!176 sync patches from bash community

From: @Linux_zhang2024 
Reviewed-by: @jiayi0118 
Signed-off-by: @jiayi0118

backport-fix-issue-with-failed-history-expansion-changing-the.patch

@@ -0,0 +1,29 @@
+From 5114e17172276cf5a2f889f8037ae58c4cb05bb9 Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Mon, 30 Dec 2024 10:45:14 -0500
+Subject: [PATCH] fix issue with failed history expansion changing the history
+list offset; fix some tests to avoid problems with error messages that differ
+between systems; fix issue with readline rl_abort not clearing any pending
+command to execute
+
+Conflict:only the modified content of lib/readline/util.c is rounded.
+
+---
+ lib/readline/util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/readline/util.c b/lib/readline/util.c
+index 1576b55..e869ed1 100644
+--- a/lib/readline/util.c
++++ b/lib/readline/util.c
+@@ -111,6 +111,7 @@ _rl_abort_internal (void)
+   RL_UNSETSTATE (RL_STATE_MULTIKEY);	/* XXX */
+ 
+   rl_last_func = (rl_command_func_t *)NULL;
++  _rl_command_to_execute = 0;
+ 
+   _rl_longjmp (_rl_top_level, 1);
+   return (0);
+-- 
+2.33.0
+

backport-posix-change-for-undoing-redirections-after-failed-e.patch

@@ -0,0 +1,142 @@
+From 0390b4354a9e5df517ef2d4f9d78a099063b22b4 Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Tue, 28 Jan 2025 10:15:16 -0500
+Subject: [PATCH] posix change for undoing redirections after failed exec;
+ change readline to set lines and columns after SIGTSTP/SIGCONT
+
+Conflict:only the modified content of builtins/exec.def and execute_cmd.c is rounded.
+
+---
+ builtins/exec.def | 11 +++++-----
+ execute_cmd.c     | 56 +++++++++++++++++++++++++++++++----------------
+ 2 files changed, 43 insertions(+), 24 deletions(-)
+
+diff --git a/builtins/exec.def b/builtins/exec.def
+index cbcb641..ee4921f 100644
+--- a/builtins/exec.def
++++ b/builtins/exec.def
+@@ -129,12 +129,13 @@ exec_builtin (list)
+     }
+   list = loptend;
+ 
+-  /* First, let the redirections remain. */
+-  dispose_redirects (redirection_undo_list);
+-  redirection_undo_list = (REDIRECT *)NULL;
+-
++  /* First, let the redirections remain if exec is called without operands */
+   if (list == 0)
+-    return (EXECUTION_SUCCESS);
++    {
++      dispose_redirects (redirection_undo_list);
++      redirection_undo_list = (REDIRECT *)NULL;
++      return (EXECUTION_SUCCESS);
++    }
+ 
+ #if defined (RESTRICTED_SHELL)
+   if (restricted)
+diff --git a/execute_cmd.c b/execute_cmd.c
+index 9adb9cb..82ad27d 100644
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -5292,7 +5292,7 @@ execute_builtin_or_function (words, builtin, var, redirects,
+      struct fd_bitmap *fds_to_close;
+      int flags;
+ {
+-  int result;
++  int result, has_exec_redirects;
+   REDIRECT *saved_undo_list;
+ #if defined (PROCESS_SUBSTITUTION)
+   int ofifo, nfifo, osize;
+@@ -5319,17 +5319,25 @@ execute_builtin_or_function (words, builtin, var, redirects,
+       return (EX_REDIRFAIL);	/* was EXECUTION_FAILURE */
+     }
+ 
++  /* Is this the exec builtin with redirections? We want to undo them and
++     throw away the exec_redirection_undo_list if exec has a program name
++     argument, fails to execute it, and does not exit the shell */
++  has_exec_redirects = (builtin == exec_builtin) && redirection_undo_list;
++
+   saved_undo_list = redirection_undo_list;
+ 
+   /* Calling the "exec" builtin changes redirections forever. */
+   if (builtin == exec_builtin)
+     {
+-      dispose_redirects (saved_undo_list);
++      /* let exec_builtin handle disposing redirection_undo_list */
+       saved_undo_list = exec_redirection_undo_list;
+       exec_redirection_undo_list = (REDIRECT *)NULL;
+     }
+   else
+-    dispose_exec_redirects ();
++    {
++      dispose_exec_redirects ();
++      redirection_undo_list = (REDIRECT *)NULL;
++    }
+ 
+   if (saved_undo_list)
+     {
+@@ -5337,8 +5345,6 @@ execute_builtin_or_function (words, builtin, var, redirects,
+       add_unwind_protect (cleanup_redirects, (char *)saved_undo_list);
+     }
+ 
+-  redirection_undo_list = (REDIRECT *)NULL;
+-
+   if (builtin)
+     result = execute_builtin (builtin, words, flags, 0);
+   else
+@@ -5350,26 +5356,38 @@ execute_builtin_or_function (words, builtin, var, redirects,
+   if (ferror (stdout))
+     clearerr (stdout);  
+ 
+-  /* If we are executing the `command' builtin, but this_shell_builtin is
+-     set to `exec_builtin', we know that we have something like
+-     `command exec [redirection]', since otherwise `exec' would have
+-     overwritten the shell and we wouldn't get here.  In this case, we
+-     want to behave as if the `command' builtin had not been specified
+-     and preserve the redirections. */
+-  if (builtin == command_builtin && this_shell_builtin == exec_builtin)
++  if (has_exec_redirects && redirection_undo_list)
+     {
+-      int discard;
+-
+-      discard = 0;
++      /* We have returned from the exec builtin. If redirection_undo_list is
++	 still non-null, we had an operand and failed to exit the shell for
++	 some reason. We want to dispose of saved_undo_list, discard the frame,
++	 and let the redirections be undone as usual. If redirection_undo_list
++	 is NULL, then exec_builtin had no program name operand and disposed
++	 of it. In that case, we should perform the redirections in
++	 exec_redirection_undo_list (saved_undo_list) like usual. */
++      if (saved_undo_list)
++        {
++	  dispose_redirects (saved_undo_list);	/* exec_redirection_undo_list */
++	  discard_unwind_frame ("saved-redirects");
++        }
++      saved_undo_list = exec_redirection_undo_list = (REDIRECT *)NULL;      
++    }
++  /* This code is no longer executed and remains only for explanatory reasons. */
++  else if (builtin == command_builtin && this_shell_builtin == exec_builtin)
++    {
++      /* If we are executing the `command' builtin, but this_shell_builtin is
++	 set to `exec_builtin', we know that we have something like
++	 `command exec [redirection]', since otherwise `exec' would have
++	 overwritten the shell and we wouldn't get here. In this case, we
++	 want to behave as if the `command' builtin had not been specified
++	 and preserve the redirections. */
+       if (saved_undo_list)
+ 	{
+-	  dispose_redirects (saved_undo_list);
+-	  discard = 1;
++	  dispose_redirects (saved_undo_list);	/* redirection_undo_list */
++	  discard_unwind_frame ("saved-redirects");
+ 	}
+       redirection_undo_list = exec_redirection_undo_list;
+       saved_undo_list = exec_redirection_undo_list = (REDIRECT *)NULL;      
+-      if (discard)
+-	discard_unwind_frame ("saved-redirects");
+     }
+ 
+   if (saved_undo_list)
+-- 
+2.33.0
+

bash.spec

@@ -1,6 +1,8 @@
+%define enable_safecheck 1
+
 Name:     bash
 Version:  5.2.15
-Release:  10
+Release:  15
 Summary:  It is the Bourne Again Shell
 License:  GPLv3
 URL:      https://www.gnu.org/software/bash
@@ -34,8 +36,12 @@ Patch6006: backport-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch
 Patch6007: backport-renamed-several-functions-beginning-with-legal_-chan.patch
 Patch6008: backport-fix-for-cd-when-curent-directory-doesn-t-exist-fix-w.patch
 Patch6009: Fix-for-a-crash-if-one-of-the-expressions-in-an-arit.patch
+Patch6010: backport-posix-change-for-undoing-redirections-after-failed-e.patch
+Patch6011: backport-fix-issue-with-failed-history-expansion-changing-the.patch
 
+%if %{enable_safecheck}
 Patch9000: only-scripts-verified-by-execveat-are-allowed-to-run.patch
+%endif
 
 BuildRequires: gcc bison texinfo autoconf ncurses-devel
 # Required for bash tests
@@ -164,6 +170,22 @@ make check
 %exclude %{_infodir}/dir
 
 %changelog
+* Mon Mar 31 2025 Linux_zhang <zhangruifang@h-partners.com> - 5.2.15-15
+- sync patches from bash community
+
+* Fri Nov 22 2024 wangyuhang <wangyuhang27@huawei.com> - 5.2.15-14
+- del doesn't exist PATH dirs in bashrc
+
+* Wed Nov 20 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-13
+- remove the log message for failing to open cmdline,
+  and ensure that the mayexec function does not modify the value of errno.
+
+* Wed Nov 20 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-12
+- remove function: only scripts verified by execveat are allowed to run
+
+* Fri Nov 15 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-11
+- the mayexec function no longer checks cmdline each time that verifies whether a script are allowed to run
+
 * Fri Nov 15 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-10
 - only scripts verified by execveat are allowed to run
 

dot-bashrc

@@ -2,5 +2,4 @@
 [ -f /etc/bashrc ] && . /etc/bashrc
 
 # User environment PATH
-PATH="$HOME/.local/bin:$HOME/bin:$PATH"
 export PATH

only-scripts-verified-by-execveat-are-allowed-to-run.patch

@@ -4,13 +4,13 @@ Date: Fri, 15 Nov 2024 15:52:35 +0800
 Subject: [PATCH] only scripts verified by execveat are allowed to run
 
 ---
- builtins/common.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
+ builtins/common.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++
  builtins/common.h |  7 +++++++
  shell.c           |  4 ++++
- 3 files changed, 58 insertions(+)
+ 3 files changed, 60 insertions(+)
 
 diff --git a/builtins/common.c b/builtins/common.c
-index 19b00c4..ba89d6e 100644
+index 19b00c4..5205fe4 100644
 --- a/builtins/common.c
 +++ b/builtins/common.c
 @@ -34,6 +34,7 @@
@@ -21,7 +21,7 @@ index 19b00c4..ba89d6e 100644
  
  #if defined (PREFER_STDARG)
  #  include <stdarg.h>
-@@ -1129,3 +1130,49 @@ set_expand_once (nval, uwp)
+@@ -1129,3 +1130,51 @@ set_expand_once (nval, uwp)
    return oa;
  }
  #endif
@@ -31,17 +31,21 @@ index 19b00c4..ba89d6e 100644
 +     const char *filename;
 +     int fd;
 +{
++    static int exec_check = -1;
 +    int ret = 0;
++    int saved_errno = errno;
 +
-+    if (!proc_cmdline_get("exec_check.bash", "1"))
-+        return 0;
++    if (exec_check == -1)
++        exec_check = proc_cmdline_get("exec_check.bash", "1");
 +
-+    ret = execveat(fd, "", NULL, NULL, AT_CHECK | AT_EMPTY_PATH);
++    if (exec_check) {
++        ret = execveat(fd, "", NULL, NULL, AT_CHECK | AT_EMPTY_PATH);
 +    
-+    if (ret < 0) {
-+        builtin_error (_("[%d] denied sourcing non-executable %s"), getpid(), filename);
++        if (ret < 0)
++            builtin_error (_("[%d] denied sourcing non-executable %s"), getpid(), filename);
 +    }
 +
++    errno = saved_errno;
 +    return ret;
 +}
 +
@@ -56,14 +60,12 @@ index 19b00c4..ba89d6e 100644
 +
 +    file = fopen("/proc/cmdline", "r");
 +    if (!file) {
-+        perror("Error opening /proc/cmdline");
 +        return 0;
 +    }
 +
 +    if (getline(&line, &len, file) != -1) {
-+        if (strstr(line, search_string)) {
++        if (strstr(line, search_string))
 +            ret = 1;
-+        }
 +    }
 +
 +    free(line);