cups builds on one, but rejected by another?

Jonathan Horne freebsd at dfwlp.com
Wed Nov 14 14:53:19 PST 2007 

On Wednesday 14 November 2007 04:32:12 pm Kurt Buff wrote:
> On 11/14/07, Jonathan Horne <freebsd at dfwlp.com> wrote:
> > On Wednesday 14 November 2007 03:57:26 pm Kris Kennaway wrote:
> > > Jonathan Horne wrote:
> > > > On Wednesday 14 November 2007 03:39:47 pm Jonathan Horne wrote:
> > > >> my jails server (6.2-p8) just ran portupgrade fine, and cups was one
> > > >> of its items it updated:
> > > >>
> > > >> [root at canopus ~]# pkg_info | grep cups-
> > > >> cups-base-1.3.3_2   Common UNIX Printing System
> > > >>
> > > >> but my 7.0-b2 desktop, refuses to build the same package:
> > > >>
> > > >> ===>  cups-base-1.3.3_2 has known vulnerabilities:
> > > >> => cups -- off-by-one buffer overflow.
> > > >>    Reference:
> > > >> <http://www.FreeBSD.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c
> > > >>2514 716 c.html> => Please update your ports tree and try again.
> > > >> *** Error code 1
> > > >>
> > > >> what would be the differences between the 2 systems that one would
> > > >> build it, and the other reject the same port?  ive not tweaked any
> > > >> port security settings on either one, so this is some curious
> > > >> behavior to me.
> > > >>
> > > >> thanks,
> > > >
> > > > another interesting thing, when you read the portaudit page for this,
> > > > it says:
> > > >
> > > > Affects:
> > > > cups-base <1.3.3_1
> > > >
> > > > but yet 1.3.3_2 still is rejected.
> > >
> > > One or the other has either a stale portaudit database or ports tree.
> > >
> > > Kris
> >
> > what is the method for updating the portaudit database?  both have had
> > their ports trees updated today, the 7.0 box multiple times.
> >
> > thanks,
> > --
> > Jonathan Horne
> > http://dfwlpiki.dfwlp.org
> > freebsd at dfwlp.com
>
> I ran into a similar issue with cups - what does 'portaudit -aF' give
> on each machine?
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

interesting, portaudit seems to be part of the 7.0 base system now.  on my 
BETA2 box:

[root at athena /usr/ports]# portaudit -aF
auditfile.tbz                                 100% of   45 kB  100 kBps
New database installed.
Affected package: cups-base-1.3.3
Type of problem: xpdf -- multiple remote Stream.CC vulnerabilities.
Reference: 
<http://www.FreeBSD.org/ports/portaudit/2747fc39-915b-11dc-9239-001c2514716c.html>

Affected package: cups-base-1.3.3
Type of problem: cups -- off-by-one buffer overflow.
Reference: 
<http://www.FreeBSD.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c2514716c.html>

2 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

portaudit is not installed on my 6.2 server, so i have no data to print for 
that one.

thanks,
-- 
Jonathan Horne
http://dfwlpiki.dfwlp.org
freebsd at dfwlp.com

More information about the freebsd-questions mailing list