--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-001
+
+Bug-Reported-by: NBaH <nbah@sfr.fr>
+Bug-Reference-ID: <ler0b5$iu9$1@speranza.aioe.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00092.html
+
+Bug-Description:
+
+A missing check for a valid option prevented `test -R' from working. There
+is another problem that causes bash to look up the wrong variable name when
+processing the argument to `test -R'.
+
+Patch (apply with `patch -p0'):
+
+--- a/test.c
++++ b/test.c
+@@ -646,8 +646,8 @@ unary_test (op, arg)
+ return (v && invisible_p (v) == 0 && var_isset (v) ? TRUE : FALSE);
+
+ case 'R':
+- v = find_variable (arg);
+- return (v && invisible_p (v) == 0 && var_isset (v) && nameref_p (v) ? TRUE : FALSE);
++ v = find_variable_noref (arg);
++ return ((v && invisible_p (v) == 0 && var_isset (v) && nameref_p (v)) ? TRUE : FALSE);
+ }
+
+ /* We can't actually get here, but this shuts up gcc. */
+@@ -723,6 +723,7 @@ test_unop (op)
+ case 'o': case 'p': case 'r': case 's': case 't':
+ case 'u': case 'v': case 'w': case 'x': case 'z':
+ case 'G': case 'L': case 'O': case 'S': case 'N':
++ case 'R':
+ return (1);
+ }
+
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 0
++#define PATCHLEVEL 1
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-002
+
+Bug-Reported-by: Moe Tunes <moetunes42@gmail.com>
+Bug-Reference-ID: <53103F49.3070100@gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00086.html
+
+Bug-Description:
+
+A change to save state while running the DEBUG trap caused pipelines to hang
+on systems which need process group synchronization while building pipelines.
+
+Patch (apply with `patch -p0'):
+
+--- a/trap.c
++++ b/trap.c
+@@ -920,7 +920,8 @@ _run_trap_internal (sig, tag)
+ subst_assign_varlist = 0;
+
+ #if defined (JOB_CONTROL)
+- save_pipeline (1); /* XXX only provides one save level */
++ if (sig != DEBUG_TRAP) /* run_debug_trap does this */
++ save_pipeline (1); /* XXX only provides one save level */
+ #endif
+
+ /* If we're in a function, make sure return longjmps come here, too. */
+@@ -940,7 +941,8 @@ _run_trap_internal (sig, tag)
+ trap_exit_value = last_command_exit_value;
+
+ #if defined (JOB_CONTROL)
+- restore_pipeline (1);
++ if (sig != DEBUG_TRAP) /* run_debug_trap does this */
++ restore_pipeline (1);
+ #endif
+
+ subst_assign_varlist = save_subst_varlist;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 1
++#define PATCHLEVEL 2
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-003
+
+Bug-Reported-by: Anatol Pomozov <anatol.pomozov@gmail.com>
+Bug-Reference-ID: <CAOMFOmXy3mT2So5GQ5F-smCVArQuAeBwZ2QKzgCtMeXJoDeYOQ@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html
+
+Bug-Description:
+
+When in callback mode, some readline commands can cause readline to seg
+fault by passing invalid contexts to callback functions.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/readline/readline.c
++++ b/lib/readline/readline.c
+@@ -744,7 +744,8 @@ _rl_dispatch_callback (cxt)
+ r = _rl_subseq_result (r, cxt->oldmap, cxt->okey, (cxt->flags & KSEQ_SUBSEQ));
+
+ RL_CHECK_SIGNALS ();
+- if (r == 0) /* success! */
++ /* We only treat values < 0 specially to simulate recursion. */
++ if (r >= 0 || (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0)) /* success! or failure! */
+ {
+ _rl_keyseq_chain_dispose ();
+ RL_UNSETSTATE (RL_STATE_MULTIKEY);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 2
++#define PATCHLEVEL 3
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-004
+
+Bug-Reported-by: Daan van Rossum <daan@flash.uchicago.edu>
+Bug-Reference-ID: <20140307072523.GA14250@flash.uchicago.edu>
+Bug-Reference-URL:
+
+Bug-Description:
+
+The `.' command in vi mode cannot undo multi-key commands beginning with
+`c', `d', and `y' (command plus motion specifier).
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/readline/readline.c
++++ b/lib/readline/readline.c
+@@ -965,7 +965,7 @@ _rl_dispatch_subseq (key, map, got_subse
+ #if defined (VI_MODE)
+ if (rl_editing_mode == vi_mode && _rl_keymap == vi_movement_keymap &&
+ key != ANYOTHERKEY &&
+- rl_key_sequence_length == 1 && /* XXX */
++ _rl_dispatching_keymap == vi_movement_keymap &&
+ _rl_vi_textmod_command (key))
+ _rl_vi_set_last (key, rl_numeric_arg, rl_arg_sign);
+ #endif
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 3
++#define PATCHLEVEL 4
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-005
+
+Bug-Reported-by: David Sines <dave.gma@googlemail.com>
+Bug-Reference-ID: <CAO3BAa_CK_Rgkhdfzs+NJ4KFYdB9qW3pvXQK0xLCi6GMmDU8bw@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00037.html
+
+Bug-Description:
+
+When in Posix mode, bash did not correctly interpret the ANSI-C-style
+$'...' quoting mechanism when performing pattern substitution word
+expansions within double quotes.
+
+Patch (apply with `patch -p0'):
+
+--- a/parse.y
++++ b/parse.y
+@@ -3398,7 +3398,7 @@ parse_matched_pair (qc, open, close, len
+ within a double-quoted ${...} construct "an even number of
+ unescaped double-quotes or single-quotes, if any, shall occur." */
+ /* This was changed in Austin Group Interp 221 */
+- if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
++ if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && dolbrace_state != DOLBRACE_QUOTE2 && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
+ continue;
+
+ /* Could also check open == '`' if we want to parse grouping constructs
+--- a/y.tab.c
++++ b/y.tab.c
+@@ -5710,7 +5710,7 @@ parse_matched_pair (qc, open, close, len
+ within a double-quoted ${...} construct "an even number of
+ unescaped double-quotes or single-quotes, if any, shall occur." */
+ /* This was changed in Austin Group Interp 221 */
+- if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
++ if MBTEST(posixly_correct && shell_compatibility_level > 41 && dolbrace_state != DOLBRACE_QUOTE && dolbrace_state != DOLBRACE_QUOTE2 && (flags & P_DQUOTE) && (flags & P_DOLBRACE) && ch == '\'')
+ continue;
+
+ /* Could also check open == '`' if we want to parse grouping constructs
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 4
++#define PATCHLEVEL 5
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-006
+
+Bug-Reported-by: Eduardo A . Bustamante Lopez <dualbus@gmail.com>
+Bug-Reference-ID: <20140228170013.GA16015@dualbus.me>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-02/msg00091.html
+
+Bug-Description:
+
+A shell that started with job control active but was not interactive left
+the terminal in the wrong process group when exiting, causing its parent
+shell to get a stop signal when it attempted to read from the terminal.
+
+Patch (apply with `patch -p0'):
+
+--- a/jobs.c
++++ b/jobs.c
+@@ -4374,7 +4374,7 @@ without_job_control ()
+ void
+ end_job_control ()
+ {
+- if (interactive_shell) /* XXX - should it be interactive? */
++ if (interactive_shell || job_control) /* XXX - should it be just job_control? */
+ {
+ terminate_stopped_jobs ();
+
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 5
++#define PATCHLEVEL 6
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-007
+
+Bug-Reported-by: geir.hauge@gmail.com
+Bug-Reference-ID: <20140318093650.B181C1C5B0B@gina.itea.ntnu.no>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00095.html
+
+Bug-Description:
+
+Using compound assignments for associative arrays like
+
+assoc=( [x]= [y]=bar )
+
+left the value corresponding to the key `x' NULL. This caused subsequent
+lookups to interpret it as unset.
+
+Patch (apply with `patch -p0'):
+
+--- a/arrayfunc.c
++++ b/arrayfunc.c
+@@ -597,6 +597,11 @@ assign_compound_array_list (var, nlist,
+ if (assoc_p (var))
+ {
+ val = expand_assignment_string_to_string (val, 0);
++ if (val == 0)
++ {
++ val = (char *)xmalloc (1);
++ val[0] = '\0'; /* like do_assignment_internal */
++ }
+ free_val = 1;
+ }
+
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 6
++#define PATCHLEVEL 7
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-008
+
+Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
+Bug-Reference-ID: <20140318135901.GB22158@chaz.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00098.html
+
+Bug-Description:
+
+Some extended glob patterns incorrectly matched filenames with a leading
+dot, regardless of the setting of the `dotglob' option.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/glob/gmisc.c
++++ b/lib/glob/gmisc.c
+@@ -210,6 +210,7 @@ extglob_pattern_p (pat)
+ case '+':
+ case '!':
+ case '@':
++ case '?':
+ return (pat[1] == LPAREN);
+ default:
+ return 0;
+--- a/lib/glob/glob.c
++++ b/lib/glob/glob.c
+@@ -179,42 +179,50 @@ extglob_skipname (pat, dname, flags)
+ char *pat, *dname;
+ int flags;
+ {
+- char *pp, *pe, *t;
+- int n, r;
++ char *pp, *pe, *t, *se;
++ int n, r, negate;
+
++ negate = *pat == '!';
+ pp = pat + 2;
+- pe = pp + strlen (pp) - 1; /*(*/
+- if (*pe != ')')
+- return 0;
+- if ((t = strchr (pp, '|')) == 0) /* easy case first */
++ se = pp + strlen (pp) - 1; /* end of string */
++ pe = glob_patscan (pp, se, 0); /* end of extglob pattern (( */
++ /* we should check for invalid extglob pattern here */
++ /* if pe != se we have more of the pattern at the end of the extglob
++ pattern. Check the easy case first ( */
++ if (pe == se && *pe == ')' && (t = strchr (pp, '|')) == 0)
+ {
+ *pe = '\0';
++#if defined (HANDLE_MULTIBYTE)
++ r = mbskipname (pp, dname, flags);
++#else
+ r = skipname (pp, dname, flags); /*(*/
++#endif
+ *pe = ')';
+ return r;
+ }
++
++ /* check every subpattern */
+ while (t = glob_patscan (pp, pe, '|'))
+ {
+ n = t[-1];
+ t[-1] = '\0';
++#if defined (HANDLE_MULTIBYTE)
++ r = mbskipname (pp, dname, flags);
++#else
+ r = skipname (pp, dname, flags);
++#endif
+ t[-1] = n;
+ if (r == 0) /* if any pattern says not skip, we don't skip */
+ return r;
+ pp = t;
+ } /*(*/
+
+- if (pp == pe) /* glob_patscan might find end of pattern */
++ /* glob_patscan might find end of pattern */
++ if (pp == se)
+ return r;
+
+- *pe = '\0';
+-# if defined (HANDLE_MULTIBYTE)
+- r = mbskipname (pp, dname, flags); /*(*/
+-# else
+- r = skipname (pp, dname, flags); /*(*/
+-# endif
+- *pe = ')';
+- return r;
++ /* but if it doesn't then we didn't match a leading dot */
++ return 0;
+ }
+ #endif
+
+@@ -277,20 +285,23 @@ wextglob_skipname (pat, dname, flags)
+ int flags;
+ {
+ #if EXTENDED_GLOB
+- wchar_t *pp, *pe, *t, n;
+- int r;
++ wchar_t *pp, *pe, *t, n, *se;
++ int r, negate;
+
++ negate = *pat == L'!';
+ pp = pat + 2;
+- pe = pp + wcslen (pp) - 1; /*(*/
+- if (*pe != L')')
+- return 0;
+- if ((t = wcschr (pp, L'|')) == 0)
++ se = pp + wcslen (pp) - 1; /*(*/
++ pe = glob_patscan_wc (pp, se, 0);
++
++ if (pe == se && *pe == ')' && (t = wcschr (pp, L'|')) == 0)
+ {
+ *pe = L'\0';
+ r = wchkname (pp, dname); /*(*/
+ *pe = L')';
+ return r;
+ }
++
++ /* check every subpattern */
+ while (t = glob_patscan_wc (pp, pe, '|'))
+ {
+ n = t[-1];
+@@ -305,10 +316,8 @@ wextglob_skipname (pat, dname, flags)
+ if (pp == pe) /* glob_patscan_wc might find end of pattern */
+ return r;
+
+- *pe = L'\0';
+- r = wchkname (pp, dname); /*(*/
+- *pe = L')';
+- return r;
++ /* but if it doesn't then we didn't match a leading dot */
++ return 0;
+ #else
+ return (wchkname (pat, dname));
+ #endif
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 7
++#define PATCHLEVEL 8
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-009
+
+Bug-Reported-by: Matthias Klose <doko@debian.org>
+Bug-Reference-ID: <53346FC8.6090005@debian.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00171.html
+
+Bug-Description:
+
+There is a problem with unsigned sign extension when attempting to reallocate
+the input line when it is fewer than 3 characters long and there has been a
+history expansion. The sign extension causes the shell to not reallocate the
+line, which results in a segmentation fault when it writes past the end.
+
+Patch (apply with `patch -p0'):
+
+--- a/parse.y
++++ b/parse.y
+@@ -2424,7 +2424,7 @@ shell_getc (remove_quoted_newline)
+ not already end in an EOF character. */
+ if (shell_input_line_terminator != EOF)
+ {
+- if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3)
++ if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size))
+ shell_input_line = (char *)xrealloc (shell_input_line,
+ 1 + (shell_input_line_size += 2));
+
+--- a/y.tab.c
++++ b/y.tab.c
+@@ -4736,7 +4736,7 @@ shell_getc (remove_quoted_newline)
+ not already end in an EOF character. */
+ if (shell_input_line_terminator != EOF)
+ {
+- if (shell_input_line_size < SIZE_MAX && shell_input_line_len > shell_input_line_size - 3)
++ if (shell_input_line_size < SIZE_MAX-3 && (shell_input_line_len+3 > shell_input_line_size))
+ shell_input_line = (char *)xrealloc (shell_input_line,
+ 1 + (shell_input_line_size += 2));
+
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 8
++#define PATCHLEVEL 9
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-010
+
+Bug-Reported-by: Albert Shih <Albert.Shih@obspm.fr>
+Bug-Reference-ID: Wed, 5 Mar 2014 23:01:40 +0100
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00028.html
+
+Bug-Description:
+
+Patch (apply with `patch -p0'):
+
+This patch changes the behavior of programmable completion to compensate
+for two assumptions made by the bash-completion package. Bash-4.3 changed
+to dequote the argument to programmable completion only under certain
+circumstances, to make the behavior of compgen more consistent when run
+from the command line -- closer to the behavior when run by a shell function
+run as part of programmable completion. Bash-completion can pass quoted
+arguments to compgen when the original word to be completed was not quoted,
+expecting programmable completion to dequote the word before attempting
+completion.
+
+This patch fixes two cases:
+
+1. An empty string that bash-completion passes to compgen as a quoted null
+ string ('').
+
+2. An unquoted word that bash-completion quotes using single quotes or
+ backslashes before passing it to compgen.
+
+In these cases, since readline did not detect a quote character in the original
+word to be completed, bash-4.3
+
+--- a/externs.h
++++ b/externs.h
+@@ -324,6 +324,7 @@ extern char *sh_un_double_quote __P((cha
+ extern char *sh_backslash_quote __P((char *, const char *, int));
+ extern char *sh_backslash_quote_for_double_quotes __P((char *));
+ extern int sh_contains_shell_metas __P((char *));
++extern int sh_contains_quotes __P((char *));
+
+ /* declarations for functions defined in lib/sh/spell.c */
+ extern int spname __P((char *, char *));
+--- a/lib/sh/shquote.c
++++ b/lib/sh/shquote.c
+@@ -311,3 +311,17 @@ sh_contains_shell_metas (string)
+
+ return (0);
+ }
++
++int
++sh_contains_quotes (string)
++ char *string;
++{
++ char *s;
++
++ for (s = string; s && *s; s++)
++ {
++ if (*s == '\'' || *s == '"' || *s == '\\')
++ return 1;
++ }
++ return 0;
++}
+--- a/pcomplete.c
++++ b/pcomplete.c
+@@ -183,6 +183,7 @@ ITEMLIST it_variables = { LIST_DYNAMIC,
+
+ COMPSPEC *pcomp_curcs;
+ const char *pcomp_curcmd;
++const char *pcomp_curtxt;
+
+ #ifdef DEBUG
+ /* Debugging code */
+@@ -753,6 +754,32 @@ pcomp_filename_completion_function (text
+ quoted strings. */
+ dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character);
+ }
++ /* Intended to solve a mismatched assumption by bash-completion. If
++ the text to be completed is empty, but bash-completion turns it into
++ a quoted string ('') assuming that this code will dequote it before
++ calling readline, do the dequoting. */
++ else if (iscompgen && iscompleting &&
++ pcomp_curtxt && *pcomp_curtxt == 0 &&
++ text && (*text == '\'' || *text == '"') && text[1] == text[0] && text[2] == 0 &&
++ rl_filename_dequoting_function)
++ dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character);
++ /* Another mismatched assumption by bash-completion. If compgen is being
++ run as part of bash-completion, and the argument to compgen is not
++ the same as the word originally passed to the programmable completion
++ code, dequote the argument if it has quote characters. It's an
++ attempt to detect when bash-completion is quoting its filename
++ argument before calling compgen. */
++ /* We could check whether gen_shell_function_matches is in the call
++ stack by checking whether the gen-shell-function-matches tag is in
++ the unwind-protect stack, but there's no function to do that yet.
++ We could simply check whether we're executing in a function by
++ checking variable_context, and may end up doing that. */
++ else if (iscompgen && iscompleting && rl_filename_dequoting_function &&
++ pcomp_curtxt && text &&
++ STREQ (pcomp_curtxt, text) == 0 &&
++ variable_context &&
++ sh_contains_quotes (text)) /* guess */
++ dfn = (*rl_filename_dequoting_function) ((char *)text, rl_completion_quote_character);
+ else
+ dfn = savestring (text);
+ }
+@@ -1522,7 +1549,7 @@ gen_progcomp_completions (ocmd, cmd, wor
+ COMPSPEC **lastcs;
+ {
+ COMPSPEC *cs, *oldcs;
+- const char *oldcmd;
++ const char *oldcmd, *oldtxt;
+ STRINGLIST *ret;
+
+ cs = progcomp_search (ocmd);
+@@ -1545,14 +1572,17 @@ gen_progcomp_completions (ocmd, cmd, wor
+
+ oldcs = pcomp_curcs;
+ oldcmd = pcomp_curcmd;
++ oldtxt = pcomp_curtxt;
+
+ pcomp_curcs = cs;
+ pcomp_curcmd = cmd;
++ pcomp_curtxt = word;
+
+ ret = gen_compspec_completions (cs, cmd, word, start, end, foundp);
+
+ pcomp_curcs = oldcs;
+ pcomp_curcmd = oldcmd;
++ pcomp_curtxt = oldtxt;
+
+ /* We need to conditionally handle setting *retryp here */
+ if (retryp)
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 9
++#define PATCHLEVEL 10
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-011
+
+Bug-Reported-by: Egmont Koblinger <egmont@gmail.com>
+Bug-Reference-ID: <CAGWcZk+bU5Jo1M+tutGvL-250UBE9DXjpeJVofYJSFcqFEVfMg@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00153.html
+
+Bug-Description:
+
+The signal handling changes to bash and readline (to avoid running any code
+in a signal handler context) cause the cursor to be placed on the wrong
+line of a multi-line command after a ^C interrupts editing.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/readline/display.c
++++ b/lib/readline/display.c
+@@ -2677,7 +2677,8 @@ _rl_clean_up_for_exit ()
+ {
+ if (_rl_echoing_p)
+ {
+- _rl_move_vert (_rl_vis_botlin);
++ if (_rl_vis_botlin > 0) /* minor optimization plus bug fix */
++ _rl_move_vert (_rl_vis_botlin);
+ _rl_vis_botlin = 0;
+ fflush (rl_outstream);
+ rl_restart_output (1, 0);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 10
++#define PATCHLEVEL 11
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-012
+
+Bug-Reported-by: Eduardo A. Bustamante López<dualbus@gmail.com>
+Bug-Reference-ID: <5346B54C.4070205@case.edu>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00051.html
+
+Bug-Description:
+
+When a SIGCHLD trap runs a command containing a shell builtin while
+a script is running `wait' to wait for all running children to complete,
+the SIGCHLD trap will not be run once for each child that terminates.
+
+Patch (apply with `patch -p0'):
+
+--- a/jobs.c
++++ b/jobs.c
+@@ -3597,6 +3597,7 @@ run_sigchld_trap (nchild)
+ unwind_protect_int (jobs_list_frozen);
+ unwind_protect_pointer (the_pipeline);
+ unwind_protect_pointer (subst_assign_varlist);
++ unwind_protect_pointer (this_shell_builtin);
+
+ /* We have to add the commands this way because they will be run
+ in reverse order of adding. We don't want maybe_set_sigchld_trap ()
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 11
++#define PATCHLEVEL 12
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-013
+
+Bug-Reported-by: <Trond.Endrestol@ximalas.info>
+Bug-Reference-ID: <alpine.BSF.2.03.1404192114310.1973@enterprise.ximalas.info>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00069.html
+
+Bug-Description:
+
+Using reverse-i-search when horizontal scrolling is enabled does not redisplay
+the entire line containing the successful search results.
+
+Patch (apply with `patch -p0'):
+--- a/lib/readline/display.c
++++ b/lib/readline/display.c
+@@ -1637,7 +1637,7 @@ update_line (old, new, current_line, oma
+ /* If we are changing the number of invisible characters in a line, and
+ the spot of first difference is before the end of the invisible chars,
+ lendiff needs to be adjusted. */
+- if (current_line == 0 && !_rl_horizontal_scroll_mode &&
++ if (current_line == 0 && /* !_rl_horizontal_scroll_mode && */
+ current_invis_chars != visible_wrap_offset)
+ {
+ if (MB_CUR_MAX > 1 && rl_byte_oriented == 0)
+@@ -1825,8 +1825,13 @@ update_line (old, new, current_line, oma
+ else
+ _rl_last_c_pos += bytes_to_insert;
+
++ /* XXX - we only want to do this if we are at the end of the line
++ so we move there with _rl_move_cursor_relative */
+ if (_rl_horizontal_scroll_mode && ((oe-old) > (ne-new)))
+- goto clear_rest_of_line;
++ {
++ _rl_move_cursor_relative (ne-new, new);
++ goto clear_rest_of_line;
++ }
+ }
+ }
+ /* Otherwise, print over the existing material. */
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 12
++#define PATCHLEVEL 13
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-014
+
+Bug-Reported-by: Greg Wooledge <wooledg@eeg.ccf.org>
+Bug-Reference-ID: <20140418202123.GB7660@eeg.ccf.org>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/help-bash/2014-04/msg00004.html
+
+Bug-Description:
+
+Under certain circumstances, $@ is expanded incorrectly in contexts where
+word splitting is not performed.
+
+Patch (apply with `patch -p0'):
+--- a/subst.c
++++ b/subst.c
+@@ -3248,8 +3248,10 @@ cond_expand_word (w, special)
+ if (w->word == 0 || w->word[0] == '\0')
+ return ((char *)NULL);
+
++ expand_no_split_dollar_star = 1;
+ w->flags |= W_NOSPLIT2;
+ l = call_expand_word_internal (w, 0, 0, (int *)0, (int *)0);
++ expand_no_split_dollar_star = 0;
+ if (l)
+ {
+ if (special == 0) /* LHS */
+@@ -7847,6 +7849,10 @@ param_expand (string, sindex, quoted, ex
+ We also want to make sure that splitting is done no matter what --
+ according to POSIX.2, this expands to a list of the positional
+ parameters no matter what IFS is set to. */
++ /* XXX - what to do when in a context where word splitting is not
++ performed? Even when IFS is not the default, posix seems to imply
++ that we behave like unquoted $* ? Maybe we should use PF_NOSPLIT2
++ here. */
+ temp = string_list_dollar_at (list, (pflags & PF_ASSIGNRHS) ? (quoted|Q_DOUBLE_QUOTES) : quoted);
+
+ tflag |= W_DOLLARAT;
+@@ -8816,6 +8822,7 @@ finished_with_string:
+ else
+ {
+ char *ifs_chars;
++ char *tstring;
+
+ ifs_chars = (quoted_dollar_at || has_dollar_at) ? ifs_value : (char *)NULL;
+
+@@ -8830,11 +8837,36 @@ finished_with_string:
+ regardless of what else has happened to IFS since the expansion. */
+ if (split_on_spaces)
+ list = list_string (istring, " ", 1); /* XXX quoted == 1? */
++ /* If we have $@ (has_dollar_at != 0) and we are in a context where we
++ don't want to split the result (W_NOSPLIT2), and we are not quoted,
++ we have already separated the arguments with the first character of
++ $IFS. In this case, we want to return a list with a single word
++ with the separator possibly replaced with a space (it's what other
++ shells seem to do).
++ quoted_dollar_at is internal to this function and is set if we are
++ passed an argument that is unquoted (quoted == 0) but we encounter a
++ double-quoted $@ while expanding it. */
++ else if (has_dollar_at && quoted_dollar_at == 0 && ifs_chars && quoted == 0 && (word->flags & W_NOSPLIT2))
++ {
++ /* Only split and rejoin if we have to */
++ if (*ifs_chars && *ifs_chars != ' ')
++ {
++ list = list_string (istring, *ifs_chars ? ifs_chars : " ", 1);
++ tstring = string_list (list);
++ }
++ else
++ tstring = istring;
++ tword = make_bare_word (tstring);
++ if (tstring != istring)
++ free (tstring);
++ goto set_word_flags;
++ }
+ else if (has_dollar_at && ifs_chars)
+ list = list_string (istring, *ifs_chars ? ifs_chars : " ", 1);
+ else
+ {
+ tword = make_bare_word (istring);
++set_word_flags:
+ if ((quoted & (Q_DOUBLE_QUOTES|Q_HERE_DOCUMENT)) || (quoted_state == WHOLLY_QUOTED))
+ tword->flags |= W_QUOTED;
+ if (word->flags & W_ASSIGNMENT)
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 13
++#define PATCHLEVEL 14
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-015
+
+Bug-Reported-by: Clark Wang <dearvoid@gmail.com>
+Bug-Reference-ID: <CADv8-og2TOSoabXeNVXVGaXN3tEMHnYVq1rwOLe5meaRPSGRig@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00095.html
+
+Bug-Description:
+
+When completing directory names, the directory name is dequoted twice.
+This causes problems for directories with single and double quotes in
+their names.
+
+Patch (apply with `patch -p0'):
+--- a/bashline.c
++++ b/bashline.c
+@@ -4167,9 +4167,16 @@ bash_directory_completion_matches (text)
+ int qc;
+
+ qc = rl_dispatching ? rl_completion_quote_character : 0;
+- dfn = bash_dequote_filename ((char *)text, qc);
++ /* If rl_completion_found_quote != 0, rl_completion_matches will call the
++ filename dequoting function, causing the directory name to be dequoted
++ twice. */
++ if (rl_dispatching && rl_completion_found_quote == 0)
++ dfn = bash_dequote_filename ((char *)text, qc);
++ else
++ dfn = (char *)text;
+ m1 = rl_completion_matches (dfn, rl_filename_completion_function);
+- free (dfn);
++ if (dfn != text)
++ free (dfn);
+
+ if (m1 == 0 || m1[0] == 0)
+ return m1;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 14
++#define PATCHLEVEL 15
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-016
+
+Bug-Reported-by: Pierre Gaston <pierre.gaston@gmail.com>
+Bug-Reference-ID: <CAPSX3sTCD61k1VQLJ5r-LWzEt+e7Xc-fxXmwn2u8EA5gJJej8Q@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00100.html
+
+Bug-Description:
+
+An extended glob pattern containing a slash (`/') causes the globbing code
+to misinterpret it as a directory separator.
+
+Patch (apply with `patch -p0'):
+--- a/lib/glob/glob.c
++++ b/lib/glob/glob.c
+@@ -123,6 +123,8 @@ static char **glob_dir_to_array __P((cha
+ extern char *glob_patscan __P((char *, char *, int));
+ extern wchar_t *glob_patscan_wc __P((wchar_t *, wchar_t *, int));
+
++extern char *glob_dirscan __P((char *, int));
++
+ /* Compile `glob_loop.c' for single-byte characters. */
+ #define CHAR unsigned char
+ #define INT int
+@@ -187,6 +189,9 @@ extglob_skipname (pat, dname, flags)
+ se = pp + strlen (pp) - 1; /* end of string */
+ pe = glob_patscan (pp, se, 0); /* end of extglob pattern (( */
+ /* we should check for invalid extglob pattern here */
++ if (pe == 0)
++ return 0;
++
+ /* if pe != se we have more of the pattern at the end of the extglob
+ pattern. Check the easy case first ( */
+ if (pe == se && *pe == ')' && (t = strchr (pp, '|')) == 0)
+@@ -1015,7 +1020,7 @@ glob_filename (pathname, flags)
+ {
+ char **result;
+ unsigned int result_size;
+- char *directory_name, *filename, *dname;
++ char *directory_name, *filename, *dname, *fn;
+ unsigned int directory_len;
+ int free_dirname; /* flag */
+ int dflags;
+@@ -1031,6 +1036,18 @@ glob_filename (pathname, flags)
+
+ /* Find the filename. */
+ filename = strrchr (pathname, '/');
++#if defined (EXTENDED_GLOB)
++ if (filename && extended_glob)
++ {
++ fn = glob_dirscan (pathname, '/');
++#if DEBUG_MATCHING
++ if (fn != filename)
++ fprintf (stderr, "glob_filename: glob_dirscan: fn (%s) != filename (%s)\n", fn ? fn : "(null)", filename);
++#endif
++ filename = fn;
++ }
++#endif
++
+ if (filename == NULL)
+ {
+ filename = pathname;
+--- a/lib/glob/gmisc.c
++++ b/lib/glob/gmisc.c
+@@ -42,6 +42,8 @@
+ #define WLPAREN L'('
+ #define WRPAREN L')'
+
++extern char *glob_patscan __P((char *, char *, int));
++
+ /* Return 1 of the first character of WSTRING could match the first
+ character of pattern WPAT. Wide character version. */
+ int
+@@ -375,3 +377,34 @@ bad_bracket:
+
+ return matlen;
+ }
++
++/* Skip characters in PAT and return the final occurrence of DIRSEP. This
++ is only called when extended_glob is set, so we have to skip over extglob
++ patterns x(...) */
++char *
++glob_dirscan (pat, dirsep)
++ char *pat;
++ int dirsep;
++{
++ char *p, *d, *pe, *se;
++
++ d = pe = se = 0;
++ for (p = pat; p && *p; p++)
++ {
++ if (extglob_pattern_p (p))
++ {
++ if (se == 0)
++ se = p + strlen (p) - 1;
++ pe = glob_patscan (p + 2, se, 0);
++ if (pe == 0)
++ continue;
++ else if (*pe == 0)
++ break;
++ p = pe - 1; /* will do increment above */
++ continue;
++ }
++ if (*p == dirsep)
++ d = p;
++ }
++ return d;
++}
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 15
++#define PATCHLEVEL 16
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-017
+
+Bug-Reported-by: Dan Douglas <ormaaj@gmail.com>
+Bug-Reference-ID: <7781746.RhfoTROLxF@smorgbox>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-05/msg00026.html
+
+Bug-Description:
+
+The code that creates local variables should not clear the `invisible'
+attribute when returning an existing local variable. Let the code that
+actually assigns a value clear it.
+
+Patch (apply with `patch -p0'):
+--- a/variables.c
++++ b/variables.c
+@@ -2197,10 +2197,7 @@ make_local_variable (name)
+ /* local foo; local foo; is a no-op. */
+ old_var = find_variable (name);
+ if (old_var && local_p (old_var) && old_var->context == variable_context)
+- {
+- VUNSETATTR (old_var, att_invisible); /* XXX */
+- return (old_var);
+- }
++ return (old_var);
+
+ was_tmpvar = old_var && tempvar_p (old_var);
+ /* If we're making a local variable in a shell function, the temporary env
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 16
++#define PATCHLEVEL 17
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-018
+
+Bug-Reported-by: Geir Hauge <geir.hauge@gmail.com>
+Bug-Reference-ID: <CAO-BiTLOvfPXDypg61jcBausADrxUKJejakV2WTWP26cW0=rgA@mail.gmail.com>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-05/msg00040.html
+
+Bug-Description:
+
+When assigning an array variable using the compound assignment syntax,
+but using `declare' with the rhs of the compound assignment quoted, the
+shell did not mark the variable as visible after successfully performing
+the assignment.
+
+Patch (apply with `patch -p0'):
+--- a/arrayfunc.c
++++ b/arrayfunc.c
+@@ -179,6 +179,7 @@ bind_array_var_internal (entry, ind, key
+ array_insert (array_cell (entry), ind, newval);
+ FREE (newval);
+
++ VUNSETATTR (entry, att_invisible); /* no longer invisible */
+ return (entry);
+ }
+
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 17
++#define PATCHLEVEL 18
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-019
+
+Bug-Reported-by: John Lenton
+Bug-Reference-ID:
+Bug-Reference-URL: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1317476
+
+Bug-Description:
+
+The -t timeout option to `read' does not work when the -e option is used.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/readline/input.c
++++ b/lib/readline/input.c
+@@ -534,8 +534,16 @@ rl_getc (stream)
+ return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF);
+ else if (_rl_caught_signal == SIGHUP || _rl_caught_signal == SIGTERM)
+ return (RL_ISSTATE (RL_STATE_READCMD) ? READERR : EOF);
++ /* keyboard-generated signals of interest */
+ else if (_rl_caught_signal == SIGINT || _rl_caught_signal == SIGQUIT)
+ RL_CHECK_SIGNALS ();
++ /* non-keyboard-generated signals of interest */
++ else if (_rl_caught_signal == SIGALRM
++#if defined (SIGVTALRM)
++ || _rl_caught_signal == SIGVTALRM
++#endif
++ )
++ RL_CHECK_SIGNALS ();
+
+ if (rl_signal_event_hook)
+ (*rl_signal_event_hook) ();
+--- a/builtins/read.def
++++ b/builtins/read.def
+@@ -442,7 +442,10 @@ read_builtin (list)
+ add_unwind_protect (reset_alarm, (char *)NULL);
+ #if defined (READLINE)
+ if (edit)
+- add_unwind_protect (reset_attempted_completion_function, (char *)NULL);
++ {
++ add_unwind_protect (reset_attempted_completion_function, (char *)NULL);
++ add_unwind_protect (bashline_reset_event_hook, (char *)NULL);
++ }
+ #endif
+ falarm (tmsec, tmusec);
+ }
+@@ -1021,6 +1024,7 @@ edit_line (p, itext)
+
+ old_attempted_completion_function = rl_attempted_completion_function;
+ rl_attempted_completion_function = (rl_completion_func_t *)NULL;
++ bashline_set_event_hook ();
+ if (itext)
+ {
+ old_startup_hook = rl_startup_hook;
+@@ -1032,6 +1036,7 @@ edit_line (p, itext)
+
+ rl_attempted_completion_function = old_attempted_completion_function;
+ old_attempted_completion_function = (rl_completion_func_t *)NULL;
++ bashline_reset_event_hook ();
+
+ if (ret == 0)
+ return ret;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 18
++#define PATCHLEVEL 19
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-020
+
+Bug-Reported-by: Jared Yanovich <slovichon@gmail.com>
+Bug-Reference-ID: <20140417073654.GB26875@nightderanger.psc.edu>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-04/msg00065.html
+
+Bug-Description:
+
+When PS2 contains a command substitution, here-documents entered in an
+interactive shell can sometimes cause a segmentation fault.
+
+Patch (apply with `patch -p0'):
+
+--- a/shell.h
++++ b/shell.h
+@@ -168,7 +168,8 @@ typedef struct _sh_parser_state_t {
+ /* flags state affecting the parser */
+ int expand_aliases;
+ int echo_input_at_read;
+-
++ int need_here_doc;
++
+ } sh_parser_state_t;
+
+ typedef struct _sh_input_line_state_t {
+--- a/parse.y
++++ b/parse.y
+@@ -2642,7 +2642,7 @@ gather_here_documents ()
+ int r;
+
+ r = 0;
+- while (need_here_doc)
++ while (need_here_doc > 0)
+ {
+ parser_state |= PST_HEREDOC;
+ make_here_document (redir_stack[r++], line_number);
+@@ -6075,6 +6075,7 @@ save_parser_state (ps)
+
+ ps->expand_aliases = expand_aliases;
+ ps->echo_input_at_read = echo_input_at_read;
++ ps->need_here_doc = need_here_doc;
+
+ ps->token = token;
+ ps->token_buffer_size = token_buffer_size;
+@@ -6123,6 +6124,7 @@ restore_parser_state (ps)
+
+ expand_aliases = ps->expand_aliases;
+ echo_input_at_read = ps->echo_input_at_read;
++ need_here_doc = ps->need_here_doc;
+
+ FREE (token);
+ token = ps->token;
+--- a/y.tab.c
++++ b/y.tab.c
+@@ -4954,7 +4954,7 @@ gather_here_documents ()
+ int r;
+
+ r = 0;
+- while (need_here_doc)
++ while (need_here_doc > 0)
+ {
+ parser_state |= PST_HEREDOC;
+ make_here_document (redir_stack[r++], line_number);
+@@ -8387,6 +8387,7 @@ save_parser_state (ps)
+
+ ps->expand_aliases = expand_aliases;
+ ps->echo_input_at_read = echo_input_at_read;
++ ps->need_here_doc = need_here_doc;
+
+ ps->token = token;
+ ps->token_buffer_size = token_buffer_size;
+@@ -8435,6 +8436,7 @@ restore_parser_state (ps)
+
+ expand_aliases = ps->expand_aliases;
+ echo_input_at_read = ps->echo_input_at_read;
++ need_here_doc = ps->need_here_doc;
+
+ FREE (token);
+ token = ps->token;
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 19
++#define PATCHLEVEL 20
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-021
+
+Bug-Reported-by: Jared Yanovich <slovichon@gmail.com>
+Bug-Reference-ID: <20140625225019.GJ17044@nightderanger.psc.edu>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00070.html
+
+Bug-Description:
+
+When the readline `revert-all-at-newline' option is set, pressing newline
+when the current line is one retrieved from history results in a double free
+and a segmentation fault.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/readline/misc.c
++++ b/lib/readline/misc.c
+@@ -461,6 +461,7 @@ _rl_revert_all_lines ()
+ saved_undo_list = 0;
+ /* Set up rl_line_buffer and other variables from history entry */
+ rl_replace_from_history (entry, 0); /* entry->line is now current */
++ entry->data = 0; /* entry->data is now current undo list */
+ /* Undo all changes to this history entry */
+ while (rl_undo_list)
+ rl_do_undo ();
+@@ -468,7 +469,6 @@ _rl_revert_all_lines ()
+ the timestamp. */
+ FREE (entry->line);
+ entry->line = savestring (rl_line_buffer);
+- entry->data = 0;
+ }
+ entry = previous_history ();
+ }
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 20
++#define PATCHLEVEL 21
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.3
+Patch-ID: bash43-022
+
+Bug-Reported-by: scorp.dev.null@gmail.com
+Bug-Reference-ID: <E1WxXw8-0007iE-Bi@pcm14>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-06/msg00061.html
+
+Bug-Description:
+
+Using nested pipelines within loops with the `lastpipe' option set can result
+in a segmentation fault.
+
+Patch (apply with `patch -p0'):
+
+--- a/execute_cmd.c
++++ b/execute_cmd.c
+@@ -2413,7 +2413,16 @@ execute_pipeline (command, asynchronous,
+ #endif
+ lstdin = wait_for (lastpid);
+ #if defined (JOB_CONTROL)
+- exec_result = job_exit_status (lastpipe_jid);
++ /* If wait_for removes the job from the jobs table, use result of last
++ command as pipeline's exit status as usual. The jobs list can get
++ frozen and unfrozen at inconvenient times if there are multiple pipelines
++ running simultaneously. */
++ if (INVALID_JOB (lastpipe_jid) == 0)
++ exec_result = job_exit_status (lastpipe_jid);
++ else if (pipefail_opt)
++ exec_result = exec_result | lstdin; /* XXX */
++ /* otherwise we use exec_result */
++
+ #endif
+ unfreeze_jobs_list ();
+ }
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh
+ looks for to find the patch level (for the sccs version string). */
+
+-#define PATCHLEVEL 21
++#define PATCHLEVEL 22
+
+ #endif /* _PATCHLEVEL_H_ */