8 files changed, 146 insertions, 100 deletions
diff --git a/library/dde/pkgIndex.tcl b/library/dde/pkgIndex.tcl
index 9e62ac8..ce8276b 100644
--- a/library/dde/pkgIndex.tcl
+++ b/library/dde/pkgIndex.tcl
@@ -1,7 +1,7 @@
-if {![package vsatisfies [package provide Tcl] 8.5]} return
-if {[string compare [info sharedlibextension] .dll]} return
+if {([info commands ::tcl::pkgconfig] eq "")
+	|| ([info sharedlibextension] ne ".dll")} return
 if {[::tcl::pkgconfig get debug]} {
-    package ifneeded dde 1.3.2 [list load [file join $dir tcldde13g.dll] dde]
+    package ifneeded dde 1.4.0b1 [list load [file join $dir tcldde14g.dll] dde]
 } else {
-    package ifneeded dde 1.3.2 [list load [file join $dir tcldde13.dll] dde]
+    package ifneeded dde 1.4.0b1 [list load [file join $dir tcldde14.dll] dde]
 }
diff --git a/library/http/http.tcl b/library/http/http.tcl
index b5ce82b..2653c3e 100644
--- a/library/http/http.tcl
+++ b/library/http/http.tcl
@@ -419,7 +419,6 @@ proc http::geturl {url args} {
     # Note that the RE actually combines the user and password parts, as
     # recommended in RFC 3986. Indeed, that RFC states that putting passwords
     # in URLs is a Really Bad Idea, something with which I would agree utterly.
-    # Also note that we do not currently support IPv6 addresses.
     #
     # From a validation perspective, we need to ensure that the parts of the
     # URL that are going to the server are correctly encoded.  This is only
@@ -434,7 +433,10 @@ proc http::geturl {url args} {
 		    [^@/\#?]+		# <userinfo part of authority>
 		) @
 	    )?
-	    ( [^/:\#?]+ )		# <host part of authority>
+	    (				# <host part of authority>
+		[^/:\#?]+ |		# host name or IPv4 address
+		\[ [^/\#?]+ \]		# IPv6 address in square brackets
+	    )
 	    (?: : (\d+) )?		# <port part of authority>
 	)?
 	( / [^\#]*)?			# <path> (including query)
@@ -448,6 +450,7 @@ proc http::geturl {url args} {
 	return -code error "Unsupported URL: $url"
     }
     # Phase two: validate
+    set host [string trim $host {[]}]; # strip square brackets from IPv6 address
     if {$host eq ""} {
 	# Caller has to provide a host name; we do not have a "default host"
 	# that would enable us to handle relative URLs.
diff --git a/library/init.tcl b/library/init.tcl
index 685fc7b..d8de540 100644
--- a/library/init.tcl
+++ b/library/init.tcl
@@ -651,7 +651,7 @@ proc auto_execok name {
 	set execExtensions [list {} .com .exe .bat .cmd]
     }
 
-    if {$name in $shellBuiltins} {
+    if {[string tolower $name] in $shellBuiltins} {
 	# When this is command.com for some reason on Win2K, Tcl won't
 	# exec it unless the case is right, which this corrects.  COMSPEC
 	# may not point to a real file, so do the check.
diff --git a/library/msgcat/msgcat.tcl b/library/msgcat/msgcat.tcl
index 369ed52..3377b47 100644
--- a/library/msgcat/msgcat.tcl
+++ b/library/msgcat/msgcat.tcl
@@ -13,7 +13,7 @@
 package require Tcl 8.5
 # When the version number changes, be sure to update the pkgIndex.tcl file,
 # and the installation directory in the Makefiles.
-package provide msgcat 1.4.4
+package provide msgcat 1.4.5
 
 namespace eval msgcat {
     namespace export mc mcload mclocale mcmax mcmset mcpreferences mcset \
@@ -32,7 +32,7 @@ namespace eval msgcat {
     variable Msgs [dict create]
 
     # Map of language codes used in Windows registry to those of ISO-639
-    if { $::tcl_platform(platform) eq "windows" } {
+    if {[info sharedlibextension] eq ".dll"} {
 	variable WinRegToISO639 [dict create  {*}{
 	    01 ar 0401 ar_SA 0801 ar_IQ 0c01 ar_EG 1001 ar_LY 1401 ar_DZ
 		  1801 ar_MA 1c01 ar_TN 2001 ar_OM 2401 ar_YE 2801 ar_SY
@@ -66,8 +66,8 @@ namespace eval msgcat {
 	    15 pl 0415 pl_PL
 	    16 pt 0416 pt_BR 0816 pt_PT
 	    17 rm 0417 rm_CH
-	    18 ro 0418 ro_RO
-	    19 ru
+	    18 ro 0418 ro_RO 0818 ro_MO
+	    19 ru 0819 ru_MO
 	    1a hr 041a hr_HR 081a sr_YU 0c1a sr_YU@cyrillic
 	    1b sk 041b sk_SK
 	    1c sq 041c sq_AL
@@ -92,6 +92,7 @@ namespace eval msgcat {
 	    2f mk 042f mk_MK
 	    30 bnt 0430 bnt_TZ
 	    31 ts 0431 ts_ZA
+	    32 tn
 	    33 ven 0433 ven_ZA
 	    34 xh 0434 xh_ZA
 	    35 zu 0435 zu_ZA
@@ -341,7 +342,7 @@ proc msgcat::mcmset {locale pairs } {
     set ns [uplevel 1 [list ::namespace current]]
 
     foreach {src dest} $pairs {
-        dict set Msgs $locale $ns $src $dest
+	dict set Msgs $locale $ns $src $dest
     }
 
     return $length
@@ -387,10 +388,10 @@ proc msgcat::mcmax {args} {
     set max 0
     foreach string $args {
 	set translated [uplevel 1 [list [namespace origin mc] $string]]
-        set len [string length $translated]
-        if {$len>$max} {
+	set len [string length $translated]
+	if {$len>$max} {
 	    set max $len
-        }
+	}
     }
     return $max
 }
@@ -426,7 +427,7 @@ proc msgcat::ConvertLocale {value} {
 
 # Initialize the default locale
 proc msgcat::Init {} {
-    global env tcl_platform
+    global env
 
     #
     # set default locale, try to get from environment
@@ -451,23 +452,52 @@ proc msgcat::Init {} {
 	}
     }
     #
-    # The rest of this routine is special processing for Windows;
-    # all other platforms, get out now.
+    # The rest of this routine is special processing for Windows or
+    # Cygwin. All other platforms, get out now.
     #
-    if {$tcl_platform(platform) ne "windows"} {
+    if {([info sharedlibextension] ne ".dll")
+	    || [catch {package require registry}]} {
 	mclocale C
 	return
     }
     #
-    # On Windows, try to set locale depending on registry settings,
-    # or fall back on locale of "C".
+    # On Windows or Cygwin, try to set locale depending on registry
+    # settings, or fall back on locale of "C".
+    #
+
+    # First check registry value LocalName present from Windows Vista
+    # which contains the local string as RFC5646, composed of:
+    # [a-z]{2,3} : language
+    # -[a-z]{4}  : script (optional, translated by table Latn->latin)
+    # -[a-z]{2}|[0-9]{3} : territory (optional, numerical region codes not used)
+    # (-.*)* : variant, extension, private use (optional, not used)
+    # Those are translated to local strings.
+    # Examples: de-CH -> de_ch, sr-Latn-CS -> sr_cs@latin, es-419 -> es
     #
+    set key {HKEY_CURRENT_USER\Control Panel\International}
+    if {([registry values $key "LocaleName"] ne "")
+	    && [regexp {^([a-z]{2,3})(?:-([a-z]{4}))?(?:-([a-z]{2}))?(?:-.+)?$}\
+	    [string tolower [registry get $key "LocaleName"]] match locale\
+	    script territory]} {
+	if {"" ne $territory} {
+	    append locale _ $territory
+	}
+	set modifierDict [dict create latn latin cyrl cyrillic]
+	if {[dict exists $modifierDict $script]} {
+	    append locale @ [dict get $modifierDict $script]
+	}
+	if {![catch {
+	    mclocale [ConvertLocale $locale]
+	}]} {
+	    return
+	}
+    }
+
+    # then check key locale which contains a numerical language ID
     if {[catch {
-	package require registry
-	set key {HKEY_CURRENT_USER\Control Panel\International}
 	set locale [registry get $key "locale"]
     }]} {
-        mclocale C
+	mclocale C
 	return
     }
     #
diff --git a/library/msgcat/pkgIndex.tcl b/library/msgcat/pkgIndex.tcl
index 17ad5db..60c2d3c 100644
--- a/library/msgcat/pkgIndex.tcl
+++ b/library/msgcat/pkgIndex.tcl
@@ -1,2 +1,2 @@
 if {![package vsatisfies [package provide Tcl] 8.5]} {return}
-package ifneeded msgcat 1.4.4 [list source [file join $dir msgcat.tcl]]
+package ifneeded msgcat 1.4.5 [list source [file join $dir msgcat.tcl]]
diff --git a/library/platform/shell.tcl b/library/platform/shell.tcl
index e0a129a..d37cdcd 100644
--- a/library/platform/shell.tcl
+++ b/library/platform/shell.tcl
@@ -187,7 +187,7 @@ proc ::platform::shell::TEMP {} {
  	    }
  	}
     }
-    if {[string compare $channel ""]} {
+    if {$channel != ""} {
  	return -code error "Failed to open a temporary file: $channel"
     } else {
  	return -code error "Failed to find an unused temporary file name"
diff --git a/library/reg/pkgIndex.tcl b/library/reg/pkgIndex.tcl
index 067425f..55af4b3 100755
--- a/library/reg/pkgIndex.tcl
+++ b/library/reg/pkgIndex.tcl
@@ -1,9 +1,9 @@
-if {![package vsatisfies [package provide Tcl] 8.5]} return
-if {[string compare [info sharedlibextension] .dll]} return
+if {([info commands ::tcl::pkgconfig] eq "")
+	|| ([info sharedlibextension] ne ".dll")} return
 if {[::tcl::pkgconfig get debug]} {
-    package ifneeded registry 1.3 \
+    package ifneeded registry 1.3.0 \
             [list load [file join $dir tclreg13g.dll] registry]
 } else {
-    package ifneeded registry 1.3 \
+    package ifneeded registry 1.3.0 \
             [list load [file join $dir tclreg13.dll] registry]
 }
diff --git a/library/safe.tcl b/library/safe.tcl
index 95db3b2..394aa97 100644
--- a/library/safe.tcl
+++ b/library/safe.tcl
@@ -465,8 +465,19 @@ proc ::safe::InterpInit {
     # This alias lets the slave have access to a subset of the 'file'
     # command functionality.
 
-    AliasSubset $slave file \
-	file  dir.* join root.* ext.* tail path.* split
+    ::interp expose $slave file
+    foreach subcommand {dirname extension rootname tail} {
+	::interp alias $slave ::tcl::file::$subcommand {} \
+	    ::safe::AliasFileSubcommand $slave $subcommand
+    }
+    foreach subcommand {
+	atime attributes copy delete executable exists isdirectory isfile
+	link lstat mtime mkdir nativename normalize owned readable readlink
+	rename size stat tempfile type volumes writable
+    } {
+	::interp alias $slave ::tcl::file::$subcommand {} \
+	    ::safe::BadSubcommand $slave file $subcommand
+    }
 
     # Subcommands of info
     foreach {subcommand alias} {
@@ -483,23 +494,24 @@ proc ::safe::InterpInit {
 
     if {[catch {::interp eval $slave {
 	source [file join $tcl_library init.tcl]
-    }} msg]} {
+    }} msg opt]} {
 	Log $slave "can't source init.tcl ($msg)"
-	return -code error "can't source init.tcl into slave $slave ($msg)"
+	return -options $opt "can't source init.tcl into slave $slave ($msg)"
     }
 
     if {[catch {::interp eval $slave {
 	source [file join $tcl_library tm.tcl]
-    }} msg]} {
+    }} msg opt]} {
 	Log $slave "can't source tm.tcl ($msg)"
-	return -code error "can't source tm.tcl into slave $slave ($msg)"
+	return -options $opt "can't source tm.tcl into slave $slave ($msg)"
     }
 
     # Sync the paths used to search for Tcl modules. This can be done only
     # now, after tm.tcl was loaded.
     namespace upvar ::safe S$slave state
     if {[llength $state(tm_path_slave)] > 0} {
-	::interp eval $slave [list ::tcl::tm::add {*}$state(tm_path_slave)]
+	::interp eval $slave [list \
+		::tcl::tm::add {*}[lreverse $state(tm_path_slave)]]
     }
     return $slave
 }
@@ -664,6 +676,17 @@ proc ::safe::CheckFileName {slave file} {
     }
 }
 
+# AliasFileSubcommand handles selected subcommands of [file] in safe
+# interpreters that are *almost* safe. In particular, it just acts to
+# prevent discovery of what home directories exist.
+
+proc ::safe::AliasFileSubcommand {slave subcommand name} {
+    if {[string match ~* $name]} {
+	set name ./$name
+    }
+    tailcall ::interp invokehidden $slave tcl:file:$subcommand $name
+}
+
 # AliasGlob is the target of the "glob" alias in safe interpreters.
 
 proc ::safe::AliasGlob {slave args} {
@@ -679,9 +702,9 @@ proc ::safe::AliasGlob {slave args} {
     }
 
     if {$::tcl_platform(platform) eq "windows"} {
-	set dirPartRE {^(.*)[\\/]}
+	set dirPartRE {^(.*)[\\/]([^\\/]*)$}
     } else {
-	set dirPartRE {^(.*)/}
+	set dirPartRE {^(.*)/([^/]*)$}
     }
 
     set dir        {}
@@ -734,9 +757,7 @@ proc ::safe::AliasGlob {slave args} {
 	    DirInAccessPath $slave $dir
 	} on error msg {
 	    Log $slave $msg
-	    if {$got(-nocomplain)} {
-		return
-	    }
+	    if {$got(-nocomplain)} return
 	    return -code error "permission denied"
 	}
 	lappend cmd -directory $dir
@@ -749,20 +770,33 @@ proc ::safe::AliasGlob {slave args} {
 
     # Process remaining pattern arguments
     set firstPattern [llength $cmd]
-    while {$at < [llength $args]} {
-	set opt [lindex $args $at]
-	incr at
-	if {[regexp $dirPartRE $opt -> thedir]} {
-	    try {
-		set thedir [file join $virtualdir $thedir]
-		DirInAccessPath $slave [TranslatePath $slave $thedir]
-	    } on error msg {
-		Log $slave $msg
-		if {$got(-nocomplain)} {
-		    continue
+    foreach opt [lrange $args $at end] {
+	if {![regexp $dirPartRE $opt -> thedir thefile]} {
+	    set thedir .
+	} elseif {[string match ~* $thedir]} {
+	    set thedir ./$thedir
+	}
+	if {$thedir eq "*" &&
+		($thefile eq "pkgIndex.tcl" || $thefile eq "*.tm")} {
+	    set mapped 0
+	    foreach d [glob -directory [TranslatePath $slave $virtualdir] \
+			   -types d -tails *] {
+		catch {
+		    DirInAccessPath $slave \
+			[TranslatePath $slave [file join $virtualdir $d]]
+		    lappend cmd [file join $d $thefile]
+		    set mapped 1
 		}
-		return -code error "permission denied"
 	    }
+	    if {$mapped} continue
+	}
+	try {
+	    DirInAccessPath $slave [TranslatePath $slave \
+		    [file join $virtualdir $thedir]]
+	} on error msg {
+	    Log $slave $msg
+	    if {$got(-nocomplain)} continue
+	    return -code error "permission denied"
 	}
 	lappend cmd $opt
     }
@@ -779,7 +813,7 @@ proc ::safe::AliasGlob {slave args} {
 	return -code error "script error"
     }
 
-    Log $slave "GLOB @ $entries" NOTICE
+    Log $slave "GLOB < $entries" NOTICE
 
     # Translate path back to what the slave should see.
     set res {}
@@ -791,7 +825,7 @@ proc ::safe::AliasGlob {slave args} {
 	lappend res $p
     }
 
-    Log $slave "GLOB @ $res" NOTICE
+    Log $slave "GLOB > $res" NOTICE
     return $res
 }
 
@@ -848,6 +882,7 @@ proc ::safe::AliasSource {slave args} {
     # because we want to control [info script] in the slave so information
     # doesn't leak so much. [Bug 2913625]
     set old [::interp eval $slave {info script}]
+    set replacementMsg "script error"
     set code [catch {
 	set f [open $realfile]
 	fconfigure $f -eofchar \032
@@ -857,14 +892,17 @@ proc ::safe::AliasSource {slave args} {
 	set contents [read $f]
 	close $f
 	::interp eval $slave [list info script $file]
-	::interp eval $slave $contents
     } msg opt]
+    if {$code == 0} {
+	set code [catch {::interp eval $slave $contents} msg opt]
+	set replacementMsg $msg
+    }
     catch {interp eval $slave [list info script $old]}
     # Note that all non-errors are fine result codes from [source], so we must
     # take a little care to do it properly. [Bug 2923613]
     if {$code == 1} {
 	Log $slave $msg
-	return -code error "script error"
+	return -code error $replacementMsg
     }
     return -code $code -options $opt $msg
 }
@@ -980,58 +1018,33 @@ proc ::safe::DirInAccessPath {slave dir} {
     }
 }
 
-# This procedure enables access from a safe interpreter to only a subset
-# of the subcommands of a command:
+# This procedure is used to report an attempt to use an unsafe member of an
+# ensemble command.
 
-proc ::safe::Subset {slave command okpat args} {
-    set subcommand [lindex $args 0]
-    if {[regexp $okpat $subcommand]} {
-	return [$command {*}$args]
-    }
+proc ::safe::BadSubcommand {slave command subcommand args} {
     set msg "not allowed to invoke subcommand $subcommand of $command"
     Log $slave $msg
-    return -code error $msg
-}
-
-# This procedure installs an alias in a slave that invokes "safesubset" in
-# the master to execute allowed subcommands. It precomputes the pattern of
-# allowed subcommands; you can use wildcards in the pattern if you wish to
-# allow subcommand abbreviation.
-#
-# Syntax is: AliasSubset slave alias target subcommand1 subcommand2...
-
-proc ::safe::AliasSubset {slave alias target args} {
-    set pat "^([join $args |])\$"
-    ::interp alias $slave $alias {}\
-	[namespace current]::Subset $slave $target $pat
+    return -code error -errorcode {TCL SAFE SUBCOMMAND} $msg
 }
 
 # AliasEncoding is the target of the "encoding" alias in safe interpreters.
 
 proc ::safe::AliasEncoding {slave option args} {
-    # Careful; do not want empty option to get through to the [string equal]
-    if {[regexp {^(name.*|convert.*|)$} $option]} {
-	return [::interp invokehidden $slave encoding $option {*}$args]
-    }
-
-    if {[string equal -length [string length $option] $option "system"]} {
-	if {![llength $args]} {
-	    # passed all the tests , lets source it:
-	    try {
-		return [::interp invokehidden $slave encoding system]
-	    } on error msg {
-		Log $slave $msg
-		return -code error "script error"
-	    }
+    # Note that [encoding dirs] is not supported in safe slaves at all
+    set subcommands {convertfrom convertto names system}
+    try {
+	set option [tcl::prefix match -error [list -level 1 -errorcode \
+		[list TCL LOOKUP INDEX option $option]] $subcommands $option]
+	# Special case: [encoding system] ok, but [encoding system foo] not
+	if {$option eq "system" && [llength $args]} {
+	    return -code error -errorcode {TCL WRONGARGS} \
+		"wrong # args: should be \"encoding system\""
 	}
-	set msg "wrong # args: should be \"encoding system\""
-	set code {TCL WRONGARGS}
-    } else {
-	set msg "bad option \"$option\": must be convertfrom, convertto, names, or system"
-	set code [list TCL LOOKUP INDEX option $option]
+    } on error {msg options} {
+	Log $slave $msg
+	return -options $options $msg
     }
-    Log $slave $msg
-    return -code error -errorcode $code $msg
+    tailcall ::interp invokehidden $slave encoding $option {*}$args
 }
 
 # Various minor hiding of platform features. [Bug 2913625]