UbuntuUpdates.org

Package "apt-utils"

Name: apt-utils

Description:

package management related utility programs
Latest version: 2.8.3
Release: noble (24.04)
Level: proposed
Repository: main
Head package: apt

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "apt-utils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "apt-utils" in Noble

Repository Area Version
base main 2.7.14build2

Changelog

Version: 2.8.3 2025-03-29 00:07:01 UTC

  apt (2.8.3) noble; urgency=medium

  * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
    - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
    - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
    - Revert rsa1024 to warnings again
    This leaves the mechanisms in place and no longer warns about NIST curves.
  * Fix keeping back removals of obsolete packages; and return an error if
    ResolveByKeep() is unsuccessful (LP: #2078720)
  * Fix buffer overflow, stack overflow, exponential complexity in
    apt-ftparchive Contents generation (LP: #2083697)
    - ftparchive: Mystrdup: Add safety check and bump buffer size
    - ftparchive: contents: Avoid exponential complexity and overflows
    - test framework: Improve valgrind support
    - test: Check that apt-ftparchive handles deep paths
    - Workaround valgrind "invalid read" in ExtractTar::Go by moving large
      buffer from stack to heap. The large buffer triggered some bugs in
      valgrind stack clash protection handling.
2073126 More nuanced public key algorithm revocation
2083697 distribution-gpg-keys-copr crashes Launchpad/apt-ftparchive

Version: *DELETED* 2024-12-15 00:06:52 UTC
No changelog for deleted or moved packages.

Version: 2.8.2 2024-08-14 13:07:08 UTC

  apt (2.8.2) noble; urgency=medium

  * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
    (follow-up for LP: #2073126)
Source diff to previous version
2073126 More nuanced public key algorithm revocation

Version: 2.8.1 2024-08-02 15:07:04 UTC

  apt (2.8.1) noble; urgency=medium

  * Only revoke weak RSA keys for now, add 'next' and 'future' levels
    (backported from 2.9.7)
    Note that the changes to warn about keys not matching the future level
    in the --audit level are not fully included, as the --audit feature
    has not yet been backported. (LP: #2073126)
  * Introduce further mitigation on upgrades from 2.7.x to allow these
    systems to continue using rsa1024 repositories with warnings
    until the 24.04.2 point release (LP: #2073126)
Source diff to previous version
2073126 More nuanced public key algorithm revocation

Version: 2.8.0 2024-04-30 00:06:57 UTC

  apt (2.8.0) noble; urgency=medium

  [ Julian Andres Klode ]
  * Revert "Temporarily downgrade key assertions to "soon worthless""
    We temporarily downgraded the errors to warnings to give the
    launchpad PPAs time to be fixed, but warnings are not safe:
    Untrusted keys could be hiding on your system, but just not
    used at the moment. Hence revert this so we get the errors we
    want. (LP: #2060721)
  * Branch off the stable 2.8.y branch for noble:
    - CI: Test in ubuntu:noble images for 2.8.y
    - debian/gbp.conf: Point at the 2.8.y branch

  [ David Kalnischkies ]
  * Test suite fixes:
    - Avoid subshell hiding failure report from testfilestats
    - Ignore umask of leftover diff_Index in failed pdiff test
  * Documentation translation fixes:
    - Fix and unfuzzy previous VCG/Graphviz URI change

 -- Julian Andres Klode <email address hidden> Tue, 16 Apr 2024 16:59:14 +0200
2060721 APT 2.8.0: Promote weak key warnings to errors


About   -   Send Feedback to @ubuntu_updates