diff -Nru apport-2.20.11/apport/hookutils.py apport-2.20.11/apport/hookutils.py --- apport-2.20.11/apport/hookutils.py 2021-08-26 16:29:45.000000000 +0200 +++ apport-2.20.11/apport/hookutils.py 2022-07-22 14:55:43.000000000 +0200 @@ -577,6 +577,8 @@ elif os.access('/var/log/syslog', os.R_OK): p = subprocess.Popen(['tail', '-n', '10000', '/var/log/syslog'], stdout=subprocess.PIPE) + else: + return '' return __filter_re_process(pattern, p) @@ -1008,9 +1010,10 @@ mismatches = [] if os.path.exists(location): attach_root_command_outputs(report, {'CasperMD5json': "cat '%s'" % location}) - check = json.loads(report['CasperMD5json']) - result = check['result'] - mismatches = check['checksum_missmatch'] + if 'CasperMD5json' in report: + check = json.loads(report['CasperMD5json']) + result = check['result'] + mismatches = check['checksum_missmatch'] report['CasperMD5CheckResult'] = result if mismatches: report['CasperMD5CheckMismatches'] = ' '.join(mismatches) diff -Nru apport-2.20.11/apport/report.py apport-2.20.11/apport/report.py --- apport-2.20.11/apport/report.py 2021-10-18 13:48:31.000000000 +0200 +++ apport-2.20.11/apport/report.py 2022-07-22 14:55:43.000000000 +0200 @@ -1650,7 +1650,7 @@ if not gdb_path: return '', '' command = [gdb_path] - environ = None + environ = {"HOME": "/nonexistent"} if not same_arch: # check if we have gdb-multiarch @@ -1680,10 +1680,10 @@ gdb_sandbox, native_multiarch, gdb_sandbox) pyhome = '%s/usr' % gdb_sandbox # env settings need to be modified for gdb in a sandbox - environ = {'LD_LIBRARY_PATH': ld_lib_path, - 'PYTHONHOME': pyhome, - 'GCONV_PATH': '%s/usr/lib/%s/gconv' % - (gdb_sandbox, native_multiarch)} + environ |= {'LD_LIBRARY_PATH': ld_lib_path, + 'PYTHONHOME': pyhome, + 'GCONV_PATH': '%s/usr/lib/%s/gconv' % + (gdb_sandbox, native_multiarch)} command.insert(0, '%s/lib/%s/ld-linux-x86-64.so.2' % (gdb_sandbox, native_multiarch)) command += ['--ex', 'set data-directory %s/usr/share/gdb' % diff -Nru apport-2.20.11/backends/packaging-apt-dpkg.py apport-2.20.11/backends/packaging-apt-dpkg.py --- apport-2.20.11/backends/packaging-apt-dpkg.py 2021-05-13 13:32:07.000000000 +0200 +++ apport-2.20.11/backends/packaging-apt-dpkg.py 2022-07-22 14:55:43.000000000 +0200 @@ -904,6 +904,7 @@ lp_cache[pkg] = ver else: obsolete += '%s version %s required, but %s is available\n' % (pkg, ver, cache_pkg.candidate.version) + ver = cache_pkg.candidate.version candidate = cache_pkg.candidate real_pkgs.add(pkg) diff -Nru apport-2.20.11/data/apport apport-2.20.11/data/apport --- apport-2.20.11/data/apport 2022-05-10 15:23:35.000000000 +0200 +++ apport-2.20.11/data/apport 2022-07-22 14:55:43.000000000 +0200 @@ -13,6 +13,7 @@ # option) any later version. See http://www.gnu.org/copyleft/gpl.html for # the full text of the license. +import contextlib import sys, os, os.path, subprocess, time, traceback, pwd, io import signal, inspect, grp, fcntl, socket, atexit, array, struct import errno, argparse, stat @@ -131,14 +132,15 @@ log = os.environ.get('APPORT_LOG_FILE', '/var/log/apport.log') try: f = os.open(log, os.O_WRONLY | os.O_CREAT | os.O_APPEND, 0o600) - try: - admgid = grp.getgrnam('adm')[2] - os.chown(log, -1, admgid) - os.chmod(log, 0o640) - except KeyError: - pass # if group adm doesn't exist, just leave it as root except OSError: # on a permission error, don't touch stderr return + + # if group adm doesn't exist, just leave it as root + with contextlib.suppress(KeyError, OSError): + admgid = grp.getgrnam('adm')[2] + os.chown(log, -1, admgid) + os.chmod(log, 0o640) + os.dup2(f, 1) os.dup2(f, 2) sys.stderr = os.fdopen(2, 'wb') @@ -179,7 +181,9 @@ signal.signal(signal.SIGBUS, _log_signal_handler) -def write_user_coredump(pid, timestamp, limit, from_report=None): +def write_user_coredump( + pid, timestamp, limit, coredump_fd=None, from_report=None +): '''Write the core into a directory if ulimit requests it.''' # three cases: @@ -230,8 +234,7 @@ error_log('writing core dump %s of size %i' % (core_name, core_size)) os.write(core_file, r['CoreDump']) else: - # read from stdin - block = os.read(0, 1048576) + block = os.read(coredump_fd, 1048576) while True: size = len(block) @@ -248,7 +251,7 @@ os.close(core_file) os.unlink(core_path, dir_fd=cwd) return - block = os.read(0, 1048576) + block = os.read(coredump_fd, 1048576) # Make sure the user can read it os.fchown(core_file, crash_uid, -1) @@ -460,7 +463,9 @@ ) if options.pid is None: - parser.print_usage() + parser.error( + "No process ID (PID) provided. Please specify PID with -p/--pid." + ) sys.exit(1) for arg in rest: @@ -485,6 +490,8 @@ # ################################################################# +init_error_log() + # systemd socket activation if 'LISTEN_FDS' in os.environ: try: @@ -530,8 +537,6 @@ options = parse_arguments() -init_error_log() - # Check if we received a valid global PID (kernel >= 3.12). If we do, # then compare it with the local PID. If they don't match, it's an # indication that the crash originated from another PID namespace. @@ -640,6 +645,7 @@ signum = options.signal_number core_ulimit = options.core_ulimit dump_mode = options.dump_mode + coredump_fd = sys.stdin.fileno() get_pid_info(pid) @@ -687,7 +693,7 @@ # ignore SIGQUIT (it's usually deliberately generated by users) if signum == str(int(signal.SIGQUIT)): - write_user_coredump(pid, process_start, core_ulimit) + write_user_coredump(pid, process_start, core_ulimit, coredump_fd) sys.exit(0) info = apport.Report('Crash') @@ -703,6 +709,8 @@ # etc). if options.executable_path is not None and os.path.exists(options.executable_path): info['ExecutablePath'] = options.executable_path + else: + info['ExecutablePath'] = os.readlink('exe', dir_fd=proc_pid_fd) # Drop privileges temporarily to make sure that we don't # include information in the crash report that the user should @@ -738,7 +746,7 @@ error_log('executable does not belong to a package, ignoring') # check if the user wants a core dump recover_privileges() - write_user_coredump(pid, process_start, core_ulimit) + write_user_coredump(pid, process_start, core_ulimit, coredump_fd) sys.exit(0) # ignore SIGXCPU and SIGXFSZ since this indicates some external @@ -746,7 +754,7 @@ if signum in [str(signal.SIGXCPU), str(signal.SIGXFSZ)]: error_log('Ignoring signal %s (caused by exceeding soft RLIMIT)' % signum) recover_privileges() - write_user_coredump(pid, process_start, core_ulimit) + write_user_coredump(pid, process_start, core_ulimit, coredump_fd) sys.exit(0) # ignore blacklisted binaries @@ -785,7 +793,9 @@ crash_counter = apport.fileutils.get_recent_crashes(f) crash_counter += 1 if crash_counter > 1: - write_user_coredump(pid, process_start, core_ulimit) + write_user_coredump( + pid, process_start, core_ulimit, coredump_fd + ) error_log('this executable already crashed %i times, ignoring' % crash_counter) sys.exit(0) # remove the old file, so that we can create the new one with @@ -793,7 +803,9 @@ os.unlink(report) else: error_log('apport: report %s already exists and unseen, skipping to avoid disk usage DoS' % report) - write_user_coredump(pid, process_start, core_ulimit) + write_user_coredump( + pid, process_start, core_ulimit, coredump_fd + ) sys.exit(0) # we prefer having a file mode of 0 while writing; fd = os.open(report, os.O_RDWR | os.O_CREAT | os.O_EXCL, 0) diff -Nru apport-2.20.11/data/general-hooks/generic.py apport-2.20.11/data/general-hooks/generic.py --- apport-2.20.11/data/general-hooks/generic.py 2019-12-04 21:25:28.000000000 +0100 +++ apport-2.20.11/data/general-hooks/generic.py 2022-07-22 14:55:43.000000000 +0200 @@ -31,7 +31,10 @@ treshold = 50 for mount in mounts: - st = os.statvfs(mount) + try: + st = os.statvfs(mount) + except FileNotFoundError: + continue free_mb = st.f_bavail * st.f_frsize / 1000000 if free_mb < treshold: diff -Nru apport-2.20.11/data/whoopsie-upload-all apport-2.20.11/data/whoopsie-upload-all --- apport-2.20.11/data/whoopsie-upload-all 2021-05-13 15:31:33.000000000 +0200 +++ apport-2.20.11/data/whoopsie-upload-all 2022-07-22 14:55:43.000000000 +0200 @@ -21,6 +21,7 @@ import argparse import fcntl import errno +import zlib import apport.fileutils import apport @@ -79,21 +80,26 @@ try: r.add_gdb_info() - except (IOError, EOFError, OSError) as e: - if hasattr(e, 'errno'): - # calling add_gdb_info raises ENOENT if the crash's executable - # is missing or gdb is not available but apport-retrace could - # still process it - if e.errno != errno.ENOENT: - sys.stderr.write('ERROR: processing %s: %s\n' % (report, str(e))) - if os.path.exists(report): - os.unlink(report) - return None + except (IOError, EOFError, OSError, zlib.error) as e: + # gzip.GzipFile.read can raise zlib.error. See LP bug #1947800 + + # Calling add_gdb_info raises ENOENT if the crash's executable + # is missing or gdb is not available, but apport-retrace could + # still process it. + if getattr(e, 'errno', None) != errno.ENOENT: + sys.stderr.write('ERROR: processing %s: %s\n' % (report, str(e))) + if os.path.exists(report): + os.unlink(report) + return None # write updated report, we use os.open and os.fdopen as # /proc/sys/fs/protected_regular is set to 1 (LP: #1848064) # make sure the file isn't a FIFO or symlink - fd = os.open(report, os.O_NOFOLLOW | os.O_WRONLY | os.O_APPEND | os.O_NONBLOCK) + try: + fd = os.open(report, os.O_NOFOLLOW | os.O_WRONLY | os.O_APPEND | os.O_NONBLOCK) + except FileNotFoundError: + # The crash report was deleted. Nothing left to do. + return None st = os.fstat(fd) if stat.S_ISREG(st.st_mode): with os.fdopen(fd, 'wb') as f: diff -Nru apport-2.20.11/debian/changelog apport-2.20.11/debian/changelog --- apport-2.20.11/debian/changelog 2022-05-10 15:23:35.000000000 +0200 +++ apport-2.20.11/debian/changelog 2022-07-22 14:55:43.000000000 +0200 @@ -1,3 +1,73 @@ +apport (2.20.11-0ubuntu27.25) focal; urgency=medium + + * Point Vcs-* URIs to git + * whoopsie-upload-all: + - Catch zlib.error when decoding CoreDump from crash file (LP: #1947800) + - Catch FileNotFoundError during process_report (LP: #1867204) + - Do not upload after EOFError/zlib.error + * Fix UnboundLocalError if syslog is not accessible + * general-hooks/generic.py: Fix FileNotFoundError if home does not exist + * data/apport: + - Fix log file writing if chown/chmod fails + - Initialize error log as first step + - Fix PermissionError for setuid programs inside container (LP: #1982487) + - Fix reading from stdin inside containers (LP: #1982555) + * Fix AttributeError: 'NoneType' object has no attribute 'write' + (LP: #1979211) + * Fix KeyError: 'CasperMD5json' + * Fix trying to find debug packages for non-existing version + * Run more test cases during package build + * Update test dependencies + * Mark autopkgtest with isolation-container restriction + * tests: + - Move to unittest's builtin "mock" module + - Make test_find_package_desktopfile deterministic + - Fix failure if kernel module isofs is not installed + - Set HOME to /nonexistent when calling gdb + - Ensure that as/gcc calls exit successfully + - Do not check recommended dependencies + - Rename test directory into tests (for tests.helper import) + - Introduce pidof helper function + - Skip UI test if kernel thread is not found + - Fix GTK UI tests if whoopsie.path is disabled + - Fix GTK UI race condition and reduce timeout again (LP: #1780767) + - Fix race in tests for run_report_bug() + - Fix race in test_crash_system_slice + - Fix check for not running test executable + - Mock add_gdb_info calls in KDE UI tests + - Generate test crash file for test_add_gdb_info_script directly + - Use _generate_sigsegv_report in test_add_gdb_info_abort + - Use shadow in *_different_binary_source + - Fix KDE UI tests if whoopsie.path is disabled + - Fix race with progress dialog in KDE UI tests + - Mock kernel package version in UI test + - Fix test_kerneloops_nodetails if kernel is not installed + - Drop obsolete test_nonwritable_cwd + - Fix report generation for non-readable exe + - Drop obsolete test_crash_setuid_nonwritable_cwd + - Drop useless tests for suid_dumpable=0 + - Drop useless tests for no core signals + - Drop broken test_crash_setuid_drop_and_kill + - Expect linux-signed on arm64/s390x as well + - Skip SegvAnalysis for non x86 architectures + - Use unlimited core ulimit for SIGQUIT test + - Drop using apt-helper + - Prevent pkexec call and spawning pkttyagent + - Fix race with progress window in GTK UI tests + - Use sleep instead of yes for tests + - Fix killing itself in test_unpackaged_script + - Fix test_add_gdb_info_script on armhf + - Fix wrong Ubuntu archive URI on ports + - Fix KeyError in test_install_packages_unversioned + - Upgrade APT tests to use Ubuntu 22.04 (jammy) + - Fix path of installed Java crash.jar + - Run UI KDE tests again + - Print stdout/stderr if GDB fails + - Print Apport log if reports was not created + - Fix expected paths in ExecutablePath + + -- Benjamin Drung Fri, 22 Jul 2022 14:55:43 +0200 + apport (2.20.11-0ubuntu27.24) focal-security; urgency=medium * SECURITY UPDATE: Fix multiple security issues diff -Nru apport-2.20.11/debian/control apport-2.20.11/debian/control --- apport-2.20.11/debian/control 2020-08-05 10:55:40.000000000 +0200 +++ apport-2.20.11/debian/control 2022-07-22 14:55:43.000000000 +0200 @@ -8,31 +8,44 @@ python3-gi, gir1.2-glib-2.0 (>= 1.29.17), lsb-release, - net-tools, + pkg-config, python3-all Build-Depends-Indep: python3-distutils-extra (>= 2.24~), python3-apt (>= 0.7.9), python3-requests-unixsocket, + binutils, + default-jdk-headless | java-sdk-headless, + dirmngr, dh-python, + gnome-icon-theme, + gpg, intltool, + iputils-ping, + kmod, + python3-dbus, + python3-launchpadlib, + python3-pyqt5, + python3-systemd, + ubuntu-dbgsym-keyring, + ubuntu-keyring, + valgrind, xvfb, - python3-mock, procps, psmisc, gir1.2-gtk-3.0 (>= 3.1.90), gir1.2-wnck-3.0, pycodestyle | pep8, pyflakes, - xterm, + ubuntu-dbgsym-keyring, + ubuntu-keyring, dbus-x11, gvfs-daemons, - libglib2.0-dev, libc6-dbg | libc-dbg, - default-jdk | java-sdk Maintainer: Ubuntu Developers Standards-Version: 3.9.8 X-Python3-Version: >= 3.0 -Vcs-Bzr: https://code.launchpad.net/~ubuntu-core-dev/ubuntu/focal/apport/ubuntu +Vcs-Browser: https://code.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport/+git/apport +Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/apport -b ubuntu/focal Homepage: https://wiki.ubuntu.com/Apport Package: apport diff -Nru apport-2.20.11/debian/rules apport-2.20.11/debian/rules --- apport-2.20.11/debian/rules 2019-12-04 21:25:28.000000000 +0100 +++ apport-2.20.11/debian/rules 2022-07-22 14:55:31.000000000 +0200 @@ -22,12 +22,8 @@ ifeq (, $(findstring nocheck, $(DEB_BUILD_OPTIONS))) # drop LD_PRELOAD to avoid running under fakeroot; drop TMPDIR to work # around LP#972324 (set by autopkgtest) - # run subset of tests that work on buildds, full tests are in - # autopkgtest - set -e; for t in apport_unpack apport_valgrind crashdb hooks packaging \ - parse_segv problem_report rethread; do \ - env -u LD_PRELOAD -u TMPDIR APPORT_TEST_NOXVFB=1 sh test/run $$t; \ - done + env -u LD_PRELOAD -u TMPDIR HOME=$$(mktemp -d -t home.XXXXXXXXXX) SKIP_ONLINE_TESTS=1 SKIP_SYSTEM_TESTS=1 sh tests/run + rm -rf /tmp/home.* endif override_dh_installinit: