Download project files

How do I verify a download?


110 of 110 releases

2.20.4 release from the trunk series released 2016-12-14

Release information
Release notes:

* SECURITY FIX: Restrict a report's CrashDB field to literals.
   Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary
   code execution from malicious .crash files. A user could be tricked into
   opening a crash file whose CrashDB field contains an exec(), open(), or
   similar commands; this is fairly easy as we install a MIME handler for
   these. Thanks to Donncha O'Cearbhaill for discovering this!
   (CVE-2016-9949, LP: #1648806)
 * SECURITY FIX: Fix path traversal vulnerability with hooks execution.
   Ensure that Package: and SourcePackage: fields loaded from reports do not
   contain directories. Until now, an attacker could trick a user into opening a
   malicious .crash file containing

     Package: ../../../../some/dir/foo

   which would execute /some...

File Description Downloads
download icon apport-2.20.4.tar.gz (md5, sig) release tarball 153
last downloaded 24 hours ago
Total downloads: 153

2.20.3 release from the trunk series released 2016-07-28

Release information
Release notes:

* problem_report.py: Fail with proper exception when trying to assign a list
   to a report key, or when trying to assing a tuple with more than 4 entries.
   (LP: #1596713)
 * test_backend_apt_dpkg.py: Install GPG key for ddebs.ubuntu.com to avoid apt
   authentication errors.

File Description Downloads
download icon apport-2.20.3.tar.gz (md5, sig) release tarball 58
last downloaded 9 weeks ago
Total downloads: 58

2.20.2 release from the trunk series released 2016-06-19

Release information
Release notes:

* problem_report.py: Make assertion of invalid key names more verbose.
 * hookutils.py: Fix generation of valid report key names from arbitrary paths
   in attach_file() and related functions. This will now replace all invalid
   characters with dots, not just a few known invalid ones. (LP: #1566975)
 * problem_report.py: Instead of AssertionError, raise a ValueError for invalid
   key names and TypeError for invalid kinds of values. Thanks Barry Warsaw.
 * Don't ignore OSError in Report.add_gdb_info(), as we do want to fail with an
   useful error message if gdb cannot be called in apport-retrace. Move the
   catching to the UI as not having gdb installed is still fine for reporting
   clients. (LP: #1579949)
 * Show gdb error messages in Report.add_gdb_info() OSError exception when gd...

File Description Downloads
download icon apport-2.20.2.tar.gz (md5, sig) release tarball 34
last downloaded 10 weeks ago
Total downloads: 34

2.20.1 release from the trunk series released 2016-03-31

Release information
Release notes:

* Fix signal_crashes.test_modify_after_start test when running as root.
 * Relax report.test_add_gdb_info gdb warning check, as this changed with gdb
   7.10.90.
 * crash-digger: Untag bugs which cannot be retraced instead of stopping
   crash-digger. This led to too many pointless manual restarts on broken bug
   reports.
 * Disambiguate overly generic Python exceptions in duplicate signature
   computation: dbus-glib's DBusException wraps a "real" server-side exception,
   so add the class of that to disambiguate different crashes; for OSError
   that is not a known subclass like FileNotFoundError, add the errno.
   (LP: #989819)

File Description Downloads
download icon apport-2.20.1.tar.gz (md5, sig) release tarball 28
last downloaded 4 weeks ago
Total downloads: 28

2.20 release from the trunk series released 2016-02-12

Release information
Release notes:

* Reimplement forwarding crashes into a container, via activating the new
   apport-forward.socket in the container and handing over the core dump fd.
   This is a much safer way than the original implementation with nsexec.
   Thanks St├ęphane Graber! (LP: #1445064)
 * Drop obsolete signal_crashes.test_ns_forward_privilege() test case. This
   code was dropped long ago.

File Description Downloads
download icon apport-2.20.tar.gz (md5, sig) release tarball 41
last downloaded 10 weeks ago
Total downloads: 41

2.19.4 release from the trunk series released 2016-01-26

Release information
Release notes:

* Fix fileutils.test_find_package_desktopfile test for symlinks and other
   unowned files in /usr/share/applications/.
 * Fix ui.test_run_crash_anonymity test case to not fail if the base64 encoded
   core dump happens to contain the user name, as that's just by chance.
 * Fix test_hooks.py for unreleased gcc versions which have a different
   --version format.
 * hookutils.py, attach_hardware(): Stop attaching /var/log/udev. This was an
   upstart-ism, mostly redundant with the udev db and is not being written
   under systemd. (LP: #1537211)

File Description Downloads
download icon apport-2.19.4.tar.gz (md5, sig) release tarball 35
last downloaded 11 weeks ago
Total downloads: 35

2.19.3 release from the trunk series released 2015-12-08

Release information
Release notes:

* apport: Fix comparison against SIGQUIT to work for current Python versions.
 * apt/dpkg: Fix source record lookup in install_packages. Thanks Brian Murray!
 * hookutils.py, attach_gsettings_schema(): Don't replace the schema variable;
   fixes attaching relocatable schemas. Thanks S├ębastien Bacher!
 * generic hook: Limit JournalErrors to the 1.000 last lines. This avoids long
   report load times when processes cause massive log spew. (LP: #1516947)
 * Add key filtering to ProblemReport.load().
 * Don't read the entire report when determining the CrashCounter. This avoids
   long delays for existing large reports.
 * test_python_crashes.py: Be less sensitive to the precise names of
   gvfs-metadata D-Bus service files.
 * Move backend_apt_dpkg -dbgsym test cases to Ubuntu 15.10.
 * Te...

File Description Downloads
download icon apport-2.19.3.tar.gz (md5, sig) release tarball 28
last downloaded 10 weeks ago
Total downloads: 28

2.19.2 release from the trunk series released 2015-10-27

Release information
Release notes:

* SECURITY FIX: When determining the path of a Python module for a program
   like "python -m module_name", avoid actually importing and running the
   module; this could lead to local root privilege escalation. Thanks to
   Gabriel Campana for discovering this and the fix!
   (CVE-2015-1341, LP: #1507480)
 * apt/dpkg: Don't mark packages downloaded from Launchpad for installation by
   apt. Thanks Brian Murray.
 * Fix backend_apt_dpkg.test_install_packages_system for recent "Fall back to
   direct Launchpad ddeb download" fix. coreutils-dbgsym should now always be
   available independent of whether the local system has ddeb apt sources.
 * test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
   random test failures due to leaking paths from previous test cases.

File Description Downloads
download icon apport-2.19.2.tar.gz (md5, sig) release tarball 37
last downloaded 10 weeks ago
Total downloads: 37

2.19.1 release from the trunk series released 2015-10-07

Release information
Release notes:

* Consistently intercept "report file already exists" errors in all writers of
   report files (package_hook, kernel_crashdump, and similar) to avoid
   unhandled exceptions on those. (LP: #1500450)
 * apt/dpkg: Fall back to direct Launchpad ddeb download if we can't find it in
   the apt cache. Thanks Brian Murray! (LP: #1500557)
 * doc/data-format.tex: Clarify that key names are being treated as case
   sensitive (unlike RFC822).

File Description Downloads
download icon apport-2.19.1.tar.gz (md5, sig) release tarball 26
last downloaded 10 weeks ago
Total downloads: 26

2.19 release from the trunk series released 2015-09-24

Release information
Release notes:

* apport: Drop re-nicing. This might decrease the time a user has to wait for
   apport to finish the core dump for a crashed/hanging foreground process.
   (See LP #1278780)
 * SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
   symlink. This prevents normal users from pre-creating a symlink to the
   predictable .crash file, and thus triggering a "fill up disk" DoS attack
   when the .crash report tries to include itself. Thanks to halfdog for
   discovering this!
   (CVE-2015-1338, part of LP #1492570)
 * SECURITY FIX: Fix all writers of report files (package_hook,
   kernel_crashdump, and similar) to open the report file exclusively, i. e.
   fail if they already exist. This prevents privilege escalation through
   symlink attacks. Note that this will also ...

File Description Downloads
download icon apport-2.19.tar.gz (md5, sig) release tarball 43
last downloaded 3 weeks ago
Total downloads: 43

110 of 110 releases