1. 15 Apr, 2019 40 commits
    • Matthias Klose's avatar
      Import Debian changes 5.0-3 · 6a014605
      Matthias Klose authored
      bash (5.0-3) unstable; urgency=medium
      
        * Apply upstream patch 003.
        * Fix clear_console locking up video when X is running and logging out
          from a plain text console. Closes: #810660. LP: #1822184.
      6a014605
    • Matthias Klose's avatar
      Import Debian changes 5.0-2 · cd76870d
      Matthias Klose authored
      bash (5.0-2) unstable; urgency=medium
      
        * Apply upstream patches 001 and 002. Closes: #919439.
        * Merge back the 4.4.18-3.1 upload. Closes: #889757.
      cd76870d
    • Matthias Klose's avatar
      Import Debian changes 5.0-1 · 9c611534
      Matthias Klose authored
      bash (5.0-1) unstable; urgency=medium
      
        * New upstream release.
      9c611534
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 5.0 · 2c296e46
      Daniel Kahn Gillmor authored
      2c296e46
    • Matthias Klose's avatar
      Import Debian changes 5.0~beta2-1 · 8e30724e
      Matthias Klose authored
      bash (5.0~beta2-1) experimental; urgency=medium
      
        * New upstream beta release.
      8e30724e
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 5.0~beta2 · fd562d4d
      Daniel Kahn Gillmor authored
      fd562d4d
    • Matthias Klose's avatar
      Import Debian changes 5.0~beta1-1 · bef55c60
      Matthias Klose authored
      bash (5.0~beta1-1) experimental; urgency=medium
      
        * New upstream beta release.
      bef55c60
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 5.0~beta1 · 1be00775
      Daniel Kahn Gillmor authored
      1be00775
    • Matthias Klose's avatar
      Import Debian changes 5.0~alpha1-1 · d1a3d36f
      Matthias Klose authored
      bash (5.0~alpha1-1) experimental; urgency=medium
      
        * New upstream alpha release.
      d1a3d36f
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 5.0~alpha1 · 9bb82638
      Daniel Kahn Gillmor authored
      9bb82638
    • Helmut Grohne's avatar
      Import Debian changes 4.4.18-3.1 · 69c3d2e4
      Helmut Grohne authored
      bash (4.4.18-3.1) unstable; urgency=medium
      
        * Non-maintainer upload.
        * Move man2html dependency to B-D-I and use the thinner -base variant.
          Closes: #889757.
      69c3d2e4
    • Matthias Klose's avatar
      Import Debian changes 4.4.18-3 · 17609a61
      Matthias Klose authored
      bash (4.4.18-3) unstable; urgency=medium
      
        * Apply upstream patches 020 - 023. Fixing:
          - In circumstances involving long-running scripts that create and reap many
            processes, it is possible for the hash table bash uses to store exit
            statuses from asynchronous processes to develop loops. This patch fixes
            the loop causes and adds code to detect any future loops.
          - A SIGINT received inside a SIGINT trap handler can possibly cause the
            shell to loop.
          - There are cases where a failing readline command (e.g., delete-char at
            the end of a line) can cause a multi-character key sequence to `back up'
            and attempt to re-read some of the characters in the sequence.
          - When sourcing a file from an interactive shell, setting the SIGINT handler
            to the default and typing ^C will cause the shell to exit.
      17609a61
    • Matthias Klose's avatar
      Import Debian changes 4.4.18-2 · df499936
      Matthias Klose authored
      bash (4.4.18-2) unstable; urgency=medium
      
        * Revert the changes from the last upload.
        * Configure the normal build --without-bash-malloc as well.
          See http://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg04700.html
          for the qemu fix.  Closes: #865599. LP: #1751011.
        * Apply upstream patch 019.
      df499936
    • Raphaël Hertzog's avatar
      Import Debian changes 4.4.18-1.1 · 3e27594a
      Raphaël Hertzog authored
      bash (4.4.18-1.1) unstable; urgency=high
      
        * Non-maintainer upload.
        * Build again with -no-pie as dropping it broke bash when run under
          qemu-user (with the same symptoms as #842037). Closes: #889869
          Re-opens: #865599
      3e27594a
    • Matthias Klose's avatar
      Import Debian changes 4.4.18-1 · d8797dfc
      Matthias Klose authored
      bash (4.4.18-1) unstable; urgency=medium
      
        * bash 4.4.18 release (bash 4.4 patchlevel 18).
        * bash: Remove dependency on dash. Closes: #537913.
        * Update config.guess and config.sub. Closes: #882474.
        * skel.profile: Add $HOME/.local/bin if it exists. Closes: #839155.
        * Stop building with -no-pie. Closes: #865599, #859263.
        * /etc/bash.bashrc: Don't overwrite PS1 if SUDO_PS1 is set. Closes: #789811.
        * Make the build reproducible. Closes: #806945.
          - Use the system provided man2html to generate the htm docs.
          - Set PGRP_PIPE unconditionally on Linux.
        * Fix typo in German help (Carsten Leonhardt). Closes: #831282.
      d8797dfc
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 4.4.18 · fde96eec
      Daniel Kahn Gillmor authored
      fde96eec
    • Matthias Klose's avatar
      Import Debian changes 4.4-5 · 8f6d60a4
      Matthias Klose authored
      bash (4.4-5) unstable; urgency=medium
      
        * Apply upstream patch 012.
      8f6d60a4
    • Matthias Klose's avatar
      Import Debian changes 4.4-4 · 85094780
      Matthias Klose authored
      bash (4.4-4) unstable; urgency=medium
      
        * Apply upstream patches 008 - 011.
      85094780
    • Matthias Klose's avatar
      Import Debian changes 4.4-3 · 7bb2c1fd
      Matthias Klose authored
      bash (4.4-3) unstable; urgency=medium
      
        * Apply upstream patches 006 - 007.
        * clear_console: Securely erase the current console. Closes: #845177.
        * Mark locales and time build dependencies with <!nocheck>.
          Closes: #838201.
        * Don't configure with --with-curses. Closes: #794588.
      7bb2c1fd
    • Matthias Klose's avatar
      Import Debian changes 4.4-2 · f7ec8da3
      Matthias Klose authored
      bash (4.4-2) unstable; urgency=medium
      
        * Apply upstream patches 001 - 005.
          - Closes: #844299, LP: #1641832.
        * Don't build with PIE. Closes: #842037.
      f7ec8da3
    • Matthias Klose's avatar
      Import Debian changes 4.4-1 · 352a49dc
      Matthias Klose authored
      bash (4.4-1) unstable; urgency=medium
      
        * Bash 4.4 release.
      352a49dc
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 4.4 · 07eea183
      Daniel Kahn Gillmor authored
      07eea183
    • Matthias Klose's avatar
      Import Debian changes 4.4~rc2-1 · c3ac87e0
      Matthias Klose authored
      bash (4.4~rc2-1) experimental; urgency=medium
      
        * Bash 4.4 release candidate 2.
      c3ac87e0
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 4.4~rc2 · 7740e960
      Daniel Kahn Gillmor authored
      7740e960
    • Matthias Klose's avatar
      Import Debian changes 4.4~rc1+b2-1 · 57ac572b
      Matthias Klose authored
      bash (4.4~rc1+b2-1) experimental; urgency=medium
      
        * New upstream tarball, called "4.4 beta2".
      57ac572b
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 4.4~rc1+b2 · d600ac11
      Daniel Kahn Gillmor authored
      d600ac11
    • Matthias Klose's avatar
      Import Debian changes 4.4~rc1-1 · 6a4679f8
      Matthias Klose authored
      bash (4.4~rc1-1) experimental; urgency=medium
      
        * Bash 4.4 release candidate 1.
      
      bash (4.4~beta-1) experimental; urgency=medium
      
        * Bash 4.4 beta release.
      6a4679f8
    • Daniel Kahn Gillmor's avatar
      Import Upstream version 4.4~rc1 · c19e47e8
      Daniel Kahn Gillmor authored
      c19e47e8
    • Matthias Klose's avatar
      Import Debian changes 4.3-15 · be1c0807
      Matthias Klose authored
      bash (4.3-15) unstable; urgency=medium
      
        * Apply upstream patches 043 - 046. Fixes:
          - When the lastpipe option is enabled, the last component can contain
            nested pipelines and cause a segmentation fault under
            certain circumestances.
          - A typo prevents the `compat42' shopt option from working as intended.
          - If a file open attempted as part of a redirection fails because it is
            interrupted by a signal, the shell needs to process any pending traps
            to allow the redirection to be canceled.
          - An incorrect conversion from an indexed to associative array can result
            in a core dump.
        * Add $HOME/.local/bin to PATH, and add the user's home directories
          unconditionally to the path, so that they are available without
          a new login. Closes: #820856, LP: #1588562.
      be1c0807
    • Matthias Klose's avatar
      Import Debian changes 4.3-14 · 42aed40b
      Matthias Klose authored
      bash (4.3-14) unstable; urgency=medium
      
        * Apply upstream patches 040 - 042.
      42aed40b
    • Matthias Klose's avatar
      Import Debian changes 4.3-13 · 5680c766
      Matthias Klose authored
      bash (4.3-13) unstable; urgency=medium
      
        * Apply upstream patches 034 - 039.
        * Disallow setuid scripts if not called as `sh' and not called with
          the -p option. Closes: #720545, #734866.
      5680c766
    • Matthias Klose's avatar
      Import Debian changes 4.3-12 · e17f75c7
      Matthias Klose authored
      bash (4.3-12) unstable; urgency=medium
      
        * Apply upstream patches 031 - 033.
        * Add a Built-Using attribute for bash-static. Closes: #769342.
        * Move definition of the macro "FN" out of the region of the "ig"
          macro.  Define macros and registers "zZ" and "zY". Closes: #774597.
        * Also set color prompt for *-256color terminals. Closes: #766443.
      e17f75c7
    • Emilio Pozuelo Monfort's avatar
      Import Debian changes 4.3-11+deb8u2 · de4df3fc
      Emilio Pozuelo Monfort authored
      bash (4.3-11+deb8u2) jessie-security; urgency=medium
      
        * Non-maintainer upload by the LTS Team.
        * CVE-2019-9924: restrict BASH_CMDS when in restricted mode.
        * CVE-2016-9401: fix crash in popd with out of range nevative offsets.
      de4df3fc
    • Salvatore Bonaccorso's avatar
      Import Debian changes 4.3-11+deb8u1 · 8de3b6bb
      Salvatore Bonaccorso authored
      bash (4.3-11+deb8u1) jessie; urgency=medium
      
        * Non-maintainer upload.
        * CVE-2016-0634: Arbitrary code execution via malicious hostname
        * CVE-2016-7543: Specially crafted SHELLOPTS+PS4 variables allows command
          substitution
      8de3b6bb
    • Matthias Klose's avatar
      Import Debian changes 4.3-11 · a43dae51
      Matthias Klose authored
      bash (4.3-11) unstable; urgency=medium
      
        * Apply upstream patches 028 - 030.
        * Remove the parser-oob patch.
      a43dae51
    • Matthias Klose's avatar
      Import Debian changes 4.3-10 · f09a665c
      Matthias Klose authored
      bash (4.3-10) unstable; urgency=medium
      
        * Apply upstream patches 026 and 027.
        * Remove patches CVE-2014-6271 and variables-affix.
      f09a665c
    • Thijs Kinkhorst's avatar
      Import Debian changes 4.3-9.2 · 93f5a8b8
      Thijs Kinkhorst authored
      bash (4.3-9.2) unstable; urgency=high
      
        * Non-maintainer upload by the Security Team.
        * Add variables-affix.patch patch.
          Apply patch from Florian Weimer to add prefix and suffix for environment
          variable names which contain shell functions.
        * Add parser-oob.patch patch.
          Fixes two out-of-bound array accesses in the bash parser.
      93f5a8b8
    • Florian Weimer's avatar
      Import Debian changes 4.3-9.1 · 18aa8561
      Florian Weimer authored
      bash (4.3-9.1) unstable; urgency=high
      
        * Non-maintainer upload by the security team
        * Apply upstream patch bash43-025, fixing CVE-2014-6271.
      18aa8561
    • Matthias Klose's avatar
      Import Debian changes 4.3-9 · 52c7b931
      Matthias Klose authored
      bash (4.3-9) unstable; urgency=medium
      
        * Apply upstream patches 023 - 024, fixing the issues:
          - bash does not correctly parse process substitution constructs that
            contain unbalanced parentheses as part of the contained command.
          - Indirect variable references do not work correctly if the reference
            variable expands to an array reference using a subscript other than 0
            (e.g., foo='bar[1]' ; echo ${!foo}).
        * debian/skel.bashrc: Add GCC_COLORS setting (disabled by default).
      52c7b931
    • Matthias Klose's avatar
      Import Debian changes 4.3-8 · 27ba7b55
      Matthias Klose authored
      bash (4.3-8) unstable; urgency=medium
      
        * Apply upstream patches 012 - 022, fixing the issues:
          - When a SIGCHLD trap runs a command containing a shell builtin while a
            script is running `wait' to wait for all running children to complete,
            the SIGCHLD trap will not be run once for each child that terminates.
          - Using reverse-i-search when horizontal scrolling is enabled does not
            redisplay the entire line containing the successful search results.
          - Under certain circumstances, $@ is expanded incorrectly in contexts
            where word splitting is not performed.
          - When completing directory names, the directory name is dequoted twice.
            This causes problems for directories with single and double quotes in
            their names.
          - An extended glob pattern containing a slash (`/') causes the globbing
            code to misinterpret it as a directory separator.
          - The code that creates local variables should not clear the `invisible'
            attribute when returning an existing local variable.  Let the code that
            actually assigns a value clear it.
          - When assigning an array variable using the compound assignment syntax,
            but using `declare' with the rhs of the compound assignment quoted, the
            shell did not mark the variable as visible after successfully performing
            the assignment.
          - The -t timeout option to `read' does not work when the -e option is used.
            LP: #1317476.
          - When PS2 contains a command substitution, here-documents entered in an
            interactive shell can sometimes cause a segmentation fault.
          - When the readline `revert-all-at-newline' option is set, pressing newline
            when the current line is one retrieved from history results in a double
            free and a segmentation fault. Closes: #747341.
          - Using nested pipelines within loops with the `lastpipe' option set can
            result in a segmentation fault.
        * Fix typo in package description. Closes: #707810.
      27ba7b55