diff --git a/hplip-3.15.6.CVE-2015-0839.patch b/hplip-3.15.6.CVE-2015-0839.patch deleted file mode 100644 index 537969e..0000000 --- a/hplip-3.15.6.CVE-2015-0839.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Andreas Stieger -Date: Fri, 19 Jun 2015 13:26:52 +0200 -Subject: [PATCH] use 0xlong key ID -Upstream: via package maintainer -References: https://bugzilla.suse.com/show_bug.cgi?id=933191 CVE-2015-0839 - -Use 0xlong key ID, short of shipping the key or full fingerprint. - -Index: hplip-3.15.6/base/validation.py -=================================================================== ---- hplip-3.15.6.orig/base/validation.py -+++ hplip-3.15.6/base/validation.py -@@ -42,7 +42,7 @@ class DigiSign_Verification(object): - - - class GPG_Verification(DigiSign_Verification): -- def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9): -+ def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9): - self.__pgp_site = pgp_site - self.__key = key - self.__gpg = utils.which('gpg',True) diff --git a/hplip-3.15.6.tar.gz b/hplip-3.15.6.tar.gz deleted file mode 100644 index fcb7cdd..0000000 --- a/hplip-3.15.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30c513ee65aa5b342d8074ff89439c0827c35191683727335738d8bc0f9776c9 -size 21956752 diff --git a/hplip-3.15.6.tar.gz.asc b/hplip-3.15.6.tar.gz.asc deleted file mode 100644 index ba5828b..0000000 --- a/hplip-3.15.6.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAlV0nCUACgkQc9dwzaWQR7l9EQCgokW2aC+oyEJx2IbcQ0MHzZFB -HZYAn2A+7AtDc6KuGCoe5THtlaVb2oUY -=OTvD ------END PGP SIGNATURE----- diff --git a/hplip-3.15.9.tar.gz b/hplip-3.15.9.tar.gz new file mode 100644 index 0000000..06c8477 --- /dev/null +++ b/hplip-3.15.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a1f58fe8707373c193728a7fd826523e99c30e3ca7f660faa75531acdff89d6d +size 22027325 diff --git a/hplip-3.15.9.tar.gz.asc b/hplip-3.15.9.tar.gz.asc new file mode 100644 index 0000000..38624ea --- /dev/null +++ b/hplip-3.15.9.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAlX2z8EACgkQc9dwzaWQR7mrjQCg1MPmG47ae3zvUk/N9ttQNAsq +ZH4AoOa9lePyg+gH5dvMf//5Pv9IDRRN +=7lGg +-----END PGP SIGNATURE----- diff --git a/hplip.changes b/hplip.changes index 15e620c..997b3bd 100644 --- a/hplip.changes +++ b/hplip.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Tue Oct 6 14:20:10 CEST 2015 - jsmeix@suse.de + +- Version upgrade to 3.15.9: + Added Support for the Following New Printers: + HP DeskJet Ink Advantage 2136 All-in_One Printer + HP DeskJet Ink Advantage 3836 All-in_One + HP Deskjet 2545 All-in-One Printer + HP ENVY 4510 All-in-One Printer series + HP ENVY 4512 All-in-One Printer + HP ENVY 4516 All-in-One Printer + HP ENVY 4520 All-in-One Printer series + HP ENVY 4520 All-in-One Printer + HP ENVY 4522 All-in-One Printer + HP Envy 5540 All-in-One Printer series + HP Envy 5540 All-in-One Printer + HP Envy 5545 All-in-One Printer + HP OfficeJet 4650 All-in-One Printer series + HP OfficeJet 4650 All-in-One Printer + HP OfficeJet 4652 All-in-One Printer + HP OfficeJet 4655 All-in-One Printer + HP OfficeJet 6820 e-All-in-One Printer + Some bug fixes - in particular: + Fixed hplip plugin failure with hplip-3.15.7. + For details see + http://hplipopensource.com/hplip-web/release_notes.html +- Version upgrade to 3.15.7: + Added Support for the Following New Printers: + HP Deskjet 1110 Printer + HP Deskjet 1111 Printer + HP Deskjet 1112 Printer + HP DeskJet 2131 All-in-One Printer + HP Deskjet Ink Advantage 1110 Printer + HP Deskjet Ink Advantage 1115 Printer + HP Deskjet Ink Advantage 1118 Printer + HP DeskJet Ink Advantage 2130 All-in_One Printer + HP DeskJet Ink Advantage 2135 All-in_One Printer + HP DeskJet Ink Advantage 2138 All-in_One Printer + HP DeskJet Ink Advantage 3630 All-in-One Printer + HP DeskJet Ink Advantage 3635 All-in-One Printer + HP DeskJet Ink Advantage 3636 All-in-One Printer + HP DeskJet Ink Advantage 3638 All-in-One Printer + HP DeskJet Ink Advantage 3830 All-in-One Printer + HP DeskJet Ink Advantage 3835 All-in-One Printer + HP OfficeJet 3830 All-in-One Printer + HP OfficeJet 3832 All-in-One Printer + HP OfficeJet 3834 All-in-One Printer + HP Officejet 7510 Wide Format e-All-in-One Printer + Some bug fixes - in particular: + Fixed insecure binary driver verification (CVE-2015-0839). + For details see + http://hplipopensource.com/hplip-web/release_notes.html +- hplip-3.15.6.CVE-2015-0839.patch is obsolete since + version 3.15.7 because it is fixed in the source. + ------------------------------------------------------------------- Wed Jun 24 11:48:49 CEST 2015 - jsmeix@suse.de diff --git a/hplip.spec b/hplip.spec index 40b2c70..f463356 100644 --- a/hplip.spec +++ b/hplip.spec @@ -17,64 +17,34 @@ Name: hplip -Version: 3.15.6 +Version: 3.15.9 Release: 0 Summary: HP's Printing, Scanning, and Faxing Software License: BSD-3-Clause and GPL-2.0+ and MIT Group: Hardware/Printing Url: http://hplipopensource.com # Source0...Source9 is for sources from HP: -# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz -# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz.asc +# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz +# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz.asc # How to verify Source0 see: http://hplipopensource.com/node/327 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9 -# /usr/bin/gpg --verify hplip-3.15.6.tar.gz.asc hplip-3.15.6.tar.gz +# /usr/bin/gpg --verify hplip-3.15.9.tar.gz.asc hplip-3.15.9.tar.gz # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) " Source0: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz Source1: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc Source2: hplip.keyring # Patch0...Patch9 is for patches from HP: # Patch10...Patch99 is for Suse patches for the sources from HP: -# Patch10 fix-uninitialized-variables.diff is obsolete since version 3.13.9 because it is fixed in the source. -# Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source. -# Patch12 hplip-3.9.8-CVE-2010-4267.patch fixeed a remote buffer overflow in hpmud/pml.c which -# is no longer needed because it is fixed in the upstream sources in HPLIP version 3.13.7 # Source100... is for special SUSE sources: -# Source100 is obsolete as upstream provides .desktop files now -# It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip': -# Source100: hplip.desktop -# Source101 hp-toolbox.wrapper was a wrapper for hp-toolbox which is no longer needed -# see https://bugzilla.novell.com/show_bug.cgi?id=755820 # Source102 is a small man page for /usr/bin/hpijs: Source102: hpijs.1.gz -# Source103 was the init script for hpssd which is obsolete since version 2.8.4. -# Source104 was a script which outputs a global HAL fdi file which is obsolete -# since openSUSE 11.2 where HAL is no longer used to manage ACLs, -# see https://bugzilla.novell.com/show_bug.cgi?id=542473#c13 -# Source105 hplip.SuSEfirewall2 provides support -# to open UDP ports 5353(mdns) and 427(svrloc) for mDNS support -# according to the init-suse-firewall in the tar ball -# (compare also Novell/Suse Bugzilla bnc#498429) -# hplip.SuSEfirewall2 is no longer provided -# see https://bugzilla.novell.com/show_bug.cgi?id=757354#c10 -# Source106 hp-systray.wrapper was a wrapper for hp-systray which is no longer needed -# see https://bugzilla.novell.com/show_bug.cgi?id=649280 # Patch100... is for special Suse patches: # Patch101 change-udev-rules.diff changes the udev rules file 56-hpmud.rules Patch101: change-udev-rules.diff -# Patch102 was disable-chgrp_lp.diff that deactivated the "chgrp lp" in Makefile.am -# because during build this results "Operation not permitted" which -# is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10. -# Patch103 was no-hplip_cron.diff that deactivated the "cron" stuff in Makefile.am which -# is no longer needed because there is no longer any "cron" stuff in HPLIP version 3.13.6 # Patch104 do_not_open_mdns_port.diff deactivates the open_mdns_port functionality # in distros.dat for SUSE distros to avoid security issues when ports in the firewall # get opened. see https://bugs.launchpad.net/bugs/426161 Patch104: do_not_open_mdns_port.diff -# Patch105 was deactivate-add_group-function.diff that deactivated -# the add_group function that would add the groups ('lp') to user which -# would cause security issues see https://bugs.launchpad.net/bugs/1197416 -# which is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10. # Patch106 disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons, # see https://bugzilla.novell.com/show_bug.cgi?id=853405 # To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used. @@ -84,9 +54,6 @@ Patch107: hplip-udev-rules-in-usr.patch # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 Patch108: add_missing_includes_and_define_GNU_SOURCE.patch -# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID) -# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516): -Patch109: hplip-3.15.6.CVE-2015-0839.patch # HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version: # It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc) # that are defined only in libcups.so version > 1.5. For backward compatibility @@ -403,9 +370,6 @@ This sub-package is only required by developers. # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 %patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig -# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID) -# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516): -%patch109 -p1 -b .CVE-2015-0839.orig %build # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake)