Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 125738

Summary: ERROR: x11-libs/qwtplot3d-0.2.6-r2 insecure RUNPATHs
Product: Gentoo Security Reporter: johnuser <johnuser>
Component: Runpath IssuesAssignee: Gentoo Science Related Packages <sci>
Status: RESOLVED WONTFIX    
Severity: normal CC: cryos
Priority: Highest Keywords: PMASKED
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 299365    
Bug Blocks: 81745    

Description johnuser 2006-03-10 10:16:49 UTC 
I've tried install qwtplot3d, but :

ln -s libqwtplot3d.so.0.2.6 libqwtplot3d.so
ln -s libqwtplot3d.so.0.2.6 libqwtplot3d.so.0
ln -s libqwtplot3d.so.0.2.6 libqwtplot3d.so.0.2
rm -f lib/libqwtplot3d.so.0.2.6
rm -f lib/libqwtplot3d.so
rm -f lib/libqwtplot3d.so.0
rm -f lib/libqwtplot3d.so.0.2
mv -f libqwtplot3d.so.0.2.6 libqwtplot3d.so libqwtplot3d.so.0 libqwtplot3d.so.0.2 lib/
>>> Test phase [not enabled]: x11-libs/qwtplot3d-0.2.6-r2

>>> Install qwtplot3d-0.2.6-r2 into /var/tmp/portage/qwtplot3d-0.2.6-r2/image/ category x11-libs
man:
prepallstrip:
strip: strip --strip-unneeded
   usr/lib/libqwtplot3d.so.0.2.6
making executable: /usr/lib/libqwtplot3d.so.0.2.6
QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/qwtplot3d-0.2.6-r2/work/qwtplot3d/lib usr/lib/libqwtplot3d.so.0.2.6


!!! ERROR: x11-libs/qwtplot3d-0.2.6-r2 failed.
!!! Function dyn_install, Line 1057, Exitcode 0
!!! Insecure binaries detected
I don't know how to fix it :(
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-03-10 11:27:03 UTC 
Don't restrict bugs...
Comment 2 Jeffrey Forman (RETIRED) gentoo-dev 2006-03-11 05:15:14 UTC 
Please read the product descriptions next time you file a bug. This is NOT a bugzilla bug.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2006-09-21 03:51:37 UTC 
No longer a security issue with current stable portage (see Bug 124962), re-assigning to maintainer.
Comment 4 Marcus D. Hanwell (RETIRED) gentoo-dev 2006-11-03 14:05:40 UTC 
I don't seem to be getting this error with the package when I compile it. Can you still reproduce this? Is it possible it was due to another package that qwtplot3d was linked against? If not may be I have disabled the warning inadvertently? I am using sys-apps/portage-2.1.2_rc1-r2.
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2007-03-14 01:21:17 UTC 
(In reply to comment #4)
> I don't seem to be getting this error with the package when I compile it. Can
> you still reproduce this? Is it possible it was due to another package that
> qwtplot3d was linked against? If not may be I have disabled the warning
> inadvertently? I am using sys-apps/portage-2.1.2_rc1-r2.

You need FEATURES=stricter to see the warnings now...
Comment 6 Samuli Suominen (RETIRED) gentoo-dev 2010-01-06 21:55:09 UTC 
Removed from tree.