Alpine Linux 3.11.7 released
The Alpine Linux project is pleased to announce the immediate availability of version 3.11.7 of its Alpine Linux operating system.
This includes an important security fix for openssl (CVE-2020-1971).
The full lists of changes can be found in the git log.
Git Shortlog
6543 (2):
community/gitea: upgrade to v1.10.6
community/go: upgrade to 1.13.13
Alex Denes (1):
main/postgresql: security upgrade to 12.5
Andy Postnikov (11):
community/php7: security upgrade to 7.3.18 CVE-2019-11048
community/drupal7: security upgrade to 7.70
community/drupal7: security upgrade to 7.72 CVE-2020-13663
community/drupal7: security upgrade to 7.73 CVE-2020-13666
community/php7-pecl-timezonedb: upgrade to 2020.1
community/php7-pecl-timezonedb: fix license and improve
community/php7-pecl-timezonedb: upgrade to 2020.2
community/php7-pecl-timezonedb: upgrade to 2020.3
community/php7-pecl-timezonedb: upgrade to 2020.4
community/drupal7: security upgrade to 7.74 - CVE-2020-13671
community/drupal7: security upgrade to 7.75
Ariadne Conill (2):
main/musl: security fix for CVE-2020-28928
main/tzdata: switch to fat format
Carlo Landmeter (1):
community/salt: upgrade to 2019.2.4
Daniel Néri (10):
main/xen: Remove dependency on syslinux
[3.11] main/xen: backport upgrade to 4.13.1
main/ruby: Correct wrong CVE number in secfixes for version 2.6.6-r0
main/xen: security fixes for XSA-317, XSA-319, XSA-321, XSA-327 and XSA-328
[3.11] main/alpine-conf: avoid unwanted syslinux for setup-disk on mounted root
main/xen: security fix for CVE-2020-14364/XSA-335
main/xen: security fixes for XSA-333, XSA-334, XSA-336, XSA-337, XSA-338, XSA-339, XSA-340, XSA-342, XSA-343 and XSA-344
main/xen: security fix for XSA-351
main/xen: security fix for XSA-355
main/xen: CVE-2020-28368 assigned to XSA-351
Francesco Colista (2):
main/libvirt: security fix for CVE-2020-12430
main/libvirt: security fix for CVE-2019-20485
Henrik Riomar (9):
community/intel-ucode: upgrade to 20200609
main/xen: fix XSA-320
community/intel-ucode: upgrade to 20200616
main/fail2ban: fix logging after rotate
main/rsyslog: drop boot.log
main/rsyslog: rsyslog logrotate should not touch messages
main/xen: security upgrade to 4.13.2
community/intel-ucode: security upgrade to 20201110
community/intel-ucode: security upgrade to 20201112
J0WI (32):
main/tzdata: upgrade to 2020a
community/python2-tkinter: security upgrade to 2.7.17
community/python2-tkinter: security upgrade to 2.7.18
main/libxml2: fix CVE-2019-20388
community/ceph: security upgrade to 14.2.7
community/ceph: security upgrade to 14.2.9
main/ldb: upgrade to 2.0.10
main/samba: security upgrade to 4.11.8
main/mariadb: security upgrade to 10.4.13
main/perl-mozilla-ca: upgrade to 20200520
community/mumble: security upgrade to 1.3.1
community/ffmpeg: security upgrade to 4.2.4
community/firefox-esr: security upgrade to 68.10.0
community/firefox-esr: security upgrade to 68.11.0
main/spamassassin: security upgrade to 3.4.4
community/openjdk7: security upgrade to 7.231.2.6.19
community/openjdk7: security upgrade to 7.241.2.6.20
community/openjdk7: security upgrade to 7.251.2.6.21
community/openjdk7: security upgrade to 7.261.2.6.22
community/openjdk8: security upgrade to 8.252.09
main/gnutls: security upgrade to 3.6.15
community/pdns: upgrade to 4.2.2
community/pdns: security upgrade to 4.2.3
main/ansible: upgrade to 2.9.9
main/ansible: security update to 2.9.13
community/apache-ant: security upgrade to 1.10.9
main/mariadb: security upgrade to 10.4.15
main/tzdata: upgrade to 2020b
main/ldb: upgrade to 2.0.12
main/samba: security upgrade to 4.11.14
main/samba: security upgrade to 4.11.16
main/openssl: security upgrade to 1.1.1i
Jake Buchholz (1):
[3.11] community/containerd: update to 1.3.9
Jakub Jirutka (3):
community/rtorrent: rebuild
main/postgresql: security upgrade to 12.4
main/mbedtls: upgrade to 2.16.9
Jesse Olson (1):
community/prometheus: correct init.d variables
Justin Berthault (1):
main/clamav: security upgrade to 0.102.4
Kaarle Ritvanen (1):
main/apache2: security upgrade to 2.4.46
Keith Maxwell (1):
main/py3-httplib2: fix CWE-93
Kevin Daudt (4):
community/go: security upgrade to 1.13.10 (CVE-2020-7919)
community/various: rebuild go packages for CVE-2020-7919
community/umoci: add chmod-clean option
community/zabbix: upgrade to zabbix 4.4.9
Leo (70):
community/chromium: explicitly call python2 instead of python
main/re2c: fix CVE-2020-11958
main/libxml2: modernize
community/ceph: remove stale boost-1.70 patch
main/openldap: fix CVE-2020-12243
main/libexif: security upgrade to 0.6.22
main/unbound: fix CVE-2020-12662 and CVE-2020-12663
main/bind: security upgrade to 9.14.12
community/knot-resolver: fix CVE-2020-12667
community/wireshark: security upgrade to 3.0.11
community/pdns-recursor: security upgrade to 4.2.2
main/iproute2: add missing secfixes info
community/apache-ant: security upgrade to 1.10.8
main/clamav: security upgrade to 0.102.3
community/vlc: security upgrade to 3.0.9.2
main/mbedtls: security upgrade to 2.16.6
main/python3: add missing secfixes info
main/json-c: fix CVE-2020-12762
main/dbus: fix CVE-2020-12049
main/gnutls: add corresponding GNUTLS-SA to CVE-2020-13777
main/axel: fix CVE-2020-13614
main/hostapd: fix CVE-2020-12695
main/perl: fix typo in include for BZIP2
main/libjpeg-turbo: fix CVE-2020-13790
main/ngircd: fix CVE-2020-14148
main/python3: fix CVE-2020-14422
main/hylafaxplus: fix CVE-2020-15396 and CVE-2020-15397
main/xorg-server: fix CVE-2020-14347
main/patch: add missing CVE to secfixes
main/zeromq: security upgrade to 4.3.3
main/libssh: fix CVE-2020-16135
main/curl: fix CVE-2020-8169 and CVE-2020-8177
main/libxml2: fix CVE-2020-24977
main/openjpeg: fix CVE-2019-12973 and CVE-2020-15389
main/perl-dbi: security upgrade to 1.643
main/cryptsetup: fix CVE-2020-14382
community/wireshark: security upgrade to 3.0.14
main/ansible: upgrade to 2.9.11
main/mbedtls: security upgrade to 2.16.8
community/apache-ant: fix checksum
main/oniguruma: fix CVE-2020-26159
main/ansible: upgrade to 2.9.14
main/tzdata: upgrade to 2020c
main/freetype: fix CVE-2020-15999
main/xorg-server: fix various CVEs
main/perl-datetime-timezone: upgrade to 2.41
main/perl-datetime-timezone: upgrade to 2.42
main/perl-datetime-timezone: upgrade to 2.43
main/open-iscsi: upgrade to 2.1.2
main/tmux: fix CVE-2020-27347
main/krb5: security upgrade to 1.17.2
main/tcpdump: fix CVE-2020-8037
main/curl: fix CVE-2020-8231
main/redis: fix CVE-2015-8080
main/bluez: fix CVE-2020-27153
main/bluez: fix CVE-2020-27153
main/openldap: fix a few CVEs
main/openldap: use local patch for CVE-2020-12243
main/pcre: fix CVE-2020-14155
main/cups: fix CVE-2019-8842 and CVE-2020-3898
main/dovecot: fix CVE-2020-12673 and CVE-2020-12674
main/mariadb-connector-c: fix CVE-2020-13249
main/squid: add missing secfixes info
main/squid: fix typo in CVE identifier
main/nrpe: fix CVE-2020-6581 and CVE-2020-6582
main/py3-django: fix CVE-2020-24583 and CVE-2020-24584
main/curl: fix CVE-2020-8285 and CVE-2020-8286
main/p11-kit: fix CVE-2020-29361 CVE-2020-29362 CVE-2020-29363
main/nrpe: revert fixes for CVE-2020-6581 and CVE-2020-6582
main/nrpe: rebuild after revert
Leonardo Arena (12):
community/nextcloud: upgrade to 17.0.6
main/sqlite: security fix (CVE-2020-11655)
main/dovecot: security upgrade to 2.3.10.1
community/exim: security fix (CVE-2020-12783)
main/jbig2dec: security fix (CVE-2020-12268)
main/jbig2dec: update checksums
community/nextcloud: upgrade to 17.0.7
main/smokeping: needs ttf-dejavu
community/nextcloud: upgrade to 17.0.9
community/zabbix: upgrade to 4.4.10
community/nextcloud: upgrade to 17.0.10
community/zabbix: rundir is needed for control socket
Michael Kirsch (1):
main/knock: upgrade to 0.8.1
Milan P. Stanić (3):
community/firefox-esr: security upgrade to 68.8.0
main/postfix: upgrade to 3.4.12
main/perl-datetime-timezone: upgrade to 2.39
Natanael Copa (61):
community/chromium: security upgrade to 80.0.3987.149
community/chromium: upgrade to 81.0.4044.113
Revert "main/ncurses: fix missing vtXXX terminfo in ncurses-terminfo-base"
main/libxml2: store patch in aports tree
main/sprunge: use https when possible
main/abuild: backport fixes for crosscompile
main/ca-certificates: remove expired certificate
main/ca-certificates: use source package from gitlab
main/gnutls: security upgrade to 3.6.14 (CVE-2020-13777)
main/perl: security upgrade to 5.30.3 (CVE-2020-10543,CVE-2020-10878,CVE-2020-12723)
main/gcc: security upgrade to 9.3.0 (CVE-2019-15847)
main/busybox: add secfixes comment for CVE-2018-1000500
main/ansible: remove duplicate in secfixes comment
community/exim: remove dup CVE-2018-6789 in secfixes comment
main/putty: upgrade to 0.74 (CVE-2020-14002)
main/ghostscript: clean up duplicate secfixes comment
community/firefox: remove duplicate CVE in secfixes comment
main/lame: remove duplicates in secfixes comment
main/sdl: remove duplicate CVE in secfixes comment
community/wireshark: fix secfixes comment
main/samba: remove duplicate CVE in secfixes comment
main/sqlite: fix secfixes comment
main/hostapd: remove duplicate CVE in secfixes comment
main/libsndfile: remove dulicate CVE secfixes comment
main/libvorbis: remove duplicate CVE in secfixes comment
main/wpa_supplicant: remove CVE dupes in secfixes comment
main/busybox: fix duplicate CVE in secfixes comment
main/rdesktop: fix duplicate CVEs in secfixes comment
community/tor: fix duplicate CVE in secfixes comment
main/linux-lts: upgrade to 5.4.72
community/jool-modules-lts: rebuild against kernel 5.4.72-r0
community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.72-r0
community/wireguard-lts: rebuild against kernel 5.4.72-r0
main/drbd-lts: rebuild against kernel 5.4.72-r0
main/xtables-addons-lts: rebuild against kernel 5.4.72-r0
main/zfs-lts: rebuild against kernel 5.4.72-r0
main/linux-rpi: upgrade to 5.4.72
community/jool-modules-rpi: rebuild against kernel 5.4.72-r0
community/wireguard-rpi: rebuild against kernel 5.4.72-r0
main/squid: security upgrade to 4.13
main/linux-lts: upgrade to 5.4.83
community/jool-modules-lts: rebuild against kernel 5.4.83-r0
community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.83-r0
community/wireguard-lts: upgrade to 1.0.20201112 / 5.4.83-r0
main/drbd-lts: rebuild against kernel 5.4.83-r0
main/xtables-adons-lts: rebuild against kernel 5.4.83-r0
main/zfs-lts: rebuild against kernel 5.4.83-r0
main/linux-rpi: upgrade to 5.4.83
community/jool-modules-rpi: rebuild against kernel 5.4.83-r0
community/wireguard-rpi: upgrade to 1.0.20201112 / 5.4.83-r0
main/linux-rpi: upgrade to 5.4.84
community/jool-modules-rpi: rebuild against kernel 5.4.84-r0
community/wireguard-rpi: rebuild against kernel 5.4.84-r0
main/linux-lts: upgrade to 5.4.84
community/jool-modules-lts: rebuild against kernel 5.4.84-r0
community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.84-r0
community/wireguard-lts: rebuild against kernel 5.4.84-r0
main/drbd-lts: rebuild against kernel 5.4.84-r0
main/xtables-addons-lts: rebuild against kernel 5.4.84-r0
main/zfs-lts: rebuild against kernel 5.4.84-r0
===== release 3.11.7 =====
Rasmus Thomsen (14):
main/vala: upgrade to 0.46.9
community/mutter: upgrade to 3.34.6
community/gnome-desktop: upgrade to 3.34.6
community/gnome-control-center: upgrade to 3.34.6
community/webkit2gtk: upgrade to 2.28.2
main/python2: security upgrade to 2.7.18
community/rpm: build without broken plugin support
community/cheese: add missing dep on gsettings-desktop-schemas
main/vala: upgrade to 0.46.10
community/gnome-photos: upgrade to 3.34.1
main/vala: upgrade to 0.46.11
main/vala: upgrade to 0.46.12
community/firefox-esr: disable, fails to build
main/vala: upgrade to 0.46.13
Simon Frankenberger (2):
main/nghttp2: fix CVE-2020-11080
community/php7: upgrade to 7.3.22
Sora Morimoto (1):
community/opam: upgrade to 2.0.7
Stefan Reiff (1):
main/samba: upgrade to 4.11.9
Sören Tempel (1):
community/firefox-esr: upgrade to 68.9.0
TBK (2):
main/ntfs-3g: patch CVE-2019-9755
community/java-gcj-compat: update gccpkgrel to match gcc6-java
Yonggang Luo (1):
community/chromium: install swiftshader
aptalca (1):
[3.11] main/libmaxminddb: fix database retrieval Backport of https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/7853 - Allow MaxMind license key input required for downloads - Update db retrieval (new endpoint with license key and new compressed file structure)
iggy (1):
community/ceph: upgrade to 14.2.8
prspkt (4):
main/dropbear: backport security fixes
main/libx11: security upgrade to 1.6.10
main/chrony: security upgrade to 3.5.1
main/libx11: security upgrade to 1.6.12