This bug was fixed in the package software-center - 4.0.5
---------------
software-center (4.0.5) natty-proposed; urgency=low
[ Aaron Peachey ]
* softwarecenter/view/appdetailsview_gtk.py,
softwarecenter/view/widgets/reviews.py:
- fix duplication of reviews upon submitting a new
review, completes the fix for LP: #794060
[ Gary Lasker ]
* softwarecenter/utils.py,
softwarecenter/backend/aptd.py,
test/test_software_channels.py:
- obfuscate private ppa details in the error log output and in
the error dialog itself, add corresponding unit test
(LP: #807745)
* merge lp:~evfool/software-center/nonetworkfixes, fixes two menu
item network state bugs, many thanks to Robert Roth
(LP: #802919, LP: #802920)
-- Michael Vogt <[email protected]> Wed, 13 Jul 2011 14:24:50 +0200
** Changed in: software-center (Ubuntu Natty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to software-center in Ubuntu.
https://bugs.launchpad.net/bugs/807745
Title:
Should not include private PPA details in software-center.log
Status in “software-center” package in Ubuntu:
Fix Released
Status in “software-center” source package in Maverick:
Fix Released
Status in “software-center” source package in Natty:
Fix Released
Bug description:
Currently, when a transaction failed error occurs, we log the error
message from aptdaemon in software-center.log. If the transaction
failure was associated with a private PPA, the username and password
details will be included in the message from aptdaemon and so will be
included in the log. Since this log can potentially be exposed in a bug
report, we should obfuscate these details in both the log message and
also in the corresponding dialog that is displayed for the error (since
a screenshot of the dialog could potentially be attached to a bug as well).
TEST CASE for Maverick and Natty SRUs:
1. (For Maverick) Update to Software Center 3.0.10 in maverick-proposed.
-or-
1. (For Natty) Update to Software Center 4.0.5 in natty-proposed.
2. Open Software Center, navigate to the "For Purchase" section and purchase
an item (or simply reinstall a previously purchased item if you have one). Note
that a larger package download will make verification easier it provides more
time to interrupt the download in progress to induce the failure mode. Note
that Steel Storm: Burning Retribution is a ~690MB download and is priced at
$4.99, making it a good candidate for this test (but any purchased package will
do).
3. After the package download has begun and during the download itself, shut
off your network connection.
4. Wait for the transaction to time out (this takes a couple of minutes). The
failure is indicated when the "Failed to download package files" error dialog
appears.
5. In the error dialog, expand the "Details" section and verify that the
username and password portions of the given URL are rendered as "hidden:hidden"
(e.g. "Failed to fetch
https://hidden:[email protected]/commercial-ppa-uploaders/steel-storm2/ubuntu/pool/main/s/steelstorm-episode2/steelstorm-episode2-data_2.00.02818-0maverick1_all.deb";).
6. View the file ~/.cache/software-center.log, navigate to the end and find
the error message. Again verify that the username and password portions of the
given URLs are rendered as "hidden:hidden".
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-center/+bug/807745/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
