The Alpine Linux project is pleased to announce the immediate
availability of version 3.14.1 of its Alpine Linux operating system.
This release includes a fix for apk-tools CVE-2021-36159[1].
The full lists of changes can be found in the git log[2].
[1]: https://security.alpinelinux.org/vuln/CVE-2021-36159
[2]: http://git.alpinelinux.org/cgit/aports/log/?h=v3.14.1
Git Shortlog
------------
6543 (1):
community/gitea: upgrade to 1.14.3
Andy Postnikov (16):
community/php7-pecl-imagick: upgrade to 3.5.0
community/php8-pecl-imagick: upgrade to 3.5.0
community/php7-pecl-xhprof: upgrade to 2.3.3
community/php8-pecl-xhprof: upgrade to 2.3.3
community/php8: security upgrade to 8.0.8 - CVE-2021-21705
community/php7: security upgrade to 7.4.21 - CVE-2021-21705
community/php7-pecl-ast: upgrade to 1.0.13
community/php8-pecl-ast: upgrade to 1.0.13
community/php7-pecl-mongodb: upgrade to 1.10.0
community/php8-pecl-mongodb: upgrade to 1.10.0
community/drupal7: security upgrade to 7.82 - CVE-2021-32610
community/php7-pecl-igbinary: upgrade to 3.2.4
community/php8-pecl-igbinary: upgrade to 3.2.4
community/nodejs-current: security upgrade to 16.6.0
community/php7: upgrade to 7.4.22
community/php8: upgrade to 8.0.9
Ariadne Conill (28):
main/rssh: add mitigations for CVE-2019-3463 and CVE-2019-1000018, secfixes data for CVE-2019-3464
main/nikto: add mitigation for CVE-2018-11652
main/avahi: add mitigation for CVE-2021-3468
main/patch: add mitigation for CVE-2019-20633
main/unzip: add mitigation for CVE-2018-18384 (incomplete fix of CVE-2014-9913)
main/{bind,dhcp}: fix secfixes data for CVE-2019-6470
community/quassel: add mitigation for CVE-2021-34825
community/gdnsd: security upgrade to 2.4.3 (CVE-2019-13952)
main/luajit: disable some tests on mips64
main/luajit: fix testsuite paths for mips64 case
community/notcurses: skip tests on mips64, slow builder
community/opendmarc: add mitigation for CVE-2021-34555
main/libretls: downgrade libtls SOVERSION to allow coexistence with community/libressl
main/libretls: add so:libtls.so.20 provides for transitional period
main: chase libretls SOVERSION change
community/codemadness-frontends: chase libretls SOVERSION change
main/zstd: disable tests on 32-bit arm due to issues caused by having 160 threads
community/csync2: add mitigations for CVE-2019-15522 and CVE-2019-15523
community/applet-window-buttons: block on mips64
community/xrdp: update secfixes data
community/libvterm: add mitigation for CVE-2018-20786
main/avahi: add mitigation for CVE-2021-36217
community/hdf5: fix secfixes
main/nodejs: security upgrade to 14.17.3 (CVE-2021-22918)
main/aspell: add mitigation for CVE-2019-25051 / OSV-2020-521
community/libmad: fix secfixes data to include CVE-2018-7263
community/openvswitch: add mitigation for CVE-2021-36980
community/djvulibre: add mitigations for CVE-2021-3500, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492, CVE-2021-32493
Bart Ribbers (20):
community/py3-tinydb: upgrade to 4.4.0 and modernize
community/plasma: upgrade to 5.22.2.1
community/plasma-desktop: disable on ppc64le
community/purpose: disable on ppc64le
community/plasma-browser-integration: disable on ppc64le
community/plasma-desktop: actually disable on ppc64le
community/applet-window-buttons: new aport
community/mauikit: depend on applet-window-buttons
community/mauikit-texteditor: new aport
community/nota: depend on mauikit-texteditor
community/buho: add dep on mauikit-texteditor
community/buho: bump pkgrel
community/xwayland: add missing replaces on xorg-server-xwayland
community/wlroots0.12: add missing replaces on wlroots
community/discover: disable KCM
community/osmscout-server: upgrade to 2.0.3
community/osmscout-server: install proper config version
community/plasmatube: upgrade to 0_git20210709
community/plasmatube: upgrade to 0_git20210718
community/plasmatube: upgrade to 0_git20210719
Carlo Landmeter (2):
main/libretls: fix boostrap build
community/vectorscan: add debug symbols package
Clayton Craft (1):
community/gnome-shell: drop dependency on nm-applet
Devin Lin (2):
community/kweathercore: new aport
community/kweather: upgrade to 21.06
Duncan Bellamy (6):
community/dovecot-fts-xapian: upgrade to 1.4.10 rebuild against new dovecot
community/dovecot-fts-xapian: upgrade to 1.4.11
community/rspamd: use luajit for all arches * add lpeg patch * fixes #12822
community/ceph: upgrade to 16.2.5
community/suricata: upgrade to 6.0.3
community/libhtp: upgrade to 0.5.38
Francesco Colista (4):
community/bareos: remove py3-selenium dep from webui subpackage
community/sngrep: enable eep support
community/sngrep: disable test-003
main/sofia-sip: upgrade to 1.13.4
Henrik Riomar (1):
main/rsyslog: load custom config before standard rules
Holger Jaekel (2):
community/gdal: upgrade to 3.2.3
community/hdf5: upgrade to 1.12.1
J0WI (11):
main/mariadb: security upgrade to 10.5.11
community/firefox: upgrade to 89.0.1
main/nspr: upgrade to 4.31
community/mozjs78: security upgrade to 78.12.0
main/varnish: security upgrade to 6.6.1
main/curl: security upgrade to 7.78.0
main/redis: security upgrade to 6.2.5
main/krb5: security upgrade to 1.18.4
community/miniupnpd: update secfixes
community/exiv2: security upgrade to 0.27.4
main/libretls: upgrade to 3.3.3p1
Jakub Jirutka (12):
community/yamllint: upgrade to 1.26.1
community/njs: upgrade to 0.5.3
community/cesnet-tcs-cli: upgrade to 0.4.0
community/libstemmer: remove duplicate
main/fail2ban: fix tests and re-enable for all arches
main/fail2ban: move tests to -test subpackage
main/fail2ban: remove path configs for other distros
main/fail2ban: skip failing DNSUtilsNetworkTests.testFQDN
main/dhcpcd: upgrade to 8.1.9
community/ruby-ffi: upgrade to 1.15.3
community/git-metafile: upgrade to 0.2.1
*/linux-*: fix perms of kernel.release file to 644
Kaarle Ritvanen (1):
community/py3-django: security upgrade to 3.1.13
Kevin Daudt (4):
main/openssh: reset dependencies for client-common
community/java-jffi: disable on mips64 due to missing java
community/zabbix: upgrade to 5.4.2
main/rsync: prevent aports version being reported
Leo (16):
community/synapse: upgrade to 1.36.0
community/skopeo: depend on containers-common during runtime
community/vault: remove duplicate CVE value
*: remove duplicate CVE values
community/synapse: upgrade to 1.37.0
community/synapse: upgrade to 1.37.1
community/xrdp: generate key and certificate at runtime
community/py3-rich: upgrade to 10.5.0
community/gnome-authenticator: depend on py3-setuptools at runtime
community/ntpsec: security upgrade to 1.2.1
main/glib: upgrade to 2.68.3
community/wireshark: upgrade to 3.4.7
main/gummiboot: move from unmaintained
main/gummiboot: fix build with latest GNU-EFI
main/gummiboot: split EFISTUB into gummiboot-efistub
community/go: security upgrade to 1.16.6
Leonardo Arena (3):
main/open-iscsi: fix path of iscsi-name in init script
community/nextcloud: upgrade to 21.0.3
community/nextcloud20: upgrade to 20.0.11
Marian Buschsieweke (1):
community/texlive: fix trigger script
Martijn Braam (1):
community/pmbootstrap: upgrade to 1.34.0
Martin Haso* (2):
main/py3-pillow: upgrade to 8.2.0
community/py3-reportlab: upgrade to 3.5.68
Martin Kaesberger (2):
community/chromium: upgrade to 91.0.4472.114
community/chromium: upgrade to 91.0.4472.164
Micha* Pola*ski (25):
main/nodejs: upgrade to 14.17.1
community/lagrange: upgrade to 1.5.2
community/caddy: upgrade to 2.4.3
community/libslirp: upgrade to 4.6.1
community/hcloud: upgrade to 1.24.0
community/py3-faker: upgrade to 8.8.1
community/podman: fix panic when cgroup filesystem is not mounted
community/fuse-overlayfs: upgrade to 1.6
community/podman: upgrade to 3.2.2
community/containers-common: upgrade to 0.38.11
community/skopeo: upgrade to 1.3.1
community/buildah: upgrade to 1.21.2
community/buildah: add dependency on crun
community/wdisplays: change upstream
community/wdisplays: upgrade to 1.1
community/hcloud: upgrade to 1.25.0
community/hcloud: upgrade to 1.25.1
community/buildah: upgrade to 1.21.3
community/podman: upgrade to 3.2.3
community/buildah: upgrade to 1.21.4
community/crun: upgrade to 0.21
main/nodejs: security upgrade to 14.17.4
community/fuse-overlayfs: upgrade to 1.7
community/slirp4netns: upgrade to 1.1.12
community/hcloud: upgrade to 1.26.0
Milan P. Stani* (5):
main/haproxy: upgrade to 2.4.1
community/clamav: upgrade to 0.103.3
main/dovecot: security upgrade to 2.3.15
main/postfix: upgrade to 3.6.2
main/haproxy: upgrade to 2.4.2
Natanael Copa (50):
scripts/mkimg.base.sh: add dhcpcd to base
community/py3-gevent: upgrade to 21.1.2
main/kamailio: backport mohqueue fixes from upstream
community/containerd: security upgrade to 1.5.4 (CVE-2021-32760)
main/rsync: backport fix for --delay-updates
main/linux-lts: enable HIGHMEM and LPAE for armv7 -virt
main/linux-lts: upgrade to 5.10.44
main/linux-lts: upgrade to 5.10.45
main/linux-lts: upgrade to 5.10.46
main/linux-lts: upgrade to 5.10.47
main/linux-lts: upgrade to 5.10.48
main/linux-lts: upgrade to 5.10.49
main/linux-lts: upgrade to 5.10.50
main/linux-lts: upgrade to 5.10.51
main/linux-lts: upgrade to 5.10.52
main/linux-lts: upgrade to 5.10.53
main/linux-lts: upgrade to 5.10.54
main/linux-lts: upgrade to 5.10.55
community/jool-modules-lts: rebuild against kernel 5.10.55-r0
community/rtl8821ce-lts: rebuild against kernel 5.10.55-r0
community/rtpengine-lts: rebuild against kernel 5.10.55-r0
main/dahdi-linux-lts: rebuild against kernel 5.10.55-r0
main/xtables-addons-lts: rebuild against kernel 5.10.55-r0
main/zfs-lts: rebuild against kernel 5.10.55-r0
main/linux-rpi: upgrade to 5.10.44
main/linux-rpi: upgrade to 5.10.45
main/linux-rpi: upgrade to 5.10.46
main/linux-rpi: upgrade to 5.10.49
main/linux-rpi: upgrade to 5.10.50
main/linux-rpi: upgrade to 5.10.51
main/linux-rpi: upgrade to 5.10.52
main/linux-rpi: upgrade to 5.10.55
community/jool-modules-rpi: rebuild against kernel 5.10.55-r0
main/zfs-rpi: rebuild against kernel 5.10.55-r0
main/mosquitto: add secfixes info for CVE-2021-34432
community/miniupnpd: upgrade to 2.2.2 and refactor
main/linux-lts: upgrade to 5.10.56
community/jool-modules-lts: rebuild against kernel 5.10.56-r0
community/rtl8821ce-lts: rebuild against kernel 5.10.56-r0
community/rtpengine-lts: rebuild against kernel 5.10.56-r0
main/dahdi-linux-lts: rebuild against kernel 5.10.56-r0
main/xtables-addons-lts: rebuild against kernel 5.10.56-r0
main/zfs-lts: rebuild against kernel 5.10.56-r0
main/linux-rpi: upgrade to 5.10.56
community/jool-modules-rpi: rebuild against kernel 5.10.56-r0
main/zfs-rpi: rebuild against kernel 5.10.56-r0
main/raspberrypi-bootloader: upgrade to 1.20210727
main/libretls: remove transitional hack provides
main/libretls: fix the generation of SO version
===== release 3.14.1 =====
Oliver Smith (2):
community/postmarketos-ondev: upgrade to 0.7.0
community/pmbootstrap: upgrade to 1.35.0
Sören Tempel (2):
main/alpine-baselayout: don't append existing entries to $PATH
main/alpine-baselayout: unset script variable in profile
Thomas Liske (3):
community/ifstate: upgrade to 1.5.3
community/ifstate: upgrade to 1.5.4
community/py3-wgnlpy: upgrade to 0.1.5
Timo Teräs (2):
main/apk-tools: security upgrade to 2.12.6
main/apk-tools: upgrade to 2.12.7
macmpi (2):
main/linux-rpi: add linux-firmware-cypress dependency
main/linux-firmware: upgrade to 20210716
omni (1):
community/tor: security upgrade to 0.4.5.9
pexcn (1):
main/linux-lts: enable CONFIG_NET_SCH_CAKE for config-virt
prspkt (1):
main/putty: security upgrade to 0.76 (CVE-2021-36367)