Wed May 5 19:56:53 UTC 202120210505195653

a/bash-5.1.008-x86_64-1.txz:  Upgraded.
d/python-setuptools-56.1.0-x86_64-1.txz:  Upgraded.
l/libgnt-2.14.1-x86_64-1.txz:  Added.
  Thanks to Robby Workman.
l/mozjs78-78.10.1esr-x86_64-1.txz:  Upgraded.
l/python-six-1.16.0-x86_64-1.txz:  Upgraded.
l/readline-8.1.001-x86_64-1.txz:  Upgraded.
n/mutt-2.0.7-x86_64-1.txz:  Upgraded.
n/php-7.4.19-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-88.0.1-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/88.0.1/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2021-20/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29953
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29952
  (* Security fix *)
xap/mozilla-thunderbird-78.10.1-x86_64-1.txz:  Upgraded.
  This release contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/78.10.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2021-19/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29951
  (* Security fix *)
xap/pidgin-2.14.4-x86_64-2.txz:  Rebuilt.
  Recompiled against libgnt-2.14.1 to restore the finch cli app.
  Thanks to Robby Workman.
xfce/xfce4-clipman-plugin-1.6.2-x86_64-1.txz:  Upgraded.
extra/php8/php8-8.0.6-x86_64-1.txz:  Upgraded.

4 files changed, 304 insertions, 0 deletions

diff --git a/source/a/bash/bash-5.1-patches/bash51-005 b/source/a/bash/bash-5.1-patches/bash51-005
new file mode 100644
index 000000000..dee89561d
--- /dev/null
+++ b/source/a/bash/bash-5.1-patches/bash51-005
@@ -0,0 +1,100 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.1
+Patch-ID:	bash51-005
+
+Bug-Reported-by:	Alexander Mescheryakov <alexander.s.m@gmail.com>,
+			konsolebox <konsolebox@gmail.com>   
+Bug-Reference-ID:	<5ffd7f3d.1c69fb81.dee25.166c@mx.google.com>,
+			<CAJnmqwaVs7M6NBqZzcHy5c2+yHkTEg7p+o8ZWuA7sN+6N1q4CA@mail.gmail.com>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2021-01/msg00082.html,
+			https://lists.gnu.org/archive/html/bug-bash/2021-04/msg00160.html
+
+Bug-Description:
+
+Fix two memory leaks when assigning arrays using compound assignment syntax.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.1-patched/subst.c	2020-12-16 17:01:32.000000000 -0500
+--- subst.c	2021-01-24 17:48:40.000000000 -0500
+***************
+*** 11674,11677 ****
+--- 11674,11679 ----
+  
+    value = string_list (l);
++   dispose_words (l);
++ 
+    wlen = STRLEN (value);
+  
+*** ../bash-5.1-patched/arrayfunc.c	2020-12-16 17:01:32.000000000 -0500
+--- arrayfunc.c	2021-04-19 16:43:09.000000000 -0400
+***************
+*** 565,574 ****
+    WORD_LIST *list;
+    char *akey, *aval, *k, *v;
+-   int free_aval;
+  
+    for (list = nlist; list; list = list->next)
+      {
+-       free_aval = 0;
+- 
+        k = list->word->word;
+        v = list->next ? list->next->word->word : 0;
+--- 565,571 ----
+***************
+*** 578,583 ****
+  
+        akey = expand_assignment_string_to_string (k, 0);
+-       aval = expand_assignment_string_to_string (v, 0);
+- 
+        if (akey == 0 || *akey == 0)
+  	{
+--- 575,578 ----
+***************
+*** 586,599 ****
+  	  continue;
+  	}	      
+        if (aval == 0)
+  	{
+  	  aval = (char *)xmalloc (1);
+  	  aval[0] = '\0';	/* like do_assignment_internal */
+- 	  free_aval = 1;
+  	}
+  
+        bind_assoc_var_internal (var, h, akey, aval, flags);
+!       if (free_aval)
+! 	free (aval);
+      }
+  }
+--- 581,594 ----
+  	  continue;
+  	}	      
++ 
++       aval = expand_assignment_string_to_string (v, 0);
+        if (aval == 0)
+  	{
+  	  aval = (char *)xmalloc (1);
+  	  aval[0] = '\0';	/* like do_assignment_internal */
+  	}
+  
+        bind_assoc_var_internal (var, h, akey, aval, flags);
+!       free (aval);
+      }
+  }
+*** ../bash-5.1/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 4
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 5
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/source/a/bash/bash-5.1-patches/bash51-006 b/source/a/bash/bash-5.1-patches/bash51-006
new file mode 100644
index 000000000..dcabf8113
--- /dev/null
+++ b/source/a/bash/bash-5.1-patches/bash51-006
@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.1
+Patch-ID:	bash51-006
+
+Bug-Reported-by:	oguzismailuysal@gmail.com
+Bug-Reference-ID:	<CAH7i3LoY7C+pV_yG2LxwPNtAw3kiRkxmB4KcL1dTsih0u2BdKA@mail.gmail.com>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2020-12/msg00108.html
+
+Bug-Description:
+
+Make sure child processes forked to run command substitutions are in the
+proper process group.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.1-patched/subst.c	2020-12-16 17:01:32.000000000 -0500
+--- subst.c	2020-12-25 19:20:25.000000000 -0500
+***************
+*** 6413,6416 ****
+--- 6413,6423 ----
+        interactive = 0;
+  
++ #if defined (JOB_CONTROL)
++       /* Invariant: in child processes started to run command substitutions,
++ 	 pipeline_pgrp == shell_pgrp. Other parts of the shell assume this. */
++       if (pipeline_pgrp > 0 && pipeline_pgrp != shell_pgrp)
++ 	shell_pgrp = pipeline_pgrp;
++ #endif
++ 
+        set_sigint_handler ();	/* XXX */
+  
+*** ../bash-5.1/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 5
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 6
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/source/a/bash/bash-5.1-patches/bash51-007 b/source/a/bash/bash-5.1-patches/bash51-007
new file mode 100644
index 000000000..ffd04fa43
--- /dev/null
+++ b/source/a/bash/bash-5.1-patches/bash51-007
@@ -0,0 +1,95 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.1
+Patch-ID:	bash51-007
+
+Bug-Reported-by:	Tom Tromey <tom@tromey.com>
+Bug-Reference-ID:	<875z3u9fd0.fsf@tromey.com>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-readline/2021-01/msg00009.html
+
+Bug-Description:
+
+The code to check readline versions in an inputrc file had the sense of the
+comparisons reversed.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.1-patched/lib/readline/bind.c	2020-10-26 10:03:14.000000000 -0400
+--- lib/readline/bind.c	2021-01-18 16:38:48.000000000 -0500
+***************
+*** 1235,1239 ****
+    else if (_rl_strnicmp (args, "version", 7) == 0)
+      {
+!       int rlversion, versionarg, op, previ, major, minor;
+  
+        _rl_parsing_conditionalized_out = 1;
+--- 1235,1239 ----
+    else if (_rl_strnicmp (args, "version", 7) == 0)
+      {
+!       int rlversion, versionarg, op, previ, major, minor, opresult;
+  
+        _rl_parsing_conditionalized_out = 1;
+***************
+*** 1295,1316 ****
+  	{
+  	case OP_EQ:
+! 	  _rl_parsing_conditionalized_out = rlversion == versionarg;
+  	  break;
+  	case OP_NE:
+! 	  _rl_parsing_conditionalized_out = rlversion != versionarg;
+  	  break;
+  	case OP_GT:
+! 	  _rl_parsing_conditionalized_out = rlversion > versionarg;
+  	  break;
+  	case OP_GE:
+! 	  _rl_parsing_conditionalized_out = rlversion >= versionarg;
+  	  break;
+  	case OP_LT:
+! 	  _rl_parsing_conditionalized_out = rlversion < versionarg;
+  	  break;
+  	case OP_LE:
+! 	  _rl_parsing_conditionalized_out = rlversion <= versionarg;
+  	  break;
+  	}
+      }
+    /* Check to see if the first word in ARGS is the same as the
+--- 1295,1317 ----
+  	{
+  	case OP_EQ:
+!  	  opresult = rlversion == versionarg;
+  	  break;
+  	case OP_NE:
+! 	  opresult = rlversion != versionarg;
+  	  break;
+  	case OP_GT:
+! 	  opresult = rlversion > versionarg;
+  	  break;
+  	case OP_GE:
+! 	  opresult = rlversion >= versionarg;
+  	  break;
+  	case OP_LT:
+! 	  opresult = rlversion < versionarg;
+  	  break;
+  	case OP_LE:
+! 	  opresult = rlversion <= versionarg;
+  	  break;
+  	}
++       _rl_parsing_conditionalized_out = 1 - opresult;
+      }
+    /* Check to see if the first word in ARGS is the same as the
+*** ../bash-5.1/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 6
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 7
+  
+  #endif /* _PATCHLEVEL_H_ */
diff --git a/source/a/bash/bash-5.1-patches/bash51-008 b/source/a/bash/bash-5.1-patches/bash51-008
new file mode 100644
index 000000000..ece214f09
--- /dev/null
+++ b/source/a/bash/bash-5.1-patches/bash51-008
@@ -0,0 +1,61 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.1
+Patch-ID:	bash51-008
+
+Bug-Reported-by:	Michael Felt <aixtools@gmail.com>
+Bug-Reference-ID:	<b82d9a2f-5d8a-ffb2-4115-420c09272da5@felt.demon.nl>
+Bug-Reference-URL:	https://lists.gnu.org/archive/html/bug-bash/2021-03/msg00028.html
+
+Bug-Description:
+
+Process substitution FIFOs opened by child processes as targets of redirections
+were not removed appropriately, leaving remnants in the file system.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-5.1-patched/execute_cmd.c	2020-10-12 10:16:13.000000000 -0400
+--- execute_cmd.c	2021-05-04 11:12:39.000000000 -0400
+***************
+*** 5557,5565 ****
+  	  /* Try to remove named pipes that may have been created as the
+  	     result of redirections. */
+! 	  unlink_fifo_list ();
+  #endif /* PROCESS_SUBSTITUTION */
+  	  exit (EXECUTION_FAILURE);
+  	}
+  
+        if (async)
+  	interactive = old_interactive;
+--- 5557,5571 ----
+  	  /* Try to remove named pipes that may have been created as the
+  	     result of redirections. */
+! 	  unlink_all_fifos ();
+  #endif /* PROCESS_SUBSTITUTION */
+  	  exit (EXECUTION_FAILURE);
+  	}
+  
++ #if defined (PROCESS_SUBSTITUTION) && !defined (HAVE_DEV_FD)
++       /* This should only contain FIFOs created as part of redirection
++ 	 expansion. */
++       unlink_all_fifos ();
++ #endif
++ 
+        if (async)
+  	interactive = old_interactive;
+*** ../bash-5.1/patchlevel.h	2020-06-22 14:51:03.000000000 -0400
+--- patchlevel.h	2020-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 7
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 8
+  
+  #endif /* _PATCHLEVEL_H_ */