Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Il 27/02/2013 23:54, Jakub Wilk ha scritto: > Have you checked if phonetisaurus can be built against the new openfst? Yes, it can. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Have you checked if phonetisaurus can be built against the new openfst? -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Il 25/02/2013 23:50, Jakub Wilk ha scritto: > * Giulio Paci , 2013-02-23, 19:37: >> I just sent another email further explaining the issue and pointing out it >> is a general issue. > > Thanks. > > > I think this change > * Move plugins from /usr/lib/fst/ to /usr/lib/fst/1/. > warrants updating README.Debian. Updated. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
* Giulio Paci , 2013-02-23, 19:37: I just sent another email further explaining the issue and pointing out it is a general issue. Thanks. I think this change * Move plugins from /usr/lib/fst/ to /usr/lib/fst/1/. warrants updating README.Debian. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Il 22/02/2013 20:26, Jakub Wilk ha scritto: > * Giulio Paci , 2013-02-20, 20:46: >>> As far as I can see, src/test/fst_test.h creates temporary files >>> insecurely. >> Relevant applications are now using private directory to store temporary >> files. As far as I can see, this solves the issue. > It solves it for Debian, but the problem should be fixed upstream as > well. Please notify them about the bug, if you haven't already. I already forwarded the patch. >>> I'm confused. Which patch exactly did you forward? >> I was referring to 1004_set_tmpdir_default_to_TMPDIR.patch. > > Yup, but that doesn't fix the security hole; it merely allows those who are > aware of it to work around it. Ok, I just re-read the email I sent upstream with the patches and it described the problem in the Debian context. I just sent another email further explaining the issue and pointing out it is a general issue. In this email I also proposed to fix the issue by setting TMPDIR inside the test scripts. Bests, Giulio. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
* Giulio Paci , 2013-02-20, 20:46: As far as I can see, src/test/fst_test.h creates temporary files insecurely. Relevant applications are now using private directory to store temporary files. As far as I can see, this solves the issue. It solves it for Debian, but the problem should be fixed upstream as well. Please notify them about the bug, if you haven't already. I already forwarded the patch. I'm confused. Which patch exactly did you forward? I was referring to 1004_set_tmpdir_default_to_TMPDIR.patch. Yup, but that doesn't fix the security hole; it merely allows those who are aware of it to work around it. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Il 20/02/2013 19:35, Jakub Wilk ha scritto: > * Giulio Paci , 2013-02-19, 23:19: > As far as I can see, src/test/fst_test.h creates temporary files > insecurely. Relevant applications are now using private directory to store temporary files. As far as I can see, this solves the issue. >>> It solves it for Debian, but the problem should be fixed upstream as well. >>> Please notify them about the bug, if you haven't already. >> I already forwarded the patch. > > I'm confused. Which patch exactly did you forward? I was referring to 1004_set_tmpdir_default_to_TMPDIR.patch. But I forwarded all except "unresolved-symbols.diff" that I never forwarded and "2001_put_libfst_extension_libraries_in_usr_lib.patch" that I forwarded before refreshing it (maybe I can change from yes to no the Forwarded status). Bests, Giulio. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
* Giulio Paci , 2013-02-19, 23:19: As far as I can see, src/test/fst_test.h creates temporary files insecurely. Relevant applications are now using private directory to store temporary files. As far as I can see, this solves the issue. It solves it for Debian, but the problem should be fixed upstream as well. Please notify them about the bug, if you haven't already. I already forwarded the patch. I'm confused. Which patch exactly did you forward? -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Il 19/02/2013 21:22, Jakub Wilk ha scritto: > * Giulio Paci , 2013-02-15, 03:34: >>> As far as I can see, src/test/fst_test.h creates temporary files insecurely. >> Relevant applications are now using private directory to store temporary >> files. As far as I can see, this solves the issue. > > It solves it for Debian, but the problem should be fixed upstream as well. > Please notify them about the bug, if you haven't already. I already forwarded the patch. Upstream said they will evaluate this and other patches for inclusion in the next openfst release. > You added: > > DEB_ROOT := $(abspath $(dir $(firstword $(MAKEFILE_LIST)))/..) > > But for build* and binary* target $(DEB_ROOT) is guaranteed to be equal to > $(CURDIR). So just use the latter. :) Using $(CURDIR) now. :-) > I'd also use relative directories wherever possible (in this case, at least: > mkdir -p, $(RM) -r), as they are less noisy in build logs. And using just "tmpdir" as temporary directory instead of "$(DEB_ROOT)/tmpdir" or "$(CURDIR)/tmpdir". -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
* Giulio Paci , 2013-02-15, 03:34: As far as I can see, src/test/fst_test.h creates temporary files insecurely. Relevant applications are now using private directory to store temporary files. As far as I can see, this solves the issue. It solves it for Debian, but the problem should be fixed upstream as well. Please notify them about the bug, if you haven't already. You added: DEB_ROOT := $(abspath $(dir $(firstword $(MAKEFILE_LIST)))/..) But for build* and binary* target $(DEB_ROOT) is guaranteed to be equal to $(CURDIR). So just use the latter. :) I'd also use relative directories wherever possible (in this case, at least: mkdir -p, $(RM) -r), as they are less noisy in build logs. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Il 13/02/2013 21:28, Jakub Wilk ha scritto: > * Giulio Paci , 2013-02-12, 03:10: >> git://anonscm.debian.org/collab-maint/openfst.git > > As far as I can see, src/test/fst_test.h creates temporary files insecurely. Relevant applications are now using private directory to store temporary files. As far as I can see, this solves the issue. > Also, it would be good if the default for --tmpdir was not hardcoded /tmp/, > but TMPDIR was honored instead. I added a patch for this as part of the solution of the fst_test problem. If TMPDIR is set it is used as default tmpdir, otherwise /tmp is used. Bests, Giulio. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
* Giulio Paci , 2013-02-12, 03:10: git://anonscm.debian.org/collab-maint/openfst.git As far as I can see, src/test/fst_test.h creates temporary files insecurely. Also, it would be good if the default for --tmpdir was not hardcoded /tmp/, but TMPDIR was honored instead. -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#700360: RFS: openfst/1.3.3-1 -- weighted finite-state transducers library
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "openfst" * Package name: openfst Version : 1.3.3-1 Upstream Author : Cyril Allauzen , Michael Riley * URL : http://www.openfst.org/ * License : Apache-2.0 Section : libs It builds those binary packages: openfst - weighted finite-state transducers library To access further information about this package, please visit the following Vcs URL: git://anonscm.debian.org/collab-maint/openfst.git Regards, Giulio Paci -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org