Wed. Feb 26th, 2020

Alpine Linux 3.11.3 releases, lightweight Linux distribution

4 min read

Alpine Linux is a community-developed operating system designed for x86 routers, firewalls, virtual private networks, IP telephones, and servers. It is designed to implement the concept of security, including a number of active security features such as PaX and SSP, they can prevent the software vulnerabilities are used by rivals. The system uses the C language library is musl, the basic tools are in BusyBox. They are common in embedded systems and are smaller than tools in GNU / Linux systems.

Feature

SMALL

Alpine Linux is built around musl libc and busybox. This makes it smaller and more resource efficient than traditional GNU/Linux distributions. A container requires no more than 8 MB and a minimal installation to disk requires around 130 MB of storage. Not only do you get a fully-fledged Linux environment but a large selection of packages from the repository.

Binary packages are thinned out and split, giving you even more control over what you install, which in turn keeps your environment as small and efficient as possible.

SIMPLE

Alpine Linux is a very simple distribution that will try to stay out of your way. It uses its own package manager called apk, the OpenRC init system, script driven set-ups and that’s it! This provides you with a simple, crystal-clear Linux environment without all the noise. You can then add on top of that just the packages you need for your project, so whether it’s building a home PVR, or an iSCSI storage controller, a wafer-thin mail server container, or a rock-solid embedded switch, nothing else will get in the way.

SECURE

Alpine Linux was designed with security in mind. The kernel is patched with an unofficial port of grsecurity/PaX, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities.

Alpine Linux 3.11.3 has been released.

Changelog

Andy Postnikov (2):
      community/drupal7: security upgrade to 7.69
      community/phpmyadmin: upgrade to 4.9.4

Bart Ribbers (1):
      community/kdeconnect: add missing runtime dep sshfs

Carlo Landmeter (1):
      community/lua-turbo: add missing ca-certificates

Henrik Riomar (1):
      main/etckeeper: upgrade to 1.18.13

J0WI (2):
      main/openvpn: upgrade to 2.4.8
      community/firefox-esr: security upgrade to 68.4.1

Jakub Jirutka (12):
      community/kea: upgrade to 1.7.3
      community/jetty-runner: upgrade to 9.4.15.20190215
      community/repmgr: upgrade to 5.0.0
      community/lua-busted: upgrade to 2.0.0
      community/kea: fix capabilities
      community/kea-hook-runscript: rebuild against kea 1.7.3
      community/kea-hook-runscript: take over maintainership
      community/ruby-rspec-support: upgrade to 3.9.2
      community/muacme: fix depends on cmd:openssl
      community/ldap-passwd-webui: fix depends on py-waitress
      community/py3-waitress: fix broken upgrade from older versions
      main/openrc: allow to change interfaces config location

Jason A. Donenfeld (1):
      community/wireguard: update to 20191226

Joel (1):
      main/linux-lts: enable cannonlake pinctrl for x86_64

Kaarle Ritvanen (2):
      main/awall: upgrade to 1.6.13
      main/ulogd: fix logrotate pattern

Kevin Daudt (1):
      community/salt: fix python3.8 incompattibilities

Leo (6):
      community/dia: fix CVE-2019-19451.patch
      main/python3: upgrade to 3.8.1
      testing/fontforge: rebuild against python3.8
      community/ruby-rspec-mocks: upgrade to 3.9.1
      community/ruby-rspec-core: upgrade to 3.9.1
      main/e2fsprogs: security upgrade to 1.45.5

Leonardo Arena (5):
      main/xen: add secinfo
      main/msmtp: fix init script
      community/lxcfs: let lxc use lxcfs if installed
      community/pflogsumm: remove sysklogd dependency
      main/xen: add secinfo

Milan P. Stanić (6):
      main/haproxy: upgrade to 2.0.12
      main/linux-lts: upgrade to 5.4.7
      main/linux-lts: set UEVENT_HELPER_PATH for armv7
      main/linux-lts: upgrade to 5.4.8
      main/linux-lts: upgrade to 5.4.11
      main/linux-lts: upgrade to 5.4.12

Natanael Copa (34):
      community/chromium: upgrade to 79.0.3945.88
      community/chromium: fix build on armv7
      main/py3-django: security upgrade to 1.11.27 (CVE-2019-19844)
      main/openssl: fix CVE-2019-1551
      community/opensc: security upgrade to 0.20.0
      main/samba: backport fix for python 3.8
      main/hunspell: fix CVE-2019-16707
      community/jool-modules-lts: rebuild against kernel 5.4.8-r0
      community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.8-r0
      community/wireguard-lts: rebuild against kernel 5.4.8-r0
      main/drbd-lts: rebuild against kernel 5.4.8-r0
      main/xtables-addons-lts: rebuild against kernel 5.4.8-r0
      main/zfs-lts: rebuild against kernel 5.4.8-r0
      main/linux-rpi: upgrade to 5.4.7
      main/linux-rpi: upgrade to 5.4.8
      community/jool-modules-rpi: rebuild against kernel 5.4.8-r0
      community/wireguard-rpi: rebuild against kernel 5.4.8-r0
      main/libjpeg-turbo: security upgrade to 2.0.4 (CVE-2019-2201)
      main/kamailio: increase timout for stopping service
      main/busybox: enable FEATURE_NSLOOKUP_BIG
      main/linux-rpi: upgrade to 5.4.12
      community/wireguard-rpi: rebuild against kernel 5.4.12-r0
      community/jool-modules-rpi: rebuild against kernel 5.4.12-r0
      main/linux-lts: enable rtw88 driver for x86/x86_64
      main/linux-lts: enable serial_ir module
      community/jool-modules-lts: rebuild against kernel 5.4.12-r1
      community/virtualbox-guest-modules-lts: rebuild against kernel 5.4.12-r1
      community/wireguard-lts: rebuild against kernel 5.4.12-r1
      main/drbd-lts: rebuild against kernel 5.4.12-r1
      main/xtables-addons-lts: rebuild against kernel 5.4.12-r1
      main/zfs-lts: rebuild against kernel 5.4.12-r1
      main/nginx: fix CVE-2019-20372
      main/mkinitfs: upgrade to 3.4.5
      ==== release 3.11.3 ====

Rasmus Thomsen (18):
      community/py3-keepass: use Cryptodome instead of Crypto
      community/gnome-passwordsafe: use Cryptodome instead of Crypto
      community/accerciser: upgrade to 3.34.3
      community/mutter: upgrade to 3.34.3
      community/gnome-shell: upgrade to 3.34.3
      community/dconf-editor: upgrade to 3.34.3
      community/eog: upgrade to 3.34.2
      community/epiphany: upgrade to 3.34.3.1
      community/gnome-boxes: upgrade to 3.34.3
      community/seahorse: upgrade to 3.34.1
      community/gnome-contacts: upgrade to 3.34.1
      community/rhythmbox: upgrade to 3.4.4
      community/gnome-music: upgrade to 3.34.3
      community/gnome-initial-setup: upgrade to 3.34.3
      community/gnome-maps: upgrade to 3.34.3
      community/evolution-data-server: upgrade to 3.34.3
      community/evolution: upgrade to 3.34.3
      community/evolution-ews: upgrade to 3.34.3

Stefan Reiff (3):
      community/wireguard-rpi: enable for rpi4
      main/libvirt: qemu: Fix migration without parameters
      community/wireguard-(lts|rpi): upgrade to 0.0.20200105

Sören Tempel (1):
      main/ctags: enable tests on s390x again

William Johansson (1):
      main/grub: fix booting Xen under EFI

Download