File bash-4.2-extra-import-func.patch of Package bash

---
 builtins/shopt.def |    2 ++
 doc/bash.1         |    7 +++++++
 shell.c            |    2 ++
 variables.c        |   13 ++++++++++++-
 4 files changed, 23 insertions(+), 1 deletion(-)

--- shell.c
+++ shell.c	2014-09-25 20:11:51.000000000 +0000
@@ -225,6 +225,7 @@ int posixly_correct = 1;	/* Non-zero mea
 #else
 int posixly_correct = 0;	/* Non-zero means posix.2 superset. */
 #endif
+int import_functions = IMPORT_FUNCTIONS_DEF;      /* Import functions from environment */
 
 /* Some long-winded argument names.  These are obviously new. */
 #define Int 1
@@ -244,6 +245,7 @@ static const struct {
   { "help", Int, &want_initial_help, (char **)0x0 },
   { "init-file", Charp, (int *)0x0, &bashrc_file },
   { "login", Int, &make_login_shell, (char **)0x0 },
+  { "import-functions", Int, &import_functions, (char **)0x0 },
   { "noediting", Int, &no_line_editing, (char **)0x0 },
   { "noprofile", Int, &no_profile, (char **)0x0 },
   { "norc", Int, &no_rc, (char **)0x0 },
--- variables.c
+++ variables.c	2014-09-30 11:54:58.994735738 +0000
@@ -105,6 +105,7 @@ extern time_t shell_start_time;
 extern int assigning_in_environment;
 extern int executing_builtin;
 extern int funcnest_max;
+extern int import_functions;
 
 #if defined (READLINE)
 extern int no_line_editing;
@@ -317,6 +318,7 @@ initialize_shell_variables (env, privmod
   char *name, *string, *temp_string;
   int c, char_index, string_index, string_length;
   SHELL_VAR *temp_var;
+  int skipped_import;
 
   create_variable_tables ();
 
@@ -341,9 +343,12 @@ initialize_shell_variables (env, privmod
 
       temp_var = (SHELL_VAR *)NULL;
 
+      skipped_import = 0;
+  reval:
+
       /* If exported function, define it now.  Don't import functions from
 	 the environment in privileged mode. */
-      if (privmode == 0 && read_but_dont_execute == 0 &&
+      if (skipped_import == 0 && privmode == 0 && read_but_dont_execute == 0 &&
 	  STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
 	  STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
 	  STREQN ("() {", string, 4))
@@ -356,6 +361,12 @@ initialize_shell_variables (env, privmod
 	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
 	  tname[namelen] = '\0';		/* now tname == func name */
 
+	  if (!import_functions && !interactive_shell) {
+		  skipped_import = 1;
+		  report_error (_("Skipping importing function definition for `%s': --import-functions required."), tname);
+		  goto reval;
+	  }
+
 	  string_length = strlen (string);
 	  temp_string = (char *)xmalloc (namelen + string_length + 2);
 
--- builtins/shopt.def
+++ builtins/shopt.def	2014-09-30 11:58:13.714235365 +0000
@@ -89,6 +89,7 @@ extern int check_jobs_at_exit;
 extern int autocd;
 extern int glob_star;
 extern int lastpipe_opt;
+extern int import_functions;
 
 #if defined (EXTENDED_GLOB)
 extern int extended_glob;
@@ -186,6 +187,7 @@ static struct {
   { "hostcomplete", &perform_hostname_completion, shopt_enable_hostname_completion },
 #endif
   { "huponexit", &hup_on_exit, (shopt_set_func_t *)NULL },
+  { "import-functions", &import_functions, (shopt_set_func_t *)NULL },
   { "interactive_comments", &interactive_comments, set_shellopts_after_change },
   { "lastpipe", &lastpipe_opt, (shopt_set_func_t *)NULL },
 #if defined (HISTORY)
--- doc/bash.1
+++ doc/bash.1	2014-09-30 12:09:39.698234623 +0000
@@ -235,6 +235,13 @@ The shell becomes restricted (see
 .B "RESTRICTED SHELL"
 below).
 .TP
+.B \-\-import\-functions
+This shell is patched in such a way that shell functions in the inported environment
+will not be expanded due several security issues (e.g. CVE\-2014\-6271).  This option
+can be used to enable this.  It is also possible to use the
+.B shopt
+builtin to do this.
+.TP
 .B \-\-verbose
 Equivalent to  \fB\-v\fP.
 .TP