qdbm-1.8.48 (stable) contains RUNPATH issues as a result of LD_RUN_PATH=/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib qdbm-1.8.49 and qdbm-1.8.53 also suffer the same problem. same as bug 108534 but different version From emerge: ln -f -s libqdbm.so.12.9.0 libqdbm.so LD_RUN_PATH=/lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib i686-pc-linux-gnu-gcc -Wall -ansi -pedantic -fPIC -fsigned-char -O2 -fomit-frame-pointer -DNDEBUG -o dpmgr dpmgr.o -L. -L/var/tmp/portage/qdbm-1.8.48/homedir/lib -L/usr/local/lib -lqdbm -lbz2 -lz -lpthread -lc QA Notice: the following files contain insecure RUNPATH's Please file a bug about this at http://bugs.gentoo.org/ with the maintaining herd of the package. Summary: dev-db/qdbm: insecure RPATH /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/dpmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/dptsv /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/crmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/crtsv /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/rlmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/hvmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/cbcodec /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/vlmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/vltsv /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/odmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/odidx /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/dpmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/dptsv /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/crmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/crtsv /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/rlmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/hvmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/cbcodec /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/vlmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/vltsv /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/odmgr /lib:/usr/lib:/var/tmp/portage/qdbm-1.8.48/homedir/lib:/usr/local/lib:/usr/lib usr/bin/odidx # emerge --info Portage 2.1-r1 (hardened/x86/2.6, gcc-3.4.6, glibc-2.3.5-r2, 2.6.14-hardened-r5 i686) ================================================================= System uname: 2.6.14-hardened-r5 i686 Pentium III (Coppermine) Gentoo Base System version 1.6.15 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.3.5, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2
Created attachment 91671 [details, diff] qdbm-runpath2.diff a fix
*** Bug 146623 has been marked as a duplicate of this bug. ***
arm, s390 and sh need to stabilize 1.8.70-r1 to fix this bug.
qdbm-1.8.70-r1 all stable as per bug 149578 GLSA vote no as portage has fixed runpath issues before install for ages and its pretty hard to exploit. Time for closure and qdbm-1.8.46 removal (nothing explictly needs this version)?
Closing - thanks Tavis