whoopsie (0.2.62ubuntu0.6) bionic; urgency=medium * Attempt to fix double free issue (LP: #1899100) - src/whoopsie.c: reject duplicate keys, re-order certain operations. - src/tests/data/crash/invalid_key_duplicate, src/tests/test_parse_report.c: added test for duplicate keys. -- Brian Murray Wed, 02 Dec 2020 09:35:52 -0800 whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560) - lib/bson/*: updated to latest upstream release. - CVE-2020-12135 * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982) - src/whoopsie.c, src/tests/test_parse_report.c: properly handle GHashTable. - CVE-2020-11937 * SECURITY UPDATE: DoS via large data length (LP: #1882180) - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit the size of a report file. - CVE-2020-15570 -- Marc Deslauriers Fri, 24 Jul 2020 08:55:26 -0400 whoopsie (0.2.62ubuntu0.4) bionic-security; urgency=medium * SECURITY REGRESSION: segfault when sending crash report (LP: #1830865) - use uint32_t instead of size_t and INT32_MAX instead of INT_MAX as bson expects variable sizes to be 32 bits long. -- Tiago Stürmer Daitx Mon, 04 Nov 2019 23:33:08 +0000 whoopsie (0.2.62ubuntu0.3) bionic-security; urgency=medium * SECURITY REGRESSION: segfault when sending crash report (LP: #1850608) - lib/bson/bson.c: properly initialize value. -- Marc Deslauriers Wed, 30 Oct 2019 09:01:42 -0400 whoopsie (0.2.62ubuntu0.2) bionic-security; urgency=high * SECURITY UPDATE: Integer overflow when handling large bson objects (LP: #1830865) - lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t for size instead of int to prevent integer overflows. - lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX. - CVE-2019-11484 -- Tiago Stürmer Daitx Mon, 14 Oct 2019 14:16:56 +0000 whoopsie (0.2.62ubuntu0.1) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP: #1830863) - src/whoopsie.c: Don't use signed integer types for lengths to ensure large crash dumps do not cause signed integer overflow - CVE-2019-11476 -- Alex Murray Fri, 5 Jul 2019 14:15:25 +0930 whoopsie (0.2.62) bionic; urgency=medium * Remove /etc/whoopsie file as its contents are not read by whoopsie. (LP: #1756937) -- Brian Murray Fri, 06 Apr 2018 13:38:15 -0700 whoopsie (0.2.61) bionic; urgency=medium * Build-depend on libcurl4-gnutls-dev, not libcurl4-openssl-dev, to drop the redundant curl implementation from the desktop seeds and also fix a GPL violation. -- Steve Langasek Fri, 06 Apr 2018 10:48:31 -0700 whoopsie (0.2.60) bionic; urgency=medium * Include JournalErrors in information uploaded to the Error Tracker. (LP: #1756446) -- Brian Murray Fri, 30 Mar 2018 08:32:35 -0700 whoopsie (0.2.59) bionic; urgency=medium * Set CURLOPT_SSL_VERIFYPEER to 0 if env CRASH_DB_NOVERIFYPEER is set for testing daisy servers with self-signed certs. -- Brian Murray Wed, 31 Jan 2018 14:39:25 -0800 whoopsie (0.2.58) artful; urgency=medium * Modify the whoopsie service file to wants=networking-online.target too. -- Brian Murray Mon, 24 Jul 2017 13:42:40 -0700 whoopsie (0.2.57) artful; urgency=medium * src/connectivity.c: query the correct property when trying to network-manager's state. (LP: #1697375) * Modify the whoopsie service file to start after networking is on-line. -- Brian Murray Mon, 17 Jul 2017 13:08:38 -0700 whoopsie (0.2.56) artful; urgency=medium * src/whoopsie.c: Add HotspotError from the openjdk-8 package hook which can be larger than 1KB to the list of accepted fields. (LP: #1696814) -- Brian Murray Thu, 08 Jun 2017 15:44:53 -0700 whoopsie (0.2.55) zesty; urgency=medium * src/whoopsie.c: Add ProcCpuinfoMinimal which can be larger than 1KB to the list of accepted fields. (LP: #1673557) -- Brian Murray Wed, 29 Mar 2017 12:41:31 -0700 whoopsie (0.2.54) yakkety; urgency=medium * src/whoopsie.c: Add fields from package management applications that can be larger than 1KB to the list of accepted fields. (LP: #1616517) -- Brian Murray Fri, 09 Sep 2016 09:47:58 -0700 whoopsie (0.2.53) yakkety; urgency=medium * Ensure that Whoopsie picks up NetworkManager include paths to fix build. * Add dependency in dev package to gcrypt which is needed. -- Ted Gould Thu, 12 May 2016 09:48:10 +0200 whoopsie (0.2.52) xenial; urgency=medium * src/whoopsie.c: Preserve TABs in crash data. (LP: #1390627) * debian/control: Build-Depend on pyflakes3. -- Barry Warsaw Thu, 17 Mar 2016 17:09:44 -0400 whoopsie (0.2.51) xenial; urgency=medium [ Matthias Klose ] * Multiarchify the library packages. * Convert scripts to Python3. [ Brian Murray ] * Use pyflakes3 not pyflakes in the Makefile. -- Brian Murray Thu, 28 Jan 2016 07:54:09 -0800 whoopsie (0.2.50) xenial; urgency=medium * src/whoopsie.c: Move UnreportableReason from fields we don't send to errors to fields we do, that way we know apport's opinion of the crash. (LP: #1382233) -- Brian Murray Tue, 03 Nov 2015 13:30:52 -0800 whoopsie (0.2.49) wily; urgency=medium [ Evan Dandrea ] * Helper to create recoverable problem reports. Thanks Ted Gould! [ Brian Murray ] * Switch build-depends from transitional libgcrypt11-dev to libgcrypt20-dev. Thanks to Robert Ancell. * Only publish the CRASH_DB_IDENTIFIER on the file system if it was not set via an environmental variable. (LP: #1389357) -- Brian Murray Wed, 07 Oct 2015 10:09:03 -0700 whoopsie (0.2.48) wily; urgency=medium * data/whoopsie.service: remove check for ubiquity-dm so that whoopsie will run again on the Live CD. -- Brian Murray Wed, 13 May 2015 14:52:36 -0700 whoopsie (0.2.47) vivid; urgency=medium [ Didier Roche ] * Remove /etc/default/whoopsie conffile and avoid upgrade prompt: (LP: #1431432) - debian/whoopsie.maintscript: get it removed on upgrade - debian/whoopsie.preinst: copy the optional report_metrics value if set by gnome-control-center capplet to /etc/whoopsie (not a conffile). (LP: #1412719) Refactor the logic for caching report_crashes as well. - debian/whoopsie.postinst: enhance the logic to ensure we don't have the service started after upgrade and keep it disable if it was disabled - Makefile, data/whoopsie: remove the conffile so that we don't ship it * Bump Standards-Version [ Michael Blennerhassett ] * Under upstart: Set the WAIT_STATE to get wait-for-state to do something useful. GOAL is also not needed. -- Didier Roche Thu, 12 Mar 2015 17:21:58 +0100 whoopsie (0.2.46) vivid; urgency=medium * debian/whoopsie.init: Reverting previous change as it makes whoopsie upstart job to get in an infinite loop when starting the service (needs to be better investigated first) -- Ricardo Salveti de Araujo Thu, 05 Feb 2015 18:15:00 -0200 whoopsie (0.2.45) vivid; urgency=medium * Merge patch from Bryan Quigley to only log when whoopsie's state changes. (LP: #1217407) -- Brian Murray Mon, 02 Feb 2015 13:54:58 -0800 whoopsie (0.2.44) vivid; urgency=medium * debian/whoopsie.init: Make this actually work. -- Martin Pitt Thu, 15 Jan 2015 19:50:50 +0100 whoopsie (0.2.43) vivid; urgency=medium * Remove .crash file if we are unable to create a .uploaded file for it to prevent trying to upload the same crash file multiple times. (LP: #1392412) * Avoid buffer overflow when parsing reports. Thanks to John-Mark Bell for the patch. (LP: #1397340) -- Brian Murray Wed, 17 Dec 2014 16:17:33 -0800 whoopsie (0.2.42) vivid; urgency=medium * Disable whoopsie in systemd if the sysadmin set it as disabled in /etc/default/whoopsie: (LP: #1390014) - remove report_crashes key from the conffile - if was set to false, generate an upstart override and disable it with systemctl - remove the condition in the upstart job, just use the override * Add Environment= to units instead of executing a shell script to set the daemon env. * Ship an init script file and handle upstart/init startup being disabled depending on /etc/default/whoopsie. * Use systemd debhelper sequence now. -- Didier Roche Thu, 06 Nov 2014 12:32:06 +0100 whoopsie (0.2.41) vivid; urgency=medium * Start whoopsie if ubiquity presence is detected, so that we can report crashes from installation environments to the Error Tracker. -- Brian Murray Fri, 31 Oct 2014 11:30:25 -0700 whoopsie (0.2.40) vivid; urgency=medium [ Evan Dandrea ] * Wait for network-manager to start when it's installed. [ Brian Murray ] * tests/monitor: Stop using mktemp, and clean up after ourselves in the callback_not_triggered_without_upload_file test. * Change ownership of whoopsie-id so that it is not world readable. (LP: #1386752) -- Brian Murray Wed, 29 Oct 2014 10:28:24 -0700 whoopsie (0.2.39) utopic; urgency=medium * Use G_SOURCE_CONTINUE and G_SOURCE_REMOVE for GSourceFunc return values, for clarity * tests/monitor: Call g_main_loop_quit from a callback function which removes the source instead of directly. GSourceFuncs need to return a boolean to say if they should be executed again or not. (LP: #1381804) -- Iain Lane Thu, 16 Oct 2014 10:32:22 +0100 whoopsie (0.2.38) utopic; urgency=medium [ Evan Dandrea ] * Run all the tests, then exit on failure. [ Brian Murray ] * Add _MarkForUpload field to the blacklist as it is redundant. * Make whoopsie_identifier_generate() stable throughout the system boot. Thanks Dimitri. (LP: #1339916) * Temporarily disable test_identifier test as it has never worked when building the package. * Create /var/lib/whoopsie and store the identifier there in whoopsie-id. -- Brian Murray Thu, 09 Oct 2014 15:58:48 -0700 whoopsie (0.2.37) utopic; urgency=medium [ Evan Dandrea ] * Attempt to use the android serial number before falling back to the system UUID. Thanks Dimitri. * Log in more parts of the connectivity check. * Provide timestamps when logging to the foreground. [ Brian Murray ] * Merge Ted's branch that allows uploading of any field with data less than 1KB, creating a whitelist of fields with large data, and a blacklist of fields we don't want in the error tracker. * Fix bug in how timestamps are provided. -- Brian Murray Thu, 28 Aug 2014 15:25:15 -0700 whoopsie (0.2.36) utopic; urgency=medium * In the apport package hook switch from searching syslog for whoopsie messages and instead upload /var/log/upstart/whoopsie.log. * src/whoopsie.c: include SystemImageInfo in the data uploaded to errors. -- Brian Murray Tue, 29 Jul 2014 13:49:36 -0700 whoopsie (0.2.35) utopic; urgency=medium [ Brian Murray ] * Add a space before the autoreport tag in bug reports. [ Martin Pitt ] * data/whoopsie.conf: Start whoopsie in the foreground and drop the "expect fork". This provides proper logging to /var/log/upstart/, simplifies things for upstart, and also curiously seems to cause crash reports to now actually get picked up and uploaded. (LP: #1340604) * debian/control: Fix Vcs-* tags to make debcheckout actually work. * Bump Standards-Version to 3.9.5 (no changes necessary). -- Martin Pitt Thu, 24 Jul 2014 14:36:06 +0200 whoopsie (0.2.34) utopic; urgency=medium [ John Lenton ] * Obtain a MAC address for system identifier generation even if the network is not up. (LP: #1328285) -- Brian Murray Mon, 07 Jul 2014 11:44:26 -0700 whoopsie (0.2.33) utopic; urgency=medium * Log the OOPS ID (returned by daisy) in another case. -- Brian Murray Thu, 26 Jun 2014 09:10:28 -0700 whoopsie (0.2.32) utopic; urgency=medium * Gather autoreport and apport-noui information in the package hook. Also check syslog for information from whoopsie. -- Brian Murray Mon, 23 Jun 2014 09:44:20 -0700 whoopsie (0.2.31) utopic; urgency=medium * Log the OOPS ID (returned by daisy) for the reported crash. (LP: #1326000) -- Brian Murray Mon, 09 Jun 2014 10:49:55 -0700 whoopsie (0.2.30) utopic; urgency=medium * Clean up src/tests/test_logging.test.o. -- Evan Dandrea Mon, 02 Jun 2014 17:42:27 +0100 whoopsie (0.2.29) utopic; urgency=medium [ John Lenton ] * Depend on gio in libwhoopsie. -- Evan Dandrea Mon, 02 Jun 2014 14:56:25 +0100 whoopsie (0.2.28) utopic; urgency=medium * Fix FTBFS. -- Evan Dandrea Mon, 02 Jun 2014 11:19:57 +0100 whoopsie (0.2.27) utopic; urgency=medium [ Brian Murray ] * Log that we are offline because we are using a network connection where one may have to pay for data usage. [ John Lenton ] * Ask ofono for the IMEI as an id source. * Don't return null string during session start (LP: #1311571). * Fix attempting to remove a source that has already been removed. [ Ted Gould ] * Don't break if whoopsie is running (i.e. developer system). -- Evan Dandrea Mon, 02 Jun 2014 11:10:40 +0100 whoopsie (0.2.26) utopic; urgency=medium * Add systemd unit. (LP: #1314413) -- Martin Pitt Mon, 12 May 2014 10:04:10 +0200 whoopsie (0.2.25) utopic; urgency=medium * Collect iwl firmware debugging dumps. -- Evan Dandrea Tue, 29 Apr 2014 12:00:21 +0100 whoopsie (0.2.24.5) trusty; urgency=medium * Do not send Stacktrace, and ThreadStacktrace as retracing with ddebs will provide more useful versions of them. (LP: #1306175) -- Brian Murray Thu, 10 Apr 2014 10:58:39 -0700 whoopsie (0.2.24.4) trusty; urgency=low * Close and reopen the log file so that the file descriptor is not closed when daemonizing. (LP: #1245524) -- Brian Murray Tue, 21 Jan 2014 08:23:30 -0800 whoopsie (0.2.24.3) trusty; urgency=medium * Don't use valgrind altogether, reporting unrelated leakage. -- Dimitri John Ledkov Mon, 23 Dec 2013 20:15:10 +0000 whoopsie (0.2.24.2) trusty; urgency=medium * Don't use valgrind on ppc64el. -- Matthias Klose Wed, 18 Dec 2013 17:16:25 +0100 whoopsie (0.2.24.1) saucy; urgency=low * Fix !arm64 build. -- Dmitrijs Ledkovs Wed, 16 Oct 2013 09:53:22 +0100 whoopsie (0.2.24) saucy; urgency=low * Do not run valgrind tests, when not available. -- Dmitrijs Ledkovs Wed, 16 Oct 2013 09:40:03 +0100 whoopsie (0.2.23) saucy; urgency=low * Don't lower the refcount to 0 on the system bus until shutdown, when the application is done using it (LP: #1211417). * Clean up calls to g_variant_get. Don't bother sinking the reference before calling our own functions. * Fix test_get_system_uuid unit test leaking memory. -- Evan Dandrea Fri, 16 Aug 2013 14:54:08 +0100 whoopsie (0.2.22) saucy; urgency=low * Add an option to assume there is always a route to $CRASH_DB_URL. -- Evan Dandrea Thu, 15 Aug 2013 08:35:13 +0100 whoopsie (0.2.21) saucy; urgency=low * Fix logically dead code path. Thanks Coverity (CID 989205). * Don't leak a socket if we cannot get the list of network interfaces. Thanks Coverity (CID 971184). * Avoid a potential null pointer dereference. * Always log messages via the logging code, never straight to stdout. -- Evan Dandrea Wed, 14 Aug 2013 14:02:26 +0100 whoopsie (0.2.20) saucy; urgency=low * Don't fail if the temporary file in the logging test has already gone away. -- Evan Dandrea Mon, 12 Aug 2013 09:43:25 +0100 whoopsie (0.2.19) saucy; urgency=low * Better handle stat calls in logging test. * If APPORT_REPORT_DIR is set to a nul-byte, fall back to the default. -- Evan Dandrea Fri, 09 Aug 2013 16:46:20 +0100 whoopsie (0.2.18) saucy; urgency=low * Debugging why the buildds cannot remove the temporary files created for the logging tests. -- Evan Dandrea Fri, 09 Aug 2013 15:57:54 +0100 whoopsie (0.2.17) saucy; urgency=low * Log to syslog. -- Evan Dandrea Fri, 09 Aug 2013 11:34:05 +0100 whoopsie (0.2.16) saucy; urgency=low * Continue to process the existing crash reports every two hours, not just once after two hours (LP: #1205374). -- Evan Dandrea Fri, 26 Jul 2013 16:17:31 +0100 whoopsie (0.2.15) raring; urgency=low * Bring back old GDBus code to talk to NetworkManager as a workaround for LP: #1124330. -- Evan Dandrea Tue, 26 Feb 2013 10:51:11 +0000 whoopsie (0.2.14) raring; urgency=low * Don't crash when there are no active connections. Thanks Ben Collins. -- Evan Dandrea Wed, 20 Feb 2013 18:17:21 +0000 whoopsie (0.2.13ubuntu1) raring; urgency=low * Do not start whoopsie if ubiquity presence is detected, as it causes failures to install/oem-configure. Regression between 0.2.9 - 0.2.13. See http://pad.lv/1123798 for history. -- Dmitrijs Ledkovs Mon, 18 Feb 2013 16:40:24 +0000 whoopsie (0.2.13) raring; urgency=low * Do not leak when CURL cannot be initialised. Tear down the directory monitors in the test cases. Cast to correct arguments when setting up a report processing timeout. * Don't try to connect signals to NULL objects. * Don't look for reports in /var/crash when running the valgrind tests. Makefile * Set up /var/crash earlier and with the correct permissions, while we still have root. -- Evan Dandrea Tue, 12 Feb 2013 15:12:02 +0000 whoopsie (0.2.12) raring; urgency=low * g_type_init is deprecated in 2.35/2.36 according to the buildds. * Put src/ in the library path when running whoopsie under the valgrind test. * Fix memory leak when the .upload file does not exist when checking to see if a report has already been handled. Thanks Colin Watson. * Use glib memory allocation everywhere. * Fix a leak if we cannot get the default network monitor. * Don't initialise the W32 bits in CURL. * Don't initialise curl until we're ready to use it. * Actually pass the report directory to process_existing_files at the timeout interval. -- Evan Dandrea Tue, 05 Feb 2013 17:12:18 +0000 whoopsie (0.2.11) raring; urgency=low * Build-depend on valgrind. -- Evan Dandrea Tue, 29 Jan 2013 20:23:54 +0000 whoopsie (0.2.10) quantal; urgency=low * smatch-detected redundant null check. 'If ptr is NULL, no operation is performed.' * valgrind-discovered leak in process_existing_files when the crash report has already been handled. * Clean up after the directory monitor when we're done with it. * Stop monitoring for connectivity on shutdown. * Use libnm-glib instead of DBus for communicating with NetworkManager. This fixes a hard-to-trace memory leak in our usage of gvariant. * Fix a socket leak found by Coverity. * Finally check the mkdir call for the /var/crash directory, now that Coverity is complaining about it. -- Evan Dandrea Tue, 29 Jan 2013 20:20:04 +0000 whoopsie (0.2.9) raring; urgency=low * Do not modify the .uploaded file corresponding to a .crash file when starting up (LP: #1084311) -- Brian Murray Tue, 11 Dec 2012 10:16:56 -0800 whoopsie (0.2.8) raring; urgency=low * Fix /whoopsie/get-mac-address test. This test previously hardcoded "eth0" for comparing the MAC against. eth0 is not guaranteed to exist, and whoopsie might use another device instead (such as wlan0). Change the test to require that whoopsie_identifier_get_mac_address() matches any network device instead. * Run as non-root when specifying additional environment variables. We mostly need root privileges for determining the system UUID and for creating the lock file. When testing, it is often convenient to run this with a predictable fake UUID and a temporary report directory, so start without root privileges if $CRASH_DB_IDENTIFIER is provided. Just like Apport, also respect $APPORT_REPORT_DIR to use a different report directory. If this is given, create the lock file there instead of in /var/lock/whoopsie/. * Fix all compiler warnings: - Add some missing #includes - Fix version parsing in src/tests/Makefile - Fix broken function declarations - Move non-test code into #ifndef TEST section -- Martin Pitt Tue, 11 Dec 2012 11:49:49 +0100 whoopsie (0.2.7) quantal-proposed; urgency=low * Also include the InstallationMedia field so that we can tie the installation date to a release (LP: #1071255). -- Evan Dandrea Thu, 25 Oct 2012 11:46:12 +0100 whoopsie (0.2.6) quantal-proposed; urgency=low * Send the UpgradeStatus and InstallationDate fields from apport (LP: #1070400). -- Evan Dandrea Wed, 24 Oct 2012 11:05:50 +0100 whoopsie (0.2.5) quantal; urgency=low * Send the OopsText field so that we can generate a crash signature for KernelOops problems. This lets us bucket KernelOops problems together so they appear in the 'most common problems' table on https://errors.ubuntu.com. -- Evan Dandrea Fri, 12 Oct 2012 15:25:22 +0100 whoopsie (0.2.4) quantal; urgency=low * Send the Tags field with the report so that we can create a view of just crashes of packages installed from $release-proposed. -- Evan Dandrea Thu, 11 Oct 2012 14:36:51 +0100 whoopsie (0.2.3) quantal; urgency=low * Do not send the kernel core dump (VmCore) with the initial crash metadata. -- Evan Dandrea Mon, 17 Sep 2012 10:30:19 +0100 whoopsie (0.2.2) quantal; urgency=low [ Brian Murray ] * Add LiveMediaBuild to acceptable fields (LP: #999816) -- Evan Dandrea Wed, 29 Aug 2012 10:00:56 +0100 whoopsie (0.2.1) quantal; urgency=low * Provide a libwhoopsie library. This allows the control center panel via activity-log-manager to provide a 'Show Previous Reports' button. -- Evan Dandrea Mon, 18 Jun 2012 09:32:46 +0100 whoopsie (0.2.0) quantal; urgency=low * Create the /var/metrics directory for metrics submission. Thanks Ted Gould. * Fallback to using the SHA-512 hash of the first non-loopback MAC address (LP: #963007, LP: #959308). -- Evan Dandrea Thu, 14 Jun 2012 20:57:31 +0100 whoopsie-daisy (0.1.32) precise; urgency=low * Fix failing tests on powerpc and ARM. -- Evan Dandrea Wed, 18 Apr 2012 13:04:36 +0100 whoopsie-daisy (0.1.31) precise; urgency=low * == is a bashism. -- Evan Dandrea Thu, 12 Apr 2012 15:06:11 +0100 whoopsie-daisy (0.1.30) precise; urgency=low * Stop rejecting legal arguments to the postinst (LP: #978436). Thanks Colin Watson! -- Evan Dandrea Thu, 12 Apr 2012 09:00:26 +0100 whoopsie-daisy (0.1.29) precise; urgency=low * Mark reports as complete when we get a HTTP response of 400 from the server, as these represent the server not liking what we sent it. Sending these again repeatedly would be pointless (LP: #979082). -- Evan Dandrea Wed, 11 Apr 2012 17:36:32 +0100 whoopsie-daisy (0.1.28) precise; urgency=low * Create /var/crash if it doesn't already exist. Don't silence the chmod and chgrp calls on it. Thanks Colin Watson (LP: #978502)! -- Evan Dandrea Wed, 11 Apr 2012 09:44:12 +0100 whoopsie-daisy (0.1.27) precise; urgency=low * Drop /etc/cron.daily/whoopsie. This is handled in apport now. -- Evan Dandrea Tue, 10 Apr 2012 18:01:02 +0100 whoopsie-daisy (0.1.26) precise; urgency=low * Take ownership of the NetworkManager state variant on setup and unref it, plugging a memory leak. * Log the reason the server rejected the submitted crash report. * Send the Whoopsie version with each crash submission. * Delete both .upload and .uploaded files after 14 days. Thanks Marc Deslauriers (LP: #973687). -- Evan Dandrea Tue, 10 Apr 2012 14:28:58 +0100 whoopsie-daisy (0.1.25) precise; urgency=low * Stop using a queue to monitor reports that need to be processed. Just iterate over the reports that have a .upload file, but do not have a matching .uploaded file. * Set the GSettings backend to memory to avoid pulling in DConf when we call into GNetworkMonitor. * Split out the /var/crash monitoring code and add tests for it. * Plug some memory leaks. -- Evan Dandrea Thu, 29 Mar 2012 23:30:39 +0100 whoopsie-daisy (0.1.24) precise; urgency=low * Add the file listing of /var/crash to whoopsie bug reports. Taken from apport's package hook. * Fix cppcheck call in make check. * Monitor network connectivity using NetworkManager and GNetworkMonitor. Do not report being online and able to report crashes if the user only has 3G or dial-up connectivity, or if there is no route. * Do not upload crashes multiple times if the file attributes for their .upload files change while on the report queue. -- Evan Dandrea Thu, 29 Mar 2012 11:37:51 +0100 whoopsie-daisy (0.1.23) precise; urgency=low * Fix builds failing when cppcheck isn't present. * Clean up closing file descriptors in mark_handled. Thanks Colin Watson. -- Evan Dandrea Fri, 23 Mar 2012 14:43:41 +0000 whoopsie-daisy (0.1.22) precise; urgency=low * Do not leak the file descriptor of our lockfile. * Do not leak a file descriptor when marking a report as handled. Add a test for the mark_report function. * Fix potential NULL pointer dereference in report tests. * If allocated with g_malloc, free with g_free. * Add cppcheck to make check, but only when it's installed. * Plug a memory corruption bug (hopefully). g_queue_find_custom returns a *link* not a list, so do not try to hand it back to the slice allocator as if it were a list. -- Evan Dandrea Fri, 23 Mar 2012 14:17:43 +0000 whoopsie-daisy (0.1.21) precise; urgency=low [ Steve Langasek ] * debian/rules: make sure dh_installinit knows about our upstart job, so we get correct start/stop/restart handling on install/removal/upgrade. [ Evan Dandrea ] * Disable the network detection for now, to help in tracking the source of a memory corruption bug. * Clean up option parsing a bit. -- Evan Dandrea Fri, 23 Mar 2012 11:44:51 +0000 whoopsie-daisy (0.1.20) precise; urgency=low * Handle errors in changing the filename extension, even when we're pretty sure we have an extension. * Handle errors in g_file_get_path. * CURLOPT_WRITEFUNCTION may be called successively. Grow a string with each call to account for this. * Add an apport hook for attaching the stderr output when run under upstart. -- Evan Dandrea Thu, 22 Mar 2012 15:22:51 +0000 whoopsie-daisy (0.1.19) precise; urgency=low * Handle errors in parsing the crash database URL. * Do not double-free the crash database core submission URL when a system UUID is not present (LP: #960972). * Handle errors in bson_append_string. * Handle more BSON error conditions. * Handle empty values in the apport format ("KeyName:\n") (LP: #960766, LP: #960737, LP: #960751). -- Evan Dandrea Wed, 21 Mar 2012 17:39:20 +0000 whoopsie-daisy (0.1.18) precise; urgency=low * Use https for crash reporting. * Ensure we generate core dumps when whoopsie crashes. * Do not give whoopsie a shell. -- Evan Dandrea Tue, 20 Mar 2012 21:24:51 +0000 whoopsie-daisy (0.1.17) precise; urgency=low * Ship a default configuration file. -- Evan Dandrea Fri, 16 Mar 2012 14:36:57 +0000 whoopsie-daisy (0.1.16) precise; urgency=low * Fix the build of the previous release failing on account of make check was failing in the backend code. -- Evan Dandrea Mon, 12 Mar 2012 17:45:47 +0000 whoopsie-daisy (0.1.15) precise; urgency=low * Handle multiple crashes of the same binary by watching the modification times on the .upload and .uploaded files. -- Evan Dandrea Mon, 12 Mar 2012 17:06:26 +0000 whoopsie-daisy (0.1.14) precise; urgency=low * Do not include 'base64 ' on the front of any base64-encoded field. * Check the return value of asprintf. * CURLOPT_VERBOSE expects a long. * CURLOPT_WRITEDATA expects a pointer. -- Evan Dandrea Mon, 27 Feb 2012 17:50:52 +0000 whoopsie-daisy (0.1.13) precise; urgency=low * Support UTF-8 encoded text in crash reports. * Only send a subset of the possible fields in a report, ignoring fields created by package hooks. -- Evan Dandrea Sun, 26 Feb 2012 15:44:01 +0000 whoopsie-daisy (0.1.12) precise; urgency=low * Add pyflakes to the build dependencies. -- Evan Dandrea Thu, 23 Feb 2012 15:11:59 +0000 whoopsie-daisy (0.1.11) precise; urgency=low * Do not start the daemon if crash reporting is turned off. * Output a better error message if the daemon is not started as root. * Do not keep trying to process reports that cannot be parsed. * Provide a long description for the whoopsie package. * Drop the GNOME Control Center page for controlling crash reporting. This has been moved into the activity-log-manager package and these settings can be found under the 'Diagnostics' tab in Privacy. -- Evan Dandrea Thu, 23 Feb 2012 15:01:18 +0000 whoopsie-daisy (0.1.10) precise; urgency=low * Add a cron job (run daily) to clean up the .upload and .uploaded files. * Remove the metrics preferences, since this does not exist. -- Evan Dandrea Fri, 17 Feb 2012 19:11:08 +0000 whoopsie-daisy (0.1.9) precise; urgency=low * Change the queue processing timeout to every two hours. * Change the GNOME Control Center page name to Diagnostics (LP: #934052). -- Evan Dandrea Fri, 17 Feb 2012 15:34:24 +0000 whoopsie-daisy (0.1.8) precise; urgency=low * Security fixes. Thanks Jamie Strandboge for the review. - Check the return value of the open call in get_system_uuid. - Properly initialize libcrypt. - Check that the call to gcry_md_open succeeds - Ensure that reading the SHA512 message digest succeeds. - Protect against changes to the message digest length creating a security vulnerability. - Check the returncode of setenv. - Use /var/lock/whoopsie instead of /tmp/.whoopsie-lock. - umask is usually called before fork. - Future-proof by using getrlimit instead of explicitly closing STD* - Redirect stdin, stdout, and stderr to /dev/null. - Ensure strings created in update_to_crash_file are NULL-terminated. - Only process regular files in /var/crash. - Replace calls to *alloc with g_*alloc, which calls abort() on failure. - Remove unused system_uuid pointer. - Fix warnings in make check. - Initialize all of curl. - Redirect stderr to null in chgrp and chmod calls. - Set home directory to /nonexistent. - Enable libcrypt secure memory. - Put the lock file in /var/lock/whoopsie/. - Sanity check the CRASH_DB_URL environment variable. - Added tests: - Check handling of embedded NUL bytes. - Verify that symlinks in /var/crash produce the correct error message. - Verify that keys without values in reports produce an error message. - Ensure that the report does not start with a value. - Correctly identify a report without spaces as malformed. - Verify that directories in /var/crash produce the correct error message. - Ensure that blank lines in a report are treated as errors. - Ensure that carriage returns are escaped. - Do not start multi-line values with a newline. - Check that a valid report has the exact expected contents. - Ensure that other variants of embedded carriage returns are escaped. - Verify that reports without a trailing newline are handled properly. * Change crash database URL to http://daisy.ubuntu.com. * Main inclusion request approved (LP: #913694). -- Evan Dandrea Thu, 16 Feb 2012 16:37:35 +0000 whoopsie-daisy (0.1.7) precise; urgency=low * Do not attempt to load the control center panel UI from the build directory. -- Evan Dandrea Fri, 10 Feb 2012 10:43:51 +0000 whoopsie-daisy (0.1.6) precise; urgency=low * Don't fail if there are no crash files (LP: #928735). -- Evan Dandrea Thu, 09 Feb 2012 13:18:08 +0000 whoopsie-daisy (0.1.5) precise; urgency=low * Add a control center privacy preferences page. -- Evan Dandrea Mon, 06 Feb 2012 14:19:15 +0000 whoopsie-daisy (0.1.4) precise; urgency=low * Write the system UUID to the UserOOPS ColumnFamily. * Drop the CAP_FOWNER stuff. As James points out, we can just write a .uploaded file and let cron clean up the mess. * Have the client pass the architecture, rather that have an intermediary processing step in the MQ. * Add retracing support in process_core.py. -- Evan Dandrea Thu, 26 Jan 2012 12:46:54 +0000 whoopsie-daisy (0.1.3) precise; urgency=low * Drop NetworkManager cflags and libs from Makefile. * Add missing -lcap to tests Makefile. -- Evan Dandrea Wed, 18 Jan 2012 17:58:17 +0000 whoopsie-daisy (0.1.2) precise; urgency=low * Added an upstart job. * Don't segfault if we cannot open the report. * Move to txstatsd for metrics submission. * Moved to WSGI. * Dropped Content-length, as it's superfluous. * Use oops-repository for talking to Cassandra. * Update the documentation. * Don't run install target on make. * Fix a double-free when a report is addded, then removed from the queue. * Submit the core file when asked. * Add initial MQ publishing for core file processing. * Submit a SHA-512 hash of the system UUID to key against. * Drop privileges when spawning. * Don't crash if there are files without an extension in /var/crash. * Fix a really nasty memory corruption bug. * Make warnings build failures. * Remove the lock file on exit. * Add tests for get_system_uuid, get_crash_db_url, and hex_to_char. * Move to GNetworkMonitor from NetworkManager for the network connectivity check. * Ensure in the postinst that whoopsie can read crash reports in /var/crash. * Isolate whoopsie into its own mount namespace, dropping all privileges and capabilities but CAP_FOWNER, so that we can delete files in /var/crash even though it's +t. -- Evan Dandrea Wed, 18 Jan 2012 17:26:02 +0000 whoopsie-daisy (0.1.1) precise; urgency=low * Build dependencies. -- Evan Dandrea Mon, 09 Jan 2012 08:29:06 +0000 whoopsie-daisy (0.1) precise; urgency=low * Initial Release. -- Evan Dandrea Thu, 01 Dec 2011 14:33:08 +0000