pool/hplip
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 313567 from home:jsmeix:branches:Printing

Browse Source 
HPLIP version upgrade to 3.15.6 plus band-aid fix for CVE-2015-0839 (bsc#933191)

OBS-URL: https://build.opensuse.org/request/show/313567
OBS-URL: https://build.opensuse.org/package/show/Printing/hplip?expand=0&rev=117
This commit is contained in:
Johannes Meixner 2015-06-24 14:13:45 +00:00 committed by Git OBS Bridge
parent 8ddc1fbd41
commit 5031afc5db
8 changed files with 85 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
change-udev-rules.diff
View File

@ -1,7 +1,8 @@
--- data/rules/56-hpmud.rules.orig 2014-03-28 20:51:31.600138795 +0100 --- data/rules/56-hpmud.rules.orig 2015-06-07 21:25:22.000000000 +0200
+++ data/rules/56-hpmud.rules 2014-03-28 21:29:10.461761052 +0100 +++ data/rules/56-hpmud.rules 2015-06-24 12:35:25.000000000 +0200
@@ -1,9 +1,31 @@ @@ -1,18 +1,50 @@
# HPLIP udev rules file. Notify console user if plugin support is required for this device. # HPLIP udev rules file. Notify console user if plugin support is required for this device.
+#
+# SUSE changed: +# SUSE changed:
+# +#
+# Exchanged the rule to GOTO hpmud_usb_rules if SUBSYSTEM is "usb" +# Exchanged the rule to GOTO hpmud_usb_rules if SUBSYSTEM is "usb"
@ -12,7 +13,7 @@
+# if SUBSYSTEM is not "usb" or if ENV{DEVTYPE} is not "usb_device" or if SUBSYSTEM is not "ppdev" +# if SUBSYSTEM is not "usb" or if ENV{DEVTYPE} is not "usb_device" or if SUBSYSTEM is not "ppdev"
+# to avoid that the hpmud_usb_rules are needlessly processed. +# to avoid that the hpmud_usb_rules are needlessly processed.
+# +#
+# The rule to automatically "add the printer and install plugin" is disabled +# The rule to automatically "check ... plugin status" is disabled
+# because automated installation of non-free proprietary third-party software +# because automated installation of non-free proprietary third-party software
+# (here the plugin from HP) should not happen and it can cause whatever kind +# (here the plugin from HP) should not happen and it can cause whatever kind
+# of strange behaviour see for example https://bugs.launchpad.net/bugs/1197416 +# of strange behaviour see for example https://bugs.launchpad.net/bugs/1197416
@ -20,10 +21,12 @@
+# while in contrast manual printer setup via hp-setup usually "just works" +# while in contrast manual printer setup via hp-setup usually "just works"
+# and it is clear for the user what goes on and in case of failure what went wrong. +# and it is clear for the user what goes on and in case of failure what went wrong.
+# +#
+# Because the rule to automatically "add the printer and install plugin" +# Because the rule to automatically "check ... plugin status"
+# is also used to upload firmware into printers that need it +# is also used to upload firmware into printers that need it
+# see https://bugs.launchpad.net/bugs/1220628 +# see https://bugs.launchpad.net/bugs/1220628
+# a rule that only uploads firmware into printers that need it is added. +# a rule that only uploads firmware into printers that need it is added.
+#
+# If possible activate hpaio backend support in /etc/sane.d/dll.conf.
ACTION!="add", GOTO="hpmud_rules_end" ACTION!="add", GOTO="hpmud_rules_end"
-SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664" -SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664"
@ -34,15 +37,20 @@
LABEL="hpmud_usb_rules" LABEL="hpmud_usb_rules"
@@ -12,7 +34,10 @@ ENV{ID_USB_INTERFACES}=="", IMPORT{builtin}="usb_id"
# ENV{ID_HPLIP}="1" is for Ubuntu udev-acl
ATTR{idVendor}=="03f0", ENV{ID_USB_INTERFACES}=="*:0701??:*|*:08????:", OWNER="root", GROUP="lp", MODE="0664", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1"
# This rule will check the smart install feature, plugin status and firmware download for the required printers. # This rule will check the smart install feature, plugin status and firmware download for the required printers.
-ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/python /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi &'" -ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM}'"
+#ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/python /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi &'" +#ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM}'"
+ +
+# This rule uploads firmware to HP USB printer devices if needed: +# This rule uploads firmware to HP USB printer devices if needed:
+ENV{hp_test}=="yes", PROGRAM="/bin/logger -p user.info udev hpmud.rules runs hp-firmware to test if HP device with USB vendor ID $attr{idVendor} and USB product ID $attr{idProduct} at USB bus ID $env{BUSNUM} and USB device ID $env{DEVNUM} needs firmware and if yes to upload it", RUN+="/usr/bin/hp-firmware -s $env{BUSNUM}:$env{DEVNUM}" +ENV{hp_test}=="yes", PROGRAM="/bin/logger -p user.info udev hpmud.rules runs hp-firmware to test if HP device with USB vendor ID $attr{idVendor} and USB product ID $attr{idProduct} at USB bus ID $env{BUSNUM} and USB device ID $env{DEVNUM} needs firmware and if yes to upload it", RUN+="/usr/bin/hp-firmware -s $env{BUSNUM}:$env{DEVNUM}"
+
+# If possible activate hpaio backend support in /etc/sane.d/dll.conf:
+ENV{libsane_matched}=="yes", RUN+="/bin/sh -c 'if test -w /etc/sane.d/dll.conf ; then sed -i -e /hpaio/d /etc/sane.d/dll.conf ; echo hpaio >>/etc/sane.d/dll.conf ; fi'"
# If sane-bankends is installed add hpaio backend support to dll.conf if needed. LABEL="hpmud_rules_end"
ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'" +

3
hplip-3.15.4.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a3872f17690f2bfafbe025cea524b933260c81349b91083c465600705d8c3e68
size 21926172

7
hplip-3.15.4.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlUs5JkACgkQc9dwzaWQR7kX6QCfQrjES2UQSQNadZD7kT+SyeFr
9woAoKJjGtKRmFF7tucUCxZN/uBmLsNe
=RtGm
-----END PGP SIGNATURE-----

21
hplip-3.15.6.CVE-2015-0839.patch Normal file
View File

@ -0,0 +1,21 @@
From: Andreas Stieger <astieger@suse.com>
Date: Fri, 19 Jun 2015 13:26:52 +0200
Subject: [PATCH] use 0xlong key ID
Upstream: via package maintainer
References: https://bugzilla.suse.com/show_bug.cgi?id=933191 CVE-2015-0839
Use 0xlong key ID, short of shipping the key or full fingerprint.
Index: hplip-3.15.6/base/validation.py
===================================================================
--- hplip-3.15.6.orig/base/validation.py
+++ hplip-3.15.6/base/validation.py
@@ -42,7 +42,7 @@ class DigiSign_Verification(object):
class GPG_Verification(DigiSign_Verification):
- def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9):
+ def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9):
self.__pgp_site = pgp_site
self.__key = key
self.__gpg = utils.which('gpg',True)

3
hplip-3.15.6.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:30c513ee65aa5b342d8074ff89439c0827c35191683727335738d8bc0f9776c9
size 21956752

7
hplip-3.15.6.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlV0nCUACgkQc9dwzaWQR7l9EQCgokW2aC+oyEJx2IbcQ0MHzZFB
HZYAn2A+7AtDc6KuGCoe5THtlaVb2oUY
=OTvD
-----END PGP SIGNATURE-----

26
hplip.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Wed Jun 24 11:48:49 CEST 2015 - jsmeix@suse.de
- hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID
(instead of the short key ID) for downloading the key
see https://bugs.launchpad.net/hplip/+bug/1432516
(CVE-2015-0839 bsc#933191).
- Version upgrade to 3.15.6:
Added Support for the Following New Printers:
HP DeskJet 2130 All-in-One Printer series
HP DeskJet 2132 All-in-One Printer
HP Deskjet 2546B All-in-One Printer
HP Deskjet 2546P All-in-One Printer
HP Deskjet 2546R All-in-One Printer
HP DeskJet 3630 All-in-One Printer series
HP DeskJet 3632 All-in-One
HP Officejet 5744 e-All-in-One
Some bug fixes - in particular:
udev rules wrongly match on monitor hub, wrong invocation
of systemd unit, changes config files in udev rules
For details see
http://hplipopensource.com/hplip-web/release_notes.html
- change-udev-rules.diff: Adapted for HPLIP 3.15.6.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 19 17:04:45 CEST 2015 - jsmeix@suse.de Tue May 19 17:04:45 CEST 2015 - jsmeix@suse.de
@ -10,6 +34,8 @@ Tue May 19 17:04:45 CEST 2015 - jsmeix@suse.de
by upstream projects in general, see "Parallel port printers" by upstream projects in general, see "Parallel port printers"
at https://en.opensuse.org/SDB:Installing_a_Printer at https://en.opensuse.org/SDB:Installing_a_Printer
- Version upgrade to 3.15.4: - Version upgrade to 3.15.4:
Significant Changes:
HPLIP Plugin support for ARMv6,ARMv7 and aarch64 architectures
Added Support for the Following New Printers: Added Support for the Following New Printers:
HP Color LaserJet Pro M252dw HP Color LaserJet Pro M252dw
HP Color LaserJet Pro M252n HP Color LaserJet Pro M252n

14
hplip.spec
View File

@ -17,18 +17,18 @@
Name: hplip Name: hplip
Version: 3.15.4 Version: 3.15.6
Release: 0 Release: 0
Summary: HP's Printing, Scanning, and Faxing Software Summary: HP's Printing, Scanning, and Faxing Software
License: BSD-3-Clause and GPL-2.0+ and MIT License: BSD-3-Clause and GPL-2.0+ and MIT
Group: Hardware/Printing Group: Hardware/Printing
Url: http://hplipopensource.com Url: http://hplipopensource.com
# Source0...Source9 is for sources from HP: # Source0...Source9 is for sources from HP:
# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.4.tar.gz # URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz
# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.4.tar.gz.asc # URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz.asc
# How to verify Source0 see: http://hplipopensource.com/node/327 # How to verify Source0 see: http://hplipopensource.com/node/327
# For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9
# /usr/bin/gpg --verify hplip-3.15.4.tar.gz.asc hplip-3.15.4.tar.gz # /usr/bin/gpg --verify hplip-3.15.6.tar.gz.asc hplip-3.15.6.tar.gz
# must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>" # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>"
Source0: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz Source0: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz
Source1: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc Source1: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc
@ -84,6 +84,9 @@ Patch107: hplip-udev-rules-in-usr.patch
# Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>'
# and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590
Patch108: add_missing_includes_and_define_GNU_SOURCE.patch Patch108: add_missing_includes_and_define_GNU_SOURCE.patch
# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID)
# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516):
Patch109: hplip-3.15.6.CVE-2015-0839.patch
# HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version: # HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version:
# It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc) # It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc)
# that are defined only in libcups.so version > 1.5. For backward compatibility # that are defined only in libcups.so version > 1.5. For backward compatibility
@ -400,6 +403,9 @@ This sub-package is only required by developers.
# Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>'
# and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590
%patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig %patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig
# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID)
# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516):
%patch109 -p1 -b .CVE-2015-0839.orig
%build %build
# If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake) # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake)