diff --git a/extra/hplip/.SRCINFO b/extra/hplip/.SRCINFO index 3745590f5..e9b442319 100644 --- a/extra/hplip/.SRCINFO +++ b/extra/hplip/.SRCINFO @@ -1,7 +1,7 @@ pkgbase = hplip pkgdesc = Drivers for HP DeskJet, OfficeJet, Photosmart, Business Inkjet and some LaserJet - pkgver = 3.23.8 - pkgrel = 2 + pkgver = 3.23.12 + pkgrel = 1 epoch = 1 url = https://hplipopensource.com arch = x86_64 @@ -39,28 +39,24 @@ pkgbase = hplip optdepends = wget: for network support backup = etc/hp/hplip.conf backup = etc/sane.d/dll.d/hpaio - source = https://downloads.sourceforge.net/hplip/hplip-3.23.8.tar.gz - source = https://downloads.sourceforge.net/hplip/hplip-3.23.8.tar.gz.asc + source = https://downloads.sourceforge.net/hplip/hplip-3.23.12.tar.gz + source = https://downloads.sourceforge.net/hplip/hplip-3.23.12.tar.gz.asc source = disable_upgrade.patch - source = 0001_hppsfilter_booklet_printing_change_insecure_fixed_tm.patch source = 0003-models.dat-Re-add-drivers-missing-from-3.19.1.patch source = 0018-Allow-non-JPEG-scanning-on-the-HP-DeskJet-3520-All-i.patch source = 0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch source = 0023-Fix-handling-of-unicode-filenames-in-sixext.py.patch - source = 0025_fix-Werror-format-security.patch source = hplip-configure-python.patch source = python3.diff source = reproducible-gzip.patch validpgpkeys = 4ABA2F66DBD5A95894910E0673D770CDA59047B9 - sha512sums = 727b5a6c5b5c77571f1bc27efd493cf8177f543412fa70f0f1ff3439d6599c85985206ccb1c60dbc8bec1e23ef6b25f9030fd872c24799029ba8526b0061cc90 + sha512sums = 7461ffec38be68421e4204021f53d2b1641e7a67c14f205390d45f487a1af90956fd221f7e1561635508103ae944f19e04d6052d3f8928f2c9685fdcdcf515df sha512sums = SKIP sha512sums = a12aaeece5285ffb86bdbc24871bf512fbc1f29da44ae51ded314378032662074a42b8aca23bebb378bf78ed15bb7f99da59bfb4cd456f3458e7a5ef42a900f8 - sha512sums = 7902950fbd9affaf01b8406fb8e49648ad06a8495e76ad3c5717a6d62f415616d9cc01f31da08d14ce36acec672e3b843b790ac1e4525838ddc707ab0cb87d2f sha512sums = f79b3f09d022178099f38b9eae1792396e730eb5352a03d088e6610d92b3895f3f65bb92089ce7f5b21d794f9716ceb176d29ca7283e8a48bb04cf6aba305a2f sha512sums = 93e29a9ef893636b2b84443e75525c4ed42531d6e68a182dfbb725c3919c77b966b5e7d9381a34d3b5853423995a7b15efb69ce3e500ec72b25b65b2ad6bd64c sha512sums = 22aeb5b851f78bc6bc62e0bc3da99fecaf42d7604af41e2f3343f8d3666541f7b06b7d1a7d0ddf24f1731ac7b12dfe582375a98e3b94dfa323d6ce954549ca67 sha512sums = 763949a0bc460dcc9faefc86f2a91cf342781bfce696ed0c3826758572dd03ac266bbeb7b6a4f9376ac298d7d3c9c4def42d94921a8e1d1695e39396e36d95ff - sha512sums = b7e67bccb2516f4d98e4c5ea55f7d2299d95bfdc341dbc0149af1423169bedcd8bcfdb125c92f373e9e7be57ea284fef80a8343035fb42572b9cb927929cd257 sha512sums = 089c102357ea5fd55d81ae76aaff62713f780fd84500c3b92ecd6b2bb11ccdc3a162978548e9a5f9e98a8354a5be3997e416c52daa18eda4621ed79a29d6fea8 sha512sums = b8a4c860e90a52ec566ca5a9c7f3a5ecb7386ae76e17b2c6c878073e60eeaf0cb63883b740b4725794be9914e1ab8fc91313efb288395f3095f599c07f54cf14 sha512sums = 379fcbe9dc2986da828a174a0ac4e71a1da43a98408894d5e713e09d7d9cba1e9fac30f9602b81d48d992abe6b65b6402b8a07664efe97400c5d839be33cf15f diff --git a/extra/hplip/0001_hppsfilter_booklet_printing_change_insecure_fixed_tm.patch b/extra/hplip/0001_hppsfilter_booklet_printing_change_insecure_fixed_tm.patch deleted file mode 100644 index b28d56ee8..000000000 --- a/extra/hplip/0001_hppsfilter_booklet_printing_change_insecure_fixed_tm.patch +++ /dev/null @@ -1,204 +0,0 @@ -From 5875d32ce071e591461e404bdd8aae849ccdcab1 Mon Sep 17 00:00:00 2001 -From: Matthias Gerstner -Date: Fri, 8 Sep 2023 10:17:04 +0200 -Subject: [PATCH] hppsfilter: booklet printing: change insecure fixed /tmp file - paths - -Using the fixed /tmp file paths in booklet printing /tmp/booklet.ps, -/tmp/temp.ps and /tmp/NUP.ps is a local security issue and also prevents -potential parallel operation of hplip. - -Use proper `mkstemp()` for these files. Functions like `PS_Booklet()` -and `cupsFileOpen()` don't use the open file descriptor but open the -path by name again. This is safe, since the files have already been -safely created and have safe modes. I wanted to avoid changing a whole -series of function signatures for this. - -The purpose of the `chmod()` in `open_tempbookletfile()` is unclear, the -data should only be processed by our own process. Making the file world -readable is an information leak, though. Thus drop this line. ---- - prnt/hpps/hppsfilter.c | 124 ++++++++++++++++++++++++++++++++--------- - 1 file changed, 98 insertions(+), 26 deletions(-) - -diff --git a/prnt/hpps/hppsfilter.c b/prnt/hpps/hppsfilter.c -index d6721b1..711b8d8 100644 ---- a/prnt/hpps/hppsfilter.c -+++ b/prnt/hpps/hppsfilter.c -@@ -43,7 +43,9 @@ static FILE *g_fp_outdbgps = NULL; - static FILE *ptempbooklet_file = NULL; - static char temp_filename[FILE_NAME_SIZE] = {0}; - static char booklet_filename[FILE_NAME_SIZE] = {0}; -+static int booklet_fd = -1; - static char Nup_filename[FILE_NAME_SIZE] = {0}; -+static int Nup_fd = -1; - extern void PS_Booklet(char *tempfile, char *bookletfile, char *nupfile,int order, int nup, char* pagesize, int bookletMaker); - static const char *GetOptionValue(const char *iOptionValue); - -@@ -99,16 +101,78 @@ static int hpwrite (void *pBuffer, size_t size) - return ndata_written; - } - --static void open_tempbookletfile(char *mode) -+static int open_tempbookletfile(char *mode) - { -- ptempbooklet_file= fopen(temp_filename, mode); -+ snprintf(temp_filename, FILE_NAME_SIZE, "/tmp/hppsfilter-temp.XXXXXX"); -+ int fd = mkstemp(temp_filename); -+ if (fd < 0) { -+ temp_filename[0] = '\0'; -+ fprintf(stderr, "ERROR: Unable to open temp file %s\n", temp_filename); -+ return 1; -+ } -+ -+ ptempbooklet_file = fdopen(fd, mode); - if(ptempbooklet_file == NULL) - { -- fprintf(stderr, "ERROR: Unable to open temp file %s\n", temp_filename); -- return 1; -+ close(fd); -+ fprintf(stderr, "ERROR: Unable to open temp file %s\n", temp_filename); -+ return 1; - } -- chmod(temp_filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); -+ return 0; -+} -+ -+static void clean_tempfiles() -+{ -+ if (booklet_fd != -1) -+ { -+ close(booklet_fd); -+ booklet_fd = -1; -+ } -+ -+ if (Nup_fd != -1) -+ { -+ close(Nup_fd); -+ Nup_fd = -1; -+ } -+ -+ if (ptempbooklet_file != NULL) -+ { -+ fclose(ptempbooklet_file); -+ ptempbooklet_file = NULL; -+ } -+ -+ if( booklet_filename[0] != '\0' ) -+ { -+ if ((unlink(booklet_filename)) == -1) -+ { -+ fprintf(stderr, "ERROR: Unable to remove temporary files in /tmp dir \"%s\" ",booklet_filename); -+ return 1; -+ } -+ -+ booklet_filename[0] = '\0'; -+ } -+ -+ if( temp_filename[0] != '\0' ) -+ { -+ if ((unlink(temp_filename)) == -1) -+ { -+ fprintf(stderr, "ERROR: Unable to remove temporary files in /tmp dir \"%s\" ",temp_filename); -+ return 1; -+ } -+ -+ temp_filename[0] = '\0'; -+ } - -+ if( Nup_filename[0] != '\0' ) -+ { -+ if ((unlink(Nup_filename)) == -1) -+ { -+ fprintf(stderr, "ERROR: Unable to remove temporary files in /tmp dir \"%s\" ",Nup_filename); -+ return 1; -+ } -+ -+ Nup_filename[0] = '\0'; -+ } - } - - static int Dump_tempbookletfile (void *pBuffer, size_t size) -@@ -921,6 +985,8 @@ int main (int argc, char **argv) - char buffer[MAX_BUFFER] = {0}; - int LfpSecurePin = 0; - -+ atexit(clean_tempfiles); -+ - get_LogLevel(); - setbuf (stderr, NULL); - -@@ -1024,13 +1090,32 @@ int main (int argc, char **argv) - if(booklet_enabled) - { - /* 1. dump the contents of the input file into temp file */ -- sprintf(booklet_filename, "/tmp/%s.ps","booklet"); -- sprintf(temp_filename, "/tmp/%s.ps","temp"); -- sprintf(Nup_filename, "/tmp/%s.ps","NUP"); -- open_tempbookletfile("w"); -- while( (numBytes = cupsFileGetLine(fp_input, line, sizeof(line))) > 0) -+ snprintf(booklet_filename, FILE_NAME_SIZE, "/tmp/hppsfilter-booklet.XXXXXX"); -+ booklet_fd = mkstemp(booklet_filename); -+ if( booklet_fd < 0 ) -+ { -+ booklet_filename[0] = '\0'; -+ fprintf(stderr, "ERROR: Unable to create booklet temporary file \"%s\"", booklet_filename); -+ return 1; -+ } -+ -+ snprintf(Nup_filename, FILE_NAME_SIZE, "/tmp/hppsfilter-nup.XXXXXX"); -+ Nup_fd = mkstemp(Nup_filename); -+ if( Nup_fd < 0 ) -+ { -+ Nup_filename[0] = '\0'; -+ clean_tempfiles(); -+ fprintf(stderr, "ERROR: Unable to create nup temporary file \"%s\"", Nup_filename); -+ return 1; -+ } -+ -+ if( open_tempbookletfile("w") != 0 ) -+ { -+ clean_tempfiles(); -+ return 1; -+ } -+ while( (numBytes = cupsFileGetLine(fp_input, line, sizeof(line))) > 0) - Dump_tempbookletfile (line, numBytes); -- fclose(ptempbooklet_file); - - /* 2. Perform the booklet operation on the PS file */ - PS_Booklet(temp_filename,booklet_filename,Nup_filename,order,nup,subString,bookletMaker); -@@ -1040,6 +1125,7 @@ int main (int argc, char **argv) - if ((fp_bookletinput = cupsFileOpen(Nup_filename, "r")) == NULL) - { - fprintf(stderr, "ERROR: Unable to open Nup_filename print file \"%s\"", Nup_filename); -+ clean_tempfiles(); - return 1; - } - while ( (numBytes = cupsFileGetLine(fp_bookletinput, line, sizeof(line))) > 0) -@@ -1047,21 +1133,7 @@ int main (int argc, char **argv) - cupsFileClose (fp_bookletinput); - - /* 4. Unlink function to remove the temp temporary files created */ -- if( (unlink(booklet_filename)) == -1) -- { -- fprintf(stderr, "ERROR: Unable to remove temporary files in /tmp dir \"%s\" ",booklet_filename); -- return 1; -- } -- if( (unlink(temp_filename)) == -1) -- { -- fprintf(stderr, "ERROR: Unable to remove temporary files in /tmp dir \"%s\" ",temp_filename); -- return 1; -- } -- if( (unlink(Nup_filename)) == -1) -- { -- fprintf(stderr, "ERROR: Unable to remove temporary files in /tmp dir \"%s\" ",Nup_filename); -- return 1; -- } -+ clean_tempfiles(); - booklet_enabled = 0; - bookletMaker=0; - } --- -2.41.0 - - diff --git a/extra/hplip/0025_fix-Werror-format-security.patch b/extra/hplip/0025_fix-Werror-format-security.patch deleted file mode 100644 index 86154afcd..000000000 --- a/extra/hplip/0025_fix-Werror-format-security.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- hplip-3.22.6/protocol/hp_ipp.c 2022-06-28 20:44:38.000000000 +0200 -+++ hplip-3.22.6/protocol/hp_ipp.c.new 2022-06-28 20:56:14.336097721 +0200 -@@ -110,7 +110,7 @@ - } - - if ( info == NULL ) -- snprintf( info,sizeof(info), name ); -+ snprintf( info, sizeof(info), "%s", name ); - - sprintf( printer_uri, "ipp://localhost/printers/%s", name ); - ---- hplip-3.22.6/protocol/hp_ipp.c 2022-06-28 21:08:10.000000000 +0200 -+++ hplip-3.22.6/protocol/hp_ipp.c.new 2022-06-28 21:14:15.921484059 +0200 -@@ -511,27 +511,27 @@ - - if ( strcmp(attr_name, "printer-name") == 0 && - val_tag == IPP_TAG_NAME ) { -- snprintf(t_printer->name, sizeof(t_printer->name),ippGetString(attr, 0, NULL) ); -+ snprintf(t_printer->name, sizeof(t_printer->name), "%s", ippGetString(attr, 0, NULL) ); - } - else if ( strcmp(attr_name, "device-uri") == 0 && - val_tag == IPP_TAG_URI ) { -- snprintf(t_printer->device_uri,sizeof(t_printer->device_uri), ippGetString(attr, 0, NULL) ); -+ snprintf(t_printer->device_uri,sizeof(t_printer->device_uri), "%s", ippGetString(attr, 0, NULL) ); - } - else if ( strcmp(attr_name, "printer-uri-supported") == 0 && - val_tag == IPP_TAG_URI ) { -- snprintf(t_printer->printer_uri,sizeof(t_printer->printer_uri), ippGetString(attr, 0, NULL) ); -+ snprintf(t_printer->printer_uri,sizeof(t_printer->printer_uri), "%s", ippGetString(attr, 0, NULL) ); - } - else if ( strcmp(attr_name, "printer-info") == 0 && - val_tag == IPP_TAG_TEXT ) { -- snprintf(t_printer->info,sizeof(t_printer->info), ippGetString(attr, 0, NULL) ); -+ snprintf(t_printer->info,sizeof(t_printer->info), "%s", ippGetString(attr, 0, NULL) ); - } - else if ( strcmp(attr_name, "printer-location") == 0 && - val_tag == IPP_TAG_TEXT ) { -- snprintf(t_printer->location,sizeof(t_printer->location),ippGetString(attr, 0, NULL) ); -+ snprintf(t_printer->location,sizeof(t_printer->location),"%s", ippGetString(attr, 0, NULL) ); - } - else if ( strcmp(attr_name, "printer-make-and-model") == 0 && - val_tag == IPP_TAG_TEXT ) { -- snprintf(t_printer->make_model,sizeof(t_printer->make_model),ippGetString(attr, 0, NULL) ); -+ snprintf(t_printer->make_model,sizeof(t_printer->make_model),"%s", ippGetString(attr, 0, NULL) ); - } - else if ( strcmp(attr_name, "printer-state") == 0 && - val_tag == IPP_TAG_ENUM ) { diff --git a/extra/hplip/PKGBUILD b/extra/hplip/PKGBUILD index 887690e28..2a459f8ee 100644 --- a/extra/hplip/PKGBUILD +++ b/extra/hplip/PKGBUILD @@ -7,8 +7,8 @@ # - patch to remove x86-only ImageProcessor pkgname=hplip -pkgver=3.23.8 -pkgrel=2 +pkgver=3.23.12 +pkgrel=1 epoch=1 pkgdesc="Drivers for HP DeskJet, OfficeJet, Photosmart, Business Inkjet and some LaserJet" arch=('x86_64') @@ -32,25 +32,21 @@ optdepends=('cups: for printing support' backup=('etc/hp/hplip.conf' 'etc/sane.d/dll.d/hpaio') source=(https://downloads.sourceforge.net/${pkgname}/$pkgname-$pkgver.tar.gz{,.asc} disable_upgrade.patch - 0001_hppsfilter_booklet_printing_change_insecure_fixed_tm.patch 0003-models.dat-Re-add-drivers-missing-from-3.19.1.patch 0018-Allow-non-JPEG-scanning-on-the-HP-DeskJet-3520-All-i.patch 0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch 0023-Fix-handling-of-unicode-filenames-in-sixext.py.patch - 0025_fix-Werror-format-security.patch 0001-Remove-ImageProcessor.patch # use the one from Fedora hplip-configure-python.patch python3.diff reproducible-gzip.patch) -sha512sums=('727b5a6c5b5c77571f1bc27efd493cf8177f543412fa70f0f1ff3439d6599c85985206ccb1c60dbc8bec1e23ef6b25f9030fd872c24799029ba8526b0061cc90' +sha512sums=('7461ffec38be68421e4204021f53d2b1641e7a67c14f205390d45f487a1af90956fd221f7e1561635508103ae944f19e04d6052d3f8928f2c9685fdcdcf515df' 'SKIP' 'a12aaeece5285ffb86bdbc24871bf512fbc1f29da44ae51ded314378032662074a42b8aca23bebb378bf78ed15bb7f99da59bfb4cd456f3458e7a5ef42a900f8' - '7902950fbd9affaf01b8406fb8e49648ad06a8495e76ad3c5717a6d62f415616d9cc01f31da08d14ce36acec672e3b843b790ac1e4525838ddc707ab0cb87d2f' 'f79b3f09d022178099f38b9eae1792396e730eb5352a03d088e6610d92b3895f3f65bb92089ce7f5b21d794f9716ceb176d29ca7283e8a48bb04cf6aba305a2f' '93e29a9ef893636b2b84443e75525c4ed42531d6e68a182dfbb725c3919c77b966b5e7d9381a34d3b5853423995a7b15efb69ce3e500ec72b25b65b2ad6bd64c' '22aeb5b851f78bc6bc62e0bc3da99fecaf42d7604af41e2f3343f8d3666541f7b06b7d1a7d0ddf24f1731ac7b12dfe582375a98e3b94dfa323d6ce954549ca67' - 'b7e67bccb2516f4d98e4c5ea55f7d2299d95bfdc341dbc0149af1423169bedcd8bcfdb125c92f373e9e7be57ea284fef80a8343035fb42572b9cb927929cd257' '763949a0bc460dcc9faefc86f2a91cf342781bfce696ed0c3826758572dd03ac266bbeb7b6a4f9376ac298d7d3c9c4def42d94921a8e1d1695e39396e36d95ff' '7f402ed13341ac9a01f28ecdb97effcd15f5fa9d123e554d4dd78e9f5ed01bcf7b4fe7400c53ddf5e7068f9ffd858d8fefe060e2fcacea0a0524145d78e315cc' '089c102357ea5fd55d81ae76aaff62713f780fd84500c3b92ecd6b2bb11ccdc3a162978548e9a5f9e98a8354a5be3997e416c52daa18eda4621ed79a29d6fea8' @@ -63,8 +59,6 @@ prepare() { # disable insecure update - https://bugs.archlinux.org/task/38083 patch -Np0 -i "${srcdir}"/disable_upgrade.patch - # security issues in hpps - https://www.openwall.com/lists/oss-security/2023/11/17/1 - patch -Np1 -i "${srcdir}"/0001_hppsfilter_booklet_printing_change_insecure_fixed_tm.patch # add missing 'include ' at various places patch -Np1 -i "${srcdir}"/0022-Add-include-cups-ppd.h-in-various-places-as-CUPS-2.2.patch # fix some handling unicode file names FS#58412 @@ -76,8 +70,6 @@ prepare() { patch -Np1 -i "${srcdir}"/python3.diff # remove imageprocessor patch -Np1 -i "${srcdir}"/0001-Remove-ImageProcessor.patch - # fix -Werror=format-security build error with gcc 12 - patch -Np1 -i "${srcdir}"/0025_fix-Werror-format-security.patch # https://bugs.launchpad.net/hplip/+bug/1879445 # broken scanning - https://bugs.archlinux.org/task/66704 patch -Np1 -i ../hplip-configure-python.patch