From e039af2b927315a6bdeee0397eb397082ef53fbd Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Thu, 19 Jan 2017 12:36:42 +0000
Subject: [PATCH 1/3] .

OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=230
---
 bash.changes | 6 ++++++
 bash.spec    | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/bash.changes b/bash.changes
index c0d48ee6..eef404c7 100644
--- a/bash.changes
+++ b/bash.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan 19 12:20:06 UTC 2017 - werner@suse.de
+
+- Remove -L option on screen call dues API change, now we depend
+  on environment variables only.
+
 -------------------------------------------------------------------
 Fri Dec  9 12:09:46 UTC 2016 - mliska@suse.cz
 
diff --git a/bash.spec b/bash.spec
index cadf8be1..b3a1f961 100644
--- a/bash.spec
+++ b/bash.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package bash
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -343,6 +343,7 @@ done
   SCREENLOG=${SCREENDIR}/log
   cat > $SCREENRC<<-EOF
 	deflogin off
+	deflog on
 	logfile $SCREENLOG
 	logfile flush 1
 	logtstamp off
@@ -548,7 +549,7 @@ popd
   tail -q -s 0.5 -f $SCREENLOG & pid=$!
   env -i HOME=$PWD TERM=$TERM LD_LIBRARY_PATH=$LD_RUN_PATH TMPDIR=$TMPDIR \
 	SCREENRC=$SCREENRC SCREENDIR=$SCREENDIR \
-	screen -L -D -m make TESTSCRIPT=%{SOURCE4} check
+	screen -D -m make TESTSCRIPT=%{SOURCE4} check
   kill -TERM $pid
   make %{?do_profiling:CFLAGS="$CFLAGS %cflags_profile_feedback -fprofile-correction" clean} all
   make -C examples/loadables/

From 65e65d3aa67f2f819ab2af98d5242272375f1068 Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Fri, 27 Jan 2017 17:54:19 +0000
Subject: [PATCH 2/3] Update from patch 006 upto 012

OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=231
---
 bash-4.3-2.4.4.patch         | 14 +++++++-------
 bash-4.3-sigrestart.patch    |  4 ++--
 bash-4.4-patches.tar.bz2     |  4 ++--
 bash.changes                 | 36 ++++++++++++++++++++++++++++++++++++
 bash.spec                    |  3 ---
 popd-offset-overflow.patch   | 27 ---------------------------
 readline-7.0-patches.tar.bz2 |  4 ++--
 7 files changed, 49 insertions(+), 43 deletions(-)
 delete mode 100644 popd-offset-overflow.patch

diff --git a/bash-4.3-2.4.4.patch b/bash-4.3-2.4.4.patch
index 8335bdf4..a67eecf6 100644
--- a/bash-4.3-2.4.4.patch
+++ b/bash-4.3-2.4.4.patch
@@ -8,7 +8,7 @@
  6 files changed, 17 insertions(+), 7 deletions(-)
 
 --- array.c
-+++ array.c	2016-09-16 10:37:12.179427118 +0000
++++ array.c	2017-01-27 17:45:42.364066849 +0000
 @@ -946,7 +946,7 @@ char	*s, *sep;
   * To make a running version, compile -DTEST_ARRAY and link with:
   * 	xmalloc.o syntax.o lib/malloc/libmalloc.a lib/sh/libsh.a
@@ -19,7 +19,7 @@
  int
  signal_is_trapped(s)
 --- examples/loadables/tee.c
-+++ examples/loadables/tee.c	2016-09-16 10:37:12.179427118 +0000
++++ examples/loadables/tee.c	2017-01-27 17:45:42.364066849 +0000
 @@ -35,6 +35,7 @@
  #include "bashansi.h"
  
@@ -38,7 +38,7 @@
  extern char *strerror ();
  
 --- hashlib.c
-+++ hashlib.c	2016-09-16 10:37:12.179427118 +0000
++++ hashlib.c	2017-01-27 17:45:42.364066849 +0000
 @@ -382,7 +382,7 @@ hash_pstats (table, name)
  
  HASH_TABLE *table, *ntable;
@@ -49,8 +49,8 @@
  int
  signal_is_trapped (s)
 --- jobs.c
-+++ jobs.c	2016-09-16 10:37:12.183427043 +0000
-@@ -1947,6 +1947,15 @@ make_child (command, async_p)
++++ jobs.c	2017-01-27 17:45:42.364066849 +0000
+@@ -1962,6 +1962,15 @@ make_child (command, async_p)
        pid_t mypid;
  
        mypid = getpid ();
@@ -67,7 +67,7 @@
        /* Close default_buffered_input if it's > 0.  We don't close it if it's
  	 0 because that's the file descriptor used when redirecting input,
 --- sig.c
-+++ sig.c	2016-09-16 10:37:12.183427043 +0000
++++ sig.c	2017-01-27 17:45:42.364066849 +0000
 @@ -98,10 +98,10 @@ sigset_t top_level_mask;
  #endif /* JOB_CONTROL */
  
@@ -82,7 +82,7 @@
  #if defined (SIGWINCH)
  static SigHandler *old_winch = (SigHandler *)SIG_DFL;
 --- sig.h
-+++ sig.h	2016-09-16 10:37:12.183427043 +0000
++++ sig.h	2017-01-27 17:45:42.364066849 +0000
 @@ -109,8 +109,8 @@ do { \
  extern volatile sig_atomic_t sigwinch_received;
  extern volatile sig_atomic_t sigterm_received;
diff --git a/bash-4.3-sigrestart.patch b/bash-4.3-sigrestart.patch
index 78fcb8a5..e84ff51e 100644
--- a/bash-4.3-sigrestart.patch
+++ b/bash-4.3-sigrestart.patch
@@ -3,8 +3,8 @@
  1 file changed, 6 insertions(+)
 
 --- sig.c
-+++ sig.c	2016-09-14 08:54:54.158863424 +0000
-@@ -738,10 +738,16 @@ set_signal_handler (sig, handler)
++++ sig.c	2017-01-27 17:46:46.602829901 +0000
+@@ -739,10 +739,16 @@ set_signal_handler (sig, handler)
    if (sig == SIGCHLD)
      act.sa_flags |= SA_RESTART;		/* XXX */
  #endif
diff --git a/bash-4.4-patches.tar.bz2 b/bash-4.4-patches.tar.bz2
index 6200d8da..a1e0d2ed 100644
--- a/bash-4.4-patches.tar.bz2
+++ b/bash-4.4-patches.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:14dccf11ec530ff79696ddf8648b9d9e56c924804c8ec73eba78ca9c3581b5c0
-size 3408
+oid sha256:4c8f6d1c5c94802053b08c015b4059446a9366378c329902a0eaf9ab4846f730
+size 8213
diff --git a/bash.changes b/bash.changes
index eef404c7..3c894d48 100644
--- a/bash.changes
+++ b/bash.changes
@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Fri Jan 27 17:31:59 UTC 2017 - werner@suse.de
+
+- Add upstream patch bash44-006 
+  Out-of-range negative offsets to popd can cause the shell to crash
+  attempting to free an invalid memory block.
+- Remove patch popd-offset-overflow.patch to use bash44-006
+- Add upstream patch bash44-007 
+  When performing filename completion, bash dequotes the directory
+  name being completed, which can result in match failures and
+  potential unwanted expansion.
+- Duplicate bash44-007 as readline70-002 as it seems to be missed
+- Add upstream patch bash44-008 
+  Under certain circumstances, bash will evaluate arithmetic
+  expressions as part of reading an expression token even when
+  evaluation is suppressed. This happens while evaluating a
+  conditional expression and skipping over the failed branch of the
+  expression.
+- Add upstream patch bash44-009 
+  There is a race condition in add_history() that can be triggered
+  by a fatal signal arriving between the time the history length
+  is updated and the time the history list update is completed.
+  A later attempt to reference an invalid history entry can cause
+  a crash.
+- Add upstream patch bash44-010 
+  Depending on compiler optimizations and behavior, the `read'
+  builtin may not save partial input when a timeout occurs.
+- Add upstream patch bash44-011 
+  Subshells begun to run command and process substitutions may
+  attempt to set the terminal's process group to an incorrect
+  value if they receive a fatal signal.  This depends on the
+  behavior of the process that starts the shell.
+- Add upstream patch bash44-012 
+  When -N is used, the input is not supposed to be split using
+  $IFS, but leading and trailing IFS whitespace was still removed.
+
 -------------------------------------------------------------------
 Thu Jan 19 12:20:06 UTC 2017 - werner@suse.de
 
diff --git a/bash.spec b/bash.spec
index b3a1f961..e9699dd9 100644
--- a/bash.spec
+++ b/bash.spec
@@ -92,8 +92,6 @@ Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.3-destdir.patch
 Patch31:        readline-6.3-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
-# PATCH-FIX-UPSTREAM boo#1010845 -- CVE-2016-9401: bash: popd controlled free (Segmentation fault)
-Patch41:        popd-offset-overflow.patch
 Patch46:        man2html-no-timestamp.patch
 Patch47:        bash-4.3-perl522.patch
 # PATCH-FIX-SUSE
@@ -302,7 +300,6 @@ done
 #%patch25 -p0 -b .endpw
 %patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
-%patch41 -p0 -b .popd
 %patch46 -p0 -b .notimestamp
 %patch47 -p0 -b .perl522
 %if %{with import_function}
diff --git a/popd-offset-overflow.patch b/popd-offset-overflow.patch
deleted file mode 100644
index 4237330e..00000000
--- a/popd-offset-overflow.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-*** ../bash-4.4-patched/builtins/pushd.def	2016-01-25 13:31:49.000000000 -0500
---- builtins/pushd.def	2016-10-28 10:46:49.000000000 -0400
-***************
-*** 366,370 ****
-      }
-  
-!   if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
-      {
-        pushd_error (directory_list_offset, which_word ? which_word : "");
---- 366,370 ----
-      }
-  
-!   if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
-      {
-        pushd_error (directory_list_offset, which_word ? which_word : "");
-***************
-*** 388,391 ****
---- 388,396 ----
-  	 of the list into place. */
-        i = (direction == '+') ? directory_list_offset - which : which;
-+       if (i < 0 || i > directory_list_offset)
-+ 	{
-+ 	  pushd_error (directory_list_offset, which_word ? which_word : "");
-+ 	  return (EXECUTION_FAILURE);
-+ 	}
-        free (pushd_directory_list[i]);
-        directory_list_offset--;
diff --git a/readline-7.0-patches.tar.bz2 b/readline-7.0-patches.tar.bz2
index 2c13a9c9..796dac12 100644
--- a/readline-7.0-patches.tar.bz2
+++ b/readline-7.0-patches.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:19d888f6cab86092262544ddc1f999dd00d2c5c9c6947045300ed57a61e6f81d
-size 1128
+oid sha256:7a5a7db9aa69394d33787760be74bea581a3ecf1116c5e3f1e7d925ed5da4b57
+size 1789

From a2d9a23d44ab4867f7d6a67e73acaccfbaca00b4 Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Mon, 30 Jan 2017 16:13:13 +0000
Subject: [PATCH 3/3] Also update readline patches

OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=232
---
 bash.changes                 | 14 ++++++++++++++
 readline-7.0-patches.tar.bz2 |  4 ++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/bash.changes b/bash.changes
index 3c894d48..5702a1e1 100644
--- a/bash.changes
+++ b/bash.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Jan 30 16:11:13 UTC 2017 - werner@suse.de
+
+- Add upstream patch readline70-002 which replace old one
+  There is a race condition in add_history() that can be triggered by a fatal
+  signal arriving between the time the history length is updated and the time
+  the history list update is completed. A later attempt to reference an
+  invalid history entry can cause a crash.
+- Add upstream patch readline70-003
+  Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
+  interrupt read(2), such as SIGALRM, before reading another character.  The
+  signal mask used in the pselect call did not take into account signals the
+  calling application blocked before calling readline().
+
 -------------------------------------------------------------------
 Fri Jan 27 17:31:59 UTC 2017 - werner@suse.de
 
diff --git a/readline-7.0-patches.tar.bz2 b/readline-7.0-patches.tar.bz2
index 796dac12..620d2d14 100644
--- a/readline-7.0-patches.tar.bz2
+++ b/readline-7.0-patches.tar.bz2
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:7a5a7db9aa69394d33787760be74bea581a3ecf1116c5e3f1e7d925ed5da4b57
-size 1789
+oid sha256:124afcc31358e26635dcbc070a397276ca9754366610219a720ac7372e4504ef
+size 2455