-
apport (2.17.2-0ubuntu1.8) vivid-proposed; urgency=medium
* apport/ui.py: set "_MarkForUpload" field to False for cases where the
apport report is damaged, about a not installed package, or when an
error occurred processing the report. (LP: #1512902)
-- Brian Murray <email address hidden> Thu, 05 Nov 2015 15:27:47 -0800
-
apport (2.17.2-0ubuntu1.7) vivid-security; urgency=medium
* test_backend_apt_dpkg.py: Reset internal apt caches between tests. Avoids
random test failures due to leaking paths from previous test cases.
* SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
-- Martin Pitt <email address hidden> Thu, 22 Oct 2015 15:05:43 +0200
-
apport (2.17.2-0ubuntu1.6) vivid-proposed; urgency=medium
* Consistently intercept "report file already exists" errors in all writers of
report files (package_hook, kernel_crashdump, and similar) to avoid
unhandled exceptions on those. (LP: #1500450)
-- Brian Murray <email address hidden> Fri, 16 Oct 2015 14:49:37 -0700
-
apport (2.17.2-0ubuntu1.5) vivid-security; urgency=medium
* SECURITY FIX: kernel_crashdump: Enforce that the log/dmesg files are not a
symlink.
This prevents normal users from pre-creating a symlink to the predictable
.crash file, and thus triggering a "fill up disk" DoS attack when the
.crash report tries to include itself. Also clean up the code to make this
easier to read: Drop the "vmcore_root" alias, move the vmcore and
vmcore.log cleanup into the "no kdump" section, and replace the buggy
os.walk() loop with a glob to only catch direct timestamp subdirectories
of /var/crash/.
Thanks to halfdog for discovering this!
(CVE-2015-1338, part of LP #1492570)
* SECURITY FIX: Fix all writers of report files to open the report file
exclusively.
Fix package_hook, kernel_crashdump, and similar hooks to fail if the
report already exists. This prevents privilege escalation through symlink
attacks. Note that this will also prevent overwriting previous reports
with the same same. Thanks to halfdog for discovering this!
(CVE-2015-1338, LP: #1492570)
-- Martin Pitt <email address hidden> Mon, 21 Sep 2015 10:22:50 +0200
-
apport (2.17.2-0ubuntu1.4) vivid-proposed; urgency=medium
* data/package_hook: when creating the problem report include the version of
the package. (LP: #1485787)
-- Brian Murray <email address hidden> Wed, 26 Aug 2015 15:49:41 -0700
-
apport (2.17.2-0ubuntu1.3) vivid-proposed; urgency=medium
* Keep "[origin: ...]" information in Package: and Dependencies: fields
for native-origins.d/ origins, so that it's possible to retrace them and
so that bugs are reported about the right project. (LP: #1470572)
-- Brian Murray <email address hidden> Tue, 11 Aug 2015 11:51:41 -0700
-
apport (2.17.2-0ubuntu1.2) vivid-proposed; urgency=medium
* apport-noui.upstart: Utilize watershed to only launch one instance of
whoopsie-upload-all at a time. (LP: #1473562)
* apport-noui: Depend on watershed.
-- Brian Murray <email address hidden> Fri, 24 Jul 2015 15:27:31 -0700
-
apport (2.17.2-0ubuntu1.1) vivid-security; urgency=medium
* SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)
* SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind and
re-read it. This prevents the user from modifying the .crash report file
while "apport" is running to inject data and creating crafted core dump
files. In conjunction with the above vulnerability of writing core dump
files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)
* test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.
* signal_crashes test: Fix test_crash_setuid_* to look at whether
suid_dumpable was enabled.
* Disable KDE tests for the time being. apport-kde consistently crashes
in PyQT5 since vivid (LP #1442512), don't block package migration on this.
-- Martin Pitt <email address hidden> Wed, 13 May 2015 11:42:59 +0200
-
apport (2.17.2-0ubuntu1) vivid; urgency=medium
* New upstream bug fix release:
- SECURITY UPDATE: Disable crash forwarding to containers. The previous
fix in 2.17.1 was not sufficient against all attack scenarios. By
binding to specially crafted sockes, a normal user program could forge
arbitrary entries in /proc/net/unix. We cannot currently rely on a
kernel-side solution for this; this feature will be re-enabled once it
gets re-done to be secure. (LP: #1444518)
- apport-kde: Fix crash when showing byte array values. Thanks Jonathan
Riddell. (LP: #1443659)
- Really create a better duplicate signature for recoverable problems,
using ExecutablePath. Thanks Brian Murray. (LP: #1316763)
* Disable Launchpad crash upload for final Ubuntu 15.04.
-- Martin Pitt <email address hidden> Thu, 16 Apr 2015 17:51:18 -0500
-
apport (2.17.1-0ubuntu2) vivid; urgency=medium
* Fix crash in kde frontend LP: #1443659
-- Jonathan Riddell <email address hidden> Wed, 15 Apr 2015 13:29:04 +0200
-
apport (2.17.1-0ubuntu1) vivid; urgency=medium
* New upstream bug fix release:
- SECURITY UPDATE: Fix root privilege escalation through crash forwarding
to containers.
Version 2.13 introduced forwarding a crash to a container's apport. By
crafting a specific file system structure, entering it as a namespace
("container"), and crashing something in it, a local user could access
arbitrary files on the host system with root privileges.
Thanks to Stéphane Graber for discovering and fixing this!
(CVE-2015-1318, LP: #1438758)
- apport-kde tests: Fix imports to make tests work again.
- Fix UnicodeDecodeError on parsing non-ASCII environment variables.
- apport: use the proper pid when calling apport in another PID namespace.
Thanks Brian Murray. (LP: #1300235)
-- Martin Pitt <email address hidden> Tue, 14 Apr 2015 09:10:17 -0500
-
apport (2.17-0ubuntu2) vivid; urgency=medium
* Update apport-kde runtime dependencies. It requires pyqt5 not
pykde4 LP: #1439784
-- Harald Sitter <email address hidden> Fri, 10 Apr 2015 10:52:34 +0200
-
apport (2.17-0ubuntu1) vivid; urgency=medium
* New upstream release. Changes since our last snapshot:
- general-hooks/generic.py: Add systemd journal warnings and errors to the
new "JournalErrors" field.
-- Martin Pitt <email address hidden> Tue, 31 Mar 2015 09:25:40 +0200
-
apport (2.16.2-0ubuntu5) vivid; urgency=medium
* Port KDE frontend to Qt 5 LP: #1436328
-- Jonathan Riddell <email address hidden> Wed, 25 Mar 2015 22:39:19 +0100
-
apport (2.16.2-0ubuntu4) vivid; urgency=medium
* general-hooks/ubuntu.py: for reports where the ProblemType is Package
always include information about the apt and dpkg versions.
-- Brian Murray <email address hidden> Fri, 20 Mar 2015 13:23:45 -0700
-
apport (2.16.2-0ubuntu3) vivid; urgency=medium
* package-hooks/source_linux.py: Don't check BootDmesg for staging drivers
anymore since it is no longer included in the crash report. (LP: #1430168)
-- Brian Murray <email address hidden> Wed, 11 Mar 2015 12:57:05 -0700
-
apport (2.16.2-0ubuntu2) vivid; urgency=medium
* Merge from trunk:
- Adjust signal_crashes.test_crash_setuid_{keep,drop} for systemd.
-- Martin Pitt <email address hidden> Mon, 09 Mar 2015 11:32:18 +0100
-
apport (2.16.2-0ubuntu1) vivid; urgency=medium
* New upstream bug fix release:
- ProblemReport: Set a timestamp of 0 in gzip compressed fields; they are
meaningless and cause unnecessary jitter in the output.
- launchpad backend: Fix unclosed file in upload().
- launchpad backend: Fix wrong use of filter() with Python 3.
- launchpad backend download(): Try to convert textual values from byte
arrays into into strings.
- ui.py, collect_info(): Fix crash on bug pattern checking with broken
gzipped values. (LP: #1345653)
- hookutils, attach_drm_info(): Avoid UnicodeDecodeErrors in Python 3 when
reading binary files. Thanks Chad Miller. (LP: #1425254)
- apport-gtk: Update legacy icon names to modern GTK ones, to fix icons
under GNOME. Thanks Scott Sanbar. (LP: #1422176)
- Move backend_apt_dpkg testsuite to use Ubuntu 14.04 LTS.
- hookutils, attach_dmesg(): Only attach dmesg as CurrentDmesg, drop
BootDmesg as /var/log/dmesg is upstart specific and thus not reliably
correct any more.
- hookutils, recent_syslog(): Read system logs from the journal when
running under systemd, and fall back to /var/log/syslog if not.
- hookutils, attach_mac_events(): Read kernel violation messages from
dmesg instead of /var/log/kern.log, as that's specific to rsyslog and
its configuration.
-- Martin Pitt <email address hidden> Mon, 02 Mar 2015 11:37:32 +0100
-
apport (2.16.1-0ubuntu2) vivid; urgency=medium
* Merge from trunk:
- hookutils.in_session_of_problem(): Check $XDG_SESSION_ID and
/run/systemd/sessions instead of the cgroup, as the latter does not work
under cgmanager.
-- Martin Pitt <email address hidden> Tue, 10 Feb 2015 12:52:00 +0100
-
apport (2.16.1-0ubuntu1) vivid; urgency=medium
* New upstream release:
- Set gettext translation domain in setup.cfg, so that tools like
dh_translations pick it up and show correct polkit translations.
Thanks to Aron Xu! (LP: #1306857)
- Report.get_logind_session(): Check $XDG_SESSION_ID and
/run/systemd/sessions instead of the cgroup, as the latter does not work
under cgmanager.
-- Martin Pitt <email address hidden> Tue, 10 Feb 2015 11:39:05 +0100
-
apport (2.16-0ubuntu1) vivid; urgency=medium
* New upstream release:
- Add a new method ProblemReport.extract_keys() which writes binary keys
(which can be very large) directly to files without loading them all
into memory first. Use that in apport-unpack. Thanks Louis Bouchard!
(LP: #1307413)
- launchpad backend: Work with Python 3, now that launchpadlib exists for
Python 3. (LP: #1153671)
- apport-bug, apport-gtk: Also check for $WAYLAND_SESSION, to use
apport-gtk instead of apport-cli under Wayland. Thanks Tim Lunn.
(LP: #1418766)
- apport-gtk: When running under Wayland, avoid Gdk/Wnck operation for
setting crash window modal to the PID of the crashed window; these only
work under X11.
- Don't install the test suite any more, to save 1 MB of installed space.
It can be run out of trunk easily enough, and distributions can install
it from tests/ if they desire.
- hookutils, attach_root_command_outputs(): Fix UnicodeDecodeError crash
for non-textual values. (LP: #1370259)
- ui.py: Only provide a UI to hooks if the crash db will accept the
report. This avoids asking questions if the report is merely sent to
whoopsie for Ubuntu stable releases. Thanks Brian Murrary.
(LP: #1084979)
- whoopsie-upload-all: Add package information to the report before
calling package hooks. Thanks Brian Murray.
- Fix check for available terminal when checking whether to display the
"Examine locally" button.
* Add general hook for detecting Wayland sessions and tagging them with
"wayland-session". Thanks Timm Lunn! (LP: #1418262)
* debian/tests/upstream-system: Copy tests from source tree, as
/usr/share/apport/testsuite/ does not exist any more.
-- Martin Pitt <email address hidden> Fri, 06 Feb 2015 10:11:30 +0100
-
apport (2.15.1-0ubuntu4) vivid; urgency=medium
* data/whoopsie-upload-all: need to add package information to the report
before we can add package specific information to it.
-- Brian Murray <email address hidden> Mon, 26 Jan 2015 10:06:06 -0800
-
apport (2.15.1-0ubuntu3) vivid; urgency=medium
* etc/apport/crashdb.conf: Enable crash reports on Launchpad for vivid.
-- Martin Pitt <email address hidden> Mon, 26 Jan 2015 17:57:03 +0100
-
apport (2.15.1-0ubuntu2) vivid; urgency=medium
* Add systemd units for apport-noui.
* Merge from trunk:
- hookutils, attach_root_command_outputs(): Fix UnicodeDecodeError crash
for non-textual values. (LP: #1370259)
-- Martin Pitt <email address hidden> Thu, 08 Jan 2015 17:33:12 +0100
-
apport (2.15.1-0ubuntu1) vivid; urgency=medium
* New upstream release. Changes since last snapshot:
- apt/dpkg _search_contents(): Check HTTP last-modified header to avoid
re-downloading Contents.gz every day unless it actually changed. Thanks
Brian Murray!
- apport-gtk: Drop properties which are deprecated in GTK 3.14.
* debian/tests/control: Wrap dependencies.
* debian/tests/control: Add gnome-icon-theme; fixes running tests with GTK
3.14.
-- Martin Pitt <email address hidden> Fri, 19 Dec 2014 07:45:30 +0100
-
apport (2.15-0ubuntu3) vivid; urgency=medium
* Merge further test robustification and translation updates from trunk.
-- Martin Pitt <email address hidden> Tue, 16 Dec 2014 11:01:20 +0100
-
apport (2.15-0ubuntu2) vivid; urgency=medium
* Merge from trunk:
- Robustify report.test_get_timestamp test.
- Robustify signal_crashes.test_limit_size test.
-- Martin Pitt <email address hidden> Thu, 04 Dec 2014 09:19:29 +0100
-
apport (2.15-0ubuntu1) vivid; urgency=medium
* New upstream release. Changes since our snapshot:
- recoverable_problem: Handle the parent process going away while we're
attempting to read from proc.
- apport-retrace: Stop considering a package download error as transient; it
can too easily lead to unnoticed eternal retry loops.
- whoopsie-upload-all: Refactor to behave more reliably in case of overlapping
crash processing. Thanks Steve Langasek and Brian Murray. (LP: #1354318)
- whoopsie-upload-all: Remove crash reports that have a core dump which is
broken and cannot be processed by gdb. Thanks Brian Murray. (LP: #1376374)
- When core size exceeds the limit (3/4 of available memory) and thus the core
dump is skipped, log this to /var/log/apport.log. (LP: #1387835)
- apport-gtk: Fix jump-to-top on first click of the details treeview. Thanks
Marius Gedminas. (LP: #1387328)
- apport-retrace: Fix location of cached Contents.gz when using --sandbox-dir.
(LP: #1394798)
- Fix backend_apt_dpkg.test_install_packages_permanent_sandbox test case with
proxy env variables with latest apt.
* Update Vcs-Bzr: for vivid branch.
* debian/tests: Drop obsolete workarounds, use allow-stderr.
* Bump Standards-Version to 3.9.6 (no changes necessary).
-- Martin Pitt <email address hidden> Tue, 02 Dec 2014 14:51:59 +0100
-
apport (2.14.7-0ubuntu10) vivid; urgency=medium
* data/whoopsie-upload-all: confirm that the crash file exists before trying
to remove it. (LP: #1384358)
-- Brian Murray <email address hidden> Mon, 03 Nov 2014 17:01:55 -0800
-
apport (2.14.7-0ubuntu9) vivid; urgency=medium
* data/general_hooks/clickinfo.py: Created a hook to determine package
and version information for executables that are from click packages.
-- Brian Murray <email address hidden> Fri, 31 Oct 2014 14:41:14 -0700
-
apport (2.14.7-0ubuntu8) utopic; urgency=medium
* etc/init.d/apport: Stop setting $PATH in the init.d script. It breaks
assumptions from /lib/lsb/init-functions.d/ which might call other tools
which are not in /bin; also, we generally shouldn't meddle with $PATH in
individual scripts. (LP: #1372665)
-- Martin Pitt <email address hidden> Mon, 20 Oct 2014 14:51:41 -0400