18202547 memcached lib comes with erroneous RPATH and RUNPATH
18253985 pkglint should check for non-existent RUNPATH directories
--- a/components/memcached/Makefile Mon Mar 03 23:00:33 2014 -0800
+++ b/components/memcached/Makefile Tue Mar 04 10:19:09 2014 -0800
@@ -51,7 +51,13 @@
CFLAGS += -D__ATTRIBUTE_DISABLED
CONFIGURE_BINDIR.64 = $(CONFIGURE_PREFIX)/lib/$(MACH64)
-CONFIGURE_OPTIONS.64 += --with-libevent=/usr/lib/${MACH64}
+CONFIGURE_OPTIONS.64 += --with-libevent=/usr/lib/$(MACH64)
+# The below works around a bug in configure/configure.ac that sets
+# an incorrect runpath.
+# Setting ac_cv_libevent bypasses libevent checks in configure,
+# including setting the runpath (-R), which is currently ok
+# because libevent is in a default library directory.
+CONFIGURE_OPTIONS.64 += "ac_cv_libevent_dir=/usr/lib/$(MACH64)"
CONFIGURE_OPTIONS += --enable-dtrace --disable-docs --disable-coverage
CONFIGURE_OPTIONS += --localstatedir=/var
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
--- a/components/openssh/openssh.p5m Mon Mar 03 23:00:33 2014 -0800
+++ b/components/openssh/openssh.p5m Tue Mar 04 10:19:09 2014 -0800
@@ -51,18 +51,32 @@
mediator-implementation=openssh
link path=usr/bin/ssh-keyscan target=../lib/openssh/bin/ssh-keyscan \
mediator=ssh mediator-implementation=openssh
-file usr/bin/scp path=usr/lib/openssh/bin/scp mode=0555
-file usr/bin/sftp path=usr/lib/openssh/bin/sftp mode=0555
-file usr/bin/ssh path=usr/lib/openssh/bin/ssh mode=0555
-file usr/bin/ssh-add path=usr/lib/openssh/bin/ssh-add mode=0555
-file usr/bin/ssh-agent path=usr/lib/openssh/bin/ssh-agent mode=2555
-file usr/bin/ssh-keygen path=usr/lib/openssh/bin/ssh-keygen mode=0555
-file usr/bin/ssh-keyscan path=usr/lib/openssh/bin/ssh-keyscan mode=0555
-file usr/lib/ssh/sftp-server path=usr/lib/openssh/lib/sftp-server mode=0555
-file usr/lib/ssh/ssh-keysign path=usr/lib/openssh/lib/ssh-keysign mode=4555
-file usr/lib/ssh/ssh-pkcs11-helper path=usr/lib/openssh/lib/ssh-pkcs11-helper \
- mode=0555
-file usr/lib/ssh/sshd path=usr/lib/openssh/lib/sshd mode=0555
+# RUNPATH pkglint checking (userland.action001.3) ERRORs on these ELF files
+# are changed to INFO messages; remove this bypass when
+# usr/local/lib is removed from their runpaths
+file usr/bin/scp path=usr/lib/openssh/bin/scp mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/bin/sftp path=usr/lib/openssh/bin/sftp mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/bin/ssh path=usr/lib/openssh/bin/ssh mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/bin/ssh-add path=usr/lib/openssh/bin/ssh-add mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/bin/ssh-agent path=usr/lib/openssh/bin/ssh-agent mode=2555 \
+ pkg.linted.userland.action001.3=true
+file usr/bin/ssh-keygen path=usr/lib/openssh/bin/ssh-keygen mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/bin/ssh-keyscan path=usr/lib/openssh/bin/ssh-keyscan mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/lib/ssh/sftp-server path=usr/lib/openssh/lib/sftp-server mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/lib/ssh/ssh-keysign path=usr/lib/openssh/lib/ssh-keysign mode=4555 \
+ pkg.linted.userland.action001.3=true
+file usr/lib/ssh/ssh-pkcs11-helper path=usr/lib/openssh/lib/ssh-pkcs11-helper \
+ mode=0555 \
+ pkg.linted.userland.action001.3=true
+file usr/lib/ssh/sshd path=usr/lib/openssh/lib/sshd mode=0555 \
+ pkg.linted.userland.action001.3=true
link path=usr/lib/ssh/sftp-server target=../openssh/lib/sftp-server \
mediator=ssh mediator-implementation=openssh
link path=usr/lib/ssh/ssh-keysign target=../openssh/lib/ssh-keysign \
--- a/tools/python/pkglint/userland.py Mon Mar 03 23:00:33 2014 -0800
+++ b/tools/python/pkglint/userland.py Tue Mar 04 10:19:09 2014 -0800
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved.
#
# Some userland consolidation specific lint checks
@@ -238,7 +238,7 @@
# aslr_tag_string will get stdout; err will get stderr
aslr_tag_string, err = aslr_tag_process.communicate()
- # No ASLR tag was found; everthing must be tagged
+ # No ASLR tag was found; everything must be tagged
if aslr_tag_process.returncode != 0:
engine.error(
_("'%s' is not tagged for aslr") % (path),
@@ -273,6 +273,45 @@
if match == False:
list.append(dir)
+ # Make sure RUNPATH matches against a packaged path.
+ # Don't check runpaths starting with $ORIGIN, which
+ # is specially handled by the linker.
+
+ elif not dir.startswith('$ORIGIN/'):
+
+ # Strip out leading and trailing '/' in the
+ # runpath, since the reference paths don't start
+ # with '/' and trailing '/' could cause mismatches.
+ # Check first if there is an exact match, then check
+ # if any reference path starts with this runpath
+ # plus a trailing slash, since it may still be a link
+ # to a directory that has no action because it uses
+ # the default attributes.
+
+ relative_dir = dir.strip('/')
+ if not relative_dir in self.ref_paths and \
+ not any(key.startswith(relative_dir + '/')
+ for key in self.ref_paths):
+
+ # If still no match, if the runpath contains
+ # an embedded symlink, emit a warning; it may or may
+ # not resolve to a legitimate path.
+ # E.g., for usr/openwin/lib, usr/openwin->X11 and
+ # usr/X11/lib are packaged, but usr/openwin/lib is not.
+ # Otherwise, runpath is bad; add it to list.
+ embedded_link = False
+ pdir = os.path.dirname(relative_dir)
+ while pdir != '':
+ if (pdir in self.ref_paths and
+ self.ref_paths[pdir][0][1].name == "link"):
+ embedded_link = True
+ engine.warning(
+ _("runpath '%s' in '%s' not found in reference paths but contains symlink at '%s'") % (dir, path, pdir),
+ msgid="%s%s.3" % (self.name, "001"))
+ break
+ pdir = os.path.dirname(pdir)
+ if not embedded_link:
+ list.append(dir)
if bits == 32:
for expr in self.runpath_64_re: