Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Nov 2007 16:12:43 +0000
From:      Daniel Bye <freebsd-questions@slightlystrange.org>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: strange error when building cups
Message-ID:  <20071109161243.GA22326@torus.slightlystrange.org>
In-Reply-To: <47347A3C.1030702@crackmonkey.us>
References:  <47347202.8060103@gmail.com> <47347A3C.1030702@crackmonkey.us>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Fri, Nov 09, 2007 at 03:18:20PM +0000, Adam J Richardson wrote:
> Aryeh M. Friedman wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Can some tell me what this means and how to fix it:
> >
> >===>   cups-pstoraster-8.15.4_1 depends on shared library: cups.2 -
> >not found
> >===>    Verifying install for cups.2 in /usr/ports/print/cups-base
> >===>  cups-base-1.3.3 is forbidden: remote execution of arbitrary code.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-base.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-pstoraster.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups.
> >
> 
> Hi Aryeh,
> 
> I can't tell you about the error, but:
> 
> %pkg_info | grep cups
> cups-base-1.3.3     Common UNIX Printing System
> cups-pstoraster-8.15.4_1 Postscript interpreter for CUPS printing to 
> non-PS printers
> 
> Looks like the same versions. They do build ok. Perhaps a "make clean 
> distclean" will shake out the bugs?
> 
> 'Remote execution' is interesting. Do you use some sort of load balancer?

This means that there is a security flaw outstanding with the print/cups-base
package. It could potentially be exploited by an attacker to run arbitrary
code on your print server. 

The warning is being emitted by the following line in the print/cups-base 
Makefile:

FORBIDDEN=      remote execution of arbitrary code

The fix would be to find the vulnerability and patch it, or failing that,
contact the maintainer and see what he says. As a workaround, if you don't
care about the vulnerability, you can set NO_IGNORE in the make environment
and try again. ports(7) has more detail.

Dan

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iD8DBQFHNIb7ixf5fBYiFmoRAoFsAJ9cgxHhNFR349cTn9a2paYGVCh6oQCdFbxx
/A5MLxfCnj1OeqYFT7BYjGs=
=1/nv
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071109161243.GA22326>