More nuanced public key algorithm revocation

Implemented in https://salsa.debian.org/apt-team/apt/-/merge_requests/365/

Hello Julian, or anyone else affected,

Accepted apt into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.8.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

this upload is not to be accepted to -updates before the discussion on ubuntu-release@ is concluded

All autopkgtests for the newly accepted apt (2.8.1) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.28.1-0ubuntu3 (s390x)
auto-apt-proxy/14.1 (armhf, s390x)
cron/3.0pl1-184ubuntu2 (arm64)
dgit/11.8 (arm64)
gcc-10/10.5.0-4ubuntu2 (arm64)
gcc-11/11.4.0-9ubuntu1 (armhf)
gcc-13/13.2.0-23ubuntu4 (arm64, armhf)
gcc-13/unknown (s390x)
gcc-14/14-20240412-0ubuntu1 (armhf)
gcc-snapshot/1:20240117-1ubuntu1 (arm64, armhf)
ubiquity/24.04.5 (armhf)
update-notifier/unknown (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

This bug was fixed in the package apt - 2.9.7

---------------
apt (2.9.7) unstable; urgency=medium

  [ sid ]
  * Show installed version (not candidate version) while removing a package

  [ David Kalnischkies ]
  * Parse snapshot option for apt show/list (Closes: #1075819)

  [ Frans Spiesschaert ]
  * Dutch program translation update (Closes: #1075874)
  * Dutch manpages translation update (Closes: #1075875)

  [ Michał Kułach ]
  * Polish program translation update (Closes: #1075975)

  [ Julian Andres Klode ]
  * worker: Add an audit level to log audit messages
  * gpgv: Add a LaterWorthless level, a SoonWorthless but at 'audit' level
  * gpgv: Add IsAssertedPubKeyAlgo() function
  * Only revoke weak RSA keys for now, add 'next' and 'future' levels
    (LP: #2073126)
  * solver3: Refactor Reason.Pkg()/Reason.Ver() use with iterator
  * Add note that redundant 'CLI interface' is intentional

 -- Julian Andres Klode <email address hidden> Tue, 30 Jul 2024 13:19:24 +0900

Hello Julian, or anyone else affected,

Accepted apt into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.8.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted apt (2.8.2) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.28.1-0ubuntu3.1 (armhf)
apt/2.8.2 (armhf, s390x)
auto-apt-proxy/14.1 (ppc64el, s390x)
cron/3.0pl1-184ubuntu2 (arm64, s390x)
dgit/11.8 (arm64, s390x)
gcc-11/11.4.0-9ubuntu1 (arm64)
gcc-12/12.3.0-17ubuntu1 (amd64, s390x)
gcc-13/13.2.0-23ubuntu4 (arm64, armhf)
gcc-14/unknown (armhf, s390x)
gcc-snapshot/1:20240117-1ubuntu1 (amd64, arm64, s390x)
open-build-service/unknown (armhf, s390x)
postgresql-debversion/unknown (s390x)
python-apt/unknown (s390x)
reportbug/unknown (s390x)
reprotest/unknown (s390x)
ubuntu-advantage-tools/unknown (s390x)
unattended-upgrades/unknown (s390x)
update-notifier/unknown (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted apt (2.8.2) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

autopkgtest/5.34ubuntu2 (amd64, arm64, armhf)
update-manager/1:24.04.9 (amd64, arm64, armhf, i386, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

So to summarize, and please confirm or deny my understanding below, comparing to 2.7.14build2 which is current noble release+updates:

- Assert-Pubkey-Algo reintroduces >= rsa1024 (was rsa2048), and allows more nist curves[1]. It's downgrading the RSA key size to 1024.
- there is no error whatsoever if an algorithm is not in the Pubkey-Algo list, correct? Just warnings
- new levels are introduced: next, and future[2]. How can the user switch between them? I see after installing 2.8.3 that I have the default, next, and future levels, but it's not clear how "next" and "future" are to be used.

1. diff:
- Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa2048,ed25519,ed448");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo", ">=rsa1024,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1");

2. diff
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Next", ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512");
+ Cnf.CndSet("APT::Key::Assert-Pubkey-Algo::Future", ">=rsa3072,ed25519,ed448");

The level has changed:

Algorithms missing in "APT::Key::Assert-Pubkey-Algo" cause errors now, whereas algorithms in "APT::Key::Assert-Pubkey-Algo::Next" cause warnings.

Accordingly, the values were moved around such that "APT::Key::Assert-Pubkey-Algo::Next" matches the old
APT::Key::Assert-Pubkey-Algo (with NIST curves added); and "APT::Key::Assert-Pubkey-Algo" also allows 2048-bit (and brainpool, nist, secp256)

The result is that rsa<2048, brainpool curves, secp256k1 do not change behavior vs the old version (they now cause warnings), but NIST curves no longer cause warnings per popular request.

Which coincidentally is why we need two levels.

This matches the behavior in oracular and plucky.

This _may_ cause a regression if you purposefully override `APT::Key::Assert-Pubkey-Algo` to *NOT* include algorithms that you actually use; which seems highly unlikely given that you'd be introducing warnings to your system.

> Algorithms missing in "APT::Key::Assert-Pubkey-Algo" cause errors now, whereas algorithms in
> "APT::Key::Assert-Pubkey-Algo::Next" cause warnings.

The word "missing" is, er, missing, in the second part of that sentence, right? The full correct sentence is (diff capitalized by me):

  Algorithms missing in "APT::Key::Assert-Pubkey-Algo" cause errors now, whereas algorithms MISSING in
  "APT::Key::Assert-Pubkey-Algo::Next" cause warnings.

I tested with (only changed rsa from the defaults):
APT::Key::Assert-Pubkey-Algo ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1";
APT::Key::Assert-Pubkey-Algo::Next ">=rsa5120,ed25519,ed448,nistp256,nistp384,nistp512";
APT::Key::Assert-Pubkey-Algo::Future ">=rsa6144,ed25519,ed448";

And got:
$ sudo apt update
Hit:1 http://br.archive.ubuntu.com/ubuntu noble InRelease
Hit:2 http://br.archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:3 http://br.archive.ubuntu.com/ubuntu noble-backports InRelease
Hit:4 http://br.archive.ubuntu.com/ubuntu noble-security InRelease
Hit:5 https://ppa.launchpadcontent.net/ahasenack/apt-sru/ubuntu noble InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: http://br.archive.ubuntu.com/ubuntu/dists/noble/InRelease: Signature by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm (rsa4096)
W: http://br.archive.ubuntu.com/ubuntu/dists/noble-updates/InRelease: Signature by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm (rsa4096)
W: http://br.archive.ubuntu.com/ubuntu/dists/noble-backports/InRelease: Signature by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm (rsa4096)
W: http://br.archive.ubuntu.com/ubuntu/dists/noble-security/InRelease: Signature by key F6ECB3762474EDA9D21B7022871920D1991BC93C uses weak algorithm (rsa4096)
W: https://ppa.launchpadcontent.net/ahasenack/apt-sru/ubuntu/dists/noble/InRelease: Signature by key 6BD1A790B3211D9CE0A04D073DA665FECBA631A9 uses weak algorithm (rsa4096)

Meaning, rsa4096 is MISSING from ::Next, and I got a warning.

So from my understanding, these are the big changes in this SRU, regarding the crypto config.

a) Algorithms MISSING from Assert-Pubkey-Algo are now treated as an ERROR, whereas before (noble release) they were WARNINGS;

b) The list of algorithms in Assert-Pubkey-Algo changed:

FROM: ">=rsa2048,ed25519,ed448");
TO: ">=rsa1024,ed25519,ed448,
          nistp256,nistp384,nistp512,brainpoolP256r1,brainpoolP320r1,brainpoolP384r1,brainpoolP512r1,secp256k1");

  b1) rsa2048 was replaced by rsa1024
  b2) nist*, brainpool*, and secp256k1 were added to the list

c) Two more algorithms lists were added:

  c1) Next: algorithms MISSING from this list will trigger a WARNING
  c2) Future: algorithms MISSING from this list will trigger an AUDIT event (not fully supported in this noble SRU yet, so this "Future" list can be ignored for now)

  Next", ">=rsa2048,ed25519,ed448,nistp256,nistp384,nistp512");
  Future", ">=rsa3072,ed25519,ed448");

These lists, and how they apply, can be confusing. Here is another way to read these that I came up with:

- Assert-Pubkey-Algo: list of PERMITTED algorithms. If a repository was signed with an algorithm/key NOT listed here, it will trigger an ERROR, regardless of the other lists.
- Assert-Pubkey_Algo::Next: list of NO WARNING algorithms. If a repository was signed with an algorithm/key NOT listed here, it will trigger a WARNING. Should be a subset of the above.

@ubuntu-security, could I please get your take on the changes introduced by this SRU? I believe I summarized them in comment #16 (unless @juliank chimes in with a correction!).

It's basically the list of crypto algorithms that need checking.

RSA1024 still triggers a "weak key" warning.

https://discourse.ubuntu.com/t/new-requirements-for-apt-repository-signing-in-24-04/42854/15 might help with some history, and with the choices of algorithms, but it's a long read.

Thanks for your summary, Andreas, I found it very helpful.

This guide appeared to be the newest from NIST that I could find on the topic of key lengths https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf -- page 21 (marked 11 on the page) appears to say n=1024 is still fine for "legacy use": "The algorithm or key length may only be used to process already protected information (e.g., decrypt ciphertext data or verify a digital signature)". A very literal reading would probably suggest that *old* InRelease files would be fine but *new* InRelease files wouldn't be. There'd be no reliable way to tell the age without actually validating the signature, so maybe it's academic, but I don't imagine they intended to allow installing software protected solely by rsa1024.

I would prefer if we asked users to make this change themselves if they still have rsa1024 repositories somewhere. Noble has been out for almost a year. Ubuntu 24.04.1 was released over six months ago. If the >=rsa2048 restrictions were brand new, and we saw a deluge of complaints, maybe relaxing it would make sense. But what we've seen is a decade of people asking us how to prevent rsa1024 from being used.

I don't understand why today is the right day to allow weaker RSA keys.

All the other changes seem fine to me.

Thanks

> I don't understand why today is the right day to allow weaker RSA keys.

I don't think that changed. To recap (and these changes are confusing, yes, but this is my understanding of the final result):

# Noble release
- there is only one list of crypto algorithms: Assert-Pubkey-Algo
- anything NOT in that list will trigger a WARNING
- RSA 1024 is NOT in that list, therefore we have a WARNING

# This SRU
- there are two new lists: Assert-Pubkey-Algo::Next and Assert-Pubkey-Algo::Future
- the behavior of Assert-Pubkey-Algo CHANGED: now, algorithms not in this list will trigger an ERROR instead of a WARNING
- algorithms NOT PRESENT in Assert-Pubkey-Algo::Next will issue a WARNING
- RSA1024 was ADDED to Assert-Pubkey-Algo, so it's allowed
- RSA1024 is NOT PRESENT in Assert-Pubkey-Algo::Next, so a WARNING is triggered

In summary, RSA1024 triggers a WARNING in both noble release, and with this SRU.

Put the security levels (noble release vs unapproved vs oracular) into a table in

https://docs.google.com/document/d/1rIREl1ebAoJXyqjig5MlV1-Jae9EREcApuVMlKT1whQ/edit?tab=t.0

Ah, thank you both Andreas and Julian for working with me to understand these changes better.

If we're already supporting rsa1024 in noble, that would explain why we haven't seen a deluge of support requests around it. Fair. Tightening it in an update a year later, absent impressive news, would be too much.

I think I'm happy with this update now.

Thanks

Here is a screenshot of the document from comment #20

Thanks @Seth! Your comment #18 seems to have focused mostly on the RSA keys, did you get a chance to also look at the new NIST, brainpoolP, and secp algorithms that were added/swapped around? From the table in comment #22 (also comment #20), looks like another change is that NIST P-{256,384,512} in noble issue a warning, and in the SRU switched no "good" (no warning or error). This SRU starts with the sentence "We have received feedback from users that use NIST-P256 keys for their repositories that are upset about receiving a warning.", which alludes only to the 256 key size, not the others.

Ah, sorry about neglecting the other curves here. I'm much less concerned about the curve changes.

Someone who chooses these curves has thought about it and made their choice. Someone who is on RSA1024 might not know that they're on the "very best of y2k" playlist. The NSA may have suggested everybody move away from these curves ten years ago but did so without publishing their reasoning, if I recall correctly, and there hasn't been compelling movement in the open literature that I know of.

To the best of my knowledge, these curves are fine now and nobody expects drastic movement in the next few years.

Thanks

Hello Julian, or anyone else affected,

Accepted apt into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.8.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted apt (2.8.3) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

auto-apt-proxy/14.1 (s390x)
autopkgtest/5.38ubuntu1~24.04.1 (armhf)
ca-certificates-java/20240118 (ppc64el)
cron/3.0pl1-184ubuntu2 (ppc64el)
dgit/11.8 (ppc64el, s390x)
gcc-10/10.5.0-4ubuntu2 (ppc64el)
gcc-11/unknown (ppc64el)
gcc-12/unknown (ppc64el)
gcc-13/13.3.0-6ubuntu2~24.04 (ppc64el)
gcc-14/14.2.0-4ubuntu2~24.04 (ppc64el)
gcc-9/9.5.0-6ubuntu2 (ppc64el)
gcc-snapshot/unknown (ppc64el)
update-manager/1:24.04.9 (amd64, arm64, armhf, i386, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

The update inadvertently disabled DSA signatures. We believed DSA signatures (1) could not use SHA2 hashes and (2) were not trusted anyway, but it seems that xenial, which is dual-signed with a DSA1024 bit key has a SHA512 DSA1024 signature and that is still considered trusted.

This is causing the update-manager test suite to fail, which we missed in oracular because the release pocket regressed at some point earlier, so we never noticed it regressed when the apt changes landed there.

We can add >=dsa1024 back to the list of warning-only algorithms or proceed with the update as is (and fix update-manager's test suite to use the rsa key to verify xenial) which would be better from the security posture stance.

Already in 2015 the nice folks at https://weakdh.org/ were hypothesizing that 1024 bit DSA was unsafe against very well resourced attackers.

We have to draw a line somewhere, and we might as well draw it here, today. Affected parties can modify their APT configuration, right? I'm fine regressing dsa1024 in an update that's generally designed to freshen our allowed cryptography.

Thanks

I first upgraded apt, libapt-pkg6.0t64 to 2.8.3.

Validation for RSA1024 remaining weak:

root@noble:~# gpg --quick-gen-key <email address hidden> rsa1024
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/86F909B8AA125825E11A72DE25BB51DD6ADA3043.rev'
public and secret key created and signed.

Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
pub rsa1024 2025-04-25 [SC] [expires: 2028-04-24]
      86F909B8AA125825E11A72DE25BB51DD6ADA3043
uid <email address hidden>

root@noble:~# gpg --export > /etc/apt/trusted.gpg.d/test-key.gpg
root@noble:~# apt download apt
root@noble:~# apt-ftparchive packages . > Packages
root@noble:~# apt-ftparchive release . > Release
root@noble:~# gpg --clearsign < Release > InRelease
root@noble:~# apt update
Get:1 file:/root ./ InRelease [1178 B]
Get:1 file:/root ./ InRelease [1178 B]
Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
Get:3 file:/root ./ Packages [1908 B]
Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:5 http://archive.ubuntu.com/ubuntu noble InRelease
Hit:6 http://archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:7 http://archive.ubuntu.com/ubuntu noble-backports InRelease
Hit:8 http://archive.ubuntu.com/ubuntu noble-proposed InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
11 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Download is performed unsandboxed as root as file '/root/./InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
W: file:/root/./InRelease: Signature by key 86F909B8AA125825E11A72DE25BB51DD6ADA3043 uses weak algorithm (rsa1024)

-> Warning is there.

For NIST-P256 becoming "OK" I start with the old version assert the warning is there, and then upgrade and see the warning is gone.

root@noble:~# rm -r .gnupg
root@noble:~# gpg --quick-gen-key <email address hidden> nistp256
[...]
root@noble:~# gpg --clearsign < Release > InRelease
root@noble:~# gpg --export > /etc/apt/trusted.gpg.d/test-key.gpg
root@noble:~# apt update
Get:1 file:/root ./ InRelease [1093 B]
Get:1 file:/root ./ InRelease [1093 B]
Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease
Hit:3 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:4 http://archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:5 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:6 http://archive.ubuntu.com/ubuntu noble-backports InRelease
Hit:7 http://archive.ubuntu.com/ubuntu noble-proposed InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
12 packages can be upgraded. ...

Removing block-proposed-noble as update-manager and apt are both ready to release now, having just verified update-manager/oracular.

This bug was fixed in the package apt - 2.8.3

---------------
apt (2.8.3) noble; urgency=medium

  * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
    - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
    - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
    - Revert rsa1024 to warnings again
    This leaves the mechanisms in place and no longer warns about NIST curves.
  * Fix keeping back removals of obsolete packages; and return an error if
    ResolveByKeep() is unsuccessful (LP: #2078720)
  * Fix buffer overflow, stack overflow, exponential complexity in
    apt-ftparchive Contents generation (LP: #2083697)
    - ftparchive: Mystrdup: Add safety check and bump buffer size
    - ftparchive: contents: Avoid exponential complexity and overflows
    - test framework: Improve valgrind support
    - test: Check that apt-ftparchive handles deep paths
    - Workaround valgrind "invalid read" in ExtractTar::Go by moving large
      buffer from stack to heap. The large buffer triggered some bugs in
      valgrind stack clash protection handling.

apt (2.8.2) noble; urgency=medium

  * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
    (follow-up for LP: #2073126)

apt (2.8.1) noble; urgency=medium

  * Only revoke weak RSA keys for now, add 'next' and 'future' levels
    (backported from 2.9.7)
    Note that the changes to warn about keys not matching the future level
    in the --audit level are not fully included, as the --audit feature
    has not yet been backported. (LP: #2073126)
  * Introduce further mitigation on upgrades from 2.7.x to allow these
    systems to continue using rsa1024 repositories with warnings
    until the 24.04.2 point release (LP: #2073126)

apt (2.8.0) noble; urgency=medium

  [ Julian Andres Klode ]
  * Revert "Temporarily downgrade key assertions to "soon worthless""
    We temporarily downgraded the errors to warnings to give the
    launchpad PPAs time to be fixed, but warnings are not safe:
    Untrusted keys could be hiding on your system, but just not
    used at the moment. Hence revert this so we get the errors we
    want. (LP: #2060721)
  * Branch off the stable 2.8.y branch for noble:
    - CI: Test in ubuntu:noble images for 2.8.y
    - debian/gbp.conf: Point at the 2.8.y branch

  [ David Kalnischkies ]
  * Test suite fixes:
    - Avoid subshell hiding failure report from testfilestats
    - Ignore umask of leftover diff_Index in failed pdiff test
  * Documentation translation fixes:
    - Fix and unfuzzy previous VCG/Graphviz URI change

 -- Julian Andres Klode <email address hidden> Tue, 22 Oct 2024 15:02:22 +0200

The verification of the Stable Release Update for apt has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.