Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Nov 2007 16:12:43 +0000
From:      Daniel Bye <freebsd-questions@slightlystrange.org>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: strange error when building cups
Message-ID:  <20071109161243.GA22326@torus.slightlystrange.org>
In-Reply-To: <47347A3C.1030702@crackmonkey.us>
References:  <47347202.8060103@gmail.com> <47347A3C.1030702@crackmonkey.us>
next in thread | previous in thread | raw e-mail | index | archive | help 

--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 09, 2007 at 03:18:20PM +0000, Adam J Richardson wrote:
> Aryeh M. Friedman wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Can some tell me what this means and how to fix it:
> >
> >=3D=3D=3D>   cups-pstoraster-8.15.4_1 depends on shared library: cups.2 -
> >not found
> >=3D=3D=3D>    Verifying install for cups.2 in /usr/ports/print/cups-base
> >=3D=3D=3D>  cups-base-1.3.3 is forbidden: remote execution of arbitrary =
code.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-base.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-pstoraster.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups.
> >
>=20
> Hi Aryeh,
>=20
> I can't tell you about the error, but:
>=20
> %pkg_info | grep cups
> cups-base-1.3.3     Common UNIX Printing System
> cups-pstoraster-8.15.4_1 Postscript interpreter for CUPS printing to=20
> non-PS printers
>=20
> Looks like the same versions. They do build ok. Perhaps a "make clean=20
> distclean" will shake out the bugs?
>=20
> 'Remote execution' is interesting. Do you use some sort of load balancer?

This means that there is a security flaw outstanding with the print/cups-ba=
se
package. It could potentially be exploited by an attacker to run arbitrary
code on your print server.=20

The warning is being emitted by the following line in the print/cups-base=
=20
Makefile:

FORBIDDEN=3D      remote execution of arbitrary code

The fix would be to find the vulnerability and patch it, or failing that,
contact the maintainer and see what he says. As a workaround, if you don't
care about the vulnerability, you can set NO_IGNORE in the make environment
and try again. ports(7) has more detail.

Dan

--=20
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

--WIyZ46R2i8wDzkSu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHNIb7ixf5fBYiFmoRAoFsAJ9cgxHhNFR349cTn9a2paYGVCh6oQCdFbxx
/A5MLxfCnj1OeqYFT7BYjGs=
=1/nv
-----END PGP SIGNATURE-----

--WIyZ46R2i8wDzkSu--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071109161243.GA22326>