When I recently recompiled sys-libs/libsmbios-2.2.19 because of the static-libs flag addition, I got the following QA notice: * QA Notice: The following files contain insecure RUNPATHs * Please file a bug about this at http://bugs.gentoo.org/ * with the maintaining herd of the package. * /var/tmp/portage/sys-libs/libsmbios-2.2.19/image/usr/sbin/smbios-sys-info-lite Reproducible: Always Steps to Reproduce: 1. build libsmbios-2.2.19 Actual Results: Get QA message Expected Results: Builds w/o QA message
Portage 2.1.10.3 (default/linux/amd64/10.0/no-multilib, gcc-4.4.5, glibc-2.12.2-r0, 2.6.39-gentoo-r3 x86_64) ================================================================= System Settings ================================================================= System uname: Linux-2.6.39-gentoo-r3-x86_64-Intel-R-_Pentium-R-_4_CPU_3.00GHz-with-gentoo-2.0.3 Timestamp of tree: Sun, 21 Aug 2011 11:15:01 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [disabled] app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.1-r1, 3.1.4-r2 dev-util/ccache: 2.4-r9 dev-util/cmake: 2.8.4-r1 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.5 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82 sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers) sys-libs/glibc: 2.12.2 Repositories: gentoo bleeding-edge sunrise mhammill ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--autounmask=y --autounmask-write" FEATURES="assume-digests binpkg-logs buildpkg collision-protect distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://ftp.ds.karen.hj.se/gentoo/ http://ftp.df.lth.se/pub/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en en_US en_GB sv sv_SE" MAKEOPTS="-j3" PKGDIR="/var/pkg" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/bleeding-edge /var/lib/layman/sunrise /usr/local/portage" SYNC="rsync://giddy.michael.hammill.name/gentoo-portage" USE="X aac aalib acl afs alsa amd64 apache2 aspell assistant autoipd avahi bash-completion berkdb bidi branding bzip2 cairo caps cdda cgi cli consolekit contrib cracklib crypt cups curl cvs cxx dbus desktop-integration device-mapper dga dia djvu docbook dot dri dts dvd dvi dvi2tty dvipdfm emacs exif extensions extra extras fam ffmpeg flac fltk fontconfig fortran fuse gdbm gdu geoip gif gimp git gnuplot gnutls gpm graphics graphviz gs gstreamer gtk helpers hpn hwdb hyphenation iconv icu idn imagemagick imlib ipv6 jai java java6 jpeg kerberos kpathsea lame latex latex3 lcms ldap libcaca libnotify libssh2 libxml2 lightning live lm_sensors lua lyx m17n-lib mailwrapper matroska mmx mng modules mp3 mpeg mpi mpm-worker mudflap nagios-ntp nagios-ssh nano-syntax ncurses network-cron nls no-old-linux nptl nptlonly nsplugin nss ogg opencl opengl openmp openssl pam pcre pdf perl plotutils png policykit postscript ppds pppd pulseaudio python qt3support qt4 quicktime raw rcs readline rtf ruby sasl schroedinger screenshot secure-delete sensord session sound spell sse sse2 ssl startup-notification stream subversion svg sysfs system-sqlite system-v8 t1lib tcl tcpd templates tex4ht theora threads tiff tk tor tordns truetype twolame udev unicode v4l v4l2 vhosts vlm webdav webkit wmf wxwidgets xattr xft xinerana xorg xscreensaver xulrunner xv xvmc zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access actions alias asis auth auth_anon auth_dbm auth_digest authz_default authz_host autoindex cache case_filter_in case_filter cern_meta cgi cgid charset_lite dav dav_fs dav_lock deflate dir disk_cache echo env expires ext_filter file_cache filter headers imap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_connect proxy_ftp proxy_http rewrite setenvif so speling status unique_id unique_id userdir usertrack vhost_alias authn_file authz_groupfile authz_user" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump active" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US en_GB sv sv_SE" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= sys-libs/libsmbios-2.2.19 was built with the following: USE="graphviz nls python -doc -static-libs -test"
Confirmed on latest: * Messages for package sys-libs/libsmbios-2.3.0-r1: * QA Notice: The following files contain insecure RUNPATHs * Please file a bug about this at http://bugs.gentoo.org/ * with the maintainer of the package. * /var/tmp/portage/sys-libs/libsmbios-2.3.0-r1/image/usr/sbin/smbios-sys-info-lite * RPATH: /var/tmp/portage/sys-libs/libsmbios-2.3.0-r1/work/libsmbios-2.3.0/out/.libs *
tinderbox has reproduced this issue with version 2.4.3 - Updating summary.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb995ace8e1a1e3dc198a45fb8e01f3c12905f27 commit eb995ace8e1a1e3dc198a45fb8e01f3c12905f27 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2022-09-07 14:28:58 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2022-09-07 14:30:13 +0000 sys-libs/libsmbios: prune insecure RPATH from smbios-sys-info-lite Closes: https://bugs.gentoo.org/380105 Signed-off-by: Marek Szuba <marecki@gentoo.org> .../libsmbios/files/libsmbios-2.4.3-insecure_rpaths.patch | 13 +++++++++++++ sys-libs/libsmbios/libsmbios-2.4.3.ebuild | 1 + 2 files changed, 14 insertions(+)