[ubuntu/xenial-updates] apt 1.2.35 (Accepted)

Brian Murray brian at ubuntu.com
Thu Apr 29 20:03:40 UTC 2021 

apt (1.2.35) xenial; urgency=medium

  * Backport JSON hooks, version 0.2, to xenial (LP: #1926150). The JSON code
    files are identical to that of 2.3.2, only the integration and test cases
    needed minor adjustment to behave correctly, especially:
    - In private-install.cc, exit before showing the list of packages to
      upgrade/install/etc, in case an error is already set. This moves the
      behavior closer to bionic.
  * Backport zstd support for Launchpad zstd enablement (LP: #1926437)
  * Fix indendation of changelog message in 1.2.34 changelog.
  * Bug fixes needed for JSON hooks:
    - private-install: Handle existing errors before showing lists
    - Avoid duplicated error in `apt search`
  * Bug fixes affecting CI / autopkgtest only:
    - prepare-release: Ignore alternative build dependencies
    - tests: Do not expect requested-by if sudo was invoked by root
    - tests: Export TZ=UTC to work around test failures on non-UTC hosts
    - tests: avoid time-dependent rebuild of caches

apt (1.2.34) xenial-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB
  * (upstream re-release of 1.2.34)

apt (1.2.33) xenial-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810
  * Add .gitlab-ci.yml for CI testing on Salsa
  * (upstream re-release of 1.2.34)

Date: 2021-04-28 13:00:10.145755+00:00
Changed-By: Julian Andres Klode <julian.klode at canonical.com>
Signed-By: Brian Murray <brian at ubuntu.com>
https://launchpad.net/ubuntu/+source/apt/1.2.35
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list