bash: Update to 4.2.48

Fixes CVE-2014-6271.

Signed-off-by: Marcel Denia <naoir@gmx.net>

utils/bash/patches/133-upstream-bash42-033.patch

@@ -0,0 +1,48 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-033
+
+Bug-Reported-by:	David Leverton <levertond@googlemail.com>
+Bug-Reference-ID:	<4FCCE737.1060603@googlemail.com>
+Bug-Reference-URL:
+
+Bug-Description:
+
+Bash uses a static buffer when expanding the /dev/fd prefix for the test
+and conditional commands, among other uses, when it should use a dynamic
+buffer to avoid buffer overflow.
+
+Patch (apply with `patch -p0'):
+
+--- a/lib/sh/eaccess.c
++++ b/lib/sh/eaccess.c
+@@ -82,6 +82,8 @@ sh_stat (path, finfo)
+      const char *path;
+      struct stat *finfo;
+ {
++  static char *pbuf = 0;
++
+   if (*path == '\0')
+     {
+       errno = ENOENT;
+@@ -106,7 +108,7 @@ sh_stat (path, finfo)
+      trailing slash.  Make sure /dev/fd/xx really uses DEV_FD_PREFIX/xx.
+      On most systems, with the notable exception of linux, this is
+      effectively a no-op. */
+-      char pbuf[32];
++      pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8));
+       strcpy (pbuf, DEV_FD_PREFIX);
+       strcat (pbuf, path + 8);
+       return (stat (pbuf, finfo));
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 32
++#define PATCHLEVEL 33
+ 
+ #endif /* _PATCHLEVEL_H_ */