[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used

Mon, 18 Feb 2013 03:25:45 -0800 

** Changed in: hplip
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to hplip in Ubuntu.
https://bugs.launchpad.net/bugs/1091567

Title:
  upgrade.py crashes if a captive portal is used

Status in HP Linux Imaging and Printing:
  Fix Released
Status in “hplip” package in Ubuntu:
  Confirmed

Bug description:
  The "hp-upgrade --check" command downloads info from
  http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive
  portal is used for WLAN authentication (Hotels, Airports, etc)

  This could have a security impact as it downloads information without
  verifying the source. A specially crafted config file or limitless
  (/dev/null, /dev/random) file could have an impact.

  1. Use TLS and verify certificates
  2. Use GPG to sign the file and verify on the client.
  3. Limit the maximum amount of bytes downloaded
  4. Validate the config file.
  5. Retry the upgrade check at a later time (after wlan authentication)
  6. Use APT to check for updates if that's possible

  PythonArgs: ['/usr/bin/hp-upgrade', '--check']
  Traceback:
   Traceback (most recent call last):
     File "/usr/bin/hp-upgrade", line 210, in <module>
       hplip_version_conf = ConfigBase(HPLIP_Ver_file)
     File "/usr/share/hplip/base/g.py", line 81, in __init__
       self.read()
     File "/usr/share/hplip/base/g.py", line 121, in read
       self.conf.readfp(fp)
     File "/usr/lib/python2.7/ConfigParser.py", line 324, in readfp
       self._read(fp, filename)
     File "/usr/lib/python2.7/ConfigParser.py", line 512, in _read
       raise MissingSectionHeaderError(fpname, lineno, line)
   MissingSectionHeaderError: File contains no section headers.
   file: /tmp/tmpA55LLA, line: 1
   '<HTML><HEAD><TITLE> Web Authentication Redirect</TITLE><META 
http-equiv="Cache-control" content="no-cache"><META http-equiv="Pragma" 
content="no-cache"><META http-equiv="Expires" content="-1"><META 
http-equiv="refresh" content="1; 
URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf";></HEAD></HTML>\r\n'

To manage notifications about this bug go to:
https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to