lp:~ubuntu-core-dev/ubuntu/utopic/apport/ubuntu

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1235436: /etc/init/apport-noui.conf is non-functional on the phone	Critical	Fix Released
Bug #1307684: the python apport hook slows down startup time of the python interpreter by 50%	Undecided	Fix Released
Bug #1313818: iwlwifi error dumps: not enabled in distro, could contain private information	Undecided	Fix Released
Bug #1316841: apportcheckresume does not create a duplicate signature	High	Fix Released
Bug #1336462: Make apport collect some Power information	Undecided	Fix Released
Bug #1339663: ubuntu-bug fails with "whoopsie-upload-all: error: unrecognized arguments" when /var/lib/apport/autoreport exists	High	Fix Released
Bug #1345569: recoverable_problem crashed with ValueError in add_proc_info(): invalid process	High	Fix Released
Bug #1347565: apport recommends gdb	Undecided	Fix Released
Bug #1351137: ubuntu-system-settings-wizard does not create /var/lib/apport/autoreport on first boot	Critical	Fix Released
Bug #1358734: apport-retrace crashed with UnicodeEncodeError in _print_message(): 'ascii' codec can't encode character u'\xe1' in position 615: ordinal not in range(128)	Medium	Fix Released
Bug #1370259: apport fails to collect nvram specific information -- attach_root_command_outputs() does not work for binary data	Undecided	Fix Released
Bug #1372665: apport reports suspend/resume failure twice on boot (apportcheckresume)	High	Fix Released
Bug #1376374: whoopsie-upload-all will run hooks on a corrupt crash file multiple times	Medium	Fix Released
Bug #1438345: Getting invalid request when querying co-mounted cgroups	Critical	Fix Released
Bug #1444518: Insecure /proc/net/unix parsing	Undecided	Fix Released
Bug #1452239: root escalation with fs.suid_dumpable=2	Undecided	Fix Released
Bug #1453900: root escalation via race condition	Critical	Fix Released

Link a bug report

Related blueprints

2375. By Martin Pitt on 2015-05-13

releasing package apport version 2.14.7-0ubuntu8.5

2374. By Martin Pitt on 2015-05-13

SECURITY UPDATE: When writing a core dump file for a crashed packaged
program, don't close and reopen the .crash report file but just rewind and
re-read it. This prevents the user from modifying the .crash report file
while "apport" is running to inject data and creating crafted core dump
files. In conjunction with the above vulnerability of writing core dump
files to arbitrary directories this could be exploited to gain root
privileges.
Thanks to Philip Pettersson for discovering this issue!
(CVE-2015-1325, LP: #1453900)

2373. By Martin Pitt on 2015-05-13

SECURITY UPDATE: When /proc/sys/fs/suid_dumpable is enabled, crashing a
program that is suid root or not readable for the user would create
root-owned core files in the current directory of that program. Creating
specially crafted core files in /etc/logrotate.d or similar could then
lead to arbitrary code execution with root privileges. Now core files do
not get written for these kinds of programs, in accordance with the
intention of core(5).
Thanks to Sander Bos for discovering this issue!
(CVE-2015-1324, LP: #1452239)

2372. By Martin Pitt on 2015-05-08

test_signal_crashes(): Drop hardcoded /tmp/ path in do_crash(),
test_nonwritable_cwd() uses a different dir.

2371. By Martin Pitt on 2015-05-08

releasing package apport version 2.14.7-0ubuntu8.4

2370. By Martin Pitt on 2015-05-08

* SECURITY UPDATE: insecure /proc/net/unix parsing (LP: #1444518)
  - data/apport: temporarily disable container support until it can be
    re-written in a secure manner.
  - CVE number pending

2369. By Martin Pitt on 2015-05-08

releasing package apport version 2.14.7-0ubuntu8.3

2368. By Martin Pitt on 2015-05-08

* SECURITY UPDATE: privilege escalation through namespaces and crafted
  chroot (LP: #1438345)
  - data/apport: If crash comes from a container, rather than
    chrooting into it, detect what LXC container it is and then use the
    attach_wait API call to execute apport in the container.
  - data/apport: Don't fail when encountering unicode characters.
    (Thanks to Martin Pitt)
  - test/test_signal_crashes.py: Test for the unicode fix.
    (Thanks to Martin Pitt)
  - CVE-2015-1318

2367. By Brian Murray on 2015-02-05

releasing package apport version 2.14.7-0ubuntu8.2

2366. By Brian Murray on 2015-02-05

apport/ui.py: Only provide a UI to hooks if the crash db will accept the
report. This avoids asking questions if the report is merely sent to
whoopsie for Ubuntu stable releases. (LP: #1084979)