Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 105717 - media-gfx/imagemagick- contains insecure RUNPATH's
Summary: media-gfx/imagemagick- contains insecure RUNPATH's
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A2? [glsa]
Depends on:
Blocks: 81745
  Show dependency tree
Reported: 2005-09-12 12:10 UTC by Ashu Tiwary
Modified: 2019-11-30 22:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

logfile for "emerge -v media-gfx/imagemagick" (3135-imagemagick-,272.25 KB, text/plain)
2005-09-12 12:11 UTC, Ashu Tiwary
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ashu Tiwary 2005-09-12 12:10:37 UTC
when emerging media-gfx/imagemagick-, the emerge fails w/ "insecure

making executable: /usr/lib/
making executable: /usr/lib/
making executable: /usr/lib/
QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at
 For more information on this issue, kindly review:

!!! ERROR: media-gfx/imagemagick- failed.
!!! Function dyn_install, Line 1044, Exitcode 0
!!! Insecure binaries detected
!!! If you need support, post the topmost build error, NOT this status message.

Reproducible: Always
Steps to Reproduce:
1. emerge media-gfx/imagemagick

Actual Results:  
see above

Expected Results:  
should successfully emerge

liberte insecure_runpaths # emerge --info
Portage 2.0.52-r1 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r1,
2.6.13-gentoo i686)
System uname: 2.6.13-gentoo i686 Intel(R) Pentium(R) M processor 1700MHz
Gentoo Base System version 1.12.0_pre8
dev-lang/python:     2.3.5, 2.4.1-r1
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
CFLAGS="-O3 -pipe -march=pentium-m -mtune=pentium-m -fweb -ftracer"
CONFIG_PROTECT="/etc /opt/openjms/config /usr/kde/2/share/config
/usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown
/usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d"
CXXFLAGS="-O3 -pipe -march=pentium-m -mtune=pentium-m -fweb -ftracer"
FEATURES="autoconfig distlocks fixpackages sandbox sfperms strict userpriv"
LINGUAS="en ar bg bn br bs ca cs cy da de el en_GB eo es et eu fi fr fy ga he hi
hsb hu is it ja lt mk nb nds nl nn pa pl pt pt_BR ro ru se sk sl sr sr@Latn sv
ta tg tr uk zh_CN zh_TW"
USE="x86 X aalib alsa apm arts avi bash-completion berkdb bitmap-fonts cdr crypt
cscope cups curl directfb doc eds emboss encode erandom esd fam flac foomaticdb
fortran freetds g++ g77 gcj gd gdbm ggi gif gjava gnat gnome gobjc gpm gstreamer
gtk gtk2 guile imagemagick imlib ipv6 jack java jpeg junit kde ldap libg++
libwww lirc mad mcal mikmod motif mozilla mp3 mpeg mysql nas ncurses nls nptl
nptlonly objc odbc ogg oggvorbis opengl oss pam pdflib perl pic png postgres
python qt quicktime readline ruby samba sdl slang snmp speex spell sqlite ssl
svga tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts unicode
userlocales vorbis xml xml2 xmms xv zlib linguas_en linguas_ar linguas_bg
linguas_bn linguas_br linguas_bs linguas_ca linguas_cs linguas_cy linguas_da
linguas_de linguas_el linguas_en_GB linguas_eo linguas_es linguas_et linguas_eu
linguas_fi linguas_fr linguas_fy linguas_ga linguas_he linguas_hi linguas_hsb
linguas_hu linguas_is linguas_it linguas_ja linguas_lt linguas_mk linguas_nb
linguas_nds linguas_nl linguas_nn linguas_pa linguas_pl linguas_pt linguas_pt_BR
linguas_ro linguas_ru linguas_se linguas_sk linguas_sl linguas_sr
linguas_sr@Latn linguas_sv linguas_ta linguas_tg linguas_tr linguas_uk
linguas_zh_CN linguas_zh_TW userland_GNU kernel_linux elibc_glibc"

liberte insecure_runpaths # grep media-gfx/imagemagick /etc/portage/package.use
media-gfx/imagemagick X cups doc fpx graphviz jbig jpeg lcms mpeg perl png tiff
truetype wmf xml2
Comment 1 Ashu Tiwary 2005-09-12 12:11:24 UTC
Created attachment 68278 [details]
logfile for "emerge -v media-gfx/imagemagick"
Comment 2 Ashu Tiwary 2005-09-12 12:12:46 UTC
i was able to successfully emerge imagemagick using the makemaker perl hack
described in bug id 105054
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-09-14 03:06:24 UTC
This should be automatically fixed when the MakeMaker patch from bug 105054 is
committed, just requiring a bump to propagate.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-09-21 05:34:41 UTC
Reporter : could you please check that it still happens after the latest Perl
Comment 5 Ashu Tiwary 2005-09-22 02:46:08 UTC
this emerge works fine now after the last perl update (perl-5.8.7-r1)
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2005-09-23 13:36:31 UTC
Common GLSA with other RUNPATH issues
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-10-10 01:10:04 UTC
graphics team: we'll need a revbumps with the new Perl DEPEND so that currently
affected users get their version as "vulnerable"...
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-10-12 02:26:54 UTC
graphics herd, please do the revbumps so that we can issue the GLSA about this.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-10-13 07:45:06 UTC
The revbump must have the following Perl dep :
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2005-10-18 06:18:43 UTC
sekretarz should have a look at it later today
Comment 11 Karol Wojtaszek (RETIRED) gentoo-dev 2005-10-19 16:11:36 UTC
Version bumped in portage
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2005-10-20 02:39:14 UTC
Is this specific to >= ? If yes this bug can be closed (only ~ versions
affected). If not we should have a revbump on too...
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2005-10-27 02:48:33 UTC
Probably better to mark >= stable...

Arch testers please mark (or if you feel adventurous) stable
Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86"
Comment 14 Gustavo Zacarias (RETIRED) gentoo-dev 2005-10-27 07:15:43 UTC
sparc stable.
Comment 15 Andrej Kacian (RETIRED) gentoo-dev 2005-10-27 07:31:34 UTC
x86 happy
Comment 16 Brent Baude (RETIRED) gentoo-dev 2005-10-27 08:15:43 UTC
ppc64 stable
Comment 17 Simon Stelling (RETIRED) gentoo-dev 2005-10-27 12:50:15 UTC stable on amd64
Comment 18 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2005-10-27 15:32:23 UTC stable on alpha
Comment 19 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-10-29 08:47:01 UTC
Stable on ppc and hppa.
Comment 20 Bryan Østergaard (RETIRED) gentoo-dev 2005-10-29 13:03:53 UTC
Stable on ia64.
Comment 21 Thierry Carrez (RETIRED) gentoo-dev 2005-10-30 07:01:00 UTC
Ready for GLSA
Comment 22 Thierry Carrez (RETIRED) gentoo-dev 2005-10-30 07:19:46 UTC
Common GLSA with GDAL and qdbm
Comment 23 Thierry Carrez (RETIRED) gentoo-dev 2005-11-01 05:10:12 UTC
GLSA Batch ready.
Comment 24 Thierry Carrez (RETIRED) gentoo-dev 2005-11-02 09:19:23 UTC
GLSA 200511-02
mips should mark stable to benefit from GLSA