From 01a280b12734b1a4f3c5c5783ac19a19e23a56aa Mon Sep 17 00:00:00 2001 From: orbea Date: Mon, 2 Dec 2024 07:03:33 -0800 Subject: [PATCH] app-misc/jq: fix insecure RUNPATH Closes: https://bugs.gentoo.org/945698 Fixes: df24c1f97695d8a64a82577cd785e85ebe7ad4e7 Upstream-PR: https://github.com/jqlang/jq/pull/3212 Signed-off-by: orbea --- app-misc/jq/files/jq-1.7-runpath.patch | 17 ----------- app-misc/jq/files/jq-1.7.1-runpath.patch | 38 ++++++++++++++++++++++++ app-misc/jq/jq-1.7.1.ebuild | 2 +- 3 files changed, 39 insertions(+), 18 deletions(-) delete mode 100644 app-misc/jq/files/jq-1.7-runpath.patch create mode 100644 app-misc/jq/files/jq-1.7.1-runpath.patch diff --git a/app-misc/jq/files/jq-1.7-runpath.patch b/app-misc/jq/files/jq-1.7-runpath.patch deleted file mode 100644 index a8f76f7c90e16..0000000000000 --- a/app-misc/jq/files/jq-1.7-runpath.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index 0441d4a..8f1aa23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -283,4 +283,11 @@ AC_SUBST([BUNDLER], ["$bundle_cmd"]) - AC_CONFIG_MACRO_DIR([config/m4]) - AC_CONFIG_FILES([Makefile libjq.pc]) - AC_OUTPUT -- -+AC_ARG_ENABLE([rpathhack], -+ [AC_HELP_STRING([--enable-rpathhack], [patch libtool to remove RPATH])], -+ [ -+AC_MSG_RESULT([patching libtool to fix rpath]) -+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -+ ], -+ []) diff --git a/app-misc/jq/files/jq-1.7.1-runpath.patch b/app-misc/jq/files/jq-1.7.1-runpath.patch new file mode 100644 index 0000000000000..542218ca24c2b --- /dev/null +++ b/app-misc/jq/files/jq-1.7.1-runpath.patch @@ -0,0 +1,38 @@ +Fixes: https://github.com/gentoo/gentoo/commit/df24c1f97695d8a64a82577cd785e85ebe7ad4e7 +Upstream-PR: https://github.com/jqlang/jq/pull/3212 + +From f23a7373d079a4d4fd1f975936e81f35a66dfe84 Mon Sep 17 00:00:00 2001 +From: orbea +Date: Mon, 2 Dec 2024 09:46:33 -0800 +Subject: [PATCH] build: fix insecure RUNPATH + +In Gentoo -static-libtool-libs causes a QA Notice. + + * QA Notice: The following files contain insecure RUNPATHs + * Please file a bug about this at https://bugs.gentoo.org/ + * with the maintainer of the package. + * /var/tmp/portage/app-misc/jq-1.7.1/image/usr/bin/jqn RPATH: /var/tmp/portage/app-misc/jq-1.7.1/work/jq-jq-1.7.1/.libs + +Gentoo-Issue: https://bugs.gentoo.org/945698 +Signed-off-by: orbea +--- + Makefile.am | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index a183477fde..3f36993c0a 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -132,11 +132,10 @@ CLEANFILES = src/version.h .remake-version-h src/builtin.inc src/config_opts.inc + + bin_PROGRAMS = jq + jq_SOURCES = src/main.c src/version.h +-jq_LDFLAGS = -static-libtool-libs + jq_LDADD = libjq.la -lm + + if ENABLE_ALL_STATIC +-jq_LDFLAGS += -all-static ++jq_LDFLAGS = -all-static + endif + + ### Tests (make check) diff --git a/app-misc/jq/jq-1.7.1.ebuild b/app-misc/jq/jq-1.7.1.ebuild index 75a18f279527f..e828ea52bd3ee 100644 --- a/app-misc/jq/jq-1.7.1.ebuild +++ b/app-misc/jq/jq-1.7.1.ebuild @@ -30,6 +30,7 @@ RDEPEND=" " PATCHES=( "${FILESDIR}"/jq-1.6-r3-never-bundle-oniguruma.patch + "${FILESDIR}"/jq-1.7.1-runpath.patch ) RESTRICT="!test? ( test )" @@ -58,7 +59,6 @@ src_configure() { --disable-docs --disable-valgrind --disable-maintainer-mode - --enable-rpathhack $(use_enable static-libs static) $(use_with oniguruma oniguruma yes) )