Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 123028

Summary: media-gfx/gimp-1.2.5 the following files contain insecure RUNPATH's
Product: Gentoo Security Reporter: DEMAINE Benoît-Pierre, aka DoubleHP <dhp_gentoo>
Component: Runpath IssuesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 81745    

Description DEMAINE Benoît-Pierre, aka DoubleHP 2006-02-16 05:38:42 UTC 
This bug may be a dup of http://bugs.gentoo.org/81745

emerging media-gfx/gimp-1.2.5 on stable Alpha , I get this just after parallel strip:

   usr/lib/perl5/site_perl/5.8.7/alpha-linux/auto/Gimp/Lib/Lib.so
   usr/lib/perl5/site_perl/5.8.7/alpha-linux/auto/Gimp/Net/Net.so
   usr/lib/perl5/site_perl/5.8.7/alpha-linux/auto/Gimp/UI/UI.so
   usr/bin/gimp-remote-1.2
   usr/bin/gimp-1.2
making executable: /usr/lib/libgck-1.2.so.0.0.5
making executable: /usr/lib/libgimp-1.2.so.0.0.5
making executable: /usr/lib/libgimpui-1.2.so.0.0.5
^G
QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/gimp-1.2.5/image//usr/lib usr/lib/perl5/site_perl/5.8.7/alpha-linux/auto/Gimp/Lib/Lib.so
/var/tmp/portage/gimp-1.2.5/image//usr/lib:/usr/lib usr/lib/perl5/site_perl/5.8.7/alpha-linux/auto/Gimp/UI/UI.so
^G

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 

# emerge --info
Portage 2.0.54 (default-linux/alpha/2005.0, gcc-3.3.2, glibc-2.3.5-r3, 2.6.14.2_plop_piou_SMP alpha)
=================================================================
System uname: 2.6.14.2_plop_piou_SMP alpha EV56
Gentoo Base System version 1.6.14
distcc 2.18.3 alpha-unknown-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r4
ACCEPT_KEYWORDS="alpha"
AUTOCLEAN="yes"
CBUILD="alpha-unknown-linux-gnu"
CFLAGS="-mieee -O2 -mcpu=ev56 -pipe"
CHOST="alpha-unknown-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/conf
ig /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/
config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-mieee -O2 -mcpu=ev56 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks keeptemp sandbox sfperms strict"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
MAKEOPTS="-j7"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="alpha X a52 aac aalib acpi aim alsa amuled apache2 arts audiofile bash-completion berkdb bidi bitmap-fonts bl bmp bonjour boot
splash bzip2 cdda cdparanoia cdr cpudetection crypt cups dga doc dts dv dvb dvd dvdread dynamic eds encode esd ethereal examples ex
pat fam fbcon ffmpeg flac flash font-server foomaticdb fortran freetype gd gdbm ggi gif glut gnutls gpm gs gstreamer gtk gtk2 httpd
 i8x0 icq idn ieee1394 imlib ipv6 irc jabber javascript jpeg lcms libcaca libg++ libwww lirc listentcp live lj logrotate lzo mad mi
kmod mng motif mozcalendar mp3 mpeg mplayer msn mtyhtv ncurses network nls no-htdocs nsplugin ogg oggvorbis opengl oss pam pcre pdf
lib perl png python qt quicktime rar readline real rss rtc samba screen sensord silc skey skins sndfile speex spell ssl stream subt
itles svg swat symlink tcpd tetex tga theora threads tiff truetype truetype-fonts type1-fonts udev unicode urandom v4l v4l2 vcd vim
 vlm vorbis wmf wxwindows xanim xinerama xml2 xmms xosd xscreensaver xv xvid xvmc yahoo zeroconf zlib userland_GNU kernel_linux eli
bc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Comment 1 solar (RETIRED) gentoo-dev 2006-03-05 08:03:17 UTC 
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@

http://bugs.gentoo.org/show_bug.cgi?id=124962
Comment 2 DEMAINE Benoît-Pierre, aka DoubleHP 2006-03-05 08:28:38 UTC 
ought-I have received in the email notifying the comment a notice adout the fact a dep have been added ?

I usually get a nice ASII art grid telling what is changed in the bug status, and here the bug header as a new status in pratice:

123028 blocks: 81745

nd this was not said in the email ... when email usually says:
removed new
added wontfix
( or any thing else about changes).

I am just fuzzy about this lack of info in the email; if normal, I wont tell about it any more; if abnormal, I may open a bug against Bugzilla.
Comment 3 Hanno Böck gentoo-dev 2006-09-13 11:45:00 UTC 
gimp 1.2 is no longer in the tree