bash: version bump to 4.4.12

Signed-off-by: Iván Atienza <gentoo.power@gmail.com>
7 years ago · 885ddf9b68
--- a/utils/bash/Makefile
+++ b/utils/bash/Makefile
@ -7,15 +7,15 @@
 include $(TOPDIR)/rules.mk
 BASE_VERSION:=4.3
 BASE_VERSION:=4.4
 PKG_NAME:=bash
 PKG_VERSION:=$(BASE_VERSION).42
 PKG_VERSION:=$(BASE_VERSION).12
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(BASE_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/bash
 PKG_HASH:=afc687a28e0e24dc21b988fa159ff9dbcf6b7caa92ade8645cc6d5605cd024d4
 PKG_HASH:=d86b3392c1202e8ff5a423b302e6284db7f8f435ea9f39b5b1b20fd3ac36dfcb
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BASE_VERSION)
 PKG_LICENSE:=GPL-3.0+
--- a/utils/bash/patches/001-compile-fix.patch
+++ b/utils/bash/patches/001-compile-fix.patch
@ -1,6 +1,8 @@
 --- a/execute_cmd.c
 +++ b/execute_cmd.c
@@ -2369,7 +2369,11 @@ execute_pipeline (command, asynchronous,
 Index: bash-4.4/execute_cmd.c
 ===================================================================
 --- bash-4.4.orig/execute_cmd.c
 +++ bash-4.4/execute_cmd.c
@@ -2459,7 +2459,11 @@ execute_pipeline (command, asynchronous,
   /* If the `lastpipe' option is set with shopt, and job control is not
      enabled, execute the last element of non-async pipelines in the
      current shell environment. */
--- a/utils/bash/patches/002-force-internal-readline.patch
+++ b/utils/bash/patches/002-force-internal-readline.patch
@ -1,6 +1,8 @@
 --- a/configure
 +++ b/configure
@@ -5430,8 +5430,7 @@ if test $opt_readline = yes; then
 Index: bash-4.4/configure
 ===================================================================
 --- bash-4.4.orig/configure
 +++ bash-4.4/configure
@@ -5420,8 +5420,7 @@ if test $opt_readline = yes; then
 		# static version specified as -llibname to override the
 		# dynamic version
 		case "${host_os}" in
@ -10,9 +12,11 @@
 		esac
 	fi
 else
 --- a/configure.ac
 +++ b/configure.ac
@@ -578,8 +578,7 @@ if test $opt_readline = yes; then
 Index: bash-4.4/configure.ac
 ===================================================================
 --- bash-4.4.orig/configure.ac
 +++ bash-4.4/configure.ac
@@ -573,8 +573,7 @@ if test $opt_readline = yes; then
 		# static version specified as -llibname to override the
 		# dynamic version
 		case "${host_os}" in
--- a/utils/bash/patches/101-upstream-bash43-001.patch
+++ b/utils/bash/patches/101-upstream-bash43-001.patch
@ -1,49 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-001
 Bug-Reported-by:	NBaH <nbah@sfr.fr>
 Bug-Reference-ID:	<ler0b5$iu9$1@speranza.aioe.org>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00092.html
 Bug-Description:
 A missing check for a valid option prevented `test -R' from working.  There
 is another problem that causes bash to look up the wrong variable name when
 processing the argument to `test -R'.
 Patch (apply with `patch -p0'):
 --- a/test.c
 +++ b/test.c
@@ -646,8 +646,8 @@ unary_test (op, arg)
       return (v && invisible_p (v) == 0 && var_isset (v) ? TRUE : FALSE);
     case 'R':
 -      v = find_variable (arg);
 -      return (v && invisible_p (v) == 0 && var_isset (v) && nameref_p (v) ? TRUE : FALSE);
 +      v = find_variable_noref (arg);
 +      return ((v && invisible_p (v) == 0 && var_isset (v) && nameref_p (v)) ? TRUE : FALSE);
     }
   /* We can't actually get here, but this shuts up gcc. */
@@ -723,6 +723,7 @@ test_unop (op)
     case 'o': case 'p': case 'r': case 's': case 't':
     case 'u': case 'v': case 'w': case 'x': case 'z':
     case 'G': case 'L': case 'O': case 'S': case 'N':
 +    case 'R':
       return (1);
     }
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 0
 +#define PATCHLEVEL 1
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/101-upstream-bash44-001.patch
+++ b/utils/bash/patches/101-upstream-bash44-001.patch
@ -0,0 +1,36 @@
 Index: bash-4.4/lib/readline/history.c
 ===================================================================
 --- bash-4.4.orig/lib/readline/history.c
 +++ bash-4.4/lib/readline/history.c
@@ -57,6 +57,8 @@ extern int errno;
 /* How big to make the_history when we first allocate it. */
 #define DEFAULT_HISTORY_INITIAL_SIZE	502
 +#define MAX_HISTORY_INITIAL_SIZE	8192
 +
 /* The number of slots to increase the_history by. */
 #define DEFAULT_HISTORY_GROW_SIZE 50
@@ -307,7 +309,9 @@ add_history (string)
       if (history_size == 0)
 	{
 	  if (history_stifled && history_max_entries > 0)
 -	    history_size = history_max_entries + 2;
 +	    history_size = (history_max_entries > MAX_HISTORY_INITIAL_SIZE)
 +				? MAX_HISTORY_INITIAL_SIZE
 +				: history_max_entries + 2;
 	  else
 	    history_size = DEFAULT_HISTORY_INITIAL_SIZE;
 	  the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *));
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 0
 +#define PATCHLEVEL 1
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/102-upstream-bash43-002.patch
+++ b/utils/bash/patches/102-upstream-bash43-002.patch
@ -1,49 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-002
 Bug-Reported-by:	Moe Tunes <moetunes42@gmail.com>
 Bug-Reference-ID:	<53103F49.3070100@gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00086.html
 Bug-Description:
 A change to save state while running the DEBUG trap caused pipelines to hang
 on systems which need process group synchronization while building pipelines.
 Patch (apply with `patch -p0'):
 --- a/trap.c
 +++ b/trap.c
@@ -920,7 +920,8 @@ _run_trap_internal (sig, tag)
       subst_assign_varlist = 0;
 #if defined (JOB_CONTROL)
 -      save_pipeline (1);	/* XXX only provides one save level */
 +      if (sig != DEBUG_TRAP)	/* run_debug_trap does this */
 +	save_pipeline (1);	/* XXX only provides one save level */
 #endif
       /* If we're in a function, make sure return longjmps come here, too. */
@@ -940,7 +941,8 @@ _run_trap_internal (sig, tag)
       trap_exit_value = last_command_exit_value;
 #if defined (JOB_CONTROL)
 -      restore_pipeline (1);
 +      if (sig != DEBUG_TRAP)	/* run_debug_trap does this */
 +	restore_pipeline (1);
 #endif
       subst_assign_varlist = save_subst_varlist;
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 1
 +#define PATCHLEVEL 2
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/102-upstream-bash44-002.patch
+++ b/utils/bash/patches/102-upstream-bash44-002.patch
@ -0,0 +1,46 @@
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 1
 +#define PATCHLEVEL 2
 #endif /* _PATCHLEVEL_H_ */
 Index: bash-4.4/subst.c
 ===================================================================
 --- bash-4.4.orig/subst.c
 +++ bash-4.4/subst.c
@@ -5931,6 +5931,7 @@ read_comsub (fd, quoted, rflag)
   char *istring, buf[128], *bufp, *s;
   int istring_index, istring_size, c, tflag, skip_ctlesc, skip_ctlnul;
   ssize_t bufn;
 +  int nullbyte;
   istring = (char *)NULL;
   istring_index = istring_size = bufn = tflag = 0;
@@ -5938,6 +5939,8 @@ read_comsub (fd, quoted, rflag)
   for (skip_ctlesc = skip_ctlnul = 0, s = ifs_value; s && *s; s++)
     skip_ctlesc |= *s == CTLESC, skip_ctlnul |= *s == CTLNUL;
 +  nullbyte = 0;
 +
   /* Read the output of the command through the pipe.  This may need to be
      changed to understand multibyte characters in the future. */
   while (1)
@@ -5956,7 +5959,11 @@ read_comsub (fd, quoted, rflag)
       if (c == 0)
 	{
 #if 1
 -	  internal_warning ("%s", _("command substitution: ignored null byte in input"));
 +	  if (nullbyte == 0)
 +	    {
 +	      internal_warning ("%s", _("command substitution: ignored null byte in input"));
 +	      nullbyte = 1;
 +	    }
 #endif
 	  continue;
 	}
--- a/utils/bash/patches/103-upstream-bash43-003.patch
+++ b/utils/bash/patches/103-upstream-bash43-003.patch
@ -1,39 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-003
 Bug-Reported-by:	Anatol Pomozov <anatol.pomozov@gmail.com>
 Bug-Reference-ID:	<CAOMFOmXy3mT2So5GQ5F-smCVArQuAeBwZ2QKzgCtMeXJoDeYOQ@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html
 Bug-Description:
 When in callback mode, some readline commands can cause readline to seg
 fault by passing invalid contexts to callback functions.
 Patch (apply with `patch -p0'):
 --- a/lib/readline/readline.c
 +++ b/lib/readline/readline.c
@@ -744,7 +744,8 @@ _rl_dispatch_callback (cxt)
     r = _rl_subseq_result (r, cxt->oldmap, cxt->okey, (cxt->flags & KSEQ_SUBSEQ));
   RL_CHECK_SIGNALS ();
 -  if (r == 0)			/* success! */
 +  /* We only treat values < 0 specially to simulate recursion. */
 +  if (r >= 0 || (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0))	/* success! or failure! */
     {
       _rl_keyseq_chain_dispose ();
       RL_UNSETSTATE (RL_STATE_MULTIKEY);
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 2
 +#define PATCHLEVEL 3
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/103-upstream-bash44-003.patch
+++ b/utils/bash/patches/103-upstream-bash44-003.patch
@ -0,0 +1,39 @@
 Index: bash-4.4/lib/glob/sm_loop.c
 ===================================================================
 --- bash-4.4.orig/lib/glob/sm_loop.c
 +++ bash-4.4/lib/glob/sm_loop.c
@@ -330,6 +330,12 @@ PARSE_COLLSYM (p, vp)
   for (pc = 0; p[pc]; pc++)
     if (p[pc] == L('.') && p[pc+1] == L(']'))
       break;
 +   if (p[pc] == 0)
 +    {
 +      if (vp)
 +	*vp = INVALID;
 +      return (p + pc);
 +    }
    val = COLLSYM (p, pc);
    if (vp)
      *vp = val;
@@ -483,6 +489,9 @@ BRACKMATCH (p, test, flags)
       c = *p++;
       c = FOLD (c);
 +      if (c == L('\0'))
 +	return ((test == L('[')) ? savep : (CHAR *)0);
 +
       if ((flags & FNM_PATHNAME) && c == L('/'))
 	/* [/] can never match when matching a pathname.  */
 	return (CHAR *)0;
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 2
 +#define PATCHLEVEL 3
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/104-upstream-bash43-004.patch
+++ b/utils/bash/patches/104-upstream-bash43-004.patch
@ -1,38 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-004
 Bug-Reported-by:	Daan van Rossum <daan@flash.uchicago.edu>
 Bug-Reference-ID:	<20140307072523.GA14250@flash.uchicago.edu>
 Bug-Reference-URL:	
 Bug-Description:
 The `.' command in vi mode cannot undo multi-key commands beginning with
 `c', `d', and `y' (command plus motion specifier).
 Patch (apply with `patch -p0'):
 --- a/lib/readline/readline.c
 +++ b/lib/readline/readline.c
@@ -965,7 +965,7 @@ _rl_dispatch_subseq (key, map, got_subse
 #if defined (VI_MODE)
   if (rl_editing_mode == vi_mode && _rl_keymap == vi_movement_keymap &&
       key != ANYOTHERKEY &&
 -      rl_key_sequence_length == 1 &&	/* XXX */
 +      _rl_dispatching_keymap == vi_movement_keymap &&
       _rl_vi_textmod_command (key))
     _rl_vi_set_last (key, rl_numeric_arg, rl_arg_sign);
 #endif
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 3
 +#define PATCHLEVEL 4
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/104-upstream-bash44-004.patch
+++ b/utils/bash/patches/104-upstream-bash44-004.patch
@ -0,0 +1,66 @@
 Index: bash-4.4/jobs.c
 ===================================================================
 --- bash-4.4.orig/jobs.c
 +++ bash-4.4/jobs.c
@@ -453,6 +453,21 @@ cleanup_the_pipeline ()
     discard_pipeline (disposer);
 }
 +void
 +discard_last_procsub_child ()
 +{
 +  PROCESS *disposer;
 +  sigset_t set, oset;
 +
 +  BLOCK_CHILD (set, oset);
 +  disposer = last_procsub_child;
 +  last_procsub_child = (PROCESS *)NULL;
 +  UNBLOCK_CHILD (oset);
 +
 +  if (disposer)
 +    discard_pipeline (disposer);
 +}
 +
 struct pipeline_saver *
 alloc_pipeline_saver ()
 {
 Index: bash-4.4/jobs.h
 ===================================================================
 --- bash-4.4.orig/jobs.h
 +++ bash-4.4/jobs.h
@@ -190,6 +190,7 @@ extern JOB **jobs;
 extern void making_children __P((void));
 extern void stop_making_children __P((void));
 extern void cleanup_the_pipeline __P((void));
 +extern void discard_last_procsub_child __P((void));
 extern void save_pipeline __P((int));
 extern PROCESS *restore_pipeline __P((int));
 extern void start_pipeline __P((void));
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 3
 +#define PATCHLEVEL 4
 #endif /* _PATCHLEVEL_H_ */
 Index: bash-4.4/subst.c
 ===================================================================
 --- bash-4.4.orig/subst.c
 +++ bash-4.4/subst.c
@@ -5808,10 +5808,7 @@ process_substitute (string, open_for_rea
     {
 #if defined (JOB_CONTROL)
       if (last_procsub_child)
 -	{
 -	  discard_pipeline (last_procsub_child);
 -	  last_procsub_child = (PROCESS *)NULL;
 -	}
 +	discard_last_procsub_child ();
       last_procsub_child = restore_pipeline (0);
 #endif
--- a/utils/bash/patches/105-upstream-bash43-005.patch
+++ b/utils/bash/patches/105-upstream-bash43-005.patch
@ -1,50 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-005
 Bug-Reported-by:	David Sines <dave.gma@googlemail.com>
 Bug-Reference-ID:	<CAO3BAa_CK_Rgkhdfzs+NJ4KFYdB9qW3pvXQK0xLCi6GMmDU8bw@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00037.html
 Bug-Description:
 When in Posix mode, bash did not correctly interpret the ANSI-C-style
 $'...' quoting mechanism when performing pattern substitution word
 expansions within double quotes.
 Patch (apply with `patch -p0'):
 --- a/parse.y
 +++ b/parse.y
@@ -3398,7 +3398,7 @@ parse_matched_pair (qc, open, close, len
          within a double-quoted ${...} construct "an even number of
          unescaped double-quotes or single-quotes, if any, shall occur." */
       /* This was changed in Austin Group Interp 221 */
 -      if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
 +      if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && dolbrace_state != DOLBRACE_QUOTE2 && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
 	continue;
       /* Could also check open == '`' if we want to parse grouping constructs
 --- a/y.tab.c
 +++ b/y.tab.c
@@ -5710,7 +5710,7 @@ parse_matched_pair (qc, open, close, len
          within a double-quoted ${...} construct "an even number of
          unescaped double-quotes or single-quotes, if any, shall occur." */
       /* This was changed in Austin Group Interp 221 */
 -      if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
 +      if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && dolbrace_state != DOLBRACE_QUOTE2 && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
 	continue;
       /* Could also check open == '`' if we want to parse grouping constructs
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 4
 +#define PATCHLEVEL 5
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/105-upstream-bash44-005.patch
+++ b/utils/bash/patches/105-upstream-bash44-005.patch
@ -0,0 +1,29 @@
 Index: bash-4.4/builtins/evalstring.c
 ===================================================================
 --- bash-4.4.orig/builtins/evalstring.c
 +++ bash-4.4/builtins/evalstring.c
@@ -104,12 +104,9 @@ should_suppress_fork (command)
 	  running_trap == 0 &&
 	  *bash_input.location.string == '\0' &&
 	  command->type == cm_simple &&
 -#if 0
 	  signal_is_trapped (EXIT_TRAP) == 0 &&
 	  signal_is_trapped (ERROR_TRAP) == 0 &&
 -#else
 	  any_signals_trapped () < 0 &&
 -#endif
 	  command->redirects == 0 && command->value.Simple->redirects == 0 &&
 	  ((command->flags & CMD_TIME_PIPELINE) == 0) &&
 	  ((command->flags & CMD_INVERT_RETURN) == 0));
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 4
 +#define PATCHLEVEL 5
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/106-upstream-bash43-006.patch
+++ b/utils/bash/patches/106-upstream-bash43-006.patch
@ -1,39 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-006
 Bug-Reported-by:	Eduardo A . Bustamante Lopez <dualbus@gmail.com>
 Bug-Reference-ID:	<20140228170013.GA16015@dualbus.me>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00091.html
 Bug-Description:
 A shell that started with job control active but was not interactive left
 the terminal in the wrong process group when exiting, causing its parent
 shell to get a stop signal when it attempted to read from the terminal.
 Patch (apply with `patch -p0'):
 --- a/jobs.c
 +++ b/jobs.c
@@ -4374,7 +4374,7 @@ without_job_control ()
 void
 end_job_control ()
 {
 -  if (interactive_shell)		/* XXX - should it be interactive? */
 +  if (interactive_shell || job_control)		/* XXX - should it be just job_control? */
     {
       terminate_stopped_jobs ();
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 5
 +#define PATCHLEVEL 6
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/106-upstream-bash44-006.patch
+++ b/utils/bash/patches/106-upstream-bash44-006.patch
@ -0,0 +1,37 @@
 Index: bash-4.4/builtins/pushd.def
 ===================================================================
 --- bash-4.4.orig/builtins/pushd.def
 +++ bash-4.4/builtins/pushd.def
@@ -365,7 +365,7 @@ popd_builtin (list)
 	break;
     }
 -  if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
 +  if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
     {
       pushd_error (directory_list_offset, which_word ? which_word : "");
       return (EXECUTION_FAILURE);
@@ -387,6 +387,11 @@ popd_builtin (list)
 	 remove that directory from the list and shift the remainder
 	 of the list into place. */
       i = (direction == '+') ? directory_list_offset - which : which;
 +      if (i < 0 || i > directory_list_offset)
 +	{
 +	  pushd_error (directory_list_offset, which_word ? which_word : "");
 +	  return (EXECUTION_FAILURE);
 +	}
       free (pushd_directory_list[i]);
       directory_list_offset--;
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 5
 +#define PATCHLEVEL 6
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/107-upstream-bash43-007.patch
+++ b/utils/bash/patches/107-upstream-bash43-007.patch
@ -1,45 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-007
 Bug-Reported-by:	geir.hauge@gmail.com
 Bug-Reference-ID:	<20140318093650.B181C1C5B0B@gina.itea.ntnu.no>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00095.html
 Bug-Description:
 Using compound assignments for associative arrays like
 assoc=( [x]= [y]=bar )
 left the value corresponding to the key `x' NULL.  This caused subsequent
 lookups to interpret it as unset.
 Patch (apply with `patch -p0'):
 --- a/arrayfunc.c
 +++ b/arrayfunc.c
@@ -597,6 +597,11 @@ assign_compound_array_list (var, nlist,
       if (assoc_p (var))
 	{
 	  val = expand_assignment_string_to_string (val, 0);
 +	  if (val == 0)
 +	    {
 +	      val = (char *)xmalloc (1);
 +	      val[0] = '\0';	/* like do_assignment_internal */
 +	    }
 	  free_val = 1;
 	}
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 6
 +#define PATCHLEVEL 7
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/107-upstream-bash44-007.patch
+++ b/utils/bash/patches/107-upstream-bash44-007.patch
@ -0,0 +1,100 @@
 Index: bash-4.4/bashline.c
 ===================================================================
 --- bash-4.4.orig/bashline.c
 +++ bash-4.4/bashline.c
@@ -142,7 +142,7 @@ static int executable_completion __P((co
 static rl_icppfunc_t *save_directory_hook __P((void));
 static void restore_directory_hook __P((rl_icppfunc_t));
 -static int directory_exists __P((const char *));
 +static int directory_exists __P((const char *, int));
 static void cleanup_expansion_error __P((void));
 static void maybe_make_readline_line __P((char *));
@@ -3102,18 +3102,20 @@ restore_directory_hook (hookf)
     rl_directory_rewrite_hook = hookf;
 }
 -/* Check whether not the (dequoted) version of DIRNAME, with any trailing slash
 -   removed, exists. */
 +/* Check whether not DIRNAME, with any trailing slash removed, exists.  If
 +   SHOULD_DEQUOTE is non-zero, we dequote the directory name first. */
 static int
 -directory_exists (dirname)
 +directory_exists (dirname, should_dequote)
      const char *dirname;
 +     int should_dequote;
 {
   char *new_dirname;
   int dirlen, r;
   struct stat sb;
 -  /* First, dequote the directory name */
 -  new_dirname = bash_dequote_filename ((char *)dirname, rl_completion_quote_character);
 +  /* We save the string and chop the trailing slash because stat/lstat behave
 +     inconsistently if one is present. */
 +  new_dirname = should_dequote ? bash_dequote_filename ((char *)dirname, rl_completion_quote_character) : savestring (dirname);
   dirlen = STRLEN (new_dirname);
   if (new_dirname[dirlen - 1] == '/')
     new_dirname[dirlen - 1] = '\0';
@@ -3145,7 +3147,7 @@ bash_filename_stat_hook (dirname)
   else if (t = mbschr (local_dirname, '`'))	/* XXX */
     should_expand_dirname = '`';
 -  if (should_expand_dirname && directory_exists (local_dirname))
 +  if (should_expand_dirname && directory_exists (local_dirname, 0))
     should_expand_dirname = 0;
   if (should_expand_dirname)  
@@ -3155,7 +3157,7 @@ bash_filename_stat_hook (dirname)
 	 have to worry about restoring this setting. */
       global_nounset = unbound_vars_is_error;
       unbound_vars_is_error = 0;
 -      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE);	/* does the right thing */
 +      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE);	/* does the right thing */
       unbound_vars_is_error = global_nounset;
       if (wl)
 	{
@@ -3244,13 +3246,13 @@ bash_directory_completion_hook (dirname)
 	should_expand_dirname = '`';
     }
 -  if (should_expand_dirname && directory_exists (local_dirname))
 +  if (should_expand_dirname && directory_exists (local_dirname, 1))
     should_expand_dirname = 0;
   if (should_expand_dirname)  
     {
       new_dirname = savestring (local_dirname);
 -      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE);	/* does the right thing */
 +      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE);	/* does the right thing */
       if (wl)
 	{
 	  *dirname = string_list (wl);
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 6
 +#define PATCHLEVEL 7
 #endif /* _PATCHLEVEL_H_ */
 Index: bash-4.4/subst.c
 ===================================================================
 --- bash-4.4.orig/subst.c
 +++ bash-4.4/subst.c
@@ -9458,6 +9458,10 @@ add_twochars:
 		tword->flags |= word->flags & (W_ASSIGNARG|W_ASSIGNRHS);	/* affects $@ */
 	      if (word->flags & W_COMPLETE)
 		tword->flags |= W_COMPLETE;	/* for command substitutions */
 +	      if (word->flags & W_NOCOMSUB)
 +		tword->flags |= W_NOCOMSUB;
 +	      if (word->flags & W_NOPROCSUB)
 +		tword->flags |= W_NOPROCSUB;
 	      temp = (char *)NULL;
--- a/utils/bash/patches/108-upstream-bash43-008.patch
+++ b/utils/bash/patches/108-upstream-bash43-008.patch
@ -1,148 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-008
 Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
 Bug-Reference-ID:	<20140318135901.GB22158@chaz.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00098.html
 Bug-Description:
 Some extended glob patterns incorrectly matched filenames with a leading
 dot, regardless of the setting of the `dotglob' option.
 Patch (apply with `patch -p0'):
 --- a/lib/glob/gmisc.c
 +++ b/lib/glob/gmisc.c
@@ -210,6 +210,7 @@ extglob_pattern_p (pat)
     case '+':
     case '!':
     case '@':
 +    case '?':
       return (pat[1] == LPAREN);
     default:
       return 0;
 --- a/lib/glob/glob.c
 +++ b/lib/glob/glob.c
@@ -179,42 +179,50 @@ extglob_skipname (pat, dname, flags)
      char *pat, *dname;
      int flags;
 {
 -  char *pp, *pe, *t;
 -  int n, r;
 +  char *pp, *pe, *t, *se;
 +  int n, r, negate;
 +  negate = *pat == '!';
   pp = pat + 2;
 -  pe = pp + strlen (pp) - 1;	/*(*/
 -  if (*pe != ')')
 -    return 0;
 -  if ((t = strchr (pp, '|')) == 0)	/* easy case first */
 +  se = pp + strlen (pp) - 1;		/* end of string */
 +  pe = glob_patscan (pp, se, 0);	/* end of extglob pattern (( */
 +  /* we should check for invalid extglob pattern here */
 +  /* if pe != se we have more of the pattern at the end of the extglob
 +     pattern. Check the easy case first ( */
 +  if (pe == se && *pe == ')' && (t = strchr (pp, '|')) == 0)
     {
       *pe = '\0';
 +#if defined (HANDLE_MULTIBYTE)
 +      r = mbskipname (pp, dname, flags);
 +#else
       r = skipname (pp, dname, flags);	/*(*/
 +#endif
       *pe = ')';
       return r;
     }
 +
 +  /* check every subpattern */
   while (t = glob_patscan (pp, pe, '|'))
     {
       n = t[-1];
       t[-1] = '\0';
 +#if defined (HANDLE_MULTIBYTE)
 +      r = mbskipname (pp, dname, flags);
 +#else
       r = skipname (pp, dname, flags);
 +#endif
       t[-1] = n;
       if (r == 0)	/* if any pattern says not skip, we don't skip */
         return r;
       pp = t;
     }	/*(*/
 -  if (pp == pe)		/* glob_patscan might find end of pattern */
 +  /* glob_patscan might find end of pattern */
 +  if (pp == se)
     return r;
 -  *pe = '\0';
 -#  if defined (HANDLE_MULTIBYTE)
 -  r = mbskipname (pp, dname, flags);	/*(*/
 -#  else
 -  r = skipname (pp, dname, flags);	/*(*/
 -#  endif
 -  *pe = ')';
 -  return r;
 +  /* but if it doesn't then we didn't match a leading dot */
 +  return 0;
 }
 #endif
@@ -277,20 +285,23 @@ wextglob_skipname (pat, dname, flags)
      int flags;
 {
 #if EXTENDED_GLOB
 -  wchar_t *pp, *pe, *t, n;
 -  int r;
 +  wchar_t *pp, *pe, *t, n, *se;
 +  int r, negate;
 +  negate = *pat == L'!';
   pp = pat + 2;
 -  pe = pp + wcslen (pp) - 1;	/*(*/
 -  if (*pe != L')')
 -    return 0;
 -  if ((t = wcschr (pp, L'|')) == 0)
 +  se = pp + wcslen (pp) - 1;	/*(*/
 +  pe = glob_patscan_wc (pp, se, 0);
 +
 +  if (pe == se && *pe == ')' && (t = wcschr (pp, L'|')) == 0)
     {
       *pe = L'\0';
       r = wchkname (pp, dname); /*(*/
       *pe = L')';
       return r;
     }
 +
 +  /* check every subpattern */
   while (t = glob_patscan_wc (pp, pe, '|'))
     {
       n = t[-1];
@@ -305,10 +316,8 @@ wextglob_skipname (pat, dname, flags)
   if (pp == pe)		/* glob_patscan_wc might find end of pattern */
     return r;
 -  *pe = L'\0';
 -  r = wchkname (pp, dname);	/*(*/
 -  *pe = L')';
 -  return r;
 +  /* but if it doesn't then we didn't match a leading dot */
 +  return 0;
 #else
   return (wchkname (pat, dname));
 #endif
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 7
 +#define PATCHLEVEL 8
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/108-upstream-bash44-008.patch
+++ b/utils/bash/patches/108-upstream-bash44-008.patch
@ -0,0 +1,58 @@
 Index: bash-4.4/expr.c
 ===================================================================
 --- bash-4.4.orig/expr.c
 +++ bash-4.4/expr.c
@@ -578,24 +578,23 @@ expcond ()
   rval = cval = explor ();
   if (curtok == QUES)		/* found conditional expr */
     {
 -      readtok ();
 -      if (curtok == 0 || curtok == COL)
 -	evalerror (_("expression expected"));
       if (cval == 0)
 	{
 	  set_noeval = 1;
 	  noeval++;
 	}
 +      readtok ();
 +      if (curtok == 0 || curtok == COL)
 +	evalerror (_("expression expected"));
 +
       val1 = EXP_HIGHEST ();
       if (set_noeval)
 	noeval--;
       if (curtok != COL)
 	evalerror (_("`:' expected for conditional expression"));
 -      readtok ();
 -      if (curtok == 0)
 -	evalerror (_("expression expected"));
 +
       set_noeval = 0;
       if (cval)
  	{
@@ -603,7 +602,11 @@ expcond ()
 	  noeval++;
  	}
 +      readtok ();
 +      if (curtok == 0)
 +	evalerror (_("expression expected"));
       val2 = expcond ();
 +
       if (set_noeval)
 	noeval--;
       rval = cval ? val1 : val2;
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 7
 +#define PATCHLEVEL 8
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/109-upstream-bash43-009.patch
+++ b/utils/bash/patches/109-upstream-bash43-009.patch
@ -1,51 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-009
 Bug-Reported-by:	Matthias Klose <doko@debian.org>
 Bug-Reference-ID:	<53346FC8.6090005@debian.org>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00171.html
 Bug-Description:
 There is a problem with unsigned sign extension when attempting to reallocate
 the input line when it is fewer than 3 characters long and there has been a
 history expansion.  The sign extension causes the shell to not reallocate the
 line, which results in a segmentation fault when it writes past the end.
 Patch (apply with `patch -p0'):
 --- a/parse.y
 +++ b/parse.y
@@ -2424,7 +2424,7 @@ shell_getc (remove_quoted_newline)
 	 not already end in an EOF character.  */
       if (shell_input_line_terminator != EOF)
 	{
 -	  if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3)
 +	  if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size))
 	    shell_input_line = (char *)xrealloc (shell_input_line,
 					1 + (shell_input_line_size += 2));
 --- a/y.tab.c
 +++ b/y.tab.c
@@ -4736,7 +4736,7 @@ shell_getc (remove_quoted_newline)
 	 not already end in an EOF character.  */
       if (shell_input_line_terminator != EOF)
 	{
 -	  if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3)
 +	  if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size))
 	    shell_input_line = (char *)xrealloc (shell_input_line,
 					1 + (shell_input_line_size += 2));
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 8
 +#define PATCHLEVEL 9
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/109-upstream-bash44-009.patch
+++ b/utils/bash/patches/109-upstream-bash44-009.patch
@ -0,0 +1,67 @@
 Index: bash-4.4/lib/readline/history.c
 ===================================================================
 --- bash-4.4.orig/lib/readline/history.c
 +++ bash-4.4/lib/readline/history.c
@@ -279,6 +279,7 @@ add_history (string)
      const char *string;
 {
   HIST_ENTRY *temp;
 +  int new_length;
   if (history_stifled && (history_length == history_max_entries))
     {
@@ -295,13 +296,9 @@ add_history (string)
       /* Copy the rest of the entries, moving down one slot.  Copy includes
 	 trailing NULL.  */
 -#if 0
 -      for (i = 0; i < history_length; i++)
 -	the_history[i] = the_history[i + 1];
 -#else
       memmove (the_history, the_history + 1, history_length * sizeof (HIST_ENTRY *));
 -#endif
 +      new_length = history_length;
       history_base++;
     }
   else
@@ -315,7 +312,7 @@ add_history (string)
 	  else
 	    history_size = DEFAULT_HISTORY_INITIAL_SIZE;
 	  the_history = (HIST_ENTRY **)xmalloc (history_size * sizeof (HIST_ENTRY *));
 -	  history_length = 1;
 +	  new_length = 1;
 	}
       else
 	{
@@ -325,14 +322,15 @@ add_history (string)
 	      the_history = (HIST_ENTRY **)
 		xrealloc (the_history, history_size * sizeof (HIST_ENTRY *));
 	    }
 -	  history_length++;
 +	  new_length = history_length + 1;
 	}
     }
   temp = alloc_history_entry ((char *)string, hist_inittime ());
 -  the_history[history_length] = (HIST_ENTRY *)NULL;
 -  the_history[history_length - 1] = temp;
 +  the_history[new_length] = (HIST_ENTRY *)NULL;
 +  the_history[new_length - 1] = temp;
 +  history_length = new_length;
 }
 /* Change the time stamp of the most recent history entry to STRING. */
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 8
 +#define PATCHLEVEL 9
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/110-upstream-bash43-010.patch
+++ b/utils/bash/patches/110-upstream-bash43-010.patch
@ -1,145 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-010
 Bug-Reported-by:	Albert Shih <Albert.Shih@obspm.fr>
 Bug-Reference-ID:	Wed, 5 Mar 2014 23:01:40 +0100
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00028.html
 Bug-Description:
 Patch (apply with `patch -p0'):
 This patch changes the behavior of programmable completion to compensate
 for two assumptions made by the bash-completion package.  Bash-4.3 changed
 to dequote the argument to programmable completion only under certain
 circumstances, to make the behavior of compgen more consistent when run
 from the command line -- closer to the behavior when run by a shell function
 run as part of programmable completion.  Bash-completion can pass quoted
 arguments to compgen when the original word to be completed was not quoted,
 expecting programmable completion to dequote the word before attempting
 completion.
 This patch fixes two cases:
 1.  An empty string that bash-completion passes to compgen as a quoted null
    string ('').
 2.  An unquoted word that bash-completion quotes using single quotes or
    backslashes before passing it to compgen.
 In these cases, since readline did not detect a quote character in the original
 word to be completed, bash-4.3 
 --- a/externs.h
 +++ b/externs.h
@@ -324,6 +324,7 @@ extern char *sh_un_double_quote __P((cha
 extern char *sh_backslash_quote __P((char *, const char *, int));
 extern char *sh_backslash_quote_for_double_quotes __P((char *));
 extern int sh_contains_shell_metas __P((char *));
 +extern int sh_contains_quotes __P((char *));
 /* declarations for functions defined in lib/sh/spell.c */
 extern int spname __P((char *, char *));
 --- a/lib/sh/shquote.c
 +++ b/lib/sh/shquote.c
@@ -311,3 +311,17 @@ sh_contains_shell_metas (string)
   return (0);
 }
 +
 +int
 +sh_contains_quotes (string)
 +     char *string;
 +{
 +  char *s;
 +
 +  for (s = string; s && *s; s++)
 +    {
 +      if (*s == '\'' || *s == '"' || *s == '\\')
 +	return 1;
 +    }
 +  return 0;
 +}
 --- a/pcomplete.c
 +++ b/pcomplete.c
@@ -183,6 +183,7 @@ ITEMLIST it_variables = { LIST_DYNAMIC,
 COMPSPEC *pcomp_curcs;
 const char *pcomp_curcmd;
 +const char *pcomp_curtxt;
 #ifdef DEBUG
 /* Debugging code */
@@ -753,6 +754,32 @@ pcomp_filename_completion_function (text
 	     quoted strings. */
 	  dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character);
 	}
 +      /* Intended to solve a mismatched assumption by bash-completion.  If
 +	 the text to be completed is empty, but bash-completion turns it into
 +	 a quoted string ('') assuming that this code will dequote it before
 +	 calling readline, do the dequoting. */
 +      else if (iscompgen && iscompleting &&
 +	       pcomp_curtxt && *pcomp_curtxt == 0 &&
 +	       text && (*text == '\'' || *text == '"') && text[1] == text[0] && text[2] == 0 && 
 +	       rl_filename_dequoting_function)
 +	dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character);
 +      /* Another mismatched assumption by bash-completion.  If compgen is being
 +      	 run as part of bash-completion, and the argument to compgen is not
 +      	 the same as the word originally passed to the programmable completion
 +      	 code, dequote the argument if it has quote characters.  It's an
 +      	 attempt to detect when bash-completion is quoting its filename
 +      	 argument before calling compgen. */
 +      /* We could check whether gen_shell_function_matches is in the call
 +	 stack by checking whether the gen-shell-function-matches tag is in
 +	 the unwind-protect stack, but there's no function to do that yet.
 +	 We could simply check whether we're executing in a function by
 +	 checking variable_context, and may end up doing that. */
 +      else if (iscompgen && iscompleting && rl_filename_dequoting_function &&
 +	       pcomp_curtxt && text &&
 +	       STREQ (pcomp_curtxt, text) == 0 &&
 +	       variable_context &&
 +	       sh_contains_quotes (text))	/* guess */
 +	dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character);
       else
 	dfn = savestring (text);
     }
@@ -1522,7 +1549,7 @@ gen_progcomp_completions (ocmd, cmd, wor
      COMPSPEC **lastcs;
 {
   COMPSPEC *cs, *oldcs;
 -  const char *oldcmd;
 +  const char *oldcmd, *oldtxt;
   STRINGLIST *ret;
   cs = progcomp_search (ocmd);
@@ -1545,14 +1572,17 @@ gen_progcomp_completions (ocmd, cmd, wor
   oldcs = pcomp_curcs;
   oldcmd = pcomp_curcmd;
 +  oldtxt = pcomp_curtxt;
   pcomp_curcs = cs;
   pcomp_curcmd = cmd;
 +  pcomp_curtxt = word;
   ret = gen_compspec_completions (cs, cmd, word, start, end, foundp);
   pcomp_curcs = oldcs;
   pcomp_curcmd = oldcmd;
 +  pcomp_curtxt = oldtxt;
   /* We need to conditionally handle setting *retryp here */
   if (retryp)
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 9
 +#define PATCHLEVEL 10
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/110-upstream-bash44-010.patch
+++ b/utils/bash/patches/110-upstream-bash44-010.patch
@ -0,0 +1,26 @@
 Index: bash-4.4/builtins/read.def
 ===================================================================
 --- bash-4.4.orig/builtins/read.def
 +++ bash-4.4/builtins/read.def
@@ -181,7 +181,8 @@ read_builtin (list)
      WORD_LIST *list;
 {
   register char *varname;
 -  int size, i, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2;
 +  int size, nr, pass_next, saw_escape, eof, opt, retval, code, print_ps2;
 +  volatile int i;
   int input_is_tty, input_is_pipe, unbuffered_read, skip_ctlesc, skip_ctlnul;
   int raw, edit, nchars, silent, have_timeout, ignore_delim, fd, lastsig, t_errno;
   unsigned int tmsec, tmusec;
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 9
 +#define PATCHLEVEL 10
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/111-upstream-bash43-011.patch
+++ b/utils/bash/patches/111-upstream-bash43-011.patch
@ -1,40 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-011
 Bug-Reported-by:	Egmont Koblinger <egmont@gmail.com>
 Bug-Reference-ID:	<CAGWcZk+bU5Jo1M+tutGvL-250UBE9DXjpeJVofYJSFcqFEVfMg@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00153.html
 Bug-Description:
 The signal handling changes to bash and readline (to avoid running any code
 in a signal handler context) cause the cursor to be placed on the wrong
 line of a multi-line command after a ^C interrupts editing.
 Patch (apply with `patch -p0'):
 --- a/lib/readline/display.c
 +++ b/lib/readline/display.c
@@ -2677,7 +2677,8 @@ _rl_clean_up_for_exit ()
 {
   if (_rl_echoing_p)
     {
 -      _rl_move_vert (_rl_vis_botlin);
 +      if (_rl_vis_botlin > 0)	/* minor optimization plus bug fix */
 +	_rl_move_vert (_rl_vis_botlin);
       _rl_vis_botlin = 0;
       fflush (rl_outstream);
       rl_restart_output (1, 0);
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 10
 +#define PATCHLEVEL 11
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/111-upstream-bash44-011.patch
+++ b/utils/bash/patches/111-upstream-bash44-011.patch
@ -0,0 +1,26 @@
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 10
 +#define PATCHLEVEL 11
 #endif /* _PATCHLEVEL_H_ */
 Index: bash-4.4/sig.c
 ===================================================================
 --- bash-4.4.orig/sig.c
 +++ bash-4.4/sig.c
@@ -585,7 +585,8 @@ termsig_handler (sig)
 #if defined (JOB_CONTROL)
   if (sig == SIGHUP && (interactive || (subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB))))
     hangup_all_jobs ();
 -  end_job_control ();
 +  if ((subshell_environment & (SUBSHELL_COMSUB|SUBSHELL_PROCSUB)) == 0)
 +    end_job_control ();
 #endif /* JOB_CONTROL */
 #if defined (PROCESS_SUBSTITUTION)
--- a/utils/bash/patches/112-upstream-bash43-012.patch
+++ b/utils/bash/patches/112-upstream-bash43-012.patch
@ -1,38 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-012
 Bug-Reported-by:	Eduardo A. Bustamante López<dualbus@gmail.com>
 Bug-Reference-ID:	<5346B54C.4070205@case.edu>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00051.html
 Bug-Description:
 When a SIGCHLD trap runs a command containing a shell builtin while
 a script is running `wait' to wait for all running children to complete,
 the SIGCHLD trap will not be run once for each child that terminates.
 Patch (apply with `patch -p0'):
 --- a/jobs.c
 +++ b/jobs.c
@@ -3597,6 +3597,7 @@ run_sigchld_trap (nchild)
   unwind_protect_int (jobs_list_frozen);
   unwind_protect_pointer (the_pipeline);
   unwind_protect_pointer (subst_assign_varlist);
 +  unwind_protect_pointer (this_shell_builtin);
   /* We have to add the commands this way because they will be run
      in reverse order of adding.  We don't want maybe_set_sigchld_trap ()
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 11
 +#define PATCHLEVEL 12
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/112-upstream-bash44-012.patch
+++ b/utils/bash/patches/112-upstream-bash44-012.patch
@ -0,0 +1,106 @@
 Index: bash-4.4/patchlevel.h
 ===================================================================
 --- bash-4.4.orig/patchlevel.h
 +++ bash-4.4/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 11
 +#define PATCHLEVEL 12
 #endif /* _PATCHLEVEL_H_ */
 Index: bash-4.4/subst.c
 ===================================================================
 --- bash-4.4.orig/subst.c
 +++ bash-4.4/subst.c
@@ -2825,11 +2825,15 @@ list_string (string, separators, quoted)
 /* Parse a single word from STRING, using SEPARATORS to separate fields.
    ENDPTR is set to the first character after the word.  This is used by
 -   the `read' builtin.  This is never called with SEPARATORS != $IFS;
 -   it should be simplified.
 +   the `read' builtin.
 +   
 +   This is never called with SEPARATORS != $IFS, and takes advantage of that.
    XXX - this function is very similar to list_string; they should be
 	 combined - XXX */
 +
 +#define islocalsep(c)	(local_cmap[(unsigned char)(c)] != 0)
 +
 char *
 get_word_from_string (stringp, separators, endptr)
      char **stringp, *separators, **endptr;
@@ -2837,6 +2841,7 @@ get_word_from_string (stringp, separator
   register char *s;
   char *current_word;
   int sindex, sh_style_split, whitesep, xflags;
 +  unsigned char local_cmap[UCHAR_MAX+1];	/* really only need single-byte chars here */
   size_t slen;
   if (!stringp || !*stringp || !**stringp)
@@ -2846,20 +2851,23 @@ get_word_from_string (stringp, separator
 				 separators[1] == '\t' &&
 				 separators[2] == '\n' &&
 				 separators[3] == '\0';
 -  for (xflags = 0, s = ifs_value; s && *s; s++)
 +  memset (local_cmap, '\0', sizeof (local_cmap));
 +  for (xflags = 0, s = separators; s && *s; s++)
     {
       if (*s == CTLESC) xflags |= SX_NOCTLESC;
       if (*s == CTLNUL) xflags |= SX_NOESCCTLNUL;
 +      local_cmap[(unsigned char)*s] = 1;	/* local charmap of separators */
     }
   s = *stringp;
   slen = 0;
   /* Remove sequences of whitespace at the beginning of STRING, as
 -     long as those characters appear in IFS. */
 -  if (sh_style_split || !separators || !*separators)
 +     long as those characters appear in SEPARATORS.  This happens if
 +     SEPARATORS == $' \t\n' or if IFS is unset. */
 +  if (sh_style_split || separators == 0)
     {
 -      for (; *s && spctabnl (*s) && isifs (*s); s++);
 +      for (; *s && spctabnl (*s) && islocalsep (*s); s++);
       /* If the string is nothing but whitespace, update it and return. */
       if (!*s)
@@ -2878,9 +2886,9 @@ get_word_from_string (stringp, separator
      This obeys the field splitting rules in Posix.2. */
   sindex = 0;
 -  /* Don't need string length in ADVANCE_CHAR or string_extract_verbatim
 -     unless multibyte chars are possible. */
 -  slen = (MB_CUR_MAX > 1) ? STRLEN (s) : 1;
 +  /* Don't need string length in ADVANCE_CHAR unless multibyte chars are
 +     possible, but need it in string_extract_verbatim for bounds checking */
 +  slen = STRLEN (s);
   current_word = string_extract_verbatim (s, slen, &sindex, separators, xflags);
   /* Set ENDPTR to the first character after the end of the word. */
@@ -2899,19 +2907,19 @@ get_word_from_string (stringp, separator
   /* Now skip sequences of space, tab, or newline characters if they are
      in the list of separators. */
 -  while (s[sindex] && spctabnl (s[sindex]) && isifs (s[sindex]))
 +  while (s[sindex] && spctabnl (s[sindex]) && islocalsep (s[sindex]))
     sindex++;
   /* If the first separator was IFS whitespace and the current character is
      a non-whitespace IFS character, it should be part of the current field
      delimiter, not a separate delimiter that would result in an empty field.
      Look at POSIX.2, 3.6.5, (3)(b). */
 -  if (s[sindex] && whitesep && isifs (s[sindex]) && !spctabnl (s[sindex]))
 +  if (s[sindex] && whitesep && islocalsep (s[sindex]) && !spctabnl (s[sindex]))
     {
       sindex++;
       /* An IFS character that is not IFS white space, along with any adjacent
 	 IFS white space, shall delimit a field. */
 -      while (s[sindex] && spctabnl (s[sindex]) && isifs (s[sindex]))
 +      while (s[sindex] && spctabnl (s[sindex]) && islocalsep(s[sindex]))
 	sindex++;
     }
--- a/utils/bash/patches/113-upstream-bash43-013.patch
+++ b/utils/bash/patches/113-upstream-bash43-013.patch
@ -1,52 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-013
 Bug-Reported-by:	<Trond.Endrestol@ximalas.info>
 Bug-Reference-ID:	<alpine.BSF.2.03.1404192114310.1973@enterprise.ximalas.info>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00069.html
 Bug-Description:
 Using reverse-i-search when horizontal scrolling is enabled does not redisplay
 the entire line containing the successful search results.
 Patch (apply with `patch -p0'):
 --- a/lib/readline/display.c
 +++ b/lib/readline/display.c
@@ -1637,7 +1637,7 @@ update_line (old, new, current_line, oma
   /* If we are changing the number of invisible characters in a line, and
      the spot of first difference is before the end of the invisible chars,
      lendiff needs to be adjusted. */
 -  if (current_line == 0 && !_rl_horizontal_scroll_mode &&
 +  if (current_line == 0 && /* !_rl_horizontal_scroll_mode && */
       current_invis_chars != visible_wrap_offset)
     {
       if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
@@ -1825,8 +1825,13 @@ update_line (old, new, current_line, oma
 	      else
 		_rl_last_c_pos += bytes_to_insert;
 +	      /* XXX - we only want to do this if we are at the end of the line
 +		 so we move there with _rl_move_cursor_relative */
 	      if (_rl_horizontal_scroll_mode && ((oe-old) > (ne-new)))
 -		goto clear_rest_of_line;
 +		{
 +		  _rl_move_cursor_relative (ne-new, new);
 +		  goto clear_rest_of_line;
 +		}
 	    }
 	}
       /* Otherwise, print over the existing material. */
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 12
 +#define PATCHLEVEL 13
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/114-upstream-bash43-014.patch
+++ b/utils/bash/patches/114-upstream-bash43-014.patch
@ -1,95 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-014
 Bug-Reported-by:	Greg Wooledge <wooledg@eeg.ccf.org>
 Bug-Reference-ID:	<20140418202123.GB7660@eeg.ccf.org>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/help-bash/2014-04/msg00004.html
 Bug-Description:
 Under certain circumstances, $@ is expanded incorrectly in contexts where
 word splitting is not performed.
 Patch (apply with `patch -p0'):
 --- a/subst.c
 +++ b/subst.c
@@ -3248,8 +3248,10 @@ cond_expand_word (w, special)
   if (w->word == 0 || w->word[0] == '\0')
     return ((char *)NULL);
 +  expand_no_split_dollar_star = 1;
   w->flags |= W_NOSPLIT2;
   l = call_expand_word_internal (w, 0, 0, (int *)0, (int *)0);
 +  expand_no_split_dollar_star = 0;
   if (l)
     {
       if (special == 0)			/* LHS */
@@ -7847,6 +7849,10 @@ param_expand (string, sindex, quoted, ex
 	 We also want to make sure that splitting is done no matter what --
 	 according to POSIX.2, this expands to a list of the positional
 	 parameters no matter what IFS is set to. */
 +      /* XXX - what to do when in a context where word splitting is not
 +	 performed? Even when IFS is not the default, posix seems to imply
 +	 that we behave like unquoted $* ?  Maybe we should use PF_NOSPLIT2
 +	 here. */
       temp = string_list_dollar_at (list, (pflags & PF_ASSIGNRHS) ? (quoted|Q_DOUBLE_QUOTES) : quoted);
       tflag |= W_DOLLARAT;
@@ -8816,6 +8822,7 @@ finished_with_string:
   else
     {
       char *ifs_chars;
 +      char *tstring;
       ifs_chars = (quoted_dollar_at || has_dollar_at) ? ifs_value : (char *)NULL;
@@ -8830,11 +8837,36 @@ finished_with_string:
 	 regardless of what else has happened to IFS since the expansion. */
       if (split_on_spaces)
 	list = list_string (istring, " ", 1);	/* XXX quoted == 1? */
 +      /* If we have $@ (has_dollar_at != 0) and we are in a context where we
 +	 don't want to split the result (W_NOSPLIT2), and we are not quoted,
 +	 we have already separated the arguments with the first character of
 +	 $IFS.  In this case, we want to return a list with a single word
 +	 with the separator possibly replaced with a space (it's what other
 +	 shells seem to do).
 +	 quoted_dollar_at is internal to this function and is set if we are
 +	 passed an argument that is unquoted (quoted == 0) but we encounter a
 +	 double-quoted $@ while expanding it. */
 +      else if (has_dollar_at && quoted_dollar_at == 0 && ifs_chars && quoted == 0 && (word->flags & W_NOSPLIT2))
 +	{
 +	  /* Only split and rejoin if we have to */
 +	  if (*ifs_chars && *ifs_chars != ' ')
 +	    {
 +	      list = list_string (istring, *ifs_chars ? ifs_chars : " ", 1);
 +	      tstring = string_list (list);
 +	    }
 +	  else
 +	    tstring = istring;
 +	  tword = make_bare_word (tstring);
 +	  if (tstring != istring)
 +	    free (tstring);
 +	  goto set_word_flags;
 +	}
       else if (has_dollar_at && ifs_chars)
 	list = list_string (istring, *ifs_chars ? ifs_chars : " ", 1);
       else
 	{
 	  tword = make_bare_word (istring);
 +set_word_flags:
 	  if ((quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT)) || (quoted_state == WHOLLY_QUOTED))
 	    tword->flags |= W_QUOTED;
 	  if (word->flags & W_ASSIGNMENT)
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 13
 +#define PATCHLEVEL 14
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/115-upstream-bash43-015.patch
+++ b/utils/bash/patches/115-upstream-bash43-015.patch
@ -1,48 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-015
 Bug-Reported-by:	Clark Wang <dearvoid@gmail.com>
 Bug-Reference-ID:	<CADv8-og2TOSoabXeNVXVGaXN3tEMHnYVq1rwOLe5meaRPSGRig@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00095.html
 Bug-Description:
 When completing directory names, the directory name is dequoted twice.
 This causes problems for directories with single and double quotes in
 their names.
 Patch (apply with `patch -p0'):
 --- a/bashline.c
 +++ b/bashline.c
@@ -4167,9 +4167,16 @@ bash_directory_completion_matches (text)
   int qc;
   qc = rl_dispatching ? rl_completion_quote_character : 0;  
 -  dfn = bash_dequote_filename ((char *)text, qc);
 +  /* If rl_completion_found_quote != 0, rl_completion_matches will call the
 +     filename dequoting function, causing the directory name to be dequoted
 +     twice. */
 +  if (rl_dispatching && rl_completion_found_quote == 0)
 +    dfn = bash_dequote_filename ((char *)text, qc);
 +  else
 +    dfn = (char *)text;
   m1 = rl_completion_matches (dfn, rl_filename_completion_function);
 -  free (dfn);
 +  if (dfn != text)
 +    free (dfn);
   if (m1 == 0 || m1[0] == 0)
     return m1;
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 14
 +#define PATCHLEVEL 15
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/116-upstream-bash43-016.patch
+++ b/utils/bash/patches/116-upstream-bash43-016.patch
@ -1,121 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-016
 Bug-Reported-by:	Pierre Gaston <pierre.gaston@gmail.com>
 Bug-Reference-ID:	<CAPSX3sTCD61k1VQLJ5r-LWzEt+e7Xc-fxXmwn2u8EA5gJJej8Q@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00100.html
 Bug-Description:
 An extended glob pattern containing a slash (`/') causes the globbing code
 to misinterpret it as a directory separator.
 Patch (apply with `patch -p0'):
 --- a/lib/glob/glob.c
 +++ b/lib/glob/glob.c
@@ -123,6 +123,8 @@ static char **glob_dir_to_array __P((cha
 extern char *glob_patscan __P((char *, char *, int));
 extern wchar_t *glob_patscan_wc __P((wchar_t *, wchar_t *, int));
 +extern char *glob_dirscan __P((char *, int));
 +
 /* Compile `glob_loop.c' for single-byte characters. */
 #define CHAR	unsigned char
 #define INT	int
@@ -187,6 +189,9 @@ extglob_skipname (pat, dname, flags)
   se = pp + strlen (pp) - 1;		/* end of string */
   pe = glob_patscan (pp, se, 0);	/* end of extglob pattern (( */
   /* we should check for invalid extglob pattern here */
 +  if (pe == 0)
 +    return 0;
 +
   /* if pe != se we have more of the pattern at the end of the extglob
      pattern. Check the easy case first ( */
   if (pe == se && *pe == ')' && (t = strchr (pp, '|')) == 0)
@@ -1015,7 +1020,7 @@ glob_filename (pathname, flags)
 {
   char **result;
   unsigned int result_size;
 -  char *directory_name, *filename, *dname;
 +  char *directory_name, *filename, *dname, *fn;
   unsigned int directory_len;
   int free_dirname;			/* flag */
   int dflags;
@@ -1031,6 +1036,18 @@ glob_filename (pathname, flags)
   /* Find the filename.  */
   filename = strrchr (pathname, '/');
 +#if defined (EXTENDED_GLOB)
 +  if (filename && extended_glob)
 +    {
 +      fn = glob_dirscan (pathname, '/');
 +#if DEBUG_MATCHING
 +      if (fn != filename)
 +	fprintf (stderr, "glob_filename: glob_dirscan: fn (%s) != filename (%s)\n", fn ? fn : "(null)", filename);
 +#endif
 +      filename = fn;
 +    }
 +#endif
 +
   if (filename == NULL)
     {
       filename = pathname;
 --- a/lib/glob/gmisc.c
 +++ b/lib/glob/gmisc.c
@@ -42,6 +42,8 @@
 #define WLPAREN         L'('
 #define WRPAREN         L')'
 +extern char *glob_patscan __P((char *, char *, int));
 +
 /* Return 1 of the first character of WSTRING could match the first
    character of pattern WPAT.  Wide character version. */
 int
@@ -375,3 +377,34 @@ bad_bracket:
   return matlen;
 }
 +
 +/* Skip characters in PAT and return the final occurrence of DIRSEP.  This
 +   is only called when extended_glob is set, so we have to skip over extglob
 +   patterns x(...) */
 +char *
 +glob_dirscan (pat, dirsep)
 +     char *pat;
 +     int dirsep;
 +{
 +  char *p, *d, *pe, *se;
 +
 +  d = pe = se = 0;
 +  for (p = pat; p && *p; p++)
 +    {
 +      if (extglob_pattern_p (p))
 +	{
 +	  if (se == 0)
 +	    se = p + strlen (p) - 1;
 +	  pe = glob_patscan (p + 2, se, 0);
 +	  if (pe == 0)
 +	    continue;
 +	  else if (*pe == 0)
 +	    break;
 +	  p = pe - 1;	/* will do increment above */
 +	  continue;
 +	}
 +      if (*p ==  dirsep)
 +	d = p;
 +    }
 +  return d;
 +}
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 15
 +#define PATCHLEVEL 16
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/117-upstream-bash43-017.patch
+++ b/utils/bash/patches/117-upstream-bash43-017.patch
@ -1,41 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-017
 Bug-Reported-by:	Dan Douglas <ormaaj@gmail.com>
 Bug-Reference-ID:	<7781746.RhfoTROLxF@smorgbox>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-05/msg00026.html
 Bug-Description:
 The code that creates local variables should not clear the `invisible'
 attribute when returning an existing local variable.  Let the code that
 actually assigns a value clear it.
 Patch (apply with `patch -p0'):
 --- a/variables.c
 +++ b/variables.c
@@ -2197,10 +2197,7 @@ make_local_variable (name)
   /* local foo; local foo;  is a no-op. */
   old_var = find_variable (name);
   if (old_var && local_p (old_var) && old_var->context == variable_context)
 -    {
 -      VUNSETATTR (old_var, att_invisible);	/* XXX */
 -      return (old_var);
 -    }
 +    return (old_var);
   was_tmpvar = old_var && tempvar_p (old_var);
   /* If we're making a local variable in a shell function, the temporary env
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 16
 +#define PATCHLEVEL 17
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/118-upstream-bash43-018.patch
+++ b/utils/bash/patches/118-upstream-bash43-018.patch
@ -1,38 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-018
 Bug-Reported-by:	Geir Hauge <geir.hauge@gmail.com>
 Bug-Reference-ID:	<CAO-BiTLOvfPXDypg61jcBausADrxUKJejakV2WTWP26cW0=rgA@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-05/msg00040.html
 Bug-Description:
 When assigning an array variable using the compound assignment syntax,
 but using `declare' with the rhs of the compound assignment quoted, the
 shell did not mark the variable as visible after successfully performing
 the assignment.
 Patch (apply with `patch -p0'):
 --- a/arrayfunc.c
 +++ b/arrayfunc.c
@@ -179,6 +179,7 @@ bind_array_var_internal (entry, ind, key
     array_insert (array_cell (entry), ind, newval);
   FREE (newval);
 +  VUNSETATTR (entry, att_invisible);	/* no longer invisible */
   return (entry);
 }
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 17
 +#define PATCHLEVEL 18
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/119-upstream-bash43-019.patch
+++ b/utils/bash/patches/119-upstream-bash43-019.patch
@ -1,75 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-019
 Bug-Reported-by:	John Lenton
 Bug-Reference-ID:
 Bug-Reference-URL:	https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1317476
 Bug-Description:
 The -t timeout option to `read' does not work when the -e option is used.
 Patch (apply with `patch -p0'):
 --- a/lib/readline/input.c
 +++ b/lib/readline/input.c
@@ -534,8 +534,16 @@ rl_getc (stream)
 	return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF);
       else if (_rl_caught_signal == SIGHUP || _rl_caught_signal == SIGTERM)
 	return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF);
 +      /* keyboard-generated signals of interest */
       else if (_rl_caught_signal == SIGINT || _rl_caught_signal == SIGQUIT)
         RL_CHECK_SIGNALS ();
 +      /* non-keyboard-generated signals of interest */
 +      else if (_rl_caught_signal == SIGALRM
 +#if defined (SIGVTALRM)
 +		|| _rl_caught_signal == SIGVTALRM
 +#endif
 +	      )
 +        RL_CHECK_SIGNALS ();
       if (rl_signal_event_hook)
 	(*rl_signal_event_hook) ();
 --- a/builtins/read.def
 +++ b/builtins/read.def
@@ -442,7 +442,10 @@ read_builtin (list)
       add_unwind_protect (reset_alarm, (char *)NULL);
 #if defined (READLINE)
       if (edit)
 -	add_unwind_protect (reset_attempted_completion_function, (char *)NULL);
 +	{
 +	  add_unwind_protect (reset_attempted_completion_function, (char *)NULL);
 +	  add_unwind_protect (bashline_reset_event_hook, (char *)NULL);
 +	}
 #endif
       falarm (tmsec, tmusec);
     }
@@ -1021,6 +1024,7 @@ edit_line (p, itext)
   old_attempted_completion_function = rl_attempted_completion_function;
   rl_attempted_completion_function = (rl_completion_func_t *)NULL;
 +  bashline_set_event_hook ();
   if (itext)
     {
       old_startup_hook = rl_startup_hook;
@@ -1032,6 +1036,7 @@ edit_line (p, itext)
   rl_attempted_completion_function = old_attempted_completion_function;
   old_attempted_completion_function = (rl_completion_func_t *)NULL;
 +  bashline_reset_event_hook ();
   if (ret == 0)
     return ret;
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 18
 +#define PATCHLEVEL 19
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/120-upstream-bash43-020.patch
+++ b/utils/bash/patches/120-upstream-bash43-020.patch
@ -1,93 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-020
 Bug-Reported-by:	Jared Yanovich <slovichon@gmail.com>
 Bug-Reference-ID:	<20140417073654.GB26875@nightderanger.psc.edu>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00065.html
 Bug-Description:
 When PS2 contains a command substitution, here-documents entered in an
 interactive shell can sometimes cause a segmentation fault.
 Patch (apply with `patch -p0'):
 --- a/shell.h
 +++ b/shell.h
@@ -168,7 +168,8 @@ typedef struct _sh_parser_state_t {
   /* flags state affecting the parser */
   int expand_aliases;
   int echo_input_at_read;
 -  
 +  int need_here_doc;
 +
 } sh_parser_state_t;
 typedef struct _sh_input_line_state_t {
 --- a/parse.y
 +++ b/parse.y
@@ -2642,7 +2642,7 @@ gather_here_documents ()
   int r;
   r = 0;
 -  while (need_here_doc)
 +  while (need_here_doc > 0)
     {
       parser_state |= PST_HEREDOC;
       make_here_document (redir_stack[r++], line_number);
@@ -6075,6 +6075,7 @@ save_parser_state (ps)
   ps->expand_aliases = expand_aliases;
   ps->echo_input_at_read = echo_input_at_read;
 +  ps->need_here_doc = need_here_doc;
   ps->token = token;
   ps->token_buffer_size = token_buffer_size;
@@ -6123,6 +6124,7 @@ restore_parser_state (ps)
   expand_aliases = ps->expand_aliases;
   echo_input_at_read = ps->echo_input_at_read;
 +  need_here_doc = ps->need_here_doc;
   FREE (token);
   token = ps->token;
 --- a/y.tab.c
 +++ b/y.tab.c
@@ -4954,7 +4954,7 @@ gather_here_documents ()
   int r;
   r = 0;
 -  while (need_here_doc)
 +  while (need_here_doc > 0)
     {
       parser_state |= PST_HEREDOC;
       make_here_document (redir_stack[r++], line_number);
@@ -8387,6 +8387,7 @@ save_parser_state (ps)
   ps->expand_aliases = expand_aliases;
   ps->echo_input_at_read = echo_input_at_read;
 +  ps->need_here_doc = need_here_doc;
   ps->token = token;
   ps->token_buffer_size = token_buffer_size;
@@ -8435,6 +8436,7 @@ restore_parser_state (ps)
   expand_aliases = ps->expand_aliases;
   echo_input_at_read = ps->echo_input_at_read;
 +  need_here_doc = ps->need_here_doc;
   FREE (token);
   token = ps->token;
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 19
 +#define PATCHLEVEL 20
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/121-upstream-bash43-021.patch
+++ b/utils/bash/patches/121-upstream-bash43-021.patch
@ -1,46 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-021
 Bug-Reported-by:	Jared Yanovich <slovichon@gmail.com>
 Bug-Reference-ID:	<20140625225019.GJ17044@nightderanger.psc.edu>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00070.html
 Bug-Description:
 When the readline `revert-all-at-newline' option is set, pressing newline
 when the current line is one retrieved from history results in a double free
 and a segmentation fault.
 Patch (apply with `patch -p0'):
 --- a/lib/readline/misc.c
 +++ b/lib/readline/misc.c
@@ -461,6 +461,7 @@ _rl_revert_all_lines ()
 	    saved_undo_list = 0;
 	  /* Set up rl_line_buffer and other variables from history entry */
 	  rl_replace_from_history (entry, 0);	/* entry->line is now current */
 +	  entry->data = 0;			/* entry->data is now current undo list */
 	  /* Undo all changes to this history entry */
 	  while (rl_undo_list)
 	    rl_do_undo ();
@@ -468,7 +469,6 @@ _rl_revert_all_lines ()
 	     the timestamp. */
 	  FREE (entry->line);
 	  entry->line = savestring (rl_line_buffer);
 -	  entry->data = 0;
 	}
       entry = previous_history ();
     }
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 20
 +#define PATCHLEVEL 21
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/122-upstream-bash43-022.patch
+++ b/utils/bash/patches/122-upstream-bash43-022.patch
@ -1,47 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-022
 Bug-Reported-by:	scorp.dev.null@gmail.com
 Bug-Reference-ID:	<E1WxXw8-0007iE-Bi@pcm14>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00061.html
 Bug-Description:
 Using nested pipelines within loops with the `lastpipe' option set can result
 in a segmentation fault.
 Patch (apply with `patch -p0'):
 --- a/execute_cmd.c
 +++ b/execute_cmd.c
@@ -2413,7 +2413,16 @@ execute_pipeline (command, asynchronous,
 #endif
       lstdin = wait_for (lastpid);
 #if defined (JOB_CONTROL)
 -      exec_result = job_exit_status (lastpipe_jid);
 +      /* If wait_for removes the job from the jobs table, use result of last
 +	 command as pipeline's exit status as usual.  The jobs list can get
 +	 frozen and unfrozen at inconvenient times if there are multiple pipelines
 +	 running simultaneously. */
 +      if (INVALID_JOB (lastpipe_jid) == 0)
 +	exec_result = job_exit_status (lastpipe_jid);
 +      else if (pipefail_opt)
 +	exec_result = exec_result | lstdin;	/* XXX */
 +      /* otherwise we use exec_result */
 +        
 #endif
       unfreeze_jobs_list ();
     }
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 21
 +#define PATCHLEVEL 22
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/123-upstream-bash43-023.patch
+++ b/utils/bash/patches/123-upstream-bash43-023.patch
@ -1,78 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-023
 Bug-Reported-by:	Tim Friske <me@timfriske.com>
 Bug-Reference-ID:	<CAM1RzOcOR9zzC2i+aeES6LtbHNHoOV+0pZEYPrqxv_QAii-RXA@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00056.html
 Bug-Description:
 Bash does not correctly parse process substitution constructs that contain
 unbalanced parentheses as part of the contained command.
 Patch (apply with `patch -p0'):
 --- a/subst.h
 +++ b/subst.h
@@ -82,7 +82,7 @@ extern char *extract_arithmetic_subst __
 /* Extract the <( or >( construct in STRING, and return a new string.
    Start extracting at (SINDEX) as if we had just seen "<(".
    Make (SINDEX) get the position just after the matching ")". */
 -extern char *extract_process_subst __P((char *, char *, int *));
 +extern char *extract_process_subst __P((char *, char *, int *, int));
 #endif /* PROCESS_SUBSTITUTION */
 /* Extract the name of the variable to bind to from the assignment string. */
 --- a/subst.c
 +++ b/subst.c
@@ -1192,12 +1192,18 @@ extract_arithmetic_subst (string, sindex
    Start extracting at (SINDEX) as if we had just seen "<(".
    Make (SINDEX) get the position of the matching ")". */ /*))*/
 char *
 -extract_process_subst (string, starter, sindex)
 +extract_process_subst (string, starter, sindex, xflags)
      char *string;
      char *starter;
      int *sindex;
 +     int xflags;
 {
 +#if 0
   return (extract_delimited_string (string, sindex, starter, "(", ")", SX_COMMAND));
 +#else
 +  xflags |= (no_longjmp_on_fatal_error ? SX_NOLONGJMP : 0);
 +  return (xparse_dolparen (string, string+*sindex, sindex, xflags));
 +#endif
 }
 #endif /* PROCESS_SUBSTITUTION */
@@ -1785,7 +1791,7 @@ skip_to_delim (string, start, delims, fl
 	  si = i + 2;
 	  if (string[si] == '\0')
 	    CQ_RETURN(si);
 -	  temp = extract_process_subst (string, (c == '<') ? "<(" : ">(", &si);
 +	  temp = extract_process_subst (string, (c == '<') ? "<(" : ">(", &si, 0);
 	  free (temp);		/* no SX_ALLOC here */
 	  i = si;
 	  if (string[i] == '\0')
@@ -8249,7 +8255,7 @@ add_string:
 	    else
 	      t_index = sindex + 1; /* skip past both '<' and LPAREN */
 -	    temp1 = extract_process_subst (string, (c == '<') ? "<(" : ">(", &t_index); /*))*/
 +	    temp1 = extract_process_subst (string, (c == '<') ? "<(" : ">(", &t_index, 0); /*))*/
 	    sindex = t_index;
 	    /* If the process substitution specification is `<()', we want to
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 22
 +#define PATCHLEVEL 23
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/124-upstream-bash43-024.patch
+++ b/utils/bash/patches/124-upstream-bash43-024.patch
@ -1,45 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-024
 Bug-Reported-by:	Corentin Peuvrel <cpeuvrel@pom-monitoring.com>
 Bug-Reference-ID:	<53CE9E5D.6050203@pom-monitoring.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-07/msg00021.html
 Bug-Description:
 Indirect variable references do not work correctly if the reference
 variable expands to an array reference using a subscript other than 0
 (e.g., foo='bar[1]' ; echo ${!foo}).
 Patch (apply with `patch -p0'):
 --- a/subst.c
 +++ b/subst.c
@@ -7374,7 +7374,13 @@ parameter_brace_expand (string, indexp,
     }
   if (want_indir)
 -    tdesc = parameter_brace_expand_indir (name + 1, var_is_special, quoted, quoted_dollar_atp, contains_dollar_at);
 +    {
 +      tdesc = parameter_brace_expand_indir (name + 1, var_is_special, quoted, quoted_dollar_atp, contains_dollar_at);
 +      /* Turn off the W_ARRAYIND flag because there is no way for this function
 +	 to return the index we're supposed to be using. */
 +      if (tdesc && tdesc->flags)
 +	tdesc->flags &= ~W_ARRAYIND;
 +    }
   else
     tdesc = parameter_brace_expand_word (name, var_is_special, quoted, PF_IGNUNBOUND|(pflags&(PF_NOSPLIT2|PF_ASSIGNRHS)), &ind);
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 23
 +#define PATCHLEVEL 24
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/125-upstream-bash43-025.patch
+++ b/utils/bash/patches/125-upstream-bash43-025.patch
@ -1,110 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-025
 Bug-Reported-by:	Stephane Chazelas <stephane.chazelas@gmail.com>
 Bug-Reference-ID:
 Bug-Reference-URL:
 Bug-Description:
 Under certain circumstances, bash will execute user code while processing the
 environment for exported function definitions.
 Patch (apply with `patch -p0'):
 --- a/builtins/common.h
 +++ b/builtins/common.h
@@ -33,6 +33,8 @@
 #define SEVAL_RESETLINE	0x010
 #define SEVAL_PARSEONLY	0x020
 #define SEVAL_NOLONGJMP 0x040
 +#define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
 +#define SEVAL_ONECMD	0x100		/* only allow a single command */
 /* Flags for describe_command, shared between type.def and command.def */
 #define CDESC_ALL		0x001	/* type -a */
 --- a/builtins/evalstring.c
 +++ b/builtins/evalstring.c
@@ -308,6 +308,14 @@ parse_and_execute (string, from_file, fl
 	    {
 	      struct fd_bitmap *bitmap;
 +	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
 +		{
 +		  internal_warning ("%s: ignoring function definition attempt", from_file);
 +		  should_jump_to_top_level = 0;
 +		  last_result = last_command_exit_value = EX_BADUSAGE;
 +		  break;
 +		}
 +
 	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
 	      begin_unwind_frame ("pe_dispose");
 	      add_unwind_protect (dispose_fd_bitmap, bitmap);
@@ -368,6 +376,9 @@ parse_and_execute (string, from_file, fl
 	      dispose_command (command);
 	      dispose_fd_bitmap (bitmap);
 	      discard_unwind_frame ("pe_dispose");
 +
 +	      if (flags & SEVAL_ONECMD)
 +		break;
 	    }
 	}
       else
 --- a/variables.c
 +++ b/variables.c
@@ -358,13 +358,11 @@ initialize_shell_variables (env, privmod
 	  temp_string[char_index] = ' ';
 	  strcpy (temp_string + char_index + 1, string);
 -	  if (posixly_correct == 0 || legal_identifier (name))
 -	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
 -
 -	  /* Ancient backwards compatibility.  Old versions of bash exported
 -	     functions like name()=() {...} */
 -	  if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
 -	    name[char_index - 2] = '\0';
 +	  /* Don't import function names that are invalid identifiers from the
 +	     environment, though we still allow them to be defined as shell
 +	     variables. */
 +	  if (legal_identifier (name))
 +	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
 	  if (temp_var = find_function (name))
 	    {
@@ -381,10 +379,6 @@ initialize_shell_variables (env, privmod
 	      last_command_exit_value = 1;
 	      report_error (_("error importing function definition for `%s'"), name);
 	    }
 -
 -	  /* ( */
 -	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
 -	    name[char_index - 2] = '(';		/* ) */
 	}
 #if defined (ARRAY_VARS)
 #  if ARRAY_EXPORT
 --- a/subst.c
 +++ b/subst.c
@@ -8047,7 +8047,9 @@ comsub:
 	  goto return0;
 	}
 -      else if (var = find_variable_last_nameref (temp1))
 +      else if (var && (invisible_p (var) || var_isset (var) == 0))
 +	temp = (char *)NULL;
 +      else if ((var = find_variable_last_nameref (temp1)) && var_isset (var) && invisible_p (var) == 0)
 	{
 	  temp = nameref_cell (var);
 #if defined (ARRAY_VARS)
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 24
 +#define PATCHLEVEL 25
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/126-upstream-bash43-026.patch
+++ b/utils/bash/patches/126-upstream-bash43-026.patch
@ -1,54 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-026
 Bug-Reported-by:	Tavis Ormandy <taviso@cmpxchg8b.com>
 Bug-Reference-ID:
 Bug-Reference-URL:	http://twitter.com/taviso/statuses/514887394294652929
 Bug-Description:
 Under certain circumstances, bash can incorrectly save a lookahead character and
 return it on a subsequent call, even when reading a new line.
 Patch (apply with `patch -p0'):
 --- a/parse.y
 +++ b/parse.y
@@ -2953,6 +2953,8 @@ reset_parser ()
   FREE (word_desc_to_read);
   word_desc_to_read = (WORD_DESC *)NULL;
 +  eol_ungetc_lookahead = 0;
 +
   current_token = '\n';		/* XXX */
   last_read_token = '\n';
   token_to_read = '\n';
 --- a/y.tab.c
 +++ b/y.tab.c
@@ -5265,6 +5265,8 @@ reset_parser ()
   FREE (word_desc_to_read);
   word_desc_to_read = (WORD_DESC *)NULL;
 +  eol_ungetc_lookahead = 0;
 +
   current_token = '\n';		/* XXX */
   last_read_token = '\n';
   token_to_read = '\n';
@@ -8539,4 +8541,3 @@ set_line_mbstate ()
     }
 }
 #endif /* HANDLE_MULTIBYTE */
 -
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 25
 +#define PATCHLEVEL 26
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/127-upstream-bash43-027.patch
+++ b/utils/bash/patches/127-upstream-bash43-027.patch
@ -1,176 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-027
 Bug-Reported-by:	Florian Weimer <fweimer@redhat.com>
 Bug-Reference-ID:
 Bug-Reference-URL:
 Bug-Description:
 This patch changes the encoding bash uses for exported functions to avoid
 clashes with shell variables and to avoid depending only on an environment
 variable's contents to determine whether or not to interpret it as a shell
 function.
 Patch (apply with `patch -p0'):
 --- a/variables.c
 +++ b/variables.c
@@ -83,6 +83,11 @@
 #define ifsname(s)	((s)[0] == 'I' && (s)[1] == 'F' && (s)[2] == 'S' && (s)[3] == '\0')
 +#define BASHFUNC_PREFIX		"BASH_FUNC_"
 +#define BASHFUNC_PREFLEN	10	/* == strlen(BASHFUNC_PREFIX */
 +#define BASHFUNC_SUFFIX		"%%"
 +#define BASHFUNC_SUFFLEN	2	/* == strlen(BASHFUNC_SUFFIX) */
 +
 extern char **environ;
 /* Variables used here and defined in other files. */
@@ -279,7 +284,7 @@ static void push_temp_var __P((PTR_T));
 static void propagate_temp_var __P((PTR_T));
 static void dispose_temporary_env __P((sh_free_func_t *));     
 -static inline char *mk_env_string __P((const char *, const char *));
 +static inline char *mk_env_string __P((const char *, const char *, int));
 static char **make_env_array_from_var_list __P((SHELL_VAR **));
 static char **make_var_export_array __P((VAR_CONTEXT *));
 static char **make_func_export_array __P((void));
@@ -349,22 +354,33 @@ initialize_shell_variables (env, privmod
       /* If exported function, define it now.  Don't import functions from
 	 the environment in privileged mode. */
 -      if (privmode == 0 && read_but_dont_execute == 0 && STREQN ("() {", string, 4))
 +      if (privmode == 0 && read_but_dont_execute == 0 && 
 +          STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
 +          STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
 +	  STREQN ("() {", string, 4))
 	{
 +	  size_t namelen;
 +	  char *tname;		/* desired imported function name */
 +
 +	  namelen = char_index - BASHFUNC_PREFLEN - BASHFUNC_SUFFLEN;
 +
 +	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
 +	  tname[namelen] = '\0';		/* now tname == func name */
 +
 	  string_length = strlen (string);
 -	  temp_string = (char *)xmalloc (3 + string_length + char_index);
 +	  temp_string = (char *)xmalloc (namelen + string_length + 2);
 -	  strcpy (temp_string, name);
 -	  temp_string[char_index] = ' ';
 -	  strcpy (temp_string + char_index + 1, string);
 +	  memcpy (temp_string, tname, namelen);
 +	  temp_string[namelen] = ' ';
 +	  memcpy (temp_string + namelen + 1, string, string_length + 1);
 	  /* Don't import function names that are invalid identifiers from the
 	     environment, though we still allow them to be defined as shell
 	     variables. */
 -	  if (legal_identifier (name))
 -	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
 +	  if (absolute_program (tname) == 0 && (posixly_correct == 0 || legal_identifier (tname)))
 +	    parse_and_execute (temp_string, tname, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
 -	  if (temp_var = find_function (name))
 +	  if (temp_var = find_function (tname))
 	    {
 	      VSETATTR (temp_var, (att_exported|att_imported));
 	      array_needs_making = 1;
@@ -377,8 +393,11 @@ initialize_shell_variables (env, privmod
 		  array_needs_making = 1;
 		}
 	      last_command_exit_value = 1;
 -	      report_error (_("error importing function definition for `%s'"), name);
 +	      report_error (_("error importing function definition for `%s'"), tname);
 	    }
 +
 +	  /* Restore original suffix */
 +	  tname[namelen] = BASHFUNC_SUFFIX[0];
 	}
 #if defined (ARRAY_VARS)
 #  if ARRAY_EXPORT
@@ -2954,7 +2973,7 @@ assign_in_env (word, flags)
   var->context = variable_context;	/* XXX */
   INVALIDATE_EXPORTSTR (var);
 -  var->exportstr = mk_env_string (name, value);
 +  var->exportstr = mk_env_string (name, value, 0);
   array_needs_making = 1;
@@ -3852,21 +3871,42 @@ merge_temporary_env ()
 /* **************************************************************** */
 static inline char *
 -mk_env_string (name, value)
 +mk_env_string (name, value, isfunc)
      const char *name, *value;
 +     int isfunc;
 {
 -  int name_len, value_len;
 -  char	*p;
 +  size_t name_len, value_len;
 +  char	*p, *q;
   name_len = strlen (name);
   value_len = STRLEN (value);
 -  p = (char *)xmalloc (2 + name_len + value_len);
 -  strcpy (p, name);
 -  p[name_len] = '=';
 +
 +  /* If we are exporting a shell function, construct the encoded function
 +     name. */
 +  if (isfunc && value)
 +    {
 +      p = (char *)xmalloc (BASHFUNC_PREFLEN + name_len + BASHFUNC_SUFFLEN + value_len + 2);
 +      q = p;
 +      memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN);
 +      q += BASHFUNC_PREFLEN;
 +      memcpy (q, name, name_len);
 +      q += name_len;
 +      memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN);
 +      q += BASHFUNC_SUFFLEN;
 +    }
 +  else
 +    {
 +      p = (char *)xmalloc (2 + name_len + value_len);
 +      memcpy (p, name, name_len);
 +      q = p + name_len;
 +    }
 +
 +  q[0] = '=';
   if (value && *value)
 -    strcpy (p + name_len + 1, value);
 +    memcpy (q + 1, value, value_len + 1);
   else
 -    p[name_len + 1] = '\0';
 +    q[1] = '\0';
 +
   return (p);
 }
@@ -3952,7 +3992,7 @@ make_env_array_from_var_list (vars)
 	  /* Gee, I'd like to get away with not using savestring() if we're
 	     using the cached exportstr... */
 	  list[list_index] = USE_EXPORTSTR ? savestring (value)
 -					   : mk_env_string (var->name, value);
 +					   : mk_env_string (var->name, value, function_p (var));
 	  if (USE_EXPORTSTR == 0)
 	    SAVE_EXPORTSTR (var, list[list_index]);
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 26
 +#define PATCHLEVEL 27
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/128-upstream-bash43-028.patch
+++ b/utils/bash/patches/128-upstream-bash43-028.patch
--- a/utils/bash/patches/129-upstream-bash43-029.patch
+++ b/utils/bash/patches/129-upstream-bash43-029.patch
@ -1,50 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-029
 Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
 Bug-Reference-ID:
 Bug-Reference-URL:
 Bug-Description:
 When bash is parsing a function definition that contains a here-document
 delimited by end-of-file (or end-of-string), it leaves the closing delimiter
 uninitialized.  This can result in an invalid memory access when the parsed
 function is later copied.
 Patch (apply with `patch -p0'):
 --- a/make_cmd.c
 +++ b/make_cmd.c
@@ -692,6 +692,7 @@ make_redirection (source, instruction, d
   /* First do the common cases. */
   temp->redirector = source;
   temp->redirectee = dest_and_filename;
 +  temp->here_doc_eof = 0;
   temp->instruction = instruction;
   temp->flags = 0;
   temp->rflags = flags;
 --- a/copy_cmd.c
 +++ b/copy_cmd.c
@@ -126,7 +126,7 @@ copy_redirect (redirect)
     {
     case r_reading_until:
     case r_deblank_reading_until:
 -      new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
 +      new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
       /*FALLTHROUGH*/
     case r_reading_string:
     case r_appending_to:
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 28
 +#define PATCHLEVEL 29
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/130-upstream-bash43-030.patch
+++ b/utils/bash/patches/130-upstream-bash43-030.patch
--- a/utils/bash/patches/131-upstream-bash43-031.patch
+++ b/utils/bash/patches/131-upstream-bash43-031.patch
@ -1,96 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-031
 Bug-Reported-by:	lolilolicon <lolilolicon@gmail.com>
 Bug-Reference-ID:	<CAMtVo_Nz=32Oq=zWTb6=+8gUNXOo2rRvud1W4oPnA-cgVk_ZqQ@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-08/msg00139.html
 Bug-Description:
 The new nameref assignment functionality introduced in bash-4.3 did not perform
 enough validation on the variable value and would create variables with
 invalid names.
 Patch (apply with `patch -p0'):
 --- a/subst.h
 +++ b/subst.h
@@ -47,6 +47,7 @@
 #define ASS_MKASSOC	0x0004
 #define ASS_MKGLOBAL	0x0008	/* force global assignment */
 #define ASS_NAMEREF	0x0010	/* assigning to nameref variable */
 +#define ASS_FROMREF	0x0020	/* assigning from value of nameref variable */
 /* Flags for the string extraction functions. */
 #define SX_NOALLOC	0x0001	/* just skip; don't return substring */
 --- a/variables.c
 +++ b/variables.c
@@ -2516,10 +2516,27 @@ bind_variable_internal (name, value, tab
      HASH_TABLE *table;
      int hflags, aflags;
 {
 -  char *newval;
 +  char *newname, *newval;
   SHELL_VAR *entry;
 +#if defined (ARRAY_VARS)
 +  arrayind_t ind;
 +  char *subp;
 +  int sublen;
 +#endif
 +  newname = 0;
 +#if defined (ARRAY_VARS)
 +  if ((aflags & ASS_FROMREF) && (hflags & HASH_NOSRCH) == 0 && valid_array_reference (name))
 +    {
 +      newname = array_variable_name (name, &subp, &sublen);
 +      if (newname == 0)
 +	return (SHELL_VAR *)NULL;	/* XXX */
 +      entry = hash_lookup (newname, table);
 +    }
 +  else
 +#endif
   entry = (hflags & HASH_NOSRCH) ? (SHELL_VAR *)NULL : hash_lookup (name, table);
 +
   /* Follow the nameref chain here if this is the global variables table */
   if (entry && nameref_p (entry) && (invisible_p (entry) == 0) && table == global_variables->table)
     {
@@ -2550,6 +2567,16 @@ bind_variable_internal (name, value, tab
       var_setvalue (entry, make_variable_value (entry, value, 0));
       }
     }
 +#if defined (ARRAY_VARS)
 +  else if (entry == 0 && newname)
 +    {
 +      entry = make_new_array_variable (newname);	/* indexed array by default */
 +      if (entry == 0)
 +	return entry;
 +      ind = array_expand_index (name, subp, sublen);
 +      bind_array_element (entry, ind, value, aflags);
 +    }
 +#endif
   else if (entry == 0)
     {
       entry = make_new_variable (name, table);
@@ -2670,7 +2697,8 @@ bind_variable (name, value, flags)
 			 normal. */
 		      if (nameref_cell (nv) == 0)
 			return (bind_variable_internal (nv->name, value, nvc->table, 0, flags));
 -		      return (bind_variable_internal (nameref_cell (nv), value, nvc->table, 0, flags));
 +		      /* XXX - bug here with ref=array[index] */
 +		      return (bind_variable_internal (nameref_cell (nv), value, nvc->table, 0, flags|ASS_FROMREF));
 		    }
 		  else
 		    v = nv;
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 30
 +#define PATCHLEVEL 31
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/132-upstream-bash43-032.patch
+++ b/utils/bash/patches/132-upstream-bash43-032.patch
@ -1,42 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-032
 Bug-Reported-by:	crispusfairbairn@gmail.com
 Bug-Reference-ID:	<b5e499f7-3b98-408d-9f94-c0387580e73a@googlegroups.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00013.html
 Bug-Description:
 When bash is running in Posix mode, it allows signals -- including SIGCHLD --
 to interrupt the `wait' builtin, as Posix requires.  However, the interrupt
 causes bash to not run a SIGCHLD trap for all exited children.  This patch
 fixes the issue and restores the documented behavior in Posix mode.
 Patch (apply with `patch -p0'):
 --- a/jobs.c
 +++ b/jobs.c
@@ -3339,7 +3339,9 @@ itrace("waitchld: waitpid returns %d blo
       if (posixly_correct && this_shell_builtin && this_shell_builtin == wait_builtin)
 	{
 	  interrupt_immediately = 0;
 -	  trap_handler (SIGCHLD);	/* set pending_traps[SIGCHLD] */
 +	  /* This was trap_handler (SIGCHLD) but that can lose traps if
 +	     children_exited > 1 */
 +	  queue_sigchld_trap (children_exited);
 	  wait_signal_received = SIGCHLD;
 	  /* If we're in a signal handler, let CHECK_WAIT_INTR pick it up;
 	     run_pending_traps will call run_sigchld_trap later  */
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 31
 +#define PATCHLEVEL 32
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/133-upstream-bash43-033.patch
+++ b/utils/bash/patches/133-upstream-bash43-033.patch
@ -1,201 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-033
 Bug-Reported-by:	mickael9@gmail.com, Jan Rome <jan.rome@gmail.com>
 Bug-Reference-ID:	<20140907224046.382ED3610CC@mickael-laptop.localdomain>,
 			<540D661D.50908@gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00029.html
 			http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00030.html
 Bug-Description:
 Bash does not clean up the terminal state in all cases where bash or
 readline  modifies it and bash is subsequently terminated by a fatal signal.
 This happens when the `read' builtin modifies the terminal settings, both
 when readline is active and when it is not.  It occurs most often when a script
 installs a trap that exits on a signal without re-sending the signal to itself.
 Patch (apply with `patch -p0'):
 --- a/shell.c
 +++ b/shell.c
@@ -73,6 +73,7 @@
 #endif
 #if defined (READLINE)
 +#  include <readline/readline.h>
 #  include "bashline.h"
 #endif
@@ -909,6 +910,14 @@ exit_shell (s)
   fflush (stdout);		/* XXX */
   fflush (stderr);
 +  /* Clean up the terminal if we are in a state where it's been modified. */
 +#if defined (READLINE)
 +  if (RL_ISSTATE (RL_STATE_TERMPREPPED) && rl_deprep_term_function)
 +    (*rl_deprep_term_function) ();
 +#endif
 +  if (read_tty_modified ())
 +    read_tty_cleanup ();
 +
   /* Do trap[0] if defined.  Allow it to override the exit status
      passed to us. */
   if (signal_is_trapped (0))
 --- a/builtins/read.def
 +++ b/builtins/read.def
@@ -140,10 +140,12 @@ static void reset_alarm __P((void));
 procenv_t alrmbuf;
 int sigalrm_seen;
 -static int reading;
 +static int reading, tty_modified;
 static SigHandler *old_alrm;
 static unsigned char delim;
 +static struct ttsave termsave;
 +
 /* In all cases, SIGALRM just sets a flag that we check periodically.  This
    avoids problems with the semi-tricky stuff we do with the xfree of
    input_string at the top of the unwind-protect list (see below). */
@@ -188,7 +190,6 @@ read_builtin (list)
   struct stat tsb;
   SHELL_VAR *var;
   TTYSTRUCT ttattrs, ttset;
 -  struct ttsave termsave;
 #if defined (ARRAY_VARS)
   WORD_LIST *alist;
 #endif
@@ -221,7 +222,7 @@ read_builtin (list)
   USE_VAR(ps2);
   USE_VAR(lastsig);
 -  sigalrm_seen = reading = 0;
 +  sigalrm_seen = reading = tty_modified = 0;
   i = 0;		/* Index into the string that we are reading. */
   raw = edit = 0;	/* Not reading raw input by default. */
@@ -438,6 +439,8 @@ read_builtin (list)
 	  retval = 128+SIGALRM;
 	  goto assign_vars;
 	}
 +      if (interactive_shell == 0)
 +	initialize_terminating_signals ();
       old_alrm = set_signal_handler (SIGALRM, sigalrm);
       add_unwind_protect (reset_alarm, (char *)NULL);
 #if defined (READLINE)
@@ -482,7 +485,10 @@ read_builtin (list)
 	  i = silent ? ttfd_cbreak (fd, &ttset) : ttfd_onechar (fd, &ttset);
 	  if (i < 0)
 	    sh_ttyerror (1);
 +	  tty_modified = 1;
 	  add_unwind_protect ((Function *)ttyrestore, (char *)&termsave);
 +	  if (interactive_shell == 0)
 +	    initialize_terminating_signals ();
 	}
     }
   else if (silent)	/* turn off echo but leave term in canonical mode */
@@ -497,7 +503,10 @@ read_builtin (list)
       if (i < 0)
 	sh_ttyerror (1);
 +      tty_modified = 1;
       add_unwind_protect ((Function *)ttyrestore, (char *)&termsave);
 +      if (interactive_shell == 0)
 +	initialize_terminating_signals ();
     }
   /* This *must* be the top unwind-protect on the stack, so the manipulation
@@ -588,6 +597,8 @@ read_builtin (list)
 	    }
 	  else
 	    lastsig = 0;
 +	  if (terminating_signal && tty_modified)
 +	    ttyrestore (&termsave);	/* fix terminal before exiting */
 	  CHECK_TERMSIG;
 	  eof = 1;
 	  break;
@@ -978,6 +989,20 @@ ttyrestore (ttp)
      struct ttsave *ttp;
 {
   ttsetattr (ttp->fd, ttp->attrs);
 +  tty_modified = 0;
 +}
 +
 +void
 +read_tty_cleanup ()
 +{
 +  if (tty_modified)
 +    ttyrestore (&termsave);
 +}
 +
 +int
 +read_tty_modified ()
 +{
 +  return (tty_modified);
 }
 #if defined (READLINE)
 --- a/builtins/common.h
 +++ b/builtins/common.h
@@ -122,6 +122,10 @@ extern void bash_logout __P((void));
 /* Functions from getopts.def */
 extern void getopts_reset __P((int));
 +/* Functions from read.def */
 +extern void read_tty_cleanup __P((void));
 +extern int read_tty_modified __P((void));
 +
 /* Functions from set.def */
 extern int minus_o_option_value __P((char *));
 extern void list_minus_o_opts __P((int, int));
 --- a/bashline.c
 +++ b/bashline.c
@@ -202,6 +202,7 @@ extern int current_command_line_count, s
 extern int last_command_exit_value;
 extern int array_needs_making;
 extern int posixly_correct, no_symbolic_links;
 +extern int sigalrm_seen;
 extern char *current_prompt_string, *ps1_prompt;
 extern STRING_INT_ALIST word_token_alist[];
 extern sh_builtin_func_t *last_shell_builtin, *this_shell_builtin;
@@ -4208,8 +4209,9 @@ bash_event_hook ()
 {
   /* If we're going to longjmp to top_level, make sure we clean up readline.
      check_signals will call QUIT, which will eventually longjmp to top_level,
 -     calling run_interrupt_trap along the way. */
 -  if (interrupt_state)
 +     calling run_interrupt_trap along the way.  The check for sigalrm_seen is
 +     to clean up the read builtin's state. */
 +  if (terminating_signal || interrupt_state || sigalrm_seen)
     rl_cleanup_after_signal ();
   bashline_reset_event_hook ();
   check_signals_and_traps ();	/* XXX */
 --- a/sig.c
 +++ b/sig.c
@@ -532,8 +532,10 @@ termsig_sighandler (sig)
 #if defined (READLINE)
   /* Set the event hook so readline will call it after the signal handlers
      finish executing, so if this interrupted character input we can get
 -     quick response. */
 -  if (interactive_shell && interactive && no_line_editing == 0)
 +     quick response.  If readline is active or has modified the terminal we
 +     need to set this no matter what the signal is, though the check for
 +     RL_STATE_TERMPREPPED is possibly redundant. */
 +  if (RL_ISSTATE (RL_STATE_SIGHANDLER) || RL_ISSTATE (RL_STATE_TERMPREPPED))
     bashline_set_event_hook ();
 #endif
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 32
 +#define PATCHLEVEL 33
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/134-upstream-bash43-034.patch
+++ b/utils/bash/patches/134-upstream-bash43-034.patch
@ -1,74 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-034
 Bug-Reported-by:	Dreamcat4 <dreamcat4@gmail.com>
 Bug-Reference-ID:	<CAN39uTpAEs2GFu4ebC_SfSVMRTh-DJ9YanrY4BZZ3OO+CCHjng@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-05/msg00001.html
 Bug-Description:
 If neither the -f nor -v options is supplied to unset, and a name argument is
 found to be a function and unset, subsequent name arguments are not treated as
 variables before attempting to unset a function by that name.
 Patch (apply with `patch -p0'):
 --- a/builtins/set.def
 +++ b/builtins/set.def
@@ -751,9 +751,11 @@ unset_builtin (list)
   WORD_LIST *list;
 {
   int unset_function, unset_variable, unset_array, opt, nameref, any_failed;
 +  int global_unset_func, global_unset_var;
   char *name;
   unset_function = unset_variable = unset_array = nameref = any_failed = 0;
 +  global_unset_func = global_unset_var = 0;
   reset_internal_getopt ();
   while ((opt = internal_getopt (list, "fnv")) != -1)
@@ -761,10 +763,10 @@ unset_builtin (list)
       switch (opt)
 	{
 	case 'f':
 -	  unset_function = 1;
 +	  global_unset_func = 1;
 	  break;
 	case 'v':
 -	  unset_variable = 1;
 +	  global_unset_var = 1;
 	  break;
 	case 'n':
 	  nameref = 1;
@@ -777,7 +779,7 @@ unset_builtin (list)
   list = loptend;
 -  if (unset_function && unset_variable)
 +  if (global_unset_func && global_unset_var)
     {
       builtin_error (_("cannot simultaneously unset a function and a variable"));
       return (EXECUTION_FAILURE);
@@ -795,6 +797,9 @@ unset_builtin (list)
       name = list->word->word;
 +      unset_function = global_unset_func;
 +      unset_variable = global_unset_var;
 +
 #if defined (ARRAY_VARS)
       unset_array = 0;
       if (!unset_function && valid_array_reference (name))
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 33
 +#define PATCHLEVEL 34
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/135-upstream-bash43-035.patch
+++ b/utils/bash/patches/135-upstream-bash43-035.patch
@ -1,48 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-035
 Bug-Reported-by:	<romerox.adrian@gmail.com>
 Bug-Reference-ID:	<CABV5r3zhPXmSKUe9uedeGc5YFBM2njJ1iVmY2h5neWdQpDBQug@mail.gmail.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-08/msg00045.html
 Bug-Description:
 A locale with a long name can trigger a buffer overflow and core dump.  This
 applies on systems that do not have locale_charset in libc, are not using
 GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
 Patch (apply with `patch -p0'):
 --- a/lib/sh/unicode.c
 +++ b/lib/sh/unicode.c
@@ -78,13 +78,15 @@ stub_charset ()
   s = strrchr (locale, '.');
   if (s)
     {
 -      strcpy (charsetbuf, s+1);
 +      strncpy (charsetbuf, s+1, sizeof (charsetbuf) - 1);
 +      charsetbuf[sizeof (charsetbuf) - 1] = '\0';
       t = strchr (charsetbuf, '@');
       if (t)
 	*t = 0;
       return charsetbuf;
     }
 -  strcpy (charsetbuf, locale);
 +  strncpy (charsetbuf, locale, sizeof (charsetbuf) - 1);
 +  charsetbuf[sizeof (charsetbuf) - 1] = '\0';
   return charsetbuf;
 }
 #endif
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 34
 +#define PATCHLEVEL 35
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/136-upstream-bash43-036.patch
+++ b/utils/bash/patches/136-upstream-bash43-036.patch
@ -1,48 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-036
 Bug-Reported-by:	emanuelczirai@cryptolab.net
 Bug-Reference-ID:	<f962e4f556da5ebfadaf7afe9c78a8cb@cryptolab.net>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-02/msg00071.html
 Bug-Description:
 When evaluating and setting integer variables, and the assignment fails to
 create a variable (for example, when performing an operation on an array
 variable with an invalid subscript), bash attempts to dereference a null
 pointer, causing a segmentation violation.
 Patch (apply with `patch -p0'):
 --- a/variables.c
 +++ b/variables.c
@@ -2833,10 +2833,12 @@ bind_int_variable (lhs, rhs)
 #endif
     v = bind_variable (lhs, rhs, 0);
 -  if (v && isint)
 -    VSETATTR (v, att_integer);
 -
 -  VUNSETATTR (v, att_invisible);
 +  if (v)
 +    {
 +      if (isint)
 +	VSETATTR (v, att_integer);
 +      VUNSETATTR (v, att_invisible);
 +    }
   return (v);
 }
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 35
 +#define PATCHLEVEL 36
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/137-upstream-bash43-037.patch
+++ b/utils/bash/patches/137-upstream-bash43-037.patch
@ -1,38 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-037
 Bug-Reported-by:	Greg Wooledge <wooledg@eeg.ccf.org>
 Bug-Reference-ID:	<20150204144240.GN13956@eeg.ccf.org>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-02/msg00007.html
 Bug-Description:
 If an associative array uses `@' or `*' as a subscript, `declare -p' produces
 output that cannot be reused as input.
 Patch (apply with `patch -p0'):
 --- a/assoc.c
 +++ b/assoc.c
@@ -436,6 +436,8 @@ assoc_to_assign (hash, quoted)
 #if 1
 	if (sh_contains_shell_metas (tlist->key))
 	  istr = sh_double_quote (tlist->key);
 +	else if (ALL_ELEMENT_SUB (tlist->key[0]) && tlist->key[1] == '\0')
 +	  istr = sh_double_quote (tlist->key);	
 	else
 	  istr = tlist->key;	
 #else
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 36
 +#define PATCHLEVEL 37
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/138-upstream-bash43-038.patch
+++ b/utils/bash/patches/138-upstream-bash43-038.patch
@ -1,67 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-038
 Bug-Reported-by:	worley@alum.mit.edu (Dale R. Worley)
 Bug-Reference-ID:	<201406100051.s5A0pCeB014978@hobgoblin.ariadne.com>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00028.html
 Bug-Description:
 There are a number of instances where `time' is not recognized as a reserved
 word when the shell grammar says it should be.
 Patch (apply with `patch -p0'):
 --- a/parse.y
 +++ b/parse.y
@@ -2818,11 +2818,16 @@ time_command_acceptable ()
     case AND_AND:
     case OR_OR:
     case '&':
 +    case WHILE:
     case DO:
 +    case UNTIL:
 +    case IF:
     case THEN:
 +    case ELIF:
     case ELSE:
     case '{':		/* } */
 -    case '(':		/* ) */
 +    case '(':		/* )( */
 +    case ')':		/* only valid in case statement */
     case BANG:		/* ! time pipeline */
     case TIME:		/* time time pipeline */
     case TIMEOPT:	/* time -p time pipeline */
 --- a/y.tab.c
 +++ b/y.tab.c
@@ -5130,11 +5130,16 @@ time_command_acceptable ()
     case AND_AND:
     case OR_OR:
     case '&':
 +    case WHILE:
     case DO:
 +    case UNTIL:
 +    case IF:
     case THEN:
 +    case ELIF:
     case ELSE:
     case '{':		/* } */
 -    case '(':		/* ) */
 +    case '(':		/* )( */
 +    case ')':		/* only valid in case statement */
     case BANG:		/* ! time pipeline */
     case TIME:		/* time time pipeline */
     case TIMEOPT:	/* time -p time pipeline */
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 37
 +#define PATCHLEVEL 38
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/139-upstream-bash43-039.patch
+++ b/utils/bash/patches/139-upstream-bash43-039.patch
@ -1,52 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-039
 Bug-Reported-by:	SN <poczta-sn@gazeta.pl>
 Bug-Reference-ID:	<54E2554C.205@gazeta.pl>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-02/msg00060.html
 Bug-Description:
 Using the output of `declare -p' when run in a function can result in variables
 that are invisible to `declare -p'.  This problem occurs when an assignment
 builtin such as `declare' receives a quoted compound array assignment as one of
 its arguments.
 Patch (apply with `patch -p0'):
 --- a/arrayfunc.c
 +++ b/arrayfunc.c
@@ -404,6 +404,9 @@ assign_array_var_from_word_list (var, li
       (*var->assign_func) (var, l->word->word, i, 0);
     else
       array_insert (a, i, l->word->word);
 +
 +  VUNSETATTR (var, att_invisible);	/* no longer invisible */
 +
   return var;
 }
@@ -634,6 +637,10 @@ assign_array_var_from_string (var, value
   if (nlist)
     dispose_words (nlist);
 +
 +  if (var)
 +    VUNSETATTR (var, att_invisible);	/* no longer invisible */
 +
   return (var);
 }
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 38
 +#define PATCHLEVEL 39
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/140-upstream-bash43-040.patch
+++ b/utils/bash/patches/140-upstream-bash43-040.patch
@ -1,38 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-040
 Bug-Reported-by:	Jean Delvare <jdelvare@suse.de>
 Bug-Reference-ID:	<20150609180231.5f463695@endymion.delvare>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-06/msg00033.html
 Bug-Description:
 There is a memory leak that occurs when bash expands an array reference on
 the rhs of an assignment statement.
 Patch (apply with `patch -p0'):
 --- a/subst.c
 +++ b/subst.c
@@ -5782,7 +5782,7 @@ expand_arrayref:
       /* XXX - does this leak if name[@] or name[*]? */
       if (pflags & PF_ASSIGNRHS)
         {
 -          temp = array_variable_name (name, &tt, (int *)0);
 +          var = array_variable_part (name, &tt, (int *)0);
           if (ALL_ELEMENT_SUB (tt[0]) && tt[1] == ']')
 	    temp = array_value (name, quoted|Q_DOUBLE_QUOTES, 0, &atype, &ind);
 	  else
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 39
 +#define PATCHLEVEL 40
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/141-upstream-bash43-041.patch
+++ b/utils/bash/patches/141-upstream-bash43-041.patch
@ -1,67 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-041
 Bug-Reported-by:	Hanno Böck <hanno@hboeck.de>
 Bug-Reference-ID:	<20150623131106.6f111da9@pc1>, <20150707004640.0e61d2f9@pc1>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-06/msg00089.html,
 			http://lists.gnu.org/archive/html/bug-bash/2015-07/msg00018.html
 Bug-Description:
 There are several out-of-bounds read errors that occur when completing command
 lines where assignment statements appear before the command name.  The first
 two appear only when programmable completion is enabled; the last one only
 happens when listing possible completions.
 Patch (apply with `patch -p0'):
 --- a/bashline.c
 +++ b/bashline.c
@@ -1468,10 +1468,23 @@ attempt_shell_completion (text, start, e
       os = start;
       n = 0;
 +      was_assignment = 0;
       s = find_cmd_start (os);
       e = find_cmd_end (end);
       do
 	{
 +	  /* Don't read past the end of rl_line_buffer */
 +	  if (s > rl_end)
 +	    {
 +	      s1 = s = e1;
 +	      break;
 +	    }
 +	  /* Or past point if point is within an assignment statement */
 +	  else if (was_assignment && s > rl_point)
 +	    {
 +	      s1 = s = e1;
 +	      break;
 +	    }
 	  /* Skip over assignment statements preceding a command name.  If we
 	     don't find a command name at all, we can perform command name
 	     completion.  If we find a partial command name, we should perform
 --- a/lib/readline/complete.c
 +++ b/lib/readline/complete.c
@@ -689,6 +689,8 @@ printable_part (pathname)
   if (temp == 0 || *temp == '\0')
     return (pathname);
 +  else if (temp[1] == 0 && temp == pathname)
 +    return (pathname);
   /* If the basename is NULL, we might have a pathname like '/usr/src/'.
      Look for a previous slash and, if one is found, return the portion
      following that slash.  If there's no previous slash, just return the
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 40
 +#define PATCHLEVEL 41
 #endif /* _PATCHLEVEL_H_ */
--- a/utils/bash/patches/142-upstream-bash43-042.patch
+++ b/utils/bash/patches/142-upstream-bash43-042.patch
@ -1,50 +0,0 @@
 			     BASH PATCH REPORT
 			     =================
 Bash-Release:	4.3
 Patch-ID:	bash43-042
 Bug-Reported-by:	Nathan Neulinger <nneul@neulinger.org>
 Bug-Reference-ID:	<558EFDF2.7060402@neulinger.org>
 Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2015-06/msg00096.html
 Bug-Description:
 There is a problem when parsing command substitutions containing `case'
 commands within pipelines that causes the parser to not correctly identify
 the end of the command substitution.
 Patch (apply with `patch -p0'):
 --- a/parse.y
 +++ b/parse.y
@@ -3708,6 +3708,8 @@ eof_error:
 /*itrace("parse_comsub:%d: lex_inword -> 1 ch = `%c' (%d)", line_number, ch, __LINE__);*/
 	      tflags |= LEX_INWORD;
 	      lex_wlen = 0;
 +	      if (tflags & LEX_RESWDOK)
 +		lex_rwlen = 0;
 	    }
 	}
 --- a/y.tab.c
 +++ b/y.tab.c
@@ -6020,6 +6020,8 @@ eof_error:
 /*itrace("parse_comsub:%d: lex_inword -> 1 ch = `%c' (%d)", line_number, ch, __LINE__);*/
 	      tflags |= LEX_INWORD;
 	      lex_wlen = 0;
 +	      if (tflags & LEX_RESWDOK)
 +		lex_rwlen = 0;
 	    }
 	}
 --- a/patchlevel.h
 +++ b/patchlevel.h
@@ -25,6 +25,6 @@
    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
    looks for to find the patch level (for the sccs version string). */
 -#define PATCHLEVEL 41
 +#define PATCHLEVEL 42
 #endif /* _PATCHLEVEL_H_ */