pool/hplip
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 203652 from home:jsmeix:branches:Printing

Browse Source 
version upgrade to 3.13.10

OBS-URL: https://build.opensuse.org/request/show/203652
OBS-URL: https://build.opensuse.org/package/show/Printing/hplip?expand=0&rev=83
This commit is contained in:
Johannes Meixner 2013-10-17 15:47:40 +00:00 committed by Git OBS Bridge
parent 9cac513ea8
commit b5f2ba9c14
10 changed files with 74 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
change-udev-rules.diff
View File

@ -1,21 +1,16 @@
--- data/rules/56-hpmud.rules.change-udev-rules.orig 2013-08-07 08:02:33.000000000 +0200
+++ data/rules/56-hpmud.rules 2013-09-10 13:24:09.000000000 +0200
@@ -1,18 +1,50 @@
--- data/rules/56-hpmud.rules.change-udev-rules.orig 2013-10-11 11:38:53.000000000 +0200
+++ data/rules/56-hpmud.rules 2013-10-16 16:04:54.000000000 +0200
@@ -1,18 +1,43 @@
# HPLIP udev rules file. Notify console user if plugin support is required for this device.
+# SUSE changed:
+#
+# MODE="0660" to MODE="0664"
+# because it is sufficiently secure to let any user read the device nodes
+# because HPLIP opens the device nodes exclusively so that sniffing
+# of print jobs or scanner image data should not be possible.
+#
+# Exchanged the rule to GOTO hpmud_usb_rules if SUBSYSTEM is "usb"
+# with the rule if SUBSYSTEM is "ppdev" to avoid that the "ppdev" rule
+# is needlessly processed when SUBSYSTEM is "usb".
+#
+# Added rules to skip the hpmud_usb_rules rules via GOTO hpmud_rules_end
+# if SUBSYSTEM is not "usb" or if ENV{DEVTYPE} is not "usb_device"
+# Added GOTO hpmud_rules_end rule to skip the hpmud_usb_rules
+# if SUBSYSTEM is not "usb" or if ENV{DEVTYPE} is not "usb_device" or if SUBSYSTEM is not "ppdev"
+# to avoid that the hpmud_usb_rules are needlessly processed.
+#
+# The rule to automatically "add the printer and install plugin" is disabled
@ -32,20 +27,18 @@
+# a rule that only uploads firmware into printers that need it is added.
+
ACTION!="add", GOTO="hpmud_rules_end"
-SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0660"
-SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664"
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="hpmud_usb_rules"
-
+SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664"
+SUBSYSTEM!="usb", GOTO="hpmud_rules_end"
+ENV{DEVTYPE}!="usb_device", GOTO="hpmud_rules_end"
+GOTO="hpmud_rules_end"
LABEL="hpmud_usb_rules"
# ENV{ID_HPLIP}="1" is for Ubuntu udev-acl
-ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", OWNER="root", GROUP="lp", MODE="0660", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1"
+ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1"
ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1"
-
# This rule will add the printer and install plugin
-ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi'"
+# ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi'"
@ -55,8 +48,10 @@
# If sane-bankends is installed add hpaio backend support to dll.conf if needed.
ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'"
@@ -22,3 +54,4 @@ ENV{libsane_matched}=="yes", RUN+="/bin/
@@ -20,5 +45,5 @@ ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c
# The following rule will disable USB autosuspend for the device
ENV{libsane_matched}=="yes", RUN+="/bin/sh -c 'test -e /sys/$env{DEVPATH}/power/level && echo on > /sys/$env{DEVPATH}/power/level'"
-
LABEL="hpmud_rules_end"
+

12
deactivate-add_group-function.diff
View File

@ -1,12 +0,0 @@
--- base/queues.py.orig 2013-06-21 08:57:55.000000000 +0200
+++ base/queues.py 2013-07-09 16:05:04.000000000 +0200
@@ -87,6 +87,9 @@ def check_user_groups():
# This function adds the groups ('lp') to user
def add_group(core, mode, passwordObj):
+# Deactivated via "return True" because it causes security issues
+# see https://bugs.launchpad.net/bugs/1197416
+ return True
result = False
add_user_to_group = core.get_distro_ver_data('add_user_to_group', '')
if add_user_to_group:

31
disable-chgrp_lp.diff
View File

@ -1,31 +0,0 @@
--- Makefile.am.orig 2013-06-21 08:57:55.000000000 +0200
+++ Makefile.am 2013-06-26 16:09:47.000000000 +0200
@@ -546,24 +546,24 @@ endif
install-dist_hplip_LogDATA:
if FULL_BUILD
test -z "$(DESTDIR)$(hplip_Logdir)" || mkdir -p $(DESTDIR)$(hplip_Logdir)
- chgrp "lp" -R $(DESTDIR)$(hplip_Logdir)
+# chgrp "lp" -R $(DESTDIR)$(hplip_Logdir)
chmod 775 $(DESTDIR)$(hplip_Logdir)
endif #FULL_BUILD
if HPLIP_BUILD
test -z "$(DESTDIR)$(hplip_Logdir)" || mkdir -p $(DESTDIR)$(hplip_Logdir)
- chgrp "lp" -R $(DESTDIR)$(hplip_Logdir)
+# chgrp "lp" -R $(DESTDIR)$(hplip_Logdir)
chmod 775 $(DESTDIR)$(hplip_Logdir)
endif #FULL_BUILD
install-dist_hplip_tmpDATA:
if FULL_BUILD
test -z "$(DESTDIR)$(hplip_tmpdir)" || mkdir -p $(DESTDIR)$(hplip_tmpdir)
- chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir)
+# chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir)
chmod 0775 $(DESTDIR)$(hplip_tmpdir)
endif #FULL_BUILD
if HPLIP_BUILD
test -z "$(DESTDIR)$(hplip_tmpdir)" || mkdir -p $(DESTDIR)$(hplip_tmpdir)
- chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir)
+# chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir)
chmod 0775 $(DESTDIR)$(hplip_tmpdir)
endif #FULL_BUILD

14
neither-add_user_to_group-nor-open_mdns_port.diff → do_not_open_mdns_port.diff
View File

@ -1,5 +1,5 @@
--- installer/distros.dat.orig 2013-06-21 08:54:15.000000000 +0200
+++ installer/distros.dat 2013-07-04 16:51:55.000000000 +0200
--- installer/distros.dat.orig 2013-10-11 11:36:44.000000000 +0200
+++ installer/distros.dat 2013-10-16 16:25:27.000000000 +0200
@@ -141,7 +141,7 @@ parallel_supported=0
usb_supported=1
packaged_version=3.11.6
@ -9,18 +9,16 @@
ppd_install=drv
udev_mode_fix=1
ppd_dir=/usr/share/cups/model/HP
@@ -150,8 +150,8 @@ drv_dir=/usr/share/cups/drv/HP
@@ -150,7 +150,7 @@ drv_dir=/usr/share/cups/drv/HP
cups_path_with_bitness=0
ui_toolkit=qt4
native_cups=1
-add_user_to_group= -Asys,lp
-open_mdns_port=/bin/bash ./init-suse-firewall
+add_user_to_group=
+open_mdns_port=/bin/true
pre_depend_cmd=su -c "zypper refresh"
[suse:12.2:cups]
@@ -260,7 +260,7 @@ parallel_supported=0
@@ -261,7 +261,7 @@ parallel_supported=0
usb_supported=1
packaged_version=3.12.11
release_date=2013-03-13
@ -29,13 +27,11 @@
ppd_install=drv
udev_mode_fix=1
ppd_dir=/usr/share/cups/model/HP
@@ -269,8 +269,8 @@ drv_dir=/usr/share/cups/drv/HP
@@ -270,7 +270,7 @@ drv_dir=/usr/share/cups/drv/HP
cups_path_with_bitness=0
ui_toolkit=qt4
native_cups=1
-add_user_to_group= -a -G sys,lp
-open_mdns_port=/bin/bash ./init-suse-firewall
+add_user_to_group=
+open_mdns_port=/bin/true
pre_depend_cmd=su -c "zypper refresh"

3
hplip-3.13.10.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a8122cd824398ac6374154f86152e24fdf5c0100b5c1d6518e853308362e627d
size 20951136

7
hplip-3.13.10.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlJXyTYACgkQc9dwzaWQR7lU3gCfUPYc+L4OhHfT6FyDR+p6Cc3f
nTQAoKVRl9zN6A2FEfuevhyXKvbvxS5X
=rBTR
-----END PGP SIGNATURE-----

3
hplip-3.13.9.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d95c729a79b0d28be3ecb6cba6df5a931b0788484c4d323963abc36d514bb120
size 20878480

7
hplip-3.13.9.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAlIoR1sACgkQc9dwzaWQR7lohwCfaoxhATOoQn1B2kcsDZrx5FB5
tMYAn35uKn+H5/feIApEUN+DKjeam1/x
=75MO
-----END PGP SIGNATURE-----

23
hplip.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Wed Oct 16 15:36:08 CEST 2013 - jsmeix@suse.de
- Version upgrade to 3.13.10:
Several more supported printers and all-in-one devices.
Fix for CVE-2013-4325i (insecure Polkit use).
Users will not be added to "lp" group, users will be prompted
to provide necessary authentication (see the entry
dated "Tue Jul 9 16:18:35 CEST 2013" below).
Added firmware upload functionality during 'hp-setup'.
Some other bug fixes.
For details see
http://hplipopensource.com/hplip-web/release_notes.html
- change-udev-rules.diff: Adapted for HPLIP 3.13.10.
- disable-chgrp_lp.diff is obsolete since version 3.13.10
because it is fixed in the source.
- neither-add_user_to_group-nor-open_mdns_port.diff is replaced by
do_not_open_mdns_port.diff because the "add_user_to_group" issue
is fixed in the source since version 3.13.10 but the
"open_mdns_port" issue still exists.
- deactivate-add_group-function.diff is obsolete since 3.13.10
because there is no longer that "chgrp" stuff in HPLIP.
-------------------------------------------------------------------
Thu Sep 12 10:47:40 CEST 2013 - jsmeix@suse.de

68
hplip.spec
View File

@ -58,7 +58,7 @@ Group: Hardware/Printing
# where 'a' or 'b' do not mean 'alpha' or 'beta' but 'second' or 'third' release in the month
# (usually bugfix releases have the suffix like 3.12.10a = first bugfix release for 3.12.10).
# Official releases have a 3 digit number and release candidates have a 4 digit number: x.y.m.rc
Version: 3.13.9
Version: 3.13.10
Release: 0
Url: http://hplipopensource.com
# Source0...Source9 is for sources from HP:
@ -98,28 +98,21 @@ Source102: hpijs.1.gz
# Source106 hp-systray.wrapper was a wrapper for hp-systray which is no longer needed
# see https://bugzilla.novell.com/show_bug.cgi?id=649280
# Patch100... is for special Suse patches:
# Patch101 changes the udev rules file 56-hpmud.rules
# Patch101 change-udev-rules.diff changes the udev rules file 56-hpmud.rules
Patch101: change-udev-rules.diff
# Patch102 disable-chgrp_lp.diff deactivates the "chgrp lp" in Makefile.am
# because during build this results "Operation not permitted".
# Instead it is done in the files section via attr(0775,root,lp)
# where mode 0775 is used instead of mode 0777 as in Makefile.am
# because a public writable directory /var/log/hp/ is not allowed
# to avoid security issues:
Patch102: disable-chgrp_lp.diff
# Patch102 was disable-chgrp_lp.diff that deactivated the "chgrp lp" in Makefile.am
# because during build this results "Operation not permitted" which
# is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
# Patch103 was no-hplip_cron.diff that deactivated the "cron" stuff in Makefile.am which
# is no longer needed because there is no longer any "cron" stuff in HPLIP version 3.13.6
# Patch104 removes add_user_to_group and open_mdns_port.diff from distros.dat for SUSE distros
# to avoid security issues when normal users get added to system groups 'lp' and 'sys'
# see https://bugs.launchpad.net/bugs/1197416 and https://bugs.launchpad.net/bugs/1112306
# and to avoid security issues when ports in the firewall get opened
# see https://bugs.launchpad.net/bugs/426161
Patch104: neither-add_user_to_group-nor-open_mdns_port.diff
# Patch105 deactivates the add_group function that would add the groups ('lp') to user
# which would cause security issues see https://bugs.launchpad.net/bugs/1197416
# that would happen in any case via a fallback command in an "else" clause
# even if this functionality was explicitly disabled in distros.dat
Patch105: deactivate-add_group-function.diff
# Patch104 do_not_open_mdns_port.diff deactivates the open_mdns_port functionality
# in distros.dat for SUSE distros to avoid security issues when ports in the firewall
# get opened. see https://bugs.launchpad.net/bugs/426161
Patch104: do_not_open_mdns_port.diff
# Patch105 was deactivate-add_group-function.diff that deactivated
# the add_group function that would add the groups ('lp') to user which
# would cause security issues see https://bugs.launchpad.net/bugs/1197416
# which is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
# Install into this non-root directory (required when norootforbuild is used):
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: coreutils
@ -328,29 +321,12 @@ with the scan drivers in HPLIP for standard HP all-in-one printers.
%endif
# Be quiet when unpacking:
%setup -q
# Patch101 change-udev-rules.diff
# changes the udev rules file 56-hpmud.rules
# Patch101 change-udev-rules.diff changes the udev rules file 56-hpmud.rules
%patch101 -b .change-udev-rules.orig
# Patch102 disable-chgrp_lp.diff deactivates the "chgrp lp" in Makefile.am
# because during build this results "Operation not permitted".
# Instead it is done in the files section via attr(0775,root,lp)
# where mode 0775 is used instead of mode 0777 as in Makefile.am
# because a public writable directory /var/log/hp/ is not allowed
# to avoid security issues:
%patch102 -b .disable-chgrp_lp.orig
# Patch104 neither-add_user_to_group-nor-open_mdns_port.diff
# removes add_user_to_group and open_mdns_port.diff from distros.dat for SUSE distros
# to avoid security issues when normal users get added to system groups 'lp' and 'sys'
# see https://bugs.launchpad.net/bugs/1197416 and https://bugs.launchpad.net/bugs/1112306
# and to avoid security issues when ports in the firewall get opened
# see https://bugs.launchpad.net/bugs/426161
%patch104 -b .neither-add_user_to_group-nor-open_mdns_port.orig
# Patch105 deactivate-add_group-function.diff
# deactivates the add_group function that would add the groups ('lp') to user
# which would cause security issues see https://bugs.launchpad.net/bugs/1197416
# that would happen in any case via a fallback command in an "else" clause
# even if this functionality was explicitly disabled in distros.dat
%patch105 -b .deactivate-add_group-function.orig
# Patch104 do_not_open_mdns_port.diff deactivates the open_mdns_port functionality
# in distros.dat for SUSE distros to avoid security issues when ports in the firewall
# get opened. see https://bugs.launchpad.net/bugs/426161
%patch104 -b .do_not_open_mdns_port.orig
%build
# If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake)
@ -383,6 +359,8 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
# foomatic-rip-hplip is no longer installed and foomatic-rip from foomatic-filters is used instead so that
# --disable-foomatic-rip-hplip-install is explicitly set and as a consequence the "cupsFilter" entries
# in the static PPDs are changed in the install section to use foomatic-rip.
# Since HPLIP 3.13.10 --with-htmldir is new but it does not inhertit its value from --with-docdir
# so that --with-htmldir must be explicitly set.
./configure --prefix=/usr \
--libdir=%{_libdir} \
--disable-qt3 \
@ -407,7 +385,8 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
--with-cupsfilterdir=/usr/lib/cups/filter \
--with-drvdir=/usr/lib/cups/driver \
--with-mimedir=%{_sysconfdir}/cups \
--with-docdir=%{_defaultdocdir}/%{name}
--with-docdir=%{_defaultdocdir}/%{name} \
--with-htmldir==%{_defaultdocdir}/%{name}
make
%install
@ -629,7 +608,6 @@ exit 0
%{_bindir}/hp-logcapture
%{_bindir}/hp-makecopies
%{_bindir}/hp-makeuri
%{_bindir}/hp-mkuri
%{_bindir}/hp-pkservice
%{_bindir}/hp-plugin
%{_bindir}/hp-pqdiag
@ -686,7 +664,7 @@ exit 0
%{_datadir}/cups/model/manufacturer-PPDs/%{name}/
%{_datadir}/%{name}/data/models/models.dat
# Use fixed "/var/log/hp" because this is hardcoded in the HPLIP sources.
# Regarding attr(0775,root,lp) see disable-chgrp_lp.diff (Patch102):
# Regarding attr(0775,root,lp) see the comment for /var/log/hp/tmp below:
%dir %attr(0775,root,lp) /var/log/hp
# Regarding attr(0775,root,lp) for /var/log/hp/tmp
# see https://bugzilla.novell.com/show_bug.cgi?id=800312#c0