Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Nov 2007 11:19:11 -0500
From:      Randy Pratt <bsd-unix@embarqmail.com>
To:        fatman@crackmonkey.us
Cc:        "Aryeh M. Friedman" <aryeh.friedman@gmail.com>, FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: strange error when building cups
Message-ID:  <20071109111911.60800c03.bsd-unix@embarqmail.com>
In-Reply-To: <47347A3C.1030702@crackmonkey.us>
References:  <47347202.8060103@gmail.com> <47347A3C.1030702@crackmonkey.us>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 09 Nov 2007 15:18:20 +0000
Adam J Richardson <fatman@crackmonkey.us> wrote:

> Aryeh M. Friedman wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Can some tell me what this means and how to fix it:
> > 
> > ===>   cups-pstoraster-8.15.4_1 depends on shared library: cups.2 -
> > not found
> > ===>    Verifying install for cups.2 in /usr/ports/print/cups-base
> > ===>  cups-base-1.3.3 is forbidden: remote execution of arbitrary code.
> > *** Error code 1
> > 
> > Stop in /FreeBSD/FreeBSD-current/ports/print/cups-base.
> > *** Error code 1
> > 
> > Stop in /FreeBSD/FreeBSD-current/ports/print/cups-pstoraster.
> > *** Error code 1
> > 
> > Stop in /FreeBSD/FreeBSD-current/ports/print/cups.
> > 
> 
> Hi Aryeh,
> 
> I can't tell you about the error, but:
> 
> %pkg_info | grep cups
> cups-base-1.3.3     Common UNIX Printing System
> cups-pstoraster-8.15.4_1 Postscript interpreter for CUPS printing to 
> non-PS printers
> 
> Looks like the same versions. They do build ok. Perhaps a "make clean 
> distclean" will shake out the bugs?
> 
> 'Remote execution' is interesting. Do you use some sort of load balancer?

The print/cups-base was marked FORBIDDEN due remote execution of
arbitrary code on 2007-11-08, see:

  http://docs.freebsd.org/cgi/mid.cgi?200711081832.lA8IWv3T075088

You can read more about the vulnerability at:

  http://www.freebsd.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c2514716c.html

If you decide that your risk is acceptable you still wish to
install/update at this time, you can comment ( # ) the particular line
in the ports/print/cups-base/Makefile:

  #FORBIDDEN=      remote execution of arbitrary code

I would presume that cups-base-1.3.4 is going to be committed shortly
since there are quite a few ports that depend on it.

HTH,

Randy
--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071109111911.60800c03.bsd-unix>