Accepting request 209405 from Printing

disabled hp-upgrade/upgrade.py for security reasons (bnc#853405) (forwarded request 209404 from jsmeix) OBS-URL: https://build.opensuse.org/request/show/209405 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hplip?expand=0&rev=90
2013-12-06 10:45:53 +00:00 · 2013-12-06 10:45:53 +00:00 · f487728d1a
commit f487728d1a
parent 7ec9b6f01e 1b405163fe
8 changed files with 110 additions and 37 deletions
--- a/disable_hp-upgrade.patch
+++ b/disable_hp-upgrade.patch
@ -0,0 +1,14 @@
 --- upgrade.py.orig	2013-10-31 12:46:54.000000000 +0100
 +++ upgrade.py	2013-12-04 14:58:03.000000000 +0100
@@ -134,6 +134,11 @@ except getopt.GetoptError, e:
 if os.getenv("HPLIP_DEBUG"):
     log.set_level('debug')
 +
 +log.error("HPLIP upgrade is disabled by openSUSE for security reasons, see https://bugzilla.novell.com/show_bug.cgi?id=853405 - if you like to upgrade HPLIP, use an openSUSE software package manager like YaST or zypper.")
 +clean_exit(1)
 +
 +
 for o, a in opts:
     if o in ('-h', '--help'):
         usage()
--- a/hplip-3.13.10.tar.gz
+++ b/hplip-3.13.10.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:a8122cd824398ac6374154f86152e24fdf5c0100b5c1d6518e853308362e627d
 size 20951136
--- a/hplip-3.13.10.tar.gz.asc
+++ b/hplip-3.13.10.tar.gz.asc
@ -1,7 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iEYEABECAAYFAlJXyTYACgkQc9dwzaWQR7lU3gCfUPYc+L4OhHfT6FyDR+p6Cc3f
 nTQAoKVRl9zN6A2FEfuevhyXKvbvxS5X
 =rBTR
 -----END PGP SIGNATURE-----
--- a/hplip-3.13.11.tar.gz
+++ b/hplip-3.13.11.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:1ea0ed020ab54e08620fe6ea7c30e93dbb8be505f2e6994e7222a7be63ca3b34
 size 21104424
--- a/hplip-3.13.11.tar.gz.asc
+++ b/hplip-3.13.11.tar.gz.asc
@ -0,0 +1,7 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iEYEABECAAYFAlJyRPYACgkQc9dwzaWQR7k5dQCgsaBp0n2Yw+U4f+idkFfxmrEk
 FycAoOgf1EFe+P3pmL+yy7w+aY9INQYk
 =puTl
 -----END PGP SIGNATURE-----
--- a/hplip.changes
+++ b/hplip.changes
@ -1,3 +1,41 @@
 -------------------------------------------------------------------
 Wed Dec  4 14:25:51 CET 2013 - jsmeix@suse.de
 - disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for
  security reasons (bnc#853405). To upgrade HPLIP an openSUSE
  software package manager like YaST or zypper should be used.
 -------------------------------------------------------------------
 Tue Nov 26 19:33:01 UTC 2013 - mailaender@opensuse.org
 - Version upgrade to 3.13.11:
  Added Support for the Following New Printers:
    HP Color LaserJet Pro MPF M176 series
    HP Color LaserJet Pro MPF M176n
    HP Color LaserJet Pro MPF M177 series
    HP Color LaserJet Pro MPF M177fw
    HP Color LaserJet Enterprise M750 Printer series
    HP Color LaserJet Enterprise M750n
    HP Color LaserJet Enterprise M750dn
    HP Color LaserJet Enterprise M750xh
    HP Color LaserJet Enterprise M855 Printer series
    HP Color LaserJet Enterprise M855dn Printer
    HP Color LaserJet Enterprise M855xh Printer
    HP Color LaserJet Enterprise M855x+ Printer
    HP Color LaserJet Enterprise flow M880 Multifunction Printer series
    HP Color LaserJet Enterprise flow M880z Multifunction Printer
    HP Color LaserJet Enterprise flow M880z+ Multifunction Printer
    HP LaserJet Pro MFP M127 series
    HP LaserJet Pro MFP M127fn
    HP LaserJet Pro MFP M127fw
    HP Officejet 2620 All-in-One
    HP Officejet 2621 All-in-One
    HP Officejet 2622 All-in-One
  Added Pin Printing support for HP LaserJet m5035 MFP device
 - Added a devel package
 - Update the .desktop database on install/uninstall
 - Use .desktop files provided by upstream
 -------------------------------------------------------------------
 Wed Oct 16 15:36:08 CEST 2013 - jsmeix@suse.de
--- a/hplip.desktop
+++ b/hplip.desktop
@ -1,6 +0,0 @@
 [Desktop Entry]
 Type=Application
 Name=hp-toolbox
 GenericName=HP Device Manager
 Exec=hp-toolbox
 Icon=HPmenu
--- a/hplip.spec
+++ b/hplip.spec
@ -15,6 +15,7 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 Name:           hplip
 # BuildRequires foomatic-filters to avoid /usr/lib/rpm/brp-symlink ERROR:
 # link target doesn't exist (neither in build root nor in installed system):
@ -58,7 +59,7 @@ Group:          Hardware/Printing
 # where 'a' or 'b' do not mean 'alpha' or 'beta' but 'second' or 'third' release in the month
 # (usually bugfix releases have the suffix like 3.12.10a = first bugfix release for 3.12.10).
 # Official releases have a 3 digit number and release candidates have a 4 digit number: x.y.m.rc
-Version:        3.13.10
+Version:        3.13.11
 Release:        0
 Url:            http://hplipopensource.com
 # Source0...Source9 is for sources from HP:
@ -77,10 +78,10 @@ Source2:        hplip.keyring
 # Patch11 fix_gcc44_glib.diff is obsolete since version 3.9.6b because it is fixed in the source.
 # Patch12 hplip-3.9.8-CVE-2010-4267.patch fixeed a remote buffer overflow in hpmud/pml.c which
 # is no longer needed because it is fixed in the upstream sources in HPLIP version 3.13.7
-# Source100... is for special Suse sources:
+# Source100... is for special SUSE sources:
-# Source100 is the primary source for the suse_update_desktop_file stuff.
+# Source100 is obsolete as upstream provides .desktop files now
 # It is found automatically in $RPM_SOURCE_DIR by 'suse_update_desktop_file -i hplip':
-Source100:      hplip.desktop
+# Source100:      hplip.desktop
 # Source101 hp-toolbox.wrapper was a wrapper for hp-toolbox which is no longer needed
 # see https://bugzilla.novell.com/show_bug.cgi?id=755820
 # Source102 is a small man page for /usr/bin/hpijs:
@ -113,6 +114,10 @@ Patch104:       do_not_open_mdns_port.diff
 # the add_group function that would add the groups ('lp') to user which
 # would cause security issues see https://bugs.launchpad.net/bugs/1197416
 # which is no longer needed because there is no longer that "chgrp" stuff in HPLIP version 3.13.10.
 # Patch106 disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons,
 # see https://bugzilla.novell.com/show_bug.cgi?id=853405
 # To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used.
 Patch106:       disable_hp-upgrade.patch
 # Install into this non-root directory (required when norootforbuild is used):
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         coreutils
@ -124,7 +129,8 @@ PreReq:         /usr/bin/find
 # The exact matching version-release of the sub-package is available on the same
 # repository where the main-package is (compare the "Recommends: hplip" entry below).
 Requires:       %{name}-hpijs = %{version}-%{release}
-# Same rationale for the sane subpackage.
+# Require the exact matching version-release of the sane sub-package to make sure
 # to have the exact matching version of libsane-hpaio installed:
 Requires:       %{name}-sane = %{version}-%{release}
 # Because foomatic-rip-hplip has CVE-2011-2697 (bnc#698451)
 # plus a leftover in CVE-2004-0801 (bnc#59233)
@ -314,6 +320,20 @@ This sub-package includes only what is needed for plain scanning
 with the scan drivers in HPLIP for standard HP all-in-one printers.
 %package devel
 Summary:        Development files for hplip
 Group:          Development/Languages/C and C++
 # Require the exact matching version-release of the hpijs sub-package to make sure
 # to have the exact matching version of libhpip and libhpmud installed:
 Requires:       %{name}-hpijs = %{version}-%{release}
 # Require the exact matching version-release of the sane sub-package to make sure
 # to have the exact matching version of libsane-hpaio installed:
 Requires:       %{name}-sane = %{version}-%{release}
 %description devel
 This sub-package is only required by developers.
 %prep
 # first thing is to verify the GPG signed tarball, starting with openSUSE 12.3.
 %if 0%{?suse_version} > 1220
@ -327,6 +347,10 @@ with the scan drivers in HPLIP for standard HP all-in-one printers.
 # in distros.dat for SUSE distros to avoid security issues when ports in the firewall
 # get opened. see https://bugs.launchpad.net/bugs/426161
 %patch104 -b .do_not_open_mdns_port.orig
 # Patch106 disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons,
 # see https://bugzilla.novell.com/show_bug.cgi?id=853405
 # To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used.
 %patch106 -b .disable_hp-upgrade.orig
 %build
 # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake)
@ -486,18 +510,8 @@ popd
 # /usr/lib/cups/filter/foomatic-rip-hplip
 # which points to foomatic-rip is installed:
 ln -s ../../../bin/foomatic-rip %{buildroot}/usr/lib/cups/filter/foomatic-rip-hplip
-# Begin "Desktop menue entry stuff":
+# Replace the invalid Desktop categories
-# Install /usr/share/hplip/data/images/64x64/hp_logo.png as desktop icon file
+%suse_update_desktop_file -r %{buildroot}%{_datadir}/applications/hplip.desktop System HardwareSettings
 # because it is used in the hplip.desktop.in and hplip-systray.desktop.in sources:
 install -D -m 644 %{buildroot}%{_datadir}/hplip/data/images/32x32/hp_logo.png %{buildroot}%{_datadir}/icons/hicolor/32x32/apps/HPmenu.png
 install -D -m 644 %{buildroot}%{_datadir}/hplip/data/images/64x64/hp_logo.png %%{buildroot}%{_datadir}/icons/hicolor/64x64/apps/HPmenu.png
 install -D -m 644 %{buildroot}%{_datadir}/hplip/data/images/128x128/hp_logo.png %{buildroot}%{_datadir}/icons/hicolor/128x128/apps/HPmenu.png
 install -D -m 644 %{buildroot}%{_datadir}/hplip/data/images/256x256/hp_logo.png %{buildroot}%{_datadir}/icons/hicolor/256x256/apps/HPmenu.png
 # Set up and install the desktop menue entry stuff using "Categories=System;Monitor;"
 # and remove HP's hplip.desktop and hplip-systray.desktop files before because we use Source100:
 # (additionally there is/was a typo in HP's install because of the trailing blank at 'applications ')
 rm %{buildroot}%{_datadir}/applications/hplip*.desktop
 %suse_update_desktop_file -i %{name} System HardwareSettings Printing
 # Let suse_update_desktop_file add X-SuSE-translate key to /etc/xdg/autostart/hplip-systray.desktop
 # so that we can update its translations with translation-only packages.
 %suse_update_desktop_file %{buildroot}/etc/xdg/autostart/hplip-systray.desktop
@ -517,6 +531,9 @@ install -m 644 %{SOURCE102} %{buildroot}%{_mandir}/man1/
 %fdupes -s %{buildroot}/%{_datadir}/hplip/data/images
 %post
 %if 0%{?suse_version} >= 1140
 %desktop_database_post
 %endif
 %if 0%{?suse_version} > 1130
 %icon_theme_cache_post
 %else
@ -551,6 +568,9 @@ find /usr/share/hplip/ -name '*.py[co]' -delete
 exit 0
 %postun
 %if 0%{?suse_version} >= 1140
 %desktop_database_postun
 %endif
 %if 0%{?suse_version} > 1130
 %icon_theme_cache_postun
 %else
@ -636,7 +656,6 @@ exit 0
 %dir /usr/lib/cups/filter
 /usr/lib/cups/filter/hpcupsfax
 %doc %{_defaultdocdir}/%{name}/
 %{_datadir}/icons/hicolor/*/apps/HPmenu.png
 %{_datadir}/applications/%{name}.desktop
 %{_datadir}/hplip/
 %exclude %{_datadir}/hplip/data/models/models.dat
@ -648,8 +667,8 @@ exit 0
 %config %{_sysconfdir}/cups/pstotiff.types
 %{_bindir}/hpijs
 %doc %{_mandir}/man1/hpijs.1.gz
-%{_libdir}/libhpip.*
+%{_libdir}/libhpip.so.*
-%{_libdir}/libhpmud.*
+%{_libdir}/libhpmud.so.*
 %dir /usr/lib/cups
 %dir /usr/lib/cups/backend
 /usr/lib/cups/backend/hp
@ -676,6 +695,14 @@ exit 0
 %files sane
 %defattr(-, root, root)
 %dir %{_libdir}/sane
-%{_libdir}/sane/libsane-hpaio.*
+%{_libdir}/sane/libsane-hpaio.so.*
 %files devel
 %defattr(-, root, root)
 %{_libdir}/libhpip.so
 %{_libdir}/libhpmud.so
 %{_libdir}/*.la
 %{_libdir}/sane/libsane-hpaio.so
 %{_libdir}/sane/*.la
 %changelog