Alpine Linux 3.11.7 released
The Alpine Linux project is pleased to announce the immediate availability of version 3.11.7 of its Alpine Linux operating system.
This includes an important security fix for openssl (CVE-2020-1971).
The full lists of changes can be found in the git log.
6543 (2): community/gitea: upgrade to v1.10.6 community/go: upgrade to 1.13.13 Alex Denes (1): main/postgresql: security upgrade to 12.5 Andy Postnikov (11): community/php7: security upgrade to 7.3.18 CVE-2019-11048 community/drupal7: security upgrade to 7.70 community/drupal7: security upgrade to 7.72 CVE-2020-13663 community/drupal7: security upgrade to 7.73 CVE-2020-13666 community/php7-pecl-timezonedb: upgrade to 2020.1 community/php7-pecl-timezonedb: fix license and improve community/php7-pecl-timezonedb: upgrade to 2020.2 community/php7-pecl-timezonedb: upgrade to 2020.3 community/php7-pecl-timezonedb: upgrade to 2020.4 community/drupal7: security upgrade to 7.74 - CVE-2020-13671 community/drupal7: security upgrade to 7.75 Ariadne Conill (2): main/musl: security fix for CVE-2020-28928 main/tzdata: switch to fat format Carlo Landmeter (1): community/salt: upgrade to 2019.2.4 Daniel Néri (10): main/xen: Remove dependency on syslinux [3.11] main/xen: backport upgrade to 4.13.1 main/ruby: Correct wrong CVE number in secfixes for version 2.6.6-r0 main/xen: security fixes for XSA-317, XSA-319, XSA-321, XSA-327 and XSA-328 [3.11] main/alpine-conf: avoid unwanted syslinux for setup-disk on mounted root main/xen: security fix for CVE-2020-14364/XSA-335 main/xen: security fixes for XSA-333, XSA-334, XSA-336, XSA-337, XSA-338, XSA-339, XSA-340, XSA-342, XSA-343 and XSA-344 main/xen: security fix for XSA-351 main/xen: security fix for XSA-355 main/xen: CVE-2020-28368 assigned to XSA-351 Francesco Colista (2): main/libvirt: security fix for CVE-2020-12430 main/libvirt: security fix for CVE-2019-20485 Henrik Riomar (9): community/intel-ucode: upgrade to 20200609 main/xen: fix XSA-320 community/intel-ucode: upgrade to 20200616 main/fail2ban: fix logging after rotate main/rsyslog: drop boot.log main/rsyslog: rsyslog logrotate should not touch messages main/xen: security upgrade to 4.13.2 community/intel-ucode: security upgrade to 20201110 community/intel-ucode: security upgrade to 20201112 J0WI (32): main/tzdata: upgrade to 2020a community/python2-tkinter: security upgrade to 2.7.17 community/python2-tkinter: security upgrade to 2.7.18 main/libxml2: fix CVE-2019-20388 community/ceph: security upgrade to 14.2.7 community/ceph: security upgrade to 14.2.9 main/ldb: upgrade to 2.0.10 main/samba: security upgrade to 4.11.8 main/mariadb: security upgrade to 10.4.13 main/perl-mozilla-ca: upgrade to 20200520 community/mumble: security upgrade to 1.3.1 community/ffmpeg: security upgrade to 4.2.4 community/firefox-esr: security upgrade to 68.10.0 community/firefox-esr: security upgrade to 68.11.0 main/spamassassin: security upgrade to 3.4.4 community/openjdk7: security upgrade to 18.104.22.168.19 community/openjdk7: security upgrade to 22.214.171.124.20 community/openjdk7: security upgrade to 126.96.36.199.21 community/openjdk7: security upgrade to 7.2188.8.131.52 community/openjdk8: security upgrade to 8.252.09 main/gnutls: security upgrade to 3.6.15 community/pdns: upgrade to 4.2.2 community/pdns: security upgrade to 4.2.3 main/ansible: upgrade to 2.9.9 main/ansible: security update to 2.9.13 community/apache-ant: security upgrade to 1.10.9 main/mariadb: security upgrade to 10.4.15 main/tzdata: upgrade to 2020b main/ldb: upgrade to 2.0.12 main/samba: security upgrade to 4.11.14 main/samba: security upgrade to 4.11.16 main/openssl: security upgrade to 1.1.1i Jake Buchholz (1): [3.11] community/containerd: update to 1.3.9 Jakub Jirutka (3): community/rtorrent: rebuild main/postgresql: security upgrade to 12.4 main/mbedtls: upgrade to 2.16.9 Jesse Olson (1): community/prometheus: correct init.d variables Justin Berthault (1): main/clamav: security upgrade to 0.102.4 Kaarle Ritvanen (1): main/apache2: security upgrade to 2.4.46 Keith Maxwell (1): main/py3-httplib2: fix CWE-93 Kevin Daudt (4): community/go: security upgrade to 1.13.10 (CVE-2020-7919) community/various: rebuild go packages for CVE-2020-7919 community/umoci: add chmod-clean option community/zabbix: upgrade to zabbix 4.4.9 Leo (70): community/chromium: explicitly call python2 instead of python main/re2c: fix CVE-2020-11958 main/libxml2: modernize community/ceph: remove stale boost-1.70 patch main/openldap: fix CVE-2020-12243 main/libexif: security upgrade to 0.6.22 main/unbound: fix CVE-2020-12662 and CVE-2020-12663 main/bind: security upgrade to 9.14.12 community/knot-resolver: fix CVE-2020-12667 community/wireshark: security upgrade to 3.0.11 community/pdns-recursor: security upgrade to 4.2.2 main/iproute2: add missing secfixes info community/apache-ant: security upgrade to 1.10.8 main/clamav: security upgrade to 0.102.3 community/vlc: security upgrade to 184.108.40.206 main/mbedtls: security upgrade to 2.16.6 main/python3: add missing secfixes info main/json-c: fix CVE-2020-12762 main/dbus: fix CVE-2020-12049 main/gnutls: add corresponding GNUTLS-SA to CVE-2020-13777 main/axel: fix CVE-2020-13614 main/hostapd: fix CVE-2020-12695 main/perl: fix typo in include for BZIP2 main/libjpeg-turbo: fix CVE-2020-13790 main/ngircd: fix CVE-2020-14148 main/python3: fix CVE-2020-14422 main/hylafaxplus: fix CVE-2020-15396 and CVE-2020-15397 main/xorg-server: fix CVE-2020-14347 main/patch: add missing CVE to secfixes main/zeromq: security upgrade to 4.3.3 main/libssh: fix CVE-2020-16135 main/curl: fix CVE-2020-8169 and CVE-2020-8177 main/libxml2: fix CVE-2020-24977 main/openjpeg: fix CVE-2019-12973 and CVE-2020-15389 main/perl-dbi: security upgrade to 1.643 main/cryptsetup: fix CVE-2020-14382 community/wireshark: security upgrade to 3.0.14 main/ansible: upgrade to 2.9.11 main/mbedtls: security upgrade to 2.16.8 community/apache-ant: fix checksum main/oniguruma: fix CVE-2020-26159 main/ansible: upgrade to 2.9.14 main/tzdata: upgrade to 2020c main/freetype: fix CVE-2020-15999 main/xorg-server: fix various CVEs main/perl-datetime-timezone: upgrade to 2.41 main/perl-datetime-timezone: upgrade to 2.42 main/perl-datetime-timezone: upgrade to 2.43 main/open-iscsi: upgrade to 2.1.2 main/tmux: fix CVE-2020-27347 main/krb5: security upgrade to 1.17.2 main/tcpdump: fix CVE-2020-8037 main/curl: fix CVE-2020-8231 main/redis: fix CVE-2015-8080 main/bluez: fix CVE-2020-27153 main/bluez: fix CVE-2020-27153 main/openldap: fix a few CVEs main/openldap: use local patch for CVE-2020-12243 main/pcre: fix CVE-2020-14155 main/cups: fix CVE-2019-8842 and CVE-2020-3898 main/dovecot: fix CVE-2020-12673 and CVE-2020-12674 main/mariadb-connector-c: fix CVE-2020-13249 main/squid: add missing secfixes info main/squid: fix typo in CVE identifier main/nrpe: fix CVE-2020-6581 and CVE-2020-6582 main/py3-django: fix CVE-2020-24583 and CVE-2020-24584 main/curl: fix CVE-2020-8285 and CVE-2020-8286 main/p11-kit: fix CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 main/nrpe: revert fixes for CVE-2020-6581 and CVE-2020-6582 main/nrpe: rebuild after revert Leonardo Arena (12): community/nextcloud: upgrade to 17.0.6 main/sqlite: security fix (CVE-2020-11655) main/dovecot: security upgrade to 220.127.116.11 community/exim: security fix (CVE-2020-12783) main/jbig2dec: security fix (CVE-2020-12268) main/jbig2dec: update checksums community/nextcloud: upgrade to 17.0.7 main/smokeping: needs ttf-dejavu community/nextcloud: upgrade to 17.0.9 community/zabbix: upgrade to 4.4.10 community/nextcloud: upgrade to 17.0.10 community/zabbix: rundir is needed for control socket Michael Kirsch (1): main/knock: upgrade to 0.8.1 Milan P. Stanić (3): community/firefox-esr: security upgrade to 68.8.0 main/postfix: upgrade to 3.4.12 main/perl-datetime-timezone: upgrade to 2.39 Natanael Copa (61): community/chromium: security upgrade to 80.0.3987.149 community/chromium: upgrade to 81.0.4044.113 Revert "main/ncurses: fix missing vtXXX terminfo in ncurses-terminfo-base" main/libxml2: store patch in aports tree main/sprunge: use https when possible main/abuild: backport fixes for crosscompile main/ca-certificates: remove expired certificate main/ca-certificates: use source package from gitlab main/gnutls: security upgrade to 3.6.14 (CVE-2020-13777) main/perl: security upgrade to 5.30.3 (CVE-2020-10543,CVE-2020-10878,CVE-2020-12723) main/gcc: security upgrade to 9.3.0 (CVE-2019-15847) main/busybox: add secfixes comment for CVE-2018-1000500 main/ansible: remove duplicate in secfixes comment community/exim: remove dup CVE-2018-6789 in secfixes comment main/putty: upgrade to 0.74 (CVE-2020-14002) main/ghostscript: clean up duplicate secfixes comment community/firefox: remove duplicate CVE in secfixes comment main/lame: remove duplicates in secfixes comment main/sdl: remove duplicate CVE in secfixes comment community/wireshark: fix secfixes comment main/samba: remove duplicate CVE in secfixes comment main/sqlite: fix secfixes comment main/hostapd: remove duplicate CVE in secfixes comment main/libsndfile: remove dulicate CVE secfixes comment main/libvorbis: remove duplicate CVE in secfixes comment main/wpa_supplicant: remove CVE dupes in secfixes comment main/busybox: fix duplicate CVE in secfixes comment main/rdesktop: fix duplicate CVEs in secfixes comment community/tor: fix duplicate CVE in secfixes comment main/linux-lts: upgrade to 5.4.72 community/jool-modules-lts: rebuild against kernel 5.4.72-r0 community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.72-r0 community/wireguard-lts: rebuild against kernel 5.4.72-r0 main/drbd-lts: rebuild against kernel 5.4.72-r0 main/xtables-addons-lts: rebuild against kernel 5.4.72-r0 main/zfs-lts: rebuild against kernel 5.4.72-r0 main/linux-rpi: upgrade to 5.4.72 community/jool-modules-rpi: rebuild against kernel 5.4.72-r0 community/wireguard-rpi: rebuild against kernel 5.4.72-r0 main/squid: security upgrade to 4.13 main/linux-lts: upgrade to 5.4.83 community/jool-modules-lts: rebuild against kernel 5.4.83-r0 community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.83-r0 community/wireguard-lts: upgrade to 1.0.20201112 / 5.4.83-r0 main/drbd-lts: rebuild against kernel 5.4.83-r0 main/xtables-adons-lts: rebuild against kernel 5.4.83-r0 main/zfs-lts: rebuild against kernel 5.4.83-r0 main/linux-rpi: upgrade to 5.4.83 community/jool-modules-rpi: rebuild against kernel 5.4.83-r0 community/wireguard-rpi: upgrade to 1.0.20201112 / 5.4.83-r0 main/linux-rpi: upgrade to 5.4.84 community/jool-modules-rpi: rebuild against kernel 5.4.84-r0 community/wireguard-rpi: rebuild against kernel 5.4.84-r0 main/linux-lts: upgrade to 5.4.84 community/jool-modules-lts: rebuild against kernel 5.4.84-r0 community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.84-r0 community/wireguard-lts: rebuild against kernel 5.4.84-r0 main/drbd-lts: rebuild against kernel 5.4.84-r0 main/xtables-addons-lts: rebuild against kernel 5.4.84-r0 main/zfs-lts: rebuild against kernel 5.4.84-r0 ===== release 3.11.7 ===== Rasmus Thomsen (14): main/vala: upgrade to 0.46.9 community/mutter: upgrade to 3.34.6 community/gnome-desktop: upgrade to 3.34.6 community/gnome-control-center: upgrade to 3.34.6 community/webkit2gtk: upgrade to 2.28.2 main/python2: security upgrade to 2.7.18 community/rpm: build without broken plugin support community/cheese: add missing dep on gsettings-desktop-schemas main/vala: upgrade to 0.46.10 community/gnome-photos: upgrade to 3.34.1 main/vala: upgrade to 0.46.11 main/vala: upgrade to 0.46.12 community/firefox-esr: disable, fails to build main/vala: upgrade to 0.46.13 Simon Frankenberger (2): main/nghttp2: fix CVE-2020-11080 community/php7: upgrade to 7.3.22 Sora Morimoto (1): community/opam: upgrade to 2.0.7 Stefan Reiff (1): main/samba: upgrade to 4.11.9 Sören Tempel (1): community/firefox-esr: upgrade to 68.9.0 TBK (2): main/ntfs-3g: patch CVE-2019-9755 community/java-gcj-compat: update gccpkgrel to match gcc6-java Yonggang Luo (1): community/chromium: install swiftshader aptalca (1): [3.11] main/libmaxminddb: fix database retrieval Backport of https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/7853 - Allow MaxMind license key input required for downloads - Update db retrieval (new endpoint with license key and new compressed file structure) iggy (1): community/ceph: upgrade to 14.2.8 prspkt (4): main/dropbear: backport security fixes main/libx11: security upgrade to 1.6.10 main/chrony: security upgrade to 3.5.1 main/libx11: security upgrade to 1.6.12