[ubuntu/noble-proposed] apt 2.8.3 (Accepted)

Julian Andres Klode juliank at ubuntu.com
Fri Mar 28 20:40:40 UTC 2025 

apt (2.8.3) noble; urgency=medium

  * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
    - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
    - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
    - Revert rsa1024 to warnings again
    This leaves the mechanisms in place and no longer warns about NIST curves.
  * Fix keeping back removals of obsolete packages; and return an error if
    ResolveByKeep() is unsuccessful (LP: #2078720)
  * Fix buffer overflow, stack overflow, exponential complexity in
    apt-ftparchive Contents generation (LP: #2083697)
    - ftparchive: Mystrdup: Add safety check and bump buffer size
    - ftparchive: contents: Avoid exponential complexity and overflows
    - test framework: Improve valgrind support
    - test: Check that apt-ftparchive handles deep paths
    - Workaround valgrind "invalid read" in ExtractTar::Go by moving large
      buffer from stack to heap. The large buffer triggered some bugs in
      valgrind stack clash protection handling.

apt (2.8.2) noble; urgency=medium

  * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
    (follow-up for LP: #2073126)

apt (2.8.1) noble; urgency=medium

  * Only revoke weak RSA keys for now, add 'next' and 'future' levels
    (backported from 2.9.7)
    Note that the changes to warn about keys not matching the future level
    in the --audit level are not fully included, as the --audit feature
    has not yet been backported. (LP: #2073126)
  * Introduce further mitigation on upgrades from 2.7.x to allow these
    systems to continue using rsa1024 repositories with warnings
    until the 24.04.2 point release (LP: #2073126)

apt (2.8.0) noble; urgency=medium

  [ Julian Andres Klode ]
  * Revert "Temporarily downgrade key assertions to "soon worthless""
    We temporarily downgraded the errors to warnings to give the
    launchpad PPAs time to be fixed, but warnings are not safe:
    Untrusted keys could be hiding on your system, but just not
    used at the moment. Hence revert this so we get the errors we
    want. (LP: #2060721)
  * Branch off the stable 2.8.y branch for noble:
    - CI: Test in ubuntu:noble images for 2.8.y
    - debian/gbp.conf: Point at the 2.8.y branch

  [ David Kalnischkies ]
  * Test suite fixes:
    - Avoid subshell hiding failure report from testfilestats
    - Ignore umask of leftover diff_Index in failed pdiff test
  * Documentation translation fixes:
    - Fix and unfuzzy previous VCG/Graphviz URI change

Date: Tue, 22 Oct 2024 15:02:22 +0200
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Maintainer: APT Development Team <deity at lists.debian.org>
https://launchpad.net/ubuntu/+source/apt/2.8.3
-------------- next part --------------
Format: 1.8
Date: Tue, 22 Oct 2024 15:02:22 +0200
Source: apt
Built-For-Profiles: noudeb
Architecture: source
Version: 2.8.3
Distribution: noble
Urgency: medium
Maintainer: APT Development Team <deity at lists.debian.org>
Changed-By: Julian Andres Klode <juliank at ubuntu.com>
Launchpad-Bugs-Fixed: 2060721 2073126 2078720 2083697
Changes:
 apt (2.8.3) noble; urgency=medium
 .
   * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
     - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
     - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
     - Revert rsa1024 to warnings again
     This leaves the mechanisms in place and no longer warns about NIST curves.
   * Fix keeping back removals of obsolete packages; and return an error if
     ResolveByKeep() is unsuccessful (LP: #2078720)
   * Fix buffer overflow, stack overflow, exponential complexity in
     apt-ftparchive Contents generation (LP: #2083697)
     - ftparchive: Mystrdup: Add safety check and bump buffer size
     - ftparchive: contents: Avoid exponential complexity and overflows
     - test framework: Improve valgrind support
     - test: Check that apt-ftparchive handles deep paths
     - Workaround valgrind "invalid read" in ExtractTar::Go by moving large
       buffer from stack to heap. The large buffer triggered some bugs in
       valgrind stack clash protection handling.
 .
 apt (2.8.2) noble; urgency=medium
 .
   * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
     (follow-up for LP: #2073126)
 .
 apt (2.8.1) noble; urgency=medium
 .
   * Only revoke weak RSA keys for now, add 'next' and 'future' levels
     (backported from 2.9.7)
     Note that the changes to warn about keys not matching the future level
     in the --audit level are not fully included, as the --audit feature
     has not yet been backported. (LP: #2073126)
   * Introduce further mitigation on upgrades from 2.7.x to allow these
     systems to continue using rsa1024 repositories with warnings
     until the 24.04.2 point release (LP: #2073126)
 .
 apt (2.8.0) noble; urgency=medium
 .
   [ Julian Andres Klode ]
   * Revert "Temporarily downgrade key assertions to "soon worthless""
     We temporarily downgraded the errors to warnings to give the
     launchpad PPAs time to be fixed, but warnings are not safe:
     Untrusted keys could be hiding on your system, but just not
     used at the moment. Hence revert this so we get the errors we
     want. (LP: #2060721)
   * Branch off the stable 2.8.y branch for noble:
     - CI: Test in ubuntu:noble images for 2.8.y
     - debian/gbp.conf: Point at the 2.8.y branch
 .
   [ David Kalnischkies ]
   * Test suite fixes:
     - Avoid subshell hiding failure report from testfilestats
     - Ignore umask of leftover diff_Index in failed pdiff test
   * Documentation translation fixes:
     - Fix and unfuzzy previous VCG/Graphviz URI change
Checksums-Sha1:
 6690200e35b2440a4621b7a38f618f6e749845c7 2973 apt_2.8.3.dsc
 3dff624f3ddac2ff2d5b926cdfff8fe4dfbb8d96 2354680 apt_2.8.3.tar.xz
 ab999ecab32a9532cc7917a463201fec741bf52e 9232 apt_2.8.3_source.buildinfo
Checksums-Sha256:
 1d41cd04115e1a79f0fa4d738e5c34603ae8a4f40122d8a18a622fd6d20a5523 2973 apt_2.8.3.dsc
 088522b3613b28fdbcfa61f1f7e476bf6dc6b0120a8f74409e9527580c9f9d3b 2354680 apt_2.8.3.tar.xz
 75a8cdbe78678dfe5b152a831ae8de124ecaba2788c5e542851b8b01f69bf03a 9232 apt_2.8.3_source.buildinfo
Files:
 d27dd933a460c2fa1e0820fdea1c9b27 2973 admin required apt_2.8.3.dsc
 eb9c22f076b23b33421715d38751260c 2354680 admin required apt_2.8.3.tar.xz
 975e66b95f7a1c2fd17fcaffde3a8b0b 9232 admin required apt_2.8.3_source.buildinfo

More information about the noble-changes mailing list