diff --git a/change-udev-rules.diff b/change-udev-rules.diff index c72400a..964ab9a 100644 --- a/change-udev-rules.diff +++ b/change-udev-rules.diff @@ -1,318 +1,53 @@ ---- data/rules/55-hpmud.rules.orig 2012-09-04 14:33:13.000000000 +0200 -+++ data/rules/55-hpmud.rules 2012-10-04 15:39:27.000000000 +0200 -@@ -12,142 +12,187 @@ - # 3. This rules file is an attempt at being compatable with all distros. Feel free to make your own changes and if you feel your - # changes are not distro specific please send your patch to us. 2/11/2009, D Suffield - # +--- data/rules/56-hpmud.rules.orig 2013-06-21 08:56:30.000000000 +0200 ++++ data/rules/56-hpmud.rules 2013-07-04 15:49:33.000000000 +0200 +@@ -1,18 +1,41 @@ + # HPLIP udev rules file. Notify console user if plugin support is required for this device. + +# SUSE changed: +# -+# ATTRS{idVendor} to ATTR{idVendor} and -+# ATTRS{idProduct} to ATTR{idProduct} -+# because ATTRS search all parents which wastes resources -+# while ATTR is sufficient here, -+# see https://bugzilla.novell.com/show_bug.cgi?id=436085 -+# -+# MODE="660" to MODE="0664" ++# MODE="0660" to MODE="0664" +# because it is sufficiently secure to let any user read the device nodes +# because HPLIP opens the device nodes exclusively so that sniffing -+# of print jobs or scanner image data should not be possible and -+# read permissions for any user is required in particular for USB devices -+# so that any user can see the USB devices when he runs the command "lsusb". ++# of print jobs or scanner image data should not be possible. +# -+# Added ENV{sane_hpaio}="yes" to all entries for USB devices -+# to get the SANE driver "hpaio" automatically activated in any case -+# (only scanners in HP parallel port all-in-one devices are ignored) -+# because not only "AiO products (0x03f0xx11)" can have scanner units -+# but also Photosmart products, inkjet printers, and laser printers -+# (e.g. the LaserJet 1220 03f0:0417 has a scanner unit). -+# An activated SANE driver does not cause continuous system load because -+# it is only run when the user launches a scanning frontend (e.g. xsane) -+# and then all what the driver does is to scan the USB device information -+# to find devices which belong to the driver and if nothing found it exits. -+# Additionally see https://bugzilla.novell.com/show_bug.cgi?id=469721#c9 ++# Exchanged the rule to GOTO hpmud_usb_rules if SUBSYSTEM is "usb" ++# with the rule if SUBSYSTEM is "ppdev" to avoid that the "ppdev" rule ++# is needlessly processed when SUBSYSTEM is "usb". +# -+# Added ENV{libsane_matched}="yes" to all entries for USB devices -+# to get normal user access permissions via udev, see -+# https://bugzilla.novell.com/show_bug.cgi?id=542473#c14 ++# Added rules to skip the hpmud_usb_rules rules via GOTO hpmud_rules_end ++# if SUBSYSTEM is not "usb" or if ENV{DEVTYPE} is not "usb_device" ++# to avoid that the hpmud_usb_rules are needlessly processed. +# -+# Added same rule to disable USB autosuspend -+# as in /etc/udev/rules.d/55-libsane.rules -+# - ++# The rule to automatically "add the printer and install plugin" is disabled ++# because automated installation of non-free proprietary third-party software ++# (here the plugin from HP) should not happen and it can cause whatever kind ++# of strange behaviour see for example https://bugs.launchpad.net/bugs/1197416 ++# while in contrast manual printer setup via hp-setup usually "just works" ++# and it is clear for the user what goes on and in case of failure what went wrong. ++ ACTION!="add", GOTO="hpmud_rules_end" -SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0660" + SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="hpmud_usb_rules" +- +SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664" - SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="hplip_pid_test" - SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" ++SUBSYSTEM!="usb", GOTO="hpmud_rules_end" ++ENV{DEVTYPE}!="usb_device", GOTO="hpmud_rules_end" - LABEL="hplip_pid_test" + LABEL="hpmud_usb_rules" - # Check for AiO products (0x03f0xx11). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??11", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??11", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" + # ENV{ID_HPLIP}="1" is for Ubuntu udev-acl +-ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", OWNER="root", GROUP="lp", MODE="0660", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1" ++ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1" - # Check for Photosmart products without wildcard since cameras and scanners also used (0x03f0xx02). - # The xx02 pid has been retired so this explicit list should not change. - # photosmart_d2300_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c302", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c302", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_100 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3802", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3802", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_1115 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3402", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3402", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_1215 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3202", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3202", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_1218 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3302", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3302", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_130 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3902", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3902", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_1315 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3602", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3602", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_140_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1002", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1002", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_230 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3502", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3502", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_240_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1102", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1102", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_320_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1202", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1202", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_330_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1602", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1602", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_370_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1302", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1302", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_380_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1702", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1702", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_420_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1502", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1502", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_470_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1802", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1802", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7150 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3a02", OWNER="root", GROUP="lp", MODE="660" --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3b02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3a02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3b02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7200_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="b002", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b002", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7345 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2002", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2002", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7350 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3c02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3c02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7400_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="b802", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b802", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7550 --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="3e02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="3e02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7600_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="b202", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b202", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7700_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="b402", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b402", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7800_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c002", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c002", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_7900_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="b602", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="b602", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_8000_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c102", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c102", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_8100_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="ba02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="ba02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_8200_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c202", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c202", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_8400_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="bb02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="bb02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_8700_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="bc02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="bc02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a310_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1d02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1d02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a320_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1e02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1e02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a430_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1902", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1902", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a440_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1f02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1f02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a510_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1a02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1a02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a520_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2602", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2602", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a530_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2b02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2b02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a610_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1b02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1b02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a620_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2702", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2702", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a630_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2c02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2c02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a710_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="1c02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="1c02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_a820_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="2902", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="2902", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_d5060_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c802", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c802", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_d5100_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c402", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c402", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_d6100_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c502", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c502", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_d7100_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c602", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c602", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_d7300_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="c702", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="c702", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_pro_b8300_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="be02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="be02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_b8800_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="d002", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="d002", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # photosmart_pro_b9100_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="bd02", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="bd02", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Photosmart_B8500_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="d102", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="d102", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Photosmart_A640_series --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="7902", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="7902", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Check for Business Inkjet products (0x03f0xx12). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??12", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??12", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Check for Deskjet products (0x03f0xx04). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??04", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??04", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Check for LaserJet products (0x03f0xx17). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??17", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??17", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Check for LaserJet products (0x03f0xx2a). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??2a", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??2a", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" - # Check for DesignJet product (0x03f0xx14). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??14", OWNER="root", GROUP="lp", MODE="660" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??14", OWNER="root", GROUP="lp", MODE="0664", ENV{sane_hpaio}="yes", ENV{libsane_matched}="yes" -+ -+# The following rule will disable USB autosuspend for the device -+ENV{libsane_matched}=="yes", RUN+="/bin/sh -c 'test -e /sys/$env{DEVPATH}/power/level && echo on > /sys/$env{DEVPATH}/power/level'" + # This rule will add the printer and install plugin +-ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi'" ++# ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi'" - # Removed the following rule because FHS states that /etc should be reserved for static files only. This - # functionality should be done in a deb/rpm post install script. 2/11/2009, D Suffield - # -+# SUSE re-enabled it -+# because it is how it works with SANE regardless what FHS think how it should work. -+# Files in /etc/ are config files which can be adapted as needed during runtime. -+# Adapting /etc/sane.d/dll.conf only during package install time is insufficient -+# because a device may be not connected by the admin during package install time -+# but later during runtime by the system's end-user (e.g. on a company workstation). -+# # If sane-bankends is installed add hpaio backend support to dll.conf if needed. --# ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'" -+ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'" + ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'" +@@ -22,3 +45,4 @@ ENV{libsane_matched}=="yes", RUN+="/bin/ + LABEL="hpmud_rules_end" + ---- data/rules/56-hpmud_support.rules.orig 2012-09-04 14:33:13.000000000 +0200 -+++ data/rules/56-hpmud_support.rules 2012-10-04 15:43:36.000000000 +0200 -@@ -1,15 +1,16 @@ - # HPLIP udev rules file. Notify console user if plugin support is required for this device. - --ACTION!="add", GOTO="hpmud_rules_end" --SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="pid_test" --SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" -+ACTION!="add", GOTO="hpmud_support_rules_end" -+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="hpmud_support_pid_test" -+SUBSYSTEM!="usb_device", GOTO="hpmud_support_rules_end" - --LABEL="pid_test" -+LABEL="hpmud_support_pid_test" - - # Check for LaserJet products (0x03f0xx17). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??17", ENV{hp_model}="$attrs{product}", ENV{hp_test}="yes" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??17", ENV{hp_model}="$attrs{product}", ENV{hp_test}="yes" - # Check for LaserJet products (0x03f0xx2a). --ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??2a", ENV{hp_model}="$attrs{product}", ENV{hp_test}="yes" -+ATTR{idVendor}=="03f0", ATTR{idProduct}=="??2a", ENV{hp_model}="$attrs{product}", ENV{hp_test}="yes" - ENV{hp_test}=="yes", RUN+="/bin/sh -c '/usr/bin/hp-mkuri -c &'" - --LABEL="hpmud_rules_end" -+LABEL="hpmud_support_rules_end" -+ ---- data/rules/86-hpmud_plugin.rules.orig 2013-02-13 17:37:21.000000000 +0100 -+++ data/rules/86-hpmud_plugin.rules 2013-02-15 14:54:43.000000000 +0100 -@@ -1,13 +1,13 @@ - # Load hp firmware for this printer. - --ACTION!="add", GOTO="hpmud_rules_end" -+ACTION!="add", GOTO="hpmud_plugin_rules_end" - - #Check and add printer for Suse 10.3 distro - # hp_Marvel_Device (These printer requires the plugin files. installling when device is detected) --SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??17", PROGRAM="/bin/sh -c 'logger -p user.info loading hp_printer_device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m $env{BUSNUM}:$env{DEVNUM} &'" --SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??2a", PROGRAM="/bin/sh -c 'logger -p user.info loading hp_printer_device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m $env{BUSNUM}:$env{DEVNUM}&'" -+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="03f0", ATTR{idProduct}=="??17", PROGRAM="/bin/sh -c 'logger -p user.info loading hp_printer_device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m $env{BUSNUM}:$env{DEVNUM} &'" -+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="03f0", ATTR{idProduct}=="??2a", PROGRAM="/bin/sh -c 'logger -p user.info loading hp_printer_device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m $env{BUSNUM}:$env{DEVNUM}&'" - - #Check and add printer for other distros --SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??17", PROGRAM="/bin/sh -c 'X=%k; X=$${X#usbdev}; B=$${X%%%%.*}; D=$${X#*.}; logger -p user.info loading HP Device $$B $$D; printf %%03i:%%03i $$B $$D'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m %c &'" --SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="??2a", PROGRAM="/bin/sh -c 'X=%k; X=$${X#usbdev}; B=$${X%%%%.*}; D=$${X#*.}; logger -p user.info loading HP Device $$B $$D; printf %%03i:%%03i $$B $$D'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m %c &'" --LABEL="hpmud_rules_end" -+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="03f0", ATTR{idProduct}=="??17", PROGRAM="/bin/sh -c 'X=%k; X=$${X#usbdev}; B=$${X%%%%.*}; D=$${X#*.}; logger -p user.info loading HP Device $$B $$D; printf %%03i:%%03i $$B $$D'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m %c &'" -+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="03f0", ATTR{idProduct}=="??2a", PROGRAM="/bin/sh -c 'X=%k; X=$${X#usbdev}; B=$${X%%%%.*}; D=$${X#*.}; logger -p user.info loading HP Device $$B $$D; printf %%03i:%%03i $$B $$D'", RUN+="/bin/sh -c '/usr/bin/python /usr/share/hplip/check-plugin.py -m %c &'" -+LABEL="hpmud_plugin_rules_end" ---- data/rules/56-hpmud_add_printer.rules.orig 2013-02-13 17:37:21.000000000 +0100 -+++ data/rules/56-hpmud_add_printer.rules 2013-02-15 14:58:58.000000000 +0100 -@@ -1,11 +1,11 @@ - # Load hp firmware for this printer. - --ACTION!="add", GOTO="hpmud_rules_end" -+ACTION!="add", GOTO="hpmud_add_printer_rules_end" - - #Check and add printer for Suse 10.3 distro --SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="????", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} &'" -+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} &'" - - #Check and add printer --SUBSYSTEM=="usb_device", ATTRS{idVendor}=="03f0", ATTRS{idProduct}=="????", PROGRAM="/bin/sh -c 'X=%k; X=$${X#usbdev}; B=$${X%%%%.*}; D=$${X#*.}; logger -p user.info loading HP Device $$B $$D; printf %%03i:%%03i $$B $$D'", RUN+="/bin/sh -c '/usr/bin/hp-config_usb_printer %c &'" -+SUBSYSTEM=="usb_device", ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", PROGRAM="/bin/sh -c 'X=%k; X=$${X#usbdev}; B=$${X%%%%.*}; D=$${X#*.}; logger -p user.info loading HP Device $$B $$D; printf %%03i:%%03i $$B $$D'", RUN+="/bin/sh -c '/usr/bin/hp-config_usb_printer %c &'" - --LABEL="hpmud_rules_end" -+LABEL="hpmud_add_printer_rules_end" diff --git a/deactivate-add_group-function.diff b/deactivate-add_group-function.diff new file mode 100644 index 0000000..44e7bd3 --- /dev/null +++ b/deactivate-add_group-function.diff @@ -0,0 +1,12 @@ +--- base/queues.py.orig 2013-06-21 08:57:55.000000000 +0200 ++++ base/queues.py 2013-07-09 16:05:04.000000000 +0200 +@@ -87,6 +87,9 @@ def check_user_groups(): + + # This function adds the groups ('lp') to user + def add_group(core, mode, passwordObj): ++# Deactivated via "return True" because it causes security issues ++# see https://bugs.launchpad.net/bugs/1197416 ++ return True + result = False + add_user_to_group = core.get_distro_ver_data('add_user_to_group', '') + if add_user_to_group: diff --git a/disable-chgrp_lp.diff b/disable-chgrp_lp.diff index a1ecbcc..21c503b 100644 --- a/disable-chgrp_lp.diff +++ b/disable-chgrp_lp.diff @@ -1,6 +1,6 @@ ---- Makefile.am.orig 2013-02-13 17:38:51.000000000 +0100 -+++ Makefile.am 2013-02-15 15:16:00.000000000 +0100 -@@ -563,24 +563,24 @@ endif +--- Makefile.am.orig 2013-06-21 08:57:55.000000000 +0200 ++++ Makefile.am 2013-06-26 16:09:47.000000000 +0200 +@@ -546,24 +546,24 @@ endif install-dist_hplip_LogDATA: if FULL_BUILD test -z "$(DESTDIR)$(hplip_Logdir)" || mkdir -p $(DESTDIR)$(hplip_Logdir) @@ -20,12 +20,12 @@ test -z "$(DESTDIR)$(hplip_tmpdir)" || mkdir -p $(DESTDIR)$(hplip_tmpdir) - chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir) +# chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir) - chmod 1775 $(DESTDIR)$(hplip_tmpdir) + chmod 0775 $(DESTDIR)$(hplip_tmpdir) endif #FULL_BUILD if HPLIP_BUILD test -z "$(DESTDIR)$(hplip_tmpdir)" || mkdir -p $(DESTDIR)$(hplip_tmpdir) - chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir) +# chgrp "lp" -R $(DESTDIR)$(hplip_tmpdir) - chmod 1775 $(DESTDIR)$(hplip_tmpdir) + chmod 0775 $(DESTDIR)$(hplip_tmpdir) endif #FULL_BUILD diff --git a/hplip-3.13.4.tar.gz b/hplip-3.13.4.tar.gz deleted file mode 100644 index 9a28826..0000000 --- a/hplip-3.13.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1adad3b15578bf81eae93d554f877fea78c734f4b4f2e34606230b2fe62d6956 -size 20680774 diff --git a/hplip-3.13.4.tar.gz.asc b/hplip-3.13.4.tar.gz.asc deleted file mode 100644 index 0085b7b..0000000 --- a/hplip-3.13.4.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAlFilg8ACgkQc9dwzaWQR7mjyQCeOrk6FE3i3zZXxPbL2MrxcbOq -MR4AniFyO5jFPdrtC05y9zMnIbM5nxH/ -=qCIl ------END PGP SIGNATURE----- diff --git a/hplip-3.13.6.tar.gz b/hplip-3.13.6.tar.gz new file mode 100644 index 0000000..19149c4 --- /dev/null +++ b/hplip-3.13.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:86f4fd0accf25ce6d89aa415b3a987e7db410bf529e68b4138f90b1e9055f6c7 +size 20785825 diff --git a/hplip-3.13.6.tar.gz.asc b/hplip-3.13.6.tar.gz.asc new file mode 100644 index 0000000..e5c978f --- /dev/null +++ b/hplip-3.13.6.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAlHD+qQACgkQc9dwzaWQR7nGagCdGytHhhD+LN7raSm2UKSi2VHB +LzIAoOTCb4tS9AU2i5HbVqxgtKgN3yy7 +=XJ4P +-----END PGP SIGNATURE----- diff --git a/hplip.changes b/hplip.changes index 6854731..89aac6c 100644 --- a/hplip.changes +++ b/hplip.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Tue Jul 9 16:18:35 CEST 2013 - jsmeix@suse.de + +- deactivate-add_group-function.diff deactivates the add_group + function that would add the groups ('lp') to user which would + cause security issues see https://bugs.launchpad.net/bugs/1197416 + that would happen in any case via a fallback command in an "else" + clause even if this functionality was explicitly disabled in + distros.dat via neither-add_user_to_group-nor-open_mdns_port.diff +- neither-add_user_to_group-nor-open_mdns_port.diff + deactivates add_user_to_group and open_mdns_port + in distros.dat for SUSE distros to avoid security issues + when normal users get added to system groups 'lp' and 'sys' + see https://bugs.launchpad.net/bugs/1197416 + and https://bugs.launchpad.net/bugs/1112306 and + to avoid security issues when ports in the firewall get opened + see https://bugs.launchpad.net/bugs/426161 +- Adapted change-udev-rules.diff so that it applies to + the HPLIP 3.13.6 sources. +- no-hplip_cron.diff is no longer needed because there is + no longer any "cron" stuff in HPLIP version 3.13.6 +- Version upgrade to 3.13.6: + A few more supported printers and all-in-one devices. + Fix for firmware download during plug and play. + Supported CUPS 1.6 IPP Private Structure changes. + Some other bug fixes. + For details see + http://hplipopensource.com/hplip-web/release_notes.html +- Version upgrade to 3.13.5: + Several more supported printers and all-in-one devices. + Added 56-hpmud.rules and removed 56-hpmud_support, + 86-hpmud_plugin, 56-hpmud_add_printer, 55-hpmud + and 40-hplip rules. + Added hplip-printer@.service to support systemd services + in udev for OpenSUSE 12.3. + Some other bug fixes. + For details see + http://hplipopensource.com/hplip-web/release_notes.html + ------------------------------------------------------------------- Tue Apr 16 12:05:38 CEST 2013 - jsmeix@suse.de diff --git a/hplip.spec b/hplip.spec index ded6342..44c956f 100644 --- a/hplip.spec +++ b/hplip.spec @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: hplip # BuildRequires foomatic-filters to avoid /usr/lib/rpm/brp-symlink ERROR: # link target doesn't exist (neither in build root nor in installed system): @@ -58,15 +59,15 @@ Group: Hardware/Printing # where 'a' or 'b' do not mean 'alpha' or 'beta' but 'second' or 'third' release in the month # (usually bugfix releases have the suffix like 3.12.10a = first bugfix release for 3.12.10). # Official releases have a 3 digit number and release candidates have a 4 digit number: x.y.m.rc -Version: 3.13.4 +Version: 3.13.6 Release: 0 Url: http://hplipopensource.com # Source0...Source9 is for sources from HP: -# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.13.4.tar.gz -# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.13.4.tar.gz.asc +# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.13.6.tar.gz +# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.13.6.tar.gz.asc # How to verify Source0 see: http://hplipopensource.com/node/327 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9 -# /usr/bin/gpg --verify hplip-3.13.4.tar.gz.asc hplip-3.13.4.tar.gz +# /usr/bin/gpg --verify hplip-3.13.6.tar.gz.asc hplip-3.13.6.tar.gz # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) " Source0: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz Source1: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc @@ -99,7 +100,7 @@ Source102: hpijs.1.gz # Source106 hp-systray.wrapper was a wrapper for hp-systray which is no longer needed # see https://bugzilla.novell.com/show_bug.cgi?id=649280 # Patch100... is for special Suse patches: -# Patch101 changes the udev rules files 55-hpmud.rules and 56-hpmud_support.rules: +# Patch101 changes the udev rules file 56-hpmud.rules Patch101: change-udev-rules.diff # Patch102 disable-chgrp_lp.diff deactivates the "chgrp lp" in Makefile.am # because during build this results "Operation not permitted". @@ -108,10 +109,19 @@ Patch101: change-udev-rules.diff # because a public writable directory /var/log/hp/ is not allowed # to avoid security issues: Patch102: disable-chgrp_lp.diff -# Patch103 no-hplip_cron.diff deactivates the "cron" stuff in Makefile.am -# because it lets build fail on SLE11 products (possibly an autoconf issue) -# and we (i.e. SUSE) do not allow to install /etc/cron.daily/hplip_cron -Patch103: no-hplip_cron.diff +# Patch103 was no-hplip_cron.diff that deactivated the "cron" stuff in Makefile.am which +# is no longer needed because there is no longer any "cron" stuff in HPLIP version 3.13.6 +# Patch104 removes add_user_to_group and open_mdns_port.diff from distros.dat for SUSE distros +# to avoid security issues when normal users get added to system groups 'lp' and 'sys' +# see https://bugs.launchpad.net/bugs/1197416 and https://bugs.launchpad.net/bugs/1112306 +# and to avoid security issues when ports in the firewall get opened +# see https://bugs.launchpad.net/bugs/426161 +Patch104: neither-add_user_to_group-nor-open_mdns_port.diff +# Patch105 deactivates the add_group function that would add the groups ('lp') to user +# which would cause security issues see https://bugs.launchpad.net/bugs/1197416 +# that would happen in any case via a fallback command in an "else" clause +# even if this functionality was explicitly disabled in distros.dat +Patch105: deactivate-add_group-function.diff # Install into this non-root directory (required when norootforbuild is used): BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: coreutils @@ -327,7 +337,7 @@ with the scan drivers in HPLIP for standard HP all-in-one printers. # fixes a remote buffer overflow in hpmud/pml.c: %patch12 # Patch101 change-udev-rules.diff -# changes the udev rules files 55-hpmud.rules and 56-hpmud_support.rules: +# changes the udev rules file 56-hpmud.rules %patch101 # Patch102 disable-chgrp_lp.diff deactivates the "chgrp lp" in Makefile.am # because during build this results "Operation not permitted". @@ -336,10 +346,19 @@ with the scan drivers in HPLIP for standard HP all-in-one printers. # because a public writable directory /var/log/hp/ is not allowed # to avoid security issues: %patch102 -# Patch103 no-hplip_cron.diff deactivates the "cron" stuff in Makefile.am -# because it lets build fail on SLE11 products (possibly an autoconf issue) -# and we (i.e. SUSE) do not allow to install /etc/cron.daily/hplip_cron -%patch103 +# Patch104 neither-add_user_to_group-nor-open_mdns_port.diff +# removes add_user_to_group and open_mdns_port.diff from distros.dat for SUSE distros +# to avoid security issues when normal users get added to system groups 'lp' and 'sys' +# see https://bugs.launchpad.net/bugs/1197416 and https://bugs.launchpad.net/bugs/1112306 +# and to avoid security issues when ports in the firewall get opened +# see https://bugs.launchpad.net/bugs/426161 +%patch104 +# Patch105 deactivate-add_group-function.diff +# deactivates the add_group function that would add the groups ('lp') to user +# which would cause security issues see https://bugs.launchpad.net/bugs/1197416 +# that would happen in any case via a fallback command in an "else" clause +# even if this functionality was explicitly disabled in distros.dat +%patch105 %build # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake) @@ -419,18 +438,20 @@ test -d %{buildroot}/var/lib/hp || install -d %{buildroot}/var/lib/hp # see https://bugzilla.novell.com/show_bug.cgi?id=800312 # and https://bugs.launchpad.net/bugs/1016507 install -d %{buildroot}/var/log/hp/tmp -# Provide hplip_cron as /usr/share/doc/packages/hplip/hplip_cron -# see Patch103 no-hplip_cron.diff: -install -m 644 data/rules/hplip_cron %{buildroot}%{_defaultdocdir}/%{name}/ # Remove the installed /etc/sane.d/dll.conf # because this is provided by the sane-backends package: rm %{buildroot}%{_sysconfdir}/sane.d/dll.conf # Remove the installed HAL fdi file because HAL is no longer used (HAL is deprecated): rm %{buildroot}%{_datadir}/hal/fdi/preprobe/10osvendor/20-hplip-devices.fdi -# Remove the outdated "Check and add printer for Suse 10.3 distro" udev rule -# and let the build fail if it does no longer match to notify about the change: -grep 'for Suse 10.3 distro' %{buildroot}%{_sysconfdir}/udev/rules.d/56-hpmud_add_printer.rules || exit 99 -sed -i -e '/for Suse 10.3 distro/,+1 d' %{buildroot}%{_sysconfdir}/udev/rules.d/56-hpmud_add_printer.rules +# Remove the installed hplip-printer@.service file for systemd +# because it would run hp-config_usb_printer - a tool to automatically +# set up HP USB printers and if needed automatically download and install +# non-free proprietary plugin software from HP which should not happen +# and it can cause whatever kind of strange behaviour +# see for example https://bugs.launchpad.net/bugs/1197416 +# while in contrast manual printer setup via hp-setup usually "just works" +# and it is clear for the user what goes on and in case of failure what went wrong. +rm %{buildroot}/usr/lib/systemd/system/hplip-printer@.service # Begin "General tests and adjustments for all PPDs" (see manufacturer-PPDs.spec): pushd %{buildroot}%{_datadir}/cups/model/manufacturer-PPDs/%{name} # Do not pollute the build log file with zillions of meaningless messages: @@ -597,10 +618,7 @@ exit 0 %config %{_sysconfdir}/xdg/autostart/hplip-systray.desktop %dir %{_sysconfdir}/udev %dir %{_sysconfdir}/udev/rules.d -%config %{_sysconfdir}/udev/rules.d/55-hpmud.rules -%config %{_sysconfdir}/udev/rules.d/56-hpmud_add_printer.rules -%config %{_sysconfdir}/udev/rules.d/56-hpmud_support.rules -%config %{_sysconfdir}/udev/rules.d/86-hpmud_plugin.rules +%config %{_sysconfdir}/udev/rules.d/56-hpmud.rules %{_bindir}/hp-align %{_bindir}/hp-check %{_bindir}/hp-clean diff --git a/neither-add_user_to_group-nor-open_mdns_port.diff b/neither-add_user_to_group-nor-open_mdns_port.diff new file mode 100644 index 0000000..2b0633f --- /dev/null +++ b/neither-add_user_to_group-nor-open_mdns_port.diff @@ -0,0 +1,42 @@ +--- installer/distros.dat.orig 2013-06-21 08:54:15.000000000 +0200 ++++ installer/distros.dat 2013-07-04 16:51:55.000000000 +0200 +@@ -141,7 +141,7 @@ parallel_supported=0 + usb_supported=1 + packaged_version=3.11.6 + release_date=2012-07-11 +-notes=Please be sure to disable the CD repositories in YaST and after installation you must log out and back in to become a member of the lp and sys group to enable printing. ++notes=Please be sure to disable the CD repositories in YaST. + ppd_install=drv + udev_mode_fix=1 + ppd_dir=/usr/share/cups/model/HP +@@ -150,8 +150,8 @@ drv_dir=/usr/share/cups/drv/HP + cups_path_with_bitness=0 + ui_toolkit=qt4 + native_cups=1 +-add_user_to_group= -Asys,lp +-open_mdns_port=/bin/bash ./init-suse-firewall ++add_user_to_group= ++open_mdns_port=/bin/true + pre_depend_cmd=su -c "zypper refresh" + + [suse:12.2:cups] +@@ -260,7 +260,7 @@ parallel_supported=0 + usb_supported=1 + packaged_version=3.12.11 + release_date=2013-03-13 +-notes=Please be sure to disable the CD repositories in YaST and after installation you must log out and back in to become a member of the lp and sys group to enable printing. ++notes=Please be sure to disable the CD repositories in YaST. + ppd_install=drv + udev_mode_fix=1 + ppd_dir=/usr/share/cups/model/HP +@@ -269,8 +269,8 @@ drv_dir=/usr/share/cups/drv/HP + cups_path_with_bitness=0 + ui_toolkit=qt4 + native_cups=1 +-add_user_to_group= -a -G sys,lp +-open_mdns_port=/bin/bash ./init-suse-firewall ++add_user_to_group= ++open_mdns_port=/bin/true + pre_depend_cmd=su -c "zypper refresh" + + [suse:12.3:cups] diff --git a/no-hplip_cron.diff b/no-hplip_cron.diff deleted file mode 100644 index 5b54091..0000000 --- a/no-hplip_cron.diff +++ /dev/null @@ -1,42 +0,0 @@ ---- Makefile.am.disable-chgrp_lp.diff.applied 2013-02-15 15:18:08.000000000 +0100 -+++ Makefile.am 2013-02-15 15:21:13.000000000 +0100 -@@ -110,8 +110,8 @@ hp_mkuri_LDADD = -ldl libhpmud.la - hp_mkuri_CFLAGS = -DCONFDIR=\"$(hplip_confdir)\" - - # cron files --crondir = /etc/cron.daily --dist_cron_DATA = data/rules/hplip_cron -+#crondir = /etc/cron.daily -+#dist_cron_DATA = data/rules/hplip_cron - - # hpmud.rules - rulesdir = /etc/udev/rules.d -@@ -584,17 +584,17 @@ if HPLIP_BUILD - chmod 1775 $(DESTDIR)$(hplip_tmpdir) - endif #FULL_BUILD - --install-dist_cronDATA:$(dist_cron_DATA) -- test -z "$(DESTDIR)$(crondir)" || $(MKDIR_P) "$(DESTDIR)$(crondir)"; \ -- list='$(dist_cron_DATA)'; test -n "$(crondir)" || list=; \ -- for p in $$list; do \ -- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ -- echo "$$d$$p"; \ -- done | $(am__base_list) | \ -- while read files; do \ -- echo " $(INSTALL) -m755 $$files '$(DESTDIR)$(crondir)'"; \ -- $(INSTALL) -m755 $$files "$(DESTDIR)$(crondir)" || exit $$?; \ -- done -+#install-dist_cronDATA:$(dist_cron_DATA) -+# test -z "$(DESTDIR)$(crondir)" || $(MKDIR_P) "$(DESTDIR)$(crondir)"; \ -+# list='$(dist_cron_DATA)'; test -n "$(crondir)" || list=; \ -+# for p in $$list; do \ -+# if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ -+# echo "$$d$$p"; \ -+# done | $(am__base_list) | \ -+# while read files; do \ -+# echo " $(INSTALL) -m755 $$files '$(DESTDIR)$(crondir)'"; \ -+# $(INSTALL) -m755 $$files "$(DESTDIR)$(crondir)" || exit $$?; \ -+# done - - install-data-hook: - if HPLIP_BUILD