lp://staging/ubuntu/intrepid-security/apport

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #357024: security hole in /etc/cron.daily/apport

Undecided

Fix Committed

Link a bug report

Related blueprints

119. By Jamie Strandboge on 2009-04-29

[ Martin Pitt ]
* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
  descend into subdirectories of /var/crash/. Doing so might be exploited by
  a race condition between find traversing a huge directory tree, changing
  an existing subdir into a symlink to e. g. /etc/, and finally getting that
  piped to rm. Patch based on work by Martin Pitt. Thanks to Stephane
  Chazelas for discovering this!
  - LP: #357024
  - CVE-2009-1295

118. By Martin Pitt on 2008-10-23

debian/apport.default: Disable Apport by default for the final release.

117. By Martin Pitt on 2008-10-07

* backends/packaging-apt-dpkg.py, is_distro_package(): Fix crash if
  apt.Cache()[pkg].origins is None. (LP: #279353)
* bin/apport: Log that we are ignoring SIGABRT, since it is a common cause
  of confusion.
* test-apport, create_test_process(): Fix race condition: wait until the
  child process has fully execve()ed, to avoid coredumping it while it is
  still running as test-apport process.
* apport/crashdb_impl/launchpad.py, update(): Set source package of a bug if
  the reporter removed it and the task is against 'Ubuntu'. (LP: #269045)

116. By Martin Pitt on 2008-09-26

* Update AUTHORS and debian/copyright, Michael and Troy released their
  copyright to Canonical. Properly attribute them as authors in the
  respective files.
* debian/local/ubuntu-bug: Fix quoting of the command line arguments, so
  that several options do not end up as one big argument when being passed
  to apport-{cli,gtk,qt}. This also repairs launchpad-integration.
  (LP: #260242)

115. By Martin Pitt on 2008-09-18

[ Matt Zimmerman ]
* Add apport/hookutils.py with some convenience functions for writing hook
  scripts (work in progress)
* Extend ubuntu-bug to accept a path as an argument and look up the package
  name
* Rename kernel_hook to kernel_crashdump (there are other kernel hooks)
* Change kernel crash report type to KernelCrash
* Fix automatix.py to not crash when automatix isn't installed (LP: #267004)
* Add bin/kernel_oops hook to capture a kernel oops (eg. via kerneloops)

[ Martin Pitt ]
* Add AUTHORS file for collecting the list of major contributors and
  copyright holders.
* apport/report.py: If we do not find a bug pattern file for the binary
  package, fall back to looking for one with the source package name.
* run-tests: Provide a better error message if apport/packaging_impl.py does
  not exist.

[ Brian Murray ]
* apport/crashdb_impl/launchpad.py: Add regression-retracer tag to bugs
  which seem to be a regression (duplicate, and crash happens in a later
  version than the fix). (LP: #271876)

114. By Martin Pitt on 2008-09-04

[ Fabien Tassin ]
* apport/ui.py: Use preferred browser when it's recognized as a
  Mozilla browser (firefox, seamonkey, flock) or Epiphany (LP: #131350)

[ Oumar Aziz OUATTARA ]
* apport/crashdb.py: Add support for /etc/apport/crashdb.conf.d/*.conf crash
  database configuration files. Document it in doc/crashdb-conf.txt.
* apport/ui.py: Support a new field "CrashDB" in apport reports which select
  a non-default crash database. Document this in doc/package-hooks.txt.

[ Martin Pitt ]
* apport/report.py: If a hook crashes with an exception, print it to
  stderr, for easier debugging of hooks.
* apport/crashdb_impl/launchpad.py: If PackageArchitecture is 'all', fall
  back to looking at Architecture instead of not adding a
  needs-$ARCH-retrace tag at all. This prevented signal crashes originating
  from e. g. Python packages from being automatically retraced.

113. By Anthony Mercatante on 2008-08-28

apport-qt recommends update-notifier-kde instead of adept-notifier

112. By Martin Pitt on 2008-08-07

* apport/crashdb_impl/launchpad.py: Update attachment handling to current
  python-launchpad-bugs API, thanks Markus Korn!
* apport/ui.py: Use gnome-panel as indicator for a running GNOME session;
  'gnome-session' now calls itself x-session-manager, which isn't useful
  to tell apart session types.

111. By Martin Pitt on 2008-08-05

The "(Kernel) OOPS, I dumped it again!" release.

* apport/ui.py: Fix test_run_report_bug_unpackaged_pid() to work with the
  installed run-tests from the package as well.
* apport/crashdb_impl/launchpad.py: Ignore broken LP bug tasks instead of
  crashing on them.
* apport/report.py, add_proc_info(): Report the AppArmor or SELinux context
  in a new ProcAttrCurrent field, read from /proc/pid/attr/current.
  Document it in doc/data-format.tex. The field will not be added if the
  proc attribute cannot be read or isn't present. Thanks to Steve Beattie
  for the patch and the suggestion!
* debian/local/setup-apport-retracer: Switch to intrepid.
* debian/local/setup-apport-retracer: Fix installation of python-apt. Also
  install apt, to avoid library version mismatches to python-apt.
* debian/apport.default: Enable apport by default again, now that we have
  working retracers.
* apport/report.py, test_add_gdb_info_script(): Use bash, not dash as test
  program for core dumping; stack trace is awkwardly bad with dash, so that
  the test case cannot really work any more.
* Add package-hooks/source_linux.py: Package hook for collecting kernel
  related information. By Matt Zimmerman, thank you! (LP: #251441)
* debian/local/ubuntu-bug.1: Fix documentation of -p, it specifies the
  binary package name, not the source.
* apport/packaging.py: Add get_kernel_package() to return the actual Linux
  kernel package name; useful if the user reports a bug against just
  "linux". Implement it in backends/packaging-apt-dpkg.py.
* apport/ui.py: "Do what I mean" when filing a bug against "linux" and
  report it against the actual kernel package.
* debian/local/ubuntu-bug: If just one argument is given, infer -p/-P from
  the type of the argument.
* apport/ui.py: Drop the PackageArchitecture field for the uploaded report
  if it is equal to Architecture. Adapt apport/crashdb_impl/launchpad.py to
  fall back to Architecture, and mention the change in doc/data-format.tex.
* problem_report.py, write_mime(): Add new "skip_keys" argument to filter
  out keys. Add test cases.
* apport/crashdb_impl/launchpad.py: Do not write the "Date:" field on
  upload(), and fetch it from the bug metadata in download().
* apport/crashdb_impl/launchpad.py, download(): Support reading bugs with
  the "--- " separator instead of "ProblemType: ". Launchpad doesn't create
  bugs that way ATM, but at least we have the reading part implemented now.
* package-hooks/source_linux.py: Drop Uname, ProcVersion, and
  RunningKernelVersion fields, since they are all subsumed in the
  ProcVersionSignature field.
* apport/ui.py, run_report_bug(): Strip spaces from package argument.
* apport/ui.py, add_hooks_info(): Collect OS info first, then call the
  package hooks, so that the linux hook actually has a chance to delete the
  Uname field.
* bin/kernel_hook, test-hooks: Throw away the original kernel hook which
  we never used (and got superseded by the proper source_linux.py package
  hook now). Replace it with the new logic of looking for
  /var/crash/vmcore{,.log} and turning that into an apport report.
* debian/apport.init: Call kernel_hook if /var/crash/vmcore exists.
  (LP: #241322)
* apport/ui.py: Collect information for "ProblemType: Kernel" as well, so
  that we run the package hook. Adapt test suite to cover this.
* debian/control: Bump Standards-Version (no required changes).
* gtk/apport-gtk.glade, qt4/apport-qt: Generalize notification of kernel
  crash, since it now happens after a boot, not right after the BUG/OOPS.
  But in the future we want to cover both cases.

110. By Martin Pitt on 2008-05-17

* apport/chroot.py: In the test suite, copy some system binaries/libraries
  into a fakechroot and exercise a lot of standard shell commands (cp, ln
  -s, rm, rm -r, mkdir, echo, chmod, chown, etc.) with absolute/relative
  paths. This reproduces the total breakage of rm'ing, chmod'ing, and
  chown'ing absolute paths in hardy fakechroots.
* bin/crash-digger: Intercept exceptions when downloading crash reports for
  duplicate checking, so that the retracer does not crash on malformed bug
  reports. (LP: #205178)
* apport/packaging.py: Introduce a new function enabled() which reports
  whether Apport should create crash reports. Signal crashes are controlled
  by /proc/sys/kernel/core_pattern, but we need that to control whether
  reports for Python, package, or kernel crashes are generated.
* backends/packaging-apt-dpkg.py: Provide implementation for
  PackageInfo.enabled() for Debian/Ubuntu by evaluating /etc/default/apport.
  Add various test cases for different configuration files and absent files.
* apport_python_hook.py: Do not create reports if Apport is disabled (in
  /etc/default/apport). (LP: #222260)