Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-22 Thread Jeff Breidenbach
Thanks. Of course review in conjunction with upstream will do greps and code searches and stuff like that. But it always possible to miss something so reports are appreciated. For the files you mentioned: src/utils.c: will get serious attention in conjunction with upstream src/xtractprotos.c:

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-22 Thread Sven Hartge
On 22.07.2016 20:23, Jeff Breidenbach wrote: > No, I'm not sure. Leptonica is big and requires a thorough review in > conjunction with upstream. Thank you for helping identify > convertTiffMultipageToPS(), and please report anything else you > happen to notice on mainline paths. Highly

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-22 Thread Jeff Breidenbach
No, I'm not sure. Leptonica is big and requires a thorough review in conjunction with upstream. Thank you for helping identify convertTiffMultipageToPS(), and please report anything else you happen to notice on mainline paths. Highly appreciated.

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-22 Thread Sven Hartge
On 22.07.2016 19:19, Jeff Breidenbach wrote: > There are additional hardcoded paths in the Leptonica > library itself, but generally on debugging or regression test code paths. > I will continue working with upstream on this topic. Are you sure? Looking at convertTiffMultipageToPS() from

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-22 Thread Jeff Breidenbach
I am removing the following programs from the leptonica-progs package due to hardcoded predictable paths in /tmp. Between this and the earlier patch, this solves all reported problems and therefore this particular bug will be closed. There are additional hardcoded paths in the Leptonica library

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-19 Thread Jeff Breidenbach
I will work with upstream on a permanent improvement. In the meantime, I'm adding a small patch in 1.73-3 that will help with the specific problem being discussed in de.comp.os.unix.linux.misc.

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-18 Thread Jeff Breidenbach
Acknowledged and taking action.

Bug#830660: liblept5: hardcoded predictable paths in /tmp

2016-07-09 Thread Sven Hartge
Package: liblept5 Version: 1.73-2 Severity: important Tags: security Hi! A discussion in the German Usenet group de.comp.os.unix.linux.misc, starting at MID: revealed some serious security problems in leptonlib. (At least I think so.) The leptonlib-progs and