Bug 26122 - bad wrapper for gdal tools
Summary: bad wrapper for gdal tools
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: David GEIGER
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 25809
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-23 09:29 CET by eric gerbier
Modified: 2020-01-30 21:12 CET (History)
3 users (show)

See Also:
Source RPM: gdal-2.4.1-2.1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description eric gerbier 2020-01-23 09:29:59 CET
Description of problem:
I want to use the gdalinfo tool (from gdal package), but I got the following error message

/usr/bin/gdalinfo: error: '/usr/bin/.libs/gdalinfo' does not exist
This script is just a wrapper for gdalinfo.

and it is the same for all gdal tools : gdaldem, gdalmanage ...


Version-Release number of selected component (if applicable):
I have tested the 2 packages gdal-2.4.1-2.1.mga7.src.rpm and gdal-2.4.3-1.mga7.src.rpm (updates_testing)

How reproducible:


Steps to Reproduce:
1. urpmi gdal
2. gdalinfo
Comment 1 David GEIGER 2020-01-23 09:55:59 CET
No need to duplicate a bug, we are already on it here:

https://bugs.mageia.org/show_bug.cgi?id=25809

CC: (none) => geiger.david68210

Lewis Smith 2020-01-23 20:34:25 CET

Blocks: (none) => 25809

Comment 2 Lewis Smith 2020-01-23 20:37:44 CET
This is a bit confusing, David. Bug 25809 is about:
 gdal new security issue CVE-2019-17545 
This problem was discovered there, but is a different issue.
BTAIM In https://bugs.mageia.org/show_bug.cgi?id=25809#c6 Eric offers a solution.
So I am daring to:
- Block 25809 on this one 26122
- Set this one 26122 as blocking the other 25809

For convenience, copied below are comments 5 & 6 from the security bug:
-------------------------------------
 David GEIGER 2020-01-23 09:09:00 CET
Hmmm! yes strange this issue! and we have this problem for a while apparently.
The gdalinfo script says:
#!/usr/bin/sh
# gdalinfo - temporary wrapper script for .libs/gdalinfo
# Generated by libtool (GNU libtool) 2.4.6
#
# The gdalinfo program cannot be directly executed until all the libtool
# libraries that it depends on are installed.
#
# This wrapper script should never be moved out of the build directory.
# If it is, it will not operate correctly.
# Sed substitution that helps us do robust quoting.  It backslashifies
# metacharacters that are still active within double-quoted strings.

The real problem is that gdalinfo should be a binary and not just a script.
I tried locally to find what is going wrong but without success.
-------------------------------------
 eric gerbier 2020-01-23 13:48:36 CET

I have an answer : the problems comes first from the install target in the makefile for apps directory

$ diff -u apps/GNUmakefile.orig apps/GNUmakefile
--- apps/GNUmakefile.orig	2020-01-23 13:43:42.990620775 +0100
+++ apps/GNUmakefile	2020-01-23 11:35:46.774852333 +0100
@@ -216,6 +216,8 @@
 
 install: default
 	for f in $(BIN_LIST) ; do $(INSTALL) $$f $(DESTDIR)$(INST_BIN) ; done
+	mkdir -p $(DESTDIR)$(INST_BIN)/.libs
+	for f in $(BIN_LIST) ; do $(INSTALL) .libs/$$f $(DESTDIR)$(INST_BIN)/.libs ; done
 	$(INSTALL_DATA) gdal_utils.h $(DESTDIR)$(INST_INCLUDE)
 	$(INSTALL) gdal-config-inst $(DESTDIR)$(INST_BIN)/gdal-config

this will install also the real binaries in .libs directory

the second change will be in gdal spec file :

diff -u gdal.spec.orig gdal.spec
--- gdal.spec.orig	2020-01-23 13:45:44.543398861 +0100
+++ gdal.spec	2020-01-23 13:45:52.873589247 +0100
@@ -256,7 +256,6 @@
 %doc NEWS VERSION
 %{_datadir}/gdal
 %{_bindir}/*
-%{_bindir}/.libs/*
 %{_mandir}/man1/*
 %{_datadir}/bash-completion/completions/*
 %exclude %{_bindir}/gdal-config

this will include the real binaries in rpm package
--------------------------------------------------
Assigning to you DavidG as already looking at the fault. I would leave the security bug alone until this problem is sorted, then it can be re-tested.
Complain if you disagree; I am CC'd on both.

Assignee: bugsquad => geiger.david68210
CC: (none) => lewyssmith

David Walser 2020-01-23 21:45:21 CET

Depends on: (none) => 25809
Blocks: 25809 => (none)

Comment 3 Thomas Backlund 2020-01-30 21:12:30 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0068.html

Resolution: (none) => FIXED
CC: (none) => tmb
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.