Change log for apport package in Ubuntu
| 1 → 75 of 913 results | First • Previous • Next • Last |
apport (2.26.1-0ubuntu3) mantic; urgency=medium * Enable Launchpad crash reports for mantic -- Benjamin Drung <email address hidden> Tue, 02 May 2023 14:07:28 +0200
Available diffs
- diff from 2.26.1-0ubuntu2 to 2.26.1-0ubuntu3 (876 bytes)
| Published in focal-proposed |
apport (2.20.11-0ubuntu27.27) focal; urgency=medium
* whoopsie-upload-all: Catch zlib.error when decoding CoreDump from
crash file (LP: #1947800)
* Fix KeyError: 'CasperMD5json' (LP: #1964828)
* apport-kde: Fix inverse order of choices (LP: #1967965)
* apport-unpack: Fix ValueError: ['separator'] has no binary content
(LP: #1889443)
* test:
- Clear environment for test_run_as_real_user_no_sudo
- Mock add_gdb_info calls in KDE UI tests
- Fix KDE UI tests if whoopsie.path is disabled
- Fix race with progress dialog in KDE UI tests
- Run UI KDE tests again
- Determine source package dynamically in test_run_crash_kernel
(LP: #1992172)
-- Benjamin Drung <email address hidden> Fri, 14 Apr 2023 01:17:21 +0200
Available diffs
| Published in jammy-proposed |
apport (2.20.11-0ubuntu82.5) jammy; urgency=medium * apport-gtk: Exclude trailing dot from URL links (LP: #1978301) * apport-bug: Add /snap/bin to PATH for Firefox snap on Lubuntu (LP: #1973470) * test: - Clear environment for test_run_as_real_user_no_sudo - Fix GTK UI tests if whoopsie.path is disabled - tests: Fix GTK UI race condition and reduce timeout again, saving five minutes test execution time (LP: #1780767) - tests: Fix race in tests for run_report_bug() -- Benjamin Drung <email address hidden> Fri, 14 Apr 2023 01:08:26 +0200
Available diffs
| Deleted in kinetic-proposed (Reason: The package was removed due to one or more of its SRU bug...) |
apport (2.23.1-0ubuntu3.3) kinetic; urgency=medium * Catch binascii.Error: Incorrect padding (LP: #1997912) * fix(tests): Clear environment for test_run_as_real_user_no_sudo -- Benjamin Drung <email address hidden> Fri, 14 Apr 2023 00:42:18 +0200
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
apport (2.26.1-0ubuntu2) lunar; urgency=medium * fix(tests): Clear environment for test_run_as_real_user_no_sudo
Available diffs
- diff from 2.26.0-0ubuntu2 to 2.26.1-0ubuntu2 (205.8 KiB)
- diff from 2.26.1-0ubuntu1 to 2.26.1-0ubuntu2 (1.8 KiB)
apport (2.20.9-0ubuntu7.29) bionic-security; urgency=medium
* SECURITY UPDATE: viewing an apport-cli crash with default pager could
escalate privilege (LP: #2016023)
- apport/ui.py, apport/user_group.py, bin/apport-cli: drops privilege to
users environment before execution (using sudo)
- test/test_ui.py, test/test_user/group.py: Add test cases for new code
- CVE-2023-1326
* backends/packaging-apt-dpkg.py: when downloading packages from Launchpad
do not require them to be authenticated. (LP: #1989467)
-- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 19:53:49 +0200
Available diffs
apport (2.20.11-0ubuntu27.26) focal-security; urgency=medium
* SECURITY UPDATE: viewing an apport-cli crash with default pager could
escalate privilege (LP: #2016023)
- apport/ui.py, apport/user_group.py, bin/apport-cli: drops privilege to
users environment before execution (using sudo)
- test/test_ui.py, test/test_user/group.py: Add test cases for new code
- CVE-2023-1326
-- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 18:41:51 +0200
apport (2.20.11-0ubuntu82.4) jammy-security; urgency=medium
* SECURITY UPDATE: viewing an apport-cli crash with default pager could
escalate privilege (LP: #2016023)
- apport/fileutils.py: Add get_process_environ()
- apport/ui.py, apport/user_group.py, bin/apport-cli: drops privilege to
users environment before execution
- test/test_fileutils.py, test/test_ui.py, test/test_user/group.py: Add
test cases for new code
- CVE-2023-1326
-- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 19:00:36 +0200
apport (2.23.1-0ubuntu3.2) kinetic-security; urgency=medium
* Let apport depend on recent python3-problem-report for recent bug fix
* SECURITY UPDATE: viewing an apport-cli crash with default pager could
escalate privilege (LP: #2016023)
- d/p/refactor-Introduce-run_as_real_user.patch: Introduce
run_as_real_user()
- d/p/fix-Only-open-browser-as-user-via-sudo-if-running-as-root.patch:
Only open browser as user (via sudo) if running as root
- d/p/Replace-sudo-by-dropping-privileges-ourselves.patch: Replace sudo by
dropping privileges ourselves
- debian/patches/CVE-2023-1326.patch: drops privilege to users environment
before execution
- CVE-2023-1326
-- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 12:38:24 +0200
Available diffs
| Superseded in lunar-proposed |
apport (2.26.1-0ubuntu1) lunar; urgency=medium
[ Benjamin Drung ]
* New upstream bug-fix release.
- SECURITY UPDATE: viewing an apport-cli crash with default pager could
escalate privilege (LP: #2016023). Do not run sensible-pager as root
if using sudo/pkexec.
- Catch HTTPError in UserInterface.file_report (LP: #2008638)
- Print proper error message if /proc/<pid> is gone (LP: #2008638)
- Do not drop environment variables when calling GDB (LP: #2012374)
- Fix parsing options with spaces in sources.list (LP: #1822712)
* Disable Launchpad crash reports for 23.04 release
[ Sebastien Bacher ]
* Let subiquity collect the desktop installer details if available
-- Benjamin Drung <email address hidden> Wed, 12 Apr 2023 20:17:37 +0200
Available diffs
- diff from 2.26.0-0ubuntu2 to 2.26.1-0ubuntu1 (204.6 KiB)
apport (2.26.0-0ubuntu2) lunar; urgency=medium * fix: Mock query to Github in integration test -- Benjamin Drung <email address hidden> Fri, 24 Feb 2023 16:17:43 +0100
Available diffs
- diff from 2.24.0-0ubuntu2 to 2.26.0-0ubuntu2 (348.3 KiB)
- diff from 2.26.0-0ubuntu1 to 2.26.0-0ubuntu2 (1.4 KiB)
| Superseded in lunar-proposed |
apport (2.26.0-0ubuntu1) lunar; urgency=medium * New upstream release. * Depend on python3-requests for GitHub crash DB backend -- Benjamin Drung <email address hidden> Fri, 24 Feb 2023 01:50:21 +0100
Available diffs
- diff from 2.25.0-0ubuntu1 to 2.26.0-0ubuntu1 (178.0 KiB)
| Superseded in lunar-proposed |
apport (2.25.0-0ubuntu1) lunar; urgency=medium
* New upstream release.
- Add general hook image.py for collecting cloud build info
(LP: #1724623)
- Catch UnicodeDecodeError on a malformed problem report (LP: #1996040)
- Fix TypeError in error(): not enough arguments for format string
(LP: #1562477)
- whoopsie-upload-all: Use NoninteractiveHookUI for add_hooks_info
(LP: #2003098)
- Use inclusive names. This includes renaming the directory
/etc/apport/blacklist.d to /etc/apport/report-ignore and
/etc/apport/whitelist.d to /etc/apport/report-only
* Drop wine-preloader from Apports report-ignore list
* Drop unneeded dependency on transitional lsb-base
* Replace transitional policykit-1 by pkexec and polkitd
* Bump Standards-Version to 4.6.2
* Install apport-kde.desktop into apport-kde
* Use dh_missing --fail-missing
* Replace lsb_release call by platform.freedesktop_os_release and drop
lsb-release dependency
-- Benjamin Drung <email address hidden> Thu, 16 Feb 2023 12:03:57 +0100
Available diffs
- diff from 2.24.0-0ubuntu2 to 2.25.0-0ubuntu1 (330.1 KiB)
apport (2.24.0-0ubuntu2) lunar; urgency=medium * Fix test failures with Python 3.11 (PR #57) -- Benjamin Drung <email address hidden> Tue, 10 Jan 2023 17:34:18 +0100
Available diffs
apport (2.23.1-0ubuntu3.1) kinetic; urgency=medium
* Declare python3-apport breaking older apport/apport-gtk/apport-kde
(LP: #1997759)
* Catch malformed problem report (LP: #1996040)
* Catch ValueError: not enough values to unpack (LP: #1995100)
-- Benjamin Drung <email address hidden> Thu, 08 Dec 2022 02:38:15 +0100
Available diffs
apport (2.24.0-0ubuntu1) lunar; urgency=medium
* New upstream bug-fix release.
- Catch malformed problem reports (LP: #1996040)
- Catch ValueError: not enough values to unpack (LP: #1995100)
- Catch FileNotFoundError for missing desktop files (LP: #1997753)
- Catch binascii.Error: Incorrect padding (LP: #1997912)
- Catch AttributeError: NoneType object has no attribute origins
(LP: #1997973)
* Drop cherry-picked upstream patches
* oem-getlogs: Use colon instead of a dot for chown command
* Remove redundant section from apport-noui
* Clarify that apport-noui is empty
* Run black, isort, pydocstyle, pylint during package build
-- Benjamin Drung <email address hidden> Thu, 08 Dec 2022 01:37:20 +0100
Available diffs
- diff from 2.23.1-0ubuntu5 to 2.24.0-0ubuntu1 (606.3 KiB)
apport (2.23.1-0ubuntu5) lunar; urgency=medium
* Declare python3-apport breaking older apport/apport-gtk/apport-kde
(LP: #1997759)
* build: Bump source/target Java version to 7
-- Benjamin Drung <email address hidden> Mon, 05 Dec 2022 13:22:03 +0100
Available diffs
apport (2.20.11-0ubuntu82.3) jammy; urgency=medium * Replace deprecated 'imp' module (LP: #1947425) * Fix KeyError: 'CasperMD5json' (LP: #1964828) * apport-kde: Fix inverse order of choices (LP: #1967965) * apport-unpack: Fix ValueError: ['separator'] has no binary content (LP: #1889443) * test: - Mock add_gdb_info calls in KDE UI tests - Fix KDE UI tests if whoopsie.path is disabled - Fix race with progress dialog in KDE UI tests - Run UI KDE tests again - Determine source package dynamically in test_run_crash_kernel (LP: #1992172) -- Benjamin Drung <email address hidden> Thu, 24 Nov 2022 12:47:19 +0100
Available diffs
| Superseded in lunar-proposed |
apport (2.23.1-0ubuntu4) lunar; urgency=medium * etc/apport/crashdb.conf: Enable Launchpad crash reports for lunar -- Benjamin Drung <email address hidden> Tue, 15 Nov 2022 16:31:53 +0100
Available diffs
- diff from 2.23.1-0ubuntu3 to 2.23.1-0ubuntu4 (762 bytes)
| Superseded in lunar-release |
| Published in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
apport (2.23.1-0ubuntu3) kinetic; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash reports for 22.10
release.
-- Utkarsh Gupta <email address hidden> Thu, 13 Oct 2022 10:39:02 +0530
Available diffs
- diff from 2.23.1-0ubuntu2 to 2.23.1-0ubuntu3 (770 bytes)
apport (2.23.1-0ubuntu2) kinetic; urgency=medium
* tests: Determine source package dynamically in test_run_crash_kernel
(LP: #1992172)
-- Benjamin Drung <email address hidden> Fri, 07 Oct 2022 18:24:45 +0200
Available diffs
apport (2.23.1-0ubuntu1) kinetic; urgency=medium
* New upstream bug-fix release.
- Disable debuginfod when collecting a report (LP: #1989803)
- apport-cli: Fix AttributeError: 'bytes' object has no attribute 'fileno'
(LP: #1991200)
- apport-bug: Add `/snap/bin` to `PATH` for Firefox snap on Lubuntu
(LP: #1973470)
* Drop cherry-picked upstream patches
* tests: Fix path for installed apport-cli
-- Benjamin Drung <email address hidden> Wed, 05 Oct 2022 16:25:48 +0200
Available diffs
- diff from 2.23.0-0ubuntu2 to 2.23.1-0ubuntu1 (33.5 KiB)
apport (2.20.11-0ubuntu27.25) focal; urgency=medium
* Point Vcs-* URIs to git
* whoopsie-upload-all: Catch FileNotFoundError during process_report
(LP: #1867204)
* Grab a slice of JournalErrors around the crash time (LP: #1962454)
* data/apport:
- Initialize error log as first step (LP: #1989467)
- Fix PermissionError for setuid programs inside container (LP: #1982487)
- Fix reading from stdin inside containers (LP: #1982555)
* Fix autopkgtest test case failures (LP: #1989467):
- Mark autopkgtest with isolation-container restriction
- Fix failure if kernel module isofs is not installed
- Do not check recommended dependencies
- Skip UI test if kernel thread is not found
- Fix race in test_crash_system_slice
- Fix check for not running test executable
- Use shadow in *_different_binary_source
- Mock kernel package version in UI test
- Fix test_kerneloops_nodetails if kernel is not installed
- Drop broken test_crash_setuid_drop_and_kill
- Expect linux-signed on arm64/s390x as well
- Skip SegvAnalysis for non x86 architectures
- Use unlimited core ulimit for SIGQUIT test
- Fix race with progress window in GTK UI tests
- Use sleep instead of yes for tests
- Fix test_add_gdb_info_script on armhf
- Fix wrong Ubuntu archive URI on ports
- Fix KeyError in test_install_packages_unversioned
- Depend on python3-systemd for container tests
- Depend on psmisc for killall binary
- Replace missing oxideqt-codecs
- Drop broken test_install_packages_from_launchpad
- Fix test_install_packages_permanent_sandbox* for s390x
-- Benjamin Drung <email address hidden> Thu, 15 Sep 2022 14:43:39 +0200
Available diffs
apport (2.20.11-0ubuntu82.2) jammy; urgency=medium * Point Vcs-* URIs to git * Grab a slice of JournalErrors around the crash time (LP: #1962454) * data/apport: - Initialize error log as first step (LP: #1989467) - Fix PermissionError for setuid programs inside container (LP: #1982487) - Fix reading from stdin inside containers (LP: #1982555) * Fix autopkgtest test case failures (LP: #1989467): - Mark autopkgtest with isolation-container restriction - Fix failure if kernel module isofs is not installed - Do not check recommended dependencies - Skip UI test if kernel thread is not found - Fix race in test_crash_system_slice - Fix check for not running test executable - Use shadow in *_different_binary_source - Mock kernel package version in UI test - Fix test_kerneloops_nodetails if kernel is not installed - Drop broken test_crash_setuid_drop_and_kill - Expect linux-signed on arm64/s390x as well - Skip SegvAnalysis for non x86 architectures - Use unlimited core ulimit for SIGQUIT test - Fix race with progress window in GTK UI tests - Use sleep instead of yes for tests - Fix test_add_gdb_info_script on armhf - Fix wrong Ubuntu archive URI on ports - Fix KeyError in test_install_packages_unversioned - Depend on python3-systemd for container tests - Depend on psmisc for killall binary - Replace missing oxideqt-codecs - Drop broken test_install_packages_from_launchpad - Fix test_install_packages_permanent_sandbox* for s390x -- Benjamin Drung <email address hidden> Wed, 14 Sep 2022 18:28:26 +0200
Available diffs
apport (2.23.0-0ubuntu1) kinetic; urgency=medium
* New upstream release:
- apport-gtk:
- Gracefully handle import failure of gi (LP: #1980561)
- Catch AssertionError when importing Gdk (LP: #1980238)
- data/apport:
- Fix PermissionError for setuid programs inside container (LP: #1982487)
- Fix reading from stdin inside containers (LP: #1982555)
- apport-kde:
- Fix inverse order of choices (LP: #1967965)
- Import apport before usage (LP: #1980553)
- Drop old workaround for bug in SIP destructor (LP: #1980553)
- apport-unpack: Fix ValueError: ['separator'] has no binary content
(LP: #1889443)
- Fix _run_hook getting called with ui=None (LP: #1983481)
* Refresh patches and drop backported patches
* Fix pydocstyle and pylint complains in patches
-- Benjamin Drung <email address hidden> Mon, 22 Aug 2022 22:31:55 +0200
Available diffs
apport (2.22.0-0ubuntu4) kinetic; urgency=medium * tests: Use sleep instead of yes for tests * apport: Initialize error log as first step * Depend on python3-systemd for autopkgtest system-tests -- Benjamin Drung <email address hidden> Thu, 07 Jul 2022 20:44:02 +0200
Available diffs
- diff from 2.22.0-0ubuntu2 to 2.22.0-0ubuntu4 (16.6 KiB)
- diff from 2.22.0-0ubuntu3 to 2.22.0-0ubuntu4 (5.4 KiB)
| Superseded in kinetic-proposed |
apport (2.22.0-0ubuntu3) kinetic; urgency=medium * tests: Fix killing test executable too early (LP: #1980390) * tests: Fix test_add_gdb_info_script on armhf * autopkgtest: Depend on Ubuntu keyring packages for system tests * tests: Fix wrong Ubuntu archive URI on ports * tests: Fix KeyError in test_install_packages_unversioned * Fix trying to find debug packages for non-existing version * tests: Upgrade APT tests to use Ubuntu 22.04 (jammy) * tests: Fix IndexError in test_crash_setuid_drop * tests: Print Apport log if no report is found -- Benjamin Drung <email address hidden> Wed, 06 Jul 2022 16:56:52 +0200
Available diffs
- diff from 2.22.0-0ubuntu2 to 2.22.0-0ubuntu3 (12.9 KiB)
apport (2.22.0-0ubuntu2) kinetic; urgency=medium * apport-gtk: Fix importing the wrong Gdk version -- Benjamin Drung <email address hidden> Tue, 28 Jun 2022 13:41:05 +0200
Available diffs
apport (2.22.0-0ubuntu1) kinetic; urgency=medium
* New upstream release:
- Replace `ProblemReport.get_date` by `ProblemReport.get_timestamp`, fixes
regression in 2.21.0 (LP: #1978487)
- apport-gtk: Exclude trailing dot from URL links (LP: #1978301)
- Fix `AttributeError`: 'NoneType' object has no attribute 'write', fixes
regression in 2.21.0 (LP: #1979211)
- apport_python_hook: Properly handle missing modules (LP: #1774843)
- apport_python_hook: Fix FileNotFoundError if the current directory was
deleted (LP: #1979637)
- apport_python_hook: Fix crash if os.getcwd() fails (LP: #1977954)
- Replace deprecated 'imp' module (LP: #1947425)
- whoopsie-upload-all: Fix 'EOFError' object has no attribute 'errno',
fixes regression in 2.21.0 (LP: #1979681)
* Fix KeyError: 'CasperMD5json'
-- Benjamin Drung <email address hidden> Mon, 27 Jun 2022 12:03:00 +0200
Available diffs
- diff from 2.21.0-0ubuntu2 to 2.22.0-0ubuntu1 (455.0 KiB)
apport (2.21.0-0ubuntu2) kinetic; urgency=medium * tests: Use unlimited core ulimit for SIGQUIT test * data/apport: Fix log file writing if chown/chmod fails -- Benjamin Drung <email address hidden> Fri, 10 Jun 2022 15:39:32 +0200
Available diffs
| Superseded in kinetic-proposed |
apport (2.21.0-0ubuntu1) kinetic; urgency=medium
* New upstream release.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
- Grab a slice of JournalErrors around the crash time (LP: #1962454)
* Switch to dpkg-source format 3.0 (quilt)
* Run unit and integration tests during package build
* Update autopkgtest (unit/integration and systems tests)
* Switch to debhelper 13
* Let apport depend on sensible-utils for sensible-pager
* Drop ancient X-Python3-Version
* Drop support for pre-cosmic upgrades
* Bump Standards-Version to 4.6.1
* Update debian/copyright
* Point Vcs-* URIs to git
* crashdb.conf: Enable Launchpad crash reports for kinetic
* Add upstream metadata
-- Benjamin Drung <email address hidden> Fri, 10 Jun 2022 11:37:56 +0200
Available diffs
apport (2.20.11-0ubuntu82.1) jammy-security; urgency=medium
* SECURITY UPDATE: Fix multiple security issues
- data/apport: Fix too many arguments for error_log().
- data/apport: Use proper argument variable name executable_path.
- etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
sure the kernel waits for apport to finish before removing the /proc
information.
- apport/fileutils.py, data/apport: Search for executable name if one
wan't provided such as when being called in a container.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Refactor duplicate code into search_map() function.
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport: Clarify error message.
- apport/fileutils.py: Fix typo in comment.
- apport/fileutils.py: Do not call str in loop.
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
-- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400
Available diffs
apport (2.20.11-0ubuntu71.2) impish-security; urgency=medium
* SECURITY UPDATE: Fix multiple security issues
- test/test_report.py: Fix flaky test.
- data/apport: Fix too many arguments for error_log().
- data/apport: Use proper argument variable name executable_path.
- etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
sure the kernel waits for apport to finish before removing the /proc
information.
- apport/fileutils.py, data/apport: Search for executable name if one
wan't provided such as when being called in a container.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Refactor duplicate code into search_map() function.
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport: Clarify error message.
- apport/fileutils.py: Fix typo in comment.
- apport/fileutils.py: Do not call str in loop.
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
-- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400
Available diffs
apport (2.20.11-0ubuntu27.24) focal-security; urgency=medium
* SECURITY UPDATE: Fix multiple security issues
- test/test_report.py: Fix flaky test.
- data/apport: Fix too many arguments for error_log().
- data/apport: Use proper argument variable name executable_path.
- etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
sure the kernel waits for apport to finish before removing the /proc
information.
- apport/fileutils.py, data/apport: Search for executable name if one
wan't provided such as when being called in a container.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Refactor duplicate code into search_map() function.
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport: Clarify error message.
- apport/fileutils.py: Fix typo in comment.
- apport/fileutils.py: Do not call str in loop.
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
-- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400
Available diffs
apport (2.20.9-0ubuntu7.28) bionic-security; urgency=medium
* SECURITY UPDATE: Fix multiple security issues
- test/test_report.py: Fix flaky test.
- data/apport: Fix too many arguments for error_log().
- data/apport: Use proper argument variable name executable_path.
- etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
sure the kernel waits for apport to finish before removing the /proc
information.
- apport/fileutils.py, data/apport: Search for executable name if one
wan't provided such as when being called in a container.
- data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
CVE-2022-28656)
- data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
D-Bus socket location. (CVE-2022-28655)
- apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
in get_config() to prevent DoS attacks. (CVE-2022-28652)
- Refactor duplicate code into search_map() function.
- Switch from chroot to container to validating socket owner.
(CVE-2022-1242, CVE-2022-28657)
- data/apport: Clarify error message.
- apport/fileutils.py: Fix typo in comment.
- apport/fileutils.py: Do not call str in loop.
- data/apport, etc/init.d/apport: Switch to using non-positional
arguments. Get real UID and GID from the kernel and make sure they
match the process. Also fix executable name space handling in
argument parsing. (CVE-2022-28658, CVE-2021-3899)
- debian/apport.init: restore symbolic link to proper directory.
-- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
apport (2.20.11-0ubuntu81) jammy; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash reports for 22.04
release.
-- Brian Murray <email address hidden> Tue, 12 Apr 2022 09:58:15 -0700
Available diffs
- diff from 2.20.11-0ubuntu80 to 2.20.11-0ubuntu81 (571 bytes)
apport (2.20.11-0ubuntu27.23) focal; urgency=medium * Fix expanded symlinks from the previous build
Available diffs
apport (2.20.11-0ubuntu80) jammy; urgency=medium
* kde/apport-kde: Ensure we are passing integers to setGeometry
(LP: #1965830)
-- Brian Murray <email address hidden> Mon, 28 Mar 2022 12:34:10 -0700
Available diffs
- diff from 2.20.11-0ubuntu79 to 2.20.11-0ubuntu80 (594 bytes)
| Superseded in focal-proposed |
apport (2.20.11-0ubuntu27.22) focal; urgency=medium * apport/ui.py: Error out when -w option is used on wayland (LP: #1952947). -- Nick Rosbrook <email address hidden> Wed, 16 Feb 2022 11:32:21 -0500
Available diffs
apport (2.20.11-0ubuntu71.1) impish; urgency=medium * apport/ui.py: Error out when -w option is used on wayland (LP: #1952947). -- Nick Rosbrook <email address hidden> Wed, 16 Feb 2022 12:16:27 -0500
Available diffs
apport (2.20.11-0ubuntu79) jammy; urgency=medium
* kde/apport-kde: when displaying a progress dialog ensure that we are using
an integer. (LP: #1964405)
-- Brian Murray <email address hidden> Fri, 11 Mar 2022 10:41:47 -0800
Available diffs
- diff from 2.20.11-0ubuntu78 to 2.20.11-0ubuntu79 (471 bytes)
apport (2.20.11-0ubuntu78) jammy; urgency=medium
[ Olivier Gayot ]
* Expect whoopsie to be started using path-based activation.
* Pass timeout option to apport-autoreport so that whoopsie has time to
upload all reports.
* Use timer-based activation for apport-autoreport in addition to path-based
activation (on modification of /var/crash).
* Some code cleanup in data/whoopsie-upload-all.
* Use unbuffered logging in data/whoopsie-upload-all.
* Touch the /var/crash directory in data/whoopsie-upload-all so that
whoopsie activates when needed.
* Stop removing .crash files after they are successfully uploaded by
whoopsie.
[ Brian Murray ]
* When collecting information about a snap gather some additional details,
thanks to Olivier Tilloy for the idea. (LP: #1960964)
* Update the recommended version of whoopsie for apport-noui.
-- Brian Murray <email address hidden> Tue, 22 Feb 2022 17:13:48 -0800
Available diffs
apport (2.20.11-0ubuntu77) jammy; urgency=medium * apport/ui.py: Error out when -w option is used on wayland (LP: #1952947). -- Nick Rosbrook <email address hidden> Tue, 15 Feb 2022 10:10:59 -0500
Available diffs
apport (2.20.11-0ubuntu76) jammy; urgency=medium
* data/package-hooks/ubuntu-desktop-installer.py: Add in a new package hook
which allows one to report bugs about the ubuntu-desktop-installer to the
appropriate project. Thanks to Sebastien Bacher for this hook.
* test/test_crashdb.py: convert the number to an integer before the truncate
call.
* test/test_backend_apt_dpkg.py: switch to using apt-helper instead of
apt-key to import the ddebs and ports.ubuntu.com keys.
-- Brian Murray <email address hidden> Tue, 25 Jan 2022 09:58:45 -0800
Available diffs
apport (2.20.11-0ubuntu75) jammy; urgency=medium
* bin/apport-retrace: For releases which gdb doesn't search in the
debug-file-directory for .gnu_debugaltlink create a symlink from the
host's .dwz to the machine specific one to work around the issue.
(LP: #1818918)
-- Brian Murray <email address hidden> Mon, 13 Dec 2021 20:17:57 -0800
Available diffs
apport (2.20.11-0ubuntu74) jammy; urgency=medium
[ Sebastien Bacher ]
* apport/ui.py: preserve XDG_DATA_DIRS for system reports, it's necessary
to be able to find a webbrowser installed from a snap like firefox.
(LP: #1951214)
-- Brian Murray <email address hidden> Wed, 01 Dec 2021 14:12:32 -0800
Available diffs
- diff from 2.20.11-0ubuntu73 to 2.20.11-0ubuntu74 (849 bytes)
apport (2.20.11-0ubuntu73) jammy; urgency=medium
* test/test_report.py: the abort tests are failing again as the backtrace
didn't have a program counter value in frame 1 or 2 so also check frame 3.
-- Brian Murray <email address hidden> Mon, 01 Nov 2021 11:13:17 -0700
Available diffs
- diff from 2.20.11-0ubuntu70 to 2.20.11-0ubuntu73 (11.0 KiB)
- diff from 2.20.11-0ubuntu72 to 2.20.11-0ubuntu73 (627 bytes)
| Superseded in jammy-proposed |
apport (2.20.11-0ubuntu72) jammy; urgency=medium * etc/apport/crashdb.conf: Enable Launchpad crash reports for jammy. -- Brian Murray <email address hidden> Wed, 27 Oct 2021 05:35:34 -0700
Available diffs
apport (2.20.11-0ubuntu27.21) focal-security; urgency=medium
* SECURITY UPDATE: Privilege escalation via core files
- refactor privilege dropping and create core files in a well-known
directory in apport/fileutils.py, apport/report.py, data/apport,
test/test_fileutils.py, test/test_report.py,
test/test_signal_crashes.py, test/test_ui.py.
- use systemd-tmpfiles to create and manage the well-known core file
directory in setup.py, data/systemd/apport.conf,
debian/apport.install.
-- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400
Available diffs
apport (2.20.9-0ubuntu7.27) bionic-security; urgency=medium
* SECURITY UPDATE: Privilege escalation via core files
- refactor privilege dropping and create core files in a well-known
directory in apport/fileutils.py, apport/report.py, data/apport,
test/test_fileutils.py, test/test_report.py,
test/test_signal_crashes.py, test/test_ui.py.
- use systemd-tmpfiles to create and manage the well-known core file
directory in setup.py, data/systemd/apport.conf,
debian/apport.install.
-- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400
Available diffs
apport (2.20.11-0ubuntu65.4) hirsute-security; urgency=medium
* SECURITY UPDATE: Privilege escalation via core files
- refactor privilege dropping and create core files in a well-known
directory in apport/fileutils.py, apport/report.py, data/apport,
test/test_fileutils.py, test/test_report.py,
test/test_signal_crashes.py, test/test_ui.py.
- use systemd-tmpfiles to create and manage the well-known core file
directory in setup.py, data/systemd/apport.conf,
debian/apport.install.
-- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400
Available diffs
apport (2.20.11-0ubuntu71) impish-security; urgency=medium
* SECURITY UPDATE: Privilege escalation via core files
- refactor privilege dropping and create core files in a well-known
directory in apport/fileutils.py, apport/report.py, data/apport,
test/test_fileutils.py, test/test_report.py,
test/test_signal_crashes.py, test/test_ui.py.
- use systemd-tmpfiles to create and manage the well-known core file
directory in setup.py, data/systemd/apport.conf,
debian/apport.install.
-- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
apport (2.20.11-0ubuntu70) impish; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash reports for 21.10
release.
* debian/tests/upstream-system: Set /proc/sys/kernel/core_uses_pid to 0 as
that's the easiest way to fix tests that expect the core file to be named
core and not core.PID
-- Brian Murray <email address hidden> Mon, 04 Oct 2021 13:14:35 -0700
Available diffs
- diff from 2.20.11-0ubuntu69 to 2.20.11-0ubuntu70 (798 bytes)
apport (2.20.11-0ubuntu69) impish; urgency=medium * SECURITY UPDATE: Arbitrary file read (LP: #1934308) - data/general-hooks/ubuntu.py: don't attempt to include emacs byte-compilation logs, they haven't been generated by the emacs packages in a long time. - CVE-2021-3709 * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832) - apport/hookutils.py, test/test_hookutils.py: detect path traversal attacks, and directory symlinks. - CVE-2021-3710 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:55:40 -0400
Available diffs
apport (2.20.9-0ubuntu7.26) bionic-security; urgency=medium * SECURITY UPDATE: Arbitrary file read (LP: #1934308) - data/general-hooks/ubuntu.py: don't attempt to include emacs byte-compilation logs, they haven't been generated by the emacs packages in a long time. - CVE-2021-3709 * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832) - apport/hookutils.py, test/test_hookutils.py: detect path traversal attacks, and directory symlinks. - CVE-2021-3710 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:56:33 -0400
Available diffs
apport (2.20.11-0ubuntu27.20) focal-security; urgency=medium * SECURITY UPDATE: Arbitrary file read (LP: #1934308) - data/general-hooks/ubuntu.py: don't attempt to include emacs byte-compilation logs, they haven't been generated by the emacs packages in a long time. - CVE-2021-3709 * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832) - apport/hookutils.py, test/test_hookutils.py: detect path traversal attacks, and directory symlinks. - CVE-2021-3710 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:30:01 -0400
Available diffs
apport (2.20.11-0ubuntu65.3) hirsute-security; urgency=medium * SECURITY UPDATE: Arbitrary file read (LP: #1934308) - data/general-hooks/ubuntu.py: don't attempt to include emacs byte-compilation logs, they haven't been generated by the emacs packages in a long time. - CVE-2021-3709 * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832) - apport/hookutils.py, test/test_hookutils.py: detect path traversal attacks, and directory symlinks. - CVE-2021-3710 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:55:40 -0400
Available diffs
apport (2.20.11-0ubuntu68) impish; urgency=medium
* data/package-hooks/source_ubiquity.py: confirm that the key exists in the
report before trying to manipulate it. (LP: #1929292)
* backends/packaging-apt-dpkg.py: check to see if there is a different
package which provides the dependency.
* test/test_report.py: with glibc 2.34 abort tests started failing as the
backtrace didn't have a program counter value in frame 1 so check frame 1
or frame 2.
-- Brian Murray <email address hidden> Thu, 19 Aug 2021 16:32:29 -0700
Available diffs
apport (2.20.11-0ubuntu67) impish; urgency=medium * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400
Available diffs
apport (2.20.9-0ubuntu7.24) bionic-security; urgency=medium * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400
Available diffs
apport (2.20.11-0ubuntu65.1) hirsute-security; urgency=medium * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400
Available diffs
apport (2.20.11-0ubuntu27.18) focal-security; urgency=medium * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400
Available diffs
apport (2.20.11-0ubuntu50.7) groovy-security; urgency=medium * SECURITY UPDATE: Multiple arbitrary file reads (LP: #1917904) - apport/hookutils.py: don't follow symlinks and make sure the file isn't a FIFO in read_file(). - test/test_hookutils.py: added symlink tests. - CVE-2021-32547, CVE-2021-32548, CVE-2021-32549, CVE-2021-32550, CVE-2021-32551, CVE-2021-32552, CVE-2021-32553, CVE-2021-32554, CVE-2021-32555 * SECURITY UPDATE: info disclosure via modified config files spoofing (LP: #1917904) - backends/packaging-apt-dpkg.py: properly terminate arguments in get_modified_conffiles. - CVE-2021-32556 * SECURITY UPDATE: arbitrary file write (LP: #1917904) - data/whoopsie-upload-all: don't follow symlinks and make sure the file isn't a FIFO in process_report(). - CVE-2021-32557 -- Marc Deslauriers <email address hidden> Tue, 18 May 2021 09:15:10 -0400
Available diffs
apport (2.20.11-0ubuntu66) impish; urgency=medium * etc/apport/crashdb.conf: Enable Launchpad crash reports for impish. -- Brian Murray <email address hidden> Fri, 07 May 2021 15:39:35 -0700
Available diffs
- diff from 2.20.11-0ubuntu65 to 2.20.11-0ubuntu66 (569 bytes)
apport (2.20.11-0ubuntu27.17) focal; urgency=medium
* data/general-hooks/ubuntu.py: tag bugs from Raspberry Pi images and RISCV
images appropriately. (LP: #1920837)
* apport/hookutils.py: spawn pkttyagent so that log files can be gathered as
root in a non-graphical environment (LP: #1821415). Thanks to Iain Lane
for the patch.
* apport/hookutils.py: root access is needed to read the
casper-md5check.json file so switch to using that. (LP: #1922937)
-- Brian Murray <email address hidden> Mon, 26 Apr 2021 13:28:49 -0700
Available diffs
apport (2.20.11-0ubuntu50.6) groovy; urgency=medium
* data/general-hooks/ubuntu.py: tag bugs from Raspberry Pi images and RISCV
images appropriately. (LP: #1920837)
* apport/hookutils.py: spawn pkttyagent so that log files can be gathered as
root in a non-graphical environment (LP: #1821415). Thanks to Iain Lane
for the patch.
* apport/hookutils.py: root access is needed to read the
casper-md5check.json file so switch to using that. (LP: #1922937)
-- Brian Murray <email address hidden> Mon, 26 Apr 2021 12:45:36 -0700
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
apport (2.20.11-0ubuntu65) hirsute; urgency=medium
* test/test_backend_apt_dpkg.py: libc6 recommends packages, some of which
are not installed on buildds now, so switch to testing libc-bin which only
has dependencies and is what the test is supposed to test.
-- Brian Murray <email address hidden> Wed, 14 Apr 2021 13:52:22 -0700
Available diffs
| Superseded in hirsute-proposed |
apport (2.20.11-0ubuntu64) hirsute; urgency=medium
* apport/hookutils.py: Do not crash when deleting CasperMD5json from the
report. (LP: #1923541)
-- Brian Murray <email address hidden> Tue, 13 Apr 2021 07:25:43 -0700
Available diffs
- diff from 2.20.11-0ubuntu63 to 2.20.11-0ubuntu64 (533 bytes)
| Superseded in hirsute-proposed |
apport (2.20.11-0ubuntu63) hirsute; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash reports for 21.04
release.
-- Brian Murray <email address hidden> Mon, 12 Apr 2021 10:34:56 -0700
Available diffs
- diff from 2.20.11-0ubuntu62 to 2.20.11-0ubuntu63 (573 bytes)
apport (2.20.11-0ubuntu62) hirsute; urgency=medium
* apport/hookutils.py: spawn pkttyagent so that log files can be gathered as
root in a non-graphical environment (LP: #1821415). Thanks to Iain Lane
for the patch.
* apport/hookutils.py: root access is needed to read the
casper-md5check.json file so switch to using that. (LP: #1922937)
* data/general-hooks/ubuntu.py: improving tagging of bugs from images we
create so that they are tagged $arch-image and better identify Raspberry
Pi devices (LP: #1920837). Thanks to Dave Jones for the patch.
-- Brian Murray <email address hidden> Wed, 07 Apr 2021 13:14:04 -0700
Available diffs
apport (2.20.11-0ubuntu61) hirsute; urgency=medium
* apport/hookutils.py: when creating KernLog with MAC information use
root_command_output with dmesg. Missed when fixing LP #1896095.
* data/general-hooks/ubuntu.py: tag bugs from Raspberry Pi images and RISCV
images appropriately. (LP: #1920837)
-- Brian Murray <email address hidden> Wed, 24 Mar 2021 08:07:43 -0700
Available diffs
- diff from 2.20.11-0ubuntu60 to 2.20.11-0ubuntu61 (999 bytes)
apport (2.20.11-0ubuntu60) hirsute; urgency=medium * Drop dh-systemd build dependency. -- Matthias Klose <email address hidden> Wed, 10 Mar 2021 16:45:45 +0100
Available diffs
- diff from 2.20.11-0ubuntu59 to 2.20.11-0ubuntu60 (453 bytes)
apport (2.20.11-0ubuntu59) hirsute; urgency=medium * No change rebuild with fixed ownership. -- Dimitri John Ledkov <email address hidden> Tue, 16 Feb 2021 15:09:46 +0000
Available diffs
- diff from 2.20.11-0ubuntu58 to 2.20.11-0ubuntu59 (324 bytes)
| 1 → 75 of 913 results | First • Previous • Next • Last |
