Bump bash to version 4.2 patchlevel 37.
Fixes CVE-2012-3410.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-021
+
+Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID: <4585554.nZWb4q7YoZ@smorgbox>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-12/msg00084.html
+
+Bug-Description:
+
+Using `read -N' to assign values to an array can result in NUL values being
+assigned to some array elements. These values cause seg faults when referenced
+later.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/read.def 2011-11-21 18:03:38.000000000 -0500
+--- ./builtins/read.def 2011-12-19 19:52:12.000000000 -0500
+***************
+*** 738,742 ****
+ }
+ else
+! var = bind_read_variable (varname, t);
+ }
+ else
+--- 775,779 ----
+ }
+ else
+! var = bind_read_variable (varname, t ? t : "");
+ }
+ else
+***************
+*** 799,803 ****
+ }
+ else
+! var = bind_read_variable (list->word->word, input_string);
+
+ if (var)
+--- 836,840 ----
+ }
+ else
+! var = bind_read_variable (list->word->word, input_string ? input_string : "");
+
+ if (var)
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 20
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 21
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-022
+
+Bug-Reported-by: Gregory Margo <gmargo@pacbell.net>
+Bug-Reference-ID: <20110727174529.GA3333@pacbell.net>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-07/msg00102.html
+
+Bug-Description:
+
+The return value from lseek is `off_t'. This can cause corrupted return
+values when the file offset is greater than 2**31 - 1.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/sh/zread.c Mon Mar 2 08:54:45 2009
+--- ./lib/sh/zread.c Thu Jul 28 18:16:53 2011
+***************
+*** 161,166 ****
+ int fd;
+ {
+! off_t off;
+! int r;
+
+ off = lused - lind;
+--- 161,165 ----
+ int fd;
+ {
+! off_t off, r;
+
+ off = lused - lind;
+***************
+*** 169,173 ****
+ r = lseek (fd, -off, SEEK_CUR);
+
+! if (r >= 0)
+ lused = lind = 0;
+ }
+--- 168,172 ----
+ r = lseek (fd, -off, SEEK_CUR);
+
+! if (r != -1)
+ lused = lind = 0;
+ }
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 21
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 22
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-023
+
+Bug-Reported-by: Ewan Mellor <Ewan.Mellor@eu.citrix.com>
+Bug-Reference-ID: <6005BE083BF501439A84DC3523BAC82DC4B964FD12@LONPMAILBOX01.citrite.net>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under some circumstances, an exit trap triggered by a bad substitution
+error when errexit is enabled will cause the shell to exit with an
+incorrect exit status (0).
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c 2011-11-21 12:04:38.000000000 -0500
+--- ./subst.c 2012-02-08 13:36:28.000000000 -0500
+***************
+*** 7275,7278 ****
+--- 7281,7285 ----
+ case '\0':
+ bad_substitution:
++ last_command_exit_value = EXECUTION_FAILURE;
+ report_error (_("%s: bad substitution"), string ? string : "??");
+ FREE (value);
+*** ../bash-4.2-patched/error.c 2009-08-21 22:31:31.000000000 -0400
+--- ./error.c 2012-02-25 15:54:40.000000000 -0500
+***************
+*** 201,205 ****
+ va_end (args);
+ if (exit_immediately_on_error)
+! exit_shell (1);
+ }
+
+--- 201,209 ----
+ va_end (args);
+ if (exit_immediately_on_error)
+! {
+! if (last_command_exit_value == 0)
+! last_command_exit_value = 1;
+! exit_shell (last_command_exit_value);
+! }
+ }
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 22
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 23
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-024
+
+Bug-Reported-by: Jim Avera <james_avera@yahoo.com>
+Bug-Reference-ID: <4F29E07A.80405@yahoo.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-02/msg00001.html
+
+Bug-Description:
+
+When `printf -v' is used to set an array element, the format string contains
+`%b', and the corresponding argument is the empty string, the buffer used
+to store the value to be assigned can be NULL, which results in NUL being
+assigned to the array element. This causes a seg fault when it's used later.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/printf.def 2011-02-25 12:07:41.000000000 -0500
+--- ./builtins/printf.def 2012-02-02 08:37:12.000000000 -0500
+***************
+*** 256,259 ****
+--- 257,262 ----
+ {
+ vflag = 1;
++ if (vbsize == 0)
++ vbuf = xmalloc (vbsize = 16);
+ vblen = 0;
+ if (vbuf)
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 23
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 24
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-025
+
+Bug-Reported-by: Bill Gradwohl <bill@ycc.com>
+Bug-Reference-ID: <CAFyvKis-UfuOWr5THBRKh=vYHDoKEEgdW8hN1RviTuYQ00Lu5A@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/help-bash/2012-03/msg00078.html
+
+Bug-Description:
+
+When used in a shell function, `declare -g -a array=(compound assignment)'
+creates a local variable instead of a global one.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/command.h 2010-08-02 19:36:51.000000000 -0400
+--- ./command.h 2012-04-01 12:38:35.000000000 -0400
+***************
+*** 98,101 ****
+--- 98,102 ----
+ #define W_ASSIGNASSOC 0x400000 /* word looks like associative array assignment */
+ #define W_ARRAYIND 0x800000 /* word is an array index being expanded */
++ #define W_ASSNGLOBAL 0x1000000 /* word is a global assignment to declare (declare/typeset -g) */
+
+ /* Possible values for subshell_environment */
+*** ../bash-4.2-patched/execute_cmd.c 2011-11-21 18:03:41.000000000 -0500
+--- ./execute_cmd.c 2012-04-01 12:42:03.000000000 -0400
+***************
+*** 3581,3585 ****
+ WORD_LIST *w;
+ struct builtin *b;
+! int assoc;
+
+ if (words == 0)
+--- 3581,3585 ----
+ WORD_LIST *w;
+ struct builtin *b;
+! int assoc, global;
+
+ if (words == 0)
+***************
+*** 3587,3591 ****
+
+ b = 0;
+! assoc = 0;
+
+ for (w = words; w; w = w->next)
+--- 3587,3591 ----
+
+ b = 0;
+! assoc = global = 0;
+
+ for (w = words; w; w = w->next)
+***************
+*** 3604,3607 ****
+--- 3604,3609 ----
+ if (assoc)
+ w->word->flags |= W_ASSIGNASSOC;
++ if (global)
++ w->word->flags |= W_ASSNGLOBAL;
+ #endif
+ }
+***************
+*** 3609,3613 ****
+ /* Note that we saw an associative array option to a builtin that takes
+ assignment statements. This is a bit of a kludge. */
+! else if (w->word->word[0] == '-' && strchr (w->word->word, 'A'))
+ {
+ if (b == 0)
+--- 3611,3618 ----
+ /* Note that we saw an associative array option to a builtin that takes
+ assignment statements. This is a bit of a kludge. */
+! else if (w->word->word[0] == '-' && (strchr (w->word->word+1, 'A') || strchr (w->word->word+1, 'g')))
+! #else
+! else if (w->word->word[0] == '-' && strchr (w->word->word+1, 'g'))
+! #endif
+ {
+ if (b == 0)
+***************
+*** 3619,3626 ****
+ words->word->flags |= W_ASSNBLTIN;
+ }
+! if (words->word->flags & W_ASSNBLTIN)
+ assoc = 1;
+ }
+- #endif
+ }
+
+--- 3624,3632 ----
+ words->word->flags |= W_ASSNBLTIN;
+ }
+! if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'A'))
+ assoc = 1;
++ if ((words->word->flags & W_ASSNBLTIN) && strchr (w->word->word+1, 'g'))
++ global = 1;
+ }
+ }
+
+*** ../bash-4.2-patched/subst.c 2012-03-11 17:35:13.000000000 -0400
+--- ./subst.c 2012-04-01 12:38:35.000000000 -0400
+***************
+*** 367,370 ****
+--- 367,375 ----
+ fprintf (stderr, "W_ASSNBLTIN%s", f ? "|" : "");
+ }
++ if (f & W_ASSNGLOBAL)
++ {
++ f &= ~W_ASSNGLOBAL;
++ fprintf (stderr, "W_ASSNGLOBAL%s", f ? "|" : "");
++ }
+ if (f & W_COMPASSIGN)
+ {
+***************
+*** 2804,2808 ****
+ else if (assign_list)
+ {
+! if (word->flags & W_ASSIGNARG)
+ aflags |= ASS_MKLOCAL;
+ if (word->flags & W_ASSIGNASSOC)
+--- 2809,2813 ----
+ else if (assign_list)
+ {
+! if ((word->flags & W_ASSIGNARG) && (word->flags & W_ASSNGLOBAL) == 0)
+ aflags |= ASS_MKLOCAL;
+ if (word->flags & W_ASSIGNASSOC)
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 24
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 25
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-026
+
+Bug-Reported-by: Greg Wooledge <wooledg@eeg.ccf.org>
+Bug-Reference-ID: <20120425180443.GO22241@eeg.ccf.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00172.html
+
+Bug-Description:
+
+The `lastpipe' option does not behave correctly on machines where the
+open file limit is less than 256.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/execute_cmd.c 2011-11-21 12:04:47.000000000 -0500
+--- ./execute_cmd.c 2012-04-26 11:09:30.000000000 -0400
+***************
+*** 2206,2210 ****
+ if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+ {
+! lstdin = move_to_high_fd (0, 0, 255);
+ if (lstdin > 0)
+ {
+--- 2325,2329 ----
+ if (lastpipe_opt && job_control == 0 && asynchronous == 0 && pipe_out == NO_PIPE && prev > 0)
+ {
+! lstdin = move_to_high_fd (0, 1, -1);
+ if (lstdin > 0)
+ {
+***************
+*** 2252,2256 ****
+--- 2371,2377 ----
+ }
+
++ #if defined (JOB_CONTROL)
+ discard_unwind_frame ("lastpipe-exec");
++ #endif
+
+ return (exec_result);
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 25
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-027
+
+Bug-Reported-by: Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID: <201204211243.30163.vapier@gentoo.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-04/msg00134.html
+
+Bug-Description:
+
+When the `extglob' shell option is enabled, pattern substitution does not
+work correctly in the presence of multibyte characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c 2012-03-11 17:52:57.000000000 -0400
+--- ./subst.c 2012-04-22 16:19:10.000000000 -0400
+***************
+*** 4167,4171 ****
+ #if defined (EXTENDED_GLOB)
+ if (extended_glob)
+! simple |= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
+ #endif
+
+--- 4167,4171 ----
+ #if defined (EXTENDED_GLOB)
+ if (extended_glob)
+! simple &= (wpat[1] != L'(' || (wpat[0] != L'*' && wpat[0] != L'?' && wpat[0] != L'+' && wpat[0] != L'!' && wpat[0] != L'@')); /*)*/
+ #endif
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 26
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-028
+
+Bug-Reported-by: Mark Edgar <medgar123@gmail.com>
+Bug-Reference-ID: <CABHMh_3d+ZgO_zaEtYXPwK4P7tC0ghZ4g=Ue_TRpsEMf5YDsqw@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-03/msg00109.html
+
+Bug-Description:
+
+When using a word expansion for which the right hand side is evaluated,
+certain expansions of quoted null strings include spurious ^? characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c 2012-03-11 17:35:13.000000000 -0400
+--- ./subst.c 2012-03-20 19:30:13.000000000 -0400
+***************
+*** 5810,5813 ****
+--- 5810,5823 ----
+ if (qdollaratp && ((hasdol && quoted) || l->next))
+ *qdollaratp = 1;
++ /* If we have a quoted null result (QUOTED_NULL(temp)) and the word is
++ a quoted null (l->next == 0 && QUOTED_NULL(l->word->word)), the
++ flags indicate it (l->word->flags & W_HASQUOTEDNULL), and the
++ expansion is quoted (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
++ (which is more paranoia than anything else), we need to return the
++ quoted null string and set the flags to indicate it. */
++ if (l->next == 0 && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)) && QUOTED_NULL(temp) && QUOTED_NULL(l->word->word) && (l->word->flags & W_HASQUOTEDNULL))
++ {
++ w->flags |= W_HASQUOTEDNULL;
++ }
+ dispose_words (l);
+ }
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 27
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 28
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-029
+
+Bug-Reported-by: "Michael Kalisz" <michael@kalisz.homelinux.net>
+Bug-Reference-ID: <50241.78.69.11.112.1298585641.squirrel@kalisz.homelinux.net>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-02/msg00274.html
+
+Bug-Description:
+
+Bash-4.2 tries to leave completed directory names as the user typed them,
+without expanding them to a full pathname. One effect of this is that
+shell variables used in pathnames being completed (e.g., $HOME) are left
+unchanged, but the `$' is quoted by readline because it is a special
+character to the shell.
+
+This patch introduces two things:
+
+1. A new shell option, `direxpand', which, if set, attempts to emulate the
+ bash-4.1 behavior of expanding words to full pathnames during
+ completion;
+2. A set of heuristics that reduce the number of times special characters
+ such as `$' are quoted when the directory name is not expanded.
+
+Patch (apply with `patch -p0'):
+
+diff -NrC 2 ../bash-4.2-patched/bashline.c ./bashline.c
+*** ../bash-4.2-patched/bashline.c 2011-01-16 15:32:47.000000000 -0500
+--- ./bashline.c 2012-05-07 16:27:18.000000000 -0400
+***************
+*** 122,125 ****
+--- 122,128 ----
+ static int bash_push_line __P((void));
+
++ static rl_icppfunc_t *save_directory_hook __P((void));
++ static void reset_directory_hook __P((rl_icppfunc_t *));
++
+ static void cleanup_expansion_error __P((void));
+ static void maybe_make_readline_line __P((char *));
+***************
+*** 244,251 ****
+--- 247,261 ----
+ int dircomplete_spelling = 0;
+
++ /* Expand directory names during word/filename completion. */
++ int dircomplete_expand = 0;
++ int dircomplete_expand_relpath = 0;
++
+ static char *bash_completer_word_break_characters = " \t\n\"'@><=;|&(:";
+ static char *bash_nohostname_word_break_characters = " \t\n\"'><=;|&(:";
+ /* )) */
+
++ static const char *default_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~"; /*}*/
++ static char *custom_filename_quote_characters = 0;
++
+ static rl_hook_func_t *old_rl_startup_hook = (rl_hook_func_t *)NULL;
+
+***************
+*** 502,506 ****
+ /* Tell the completer that we might want to follow symbolic links or
+ do other expansion on directory names. */
+! rl_directory_rewrite_hook = bash_directory_completion_hook;
+
+ rl_filename_rewrite_hook = bash_filename_rewrite_hook;
+--- 512,516 ----
+ /* Tell the completer that we might want to follow symbolic links or
+ do other expansion on directory names. */
+! set_directory_hook ();
+
+ rl_filename_rewrite_hook = bash_filename_rewrite_hook;
+***************
+*** 530,534 ****
+
+ /* characters that need to be quoted when appearing in filenames. */
+! rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{~"; /*}*/
+
+ rl_filename_quoting_function = bash_quote_filename;
+--- 540,544 ----
+
+ /* characters that need to be quoted when appearing in filenames. */
+! rl_filename_quote_characters = default_filename_quote_characters;
+
+ rl_filename_quoting_function = bash_quote_filename;
+***************
+*** 565,570 ****
+ rl_attempted_completion_function = attempt_shell_completion;
+ rl_completion_entry_function = NULL;
+- rl_directory_rewrite_hook = bash_directory_completion_hook;
+ rl_ignore_some_completions_function = filename_completion_ignore;
+ }
+
+--- 575,582 ----
+ rl_attempted_completion_function = attempt_shell_completion;
+ rl_completion_entry_function = NULL;
+ rl_ignore_some_completions_function = filename_completion_ignore;
++ rl_filename_quote_characters = default_filename_quote_characters;
++
++ set_directory_hook ();
+ }
+
+***************
+*** 1280,1283 ****
+--- 1292,1298 ----
+ rl_ignore_some_completions_function = filename_completion_ignore;
+
++ rl_filename_quote_characters = default_filename_quote_characters;
++ set_directory_hook ();
++
+ /* Determine if this could be a command word. It is if it appears at
+ the start of the line (ignoring preceding whitespace), or if it
+***************
+*** 1592,1595 ****
+--- 1607,1616 ----
+ else
+ {
++ if (dircomplete_expand && dot_or_dotdot (filename_hint))
++ {
++ dircomplete_expand = 0;
++ set_directory_hook ();
++ dircomplete_expand = 1;
++ }
+ mapping_over = 4;
+ goto inner;
+***************
+*** 1792,1795 ****
+--- 1813,1819 ----
+ inner:
+ val = rl_filename_completion_function (filename_hint, istate);
++ if (mapping_over == 4 && dircomplete_expand)
++ set_directory_hook ();
++
+ istate = 1;
+
+***************
+*** 2694,2697 ****
+--- 2718,2767 ----
+ }
+
++ /* Functions to save and restore the appropriate directory hook */
++ /* This is not static so the shopt code can call it */
++ void
++ set_directory_hook ()
++ {
++ if (dircomplete_expand)
++ {
++ rl_directory_completion_hook = bash_directory_completion_hook;
++ rl_directory_rewrite_hook = (rl_icppfunc_t *)0;
++ }
++ else
++ {
++ rl_directory_rewrite_hook = bash_directory_completion_hook;
++ rl_directory_completion_hook = (rl_icppfunc_t *)0;
++ }
++ }
++
++ static rl_icppfunc_t *
++ save_directory_hook ()
++ {
++ rl_icppfunc_t *ret;
++
++ if (dircomplete_expand)
++ {
++ ret = rl_directory_completion_hook;
++ rl_directory_completion_hook = (rl_icppfunc_t *)NULL;
++ }
++ else
++ {
++ ret = rl_directory_rewrite_hook;
++ rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
++ }
++
++ return ret;
++ }
++
++ static void
++ restore_directory_hook (hookf)
++ rl_icppfunc_t *hookf;
++ {
++ if (dircomplete_expand)
++ rl_directory_completion_hook = hookf;
++ else
++ rl_directory_rewrite_hook = hookf;
++ }
++
+ /* Handle symbolic link references and other directory name
+ expansions while hacking completion. This should return 1 if it modifies
+***************
+*** 2703,2720 ****
+ {
+ char *local_dirname, *new_dirname, *t;
+! int return_value, should_expand_dirname;
+ WORD_LIST *wl;
+ struct stat sb;
+
+! return_value = should_expand_dirname = 0;
+ local_dirname = *dirname;
+
+! if (mbschr (local_dirname, '$'))
+! should_expand_dirname = 1;
+ else
+ {
+ t = mbschr (local_dirname, '`');
+ if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
+! should_expand_dirname = 1;
+ }
+
+--- 2773,2801 ----
+ {
+ char *local_dirname, *new_dirname, *t;
+! int return_value, should_expand_dirname, nextch, closer;
+ WORD_LIST *wl;
+ struct stat sb;
+
+! return_value = should_expand_dirname = nextch = closer = 0;
+ local_dirname = *dirname;
+
+! if (t = mbschr (local_dirname, '$'))
+! {
+! should_expand_dirname = '$';
+! nextch = t[1];
+! /* Deliberately does not handle the deprecated $[...] arithmetic
+! expansion syntax */
+! if (nextch == '(')
+! closer = ')';
+! else if (nextch == '{')
+! closer = '}';
+! else
+! nextch = 0;
+! }
+ else
+ {
+ t = mbschr (local_dirname, '`');
+ if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0)
+! should_expand_dirname = '`';
+ }
+
+***************
+*** 2740,2743 ****
+--- 2821,2841 ----
+ dispose_words (wl);
+ local_dirname = *dirname;
++ /* XXX - change rl_filename_quote_characters here based on
++ should_expand_dirname/nextch/closer. This is the only place
++ custom_filename_quote_characters is modified. */
++ if (rl_filename_quote_characters && *rl_filename_quote_characters)
++ {
++ int i, j, c;
++ i = strlen (default_filename_quote_characters);
++ custom_filename_quote_characters = xrealloc (custom_filename_quote_characters, i+1);
++ for (i = j = 0; c = default_filename_quote_characters[i]; i++)
++ {
++ if (c == should_expand_dirname || c == nextch || c == closer)
++ continue;
++ custom_filename_quote_characters[j++] = c;
++ }
++ custom_filename_quote_characters[j] = '\0';
++ rl_filename_quote_characters = custom_filename_quote_characters;
++ }
+ }
+ else
+***************
+*** 2759,2762 ****
+--- 2857,2871 ----
+ }
+
++ /* no_symbolic_links == 0 -> use (default) logical view of the file system.
++ local_dirname[0] == '.' && local_dirname[1] == '/' means files in the
++ current directory (./).
++ local_dirname[0] == '.' && local_dirname[1] == 0 means relative pathnames
++ in the current directory (e.g., lib/sh).
++ XXX - should we do spelling correction on these? */
++
++ /* This is test as it was in bash-4.2: skip relative pathnames in current
++ directory. Change test to
++ (local_dirname[0] != '.' || (local_dirname[1] && local_dirname[1] != '/'))
++ if we want to skip paths beginning with ./ also. */
+ if (no_symbolic_links == 0 && (local_dirname[0] != '.' || local_dirname[1]))
+ {
+***************
+*** 2764,2767 ****
+--- 2873,2885 ----
+ int len1, len2;
+
++ /* If we have a relative path
++ (local_dirname[0] != '/' && local_dirname[0] != '.')
++ that is canonical after appending it to the current directory, then
++ temp1 = temp2+'/'
++ That is,
++ strcmp (temp1, temp2) == 0
++ after adding a slash to temp2 below. It should be safe to not
++ change those.
++ */
+ t = get_working_directory ("symlink-hook");
+ temp1 = make_absolute (local_dirname, t);
+***************
+*** 2798,2802 ****
+ }
+ }
+! return_value |= STREQ (local_dirname, temp2) == 0;
+ free (local_dirname);
+ *dirname = temp2;
+--- 2916,2928 ----
+ }
+ }
+!
+! /* dircomplete_expand_relpath == 0 means we want to leave relative
+! pathnames that are unchanged by canonicalization alone.
+! *local_dirname != '/' && *local_dirname != '.' == relative pathname
+! (consistent with general.c:absolute_pathname())
+! temp1 == temp2 (after appending a slash to temp2) means the pathname
+! is not changed by canonicalization as described above. */
+! if (dircomplete_expand_relpath || ((local_dirname[0] != '/' && local_dirname[0] != '.') && STREQ (temp1, temp2) == 0))
+! return_value |= STREQ (local_dirname, temp2) == 0;
+ free (local_dirname);
+ *dirname = temp2;
+***************
+*** 3003,3012 ****
+ orig_func = rl_completion_entry_function;
+ orig_attempt_func = rl_attempted_completion_function;
+- orig_dir_func = rl_directory_rewrite_hook;
+ orig_ignore_func = rl_ignore_some_completions_function;
+ orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
+ rl_completion_entry_function = rl_filename_completion_function;
+ rl_attempted_completion_function = (rl_completion_func_t *)NULL;
+- rl_directory_rewrite_hook = (rl_icppfunc_t *)NULL;
+ rl_ignore_some_completions_function = filename_completion_ignore;
+ rl_completer_word_break_characters = " \t\n\"\'";
+--- 3129,3139 ----
+ orig_func = rl_completion_entry_function;
+ orig_attempt_func = rl_attempted_completion_function;
+ orig_ignore_func = rl_ignore_some_completions_function;
+ orig_rl_completer_word_break_characters = rl_completer_word_break_characters;
++
++ orig_dir_func = save_directory_hook ();
++
+ rl_completion_entry_function = rl_filename_completion_function;
+ rl_attempted_completion_function = (rl_completion_func_t *)NULL;
+ rl_ignore_some_completions_function = filename_completion_ignore;
+ rl_completer_word_break_characters = " \t\n\"\'";
+***************
+*** 3016,3023 ****
+ rl_completion_entry_function = orig_func;
+ rl_attempted_completion_function = orig_attempt_func;
+- rl_directory_rewrite_hook = orig_dir_func;
+ rl_ignore_some_completions_function = orig_ignore_func;
+ rl_completer_word_break_characters = orig_rl_completer_word_break_characters;
+
+ return r;
+ }
+--- 3143,3151 ----
+ rl_completion_entry_function = orig_func;
+ rl_attempted_completion_function = orig_attempt_func;
+ rl_ignore_some_completions_function = orig_ignore_func;
+ rl_completer_word_break_characters = orig_rl_completer_word_break_characters;
+
++ restore_directory_hook (orig_dir_func);
++
+ return r;
+ }
+diff -NrC 2 ../bash-4.2-patched/bashline.h ./bashline.h
+*** ../bash-4.2-patched/bashline.h 2009-01-04 14:32:22.000000000 -0500
+--- ./bashline.h 2012-05-07 16:27:18.000000000 -0400
+***************
+*** 34,41 ****
+--- 34,46 ----
+ extern int bash_re_edit __P((char *));
+
++ extern void bashline_set_event_hook __P((void));
++ extern void bashline_reset_event_hook __P((void));
++
+ extern int bind_keyseq_to_unix_command __P((char *));
+
+ extern char **bash_default_completion __P((const char *, int, int, int, int));
+
++ void set_directory_hook __P((void));
++
+ /* Used by programmable completion code. */
+ extern char *command_word_completion_function __P((const char *, int));
+diff -NrC 2 ../bash-4.2-patched/builtins/shopt.def ./builtins/shopt.def
+*** ../bash-4.2-patched/builtins/shopt.def 2010-07-02 22:42:44.000000000 -0400
+--- ./builtins/shopt.def 2012-05-07 16:27:18.000000000 -0400
+***************
+*** 62,65 ****
+--- 62,69 ----
+ #include "bashgetopt.h"
+
++ #if defined (READLINE)
++ # include "../bashline.h"
++ #endif
++
+ #if defined (HISTORY)
+ # include "../bashhist.h"
+***************
+*** 95,99 ****
+ extern int no_empty_command_completion;
+ extern int force_fignore;
+! extern int dircomplete_spelling;
+
+ extern int enable_hostname_completion __P((int));
+--- 99,103 ----
+ extern int no_empty_command_completion;
+ extern int force_fignore;
+! extern int dircomplete_spelling, dircomplete_expand;
+
+ extern int enable_hostname_completion __P((int));
+***************
+*** 122,125 ****
+--- 126,133 ----
+ #endif
+
++ #if defined (READLINE)
++ static int shopt_set_complete_direxpand __P((char *, int));
++ #endif
++
+ static int shopt_login_shell;
+ static int shopt_compat31;
+***************
+*** 151,154 ****
+--- 159,163 ----
+ { "compat41", &shopt_compat41, set_compatibility_level },
+ #if defined (READLINE)
++ { "direxpand", &dircomplete_expand, shopt_set_complete_direxpand },
+ { "dirspell", &dircomplete_spelling, (shopt_set_func_t *)NULL },
+ #endif
+***************
+*** 536,539 ****
+--- 545,559 ----
+ }
+
++ #if defined (READLINE)
++ static int
++ shopt_set_complete_direxpand (option_name, mode)
++ char *option_name;
++ int mode;
++ {
++ set_directory_hook ();
++ return 0;
++ }
++ #endif
++
+ #if defined (RESTRICTED_SHELL)
+ /* Don't allow the value of restricted_shell to be modified. */
+Binary files ../bash-4.2-patched/doc/._bashref.pdf and ./doc/._bashref.pdf differ
+diff -NrC 2 ../bash-4.2-patched/doc/bash.1 ./doc/bash.1
+*** ../bash-4.2-patched/doc/bash.1 2011-01-16 15:31:39.000000000 -0500
+--- ./doc/bash.1 2012-05-07 16:27:18.000000000 -0400
+***************
+*** 8949,8952 ****
+--- 8949,8962 ----
+ The default bash behavior remains as in previous versions.
+ .TP 8
++ .B direxpand
++ If set,
++ .B bash
++ replaces directory names with the results of word expansion when performing
++ filename completion. This changes the contents of the readline editing
++ buffer.
++ If not set,
++ .B bash
++ attempts to preserve what the user typed.
++ .TP 8
+ .B dirspell
+ If set,
+diff -NrC 2 ../bash-4.2-patched/doc/bashref.texi ./doc/bashref.texi
+*** ../bash-4.2-patched/doc/bashref.texi 2011-01-16 15:31:57.000000000 -0500
+--- ./doc/bashref.texi 2012-05-07 16:27:18.000000000 -0400
+***************
+*** 4536,4539 ****
+--- 4536,4546 ----
+ The default Bash behavior remains as in previous versions.
+
++ @item direxpand
++ If set, Bash
++ replaces directory names with the results of word expansion when performing
++ filename completion. This changes the contents of the readline editing
++ buffer.
++ If not set, Bash attempts to preserve what the user typed.
++
+ @item dirspell
+ If set, Bash
+diff -NrC 2 ../bash-4.2-patched/tests/shopt.right ./tests/shopt.right
+*** ../bash-4.2-patched/tests/shopt.right 2010-07-02 23:36:30.000000000 -0400
+--- ./tests/shopt.right 2012-05-07 16:27:18.000000000 -0400
+***************
+*** 13,16 ****
+--- 13,17 ----
+ shopt -u compat40
+ shopt -u compat41
++ shopt -u direxpand
+ shopt -u dirspell
+ shopt -u dotglob
+***************
+*** 69,72 ****
+--- 70,74 ----
+ shopt -u compat40
+ shopt -u compat41
++ shopt -u direxpand
+ shopt -u dirspell
+ shopt -u dotglob
+***************
+*** 102,105 ****
+--- 104,108 ----
+ compat40 off
+ compat41 off
++ direxpand off
+ dirspell off
+ dotglob off
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 28
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-030
+
+Bug-Reported-by: Roman Rakus <rrakus@redhat.com>
+Bug-Reference-ID: <4D7DD91E.7040808@redhat.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-03/msg00126.html
+
+Bug-Description:
+
+When attempting to glob strings in a multibyte locale, and those strings
+contain invalid multibyte characters that cause mbsnrtowcs to return 0,
+the globbing code loops infinitely.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/glob/xmbsrtowcs.c 2010-05-30 18:36:27.000000000 -0400
+--- ./lib/glob/xmbsrtowcs.c 2011-03-22 16:06:47.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+ #if HANDLE_MULTIBYTE
+
++ #define WSBUF_INC 32
++
+ #ifndef FREE
+ # define FREE(x) do { if (x) free (x); } while (0)
+***************
+*** 149,153 ****
+ size_t wcnum; /* Number of wide characters in WSBUF */
+ mbstate_t state; /* Conversion State */
+! size_t wcslength; /* Number of wide characters produced by the conversion. */
+ const char *end_or_backslash;
+ size_t nms; /* Number of multibyte characters to convert at one time. */
+--- 151,155 ----
+ size_t wcnum; /* Number of wide characters in WSBUF */
+ mbstate_t state; /* Conversion State */
+! size_t n, wcslength; /* Number of wide characters produced by the conversion. */
+ const char *end_or_backslash;
+ size_t nms; /* Number of multibyte characters to convert at one time. */
+***************
+*** 172,176 ****
+ tmp_p = p;
+ tmp_state = state;
+! wcslength = mbsnrtowcs(NULL, &tmp_p, nms, 0, &tmp_state);
+
+ /* Conversion failed. */
+--- 174,189 ----
+ tmp_p = p;
+ tmp_state = state;
+!
+! if (nms == 0 && *p == '\\') /* special initial case */
+! nms = wcslength = 1;
+! else
+! wcslength = mbsnrtowcs (NULL, &tmp_p, nms, 0, &tmp_state);
+!
+! if (wcslength == 0)
+! {
+! tmp_p = p; /* will need below */
+! tmp_state = state;
+! wcslength = 1; /* take a single byte */
+! }
+
+ /* Conversion failed. */
+***************
+*** 187,191 ****
+ wchar_t *wstmp;
+
+! wsbuf_size = wcnum+wcslength+1; /* 1 for the L'\0' or the potential L'\\' */
+
+ wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
+--- 200,205 ----
+ wchar_t *wstmp;
+
+! while (wsbuf_size < wcnum+wcslength+1) /* 1 for the L'\0' or the potential L'\\' */
+! wsbuf_size += WSBUF_INC;
+
+ wstmp = (wchar_t *) realloc (wsbuf, wsbuf_size * sizeof (wchar_t));
+***************
+*** 200,207 ****
+
+ /* Perform the conversion. This is assumed to return 'wcslength'.
+! * It may set 'p' to NULL. */
+! mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
+
+! wcnum += wcslength;
+
+ if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
+--- 214,229 ----
+
+ /* Perform the conversion. This is assumed to return 'wcslength'.
+! It may set 'p' to NULL. */
+! n = mbsnrtowcs(wsbuf+wcnum, &p, nms, wsbuf_size-wcnum, &state);
+
+! /* Compensate for taking single byte on wcs conversion failure above. */
+! if (wcslength == 1 && (n == 0 || n == (size_t)-1))
+! {
+! state = tmp_state;
+! p = tmp_p;
+! wsbuf[wcnum++] = *p++;
+! }
+! else
+! wcnum += wcslength;
+
+ if (mbsinit (&state) && (p != NULL) && (*p == '\\'))
+***************
+*** 231,236 ****
+ of DESTP and INDICESP are NULL. */
+
+- #define WSBUF_INC 32
+-
+ size_t
+ xdupmbstowcs (destp, indicesp, src)
+--- 253,256 ----
+*** ../bash-4.2-patched/lib/glob/glob.c 2009-11-14 18:39:30.000000000 -0500
+--- ./lib/glob/glob.c 2012-07-07 12:09:56.000000000 -0400
+***************
+*** 201,206 ****
+ size_t pat_n, dn_n;
+
+ pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
+! dn_n = xdupmbstowcs (&dn_wc, NULL, dname);
+
+ ret = 0;
+--- 201,209 ----
+ size_t pat_n, dn_n;
+
++ pat_wc = dn_wc = (wchar_t *)NULL;
++
+ pat_n = xdupmbstowcs (&pat_wc, NULL, pat);
+! if (pat_n != (size_t)-1)
+! dn_n = xdupmbstowcs (&dn_wc, NULL, dname);
+
+ ret = 0;
+***************
+*** 222,225 ****
+--- 225,230 ----
+ ret = 1;
+ }
++ else
++ ret = skipname (pat, dname, flags);
+
+ FREE (pat_wc);
+***************
+*** 267,272 ****
+ n = xdupmbstowcs (&wpathname, NULL, pathname);
+ if (n == (size_t) -1)
+! /* Something wrong. */
+! return;
+ orig_wpathname = wpathname;
+
+--- 272,280 ----
+ n = xdupmbstowcs (&wpathname, NULL, pathname);
+ if (n == (size_t) -1)
+! {
+! /* Something wrong. Fall back to single-byte */
+! udequote_pathname (pathname);
+! return;
+! }
+ orig_wpathname = wpathname;
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 29
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-031
+
+Bug-Reported-by: Max Horn <max@quendi.de>
+Bug-Reference-ID: <20CC5C60-07C3-4E41-9817-741E48D407C5@quendi.de>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2012-06/msg00005.html
+
+Bug-Description:
+
+A change between bash-4.1 and bash-4.2 to prevent the readline input hook
+from being called too frequently had the side effect of causing delays
+when reading pasted input on systems such as Mac OS X. This patch fixes
+those delays while retaining the bash-4.2 behavior.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/readline/input.c 2010-05-30 18:33:01.000000000 -0400
+--- ./lib/readline/input.c 2012-06-25 21:08:42.000000000 -0400
+***************
+*** 410,414 ****
+ rl_read_key ()
+ {
+! int c;
+
+ rl_key_sequence_length++;
+--- 412,416 ----
+ rl_read_key ()
+ {
+! int c, r;
+
+ rl_key_sequence_length++;
+***************
+*** 430,441 ****
+ while (rl_event_hook)
+ {
+! if (rl_gather_tyi () < 0) /* XXX - EIO */
+ {
+ rl_done = 1;
+ return ('\n');
+ }
+ RL_CHECK_SIGNALS ();
+- if (rl_get_char (&c) != 0)
+- break;
+ if (rl_done) /* XXX - experimental */
+ return ('\n');
+--- 432,447 ----
+ while (rl_event_hook)
+ {
+! if (rl_get_char (&c) != 0)
+! break;
+!
+! if ((r = rl_gather_tyi ()) < 0) /* XXX - EIO */
+ {
+ rl_done = 1;
+ return ('\n');
+ }
++ else if (r == 1) /* read something */
++ continue;
++
+ RL_CHECK_SIGNALS ();
+ if (rl_done) /* XXX - experimental */
+ return ('\n');
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 30
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 31
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-032
+
+Bug-Reported-by: Ruediger Kuhlmann <RKuhlmann@orga-systems.com>
+Bug-Reference-ID: <OFDE975207.0C3622E5-ONC12579F3.00361A06-C12579F3.00365E39@orga-systems.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-05/msg00010.html
+
+Bug-Description:
+
+Bash-4.2 has problems with DEL characters in the expanded value of variables
+used in the same quoted string as variables that expand to nothing.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-20120427/subst.c 2012-04-22 16:19:10.000000000 -0400
+--- ./subst.c 2012-05-07 16:06:35.000000000 -0400
+***************
+*** 8152,8155 ****
+--- 8152,8163 ----
+ dispose_word_desc (tword);
+
++ /* Kill quoted nulls; we will add them back at the end of
++ expand_word_internal if nothing else in the string */
++ if (had_quoted_null && temp && QUOTED_NULL (temp))
++ {
++ FREE (temp);
++ temp = (char *)NULL;
++ }
++
+ goto add_string;
+ break;
+***************
+*** 8556,8560 ****
+ if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+ tword->flags |= W_QUOTED;
+! if (had_quoted_null)
+ tword->flags |= W_HASQUOTEDNULL;
+ list = make_word_list (tword, (WORD_LIST *)NULL);
+--- 8564,8568 ----
+ if (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES))
+ tword->flags |= W_QUOTED;
+! if (had_quoted_null && QUOTED_NULL (istring))
+ tword->flags |= W_HASQUOTEDNULL;
+ list = make_word_list (tword, (WORD_LIST *)NULL);
+***************
+*** 8587,8591 ****
+ if (word->flags & W_NOEXPAND)
+ tword->flags |= W_NOEXPAND;
+! if (had_quoted_null)
+ tword->flags |= W_HASQUOTEDNULL; /* XXX */
+ list = make_word_list (tword, (WORD_LIST *)NULL);
+--- 8595,8599 ----
+ if (word->flags & W_NOEXPAND)
+ tword->flags |= W_NOEXPAND;
+! if (had_quoted_null && QUOTED_NULL (istring))
+ tword->flags |= W_HASQUOTEDNULL; /* XXX */
+ list = make_word_list (tword, (WORD_LIST *)NULL);
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 31
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 32
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-033
+
+Bug-Reported-by: David Leverton <levertond@googlemail.com>
+Bug-Reference-ID: <4FCCE737.1060603@googlemail.com>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Bash uses a static buffer when expanding the /dev/fd prefix for the test
+and conditional commands, among other uses, when it should use a dynamic
+buffer to avoid buffer overflow.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/sh/eaccess.c 2011-01-08 20:50:10.000000000 -0500
+--- ./lib/sh/eaccess.c 2012-06-04 21:06:43.000000000 -0400
+***************
+*** 83,86 ****
+--- 83,88 ----
+ struct stat *finfo;
+ {
++ static char *pbuf = 0;
++
+ if (*path == '\0')
+ {
+***************
+*** 107,111 ****
+ On most systems, with the notable exception of linux, this is
+ effectively a no-op. */
+! char pbuf[32];
+ strcpy (pbuf, DEV_FD_PREFIX);
+ strcat (pbuf, path + 8);
+--- 109,113 ----
+ On most systems, with the notable exception of linux, this is
+ effectively a no-op. */
+! pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+ strcpy (pbuf, DEV_FD_PREFIX);
+ strcat (pbuf, path + 8);
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 32
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-034
+
+Bug-Reported-by: "Davide Brini" <dave_br@gmx.com>
+Bug-Reference-ID: <20120604164154.69781EC04B@imaps.oficinas.atrapalo.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-06/msg00030.html
+
+Bug-Description:
+
+In bash-4.2, the history code would inappropriately add a semicolon to
+multi-line compound array assignments when adding them to the history.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/parse.y 2011-11-21 18:03:36.000000000 -0500
+--- ./parse.y 2012-06-07 12:48:47.000000000 -0400
+***************
+*** 4900,4905 ****
+--- 4916,4924 ----
+ return (current_command_line_count == 2 ? "\n" : "");
+ }
+
++ if (parser_state & PST_COMPASSIGN)
++ return (" ");
++
+ /* First, handle some special cases. */
+ /*(*/
+ /* If we just read `()', assume it's a function definition, and don't
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 33
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-035
+
+Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID: <2766482.Ksm3GrSoYi@smorgbox>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-06/msg00071.html
+
+Bug-Description:
+
+When given a number of lines to read, `mapfile -n lines' reads one too many.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/builtins/mapfile.def 2010-05-29 22:09:47.000000000 -0400
+--- ./builtins/mapfile.def 2012-06-20 09:48:33.000000000 -0400
+***************
+*** 196,206 ****
+ interrupt_immediately++;
+ for (array_index = origin, line_count = 1;
+! zgetline (fd, &line, &line_length, unbuffered_read) != -1;
+! array_index++, line_count++)
+ {
+- /* Have we exceeded # of lines to store? */
+- if (line_count_goal != 0 && line_count > line_count_goal)
+- break;
+-
+ /* Remove trailing newlines? */
+ if (flags & MAPF_CHOP)
+--- 196,202 ----
+ interrupt_immediately++;
+ for (array_index = origin, line_count = 1;
+! zgetline (fd, &line, &line_length, unbuffered_read) != -1;
+! array_index++)
+ {
+ /* Remove trailing newlines? */
+ if (flags & MAPF_CHOP)
+***************
+*** 218,221 ****
+--- 214,222 ----
+
+ bind_array_element (entry, array_index, line, 0);
++
++ /* Have we exceeded # of lines to store? */
++ line_count++;
++ if (line_count_goal != 0 && line_count > line_count_goal)
++ break;
+ }
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 34
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 35
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-036
+
+Bug-Reported-by: gregrwm <backuppc-users@whitleymott.net>
+Bug-Reference-ID: <CAD+dB9B4JG+qUwZBQUwiQmVt0j6NDn=DDTxr9R+nkA8DL4KLJA@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2012-05/msg00108.html
+
+Bug-Description:
+
+Bash-4.2 produces incorrect word splitting results when expanding
+double-quoted $@ in the same string as and adjacent to other variable
+expansions. The $@ should be split, the other expansions should not.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c 2012-05-02 12:02:33.000000000 -0400
+--- ./subst.c 2012-07-08 21:19:32.000000000 -0400
+***************
+*** 7923,7927 ****
+ /* State flags */
+ int had_quoted_null;
+! int has_dollar_at;
+ int tflag;
+ int pflags; /* flags passed to param_expand */
+--- 7923,7927 ----
+ /* State flags */
+ int had_quoted_null;
+! int has_dollar_at, temp_has_dollar_at;
+ int tflag;
+ int pflags; /* flags passed to param_expand */
+***************
+*** 8128,8138 ****
+ *expanded_something = 1;
+
+! has_dollar_at = 0;
+ pflags = (word->flags & W_NOCOMSUB) ? PF_NOCOMSUB : 0;
+ if (word->flags & W_NOSPLIT2)
+ pflags |= PF_NOSPLIT2;
+ tword = param_expand (string, &sindex, quoted, expanded_something,
+! &has_dollar_at, "ed_dollar_at,
+ &had_quoted_null, pflags);
+
+ if (tword == &expand_wdesc_error || tword == &expand_wdesc_fatal)
+--- 8128,8139 ----
+ *expanded_something = 1;
+
+! temp_has_dollar_at = 0;
+ pflags = (word->flags & W_NOCOMSUB) ? PF_NOCOMSUB : 0;
+ if (word->flags & W_NOSPLIT2)
+ pflags |= PF_NOSPLIT2;
+ tword = param_expand (string, &sindex, quoted, expanded_something,
+! &temp_has_dollar_at, "ed_dollar_at,
+ &had_quoted_null, pflags);
++ has_dollar_at += temp_has_dollar_at;
+
+ if (tword == &expand_wdesc_error || tword == &expand_wdesc_fatal)
+***************
+*** 8275,8281 ****
+ temp = (char *)NULL;
+
+! has_dollar_at = 0;
+ /* Need to get W_HASQUOTEDNULL flag through this function. */
+! list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &has_dollar_at, (int *)NULL);
+
+ if (list == &expand_word_error || list == &expand_word_fatal)
+--- 8276,8283 ----
+ temp = (char *)NULL;
+
+! temp_has_dollar_at = 0; /* XXX */
+ /* Need to get W_HASQUOTEDNULL flag through this function. */
+! list = expand_word_internal (tword, Q_DOUBLE_QUOTES, 0, &temp_has_dollar_at, (int *)NULL);
+! has_dollar_at += temp_has_dollar_at;
+
+ if (list == &expand_word_error || list == &expand_word_fatal)
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 35
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 36
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-037
+
+Bug-Reported-by: Jakub Filak
+Bug-Reference-ID:
+Bug-Reference-URL: https://bugzilla.redhat.com/show_bug.cgi?id=813289
+
+Bug-Description:
+
+Attempting to redo (using `.') the vi editing mode `cc', `dd', or `yy'
+commands leads to an infinite loop.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/lib/readline/vi_mode.c 2011-02-25 11:17:02.000000000 -0500
+--- ./lib/readline/vi_mode.c 2012-06-02 12:24:47.000000000 -0400
+***************
+*** 1235,1243 ****
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+! else if (vi_redoing)
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+ #if defined (READLINE_CALLBACKS)
+ else if (RL_ISSTATE (RL_STATE_CALLBACK))
+--- 1297,1313 ----
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+! else if (vi_redoing && _rl_vi_last_motion != 'd') /* `dd' is special */
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
++ else if (vi_redoing) /* handle redoing `dd' here */
++ {
++ _rl_vimvcxt->motion = _rl_vi_last_motion;
++ rl_mark = rl_end;
++ rl_beg_of_line (1, key);
++ RL_UNSETSTATE (RL_STATE_VIMOTION);
++ r = vidomove_dispatch (_rl_vimvcxt);
++ }
+ #if defined (READLINE_CALLBACKS)
+ else if (RL_ISSTATE (RL_STATE_CALLBACK))
+***************
+*** 1317,1325 ****
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+! else if (vi_redoing)
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+ #if defined (READLINE_CALLBACKS)
+ else if (RL_ISSTATE (RL_STATE_CALLBACK))
+--- 1387,1403 ----
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
+! else if (vi_redoing && _rl_vi_last_motion != 'c') /* `cc' is special */
+ {
+ _rl_vimvcxt->motion = _rl_vi_last_motion;
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
++ else if (vi_redoing) /* handle redoing `cc' here */
++ {
++ _rl_vimvcxt->motion = _rl_vi_last_motion;
++ rl_mark = rl_end;
++ rl_beg_of_line (1, key);
++ RL_UNSETSTATE (RL_STATE_VIMOTION);
++ r = vidomove_dispatch (_rl_vimvcxt);
++ }
+ #if defined (READLINE_CALLBACKS)
+ else if (RL_ISSTATE (RL_STATE_CALLBACK))
+***************
+*** 1378,1381 ****
+--- 1456,1472 ----
+ r = rl_domove_motion_callback (_rl_vimvcxt);
+ }
++ else if (vi_redoing && _rl_vi_last_motion != 'y') /* `yy' is special */
++ {
++ _rl_vimvcxt->motion = _rl_vi_last_motion;
++ r = rl_domove_motion_callback (_rl_vimvcxt);
++ }
++ else if (vi_redoing) /* handle redoing `yy' here */
++ {
++ _rl_vimvcxt->motion = _rl_vi_last_motion;
++ rl_mark = rl_end;
++ rl_beg_of_line (1, key);
++ RL_UNSETSTATE (RL_STATE_VIMOTION);
++ r = vidomove_dispatch (_rl_vimvcxt);
++ }
+ #if defined (READLINE_CALLBACKS)
+ else if (RL_ISSTATE (RL_STATE_CALLBACK))
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- ./patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 36
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 37
+
+ #endif /* _PATCHLEVEL_H_ */