Change logs for whoopsie source package in Bionic

whoopsie (0.2.62ubuntu0.6) bionic; urgency=medium

  * Attempt to fix double free issue (LP: #1899100)
    - src/whoopsie.c: reject duplicate keys, re-order certain operations.
    - src/tests/data/crash/invalid_key_duplicate,
      src/tests/test_parse_report.c: added test for duplicate keys.

 -- Brian Murray <email address hidden>  Wed, 02 Dec 2020 09:35:52 -0800

whoopsie (0.2.62ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

 -- Marc Deslauriers <email address hidden>  Fri, 24 Jul 2020 08:55:26 -0400

whoopsie (0.2.62ubuntu0.4) bionic-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1830865)
    - use uint32_t instead of size_t and INT32_MAX instead of INT_MAX
      as bson expects variable sizes to be 32 bits long.

 -- Tiago Stürmer Daitx <email address hidden>  Mon, 04 Nov 2019 23:33:08 +0000

whoopsie (0.2.62ubuntu0.3) bionic-security; urgency=medium

  * SECURITY REGRESSION: segfault when sending crash report (LP: #1850608)
    - lib/bson/bson.c: properly initialize value.

 -- Marc Deslauriers <email address hidden>  Wed, 30 Oct 2019 09:01:42 -0400

whoopsie (0.2.62ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow when handling large bson
    objects (LP: #1830865)
    - lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t
      for size instead of int to prevent integer overflows.
    - lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX.
    - CVE-2019-11484

 -- Tiago Stürmer Daitx <email address hidden>  Mon, 14 Oct 2019 14:16:56 +0000

whoopsie (0.2.62ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow when handling large crash dumps (LP:
    #1830863)
    - src/whoopsie.c: Don't use signed integer types for lengths to ensure
      large crash dumps do not cause signed integer overflow
    - CVE-2019-11476

 -- Alex Murray <email address hidden>  Fri, 5 Jul 2019 14:15:25 +0930

whoopsie (0.2.62) bionic; urgency=medium

  * Remove /etc/whoopsie file as its contents are not read by whoopsie.
    (LP: #1756937)

 -- Brian Murray <email address hidden>  Fri, 06 Apr 2018 13:38:15 -0700

whoopsie (0.2.61) bionic; urgency=medium

  * Build-depend on libcurl4-gnutls-dev, not libcurl4-openssl-dev, to drop
    the redundant curl implementation from the desktop seeds and also fix a
    GPL violation.

 -- Steve Langasek <email address hidden>  Fri, 06 Apr 2018 10:48:31 -0700

whoopsie (0.2.60) bionic; urgency=medium

  * Include JournalErrors in information uploaded to the Error Tracker.
    (LP: #1756446)

 -- Brian Murray <email address hidden>  Fri, 30 Mar 2018 08:32:35 -0700

whoopsie (0.2.59build1) bionic; urgency=medium

  * No-change rebuild against libcurl4

 -- Steve Langasek <email address hidden>  Wed, 28 Feb 2018 08:54:46 +0000

whoopsie (0.2.59) bionic; urgency=medium

  * Set CURLOPT_SSL_VERIFYPEER to 0 if env CRASH_DB_NOVERIFYPEER is set for
    testing daisy servers with self-signed certs.

 -- Brian Murray <email address hidden>  Wed, 31 Jan 2018 14:39:25 -0800

whoopsie (0.2.58) artful; urgency=medium

  * Modify the whoopsie service file to wants=networking-online.target too.

 -- Brian Murray <email address hidden>  Mon, 24 Jul 2017 13:42:40 -0700