diff -Nru cups-2.4.1op1/debian/changelog cups-2.4.1op1/debian/changelog --- cups-2.4.1op1/debian/changelog 2023-06-13 12:17:22.000000000 +0000 +++ cups-2.4.1op1/debian/changelog 2023-09-15 11:19:58.000000000 +0000 @@ -1,3 +1,34 @@ +cups (2.4.1op1-1ubuntu4.7) jammy-security; urgency=medium + + * SECURITY UPDATE: Postscript parsing heap overflow + - debian/patches/CVE-2023-4504.patch: properly check for end of buffer + in cups/raster-interpret.c. + - CVE-2023-4504 + + -- Marc Deslauriers Fri, 15 Sep 2023 07:19:58 -0400 + +cups (2.4.1op1-1ubuntu4.6) jammy-security; urgency=medium + + * SECURITY UPDATE: recently printed documents authentication issue + - debian/patches/CVE-2023-32360.patch: require authentication for + CUPS-Get-Document in conf/cupsd.conf.in. + - CVE-2023-32360 + + -- Marc Deslauriers Mon, 11 Sep 2023 12:29:43 -0400 + +cups (2.4.1op1-1ubuntu4.5) jammy; urgency=medium + + * Fixes to assure color printing on color printers by default or on request + (LP: #1971242) + - check-colormodel-also-for-cmyk.patch: Take into account that on some + printers the ColorModel option's choice for color printing is CMYK and + not RGB. + - dont-override-color-settings-from-print-dialog.patch: Prioritize + the ColorModel PPD file option over the print-color-mode IPP + attribute. + + -- Till Kamppeter Sat, 24 Jun 2023 17:20:00 +0200 + cups (2.4.1op1-1ubuntu4.4) jammy-security; urgency=medium * SECURITY UPDATE: use-after-free in cupsdAcceptClient() diff -Nru cups-2.4.1op1/debian/patches/check-colormodel-also-for-cmyk.patch cups-2.4.1op1/debian/patches/check-colormodel-also-for-cmyk.patch --- cups-2.4.1op1/debian/patches/check-colormodel-also-for-cmyk.patch 1970-01-01 00:00:00.000000000 +0000 +++ cups-2.4.1op1/debian/patches/check-colormodel-also-for-cmyk.patch 2023-06-24 15:20:00.000000000 +0000 @@ -0,0 +1,11 @@ +--- a/scheduler/printers.c ++++ b/scheduler/printers.c +@@ -4501,7 +4501,7 @@ + ppd_option_t *color_model = ppdFindOption(ppd, "ColorModel"); + // ColorModel PPD option + +- if (color_model && strcmp(color_model->defchoice, "RGB")) ++ if (color_model && strcmp(color_model->defchoice, "RGB") && strcmp(color_model->defchoice, "CMYK")) + p->num_options = cupsAddOption("print-color-mode", "monochrome", p->num_options, &p->options); + } + } diff -Nru cups-2.4.1op1/debian/patches/CVE-2023-32360.patch cups-2.4.1op1/debian/patches/CVE-2023-32360.patch --- cups-2.4.1op1/debian/patches/CVE-2023-32360.patch 1970-01-01 00:00:00.000000000 +0000 +++ cups-2.4.1op1/debian/patches/CVE-2023-32360.patch 2023-09-11 16:29:38.000000000 +0000 @@ -0,0 +1,28 @@ +From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001 +From: Michael R Sweet +Date: Tue, 6 Dec 2022 09:04:01 -0500 +Subject: [PATCH] Require authentication for CUPS-Get-Document. + +--- + conf/cupsd.conf.in | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in +index b258849078..a07536f3e4 100644 +--- a/conf/cupsd.conf.in ++++ b/conf/cupsd.conf.in +@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@ + Order deny,allow + + +- ++ ++ Require user @OWNER @SYSTEM ++ Order deny,allow ++ ++ ++ ++ AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + diff -Nru cups-2.4.1op1/debian/patches/CVE-2023-4504.patch cups-2.4.1op1/debian/patches/CVE-2023-4504.patch --- cups-2.4.1op1/debian/patches/CVE-2023-4504.patch 1970-01-01 00:00:00.000000000 +0000 +++ cups-2.4.1op1/debian/patches/CVE-2023-4504.patch 2023-09-15 11:19:51.000000000 +0000 @@ -0,0 +1,36 @@ +From a9a7daa77699bd58001c25df8a61a8029a217ddf Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Fri, 1 Sep 2023 16:47:29 +0200 +Subject: [PATCH] raster-interpret.c: Fix CVE-2023-4504 + +We didn't check for end of buffer if it looks there is an escaped +character - check for NULL terminator there and if found, return NULL +as return value and in `ptr`, because a lone backslash is not +a valid PostScript character. +--- + cups/raster-interpret.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/cups/raster-interpret.c ++++ b/cups/raster-interpret.c +@@ -1113,7 +1113,19 @@ scan_ps(_cups_ps_stack_t *st, /* I - S + + cur ++; + +- if (*cur == 'b') ++ /* ++ * Return NULL if we reached NULL terminator, a lone backslash ++ * is not a valid character in PostScript. ++ */ ++ ++ if (!*cur) ++ { ++ *ptr = NULL; ++ ++ return (NULL); ++ } ++ ++ if (*cur == 'b') + *valptr++ = '\b'; + else if (*cur == 'f') + *valptr++ = '\f'; diff -Nru cups-2.4.1op1/debian/patches/dont-override-color-settings-from-print-dialog.patch cups-2.4.1op1/debian/patches/dont-override-color-settings-from-print-dialog.patch --- cups-2.4.1op1/debian/patches/dont-override-color-settings-from-print-dialog.patch 1970-01-01 00:00:00.000000000 +0000 +++ cups-2.4.1op1/debian/patches/dont-override-color-settings-from-print-dialog.patch 2023-06-24 15:18:08.000000000 +0000 @@ -0,0 +1,65 @@ +--- a/cups/ppd-cache.c ++++ b/cups/ppd-cache.c +@@ -259,15 +259,46 @@ + + color_attr_name = print_color_mode_sup ? "print-color-mode" : "output-mode"; + +- if ((keyword = cupsGetOption("print-color-mode", num_options, options)) == NULL) ++ /* ++ * If we use PPD with standardized PPD option for color support - ColorModel, ++ * prefer it to don't break color/grayscale support for PPDs, either classic ++ * or the ones generated from IPP Get-Printer-Attributes response. ++ */ ++ ++ if ((keyword = cupsGetOption("ColorModel", num_options, options)) == NULL) + { ++ /* ++ * No ColorModel in options... ++ */ ++ + if ((choice = ppdFindMarkedChoice(ppd, "ColorModel")) != NULL) + { +- if (!_cups_strcasecmp(choice->choice, "Gray")) +- keyword = "monochrome"; ++ /* ++ * ColorModel is taken from PPD as its default option. ++ */ ++ ++ if (!strcmp(choice->choice, "Gray") || !strcmp(choice->choice, "FastGray") || !strcmp(choice->choice, "DeviceGray")) ++ keyword = "monochrome"; + else +- keyword = "color"; ++ keyword = "color"; + } ++ else ++ /* ++ * print-color-mode is a default option since 2.4.1, use it as a fallback if there is no ++ * ColorModel in options or PPD... ++ */ ++ keyword = cupsGetOption("print-color-mode", num_options, options); ++ } ++ else ++ { ++ /* ++ * ColorModel found in options... ++ */ ++ ++ if (!strcmp(keyword, "Gray") || !strcmp(keyword, "FastGray") || !strcmp(keyword, "DeviceGray")) ++ keyword = "monochrome"; ++ else ++ keyword = "color"; + } + + if (keyword && !strcmp(keyword, "monochrome")) +--- a/scheduler/ipp.c ++++ b/scheduler/ipp.c +@@ -2937,6 +2937,9 @@ + if (!strcmp(option->name, "print-quality") && ippFindAttribute(job->attrs, "cupsPrintQuality", IPP_TAG_NAME)) + continue; /* Don't override cupsPrintQuality */ + ++ if (!strcmp(option->name, "print-color-mode") && ippFindAttribute(job->attrs, "ColorModel", IPP_TAG_NAME)) ++ continue; /* Don't override ColorModel */ ++ + cupsdLogJob(job, CUPSD_LOG_DEBUG, "Adding default %s=%s", option->name, option->value); + + num_options = cupsAddOption(option->name, option->value, num_options, &options); diff -Nru cups-2.4.1op1/debian/patches/series cups-2.4.1op1/debian/patches/series --- cups-2.4.1op1/debian/patches/series 2023-06-13 12:17:17.000000000 +0000 +++ cups-2.4.1op1/debian/patches/series 2023-09-15 11:19:51.000000000 +0000 @@ -16,3 +16,7 @@ CVE-2022-26691-2.patch CVE-2023-32324.patch CVE-2023-34241.patch +check-colormodel-also-for-cmyk.patch +dont-override-color-settings-from-print-dialog.patch +CVE-2023-32360.patch +CVE-2023-4504.patch