-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 Nov 2024 15:59:46 +0100 Source: apt Architecture: source Version: 2.9.13 Distribution: unstable Urgency: medium Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Julian Andres Klode <jak@debian.org> Changes: apt (2.9.13) unstable; urgency=medium . * Add a --comment option to record Comment: in history * Hardening: Add -Wp,-D_GLIBCXX_ASSERTIONS to CXXFLAGS to enable bounds checking for all STL containers. * patterns: Avoid out-of-bounds std::string_view read. We only pass NUL-terminated strings to the function, and the code expects that but we pass through an interface which doesn't guarantee that, so we trigger an index < size() assertion when accessing the terminating NUL byte when compiled with -Wp,-D_GLIBCXX_ASSERTIONS. * ftparchive: Remove fixed size buffers on trusted inputs (LP: #2087848) - ftparchive: override: Remove fixed-size line buffers in override files - ftparchive: cachedb: Remove 600-byte key (and hence file path) limit - ftparchive: writer: Remove line length limit on file lists * tests: Temporarily disable valgrind-if-available on armhf and ppc64el to avoid having to wait for a new valgrind without those architectures Checksums-Sha1: 360955f74b091a9840f631d79803ec3aa5fdf852 2994 apt_2.9.13.dsc 53b86a8c49e8cbad365bd1edebf09b4ba6812687 2384988 apt_2.9.13.tar.xz ba8cfaac43c62d7f0a4c7260a3ac0f0d5fa4b98e 7721 apt_2.9.13_source.buildinfo Checksums-Sha256: 097f16a33a65277346b54a52e87a960ad1436a6495e9d948d19b5eddffe37480 2994 apt_2.9.13.dsc 4b40a6b1fc34346c64dc8c64946f075d3193a5a76ce9215e514e62684547ae73 2384988 apt_2.9.13.tar.xz 03f8e7ed138af73ff7893d5186ae21d14f3ea3d6c2dd67e361cc2dcbe1c2ae38 7721 apt_2.9.13_source.buildinfo Files: d9b7aba7611ad93ff2f13caf9c9b7f00 2994 admin required apt_2.9.13.dsc 5fbe0be36d7130a04fb146afbf45d4fa 2384988 admin required apt_2.9.13.tar.xz 45aedbf36c04c8aeda134bea21f00072 7721 admin required apt_2.9.13_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmc9/WkPHGpha0BkZWJp YW4ub3JnAAoJEG+kWN0dsD9xZqAP/RAc8wQpAnVHpP04BqbtI9i7hJxHbP5zvIpp 7ERlujhlY6SzZFg64VDnnknofqzkjLrPyQ6FiB0ff8F0ZTWOxdR+w9eMDwPRTZ49 Yz4POOCpavyEoke275wDun33caFOW8RPMvL2IuHbZ219ckqhE7YtRaJGTX/3DV72 ecI/hJIxt3RZjc8PdPdnd8Ms3zlfliPU333PKNhCx32S5uMOzky6+DEBZHzXcuKe XXA2QeuSrAv70X+cdg6yArAt3wZyPHU9hIQ+46dzIrl3zjDqdfvgyfqry2P3NXKr jl8hDpBYlrybPIxzU1943lO7y9isSd1XRdeg3+ND2taE7xy+b0P8WTW1kCpQo6VL VFEGw16Vzghz9uz5LPgW3DXJQ9TtGd2jvFlmNtrT8W4D2ChoLdxN+BXz8D/0gaUw 4cyxr47+muzP125u2RYigDpaTWrm6gMNQKuxzxwOA0D5TVLYb09q3wFPrVimhOGO Qx8pFeVAGxPEvQoRdhr/yEyYOPrPk2rbvzUy5gHBMUn0XrBiDDYjgzLE1nrARQAx HlmLmms+Fv5O0eH/VNNF11V/PKtjutVl2uM7rdxsDYvVEyY7WPXnmoNi4BYIbDSC lz+Djb2Of5YHDra9DVdFh43J/BDeZuZe8DbgriFlgDHj3YPv1r0Uava5LaOcBvdm GF08vgm4 =bJGo -----END PGP SIGNATURE-----