1 files changed, 55 insertions, 0 deletions

diff --git a/debian/patches/bash52-010.diff b/debian/patches/bash52-010.diff
new file mode 100644
index 0000000..763c386
--- /dev/null
+++ b/debian/patches/bash52-010.diff
@@ -0,0 +1,55 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	5.2
+Patch-ID:	bash52-010
+
+Bug-Reported-by:	larsh@apache.org
+Bug-Reference-ID:
+Bug-Reference-URL:	https://savannah.gnu.org/support/?110744
+
+Bug-Description:
+
+Bash-5.2 checks the first 128 characters of an executable file that execve()
+refuses to execute to see whether it's a binary file before trying to
+execute it as a shell script. This defeats some previously-supported use
+cases like "self-executing" jar files or "self-uncompressing" scripts.
+
+--- a/general.c
++++ b/general.c
+@@ -683,21 +683,20 @@ check_binary_file (sample, sample_len)
+      int sample_len;
+ {
+   register int i;
++  int nline;
+   unsigned char c;
+ 
+   if (sample_len >= 4 && sample[0] == 0x7f && sample[1] == 'E' && sample[2] == 'L' && sample[3] == 'F')
+     return 1;
+ 
+   /* Generally we check the first line for NULs. If the first line looks like
+-     a `#!' interpreter specifier, we just look for NULs anywhere in the
+-     buffer. */
+-  if (sample[0] == '#' && sample[1] == '!')
+-    return (memchr (sample, '\0', sample_len) != NULL);
++     a `#!' interpreter specifier, we look for NULs in the first two lines. */
++  nline = (sample[0] == '#' && sample[1] == '!') ? 2 : 1;
+ 
+   for (i = 0; i < sample_len; i++)
+     {
+       c = sample[i];
+-      if (c == '\n')
++      if (c == '\n' && --nline == 0)
+ 	return (0);
+       if (c == '\0')
+ 	return (1);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 9
++#define PATCHLEVEL 10
+ 
+ #endif /* _PATCHLEVEL_H_ */