UbuntuUpdates.org

Package "apt"

Name: apt

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • transitional package for https support
Latest version: 2.8.3
Release: noble (24.04)
Level: proposed
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "apt" in Noble

Repository Area Version
base universe 2.7.14build2
base main 2.7.14build2
proposed main 2.8.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.8.3 2025-03-29 00:07:02 UTC

  apt (2.8.3) noble; urgency=medium

  * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
    - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
    - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
    - Revert rsa1024 to warnings again
    This leaves the mechanisms in place and no longer warns about NIST curves.
  * Fix keeping back removals of obsolete packages; and return an error if
    ResolveByKeep() is unsuccessful (LP: #2078720)
  * Fix buffer overflow, stack overflow, exponential complexity in
    apt-ftparchive Contents generation (LP: #2083697)
    - ftparchive: Mystrdup: Add safety check and bump buffer size
    - ftparchive: contents: Avoid exponential complexity and overflows
    - test framework: Improve valgrind support
    - test: Check that apt-ftparchive handles deep paths
    - Workaround valgrind "invalid read" in ExtractTar::Go by moving large
      buffer from stack to heap. The large buffer triggered some bugs in
      valgrind stack clash protection handling.
2073126 More nuanced public key algorithm revocation
2083697 distribution-gpg-keys-copr crashes Launchpad/apt-ftparchive

Version: *DELETED* 2024-12-13 18:07:01 UTC
No changelog for deleted or moved packages.

Version: 2.8.2 2024-08-14 13:07:09 UTC

  apt (2.8.2) noble; urgency=medium

  * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
    (follow-up for LP: #2073126)
Source diff to previous version
2073126 More nuanced public key algorithm revocation

Version: 2.8.1 2024-08-02 15:07:05 UTC

  apt (2.8.1) noble; urgency=medium

  * Only revoke weak RSA keys for now, add 'next' and 'future' levels
    (backported from 2.9.7)
    Note that the changes to warn about keys not matching the future level
    in the --audit level are not fully included, as the --audit feature
    has not yet been backported. (LP: #2073126)
  * Introduce further mitigation on upgrades from 2.7.x to allow these
    systems to continue using rsa1024 repositories with warnings
    until the 24.04.2 point release (LP: #2073126)
Source diff to previous version
2073126 More nuanced public key algorithm revocation

Version: 2.8.0 2024-04-30 00:06:58 UTC

  apt (2.8.0) noble; urgency=medium

  [ Julian Andres Klode ]
  * Revert "Temporarily downgrade key assertions to "soon worthless""
    We temporarily downgraded the errors to warnings to give the
    launchpad PPAs time to be fixed, but warnings are not safe:
    Untrusted keys could be hiding on your system, but just not
    used at the moment. Hence revert this so we get the errors we
    want. (LP: #2060721)
  * Branch off the stable 2.8.y branch for noble:
    - CI: Test in ubuntu:noble images for 2.8.y
    - debian/gbp.conf: Point at the 2.8.y branch

  [ David Kalnischkies ]
  * Test suite fixes:
    - Avoid subshell hiding failure report from testfilestats
    - Ignore umask of leftover diff_Index in failed pdiff test
  * Documentation translation fixes:
    - Fix and unfuzzy previous VCG/Graphviz URI change

 -- Julian Andres Klode <email address hidden> Tue, 16 Apr 2024 16:59:14 +0200
2060721 APT 2.8.0: Promote weak key warnings to errors


About   -   Send Feedback to @ubuntu_updates