UbuntuUpdates.org

Package "apt"

Name: apt

Description:

commandline package manager

Latest version: 1.6.17
Release: bionic (18.04)
Level: updates
Repository: main

Links


Download "apt"


Other versions of "apt" in Bionic

Repository Area Version
base main 1.6.1
base universe 1.6.1
security main 1.6.12ubuntu0.2
security universe 1.6.12ubuntu0.2
updates universe 1.6.17

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.6.17 2023-04-12 09:07:02 UTC

  apt (1.6.17) bionic; urgency=medium

  * Bump cache minor version for kernel collection.
    The previous update introduced the new kernel autoremoval code which
    collects kernels in the cache as providers of a $kernel package.
    We need to bump the cache minor version for this as otherwise the
    $kernel package might not exist and all kernels end up autoremovable
    until a package got installed or sources updated.

Source diff to previous version

Version: 1.6.14 2021-07-02 00:06:24 UTC

  apt (1.6.14) bionic; urgency=medium

  * RunScripts: Do not reset SIGQUIT and SIGINT to SIG_DFL (LP: #1898026)
  * Fix downloads of unsized files that are largest in pipeline (LP: #1921626),
    and warn about packages without size (option Acquire::AllowUnsizedPackages)
  * JSON hooks 0.2 and assorted JSON bugfixes (LP: #1926150)
    - encoder fixes:
      + json: Escape strings using \u escape sequences, add test
      + json: Actually pop states
      + json: Encode NULL strings as null
    - json: Flush standard file descriptors before calling hooks
      (this avoids output from hooks in middle of apt output)
    - Minor fixes to include and C++ namespaces
    - non-code changes:
      + test/json: Make the test hook more reliable
      + Fix a typo in json-hooks-protocol.md (thanks to Brian Murray)
    - semantic changes (new fields, hooks, and protocol 0.2):
      + json: Add origins fields to version
      + upgrade: Add JSON hook support (AptCli::Hooks::Upgrade)
      + json: Add `package-list` and `statistics` install hooks
      + json: Hook protocol 0.2 (added upgrade,downgrade,reinstall modes)
    + Fix a typo in json-hooks-protocol.md (thanks to Brian Murray)
  * Avoid infinite loop on EOF on media change prompt (LP: #1928687)

 -- Julian Andres Klode <email address hidden> Tue, 15 Jun 2021 16:12:38 +0200

Source diff to previous version
1921626 size mismatch error if request of unknown size is larger than others
1926150 [SRU] Backport JSON hooks 0.2
1928687 Avoid infinite loop on EOF on media change prompt

Version: 1.6.13 2021-04-07 04:06:47 UTC

  apt (1.6.13) bionic; urgency=medium

  [ David Kalnischkies ]
  * Fix incorrect base64 encoding due to int promotion (LP: #1916050)
  * Harden test for no new acquires after transaction abort (Closes: #984966)
    (LP: #1918920)

  [ Julian Andres Klode ]
  * Implement update --error-on=any (Closes: #594813) (LP: #1693900)
  * Include all translations when building the cache (LP: #1907850)
  * Add basic support for the Protected field
  * Do not require force-loopbreak on Important packages
    (Closes: #983014) (LP: #1916725)
  * Protect currently running kernel at run-time (LP: #1615381)
  * Make ADDARG{,C}() macros expand to single statements
  * Improve immediate configuration handling (LP: #1871268)
    - Do not immediately configure m-a: same packages in lockstep
    - Ignore failures from immediate configuration. This does not change the
      actual installation ordering - we never passed the return code to the
      caller and installation went underway anyway if it could be ordered at a
      later stage, this just removes spurious after-the-fact errors.
      (Closes: #973305, #188161, #211075, #649588)
  * Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566)
    (LP: #1918907)

  [ Balint Reczey ]
  * Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its --help
    (LP: #1806076)

 -- Julian Andres Klode <email address hidden> Fri, 12 Mar 2021 14:09:15 +0100

Source diff to previous version
1916050 Invalid base64 for high-bit characters
1918920 Harden test for no new acquires after transaction abort
1693900 apt-get update should return exit code != 0 on error
1907850 Cache not generated for all translations
1916725 Protected/Important packages are not deconfigured, require Force-LoopBreak
1615381 apt-get autoremove may remove current kernel
1871268 Installation fails due to useless immediate configuration error when \
1918907 Default Acquire::AllowReleaseInfoChange::Suite to \
1806076 unattended-upgrade --help raises UnicodeEncodeError when stdout encoding is ascii
984966 apt: flaky armhf autopkgtest: File has unexpected size (27 != 39). Mirror sync in progress?
594813 apt: ListUpdate does return True in the case of network errors
983014 manpages-de: Fails to upgrade from 4.2.0-1 to 4.9.1-5: This installation run will require temporarily removing the essential package manpages-de:amd6
973305 apt-get throws error when run with --simulate and APT::Immediate-Configure set to "false"
931566 Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")

Version: 1.6.12ubuntu0.2 2020-12-09 18:06:24 UTC

  apt (1.6.12ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:13:36 +0100

Source diff to previous version

Version: 1.6.12ubuntu0.1 2020-05-14 04:06:18 UTC

  apt (1.6.12ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:03:44 +0200

1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation



About   -   Send Feedback to @ubuntu_updates