strange error when building cups

Daniel Bye freebsd-questions at slightlystrange.org
Fri Nov 9 08:12:53 PST 2007 

On Fri, Nov 09, 2007 at 03:18:20PM +0000, Adam J Richardson wrote:
> Aryeh M. Friedman wrote:
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Can some tell me what this means and how to fix it:
> >
> >===>   cups-pstoraster-8.15.4_1 depends on shared library: cups.2 -
> >not found
> >===>    Verifying install for cups.2 in /usr/ports/print/cups-base
> >===>  cups-base-1.3.3 is forbidden: remote execution of arbitrary code.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-base.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-pstoraster.
> >*** Error code 1
> >
> >Stop in /FreeBSD/FreeBSD-current/ports/print/cups.
> >
> 
> Hi Aryeh,
> 
> I can't tell you about the error, but:
> 
> %pkg_info | grep cups
> cups-base-1.3.3     Common UNIX Printing System
> cups-pstoraster-8.15.4_1 Postscript interpreter for CUPS printing to 
> non-PS printers
> 
> Looks like the same versions. They do build ok. Perhaps a "make clean 
> distclean" will shake out the bugs?
> 
> 'Remote execution' is interesting. Do you use some sort of load balancer?

This means that there is a security flaw outstanding with the print/cups-base
package. It could potentially be exploited by an attacker to run arbitrary
code on your print server. 

The warning is being emitted by the following line in the print/cups-base 
Makefile:

FORBIDDEN=      remote execution of arbitrary code

The fix would be to find the vulnerability and patch it, or failing that,
contact the maintainer and see what he says. As a workaround, if you don't
care about the vulnerability, you can set NO_IGNORE in the make environment
and try again. ports(7) has more detail.

Dan

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20071109/c9aba55a/attachment.pgp

More information about the freebsd-questions mailing list