Sat Oct 28 11:23:50 2017 UTC ()
Fix local privilege escalation when building math/lp_solve

This still requires $TMPDIR (or /tmp) to be mounted with "exec", but now
respects $TMPDIR.


(khorben)
diff -r1.6 -r1.7 pkgsrc/math/lp_solve/distinfo
diff -r1.3 -r1.4 pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc
diff -r1.3 -r1.4 pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc
cvs diff -r1.6 -r1.7 pkgsrc/math/lp_solve/distinfo (expand / switch to unified diff)

--- pkgsrc/math/lp_solve/distinfo 2017/07/13 13:02:43 1.6
+++ pkgsrc/math/lp_solve/distinfo 2017/10/28 11:23:50 1.7
@@ -1,11 +1,11 @@ @@ -1,11 +1,11 @@
1$NetBSD: distinfo,v 1.6 2017/07/13 13:02:43 wiz Exp $ 1$NetBSD: distinfo,v 1.7 2017/10/28 11:23:50 khorben Exp $
2 2
3SHA1 (lp_solve_5.5.2.3_source.tar.gz) = 867a606fcc77612b71a0a6baa5f07a273f3023a7 3SHA1 (lp_solve_5.5.2.3_source.tar.gz) = 867a606fcc77612b71a0a6baa5f07a273f3023a7
4RMD160 (lp_solve_5.5.2.3_source.tar.gz) = 5657c47cf996979072fb2a1135d071e48da52ea1 4RMD160 (lp_solve_5.5.2.3_source.tar.gz) = 5657c47cf996979072fb2a1135d071e48da52ea1
5SHA512 (lp_solve_5.5.2.3_source.tar.gz) = ed4c9e993e6836fdc8bae76d4ff2f48594d6f9ababbedaf83253d0e31815faa8608b110866b03a0336a7334c531efb9987ec231f8e7a62eff7efea683a1868cf 5SHA512 (lp_solve_5.5.2.3_source.tar.gz) = ed4c9e993e6836fdc8bae76d4ff2f48594d6f9ababbedaf83253d0e31815faa8608b110866b03a0336a7334c531efb9987ec231f8e7a62eff7efea683a1868cf
6Size (lp_solve_5.5.2.3_source.tar.gz) = 812420 bytes 6Size (lp_solve_5.5.2.3_source.tar.gz) = 812420 bytes
7SHA1 (patch-aa) = a77ec29e056252b3b82c1a1acdd463b5ff7f6f6b 7SHA1 (patch-aa) = a77ec29e056252b3b82c1a1acdd463b5ff7f6f6b
8SHA1 (patch-demo_ccc) = dd5d00bce28fa89db343489bf22f0c96d3a9894b 8SHA1 (patch-demo_ccc) = dd5d00bce28fa89db343489bf22f0c96d3a9894b
9SHA1 (patch-lp__solve_ccc) = a83a73f420bae7a9529bac8cf5f283651d27c80d 9SHA1 (patch-lp__solve_ccc) = e8d3e4288a06781274a5bf3a8bbbf6712d0da3d9
10SHA1 (patch-lp__utils.c) = b0774bd7b323f12c97c7bc78c26f64a75c841f34 10SHA1 (patch-lp__utils.c) = b0774bd7b323f12c97c7bc78c26f64a75c841f34
11SHA1 (patch-lpsolve55_ccc) = c84ba64ffaa5aa9f04701c771b644f99318bc6da 11SHA1 (patch-lpsolve55_ccc) = b993badb27095b34fb60436a7bc5e69b2911c6b3
cvs diff -r1.3 -r1.4 pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc (expand / switch to unified diff)

--- pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc 2017/07/13 13:02:43 1.3
+++ pkgsrc/math/lp_solve/patches/patch-lp__solve_ccc 2017/10/28 11:23:50 1.4
@@ -1,23 +1,65 @@ @@ -1,23 +1,65 @@
1$NetBSD: patch-lp__solve_ccc,v 1.3 2017/07/13 13:02:43 wiz Exp $ 1$NetBSD: patch-lp__solve_ccc,v 1.4 2017/10/28 11:23:50 khorben Exp $
2 2
3recent versions of gcc are noisy unless main() is declared returning 'int' 3recent versions of gcc are noisy unless main() is declared returning 'int'
4and isnan() needs a floating argument else NOISNAN is defined causing 4and isnan() needs a floating argument else NOISNAN is defined causing
5problems. 5problems.
6 6
7--- lp_solve/ccc.orig 2009-01-25 18:39:03.000000000 +0000 7--- lp_solve/ccc.orig 2009-01-25 18:39:03.000000000 +0000
8+++ lp_solve/ccc 8+++ lp_solve/ccc
9@@ -20,7 +20,7 @@ math=-lm 9@@ -2,31 +2,36 @@
10 echo '#include <stdio.h>'>>/tmp/isnan.c 10 src='../lp_MDO.c ../shared/commonlib.c ../colamd/colamd.c ../shared/mmio.c ../shared/myblas.c ../ini.c ../fortify.c ../lp_rlp.c ../lp_crash.c ../bfp/bfp_LUSOL/lp_LUSOL.c ../bfp/bfp_LUSOL/LUSOL/lusol.c ../lp_Hash.c ../lp_lib.c ../lp_wlp.c ../lp_matrix.c ../lp_mipbb.c ../lp_MPS.c ../lp_params.c ../lp_presolve.c ../lp_price.c ../lp_pricePSE.c ../lp_report.c ../lp_scale.c ../lp_simplex.c lp_solve.c ../lp_SOS.c ../lp_utils.c ../yacc_read.c'
11 echo '#include <stdlib.h>'>>/tmp/isnan.c 11 c=cc
12 echo '#include <math.h>'>>/tmp/isnan.c 12
 13+tmpdir=$(mktemp -d)
 14+[ $? -eq 0 ] || return 2
 15+
 16 #determine platform (32/64 bit)
 17->/tmp/platform.c
 18-echo '#include <stdlib.h>'>>/tmp/platform.c
 19-echo '#include <stdio.h>'>>/tmp/platform.c
 20-echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>/tmp/platform.c
 21-$c /tmp/platform.c -o /tmp/platform
 22-PLATFORM=`/tmp/platform`
 23-rm /tmp/platform /tmp/platform.c >/dev/null 2>&1
 24+>$tmpdir/platform.c
 25+echo '#include <stdlib.h>'>>$tmpdir/platform.c
 26+echo '#include <stdio.h>'>>$tmpdir/platform.c
 27+echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>$tmpdir/platform.c
 28+$c $tmpdir/platform.c -o $tmpdir/platform
 29+PLATFORM=`$tmpdir/platform`
 30+rm $tmpdir/platform $tmpdir/platform.c >/dev/null 2>&1
 31
 32 mkdir bin bin/$PLATFORM >/dev/null 2>&1
 33
 34 math=-lm
 35
 36 #check if this system has the isnan function
 37->/tmp/isnan.c
 38-echo '#include <stdio.h>'>>/tmp/isnan.c
 39-echo '#include <stdlib.h>'>>/tmp/isnan.c
 40-echo '#include <math.h>'>>/tmp/isnan.c
13-echo 'main(){isnan(0);}'>>/tmp/isnan.c 41-echo 'main(){isnan(0);}'>>/tmp/isnan.c
14+echo 'int main(){isnan(0.0);}'>>/tmp/isnan.c 42-$c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1
15 $c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1 43+>$tmpdir/isnan.c
 44+echo '#include <stdio.h>'>>$tmpdir/isnan.c
 45+echo '#include <stdlib.h>'>>$tmpdir/isnan.c
 46+echo '#include <math.h>'>>$tmpdir/isnan.c
 47+echo 'int main(){isnan(0.0);}'>>$tmpdir/isnan.c
 48+$c $tmpdir/isnan.c -o $tmpdir/isnan $math >/dev/null 2>&1
16 if [ $? = 0 ] 49 if [ $? = 0 ]
17 then NOISNAN= 50 then NOISNAN=
18@@ -38,4 +38,4 @@ then opts='-O0' 51 else NOISNAN=-DNOISNAN
 52 fi
 53-rm /tmp/isnan.c /tmp/isnan >/dev/null 2>&1
 54+rm $tmpdir/isnan.c $tmpdir/isnan >/dev/null 2>&1
 55+
 56+rmdir $tmpdir
 57
 58 opts='-O3'
 59
 60@@ -38,4 +43,4 @@ then opts='-O0'
19 else dl=-ldl 61 else dl=-ldl
20 fi 62 fi
21  63
22-$c -I.. -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I../shared $opts $def $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src -o bin/$PLATFORM/lp_solve $math $dl 64-$c -I.. -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I../shared $opts $def $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src -o bin/$PLATFORM/lp_solve $math $dl
23+$c -I.. -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I../shared $opts $def $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src -o bin/$PLATFORM/lp_solve $math $DL_LDADD $LDFLAGS 65+$c -I.. -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I../shared $opts $def $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src -o bin/$PLATFORM/lp_solve $math $DL_LDADD $LDFLAGS
cvs diff -r1.3 -r1.4 pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc (expand / switch to unified diff)

--- pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc 2017/07/13 13:02:43 1.3
+++ pkgsrc/math/lp_solve/patches/patch-lpsolve55_ccc 2017/10/28 11:23:50 1.4
@@ -1,26 +1,66 @@ @@ -1,26 +1,66 @@
1$NetBSD: patch-lpsolve55_ccc,v 1.3 2017/07/13 13:02:43 wiz Exp $ 1$NetBSD: patch-lpsolve55_ccc,v 1.4 2017/10/28 11:23:50 khorben Exp $
2 2
3recent versions of gcc are noisy unless main() is declared returning 'int' 3recent versions of gcc are noisy unless main() is declared returning 'int'
4and isnan() needs a floating argument else NOISNAN is defined causing 4and isnan() needs a floating argument else NOISNAN is defined causing
5problems. 5problems.
6 6
7--- lpsolve55/ccc.orig 2009-03-25 00:27:18.000000000 +0000 7--- lpsolve55/ccc.orig 2009-03-25 00:27:18.000000000 +0000
8+++ lpsolve55/ccc 8+++ lpsolve55/ccc
9@@ -18,7 +18,7 @@ mkdir bin bin/$PLATFORM >/dev/null 2>&1 9@@ -2,29 +2,34 @@
10 echo '#include <stdio.h>'>>/tmp/isnan.c 10 src='../lp_MDO.c ../shared/commonlib.c ../shared/mmio.c ../shared/myblas.c ../ini.c ../fortify.c ../colamd/colamd.c ../lp_rlp.c ../lp_crash.c ../bfp/bfp_LUSOL/lp_LUSOL.c ../bfp/bfp_LUSOL/LUSOL/lusol.c ../lp_Hash.c ../lp_lib.c ../lp_wlp.c ../lp_matrix.c ../lp_mipbb.c ../lp_MPS.c ../lp_params.c ../lp_presolve.c ../lp_price.c ../lp_pricePSE.c ../lp_report.c ../lp_scale.c ../lp_simplex.c ../lp_SOS.c ../lp_utils.c ../yacc_read.c'
11 echo '#include <stdlib.h>'>>/tmp/isnan.c 11 c=cc
12 echo '#include <math.h>'>>/tmp/isnan.c 12
 13+tmpdir=$(mktemp -d)
 14+[ $? -eq 0 ] || return 2
 15+
 16 #determine platform (32/64 bit)
 17->/tmp/platform.c
 18-echo '#include <stdlib.h>'>>/tmp/platform.c
 19-echo '#include <stdio.h>'>>/tmp/platform.c
 20-echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>/tmp/platform.c
 21-$c /tmp/platform.c -o /tmp/platform
 22-PLATFORM=`/tmp/platform`
 23-rm /tmp/platform /tmp/platform.c >/dev/null 2>&1
 24+>$tmpdir/platform.c
 25+echo '#include <stdlib.h>'>>$tmpdir/platform.c
 26+echo '#include <stdio.h>'>>$tmpdir/platform.c
 27+echo 'main(){printf("ux%d", (int) (sizeof(void *)*8));}'>>$tmpdir/platform.c
 28+$c $tmpdir/platform.c -o $tmpdir/platform
 29+PLATFORM=`$tmpdir/platform`
 30+rm $tmpdir/platform $tmpdir/platform.c >/dev/null 2>&1
 31
 32 mkdir bin bin/$PLATFORM >/dev/null 2>&1
 33
 34 #check if this system has the isnan function
 35->/tmp/isnan.c
 36-echo '#include <stdio.h>'>>/tmp/isnan.c
 37-echo '#include <stdlib.h>'>>/tmp/isnan.c
 38-echo '#include <math.h>'>>/tmp/isnan.c
13-echo 'main(){isnan(0);}'>>/tmp/isnan.c 39-echo 'main(){isnan(0);}'>>/tmp/isnan.c
14+echo 'int main(){isnan(0.0);}'>>/tmp/isnan.c 40-$c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1
15 $c /tmp/isnan.c -o /tmp/isnan $math >/dev/null 2>&1 41+>$tmpdir/isnan.c
 42+echo '#include <stdio.h>'>>$tmpdir/isnan.c
 43+echo '#include <stdlib.h>'>>$tmpdir/isnan.c
 44+echo '#include <math.h>'>>$tmpdir/isnan.c
 45+echo 'int main(){isnan(0.0);}'>>$tmpdir/isnan.c
 46+$c $tmpdir/isnan.c -o $tmpdir/isnan $math >/dev/null 2>&1
16 if [ $? = 0 ] 47 if [ $? = 0 ]
17 then NOISNAN= 48 then NOISNAN=
18@@ -44,7 +44,7 @@ ranlib bin/$PLATFORM/liblpsolve55.a 49 else NOISNAN=-DNOISNAN
 50 fi
 51-rm /tmp/isnan.c /tmp/isnan >/dev/null 2>&1
 52+rm $tmpdir/isnan.c $tmpdir/isnan >/dev/null 2>&1
 53+
 54+rmdir $tmpdir
 55
 56 def=
 57 so=
 58@@ -44,7 +49,7 @@ ranlib bin/$PLATFORM/liblpsolve55.a
19 if [ "$so" != "" ] 59 if [ "$so" != "" ]
20 then 60 then
21 $c -fpic -s -c -I.. -I../shared -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I. $opts $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src 61 $c -fpic -s -c -I.. -I../shared -I../bfp -I../bfp/bfp_LUSOL -I../bfp/bfp_LUSOL/LUSOL -I../colamd -I. $opts $NOISNAN -DYY_NEVER_INTERACTIVE -DPARSER_LP -DINVERSE_ACTIVE=INVERSE_LUSOL -DRoleIsExternalInvEngine $src
22- $c -shared -Wl,-Bsymbolic -Wl,-soname,liblpsolve55.so -o bin/$PLATFORM/liblpsolve55.so `echo $src|sed s/[.]c/.o/g|sed 's/[^ ]*\///g'` -lc -lm -ldl 62- $c -shared -Wl,-Bsymbolic -Wl,-soname,liblpsolve55.so -o bin/$PLATFORM/liblpsolve55.so `echo $src|sed s/[.]c/.o/g|sed 's/[^ ]*\///g'` -lc -lm -ldl
23+ $c -shared -Wl,-Bsymbolic -Wl,-soname,liblpsolve55.so -o bin/$PLATFORM/liblpsolve55.so `echo $src|sed s/[.]c/.o/g|sed 's/[^ ]*\///g'` -lc -lm $DL_LDADD $LDFLAGS 63+ $c -shared -Wl,-Bsymbolic -Wl,-soname,liblpsolve55.so -o bin/$PLATFORM/liblpsolve55.so `echo $src|sed s/[.]c/.o/g|sed 's/[^ ]*\///g'` -lc -lm $DL_LDADD $LDFLAGS
24 fi 64 fi
25  65
26 rm *.o 2>/dev/null 66 rm *.o 2>/dev/null