bash: Update to 4.2.48

Fixes CVE-2014-6271.

Signed-off-by: Marcel Denia <naoir@gmx.net>

utils/bash/patches/138-upstream-bash42-038.patch

@@ -0,0 +1,38 @@
+			     BASH PATCH REPORT
+			     =================
+
+Bash-Release:	4.2
+Patch-ID:	bash42-038
+
+Bug-Reported-by:	armandsl@gmail.com
+Bug-Reference-ID:	<20120822112810.8D14920040@windmill.latviatours.lv>
+Bug-Reference-URL:	http://lists.gnu.org/archive/html/bug-bash/2012-08/msg00049.html
+
+Bug-Description:
+
+If a backslash-newline (which is removed) with no other input is given as
+input to `read', the shell tries to dereference a null pointer and seg faults.
+
+Patch (apply with `patch -p0'):
+
+--- a/builtins/read.def
++++ b/builtins/read.def
+@@ -791,7 +791,7 @@ assign_vars:
+     }
+ #endif
+ 
+-  if (saw_escape)
++  if (saw_escape && input_string && *input_string)
+     {
+       t = dequote_string (input_string);
+       var = bind_read_variable (list->word->word, t);
+--- a/patchlevel.h
++++ b/patchlevel.h
+@@ -25,6 +25,6 @@
+    regexp `^#define[ 	]*PATCHLEVEL', since that's what support/mkversion.sh
+    looks for to find the patch level (for the sccs version string). */
+ 
+-#define PATCHLEVEL 37
++#define PATCHLEVEL 38
+ 
+ #endif /* _PATCHLEVEL_H_ */