Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 380105 - sys-libs/libsmbios-2.4.3 - insecure RUNPATHs:/usr/sbin/smbios-sys-info-lite
Summary: sys-libs/libsmbios-2.4.3 - insecure RUNPATHs:/usr/sbin/smbios-sys-info-lite
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: AMD64 Linux
: Normal QA
Assignee: Marek Szuba (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-21 16:14 UTC by Mike Hammill
Modified: 2022-09-07 14:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Hammill 2011-08-21 16:14:45 UTC
When I recently recompiled sys-libs/libsmbios-2.2.19 because of the static-libs flag addition, I got the following QA notice:


* QA Notice: The following files contain insecure RUNPATHs
*  Please file a bug about this at http://bugs.gentoo.org/
*  with the maintaining herd of the package.
*   /var/tmp/portage/sys-libs/libsmbios-2.2.19/image/usr/sbin/smbios-sys-info-lite


Reproducible: Always

Steps to Reproduce:
1. build libsmbios-2.2.19

Actual Results:  
Get QA message

Expected Results:  
Builds w/o QA message
Comment 1 Mike Hammill 2011-08-21 16:15:42 UTC
Portage 2.1.10.3 (default/linux/amd64/10.0/no-multilib, gcc-4.4.5, glibc-2.12.2-r0, 2.6.39-gentoo-r3 x86_64)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.39-gentoo-r3-x86_64-Intel-R-_Pentium-R-_4_CPU_3.00GHz-with-gentoo-2.0.3
Timestamp of tree: Sun, 21 Aug 2011 11:15:01 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 2.4 [disabled]
app-shells/bash:          4.1_p9
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.1-r1, 3.1.4-r2
dev-util/ccache:          2.4-r9
dev-util/cmake:           2.8.4-r1
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/openrc:          0.8.3-r1
sys-apps/sandbox:         2.4
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:       2.20.1-r1
sys-devel/gcc:            4.4.5
sys-devel/gcc-config:     1.4.1-r1
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82
sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers)
sys-libs/glibc:           2.12.2
Repositories: gentoo bleeding-edge sunrise mhammill
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--autounmask=y --autounmask-write"
FEATURES="assume-digests binpkg-logs buildpkg collision-protect distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://ftp.ds.karen.hj.se/gentoo/ http://ftp.df.lth.se/pub/gentoo/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en en_US en_GB sv sv_SE"
MAKEOPTS="-j3"
PKGDIR="/var/pkg"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/bleeding-edge /var/lib/layman/sunrise /usr/local/portage"
SYNC="rsync://giddy.michael.hammill.name/gentoo-portage"
USE="X aac aalib acl afs alsa amd64 apache2 aspell assistant autoipd avahi bash-completion berkdb bidi branding bzip2 cairo caps cdda cgi cli consolekit contrib cracklib crypt cups curl cvs cxx dbus desktop-integration device-mapper dga dia djvu docbook dot dri dts dvd dvi dvi2tty dvipdfm emacs exif extensions extra extras fam ffmpeg flac fltk fontconfig fortran fuse gdbm gdu geoip gif gimp git gnuplot gnutls gpm graphics graphviz gs gstreamer gtk helpers hpn hwdb hyphenation iconv icu idn imagemagick imlib ipv6 jai java java6 jpeg kerberos kpathsea lame latex latex3 lcms ldap libcaca libnotify libssh2 libxml2 lightning live lm_sensors lua lyx m17n-lib mailwrapper matroska mmx mng modules mp3 mpeg mpi mpm-worker mudflap nagios-ntp nagios-ssh nano-syntax ncurses network-cron nls no-old-linux nptl nptlonly nsplugin nss ogg opencl opengl openmp openssl pam pcre pdf perl plotutils png policykit postscript ppds pppd pulseaudio python qt3support qt4 quicktime raw rcs readline rtf ruby sasl schroedinger screenshot secure-delete sensord session sound spell sse sse2 ssl startup-notification stream subversion svg sysfs system-sqlite system-v8 t1lib tcl tcpd templates tex4ht theora threads tiff tk tor tordns truetype twolame udev unicode v4l v4l2 vhosts vlm webdav webkit wmf wxwidgets xattr xft xinerana xorg xscreensaver xulrunner xv xvmc zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="access actions alias asis auth auth_anon auth_dbm auth_digest authz_default authz_host autoindex cache case_filter_in case_filter cern_meta cgi cgid charset_lite dav dav_fs dav_lock deflate dir disk_cache echo env expires ext_filter file_cache filter headers imap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_connect proxy_ftp proxy_http rewrite setenvif so speling status unique_id unique_id userdir usertrack vhost_alias authn_file authz_groupfile authz_user" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan stage tables krita karbon braindump active" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US en_GB sv sv_SE" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

sys-libs/libsmbios-2.2.19 was built with the following:
USE="graphviz nls python -doc -static-libs -test"
Comment 2 Agostino Sarubbo gentoo-dev 2017-01-04 16:53:18 UTC
Confirmed on latest:

 * Messages for package sys-libs/libsmbios-2.3.0-r1:

 * QA Notice: The following files contain insecure RUNPATHs
 *  Please file a bug about this at http://bugs.gentoo.org/
 *  with the maintainer of the package.
 *   /var/tmp/portage/sys-libs/libsmbios-2.3.0-r1/image/usr/sbin/smbios-sys-info-lite
 *     RPATH: /var/tmp/portage/sys-libs/libsmbios-2.3.0-r1/work/libsmbios-2.3.0/out/.libs
 *
Comment 3 Agostino Sarubbo gentoo-dev 2021-11-15 08:55:12 UTC
tinderbox has reproduced this issue with version 2.4.3 - Updating summary.
Comment 4 Larry the Git Cow gentoo-dev 2022-09-07 14:30:24 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb995ace8e1a1e3dc198a45fb8e01f3c12905f27

commit eb995ace8e1a1e3dc198a45fb8e01f3c12905f27
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2022-09-07 14:28:58 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2022-09-07 14:30:13 +0000

    sys-libs/libsmbios: prune insecure RPATH from smbios-sys-info-lite
    
    Closes: https://bugs.gentoo.org/380105
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 .../libsmbios/files/libsmbios-2.4.3-insecure_rpaths.patch   | 13 +++++++++++++
 sys-libs/libsmbios/libsmbios-2.4.3.ebuild                   |  1 +
 2 files changed, 14 insertions(+)