Ubuntu
apport package

Change logs for apport source package in Disco

  1. Disco (19.04)
  2. Change log 
  • apport (2.20.10-0ubuntu27.4) disco; urgency=medium

  * Use an SRU-safe substring when checking for the available version of
    aspell-doc in xenial, since aspell *did* have an SRU. Backported
    from apport 2.20.11-0ubuntu9. (LP: #1851542)

 -- dann frazier <email address hidden>  Wed, 13 Nov 2019 14:12:24 -0800
  • apport (2.20.10-0ubuntu27.3) disco-security; urgency=medium

  * SECURITY REGRESSION: missing argument in Report.add_proc_environ
    call (LP: #1850929)
    - apport/report.py: call add_proc_environ using named arguments
      and move proc_pid_dir keyword to last to keep api compatibility.

 -- Tiago Stürmer Daitx <email address hidden>  Tue, 05 Nov 2019 02:49:27 +0000
  • apport (2.20.10-0ubuntu27.2) disco-security; urgency=medium

  * SECURITY UPDATE: apport reads arbitrary files if ~/.config/apport/settings
    is a symlink (LP: #1830862)
    - apport/fileutils.py: drop permissions before reading user settings file.
    - CVE-2019-11481
  * SECURITY UPDATE: TOCTTOU race conditions and following symbolic
    links when creating a core file (LP: #1839413)
    - data/apport: use file descriptor to reference to cwd instead
      of strings.
    - CVE-2019-11482
  * SECURITY UPDATE: fully user controllable lock file due to lock file
    being located in world-writable directory (LP: #1839415)
    - data/apport: create and use lock file from /var/lock/apport.
    - CVE-2019-11485
  * SECURITY UPDATE: per-process user controllable Apport socket file
    (LP: #1839420)
    - data/apport: forward crashes only under a valid uid and gid,
      thanks Stéphane Graber for the patch.
    - CVE-2019-11483
  * SECURITY UPDATE: PID recycling enables an unprivileged user to
    generate and read a crash report for a privileged process (LP: #1839795)
    - data/apport: drop permissions before adding proc info (special thanks
      to Kevin Backhouse for the patch)
    - data/apport, apport/report.py, apport/ui.py: only access or open
      /proc/[pid] through a file descriptor for that directory.
    - CVE-2019-15790

 -- Tiago Stürmer Daitx <email address hidden>  Tue, 29 Oct 2019 05:23:08 +0000
  • apport (2.20.10-0ubuntu27.1) disco-security; urgency=medium

  * SECURITY UPDATE: TOCTOU issue allows local user to read arbitrary
    files (LP: #1830858)
    - apport/report.py: Avoid TOCTOU issue on users ignore file by
      dropping privileges and then opening the file both test for access and
      open the file in a single operation, instead of using access() before
      reading the file which could be abused by a symlink to cause Apport to
      read and embed an arbitrary file in the resulting crash dump.
    - CVE-2019-7307

 -- Alex Murray <email address hidden>  Thu, 04 Jul 2019 12:05:21 +0930
  • apport (2.20.10-0ubuntu27) disco; urgency=medium

  * data/whoopsie-upload-all: confirm the exception has an errno before using
    it in a comparison. (LP: #1824152)

 -- Brian Murray <email address hidden>  Thu, 11 Apr 2019 09:52:07 -0700
  • apport (2.20.10-0ubuntu26) disco; urgency=medium

  * etc/apport/crashdb.conf: Disable Launchpad crash reports for 19.04
    release.

 -- Brian Murray <email address hidden>  Mon, 08 Apr 2019 14:59:46 -0700
  • apport (2.20.10-0ubuntu25) disco; urgency=medium

  * test/test_report.py: update test_add_proc_info for function raising a
    ValueError.

 -- Brian Murray <email address hidden>  Thu, 04 Apr 2019 10:18:25 -0700
  • apport (2.20.10-0ubuntu24) disco; urgency=medium

  * debian/control: apport-gtk should depend on whoopsie-preferences as that
    is needed to store preferences for reporting crashes. (LP: #1809247)
  * apport/report.py, apport/ui.py: raise ValueError if the pid is not
    accessible, display an error message for that or an invalid pid. (LP: #1396160)
  * switch from pyflakes to pyflakes3, drop some python2 code
  * apport/report.py: Have add_gdb_info return a FileNotFoundError if gdb or
    the crashing executable are not found and modify whoopsie-upload-all to
    upload crashes in that situation. (LP: #1820132)
  * debian/control, apport/hookutils.py: pkexec does not work in non-graphical
    environments yet (LP #1821415) and its providing package should only be
    a suggests because gathering of information as root isn't entirely
    necessary for a bug report.

 -- Brian Murray <email address hidden>  Mon, 01 Apr 2019 16:05:25 -0700
  • apport (2.20.10-0ubuntu23) disco; urgency=medium

  * Fix python coding style issue introduced in previous upload.

 -- Julian Andres Klode <email address hidden>  Tue, 05 Mar 2019 10:35:17 +0100
  • apport (2.20.10-0ubuntu22) disco; urgency=medium

  * Introduce support for non-positional arguments (LP: #1732962)

 -- Julian Andres Klode <email address hidden>  Mon, 04 Mar 2019 17:48:00 +0100
  • apport (2.20.10-0ubuntu21) disco; urgency=medium

  [ Matthias Klose ]
  * Avoid deprecation warnings.
  * Fix VCS attribute in the control file.

  [ Steve Langasek ]
  * End our gdb batch script with a separator, to accomodate new exit codes
    from gdb 8.2.50.

 -- Steve Langasek <email address hidden>  Thu, 14 Feb 2019 21:26:00 -0800
  • apport (2.20.10-0ubuntu20) disco; urgency=medium

  * apport/ui.py: if report.get_timestamp() returns None don't try and use it
    in a comparison. (LP: #1658188)

 -- Brian Murray <email address hidden>  Mon, 04 Feb 2019 14:35:36 -0800
  • apport (2.20.10-0ubuntu19) disco; urgency=medium

  * debian/apport-autoreport.service: Since this calls whoopsie-upload-all
    which fails if whoopsie isn't running, it should have a relationship with
    whoopsie.service. (LP: #1787729)

 -- Brian Murray <email address hidden>  Wed, 16 Jan 2019 10:23:09 -0800
  • apport (2.20.10-0ubuntu18) disco; urgency=medium

  * test/test_apport_valgrind.py: specify the location for true.

 -- Brian Murray <email address hidden>  Mon, 07 Jan 2019 16:02:14 -0800
  • apport (2.20.10-0ubuntu17) disco; urgency=medium

  * backends/packaging-apt-dpkg.py: switch to using python3-launchpadlib to
    communicate with Launchpad thereby gaining retry capabilities and using
    its cache.
  * backends/packaging-apt-dpkg.py: strip /usr from binary names so the .list
    file will match.
  * Re-enable Launchpad crash reports for disco.
  * test/*: switch from using deprecated imp to importlib, modify binary
    locations for merged-usr changes.
  * apport/report.py: reorder directories check for binaries so /usr is
    checked first.

 -- Brian Murray <email address hidden>  Fri, 21 Dec 2018 08:36:40 -0800
  • apport (2.20.10-0ubuntu14) disco; urgency=medium

  * apport/ui.py: when using ubuntu-bug properly handle executables which
    start with /snap/bin. (LP: #1760220)

 -- Brian Murray <email address hidden>  Thu, 01 Nov 2018 09:30:11 -0700
  • apport (2.20.10-0ubuntu13) cosmic; urgency=medium

  * Fix PEP8 605 warnings and ignore 503,504 ones.

 -- Brian Murray <email address hidden>  Thu, 11 Oct 2018 14:35:11 -0700