Merge of net-p2p/sancho-bin-0.9.4.56: strip: i686-pc-linux-gnu-strip --strip-unneeded /opt/sancho/lib/libswt-mozilla-gtk-3218.so /opt/sancho/lib/libgcj.so.6.0.0 /opt/sancho/lib/libswt-gtk-3218.so /opt/sancho/lib/libgcc_s.so.1 /opt/sancho/lib/libswt-atk-gtk-3218.so /opt/sancho/lib/libswt-pi-gtk-3218.so /opt/sancho/lib/libswt-cairo-gtk-3218.so /opt/sancho/lib/libswt-gnome-gtk-3218.so /opt/sancho/lib/libswt-glx-gtk-3218.so /opt/sancho/lib/libswt-awt-gtk-3218.so /opt/sancho/sancho-bin scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.:./lib' in /var/tmp/portage/sancho-bin-0.9.4.56/image//opt/sancho/sancho-bin scanelf: rpath_security_checks(): Security problem with relative DT_RPATH './lib' in /var/tmp/portage/sancho-bin-0.9.4.56/image//opt/sancho/sancho-bin Issue similiar to bug 117063.
the sancho wrapper script cd's to /opt/bin before executing, so not possible to exploit this unless someone executes it directly. nevertheless, should be fixed.
The next ~arch portage revision will auto repair evil rpaths and not bail. Maintainers should still fix the packages they maintain as portage will only die with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@ http://bugs.gentoo.org/show_bug.cgi?id=124962
No longer a security issue with current stable portage, re-assigning to maintainer.
As it's a not a security issue anymore