Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 119391

Summary: dev-scheme/guile-1.6.7 fails on an RPATH security warning on amd64
Product: Gentoo Security Reporter: thither <thither>
Component: Runpath IssuesAssignee: Scheme Project <scheme>
Status: RESOLVED NEEDINFO    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 81745    

Description thither 2006-01-18 00:52:39 UTC 
Whilst upgrading after several months, I hit this warning when trying to emerge guile.  The build itself seemed to go perfectly smoothly, the message occured just before the install.

The message in bug 81745 says to mark this bug as a blocker of that one, but I'm not sure how to do so.

----
QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/guile-1.6.7/image/usr/lib64 usr/lib64/libguile.so.12.3.0
/var/tmp/portage/guile-1.6.7/image/usr/lib64 usr/lib64/libguilereadline-v-12.so.12.3.0
/var/tmp/portage/guile-1.6.7/image/usr/lib64 usr/lib64/libguile-srfi-srfi-4-v-1.so.1.0.0
/var/tmp/portage/guile-1.6.7/image/usr/lib64 usr/lib64/libguile-srfi-srfi-13-14-v-1.so.1.0.0
/var/tmp/portage/guile-1.6.7/image/usr/lib64 usr/bin/guile
----

Here's my emerge --info:

----
Portage 2.0.53 (default-linux/amd64/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 2.6.10-gentoo-r7 x86_64)
=================================================================
System uname: 2.6.10-gentoo-r7 x86_64 Mobile AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.6.14
ccache version 2.3 [disabled]
dev-lang/python:     2.3.4-r1, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/tomcat /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d"
CXXFLAGS="-march=k8 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.ussg.iu.edu/pub/linux/gentoo http://gentoo.llarian.net/ http://gentoo.mirrors.tds.net/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="amd64 X alsa apache2 arts audiofile avi berkdb bitmap-fonts bzip2 crypt cups curl dvd eds emboss encode esd ethereal exif expat fam flac foomaticdb fortran gd gdbm gif glut gmp gnome gpm gstreamer gtk gtk2 gtkhtml guile idn imlib ipv6 java jpeg junit kde lcms libwww log4j lua lzw lzw-tiff mad mhash mikmod mng mozilla moznocompose moznoirc mp3 mpeg mysql ncurses nls ogg opengl pam parse-clocks pcap pcre pdflib perl png postgres python qt quicktime radeon readline ruby samba sdl slang speedo speex spell ssl tcltk tcpd threads tiff truetype truetype-fonts type1-fonts udev usb userlocales vorbis wxwindows xalan xerces xine xml xml2 xmms xpm xv xvid zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
----
Comment 1 solar (RETIRED) gentoo-dev 2006-03-05 08:03:04 UTC 
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@

http://bugs.gentoo.org/show_bug.cgi?id=124962
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2006-09-21 03:45:07 UTC 
No longer a security issue with current stable portage, re-assigning to maintainer.
Comment 3 Marijn Schouten (RETIRED) gentoo-dev 2007-06-12 15:10:05 UTC 
is this an issue with newer versions of guile than 1.6.7?