And this is obviously a bad thing. As strict is set in profile, it makes it really hard. QA Notice: the following files contain insecure RUNPATH's Please file a bug about this at http://bugs.gentoo.org/ For more information on this issue, kindly review: http://bugs.gentoo.org/81745 /usr/lib/m3/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3config/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3templates/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3driver/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3linker/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3front/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3quake/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3middle/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/libm3/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3core/LINUXLIBC6 usr/bin/m3ship /usr/lib/m3/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/libm3/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3core/LINUXLIBC6 usr/bin/m3bundle /usr/lib/m3/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3config/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3templates/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3driver/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3linker/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3front/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3quake/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3middle/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/libm3/LINUXLIBC6:/var/tmp/portage/ezm3-1.2/work/ezm3-1.2/src/../binaries/LINUXLIBC6/usr/lib/m3/pkg/m3core/LINUXLIBC6 usr/bin/m3build along with QA Notice: the following files contain executable stacks Files with executable stacks will not work properly (or at all!) on some architectures/operating systems. A bug should be filed at http://bugs.gentoo.org/ to make sure the file is fixed. RWX --- --- usr/bin/m3ship RWX --- --- usr/bin/m3bundle RWX --- --- usr/bin/m3build !!! ERROR: dev-lang/ezm3-1.2 failed. !!! Function dyn_install, Line 1113, Exitcode 0 !!! Aborting due to serious QA concerns !!! If you need support, post the topmost build error, NOT this status message. Having to run with FEATURES="-strict" is sketchy
(hydrogen@meglomaniac:~)$ emerge --info Portage 2.1_pre1 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-ck5-stable i686) ================================================================= System uname: 2.6.14-ck5-stable i686 AMD Athlon(tm) XP 2500+ Gentoo Base System version 1.6.13 ccache version 2.3 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/share/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=athlon-xp -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache confcache distlocks sandbox sfperms" GENTOO_MIRRORS="http://gentoo.mirrors.pair.com http://gentoo.mirrors.tds.net" LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X alsa apache2 apm arts audiofile avi berkdb bitmap-fonts bzip2 cdb cdr crypt curl dri emboss encode exif expat fam ffmpeg flac foomaticdb fortran gd gdbm gif glut gpm gstreamer gtk2 idn imlib ipv6 java jpeg kde lcms libg++ libwww logitech-mouse mad mhash mikmod mng motif mp3 mpeg mysql ncurses nls ogg oggvorbis opengl oss pam pcre pdflib perl pic png postgres python qt quicktime readline ruby sdl spell sql ssl subversion tcpd tiff truetype truetype-fonts type1-fonts udev unicode usb vorbis xine xml2 xmms xv xvid zlib elibc_glibc kernel_linux userland_GNU" Unset: ASFLAGS, CTARGET, LDFLAGS, LINGUAS, MAKEOPTS
Created attachment 76866 [details, diff] files/ezm3-1.2-RUNPATH.patch Patch to build ezm3 statically. That seems to me the only way to remove the runpath security issue. As is only used to build cvsup is not a great deal.
Created attachment 76867 [details, diff] ezm3-1.2-r1.ebuild.patch Patch to ebuild to apply runpath patch
vapier: your opinion as maintainer ? Any other solution ?
The next ~arch portage revision will auto repair evil rpaths and not bail. Maintainers should still fix the packages they maintain as portage will only die with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@ http://bugs.gentoo.org/show_bug.cgi?id=124962
No longer a security issue with current stable portage, re-assigning to maintainer
masked to be punted