Accepting request 338995 from Printing

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/338995
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hplip?expand=0&rev=102

hplip-3.15.6.CVE-2015-0839.patch

@@ -1,21 +0,0 @@
-From: Andreas Stieger <astieger@suse.com>
-Date: Fri, 19 Jun 2015 13:26:52 +0200
-Subject: [PATCH] use 0xlong key ID
-Upstream: via package maintainer
-References: https://bugzilla.suse.com/show_bug.cgi?id=933191 CVE-2015-0839
-
-Use 0xlong key ID, short of shipping the key or full fingerprint.
-
-Index: hplip-3.15.6/base/validation.py
-===================================================================
---- hplip-3.15.6.orig/base/validation.py
-+++ hplip-3.15.6/base/validation.py
-@@ -42,7 +42,7 @@ class DigiSign_Verification(object):
- 
- 
- class GPG_Verification(DigiSign_Verification):
--    def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9):
-+    def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9):
-         self.__pgp_site = pgp_site
-         self.__key = key
-         self.__gpg = utils.which('gpg',True)

hplip-3.15.6.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:30c513ee65aa5b342d8074ff89439c0827c35191683727335738d8bc0f9776c9
-size 21956752

hplip-3.15.6.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAlV0nCUACgkQc9dwzaWQR7l9EQCgokW2aC+oyEJx2IbcQ0MHzZFB
-HZYAn2A+7AtDc6KuGCoe5THtlaVb2oUY
-=OTvD
------END PGP SIGNATURE-----

hplip-3.15.9.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a1f58fe8707373c193728a7fd826523e99c30e3ca7f660faa75531acdff89d6d
+size 22027325

hplip-3.15.9.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAlX2z8EACgkQc9dwzaWQR7mrjQCg1MPmG47ae3zvUk/N9ttQNAsq
+ZH4AoOa9lePyg+gH5dvMf//5Pv9IDRRN
+=7lGg
+-----END PGP SIGNATURE-----

hplip.changes

@@ -1,3 +1,70 @@
+-------------------------------------------------------------------
+Wed Oct  7 15:59:10 CEST 2015 - jsmeix@suse.de
+
+- Dropped support for the outdated foomatic-rip-hplip via
+  a symbolic link from /usr/lib/cups/filter/foomatic-rip-hplip
+  to /usr/bin/foomatic-rip for foomatic-filters or to
+  /usr/lib/cups/filter/foomatic-rip for cups-filters-foomatic-rip
+  so that "BuildRequires cups-filters-foomatic-rip" can be dropped
+  (cf. the entry dated "Thu Sep 18 10:31:14 CEST 2014" below)
+  which makes it "just build" again if suse_version > 1310 without
+  the need for more and more oversophisticated hacks.
+
+-------------------------------------------------------------------
+Tue Oct  6 14:20:10 CEST 2015 - jsmeix@suse.de
+
+- Version upgrade to 3.15.9:
+  Added Support for the Following New Printers:
+    HP DeskJet Ink Advantage 2136 All-in_One Printer
+    HP DeskJet Ink Advantage 3836 All-in_One
+    HP Deskjet 2545 All-in-One Printer
+    HP ENVY 4510 All-in-One Printer series
+    HP ENVY 4512 All-in-One Printer
+    HP ENVY 4516 All-in-One Printer
+    HP ENVY 4520 All-in-One Printer series
+    HP ENVY 4520 All-in-One Printer
+    HP ENVY 4522 All-in-One Printer
+    HP Envy 5540 All-in-One Printer series
+    HP Envy 5540 All-in-One Printer
+    HP Envy 5545 All-in-One Printer
+    HP OfficeJet 4650 All-in-One Printer series
+    HP OfficeJet 4650 All-in-One Printer
+    HP OfficeJet 4652 All-in-One Printer
+    HP OfficeJet 4655 All-in-One Printer
+    HP OfficeJet 6820 e-All-in-One  Printer
+  Some bug fixes - in particular:
+    Fixed hplip plugin failure with hplip-3.15.7.
+  For details see
+  http://hplipopensource.com/hplip-web/release_notes.html
+- Version upgrade to 3.15.7:
+  Added Support for the Following New Printers:
+    HP Deskjet 1110 Printer
+    HP Deskjet 1111 Printer
+    HP Deskjet 1112 Printer
+    HP DeskJet 2131 All-in-One Printer
+    HP Deskjet Ink Advantage 1110 Printer
+    HP Deskjet Ink Advantage 1115 Printer
+    HP Deskjet Ink Advantage 1118 Printer
+    HP DeskJet Ink Advantage 2130 All-in_One Printer
+    HP DeskJet Ink Advantage 2135 All-in_One Printer
+    HP DeskJet Ink Advantage 2138 All-in_One Printer
+    HP DeskJet Ink Advantage 3630 All-in-One Printer
+    HP DeskJet Ink Advantage 3635 All-in-One Printer
+    HP DeskJet Ink Advantage 3636 All-in-One Printer
+    HP DeskJet Ink Advantage 3638 All-in-One Printer
+    HP DeskJet Ink Advantage 3830 All-in-One Printer
+    HP DeskJet Ink Advantage 3835 All-in-One Printer
+    HP OfficeJet 3830 All-in-One Printer
+    HP OfficeJet 3832 All-in-One Printer
+    HP OfficeJet 3834 All-in-One Printer
+    HP Officejet 7510 Wide Format e-All-in-One Printer
+  Some bug fixes - in particular:
+    Fixed insecure binary driver verification (CVE-2015-0839).
+  For details see
+  http://hplipopensource.com/hplip-web/release_notes.html
+- hplip-3.15.6.CVE-2015-0839.patch is obsolete since
+  version 3.15.7 because it is fixed in the source.
+
 -------------------------------------------------------------------
 Wed Jun 24 11:48:49 CEST 2015 - jsmeix@suse.de
 

hplip.spec

@@ -17,64 +17,34 @@
 
 
 Name:           hplip
-Version:        3.15.6
+Version:        3.15.9
 Release:        0
 Summary:        HP's Printing, Scanning, and Faxing Software
 License:        BSD-3-Clause and GPL-2.0+ and MIT
 Group:          Hardware/Printing
 Url:            http://hplipopensource.com
 # Source0...Source9 is for sources from HP:
-# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz
+# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz
-# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz.asc
+# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.9.tar.gz.asc
 # How to verify Source0 see: http://hplipopensource.com/node/327
 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9
-#              /usr/bin/gpg --verify hplip-3.15.6.tar.gz.asc hplip-3.15.6.tar.gz
+#              /usr/bin/gpg --verify hplip-3.15.9.tar.gz.asc hplip-3.15.9.tar.gz
 # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>"
 Source0:        http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz
 Source1:        http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc
 Source2:        hplip.keyring
 # Patch0...Patch9 is for patches from HP:
 # Patch10...Patch99 is for Suse patches for the sources from HP:
-# Patch10 fix-uninitialized-variables.diff is obsolete since version 3.13.9 because it is fixed in the source.
-# Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source.
-# Patch12 hplip-3.9.8-CVE-2010-4267.patch fixeed a remote buffer overflow in hpmud/pml.c which
-# is no longer needed because it is fixed in the upstream sources in HPLIP version 3.13.7
 # Source100... is for special SUSE sources:
-# Source100 is obsolete as upstream provides .desktop files now
-# It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip':
-# Source100:      hplip.desktop
-# Source101 hp-toolbox.wrapper was a wrapper for hp-toolbox which is no longer needed
-# see https://bugzilla.novell.com/show_bug.cgi?id=755820
 # Source102 is a small man page for /usr/bin/hpijs:
 Source102:      hpijs.1.gz
-# Source103 was the init script for hpssd which is obsolete since version 2.8.4.
-# Source104 was a script which outputs a global HAL fdi file which is obsolete
-# since openSUSE 11.2 where HAL is no longer used to manage ACLs,
-# see https://bugzilla.novell.com/show_bug.cgi?id=542473#c13
-# Source105 hplip.SuSEfirewall2 provides support
-# to open UDP ports 5353(mdns) and 427(svrloc) for mDNS support
-# according to the init-suse-firewall in the tar ball
-# (compare also Novell/Suse Bugzilla bnc#498429)
-# hplip.SuSEfirewall2 is no longer provided
-# see https://bugzilla.novell.com/show_bug.cgi?id=757354#c10
-# Source106 hp-systray.wrapper was a wrapper for hp-systray which is no longer needed
-# see https://bugzilla.novell.com/show_bug.cgi?id=649280
 # Patch100... is for special Suse patches:
 # Patch101 change-udev-rules.diff changes the udev rules file 56-hpmud.rules
 Patch101:       change-udev-rules.diff
-# Patch102 was disable-chgrp_lp.diff that deactivated the "chgrp lp" in Makefile.am
-# because during build this results "Operation not permitted" which
-# is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
-# Patch103 was no-hplip_cron.diff that deactivated the "cron" stuff in Makefile.am which
-# is no longer needed because there is no longer any "cron" stuff in HPLIP version 3.13.6
 # Patch104 do_not_open_mdns_port.diff deactivates the open_mdns_port functionality
 # in distros.dat for SUSE distros to avoid security issues when ports in the firewall
 # get opened. see https://bugs.launchpad.net/bugs/426161
 Patch104:       do_not_open_mdns_port.diff
-# Patch105 was deactivate-add_group-function.diff that deactivated
-# the add_group function that would add the groups ('lp') to user which
-# would cause security issues see https://bugs.launchpad.net/bugs/1197416
-# which is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
 # Patch106 disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons,
 # see https://bugzilla.novell.com/show_bug.cgi?id=853405
 # To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used.
@@ -84,9 +54,6 @@ Patch107:       hplip-udev-rules-in-usr.patch
 # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>'
 # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590
 Patch108:       add_missing_includes_and_define_GNU_SOURCE.patch
-# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID)
-# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516):
-Patch109:       hplip-3.15.6.CVE-2015-0839.patch
 # HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version:
 # It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc)
 # that are defined only in libcups.so version > 1.5. For backward compatibility
@@ -220,24 +187,6 @@ Provides:       hplip3 = 3.9.5
 Obsoletes:      hplip3 < 3.9.5
 # Install into this non-root directory (required when norootforbuild is used):
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-# BuildRequires foomatic-filters (also provided by cups-filters-foomatic-rip)
-# to avoid /usr/lib/rpm/brp-symlink ERROR:
-#   link target doesn't exist (neither in build root nor in installed system):
-#   /usr/lib/cups/filter/foomatic-rip-hplip -> /usr/bin/foomatic-rip (for foomatic-filters) or
-#   /usr/lib/cups/filter/foomatic-rip-hplip -> /usr/lib/cups/filter/foomatic-rip (for cups-filters-foomatic-rip)
-# From openSUSE 13.2 on explicitly "BuildRequires cups-filters-foomatic-rip"
-# to avoid that foomatic-filters is used for build in the "Printing" development project
-# (in "Printing" foomatic-filters exists intentionally also for openSUSE_13.2 and openSUSE_Factory)
-# which would not match what is used for build in openSUSE:13.2 or openSUSE:Factory
-# (in openSUSE:13.2 or openSUSE:Factory foomatic-filters is intentionally dropped).
-# Using the matching package for build results that the backward compatibility link
-# /usr/lib/cups/filter/foomatic-rip-hplip (see the install section below)
-# points to a foomatic-rip executable that is used by default on the runtime system.
-%if 0%{?suse_version} > 1310
-BuildRequires:  cups-filters-foomatic-rip
-%else
-BuildRequires:  foomatic-filters
-%endif
 
 %description
 The Hewlett-Packard Linux Imaging and Printing project (HPLIP) provides
@@ -403,9 +352,6 @@ This sub-package is only required by developers.
 # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>'
 # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590
 %patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig
-# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID)
-# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516):
-%patch109 -p1 -b .CVE-2015-0839.orig
 
 %build
 # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake)
@@ -417,9 +363,6 @@ export CFLAGS="%{optflags}"
 export CXXFLAGS="%{optflags} -fno-strict-aliasing"
 # --disable-pp-build disables parallel port build because parallel port support is deprecated by upstream HPLIP
 # and by upstream in general cf. "Parallel port printers" at https://en.opensuse.org/SDB:Installing_a_Printer
-# Static "hpijs" PPD files via enable-foomatic-ppd-install
-# require foomatic-rip-hplip via their cupsFilter entries
-# so that enable-foomatic-rip-hplip-install is also needed.
 # Since version 3.9.6 the default printer driver install changed from hpijs to hpcups.
 # According to http://hplipopensource.com/hplip-web/release_notes.html
 # all drv installs require CUPSDDK 1.2.3 or higher.
@@ -434,7 +377,6 @@ export CXXFLAGS="%{optflags} -fno-strict-aliasing"
 # --enable-hpijs-install enable hpijs install (default=no)
 # --disable-foomatic-drv-install enable foomatic dynamic ppd install (default=no), uses drvdir and hpppddir
 # --enable-foomatic-ppd-install enable foomatic static ppd install (default=no), uses hpppddir
-# --enable-foomatic-rip-hplip-install enable foomatic-rip-hplip install (default=no), uses cupsfilterdir
 # Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451) plus a leftover in CVE-2004-0801 (bnc#59233)
 # which are fixed up to openSUSE 11.4 with patches, after openSUSE 11.4 (i.e. since openSUSE 12.1)
 # foomatic-rip-hplip is no longer installed and foomatic-rip from
@@ -612,21 +554,6 @@ echo "End of general tests and adjustments for all PPDs."
 set -x
 # End of "General tests and adjustments for all PPDs":
 popd
-# Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451)
-# plus a leftover in CVE-2004-0801 (bnc#59233)
-# foomatic-rip-hplip is no longer installed and foomatic-rip
-# from foomatic-filters or cups-filters-foomatic-rip must be used instead.
-# To be backward compatible with PPDs in /etc/cups/ppd/ for existing print queues
-# a compatibility link /usr/lib/cups/filter/foomatic-rip-hplip is installed
-# which points to the actual foomatic-rip executable.
-# In foomatic-filters foomatic-rip is installed as /usr/bin/foomatic-rip but
-# in cups-filters-foomatic-rip it is installed as /usr/lib/cups/filter/foomatic-rip:
-if test -e %{_libexecdir}/cups/filter/foomatic-rip
-then ln -s foomatic-rip %{buildroot}%{_libexecdir}/cups/filter/foomatic-rip-hplip
-else if test -e %{_bindir}/foomatic-rip
-     then ln -s ../../../bin/foomatic-rip %{buildroot}%{_libexecdir}/cups/filter/foomatic-rip-hplip
-     fi
-fi
 # Replace the invalid Desktop categories
 %suse_update_desktop_file -r %{buildroot}%{_datadir}/applications/hplip.desktop System HardwareSettings
 # Let suse_update_desktop_file add X-SuSE-translate key to /etc/xdg/autostart/hplip-systray.desktop
@@ -788,7 +715,6 @@ exit 0
 %dir %{_libexecdir}/cups/backend
 %{_libexecdir}/cups/backend/hp
 %dir %{_libexecdir}/cups/filter
-%{_libexecdir}/cups/filter/foomatic-rip-hplip
 %{_libexecdir}/cups/filter/hpcups
 %{_libexecdir}/cups/filter/hpcupsfax
 %{_libexecdir}/cups/filter/pstotiff