5 changed files with 14 additions and 208 deletions
--- a/backport-fix-issue-with-failed-history-expansion-changing-the.patch
+++ b/backport-fix-issue-with-failed-history-expansion-changing-the.patch
@ -1,29 +0,0 @@
-From 5114e17172276cf5a2f889f8037ae58c4cb05bb9 Mon Sep 17 00:00:00 2001
-From: Chet Ramey <chet.ramey@case.edu>
-Date: Mon, 30 Dec 2024 10:45:14 -0500
-Subject: [PATCH] fix issue with failed history expansion changing the history
-list offset; fix some tests to avoid problems with error messages that differ
-between systems; fix issue with readline rl_abort not clearing any pending
-command to execute
-
-Conflict:only the modified content of lib/readline/util.c is rounded.
-
---
- lib/readline/util.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/readline/util.c b/lib/readline/util.c
-index 1576b55..e869ed1 100644
--- a/lib/readline/util.c
-+++ b/lib/readline/util.c
-@@ -111,6 +111,7 @@ _rl_abort_internal (void)
-   RL_UNSETSTATE (RL_STATE_MULTIKEY);	/* XXX */
- 
-   rl_last_func = (rl_command_func_t *)NULL;
-+  _rl_command_to_execute = 0;
- 
-   _rl_longjmp (_rl_top_level, 1);
-   return (0);
-- 
-2.33.0
-
--- a/backport-posix-change-for-undoing-redirections-after-failed-e.patch
+++ b/backport-posix-change-for-undoing-redirections-after-failed-e.patch
@ -1,142 +0,0 @@
-From 0390b4354a9e5df517ef2d4f9d78a099063b22b4 Mon Sep 17 00:00:00 2001
-From: Chet Ramey <chet.ramey@case.edu>
-Date: Tue, 28 Jan 2025 10:15:16 -0500
-Subject: [PATCH] posix change for undoing redirections after failed exec;
- change readline to set lines and columns after SIGTSTP/SIGCONT
-
-Conflict:only the modified content of builtins/exec.def and execute_cmd.c is rounded.
-
---
- builtins/exec.def | 11 +++++-----
- execute_cmd.c     | 56 +++++++++++++++++++++++++++++++----------------
- 2 files changed, 43 insertions(+), 24 deletions(-)
-
-diff --git a/builtins/exec.def b/builtins/exec.def
-index cbcb641..ee4921f 100644
--- a/builtins/exec.def
-+++ b/builtins/exec.def
-@@ -129,12 +129,13 @@ exec_builtin (list)
-     }
-   list = loptend;
- 
-  /* First, let the redirections remain. */
-  dispose_redirects (redirection_undo_list);
-  redirection_undo_list = (REDIRECT *)NULL;
-
-+  /* First, let the redirections remain if exec is called without operands */
-   if (list == 0)
-    return (EXECUTION_SUCCESS);
-+    {
-+      dispose_redirects (redirection_undo_list);
-+      redirection_undo_list = (REDIRECT *)NULL;
-+      return (EXECUTION_SUCCESS);
-+    }
- 
- #if defined (RESTRICTED_SHELL)
-   if (restricted)
-diff --git a/execute_cmd.c b/execute_cmd.c
-index 9adb9cb..82ad27d 100644
--- a/execute_cmd.c
-+++ b/execute_cmd.c
-@@ -5292,7 +5292,7 @@ execute_builtin_or_function (words, builtin, var, redirects,
-      struct fd_bitmap *fds_to_close;
-      int flags;
- {
-  int result;
-+  int result, has_exec_redirects;
-   REDIRECT *saved_undo_list;
- #if defined (PROCESS_SUBSTITUTION)
-   int ofifo, nfifo, osize;
-@@ -5319,17 +5319,25 @@ execute_builtin_or_function (words, builtin, var, redirects,
-       return (EX_REDIRFAIL);	/* was EXECUTION_FAILURE */
-     }
- 
-+  /* Is this the exec builtin with redirections? We want to undo them and
-+     throw away the exec_redirection_undo_list if exec has a program name
-+     argument, fails to execute it, and does not exit the shell */
-+  has_exec_redirects = (builtin == exec_builtin) && redirection_undo_list;
-+
-   saved_undo_list = redirection_undo_list;
- 
-   /* Calling the "exec" builtin changes redirections forever. */
-   if (builtin == exec_builtin)
-     {
-      dispose_redirects (saved_undo_list);
-+      /* let exec_builtin handle disposing redirection_undo_list */
-       saved_undo_list = exec_redirection_undo_list;
-       exec_redirection_undo_list = (REDIRECT *)NULL;
-     }
-   else
-    dispose_exec_redirects ();
-+    {
-+      dispose_exec_redirects ();
-+      redirection_undo_list = (REDIRECT *)NULL;
-+    }
- 
-   if (saved_undo_list)
-     {
-@@ -5337,8 +5345,6 @@ execute_builtin_or_function (words, builtin, var, redirects,
-       add_unwind_protect (cleanup_redirects, (char *)saved_undo_list);
-     }
- 
-  redirection_undo_list = (REDIRECT *)NULL;
-
-   if (builtin)
-     result = execute_builtin (builtin, words, flags, 0);
-   else
-@@ -5350,26 +5356,38 @@ execute_builtin_or_function (words, builtin, var, redirects,
-   if (ferror (stdout))
-     clearerr (stdout);  
- 
-  /* If we are executing the `command' builtin, but this_shell_builtin is
-     set to `exec_builtin', we know that we have something like
-     `command exec [redirection]', since otherwise `exec' would have
-     overwritten the shell and we wouldn't get here.  In this case, we
-     want to behave as if the `command' builtin had not been specified
-     and preserve the redirections. */
-  if (builtin == command_builtin && this_shell_builtin == exec_builtin)
-+  if (has_exec_redirects && redirection_undo_list)
-     {
-      int discard;
-
-      discard = 0;
-+      /* We have returned from the exec builtin. If redirection_undo_list is
-+	 still non-null, we had an operand and failed to exit the shell for
-+	 some reason. We want to dispose of saved_undo_list, discard the frame,
-+	 and let the redirections be undone as usual. If redirection_undo_list
-+	 is NULL, then exec_builtin had no program name operand and disposed
-+	 of it. In that case, we should perform the redirections in
-+	 exec_redirection_undo_list (saved_undo_list) like usual. */
-+      if (saved_undo_list)
-+        {
-+	  dispose_redirects (saved_undo_list);	/* exec_redirection_undo_list */
-+	  discard_unwind_frame ("saved-redirects");
-+        }
-+      saved_undo_list = exec_redirection_undo_list = (REDIRECT *)NULL;      
-+    }
-+  /* This code is no longer executed and remains only for explanatory reasons. */
-+  else if (builtin == command_builtin && this_shell_builtin == exec_builtin)
-+    {
-+      /* If we are executing the `command' builtin, but this_shell_builtin is
-+	 set to `exec_builtin', we know that we have something like
-+	 `command exec [redirection]', since otherwise `exec' would have
-+	 overwritten the shell and we wouldn't get here. In this case, we
-+	 want to behave as if the `command' builtin had not been specified
-+	 and preserve the redirections. */
-       if (saved_undo_list)
- 	{
-	  dispose_redirects (saved_undo_list);
-	  discard = 1;
-+	  dispose_redirects (saved_undo_list);	/* redirection_undo_list */
-+	  discard_unwind_frame ("saved-redirects");
- 	}
-       redirection_undo_list = exec_redirection_undo_list;
-       saved_undo_list = exec_redirection_undo_list = (REDIRECT *)NULL;      
-      if (discard)
-	discard_unwind_frame ("saved-redirects");
-     }
- 
-   if (saved_undo_list)
-- 
-2.33.0
-
--- a/bash.spec
+++ b/bash.spec
@ -1,8 +1,6 @@
-%define enable_safecheck 1
-
 Name:     bash
 Version:  5.2.15
-Release:  15
+Release:  10
 Summary:  It is the Bourne Again Shell
 License:  GPLv3
 URL:      https://www.gnu.org/software/bash
@ -36,12 +34,8 @@ Patch6006: backport-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch
 Patch6007: backport-renamed-several-functions-beginning-with-legal_-chan.patch
 Patch6008: backport-fix-for-cd-when-curent-directory-doesn-t-exist-fix-w.patch
 Patch6009: Fix-for-a-crash-if-one-of-the-expressions-in-an-arit.patch
-Patch6010: backport-posix-change-for-undoing-redirections-after-failed-e.patch
-Patch6011: backport-fix-issue-with-failed-history-expansion-changing-the.patch

-%if %{enable_safecheck}
 Patch9000: only-scripts-verified-by-execveat-are-allowed-to-run.patch
-%endif

 BuildRequires: gcc bison texinfo autoconf ncurses-devel
 # Required for bash tests
@ -170,22 +164,6 @@ make check
 %exclude %{_infodir}/dir

 %changelog
-* Mon Mar 31 2025 Linux_zhang <zhangruifang@h-partners.com> - 5.2.15-15
- sync patches from bash community
-
-* Fri Nov 22 2024 wangyuhang <wangyuhang27@huawei.com> - 5.2.15-14
- del doesn't exist PATH dirs in bashrc
-
-* Wed Nov 20 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-13
- remove the log message for failing to open cmdline,
-  and ensure that the mayexec function does not modify the value of errno.
-
-* Wed Nov 20 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-12
- remove function: only scripts verified by execveat are allowed to run
-
-* Fri Nov 15 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-11
- the mayexec function no longer checks cmdline each time that verifies whether a script are allowed to run
-
 * Fri Nov 15 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-10
 - only scripts verified by execveat are allowed to run

--- a/1
+++ b/1
@ -2,4 +2,5 @@
 [ -f /etc/bashrc ] && . /etc/bashrc

 # User environment PATH
+PATH="$HOME/.local/bin:$HOME/bin:$PATH"
 export PATH
--- a/only-scripts-verified-by-execveat-are-allowed-to-run.patch
+++ b/only-scripts-verified-by-execveat-are-allowed-to-run.patch
@ -4,13 +4,13 @@ Date: Fri, 15 Nov 2024 15:52:35 +0800
 Subject: [PATCH] only scripts verified by execveat are allowed to run

 ---
- builtins/common.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++
+ builtins/common.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 builtins/common.h |  7 +++++++
 shell.c           |  4 ++++
- 3 files changed, 60 insertions(+)
+ 3 files changed, 58 insertions(+)

 diff --git a/builtins/common.c b/builtins/common.c
-index 19b00c4..5205fe4 100644
+index 19b00c4..ba89d6e 100644
 --- a/builtins/common.c
 +++ b/builtins/common.c
@@ -34,6 +34,7 @@
@ -21,7 +21,7 @@ index 19b00c4..5205fe4 100644
 
 #if defined (PREFER_STDARG)
 #  include <stdarg.h>
-@@ -1129,3 +1130,51 @@ set_expand_once (nval, uwp)
+@@ -1129,3 +1130,49 @@ set_expand_once (nval, uwp)
   return oa;
 }
 #endif
@ -31,21 +31,17 @@ index 19b00c4..5205fe4 100644
 +     const char *filename;
 +     int fd;
 +{
-+    static int exec_check = -1;
 +    int ret = 0;
-+    int saved_errno = errno;
 +
-+    if (exec_check == -1)
-+        exec_check = proc_cmdline_get("exec_check.bash", "1");
+    if (!proc_cmdline_get("exec_check.bash", "1"))
+        return 0;
 +
-+    if (exec_check) {
-+        ret = execveat(fd, "", NULL, NULL, AT_CHECK | AT_EMPTY_PATH);
+    ret = execveat(fd, "", NULL, NULL, AT_CHECK | AT_EMPTY_PATH);
 +    
-+        if (ret < 0)
-+            builtin_error (_("[%d] denied sourcing non-executable %s"), getpid(), filename);
+    if (ret < 0) {
+        builtin_error (_("[%d] denied sourcing non-executable %s"), getpid(), filename);
 +    }
 +
-+    errno = saved_errno;
 +    return ret;
 +}
 +
@ -60,12 +56,14 @@ index 19b00c4..5205fe4 100644
 +
 +    file = fopen("/proc/cmdline", "r");
 +    if (!file) {
+        perror("Error opening /proc/cmdline");
 +        return 0;
 +    }
 +
 +    if (getline(&line, &len, file) != -1) {
-+        if (strstr(line, search_string))
+        if (strstr(line, search_string)) {
 +            ret = 1;
+        }
 +    }
 +
 +    free(line);