new file mode 100644

@@ -0,0 +1,114 @@

+From 4f747edc625815f449048579f6e65869914dd715 Mon Sep 17 00:00:00 2001

+From: Chet Ramey <chet.ramey@case.edu>

+Date: Fri, 20 Jan 2017 11:47:55 -0500

+Subject: Bash-4.4 patch 7

+

+---

+ bashline.c   | 22 ++++++++++++----------

+ patchlevel.h |  2 +-

+ subst.c      |  4 ++++

+ 3 files changed, 17 insertions(+), 11 deletions(-)

+

+diff --git a/bashline.c b/bashline.c

+index f4fe9f1..0275844 100644

+--- a/bashline.c

+@@ -142,7 +142,7 @@ static int executable_completion __P((const char *, int));

+ static rl_icppfunc_t *save_directory_hook __P((void));

+ static void restore_directory_hook __P((rl_icppfunc_t));

+ 

+-static int directory_exists __P((const char *));

++static int directory_exists __P((const char *, int));

+ 

+ static void cleanup_expansion_error __P((void));

+ static void maybe_make_readline_line __P((char *));

+@@ -3102,18 +3102,20 @@ restore_directory_hook (hookf)

+     rl_directory_rewrite_hook = hookf;

+ }

+ 

+-/* Check whether not the (dequoted) version of DIRNAME, with any trailing slash

+-   removed, exists. */

++/* Check whether not DIRNAME, with any trailing slash removed, exists.  If

++   SHOULD_DEQUOTE is non-zero, we dequote the directory name first. */

+ static int

+-directory_exists (dirname)

++directory_exists (dirname, should_dequote)

+      const char *dirname;

++     int should_dequote;

+ {

+   char *new_dirname;

+   int dirlen, r;

+   struct stat sb;

+ 

+-  /* First, dequote the directory name */

+-  new_dirname = bash_dequote_filename ((char *)dirname, rl_completion_quote_character);

++  /* We save the string and chop the trailing slash because stat/lstat behave

++     inconsistently if one is present. */

++  new_dirname = should_dequote ? bash_dequote_filename ((char *)dirname, rl_completion_quote_character) : savestring (dirname);

+   dirlen = STRLEN (new_dirname);

+   if (new_dirname[dirlen - 1] == '/')

+     new_dirname[dirlen - 1] = '\0';

+@@ -3145,7 +3147,7 @@ bash_filename_stat_hook (dirname)

+   else if (t = mbschr (local_dirname, '`'))	/* XXX */

+     should_expand_dirname = '`';

+ 

+-  if (should_expand_dirname && directory_exists (local_dirname))

++  if (should_expand_dirname && directory_exists (local_dirname, 0))

+     should_expand_dirname = 0;

+   

+   if (should_expand_dirname)  

+@@ -3155,7 +3157,7 @@ bash_filename_stat_hook (dirname)

+ 	 have to worry about restoring this setting. */

+       global_nounset = unbound_vars_is_error;

+       unbound_vars_is_error = 0;

+-      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE);	/* does the right thing */

++      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE);	/* does the right thing */

+       unbound_vars_is_error = global_nounset;

+       if (wl)

+ 	{

+@@ -3244,13 +3246,13 @@ bash_directory_completion_hook (dirname)

+ 	should_expand_dirname = '`';

+     }

+ 

+-  if (should_expand_dirname && directory_exists (local_dirname))

++  if (should_expand_dirname && directory_exists (local_dirname, 1))

+     should_expand_dirname = 0;

+ 

+   if (should_expand_dirname)  

+     {

+       new_dirname = savestring (local_dirname);

+-      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_COMPLETE);	/* does the right thing */

++      wl = expand_prompt_string (new_dirname, 0, W_NOCOMSUB|W_NOPROCSUB|W_COMPLETE);	/* does the right thing */

+       if (wl)

+ 	{

+ 	  *dirname = string_list (wl);

+diff --git a/patchlevel.h b/patchlevel.h

+index 14bff9f..deb9c5b 100644

+--- a/patchlevel.h

+@@ -25,6 +25,6 @@

+    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh

+    looks for to find the patch level (for the sccs version string). */

+ 

+-#define PATCHLEVEL 0

++#define PATCHLEVEL 7

+ 

+ #endif /* _PATCHLEVEL_H_ */

+diff --git a/subst.c b/subst.c

+index 298187d..027a13e 100644

+--- a/subst.c

+@@ -9458,6 +9458,10 @@ add_twochars:

+ 		tword->flags |= word->flags & (W_ASSIGNARG|W_ASSIGNRHS);	/* affects $@ */

+ 	      if (word->flags & W_COMPLETE)

+ 		tword->flags |= W_COMPLETE;	/* for command substitutions */

++	      if (word->flags & W_NOCOMSUB)

++		tword->flags |= W_NOCOMSUB;

++	      if (word->flags & W_NOPROCSUB)

++		tword->flags |= W_NOPROCSUB;

+ 

+ 	      temp = (char *)NULL;

+ 

+-- 

+cgit v1.0-41-gc330

+

@@ -1,7 +1,7 @@

 Summary:	Bourne-Again SHell

 Name:		bash

 Version:	4.4

-Release:	5%{?dist}

+Release:	6%{?dist}

 License:	GPLv3

 URL:		http://www.gnu.org/software/bash/

 Group:		System Environment/Base

@@ -11,6 +11,7 @@ Source0:	http://ftp.gnu.org/gnu/bash/%{name}-%{version}.tar.gz

 %define sha1 bash=8de012df1e4f3e91f571c3eb8ec45b43d7c747eb

 Source1:	bash_completion

 Patch0:		bash-4.4.patch

+Patch1:         CVE-2017-5932.patch

 Provides:	/bin/sh

 Provides:	/bin/bash

 BuildRequires:  readline

@@ -38,6 +39,7 @@ These are the additional language files of bash.

 %prep

 %setup -q

 %patch0 -p1

+%patch1 -p1

 %build

 ./configure \

 	"CFLAGS=-fPIC" \

@@ -312,6 +314,8 @@ fi

 %defattr(-,root,root)

 %changelog

+*   Mon Oct 02 2017 Kumar Kaushik <kaushikk@vmware.com> 4.4-6

+-   Adding security fix for CVE-2017-5932.

 *   Thu Jun 8 2017 Bo Gan <ganb@vmware.com> 4.4-5

 -   Fix dependency again

 *   Wed Jun 7 2017 Divya Thaluru <dthaluru@vmware.com>  4.4-4