when emerging media-gfx/imagemagick-6.2.4.2, the emerge fails w/ "insecure RUNPATH's": usr/lib/ImageMagick-6.2.4/modules-Q16/filters/analyze.so usr/lib/libMagick++.so.6.2.4 usr/lib/libMagick.so.6.2.4 usr/lib/libWand.so.6.2.4 usr/lib/perl5/vendor_perl/5.8.7/i686-linux/auto/Image/Magick/Magick.so making executable: /usr/lib/libMagick++.so.6.2.4 making executable: /usr/lib/libMagick.so.6.2.4 making executable: /usr/lib/libWand.so.6.2.4 ^G QA Notice: the following files contain insecure RUNPATH's Please file a bug about this at http://bugs.gentoo.org/ For more information on this issue, kindly review: http://bugs.gentoo.org/81745 /portage/tmp/portage/imagemagick-6.2.4.2/work/ImageMagick-6.2.4/PerlMagick/../magick/.libs:/usr/lib usr/lib/perl5/vendor _perl/5.8.7/i686-linux/auto/Image/Magick/Magick.so ^G !!! ERROR: media-gfx/imagemagick-6.2.4.2 failed. !!! Function dyn_install, Line 1044, Exitcode 0 !!! Insecure binaries detected !!! If you need support, post the topmost build error, NOT this status message. Reproducible: Always Steps to Reproduce: 1. emerge media-gfx/imagemagick 2. 3. Actual Results: see above Expected Results: should successfully emerge liberte insecure_runpaths # emerge --info Portage 2.0.52-r1 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r1, 2.6.13-gentoo i686) ================================================================= System uname: 2.6.13-gentoo i686 Intel(R) Pentium(R) M processor 1700MHz Gentoo Base System version 1.12.0_pre8 dev-lang/python: 2.3.5, 2.4.1-r1 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -pipe -march=pentium-m -mtune=pentium-m -fweb -ftracer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openjms/config /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-O3 -pipe -march=pentium-m -mtune=pentium-m -fweb -ftracer" DISTDIR="/portage/distfiles" FEATURES="autoconfig distlocks fixpackages sandbox sfperms strict userpriv" GENTOO_MIRRORS="http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo http://mirror.datapipe.net/gentoo ftp://mirror.mcs.anl.gov/pub/gentoo/" LINGUAS="en ar bg bn br bs ca cs cy da de el en_GB eo es et eu fi fr fy ga he hi hsb hu is it ja lt mk nb nds nl nn pa pl pt pt_BR ro ru se sk sl sr sr@Latn sv ta tg tr uk zh_CN zh_TW" PKGDIR="/portage/packages" PORTAGE_TMPDIR="/portage/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X aalib alsa apm arts avi bash-completion berkdb bitmap-fonts cdr crypt cscope cups curl directfb doc eds emboss encode erandom esd fam flac foomaticdb fortran freetds g++ g77 gcj gd gdbm ggi gif gjava gnat gnome gobjc gpm gstreamer gtk gtk2 guile imagemagick imlib ipv6 jack java jpeg junit kde ldap libg++ libwww lirc mad mcal mikmod motif mozilla mp3 mpeg mysql nas ncurses nls nptl nptlonly objc odbc ogg oggvorbis opengl oss pam pdflib perl pic png postgres python qt quicktime readline ruby samba sdl slang snmp speex spell sqlite ssl svga tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts unicode userlocales vorbis xml xml2 xmms xv zlib linguas_en linguas_ar linguas_bg linguas_bn linguas_br linguas_bs linguas_ca linguas_cs linguas_cy linguas_da linguas_de linguas_el linguas_en_GB linguas_eo linguas_es linguas_et linguas_eu linguas_fi linguas_fr linguas_fy linguas_ga linguas_he linguas_hi linguas_hsb linguas_hu linguas_is linguas_it linguas_ja linguas_lt linguas_mk linguas_nb linguas_nds linguas_nl linguas_nn linguas_pa linguas_pl linguas_pt linguas_pt_BR linguas_ro linguas_ru linguas_se linguas_sk linguas_sl linguas_sr linguas_sr@Latn linguas_sv linguas_ta linguas_tg linguas_tr linguas_uk linguas_zh_CN linguas_zh_TW userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, MAKEOPTS, PORTDIR_OVERLAY liberte insecure_runpaths # grep media-gfx/imagemagick /etc/portage/package.use media-gfx/imagemagick X cups doc fpx graphviz jbig jpeg lcms mpeg perl png tiff truetype wmf xml2
Created attachment 68278 [details] logfile for "emerge -v media-gfx/imagemagick"
i was able to successfully emerge imagemagick using the makemaker perl hack described in bug id 105054
This should be automatically fixed when the MakeMaker patch from bug 105054 is committed, just requiring a bump to propagate.
Reporter : could you please check that it still happens after the latest Perl upgrade...
this emerge works fine now after the last perl update (perl-5.8.7-r1)
Common GLSA with other RUNPATH issues
graphics team: we'll need a revbumps with the new Perl DEPEND so that currently affected users get their version as "vulnerable"...
graphics herd, please do the revbumps so that we can issue the GLSA about this.
The revbump must have the following Perl dep : >=dev-lang/perl-5.8.6-r6 !=dev-lang/perl-5.8.7
sekretarz should have a look at it later today
Version bumped in portage
Is this specific to >=6.2.4.2 ? If yes this bug can be closed (only ~ versions affected). If not we should have a revbump on 6.2.2.3-r1 too...
Probably better to mark >=6.2.4.2-r1 stable... Arch testers please mark 6.2.4.2-r1 (or 6.2.5.2 if you feel adventurous) stable Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
sparc stable.
x86 happy
ppc64 stable
6.2.4.2-r1 stable on amd64
6.2.4.2-r1 stable on alpha
Stable on ppc and hppa.
Stable on ia64.
Ready for GLSA
Common GLSA with GDAL and qdbm
GLSA Batch ready.
GLSA 200511-02 mips should mark stable to benefit from GLSA