-
apport (2.20.7-0ubuntu3.9) artful-security; urgency=medium
* data/apport: Properly handle crashes originating from a PID namespace.
(LP: #1746668)
- CVE-2018-6552
-- Brian Murray <email address hidden> Thu, 10 May 2018 15:27:03 -0700
-
apport (2.20.7-0ubuntu3.8) artful; urgency=medium
* data/general-hooks/generic.py: Only include JournalErrors for apport-crash
reports which are private by default. (LP: #1738581)
-- Brian Murray <email address hidden> Fri, 30 Mar 2018 09:43:05 -0700
-
apport (2.20.7-0ubuntu3.7) artful-security; urgency=medium
* REGRESSION UPDATE: Fix regression that caused a Traceback in the
container support (LP: #1733366)
- data/apport: add a second os.path.exists check to ensure we do not
receive a Traceback in is_container_id() and add an exception handler in
case either name space can not be found.
-- Brian Murray <email address hidden> Wed, 13 Dec 2017 10:49:58 -0800
-
apport (2.20.7-0ubuntu3.6) artful; urgency=medium
* bin/apport-cli: read until <enter> instead of a single character when # of
apport options is non-unique with a single character. Thanks to Chad Smith
for the patch. (LP: #1722564)
-- Brian Murray <email address hidden> Mon, 27 Nov 2017 15:22:40 -0800
-
apport (2.20.7-0ubuntu3.5) artful-security; urgency=medium
[ Stéphane Graber ]
* REGRESSION UPDATE: Fix regression in previous upload by re-enabling
container support. (LP: #1732518)
* Add code preventing a user from confusing apport by using
a manually crafted filesystem inside a combination of a user and mount
namespace.
* Add a check in apport receiver for the number of arguments so that
should another argument be added later, the receiver will simply ignore
the crash until it itself gets updated.
-- Tyler Hicks <email address hidden> Fri, 17 Nov 2017 15:58:36 +0000
-
apport (2.20.7-0ubuntu3.4) artful-security; urgency=medium
* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
-- Brian Murray <email address hidden> Tue, 14 Nov 2017 08:37:05 -0800
-
apport (2.20.7-0ubuntu3.2) artful; urgency=medium
* bin/apport-cli: read until <enter> instead of a single character when # of
apport options is non-unique with a single character. Thanks to Chad Smith
for the patch. (LP: #1722564)
-- Brian Murray <email address hidden> Wed, 08 Nov 2017 12:54:35 -0800
-
apport (2.20.7-0ubuntu3.1) artful; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash reports for 17.10
release. (LP: #1726647)
-- Brian Murray <email address hidden> Tue, 24 Oct 2017 08:22:21 -0700
-
apport (2.20.7-0ubuntu3) artful; urgency=medium
* Make debian/apport.init a symlink to etc/init.d/apport so that
dh_installinit creates a good postinst. (LP: #1722801)
-- Brian Murray <email address hidden> Wed, 11 Oct 2017 14:26:50 -0700
-
apport (2.20.7-0ubuntu2) artful; urgency=medium
* data/package-hooks/source_ubiquity.py: Convert the content of syslog from
bytes to string so comparison and regex matches in the hook work.
(LP: #1582950)
-- Brian Murray <email address hidden> Wed, 27 Sep 2017 14:44:40 -0700
-
apport (2.20.7-0ubuntu1) artful; urgency=medium
* New upstream release:
- backends/packaging-apt-dpkg.py: Don't install the version mentioned in a
versioned dep, rather install the latest version of that dep.
- backends/packaging-apt-dpkg.py: search -proposed last so we prefer
packages from other pockets.
-- Brian Murray <email address hidden> Tue, 29 Aug 2017 16:45:01 -0700
-
apport (2.20.6-0ubuntu7) artful; urgency=medium
* data/general-hooks/ubuntu.py: When gathering python version information
also try to determine package and version of the binary.
-- Brian Murray <email address hidden> Wed, 23 Aug 2017 12:34:23 -0700
-
apport (2.20.6-0ubuntu6) artful; urgency=medium
* data/general-hooks/ubuntu.py: Gather information about the python versions
installed on the system as versions not from the Ubuntu archive can cause
issues. (LP: #1681528)
-- Brian Murray <email address hidden> Fri, 18 Aug 2017 11:13:14 -0700
-
apport (2.20.6-0ubuntu5) artful; urgency=medium
* Remove upstart system job.
-- Dimitri John Ledkov <email address hidden> Mon, 07 Aug 2017 17:18:13 -0400
-
apport (2.20.6-0ubuntu4) artful; urgency=medium
* apport/REThread.py: A bare except needs to be used so that we can catch
the dialog being closed.
* test/test_report.py: Be a little patient and give some time for the core
file to show up.
-- Brian Murray <email address hidden> Fri, 21 Jul 2017 10:42:33 -0700
-
apport (2.20.6-0ubuntu3) artful; urgency=medium
* debian/control: Add dependencies on python3-httplib2 / python-httplib2.
-- Brian Murray <email address hidden> Wed, 19 Jul 2017 11:06:24 -0700
-
apport (2.20.6-0ubuntu2) artful; urgency=medium
* Fix new pep8 failures in artful - E722 do not use bare except.
-- Brian Murray <email address hidden> Tue, 18 Jul 2017 13:25:50 -0700
-
apport (2.20.5-0ubuntu5) artful; urgency=medium
* Cherry picked from upstream's unreleased 2.20.6 - Convert regular
expressions to raw strings to avoid deprecation warnings with Python
version 3.6. Thanks to Michael Hudson-Doyle for the patch!
-- Brian Murray <email address hidden> Mon, 19 Jun 2017 13:24:57 -0700
-
apport (2.20.5-0ubuntu4) artful; urgency=medium
* data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
for package installation failures. (LP: #1692127)
-- Brian Murray <email address hidden> Mon, 22 May 2017 16:37:50 -0700
-
apport (2.20.5-0ubuntu3) artful; urgency=medium
* Revert change to test/test_crash_digger.py to use the source's
crash-digger.
-- Brian Murray <email address hidden> Mon, 15 May 2017 16:00:06 -0700
-
apport (2.20.5-0ubuntu2) artful; urgency=medium
* Resolve test failures:
- bin/crash-digger: Set self.lp if the crashdb is Launchpad.
- test/test_crash_digger.py: use the source's crash-digger not the
installed one.
- test/test_backend_apt_dpkg.py: cache directories contain the
architecture in the patch if if is not the native arch.
-- Brian Murray <email address hidden> Mon, 15 May 2017 13:13:36 -0700
-
apport (2.20.5-0ubuntu1) artful; urgency=medium
* New upstream release:
- bin/apport-retrace: Comment on bug reports when an invalid core file is
encountered. (LP: #1647635)
- Switch to using HxW directory names for app icons instead of just one
number. Thanks to Jeremy Bicha for the patch.
- apport/ui.py: Ensure the Date field exists in a report before using it in a
comparison. (LP: #1658188)
- bin/apport-retrace: Add in a --gdb-sandbox switch which creates or utilizes
a sandbox with the report's distribution release and the host system's
architecture for installing and running gdb. (LP: #1517257)
- apport/hookutils.py: Don't crash if .xsession-errors is not readable by the
user. (LP: #1675928)
- bin/apport-retrace: Be specific about which required field is missing from a
report and not retracing it.
* debian/control: Adjust Vcs-Bzr: for artful branch.
-- Brian Murray <email address hidden> Fri, 12 May 2017 15:11:38 -0700
-
apport (2.20.4-0ubuntu7) artful; urgency=medium
* data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
14.04 or 16.04 so set an UnreportableReason in those reports.
(LP: #1689093)
-- Brian Murray <email address hidden> Wed, 10 May 2017 14:53:46 -0700
-
apport (2.20.4-0ubuntu6) artful; urgency=medium
* Disable report.test_add_gdb_info_abort_glib test case for now, as the
glib assertion message is broken under current Ubuntu (LP: #1689344)
* etc/apport/crashdb.conf: Enable Launchpad crash reports for artful.
-- Brian Murray <email address hidden> Mon, 08 May 2017 11:10:34 -0700
-
apport (2.20.4-0ubuntu5) artful; urgency=medium
* Resolve autopkgtest failures in test_backend_apt_dpkg.py due to issues
with apt key ring. Thanks to Dimitri John Ledkov for the patch.
(LP: #1651623)
-- Brian Murray <email address hidden> Fri, 05 May 2017 10:05:18 -0700
-
apport (2.20.4-0ubuntu4) zesty; urgency=medium
* etc/apport/crashdb.conf: Disable Launchpad crash reports for 17.04
release.
-- Iain Lane <email address hidden> Mon, 10 Apr 2017 13:16:34 +0100