Ubuntu
whoopsie-daisy package

whoopsie-daisy 0.1.8 source package in Ubuntu

Changelog

whoopsie-daisy (0.1.8) precise; urgency=low

  * Security fixes. Thanks Jamie Strandboge for the review.
    - Check the return value of the open call in get_system_uuid.
    - Properly initialize libcrypt.
    - Check that the call to gcry_md_open succeeds
    - Ensure that reading the SHA512 message digest succeeds.
    - Protect against changes to the message digest length creating a
      security vulnerability.
    - Check the returncode of setenv.
    - Use /var/lock/whoopsie instead of /tmp/.whoopsie-lock.
    - umask is usually called before fork.
    - Future-proof by using getrlimit instead of explicitly closing STD*
    - Redirect stdin, stdout, and stderr to /dev/null.
    - Ensure strings created in update_to_crash_file are NULL-terminated.
    - Only process regular files in /var/crash.
    - Replace calls to *alloc with g_*alloc, which calls abort() on
      failure.
    - Remove unused system_uuid pointer.
    - Fix warnings in make check.
    - Initialize all of curl.
    - Redirect stderr to null in chgrp and chmod calls.
    - Set home directory to /nonexistent.
    - Enable libcrypt secure memory.
    - Put the lock file in /var/lock/whoopsie/.
    - Sanity check the CRASH_DB_URL environment variable.
    - Added tests:
      - Check handling of embedded NUL bytes.
      - Verify that symlinks in /var/crash produce the correct error
        message.
      - Verify that keys without values in reports produce an error message.
      - Ensure that the report does not start with a value.
      - Correctly identify a report without spaces as malformed.
      - Verify that directories in /var/crash produce the correct error
        message.
      - Ensure that blank lines in a report are treated as errors.
      - Ensure that carriage returns are escaped.
      - Do not start multi-line values with a newline.
      - Check that a valid report has the exact expected contents.
      - Ensure that other variants of embedded carriage returns are escaped.
      - Verify that reports without a trailing newline are handled properly.
  * Change crash database URL to http://daisy.ubuntu.com.
  * Main inclusion request approved (LP: #913694).
 -- Evan Dandrea <email address hidden>   Thu, 16 Feb 2012 16:37:35 +0000

Upload details

Uploaded by:
Evan
Uploaded to:
Precise
Original maintainer:
Evan
Architectures:
any
Section:
utils
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
whoopsie-daisy_0.1.8.tar.gz 52.7 KiB 7e1c6dba1b9b872d40ced912ba60be7a3abbbaa6338050e12694ddd6c77ac73a
whoopsie-daisy_0.1.8.dsc 1.0 KiB 7be7c5592f088c7cf1be8b73fc1a12d5e9bb3ca168ad3c277adf6a7eb04b130c

Available diffs

View changes file

Binary packages built by this source

whoopsie: Ubuntu crash database submission daemon

 This program submits crash reports back to an Ubuntu server.