Alpine Linux 3.13.5 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.13.5 of its Alpine Linux operating system.

This release includes a fix for apk-tools CVE-2021-30139.

The full lists of changes can be found in the git log.

Git Shortlog

6543 (1):
      community/gitea: upgrade to 1.13.7

Andy Postnikov (4):
      community/php7-pecl-mongodb: upgrade to 1.9.1 and modernize
      community/php8-pecl-mongodb: upgrade to 1.9.1 and modernize
      community/php7-pecl-xdebug: upgrade to 3.0.4
      community/php8-pecl-xdebug: upgrade to 3.0.4

Ariadne Conill (4):
      main/apk-tools: add hotfix for tarball parsing DoS (CVE pending)
      main/apk-tools: backout the hotfix, causes sporadic failures
      community/nss: disable binary stripping
      community/xorg-server: fix CVE-2021-3472

Bart Ribbers (3):
      community/maliit-framework: upgrade to 2.0.0
      community/maliit-keyboard: upgrade to 2.0.0
      community/maliit-keyboard: add missing runtime dep on dconf

Duncan Bellamy (1):
      community/ceph: upgrade to 15.2.10 * install dashboard mgr node_modules on install as too large

Francesco Colista (1):
      community/jenkins: security upgrade to 2.287

J0WI (4):
      community/webkit2gtk: security upgrade to 2.32.0
      community/firefox-esr: security upgrade to 78.9.0
      community/nss: upgrade to 3.61
      community/nss: upgrade to 3.62

Jakub Jirutka (2):
      main/ruby: remove man files provided by ruby-bundler
      main/nodejs: fix CVE-2021-27290 in npm subpackage

Justin Berthault (1):
      main/clamav: upgrade to 0.103.2

Kaarle Ritvanen (1):
      community/py3-django-oscar: crash fix

Kevin Daudt (1):
      main/lxc-templates-legacy: account of existing nodes in alpine template

Leo (6):
      community/xterm: fix CVE-2021-27135
      community/xterm: drop fix for CVE-2021-27135
      community/xterm: security upgrade to 367
      main/tar: security upgrade to 1.34
      community/nss: upgrade to 3.63
      community/py3-django: security upgrade to 3.1.8

Leonardo Arena (4):
      main/spamassassin: security upgrade to 3.4.5
      main/spamassassin: update source
      community/nextcloud: upgrade to 20.0.9
      community/nextcloud19: upgrade to 19.0.10

Michał Polański (7):
      community/youtube-dl: upgrade to 2021.04.01
      community/hcloud: upgrade to 1.22.0
      community/ginkgo: upgrade to 1.16.0
      community/hcloud: upgrade to 1.22.1
      community/syncthing: fix CVE-2021-21404
      main/nodejs: security upgrade to 14.16.1
      main/clamav: remove CVE-2021-1386 from secfixes

Milan P. Stanić (4):
      main/lxc: fix cgroup mounting
      main/postfix: upgrade to 3.5.10
      main/irssi: upgrade to 1.2.3
      community/xorg-server: upgrade to 1.20.11

Natanael Copa (15):
      main/asterisk: remove /tmp
      main/linux-rpi: upgrade to 5.10.29
      community/jool-modules-rpi: rebuild against kernel 5.10.29-r0
      main/zfs-rpi: rebuild against kernel 5.10.29-r0
      main/linux-lts: upgrade to 5.10.29
      community/jool-modules-lts: rebuild against kernel 5.10.29-r0
      community/rtl8821ce-lts: rebuild against kernel 5.10.29-r0
      community/rtpengine-lts: rebuild against kernel 5.10.29-r0
      main/dahdi-linux-lts: rebuild against kernel 5.10.29-r0
      main/xtables-addons-lts: rebuild against kernel 5.10.29-r0
      main/zfs-lts: rebuild against kernel 5.10.29-r0
      main/curl: upgrade to 7.76.1 (CVE-2021-22876, CVE-2021-22890)
      main/apk-tools: add secfixes info
      main/busybox: backport tab completion fix
      ===== release 3.13.5 =====

Rasmus Thomsen (8):
      community/cbindgen: upgrade to 0.18.0
      main/cython: depend on python3
      community/firefox: upgrade to 87.0
      community/firefox: build with clang, doesn't OOM on 32-bit
      main/vala: upgrade to 0.50.6
      main/cairo: add patch for CVE-2020-35492
      community/librsvg: security upgrade to 2.50.4
      main/vala: upgrade to 0.50.7

Timo Teräs (1):
      main/apk-tools: upgrade to 2.12.5

matt335672 (1):
      community/libvirt: use correct OpenRC service definitions for libvirt-guests