1 files changed, 54 insertions, 0 deletions

diff --git a/debian/patches/bash43-029.diff b/debian/patches/bash43-029.diff
new file mode 100644
index 0000000..a5742bb
--- /dev/null
+++ b/debian/patches/bash43-029.diff
@@ -0,0 +1,54 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.3
+Patch-ID:	bash43-029
+
+Bug-Reported-by:	Michal Zalewski <lcamtuf@coredump.cx>
+Bug-Reference-ID:
+Bug-Reference-URL:
+
+Bug-Description:
+
+When bash is parsing a function definition that contains a here-document
+delimited by end-of-file (or end-of-string), it leaves the closing delimiter
+uninitialized.  This can result in an invalid memory access when the parsed
+function is later copied.
+
+Index: b/copy_cmd.c
+===================================================================
+--- a/copy_cmd.c
++++ b/copy_cmd.c
+@@ -126,7 +126,7 @@ copy_redirect (redirect)
+     {
+     case r_reading_until:
+     case r_deblank_reading_until:
+-      new_redirect->here_doc_eof = savestring (redirect->here_doc_eof);
++      new_redirect->here_doc_eof = redirect->here_doc_eof ? savestring (redirect->here_doc_eof) : 0;
+       /*FALLTHROUGH*/
+     case r_reading_string:
+     case r_appending_to:
+Index: b/make_cmd.c
+===================================================================
+--- a/make_cmd.c
++++ b/make_cmd.c
+@@ -692,6 +692,7 @@ make_redirection (source, instruction, d
+   /* First do the common cases. */
+   temp->redirector = source;
+   temp->redirectee = dest_and_filename;
++  temp->here_doc_eof = 0;
+   temp->instruction = instruction;
+   temp->flags = 0;
+   temp->rflags = flags;
+Index: b/patchlevel.h
+===================================================================
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 28
++#define PATCHLEVEL 29
+ 
+ #endif /* _PATCHLEVEL_H_ */