/usr/share/apport/package_hook:FileExistsError:/usr/share/apport/package_hook@64:make_report_file
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | apport (Ubuntu) |
Low
|
Martin Pitt | ||
| | Precise |
Medium
|
Brian Murray | ||
| | Trusty |
High
|
Brian Murray | ||
| | Vivid |
High
|
Brian Murray | ||
Bug Description
If the SRU fixes the issue we should not see the new version of the package in the following buckets.
Trusty / Vivid SRU Bucket
-----------------
https:/
Precise SRU Bucket
------------------
https:/
The Ubuntu Error Tracker has been receiving reports about a problem regarding apport. This problem was most recently seen with version 2.19-0ubuntu1, the problem page at https:/
| Sebastien Bacher (seb128) wrote : | #2 |
That seems a new issue with 2.19, it's ranked 3rd issue on wily e.u.c weekly view
| Changed in apport (Ubuntu): | |
| assignee: | nobody → Martin Pitt (pitti) |
| importance: | Undecided → High |
| tags: | added: rls-w-incoming |
| Brian Murray (brian-murray) wrote : | #3 |
I think package_hook was broken by the following change with the apport's last upload:
- SECURITY FIX: Fix all writers of report files (package_hook,
kernel_
i. e. fail if they already exist. This prevents privilege escalation
through symlink attacks. Note that this will also prevent overwriting
previous reports with the same same. Thanks to halfdog for discovering
this! (CVE-2015-1338, LP: #1492570)
| Brian Murray (brian-murray) wrote : | #4 |
Here's the Traceback:
Traceback (most recent call last):
File "/usr/share/
with apport.
File "/usr/lib/
return open(path, 'xb')
FileExistsError: [Errno 17] File exists: '/var/crash/
| Changed in apport (Ubuntu): | |
| status: | Confirmed → Triaged |
| Martin Pitt (pitti) wrote : | #5 |
Fixed in trunk r3013.
| Changed in apport (Ubuntu): | |
| status: | Triaged → Fix Committed |
| importance: | High → Low |
| Brian Murray (brian-murray) wrote : | #6 |
I think this will also need SRU'ing to Trusty and other releases. See https:/
| Launchpad Janitor (janitor) wrote : | #7 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in apport (Ubuntu Precise): | |
| status: | New → Confirmed |
| Changed in apport (Ubuntu Trusty): | |
| status: | New → Confirmed |
| Changed in apport (Ubuntu Vivid): | |
| status: | New → Confirmed |
| Launchpad Janitor (janitor) wrote : | #10 |
This bug was fixed in the package apport - 2.19.1-0ubuntu2
---------------
apport (2.19.1-0ubuntu2) wily; urgency=medium
* apt/dpkg: Don't mark packages downloaded from Launchpad for installation
by apt. Thanks Brian Murray. (Cherry-picked from trunk.)
apport (2.19.1-0ubuntu1) wily; urgency=medium
[ Martin Pitt ]
* New upstream release:
- Consistently intercept "report file already exists" errors in all writers
of report files (package_hook, kernel_crashdump, and similar) to avoid
unhandled exceptions on those. (LP: #1500450)
- apt/dpkg: Fall back to direct Launchpad ddeb download if we can't find it
in the apt cache. Thanks Brian Murray! (LP: #1500557)
- doc/data-
sensitive (unlike RFC822).
[ Brian Murray ]
* data/iwlwifi_
[ Sebastien Bacher ]
* data/package-
(LP: #1501773).
-- Martin Pitt <email address hidden> Thu, 08 Oct 2015 08:04:12 +0200
| Changed in apport (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Brian Murray (brian-murray) wrote : | #11 |
I was testing a release upgrade today (from 14.04 to 15.04) and every package installation failure ended with - FileExistsError: [Errno 17] File exists: '/var/crash/
| Brian Murray (brian-murray) wrote : | #12 |
This other bucket has a lot of instances of the crash, its a different bucket because of the line number, and would probably be useful verifying the SRU.
https:/
| Brian Murray (brian-murray) wrote : | #13 |
Actually, it was only package install failure that triggered the FileExistsError and it was because apport_pkgfailure was called two times about the same package.
2015-10-16 13:47:48,206 DEBUG running apport_pkgfailure() init: pre-dependency problem - not installing init
2015-10-16 13:58:18,265 DEBUG running apport_pkgfailure() init: no package named `init' is installed, cannot configure
Regardless, we should fix it.
| description: | updated |
| Changed in apport (Ubuntu Trusty): | |
| assignee: | nobody → Brian Murray (brian-murray) |
| Changed in apport (Ubuntu Vivid): | |
| assignee: | nobody → Brian Murray (brian-murray) |
| Changed in apport (Ubuntu Trusty): | |
| status: | Confirmed → In Progress |
| Changed in apport (Ubuntu Vivid): | |
| status: | Confirmed → In Progress |
| Changed in apport (Ubuntu Trusty): | |
| importance: | Undecided → High |
| Changed in apport (Ubuntu Vivid): | |
| importance: | Undecided → High |
| description: | updated |
| Changed in apport (Ubuntu Precise): | |
| status: | Confirmed → In Progress |
| assignee: | nobody → Brian Murray (brian-murray) |
| importance: | Undecided → Medium |
| description: | updated |
Hello errors.ubuntu.com, or anyone else affected,
Accepted apport into vivid-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in apport (Ubuntu Vivid): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed |
| Changed in apport (Ubuntu Trusty): | |
| status: | In Progress → Fix Committed |
| Brian Murray (brian-murray) wrote : | #15 |
Hello errors.ubuntu.com, or anyone else affected,
Accepted apport into trusty-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Brian Murray (brian-murray) wrote : | #16 |
Hello errors.ubuntu.com, or anyone else affected,
Accepted apport into precise-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in apport (Ubuntu Precise): | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote : | #17 |
This bug was fixed in the package apport - 2.0.1-0ubuntu17.13
---------------
apport (2.0.1-
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:50:47 +0200
| Changed in apport (Ubuntu Precise): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #18 |
This bug was fixed in the package apport - 2.17.2-0ubuntu1.7
---------------
apport (2.17.2-0ubuntu1.7) vivid-security; urgency=medium
* test_backend_
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:05:43 +0200
| Changed in apport (Ubuntu Vivid): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #19 |
This bug was fixed in the package apport - 2.14.1-0ubuntu3.18
---------------
apport (2.14.1-
* test_backend_
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:15:37 +0200
| Changed in apport (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
| tags: | removed: rls-w-incoming verification-needed |
Status changed to 'Confirmed' because the bug affects multiple users.