From 54a94951231ce624cf6a2e297c806c1677efdeb8 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Wed, 8 Feb 2017 09:12:03 +0100 Subject: [PATCH] bash: add upstream security fixes to patch level 12 Fixes CVE-2017-5932 - Shell code execution on tab completion of specially crafted files. For details, see the report: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf We unfortunately cannot easily download these because of the file names (not ending in patch) and patch format (p0), so convert to p1 format and include in package/bash with the following script: for i in 06 07 08 09 10 11 12; do cat > bash44-0$i.patch << EOF >From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i Signed-off-by: Peter Korsgaard EOF curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \ sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> bash44-0$i.patch done Signed-off-by: Peter Korsgaard --- package/bash/bash44-006.patch | 63 +++++++++++++ package/bash/bash44-007.patch | 155 ++++++++++++++++++++++++++++++++ package/bash/bash44-008.patch | 88 ++++++++++++++++++ package/bash/bash44-009.patch | 111 +++++++++++++++++++++++ package/bash/bash44-010.patch | 53 +++++++++++ package/bash/bash44-011.patch | 54 +++++++++++ package/bash/bash44-012.patch | 165 ++++++++++++++++++++++++++++++++++ 7 files changed, 689 insertions(+) create mode 100644 package/bash/bash44-006.patch create mode 100644 package/bash/bash44-007.patch create mode 100644 package/bash/bash44-008.patch create mode 100644 package/bash/bash44-009.patch create mode 100644 package/bash/bash44-010.patch create mode 100644 package/bash/bash44-011.patch create mode 100644 package/bash/bash44-012.patch diff --git a/package/bash/bash44-006.patch b/package/bash/bash44-006.patch new file mode 100644 index 0000000000..ba58ed40c3 --- /dev/null +++ b/package/bash/bash44-006.patch @@ -0,0 +1,63 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-006 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-006 + +Bug-Reported-by: +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +Out-of-range negative offsets to popd can cause the shell to crash attempting +to free an invalid memory block. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/builtins/pushd.def 2016-01-25 13:31:49.000000000 -0500 +--- b/builtins/pushd.def 2016-10-28 10:46:49.000000000 -0400 +*************** +*** 366,370 **** + } + +! if (which > directory_list_offset || (directory_list_offset == 0 && which == 0)) + { + pushd_error (directory_list_offset, which_word ? which_word : ""); +--- b/366,370 ---- + } + +! if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0)) + { + pushd_error (directory_list_offset, which_word ? which_word : ""); +*************** +*** 388,391 **** +--- b/388,396 ---- + of the list into place. */ + i = (direction == '+') ? directory_list_offset - which : which; ++ if (i < 0 || i > directory_list_offset) ++ { ++ pushd_error (directory_list_offset, which_word ? which_word : ""); ++ return (EXECUTION_FAILURE); ++ } + free (pushd_directory_list[i]); + directory_list_offset--; +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 5 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 6 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/package/bash/bash44-007.patch b/package/bash/bash44-007.patch new file mode 100644 index 0000000000..71e771d6cf --- /dev/null +++ b/package/bash/bash44-007.patch @@ -0,0 +1,155 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-007 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-007 + +Bug-Reported-by: Jens Heyens +Bug-Reference-ID: +Bug-Reference-URL: https://savannah.gnu.org/support/?109224 + +Bug-Description: + +When performing filename completion, bash dequotes the directory name being +completed, which can result in match failures and potential unwanted +expansion. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/bashline.c 2016-08-05 21:44:05.000000000 -0400 +--- b/bashline.c 2017-01-19 13:15:51.000000000 -0500 +*************** +*** 143,147 **** + static void restore_directory_hook __P((rl_icppfunc_t)); + +! static int directory_exists __P((const char *)); + + static void cleanup_expansion_error __P((void)); +--- b/144,148 ---- + static void restore_directory_hook __P((rl_icppfunc_t)); + +! static int directory_exists __P((const char *, int)); + + static void cleanup_expansion_error __P((void)); +*************** +*** 3103,3111 **** + } + +! /* Check whether not the (dequoted) version of DIRNAME, with any trailing slash +! removed, exists. */ + static int +! directory_exists (dirname) + const char *dirname; + { + char *new_dirname; +--- b/3107,3116 ---- + } + +! /* Check whether not DIRNAME, with any trailing slash removed, exists. If +! SHOULD_DEQUOTE is non-zero, we dequote the directory name first. */ + static int +! directory_exists (dirname, should_dequote) + const char *dirname; ++ int should_dequote; + { + char *new_dirname; +*************** +*** 3113,3118 **** + struct stat sb; + +! /* First, dequote the directory name */ +! new_dirname = bash_dequote_filename ((char *)dirname, rl_completion_quote_character); + dirlen = STRLEN (new_dirname); + if (new_dirname[dirlen - 1] == '/') +--- b/3118,3124 ---- + struct stat sb; + +! /* We save the string and chop the trailing slash because stat/lstat behave +! inconsistently if one is present. */ +! new_dirname = should_dequote ? bash_dequote_filename ((char *)dirname, rl_completion_quote_character) : savestring (dirname); + dirlen = STRLEN (new_dirname); + if (new_dirname[dirlen - 1] == '/') +*************** +*** 3146,3150 **** + should_expand_dirname = '`'; + +! if (should_expand_dirname && directory_exists (local_dirname)) + should_expand_dirname = 0; + +--- b/3152,3156 ---- + should_expand_dirname = '`'; + +! if (should_expand_dirname && directory_exists (local_dirname, 0)) + should_expand_dirname = 0; + +*************** +*** 3156,3160 **** + global_nounset = unbound_vars_is_error; + unbound_vars_is_error = 0; +! wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE); /* does the right thing */ + unbound_vars_is_error = global_nounset; + if (wl) +--- b/3162,3166 ---- + global_nounset = unbound_vars_is_error; + unbound_vars_is_error = 0; +! wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE); /* does the right thing */ + unbound_vars_is_error = global_nounset; + if (wl) +*************** +*** 3245,3249 **** + } + +! if (should_expand_dirname && directory_exists (local_dirname)) + should_expand_dirname = 0; + +--- b/3262,3266 ---- + } + +! if (should_expand_dirname && directory_exists (local_dirname, 1)) + should_expand_dirname = 0; + +*************** +*** 3251,3255 **** + { + new_dirname = savestring (local_dirname); +! wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE); /* does the right thing */ + if (wl) + { +--- b/3268,3272 ---- + { + new_dirname = savestring (local_dirname); +! wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE); /* does the right thing */ + if (wl) + { +*** bash-4.4/subst.c 2016-08-30 16:46:38.000000000 -0400 +--- b/subst.c 2017-01-19 07:09:57.000000000 -0500 +*************** +*** 9459,9462 **** +--- b/9459,9466 ---- + if (word->flags & W_COMPLETE) + tword->flags |= W_COMPLETE; /* for command substitutions */ ++ if (word->flags & W_NOCOMSUB) ++ tword->flags |= W_NOCOMSUB; ++ if (word->flags & W_NOPROCSUB) ++ tword->flags |= W_NOPROCSUB; + + temp = (char *)NULL; +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 6 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 7 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/package/bash/bash44-008.patch b/package/bash/bash44-008.patch new file mode 100644 index 0000000000..931033c5b7 --- /dev/null +++ b/package/bash/bash44-008.patch @@ -0,0 +1,88 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-008 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-008 + +Bug-Reported-by: Koichi MURASE +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00050.html + +Bug-Description: + +Under certain circumstances, bash will evaluate arithmetic expressions as +part of reading an expression token even when evaluation is suppressed. This +happens while evaluating a conditional expression and skipping over the +failed branch of the expression. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/expr.c 2015-10-11 14:46:36.000000000 -0400 +--- b/expr.c 2016-11-08 11:55:46.000000000 -0500 +*************** +*** 579,585 **** + if (curtok == QUES) /* found conditional expr */ + { +- readtok (); +- if (curtok == 0 || curtok == COL) +- evalerror (_("expression expected")); + if (cval == 0) + { +--- b/579,582 ---- +*************** +*** 588,591 **** +--- b/585,592 ---- + } + ++ readtok (); ++ if (curtok == 0 || curtok == COL) ++ evalerror (_("expression expected")); ++ + val1 = EXP_HIGHEST (); + +*************** +*** 594,600 **** + if (curtok != COL) + evalerror (_("`:' expected for conditional expression")); +! readtok (); +! if (curtok == 0) +! evalerror (_("expression expected")); + set_noeval = 0; + if (cval) +--- b/595,599 ---- + if (curtok != COL) + evalerror (_("`:' expected for conditional expression")); +! + set_noeval = 0; + if (cval) +*************** +*** 604,608 **** +--- b/603,611 ---- + } + ++ readtok (); ++ if (curtok == 0) ++ evalerror (_("expression expected")); + val2 = expcond (); ++ + if (set_noeval) + noeval--; +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 7 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 8 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/package/bash/bash44-009.patch b/package/bash/bash44-009.patch new file mode 100644 index 0000000000..3ba1b3fe0f --- /dev/null +++ b/package/bash/bash44-009.patch @@ -0,0 +1,111 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-009 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-009 + +Bug-Reported-by: Hong Cho +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-12/msg00043.html + +Bug-Description: + +There is a race condition in add_history() that can be triggered by a fatal +signal arriving between the time the history length is updated and the time +the history list update is completed. A later attempt to reference an +invalid history entry can cause a crash. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/lib/readline/history.c 2016-11-11 13:42:49.000000000 -0500 +--- b/lib/readline/history.c 2016-12-05 10:37:51.000000000 -0500 +*************** +*** 280,283 **** +--- b/280,284 ---- + { + HIST_ENTRY *temp; ++ int new_length; + + if (history_stifled && (history_length == history_max_entries)) +*************** +*** 296,306 **** + /* Copy the rest of the entries, moving down one slot. Copy includes + trailing NULL. */ +- #if 0 +- for (i = 0; i < history_length; i++) +- the_history[i] = the_history[i + 1]; +- #else + memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *)); +- #endif + + history_base++; + } +--- b/297,303 ---- + /* Copy the rest of the entries, moving down one slot. Copy includes + trailing NULL. */ + memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *)); + ++ new_length = history_length; + history_base++; + } +*************** +*** 316,320 **** + history_size = DEFAULT_HISTORY_INITIAL_SIZE; + the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *)); +! history_length = 1; + } + else +--- b/313,317 ---- + history_size = DEFAULT_HISTORY_INITIAL_SIZE; + the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *)); +! new_length = 1; + } + else +*************** +*** 326,330 **** + xrealloc (the_history, history_size * sizeof (HIST_ENTRY *)); + } +! history_length++; + } + } +--- b/323,327 ---- + xrealloc (the_history, history_size * sizeof (HIST_ENTRY *)); + } +! new_length = history_length + 1; + } + } +*************** +*** 332,337 **** + temp = alloc_history_entry ((char *)string, hist_inittime ()); + +! the_history[history_length] = (HIST_ENTRY *)NULL; +! the_history[history_length - 1] = temp; + } + +--- b/329,335 ---- + temp = alloc_history_entry ((char *)string, hist_inittime ()); + +! the_history[new_length] = (HIST_ENTRY *)NULL; +! the_history[new_length - 1] = temp; +! history_length = new_length; + } + +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 8 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 9 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/package/bash/bash44-010.patch b/package/bash/bash44-010.patch new file mode 100644 index 0000000000..8da1ec5bea --- /dev/null +++ b/package/bash/bash44-010.patch @@ -0,0 +1,53 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-010 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-010 + +Bug-Reported-by: Clark Wang +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00104.html + +Bug-Description: + +Depending on compiler optimizations and behavior, the `read' builtin may not +save partial input when a timeout occurs. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/builtins/read.def 2016-05-16 14:24:56.000000000 -0400 +--- b/builtins/read.def 2016-11-25 12:37:56.000000000 -0500 +*************** +*** 182,186 **** + { + register char *varname; +! int size, i, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2; + int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul; + int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig, t_errno; +--- b/182,187 ---- + { + register char *varname; +! int size, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2; +! volatile int i; + int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul; + int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig, t_errno; + +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 9 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 10 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/package/bash/bash44-011.patch b/package/bash/bash44-011.patch new file mode 100644 index 0000000000..cca66aad26 --- /dev/null +++ b/package/bash/bash44-011.patch @@ -0,0 +1,54 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-011 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-011 + +Bug-Reported-by: Russell King +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2017-01/msg00000.html + +Bug-Description: + +Subshells begun to run command and process substitutions may attempt to +set the terminal's process group to an incorrect value if they receive +a fatal signal. This depends on the behavior of the process that starts +the shell. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/sig.c 2016-02-11 15:02:45.000000000 -0500 +--- b/sig.c 2017-01-04 09:09:47.000000000 -0500 +*************** +*** 586,590 **** + if (sig == SIGHUP && (interactive || (subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB)))) + hangup_all_jobs (); +! end_job_control (); + #endif /* JOB_CONTROL */ + +--- b/571,576 ---- + if (sig == SIGHUP && (interactive || (subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB)))) + hangup_all_jobs (); +! if ((subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB)) == 0) +! end_job_control (); + #endif /* JOB_CONTROL */ + +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 10 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 11 + + #endif /* _PATCHLEVEL_H_ */ diff --git a/package/bash/bash44-012.patch b/package/bash/bash44-012.patch new file mode 100644 index 0000000000..ef081f9198 --- /dev/null +++ b/package/bash/bash44-012.patch @@ -0,0 +1,165 @@ +From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-012 + +Signed-off-by: Peter Korsgaard + + BASH PATCH REPORT + ================= + +Bash-Release: 4.4 +Patch-ID: bash44-012 + +Bug-Reported-by: Clark Wang +Bug-Reference-ID: +Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2016-11/msg00106.html + +Bug-Description: + +When -N is used, the input is not supposed to be split using $IFS, but +leading and trailing IFS whitespace was still removed. + +Patch (apply with `patch -p0'): + +*** bash-4.4-patched/subst.c 2017-01-20 14:22:01.000000000 -0500 +--- b/subst.c 2017-01-25 13:43:22.000000000 -0500 +*************** +*** 2826,2834 **** + /* Parse a single word from STRING, using SEPARATORS to separate fields. + ENDPTR is set to the first character after the word. This is used by +! the `read' builtin. This is never called with SEPARATORS != $IFS; +! it should be simplified. + + XXX - this function is very similar to list_string; they should be + combined - XXX */ + char * + get_word_from_string (stringp, separators, endptr) +--- b/2826,2838 ---- + /* Parse a single word from STRING, using SEPARATORS to separate fields. + ENDPTR is set to the first character after the word. This is used by +! the `read' builtin. +! +! This is never called with SEPARATORS != $IFS, and takes advantage of that. + + XXX - this function is very similar to list_string; they should be + combined - XXX */ ++ ++ #define islocalsep(c) (local_cmap[(unsigned char)(c)] != 0) ++ + char * + get_word_from_string (stringp, separators, endptr) +*************** +*** 2838,2841 **** +--- b/2842,2846 ---- + char *current_word; + int sindex, sh_style_split, whitesep, xflags; ++ unsigned char local_cmap[UCHAR_MAX+1]; /* really only need single-byte chars here */ + size_t slen; + +*************** +*** 2847,2854 **** + separators[2] == '\n' && + separators[3] == '\0'; +! for (xflags = 0, s = ifs_value; s && *s; s++) + { + if (*s == CTLESC) xflags |= SX_NOCTLESC; + if (*s == CTLNUL) xflags |= SX_NOESCCTLNUL; + } + +--- b/2852,2861 ---- + separators[2] == '\n' && + separators[3] == '\0'; +! memset (local_cmap, '\0', sizeof (local_cmap)); +! for (xflags = 0, s = separators; s && *s; s++) + { + if (*s == CTLESC) xflags |= SX_NOCTLESC; + if (*s == CTLNUL) xflags |= SX_NOESCCTLNUL; ++ local_cmap[(unsigned char)*s] = 1; /* local charmap of separators */ + } + +*************** +*** 2857,2864 **** + + /* Remove sequences of whitespace at the beginning of STRING, as +! long as those characters appear in IFS. */ +! if (sh_style_split || !separators || !*separators) + { +! for (; *s && spctabnl (*s) && isifs (*s); s++); + + /* If the string is nothing but whitespace, update it and return. */ +--- b/2864,2872 ---- + + /* Remove sequences of whitespace at the beginning of STRING, as +! long as those characters appear in SEPARATORS. This happens if +! SEPARATORS == $' \t\n' or if IFS is unset. */ +! if (sh_style_split || separators == 0) + { +! for (; *s && spctabnl (*s) && islocalsep (*s); s++); + + /* If the string is nothing but whitespace, update it and return. */ +*************** +*** 2879,2885 **** + This obeys the field splitting rules in Posix.2. */ + sindex = 0; +! /* Don't need string length in ADVANCE_CHAR or string_extract_verbatim +! unless multibyte chars are possible. */ +! slen = (MB_CUR_MAX > 1) ? STRLEN (s) : 1; + current_word = string_extract_verbatim (s, slen, &sindex, separators, xflags); + +--- b/2887,2893 ---- + This obeys the field splitting rules in Posix.2. */ + sindex = 0; +! /* Don't need string length in ADVANCE_CHAR unless multibyte chars are +! possible, but need it in string_extract_verbatim for bounds checking */ +! slen = STRLEN (s); + current_word = string_extract_verbatim (s, slen, &sindex, separators, xflags); + +*************** +*** 2900,2904 **** + /* Now skip sequences of space, tab, or newline characters if they are + in the list of separators. */ +! while (s[sindex] && spctabnl (s[sindex]) && isifs (s[sindex])) + sindex++; + +--- b/2908,2912 ---- + /* Now skip sequences of space, tab, or newline characters if they are + in the list of separators. */ +! while (s[sindex] && spctabnl (s[sindex]) && islocalsep (s[sindex])) + sindex++; + +*************** +*** 2907,2916 **** + delimiter, not a separate delimiter that would result in an empty field. + Look at POSIX.2, 3.6.5, (3)(b). */ +! if (s[sindex] && whitesep && isifs (s[sindex]) && !spctabnl (s[sindex])) + { + sindex++; + /* An IFS character that is not IFS white space, along with any adjacent + IFS white space, shall delimit a field. */ +! while (s[sindex] && spctabnl (s[sindex]) && isifs (s[sindex])) + sindex++; + } +--- b/2915,2924 ---- + delimiter, not a separate delimiter that would result in an empty field. + Look at POSIX.2, 3.6.5, (3)(b). */ +! if (s[sindex] && whitesep && islocalsep (s[sindex]) && !spctabnl (s[sindex])) + { + sindex++; + /* An IFS character that is not IFS white space, along with any adjacent + IFS white space, shall delimit a field. */ +! while (s[sindex] && spctabnl (s[sindex]) && islocalsep(s[sindex])) + sindex++; + } +*** bash-4.4/patchlevel.h 2016-06-22 14:51:03.000000000 -0400 +--- b/patchlevel.h 2016-10-01 11:01:28.000000000 -0400 +*************** +*** 26,30 **** + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 11 + + #endif /* _PATCHLEVEL_H_ */ +--- b/26,30 ---- + looks for to find the patch level (for the sccs version string). */ + +! #define PATCHLEVEL 12 + + #endif /* _PATCHLEVEL_H_ */ -- 2.30.2