From cff918540127b64c4f360f005fa54f335dc22e3c Mon Sep 17 00:00:00 2001
From: Oliver Smith <ollieparanoid@bitmessage.ch>
Date: Fri, 14 Sep 2018 06:26:46 +0200
Subject: [PATCH] Update minimum required apk version to 2.10.1-r0

Max Justicz found a clever way to exploit apk, which is fixed in the
latest version:

<https://justi.cz/security/2018/09/13/alpine-apk-rce.html>
---
 pmb/config/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pmb/config/__init__.py b/pmb/config/__init__.py
index 03fcde16..32b31571 100644
--- a/pmb/config/__init__.py
+++ b/pmb/config/__init__.py
@@ -37,7 +37,7 @@ apk_keys_path = pmb_src + "/keys"
 # Update this frequently to prevent a MITM attack with an outdated version
 # (which may contain a vulnerable apk/libressl, and allows an attacker to
 # exploit the system!)
-apk_tools_static_min_version = "2.9.0-r0"
+apk_tools_static_min_version = "2.10.1-r0"
 
 # postmarketOS aports compatibility (checked against "version" in pmaports.cfg)
 pmaports_min_version = "0"