Hello community, here is the log from the commit of package hplip for openSUSE:Factory checked in at 2015-07-16 17:17:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hplip (Old) and /work/SRC/openSUSE:Factory/.hplip.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hplip" Changes: -------- --- /work/SRC/openSUSE:Factory/hplip/hplip.changes 2015-05-29 09:44:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hplip.new/hplip.changes 2015-07-16 17:17:47.000000000 +0200 @@ -1,0 +2,24 @@ +Wed Jun 24 11:48:49 CEST 2015 - [email protected] + +- hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID + (instead of the short key ID) for downloading the key + see https://bugs.launchpad.net/hplip/+bug/1432516 + (CVE-2015-0839 bsc#933191). +- Version upgrade to 3.15.6: + Added Support for the Following New Printers: + HP DeskJet 2130 All-in-One Printer series + HP DeskJet 2132 All-in-One Printer + HP Deskjet 2546B All-in-One Printer + HP Deskjet 2546P All-in-One Printer + HP Deskjet 2546R All-in-One Printer + HP DeskJet 3630 All-in-One Printer series + HP DeskJet 3632 All-in-One + HP Officejet 5744 e-All-in-One + Some bug fixes - in particular: + udev rules wrongly match on monitor hub, wrong invocation + of systemd unit, changes config files in udev rules + For details see + http://hplipopensource.com/hplip-web/release_notes.html +- change-udev-rules.diff: Adapted for HPLIP 3.15.6. + +------------------------------------------------------------------- @@ -12,0 +37,2 @@ + Significant Changes: + HPLIP Plugin support for ARMv6,ARMv7 and aarch64 architectures Old: ---- hplip-3.15.4.tar.gz hplip-3.15.4.tar.gz.asc New: ---- hplip-3.15.6.CVE-2015-0839.patch hplip-3.15.6.tar.gz hplip-3.15.6.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hplip.spec ++++++ --- /var/tmp/diff_new_pack.OWN1UN/_old 2015-07-16 17:17:49.000000000 +0200 +++ /var/tmp/diff_new_pack.OWN1UN/_new 2015-07-16 17:17:49.000000000 +0200 @@ -17,18 +17,18 @@ Name: hplip -Version: 3.15.4 +Version: 3.15.6 Release: 0 Summary: HP's Printing, Scanning, and Faxing Software License: BSD-3-Clause and GPL-2.0+ and MIT Group: Hardware/Printing Url: http://hplipopensource.com # Source0...Source9 is for sources from HP: -# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.4.tar.gz -# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.4.tar.gz.asc +# URL for Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz +# URL to verify Source0: http://prdownloads.sourceforge.net/hplip/hplip-3.15.6.tar.gz.asc # How to verify Source0 see: http://hplipopensource.com/node/327 # For example: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0xA59047B9 -# /usr/bin/gpg --verify hplip-3.15.4.tar.gz.asc hplip-3.15.4.tar.gz +# /usr/bin/gpg --verify hplip-3.15.6.tar.gz.asc hplip-3.15.6.tar.gz # must result: Good signature from "HPLIP (HP Linux Imaging and Printing) <[email protected]>" Source0: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz Source1: http://prdownloads.sourceforge.net/hplip/hplip-%{version}.tar.gz.asc @@ -84,6 +84,9 @@ # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 Patch108: add_missing_includes_and_define_GNU_SOURCE.patch +# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID) +# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516): +Patch109: hplip-3.15.6.CVE-2015-0839.patch # HPLIP's Python module cupsext.so has a build-time dependancy on the CUPS version: # It needs symbols (like ippFirstAttribute, ippNextAttribute, ippSetOperation etc) # that are defined only in libcups.so version > 1.5. For backward compatibility @@ -400,6 +403,9 @@ # Patch108 add_missing_includes_and_define_GNU_SOURCE.patch adds missing '#include <...>' # and missing '#define _GNU_SOURCE' see https://bugs.launchpad.net/hplip/+bug/1456590 %patch108 -b .add_missing_includes_and_define_GNU_SOURCE.orig +# Patch109 hplip-3.15.6.CVE-2015-0839.patch uses 0xlong key ID (instead of the short key ID) +# for downloading the key (bsc#933191 and https://bugs.launchpad.net/hplip/+bug/1432516): +%patch109 -p1 -b .CVE-2015-0839.orig %build # If AUTOMAKE='automake --foreign' is not set, autoreconf (in fact automake) ++++++ change-udev-rules.diff ++++++ --- /var/tmp/diff_new_pack.OWN1UN/_old 2015-07-16 17:17:49.000000000 +0200 +++ /var/tmp/diff_new_pack.OWN1UN/_new 2015-07-16 17:17:49.000000000 +0200 @@ -1,7 +1,8 @@ ---- data/rules/56-hpmud.rules.orig 2014-03-28 20:51:31.600138795 +0100 -+++ data/rules/56-hpmud.rules 2014-03-28 21:29:10.461761052 +0100 -@@ -1,9 +1,31 @@ +--- data/rules/56-hpmud.rules.orig 2015-06-07 21:25:22.000000000 +0200 ++++ data/rules/56-hpmud.rules 2015-06-24 12:35:25.000000000 +0200 +@@ -1,18 +1,50 @@ # HPLIP udev rules file. Notify console user if plugin support is required for this device. ++# +# SUSE changed: +# +# Exchanged the rule to GOTO hpmud_usb_rules if SUBSYSTEM is "usb" @@ -12,7 +13,7 @@ +# if SUBSYSTEM is not "usb" or if ENV{DEVTYPE} is not "usb_device" or if SUBSYSTEM is not "ppdev" +# to avoid that the hpmud_usb_rules are needlessly processed. +# -+# The rule to automatically "add the printer and install plugin" is disabled ++# The rule to automatically "check ... plugin status" is disabled +# because automated installation of non-free proprietary third-party software +# (here the plugin from HP) should not happen and it can cause whatever kind +# of strange behaviour see for example https://bugs.launchpad.net/bugs/1197416 @@ -20,10 +21,12 @@ +# while in contrast manual printer setup via hp-setup usually "just works" +# and it is clear for the user what goes on and in case of failure what went wrong. +# -+# Because the rule to automatically "add the printer and install plugin" ++# Because the rule to automatically "check ... plugin status" +# is also used to upload firmware into printers that need it +# see https://bugs.launchpad.net/bugs/1220628 +# a rule that only uploads firmware into printers that need it is added. ++# ++# If possible activate hpaio backend support in /etc/sane.d/dll.conf. ACTION!="add", GOTO="hpmud_rules_end" -SUBSYSTEM=="ppdev", OWNER="root", GROUP="lp", MODE="0664" @@ -34,15 +37,20 @@ LABEL="hpmud_usb_rules" -@@ -12,7 +34,10 @@ + ENV{ID_USB_INTERFACES}=="", IMPORT{builtin}="usb_id" + # ENV{ID_HPLIP}="1" is for Ubuntu udev-acl + ATTR{idVendor}=="03f0", ENV{ID_USB_INTERFACES}=="*:0701??:*|*:08????:", OWNER="root", GROUP="lp", MODE="0664", ENV{libsane_matched}="yes", ENV{hp_test}="yes", ENV{ID_HPLIP}="1" # This rule will check the smart install feature, plugin status and firmware download for the required printers. --ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/python /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi &'" -+#ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c 'if [ -f /usr/bin/systemctl ]; then /usr/bin/systemctl --no-block start hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service; else /usr/bin/nohup /usr/bin/python /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM} ; fi &'" +-ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM}'" ++#ENV{hp_test}=="yes", PROGRAM="/bin/sh -c 'logger -p user.info loading HP Device $env{BUSNUM} $env{DEVNUM}'", RUN+="/bin/sh -c '/usr/bin/nohup /usr/bin/hp-config_usb_printer $env{BUSNUM}:$env{DEVNUM}'" + +# This rule uploads firmware to HP USB printer devices if needed: +ENV{hp_test}=="yes", PROGRAM="/bin/logger -p user.info udev hpmud.rules runs hp-firmware to test if HP device with USB vendor ID $attr{idVendor} and USB product ID $attr{idProduct} at USB bus ID $env{BUSNUM} and USB device ID $env{DEVNUM} needs firmware and if yes to upload it", RUN+="/usr/bin/hp-firmware -s $env{BUSNUM}:$env{DEVNUM}" ++ ++# If possible activate hpaio backend support in /etc/sane.d/dll.conf: ++ENV{libsane_matched}=="yes", RUN+="/bin/sh -c 'if test -w /etc/sane.d/dll.conf ; then sed -i -e /hpaio/d /etc/sane.d/dll.conf ; echo hpaio >>/etc/sane.d/dll.conf ; fi'" - # If sane-bankends is installed add hpaio backend support to dll.conf if needed. - ENV{sane_hpaio}=="yes", RUN+="/bin/sh -c 'grep -q ^#hpaio /etc/sane.d/dll.conf;if [ $$? -eq 0 ];then sed -i -e s/^#hpaio/hpaio/ /etc/sane.d/dll.conf;else grep -q ^hpaio /etc/sane.d/dll.conf;if [ $$? -ne 0 ];then echo hpaio >>/etc/sane.d/dll.conf;fi;fi'" + LABEL="hpmud_rules_end" ++ ++++++ hplip-3.15.6.CVE-2015-0839.patch ++++++ From: Andreas Stieger <[email protected]> Date: Fri, 19 Jun 2015 13:26:52 +0200 Subject: [PATCH] use 0xlong key ID Upstream: via package maintainer References: https://bugzilla.suse.com/show_bug.cgi?id=933191 CVE-2015-0839 Use 0xlong key ID, short of shipping the key or full fingerprint. Index: hplip-3.15.6/base/validation.py =================================================================== --- hplip-3.15.6.orig/base/validation.py +++ hplip-3.15.6/base/validation.py @@ -42,7 +42,7 @@ class DigiSign_Verification(object): class GPG_Verification(DigiSign_Verification): - def __init__(self, pgp_site = 'pgp.mit.edu', key = 0xA59047B9): + def __init__(self, pgp_site = 'pgp.mit.edu', key = 0x73D770CDA59047B9): self.__pgp_site = pgp_site self.__key = key self.__gpg = utils.which('gpg',True) ++++++ hplip-3.15.4.tar.gz -> hplip-3.15.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/hplip/hplip-3.15.4.tar.gz /work/SRC/openSUSE:Factory/.hplip.new/hplip-3.15.6.tar.gz differ: char 5, line 1
