Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 120304

Summary: dev-libs/libcroco-0.6.0 insecure RUNPATH
Product: Gentoo Security Reporter: Jon Hood <squinky86>
Component: Runpath IssuesAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Severity: normal CC: iyosifov
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B? [ebuild] DerCorny
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 81745    

Description Jon Hood 2006-01-25 07:23:33 UTC
libcroco fails

QA Notice: the following files contain insecure RUNPATH's...
/var/tmp/portage/libcroco-0.6.0/image/usr/lib64 usr/bin/csslint-0.6

see also.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-25 08:10:48 UTC
gnome herd, pls verify and provide fixed ebuilds if necessary - thx.
Comment 2 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-01-26 08:45:38 UTC
I don't see this, either on amd64 or on x86, either stable or ~.
Comment 3 Jon Hood 2006-01-26 10:22:20 UTC
I am now unable to reproduce this, too, but apparently I'm not the only one that was experiencing it (see posted url).
Comment 4 Ivan Yosifov 2006-02-09 11:02:29 UTC
Check out for clock skew messages. I just got the same error and also got warnings about the mtimes of files in /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/include/ being in the future. After doing a touch /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/include/* the problem disappeared. Weird.
Comment 5 solar (RETIRED) gentoo-dev 2006-03-05 08:03:07 UTC
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2006-09-21 03:46:29 UTC
No longer a security issue with current stable portage, re-assigning to maintainer.
Comment 7 Mart Raudsepp gentoo-dev 2007-01-14 20:45:49 UTC
Can't see the problem either with 0.6.0 nor 0.6.1