First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 140295
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Daniel Black <dragonheart@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
qdbm-runpath2.diff qdbm-runpath2.diff patch Daniel Black 2006-07-13 21:00 0000 1.31 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 140295 depends on: Show dependency tree
Show dependency graph
Bug 140295 blocks: 81745

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-07-13 20:59 0000 
qdbm-1.8.48 (stable) contains RUNPATH issues as a result of
LD_RUN_PATH=/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib

qdbm-1.8.49 and qdbm-1.8.53 also suffer the same problem.
same as bug 108534 but different version

From emerge:
ln -f -s libqdbm.so.12.9.0 libqdbm.so
LD_RUN_PATH=/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
i686-pc-linux-gnu-gcc -Wall -ansi -pedantic -fPIC -fsigned-char -O2
-fomit-frame-pointer -DNDEBUG -o dpmgr dpmgr.o -L.
-L/var/tmp/portage/qdbm-1.8.48/homedir/lib -L/usr/local/lib -lqdbm -lbz2 -lz
-lpthread -lc


QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 with the maintaining herd of the package.
 Summary: dev-db/qdbm: insecure RPATH
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/dpmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/dptsv
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/crmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/crtsv
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/rlmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/hvmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/cbcodec
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/vlmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/vltsv
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/odmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/odidx
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/dpmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/dptsv
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/crmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/crtsv
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/rlmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/hvmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/cbcodec
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/vlmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/vltsv
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/odmgr
/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib
usr/bin/odidx

# emerge --info
Portage 2.1-r1 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.5-r2, 2.6.14-hardened-r5
i686)
=================================================================
System uname: 2.6.14-hardened-r5 i686 Pentium III (Coppermine)
Gentoo Base System version 1.6.15
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632)
[enabled]
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.3.5, 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2

------- Comment #1 From Daniel Black 2006-07-13 21:00:30 0000 ------- 
Created an attachment (id=91671) [edit]
qdbm-runpath2.diff

a fix

------- Comment #2 From Daniel Black 2006-09-06 17:46:28 0000 ------- 
*** Bug 146623 has been marked as a duplicate of this bug. ***

------- Comment #3 From Akinori Hattori 2006-10-30 03:59:43 0000 ------- 
arm, s390 and sh need to stabilize 1.8.70-r1 to fix this bug.

------- Comment #4 From Daniel Black 2006-12-27 11:26:16 0000 ------- 
qdbm-1.8.70-r1 all stable as per bug 149578

GLSA vote no as portage has fixed runpath issues before install for ages and
its pretty hard to exploit.

Time for closure and qdbm-1.8.46 removal (nothing explictly needs this
version)?

------- Comment #5 From Daniel Black 2006-12-31 04:15:53 0000 ------- 
Closing - thanks Tavis
First Last Prev Next    No search results available      Search page      Enter new bug