Fri May 25 23:29:36 UTC 201813.1

patches/packages/glibc-zoneinfo-2018e-noarch-2_slack13.1.txz:  Rebuilt.
  Handle removal of US/Pacific-New timezone. If we see that the machine is
  using this, it will be automatically switched to US/Pacific.

22 files changed, 1762 insertions, 0 deletions

diff --git a/patches/source/bash/bash-4.1-patches/bash41-001 b/patches/source/bash/bash-4.1-patches/bash41-001
new file mode 100644
index 00000000..758e1fa4
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-001
@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-001
+
+Bug-Reported-by:	Yann Rouillard <yann@pleiades.fr.eu.org>
+Bug-Reference-ID:	<4B44A410.4070107@pleiades.fr.eu.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-01/msg00018.html
+
+Bug-Description:
+
+A prototype for vsnprintf was incorrect, and caused compilation failures
+on systems that did not have a suitable vsnprintf, but had a declaration in
+one of the system header files.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/builtins/printf.def	2009-11-20 15:31:23.000000000 -0500
+--- builtins/printf.def	2010-01-07 08:50:06.000000000 -0500
+***************
+*** 173,177 ****
+  
+  #if !HAVE_VSNPRINTF
+! extern int vsnprintf __P((char *, size_t, const char *, ...)) __attribute__((__format__ (printf, 3, 4)));
+  #endif
+  
+--- 173,177 ----
+  
+  #if !HAVE_VSNPRINTF
+! extern int vsnprintf __P((char *, size_t, const char *, va_list)) __attribute__((__format__ (printf, 3, 0)));
+  #endif
+  
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 0
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 1
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-002 b/patches/source/bash/bash-4.1-patches/bash41-002
new file mode 100644
index 00000000..a1151985
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-002
@@ -0,0 +1,65 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-002
+
+Bug-Reported-by:	guillaume.outters@free.fr
+Bug-Reference-ID:	<20100105230441.70D171AA7F52@asterix.local>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-01/msg00017.html
+
+Bug-Description:
+
+Bash-4.1/Readline-6.1 introduced a hook function that allows applications
+to rewrite or modify filenames read from the file system before comparing
+them with a word to be completed.  The converted filename, if it matches,
+needs to be inserted into the line buffer, replacing the original contents.
+
+This fixes a completion bug on Mac OS X involving filenames containing
+UTF-8 characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/lib/readline/complete.c	2009-11-29 18:39:30.000000000 -0500
+--- lib/readline/complete.c	2010-01-06 08:30:23.000000000 -0500
+***************
+*** 2139,2143 ****
+        if (filename_len == 0)
+  	{
+! 	  if (_rl_match_hidden_files == 0 && HIDDEN_FILE (entry->d_name))
+  	    continue;
+  
+--- 2139,2143 ----
+        if (filename_len == 0)
+  	{
+! 	  if (_rl_match_hidden_files == 0 && HIDDEN_FILE (convfn))
+  	    continue;
+  
+***************
+*** 2220,2224 ****
+  	    }
+  
+! 	  strcpy (temp + dirlen, entry->d_name);
+  	}
+        else
+--- 2220,2224 ----
+  	    }
+  
+! 	  strcpy (temp + dirlen, convfn);
+  	}
+        else
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 1
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 2
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-003 b/patches/source/bash/bash-4.1-patches/bash41-003
new file mode 100644
index 00000000..479fdcd9
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-003
@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-003
+
+Bug-Reported-by:	coyote@wariat.org.pl
+Bug-Reference-ID:	<4b64a1f8.06e2660a.60af.4bfb@mx.google.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-01/msg00135.html
+
+Bug-Description:
+
+If command completion is attempted on a word with a quoted globbing
+character (e.g., `*' or `?'), bash can reference a NULL pointer and
+dump core.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/bashline.c	2009-10-24 14:10:19.000000000 -0400
+--- bashline.c	2010-01-30 21:53:49.000000000 -0500
+***************
+*** 1681,1685 ****
+       characters in the common prefix are bad) will ever be returned on
+       regular completion. */
+!   if (glob_pattern_p (hint))
+      {
+        if (state == 0)
+--- 1681,1685 ----
+       characters in the common prefix are bad) will ever be returned on
+       regular completion. */
+!   if (globpat)
+      {
+        if (state == 0)
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 2
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 3
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-004 b/patches/source/bash/bash-4.1-patches/bash41-004
new file mode 100644
index 00000000..33f79bb7
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-004
@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-004
+
+Bug-Reported-by:	Crestez Dan Leonard <cdleonard@gmail.com>
+Bug-Reference-ID:	<1265592839.30682.21.camel@deskbox>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-02/msg00034.html
+
+Bug-Description:
+
+When running in Posix mode and executing a shell function without local
+variables, bash will not propagate a variable in a special builtin's temporary
+environment to have global scope.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/variables.c	2009-11-03 14:13:58.000000000 -0500
+--- variables.c	2010-02-08 17:36:18.000000000 -0500
+***************
+*** 3809,3812 ****
+--- 3809,3817 ----
+    if (tempvar_p (var) && (posixly_correct || (var->attributes & att_propagate)))
+      {
++       /* Make sure we have a hash table to store the variable in while it is
++ 	 being propagated down to the global variables table.  Create one if
++ 	 we have to */
++       if ((vc_isfuncenv (shell_variables) || vc_istempenv (shell_variables)) && shell_variables->table == 0)
++ 	shell_variables->table = hash_create (0);
+        /* XXX - should we set v->context here? */
+        v = bind_variable_internal (var->name, value_cell (var), shell_variables->table, 0, 0);
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 3
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 4
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-005 b/patches/source/bash/bash-4.1-patches/bash41-005
new file mode 100644
index 00000000..8a2fec8a
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-005
@@ -0,0 +1,56 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-005
+
+Bug-Reported-by:	werner@suse.de
+Bug-Reference-ID:	<201002251238.o1PCcYcg016893@boole.suse.de>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-02/msg00132.html
+
+Bug-Description:
+
+When the `read' builtin times out after the timeout specified with -t is
+exceeded, it does not reset the flags that tell signal handlers to process
+signals immediately instead of deferring their handling.  This can result
+in unsafe functions being called from signal handlers, which can cause bash
+to hang or dump core.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/builtins/read.def	2009-10-08 11:35:46.000000000 -0400
+--- builtins/read.def	2010-03-17 17:35:39.000000000 -0400
+***************
+*** 616,621 ****
+      zsyncfd (fd);
+  
+-   interrupt_immediately--;
+-   terminate_immediately--;
+    discard_unwind_frame ("read_builtin");
+  
+--- 616,619 ----
+***************
+*** 624,627 ****
+--- 622,628 ----
+  assign_vars:
+  
++   interrupt_immediately--;
++   terminate_immediately--;
++ 
+  #if defined (ARRAY_VARS)
+    /* If -a was given, take the string read, break it into a list of words,
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 4
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 5
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-006 b/patches/source/bash/bash-4.1-patches/bash41-006
new file mode 100644
index 00000000..d6553b8b
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-006
@@ -0,0 +1,76 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-006
+
+Bug-Reported-by:	Mike Frysinger <vapier@gentoo.org>
+Bug-Reference-ID:	<201003210155.56618.vapier@gentoo.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-03/msg00063.html
+
+Bug-Description:
+
+Bash did not correctly print/reproduce here documents attached to commands
+inside compound commands such as for and while.  This affected the
+execution of such commands inside a shell function when the function
+definition is saved and later restored using `.' or `eval'.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/print_cmd.c	2009-09-16 15:32:26.000000000 -0400
+--- print_cmd.c	2010-03-22 21:15:30.000000000 -0400
+***************
+*** 114,117 ****
+--- 114,123 ----
+  #define CHECK_XTRACE_FP	xtrace_fp = (xtrace_fp ? xtrace_fp : stderr)
+  
++ #define PRINT_DEFERRED_HEREDOCS(x) \
++   do { \
++     if (deferred_heredocs) \
++       print_deferred_heredocs (x); \
++   } while (0)
++ 
+  /* Non-zero means the stuff being printed is inside of a function def. */
+  static int inside_function_def;
+***************
+*** 561,571 ****
+  {
+    print_for_command_head (for_command);
+- 
+    cprintf (";");
+    newline ("do\n");
+    indentation += indentation_amount;
+    make_command_string_internal (for_command->action);
+    semicolon ();
+    indentation -= indentation_amount;
+    newline ("done");
+  }
+--- 566,578 ----
+  {
+    print_for_command_head (for_command);
+    cprintf (";");
+    newline ("do\n");
++ 
+    indentation += indentation_amount;
+    make_command_string_internal (for_command->action);
++   PRINT_DEFERRED_HEREDOCS ("");
+    semicolon ();
+    indentation -= indentation_amount;
++ 
+    newline ("done");
+  }
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 5
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 6
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-007 b/patches/source/bash/bash-4.1-patches/bash41-007
new file mode 100644
index 00000000..07b4796c
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-007
@@ -0,0 +1,47 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-007
+
+Bug-Reported-by:	Rob Robason <rob@robason.net>
+Bug-Reference-ID:	<1269513145.22336.9.camel@home.robason.homelinux.net>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-03/msg00089.html
+
+Bug-Description:
+
+A typo caused bash to not honor a precision specification in a printf
+format.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/builtins/printf.def	2010-01-18 10:50:22.000000000 -0500
+--- builtins/printf.def	2010-03-25 09:40:56.000000000 -0400
+***************
+*** 118,122 ****
+        nw = vflag ? vbprintf (f, fieldwidth, func) : printf (f, fieldwidth, func); \
+      else if (have_precision) \
+!       nw = vflag ? vbprintf (f, precision, func) : printf (f, fieldwidth, func); \
+      else \
+        nw = vflag ? vbprintf (f, func) : printf (f, func); \
+--- 118,122 ----
+        nw = vflag ? vbprintf (f, fieldwidth, func) : printf (f, fieldwidth, func); \
+      else if (have_precision) \
+!       nw = vflag ? vbprintf (f, precision, func) : printf (f, precision, func); \
+      else \
+        nw = vflag ? vbprintf (f, func) : printf (f, func); \
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 6
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 7
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-008 b/patches/source/bash/bash-4.1-patches/bash41-008
new file mode 100644
index 00000000..2bec4de4
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-008
@@ -0,0 +1,49 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-008
+
+Bug-Reported-by:	Dennis van Dok <dvandok@gmail.com>
+Bug-Reference-ID:	<4BBF2501.5050703@gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-04/msg00038.html
+
+Bug-Description:
+
+When declaring an associative array and implicitly assigning a value
+to element "0", bash does not correctly allocate memory, leading to
+a segmentation violation when that element or the array itself is
+unset.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/builtins/declare.def	2009-11-25 19:42:00.000000000 -0500
+--- builtins/declare.def	2010-05-30 18:25:21.000000000 -0400
+***************
+*** 513,517 ****
+  	      /* let bind_{array,assoc}_variable take care of this. */
+  	      if (assoc_p (var))
+! 		bind_assoc_variable (var, name, "0", value, aflags);
+  	      else
+  		bind_array_variable (name, 0, value, aflags);
+--- 519,523 ----
+  	      /* let bind_{array,assoc}_variable take care of this. */
+  	      if (assoc_p (var))
+! 		bind_assoc_variable (var, name, savestring ("0"), value, aflags);
+  	      else
+  		bind_array_variable (name, 0, value, aflags);
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 7
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 8
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-009 b/patches/source/bash/bash-4.1-patches/bash41-009
new file mode 100644
index 00000000..ae0f1e3e
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-009
@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-009
+
+Bug-Reported-by:	Tomas Trnka <tomastrnka@gmx.com>
+Bug-Reference-ID:	<201003242030.02166.tomastrnka@gmx.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-03/msg00090.html
+
+Bug-Description:
+
+An arriving SIGCHLD will interrupt `slow' system calls such as write(2) to
+or read(2) from a terminal.  This results in an error message and truncated
+input or output.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/sig.c	Fri Aug 14 16:31:52 2009
+--- sig.c	Fri Mar 26 22:34:11 2010
+***************
+*** 655,660 ****
+--- 655,663 ----
+      act.sa_flags |= SA_INTERRUPT;	/* XXX */
+    else
+      act.sa_flags |= SA_RESTART;		/* XXX */
++ #else
++   if (sig == SIGCHLD)
++     act.sa_flags |= SA_RESTART;
+  #endif
+    sigemptyset (&act.sa_mask);
+    sigemptyset (&oact.sa_mask);
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 8
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 9
+  
+  #endif /* _PATCHLEVEL_H_ */
+
diff --git a/patches/source/bash/bash-4.1-patches/bash41-010 b/patches/source/bash/bash-4.1-patches/bash41-010
new file mode 100644
index 00000000..b5a4b615
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-010
@@ -0,0 +1,68 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-010
+
+Bug-Reported-by:	Stephane Jourdois <sjourdois@gmail.com>
+Bug-Reference-ID:	<AANLkTimbh1t2BmCjnCgACpEidArJMBIEtr30Vv3VzHxf@mail.gmail.com>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2010-05/msg00165.html
+
+Bug-Description:
+
+The expansion of the \W prompt string escape sequence incorrectly used
+strcpy to copy overlapping strings.  Only memmove works in this case.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/parse.y	2009-12-30 12:51:42.000000000 -0500
+--- parse.y	2011-02-24 16:40:48.000000000 -0500
+***************
+*** 5153,5157 ****
+  			t = strrchr (t_string, '/');
+  			if (t)
+! 			  strcpy (t_string, t + 1);
+  		      }
+  		  }
+--- 5153,5157 ----
+  			t = strrchr (t_string, '/');
+  			if (t)
+! 			  memmove (t_string, t + 1, strlen (t));
+  		      }
+  		  }
+*** ../bash-4.1-patched/y.tab.c	2009-12-30 12:52:02.000000000 -0500
+--- y.tab.c	2011-02-24 16:50:27.000000000 -0500
+***************
+*** 7482,7486 ****
+  			t = strrchr (t_string, '/');
+  			if (t)
+! 			  strcpy (t_string, t + 1);
+  		      }
+  		  }
+--- 7482,7486 ----
+  			t = strrchr (t_string, '/');
+  			if (t)
+! 			  memmove (t_string, t + 1, strlen (t));
+  		      }
+  		  }
+***************
+*** 8244,8246 ****
+  }
+  #endif /* HANDLE_MULTIBYTE */
+- 
+--- 8244,8245 ----
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 9
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 10
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-011 b/patches/source/bash/bash-4.1-patches/bash41-011
new file mode 100644
index 00000000..050da955
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-011
@@ -0,0 +1,86 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-011
+
+Bug-Reported-by:	<piuma@piumalab.org>
+Bug-Reference-ID:	<4DAAC0DB.7060606@piumalab.org>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00075.html
+
+Bug-Description:
+
+Under certain circumstances, running `fc -l' two times in succession with a
+relative history offset at the end of the history will result in an incorrect
+calculation of the last history entry and a seg fault.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/builtins/fc.def	2009-03-21 14:03:43.000000000 -0400
+--- builtins/fc.def	2011-04-19 15:46:17.000000000 -0400
+***************
+*** 304,307 ****
+--- 304,317 ----
+    last_hist = i - rh - hist_last_line_added;
+  
++   /* XXX */
++   if (i == last_hist && hlist[last_hist] == 0)
++     while (last_hist >= 0 && hlist[last_hist] == 0)
++       last_hist--;
++   if (last_hist < 0)
++     {
++       sh_erange ((char *)NULL, _("history specification"));
++       return (EXECUTION_FAILURE);
++     }
++ 
+    if (list)
+      {
+***************
+*** 466,470 ****
+  {
+    int sign, n, clen, rh;
+!   register int i, j;
+    register char *s;
+  
+--- 476,480 ----
+  {
+    int sign, n, clen, rh;
+!   register int i, j, last_hist;
+    register char *s;
+  
+***************
+*** 486,490 ****
+       calculation as if it were on. */
+    rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+!   i -= rh + hist_last_line_added;
+  
+    /* No specification defaults to most recent command. */
+--- 496,508 ----
+       calculation as if it were on. */
+    rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+!   last_hist = i - rh - hist_last_line_added;
+! 
+!   if (i == last_hist && hlist[last_hist] == 0)
+!     while (last_hist >= 0 && hlist[last_hist] == 0)
+!       last_hist--;
+!   if (last_hist < 0)
+!     return (-1);
+! 
+!   i = last_hist;
+  
+    /* No specification defaults to most recent command. */
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 10
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 11
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-012 b/patches/source/bash/bash-4.1-patches/bash41-012
new file mode 100644
index 00000000..17464c07
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-012
@@ -0,0 +1,104 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-012
+
+Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Under certain circumstances, bash will execute user code while processing the
+environment for exported function definitions.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.11/builtins/common.h	2009-12-22 16:30:42.000000000 -0500
+--- builtins/common.h	2014-09-16 19:27:38.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+  
+  /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
++ #define SEVAL_ONECMD	0x100		/* only allow a single command */
+  #define CDESC_ALL		0x001	/* type -a */
+  #define CDESC_SHORTDESC		0x002	/* command -V */
+*** ../bash-4.1.11/builtins/evalstring.c	2009-10-17 21:18:50.000000000 -0400
+--- builtins/evalstring.c	2014-09-16 19:27:38.000000000 -0400
+***************
+*** 262,265 ****
+--- 262,273 ----
+  	      struct fd_bitmap *bitmap;
+  
++ 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ 		{
++ 		  internal_warning ("%s: ignoring function definition attempt", from_file);
++ 		  should_jump_to_top_level = 0;
++ 		  last_result = last_command_exit_value = EX_BADUSAGE;
++ 		  break;
++ 		}
++ 
+  	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+  	      begin_unwind_frame ("pe_dispose");
+***************
+*** 322,325 ****
+--- 330,336 ----
+  	      dispose_fd_bitmap (bitmap);
+  	      discard_unwind_frame ("pe_dispose");
++ 
++ 	      if (flags & SEVAL_ONECMD)
++ 		break;
+  	    }
+  	}
+*** ../bash-4.1.11/variables.c	2010-03-26 12:15:39.000000000 -0400
+--- variables.c	2014-09-16 19:27:38.000000000 -0400
+***************
+*** 348,357 ****
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+! 
+! 	  /* Ancient backwards compatibility.  Old versions of bash exported
+! 	     functions like name()=() {...} */
+! 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! 	    name[char_index - 2] = '\0';
+  
+  	  if (temp_var = find_function (name))
+--- 348,355 ----
+  	  strcpy (temp_string + char_index + 1, string);
+  
+! 	  /* Don't import function names that are invalid identifiers from the
+! 	     environment. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+  	  if (temp_var = find_function (name))
+***************
+*** 362,369 ****
+  	  else
+  	    report_error (_("error importing function definition for `%s'"), name);
+- 
+- 	  /* ( */
+- 	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- 	    name[char_index - 2] = '(';		/* ) */
+  	}
+  #if defined (ARRAY_VARS)
+--- 360,363 ----
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 11
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 12
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-013 b/patches/source/bash/bash-4.1-patches/bash41-013
new file mode 100644
index 00000000..7a93dacd
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-013
@@ -0,0 +1,43 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-013
+
+Bug-Reported-by:	Tavis Ormandy <taviso@cmpxchg8b.com>
+Bug-Reference-ID:
+Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
+
+Bug-Description:
+
+Under certain circumstances, bash can incorrectly save a lookahead character and
+return it on a subsequent call, even when reading a new line.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.12/parse.y	2011-02-24 19:41:01.000000000 -0500
+--- parse.y	2014-09-25 16:13:57.000000000 -0400
+***************
+*** 2812,2815 ****
+--- 2812,2817 ----
+    word_desc_to_read = (WORD_DESC *)NULL;
+  
++   eol_ungetc_lookahead = 0;
++ 
+    current_token = '\n';		/* XXX */
+    last_read_token = '\n';
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 12
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 13
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-014 b/patches/source/bash/bash-4.1-patches/bash41-014
new file mode 100644
index 00000000..87a57be7
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-014
@@ -0,0 +1,217 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-014
+
+Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+This patch changes the encoding bash uses for exported functions to avoid
+clashes with shell variables and to avoid depending only on an environment
+variable's contents to determine whether or not to interpret it as a shell
+function.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.13/variables.c	2014-09-16 19:27:38.000000000 -0400
+--- variables.c	2014-09-27 20:57:46.000000000 -0400
+***************
+*** 80,83 ****
+--- 80,88 ----
+  #define ifsname(s)	((s)[0] == 'I' && (s)[1] == 'F' && (s)[2] == 'S' && (s)[3] == '\0')
+  
++ #define BASHFUNC_PREFIX		"BASH_FUNC_"
++ #define BASHFUNC_PREFLEN	10	/* == strlen(BASHFUNC_PREFIX */
++ #define BASHFUNC_SUFFIX		"%%"
++ #define BASHFUNC_SUFFLEN	2	/* == strlen(BASHFUNC_SUFFIX) */
++ 
+  extern char **environ;
+  
+***************
+*** 269,273 ****
+  static void dispose_temporary_env __P((sh_free_func_t *));     
+  
+! static inline char *mk_env_string __P((const char *, const char *));
+  static char **make_env_array_from_var_list __P((SHELL_VAR **));
+  static char **make_var_export_array __P((VAR_CONTEXT *));
+--- 274,278 ----
+  static void dispose_temporary_env __P((sh_free_func_t *));     
+  
+! static inline char *mk_env_string __P((const char *, const char *, int));
+  static char **make_env_array_from_var_list __P((SHELL_VAR **));
+  static char **make_var_export_array __P((VAR_CONTEXT *));
+***************
+*** 339,357 ****
+        /* If exported function, define it now.  Don't import functions from
+  	 the environment in privileged mode. */
+!       if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
+  	{
+  	  string_length = strlen (string);
+! 	  temp_string = (char *)xmalloc (3 + string_length + char_index);
+  
+! 	  strcpy (temp_string, name);
+! 	  temp_string[char_index] = ' ';
+! 	  strcpy (temp_string + char_index + 1, string);
+  
+  	  /* Don't import function names that are invalid identifiers from the
+  	     environment. */
+! 	  if (legal_identifier (name))
+! 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+! 	  if (temp_var = find_function (name))
+  	    {
+  	      VSETATTR (temp_var, (att_exported|att_imported));
+--- 344,373 ----
+        /* If exported function, define it now.  Don't import functions from
+  	 the environment in privileged mode. */
+!       if (privmode == 0 && read_but_dont_execute == 0 &&
+! 	  STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
+! 	  STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
+! 	  STREQN ("() {", string, 4))
+  	{
++ 	  size_t namelen;
++ 	  char *tname;		/* desired imported function name */
++ 
++ 	  namelen = char_index - BASHFUNC_PREFLEN - BASHFUNC_SUFFLEN;
++ 
++ 	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
++ 	  tname[namelen] = '\0';		/* now tname == func name */
++ 
+  	  string_length = strlen (string);
+! 	  temp_string = (char *)xmalloc (namelen + string_length + 2);
+  
+! 	  memcpy (temp_string, tname, namelen);
+! 	  temp_string[namelen] = ' ';
+! 	  memcpy (temp_string + namelen + 1, string, string_length + 1);
+  
+  	  /* Don't import function names that are invalid identifiers from the
+  	     environment. */
+! 	  if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
+! 	    parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+  
+! 	  if (temp_var = find_function (tname))
+  	    {
+  	      VSETATTR (temp_var, (att_exported|att_imported));
+***************
+*** 359,363 ****
+  	    }
+  	  else
+! 	    report_error (_("error importing function definition for `%s'"), name);
+  	}
+  #if defined (ARRAY_VARS)
+--- 375,382 ----
+  	    }
+  	  else
+! 	    report_error (_("error importing function definition for `%s'"), tname);
+! 
+! 	  /* Restore original suffix */
+! 	  tname[namelen] = BASHFUNC_SUFFIX[0];
+  	}
+  #if defined (ARRAY_VARS)
+***************
+*** 2520,2524 ****
+  
+    INVALIDATE_EXPORTSTR (var);
+!   var->exportstr = mk_env_string (name, value);
+  
+    array_needs_making = 1;
+--- 2539,2543 ----
+  
+    INVALIDATE_EXPORTSTR (var);
+!   var->exportstr = mk_env_string (name, value, 0);
+  
+    array_needs_making = 1;
+***************
+*** 3339,3357 ****
+  
+  static inline char *
+! mk_env_string (name, value)
+       const char *name, *value;
+  {
+!   int name_len, value_len;
+!   char	*p;
+  
+    name_len = strlen (name);
+    value_len = STRLEN (value);
+!   p = (char *)xmalloc (2 + name_len + value_len);
+!   strcpy (p, name);
+!   p[name_len] = '=';
+    if (value && *value)
+!     strcpy (p + name_len + 1, value);
+    else
+!     p[name_len + 1] = '\0';
+    return (p);
+  }
+--- 3358,3397 ----
+  
+  static inline char *
+! mk_env_string (name, value, isfunc)
+       const char *name, *value;
++      int isfunc;
+  {
+!   size_t name_len, value_len;
+!   char	*p, *q;
+  
+    name_len = strlen (name);
+    value_len = STRLEN (value);
+! 
+!   /* If we are exporting a shell function, construct the encoded function
+!      name. */
+!   if (isfunc && value)
+!     {
+!       p = (char *)xmalloc (BASHFUNC_PREFLEN + name_len + BASHFUNC_SUFFLEN + value_len + 2);
+!       q = p;
+!       memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN);
+!       q += BASHFUNC_PREFLEN;
+!       memcpy (q, name, name_len);
+!       q += name_len;
+!       memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN);
+!       q += BASHFUNC_SUFFLEN;
+!     }
+!   else
+!     {
+!       p = (char *)xmalloc (2 + name_len + value_len);
+!       memcpy (p, name, name_len);
+!       q = p + name_len;
+!     }
+! 
+!   q[0] = '=';
+    if (value && *value)
+!     memcpy (q + 1, value, value_len + 1);
+    else
+!     q[1] = '\0';
+! 
+    return (p);
+  }
+***************
+*** 3439,3443 ****
+  	     using the cached exportstr... */
+  	  list[list_index] = USE_EXPORTSTR ? savestring (value)
+! 					   : mk_env_string (var->name, value);
+  
+  	  if (USE_EXPORTSTR == 0)
+--- 3479,3483 ----
+  	     using the cached exportstr... */
+  	  list[list_index] = USE_EXPORTSTR ? savestring (value)
+! 					   : mk_env_string (var->name, value, function_p (var));
+  
+  	  if (USE_EXPORTSTR == 0)
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 13
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 14
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-015 b/patches/source/bash/bash-4.1-patches/bash41-015
new file mode 100644
index 00000000..c7af80f0
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-015
@@ -0,0 +1,173 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-015
+
+Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+There are two local buffer overflows in parse.y that can cause the shell
+to dump core when given many here-documents attached to a single command
+or many nested loops.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.14/parse.y	2014-09-27 12:18:25.000000000 -0400
+--- parse.y	2014-09-30 19:36:03.000000000 -0400
+***************
+*** 168,171 ****
+--- 168,174 ----
+  static int reserved_word_acceptable __P((int));
+  static int yylex __P((void));
++ 
++ static void push_heredoc __P((REDIRECT *));
++ static char *mk_alexpansion __P((char *));
+  static int alias_expand_token __P((char *));
+  static int time_command_acceptable __P((void));
+***************
+*** 262,266 ****
+  /* Variables to manage the task of reading here documents, because we need to
+     defer the reading until after a complete command has been collected. */
+! static REDIRECT *redir_stack[10];
+  int need_here_doc;
+  
+--- 265,271 ----
+  /* Variables to manage the task of reading here documents, because we need to
+     defer the reading until after a complete command has been collected. */
+! #define HEREDOC_MAX 16
+! 
+! static REDIRECT *redir_stack[HEREDOC_MAX];
+  int need_here_doc;
+  
+***************
+*** 304,308 ****
+     index is decremented after a case, select, or for command is parsed. */
+  #define MAX_CASE_NEST	128
+! static int word_lineno[MAX_CASE_NEST];
+  static int word_top = -1;
+  
+--- 309,313 ----
+     index is decremented after a case, select, or for command is parsed. */
+  #define MAX_CASE_NEST	128
+! static int word_lineno[MAX_CASE_NEST+1];
+  static int word_top = -1;
+  
+***************
+*** 517,521 ****
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	NUMBER LESS_LESS WORD
+--- 522,526 ----
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	NUMBER LESS_LESS WORD
+***************
+*** 524,528 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	REDIR_WORD LESS_LESS WORD
+--- 529,533 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	REDIR_WORD LESS_LESS WORD
+***************
+*** 531,535 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	LESS_LESS_MINUS WORD
+--- 536,540 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_reading_until, redir, REDIR_VARASSIGN);
+! 			  push_heredoc ($$);
+  			}
+  	|	LESS_LESS_MINUS WORD
+***************
+*** 538,542 ****
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	NUMBER LESS_LESS_MINUS WORD
+--- 543,547 ----
+  			  redir.filename = $2;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	NUMBER LESS_LESS_MINUS WORD
+***************
+*** 545,549 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	REDIR_WORD  LESS_LESS_MINUS WORD
+--- 550,554 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, 0);
+! 			  push_heredoc ($$);
+  			}
+  	|	REDIR_WORD  LESS_LESS_MINUS WORD
+***************
+*** 552,556 ****
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
+! 			  redir_stack[need_here_doc++] = $$;
+  			}
+  	|	LESS_LESS_LESS WORD
+--- 557,561 ----
+  			  redir.filename = $3;
+  			  $$ = make_redirection (source, r_deblank_reading_until, redir, REDIR_VARASSIGN);
+! 			  push_heredoc ($$);
+  			}
+  	|	LESS_LESS_LESS WORD
+***************
+*** 2508,2511 ****
+--- 2513,2531 ----
+  static int esacs_needed_count;
+  
++ static void
++ push_heredoc (r)
++      REDIRECT *r;
++ {
++   if (need_here_doc >= HEREDOC_MAX)
++     {
++       last_command_exit_value = EX_BADUSAGE;
++       need_here_doc = 0;
++       report_syntax_error (_("maximum here-document count exceeded"));
++       reset_parser ();
++       exit_shell (last_command_exit_value);
++     }
++   redir_stack[need_here_doc++] = r;
++ }
++ 
+  void
+  gather_here_documents ()
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 14
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 15
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-016 b/patches/source/bash/bash-4.1-patches/bash41-016
new file mode 100644
index 00000000..ff1ce9cd
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-016
@@ -0,0 +1,59 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-016
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.15/make_cmd.c	2009-09-11 17:26:12.000000000 -0400
+--- make_cmd.c	2014-10-02 11:29:35.000000000 -0400
+***************
+*** 690,693 ****
+--- 690,694 ----
+    temp->redirector = source;
+    temp->redirectee = dest_and_filename;
++   temp->here_doc_eof = 0;
+    temp->instruction = instruction;
+    temp->flags = 0;
+*** ../bash-4.1.15/copy_cmd.c	2009-09-11 16:28:02.000000000 -0400
+--- copy_cmd.c	2014-10-02 11:29:35.000000000 -0400
+***************
+*** 127,131 ****
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
+        /*FALLTHROUGH*/
+      case r_reading_string:
+--- 127,131 ----
+      case r_reading_until:
+      case r_deblank_reading_until:
+!       new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+        /*FALLTHROUGH*/
+      case r_reading_string:
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 15
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 16
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash-4.1-patches/bash41-017 b/patches/source/bash/bash-4.1-patches/bash41-017
new file mode 100644
index 00000000..22a9336f
--- /dev/null
+++ b/patches/source/bash/bash-4.1-patches/bash41-017
@@ -0,0 +1,132 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.1
+Patch-ID:	bash41-017
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+A combination of nested command substitutions and function importing from
+the environment can cause bash to execute code appearing in the environment
+variable value following the function definition.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1.16/builtins/evalstring.c	2014-09-16 19:27:38.000000000 -0400
+--- builtins/evalstring.c	2014-10-04 15:08:26.000000000 -0400
+***************
+*** 262,271 ****
+  	      struct fd_bitmap *bitmap;
+  
+! 	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
+  		{
+! 		  internal_warning ("%s: ignoring function definition attempt", from_file);
+! 		  should_jump_to_top_level = 0;
+! 		  last_result = last_command_exit_value = EX_BADUSAGE;
+! 		  break;
+  		}
+  
+--- 262,284 ----
+  	      struct fd_bitmap *bitmap;
+  
+! 	      if (flags & SEVAL_FUNCDEF)
+  		{
+! 		  char *x;
+! 
+! 		  /* If the command parses to something other than a straight
+! 		     function definition, or if we have not consumed the entire
+! 		     string, or if the parser has transformed the function
+! 		     name (as parsing will if it begins or ends with shell
+! 		     whitespace, for example), reject the attempt */
+! 		  if (command->type != cm_function_def ||
+! 		      ((x = parser_remaining_input ()) && *x) ||
+! 		      (STREQ (from_file, command->value.Function_def->name->word) == 0))
+! 		    {
+! 		      internal_warning (_("%s: ignoring function definition attempt"), from_file);
+! 		      should_jump_to_top_level = 0;
+! 		      last_result = last_command_exit_value = EX_BADUSAGE;
+! 		      reset_parser ();
+! 		      break;
+! 		    }
+  		}
+  
+***************
+*** 332,336 ****
+  
+  	      if (flags & SEVAL_ONECMD)
+! 		break;
+  	    }
+  	}
+--- 345,352 ----
+  
+  	      if (flags & SEVAL_ONECMD)
+! 		{
+! 		  reset_parser ();
+! 		  break;
+! 		}
+  	    }
+  	}
+*** ../bash-4.1.16/parse.y	2014-09-30 19:36:03.000000000 -0400
+--- parse.y	2014-10-04 15:08:26.000000000 -0400
+***************
+*** 2410,2413 ****
+--- 2410,2423 ----
+  }
+  
++ char *
++ parser_remaining_input ()
++ {
++   if (shell_input_line == 0)
++     return 0;
++   if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
++     return '\0';	/* XXX */
++   return (shell_input_line + shell_input_line_index);
++ }
++ 
+  #ifdef INCLUDE_UNUSED
+  /* Back the input pointer up by one, effectively `ungetting' a character. */
+***************
+*** 3809,3814 ****
+    restore_parser_state (&ps);
+    reset_parser ();
+!   if (interactive)
+!     token_to_read = 0;
+  
+    /* Need to find how many characters parse_and_execute consumed, update
+--- 3819,3824 ----
+    restore_parser_state (&ps);
+    reset_parser ();
+! 
+!   token_to_read = 0;
+  
+    /* Need to find how many characters parse_and_execute consumed, update
+*** ../bash-4.1.16/shell.h	2009-08-14 16:32:52.000000000 -0400
+--- shell.h	2014-10-04 15:08:26.000000000 -0400
+***************
+*** 164,167 ****
+--- 164,169 ----
+  
+  /* Let's try declaring these here. */
++ extern char *parser_remaining_input __P((void));
++ 
+  extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
+  extern void restore_parser_state __P((sh_parser_state_t *));
+*** ../bash-4.1-patched/patchlevel.h	2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h	2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 16
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 17
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash.CVE-2016-0634.bash43-047 b/patches/source/bash/bash.CVE-2016-0634.bash43-047
new file mode 100644
index 00000000..316e3afc
--- /dev/null
+++ b/patches/source/bash/bash.CVE-2016-0634.bash43-047
@@ -0,0 +1,150 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-047
+
+Bug-Reported-by:	Bernd Dietzel
+Bug-Reference-ID:
+Bug-Reference-URL:	https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
+
+Bug-Description:
+
+Bash performs word expansions on the prompt strings after the special
+escape sequences are expanded.  If a malicious user can modify the system
+hostname or change the name of the bash executable and coerce a user into
+executing it, and the new name contains word expansions (including
+command substitution), bash will expand them in prompt strings containing
+the \h or \H and \s escape sequences, respectively.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3-patched/parse.y	2015-08-13 15:11:54.000000000 -0400
+--- parse.y	2016-03-07 15:44:14.000000000 -0500
+***************
+*** 5259,5263 ****
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+--- 5259,5263 ----
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, *t_host, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+***************
+*** 5407,5411 ****
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      temp = savestring (temp);
+  	      goto add_string;
+  
+--- 5407,5415 ----
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      /* Try to quote anything the user can set in the file system */
+! 	      if (promptvars || posixly_correct)
+! 		temp = sh_backslash_quote_for_double_quotes (temp);
+! 	      else
+! 		temp = savestring (temp);
+  	      goto add_string;
+  
+***************
+*** 5497,5503 ****
+  	    case 'h':
+  	    case 'H':
+! 	      temp = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
+  		*t = '\0';
+  	      goto add_string;
+  
+--- 5501,5515 ----
+  	    case 'h':
+  	    case 'H':
+! 	      t_host = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+  		*t = '\0';
++ 	      if (promptvars || posixly_correct)
++ 		/* Make sure that expand_prompt_string is called with a
++ 		   second argument of Q_DOUBLE_QUOTES if we use this
++ 		   function here. */
++ 		temp = sh_backslash_quote_for_double_quotes (t_host);
++ 	      else
++ 		temp = savestring (t_host);
++ 	      free (t_host);
+  	      goto add_string;
+  
+*** ../bash-4.3-patched/y.tab.c	2015-08-13 15:11:54.000000000 -0400
+--- y.tab.c	2016-03-07 15:44:14.000000000 -0500
+***************
+*** 7571,7575 ****
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+--- 7571,7575 ----
+    int result_size, result_index;
+    int c, n, i;
+!   char *temp, *t_host, octal_string[4];
+    struct tm *tm;  
+    time_t the_time;
+***************
+*** 7719,7723 ****
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      temp = savestring (temp);
+  	      goto add_string;
+  
+--- 7719,7727 ----
+  	    case 's':
+  	      temp = base_pathname (shell_name);
+! 	      /* Try to quote anything the user can set in the file system */
+! 	      if (promptvars || posixly_correct)
+! 		temp = sh_backslash_quote_for_double_quotes (temp);
+! 	      else
+! 		temp = savestring (temp);
+  	      goto add_string;
+  
+***************
+*** 7809,7815 ****
+  	    case 'h':
+  	    case 'H':
+! 	      temp = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (temp, '.')))
+  		*t = '\0';
+  	      goto add_string;
+  
+--- 7813,7827 ----
+  	    case 'h':
+  	    case 'H':
+! 	      t_host = savestring (current_host_name);
+! 	      if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+  		*t = '\0';
++ 	      if (promptvars || posixly_correct)
++ 		/* Make sure that expand_prompt_string is called with a
++ 		   second argument of Q_DOUBLE_QUOTES if we use this
++ 		   function here. */
++ 		temp = sh_backslash_quote_for_double_quotes (t_host);
++ 	      else
++ 		temp = savestring (t_host);
++ 	      free (t_host);
+  	      goto add_string;
+  
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 46
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 47
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash.CVE-2016-7543.bash43-048 b/patches/source/bash/bash.CVE-2016-7543.bash43-048
new file mode 100644
index 00000000..6a8588ec
--- /dev/null
+++ b/patches/source/bash/bash.CVE-2016-7543.bash43-048
@@ -0,0 +1,54 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-048
+
+Bug-Reported-by:	up201407890@alunos.dcc.fc.up.pt
+Bug-Reference-ID:	<20151210201649.126444eionzfsam8@webmail.alunos.dcc.fc.up.pt>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-12/msg00054.html
+
+Bug-Description:
+
+If a malicious user can inject a value of $SHELLOPTS containing `xtrace'
+and a value for $PS4 that includes a command substitution into a shell
+running as root, bash will expand the command substitution as part of
+expanding $PS4 when it executes a traced command.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.3-patched/variables.c	2015-11-26 12:31:21.000000000 -0500
+--- variables.c	2015-12-23 10:19:01.000000000 -0500
+***************
+*** 496,500 ****
+        set_if_not ("PS2", secondary_prompt);
+      }
+!   set_if_not ("PS4", "+ ");
+  
+    /* Don't allow IFS to be imported from the environment. */
+--- 496,504 ----
+        set_if_not ("PS2", secondary_prompt);
+      }
+! 
+!   if (current_user.euid == 0)
+!     bind_variable ("PS4", "+ ", 0);
+!   else
+!     set_if_not ("PS4", "+ ");
+  
+    /* Don't allow IFS to be imported from the environment. */
+
+*** ../bash-4.3/patchlevel.h	2012-12-29 10:47:57.000000000 -0500
+--- patchlevel.h	2014-03-20 20:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 47
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 48
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/patches/source/bash/bash.SlackBuild b/patches/source/bash/bash.SlackBuild
new file mode 100755
index 00000000..513d27f9
--- /dev/null
+++ b/patches/source/bash/bash.SlackBuild
@@ -0,0 +1,155 @@
+#!/bin/sh
+
+# Copyright 2005-2017  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Set initial variables:
+CWD=`pwd`
+if [ "$TMP" = "" ]; then
+  TMP=/tmp
+fi
+PKG=$TMP/package-bash
+
+VERSION=${VERSION:-$(echo bash-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-2_slack13.1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) export ARCH=i486 ;;
+    arm*) export ARCH=arm ;;
+    # Unless $ARCH is already set, use uname -m for all other archs:
+       *) export ARCH=$( uname -m ) ;;
+  esac
+fi
+
+if [ "$ARCH" = "i386" ]; then
+  SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
+elif [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+elif [ "$ARCH" = "s390" ]; then
+  SLKCFLAGS="-O2"
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+else
+  SLKCFLAGS="-O2"
+fi
+
+if [ ! -d $TMP ]; then
+  mkdir -p $TMP # location to build the source
+fi
+rm -rf $PKG
+mkdir -p $PKG
+
+# Determine bash patchlevel:
+PATCHLEVEL="$( cd $CWD/bash-${VERSION}-patches ; /bin/ls bash4?-??? | tail -1 | cut -f 2 -d - 2> /dev/null )"
+if [ "$PATCHLEVEL" = "" ]; then
+  PATCHLEVEL=0
+fi
+
+cd $TMP
+rm -rf bash-$VERSION
+tar xvf $CWD/bash-$VERSION.tar.?z* || exit 1
+cd bash-$VERSION || exit 1
+chown -R root:root .
+find . -perm 664 | xargs chmod 644
+find . -perm 775 | xargs chmod 755
+
+if [ -d $CWD/bash-${VERSION}-patches ]; then
+  ( cd $CWD/bash-${VERSION}-patches ; cat bash4?-??? ) | patch -p0 --verbose || exit 1
+fi
+
+# Patch security issues with upstream patches for bash-4.3.
+# Don't worry about the patch rejections in patchlevel.h here.
+zcat $CWD/bash.CVE-2016-0634.bash43-047.gz | patch -p0 --verbose
+zcat $CWD/bash.CVE-2016-7543.bash43-048.gz | patch -p0 --verbose
+
+CFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --mandir=/usr/man \
+  --infodir=/usr/info \
+  --build=$ARCH-slackware-linux
+make -j4 || make || exit 1
+make install DESTDIR=$PKG
+mv $PKG/usr/share/doc $PKG/usr
+mkdir -p $PKG/bin
+mv $PKG/usr/bin/bash $PKG/bin/bash4.new
+# We don't include the "bashbug" script.
+rm -rf $PKG/usr/bin $PKG/usr/man/man1/bashbug.1
+
+# Strip binaries:
+( cd $PKG
+  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+# Compress and link manpages, if any:
+if [ -d $PKG/usr/man ]; then
+  ( cd $PKG/usr/man
+    for manpagedir in $(find . -type d -name "man*") ; do
+      ( cd $manpagedir
+        for eachpage in $( find . -type l -maxdepth 1) ; do
+          ln -s $( readlink $eachpage ).gz $eachpage.gz
+          rm $eachpage
+        done
+        gzip -9 *.?
+      )
+    done
+  )
+fi
+
+# bash.1 is already installed by "make install"
+( cd doc
+  for page in builtins.1 rbash.1 ; do
+    cat $page | gzip -9c > $PKG/usr/man/man1/$page.gz
+  done
+)
+
+# Compress info files, if any:
+if [ -d $PKG/usr/info ]; then
+  ( cd $PKG/usr/info
+    rm -f dir
+    gzip -9 *
+  )
+fi
+
+mkdir -p $PKG/usr/doc/bash-$VERSION
+cp -a AUTHORS CHANGES COMPAT COPYING INSTALL MANIFEST NEWS NOTES \
+  README Y2K doc/FAQ doc/INTRO \
+  $PKG/usr/doc/bash-$VERSION
+( cd doc ; groff -ms -Tascii article.ms > $PKG/usr/doc/bash-$VERSION/article.txt )
+
+# If there's a ChangeLog, installing at least part of the recent history
+# is useful, but don't let it get totally out of control:
+if [ -r ChangeLog ]; then
+  DOCSDIR=$(echo $PKG/usr/doc/*-$VERSION)
+  cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog
+  touch -r ChangeLog $DOCSDIR/ChangeLog
+fi
+
+mkdir -p $PKG/install
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+# Build the package:
+cd $PKG
+makepkg -l y -c n $TMP/bash-$VERSION.$PATCHLEVEL-$ARCH-$BUILD.txz
+
diff --git a/patches/source/bash/doinst.sh b/patches/source/bash/doinst.sh
new file mode 100644
index 00000000..867958fb
--- /dev/null
+++ b/patches/source/bash/doinst.sh
@@ -0,0 +1,18 @@
+if [ -r bin/bash ]; then
+  mv bin/bash bin/bash.old
+fi
+mv bin/bash4.new bin/bash
+if [ -f bin/bash.old ]; then
+  rm -f bin/bash.old
+fi
+if [ ! -r etc/shells ]; then
+  touch etc/shells
+  chmod 644 etc/shells
+fi
+if grep -wq /bin/bash etc/shells ; then
+  true
+else
+  echo /bin/bash >> etc/shells
+fi
+( cd usr/bin ; rm -rf bash )
+( cd usr/bin ; ln -sf /bin/bash bash )
diff --git a/patches/source/bash/slack-desc b/patches/source/bash/slack-desc
new file mode 100644
index 00000000..f2fdb929
--- /dev/null
+++ b/patches/source/bash/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in.  You must
+# make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':'.
+
+    |-----handy-ruler------------------------------------------------------|
+bash: bash (sh-compatible shell)
+bash:
+bash: The GNU Bourne-Again SHell.  Bash is a sh-compatible command
+bash: interpreter that executes commands read from the standard input or
+bash: from a file.  Bash also incorporates useful features from the Korn
+bash: and C shells (ksh and csh).  Bash is ultimately intended to be a
+bash: conformant implementation of the IEEE Posix Shell and Tools
+bash: specification (IEEE Working Group 1003.2).
+bash:
+bash: Bash must be present for the system to boot properly.
+bash: