apport (2.20.1-0ubuntu2.4) xenial-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806
  * SECURITY UPDATE: path traversal vulnerability with hooks execution
    - Clean path in apport/report.py, added test to test/test_ui.py.
    - No CVE number
    - LP: #1648806

  [ Steve Beattie ]
  * SECURITY UPDATE: code execution via malicious crash files
    - Only offer restarting the application when processing a
      crash file in /var/crash in apport/ui.py, gtk/apport-gtk,
      and kde/apport-kde. Add testcases to test/test_ui.py,
      test/test_ui_gtk.py, and test_ui_kde.py.
    - No CVE number
    - LP: #1648806

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 12 Dec 2016 07:26:36 -0500

apport (2.20.1-0ubuntu2.2) xenial; urgency=medium

  [ Martin Pitt ]
  * hookutils, attach_root_command_outputs(): Return str again, like before
    2.15.2. (LP: #1446537)

 -- Brian Murray <brian@ubuntu.com>  Tue, 29 Nov 2016 10:17:51 -0800

apport (2.20.1-0ubuntu2.1) xenial-proposed; urgency=medium

  * data/general-hooks/ubuntu.py: Fix stacktrace when parsing
    DpkgTerminalLog.txt. (LP: #1548421)
  * data/general-hooks/ubuntu.py: Restore starting package problem duplicate
    signatures with the word package, the package name, and its version.
    (LP: #1581682)

 -- Brian Murray <brian@ubuntu.com>  Mon, 16 May 2016 15:02:01 -0700

apport (2.20.1-0ubuntu2) xenial; urgency=medium

   * Merge fixes from trunk:
     - problem_report.py: Make assertion of invalid key names more verbose.
     - hookutils.py: Fix generation of valid report key names from arbitrary
       paths in attach_file() and related functions. This will now replace all
       invalid characters with dots, not just a few known invalid ones.
       (LP: #1566975)
     - problem_report.py: Instead of AssertionError, raise a ValueError for
       invalid key names and TypeError for invalid kinds of values. Thanks
       Barry Warsaw.
  * Disable Launchpad crash upload for final Ubuntu 16.04.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 13 Apr 2016 23:53:46 +0200

apport (2.20.1-0ubuntu1) xenial; urgency=medium

  * New upstream release. Changes since our previous snapshot:
    - crash-digger: Untag bugs which cannot be retraced instead of stopping
      crash-digger. This led to too many pointless manual restarts on broken bug
      reports.
    * Disambiguate overly generic Python exceptions in duplicate signature
      computation: dbus-glib's DBusException wraps a "real" server-side
      exception, so add the class of that to disambiguate different crashes;
      for OSError that is not a known subclass like FileNotFoundError, add the
      errno. (LP: #989819)

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 31 Mar 2016 16:16:37 +0200

apport (2.20-0ubuntu3) xenial; urgency=medium

  * Relax report.test_add_gdb_info gdb warning check, as this changed with gdb
    7.10.90.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 16 Feb 2016 08:41:10 +0100

apport (2.20-0ubuntu2) xenial; urgency=medium

  * Fix signal_crashes.test_modify_after_start test when running as root.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 15 Feb 2016 11:49:56 +0100

apport (2.20-0ubuntu1) xenial; urgency=medium

  * New upstream release.
    - Reimplement forwarding crashes into a container, via activating the new
      apport-forward.socket in the container and handing over the core dump
      fd.  This is a much safer way than the original implementation with
      nsexec.  Thanks Stéphane Graber! (LP: #1445064)
  * Drop long-obsolete sysv-rc dependency.
  * Add python3-systemd recommendation to apport, to make crash report
    generation work in containers.
  * Install new systemd units into apport package.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Sun, 14 Feb 2016 13:41:36 +0100

apport (2.19.4-0ubuntu2) xenial; urgency=medium

  * debian/apport.upstart: Call systemd-detect-virt instead of the
    Ubuntu specific running-in-container wrapper. (LP: #1539016)

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 28 Jan 2016 14:58:06 +0100

apport (2.19.4-0ubuntu1) xenial; urgency=medium

  * New upstream bug fix release:
    - Fix fileutils.test_find_package_desktopfile test for symlinks and other
      unowned files in /usr/share/applications/.
    - Fix ui.test_run_crash_anonymity test case to not fail if the base64
      encoded core dump happens to contain the user name, as that's just by
      chance.  - Fix test_hooks.py for unreleased gcc versions which have a
      different --version format.
    - hookutils.py, attach_hardware(): Stop attaching /var/log/udev. This was
      an upstart-ism, mostly redundant with the udev db and is not being
      written under systemd. (LP: #1537211)
  * etc/apport/crashdb.conf: Enable crash reports on Launchpad for xenial.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Tue, 26 Jan 2016 15:37:44 +0100

# For older changelog entries, run 'apt-get changelog python-problem-report'