This bug was fixed in the package apport - 2.20.1-0ubuntu2.22
---------------
apport (2.20.1-0ubuntu2.22) xenial-security; urgency=medium
[ Michael Hudson-Doyle ]
* SECURITY REGRESSION: fix autopkgtest failures since recent security
update (LP: #1854237)
- Fix regression in creating report for crashing setuid process by getting
kernel to tell us the executable path rather than reading
/proc/[pid]/exe.
- Fix deletion of partially written core files.
- Fix test_get_logind_session to use new API.
- Restore add_proc_info raising ValueError for a dead process.
- Delete test_lock_symlink, no longer applicable now that the lock is
created in a directory only root can write to.
[ Tiago Stürmer Daitx ]
* SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'
(LP: #1851806)
- apport/report.py, apport/ui.py: use file descriptors for /proc/pid
directory access only when running under python 3; prevent reading /proc
maps under python 2 as it does not provide a secure way to do so; use
io.open for better compatibility between python 2 and 3.
* data/apport: fix number of arguments passed through socks into a container.
* test/test_report.py: test login session with both pid and proc_pid_fd.
* test/test_apport_valgrind.py: skip test_sandbox_cache_options if system
has little memory.
* test/test_ui.py: modify run_crash_kernel test to account for the fact that
linux-image-$kvers-$flavor is now built from the linux-signed source
package on amd64 and ppc64el. (LP: #1766740)
-- Tiago Stürmer Daitx <tiago.da...@ubuntu.com> Thu, 27 Feb 2020
03:18:45 +0000
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1854237
Title:
autopkgtests fail after security fixes
Status in Apport:
New
Status in apport package in Ubuntu:
Fix Released
Status in apport source package in Xenial:
Fix Released
Status in apport source package in Bionic:
Fix Released
Status in apport source package in Disco:
New
Status in apport source package in Eoan:
Fix Released
Bug description:
The following autopkgtests fail after the recent security fixes:
log:FAIL: test_get_logind_session (__main__.T)
log:FAIL: test_core_dump_packaged (__main__.T)
log:FAIL: test_core_dump_unpackaged (__main__.T)
log:FAIL: test_crash_setuid_drop (__main__.T)
log:FAIL: test_crash_setuid_keep (__main__.T)
log:FAIL: test_crash_setuid_nonwritable_cwd (__main__.T)
log:FAIL: test_lock_symlink (__main__.T)
test_get_logind_session is a test failing to keep up with an API
change. test_core_dump_* is failures to remove partly written core
files. Both of these are easy fixes, I'll have a MP for them soon.
test_crash_setuid_* are caused by the dropping of privileges when
accessing the crashing process's /proc. They seem to be testing
behaviour now explicitly forbidden by the fix to be honest!
test_lock_symlink fails because the lock file is now always in
/var/lock/apport/ and not in $APPORT_REPORT_DIR. I guess we could
update the test, but is it really worth it after the fix?
To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1854237/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
