Author: Till Kamppeter
Revision Date: 2015-09-17 21:24:00 UTC

debian/local/scripts/hp-plugin-ubuntu: Use pkexec instead of
gksu (LP: #1496980).

Author: Till Kamppeter
Revision Date: 2015-09-17 21:24:00 UTC

debian/local/scripts/hp-plugin-ubuntu: Use pkexec instead of
gksu (LP: #1496980).

Author: Micah Gersten
Revision Date: 2015-08-02 21:08:06 UTC

* Re-uploaded 3.14.3-0ubuntu3.3 due to security update
* Backport patch from vivid to allow non-JPEG scanning on the HP DeskJet 3520
  All-in-One and similar devices. Thanks to Lubos Dolezel for the patch.
  Refreshed patch against trusty package (LP: #1245578)

Author: Marc Deslauriers
Revision Date: 2015-07-30 08:30:50 UTC

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.patch: use long key id in
    base/validation.py, base/utils.py, installer/pluginhandler.py.
  - CVE-2015-0839
* This package does _not_ contain the changes from 3.14.3-0ubuntu3.3 in
  trusty-proposed.

Author: Marc Deslauriers
Revision Date: 2015-07-30 08:23:47 UTC

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.patch: use long key id in
    base/validation.py.
  - CVE-2015-0839

Author: Marc Deslauriers
Revision Date: 2015-07-30 09:01:29 UTC

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.dpatch: use long key id in
    installer/core_install.py.
  - CVE-2015-0839

Author: Marc Deslauriers
Revision Date: 2015-07-30 09:01:29 UTC

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.dpatch: use long key id in
    installer/core_install.py.
  - CVE-2015-0839

Author: Marc Deslauriers
Revision Date: 2015-07-30 08:30:50 UTC

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.patch: use long key id in
    base/validation.py, base/utils.py, installer/pluginhandler.py.
  - CVE-2015-0839
* This package does _not_ contain the changes from 3.14.3-0ubuntu3.3 in
  trusty-proposed.

Author: Marc Deslauriers
Revision Date: 2015-07-30 08:23:47 UTC

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.patch: use long key id in
    base/validation.py.
  - CVE-2015-0839

Author: Micah Gersten
Revision Date: 2015-06-22 21:18:07 UTC

Backport patch from vivid to allow non-JPEG scanning on the HP DeskJet 3520
All-in-One and similar devices. Thanks to Lubos Dolezel for the patch.
Refreshed patch against trusty package (LP: #1245578)

Author: Till Kamppeter
Revision Date: 2015-05-06 16:50:00 UTC

debian/patches/hp-plugin-download-fix.patch: Fix download and installation
of HP's proprietary plug-in in Python3 environments (LP: #1422004).

Author: Till Kamppeter
Revision Date: 2015-03-17 16:04:00 UTC

debian/rules: Remove explicit call of /usr/bin/python when calling the
/usr/bin/hp-config_usb_printer script so that the shebang does not get
overridden (LP: #1425812).

Author: Harald Sitter
Revision Date: 2014-07-29 22:51:04 UTC

Add process-events-for-systray.patch to enable sni-qt compatiblity to
allow hp-systray to continue working in Plasma 5.x workspaces.

Author: Till Kamppeter
Revision Date: 2014-04-04 17:00:00 UTC

debian/patches/musb-c-do-not-crash-on-usb-failure.patch: Make sure that
the HPLIP components which access the USB (especially the CUPS backends
"hp" and "hpfax") do not crash when libusb fails to connect to the USB,
for example on machines without USB or with the USB kernel modules not
loaded (LP: #1302437).

Author: Scott Kitterman
Revision Date: 2014-01-22 08:39:25 UTC

No-change backport to precise

Author: Marc Deslauriers
Revision Date: 2014-01-20 10:51:43 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.patch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402
* SECURITY UPDATE: insecure upgrade feature
  - debian/non-shipped-files.txt, debian/hplip.install: don't ship
    hp-upgrade and upgrade.py.
  - CVE-2013-6427

Author: Marc Deslauriers
Revision Date: 2014-01-20 10:51:43 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.patch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402
* SECURITY UPDATE: insecure upgrade feature
  - debian/non-shipped-files.txt, debian/hplip.install: don't ship
    hp-upgrade and upgrade.py.
  - CVE-2013-6427

Author: Marc Deslauriers
Revision Date: 2014-01-20 11:03:10 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.dpatch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402

Author: Marc Deslauriers
Revision Date: 2014-01-20 11:03:10 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.dpatch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402

Author: Marc Deslauriers
Revision Date: 2014-01-20 10:56:11 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.patch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402
* SECURITY UPDATE: insecure upgrade feature
  - debian/non-shipped-files.txt, debian/hplip.install: don't ship
    hp-upgrade and upgrade.py.
  - CVE-2013-6427

Author: Marc Deslauriers
Revision Date: 2014-01-20 10:56:11 UTC

* SECURITY UPDATE: insecure temp file use in pkit.py
  - debian/patches/CVE-2013-6402.patch: remove logging to temp file in
    base/pkit.py.
  - CVE-2013-6402
* SECURITY UPDATE: insecure upgrade feature
  - debian/non-shipped-files.txt, debian/hplip.install: don't ship
    hp-upgrade and upgrade.py.
  - CVE-2013-6427

Author: Marc Deslauriers
Revision Date: 2013-09-13 11:35:06 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-4325.patch: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus in base/pkit.py.
  - CVE-2013-4325

Author: Marc Deslauriers
Revision Date: 2013-09-13 11:35:06 UTC

* SECURITY UPDATE: possible privilege escalation via policykit UID lookup
  race.
  - debian/patches/CVE-2013-4325.patch: pass system-bus-name as a subject
    instead of pid so policykit can get the information from the system
    bus in base/pkit.py.
  - CVE-2013-4325

Author: Mark Purcell
Revision Date: 2013-09-21 08:24:35 UTC

* New upstream release
* Fix CVE-2013-4325 hplip: Insecure calling of polkit
  - Apply Redhat patch (Closes: #723716)
  - Urgency medium
* Fix "Rebuild against pyppd 1.0.1" patch from OdyX (Closes: #722695)

Author: Mark Purcell
Revision Date: 2013-09-21 08:24:35 UTC

* New upstream release
* Fix CVE-2013-4325 hplip: Insecure calling of polkit
  - Apply Redhat patch (Closes: #723716)
  - Urgency medium
* Fix "Rebuild against pyppd 1.0.1" patch from OdyX (Closes: #722695)

Author: Mark Purcell
Revision Date: 2013-03-09 11:29:44 UTC

* New Upstream Release
  - Fixes CVE-2013-0200 (Closes: #701185)
  - Fixes "hp-check does not find installed Xsane" (Closes: #690362)
* Ack NMU - Thanks Sebastian Ramacher

Author: Mark Purcell
Revision Date: 2013-03-09 11:29:44 UTC

* New Upstream Release
  - Fixes CVE-2013-0200 (Closes: #701185)
  - Fixes "hp-check does not find installed Xsane" (Closes: #690362)
* Ack NMU - Thanks Sebastian Ramacher

Author: Till Kamppeter
Revision Date: 2012-10-11 21:40:00 UTC

debian/patches/hplip-release-parport.patch: libsane-hpaio does not close
/dev/parportafter checking for a scanner (LP: #1065582, Red Hat bug
#1065582).

Author: Till Kamppeter
Revision Date: 2012-10-11 21:40:00 UTC

debian/patches/hplip-release-parport.patch: libsane-hpaio does not close
/dev/parportafter checking for a scanner (LP: #1065582, Red Hat bug
#1065582).

Author: Till Kamppeter
Revision Date: 2012-06-26 20:55:00 UTC

debian/control: Let hplip recommend printer-driver-postscript-hp
(LP: #1014478).

Author: Till Kamppeter
Revision Date: 2012-04-04 13:59:00 UTC

debian/patches/fax-support-hp-laserjet-m1522nf-mfp.dpatch: Fixed fax
sending support for the HP LaserJet M1522nf MFP (LP: #790238).

Author: Till Kamppeter
Revision Date: 2011-12-01 12:26:00 UTC

debian/patches/hpcups-top-margins-not-respected.dpatch: Reverted upstream
change which caused a regression in handling the upper margin by monochrome
laser printers in hpcups (LP: #890684, Red Hat bug #738089).

Author: Till Kamppeter
Revision Date: 2011-12-01 12:26:00 UTC

debian/patches/hpcups-top-margins-not-respected.dpatch: Reverted upstream
change which caused a regression in handling the upper margin by monochrome
laser printers in hpcups (LP: #890684, Red Hat bug #738089).

Author: Till Kamppeter
Revision Date: 2011-09-27 17:13:00 UTC

* debian/patches/hp-systray-make-menu-title-visible-in-sni-qt-indicator.dpatch:
  Simplified the construction of the title line of the hp-systray applet
  menu, so that the applet-to-indicator converter sni-qt also imports this
  title line (at least the text of it). Thanks to Aurelien Gateau for this
  patch.
* debian/patches/hp-systray-make-menu-appear-in-sni-qt-indicator-with-kde.dpatch:
  Make the menu of the hp-systray applet appearing when the applet is
  converted to an indicator applet by sni-qt and put into the notification
  area of KDE (LP: #857929).

Author: Till Kamppeter
Revision Date: 2011-03-25 17:08:18 UTC

* debian/patches/workaround-sf-server-bug-for-plugin-index-download.dpatch:
  In order to download the proprietary plug-in (firmware files, driver
  add-ons), the "hp-plugin" utility downloads an index file from SourceForge.
  Due to software changes at SourceForge which introduced a bug, Python's
  urllib is not able any more to download this file, making the plug-in
  download via "hp-plugin" impossible. HP has quickly released HPLIP 3.11.3a
  which works around the problem by using the command line utility "wget".
  This patch is a backport of the workaround (LP: #740140).

* debian/control: Let hplip depend on wget. wget is needed for the plugin
  download now.

Author: Marc Deslauriers
Revision Date: 2011-01-24 11:26:42 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via long SNMP response
  - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
  - CVE-2010-4267

Author: Marc Deslauriers
Revision Date: 2011-01-24 11:18:17 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via long SNMP response
  - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
  - CVE-2010-4267

Author: Marc Deslauriers
Revision Date: 2011-01-24 11:26:42 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via long SNMP response
  - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
  - CVE-2010-4267

Author: Marc Deslauriers
Revision Date: 2011-01-24 12:33:49 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via long SNMP response
  - debian/patches/94_SECURITY_CVE-2010-4267.dpatch: validate dLen in
    io/hpmud/pml.c.
  - CVE-2010-4267

Author: Marc Deslauriers
Revision Date: 2011-01-24 12:33:49 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via long SNMP response
  - debian/patches/94_SECURITY_CVE-2010-4267.dpatch: validate dLen in
    io/hpmud/pml.c.
  - CVE-2010-4267

Author: Marc Deslauriers
Revision Date: 2011-01-24 11:18:17 UTC

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via long SNMP response
  - debian/patches/CVE-2010-4267.dpatch: validate dLen in io/hpmud/pml.c.
  - CVE-2010-4267

Author: Till Kamppeter
Revision Date: 2010-10-21 14:35:03 UTC

* debian/hplip-cups.postinst, debian/hpijs.postinst: Switch back to HPIJS as
  default driver (migrate hpcups queues to HPIJS) as there are still problems
  with hpcups and duplex printing (LP: #428588, LP: #487695, LP: #657357).
* debian/control: Let hplip depend on hpijs instead of on hplip-cups as
  printer driver.

Author: Till Kamppeter
Revision Date: 2010-09-22 13:23:03 UTC

debian/local/pyppd/pyppd/: Updated to pyppd 0.4.9, to suppress runtime
error tracebacks by putting a "try: ... except ...: pass" construct around
the main function call. This avoids Apport pop-ups when the execution of the
self-extracting compressed PPD file archives gets stopped by the calling
process (LP: #618017).

Author: Till Kamppeter
Revision Date: 2010-07-19 17:58:18 UTC

debian/patches/black-stripes-on-pcl5c-printouts.dpatch: The PCL 5c
driver (Color LaserJet) printed blank raster lines in black (LP: #561264).

Author: Till Kamppeter
Revision Date: 2010-04-12 10:55:18 UTC

* debian/hplip-dbg.install, debian/hplip.install, debian/control: Moved
  hp-check into hplip-dbg, as it is a debugging tool. Added dependency
  on libcups2-dev to hplip-dbg, as hp-check needs cups-config
  (LP: #530327).
* debian/hplip-cups.postinst, debian/hpijs.postinst,
  debian/hpijs-ppds.postinst: Updated also PPDs with version numbers like
  3.10.2rc1.9.

Author: Till Kamppeter
Revision Date: 2009-10-09 18:39:38 UTC

debian/patches/set-media-type.dpatch: Fix media type selection for CD/DVD
printing with the HPIJS driver, as we still use HPIJS by default. Fixes
LP: #380858 for the HPIJS driver.

Author: Ansgar Burchardt
Revision Date: 2008-12-18 12:45:10 UTC

debian/hplip.postinst: Removed code to correct permissions of .hplip
personal config in user's home directories (Ubuntu LP: #191299).

Author: Till Kamppeter
Revision Date: 2009-03-30 00:56:49 UTC

debian/patches/nicknames-device-ids.dpatch: Added patch from upstream
for not shortening the *NickName: entries in the PPDs and not to replace
" " by "_" in the device IDs in the PPDs (Upstream bugs: LP: #349539,
LP: #349547).

Author: Till Kamppeter
Revision Date: 2008-10-13 11:48:02 UTC

* debian/patches/kde4-kdesudo-support.dpatch: KDE 4 does not use "kdesu"
  any more for running applications as root. It uses "kdesudo" now. Added
  support for this change (LP: #281880).

* debian/control: hplip-gui requires now one of the three packages which
  provide the tools "gksu", "kdesu", and "kdesudo" (LP: #281880). Unneeded
  suggest for these packages in the hplip package removed.

Author: Till Kamppeter
Revision Date: 2008-04-15 13:28:52 UTC

debian/local/scripts/create_hal_global_fdi_from_hpmud_rules.sh: Corrected
fdi script so that it actually works (LP: #195782).

Author: John Dong
Revision Date: 2008-02-05 02:30:41 UTC

Automated backport upload; no source changes.

Author: Ansgar Burchardt
Revision Date: 2008-12-18 12:45:10 UTC

debian/hplip.postinst: Removed code to correct permissions of .hplip
personal config in user's home directories (Ubuntu LP: #191299).

Author: Marc Deslauriers
Revision Date: 2008-11-18 13:39:37 UTC

* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
  functionality.
  - debian/patches/91_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
    in hpssd.py to validate device-uri parameter and disable
    handle_setalerts(). This fix alters hplip behaviour by preventing
    users from setting alerts and by moving alert configuration to a
    root-controlled /etc/hp/alerts.conf file.
  - CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
  - debian/patches/92_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
    in hpssd.py to correctly validate parameters.
  - CVE-2008-2941

Author: Kees Cook
Revision Date: 2007-10-11 10:25:17 UTC

* SECURITY UPDATE: arbitrary command execution via network
* Add debian/patches/90_subprocess_replacement: use subprocess instead.
* References
  https://launchpad.net/bugs/149121
  CVE-2007-5208

Author: Kees Cook
Revision Date: 2007-10-11 10:25:17 UTC

* SECURITY UPDATE: arbitrary command execution via network
* Add debian/patches/90_subprocess_replacement: use subprocess instead.
* References
  https://launchpad.net/bugs/149121
  CVE-2007-5208

Author: Kees Cook
Revision Date: 2007-10-11 10:25:17 UTC

* SECURITY UPDATE: arbitrary command execution via network
* Add debian/patches/90_subprocess_replacement: use subprocess instead.
* References
  https://launchpad.net/bugs/149121
  CVE-2007-5208

Author: Till Kamppeter
Revision Date: 2007-04-03 16:40:55 UTC

* New upstream release (closes: LP#82546, LP#83936, LP#85805, LP#87695,
  LP#92237, LP#94013, LP#94015, LP#94823, LP#95489)
  * HPLIP 1.7.3
    + Added the <nopjl /> tag to hpijs-generator.in. This will remove
      the extra foomatic PJL options from most HP LaserJet PPD
      files. The extra foomatic PJL options caused some HPIJS PCL data
      issues. This fixes a "PCL XL error" on LJ1010/1012 that can
      occur on different PCs (closes: LP#92237).
    + Fixed defect (An error occurs when send a fax coverpage with "&"
      or "<" character in Regarding or Optional Message field.)
    + Removed banner pages from fax print settings
    + Altered hpfax: device discovery output to match hp: scheme (CUPS
      1.2 only)
    + Removed the wait cursor during the password entry screen
      [reported by Johannes]
    + Added error messages and suppressed content in toolbox when
      device is not found or unsupported
    + A new configure option was added --enable-cups11-build, this
      option controls the hp/hpfax device discovery message when no
      devices are found. If needed, this option provides backward
      compatibility with CUPS 1.1.x applications.
      With --enable-cups11-build set the "no_device_found" message is
      displayed during device discovery by the "hp" backend.
      With --disable-cups11-build (default) set the backend prints a
      scheme based on the following conditions.
          Condition 1 - no daemons
            output nothing stdout return exit 1
          Condition 2 - daemons running, no HP devices, output scheme
            direct hp "Unknown" "HP Printer (HPLIP)" return exit 0
          Condition 3 - daemons running, HP printer found, output URI
            direct hp:/... "hp model" "HP model HPLIP" "deviceid"
          return exit 0
      (closes: LP#87695)
    + Changed the way that hp-setup was being launched from the
      toolbox, it was hanging on Edgy
    + Added Tools > Printer Information
    + Added a check for 'lpr' for Debian installation (to force
      install of cupsys-bsd)
    + Moved the password prompt in the text/CLI installer past the
      distro confirm/select prompts to handle a problem with Mepis
    + Made a change to determine if networking is working during
      installation.
    + Added a private copy of sanei_init_debug to libsane-hpaio. This
      will remove the libsane.so dependency which was a problem for
      WINE.
    + Fixed defect (PPD file "foomatic:HP-PSC_2400-hpijs.ppd" can not
      be found when set up PSC 2400 in interactive mode, closes
      LP#95489)
    + Fixed a page update defect in the toolbox (when switching
      devices, update page correctly)
    + Re-wrote hpaioAdvanceDocument function in libsane-hpaio. This
      change only effects SCL scanners with an ADF (ie: inkjet
      all-in-ones). This fixes a double-feed ADF issue which occurred
      when scanning a single page.
    + Fixed defect (An unexpected error occurs when perform color
      calibration job in GUI mode on photosmart c7180.)
    + Some toolbox UI improvements
    + Converted hp-print to new UI
    + Fixed some defects in scrollprintview and devmgr
    + Added network detection to text/CLI installer
    + Toolbox internal/built-in print utility
    + Added password entry and validation to text/CLI installer
    + Fixed an issue when the ~/.hplip.conf file is not present on 1st
      run, the hp-setup run as root owns the file and doesn't allow the
      regular user to write to it.
    + Fixed defect (hp-setup -i can not setup a printer Photosmart
      c3100 which has multiple possible PPD files.)
    + Some visual updates to the toolbox
    + Fixed defect (DJ 4x0 power/battery settings not staying set)
    + Added a confirmation dialog to device remove in the toolbox
    + Linked quality and printoutmode in print settings
    + Switched [x] Enable style controls to (*) On ( ) Off style in
      print settings
    + Supply icons auto generate (removed supply PNG icons from
      data/images)
    + Fixed an issue with r_values in supplies processing
    + Added type 12 head support for PS33xx, PSC61xx, etc.
    + Fixed defect (The Print Settings of Fax device are invalid)
    + Fixed issue where L7xxx color cal wasn't showing the load paper UI
    + Fixed defect (The command "hp-setup -i" can not work normally)
    + Fixed defect (The setup process will hang up when modify the fax
      name to a name which contains more than 104 characters on setup
      UI.)
    + Changed magic.py to better handle text/plain vs. data detection
    + Added last used working directory support to hp-sendfax,
      hp-print, and hp-unload
  * HPLIP 1.7.2 (Not published as Ubuntu or Debian package)
    + Fixed defect (The fax file is printed out by the sender when use
      printer name with "-p" parameter to perform a fax job.)
    + Added CUPS fax queues to Print Settings and Print Control tabs
    + Added PQ Diag type 2, align type 12, color cal type 6, and LF
      cal type 2 for Officejet Pro L7xxx
    + Added agent types 20 and 21 for Officejet Pro L7xxx
    + Fixed defect (There is no response when click "About" in the
      "Help" menu in the toolbox window.)
    + Fixed defect (Function Commands configuration was disabled)
    + Fixed an issue where the ending banner page combo box would not
      show the proper setting if it were not 'none'
    + Fixed defect (An error occurs when select other ppd files from
      toolbox to setup)
    + Fixed defect (The command "hp-setup -i" can not work normally)
    + Fixed defect (The output of "-t" parameter is not the same as
      "--prettyprint" parameter when send a fax job using pretty
      printing for text files.)
    + Fixed defect (An error occurs when enter "#" in Fax Name field
      on "Enter Printer Information" window during setting up a
      printer.)
    + Fixed defect (Print outcomes are not full when set the "Page
      Orientation" as "Landscape" on "Print Settings" table.) [added
      "Fit to page" option in image printing section of Print Settings
      tab.]
    + Moved installer/images/xxx files from SCRIPT to DATA install in
      Makefile.am.
    + Fixed non-functioning printer control in hp-toolbox
    + Fixed an issue with the settings dialog not working [reported by
      Johannes]
    + Additional fixes to get PPD file handling working on Edgy and
      Feisty for CUPS 1.2.
    + Fixes for CUPS 1.2 and auto-generated PPD files for Feisty Fawn
      [reported by Till] (closes: LP#95489)
    + Fixed potential subscript array overflow in pcard/fat.c
      (reported by Suse).
    + Fixed an issue reported by Till with the device string returned
      by hpfax:
    + Fixed an issue in in the NoDeviceForm (missing __tr() method)
    + Fixed defect (Ubuntu Fiesty Herd 3 - ppd file w/hp-setup
      problem) [implemented change to PPD file enumeration for CUPS 1.2
      as suggested by Till] (closes: LP#95489)
    + Added banner pages to print settings (job-sheets)
    + Fixed problem with watermark angle text in print settings (utf-8
      decoding)
    + Added libusb-devel check to configure.in.
    + Added image printing settings to toolbox print settings
    + Added print adjustment settings to toolbox print settings
    + Enhanced the default button behavior in toolbox print settings
    + Removed sticky print settings from hp-print
    + hp_laserjet_p2015_series: Changed embedded-server-type from '0'
      to '1'
    + hp_laserjet_p2015_series: Changed panel-check-type from '0' to '1'
    + Fixed a traceback in hpfax: if HPLIP is not running during
      device detection (closes: LP#83936)
    + Added print job icons to indicate print job status
    + Updated some status icons
    + Fixed defect (An unexpected error occurs when enter hp-makecopies
      -d<device-uri> -m1 -n in terminal)
    + Fixed defect ("See Also:hp-colorcal" should not occur in the
      explanation for the hp-colorcal command on hplip website.)
    + Fixed defect (Refresh All button can not work on build
      hplip-1.7.1 public release.)
    + Fixed an issue in hpssd that caused history items in the ring
      buffer to slotted incorrectly
    + Added duplexer detection to the "sides" setting in the toolbox
      Print Settings (no "sides" selection if duplexer == 0)
    + Added new, more useful icons to the status list in the toolbox
    + Major toolbox (Device Manager) upgrade/redesign
    + Added printer settings tab (sets printer options in
      ~/.cups/lpoptions)
    + Removed panel tab (merged panel with status tab)
    + Redo of functions tab (new layout)
    + Redo of status tab (new icons, layout, inclusion of front panel
      display)
    + Front panel display will show device panel if available,
      otherwise most recent status text
    + Redo of supplies tab (new layout)
    + Redo of print jobs tab (now called printer control) (print
      control widget, new layout, etc)
    + hpssd will not store multiple history items with the same error
      code (last one gets replaced)
    + About box upgraded
    + cupsext extended in functionality (ppd, options, etc)
    + Removed trailing white space in IEEE 1284 model name. This will
      fix URIs that have a trailing "_" character in the model
      name. This issue crept back into the hpiod code after the libusb
      update (closes: LP#85805).
    + Fixed an issue in hp-check that caused a traceback if
      '/etc/sane.d/dll.conf' is missing
    + Added some more bug messages to hpaio.
    + Fixed a traceback in hp-levels reported on the mailing list (defect)
    + Set the device list column width in the toolbox splitter to be
      more narrow by default
    + Added the toolbox software version to the Device Manager about dialog
  * HPIJS 2.7.2
    + Fixed media type for maxdpi printmode for vip printers and its
      derivatives
    + Fixed the cause of carriage stall error in C41xx printers
    + Added support for the following new printer(s).
        * Officejet Pro L7300 series (OJProKx50)
        * Officejet Pro L7500 series (OJProKx50)
        * Officejet Pro L7600 series (OJProKx50)
        * Officejet Pro L7700 series (OJProKx50)
        * HP Officejet Pro K5300 series (OJProKx50)
        * HP Officejet Pro K5400 series (OJProKx50)
        * HP Officejet J5700 series (DJGenericVIP)
      OJProKx50 is derived from DJGenericVIP.
* 80_laserjet1100_fix.dpatch: Fixed problem of accessing an HP LaserJet 1100
  on the parallel port (reported in LP#98520).
* 82_scrolltool_py_deskjet_d4100_claen_device_not_found.dpatch: Fixed problem
  of Python traceback when DeskJet 4100 not accessible (e. g. turned off),
  reported in LP#98520 by Aaron Albright.
* 84_align10form_py_deskjet_5440_head_align.dpatch: Fixed problem of head
  alignment GUI not working for DeskJet 5440 (closes: LP#98920).
* Removed patches 00_01_hplevels_fix.dpatch,
  80_hpijs_deskjet_d41xx_hangs.dpatch,
  85_hpfax_crash_when_hpssd_not_running.dpatch,
  90_hpfax_bad_lpinfo_-v_output.dpatch, merged upstream.
* Remade patch 14_charsign_fixes.dpatch, most of it was merged upstream.
* 61_noqt_message.dpatch: Improved error message which appears when
  HPLIP utilities are called from the menu but PyQt is not installed
  (closes: LP#86893)..
* Modified the debian/*.desktop files so that the environment variable
  "STARTED_FROM_MENU=1" is set to make the utilities showing the
  GTK-based error message window when called from the menu and PyQt is
  not installed (closes: LP#86893).
* Added "NoDisplay=true" to the debian/*.desktop files so that the menu
  entries for the HPLIP tools are hidden by default (closes: LP#67892).
* Fixed the pelling of the icon file names in the debian/*.desktop files
  (closes: LP#88290).
* Removed debian/hp-toolbox.desktop, it was a duplicate menu entry for the
  HP Toolbox.
* debian/hplip.postinst: Added clean-up for the ownerships of the user's
  .hplip.conf files. hp-setup of HPLIP 1.7.1 (and perhaps some older
  versions) created it with root ownerships and this made hp-toolbox not
  starting (closes: LP#99326).

Author: Kees Cook
Revision Date: 2007-10-11 10:25:17 UTC

* SECURITY UPDATE: arbitrary command execution via network
* Add debian/patches/90_subprocess_replacement: use subprocess instead.
* References
  https://launchpad.net/bugs/149121
  CVE-2007-5208

Author: Kees Cook
Revision Date: 2007-10-11 10:25:17 UTC

* SECURITY UPDATE: arbitrary command execution via network
* Add debian/patches/90_subprocess_replacement: use subprocess instead.
* References
  https://launchpad.net/bugs/149121
  CVE-2007-5208

Author: Matthias Klose
Revision Date: 2006-10-13 15:28:47 UTC

Add missing libsane-hpaio.so.1.0.0 library. Ubuntu #65908.

Author: Marc Deslauriers
Revision Date: 2008-11-18 13:39:37 UTC

* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
  functionality.
  - debian/patches/70_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
    in hpssd.py to validate device-uri parameter and disable
    handle_setalerts(). This fix alters hplip behaviour by preventing
    users from setting alerts and by moving alert configuration to a
    root-controlled /etc/hp/alerts.conf file.
  - CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
  - debian/patches/71_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
    in hpssd.py to correctly validate parameters.
  - CVE-2008-2941

Author: Marc Deslauriers
Revision Date: 2008-11-18 13:39:37 UTC

* SECURITY UPDATE: privilege escalation using the hplip alert-mailing
  functionality.
  - debian/patches/70_SECURITY_CVE-2008-2940.dpatch: fix handle_event()
    in hpssd.py to validate device-uri parameter and disable
    handle_setalerts(). This fix alters hplip behaviour by preventing
    users from setting alerts and by moving alert configuration to a
    root-controlled /etc/hp/alerts.conf file.
  - CVE-2008-2940
* SECURITY UPDATE: denial of service in hpssd message parser.
  - debian/patches/71_SECURITY_CVE-2008-2941.dpatch: fix handle_event()
    in hpssd.py to correctly validate parameters.
  - CVE-2008-2941

Author: Matthias Klose
Revision Date: 2006-04-11 10:27:47 UTC

* Synchronize with Debian unstable.
* Keep the .desktop file, add "NoDisplay=true".
* Keep qt build dependencies, now in main.
* hplip-data now provides hpijs-data (introduced in 0.9.8).
* Try to open a message dialog for the "No Qt" message. Malone: #26413.
* Install ppd files into a manufacturer specific directory.
* Set the manufacturer name to "HP".
* Start hplip before cupsys. Malone: #3841, #26570.
* Put toolbox icon in category system, not application. Malone: #25627.

Author: LaMont Jones
Revision Date: 2005-09-22 12:08:22 UTC

* Fix big-endian architecture FTBFS.
  - adds 90_bigendian-fix.dpatch
* Fix configure.in breakage when picking default desktop directory.
  - adds 88_configure.in.dpatch, 89_configure.dpatch

Author: Henrique de Moraes Holschuh
Revision Date: 2005-02-01 12:46:56 UTC

* Henrique de Moraes Holschuh:
  * HPLIP:
    * Remove stray tab on 50_securityfix_umask.dpatch. Reupload in
      case python decides to croak on us because of it
    * Remove unneeded (but harmless) patch 21_base_pidfile_support.dpatch