UbuntuUpdates.org

Package "apt-transport-https"

Name: apt-transport-https

Description:

https download transport for APT

Latest version: 1.2.35
Release: xenial (16.04)
Level: updates
Repository: main
Head package: apt

Links


Download "apt-transport-https"


Other versions of "apt-transport-https" in Xenial

Repository Area Version
base main 1.2.10ubuntu1
security main 1.2.32ubuntu0.2

Changelog

Version: 1.2.35 2021-04-29 22:06:17 UTC

  apt (1.2.35) xenial; urgency=medium

  * Backport JSON hooks, version 0.2, to xenial (LP: #1926150). The JSON code
    files are identical to that of 2.3.2, only the integration and test cases
    needed minor adjustment to behave correctly, especially:
    - In private-install.cc, exit before showing the list of packages to
      upgrade/install/etc, in case an error is already set. This moves the
      behavior closer to bionic.
  * Backport zstd support for Launchpad zstd enablement (LP: #1926437)
  * Fix indendation of changelog message in 1.2.34 changelog.
  * Bug fixes needed for JSON hooks:
    - private-install: Handle existing errors before showing lists
    - Avoid duplicated error in `apt search`
  * Bug fixes affecting CI / autopkgtest only:
    - prepare-release: Ignore alternative build dependencies
    - tests: Do not expect requested-by if sudo was invoked by root
    - tests: Export TZ=UTC to work around test failures on non-UTC hosts
    - tests: avoid time-dependent rebuild of caches

 -- Julian Andres Klode <email address hidden> Wed, 28 Apr 2021 14:55:54 +0200

Source diff to previous version
1926150 [SRU] Backport JSON hooks 0.2
1926437 [SRU] Backport zstd support, fix bug in python-apt

Version: 1.2.32ubuntu0.2 2020-12-09 18:06:21 UTC

  apt (1.2.32ubuntu0.2) xenial-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:24:07 +0100

Source diff to previous version

Version: 1.2.32ubuntu0.1 2020-05-14 04:06:16 UTC

  apt (1.2.32ubuntu0.1) xenial-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810
  * Add .gitlab-ci.yml for CI testing on Salsa

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:42:53 +0200

Source diff to previous version
1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation

Version: 1.2.32 2019-06-06 13:08:47 UTC

  apt (1.2.32) xenial; urgency=medium

  * Add test case for local-only packages pinned to never
  * Prevent shutdown while running dpkg (LP: #1820886)
  * Add linux-{buildinfo,image-unsigned,source} versioned kernel pkgs
    (LP: #1821640)

 -- Julian Andres Klode <email address hidden> Tue, 07 May 2019 12:57:03 +0200

Source diff to previous version
1820886 Potential inconsistency due to system halt/reboot being allowed when package installation in progress
1821640 Missing pattern for linux-image-unsigned keeps autoremovable kernels on the system

Version: 1.2.31 2019-03-21 13:06:59 UTC

  apt (1.2.31) xenial; urgency=medium

  * Fix name of APT::Update::Post-Invoke-Stats (was ...Update-Post...)
  * apt.dirs: Install auth.conf.d directory (LP: #1818996)
  * Merge translations from 1.6.10 (via 1.4.y branch)

1818996 auth.conf.d directory missing



About   -   Send Feedback to @ubuntu_updates