Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-03-02 Thread Jeff Breidenbach 
It is possible that older versions are not vulnerable.

$ sudo apt-get install leptonica-progs

$ TMPDIR=/var/tmp fileinfo /tmp/foo.jpg
Error in fopenReadStream: file not found
Error in pixReadHeader: image file not found
Error in writeImageFileInfo: failure to read header of /tmp/foo.jpg

$ fileinfo /tmp/foo.jpg
===
Reading the header:
  input image format type: jpg
  w = 3148, h = 3652, bps = 8, spp = 3, iscmap = 0
  xres = 300, yres = 300
===
Reading the full image:
  input image format type: jpg
  w = 3148, h = 3652, d = 32, spp = 3, wpl = 3148
  xres = 300, yres = 300
  colormap does not exist
===

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-03-01 Thread Santiago R.R. 
On Thu, 22 Feb 2018 22:26:13 -0800 Jeff Breidenbach  wrote:
> This is the patch I used for Leptonica 1.74. It should work fine for
> earlier versions.
> Upstream used a different approach for addressing the problem in version
> 1.75.

Hi Jeff,

I have been unable to reproduce the issue in earlier versions. Do you
have any clue about other conditions to reproduce it:

TMPDIR=/var/tmp tesseract /tmp/ANY/PATH/XFig-LaTeX-together.jpg - -
Error in pixGenerateHalftoneMask: pix too small: w = 71, h = 100
 

  

  Oveyloyxng Text
  Ovevluymg Text
  Ovenaywng Tex‘

Thanks,

 -- Santiago


signature.asc
Description: PGP signature

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-02-22 Thread Jeff Breidenbach 
This is the patch I used for Leptonica 1.74. It should work fine for
earlier versions.
Upstream used a different approach for addressing the problem in version
1.75.


do-not-mess-with-paths.diff.gz
Description: GNU Zip compressed data

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-02-21 Thread Abhijith PA 
Jeff,

Can you share the changes you made to fix this issue. Please also use a
VCS to track debian changes. :)


-Abhijith

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-01-02 Thread Jeff Breidenbach 
Most likely we'll have a fix into Debian within 48 hours.

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-01-02 Thread Jeff Breidenbach 
I've reproduced by setting TMPDIR to /var/tmp. Talking to Leptonica author.

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-01-02 Thread Jeff Breidenbach 
Peter, what do you have set for TMPDIR environment variable? (You can check
this with "env")

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-01-02 Thread Jeff Breidenbach 
I cannot reproduce this problem on Debian Unstable.  We have a mystery.

$ tesseract /tmp/ANY/PATH/phototest.tif - -
Page 1
This is a lot of 12 point text to test the
ocr code and see if it works on all types
of file format.

The quick brown dog jumped over the
lazy fox. The quick brown dog jumped
over the lazy fox. The quick brown dog
jumped over the lazy fox. The quick
brown dog jumped over the lazy fox.

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2018-01-01 Thread Jeff Breidenbach 
Will investigate.

Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs

2017-12-29 Thread Peter Marschall 
Package: liblept5
Version: 1.74.4-1
Severity: important

Hi,

the new version of tesseract strangely plays with input files in paths below 
/tmp/

Any of the following calls work
 $ tesseract input.tif stdout -l deu -c tessedit_create_hocr=1
 $ tesseract /home/user/input.tif stdout -l deu -c tessedit_create_hocr=1
 $ tesseract /usr/ANY/PATH/input.tif stdout -l deu -c tessedit_create_hocr=1

But with paths below /tmp/, e.g.
 $ tesseract /tmp/ANY/PATH/input.tif stdout -l deu -c tessedit_create_hocr=1
tesseract fails to find the input file, and reports (embedded in HTML)
the following output:
 TIFFOpen: /tmp/ANY/PATH/ANY/PATH/input.tif: No such file or directory.
 Error in pixReadFromMultipageTiff: tif open failed for /tmp/ANY/PATH/input.tif

Please note the duplication of the /ANY/PATH part to the right of /tmp
in the first error line.

As a result tesseract cannot be used anymore in gscan2pdf.

The reason for opening this bug against liblept5 is that tesseract
and its librariers do not contain the string /tmp while liblept5 does.

Please re-assign as appropriate if liblept5 is the wrong package.

Thanks for maintaining liblept5 & tesseract in Debian
Peter


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages liblept5 depends on:
ii  libc62.25-5
ii  libgif7  5.1.4-1
ii  libjpeg62-turbo  1:1.5.2-2+b1
ii  libopenjp2-7 2.3.0-1
ii  libpng16-16  1.6.34-1
ii  libtiff5 4.0.9-2
ii  libwebp6 0.6.0-4
ii  zlib1g   1:1.2.8.dfsg-5

liblept5 recommends no packages.

liblept5 suggests no packages.

-- no debconf information