Date: Fri, 9 Nov 2007 16:12:43 +0000 From: Daniel Bye <freebsd-questions@slightlystrange.org> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: strange error when building cups Message-ID: <20071109161243.GA22326@torus.slightlystrange.org> In-Reply-To: <47347A3C.1030702@crackmonkey.us> References: <47347202.8060103@gmail.com> <47347A3C.1030702@crackmonkey.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 09, 2007 at 03:18:20PM +0000, Adam J Richardson wrote: > Aryeh M. Friedman wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Can some tell me what this means and how to fix it: > > > >=3D=3D=3D> cups-pstoraster-8.15.4_1 depends on shared library: cups.2 - > >not found > >=3D=3D=3D> Verifying install for cups.2 in /usr/ports/print/cups-base > >=3D=3D=3D> cups-base-1.3.3 is forbidden: remote execution of arbitrary = code. > >*** Error code 1 > > > >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-base. > >*** Error code 1 > > > >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-pstoraster. > >*** Error code 1 > > > >Stop in /FreeBSD/FreeBSD-current/ports/print/cups. > > >=20 > Hi Aryeh, >=20 > I can't tell you about the error, but: >=20 > %pkg_info | grep cups > cups-base-1.3.3 Common UNIX Printing System > cups-pstoraster-8.15.4_1 Postscript interpreter for CUPS printing to=20 > non-PS printers >=20 > Looks like the same versions. They do build ok. Perhaps a "make clean=20 > distclean" will shake out the bugs? >=20 > 'Remote execution' is interesting. Do you use some sort of load balancer? This means that there is a security flaw outstanding with the print/cups-ba= se package. It could potentially be exploited by an attacker to run arbitrary code on your print server.=20 The warning is being emitted by the following line in the print/cups-base= =20 Makefile: FORBIDDEN=3D remote execution of arbitrary code The fix would be to find the vulnerability and patch it, or failing that, contact the maintainer and see what he says. As a workaround, if you don't care about the vulnerability, you can set NO_IGNORE in the make environment and try again. ports(7) has more detail. Dan --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHNIb7ixf5fBYiFmoRAoFsAJ9cgxHhNFR349cTn9a2paYGVCh6oQCdFbxx /A5MLxfCnj1OeqYFT7BYjGs= =1/nv -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071109161243.GA22326>