group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1854237] Re: autopkgtests fail after security fixes

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1854237@xxxxxxxxxxxxxxxxxx>
Date: Wed, 18 Mar 2020 01:42:15 -0000
Reply-to: Bug 1854237 <1854237@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package apport - 2.20.9-0ubuntu7.12

---------------
apport (2.20.9-0ubuntu7.12) bionic-security; urgency=medium

  [ Michael Hudson-Doyle ]
  * SECURITY REGRESSION: fix autopkgtest failures since recent security
    update (LP: #1854237)
    - Fix regression in creating report for crashing setuid process by getting
      kernel to tell us the executable path rather than reading
      /proc/[pid]/exe.
    - Fix deletion of partially written core files.
    - Fix test_get_logind_session to use new API.
    - Restore add_proc_info raising ValueError for a dead process.
    - Delete test_lock_symlink, no longer applicable now that the lock is
      created in a directory only root can write to.

  [ Tiago Stürmer Daitx ]
  * SECURITY REGRESSION: 'module' object has no attribute 'O_PATH'
    (LP: #1851806)
    - apport/report.py, apport/ui.py: use file descriptors for /proc/pid
      directory access only when running under python 3; prevent reading /proc
      maps under python 2 as it does not provide a secure way to do so; use
      io.open for better compatibility between python 2 and 3.
  * data/apport: fix number of arguments passed through socks into a container.
  * test/test_apport_valgrind.py: skip test_sandbox_cache_options if system
    has little memory.
  * test/test_report.py: test login session with both pid and proc_pid_fd.

 -- Tiago Stürmer Daitx <tiago.daitx@xxxxxxxxxx>  Thu, 27 Feb 2020
03:18:45 +0000

** Changed in: apport (Ubuntu Bionic)
       Status: New => Fix Released

** Changed in: apport (Ubuntu Xenial)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1854237

Title:
  autopkgtests fail after security fixes

Status in Apport:
  New
Status in apport package in Ubuntu:
  Fix Released
Status in apport source package in Xenial:
  Fix Released
Status in apport source package in Bionic:
  Fix Released
Status in apport source package in Disco:
  New
Status in apport source package in Eoan:
  Fix Released

Bug description:
  The following autopkgtests fail after the recent security fixes:

  log:FAIL: test_get_logind_session (__main__.T)
  log:FAIL: test_core_dump_packaged (__main__.T)
  log:FAIL: test_core_dump_unpackaged (__main__.T)
  log:FAIL: test_crash_setuid_drop (__main__.T)
  log:FAIL: test_crash_setuid_keep (__main__.T)
  log:FAIL: test_crash_setuid_nonwritable_cwd (__main__.T)
  log:FAIL: test_lock_symlink (__main__.T)

  test_get_logind_session is a test failing to keep up with an API
  change. test_core_dump_* is failures to remove partly written core
  files. Both of these are easy fixes, I'll have a MP for them soon.

  test_crash_setuid_* are caused by the dropping of privileges when
  accessing the crashing process's /proc. They seem to be testing
  behaviour now explicitly forbidden by the fix to be honest!

  test_lock_symlink fails because the lock file is now always in
  /var/lock/apport/ and not in $APPORT_REPORT_DIR. I guess we could
  update the test, but is it really worth it after the fix?

To manage notifications about this bug go to:
https://bugs.launchpad.net/apport/+bug/1854237/+subscriptions