Bug 117297 - dev-games/cegui-0.4.1 contains insecure RUNPATH
|
Bug#:
117297
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: folken@folkwolf.net
|
|
Component: Runpath Issues
|
|
|
URL:
|
|
Summary: dev-games/cegui-0.4.1 contains insecure RUNPATH
|
|
Keywords:
|
|
Status Whiteboard: ~2 [ebuild]
|
|
Opened: 2005-12-31 11:33 0000
|
QA Notice: the following files contain insecure RUNPATH's
Please file a bug about this at http://bugs.gentoo.org/
For more information on this issue, kindly review:
http://bugs.gentoo.org/81745
/var/tmp/portage/cegui-0.4.1/work/cegui_mk2/src/renderers/OpenGLGUIRenderer/.libs:/usr/lib/gcc/i686-pc-linux-gnu/3.4.4
usr/share/doc/cegui-0.4.1/Samples/common/src/.libs/libCEGUISampleHelper.so
/var/tmp/portage/cegui-0.4.1/work/cegui_mk2/src/renderers/OpenGLGUIRenderer/.libs:/usr/lib/gcc/i686-pc-linux-gnu/3.4.4
usr/share/doc/cegui-0.4.1/Samples/common/src/.libs/libCEGUISampleHelper.so.0.0.0
/var/tmp/portage/cegui-0.4.1/work/cegui_mk2/src/renderers/OpenGLGUIRenderer/.libs:/usr/lib/gcc/i686-pc-linux-gnu/3.4.4
usr/share/doc/cegui-0.4.1/Samples/common/src/.libs/libCEGUISampleHelper.so.0
Portage 2.0.53 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r2,
2.6.14-gent
oo-r2 i686)
=================================================================
System uname: 2.6.14-gentoo-r2 i686 AMD Sempron(tm) Processor 2600+
Gentoo Base System version 1.6.13
dev-lang/python: 2.3.5-r2, 2.4.2
sys-apps/sandbox: 1.2.10
sys-devel/autoconf: 2.13, 2.59-r6
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils: 2.16.1
sys-devel/libtool: 1.5.20
virtual/os-headers: 2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium3 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env
/usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium3 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 16bit 3dnow 3dnowext X a52 aac accounting acl acpi alsa apache2 apm
arts audiofile bash-completion berkdb bitmap-fonts bootsplash bzip2 cegui
chroot cjk crypt cscope cups curl devil devmap dga dnd doc dts dvd dxr3 ecc eds
encode enscript erandom esd exif expat fam ffmpeg flac font-server foomaticdb
fortran gd gdbm gif glut gmp gnome gnomedb gphoto2 gpm gstreamer gtk gtk2
high-ints idn ieee1394 imagemagick imap imlib intl ipv6 j2ee jack java javadoc
jce jikes jpeg junit kde lcms libcaca libg++ libwww lm_sensors logitech-mouse
lzw lzw-tiff mad mailbox maildir matrox mbox mikmod mime mmx mmxext mng motif
mozilla mp3 mpeg mpeg2 mpeg4 ncurses network nls nptl ogg oggvorbis openal
opengl oss pam pcre pdflib perforce perl pg-intdatetime png postgres ppds
python qt readline recode ruby samba sdl skey slang speex spell sql sqlite sse
sse2 ssl subversion svg svga svgz tcpd tetex theora threads tiff truetype
truetype-fonts type1-fonts udev unicode usb userlocales utf8 v4l v4l2 vdesktop
vidix vim-pager visualization vorbis win32codecs xine xinerama xml2 xrandr xv
xvid xvmc zlib video_cards_matrox userland_GNU kernel_linux elibc_glibc"
Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
please provide a fixed ebuild, thx.
I have this same issue.
Portage 2.0.53 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2,
2.6.14-gentoo-r5 i686)
=================================================================
System uname: 2.6.14-gentoo-r5 i686 Intel(R) Pentium(R) 4 CPU 3.60GHz
Gentoo Base System version 1.6.13
dev-lang/python: 2.2.3-r5, 2.3.5-r2, 2.4.2
sys-apps/sandbox: 1.2.12
sys-devel/autoconf: 2.13, 2.59-r6
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils: 2.16.1
sys-devel/libtool: 1.5.20
virtual/os-headers: 2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=pentium4 -funroll-loops -fprefetch-loop-arrays -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.1/share/config
/usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config
/usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config
/usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config
/usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb
/usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=pentium4 -funroll-loops -fprefetch-loop-arrays -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.ussg.iu.edu/pub/linux/gentoo
http://gentoo.chem.wisc.edu/gentoo/ http://cudlug.cudenver.edu/gentoo/
ftp://ftp.ndlug.nd.edu/pub/gentoo/ ftp://ftp.wwc.edu/pub/mirrors/ftp.gentoo.org
"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="x86 X aac alsa apm arts audiofile avi berkdb bitmap-fonts browserplugin
bzip2 cdparanoia cdr cegui cg crypt cups curl devil doc dvd dvdr dvdread eds
emboss encode esd exif expat fam flac foomaticdb fortran gd gdbm gif glut gnome
gpm gstreamer gt gtk gtk2 idn imagemagick imlib ipv6 java jpeg junit kde lcms
libg++ libwww mad matroska mikmod mng motif mozilla mp3 mpeg mplayer music
ncurses nls nptl offensive ogg oggvorbis openal opengl oss pam pcre pdflib perl
png ppds python qt quicktime readline real recode samba sdl slang speex spell
sqlite ssl svga tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts udev
unicode voice vorbis win32codecs xine xml xml2 xmms xv zlib userland_GNU
kernel_linux elibc_glibc"
Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
I can't reproduce this.
Can you try building with CFLAGS="-pipe" CXXFLAGS="-pipe" only and see if it
still happens please?
(In reply to comment #4)
> I can't reproduce this.
>
> Can you try building with CFLAGS="-pipe" CXXFLAGS="-pipe" only and see if it
> still happens please?
>
I can still reproduce this when CFLAGS="-pipe" and CXXFLAGS="-pipe"
(In reply to comment #4)
> I can't reproduce this.
>
> Can you try building with CFLAGS="-pipe" CXXFLAGS="-pipe" only and see if it
> still happens please?
>
Failed for me as well. Same error.
I think I did this right, this is what I ran,
CFAGS="-pipe" CXXFLAGS="-pipe" emerge cegui
CFLAGS wouldnt have anything to do with it
someone run `emerge cegui >& log` and post the log as an attachment
Created an attachment (id=76640) [details]
cause of the problem
this is a libtool file found in Samples/common/src seems to be the cause. One
way to work around it is to patch this file, during the install phase so that
it doesn't add the rpath when relinking.
Created an attachment (id=76790) [details]
patch to cegui-0.4.0 ebuild
This is a patch to the cegui-0.4.0.ebuild The version 0.4.1 is basically
identical, so the same apply.
Fixed some problem with documentation.
What raised the RUNPATH issues is the raw copy of all the Samples directory,
where autotool generate one of the shared library. Autotool use to fix the
runpath during install, and this library is effectively installed. The library
raising the issue was the not installed: simply copied to the Sample tree. I
removed from the image tree, before leaving the src_install
(In reply to comment #10)
> Created an attachment (id=76790) [edit] [details]
> patch to cegui-0.4.0 ebuild
>
> This is a patch to the cegui-0.4.0.ebuild The version 0.4.1 is basically
> identical, so the same apply.
> Fixed some problem with documentation.
> What raised the RUNPATH issues is the raw copy of all the Samples directory,
> where autotool generate one of the shared library. Autotool use to fix the
> runpath during install, and this library is effectively installed. The library
> raising the issue was the not installed: simply copied to the Sample tree. I
> removed from the image tree, before leaving the src_install
>
This fixed it for me on cegui-0.4.1. Thanks!
Alfredo: many thx for figuring it out.
Games team: please evaluate and bump with patch.
Hi, this patch does indeed fix the issue on two different machines (amd64 and
x86) that I've tried, on version 0.4.1.
thanks, ive converted the ebuild to utilize USE=examples and install a clean
sample source tree
