Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
It is possible that older versions are not vulnerable. $ sudo apt-get install leptonica-progs $ TMPDIR=/var/tmp fileinfo /tmp/foo.jpg Error in fopenReadStream: file not found Error in pixReadHeader: image file not found Error in writeImageFileInfo: failure to read header of /tmp/foo.jpg $ fileinfo /tmp/foo.jpg === Reading the header: input image format type: jpg w = 3148, h = 3652, bps = 8, spp = 3, iscmap = 0 xres = 300, yres = 300 === Reading the full image: input image format type: jpg w = 3148, h = 3652, d = 32, spp = 3, wpl = 3148 xres = 300, yres = 300 colormap does not exist ===
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
On Thu, 22 Feb 2018 22:26:13 -0800 Jeff Breidenbach wrote: > This is the patch I used for Leptonica 1.74. It should work fine for > earlier versions. > Upstream used a different approach for addressing the problem in version > 1.75. Hi Jeff, I have been unable to reproduce the issue in earlier versions. Do you have any clue about other conditions to reproduce it: TMPDIR=/var/tmp tesseract /tmp/ANY/PATH/XFig-LaTeX-together.jpg - - Error in pixGenerateHalftoneMask: pix too small: w = 71, h = 100 Oveyloyxng Text Ovevluymg Text Ovenaywng Tex‘ Thanks, -- Santiago signature.asc Description: PGP signature
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
This is the patch I used for Leptonica 1.74. It should work fine for earlier versions. Upstream used a different approach for addressing the problem in version 1.75. do-not-mess-with-paths.diff.gz Description: GNU Zip compressed data
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
Jeff, Can you share the changes you made to fix this issue. Please also use a VCS to track debian changes. :) -Abhijith
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
Most likely we'll have a fix into Debian within 48 hours.
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
I've reproduced by setting TMPDIR to /var/tmp. Talking to Leptonica author.
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
Peter, what do you have set for TMPDIR environment variable? (You can check this with "env")
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
I cannot reproduce this problem on Debian Unstable. We have a mystery. $ tesseract /tmp/ANY/PATH/phototest.tif - - Page 1 This is a lot of 12 point text to test the ocr code and see if it works on all types of file format. The quick brown dog jumped over the lazy fox. The quick brown dog jumped over the lazy fox. The quick brown dog jumped over the lazy fox. The quick brown dog jumped over the lazy fox.
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
Will investigate.
Bug#885704: liblept5 negatively plays with paths in /tmp when opening TIFFs
Package: liblept5 Version: 1.74.4-1 Severity: important Hi, the new version of tesseract strangely plays with input files in paths below /tmp/ Any of the following calls work $ tesseract input.tif stdout -l deu -c tessedit_create_hocr=1 $ tesseract /home/user/input.tif stdout -l deu -c tessedit_create_hocr=1 $ tesseract /usr/ANY/PATH/input.tif stdout -l deu -c tessedit_create_hocr=1 But with paths below /tmp/, e.g. $ tesseract /tmp/ANY/PATH/input.tif stdout -l deu -c tessedit_create_hocr=1 tesseract fails to find the input file, and reports (embedded in HTML) the following output: TIFFOpen: /tmp/ANY/PATH/ANY/PATH/input.tif: No such file or directory. Error in pixReadFromMultipageTiff: tif open failed for /tmp/ANY/PATH/input.tif Please note the duplication of the /ANY/PATH part to the right of /tmp in the first error line. As a result tesseract cannot be used anymore in gscan2pdf. The reason for opening this bug against liblept5 is that tesseract and its librariers do not contain the string /tmp while liblept5 does. Please re-assign as appropriate if liblept5 is the wrong package. Thanks for maintaining liblept5 & tesseract in Debian Peter -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages liblept5 depends on: ii libc62.25-5 ii libgif7 5.1.4-1 ii libjpeg62-turbo 1:1.5.2-2+b1 ii libopenjp2-7 2.3.0-1 ii libpng16-16 1.6.34-1 ii libtiff5 4.0.9-2 ii libwebp6 0.6.0-4 ii zlib1g 1:1.2.8.dfsg-5 liblept5 recommends no packages. liblept5 suggests no packages. -- no debconf information