Change log for apport package in Ubuntu

175 of 681 results
Published in bionic-release on 2017-12-16
Deleted in bionic-proposed (Reason: moved to release)
apport (2.20.8-0ubuntu5) bionic; urgency=medium

  * data/apport: add an exception handler in case either name space can not be
    found.

 -- Brian Murray <email address hidden>  Fri, 15 Dec 2017 14:50:47 -0800

Available diffs

Superseded in bionic-release on 2017-12-16
Deleted in bionic-proposed 15 hours ago (Reason: moved to release)
apport (2.20.8-0ubuntu4) bionic; urgency=medium

  * data/apport: add a second os.path.exists check to ensure we do not
    receive a Traceback in is_container_id(). (LP: #1733366)

 -- Brian Murray <email address hidden>  Wed, 13 Dec 2017 10:30:23 -0800

Available diffs

Superseded in bionic-release on 2017-12-13
Deleted in bionic-proposed on 2017-12-15 (Reason: moved to release)
apport (2.20.8-0ubuntu3) bionic; urgency=medium

  * apport-retrace: Use Python3. LP: #1153671.

 -- Matthias Klose <email address hidden>  Tue, 05 Dec 2017 15:39:46 +0100

Available diffs

Published in xenial-updates on 2017-12-07
Deleted in xenial-proposed (Reason: moved to -updates)
apport (2.20.1-0ubuntu2.14) xenial; urgency=medium

  * bin/apport-cli: read until <enter> instead of a single character when # of
    apport options is non-unique with a single character. Thanks to Chad Smith
    for the patch. (LP: #1722564)

 -- Brian Murray <email address hidden>  Mon, 27 Nov 2017 15:26:00 -0800
Published in zesty-updates on 2017-12-07
Deleted in zesty-proposed (Reason: moved to -updates)
apport (2.20.4-0ubuntu4.9) zesty; urgency=medium

  * bin/apport-cli: read until <enter> instead of a single character when # of
    apport options is non-unique with a single character. Thanks to Chad Smith
    for the patch. (LP: #1722564)

 -- Brian Murray <email address hidden>  Mon, 27 Nov 2017 15:24:59 -0800
Published in artful-updates on 2017-12-07
Deleted in artful-proposed (Reason: moved to -updates)
apport (2.20.7-0ubuntu3.6) artful; urgency=medium

  * bin/apport-cli: read until <enter> instead of a single character when # of
    apport options is non-unique with a single character. Thanks to Chad Smith
    for the patch. (LP: #1722564)

 -- Brian Murray <email address hidden>  Mon, 27 Nov 2017 15:22:40 -0800
Superseded in bionic-release on 2017-12-05
Deleted in bionic-proposed on 2017-12-06 (Reason: moved to release)
apport (2.20.8-0ubuntu2) bionic; urgency=medium

  [ Stéphane Graber ]
  * REGRESSION UPDATE: Fix regression in previous upload by re-enabling
    container support. (LP: #1732518)
  * Add code preventing a user from confusing apport by using
    a manually crafted filesystem inside a combination of a user and mount
    namespace.
  * Add a check in apport receiver for the number of arguments so that
    should another argument be added later, the receiver will simply ignore
    the crash until it itself gets updated.

 -- Brian Murray <email address hidden>  Mon, 20 Nov 2017 08:46:52 -0800
Superseded in zesty-updates on 2017-12-07
Published in zesty-security on 2017-11-20
apport (2.20.4-0ubuntu4.8) zesty-security; urgency=medium

  [ Stéphane Graber ]
  * REGRESSION UPDATE: Fix regression in previous upload by re-enabling
    container support. (LP: #1732518)
  * REGRESSION UPDATE: Fix the core_pattern for upstart based systems to
    include the dump mode.
  * Add code preventing a user from confusing apport by using
    a manually crafted filesystem inside a combination of a user and mount
    namespace.
  * Add a check in apport receiver for the number of arguments so that
    should another argument be added later, the receiver will simply ignore
    the crash until it itself gets updated.

 -- Tyler Hicks <email address hidden>  Fri, 17 Nov 2017 15:55:58 +0000
Superseded in xenial-updates on 2017-12-07
Published in xenial-security on 2017-11-20
apport (2.20.1-0ubuntu2.13) xenial-security; urgency=medium

  * REGRESSION UPDATE: Fix regression in previous upload by re-enabling
    container support. (LP: #1732518)
  * REGRESSION UPDATE: Fix the core_pattern for upstart based systems to
    include the dump mode.
  * Add code preventing a user from confusing apport by using
    a manually crafted filesystem inside a combination of a user and mount
    namespace.
  * Add a check in apport receiver for the number of arguments so that
    should another argument be added later, the receiver will simply ignore
    the crash until it itself gets updated.

 -- Stéphane Graber <email address hidden>  Wed, 15 Nov 2017 17:00:24 -0500
Superseded in artful-updates on 2017-12-07
Published in artful-security on 2017-11-20
apport (2.20.7-0ubuntu3.5) artful-security; urgency=medium

  [ Stéphane Graber ]
  * REGRESSION UPDATE: Fix regression in previous upload by re-enabling
    container support. (LP: #1732518)
  * Add code preventing a user from confusing apport by using
    a manually crafted filesystem inside a combination of a user and mount
    namespace.
  * Add a check in apport receiver for the number of arguments so that
    should another argument be added later, the receiver will simply ignore
    the crash until it itself gets updated.

 -- Tyler Hicks <email address hidden>  Fri, 17 Nov 2017 15:58:36 +0000
Superseded in bionic-release on 2017-11-21
Deleted in bionic-proposed on 2017-11-22 (Reason: moved to release)
apport (2.20.8-0ubuntu1) bionic; urgency=medium

   * New upstream release:
     - SECURITY UPDATE: Denial of service via resource exhaustion and
       privilege escalation when handling crashes of tainted processes.
     - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
       the user and group owning the /proc/<PID>/stat file is the same
       owner and group that started the process. Rather check the dump
       mode of the crashed process and do not write a core file if its
       value is 2. Thanks to Sander Bos for discovering this issue!
       (CVE-2017-14177, LP: #1726372)
     - SECURITY UPDATE: Denial of service via resource exhaustion,
       privilege escalation, and possible container escape when handling
       crashes of processes inside PID namespaces.
     - Change the method for determining if a crash is from a container
       so that there are no false positives from software using PID
       namespaces. Additionally, disable container crash forwarding by
       ignoring crashes that occur in a PID namespace. This functionality
       may be re-enabled in a future update. Thanks to Sander Bos for
       discovering this issue!
       (CVE-2017-14180, LP: #1726372)
   * apport/hookutils.py: modify package_versions to return an empty string if
     packages is empty. (LP: #1723822)

 -- Brian Murray <email address hidden>  Wed, 15 Nov 2017 12:44:24 -0800

Available diffs

Superseded in xenial-updates on 2017-11-20
Superseded in xenial-security on 2017-11-20
apport (2.20.1-0ubuntu2.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service via resource exhaustion and
    privilege escalation when handling crashes of tainted processes
    (LP: #1726372)
    - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
      the user and group owning the /proc/<PID>/stat file is the same
      user and group that started the process. Rather check the dump
      mode of the crashed process and do not write a core file if its
      value is 2. Thanks to Sander Bos for discovering this issue!
    - CVE-2017-14177
  * SECURITY UPDATE: Denial of service via resource exhaustion,
    privilege escalation, and possible container escape when handling
    crashes of processes inside PID namespaces (LP: #1726372)
    - Change the method for determining if a crash is from a container
      so that there are no false positives from software using PID
      namespaces. Additionally, disable container crash forwarding by
      ignoring crashes that occur in a PID namespace. This functionality
      may be re-enabled in a future update. Thanks to Sander Bos for
      discovering this issue!
    - CVE-2017-14180

 -- Brian Murray <email address hidden>  Thu, 09 Nov 2017 15:50:08 -0800
Superseded in artful-updates on 2017-11-20
Superseded in artful-security on 2017-11-20
apport (2.20.7-0ubuntu3.4) artful-security; urgency=medium

  * SECURITY UPDATE: Denial of service via resource exhaustion and
    privilege escalation when handling crashes of tainted processes
    (LP: #1726372)
    - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
      the user and group owning the /proc/<PID>/stat file is the same
      user and group that started the process. Rather check the dump
      mode of the crashed process and do not write a core file if its
      value is 2. Thanks to Sander Bos for discovering this issue!
    - CVE-2017-14177
  * SECURITY UPDATE: Denial of service via resource exhaustion,
    privilege escalation, and possible container escape when handling
    crashes of processes inside PID namespaces (LP: #1726372)
    - Change the method for determining if a crash is from a container
      so that there are no false positives from software using PID
      namespaces. Additionally, disable container crash forwarding by
      ignoring crashes that occur in a PID namespace. This functionality
      may be re-enabled in a future update. Thanks to Sander Bos for
      discovering this issue!
    - CVE-2017-14180

 -- Brian Murray <email address hidden>  Tue, 14 Nov 2017 08:37:05 -0800
Superseded in zesty-updates on 2017-11-20
Superseded in zesty-security on 2017-11-20
apport (2.20.4-0ubuntu4.7) zesty-security; urgency=medium

  * SECURITY UPDATE: Denial of service via resource exhaustion and
    privilege escalation when handling crashes of tainted processes
    (LP: #1726372)
    - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
      the user and group owning the /proc/<PID>/stat file is the same
      user and group that started the process. Rather check the dump
      mode of the crashed process and do not write a core file if its
      value is 2. Thanks to Sander Bos for discovering this issue!
    - CVE-2017-14177
  * SECURITY UPDATE: Denial of service via resource exhaustion,
    privilege escalation, and possible container escape when handling
    crashes of processes inside PID namespaces (LP: #1726372)
    - Change the method for determining if a crash is from a container
      so that there are no false positives from software using PID
      namespaces. Additionally, disable container crash forwarding by
      ignoring crashes that occur in a PID namespace. This functionality
      may be re-enabled in a future update. Thanks to Sander Bos for
      discovering this issue!
    - CVE-2017-14180

 -- Brian Murray <email address hidden>  Thu, 09 Nov 2017 15:36:32 -0800
Published in trusty-updates on 2017-11-15
Published in trusty-security on 2017-11-15
apport (2.14.1-0ubuntu3.27) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service via resource exhaustion and
    privilege escalation when handling crashes of tainted processes
    (LP: #1726372)
    - When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
      the user and group owning the /proc/<PID>/stat file is the same
      user and group that started the process. Rather check the dump
      mode of the crashed process and do not write a core file if its
      value is 2. Thanks to Sander Bos for discovering this issue!
    - CVE-2017-14177
  * SECURITY UPDATE: Denial of service via resource exhaustion,
    privilege escalation, and possible container escape when handling
    crashes of processes inside PID namespaces (LP: #1726372)
    - Change the method for determining if a crash is from a container
      so that there are no false positives from software using PID
      namespaces. Additionally, disable container crash forwarding by
      ignoring crashes that occur in a PID namespace. This functionality
      may be re-enabled in a future update. Thanks to Sander Bos for
      discovering this issue!
    - CVE-2017-14180

 -- Brian Murray <email address hidden>  Mon, 13 Nov 2017 08:54:04 -0800
Deleted in artful-proposed on 2017-11-21 (Reason: moved to -updates)
apport (2.20.7-0ubuntu3.2) artful; urgency=medium

  * bin/apport-cli: read until <enter> instead of a single character when # of
    apport options is non-unique with a single character. Thanks to Chad Smith
    for the patch. (LP: #1722564)

 -- Brian Murray <email address hidden>  Wed, 08 Nov 2017 12:54:35 -0800
Superseded in bionic-release on 2017-11-16
Deleted in bionic-proposed on 2017-11-17 (Reason: moved to release)
apport (2.20.7-0ubuntu4) bionic; urgency=medium

  * etc/apport/crashdb.conf: Enable Launchpad crash reports for bionic.
  * bin/apport-cli: read until <enter> instead of a single character when # of
    apport options is non-unique with a single character. Thanks to Chad Smith
    for the patch. (LP: #1722564)

 -- Brian Murray <email address hidden>  Wed, 08 Nov 2017 12:18:04 -0800
Superseded in bionic-release on 2017-11-11
Superseded in artful-updates on 2017-11-15
Deleted in bionic-proposed on 2017-11-17 (Reason: moved to release)
Deleted in artful-proposed on 2017-11-17 (Reason: moved to -updates)
apport (2.20.7-0ubuntu3.1) artful; urgency=medium

  * etc/apport/crashdb.conf: Disable Launchpad crash reports for 17.10
    release. (LP: #1726647)

 -- Brian Murray <email address hidden>  Tue, 24 Oct 2017 08:22:21 -0700
Superseded in bionic-release on 2017-10-31
Published in artful-release on 2017-10-12
Deleted in artful-proposed (Reason: moved to release)
apport (2.20.7-0ubuntu3) artful; urgency=medium

  * Make debian/apport.init a symlink to etc/init.d/apport so that
    dh_installinit creates a good postinst. (LP: #1722801)

 -- Brian Murray <email address hidden>  Wed, 11 Oct 2017 14:26:50 -0700
Superseded in artful-release on 2017-10-12
Deleted in artful-proposed on 2017-10-13 (Reason: moved to release)
apport (2.20.7-0ubuntu2) artful; urgency=medium

  * data/package-hooks/source_ubiquity.py: Convert the content of syslog from
    bytes to string so comparison and regex matches in the hook work.
    (LP: #1582950)

 -- Brian Murray <email address hidden>  Wed, 27 Sep 2017 14:44:40 -0700

Available diffs

Superseded in artful-release on 2017-10-01
Deleted in artful-proposed on 2017-10-02 (Reason: moved to release)
apport (2.20.7-0ubuntu1) artful; urgency=medium

  * New upstream release:
    - backends/packaging-apt-dpkg.py: Don't install the version mentioned in a
      versioned dep, rather install the latest version of that dep.
    - backends/packaging-apt-dpkg.py: search -proposed last so we prefer
      packages from other pockets.

 -- Brian Murray <email address hidden>  Tue, 29 Aug 2017 16:45:01 -0700

Available diffs

Superseded in artful-release on 2017-08-30
Deleted in artful-proposed on 2017-08-31 (Reason: moved to release)
apport (2.20.6-0ubuntu7) artful; urgency=medium

  * data/general-hooks/ubuntu.py: When gathering python version information
    also try to determine package and version of the binary.

 -- Brian Murray <email address hidden>  Wed, 23 Aug 2017 12:34:23 -0700

Available diffs

Superseded in artful-release on 2017-08-23
Deleted in artful-proposed on 2017-08-25 (Reason: moved to release)
apport (2.20.6-0ubuntu6) artful; urgency=medium

  * data/general-hooks/ubuntu.py: Gather information about the python versions
    installed on the system as versions not from the Ubuntu archive can cause
    issues. (LP: #1681528)

 -- Brian Murray <email address hidden>  Fri, 18 Aug 2017 11:13:14 -0700

Available diffs

Superseded in artful-release on 2017-08-19
Deleted in artful-proposed on 2017-08-21 (Reason: moved to release)
apport (2.20.6-0ubuntu5) artful; urgency=medium

  * Remove upstart system job.

 -- Dimitri John Ledkov <email address hidden>  Mon, 07 Aug 2017 17:18:13 -0400
Superseded in artful-release on 2017-08-12
Deleted in artful-proposed on 2017-08-13 (Reason: moved to release)
apport (2.20.6-0ubuntu4) artful; urgency=medium

  * apport/REThread.py: A bare except needs to be used so that we can catch
    the dialog being closed.
  * test/test_report.py: Be a little patient and give some time for the core
    file to show up.

 -- Brian Murray <email address hidden>  Fri, 21 Jul 2017 10:42:33 -0700
Superseded in artful-proposed on 2017-07-21
apport (2.20.6-0ubuntu3) artful; urgency=medium

  * debian/control: Add dependencies on python3-httplib2 / python-httplib2.

 -- Brian Murray <email address hidden>  Wed, 19 Jul 2017 11:06:24 -0700

Available diffs

Superseded in artful-proposed on 2017-07-19
apport (2.20.6-0ubuntu2) artful; urgency=medium

  * Fix new pep8 failures in artful - E722 do not use bare except.

 -- Brian Murray <email address hidden>  Tue, 18 Jul 2017 13:25:50 -0700

Available diffs

Published in yakkety-updates on 2017-07-18
Published in yakkety-security on 2017-07-18
apport (2.20.3-0ubuntu8.7) yakkety-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 17 Jul 2017 08:43:41 -0300
Superseded in zesty-updates on 2017-11-15
Superseded in zesty-security on 2017-11-15
apport (2.20.4-0ubuntu4.5) zesty-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 17 Jul 2017 08:43:27 -0300
Superseded in xenial-updates on 2017-11-15
Superseded in xenial-security on 2017-11-15
apport (2.20.1-0ubuntu2.10) xenial-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversial in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 17 Jul 2017 08:43:18 -0300
Superseded in trusty-updates on 2017-11-15
Superseded in trusty-security on 2017-11-15
apport (2.14.1-0ubuntu3.25) trusty-security; urgency=medium

  * SECURITY UPDATE: code execution through path traversal in
    .crash files (LP: #1700573)
    - apport/report.py, test/test_ui.py: fix traversal issue
      and add a test for that.
    - debian/apport.install, setup.py, xdg-mime/apport.xml: removes
      apport as a file handler for .crash files. Thanks to Brian
      Murray for the patch and Felix Wilhelm for discovering this.
    - CVE-2017-10708

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 17 Jul 2017 08:43:04 -0300
Superseded in xenial-updates on 2017-07-18
Deleted in xenial-proposed on 2017-07-20 (Reason: moved to -updates)
apport (2.20.1-0ubuntu2.9) xenial; urgency=medium

  * test/test_signal_crashes.py: delete the test which uses an arbitrary
    unpredictable core file size.

Superseded in yakkety-updates on 2017-07-18
Deleted in yakkety-proposed on 2017-07-20 (Reason: moved to -updates)
apport (2.20.3-0ubuntu8.6) yakkety; urgency=medium

  * test/test_signal_crashes.py: delete the test which uses an arbitrary
    unpredictable core file size.

Superseded in zesty-updates on 2017-07-18
Deleted in zesty-proposed on 2017-07-20 (Reason: moved to -updates)
apport (2.20.4-0ubuntu4.4) zesty; urgency=medium

  * test/test_signal_crashes.py: delete the test which uses an arbitrary
    unpredictable core file size.

Superseded in xenial-proposed on 2017-06-30
apport (2.20.1-0ubuntu2.8) xenial; urgency=medium

  * test/test_signal_crashes.py: a ulimit of 1M bytes isn't enough to produce
    a core file anymore so bump it to 10M.

Superseded in yakkety-proposed on 2017-06-30
apport (2.20.3-0ubuntu8.5) yakkety; urgency=medium

  * test/test_signal_crashes.py: a ulimit of 1M bytes isn't enough to produce
    a core file anymore so bump it to 10M.

Superseded in zesty-proposed on 2017-06-30
apport (2.20.4-0ubuntu4.3) zesty; urgency=medium

  * test/test_signal_crashes.py: a ulimit of 1M bytes isn't enough to produce
    a core file anymore so bump it to 10M.

Superseded in xenial-proposed on 2017-06-27
apport (2.20.1-0ubuntu2.7) xenial; urgency=medium

  * data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
    for package installation failures. (LP: #1692127)

 -- Brian Murray <email address hidden>  Mon, 19 Jun 2017 17:01:15 -0700
Superseded in yakkety-proposed on 2017-06-27
apport (2.20.3-0ubuntu8.4) yakkety; urgency=medium

  * data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
    for package installation failures. (LP: #1692127)

 -- Brian Murray <email address hidden>  Mon, 19 Jun 2017 16:50:46 -0700
Superseded in artful-release on 2017-07-21
Deleted in artful-proposed on 2017-07-23 (Reason: moved to release)
apport (2.20.5-0ubuntu5) artful; urgency=medium

  * Cherry picked from upstream's unreleased 2.20.6 - Convert regular
    expressions to raw strings to avoid deprecation warnings with Python
    version 3.6. Thanks to Michael Hudson-Doyle for the patch!

 -- Brian Murray <email address hidden>  Mon, 19 Jun 2017 13:24:57 -0700
Superseded in zesty-proposed on 2017-06-27
apport (2.20.4-0ubuntu4.2) zesty; urgency=medium

  * data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
    for package installation failures. (LP: #1692127)

 -- Brian Murray <email address hidden>  Fri, 16 Jun 2017 10:04:06 -0700
Superseded in artful-release on 2017-06-20
Deleted in artful-proposed on 2017-06-21 (Reason: moved to release)
apport (2.20.5-0ubuntu4) artful; urgency=medium

  * data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
    for package installation failures. (LP: #1692127)

 -- Brian Murray <email address hidden>  Mon, 22 May 2017 16:37:50 -0700
Superseded in artful-release on 2017-05-23
Deleted in artful-proposed on 2017-05-24 (Reason: moved to release)
apport (2.20.5-0ubuntu3) artful; urgency=medium

  * Revert change to test/test_crash_digger.py to use the source's
    crash-digger.

 -- Brian Murray <email address hidden>  Mon, 15 May 2017 16:00:06 -0700
Superseded in artful-proposed on 2017-05-15
apport (2.20.5-0ubuntu2) artful; urgency=medium

  * Resolve test failures:
    - bin/crash-digger: Set self.lp if the crashdb is Launchpad.
    - test/test_crash_digger.py: use the source's crash-digger not the
      installed one.
    - test/test_backend_apt_dpkg.py: cache directories contain the
      architecture in the patch if if is not the native arch.

 -- Brian Murray <email address hidden>  Mon, 15 May 2017 13:13:36 -0700
Superseded in artful-proposed on 2017-05-15
apport (2.20.5-0ubuntu1) artful; urgency=medium

  * New upstream release:
    - bin/apport-retrace: Comment on bug reports when an invalid core file is
      encountered. (LP: #1647635)
    - Switch to using HxW directory names for app icons instead of just one
      number. Thanks to Jeremy Bicha for the patch.
    - apport/ui.py: Ensure the Date field exists in a report before using it in a
      comparison. (LP: #1658188)
    - bin/apport-retrace: Add in a --gdb-sandbox switch which creates or utilizes
      a sandbox with the report's distribution release and the host system's
      architecture for installing and running gdb. (LP: #1517257)
    - apport/hookutils.py: Don't crash if .xsession-errors is not readable by the
      user. (LP: #1675928)
    - bin/apport-retrace: Be specific about which required field is missing from a
      report and not retracing it.
  * debian/control: Adjust Vcs-Bzr: for artful branch.

 -- Brian Murray <email address hidden>  Fri, 12 May 2017 15:11:38 -0700

Available diffs

Superseded in trusty-updates on 2017-07-18
Deleted in trusty-proposed on 2017-07-20 (Reason: moved to -updates)
apport (2.14.1-0ubuntu3.24) trusty; urgency=medium

  * data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
    every report. (LP: #1673557)
  * data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
    14.04 or 16.04 so set an UnreportableReason in those reports.
    (LP: #1689093)

 -- Brian Murray <email address hidden>  Fri, 12 May 2017 12:29:08 -0700
Superseded in xenial-updates on 2017-07-10
Deleted in xenial-proposed on 2017-07-11 (Reason: moved to -updates)
apport (2.20.1-0ubuntu2.6) xenial; urgency=medium

  * data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
    every report. (LP: #1673557)
  * data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
    14.04 or 16.04 so set an UnreportableReason in those reports.
    (LP: #1689093)
  * test_backend_apt_dpkg.py: Move tests from Ubuntu 15.10 "wily" (which is
    EoL now) to 16.04 LTS "xenial". (LP: #1690437)

 -- Brian Murray <email address hidden>  Fri, 12 May 2017 11:39:04 -0700
Superseded in yakkety-updates on 2017-07-10
Deleted in yakkety-proposed on 2017-07-11 (Reason: moved to -updates)
apport (2.20.3-0ubuntu8.3) yakkety; urgency=medium

  * Resolve autopkgtest failures in test_backend_apt_dpkg.py due to issues
    with apt key ring. Thanks to Dimitri John Ledkov for the patch.
    (LP: #1651623)
  * Disable report.test_add_gdb_info_abort_glib test case for now, as the
    glib assertion message is broken under current Ubuntu (LP: #1689344)
  * data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
    every report. (LP: #1673557)

 -- Brian Murray <email address hidden>  Wed, 10 May 2017 18:10:32 -0700
Superseded in zesty-updates on 2017-07-10
Deleted in zesty-proposed on 2017-07-11 (Reason: moved to -updates)
apport (2.20.4-0ubuntu4.1) zesty; urgency=medium

  * Disable report.test_add_gdb_info_abort_glib test case for now, as the
    glib assertion message is broken under current Ubuntu (LP: #1689344)
  * Resolve autopkgtest failures in test_backend_apt_dpkg.py due to issues
    with apt key ring. Thanks to Dimitri John Ledkov for the patch.
    (LP: #1651623)

 -- Brian Murray <email address hidden>  Wed, 10 May 2017 17:05:11 -0700
Superseded in artful-release on 2017-05-17
Deleted in artful-proposed on 2017-05-18 (Reason: moved to release)
apport (2.20.4-0ubuntu7) artful; urgency=medium

  * data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
    14.04 or 16.04 so set an UnreportableReason in those reports.
    (LP: #1689093)

 -- Brian Murray <email address hidden>  Wed, 10 May 2017 14:53:46 -0700

Available diffs

Superseded in artful-release on 2017-05-11
Deleted in artful-proposed on 2017-05-12 (Reason: moved to release)
apport (2.20.4-0ubuntu6) artful; urgency=medium

   * Disable report.test_add_gdb_info_abort_glib test case for now, as the
     glib assertion message is broken under current Ubuntu (LP: #1689344)
  * etc/apport/crashdb.conf: Enable Launchpad crash reports for artful.

 -- Brian Murray <email address hidden>  Mon, 08 May 2017 11:10:34 -0700
Superseded in artful-proposed on 2017-05-08
apport (2.20.4-0ubuntu5) artful; urgency=medium

  * Resolve autopkgtest failures in test_backend_apt_dpkg.py due to issues
    with apt key ring. Thanks to Dimitri John Ledkov for the patch.
    (LP: #1651623)

 -- Brian Murray <email address hidden>  Fri, 05 May 2017 10:05:18 -0700

Available diffs

Superseded in artful-release on 2017-05-08
Published in zesty-release on 2017-04-10
Deleted in zesty-proposed (Reason: moved to release)
apport (2.20.4-0ubuntu4) zesty; urgency=medium

  * etc/apport/crashdb.conf: Disable Launchpad crash reports for 17.04
    release.

 -- Iain Lane <email address hidden>  Mon, 10 Apr 2017 13:16:34 +0100

Available diffs

Superseded in zesty-release on 2017-04-10
Deleted in zesty-proposed on 2017-04-11 (Reason: moved to release)
apport (2.20.4-0ubuntu3) zesty; urgency=medium

  * data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
    every report. (LP: #1673557)
  * debian/control: remove build dep on libglib2.0-0-dbg since the gdb helpers
    moved to libglib2.0-dev.

 -- Brian Murray <email address hidden>  Wed, 29 Mar 2017 11:16:33 -0700

Available diffs

Superseded in zesty-release on 2017-04-03
Deleted in zesty-proposed on 2017-04-04 (Reason: moved to release)
apport (2.20.4-0ubuntu2) zesty; urgency=medium

  * Enable Launchpad crash upload for Ubuntu 17.04.

 -- Brian Murray <email address hidden>  Fri, 03 Feb 2017 09:47:31 -0800

Available diffs

Superseded in xenial-updates on 2017-05-22
Deleted in xenial-proposed on 2017-05-23 (Reason: moved to -updates)
apport (2.20.1-0ubuntu2.5) xenial; urgency=medium

  * apport-gtk: Specify module version with GI imports to avoid warnings.
    Thanks Anatoly Techtonik. (LP: #1502173)

 -- Brian Murray <email address hidden>  Tue, 03 Jan 2017 15:31:33 -0800
Superseded in zesty-release on 2017-02-06
Deleted in zesty-proposed on 2017-02-07 (Reason: moved to release)
apport (2.20.4-0ubuntu1) zesty; urgency=medium

  * New upstream release:
    - SECURITY FIX: Restrict a report's CrashDB field to literals.
      Use ast.literal_eval() instead of the generic eval(), to prevent
      arbitrary code execution from malicious .crash files. A user could be
      tricked into opening a crash file whose CrashDB field contains an
      exec(), open(), or similar commands; this is fairly easy as we install a
      MIME handler for these. Thanks to Donncha O'Cearbhaill for discovering
      this!  (CVE-2016-9949, LP: #1648806)
    - SECURITY FIX: Fix path traversal vulnerability with hooks execution.
      Ensure that Package: and SourcePackage: fields loaded from reports do
      not contain directories. Until now, an attacker could trick a user into
      opening a malicious .crash file containing "Package:
      ../../../../some/dir/foo" which would execute /some/dir/foo.py with
      arbitrary code. Thanks to Donncha O'Cearbhaill for discovering this!
      (CVE-2016-9950, LP: #1648806)
    - SECURITY FIX: apport-{gtk,kde}: Only offer "Relaunch" for recent
      /var/crash crashes.
      It only makes sense to offer relaunching for crashes that just happened
      and the apport UI got triggered on those. When opening a .crash file
      copied from somewhere else or after the crash happened, this is even
      actively dangerous as a malicious crash file can specify any arbitrary
      command to run. Thanks to Donncha O'Cearbhaill for discovering this!
      (CVE-2016-9951, LP: #1648806)
    - backends/packaging-apt-dpkg.py: provide a fallback method if using zgrep
      to search for a file in Contents.gz fails due to a lack of memory.
      Thanks Brian Murray.
    - bin/apport-retrace: When --core-file is used instead of loading the core
      file and adding it to the apport report just pass the file reference to
      gdb.
  * debian/control: Adjust Vcs-Bzr: for zesty branch.

 -- Martin Pitt <email address hidden>  Wed, 14 Dec 2016 21:28:57 +0100

Available diffs

Published in precise-updates on 2016-12-14
Published in precise-security on 2016-12-14
apport (2.0.1-0ubuntu17.15) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 07:34:52 -0500
Superseded in trusty-updates on 2017-05-22
Superseded in trusty-security on 2017-07-18
apport (2.14.1-0ubuntu3.23) trusty-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 07:27:21 -0500
Superseded in xenial-updates on 2017-01-17
Superseded in xenial-security on 2017-07-18
apport (2.20.1-0ubuntu2.4) xenial-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <email address hidden>  Mon, 12 Dec 2016 07:26:36 -0500
Superseded in yakkety-updates on 2017-05-22
Superseded in yakkety-security on 2017-07-18
apport (2.20.3-0ubuntu8.2) yakkety-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <email address hidden>  Tue, 13 Dec 2016 10:55:09 -0800
Superseded in xenial-updates on 2016-12-14
Deleted in xenial-proposed on 2016-12-16 (Reason: moved to -updates)
apport (2.20.1-0ubuntu2.2) xenial; urgency=medium

  [ Martin Pitt ]
  * hookutils, attach_root_command_outputs(): Return str again, like before
    2.15.2. (LP: #1446537)

 -- Brian Murray <email address hidden>  Tue, 29 Nov 2016 10:17:51 -0800
Superseded in zesty-release on 2016-12-15
Published in yakkety-release on 2016-10-10
Deleted in yakkety-proposed (Reason: moved to release)
apport (2.20.3-0ubuntu8) yakkety; urgency=medium

  * Prefer pycodestyle build dependency over pep8.
  * debian/tests/upstream-system: Create and export $GNUPGHOME, to work with
    gnupg2.
  * apport-gtk: Specify module version with GI imports to avoid warnings.
    Thanks Anatoly Techtonik. (LP: #1502173)
  * Disable Launchpad crash upload for final Ubuntu 16.10.

 -- Martin Pitt <email address hidden>  Mon, 10 Oct 2016 14:28:17 +0200

Available diffs

Superseded in yakkety-release on 2016-10-10
Deleted in yakkety-proposed on 2016-10-12 (Reason: moved to release)
apport (2.20.3-0ubuntu7) yakkety; urgency=medium

  * Merge from trunk:
    - test/test_report.py: Slightly relax stack trace checks to also work with
      glibc 2.24.

 -- Martin Pitt <email address hidden>  Mon, 15 Aug 2016 08:37:34 +0200
Superseded in yakkety-release on 2016-08-15
Deleted in yakkety-proposed on 2016-08-16 (Reason: moved to release)
apport (2.20.3-0ubuntu6) yakkety; urgency=medium

  * packaging-apt-dpkg.py: Change the proxy settings to use DIRECT instead
    of direct. The latter never really worked, but APT did not complain
    about it.

 -- Julian Andres Klode <email address hidden>  Fri, 12 Aug 2016 19:22:23 +0000

Available diffs

Superseded in yakkety-release on 2016-08-12
Deleted in yakkety-proposed on 2016-08-14 (Reason: moved to release)
apport (2.20.3-0ubuntu5) yakkety; urgency=medium

  * packaging-apt-dpkg.py: Explicitly set Dir::State::Status to the host
    dpkg status file for get_source_tree() to work with apt 1.3~pre4

 -- Julian Andres Klode <email address hidden>  Fri, 05 Aug 2016 10:47:11 +0000

Available diffs

Superseded in yakkety-release on 2016-08-05
Deleted in yakkety-proposed on 2016-08-06 (Reason: moved to release)
apport (2.20.3-0ubuntu4) yakkety; urgency=medium

  * test_backend_apt_dpkg.py: Expect trusted.gpg.d in armhf config dir

 -- Julian Andres Klode <email address hidden>  Thu, 04 Aug 2016 08:15:07 +0000
Superseded in yakkety-proposed on 2016-08-04
apport (2.20.3-0ubuntu3) yakkety; urgency=medium

  * test_backend_apt_dpkg.py: Adjust for new error message on missing
    repositories, it now says "does not have a Release file"
  * test_backend_apt_dpkg.py: Create a symlink for trusted.gpg.d in the
    armhf config dir, as the backend looks for trusted.gpg.d relative to
    the sources.list location in the config dir

 -- Julian Andres Klode <email address hidden>  Wed, 03 Aug 2016 23:22:54 +0000
Superseded in yakkety-release on 2016-08-04
Deleted in yakkety-proposed on 2016-08-05 (Reason: moved to release)
apport (2.20.3-0ubuntu2) yakkety; urgency=medium

  * test_backend_apt_dpkg.py: Move tests from Ubuntu 15.10 "wily" (which is
    EOL now) to 16.04 LTS "xenial". (Cherry-picked from trunk)

 -- Martin Pitt <email address hidden>  Sun, 31 Jul 2016 23:04:45 +0200
Superseded in yakkety-release on 2016-08-01
Deleted in yakkety-proposed on 2016-08-02 (Reason: moved to release)
apport (2.20.3-0ubuntu1) yakkety; urgency=medium

  [ Hans Joachim Desserud ]
  * Fix typo (cehcking -> checking) (LP: #1603463).

  [ Martin Pitt ]
  * New upstream release:
    - problem_report.py: Fail with proper exception when trying to assign a
      list to a report key, or when trying to assing a tuple with more than 4
      entries.  (LP: #1596713)
    - test_backend_apt_dpkg.py: Install GPG key for ddebs.ubuntu.com to avoid
      apt authentication errors.
  * Bump Standards-Version to 3.9.8 (no changes necessary).

 -- Martin Pitt <email address hidden>  Thu, 28 Jul 2016 14:10:46 +0200
Superseded in yakkety-release on 2016-07-29
Deleted in yakkety-proposed on 2016-07-30 (Reason: moved to release)
apport (2.20.2-0ubuntu1) yakkety; urgency=medium

  [ Brian Murray ]
  * data/general-hooks/ubuntu.py: tag bug reports 'apport-hook-error' if they
    have an attachment from an apport hook which crashed.

  [ Martin Pitt ]
  * New upstream release. Changes since our previous snapshot:
    - Don't ignore OSError in Report.add_gdb_info(), as we do want to fail with an
      useful error message if gdb cannot be called in apport-retrace. Move the
      catching to the UI as not having gdb installed is still fine for reporting
      clients. (LP: #1579949)
    - Show gdb error messages in Report.add_gdb_info() OSError exception when gdb
      fails. (LP: #1579897)
    - hookutils, attach_root_command_outputs(): Return str again, like before
      2.15.2. (LP: #1370259)
    - Stop issuing "set architecture" gdb commands on ARM and Power; these only
      applied to 32 bit platforms and are apparently not needed any more with
      recent gdb versions. (LP: #1585702)
    - Disable report.test_add_gdb_info_abort_libnih test case for now, as libnih
      is broken under current Ubuntu (LP: #1580601)

 -- Martin Pitt <email address hidden>  Sun, 19 Jun 2016 22:17:35 +0200

Available diffs

Superseded in xenial-updates on 2016-12-08
Deleted in xenial-proposed on 2016-12-09 (Reason: moved to -updates)
apport (2.20.1-0ubuntu2.1) xenial-proposed; urgency=medium

  * data/general-hooks/ubuntu.py: Fix stacktrace when parsing
    DpkgTerminalLog.txt. (LP: #1548421)
  * data/general-hooks/ubuntu.py: Restore starting package problem duplicate
    signatures with the word package, the package name, and its version.
    (LP: #1581682)

 -- Brian Murray <email address hidden>  Mon, 16 May 2016 15:02:01 -0700
Superseded in yakkety-release on 2016-06-20
Deleted in yakkety-proposed on 2016-06-21 (Reason: moved to release)
apport (2.20.1-0ubuntu4) yakkety; urgency=medium

  * data/general-hooks/ubuntu.py: Fix stacktrace when parsing
    DpkgTerminalLog.txt. (LP: #1548421)
  * data/general-hooks/ubuntu.py: Restore starting package problem duplicate
    signatures with the word package, the package name, and its version.
    (LP: #1581682)

 -- Brian Murray <email address hidden>  Mon, 16 May 2016 14:16:15 -0700
Superseded in trusty-updates on 2016-12-14
Deleted in trusty-proposed on 2016-12-16 (Reason: moved to -updates)
apport (2.14.1-0ubuntu3.21) trusty-proposed; urgency=medium

  * apport-bug: Stop checking the autoreport flag and calling
    whoopsie-upload-all; these two are different tasks, and that breaks bug
    reporting. (LP: #1339663)

 -- Brian Murray <email address hidden>  Mon, 16 May 2016 13:24:02 -0700
Superseded in yakkety-release on 2016-05-17
Deleted in yakkety-proposed on 2016-05-19 (Reason: moved to release)
apport (2.20.1-0ubuntu3) yakkety; urgency=medium

  * debian/control: Adjust Vcs-Bzr: for yakkety branch.
  * Re-enable Launchpad crash reports for yakkety.

 -- Martin Pitt <email address hidden>  Mon, 02 May 2016 12:10:15 -0500

Available diffs

175 of 681 results