UbuntuUpdates.org

Package "libapt-pkg5.0"

Name: libapt-pkg5.0

Description:

package management runtime library

Latest version: 1.6.17
Release: bionic (18.04)
Level: updates
Repository: main
Head package: apt

Links


Download "libapt-pkg5.0"


Other versions of "libapt-pkg5.0" in Bionic

Repository Area Version
base main 1.6.1
security main 1.6.12ubuntu0.2

Changelog

Version: 1.6.17 2023-04-12 09:07:02 UTC

  apt (1.6.17) bionic; urgency=medium

  * Bump cache minor version for kernel collection.
    The previous update introduced the new kernel autoremoval code which
    collects kernels in the cache as providers of a $kernel package.
    We need to bump the cache minor version for this as otherwise the
    $kernel package might not exist and all kernels end up autoremovable
    until a package got installed or sources updated.

Source diff to previous version

Version: 1.6.14 2021-07-02 00:06:24 UTC

  apt (1.6.14) bionic; urgency=medium

  * RunScripts: Do not reset SIGQUIT and SIGINT to SIG_DFL (LP: #1898026)
  * Fix downloads of unsized files that are largest in pipeline (LP: #1921626),
    and warn about packages without size (option Acquire::AllowUnsizedPackages)
  * JSON hooks 0.2 and assorted JSON bugfixes (LP: #1926150)
    - encoder fixes:
      + json: Escape strings using \u escape sequences, add test
      + json: Actually pop states
      + json: Encode NULL strings as null
    - json: Flush standard file descriptors before calling hooks
      (this avoids output from hooks in middle of apt output)
    - Minor fixes to include and C++ namespaces
    - non-code changes:
      + test/json: Make the test hook more reliable
      + Fix a typo in json-hooks-protocol.md (thanks to Brian Murray)
    - semantic changes (new fields, hooks, and protocol 0.2):
      + json: Add origins fields to version
      + upgrade: Add JSON hook support (AptCli::Hooks::Upgrade)
      + json: Add `package-list` and `statistics` install hooks
      + json: Hook protocol 0.2 (added upgrade,downgrade,reinstall modes)
    + Fix a typo in json-hooks-protocol.md (thanks to Brian Murray)
  * Avoid infinite loop on EOF on media change prompt (LP: #1928687)

 -- Julian Andres Klode <email address hidden> Tue, 15 Jun 2021 16:12:38 +0200

Source diff to previous version
1921626 size mismatch error if request of unknown size is larger than others
1926150 [SRU] Backport JSON hooks 0.2
1928687 Avoid infinite loop on EOF on media change prompt

Version: 1.6.13 2021-04-07 04:06:47 UTC

  apt (1.6.13) bionic; urgency=medium

  [ David Kalnischkies ]
  * Fix incorrect base64 encoding due to int promotion (LP: #1916050)
  * Harden test for no new acquires after transaction abort (Closes: #984966)
    (LP: #1918920)

  [ Julian Andres Klode ]
  * Implement update --error-on=any (Closes: #594813) (LP: #1693900)
  * Include all translations when building the cache (LP: #1907850)
  * Add basic support for the Protected field
  * Do not require force-loopbreak on Important packages
    (Closes: #983014) (LP: #1916725)
  * Protect currently running kernel at run-time (LP: #1615381)
  * Make ADDARG{,C}() macros expand to single statements
  * Improve immediate configuration handling (LP: #1871268)
    - Do not immediately configure m-a: same packages in lockstep
    - Ignore failures from immediate configuration. This does not change the
      actual installation ordering - we never passed the return code to the
      caller and installation went underway anyway if it could be ordered at a
      later stage, this just removes spurious after-the-fact errors.
      (Closes: #973305, #188161, #211075, #649588)
  * Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566)
    (LP: #1918907)

  [ Balint Reczey ]
  * Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its --help
    (LP: #1806076)

 -- Julian Andres Klode <email address hidden> Fri, 12 Mar 2021 14:09:15 +0100

Source diff to previous version
1916050 Invalid base64 for high-bit characters
1918920 Harden test for no new acquires after transaction abort
1693900 apt-get update should return exit code != 0 on error
1907850 Cache not generated for all translations
1916725 Protected/Important packages are not deconfigured, require Force-LoopBreak
1615381 apt-get autoremove may remove current kernel
1871268 Installation fails due to useless immediate configuration error when \
1918907 Default Acquire::AllowReleaseInfoChange::Suite to \
1806076 unattended-upgrade --help raises UnicodeEncodeError when stdout encoding is ascii
984966 apt: flaky armhf autopkgtest: File has unexpected size (27 != 39). Mirror sync in progress?
594813 apt: ListUpdate does return True in the case of network errors
983014 manpages-de: Fails to upgrade from 4.2.0-1 to 4.9.1-5: This installation run will require temporarily removing the essential package manpages-de:amd6
973305 apt-get throws error when run with --simulate and APT::Immediate-Configure set to "false"
931566 Don't complain about suite changes (Acquire::AllowReleaseInfoChange::Suite should be "true")

Version: 1.6.12ubuntu0.2 2020-12-09 18:06:24 UTC

  apt (1.6.12ubuntu0.2) bionic-security; urgency=high

  * SECURITY UPDATE: Integer overflow in parsing (LP: #1899193)
    - apt-pkg/contrib/arfile.cc: add extra checks.
    - apt-pkg/contrib/tarfile.cc: limit tar item sizes to 128 GiB
    - apt-pkg/deb/debfile.cc: limit control file sizes to 64 MiB
    - test/*: add tests.
    - CVE-2020-27350
  * Additional hardening:
    - apt-pkg/contrib/tarfile.cc: Limit size of long names and links to 1 MiB

 -- Julian Andres Klode <email address hidden> Mon, 07 Dec 2020 12:13:36 +0100

Source diff to previous version

Version: 1.6.12ubuntu0.1 2020-05-14 04:06:18 UTC

  apt (1.6.12ubuntu0.1) bionic-security; urgency=high

  * SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
    - apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
      member names in error path
    - CVE-2020-3810

 -- Julian Andres Klode <email address hidden> Tue, 12 May 2020 20:03:44 +0200

1878177 CVE-2020-3810 out-of-bound stack reads in arfile
CVE-2020-3810 apt out-of-bounds read in .ar implemation



About   -   Send Feedback to @ubuntu_updates