Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 117606

Summary: gnome-base/orbit-0.5.17 insecure RUNPATHs
Product: Gentoo Security Reporter: Jakub Moc (RETIRED) <jakub>
Component: Runpath IssuesAssignee: MIPS Porters <mips>
Severity: minor CC: gnome, robbat2
Priority: High Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard: [stable]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 81745    

Description Jakub Moc (RETIRED) gentoo-dev 2006-01-03 07:41:57 UTC
Separated from the tracker Bug 81745

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at
 For more information on this issue, kindly review:
/var/tmp/portage/orbit-0.5.17/image//usr/lib usr/bin/ior-decode
/var/tmp/portage/orbit-0.5.17/image//usr/lib usr/bin/name-client
/var/tmp/portage/orbit-0.5.17/image//usr/lib usr/bin/old-name-server
/var/tmp/portage/orbit-0.5.17/image//usr/lib usr/bin/orbit-event-server
/var/tmp/portage/orbit-0.5.17/image//usr/lib usr/bin/orbit-name-server

!!! ERROR: gnome-base/orbit-0.5.17 failed.

Does anything depend on that ancient version now? If not, best punted.
Comment 1 Tupone Alfredo gentoo-dev 2006-01-12 10:26:31 UTC
works for me
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-01-12 16:06:20 UTC
Yes, stuff does still depend on this.
xosd needs media-libs/gdk-pixbuf
media-libs/gdk-pixbuf needs gnome-base/gnome-libs
gnome-base/gnome-libs needs =gnome-base/orbit-0*

Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-01-12 17:20:09 UTC
Fixed in 0.5.17-r1, marked as unstable as some other minor changes were needed (econf/make DESTDIR).
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-01-15 09:35:14 UTC
Arches please test 0.5.17-r1 and mark stable :
Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
Comment 5 Simon Stelling (RETIRED) gentoo-dev 2006-01-15 10:27:38 UTC
amd64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-01-15 12:46:49 UTC
ppc stable
Comment 7 John N. Laliberte (RETIRED) gentoo-dev 2006-01-15 12:52:04 UTC
x86 stable
Comment 8 Jason Wever (RETIRED) gentoo-dev 2006-01-15 13:39:50 UTC
Stable on SPARC
Comment 9 Fernando J. Pereda (RETIRED) gentoo-dev 2006-01-15 14:03:45 UTC
Stable on alpha
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2006-01-16 02:09:43 UTC
stable on ppc64
Comment 11 René Nussbaumer (RETIRED) gentoo-dev 2006-01-16 10:31:55 UTC
Stable on hppa
Comment 12 solar (RETIRED) gentoo-dev 2006-03-05 08:03:00 UTC
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@
Comment 13 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-09-07 07:26:19 UTC
can we close it now ?
Comment 14 Jakub Moc (RETIRED) gentoo-dev 2006-09-07 07:32:41 UTC
(In reply to comment #13)
> can we close it now ?

Assigning to mips, they haven't stabilized the fixed 0.5.17-r1 yet. 
Comment 15 Jakub Moc (RETIRED) gentoo-dev 2006-11-28 18:52:48 UTC
<gnome-base/orbit-2 p.masked for gnome-1 removal; closing this.
Comment 16 Jakub Moc (RETIRED) gentoo-dev 2006-11-28 18:53:00 UTC
<gnome-base/orbit-2 p.masked for gnome-1 removal; closing this.