From 57fc4d21b717410d0c044609e3182a0df96acfa8 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <vcunat@gmail.com>
Date: Thu, 5 Jan 2017 01:00:13 +0100
Subject: bash-4.4: p0 -> p5 + a security patch from Gentoo

---
 pkgs/shells/bash/4.4.nix              | 29 +++++++++++++++++++----------
 pkgs/shells/bash/bash-4.4-patches.nix |  5 +++++
 2 files changed, 24 insertions(+), 10 deletions(-)

(limited to 'pkgs/shells/bash')

diff --git a/pkgs/shells/bash/4.4.nix b/pkgs/shells/bash/4.4.nix
index 406ca4d08fd..7dbb1832497 100644
--- a/pkgs/shells/bash/4.4.nix
+++ b/pkgs/shells/bash/4.4.nix
@@ -12,11 +12,21 @@ let
   baseConfigureFlags = if interactive then "--with-installed-readline" else "--disable-readline";
   sha256 = "1jyz6snd63xjn6skk7za6psgidsd53k05cr3lksqybi0q6936syq";
 
+  upstreamPatches =
+    let
+      patch = nr: sha256:
+        fetchurl {
+          url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}";
+          inherit sha256;
+        };
+    in
+      import ./bash-4.4-patches.nix patch;
+
   inherit (stdenv.lib) optional optionalString;
 in
 
 stdenv.mkDerivation rec {
-  name = "${realName}-p${toString (builtins.length patches)}";
+  name = "${realName}-p${toString (builtins.length upstreamPatches)}";
 
   src = fetchurl {
     url = "mirror://gnu/bash/${realName}.tar.gz";
@@ -41,15 +51,14 @@ stdenv.mkDerivation rec {
 
   patchFlags = "-p0";
 
-  patches =
-    (let
-      patch = nr: sha256:
-        fetchurl {
-          url = "mirror://gnu/bash/${realName}-patches/${shortName}-${nr}";
-          inherit sha256;
-        };
-    in
-      import ./bash-4.4-patches.nix patch)
+  patches = upstreamPatches
+      ++ [ (fetchurl {
+              # https://security.gentoo.org/glsa/201701-02
+              url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/app-shells"
+                  + "/bash/files/bash-4.4-popd-offset-overflow.patch"
+                  + "?id=1bf1ceeb04a2f57e1e5e1636a8c288c4d0db6682";
+              sha256 = "02n08lw5spvsc2b1bll0gr6mg4qxcg7pzfjkw7ji5w7bjcikccbm";
+          }) ]
       ++ optional stdenv.isCygwin ./cygwin-bash-4.3.33-1.src.patch;
 
   crossAttrs = {
diff --git a/pkgs/shells/bash/bash-4.4-patches.nix b/pkgs/shells/bash/bash-4.4-patches.nix
index b8019fb3350..c3ef5470aeb 100644
--- a/pkgs/shells/bash/bash-4.4-patches.nix
+++ b/pkgs/shells/bash/bash-4.4-patches.nix
@@ -1,4 +1,9 @@
 # Automatically generated by `update-patch-set.sh'; do not edit.
 
 patch: [
+(patch "001" "03vzy7qwjdd5qvl3ydg99naazas2qmyd0yhnrflgjbbm64axja1y")
+(patch "002" "0lrwq6vyqism3yqv9s7kzaf3dsl4q5w9r5svcqz279qp7qca083h")
+(patch "003" "1chqww2rj6g42b8s60q5zlzy0jzp684jkpsbrbfy1vzxja8mmpsi")
+(patch "004" "1cy8abf96hkrjhw921ndr0shlcnc52bg45rn6xri4v5clhq0l25d")
+(patch "005" "0a8515kyk4zsgmvlqvlganjfr7pq0j6kzpr4d6xx02kpbdr4n7i2")
 ]
-- 
cgit 1.4.1