Received: by mail.netbsd.org (Postfix, from userid 605)
	id C3D8E84DE5; Sat, 28 Oct 2017 11:23:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 50B5F84D92
	for <pkgsrc-changes@NetBSD.org>; Sat, 28 Oct 2017 11:23:51 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id 2jFArM7bUuMe for <pkgsrc-changes@netbsd.org>;
	Sat, 28 Oct 2017 11:23:50 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 8363584CE4
	for <pkgsrc-changes@NetBSD.org>; Sat, 28 Oct 2017 11:23:50 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 7E69EFBDE; Sat, 28 Oct 2017 11:23:50 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1509189830187880"
MIME-Version: 1.0
Date: Sat, 28 Oct 2017 11:23:50 +0000
From: "Pierre Pronchery" <khorben@netbsd.org>
Subject: CVS commit: pkgsrc/math/lp_solve
To: pkgsrc-changes@NetBSD.org
Reply-To: khorben@netbsd.org
X-Mailer: log_accum
Message-Id: <20171028112350.7E69EFBDE@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1509189830187880
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	khorben
Date:		Sat Oct 28 11:23:50 UTC 2017

Modified Files:
	pkgsrc/math/lp_solve: distinfo
	pkgsrc/math/lp_solve/patches: patch-lp__solve_ccc patch-lpsolve55_ccc

Log Message:
Fix local privilege escalation when building math/lp_solve

This still requires $TMPDIR (or /tmp) to be mounted with "exec", but now
respects $TMPDIR.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/math/lp_solve/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc \
    pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1509189830187880
Content-Disposition: inline
Content-Length: 7569
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/math/lp_solve/distinfo
diff -u pkgsrc/math/lp_solve/distinfo:1.6 pkgsrc/math/lp_solve/distinfo:1.7
--- pkgsrc/math/lp_solve/distinfo:1.6	Thu Jul 13 13:02:43 2017
+++ pkgsrc/math/lp_solve/distinfo	Sat Oct 28 11:23:50 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2017/07/13 13:02:43 wiz Exp $
+$NetBSD: distinfo,v 1.7 2017/10/28 11:23:50 khorben Exp $
 
 SHA1 (lp_solve_5.5.2.3_source.tar.gz) = 867a606fcc77612b71a0a6baa5f07a273f3023a7
 RMD160 (lp_solve_5.5.2.3_source.tar.gz) = 5657c47cf996979072fb2a1135d071e48da52ea1
@@ -6,6 +6,6 @@ SHA512 (lp_solve_5.5.2.3_source.tar.gz) 
 Size (lp_solve_5.5.2.3_source.tar.gz) = 812420 bytes
 SHA1 (patch-aa) = a77ec29e056252b3b82c1a1acdd463b5ff7f6f6b
 SHA1 (patch-demo_ccc) = dd5d00bce28fa89db343489bf22f0c96d3a9894b
-SHA1 (patch-lp__solve_ccc) = a83a73f420bae7a9529bac8cf5f283651d27c80d
+SHA1 (patch-lp__solve_ccc) = e8d3e4288a06781274a5bf3a8bbbf6712d0da3d9
 SHA1 (patch-lp__utils.c) = b0774bd7b323f12c97c7bc78c26f64a75c841f34
-SHA1 (patch-lpsolve55_ccc) = c84ba64ffaa5aa9f04701c771b644f99318bc6da
+SHA1 (patch-lpsolve55_ccc) = b993badb27095b34fb60436a7bc5e69b2911c6b3

Index: pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc
diff -u pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc:1.3 pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc:1.4
--- pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc:1.3	Thu Jul 13 13:02:43 2017
+++ pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc	Sat Oct 28 11:23:50 2017
@@ -1,4 +1,4 @@
-$NetBSD: patch-lp__solve_ccc,v 1.3 2017/07/13 13:02:43 wiz Exp $
+$NetBSD: patch-lp__solve_ccc,v 1.4 2017/10/28 11:23:50 khorben Exp $
 
 recent versions of gcc are noisy unless main() is declared returning 'int'
 and isnan() needs a floating argument else NOISNAN is defined causing
@@ -6,16 +6,58 @@ problems.
 
 --- lp_solve/ccc.orig	2009-01-25 18:39:03.000000000 +0000
 +++ lp_solve/ccc
-@@ -20,7 +20,7 @@ math=-lm
- echo '#include <stdio.h>'>>/tmp/isnan.c
- echo '#include <stdlib.h>'>>/tmp/isnan.c
- echo '#include <math.h>'>>/tmp/isnan.c
+@@ -2,31 +2,36 @@
+ src='../lp_MDO.c ../shared/commonlib.c ../colamd/colamd.c ../shared/mmio.c ../shared/myblas.c ../ini.c ../fortify.c ../lp_rlp.c ../lp_crash.c ../bfp/bfp_LUSOL/lp_LUSOL.c ../bfp/bfp_LUSOL/LUSOL/lusol.c ../lp_Hash.c ../lp_lib.c ../lp_wlp.c ../lp_matrix.c ../lp_mipbb.c ../lp_MPS.c ../lp_params.c ../lp_presolve.c ../lp_price.c ../lp_pricePSE.c ../lp_report.c ../lp_scale.c ../lp_simplex.c lp_solve.c ../lp_SOS.c ../lp_utils.c ../yacc_read.c'
+ c=cc
+ 
++tmpdir=$(mktemp -d)
++[ $? -eq 0 ] || return 2
++
+ #determine platform (32/64 bit)
+->/tmp/platform.c
+-echo '#include <stdlib.h>'>>/tmp/platform.c
+-echo '#include <stdio.h>'>>/tmp/platform.c
+-echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>/tmp/platform.c
+-$c /tmp/platform.c -o /tmp/platform
+-PLATFORM=`/tmp/platform`
+-rm /tmp/platform /tmp/platform.c >/dev/null 2>&1
++>$tmpdir/platform.c
++echo '#include <stdlib.h>'>>$tmpdir/platform.c
++echo '#include <stdio.h>'>>$tmpdir/platform.c
++echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>$tmpdir/platform.c
++$c $tmpdir/platform.c -o $tmpdir/platform
++PLATFORM=`$tmpdir/platform`
++rm $tmpdir/platform $tmpdir/platform.c >/dev/null 2>&1
+ 
+ mkdir bin bin/$PLATFORM >/dev/null 2>&1
+ 
+ math=-lm
+ 
+ #check if this system has the isnan function
+->/tmp/isnan.c
+-echo '#include <stdio.h>'>>/tmp/isnan.c
+-echo '#include <stdlib.h>'>>/tmp/isnan.c
+-echo '#include <math.h>'>>/tmp/isnan.c
 -echo 'main(){isnan(0);}'>>/tmp/isnan.c
-+echo 'int main(){isnan(0.0);}'>>/tmp/isnan.c
- $c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1
+-$c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1
++>$tmpdir/isnan.c
++echo '#include <stdio.h>'>>$tmpdir/isnan.c
++echo '#include <stdlib.h>'>>$tmpdir/isnan.c
++echo '#include <math.h>'>>$tmpdir/isnan.c
++echo 'int main(){isnan(0.0);}'>>$tmpdir/isnan.c
++$c $tmpdir/isnan.c -o $tmpdir/isnan $math >/dev/null 2>&1
  if [ $? = 0 ]
  then NOISNAN=
-@@ -38,4 +38,4 @@ then opts='-O0'
+ else NOISNAN=-DNOISNAN
+ fi
+-rm /tmp/isnan.c /tmp/isnan >/dev/null 2>&1
++rm $tmpdir/isnan.c $tmpdir/isnan >/dev/null 2>&1
++
++rmdir $tmpdir
+ 
+ opts='-O3'
+ 
+@@ -38,4 +43,4 @@ then opts='-O0'
  else dl=-ldl
  fi
  
Index: pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc
diff -u pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc:1.3 pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc:1.4
--- pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc:1.3	Thu Jul 13 13:02:43 2017
+++ pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc	Sat Oct 28 11:23:50 2017
@@ -1,4 +1,4 @@
-$NetBSD: patch-lpsolve55_ccc,v 1.3 2017/07/13 13:02:43 wiz Exp $
+$NetBSD: patch-lpsolve55_ccc,v 1.4 2017/10/28 11:23:50 khorben Exp $
 
 recent versions of gcc are noisy unless main() is declared returning 'int'
 and isnan() needs a floating argument else NOISNAN is defined causing
@@ -6,16 +6,56 @@ problems.
 
 --- lpsolve55/ccc.orig	2009-03-25 00:27:18.000000000 +0000
 +++ lpsolve55/ccc
-@@ -18,7 +18,7 @@ mkdir bin bin/$PLATFORM >/dev/null 2>&1
- echo '#include <stdio.h>'>>/tmp/isnan.c
- echo '#include <stdlib.h>'>>/tmp/isnan.c
- echo '#include <math.h>'>>/tmp/isnan.c
+@@ -2,29 +2,34 @@
+ src='../lp_MDO.c ../shared/commonlib.c ../shared/mmio.c ../shared/myblas.c ../ini.c ../fortify.c ../colamd/colamd.c ../lp_rlp.c ../lp_crash.c ../bfp/bfp_LUSOL/lp_LUSOL.c ../bfp/bfp_LUSOL/LUSOL/lusol.c ../lp_Hash.c ../lp_lib.c ../lp_wlp.c ../lp_matrix.c ../lp_mipbb.c ../lp_MPS.c ../lp_params.c ../lp_presolve.c ../lp_price.c ../lp_pricePSE.c ../lp_report.c ../lp_scale.c ../lp_simplex.c ../lp_SOS.c ../lp_utils.c ../yacc_read.c'
+ c=cc
+ 
++tmpdir=$(mktemp -d)
++[ $? -eq 0 ] || return 2
++
+ #determine platform (32/64 bit)
+->/tmp/platform.c
+-echo '#include <stdlib.h>'>>/tmp/platform.c
+-echo '#include <stdio.h>'>>/tmp/platform.c
+-echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>/tmp/platform.c
+-$c /tmp/platform.c -o /tmp/platform
+-PLATFORM=`/tmp/platform`
+-rm /tmp/platform /tmp/platform.c >/dev/null 2>&1
++>$tmpdir/platform.c
++echo '#include <stdlib.h>'>>$tmpdir/platform.c
++echo '#include <stdio.h>'>>$tmpdir/platform.c
++echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>$tmpdir/platform.c
++$c $tmpdir/platform.c -o $tmpdir/platform
++PLATFORM=`$tmpdir/platform`
++rm $tmpdir/platform $tmpdir/platform.c >/dev/null 2>&1
+ 
+ mkdir bin bin/$PLATFORM >/dev/null 2>&1
+ 
+ #check if this system has the isnan function
+->/tmp/isnan.c
+-echo '#include <stdio.h>'>>/tmp/isnan.c
+-echo '#include <stdlib.h>'>>/tmp/isnan.c
+-echo '#include <math.h>'>>/tmp/isnan.c
 -echo 'main(){isnan(0);}'>>/tmp/isnan.c
-+echo 'int main(){isnan(0.0);}'>>/tmp/isnan.c
- $c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1
+-$c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1
++>$tmpdir/isnan.c
++echo '#include <stdio.h>'>>$tmpdir/isnan.c
++echo '#include <stdlib.h>'>>$tmpdir/isnan.c
++echo '#include <math.h>'>>$tmpdir/isnan.c
++echo 'int main(){isnan(0.0);}'>>$tmpdir/isnan.c
++$c $tmpdir/isnan.c -o $tmpdir/isnan $math >/dev/null 2>&1
  if [ $? = 0 ]
  then NOISNAN=
-@@ -44,7 +44,7 @@ ranlib bin/$PLATFORM/liblpsolve55.a
+ else NOISNAN=-DNOISNAN
+ fi
+-rm /tmp/isnan.c /tmp/isnan >/dev/null 2>&1
++rm $tmpdir/isnan.c $tmpdir/isnan >/dev/null 2>&1
++
++rmdir $tmpdir
+ 
+ def=
+ so=
+@@ -44,7 +49,7 @@ ranlib bin/$PLATFORM/liblpsolve55.a
  if [ "$so" != "" ]
  then
    $c -fpic -s -c -I.. -I../shared -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I. $opts $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src


--_----------=_1509189830187880--