lp:ubuntu/trusty-security/hplip

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

49. By Marc Deslauriers on 2015-07-30

* SECURITY UPDATE: insecure use of short gpg key id
  - debian/patches/CVE-2015-0839.patch: use long key id in
    base/validation.py, base/utils.py, installer/pluginhandler.py.
  - CVE-2015-0839
* This package does _not_ contain the changes from 3.14.3-0ubuntu3.3 in
  trusty-proposed.

48. By Till Kamppeter on 2014-04-04

debian/patches/musb-c-do-not-crash-on-usb-failure.patch: Make sure that
the HPLIP components which access the USB (especially the CUPS backends
"hp" and "hpfax") do not crash when libusb fails to connect to the USB,
for example on machines without USB or with the USB kernel modules not
loaded (LP: #1302437).

47. By Till Kamppeter on 2014-03-27

debian/local/HP-LaserJet_4000-PostScript-PPD.patch, debian/rules: Patch
PPD file for the HP LaserJet 4000 to use the same JobPatchFile as the
LaserJet 4050. It seems that the 4000 has the same PS interpreter bug to
work around. Note that it is not possible to use the standard mechanisms
for patches as HP ships all PPDs compressed (Closed: #742766).

46. By Till Kamppeter on 2014-03-11

* New upstream release
  - Added support for: HP Deskjet Ink Advantage 4640/4645/4646/4648
    e-All-in-One Printer, HP LaserJet Pro MFP M125/M126/M127 series.
  - printer name changes when power cycled (LP: #1273905).
  - hp-config_usb_printer is trying to configure HP keyboard and mouse
    (LP: #1266704).
  - "HP Device Manager" deletes other queues (LP: #1253432).
  - hpcups filter crash fix (LP: #1250806).
  - Error with 'hp-setup' (LP: #1273043).
  - Should run hp-firmware from udev separately (LP: #1255033).
  - Do not put static printer-independent strings like "Automatically setup
    by HPLIP" into the description field of a CUPS queue, remote clients use
    the description to identify network printers (LP: #1266011).
  - Fixed align functionality issue with HP OfficeJet 6100
  - Systray notification does not pop-up after configuring the device using
    'hp-setup' command
  - Unable to configure second fax queue in interactive mode
  - Fixed missing 'No 6 3/4 Envelope' media size for HP OfficeJet 7619 Series
  - Printer name does not change when navigate back and forward to change
    the printer queue

45. By Mark Purcell on 2014-01-19

* New upstream release
  - CVE-2013-6427: hplip: insecure auto update feature
  - CVE-2013-6402: hplip: insecure temporary file handling in pkit.py

[ Till Kamppeter ]
* debian/control: Changed Depends/Recommends on foomatic-filters to
  "cups-filters (>= 1.0.42) | foomatic-filters" as foomatic-rip has
  moved to cups-filters from version 1.0.42 on (Closes: #734140).

[ Mark Purcell ]
* Ack NMU - thanks ~carnil
* Drop CVE-2013-6402.patch - addressed upstream

44. By Salvatore Bonaccorso on 2014-01-12

* Non-maintainer upload.
* Add CVE-2013-6402.patch patch.
  CVE-2013-6402: Fix insecure temporary files handling in pkit.py.
  (Closes: #725876)
* Add missing dh_bugfiles invocation in binary-indep target

43. By Mark Purcell on 2013-12-15

* Urgency medium for CVE fix
* Sync with ubuntu - thks ~marc.deslauriers
  - Fixes "CVE-2013-6427: insecure (undocumented) auto update feature"
  (Closes: #731480)

42. By Mark Purcell on 2013-12-11

* New upstream release
  - Includes fix for CVE-2013-4325:Insecure Polkit use (Closes: #723716)
  - Drop debian/patches/CVE-2013-4325.patch
  - hp-mkuri no longer ships
* Drop hp-mkuri-take-into-account-already-installed-plugin-also-for-
  exit-value.dpatch & ubuntu-hp-mkuri-notification-text.dpatch
* quilt refresh
* hplip-doc.install -> hplip-doc.docs

41. By Mark Purcell on 2013-10-12

* Build-Depends: libusb2-dev [kfreebsd-any] - Thks Petr
  - Fixes "no longer buildable on kfreebsd-*" (Closes: #725616)
* Update X-Python-Version: >= 2.7.5
  - Fixes "hplip-data depends on python:any (>= 2.6.6-7~)" (Closes: #724705)

40. By Mark Purcell on 2013-09-21

* New upstream release
* Fix CVE-2013-4325 hplip: Insecure calling of polkit
  - Apply Redhat patch (Closes: #723716)
  - Urgency medium
* Fix "Rebuild against pyppd 1.0.1" patch from OdyX (Closes: #722695)