Date: Wed, 14 Nov 2007 16:53:14 -0600 From: Jonathan Horne <freebsd@dfwlp.com> To: freebsd-questions@freebsd.org Subject: Re: cups builds on one, but rejected by another? Message-ID: <200711141653.15028.freebsd@dfwlp.com> In-Reply-To: <a9f4a3860711141432j40c4cf33k82fe94bd16c865db@mail.gmail.com> References: <200711141539.47515.freebsd@dfwlp.com> <200711141619.42714.freebsd@dfwlp.com> <a9f4a3860711141432j40c4cf33k82fe94bd16c865db@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 14 November 2007 04:32:12 pm Kurt Buff wrote: > On 11/14/07, Jonathan Horne <freebsd@dfwlp.com> wrote: > > On Wednesday 14 November 2007 03:57:26 pm Kris Kennaway wrote: > > > Jonathan Horne wrote: > > > > On Wednesday 14 November 2007 03:39:47 pm Jonathan Horne wrote: > > > >> my jails server (6.2-p8) just ran portupgrade fine, and cups was one > > > >> of its items it updated: > > > >> > > > >> [root@canopus ~]# pkg_info | grep cups- > > > >> cups-base-1.3.3_2 Common UNIX Printing System > > > >> > > > >> but my 7.0-b2 desktop, refuses to build the same package: > > > >> > > > >> ===> cups-base-1.3.3_2 has known vulnerabilities: > > > >> => cups -- off-by-one buffer overflow. > > > >> Reference: > > > >> <http://www.FreeBSD.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c > > > >>2514 716 c.html> => Please update your ports tree and try again. > > > >> *** Error code 1 > > > >> > > > >> what would be the differences between the 2 systems that one would > > > >> build it, and the other reject the same port? ive not tweaked any > > > >> port security settings on either one, so this is some curious > > > >> behavior to me. > > > >> > > > >> thanks, > > > > > > > > another interesting thing, when you read the portaudit page for this, > > > > it says: > > > > > > > > Affects: > > > > cups-base <1.3.3_1 > > > > > > > > but yet 1.3.3_2 still is rejected. > > > > > > One or the other has either a stale portaudit database or ports tree. > > > > > > Kris > > > > what is the method for updating the portaudit database? both have had > > their ports trees updated today, the 7.0 box multiple times. > > > > thanks, > > -- > > Jonathan Horne > > http://dfwlpiki.dfwlp.org > > freebsd@dfwlp.com > > I ran into a similar issue with cups - what does 'portaudit -aF' give > on each machine? > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" interesting, portaudit seems to be part of the 7.0 base system now. on my BETA2 box: [root@athena /usr/ports]# portaudit -aF auditfile.tbz 100% of 45 kB 100 kBps New database installed. Affected package: cups-base-1.3.3 Type of problem: xpdf -- multiple remote Stream.CC vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/2747fc39-915b-11dc-9239-001c2514716c.html> Affected package: cups-base-1.3.3 Type of problem: cups -- off-by-one buffer overflow. Reference: <http://www.FreeBSD.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c2514716c.html> 2 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. portaudit is not installed on my 6.2 server, so i have no data to print for that one. thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org freebsd@dfwlp.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711141653.15028.freebsd>