--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bash/patches/bash41-010.patch Tue Jul 24 10:14:00 2012 -0700
@@ -0,0 +1,68 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.1
+Patch-ID: bash41-010
+
+Bug-Reported-by: Stephane Jourdois <[email protected]>
+Bug-Reference-ID: <[email protected]>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2010-05/msg00165.html
+
+Bug-Description:
+
+The expansion of the \W prompt string escape sequence incorrectly used
+strcpy to copy overlapping strings. Only memmove works in this case.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/parse.y 2009-12-30 12:51:42.000000000 -0500
+--- parse.y 2011-02-24 16:40:48.000000000 -0500
+***************
+*** 5153,5157 ****
+ t = strrchr (t_string, '/');
+ if (t)
+! strcpy (t_string, t + 1);
+ }
+ }
+--- 5153,5157 ----
+ t = strrchr (t_string, '/');
+ if (t)
+! memmove (t_string, t + 1, strlen (t));
+ }
+ }
+*** ../bash-4.1-patched/y.tab.c 2009-12-30 12:52:02.000000000 -0500
+--- y.tab.c 2011-02-24 16:50:27.000000000 -0500
+***************
+*** 7482,7486 ****
+ t = strrchr (t_string, '/');
+ if (t)
+! strcpy (t_string, t + 1);
+ }
+ }
+--- 7482,7486 ----
+ t = strrchr (t_string, '/');
+ if (t)
+! memmove (t_string, t + 1, strlen (t));
+ }
+ }
+***************
+*** 8244,8246 ****
+ }
+ #endif /* HANDLE_MULTIBYTE */
+-
+--- 8244,8245 ----
+*** ../bash-4.1-patched/patchlevel.h 2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h 2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 9
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 10
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bash/patches/bash41-011.patch Tue Jul 24 10:14:00 2012 -0700
@@ -0,0 +1,86 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.1
+Patch-ID: bash41-011
+
+Bug-Reported-by: <[email protected]>
+Bug-Reference-ID: <[email protected]>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2011-04/msg00075.html
+
+Bug-Description:
+
+Under certain circumstances, running `fc -l' two times in succession with a
+relative history offset at the end of the history will result in an incorrect
+calculation of the last history entry and a seg fault.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.1-patched/builtins/fc.def 2009-03-21 14:03:43.000000000 -0400
+--- builtins/fc.def 2011-04-19 15:46:17.000000000 -0400
+***************
+*** 304,307 ****
+--- 304,317 ----
+ last_hist = i - rh - hist_last_line_added;
+
++ /* XXX */
++ if (i == last_hist && hlist[last_hist] == 0)
++ while (last_hist >= 0 && hlist[last_hist] == 0)
++ last_hist--;
++ if (last_hist < 0)
++ {
++ sh_erange ((char *)NULL, _("history specification"));
++ return (EXECUTION_FAILURE);
++ }
++
+ if (list)
+ {
+***************
+*** 466,470 ****
+ {
+ int sign, n, clen, rh;
+! register int i, j;
+ register char *s;
+
+--- 476,480 ----
+ {
+ int sign, n, clen, rh;
+! register int i, j, last_hist;
+ register char *s;
+
+***************
+*** 486,490 ****
+ calculation as if it were on. */
+ rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+! i -= rh + hist_last_line_added;
+
+ /* No specification defaults to most recent command. */
+--- 496,508 ----
+ calculation as if it were on. */
+ rh = remember_on_history || ((subshell_environment & SUBSHELL_COMSUB) && enable_history_list);
+! last_hist = i - rh - hist_last_line_added;
+!
+! if (i == last_hist && hlist[last_hist] == 0)
+! while (last_hist >= 0 && hlist[last_hist] == 0)
+! last_hist--;
+! if (last_hist < 0)
+! return (-1);
+!
+! i = last_hist;
+
+ /* No specification defaults to most recent command. */
+*** ../bash-4.1-patched/patchlevel.h 2009-10-01 16:39:22.000000000 -0400
+--- patchlevel.h 2010-01-14 09:38:08.000000000 -0500
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 10
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 11
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bash/patches/solaris-016.eaccess.c.patch Tue Jul 24 10:14:00 2012 -0700
@@ -0,0 +1,42 @@
+#
+# Backported to bash 4.1 from:
+# http://lists.gnu.org/archive/html/bug-bash/2012-07/msg00027.html
+# Also see:
+# https://bugzilla.redhat.com/show_bug.cgi?id=840091
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410
+#
+--- lib/sh/eaccess.c 2008-08-12 08:50:01.000000000 -0700
++++ lib/sh/eaccess.c 2012-07-24 09:39:37.970186946 -0700
+@@ -40,6 +40,10 @@
+ #if !defined (_POSIX_VERSION) && defined (HAVE_SYS_FILE_H)
+ # include <sys/file.h>
+ #endif /* !_POSIX_VERSION */
++
++#include <string.h> /* memset(3C) */
++#include <limits.h> /* _XOPEN_PATH_MAX */
++
+ #include "posixstat.h"
+ #include "filecntl.h"
+
+@@ -82,6 +86,8 @@
+ const char *path;
+ struct stat *finfo;
+ {
++ static char pbuf[_XOPEN_PATH_MAX + 1];
++
+ if (*path == '\0')
+ {
+ errno = ENOENT;
+@@ -106,9 +112,10 @@
+ trailing slash. Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
+ On most systems, with the notable exception of linux, this is
+ effectively a no-op. */
+- char pbuf[32];
++ (void) memset (pbuf, '\0', sizeof(pbuf));
+ strcpy (pbuf, DEV_FD_PREFIX);
+- strcat (pbuf, path + 8);
++ strncat (pbuf, path + 8,
++ (size_t) (sizeof(pbuf) - sizeof(DEV_FD_PREFIX)));
+ return (stat (pbuf, finfo));
+ #endif /* !HAVE_DEV_FD */
+ }