[Bug 933225] [NEW] inability to QA utterly broke DistUpgradeViewKDE

Launchpad Bug Tracker 933225 at bugs.launchpad.net
Thu Feb 16 02:11:30 UTC 2012 

You have been subscribed to a public bug by Harald Sitter (apachelogger):

        copyXauth = tempfile.mkstemp("", "adept")
        if 'XAUTHORITY' in os.environ and os.environ['XAUTHORITY'] != copyXauth:
            shutil.copy(os.environ['XAUTHORITY'], copyXauth)
            os.environ["XAUTHORITY"] = copyXauth

<apachelogger> can't load DistUpgradeViewKDE (coercing to Unicode: need string or buffer, tuple found)
<apachelogger> bug 881541
<ubottu> Launchpad bug 881541 in update-manager (Ubuntu) "DistUpgrade/DistUpgradeViewKDE.py uses mktemp -- which is insecure" [Medium,Fix released] https://launchpad.net/bugs/881541
<apachelogger> http://docs.python.org/library/tempfile.html
<apachelogger> mkstemp() returns a tuple containing an OS-level handle to an open file (as would be returned by os.open()) and the absolute pathname of that file, in that order.
<apachelogger>             shutil.copy(os.environ['XAUTHORITY'], copyXauth)
<apachelogger> I am the touple in your string <3

	    print os.environ['XAUTHORITY'] => /tmp/kde-me/xauth-1000-_0
	    print copyXauth => (13, '/tmp/adeptTXo9jf')

Also: http://docs.python.org/library/shutil.html
shutil.copy(src, dst)
Copy the file src to the file or directory dst. If dst is a directory, a file with the same basename as src is created (or overwritten) in the directory specified. Permission bits are copied. src and dst are path names given as strings.

Thank you for not reading documentation, no testing and getting me to
waste time on this!

I really heart this.... <3 broken software... see.

"The guy who broke my upgrader now has to fix it and send me cookies" ~
Oscar Wild

** Affects: update-manager (Ubuntu)
     Importance: Critical
     Assignee: Marc Deslauriers (mdeslaur)
         Status: Triaged

** Affects: update-manager (Ubuntu Oneiric)
     Importance: Critical
     Assignee: Marc Deslauriers (mdeslaur)
         Status: Triaged

-- 
inability to QA utterly broke DistUpgradeViewKDE
https://bugs.launchpad.net/bugs/933225
You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to the bug report.

More information about the kubuntu-bugs mailing list