Updated bash to patch 50.

This fully mitigates Shellshock and related parsing vulnerabilities,
due to attackers never controlling environment variable names.

3 files changed, 3 insertions, 14 deletions

diff --git a/pkgs/shells/bash/bash-4.2-patches.nix b/pkgs/shells/bash/bash-4.2-patches.nix
index 5239a9ec0a0..6924e7ab2b9 100644
--- a/pkgs/shells/bash/bash-4.2-patches.nix
+++ b/pkgs/shells/bash/bash-4.2-patches.nix
@@ -49,4 +49,6 @@ patch: [
 (patch "046" "0vc1ngkxkamwr022ww3vjp9ww9c647az4pjn175c1v60d0xk5hcm")
 (patch "047" "0ymgimqz65sx2izg1dvm1h5cc01arl3j9j5137212l1ls00r55y1")
 (patch "048" "091xk1ms7ycnczsl3fx461gjhj69j6ycnfijlymwj6mj60ims6km")
+(patch "049" "03jipi8qz5baf1dyhld7yvazkkad7lz5czchrjsrnglzvm6df74h")
+(patch "050" "19lb9nh0x5siwf21xkga3khy5pa3srfrlx97mby4cfz8am2bh68s")
 ]
diff --git a/pkgs/shells/bash/cve-2014-7169.patch b/pkgs/shells/bash/cve-2014-7169.patch
deleted file mode 100644
index f58e73f7806..00000000000
--- a/pkgs/shells/bash/cve-2014-7169.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-http://www.openwall.com/lists/oss-security/2014/09/25/10
-
-*** ../bash-20140912/parse.y	2014-08-26 15:09:42.000000000 -0400
---- parse.y	2014-09-24 22:47:28.000000000 -0400
-***************
-*** 2959,2962 ****
---- 2959,2964 ----
-    word_desc_to_read = (WORD_DESC *)NULL;
-  
-+   eol_ungetc_lookahead = 0;
-+ 
-    current_token = '\n';		/* XXX */
-    last_read_token = '\n';
diff --git a/pkgs/shells/bash/default.nix b/pkgs/shells/bash/default.nix
index 5181da77f3a..ca12c26f256 100644
--- a/pkgs/shells/bash/default.nix
+++ b/pkgs/shells/bash/default.nix
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
           inherit sha256;
         };
     in
-      import ./bash-4.2-patches.nix patch) ++ [ ./cve-2014-7169.patch ];
+      import ./bash-4.2-patches.nix patch);
 
   crossAttrs = {
     configureFlags = baseConfigureFlags +