Accepting request 78646 from Printing

Version upgrade to HPLIP 3.11.7 and avoid CVE-2011-2697 (bnc#698451) plus CVE-2004-0801 (bnc#59233) by no longer installing foomatic-rip-hplip and using foomatic-rip from the foomatic-filters RPM instead OBS-URL: https://build.opensuse.org/request/show/78646 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hplip?expand=0&rev=64
2011-08-12 14:45:44 +00:00 · 2011-08-12 14:45:44 +00:00 · c143b6d068
commit c143b6d068
parent 2f98c01679 8eb7267ec3
5 changed files with 97 additions and 51 deletions
--- a/change-udev-rules.diff
+++ b/change-udev-rules.diff
@ -1,10 +1,10 @@
--- data/rules/55-hpmud.rules.orig	2011-01-19 06:17:26.000000000 +0100
+--- data/rules/55-hpmud.rules.orig	2011-08-12 09:34:13.000000000 +0200
-+++ data/rules/55-hpmud.rules	2011-02-01 16:03:52.000000000 +0100
+++ data/rules/55-hpmud.rules	2011-08-12 09:47:34.000000000 +0200
@@ -12,142 +12,185 @@
 #   3. This rules file is an attempt at being compatable with all distros. Feel free to make your own changes and if you feel your
 #      changes are not distro specific please send your patch to us. 2/11/2009, D Suffield
 #
-+# Novell/Suse changed:
+# SUSE changed:
 +#
 +# SYSFS{idVendor} to ATTR{idVendor} and
 +# SYSFS{idProduct to ATTR{idProduct}
@ -232,7 +232,7 @@
 # Removed the following rule because FHS states that /etc should be reserved for static files only. This
 # functionality should be done in a deb/rpm post install script.  2/11/2009, D Suffield
 #
-+# Novell/openSUSE re-enabled it
+# SUSE re-enabled it
 +# because it is how it works with SANE regardless what FHS think how it should work.
 +# Files in /etc/ are config files which can be adapted as needed during runtime.
 +# Adapting /etc/sane.d/dll.conf only during package install time is insufficient
@ -248,9 +248,9 @@
 LABEL="hpmud_rules_end"
 +
--- data/rules/56-hpmud_support.rules.orig	2011-01-19 06:17:26.000000000 +0100
+--- data/rules/56-hpmud_support.rules.orig	2011-07-24 21:04:13.000000000 +0200
-+++ data/rules/56-hpmud_support.rules	2011-02-01 16:06:47.000000000 +0100
+++ data/rules/56-hpmud_support.rules	2011-08-12 09:47:21.000000000 +0200
-@@ -1,15 +1,17 @@
+@@ -1,15 +1,16 @@
 # HPLIP udev rules file. Notify console user if plugin support is required for this device.
 -ACTION!="add", GOTO="hpmud_rules_end"
@ -269,10 +269,8 @@
 # Check for LaserJet products (0x03f0xx2a).
 -SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="??2a", ENV{hp_model}="$sysfs{product}", ENV{hp_test}="yes"
 +ATTR{idVendor}=="03f0", ATTR{idProduct}=="??2a", ENV{hp_model}="$sysfs{product}", ENV{hp_test}="yes"
-+
+ ENV{hp_test}=="yes", RUN+="/bin/sh -c '/usr/bin/hp-mkuri -c &'"
 ENV{hp_test}=="yes", RUN+="bin/sh -c '/usr/bin/hp-mkuri -c &'"
 -LABEL="hpmud_rules_end"
 \ No newline at end of file
 +LABEL="hpmud_support_rules_end"
 +
--- a/hplip-3.11.5.tar.bz2
+++ b/hplip-3.11.5.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:dd84010d6108462e3690a9d5df271d748f84d1a904e10bb2c34ac770edcee6c3
 size 19485776
--- a/hplip-3.11.7.tar.gz
+++ b/hplip-3.11.7.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:820d73bad6dbd8df774e1e234eb27cae9a6e797466e2261c75db51ba38e4001d
 size 21286283
--- a/hplip.changes
+++ b/hplip.changes
@ -1,3 +1,31 @@
 -------------------------------------------------------------------
 Fri Aug 12 10:36:13 CEST 2011 - jsmeix@suse.de
 - Upgraded to version 3.11.7:
  A few more supported printers and all-in-one devices.
  Several bug fixies.
  For details see
  http://hplipopensource.com/hplip-web/release_notes.html
 - Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451)
  plus a leftover in CVE-2004-0801 (bnc#59233)
  foomatic-rip-hplip is no longer installed and foomatic-rip
  from the foomatic-filters RPM is used instead and the
  "cupsFilter" entries in the PPDs are changed accordingly.
  To be backward compatible with PPDs in /etc/cups/ppd/
  for existing print queues a compatibility link
  /usr/lib/cups/filter/foomatic-rip-hplip
  which points to foomatic-rip is installed.
 - The DefaultPageSize in the PPDs is no longer set to A4
  if A4 is an available PageSize choice but left "as is"
  because the DefaultPageSize in the PPD templates in
  /usr/share/cups/model/ does not matter because the cupsd
  sets the DefaultPageSize for PPDs in /etc/cups/ppd/
  by default according to the locale that the cupsd runs in or
  according to a DefaultPaperSize entry in /etc/cups/cupsd.conf.
 - No longer "Correcting or removing non-working PPDs..."
  because none of those cases which were fixed still exist
  (i.e. all those cases are meanwhile fixed upstream).
 -------------------------------------------------------------------
 Fri May 13 12:20:10 CEST 2011 - jsmeix@suse.de
--- a/hplip.spec
+++ b/hplip.spec
@ -19,7 +19,10 @@
 Name:           hplip
-BuildRequires:  cups cups-devel dbus-1-devel fdupes libdrm-devel libgphoto2-devel libjpeg-devel libqt4-devel libusb-devel net-snmp-devel pkgconfig python-devel python-openssl python-qt4 python-xml readline-devel update-desktop-files
+# BuildRequires foomatic-filters to avoid /usr/lib/rpm/brp-symlink ERROR:
 # link target doesn't exist (neither in build root nor in installed system):
 # /usr/lib/cups/filter/foomatic-rip-hplip -> /usr/bin/foomatic-rip
 BuildRequires:  cups cups-devel dbus-1-devel fdupes foomatic-filters libdrm-devel libgphoto2-devel libjpeg-devel libqt4-devel libusb-devel net-snmp-devel pkgconfig python-devel python-openssl python-qt4 python-xml readline-devel update-desktop-files
 %if 0%{?suse_version} > 1130
 BuildRequires:  sane-backends-devel
 %else
@ -29,19 +32,19 @@ Summary:        HP's Printing, Scanning, and Faxing Software
 # HPLIP has reached 1.0 status. With this release a date encoded revision number is used:
 # x.y.m : x = major release number, y = year (eg: 6 = 2006), m = month (eg: 6a = second release in June)
 # Official releases have a 3 digit number and release candidates have a 4 digit number: x.y.m.rc
-Version:        3.11.5
+Version:        3.11.7
 Release:        1
 Group:          Hardware/Printing
 License:        BSD3c(or similar) ; GPLv2+ ; MIT License (or similar)
 Url:            http://hplipopensource.com
 # Source0...Source9 is for sources from HP:
-# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.11.5.tar.gz
+# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.11.7.tar.gz
-# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.11.5.tar.gz.asc
+# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.11.7.tar.gz.asc
 # How to verify Source0 see: http://hplipopensource.com/node/327
 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9
-#              /usr/bin/gpg --verify hplip-3.11.5.tar.gz.asc hplip-3.11.5.tar.gz
+#              /usr/bin/gpg --verify hplip-3.11.7.tar.gz.asc hplip-3.11.7.tar.gz
 # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>"
-Source0:        %{name}-%{version}.tar.bz2
+Source0:        %{name}-%{version}.tar.gz
 # Patch0...Patch9 is for patches from HP:
 # Patch10...Patch99 is for Suse patches for the sources from HP:
 # Patch10 fixes "... is used uninitialized ..." warnings:
@ -87,6 +90,26 @@ PreReq:         coreutils, /bin/grep, /bin/sed, /usr/bin/find
 # which lets the whole scanning stack frontend<->libsane-dll<->libsane-backend crash
 # also for any other backend when the hpaio backend is enabled (e.g. "scanimage -L"):
 Requires:       %{name}-hpijs = %{version}-%{release}
 # Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451)
 # plus a leftover in CVE-2004-0801 (bnc#59233)
 # foomatic-rip-hplip is no longer installed and foomatic-rip
 # from the foomatic-filters RPM is used instead.
 # The RPM requirement for foomatic-filters should actually be 
 # in the hplip-hpijs sub-package but this would bloat a minimalist system
 # (see the comment for the hplip-hpijs sub-package below).
 # Therefore the hplip main package which is intended
 # to get "all the HPLIP stuff" installed has the RPM requirement:
 Requires:       foomatic-filters
 # foomatic-filters does not require Ghostscript because depending on the PPD
 # (e.g. some PPDs for PostScript printers in OpenPrintingPPDs-postscript)
 # foomatic-rip can also be used without Ghostscript but for the drivers
 # HPIJS and HPCUPS Ghostscript is needed.
 # The RPM requirement for ghostscript-library should actually be 
 # in the hplip-hpijs sub-package but this would bloat a minimalist system
 # (see the comment for the hplip-hpijs sub-package below).
 # Therefore the hplip main package which is intended
 # to get "all the HPLIP stuff" installed has the RPM requirement:
 Requires:       ghostscript-library
 # Require special Python stuff (which pulls in Python base stuff).
 # At least since openSUSE 11.1 and SLE11 pyxml is no longer required
 # (pyxml was required in particular for openSUSE 10.3 and SLE10,
@ -106,6 +129,9 @@ Requires:       dbus-1-python >= 0.80, python-gobject2
 # see https://bugzilla.novell.com/show_bug.cgi?id=251830#c20
 # for the full story why there is this unversioned Obsoletes:
 Obsoletes:      hplip17
 # Obsolete the hplip3 copy that was introduced for older SLED11-GA HP preloads:
 Provides:       hplip3 = 3.9.5
 Obsoletes:      hplip3 < 3.9.5
 # Skip testing devel dependencies required by libtool .la files by the following comment:
 # skip-check-libtool-deps
@ -184,6 +210,9 @@ Obsoletes:      hpijs-standalone
 # see https://bugzilla.novell.com/show_bug.cgi?id=251830#c20
 # for the full story why there is this unversioned Obsoletes:
 Obsoletes:      hplip17-hpijs
 # Obsolete the hplip3 copy that was introduced for older SLED11-GA HP preloads:
 Provides:       hplip3-hpijs = 3.9.5
 Obsoletes:      hplip3-hpijs < 3.9.5
 # PackMan provides HPLIP in the packages hplip and hplip-hpcups.
 # HPLIP does not work if the openSUSE packages hplip and hplip-hpijs
 # are installed together with a leftover PackMan package hplip-hpcups
@ -210,7 +239,6 @@ This sub-package includes in particular:
 The hpijs binary and the libraries libhpip and libhpmud
 which are needed to run it.
 The HPIJS CUPS filter foomatic-rip-hplip.
 The HPCUPS driver (/usr/lib[64]/cups/filter/hpcups).
@ -252,6 +280,8 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 # According to http://hplipopensource.com/hplip-web/release_notes.html
 # all drv installs require CUPSDDK 1.2.3 or higher.
 # Otherwise a static PPD install must be performed.
 # Furthermore dynamic PPDs will be deprecated in the future in CUPS,
 # see http://www.cups.org/str.php?L3772
 # For hpcups static PPD install one needs:
 # --enable-hpcups-install enable hpcups install (default=yes)
 # --disable-cups-drv-install enable cups dynamic ppd install (default=yes)
@ -261,6 +291,11 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
 # --disable-foomatic-drv-install enable foomatic dynamic ppd install (default=no), uses drvdir and hpppddir
 # --enable-foomatic-ppd-install enable foomatic static ppd install (default=no), uses hpppddir
 # --enable-foomatic-rip-hplip-install enable foomatic-rip-hplip install (default=no), uses cupsfilterdir
 # Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451) plus a leftover in CVE-2004-0801 (bnc#59233)
 # which are fixed up to openSUSE 11.4 with patches, after openSUSE 11.4 (i.e. since openSUSE 12.1)
 # foomatic-rip-hplip is no longer installed and foomatic-rip from foomatic-filters is used instead so that 
 # --disable-foomatic-rip-hplip-install is explicitly set and as a consequence the "cupsFilter" entries
 # in the static PPDs are changed in the install section to use foomatic-rip.
 ./configure --prefix=/usr \
            --libdir=%_libdir \
            --disable-qt3 \
@ -279,7 +314,7 @@ export CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing"
            --enable-hpijs-install \
            --disable-foomatic-drv-install \
            --enable-foomatic-ppd-install \
-            --enable-foomatic-rip-hplip-install \
+            --disable-foomatic-rip-hplip-install \
            --with-hpppddir=%{_datadir}/cups/model/manufacturer-PPDs/%{name} \
            --with-cupsbackenddir=/usr/lib/cups/backend \
            --with-cupsfilterdir=/usr/lib/cups/filter \
@ -309,36 +344,12 @@ echo "Adding a line-feed to the end of all PPDs to fix those PPDs where it is mi
 for p in *.ppd
 do echo -en '\n' >>$p
 done
-# Correct or remove non-working PPDs:
+# Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451) plus a leftover in CVE-2004-0801 (bnc#59233)
-# Several HP PPDs contain "600x600x2dpi" which is not allowed
+# foomatic-rip-hplip is no longer installed and foomatic-rip from foomatic-filters is used instead so that 
-# according to the Adobe PPD specification section 5.9
+# the "cupsFilter" entries in the static PPDs must be changed accordingly:
-# and which can be simply replaced by "600x1200dpi"
+echo "Replacing insecure foomatic-rip-hplip with foomatic-rip everywhere in in the PPDs..."
 # because "600x1200dpi" is not used elsewhere in the PPD.
 # Some PPDs contain a "*cupsFilter: ... hppostprocessing" line
 # which cannot work because there is no "hppostprocessing" filter.
 # Some PPDs contain "1284DeviceId" which must be "1284DeviceID".
 # Some PPDs contain "* PageRegion" which must be "*PageRegion".
 # Some HPIJS PPDs contain a too long ShortNickName (longer than 31 chars)
 # therefore from all ShortNickName entries " Foomatic/hpijs" is simply removed
 # but they still exists in the NickName entries which are shown to the user
 # when the user selects a PPD to set up a print queue:
 echo "Correcting or removing non-working PPDs..."
 for p in *.ppd
-do perl -pi -e 's/600x600x2dpi/600x1200dpi/;' $p
+do sed -i -e 's/foomatic-rip-hplip/foomatic-rip/' $p
   grep -q '^\*cupsFilter:.*hppostprocessing' $p && rm -v $p
   perl -pi -e 's/1284DeviceId/1284DeviceID/;' $p
   perl -pi -e 's/\* PageRegion/*PageRegion/;' $p
   sed -i -e '/^\*ShortNickName:/s/ Foomatic\/hpijs//;' $p
 done
 # Change default media size to A4 if this is an available choice in the PPD and then
 # set DefaultPageSize, DefaultPageRegion, DefaultImageableArea, DefaultPaperDimension to A4:
 echo "Changing default media size to A4 if this is an available choice in the PPD..."
 for p in *.ppd
 do for i in PageSize PageRegion ImageableArea PaperDimension
   do if grep -q "^\*$i[[:space:]]*A4[:/]" $p
      then grep -q "^\*Default$i:[[:space:]]*A4\$" $p || perl -pi -e "s/^\*Default$i:.*/\*Default$i: A4/" $p
      fi
   done
 done
 # Final test by cupstestppd:
 # To save disk space gzip the files (gzipped PPDs can also be used by CUPS).
@ -352,7 +363,7 @@ done
 # let those PPDs pass even if they are not strictly compliant.
 # Ignore FAILs because of missing cupsFilter programs because
 # in the package build environment the usual HPLIP filters
-# like "foomatic-rip-hplip", "hpcups" and "hpcupsfax" are
+# like "hpcups" and "hpcupsfax" are
 # installed at an unusual place (in the BuildRoot directory).
 # For now keep all PPDs even if cupstestppd FAILs.
 # Reason:
@ -373,6 +384,15 @@ echo "End of general tests and adjustments for all PPDs."
 set -x
 # End of "General tests and adjustments for all PPDs":
 popd
 # Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451)
 # plus a leftover in CVE-2004-0801 (bnc#59233)
 # foomatic-rip-hplip is no longer installed and foomatic-rip
 # from the foomatic-filters RPM must be used instead.
 # To be backward compatible with PPDs in /etc/cups/ppd/
 # for existing print queues a compatibility link
 # /usr/lib/cups/filter/foomatic-rip-hplip
 # which points to foomatic-rip is installed:
 ln -s ../../../bin/foomatic-rip %{buildroot}/usr/lib/cups/filter/foomatic-rip-hplip
 # Begin "Desktop menue entry stuff":
 # Install the wrapper for hp-toolbox:
 install -m 755 %{SOURCE101} %{buildroot}%{_bindir}/hp-toolbox.wrapper