701928 – dev-libs/libtasn1-4.15.0 : QA Notice: The following files contain insecure RUNPATHs: .../image/usr/bin/corpus2array: RPATH: .../work/libtasn1-4.15.0-abi_x86_64.amd64/lib/.libs

Bug 701928 - dev-libs/libtasn1-4.15.0 : QA Notice: The following files contain insecure RUNPATHs: .../image/usr/bin/corpus2array: RPATH: .../work/libtasn1-4.15.0-abi_x86_64.amd64/lib/.libs

Summary: dev-libs/libtasn1-4.15.0 : QA Notice: The following files contain insecure RU...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal with 1 vote (vote)
Assignee:	Crypto team [DISABLED]

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2019-12-03 20:36 UTC by Jonas Stein
Modified:	2019-12-10 08:54 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
sys conf (sys conf.txt,13.84 KB, text/plain) 2019-12-04 12:32 UTC, 7_9j~HTz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jonas Stein gentoo-dev

2019-12-03 20:36:53 UTC

Auto fixing rpaths for /var/tmp/portage/dev-libs/libtasn1-4.15.0/image/usr/bin/corpus2array

 * QA Notice: The following files contain insecure RUNPATHs
 *  Please file a bug about this at https://bugs.gentoo.org/
 *  with the maintainer of the package.
 *   /var/tmp/portage/dev-libs/libtasn1-4.15.0/image/usr/bin/corpus2array
 *     RPATH: /var/tmp/portage/dev-libs/libtasn1-4.15.0/work/libtasn1-4.15.0-abi_x86_64.amd64/lib/.libs


Reproducible: Always

Comment 1 7_9j~HTz 2019-12-04 12:32:54 UTC

Created attachment 598408 [details]
sys conf

ran into same issue

[ebuild     U ] dev-libs/libtasn1-4.15.0 [4.13] USE="-doc -static-libs -test -valgrind" ABI_X86="(64) -32 (-x32)"

* Messages for package dev-libs/libtasn1-4.15.0:

 * ERROR: dev-libs/libtasn1-4.15.0::gentoo failed:
 *   Aborting due to serious QA concerns with RUNPATH/RPATH
 *
 * Call stack:
 *     misc-functions.sh, line 586:  Called install_qa_check
 *     misc-functions.sh, line 132:  Called source 'install_symlink_html_docs'
 *   10executable-issues, line 145:  Called elf_check
 *   10executable-issues, line 139:  Called die
 * The specific snippet of code:
 *             die "Aborting due to serious QA concerns with RUNPATH/RPATH"

There are no logs found at the advertised path /var/tmp/portage/dev-libs/libtasn1-4.15.0/

Comment 2 Arfrever Frehtes Taifersar Arahesis 2019-12-10 08:21:33 UTC

corpus2array executable is no longer installed after this upstream commit:

https://gitlab.com/gnutls/libtasn1/commit/49d6e3f0a4b5fd4da31228d23ae9efabef20c1ca
"fuzz: do not install generated fuzzers and tools"

Comment 3 Larry the Git Cow gentoo-dev

2019-12-10 08:54:18 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=449306051cfb72a238b59efc4f5c23e9f1e66cde

commit 449306051cfb72a238b59efc4f5c23e9f1e66cde
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-12-10 08:53:06 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-12-10 08:54:12 +0000

    dev-libs/libtasn1: Revbump to not install fuzzer tool anymore
    
    Thanks-to: Arfrever Frehtes Taifersar Arahesis <arfrever.fta@gmail.com>
    Closes: https://bugs.gentoo.org/701928
    Package-Manager: Portage-2.3.81, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 .../files/libtasn1-4.15.0-noinst_fuzzer_tool.patch | 35 ++++++++++++++++++++++
 ...sn1-4.15.0.ebuild => libtasn1-4.15.0-r1.ebuild} |  9 ++++--
 2 files changed, 42 insertions(+), 2 deletions(-)