pmb.config.apk_tools_min_version: update

Require an apk-tools version that has the recent CVE fixed. Related: https://security.alpinelinux.org/vuln/CVE-2021-36159
2021-08-07 17:09:53 +02:00 · 2021-08-07 17:09:53 +02:00 · d01027fe2c
parent ba07c4cf14
commit d01027fe2c
1 changed files with 4 additions and 4 deletions
--- a/pmb/config/init.py
+++ b/pmb/config/init.py
@ -24,10 +24,10 @@ apk_keys_path = pmb_src + "/pmb/data/keys"
 # Update this frequently to prevent a MITM attack with an outdated version
 # (which may contain a vulnerable apk/openssl, and allows an attacker to
 # exploit the system!)
-apk_tools_min_version = {"edge": "2.12.5-r1",
-                         "v3.14": "2.12.5-r1",
-                         "v3.13": "2.12.5-r0",
-                         "v3.12": "2.10.6-r0"}
+apk_tools_min_version = {"edge": "2.12.7-r0",
+                         "v3.14": "2.12.7-r0",
+                         "v3.13": "2.12.7-r0",
+                         "v3.12": "2.10.8-r0"}

 # postmarketOS aports compatibility (checked against "version" in pmaports.cfg)
 pmaports_min_version = "7"