Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 114947
Alias:
Product:
Component:
Status: RESOLVED
Resolution: WORKSFORME
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Bill Gates <cadaver@nerdshack.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 114947 depends on: Show dependency tree
Bug 114947 blocks: 81745

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-12-08 19:59 0000 
making executable: /usr/lib/libapreq2.so.2.1.3 
 
QA Notice: the following files contain insecure RUNPATH's 
 Please file a bug about this at http://bugs.gentoo.org/ 
 For more information on this issue, kindly review: 
 http://bugs.gentoo.org/81745 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Apache2/Apache2.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/CGI/CGI.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Cookie/Cookie.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Error/Error.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Hook/Hook.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Param/Param.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Parser/Parser.so 
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib 
usr/lib/perl5/vendor_perl/5.8.7/i686-linux-thread-multi/auto/APR/Request/Request.so 
 
 
!!! ERROR: www-apache/libapreq2-2.06 failed. 
!!! Function dyn_install, Line 1057, Exitcode 0 
!!! Insecure binaries detected 
!!! If you need support, post the topmost build error, NOT this status 
message. 

Reproducible: Always
Steps to Reproduce:
1.emerge ww-apache/libapreq2-2.06 
 
Actual Results:  
!!! ERROR: www-apache/libapreq2-2.06 failed. 
!!! Function dyn_install, Line 1057, Exitcode 0 
!!! Insecure binaries detected 
!!! If you need support, post the topmost build error, NOT this status 
message.

------- Comment #1 From Bill Gates 2005-12-08 20:01:40 0000 ------- 
Portage 2.0.53 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.6-r0, 
2.6.13-suspend2-r5 i686) 
================================================================= 
System uname: 2.6.13-suspend2-r5 i686 AMD Athlon(TM) XP 2500+ 
Gentoo Base System version 1.6.13 
distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) 
[disabled] 
ccache version 2.4 [disabled] 
dev-lang/python:     2.4.2 
sys-apps/sandbox:    1.2.13 
sys-devel/autoconf:  2.13, 2.59-r7 
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 
sys-devel/binutils:  2.16.1-r1 
sys-devel/libtool:   1.5.20-r1 
virtual/os-headers:  2.6.11-r3 
ACCEPT_KEYWORDS="x86 ~x86" 
AUTOCLEAN="yes" 
CBUILD="i686-pc-linux-gnu" 
CFLAGS="-O9 -march=athlon-xp -fno-delayed-branch -fcse-skip-blocks      
-fstrength-reduce -fforce-mem -fpeephole2 -fdelete-null-pointer-checks   
-freorder-functions -freduce-all-givs -s" 
CHOST="i686-pc-linux-gnu" 
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/control" 
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" 
CXXFLAGS="-O9 -march=athlon-xp -fno-delayed-branch -fcse-skip-blocks    
-fstrength-reduce -fforce-mem -fpeephole2 -fdelete-null-pointer-checks   
-freorder-functions -freduce-all-givs -s" 
DISTDIR="/usr/portage/distfiles" 
FEATURES="autoconfig distlocks sandbox sfperms strict" 
GENTOO_MIRRORS="http://ftp.linux.ee/pub/gentoo/distfiles/ 
ftp://ftp.linux.ee/pub/gentoo/distfiles/ http://mirror.aiya.ru/pub/gentoo/ 
ftp://gentoo.inode.at/source/" 
LANG="ru_RU.UTF-8" 
LC_ALL="ru_RU.UTF-8" 
LINGUAS="en ru" 
PKGDIR="/usr/portage/packages" 
PORTAGE_TMPDIR="/var/tmp" 
PORTDIR="/usr/portage" 
SYNC="rsync://rsync.gentoo.org/gentoo-portage" 
USE="x86 16bittmp 3dnow 3dnowext X Xaw3d a52 aac aalib acl acpi ada adns afs 
alsa ansi apache2 apm arts audiofile avi bash-completion berkdb big-tables 
bitmap-fonts bootsplash bzip2 cdparanoia cdr cluster crypt cscope cups curl 
customlog custreloc dbx dga dio directfb divx4linux dlopen dlz dri dv dvb dvd 
dvdr dvdread emboss encode exif expat extensions extraengine fam fastcgi fax 
fbcon fdftk ffmpeg flac follow-xff font-server foomatic foomaticcdb foomaticdb 
fortran freetype ftp gcj gd gdbm geoip geometry gif glitz glut gmp gpm guile 
hal haskell iconv ieee1394 imagemagick imap imlib ipv6 ithreads jack java 
javascript jpeg kde kdeenablefinal kerberos kqemu krb5 latex lcms ldap lesstif 
libcaca libg++ libwww linuxthreads-tls lirc lm_sensors logrotate mad maildir 
mailwrapper matroska matrox menubar mikmod ming mmap mmx mmx2 mmxext mng motif 
mozcalendar mozdevelop mozsvg mp3 mpeg mpi mpm-worker mysql mysqli mythtv nas 
ncurses neXt network nis nls nptl nptlonly nvidia objc odbc offensive ogg 
oggvorbis openal opengl pam pam_console pascal pbs pcre pda pdflib perforce 
perl perlsuid pg-hier pg-intdatetime pic png portaudio posix ppds prelude 
profile python qdmc qt qtaudio quicktime radius readline recode rtc sample 
sasl scanner scp sdk sdl sensord skey slang slp sockets soundtouch spell sql 
sqlite srp sse ssl svg svga tcltk tcpd tetex theora threads tidy tiff truetype 
truetype-fonts type1-fonts udev underscores unicode urandom usb userlocales 
utf8 v4l vhosts vidix visualization vorbis voxware wifi win32codecs wmf xanim 
xface xgetdefault xine xinerama xinetd xml xml2 xsl xv xvid xvmc yahoo zeo 
zero-penalty-hit zeroconf zlib linguas_en linguas_ru userland_GNU kernel_linux 
elibc_glibc" 
Unset:  ASFLAGS, CTARGET, LDFLAGS, MAKEOPTS, PORTDIR_OVERLAY

------- Comment #2 From Bryan Østergaard (RETIRED) 2005-12-10 03:18:07 0000 ------- 
Nothing to do with developer relations.

------- Comment #3 From Michael Cummings (RETIRED) 2005-12-16 14:17:14 0000 ------- 
another 5.8.7 related bug methinks - need to get a metabug for this once i can
confirm the cause (since i can't dup so far). although with cflags like that,
i'd hesitate to touch this bug unless you can verify you have 8 processors

------- Comment #4 From James M 2005-12-17 21:13:32 0000 ------- 
I have this problem too.  Here is my emerge info:


Portage 2.1_pre1 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r3,
2.6.14-hardened-r1 i686)
=================================================================
System uname: 2.6.14-hardened-r1 i686 Intel(R) Xeon(TM) CPU 3.20GHz
Gentoo Base System version 1.12.0_pre11
ccache version 2.4 [enabled]
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r1
sys-devel/libtool:   1.5.20-r1
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.espri.arizona.edu/gentoo/
http://mirror.usu.edu/mirrors/gentoo/ http://mirror.datapipe.net/gentoo
http://mirror.datapipe.net/gentoo http://gentoo.chem.wisc.edu/gentoo/"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j5"
PKGDIR="/usr/portage//packages/x86/"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl acpi apache apache1 bash-completion bzip2 cdr crypt cups dlloader doc
dvd dvr expat extraengine fastcgi foomaticdb gd gdbm gmp hal hardened imap
innodb ithreads javascript jpeg libwww maildir mmx mysql mysqli ncurses nls
no-suexec nptl pam pcre perl php pic png posix profile readline reiserfs sasl
session sockets spell spl sse ssl tcpd tiff tokenizer truetype udev unicode usb
userlocales utf8 vhosts x86 xfs xml xml2 zlib elibc_glibc kernel_linux
userland_GNU"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LINGUAS, PORTDIR_OVERLAY

------- Comment #5 From Michael Cummings (RETIRED) 2005-12-19 09:13:18 0000 ------- 
James - are you also running a threaded perl? (nm that original poster needs to
clean up his make.conf since he disabled distcc but left all the flags intact
for a multi-cpu compile)

------- Comment #6 From James M 2005-12-19 11:34:37 0000 ------- 
Yes I am running a threaded perl.  Here is the applicable part of the  perl -V
output:

 config_args='-des -Darchname=i686-linux-thread -Dcccdlflags=-fPIC
-Dccdlflags=-rdynamic -Dcc=i686-pc-linux-gnu-gcc -Dprefix=/usr
-Dvendorprefix=/usr -Dsiteprefix=/usr -Dlocincpth=  -Doptimize=-O2
-march=pentium4 -pipe -fomit-frame-pointer -Duselargefiles -Dd_semctl_semun
-Dscriptdir=/usr/bin -Dman1dir=/usr/share/man/man1
-Dman3dir=/usr/share/man/man3 -Dinstallman1dir=/usr/share/man/man1
-Dinstallman3dir=/usr/share/man/man3 -Dman1ext=1 -Dman3ext=3pm
-Dinc_version_list=5.8.0 5.8.0/i686-linux-thread-multi 5.8.2
5.8.2/i686-linux-thread-multi 5.8.4 5.8.4/i686-linux-thread-multi 5.8.5
5.8.5/i686-linux-thread-multi 5.8.6 5.8.6/i686-linux-thread-multi 
-Dcf_by=Gentoo -Ud_csh -Dusethreads -Di_ndbm -Di_gdbm -Ui_db'
    hint=recommended, useposix=true, d_sigaction=define
    usethreads=define use5005threads=undef useithreads=define
usemultiplicity=define
    useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
    use64bitint=undef use64bitall=undef uselongdouble=undef
    usemymalloc=n, bincompat5005=undef
  Compiler:
    cc='i686-pc-linux-gnu-gcc', ccflags ='-D_REENTRANT -D_GNU_SOURCE
-DTHREADS_HAVE_PIDS -fno-strict-aliasing -pipe -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64',
    optimize='-O2 -march=pentium4 -pipe -fomit-frame-pointer',
    cppflags='-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS
-fno-strict-aliasing -pipe'
    ccversion='', gccversion='3.4.4 (Gentoo Hardened 3.4.4-r1, ssp-3.4.4-1.0,
pie-8.7.8)', gccosandvers=''
    intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
    d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
    ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t',
lseeksize=8
    alignbytes=4, prototype=define
  Linker and Libraries:
    ld='i686-pc-linux-gnu-gcc', ldflags =' -L/usr/local/lib'
    libpth=/usr/local/lib /lib /usr/lib
    libs=-lpthread -lnsl -lndbm -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
    perllibs=-lpthread -lnsl -ldl -lm -lcrypt -lutil -lc
    libc=/lib/libc-2.3.5.so, so=so, useshrplib=false, libperl=libperl.a
    gnulibc_version='2.3.5'
  Dynamic Linking:
    dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic'
    cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib'


Characteristics of this binary (from libperl):
  Compile-time options: MULTIPLICITY USE_ITHREADS USE_LARGE_FILES
                        PERL_IMPLICIT_CONTEXT
  Built under linux
  Compiled at Dec  6 2005 13:23:19

------- Comment #7 From James M 2005-12-19 13:46:31 0000 ------- 
I just recompiled perl without threads and I am getting a similar error as
below when compiling libapreq2:

strip: i686-pc-linux-gnu-strip --strip-unneeded
   /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/CGI/CGI.so
   /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Hook/Hook.so
  
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Cookie/Cookie.so
  
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Apache2/Apache2.so
   /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Error/Error.so
   /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Param/Param.so
  
/usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Parser/Parser.so
   /usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Request.so
   /usr/lib/libapreq2.so.2.1.3
   /usr/lib/apache2/modules/mod_apreq2.so
removing executable bit: /usr/lib/libapreq2.la

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/CGI/CGI.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Hook/Hook.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Cookie/Cookie.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Apache2/Apache2.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Error/Error.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Param/Param.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Parser/Parser.so
/var/tmp/portage/libapreq2-2.06/work/libapreq2-2.06-dev/library/.libs:/usr/lib
usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/APR/Request/Request.so


!!! ERROR: www-apache/libapreq2-2.06 failed.
!!! Function dyn_install, Line 1113, Exitcode 0
!!! Aborting due to serious QA concerns
!!! If you need support, post the topmost build error, NOT this status message.

------- Comment #8 From James M 2005-12-19 14:38:21 0000 ------- 
I took at look at #105054 (the same problem with subversion).  I noticed there
was a patch to ExtUtils::MakeMaker.  But for some reason when I re-emerged
perl, it did not apply this patch.  So I hacked the module manually and I was
able to both emerge libapreq2 and subversion.

------- Comment #9 From Stefan Cornelius (RETIRED) 2006-01-08 13:28:37 0000 ------- 
If you haven't done so, please run "perl-cleaner all" (app-admin/perl-cleaner)
and retry to emerge libapreq. Report back if that worked, please. Thanks.

------- Comment #10 From Thierry Carrez (RETIRED) 2006-01-15 09:45:31 0000 ------- 
Also if you have ExtUtils-MakeMaker installed, unmerge it and try again.

------- Comment #11 From Thierry Carrez (RETIRED) 2006-01-16 05:53:20 0000 ------- 
Reporter: resolving as WORKSFORME, if workarounds in comments #8 #9 or #10
don't cut it for you please reopen
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug