BASH PATCH REPORT ================= Bash-Release: 4.3 Patch-ID: bash43-026 Bug-Reported-by: Tavis Ormandy Bug-Reference-ID: Bug-Reference-URL: http://twitter.com/taviso/statuses/514887394294652929 Bug-Description: Under certain circumstances, bash can incorrectly save a lookahead character and return it on a subsequent call, even when reading a new line. Patch (apply with `patch -p0'): *** ../bash-4.3.25/parse.y 2014-07-30 10:14:31.000000000 -0400 --- parse.y 2014-09-25 20:20:21.000000000 -0400 *************** *** 2954,2957 **** --- 2954,2959 ---- word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *** ../bash-4.3.25/y.tab.c 2014-07-30 10:14:32.000000000 -0400 --- y.tab.c 2014-09-25 20:21:48.000000000 -0400 *************** *** 5266,5269 **** --- 5266,5271 ---- word_desc_to_read = (WORD_DESC *)NULL; + eol_ungetc_lookahead = 0; + current_token = '\n'; /* XXX */ last_read_token = '\n'; *************** *** 8540,8542 **** } #endif /* HANDLE_MULTIBYTE */ - --- 8542,8543 ---- *** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500 --- patchlevel.h 2014-03-20 20:01:28.000000000 -0400 *************** *** 26,30 **** looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 25 #endif /* _PATCHLEVEL_H_ */ --- 26,30 ---- looks for to find the patch level (for the sccs version string). */ ! #define PATCHLEVEL 26 #endif /* _PATCHLEVEL_H_ */