-
apport (2.20.1-0ubuntu2.30) xenial-security; urgency=medium
* SECURITY UPDATE: multiple security issues (LP: #1912326)
- CVE-2021-25682: error parsing /proc/pid/status
- CVE-2021-25683: error parsing /proc/pid/stat
- CVE-2021-25684: stuck reading fifo
- data/apport: make sure existing report is a regular file.
- apport/fileutils.py: move some logic here to skip over manipulated
process names and filenames.
- test/test_fileutils.py: added some parsing tests.
-- Marc Deslauriers <email address hidden> Tue, 26 Jan 2021 07:21:46 -0500
-
apport (2.20.1-0ubuntu2.28) xenial; urgency=medium
* data/apport: only drop supplemental groups if the user is root. (LP: #1906565)
-- Brian Murray <email address hidden> Thu, 03 Dec 2020 10:33:00 -0800
-
apport (2.20.1-0ubuntu2.27) xenial-security; urgency=medium
* Various security hardening fixes (LP: #1903332)
- apport/fileutils.py: drop privileges in the correct order, limit
settings file size.
- apport/apport/report.py: properly drop privileges, limit ignore file
size.
- data/apport: drop supplemental groups.
-- Marc Deslauriers <email address hidden> Tue, 10 Nov 2020 15:03:57 -0500
-
apport (2.20.1-0ubuntu2.26) xenial; urgency=medium
* data/apport: In the event that the crashing executable does not exist on
disk any more the path name of the executable (passed by core) is appended
with '(deleted)' because apport is currently using sys.argv for argument
parsing there end up being too many arguments and apport crashes. This is
fixed by adding handling for six arguments. (LP: #1899195)
-- Brian Murray <email address hidden> Mon, 19 Oct 2020 09:22:56 -0700
-
apport (2.20.1-0ubuntu2.25) xenial; urgency=medium
* data/apport: Introduce support for non-positional arguments so we can
easily extend core_pattern in the future (LP: #1732962)
-- Matthieu Clemenceau <email address hidden> Fri, 21 Aug 2020 10:24:13 -0500
-
apport (2.20.1-0ubuntu2.24) xenial-security; urgency=medium
* SECURITY UPDATE: information disclosure issue (LP: #1885633)
- data/apport: also drop gid when checking if user session is closing.
- CVE-2020-11936
* SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
- apport/report.py: don't crash on malformed mtime values.
- CVE-2020-15701
* SECURITY UPDATE: TOCTOU in core file location
- data/apport: make sure the process hasn't been replaced after Apport
has started.
- CVE-2020-15702
* apport/ui.py, test/test_ui.py: make sure a PID is specified when using
--hanging (LP: #1876659)
-- Marc Deslauriers <email address hidden> Fri, 24 Jul 2020 09:08:40 -0400
-
apport (2.20.1-0ubuntu2.23) xenial-security; urgency=medium
* SECURITY UPDATE: World writable root owned lock file created in user
controllable location (LP: #1862348)
- data/apport: Change location of lock file to be directly under
/var/run so that regular users can not directly access it or perform
symlink attacks.
- CVE-2020-8831
* SECURITY UPDATE: Race condition between report creation and ownership
(LP: #1862933)
- data/apport: When setting owner of report file use a file-descriptor
to the report file instead of its path name to ensure that users can
not cause Apport to change the ownership of other files via a
symlink attack.
- CVE-2020-8833
-- Alex Murray <email address hidden> Wed, 25 Mar 2020 11:50:41 +1030
-
apport (2.20.1-0ubuntu2.22) xenial-security; urgency=medium
[ Michael Hudson-Doyle ]
* SECURITY REGRESSION: fix autopkgtest failures since recent security
update (LP: #1854237)
- Fix regression in creating report for crashing setuid process by getting
kernel to tell us the executable path rather than reading
/proc/[pid]/exe.
- Fix deletion of partially written core files.
- Fix test_get_logind_session to use new API.
- Restore add_proc_info raising ValueError for a dead process.
- Delete test_lock_symlink, no longer applicable now that the lock is
created in a directory only root can write to.
[ Tiago Stürmer Daitx ]
* SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'
(LP: #1851806)
- apport/report.py, apport/ui.py: use file descriptors for /proc/pid
directory access only when running under python 3; prevent reading /proc
maps under python 2 as it does not provide a secure way to do so; use
io.open for better compatibility between python 2 and 3.
* data/apport: fix number of arguments passed through socks into a container.
* test/test_report.py: test login session with both pid and proc_pid_fd.
* test/test_apport_valgrind.py: skip test_sandbox_cache_options if system
has little memory.
* test/test_ui.py: modify run_crash_kernel test to account for the fact that
linux-image-$kvers-$flavor is now built from the linux-signed source
package on amd64 and ppc64el. (LP: #1766740)
-- Tiago Stürmer Daitx <email address hidden> Thu, 27 Feb 2020 03:18:45 +0000
-
apport (2.20.1-0ubuntu2.21) xenial-security; urgency=medium
* SECURITY REGRESSION: missing argument in Report.add_proc_environ
call (LP: #1850929)
- apport/report.py: call add_proc_environ using named arguments
and move proc_pid_dir keyword to last to keep api compatibility.
-- Tiago Stürmer Daitx <email address hidden> Tue, 05 Nov 2019 02:49:27 +0000
-
apport (2.20.1-0ubuntu2.20) xenial-security; urgency=medium
* SECURITY UPDATE: apport reads arbitrary files if ~/.config/apport/settings
is a symlink (LP: #1830862)
- apport/fileutils.py: drop permissions before reading user settings file.
- CVE-2019-11481
* SECURITY UPDATE: TOCTTOU race conditions and following symbolic
links when creating a core file (LP: #1839413)
- data/apport: use file descriptor to reference to cwd instead
of strings.
- CVE-2019-11482
* SECURITY UPDATE: fully user controllable lock file due to lock file
being located in world-writable directory (LP: #1839415)
- data/apport: create and use lock file from /var/lock/apport.
- CVE-2019-11485
* SECURITY UPDATE: per-process user controllable Apport socket file
(LP: #1839420)
- data/apport: forward crashes only under a valid uid and gid,
thanks Stéphane Graber for the patch.
- CVE-2019-11483
* SECURITY UPDATE: PID recycling enables an unprivileged user to
generate and read a crash report for a privileged process (LP: #1839795)
- data/apport: drop permissions before adding proc info (special thanks
to Kevin Backhouse for the patch)
- data/apport, apport/report.py, apport/ui.py: only access or open
/proc/[pid] through a file descriptor for that directory.
- CVE-2019-15790
-- Tiago Stürmer Daitx <email address hidden> Tue, 29 Oct 2019 05:23:08 +0000
-
apport (2.20.1-0ubuntu2.19) xenial-security; urgency=medium
* SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
files (LP: #1830858)
- apport/report.py: Avoid TOCTOU issue on users ignore file by
dropping privileges and then opening the file both test for access and
open the file in a single operation, instead of using access() before
reading the file which could be abused by a symlink to cause Apport to
read and embed an arbitrary file in the resulting crash dump.
- CVE-2019-7307
-- Alex Murray <email address hidden> Thu, 04 Jul 2019 12:05:21 +0930
-
apport (2.20.1-0ubuntu2.18) xenial-security; urgency=medium
* data/apport: Properly handle crashes originating from a PID namespace.
(LP: #1746668)
- CVE-2018-6552
-- Brian Murray <email address hidden> Thu, 10 May 2018 15:30:09 -0700
-
apport (2.20.1-0ubuntu2.17) xenial; urgency=medium
* apport/ui.py: Ensure the Date field exists in a report before using it in
a comparison. (LP: #1658188)
-- Brian Murray <email address hidden> Fri, 20 Apr 2018 14:39:15 -0700
-
apport (2.20.1-0ubuntu2.16) xenial; urgency=medium
* data/general-hooks/generic.py: Only include JournalErrors for apport-crash
reports which are private by default. (LP: #1738581)
-- Brian Murray <email address hidden> Fri, 30 Mar 2018 09:53:05 -0700
-
apport (2.20.1-0ubuntu2.15) xenial-security; urgency=medium
* REGRESSION UPDATE: Fix regression that caused a Traceback in the
container support (LP: #1733366)
- data/apport: add a second os.path.exists check to ensure we do not
receive a Traceback in is_container_id() and add an exception handler in
case either name space can not be found.
-- Brian Murray <email address hidden> Wed, 13 Dec 2017 10:54:26 -0800
-
apport (2.20.1-0ubuntu2.14) xenial; urgency=medium
* bin/apport-cli: read until <enter> instead of a single character when # of
apport options is non-unique with a single character. Thanks to Chad Smith
for the patch. (LP: #1722564)
-- Brian Murray <email address hidden> Mon, 27 Nov 2017 15:26:00 -0800
-
apport (2.20.1-0ubuntu2.13) xenial-security; urgency=medium
* REGRESSION UPDATE: Fix regression in previous upload by re-enabling
container support. (LP: #1732518)
* REGRESSION UPDATE: Fix the core_pattern for upstart based systems to
include the dump mode.
* Add code preventing a user from confusing apport by using
a manually crafted filesystem inside a combination of a user and mount
namespace.
* Add a check in apport receiver for the number of arguments so that
should another argument be added later, the receiver will simply ignore
the crash until it itself gets updated.
-- Stéphane Graber <email address hidden> Wed, 15 Nov 2017 17:00:24 -0500
-
apport (2.20.1-0ubuntu2.12) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service via resource exhaustion and
privilege escalation when handling crashes of tainted processes
(LP: #1726372)
- When /proc/sys/fs/suid_dumpable is set to 2, do not assume that
the user and group owning the /proc/<PID>/stat file is the same
user and group that started the process. Rather check the dump
mode of the crashed process and do not write a core file if its
value is 2. Thanks to Sander Bos for discovering this issue!
- CVE-2017-14177
* SECURITY UPDATE: Denial of service via resource exhaustion,
privilege escalation, and possible container escape when handling
crashes of processes inside PID namespaces (LP: #1726372)
- Change the method for determining if a crash is from a container
so that there are no false positives from software using PID
namespaces. Additionally, disable container crash forwarding by
ignoring crashes that occur in a PID namespace. This functionality
may be re-enabled in a future update. Thanks to Sander Bos for
discovering this issue!
- CVE-2017-14180
-- Brian Murray <email address hidden> Thu, 09 Nov 2017 15:50:08 -0800
-
apport (2.20.1-0ubuntu2.10) xenial-security; urgency=medium
* SECURITY UPDATE: code execution through path traversial in
.crash files (LP: #1700573)
- apport/report.py, test/test_ui.py: fix traversal issue
and add a test for that.
- debian/apport.install, setup.py, xdg-mime/apport.xml: removes
apport as a file handler for .crash files. Thanks to Brian
Murray for the patch and Felix Wilhelm for discovering this.
- CVE-2017-10708
-- <email address hidden> (Leonidas S. Barbosa) Mon, 17 Jul 2017 08:43:18 -0300
-
apport (2.20.1-0ubuntu2.9) xenial; urgency=medium
* test/test_signal_crashes.py: delete the test which uses an arbitrary
unpredictable core file size.
apport (2.20.1-0ubuntu2.8) xenial; urgency=medium
* test/test_signal_crashes.py: a ulimit of 1M bytes isn't enough to produce
a core file anymore so bump it to 10M.
apport (2.20.1-0ubuntu2.7) xenial; urgency=medium
* data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
for package installation failures. (LP: #1692127)
-- Brian Murray <email address hidden> Thu, 29 Jun 2017 13:33:50 -0700
-
apport (2.20.1-0ubuntu2.8) xenial; urgency=medium
* test/test_signal_crashes.py: a ulimit of 1M bytes isn't enough to produce
a core file anymore so bump it to 10M.
apport (2.20.1-0ubuntu2.7) xenial; urgency=medium
* data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
for package installation failures. (LP: #1692127)
-- Brian Murray <email address hidden> Mon, 26 Jun 2017 14:58:24 -0700
-
apport (2.20.1-0ubuntu2.7) xenial; urgency=medium
* data/general-hooks/ubuntu.py: Modify how a duplicate signature is created
for package installation failures. (LP: #1692127)
-- Brian Murray <email address hidden> Mon, 19 Jun 2017 17:01:15 -0700
-
apport (2.20.1-0ubuntu2.6) xenial; urgency=medium
* data/general/ubuntu.py: Collect a minimal version of /proc/cpuinfo in
every report. (LP: #1673557)
* data/general/ubuntu-gnome.py: The GNOME3 PPAs are no longer supported for
14.04 or 16.04 so set an UnreportableReason in those reports.
(LP: #1689093)
* test_backend_apt_dpkg.py: Move tests from Ubuntu 15.10 "wily" (which is
EoL now) to 16.04 LTS "xenial". (LP: #1690437)
-- Brian Murray <email address hidden> Fri, 12 May 2017 11:39:04 -0700
-
apport (2.20.1-0ubuntu2.5) xenial; urgency=medium
* apport-gtk: Specify module version with GI imports to avoid warnings.
Thanks Anatoly Techtonik. (LP: #1502173)
-- Brian Murray <email address hidden> Tue, 03 Jan 2017 15:31:33 -0800
-
apport (2.20.1-0ubuntu2.4) xenial-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: code execution via malicious crash files
- Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
- No CVE number
- LP: #1648806
* SECURITY UPDATE: path traversal vulnerability with hooks execution
- Clean path in apport/report.py, added test to test/test_ui.py.
- No CVE number
- LP: #1648806
[ Steve Beattie ]
* SECURITY UPDATE: code execution via malicious crash files
- Only offer restarting the application when processing a
crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
and kde/apport-kde. Add testcases to test/test_ui.py,
test/test_ui_gtk.py, and test_ui_kde.py.
- No CVE number
- LP: #1648806
-- Marc Deslauriers <email address hidden> Mon, 12 Dec 2016 07:26:36 -0500
-
apport (2.20.1-0ubuntu2.2) xenial; urgency=medium
[ Martin Pitt ]
* hookutils, attach_root_command_outputs(): Return str again, like before
2.15.2. (LP: #1446537)
-- Brian Murray <email address hidden> Tue, 29 Nov 2016 10:17:51 -0800
-
apport (2.20.1-0ubuntu2.1) xenial-proposed; urgency=medium
* data/general-hooks/ubuntu.py: Fix stacktrace when parsing
DpkgTerminalLog.txt. (LP: #1548421)
* data/general-hooks/ubuntu.py: Restore starting package problem duplicate
signatures with the word package, the package name, and its version.
(LP: #1581682)
-- Brian Murray <email address hidden> Mon, 16 May 2016 15:02:01 -0700
-
apport (2.20.1-0ubuntu2) xenial; urgency=medium
* Merge fixes from trunk:
- problem_report.py: Make assertion of invalid key names more verbose.
- hookutils.py: Fix generation of valid report key names from arbitrary
paths in attach_file() and related functions. This will now replace all
invalid characters with dots, not just a few known invalid ones.
(LP: #1566975)
- problem_report.py: Instead of AssertionError, raise a ValueError for
invalid key names and TypeError for invalid kinds of values. Thanks
Barry Warsaw.
* Disable Launchpad crash upload for final Ubuntu 16.04.
-- Martin Pitt <email address hidden> Wed, 13 Apr 2016 23:53:46 +0200
-
apport (2.20.1-0ubuntu1) xenial; urgency=medium
* New upstream release. Changes since our previous snapshot:
- crash-digger: Untag bugs which cannot be retraced instead of stopping
crash-digger. This led to too many pointless manual restarts on broken bug
reports.
* Disambiguate overly generic Python exceptions in duplicate signature
computation: dbus-glib's DBusException wraps a "real" server-side
exception, so add the class of that to disambiguate different crashes;
for OSError that is not a known subclass like FileNotFoundError, add the
errno. (LP: #989819)
-- Martin Pitt <email address hidden> Thu, 31 Mar 2016 16:16:37 +0200
-
apport (2.20-0ubuntu3) xenial; urgency=medium
* Relax report.test_add_gdb_info gdb warning check, as this changed with gdb
7.10.90.
-- Martin Pitt <email address hidden> Tue, 16 Feb 2016 08:41:10 +0100
-
apport (2.20-0ubuntu2) xenial; urgency=medium
* Fix signal_crashes.test_modify_after_start test when running as root.
apport (2.20-0ubuntu1) xenial; urgency=medium
* New upstream release.
- Reimplement forwarding crashes into a container, via activating the new
apport-forward.socket in the container and handing over the core dump
fd. This is a much safer way than the original implementation with
nsexec. Thanks Stéphane Graber! (LP: #1445064)
* Drop long-obsolete sysv-rc dependency.
* Add python3-systemd recommendation to apport, to make crash report
generation work in containers.
* Install new systemd units into apport package.
-- Martin Pitt <email address hidden> Mon, 15 Feb 2016 11:49:56 +0100
-
apport (2.20-0ubuntu1) xenial; urgency=medium
* New upstream release.
- Reimplement forwarding crashes into a container, via activating the new
apport-forward.socket in the container and handing over the core dump
fd. This is a much safer way than the original implementation with
nsexec. Thanks Stéphane Graber! (LP: #1445064)
* Drop long-obsolete sysv-rc dependency.
* Add python3-systemd recommendation to apport, to make crash report
generation work in containers.
* Install new systemd units into apport package.
-- Martin Pitt <email address hidden> Sun, 14 Feb 2016 13:41:36 +0100
-
apport (2.19.4-0ubuntu2) xenial; urgency=medium
* debian/apport.upstart: Call systemd-detect-virt instead of the
Ubuntu specific running-in-container wrapper. (LP: #1539016)
-- Martin Pitt <email address hidden> Thu, 28 Jan 2016 14:58:06 +0100
-
apport (2.19.4-0ubuntu1) xenial; urgency=medium
* New upstream bug fix release:
- Fix fileutils.test_find_package_desktopfile test for symlinks and other
unowned files in /usr/share/applications/.
- Fix ui.test_run_crash_anonymity test case to not fail if the base64
encoded core dump happens to contain the user name, as that's just by
chance. - Fix test_hooks.py for unreleased gcc versions which have a
different --version format.
- hookutils.py, attach_hardware(): Stop attaching /var/log/udev. This was
an upstart-ism, mostly redundant with the udev db and is not being
written under systemd. (LP: #1537211)
* etc/apport/crashdb.conf: Enable crash reports on Launchpad for xenial.
-- Martin Pitt <email address hidden> Tue, 26 Jan 2016 15:37:44 +0100
-
apport (2.19.3-0ubuntu3) xenial; urgency=medium
* data/general-hooks/powerpc.py: Add support to collect more data on
PowerNV. (LP: #1499226) Thanks to Kamalesh Babulal for the patch.
-- Brian Murray <email address hidden> Tue, 12 Jan 2016 17:06:29 -0800
-
apport (2.19.3-0ubuntu2) xenial; urgency=medium
* Fix fileutils.test_find_package_desktopfile test for symlinks and other
unowned files in /usr/share/applications/. (Cherry-picked from trunk.)
-- Martin Pitt <email address hidden> Thu, 10 Dec 2015 10:31:19 +0100
-
apport (2.19.3-0ubuntu1) xenial; urgency=medium
* New upstream microrelease:
- apt/dpkg: Fix source record lookup in install_packages. Thanks Brian
Murray!
- hookutils.py, attach_gsettings_schema(): Don't replace the schema
variable; fixes attaching relocatable schemas. Thanks Sébastien Bacher!
- generic hook: Limit JournalErrors to the 1.000 last lines. This avoids
long report load times when processes cause massive log spew.
(LP: #1516947)
- Add key filtering to ProblemReport.load().
- Don't read the entire report when determining the CrashCounter. This
avoids long delays for existing large reports.
- test_python_crashes.py: Be less sensitive to the precise names of
gvfs-metadata D-Bus service files.
- Move backend_apt_dpkg -dbgsym test cases to Ubuntu 15.10.
- Tests: Move to unittest's builtin "mock" module.
-- Martin Pitt <email address hidden> Tue, 08 Dec 2015 09:49:00 +0100
-
apport (2.19.2-0ubuntu9) xenial; urgency=medium
* If trimming the DpkgTerminalLog file fails, keep the whole log file in the
report. (LP: #1522849)
-- Brian Murray <email address hidden> Mon, 07 Dec 2015 09:19:37 -0800
-
apport (2.19.2-0ubuntu8) xenial; urgency=medium
* No-change rebuild against fixed debhelper.
-- Martin Pitt <email address hidden> Wed, 25 Nov 2015 06:21:22 +0100
-
apport (2.19.2-0ubuntu7) xenial; urgency=medium
* data/general-hooks/ubuntu.py: resolve Traceback when parsing
DpkgTerminalError and using python2.
-- Brian Murray <email address hidden> Tue, 24 Nov 2015 11:35:10 -0800
-
apport (2.19.2-0ubuntu6) xenial; urgency=medium
* Add Conflicts/Replaces/Provides: core-dump-handler, to ensure mutual
uninstallability with systemd-coredump and corekeeper.
-- Martin Pitt <email address hidden> Fri, 13 Nov 2015 11:20:31 +0100
-
apport (2.19.2-0ubuntu5) xenial; urgency=medium
* data/general-hooks/ubuntu.py: ensure that dpkg_log_without_error is a
string.
-- Brian Murray <email address hidden> Mon, 09 Nov 2015 09:12:03 -0800
-
apport (2.19.2-0ubuntu4) xenial; urgency=medium
* data/general-hooks/ubuntu.py: For package installation failures, build a
DuplicateSignature from the dpkg terminal log as using the package,
version, and dpkg ErrorMessage ended up being too generic.
-- Brian Murray <email address hidden> Fri, 06 Nov 2015 09:14:29 -0800
-
apport (2.19.2-0ubuntu3) xenial; urgency=medium
* apport: Fix comparison against SIGQUIT to work for current Python
versions. (Cherry-picked from upstream).
-- Martin Pitt <email address hidden> Wed, 04 Nov 2015 14:06:22 -0600
-
apport (2.19.2-0ubuntu2) xenial; urgency=medium
* apport/ui.py: set "_MarkForUpload" field to False for cases where the
apport report is damaged, about a not installed package, or when an
error occurred processing the report. (LP: #1512902)
-- Brian Murray <email address hidden> Tue, 03 Nov 2015 15:44:18 -0800
-
apport (2.19.2-0ubuntu1) xenial; urgency=medium
* New upstream release. Changes since previous snapshot:
- SECURITY FIX: When determining the path of a Python module for a program
like "python -m module_name", avoid actually importing and running the
module; this could lead to local root privilege escalation. Thanks to
Gabriel Campana for discovering this and the fix!
(CVE-2015-1341, LP: #1507480)
- test_backend_apt_dpkg.py: Reset internal apt caches between tests.
Avoids random test failures due to leaking paths from previous test
cases.
* debian/control: Adjust Vcs-Bzr: for xenial branch.
* debian/control: Drop obsolete XS-Testsuite: header.
-- Martin Pitt <email address hidden> Tue, 27 Oct 2015 14:33:28 +0100
-
apport (2.19.1-0ubuntu3) wily; urgency=medium
* Disable Launchpad crash upload for final Ubuntu 15.10.
* Fix backend_apt_dpkg.test_install_packages_system for recent "Fall back to
direct Launchpad ddeb download" fix. coreutils-dbgsym should now always be
available independent of whether the local system has ddeb apt sources.
(Cherry-picked from trunk).
-- Martin Pitt <email address hidden> Mon, 19 Oct 2015 08:48:25 +0200
