Hello community, here is the log from the commit of package system-config-printer for openSUSE:11.3 checked in at Thu Dec 8 10:27:48 CET 2011. -------- --- old-versions/11.3/all/system-config-printer/system-config-printer.changes 2010-03-18 10:20:54.000000000 +0100 +++ 11.3/system-config-printer/system-config-printer.changes 2011-12-06 17:43:46.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Dec 6 16:42:31 UTC 2011 - vuntz@opensuse.org + +- Add system-config-printer-no-openprinting.patch: this disables + the feature where PPD drivers can be downloaded from + OpenPrinting.org. See discussion in bnc#733542. As a side-effect, + this fixes CVE-2011-4405. + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/system-config-printer Destination is old-versions/11.3/UPDATES/all/system-config-printer calling whatdependson for 11.3-i586 New: ---- system-config-printer-no-openprinting.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ system-config-printer.spec ++++++ --- /var/tmp/diff_new_pack.OllkkT/_old 2011-12-08 10:25:13.000000000 +0100 +++ /var/tmp/diff_new_pack.OllkkT/_new 2011-12-08 10:25:13.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package system-config-printer (Version 1.2.0) +# spec file for package system-config-printer # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ License: GPLv2+ Group: Hardware/Printing Version: 1.2.0 -Release: 1 +Release: 2.<RELEASE2> Summary: A printer administration tool Url: http://cyberelk.net/tim/software/system-config-printer/ Source0: http://cyberelk.net/tim/data/system-config-printer/1.0.x/system-config-printer-%{version}.tar.bz2 @@ -30,6 +30,8 @@ Patch13: system-config-printer-icon-brp-friendly.patch # PATCH-FIX-OPENSUSE system-config-printer-firewall-menu.patch vuntz@novell.com -- Fix string to mention correct path in menus to firewall tool Patch18: system-config-printer-firewall-menu.patch +# PATCH-FIX-OPENSUSE system-config-printer-no-openprinting.patch bnc#733542 vuntz@opensuse.org -- Disable feature that downloads ppd from openprinting.org +Patch19: system-config-printer-no-openprinting.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Obsoletes: gnome-cups-manager <= 0.33 BuildRequires: cups-devel @@ -103,6 +105,7 @@ gnome-patch-translation-prepare %patch13 -p1 %patch18 -p1 +%patch19 -p1 gnome-patch-translation-update %build ++++++ system-config-printer-no-openprinting.patch ++++++ Index: system-config-printer-1.2.0/cupshelpers/openprinting.py =================================================================== --- system-config-printer-1.2.0.orig/cupshelpers/openprinting.py +++ system-config-printer-1.2.0/cupshelpers/openprinting.py @@ -46,6 +46,11 @@ class _QueryThread (threading.Thread): self.setDaemon (True) def run (self): + ## Disabled on openSUSE, see discussion in https://bugzilla.novell.com/show_bug.cgi?id=733542 + if self.callback != None: + self.callback (403, self.user_data, None) + return + # CGI script to be executed query_command = "/query.cgi" # Headers for the post request Index: system-config-printer-1.2.0/system-config-printer.py =================================================================== --- system-config-printer-1.2.0.orig/system-config-printer.py +++ system-config-printer-1.2.0/system-config-printer.py @@ -3884,6 +3884,8 @@ class NewPrinterGUI(GtkGUI): # Set up OpenPrinting widgets. self.openprinting = cupshelpers.openprinting.OpenPrinting () self.openprinting_query_handle = None + ## Disabled on openSUSE, see discussion in https://bugzilla.novell.com/show_bug.cgi?id=733542 + self.rbtnNPDownloadableDriverSearch.hide() combobox = self.cmbNPDownloadableDriverFoundPrinters cell = gtk.CellRendererText() combobox.pack_start (cell, True) @@ -4608,6 +4610,7 @@ class NewPrinterGUI(GtkGUI): self.btnNPBack.hide() self.btnNPForward.show() downloadable_selected = False + ## openSUSE: just a guard to know when the name of the widget to hide changes if self.rbtnNPDownloadableDriverSearch.get_active (): combobox = self.cmbNPDownloadableDriverFoundPrinters iter = combobox.get_active_iter () @@ -6369,6 +6372,8 @@ class NewPrinterGUI(GtkGUI): elif self.rbtnNPPPD.get_active(): ppd = cups.PPD(self.filechooserPPD.get_filename()) else: + ## Disabled on openSUSE, see discussion in https://bugzilla.novell.com/show_bug.cgi?id=733542 + return # PPD of the driver downloaded from OpenPrinting XXX treeview = self.tvNPDownloadableDrivers model, iter = treeview.get_selection ().get_selected () continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org