--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bash/patches/bash42-046.patch Wed Sep 24 13:11:40 2014 -0700
@@ -0,0 +1,55 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-046
+
+Bug-Reported-by: "Theodoros V. Kalamatianos" <[email protected]>
+Bug-Reference-ID: <[email protected]>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2014-01/msg00044.html
+
+Bug-Description:
+
+Bash-4.2 patch 32 introduced a problem with "[email protected]" and arrays expanding empty
+positional parameters or array elements when using substring expansion,
+pattern substitution, or case modfication. The empty parameters or array
+elements are removed instead of expanding to empty strings ("").
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/subst.c 2012-12-31 11:52:56.000000000 -0500
+--- subst.c 2014-03-31 14:19:56.000000000 -0400
+***************
+*** 7243,7247 ****
+ ret = alloc_word_desc ();
+ ret->word = temp1;
+! if (temp1 && QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
+ ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
+ return ret;
+--- 7243,7253 ----
+ ret = alloc_word_desc ();
+ ret->word = temp1;
+! /* We test quoted_dollar_atp because we want variants with double-quoted
+! "[email protected]" to take a different code path. In fact, we make sure at the end
+! of expand_word_internal that we're only looking at these flags if
+! quoted_dollar_at == 0. */
+! if (temp1 &&
+! (quoted_dollar_atp == 0 || *quoted_dollar_atp == 0) &&
+! QUOTED_NULL (temp1) && (quoted & (Q_HERE_DOCUMENT|Q_DOUBLE_QUOTES)))
+ ret->flags |= W_QUOTED|W_HASQUOTEDNULL;
+ return ret;
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 45
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 46
+
+ #endif /* _PATCHLEVEL_H_ */--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bash/patches/bash42-047.patch Wed Sep 24 13:11:40 2014 -0700
@@ -0,0 +1,49 @@
+ BASH PATCH REPORT
+ =================
+
+Bash-Release: 4.2
+Patch-ID: bash42-047
+
+Bug-Reported-by: Matthew Riley <[email protected]>
+Bug-Reference-ID: <[email protected]om>
+Bug-Reference-URL: http://lists.gnu.org/archive/html/bug-bash/2013-03/msg00047.html
+
+Bug-Description:
+
+The function that shortens pathnames for $PS1 according to the value of
+$PROMPT_DIRTRIM uses memcpy on potentially-overlapping regions of memory,
+when it should use memmove. The result is garbled pathnames in prompt
+strings.
+
+Patch (apply with `patch -p0'):
+
+*** ../bash-4.2-patched/general.c 2010-12-12 15:06:27.000000000 -0500
+--- general.c 2014-01-30 16:46:15.000000000 -0500
+***************
+*** 767,771 ****
+
+ nlen = nend - ntail;
+! memcpy (nbeg, ntail, nlen);
+ nbeg[nlen] = '\0';
+
+--- 767,771 ----
+
+ nlen = nend - ntail;
+! memmove (nbeg, ntail, nlen);
+ nbeg[nlen] = '\0';
+
+*** ../bash-4.2-patched/patchlevel.h Sat Jun 12 20:14:48 2010
+--- patchlevel.h Thu Feb 24 21:41:34 2011
+***************
+*** 26,30 ****
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 46
+
+ #endif /* _PATCHLEVEL_H_ */
+--- 26,30 ----
+ looks for to find the patch level (for the sccs version string). */
+
+! #define PATCHLEVEL 47
+
+ #endif /* _PATCHLEVEL_H_ */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bash/patches/funcdef-import-4.2-CVE-2014-6271.patch Wed Sep 24 13:11:40 2014 -0700
@@ -0,0 +1,76 @@
+# Patch is from the bash project.
+# It is currently embargo'ed (as of 2014-02-23).
+# It will become an official bash patch once the embargo is lifted.
+*** ../bash-4.2.47/builtins/common.h 2010-05-30 18:31:51.000000000 -0400
+--- builtins/common.h 2014-09-16 19:35:45.000000000 -0400
+***************
+*** 36,39 ****
+--- 36,41 ----
+
+ /* Flags for describe_command, shared between type.def and command.def */
++ #define SEVAL_FUNCDEF 0x080 /* only allow function definitions */
++ #define SEVAL_ONECMD 0x100 /* only allow a single command */
+ #define CDESC_ALL 0x001 /* type -a */
+ #define CDESC_SHORTDESC 0x002 /* command -V */
+*** ../bash-4.2.47/builtins/evalstring.c 2010-11-23 08:22:15.000000000 -0500
+--- builtins/evalstring.c 2014-09-16 19:35:45.000000000 -0400
+***************
+*** 262,265 ****
+--- 262,273 ----
+ struct fd_bitmap *bitmap;
+
++ if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
++ {
++ internal_warning ("%s: ignoring function definition attempt", from_file);
++ should_jump_to_top_level = 0;
++ last_result = last_command_exit_value = EX_BADUSAGE;
++ break;
++ }
++
+ bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
+ begin_unwind_frame ("pe_dispose");
+***************
+*** 322,325 ****
+--- 330,336 ----
+ dispose_fd_bitmap (bitmap);
+ discard_unwind_frame ("pe_dispose");
++
++ if (flags & SEVAL_ONECMD)
++ break;
+ }
+ }
+*** ../bash-4.2.47/variables.c 2011-03-01 16:15:20.000000000 -0500
+--- variables.c 2014-09-16 19:35:45.000000000 -0400
+***************
+*** 348,357 ****
+ strcpy (temp_string + char_index + 1, string);
+
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
+!
+! /* Ancient backwards compatibility. Old versions of bash exported
+! functions like name()=() {...} */
+! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
+! name[char_index - 2] = '\0';
+
+ if (temp_var = find_function (name))
+--- 348,355 ----
+ strcpy (temp_string + char_index + 1, string);
+
+! /* Don't import function names that are invalid identifiers from the
+! environment. */
+! if (legal_identifier (name))
+! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
+
+ if (temp_var = find_function (name))
+***************
+*** 362,369 ****
+ else
+ report_error (_("error importing function definition for `%s'"), name);
+-
+- /* ( */
+- if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
+- name[char_index - 2] = '('; /* ) */
+ }
+ #if defined (ARRAY_VARS)
+--- 360,363 ----
+