Fedora has issued an advisory on July 17: https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html The issue is fixed in 3.15.7. Reproducible: Steps to Reproduce:
This bug has been resolved by upgrading to vers. 3.15.7. The following packages are now in updates_testing: hplip-3.15.7-1.mga5.src.rpm hplip-3.15.7-1.mga5.x86_64.rpm lib64hpip0-3.15.7-1.mga5.x86_64.rpm lib64hpip0-devel-3.15.7-1.mga5.x86_64.rpm lib64sane-hpaio1-3.15.7-1.mga5.x86_64.rpm hplip-model-data-3.15.7-1.mga5.x86_64.rpm hplip-gui-3.15.7-1.mga5.x86_64.rpm hplip-hpijs-3.15.7-1.mga5.x86_64.rpm hplip-hpijs-ppds-3.15.7-1.mga5.x86_64.rpm hplip-doc-3.15.7-1.mga5.x86_64.rpm hplip-debuginfo-3.15.7-1.mga5.x86_64.rpm and corresponding i586 packages This should also resolve bug Bug 15266 Assigning it to qa
Status: NEW => ASSIGNEDCC: (none) => thomasAssignee: thomas => qa-bugs
A patch is now available to fix this issue: http://pkgs.fedoraproject.org/cgit/hplip.git/plain/hplip-CVE-2015-0839.patch?h=f21&id=4e8f6bd2a912c1809d50d978cc55aeb90d63885d If this update doesn't work out, we could go back and apply that patch. Actually, we need to apply it for Mageia 4 too...
Whiteboard: (none) => MGA4TOO feedback
this should be an easy patch. But then we still have the problem of not recognizing new printers. I am going to test 3.15.7 as soon as it's on the mirrors. I have two printers, a brand new one and one that is about 5 years old.
(In reply to Thomas Spuhler from comment #3) > this should be an easy patch. But then we still have the problem of not > recognizing new printers. I think we can live with that on Mageia 4, since Mageia 5 is available. > I am going to test 3.15.7 as soon as it's on the mirrors. I have two > printers, a brand new one and one that is about 5 years old. Thanks.
fixed in mga4 by applying hplip-CVE-2015-0839.patch The following packages are now in mga4 updates_testing: hplip-3.15.6-1.1.mga5.src.rpm hplip-3.15.6-1.1.mga5.x86_64.rpm lib64hpip0-3.15.6-1.1.mga5.x86_64.rpm lib64hpip0-devel-3.15.6-1.1.mga5.x86_64.rpm lib64sane-hpaio1-3.15.6-1.1.mga5.x86_64.rpm hplip-model-data-3.15.6-1.1.mga5.x86_64.rpm hplip-gui-3.15.6-1.1.mga5.x86_64.rpm hplip-hpijs-3.15.6-1.1.mga5.x86_64.rpm hplip-hpijs-ppds-3.15.6-1.1.mga5.x86_64.rpm hplip-doc-3.15.6-1.1.mga5.x86_64.rpm hplip-debuginfo-3.15.6-1.1.mga5.x86_64.rpm
(In reply to Thomas Spuhler from comment #5) > fixed in mga4 by applying hplip-CVE-2015-0839.patch > The following packages are now in mga4 updates_testing: > hplip-3.15.6-1.1.mga5.src.rpm > hplip-3.15.6-1.1.mga5.x86_64.rpm > lib64hpip0-3.15.6-1.1.mga5.x86_64.rpm > lib64hpip0-devel-3.15.6-1.1.mga5.x86_64.rpm > lib64sane-hpaio1-3.15.6-1.1.mga5.x86_64.rpm > hplip-model-data-3.15.6-1.1.mga5.x86_64.rpm > hplip-gui-3.15.6-1.1.mga5.x86_64.rpm > hplip-hpijs-3.15.6-1.1.mga5.x86_64.rpm > hplip-hpijs-ppds-3.15.6-1.1.mga5.x86_64.rpm > hplip-doc-3.15.6-1.1.mga5.x86_64.rpm > hplip-debuginfo-3.15.6-1.1.mga5.x86_64.rpm Ooops, they should read mga4. I built them locally and copied the names over.
Oh, I thought we were just going to patch it for Mageia 4 and not update to 3.15. I guess we'll see how it goes.
Whiteboard: MGA4TOO feedback => MGA4TOO
mga4 has been updated to 3.15.6 because of "New Printers not recognized" so I just added the patch and subrel 1 mga5 has 3.15.7
To test the connection (finding and adding a wi-fi connected printer), you have to disable the firewall, not just stop it. After adding the printer, you can enable the firewall again.
This update causes the same problem for me as I reported in: https://bugs.mageia.org/show_bug.cgi?id=15266#c47
mga5 x86_64 root@vega ~]# urpmi hplip-debuginfo Unknown option: x No package named hplip-debuginfo All other packages installed OK.
CC: (none) => tarazed25
The debuginfo package should never be listed for QA. It's in the debug media and we don't worry about those.
Added a LAN printer (HP5520) under HPLIP with a different queue name and that worked fine. Am I missing something here? Is this a valid test for old printers?
I am not quite sure what the problem is that James is experiencing. It could be that the newer versions of HPLIP don't support his printer anymore. He doesn't say if he disabled (not stopped) the firewall.
We wont release an update to add support for new printers that forces users to disable their firewall to keep the functionality they already have with existing printers. ie. breaks it.
Seem to have 2 bugs assigned to us now for hplip also. I'd recommend applying the patch to the existing package instead.
This is actually nothing new. What's new is that we learned that the firewall needs to be temporarily disabled in order for HPLIP to find the wi-fi connected printer. It has been the case for a very long time.
If the printer is already recognised and the updates have been breaking things then we shouldn't have released them.
you maybe right, but I still disagree. How do you find that the update is breaking things. I don't have that printer, HP Deskjet 1000. The two printers I have work fine, except for auto-discovery, the firewall has to be temporarily disabled. This has been the case at least since the mga4 release (I didn't have a wi-fi printer before).
It's difficult for hardware related updates and certainly nobody is blaming you. We've usually asked for help to test hplip from our users. In this case though there are already reports, as you can see, so we're lucky.
(In reply to Thomas Spuhler from comment #14) I always disable the firewall in my systems. I rely on the firewall in my router. In any case this printer is attached to the machine in question through USB. According to HP this printer is supported, including the services, such as ink levels: http://hplipopensource.com/hplip-web/models/deskjet/deskjet_1000_j110_series.html
(In reply to James Kerr from comment #21) > (In reply to Thomas Spuhler from comment #14) > > I always disable the firewall in my systems. I rely on the firewall in my > router. In any case this printer is attached to the machine in question > through USB. > > According to HP this printer is supported, including the services, such as > ink > levels: > http://hplipopensource.com/hplip-web/models/deskjet/deskjet_1000_j110_series. > html If you connect through USB, then the firewall should be irrelevant. Another question, are you using HP cartridges. I use a refurbished black one on my older C4385 and it never showed the ink level, vs on the color, I use an HP and there it show the ink level.
On real hardware, M5, KDE, 64-bit Package(s) under test: hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data default install of hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data [root@sandybridge wilcal]# urpmi hplip Package hplip-3.14.6-8.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-gui Package hplip-gui-3.14.6-8.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.14.6-8.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.14.6-8.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-model-data Package hplip-model-data-3.14.6-8.mga5.x86_64 is already installed Printing works both locally and using CUPS from another system on the LAN. Xsane scans an image. install hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data from updates_testing [[root@sandybridge wilcal]# urpmi hplip Package hplip-3.15.7-1.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-gui Package hplip-gui-3.15.7-1.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.15.7-1.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.15.7-1.mga5.x86_64 is already installed [root@sandybridge wilcal]# urpmi hplip-model-data Package hplip-model-data-3.15.7-1.mga5.x86_64 is already installed Printing works both locally and using CUPS from another system on the LAN. Lost contact with scanner. Xsane continues to no longer find the scanner. Not acceptable.
CC: (none) => wilcal.int
(In reply to claire robinson from comment #20) > It's difficult for hardware related updates and certainly nobody is blaming > you. We've usually asked for help to test hplip from our users. > > In this case though there are already reports, as you can see, so we're > lucky. I know, it's difficult, we cannot purchase all the printers. I just installed on a vbox the printer package (task-printing-hp-2011) mirrors.kernel.org/mageia/distrib/5/x86_64/media/core/release/hplip-3.14.6-8.mga5.x86_64.rpm It recognizes my older C4385 All-In-One printer, but doesn't what is now being sold by the major stores, the Office Jet Pro 8620 The HP website says Min. HPLIP Version 3.14.4 so it should work. As you said earlier, we should put the updates into backport, but as we all know, it's not an option right now. I guess we have the choice of not supporting the newer printers or have a problem with some of the old ones. On the other hand, the security issue that triggered this bug report has been reported for vers. 3.15.6. So we may just don't release the packages that are in mga4 upgrades_testing. Those that cannot use the vers. 3.15.7 in mga5 updates_testing could add it to the skip list to prevent the packages from upgrading.
(In reply to Thomas Spuhler from comment #22) I use genuine HP cartridges, purchased from HP.
(In reply to William Kenney from comment #23) > On real hardware, M5, KDE, 64-bit > > Package(s) under test: > hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data > > default install of hplip hplip-gui hplip-hpijs hplip-hpijs-ppds > hplip-model-data > > [root@sandybridge wilcal]# urpmi hplip > Package hplip-3.14.6-8.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-gui > Package hplip-gui-3.14.6-8.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-hpijs > Package hplip-hpijs-3.14.6-8.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-hpijs-ppds > Package hplip-hpijs-ppds-3.14.6-8.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-model-data > Package hplip-model-data-3.14.6-8.mga5.x86_64 is already installed > > Printing works both locally and using CUPS from another system on the LAN. > Xsane scans an image. > > install hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data from > updates_testing > > [[root@sandybridge wilcal]# urpmi hplip > Package hplip-3.15.7-1.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-gui > Package hplip-gui-3.15.7-1.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-hpijs > Package hplip-hpijs-3.15.7-1.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-hpijs-ppds > Package hplip-hpijs-ppds-3.15.7-1.mga5.x86_64 is already installed > [root@sandybridge wilcal]# urpmi hplip-model-data > Package hplip-model-data-3.15.7-1.mga5.x86_64 is already installed > > Printing works both locally and using CUPS from another system on the LAN. > Lost contact with scanner. Xsane continues to no longer find the scanner. > Not acceptable. Works here. I don't see that you upgraded lib64sane-hpaio1-3.15.7-1.mga5.x86_64.rpm This the lib for the scanner.
(In reply to Thomas Spuhler from comment #26) > Works here. > I don't see that you upgraded lib64sane-hpaio1-3.15.7-1.mga5.x86_64.rpm > This the lib for the scanner. [root@sandybridge wilcal]# urpmi lib64sane-hpaio1 Package lib64sane-hpaio1-3.15.7-1.mga5.x86_64 is already installed Rats. Xsane still does not see the scanner. HP ENVY 4502 Absolutely worked just fine before the update.
Checked xsane against my two network printers and it found both of them immediately, HP Envy4500 and HP5520. Have not tried to use them though.
Lets try this again. Connect and turn on printer. Files updated: - hplip-3.15.7-1.mga5.x86_64 - hplip-gui-3.15.7-1.mga5.x86_64 - hplip-hpijs-3.15.7-1.mga5.x86_64 - hplip-hpijs-ppds-3.15.7-1.mga5.x86_64 - hplip-model-data-3.15.7-1.mga5.x86_64 - lib64hpip0-3.15.7-1.mga5.x86_64 - lib64sane-hpaio1-3.15.7-1.mga5.x86_64 In Vbox, M5, KDE, 64-bit Package(s) under test: hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data lib64sane-hpaio1 default install of hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data lib64sane-hpaio1 [root@localhost wilcal]# urpmi hplip Package hplip-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-gui Package hplip-gui-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-model-data Package hplip-model-data-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sane-hpaio1 Package lib64sane-hpaio1-3.14.6-8.mga5.x86_64 is already installed Printing works both locally and using CUPS from another system on the LAN. Xsane scans an image just fine. install hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data lib64sane-hpaio1 from updates_testing [root@localhost wilcal]# urpmi hplip Package hplip-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-gui Package hplip-gui-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-model-data Package hplip-model-data-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sane-hpaio1 Package lib64sane-hpaio1-3.15.7-1.mga5.x86_64 is already installed Printing works both locally and using CUPS from another system on the LAN. Xsane scans an image just fine.
(In reply to William Kenney from comment #29) Rebooted system and tried it again and sure enough Xsane does not see the scanner anymore. There is something really wrong here.
Lets try this again with only the update_testing rpms Do not install hplip-3.14.6-8.mga5.x86_64 et al in test client In Vbox, M5, KDE, 64-bit enable update_testing repos MCC -> Hardware -> Set up the printer(s) [root@localhost wilcal]# urpmi hplip Package hplip-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-gui Package hplip-gui-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-model-data Package hplip-model-data-3.15.7-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sane-hpaio1 Package lib64sane-hpaio1-3.15.7-1.mga5.x86_64 is already installed Open HP Device Manager Setup Device Select Universal Serial Bus (USB) Select From Discovered Devices No devices are found. Printer and scanner cannot be set up. This update is not finding at least this very popular HP printer/scanner test client usbview sees the ENVY 4500 series printer/scanner The Host system can print and scan with connected ENVY 4500 when the client is not running.
(In reply to William Kenney from comment #31) > Lets try this again with only the update_testing rpms > > Do not install hplip-3.14.6-8.mga5.x86_64 et al in test client > > In Vbox, M5, KDE, 64-bit > > enable update_testing repos > MCC -> Hardware -> Set up the printer(s) I am leaving town, but I kind of remember, when installing the printer in printerdrake, it wouldn't work any more in HPLIP. But I need to check this first. > > [root@localhost wilcal]# urpmi hplip > Package hplip-3.15.7-1.mga5.x86_64 is already installed > [root@localhost wilcal]# urpmi hplip-gui > Package hplip-gui-3.15.7-1.mga5.x86_64 is already installed > [root@localhost wilcal]# urpmi hplip-hpijs > Package hplip-hpijs-3.15.7-1.mga5.x86_64 is already installed > [root@localhost wilcal]# urpmi hplip-hpijs-ppds > Package hplip-hpijs-ppds-3.15.7-1.mga5.x86_64 is already installed > [root@localhost wilcal]# urpmi hplip-model-data > Package hplip-model-data-3.15.7-1.mga5.x86_64 is already installed > [root@localhost wilcal]# urpmi lib64sane-hpaio1 > Package lib64sane-hpaio1-3.15.7-1.mga5.x86_64 is already installed > > Open HP Device Manager > Setup Device > Select Universal Serial Bus (USB) > Select From Discovered Devices > No devices are found. > Printer and scanner cannot be set up. > This update is not finding at least this very popular HP printer/scanner > test client usbview sees the ENVY 4500 series printer/scanner > The Host system can print and scan with connected ENVY 4500 when the > client is not running.
(In reply to Thomas Spuhler from comment #32) > I am leaving town, but I kind of remember, when installing the printer in > printerdrake, it wouldn't work any more in HPLIP. But I need to check this > first. Thanks Thomas
MGA4-32 on Acer D620 Xfce. Network printer HP Office Jet Pro 8100 switched on. Refreshed Core Upates testing repos in MCC. Found latest hplip as 3.15.6-11.1 Installed these packages, no installation issues. This system did not have a printer defined yet, so opening MCC-Hardware-Printers drew in cups etc.... After that, opening the Printer section just draws a black window. Using HP Device Manager I could install the printer.
CC: (none) => herman.viaene
MGA5-64 on HP Probook 6555b KDE. Network printer HP Office Jet Pro 8100 switched on. Refreshed Core Upates testing repos in MCC. Found latest hplip as 3.15.7-1Installed these packages, no installation issues. This system did not have a printer defined yet, so opening MCC-Hardware-Printers drew in cups etc.... Installing the printer in MCC works impeccable. Note: I think this is thr first time the printer is detected OK with the Broadcom WiFi on this PC.
Whiteboard: MGA4TOO => MGA4TOO MGA5-64-OK
As I reported in comment #10, this update is not OK for me on mga-5-64. HP Device manager and the CLI hp-tools fail with a connection error.
Whiteboard: MGA4TOO MGA5-64-OK => MGA4TOO
I think that we should re-consider allowing this version update, which risks disrupting stable working systems. Can these packages not be placed in /backports_testing? Anyone who really needs them could be advised to install from that repo.
This update is badly broken.
(In reply to James Kerr from comment #37) > I think that we should re-consider allowing this version update, which risks > disrupting stable working systems. > > Can these packages not be placed in /backports_testing? Anyone who really > needs them could be advised to install from that repo. I can try if this works (backport testing) I don't think we can even afford not to upgrade. I would have to switch distro if we cannot upgrade or I could just build it locally and upgrade. All the new HP ALL-IN-One printers being sold in the large stores don't work with the version we shipped in mga5.
(In reply to Thomas Spuhler from comment #39) > I can try if this works (backport testing) I don't think we can even afford > not to upgrade. I would have to switch distro if we cannot upgrade or I > could just build it locally and upgrade. All the new HP ALL-IN-One printers > being sold in the large stores don't work with the version we shipped in > mga5. I bought my HP 4502 in Walmart about 4-weeks ago and it works just fine with the present hplip. If this bug gets released that 4502 will stop working and anyone purchasing a new HP All-in-One printer will not be able to use it. This bug is broken.
It seems that the best way forward would be to delete the current update candidate from updates_testing (will need sysadmin intervention) and revert to the current versions: hplip-3.13.9-4.mga4 hplip-3.14.6-8.mga5 and then just add the patch for the security issue, and build the 3.15.7 update in backports testing (which I believe it already has been).
Whiteboard: MGA4TOO => MGA4TOO feedbackCC: (none) => sysadmin-bugs
(In reply to David Walser from comment #41) > It seems that the best way forward would be to delete the current update.... > ..... > and then just add the patch for the security issue, and build the 3.15.7 > update in backports testing (which I believe it already has been). Sounds like a plan David.
(In reply to David Walser from comment #41) > It seems that the best way forward would be to delete the current update > candidate from updates_testing (will need sysadmin intervention) and revert > to the current versions: > hplip-3.13.9-4.mga4 > hplip-3.14.6-8.mga5 > > and then just add the patch for the security issue, and build the 3.15.7 > update in backports testing (which I believe it already has been). Sounds good to me. yes, 3.15.7 is already in backport_testing.
Reverted to the original versions, patch for CVE added. Advisory: ======================== Updated hplip packages fix security vulnerability: It was reported that the hp-plugin utility, included in the hplip package, downloads a binary driver and verifies it via a key specified by the key's short ID. A man-in-the-middle attacker could use this flaw to generate a key with the expected short ID and trick a user into downloading a malicious binary (CVE-2015-0839). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0839 https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162442.html ======================== Updated packages in core/updates_testing: ======================== hplip-3.13.9-4.1.mga4 libhpip0-3.13.9-4.1.mga4 libhpip0-devel-3.13.9-4.1.mga4 libsane-hpaio1-3.13.9-4.1.mga4 hplip-model-data-3.13.9-4.1.mga4 hplip-gui-3.13.9-4.1.mga4 hplip-hpijs-3.13.9-4.1.mga4 hplip-hpijs-ppds-3.13.9-4.1.mga4 hplip-doc-3.13.9-4.1.mga4 hplip-3.14.6-8.1.mga5 libhpip0-3.14.6-8.1.mga5 libhpip0-devel-3.14.6-8.1.mga5 libsane-hpaio1-3.14.6-8.1.mga5 hplip-model-data-3.14.6-8.1.mga5 hplip-gui-3.14.6-8.1.mga5 hplip-hpijs-3.14.6-8.1.mga5 hplip-hpijs-ppds-3.14.6-8.1.mga5 hplip-doc-3.14.6-8.1.mga5 from SRPMS: hplip-3.13.9-4.1.mga4.src.rpm hplip-3.14.6-8.1.mga5.src.rpm
Thomas's previous worked is saved in SVN at: svn+ssh://svn.mageia.org/svn/packages/updates/4/hplip/backports svn+ssh://svn.mageia.org/svn/packages/updates/5/hplip/backports Just in case it's needed. Note, the Mageia 5 build isn't available yet, as the previous build hasn't been properly removed yet, so it can't upload this build yet. Hopefully that'll get fixed tonight.
OK, Mageia 5 build is available now.
Testing on mga-5-64 Installed updates from testing $ rpm -q hplip hplip-hpijs-ppds hplip-gui hplip-model-data hplip-hpijs hplip-3.14.6-8.1.mga5 hplip-hpijs-ppds-3.14.6-8.1.mga5 hplip-gui-3.14.6-8.1.mga5 hplip-model-data-3.14.6-8.1.mga5 hplip-hpijs-3.14.6-8.1.mga5 Printing OK Device Manager (hplip-gui) OK Printing over LAN (from Windows 7) OK This update is OK for me on mga-5-64
On real hardware, M5, KDE, 64-bit Package(s) under test: hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data lib64sane-hpaio1 default install of hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data lib64sane-hpaio1 [root@localhost wilcal]# urpmi hplip Package hplip-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-gui Package hplip-gui-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-model-data Package hplip-model-data-3.14.6-8.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sane-hpaio1 Package lib64sane-hpaio1-3.14.6-8.mga5.x86_64 is already installed Printing works both locally and using CUPS from another system on the LAN. Xsane scans an image just fine. install hplip hplip-gui hplip-hpijs hplip-hpijs-ppds hplip-model-data lib64sane-hpaio1 from updates_testing [root@localhost wilcal]# urpmi hplip Package hplip-3.14.6-8.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-gui Package hplip-gui-3.14.6-8.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs Package hplip-hpijs-3.14.6-8.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-hpijs-ppds Package hplip-hpijs-ppds-3.14.6-8.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi hplip-model-data Package hplip-model-data-3.14.6-8.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi lib64sane-hpaio1 Package lib64sane-hpaio1-3.14.6-8.1.mga5.x86_64 is already installed Printing works both locally and using CUPS from another system on the LAN. Xsane scans an image just fine.
Testing on mga-4-64 Set up printer using SCP. Printing and Device Manager all OK. Installed updates from testing: rpm -q hplip hplip-hpijs-ppds hplip-gui hplip-model-data hplip-hpijs hplip-3.13.9-4.1.mga4 hplip-hpijs-ppds-3.13.9-4.1.mga4 hplip-gui-3.13.9-4.1.mga4 hplip-model-data-3.13.9-4.1.mga4 hplip-hpijs-3.13.9-4.1.mga4 Printing and Device Manager all OK Printing over LAN (from mga5) OK OK for mga-4-64
Whiteboard: MGA4TOO MGA5-64-OK => MGA4TOO MGA5-64-OK MGA4-64-OK
Testing on mga4-32 Enabled testing repo and set up printer using SCP. rpm -q hplip hplip-hpijs-ppds hplip-gui hplip-model-data hplip-hpijs hplip-3.13.9-4.1.mga4 hplip-hpijs-ppds-3.13.9-4.1.mga4 hplip-gui-3.13.9-4.1.mga4 hplip-model-data-3.13.9-4.mga4 hplip-hpijs-3.13.9-4.1.mga4 Printing and Device Manager OK. Printing over LAN (from mga5) OK OK for mga-4-32
Whiteboard: MGA4TOO MGA5-64-OK MGA4-64-OK => MGA4TOO MGA5-64-OK MGA4-64-OK MGA4-32-OK
Testing on mga5-32 Enabled testing repo and setup printer using SCP rpm -q hplip hplip-hpijs-ppds hplip-gui hplip-model-data hplip-hpijs hplip-3.14.6-8.1.mga5 hplip-hpijs-ppds-3.14.6-8.1.mga5 hplip-gui-3.14.6-8.1.mga5 hplip-model-data-3.14.6-8.mga5 hplip-hpijs-3.14.6-8.1.mga5 Printing and Device Manager all OK Printing over LAN (from mga5-64) OK OK for mga-5-32
Whiteboard: MGA4TOO MGA5-64-OK MGA4-64-OK MGA4-32-OK => MGA4TOO MGA5-64-OK MGA4-64-OK MGA4-32-OK MGA5-32-OK
My testing has been limited to a uni-functional printer. However, given the positive results reported in comment #48, I think it should be OK to validate this update. If there is no disagreement I will do so.
Go for it James
This update is now validated A QA committer needs to upload the Advisory in comment #44 to SVN The packages can then be pushed to updates
Keywords: (none) => validated_update
Advisory added.
Whiteboard: MGA4TOO MGA5-64-OK MGA4-64-OK MGA4-32-OK MGA5-32-OK => MGA4TOO advisory MGA5-64-OK MGA4-64-OK MGA4-32-OK MGA5-32-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0336.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED
I know this is now resolved. But just out of interest, James could you check if your printer works from a recent Android phone?
(In reply to Thomas Spuhler from comment #57) > I know this is now resolved. But just out of interest, James could you check > if your printer works from a recent Android phone? I donno if this thing is really resolved. We kinda swept it under the rug. There's clearly something terribly wrong with hplip-3.15.7-1. It may be unusable by a large number of people. And I think it's probably an upstream issue we can fix.
(In reply to William Kenney from comment #58) > (In reply to Thomas Spuhler from comment #57) > > > I know this is now resolved. But just out of interest, James could you check > > if your printer works from a recent Android phone? > > I donno if this thing is really resolved. We kinda swept it under the rug. > There's clearly something terribly wrong with hplip-3.15.7-1. It may be > unusable by a large number of people. And I think it's probably an upstream > issue we can fix. *This* thing is CVE-2015-0839 and it is definitely resolved. It has nothing to do with the 3.15.x update. That's a separate issue and clearly there are some problems there. I don't know whether they are upstream or packaging problems. Hopefully it all gets sorted out by Mageia 6.
(In reply to Thomas Spuhler from comment #57) I don't own or have access to any such device.