bash: add upstream security fixes to patch level 12

Fixes CVE-2017-5932 - Shell code execution on tab completion of specially
crafted files. For details, see the report:

https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf

We unfortunately cannot easily download these because of the file names (not
ending in patch) and patch format (p0), so convert to p1 format and include
in package/bash with the following script:

for i in 06 07 08 09 10 11 12; do
	cat > bash44-0$i.patch << EOF
>From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

EOF
	curl https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-0$i | \
		sed -e 's|^\*\*\* \.\./|*** |' -e 's|^--- |--- b/|' >> bash44-0$i.patch
done

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

1 files changed, 63 insertions, 0 deletions

diff --git a/package/bash/bash44-006.patch b/package/bash/bash44-006.patch
new file mode 100644
index 0000000000..ba58ed40c3
--- /dev/null
+++ b/package/bash/bash44-006.patch
@@ -0,0 +1,63 @@
+From https://ftp.gnu.org/gnu/bash/bash-4.4-patches/bash44-006
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.4
+Patch-ID:	bash44-006
+
+Bug-Reported-by:	<fernando@null-life.com>
+Bug-Reference-ID:	<CAEr-gPFPvqheiAeENmMkEwWRd4U=1iqCsYmR3sLdULOqL++_tQ@mail.gmail.com>
+Bug-Reference-URL:	
+
+Bug-Description:
+
+Out-of-range negative offsets to popd can cause the shell to crash attempting
+to free an invalid memory block.
+
+Patch (apply with `patch -p0'):
+
+*** bash-4.4-patched/builtins/pushd.def	2016-01-25 13:31:49.000000000 -0500
+--- b/builtins/pushd.def	2016-10-28 10:46:49.000000000 -0400
+***************
+*** 366,370 ****
+      }
+  
+!   if (which > directory_list_offset || (directory_list_offset == 0 && which == 0))
+      {
+        pushd_error (directory_list_offset, which_word ? which_word : "");
+--- b/366,370 ----
+      }
+  
+!   if (which > directory_list_offset || (which < -directory_list_offset) || (directory_list_offset == 0 && which == 0))
+      {
+        pushd_error (directory_list_offset, which_word ? which_word : "");
+***************
+*** 388,391 ****
+--- b/388,396 ----
+  	 of the list into place. */
+        i = (direction == '+') ? directory_list_offset - which : which;
++       if (i < 0 || i > directory_list_offset)
++ 	{
++ 	  pushd_error (directory_list_offset, which_word ? which_word : "");
++ 	  return (EXECUTION_FAILURE);
++ 	}
+        free (pushd_directory_list[i]);
+        directory_list_offset--;
+*** bash-4.4/patchlevel.h	2016-06-22 14:51:03.000000000 -0400
+--- b/patchlevel.h	2016-10-01 11:01:28.000000000 -0400
+***************
+*** 26,30 ****
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 5
+  
+  #endif /* _PATCHLEVEL_H_ */
+--- b/26,30 ----
+     looks for to find the patch level (for the sccs version string). */
+  
+! #define PATCHLEVEL 6
+  
+  #endif /* _PATCHLEVEL_H_ */