apport (2.20.1-0ubuntu2.5) xenial; urgency=medium * apport-gtk: Specify module version with GI imports to avoid warnings. Thanks Anatoly Techtonik. (LP: #1502173) -- Brian Murray Tue, 03 Jan 2017 15:31:33 -0800 apport (2.20.1-0ubuntu2.4) xenial-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: code execution via malicious crash files - Use ast.literal_eval in apport/ui.py, added test to test/test_ui.py. - No CVE number - LP: #1648806 * SECURITY UPDATE: path traversal vulnerability with hooks execution - Clean path in apport/report.py, added test to test/test_ui.py. - No CVE number - LP: #1648806 [ Steve Beattie ] * SECURITY UPDATE: code execution via malicious crash files - Only offer restarting the application when processing a crash file in /var/crash in apport/ui.py, gtk/apport-gtk, and kde/apport-kde. Add testcases to test/test_ui.py, test/test_ui_gtk.py, and test_ui_kde.py. - No CVE number - LP: #1648806 -- Marc Deslauriers Mon, 12 Dec 2016 07:26:36 -0500 apport (2.20.1-0ubuntu2.2) xenial; urgency=medium [ Martin Pitt ] * hookutils, attach_root_command_outputs(): Return str again, like before 2.15.2. (LP: #1446537) -- Brian Murray Tue, 29 Nov 2016 10:17:51 -0800 apport (2.20.1-0ubuntu2.1) xenial-proposed; urgency=medium * data/general-hooks/ubuntu.py: Fix stacktrace when parsing DpkgTerminalLog.txt. (LP: #1548421) * data/general-hooks/ubuntu.py: Restore starting package problem duplicate signatures with the word package, the package name, and its version. (LP: #1581682) -- Brian Murray Mon, 16 May 2016 15:02:01 -0700 apport (2.20.1-0ubuntu2) xenial; urgency=medium * Merge fixes from trunk: - problem_report.py: Make assertion of invalid key names more verbose. - hookutils.py: Fix generation of valid report key names from arbitrary paths in attach_file() and related functions. This will now replace all invalid characters with dots, not just a few known invalid ones. (LP: #1566975) - problem_report.py: Instead of AssertionError, raise a ValueError for invalid key names and TypeError for invalid kinds of values. Thanks Barry Warsaw. * Disable Launchpad crash upload for final Ubuntu 16.04. -- Martin Pitt Wed, 13 Apr 2016 23:53:46 +0200 apport (2.20.1-0ubuntu1) xenial; urgency=medium * New upstream release. Changes since our previous snapshot: - crash-digger: Untag bugs which cannot be retraced instead of stopping crash-digger. This led to too many pointless manual restarts on broken bug reports. * Disambiguate overly generic Python exceptions in duplicate signature computation: dbus-glib's DBusException wraps a "real" server-side exception, so add the class of that to disambiguate different crashes; for OSError that is not a known subclass like FileNotFoundError, add the errno. (LP: #989819) -- Martin Pitt Thu, 31 Mar 2016 16:16:37 +0200 apport (2.20-0ubuntu3) xenial; urgency=medium * Relax report.test_add_gdb_info gdb warning check, as this changed with gdb 7.10.90. -- Martin Pitt Tue, 16 Feb 2016 08:41:10 +0100 apport (2.20-0ubuntu2) xenial; urgency=medium * Fix signal_crashes.test_modify_after_start test when running as root. -- Martin Pitt Mon, 15 Feb 2016 11:49:56 +0100 apport (2.20-0ubuntu1) xenial; urgency=medium * New upstream release. - Reimplement forwarding crashes into a container, via activating the new apport-forward.socket in the container and handing over the core dump fd. This is a much safer way than the original implementation with nsexec. Thanks Stéphane Graber! (LP: #1445064) * Drop long-obsolete sysv-rc dependency. * Add python3-systemd recommendation to apport, to make crash report generation work in containers. * Install new systemd units into apport package. -- Martin Pitt Sun, 14 Feb 2016 13:41:36 +0100 apport (2.19.4-0ubuntu2) xenial; urgency=medium * debian/apport.upstart: Call systemd-detect-virt instead of the Ubuntu specific running-in-container wrapper. (LP: #1539016) -- Martin Pitt Thu, 28 Jan 2016 14:58:06 +0100 # For older changelog entries, run 'apt-get changelog python-problem-report'