9 files changed, 354 insertions, 4 deletions

diff --git a/Test/B01cd.ztst b/Test/B01cd.ztst
index 3312f8707..21e751dcb 100644
--- a/Test/B01cd.ztst
+++ b/Test/B01cd.ztst
@@ -70,7 +70,7 @@
 # the expected status returned by the code when run, or - if it is
 # irrelevant.  An optional set of single-letter flags follows the status
 # or -.  The following are understood:
-#  . d  Don't diff stdout against the expected stdout.
+#   d   Don't diff stdout against the expected stdout.
 #   D   Don't diff stderr against the expected stderr.
 #   q   All redirection lines given in the test script (not the lines
 #       actually produced by the test) are subject to ordinary quoted shell
@@ -96,8 +96,8 @@
 # itself.  (The example below isn't particularly useful as errors with
 # `cd' are unusual.)
 #
-# A couple of features aren't used in this file, but are usefuil in cases
-# where features may not be available so should not be tested.  They boh
+# A couple of features aren't used in this file, but are useful in cases
+# where features may not be available so should not be tested.  They both
 # take the form of variables.  Note that to keep the test framework simple
 # there is no magic in setting the variables: the chunk of code being
 # executed needs to avoid executing any test code by appropriate structure
@@ -145,6 +145,10 @@ F:something is broken.  But you already knew that.
 1:Implicit cd with unset HOME.
 ?zsh:cd:1: HOME not set
 
+ $ZTST_testdir/../Src/zsh -fc 'cd -P ////dev && pwd'
+-f:(workers/45367) cd -P squashes multiple leading slashes
+>/dev  
+
 %clean
 # This optional section cleans up after the test, if necessary,
 # e.g. killing processes etc.  This is in addition to the removal of *.tmp
diff --git a/Test/B11kill.ztst b/Test/B11kill.ztst
new file mode 100644
index 000000000..dc6bf9b89
--- /dev/null
+++ b/Test/B11kill.ztst
@@ -0,0 +1,86 @@
+# Tests for the kill builtin.
+#
+# The exit codes 11 and 19 in this file don't mean anything special; they're
+# just exit codes which are specific enough that the failure of `kill` itself
+# can be differentiated from exiting due to executing a trap.
+
+%test
+
+# Correct invocation
+
+  if zmodload zsh/system &>/dev/null; then
+    (
+      trap 'exit 19' TERM
+      kill $sysparams[pid]
+    )
+  else
+    ZTST_skip='Cannot zmodload zsh/system, skipping kill with no sigspec'
+  fi
+19:kill with no sigspec
+
+
+  if zmodload zsh/system &>/dev/null; then
+    (
+      trap 'exit 11' USR1
+      kill -USR1 $sysparams[pid]
+    )
+  else
+    ZTST_skip='Cannot zmodload zsh/system, skipping kill with sigspec'
+  fi
+11:kill with sigspec
+
+# Incorrect invocation
+
+  (
+    kill a b c
+  )
+3:kill with multiple wrong inputs should increment status
+?(eval):kill:2: illegal pid: a
+?(eval):kill:2: illegal pid: b
+?(eval):kill:2: illegal pid: c
+
+  (
+    kill -INT a b c
+  )
+3:kill with sigspec and wrong inputs should increment status
+?(eval):kill:2: illegal pid: a
+?(eval):kill:2: illegal pid: b
+?(eval):kill:2: illegal pid: c
+
+  (
+    kill
+  )
+1:kill with no arguments
+?(eval):kill:2: not enough arguments
+
+  (
+    kill -INT
+  )
+1:kill with sigspec only
+?(eval):kill:2: not enough arguments
+
+# Regression tests: `kill ''` should not result in `kill 0`.
+#
+# We use SIGURG where an explicit sigspec can be provided as:
+#
+# 1. By default it's non-terminal, so even if we regress, we won't kill the
+#    test runner and other processes in the process group since we'll stop
+#    running this test before we get to the plain kill (and thus SIGTERM)
+#    cases;
+# 2. It's also unlikely to be sent for any other reason during the process
+#    lifetime, so the test shouldn't be flaky.
+
+  (
+    trap 'exit 11' URG
+    kill -URG ''
+  )
+1:kill with empty pid and sigspec should not send signal to current process group
+?(eval):kill:3: illegal pid: 
+
+  (
+    trap 'exit 19' TERM
+    kill ''
+  )
+1:Plain kill with empty pid should not send signal to current process group
+?(eval):kill:3: illegal pid: 
+
diff --git a/Test/B12limit.ztst b/Test/B12limit.ztst
new file mode 100644
index 000000000..5dd7afdbe
--- /dev/null
+++ b/Test/B12limit.ztst
@@ -0,0 +1,10 @@
+# check if there is unknown resouce(s)
+
+%test
+
+ limit | grep UNKNOWN || print OK
+0:Check if there is unknown resouce(s) in the system
+>OK
+F:A failure here does not indicate any error in zsh. It just means there
+F:is a resource in your system that is unknown to zsh developers. Please
+F:report this to zsh-workers mailing list.
diff --git a/Test/C03traps.ztst b/Test/C03traps.ztst
index e661aabd5..6f84e5db2 100644
--- a/Test/C03traps.ztst
+++ b/Test/C03traps.ztst
@@ -500,6 +500,15 @@
 >Succeed 2
 >Succeed 3
 
+  (set -e
+   if false; then
+   else
+       a=$(false)
+       print This should not appear
+   fi
+  )
+1:ERREXIT is triggered in an else block after a cmd subst returning false
+
   fn() {
     emulate -L zsh
     setopt errreturn
diff --git a/Test/D02glob.ztst b/Test/D02glob.ztst
index 7fd22d795..4e6dc2a7a 100644
--- a/Test/D02glob.ztst
+++ b/Test/D02glob.ztst
@@ -753,6 +753,10 @@
 0:non-directories not globbed as directories
 >glob.tmp/not-a-directory ,
 
+ () { echo $1:P } ////dev
+-f:(workers/45367) modifier ':P' squashes multiple slashes
+>/dev  
+
 %clean
 
  # Fix unreadable-directory permissions so ztst can clean up properly
diff --git a/Test/E01options.ztst b/Test/E01options.ztst
index c4b101bdb..cfe2c75cc 100644
--- a/Test/E01options.ztst
+++ b/Test/E01options.ztst
@@ -74,7 +74,6 @@
 #    HASH_LIST_ALL )
 #    PRINT_EXIT_STATUS   haven't worked out what this does yet, although
 #                        Bart suggested a fix.
-#    PRIVILEGED (similar to GLOBAL_RCS)
 #    RCS        (  "      "    "    " )
 #    SH_OPTION_LETTERS   even I found this too dull to set up a test for
 #    SINGLE_COMMAND      kills shell
@@ -95,6 +94,15 @@
 
 %test
 
+  # setopt should move on to the next operation in the face of an error, but
+  # preserve the >0 return code
+  unsetopt aliases
+  setopt not_a_real_option aliases && return 2
+  print -r - $options[aliases]
+0:setopt error handling
+?(eval):setopt:4: no such option: not_a_real_option
+>on
+
   alias echo='print foo'
   unsetopt aliases
   # use eval else aliases are all parsed at start
@@ -1391,3 +1399,18 @@ F:Regression test for workers/41811
 ?(anon):4: `break' active at end of function scope
 ?(anon):4: `break' active at end of function scope
 ?(anon):4: `break' active at end of function scope
+
+# There are further tests for PRIVILEGED in P01privileged.ztst.
+ if [[ -o privileged ]]; then
+   unsetopt privileged
+ fi
+ unsetopt privileged
+0:PRIVILEGED sanity check: unsetting is idempotent
+F:If this test fails at the first unsetopt, refer to P01privileged.ztst.
+
+  if [[ -o privileged ]]; then
+    (( UID != EUID ))
+  else
+    (( UID == EUID ))
+  fi
+0:PRIVILEGED sanity check: default value is correct
diff --git a/Test/P01privileged.ztst b/Test/P01privileged.ztst
new file mode 100644
index 000000000..c54112bb6
--- /dev/null
+++ b/Test/P01privileged.ztst
@@ -0,0 +1,197 @@
+# This file contains tests related to the PRIVILEGED option. In order to run,
+# it requires that the test process itself have super-user privileges (or that
+# one of the environment variables described below be set). This can be achieved
+# via, e.g., `sudo make check TESTNUM=P`.
+#
+# Optionally, the environment variables ZSH_TEST_UNPRIVILEGED_UID and/or
+# ZSH_TEST_UNPRIVILEGED_GID may be set to UID:EUID or GID:EGID pairs, where the
+# two IDs in each pair are different, non-0 IDs valid on the system being used
+# to run the tests. (The UIDs must both be non-0 to effectively test downgrading
+# of privileges, and they must be non-matching to test auto-enabling of
+# PRIVILEGED and to ensure that disabling PRIVILEGED correctly resets the saved
+# UID. Technically GID 0 is not special, but for simplicity's sake we apply the
+# same requirements here.)
+#
+# If either of the aforementioned environment variables is not set, the test
+# script will try to pick the first two >0 IDs from the passwd/group databases
+# on the current system.
+#
+# If either variable is set, the tests will run, but they will likely fail
+# without super-user privileges.
+
+%prep
+
+  # Mind your empty lines here. The logic in this %prep section is somewhat
+  # complex compared to most others; to avoid lots of nested/duplicated
+  # conditions we need to make sure that this all gets executed as a single
+  # function from which we can return early
+  [[ $EUID == 0 || -n $ZSH_TEST_UNPRIVILEGED_UID$ZSH_TEST_UNPRIVILEGED_GID ]] || {
+    ZTST_unimplemented='PRIVILEGED tests require super-user privileges (or env var)'
+    return 1
+  }
+  (( $+commands[perl] )) || { # @todo Eliminate this dependency with a C wrapper?
+    ZTST_unimplemented='PRIVILEGED tests require Perl'
+    return 1
+  }
+  grep -qE '#define HAVE_SETRES?UID' $ZTST_testdir/../config.h || {
+    ZTST_unimplemented='PRIVILEGED tests require setreuid()/setresuid()'
+    return 1
+  }
+  #
+  ruid= euid= rgid= egid=
+  #
+  if [[ -n $ZSH_TEST_UNPRIVILEGED_UID ]]; then
+    ruid=${ZSH_TEST_UNPRIVILEGED_UID%%:*}
+    euid=${ZSH_TEST_UNPRIVILEGED_UID##*:}
+  else
+    print -ru$ZTST_fd 'Selecting unprivileged UID:EUID pair automatically'
+    local tmp=$( getent passwd 2> /dev/null || < /etc/passwd )
+    # Note: Some awks require -v and its argument to be separate
+    ruid=$( awk -F:            '$3 > 0 { print $3; exit; }' <<< $tmp )
+    euid=$( awk -F: -v u=$ruid '$3 > u { print $3; exit; }' <<< $tmp )
+  fi
+  #
+  if [[ -n $ZSH_TEST_UNPRIVILEGED_GID ]]; then
+    rgid=${ZSH_TEST_UNPRIVILEGED_GID%%:*}
+    egid=${ZSH_TEST_UNPRIVILEGED_GID##*:}
+  else
+    print -ru$ZTST_fd 'Selecting unprivileged GID:EGID pair automatically'
+    local tmp=$( getent group 2> /dev/null || < /etc/group )
+    # Note: Some awks require -v and its argument to be separate
+    rgid=$( awk -F:            '$3 > 0 { print $3; exit; }' <<< $tmp )
+    egid=$( awk -F: -v g=$rgid '$3 > g { print $3; exit; }' <<< $tmp )
+  fi
+  #
+  [[ $ruid/$euid == <1->/<1-> && $ruid != $euid ]] || ruid= euid=
+  [[ $rgid/$egid == <1->/<1-> && $rgid != $egid ]] || rgid= egid=
+  #
+  [[ -n $ruid && -n $euid ]] || {
+    ZTST_unimplemented='PRIVILEGED tests require unprivileged UID:EUID'
+    return 1
+  }
+  [[ -n $rgid || -n $egid ]] || {
+    ZTST_unimplemented='PRIVILEGED tests require unprivileged GID:EGID'
+    return 1
+  }
+  #
+  print -ru$ZTST_fd \
+    "Using unprivileged UID $ruid, EUID $euid, GID $rgid, EGID $egid"
+  #
+  # Execute process with specified UID and EUID
+  # $1     => Real UID
+  # $2     => Effective UID
+  # $3     => Real GID
+  # $4     => Effective GID
+  # $5 ... => Command + args to execute (must NOT be a shell command string)
+  re_exec() {
+    perl -e '
+      die("re_exec: not enough arguments") unless (@ARGV >= 5);
+      my ($ruid, $euid, $rgid, $egid, @cmd) = @ARGV;
+      foreach my $id ($ruid, $euid, $rgid, $egid) {
+        die("re_exec: invalid ID: $id") unless ($id =~ /^(-1|\d+)$/a);
+      }
+      $< = 0 + $ruid if ($ruid >= 0);
+      $> = 0 + $euid if ($euid >= 0);
+      $( = 0 + $rgid if ($rgid >= 0);
+      $) = 0 + $egid if ($egid >= 0);
+      exec(@cmd);
+      die("re_exec: exec failed: $!");
+    ' -- "$@"
+  }
+  #
+  # Convenience wrapper for re_exec to call `zsh -c`
+  # -* ... => (optional) Command-line options to zsh
+  # $1     => Real UID
+  # $2     => Effective UID
+  # $3     => Real GID
+  # $4     => Effective GID
+  # $5 ... => zsh command string; multiple strings are joined by \n
+  re_zsh() {
+    local -a opts
+    while [[ $1 == -[A-Za-z-]* ]]; do
+      opts+=( $1 )
+      shift
+    done
+    re_exec "$1" "$2" "$3" "$4" $ZTST_exe $opts -fc \
+      "MODULE_PATH=${(q)MODULE_PATH}; ${(F)@[5,-1]}"
+  }
+  #
+  # Return one or more random unused UIDs
+  # $1 ... => Names of parameters to store UIDs in
+  get_unused_uid() {
+    while (( $# )); do
+      local i_=0 uid_=
+      until [[ -n $uid_ ]]; do
+        (( ++i_ > 99 )) && return 1
+        uid_=$RANDOM
+        id $uid_ &> /dev/null || break
+        uid_=
+      done
+      : ${(P)1::=$uid_}
+      shift
+    done
+  }
+
+%test
+
+  re_zsh $ruid $ruid -1 -1 'echo $UID/$EUID $options[privileged]'
+  re_zsh $euid $euid -1 -1 'echo $UID/$EUID $options[privileged]'
+  re_zsh $ruid $euid -1 -1 'echo $UID/$EUID $options[privileged]'
+0q:PRIVILEGED automatically enabled when RUID != EUID
+>$ruid/$ruid off
+>$euid/$euid off
+>$ruid/$euid on
+
+  re_zsh -1 -1 $rgid $rgid 'echo $GID/$EGID $options[privileged]'
+  re_zsh -1 -1 $egid $egid 'echo $GID/$EGID $options[privileged]'
+  re_zsh -1 -1 $rgid $egid 'echo $GID/$EGID $options[privileged]'
+0q:PRIVILEGED automatically enabled when RGID != EGID
+>$rgid/$rgid off
+>$egid/$egid off
+>$rgid/$egid on
+
+  re_zsh $ruid $euid -1 -1 'unsetopt privileged; echo $UID/$EUID'
+0q:EUID set to RUID after disabling PRIVILEGED
+*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed *
+*?zsh:unsetopt:1: can't change option: privileged
+>$ruid/$ruid
+
+  re_zsh 0 $euid -1 -1 'unsetopt privileged && echo $UID/$EUID'
+0:RUID/EUID set to 0/0 when privileged after disabling PRIVILEGED
+>0/0
+
+  re_zsh $ruid $euid -1 -1 "unsetopt privileged; UID=$euid" ||
+  re_zsh $ruid $euid -1 -1 "unsetopt privileged; EUID=$euid"
+1:not possible to regain EUID when unprivileged after disabling PRIVILEGED
+*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed *
+*?zsh:unsetopt:1: can't change option: privileged
+*?zsh:1: failed to change user ID: *
+*?zsh:unsetopt:1: PRIVILEGED: supplementary group list not changed *
+*?zsh:unsetopt:1: can't change option: privileged
+*?zsh:1: failed to change effective user ID: *
+
+  re_zsh -1 -1 $rgid $egid 'unsetopt privileged && echo $GID/$EGID'
+0q:EGID set to RGID after disabling PRIVILEGED
+>$rgid/$rgid
+
+# This test also confirms that we can't revert to the original EUID's primary
+# GID, which initgroups() may reset the EGID to on some systems
+  re_zsh $ruid 0 $rgid 0 'unsetopt privileged; GID=0' ||
+  re_zsh $ruid 0 $rgid 0 'unsetopt privileged; EGID=0'
+1:not possible to regain EGID when unprivileged after disabling PRIVILEGED
+*?zsh:1: failed to change group ID: *
+*?zsh:1: failed to change effective group ID: *
+
+  local rruid
+  grep -qF '#define HAVE_INITGROUPS' $ZTST_testdir/../config.h || {
+    ZTST_skip='initgroups() not available'
+    return 1
+  }
+  get_unused_uid rruid || {
+    ZTST_skip="Can't get unused UID"
+    return 1
+  }
+  re_zsh $rruid 0 -1 -1 'unsetopt privileged'
+1:getpwuid() fails with non-existent RUID and 0 EUID
+*?zsh:unsetopt:1: can't drop privileges; failed to get user information *
+*?zsh:unsetopt:1: can't change option: privileged
diff --git a/Test/README b/Test/README
index d012277ce..726d68e72 100644
--- a/Test/README
+++ b/Test/README
@@ -6,6 +6,7 @@ scripts names:
  C: shell commands with special syntax
  D: substititution
  E: options
+ P: privileged (needs super-user privileges)
  V: modules
  W: builtin interactive commands and constructs
  X: line editing
diff --git a/Test/V01zmodload.ztst b/Test/V01zmodload.ztst
index 339df7436..c3c64a79d 100644
--- a/Test/V01zmodload.ztst
+++ b/Test/V01zmodload.ztst
@@ -389,6 +389,22 @@
 0:unloading a module doesn't implicitly unset autoloadable parameters
 *>(on|off) *
 
+ $ZTST_testdir/../Src/zsh -fc "
+  MODULE_PATH=${(q)MODULE_PATH}
+  #
+  zmodload zsh/zutil
+  zmodload -Fal zsh/zutil | grep parse
+  zmodload -u zsh/zutil
+  #
+  zmodload -Fa zsh/zutil -b:zregexparse
+  zmodload zsh/zutil
+  zmodload -Fal zsh/zutil | grep parse >&2
+ "
+0:zmodload -Fa can disable features from being loaded
+>b:zparseopts
+>b:zregexparse
+?b:zparseopts
+
 %clean
 
  eval "$deps"