~ncopa

Recent activity

Re: CVE-2021-3156 version number of sudo 9 days ago

From Natanael Copa to ~alpine/devel

On Thu, 16 Mar 2023 12:12:47 +0100
Christian Dupuis <christian.dupuis@docker.com> wrote:

> Hi,
> 
> is it possible that there*s a typo in the version number '1.9.5p2-r0'
> of *sudo' in CVE-2021-3156? Should the version number be
> '1.9.5_p2-r0* instead?

I agree that it looks like a typo, but I think it is correct.

See:
https://gitlab.alpinelinux.org/alpine/aports/-/commit/7b07d36c9c463eb0692ff58146f01d3dffe8c454

Alpine 3.14.9, 3.15.7 and 3.16.4 released a month ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of new stable releases:

- [3.14.9](https://git.alpinelinux.org/aports/log/?h=v3.14.9)
- [3.15.7](https://git.alpinelinux.org/aports/log/?h=v3.15.7)
- [3.16.4](https://git.alpinelinux.org/aports/log/?h=v3.16.4)

Those releases include security fixes for openssl:

- [CVE-2022-4203](https://security.alpinelinux.org/vuln/CVE-2022-4203)
- [CVE-2022-4304](https://security.alpinelinux.org/vuln/CVE-2022-4304)
- [CVE-2022-4450](https://security.alpinelinux.org/vuln/CVE-2022-4450)
- [CVE-2023-0215](https://security.alpinelinux.org/vuln/CVE-2023-0215)
- [CVE-2023-0216](https://security.alpinelinux.org/vuln/CVE-2023-0216)

Alpine 3.17.2 Released a month ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of version 3.17.2 of its Alpine Linux operating system.

This release includes various security fixes, including:

- openssl [CVE-2023-0286](https://security.alpinelinux.org/vuln/CVE-2023-0286)
- openssl [CVE-2022-4304](https://security.alpinelinux.org/vuln/CVE-2022-4304)
- openssl [CVE-2022-4203](https://security.alpinelinux.org/vuln/CVE-2022-4203)
- openssl [CVE-2023-0215](https://security.alpinelinux.org/vuln/CVE-2023-0215)
- openssl [CVE-2022-4450](https://security.alpinelinux.org/vuln/CVE-2022-4450)
- openssl [CVE-2023-0216](https://security.alpinelinux.org/vuln/CVE-2023-0216)
- openssl [CVE-2023-0217](https://security.alpinelinux.org/vuln/CVE-2023-0217)
- openssl [CVE-2023-0401](https://security.alpinelinux.org/vuln/CVE-2023-0401)

Alpine Linux 3.17.1 released 2 months ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of version 3.17.1 of its Alpine Linux operating system.

This release includes various security fixes, including:

- openssl CVE-2022-3996[1]

The full lists of changes can be found in the git log[2].

[1]: https://security.alpinelinux.org/vuln/CVE-2022-3996
[2]: https://git.alpinelinux.org/aports/log/?h=v3.17.1

Git Shortlog
------------

Alpine Linux 3.17.0 Released 4 months ago

From Natanael Copa to ~alpine/announce

We are pleased to announce the release of Alpine Linux 3.17.0, the first in
the v3.17 stable series.

Highlights
----------

* bash [5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html)
* GCC [12](https://gcc.gnu.org/gcc-12/changes.html)
* Kea [2.2](https://www.isc.org/blogs/kea-2-2-0/)
* LLVM [15](https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html)
* OpenSSL [3.0](https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/)
* Perl [5.36](https://perldoc.perl.org/perldelta)
* PostgreSQL [15](https://www.postgresql.org/about/news/postgresql-15-released-2526/)
* Node.js (lts) [18.12](https://nodejs.org/en/blog/release/v18.12.0/)

Alpine Linux 3.17.0 Released 4 months ago

From Natanael Copa to ~alpine/devel

We are pleased to announce the release of Alpine Linux 3.17.0, the first in
the v3.17 stable series.

Highlights
----------

* bash [5.2](https://lists.gnu.org/archive/html/bash-announce/2022-09/msg00000.html)
* GCC [12](https://gcc.gnu.org/gcc-12/changes.html)
* Kea [2.2](https://www.isc.org/blogs/kea-2-2-0/)
* LLVM [15](https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html)
* OpenSSL [3.0](https://www.openssl.org/blog/blog/2021/09/07/OpenSSL3.Final/)
* Perl [5.36](https://perldoc.perl.org/perldelta)
* PostgreSQL [15](https://www.postgresql.org/about/news/postgresql-15-released-2526/)
* Node.js (lts) [18.12](https://nodejs.org/en/blog/release/v18.12.0/)

Release notes for alpine 3.17 4 months ago

From Natanael Copa to ~alpine/devel

Hi,

I have started collect release notes for the 3.17 release.
https://gitlab.alpinelinux.org/alpine/infra/alpine-mksite/-/merge_requests/54

I created also a wiki page for more details if that is needed.
https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.17.0

Please comment on the merge request in gitlab or edit the wiki page if
there is something you think should be mentioned.

Please note that the alpine-mksite mege request can be considered as a
press release. So we need to be careful what we put there so we don't
end up with some weird sounding news headlines.

Alpine 3.16.3 released 4 months ago

From Natanael Copa to ~alpine/announce

The Alpine Linux project is pleased to announce the immediate
availability of version 3.16.3 of its Alpine Linux operating system.

This is a bugfix release.

The full lists of changes can be found in the [git log](http://git.alpinelinux.org/aports/log/?h=v3.16.3).

Git Shortlog
------------

6543 (1):
      community/gitea: upgrade to 1.17.3

Andy Postnikov (14):

Re: Please reply to this email to re-license your prior Alpine wiki contributions 5 months ago

From Natanael Copa to ~alpine/devel

On Fri, 14 Jan 2022 09:15:26 +0100
"Drew DeVault" <sir@cmpwn.com> wrote:

> All future wiki contributions now use the CC-BY-SA license. However,
> existing contributions cannot be re-licensed without the consent of the
> copyright owner.
> 
> If you consent to having your wiki contributions distributed under the
> terms of CC-BY-SA, please reply to this email with the following
> template:
> 
> I, <your name>, hereby re-license my contributions to the Alpine Linux
> wiki under the username <your wiki username> under the terms of the
> CC-BY-SA license.

Upcoming feature freeze 5 months ago

From Natanael Copa to ~alpine/devel

Hi!

I will start work on setting up the builders for 3.17 release this
week. This means that significant changes to the toolchain and
bootstrap packages (eg make, binutils, gcc, bison, autoconf, automake,
cmake etc) needs to happen within a few days or they will have to be
postponed to after 3.17 release.

We can also expect a more general feature freeze in aports/main from
next week (17 October) and a feature freeze in aports/community wekk
after that (24 October).

Those are approximate dates and as usual, we do exceptions on case by
case basis after that.