Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 105380

Summary: net-nds/openldap uses insecure RPATH, fails to emerge with portage-2.0.52-r1
Product: Gentoo Security Reporter: Jason Wever (RETIRED) <weeve>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: alexh, casta, cbm, chris, chuck.wegrzyn, dev-zero, ed, ensonic, gentoo-bugs2, gentoo-bugzilla.reg, gentoo, Heinz.Hombergs, herbs, iyosifov, jlp.bugs, jokey, jrmalaq, plate, portage, robbat2, seemant, spider, strerror, will.briggs, wolf31o2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 81745    
Attachments:
Description Flags
diff-against-2.2.28-r2 ebuild
none
diff-from-2.2.28-r2-ebuild
none
openldap-2.1.30-autoconf25.patch
none
openldap-2.1.30-rpath.patch none

Description Jason Wever (RETIRED) gentoo-dev 2005-09-09 06:40:54 UTC
As the title states, openldap fails to emerge with portage-2.0.52-r1, dying with
the following error message;

making executable: /usr/lib/liblber-2.2.so.7.0.21
making executable: /usr/lib/liblber.so.2.0.130
making executable: /usr/lib/libldap-2.2.so.7.0.21
making executable: /usr/lib/libldap.so.2.0.130
making executable: /usr/lib/libldap_r-2.2.so.7.0.21
making executable: /usr/lib/libldap_r.so.2.0.130
making executable: /usr/lib/libslapi-2.2.so.7.0.21

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/openldap-2.2.28-r1/work/openldap-2.1.30/libraries/liblber/.libs
usr/lib/libldap.so.2.0.130
/var/tmp/portage/openldap-2.2.28-r1/work/openldap-2.1.30/libraries/liblber/.libs
usr/lib/libldap_r.so.2.0.130


!!! ERROR: net-nds/openldap-2.2.28-r1 failed.
!!! Function dyn_install, Line 1044, Exitcode 0
!!! Insecure binaries detected
!!! If you need support, post the topmost build error, NOT this status message.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-09-11 16:45:31 UTC
Please attach a patch.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-09-14 02:58:44 UTC
Downgrading severity of those since portage group is kinda restricted...
Tavis, could you help with the patch ?
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-09-21 05:35:43 UTC
Reporter : could you please check that it still happens after the latest Perl
upgrade...
Comment 4 Jason Wever (RETIRED) gentoo-dev 2005-09-21 09:01:27 UTC
This problem still persists even after the upgrade to dev-lang/perl-5.8.7-r1.
Comment 5 kakou 2005-09-29 05:31:55 UTC
same problem with several package : 
openldap
libpreludedb 
...

my update is blocked since 3 weeks
[ebuild     U ] net-nds/openldap-2.2.28-r1 [2.2.28] +berkdb +crypt -debug +gdbm
-ipv6 -kerberos -minimal -odbc +perl +readline +samba -sasl -slp +ssl +tcpd 0 kB 
[ebuild     U ] dev-libs/libprelude-0.9.0 [0.9.0_rc14] +perl +python 0 kB 
[ebuild     U ] dev-libs/libpreludedb-0.9.0 [0.9.0_rc13] -debug -doc +mysql
+perl -postgres +python 544 kB 

Portage 2.0.52-r1 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r1,
2.6.13-hardened-kakou i686)
=================================================================
System uname: 2.6.13-hardened-kakou i686 AMD Athlon(tm) XP 2000+
Gentoo Base System version 1.12.0_pre8
dev-lang/python:     2.2.3-r6, 2.3.5, 2.4.1-r1
sys-apps/sandbox:    1.2.13
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env
/usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/bind
/var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
DISTDIR="/mnt/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://ftp.gentoo.skynet.be/pub/gentoo/"
LANG="fr_FR@euro"
LC_ALL="fr_FR@euro"
LINGUAS="fr"
MAKEOPTS="-j2"
PKGDIR="/mnt/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="x86 3dnow 3dnowex 3dnowext X Xaw3d acl acpi acpi4linux alsa amd antlr
apache2 arts bash-completion bcel berkdb bsh bzip2 bzlib cdr chroot crypt cscope
cups curl devmap dga dlloader dvd dvdr emacs encode esd extensions faad fam
fbcon flac freetype fs gd gdbm gif gmp gnutls gpm gstreamer gtk hardened
imagemagick imap imlib java javamail javascript jdepend joystick jpeg junit ldap
libwww live lm_sensors log4j logitech-mouse mad mcal md5sum memlimit mikmod
mldonkeypango mmx motif mozilla mysql nagios-dns nagios-ssh nas native ncurses
net nfsv4 nls nptl nvidia ogg opengl optional-tasks oro pam pdflib perl pic pie
png prelude python qmail qt readline ruby samba sdl slang snmp snortsam
softquota spamassassin sse ssl svga tcltk tcpd tetex theora threads tiff
transcode truetype truetype-fonts usb userlocales virus-scan vorbis vpopmail
xerces xine xml xml2 xmms xvidinfo zlib linguas_fr userland_GNU kernel_linux
elibc_glibc"
Unset:  ASFLAGS, CTARGET, LDFLAGS



Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-10-06 12:02:51 UTC
tigger/taviso/vapier/solar can you cook up a patch? 
Comment 7 SpanKY gentoo-dev 2005-10-06 17:39:11 UTC
probably a libtool issue then

glancing at src_unpack it looks like it forces old autotool versions ...
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-10-13 02:47:05 UTC
Could anyone check that it comes from the old autotool forcing (and/or provide a
patch) ? It's a minor security issue but it borks people compiling...
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-11 00:51:31 UTC
Any news on this one? 
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-11-16 07:30:53 UTC
For sure, the ebuild contains :
	export WANT_AUTOMAKE="1.4"
	export WANT_AUTOCONF="2.1"

vapier/robbat2: any reason why it cannot use more recent versions ?
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-11-25 04:28:58 UTC
vapier says ask Robin, sent mail to Robin asking for comments.
Comment 12 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-11-25 10:14:20 UTC
What versions of autoconf/automake do you want?

automake isn't currently called as it isn't needed.

openldap doesn't build with autoconf2.5:
 * Running libtoolize
You should update your `aclocal.m4' by running aclocal.
Putting files in AC_CONFIG_AUX_DIR, `build'.
 * Running autoconf
aclocal.m4:3934: error: m4_defn: undefined macro: _m4_divert_diversion
autoconf/types.m4:296: AM_TYPE_PTRDIFF_T is expanded from...
aclocal.m4:3934: the top level
autom4te-2.59: /usr/bin/m4 failed with exit status: 1

!!! ERROR: net-nds/openldap-2.2.28-r1 failed.
!!! Function src_unpack, Line 176, Exitcode 1
!!! autoconf failed
!!! If you need support, post the topmost build error, NOT this status message.
Comment 13 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-01 23:31:07 UTC
security: *bump*
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2005-12-02 00:36:27 UTC
(In reply to comment #12)
> What versions of autoconf/automake do you want?

I don't have a clue. These autotools/rpath things are quite obscure to me. I've
asked vapier to comment on this as he's probably the one with the right skillset
to help you solve this.
Comment 15 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-02 23:29:20 UTC
*** Bug 114320 has been marked as a duplicate of this bug. ***
Comment 16 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-03 01:29:51 UTC
Ok, I was emailed a patch by Markus Ullmann, that has everything to fix it, and
seems to work for me.
Security: Could you please test 2.2.28-r2 and confirm that the RPATH issue is
solved?
Comment 17 Thierry Carrez (RETIRED) gentoo-dev 2005-12-03 01:58:18 UTC
Thanks Robin.
Reopening the bug since we still have to make a GLSA about it.
Jason, kakou, security: please confirm that it's solved for you, before we call
for stable.
Comment 18 René Marten 2005-12-03 03:50:08 UTC
net-nds/openldap-2.2.28-r2 still has that issue here.
Comment 19 Jakub Moc (RETIRED) gentoo-dev 2005-12-03 05:35:31 UTC
*** Bug 114346 has been marked as a duplicate of this bug. ***
Comment 20 Markus Ullmann (RETIRED) gentoo-dev 2005-12-03 06:27:59 UTC
Created attachment 73986 [details, diff]
diff-against-2.2.28-r2 ebuild

get the compat libs to new autoconf
Comment 21 Chuck Wegrzyn 2005-12-03 06:50:54 UTC
I tried the patch and it didn't work. Perhaps I didn't quite understand what
"get the compat libs to new autoconf" meant. Can someone elaborate?

Thanks.
Comment 22 Ulrich Plate (RETIRED) gentoo-dev 2005-12-03 06:58:57 UTC
Same here.
Comment 23 Jason Wever (RETIRED) gentoo-dev 2005-12-03 07:36:00 UTC
With regards to comment #17, I'm still seeing the same error on SPARC
Comment 24 Markus Ullmann (RETIRED) gentoo-dev 2005-12-03 17:30:31 UTC
Created attachment 74024 [details, diff]
diff-from-2.2.28-r2-ebuild

reworked it, should work now
Comment 25 Markus Ullmann (RETIRED) gentoo-dev 2005-12-03 17:31:01 UTC
Created attachment 74025 [details, diff]
openldap-2.1.30-autoconf25.patch
Comment 26 Markus Ullmann (RETIRED) gentoo-dev 2005-12-03 17:31:33 UTC
Created attachment 74026 [details, diff]
openldap-2.1.30-rpath.patch
Comment 27 jrs 2005-12-03 20:43:48 UTC
Can someone tell the people that have never done a patch, what you are all
talking about?
I see that you may have fixed this? Is that correct?

I alsognome that open-ldap-2.2.28-r2 does not work on my machine. Are we just
waiting for this to be included into portage?
Comment 28 Alec Warner (RETIRED) archtester gentoo-dev Security 2005-12-03 20:56:49 UTC
*** Bug 114413 has been marked as a duplicate of this bug. ***
Comment 29 Tiziano Müller (RETIRED) gentoo-dev 2005-12-04 03:34:58 UTC
Worked for me, thanks!
Comment 30 Guillaume Castagnino 2005-12-04 03:57:07 UTC
Current openldap-2.2.28-r2 Dos not work on two different boxes 
Markus Ullmann's patches work for me 
Comment 31 Chuck Wegrzyn 2005-12-04 04:38:14 UTC
To JRS: Store the patch: diff-from-2.2.28-r2-ebuild somewhere and call it
patchfile, for instance. Run the command:

patch /usr/portage/net-nds/openldap/openldap-2.2.28-r2.ebuild patchfile

copy the other two patch files: openldap-2.1.30-autoconf25.patch and
openldap-2.1.30-rpath.patch to /usr/portage/net-nds/openldap/file

ebuild /usr/portage/net-nds/openldap/openldap-2.2.28-r2.ebuild digest

You are now ready to emerge openldap!
Comment 32 jrs 2005-12-04 12:19:55 UTC
Thank you for the info!
Comment 33 Jakub Moc (RETIRED) gentoo-dev 2005-12-05 00:40:59 UTC
*** Bug 114505 has been marked as a duplicate of this bug. ***
Comment 34 Andreas Arens 2005-12-05 03:16:24 UTC
open-ldap-2.2.28-r2 currently does not compile on ~AMD64 (2005.1) due to perl
bug #114371.

Using the workaround for the perl ebuild described under that bug (reenabling
the fpicdl patch), it still fails with this bug:

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/openldap-2.2.28-r2/work/openldap-2.1.30/libraries/liblber/.libs:/usr/lib64
usr/lib64/libldap.so.2.0.130
/var/tmp/portage/openldap-2.2.28-r2/work/openldap-2.1.30/libraries/liblber/.libs:/usr/lib64
usr/lib64/libldap_r.so.2.0.130

Applying the patches from Markus (as in Comment #31) fixes this! Thanks alot.
Comment 35 Jakub Moc (RETIRED) gentoo-dev 2005-12-05 06:31:38 UTC
*** Bug 114531 has been marked as a duplicate of this bug. ***
Comment 36 Jakub Moc (RETIRED) gentoo-dev 2005-12-05 12:39:59 UTC
*** Bug 114557 has been marked as a duplicate of this bug. ***
Comment 37 Lennart Hansen 2005-12-05 23:18:35 UTC
Works for me too, thanks alot, guys.



Comment 38 Chris Smith 2005-12-06 08:24:06 UTC
Is there some reason that this fix isn't in the tree yet? 
Comment 39 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-06 08:51:26 UTC
*** Bug 114618 has been marked as a duplicate of this bug. ***
Comment 40 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-06 09:11:18 UTC
ok, -r3 in the tree now with the newer patches.
Comment 41 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-06 09:48:39 UTC
I've backported the fixes to the 2.1 series as well, for 2.1.30-r6.
Both 2.1.30-r6 and 2.2.28-r3 should be stabilized - esp as mips/amd64 are a long
way behind (2.1.30-r2 and 2.1.30-r5 respectively).
Comment 42 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-06 09:54:46 UTC
Arches please test and mark stable. 
Comment 43 Markus Rothe (RETIRED) gentoo-dev 2005-12-06 12:39:04 UTC
both versions run fine -> stable on ppc64  :-)  
 
(including sys-libs/db-4.2.52_p2-r1) 
Comment 44 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-12-06 13:40:56 UTC
Stable on ppc, hppa.
Comment 45 Ben Skeggs 2005-12-06 17:03:00 UTC
=net-nds/openldap-2.2.28-r3 merges fine here now, TESTED on amd64.

darktama@araqiel ~ $ emerge info
Portage 2.0.53 (default-linux/amd64/2005.1, gcc-4.0.2, glibc-2.3.6-r1,
2.6.14-ck5 x86_64)
=================================================================
System uname: 2.6.14-ck5 x86_64 AMD Athlon(tm) 64 Processor 3500+
Gentoo Base System version 1.12.0_pre11
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r1
sys-devel/libtool:   1.5.20-r1
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="amd64 ~amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env
/usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config
/usr/lib64/mozilla/defaults/pref /usr/share/X11/xkb /usr/share/config
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon64 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg ccache distlocks multilib-strict nostrip sandbox
sfperms strict"
GENTOO_MIRRORS="ftp://ftp.iinet.net.au/pub/Gentoo/
http://mirror.pacific.net.au/linux/Gentoo/"
LINGUAS="en de"
MAKEOPTS="-j2"
PKGDIR="/home/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/overlays/scratch"
SYNC="rsync://rsync.au.gentoo.org/gentoo-portage"
USE="amd64 X a52 aac aalib acl acpi alsa audiofile avi bash-completion berkdb
bitmap-fonts browserplugin bzip2 cairo cdb cdr crypt cups curl dbus dri dvd dvdr
dvdread eds emboss encode esd ethereal exif expat fam ffmpeg firefox flac
foomaticdb fortran gd gif glitz glut gmp gnome gpm gstreamer gtk gtk2 guile hal
hardened idn imagemagick imlib ipv6 jack java jpeg lcms ldap libwww lua lzw
lzw-tiff mad mhash mmap mng mono motif mp3 mpeg ncurses nls nptl nptlonly
nsplugin offensive ogg oggvorbis openal opengl pam pcre pdflib perl png postgres
python quicktime readline samba sdl speex spell sqlite ssl svg tcltk tcpd theora
threads tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales
vorbis xine xinerama xml2 xpm xv xvid zlib video_cards_radeon video_cards_nv
linguas_en linguas_de userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS
Comment 46 Daniel Gryniewicz (RETIRED) gentoo-dev 2005-12-06 19:38:05 UTC
2.2.28-r3 stable on amd64.  Do you really want us to mark the old one too?  It's
not slotted...
Comment 47 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-06 20:19:17 UTC
It's not slotted as openldap conflicts badly with itself - the upgrade is
non-trivial for any openldap server boxes (that actually have data files).

I'd like both the 2.1 and 2.2 series to have up-to-date stable versions, for
those sysadmins that don't want to upgrade yet (since stable amd64 was on 2.1
only before).
Comment 48 Heinz Hombergs 2005-12-06 22:25:40 UTC
=net-nds/openldap-2.2.28-r3 merges fine here now, TESTED on x86.
Comment 49 Jakub Moc (RETIRED) gentoo-dev 2005-12-07 11:29:41 UTC
*** Bug 114740 has been marked as a duplicate of this bug. ***
Comment 50 Mark Loeser (RETIRED) gentoo-dev 2005-12-07 20:38:10 UTC
stable on x86
Comment 51 Fernando J. Pereda (RETIRED) gentoo-dev 2005-12-08 07:29:45 UTC
Are the tests on net-nds/openldap-2.1.30-r6 meant to work ? I'm getting:

---8<---
>>> Test phase [enabled]: net-nds/openldap-2.1.30-r6
 * Doing tests
ln: `./data': cannot overwrite directory
make: [test-bdb] Error 1 (ignored)
Initiating LDAP tests for BDB...
>>>>> Executing all LDAP tests...
>>>>> Test Directory: .
>>>>> Backend: bdb
>>>>> Starting test000-rootdse ...
running defines.sh
Datadir is ./data
Cleaning up in ./test-db...
Starting slapd on TCP/IP port 9009...
Using ldapsearch to retrieve the root DSE...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
./scripts/test000-rootdse: line 57: kill: (31816) - No such process
/var/tmp/portage/openldap-2.1.30-r6/work/openldap-2.1.30/clients/tools/.libs/lt-ldapsearch:
error while loading shared libraries: libldap.so.2: cannot open shared object
file: No such file or directory
>>>>> Test failed
>>>>> ./scripts/test000-rootdse failed (exit 127)
make: *** [test-bdb] Error 127

!!! ERROR: net-nds/openldap-2.1.30-r6 failed.
!!! Function src_test, Line 174, Exitcode 2
!!! make tests failed
!!! If you need support, post the topmost build error, NOT this status message
---8<---

The error doesn't really look alpha-specific.

Cheers,
Ferdy
Comment 52 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-08 12:56:54 UTC
ferdy: I can't reproduce here, but I suspect that it's related to the fact that
libldap.so.2 can't be found unless LD_LIBRARY_PATH is added (since the RPATH was
changed).
Comment 53 Fernando J. Pereda (RETIRED) gentoo-dev 2005-12-08 13:00:46 UTC
Might that be because I had no openldap version installed before ?

Cheers,
Ferdy
Comment 54 Simon Stelling (RETIRED) gentoo-dev 2005-12-09 10:39:02 UTC
i was experiencing the same issue as fernando, merging with FEATURES=-test and
re-merging with FEATURES=test however did solve the problem, so i marked
2.1.30-r6 stable on amd64
Comment 55 Jason Wever (RETIRED) gentoo-dev 2005-12-10 14:04:42 UTC
Stable on SPARCenstein
Comment 56 Fernando J. Pereda (RETIRED) gentoo-dev 2005-12-13 10:24:16 UTC
I have tested both versions for alpha, and I think they can go to stable.
However I don't think the tests should fail on a clean system.

I ain't going to hold a security bug for that... so I'll mark them in a couple
of hours.

Cheers,
Ferdy
Comment 57 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-12-13 12:30:28 UTC
I need to get to modifying the tests to work with the RPATH change. I'll get to
it eventully, just not very soon.
Comment 58 Fernando J. Pereda (RETIRED) gentoo-dev 2005-12-13 15:17:39 UTC
Ok, so I alpha'lized both of them. Sorry for the delay here.

Cheers,
Ferdy
Comment 59 Thierry Carrez (RETIRED) gentoo-dev 2005-12-14 03:53:51 UTC
Will do a common GLSA with bug 112577
Comment 60 Thierry Carrez (RETIRED) gentoo-dev 2005-12-15 04:22:23 UTC
GLSA 200512-07
arm,ia64 mips and s390 should mark 2.1.30-r6 stable to benefit from GLSA
Comment 61 Jamie Webb 2005-12-19 15:50:14 UTC
This patch doesn't apply for me on one of our servers (i.e. I see 'Failed Patch: openldap-2.1.30-rpath.patch' when emerging openldap-2.1.30-r6), although it worked fine on our workstations. USE flags presumably... I can't find any trace of the .rej files?


# emerge info
Portage 2.0.51.22-r3 (default-linux/x86/2005.0, gcc-3.3.5, glibc-2.3.4.20040808-r1, 2.6.12.5smp i686)
=================================================================
System uname: 2.6.12.5smp i686 Intel(R) Pentium(R) 4 CPU 2.80GHz
Gentoo Base System version 1.4.16
dev-lang/python:     2.3.5-r2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.10-r4
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.ac.uk/mirror/distro.ibiblio.org/pub/linux/distributions/gentoo/ http://www.ibiblio.org/pub/Linux/distributions/gentoo/"
MAKEOPTS=""
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acpi apache2 apm bash-completion berkdb bitmap-fonts bzip2 crypt curl eds emacs emboss encode expat fam foomaticdb fortran gd gdbm gif gmp gpm guile imagemagick imap imlib innodb ipv6 java jikes jpeg junit ldap leim libg++ libwww live maildir mbox mmx mp3 mysql ncurses network nls pam pcre pdflib perl plotutils png pnp python readline rtc ruby samba sasl slang spell sse ssl svga tcpd tetex tiff truetype truetype-fonts trusted type1-fonts udev usb wmf x86 xml xml2 zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY


# cat /var/tmp/portage/openldap-2.1.30-r6/temp/openldap-2.1.30-rpath.patch-10900.out
***** openldap-2.1.30-rpath.patch *****

=======================================

PATCH COMMAND:  patch -p0 -p0 -d /var/tmp/portage/openldap-2.1.30-r6/work/openldap-2.1.30 < /usr/portage/net-nds/openldap/files/openldap-2.1.30-rpath.patch

=======================================
patching file ./aclocal.m4
Hunk #1 succeeded at 2785 (offset -99 lines).
Hunk #2 succeeded at 3209 (offset -102 lines).
Hunk #3 succeeded at 3232 (offset -102 lines).
Hunk #4 succeeded at 3256 (offset -106 lines).
Hunk #5 FAILED at 3265.
Hunk #6 succeeded at 3266 (offset -115 lines).
Hunk #7 succeeded at 3320 (offset -115 lines).
Hunk #8 succeeded at 3338 (offset -115 lines).
Hunk #9 succeeded at 3355 with fuzz 2 (offset -115 lines).
Hunk #10 succeeded at 3373 with fuzz 2 (offset -115 lines).
Hunk #11 succeeded at 3398 (offset -115 lines).
Hunk #12 succeeded at 3418 with fuzz 1 (offset -115 lines).
Hunk #13 succeeded at 3436 with fuzz 2 (offset -115 lines).
Hunk #14 FAILED at 5270.
Hunk #15 succeeded at 5684 (offset -200 lines).
Hunk #16 succeeded at 5705 (offset -200 lines).
Hunk #17 succeeded at 5716 (offset -200 lines).
Hunk #18 succeeded at 5726 (offset -200 lines).
Hunk #19 succeeded at 5748 (offset -200 lines).
Hunk #20 succeeded at 5756 (offset -200 lines).
Hunk #21 succeeded at 5764 with fuzz 1 (offset -200 lines).
2 out of 21 hunks FAILED -- saving rejects to file ./aclocal.m4.rej
patching file ./libraries/liblunicode/Makefile.in
Hunk #1 succeeded at 22 (offset -9 lines).
=======================================

PATCH COMMAND:  patch -p1 -p0 -d /var/tmp/portage/openldap-2.1.30-r6/work/openldap-2.1.30 < /usr/portage/net-nds/openldap/files/openldap-2.1.30-rpath.patch

=======================================
patching file ./aclocal.m4
Hunk #1 succeeded at 2785 (offset -99 lines).
Hunk #2 succeeded at 3209 (offset -102 lines).
Hunk #3 succeeded at 3232 (offset -102 lines).
Hunk #4 succeeded at 3256 (offset -106 lines).
Hunk #5 FAILED at 3265.
Hunk #6 succeeded at 3266 (offset -115 lines).
Hunk #7 succeeded at 3320 (offset -115 lines).
Hunk #8 succeeded at 3338 (offset -115 lines).
Hunk #9 succeeded at 3355 with fuzz 2 (offset -115 lines).
Hunk #10 succeeded at 3373 with fuzz 2 (offset -115 lines).
Hunk #11 succeeded at 3398 (offset -115 lines).
Hunk #12 succeeded at 3418 with fuzz 1 (offset -115 lines).
Hunk #13 succeeded at 3436 with fuzz 2 (offset -115 lines).
Hunk #14 FAILED at 5270.
Hunk #15 succeeded at 5684 (offset -200 lines).
Hunk #16 succeeded at 5705 (offset -200 lines).
Hunk #17 succeeded at 5716 (offset -200 lines).
Hunk #18 succeeded at 5726 (offset -200 lines).
Hunk #19 succeeded at 5748 (offset -200 lines).
Hunk #20 succeeded at 5756 (offset -200 lines).
Hunk #21 succeeded at 5764 with fuzz 1 (offset -200 lines).
2 out of 21 hunks FAILED -- saving rejects to file ./aclocal.m4.rej
patching file ./libraries/liblunicode/Makefile.in
Hunk #1 succeeded at 22 (offset -9 lines).
=======================================

PATCH COMMAND:  patch -p2 -p0 -d /var/tmp/portage/openldap-2.1.30-r6/work/openldap-2.1.30 < /usr/portage/net-nds/openldap/files/openldap-2.1.30-rpath.patch

=======================================
patching file ./aclocal.m4
Hunk #1 succeeded at 2785 (offset -99 lines).
Hunk #2 succeeded at 3209 (offset -102 lines).
Hunk #3 succeeded at 3232 (offset -102 lines).
Hunk #4 succeeded at 3256 (offset -106 lines).
Hunk #5 FAILED at 3265.
Hunk #6 succeeded at 3266 (offset -115 lines).
Hunk #7 succeeded at 3320 (offset -115 lines).
Hunk #8 succeeded at 3338 (offset -115 lines).
Hunk #9 succeeded at 3355 with fuzz 2 (offset -115 lines).
Hunk #10 succeeded at 3373 with fuzz 2 (offset -115 lines).
Hunk #11 succeeded at 3398 (offset -115 lines).
Hunk #12 succeeded at 3418 with fuzz 1 (offset -115 lines).
Hunk #13 succeeded at 3436 with fuzz 2 (offset -115 lines).
Hunk #14 FAILED at 5270.
Hunk #15 succeeded at 5684 (offset -200 lines).
Hunk #16 succeeded at 5705 (offset -200 lines).
Hunk #17 succeeded at 5716 (offset -200 lines).
Hunk #18 succeeded at 5726 (offset -200 lines).
Hunk #19 succeeded at 5748 (offset -200 lines).
Hunk #20 succeeded at 5756 (offset -200 lines).
Hunk #21 succeeded at 5764 with fuzz 1 (offset -200 lines).
2 out of 21 hunks FAILED -- saving rejects to file ./aclocal.m4.rej
patching file ./libraries/liblunicode/Makefile.in
Hunk #1 succeeded at 22 (offset -9 lines).
=======================================

PATCH COMMAND:  patch -p3 -p0 -d /var/tmp/portage/openldap-2.1.30-r6/work/openldap-2.1.30 < /usr/portage/net-nds/openldap/files/openldap-2.1.30-rpath.patch

=======================================
patching file ./aclocal.m4
Hunk #1 succeeded at 2785 (offset -99 lines).
Hunk #2 succeeded at 3209 (offset -102 lines).
Hunk #3 succeeded at 3232 (offset -102 lines).
Hunk #4 succeeded at 3256 (offset -106 lines).
Hunk #5 FAILED at 3265.
Hunk #6 succeeded at 3266 (offset -115 lines).
Hunk #7 succeeded at 3320 (offset -115 lines).
Hunk #8 succeeded at 3338 (offset -115 lines).
Hunk #9 succeeded at 3355 with fuzz 2 (offset -115 lines).
Hunk #10 succeeded at 3373 with fuzz 2 (offset -115 lines).
Hunk #11 succeeded at 3398 (offset -115 lines).
Hunk #12 succeeded at 3418 with fuzz 1 (offset -115 lines).
Hunk #13 succeeded at 3436 with fuzz 2 (offset -115 lines).
Hunk #14 FAILED at 5270.
Hunk #15 succeeded at 5684 (offset -200 lines).
Hunk #16 succeeded at 5705 (offset -200 lines).
Hunk #17 succeeded at 5716 (offset -200 lines).
Hunk #18 succeeded at 5726 (offset -200 lines).
Hunk #19 succeeded at 5748 (offset -200 lines).
Hunk #20 succeeded at 5756 (offset -200 lines).
Hunk #21 succeeded at 5764 with fuzz 1 (offset -200 lines).
2 out of 21 hunks FAILED -- saving rejects to file ./aclocal.m4.rej
patching file ./libraries/liblunicode/Makefile.in
Hunk #1 succeeded at 22 (offset -9 lines).
=======================================

PATCH COMMAND:  patch -p4 -p0 -d /var/tmp/portage/openldap-2.1.30-r6/work/openldap-2.1.30 < /usr/portage/net-nds/openldap/files/openldap-2.1.30-rpath.patch

=======================================
patching file ./aclocal.m4
Hunk #1 succeeded at 2785 (offset -99 lines).
Hunk #2 succeeded at 3209 (offset -102 lines).
Hunk #3 succeeded at 3232 (offset -102 lines).
Hunk #4 succeeded at 3256 (offset -106 lines).
Hunk #5 FAILED at 3265.
Hunk #6 succeeded at 3266 (offset -115 lines).
Hunk #7 succeeded at 3320 (offset -115 lines).
Hunk #8 succeeded at 3338 (offset -115 lines).
Hunk #9 succeeded at 3355 with fuzz 2 (offset -115 lines).
Hunk #10 succeeded at 3373 with fuzz 2 (offset -115 lines).
Hunk #11 succeeded at 3398 (offset -115 lines).
Hunk #12 succeeded at 3418 with fuzz 1 (offset -115 lines).
Hunk #13 succeeded at 3436 with fuzz 2 (offset -115 lines).
Hunk #14 FAILED at 5270.
Hunk #15 succeeded at 5684 (offset -200 lines).
Hunk #16 succeeded at 5705 (offset -200 lines).
Hunk #17 succeeded at 5716 (offset -200 lines).
Hunk #18 succeeded at 5726 (offset -200 lines).
Hunk #19 succeeded at 5748 (offset -200 lines).
Hunk #20 succeeded at 5756 (offset -200 lines).
Hunk #21 succeeded at 5764 with fuzz 1 (offset -200 lines).
2 out of 21 hunks FAILED -- saving rejects to file ./aclocal.m4.rej
patching file ./libraries/liblunicode/Makefile.in
Hunk #1 succeeded at 22 (offset -9 lines).
Comment 62 Markus Ullmann (RETIRED) gentoo-dev 2005-12-25 02:33:18 UTC
Please take a look at other emerge info outputs and compare the installed version numbers of

sys-devel/autoconf
sys-devel/automake
sys-devel/libtool

Are they the same on workstation and that particular server?