Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 117926

Summary: Subversion 1.3.0 insecure RPATHS
Product: Gentoo Security Reporter: Troy Telford <mquezn8wfq>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Troy Telford 2006-01-05 12:46:42 UTC 
SVN 1.3.0 fails to emerge (on x86).  Note, however, I've emerged SVN 1.3.0 with no issues on multiple amd64 (opteron) systems.

Emerge output follows:  (No idea /how/ the path became so long...)
***
making executable: /usr/lib/libsvn_swig_py-1.so.0.0.0
making executable: /usr/lib/libsvn_wc-1.so.0.0.0
making executable: /usr/lib/libsvnjavahl-1.so.0.0.0


QA Notice: the following files contain insecure RUNPATH''s
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Fs/_Fs.so
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Ra/_Ra.so
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Wc/_Wc.so
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Core/_Core.so
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Delta/_Delta.so
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Repos/_Repos.so
/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_client/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_delta/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_fs/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_ra/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_repos/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_wc/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_diff/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/libsvn_subr/.libs:/var/tmp/portage/subversion-1.3.0/work/subversion-1.3.0/subversion/bindings/swig/perl/libsvn_swig_perl/.libs usr/lib/perl5/vendor_perl/5.8.6/i686-linux/auto/SVN/_Client/_Client.so


!!! ERROR: dev-util/subversion-1.3.0 failed.
!!! Function dyn_install, Line 1057, Exitcode 0
!!! Insecure binaries detected
!!! If you need support, post the topmost build error, NOT this status message.

***
Comment 1 Troy Telford 2006-01-05 12:48:14 UTC 
Adding blocker to 81745, as instructed in #81745, Comment #53

http://bugs.gentoo.org/show_bug.cgi?id=81745#c53
Comment 2 SpanKY gentoo-dev 2006-01-05 16:55:11 UTC 

*** This bug has been marked as a duplicate of 105054 ***