>>> Completed installing plplot-5.10.0-r1 into /mnt/1TB/var/tmp/portage/sci-libs/plplot-5.10.0-r1/image/ scanelf: rpath_security_checks(): Security problem NULL DT_RUNPATH in /mnt/1TB/var/tmp/portage/sci-libs/plplot-5.10.0-r1/image/usr/lib64/plplot/plplotjavac_wrap.so Auto fixing rpaths for /mnt/1TB/var/tmp/portage/sci-libs/plplot-5.10.0-r1/image/usr/lib64/plplot/plplotjavac_wrap.so * QA Notice: The following files contain insecure RUNPATHs * Please file a bug about this at http://bugs.gentoo.org/ * with the maintaining herd of the package. * /mnt/1TB/var/tmp/portage/sci-libs/plplot-5.10.0-r1/image/usr/lib64/plplot/plplotjavac_wrap.so *
Opened https://sourceforge.net/p/plplot/bugs/160/
Maybe plplot-5.11.0 will be better? Makes no sense to open yet another bug report for the version bump, right? ;-) http://sourceforge.net/p/plplot/news/2015/04/plplot-5110-has-been-released/
Somebody please answer Alan's comment: assigned_to: Alan W. Irwin Group: --> Comment: Is the issue that you forgot to set -DUSE_RPATH=OFF as a cmake option? That option means that rpath is not set for installed libraries and executables. That option has been used for years by Debian and Fedora packagers so that might be all you need to solve the above problem.
*** Bug 515964 has been marked as a duplicate of this bug. ***
We are using -DUSE_RPATH=OFF for long but somehow java is no respecting it.
Hi, would somebody please answer at https://sourceforge.net/p/plplot/bugs/160/ the recent activity on this issue (on behalf of Gentoo)? Thank you.
Dear Martin, I've corresponded with Alan and found the issue (it's purely a Gentoo issue). I'll push the fix this evening.
commit 86b02d33cd1e4fe22c92754467b376d9f3e76f2c Author: David Seifert <soap@gentoo.org> Date: Tue Jan 19 19:03:33 2016 +0100 sci-libs/plplot: Do not copy plplotjavac_wrap.so from BUILD_DIR Gentoo-Bug: 546578 Instead, we use the installed .so file instead, which has RPATH removed by cmake and register the .so file with the Java environment.
Thank you David.
*** Bug 572368 has been marked as a duplicate of this bug. ***
@arches, please stable =sci-libs/plplot-5.11.1-r1
@security, is this something which belongs into your hands?
(In reply to Justin Lecher from comment #12) > @security, is this something which belongs into your hands? From a quick glance, no, this is something that can be fixed by maintainer without security involvement. Thanks for asking :)
amd64 stable
x86 stable
ppc stable. Closing.
