diff --git a/hplip-subprocess-replacement.patch b/hplip-subprocess-replacement.patch new file mode 100644 index 0000000..a169e1c --- /dev/null +++ b/hplip-subprocess-replacement.patch @@ -0,0 +1,105 @@ +diff -up hplip-2.7.9/hpssd.py.subprocess-replacement hplip-2.7.9/hpssd.py +--- hplip-2.7.9/hpssd.py.subprocess-replacement 2007-10-12 09:34:06.000000000 +0100 ++++ hplip-2.7.9/hpssd.py 2007-10-12 09:36:28.000000000 +0100 +@@ -53,7 +53,7 @@ __doc__ = "Provides persistent data and + + # Std Lib + import sys, socket, os, os.path, signal, getopt, time, select +-import popen2, threading, tempfile ++import subprocess, threading, tempfile + + from errno import EALREADY, EINPROGRESS, EWOULDBLOCK, ECONNRESET, \ + ENOTCONN, ESHUTDOWN, EINTR, EISCONN +@@ -560,21 +560,23 @@ class MailThread(threading.Thread): + + if sendmail: + sendmail = os.path.join(sendmail, 'sendmail') +- sendmail += ' -t -r %s' % self.from_address +- +- log.debug(sendmail) +- std_out, std_in, std_err = popen2.popen3(sendmail) +- log.debug(repr(self.message)) +- std_in.write(self.message) +- std_in.close() +- +- r, w, e = select.select([std_err], [], [], 2.0) +- +- if r: +- err = std_err.read() +- if err: +- log.error(repr(err)) +- self.result = ERROR_TEST_EMAIL_FAILED ++ cmd = [sendmail,'-t','-r',self.from_address] ++ ++ log.debug(repr(cmd)) ++ err = None ++ try: ++ sp = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) ++ std_out, std_err = sp.communicate(self.message) ++ log.debug(repr(self.message)) ++ if std_err != '': ++ err = std_err ++ ++ except OSError, e: ++ err = str(e) ++ ++ if err: ++ log.error(repr(err)) ++ self.result = ERROR_TEST_EMAIL_FAILED + + else: + log.error("Mail send failed. sendmail not found.") +diff -up hplip-2.7.9/scan.py.subprocess-replacement hplip-2.7.9/scan.py +--- hplip-2.7.9/scan.py.subprocess-replacement 2007-10-12 09:36:36.000000000 +0100 ++++ hplip-2.7.9/scan.py 2007-10-12 09:40:45.000000000 +0100 +@@ -829,7 +829,7 @@ else: # NON_INTERACTIVE_MODE + from scan import sane + import scanext + import cStringIO +- import popen2 ++ import subprocess + + try: + import Image +@@ -1311,26 +1311,25 @@ else: # NON_INTERACTIVE_MODE + + if sendmail: + sendmail = os.path.join(sendmail, 'sendmail') +- sendmail += ' -t -r %s' % email_from ++ cmd = [sendmail,'-t','-r',email_from] + +- log.debug(sendmail) +- std_out, std_in, std_err = popen2.popen3(sendmail) +- std_in.write(msg.as_string()) +- std_in.close() +- +- while True: +- update_spinner() +- r, w, e = select.select([std_err], [], [], 1.0) +- +- if r: +- break ++ log.debug(repr(cmd)) ++ err = None ++ try: ++ sp = subprocess.Popen(cmd, stdin=subprocess.PIPE, ++ stdout=subprocess.PIPE, ++ stderr=subprocess.PIPE) ++ std_out, std_err = sp.communicate(msg.as_string()) ++ if std_err != '': ++ err = std_err ++ except OSError, e: ++ err = str(e) + ++ update_spinner() + cleanup_spinner() + +- if r: +- err = std_err.read() +- if err: +- log.error(repr(err)) ++ if err: ++ log.error(repr(err)) + + else: + log.error("Mail send failed. 'sendmail' not found.") diff --git a/hplip.spec b/hplip.spec index 917da6d..42d4893 100644 --- a/hplip.spec +++ b/hplip.spec @@ -1,7 +1,7 @@ Summary: HP Linux Imaging and Printing Project Name: hplip Version: 2.7.9 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ and MIT Group: System Environment/Daemons Conflicts: system-config-printer < 0.6.132 @@ -20,6 +20,7 @@ Patch3: hplip-quiet.patch Patch4: hplip-marker-supply.patch Patch5: hplip-libm.patch Patch6: hplip-udev-rules.patch +Patch7: hplip-subprocess-replacement.patch Patch8: hplip-libsane.patch Patch9: hplip-media-empty.patch Patch11: hplip-unload-traceback.patch @@ -111,6 +112,9 @@ rm -rf $RPM_BUILD_DIR/%{name}-%{version} # Fix the udev rules file (bug #248740). %patch6 -p1 -b .udev-rules +# Applied patch to fix remnants of CVE-2007-5208 (bug #329111). +%patch7 -p1 -b .subprocess-replacement + # Link libsane-hpaio against libsane (bug #234813). %patch8 -p1 -b .libsane @@ -282,6 +286,9 @@ fi exit 0 %changelog +* Fri Oct 12 2007 Tim Waugh 2.7.9-3 +- Applied patch to fix remnants of CVE-2007-5208 (bug #329111). + * Tue Oct 9 2007 Tim Waugh 2.7.9-2 - Use raw instead of 1284.4 communication for LJ4000 series (bug #249191). - Build requires openssl-devel.