Control: tag -1 + moreinfo
Hi Jakub,
Jakub Wilk wrote:
> which-pkg-broke can inadvertently execute binaries from the current
> working directory. Proof of concept:
[...]
> Patch attached.
For me, this patch does not look like solving this issue:
> diff --git a/which-pkg-broke b/which-pkg-broke
> index 4f53139..c0bd621 100755
> --- a/which-pkg-broke
> +++ b/which-pkg-broke
> @@ -9,12 +9,15 @@ import time
> from string import *
> from stat import *
>
> +def force_posix_locale():
> + os.environ['LC_ALL'] = 'C'
> +
> def pkgdeps(pkg):
> apt_cache = subprocess.Popen(
> ['apt-cache', 'depends', pkg],
> stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
> universal_newlines=True,
> - env={} # force POSIX locale
> + preexec_fn=force_posix_locale,
> )
> deps = []
> for myline in apt_cache.stdout:
> @@ -49,7 +52,7 @@ def localarchitectures():
> ['dpkg', '--print-architecture'],
> stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
> universal_newlines=True,
> - env={} # force POSIX locale
> + preexec_fn=force_posix_locale,
> )
> for arch in dpkg_arch.stdout.readlines():
> architectures.append(arch.rstrip())
> @@ -59,7 +62,7 @@ def localarchitectures():
> ['dpkg', '--print-foreign-architecture'],
> stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
> universal_newlines=True,
> - env={} # force POSIX locale
> + preexec_fn=force_posix_locale,
> )
> for arch in dpkg_archs.stdout.readlines():
> architectures.append(arch.rstrip())
I though don't find any other bug report about which-pkg-broke and
locales, so I'm really not sure if this is just the wrong patch or if
this fixes the issue in a non-obvious way.
Some more explanations (or the correct patch :-) are appreciated.
Regards, Axel
--
,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
