From e33aa28191566b3e858c14cdcedb14e4e9eea51e Mon Sep 17 00:00:00 2001
From: Chet Ramey <chet.ramey@case.edu>
Date: Mon, 4 May 2020 10:28:06 -0400
Subject: [PATCH] commit bash-20200501 snapshot

---
 CWRU/CWRU.chlog      | 34 ++++++++++++++++++++++++++++++++++
 arrayfunc.c          |  2 +-
 builtins/history.def |  9 +++++++++
 doc/bash.1           | 19 ++++++++++++++-----
 doc/bashref.texi     | 31 +++++++++++++++++++++++++++++++
 doc/version.texi     |  4 ++--
 jobs.c               |  3 ++-
 shell.c              |  1 +
 subst.c              | 23 +++++------------------
 tests/RUN-ONE-TEST   |  2 +-
 10 files changed, 100 insertions(+), 28 deletions(-)

diff --git a/CWRU/CWRU.chlog b/CWRU/CWRU.chlog
index 051945bc..05d120de 100644
--- a/CWRU/CWRU.chlog
+++ b/CWRU/CWRU.chlog
@@ -8254,3 +8254,37 @@ arrayfunc.c
 arrayfunc.h
 	- expand_and_quote_assoc_word,quote_compound_array_list: new extern
 	  declarations
+
+				   4/30
+				   ----
+doc/{bashref.texi,bash.1}
+	- rework description of reserved words a little; add a reserved words
+	  node to bashref.texi. Based on a report from Dale R. Worley
+	  <worley@alum.mit.edu>
+
+builtins/history.def
+	- history_builtin: if the shell is restricted, don't allow pathnames
+	  with slashes to be read or written. From a report from
+	  Diffie <nano@mm.st>
+
+shell.c
+	- maybe_make_restricted: add HISTFILE to the list of readonly variables
+
+doc/{bashref.texi,bash.1}
+	- document new restricted shell restrictions
+
+				    5/1
+				    ---
+jobs.c
+	- wait_for: don't try to give the terminal to shell_pgrp if JWAIT_NOTERM
+	  is set in the flags argument
+
+subst.c
+	- command_substitute: call make_child with FORK_NOTERM flag so it
+	  doesn't try to set the terminal's process group
+	- command_substitute: call wait_for with JWAIT_NOTERM so it doesn't
+	  try to set the terminal's process group
+	- command_substitute: now that wait_for doesn't try to reset the
+	  terminal's process group, remove the code that tries to clean up
+	  after that
+
diff --git a/arrayfunc.c b/arrayfunc.c
index 5b0dc2f1..6da71526 100644
--- a/arrayfunc.c
+++ b/arrayfunc.c
@@ -859,7 +859,7 @@ quote_assign (string)
   return temp;
 }
 
-/* Take a word W of the form [IND]=VALUE and transform it to ['IND]='VALUE'
+/* Take a word W of the form [IND]=VALUE and transform it to ['IND']='VALUE'
    to prevent further expansion. This is called for compound assignments to
    indexed arrays. W has already undergone word expansions. If W has no [IND]=,
    just single-quote and return it. */
diff --git a/builtins/history.def b/builtins/history.def
index 5369ff23..1e3529f4 100644
--- a/builtins/history.def
+++ b/builtins/history.def
@@ -75,6 +75,7 @@ $END
 #include "../bashintl.h"
 
 #include "../shell.h"
+#include "../flags.h"
 #include "../parser.h"
 #include "../bashhist.h"
 #include <readline/history.h>
@@ -269,6 +270,14 @@ range_error:
   filename = list ? list->word->word : get_string_value ("HISTFILE");
   result = EXECUTION_SUCCESS;
 
+#if defined (RESTRICTED_SHELL)
+  if (restricted && strchr (filename, '/'))
+    {
+      sh_restricted (filename);
+      return (EXECUTION_FAILURE);
+    }
+#endif
+
   if (flags & AFLAG)		/* Append session's history to file. */
     result = maybe_append_history (filename);
   else if (flags & WFLAG)	/* Write entire history. */
diff --git a/doc/bash.1 b/doc/bash.1
index 151c14cb..df59ae3f 100644
--- a/doc/bash.1
+++ b/doc/bash.1
@@ -5,12 +5,12 @@
 .\"	Case Western Reserve University
 .\"	chet.ramey@case.edu
 .\"
-.\"	Last Change: Fri Apr 17 16:30:01 EDT 2020
+.\"	Last Change: Thu Apr 30 18:20:53 EDT 2020
 .\"
 .\" bash_builtins, strip all but Built-Ins section
 .if \n(zZ=1 .ig zZ
 .if \n(zY=1 .ig zY
-.TH BASH 1 "2020 April 17" "GNU Bash 5.0"
+.TH BASH 1 "2020 April 30" "GNU Bash 5.0"
 .\"
 .\" There's some problem with having a `@'
 .\" in a tagged paragraph with the BSD man macros.
@@ -493,14 +493,17 @@ symbols:
 .SH "RESERVED WORDS"
 \fIReserved words\fP are words that have a special meaning to the shell.
 The following words are recognized as reserved when unquoted and either
-the first word of a simple command (see
+the first word of a command (see
 .SM
 .B SHELL GRAMMAR
-below) or the third word of a
+below), the third word of a
 .B case
 or
+.B select
+command
+(only \fBin\fP is valid), or the third word of a
 .B for
-command:
+command (only \fBin\fP and \fBdo\fP are valid):
 .if t .RS
 .PP
 .B
@@ -10915,6 +10918,8 @@ setting or unsetting the values of
 .SM
 .BR PATH ,
 .SM
+.BR HISTFILE ,
+.SM
 .BR ENV ,
 or
 .SM
@@ -10930,6 +10935,10 @@ as an argument to the
 builtin command
 .IP \(bu
 specifying a filename containing a slash as an argument to the
+.B history
+builtin command
+.IP \(bu
+specifying a filename containing a slash as an argument to the
 .B \-p
 option to the
 .B hash
diff --git a/doc/bashref.texi b/doc/bashref.texi
index b4ed2330..1ea73690 100644
--- a/doc/bashref.texi
+++ b/doc/bashref.texi
@@ -580,6 +580,7 @@ becomes the input of a second, in a loop or conditional construct, or in
 some other grouping.
 
 @menu
+* Reserved Words::		Words that have special meaning to the shell.
 * Simple Commands::		The most common type of command.
 * Pipelines::			Connecting the input and output of several
 				commands.
@@ -589,6 +590,32 @@ some other grouping.
 * GNU Parallel::		Running commands in parallel.
 @end menu
 
+@node Reserved Words
+@subsection Reserved Words
+@cindex reserved words
+
+Reserved words are words that have special meaning to the shell.
+They are used to begin and end the shell's compound commands.
+
+The following words are recognized as reserved when unquoted and 
+the first word of a command (see below for exceptions):
+
+@multitable @columnfractions .1 .1 .1 .1 .12 .1
+@item @code{if} @tab @code{then} @tab @code{elif}
+@tab @code{else} @tab @code{fi} @tab @code{time}
+@item @code{for} @tab @code{in} @tab @code{until}
+@tab @code{while} @tab @code{do} @tab @code{done}
+@item @code{case} @tab @code{esac} @tab @code{coproc}
+@tab @code{select} @tab @code{function}
+@item @code{@{} @tab @code{@}} @tab @code{[[} @tab @code{]]} @tab @code{!}
+@end multitable
+
+@noindent
+@code{in} is recognized as a reserved word if it is the third word of a
+@code{case} or @code{select} command.
+@code{in} and @code{do} are recognized as reserved
+words if they are the third word in a @code{for} command.
+
 @node Simple Commands
 @subsection Simple Commands
 @cindex commands, simple
@@ -7628,6 +7655,7 @@ with the exception that the following are disallowed or not performed:
 Changing directories with the @code{cd} builtin.
 @item
 Setting or unsetting the values of the @env{SHELL}, @env{PATH},
+@env{HISTFILE},
 @env{ENV}, or @env{BASH_ENV} variables.
 @item
 Specifying command names containing slashes.
@@ -7635,6 +7663,9 @@ Specifying command names containing slashes.
 Specifying a filename containing a slash as an argument to the @code{.}
 builtin command.
 @item
+Specifying a filename containing a slash as an argument to the @code{history}
+builtin command.
+@item
 Specifying a filename containing a slash as an argument to the @option{-p}
 option to the @code{hash} builtin command.
 @item
diff --git a/doc/version.texi b/doc/version.texi
index cfbd58c8..98f9785d 100644
--- a/doc/version.texi
+++ b/doc/version.texi
@@ -2,10 +2,10 @@
 Copyright (C) 1988-2020 Free Software Foundation, Inc.
 @end ignore
 
-@set LASTCHANGE Fri Apr 17 16:30:16 EDT 2020
+@set LASTCHANGE Thu Apr 30 18:20:35 EDT 2020
 
 @set EDITION 5.0
 @set VERSION 5.0
 
-@set UPDATED 17 April 2020
+@set UPDATED 30 April 2020
 @set UPDATED-MONTH April 2020
diff --git a/jobs.c b/jobs.c
index f98e2e60..ba26670c 100644
--- a/jobs.c
+++ b/jobs.c
@@ -3092,7 +3092,8 @@ if (job == NO_JOB)
 	 conditions to determine whether or not it should undo this and
 	 give the terminal to pipeline_pgrp. */
       
-      if (running_in_background == 0 && (subshell_environment&(SUBSHELL_ASYNC|SUBSHELL_PIPE)) == 0)
+      if ((flags & JWAIT_NOTERM) == 0 && running_in_background == 0 &&
+	  (subshell_environment & (SUBSHELL_ASYNC|SUBSHELL_PIPE)) == 0)
 	give_terminal_to (shell_pgrp, 0);
     }
 
diff --git a/shell.c b/shell.c
index 7dc3ab27..fd31d293 100644
--- a/shell.c
+++ b/shell.c
@@ -1269,6 +1269,7 @@ maybe_make_restricted (name)
       set_var_read_only ("SHELL");
       set_var_read_only ("ENV");
       set_var_read_only ("BASH_ENV");
+      set_var_read_only ("HISTFILE");
       restricted = 1;
     }
   return (restricted);
diff --git a/subst.c b/subst.c
index 05f46c51..880d0ecd 100644
--- a/subst.c
+++ b/subst.c
@@ -5906,7 +5906,9 @@ process_substitute (string, open_for_read_in_child)
   pid = make_child ((char *)NULL, FORK_ASYNC);
   if (pid == 0)
     {
-interactive = 0;
+      /* The currently-executing shell is not interactive */
+      interactive = 0;
+
       reset_terminating_signals ();	/* XXX */
       free_pushed_string_input ();
       /* Cancel traps, in trap.c. */
@@ -6316,7 +6318,7 @@ command_substitute (string, quoted, flags)
 
   old_async_pid = last_asynchronous_pid;
   fork_flags = (subshell_environment&SUBSHELL_ASYNC) ? FORK_ASYNC : 0;
-  pid = make_child ((char *)NULL, fork_flags);
+  pid = make_child ((char *)NULL, fork_flags|FORK_NOTERM);
   last_asynchronous_pid = old_async_pid;
 
   if (pid == 0)
@@ -6491,7 +6493,7 @@ command_substitute (string, quoted, flags)
       UNBLOCK_SIGNAL (oset);
 
       current_command_subst_pid = pid;
-      last_command_exit_value = wait_for (pid, 0);
+      last_command_exit_value = wait_for (pid, JWAIT_NOTERM);
       last_command_subst_pid = pid;
       last_made_pid = old_pid;
 
@@ -6501,20 +6503,6 @@ command_substitute (string, quoted, flags)
 	 SIGINT to ourselves.  This will break out of loops, for instance. */
       if (last_command_exit_value == (128 + SIGINT) && last_command_exit_signal == SIGINT)
 	kill (getpid (), SIGINT);
-
-      /* wait_for gives the terminal back to shell_pgrp.  If some other
-	 process group should have it, give it away to that group here.
-	 pipeline_pgrp is non-zero only while we are constructing a
-	 pipeline, so what we are concerned about is whether or not that
-	 pipeline was started in the background.  A pipeline started in
-	 the background should never get the tty back here.  We duplicate
-	 the conditions that wait_for tests to make sure we only give
-	 the terminal back to pipeline_pgrp under the conditions that wait_for
-	 gave it to shell_pgrp.  If wait_for doesn't mess with the terminal
-	 pgrp, we should not either. */
-      if (interactive && pipeline_pgrp != (pid_t)0 && running_in_background == 0 &&
-	   (subshell_environment & (SUBSHELL_ASYNC|SUBSHELL_PIPE)) == 0)
-	give_terminal_to (pipeline_pgrp, 0);
 #endif /* JOB_CONTROL */
 
       ret = alloc_word_desc ();
@@ -11577,7 +11565,6 @@ expand_compound_assignment_word (tlist, flags)
   char *value, *temp;
 
 /*itrace("expand_compound_assignment_word: original word = -%s-", tlist->word->word);*/
-  wlen = strlen (tlist->word->word);
   t = assignment (tlist->word->word, 0);
 
   /* value doesn't have the open and close parens */
diff --git a/tests/RUN-ONE-TEST b/tests/RUN-ONE-TEST
index c8bef8dd..0b063810 100755
--- a/tests/RUN-ONE-TEST
+++ b/tests/RUN-ONE-TEST
@@ -1,4 +1,4 @@
-BUILD_DIR=/usr/local/build/bash/bash-current
+BUILD_DIR=/usr/local/build/chet/bash/bash-current
 THIS_SH=$BUILD_DIR/bash
 PATH=$PATH:$BUILD_DIR