A recent Gentoo Linux Security Announcement stated that cups-1.1.17_pre20021025 and older are vulnerable to a remote root exploit. (The advisory can be found at http://forums.gentoo.org/viewtopic.php?t=27949) The security level was labeled "critical" in the Gentoo Weekly Newsletter (which makes sense since it's a root exploit.) That is why I have placed this bug at such a high priority. As stated in the summary, I am unable to build cups-1.1.18. If it helps any, I am using sys-devel/binutils-2.13.90.0.16 and sys-devel/gcc-3.2.1-r6. The output I get from portage is reproduced entirely below. If there is any way I can help resolve this bug, please let me know. :-) >>> md5 ;-) cups-1.1.18-source.tar.bz2 pam ssl configure: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used. checking for gawk... gawk checking for i586-pc-linux-gnu-gcc... i586-pc-linux-gnu-gcc checking for C compiler default output... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether i586-pc-linux-gnu-gcc accepts -g... yes checking for i586-pc-linux-gnu-gcc option to accept ANSI C... none needed checking for i586-pc-linux-gnu-g++... g++ checking whether we are using the GNU C++ compiler... yes checking whether g++ accepts -g... yes checking how to run the C preprocessor... i586-pc-linux-gnu-gcc -E checking for a BSD-compatible install... /bin/install -c checking for i586-pc-linux-gnu-ranlib... no checking for ranlib... ranlib checking for ar... /usr/bin/ar checking for htmldoc... no checking for mv... /bin/mv checking for nroff... /usr/bin/nroff checking for rm... /bin/rm checking for sed... /bin/sed checking for strip... /usr/bin/strip checking whether byte ordering is bigendian... no checking for library containing crypt... -lcrypt checking for library containing getspent... none required checking for egrep... grep -E checking for ANSI C header files... yes checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking crypt.h usability... yes checking crypt.h presence... yes checking for crypt.h... yes checking malloc.h usability... yes checking malloc.h presence... yes checking for malloc.h... yes checking shadow.h usability... yes checking shadow.h presence... yes checking for shadow.h... yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking bstring.h usability... no checking bstring.h presence... no checking for bstring.h... no checking usersec.h usability... no checking usersec.h presence... no checking for usersec.h... no checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking for strdup... yes checking for strcasecmp... yes checking for strncasecmp... yes checking for strlcat... no checking for strlcpy... no checking for snprintf... yes checking for vsnprintf... yes checking for correct format string to use with strftime... "%c" checking for mkstemp... yes checking for mkstemps... no checking for vsyslog... yes checking for sigaction... yes checking for waitpid... yes checking for wait3... yes checking for tm_gmtoff member in tm structure... yes checking if libsupc++ is required... yes checking jpeglib.h usability... yes checking jpeglib.h presence... yes checking for jpeglib.h... yes checking for jpeg_destroy_decompress in -ljpeg... yes checking zlib.h usability... yes checking zlib.h presence... yes checking for zlib.h... yes checking for gzgets in -lz... yes checking for pow in -lm... yes checking png.h usability... yes checking png.h presence... yes checking for png.h... yes checking for png_set_tRNS_to_alpha in -lpng... yes checking tiff.h usability... yes checking tiff.h presence... yes checking for tiff.h... yes checking for TIFFReadScanline in -ltiff... yes checking for stdlib.h... (cached) yes checking for socket in -lsocket... no checking for gethostbyaddr in -lnsl... yes checking for rresvport... yes checking for getifaddrs... yes checking for struct sockaddr.sa_len... no checking sys/sockio.h usability... no checking sys/sockio.h presence... no checking for sys/sockio.h... no checking openssl/ssl.h usability... yes checking openssl/ssl.h presence... yes checking for openssl/ssl.h... yes checking for SSL_new in -lssl... yes checking for dlopen in -ldl... yes checking for pam_start in -lpam... yes checking pam/pam_appl.h usability... no checking pam/pam_appl.h presence... no checking for pam/pam_appl.h... no configure: creating ./config.status config.status: creating Makedefs config.status: creating cups.list config.status: creating cups.sh config.status: creating cups-config config.status: creating conf/cupsd.conf config.status: creating conf/pam.conf config.status: creating config.h config.status: config.h is unchanged Making all in cups... Linking libcups.so.2... Making all in backend... Linking betest... Linking ipp... Linking lpd... Linking parallel... Linking scsi... Linking serial... Linking socket... Linking usb... Making all in berkeley... Linking lpc... Linking lpq... Linking lpr... Linking lprm... Making all in cgi-bin... Linking admin.cgi... Linking classes.cgi... Linking jobs.cgi... Linking printers.cgi... Making all in filter... Linking hpgltops... Linking texttops... Linking pstops... Compiling image-tiff.c... {standard input}: Assembler messages: {standard input}:2876: Error: value of ffffffffffffff7b too large for field of 1 bytes at 0000000000002367 {standard input}:3322: Error: value of ffffffffffffff7b too large for field of 1 bytes at 000000000000290f make[1]: *** [image-tiff.o] Error 1 make: *** [all] Error 1 !!! ERROR: net-print/cups-1.1.18 failed. !!! Function src_compile, Line 47, Exitcode 2 !!! compile problem
i'll check when i come home at fri night (MET)
can u post the output of 'emerge info' and what version of media-libs/tiff u got? and which glibc, gcc
Here's the output of 'emerge info': Portage 2.0.45-r5 (default-x86-1.4, gcc-sh: /usr/bin/gcc: No such file or directory, glibc-2.2.5-r4,2.2.5-r6,2.3.1-r2) ================================================================= System uname: 2.4.19-crypto-r7 i586 AuthenticAMD USE="x86 oss 3dnow apm avi crypt cups encode gif jpeg libg++ mikmod mmx mpeg ncurses nls pdflib png qtmt quicktime spell truetype xml2 xmms xv zlib directfb gdbm berkdb slang readline arts tetex bonobo svga java X sdl gpm tcpd pam libwww ssl python esd imlib oggvorbis gnome qt kde motif opengl cdr scanner xfs dga evo gb ggz gtkhtml guile mozilla perl socks5 tcltk tiff gtk2 gtk" ARCH="x86" COMPILER="gcc3" CHOST="i586-pc-linux-gnu" CFLAGS="-mcpu=k6-2 -O3 -fomit-frame-pointer -pipe" CXXFLAGS="-mcpu=k6-2 -O3 -fomit-frame-pointer -pipe" ACCEPT_KEYWORDS="x86 ~x86" CONFIG_PROTECT="/etc /var/qmail/control /usr/kde/2/share/config /usr/kde/3/share/config /usr/X11R6/lib/X11/xkb /usr/kde/3.1/share/config /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" MAKEOPTS="-j2" JDK_HOME="/opt/blackdown-jdk-1.4.1_beta" JAVA_HOME="/opt/blackdown-jdk-1.4.1_beta" AUTOCLEAN="no" SYNC="rsync://rsync.gentoo.org/gentoo-portage" GENTOO_MIRRORS="http://www.ibiblio.org/pub/Linux/distributions/gentoo" Also, I am using media-libs/tiff-3.5.7-r1, sys-devel/gcc-3.2.1-r6 (I also have gcc-3.1-r7 and gcc-2.95.3-r5 still installed do to binary compatability), and sys-libs/glibc-2.3.1-r2 (and glibc-2.2.5-r4 still installed for compatability). Hope this helps. Tell me if there is anything else I can do to help. :)
sorry got nothing so far will have to talk to some ppl regarding this cuz i got no clue how to fix this atm .. will have to check if it's a compiler issue ..
Solved it. :) It was compiler options. Remove -fomit-frame-pointer from the compiler options, and cups compiles. :) I think you might want to add something to the ebuild so that -fomit-frame-pointer gets masked.
cool thanks i'll check this ;)
is in 1.1.18-r1 please test ;)
It works like a dream! :) No problems! (BTW, I encountered the same problem with -fomit-frame-pointer when I was compiling media-libs/libpng-1.2.5-r2. [Ironically enough, that was also a critical security update!] Anyway, you might want to contact the person who maintains that package, so he can add code to filter out -fomit-frame-pointer in the ebuild.)
please add a comment to the libpng bug-report or open a new one (i got no clue who did this and i don't want to mess with it in that case ;)
db fix