[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used
** Changed in: hplip Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1091567 Title: upgrade.py crashes if a captive portal is used Status in HP Linux Imaging and Printing: Fix Released Status in “hplip” package in Ubuntu: Confirmed Bug description: The hp-upgrade --check command downloads info from http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive portal is used for WLAN authentication (Hotels, Airports, etc) This could have a security impact as it downloads information without verifying the source. A specially crafted config file or limitless (/dev/null, /dev/random) file could have an impact. 1. Use TLS and verify certificates 2. Use GPG to sign the file and verify on the client. 3. Limit the maximum amount of bytes downloaded 4. Validate the config file. 5. Retry the upgrade check at a later time (after wlan authentication) 6. Use APT to check for updates if that's possible PythonArgs: ['/usr/bin/hp-upgrade', '--check'] Traceback: Traceback (most recent call last): File /usr/bin/hp-upgrade, line 210, in module hplip_version_conf = ConfigBase(HPLIP_Ver_file) File /usr/share/hplip/base/g.py, line 81, in __init__ self.read() File /usr/share/hplip/base/g.py, line 121, in read self.conf.readfp(fp) File /usr/lib/python2.7/ConfigParser.py, line 324, in readfp self._read(fp, filename) File /usr/lib/python2.7/ConfigParser.py, line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) MissingSectionHeaderError: File contains no section headers. file: /tmp/tmpA55LLA, line: 1 'HTMLHEADTITLE Web Authentication Redirect/TITLEMETA http-equiv=Cache-control content=no-cacheMETA http-equiv=Pragma content=no-cacheMETA http-equiv=Expires content=-1META http-equiv=refresh content=1; URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf;/HEAD/HTML\r\n' To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used
HPLIP version: 3.12.6-3ubuntu4 Ubuntu version: Ubuntu 12.10 (Quantal) ** Also affects: hplip Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1091567 Title: upgrade.py crashes if a captive portal is used Status in HP Linux Imaging and Printing: New Status in “hplip” package in Ubuntu: New Bug description: The hp-upgrade --check command downloads info from http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive portal is used for WLAN authentication (Hotels, Airports, etc) This could have a security impact as it downloads information without verifying the source. A specially crafted config file or limitless (/dev/null, /dev/random) file could have an impact. 1. Use TLS and verify certificates 2. Use GPG to sign the file and verify on the client. 3. Limit the maximum amount of bytes downloaded 4. Validate the config file. 5. Retry the upgrade check at a later time (after wlan authentication) 6. Use APT to check for updates if that's possible PythonArgs: ['/usr/bin/hp-upgrade', '--check'] Traceback: Traceback (most recent call last): File /usr/bin/hp-upgrade, line 210, in module hplip_version_conf = ConfigBase(HPLIP_Ver_file) File /usr/share/hplip/base/g.py, line 81, in __init__ self.read() File /usr/share/hplip/base/g.py, line 121, in read self.conf.readfp(fp) File /usr/lib/python2.7/ConfigParser.py, line 324, in readfp self._read(fp, filename) File /usr/lib/python2.7/ConfigParser.py, line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) MissingSectionHeaderError: File contains no section headers. file: /tmp/tmpA55LLA, line: 1 'HTMLHEADTITLE Web Authentication Redirect/TITLEMETA http-equiv=Cache-control content=no-cacheMETA http-equiv=Pragma content=no-cacheMETA http-equiv=Expires content=-1META http-equiv=refresh content=1; URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf;/HEAD/HTML\r\n' To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used
** Changed in: hplip Status: New = In Progress ** Changed in: hplip Assignee: (unassigned) = Amarnath Chitumalla (amarnath-chitumalla) ** Changed in: hplip Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1091567 Title: upgrade.py crashes if a captive portal is used Status in HP Linux Imaging and Printing: Fix Committed Status in “hplip” package in Ubuntu: New Bug description: The hp-upgrade --check command downloads info from http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive portal is used for WLAN authentication (Hotels, Airports, etc) This could have a security impact as it downloads information without verifying the source. A specially crafted config file or limitless (/dev/null, /dev/random) file could have an impact. 1. Use TLS and verify certificates 2. Use GPG to sign the file and verify on the client. 3. Limit the maximum amount of bytes downloaded 4. Validate the config file. 5. Retry the upgrade check at a later time (after wlan authentication) 6. Use APT to check for updates if that's possible PythonArgs: ['/usr/bin/hp-upgrade', '--check'] Traceback: Traceback (most recent call last): File /usr/bin/hp-upgrade, line 210, in module hplip_version_conf = ConfigBase(HPLIP_Ver_file) File /usr/share/hplip/base/g.py, line 81, in __init__ self.read() File /usr/share/hplip/base/g.py, line 121, in read self.conf.readfp(fp) File /usr/lib/python2.7/ConfigParser.py, line 324, in readfp self._read(fp, filename) File /usr/lib/python2.7/ConfigParser.py, line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) MissingSectionHeaderError: File contains no section headers. file: /tmp/tmpA55LLA, line: 1 'HTMLHEADTITLE Web Authentication Redirect/TITLEMETA http-equiv=Cache-control content=no-cacheMETA http-equiv=Pragma content=no-cacheMETA http-equiv=Expires content=-1META http-equiv=refresh content=1; URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf;/HEAD/HTML\r\n' To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used
Hi, Thank you for reporting the issue. We have fixed this issue and fix will be available in next HPLIP release. Meanwhile, you can apply this patch. 1) copy the attached g.py file under /usr/share/hplip/base folder $ sudo cp -b g.py /usr/share/hplip/base/g.py or $ su -c cp -b g.py /usr/share/hplip/base/g.py Thanks Regards, Amarnath ** Attachment added: g.py https://bugs.launchpad.net/ubuntu/+source/hplip/+bug/1091567/+attachment/3462845/+files/g.py -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1091567 Title: upgrade.py crashes if a captive portal is used Status in HP Linux Imaging and Printing: Fix Committed Status in “hplip” package in Ubuntu: New Bug description: The hp-upgrade --check command downloads info from http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive portal is used for WLAN authentication (Hotels, Airports, etc) This could have a security impact as it downloads information without verifying the source. A specially crafted config file or limitless (/dev/null, /dev/random) file could have an impact. 1. Use TLS and verify certificates 2. Use GPG to sign the file and verify on the client. 3. Limit the maximum amount of bytes downloaded 4. Validate the config file. 5. Retry the upgrade check at a later time (after wlan authentication) 6. Use APT to check for updates if that's possible PythonArgs: ['/usr/bin/hp-upgrade', '--check'] Traceback: Traceback (most recent call last): File /usr/bin/hp-upgrade, line 210, in module hplip_version_conf = ConfigBase(HPLIP_Ver_file) File /usr/share/hplip/base/g.py, line 81, in __init__ self.read() File /usr/share/hplip/base/g.py, line 121, in read self.conf.readfp(fp) File /usr/lib/python2.7/ConfigParser.py, line 324, in readfp self._read(fp, filename) File /usr/lib/python2.7/ConfigParser.py, line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) MissingSectionHeaderError: File contains no section headers. file: /tmp/tmpA55LLA, line: 1 'HTMLHEADTITLE Web Authentication Redirect/TITLEMETA http-equiv=Cache-control content=no-cacheMETA http-equiv=Pragma content=no-cacheMETA http-equiv=Expires content=-1META http-equiv=refresh content=1; URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf;/HEAD/HTML\r\n' To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used
Changed to Confirmed as the issues is confirmed by Amarnath Chitumalla (HPLIP). ** Changed in: hplip (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1091567 Title: upgrade.py crashes if a captive portal is used Status in HP Linux Imaging and Printing: Fix Committed Status in “hplip” package in Ubuntu: Confirmed Bug description: The hp-upgrade --check command downloads info from http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive portal is used for WLAN authentication (Hotels, Airports, etc) This could have a security impact as it downloads information without verifying the source. A specially crafted config file or limitless (/dev/null, /dev/random) file could have an impact. 1. Use TLS and verify certificates 2. Use GPG to sign the file and verify on the client. 3. Limit the maximum amount of bytes downloaded 4. Validate the config file. 5. Retry the upgrade check at a later time (after wlan authentication) 6. Use APT to check for updates if that's possible PythonArgs: ['/usr/bin/hp-upgrade', '--check'] Traceback: Traceback (most recent call last): File /usr/bin/hp-upgrade, line 210, in module hplip_version_conf = ConfigBase(HPLIP_Ver_file) File /usr/share/hplip/base/g.py, line 81, in __init__ self.read() File /usr/share/hplip/base/g.py, line 121, in read self.conf.readfp(fp) File /usr/lib/python2.7/ConfigParser.py, line 324, in readfp self._read(fp, filename) File /usr/lib/python2.7/ConfigParser.py, line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) MissingSectionHeaderError: File contains no section headers. file: /tmp/tmpA55LLA, line: 1 'HTMLHEADTITLE Web Authentication Redirect/TITLEMETA http-equiv=Cache-control content=no-cacheMETA http-equiv=Pragma content=no-cacheMETA http-equiv=Expires content=-1META http-equiv=refresh content=1; URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf;/HEAD/HTML\r\n' To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1091567] Re: upgrade.py crashes if a captive portal is used
The attachment g.py of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to hplip in Ubuntu. https://bugs.launchpad.net/bugs/1091567 Title: upgrade.py crashes if a captive portal is used Status in HP Linux Imaging and Printing: Fix Committed Status in “hplip” package in Ubuntu: Confirmed Bug description: The hp-upgrade --check command downloads info from http://hplip.sourceforge.net/hplip_web.conf. This fails if a captive portal is used for WLAN authentication (Hotels, Airports, etc) This could have a security impact as it downloads information without verifying the source. A specially crafted config file or limitless (/dev/null, /dev/random) file could have an impact. 1. Use TLS and verify certificates 2. Use GPG to sign the file and verify on the client. 3. Limit the maximum amount of bytes downloaded 4. Validate the config file. 5. Retry the upgrade check at a later time (after wlan authentication) 6. Use APT to check for updates if that's possible PythonArgs: ['/usr/bin/hp-upgrade', '--check'] Traceback: Traceback (most recent call last): File /usr/bin/hp-upgrade, line 210, in module hplip_version_conf = ConfigBase(HPLIP_Ver_file) File /usr/share/hplip/base/g.py, line 81, in __init__ self.read() File /usr/share/hplip/base/g.py, line 121, in read self.conf.readfp(fp) File /usr/lib/python2.7/ConfigParser.py, line 324, in readfp self._read(fp, filename) File /usr/lib/python2.7/ConfigParser.py, line 512, in _read raise MissingSectionHeaderError(fpname, lineno, line) MissingSectionHeaderError: File contains no section headers. file: /tmp/tmpA55LLA, line: 1 'HTMLHEADTITLE Web Authentication Redirect/TITLEMETA http-equiv=Cache-control content=no-cacheMETA http-equiv=Pragma content=no-cacheMETA http-equiv=Expires content=-1META http-equiv=refresh content=1; URL=https://__REMOVED__/login.html?redirect=hplip.sourceforge.net/hplip_web.conf;/HEAD/HTML\r\n' To manage notifications about this bug go to: https://bugs.launchpad.net/hplip/+bug/1091567/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
