- Update from version 5.3 patch 3 to 5.3 patch 8
- No change to rootfile
- Changelog
patch 8
Bash tries to consume entire multibyte characters when looking for
backslash
escapes in $'...' strings, and treats too many characters as potentially
beginning a multibyte character in UTF-8 locales. Being more selective
about
when to call mbrtowc() can lead to optimized string processing and
script
speedups. This patch also handles the unlikely situation of a locale
encoding null wide characters with non-null bytes.
patch 7
No-fork command substitutions can perform redirections that act on the
enclosing command as well.
patch 6
When `globasciiranges' is enabled, glob patterns with ranges in bracket
expressions can produce incorrect matches for character ranges whose
start and end are non-ascii characters.
patch 5
Restoring the default disposition in a subshell for a signal bash treats
specially can cause a crash.
patch 4
The Linux kernel reports incorrect sizes for files in
/sys/block/*/uevent,
leading bash to report a read error when the byte count does not agree
with the file size from fstat(2).
Signed-off-by: Adolf Belka <[email protected]>
---
lfs/bash | 2 +-
src/patches/bash/bash53-004 | 47 ++++++++
src/patches/bash/bash53-005 | 42 +++++++
src/patches/bash/bash53-006 | 48 ++++++++
src/patches/bash/bash53-007 | 56 +++++++++
src/patches/bash/bash53-008 | 231 ++++++++++++++++++++++++++++++++++++
6 files changed, 425 insertions(+), 1 deletion(-)
create mode 100644 src/patches/bash/bash53-004
create mode 100644 src/patches/bash/bash53-005
create mode 100644 src/patches/bash/bash53-006
create mode 100644 src/patches/bash/bash53-007
create mode 100644 src/patches/bash/bash53-008
diff --git a/lfs/bash b/lfs/bash
index 1bc7b52f6..adfbd35d1 100644
--- a/lfs/bash
+++ b/lfs/bash
@@ -25,7 +25,7 @@
include Config
VER = 5.3
-PATCHVER = 3
+PATCHVER = 8
THISAPP = bash-$(VER)
DL_FILE = $(THISAPP).tar.gz
diff --git a/src/patches/bash/bash53-004 b/src/patches/bash/bash53-004
new file mode 100644
index 000000000..5d7705c0d
--- /dev/null
+++ b/src/patches/bash/bash53-004
@@ -0,0 +1,47 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.3
+Patch-ID: bash53-004
+
+Bug-Reported-by: Emanuele Torre <[email protected]>
+Bug-Reference-ID: <aHKS0uA8Sf_vMT25@ntoo>
+Bug-Reference-URL:
https://lists.gnu.org/archive/html/bug-bash/2025-07/msg00031.html
+
+Bug-Description:
+
+The Linux kernel reports incorrect sizes for files in /sys/block/*/uevent,
+leading bash to report a read error when the byte count does not agree
+with the file size from fstat(2).
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.3-patched/builtins/evalfile.c Fri Sep 6 15:42:40 2024
+--- builtins/evalfile.c Fri Sep 12 11:38:57 2025
+***************
+*** 161,166 ****
+--- 161,168 ----
+ if (nr >= 0)
+ string[nr] = '\0';
++ #if 0
+ if (nr != file_size)
+ nr = -1; /* XXX - didn't get the whole file */
++ #endif
+ }
+ else
+
+*** ../bash-5.3/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 3
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 4
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/src/patches/bash/bash53-005 b/src/patches/bash/bash53-005
new file mode 100644
index 000000000..2bebca8be
--- /dev/null
+++ b/src/patches/bash/bash53-005
@@ -0,0 +1,42 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.3
+Patch-ID: bash53-005
+
+Bug-Reported-by: [email protected]
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+Restoring the default disposition in a subshell for a signal bash treats
+specially can cause a crash.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.3-patched/trap.c Thu Dec 19 11:35:49 2024
+--- trap.c Fri Nov 7 11:23:31 2025
+***************
+*** 965,968 ****
+--- 965,969 ----
+ set_signal_handler (sig, SIG_DFL);
+ change_signal (sig, (char *)DEFAULT_SIG);
++ sigmodes[sig] &= ~SIG_TRAPPED; /* no longer trapped */
+ return;
+ }
+*** ../bash-5.3/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 4
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 5
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/src/patches/bash/bash53-006 b/src/patches/bash/bash53-006
new file mode 100644
index 000000000..95891a474
--- /dev/null
+++ b/src/patches/bash/bash53-006
@@ -0,0 +1,48 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.3
+Patch-ID: bash53-006
+
+Bug-Reported-by: Duncan Roe <[email protected]>
+Bug-Reference-ID: <aL0p/[email protected]>
+Bug-Reference-URL:
https://lists.gnu.org/archive/html/bug-bash/2025-09/msg00053.html
+
+Bug-Description:
+
+When `globasciiranges' is enabled, glob patterns with ranges in bracket
+expressions can produce incorrect matches for character ranges whose
+start and end are non-ascii characters.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.3-patched/lib/glob/smatch.c Mon May 29 14:15:17 2023
+--- lib/glob/smatch.c Mon Sep 8 12:54:59 2025
+***************
+*** 391,395 ****
+ return 0;
+
+! if (forcecoll == 0 && glob_asciirange && c1 <= UCHAR_MAX && c2 <=
UCHAR_MAX)
+ return ((int)(c1 - c2));
+
+--- 391,395 ----
+ return 0;
+
+! if (forcecoll == 0 && glob_asciirange)
+ return ((int)(c1 - c2));
+
+*** ../bash-5.3/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 5
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 6
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/src/patches/bash/bash53-007 b/src/patches/bash/bash53-007
new file mode 100644
index 000000000..58bc0d710
--- /dev/null
+++ b/src/patches/bash/bash53-007
@@ -0,0 +1,56 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.3
+Patch-ID: bash53-007
+
+Bug-Reported-by: [email protected]
+Bug-Reference-ID: <[email protected]>
+Bug-Reference-URL:
+
+Bug-Description:
+
+No-fork command substitutions can perform redirections that act on the
+enclosing command as well.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.3-patched/subst.c Fri Jul 25 08:53:25 2025
+--- subst.c Tue Aug 12 15:41:01 2025
+***************
+*** 207,210 ****
+--- 207,212 ----
+ extern int extended_quote;
+
++ extern REDIRECT *exec_redirection_undo_list, *redirection_undo_list;
++
+ #if !defined (HAVE_WCSDUP) && defined (HANDLE_MULTIBYTE)
+ extern wchar_t *wcsdup (const wchar_t *);
+***************
+*** 7001,7004 ****
+--- 7003,7011 ----
+ }
+ #endif
++
++ unwind_protect_pointer (redirection_undo_list);
++ redirection_undo_list = NULL;
++ unwind_protect_pointer (exec_redirection_undo_list);
++ exec_redirection_undo_list = NULL;
+
+ subst_assign_varlist = 0;
+
+*** ../bash-5.3/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 6
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 7
+
+ #endif /* _PATCHLEVEL_H_ */
diff --git a/src/patches/bash/bash53-008 b/src/patches/bash/bash53-008
new file mode 100644
index 000000000..4ab993518
--- /dev/null
+++ b/src/patches/bash/bash53-008
@@ -0,0 +1,231 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 5.3
+Patch-ID: bash53-008
+
+Bug-Reported-by: Grisha Levit <[email protected]>
+Bug-Reference-ID: <[email protected]>
+Bug-Reference-URL:
https://lists.gnu.org/archive/html/bug-bash/2025-10/msg00145.html
+
+Bug-Description:
+
+Bash tries to consume entire multibyte characters when looking for backslash
+escapes in $'...' strings, and treats too many characters as potentially
+beginning a multibyte character in UTF-8 locales. Being more selective about
+when to call mbrtowc() can lead to optimized string processing and script
+speedups. This patch also handles the unlikely situation of a locale
+encoding null wide characters with non-null bytes.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.3-patched/lib/sh/strtrans.c Fri Oct 13 11:57:46 2023
+--- lib/sh/strtrans.c Mon Oct 27 14:30:35 2025
+***************
+*** 56,60 ****
+ unsigned long v;
+ size_t clen;
+! int mb_cur_max;
+ #if defined (HANDLE_MULTIBYTE)
+ wchar_t wc;
+--- 56,60 ----
+ unsigned long v;
+ size_t clen;
+! size_t mb_cur_max;
+ #if defined (HANDLE_MULTIBYTE)
+ wchar_t wc;
+***************
+*** 64,68 ****
+ return ((char *)0);
+
+! mb_cur_max = MB_CUR_MAX;
+ #if defined (HANDLE_MULTIBYTE)
+ temp = 4*len + 4;
+--- 64,68 ----
+ return ((char *)0);
+
+! mb_cur_max = locale_mb_cur_max;
+ #if defined (HANDLE_MULTIBYTE)
+ temp = 4*len + 4;
+***************
+*** 80,87 ****
+ clen = 1;
+ #if defined (HANDLE_MULTIBYTE)
+! if ((locale_utf8locale && (c & 0x80)) ||
+! (locale_utf8locale == 0 && mb_cur_max > 0 && is_basic (c) == 0))
+ {
+ clen = mbrtowc (&wc, s - 1, mb_cur_max, 0);
+ if (MB_INVALIDCH (clen))
+ clen = 1;
+--- 80,91 ----
+ clen = 1;
+ #if defined (HANDLE_MULTIBYTE)
+! /* We read an entire multibyte character at a time if we are in a
+! locale where a backslash can possibly appear as part of a
+! multibyte character. UTF-8 encodings prohibit this. */
+! if (locale_utf8locale == 0 && mb_cur_max > 1 && is_basic (c) == 0)
+ {
+ clen = mbrtowc (&wc, s - 1, mb_cur_max, 0);
++ if (MB_NULLWCH (clen))
++ break; /* it apparently can happen */
+ if (MB_INVALIDCH (clen))
+ clen = 1;
+***************
+*** 228,237 ****
+ char *r, *ret;
+ const char *s;
+- size_t l, rsize;
+ unsigned char c;
+ size_t clen;
+ int b;
+- #if defined (HANDLE_MULTIBYTE)
+ wchar_t wc;
+ #endif
+
+--- 232,241 ----
+ char *r, *ret;
+ const char *s;
+ unsigned char c;
++ #if defined (HANDLE_MULTIBYTE)
+ size_t clen;
+ int b;
+ wchar_t wc;
++ DECLARE_MBSTATE;
+ #endif
+
+***************
+*** 239,245 ****
+ return ((char *)0);
+
+! l = strlen (str);
+! rsize = 4 * l + 4;
+! r = ret = (char *)xmalloc (rsize);
+
+ *r++ = '$';
+--- 243,247 ----
+ return ((char *)0);
+
+! r = ret = (char *)xmalloc (4 * strlen (str) + 4);
+
+ *r++ = '$';
+***************
+*** 248,255 ****
+ for (s = str; c = *s; s++)
+ {
+- b = 1; /* 1 == add backslash; 0 == no backslash */
+- l = 1;
+- clen = 1;
+-
+ switch (c)
+ {
+--- 250,253 ----
+***************
+*** 267,303 ****
+ default:
+ #if defined (HANDLE_MULTIBYTE)
+! b = is_basic (c);
+! /* XXX - clen comparison to 0 is dicey */
+! if ((b == 0 && ((clen = mbrtowc (&wc, s, MB_CUR_MAX, 0)) < 0 ||
MB_INVALIDCH (clen) || iswprint (wc) == 0)) ||
+! (b == 1 && ISPRINT (c) == 0))
+! #else
+! if (ISPRINT (c) == 0)
+! #endif
+ {
+! *r++ = '\\';
+! *r++ = TOCHAR ((c >> 6) & 07);
+! *r++ = TOCHAR ((c >> 3) & 07);
+! *r++ = TOCHAR (c & 07);
+! continue;
+ }
+! l = 0;
+! break;
+! }
+! if (b == 0 && clen == 0)
+! break;
+
+! if (l)
+! *r++ = '\\';
+!
+! if (clen == 1)
+! *r++ = c;
+! else
+! {
+! for (b = 0; b < (int)clen; b++)
+! *r++ = (unsigned char)s[b];
+! s += clen - 1; /* -1 because of the increment above */
+ }
+ }
+
+ *r++ = '\'';
+ *r = '\0';
+--- 265,304 ----
+ default:
+ #if defined (HANDLE_MULTIBYTE)
+! if ((locale_utf8locale && (c & 0x80)) ||
+! (locale_utf8locale == 0 && locale_mb_cur_max > 1 && is_basic (c)
== 0))
+ {
+! clen = mbrtowc (&wc, s, locale_mb_cur_max, &state);
+! if (MB_NULLWCH (clen))
+! goto quote_end;
+! if (MB_INVALIDCH (clen))
+! INITIALIZE_MBSTATE;
+! else if (iswprint (wc))
+! {
+! for (b = 0; b < (int)clen; b++)
+! *r++ = (unsigned char)s[b];
+! s += clen - 1; /* -1 because of the increment above */
+! continue;
+! }
+ }
+! else
+! #endif
+! if (ISPRINT (c))
+! {
+! *r++ = c;
+! continue;
+! }
+
+! *r++ = '\\';
+! *r++ = TOCHAR ((c >> 6) & 07);
+! *r++ = TOCHAR ((c >> 3) & 07);
+! *r++ = TOCHAR (c & 07);
+! continue;
+ }
++
++ *r++ = '\\';
++ *r++ = c;
+ }
+
++ quote_end:
+ *r++ = '\'';
+ *r = '\0';
+***************
+*** 349,353 ****
+ {
+ #if defined (HANDLE_MULTIBYTE)
+! if (is_basic (c) == 0)
+ return (ansic_wshouldquote (s));
+ #endif
+--- 350,355 ----
+ {
+ #if defined (HANDLE_MULTIBYTE)
+! if ((locale_utf8locale && (c & 0x80)) ||
+! (locale_utf8locale == 0 && locale_mb_cur_max > 1 && is_basic (c) ==
0))
+ return (ansic_wshouldquote (s));
+ #endif
+
+*** ../bash-5.3/patchlevel.h 2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h 2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 7
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 8
+
+ #endif /* _PATCHLEVEL_H_ */
--
2.52.0
