From cec73eedb763b803897e98f0a5b3934dc4be1fdd Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Mon, 6 Nov 2017 18:03:27 +0000
Subject: [PATCH] main/bash: fix applying vendor patches

---
 main/bash/APKBUILD | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
index 910df6a5de18..16b3c716acb9 100644
--- a/main/bash/APKBUILD
+++ b/main/bash/APKBUILD
@@ -6,7 +6,7 @@ pkgver=4.4.12
 _patchlevel=${pkgver##*.}
 _myver=${pkgver%.*}
 _patchbase=${_myver/./}
-pkgrel=0
+pkgrel=1
 pkgdesc="The GNU Bourne Again shell"
 url="http://www.gnu.org/software/bash/bash.html"
 arch="all"
@@ -30,13 +30,29 @@ while [ $_i -le $_patchlevel ]; do
 done
 
 # secfixes:
-#   4.4.12-r0:
-#     - CCVE-2016-0634
+#   4.4.12-r1:
+#     - CVE-2016-0634
 
 builddir="$srcdir"/$pkgname-$_myver
 
 prepare() {
 	cd "$builddir"
+
+	# NOTE: This section is for applying the vendor patches, which are required to fix
+	# security holes.  `default_prepare` does *not* apply vendor patches in the format
+	# shipped with bash.  We also need to make sure vendor patches are applied before
+	# our own.
+	# If you disagree, please request an experimental rebuild with bash as /bin/sh,
+	# before removing this section.
+	for p in $source; do
+		case $p in
+		*/bash[0-9][0-9]-[0-9]*)
+			msg "$p (vendor)"
+			patch -p0 -i "$srcdir"/${p##*/} || return 1
+			;;
+		esac
+	done
+
 	default_prepare
 	update_config_sub
 }
-- 
GitLab