* no splitting, remove "" and '' */
+ td.word = string;
+ tresult = call_expand_word_internal (&td, quoted, 1, dollar_at_p, has_dollar_at);
+ return (tresult);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 3
++#define PATCHLEVEL 4
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-005
+
+Bug-Reported-by: Dennis Williamson <dennistwilliamson@gmail.com>
+Bug-Reference-ID: <AANLkTikDbEV5rnbPc0zOfmZfBcg0xGetzLLzK+KjRiNa@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00147.html
+
+Bug-Description:
+
+Systems that use tzset() to set the local timezone require the TZ variable
+to be in the environment. Bash must make sure the environment has been
+modified with any updated value for TZ before calling tzset(). This
+affects prompt string expansions and the `%T' printf conversion specification
+on systems that do not allow bash to supply a replacement for getenv(3).
+
+Patch (apply with `patch -p0'):
+
+--- a/variables.h
++++ b/variables.h
+@@ -313,6 +313,7 @@ extern void set_func_auto_export __P((co
+
+ extern void sort_variables __P((SHELL_VAR **));
+
++extern int chkexport __P((char *));
+ extern void maybe_make_export_env __P((void));
+ extern void update_export_env_inplace __P((char *, int, char *));
+ extern void put_command_name_into_env __P((char *));
+--- a/variables.c
++++ b/variables.c
+@@ -3653,6 +3653,22 @@ n_shell_variables ()
+ return n;
+ }
+
++int
++chkexport (name)
++ char *name;
++{
++ SHELL_VAR *v;
++
++ v = find_variable (name);
++ if (exported_p (v))
++ {
++ array_needs_making = 1;
++ maybe_make_export_env ();
++ return 1;
++ }
++ return 0;
++}
++
+ void
+ maybe_make_export_env ()
+ {
+@@ -4214,7 +4230,7 @@ static struct name_and_function special_
+ { "TEXTDOMAIN", sv_locale },
+ { "TEXTDOMAINDIR", sv_locale },
+
+-#if defined (HAVE_TZSET) && defined (PROMPT_STRING_DECODE)
++#if defined (HAVE_TZSET)
+ { "TZ", sv_tz },
+ #endif
+
+@@ -4558,12 +4574,13 @@ sv_histtimefmt (name)
+ }
+ #endif /* HISTORY */
+
+-#if defined (HAVE_TZSET) && defined (PROMPT_STRING_DECODE)
++#if defined (HAVE_TZSET)
+ void
+ sv_tz (name)
+ char *name;
+ {
+- tzset ();
++ if (chkexport (name))
++ tzset ();
+ }
+ #endif
+
+--- a/parse.y
++++ b/parse.y
+@@ -5135,6 +5135,9 @@ decode_prompt_string (string)
+ case 'A':
+ /* Make the current time/date into a string. */
+ (void) time (&the_time);
++#if defined (HAVE_TZSET)
++ sv_tz ("TZ"); /* XXX -- just make sure */
++#endif
+ tm = localtime (&the_time);
+
+ if (c == 'd')
+--- a/builtins/printf.def
++++ b/builtins/printf.def
+@@ -465,6 +465,9 @@ printf_builtin (list)
+ secs = shell_start_time; /* roughly $SECONDS */
+ else
+ secs = arg;
++#if defined (HAVE_TZSET)
++ sv_tz ("TZ"); /* XXX -- just make sure */
++#endif
+ tm = localtime (&secs);
+ n = strftime (timebuf, sizeof (timebuf), timefmt, tm);
+ free (timefmt);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 4
++#define PATCHLEVEL 5
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-006
+
+Bug-Reported-by: Allan McRae <allan@archlinux.org>
+Bug-Reference-ID: <4D6D0D0B.50908@archlinux.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00001.html
+
+Bug-Description:
+
+A problem with bash42-005 caused it to dump core if TZ was unset.
+
+Patch (apply with `patch -p0'):
+
+--- a/variables.c
++++ b/variables.c
+@@ -3660,7 +3660,7 @@ chkexport (name)
+ SHELL_VAR *v;
+
+ v = find_variable (name);
+- if (exported_p (v))
++ if (v && exported_p (v))
+ {
+ array_needs_making = 1;
+ maybe_make_export_env ();
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 5
++#define PATCHLEVEL 6
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-007
+
+Bug-Reported-by: Matthias Klose <doko@debian.org>
+Bug-Reference-ID: <4D6FD2AC.1010500@debian.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00015.html
+
+Bug-Description:
+
+When used in contexts where word splitting and quote removal were not
+performed, such as case statement word expansion, empty strings
+(either literal or resulting from quoted variables that were unset or
+null) were not expanded correctly, resulting in failure.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -4609,6 +4609,7 @@ expand_word_unsplit (word, quoted)
+ if (ifs_firstc == 0)
+ #endif
+ word->flags |= W_NOSPLIT;
++ word->flags |= W_NOSPLIT2;
+ result = call_expand_word_internal (word, quoted, 0, (int *)NULL, (int *)NULL);
+ expand_no_split_dollar_star = 0;
+
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 6
++#define PATCHLEVEL 7
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-008
+
+Bug-Reported-by: Doug McMahon <mc2man@optonline.net>
+Bug-Reference-ID: <1299441211.2535.11.camel@doug-XPS-M1330>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00050.html
+
+Bug-Description:
+
+Bash-4.2 does not attempt to save the shell history on receipt of a
+terminating signal that is handled synchronously. Unfortunately, the
+`close' button on most X11 terminal emulators sends SIGHUP, which
+kills the shell.
+
+This is a very small patch to save the history in the case that an
+interactive shell receives a SIGHUP or SIGTERM while in readline and
+reading a command.
+
+The next version of bash will do this differently.
+
+Patch (apply with `patch -p0'):
+
+--- a/sig.c
++++ b/sig.c
+@@ -46,6 +46,7 @@
+
+ #if defined (READLINE)
+ # include "bashline.h"
++# include <readline/readline.h>
+ #endif
+
+ #if defined (HISTORY)
+@@ -62,6 +63,7 @@ extern int parse_and_execute_level, shel
+ #if defined (HISTORY)
+ extern int history_lines_this_session;
+ #endif
++extern int no_line_editing;
+
+ extern void initialize_siglist ();
+
+@@ -505,7 +507,10 @@ termsig_sighandler (sig)
+ {
+ #if defined (HISTORY)
+ /* XXX - will inhibit history file being written */
+- history_lines_this_session = 0;
++# if defined (READLINE)
++ if (interactive_shell == 0 || interactive == 0 || (sig != SIGHUP && sig != SIGTERM) || no_line_editing || (RL_ISSTATE (RL_STATE_READCMD) == 0))
++# endif
++ history_lines_this_session = 0;
+ #endif
+ terminate_immediately = 0;
+ termsig_handler (sig);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 7
++#define PATCHLEVEL 8
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-009
+
+Bug-Reported-by: <piuma@piumalab.org>
+Bug-Reference-ID: <4DAAC0DB.7060606@piumalab.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00075.html
+
+Bug-Description:
+
+Under certain circumstances, running `fc -l' two times in succession with a
+relative history offset at the end of the history will result in an incorrect
+calculation of the last history entry and a seg fault.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/fc.def
++++ b/builtins/fc.def
+@@ -304,7 +304,7 @@ fc_builtin (list)
+ last_hist = i - rh - hist_last_line_added;
+
+ /* XXX */
+- if (saved_command_line_count > 0 && i == last_hist && hlist[last_hist] == 0)
++ if (i == last_hist && hlist[last_hist] == 0)
+ while (last_hist >= 0 && hlist[last_hist] == 0)
+ last_hist--;
+ if (last_hist < 0)
+@@ -475,7 +475,7 @@ fc_gethnum (command, hlist)
+ HIST_ENTRY **hlist;
+ {
+ int sign, n, clen, rh;
+- register int i, j;
++ register int i, j, last_hist;
+ register char *s;
+
+ sign = 1;
+@@ -495,7 +495,15 @@ fc_gethnum (command, hlist)
+ has been enabled (interactive or not) should use it in the last_hist
+ calculation as if it were on. */
+ rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+- i -= rh + hist_last_line_added;
++ last_hist = i - rh - hist_last_line_added;
++
++ if (i == last_hist && hlist[last_hist] == 0)
++ while (last_hist >= 0 && hlist[last_hist] == 0)
++ last_hist--;
++ if (last_hist < 0)
++ return (-1);
++
++ i = last_hist;
+
+ /* No specification defaults to most recent command. */
+ if (command == NULL)
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 8
++#define PATCHLEVEL 9
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-010
+
+Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID: <201104122356.20160.vapier@gentoo.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00058.html
+
+Bug-Description:
+
+Bash did not correctly print/reproduce here documents attached to commands
+inside compound commands such as arithmetic for loops and user-specified
+subshells. This affected the execution of such commands inside a shell
+function when the function definition is saved and later restored using
+`.' or `eval'.
+
+Patch (apply with `patch -p0'):
+
+--- a/print_cmd.c
++++ b/print_cmd.c
+@@ -315,6 +315,7 @@ make_command_string_internal (command)
+ cprintf ("( ");
+ skip_this_indent++;
+ make_command_string_internal (command->value.Subshell->command);
++ PRINT_DEFERRED_HEREDOCS ("");
+ cprintf (" )");
+ break;
+
+@@ -592,6 +593,7 @@ print_arith_for_command (arith_for_comma
+ newline ("do\n");
+ indentation += indentation_amount;
+ make_command_string_internal (arith_for_command->action);
++ PRINT_DEFERRED_HEREDOCS ("");
+ semicolon ();
+ indentation -= indentation_amount;
+ newline ("done");
+@@ -653,6 +655,7 @@ print_group_command (group_command)
+ }
+
+ make_command_string_internal (group_command->command);
++ PRINT_DEFERRED_HEREDOCS ("");
+
+ if (inside_function_def)
+ {
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 9
++#define PATCHLEVEL 10
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-011
+
+Bug-Reported-by: "David Parks" <davidparks21@yahoo.com>
+Bug-Reference-ID: <014101cc82c6$46ac1540$d4043fc0$@com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-10/msg00031.html
+
+Bug-Description:
+
+Overwriting a value in an associative array causes the memory allocated to
+store the key on the second and subsequent assignments to leak.
+
+Patch (apply with `patch -p0'):
+
+--- a/assoc.c
++++ b/assoc.c
+@@ -77,6 +77,11 @@ assoc_insert (hash, key, value)
+ b = hash_search (key, hash, HASH_CREATE);
+ if (b == 0)
+ return -1;
++ /* If we are overwriting an existing element's value, we're not going to
++ use the key. Nothing in the array assignment code path frees the key
++ string, so we can free it here to avoid a memory leak. */
++ if (b->key != key)
++ free (key);
+ FREE (b->data);
+ b->data = value ? savestring (value) : (char *)0;
+ return (0);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 10
++#define PATCHLEVEL 11
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-012
+
+Bug-Reported-by: Rui Santos <rsantos@grupopie.com>
+Bug-Reference-ID: <4E04C6D0.2020507@grupopie.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00079.html
+
+Bug-Description:
+
+When calling the parser to recursively parse a command substitution within
+an arithmetic expansion, the shell overwrote the saved shell input line and
+associated state, resulting in a garbled command.
+
+Patch (apply with `patch -p0'):
+
+--- a/parse.y
++++ b/parse.y
+@@ -3842,6 +3842,7 @@ xparse_dolparen (base, string, indp, fla
+ int flags;
+ {
+ sh_parser_state_t ps;
++ sh_input_line_state_t ls;
+ int orig_ind, nc, sflags;
+ char *ret, *s, *ep, *ostring;
+
+@@ -3849,10 +3850,12 @@ xparse_dolparen (base, string, indp, fla
+ orig_ind = *indp;
+ ostring = string;
+
++/*itrace("xparse_dolparen: size = %d shell_input_line = `%s'", shell_input_line_size, shell_input_line);*/
+ sflags = SEVAL_NONINT|SEVAL_NOHIST|SEVAL_NOFREE;
+ if (flags & SX_NOLONGJMP)
+ sflags |= SEVAL_NOLONGJMP;
+ save_parser_state (&ps);
++ save_input_line_state (&ls);
+
+ /*(*/
+ parser_state |= PST_CMDSUBST|PST_EOFTOKEN; /* allow instant ')' */ /*(*/
+@@ -3861,6 +3864,8 @@ xparse_dolparen (base, string, indp, fla
+
+ restore_parser_state (&ps);
+ reset_parser ();
++ /* reset_parser clears shell_input_line and associated variables */
++ restore_input_line_state (&ls);
+ if (interactive)
+ token_to_read = 0;
+
+@@ -5908,6 +5913,12 @@ save_parser_state (ps)
+ ps->expand_aliases = expand_aliases;
+ ps->echo_input_at_read = echo_input_at_read;
+
++ ps->token = token;
++ ps->token_buffer_size = token_buffer_size;
++ /* Force reallocation on next call to read_token_word */
++ token = 0;
++ token_buffer_size = 0;
++
+ return (ps);
+ }
+
+@@ -5949,6 +5960,42 @@ restore_parser_state (ps)
+
+ expand_aliases = ps->expand_aliases;
+ echo_input_at_read = ps->echo_input_at_read;
++
++ FREE (token);
++ token = ps->token;
++ token_buffer_size = ps->token_buffer_size;
++}
++
++sh_input_line_state_t *
++save_input_line_state (ls)
++ sh_input_line_state_t *ls;
++{
++ if (ls == 0)
++ ls = (sh_input_line_state_t *)xmalloc (sizeof (sh_input_line_state_t));
++ if (ls == 0)
++ return ((sh_input_line_state_t *)NULL);
++
++ ls->input_line = shell_input_line;
++ ls->input_line_size = shell_input_line_size;
++ ls->input_line_len = shell_input_line_len;
++ ls->input_line_index = shell_input_line_index;
++
++ /* force reallocation */
++ shell_input_line = 0;
++ shell_input_line_size = shell_input_line_len = shell_input_line_index = 0;
++}
++
++void
++restore_input_line_state (ls)
++ sh_input_line_state_t *ls;
++{
++ FREE (shell_input_line);
++ shell_input_line = ls->input_line;
++ shell_input_line_size = ls->input_line_size;
++ shell_input_line_len = ls->input_line_len;
++ shell_input_line_index = ls->input_line_index;
++
++ set_line_mbstate ();
+ }
+
+ /************************************************
+--- a/shell.h
++++ b/shell.h
+@@ -136,6 +136,9 @@ typedef struct _sh_parser_state_t {
+ int parser_state;
+ int *token_state;
+
++ char *token;
++ int token_buffer_size;
++
+ /* input line state -- line number saved elsewhere */
+ int input_line_terminator;
+ int eof_encountered;
+@@ -166,6 +169,16 @@ typedef struct _sh_parser_state_t {
+
+ } sh_parser_state_t;
+
++typedef struct _sh_input_line_state_t {
++ char *input_line;
++ int input_line_index;
++ int input_line_size;
++ int input_line_len;
++} sh_input_line_state_t;
++
+ /* Let's try declaring these here. */
+ extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+ extern void restore_parser_state __P((sh_parser_state_t *));
++
++extern sh_input_line_state_t *save_input_line_state __P((sh_input_line_state_t *));
++extern void restore_input_line_state __P((sh_input_line_state_t *));
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 11
++#define PATCHLEVEL 12
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-013
+
+Bug-Reported-by: Marten Wikstrom <marten.wikstrom@keystream.se>
+Bug-Reference-ID: <BANLkTikKECAh94ZEX68iQvxYuPeEM_xoSQ@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-05/msg00049.html
+
+Bug-Description:
+
+An off-by-one error caused the shell to skip over CTLNUL characters,
+which are used internally to mark quoted null strings. The effect
+was to have stray 0x7f characters left after expanding words like
+""""""""aa.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -3706,7 +3706,10 @@ remove_quoted_nulls (string)
+ break;
+ }
+ else if (string[i] == CTLNUL)
+- i++;
++ {
++ i++;
++ continue;
++ }
+
+ prev_i = i;
+ ADVANCE_CHAR (string, slen, i);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 12
++#define PATCHLEVEL 13
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-014
+
+Bug-Reported-by: Shawn Bohrer <sbohrer@rgmadvisors.com>
+Bug-Reference-ID: <20110504152320.6E8F28130527@dev1.rgmadvisors.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-05/msg00018.html
+
+Bug-Description:
+
+The regular expression matching operator did not correctly match
+expressions with an embedded ^A.
+
+Patch (apply with `patch -p0'):
+
+--- a/pathexp.c
++++ b/pathexp.c
+@@ -196,7 +196,7 @@ quote_string_for_globbing (pathname, qfl
+ {
+ if ((qflags & QGLOB_FILENAME) && pathname[i+1] == '/')
+ continue;
+- if ((qflags & QGLOB_REGEXP) && ere_char (pathname[i+1]) == 0)
++ if (pathname[i+1] != CTLESC && (qflags & QGLOB_REGEXP) && ere_char (pathname[i+1]) == 0)
+ continue;
+ temp[j++] = '\\';
+ i++;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 13
++#define PATCHLEVEL 14
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-015
+
+Bug-Reported-by: <dnade.ext@orange-ftgroup.com>
+Bug-Reference-ID: <728_1312188080_4E3666B0_728_118711_1_3B5D3E0F95CC5C478D6500CDCE8B691F7AAAA4AA3D@PUEXCB2B.nanterre.francetelecom.fr>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-08/msg00000.html
+
+Bug-Description:
+
+When in a context where arithmetic evaluation is not taking place, the
+evaluator should not check for division by 0.
+
+Patch (apply with `patch -p0'):
+
+--- a/expr.c
++++ b/expr.c
+@@ -476,19 +476,23 @@ expassign ()
+
+ if (special)
+ {
++ if ((op == DIV || op == MOD) && value == 0)
++ {
++ if (noeval == 0)
++ evalerror (_("division by 0"));
++ else
++ value = 1;
++ }
++
+ switch (op)
+ {
+ case MUL:
+ lvalue *= value;
+ break;
+ case DIV:
+- if (value == 0)
+- evalerror (_("division by 0"));
+ lvalue /= value;
+ break;
+ case MOD:
+- if (value == 0)
+- evalerror (_("division by 0"));
+ lvalue %= value;
+ break;
+ case PLUS:
+@@ -804,7 +808,12 @@ exp2 ()
+ val2 = exppower ();
+
+ if (((op == DIV) || (op == MOD)) && (val2 == 0))
+- evalerror (_("division by 0"));
++ {
++ if (noeval == 0)
++ evalerror (_("division by 0"));
++ else
++ val2 = 1;
++ }
+
+ if (op == MUL)
+ val1 *= val2;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 14
++#define PATCHLEVEL 15
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-016
+
+Bug-Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
+Bug-Reference-ID: <4E43AD9E.8060501@gmx.net>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-08/msg00141.html
+
+Bug-Description:
+
+Bash should not check for mail while executing the `eval' builtin.
+
+Patch (apply with `patch -p0'):
+
+--- a/parse.y
++++ b/parse.y
+@@ -2499,7 +2499,7 @@ yylex ()
+ We do this only if it is time to do so. Notice that only here
+ is the mail alarm reset; nothing takes place in check_mail ()
+ except the checking of mail. Please don't change this. */
+- if (prompt_is_ps1 && time_to_check_mail ())
++ if (prompt_is_ps1 && parse_and_execute_level == 0 && time_to_check_mail ())
+ {
+ check_mail ();
+ reset_mail_timer ();
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 15
++#define PATCHLEVEL 16
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-017
+
+Bug-Reported-by: Curtis Doty <Curtis@GreenKey.net>
+Bug-Reference-ID: <20110621035324.A4F70849F59@mx1.iParadigms.net>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00053.html
+
+Bug-Description:
+
+Using `read -a foo' where foo was an already-declared associative array
+caused the shell to die with a segmentation fault.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/read.def
++++ b/builtins/read.def
+@@ -642,6 +642,12 @@ assign_vars:
+ xfree (input_string);
+ return EXECUTION_FAILURE; /* readonly or noassign */
+ }
++ if (assoc_p (var))
++ {
++ builtin_error (_("%s: cannot convert associative to indexed array"), arrayname);
++ xfree (input_string);
++ return EXECUTION_FAILURE; /* existing associative array */
++ }
+ array_flush (array_cell (var));
+
+ alist = list_string (input_string, ifs_chars, 0);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 16
++#define PATCHLEVEL 17
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-018
+
+Bug-Reported-by: Thomas Cort <tcort@minix3.org>
+Bug-Reference-ID: <BANLkTik-ebGGw3k_1YtB=RyfV1bsqdxC_g@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-06/msg00110.html
+
+Bug-Description:
+
+Bash fails to compile unless JOB_CONTROL is defined.
+
+Patch (apply with `patch -p0'):
+
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -2196,6 +2196,7 @@ execute_pipeline (command, asynchronous,
+ if (ignore_return && cmd)
+ cmd->flags |= CMD_IGNORE_RETURN;
+
++#if defined (JOB_CONTROL)
+ lastpipe_flag = 0;
+ begin_unwind_frame ("lastpipe-exec");
+ lstdin = -1;
+@@ -2219,15 +2220,19 @@ execute_pipeline (command, asynchronous,
+ lastpipe_jid = stop_pipeline (0, (COMMAND *)NULL); /* XXX */
+ add_unwind_protect (lastpipe_cleanup, lastpipe_jid);
+ }
+- cmd->flags |= CMD_LASTPIPE;
++ if (cmd)
++ cmd->flags |= CMD_LASTPIPE;
+ }
+ if (prev >= 0)
+ add_unwind_protect (close, prev);
++#endif
+
+ exec_result = execute_command_internal (cmd, asynchronous, prev, pipe_out, fds_to_close);
+
++#if defined (JOB_CONTROL)
+ if (lstdin > 0)
+ restore_stdin (lstdin);
++#endif
+
+ if (prev >= 0)
+ close (prev);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 17
++#define PATCHLEVEL 18
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-019
+
+Bug-Reported-by: Diego Augusto Molina <diegoaugustomolina@gmail.com>
+Bug-Reference-ID: <CAGOxLdHcSQu3ck9Qy3pRjj_NBU5tAPSAvNm-95-nLQ9Szwb6aA@mail.gmail.com>
+Bug-Reference-URL: lists.gnu.org/archive/html/bug-bash/2011-09/msg00047.html
+
+Bug-Description:
+
+Using `declare' with attributes and an invalid array variable name or
+assignment reference resulted in a segmentation fault instead of a
+declaration error.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/declare.def
++++ b/builtins/declare.def
+@@ -513,6 +513,11 @@ declare_internal (list, local_var)
+ *subscript_start = '['; /* ] */
+ var = assign_array_element (name, value, 0); /* XXX - not aflags */
+ *subscript_start = '\0';
++ if (var == 0) /* some kind of assignment error */
++ {
++ assign_error++;
++ NEXT_VARIABLE ();
++ }
+ }
+ else if (simple_array_assign)
+ {
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 18
++#define PATCHLEVEL 19
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-020
+
+Bug-Reported-by: Vincent Sheffer <vince.sheffer@apisphere.com>
+Bug-Reference-ID: <F13C1C4F-C44C-4071-BFED-4BB6D13CF92F@apisphere.com>
+Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-readline/2011-08/msg00000.html
+
+Bug-Description:
+
+The shared object helper script needs to be updated for Mac OS X 10.7
+(Lion, darwin11).
+
+Patch (apply with `patch -p0'):
+
+--- a/support/shobj-conf
++++ b/support/shobj-conf
+@@ -157,7 +157,7 @@ freebsd[4-9]*|freebsdelf*|dragonfly*)
+ ;;
+
+ # Darwin/MacOS X
+-darwin[89]*|darwin10*)
++darwin[89]*|darwin1[012]*)
+ SHOBJ_STATUS=supported
+ SHLIB_STATUS=supported
+
+@@ -186,7 +186,7 @@ darwin*|macosx*)
+ SHLIB_LIBSUFF='dylib'
+
+ case "${host_os}" in
+- darwin[789]*|darwin10*) SHOBJ_LDFLAGS=''
++ darwin[789]*|darwin1[012]*) SHOBJ_LDFLAGS=''
+ SHLIB_XLDFLAGS='-dynamiclib -arch_only `/usr/bin/arch` -install_name $(libdir)/$@ -current_version $(SHLIB_MAJOR)$(SHLIB_MINOR) -compatibility_version $(SHLIB_MAJOR) -v'
+ ;;
+ *) SHOBJ_LDFLAGS='-dynamic'
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 19
++#define PATCHLEVEL 20
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-021
+
+Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID: <4585554.nZWb4q7YoZ@smorgbox>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-12/msg00084.html
+
+Bug-Description:
+
+Using `read -N' to assign values to an array can result in NUL values being
+assigned to some array elements. These values cause seg faults when referenced
+later.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/read.def
++++ b/builtins/read.def
+@@ -737,7 +737,7 @@ assign_vars:
+ xfree (t1);
+ }
+ else
+- var = bind_read_variable (varname, t);
++ var = bind_read_variable (varname, t ? t : "");
+ }
+ else
+ {
+@@ -798,7 +798,7 @@ assign_vars:
+ xfree (t);
+ }
+ else
+- var = bind_read_variable (list->word->word, input_string);
++ var = bind_read_variable (list->word->word, input_string ? input_string : "");
+
+ if (var)
+ {
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 20
++#define PATCHLEVEL 21
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-022
+
+Bug-Reported-by: Gregory Margo <gmargo@pacbell.net>
+Bug-Reference-ID: <20110727174529.GA3333@pacbell.net>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-07/msg00102.html
+
+Bug-Description:
+
+The return value from lseek is `off_t'. This can cause corrupted return
+values when the file offset is greater than 2**31 - 1.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/sh/zread.c
++++ b/lib/sh/zread.c
+@@ -160,14 +160,13 @@ void
+ zsyncfd (fd)
+ int fd;
+ {
+- off_t off;
+- int r;
++ off_t off, r;
+
+ off = lused - lind;
+ r = 0;
+ if (off > 0)
+ r = lseek (fd, -off, SEEK_CUR);
+
+- if (r >= 0)
++ if (r != -1)
+ lused = lind = 0;
+ }
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 21
++#define PATCHLEVEL 22
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-023
+
+Bug-Reported-by: Ewan Mellor <Ewan.Mellor@eu.citrix.com>
+Bug-Reference-ID: <6005BE083BF501439A84DC3523BAC82DC4B964FD12@LONPMAILBOX01.citrite.net>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under some circumstances, an exit trap triggered by a bad substitution
+error when errexit is enabled will cause the shell to exit with an
+incorrect exit status (0).
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -7274,6 +7274,7 @@ parameter_brace_expand (string, indexp,
+ default:
+ case '\0':
+ bad_substitution:
++ last_command_exit_value = EXECUTION_FAILURE;
+ report_error (_("%s: bad substitution"), string ? string : "??");
+ FREE (value);
+ FREE (temp);
+--- a/error.c
++++ b/error.c
+@@ -200,7 +200,11 @@ report_error (format, va_alist)
+
+ va_end (args);
+ if (exit_immediately_on_error)
+- exit_shell (1);
++ {
++ if (last_command_exit_value == 0)
++ last_command_exit_value = 1;
++ exit_shell (last_command_exit_value);
++ }
+ }
+
+ void
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 22
++#define PATCHLEVEL 23
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-024
+
+Bug-Reported-by: Jim Avera <james_avera@yahoo.com>
+Bug-Reference-ID: <4F29E07A.80405@yahoo.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-02/msg00001.html
+
+Bug-Description:
+
+When `printf -v' is used to set an array element, the format string contains
+`%b', and the corresponding argument is the empty string, the buffer used
+to store the value to be assigned can be NULL, which results in NUL being
+assigned to the array element. This causes a seg fault when it's used later.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/printf.def
++++ b/builtins/printf.def
+@@ -255,6 +255,8 @@ printf_builtin (list)
+ #endif
+ {
+ vflag = 1;
++ if (vbsize == 0)
++ vbuf = xmalloc (vbsize = 16);
+ vblen = 0;
+ if (vbuf)
+ vbuf[0] = 0;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 23
++#define PATCHLEVEL 24
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-025
+
+Bug-Reported-by: Bill Gradwohl <bill@ycc.com>
+Bug-Reference-ID: <CAFyvKis-UfuOWr5THBRKh=vYHDoKEEgdW8hN1RviTuYQ00Lu5A@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/help-bash/2012-03/msg00078.html
+
+Bug-Description:
+
+When used in a shell function, `declare -g -a array=(compound assignment)'
+creates a local variable instead of a global one.
+
+Patch (apply with `patch -p0'):
+
+--- a/command.h
++++ b/command.h
+@@ -97,6 +97,7 @@ enum command_type { cm_for, cm_case, cm_
+ #define W_HASCTLESC 0x200000 /* word contains literal CTLESC characters */
+ #define W_ASSIGNASSOC 0x400000 /* word looks like associative array assignment */
+ #define W_ARRAYIND 0x800000 /* word is an array index being expanded */
++#define W_ASSNGLOBAL 0x1000000 /* word is a global assignment to declare (declare/typeset -g) */
+
+ /* Possible values for subshell_environment */
+ #define SUBSHELL_ASYNC 0x01 /* subshell caused by `command &' */
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -3584,13 +3584,13 @@ fix_assignment_words (words)
+ {
+ WORD_LIST *w;
+ struct builtin *b;
+- int assoc;
++ int assoc, global;
+
+ if (words == 0)
+ return;
+
+ b = 0;
+- assoc = 0;
++ assoc = global = 0;
+
+ for (w = words; w; w = w->next)
+ if (w->word->flags & W_ASSIGNMENT)
+@@ -3607,12 +3607,17 @@ fix_assignment_words (words)
+ #if defined (ARRAY_VARS)
+ if (assoc)
+ w->word->flags |= W_ASSIGNASSOC;
++ if (global)
++ w->word->flags |= W_ASSNGLOBAL;
+ #endif
+ }
+ #if defined (ARRAY_VARS)
+ /* Note that we saw an associative array option to a builtin that takes
+ assignment statements. This is a bit of a kludge. */
+- else if (w->word->word[0] == '-' && strchr (w->word->word, 'A'))
++ else if (w->word->word[0] == '-' && (strchr (w->word->word+1, 'A') || strchr (w->word->word+1, 'g')))
++#else
++ else if (w->word->word[0] == '-' && strchr (w->word->word+1, 'g'))
++#endif
+ {
+ if (b == 0)
+ {
+@@ -3622,10 +3627,11 @@ fix_assignment_words (words)
+ else if (b && (b->flags & ASSIGNMENT_BUILTIN))
+ words->word->flags |= W_ASSNBLTIN;
+ }
+- if (words->word->flags & W_ASSNBLTIN)
++ if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'A'))
+ assoc = 1;
++ if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'g'))
++ global = 1;
+ }
+-#endif
+ }
+
+ /* Return 1 if the file found by searching $PATH for PATHNAME, defaulting
+--- a/subst.c
++++ b/subst.c
+@@ -366,6 +366,11 @@ dump_word_flags (flags)
+ f &= ~W_ASSNBLTIN;
+ fprintf (stderr, "W_ASSNBLTIN%s", f ? "|" : "");
+ }
++ if (f & W_ASSNGLOBAL)
++ {
++ f &= ~W_ASSNGLOBAL;
++ fprintf (stderr, "W_ASSNGLOBAL%s", f ? "|" : "");
++ }
+ if (f & W_COMPASSIGN)
+ {
+ f &= ~W_COMPASSIGN;
+@@ -2803,7 +2808,7 @@ do_assignment_internal (word, expand)
+ }
+ else if (assign_list)
+ {
+- if (word->flags & W_ASSIGNARG)
++ if ((word->flags & W_ASSIGNARG) && (word->flags & W_ASSNGLOBAL) == 0)
+ aflags |= ASS_MKLOCAL;
+ if (word->flags & W_ASSIGNASSOC)
+ aflags |= ASS_MKASSOC;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 24
++#define PATCHLEVEL 25
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-026
+
+Bug-Reported-by: Greg Wooledge <wooledg@eeg.ccf.org>
+Bug-Reference-ID: <20120425180443.GO22241@eeg.ccf.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00172.html
+
+Bug-Description:
+
+The `lastpipe' option does not behave correctly on machines where the
+open file limit is less than 256.
+
+Patch (apply with `patch -p0'):
+
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -2209,7 +2209,7 @@ execute_pipeline (command, asynchronous,
+ #endif
+ asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+ {
+- lstdin = move_to_high_fd (0, 0, 255);
++ lstdin = move_to_high_fd (0, 1, -1);
+ if (lstdin > 0)
+ {
+ do_piping (prev, pipe_out);
+@@ -2255,7 +2255,9 @@ execute_pipeline (command, asynchronous,
+ unfreeze_jobs_list ();
+ }
+
++#if defined (JOB_CONTROL)
+ discard_unwind_frame ("lastpipe-exec");
++#endif
+
+ return (exec_result);
+ }
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 25
++#define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-027
+
+Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID: <201204211243.30163.vapier@gentoo.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00134.html
+
+Bug-Description:
+
+When the `extglob' shell option is enabled, pattern substitution does not
+work correctly in the presence of multibyte characters.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -4166,7 +4166,7 @@ match_wpattern (wstring, indices, wstrle
+ simple = (wpat[0] != L'\\' && wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'[');
+ #if defined (EXTENDED_GLOB)
+ if (extended_glob)
+- simple |= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
++ simple &= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
+ #endif
+
+ /* If the pattern doesn't match anywhere in the string, go ahead and
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 26
++#define PATCHLEVEL 27
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-028
+
+Bug-Reported-by: Mark Edgar <medgar123@gmail.com>
+Bug-Reference-ID: <CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html
+
+Bug-Description:
+
+When using a word expansion for which the right hand side is evaluated,
+certain expansions of quoted null strings include spurious ^? characters.
+
+Patch (apply with `patch -p0'):
+
+--- a/subst.c
++++ b/subst.c
+@@ -5809,6 +5809,16 @@ parameter_brace_expand_rhs (name, value,
+ is the only expansion that creates more than one word. */
+ if (qdollaratp && ((hasdol && quoted) || l->next))
+ *qdollaratp = 1;
++ /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
++ a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
++ flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
++ expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
++ (which is more paranoia than anything else), we need to return the
++ quoted null string and set the flags to indicate it. */
++ if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
++ {
++ w->flags |= W_HASQUOTEDNULL;
++ }
+ dispose_words (l);
+ }
+ else if ((quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && hasdol)
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 27
++#define PATCHLEVEL 28
+
+ #endif /* _PATCHLEVEL_H_ */
projects / packages.git / commitdiff