Update minimum required apk version to 2.10.1-r0

Max Justicz found a clever way to exploit apk, which is fixed in the latest version: <https://justi.cz/security/2018/09/13/alpine-apk-rce.html>
2018-09-14 06:26:46 +02:00 · 2018-09-14 06:26:46 +02:00 · cff9185401
parent 840931884b
commit cff9185401
1 changed files with 1 additions and 1 deletions
--- a/pmb/config/init.py
+++ b/pmb/config/init.py
@ -37,7 +37,7 @@ apk_keys_path = pmb_src + "/keys"
 # Update this frequently to prevent a MITM attack with an outdated version
 # (which may contain a vulnerable apk/libressl, and allows an attacker to
 # exploit the system!)
-apk_tools_static_min_version = "2.9.0-r0"
+apk_tools_static_min_version = "2.10.1-r0"

 # postmarketOS aports compatibility (checked against "version" in pmaports.cfg)
 pmaports_min_version = "0"