bash: update to 5.3 patch level 15

- Fix technically undefined behavior when comparing return value from
  realloc to the original pointer
- Update mapfile patch 11, removing stray line and improving the
  efficiency of the original fix
- Fix read builtin to avoid cases where -1 is used as an index into the
  input buffer

Signed-off-by: Wei-Ting Yang <redacted>

diff --git a/utils/bash/Makefile b/utils/bash/Makefile
index ba11738f8709c97e02cd748c7f3508d3a0ebc5b8..6d42796cf14b5177b4e5bb10319417b65a9039ad 100644 (file)
--- a/utils/bash/Makefile
+++ b/utils/bash/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bash
 PKG_VERSION:=5.3
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@GNU/bash

diff --git a/utils/bash/patches/012-bash_5.3_patch_13.patch b/utils/bash/patches/012-bash_5.3_patch_13.patch
new file mode 100644 (file)
index 0000000..af2dc51
--- /dev/null
+++ b/utils/bash/patches/012-bash_5.3_patch_13.patch
@@ -0,0 +1,31 @@
+From 427d51d84df2fecc3d1a20f28b16f38234cd9914 Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Wed, 10 Jun 2026 08:56:30 -0400
+Subject: Bash-5.3 patch 13: fix technically undefined behavior when comparing
+ return value from realloc to the original pointer
+
+--- a/builtins/read.def
++++ b/builtins/read.def
+@@ -788,8 +788,11 @@ read_builtin (WORD_LIST *list)
+         char *x;
+         x = (char *)xrealloc (input_string, size += 128);
+ 
+-        /* Only need to change unwind-protect if input_string changes */
++#if 0
++        /* This is, in theory, undefined behavior, since input_string may
++           have been freed. */
+         if (x != input_string)
++#endif
+           {
+             input_string = x;
+             remove_unwind_protect ();
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[  ]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 12
++#define PATCHLEVEL 13
+ 
+ #endif /* _PATCHLEVEL_H_ */

diff --git a/utils/bash/patches/013-bash_5.3_patch_14.patch b/utils/bash/patches/013-bash_5.3_patch_14.patch
new file mode 100644 (file)
index 0000000..81c9360
--- /dev/null
+++ b/utils/bash/patches/013-bash_5.3_patch_14.patch
@@ -0,0 +1,44 @@
+From a833685ecb9681b611b9c4c44b2e4c40932fcd6f Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Wed, 10 Jun 2026 08:58:29 -0400
+Subject: Bash-5.3 patch 14: update mapfile patch 11, removing stray line and
+ improving the efficiency of the original fix
+
+--- a/builtins/mapfile.def
++++ b/builtins/mapfile.def
+@@ -197,16 +197,16 @@ mapfile (int fd, long line_count_goal, l
+           zsyncfd (fd);
+ 
+         run_callback (callback, array_index, line);
+-      }
+-
+-      /* Bad things can happen if the callback modifies ENTRY, e.g.,
+-       unsetting it or changing it to a non-indexed-array type, so we
+-       look it up again every time we need to assign something */
+-      entry = bind_array_variable (array_name, array_index, line, 0);
+-      if (entry == 0 || ASSIGN_DISALLOWED (entry, 0))
+-      return EXECUTION_FAILURE;
+ 
+-      bind_array_element (entry, array_index, line, 0);
++        /* Bad things can happen if the callback modifies ENTRY, e.g.,
++           unsetting it or changing it to a non-indexed-array type, so we
++           look it up again every time we need to assign something */
++        entry = bind_array_variable (array_name, array_index, line, 0);
++        if (entry == 0 || ASSIGN_DISALLOWED (entry, 0))
++          return EXECUTION_FAILURE;
++      }
++      else
++      bind_array_element (entry, array_index, line, 0);
+ 
+       /* Have we exceeded # of lines to store? */
+       line_count++;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[  ]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 13
++#define PATCHLEVEL 14
+ 
+ #endif /* _PATCHLEVEL_H_ */

diff --git a/utils/bash/patches/014-bash_5.3_patch_15.patch b/utils/bash/patches/014-bash_5.3_patch_15.patch
new file mode 100644 (file)
index 0000000..4ab688c
--- /dev/null
+++ b/utils/bash/patches/014-bash_5.3_patch_15.patch
@@ -0,0 +1,48 @@
+From b460816602167718f78a6233164e8875f49b75b2 Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Wed, 10 Jun 2026 08:59:27 -0400
+Subject: Bash-5.3 patch 15: fix read builtin to avoid cases where -1 is used
+ as an index into the input buffer
+
+--- a/builtins/read.def
++++ b/builtins/read.def
+@@ -538,7 +538,8 @@ read_builtin (WORD_LIST *list)
+            so we have to save input_string temporarily, run the unwind-
+            protects, then restore input_string so we can use it later */
+         orig_input_string = 0;
+-        input_string[i] = '\0';       /* make sure it's terminated */
++        if (i >= 0)
++          input_string[i] = '\0';     /* make sure it's terminated */
+         if (i == 0)
+           {
+             t = (char *)xmalloc (1);
+@@ -592,8 +593,7 @@ read_builtin (WORD_LIST *list)
+         termsave.attrs = ttattrs;
+ 
+         ttset = ttattrs;        
+-        i = silent ? ttfd_cbreak (fd, &ttset) : ttfd_onechar (fd, &ttset);
+-        if (i < 0)
++        if ((silent ? ttfd_cbreak (fd, &ttset) : ttfd_onechar (fd, &ttset)) < 0)
+           sh_ttyerror (1);
+         tty_modified = 1;
+         add_unwind_protect (uw_ttyrestore, &termsave);
+@@ -609,8 +609,7 @@ read_builtin (WORD_LIST *list)
+       termsave.attrs = ttattrs;
+ 
+       ttset = ttattrs;
+-      i = ttfd_noecho (fd, &ttset);                   /* ttnoecho (); */
+-      if (i < 0)
++      if (ttfd_noecho (fd, &ttset) < 0)
+       sh_ttyerror (1);
+ 
+       tty_modified = 1;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[  ]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 14
++#define PATCHLEVEL 15
+ 
+ #endif /* _PATCHLEVEL_H_ */