Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 114418
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: jmdorfman@yahoo.com
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 114418 depends on: Show dependency tree
Bug 114418 blocks: 81745

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-12-04 00:24 0000 
Hello,

I am compiling gplflash 0.4.13 on a dual-core AMD64 system.  It compiles fine,
but when it goes to install, it give me this exact error:

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/gplflash-0.4.13/work/gplflash-0.4.13/lib/.libs
opt/netscape/plugins/libnpflash.so

Thanks!

Reproducible: Always
Steps to Reproduce:
1.emerge gplflash       (version 0.4.13)  (may have to be done on AMD64)
2.
3.

Actual Results:  
during installation of files, recieved this error:

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/gplflash-0.4.13/work/gplflash-0.4.13/lib/.libs
opt/netscape/plugins/libnpflash.so


Expected Results:  
successfully installed the gplflash ebuild

Portage 2.0.53 (default-linux/amd64/2005.1, gcc-3.4.4, glibc-2.3.5-r3,
2.6.15-rc4 x86_64)
=================================================================
System uname: 2.6.15-rc4 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Gentoo Base System version 1.12.0_pre11
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.15
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20-r1
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="amd64 ~amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon64 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 X a52 aac acpi alsa audiofile avi berkdb bitmap-fonts bmp bonobo
bzip2 cdparanoia cdr crypt cups dri dts dv dvd dvdr dvdread eds emboss encode
esd exif expat fam fbcon ffmpeg flac foomaticdb fortran ftp gif glut gnome gpm
gstreamer gtk gtk2 hal idn ieee1394 imlib ipv6 joystick jpeg kde lcms lzw
lzw-tiff mad mikmod mime mng mozilla mp3 mpeg ncurses nls ogg openal opengl pam
pcre pdflib perl png posix python qt quicktime readline samba scanner sdl spell
ssl svg tcpd theora tiff truetype truetype-fonts type1-fonts udev unicode usb
userlocales v4l vcd videos vorbis xine xml xml2 xmms xpm xv yahoo zlib
userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

------- Comment #1 From SpanKY 2005-12-16 16:12:17 0000 ------- 
gplflash's build system has wicked broken autotool handling ... in this case,
they decided to override the default install target by copying the temp .so
file to the install path (which was built with -rpath)

should be fixed in gplflash-0.4.13-r1

------- Comment #2 From Jakub Moc (RETIRED) 2005-12-17 01:56:51 0000 ------- 
*** Bug 115835 has been marked as a duplicate of this bug. ***

------- Comment #3 From Thierry Carrez (RETIRED) 2005-12-23 02:38:06 0000 ------- 
Any hint if this would also affect < 0.4.13 ?

------- Comment #4 From SpanKY 2005-12-23 06:27:25 0000 ------- 
no idea, but it'd prob be best if we punted the older versions anyways

------- Comment #5 From Thierry Carrez (RETIRED) 2005-12-23 10:36:28 0000 ------- 
Then we should test and mark 0.4.13-r1 stable.

------- Comment #6 From Paul Varner 2005-12-23 12:38:45 0000 ------- 
I have epiphany-1.6.4, mozilla-1.7.12-r2, and mozilla-firefox-1.0.7 installed
and all of them fail to detect and use the gplflash-0.4.13-r1 plugin when I
install it.

------- Comment #7 From Simon Stelling (RETIRED) 2005-12-24 13:58:05 0000 ------- 
same here on amd64, firefox can't find the plugin. however, i tried the latest
stable (0.4.10-r3) and apparently it is safe, so there is no need to speed up
stablization IMHO

------- Comment #8 From Thierry Carrez (RETIRED) 2005-12-27 01:04:07 0000 ------- 
OK so let's consider this only affects the recent ~ version and close the
security bug. Feel free to open a separate bug or to reassign this one if you
want to solve the "0.4.13-r1 sucks" issue...

------- Comment #9 From Thierry Carrez (RETIRED) 2005-12-27 02:08:35 0000 ------- 
and do not forget to close.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug