Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 123053 - sci-libs/comedilib-0.7.21 RUNPATH bug
Summary: sci-libs/comedilib-0.7.21 RUNPATH bug
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Runpath Issues (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Blocks: 81745
  Show dependency tree
Reported: 2006-02-16 09:33 UTC by MAL
Modified: 2006-03-13 09:52 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

fix rpath problem - comedilib-0.7.21 (comedilib-0.7.21-r1.ebuild,689 bytes, text/plain)
2006-03-08 07:40 UTC, Ben Gardiner
fix comedi_calibrate/ to respect DESTDIR in install-data-local (comedilib-0.7.21.patch,458 bytes, patch)
2006-03-08 09:47 UTC, Ben Gardiner
Details | Diff
2nd fix rpath problem - comedilib-0.7.21 (comedilib-0.7.21-r1.ebuild,770 bytes, text/plain)
2006-03-08 09:53 UTC, Ben Gardiner

Note You need to log in before you can comment on or make changes to this bug.
Description MAL 2006-02-16 09:33:38 UTC
making executable: /usr/lib/

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at
 For more information on this issue, kindly review:
/var/tmp/portage/comedilib-0.7.21/image//usr/lib usr/lib/python2.4/site-packages/
/var/tmp/portage/comedilib-0.7.21/image//usr/lib usr/bin/comedi_calibrate
/var/tmp/portage/comedilib-0.7.21/image//usr/lib usr/bin/comedi_test

Bug #81745 said report each application as a new bug.
I just upgraded python from 2.2 to 2.4 (old embedded system being upgraded), and this was one of the packages rebuilt by python-updater.

emerge info:

Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.2.3, glibc-2.3.2-r3, 2.6.15-procyon1-i870 i686)
System uname: 2.6.15-procyon1-i870 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz
Gentoo Base System version 1.6.14
dev-lang/python:     2.2.3-r5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.59-r5
sys-devel/automake:  1.8.5-r1
sys-devel/libtool:   1.4.3-r1, 1.5.2-r7
virtual/os-headers:  2.4.19-r1
CFLAGS="-march=pentium4 -O2 -pipe"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=pentium4 -O2 -pipe"
FEATURES="autoconfig distlocks notitles sandbox sfperms strict"
USE="x86 apache2 apm berkdb directfb dvd dvdr dvdread edl fbcon gdbm gif jpeg mmx mmx2 mpeg ncurses nls oss pam png python readline rtc sse sse2 ssl truetype zlib userland_GNU kernel_linux elibc_glibc"
Comment 1 solar (RETIRED) gentoo-dev 2006-03-05 08:03:19 UTC
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@
Comment 2 Patrizio Bassi 2006-03-06 00:57:42 UTC
same here.
Comment 3 Ben Gardiner 2006-03-08 07:40:58 UTC
Created attachment 81688 [details]
fix rpath problem - comedilib-0.7.21
Comment 4 Ben Gardiner 2006-03-08 07:41:44 UTC
I think I have a fix.
What seems to happen is that the autotools-based build uses $prefix to set the rpath of when it is linked (with libtool). This path is used to set the rpath of comedi_calibrate et. al. during the 'make install' (which also uses libtool for install). 
The solution is to configure the package with --prefix=/usr and install it using DESTDIR=${D}. Note that the package still needs to be configured with --localstatedir=${D}/var because the automake-based makefile, comedi_calibrate/ does not respect DESTDIR for the install-data-local target.
Also, I have changed the 'make' command in src_compile() to 'emake || die'.
Comment 5 Ben Gardiner 2006-03-08 08:27:27 UTC
I have posted a bug at about the target, install-data-local, not respecting DESTDIR.
Comment 6 SpanKY gentoo-dev 2006-03-08 08:30:35 UTC
yeah, this ebuild's src_compile is way broken

the updated ebuild should also *not* pass $D to configure ... patch the makefiles, dont hack configure
Comment 7 Ben Gardiner 2006-03-08 09:47:15 UTC
Created attachment 81698 [details, diff]
fix comedi_calibrate/ to respect DESTDIR in install-data-local

(In reply to comment #6)
> yeah, this ebuild's src_compile is way broken
> the updated ebuild should also *not* pass $D to configure ... patch the
> makefiles, dont hack configure

Definitely. I realize that passing ${D} to configure _is bad_; however, the option --localstatedir is considered only by one target in one makefile and the target in an install hook. The whole subdir is phased out in the CVS version; so it's not a big deal to 'hack' ./configure. But you're the boss: Here is a patch for the makefile.
Comment 8 Ben Gardiner 2006-03-08 09:53:40 UTC
Created attachment 81699 [details]
2nd fix rpath problem - comedilib-0.7.21

updated the ebuild to stop passing ${D} to configure and apply the above patch
Comment 9 SpanKY gentoo-dev 2006-03-08 15:20:01 UTC
thanks, patches/ebuilds look good to me ... up to the maintainer to update the tree now
Comment 10 Caleb Tennis (RETIRED) gentoo-dev 2006-03-08 15:32:07 UTC
he's right - that's me.
Comment 11 Patrizio Bassi 2006-03-12 00:28:52 UTC
fix works, can you commit to cvs?
Comment 12 Caleb Tennis (RETIRED) gentoo-dev 2006-03-13 09:52:25 UTC
removed comedi, and as such have removed comedilib from portage.