Apport

Download project files

2.21.0 release from the main series released 2022-06-09

Release information

Release notes:

* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
  files (LP: #1830858)
  - apport/report.py: Avoid TOCTOU issue on users ignore file by
    dropping privileges and then opening the file both test for access and
    open the file in a single operation, instead of using access() before
    reading the file which could be abused by a symlink to cause Apport to
    read and embed an arbitrary file in the resulting crash dump.
  - CVE-2019-7307
* SECURITY UPDATE: apport reads arbitrary files if ~/.config/apport/settings
  is a symlink (LP: #1830862)
  - apport/fileutils.py: drop permissions before reading user settings file.
  - CVE-2019-11481
* SECURITY UPDATE: TOCTTOU race conditions and following symbolic
  links when creating a core file (LP: #1839413)
  - data/apport...

File	Description	Downloads
apport-2.21.0.tar.xz (md5, sig)	apport-2.21.0.tar.xz	16 last downloaded 17 weeks ago
Total downloads:		16

2.20.4 release from the main series released 2016-12-14

Release information

Release notes:

* SECURITY FIX: Restrict a report's CrashDB field to literals.
   Use ast.literal_eval() instead of the generic eval(), to prevent arbitrary
   code execution from malicious .crash files. A user could be tricked into
   opening a crash file whose CrashDB field contains an exec(), open(), or
   similar commands; this is fairly easy as we install a MIME handler for
   these. Thanks to Donncha O'Cearbhaill for discovering this!
   (CVE-2016-9949, LP: #1648806)
* SECURITY FIX: Fix path traversal vulnerability with hooks execution.
   Ensure that Package: and SourcePackage: fields loaded from reports do not
   contain directories. Until now, an attacker could trick a user into opening a
   malicious .crash file containing

Package: ../../../../some/dir/foo

which would execute /some...

File	Description	Downloads
apport-2.20.4.tar.gz (md5, sig)	release tarball	362 last downloaded 17 weeks ago
Total downloads:		362

2.20.3 release from the main series released 2016-07-28

Release information

Release notes:

* problem_report.py: Fail with proper exception when trying to assign a list
   to a report key, or when trying to assing a tuple with more than 4 entries.
   (LP: #1596713)
* test_backend_apt_dpkg.py: Install GPG key for ddebs.ubuntu.com to avoid apt
   authentication errors.

File	Description	Downloads
apport-2.20.3.tar.gz (md5, sig)	release tarball	89 last downloaded 42 weeks ago
Total downloads:		89

2.20.2 release from the main series released 2016-06-19

Release information

Release notes:

* problem_report.py: Make assertion of invalid key names more verbose.
* hookutils.py: Fix generation of valid report key names from arbitrary paths
   in attach_file() and related functions. This will now replace all invalid
   characters with dots, not just a few known invalid ones. (LP: #1566975)
* problem_report.py: Instead of AssertionError, raise a ValueError for invalid
   key names and TypeError for invalid kinds of values. Thanks Barry Warsaw.
* Don't ignore OSError in Report.add_gdb_info(), as we do want to fail with an
   useful error message if gdb cannot be called in apport-retrace. Move the
   catching to the UI as not having gdb installed is still fine for reporting
   clients. (LP: #1579949)
* Show gdb error messages in Report.add_gdb_info() OSError exception when gd...

File	Description	Downloads
apport-2.20.2.tar.gz (md5, sig)	release tarball	67 last downloaded 42 weeks ago
Total downloads:		67

2.20.1 release from the main series released 2016-03-31

Release information

Release notes:

* Fix signal_crashes.test_modify_after_start test when running as root.
* Relax report.test_add_gdb_info gdb warning check, as this changed with gdb
   7.10.90.
* crash-digger: Untag bugs which cannot be retraced instead of stopping
   crash-digger. This led to too many pointless manual restarts on broken bug
   reports.
* Disambiguate overly generic Python exceptions in duplicate signature
   computation: dbus-glib's DBusException wraps a "real" server-side exception,
   so add the class of that to disambiguate different crashes; for OSError
   that is not a known subclass like FileNotFoundError, add the errno.
   (LP: #989819)

File	Description	Downloads
apport-2.20.1.tar.gz (md5, sig)	release tarball	65 last downloaded 42 weeks ago
Total downloads:		65

2.20 release from the main series released 2016-02-12

Release information

Release notes:

* Reimplement forwarding crashes into a container, via activating the new
   apport-forward.socket in the container and handing over the core dump fd.
   This is a much safer way than the original implementation with nsexec.
   Thanks Stéphane Graber! (LP: #1445064)
* Drop obsolete signal_crashes.test_ns_forward_privilege() test case. This
   code was dropped long ago.

File	Description	Downloads
apport-2.20.tar.gz (md5, sig)	release tarball	73 last downloaded 42 weeks ago
Total downloads:		73

2.19.4 release from the main series released 2016-01-26

Release information

Release notes:

* Fix fileutils.test_find_package_desktopfile test for symlinks and other
   unowned files in /usr/share/applications/.
* Fix ui.test_run_crash_anonymity test case to not fail if the base64 encoded
   core dump happens to contain the user name, as that's just by chance.
* Fix test_hooks.py for unreleased gcc versions which have a different
   --version format.
* hookutils.py, attach_hardware(): Stop attaching /var/log/udev. This was an
   upstart-ism, mostly redundant with the udev db and is not being written
   under systemd. (LP: #1537211)

File	Description	Downloads
apport-2.19.4.tar.gz (md5, sig)	release tarball	62 last downloaded 42 weeks ago
Total downloads:		62

2.19.3 release from the main series released 2015-12-08

Release information

Release notes:

* apport: Fix comparison against SIGQUIT to work for current Python versions.
* apt/dpkg: Fix source record lookup in install_packages. Thanks Brian Murray!
* hookutils.py, attach_gsettings_schema(): Don't replace the schema variable;
   fixes attaching relocatable schemas. Thanks Sébastien Bacher!
* generic hook: Limit JournalErrors to the 1.000 last lines. This avoids long
   report load times when processes cause massive log spew. (LP: #1516947)
* Add key filtering to ProblemReport.load().
* Don't read the entire report when determining the CrashCounter. This avoids
   long delays for existing large reports.
* test_python_crashes.py: Be less sensitive to the precise names of
   gvfs-metadata D-Bus service files.
* Move backend_apt_dpkg -dbgsym test cases to Ubuntu 15.10.
* Te...

File	Description	Downloads
apport-2.19.3.tar.gz (md5, sig)	release tarball	57 last downloaded 42 weeks ago
Total downloads:		57

2.19.2 release from the main series released 2015-10-27

Release information

Release notes:

* SECURITY FIX: When determining the path of a Python module for a program
   like "python -m module_name", avoid actually importing and running the
   module; this could lead to local root privilege escalation. Thanks to
   Gabriel Campana for discovering this and the fix!
   (CVE-2015-1341, LP: #1507480)
* apt/dpkg: Don't mark packages downloaded from Launchpad for installation by
   apt. Thanks Brian Murray.
* Fix backend_apt_dpkg.test_install_packages_system for recent "Fall back to
   direct Launchpad ddeb download" fix. coreutils-dbgsym should now always be
   available independent of whether the local system has ddeb apt sources.
* test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
   random test failures due to leaking paths from previous test cases.

File	Description	Downloads
apport-2.19.2.tar.gz (md5, sig)	release tarball	79 last downloaded 42 weeks ago
Total downloads:		79

2.19.1 release from the main series released 2015-10-07

Release information

Release notes:

* Consistently intercept "report file already exists" errors in all writers of
   report files (package_hook, kernel_crashdump, and similar) to avoid
   unhandled exceptions on those. (LP: #1500450)
* apt/dpkg: Fall back to direct Launchpad ddeb download if we can't find it in
   the apt cache. Thanks Brian Murray! (LP: #1500557)
* doc/data-format.tex: Clarify that key names are being treated as case
   sensitive (unlike RFC822).

File	Description	Downloads
apport-2.19.1.tar.gz (md5, sig)	release tarball	56 last downloaded 42 weeks ago
Total downloads:		56