Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 120304 - dev-libs/libcroco-0.6.0 insecure RUNPATH
Summary: dev-libs/libcroco-0.6.0 insecure RUNPATH
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Runpath Issues (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
Whiteboard: B? [ebuild] DerCorny
Depends on:
Blocks: 81745
  Show dependency tree
Reported: 2006-01-25 07:23 UTC by Jon Hood
Modified: 2007-01-14 20:45 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jon Hood 2006-01-25 07:23:33 UTC
libcroco fails

QA Notice: the following files contain insecure RUNPATH's...
/var/tmp/portage/libcroco-0.6.0/image/usr/lib64 usr/bin/csslint-0.6

see also.
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-25 08:10:48 UTC
gnome herd, pls verify and provide fixed ebuilds if necessary - thx.
Comment 2 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-01-26 08:45:38 UTC
I don't see this, either on amd64 or on x86, either stable or ~.
Comment 3 Jon Hood 2006-01-26 10:22:20 UTC
I am now unable to reproduce this, too, but apparently I'm not the only one that was experiencing it (see posted url).
Comment 4 Ivan Yosifov 2006-02-09 11:02:29 UTC
Check out for clock skew messages. I just got the same error and also got warnings about the mtimes of files in /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/include/ being in the future. After doing a touch /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/include/* the problem disappeared. Weird.
Comment 5 solar (RETIRED) gentoo-dev 2006-03-05 08:03:07 UTC
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2006-09-21 03:46:29 UTC
No longer a security issue with current stable portage, re-assigning to maintainer.
Comment 7 Mart Raudsepp gentoo-dev 2007-01-14 20:45:49 UTC
Can't see the problem either with 0.6.0 nor 0.6.1