--- a/components/bash/patches/bash41-017.patch Fri Jan 27 15:04:39 2017 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
- BASH PATCH REPORT
- =================
-
-Bash-Release: 4.1
-Patch-ID: bash41-017
-
-Bug-Reported-by: Michal Zalewski <[email protected]>
-Bug-Reference-ID:
-Bug-Reference-URL:
-
-Bug-Description:
-
-A combination of nested command substitutions and function importing from
-the environment can cause bash to execute code appearing in the environment
-variable value following the function definition.
-
-Patch (apply with `patch -p0'):
-
-*** ../bash-4.1.16/builtins/evalstring.c 2014-09-16 19:27:38.000000000 -0400
---- builtins/evalstring.c 2014-10-04 15:08:26.000000000 -0400
-***************
-*** 262,271 ****
- struct fd_bitmap *bitmap;
-
-! if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
- {
-! internal_warning ("%s: ignoring function definition attempt", from_file);
-! should_jump_to_top_level = 0;
-! last_result = last_command_exit_value = EX_BADUSAGE;
-! break;
- }
-
---- 262,284 ----
- struct fd_bitmap *bitmap;
-
-! if (flags & SEVAL_FUNCDEF)
- {
-! char *x;
-!
-! /* If the command parses to something other than a straight
-! function definition, or if we have not consumed the entire
-! string, or if the parser has transformed the function
-! name (as parsing will if it begins or ends with shell
-! whitespace, for example), reject the attempt */
-! if (command->type != cm_function_def ||
-! ((x = parser_remaining_input ()) && *x) ||
-! (STREQ (from_file, command->value.Function_def->name->word) == 0))
-! {
-! internal_warning (_("%s: ignoring function definition attempt"), from_file);
-! should_jump_to_top_level = 0;
-! last_result = last_command_exit_value = EX_BADUSAGE;
-! reset_parser ();
-! break;
-! }
- }
-
-***************
-*** 332,336 ****
-
- if (flags & SEVAL_ONECMD)
-! break;
- }
- }
---- 345,352 ----
-
- if (flags & SEVAL_ONECMD)
-! {
-! reset_parser ();
-! break;
-! }
- }
- }
-*** ../bash-4.1.16/parse.y 2014-09-30 19:36:03.000000000 -0400
---- parse.y 2014-10-04 15:08:26.000000000 -0400
-***************
-*** 2410,2413 ****
---- 2410,2423 ----
- }
-
-+ char *
-+ parser_remaining_input ()
-+ {
-+ if (shell_input_line == 0)
-+ return 0;
-+ if (shell_input_line_index < 0 || shell_input_line_index >= shell_input_line_len)
-+ return '\0'; /* XXX */
-+ return (shell_input_line + shell_input_line_index);
-+ }
-+
- #ifdef INCLUDE_UNUSED
- /* Back the input pointer up by one, effectively `ungetting' a character. */
-***************
-*** 3809,3814 ****
- restore_parser_state (&ps);
- reset_parser ();
-! if (interactive)
-! token_to_read = 0;
-
- /* Need to find how many characters parse_and_execute consumed, update
---- 3819,3824 ----
- restore_parser_state (&ps);
- reset_parser ();
-!
-! token_to_read = 0;
-
- /* Need to find how many characters parse_and_execute consumed, update
-*** ../bash-4.1.16/shell.h 2009-08-14 16:32:52.000000000 -0400
---- shell.h 2014-10-04 15:08:26.000000000 -0400
-***************
-*** 164,167 ****
---- 164,169 ----
-
- /* Let's try declaring these here. */
-+ extern char *parser_remaining_input __P((void));
-+
- extern sh_parser_state_t *save_parser_state __P((sh_parser_state_t *));
- extern void restore_parser_state __P((sh_parser_state_t *));
-*** ../bash-4.1-patched/patchlevel.h 2009-10-01 16:39:22.000000000 -0400
---- patchlevel.h 2010-01-14 09:38:08.000000000 -0500
-***************
-*** 26,30 ****
- looks for to find the patch level (for the sccs version string). */
-
-! #define PATCHLEVEL 16
-
- #endif /* _PATCHLEVEL_H_ */
---- 26,30 ----
- looks for to find the patch level (for the sccs version string). */
-
-! #define PATCHLEVEL 17
-
- #endif /* _PATCHLEVEL_H_ */