diff --git a/hplip-3.15.6.CVE-2015-0839.patch b/hplip-3.15.6.CVE-2015-0839.patch deleted file mode 100644 index 537969e..0000000 --- a/hplip-3.15.6.CVE-2015-0839.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Andreas Stieger -Date: Fri, 19 Jun 2015 13:26:52 +0200 -Subject: [PATCH] use 0xlong key ID -Upstream: via package maintainer -References: https://bugzilla.suse.com/show_bug.cgi?id=933191 CVE-2015-0839 - -Use 0xlong key ID, short of shipping the key or full fingerprint. - -Index: hplip-3.15.6/base/validation.py -=================================================================== ---- hplip-3.15.6.orig/base/validation.py -+++ hplip-3.15.6/base/validation.py -@@ -42,7 +42,7 @@ class DigiSign_Verification(object): - - - class GPG_Verification(DigiSign_Verification): -- def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9): -+ def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9): - self.__pgp_site = pgp_site - self.__key = key - self.__gpg = utils.which('gpg',True) diff --git a/hplip-3.15.6.tar.gz b/hplip-3.15.6.tar.gz deleted file mode 100644 index fcb7cdd..0000000 --- a/hplip-3.15.6.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:30c513ee65aa5b342d8074ff89439c0827c35191683727335738d8bc0f9776c9 -size 21956752 diff --git a/hplip-3.15.6.tar.gz.asc b/hplip-3.15.6.tar.gz.asc deleted file mode 100644 index ba5828b..0000000 --- a/hplip-3.15.6.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAlV0nCUACgkQc9dwzaWQR7l9EQCgokW2aC+oyEJx2IbcQ0MHzZFB -HZYAn2A+7AtDc6KuGCoe5THtlaVb2oUY -=OTvD ------END PGP SIGNATURE----- diff --git a/hplip-3.15.9.tar.gz b/hplip-3.15.9.tar.gz new file mode 100644 index 0000000..06c8477 --- /dev/null +++ b/hplip-3.15.9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a1f58fe8707373c193728a7fd826523e99c30e3ca7f660faa75531acdff89d6d +size 22027325 diff --git a/hplip-3.15.9.tar.gz.asc b/hplip-3.15.9.tar.gz.asc new file mode 100644 index 0000000..38624ea --- /dev/null +++ b/hplip-3.15.9.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAlX2z8EACgkQc9dwzaWQR7mrjQCg1MPmG47ae3zvUk/N9ttQNAsq +ZH4AoOa9lePyg+gH5dvMf//5Pv9IDRRN +=7lGg +-----END PGP SIGNATURE----- diff --git a/hplip.changes b/hplip.changes index 15e620c..52ea774 100644 --- a/hplip.changes +++ b/hplip.changes @@ -1,3 +1,70 @@ +------------------------------------------------------------------- +Wed Oct 7 15:59:10 CEST 2015 - jsmeix@suse.de + +- Dropped support for the outdated foomatic-rip-hplip via + a symbolic link from /usr/lib/cups/filter/foomatic-rip-hplip + to /usr/bin/foomatic-rip for foomatic-filters or to + /usr/lib/cups/filter/foomatic-rip for cups-filters-foomatic-rip + so that "BuildRequires cups-filters-foomatic-rip" can be dropped + (cf. the entry dated "Thu Sep 18 10:31:14 CEST 2014" below) + which makes it "just build" again if suse_version > 1310 without + the need for more and more oversophisticated hacks. + +------------------------------------------------------------------- +Tue Oct 6 14:20:10 CEST 2015 - jsmeix@suse.de + +- Version upgrade to 3.15.9: + Added Support for the Following New Printers: + HP DeskJet Ink Advantage 2136 All-in_One Printer + HP DeskJet Ink Advantage 3836 All-in_One + HP Deskjet 2545 All-in-One Printer + HP ENVY 4510 All-in-One Printer series + HP ENVY 4512 All-in-One Printer + HP ENVY 4516 All-in-One Printer + HP ENVY 4520 All-in-One Printer series + HP ENVY 4520 All-in-One Printer + HP ENVY 4522 All-in-One Printer + HP Envy 5540 All-in-One Printer series + HP Envy 5540 All-in-One Printer + HP Envy 5545 All-in-One Printer + HP OfficeJet 4650 All-in-One Printer series + HP OfficeJet 4650 All-in-One Printer + HP OfficeJet 4652 All-in-One Printer + HP OfficeJet 4655 All-in-One Printer + HP OfficeJet 6820 e-All-in-One Printer + Some bug fixes - in particular: + Fixed hplip plugin failure with hplip-3.15.7. + For details see + http://hplipopensource.com/hplip-web/release_notes.html +- Version upgrade to 3.15.7: + Added Support for the Following New Printers: + HP Deskjet 1110 Printer + HP Deskjet 1111 Printer + HP Deskjet 1112 Printer + HP DeskJet 2131 All-in-One Printer + HP Deskjet Ink Advantage 1110 Printer + HP Deskjet Ink Advantage 1115 Printer + HP Deskjet Ink Advantage 1118 Printer + HP DeskJet Ink Advantage 2130 All-in_One Printer + HP DeskJet Ink Advantage 2135 All-in_One Printer + HP DeskJet Ink Advantage 2138 All-in_One Printer + HP DeskJet Ink Advantage 3630 All-in-One Printer + HP DeskJet Ink Advantage 3635 All-in-One Printer + HP DeskJet Ink Advantage 3636 All-in-One Printer + HP DeskJet Ink Advantage 3638 All-in-One Printer + HP DeskJet Ink Advantage 3830 All-in-One Printer + HP DeskJet Ink Advantage 3835 All-in-One Printer + HP OfficeJet 3830 All-in-One Printer + HP OfficeJet 3832 All-in-One Printer + HP OfficeJet 3834 All-in-One Printer + HP Officejet 7510 Wide Format e-All-in-One Printer + Some bug fixes - in particular: + Fixed insecure binary driver verification (CVE-2015-0839). + For details see + http://hplipopensource.com/hplip-web/release_notes.html +- hplip-3.15.6.CVE-2015-0839.patch is obsolete since + version 3.15.7 because it is fixed in the source. + ------------------------------------------------------------------- Wed Jun 24 11:48:49 CEST 2015 - jsmeix@suse.de diff --git a/hplip.spec b/hplip.spec index 40b2c70..23b5f87 100644 --- a/hplip.spec +++ b/hplip.spec @@ -17,64 +17,34 @@ Name: hplip -Version: 3.15.6 +Version: 3.15.9 Release: 0 Summary: HP's Printing, Scanning, and Faxing Software License: BSD-3-Clause and GPL-2.0+ and MIT Group: Hardware/Printing Url: http://hplipopensource.com # Source0...Source9 is for sources from HP: -# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz -# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz.asc +# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz +# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz.asc # How to verify Source0 see: http://hplipopensource.com/node/327 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9 -# /usr/bin/gpg --verify hplip-3.15.6.tar.gz.asc hplip-3.15.6.tar.gz +# /usr/bin/gpg --verify hplip-3.15.9.tar.gz.asc hplip-3.15.9.tar.gz # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) " Source0: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz Source1: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc Source2: hplip.keyring # Patch0...Patch9 is for patches from HP: # Patch10...Patch99 is for Suse patches for the sources from HP: -# Patch10 fix-uninitialized-variables.diff is obsolete since version 3.13.9 because it is fixed in the source. -# Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source. -# Patch12 hplip-3.9.8-CVE-2010-4267.patch fixeed a remote buffer overflow in hpmud/pml.c which -# is no longer needed because it is fixed in the upstream sources in HPLIP version 3.13.7 # Source100... is for special SUSE sources: -# Source100 is obsolete as upstream provides .desktop files now -# It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip': -# Source100: hplip.desktop -# Source101 hp-toolbox.wrapper was a wrapper for hp-toolbox which is no longer needed -# see https://bugzilla.novell.com/show_bug.cgi?id=755820 # Source102 is a small man page for /usr/bin/hpijs: Source102: hpijs.1.gz -# Source103 was the init script for hpssd which is obsolete since version 2.8.4. -# Source104 was a script which outputs a global HAL fdi file which is obsolete -# since openSUSE 11.2 where HAL is no longer used to manage ACLs, -# see https://bugzilla.novell.com/show_bug.cgi?id=542473#c13 -# Source105 hplip.SuSEfirewall2 provides support -# to open UDP ports 5353(mdns) and 427(svrloc) for mDNS support -# according to the init-suse-firewall in the tar ball -# (compare also Novell/Suse Bugzilla bnc#498429) -# hplip.SuSEfirewall2 is no longer provided -# see https://bugzilla.novell.com/show_bug.cgi?id=757354#c10 -# Source106 hp-systray.wrapper was a wrapper for hp-systray which is no longer needed -# see https://bugzilla.novell.com/show_bug.cgi?id=649280 # Patch100... is for special Suse patches: # Patch101 change-udev-rules.diff changes the udev rules file 56-hpmud.rules Patch101: change-udev-rules.diff -# Patch102 was disable-chgrp_lp.diff that deactivated the "chgrp lp" in Makefile.am -# because during build this results "Operation not permitted" which -# is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10. -# Patch103 was no-hplip_cron.diff that deactivated the "cron" stuff in Makefile.am which -# is no longer needed because there is no longer any "cron" stuff in HPLIP version 3.13.6 # Patch104 do_not_open_mdns_port.diff deactivates the open_mdns_port functionality # in distros.dat for SUSE distros to avoid security issues when ports in the firewall # get opened. see https://bugs.launchpad.net/bugs/426161 Patch104: do_not_open_mdns_port.diff -# Patch105 was deactivate-add_group-function.diff that deactivated -# the add_group function that would add the groups ('lp') to user which -# would cause security issues see https://bugs.launchpad.net/bugs/1197416 -# which is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10. # Patch106 disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons, # see https://bugzilla.novell.com/show_bug.cgi?id=853405 # To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used. @@ -84,9 +54,6 @@ Patch107: hplip-udev-rules-in-usr.patch # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 Patch108: add_missing_includes_and_define_GNU_SOURCE.patch -# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID) -# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516): -Patch109: hplip-3.15.6.CVE-2015-0839.patch # HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version: # It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc) # that are defined only in libcups.so version > 1.5. For backward compatibility @@ -220,24 +187,6 @@ Provides: hplip3 = 3.9.5 Obsoletes: hplip3 < 3.9.5 # Install into this non-root directory (required when norootforbuild is used): BuildRoot: %{_tmppath}/%{name}-%{version}-build -# BuildRequires foomatic-filters (also provided by cups-filters-foomatic-rip) -# to avoid /usr/lib/rpm/brp-symlink ERROR: -# link target doesn't exist (neither in build root nor in installed system): -# /usr/lib/cups/filter/foomatic-rip-hplip -> /usr/bin/foomatic-rip (for foomatic-filters) or -# /usr/lib/cups/filter/foomatic-rip-hplip -> /usr/lib/cups/filter/foomatic-rip (for cups-filters-foomatic-rip) -# From openSUSE 13.2 on explicitly "BuildRequires cups-filters-foomatic-rip" -# to avoid that foomatic-filters is used for build in the "Printing" development project -# (in "Printing" foomatic-filters exists intentionally also for openSUSE_13.2 and openSUSE_Factory) -# which would not match what is used for build in openSUSE:13.2 or openSUSE:Factory -# (in openSUSE:13.2 or openSUSE:Factory foomatic-filters is intentionally dropped). -# Using the matching package for build results that the backward compatibility link -# /usr/lib/cups/filter/foomatic-rip-hplip (see the install section below) -# points to a foomatic-rip executable that is used by default on the runtime system. -%if 0%{?suse_version} > 1310 -BuildRequires: cups-filters-foomatic-rip -%else -BuildRequires: foomatic-filters -%endif %description The Hewlett-Packard Linux Imaging and Printing project (HPLIP) provides @@ -403,9 +352,6 @@ This sub-package is only required by developers. # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 %patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig -# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID) -# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516): -%patch109 -p1 -b .CVE-2015-0839.orig %build # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake) @@ -417,9 +363,6 @@ export CFLAGS="%{optflags}" export CXXFLAGS="%{optflags} -fno-strict-aliasing" # --disable-pp-build disables parallel port build because parallel port support is deprecated by upstream HPLIP # and by upstream in general cf. "Parallel port printers" at https://en.opensuse.org/SDB:Installing_a_Printer -# Static "hpijs" PPD files via enable-foomatic-ppd-install -# require foomatic-rip-hplip via their cupsFilter entries -# so that enable-foomatic-rip-hplip-install is also needed. # Since version 3.9.6 the default printer driver install changed from hpijs to hpcups. # According to http://hplipopensource.com/hplip-web/release_notes.html # all drv installs require CUPSDDK 1.2.3 or higher. @@ -434,7 +377,6 @@ export CXXFLAGS="%{optflags} -fno-strict-aliasing" # --enable-hpijs-install enable hpijs install (default=no) # --disable-foomatic-drv-install enable foomatic dynamic ppd install (default=no), uses drvdir and hpppddir # --enable-foomatic-ppd-install enable foomatic static ppd install (default=no), uses hpppddir -# --enable-foomatic-rip-hplip-install enable foomatic-rip-hplip install (default=no), uses cupsfilterdir # Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451) plus a leftover in CVE-2004-0801 (bnc#59233) # which are fixed up to openSUSE 11.4 with patches, after openSUSE 11.4 (i.e. since openSUSE 12.1) # foomatic-rip-hplip is no longer installed and foomatic-rip from @@ -612,21 +554,6 @@ echo "End of general tests and adjustments for all PPDs." set -x # End of "General tests and adjustments for all PPDs": popd -# Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451) -# plus a leftover in CVE-2004-0801 (bnc#59233) -# foomatic-rip-hplip is no longer installed and foomatic-rip -# from foomatic-filters or cups-filters-foomatic-rip must be used instead. -# To be backward compatible with PPDs in /etc/cups/ppd/ for existing print queues -# a compatibility link /usr/lib/cups/filter/foomatic-rip-hplip is installed -# which points to the actual foomatic-rip executable. -# In foomatic-filters foomatic-rip is installed as /usr/bin/foomatic-rip but -# in cups-filters-foomatic-rip it is installed as /usr/lib/cups/filter/foomatic-rip: -if test -e %{_libexecdir}/cups/filter/foomatic-rip -then ln -s foomatic-rip %{buildroot}%{_libexecdir}/cups/filter/foomatic-rip-hplip -else if test -e %{_bindir}/foomatic-rip - then ln -s ../../../bin/foomatic-rip %{buildroot}%{_libexecdir}/cups/filter/foomatic-rip-hplip - fi -fi # Replace the invalid Desktop categories %suse_update_desktop_file -r %{buildroot}%{_datadir}/applications/hplip.desktop System HardwareSettings # Let suse_update_desktop_file add X-SuSE-translate key to /etc/xdg/autostart/hplip-systray.desktop @@ -788,7 +715,6 @@ exit 0 %dir %{_libexecdir}/cups/backend %{_libexecdir}/cups/backend/hp %dir %{_libexecdir}/cups/filter -%{_libexecdir}/cups/filter/foomatic-rip-hplip %{_libexecdir}/cups/filter/hpcups %{_libexecdir}/cups/filter/hpcupsfax %{_libexecdir}/cups/filter/pstotiff