Accepting request 336743 from home:jsmeix:branches:Printing

HPLIP version upgrade to 3.15.9

OBS-URL: https://build.opensuse.org/request/show/336743
OBS-URL: https://build.opensuse.org/package/show/Printing/hplip?expand=0&rev=119

hplip-3.15.6.CVE-2015-0839.patch

@@ -1,21 +0,0 @@
-From: Andreas Stieger <astieger@suse.com>
-Date: Fri, 19 Jun 2015 13:26:52 +0200
-Subject: [PATCH] use 0xlong key ID
-Upstream: via package maintainer
-References: https://bugzilla.suse.com/show_bug.cgi?id=933191 CVE-2015-0839
-
-Use 0xlong key ID, short of shipping the key or full fingerprint.
-
-Index: hplip-3.15.6/base/validation.py
-===================================================================
---- hplip-3.15.6.orig/base/validation.py
-+++ hplip-3.15.6/base/validation.py
-@@ -42,7 +42,7 @@ class DigiSign_Verification(object):
- 
- 
- class GPG_Verification(DigiSign_Verification):
--    def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9):
-+    def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9):
-         self.__pgp_site = pgp_site
-         self.__key = key
-         self.__gpg = utils.which('gpg',True)

hplip-3.15.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:30c513ee65aa5b342d8074ff89439c0827c35191683727335738d8bc0f9776c9
-size 21956752

hplip-3.15.6.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAlV0nCUACgkQc9dwzaWQR7l9EQCgokW2aC+oyEJx2IbcQ0MHzZFB
-HZYAn2A+7AtDc6KuGCoe5THtlaVb2oUY
-=OTvD
------END PGP SIGNATURE-----

hplip-3.15.9.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1f58fe8707373c193728a7fd826523e99c30e3ca7f660faa75531acdff89d6d
+size 22027325

hplip-3.15.9.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAlX2z8EACgkQc9dwzaWQR7mrjQCg1MPmG47ae3zvUk/N9ttQNAsq
+ZH4AoOa9lePyg+gH5dvMf//5Pv9IDRRN
+=7lGg
+-----END PGP SIGNATURE-----

hplip.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Tue Oct  6 14:20:10 CEST 2015 - jsmeix@suse.de
+
+- Version upgrade to 3.15.9:
+  Added Support for the Following New Printers:
+    HP DeskJet Ink Advantage 2136 All-in_One Printer
+    HP DeskJet Ink Advantage 3836 All-in_One
+    HP Deskjet 2545 All-in-One Printer
+    HP ENVY 4510 All-in-One Printer series
+    HP ENVY 4512 All-in-One Printer
+    HP ENVY 4516 All-in-One Printer
+    HP ENVY 4520 All-in-One Printer series
+    HP ENVY 4520 All-in-One Printer
+    HP ENVY 4522 All-in-One Printer
+    HP Envy 5540 All-in-One Printer series
+    HP Envy 5540 All-in-One Printer
+    HP Envy 5545 All-in-One Printer
+    HP OfficeJet 4650 All-in-One Printer series
+    HP OfficeJet 4650 All-in-One Printer
+    HP OfficeJet 4652 All-in-One Printer
+    HP OfficeJet 4655 All-in-One Printer
+    HP OfficeJet 6820 e-All-in-One  Printer
+  Some bug fixes - in particular:
+   Fixed hplip plugin failure with hplip-3.15.7.
+  For details see
+  http://hplipopensource.com/hplip-web/release_notes.html
+- Version upgrade to 3.15.7:
+  Added Support for the Following New Printers:
+    HP Deskjet 1110 Printer
+    HP Deskjet 1111 Printer
+    HP Deskjet 1112 Printer
+    HP DeskJet 2131 All-in-One Printer
+    HP Deskjet Ink Advantage 1110 Printer
+    HP Deskjet Ink Advantage 1115 Printer
+    HP Deskjet Ink Advantage 1118 Printer
+    HP DeskJet Ink Advantage 2130 All-in_One Printer
+    HP DeskJet Ink Advantage 2135 All-in_One Printer
+    HP DeskJet Ink Advantage 2138 All-in_One Printer
+    HP DeskJet Ink Advantage 3630 All-in-One Printer
+    HP DeskJet Ink Advantage 3635 All-in-One Printer
+    HP DeskJet Ink Advantage 3636 All-in-One Printer
+    HP DeskJet Ink Advantage 3638 All-in-One Printer
+    HP DeskJet Ink Advantage 3830 All-in-One Printer
+    HP DeskJet Ink Advantage 3835 All-in-One Printer
+    HP OfficeJet 3830 All-in-One Printer
+    HP OfficeJet 3832 All-in-One Printer
+    HP OfficeJet 3834 All-in-One Printer
+    HP Officejet 7510 Wide Format e-All-in-One Printer
+  Some bug fixes - in particular:
+    Fixed insecure binary driver verification (CVE-2015-0839).
+  For details see
+  http://hplipopensource.com/hplip-web/release_notes.html
+- hplip-3.15.6.CVE-2015-0839.patch is obsolete since
+  version 3.15.7 because it is fixed in the source.
+
 -------------------------------------------------------------------
 Wed Jun 24 11:48:49 CEST 2015 - jsmeix@suse.de
 

hplip.spec

@@ -17,64 +17,34 @@
 
 
 Name:           hplip
-Version:        3.15.6
+Version:        3.15.9
 Release:        0
 Summary:        HP's Printing, Scanning, and Faxing Software
 License:        BSD-3-Clause and GPL-2.0+ and MIT
 Group:          Hardware/Printing
 Url:            http://hplipopensource.com
 # Source0...Source9 is for sources from HP:
-# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz
+# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz
-# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz.asc
+# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz.asc
 # How to verify Source0 see: http://hplipopensource.com/node/327
 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9
-#              /usr/bin/gpg --verify hplip-3.15.6.tar.gz.asc hplip-3.15.6.tar.gz
+#              /usr/bin/gpg --verify hplip-3.15.9.tar.gz.asc hplip-3.15.9.tar.gz
 # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>"
 Source0:        http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz
 Source1:        http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc
 Source2:        hplip.keyring
 # Patch0...Patch9 is for patches from HP:
 # Patch10...Patch99 is for Suse patches for the sources from HP:
-# Patch10 fix-uninitialized-variables.diff is obsolete since version 3.13.9 because it is fixed in the source.
-# Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source.
-# Patch12 hplip-3.9.8-CVE-2010-4267.patch fixeed a remote buffer overflow in hpmud/pml.c which
-# is no longer needed because it is fixed in the upstream sources in HPLIP version 3.13.7
 # Source100... is for special SUSE sources:
-# Source100 is obsolete as upstream provides .desktop files now
-# It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip':
-# Source100:      hplip.desktop
-# Source101 hp-toolbox.wrapper was a wrapper for hp-toolbox which is no longer needed
-# see https://bugzilla.novell.com/show_bug.cgi?id=755820
 # Source102 is a small man page for /usr/bin/hpijs:
 Source102:      hpijs.1.gz
-# Source103 was the init script for hpssd which is obsolete since version 2.8.4.
-# Source104 was a script which outputs a global HAL fdi file which is obsolete
-# since openSUSE 11.2 where HAL is no longer used to manage ACLs,
-# see https://bugzilla.novell.com/show_bug.cgi?id=542473#c13
-# Source105 hplip.SuSEfirewall2 provides support
-# to open UDP ports 5353(mdns) and 427(svrloc) for mDNS support
-# according to the init-suse-firewall in the tar ball
-# (compare also Novell/Suse Bugzilla bnc#498429)
-# hplip.SuSEfirewall2 is no longer provided
-# see https://bugzilla.novell.com/show_bug.cgi?id=757354#c10
-# Source106 hp-systray.wrapper was a wrapper for hp-systray which is no longer needed
-# see https://bugzilla.novell.com/show_bug.cgi?id=649280
 # Patch100... is for special Suse patches:
 # Patch101 change-udev-rules.diff changes the udev rules file 56-hpmud.rules
 Patch101:       change-udev-rules.diff
-# Patch102 was disable-chgrp_lp.diff that deactivated the "chgrp lp" in Makefile.am
-# because during build this results "Operation not permitted" which
-# is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
-# Patch103 was no-hplip_cron.diff that deactivated the "cron" stuff in Makefile.am which
-# is no longer needed because there is no longer any "cron" stuff in HPLIP version 3.13.6
 # Patch104 do_not_open_mdns_port.diff deactivates the open_mdns_port functionality
 # in distros.dat for SUSE distros to avoid security issues when ports in the firewall
 # get opened. see https://bugs.launchpad.net/bugs/426161
 Patch104:       do_not_open_mdns_port.diff
-# Patch105 was deactivate-add_group-function.diff that deactivated
-# the add_group function that would add the groups ('lp') to user which
-# would cause security issues see https://bugs.launchpad.net/bugs/1197416
-# which is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
 # Patch106 disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons,
 # see https://bugzilla.novell.com/show_bug.cgi?id=853405
 # To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used.
@@ -84,9 +54,6 @@ Patch107:       hplip-udev-rules-in-usr.patch
 # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>'
 # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590
 Patch108:       add_missing_includes_and_define_GNU_SOURCE.patch
-# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID)
-# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516):
-Patch109:       hplip-3.15.6.CVE-2015-0839.patch
 # HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version:
 # It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc)
 # that are defined only in libcups.so version > 1.5. For backward compatibility
@@ -403,9 +370,6 @@ This sub-package is only required by developers.
 # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>'
 # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590
 %patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig
-# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID)
-# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516):
-%patch109 -p1 -b .CVE-2015-0839.orig
 
 %build
 # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake)