---
 builtins/shopt.def |    2 ++
 doc/bash.1         |    7 +++++++
 shell.c            |    2 ++
 variables.c        |   13 ++++++++++++-
 4 files changed, 23 insertions(+), 1 deletion(-)

--- shell.c
+++ shell.c	2014-09-25 20:11:51.000000000 +0000
@@ -230,6 +230,7 @@ int posixly_correct = 1;	/* Non-zero mea
 #else
 int posixly_correct = 0;	/* Non-zero means posix.2 superset. */
 #endif
+int import_functions = IMPORT_FUNCTIONS_DEF;      /* Import functions from environment */
 
 /* Some long-winded argument names.  These are obviously new. */
 #define Int 1
@@ -249,6 +250,7 @@ static const struct {
   { "help", Int, &want_initial_help, (char **)0x0 },
   { "init-file", Charp, (int *)0x0, &bashrc_file },
   { "login", Int, &make_login_shell, (char **)0x0 },
+  { "import-functions", Int, &import_functions, (char **)0x0 },
   { "noediting", Int, &no_line_editing, (char **)0x0 },
   { "noprofile", Int, &no_profile, (char **)0x0 },
   { "norc", Int, &no_rc, (char **)0x0 },
--- variables.c
+++ variables.c	2014-10-06 08:36:41.299837915 +0000
@@ -110,6 +110,7 @@ extern time_t shell_start_time;
 extern int assigning_in_environment;
 extern int executing_builtin;
 extern int funcnest_max;
+extern int import_functions;
 
 #if defined (READLINE)
 extern int no_line_editing;
@@ -328,6 +329,7 @@ initialize_shell_variables (env, privmod
   char *name, *string, *temp_string;
   int c, char_index, string_index, string_length, ro;
   SHELL_VAR *temp_var;
+  int skipped_import;
 
   create_variable_tables ();
 
@@ -352,9 +354,12 @@ initialize_shell_variables (env, privmod
 
       temp_var = (SHELL_VAR *)NULL;
 
+      skipped_import = 0;
+  reval:
+
       /* If exported function, define it now.  Don't import functions from
 	 the environment in privileged mode. */
-      if (privmode == 0 && read_but_dont_execute == 0 && 
+      if (skipped_import == 0 && privmode == 0 && read_but_dont_execute == 0 && 
           STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
           STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
 	  STREQN ("() {", string, 4))
@@ -367,6 +372,12 @@ initialize_shell_variables (env, privmod
 	  tname = name + BASHFUNC_PREFLEN;	/* start of func name */
 	  tname[namelen] = '\0';		/* now tname == func name */
 
+	  if (!import_functions && !interactive_shell) {
+		  skipped_import = 1;
+		  report_error (_("Skipping importing function definition for `%s': --import-functions required."), tname);
+		  goto reval;
+	  }
+
 	  string_length = strlen (string);
 	  temp_string = (char *)xmalloc (namelen + string_length + 2);
 
--- builtins/shopt.def
+++ builtins/shopt.def	2014-09-30 11:58:14.000000000 +0000
@@ -90,6 +90,7 @@ extern int autocd;
 extern int glob_star;
 extern int glob_asciirange;
 extern int lastpipe_opt;
+extern int import_functions;
 
 #if defined (EXTENDED_GLOB)
 extern int extended_glob;
@@ -192,6 +193,7 @@ static struct {
   { "hostcomplete", &perform_hostname_completion, shopt_enable_hostname_completion },
 #endif
   { "huponexit", &hup_on_exit, (shopt_set_func_t *)NULL },
+  { "import-functions", &import_functions, (shopt_set_func_t *)NULL },
   { "interactive_comments", &interactive_comments, set_shellopts_after_change },
   { "lastpipe", &lastpipe_opt, (shopt_set_func_t *)NULL },
 #if defined (HISTORY)
--- doc/bash.1
+++ doc/bash.1	2014-09-30 12:09:40.000000000 +0000
@@ -240,6 +240,13 @@ The shell becomes restricted (see
 .B "RESTRICTED SHELL"
 below).
 .TP
+.B \-\-import\-functions
+This shell is patched in such a way that shell functions in the inported environment
+will not be expanded due several security issues (e.g. CVE\-2014\-6271).  This option
+can be used to enable this.  It is also possible to use the
+.B shopt
+builtin to do this.
+.TP
 .B \-\-verbose
 Equivalent to  \fB\-v\fP.
 .TP