HPLIP

  1. Bug #1007367
  2. Comment #1

Comment 1 for bug 1007367

Revision history for this message
Johannes Meixner (jsmeix) wrote :

I suggest to remove foomatic-rip-hplip from HPLIP and
adapt the static PPD files in HPLIP to use foomatic-rip.

Some references:

See the related issue
https://answers.launchpad.net/hplip/+question/198971
and
the "printer prints raw pdf source instead of doc" mail thread on
the cups.general Newsgroup and <email address hidden> mailing list

http://www.cups.org/newsgroups.php?gcups.general+T+Q%22printer+prints+raw+pdf+source+instead+of+doc%22

FYI:
What we (i.e. SUSE) currently do to get rid of foomatic-rip-hplip
from our RPM hplip.spec file (shortened):
-------------------------------------------------------------------------------
# Because foomatic-rip-hplip has CVE-2011-2697
# plus a leftover in CVE-2004-0801
# foomatic-rip-hplip is no longer installed and foomatic-rip
# from the foomatic-filters RPM is used instead.
Requires: foomatic-filters
...
# For hpcups static PPD install one needs:
# --enable-hpcups-install enable hpcups install (default=yes)
# --disable-cups-drv-install enable cups dynamic ppd install (default=yes)
# --enable-cups-ppd-install enable cups static ppd install (default=no)
# For both hpcups and hpijs install with static PPDs one needs additionally:
# --enable-hpijs-install enable hpijs install (default=no)
# --disable-foomatic-drv-install enable foomatic dynamic ppd install
# (default=no), uses drvdir and hpppddir
# --enable-foomatic-ppd-install enable foomatic static ppd install
# (default=no), uses hpppddir
# --enable-foomatic-rip-hplip-install enable foomatic-rip-hplip install
# (default=no), uses cupsfilterdir
# ... foomatic-rip from foomatic-filters is used instead so that
# --disable-foomatic-rip-hplip-install is explicitly set and as a consequence
# the "cupsFilter" entries in the static PPDs are changed in the install
# section to use foomatic-rip.
./configure ...
...
%install
...
# the "cupsFilter" entries in the static PPDs must be changed accordingly:
echo "Replacing insecure foomatic-rip-hplip with foomatic-rip in the PPDs..."
for p in *.ppd
do sed -i -e 's/foomatic-rip-hplip/foomatic-rip/' $p
done
...
# To be backward compatible with PPDs in /etc/cups/ppd/
# for existing print queues a compatibility link
# /usr/lib/cups/filter/foomatic-rip-hplip
# which points to foomatic-rip is installed:
ln -s ../../../bin/foomatic-rip %{buildroot}/usr/lib/cups/filter/foomatic-rip-hplip
-------------------------------------------------------------------------------
An explanation why we use static PPDs:
We use intentionally static PPDs because I prefer when all PPD files
are instantly available radymade on the end-user's disk instead of
having any issue with run-time generation on the end-users system.
I prefer compile-time generation on our package build systems
(so that I can see when it fails) instead of run-time generation
on each particular end-user's system.
Furthermore it seems only static PPDs are future-proof according to
http://www.cups.org/str.php?L3772
which reads that the concept of PPD files being generated on-the-fly
by programs placed in the /usr/lib/cups/driver/ directory
will be going away in a future release of CUPS.