QA Notice: the following files contain insecure RUNPATH's Please file a bug about this at http://bugs.gentoo.org/ For more information on this issue, kindly review: http://bugs.gentoo.org/81745 /var/tmp/portage/gucharmap-1.4.4/image//usr/lib usr/bin/gucharmap !!! ERROR: gnome-extra/gucharmap-1.4.4 failed. !!! Function dyn_install, Line 1057, Exitcode 0 !!! Insecure binaries detected emerge --info: Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.3.6, glibc-2.3.5-r2, 2.6.14-gentoo-r5 i686) ================================================================= System uname: 2.6.14-gentoo-r5 i686 AMD Sempron(tm) Processor 3100+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.easynet.nl/mirror/gentoo/ http://ftp.easynet.nl/mirror/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ http://gentoo.osuosl.org/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://localbox[edit]/gentoo-portage" USE="x86 X alsa apm arts audiofile avi berkdb bitmap-fonts bzip2 crypt cups eds emacs emboss encode esd exif expat fam firefox foomaticdb fortran gdbm gif glut gnome gpm gstreamer gtk gtk2 gtkhtml hal howl imlib ipv6 jpeg lcms libg++ libwww mad mikmod mng motif mp3 mpeg ncurses nls ogg oggvorbis opengl oss pam pdflib perl png python quicktime readline sdl spell ssl tcpd tiff truetype truetype-fonts type1-fonts udev usb vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Just trying to help with further tests and information I gave a go to the workaround in http://forums.gentoo.org/viewtopic-p-3072660.html#3072660 That worked for me with other packages with RPATH problems, but no this time. I added the following piece of code: src_install() { /usr/bin/chrpath -r /usr/lib /var/tmp/portage/gucharmap-1.4.4/image//usr/bin/gucharmap make DESTDIR=${D} install } as indicated on that post, but it caused some access violations (see attached file) ******* emerge --info: Portage 2.0.54 (default-linux/x86/2005.0, gcc-3.3.6, glibc-2.3.5-r2, 2.6.14-gentoo-r5 i686) ================================================================= System uname: 2.6.14-gentoo-r5 i686 AMD Athlon(tm) XP 1700+ Gentoo Base System version 1.6.14 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.8.1-r1, 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=athlon-xp -fomit-frame-pointer -fforce-addr -frerun-loop-opt -floop-optimize -frerun-cse-after-loop -falign-functions=4" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -pipe -march=athlon-xp -fomit-frame-pointer -fforce-addr -frerun-loop-opt -floop-optimize -frerun-cse-after-loop -falign-functions=4" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict test" GENTOO_MIRRORS="http://linuv.uv.es/mirror/gentoo/ http://ftp.caliu.info/pub/gentoo/ http://mirror.ovh.net/gentoo-distfiles/" LANG="es_ES.UTF-8" LC_ALL="es_ES.UTF-8" LINGUAS="es en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow X acpi alsa apache2 audiofile avi bash-completion bidi bitmap-fonts browserplugin bzip2 bzlib canna cdr cjk crypt cups curl dga directfb divx4linux doc dvb dvd dvdr eds emboss encode esd ethereal evo exif expat fam fbcon ffmpeg fftw flac foomaticdb freewnn ftp gb gcj gd gdbm gif glut gmp gnome gpm gstreamer gtk gtk2 gtkhtml hal iconv idn imagemagick imlib iodbc java jikes jpeg kde lcms libg++ libwww mad memlimit mikmod mime mmx mng motif mozilla mp3 mpeg msn nas nls nptl odbc offensive ogg oggvorbis openal opengl pam pcre pdflib perl png pnp posix ppds quicktime readline samba sdl sharedmem simplexml spell ssl svg svga sysvipc szip tcltk tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales videos vorbis wmf x86 xml xmms xv xvid zlib video_cards_nvidia linguas_es linguas_en userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LDFLAGS
Created attachment 79307 [details] Log of access violations
The next ~arch portage revision will auto repair evil rpaths and not bail. Maintainers should still fix the packages they maintain as portage will only die with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@ http://bugs.gentoo.org/show_bug.cgi?id=124962
Reassigning to gnome herd then.
This version is no longer in portage, and the current gucharmap does not contain insecure RUNPATHs, marking this as FIXED.