Package "python3-apport"

  apport (2.20.11-0ubuntu27.25) focal; urgency=medium

  * Point Vcs-* URIs to git
  * whoopsie-upload-all: Catch FileNotFoundError during process_report
    (LP: #1867204)
  * Grab a slice of JournalErrors around the crash time (LP: #1962454)
  * data/apport:
    - Initialize error log as first step (LP: #1989467)
    - Fix PermissionError for setuid programs inside container (LP: #1982487)
    - Fix reading from stdin inside containers (LP: #1982555)
  * Fix autopkgtest test case failures (LP: #1989467):
    - Mark autopkgtest with isolation-container restriction
    - Fix failure if kernel module isofs is not installed
    - Do not check recommended dependencies
    - Skip UI test if kernel thread is not found
    - Fix race in test_crash_system_slice
    - Fix check for not running test executable
    - Use shadow in *_different_binary_source
    - Mock kernel package version in UI test
    - Fix test_kerneloops_nodetails if kernel is not installed
    - Drop broken test_crash_setuid_drop_and_kill
    - Expect linux-signed on arm64/s390x as well
    - Skip SegvAnalysis for non x86 architectures
    - Use unlimited core ulimit for SIGQUIT test
    - Fix race with progress window in GTK UI tests
    - Use sleep instead of yes for tests
    - Fix test_add_gdb_info_script on armhf
    - Fix wrong Ubuntu archive URI on ports
    - Fix KeyError in test_install_packages_unversioned
    - Depend on python3-systemd for container tests
    - Depend on psmisc for killall binary
    - Replace missing oxideqt-codecs
    - Drop broken test_install_packages_from_launchpad
    - Fix test_install_packages_permanent_sandbox* for s390x

 -- Benjamin Drung <email address hidden> Thu, 15 Sep 2022 14:43:39 +0200

  apport (2.20.11-0ubuntu27.24) focal-security; urgency=medium

  * SECURITY UPDATE: Fix multiple security issues
    - test/test_report.py: Fix flaky test.
    - data/apport: Fix too many arguments for error_log().
    - data/apport: Use proper argument variable name executable_path.
    - etc/init.d/apport: Set core_pipe_limit to a non-zero value to make
      sure the kernel waits for apport to finish before removing the /proc
      information.
    - apport/fileutils.py, data/apport: Search for executable name if one
      wan't provided such as when being called in a container.
    - data/apport: Limit memory and duration of gdbus call. (CVE-2022-28654,
      CVE-2022-28656)
    - data/apport, apport/fileutils.py, test/test_fileutils.py: Validate
      D-Bus socket location. (CVE-2022-28655)
    - apport/fileutils.py, test/test_fileutils.py: Turn off interpolation
      in get_config() to prevent DoS attacks. (CVE-2022-28652)
    - Refactor duplicate code into search_map() function.
    - Switch from chroot to container to validating socket owner.
      (CVE-2022-1242, CVE-2022-28657)
    - data/apport: Clarify error message.
    - apport/fileutils.py: Fix typo in comment.
    - apport/fileutils.py: Do not call str in loop.
    - data/apport, etc/init.d/apport: Switch to using non-positional
      arguments. Get real UID and GID from the kernel and make sure they
      match the process. Also fix executable name space handling in
      argument parsing. (CVE-2022-28658, CVE-2021-3899)

 -- Marc Deslauriers <email address hidden> Tue, 10 May 2022 09:23:35 -0400

  apport (2.20.11-0ubuntu27.23) focal; urgency=medium

  * Fix expanded symlinks from the previous build

  apport (2.20.11-0ubuntu27.21) focal-security; urgency=medium

  * SECURITY UPDATE: Privilege escalation via core files
    - refactor privilege dropping and create core files in a well-known
      directory in apport/fileutils.py, apport/report.py, data/apport,
      test/test_fileutils.py, test/test_report.py,
      test/test_signal_crashes.py, test/test_ui.py.
    - use systemd-tmpfiles to create and manage the well-known core file
      directory in setup.py, data/systemd/apport.conf,
      debian/apport.install.

 -- Marc Deslauriers <email address hidden> Mon, 18 Oct 2021 07:48:31 -0400

  apport (2.20.11-0ubuntu27.20) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file read (LP: #1934308)
    - data/general-hooks/ubuntu.py: don't attempt to include emacs
      byte-compilation logs, they haven't been generated by the emacs
      packages in a long time.
    - CVE-2021-3709
  * SECURITY UPDATE: Info disclosure via path traversal (LP: #1933832)
    - apport/hookutils.py, test/test_hookutils.py: detect path traversal
      attacks, and directory symlinks.
    - CVE-2021-3710

 -- Marc Deslauriers <email address hidden> Thu, 26 Aug 2021 10:30:01 -0400