/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file

Status changed to 'Confirmed' because the bug affects multiple users.

That seems a new issue with 2.19, it's ranked 3rd issue on wily e.u.c weekly view

I think package_hook was broken by the following change with the apport's last upload:

    - SECURITY FIX: Fix all writers of report files (package_hook,
      kernel_crashdump, and similar) to open the report file exclusively,
      i. e. fail if they already exist. This prevents privilege escalation
      through symlink attacks. Note that this will also prevent overwriting
      previous reports with the same same. Thanks to halfdog for discovering
      this! (CVE-2015-1338, LP: #1492570)

Here's the Traceback:

Traceback (most recent call last):
  File "/usr/share/apport/package_hook", line 64, in <module>
    with apport.fileutils.make_report_file(pr) as f:
  File "/usr/lib/python3/dist-packages/apport/fileutils.py", line 290, in make_report_file
    return open(path, 'xb')
FileExistsError: [Errno 17] File exists: '/var/crash/modemmanager.0.crash'

Fixed in trunk r3013.

I think this will also need SRU'ing to Trusty and other releases. See https://errors.ubuntu.com/problem/fbe9bee2680101c059654e056013b4914af76b7b for an example of the same crash in Trusty.

Status changed to 'Confirmed' because the bug affects multiple users.

This bug was fixed in the package apport - 2.19.1-0ubuntu2

---------------
apport (2.19.1-0ubuntu2) wily; urgency=medium

  * apt/dpkg: Don't mark packages downloaded from Launchpad for installation
    by apt. Thanks Brian Murray. (Cherry-picked from trunk.)

apport (2.19.1-0ubuntu1) wily; urgency=medium

  [ Martin Pitt ]
  * New upstream release:
    - Consistently intercept "report file already exists" errors in all writers
      of report files (package_hook, kernel_crashdump, and similar) to avoid
      unhandled exceptions on those. (LP: #1500450)
    - apt/dpkg: Fall back to direct Launchpad ddeb download if we can't find it
      in the apt cache. Thanks Brian Murray! (LP: #1500557)
    - doc/data-format.tex: Clarify that key names are being treated as case
      sensitive (unlike RFC822).

  [ Brian Murray ]
  * data/iwlwifi_error_dump: fix add_package call. (LP: #1496268)

  [ Sebastien Bacher ]
  * data/package-hooks/sources_ubiquity.py: Don't try decode() a str
    (LP: #1501773).

 -- Martin Pitt <email address hidden> Thu, 08 Oct 2015 08:04:12 +0200

I was testing a release upgrade today (from 14.04 to 15.04) and every package installation failure ended with - FileExistsError: [Errno 17] File exists: '/var/crash/$package.0.crash'.

This other bucket has a lot of instances of the crash, its a different bucket because of the line number, and would probably be useful verifying the SRU.

https://errors.ubuntu.com/problem/e9391d517d0a3555b1313b6683947136f12b29e9

Actually, it was only package install failure that triggered the FileExistsError and it was because apport_pkgfailure was called two times about the same package.

2015-10-16 13:47:48,206 DEBUG running apport_pkgfailure() init: pre-dependency problem - not installing init
2015-10-16 13:58:18,265 DEBUG running apport_pkgfailure() init: no package named `init' is installed, cannot configure

Regardless, we should fix it.

Hello errors.ubuntu.com, or anyone else affected,

Accepted apport into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello errors.ubuntu.com, or anyone else affected,

Accepted apport into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.17 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello errors.ubuntu.com, or anyone else affected,

Accepted apport into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

This bug was fixed in the package apport - 2.0.1-0ubuntu17.13

---------------
apport (2.0.1-0ubuntu17.13) precise-security; urgency=medium

  * SECURITY FIX: When determining the path of a Python module for a program
    like "python -m module_name", avoid actually importing and running the
    module; this could lead to local root privilege escalation. Thanks to
    Gabriel Campana for discovering this and the fix!
    (CVE-2015-1341, LP: #1507480)

 -- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:50:47 +0200

This bug was fixed in the package apport - 2.17.2-0ubuntu1.7

---------------
apport (2.17.2-0ubuntu1.7) vivid-security; urgency=medium

  * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
    random test failures due to leaking paths from previous test cases.
  * SECURITY FIX: When determining the path of a Python module for a program
    like "python -m module_name", avoid actually importing and running the
    module; this could lead to local root privilege escalation. Thanks to
    Gabriel Campana for discovering this and the fix!
    (CVE-2015-1341, LP: #1507480)

 -- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:05:43 +0200

This bug was fixed in the package apport - 2.14.1-0ubuntu3.18

---------------
apport (2.14.1-0ubuntu3.18) trusty-security; urgency=medium

  * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
    random test failures due to leaking paths from previous test cases.
  * SECURITY FIX: When determining the path of a Python module for a program
    like "python -m module_name", avoid actually importing and running the
    module; this could lead to local root privilege escalation. Thanks to
    Gabriel Campana for discovering this and the fix!
    (CVE-2015-1341, LP: #1507480)

 -- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:15:37 +0200