Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 847625 (CVE-2022-26691) - <net-print/cups-2.4.2: Bad certificate verification for local authorisation
Summary: <net-print/cups-2.4.2: Bad certificate verification for local authorisation
Status: IN_PROGRESS
Alias: CVE-2022-26691
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/OpenPrinting/cups/...
Whiteboard: B3 [stable]
Keywords:
Depends on: 858155
Blocks:
  Show dependency tree
 
Reported: 2022-05-27 05:47 UTC by Attila Tóth
Modified: 2022-07-15 08:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Attila Tóth 2022-05-27 05:47:04 UTC
As per summary, the new net-print/cups-2.4.2 fixes CVE-2022-26691.
It also re-introduce openssl/libressl support.
Comment 2 Larry the Git Cow gentoo-dev 2022-05-28 04:26:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66e451177a6d28cfa24a3fdcdeaac7e8196c19fc

commit 66e451177a6d28cfa24a3fdcdeaac7e8196c19fc
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-28 04:25:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-28 04:25:44 +0000

    net-print/cups: add 2.4.2
    
    While at it, cleanup a bunch of obsolete seds and such. Checked upstream
    changes to ensure they really are obsolete.
    
    Bug: https://bugs.gentoo.org/847625
    Signed-off-by: Sam James <sam@gentoo.org>

 net-print/cups/Manifest                            |   1 +
 net-print/cups/cups-2.4.2.ebuild                   | 302 +++++++++++++++++++++
 net-print/cups/cups-9999.ebuild                    |  57 ++--
 .../files/cups-2.4.2-no-fortify-override.patch     |  18 ++
 4 files changed, 346 insertions(+), 32 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-05-28 04:57:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02e55008b4808689eb038d5797c1bddb890a9efb

commit 02e55008b4808689eb038d5797c1bddb890a9efb
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-28 04:54:59 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-28 04:56:18 +0000

    net-print/cups: add openssl support
    
    Bug: https://bugs.gentoo.org/847625
    Signed-off-by: Sam James <sam@gentoo.org>

 .../{cups-2.4.2.ebuild => cups-2.4.2-r1.ebuild}    | 28 +++++++++++++++-------
 net-print/cups/cups-9999.ebuild                    | 28 +++++++++++++++-------
 net-print/cups/metadata.xml                        | 19 ++++++++-------
 3 files changed, 51 insertions(+), 24 deletions(-)